七. 构建个性化Web应用
1. 通过用户登录,Web应用可以实现针对用户的个性化
2. MySQL SHA()函数会把一段文本加密为唯一的40字符编码。SHA()是一种单向加密,无法还原。SHA()代表安全散列算法(Secure Hash Algorithm)。
MySQL中有一个与SHA()相似的函数,名为MD5();PHP中也提供了等价的函数(sha1()和md5())
例:SHA('tatlover')='e511d793f532dbe0e0483538e11977f7b7c33b28'
3. 特定于浏览器的标准HTTP认证窗口,可以用作为一个简单的用户登录界面
4. HTTP认证将数据持久存储在客户端,但是工作结束时不允许你将其删除,即不支持注销5. Cookie允许将小段数据持久地存储在客户端,这些数据可以跨脚本存在,而且可以根据需要删除
cookie提供了我们需要的临时持久性
用PHP setcookie()函数可以在cookie中存储数据,$_COOKIE超级全局变量用于获取一个cookie的值
要删除一个cookie,只需将到期日期设置为过去的一个时间例:存储cookie值:setcookie('username','jarray',time()+(60 * 60 * 2)); // cookie总是作为文本存储,数字也会当作字符串
获取cookie值:$_COOKIE['username']
6. 会话允许将小段数据持久地存储在服务器上,而不依赖于客户端。所以这比存储在cookie中更安全,也更可靠;
会话变量没有相关的到期日期,因为会话结束时它们会被自动删除;
PHP session_start()函数开始一个会话;PHP session_destroy()函数结束一个会话;用$_SESSION超级变量设置信息;
session_start()函数不只是开始一个新会话,还可能进入一个现有的会话
例如:设置session变量:$_SESSION['username']='jarray';
清除当前会话中的所有会话变量:$_SESSION=array(); // 会话变量不会在会话销毁时自动删除,但浏览器关闭时会
如果服务器上php.ini文件中的session.use_trans_id设置为true,会话ID会被追加到每个页面URL的后面
7. 会话+cookie=更优秀的登陆持久性
1. 对数据库中的数据(表和列)以及所有其他相关对象和它们如何连接的描述称为一个模式
2. 外键是另一个表中的一列,它引用了另一个表的主键
3. 规范化是指设计数据库来减少重复数据,并改进数据之间的关系。规范化的好处是,数据库的规模和速度会得到改进
规范化数据库的三大步骤:确保列具有原子性;每个表有自己的主键;确保非键的列不相互依赖
4. 用USING重写ON可以得到基于一个共同列匹配的更为简洁的内联接查询
5. 代码示例:<!-- appvars.php -->
<?php
// Define application constants
define('MM_UPLOADPATH', 'images/');
define('MM_MAXFILESIZE', 32768); // 32 KB
define('MM_MAXIMGWIDTH', 120); // 120 pixels
define('MM_MAXIMGHEIGHT', 120); // 120 pixels
?>
<!-- connectvars.php -->
<?php
// Define database connection constants
define('DB_HOST', 'localhost');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_NAME', 'mismatchdb');
?>
<!-- editprofile.php -->
<?php
// Start the session
require_once('startsession.php');
// Insert the page header
$page_title = 'Edit Profile';
require_once('header.php');
require_once('appvars.php');
require_once('connectvars.php');
// Make sure the user is logged in before going any further.
if (!isset($_SESSION['user_id'])) {
echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';
exit();
}
// Show the navigation menu
require_once('navmenu.php');
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (isset($_POST['submit'])) {
// Grab the profile data from the POST
$first_name = mysqli_real_escape_string($dbc, trim($_POST['firstname']));
$last_name = mysqli_real_escape_string($dbc, trim($_POST['lastname']));
$gender = mysqli_real_escape_string($dbc, trim($_POST['gender']));
$birthdate = mysqli_real_escape_string($dbc, trim($_POST['birthdate']));
$city = mysqli_real_escape_string($dbc, trim($_POST['city']));
$state = mysqli_real_escape_string($dbc, trim($_POST['state']));
$old_picture = mysqli_real_escape_string($dbc, trim($_POST['old_picture']));
$new_picture = mysqli_real_escape_string($dbc, trim($_FILES['new_picture']['name']));
$new_picture_type = $_FILES['new_picture']['type'];
$new_picture_size = $_FILES['new_picture']['size'];
list($new_picture_width, $new_picture_height) = getimagesize($_FILES['new_picture']['tmp_name']);
$error = false;
// Validate and move the uploaded picture file, if necessary
if (!empty($new_picture)) {
if ((($new_picture_type == 'image/gif') || ($new_picture_type == 'image/jpeg') || ($new_picture_type == 'image/pjpeg') ||
($new_picture_type == 'image/png')) && ($new_picture_size > 0) && ($new_picture_size <= MM_MAXFILESIZE) &&
($new_picture_width <= MM_MAXIMGWIDTH) && ($new_picture_height <= MM_MAXIMGHEIGHT)) {
if ($_FILES['file']['error'] == 0) {
// Move the file to the target upload folder
$target = MM_UPLOADPATH . basename($new_picture);
if (move_uploaded_file($_FILES['new_picture']['tmp_name'], $target)) {
// The new picture file move was successful, now make sure any old picture is deleted
if (!empty($old_picture) && ($old_picture != $new_picture)) {
@unlink(MM_UPLOADPATH . $old_picture);
}
}
else {
// The new picture file move failed, so delete the temporary file and set the error flag
@unlink($_FILES['new_picture']['tmp_name']);
$error = true;
echo '<p class="error">Sorry, there was a problem uploading your picture.</p>';
}
}
}
else {
// The new picture file is not valid, so delete the temporary file and set the error flag
@unlink($_FILES['new_picture']['tmp_name']);
$error = true;
echo '<p class="error">Your picture must be a GIF, JPEG, or PNG image file no greater than ' . (MM_MAXFILESIZE / 1024) .
' KB and ' . MM_MAXIMGWIDTH . 'x' . MM_MAXIMGHEIGHT . ' pixels in size.</p>';
}
}
// Update the profile data in the database
if (!$error) {
if (!empty($first_name) && !empty($last_name) && !empty($gender) && !empty($birthdate) && !empty($city) && !empty($state)) {
// Only set the picture column if there is a new picture
if (!empty($new_picture)) {
$query = "UPDATE mismatch_user SET first_name = '$first_name', last_name = '$last_name', gender = '$gender', " .
" birthdate = '$birthdate', city = '$city', state = '$state', picture = '$new_picture' WHERE user_id = '" . $_SESSION['user_id'] . "'";
}
else {
$query = "UPDATE mismatch_user SET first_name = '$first_name', last_name = '$last_name', gender = '$gender', " .
" birthdate = '$birthdate', city = '$city', state = '$state' WHERE user_id = '" . $_SESSION['user_id'] . "'";
}
mysqli_query($dbc, $query);
// Confirm success with the user
echo '<p>Your profile has been successfully updated. Would you like to <a href="viewprofile.php">view your profile</a>?</p>';
mysqli_close($dbc);
exit();
}
else {
echo '<p class="error">You must enter all of the profile data (the picture is optional).</p>';
}
}
} // End of check for form submission
else {
// Grab the profile data from the database
$query = "SELECT first_name, last_name, gender, birthdate, city, state, picture FROM mismatch_user WHERE user_id = '" . $_SESSION['user_id'] . "'";
$data = mysqli_query($dbc, $query);
$row = mysqli_fetch_array($data);
if ($row != NULL) {
$first_name = $row['first_name'];
$last_name = $row['last_name'];
$gender = $row['gender'];
$birthdate = $row['birthdate'];
$city = $row['city'];
$state = $row['state'];
$old_picture = $row['picture'];
}
else {
echo '<p class="error">There was a problem accessing your profile.</p>';
}
}
mysqli_close($dbc);
?>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MM_MAXFILESIZE; ?>" />
<fieldset>
<legend>Personal Information</legend>
<label for="firstname">First name:</label>
<input type="text" id="firstname" name="firstname" value="<?php if (!empty($first_name)) echo $first_name; ?>" /><br />
<label for="lastname">Last name:</label>
<input type="text" id="lastname" name="lastname" value="<?php if (!empty($last_name)) echo $last_name; ?>" /><br />
<label for="gender">Gender:</label>
<select id="gender" name="gender">
<option value="M" <?php if (!empty($gender) && $gender == 'M') echo 'selected = "selected"'; ?>>Male</option>
<option value="F" <?php if (!empty($gender) && $gender == 'F') echo 'selected = "selected"'; ?>>Female</option>
</select><br />
<label for="birthdate">Birthdate:</label>
<input type="text" id="birthdate" name="birthdate" value="<?php if (!empty($birthdate)) echo $birthdate; else echo 'YYYY-MM-DD'; ?>" /><br />
<label for="city">City:</label>
<input type="text" id="city" name="city" value="<?php if (!empty($city)) echo $city; ?>" /><br />
<label for="state">State:</label>
<input type="text" id="state" name="state" value="<?php if (!empty($state)) echo $state; ?>" /><br />
<input type="hidden" name="old_picture" value="<?php if (!empty($old_picture)) echo $old_picture; ?>" />
<label for="new_picture">Picture:</label>
<input type="file" id="new_picture" name="new_picture" />
<?php if (!empty($old_picture)) {
echo '<img class="profile" src="' . MM_UPLOADPATH . $old_picture . '" alt="Profile Picture" />';
} ?>
</fieldset>
<input type="submit" value="Save Profile" name="submit" />
</form>
<?php
// Insert the page footer
require_once('footer.php');
?>
<!-- footer.php -->
<hr />
<p class="footer">Copyright ©2008 Mismatch Enterprises, Inc.</p>
</body>
</html>
<!-- header.php -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php
echo '<title>Mismatch - ' . $page_title . '</title>';
?>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<?php
echo '<h3>Mismatch - ' . $page_title . '</h3>';
?>
<!-- index.php -->
<?php
// Start the session
require_once('startsession.php');
// Insert the page header
$page_title = 'Where opposites attract!';
require_once('header.php');
require_once('appvars.php');
require_once('connectvars.php');
// Show the navigation menu
require_once('navmenu.php');
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Retrieve the user data from MySQL
$query = "SELECT user_id, first_name, picture FROM mismatch_user WHERE first_name IS NOT NULL ORDER BY join_date DESC LIMIT 5";
$data = mysqli_query($dbc, $query);
// Loop through the array of user data, formatting it as HTML
echo '<h4>Latest members:</h4>';
echo '<table>';
while ($row = mysqli_fetch_array($data)) {
if (is_file(MM_UPLOADPATH . $row['picture']) && filesize(MM_UPLOADPATH . $row['picture']) > 0) {
echo '<tr><td><img src="' . MM_UPLOADPATH . $row['picture'] . '" alt="' . $row['first_name'] . '" /></td>';
}
else {
echo '<tr><td><img src="' . MM_UPLOADPATH . 'nopic.jpg' . '" alt="' . $row['first_name'] . '" /></td>';
}
if (isset($_SESSION['user_id'])) {
echo '<td><a href="viewprofile.php?user_id=' . $row['user_id'] . '">' . $row['first_name'] . '</a></td></tr>';
}
else {
echo '<td>' . $row['first_name'] . '</td></tr>';
}
}
echo '</table>';
mysqli_close($dbc);
?>
<?php
// Insert the page footer
require_once('footer.php');
?>
<!-- login.php -->
<?php
require_once('connectvars.php');
// Start the session
session_start();
// Clear the error message
$error_msg = "";
// If the user isn't logged in, try to log them in
if (!isset($_SESSION['user_id'])) {
if (isset($_POST['submit'])) {
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the user-entered log-in data
$user_username = mysqli_real_escape_string($dbc, trim($_POST['username']));
$user_password = mysqli_real_escape_string($dbc, trim($_POST['password']));
if (!empty($user_username) && !empty($user_password)) {
// Look up the username and password in the database
$query = "SELECT user_id, username FROM mismatch_user WHERE username = '$user_username' AND password = SHA('$user_password')";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page
$row = mysqli_fetch_array($data);
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['username'] = $row['username'];
setcookie('user_id', $row['user_id'], time() + (60 * 60 * 24 * 30)); // expires in 30 days
setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30)); // expires in 30 days
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
header('Location: ' . $home_url);
}
else {
// The username/password are incorrect so set an error message
$error_msg = 'Sorry, you must enter a valid username and password to log in.';
}
}
else {
// The username/password weren't entered so set an error message
$error_msg = 'Sorry, you must enter your username and password to log in.';
}
}
}
// Insert the page header
$page_title = 'Log In';
require_once('header.php');
// If the session var is empty, show any error message and the log-in form; otherwise confirm the log-in
if (empty($_SESSION['user_id'])) {
echo '<p class="error">' . $error_msg . '</p>';
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<fieldset>
<legend>Log In</legend>
<label for="username">Username:</label>
<input type="text" name="username" value="<?php if (!empty($user_username)) echo $user_username; ?>" /><br />
<label for="password">Password:</label>
<input type="password" name="password" />
</fieldset>
<input type="submit" value="Log In" name="submit" />
</form>
<?php
}
else {
// Confirm the successful log-in
echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '.</p>');
}
?>
<?php
// Insert the page footer
require_once('footer.php');
?>
<!-- logout.php -->
<?php
// If the user is logged in, delete the session vars to log them out
session_start();
if (isset($_SESSION['user_id'])) {
// Delete the session vars by clearing the $_SESSION array
$_SESSION = array();
// Delete the session cookie by setting its expiration to an hour ago (3600)
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 3600);
}
// Destroy the session
session_destroy();
}
// Delete the user ID and username cookies by setting their expirations to an hour ago (3600)
setcookie('user_id', '', time() - 3600);
setcookie('username', '', time() - 3600);
// Redirect to the home page
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
header('Location: ' . $home_url);
?>
<!-- mymismatch.php -->
<?php
// Start the session
require_once('startsession.php');
// Insert the page header
$page_title = 'My Mismatch';
require_once('header.php');
require_once('appvars.php');
require_once('connectvars.php');
// Make sure the user is logged in before going any further.
if (!isset($_SESSION['user_id'])) {
echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';
exit();
}
// Show the navigation menu
require_once('navmenu.php');
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Only look for a mismatch if the user has questionnaire responses stored
$query = "SELECT * FROM mismatch_response WHERE user_id = '" . $_SESSION['user_id'] . "'";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) != 0) {
// First grab the user's responses from the response table (JOIN to get the topic name)
$query = "SELECT mr.response_id, mr.topic_id, mr.response, mt.name AS topic_name " .
"FROM mismatch_response AS mr " .
"INNER JOIN mismatch_topic AS mt USING (topic_id) " .
"WHERE mr.user_id = '" . $_SESSION['user_id'] . "'";
$data = mysqli_query($dbc, $query);
$user_responses = array();
while ($row = mysqli_fetch_array($data)) {
array_push($user_responses, $row);
}
// Initialize the mismatch search results
$mismatch_score = 0;
$mismatch_user_id = -1;
$mismatch_topics = array();
// Loop through the user table comparing other people's responses to the user's responses
$query = "SELECT user_id FROM mismatch_user WHERE user_id != '" . $_SESSION['user_id'] . "'";
$data = mysqli_query($dbc, $query);
while ($row = mysqli_fetch_array($data)) {
// Grab the response data for the user (a potential mismatch)
$query2 = "SELECT response_id, topic_id, response FROM mismatch_response WHERE user_id = '" . $row['user_id'] . "'";
$data2 = mysqli_query($dbc, $query2);
$mismatch_responses = array();
while ($row2 = mysqli_fetch_array($data2)) {
array_push($mismatch_responses, $row2);
}
// Compare each response and calculate a mismatch total
$score = 0;
$topics = array();
for ($i = 0; $i < count($user_responses); $i++) {
if ($user_responses[$i]['response'] + $mismatch_responses[$i]['response'] == 3) {
$score += 1;
array_push($topics, $user_responses[$i]['topic_name']);
}
}
// Check to see if this person is better than the best mismatch so far
if ($score > $mismatch_score) {
// We found a better mismatch, so update the mismatch search results
$mismatch_score = $score;
$mismatch_user_id = $row['user_id'];
$mismatch_topics = array_slice($topics, 0);
}
}
// Make sure a mismatch was found
if ($mismatch_user_id != -1) {
$query = "SELECT username, first_name, last_name, city, state, picture FROM mismatch_user WHERE user_id = '$mismatch_user_id'";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row for the mismatch was found, so display the user data
$row = mysqli_fetch_array($data);
echo '<table><tr><td class="label">';
if (!empty($row['first_name']) && !empty($row['last_name'])) {
echo $row['first_name'] . ' ' . $row['last_name'] . '<br />';
}
if (!empty($row['city']) && !empty($row['state'])) {
echo $row['city'] . ', ' . $row['state'] . '<br />';
}
echo '</td><td>';
if (!empty($row['picture'])) {
echo '<img src="' . MM_UPLOADPATH . $row['picture'] . '" alt="Profile Picture" /><br />';
}
echo '</td></tr></table>';
// Display the mismatched topics
echo '<h4>You are mismatched on the following ' . count($mismatch_topics) . ' topics:</h4>';
foreach ($mismatch_topics as $topic) {
echo $topic . '<br />';
}
// Display a link to the mismatch user's profile
echo '<h4>View <a href=viewprofile.php?user_id=' . $mismatch_user_id . '>' . $row['first_name'] . '\'s profile</a>.</h4>';
}
}
}
else {
echo '<p>You must first <a href="questionnaire.php">answer the questionnaire</a> before you can be mismatched.</p>';
}
mysqli_close($dbc);
// Insert the page footer
require_once('footer.php');
?>
<!-- navmenu.php -->
<?php
// Generate the navigation menu
echo '<hr />';
if (isset($_SESSION['username'])) {
echo '<a href="index.php">Home</a> ❤ ';
echo '<a href="viewprofile.php">View Profile</a> ❤ ';
echo '<a href="editprofile.php">Edit Profile</a> ❤ ';
echo '<a href="questionnaire.php">Questionnaire</a> ❤ ';
echo '<a href="mymismatch.php">My Mismatch</a> ❤ ';
echo '<a href="logout.php">Log Out (' . $_SESSION['username'] . ')</a>';
}
else {
echo '<a href="login.php">Log In</a> ❤ ';
echo '<a href="signup.php">Sign Up</a>';
}
echo '<hr />';
?>
<!-- questionnaire.php -->
<?php
// Start the session
require_once('startsession.php');
// Insert the page header
$page_title = 'Questionnaire';
require_once('header.php');
require_once('appvars.php');
require_once('connectvars.php');
// Make sure the user is logged in before going any further.
if (!isset($_SESSION['user_id'])) {
echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';
exit();
}
// Show the navigation menu
require_once('navmenu.php');
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// If this user has never answered the questionnaire, insert empty responses into the database
$query = "SELECT * FROM mismatch_response WHERE user_id = '" . $_SESSION['user_id'] . "'";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 0) {
// First grab the list of topic IDs from the topic table
$query = "SELECT topic_id FROM mismatch_topic ORDER BY category_id, topic_id";
$data = mysqli_query($dbc, $query);
$topicIDs = array();
while ($row = mysqli_fetch_array($data)) {
array_push($topicIDs, $row['topic_id']);
}
// Insert empty response rows into the response table, one per topic
foreach ($topicIDs as $topic_id) {
$query = "INSERT INTO mismatch_response (user_id, topic_id) VALUES ('" . $_SESSION['user_id']. "', '$topic_id')";
mysqli_query($dbc, $query);
}
}
// If the questionnaire form has been submitted, write the form responses to the database
if (isset($_POST['submit'])) {
// Write the questionnaire response rows to the response table
foreach ($_POST as $response_id => $response) {
$query = "UPDATE mismatch_response SET response = '$response' WHERE response_id = '$response_id'";
mysqli_query($dbc, $query);
}
echo '<p>Your responses have been saved.</p>';
}
// Grab the response data from the database to generate the form
$query = "SELECT mr.response_id, mr.topic_id, mr.response, mt.name AS topic_name, mc.name AS category_name " .
"FROM mismatch_response AS mr " .
"INNER JOIN mismatch_topic AS mt USING (topic_id) " .
"INNER JOIN mismatch_category AS mc USING (category_id) " .
"WHERE mr.user_id = '" . $_SESSION['user_id'] . "'";
$data = mysqli_query($dbc, $query);
$responses = array();
while ($row = mysqli_fetch_array($data)) {
array_push($responses, $row);
}
mysqli_close($dbc);
// Generate the questionnaire form by looping through the response array
echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
echo '<p>How do you feel about each topic?</p>';
$category = $responses[0]['category_name'];
echo '<fieldset><legend>' . $responses[0]['category_name'] . '</legend>';
foreach ($responses as $response) {
// Only start a new fieldset if the category has changed
if ($category != $response['category_name']) {
$category = $response['category_name'];
echo '</fieldset><fieldset><legend>' . $response['category_name'] . '</legend>';
}
// Display the topic form field
echo '<label ' . ($response['response'] == NULL ? 'class="error"' : '') . ' for="' . $response['response_id'] . '">' . $response['topic_name'] . ':</label>';
echo '<input type="radio" id="' . $response['response_id'] . '" name="' . $response['response_id'] . '" value="1" ' . ($response['response'] == 1 ? 'checked="checked"' : '') . ' />Love ';
echo '<input type="radio" id="' . $response['response_id'] . '" name="' . $response['response_id'] . '" value="2" ' . ($response['response'] == 2 ? 'checked="checked"' : '') . ' />Hate<br />';
}
echo '</fieldset>';
echo '<input type="submit" value="Save Questionnaire" name="submit" />';
echo '</form>';
// Insert the page footer
require_once('footer.php');
?>
<!-- signup.php -->
<?php
// Insert the page header
$page_title = 'Sign Up';
require_once('header.php');
require_once('appvars.php');
require_once('connectvars.php');
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (isset($_POST['submit'])) {
// Grab the profile data from the POST
$username = mysqli_real_escape_string($dbc, trim($_POST['username']));
$password1 = mysqli_real_escape_string($dbc, trim($_POST['password1']));
$password2 = mysqli_real_escape_string($dbc, trim($_POST['password2']));
if (!empty($username) && !empty($password1) && !empty($password2) && ($password1 == $password2)) {
// Make sure someone isn't already registered using this username
$query = "SELECT * FROM mismatch_user WHERE username = '$username'";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 0) {
// The username is unique, so insert the data into the database
$query = "INSERT INTO mismatch_user (username, password, join_date) VALUES ('$username', SHA('$password1'), NOW())";
mysqli_query($dbc, $query);
// Confirm success with the user
echo '<p>Your new account has been successfully created. You\'re now ready to <a href="login.php">log in</a>.</p>';
mysqli_close($dbc);
exit();
}
else {
// An account already exists for this username, so display an error message
echo '<p class="error">An account already exists for this username. Please use a different address.</p>';
$username = "";
}
}
else {
echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>';
}
}
mysqli_close($dbc);
?>
<p>Please enter your username and desired password to sign up to Mismatch.</p>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<fieldset>
<legend>Registration Info</legend>
<label for="username">Username:</label>
<input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br />
<label for="password1">Password:</label>
<input type="password" id="password1" name="password1" /><br />
<label for="password2">Password (retype):</label>
<input type="password" id="password2" name="password2" /><br />
</fieldset>
<input type="submit" value="Sign Up" name="submit" />
</form>
<?php
// Insert the page footer
require_once('footer.php');
?>
<!-- startsession.php -->
<?php
session_start();
// If the session vars aren't set, try to set them with a cookie
if (!isset($_SESSION['user_id'])) {
if (isset($_COOKIE['user_id']) && isset($_COOKIE['username'])) {
$_SESSION['user_id'] = $_COOKIE['user_id'];
$_SESSION['username'] = $_COOKIE['username'];
}
}
?>
/* style.css */
.footer {
text-align: center;
font-size: 80%;
}
.error {
font-weight: bold;
color: #FF0000;
}
.login {
font-style: italic;
}
form label {
display: inline-block;
width: 150px;
font-weight: bold;
}
td.label {
font-weight: bold;
}
img.profile {
vertical-align: top;
}
<!-- viewprofile.php -->
<?php
// Start the session
require_once('startsession.php');
// Insert the page header
$page_title = 'View Profile';
require_once('header.php');
require_once('appvars.php');
require_once('connectvars.php');
// Make sure the user is logged in before going any further.
if (!isset($_SESSION['user_id'])) {
echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';
exit();
}
// Show the navigation menu
require_once('navmenu.php');
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the profile data from the database
if (!isset($_GET['user_id'])) {
$query = "SELECT username, first_name, last_name, gender, birthdate, city, state, picture FROM mismatch_user WHERE user_id = '" . $_SESSION['user_id'] . "'";
}
else {
$query = "SELECT username, first_name, last_name, gender, birthdate, city, state, picture FROM mismatch_user WHERE user_id = '" . $_GET['user_id'] . "'";
}
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
echo '<table>';
if (!empty($row['username'])) {
echo '<tr><td class="label">Username:</td><td>' . $row['username'] . '</td></tr>';
}
if (!empty($row['first_name'])) {
echo '<tr><td class="label">First name:</td><td>' . $row['first_name'] . '</td></tr>';
}
if (!empty($row['last_name'])) {
echo '<tr><td class="label">Last name:</td><td>' . $row['last_name'] . '</td></tr>';
}
if (!empty($row['gender'])) {
echo '<tr><td class="label">Gender:</td><td>';
if ($row['gender'] == 'M') {
echo 'Male';
}
else if ($row['gender'] == 'F') {
echo 'Female';
}
else {
echo '?';
}
echo '</td></tr>';
}
if (!empty($row['birthdate'])) {
if (!isset($_GET['user_id']) || ($_SESSION['user_id'] == $_GET['user_id'])) {
// Show the user their own birthdate
echo '<tr><td class="label">Birthdate:</td><td>' . $row['birthdate'] . '</td></tr>';
}
else {
// Show only the birth year for everyone else
list($year, $month, $day) = explode('-', $row['birthdate']);
echo '<tr><td class="label">Year born:</td><td>' . $year . '</td></tr>';
}
}
if (!empty($row['city']) || !empty($row['state'])) {
echo '<tr><td class="label">Location:</td><td>' . $row['city'] . ', ' . $row['state'] . '</td></tr>';
}
if (!empty($row['picture'])) {
echo '<tr><td class="label">Picture:</td><td><img src="' . MM_UPLOADPATH . $row['picture'] .
'" alt="Profile Picture" /></td></tr>';
}
echo '</table>';
if (!isset($_GET['user_id']) || ($_SESSION['user_id'] == $_GET['user_id'])) {
echo '<p>Would you like to <a href="editprofile.php">edit your profile</a>?</p>';
}
} // End of check for a single row of user results
else {
echo '<p class="error">There was a problem accessing your profile.</p>';
}
mysqli_close($dbc);
?>
<?php
// Insert the page footer
require_once('footer.php');
?>