php原生开发系统留言板(含发送邮件功能)

说明

php版本5.6.27
mysql版本5.5.53
所用技术：原生php、mysqli、phpMailer、html、css、js
功能：注册，登录，发送邮件设置新密码，留言，查看留言，留言的增删改查，分页

---

线上留言板展示

---

注册

数据库表的设计：

<?php
//引入数据库连接文件
require_once 'connect.php'; 

//接收表单数据
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$email = trim($_POST['email']);

//后台强校验
if(empty($username) || empty($password) || empty($email))
{
	echo "<script>alert('请填写必填项！');history.back()</script>";
	die;
}

//判断账号是否含有汉字
if(preg_match('/[\x{4e00}-\x{9fa5}]/u', $username)>0)
{
  echo "<script>alert('输入的数据不能含有汉字！');history.back()</script>";
  die;
}

//判断是否含有非法字符
if(preg_match("/[\'.,:;*?~`!@#$%^&+=)(<>{}]|\]|\[|\/|\\\|\"|\|/",$username) || preg_match("/[\'.,:;*?~`!@#$%^&+=)(<>{}]|\]|\[|\/|\\\|\"|\|/",$password))
{
  echo "<script>alert('含有非法字符！');history.back()</script>";
  die;
}

//判断账号或密码是否超过限制长度（16位）
$len_user = strlen($username);
$len_pwd = strlen($password);
if($len_user>16 || $len_pwd>16)
{
  echo "<script>alert('账号或密码最多16位！');history.back()</script>";
  die;
}
 
//判断账号是否已经存在
$check = "select id from user where username = '".$username."'";
$check_result = mysqli_query($conn,$check);
$count = mysqli_num_rows($check_result);
if($count > 0)
{
  echo "<script>alert('账号已存在，请重新设置账号');history.back()</script>";
  die;
}

//插入数据库
$sql = "insert into user(username,password,email,time) values('".$username."','".md5($password)."','".$email."',NOW())";
$result = mysqli_query($conn,$sql) or die('SQL错误，错误信息：'.mysqli_error($conn));

//判断
if($sql)
{
    echo "<script>alert('注册成功');window.location.href='../index.php';</script>";
}
else
{
    echo "<script>alert('注册失败');history.back()</script>";
}
?>

忘记密码

<?php
	require_once 'QQMailer.php';
	require_once 'php/connect.php';

	// 实例化 QQMailer
	$mailer = new QQMailer(true);

	//接收表单数据
	$username = trim($_POST['username']);

	//获取邮箱地址
	$email = "select email from user where username = '".$username."'";
	$result = mysqli_query($conn,$email);
	$res = mysqli_fetch_assoc($result);

	//获取id
	$id = "select id from user where username = '".$username."'";
	$result_id = mysqli_query($conn,$id);
	$res_id = mysqli_fetch_assoc($result_id);

	//邮件标题
	$title = '留言板密码修改';
	// 邮件内容
	$content = "
		请点击&nbsp;<a href=http://localhost/liuyan_new/SetNewPwd.php?id='".$res_id['id']."'>链接</a>&nbsp;跳转至更改密码页面。
	";
	// 发送QQ邮件
	if($mailer->send($res['email'], $title, $content))
	{
		echo "<script>alert('邮件发送成功，注意查收');history.back()</script>";die;
	}
	else
	{
		echo "<script>alert('邮件发送失败');history.back()</script>";die;
	}

留言过滤html css js（防XSS攻击）

创建公共文件，加入函数：

function check($str)
 {
 	$farr = array(
 		"@<script(.*?)</script>@is",
 		"@<iframe(.*?)</iframe>@is",
 		"@<style(.*?)</style>@is",
 		"@<(.*?)>@is"
 	);
	$str = preg_replace( $farr, "", $str ); 
    return $str;
 }

防sql注入（判断传入参数是否为证整数）

function check_param($value=null) 
{ 
    if(preg_match("/^[1-9][0-9]*$/",$value))
    {
      return true;
    }
    else
    {
       return false;
    }
}