引言:我的系列博客[网络安全学习篇]上线了,小编也是初次创作博客,经验不足;对千峰网络信息安全开源的视频公开课程的学习整理的笔记整理的也比较粗糙,其实看到目录有300多集的时候,讲道理,有点怂了,所以我就想到了通过写博客(课程笔记)的形式去学习它,虽然写博客会让我多花几倍的时间去学习它,但是当我完成一篇博客所获得的成就感和你们对于我的认同感,让我很满足,能够鼓励我一天天的坚持下去,也希望和我一起学习本期视频的"同道"们也能给一直坚持下去。我们大家一起加油。由于作者本身也是网络信息安全小白,大部分知识点都是初次接触,出现对其理解不深入,不完整,甚至也会出现错误有问题的地方,希望大家谅解、留言提出指正,同时也欢迎大家来找我一起交流学习!!!
往期博客:
[网络安全学习篇42]:靶场环境搭建(ubuntu系统安装优化及vulhub安装)
[网络安全学习篇43]:PHP基础+变量 运算符 流程控制语句
[网络安全学习篇46]:PHP COOKIE 和 SESSION
[网络安全学习篇47]:PHP与Mysql交互 注册功能实现 PHP个人中心 留言实现
目录
刹那芳华BBS论坛
源码我以上传至网盘:
PHP源码文件资源 提取码:iz1c
创建数据库
进入我们phpstudy自带的MySQL数据库
创建成功
创建第二张表用于存放用户发表的信息
创建成功
测试:
进入论坛首页
点击进入会员中心
进行注册
填写信息,点击注册
点击修改头像
选择图片,提交
返回个人中心,头像修改成功
返回论坛首页,留言
在论坛首页生成信息,点击标题即可查看
回到个人中心,点击注销
注销成功
这里选择登录
登录成功
重新注册一个test用户,登录,看到了GGG用户的留言
测试成功
文件目录结构
源码:
cnfhbbs/index.php 论坛首页
<?php
include "./inc/dblink.inc.php";
?>
<html>
<head>
<meta charset="utf-8">
<title>首页--刹那芳华</title>
</head>
<body>
<h1>刹那芳华BBS 论坛</h1>
<?php
if(isset($_COOKIE['name'])){
echo "欢迎您,<a href='./member/'>".$_COOKIE['name']."</a>";
}else{
echo "<a href='./member'>会员中心</a>";
}
echo "| <a href='./addCont.php'>欢迎留言</a>";
echo "<hr />";
$sql="select * from messages";
if($results=mysqli_query($link,$sql)){
if(mysqli_num_rows($results)>0){
echo "<table border = 2>";
echo "<tr><td>ID</td><td>TITLE</td><td>AUTHOR</td></tr>";
while($result=mysqli_fetch_assoc($results)){
//var_dump($result);
echo "<tr><td>{$result['id']}</td><td><a href='showmsg.php?id=
{$result['id']}' target='_blank'>
{$result['title']}</a></td><td>{$result['uname']}</td></tr>";
}
echo "</table>";
}else{
echo "暂无留言内容";
}
}else{
echo mysqli_error($link);
}
?>
</body>
</html>
<?php
mysqli_close($link);
?>
cnfhbbs/addCont.php 论坛提交留言
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<h1><a href='./index.php'>刹那芳华BBS 论坛</a></h1>
<?php
include "./inc/dblink.inc.php";
?>
<?php
if(isset($_COOKIE['name'])){
$html =<<<HTML
<form
method="post"
>
标题:<input type="text" name="userTitle"><br />
内容:<br />
<textarea name="userCont"></textarea>
<input type="submit" name="userSubmit" value="提交">
</form>
HTML;
echo $html."<br />";
if(isset($_POST['userSubmit']) && isset($_POST['userTitle'])){
$userName=$_COOKIE['name'];
$title = mysqli_real_escape_string($link,$_POST['userTitle']);
$cont = mysqli_real_escape_string($link,$_POST['userCont']);
$sql = "INSERT INTO `messages`(`uname`, `title`, `content`) VALUES ('".$userName."',
'".$title."','".$cont."')";
if($results = mysqli_query($link,$sql)){
echo "留言成功,<a href='./'>返回首页</a>";
}else{
mysqli_close($link);
}
}else{
echo "请提交";
}
}else{
echo "您还未登录,<a href='./member/'>请返回个人中心</a>";
}
?>
<?php
mysqli_close($link);
?>
</body>
</html>
cnfhbbs/showmsg.php 查看论坛留言
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<h1><a href='./index.php'>刹那芳华BBS 论坛</a></h1>
<?php
include "./inc/dblink.inc.php";
if(isset($_GET['id'])){
$id = $_GET['id'];
$sql = "select * from messages where id =".$id;
//echo $sql;
if($results = mysqli_query($link,$sql)){
$result=mysqli_fetch_assoc($results);
echo $result['uname'].":".$result['title']."<hr />";
echo $result['content'];
}else{
echo mysqli_error($link);
}
}else{
echo "id Error!";
}
mysqli_close($link);
?>
</body>
</html>
cnfhbbs/inc/dblink.inc.php 连接数据库
<?php
$dbHost="127.0.0.1";
$dbUser="root";
$dbPass="root";
$dbName="cnfh";
if(!$link=mysqli_connect($dbHost,$dbUser,$dbPass,$dbName)){
die(mysqli_connect_error());
}
mysqli_set_charset($link,"utf-8");
?>
cnfhbbs/member/index.php 论坛个人中心首页
<?php
include "../inc/dblink.inc.php";
?>
<html>
<head>
<meta charset="utf-8">
<title>首页--个人中心</title>
</head>
<body>
<h1><a href="../index.php">刹那芳华BBS 论坛</a></h1>
<?php
if(isset($_COOKIE['name'])){
$userName = $_COOKIE['name'];
$sql = "select * from users where name='".$userName."'";
//echo $sql;
if($results = mysqli_query($link,$sql)){
//echo mysqli_num_rows($results);
if(mysqli_num_rows($results)>0){
$result = mysqli_fetch_assoc($results);
echo "<hr />";
echo "欢迎您,".$result['name']."<a href='./logout.php'>注销</a>";
echo "<hr />";
echo "您的头像是<img src='".$result['photo']."'>";
echo "<a href='./update.php'>修改头像</a>";
echo "<hr />";
echo "账户余额:".$result['money']."<span style='color:red;'>请联系管理员</span>";
}else{
setcookie('name',$_COOKIE['name'],time()-3600,'/PHP/cnfhbbs');
die("该用户不存在,<a
href='./register.php'>请注册</a>或者<a
href='../index.php'>返回首页</a>");
}
}else{
die(mysqli_error($link));
}
}else{
echo "<a href='./register.php'>注册</a>";
echo "<br />";
echo "<a href='./login.php'>登录</a>";
}
?>
<?php
mysqli_close($link);
?>
</body>
</html>
cnfhbbs/member/addUser.php 向数据库中添加新用户
<meta charset="utf-8">
<?php
include "../inc/dblink.inc.php";
?>
<?php
//var_dump($_POST);
//echo "<hr />";
if(isset($_POST['userSubmit'])){
$userName=$_POST['userName'];
$userPass1=$_POST['userPass1'];
$userPass2=$_POST['userPass2'];
if(
isset($userName) &&
isset($userPass1) &&
isset($userPass2) &&
$userPass1 === $userPass2
){
$sql = "insert into users(name,password)
values('".$userName."','".md5($userPass1)."')";
//echo $sql;
if(!mysqli_query($link,$sql)){
die("sql语句有误");
}else{
echo "注册成功,<a
href='./index.php'>返回个人中心";
setcookie("name",$userName,time()+3600,'/');
}
}else{
echo "注册信息有误,<a
href='./register.php'>请重新注册</a>";
}
}else{
header("Location:./register.php");//重定向
}
?>
<?php
mysqli_close($link);
?>
cnfhbbs/member/login.php 用户登录页面
<meta charset="utf-8">
<?php
include "../inc/dblink.inc.php";
?>
<?php
if(isset($_POST['userSubmit'])){
$userName=$_POST['userName'];
$userPass=$_POST['userPass'];
$sql = "select * from users where name='".$userName."'
and password='".md5($userPass)."'";
if($results=mysqli_query($link,$sql)){
if(mysqli_num_rows($results)>0){
setcookie('name',$userName,time()+3600*24,'/');
echo "登录成功,<a href='./index.php'>返回个人中心</a>";
}else{
echo "用户名或密码错误,<a href='./login.php'>请重新登录</a>";
}
}else{
die(mysqli_error($link));
}
}else{
$html=<<<HTML
<form
method="POST"
>
用户名:<input type="text" name="userName"><br />
密码:<input type="password" name="userPass"><br />
<input type="submit" name="userSubmit" value="登录">
</form>
HTML;
echo $html;
}
?>
<?php
mysqli_close($link);
?>
cnfhbbs/member/logout.php 用户注销
<meta charset="utf-8">
<?php
if(setcookie('name',$_COOKIE['name'],time()-3600,'/')){
echo "Logout!<a href='./index.php'>返回个人中心</a>";
}else{
die("Error!");
}
?>
cnfhbbs/member/register 用户注册
<html>
<head>
<meta charset="utf-8">
<title>注册--刹那芳华</title>
</head>
<body>
<h1>刹那芳华BBS 论坛</h1>
<form
action="./addUser.php"
method="POST"
>
用户名:<input id="user" type="text" name="userName"><br />
密码:<input id="pas1" type="password" name="userPass1"><br />
确认密码:<input id="pas2" type="password" name="userPass2"><br />
<script>
function fm(){
var ps1=document.getElementById('pas1');
var ps2=document.getElementById('pas2');
if(ps1.value != ps2.value){
alert("两次密码输入不一致,请重新输入");
ps1.value="";
ps2.value="";
}
}
</script>
<input type="submit" onmouseover="fm()" name="userSubmit" value="注册">
</form>
<hr />
</body>
</html>
cnfhbbs/member/update.php
<meta charset="utf-8">
<?php
include "../inc/dblink.inc.php";
?>
<?php
if(isset($_POST['userSubmit'])){
$userName = $_COOKIE['name'];
$tmp_path = $_FILES['up']['tmp_name'];
//echo $tmp_path;
$path = ".\\image\\".$_FILES['up']['name'];
//echo $path;
//echo "<hr />";
if(move_uploaded_file($tmp_path,$path)){
$path = mysqli_real_escape_string($link,$path);
$sql = "update users set photo='".$path."' where name='".$userName."'";
//echo $sql;
if(mysqli_query($link,$sql)){
echo "图片上传成功,<a
href='./index.php'>返回个人中心</a>";
}else{
die(mysqli_error($link));
}
}else{
echo "图片上传失败!";
}
}else{
$html=<<<HTML
<form
method="POST";
enctype="multipart/form-data"
>
<input type="file" name="up"><br />
<input type="submit" name="userSubmit" value="提交">
</form>
HTML;
echo $html;
}
?>
<?php
mysqli_close($link);
?>
参考文献: