学习PHP也一个多月了,PHP100的视频教程看到了60课。做了几个小型企业的项目,终于接到一个商城的项目。准备用这个项目练练手,毕竟从来没写过这个规模的网站。商城还没写完,接下来我会在回帖中不断更新自己的代码。把这个源码分享给大家,希望可以有一些帮助。
也是为了得到各位的指导和点评,以便让我能够写出一个规范和尽量完美的商城。---CONN.PHP
<?php
$mysql_server_name='localhost';
//改成自己的mysql数据库服务器
$mysql_username='root';
//改成自己的mysql数据库用户名
$mysql_password='';
//改成自己的mysql数据库密码
$mysql_database='Data';
//改成自己的mysql数据库名
$conn=@ mysql_connect($mysql_server_name,$mysql_username,$mysql_password,'') or die("链接错误");
mysql_select_db($mysql_database,$conn);
?>
---register.php
<?php
session_start();
include("conn.php");
include("head.php");
/******************************************************************************参数说明:
$max_file_size : 上传文件大小限制, 单位BYTE
$destination_folder : 上传文件路径
$water : 是否附加水印(1为加水印,其他为不加水印);使用说明:
1. 将PHP.INI文件里面的"extension=php_gd2.dll"一行前面的;号去掉,因为我们要用到GD库;
2. 将extension_dir =改为你的php_gd2.dll所在目录;
******************************************************************************///上传文件类型列表
$uptypes=array(
'image/jpg',
'image/jpeg',
'image/png',
'image/pjpeg',
'image/gif',
'image/bmp',
'image/x-png'
);$max_file_size=2000000; //上传文件大小限制, 单位BYTE
$destination_folder="uploadimg/"; //上传文件路径
$water=0; //是否附加水印(1为加水印,其他为不加水印);
$watertype=1; //水印类型(1为文字,2为图片)
$waterposition=1; //水印位置(1为左下角,2为右下角,3为左上角,4为右上角,5为居中);
$waterstring="http://www.xplore.cn/"; //水印字符串
$waterimg="xplore.gif"; //水印图片
$imgpreview=1; //是否生成预览图(1为生成,其他为不生成);
$imgpreviewsize=1/2; //缩略图比例
?>
<?php
if ($_POST['username'])
{
if($_SESSION[code]!=$_POST[v_code])
{
echo "验证码错误";
exit();
}
if (!is_uploaded_file($_FILES["upfile"][tmp_name]))
//是否存在文件
{
echo "您所上传的头像不存在!";
exit;
} $file = $_FILES["upfile"];
if($max_file_size < $file["size"])
//检查文件大小
{
echo "头像文件太大!";
exit;
} if(!in_array($file["type"], $uptypes))
//检查文件类型
{
echo "文件类型不符!".$file["type"];
exit;
}
if(!ereg("^([a-zA-Z0-9_-])+@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-])+",$_POST['email']))
//检查邮件地址格式
{
echo "邮件地址格式不正确!";
exit;
} if(!file_exists($destination_folder))
{
mkdir($destination_folder);
} $filename=$file["tmp_name"];
$image_size = getimagesize($filename);
$pinfo=pathinfo($file["name"]);
$ftype=$pinfo['extension'];
$destination = $destination_folder.time().".".$ftype;
if (file_exists($destination) && $overwrite != true)
{
echo "同名文件已经存在了";
exit;
} if(!move_uploaded_file ($filename, $destination))
{
echo "移动文件出错";
exit;
} $pinfo=pathinfo($destination);
$fname=$pinfo[basename];
echo " <font color=red>已经成功上传</font><br>文件名: <font color=blue>".$destination_folder.$fname."</font><br>";
echo " 宽度:".$image_size[0];
echo " 长度:".$image_size[1];
echo "<br> 大小:".$file["size"]." bytes"; if($water==1)
{
$iinfo=getimagesize($destination,$iinfo);
$nimage=imagecreatetruecolor($image_size[0],$image_size[1]);
$white=imagecolorallocate($nimage,255,255,255);
$black=imagecolorallocate($nimage,0,0,0);
$red=imagecolorallocate($nimage,255,0,0);
imagefill($nimage,0,0,$white);
switch ($iinfo[2])
{
case 1:
$simage =imagecreatefromgif($destination);
break;
case 2:
$simage =imagecreatefromjpeg($destination);
break;
case 3:
$simage =imagecreatefrompng($destination);
break;
case 6:
$simage =imagecreatefromwbmp($destination);
break;
default:
die("不支持的文件类型");
exit;
} imagecopy($nimage,$simage,0,0,0,0,$image_size[0],$image_size[1]);
imagefilledrectangle($nimage,1,$image_size[1]-15,80,$image_size[1],$white); switch($watertype)
{
case 1: //加水印字符串
imagestring($nimage,2,3,$image_size[1]-15,$waterstring,$black);
break;
case 2: //加水印图片
$simage1 =imagecreatefromgif("xplore.gif");
imagecopy($nimage,$simage1,0,0,0,0,85,15);
imagedestroy($simage1);
break;
} switch ($iinfo[2])
{
case 1:
//imagegif($nimage, $destination);
imagejpeg($nimage, $destination);
break;
case 2:
imagejpeg($nimage, $destination);
break;
case 3:
imagepng($nimage, $destination);
break;
case 6:
imagewbmp($nimage, $destination);
//imagejpeg($nimage, $destination);
break;
} //覆盖原上传文件
imagedestroy($nimage);
imagedestroy($simage);
} if($imgpreview==1)
{
// echo "<br>图片预览:<br>";
// echo "<img src=\"".$destination."\" width=".($image_size[0]*$imgpreviewsize)." height=".($image_size[1]*$imgpreviewsize);
// echo " alt=\"图片预览:\r文件名:".$destination."\r上传时间:\">"; if($_POST['male']==1) {$sex=1;} else {$sex=0;}
$sql="SELECT * FROM `menbers` WHERE `username` = '$_POST[username]'"; $answer=mysql_query($sql);
$answer=mysql_num_rows($answer);
if($answer=="1"){
echo "用户名已经存在";
exit;
}
$sql="INSERT INTO menbers (username,password,sex,email,icon_loction) values('$_POST[username]',md5('$_POST[password]'),'$sex','$_POST[email]','$destination')";
mysql_query($sql);
echo "注册成功";
// echo $sql;
}
}
?>
<script type="text/javascript" src="js/ajax.js"></script>
<script language="javascript">
function isEmpty(){
//form1是form中的name属性
var _form = document.form1;
if(_form.username.value==""){
alert("用户名不能为空!");
return false;
}
if(_form.username.value.length<5){
alert("用户名太短!");
return false;
}
if(_form.password.value==""){
alert("密码不能为空!");
return false;
}
if(_form.password.value.length<8){
alert("密码必须为8位以上!");
return false;
}
if(_form.password2.value==""){
alert("确认密码不能为空!");
return false;
}
if(_form.password.value!=_form.password2.value){
alert("密码和确认密码不一致!");
return false;
}
if(_form.email.value==""){
alert("邮件地址不能为空!");
return false;
}
form1.submit();
}
</script>
<style type="text/css">
<!--
.STYLE1 {font-size: 12px}
-->
</style><form action="" method="post" enctype="multipart/form-data" name="form1">
<table width="304" border="1" align="center">
<tr>
<td width="77"><span class="STYLE1">用户名</span></td>
<td colspan="2"><span class="STYLE1">
<label>
<input onblur="postandsend(username)" name="username" type="text" id="username" maxlength="10">
</label>
</span><div id= "chkname"></div></td>
</tr>
<tr>
<td><span class="STYLE1">密码</span></td>
<td colspan="2"><span class="STYLE1">
<label>
<input name="password" type="password" id="password" maxlength="10">
</label>
</span></td>
</tr>
<tr>
<td><span class="STYLE1">确认密码</span></td>
<td colspan="2"><span class="STYLE1">
<label>
<input name="password2" type="password" id="password2" maxlength="10">
</label>
</span></td>
</tr>
<tr>
<td><span class="STYLE1">性别</span></td>
<td colspan="2"><span class="STYLE1">
<label></label>
</span>
<span class="STYLE1">
<input name="male" type="radio" value="1" checked="checked" />
男
<input type="radio" name="male" value="2" />
女
<label></label>
</span><span class="STYLE1">
<label></label>
</span></td>
</tr>
<tr>
<td><span class="STYLE1">头像(25X25)</span></td>
<td colspan="2"><span class="STYLE1">
<label>
<input name="upfile" type="file" id="upfile" size="20">
</label>
</span></td>
</tr>
<tr>
<td><span class="STYLE1">邮件地址</span></td>
<td colspan="2"><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td>验证码</td>
<td width="35"><input name="v_code" type="text" id="v_code" size="5" maxlength="5" /></td>
<td width="170"><div align="left"><img src="v_code.php"/></div></td>
</tr>
<tr>
<td colspan="3"><span class="STYLE1">
<label> <div align="center" class="STYLE1">
<input onclick="isEmpty()" type="button" name="sub" value="注册" >
</div>
<span class="STYLE1">
</label>
</span></td>
</tr>
</table>
</form>
---head.php<table width="100%" border="1" cellspacing="1" cellpadding="1">
<tr>
<td width="72%"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td> </td>
<td> </td>
<td> </td>
<td>查看帖子</td>
</tr>
</table></td>
<td width="28%"><?php
if ($_COOKIE[user]!="") {
echo $_COOKIE[user]." | <a href=\"logout.php\">登出</a>"; }
if ($_COOKIE[_isAdmin]!="") {
echo $_COOKIE[_isAdmin]."(管理) | <a href=\"../../../www/logout.php\">登出</a>"; }
?></td>
</tr>
</table>
也是为了得到各位的指导和点评,以便让我能够写出一个规范和尽量完美的商城。---CONN.PHP
<?php
$mysql_server_name='localhost';
//改成自己的mysql数据库服务器
$mysql_username='root';
//改成自己的mysql数据库用户名
$mysql_password='';
//改成自己的mysql数据库密码
$mysql_database='Data';
//改成自己的mysql数据库名
$conn=@ mysql_connect($mysql_server_name,$mysql_username,$mysql_password,'') or die("链接错误");
mysql_select_db($mysql_database,$conn);
?>
---register.php
<?php
session_start();
include("conn.php");
include("head.php");
/******************************************************************************参数说明:
$max_file_size : 上传文件大小限制, 单位BYTE
$destination_folder : 上传文件路径
$water : 是否附加水印(1为加水印,其他为不加水印);使用说明:
1. 将PHP.INI文件里面的"extension=php_gd2.dll"一行前面的;号去掉,因为我们要用到GD库;
2. 将extension_dir =改为你的php_gd2.dll所在目录;
******************************************************************************///上传文件类型列表
$uptypes=array(
'image/jpg',
'image/jpeg',
'image/png',
'image/pjpeg',
'image/gif',
'image/bmp',
'image/x-png'
);$max_file_size=2000000; //上传文件大小限制, 单位BYTE
$destination_folder="uploadimg/"; //上传文件路径
$water=0; //是否附加水印(1为加水印,其他为不加水印);
$watertype=1; //水印类型(1为文字,2为图片)
$waterposition=1; //水印位置(1为左下角,2为右下角,3为左上角,4为右上角,5为居中);
$waterstring="http://www.xplore.cn/"; //水印字符串
$waterimg="xplore.gif"; //水印图片
$imgpreview=1; //是否生成预览图(1为生成,其他为不生成);
$imgpreviewsize=1/2; //缩略图比例
?>
<?php
if ($_POST['username'])
{
if($_SESSION[code]!=$_POST[v_code])
{
echo "验证码错误";
exit();
}
if (!is_uploaded_file($_FILES["upfile"][tmp_name]))
//是否存在文件
{
echo "您所上传的头像不存在!";
exit;
} $file = $_FILES["upfile"];
if($max_file_size < $file["size"])
//检查文件大小
{
echo "头像文件太大!";
exit;
} if(!in_array($file["type"], $uptypes))
//检查文件类型
{
echo "文件类型不符!".$file["type"];
exit;
}
if(!ereg("^([a-zA-Z0-9_-])+@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-])+",$_POST['email']))
//检查邮件地址格式
{
echo "邮件地址格式不正确!";
exit;
} if(!file_exists($destination_folder))
{
mkdir($destination_folder);
} $filename=$file["tmp_name"];
$image_size = getimagesize($filename);
$pinfo=pathinfo($file["name"]);
$ftype=$pinfo['extension'];
$destination = $destination_folder.time().".".$ftype;
if (file_exists($destination) && $overwrite != true)
{
echo "同名文件已经存在了";
exit;
} if(!move_uploaded_file ($filename, $destination))
{
echo "移动文件出错";
exit;
} $pinfo=pathinfo($destination);
$fname=$pinfo[basename];
echo " <font color=red>已经成功上传</font><br>文件名: <font color=blue>".$destination_folder.$fname."</font><br>";
echo " 宽度:".$image_size[0];
echo " 长度:".$image_size[1];
echo "<br> 大小:".$file["size"]." bytes"; if($water==1)
{
$iinfo=getimagesize($destination,$iinfo);
$nimage=imagecreatetruecolor($image_size[0],$image_size[1]);
$white=imagecolorallocate($nimage,255,255,255);
$black=imagecolorallocate($nimage,0,0,0);
$red=imagecolorallocate($nimage,255,0,0);
imagefill($nimage,0,0,$white);
switch ($iinfo[2])
{
case 1:
$simage =imagecreatefromgif($destination);
break;
case 2:
$simage =imagecreatefromjpeg($destination);
break;
case 3:
$simage =imagecreatefrompng($destination);
break;
case 6:
$simage =imagecreatefromwbmp($destination);
break;
default:
die("不支持的文件类型");
exit;
} imagecopy($nimage,$simage,0,0,0,0,$image_size[0],$image_size[1]);
imagefilledrectangle($nimage,1,$image_size[1]-15,80,$image_size[1],$white); switch($watertype)
{
case 1: //加水印字符串
imagestring($nimage,2,3,$image_size[1]-15,$waterstring,$black);
break;
case 2: //加水印图片
$simage1 =imagecreatefromgif("xplore.gif");
imagecopy($nimage,$simage1,0,0,0,0,85,15);
imagedestroy($simage1);
break;
} switch ($iinfo[2])
{
case 1:
//imagegif($nimage, $destination);
imagejpeg($nimage, $destination);
break;
case 2:
imagejpeg($nimage, $destination);
break;
case 3:
imagepng($nimage, $destination);
break;
case 6:
imagewbmp($nimage, $destination);
//imagejpeg($nimage, $destination);
break;
} //覆盖原上传文件
imagedestroy($nimage);
imagedestroy($simage);
} if($imgpreview==1)
{
// echo "<br>图片预览:<br>";
// echo "<img src=\"".$destination."\" width=".($image_size[0]*$imgpreviewsize)." height=".($image_size[1]*$imgpreviewsize);
// echo " alt=\"图片预览:\r文件名:".$destination."\r上传时间:\">"; if($_POST['male']==1) {$sex=1;} else {$sex=0;}
$sql="SELECT * FROM `menbers` WHERE `username` = '$_POST[username]'"; $answer=mysql_query($sql);
$answer=mysql_num_rows($answer);
if($answer=="1"){
echo "用户名已经存在";
exit;
}
$sql="INSERT INTO menbers (username,password,sex,email,icon_loction) values('$_POST[username]',md5('$_POST[password]'),'$sex','$_POST[email]','$destination')";
mysql_query($sql);
echo "注册成功";
// echo $sql;
}
}
?>
<script type="text/javascript" src="js/ajax.js"></script>
<script language="javascript">
function isEmpty(){
//form1是form中的name属性
var _form = document.form1;
if(_form.username.value==""){
alert("用户名不能为空!");
return false;
}
if(_form.username.value.length<5){
alert("用户名太短!");
return false;
}
if(_form.password.value==""){
alert("密码不能为空!");
return false;
}
if(_form.password.value.length<8){
alert("密码必须为8位以上!");
return false;
}
if(_form.password2.value==""){
alert("确认密码不能为空!");
return false;
}
if(_form.password.value!=_form.password2.value){
alert("密码和确认密码不一致!");
return false;
}
if(_form.email.value==""){
alert("邮件地址不能为空!");
return false;
}
form1.submit();
}
</script>
<style type="text/css">
<!--
.STYLE1 {font-size: 12px}
-->
</style><form action="" method="post" enctype="multipart/form-data" name="form1">
<table width="304" border="1" align="center">
<tr>
<td width="77"><span class="STYLE1">用户名</span></td>
<td colspan="2"><span class="STYLE1">
<label>
<input onblur="postandsend(username)" name="username" type="text" id="username" maxlength="10">
</label>
</span><div id= "chkname"></div></td>
</tr>
<tr>
<td><span class="STYLE1">密码</span></td>
<td colspan="2"><span class="STYLE1">
<label>
<input name="password" type="password" id="password" maxlength="10">
</label>
</span></td>
</tr>
<tr>
<td><span class="STYLE1">确认密码</span></td>
<td colspan="2"><span class="STYLE1">
<label>
<input name="password2" type="password" id="password2" maxlength="10">
</label>
</span></td>
</tr>
<tr>
<td><span class="STYLE1">性别</span></td>
<td colspan="2"><span class="STYLE1">
<label></label>
</span>
<span class="STYLE1">
<input name="male" type="radio" value="1" checked="checked" />
男
<input type="radio" name="male" value="2" />
女
<label></label>
</span><span class="STYLE1">
<label></label>
</span></td>
</tr>
<tr>
<td><span class="STYLE1">头像(25X25)</span></td>
<td colspan="2"><span class="STYLE1">
<label>
<input name="upfile" type="file" id="upfile" size="20">
</label>
</span></td>
</tr>
<tr>
<td><span class="STYLE1">邮件地址</span></td>
<td colspan="2"><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td>验证码</td>
<td width="35"><input name="v_code" type="text" id="v_code" size="5" maxlength="5" /></td>
<td width="170"><div align="left"><img src="v_code.php"/></div></td>
</tr>
<tr>
<td colspan="3"><span class="STYLE1">
<label> <div align="center" class="STYLE1">
<input onclick="isEmpty()" type="button" name="sub" value="注册" >
</div>
<span class="STYLE1">
</label>
</span></td>
</tr>
</table>
</form>
---head.php<table width="100%" border="1" cellspacing="1" cellpadding="1">
<tr>
<td width="72%"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td> </td>
<td> </td>
<td> </td>
<td>查看帖子</td>
</tr>
</table></td>
<td width="28%"><?php
if ($_COOKIE[user]!="") {
echo $_COOKIE[user]." | <a href=\"logout.php\">登出</a>"; }
if ($_COOKIE[_isAdmin]!="") {
echo $_COOKIE[_isAdmin]."(管理) | <a href=\"../../../www/logout.php\">登出</a>"; }
?></td>
</tr>
</table>
session_start();
?><?php
include("conn.php");
include("head.php");if ($_POST['username']!=""){
$sql="SELECT *
FROM `menbers`
WHERE `username` = '$_POST[username]'
AND `password` = md5('$_POST[password]')
";
$answer= mysql_query($sql) ;
$answer=mysql_num_rows($answer);
if($_SESSION[code]!=$_POST[v_code])
{
echo "验证码错误";
}
elseif($answer=="1"){
setcookie("user",$_POST[username],time()+3600);
echo "登录成功<script> location.href='login_menber.php' </script>";
}
else{
echo "登录失败";}
}
echo $HTTP_COOKIE_VARS["user"];
?>
<style type="text/css">
<!--
.STYLE1 {font-size: 12px}
-->
</style><script language="javascript">
function isEmpty(){
//form1是form中的name属性
var _form = document.form1;
if(_form.username.value==""){
alert("用户名不能为空!");
return false;
}
if(_form.password.value==""){
alert("密码不能为空!");
return false;
}
form1.submit();
}
</script><p> </p>
<p> </p>
<form action="" method="post" enctype="multipart/form-data" name="form1">
<table width="318" height="76" border="1" align="center" cellpadding="1" cellspacing="1">
<tr>
<td width="180"><span class="STYLE1" style="font-size: 12px">用户名:</span></td>
<td colspan="2">
<div align="left">
<input name="username" type="text" id="username" size="10" maxlength="10" />
</div></td>
</tr>
<tr>
<td><span class="STYLE1" style="font-size: 12px">密码:</span></td>
<td colspan="2">
<div align="left">
<input name="password" type="password" id="password" size="10" maxlength="10" />
</div></td>
</tr>
<tr>
<td><span style="font-size: 12px">验证码:</span></td>
<td width="35"> <label>
<div align="left">
<input name="v_code" type="text" id="v_code" size="5" maxlength="5" />
</div>
</label></td>
<td width="85"><div align="left"><img src="v_code.php"/></div></td>
</tr>
<tr>
<td colspan="3"><span class="STYLE1">记住我的登录状态:
<input name="keepstatus" type="checkbox" id="keepstatus" value="checkbox" />
</span></td>
</tr>
<tr>
<td colspan="3"><div align="center" class="STYLE1">
<input onclick="isEmpty()" type="button" name="sub" value="登录" >
</div></td>
</tr>
</table>
</form>---namechk.php
<?php
include("conn.php");
$sql="SELECT *
FROM `menbers`
WHERE `username` = '$_GET[name]'
";
$answer= mysql_query($sql) ;
$answer=mysql_num_rows($answer);
if($answer=="1")
{
echo "用户名已被占用.";
}
else
{
echo "用户名可以使用";
}
?>
---v_code.php<?php
session_start();
for($i=0;$i<5;$i++){
$rand.=dechex(rand(1,15));
} $im=imagecreatetruecolor(100,15);
$bg=imagecolorallocate($im,0,0,0);
$te=imagecolorallocate($im,rand(100,255),rand(100,255),rand(100,255));
$_SESSION[code]=$rand;
imagestring($im,5,rand(1,50),0,$rand,$te);
for($i=1;$i<4;$i++)
{
$line=imagecolorallocate($im,rand(50,255),rand(50,255),rand(50,255));
imageline ($im,rand(0,100),0,rand(0,100),15,$line);
}
for($i=1;$i<100;$i++)
{
$line=imagecolorallocate($im,rand(50,255),rand(50,255),rand(50,255));
imagesetpixel ($im,rand(0,100),rand(0,15),$line);
} imagejpeg($im);
header("Content-type: image/jpeg");
?>
---logout.php<?php
include("head.php");
setcookie('user','');
setcookie('_isAdmin',"",time()+3600,"/"); ?>
<script>
var numb;
function brand(a)
{
return parseInt((a)*Math.random()+1);
}
function goUrl(){
numb=brand(5);
window.location = "login_menber.php";
}
setTimeout(goUrl,5000)//500是0.5秒
</script>
<div align="center">
<p> </p>
<p>你已经成功退出,正在跳转到登录界面。</p>
</div>---/admin/Maple_login.php
<?php
session_start();
?><?php
include("../conn.php");
include("../head.php");if ($_POST['username']!=""){
$sql="SELECT *
FROM `MP_admin`
WHERE `name` = '$_POST[username]'
AND `pwd` = md5('$_POST[password]')
";
$answer= mysql_query($sql) ;
$answer=mysql_num_rows($answer);
if($_SESSION[code]!=$_POST[v_code])
{
echo "验证码错误";
}
elseif($answer=="1"){
setcookie('_isAdmin',$_POST[username],time()+3600,"/");
$sql="INSERT INTO mp_admin_login_history (name,time,IP) values('$_POST[username]',now(),'$_SERVER[REMOTE_ADDR]')";
mysql_query($sql);
echo "登录成功<script> location.href='home.php' </script>";
}
else{
echo "登录失败";}
}
echo $HTTP_COOKIE_VARS["user"];
?>
<style type="text/css">
<!--
.STYLE1 {font-size: 12px}
-->
</style><script language="javascript">
function isEmpty(){
//form1是form中的name属性
var _form = document.form1;
if(_form.username.value==""){
alert("用户名不能为空!");
return false;
}
if(_form.password.value==""){
alert("密码不能为空!");
return false;
}
form1.submit();
}
</script><p> </p>
<p> </p>
<form action="" method="post" enctype="multipart/form-data" name="form1">
<table width="288" height="76" border="1" align="center" cellpadding="1" cellspacing="1">
<tr>
<td width="158"><span class="STYLE1" style="font-size: 12px">用户名:</span></td>
<td colspan="2">
<div align="left">
<input name="username" type="text" id="username" size="10" maxlength="10" />
</div></td>
</tr>
<tr>
<td><span class="STYLE1" style="font-size: 12px">密码:</span></td>
<td colspan="2">
<div align="left">
<input name="password" type="password" id="password" size="10" maxlength="10" />
</div></td>
</tr>
<tr>
<td><span style="font-size: 12px">验证码:</span></td>
<td width="35"> <label>
<div align="left">
<input name="v_code" type="text" id="v_code" size="5" maxlength="5" />
</div>
</label></td>
<td width="77"><div align="left"><img src="../v_code.php"/></div></td>
</tr>
<tr>
<td colspan="3"><span class="STYLE1">记住我的登录状态:
<input name="keepstatus" type="checkbox" id="keepstatus" value="checkbox" />
</span></td>
</tr>
<tr>
<td colspan="3"><div align="center" class="STYLE1">
<input onclick="isEmpty()" type="button" name="sub" value="登录" >
</div></td>
</tr>
</table>
</form>--home.php
<?php
session_start();
?><?php
include("../conn.php");
include("../head.php");if ($_COOKIE['_isAdmin']!=""){
$sql="SELECT *
FROM `MP_admin`
WHERE `name` = '$_COOKIE[_isAdmin]'
";
$answer= mysql_query($sql) ;
$answer=mysql_num_rows($answer);
if($answer=="1"){
include("Maple_home.php");
exit();
}
else{
echo "授权非法,可能是超时造成的";}
}
else
{
echo "授权非法,可能是超时造成的";
}?>
---Maple_home.php<table width="53%" height="79" border="1">
<tr>
<td height="23" colspan="3">历史登陆记录</td>
</tr>
<tr>
<td width="34%" height="23">账号</td>
<td width="31%">IP</td>
<td>日期</td>
</tr>
</table>
<?php
$sql="SELECT *
FROM `mp_admin_login_history` ";
$answer= mysql_query($sql) ;
?>
更新历史:
2011-8-15 完成了注册系统和登录系统
2011-8-16 添加了验证码,完成了Cookie,部分数据改用MD5加密
2011-8-22 完成了AJAX的用户名重复查询功能
2011-8-28 完成了管理员后台的登录与退出功能
我也发现挺多问题的,昨晚睡前看了下代码,发现用户登陆和ADMIN登陆进去以后COOKIE只审查了用户名,没审查密码。这样的话别人写个类似于采集程序的PHP文件可以把用户名穷举出来就OK了后来我就每个页面都链接数据库去核对一下MD5密码,但是发现每一页修改挺麻烦的,突然发现这个审核过程应该写到函数里面。还有挺多别的问题的…… 慢慢改吧,实在写不下去了看看别人的商城怎么写的……
再做一个功能的时候多考虑,如果其它页面也要做同样的操作,怎么调用方便,比如你水印图片那么多代码,相信以后还会用到的。
你现在先熟悉到那些php函数.. 慢慢熟悉一些框架..搞搞mvc..你再弄一个商城.到时候大家就知道你的厉害了.
做之前可能连框架都没考虑
做商城框架前需要把SEO因素考虑进去,毕竟商家是要去推广的
如自定义URL、自定义Each Page's Meta Keywords&Description,是否可以与BLOG系统轻松整合,是否是XHTML等等等
而后要考虑商城的自身功能,如功能框架是否能实现插件式编程,是否可轻松扩展功能,促销策略等等
public function Chk_Subdirectory($level=0,$fid) {
$sql = "SELECT * from p_newsclass where f_id=$fid";//自己写的,成功列出第三级目录,试图用这个列出无限目录
$result=mysql_query($sql,$this->conn);
while($row=mysql_fetch_array($result))
{ echo " <form action=\"\" method=\"post\">
┗";
for($i=0;$i<=$level;$i++)
{
echo "━";
}
echo "<input type=\"hidden\" name=\"id\" value=\"" . $row[id] . "\" />
<input type=\"text\" name=\"name\" value=\"" . $row[name] ."\"/>
<input type=\"submit\" name=\"update_class\" value=\"更新\"/>
<input type=\"button\" value=\"删除\" onClick=\"location.href='?del=" . $row[id] . "e'\"/>
</form>";
$sql2 = "SELECT * from p_newsclass where f_id=$row[id]";//自己写的,成功列出第三级目录,试图用这个列出无限目录
$result2=mysql_query($sql2,$this->conn);
if($row2=@mysql_fetch_array($result2))
{
$this->Chk_Subdirectory($level=$level+1,$row[id]);
}
} return 0; }
/**
* 查询子目录并且输出(下拉菜单)
*/
public function Chk_Subdirectory_for_add($level=0,$fid) {
$sql = "SELECT * from p_newsclass where f_id=$fid";//自己写的,成功列出第三级目录,试图用这个列出无限目录
$result=mysql_query($sql,$this->conn);
while($row=mysql_fetch_array($result))
{ echo "<option value=\"" . $row[id] . "\">┗";
for($i=0;$i<=$level;$i++)
{
echo "━";
}
echo $row[name] ."</option>";
$sql2 = "SELECT * from p_newsclass where f_id=$row[id]";//自己写的,成功列出第三级目录,试图用这个列出无限目录
$result2=mysql_query($sql2,$this->conn);
if($row2=@mysql_fetch_array($result2))
{
$this->Chk_Subdirectory_for_add($level=$level+1,$row[id]);
}
} return 0; }
花了一天时间,终于写出二个类出来,这个是用于遍历系统目录并且以树形输出的,这还是我第一次用函数本身去调用函数自己呢(一直以为这么操作会报错来着)
但是有几个方面跟商业化的代码比还是有一定差距,我举几个方面说说: 1、做好全站规划,比如哪些是全站的公共文件,比如JS代码,SMRATY,PHP框架,自定义的公共函数等等,最好能独立成一个文件夹,统一调用,这样能大大减少全站体积。
2、全站建议采用SMARTY结构,即HTML代码和PHP代码的彻底分离!这样将来的全站修改将会减少很多压力!
3、数据库和一些公共信息以配置文件的形式保存,比如抬头和底部的版权信息,基本上每页都有。这些信息,可以放到配置文件里,改的时候直接改配置文件,还有就是表名以公共常量来表示等。这样一旦修改表名,就直接改公共的数据库表名文件就可以了,不再需要一个一个文件修改! 当然还有很多细节化的东西,我一下也想不起来,不完整的地方还请高手补充!
2011-8-15 完成了注册系统和登录系统
2011-8-16 添加了验证码,完成了Cookie,部分数据改用MD5加密
2011-8-22 完成了AJAX的用户名重复查询功能
2011-8-28 完成了管理员后台的登录与退出功能,管理员登陆历史纪录,完善了登陆后对COOKIE的审查安全漏洞
2011-8-29 开始参考一新闻发布系统的代码,准备以这个系统为基础进行二次开发重新写商城
2011-9-1 改进了新闻发布系统后台不能以树形无限添加,修改,删除目录的问题
2011-9-3 添加了 “看不清,换一张”的功能,根据新闻发布系统的模式,对商城采用了Smarty和面向对象的方式重写代码。
2011-9-4 开始原创一个自己的MYSQL类
2011-9-6 类的大体结构已经完成,完成了对商城的规范,并且完成了添加 “添加分类” 功能。目前商城目录结构:
<?php
/**********************
action.php
**********************/
class action extends mysql {
public function checkcookie(){
if ($_COOKIE['_isAdmin']!=""){
$answer=$this->mysql_getdata("MP_admin","`name` = '$_COOKIE[_isAdmin]' AND `pwd` = '$_COOKIE[Adminpwd]'");
$answer = mysql_num_rows($answer);
if($answer=="1"){
return true;
exit();
}
else{
echo "授权非法,可能是超时造成的";}
}
else
{
echo "授权非法,可能是超时造成的";
}}public function uploadimg(){
/****************************************************************************** 参数说明:
$max_file_size : 上传文件大小限制, 单位BYTE
$destination_folder : 上传文件路径
$water : 是否附加水印(1为加水印,其他为不加水印); 使用说明:
1. 将PHP.INI文件里面的"extension=php_gd2.dll"一行前面的;号去掉,因为我们要用到GD库;
2. 将extension_dir =改为你的php_gd2.dll所在目录;
******************************************************************************/ //上传文件类型列表 $uptypes=array(
'image/jpg',
'image/jpeg',
'image/png',
'image/pjpeg',
'image/gif',
'image/bmp',
'image/x-png'
); $max_file_size=2000000; //上传文件大小限制, 单位BYTE
$destination_folder="uploadimg/"; //上传文件路径
$water=0; //是否附加水印(1为加水印,其他为不加水印);
$watertype=1; //水印类型(1为文字,2为图片)
$waterposition=1; //水印位置(1为左下角,2为右下角,3为左上角,4为右上角,5为居中);
$waterstring="http://www.xplore.cn/"; //水印字符串
$waterimg="xplore.gif"; //水印图片
$imgpreview=1; //是否生成预览图(1为生成,其他为不生成);
$imgpreviewsize=1/2; //缩略图比例 if (!is_uploaded_file($_FILES["upfile"][tmp_name]))
//是否存在文件
{
get_show_msg("register.php","您所上传的头像不存在!");
exit;
} $file = $_FILES["upfile"];
if($max_file_size < $file["size"])
//检查文件大小
{
get_show_msg("register.php","头像文件太大");
exit;
} if(!in_array($file["type"], $uptypes))
//检查文件类型
{
get_show_msg("register.php","头像文件类型不符");
exit;
}
if(!ereg("^([a-zA-Z0-9_-])+@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-])+",$_POST['email']))
//检查邮件地址格式
{
get_show_msg("register.php","邮件地址格式不正确");
exit;
} if(!file_exists($destination_folder))
{
mkdir($destination_folder);
} $filename=$file["tmp_name"];
$image_size = getimagesize($filename);
$pinfo=pathinfo($file["name"]);
$ftype=$pinfo['extension'];
$destination = $destination_folder.time().".".$ftype;
if (file_exists($destination) && $overwrite != true)
{
get_show_msg("register.php","同名文件已经存在了");
exit;
} if(!move_uploaded_file ($filename, $destination))
{
get_show_msg("register.php","移动文件出错");
exit;
} $pinfo=pathinfo($destination);
$fname=$pinfo[basename]; if($_POST['male']==1) {$sex=1;} else {$sex=0;}
// $sql="SELECT * FROM `menbers` WHERE `username` = '$_POST[username]' ";
$answer=$this->mysql_getdata("menbers","`username` = '$_POST[username]'");
$answer=mysql_num_rows($answer);
if($answer=="1"){
get_show_msg("register.php","用户名已经存在");
exit;
}
// $sql="INSERT INTO menbers (username,password,sex,email,icon_loction) values('$_POST[username]',md5('$_POST[password]'),'$sex','$_POST[email]','$destination')";
$this->mysql_insertdata("menbers","username,password,sex,email,icon_loction","'$_POST[username]',md5('$_POST[password]'),'$sex','$_POST[email]','$destination'");
mysql_query($sql);
get_show_msg("register.php","注册成功"); if($water==1)
{
$iinfo=getimagesize($destination,$iinfo);
$nimage=imagecreatetruecolor($image_size[0],$image_size[1]);
$white=imagecolorallocate($nimage,255,255,255);
$black=imagecolorallocate($nimage,0,0,0);
$red=imagecolorallocate($nimage,255,0,0);
imagefill($nimage,0,0,$white);
switch ($iinfo[2])
{
case 1:
$simage =imagecreatefromgif($destination);
break;
case 2:
$simage =imagecreatefromjpeg($destination);
break;
case 3:
$simage =imagecreatefrompng($destination);
break;
case 6:
$simage =imagecreatefromwbmp($destination);
break;
default:
die("不支持的文件类型");
exit;
} imagecopy($nimage,$simage,0,0,0,0,$image_size[0],$image_size[1]);
imagefilledrectangle($nimage,1,$image_size[1]-15,80,$image_size[1],$white); switch($watertype)
{
case 1: //加水印字符串
imagestring($nimage,2,3,$image_size[1]-15,$waterstring,$black);
break;
case 2: //加水印图片
$simage1 =imagecreatefromgif("xplore.gif");
imagecopy($nimage,$simage1,0,0,0,0,85,15);
imagedestroy($simage1);
break;
} switch ($iinfo[2])
{
case 1:
//imagegif($nimage, $destination);
imagejpeg($nimage, $destination);
break;
case 2:
imagejpeg($nimage, $destination);
break;
case 3:
imagepng($nimage, $destination);
break;
case 6:
imagewbmp($nimage, $destination);
//imagejpeg($nimage, $destination);
break;
} //覆盖原上传文件
imagedestroy($nimage);
imagedestroy($simage);
} if($imgpreview==1)
{
// echo "<br>图片预览:<br>";
// echo "<img src=\"".$destination."\" width=".($image_size[0]*$imgpreviewsize)." height=".($image_size[1]*$imgpreviewsize);
// echo " alt=\"图片预览:\r文件名:".$destination."\r上传时间:\">";
// echo $sql;
}
}
} //end class function get_show_msg($url, $show = '操作已成功!') {
$msg = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="Public/common.css" type="text/css" />
<meta http-equiv="refresh" content="2; url=' . $url . '" />
<title>消息提示</title>
</head>
<body>
<div id="man_zone">
<table width="30%" border="1" align="center" cellpadding="3" cellspacing="0" class="table" style="margin-top:100px;">
<tr>
<th align="center" style="background:#cef">信息提示</th>
</tr>
<tr>
<td><p>' . $show . '<br />
2秒后返回指定页面!<br />
如果浏览器无法跳转,<a href="' . $url . '">请点击此处</a>。</p></td>
</tr>
</table>
</div>
</body>
</html>';
echo $msg;
exit ();
}?>
<?php
/**********************
global.php
**********************/
session_start();
include_once('./configs/config.php');
include_once('./common/smarty/Smarty.class.php');
include_once('./common/mysql.class.php');
// include_once("./conn.php");
include_once("./action.php");
$db = new action();
$db->mysql_conn();
$smarty = new smarty();
$smarty->template_dir = $smarty_template_dir;
$smarty->compile_dir = $smarty_compile_dir;
$smarty->config_dir = $smarty_config_dir;
$smarty->cache_dir = $smarty_cache_dir;
$smarty->caching = $smarty_caching;
$smarty->left_delimiter = $smarty_delimiter[0];
$smarty->right_delimiter= $smarty_delimiter[1];
$smarty->assign("t_dir",$smarty_template_dir);
include_once("./head.php");
?><?php
/**********************
head.php
**********************/
?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<table width="100%" border="1" cellspacing="1" cellpadding="1">
<tr>
<td width="72%"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td> </td>
<td> </td>
<td> </td>
<td><a href="?listlevel=0">目录</a></td>
</tr>
</table></td>
<td width="28%"><?php
if($_GET['logout']==1)
{
setcookie('user','');
setcookie('_isAdmin',"",time()+3600,"/");
get_show_msg("login_menber.php","您已经成功退出");
}
if ($_COOKIE[user]!="") {
echo $_COOKIE[user]." | <a href=\"?logout=1\">登出</a>"; }
if ($_COOKIE[_isAdmin]!="") {
echo $_COOKIE[_isAdmin]."(管理) | <a href=\"../../../www/logout.php\">登出</a>"; }
?></td>
</tr>
</table><?php
session_start();
/**********************
login_menber.php
**********************/
?><?php
require_once("global.php");if ($_POST['username']!=""){
$sql = "username = '" . $_POST[username] . "' and password = '" . md5($_POST[password]) . "'"; $answer=$db->mysql_getdata("menbers",$sql); $answer=mysql_num_rows($answer);
if($_SESSION[code]!=$_POST[v_code])
{
echo "验证码错误";
}
elseif($answer=="1"){
setcookie("user",$_POST[username],time()+3600);
echo "登录成功<script> location.href='login_menber.php' </script>";
}
else{
echo "登录失败";}
}
$smarty->display("login_menber.html");
?>
<?php
/**********************
namechk.php
**********************/
include_once("./conn.php");
$sql="SELECT *
FROM `menbers`
WHERE `username` = '$_GET[name]'
";
$answer= mysql_query($sql) ;
$answer=mysql_num_rows($answer);
if($answer=="1")
{
echo "用户名已被占用.";
}
else
{
echo "用户名可以使用";
}
?><?php
/**********************
register.php
**********************/
include("global.php"); if ($_POST['username'])
{
if($_SESSION[code]!=$_POST[v_code])
{
echo "验证码错误";
exit();
}
$db->uploadimg();
}$smarty->display("register.html");
?><?php
/**********************
v_code.php
**********************/
session_start();
for($i=0;$i<5;$i++){
$rand.=dechex(rand(1,15));
} $im=imagecreatetruecolor(100,15);
$bg=imagecolorallocate($im,0,0,0);
$te=imagecolorallocate($im,rand(100,255),rand(100,255),rand(100,255));
$_SESSION[code]=$rand;
imagestring($im,5,rand(1,50),0,$rand,$te);
for($i=1;$i<4;$i++)
{
$line=imagecolorallocate($im,rand(50,255),rand(50,255),rand(50,255));
imageline ($im,rand(0,100),0,rand(0,100),15,$line);
}
for($i=1;$i<100;$i++)
{
$line=imagecolorallocate($im,rand(50,255),rand(50,255),rand(50,255));
imagesetpixel ($im,rand(0,100),rand(0,15),$line);
} imagejpeg($im);
header("Content-type: image/jpeg");
?><?php
/**********************
v_code_htm.php
**********************/
?>
<img src="v_code.php?id=<?php echo rand(1,99); ?> "/>/**********************
/js/ajax.js
**********************/
var xmlHttp;
function S_xmlhttprequest()
{
if(window.ActiveXObject){
xmlHttp = new ActiveXObject('Microsoft.XMLHTTP');
} else if(window.XMLHttpRequest){
xmlHttp = new XMLHttpRequest();
}
}function postandsend(username,is_code){
var f=document.form1.username.value;
S_xmlhttprequest();
if(is_code=="1")
{
xmlHttp.open("GET","v_code_htm.php?name="+f,true);
xmlHttp.onreadystatechange = sendvar;
xmlHttp.send(null);
}
else
{
xmlHttp.open("GET","namechk.php?name="+f,true);
xmlHttp.onreadystatechange = sendvar2;
xmlHttp.send(null);
}
}function sendvar(){ if(xmlHttp.readyState == 1){
document.getElementById('v_codeimg').innerHTML = "Loading..."
}
if(xmlHttp.readyState == 4){
if(xmlHttp.status == 200){
var getvar = xmlHttp.responseText;
document.getElementById('v_codeimg').innerHTML = getvar;
}
}}
function sendvar2(){ if(xmlHttp.readyState == 1){
document.getElementById('chkname').innerHTML = "Loading..."
}
if(xmlHttp.readyState == 4){
if(xmlHttp.status == 200){
var getvar = xmlHttp.responseText;
document.getElementById('chkname').innerHTML = getvar;
}
}}
function refresh1(){
S_xmlhttprequest();
xmlHttp.open("GET","v_code_htm.php",true);
xmlHttp.onreadystatechange = getnewcode;
xmlHttp.send(null);
}function getnewcode(){ if(xmlHttp.readyState == 1){
document.getElementById('v_codeimg').innerHTML = "Loading..."
}
if(xmlHttp.readyState == 4){
if(xmlHttp.status == 200){
var getvar = xmlHttp.responseText;
document.getElementById('v_codeimg').innerHTML = getvar;
}
} }
/*
function refresh1(){
S_xmlhttprequest();
xmlHttp.open("GET","v_code.php",true);
xmlHttp.onreadystatechange = getnewcode;
xmlHttp.send(null);
}
function getnewcode(){ if(xmlHttp.readyState == 1){
document.getElementById('v_codeimg').innerHTML = "Loading..."
}
if(xmlHttp.readyState == 4){
if(xmlHttp.status == 200){
var getvar = xmlHttp.responseText;
document.getElementById('v_codeimg').innerHTML = getvar;
}
} */<?php
/**********************
/configs/config.php
**********************/
$mydbhost ="localhost"; //配置主机
$mydbuser ="root"; //数据库用户
$mydbpw =""; //数据库密码
$mydbname ="Mapledb"; //数据库密码
$mydbcharset ="UTF-8";//================
$smarty_template_dir ='./templates/';
$smarty_compile_dir ='./templates_c/';
$smarty_config_dir ='./configs/';
$smarty_cache_dir ='./cache/';
$smarty_caching =false;
$smarty_delimiter =explode("|","{|}");
?>