说明
注册
忘记密码
留言过滤html css js(防XSS攻击)
防sql注入(判断传入参数是否为证整数)
说明
php版本5.6.27
mysql版本5.5.53
所用技术:原生php、mysqli、phpMailer、html、css、js
功能:注册,登录,发送邮件设置新密码,留言,查看留言,留言的增删改查,分页
注册
数据库表的设计:
<?php //引入数据库连接文件 require_once 'connect.php'; //接收表单数据 $username = trim($_POST['username']); $password = trim($_POST['password']); $email = trim($_POST['email']); //后台强校验 if(empty($username) || empty($password) || empty($email)) { echo "<script>alert('请填写必填项!');history.back()</script>"; die; } //判断账号是否含有汉字 if(preg_match('/[\x{4e00}-\x{9fa5}]/u', $username)>0) { echo "<script>alert('输入的数据不能含有汉字!');history.back()</script>"; die; } //判断是否含有非法字符 if(preg_match("/[\'.,:;*?~`!@#$%^&+=)(<>{}]|\]|\[|\/|\\\|\"|\|/",$username) || preg_match("/[\'.,:;*?~`!@#$%^&+=)(<>{}]|\]|\[|\/|\\\|\"|\|/",$password)) { echo "<script>alert('含有非法字符!');history.back()</script>"; die; } //判断账号或密码是否超过限制长度(16位) $len_user = strlen($username); $len_pwd = strlen($password); if($len_user>16 || $len_pwd>16) { echo "<script>alert('账号或密码最多16位!');history.back()</script>"; die; } //判断账号是否已经存在 $check = "select id from user where username = '".$username."'"; $check_result = mysqli_query($conn,$check); $count = mysqli_num_rows($check_result); if($count > 0) { echo "<script>alert('账号已存在,请重新设置账号');history.back()</script>"; die; } //插入数据库 $sql = "insert into user(username,password,email,time) values('".$username."','".md5($password)."','".$email."',NOW())"; $result = mysqli_query($conn,$sql) or die('SQL错误,错误信息:'.mysqli_error($conn)); //判断 if($sql) { echo "<script>alert('注册成功');window.location.href='../index.php';</script>"; } else { echo "<script>alert('注册失败');history.back()</script>"; } ?> |
忘记密码
<?php require_once 'QQMailer.php'; require_once 'php/connect.php'; // 实例化 QQMailer $mailer = new QQMailer(true); //接收表单数据 $username = trim($_POST['username']); //获取邮箱地址 $email = "select email from user where username = '".$username."'"; $result = mysqli_query($conn,$email); $res = mysqli_fetch_assoc($result); //获取id $id = "select id from user where username = '".$username."'"; $result_id = mysqli_query($conn,$id); $res_id = mysqli_fetch_assoc($result_id); //邮件标题 $title = '留言板密码修改'; // 邮件内容 $content = " 请点击 <a href=http://localhost/liuyan_new/SetNewPwd.php?id='".$res_id['id']."'>链接</a> 跳转至更改密码页面。 "; // 发送QQ邮件 if($mailer->send($res['email'], $title, $content)) { echo "<script>alert('邮件发送成功,注意查收');history.back()</script>";die; } else { echo "<script>alert('邮件发送失败');history.back()</script>";die; } |
留言过滤html css js(防XSS攻击)
创建公共文件,加入函数:
function check($str) { $farr = array( "@<script(.*?)</script>@is", "@<iframe(.*?)</iframe>@is", "@<style(.*?)</style>@is", "@<(.*?)>@is" ); $str = preg_replace( $farr, "", $str ); return $str; } |
防sql注入(判断传入参数是否为证整数)
function check_param($value=null) { if(preg_match("/^[1-9][0-9]*$/",$value)) { return true; } else { return false; } } |
暂无评论
发表评论