本篇主要是讲解一些最简单的验证知识
效果图
bookmark_fns.php
<?php
require_once('output_fns.php');
require_once('db_fns.php');
require_once('data_valid_fns.php');
require_once('url_fns.php');
require_once('user_auth_fns.php');
?>
data_valid_fns.php
<?php
// Test that each variable has a value
function filled_out($form_vars) {
foreach ($form_vars as $key => $value) {
if ((!isset($key)) || ($value == '')) {
return false;
}
}
return true;
}
// Valid email
function valid_email($address) {
if (ereg('^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$', $address)) {
return true;
}else {
return false;
}
}
?>
db_fns.php
<?php
//Conncet to db
function db_connect() {
$db = new mysqli('127.0.0.1', 'bm_user', 'password', 'bookmarks');
if (!$db) {
throw new Exception("Could not connect to database server", 1);
}else {
return $db;
}
}
?>
user_auth_fns.php
<?php
require_once('db_fns.php');
// register
function register($username, $email, $password) {
$conn = db_connect();
$results = $conn -> query("select * from user where username = '".$username."'");
if (!$results) {
throw new Exception("Could not execute query", 1);
}
if ($results -> num_rows > 0) {
throw new Exception("That username is taken - go back and choose another one.", 1);
}
$results = $conn -> query("insert into user values ('".$username."', sha1('".$email."'), '".$password."')");
if (!$results) {
throw new Exception('Could not register you in database - please try again later.');
}
return true;
}
// Log in
function login($username, $password) {
$conn = db_connect();
$results = $conn -> query("select * from user where username = '".$username."' and passwd = sha1('".$password."')");
if (!$results) {
throw new Exception('Could not log you in.');
}
if ($results -> num_rows > 0) {
return true;
}else {
throw new Exception('Could not log you in.');
}
}
// Check valid user
function check_valid_user() {
if (isset($_SESSION['valid_user'])) {
echo "Logged in as ".$_SESSION['valid_user'].".<br />";
}else {
do_html_header('Problem:');
echo "You are not logged in.<br />";
do_html_url('login.php', 'Login');
do_html_foot();
exit;
}
}
// change password
function change_password($username, $old_password, $new_password) {
login($username, $old_password);
$conn = db_connect();
$result = $conn -> query("update user set passwd = sha1('".$new_password."') where username = '".$username."'");
if (!$result) {
throw new Exception('Password could not be changed.');
} else {
return true; // changed successfully
}
}
function get_random_word($min_length, $max_length) {
// grab a random word from dictionary between the two lengths
// and return it
// generate a random word
$word = '';
// remember to change this path to suit your system
$dictionary = '/usr/dict/words'; // the ispell dictionary
$fp = @fopen($dictionary, 'r');
if(!$fp) {
return false;
}
$size = filesize($dictionary);
// go to a random location in dictionary
$rand_location = rand(0, $size);
fseek($fp, $rand_location);
// get the next whole word of the right length in the file
while ((strlen($word) < $min_length) || (strlen($word)>$max_length) || (strstr($word, "'"))) {
if (feof($fp)) {
fseek($fp, 0); // if at end, go to start
}
$word = fgets($fp, 80); // skip first word as it could be partial
$word = fgets($fp, 80); // the potential password
}
$word = trim($word); // trim the trailing
from fgets
return $word;
}
function reset_password($username) {
// set password for username to a random value
// return the new password or false on failure
// get a random dictionary word b/w 6 and 13 chars in length
$new_password = get_random_word(6, 13);
if($new_password == false) {
throw new Exception('Could not generate new password.');
}
// add a number between 0 and 999 to it
// to make it a slightly better password
$rand_number = rand(0, 999);
$new_password .= $rand_number;
// set user's password to this in database or return false
$conn = db_connect();
$result = $conn->query("update user
set passwd = sha1('".$new_password."')
where username = '".$username."'");
if (!$result) {
throw new Exception('Could not change password.'); // not changed
} else {
return $new_password; // changed successfully
}
}
function notify_password($username, $password) {
// notify the user that their password has been changed
$conn = db_connect();
$result = $conn->query("select email from user
where username='".$username."'");
if (!$result) {
throw new Exception('Could not find email address.');
} else if ($result->num_rows == 0) {
throw new Exception('Could not find email address.');
// username not in db
} else {
$row = $result->fetch_object();
$email = $row->email;
$from = "From: support@phpbookmark
";
$mesg = "Your PHPBookmark password has been changed to ".$password."
"
."Please change it next time you log in.
";
if (mail($email, 'PHPBookmark login information', $mesg, $from)) {
return true;
} else {
throw new Exception('Could not send email.');
}
}
}
?>
url_fns.php
<?php
require_once('db_fns.php');
// Get user urls
function get_user_urls($username) {
$conn = db_connect();
$results = $conn -> query("select bm_URL
from bookmark
where username = '" . $username . "'");
if (!$results) {
return false;
}
$url_array = array();
for ($i = 1;$row = $results -> fetch_row();++$i) {
$url_array[$i] = $row[0];
}
return $url_array;
}
// Add url to db
function add_bm($new_url) {
echo "Attempting to add ".htmlspecialchars($new_url)."<br />";
$valid_user = $_SESSION['valid_user'];
$conn = db_connect();
$results = $conn -> query(" select * from bookmark
where username = '".$valid_user."'
and bm_URL = '".$new_url."'");
if ($results && ($results -> num_rows > 0)) {
throw new Exception("Bookmark already exists.", 1);
}
$insert_result = $conn -> query("insert into bookmark values ('".$valid_user."', '".addslashes($new_url)."')");
if (!$insert_result) {
throw new Exception("Bookmark could not be inserted.", 1);
}
return true;
}
// Delete url
function delete_bm($user, $url) {
$conn = db_connect();
$results = $conn -> query(" delete from bookmark
where username = '".$user."'
and bm_URL = '".$url."'");
if (!$results) {
throw new Exception("Bookmark could not be deleted.", 1);
}
return true;
}
function recommend_urls($valid_user, $popularity = 1) {
$conn = db_connect();
// $query = "select bm_URL
// from bookmark
// where username in
// (select distinct(b2.username)
// from bookmark b1, bookmark b2
// where b1.username='".$valid_user."'
// and b1.username != b2.username
// and b1.bm_URL = b2.bm_URL)
// and bm_URL not in
// (select bm_URL
// from bookmark
// where username='".$valid_user."')
// group by bm_url
// having count(bm_url)>".$popularity;
$query = "select bm_URL
from bookmark
where username in
(select distinct(b2.username)
from bookmark b1, bookmark b2
where b1.username='".$valid_user."'
and b1.username != b2.username
and b1.bm_URL = b2.bm_URL)
and bm_URL not in
(select bm_URL
from bookmark
where username='".$valid_user."')
group by bm_url
having count(bm_url)>".$popularity;
if (!($result = $conn->query($query))) {
throw new Exception('Could not find any bookmarks to recommend.');
}
if ($result->num_rows==0) {
throw new Exception('Could not find any bookmarks to recommend.');
}
$urls = array();
// build an array of the relevant urls
for ($count=0; $row = $result->fetch_object(); $count++) {
$urls[$count] = $row->bm_URL;
}
return $urls;
}
?>
output_fns.php
<?php
function do_html_header($title) {
// print an HTML header
?>
<html>
<head>
<title><?php echo $title;?></title>
<style>
body { font-family: Arial, Helvetica, sans-serif; font-size: 13px }
li, td { font-family: Arial, Helvetica, sans-serif; font-size: 13px }
hr { color: #3333cc; width=300; text-align=left}
a { color: #000000 }
</style>
</head>
<body>
<img src="005.png" alt="PHPbookmark logo" border="0"
align="left" valign="bottom" height="55" width="57" />
<h1>PHPbookmark</h1>
<hr />
<?php
if($title) {
do_html_heading($title);
}
}
function do_html_footer() {
// print an HTML footer
?>
</body>
</html>
<?php
}
function do_html_heading($heading) {
// print heading
?>
<h2><?php echo $heading;?></h2>
<?php
}
function do_html_URL($url, $name) {
// output URL as link and br
?>
<br /><a href="<?php echo $url;?>"><?php echo $name;?></a><br />
<?php
}
function display_site_info() {
// display some marketing info
?>
<ul>
<li>Store your bookmarks online with us!</li>
<li>See what other users use!</li>
<li>Share your favorite links with others!</li>
</ul>
<?php
}
function display_login_form() {
?>
<p><a href="register_form.php">Not a member?</a></p>
<form method="post" action="member.php">
<table bgcolor="#cccccc">
<tr>
<td colspan="2">Members log in here:</td>
<tr>
<td>Username:</td>
<td><input type="text" name="username"/></td></tr>
<tr>
<td>Password:</td>
<td><input type="password" name="passwd"/></td></tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Log in"/></td></tr>
<tr>
<td colspan="2"><a href="forgot_form.php">Forgot your password?</a></td>
</tr>
</table></form>
<?php
}
function display_registration_form() {
?>
<form method="post" action="register_new.php">
<table bgcolor="#cccccc">
<tr>
<td>Email address:</td>
<td><input type="text" name="email" size="30" maxlength="100"/></td></tr>
<tr>
<td>Preferred username <br />(max 16 chars):</td>
<td valign="top"><input type="text" name="username"
size="16" maxlength="16"/></td></tr>
<tr>
<td>Password <br />(between 6 and 16 chars):</td>
<td valign="top"><input type="password" name="passwd"
size="16" maxlength="16"/></td></tr>
<tr>
<td>Confirm password:</td>
<td><input type="password" name="passwd2" size="16" maxlength="16"/></td></tr>
<tr>
<td colspan=2 align="center">
<input type="submit" value="Register"></td></tr>
</table></form>
<?php
}
function display_user_urls($url_array) {
// display the table of URLs
// set global variable, so we can test later if this is on the page
global $bm_table;
$bm_table = true;
?>
<br />
<form name="bm_table" action="delete_bms.php" method="post">
<table width="300" cellpadding="2" cellspacing="0">
<?php
$color = "#cccccc";
echo "<tr bgcolor="".$color.""><td><strong>Bookmark</strong></td>";
echo "<td><strong>Delete?</strong></td></tr>";
if ((is_array($url_array)) && (count($url_array) > 0)) {
foreach ($url_array as $url) {
if ($color == "#cccccc") {
$color = "#ffffff";
} else {
$color = "#cccccc";
}
//remember to call htmlspecialchars() when we are displaying user data
echo "<tr bgcolor="".$color.""><td><a href="".$url."">".htmlspecialchars($url)."</a></td>
<td><input type="checkbox" name="del_me[]"
value="".$url.""/></td>
</tr>";
}
} else {
echo "<tr><td>No bookmarks on record</td></tr>";
}
?>
</table>
</form>
<?php
}
function display_user_menu() {
// display the menu options on this page
?>
<hr />
<a href="member.php">Home</a> |
<a href="add_bm_form.php">Add BM</a> |
<?php
// only offer the delete option if bookmark table is on this page
global $bm_table;
if ($bm_table == true) {
echo "<a href="#" onClick="bm_table.submit();">Delete BM</a> | ";
} else {
echo "<span style="color: #cccccc">Delete BM</span> | ";
}
?>
<a href="change_passwd_form.php">Change password</a>
<br />
<a href="recommend.php">Recommend URLs to me</a> |
<a href="logout.php">Logout</a>
<hr />
<?php
}
function display_add_bm_form() {
// display the form for people to ener a new bookmark in
?>
<form name="bm_table" action="add_bms.php" method="post">
<table width="250" cellpadding="2" cellspacing="0" bgcolor="#cccccc">
<tr><td>New BM:</td>
<td><input type="text" name="new_url" value="http://"
size="30" maxlength="255"/></td></tr>
<tr><td colspan="2" align="center">
<input type="submit" value="Add bookmark"/></td></tr>
</table>
</form>
<?php
}
function display_password_form() {
// display html change password form
?>
<br />
<form action="change_passwd.php" method="post">
<table width="250" cellpadding="2" cellspacing="0" bgcolor="#cccccc">
<tr><td>Old password:</td>
<td><input type="password" name="old_passwd"
size="16" maxlength="16"/></td>
</tr>
<tr><td>New password:</td>
<td><input type="password" name="new_passwd"
size="16" maxlength="16"/></td>
</tr>
<tr><td>Repeat new password:</td>
<td><input type="password" name="new_passwd2"
size="16" maxlength="16"/></td>
</tr>
<tr><td colspan="2" align="center">
<input type="submit" value="Change password"/>
</td></tr>
</table>
<br />
<?php
}
function display_forgot_form() {
// display HTML form to reset and email password
?>
<br />
<form action="forgot_passwd.php" method="post">
<table width="250" cellpadding="2" cellspacing="0" bgcolor="#cccccc">
<tr><td>Enter your username</td>
<td><input type="text" name="username" size="16" maxlength="16"/></td>
</tr>
<tr><td colspan=2 align="center">
<input type="submit" value="Change password"/>
</td></tr>
</table>
<br />
<?php
}
function display_recommended_urls($url_array) {
// similar output to display_user_urls
// instead of displaying the users bookmarks, display recomendation
?>
<br />
<table width="300" cellpadding="2" cellspacing="0">
<?php
$color = "#cccccc";
echo "<tr bgcolor="".$color."">
<td><strong>Recommendations</strong></td></tr>";
if ((is_array($url_array)) && (count($url_array)>0)) {
foreach ($url_array as $url) {
if ($color == "#cccccc") {
$color = "#ffffff";
} else {
$color = "#cccccc";
}
echo "<tr bgcolor="".$color."">
<td><a href="".$url."">".htmlspecialchars($url)."</a></td></tr>";
}
} else {
echo "<tr><td>No recommendations for you today.</td></tr>";
}
?>
</table>
<?php
}
?>
login.php
<?php
require_once('bookmark_fns.php');
do_html_header('');
display_site_info();
display_login_form();
do_html_footer();
?>
logout.php
<?php
require_once('bookmark_fns.php');
// start session
session_start();
$old_user = $_SESSION['valid_user'];
unset($_SESSION['valid_user']);
$result_dest = session_destroy();
do_html_header('Logging out');
if (!empty($old_user)) {
if ($result_dest) {
echo 'Logged out.<br />';
do_html_url('login.php', 'Login');
}else {
echo 'Could not log you out.<br />';
}
}else {
echo 'You are not logged in ,so have not been logged out.<br />';
do_html_url('login.php', 'Login');
}
do_html_footer();
?>
register_form.php
register_new.php
<?php
require_once('bookmark_fns.php');
// vars
$email = $_POST['email'];
$username = $_POST['username'];
$passwd = $_POST['passwd'];
$passwd2 = $_POST['passwd2'];
// start session
session_start();
// valid data
try {
if (!filled_out($_POST)) {
throw new Exception("You have not filled the form out correctly - please go back and try again.", 1);
}
if (!valid_email($email)) {
throw new Exception("That is not a valid email address - please go back and try again.", 1);
}
if ($passwd != $passwd2) {
throw new Exception("The passwords you entered do not match - please go back and try again.", 1);
}
if ((strlen($passwd) < 6) || (strlen($passwd) > 16)) {
throw new Exception("Your password must be between 6 and 16 characters - please go back and try again.", 1);
}
register($username, $passwd, $email);
$_SESSION['valid_user'] = $username;
do_html_header('Rigistration successful');
do_html_url('member.php', 'Go to members page');
do_html_footer();
} catch (Exception $e) {
do_html_header('Problem: ');
echo $e -> getMessage();
do_html_footer();
exit();
}
?>
forgot_form.php
<?php
require_once('bookmark_fns.php');
do_html_header('Reset password');
display_forgot_form();
do_html_footer();
?>
forgot_passwd.php
<?php
require_once('bookmark_fns.php');
do_html_header('Resetting password');
$username = $_POST['username'];
try {
// get random password
$password = reset_password($username);
notify_password($username, $password);
echo "Your new password has been emailed to you.<br />";
}catch(Exception $e){
echo "Your password could not be reset - please try again later.";
}
do_html_url('login.php', 'Login');
do_html_footer();
?>
change_passwd_form.php
<?php
require_once('bookmark_fns.php');
session_start();
do_html_header('Change password');
check_valid_user();
display_password_form();
display_user_menu();
do_html_footer();
?>
change_passed.php
<?php
require_once('bookmark_fns.php');
session_start();
do_html_header('Changing password');
$old_passwd = $_POST['old_passwd'];
$new_passwd = $_POST['new_passwd'];
$new_passwd2 = $_POST['new_passwd2'];
try {
check_valid_user();
if (!filled_out($_POST)) {
throw new Exception("You have not filled the form out correctly - please go back and try again.", 1);
}
if ($new_passwd != $new_passwd2) {
throw new Exception("The passwords you entered do not match - please go back and try again.", 1);
}
if ((strlen($new_passwd) < 6) || (strlen($new_passwd) > 16)) {
throw new Exception("Your password must be between 6 and 16 characters - please go back and try again.", 1);
}
change_password($_SESSION['valid_user'], $old_passwd, $new_passwd2);
echo 'Password changed.';
}catch(Exception $e) {
echo $e -> getMessage();
}
display_user_menu();
do_html_footer();
?>
add_bm_form.php
<?php
// include function files for this application
require_once('bookmark_fns.php');
session_start();
// start output html
do_html_header('Add Bookmarks');
check_valid_user();
display_add_bm_form();
display_user_menu();
do_html_footer();
?>
add_bms.php
<?php
require_once('bookmark_fns.php');
session_start();
$new_url = $_POST['new_url'];
do_html_header('Adding bookmarks');
try {
check_valid_user();
if (!filled_out($_POST)) {
throw new Exception('Form not completely filled out.');
}
if (strstr($new_url, 'http://') === false) {
$new_url = 'http://'.$new_url;
}
// check url is valid
if (!@fopen($new_url, 'r')) {
throw new Exception('Not a valid URL.');
}
add_bm($new_url);
echo "Bookmark added";
if ($mks = get_user_urls($_SESSION['valid_user'])) {
display_user_urls($mks);
}
}catch(Exception $e) {
echo $e -> getMessage();
}
display_user_menu();
do_html_footer();
?>
delete_bms.php
<?php
require_once('bookmark_fns.php');
session_start();
$del_me = $_POST['del_me'];
$valid_user = $_SESSION['valid_user'];
do_html_header('Deleting bookmarks');
check_valid_user();
if (!filled_out($_POST)) {
echo "<p>You have not chosen any bookmarks to delete.<br />
Please try again.</p>";
display_user_menu();
do_html_footer();
exit;
}else {
if (count($del_me) > 0) {
foreach ($del_me as $url) {
if (delete_bm($valid_user, $url)) {
echo "Deleted ".htmlspecialchars($url)."<br />";
}else {
echo "Could not deleted ".htmlspecialchars($url)."<br />";
}
}
}else {
echo "No bookmarks selected for deletion.";
}
}
if ($mks = get_user_urls($_SESSION['valid_user'])) {
display_user_urls($mks);
}
display_user_menu();
do_html_footer();
?>
recommend.php
<?php
require_once('bookmark_fns.php');
session_start();
do_html_header('Recommending URLS');
try {
check_valid_user();
$urls = recommend_urls($_SESSION['valid_user'], 1);
display_recommended_urls($urls);
}catch(Exception $e) {
echo $e -> getMessage();
}
display_user_menu();
do_html_footer();
?>
member.php
<?php
require_once('bookmark_fns.php');
session_start();
@$username = $_POST['username'];
@$passwd = $_POST['passwd'];
if ($username && $passwd) {
try {
// Log in
login($username, $passwd);
$_SESSION['valid_user'] = $username;
}catch(Exception $e) {
do_html_header('Problem: ');
echo "You could not be logged in. You must be logged in to view this page.";
do_html_url('login.php', 'Login');
do_html_footer();
exit;
}
}
do_html_header('Home');
check_valid_user();
if ($url_array = get_user_urls($_SESSION['valid_user'])) {
display_user_urls($url_array);
}
display_user_menu();
do_html_footer();
?>