github上研究生信息管理系统,重点学习该项目与数据库的交互
首先看该项目数据库结构,共7个表
- login.php
点击登陆之后,首先从表单获取账号和密码,查询成功时为即账号密码正确。接着检查该学生的gm_active,查看是否审核通过,通过后修改数据库中该账号的登陆时间和登陆ip。接着判断该登陆用户的权限,如果为学生账号时进入student_s.php。
if ($_GET['action'] == login) {
include ROOT_PATH . 'includes/register.func.php';
if ($_system['needcode'] == 1) {
_check_code($_SESSION['code'], $_POST['code']);
}
$clean = array();
$clean['num'] = _check_username($_POST['num']);
$clean['password'] = _check_password($_POST['password']);
if ($rows = _fetch_array("SELECT gm_num,gm_username,gm_active,gm_level FROM gm_user
WHERE gm_num='{$clean['num']}' AND gm_password='{$clean['password']}' LIMIT 1")
) {
if ($rows['gm_active'] == 0) {
_alert_back('您的资料正在被审核,请耐心等待!');
} else {
_query("UPDATE gm_user SET
gm_last_time=NOW(),
gm_last_ip='{$_SERVER["REMOTE_ADDR"]}'
WHERE
gm_num='{$rows['gm_num']}'");
//设置session
$_SESSION['num'] = $clean['num'];
$_SESSION['username'] = $rows['gm_username'];
$_SESSION['level'] = $rows['gm_level'];
//判断权限分配页面
if ($_SESSION['level'] == 1) {
_location(null, 'student_s.php');
} else if ($_SESSION['level'] == 2 or $_SESSION['level'] == 3) {
_location(null, 'admin.php');
} else {
_alert_back('非法操作!');
}
}
} else {
_alert_back('用户名或密码错误,忘记密码可请管理员重置');
}
}- register.php
注册页面,
if($_GET['action']==register){
include ROOT_PATH.'includes/register.func.php';
if($_system['needcode']==1){
_check_code($_SESSION['code'], $_POST['code']);
}
$clean=array();
$clean['username']=_check_username($_POST['username']);
$clean['num']=_check_num($_POST['num']);
$clean['sex']=_check_sex($_POST['sex']);
_checkdate($_POST['birth_m'], $_POST['birth_d'], $_POST['birth_y']);
_checkdate($_POST['start_time_m'], $_POST['start_time_d'], $_POST['start_time_y']);
$clean['birth']=$_POST['birth_y'].'-'.$_POST['birth_m'].'-'.$_POST['birth_d'];
$clean['start_time']=$_POST['start_time_y'].'-'.$_POST['start_time_m'].'-'.$_POST['start_time_d'];
$clean['gm_grade']=_time_to_grade($_POST['start_time_y'],$_POST['start_time_m']);
$clean['contact']=_check_contact($_POST['contact']);
$clean['address']=_check_address_ex($_POST['address']);
$clean['subject']=_check_subject($_POST['subject']);
$clean['type']=_check_type($_POST['type']);
$clean['photoname']=_check_photo();
//判断是否已经注册
_is_repeat("SELECT gm_num FROM gm_user WHERE gm_num = '{$clean['num']}'",'该学号已经被注册!如有问题请咨询管理员!');
$newpassword=_check_password($_system['initial_password']);
if(_query("INSERT INTO gm_user(
gm_username,
gm_num,
gm_password,
gm_reg_time,
gm_last_time,
gm_last_ip)
VALUES(
'{$clean['username']}',
'{$clean['num']}',
'$newpassword',
NOW(),
NOW(),
'{$_SERVER["REMOTE_ADDR"]}')")
and _query("INSERT INTO gm_stuinfo(
gm_username,
gm_num,
gm_sex,
gm_birth,
gm_start_time,
gm_grade,
gm_contact,
gm_address,
gm_subject,
gm_type,
gm_photoname)
VALUES(
'{$clean['username']}',
'{$clean['num']}',
'{$clean['sex']}',
'{$clean['birth']}',
'{$clean['start_time']}',
'{$clean['gm_grade']}',
'{$clean['contact']}',
'{$clean['address']}',
'{$clean['subject']}',
'{$clean['type']}',
'{$clean['photoname']}')")){
_location('你的信息已经提交,请耐心等待审核!', 'login.php');
}else{
_alert_back('注册失败!有问题请咨询管理员!');
}
}- student_s.php
通过时间降序查询公告和留言的12条数据。
<?php
/**
*2012-8-22 | By:NaV!
*/
//防止恶意调用
define('IN_GM',true);
//定义个常量,用来指定本页的内容
define('SCRIPT','student_s');
//引入公共文件
require dirname(__FILE__).'/includes/common.inc.php';
//判断登录状态和权限
_login_state(1);
$notice_res=_query("SELECT * FROM gm_notice ORDER BY gm_time DESC LIMIT 12");
$message_res=_query("SELECT * FROM gm_message ORDER BY gm_systime DESC LIMIT 12");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="styles/student_s.css" rel="stylesheet" type="text/css" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php
require ROOT_PATH.'includes/title_student.inc.php';
?>
</head>接着打开title_student.inc.php,为了防止页面被恶意调用,这块代码在底下。(不理解为什么可以做到防止恶意调用???)。
假设有个人成功登陆,然后浏览器解析这个从服务端返回的页面,开始加载student_s.php,当加载到require 语句,进入title_student.inc.php判断是否被恶意调用。在这个过程中从开始加载student_s.php到加载require 语句,这中间改变IN_GM的值才会触发exit,实在感觉是多余。
问题解决,原来无法直接通过获取http报文来查看php的源代码,php脚本经过解释器解析之后才向客户端返回。。
title_student.inc.php
<?php
/**
*2012-8-22 By:NaV!
*/
//防止恶意调用
if(!defined('IN_GM')){
exit('Access Defined!');
}
//防止非HTML页面调用
if(!defined('SCRIPT')){
exit('SCRIPT Error!');
}
global $_system;
?>- admin.php
下来的几条查询,通过几个表得到数据
<?php
/**
*2012-7-30 | By:NaV!
*/
//防止恶意调用
define('IN_GM',true);
//定义个常量,用来指定本页的内容
define('SCRIPT','admin');
//引入公共文件
require dirname(__FILE__).'/includes/common.inc.php';
//判断登录状态和权限
_login_state(2);
//得到审核未通过的学生
$active_num=_num_rows("SELECT gm_id FROM gm_stuinfo WHERE gm_active='0'");
//得到12小时内的消息
$message_num=_num_rows("SELECT gm_id FROM gm_message WHERE (NOW()-gm_systime)<12*3600");
$message_re_num=_num_rows("SELECT gm_id FROM gm_message WHERE gm_replytime is null");
$teacher_mat_num=_num_rows("SELECT gm_id FROM gm_stuinfo WHERE (gm_teacher is null OR gm_teacher='') AND gm_active='1' ");
$funds_num=_num_rows("SELECT gm_fid FROM gm_funds");
$user_num=_num_rows("SELECT gm_id FROM gm_user WHERE gm_active='1'");
$stu_num=_num_rows("SELECT gm_id FROM gm_stuinfo WHERE gm_active='1'");
$message_res=_query("SELECT * FROM gm_message ORDER BY gm_systime DESC LIMIT 8");
$teacher_num=_num_rows("SELECT gm_id FROM gm_teacher");
?>- stu_active.php
首页的小模块共有9个现在看第一个
<?php
/**
*2012-7-31 | By:NaV!
*/
//防止恶意调用
define('IN_GM',true);
//定义个常量,用来指定本页的内容
define('SCRIPT','stu_active');
//引入公共文件
require dirname(__FILE__).'/includes/common.inc.php';
//判断登录状态和权限
_login_state(2);
//判断是否有学生需要审核
if($num=_num_rows("SELECT gm_active FROM gm_stuinfo WHERE gm_active='0'")){
//分页模块
_page($num,$_system['stu_active_pagesize']);
$res=_query("SELECT gm_active,gm_username,gm_num,gm_sex,gm_grade,gm_subject,gm_type FROM gm_stuinfo WHERE gm_active='0' ORDER BY gm_num LIMIT $pagenum,$pagesize");
}
//开始激活和删除处理
if(!empty($_GET['num']) and !empty($_GET['action'])){
//判断传过来的学号是否真实存在
if (_fetch_array("SELECT gm_active FROM gm_stuinfo WHERE gm_num='{$_GET['num']}' LIMIT 1")){
//激活
if($_GET['action']==pass){
if(_query("UPDATE gm_stuinfo SET gm_active='1' WHERE gm_num='{$_GET['num']}'") and _query("UPDATE gm_user SET gm_active='1' WHERE gm_num='{$_GET['num']}'")){
_location('审核成功!', 'stu_active.php');
}else{
_location('审核失败!', 'stu_active.php');
}
}
//删除
if($_GET['action']==del){
if(_query("DELETE FROM gm_user WHERE gm_num='{$_GET['num']}'")){
$r_s=_fetch_array("SELECT gm_photoname FROM gm_stuinfo WHERE gm_num='{$_GET['num']}' LIMIT 1");
$photoname="photos".$r_s['gm_photoname'];
chmod($photoname,0777);
unlink($photoname);
_query("DELETE FROM gm_stuinfo WHERE gm_num='{$_GET['num']}'");
_location('删除成功!', 'stu_active.php');
}else{
_location('删除失败!', 'stu_active.php');
}
}
}
else{
_alert_back('要操作的学号不存在!');
}
}
?>分页函数
/**
* _page分页函数
* @access public
* @param int $num 总记录数
* @param int $size 每页显示数
*/
function _page($num,$size){
//$pagenum,$pagesize作为分页查询的真实参数
//这里需要用全局变量$pagesize,所以不可以把参数命名为$pagesize
global $page, $pageabsolute, $pagenum, $pagesize;
//检测是否传入page,以及判断各种值得异常情况,异常则将分页设为1,否则将page转换成整数
if(isset($_GET['page'])){
$page = $_GET['page'];
if(empty($page) or $page<0 or !is_numeric($page)){
$page = 1;
}else {
$page = intval($page);
}
}else{
$page = 1;
}
$pagesize =$size;
//此句在本页多余,但在其他情况下可能有用
if($num == 0){
$pageabsolute=1;
}else{
$pageabsolute=ceil($num/$pagesize);
}
if($page>$pageabsolute){
$page = $pageabsolute;
}
//此句要放在上面判断语句的下面
$pagenum = ($page-1)*$pagesize;
}
/**
* _paging分页选择函数
* @access public
* @param $type 1数字分页,2文本分页
*/
function _paging($type){
global $pageabsolute,$page,$num;
if($type==1){
echo '<div id="page_num">';
echo '<ul>';
for($i=1;$i<=$pageabsolute;$i++)
if($page==$i){
echo '<li><a href="'.SCRIPT.'.php?page='.$i.'" class="selected">'.$i.'</a></li>';
}else{
echo '<li><a href="'.SCRIPT.'.php?page='.$i.'">'.$i.'</a></li>';
}
echo '</ul>';
echo '</div>';
}elseif ($type==2){
echo '<div id="page_text">';
echo '<ul>';
echo '<li>'.$page.'/'.$pageabsolute.' | </li>';
echo '<li>共有<strong>'.$num.'</strong>条记录 | </li>';
if($page==1){
echo '<li>首页 | </li>';
echo '<li>上一页 | </li>';
}else{
echo '<li><a href="'.SCRIPT.'.php">首页</a> | </li>';
echo '<li><a href="'.SCRIPT.'.php?page='.($page-1).'">上一页</a> | </li>';
}
if($page==$pageabsolute){
echo '<li>下一页 | </li>';
echo '<li>尾页</li>';
}else{
echo '<li><a href="'.SCRIPT.'.php?page='.($page+1).'">下一页</a> | </li>';
echo '<li><a href="'.SCRIPT.'.php?page='.$pageabsolute.'">尾页</a></li>';
}
echo '</ul>';
echo '</div>';
}
}php的变量作用域与c、java之类的不同(用起来很别扭,但是php的作用域个人感觉是要比java的要合理)。global原理
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
