-
利用PHP开发具有注册、登陆、文件上传、发布动态功能的网站
目录
介绍:
此项目采用html+css+php+mysql开发
做这个开发的目的一是练习我的web开发能力,二来相当于一个小靶场,可以自己进行一些漏洞试验,自己做一下攻防。
之后会更新对这个靶站做的一些攻击和修复,包括sql注入、文件上传、XSS、验证码业务逻辑错误。
展示:
登陆页面:
简单的登陆表单,采用post方式进行数据传输,对输入的用户名和密码进行sql查询,查询成功会跳转到welcome.php页面
注册页面:
简单的注册功能,往数据库里插入数据
主页:
发布动态模块:这也是我第一次做这个功能,我想的是为每个用户创建一个数据表,把发布的动态的内容插入到用户的数据表里,然后在主页进行数据查询并展示。
发布成功效果:
更换头像模块:
进行文件上传,头像的路径会被存储到数据库中,并根据用户名查询和展示头像
更换头像展示:
源代码:
blog.php
- "en">
- "UTF-8">
- "X-UA-Compatible" content="IE=edge">
- "viewport" content="width=device-width, initial-scale=1.0">
Welcome - "background">session_start();header("Content-type:text/html;charset=utf-8");$username=$_SESSION['user'];$dbtable=substr($username,0,8).'blog';include('./blogconn.php');//链接数据库$sql22="create table $dbtable(id int auto_increment primary key, blog varchar(300) not null);";$result=mysqli_query($conn2,$sql22);$conn2->query($sql22);$blog=$_POST['blog'];if(isset($blog)){$blogsql="insert into $dbtable(id,blog) values(null,'$blog');";$result=mysqli_query($conn2,$blogsql);}mysqli_close($conn);//关闭数据库?>session_start();$username=$_SESSION['user'];include('./conn.php');$sql = "select pic from flag where username = '$username'";//根据用户名查找头像信息$result = mysqli_query($conn,$sql);//执行sql$row = mysqli_fetch_array($result, MYSQLI_BOTH);$str='
$row['pic'].'" title="头像" id="headpic">';
print_r($str);?>欢迎您!
用户:
session_start();if($_SESSION['user']==""){echo "";}else{echo $_SESSION['user'];}?>发布动态:
"submit" value="我写好了"id="buttorn1" >
blogconn.php
- session_start();
- header("Content-type:text/html;charset=utf-8");
- $username=$_SESSION['user'];
- $dbtable=substr($username,0,8).'blog';
- $dbhost = "127.0.0.1";
- $dbuser = 'root';
- $dbname = "sqlinject"; //数据库名称
- $dbpass = ""; //数据库密码
- $conn2=mysqli_connect($dbhost,$dbuser,$dbpass);
- if(!$conn=mysqli_connect($dbhost,$dbuser,$dbpass)){
- die("连接失败:".mysqli_connect_error());
- }
- $connt=mysqli_select_db($conn2,$dbname);
- //echo "";
- ?>
conn.php
- $dbhost = "127.0.0.1";
- $dbuser = 'root';
- $dbname = "sqlinject"; //数据库名称
- $dbtable='flag';
- $dbpass = ""; //数据库密码
- $conn=mysqli_connect($dbhost,$dbuser,$dbpass);
- if(!$conn=mysqli_connect($dbhost,$dbuser,$dbpass)){
- die("连接失败:".mysqli_connect_error());
- }
- $connt=mysqli_select_db($conn,$dbname);
- //echo "";
- ?>
headpic.php
- "en">
- "UTF-8">
- "X-UA-Compatible" content="IE=edge">
- "viewport" content="width=device-width, initial-scale=1.0">
Welcome - "background">error_reporting(0);session_start();$username=$_SESSION['user'];include('./conn.php');$sql = "select pic from flag where username = '$username'";//根据用户名查找头像信息$result = mysqli_query($conn,$sql);//执行sql$row = mysqli_fetch_array($result, MYSQLI_BOTH);$str='print_r($str);?>
欢迎您!
用户:
session_start();if($_SESSION['user']==""){echo "";}else{echo $_SESSION['user'];}?>"file" name="file" value="文件"/>"submit" name="submit" value="提交">
index.html
- html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <link rel="stylesheet" href="style1.css">
- <title>logintitle>
- head>
- <body background="./bg.jpg">
- <form action="./login.php" method="post">
- <tr height="40px">
- <td align="right"><p style="color: white;">用户名:p>td>
- <td>
- <input type="text" name='username' autofocus placeholder="输入用户名">
- td>
- tr>
- <tr height="40px">
- <td align="right"><p style="color: white;">密码:p>td>
- <td>
- <input type="password" name='password' maxlength="9" placeholder="输入密码">
- td>
- tr>
- <tr height="40px">
- <td colspan="2" align="center">
- <input type="submit" value="登陆"class="buttorn1" readonly="readonly">
- <a href="./register.html"> <p>注册p>a>
- td>
- tr>
- form>
- body>
- html>
login.php
- session_start();
- header("Content-type:text/html;charset=utf-8");
- include('./conn.php');//链接数据库
- $username = addslashes($_POST['username']);//post获得用户名表单值
- $passowrd = $_POST['password'];//post获得用户密码单值
- $_SESSION['user'] = $_POST['username'];
- if ($username && $passowrd){//如果用户名和密码都不为空
- $sql = "select * from flag where username = ('$username') and password='$passowrd'";//检测数据库是否有对应的username和password的sql
- $result = mysqli_query($conn,$sql);//执行sql
- $rows=mysqli_num_rows($result);//返回一个数值
- if($rows){//0 false 1 true
- session_start(); //创建session
- header("refresh:0;url=./welcome.php");//如果成功跳转至welcome.html页面
- exit;
- }else{
- echo "";
- }
- }
- mysqli_close($conn);//关闭数据库
- ?>
register.html
- html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <link rel="stylesheet" href="style1.css">
- <title>registertitle>
- head>
- <body background="./bg.jpg">
- <form action="./register.php" method="post">
- <tr height="40px">
- <td align="right"><p style="color: white;">用户名:p>td>
- <td>
- <input type="text" name='username' autofocus placeholder="输入用户名">
- td>
- tr>
- <tr height="40px">
- <td align="right"><p style="color: white;">密码:p>td>
- <td>
- <input type="password" name='password' maxlength="9" placeholder="输入密码">
- td>
- tr>
- <tr height="40px">
- <td colspan="2" align="center">
- <input type="submit" value="注册"class="buttorn1" readonly="readonly">
- <input type="reset" value="重置"class="buttorn1" readonly="readonly">
- td>
- tr>
- form>
- body>
- html>
register.php
- session_start();
- header("Content-type:text/html;charset=utf-8");
- include('./conn.php');//链接数据库
- $username = addslashes($_POST['username']);
- $password = $_POST['password'];
- if($username&&$password)
- {
- mysqli_query($conn,"insert into flag(id,username,password,pic) values(null,('$username'),'$password','./headpic/headpic.png');");
- echo "注册成功,即将跳转至登录页面";
- header("refresh:1.5;url=./index.html");
- exit;
- }
- mysqli_close($conn);
- ?>
style1.css
- body{
- margin:0;padding: 0;
- }
- form{
- position: absolute;
- top:100px;left:500px;
- }
- .buttorn1 {
- position: relative;top:100px;left:-320px;
- width: 100px;
- height: 30px;
- background-color: #93b518;
- margin-top: 20px;
- margin-left: 75px;
- border-radius: 3px;
- font-size: 18px;
- font-family: 微软雅黑;
- color: white;
- }
upload.php
- session_start();
- header("Content-Type:text/html;charset=utf-8");
- include('./conn.php');
- // 附件的存储位置、附件的名字
- $path='./headpic/'.$_FILES['file']['name'];
- echo '文件路径'.$path."
"; - $username = $_SESSION['user'];
- // 拼接成该文件在服务器上的名称
- if($_FILES['file']['error']>0) {
- die("出错了!".$_FILES['file']['error']);
- }
- if(move_uploaded_file($_FILES['file']['tmp_name'],$path)){
- //echo "
"."Upload Success!"; - mysqli_query($conn,"update flag set pic='$path' where username='$username';");
- echo "恭喜您,上传成功!"."
3秒后将自动跳转到主页!"; - header("refresh:3;url=./welcome.php");
- }else{
- //echo "
"."Upload Failed!".$_FILES['photo']['error']; - echo "对不起,上传头像失败了!";
- header("refresh:2;url=./welcome.php");
- }
- ?>
welcome.php
- "en">
- "UTF-8">
- "X-UA-Compatible" content="IE=edge">
- "viewport" content="width=device-width, initial-scale=1.0">
Welcome - "background">error_reporting(0);session_start();$username=$_SESSION['user'];include('./conn.php');$sql = "select pic from flag where username = '$username'";//根据用户名查找头像信息$result = mysqli_query($conn,$sql);//执行sql$row = mysqli_fetch_array($result, MYSQLI_BOTH);$str='print_r($str);?>
欢迎您!
用户:
session_start();if($_SESSION['user']==""){echo "";}else{echo $_SESSION['user'];}include('./blogconn.php');//链接数据库$sql3="select count(id) from $dbtable;";$result=mysqli_query($conn2,$sql3);$row = mysqli_fetch_array($result, MYSQLI_BOTH);$num=$row[0];$i=1;for($i=1;$i<=$num;$i++){$sql4="select blog from $dbtable where id=$i";$result4=mysqli_query($conn2,$sql4);$row4 = mysqli_fetch_array($result4, MYSQLI_BOTH);$blogdiv=''.$row4[0].'';print_r($blogdiv);}?>
-
相关阅读:
TDengine函数大全-系统函数
智能热水器语音控制丨打造智能家居新体验
do-exercise-淘宝网店
golang 对不同结构体中数据进行相互转换的几种常用方法
面试算法问题
掌握Mongodb,看完这篇文章就够了
空气温湿度、光照度、二氧化碳传感器
PowerDesigner的表设计显示Comment的配置操作场景
HTML小游戏5 —— 水果忍者(附完整源码)
小程序的各种手机屏幕媒体查询
- 原文地址:https://blog.csdn.net/qq_61778128/article/details/126078054
