Php message system (2), php message system. Php message system (2), php Message System 1. after the overall framework is determined by referring to the previous (mvc framework summary), the default request parameters will be changed to: default request homepage: P php message system (2), php message system
1. after the overall framework is set according to the previous (mvc framework summary), the default request parameters will be changed:
// Default request homepage: // P = front // C = fIndex // A = show
1.1 find the action under the controller fIndexController:
// The homepage displays the public function showAction () {// prevents malicious calls $ this-> checkAuthority (); // directly load the template require CUR_VIE_PATH.'index.html 'without the need for a specific model ';}
2. prevent malicious calls at the Controller level, and almost all models are used. Therefore, they are placed in the basic model ,,
/** Prevents malicious calling of methods, applicable to all methods */protected function checkAuthority () {if (! Defined ('in _ NG ') {exit ("you no authority ");}}
Call this method at any time
3. reject php earlier versions. because php is always running, put the initial file Framework. class. php directly.
4.1 make CSS into an inclusion file
Every page needs to be imported into CSS, so we need to define a file title.inc.html.
However, each page has a different CSS, so you can define a constant to prove this page.
Define ('script', 'index ');
Your Title
Title.inc.html code
5.2 create registration page register.html
Parameter request: Request Registration page P = front C = fRegister A = show
Code:
Member registration
5.3 click the avatar to bring up the selection header box:
"Public/front/face/m01.gif" alt = "select" onclick = "javascript: window. open ('Face. php', 'face', 'width = 400, height = 400, top = 0, left = 0') "/>
This page contains 64 Avatar pages, which can be listed through array loops.
"face/m0
.gif" />
6. submit data
When you submit data to this page, you must make a name-value pair to determine whether the data has been submitted.
? Action = register you can also design a hidden field for name-value pairs.
6.1 verify the verification code
The purpose of the verification code is to prevent malicious registration and some form spoofing cross-site attacks.
The verification code is saved in the session to determine whether the current form is submitted.
Changes can prevent multiple malicious registrations.
If (! ($ _ POST ['yzm'] === _ SESSION ['code']) {_ alert_back ('verification code is incorrect. please enter it again! ');}
. Accept data
Design variables: submit the data and assign the value to the variable $ _ username = $ _ POST ['username']; you can also use an array to store the submitted value $ _ clean = array (); $ _ clean ['username'] = $ _ POST ['username']
6.3 various restrictions and filters
1. First, remove the spaces on both sides $ _ string = trim ($ _ string );
2. second, the length limit is if (mb_strlen ($ _ string, 'utf-8') <$ _ min_num | mb_strlen ($ _ string, 'utf-8')> $ _ max_num)
3. sensitive characters: $ _ char_pattern = '/[<> \' \ "\]/'; if (preg_match ($ _ char_pattern, $ _ string )){}
4. sensitive username limit $ _ mg [0] = '22'; $ _ mg [1] = '11'; $ _ mg [2] = '33 '; foreach ($ _ mg as $ value) {$ _ mg_string. = '['. $ value. ']'. '\ n';} if (in_array ($ _ string, $ _ mg) {_ alert_back ($ _ mg_string. 'The above sensitive user names cannot be registered! ');}
5. escape input to effectively prevent SQL injection problems // mysql_escape_string (); // addslashes () return mysql_real_escape_string ($ _ string); // This mysql _ needs to connect to the database
Callback (2), php Message System 1. after setting the overall framework according to the previous (mvc framework summary), the default request parameters will be changed to: // default request homepage: // P...