Php+mysql Member System Development Example Tutorial

This article mainly introduces the Php+mysql Member System Development example tutorial, through a complete membership system development, further deepen the understanding of the Php+mysql program design process, the need for friends can refer to the following

In this paper, a simple example of the complete PHP+MYSQL member system functions. is a very practical application. The specific implementation steps are as follows:

First, the principle of membership system:

Login----keep status (cookie or session)--Verify status and its permissions

Second, the security of the member system:

1, learn to use constants to improve MD5 security
2, cookie/session less with clear text information
3. session security should be greater than cookie
4. Use Cookie/session to read information as far as possible to increase judgment information
5, cookie/session content to streamline
6, for the wrong information in time to destroy Cookie/session

Third, database test, table User_list, and its fields

UID m_id username password
1 1 Admin 291760f98414679e3fd3f9051b19b6f7
2 2 admin2 895785cfa5d8157f4d33c58ae0f55123

Password: MD5 (ADMINTEST100), MD5 (ADMIN2TEST100), respectively, after the password is bound to the constant test100, and then encrypted into the database, this step can be set at the time of registration.

Iv. Configuration page m_config.php:

1234567891011121314151617181920212223242526272829303132333435363738

<?php session_start(); //数据库连接 $conn=mysql_connect(‘localhost‘,‘root‘,‘‘); mysql_select_db(‘test‘,$conn); //定义常量 define(ALL_ps,"test100"); //查看登录状态与权限 function user_shell($uid,$shell,$m_id){   $sql="select * from user_list where `uid`=‘$uid‘";    $query=mysql_query($sql);   $us=is_array($row=mysql_fetch_array($query));   $shell=$us ? $shell==md5($row[username].$row[password].ALL_PS):FALSE;   if($shell){     if($row[m_id]<=$m_id){//$row[m_id]越小权限越高，为1时权限最高       return $row;     }else{       echo "你的权限不足,不能查看该页面";       exit();      }   }else{     echo "登录后才能查看该页";     exit();    }  } //设置登录超时 function user_mktime($onlinetime){    $new_time=mktime();    echo $new_time-$onlinetime."秒未操作该页面"."<br>";    if($new_time-$onlinetime>‘10‘){//设置超时时间为10秒，测试用      echo "登录超时,请重新登录";      exit();      session_destroy();    }else{      $_SESSION[times]=mktime();    } }?>

Five, login page m_user.php:

?

1234567891011121314151617181920212223242526

<?php include("m_config.php"); //echo md5("admin2".ALL_PS); if($_POST[submit]){  $username=str_replace(" ","","$_POST[username]");  $sql="select * from user_list where `username`=‘$username‘";   $query=mysql_query($sql);  $us=is_array($row=mysql_fetch_array($query));  $ps=$us ? md5($_POST[password].ALL_PS)==$row[password] : FALSE;  if($ps){    $_SESSION[uid]=$row[uid];    $_SESSION[user_shell]=md5($row[username].$row[password].ALL_PS);    $_SESSION[times]=mktime();//取得登录时忘该的时间    echo "登录成功";  }else{    echo "用户名或密码错误";    session_destroy();//密码错误时消除所有的session  } }?><form action="" method="post"> 用户名：<input name="username" type="text" /><br /> 用户名：<input name="password" type="password" /><br /> 验证码：<input name="code" type="code" />5213<br /><br /> <input name="submit" type="submit" value="登录" /></form>

Six, set the permissions and Timeout page m_zhuangtai.php:

?

123456789101112

<?php include("m_config.php");  $arr=user_shell($_SESSION[uid],$_SESSION[user_shell],1);//设置该页面只有权限为1时即最高权限的才能访问  user_mktime($_SESSION[times]);//判断是否超时10秒  //echo $_SESSION[times]."<br>";//登录时该的时间 //echo mktime()."<br>";//当前日期 //echo $arr[username]."<br>"; //echo $arr[uid]."<br>"; ?>

Content that can be viewed by a privileged party

Vii. Test Results:

1, log in with sss,sssssss, prompt: User name or password error. To view m_zhuangtai.php, Tip: You can log in to view the page.
2, with admin admin login, because the permission is 1, so you can view the contents of the m_zhuangtai.php page.
3, with the admin admin login, because the permission is 1, so you can view the contents of the m_zhuangtai.php page, but after 10 seconds and then refresh, prompt: X seconds did not operate the page login timeout, please re-login.
4, with admin2 admin2 login, because the permission is 2, so can not view the contents of the m_zhuangtai.php page, tip: You do not have enough permissions to view the page.

I hope that the examples described in this article will help you to develop PHP programs.

Php+mysql Member System Development Example Tutorial