php message system (2)

WBOY
Release: 2016-08-08 09:27:53
Original
1427 people have browsed it

1. After the overall framework is determined with reference to the previous (mvc framework summary), the default parameters of the request will become:

//默认请求首页: //P=front //C=fIndex //A=show
Copy after login

1.1 Find the action under the controller fIndexController:

//首页展示动作 public function showAction() { //防止恶意调用 $this->checkAuthority(); //不需要具体模型,直接载入模版 require CUR_VIE_PATH.'index.html'; }
Copy after login

2. Preventing malicious calls is placed at our Controller level. It is used by almost all models, so it is placed in the basic model.

/* * 防止恶意调用方法,适用于全部方法 */ protected function checkAuthority() { if(!defined('IN_NG')) { exit("you no authority"); } }
Copy after login

Call this method at any time

3. Reject the lower version of php. Since it is always running, put it directly into the initial file Framework.class.php

4.1 Make CSS an include file

Every page must import CSS, which is really troublesome. Let’s define a file title.inc.html.

But each page has a different CSS, so you can define a constant to prove this page.

define('SCRIPT','index');

Your Title php require 'application/view/front/title.inc.html' ?> 
Copy after login

The title.inc.html code

"shortcut icon" href="favicon.ico" /> "stylesheet" type="text/css" href="public/front/css/1/basic.css" /> "stylesheet" type="text/css" href="public/front/css/1/.css" />
Copy after login

5.2 Create registration page register.html

参数请求为: 请求注册页 P=front C=fRegister A=show
Copy after login

The code is:

"register">

会员注册

"post" action="post.php">
请认真填写一下内容
用 户 名:"text" name="username" class="text" />(*必填,至少两位)
密 码:"password" name="password" class="text" />(*必填,至少六位)
确认密码:"password" name="notpassword" class="text" />(*必填,同上)
密码提示:"text" name="passt" class="text" />(*必填,至少两位)
密码回答:"text" name="passd" class="text" />(*必填,至少两位)
性 别:"radio" name="sex" value="" checked="checked" />"radio" name="sex" value="" />
class="face"> "public/front/face/m01.gif" alt="头像选择" onclick="javascript:window.open('face.php','face','width=400,height=400,top=0,left=0')" />
电子邮件:"text" name="email" class="text" />
Q Q :"text" name="qq" class="text" />
主页地址:"text" name="url" class="text" value="http://" />
验 证 码:"text" name="yzm" class="text yzm" />
"submit" class="submit" value="注册" />
Copy after login

5.3 Click on the avatar to pop up the avatar selection box:

"public/front/face/m01.gif" alt="头像选择" onclick="javascript:window.open('face.php','face','width=400,height=400,top=0,left=0')" />
Copy after login

This page stores 64 avatar pages, which can be listed through an array loop

foreach (range(1,9) as $number) {?> 
"face/m0.gif" />
Copy after login

6. Submit data
To submit data to this page, you must make a name-value pair to determine whether the data has been submitted.

?action=register 也可以设计一个隐藏字段来做名值对 <input type="hidden" name="action" value="register" />
Copy after login

6.1 Check the verification code
The purpose of the verification code is to prevent malicious registration and some form forgery cross-site attacks.
The verification code is stored in the session, which can be used to determine whether the current form is submitted. After refreshing once, the verification code changes with
, which can also prevent multiple malicious registrations.

if (!($_POST['yzm'] == $_SESSION['code'])) { _alert_back('验证码有误,请重新输入!'); }
Copy after login

6.2. Accept data

设计变量,将数据提交出来赋值给变量 $_username = $_POST['username']; 也可以通过一个数组来存放提交过来的值 $_clean = array(); $_clean['username'] = $_POST['username']
Copy after login

6.3 Various restrictions and filtering

1.首先,必须去掉两边的空格 $_string = trim($_string);
Copy after login

2.其次长度限制 if (mb_strlen($_string,'utf-8') < $_min_num || mb_strlen($_string,'utf-8') > $_max_num)
Copy after login

3.敏感字符限制 $_char_pattern = '/[<>\'\"\ \ ]/'; if (preg_match($_char_pattern,$_string)) {}
Copy after login

4.敏感用户名限制 $_mg[0] = '22'; $_mg[1] = '11'; $_mg[2] = '33'; foreach ($_mg as $value) { $_mg_string .= '['.$value.']'.'\n'; } if (in_array($_string,$_mg)) { _alert_back($_mg_string.'以上敏感用户名不得注册!'); }
Copy after login

5.转义输入,有效防止SQL 注入问题 //mysql_escape_string(); //addslashes() return mysql_real_escape_string($_string); //这个mysql_是需要连接数据库的
Copy after login

The above introduces the PHP message system (2), including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn