花了一天时间实现了一个 简单的用户登录验证的小模型。
基本实现了现在 用户登录模块的绝大多数功能, 也算是 熟悉了一下系统的逻辑。
在这个小模型中, 实现了以下的基本功能 :
- Logging in and authenticating users .
- Managing passwords
- Recording user preferences
- Personalizing content
- Recommending content based on existing knowledge about a user
简单来说,分为3个小模块组成 :
1. Register . 用户通过浏览 注册 成为 网站的 member
2. Login . 已经注册的用户通过 已注册的用户名和密码 登录网站, 显示用户的 个性化页面(Personalize Page)
3. Forget Password. 用户忘记密码,利用 phpMailer 通过 Gmail 往用户注册的邮箱发送一个随机生成的新密码。 用户可使用重新新密码登录。
这个 小Model 逻辑比较简单, 整个模型的 框架 如图 :
其中是利用了 phpMailer 通过 Gmail STMP 往注册用户发送邮件(因为localhost本身是没有注册STMP,
发出的邮件基本会被当做 垃圾邮件 处理)。这个模块的 代码没有放在 这里, 具体可以参考 下一篇。
/*** add_bm_form.php ***/
/*** add_bms.php ***/
getMessage(); } display_user_menu(); do_html_footer();?>
/*** bookmark_fns.php ***/
/*** bookmark.sql ***/
# SQL stateemnts to create the PHPbookmark databaseCREATE database bookmarks;use bookmarks;CREATE TABLE user ( username VARCHAR(16) NOT NULL PRIMARY KEY , passwd CHAR(40) NOT NULL, email VARCHAR(100) NOT NULL);CREATE TABLE bookmark ( username VARCHAR (16) NOT NULL , bm_URL VARCHAR(255) NOT NULL , index (username), index (bm_URL), PRIMARY KEY (username, bm_URL));GRANT SELECT , INSERT , UPDATE , DELETEON bookmarks .*TO bm_user@localhost identified by 'password';# set up this database on your system by running this set of commmands as the root MySQL suer.# You can do this with the following commond on your system's command line :# mysql -u root -p < bookmarks.sql
/*** change_passwd.php ***/
getMessage(); } display_user_menu(); do_html_footer();
/*** change_passwd_form.php ***/
/*** data_valid_fns.php ***/
$value) { if( (!isset($key)) || ($value=='') ) { return false; } } return true; }function valid_email($address){ // check an email address is possibly valid if (ereg('^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$', $address)) return true; else return false;} /*** db_fns.php ***/
/*** delete_bms.php ***/
You have not chosen any bookmarks to delete. Please try again later .'; display_user_menu(); do_html_footer(); exit; } else { if(count($del_me)>0 ) { foreach($del_me as $url) { if( delete_bm($valid_user, $url)) { echo 'Delete '.htmlspecialchars($url).'.'; } else { echo 'Could not delete '.htmlspecialchars($url). '.'; } } } else { echo 'No bookmarks selected for deletion'; } } // get the bookmarks this user has saved if( $url_array = get_user_urls($valid_user) ) { display_user_urls($url_array); } display_user_menu(); do_html_footer(); /*** forgot_form.php ***/
/*** forgot_passwd.php ***/
'; } catch (Exception $e) { echo 'Your password could not be reset - please try again later'; } do_html_URL('login.php', 'Login'); do_html_footer();?> /*** login.php ***/
/*** logout.php ***/
'; do_html_URL('login.php','Login'); } else { //they were logged in and could not be logged out echo 'Could not log you out. '; }} else { //if they were't logged in but came to this page somehow echo 'You were not logged in, and so have not been logged out.'; do_html_URL('login.php','Login');}do_html_footer();?> /*** member.php ***/
/*** notify_passwd.php ***/
query($select_query); if(!$result) { throw new Exception('Could not find email address'); } else if ($result->num_rows == 0) { throw new Exception('Could not find email address'); } else { $row = $result->fetch_object(); $sendto_email = $row->email; $subject = "Please note that your password has changed"; $body = "Your PHPBookMark password has been changed to " .$password. "\r\n" ."Please change it next time you log in. \r\n"; $send_success = stmp_mail($sendto_email,$subject,$body,$username); if($send_success) { return true; } else { throw new Exception('Could not send email'); } } } /*** output_fns.php ***/
<?php echo $title;?> PHPbookmark
- Store your bookmarks online with us!
- See what other users use!
- Share your favorite links with others!
Home | Add BM | Delete BM | "; else echo "Delete BM | "; ?> Change password Recommend URLs to me | Logout
/*** recommend.php ***/
/*** register_form.php ***/
/*** register_new.php ***/
16)) { throw new Exception('Your password must be between 6 and 16 characters - Please go back and try again'); } // attempt to register // this function can also throw an exception register($username, $email, $passwd) ; // register session variable $_SESSION['valid_user'] = $username; //provide link to members page do_html_header("Registration successful"); echo 'Your registration was successful. Go to the memers page to start setting up your bookmarks!'; do_html_URL('member.php', 'Go to members page'); //end page } catch (Exception $e) { do_html_header('Problem:'); echo $e->getMessage(); do_html_footer(); exit; } /*** url_fns.php ***/
'; $valid_user = $_SESSION['valid_user']; $conn = db_connect(); // check not a repeat bookmark $result = $conn->query("select * from bookmark where username='$valid_user' and bm_URL='$new_url'"); if ($result && ($result->num_rows>0)) throw new Exception('Bookmark already exists.'); // insert the new bookmark if (!$conn->query( "insert into bookmark values ('$valid_user', '$new_url')")) throw new Exception('Bookmark could not be inserted.'); return true;}function get_user_urls($username){ //extract from the database all the URLs this user has stored $conn = db_connect(); $result = $conn->query( "select bm_URL from bookmark where username = '$username'"); if (!$result) return false; //create an array of the URLs $url_array = array(); for ($count = 1; $row = $result->fetch_row(); ++$count) { $url_array[$count] = $row[0]; } return $url_array;}function delete_bm($user, $url){ // delete one URL from the database $conn = db_connect(); // delete the bookmark if (!$conn->query( "delete from bookmark where username='$user' and bm_url='$url'")) throw new Exception('Bookmark could not be deleted'); return true;} /*** user_auth_fns.php ***/
num_rows>0 ) { throw new Exception('That username is taken - Go back and choose another one'); } // if ok, put in db $insert_query = "INSERT INTO user VALUE ('$username', sha1('$password'), '$email')"; $result = $conn->query($insert_query); if(!$insert_query) { throw new Exception('Could not register you in database - Please try again later.'); } return true;}//This function checks a User's Details Against the Databasefunction login($username, $password) { //check username and password with db //if yes, return true //else throw exception $conn = db_connect(); $check_query = "SELECT * FROM user WHERE username = '$username' AND passwd = sha1('$password')" ; $result = $conn->query($check_query); if(!result) { throw new Exception('Could not log you in'); } if($result->num_rows > 0) { return true; } else { throw new Exception('Could not log you in'); }}// This function Checks That the User Has a Valid Sessionfunction check_valid_user() { //see if somebody is logged in and notify them if not if( isset($_SESSION['valid_user']) ) { echo "Logged in as " .$_SESSION['valid_user'] ."."; } else { // they are not logged in do_html_heading('Problem:'); echo 'You are not logged in .'; do_html_URL('login.php', 'Login'); do_html_footer(); exit; }}//This function Updates a User Password in the DataBasefunction change_password($username, $old_password, $new_password) { // change password for username / old_password to new_password // if the old password is right // change their password to new_password and return true // else throw an exception login($username, $old_password); $conn = db_connect(); $update_query = "UPDATE user SET passwd = sha1('$new_password') WHERE username = '$username'"; $result = $conn->query($update_query); if( !$result ) { throw new Exception('Password could not be changed'); } else { return true; }}function get_random_word($min_length, $max_length)// grab a random word from dictionary between the two lengths// and return it{ // generate a random word $word = ''; // remember to change this path to suit your system $dictionary = '\usr\dict\words'; // the ispell dictionary $fp = @fopen($dictionary, 'r'); if(!$fp) return false; $size = filesize($dictionary); // go to a random location in dictionary srand ((double) microtime() * 1000000); $rand_location = rand(0, $size); fseek($fp, $rand_location); // get the next whole word of the right length in the file while (strlen($word)< $min_length || strlen($word)>$max_length || strstr($word, "'")) { if (feof($fp)) fseek($fp, 0); // if at end, go to start $word = fgets($fp, 80); // skip first word as it could be partial $word = fgets($fp, 80); // the potential password }; $word=trim($word); // trim the trailing \n from fgets return $word;}//This function Resets a User's Password to a Random Value and Emails Her the New Onefunction reset_password($username)// set password for username to a random value// return the new password or false on failure{ // get a random dictionary word b/w 6 and 13 chars in length $new_password = get_random_word(6, 13); if($new_password==false) throw new Exception('Could not generate new password.'); // add a number between 0 and 999 to it // to make it a slightly better password srand ((double) microtime() * 1000000); $rand_number = rand(0, 999); $new_password .= $rand_number; // set user's password to this in database or return false $conn = db_connect(); $result = $conn->query( "update user set passwd = sha1('$new_password') where username = '$username'"); if (!$result) throw new Exception('Could not change password.'); // not changed else return $new_password; // changed successfully}