php实现用户个人主页
PHP 实现用户个人主页
数据库设计与连接
创建用户表 users 包含基础字段:
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL,
email VARCHAR(100) NOT NULL,
password VARCHAR(255) NOT NULL,
bio TEXT,
avatar VARCHAR(255),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);建立数据库连接文件 config.php:
<?php
$host = 'localhost';
$dbname = 'user_db';
$username = 'root';
$password = '';
try {
$pdo = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
die("Connection failed: " . $e->getMessage());
}
?>用户登录验证
创建登录验证逻辑 auth.php:
session_start();
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = $_POST['email'];
$password = $_POST['password'];
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
$stmt->execute([$email]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
header("Location: profile.php");
}
}个人主页显示
创建个人主页文件 profile.php:
<?php
session_start();
require 'config.php';
if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
}
$userId = $_SESSION['user_id'];
$stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
$stmt->execute([$userId]);
$user = $stmt->fetch();
?>
<!DOCTYPE html>
<html>
<head>
<title><?= htmlspecialchars($user['username']) ?>'s Profile</title>
</head>
<body>
<div class="profile-header">
<img src="<?= htmlspecialchars($user['avatar']) ?>" alt="Profile Picture">
<h1><?= htmlspecialchars($user['username']) ?></h1>
</div>
<div class="profile-bio">
<p><?= nl2br(htmlspecialchars($user['bio'])) ?></p>
</div>
</body>
</html>用户数据更新
创建资料更新页面 edit_profile.php:
<?php
session_start();
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$bio = $_POST['bio'];
$userId = $_SESSION['user_id'];
$stmt = $pdo->prepare("UPDATE users SET bio = ? WHERE id = ?");
$stmt->execute([$bio, $userId]);
header("Location: profile.php");
}
?>文件上传处理
实现头像上传功能:
if (isset($_FILES['avatar'])) {
$targetDir = "uploads/";
$targetFile = $targetDir . basename($_FILES["avatar"]["name"]);
$imageFileType = strtolower(pathinfo($targetFile, PATHINFO_EXTENSION));
$check = getimagesize($_FILES["avatar"]["tmp_name"]);
if ($check !== false) {
move_uploaded_file($_FILES["avatar"]["tmp_name"], $targetFile);
$stmt = $pdo->prepare("UPDATE users SET avatar = ? WHERE id = ?");
$stmt->execute([$targetFile, $_SESSION['user_id']]);
}
}安全增强措施
添加输入验证和CSRF防护:
function sanitizeInput($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
// CSRF Token Generation
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}完整功能整合
将所有组件整合到MVC结构中:
project/
├── config/
│ └── database.php
├── controllers/
│ ├── AuthController.php
│ └── ProfileController.php
├── models/
│ └── User.php
├── views/
│ ├── auth/
│ │ ├── login.php
│ │ └── register.php
│ └── profile/
│ ├── show.php
│ └── edit.php
└── public/
├── css/
└── uploads/性能优化建议
启用PHP缓存和数据库索引:
ALTER TABLE users ADD INDEX idx_email (email);在PHP配置中启用OPcache:
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
