php实现用户个人主页

实现用户个人主页的基本步骤

创建数据库表存储用户信息，通常包括用户ID、用户名、邮箱、密码哈希、头像URL等字段。使用MySQL示例：

CREATE TABLE users (
    id INT AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(50) NOT NULL UNIQUE,
    email VARCHAR(100) NOT NULL UNIQUE,
    password_hash VARCHAR(255) NOT NULL,
    avatar_url VARCHAR(255),
    bio TEXT,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

建立数据库连接，使用PDO或mysqli扩展。PDO连接示例：

$dsn = 'mysql:host=localhost;dbname=your_db;charset=utf8';
$pdo = new PDO($dsn, 'username', 'password');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

用户认证与会话管理

实现登录功能验证用户凭证：

session_start();
$stmt = $pdo->prepare("SELECT id, password_hash FROM users WHERE username = ?");
$stmt->execute([$_POST['username']]);
$user = $stmt->fetch();

if ($user && password_verify($_POST['password'], $user['password_hash'])) {
    $_SESSION['user_id'] = $user['id'];
    header('Location: profile.php');
}

在个人主页中获取当前用户信息：

session_start();
if (!isset($_SESSION['user_id'])) {
    header('Location: login.php');
    exit;
}

$stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();

个人主页显示与数据展示

创建profile.php显示用户信息：

<!DOCTYPE html>
<html>
<head>
    <title><?= htmlspecialchars($user['username']) ?>的个人主页</title>
</head>
<body>
    <h1>欢迎, <?= htmlspecialchars($user['username']) ?></h1>
    <img src="<?= htmlspecialchars($user['avatar_url'] ?? 'default.png') ?>" alt="头像">
    <p><?= nl2br(htmlspecialchars($user['bio'] ?? '暂无简介')) ?></p>
</body>
</html>

用户信息更新功能

创建表单允许用户更新个人信息：

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $bio = $_POST['bio'];
    $stmt = $pdo->prepare("UPDATE users SET bio = ? WHERE id = ?");
    $stmt->execute([$bio, $_SESSION['user_id']]);
    header('Location: profile.php');
}

HTML表单部分：

<form method="post">
    <textarea name="bio"><?= htmlspecialchars($user['bio'] ?? '') ?></textarea>
    <button type="submit">更新简介</button>
</form>

头像上传处理

实现头像上传功能：

if (isset($_FILES['avatar'])) {
    $uploadDir = 'uploads/';
    $fileName = uniqid() . '_' . basename($_FILES['avatar']['name']);
    $targetPath = $uploadDir . $fileName;

    if (move_uploaded_file($_FILES['avatar']['tmp_name'], $targetPath)) {
        $stmt = $pdo->prepare("UPDATE users SET avatar_url = ? WHERE id = ?");
        $stmt->execute([$targetPath, $_SESSION['user_id']]);
    }
}

表单部分：

<form method="post" enctype="multipart/form-data">
    <input type="file" name="avatar" accept="image/*">
    <button type="submit">上传头像</button>
</form>

安全增强措施

对用户输入进行验证和过滤：

$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);

使用预处理语句防止SQL注入：

$stmt = $pdo->prepare("INSERT INTO users (username, email, password_hash) VALUES (?, ?, ?)");
$stmt->execute([$username, $email, password_hash($password, PASSWORD_DEFAULT)]);

设置适当的文件上传限制：

ini_set('upload_max_filesize', '2M');
ini_set('post_max_size', '3M');

性能优化建议

为用户数据添加缓存层：

$cache = new Redis();
$cache->connect('127.0.0.1', 6379);

if ($userData = $cache->get('user_' . $_SESSION['user_id'])) {
    $user = json_decode($userData, true);
} else {
    // 数据库查询代码
    $cache->setex('user_' . $_SESSION['user_id'], 3600, json_encode($user));
}

为常用查询添加数据库索引：

CREATE INDEX idx_username ON users(username);
CREATE INDEX idx_email ON users(email);