php实现校园论坛系统
数据库设计
校园论坛系统的核心是数据库设计,需要包含用户、帖子、评论等基本表结构。以下是一个简单的数据库设计示例:
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
email VARCHAR(100) NOT NULL UNIQUE,
role ENUM('admin', 'user') DEFAULT 'user',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
CREATE TABLE posts (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
title VARCHAR(255) NOT NULL,
content TEXT NOT NULL,
category VARCHAR(50),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id)
);
CREATE TABLE comments (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
post_id INT NOT NULL,
content TEXT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id),
FOREIGN KEY (post_id) REFERENCES posts(id)
);用户认证系统
实现用户注册和登录功能,使用PHP的password_hash()和password_verify()函数进行密码加密和验证:
// 注册功能
$hashed_password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$stmt = $pdo->prepare("INSERT INTO users (username, password, email) VALUES (?, ?, ?)");
$stmt->execute([$_POST['username'], $hashed_password, $_POST['email']]);
// 登录功能
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
$stmt->execute([$_POST['username']]);
$user = $stmt->fetch();
if ($user && password_verify($_POST['password'], $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
}帖子管理
实现帖子的创建、查看、编辑和删除功能:
// 创建帖子
$stmt = $pdo->prepare("INSERT INTO posts (user_id, title, content, category) VALUES (?, ?, ?, ?)");
$stmt->execute([$_SESSION['user_id'], $_POST['title'], $_POST['content'], $_POST['category']]);
// 获取帖子列表
$stmt = $pdo->query("SELECT posts.*, users.username FROM posts JOIN users ON posts.user_id = users.id ORDER BY created_at DESC");
$posts = $stmt->fetchAll();
// 删除帖子
if ($_SESSION['role'] == 'admin' || $post['user_id'] == $_SESSION['user_id']) {
$stmt = $pdo->prepare("DELETE FROM posts WHERE id = ?");
$stmt->execute([$_GET['id']]);
}评论系统
实现评论的添加和显示功能:
// 添加评论
$stmt = $pdo->prepare("INSERT INTO comments (user_id, post_id, content) VALUES (?, ?, ?)");
$stmt->execute([$_SESSION['user_id'], $_POST['post_id'], $_POST['content']]);
// 获取评论
$stmt = $pdo->prepare("SELECT comments.*, users.username FROM comments JOIN users ON comments.user_id = users.id WHERE post_id = ? ORDER BY created_at ASC");
$stmt->execute([$_GET['id']]);
$comments = $stmt->fetchAll();前端界面
使用HTML和CSS创建基本的前端界面,可以使用Bootstrap等框架快速搭建:
<!-- 帖子列表页面 -->
<div class="container mt-4">
<div class="row">
<div class="col-md-8">
<?php foreach ($posts as $post): ?>
<div class="card mb-3">
<div class="card-body">
<h5 class="card-title"><?= htmlspecialchars($post['title']) ?></h5>
<p class="card-text"><?= nl2br(htmlspecialchars($post['content'])) ?></p>
<p class="text-muted">Posted by <?= htmlspecialchars($post['username']) ?></p>
<a href="post.php?id=<?= $post['id'] ?>" class="btn btn-primary">View Post</a>
</div>
</div>
<?php endforeach; ?>
</div>
</div>
</div>安全措施
确保系统安全,防止SQL注入和XSS攻击:
// 使用预处理语句防止SQL注入
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
$stmt->execute([$_POST['username']]);
// 输出时使用htmlspecialchars防止XSS
echo htmlspecialchars($user_input, ENT_QUOTES, 'UTF-8');
// 文件上传验证
$allowed_types = ['image/jpeg', 'image/png'];
if (in_array($_FILES['avatar']['type'], $allowed_types)) {
move_uploaded_file($_FILES['avatar']['tmp_name'], 'uploads/' . basename($_FILES['avatar']['name']));
}部署建议
- 使用PHP 7.4或更高版本
- 配置MySQL或MariaDB数据库
- 考虑使用Nginx或Apache作为Web服务器
- 实施HTTPS加密
- 定期备份数据库
这个基本框架可以根据实际需求进行扩展,如添加用户头像、帖子分类、点赞功能等。
