php实现相册功能

数据库设计

创建相册系统需要设计数据库表来存储用户、相册和照片信息。常见的表结构包括：

• users表：存储用户信息（id, username, password, email等）
• albums表：存储相册信息（id, user_id, title, description, created_at）
• photos表：存储照片信息（id, album_id, filename, caption, uploaded_at）

SQL示例：

CREATE TABLE users (
    id INT AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(50) NOT NULL,
    password VARCHAR(255) NOT NULL,
    email VARCHAR(100) NOT NULL
);

CREATE TABLE albums (
    id INT AUTO_INCREMENT PRIMARY KEY,
    user_id INT NOT NULL,
    title VARCHAR(100) NOT NULL,
    description TEXT,
    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
    FOREIGN KEY (user_id) REFERENCES users(id)
);

CREATE TABLE photos (
    id INT AUTO_INCREMENT PRIMARY KEY,
    album_id INT NOT NULL,
    filename VARCHAR(255) NOT NULL,
    caption TEXT,
    uploaded_at DATETIME DEFAULT CURRENT_TIMESTAMP,
    FOREIGN KEY (album_id) REFERENCES albums(id)
);

文件上传处理

实现照片上传功能需要处理文件上传表单并验证文件类型和大小。

// 检查上传目录是否存在
$uploadDir = 'uploads/';
if (!file_exists($uploadDir)) {
    mkdir($uploadDir, 0755, true);
}

// 处理上传
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['photo'])) {
    $allowedTypes = ['image/jpeg', 'image/png', 'image/gif'];
    $maxSize = 2 * 1024 * 1024; // 2MB

    $file = $_FILES['photo'];
    if (in_array($file['type'], $allowedTypes) && $file['size'] <= $maxSize) {
        $filename = uniqid() . '_' . basename($file['name']);
        $targetPath = $uploadDir . $filename;

        if (move_uploaded_file($file['tmp_name'], $targetPath)) {
            // 保存到数据库
            $stmt = $pdo->prepare("INSERT INTO photos (album_id, filename) VALUES (?, ?)");
            $stmt->execute([$_POST['album_id'], $filename]);
        }
    }
}

相册展示

创建相册浏览页面需要从数据库查询数据并展示。

// 获取用户相册列表
$userId = $_SESSION['user_id'];
$stmt = $pdo->prepare("SELECT * FROM albums WHERE user_id = ?");
$stmt->execute([$userId]);
$albums = $stmt->fetchAll(PDO::FETCH_ASSOC);

// 显示相册
foreach ($albums as $album) {
    echo '<div class="album">';
    echo '<h3>' . htmlspecialchars($album['title']) . '</h3>';
    echo '<p>' . htmlspecialchars($album['description']) . '</p>';

    // 获取相册照片
    $stmt = $pdo->prepare("SELECT * FROM photos WHERE album_id = ? LIMIT 1");
    $stmt->execute([$album['id']]);
    $coverPhoto = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($coverPhoto) {
        echo '<img src="uploads/' . htmlspecialchars($coverPhoto['filename']) . '" alt="Cover">';
    }
    echo '</div>';
}

用户认证

实现基本的用户注册和登录功能保障系统安全。

// 用户注册
if (isset($_POST['register'])) {
    $username = $_POST['username'];
    $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
    $email = $_POST['email'];

    $stmt = $pdo->prepare("INSERT INTO users (username, password, email) VALUES (?, ?, ?)");
    $stmt->execute([$username, $password, $email]);
}

// 用户登录
if (isset($_POST['login'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
    $stmt->execute([$username]);
    $user = $stmt->fetch();

    if ($user && password_verify($password, $user['password'])) {
        $_SESSION['user_id'] = $user['id'];
        $_SESSION['username'] = $user['username'];
    }
}

安全措施

确保系统安全需要实施以下防护措施：

• 使用预处理语句防止SQL注入
• 对用户上传文件进行严格验证
• 对输出内容使用htmlspecialchars()转义
• 使用password_hash()存储密码
• 设置文件上传目录不可执行

// 文件类型验证加强版
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $file['tmp_name']);
finfo_close($finfo);
if (!in_array($mime, $allowedTypes)) {
    die('Invalid file type');
}

性能优化

提升相册系统性能可以考虑：

• 为常用查询字段添加索引
• 实现图片缩略图生成
• 使用分页加载大量照片
• 缓存常用数据

缩略图生成示例：

function createThumbnail($sourcePath, $destPath, $maxWidth = 200, $maxHeight = 200) {
    list($origWidth, $origHeight, $type) = getimagesize($sourcePath);

    $ratio = $origWidth / $origHeight;
    $newWidth = $maxWidth;
    $newHeight = $maxHeight;

    if ($maxWidth/$maxHeight > $ratio) {
        $newWidth = $maxHeight * $ratio;
    } else {
        $newHeight = $maxWidth / $ratio;
    }

    $image = null;
    switch ($type) {
        case IMAGETYPE_JPEG: $image = imagecreatefromjpeg($sourcePath); break;
        case IMAGETYPE_PNG: $image = imagecreatefrompng($sourcePath); break;
        case IMAGETYPE_GIF: $image = imagecreatefromgif($sourcePath); break;
    }

    $thumb = imagecreatetruecolor($newWidth, $newHeight);
    imagecopyresampled($thumb, $image, 0, 0, 0, 0, $newWidth, $newHeight, $origWidth, $origHeight);

    switch ($type) {
        case IMAGETYPE_JPEG: imagejpeg($thumb, $destPath); break;
        case IMAGETYPE_PNG: imagepng($thumb, $destPath); break;
        case IMAGETYPE_GIF: imagegif($thumb, $destPath); break;
    }
}