By GokiSoft.com|
18:33 26/01/2024|
Học PHP
[Share Code] Bài tập - Tạo website bán hàng lư niệm - Login - Lập trình PHP/MySQL - C2307L
Bài tập - Tạo website bán hàng lư niệm - Login - Lập trình PHP/MySQL
#config.php
<?php
session_start();
define('HOSTING', 'localhost');
// define('USERNAME', 'gokisoft');
define('USERNAME', 'root');
// define('PWD', 'iv@*NIFyTdKEgh]D');
define('PWD', '');
define('DATABASE', 'gift_db');
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
function initDatabase() {
//Tao CSDL
$sql = "create database if not exists gift_db";
$conn = mysqli_connect(HOSTING, USERNAME, PWD);
mysqli_set_charset($conn, 'utf8');
//B2. Thuc hien insert du lieu vao CSDL
mysqli_query($conn, $sql);
//B3. Dong ket noi
mysqli_close($conn);
//Tao tables
$sql = 'create table if not exists gift (
id int primary key auto_increment,
title varchar(150),
thumbnail varchar(500),
content longtext,
price float,
created_at datetime,
updated_at datetime,
id_user int
)';
query($sql);
$sql = 'create table if not exists users (
id int primary key auto_increment,
fullname varchar(50),
email varchar(150) unique,
password varchar(100),
token varchar(255) unique
)';
query($sql);
}
/**
* Query: insert, update, delete
*/
function query($sql) {
// $conn = mysqli_connect('localhost:3307', 'gokisoft', 'iv@*NIFyTdKEgh]D', 'c2307l');
$conn = mysqli_connect(HOSTING, USERNAME, PWD, DATABASE);
mysqli_set_charset($conn, 'utf8');
//B2. Thuc hien insert du lieu vao CSDL
// $sql = "insert into users (fullname, email, phone_number, address, created_at, updated_at) values ('TRAN VAN AAA', 'tranvana@gmail.com', '1234567890', 'Ha Noi', '2023-01-02 09:30:00', '2023-01-02 09:30:00')";
// $sql = "delete from users where id = ".$id;
mysqli_query($conn, $sql);
//B3. Dong ket noi
mysqli_close($conn);
}
function select($sql) {
$conn = mysqli_connect(HOSTING, USERNAME, PWD, DATABASE);
mysqli_set_charset($conn, 'utf8');
//B2. Thuc hien insert du lieu vao CSDL
// $sql = "insert into users (fullname, email, phone_number, address, created_at, updated_at) values ('TRAN VAN AAA', 'tranvana@gmail.com', '1234567890', 'Ha Noi', '2023-01-02 09:30:00', '2023-01-02 09:30:00')";
// $sql = "select * from users";
$resultset = mysqli_query($conn, $sql);
$dataList = [];
while(($row = mysqli_fetch_array($resultset, 1)) !== null) {
$dataList[] = $row;
}
//B3. Dong ket noi
mysqli_close($conn);
return $dataList;
}
function getPost($key) {
if(isset($_POST[$key])) {
return $_POST[$key];
}
return "";
}#readme.txt
B1. Tao CSDL
create database if not exists gift_db
create table if not exists gift (
id int primary key auto_increment,
title varchar(150),
thumbnail varchar(500),
content longtext,
price float,
created_at datetime,
updated_at datetime,
id_user int
)
create table if not exists users (
id int primary key auto_increment,
fullname varchar(50),
email varchar(150) unique,
password varchar(100),
token varchar(255) unique
)
B2. Tao project
Tao cau truc du an
structure
- index.php -> trang chu
- config.php -> Ket noi CSDL
- modules
- users
login.php
register.php
- gift
index.php
add.php
edit.php
delete.php
Hoàn thành các thành phân cơ bản của dự án
Yêu cầu: Login thành công -> keep login này trong 1 tuần, 1 tháng, 1 năm, ... Thì chúng ta làm như nào???
Giải pháp login:
Login Form -> Nhập thông tin -> Lên server
- FAIL: Login lại
- SUCCESS:
B1. Lưu vào session -> login lần sau nhanh -> Tồn tại trong 2-10 phút -> Hết phiên
B2. Tạo 1 token sau khi login thành công
- Lưu vào cookie (set thời gian 1 tuần, 1 tháng, 1 năm, ...)
- Lưu vào database (users -> token của người dùng đó)
Cơ chế là gì:
TH1. Check session -> tự động login thành công
TH2. session không tồn tại
- Lấy token trong cookie
- Kiểm tra token có tồn tại trong CSDL -> khớp với người dùng nào
- Lưu vào session -> Login thành công
#init.php
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Init DataBase Page</title>
</head>
<body>
<?php
require_once('config.php');
initDatabase();
?>
<h1 style="text-align: center;">Init database success!</h1>
<p>
<a href="index.php">Home</a>
</p>
</body>
</html>#index.php
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Qua Tang Page</title>
</head>
<body>
<p>
<a href="modules/user/login.php">Login Page</a>
</p>
<p>
<a href="modules/gift">Gift Page</a>
</p>
<p>
<a href="init.php">Init Database Page</a>
</p>
</body>
</html>#gift.php
<?php
class Gift {
public $id;
public $title;
public $thumbnail;
public $content;
public $price;
public $createdAt;
public $updatedAt;
public $idUser;
public function findAll($idUser) {
$sql = "select * from gift where id_user = ".$idUser;
echo $sql;
return select($sql);
}
public function findAllPDO($idUser) {
//B1. Mo ket noi toi CSDL
$conn = new PDO("mysql:host=".HOSTING.";dbname=".DATABASE, USERNAME, PWD);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//B2. Truy van
$stmt = $conn->prepare("select * from gift where id_user = :id_user");
$stmt->bindParam(":id_user", $idUser);
$stmt->execute();
$result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
$result = $stmt->fetchAll();
// var_dump($result);
//B3. Dong ket noi toi CSDL
$conn = null;
return $result;
}
}#users.php
<?php
class Users {
public $id;
public $fullname;
public $email;
public $password;
public $token;
public $hashPwd;
public function processForm() {
$this->id = getPost('id');
$this->fullname = getPost('fullname');
$this->email = getPost('email');
$this->password = getPost('password');
$this->token = getPost('token');
//Cung la 1 mat khau $this->password. Nhung tai cac thoi diem khac nhau thi password_hash -> tao ra cac hash khac nhau
$this->hashPwd = password_hash($this->password, PASSWORD_DEFAULT);
}
public function autoLogin() {
if(isset($_SESSION['user'])) {
return $_SESSION['user'];
}
if(isset($_COOKIE['token'])) {
$token = $_COOKIE['token'];
$sql = "select * from users where token = '$token'";
$dataList = select($sql);
if($dataList != null && count($dataList) > 0) {
$_SESSION['user'] = $dataList[0];
return $_SESSION['user'];
}
}
return null;
}
public function login() {
//$this->email = ' or email is not null or email = '
//sql injection -> Fixed
$sql = "select * from users where email = '".$this->email."'";
// echo $sql;
$dataList = select($sql);
if($dataList != null && count($dataList) > 0) {
$hashPwd = $dataList[0]['password'];
//Verify $this->password & $hashPwd -> Co phai la 1 khong
$verify = password_verify($this->password, $hashPwd);
if($verify) {
//Login thanh cong
$_SESSION['user'] = $dataList[0];
$token = $dataList[0]['id'].password_hash($dataList[0]['id'], PASSWORD_DEFAULT).password_hash($dataList[0]['email'], PASSWORD_DEFAULT);
setcookie('token', $token, time() + 30 * 24 * 60 * 60, '/');
$sql = "update users set token = '".$token."' where id = ".$dataList[0]['id'];
// echo $sql;
query($sql);
// die();
return true;
}
}
return false;
}
public function register() {
$sql = "insert into users(fullname, email, password) values ('".$this->fullname."', '".$this->email."', '".$this->hashPwd."')";
query($sql);
}
}#login.php
<?php
require_once('../../config.php');
require_once('../../models/users.php');
$title = "";
if(!empty($_POST)) {
$user = new Users();
$user->processForm();
$check = $user->login();
if($check) {
header('Location: ../gift');
die();
} else {
$title = "TAI KHOAN KHONG TON TAI";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login Page</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<!-- Latest compiled and minified CSS -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<!-- Latest compiled JavaScript -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css">
<style type="text/css">
.form-group {
margin-bottom: 20px;
}
</style>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-md-12 mt-3">
<form method="post">
<h1 style="mau: red"><?=$title?></h1>
<div class="form-group">
<label>Email: </label>
<input type="text" name="email" placeholder="Enter email" class="form-control">
</div>
<div class="form-group">
<label>Password: </label>
<input type="password" name="password" placeholder="Enter pwd" class="form-control">
</div>
<div class="form-group">
<button class="btn btn-success">Login</button>
<p>
<a href="register.php">Create a new account</a>
</p>
</div>
</form>
</div>
</div>
</div>
</body>
</html>#register.php
<?php
require_once('../../config.php');
require_once('../../models/users.php');
$title = "";
if(!empty($_POST)) {
$user = new Users();
$user->processForm();
$user->register();
header('Location: login.php');
die();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Register Page</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<!-- Latest compiled and minified CSS -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<!-- Latest compiled JavaScript -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css">
<style type="text/css">
.form-group {
margin-bottom: 20px;
}
</style>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-md-12 mt-3">
<form method="post">
<div class="form-group">
<label>Email: </label>
<input required type="text" name="email" placeholder="Enter email" class="form-control">
</div>
<div class="form-group">
<label>Full Name: </label>
<input required type="text" name="fullname" placeholder="Enter fullname" class="form-control">
</div>
<div class="form-group">
<label>Password: </label>
<input required type="password" name="password" placeholder="Enter pwd" class="form-control">
</div>
<div class="form-group">
<button class="btn btn-success">Login</button>
<p>
<a href="login.php">Login page</a>
</p>
</div>
</form>
</div>
</div>
</div>
</body>
</html>#index.php
<?php
require_once('../../config.php');
require_once('../../models/gift.php');
require_once('../../models/users.php');
$userModel = new Users();
$user = $userModel->autoLogin();
if($user == null) {
header('Location: ../user/login.php');
}
$idUser = $_SESSION['user']['id'];
$gift = new Gift();
//original
// $dataList = $gift->findAll($idUser);
//sql injection
// $dataList = $gift->findAll("0 or id_user > 0 or id_user = ".$idUser);
//original
$dataList = $gift->findAllPDO($idUser);
//test sql injection vs PDO
$dataList = $gift->findAllPDO("0 or id_user > 0 or id_user = ".$idUser);
?>
<!DOCTYPE html>
<html>
<head>
<title>Gift Page</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<!-- Latest compiled and minified CSS -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<!-- Latest compiled JavaScript -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css">
<style type="text/css">
.form-group {
margin-bottom: 20px;
}
</style>
</head>
<body>
<div class="container">
<div class="row">
<h1 style="mau: red; text-align: center">Welcome <?=$_SESSION['user']['fullname']?></h1>
<div class="col-md-12 mt-3">
<a href="add.php"><button class="btn btn-success" style="float: left;">Them moi</button></a>
<form method="get">
<input type="text" name="s" placeholder="Tim kiem ..." class="form-control" style="width: 200px; float: right;">
</form>
</div>
<div class="col-md-12">
<div class="card mt-3">
<div class="card-header bg-info text-white">
DANH SACH GIFT
</div>
<div class="card-body">
<table class="table table-bordered">
<thead>
<tr>
<th>STT</th>
<th>Tieu De</th>
<th>Gia</th>
<th>Ngay Sua</th>
<th style="width: 180px;"></th>
</tr>
</thead>
<tbody>
<?php
$count = 0;
foreach ($dataList as $item) {
echo '<tr>
<td>'.(++$count).'</td>
<td>'.$item['title'].'</td>
<td>'.$item['price'].'</td>
<td>'.$item['updated_at'].'</td>
<td>
<a href="edit.php?id='.$item['id'].'"><button class="btn btn-warning">Sua</button></a>
<a href="delete.php?id='.$item['id'].'"><button class="btn btn-danger">Xoa</button></a>
</td>
</tr>';
}
?>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</body>
</html>#delete.php
#edit..php
#add.php
Tags:
Phản hồi từ học viên
5
(Dựa trên đánh giá ngày hôm nay)
