随着互联网的发展,内容管理系统(cms)已成为网站建设、开发和管理的常用工具。其中,在cms中的用户管理系统非常重要,用户管理系统可以让网站管理员管理网站的注册用户,管理用户的信息、权限和密钥。
在这篇文章中,我们将介绍如何使用PHP开发CMS中的用户管理系统,让你了解到用户管理系统的基本操作和设计思路,帮助你更好地实现网站用户管理。
1.数据库设计
首先,我们要在数据库中设计用户数据表,这个数据表用来存储用户的基本信息和权限,如用户名、密码、电子邮件、电话等信息。其中,用户的权限分为管理员和普通用户两种,管理员用户具有管理用户和各种操作的权限,普通用户只有访问权限。
用户数据表的设计如下:
立即学习“PHP免费学习笔记(深入)”;
CREATE TABLE users (id int(11) NOT NULL AUTO_INCREMENT,username varchar(50) NOT NULL,password varchar(255) NOT NULL,email varchar(255) NOT NULL,phone varchar(50) DEFAULT NULL,type tinyint(4) NOT NULL DEFAULT '1',
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
2.用户注册页面
用户注册页面是列出用户名、密码、电子邮件地址和其他信息的表单,让用户填写并提交。在后台,系统将接收和验证表单数据、创建新的用户账户并将其存储到数据库中。用户注册页面的代码如下:
zuojiankuohaophpcn?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
$email = $_POST['email'];
$phone = $_POST['phone'];
$type = $_POST['type'];
// Connect to database
$conn = new mysqli("localhost", "root", "password", "database");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// SQL query to insert new user
$sql = "INSERT INTO users (username, password, email, phone, type)
VALUES ('$username', '$password', '$email', '$phone', $type)";
if ($conn->query($sql) === TRUE) {
header("Location: login.php");
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();}
?>
<!doctype html>
<html>
<head>
<title>Register - CMS User Management System</title> <link href="style.css" rel="stylesheet">
</head>
<body>
<div class="container">
<h1>Register</h1>
<form method="post">
<label>Username</label>
<input type="text" name="username" required>
<label>Password</label>
<input type="password" name="password" required>
<label>Email</label>
<input type="email" name="email" required>
<label>Phone</label>
<input type="text" name="phone">
<label>Type</label>
<select name="type">
<option value="1">Regular User</option>
<option value="2">Administrator</option>
</select>
<button type="submit">Register</button>
</form>
</div></body>
</html>
3.用户登录页面
用户登录页面是用来验证用户输入的账户和密码是否能在数据库中匹配成功,来确保用户是合法用户。如果验证成功,系统将用户重定向到CMS的主页面,如果验证失败,则向用户显示错误消息。用户登录页面的代码如下:
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
// Connect to database
$conn = new mysqli("localhost", "root", "password", "database");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// SQL query to select user with given username
$sql = "SELECT id, username, password, type FROM users WHERE username='$username'";
$result = $conn->query($sql);
if ($result->num_rows == 1) {
// User found, check password
$row = $result->fetch_assoc();
if (password_verify($password, $row['password'])) {
// Passwords match, set session variables and redirect to main page
session_start();
$_SESSION['user_id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['type'] = $row['type'];
header("Location: index.php");
} else {
// Passwords do not match, display error message
$error = "Invalid login credentials";
}
} else {
// User not found, display error message
$error = "Invalid login credentials";
}
$conn->close();}
?>
<!doctype html>
<html>
<head>
<title>Login - CMS User Management System</title> <link href="style.css" rel="stylesheet">
</head>
<body>
<div class="container">
<h1>Login</h1>
<?php if (isset($error)): ?>
<div class="error"><?php echo $error; ?></div>
<?php endif; ?>
<form method="post">
<label>Username</label>
<input type="text" name="username" required>
<label>Password</label>
<input type="password" name="password" required>
<button type="submit">Login</button>
</form>
</div></body>
</html>
4.用户管理页面
用户管理页面是CMS的一个核心页面,它允许管理员对所有网站用户进行管理,包括添加、编辑和删除用户信息。相应的,用户界面将只允许访问和编辑自己的账户信息。这个页面也需要正确地验证和处理用户输入的数据,以确保系统的安全性和适用性。用户管理页面的代码如下:
<?php
session_start();
if ($_SESSION['type'] != 2) {
// Redirect non-admin users to index.php
header("Location: index.php");} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Handle form submission
$id = $_POST['id'];
$username = $_POST['username'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$type = $_POST['type'];
// Connect to database
$conn = new mysqli("localhost", "root", "password", "database");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// SQL query to update user
$sql = "UPDATE users SET username='$username', email='$email', phone='$phone', type=$type WHERE id=$id";
if ($conn->query($sql) !== TRUE) {
echo "Error updating record: " . $conn->error;
}
$conn->close();} elseif (isset($_GET['delete'])) {
// Handle deleting user
$id = $_GET['delete'];
// Connect to database
$conn = new mysqli("localhost", "root", "password", "database");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// SQL query to delete user
$sql = "DELETE FROM users WHERE id=$id";
if ($conn->query($sql) !== TRUE) {
echo "Error deleting record: " . $conn->error;
}
$conn->close();}
?>
<!doctype html>
<html>
<head>
<title>Manage Users - CMS User Management System</title> <link href="style.css" rel="stylesheet">
</head>
<body>
<div class="container">
<h1>Manage Users</h1>
<table>
<thead>
<tr>
<th>User ID</th>
<th>Username</th>
<th>Email</th>
<th>Phone</th>
<th>User Type</th>
<th>Action</th>
</tr>
</thead>
<tbody>
<?php
// Connect to database
$conn = new mysqli("localhost", "root", "password", "database");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// SQL query to select all users
$sql = "SELECT * FROM users";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['phone'] . "</td>";
if ($row['type'] == 1) {
echo "<td>Regular User</td>";
} else {
echo "<td>Administrator</td>";
}
echo "<td>";
echo "<a href="edit.php?id=" . $row['id'] . "">Edit</a>";
echo " | ";
echo "<a href="manage.php?delete=" . $row['id'] . "">Delete</a>";
echo "</td>";
echo "</tr>";
}
} else {
echo "No users found";
}
$conn->close();
?>
</tbody>
</table>
<a href="register.php">Add user</a>
<a href="logout.php">Logout</a>
</div></body>
</html>
5.用户编辑页面
用户编辑页面允许管理员编辑当前用户的信息,同时展示了当前用户的信息。此页面需要正确验证和处理用户输入数据,以确保数据的安全性和适用性。用户编辑页面的代码如下:
<?php
session_start();
if ($_SESSION['type'] != 2) {
// Redirect non-admin users to index.php
header("Location: index.php");} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Handle form submission
$id = $_POST['id'];
$username = $_POST['username'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$type = $_POST['type'];
// Connect to database
$conn = new mysqli("localhost", "root", "password", "database");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// SQL query to update user
$sql = "UPDATE users SET username='$username', email='$email', phone='$phone', type=$type WHERE id=$id";
if ($conn->query($sql) !== TRUE) {
echo "Error updating record: " . $conn->error;
}
$conn->close();} elseif (isset($_GET['id'])) {
// Display user editing form
$id = $_GET['id'];
// Connect to database
$conn = new mysqli("localhost", "root", "password", "database");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// SQL query to select user
$sql = "SELECT * FROM users WHERE id=$id";
$result = $conn->query($sql);
if ($result->num_rows == 1) {
$row = $result->fetch_assoc();
$username = $row['username'];
$email = $row['email'];
$phone = $row['phone'];
$type = $row['type'];
} else {
header("Location: manage.php");
}
$conn->close();} else {
header("Location: manage.php");}
?>
<!doctype html>
<html>
<head>
<title>Edit User - CMS User Management System</title> <link href="style.css" rel="stylesheet">
</head>
<body>
<div class="container">
<h1>Edit User</h1>
<form method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>" required>
<label>Email</label>
<input type="email" name="email" value="<?php echo $email; ?>" required>
<label>Phone</label>
<input type="text" name="phone" value="<?php echo $phone; ?>">
<label>Type</label>
<select name="type">
<option value="1" <?php if ($type == 1): ?>selected<?php endif; ?>>Regular User</option>
<option value="2" <?php if ($type == 2): ?>selected<?php endif; ?>>Administrator</option>
</select>
<button type="submit">Save</button>
</form>
<a href="manage.php">Cancel</a>
</div></body>
</html>
提示:
- 使用 PHP 预处理语句和参数绑定方法来防止 SQL 注入攻击。
- 在你的 CMS 用户管理系统中,不要存储明文密码。应该使用 PHP密码哈希(password_hash()) 来对用户密码进行加密和解密。
- 对于密码重置,该模块也应该由管理员负责。通过输入电子邮件地址,发送密码重置链接到用户电子邮件。这将允许用户重置其密码,以他们自己的方式进行处理。
- 为你的 CMS 用户管理系统增加安全性和使用性,可以应用以下功能:
添加密码强度要求。
添加验证码以防止机器人。
强制用户选择强密码来保护他们的账户。
