开发者

Writing a system for User Accounts

开发者 https://www.devze.com 2022-12-10 08:33 出处:网络
I am building my own blogging website from scratch (instead of using WordPress or Drupal). I have the articles set up开发者_如何学Python and stored in databases and the website runs queries on the dat

I am building my own blogging website from scratch (instead of using WordPress or Drupal). I have the articles set up开发者_如何学Python and stored in databases and the website runs queries on the databases to display the content.

How do I write a system for users to register with the site, edit personal details and post comments on the articles? I have never done something like this before and my knowledge of PHP and mySQL is quite fresh.


I suggest you to read "Head First PHP & MySQL " . it gives you a good way to start building a website .


Without any PHP sepcifics.

If you want to do it from scratch a basic approach would be to have a separate table for users and have the table linked from other tables where you need a record to be associated with that user, e.g. have user_id in the posts table to point to the author of the post. Then you'll need a registration form of some kind, pereferably with captcha to guard against spam bots. It is also a common practice to hash passwords before putting them into the database. You will also need to use a session mechanism to keep track of logged in users, I suppose PHP provides some session mechanism. Commons security threats for web applications may be a consideration as well.


You will need a user table and a articles table. The user table must have a field for the md5'hashed password (google PHP md5), username and ID. The Articles table must have a field for the heading/name, the ID of the user that wrote it and a field for the text (article itself).

You can also add a Comment option, but I think that could be too much for a php newb.

Have a look at mysql_real_escape_string, because when php-newbies write mysql/php apps, it often results in "Sql-Injections". That means that a user could manipulate your database or even take over the whole server via your application.

0

精彩评论

暂无评论...
验证码 换一张
取 消