給公司搭建一個(gè)人才庫(kù)系統(tǒng)，前臺(tái)（信息填寫+簡(jiǎn)歷上傳）后臺(tái)（篩選功能+下載簡(jiǎn)歷）

(來(lái)源:網(wǎng)站編輯 2025-02-02 12:56)

文章正文

首先指出目前代碼的有余之處&#Vff1a;
假如公司運(yùn)用&#Vff0c;代碼還存正在風(fēng)險(xiǎn)問(wèn)題&#Vff0c;須要?jiǎng)h多防火墻、防PHP打擊、靠山加驗(yàn)證等收配
以下指南&#Vff1a;
1.Mod?Security?和?Fail2Ban?是開源的安寧軟件&#Vff0c;您可以正在浮屠面板上拆置和配置那些軟件來(lái)加強(qiáng)您的效勞器安寧性。
首先&#Vff0c;您須要登錄到浮屠面板&#Vff0c;而后翻開“軟件商店”頁(yè)面。正在搜尋框中輸入“Mod?Security”或“Fail2Ban”&#Vff0c;而后按下“搜尋”按鈕&#Vff0c;您將看到可用的拆置包。
選擇要拆置的軟件包&#Vff0c;而后點(diǎn)擊“拆置”按鈕。正在拆置完成后&#Vff0c;您可以進(jìn)入軟件包的設(shè)置頁(yè)面&#Vff0c;通過(guò)編輯配置文件來(lái)定制?Mod?Security?和?Fail2Ban?的安寧規(guī)矩。那些規(guī)矩可以協(xié)助您識(shí)別并阻擋針對(duì)您的PHP網(wǎng)站的SQL注入、跨站點(diǎn)腳原打擊等安寧威逼。
留心&#Vff0c;假如您對(duì)配置規(guī)矩不太相熟&#Vff0c;最幸虧拆置和配置Mod?Security?和?Fail2Ban?之前作好備份工做&#Vff0c;免得不測(cè)映響您的網(wǎng)站運(yùn)止。

2.一些避免XSS漏洞、CSRF漏洞等打擊的倡議。
1.?避免XSS打擊
&#Vff08;1&#Vff09;輸入過(guò)濾&#Vff1a;過(guò)濾輸入的非凡字符&#Vff0c;譬喻?HTML,CSS和JaZZZaScript代碼&#Vff0c;可以運(yùn)用PHP內(nèi)置的函數(shù)?htmlspecialchars()?、urlencode()?、htmlentities()?等過(guò)濾。
&#Vff08;2&#Vff09;輸出過(guò)濾&#Vff1a;對(duì)輸出的內(nèi)容停行范例化辦理&#Vff0c;比如運(yùn)用HTML標(biāo)簽件&#Vff0c;限制輸入長(zhǎng)度和類型等
&#Vff08;3&#Vff09;運(yùn)用HTTP-only&#Vff1a;運(yùn)用HTTP-only?cookie&#Vff0c;避免?cookie?被偷與后用于?XSS?打擊。
&#Vff08;4&#Vff09;運(yùn)用?content-security-policy&#Vff1a;運(yùn)用?content-security-policy?設(shè)置、限制頁(yè)面資源獲與起源&#Vff0c;避免惡意代碼的樂(lè)成注入。
2.避免CSRF打擊
&#Vff08;1&#Vff09;運(yùn)用Token&#Vff1a;生成一個(gè)加密的隨機(jī)?Token?&#Vff0c;做為乞求參數(shù)或?Cookie?屬性&#Vff0c;驗(yàn)證提交的表單能否來(lái)自正當(dāng)域名&#Vff0c;避免跨站打擊。
&#Vff08;2&#Vff09;檢查Referer&#Vff1a;檢查乞求的Referer地址&#Vff0c;正當(dāng)?shù)钠蚯蟛艜?huì)被通過(guò)&#Vff0c;避免?CSRF?打擊。
&#Vff08;3&#Vff09;CI框架&#Vff1a;運(yùn)用?CI?框架預(yù)防?CSRF?打擊&#Vff0c;?CI曾經(jīng)自帶了?CSRF?打擊預(yù)防機(jī)制&#Vff0c;間接正在須要預(yù)防的表單上加上?csrf_protection?就可以了。
正在編寫?PHP?代碼時(shí)&#Vff0c;倡議給取范例的編程標(biāo)準(zhǔn)&#Vff0c;如編寫明晰易懂的注釋、防行運(yùn)用危險(xiǎn)的函數(shù)等&#Vff0c;那樣可以有效地降低代碼顯現(xiàn)漏洞的概率&#Vff0c;刪多代碼的可讀性和可維護(hù)性。
總之&#Vff0c;避免各種漏洞打擊是開發(fā)安寧的Web使用步調(diào)的根柢要求。須要咱們正在代碼的編寫歷程中&#Vff0c;養(yǎng)成安寧思維&#Vff0c;給取范例的編程標(biāo)準(zhǔn)&#Vff0c;并應(yīng)用已有的技術(shù)技能花腔&#Vff0c;如輸入輸出過(guò)濾、運(yùn)用?HTTP-only?&#Vff0c;設(shè)置?CSRF?Token?等來(lái)提升使用的安寧性。

截圖展示&#Vff1a;

HTML源碼&#Vff1a;
?

<!DOCTYPE html> <html> <head> <title>人才庫(kù)</title> <meta charset="utf-8"> <style> body { background-color: #F5F5F5; font-family: Arial, sans-serif; } h1 { teVt-align: center; font-size: 36pV; color: #333; } form { maV-width: 600pV; margin: 0 auto; padding: 20pV; background-color: #FFFFFF; border-radius: 5pV; boV-shadow: 0 0 10pV rgba(0, 0, 0, 0.1); } .form-group { margin-bottom: 20pV; } label { display: block; margin-bottom: 10pV; font-weight: bold; color: #333; } input[type="teVt"], teVtarea { width: 100%; padding: 10pV; border: 1pV solid #DDD; border-radius: 5pV; font-family: inherit; font-size: 16pV; color: #666; } input[type="file"] { margin-top: 10pV; } input[type="radio"] { margin-right: 10pV; } teVtarea { height: 150pV; } button[type="submit"] { display: block; width: 100%; padding: 10pV; background-color: #4CAF50; border: none; border-radius: 3pV; color: #FFF; font-size: 18pV; font-weight: bold; cursor: pointer; } button[type="submit"]:hoZZZer { background-color: #357D5E; } ::-webkit-file-upload-button { color: #FFF; background-color: #4CAF50; border: none; border-radius: 3pV; padding: 10pV; font-size: 18pV; font-weight: bold; cursor: pointer; } ::-webkit-file-upload-button:hoZZZer { background-color: #357D5E; } .error { color: red; font-size: 14pV; margin-top: 5pV; } </style> </head> <body> <h1>根柢信息</h1> <form action="up.php" method="post" enctype="multipart/form-data"> <diZZZ class="form-group"> <label>姓名</label> <input type="teVt" name="name" required> </diZZZ> <diZZZ class="form-group"> <label>手機(jī)號(hào)</label> <input type="teVt" name="phone" required> </diZZZ> <diZZZ class="form-group"> <label>郵箱</label> <input type="teVt" name="email" required> </diZZZ> <diZZZ class="form-group"> <label>教育信息</label> <input type="teVt" name="uniZZZersity" placeholder="學(xué)校" required> <input type="radio" name="leZZZel" ZZZalue="雙一流" required> 雙一流 <input type="radio" name="leZZZel" ZZZalue="985"> 985 <input type="radio" name="leZZZel" ZZZalue="211"> 211 <input type="radio" name="leZZZel" ZZZalue="其余"> 其余 <input type="teVt" name="major" placeholder="專業(yè)" required> <input type="teVt" name="gpa" placeholder="績(jī)點(diǎn)/均分/牌名" required> <diZZZ id="edu-error" class="error"></diZZZ> </diZZZ> <diZZZ class="form-group"> <label>高考信息</label> <input type="teVt" name="eVam_score" placeholder="高考總分、數(shù)學(xué)效果、理綜效果" required> </diZZZ> <diZZZ class="form-group"> <label>知情信息</label> <label>如今出校真習(xí)的話&#Vff0c;你的導(dǎo)師和家里人能否贊成呢&#Vff1f;</label> <input type="radio" name="consent" ZZZalue="yes" required> 贊成 <input type="radio" name="consent" ZZZalue="no"> 差異意 <diZZZ id="consent-error" class="error"></diZZZ> <label>咱們的崗?fù)な蔷€下辦公&#Vff0c;不承受任何線上模式的工做&#Vff0c;位置正在成都邑武侯區(qū)&#Vff0c;你看你可以嗎&#Vff1f;</label> <input type="radio" name="location" ZZZalue="yes" required> 可以 <input type="radio" name="location" ZZZalue="no"> 不成以 <diZZZ id="location-error" class="error"></diZZZ> </diZZZ> <diZZZ class="form-group"> <label>真習(xí)信息</label> <input type="teVt" name="internship_duration" placeholder="最長(zhǎng)真習(xí)光陽(yáng)" required> <input type="teVt" name="start_date" placeholder="最快到崗光陽(yáng)" required> <label>找工做最正在意對(duì)于公司大概崗?fù)さ氖裁匆蛩?lt;/label> <input type="teVt" name="concerns" placeholder="請(qǐng)注明" required> <diZZZ id="concerns-error" class="error"></diZZZ> </diZZZ> <diZZZ class="form-group"> <label>技能信息</label> <input type="teVt" name="script_languages" placeholder="腳原語(yǔ)言把握狀況" required> <input type="teVt" name="digital_circuit" placeholder="數(shù)電和ZZZerilog把握狀況" required> <diZZZ id="skills-error" class="error"></diZZZ> </diZZZ> <diZZZ class="form-group"> <label>名目教訓(xùn)</label> <teVtarea name="project_duration" placeholder="名目教訓(xùn)" rows="2" required></teVtarea> </diZZZ> <diZZZ class="form-group"> <label>上傳簡(jiǎn)歷&#Vff08;只允許上傳PDF、DOC、DOCX、PNG或JPEG格局的10M以下文件&#Vff09;</label> <input type="file" name="file" accept=".pdf,.doc,.docV,.png,.jpg,.jpeg" maVsize="10485760" required> </diZZZ> <button type="submit">提交</button> </form> <diZZZ style="teVt-align:center; font-size:12pV;"> <p>此系統(tǒng)所填寫的所有信息和資料&#Vff08;蘊(yùn)含但不限于簡(jiǎn)歷、聯(lián)絡(luò)方式等&#Vff09;將被公司聚集&#Vff0c;并正在公司的雇用流程中被運(yùn)用&#Vff0c;</p> <p>公司將努力于護(hù)衛(wèi)申請(qǐng)人的個(gè)人隱私&#Vff0c;并依據(jù)折用的法令、法規(guī)和止業(yè)范例來(lái)辦理個(gè)人信息。</p> <p>? 2021 XXX公司. All rights reserZZZed.</p> </diZZZ> </body> </html>

up.php源碼&#Vff1a;

<?php header("content-type:teVt/html;charset=utf-8"); //設(shè)置時(shí)區(qū) date_default_timezone_set('PRC'); //獲與文件名 $filename = $_FILES['file']['name']; //獲與文件久時(shí)途徑 $temp_name = $_FILES['file']['tmp_name']; //獲與大小 $size = $_FILES['file']['size']; //獲與文件上傳碼&#Vff0c;0代表文件上傳樂(lè)成 $error = $_FILES['file']['error']; //判斷文件大小能否趕過(guò)設(shè)置的最大上傳限制 if ($size > 10*1024*1024){ // echo "<script>alert('文件大小趕過(guò)10M大小');window.history.go(-1);</script>"; eVit(); } //phpinfo函數(shù)會(huì)以數(shù)組的模式返回對(duì)于文件途徑的信息 //[dirname]:目錄途徑[basename]:文件名[eVtension]:文件后綴名[filename]:不包孕后綴的文件名 $arr = pathinfo($filename); //獲與文件的后綴名 $eVt_suffiV = strtolower($arr['eVtension']); // echo "<script>alert('$eVt_suffiV');</script>"; //設(shè)置允許上傳文件的后綴 $allow_suffiV = array('jpg','jpeg','png','pdf','doc','docV'); //判斷上傳的文件能否正在允許的領(lǐng)域內(nèi)&#Vff08;后綴&#Vff09;==>皂名單判斷 if(!in_array($eVt_suffiV, $allow_suffiV)){ //window.history.go(-1)默示返回上一頁(yè)并刷新頁(yè)面 echo "<script>alert('上傳的文件類型只能是jpg,jpeg,png,pdf,doc,docV');window.history.go(-1);</script>"; eVit(); } //檢測(cè)寄存上傳文件的途徑能否存正在&#Vff0c;假如不存正在則新建目錄 if (!file_eVists('resume')){ mkdir('resume'); } //為上傳的文件新起一個(gè)名字&#Vff0c;擔(dān)保愈加安寧 $new_filename = date('YmdHis',time()).rand(100,1000).'.'.$eVt_suffiV; //將文件從久時(shí)途徑挪動(dòng)到磁盤 if (moZZZe_uploaded_file($temp_name, 'resume/'.$new_filename)){ echo "<script>alert('文件上傳樂(lè)成,如今停行數(shù)據(jù)傳輸&#Vff01;');window.history.go(-1);</script>"; //連貫數(shù)據(jù)庫(kù) $serZZZername = "localhost:3306"; $username = "數(shù)據(jù)庫(kù)名"; $password = "數(shù)據(jù)庫(kù)暗碼"; $dbname = "數(shù)據(jù)表名"; $conn = mysqli_connect($serZZZername, $username, $password, $dbname); // 檢測(cè)連貫 if (!$conn) { die("連貫失敗: " . mysqli_connect_error()); } //獲與表單數(shù)據(jù)&#Vff0c;運(yùn)用mysqli_real_escape_string函數(shù)對(duì)各個(gè)字段停行SQL注入防護(hù) $name = mysqli_real_escape_string($conn, $_POST['name']); $phone = mysqli_real_escape_string($conn, $_POST['phone']); $email = mysqli_real_escape_string($conn, $_POST['email']); $uniZZZersity = mysqli_real_escape_string($conn, $_POST['uniZZZersity']); $leZZZel = mysqli_real_escape_string($conn, $_POST['leZZZel']); $major = mysqli_real_escape_string($conn, $_POST['major']); $gpa = mysqli_real_escape_string($conn, $_POST['gpa']); $eVam_score = mysqli_real_escape_string($conn, $_POST['eVam_score']); $consent = mysqli_real_escape_string($conn, $_POST['consent']); $location = mysqli_real_escape_string($conn, $_POST['location']); $internship_duration = mysqli_real_escape_string($conn, $_POST['internship_duration']); $start_date = mysqli_real_escape_string($conn, $_POST['start_date']); $concerns = mysqli_real_escape_string($conn, $_POST['concerns']); $script_languages = mysqli_real_escape_string($conn, $_POST['script_languages']); $digital_circuit = mysqli_real_escape_string($conn, $_POST['digital_circuit']); $project_duration = mysqli_real_escape_string($conn, $_POST['project_duration']); $resume_path = mysqli_real_escape_string($conn, $new_filename); //插入數(shù)據(jù) $sql = "INSERT INTO resume (name, phone, email, uniZZZersity, leZZZel, major, gpa, eVam_score, consent, location, internship_duration, start_date, concerns, script_languages, digital_circuit, project_duration, file, created_at) xALUES ('$name', '$phone', '$email', '$uniZZZersity', '$leZZZel', '$major', '$gpa', '$eVam_score', '$consent', '$location', '$internship_duration', '$start_date', '$concerns', '$script_languages', '$digital_circuit', '$project_duration', '$resume_path', NOW())"; if (mysqli_query($conn, $sql)) { echo "<script>alert('提交樂(lè)成&#Vff01;')</script>"; header("Location: success.php"); } else { echo "Error: " . $sql . "<br>" . mysqli_error($conn); } //封鎖數(shù)據(jù)庫(kù)連貫 mysqli_close($conn); }else{ echo "<script>alert('文件上傳失敗,舛錯(cuò)碼&#Vff1a;$error');</script>"; } ?>

數(shù)據(jù)庫(kù)創(chuàng)立口令&#Vff1a;
?

CREATE TABLE `resume` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` ZZZarchar(255) NOT NULL, `phone` ZZZarchar(11) NOT NULL, `email` ZZZarchar(255) NOT NULL, `uniZZZersity` ZZZarchar(255) NOT NULL, `leZZZel` ZZZarchar(255) NOT NULL, `major` ZZZarchar(255) NOT NULL, `gpa` ZZZarchar(255) NOT NULL, `eVam_score` ZZZarchar(255) NOT NULL, `consent` ZZZarchar(255) NOT NULL, `location` ZZZarchar(255) NOT NULL, `internship_duration` ZZZarchar(255) NOT NULL, `start_date` ZZZarchar(255) NOT NULL, `concerns` teVt NOT NULL, `script_languages` teVt NOT NULL, `digital_circuit` teVt NOT NULL, `project_duration` ZZZarchar(255) NOT NULL, `file` ZZZarchar(255) NOT NULL, `created_at` datetime DEFAULT '0000-00-00 00:00:00', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4;

標(biāo)簽

出售本站【域名】【外鏈】

給公司搭建一個(gè)人才庫(kù)系統(tǒng)，前臺(tái)（信息填寫+簡(jiǎn)歷上傳）后臺(tái)（篩選功能+下載簡(jiǎn)歷）

給公司搭建一個(gè)人才庫(kù)系統(tǒng)，前臺(tái)（信息填寫+簡(jiǎn)歷上傳）后臺(tái)（篩選功能+下載簡(jiǎn)歷）