教材管理系统设计与实现
1. 系统概述
教材管理系统是一个基于PHP和SQL的Web应用程序,旨在为学校提供一个高效的教材管理平台。该系统可以帮助管理员录入教材信息、教师查询和申请教材、学生查询教材信息,提高教材管理的效率和透明度。
2. 技术栈
- 前端:HTML5, CSS3, JavaScript, jQuery, Bootstrap
- 后端:PHP
- 数据库:MySQL
- 服务器:Apache
3. 系统功能模块
-
用户管理
- 用户注册与登录
- 用户信息管理
- 角色权限管理(管理员、教师、学生)
-
教材管理
- 教材信息录入
- 教材信息查询
- 教材信息修改
- 教材信息删除
-
申请管理
- 教师申请教材
- 管理员审批申请
-
库存管理
- 教材库存查询
- 教材库存更新
-
系统设置
- 数据备份与恢复
- 系统日志管理
- 参数配置
4. 数据库设计
4.1 数据库表结构
-
用户表(users)
id(INT, 主键)username(VARCHAR, 用户名)password(VARCHAR, 密码)role(VARCHAR, 角色)created_at(DATETIME, 创建时间)updated_at(DATETIME, 更新时间)
-
教材表(textbooks)
id(INT, 主键)title(VARCHAR, 教材名称)author(VARCHAR, 作者)publisher(VARCHAR, 出版社)isbn(VARCHAR, ISBN编号)quantity(INT, 库存数量)created_at(DATETIME, 创建时间)updated_at(DATETIME, 更新时间)
-
申请表(applications)
id(INT, 主键)user_id(INT, 外键,关联用户表)textbook_id(INT, 外键,关联教材表)quantity(INT, 申请数量)status(VARCHAR, 申请状态)created_at(DATETIME, 创建时间)updated_at(DATETIME, 更新时间)
5. 系统架构设计
5.1 层次结构
-
表现层(Presentation Layer)
- 负责接收用户的请求,并返回处理结果。
- 使用PHP和HTML/CSS/JavaScript实现。
-
业务逻辑层(Business Logic Layer)
- 负责处理具体的业务逻辑。
- 使用PHP实现。
-
数据访问层(Data Access Layer)
- 负责与数据库交互,执行增删改查操作。
- 使用PHP的PDO扩展实现。
5.2 控制器(Controller)
控制器负责处理用户的请求,并调用相应的模型方法。示例如下:
<?php
session_start();
// 连接数据库
$host = 'localhost';
$db = 'textbook_management';
$user = 'root';
$pass = '';
try {
$pdo = new PDO("mysql:host=$host;dbname=$db;charset=utf8", $user, $pass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die("Could not connect to the database $db :" . $e->getMessage());
}
// 用户登录
if (isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username AND password = :password");
$stmt->execute(['username' => $username, 'password' => $password]);
$user = $stmt->fetch();
if ($user) {
$_SESSION['user'] = $user;
header('Location: dashboard.php');
} else {
echo "Invalid username or password.";
}
}
?>
5.3 模型(Model)
模型负责处理数据的存取操作。示例如下:
<?php
class Textbook {
private $pdo;
public function __construct($pdo) {
$this->pdo = $pdo;
}
public function getAllTextbooks() {
$stmt = $this->pdo->query("SELECT * FROM textbooks");
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
public function addTextbook($title, $author, $publisher, $isbn, $quantity) {
$stmt = $this->pdo->prepare("INSERT INTO textbooks (title, author, publisher, isbn, quantity) VALUES (:title, :author, :publisher, :isbn, :quantity)");
$stmt->execute(['title' => $title, 'author' => $author, 'publisher' => $publisher, 'isbn' => $isbn, 'quantity' => $quantity]);
}
public function getTextbookById($id) {
$stmt = $this->pdo->prepare("SELECT * FROM textbooks WHERE id = :id");
$stmt->execute(['id' => $id]);
return $stmt->fetch(PDO::FETCH_ASSOC);
}
public function updateTextbook($id, $title, $author, $publisher, $isbn, $quantity) {
$stmt = $this->pdo->prepare("UPDATE textbooks SET title = :title, author = :author, publisher = :publisher, isbn = :isbn, quantity = :quantity WHERE id = :id");
$stmt->execute(['id' => $id, 'title' => $title, 'author' => $author, 'publisher' => $publisher, 'isbn' => $isbn, 'quantity' => $quantity]);
}
public function deleteTextbook($id) {
$stmt = $this->pdo->prepare("DELETE FROM textbooks WHERE id = :id");
$stmt->execute(['id' => $id]);
}
}
?>
5.4 视图(View)
视图负责显示数据。示例如下:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>教材列表</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h1>教材列表</h1>
<table class="table table-striped">
<thead>
<tr>
<th>教材名称</th>
<th>作者</th>
<th>出版社</th>
<th>ISBN编号</th>
<th>库存数量</th>
<th>操作</th>
</tr>
</thead>
<tbody>
<?php foreach ($textbooks as $textbook): ?>
<tr>
<td><?php echo $textbook['title']; ?></td>
<td><?php echo $textbook['author']; ?></td>
<td><?php echo $textbook['publisher']; ?></td>
<td><?php echo $textbook['isbn']; ?></td>
<td><?php echo $textbook['quantity']; ?></td>
<td>
<a href="edit-textbook.php?id=<?php echo $textbook['id']; ?>" class="btn btn-primary">编辑</a>
<a href="delete-textbook.php?id=<?php echo $textbook['id']; ?>" class="btn btn-danger">删除</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<a href="add-textbook.php" class="btn btn-success">添加教材</a>
</div>
</body>
</html>
6. 功能实现
6.1 用户注册与登录
- 注册页面(register.php)
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>注册</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h1>注册</h1>
<form action="register.php" method="post">
<div class="form-group">
<label for="username">用户名</label>
<input type="text" class="form-control" id="username" name="username" required>
</div>
<div class="form-group">
<label for="password">密码</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<div class="form-group">
<label for="role">角色</label>
<select class="form-control" id="role" name="role" required>
<option value="admin">管理员</option>
<option value="teacher">教师</option>
<option value="student">学生</option>
</select>
</div>
<button type="submit" name="register" class="btn btn-primary">注册</button>
</form>
</div>
</body>
</html>
- 注册处理(register.php)
<?php
session_start();
// 连接数据库
$host = 'localhost';
$db = 'textbook_management';
$user = 'root';
$pass = '';
try {
$pdo = new PDO("mysql:host=$host;dbname=$db;charset=utf8", $user, $pass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die("Could not connect to the database $db :" . $e->getMessage());
}
if (isset($_POST['register'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$role = $_POST['role'];
$stmt = $pdo->prepare("INSERT INTO users (username, password, role) VALUES (:username, :password, :role)");
$stmt->execute(['username' => $username, 'password' => $password, 'role' => $role]);
echo "注册成功!";
}
?>
- 登录页面(login.php)
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>登录</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h1>登录</h1>
<form action="login.php" method="post">
<div class="form-group">
<label for="username">用户名</label>
<input type="text" class="form-control" id="username" name="username" required>
</div>
<div class="form-group">
<label for="password">密码</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<button type="submit" name="login" class="btn btn-primary">登录</button>
</form>
</div>
</body>
</html>
- 登录处理(login.php)
<?php
session_start();
// 连接数据库
$host = 'localhost';
$db = 'textbook_management';
$user = 'root';
$pass = '';
try {
$pdo = new PDO("mysql:host=$host;dbname=$db;charset=utf8", $user, $pass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die("Could not connect to the database $db :" . $e->getMessage());
}
if (isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username AND password = :password");
$stmt->execute(['username' => $username, 'password' => $password]);
$user = $stmt->fetch();
if ($user) {
$_SESSION['user'] = $user;
header('Location: dashboard.php');
} else {
echo "Invalid username or password.";
}
}
?>
6.2 教材管理
- 添加教材页面(add-textbook.php)
<?php
session_start();
if (!isset($_SESSION['user']) || $_SESSION['user']['role'] !== 'admin') {
header('Location: login.php');
exit;
}
$pdo = new PDO("mysql:host=localhost;dbname=textbook_management;charset=utf8", "root", "");
if (isset($_POST['submit'])) {
$title = $_POST['title'];
$author = $_POST['author'];
$publisher = $_POST['publisher'];
$isbn = $_POST['isbn'];
$quantity = $_POST['quantity'];
$textbook = new Textbook($pdo);
$textbook->addTextbook($title, $author, $publisher, $isbn, $quantity);
header('Location: manage-textbooks.php');
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>添加教材</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h1>添加教材</h1>
<form action="add-textbook.php" method="post">
<div class="form-group">
<label for="title">教材名称</label>
<input type="text" class="form-control" id="title" name="title" required>
</div>
<div class="form-group">
<label for="author">作者</label>
<input type="text" class="form-control" id="author" name="author" required>
</div>
<div class="form-group">
<label for="publisher">出版社</label>
<input type="text" class="form-control" id="publisher" name="publisher" required>
</div>
<div class="form-group">
<label for="isbn">ISBN编号</label>
<input type="text" class="form-control" id="isbn" name="isbn" required>
</div>
<div class="form-group">
<label for="quantity">库存数量</label>
<input type="number" class="form-control" id="quantity" name="quantity" min="0" required>
</div>
<button type="submit" name="submit" class="btn btn-primary">添加</button>
</form>
</div>
</body>
</html>
6.3 教材申请管理
- 教师申请教材页面(apply-textbook.php)
<?php
session_start();
if (!isset($_SESSION['user']) || $_SESSION['user']['role'] !== 'teacher') {
header('Location: login.php');
exit;
}
$pdo = new PDO("mysql:host=localhost;dbname=textbook_management;charset=utf8", "root", "");
$textbook = new Textbook($pdo);
$textbooks = $textbook->getAllTextbooks();
if (isset($_POST['submit'])) {
$user_id = $_SESSION['user']['id'];
$textbook_id = $_POST['textbook_id'];
$quantity = $_POST['quantity'];
$stmt = $pdo->prepare("INSERT INTO applications (user_id, textbook_id, quantity, status) VALUES (:user_id, :textbook_id, :quantity, 'pending')");
$stmt->execute(['user_id' => $user_id, 'textbook_id' => $textbook_id, 'quantity' => $quantity]);
header('Location: my-applications.php');
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>申请教材</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h1>申请教材</h1>
<form action="apply-textbook.php" method="post">
<div class="form-group">
<label for="textbook_id">教材</label>
<select class="form-control" id="textbook_id" name="textbook_id" required>
<?php foreach ($textbooks as $textbook): ?>
<option value="<?php echo $textbook['id']; ?>"><?php echo $textbook['title']; ?> (库存: <?php echo $textbook['quantity']; ?>)</option>
<?php endforeach; ?>
</select>
</div>
<div class="form-group">
<label for="quantity">申请数量</label>
<input type="number" class="form-control" id="quantity" name="quantity" min="1" required>
</div>
<button type="submit" name="submit" class="btn btn-primary">申请</button>
</form>
</div>
</body>
</html>
7. 安全性设计
为了保证系统的安全性,需要实现以下功能:
- 用户认证:使用PHP会话管理进行用户认证和授权。
- 数据校验:在控制器层进行输入参数的校验,防止SQL注入等攻击。
- 日志记录:记录关键操作的日志,便于审计和故障排查。
8. 测试与部署
- 单元测试:使用PHPUnit进行单元测试,确保各个模块的功能正确。
- 集成测试:进行集成测试,确保各个模块之间的协同工作正常。
- 部署:将应用程序部署到Apache服务器上,确保在生产环境中运行稳定。
9. 源代码
由于篇幅限制,无法完整展示所有源代码。以下是部分核心代码示例:
9.1 教材申请实体类(Application.php)
<?php
class Application {
private $pdo;
public function __construct($pdo) {
$this->pdo = $pdo;
}
public function getAllApplications() {
$stmt = $this->pdo->query("SELECT a.*, u.username, t.title FROM applications a JOIN users u ON a.user_id = u.id JOIN textbooks t ON a.textbook_id = t.id");
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
public function getApplicationsByUserId($user_id) {
$stmt = $this->pdo->prepare("SELECT a.*, t.title FROM applications a JOIN textbooks t ON a.textbook_id = t.id WHERE a.user_id = :user_id");
$stmt->execute(['user_id' => $user_id]);
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
public function approveApplication($id) {
$stmt = $this->pdo->prepare("UPDATE applications SET status = 'approved' WHERE id = :id");
$stmt->execute(['id' => $id]);
}
public function rejectApplication($id) {
$stmt = $this->pdo->prepare("UPDATE applications SET status = 'rejected' WHERE id = :id");
$stmt->execute(['id' => $id]);
}
}
?>
9.2 查看我的申请页面(my-applications.php)
<?php
session_start();
if (!isset($_SESSION['user'])) {
header('Location: login.php');
exit;
}
$pdo = new PDO("mysql:host=localhost;dbname=textbook_management;charset=utf8", "root", "");
$application = new Application($pdo);
$applications = $application->getApplicationsByUserId($_SESSION['user']['id']);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>我的申请</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h1>我的申请</h1>
<table class="table table-striped">
<thead>
<tr>
<th>教材名称</th>
<th>申请数量</th>
<th>申请状态</th>
<th>操作</th>
</tr>
</thead>
<tbody>
<?php foreach ($applications as $application): ?>
<tr>
<td><?php echo $application['title']; ?></td>
<td><?php echo $application['quantity']; ?></td>
<td><?php echo $application['status']; ?></td>
<td>
<?php if ($application['status'] === 'pending'): ?>
<a href="cancel-application.php?id=<?php echo $application['id']; ?>" class="btn btn-danger">取消申请</a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<a href="apply-textbook.php" class="btn btn-primary">申请教材</a>
</div>
</body>
</html>
![[vulnhub] Brainpan1](https://i-blog.csdnimg.cn/direct/d8dfae48216341b7bbd33f9ea4f2216c.png)