<h3>Write a new post</h3> <?php if (!isset($_POST["new-submit"])) { ?> <form id="new-form" name="new-post-form" method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?> "> <input type="text" name="title" class="heading-input" /><br/> <hr/> <textarea id="post-body" name="post-body" rows="10" cols="100"></textarea><br/><br/> <input id="form-submit" type="submit" name="new-submit" value="Create" /> </form> <?php } else { if (is_admin_user()) { $conn = get_db(); $title = mysqli_real_escape_string($conn, $_POST["title"]); $body = mysqli_real_escape_string($conn, $_POST["post-body"]); $user = get_username(); $sql = "INSERT INTO `Posts` VALUES (DEFAULT, '{$title}', '{$body}', DEFAULT, '{$user}', 1, NULL);"; if ($result = mysqli_query($conn, $sql)) { ?> <p>Success! The post has been created.</p> <form id="new-form" name="new-post-form" method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?> "> <input type="text" name="title" class="heading-input" /><br/> <hr/> <textarea id="post-body" name="post-body" rows="10" cols="100"></textarea><br/><br/>
<?php require_once $_SERVER["DOCUMENT_ROOT"] . "/../includes/base.php"; if (!is_admin_user()) { http_response_code(404); header("Location: /error/404/not-found"); } $id = isset($_GET["id"]) ? $_GET["id"] : null; if ($id === null) { http_response_code(404); header("Location: /error/404/not-found"); } $post = get_single_post($id); if ($post === null) { http_response_code(404); header("Location: /error/404/not-found"); } ?> <!DOCTYPE html> <html> <head> <?php include $_SERVER["DOCUMENT_ROOT"] . "/../includes/content.head.php"; ?> <title><?php echo get_config_value("site", "title"); ?> | Admin - Manage Post</title> </head> <body> <div class="component-left">
function m__set_ustate() { global $dbm; check_level("B0201"); $table_name = TB_PREFIX . "admin_list"; $params['astate'] = isset($_GET['astate']) ? intval($_GET['astate']) : intval($_POST['astate']); //die(print_r($_POST)); //单条记录 if (isset($_POST['admin_id'])) { $_POST['params'][0] = $_POST['admin_id']; } $html = " ID 分别是:"; foreach ($_POST['params'] as $kuid => $vuid) { $vuid = intval($vuid); if ($vuid == $_SESSION['admin']['admin_id']) { die('{"code":"0","msg":"不能停用当前账户,操作终止"}'); } if (is_admin_user($vuid)) { die('{"code":"0","msg":"不能启用或停用超级管理员用户,操作终止"}'); } $rs = $dbm->single_update($table_name, $params, " admin_id = '" . $vuid . "'"); if (!empty($res['error'])) { continue; } $html .= $vuid . ","; } logs("设置账号状态成功,{$html}"); die('{"code":"0","msg":"用户状态设置成功"}'); }