<?php /** * User: answer * Date: 2015/11/6 * Time: 15:40 */ require 'common/config.php'; require 'mysql/mysql.class.php'; error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED); header("Content-Type: text/html;charset=utf-8"); $content = DB::cleanSql($_POST['content']); $id = $_POST['id']; if ($content != '' && strlen($content) >= 15) { $sql_edit = 'UPDATE ' . GB_TABLE_NAME . ' SET content = "' . $content . '" WHERE id = ' . $id; DB::connect(); $edit_status = mysql_query($sql_edit); DB::close(); if ($edit_status) { echo "<script>alert('编辑成功');</script>"; header('location:admin.php'); } else { echo "<script>alert('编辑失败');</script>"; header('location:admin.php'); } } else { header('location:admin.php'); }
* +-------------------------------------------------------------- */ require_once 'config.php'; require_once 'sql.class.php'; header("Content-Type:text/html;charset=utf8"); $nickname = $_POST['nickname']; $content = $_POST['content']; $email = $_POST['email']; DB::connect(); if (empty($nickname) || empty($content)) { exit('{"error":1, "msg":"昵称或内容不能为空!"}'); } if (!empty($email)) { $email_reg = '/\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*.\\w+([-.]\\w+)*/'; if (!preg_match($email_reg, $email)) { exit('{"error":1, "msg":"email地址不合法!"}'); } } else { exit('{"error":1, "msg":"email不可以空!"}'); } $nickname = DB::cleanSql($nickname); $content = DB::cleanSql($content); $email = DB::cleanSql($email); $createtime = time(); $sql_insert = 'insert into ' . GB_TABLE_NAME . '(nickname, content, createtime, email) value(' . "'{$nickname}', '{$content}', {$createtime}, '{$email}')"; $instert_status = DB::query($sql_insert); DB::close(); if ($instert_status < 1) { exit('{"error":1, "msg":"留言失败!"}'); } exit('{"error":0, "msg":"留言成功!"}');
/** * +-------------------------------------------------------------- * | Copyright (c) 2015 http://duanzhilei.tk All rights reserved. * +-------------------------------------------------------------- * | Author: zhilei.duan <*****@*****.**> * +-------------------------------------------------------------- * | Filename: login.php * +-------------------------------------------------------------- * | Last modified: 2015-04-01 16:41 * +-------------------------------------------------------------- * | Description: * +-------------------------------------------------------------- */ require_once '../config.php'; require_once '../sql.class.php'; DB::connect(); $user = DB::cleanSql($_POST['uname']); $pwd = DB::cleanSql($_POST['password']); $sql_login = '******' . ADMIN_TABLE_NAME . ' where level = 9 and nickname = ' . "'{$user}' limit 1"; echo $sql_login; $insert_status = DB::query($sql_login); $password = mysql_fetch_array($insert_status)[0]; DB::close(); if (md5($pwd) === $password) { session_start(); $_SESSION['admin'] = true; header('location:admin.php'); } else { header('location:index.html'); }
<?php /** * +-------------------------------------------------------------- * | Copyright (c) 2015 http://duanzhilei.tk All rights reserved. * +-------------------------------------------------------------- * | Author: zhilei.duan <*****@*****.**> * +-------------------------------------------------------------- * | Filename: delete.php * +-------------------------------------------------------------- * | Last modified: 2015-04-02 16:03 * +-------------------------------------------------------------- * | Description: * +-------------------------------------------------------------- */ require_once '../sql.class.php'; require_once '../config.php'; $id = $_POST['id']; DB::connect(); DB::cleanSql($id); $sql_update = "update " . GB_TABLE_NAME . " set status = 1 where id = {$id}"; $res = DB::query($sql_update); DB::close(); if ($res < 1) { exit('{"error":1, "msg":"删除失败!"}'); } else { exit('{"error":0, "msg":"删除成功!"}'); }
<?php /** * +-------------------------------------------------------------- * | Copyright (c) 2015 http://duanzhilei.tk All rights reserved. * +-------------------------------------------------------------- * | Author: zhilei.duan <*****@*****.**> * +-------------------------------------------------------------- * | Filename: reply.php * +-------------------------------------------------------------- * | Last modified: 2015-04-01 17:15 * +-------------------------------------------------------------- * | Description: * +-------------------------------------------------------------- */ require_once '../config.php'; require_once '../sql.class.php'; $id = $_POST['id']; $reply = $_POST['reply']; $replytime = time(); DB::connect(); DB::cleanSql($id); DB::cleanSql($reply); $sql_update = "update " . GB_TABLE_NAME . " set reply='{$reply}', replytime={$replytime} where id={$id}"; $res = DB::query($sql_update); DB::close(); if ($res < 1) { exit('{"error":1, "msg":"回复失败!"}'); } else { exit('{"error":0, "msg":"回复成功!"}'); }