$username = ClearSpecialChars($_POST['username']);
//密码,需要进行MD5加密
$password = $_POST['password'];
//从数据库中检索用户名,密码是否匹配
$sql = "SELECT * FROM forum_user\n\t\t WHERE username='******' AND password='******'";
$result = mysql_query($sql);
$num_rows = mysql_num_rows($result);
if ($num_rows == 1) {
//获得用户名
$row = mysql_fetch_assoc($result);
//将用户名存如SESSION中
$_SESSION['username'] = $row['username'];
//跳转到论坛主页面
header("Location: main_forum.php");
} else {
ExitMessage("用户名或者密码错误!", "logon_form.php");
}
} else {
//公用头部页面
include '../includes/header.inc.php';
?>
<div id="Login_in">
<h2 style="text-align:center; margin-top:50px;">用户登录</h2>
<form method="post" action="logon_form.php">
<table width="600">
<tr>
<td width="100">用户名:</td>
<td><input name="username" type="text"></td>
// $locked = $_POST['locked'];
//数据合法性检查
if (!$topic) {
ExitMessage("请输入标题!");
}
if (!$detail) {
ExitMessage("请输入正文!");
}
//判断是否为锁定状态
// if ($locked == "on" && $name == ADMIN_USER) {
// $locked = 1;
// }
// else {
// $locked = 0;
// }
//判断是否置顶状态
if ($sticky == "on" && $name == ADMIN_USER) {
$sticky = 1;
} else {
$sticky = 0;
}
//将数据插入数据库
$sql = "INSERT INTO forum_topic(topic, detail, name,email,datetime,sticky) VALUES('{$topic}', '{$detail}', '{$name}', '{$email}',NOW(),'{$sticky}')";
$result = mysql_query($sql);
if ($result) {
//成功后,跳转页面到论坛主页面
header("Location: main_forum.php");
} else {
ExitMessage("数据库错误!");
}
}
<?php
/**************************************/
/* 文件名:unstick_topic.php */
/* 功能:取消“置顶”操作 */
/**************************************/
require '../config.inc.php';
//判断是否为管理员
if ($_SESSION['username'] == ADMIN_USER) {
//取得文章ID
$id = $_POST['id'];
//取消“置顶”的SQL语句
$sql = "UPDATE forum_topic SET sticky='0' WHERE id='{$id}'";
$result = mysql_query($sql);
if ($result) {
//跳转页面
header("Location: view_topic.php?id={$id}");
} else {
ExitMessage("数据库操作错误!");
}
} else {
ExitMessage("你没有管理权限!");
}
ini_set("error_reporting", "E_ALL & ~E_NOTICE");
header("Content-type: text/html; charset=utf-8");
/**************************************/
/* 文件名:view_topic.php */
/* 功能:文章详细页面 */
/**************************************/
require '../config.inc.php';
//根据ID取得贴子记录
$id = $_GET['id'];
$sql = "SELECT * FROM forum_topic WHERE id='{$id}'";
$result = mysql_query($sql);
$rows = mysql_fetch_array($result);
//记录不存在
if (!$rows) {
ExitMessage("该贴记录不存在!", "main_forum.php");
}
//置顶标记
$sticky = $rows['sticky'];
?>
<?php
include '../includes/header.inc.php';
?>
<img id="x" src="../images/backspace.png" alt="backspace">
<div class="setTopic">
<h2 style="text-align:center;"><?php
echo '主题:' . $rows['topic'];
?>
</h2>
<p class="info">
<?php
ini_set("error_reporting", "E_ALL & ~E_NOTICE");
header("Content-type: text/html; charset=utf-8");
/******************************************/
/* 文件名:edit_profile.php */
/* 功能:用户资料修改页面 */
/******************************************/
require '../config.inc.php';
//用户名
$id = $_SESSION['username'];
//如果用户没有登录
if (!$_SESSION['username']) {
ExitMessage("请<b>登录</b>后执行该请求。", "logon_form.php");
}
?>
<?php
include '../includes/header.inc.php';
?>
<div class="editUser">
<h2>编辑个人资料</h2>
<?php
//查询用户资料
$sql = "SELECT * FROM forum_user WHERE username = '******'";
$result = mysql_query($sql);
$rows = mysql_fetch_array($result);
?>
$user_info = mysql_fetch_array($result);
//取得提交过来的数据
$reply_name = $_SESSION['username'];
$reply_email = $user_info['email'];
$reply_detail = $_POST['reply_detail'];
if (!$reply_detail) {
include '../includes/header.inc.php';
ExitMessage("没有回贴记录!", "main_forum.php");
}
//取得reply_id的最大值
$sql = "SELECT Count(reply_id) AS MaxReplyId \n\t\tFROM forum_reply WHERE topic_id='{$id}'";
$result = mysql_query($sql);
$rows = mysql_fetch_row($result);
//将reply_id最大值+1,如果没有该值,则设置为1。
if ($rows) {
$Max_id = $rows[0] + 1;
} else {
$Max_id = 1;
}
//插入回复数据
$sql = "INSERT INTO forum_reply (topic_id, reply_id, reply_name, \n\t\treply_email, reply_detail, reply_datetime)\n\t\tVALUES('{$id}', '{$Max_id}', '{$reply_name}', \n\t\t'{$reply_email}', '{$reply_detail}', NOW())";
$result = mysql_query($sql);
if ($result) {
//更新reply字段
$sql = "UPDATE forum_topic SET reply='{$Max_id}' WHERE id='{$id}'";
$result = mysql_query($sql);
//页面跳转
header("Location: view_topic.php?id={$id}");
} else {
ExitMessage("记录不存在");
}
//电子邮件
$email = $_POST['email'];
//真实姓名
$realname = $_POST['realname'];
//用户密码
$password = $_POST['password'];
if (!$password) {
//如果密码为空,则密码项不予更新
$sql = "UPDATE forum_user \n\t\t\tSET email = '{$email}', \n\t\t\trealname = '{$realname}' \n\t\t WHERE username = '******'";
} else {
//如果输入了新的密码,则密码项也予以更新
$password = $password;
$sql = "UPDATE forum_user \n\t\t\tSET password = '******', \n\t\t\temail = '{$email}', \n\t\t\trealname = '{$realname}' \n\t\t WHERE username = '******'";
}
$result = mysql_query($sql);
if ($result) {
?>
<div class="updateUser">
<h2>个人资料更新成功</h2>
<p>
您的个人资料已经被成功更新。
请<a href="main_forum.php">返回</a>论坛主页。
</p>
</div>
<?php
} else {
ExitMessage("记录不存在!");
}
include '../includes/footer.inc.php';
ini_set("error_reporting", "E_ALL & ~E_NOTICE");
header("Content-type: text/html; charset=utf-8");
/**************************************/
/* 文件名:view_profile.php */
/* 功能:查看用户资料页面 */
/**************************************/
require '../config.inc.php';
//取得用户ID
$id = $_GET['id'];
//取得用户信息
$sql = "SELECT * FROM forum_user WHERE username='******'";
$result = mysql_query($sql);
$rows = mysql_fetch_array($result);
if (!$rows) {
ExitMessage("用户记录不存在!", "index.php");
}
//正文内容
$sql = "SELECT * FROM forum_topic WHERE name = '" . $id . "'";
$count_q = mysql_query($sql);
$num_count_q = mysql_num_rows($count_q);
//回复内容
$sql = "SELECT * FROM forum_reply WHERE reply_name = '" . $id . "'";
$count_a = mysql_query($sql);
$num_count_a = mysql_num_rows($count_a);
//计算用户发表的帖子数量
$num_count = $num_count_q + $num_count_a;
?>
<?php
include '../includes/header.inc.php';
