public function login()
{
if (is_manage_login()) {
$this->redirect(__APP__);
}
$this->display();
}
public function _initialize()
{
header("Content-Type: text/html; charset=utf-8");
if (defined('UID')) {
return;
}
define('UID', is_manage_login());
if (!UID) {
$this->redirect('public/login');
}
//权限验证
$name = CONTROLLER_NAME;
if (!authcheck($name, UID)) {
$this->error('没有权限', U('public/logout'));
}
}
<?php
if (!is_manage_login($link)) {
header('Location:login.php');
exit;
}
if (basename($_SERVER['SCRIPT_NAME']) == 'manage_delete.php' || basename($_SERVER['SCRIPT_NAME']) == 'manage_add.php') {
if ($_SESSION['manage']['level'] != '0') {
if (!isset($_SERVER['HTTP_REFERER'])) {
$_SERVER['HTTP_REFERER'] = 'index.php';
}
skip($_SERVER['HTTP_REFERER'], 'error', '对不起您权限不足!');
}
}
/**
* 检测当前用户是否为管理员
*/
function is_administrator($uid = null)
{
$uid = is_null($uid) ? is_manage_login() : $uid;
return $uid && intval($uid) === C('USER_ADMINISTRATOR');
}
<?php
include_once 'inc/config.inc.php';
include_once 'inc/mysql.inc.php';
include_once 'inc/tool.inc.php';
$link = connect();
$is_manage_login = is_manage_login($link);
$member_id = is_login($link);
if (!$member_id && !$is_manage_login) {
skip('login.php', 'error', '您没有登录!');
}
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
skip('index.php', 'error', '帖子id参数不合法!');
}
$query = "select member_id from cfc_content where id={$_GET['id']}";
$result_content = execute($link, $query);
if (mysqli_num_rows($result_content) == 1) {
$data_content = mysqli_fetch_assoc($result_content);
if (check_user($member_id, $data_content['member_id'], $is_manage_login)) {
$query = "delete from cfc_content where id={$_GET['id']}";
execute($link, $query);
if (isset($_GET['return_url'])) {
$return_url = $_GET['return_url'];
} else {
$return_url = "member.php?id={$member_id}";
}
if (mysqli_affected_rows($link) == 1) {
skip($return_url, 'ok', '恭喜你,删除成功!');
} else {
skip($return_url, 'error', '对不起删除失败!');
}
