/**
*
*/
function _unsetcookies()
{
setcookie('username', '', time() - 1);
setcookie('uniqid', '', time() - 1);
_session_destroy();
_location(null, 'index.php');
}
/**
* _login_state判断登录状态和权限
* @param $level 当前页面所需要最低权限
*/
function _login_state($level)
{
if (!$_SESSION['num'] || !$_SESSION['username']) {
_location("请先登录!", "login.php");
}
if ($level > $_SESSION['level']) {
_alert_back("权限不足!");
}
}
<?php
/**
* Guest Version1.0
* ================================================
* Copy 2015-2016 hikobe8
* Email: hikobe8@163.com
* ================================================
* Author: hikobe8
* Date:2015年12月17日下午9:17:14
*/
// 定义防止恶意调用使用的常量
define("IN_TG", true);
// 引入公共文件
require dirname(__FILE__) . '/includes/common.inc.php';
//打开session
session_start();
_logout();
_location(null, "index.php");
require dirname(__FILE__) . '/includes/common.inc.php';
//判断是否登录
if (!isset($_COOKIE['username'])) {
_alert_back('请先登录!');
}
//批删除花朵
if ($_GET['action'] == 'delete' && isset($_POST['ids'])) {
$_clean = array();
$_clean['ids'] = _mysql_string(implode(',', $_POST['ids']));
//为了防止cookies伪造,还要比对一下唯一标识符uniqid()
if (!!($_rows = _fetch_array("SELECT\n tg_uniqid\n FROM\n tg_user\n WHERE\n tg_username='******'username']}'\n LIMIT\n 1"))) {
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
_query("DELETE FROM\n\t tg_flower\n\t WHERE\n\t tg_id\n\t IN\n\t ({$_clean['ids']})");
if (_affected_rows()) {
_close();
_location('花朵删除成功', 'member_flower.php');
} else {
_close();
_alert_back('花朵删除失败');
}
} else {
_alert_back('非法登录');
}
}
//分页模块
global $_pagesize, $_pagenum;
_page("SELECT tg_id FROM tg_flower WHERE tg_touser='******'username']}'", 15);
//第一个参数获取总条数,第二个参数,指定每页多少条
$_result = _query("SELECT\n tg_id,tg_fromuser,tg_flower,tg_content,tg_date\n FROM\n tg_flower\n WHERE\n tg_touser='******'username']}'\n ORDER BY\n tg_date DESC\n LIMIT\n {$_pagenum},{$_pagesize}\n ");
?>
}
}
}
if (!_query("UPDATE gm_teacher SET gm_student='{$students_e}' WHERE gm_username='******'gm_teacher']}' LIMIT 1")) {
_location("更新导师信息表时出错!", "user_data.php");
}
}
$photoname = "photos" . $r_s['gm_photoname'];
chmod($photoname, 0777);
unlink($photoname);
if (!_query("DELETE FROM gm_stuinfo WHERE gm_num='{$_GET['num']}'") or !_query("DELETE FROM gm_user WHERE gm_num='{$_GET['num']}'")) {
_location('从学生表或用户表中删除数据时失败!!', 'user_data.php');
}
_location('删除成功!', 'user_data.php');
} else {
_location('未找到你要删除的数据!', 'user_data.php');
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php
require ROOT_PATH . 'includes/title_admin.inc.php';
?>
<script type="text/javascript" src="js/sortable-table.js"></script>
</head>
<body>
<?php
if (isset($_GET['action']) && $_GET['action'] == 'addimg') {
if (!!($_rows = _fetch_array("SELECT \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_uniqid\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tFROM \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_user \n\t\t\t\t\t\t\t\t\t\t\t\t\t WHERE \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username='******'username']}' \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t LIMIT 1"))) {
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
include 'includes/check.func.php';
//receive data
$_clean = array();
$_clean['name'] = _check_dir_name($_POST['name']);
$_clean['url'] = _check_photo_url($_POST['url']);
$_clean['content'] = $_POST['content'];
$_clean['sid'] = $_POST['sid'];
$_clean = _mysql_string($_clean);
//write into database
_query("INSERT INTO tg_photo (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_name,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_content,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_sid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_date\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\tVALUES (\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['name']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['content']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sid']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_COOKIE['username']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)");
if (_affected_rows() == 1) {
_close();
_location('Successfully uploaded', 'photo_show.php?id=' . $_clean['sid']);
} else {
_close();
_alert_back('Fail to upload');
}
} else {
_alert_back('Illegal access');
}
}
//receive id
if (isset($_GET['id'])) {
if (!!($_rows = _fetch_array("SELECT \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_id,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_dir\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_dir\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_id='{$_GET['id']}'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tLIMIT\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t1\n\t"))) {
$_html = array();
$_html['id'] = $_rows['tg_id'];
$_html['dir'] = $_rows['tg_dir'];
$_html = _html($_html);
_check_code($_POST['code'], $_SESSION['code']);
if (!!($_rows = _fetch_array("SELECT \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_uniqid\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tFROM \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_user \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t WHERE \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username='******'username']}' \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t LIMIT \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t1"))) {
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
//接受数据
$_clean = array();
$_clean['sid'] = $_POST['sid'];
$_clean['title'] = $_POST['title'];
$_clean['content'] = $_POST['content'];
$_clean['username'] = $_COOKIE['username'];
$_clean = _mysql_string($_clean);
//写入数据库
_query("INSERT INTO tg_photo_commend (\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_sid,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_title,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_content,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_date\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\t\t VALUES (\r\n\t\t\t\t\t\t\t\t\t\t\t \t\t\t\t\t'{$_clean['sid']}',\r\n\t\t\t\t\t\t\t\t\t\t\t \t\t\t\t\t'{$_clean['username']}',\r\n\t\t\t\t\t\t\t\t\t\t\t \t\t\t\t\t'{$_clean['title']}',\r\n\t\t\t\t\t\t\t\t\t\t\t \t\t\t\t\t'{$_clean['content']}',\r\n\t\t\t\t\t\t\t\t\t\t\t \t\t\t\t\tNOW()\r\n\t\t\t\t\t\t\t\t\t\t\t \t\t\t\t)");
if (_affected_rows() == 1) {
_query("UPDATE tg_photo SET tg_commendcount=tg_commendcount+1 WHERE tg_id='{$_clean['sid']}'");
_close();
_location('评论成功!', 'photo_detail.php?id=' . $_clean['sid']);
} else {
_close();
_alert_back('评论失败!');
}
} else {
_alert_back('非法登录!');
}
}
//取值
if (isset($_GET['id'])) {
if (!!($_rows = _fetch_array("SELECT \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_id,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_name,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_sid,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_url,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_readcount,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_commendcount,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_content,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_date\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tFROM\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_photo\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_id='{$_GET['id']}'\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tLIMIT\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t1\r\n\t"))) {
//防止加密相册图片穿插访问
//可以先取得这个图片的sid,也就是它的目录,
//然后再判断这个目录是否是加密的,
//如果是加密的,再判断是否有对应的cookie存在,并且对于相应的值
//为了防止cookie伪造,还要比对一下唯一标示符uniqid()
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
//开始修改
include ROOT_PATH . 'includes/check.func.php';
$_clean = array();
$_clean['id'] = $_POST['id'];
$_clean['type'] = $_POST['type'];
$_clean['title'] = _check_post_title($_POST['title'], 2, 40);
$_clean['content'] = _check_post_content($_POST['content'], 10);
$_clean = _mysql_string($_clean);
//执行sql
_query("update tg_article set \n\t\t\t\t\t\t\t\t\t\ttg_type='{$_clean['type']}',\n\t\t\t\t\t\t\t\t\t\ttg_title='{$_clean['title']}',\n\t\t\t\t\t\t\t\t\t\ttg_content='{$_clean['content']}',\n\t\t\t\t\t\t\t\t\t\ttg_last_modify_date=NOW()\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\ttg_id='{$_clean['id']}'\n\t\t\t\t\t\t\t\t");
if (_affected_rows() == 1) {
_close();
//_session_destroy();
_location('帖子修改成功', 'article.php?id=' . $_clean['id']);
} else {
_close();
//_session_destroy();
_alert_back('帖子修改失败');
}
} else {
_alert_back('非法登录');
}
}
//读取数据
if (isset($_GET['id'])) {
if (!!($_rows = _fetch_array("select \n\t\t\t\t\t\t\t\t\t\ttg_username,tg_title,tg_type,tg_content\n\t\t\t\t\t\t\t\t\tfrom \n\t\t\t\t\t\t\t\t\t\ttg_article \n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\ttg_reid=0\n\t\t\t\t\t\t\t\t\tand \n\t\t\t\t\t\t\t\t\t\ttg_id='{$_GET['id']}'"))) {
$_html = array();
$_html['id'] = $_GET['id'];
$_html['username'] = $_rows['tg_username'];
$_clean['type'] = $_POST['type'];
$_clean['title'] = $_POST['title'];
$_clean['content'] = $_POST['content'];
$_clean['username'] = $_COOKIE['username'];
$_clean = _mysql_string($_clean);
//写入数据库
_query("insert into tg_article(\n\t\t\t\t\t\t\t\t\t\ttg_reid,\n\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\ttg_title,\n\t\t\t\t\t\t\t\t\t\ttg_type,\n\t\t\t\t\t\t\t\t\t\ttg_content,\n\t\t\t\t\t\t\t\t\t\ttg_date\n\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\tvalues(\n\t\t\t\t\t\t\t\t\t\t'{$_clean['reid']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['title']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['type']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['content']}',\n\t\t\t\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t\t\t\t\t\t)");
if (_affected_rows() == 1) {
//setcookie('article_time',time()); //设置当前回帖时间
//设置回帖的时间戳
$_clean['time'] = time();
_query("update tg_user set tg_article_time='{$_clean['time']}' where tg_username='******'username']}'");
_query("update tg_article set tg_commentcount=tg_commentcount+1 where tg_reid=0 and tg_id='{$_clean['reid']}'");
_close();
//_session_destroy();
_location('回帖成功', 'article.php?id=' . $_clean['reid']);
} else {
_close();
//_session_destroy();
_alert_back('回帖失败');
}
} else {
_alert_back('非法登录');
}
}
//读出数据
if (isset($_GET['id'])) {
//判断这个id在数据库中是否存在
if (!!($_rows = _fetch_array("select \n\t\t\t\t\t\t\t\t\t\ttg_id,\n\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\ttg_title,\n\t\t\t\t\t\t\t\t\t\ttg_type,\n\t\t\t\t\t\t\t\t\t\ttg_content,\n\t\t\t\t\t\t\t\t\t\ttg_readcount,\n\t\t\t\t\t\t\t\t\t\ttg_commentcount,\n\t\t\t\t\t\t\t\t\t\ttg_last_modify_date,\n\t\t\t\t\t\t\t\t\t\ttg_nice,\n\t\t\t\t\t\t\t\t\t\ttg_date \n\t\t\t\t\t\t\t\t\tfrom \n\t\t\t\t\t\t\t\t\t\ttg_article \n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\ttg_reid=0\n\t\t\t\t\t\t\t\t\tand \n\t\t\t\t\t\t\t\t\t\ttg_id='{$_GET['id']}'"))) {
$_html = array();
$_html['reid'] = $_rows['tg_id'];
mkdir('photo', 0777);
}
//再在这个主目录里面创建你定义的相册目录
if (!is_dir('photo/' . $_clean['dir'])) {
mkdir('photo/' . $_clean['dir']);
}
//把当前的目录信息写入数据库即可
if (empty($_clean['type'])) {
_query("INSERT INTO tg_dir (\n\t\t tg_name,\n\t\t tg_type,\n\t\t tg_content,\n\t\t tg_dir,\n\t\t tg_date\n\t\t )\n\t\t VALUES (\n\t\t '{$_clean['name']}',\n\t\t '{$_clean['type']}',\n\t\t '{$_clean['content']}',\n\t\t 'photo/{$_clean['dir']}',\n\t\t NOW()\n\t\t )");
} else {
_query("INSERT INTO tg_dir (\n\t\t tg_name,\n\t\t tg_type,\n\t\t tg_content,\n\t\t tg_dir,\n\t\t tg_date,\n\t\t tg_password\n\t\t )\n\t\t VALUES (\n\t\t '{$_clean['name']}',\n\t\t '{$_clean['type']}',\n\t\t '{$_clean['content']}',\n\t\t 'photo/{$_clean['dir']}',\n\t\t NOW(),\n\t\t\t\t\t'{$_clean['password']}'\n\t\t\t\t\t)");
}
//目录添加成功
if (_affected_rows() == 1) {
_close();
_location('目录添加成功', 'photo.php');
} else {
_close();
_alert_back('目录添加失败!');
}
} else {
_alert_back('非法登录!');
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="UTF-8">
<?php
//新增用户
_query("INSERT INTO gu_user(\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_uniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_active,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_password,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_question,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_answer,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_sex,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_face,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_email,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_qq,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_reg_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_last_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_last_ip\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\t\tVALUES(\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['face']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['qq']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER['REMOTE_ADDR']}'\t\t\t\t\t\t\t\t\n\t\t\t\t \t\t\t\t\t\t\t\t\t\t\t\t)");
if (_affected_rows() == 1) {
//关闭
_close();
//销毁session
_session_destroy();
//跳转
_location('恭喜你!注册成功!', 'active.php?active=' . $_clean['active']);
} else {
//关闭
_close();
//销毁session
_session_destroy();
//跳转
_location('很遗憾!由于未知原因注册失败!', 'register.php');
}
} else {
$_SESSION['uniqid'] = $_uniqid = _sha1_uniqid();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xlmns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charst=utf-8" />
<?php
require ROOT_PATH . 'includes/title.inc.php';
?>
<script type="text/javascript" src="js/code.js"></script>
<script type="text/javascript" src="js/register.js"></script>
<title>一个论坛----注册</title>
}
//取值
if (isset($_GET['id'])) {
if (!!($_rows = _fetch_array("SELECT \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_id,tg_name,tg_type\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tFROM\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_dir\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_id='{$_GET['id']}'\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tLIMIT\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t1\r\n\t"))) {
$_dirhtml = array();
$_dirhtml['id'] = $_rows['tg_id'];
$_dirhtml['name'] = $_rows['tg_name'];
$_dirhtml['type'] = $_rows['tg_type'];
$_dirhtml = _html($_dirhtml);
//对比加密相册的验证信息
if ($_POST['password']) {
if (!!($_rows = _fetch_array("SELECT \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_id\r\n\t\t\t\t\t\t\t\t\t\t\t\t\tFROM\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_dir\r\n\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_password='******'password']) . "'\r\n\t\t\t\t\t\t\t\t\t\t\t\t\tLIMIT\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t1\r\n\t\t\t"))) {
//生成cookie
setcookie('photo' . $_dirhtml['id'], $_dirhtml['name']);
//重定向
_location(null, 'photo_show.php?id=' . $_dirhtml['id']);
} else {
_alert_back('相册密码不正确!');
}
}
} else {
_alert_back('不存在此相册!');
}
} else {
_alert_back('非法操作!');
}
$_percent = 0.3;
global $_pagesize, $_pagenum, $_system, $_id;
$_id = 'id=' . $_dirhtml['id'] . '&';
_page("SELECT tg_id FROM tg_photo WHERE tg_sid='{$_dirhtml['id']}'", $_system['photo']);
$_result = _query("SELECT \r\n\t\t\t\t\t\t\t\t\t\t\t\ttg_id,tg_username,tg_name,tg_url,tg_readcount,tg_commendcount \r\n\t\t\t\t\t\t\t\t\tFROM \r\n\t\t\t\t\t\t\t\t\t\t\t\ttg_photo \r\n\t\t\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\t\t\t\t\ttg_sid='{$_dirhtml['id']}'\r\n\t\t\t\t\t\t\tORDER BY \r\n\t\t\t\t\t\t\t\t\t\t\t\ttg_date DESC \r\n\t\t\t\t\t\t\t\t\t LIMIT \r\n\t\t\t\t\t\t\t\t\t\t\t\t{$_pagenum},{$_pagesize}\r\n\t\t\t\t\t\t\t");
/**
*2012-8-22 | By:NaV!
*/
//防止恶意调用
define('IN_GM', true);
//定义个常量,用来指定本页的内容
define('SCRIPT', 'message_add_s');
//引入公共文件
require dirname(__FILE__) . '/includes/common.inc.php';
//判断登录状态和权限
_login_state(1);
if ($_POST['submit'] == "提 交") {
include ROOT_PATH . 'includes/register.func.php';
$content = _check_content($_POST['content']);
if (_query("INSERT INTO gm_message(gm_username,gm_num,gm_content,gm_systime)\r\n\t\tVALUES('{$_SESSION['username']}','{$_SESSION['num']}','{$content}',NOW())") or die(mysql_error())) {
_location("发布成功!", "message_s.php");
} else {
_alert_back("发布失败!");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php
require ROOT_PATH . 'includes/title_student.inc.php';
?>
</head>
<body>
if (!!($_rows = _fetch_array("SELECT \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_uniqid \n\t\t\t\t\t\t\t\t\t\t\t\t\tFROM \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_user \n\t\t\t\t\t\t\t\t\t\t\t\t WHERE \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username='******'username']}' \n\t\t\t\t\t\t\t\t\t\t\t\t\t LIMIT \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t1"))) {
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
//begin modifying
include ROOT_PATH . 'includes/check.func.php';
$_clean = array();
$_clean['id'] = $_POST['id'];
$_clean['type'] = $_POST['type'];
$_clean['title'] = _check_post_title($_POST['title'], 2, 40);
$_clean['content'] = _check_post_content($_POST['content'], 10);
$_clean = _mysql_string($_clean);
//execute SQL
_query("UPDATE tg_article SET \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_type='{$_clean['type']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_title='{$_clean['title']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_content='{$_clean['content']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_modify_date=NOW()\n\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_id='{$_clean['id']}'\n\t\t");
if (_affected_rows() == 1) {
_close();
//_session_destroy();
_location('Successfully modified!', 'article.php?id=' . $_clean['id']);
} else {
_close();
//_session_destroy();
_alert_back('Fail to modify');
}
} else {
_alert_back('Illegal access');
}
}
//¶ÁÈ¡Êý¾Ý
if (isset($_GET['id'])) {
if (!!($_rows = _fetch_array("SELECT \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_title,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_type,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_content\n\t\t\t\t\t\t\t\t\t\t\t\t\t FROM \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_article \n\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_reid=0\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_id='{$_GET['id']}'"))) {
$_html = array();
$_html['id'] = $_GET['id'];
$_html['username'] = $_rows['tg_username'];
/*
* 找回密码
* 发送邮件
*/
session_start();
error_reporting(0);
header("Content-Type:text/html; charset=UTF-8");
require 'common.inc.php';
require 'login.inc.php';
require 'stmp.class.php';
$_data['email'] = $_POST['email'];
$pass = DB_PRE . 'ask_user';
$_sql = "SELECT * FROM {$pass} where email='{$_data['email']}'";
if ($re = _fetch_array($_sql)) {
/*
*
*/
$smtpemailto = $_data['email'];
$mailsubject = "message from lzu_ask ";
$newpassword = rand(100000, 999999);
$pa = "你的密码是";
$mailbody = '尊敬的' . $re['username'] . '用户' . $pa . $newpassword . '请马上修改您的密码!';
send_email($smtpemailto, $mailsubject, $mailbody);
$newpassword = sha1($newpassword);
$sql = "UPDATE {$pass} SET password='******' WHERE email='{$_data['email']}'";
_query($sql);
_location("请查收邮件", "blank.php");
} else {
_alert_back("该邮箱不存在");
}
//首先获取本机名
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
//通过本机名获取Ip
$ip = gethostbyname("{$hostname}");
_query("update tg_user set \n\t\t\t\t\t\t\t\t\t\ttg_last_time=NOW(),\n\t\t\t\t\t\t\t\t\t\ttg_last_ip='{$ip}',\n\t\t\t\t\t\t\t\t\t\ttg_login_count=tg_login_count+1\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\ttg_username='******'tg_username']}'\n\t\t\t\t\t\t\t\t\t");
//_session_destroy(); //清楚验证码的session
_setcookie($_rows['tg_username'], $_rows['tg_uniqid'], $_clean['time']);
if ($_rows['tg_level'] == 1) {
$_SESSION['admin'] = $_rows['tg_username'];
}
_close();
_location(null, 'member.php');
} else {
_close();
//_session_destroy(); //清楚验证码的session
_location('用户名密码不正确或者该账户未被激活', 'login.php');
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php
require ROOT_PATH . 'includes/title.inc.php';
?>
<script type="text/javascript" src="js/code.js"></script>
<script type="text/javascript" src="js/login.js"></script>
</head>
<?php
//即使是注销时,也必须首先开始会话才能访问会话变量
session_start();
require 'includes/common_inc.php';
//使用一个会话变量检查登录状态
if (isset($_SESSION['email'])) {
//要清除会话变量,将$_SESSION超级全局变量设置为一个空数组
$_SESSION = array();
//使用内置session_destroy()函数调用撤销会话
session_destroy();
_location('', 'class_it.php');
}
//whether login
if (!isset($_COOKIE['username'])) {
_alert_back('Please login first');
}
//delete flower seleted
if (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_POST['ids'])) {
$_clean = array();
$_clean['ids'] = _mysql_string(implode(',', $_POST['ids']));
//protect from illegal deleting by validating unique identifier
if (!!($_rows = _fetch_array("SELECT \n\t\t\t\t\t\t\t\t\t tg_uniqid \n\t\t \t\t\t\t\t\t FROM \n\t\t\t\t\t\t\t\t\t tg_user \n\t\t\t\t\t\t\t\t WHERE \n\t\t\t\t\t\t\t\t\t tg_username='******'username']}' \n\t\t\t\t\t\t\t\tLIMIT 1"))) {
//Protect from faking unique identifier
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
_query("DELETE FROM \n\t\t\t\t\t\t\t\t tg_flower\n\t\t\t\t\t\t\t WHERE \n\t\t\t\t\t\t\t\t tg_id \n\t\t\t\t\t\t\t\t IN \n\t\t\t\t\t\t\t\t ({$_clean['ids']})");
if (_affected_rows()) {
_close();
_location('Flower deleted', 'member_flower.php');
} else {
_close();
_alert_back('Fail to delete');
}
} else {
_alert_back('Illegal access');
}
}
//Paging module
global $_pagesize, $_pagenum;
//the first parameter is the number of records and the second one is the number of records displayed on each page
_page("select \n tg_id \n\t\t from \n\t\t tg_message \n\t\twhere \n\t\t tg_touser ='******'username']}'", 10);
$_result = _query("select \n\t\t\t\t\t\ttg_id,tg_fromuser,tg_flower,tg_content,tg_date \n\t\t\t\t from \n\t\t\t\t \t\ttg_flower\n\t\t\t\t where\n\t\t\t\t \t\ttg_touser = '******'username']}'\n\t\t\t\t order by \n\t\t\t\t \t\ttg_date desc \n\t\t\t\t limit \n\t\t\t\t\t\t{$_pagenum}, {$_pagesize}");
?>
<?php
//define the constant IN_TG to include common.inc.php
define('IN_TG', true);
//a constant for different scripts calling
define("SCRIPT", "article_modify");
//include common.inc.php
require dirname(__FILE__) . '/includes/common.inc.php';
if (isset($_SERVER["HTTP_REFERER"])) {
$_skinurl = $_SERVER["HTTP_REFERER"];
if (empty($_skinurl) || !isset($_GET['id'])) {
_alert_back('Illegal access');
} else {
//validate id
if ($_GET['id'] != 1 && $_GET['id'] != 2 && $_GET['id'] != 3) {
_alert_back('Invalid ID');
}
//create a cookie to save the skin id
setcookie('skin', $_GET['id']);
_location(null, $_skinurl);
}
}
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
//删除目录
//取得这张图片的发布者
if (!!($_rows = _fetch_array("select tg_dir from tg_dir where tg_id='{$_GET['id']}' limit 1"))) {
$_html = array();
$_html['url'] = $_rows['tg_dir'];
$_html = _html($_html);
//3、判断目录在磁盘中是否存在
if (file_exists($_html['url'])) {
if (_remove_Dir($_html['url'])) {
//1、删除目录里的数据库图片
_query("delete from tg_photo where tg_sid='{$_GET['id']}'");
//2、删除目录的数据库
_query("delete from tg_dir where tg_id='{$_GET['id']}'");
_close();
_location('目录删除成功', 'photo.php');
} else {
_close();
_alert_back('目录删除失败');
}
}
} else {
_alert_back('不存在此目录');
}
} else {
_alert_back('非法登录');
}
}
//读取数据
//设置分页参数
global $_pagenum, $_pagesize, $_system;
$_clean['type'] = $_POST['type'];
if (!empty($_clean['type'])) {
$_clean['password'] = _check_dir_password($_POST['password'], 6);
}
$_clean['face'] = $_POST['face'];
$_clean['content'] = $_POST['content'];
$_clean = _mysql_string($_clean);
//modify directory
if (empty($_clean['type'])) {
_query("UPDATE \n\t\t\t\t\t\t\t\t\t\ttg_dir \n\t\t\t\t\t\t\t SET \n\t\t\t\t\t\t\t\t\t\ttg_name='{$_clean['name']}',\n\t\t\t\t\t\t\t\t\t\ttg_type='{$_clean['type']}',\n\t\t\t\t\t\t\t\t\t\ttg_password=NULL,\n\t\t\t\t\t\t\t\t\t\ttg_face='{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\ttg_content='{$_clean['content']}'\n\t\t\t\t\t\t WHERE\n\t\t\t\t\t\t\t\t\t\ttg_id='{$_clean['id']}'\n\t\t\t\t\t\t\tLIMIT 1\n\t ");
} else {
_query("UPDATE \n\t\t\t\t\t\t\t\t\t\t\t\ttg_dir \n\t\t\t\t\t\t\t\t\tSET \n\t\t\t\t\t\t\t\t\t\t\t\ttg_name='{$_clean['name']}',\n\t\t\t\t\t\t\t\t\t\t\t\ttg_type='{$_clean['type']}',\n\t\t\t\t\t\t\t\t\t\t\t\ttg_password='******'password']}',\n\t\t\t\t\t\t\t\t\t\t\t\ttg_face='{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t\t\ttg_content='{$_clean['content']}'\n\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\ttg_id='{$_clean['id']}'\n\t\t\t\t\t\t\t\t\tLIMIT \n\t\t\t\t\t\t\t\t\t\t\t\t1\n\t\t\t");
}
if (_affected_rows() == 1) {
_close();
_location('Successfully modified', 'photo.php');
} else {
_close();
_alert_back('Fail to modify');
}
} else {
_alert_back('Fail to modify');
}
}
//read data from database
if (isset($_GET['id'])) {
if (!!($_rows = _fetch_array("SELECT \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_id,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_name,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_type,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_face,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_content \n\t\t\t\t\t\t\t\t\t\t\t\t\tFROM \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_dir \n\t\t\t\t\t\t\t\t\t\t\t\t WHERE \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_id='{$_GET['id']}'\n\t\t\t\t\t\t\t\t\t\t\t\t\tLIMIT 1\n\t"))) {
$_html = array();
$_html['id'] = $_rows['tg_id'];
$_html['name'] = $_rows['tg_name'];
$_html['type'] = $_rows['tg_type'];
// if($code!==$_SESSION['code']){
// echo "<script>alert('验证码错误,请重新输入');location.href='login.php'</script>";
// exit;
// }
$row = $mysql->query("select * from `userdata` where `phone`='{$phone}' and `pass`='{$password}' limit 1");
if ($row) {
//登录赠送金额
$row_login_ip = $mysql->query("select * from `refererdata` where `uid`='{$row[0]['id']}' and `aid`='0' and `ip`='{$ip}' and `day`='{$day}' limit 1");
if (!$row_login_ip && is_mobile() == true) {
$mysql->query("insert into `refererdata` values(null,'{$row[0]['id']}','0','ID:{$row[0]['id']}用户登录','','{$config['daysong']}','{$ip}','{$day}','{$time}')");
//加钱
$mysql->query("update `userdata` set `money`=`money`+'{$config['daysong']}' where `id` in({$row[0]['id']}) limit 1");
}
$_SESSION['userdata'] = $row[0];
$_SESSION['login'] = 1;
_location("{$site}/ucenter.php", 301);
exit;
} else {
echo "<script>alert('用户名或密码错误');location.href='login.php'</script>";
exit;
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0" />
<title>登录 - <?php
echo $config['sitename'];
?>
if (!!($_rows = _fetch_array("select tg_uniqid from tg_user where tg_username='******'username']}' limit 1"))) {
//为了防止cookie伪造,还要比对一下唯一标示符uniqid()
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
include ROOT_PATH . 'includes/check.func.php';
//接收数据
$_clean = array();
$_clean['name'] = _check_dir_name($_POST['name'], 2, 20);
$_clean['url'] = _check_photo_url($_POST['url']);
$_clean['content'] = $_POST['content'];
$_clean['sid'] = $_POST['sid'];
$_clean = _mysql_string($_clean);
//写入数据库
_query("insert into tg_photo(\n\t\t\t\t\t\t\t\t\t\t\ttg_name,\n\t\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\t\ttg_content,\n\t\t\t\t\t\t\t\t\t\t\ttg_sid,\n\t\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\t\ttg_date\n\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\tvalues(\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['name']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['content']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sid']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_COOKIE['username']}',\n\t\t\t\t\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t\t\t\t\t\t)");
if (_affected_rows() == 1) {
_close();
_location('图片添加成功', 'photo_show.php?id=' . $_clean['sid']);
} else {
_close();
_alert_back('图片添加失败');
}
} else {
_alert_back('非法登录');
}
}
//取值
if (isset($_GET['id'])) {
if (!!($_rows = _fetch_array("select\n\t\t\t\t\t\t\t\t\t\ttg_id,\n\t\t\t\t\t\t\t\t\t\ttg_dir\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\ttg_dir\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\ttg_id='{$_GET['id']}'\n\t\t\t\t\t\t\t\t\tlimit\n\t\t\t\t\t\t\t\t\t\t1\n\t\t\t\t\t\t\t\t\t\t"))) {
$_html = array();
$_html['id'] = $_rows['tg_id'];
$_html['dir'] = $_rows['tg_dir'];
$_html = _html($_html);
//在双引号里直接放变量是可以的,比如$_username,但如果是数组,就必须加上{},比如{$_clean['username']}
_query("insert into tg_user(\n\t\t\t\t\t\t\t\t\t\ttg_uniqid,\n\t\t\t\t\t\t\t\t\t\ttg_active,\n\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\ttg_password,\n\t\t\t\t\t\t\t\t\t\ttg_question,\n\t\t\t\t\t\t\t\t\t\ttg_answer,\n\t\t\t\t\t\t\t\t\t\ttg_sex,\n\t\t\t\t\t\t\t\t\t\ttg_face,\n\t\t\t\t\t\t\t\t\t\ttg_email,\n\t\t\t\t\t\t\t\t\t\ttg_qq,\n\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\ttg_reg_time,\n\t\t\t\t\t\t\t\t\t\ttg_last_time,\n\t\t\t\t\t\t\t\t\t\ttg_last_ip\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\tvalues(\n\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t'{$ip}'\n\t\t\t\t\t\t\t\t\t)");
if (_affected_rows() == 1) {
//获取刚刚新增的id
$_clean['id'] = _insert_id();
//关闭
_close();
//_session_destroy();
//生成xml
_set_xml('new.xml', $_clean);
//跳转
_location('恭喜你,注册成功', 'active.php?active=' . $_clean['active']);
} else {
_close();
//_session_destroy();
_location('很遗憾,注册失败', 'register.php');
}
} else {
$_SESSION['uniqid'] = $_uniqid = _sha1_uniqid();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php
require ROOT_PATH . 'includes/title.inc.php';
?>
<script type="text/javascript" src="js/code.js"></script>
<script type="text/javascript" src="js/register.js"></script>
_query("update tg_user set \n\t\t\t\t\t\t\t\t\t\t\ttg_sex='{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_face='{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_email='{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_qq='{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_url='{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_switch='{$_clean['switch']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_autograph='{$_clean['autograph']}'\n\t\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t\ttg_username='******'username']}'\n\t\t\t\t\t\t\t\t\t\t");
} else {
_query("update tg_user set \n\t\t\t\t\t\t\t\t\t\t\ttg_password='******'password']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_sex='{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_face='{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_email='{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_qq='{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_url='{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_switch='{$_clean['switch']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_autograph='{$_clean['autograph']}'\n\t\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t\ttg_username='******'username']}'\n\t\t\t\t\t\t\t\t\t\t");
}
}
//判断是否修改成功
if (_affected_rows() == 1) {
//关闭
_close();
//_session_destroy();
//跳转
_location('恭喜你,修改成功', 'member.php');
} else {
_close();
//_session_destroy();
_location('很遗憾,没有任何数据被修改', 'member_modify.php');
}
}
//是否正常登陆
if (isset($_COOKIE['username'])) {
//获取数据
$_rows = _fetch_array("select tg_switch,tg_autograph,tg_username,tg_sex,tg_face,tg_email,tg_url,tg_qq from tg_user where tg_username='******'username']}'");
if ($_rows) {
$_html = array();
$_html['switch'] = $_rows['tg_switch'];
$_html['autograph'] = $_rows['tg_autograph'];
$_html['username'] = $_rows['tg_username'];
$_html['sex'] = $_rows['tg_sex'];
$_html['face'] = $_rows['tg_face'];
$_html['email'] = $_rows['tg_email'];
$_html['url'] = $_rows['tg_url'];
//update information
if (empty($_clean['password'])) {
_query("UPDATE \n\t\t\t\t \t\t\ttg_user \n\t\t\t\t SET \n\t\t\t\t\t\t\t\t\t tg_sex='{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t tg_profile='{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t tg_email='{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t tg_msn='{$_clean['msn']}',\n\t\t\t\t\t\t\t\t\t tg_url='{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t tg_switch='{$_clean['switch']}',\n\t\t\t\t\t\t\t\t\t tg_autograph='{$_clean['autograph']}'\n\t\t\t\t\t\t WHERE\n\t\t\t\t\t\t\t tg_username='******'username']}' \n\t\t\t\t\t\t");
} else {
_query("UPDATE \n\t\t\t\t \t\t\t tg_user \n\t\t\t\t SET \n\t\t\t\t\t\t\t\t\t\t tg_password='******'password']}',\n\t\t\t\t\t\t\t\t\t tg_sex='{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t tg_profile='{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t tg_email='{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t tg_msn='{$_clean['msn']}',\n\t\t\t\t\t\t\t\t\t\t tg_url='{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t tg_switch='{$_clean['switch']}',\n\t\t\t\t\t\t\t\t\t \t tg_autograph='{$_clean['autograph']}'\n\t\t\t\t\t\t WHERE\n\t\t\t\t\t\t\t \t\t\t tg_username='******'username']}' \n\t\t\t\t\t\t");
}
}
//whether successfully update
if (_affected_rows() == 1) {
_close();
//_session_destroy();
_location('Congratulation, update succeed', 'member.php');
} else {
_close();
//_session_destroy();
_location('No information updated', 'member_modify.php');
}
}
}
//check login status
if (isset($_COOKIE['username'])) {
//Get data from database
$_rows = _fetch_array("SELECT \n\t tg_switch,tg_autograph,tg_username,tg_sex,tg_profile,tg_email,tg_url,tg_msn \n\t FROM \n\t tg_user \n\t WHERE \n\t tg_username='******'username']}'");
//check whether this username exists
if ($_rows) {
$_html = array();
$_html['username'] = $_rows['tg_username'];
$_html['sex'] = $_rows['tg_sex'];
$_html['face'] = $_rows['tg_profile'];
$_html['email'] = $_rows['tg_email'];
$_html['url'] = $_rows['tg_url'];
//$_GET['action'] from "location.href = '?action=delete';" in member_message_detail.js
if (isset($_GET['action']) && isset($_GET['id'])) {
if ($_GET['action'] == 'delete') {
$_rows = _fetch_array("SELECT \n\t\t\t\t\t\t\t\ttg_id,tg_fromuser,tg_content,tg_date\n\t\t\t\t\t\t\tFROM \n\t\t\t\t\t\t\t\ttg_message \n\t\t \t\t\t\t WHERE \n\t\t\t\t\t\t\t\ttg_id='{$_GET['id']}' \n\t\t\t\t\t\t LIMIT 1\n\t\t\t\t\t\t ");
//check whether a message exist
if ($_rows) {
//protect from illegal deleting by validating unique identifier
if (!!($_rows = _fetch_array("SELECT \n\t\t\t\t\t\t\t\t\t\t\t\ttg_uniqid \n\t\t \t\t\t\t\t\t\t\t FROM \n\t\t\t\t\t\t\t\t\t\t\t\ttg_user \n\t\t\t\t\t\t\t\t\t\t WHERE \n\t\t\t\t\t\t\t\t\t\t\t\ttg_username='******'username']}' \n\t\t\t\t\t\t\t\t\t\t LIMIT 1"))) {
//Protect from faking unique identifier
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
//delete a single message
_query("DELETE FROM \n\t\t\t\t\t\t\t\ttg_message \n\t\t\t\t \t\t WHERE \n\t\t\t\t\t\t\t\ttg_id='{$_GET['id']}' \n\t\t\t\t\t\t LIMIT 1\n\t\t\t\t");
if (_affected_rows() == 1) {
_close();
_session_destroy();
_location('Message deleted', 'member_message.php');
} else {
_close();
_session_destroy();
_alert_back('Fail to delete');
}
} else {
_alert_back('Illegal access');
}
} else {
_alert_back('This message does not exist');
}
}
}
if (isset($_GET['id'])) {
$_rows = _fetch_array("SELECT \n\t\t\t\t\t\t\t\ttg_id,tg_state,tg_fromuser,tg_content,tg_date\n\t\t\t\t\t\t\tFROM \n\t\t\t\t\t\t\t\ttg_message \n\t\t \t\t\t\t WHERE \n\t\t\t\t\t\t\t\ttg_id='{$_GET['id']}' \n\t\t\t\t\t\t LIMIT 1\n\t\t\t\t\t\t ");
</div>
</div>
-->
<div class="well">
<ul class="nav nav-tabs">
<li class="active"><a href="#home" data-toggle="tab">设置</a></li>
<!--<li><a href="#profile" data-toggle="tab">图片上传</a></li>-->
</ul>
<div id="myTabContent" class="tab-content">
<div class="tab-pane active in" id="home">
<form id="tab" action="edit_user.php" method="post">
<?php
$uid = guolv($_GET['uid']);
$row = $mysql->query("select * from `userdata` where `id`='{$uid}}' limit 1");
if (!$row) {
_location('user.php', 301);
exit;
} else {
$data = $row[0];
}
?>
<input type="hidden" name="uid" value="<?php
echo $uid;
?>
">
<label>手机号:</label>
<input type="text" style="width:300px" name="phone" value="<?php
echo $data['phone'];
?>
" readonly>
<label>密码:</label>
_alert_back("请先登录!");
}
if (!isset($_GET['id'])) {
_alert_back("id异常!");
}
if (isset($_GET['action']) && isset($_GET['id'])) {
//删除等敏感操作,先验证uniqid
$_uniqid_sql = "SELECT tg_uniqid FROM tg_user WHERE tg_username='******'username']}'";
$_row = _fetch_array($_uniqid_sql);
_check_cookie_uniqid($_COOKIE['uniqid'], $_row['tg_uniqid']);
//查询当前信息是否存在
if (!!_fetch_array("SELECT tg_fromuser,tg_content,tg_date FROM tg_message WHERE tg_id='{$_GET['id']}'")) {
_query("DELETE FROM tg_message WHERE tg_id='{$_GET['id']}'");
if (_affect_rows() == 1) {
_closeDB();
_location('短信删除成功', 'member_message.php');
} else {
_closeDB();
_alert_back('短信删除失败');
}
} else {
_alert_back("此短信不存在!");
}
//删除
}
//根据id获取短信内容
$_sql = "SELECT \r\n\t\t\t\ttg_id, \r\n\t\t\t\ttg_fromuser,\r\n\t\t\t\ttg_content,\r\n\t\t\t\ttg_date,\r\n\t\t\t\ttg_state \r\n\t\t\tFROM \r\n\t\t\t\ttg_message\r\n\t\t\tWHERE \r\n\t\t\t\ttg_id='{$_GET['id']}'";
if (!!($_row = _fetch_array($_sql))) {
$_html = array();
$_html['id'] = $_row['tg_id'];
$_html['fromuser'] = $_row['tg_fromuser'];
$clean['sex'] = _check_sex($_POST['sex']);
_checkdate($_POST['birth_m'], $_POST['birth_d'], $_POST['birth_y']);
_checkdate($_POST['start_time_m'], $_POST['start_time_d'], $_POST['start_time_y']);
$clean['birth'] = $_POST['birth_y'] . '-' . $_POST['birth_m'] . '-' . $_POST['birth_d'];
$clean['start_time'] = $_POST['start_time_y'] . '-' . $_POST['start_time_m'] . '-' . $_POST['start_time_d'];
$clean['gm_grade'] = _time_to_grade($_POST['start_time_y'], $_POST['start_time_m']);
$clean['contact'] = _check_contact($_POST['contact']);
$clean['address'] = _check_address_ex($_POST['address']);
$clean['subject'] = _check_subject($_POST['subject']);
$clean['type'] = _check_type($_POST['type']);
$clean['photoname'] = _check_photo();
//判断是否已经注册
_is_repeat("SELECT gm_num FROM gm_user WHERE gm_num = '{$clean['num']}'", '该学号已经被注册!如有问题请咨询管理员!');
$newpassword = _check_password($_system['initial_password']);
if (_query("INSERT INTO gm_user(\r\n\t\t\t\t\t\t\t\t\tgm_username,\r\n\t\t\t\t\t\t\t\t\tgm_num,\r\n\t\t\t\t\t\t\t\t\tgm_password,\r\n\t\t\t\t\t\t\t\t\tgm_reg_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_ip) \r\n\t\t\t\t\t\t\t\tVALUES(\r\n\t\t\t\t\t\t\t\t\t'{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['num']}',\r\n\t\t\t\t\t\t\t\t\t'{$newpassword}',\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}')") and _query("INSERT INTO gm_stuinfo(\r\n\t\t\t\t\t\t\t\t\tgm_username,\r\n\t\t\t\t\t\t\t\t\tgm_num,\r\n\t\t\t\t\t\t\t\t\tgm_sex,\r\n\t\t\t\t\t\t\t\t\tgm_birth,\r\n\t\t\t\t\t\t\t\t\tgm_start_time,\r\n\t\t\t\t\t\t\t\t\tgm_grade,\r\n\t\t\t\t\t\t\t\t\tgm_contact,\r\n\t\t\t\t\t\t\t\t\tgm_address,\r\n\t\t\t\t\t\t\t\t\tgm_subject,\r\n\t\t\t\t\t\t\t\t\tgm_type,\r\n\t\t\t\t\t\t\t\t\tgm_photoname) \r\n\t\t\t\t\t\t\t\tVALUES(\r\n\t\t\t\t\t\t\t\t\t'{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['num']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['sex']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['birth']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['start_time']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['gm_grade']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['contact']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['address']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['subject']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['type']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['photoname']}')")) {
_location('你的信息已经提交,请耐心等待审核!', 'login.php');
} else {
_alert_back('注册失败!有问题请咨询管理员!');
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>计算机学院研究生档案管理--注册</title>
<link rel="stylesheet" type="text/css" href="styles/basic.css" />
<link rel="stylesheet" type="text/css" href="styles/register.css" />
<script type="text/javascript" src="js/code.js"></script>
