$username = ClearSpecialChars($_POST['username']); //密码,需要进行MD5加密 $password = $_POST['password']; //从数据库中检索用户名,密码是否匹配 $sql = "SELECT * FROM forum_user\n\t\t WHERE username='******' AND password='******'"; $result = mysql_query($sql); $num_rows = mysql_num_rows($result); if ($num_rows == 1) { //获得用户名 $row = mysql_fetch_assoc($result); //将用户名存如SESSION中 $_SESSION['username'] = $row['username']; //跳转到论坛主页面 header("Location: main_forum.php"); } else { ExitMessage("用户名或者密码错误!", "logon_form.php"); } } else { //公用头部页面 include '../includes/header.inc.php'; ?> <div id="Login_in"> <h2 style="text-align:center; margin-top:50px;">用户登录</h2> <form method="post" action="logon_form.php"> <table width="600"> <tr> <td width="100">用户名:</td> <td><input name="username" type="text"></td>
// $locked = $_POST['locked']; //数据合法性检查 if (!$topic) { ExitMessage("请输入标题!"); } if (!$detail) { ExitMessage("请输入正文!"); } //判断是否为锁定状态 // if ($locked == "on" && $name == ADMIN_USER) { // $locked = 1; // } // else { // $locked = 0; // } //判断是否置顶状态 if ($sticky == "on" && $name == ADMIN_USER) { $sticky = 1; } else { $sticky = 0; } //将数据插入数据库 $sql = "INSERT INTO forum_topic(topic, detail, name,email,datetime,sticky) VALUES('{$topic}', '{$detail}', '{$name}', '{$email}',NOW(),'{$sticky}')"; $result = mysql_query($sql); if ($result) { //成功后,跳转页面到论坛主页面 header("Location: main_forum.php"); } else { ExitMessage("数据库错误!"); } }
<?php /**************************************/ /* 文件名:unstick_topic.php */ /* 功能:取消“置顶”操作 */ /**************************************/ require '../config.inc.php'; //判断是否为管理员 if ($_SESSION['username'] == ADMIN_USER) { //取得文章ID $id = $_POST['id']; //取消“置顶”的SQL语句 $sql = "UPDATE forum_topic SET sticky='0' WHERE id='{$id}'"; $result = mysql_query($sql); if ($result) { //跳转页面 header("Location: view_topic.php?id={$id}"); } else { ExitMessage("数据库操作错误!"); } } else { ExitMessage("你没有管理权限!"); }
ini_set("error_reporting", "E_ALL & ~E_NOTICE"); header("Content-type: text/html; charset=utf-8"); /**************************************/ /* 文件名:view_topic.php */ /* 功能:文章详细页面 */ /**************************************/ require '../config.inc.php'; //根据ID取得贴子记录 $id = $_GET['id']; $sql = "SELECT * FROM forum_topic WHERE id='{$id}'"; $result = mysql_query($sql); $rows = mysql_fetch_array($result); //记录不存在 if (!$rows) { ExitMessage("该贴记录不存在!", "main_forum.php"); } //置顶标记 $sticky = $rows['sticky']; ?> <?php include '../includes/header.inc.php'; ?> <img id="x" src="../images/backspace.png" alt="backspace"> <div class="setTopic"> <h2 style="text-align:center;"><?php echo '主题:' . $rows['topic']; ?> </h2> <p class="info">
<?php ini_set("error_reporting", "E_ALL & ~E_NOTICE"); header("Content-type: text/html; charset=utf-8"); /******************************************/ /* 文件名:edit_profile.php */ /* 功能:用户资料修改页面 */ /******************************************/ require '../config.inc.php'; //用户名 $id = $_SESSION['username']; //如果用户没有登录 if (!$_SESSION['username']) { ExitMessage("请<b>登录</b>后执行该请求。", "logon_form.php"); } ?> <?php include '../includes/header.inc.php'; ?> <div class="editUser"> <h2>编辑个人资料</h2> <?php //查询用户资料 $sql = "SELECT * FROM forum_user WHERE username = '******'"; $result = mysql_query($sql); $rows = mysql_fetch_array($result); ?>
$user_info = mysql_fetch_array($result); //取得提交过来的数据 $reply_name = $_SESSION['username']; $reply_email = $user_info['email']; $reply_detail = $_POST['reply_detail']; if (!$reply_detail) { include '../includes/header.inc.php'; ExitMessage("没有回贴记录!", "main_forum.php"); } //取得reply_id的最大值 $sql = "SELECT Count(reply_id) AS MaxReplyId \n\t\tFROM forum_reply WHERE topic_id='{$id}'"; $result = mysql_query($sql); $rows = mysql_fetch_row($result); //将reply_id最大值+1,如果没有该值,则设置为1。 if ($rows) { $Max_id = $rows[0] + 1; } else { $Max_id = 1; } //插入回复数据 $sql = "INSERT INTO forum_reply (topic_id, reply_id, reply_name, \n\t\treply_email, reply_detail, reply_datetime)\n\t\tVALUES('{$id}', '{$Max_id}', '{$reply_name}', \n\t\t'{$reply_email}', '{$reply_detail}', NOW())"; $result = mysql_query($sql); if ($result) { //更新reply字段 $sql = "UPDATE forum_topic SET reply='{$Max_id}' WHERE id='{$id}'"; $result = mysql_query($sql); //页面跳转 header("Location: view_topic.php?id={$id}"); } else { ExitMessage("记录不存在"); }
//电子邮件 $email = $_POST['email']; //真实姓名 $realname = $_POST['realname']; //用户密码 $password = $_POST['password']; if (!$password) { //如果密码为空,则密码项不予更新 $sql = "UPDATE forum_user \n\t\t\tSET email = '{$email}', \n\t\t\trealname = '{$realname}' \n\t\t WHERE username = '******'"; } else { //如果输入了新的密码,则密码项也予以更新 $password = $password; $sql = "UPDATE forum_user \n\t\t\tSET password = '******', \n\t\t\temail = '{$email}', \n\t\t\trealname = '{$realname}' \n\t\t WHERE username = '******'"; } $result = mysql_query($sql); if ($result) { ?> <div class="updateUser"> <h2>个人资料更新成功</h2> <p> 您的个人资料已经被成功更新。 请<a href="main_forum.php">返回</a>论坛主页。 </p> </div> <?php } else { ExitMessage("记录不存在!"); } include '../includes/footer.inc.php';
ini_set("error_reporting", "E_ALL & ~E_NOTICE"); header("Content-type: text/html; charset=utf-8"); /**************************************/ /* 文件名:view_profile.php */ /* 功能:查看用户资料页面 */ /**************************************/ require '../config.inc.php'; //取得用户ID $id = $_GET['id']; //取得用户信息 $sql = "SELECT * FROM forum_user WHERE username='******'"; $result = mysql_query($sql); $rows = mysql_fetch_array($result); if (!$rows) { ExitMessage("用户记录不存在!", "index.php"); } //正文内容 $sql = "SELECT * FROM forum_topic WHERE name = '" . $id . "'"; $count_q = mysql_query($sql); $num_count_q = mysql_num_rows($count_q); //回复内容 $sql = "SELECT * FROM forum_reply WHERE reply_name = '" . $id . "'"; $count_a = mysql_query($sql); $num_count_a = mysql_num_rows($count_a); //计算用户发表的帖子数量 $num_count = $num_count_q + $num_count_a; ?> <?php include '../includes/header.inc.php';