public function login() { if (is_manage_login()) { $this->redirect(__APP__); } $this->display(); }
public function _initialize() { header("Content-Type: text/html; charset=utf-8"); if (defined('UID')) { return; } define('UID', is_manage_login()); if (!UID) { $this->redirect('public/login'); } //权限验证 $name = CONTROLLER_NAME; if (!authcheck($name, UID)) { $this->error('没有权限', U('public/logout')); } }
<?php if (!is_manage_login($link)) { header('Location:login.php'); exit; } if (basename($_SERVER['SCRIPT_NAME']) == 'manage_delete.php' || basename($_SERVER['SCRIPT_NAME']) == 'manage_add.php') { if ($_SESSION['manage']['level'] != '0') { if (!isset($_SERVER['HTTP_REFERER'])) { $_SERVER['HTTP_REFERER'] = 'index.php'; } skip($_SERVER['HTTP_REFERER'], 'error', '对不起您权限不足!'); } }
/** * 检测当前用户是否为管理员 */ function is_administrator($uid = null) { $uid = is_null($uid) ? is_manage_login() : $uid; return $uid && intval($uid) === C('USER_ADMINISTRATOR'); }
<?php include_once 'inc/config.inc.php'; include_once 'inc/mysql.inc.php'; include_once 'inc/tool.inc.php'; $link = connect(); $is_manage_login = is_manage_login($link); $member_id = is_login($link); if (!$member_id && !$is_manage_login) { skip('login.php', 'error', '您没有登录!'); } if (!isset($_GET['id']) || !is_numeric($_GET['id'])) { skip('index.php', 'error', '帖子id参数不合法!'); } $query = "select member_id from cfc_content where id={$_GET['id']}"; $result_content = execute($link, $query); if (mysqli_num_rows($result_content) == 1) { $data_content = mysqli_fetch_assoc($result_content); if (check_user($member_id, $data_content['member_id'], $is_manage_login)) { $query = "delete from cfc_content where id={$_GET['id']}"; execute($link, $query); if (isset($_GET['return_url'])) { $return_url = $_GET['return_url']; } else { $return_url = "member.php?id={$member_id}"; } if (mysqli_affected_rows($link) == 1) { skip($return_url, 'ok', '恭喜你,删除成功!'); } else { skip($return_url, 'error', '对不起删除失败!'); }