<?php
/**
* User: answer
* Date: 2015/11/6
* Time: 15:40
*/
require 'common/config.php';
require 'mysql/mysql.class.php';
error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
header("Content-Type: text/html;charset=utf-8");
$content = DB::cleanSql($_POST['content']);
$id = $_POST['id'];
if ($content != '' && strlen($content) >= 15) {
$sql_edit = 'UPDATE ' . GB_TABLE_NAME . ' SET content = "' . $content . '" WHERE id = ' . $id;
DB::connect();
$edit_status = mysql_query($sql_edit);
DB::close();
if ($edit_status) {
echo "<script>alert('编辑成功');</script>";
header('location:admin.php');
} else {
echo "<script>alert('编辑失败');</script>";
header('location:admin.php');
}
} else {
header('location:admin.php');
}
* +--------------------------------------------------------------
*/
require_once 'config.php';
require_once 'sql.class.php';
header("Content-Type:text/html;charset=utf8");
$nickname = $_POST['nickname'];
$content = $_POST['content'];
$email = $_POST['email'];
DB::connect();
if (empty($nickname) || empty($content)) {
exit('{"error":1, "msg":"昵称或内容不能为空!"}');
}
if (!empty($email)) {
$email_reg = '/\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*.\\w+([-.]\\w+)*/';
if (!preg_match($email_reg, $email)) {
exit('{"error":1, "msg":"email地址不合法!"}');
}
} else {
exit('{"error":1, "msg":"email不可以空!"}');
}
$nickname = DB::cleanSql($nickname);
$content = DB::cleanSql($content);
$email = DB::cleanSql($email);
$createtime = time();
$sql_insert = 'insert into ' . GB_TABLE_NAME . '(nickname, content, createtime, email) value(' . "'{$nickname}', '{$content}', {$createtime}, '{$email}')";
$instert_status = DB::query($sql_insert);
DB::close();
if ($instert_status < 1) {
exit('{"error":1, "msg":"留言失败!"}');
}
exit('{"error":0, "msg":"留言成功!"}');
/**
* +--------------------------------------------------------------
* | Copyright (c) 2015 http://duanzhilei.tk All rights reserved.
* +--------------------------------------------------------------
* | Author: zhilei.duan <*****@*****.**>
* +--------------------------------------------------------------
* | Filename: login.php
* +--------------------------------------------------------------
* | Last modified: 2015-04-01 16:41
* +--------------------------------------------------------------
* | Description:
* +--------------------------------------------------------------
*/
require_once '../config.php';
require_once '../sql.class.php';
DB::connect();
$user = DB::cleanSql($_POST['uname']);
$pwd = DB::cleanSql($_POST['password']);
$sql_login = '******' . ADMIN_TABLE_NAME . ' where level = 9 and nickname = ' . "'{$user}' limit 1";
echo $sql_login;
$insert_status = DB::query($sql_login);
$password = mysql_fetch_array($insert_status)[0];
DB::close();
if (md5($pwd) === $password) {
session_start();
$_SESSION['admin'] = true;
header('location:admin.php');
} else {
header('location:index.html');
}
<?php
/**
* +--------------------------------------------------------------
* | Copyright (c) 2015 http://duanzhilei.tk All rights reserved.
* +--------------------------------------------------------------
* | Author: zhilei.duan <*****@*****.**>
* +--------------------------------------------------------------
* | Filename: delete.php
* +--------------------------------------------------------------
* | Last modified: 2015-04-02 16:03
* +--------------------------------------------------------------
* | Description:
* +--------------------------------------------------------------
*/
require_once '../sql.class.php';
require_once '../config.php';
$id = $_POST['id'];
DB::connect();
DB::cleanSql($id);
$sql_update = "update " . GB_TABLE_NAME . " set status = 1 where id = {$id}";
$res = DB::query($sql_update);
DB::close();
if ($res < 1) {
exit('{"error":1, "msg":"删除失败!"}');
} else {
exit('{"error":0, "msg":"删除成功!"}');
}
<?php
/**
* +--------------------------------------------------------------
* | Copyright (c) 2015 http://duanzhilei.tk All rights reserved.
* +--------------------------------------------------------------
* | Author: zhilei.duan <*****@*****.**>
* +--------------------------------------------------------------
* | Filename: reply.php
* +--------------------------------------------------------------
* | Last modified: 2015-04-01 17:15
* +--------------------------------------------------------------
* | Description:
* +--------------------------------------------------------------
*/
require_once '../config.php';
require_once '../sql.class.php';
$id = $_POST['id'];
$reply = $_POST['reply'];
$replytime = time();
DB::connect();
DB::cleanSql($id);
DB::cleanSql($reply);
$sql_update = "update " . GB_TABLE_NAME . " set reply='{$reply}', replytime={$replytime} where id={$id}";
$res = DB::query($sql_update);
DB::close();
if ($res < 1) {
exit('{"error":1, "msg":"回复失败!"}');
} else {
exit('{"error":0, "msg":"回复成功!"}');
}