【www.bbyears.com--留言】
好了现在我们来看login.php文件的程序代码吗.
session_start();
include("global.php");
if(isset($_POST["username"]) && isset($_POST["pwd"]))
{
$result = mysql_query("SELECT * FROM xx_admin");
if($info = mysql_fetch_array($result))
{
if($_POST["username"] == $info["username"] && $info["password"] == md5($_POST["pwd"]))
{
$_SESSION[user] = $info["username"];
echo("login OK!");
die("<script>window.location.href="index.php";</script>");
}
else echo("<script>window.alert("登陆失败!");window.location.href="".$_SERVER["PHP_SELF"]."";</script>");
}
}
?>
登陆后就可以看到留言的了就会用mreplay.php进行回答网友的问题.代码如下.
session_start();
include("global.php");
if(!$_SESSION[user])
die("<script>window.alert("请先登陆!");window.location.href="login.php";</script>");
if(isset($_GET["act"]) && $_GET["act"]=="reply")
{
$content = $_POST["reply"];
$content = str_replace(""," ",$content);
$content = str_replace(" "," ",$content);
$content = str_replace("\n","
",$content);
$sql = "UPDATE xx_guestbook SET reply = "{$content}",replytime = "".date("Y-m-d H:i:s")."" WHERE mid = ".intval($_GET["mid"]);
//echo $sql;
$row=mysql_query($sql);
if($row)
{
echo("reply OK!");
die("<script>window.location.href="lyb.php";</script>");
}
else echo("false");
}else
if(isset($_GET["act"]) && $_GET["act"] == "edit")
{
if(isset($_GET["mid"]))
{
$mid = intval($_GET["mid"]);
$row=mysql_query("SELECT * FROM xx_guestbook WHERE mid = {$mid}");
if($row)
{
$rs=mysql_fetch_array($row);
//print_r($rs); DEBUG
//echo "";
$reply = $rs["reply"];
$reply = str_replace("
","\n",$reply);
//$reply = str_replace(" ","",$reply);
//$reply = str_replace(" ","",$content);
//$reply = str_replace("
","",$reply);
}
else echo("false");
}
?>
}
?>