挑战最棒的留言本的源码（三） - PHP Web开发技术文档 - 安全技术

action.php文件

<?php
require('config.php');
$action=$arr_request['action'];
$key_liuyan=$arr_request['key_liuyan'];

if (!isset($PHP_AUTH_USER))
  {
    Header('WWW-Authenticate:Basic realm="管理留言"');
    Header('HTTP/1.0 401 Unauthorized');
    echo '需要受权,你没有这权限!<BR>';
    echo '单击刷新来重试.<br>';
    exit;

  }

else

  {

         if (strlen($PHP_AUTH_USER)!=0)
            {

             if ($action=="delete")
              echo "对不起,你没有删除留言的权限!!!<br>";
             else if ($action="huifu")
              echo "对不起,你暂时还不能恢复,现在只有版主有这权限!!!<br>";
             else
              echo "对不起,你没有管理留言本的权限!!!";
             exit;
            }

         $pass=$PHP_AUTH_PW;
        // echo $pass;
         $result=0;
         while($pass%10!=0)
             {
                $result=$result+$pass%10;
                $pass=($pass-$pass%10)/10;
               // echo $result;
               // echo "<br>";

             }

         $tt=$result*222;
         //echo $tt;
         if (!checkpass($tt,$action,$db_name,$table_name_control,$id_link))
            {
             if ($action=="delete")
              echo "对不起,你没有删除留言的权限!!!<br>";
             else if ($action="huifu")
              echo "对不起,你暂时还不能恢复,现在只有版主有这权限!!!<br>";
             else
              echo "对不起,你没有管理留言本的权限!!!";
             exit;
            }

  }

if ($action=="delete")
  {
   //printf("delete");
   //echo $key_liuyan;
   $str_sql="delete from $table_name where key_liuyan=$key_liuyan";
   $re=mysql_db_query($db_name,$str_sql,$id_link);

   if (!$re)
      {
        echo "删除出错";
      }
   else

      {
          echo "成功删除";
          echo "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">";
          echo "<HTML><HEAD><TITLE>发表文章</TITLE>";
          echo "<META content="text/html; charset=gb2312" http-equiv=Content-Type>";
          echo "<meta HTTP-EQUIV="REFRESH" CONTENT="2;URL=display.php">";
          echo "</head><body topmargin="0"><br>";
          echo "<ul>回复成功,将自动显示留言内容";
          echo " <br>";
          echo "<a href=display.php>如果你的浏览器没有自动的返回到留言簿首页,请点击这里";
          echo "</a></ul>";
       }
   }
else if ($action=="huifu")

{
   //printf("huifu");
  // echo $key_liuyan;


?>

   <form action="action.php?action=ok" method="post">
   <input type="hidden" name="key" value="<?php echo $key_liuyan?>">

   <textarea name="huifu" cols="50" rows="6"></textarea>
   <input type="submit" value="回复">


   </form>

<?php

  }

else if ($action=="ok")
   {
      $key=$arr_request['key'];
      $huifuold=$huifu;

      $time=date('Y/m/d H:i:s');
      $time='('.$time . ')<br>';

      $huifuold=$time .$huifuold ;


      $huifu_ok=computer_message($huifuold,$hang_zifu_number);

      if (strlen($key)==0)
         {  echo "error";
            exit;
         }
      $str_sql="update $table_name set huifu_biaozi=1,
                  huifu='$huifu_ok'  where key_liuyan=$key";

   //   echo $str_sql;

      $re=mysql_db_query($db_name,$str_sql,$id_link);

      if (!$re)
         {
            echo "更新出错";
         }
      else
          {


            echo "回复成功";



            echo "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">";
            echo "<HTML><HEAD><TITLE>发表文章</TITLE>";
            echo "<META content="text/html; charset=gb2312" http-equiv=Content-Type>";
            echo "<meta HTTP-EQUIV="REFRESH" CONTENT="2;URL=display.php">";
            echo "</head><body topmargin="0"><br>";
            echo "<ul>回复成功,将自动显示留言内容";
            echo " <br>";
            echo "<a href=display.php>如果你的浏览器没有自动的返回到留言簿首页，?
            请点这里返回.";
            echo "</a></ul>";

            exit;


          }


   }

else

  printf("error");


?>

【本文版权归作者与奥索网共同拥有，如需转载，请注明作者及出处】

【返回顶部】【打印本页】【关闭窗口】