好了现在我们来看login.php文件的程序代码吗.
<?php
session_start();
include("global.php");
if(isset($_POST['username']) && isset($_POST['pwd']))
{
$result = mysql_query("SELECT * FROM xx_admin");
if($info = mysql_fetch_array($result))
{
if($_POST['username'] == $info['username'] && $info['password'] == md5($_POST['pwd']))
{
$_SESSION[user] = $info['username'];
echo("login OK!");
die("<script>window.location.href='index.php';</script>");
}
else echo("<script>window.alert('登陆失败!');window.location.href='".$_SERVER['PHP_SELF']."';</script>");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>管理员登陆</title>
<style type="text/css">
<!--
body {
background: #EAF4FF;
font-size: 12px;
}
-->
</style>
</head>
<body>
<table width="240" border="0" cellspacing="0" cellpadding="0" align="center">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="login" id="login">
<tr>
<td height="25"></td>
<td height="25"><strong>管理登录</strong></td>
</tr>
<tr>
<td width="59" height="25" align="right">用户名: </td>
<td width="181" height="25"><label>
<input name="username" type="text" class="loginput" id="username" value="" />
</label></td>
</tr>
<tr>
<td height="25" align="right">密 码: </td>
<td height="25"><label>
<input name="pwd" type="password" class="loginput" id="pwd" />
</label></td>
</tr>
<tr>
<td height="25"> </td>
<td height="25"><label>
<input name="Submit" type="submit" class="botton" value="登 录" />
</label></td>
</tr>
</form>
</table>
</body>
</html>
登陆后就可以看到留言的了就会用mreplay.php进行回答网友的问题.代码如下.
<?php
session_start();
include("global.php");
if(!$_SESSION[user])
die("<script>window.alert('请先登陆!');window.location.href='login.php';</script>");
if(isset($_GET['act']) && $_GET['act']=='reply')
{
$content = $_POST['reply'];
$content = str_replace(""," ",$content);
$content = str_replace(" "," ",$content);
$content = str_replace("\n","<br />",$content);
$sql = "UPDATE xx_guestbook SET reply = '{$content}',replytime = '".date('Y-m-d H:i:s')."' WHERE mid = ".intval($_GET['mid']);
//echo $sql;
$row=mysql_query($sql);
if($row)
{
echo("reply OK!");
die("<script>window.location.href='lyb.php';</script>");
}
else echo("false");
}else
if(isset($_GET['act']) && $_GET['act'] == 'edit')
{
if(isset($_GET['mid']))
{
$mid = intval($_GET['mid']);
$row=mysql_query("SELECT * FROM xx_guestbook WHERE mid = {$mid}");
if($row)
{
$rs=mysql_fetch_array($row);
//print_r($rs); DEBUG
//echo "<meta http-equiv=\"refresh\" content=\"1; url=index2.php\">";
$reply = $rs['reply'];
$reply = str_replace("<br />","\n",$reply);
//$reply = str_replace(" ","",$reply);
//$reply = str_replace(" ","",$content);
//$reply = str_replace("<br />","",$reply);
}
else echo("false");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>编辑回复留言</title>
</head>
<body>
<table width="500" border="0" cellspacing="0" cellpadding="0" align="center">
<form action="<?php $_SERVER['PHP_SELF']; ?>?act=reply&mid=<?php echo("{$rs['mid']}");?>" method="post" name="message" id="message">
<tr>
<td height="25" align="center"><strong>回复留言<?php echo $_GET['mid']; ?></strong></td>
</tr>
<tr>
<td height="25" align="center"><label>
<textarea name="reply" cols="70" rows="15" class="input" id="reply"><?php echo $reply; ?></textarea>
</label></td>
</tr>
<tr>
<td height="25" align="center"><label>
<input name="Submit" type="submit" class="botton" value="回复留言" />
</label></td>
</tr>
</form>
</table>
</body>
</html>
<?php
}
?>