<?php
$hostname_conn = "localhost";
$database_conn = "test";
$username_conn = "root";
$password_conn = "1981427";
$conn = mysql_connect($hostname_conn, $username_conn, $password_conn);
?>
<?php
//该函数用于将一般字符串转换成SQL语句所需要的格式
function GetSQLValueString($theValue, $theType)
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
}
return $theValue;
}
?>
<?php
session_start();
//如果Session不存在,则跳转到Admin.php
if (!(isset($_SESSION['MM_Username']))) {
header("Location: admin.php");
exit;
}
?>
<?php require_once('Connections/conn.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "adminmain.php";
$MM_redirectLoginFailed = "admin.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_conn, $conn);
$LoginRS__query=sprintf("SELECT adminname, password FROM admin WHERE adminname='%s' AND password='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $conn) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css"><!--
.style1 {font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
--></style><style type="text/css" bogus="1">.style1 {font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}</style>
</head>
<body>
<p align="center"><span class="style1">留言板 - 管理登陆</span></p>
<p align="center"><span class="style2"><a href="viewposts.php" href="viewposts.php">浏览留言</a> | <a href="newpost.php" href="newpost.php">发表留言</a></span></p>
<form name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
<table width="239" border="0" align="center">
<tr>
<td width="73">用户名:</td>
<td width="156"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>密码:</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="提交">
<input type="reset" name="Submit2" value="重设"></td>
</tr>
</table>
</form>
<p align="center"> </p>
</body>
</html>
<?php require_once('Connections/conn.php');
require_once('inc/accesscheck.php');
require_once('inc/GetSQLValueString.php');?>
<?php
if ((isset($_GET['postid'])) && ($_GET['postid'] != "")) {
$updateSQL = sprintf("UPDATE posts SET checked=1-checked WHERE postid=%s",
GetSQLValueString($_GET['postid'], "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$deleteGoTo = "adminmain.php";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
?>
<?php
require_once('Connections/conn.php');
require_once('inc/accesscheck.php');
require_once('inc/GetSQLValueString.php');
?>
<?php
if ((isset($_GET['postid'])) && ($_GET['postid'] != "")) {
$deleteSQL = sprintf("DELETE FROM posts WHERE postid=%s",
GetSQLValueString($_GET['postid'], "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error());
$deleteGoTo = "adminmain.php";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
?>
<?php require_once('Connections/conn.php');
require_once('inc/accesscheck.php');
require_once('inc/GetSQLValueString.php');?>
<?php
if ((isset($_GET['postid'])) && ($_GET['postid'] != "")) {
$deleteSQL = sprintf("UPDATE posts SET replied=0, adminname='', replycontent='' WHERE postid=%s",
GetSQLValueString($_GET['postid'], "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error());
$deleteGoTo = "adminmain.php";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
?>
<?php require_once('Connections/conn.php');
require_once('inc/accesscheck.php');
require_once('inc/GetSQLValueString.php');?>
<?php
mysql_select_db($database_conn, $conn);
$query_rs = "SELECT * FROM posts ORDER BY postid DESC";
$rs = mysql_query($query_rs, $conn) or die(mysql_error());
$row_rs = mysql_fetch_assoc($rs);
$totalRows_rs = mysql_num_rows($rs);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css"><!--
.style1 {font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
.style4 {font-size: 12px}
.style6 {font-size: 12px; font-weight: bold; }
--></style><style type="text/css" bogus="1">.style1 {font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
.style4 {font-size: 12px}
.style6 {font-size: 12px; font-weight: bold; }</style>
</head>
<body>
<p align="center"><span class="style1">留言板 - 管理页面</span></p>
<p align="center"><span class="style2"><a href="viewposts.php" href="viewposts.php">浏览留言</a> | <a href="newpost.php" href="newpost.php">发表留言</a> | <a href="logout.php" href="logout.php">退出登陆</a></span></p>
<p align="center"> </p>
<table width="623" border="1" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="91"><span class="style6">留言者用户名</span></td>
<td width="210"><span class="style6">留言标题</span></td>
<td width="61"> </td>
<td width="61"> </td>
<td width="61"> </td>
<td width="62"> </td>
</tr>
<?php do { ?>
<tr>
<td><span class="style4"><?php echo $row_rs['username']; ?></span></td>
<td><span class="style4"><?php
echo $row_rs['topic'];
if($row_rs['checked']==1)
echo "(已审批)";
if($row_rs['replied']==1)
echo "(已回复)";
?></span></td>
<td><div align="center"><span class="style4"><a href="adminreply.php?postid=<?php echo $row_rs['postid']; ?>">回复留言</a></span></div></td>
<td><div align="center"><span class="style4"><a href="admindelpost.php?postid=<?php echo $row_rs['postid']; ?>">删除留言</a></span></div></td>
<td><div align="center"><span class="style4"><a href="admindelreply.php?postid=<?php echo $row_rs['postid']; ?>">删除回复</a></span></div></td>
<td><div align="center"><span class="style4"><a href="admincheckpost.php?postid=<?php echo $row_rs['postid']; ?>">审批留言</a></span></div></td>
</tr>
<?php } while ($row_rs = mysql_fetch_assoc($rs)); ?>
</table>
<p align="center"> </p>
</body>
</html>
<?php
mysql_free_result($rs);
?>
<?php require_once('Connections/conn.php');
require_once('inc/accesscheck.php');
require_once('inc/GetSQLValueString.php');?>
<?php
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE posts SET replycontent=%s, replied=1, checked=1, adminname=%s WHERE postid=%s",
GetSQLValueString($_POST['replycontent'], "text"),
GetSQLValueString($_SESSION['MM_Username'], "text"),
GetSQLValueString($_POST['postid'], "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
echo "<script type="text/javascript"><!--
alert('回复发表成功');
// --></script>";
}
$colname_rs = "1";
if (isset($_GET['postid'])) {
$colname_rs = (get_magic_quotes_gpc()) ? $_GET['postid'] : addslashes($_GET['postid']);
}
mysql_select_db($database_conn, $conn);
$query_rs = sprintf("SELECT * FROM posts WHERE postid = %s", $colname_rs);
$rs = mysql_query($query_rs, $conn) or die(mysql_error());
$row_rs = mysql_fetch_assoc($rs);
$totalRows_rs = mysql_num_rows($rs);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css"><!--
.style1 {font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
--></style><style type="text/css" bogus="1">.style1 {font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}</style>
</head>
<body>
<p align="center"><span class="style1">留言板 - 管理页面 - 回复留言</span></p>
<p align="center"><span class="style2"><a href="adminmain.php" href="adminmain.php">管理页面</a><a href="newpost.php" href="newpost.php"></a> | <a href="logout.php" href="logout.php">退出登陆</a></span></p>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<table align="center">
<tr valign="baseline">
<td nowrap align="right" valign="top">留言标题:</td>
<td><?php echo $row_rs['topic']; ?></td>
</tr>
<tr valign="baseline">
<td nowrap align="right" valign="top">留言内容:</td>
<td><?php echo $row_rs['content']; ?></td>
</tr>
<tr valign="baseline">
<td nowrap align="right" valign="top">回复内容:</td>
<td>
<textarea name="replycontent" cols="50" rows="5"><?php echo $row_rs['replycontent']; ?>
<?php
$logoutGoTo = "admin.php";
session_start();
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
if ($logoutGoTo != "") {header("Location: $logoutGoTo");
session_unregister('MM_Username');
session_unregister('MM_UserGroup');
exit;
}
?>
<?php
$logoutGoTo = "admin.php";
session_start();
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
if ($logoutGoTo != "") {header("Location: $logoutGoTo");
session_unregister('MM_Username');
session_unregister('MM_UserGroup');
exit;
}
?>
<?php require_once('Connections/conn.php');
require_once('inc/GetSQLValueString.php');?>
<?php
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO posts (username, topic, content) VALUES (%s, %s, %s)",
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['topic'], "text"),
GetSQLValueString($_POST['content'], "text"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($insertSQL, $conn) or die(mysql_error());
echo "<script type="text/javascript"><!--
alert('留言发表成功');
// --></script>";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css"><!--
.style1 { font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
--></style><style type="text/css" bogus="1">.style1 { font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}</style>
</head>
<body>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<p align="center"><span class="style1">留言板 - 发表新留言</span></p>
<p align="center"><span class="style2"><a href="viewposts.php" href="viewposts.php">浏览留言</a> | <a href="admin.php" href="admin.php">管理登陆</a></span></p>
<table align="center">
<tr valign="baseline">
<td nowrap align="right">用户名:</td>
<td><input type="text" name="username" value="" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">标题:</td>
<td><input type="text" name="topic" value="" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right" valign="top">留言内容:</td>
<td>
<textarea name="content" cols="50" rows="5">
<?php require_once('Connections/conn.php');
require_once('inc/GetSQLValueString.php');?>
<?php
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO posts (username, topic, content) VALUES (%s, %s, %s)",
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['topic'], "text"),
GetSQLValueString($_POST['content'], "text"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($insertSQL, $conn) or die(mysql_error());
echo "<script type="text/javascript"><!--
alert('留言发表成功');
// --></script>";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css"><!--
.style1 { font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
--></style><style type="text/css" bogus="1">.style1 { font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}</style>
</head>
<body>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<p align="center"><span class="style1">留言板 - 发表新留言</span></p>
<p align="center"><span class="style2"><a href="viewposts.php" href="viewposts.php">浏览留言</a> | <a href="admin.php" href="admin.php">管理登陆</a></span></p>
<table align="center">
<tr valign="baseline">
<td nowrap align="right">用户名:</td>
<td><input type="text" name="username" value="" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">标题:</td>
<td><input type="text" name="topic" value="" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right" valign="top">留言内容:</td>
<td>
<textarea name="content" cols="50" rows="5">
<?php require_once('Connections/conn.php'); ?>
<?php
$currentPage = $_SERVER["PHP_SELF"];
$maxRows_rs = 10;
$pageNum_rs = 0;
if (isset($_GET['pageNum_rs'])) {
$pageNum_rs = $_GET['pageNum_rs'];
}
$startRow_rs = $pageNum_rs * $maxRows_rs;
mysql_select_db($database_conn, $conn);
$query_rs = "SELECT * FROM posts WHERE checked=1 ORDER BY postid DESC";
$query_limit_rs = sprintf("%s LIMIT %d, %d", $query_rs, $startRow_rs, $maxRows_rs);
$rs = mysql_query($query_limit_rs, $conn) or die(mysql_error());
$row_rs = mysql_fetch_assoc($rs);
if (isset($_GET['totalRows_rs'])) {
$totalRows_rs = $_GET['totalRows_rs'];
} else {
$all_rs = mysql_query($query_rs);
$totalRows_rs = mysql_num_rows($all_rs);
}
$totalPages_rs = ceil($totalRows_rs/$maxRows_rs)-1;
$queryString_rs = "";
if (!emptyempty($_SERVER['QUERY_STRING'])) {
$params = explode("&", $_SERVER['QUERY_STRING']);
$newParams = array();
foreach ($params as $param) {
if (stristr($param, "pageNum_rs") == false &&
stristr($param, "totalRows_rs") == false) {
array_push($newParams, $param);
}
}
if (count($newParams) != 0) {
$queryString_rs = "&" . htmlentities(implode("&", $newParams));
}
}
$queryString_rs = sprintf("&totalRows_rs=%d%s", $totalRows_rs, $queryString_rs);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css"><!--
.style1 {
font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
--></style><style type="text/css" bogus="1">.style1 {
font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}</style>
</head>
<body>
<p align="center" class="style1">留言板 - 留言浏览</p>
<p align="center" class="style2"><a href="newpost.php" href="newpost.php">发表留言</a> | <a href="admin.php" href="admin.php">管理登陆</a></p>
<?php do { ?>
<table width="500" border="1" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="116"><div align="right"><strong>用户名:</strong></div></td>
<td width="378"><?php echo $row_rs['username']; ?></td>
</tr>
<tr>
<td><div align="right"><strong>标题:</strong></div></td>
<td><?php echo $row_rs['topic']; ?></td>
</tr>
<tr>
<td><div align="right"><strong>留言内容:</strong></div></td>
<td><?php echo $row_rs['content']; ?></td>
</tr>
<?php if($row_rs['replied']==1) { ?>
<tr>
<td><div align="right"><strong>回复:</strong></div></td>
<td><p><?php echo $row_rs['replycontent']; ?></p>
<p align="right"><strong>回复人:</strong><?php echo $row_rs['adminname']; ?></p></td>
</tr>
<?php } ?>
</table>
<br>
<?php } while ($row_rs = mysql_fetch_assoc($rs)); ?>
<p align="center">
<table border="0" width="50%" align="center">
<tr>
<td width="23%" align="center">
<?php if ($pageNum_rs > 0) { // Show if not first page ?>
<a href="<?php printf(" href="<?php printf("%s?pageNum_rs=%d%s", $currentPage, 0, $queryString_rs); ?>">首页</a>
<?php } // Show if not first page ?>
</td>
<td width="31%" align="center">
<?php if ($pageNum_rs > 0) { // Show if not first page ?>
<a href="<?php printf(" href="<?php printf("%s?pageNum_rs=%d%s", $currentPage, max(0, $pageNum_rs - 1), $queryString_rs); ?>">上一页</a>
<?php } // Show if not first page ?>
</td>
<td width="23%" align="center">
<?php if ($pageNum_rs < $totalPages_rs) { // Show if not last page ?>
<a href="<?php printf(" href="<?php printf("%s?pageNum_rs=%d%s", $currentPage, min($totalPages_rs, $pageNum_rs + 1), $queryString_rs); ?>">下一页</a>
<?php } // Show if not last page ?>
</td>
<td width="23%" align="center">
<?php if ($pageNum_rs < $totalPages_rs) { // Show if not last page ?>
<a href="<?php printf(" href="<?php printf("%s?pageNum_rs=%d%s", $currentPage, $totalPages_rs, $queryString_rs); ?>">尾页</a>
<?php } // Show if not last page ?>
</td>
</tr>
</table>
</p>
<p> </p>
</body>
</html>
<?php
mysql_free_result($rs);
?>