admin.php
<?php
/**************后台***************/
?>
<?php
header("Content-type: text/html; charset=gb2312");
include("mysql.php");
session_start();
$res=mysql_query("SELECT * FROM gly where id != 1",$con);
$row=mysql_fetch_array($res);
echo "<head>
<title>后台</title>
</head>";
if( !isset($_SESSION["id"]) ){
echo <<<HTML
<h3>登录</h3>
<form action="admin.php?ac=1" method="post">
登录昵称:<input type="text" name="nc" /><br />
管理密码:<input type="password" name="mm" /><br />
<input type="submit" value="提交" />
</form>
HTML;
if($_GET["ac"]==1){
$psd = md5($_POST["mm"]);
$check = mysql_query("select * from gly where nc = {$_POST['nc']} and gm = {$psd} ");
if( !$result = mysql_fetch_array($check) ){
$jl = $_SERVER[REMOTE_ADDR]."失败";
$sql1 = "INSERT INTO gly (nc, gm, jl)
VALUES
('{$_POST[nc]}' ,'{$_POST[mm]}' ,'{$jl}')";
mysql_query($sql1,$con);
die("账号或密码错误!");
}
$_SESSION["id"] = $result["id"];
header("Location: admin.php");
}
die;
echo <<<HTML
<h3>发表</h3>
<form action="admin.php?ac=2" method="post">
标题:<input type="text" name="bt" /><br />
内容:<textarea name="nr" rows="5"></textarea><br />
分类:<select name="fl">
<option value="随笔">随笔</option>
<option value="感悟">感悟</option>
<option value="人生">人生</option>
<option value="常识">常识</option>
</select><br />
说明:<input type="text" name="sm" /><br />
<input type="submit" value="提交" />
</form>
HTML;
if($_GET["ac"]==2){
$sql2="INSERT INTO wz (bt, zz, nr,fl,sm,z,dj)
VALUES
('{$_POST[bt]}','{$row[nc]}','{$_POST[nr]}','{$_POST[fl]}','{$_POST[sm]}',0,0)";
if (!mysql_query($sql2,$con)) {
die("内容发表失败!<br \>原因:".mysql_error());
}
echo "<script>alert('内容已发表!')</script>";
}
?>
非常感谢?