笔记24

Abstract: 新闻管理系统新闻展示页面、个人信息、找回密码以及点赞功能编写。

一、新闻展示页面 show_news.php

<html>
<head>
    <title>
        新闻展示界面
    </title>
</head>
<body>
    <?php
        $hot = 0;
        $title = 0;
        $author = 0;
        $view = 0;
        $time = 0;
        $content = 0;
        @$id= $_GET['id'];
        $hostname = '127.0.0.1';
        $username = 'root';
        $passwd = 'root';
        if($id){
            @$con = mysql_connect('127.0.0.1', 'root','root') or die(mysql_error());
            @mysql_select_db("lianxi") or die(mysql_error());
            mysql_query("set names 'utf8'") or die(mysql_error());
            $sql = "SELECT * FROM `tb_news` WHERE `id`='$id'";
            $result = mysql_query($sql) or die(mysql_error());
            for($i=0; $i<mysql_affected_rows(); $i++){
                $arr = mysql_fetch_assoc($result);
                if($arr['id'] == $id){
                    $hot=$arr['hot'];
                    $title = base64_decode($arr['title']);
                    $author = base64_decode($arr['author']);
                    $view = $arr['view'];
                    $time = $arr['add_time'];
                    $content = base64_decode($arr['contents']);
                        break;
                }
            }
        }
        echo "<h1 align='center'>$title</h1>";
        echo "<div style='float: left'><label>作者： $author</label><label> &nbsp  时间：$time</label></div>";
        echo "<div style='float: right'><label>热度： $hot</label>   <label> / 浏览量：$view</label></div>";
        echo "<br>";
        echo "<hr>";
        echo "<p align='center'>$content</p>";
        echo "<hr>";
        echo "<br>";
        echo <<<EOF
            <div align="center">
                <form action="newAddnews.php", mathod="post">
                    <textarea rows='10' cols='100' style="resize: none"></textarea>
                    <br>
                    <input type="submit" name="suubmit" value="提交">
                </form>
            </div>
EOF;
        echo "<br>";
        echo "<h4 align='center'>评论</h4>";
        echo "<br>";
        if($id) {
            @$con = mysql_connect('127.0.0.1', 'root', 'root') or die(mysql_error());
            @mysql_select_db("lianxi") or die(mysql_error());
            mysql_query("set names 'utf8'") or die(mysql_error());
            $sql = "SELECT * FROM `tb_discuss` WHERE `new_id`='$id'";
            $result = mysql_query($sql) or die(mysql_error());
            for ($i = 0; $i < mysql_affected_rows(); $i++) {
                $arr1 = mysql_fetch_assoc($result);
                $discussUser = base64_decode($arr1['discuss_user']);
                $time = $arr1['discuss_time'];
                $discussContent = $arr1["discuss_content"];
                echo "<hr style=\"border:1px dashed #000; height:1px\">";
                echo "<p align='center'>用户：$discussUser" .     "     时间：$time</p>";
                echo "<br>";
                echo "<p align='center'>$discussContent</p>";
                echo "<hr style=\"border:1px dashed #000; height:1px\">";
            }
            mysql_close($con);
        }
    ?>
</body>
</html>

二、个人信息

1. personal_information.php

<?php Require_once '../basedir/header.php'; ?>
<?php
session_start();
error_reporting(E_ALL^E_NOTICE);
if(!isset($_SESSION['username'])){
    echo "<script>alert('请登录后查看！');location.href='login.php';</script>";
}
?>
<html>
<head>
    <title>
        个人资料
    </title>
</head>
<body>
    <br><br><br><br>
    <div style="margin: 0px 600px 0px 600px">
           <form action="personal_informationhoutai.php" method="post" enctype= "multipart/form-data">

                    头像：<input type="file" name="addr"/><br><br>

                    邮箱：<input type="email" name="email"/><br><br>

                    性别：<input type="radio" name="sexnan"/>男
                          <input type="radio" name="sexnv"/>女<br><br>

                <input type="submit" value="提交"/>
               </form>
    </div>
</body>
</html>

<?php
Require_once '../basedir/footer.php';
?>

2. personal_information_backstage.php

<?php
Require_once "sql.php";
session_start();
error_reporting(E_ALL^E_NOTICE);

$username = $_SESSION['username'];
$sql = "SELECT * FROM `tb_users` WHERE `username`='$username';";
echo "<br>";
$row = mysql_query($sql);

$row = mysql_fetch_assoc($row);
echo "<br>";
$path = $row['addr'];
//var_dump($path);
echo "<br>";
//将文件从临时文件中转移到文件保存路径
var_dump(move_uploaded_file($_FILES['addr']['tmp_name'], $path));

$email=  $_POST['email'];

    if($_POST['sexmale']){
        $sex = 1;
    }
    if($_POST['sexfemale']){
        $sex = -1;
    }

var_dump($_SESSION['username']);
//var_dump($sex);
$yuju = "UPDATE `tb_users` SET email='{$email}',sex='$sex' WHERE `username` = '$_SESSION['username']';";
//echo $path;
$row=  mysql_query("{$path}");

?>

三、找回密码

1.find_passwd.php

<?php
Require_once '../basedir/header.php';
?>
<!DOCTYPE html>
<html>
<head > <meta charset="utf-8"></head>
<body>
<h2 align="center">找回密码</h2>
<br>
<!--text-align:center;-->
<div style="text-align:center;">
    <tr>
        <form action="findPasswdhoutai.php" method="post" onsubmit="checkpass()" onchange="checkanswer()">
            <p><input type="text" name="name" placeholder="输入要找回密码的用户名" style="height: 20px;width: 200px"></p>
            <p>问题：你的爱好是？</p>
            <p><input type="text" name="answer" id="inanswer" placeholder="答案" style="height: 20px;width: 200px"></p>
            <p><input type="password" name="passwd" id="passFirst" placeholder="新密码" style="height: 20px;width: 200px"></p>
            <p><input type="password" name="passwdagain" id="passSecond" placeholder="再次输入密码" style="height: 20px;width: 200px"></p>

            <p><input type="submit" name="提交"></p>
        </form>
    </tr>
    <tr>
        <td align="right">
        </td>
    </tr>
</div>
</body>
</html>

<?php
Require_once '../basedir/footer.php';
?>

2.find_passwd_backstage.php


<?php
Require_once "sql.php";
//需要修改！
error_reporting(E_ALL^E_NOTICE);
$username = $_POST['name'];
var_dump($username);
//    $username = 'root';
//删除用户
$sql = "SELECT * FROM `tb_anquan` WHERE `username`='$username';";
echo $sql;
$result = mysql_query($sql) or die(mysql_error());

$arr = mysql_fetch_assoc($result);
$answer = $arr['mima'];
//echo $answer;
//$inAnswer = $_POST['answer'];
if($answer != $_POST['answer']){
       die("<script>alert('密保答案不正确！');</script>");
}
$passFirst = $_POST['passwd'];
$passSecond = $_POST['passwdagain'];
if($passFirst==NULL && $passSecond==NULL) {
    die("<script>alert('请输入密码！');</script>");
}else{
    if($passFirst != $passSecond){
        die("<script>alert('输入密码不一致，请重新输入！');</script>");
    }else {
        $passFirst = md5($passFirst);
        $sql = "UPDATE `tb_users` SET `password`= '$passFirst' WHERE `username`='$username';";
        echo $sql;
        $result = mysql_query($sql) or die(mysql_error());
        if (mysql_affected_rows()) {
            echo "<script>alert('更新成功！');location.href='login.php';</script>";
        } else {
            die("<script>alert('更新失败！');location.href='findPasswd.php';</script>");
        }
    }
}
?>

四、点赞功能

up_down.php

<html>
<style >
    .th{
        vertical-align: middle;
    }
    <script type="text/javascript" src="../js/jquery-1.12.4.js"></script>
<?php
    Require_once "sql.php";
?>
</style>

<div style="width:100%;text-align:center">
    <h1>新闻界面</h1>
</div>
<table align="center" border="1" width="1200">
    <tr>
        <th> <h2>热度</h2> </th>
        <th> <h2>标题</h2> </th>
        <th> <h2>作者</h2> </th>
        <th> <h2>时间</h2> </th>
        <th width="150px"> <h2>操作</h2> </th>
    </tr>
<?php
//$uers_id = $_SESSION["user_id"];
$user_id=13;
$storeUidType = array();
$result = mysql_query("select * from tb_news order by hot desc;");
//======================================================================================
$readNews = mysql_query("select * from `tb_hot` where `user_id`=$user_id");
//把用户对新闻的评价保存在一个数组里
//$storeUidType[news_id] = type
while($arr1 = mysql_fetch_assoc($readNews)) {
    $hotUser_id = $arr1['user_id'];
    $hotNews_id = $arr1['news_id'];
    $hotType = $arr1['type'];
    $storeUidType[$hotNews_id] = $hotType;
}
//echo $storeUidType;
//======================================================================================
while($arr = mysql_fetch_assoc($result)){
    $title = base64_decode($arr['title']);
    //var_dump($title);
    $contents = base64_decode($arr['contents']);
    $author = base64_decode($arr['author']);
    $new_img = $arr['new_img'];
    $add_time = $arr['add_time'];
    $Hot = $arr['hot'];
    //读取新闻ID
    $id = $arr['id'];
    //=============================================
    //用户还没有对新闻进行评价，颜色设置成黑色
    if($storeUidType[$id]==1){
        $upColor = "red";
        $downColor = "black";
    }elseif($storeUidType[$id]==-1){
        $upColor = "black";
        $downColor = "red";
    }else{
        $upColor = "black";
        $downColor = "black";
    }
    //=============================================
    $idUp = 'btnUp' . $id;
    $idDown = 'btnDown' . $id;
    $tu = base64_decode($new_img);
    echo
            <<<EOF
            <tr>
            <td align="center">{$Hot}</td>
            <td align="center">{$title}</td>
            <td align="center">{$author}</td>
            <td align="center">{$add_time}</td>
            <td align="center" rowspan="2">
                <p>                  
                    <button id=$idUp style='color: $upColor' onclick='btnUpAct(this.id)'>赞</button>/
                    <button id=$idDown style='color: $downColor' onclick='btnDownAct(this.id)'>踩</button>                    
                </p>
                
            </td>
            </tr>

            <tr>
            <td align="center" height: 30px; width: 300px; text-align: center;>
            <img height="150px" src={$tu}>
            </td>
            <td colspan="3" align="center" ><a href="xinwenzhanshimore.php?action={$title}">{$contents}</a> 
            </tr>
             <script>
                function btnUpAct(id){                   
                    if(id=='$idUp'){
                        if(document.getElementById(id).style.color == "red"){
                            alert('您已点过赞了！');
                        }else{
                            document.getElementById(id).style.color="red";
                            document.getElementById('$idDown').style.color="black"; 
                        }
                    }
                }
                function btnDownAct(id){
                    if(id=='$idDown'){
                        if(document.getElementById(id).style.color == "red"){
                            alert('您已点过踩了！');
                        }else{
                            document.getElementById(id).style.color="red";
                            document.getElementById('$idUp').style.color="black";        
                        }
                    }
                }               
            </script>
EOF;
    
?>
</table>
</html>

五、问题与总结

新闻展示、个人信息、找回密码三个功能均可完美实现。点赞功能还是有些问题，从数据库中读取数据，新闻展示界面把该用户对每条新闻的赞踩显示出红色，在按钮添加事件，当颜色为红色时，再次点击该按钮会提示已操作过。用这种思路写出来，只是最后一条新闻功能实现是正确，后来查资料得知，js事件用于循环时只对最后一条有作用，需用闭包解决。需换思路！

一、新闻展示页面 show_news.php

二、个人信息

1. personal_information.php

2. personal_information_backstage.php

三、找回密码

1.find_passwd.php

2.find_passwd_backstage.php

四、点赞功能

up_down.php

五、问题与总结

han

dvwa 在 CentOS 部署

phpmyadmin文件包含漏洞复现

笔记11

第二周总结

markdown语法

stage1知识盲点

笔记12

笔记13

笔记14

笔记15