前端用户使用界面

验证码和投票日期是否过期:

新建vote.php:

<?php 
   include("sqlsafe.php");
   echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
   include("conn.php");
   
   @session_start();
   $ss = $_POST;
   if($_POST[num] != (count($ss)-2)){
      echo "<script>alert('请完善你的选择');</script>";
      echo "<script>history.go(-1);</script>";   
      exit();
   }
   if($_POST['code_num'] != $_SESSION['VCODE'] || $_POST['code_num']==''){
      echo "<script>alert('验证码错误');</script>";
      echo "<script>history.go(-1);</script>";   
      exit();    
   }
   
   function voteing($ss, $db)
   {
      $success = true;
      foreach($ss as &$value){
         $result = $db->query("select votenum from voteoption where cid='".$value."';");
         $row = mysqli_fetch_assoc($result);
         $result = $db->query("update voteoption set votenum='".($row['votenum']+1)."' where cid='".$value."'");
         if(!$result){
            $success = false;
         }
      }
      if($success){
         foreach($ss as $key => $value){
            $result = $db->query("select sum(votenum) from voteoption where upid='".$key."';");
            $row = mysqli_fetch_assoc($result);
            $result = $db->query("update votename set sumvotenum='".$row['sum(votenum)']."' where cid='$key';");
            if(!$result){
               $success = false;
            }
         }
         if($success){
            return true;
         }
      }
      return false;
   }  
   
   
   $result = $db->query("select * from sysconfig");
   $row = mysqli_fetch_assoc($result);
   
   $now = mktime(0, 0, 0, date("m")  , date("d"), date("Y"));
   $dietimelist = explode("-",$row['dietime']);
   $dietime = mktime(0, 0, 0, $dietimelist[1]  , $dietimelist[2], $dietimelist[0]);
   if(round(($dietime-$now)/3600/24) < 0){
      echo "<script>alert('已经过了投票日期');</script>";
      echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">";
      exit();
   }
   
   if($row['method'] == 1){//ip统计投票
      $clientip = getenv("REMOTE_ADDR");
      $ips = $db->query("select ip from voteips where ip='$clientip';");
      if($ips->num_rows > 0){
         echo "<script>alert('你已经投过票了');</script>";
         echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">";
         exit();
      }else{
         voteing($ss, $db);
         $db->query("insert into voteips (ip) values ('$clientip');");
         echo "<script>alert('投票成功');</script>";
         echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">";  
         exit();
      }
      
      
   }else if($row['method'] == 2){//登录投票
      if($_SESSION['user'] == true){
         $test = $db->query("select isvote from users where username='".$_SESSION['name']."';");
         $test_row = mysqli_fetch_assoc($test);
         if($test_row['isvote']==1){
            echo "<script>alert('你已经投过票了');</script>";
            echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">";
            exit();
         }else{
            voteing($ss, $db);
            $db->query("update users set isvote='1' where username='".$_SESSION['name']."';");
            echo "<script>alert('投票成功');</script>";
            echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">";
            exit();
         }
      }else{
         echo "<script>alert('请登录再投票');</script>";
         echo "<script>history.go(-1);</script>";
         exit();
      }
      
   }
   
   
   
?>

新建sqlsafe.php:

<?php
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
//要过滤的非法字符
$ArrFiltrate=array(" ",";","union","'","and","or");
//出错后要跳转的url,不填则默认前一页
$StrGoUrl="";
//是否存在数组中的值
function FunStringExist($StrFiltrate,$ArrFiltrate){
foreach ($ArrFiltrate as $key=>$value){
if (eregi($value,$StrFiltrate)){
return true;
}
}
return false;
}
//合并$_POST 和 $_GET
if(function_exists(array_merge)){
$ArrPostAndGet=array_merge($HTTP_POST_VARS,$HTTP_GET_VARS);
}else{
foreach($HTTP_POST_VARS as $key=>$value){
$ArrPostAndGet[]=$value;
}
foreach($HTTP_GET_VARS as $key=>$value){
$ArrPostAndGet[]=$value;
}
}
//验证开始
foreach($ArrPostAndGet as $key=>$value){
if (FunStringExist($value,$ArrFiltrate)){
echo '<script language="javascript">alert("非法字符");</script>';
if (empty($StrGoUrl)){
echo '<script language="javascript">history.go(-1);</script>';
}else{
echo '<script language="javascript">window.location="'.$StrGoUrl.'";</script>';
}
exit;
}
}
?>

展示页面,新建index.php页面:

<?php 
   include("conn.php");
   @session_start();
   header("Cache-control:private");
   if( isset($_GET['do'])?$_GET['do']:''){
      if($_GET['do']=="logout"){
         unset($_SESSION['user']);
         unset($_SESSION['name']);
         @session_destroy();
      }
   }
   $result = $db->query("select * from sysconfig");
   $row = mysqli_fetch_assoc($result);
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="initial-scale=2.0,width=device-width" /> 
<title></title>
<script type="text/javascript" src="admin/js/jquery.min.js"></script>
<link rel="stylesheet" href="main.css" type="text/css" media="screen" />
</head>
<body>
<div class="main">
   <div style="width:auto; height:auto; background:#F9F9F9; border-bottom:solid #F0F0F0 1px; text-align:right; ">
      <div style=" padding:0.25em  0.5em 0.25em  0;">
      <?php if( !isset($_SESSION['user']) || $_SESSION['user']!==true ){ ?>
         <a href="admin/login.html">登录投票</a>
      <?php }else{ ?>
         <span>你好,<?php echo $_SESSION['name']; ?></span>
         <a href="admin/index.php">&nbsp;查看投票数据</a>
         <a href="index.php?do=logout">&nbsp;登出</a>
      <?php } ?>
      </div>
   </div>
   <form action="vote.php" method="post">
   <div class="content">
      <div>
         <h1><?php echo $row['vote_name']; ?></h1>
         <div class="description">
            <?php echo $row['description']; ?>
         </div>
      </div>
      
      <?php
         $num = 0;
         $result_name = $db->query ( "select * from votename" );
         while ( $row_name = mysqli_fetch_assoc ( $result_name ) ) {
         $num += 1;
      ?>
      <div class="mcontent">
         <h3><?php echo $num.".".$row_name['question_name']; ?></h3>
         <?php
            $result_option = $db->query ( "select * from voteoption where upid='" . $row_name ['cid'] . "';" );
            while ( $row_option = mysqli_fetch_assoc ( $result_option ) ) {
         ?>
         <div class="obox">
            <?php
                  echo '<input name="'.$row_name['cid'].'" type="radio" value="'.$row_option['cid'].'">'.$row_option['optionname'];
            ?>
         </div>
         <?php } ?>
         <div style="clear:both;"></div>
      </div>
      <?php } ?>
      <?php if($result_name->num_rows > 0){
      ?>
      <div class="votebu">
         <input style="width:4em; height:1em; float:left;" type="text" name="code_num" maxlength="4" />
         <img style="float:left;" onClick="this.src='img.php'" src="img.php"  alt="看不清,点击换一张">
         <input style="float:left; margin-left:0.5em;" name="" type="submit" value="投票">
         <input name="num" type="hidden" value="<?php echo $num; ?>">
         <div style="clear:both;"></div>
      </div>
      <?php }else{ ?>
         <h1>当前没有投票</h1>
      <?php } ?>
      <br>
   </div>
  </form>
   
</div>
</body>
</html>

效果展示:

gif5新文件 (38).gif

Weiter lernen
||
<?php echo "前端用户观看界面";
einreichenCode zurücksetzen