Antara muka pengguna bahagian hadapan
Sama ada kod pengesahan dan tarikh mengundi telah tamat tempoh:
Undi baharu.php:
<?php include("sqlsafe.php"); echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />'; include("conn.php"); @session_start(); $ss = $_POST; if($_POST[num] != (count($ss)-2)){ echo "<script>alert('请完善你的选择');</script>"; echo "<script>history.go(-1);</script>"; exit(); } if($_POST['code_num'] != $_SESSION['VCODE'] || $_POST['code_num']==''){ echo "<script>alert('验证码错误');</script>"; echo "<script>history.go(-1);</script>"; exit(); } function voteing($ss, $db) { $success = true; foreach($ss as &$value){ $result = $db->query("select votenum from voteoption where cid='".$value."';"); $row = mysqli_fetch_assoc($result); $result = $db->query("update voteoption set votenum='".($row['votenum']+1)."' where cid='".$value."'"); if(!$result){ $success = false; } } if($success){ foreach($ss as $key => $value){ $result = $db->query("select sum(votenum) from voteoption where upid='".$key."';"); $row = mysqli_fetch_assoc($result); $result = $db->query("update votename set sumvotenum='".$row['sum(votenum)']."' where cid='$key';"); if(!$result){ $success = false; } } if($success){ return true; } } return false; } $result = $db->query("select * from sysconfig"); $row = mysqli_fetch_assoc($result); $now = mktime(0, 0, 0, date("m") , date("d"), date("Y")); $dietimelist = explode("-",$row['dietime']); $dietime = mktime(0, 0, 0, $dietimelist[1] , $dietimelist[2], $dietimelist[0]); if(round(($dietime-$now)/3600/24) < 0){ echo "<script>alert('已经过了投票日期');</script>"; echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">"; exit(); } if($row['method'] == 1){//ip统计投票 $clientip = getenv("REMOTE_ADDR"); $ips = $db->query("select ip from voteips where ip='$clientip';"); if($ips->num_rows > 0){ echo "<script>alert('你已经投过票了');</script>"; echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">"; exit(); }else{ voteing($ss, $db); $db->query("insert into voteips (ip) values ('$clientip');"); echo "<script>alert('投票成功');</script>"; echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">"; exit(); } }else if($row['method'] == 2){//登录投票 if($_SESSION['user'] == true){ $test = $db->query("select isvote from users where username='".$_SESSION['name']."';"); $test_row = mysqli_fetch_assoc($test); if($test_row['isvote']==1){ echo "<script>alert('你已经投过票了');</script>"; echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">"; exit(); }else{ voteing($ss, $db); $db->query("update users set isvote='1' where username='".$_SESSION['name']."';"); echo "<script>alert('投票成功');</script>"; echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">"; exit(); } }else{ echo "<script>alert('请登录再投票');</script>"; echo "<script>history.go(-1);</script>"; exit(); } } ?>
Sqlsafe.php baharu:
<?php echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />'; //要过滤的非法字符 $ArrFiltrate=array(" ",";","union","'","and","or"); //出错后要跳转的url,不填则默认前一页 $StrGoUrl=""; //是否存在数组中的值 function FunStringExist($StrFiltrate,$ArrFiltrate){ foreach ($ArrFiltrate as $key=>$value){ if (eregi($value,$StrFiltrate)){ return true; } } return false; } //合并$_POST 和 $_GET if(function_exists(array_merge)){ $ArrPostAndGet=array_merge($HTTP_POST_VARS,$HTTP_GET_VARS); }else{ foreach($HTTP_POST_VARS as $key=>$value){ $ArrPostAndGet[]=$value; } foreach($HTTP_GET_VARS as $key=>$value){ $ArrPostAndGet[]=$value; } } //验证开始 foreach($ArrPostAndGet as $key=>$value){ if (FunStringExist($value,$ArrFiltrate)){ echo '<script language="javascript">alert("非法字符");</script>'; if (empty($StrGoUrl)){ echo '<script language="javascript">history.go(-1);</script>'; }else{ echo '<script language="javascript">window.location="'.$StrGoUrl.'";</script>'; } exit; } } ?>
Halaman Paparan index.php baharu halaman:
<?php include("conn.php"); @session_start(); header("Cache-control:private"); if( isset($_GET['do'])?$_GET['do']:''){ if($_GET['do']=="logout"){ unset($_SESSION['user']); unset($_SESSION['name']); @session_destroy(); } } $result = $db->query("select * from sysconfig"); $row = mysqli_fetch_assoc($result); ?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="viewport" content="initial-scale=2.0,width=device-width" /> <title></title> <script type="text/javascript" src="admin/js/jquery.min.js"></script> <link rel="stylesheet" href="main.css" type="text/css" media="screen" /> </head> <body> <div class="main"> <div style="width:auto; height:auto; background:#F9F9F9; border-bottom:solid #F0F0F0 1px; text-align:right; "> <div style=" padding:0.25em 0.5em 0.25em 0;"> <?php if( !isset($_SESSION['user']) || $_SESSION['user']!==true ){ ?> <a href="admin/login.html">登录投票</a> <?php }else{ ?> <span>你好,<?php echo $_SESSION['name']; ?></span> <a href="admin/index.php"> 查看投票数据</a> <a href="index.php?do=logout"> 登出</a> <?php } ?> </div> </div> <form action="vote.php" method="post"> <div class="content"> <div> <h1><?php echo $row['vote_name']; ?></h1> <div class="description"> <?php echo $row['description']; ?> </div> </div> <?php $num = 0; $result_name = $db->query ( "select * from votename" ); while ( $row_name = mysqli_fetch_assoc ( $result_name ) ) { $num += 1; ?> <div class="mcontent"> <h3><?php echo $num.".".$row_name['question_name']; ?></h3> <?php $result_option = $db->query ( "select * from voteoption where upid='" . $row_name ['cid'] . "';" ); while ( $row_option = mysqli_fetch_assoc ( $result_option ) ) { ?> <div class="obox"> <?php echo '<input name="'.$row_name['cid'].'" type="radio" value="'.$row_option['cid'].'">'.$row_option['optionname']; ?> </div> <?php } ?> <div style="clear:both;"></div> </div> <?php } ?> <?php if($result_name->num_rows > 0){ ?> <div class="votebu"> <input style="width:4em; height:1em; float:left;" type="text" name="code_num" maxlength="4" /> <img style="float:left;" onClick="this.src='img.php'" src="img.php" alt="看不清,点击换一张"> <input style="float:left; margin-left:0.5em;" name="" type="submit" value="投票"> <input name="num" type="hidden" value="<?php echo $num; ?>"> <div style="clear:both;"></div> </div> <?php }else{ ?> <h1>当前没有投票</h1> <?php } ?> <br> </div> </form> </div> </body> </html>
Paparan kesan: