前端用户使用界面
验证码和投票日期是否过期:
新建vote.php:
<?php
include("sqlsafe.php");
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
include("conn.php");
@session_start();
$ss = $_POST;
if($_POST[num] != (count($ss)-2)){
echo "<script>alert('请完善你的选择');</script>";
echo "<script>history.go(-1);</script>";
exit();
}
if($_POST['code_num'] != $_SESSION['VCODE'] || $_POST['code_num']==''){
echo "<script>alert('验证码错误');</script>";
echo "<script>history.go(-1);</script>";
exit();
}
function voteing($ss, $db)
{
$success = true;
foreach($ss as &$value){
$result = $db->query("select votenum from voteoption where cid='".$value."';");
$row = mysqli_fetch_assoc($result);
$result = $db->query("update voteoption set votenum='".($row['votenum']+1)."' where cid='".$value."'");
if(!$result){
$success = false;
}
}
if($success){
foreach($ss as $key => $value){
$result = $db->query("select sum(votenum) from voteoption where upid='".$key."';");
$row = mysqli_fetch_assoc($result);
$result = $db->query("update votename set sumvotenum='".$row['sum(votenum)']."' where cid='$key';");
if(!$result){
$success = false;
}
}
if($success){
return true;
}
}
return false;
}
$result = $db->query("select * from sysconfig");
$row = mysqli_fetch_assoc($result);
$now = mktime(0, 0, 0, date("m") , date("d"), date("Y"));
$dietimelist = explode("-",$row['dietime']);
$dietime = mktime(0, 0, 0, $dietimelist[1] , $dietimelist[2], $dietimelist[0]);
if(round(($dietime-$now)/3600/24) < 0){
echo "<script>alert('已经过了投票日期');</script>";
echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">";
exit();
}
if($row['method'] == 1){//ip统计投票
$clientip = getenv("REMOTE_ADDR");
$ips = $db->query("select ip from voteips where ip='$clientip';");
if($ips->num_rows > 0){
echo "<script>alert('你已经投过票了');</script>";
echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">";
exit();
}else{
voteing($ss, $db);
$db->query("insert into voteips (ip) values ('$clientip');");
echo "<script>alert('投票成功');</script>";
echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">";
exit();
}
}else if($row['method'] == 2){//登录投票
if($_SESSION['user'] == true){
$test = $db->query("select isvote from users where username='".$_SESSION['name']."';");
$test_row = mysqli_fetch_assoc($test);
if($test_row['isvote']==1){
echo "<script>alert('你已经投过票了');</script>";
echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">";
exit();
}else{
voteing($ss, $db);
$db->query("update users set isvote='1' where username='".$_SESSION['name']."';");
echo "<script>alert('投票成功');</script>";
echo "<meta http-equiv=\"Refresh\" content=\"0;url=index.php\">";
exit();
}
}else{
echo "<script>alert('请登录再投票');</script>";
echo "<script>history.go(-1);</script>";
exit();
}
}
?>新建sqlsafe.php:
<?php
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
//要过滤的非法字符
$ArrFiltrate=array(" ",";","union","'","and","or");
//出错后要跳转的url,不填则默认前一页
$StrGoUrl="";
//是否存在数组中的值
function FunStringExist($StrFiltrate,$ArrFiltrate){
foreach ($ArrFiltrate as $key=>$value){
if (eregi($value,$StrFiltrate)){
return true;
}
}
return false;
}
//合并$_POST 和 $_GET
if(function_exists(array_merge)){
$ArrPostAndGet=array_merge($HTTP_POST_VARS,$HTTP_GET_VARS);
}else{
foreach($HTTP_POST_VARS as $key=>$value){
$ArrPostAndGet[]=$value;
}
foreach($HTTP_GET_VARS as $key=>$value){
$ArrPostAndGet[]=$value;
}
}
//验证开始
foreach($ArrPostAndGet as $key=>$value){
if (FunStringExist($value,$ArrFiltrate)){
echo '<script language="javascript">alert("非法字符");</script>';
if (empty($StrGoUrl)){
echo '<script language="javascript">history.go(-1);</script>';
}else{
echo '<script language="javascript">window.location="'.$StrGoUrl.'";</script>';
}
exit;
}
}
?>展示页面,新建index.php页面:
<?php
include("conn.php");
@session_start();
header("Cache-control:private");
if( isset($_GET['do'])?$_GET['do']:''){
if($_GET['do']=="logout"){
unset($_SESSION['user']);
unset($_SESSION['name']);
@session_destroy();
}
}
$result = $db->query("select * from sysconfig");
$row = mysqli_fetch_assoc($result);
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="initial-scale=2.0,width=device-width" />
<title></title>
<script type="text/javascript" src="admin/js/jquery.min.js"></script>
<link rel="stylesheet" href="main.css" type="text/css" media="screen" />
</head>
<body>
<div class="main">
<div style="width:auto; height:auto; background:#F9F9F9; border-bottom:solid #F0F0F0 1px; text-align:right; ">
<div style=" padding:0.25em 0.5em 0.25em 0;">
<?php if( !isset($_SESSION['user']) || $_SESSION['user']!==true ){ ?>
<a href="admin/login.html">登录投票</a>
<?php }else{ ?>
<span>你好,<?php echo $_SESSION['name']; ?></span>
<a href="admin/index.php"> 查看投票数据</a>
<a href="index.php?do=logout"> 登出</a>
<?php } ?>
</div>
</div>
<form action="vote.php" method="post">
<div class="content">
<div>
<h1><?php echo $row['vote_name']; ?></h1>
<div class="description">
<?php echo $row['description']; ?>
</div>
</div>
<?php
$num = 0;
$result_name = $db->query ( "select * from votename" );
while ( $row_name = mysqli_fetch_assoc ( $result_name ) ) {
$num += 1;
?>
<div class="mcontent">
<h3><?php echo $num.".".$row_name['question_name']; ?></h3>
<?php
$result_option = $db->query ( "select * from voteoption where upid='" . $row_name ['cid'] . "';" );
while ( $row_option = mysqli_fetch_assoc ( $result_option ) ) {
?>
<div class="obox">
<?php
echo '<input name="'.$row_name['cid'].'" type="radio" value="'.$row_option['cid'].'">'.$row_option['optionname'];
?>
</div>
<?php } ?>
<div style="clear:both;"></div>
</div>
<?php } ?>
<?php if($result_name->num_rows > 0){
?>
<div class="votebu">
<input style="width:4em; height:1em; float:left;" type="text" name="code_num" maxlength="4" />
<img style="float:left;" onClick="this.src='img.php'" src="img.php" alt="看不清,点击换一张">
<input style="float:left; margin-left:0.5em;" name="" type="submit" value="投票">
<input name="num" type="hidden" value="<?php echo $num; ?>">
<div style="clear:both;"></div>
</div>
<?php }else{ ?>
<h1>当前没有投票</h1>
<?php } ?>
<br>
</div>
</form>
</div>
</body>
</html>效果展示:
