@ -17,7 +17,7 @@ function update_token(QueryManager $manager_result, $msg)
$manager = $manager_result->getManagerResult();
$manager->setLastIp(get_remote_ip());
$manager->setLastTime(date(default_format));
DbUtil::update("update manager set last_ip=?,last_time=? where manager_name=?", "sss", $manager->getLastIp(), $manager->getLastTime(), $manager->getManagerName());
DbUtil::update("update manager set last_ip=?,last_time=? where manager_name=?", null, "sss", $manager->getLastIp(), $manager->getLastTime(), $manager->getManagerName());
// 跳转到首页
if ($_SERVER["SCRIPT_NAME"] == "/admin/Manager.php") {
@ -57,7 +57,12 @@ function check_login()
{
if (!empty($_COOKIE["login_token"]) and !empty($_COOKIE["manager_name"])) {
$manager_result = new QueryManager();
try {
DbUtil::query("select * from manager where manager_name=?", $manager_result, array($_COOKIE["manager_name"]));
} catch (Exception $e) {
error_res("系统出现严重异常,请联系管理员", "/");
return false;
}
// 验证cookie身份信息有效性
if (empty($manager_result) or $_COOKIE["login_token"] != $manager_result->getManagerResult()->loginToken()) {
DbUtil::query("select * from manager where manager_name=? and manager_pwd=?", $manager_result, array($_POST["manager_name"], md5($_POST["manager_pwd"])));
DbUtil::query("select * from answer where question_id=?", $query_result, array($_GET["question_id"]));
} catch (Exception $e) {
error_res("系统出现严重异常,请联系管理员", "/");
return;
}
if (empty($query_result->getAnswerArray())) {
error_res("问题id不合法", "/admin/Question.php");
} else {
@ -266,7 +276,7 @@ EOF;
error_res("非法参数id", "/admin/Question.php");
} else {
try {
DbUtil::delete("DELETE q,a FROM question as q,answer as a WHERE q.question_id=a.question_id and q.question_id=?", "i", (int)$_GET["question_id"]);
DbUtil::delete("DELETE q,a FROM question as q,answer as a WHERE q.question_id=a.question_id and q.question_id=?", null, "i", (int)$_GET["question_id"]);
DbUtil::query("select * from garbage where category=? limit ?,?", $garbage_query, array($category_param, ($page - 1) * $page_size, $page_size));
if (empty($garbage_query->getResultList())) {
} else {
DbUtil::query("select * from garbage where category=? and name like ? limit ?,?", $garbage_query, array($category_param, "%" . $name_param . "%", ($page - 1) * $page_size, $page_size));
}
} catch (Exception $e) {
error_res("系统出现严重异常,请联系管理员", "/");
return;
}
if (empty($garbage_query->getGarbageObjArray())) {