Discuz插件PHP代码问题
代码如下:
<?php
if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
$var=$_G['cache']['plugin']['lwn_downcs_dzx'];
loadcache('usergroups');
$notice=nl2br($var['notice']);
$cpadmin=unserialize($var['apigroup']);
$navtitle=$var['pluginame'];
if(!$var['open'] && $_G['adminid'] != 1) showmessage($var[closemsg], "index.php");
$action = empty($_G['gp_action']) ? '' : $_G['gp_action'];
$aid=$_G['gp_aid'];
$name=$_G['gp_name'];
$version=$_G['gp_version'];
$url=$_G['gp_url'];
$time=$_G['gp_time'];
$thumb=$_G['gp_thumb'];
$description=$_G['gp_description'];
$charset=$_G['gp_charset'];
$greenplugin=$_G['gp_greenplugin'];
if($action=='add'){
$act='add';
}elseif($action=='edit'){
$act='edit';
}
if($action=='add' && submitcheck('addsubmit')){
if (!in_array($_G['groupid'], $cpadmin)){
showmessage('lwn_downcs_dzx:not_allow','index.php');
}
$sql=DB::query("INSERT INTO `".DB::table('lwn_downcs_dzx')."` (`name`, `version`, `url`, `time`, `thumb`, `description`, `charset`, `greenplugin`, `uid`) VALUES ('$name', '$version', '$url', '$time', '$thumb', '$description', '$charset', '$greenplugin', '$_G[uid]');");
if($sql){
showmessage('lwn_downcs_dzx:add_sus','plugin.php?id=lwn_downcs_dzx:api');
}else{
showmessage('lwn_downcs_dzx:add_err','plugin.php?id=lwn_downcs_dzx:api');
}
}elseif($action=='edit'){
$ed = DB::fetch_first("select * from ".DB::table('lwn_downcs_dzx')." where id='$aid'");
if($_G['adminid'] != 1 && $ed['uid'] != $_G['uid']){
showmessage('lwn_downcs_dzx:not_allow', 'index.php');
}
if($action=='edit' && submitcheck('addsubmit')){
DB::query("UPDATE ".DB::table('lwn_downcs_dzx')." SET name='$name',version='$version',url='$url',time='$time',thumb='$thumb',description='$description',charset='$charset',greenplugin='$greenplugin' WHERE id='$aid'");
showmessage('lwn_downcs_dzx:edit_sus','plugin.php?id=lwn_downcs_dzx:api');
}
}
elseif($action=='del'){
$ed = DB::fetch_first("select * from ".DB::table('lwn_downcs_dzx')." where id='$aid'");
if($_G['adminid'] != 1 && $ed['uid'] != $_G['uid']){
showmessage('lwn_downcs_dzx:not_allow', 'index.php');
}
DB::query("DELETE FROM ".DB::table('lwn_downcs_dzx')." WHERE id='$aid'");
showmessage('lwn_downcs_dzx:del_sus','plugin.php?id=lwn_downcs_dzx:api');
}else{
$perpage = $var[nums];
$n = DB::query("select id,name,version,url,description,uid from ".DB::table('lwn_downcs_dzx'));
$hnum = DB::num_rows($n);
$page = max(1, $_G['gp_page']);
$start = ($page-1)*$perpage;
$hquery = DB::query("select id,name,version,url,description,uid from ".DB::table('lwn_downcs_dzx')." ORDER BY id DESC limit $start,$perpage");
while($hresult = DB::fetch($hquery)){
$hlist[] = $hresult;
}
$multi = multi($hnum, $perpage, $page, "plugin.php?id=lwn_downcs_dzx:api");
}
include template('lwn_downcs_dzx:api');
?>
安全问题,求救。
答案:LZ是准备参加Discuz!的插件比赛吧?
基本没什么大问题,不过要注意下代码格式的规范。
if($action=='add'){
$act='add';
}elseif($action=='edit'){
$act='edit';
}
为什么不直接写成:$act = $action; 呢?
其他:我觉得没有什么问题...但只代表个人看法
上一个:想学习PHP,需要什么软件,怎么配置
下一个:会asp,但感觉asp要过点,想学php。但我一般做的都是小公司的站,用access数