答案:
admin.php3
<?
INCLUDE("layout.inc.php3");
INCLUDE("config.inc.php3");
INCLUDE("./lang/$language.inc.php3");
print_header("$admin_name");
print_navbar();
$string=implode($argv," ");
$string2=explode("&",$string);
if($string=='')
{
echo"
<p align=center>$program_name Version: $ver<br><br>Administration:</p>
<form method=POST action=\"admin.php3?admin\">
<table border=0 width=50%>
<tr><td>$admin_username:</td><td><input type=text name=adminuser1></td></tr>
<tr><td>$admin_password:</td><td><input type=password name=adminpass1></td></tr>
<tr><td></td><td><input type=submit value=\"$send\"><input type=reset value=$reset></td></tr>
</table>
</form>
";
}
else if($string=='admin')
{
if($adminuser1==$adminuser)
{
if($adminpass1==$adminpass)
{
echo"
<p align=center>$admin_name:</p>
<a href=> <a href=> <a href=> <a href=> ";
}
else { echo"$noaccess"; }
}
else { echo"$noaccess"; }
}
else if($string2[0]=='delall')
{
if($string2[1]==$adminuser)
{
if($string2[2]==$adminpass)
{
$query="DROP TABLE $maillist_table";
mysql_db_query($database_name,$query,$conn) or die("$cant_del_table");
echo"$table_deleted";
}
else { echo"$noaccess"; }
}
else { echo"$noaccess"; }
}
else if($string2[0]=='users')
{
if($string2[1]==$adminuser)
{
if($string2[2]==$adminpass)
{
echo"
$headline_users<br><br>
<table border=0 width=100% cellspacing=1><tr bgcolor=\"#000084\"><td width=25%>Name:</td><td width=25%>$prename:</td><td width=25%>E-Mail</td><td width=25%> </td></tr>
";
$query="SELECT * from $maillist_table";
$result=mysql_db_query($database_name,$query,$conn) or die("$database_error");
while($data=mysql_fetch_row($result))
{
echo"<tr bgcolor=\"#0000A0\"><td>$data[0]</td><td>$data[1]</td><td>$data[2]</td><td><a href=> }
echo"
</table>
";
}
else { echo"$noaccess"; }
}
else { echo"$noaccess"; }
}
else if($string2[0]=='deluser')
{
if($string2[1]==$adminuser)
{
if($string2[2]==$adminpass)
{
$query="DELETE FROM $maillist_table WHERE email='$string2[3]'";
mysql_db_query($database_name,$query,$conn) or die("$string2[3] $could_not_be_deleted");
echo"$string2[3] has_been_deleted";
}
else { echo"$noaccess"; }
}
else { echo"$noaccess"; }
}
else if($string2[0]=='send')
{
if($string2[1]==$adminuser)
{
if($string2[2]==$adminpass)
{
echo"
$send_mail:<br><br>
<form method=POST action=admin.php3?sendmail&$string2[1]&$string2[2]>
$topic:<br><input type=text name=subject><br>
$message:<br><textarea rows=20 cols=50 name=text wrap=physical></textarea><br>
<input type=submit value=\"$send\"><input type=reset value=\"$reset\">
";
}
else { echo"$noaccess"; }
}
else { echo"$noaccess"; }
}
else if($string2[0]=='sendmail')
{
if($string2[1]==$adminuser)
{
if($string2[2]==$adminpass)
{
$query="SELECT * FROM $maillist_table";
$result=mysql_db_query($database_name,$query,$conn) or die("$database_error");
while($data=mysql_fetch_row($result))
{
mail("$data[2]","$subject","$text","From: $from\nX-Mailer: $mailer\nReply-To: $reply\n") or die("$send_error");
}
echo"
$xxx_has_been_sent:<br><br>
上一个:呀,我才发现我居然一点注释都没有啊!连我都看不懂了。算了,把FORM的内容也给你吧!
下一个:转义符的一点总结