0

使用此代码,我想将其转换为当用户单击按钮时,它首先验证他们是否要下载文件,如果单击是,则从 $userpoints 中减去 100 分(然后更新 mysql 表,但我知道如何做到这一点),我需要帮助的是让代码在有人单击按钮时运行。此外,我想给他们下载,而不让他们获得可以重复使用的 url。要么不向他们显示 url,要么使其成为唯一的一次性代码。

<?php                       
                    //If submit form was clicked
                    if(isset($_POST['submit'])) {
                        //Server side validation for security purposes
                        if($userpoints >= 100) {
                            mysqli_query($con,"UPDATE users SET points = points - 100 WHERE users.user_name = '$username' LIMIT 1");
                            $filename = 'ibelongwithyou.mp3';
                            $filepath = '/home4/saintfiv/downloads/';
                            header("Content-Length: ".filesize($filepath.$filename));
                            header("Content-Disposition: attachment; filename=I Belong With You.mp3");
                            readfile($filepath.$filename);
                        }else {
                            header("Location: index.php?error=1");
                        }
                    }
                    ?>
                    <form method="post" action="index.php">
                    <?php
                        if ($userpoints >= 100) {
                            echo '<input type="submit" name="submit" value="100pts">';
                        } else {
                            echo '<input type="submit" name="submit" value="100pts" disabled title="You need at least 100 points for this download">';
                        }
                        if(isset($_GET['error']) && $_GET['error'] == 1) {
                            echo "Error, you must have atleast 100points";
                        }
                    ?>
                    </form>

使用此更新的代码,刷新后似乎仍在注册单击提交。还有一些奇怪的事情发生在一堆随机字符上,这些字符一直在页面上向下移动。

4

1 回答 1

0

我没有包含 Javascript/jQuery 来验证按钮单击,这完全取决于您是否包含客户端验证。此外,您必须像我所做的那样为将来的 sql 语句存储用户的user_id用户名,我假设您正在使用$_SESSION['user_id']来查找真实用户。

<?php
session_start();

function getPoints() {
    //you must store the user_id atleast for a session or even the username on how you db really done
    //find the data where the USER_ID is the same as $_SESSION['user_id']
    //then we need to get the 'points' field to pass into a variable $userpoints
    $result = mysqli_query($con,"SELECT * FROM users WHERE user_id = ".$_SESSION['user_id']);
    $row = mysqli_fetch_array($result);
    return $row['points'];
}
//If submit form was clicked
if(isset($_POST['submit'])) {
    //Server side validation for security purposes
    if(getPoints() >= 100) {
        mysqli_query($con,"UPDATE users SET points = points - 100 WHERE users.user_name = '$username' LIMIT 1");
    }else {
        header("Location: index.php?error=1");
    }
}
?>
<html>
    <head>
        <title>Sample Point Downloading</title>
        <script><!-- Javascript here for Validation --></script>
    </head>
    <form method="post" action="index.php">
        <?php
        if (getPoints() >= 100) {
            echo '<input type="submit" name="submit" value="100pts">';
        } else {
            echo '<input type="submit" name="submit" value="100pts" disabled title="You need at least 100 points for this download">';  
        }
        if(isset($_GET['error']) && $_GET['error'] == 1) {
            echo "Error, you must have atleast 100points";
        }
        ?>
    </form>
</html>
于 2013-04-07T06:25:34.463 回答