46 lines
1.1 KiB
PHP
46 lines
1.1 KiB
PHP
|
<?php
|
|||
|
|
session_start();
|
|||
|
|
require_once('./config.php');
|
|||
|
|
|
|||
|
|
// 验证用户是否登录
|
|||
|
|
if (!isset($_SESSION['user_id'])) {
|
|||
|
|
die("未授权访问!");
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 获取当前用户ID
|
|||
|
|
$currentUserId = $_SESSION['user_id'];
|
|||
|
|
|
|||
|
|
// 查询当前用户等级
|
|||
|
|
$stmt = $conn->prepare("SELECT level FROM users WHERE id = ?");
|
|||
|
|
$stmt->bind_param("i", $currentUserId);
|
|||
|
|
$stmt->execute();
|
|||
|
|
$result = $stmt->get_result();
|
|||
|
|
$userData = $result->fetch_assoc();
|
|||
|
|
$stmt->close();
|
|||
|
|
|
|||
|
|
// 检查是否为管理员(等级4)
|
|||
|
|
if ($userData['level'] != 4) {
|
|||
|
|
die("权限不足!");
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 处理编辑用户逻辑
|
|||
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|||
|
|
$userId = $_POST['user_id'];
|
|||
|
|
$username = $_POST['username'];
|
|||
|
|
$level = $_POST['level'];
|
|||
|
|
$points = $_POST['points'];
|
|||
|
|
$email = $_POST['email'];
|
|||
|
|
|
|||
|
|
$stmt = $conn->prepare("UPDATE users SET username=?, level=?, points=?, email=? WHERE id=?");
|
|||
|
|
$stmt->bind_param("siisi", $username, $level, $points, $email, $userId);
|
|||
|
|
|
|||
|
|
if ($stmt->execute()) {
|
|||
|
|
echo "用户更新成功!";
|
|||
|
|
} else {
|
|||
|
|
echo "更新失败:" . $stmt->error;
|
|||
|
|
}
|
|||
|
|
$stmt->close();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
$conn->close();
|
|||
|
|
?>
|