--- fenglin/bbs/ch_username_sub.php	2004/12/01 05:59:06	1.2
+++ fenglin/bbs/ch_username_sub.php	2004/12/05 10:00:19	1.3
@@ -10,6 +10,13 @@ if ($_SESSION["BBS_uid"]==0)
 	exit();
 } 
 
+$permit = false;
+if (ereg("^[A-Za-z]{3,12}$",$_SESSION["BBS_username"]))
+{
+	error_msg ("您无权修改用户名！", true);
+	exit();
+}
+
 $username=htmlspecialchars(trim($_POST["username"]));
 $username=addslashes($username);
 
@@ -26,20 +33,6 @@ if (!check_str($username))
 
 $db_conn=include "./db_open.inc.php";
 
-$permit = false;
-$rs = mysql_query("select m_username from user_list where UID=".$_SESSION["BBS_uid"])
-	or die("Query status error!");
-if ($row=mysql_fetch_array($rs))
-	$permit = $row["m_username"];
-else
-	$permit = false;
-mysql_free_result($rs);
-if (!$permit)
-{
-	error_msg ("您无权修改用户名！", false, true);
-	exit();
-}
-
 $rs=mysql_query("select UID from user_list where username='$username' limit 1");
 if (mysql_num_rows($rs)>0)
 {
@@ -48,31 +41,13 @@ if (mysql_num_rows($rs)>0)
 }
 mysql_free_result($rs);
 
-mysql_query("update user_list set username='$username', m_username = 0".
+mysql_query("update user_list set username='$username'".
 	" where UID=".$_SESSION["BBS_uid"])
 	or die("Update error!");
 
 mysql_close($db_conn);
-?>
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
-<title>更改用户名</title>
-<link rel="stylesheet" href="css/default.css" type="text/css">
-</head>
-<body>
-		<p align="center">
-			&nbsp;
-		</p>
-		<p align="center">
-			更改用户名完成，以后请使用新的用户名登陆。
-		</p>
-		<p align="center">
-			[<a class="s2" href="javascript:self.close()">关闭窗口</a>]
-		</p>
-		<p align="center">
-			&nbsp;
-		</p>
-</body>
-</html>
 
+$_SESSION["BBS_username"] = $username;
+
+header ("Location: main.php");
+?>