} break; case 'type': $id = sqlReplace(trim($_GET['id'])); $id = checkData($id, "ID", 0); $sql = "select * from qiyu_comment where comment_id=" . $id; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if (!$row) { alertInfo('您要审核的数据不存在', '', 1); } else { $sql2 = "update qiyu_comment set comment_type='1' where comment_id=" . $id; if (mysql_query($sql2)) { alertInfo('审核成功', '', 1); } else { alertInfo('审核失败,原因SQL出现异常', '', 1); } } break; case "savetime": $i = trim($_POST['i']); for ($x = 1; $x <= $i; $x++) { $id = $_POST['id' . $x]; $id = checkData($id, 'ID', 0); $time = $_POST['time' . $x]; $sql = "update " . WIIDBPRE . "_comment set comment_addtime='" . $time . "' where comment_id=" . $id; mysql_query($sql); } alertInfo('保存成功!', "", 1); break; }
$print = sqlReplace(trim($_POST['yunprint'])); $num = sqlReplace(trim($_POST['yunprintnum'])); $sql = "update qiyu_site set site_yunprint='" . $print . "',site_yunprintnum='" . $num . "'"; if (mysql_query($sql)) { alertInfo('操作成功', '', 1); } else { alertInfo('出错', '', 1); } break; case "other": $onlinechat = sqlReplace(trim($_POST['onlinechat'])); $iscartfoodtag = sqlReplace(trim($_POST['iscartfoodtag'])); $cartfoodtag = sqlReplace(trim($_POST['cartfoodtag'])); $stat = sqlReplace(trim($_POST['stat'])); $sql = "update qiyu_site set site_onlinechat='" . $onlinechat . "',site_stat='" . $stat . "',site_iscartfoodtag='" . $iscartfoodtag . "',site_cartfoodtag='" . $cartfoodtag . "'"; if (mysql_query($sql)) { alertInfo('操作成功', '', 1); } else { alertInfo('出错', '', 1); } break; case "print": $print = sqlReplace(trim($_POST['yunprint'])); $sql = "update qiyu_site set site_yunprint='" . $print . "'"; if (mysql_query($sql)) { alertInfo('操作成功', '', 1); } else { alertInfo('出错', '', 1); } break; }
<?php require_once "usercheck.php"; $shopID = sqlReplace(trim($_GET['shopID'])); $sql = "select * from qiyu_shop where shop_id=" . $shopID . " and shop_status='1'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if (!$rows) { alertInfo("错误", "index.php", 0); } if (!empty($QIYU_ID_USER)) { $sqlStr = "select * from qiyu_user where user_id=" . $QIYU_ID_USER; $result = mysql_query($sqlStr); $row = mysql_fetch_assoc($result); if ($row) { $user_phone = $row['user_phone']; } } else { $user_phone = $_SESSION['user_phone']; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="style.css" type="text/css"/> <script src="js/jquery-1.3.1.js" type="text/javascript"></script> <title> 验证手机号 - <?php echo $SHOP_NAME; ?> - <?php
$o = new AppException(); //require_once('user_sendsms_page.php'); if (!(empty($site_wiiyunsalt) || empty($site_wiiyunaccount) || $site_sms != '1')) { // 检测微云码与账号是否正确 $result = $o->checkWiiyunSalt($site_wiiyunsalt, $site_wiiyunaccount); $r_status = $result[0]->status; if ($r_status != 'no') { $userID2 = $result[0]->id2; //用户ID2 $sms = $o->getSMS($userID2); $s_status = $sms[0]->status; $smsCount = $sms[0]->count_m; } } if (empty($userID2)) { alertInfo('短信未配置,请配置', "site_sms.php", 0); } $tags = sqlReplace(trim($_POST['receiver'])); //收件人 $tags = str_replace(';', ';', $tags); $tags = str_replace('#', '', $tags); $tags = str_replace('$', '', $tags); //$total=sqlReplace(trim($_GET['total']));//此次发送的数量 $emailstr = sqlReplace(trim($_POST['receiver'])); //收件人 $emailstr = str_replace(';', ';', $emailstr); $content = sqlReplace(trim($_POST['fbContent'])); //短信内容 checkData($emailstr, '收件人', 1); checkData($content, '短信内容', 1); //对收件人$emailstr进行处理
function checkEmail($email, $name) { if (empty($email)) { alertInfo($name . '不能为空', '', 1); } else { if (!eregi("^[a-zA-Z0-9]([a-zA-Z0-9]*[-_.]?[a-zA-Z0-9]+)+@([a-zA-Z0-9]+\\.)+[a-zA-Z]{2,}\$", $email)) { alertInfo($name . '输入格式不正确', '', 1); } } }
checkData($address, '详细地址', 1); checkData($pw, '密码', 1); $ip = $_SERVER['REMOTE_ADDR']; $logincount = 1; $vercode = getRndCode(6); $vercodePhone = getRndCode_r(6); $content = "验证码是" . $vercodePhone; $_SESSION['Phone'] = $phone; $pw = md5(md5($pw . $vercode)); //检查手机的存在 $sqlStr = "select user_id from qiyu_user where user_phone='" . $phone . "'"; $rs = mysql_query($sqlStr); $row = mysql_fetch_assoc($rs); if ($row) { alertInfo("手机号已注册", "", 1); } $sql = "insert into qiyu_user(user_account,user_password,user_logintime,user_loginip,user_logincount,user_mail,user_phone,user_time,user_name,user_salt,user_status,user_vcode,user_sinauid,user_sinanick,user_regtype) values('" . $phone . "','" . $pw . "',now(),'" . $ip . "','" . $logincount . "','','" . $phone . "',now(),'" . $name . "','" . $vercode . "','0','" . $vercodePhone . "','" . $sinaUid . "','" . $sinaNick . "','0')"; if (mysql_query($sql)) { $id = mysql_insert_id(); $address_sql = "insert into qiyu_useraddr(useraddr_user,useraddr_phone,useraddr_address,useraddr_name) values (" . $id . ",'" . $phone . "','" . $address . "','" . $name . "')"; mysql_query($address_sql); //发送验证码 //sendCode($phone,$content); //Header("Location: uservali.php"); $_SESSION['qiyu_uid'] = $id; $_SESSION['reginfo1'] = ''; $_SESSION['reginfo2'] = ''; Header("Location: userregfinish.php?p=" . $p . "&shopID=" . $shopID . "&shopSpot=" . $shopSpot . "&spotID=" . $spot . "&circleID=" . $circle . "&shopCircle=" . $shopCircle); } else { alertInfo("注册失败", "", 1); }
<?php /** * userintro.php */ require_once "usercheck2.php"; $id = sqlReplace(trim($_GET['id'])); $tel = empty($_GET['tel']) ? '' : sqlReplace(trim($_GET['tel'])); $page = empty($_GET['page']) ? '' : sqlReplace(trim($_GET['page'])); $id = checkData($id, "ID", 0); $sql = "select * from " . WIIDBPRE . "_user where user_id=" . $id; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if (!$row) { alertInfo('该用户已经不存在', '', 1); } else { $account = $row['user_account']; $name = $row['user_name']; $mail = $row['user_mail']; $type = $row['user_type']; $logintime = $row['user_logintime']; $loginip = $row['user_loginip']; $logincount = $row['user_logincount']; $phone = $row['user_phone']; $time = $row['user_time']; $score = $row['user_score']; $experience = $row['user_experience']; } //原版 //$url="&start=".$start."&end=".$end."&name=".$name."&phone=".$phone."&order=".$order."&uid=".$id; $url = "&name=" . $name . "&phone=" . $phone . "&uid=" . $id;
$shopID = sqlReplace($_GET['shopID']); $phone = sqlReplace($_POST['phone']); $code = sqlReplace($_POST['code']); $sql = "select * from qiyu_user where user_phone='" . $phone . "'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { if ($code == $rows['user_vcode']) { $sqlStr = "update qiyu_user set user_vcode='',user_status='1' where user_phone='" . $phone . "'"; mysql_query($sqlStr); Header("Location: userorder.php?shopID=" . $shopID); } else { alertInfo("验证码错误", "", 1); } } else { alertInfo("手机号不存在", "", 1); } break; case "checkCodeTime": $sendTime = $_SESSION['sms_sendTime']; $time = date('Y-m-d H:i:s'); if (!empty($sendTime)) { if (round((strtotime($time) - strtotime($sendTime)) / 60) > 20) { $_SESSION['sms_sendTime'] = ''; $_SESSION['sms_code'] = ''; echo '<label> </label><img src="images/button/getcode.gif" alt="获取" onclick="sendcode()" />'; } else { echo '<label> </label><img src="images/button/getcode_r.gif" alt="" style="cursor:auto;"/>'; } } else { echo '<label> </label><img src="images/button/getcode.gif" alt="获取" onclick="sendcode()" />';
$QIYU_ID_USER = ""; } } else { $QIYU_ID_USER = ""; } } if (!empty($shopID)) { if (empty($QIYU_ID_USER)) { Header("Location: userquickreg.php?shopID=" . $shopID); } else { if (empty($QIYU_ID_USER)) { alertInfo("请先登录或注册", "userlogin.php", 0); } } } //$sqlStr="select * from qiyu_user where user_id=".$QIYU_ID_USER." and user_status='1'"; $sqlStr = "select * from qiyu_user where user_id=" . $QIYU_ID_USER . ""; $result = mysql_query($sqlStr); $row = mysql_fetch_assoc($result); if ($row) { $USER_SCORE = $row['user_score']; $USER_PHONE = $row['user_phone']; $USER_SALT = $row['user_salt']; } else { setcookie("QIYUUSER", "", time() - 1); setcookie("QIYUVERD", "", time() - 1); session_unset(); session_destroy(); alertInfo("出错", "", 1); //Header("Location: index.php"); }
/** * userpw2.php */ require_once "usercheck.php"; $phone = sqlReplace($_POST['phone']); if ($phone == '') { alertInfo("非法操作", "", 1); } if ($site_sms == '1') { $code = sqlReplace($_POST['code']); $s_code = $_SESSION['sms_code']; if ($code == '') { alertInfo("非法操作", "", 1); } if ($s_code != $code) { alertInfo("验证码不匹配", "userpw.php", 0); } $_SESSION['sms_code'] = ''; $_SESSION['sms_sendTime'] = ''; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="style.css" type="text/css"/> <link rel="icon" href="<?php echo $imgstr2; ?> " type="image/x-icon" /> <link rel="shortcut icon" href="<?php
$act = empty($_GET['act']) ? '' : sqlReplace(trim($_GET['act'])); $telstr = ''; if ($act == 'yes') { if ($site_sms == '2') { alertInfo('短信功能未开启,请配置', "site_sms.php", 0); } if (empty($_POST["idlist"])) { alertInfo('请选择群发项!', "", 1); } $listall = $_POST["idlist"]; foreach ($listall as $listid) { $sqlStr = "select * from qiyu_user where user_id in({$listid})"; $result = mysql_query($sqlStr); $row = mysql_fetch_array($result); if (!$row) { alertInfo('数据不存在', '', 1); } else { if (!empty($row['user_phone'])) { $telstr .= $row['user_phone'] . ';'; } } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> 群发短信 </title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="author" content="Jiangting@WiiPu -- http://www.wiipu.com" /> <link rel="stylesheet" href="style2.css" type="text/css"/>
$sql = "select * from qiyu_user where user_phone='" . $_SESSION['Phone'] . "'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { if ($code != $rows['user_vcode']) { $str = "手机验证失败!"; } else { $sqlStr = "update qiyu_user set user_status='1',user_vcode='' where user_phone='" . $_SESSION['Phone'] . "'"; if (mysql_query($sqlStr)) { $str = "恭喜您!您的手机18801296063已验证成功。"; } else { $str = "手机验证失败!"; } } } else { alertInfo("手机号不存在", "userreg.php", 0); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="refresh" content="5;url=index.php"/> <link rel="stylesheet" href="style.css" type="text/css"/> <script src="js/jquery-1.3.1.js" type="text/javascript"></script> <script src="js/tab.js" type="text/javascript"></script> <script src="js/slide.js" type="text/javascript"></script> <script src="js/scale.js" type="text/javascript"></script> <script src="js/addbg.js" type="text/javascript"></script> <script src="js/userreg.js" type="text/javascript"></script> <title> 用户注册 - <?php
$result = mysql_query($sql); $row = mysql_fetch_assoc($result); if (!$row) { $sta = getOrderKey($id); alertInfo('非法操作', "userorder.php?key={$sta}", 0); } else { $order = $row['order_id2']; $sql2 = "update qiyu_order set order_status='4' where order_id=" . $id . " and order_status=1"; if (mysql_query($sql2)) { //添加订单记录 $orderContent = "<span class='greenbg'><span><span>订单已完成</span></span></span>"; $orderContent .= "亲,享受美味的时候,别忘了继续光顾" . $SHOP_NAME . "哦,我们将更好的为您服务。"; addOrderType($order, HTMLEncode($orderContent)); alertInfo('订单完成!', '', 1); } else { alertInfo('设置完成失败,原因SQL出现异常', 'userorder.php?key=1', 0); } } } $sql = "select * from qiyu_order inner join qiyu_useraddr on useraddr_id=order_useraddr and order_id=" . $id; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $userName = $rows['useraddr_name']; $userPhone = $rows['useraddr_phone']; $userAddress = $rows['useraddr_address']; $spotID = $rows['useraddr_spot']; $totalAll = $rows['order_totalprice']; $total = $rows['order_price']; $deliverfee_r = $rows['order_deliverprice']; $order = $rows['order_id2'];
//echo $content; } else { alertInfo('Add Failed', '', 1); //echo $content; //echo add_system_log($content); } //alertInfo('修改成功!','list.php',0); } else { alertInfo('Modify Failed', '', 1); } break; case 'del': //得到sortlist传递的值,并检测 $id = sqlReplace(trim($_GET['id'])); if ($id == "") { alertInfo('Illegal Operation', 'list.php', 0); } $sql_del = "delete from articles where aid = {$id}"; if (mysql_query($sql_del)) { $content = "Deleted an article,No. is:" . $title; if (add_system_log($content) == 1) { alertInfo('Deleted success', 'list.php', 0); //echo $content; } else { alertInfo('Delete failed', '', 1); //echo $content; //echo add_system_log($content); } } break; }
checkData($pwd, '密码', 1); $code = sqlReplace(trim($_POST["imgcode"])); //验证码 if (empty($code)) { alertInfo('验证码不能为空', "", 1); } if ($code != $_SESSION['imgcode']) { alertInfo('验证码不正确,请检查!', "", 1); } $sql = "select * from qiyu_shop where shop_account='" . $account . "'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $salt = $rows['shop_salt']; $pw = md5(md5($pwd) . $salt); $sqlStr = "select * from qiyu_shop where shop_account='" . $account . "' and shop_password='******'"; $rs_r = mysql_query($sqlStr); $row = mysql_fetch_assoc($rs_r); if ($row) { setcookie("QIYUSHOP", $rows['shop_account'], time() + 60 * 60 * 24 * 7); setcookie("QIYUSHOPVERD", md5($pw . $salt), time() + 60 * 60 * 24 * 7); $_SESSION['qiyu_shopID'] = $rows['shop_id']; Header("Location: admin.php"); } else { alertInfo("密码错误", "", 1); } } else { alertInfo("用户名不存在", "", 1); } break; }
/** * shoptop.php */ require_once "usercheck2.php"; $id = sqlReplace(trim($_GET['id'])); $sql = "select * from qiyu_food where food_id=" . $id . " and food_shop=" . $QIYU_ID_SHOP; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $name = $rows['food_name']; $price2 = $rows['food_price']; $price1 = $rows['food_oldprice']; $pic = $rows['food_pic']; } else { alertInfo("非法", "", 1); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="../style.css" type="text/css"/> <script src="../js/jquery-1.3.1.js" type="text/javascript"></script> <script src="../js/tree.js" type="text/javascript"></script> <script type="text/javascript" src="js/shoptop.js"></script> <script type="text/javascript" src="js/upload.js"></script> <title>推荐模块 - 外卖点餐系统</title> </head> <body> <div id="container">
$rows = mysql_fetch_assoc($rs); if (!$rows) { alertInfo('shopID有误', '', 1); } else { $sql = "insert into " . WIIDBPRE . "_shoppics(shoppics_shop,shoppics_url) values (" . $shopid1 . ",'" . $shoppics . "')"; $result = mysql_query($sql); if ($result) { alertInfo('添加店面图片成功', "", 1); } else { alertInfo('未知原因错误,请重试', "", 1); } } break; case 'del': $id = sqlReplace(trim($_GET['id'])); checkData($id, "ID", 0); $sql = "select * from " . WIIDBPRE . "_shoppics where shoppics_id=" . $id; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if (!$row) { alertInfo('您要删除的数据不存在', '', 1); } else { $sql2 = "delete from " . WIIDBPRE . "_shoppics where shoppics_id=" . $id; if (mysql_query($sql2)) { alertInfo('删除成功', '', 1); } else { alertInfo('未知原因删除失败,请重试', '', 1); } } break; }
$act = sqlReplace(trim($_GET['act'])); switch ($act) { case "add": $url = empty($_SESSION['user_url']) ? '' : $_SESSION['user_url']; if (empty($url)) { $url = "index.php"; } $shopID = sqlReplace(trim($_GET['id'])); $foodID = sqlReplace(trim($_GET['foodID'])); $lableID = empty($_GET['lableID']) ? 0 : sqlReplace(trim($_GET['lableID'])); $ftID = empty($_GET['ftID']) ? 0 : sqlReplace(trim($_GET['ftID'])); //菜的大类id $sql1 = "select shop_id from qiyu_shop inner join qiyu_shopspot on shopspot_shop=shop_id"; $sql1 .= " inner join qiyu_delivertime on delivertime_shop=shop_id and time(now())>=delivertime_starttime and time(now())<=delivertime_endtime"; $sql1 .= " and shop_id=" . $shopID . " and shop_status='1'"; $rs = mysql_query($sql1); $row = mysql_fetch_assoc($rs); if (!$row) { alertInfo('现在不能点餐', '', 1); } addcart($foodID, $shopID); Header("Location: " . $url . " "); break; case "del": $id = sqlReplace(trim($_GET['id'])); $shopID = sqlReplace(trim($_GET['shopID'])); delcart($id, $shopID); //删除购物车 alertInfo('删除成功', '', 1); break; }
if ($temp_pwd == md5($row['shop_password'] . $row['shop_salt'])) { $_SESSION['qiyu_shopID'] = $row['shop_id']; $QIYU_ID_SHOP = $row['shop_id']; } else { $QIYU_ID_SHOP = ""; } } else { $QIYU_ID_SHOP = ""; } } else { $QIYU_ID_SHOP = ""; } } if (empty($QIYU_ID_SHOP)) { alertInfo("请先登录或注册", "index.php", 0); } $sqlStr = "select * from qiyu_shop where shop_id=" . $QIYU_ID_SHOP . ""; $result = mysql_query($sqlStr); $SHOP_INFOS = mysql_fetch_assoc($result); if ($SHOP_INFOS) { $SHOP_ACCOUNT = $SHOP_INFOS['shop_account']; //$SHOP_NAME=$SHOP_INFOS['shop_name']; $SHOP_ID2 = $SHOP_INFOS['shop_id2']; $SHOP_CERTPIC = $SHOP_INFOS['shop_certpic']; $SHOP_LICENSEPIC = $SHOP_INFOS['shop_licensepic']; $SHOP_CERTTIME = $SHOP_INFOS['shop_certtime']; $SHOP_LICENSETIME = $SHOP_INFOS['shop_licensetime']; $SHOP_PHONE = $SHOP_INFOS['shop_phone']; } else { alertInfo("非法", "index.php", 0); }
//echo $content; } else { alertInfo('文章添加失败', '', 1); //echo $content; //echo add_system_log($content); } //alertInfo('修改成功!','list.php',0); } else { alertInfo('修改失败!', '', 1); } break; case 'del': //得到sortlist传递的值,并检测 $id = sqlReplace(trim($_GET['id'])); if ($id == "") { alertInfo('非法操作', 'list.php', 0); } $sql_del = "delete from articles where aid = {$id}"; if (mysql_query($sql_del)) { $content = "删除了一篇文章,文章编号" . $title; if (add_system_log($content) == 1) { alertInfo('删除成功', 'list.php', 0); //echo $content; } else { alertInfo('文章删除失败', '', 1); //echo $content; //echo add_system_log($content); } } break; }
$shopSpot = empty($_GET['shopSpot']) ? '0' : sqlReplace(trim($_GET['shopSpot'])); $shopCircle = empty($_GET['shopCircle']) ? '0' : sqlReplace(trim($_GET['shopCircle'])); $savesession = $phone . ',' . $agree; //存session $_SESSION['reginfo1'] = $savesession; checkData($phone, '手机号', 1); checkData($pw, '密码', 1); checkData($repw, '确认密码', 1); if ($pw != $repw) { alertInfo("两次输入的密码不同", "userreg.php", 0); } /* if ($vCode!=$code){ alertInfo("验证码错误","",1); } */ if ($vCode != $_SESSION["imgcode"]) { alertInfo("验证码错误", "", 1); } if (empty($agree) && $site_isshowprotocol == '1') { alertInfo("请选择同意协议", "", 1); } //检查手机的存在 $sqlStr = "select user_id from qiyu_user where user_phone='" . $phone . "'"; $rs = mysql_query($sqlStr); $row = mysql_fetch_assoc($rs); if ($row) { alertInfo("手机号已注册", "", 1); } $_SESSION['phone'] = $phone; $_SESSION['pw'] = $pw; Header("Location: userregnew2.php?p=" . $p . "&shopID=" . $shopID . "&shopSpot=" . $shopSpot . "&shopCircle=" . $shopCircle);
$content = str_replace("'", "'", $content); $content = str_replace("<br />", "</p><p>", $content); //检验数据的合法性 checkData($title, '标题', 1); $sql = "select * from " . WIIDBPRE . "_about where about_id=" . $id; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if (!$row) { alertInfo('非法操作', 'about_list.php', 0); } else { $sql2 = "update " . WIIDBPRE . "_about set about_title='" . $title . "',about_type='" . $type . "',about_content='" . $content . "' where about_id=" . $id; if (mysql_query($sql2)) { alertInfo('修改成功', 'about.php', 0); } else { alertInfo('修改失败,原因SQL出现异常', 'about.php', 0); } } break; case "save": $i = trim($_POST['i']); for ($x = 1; $x <= $i; $x++) { $id = $_POST['id' . $x]; $id = checkData($id, 'ID', 0); $order = $_POST['order' . $x]; $order = checkData($order, 'ID', 0); $sql = "update " . WIIDBPRE . "_about set about_order=" . $order . " where about_id=" . $id . ""; mysql_query($sql); } alertInfo('保存成功!', "about.php", 0); break; }
break; case 'update': //得到sortlist传递的值,并检测 $id = sqlReplace(trim($_POST['id'])); $title = sqlReplace(trim($_POST['title'])); $content = sqlReplace(trim($_POST['content'])); if ($id == "") { alertInfo('Illegal operation', 'list.php', 0); } $sql_update = "update articles set title='{$title}',content = '{$content}' where aid = " . $id; if (mysql_query($sql_update)) { alertInfo('The article added successful', 'list.php', 0); //echo $content; //alertInfo('修改成功!','list.php',0); } else { alertInfo('Modify failure!', '', 1); } break; case 'del': //得到sortlist传递的值,并检测 $id = sqlReplace(trim($_GET['id'])); if ($id == "") { alertInfo('Illegal operation', 'list.php', 0); } $sql_del = "delete from articles where aid = {$id}"; if (mysql_query($sql_del)) { alertInfo('Deleted successful', 'list.php', 0); //echo $content; } break; }
<?php /** * shopadd.php */ require_once "usercheck2.php"; $act = $_GET['act']; switch ($act) { case "index": $title = sqlReplace($_POST['title']); $keywords = HTMLEncode($_POST['keywords']); $description = HTMLEncode($_POST['description']); $sql = "update " . WIIDBPRE . "_seo set seo_title='" . $title . "', seo_keywords='" . $keywords . "',seo_description='" . $description . "' where seo_type=1"; if (!mysql_query($sql)) { alertInfo('未知原因保存失败! ', "", 1); } else { alertInfo('保存成功!', "seo.php", 0); } break; }
setcookie("QIYUCHECK", 'no', time() + 60 * 60 * 24 * 7); } if ($re_name == "yes") { //记住帐号 setcookie("QIYUCHECK", 'yes', time() + 60 * 60 * 24 * 7); setcookie("QIYUUSER", $rows['user_account'], time() + 60 * 60 * 24 * 7); } //记录Session $_SESSION['qiyu_uid'] = $rows['user_id']; //alertInfo("登录成功","index.php",0); $geturl = getDefaultAddress($rows['user_id']); $cName = getCircleByID($geturl['circle']); if (!empty($p)) { Header("Location: userorder.php?shopID=" . $shopID . "&shopSpot=" . $shopSpot . "&circleID=" . $shopCircle); } else { if ($cName == '大望路') { Header("Location: spot.php?spotID=" . $geturl['spot'] . "&circleID=" . $geturl['circle']); } else { if (empty($loginUrl)) { Header("Location: index.php"); } else { Header("Location: " . $loginUrl); } } } } else { alertInfo("您输入的密码不正确", "userlogin.php?shopID=" . $shopID . "&shopSpot=" . $shopSpot . "&circleID=" . $shopCircle, 0); } } else { alertInfo("手机号不存在", "userlogin.php?shopID=" . $shopID . "&shopSpot=" . $shopSpot . "&circleID=" . $shopCircle, 0); }
<?php require_once "usercheck2.php"; $pw = sqlReplace(trim($_POST['pw'])); $newpw = sqlReplace(trim($_POST['newpw'])); $repw = sqlReplace(trim($_POST['repw'])); checkData($pw, '原密码', 1); checkData($newpw, '新密码', 1); if ($newpw != $repw) { alertInfo("两次密码不一致", "", 1); } $check_sql = "select user_password,user_salt from " . WIIDBPRE . "_user where user_id=" . $QIYU_ID_USER; $check_rs = mysql_query($check_sql); $check_row = mysql_fetch_assoc($check_rs); if (!$check_row) { alertInfo('非法用户', '', 1); } else { $oldpw = md5(md5($pw . $check_row['user_salt'])); if ($oldpw != $check_row['user_password']) { alertInfo('原密码输入不正确', '', 1); } else { $upd_sql = "update " . WIIDBPRE . "_user set user_password='******'user_salt'])) . "' where user_id=" . $QIYU_ID_USER; if (mysql_query($upd_sql)) { alertInfo('修改成功', 'usercenter.php', 0); } else { alertInfo('修改失败', '', 1); } } }
} else { $sql2 = "update qiyu_order set order_status='1' where order_id=" . $v . " and order_type='1' and order_status='0'"; if (!mysql_query($sql2)) { alertInfo('确定失败,原因SQL出现异常', 'subscribe.php?' . $url, 0); } } } alertInfo('确定成功', 'subscribe.php?' . $url, 0); break; case 'subdel': //批量删除 $idlist = $_POST['idlist']; if (!$idlist) { alertInfo('请选择', 'subscribe.php?' . $url, 0); } foreach ($idlist as $k => $v) { $sql = "select * from qiyu_order where order_type='1' and order_id=" . $v; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if (!$row) { alertInfo('您要删除的订单不存在', 'subscribe.php?' . $url, 0); } else { $sql2 = "delete from qiyu_order where order_type='1' and order_id=" . $v; if (!mysql_query($sql2)) { alertInfo('删除失败!原因:SQL删除失败。', "", 1); } } } alertInfo('删除成功', 'subscribe.php?' . $url, 0); break; }
} switch ($act) { case 'print': $id = sqlReplace(trim($_GET['id'])); if (!empty($id)) { $row = getuserinfo($id); if (!$row) { alertInfo('数据不存在', '', 1); } require_once 'PHPWord.php'; $PHPWord = new PHPWord(); //复制模板文件,变成下载文件 $now = time(); $y_url = '../userfiles/print.docx'; $x_url = '../userfiles/docx/' . $now . '.docx'; $document = $PHPWord->loadTemplate($y_url); $document->setValue('name', $row['user_name']); //姓名 $document->setValue('phone', $row['user_phone']); //姓名 //文件内容替换完毕 保存 下载 $document->save($x_url); //header("Content-Type: application/force-download"); //header("Content-Disposition: attachment; filename=".basename($x_url)); //readfile($x_url); header("location:" . $x_url); } else { alertInfo('参数错误', '', 1); } break; }
$sql = "select * from qiyu_shop where shop_id=" . $shopID . " and shop_status='1'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $shop_name = $rows['shop_name']; $shop_id2 = $rows['shop_id2']; $tel = $rows['shop_tel']; $intro = $rows['shop_intro']; $headpic2 = $rows['shop_headpic2']; $mainfood = $rows['shop_mainfood']; $prefer = $rows['shop_prefer']; $fact = $rows['shop_face']; $away = $rows['shop_istakeaway']; $shop_address = $rows['shop_address']; } else { alertInfo('非法操作', 'index.php', 0); } $dFee = getDeliveFee(); $deliverfee = $dFee['fee']; $deliverfee_r = $deliverfee; $sendfee = $dFee['minfee']; $delivertime = $dFee['deliverTime']; $sendfee_r = $sendfee; $deliver_isfee = $dFee['isFee']; if (empty($isFirst)) { $sql_label = "select foodtype_id from qiyu_foodtype where foodtype_shop=" . $shopID . " order by foodtype_order asc,foodtype_id desc limit 1"; $rs_label = mysql_query($sql_label); $row_label = mysql_fetch_assoc($rs_label); if ($row_label) { $ftID = $row_label['foodtype_id']; }
break; case 'update': //得到sortlist传递的值,并检测 $id = sqlReplace(trim($_POST['id'])); $title = sqlReplace(trim($_POST['title'])); $content = sqlReplace(trim($_POST['content'])); if ($id == "") { alertInfo('非法操作', 'list.php', 0); } $sql_update = "update articles set title='{$title}',content = '{$content}' where aid = " . $id; if (mysql_query($sql_update)) { alertInfo('文章添加成功', 'list.php', 0); //echo $content; //alertInfo('修改成功!','list.php',0); } else { alertInfo('修改失败!', '', 1); } break; case 'del': //得到sortlist传递的值,并检测 $id = sqlReplace(trim($_GET['id'])); if ($id == "") { alertInfo('非法操作', 'list.php', 0); } $sql_del = "delete from articles where aid = {$id}"; if (mysql_query($sql_del)) { alertInfo('删除成功', 'list.php', 0); //echo $content; } break; }