<?php include_once 'common.php'; include_once 'utils.php'; $qid = trim(avoid_sql($_POST['qid'])); $mid = trim(avoid_sql($_POST['mid'])); $action = trim(avoid_sql($_POST['action'])); $res = array(); if (strlen($qid) > 0) { $fuid = 0; $fnick = ''; $tuid = 0; $tnick = 0; $tag_type = ''; $queue_type = ''; $expire = 0; $pid = 0; try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // 检查是否有请求记录 $sql = "SELECT id, mid, tag_type, fuid, fnick, tuid, queue_type, queue_file FROM sc_queue WHERE id = {$qid} AND expire = 0 LIMIT 1"; $stmt = $db->prepare($sql); $stmt->execute(); if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $tuid = $row['tuid']; $fuid = $row['fuid']; $fnick = $row['fnick']; $tag_type = $row['tag_type'];
<?php include_once 'common.php'; include_once 'utils.php'; $uid = trim(avoid_sql($_POST['uid'])); $res = array(); if (strlen($uid) > 0) { try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // 查询群组信息 $groups = array(); // get group id $group_ids = ""; $sql = "SELECT gid FROM sc_group_members WHERE member_id = {$uid} GROUP BY gid "; $stmt = $db->prepare($sql); $stmt->execute(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { if (strlen($group_ids) > 0) { $group_ids .= ","; } $group_ids .= $row['gid']; } if (strlen($group_ids) > 0) { // get group info $sql = "SELECT id, group_name, owner_id, status FROM sc_groups WHERE id in ({$group_ids}) "; $stmt = $db->prepare($sql); $stmt->execute(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
<?php include_once 'common.php'; include_once 'utils.php'; $group_name = trim(avoid_sql($_POST['group_name'])); $owner_id = trim(avoid_sql($_POST['owner_id'])); $members = trim(avoid_sql($_POST['members'])); $res = array(); if (strlen($group_name) > 0 && strlen($owner_id) > 0 && strlen($members) > 0) { try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // 查询是否已经存在 $sql = "SELECT id FROM sc_groups WHERE owner_id = {$owner_id} AND group_name = '{$group_name}' LIMIT 1"; $stmt = $db->prepare($sql); $stmt->execute(); if ($row = $stmt->fetch()) { log_info("make group fail, owner:{$owner_id} group name:{$group_name} had been exists."); $res = show_info('fail', '该群组已经存在.'); $res['localdes'] = $sql; echo json_encode($res); return 0; } } catch (PDOException $e) { log_info("make group fail, " . $e->getMessage()); $res = show_info('fail', $e->getMessage()); echo json_encode($res); return 1; }
<?php include_once 'common.php'; include_once 'utils.php'; $account = trim(avoid_sql($_POST['account'])); $password = trim(avoid_sql($_POST['password'])); $nickname = trim(avoid_sql($_POST['nickname'])); $gender = trim(avoid_sql($_POST['gender'])); $birthday = trim(avoid_sql($_POST['birthday'])); $res = array(); if (strlen($account) > 0 && strlen($password) > 0 && strlen($gender) > 0 && strlen($nickname) > 0 && strlen($birthday) > 0) { $password = md5($password); $uid = ''; $pid = ''; try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // 查询是否已经存在 $sql = "SELECT id FROM sc_pwds WHERE account = :account LIMIT 1"; $stmt = $db->prepare($sql); $stmt->bindParam(':account', $account, PDO::PARAM_STR); $stmt->execute(); if ($row = $stmt->fetch()) { log_info("register fail, account:{$account} had been exists."); $res = show_info('fail', '该帐号已经存在,换个帐号使用吧 :)'); $res['localdes'] = $sql; echo json_encode($res); return 0; }
<?php include_once 'common.php'; include_once 'utils.php'; $uid = trim(avoid_sql($_POST['uid'])); $fuid = trim(avoid_sql($_POST['fuid'])); $password = trim(avoid_sql($_POST['password'])); $res = array(); if (strlen($uid) > 0 && strlen($fuid) > 0 && strlen($password) > 0) { try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $password = md5($password); $pid = ""; $account = ""; $i = 0; // 检查是否该密码已经存在 $sql = "SELECT id, account, passwd FROM sc_pwds WHERE uid = {$uid}"; $stmt = $db->prepare($sql); $stmt->execute(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { if (i >= MAX_HIDE_NUMBER) { // 超限 log_info("uid:{$uid} private number out of max number"); $res = show_info('fail', '密码数量超限,请升级该帐号'); echo json_encode($res); return 0; } $i++;
<?php include_once 'common.php'; include_once 'utils.php'; $name = trim(avoid_sql($_POST['name'])); $uid = trim(avoid_sql($_POST['uid'])); $page = trim(avoid_sql($_POST['page'])); $page = 0; $res = array(); if (strlen($name) > 0) { $members = array(); try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $sql = "SELECT id, nickname, birthday, gender, status FROM sc_user WHERE nickname like '%{$name}%' LIMIT " . $page * ROWS_OF_PAGE . ", " . ROWS_OF_PAGE; //echo $sql; $stmt = $db->prepare($sql); $stmt->execute(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { if ($row['id'] == $uid) { // 不允许出现自己 continue; } $data = array(); $data['id'] = $row['id']; $data['nickname'] = $row['nickname']; $data['birthday'] = $row['birthday']; $data['gender'] = $row['gender']; $data['status'] = $row['status'];
<?php include_once 'common.php'; include_once 'utils.php'; $qid = 0; $uid = trim(avoid_sql($_POST['uid'])); $qid = trim(avoid_sql($_POST['qid'])); $res = array(); if (strlen($uid) > 0 && strlen($qid) > 0) { $queue = array(); try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $sql = ""; // 获取用户已读最大qid $db_qid = 0; $sql = "SELECT read_qid FROM sc_user WHERE id = {$uid} LIMIT 1"; $stmt = $db->prepare($sql); $stmt->execute(); if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $db_qid = $row['read_qid']; } if ($qid == 0 && $db_qid == 0) { // 都为0时,不推送未读消息 $res = show_info('succ', '处理成功'); $res['queue'] = $queue; echo json_encode($res); return 0; }
<?php include_once 'common.php'; include_once 'utils.php'; $account = trim(avoid_sql($_POST['account'])); $password = trim(avoid_sql($_POST['password'])); $ios_token = trim(avoid_sql($_POST['ios_token'])); $res = array(); if (strlen($account) > 0 && strlen($password) > 0) { $password = md5($password); $mydata = array(); $uid = 0; $pid = 0; try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // 认证 $sql = "SELECT id, uid FROM sc_pwds WHERE account = :account and passwd = :password LIMIT 1"; $stmt = $db->prepare($sql); $stmt->bindParam(':account', $account, PDO::PARAM_STR); $stmt->bindParam(':password', $password, PDO::PARAM_STR); $stmt->execute(); if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $pid = $row['id']; $uid = $row['uid']; } if ($uid <= 0) { log_info("login fail, account:{$account} or passowrd:{$password} error"); $res = show_info('fail', '登录失败, 帐号或密码错误');
<?php include_once 'common.php'; include_once 'utils.php'; $uid = trim(avoid_sql($_POST['uid'])); $tag_type = trim(avoid_sql($_POST['type'])); $res = array(); if (strlen($uid) > 0 && strlen($tag_type) > 0) { try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $user = array(); $sql = "SELECT id, nickname, birthday, gender, status FROM sc_user WHERE id = {$uid} LIMIT 1"; //echo $sql; $stmt = $db->prepare($sql); $stmt->execute(); if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $user['id'] = $row['id']; $user['nickname'] = $row['nickname']; $user['birthday'] = $row['birthday']; $user['gender'] = $row['gender']; $user['status'] = $row['status']; $user['icon'] = get_avatar_url($row['id']); } else { log_info("uid:{$uid} is not exits in the table sc_user"); $res = show_info('fail', "用户{$uid}不存在"); $res['sql'] = $sql; echo json_encode($res); return 1;
include_once 'common.php'; include_once 'utils.php'; $get_uer_info_for_uid = trim(avoid_sql($_POST['get_uer_info_for_uid'])); $user_where = trim(avoid_sql($_POST['where'])); $fuid = trim(avoid_sql($_POST['fuid'])); $tuid = trim(avoid_sql($_POST['tuid'])); $queue_type = trim(avoid_sql($_POST['queue_type'])); $expire = trim(avoid_sql($_POST['expire'])); $tag_type = trim(avoid_sql($_POST['tag_type'])); $since_id = trim(avoid_sql($_POST['since_id'])); // 取该id之后的数据 $before_id = trim(avoid_sql($_POST['before_id'])); // 取该id之前的数据 $order_by = trim(avoid_sql($_POST['order_by'])); $sort = trim(avoid_sql($_POST['sort'])); $res = array(); if (strlen($fuid) > 0 && strlen($tag_type) > 0 || strlen($user_where) > 0) { try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $queue = array(); $sql = ''; $select = "SELECT id, mid, tag_type, fuid, fnick, tuid, queue_type, queue_file, queue_size, image_wh, cdate, expire, fdel, tdel FROM sc_queue "; $where = ''; if (strlen($fuid) > 0) { $where .= " fuid = {$fuid} "; } if (strlen($tuid) > 0) {
<?php include_once 'common.php'; include_once 'utils.php'; $mid = trim(avoid_sql($_POST['mid'])); $fuid = trim(avoid_sql($_POST['fuid'])); $fnick = trim(avoid_sql($_POST['fnick'])); $tuid = trim(avoid_sql($_POST['tuid'])); $content = trim(avoid_sql($_POST['content'])); $to_type = trim(avoid_sql($_POST['toType'])); $tag_type = "CHAT"; $res = array(); if (strlen($mid) > 0 && strlen($fuid) > 0 && strlen($fnick) > 0 && strlen($tuid) > 0) { try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $tpid = 0; // ----- 查询是否已经是好友 ----- // 查询关系表 $group_name = ""; $sql = ""; if ($to_type == "user") { $sql = "SELECT id, pid, status FROM sc_relationship WHERE myid = {$tuid} AND fid = {$fuid} LIMIT 1"; } else { if ($to_type == "group") { $sql = "SELECT gmt.id, gt.group_name as group_name FROM sc_group_members as gmt, sc_groups as gt WHERE gmt.member_id = {$fuid} AND gmt.gid = {$tuid} AND gmt.gid = gt.id LIMIT 1"; } } $stmt = $db->prepare($sql);
<?php include_once 'common.php'; include_once 'utils.php'; $mid = trim(avoid_sql($_POST['mid'])); $fuid = trim(avoid_sql($_POST['fuid'])); $fnick = trim(avoid_sql($_POST['fnick'])); $tuid = trim(avoid_sql($_POST['tuid'])); $durationInSeconds = trim(avoid_sql($_POST['durationInSeconds'])); $voice_name = trim(avoid_sql($_FILES['voicename']['name'])); $voice_size = $_FILES['voicename']['size']; $tag_type = "CHAT"; $res = array(); if (strlen($mid) > 0 && strlen($fuid) > 0 && strlen($fnick) > 0 && strlen($tuid) > 0 && strlen($voice_name) > 0 && $voice_size > 0) { try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $tpid = 0; // ----- 查询是否已经是好友 ----- // 查询关系表 $sql = "SELECT id, pid, status FROM sc_relationship WHERE myid = {$tuid} AND fid = {$fuid} LIMIT 1"; $stmt = $db->prepare($sql); $stmt->execute(); if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $tpid = $row['pid']; } else { $res = show_info('fail', '对方不是你的好友'); echo json_encode($res); return 0;
<?php include_once 'common.php'; include_once 'utils.php'; $mid = trim(avoid_sql($_POST['mid'])); $fuid = trim(avoid_sql($_POST['fuid'])); $fnick = trim(avoid_sql($_POST['fnick'])); $tuid = trim(avoid_sql($_POST['tuid'])); $img_wh = trim(avoid_sql($_POST['imgwh'])); $img_name = trim(avoid_sql($_FILES['jpgname']['name'])); $img_size = $_FILES['jpgname']['size']; $tag_type = "CHAT"; $res = array(); if (strlen($mid) > 0 && strlen($fuid) > 0 && strlen($fnick) > 0 && strlen($tuid) > 0 && strlen($img_name) > 0 && $img_size > 0) { try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $tpid = 0; // ----- 查询是否已经是好友 ----- // 查询关系表 $sql = "SELECT id, pid, status FROM sc_relationship WHERE myid = {$tuid} AND fid = {$fuid} LIMIT 1"; $stmt = $db->prepare($sql); $stmt->execute(); if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $tpid = $row['pid']; } else { $res = show_info('fail', '对方不是你的好友'); echo json_encode($res); return 0;
<?php include_once 'common.php'; include_once 'utils.php'; $mid = trim(avoid_sql($_POST['mid'])); $fuid = trim(avoid_sql($_POST['fuid'])); $fnick = trim(avoid_sql($_POST['fnick'])); $tuid = trim(avoid_sql($_POST['tuid'])); $content = trim(avoid_sql($_POST['content'])); $tag_type = "CHAT"; $res = array(); if (strlen($mid) > 0 && strlen($fuid) > 0 && strlen($fnick) > 0 && strlen($tuid) > 0) { try { $db = new PDO($PDO_DB_DSN, DB_USER, DB_PWD); $db->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); //设置属性 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $tpid = 0; // ----- 查询是否已经是好友 ----- // 查询关系表 $sql = "SELECT id, pid, status FROM sc_relationship WHERE myid = {$tuid} AND fid = {$fuid} LIMIT 1"; $stmt = $db->prepare($sql); $stmt->execute(); if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $tpid = $row['pid']; } else { $res = show_info('fail', '对方不是你的好友'); echo json_encode($res); return 0; } // ----- 操作 -----