//修改资料 if (@$_GET['action'] == 'modify') { //为防止恶意注册,跨站攻击 if ($system['code'] == 1) { check_code($_POST['code'], $_SESSION['code']); } if (!!($rows = fetch_array("SELECT bbs_uniqid FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) { //为了防止cookie伪造,要比对一下唯一标识符uniqid uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']); //引入验证文件 include ROOT_PATH . 'includes/check.func.php'; //创建空数组,用来存放提交的合法数据 $clean = array(); $clean['password'] = check_modify_password($_POST['password'], 6); $clean['sex'] = check_sex($_POST['sex']); $clean['photo'] = check_photo($_POST['photo']); $clean['email'] = check_email($_POST['email'], 6, 40); $clean['qq'] = check_qq($_POST['qq']); $clean['url'] = check_url($_POST['url'], 40); $clean['switch'] = $_POST['switch']; $clean['signature'] = check_signature($_POST['signature'], 200); //修改资料 if (empty($clean['password'])) { query("UPDATE bbs_users SET \n bbs_sex='{$clean['sex']}',\n bbs_photo='{$clean['photo']}',\n bbs_email='{$clean['email']}',\n bbs_qq='{$clean['qq']}',\n bbs_url='{$clean['url']}',\n bbs_switch='{$clean['switch']}',\n bbs_signature='{$clean['signature']}'\n WHERE\n bbs_username='******'username']}'\n "); } else { query("UPDATE bbs_users SET \n bbs_password='******'password']}',\n bbs_sex='{$clean['sex']}',\n bbs_photo='{$clean['photo']}',\n bbs_email='{$clean['email']}',\n bbs_qq='{$clean['qq']}',\n bbs_url='{$clean['url']}',\n bbs_switch='{$clean['switch']}',\n bbs_signature='{$clean['signature']}'\n WHERE\n bbs_username='******'username']}'\n "); } //可以生成新的唯一标识符,这样更安全 } //判断是否修改成功 //当什么都是不修改时,影响条数为0
exit; } //note 判断是否有权限 if (!checkGroup('check', $h)) { // salert('您没有此审核操作的权限');exit; } //note Control Case: switch ($h) { //note 站内信 case 'letter': check_letter(); break; //note 形象照 //note 形象照 case 'photo': check_photo(); break; //note 内心独白 //note 内心独白 case 'monolog': check_monolog(); break; //note 相传图片 //note 相传图片 case 'image': check_image(); break; //note 毕业院校 //note 毕业院校 case 'school': check_school();