function _checkusername($_string, $_min, $_max)
{
$_string = trim($_string);
//长度判断
if (mb_strlen($_string, 'utf-8') < $_min || mb_strlen($_string, 'utf-8') > $_max) {
_alert_back('用户名长度不得小于' . $_min . '后大于' . $_max);
}
$_char_pattern = '/[<>\\/\\\'\\"\\ \\ ]/';
if (preg_match($_char_pattern, $_string)) {
_alert_back('用户名不得包含敏干字符');
}
//铭感用户名
/*
$_mg[0]='袁俊虎';
$_mg[1]='yuanjunhu';
foreach($_mg as $value){
$_mg_string.='['.$value.']'.'\n';
}
if(in_array($_string,$_mg)){
_alert_back($_mg_string.'以上敏感用户不得注册!');
}
*/
//将用户名转义输入
return _mysql_string($_string);
}
/**
* 检查保存时间是错误
* @param unknown $_string
* @return unknown|string
*/
function _check_time($_string)
{
$_time = array('0', '1', '2', '3');
if (!in_array($_string, $_time)) {
_alert_back('保存时间出现错误!');
}
return _mysql_string($_string);
}
/**
* _check_saved_time 检查需要保存的时间
* @param string $time 需要保存的时间的类型 0-不保存 1-一天 2-一周 3-一个月
* @return string 需要保存的时间
*/
function _check_saved_time($time)
{
$times[0] = '0';
$times[1] = '1';
$times[2] = '2';
$times[3] = '3';
if (!in_array($time, $times)) {
exit("保存时间出错!");
}
return _mysql_string($time);
}
function _mysql_string($_string)
{
//判断get_magic_quotes_gpc()是否开启
if (is_array($_string)) {
foreach ($_string as $_key => $_value) {
$_string[$_key] = _mysql_string($_value);
}
} else {
$_string = mysql_real_escape_string($_string);
}
return $_string;
}
/**
* _mysql_string 返回一个mysql的转义字符串 提高写入数据库的安全性
* @access public
* @param string $_string 需要转义的字符串或字符串数组
* @return string 转义后的字符串或数组
*/
function _mysql_string($_string)
{
if (!GPC) {
if (is_array($_string)) {
foreach ($_string as $_key => $_value) {
$_string[$_key] = _mysql_string($_value);
}
} else {
$_string = mysql_escape_string($_string);
}
}
return $_string;
}
function _check_details($content)
{
//取出二边空格
$content = trim($content);
//判断是否为空
if ($content == '') {
_alert_back('事由不可以为空!');
}
//判断是否含有敏感字符
$char_patern = '/[<>\'\\"\\ ]/';
if (preg_match($char_patern, $content)) {
_alert_back('内容不得包含敏感字符!');
}
return _mysql_string($content);
}
/**
* _check_username表示检测并过滤用户名
* @access public
* @param string $_string 受污染的用户名
* @param int $_min_num 最小位数
* @param int $_max_num 最大位数
* @return string 过滤后的用户名
*/
function _check_username($_string, $_min_num = 2, $_max_num = 20)
{
//去掉两边的空格
$_string = trim($_string);
//长度小于两位或者大于20位
if (mb_strlen($_string, 'utf-8') < $_min_num || mb_strlen($_string, 'utf-8') > $_max_num) {
_alert_back('用户名长度不得小于' . $_min_num . '位或者大于' . $_max_num . '位');
}
//限制敏感字符
$_char_pattern = '/[<>\'\\"\\ \\ ]/';
if (preg_match($_char_pattern, $_string)) {
_alert_back('用户名不得包含敏感字符');
}
//将用户名转义输入
return _mysql_string($_string);
}
if (!isset($_COOKIE['username'])) {
_alert_back('非法登录');
}
//保存图片信息入表
if (isset($_GET['action']) && $_GET['action'] == 'addimg') {
if (!!($_rows = _fetch_array("select tg_uniqid from tg_user where tg_username='******'username']}' limit 1"))) {
//为了防止cookie伪造,还要比对一下唯一标示符uniqid()
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
include ROOT_PATH . 'includes/check.func.php';
//接收数据
$_clean = array();
$_clean['name'] = _check_dir_name($_POST['name'], 2, 20);
$_clean['url'] = _check_photo_url($_POST['url']);
$_clean['content'] = $_POST['content'];
$_clean['sid'] = $_POST['sid'];
$_clean = _mysql_string($_clean);
//写入数据库
_query("insert into tg_photo(\n\t\t\t\t\t\t\t\t\t\t\ttg_name,\n\t\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\t\ttg_content,\n\t\t\t\t\t\t\t\t\t\t\ttg_sid,\n\t\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\t\ttg_date\n\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\tvalues(\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['name']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['content']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sid']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_COOKIE['username']}',\n\t\t\t\t\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t\t\t\t\t\t)");
if (_affected_rows() == 1) {
_close();
_location('图片添加成功', 'photo_show.php?id=' . $_clean['sid']);
} else {
_close();
_alert_back('图片添加失败');
}
} else {
_alert_back('非法登录');
}
}
//取值
if (isset($_GET['id'])) {
tg_sex,
tg_face,
tg_reg_time,
tg_last_time,
tg_last_ip
) values (
'".sha1(uniqid(rand()+$i,true))."',
'狗伏".$i."',
'123456',
'狗伏',
'哈鸡儿',
'*****@*****.**',
'',
'',
'',
'女',
'face/m01.gif',
NOW(),
NOW(),
'{$_SERVER['REMOTE_ADDR']}'
)"; */
$update = "UPDATE tg_user set tg_password = '******'123456')) . "'WHERE tg_password='******'";
for ($_i = 0; $_i < 30; $_i++) {
$_updateface = "UPDATE tg_user set tg_face = 'face/m" . _mysql_string($_i + 24) . ".gif' WHERE tg_username='******'";
_query($_updateface);
}
_closeDB();
echo "success!";
?>
/**
* _check_url 检查输入的个人主页是否合法
*
* @access public
* @param string $url
* @return string 合法的主页地址或null
*/
function _check_url($url)
{
if ('http://' == $url || empty($url)) {
return null;
}
$mode = '/^https?:\\/\\/(\\w+\\.)?[\\w\\-\\.]+(\\.\\w+)+$/';
if (!preg_match($mode, $url)) {
_alert_back("请输入正确的个人主页!");
}
return _mysql_string($url);
}
/**
* _check_url 网址验证
* @access public
* @param string $_string
* @return string $_string 返回验证后的网址
*/
function _check_url($_string, $_max_num)
{
if (empty($_string) || $_string == 'http://') {
return null;
} else {
//http://ww.yc60.com
//?表示0次或者一次
if (!preg_match('/^https?:\\/\\/(\\w+\\.)?[\\w\\-\\.]+(\\.\\w+)+$/', $_string)) {
_alert_back('网址不正确!');
}
if (strlen($_string) > $_max_num) {
_alert_back('网址太长!');
}
}
return _mysql_string($_string);
}
/**
* _check_url 网址验证
* @access public
* @param string $_string
* @return string $_string 返回验证后的网址
*/
function _check_url($_string)
{
if (empty($_string) || $_string == 'http://') {
return null;
} else {
if (!preg_match('/^https?:\\/\\/(\\w+\\.)?[\\w\\-\\.]+(\\.\\w+)+$/', $_string)) {
_alert_back('网址不正确!');
}
}
return _mysql_string($_string);
}
function removeCollect($url, $userid)
{
global $dosql;
if (!empty($userid)) {
$sql = "SELECT * FROM `#@__userinfo` WHERE `userid`='{$userid}'";
if ($result = $dosql->GetOne($sql)) {
//历史记录是否为空
$collect_json = isset($result['collect']) ? $result['collect'] : '';
if (!empty($collect_json)) {
//解析历史记录
$collect = json_decode($collect_json, true);
}
//判断json是否正常解析
if (is_array($collect)) {
foreach ($collect as $k => $v) {
//删除原来的存在的记录
//echo $v['url'].'---'.$demo['url'];exit;
if ($v['url'] == _mysql_string($url)) {
unset($collect[$k]);
}
}
$soku_info['collect'] = is_array($collect) ? json_encode($collect) : '';
$soku_info = _mysql_string($soku_info);
if ($dosql->Update('#@__userinfo', $soku_info, "userid='{$userid}'")) {
return TRUE;
}
}
}
}
}
/**
* 检查qq格式
* @access public
* @param string $_string
* @return string $_string
*/
function _check_qq($_string)
{
if (strlen($_string) < 3 || strlen($_string) > 12) {
_alert_back('QQ位数不正确!');
} elseif (!preg_match('/^[1-9]{1}[0-9]{4,11}$/', $_string)) {
_alert_back('QQ格式不正确!');
}
return _mysql_string($_string);
}
function _check_time($_string)
{
$_time = array('0', '1', '2', '3');
if (!in_array($_string, $_time)) {
_alert_back('A mistake happened in auto login');
}
return _mysql_string($_string);
}
//打开session
session_start();
if ($_GET['action'] == 'register') {
//检查验证码
_checkcode($_POST['code'], $_SESSION['code']);
//引入注册检查过滤的函数库
include ROOT_PATH . 'includes/check.func.php';
//用一个数组保存表单提交个数据
$clean = array();
//生成一个激活id
$clean['active'] = sha1(uniqid(rand(), true));
$clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
$clean['username'] = _check_username($_POST['username'], 2, 20);
$clean['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6);
$clean['sex'] = _mysql_string($_POST['sex']);
$clean['facesrc'] = _mysql_string($_POST['facesrc']);
$clean['passt'] = _check_pwd_question($_POST['passt'], 2, 8);
$clean['passd'] = _check_pwd_answer($_POST['passt'], $_POST['passd'], 2, 8);
$clean['email'] = _check_email($_POST['email'], 6, 40);
$clean['qq'] = _check_qq($_POST['qq']);
$clean['url'] = _check_url($_POST['url']);
//防止重复注册
_is_repeat("SELECT * FROM tg_user WHERE tg_username = '******'username']}'", "用户名重复,请重新注册!");
_query("INSERT INTO tg_user (\r\n tg_uniqid,\r\n tg_username,\r\n tg_password,\r\n tg_question,\r\n tg_answer,\r\n tg_email,\r\n tg_qq,\r\n tg_url,\r\n tg_active,\r\n tg_sex,\r\n tg_face,\r\n tg_reg_time,\r\n tg_last_time,\r\n tg_last_ip\r\n ) values (\r\n '{$clean['uniqid']}',\r\n '{$clean['username']}',\r\n '{$clean['password']}',\r\n '{$clean['passt']}',\r\n '{$clean['passd']}',\r\n '{$clean['email']}',\r\n '{$clean['qq']}',\r\n '{$clean['url']}',\r\n '{$clean['active']}',\r\n '{$clean['sex']}',\r\n '{$clean['facesrc']}',\r\n NOW(),\r\n NOW(),\r\n '{$_SERVER['REMOTE_ADDR']}'\r\n )");
if (_affect_rows() != 1) {
_closeDB();
_session_destroy();
_location("注册失败,请重新注册!", 'register.php');
} else {
_closeDB();
_session_destroy();
*/
session_start();
//定义个常量,用来授权调用includes里面的文件
define('IN_TG', true);
//定义个常量,用来指定本页的内容
define('SCRIPT', 'member_flower');
//引入公共文件
require dirname(__FILE__) . '/includes/common.inc.php';
//判断是否登录
if (!isset($_COOKIE['username'])) {
_alert_back('请先登录!');
}
//批删除花朵
if ($_GET['action'] == 'delete' && isset($_POST['ids'])) {
$_clean = array();
$_clean['ids'] = _mysql_string(implode(',', $_POST['ids']));
//为了防止cookies伪造,还要比对一下唯一标识符uniqid()
if (!!($_rows = _fetch_array("SELECT\n tg_uniqid\n FROM\n tg_user\n WHERE\n tg_username='******'username']}'\n LIMIT\n 1"))) {
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
_query("DELETE FROM\n\t tg_flower\n\t WHERE\n\t tg_id\n\t IN\n\t ({$_clean['ids']})");
if (_affected_rows()) {
_close();
_location('花朵删除成功', 'member_flower.php');
} else {
_close();
_alert_back('花朵删除失败');
}
} else {
_alert_back('非法登录');
}
}
/**
*
* _mysql_string to check whether automatic escaping is on
* @access public
* @param string or array $_string
* return string $_string an escaped string
*/
function _mysql_string($_string)
{
//if get_magic_quotes_gpc() is on, escaping is not necessary
if (!GPC) {
if (is_array($_string)) {
foreach ($_string as $_key => $_value) {
$_string[$_key] = _mysql_string($_value);
}
} else {
$_string = mysql_real_escape_string($_string);
}
}
return $_string;
}
/**
*用于检测url是否合法
*/
function _check_url($_string, $_max_num = 40)
{
if (empty($_string) || $_string == 'http://') {
return null;
} else {
if (!preg_match('/^https?:\\/\\/(\\w+\\.)?[\\w\\-\\.]+(\\.\\w+)+$/', $_string)) {
_alert_back('url格式不正确');
}
if (strlen($_string) > $_max_num) {
_alert_back('网址太长');
}
}
return _mysql_string($_string);
}
/**
* _mysql_string
* @param string $_string
* @return string $_string
*/
function _mysql_string($_string)
{
//get_magic_quotes_gpc()如果开启状态,那么就不需要转义
if (!GPC) {
if (is_array($_string)) {
foreach ($_string as $_key => $_value) {
$_string[$_key] = _mysql_string($_value);
//这里采用了递归,如果不理解,那么还是用htmlspecialchars
}
} else {
$_string = mysql_real_escape_string($_string);
}
}
return $_string;
}
* ================================================
* Author:zhangshuhui
* Date: 2014-5-27
*/
//定义个常量,用来授权调用includes里面的文件
define('IN_TG', true);
//定义个常量,用来指定本页的内容
define('SCRIPT', 'active');
//引入公共文件
require dirname(__FILE__) . '/includes/common.inc.php';
//开始激活处理
if (!isset($_GET['active'])) {
_alert_back('非法操作');
}
if (isset($_GET['action']) && isset($_GET['active']) && $_GET['action'] == 'ok') {
$_active = _mysql_string($_GET['active']);
if (_fetch_array("SELECT active \n\t\t\tFROM tb_user \n\t\t\tWHERE active='{$_active}' \n\t\t\tLIMIT 1")) {
//将active设置为空
_query("UPDATE tb_user \n\t\tSET active=NULL \n\t\tWHERE active='{$_active}' \n\t\tLIMIT 1");
if (_affected_rows() == 1) {
_close();
_location('账户激活成功', 'login.php');
} else {
_close();
_location('账户激活失败', 'register.php');
}
} else {
_alert_back('非法操作');
}
}
?>
/**
* 生成唯一标识符
* @return unknown|string
*/
function _sha1_uniqid()
{
return _mysql_string(sha1(uniqid(rand(), true)));
}
/**
* _check_content检查内容
* @param $content
*/
function _check_content($content)
{
//判断是否为空
if ($content == '') {
_alert_back('内容不可以为空!');
}
//判断是否含有敏感字符
$char_patern = '/[<>\'\\"]/';
if (preg_match($char_patern, $content)) {
_alert_back('内容不得包含敏感字符!\\n如:英文状态下的< >和单双引号');
}
return _mysql_string($content);
}
/**
*
* _check_url checks an URL format
* @access public
* @param string $_string
* @return string $_string checked URL
*/
function _check_url($_string, $_max_num = 40)
{
if (empty($_string) || $_string == 'http://') {
return NULL;
} else {
$_char_pattern = '/^https?:\\/\\/(\\w+\\.)?[\\w\\-\\.]+(\\.\\w+)+$/';
if (!preg_match($_char_pattern, $_string)) {
_alert_back('Wrong URL format');
}
if (strlen($_string) > $_max_num) {
_alert_back('The site is too long');
}
}
return _mysql_string($_string);
}
/**
* _mysql_string
* @param string $_string
* @return string
*/
function _mysql_string($_string)
{
//get_magic_quotes_gpc()如果开启状态,那么就不需要转移
if (!GPC) {
if (is_array($_string)) {
foreach ($_string as $_key => $_value) {
$_string[$_key] = _mysql_string($_value);
}
} else {
mysql_real_escape_string($_string);
}
}
return $_string;
}
function _check_uniqid($_first_uniqid, $_end_uniqid)
{
if (strlen($_first_uniqid) != 40 || $_first_uniqid != $_end_uniqid) {
_alert_err('唯一标识符异常!');
}
return _mysql_string($_first_uniqid);
}