$clean['email'] = check_email($_POST['email'], 6, 40); $clean['qq'] = check_qq($_POST['qq']); $clean['url'] = check_url($_POST['url'], 40); $clean['switch'] = $_POST['switch']; $clean['signature'] = check_signature($_POST['signature'], 200); //修改资料 if (empty($clean['password'])) { query("UPDATE bbs_users SET \n bbs_sex='{$clean['sex']}',\n bbs_photo='{$clean['photo']}',\n bbs_email='{$clean['email']}',\n bbs_qq='{$clean['qq']}',\n bbs_url='{$clean['url']}',\n bbs_switch='{$clean['switch']}',\n bbs_signature='{$clean['signature']}'\n WHERE\n bbs_username='******'username']}'\n "); } else { query("UPDATE bbs_users SET \n bbs_password='******'password']}',\n bbs_sex='{$clean['sex']}',\n bbs_photo='{$clean['photo']}',\n bbs_email='{$clean['email']}',\n bbs_qq='{$clean['qq']}',\n bbs_url='{$clean['url']}',\n bbs_switch='{$clean['switch']}',\n bbs_signature='{$clean['signature']}'\n WHERE\n bbs_username='******'username']}'\n "); } //可以生成新的唯一标识符,这样更安全 } //判断是否修改成功 //当什么都是不修改时,影响条数为0 if (affected_rows() >= 0) { //关闭数据库 close(); //清除session //session_destroy(); //跳转到首页 location('恭喜您修改成功!', 'userzone.php'); } else { //关闭数据库 close(); //session_destroy(); //跳转到首页 location('修改失败', 'modify.php'); } } //是否登录状态
require dirname(__FILE__) . '/includes/common.inc.php'; //判断登录状态 if (!isset($_COOKIE['username'])) { location('请先登录再进行本操作!', 'login.php'); } //批量删除模块 if (@$_GET['action'] == 'delete' && isset($_POST['ids'])) { $clean = array(); $clean['ids'] = mysql_real_escape_string(implode(',', $_POST['ids'])); //要删除的时候,需要进行唯一标识符验证,避免恶意删除 if (!!($rows1 = fetch_array("SELECT bbs_uniqid FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) { //为了防止cookie伪造,要比对一下唯一标识符uniqid uniqid_check($rows1['bbs_uniqid'], $_COOKIE['uniqid']); query("DELETE FROM bbs_message WHERE bbs_id in ({$clean['ids']})"); //判断是否删除成功 if (affected_rows()) { //关闭数据库 close(); //跳转到首页 location('私信删除成功!', 'message_detail.php'); } else { //关闭数据库 close(); alert('删除失败'); } } else { alert('非法操作'); } } //分页模块 global $page_size, $page_num;
* @Last Modified time: 2015-12-20 21:21:03 */ //定义一个常量,用来授权调用includes里面的文件 define('IN_TG', true); //引入公共文件,转换成硬路径,速度更快 require dirname(__FILE__) . '/includes/common.inc.php'; if (!isset($_GET['active'])) { alert('非法操作'); } //开始激活处理 if (isset($_GET['action']) && isset($_GET['active']) && $_GET['action'] == 'ok') { $active = mysql_real_escape_string($_GET['active']); if (fetch_array("SELECT bbs_active FROM bbs_users WHERE bbs_active='{$active}' LIMIT 1")) { //将bbs_active设置为空 query("UPDATE bbs_users SET bbs_active=NULL WHERE bbs_active='{$active}' LIMIT 1"); if (affected_rows() == 1) { close(); location('账户激活成功', 'login.php'); } else { close(); location('账户激活失败', 'register.php'); } //火狐有兼容问题,???? } else { alert('非法操作'); } } ?> <!DOCTYPE html> <html lang="en"> <head>
} else { alert('非法操作'); } } else { alert('此私信不存在'); } } //根据id查询私信内容 if (isset($_GET['id'])) { //获取数据 $rows = fetch_array("SELECT bbs_id,bbs_fromuser,bbs_content,bbs_state,bbs_date FROM bbs_message WHERE bbs_id='{$_GET['id']}' LIMIT 1"); if ($rows) { //如果状态为空(0),就将状态设置为已读(1) if (empty($rows['bbs_state'])) { query("UPDATE bbs_message SET bbs_state=1 WHERE bbs_id='{$_GET['id']}' LIMIT 1"); if (!affected_rows()) { alert('私信状态异常'); } } $html = array(); $html['id'] = $rows['bbs_id']; $html['fromuser'] = $rows['bbs_fromuser']; $html['content'] = $rows['bbs_content']; $html['date'] = $rows['bbs_date']; $html = html($html); } else { location(null, 'message_detail.php'); } } else { location(null, 'message.php'); }
$country = $post_get->getenumkeys("country", $langCountries); $birth = $post_get->getenumkeys("birth", $langBirthes); $rank = $post_get->getenumkeys("rank", $langRanks); $quota = $post_get->getenumkeys("quota", $langQuotas); $quenta = $post_get->getvar("quenta"); $wishes2 = $post_get->getvar("wishes2"); $go_royal_wedding = $post_get->getvar("go_royal_wedding", "0|1", "0"); if (isAdmin($editorid)) { $master_note = $post_get->getvar("master_note"); } else { $sql = "SELECT master_note\n\t\tFROM " . PREF . "users\n\t\tWHERE id={$userid}\n\t\tLIMIT 1"; $master_note = (string) db_result00($sql); } $sql = "UPDATE " . PREF . "users\n\tSET name='{$name}',\n\t\tnick='{$nick}',\n\t\tcity='{$city}',\n\t\tage='{$age}',\n\t\tcontacts='{$contacts}',\n\t\tcontraindication='{$contraindication}',\n\t\tchronicdesease='{$chronicdesease}',\n\t\twishes='{$wishes}',\n\t\tpublicity='{$publicity}',\n\t\tcharacter_name='{$character_name}',\n\t\tcharacter_age='{$character_age}',\n\t\tcountry='{$country}',\n\t\tbirth='{$birth}',\n\t\trank='{$rank}',\n\t\tquota='{$quota}',\n\t\tquenta='{$quenta}',\n\t\twishes2='{$wishes2}',\n\t\tmaster_note='{$master_note}',\n\t\tgo_royal_wedding={$go_royal_wedding}\n\n\tWHERE id={$userid}\n\tLIMIT 1"; query($sql); $updated = (bool) affected_rows(); if (isset($_FILES["photo"]) && $_FILES["photo"]['error'] != 4) { $options = new FileUploadOptions(); $options->key = "photo"; $options->extensions = ["png", "jpg", "jpeg", "gif"]; $options->dir = "../photos/"; $options->is_critical = true; $options->neoname = photoFileName($email) . ".jpg"; if (file_exists("../photos/{$options->neoname}")) { unlink("../photos/{$options->neoname}"); } $filename = file_upload($options); if ($filename != $options->neoname) { rename("../photos/" . $filename, "../photos/" . $options->neoname); } $updated = true;