/** +-------------------------------------------------- * 生成图片缩略图 +-------------------------------------------------- */ public function img_thumb() { $gData = checkData($_GET); $w = $gData['w'] + 0; $h = $gData['h'] + 0; $allow_width = array(300, 720); $allow_height = array(168, 405); if (!in_array($w, $allow_width)) { die(json_encode(array('code' => -201, "msg" => "参数错误"))); } if (!in_array($h, $allow_height)) { die(json_encode(array('code' => -202, "msg" => "参数错误"))); } $img_path = substr(HTML_PATH, 0, -1); ///images/videos/14999572630/screenshot/1d1c67cd5c1926a6e379fb78c711b87b_360X640.png $img_file = MD5(xxx); if (!file_exists($img_file)) { //生成图片 } else { //读取图片 } // $this->img_operate->open($img_path.$addData['pic_url']); // if ($this->img_operate->width() == '135' && $this->img_operate->height() == '135') { // $this->img_operate->save(HTML_PATH . '/images/videos/' . $_v['video_id'] . '/yingyongbao/', $imageName); // } else { // $this->img_operate->thumb(300, 300, 3)->save(HTML_PATH . '/images/videos/' . $_v['video_id'] . '/yingyongbao/', $imageName); // $this->img_operate->open(HTML_PATH . '/images/videos/' . $_v['video_id'] . '/yingyongbao/' . $imageName); // $this->img_operate->thumb(135, 135, 1)->save(HTML_PATH . '/images/videos/' . $_v['video_id'] . '/yingyongbao/', $imageName); // } // // $this->img_operate->thumb(300, 300, 3)->save(HTML_PATH . '/images/videos/' . $_v['video_id'] . '/yingyongbao/', $imageName); // $this->img_operate->open(HTML_PATH . '/images/videos/' . $_v['video_id'] . '/yingyongbao/' . $imageName); }
/** markdown格式接口 */ public function develop_public() { $gData = checkData($_GET); $int_opt = $gData['int_opt']; if (!$int_opt) { ajaxReturn('非法操作[缺少必须参数]', 300); } //样式 echo '<style> .markdown-here-wrapper h1{ font-size: 20px; font-weight:bold; margin-top: 10px;} .markdown-here-wrapper h2{ font-size: 18px; font-weight:bold; margin-top: 10px;} .markdown-here-wrapper h3{ font-size: 16px; font-weight:bold; margin-top: 10px;} .markdown-here-wrapper table{ border-collapse: collapse; border: 1px solid yellowgreen;} .markdown-here-wrapper th { vertical-align: baseline; border: 1px solid yellowgreen; font-weight:bold; font-size: 18px;} .markdown-here-wrapper td { vertical-align: middle; border: 1px solid yellowgreen; font-size: 18px;} .markdown-here-wrapper tr { border: 1px solid yellowgreen;} .markdown-here-wrapper p a{font-size: 16px;} </style>'; $output = $text = file_get_contents(MODULE_PATH . 'develop_info/' . $int_opt . '.md'); $parser = new MarkdownExtra(); $my_html = $parser->transform($output); $this->s->assign('my_html', $my_html); $this->s->display('interface_admin/interface_list.html'); }
/** 用户登录 */ public function login() { $pData = checkData($_POST); $AdminUserTable = $this->OperateTable['AdminUserTable']; $AdminRoleTable = $this->OperateTable['AdminRoleTable']; $user_name = $pData['user_name']; $user_pass = $pData['user_pass']; $verify_code = $pData['verify_code']; //已经登录,跳转到管理首页 $user_id = !empty($_SESSION['user_id']) ? $_SESSION['user_id'] : 0; if ($user_id) { toUrl('INDEX'); } if ($user_name && !$user_pass) { $this->s->assign('error', '请同时输入账号、密码和动态密码'); } if ($pData) { if (MD5($verify_code) != $_SESSION['verify_code']) { $this->s->assign('error', '验证码错误!'); $this->s->display('admin/login.html'); exit; } } if ($pData && $user_name && $user_pass) { /* //获取密保key $sql = "SELECT mb_key FROM $AdminUserTable WHERE user_name='{$user_name}' AND status=1"; $userData = $this->db->get($sql); $mb_key = $userData['mb_key']; $pass = MD5(MD5($mb_key . $user_pass)); */ $pass = MD5($user_pass); $sql = "SELECT user_id,user_name,role_id,auth FROM {$AdminUserTable} WHERE user_name='{$user_name}' AND user_pass='******' AND status=1"; $data = $this->db->get($sql); if ($data) { $ip = $_SERVER['REMOTE_ADDR']; $ltime = time(); $login_sql = "UPDATE {$AdminUserTable} SET lastlogin_ip='{$ip}',lastlogin_time={$ltime},login_times=login_times+1 WHERE user_name='" . $data['user_name'] . "'"; $this->db->query($login_sql); $_SESSION['user_id'] = array('user_id' => $data['user_id'], 'user_name' => $data['user_name']); //权限记录[菜单操作权限] if ($data['user_id'] == 1) { //超级管理员,所有权限 $_SESSION['user_id']['actionid'] = 'all'; } else { //权限组权限+用户单独权限 $auth_sql = "SELECT auth FROM {$AdminRoleTable} WHERE role_id=" . $data['role_id']; $auth_data = $this->db->get($auth_sql); $_SESSION['user_id']['actionid'] = array_merge((array) unserialize($data['auth']), (array) unserialize($auth_data['auth'])); } toUrl('INDEX'); //跳转至首页 } else { $this->s->assign('error', "账号或密码错误"); } } $this->s->display('admin/login.html'); }
function checkEmail($email) { global $errors; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors['email'] = "Invalid email format"; } return checkData($email); }
/** 左侧菜单栏[横向导航条] */ public function left() { $getData = checkData($_GET); //管理菜单 $mid = !empty($getData['mid']) ? $getData['mid'] : 2; //默认管理游戏盒子 $menuData = $this->leftMenu($mid); $this->s->assign('menuData', $menuData); $this->s->display('system/leftMenu.html'); }
function checkData($data) { if (is_array($data)) { foreach ($data as $key => $v) { $data[$key] = checkData($v); } } else { $data = getStr($data); } return $data; }
/** *更新bid */ public function deleteBid() { $pData = checkData($_REQUEST); $id = $pData['id']; if (!$id) { ajaxReturn('不能为空', 300); } $delete_sql = "DELETE FROM waplog.`wap_bid_list` where id={$id}"; if ($this->db->query($delete_sql)) { ajaxReturn('删除成功', 200); } else { ajaxReturn('删除失败', 300); } /* $id = $gData['id']; $sql = "select * from waplog.`wap_bid_list` WHERE id={$id}"; $data = $this->db->get($sql); $this->s->assign('result', $data);*/ }
if (empty($userID2)) { alertInfo('短信未配置,请配置', "site_sms.php", 0); } $tags = sqlReplace(trim($_POST['receiver'])); //收件人 $tags = str_replace(';', ';', $tags); $tags = str_replace('#', '', $tags); $tags = str_replace('$', '', $tags); //$total=sqlReplace(trim($_GET['total']));//此次发送的数量 $emailstr = sqlReplace(trim($_POST['receiver'])); //收件人 $emailstr = str_replace(';', ';', $emailstr); $content = sqlReplace(trim($_POST['fbContent'])); //短信内容 checkData($emailstr, '收件人', 1); checkData($content, '短信内容', 1); //对收件人$emailstr进行处理 $alltel = ''; $tgs = ''; if ($emailstr) { $emailarr = explode(';', $emailstr); $i = 0; $j = 0; $total = 0; foreach ($emailarr as $t) { if ($t) { $email = ''; $tg = ''; //if(preg_match('/#(.*?)#/',$t,$info)){ $substr_t = substr($t, 0, 1); if ($substr_t == '#') {
<?php /** * userorderscore2.php */ require_once "usercheck2.php"; $POSITION_HEADER = "用户中心"; $id = sqlReplace(trim($_GET['id'])); checkData($id, 'id', 1); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="style.css" type="text/css"/> <link rel="icon" href="<?php echo $imgstr2; ?> " type="image/x-icon" /> <link rel="shortcut icon" href="<?php echo $imgstr2; ?> " type="image/x-icon" /> <script src="js/jquery-1.3.1.js" type="text/javascript"></script> <script src="js/addbg.js" type="text/javascript"></script> <script src="js/tab.js" type="text/javascript"></script> <title> 用户中心 - <?php echo $SHOP_NAME; ?> - <?php echo $powered;
<?php /** * shopreg_do.php */ require_once "../include/dbconn.php"; $act = sqlReplace(trim($_GET['act'])); switch ($act) { case "login": $account = sqlReplace(trim($_POST['account'])); $pwd = sqlReplace(trim($_POST['pw'])); checkData($account, '用户名', 1); checkData($pwd, '密码', 1); $code = sqlReplace(trim($_POST["imgcode"])); //验证码 if (empty($code)) { alertInfo('验证码不能为空', "", 1); } if ($code != $_SESSION['imgcode']) { alertInfo('验证码不正确,请检查!', "", 1); } $sql = "select * from qiyu_shop where shop_account='" . $account . "'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $salt = $rows['shop_salt']; $pw = md5(md5($pwd) . $salt); $sqlStr = "select * from qiyu_shop where shop_account='" . $account . "' and shop_password='******'"; $rs_r = mysql_query($sqlStr); $row = mysql_fetch_assoc($rs_r); if ($row) {
$pw = sqlReplace($_POST['pw']); $repw = sqlReplace($_POST['repw']); $vCode = sqlReplace($_POST['vcode']); //$code = sqlReplace($_POST['a']); $agree = sqlReplace($_POST['agree']); $p = empty($_GET['p']) ? '' : sqlReplace(trim($_GET['p'])); //从订单页来的标示 $shopID = empty($_GET['shopID']) ? '0' : sqlReplace(trim($_GET['shopID'])); $shopSpot = empty($_GET['shopSpot']) ? '0' : sqlReplace(trim($_GET['shopSpot'])); $shopCircle = empty($_GET['shopCircle']) ? '0' : sqlReplace(trim($_GET['shopCircle'])); $savesession = $phone . ',' . $agree; //存session $_SESSION['reginfo1'] = $savesession; checkData($phone, '手机号', 1); checkData($pw, '密码', 1); checkData($repw, '确认密码', 1); if ($pw != $repw) { alertInfo("两次输入的密码不同", "userreg.php", 0); } /* if ($vCode!=$code){ alertInfo("验证码错误","",1); } */ if ($vCode != $_SESSION["imgcode"]) { alertInfo("验证码错误", "", 1); } if (empty($agree) && $site_isshowprotocol == '1') { alertInfo("请选择同意协议", "", 1); } //检查手机的存在 $sqlStr = "select user_id from qiyu_user where user_phone='" . $phone . "'";
define('BASE_PATH', dirname(__FILE__) . DIRECTORY_SEPARATOR . '../../' . DIRECTORY_SEPARATOR); define('MODULE_PATH', BASE_PATH . 'modules' . DIRECTORY_SEPARATOR); //模块文件夹地址 define('MODEL_PATH', BASE_PATH . 'model' . DIRECTORY_SEPARATOR); //模型文件夹地址 define('CLASS_PATH', BASE_PATH . 'common/libs/classes' . DIRECTORY_SEPARATOR); //公共类文件夹地址 define('FUNC_PATH', BASE_PATH . 'common/libs/functions' . DIRECTORY_SEPARATOR); //公共函数文件夹地址 define('CACHE_PATH', BASE_PATH . 'caches' . DIRECTORY_SEPARATOR); //缓存文件夹路径 require_once FUNC_PATH . 'global.func.php'; require_once CLASS_PATH . 'mysql.class.php'; require_once CLASS_PATH . 'tpl.class.php'; require_once CLASS_PATH . 'Base.class.php'; $getData = checkData($_GET); $module = 'v3'; if (isset($_SERVER["PATH_INFO"])) { list($n, $c, $a) = explode('/', $_SERVER["PATH_INFO"]); $control = empty($c) ? 'index' : strtolower($c); $action = empty($a) ? 'index' : strtolower($a); } else { $control = !empty($getData['c']) ? $getData['c'] : 'index'; $action = !empty($getData['a']) ? $getData['a'] : 'index'; } $controlFile = MODULE_PATH . $module . DIRECTORY_SEPARATOR . $control . '.php'; if (!file_exists($controlFile)) { die('Forbidden!'); } require_once $controlFile; $name = '\\modules\\' . $module . '\\' . $control;
<?php //our control //form_catcher.php require 'model/model.php'; function getPostTime() { return date("Y-m-d h:i:s", time()); } function checkData() { $data_array = null; if (isset($_POST['username']) && isset($_POST['message'])) { if ($_POST['username'] != "" && $_POST['message'] != "") { $data_array = array("username" => $_POST['username'], "message" => $_POST['message'], "time" => getPostTime()); } } return $data_array; } if ($data_array = checkData()) { writeToFile($data_array); } header("Location: index.php");
<?php /** * demand.php 提交需求 */ require 'include/dbconn.php'; $content = sqlReplace(trim($_GET['content'])); checkData($content, '内容', 1); $ip = $_SERVER['REMOTE_ADDR']; $sql = "insert into " . WIIDBPRE . "_demand(demand_content,demand_addtime,demand_ip) values('" . $content . "',now(),'" . $ip . "')"; $rs = mysql_query($sql); if (!$rs) { //alertInfo('此收藏已不存在',"usercenter.php?tab=4",0); echo '未知原因,提交失败'; } else { echo '感谢您的关注,我们会尽快开发您周边的餐厅'; }
/** 修改帐号密码 */ public function chang_user_pass() { $pData = checkData($_POST); $AdminUserTable = $this->OperateTable['AdminUserTable']; $user_name = $_SESSION['user_id']['user_name']; $user_id = $_SESSION['user_id']['user_id']; if ($user_name == 'weedong91admin' || $user_id == 1) { ajaxReturn('不能修改超级管理员帐号密码', 300); } $info_sql = "SELECT user_id,user_pass,user_name FROM {$AdminUserTable} WHERE user_id={$user_id} LIMIT 1"; $infoData = $this->db->get($info_sql); $uData['user_id'] = $infoData['user_id']; $uData['user_name'] = $infoData['user_name']; $uData['user_pass'] = $infoData['user_pass']; if ($user_name != $uData['user_name'] || $user_id != $uData['user_id']) { ajaxReturn('非法操作[!!!]', 300); } if ($pData) { /*$old_pass = MD5(MD5($pData['old_pass'])); $user_pass = MD5(MD5($pData['user_pass'])); $auth_pass = MD5(MD5($pData['auth_pass']));*/ $old_pass = MD5($pData['old_pass']); $user_pass = MD5($pData['user_pass']); $auth_pass = MD5($pData['auth_pass']); if ($user_pass != $auth_pass) { ajaxReturn('两次密码输入不同,请重新输入', 300); } if ($old_pass != $uData['user_pass']) { ajaxReturn('您的旧密码错误,请重新输入', 300); } $sql = "UPDATE {$AdminUserTable} SET user_pass='******' WHERE user_id=" . $uData['user_id'] . " AND user_pass='******'user_pass'] . "' LIMIT 1"; if ($this->db->query($sql)) { $this->setLog('修改用户密码{' . $user_name . '}成功!'); $back_json = '{ "statusCode":"200", "message":"修改用户密码{' . $user_name . '}成功!", "callbackType":"closeCurrent" }'; echo $back_json; exit; } else { $this->setLog('修改用户密码{' . $user_name . '}失败!'); ajaxReturn('修改用户密码{' . $user_name . '}失败!', 300); } } $this->s->assign('uData', $uData); $this->s->display('admin/chang_user_pass.html'); }
$content = str_replace("'", "'", $content); $content = str_replace("<br />", "</p><p>", $content); //检验数据的合法性 checkData($title, '标题', 1); $sql = "select * from " . WIIDBPRE . "_about where about_id=" . $id; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if (!$row) { alertInfo('非法操作', 'about_list.php', 0); } else { $sql2 = "update " . WIIDBPRE . "_about set about_title='" . $title . "',about_type='" . $type . "',about_content='" . $content . "' where about_id=" . $id; if (mysql_query($sql2)) { alertInfo('修改成功', 'about.php', 0); } else { alertInfo('修改失败,原因SQL出现异常', 'about.php', 0); } } break; case "save": $i = trim($_POST['i']); for ($x = 1; $x <= $i; $x++) { $id = $_POST['id' . $x]; $id = checkData($id, 'ID', 0); $order = $_POST['order' . $x]; $order = checkData($order, 'ID', 0); $sql = "update " . WIIDBPRE . "_about set about_order=" . $order . " where about_id=" . $id . ""; mysql_query($sql); } alertInfo('保存成功!', "about.php", 0); break; }
$sql2 = "update qiyu_order set order_status='1' where order_id=" . $id . " and order_status='0'"; if (mysql_query($sql2)) { //添加订单记录 $orderContent = "<span class='greenbg'><span><span>我们正在下单</span></span></span>"; $orderContent .= "亲,大厨正在努力烹制美味的食物,请耐心等待!"; addOrderType($order, HTMLEncode($orderContent)); alertInfo('确定成功', 'userorder.php?key=' . $key . $url, 0); } else { alertInfo('确定失败,原因SQL出现异常', 'userorder.php?key=' . $key . $url, 0); } } break; case 'finish': $id = sqlReplace(trim($_GET['id'])); $key = sqlReplace(trim($_GET['key'])); $id = checkData($id, "ID", 0); $sql = "select * from qiyu_order where order_id=" . $id . " and order_status='1'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if (!$row) { alertInfo('订单不存在', 'userorder.php?key=' . $key . $url, 0); } else { $order = $row['order_id2']; $sql2 = "update qiyu_order set order_status='4' where order_id=" . $id . " and order_status='1'"; if (mysql_query($sql2)) { //添加订单记录 $orderContent = "<span class='greenbg'><span><span>订单已完成</span></span></span>"; $orderContent .= "亲,享受美味的时候,别忘了继续光顾" . $SHOP_NAME . "哦,我们将更好的为您服务。"; addOrderType($order, HTMLEncode($orderContent)); $sql3 = "select order_user,order_id,order_id2 from qiyu_order where order_id=" . $id . " and order_status='4'"; $results = mysql_query($sql3);
} else { setTmpMapLastEdit(); print json_encode(array("error" => false)); } } elseif ($_POST['mode'] == "addNetworkBox") { $networkBoxType = $obj->{'networkBoxType'}; $invNum = $obj->{'invNum'}; $boxId = addNetworkBox($networkBoxType, $invNum, TRUE); if (isset($boxId['id'])) { $result = array("NetworkBoxId" => $boxId['id']); } else { $result = array("error" => isset($boxId['error']) ? $boxId['error'] : NULL); } setTmpMapLastEdit(); setMapUserActivity($uId); print json_encode($result); die; } elseif ($_POST['mode'] == "save") { $result = saveTmpData(); if (defined($result['error'])) { print json_encode(array("error" => $result['error'])); } else { print json_encode(array("error" => false)); } } elseif ($_POST['mode'] == "cancel") { setMapLastEdit(); $result = checkData(); print json_encode($result); } setMapUserActivity($uId); }
*/ if ($_POST) { $share = '0'; // check data if (isset($_POST['umessage'])) { $_POST['umessage'] = checkData($_POST['umessage']); } // check data & strip tags if (isset($_POST['toname'])) { $_POST['toname'] = checkData(strip_tags($_POST['toname'])); } if (isset($_POST['umid'])) { $_POST['umid'] = checkData(strip_tags($_POST['umid'])); } if (isset($_POST['newRoomName'])) { $_POST['newRoomName'] = checkData(strip_tags($_POST['newRoomName'])); } // check data is numeric if (isset($_POST['uid'])) { $_POST['uid'] = checkNumeric($_POST['uid']); } if (isset($_POST['room'])) { $_POST['room'] = checkNumeric($_POST['room']); } if (isset($_POST['addRoom'])) { $_POST['addRoom'] = checkNumeric($_POST['addRoom']); } if (isset($_POST['newRoomOwner'])) { $_POST['newRoomOwner'] = checkNumeric($_POST['newRoomOwner']); } if (isset($_POST['status'])) {
echo "H"; exit; } } else { echo "H"; exit; } //echo "E|".$vercodePhone; } break; case "update": $phone = sqlReplace($_POST['phone']); $pw = sqlReplace($_POST['pw']); $pw2 = sqlReplace($_POST['repw']); checkData($pw, '新密码', 1); checkData($pw2, '确认密码', 1); if ($pw != $pw2) { alertInfo("两次输入的密码不同", "", 1); } $sql = "select * from qiyu_user where user_phone='" . $phone . "'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $vercode = getRndCode(6); $pw = md5(md5($pw . $vercode)); $sqlStr = "update qiyu_user set user_password='******',user_salt='" . $vercode . "' where user_phone='" . $phone . "'"; mysql_query($sqlStr); alertInfo("修改成功,请登录", "userlogin.php", 0); } else { alertInfo("手机号不存在", "userpw.php", 0); }
</select> </td> </tr> <tr> <td align="right" colspan="2"><input type="submit" value="Submit" name="submit" ></td> </tr> </form> </table> <?php require "db_utils.php"; if (isset($_POST['submit'])) { if ($_POST['password'] == $_POST['password2']) { if (checkData($_POST["user_name"], $_POST["password"], $_POST["user_email"])) { $regtime = time(); writeUserInDatabase($_POST["user_name"], $_POST["password"], $_POST["user_email"], $regtime, $_POST["account"]); $_SESSION['user_name'] = $_POST['user_name']; header("location: index.php"); } } else { echo "<p>Passwords don't match. \n Please try again.</p>"; } } ?> <div id="alreadyreg"> <a href="login.php">Already registered? Please Login! </a>
$error = "It is too long."; } } } } return $error; } if (!empty($_POST)) { $data = cleanData($_POST); $errors['survey-name'] = checkData($data['survey-name'], 3, 50, 0); $errors['survey-description'] = checkData($data['survey-description'], 3, 250, 0); $errors['choice1'] = checkData($data['choice1'], 2, 50, 0); $errors['choice2'] = checkData($data['choice2'], 2, 50, 0); $errors['choice3'] = checkData($data['choice3'], 2, 50, 1); $errors['choice4'] = checkData($data['choice4'], 2, 50, 1); $errors['choice5'] = checkData($data['choice5'], 2, 50, 1); $req = $pdo->prepare('SELECT id, name FROM surveys WHERE name = :name'); $req->bindvalue(':name', $data['survey-name'], PDO::PARAM_STR); $req->execute(); if ($res = $req->fetch()) { $dataId = $res['id']; $errors['survey-name'] = 'This survey already exists'; $disableForm = 'This survey already exists, <a href="survey-' . $dataId . '.html">please check it.</a>'; } foreach ($errors as $key => $value) { if (empty($value)) { unset($errors[$key]); } } if (empty($errors)) { $req = $pdo->prepare('INSERT INTO surveys(name, description, choice1, choice2, choice3, choice4, choice5) VALUES (:name, :description, :choice1, :choice2, :choice3, :choice4, :choice5)');
*/ require 'include/dbconn.php'; $user_account = sqlReplace(trim($_POST['z_phone'])); $loginUrl = $_SESSION['login_url']; $pw = sqlReplace(trim($_POST['pw'])); $cookie = empty($_POST['cookie']) ? "" : sqlReplace($_POST['cookie']); $re_name = empty($_POST['re_name']) ? "" : sqlReplace($_POST['re_name']); $sinaUid = empty($_SESSION['sinaUid']) ? '' : sqlReplace($_SESSION['sinaUid']); $sinaNick = empty($_SESSION['sinaNick']) ? '' : sqlReplace($_SESSION['sinaNick']); $p = empty($_GET['p']) ? '' : sqlReplace(trim($_GET['p'])); //从订单页来的标示 $shopID = empty($_GET['shopID']) ? '0' : sqlReplace(trim($_GET['shopID'])); $shopSpot = empty($_GET['shopSpot']) ? '0' : sqlReplace(trim($_GET['shopSpot'])); $shopCircle = empty($_GET['shopCircle']) ? '0' : sqlReplace(trim($_GET['shopCircle'])); checkData($user_account, '手机号', 1); checkData($pw, '密码', 1); $sqlStr = "select * from " . WIIDBPRE . "_user where user_account='" . $user_account . "'"; $result = mysql_query($sqlStr) or die("查询失败,请检查SQL语句。"); $row = mysql_fetch_assoc($result); if ($row) { $ip = $_SERVER['REMOTE_ADDR']; $pwd = md5(md5($pw . $row['user_salt'])); $sql = "select * from qiyu_user where user_account='" . $user_account . "' and user_password='******'"; $rs = mysql_query($sql); $rows = mysql_fetch_assoc($rs); if ($rows) { $sql2 = "update qiyu_user set user_experience=user_experience+" . expUserLogin . " where user_account='" . $user_account . "' and user_password='******'"; mysql_query($sql2); date_default_timezone_set('PRC'); $time = date('Y-m-d H:i:s'); if (!empty($sinaUid)) {
<?php /** * area_ajax.php */ require '../include/dbconn.php'; $str = ''; $act = $_POST['act']; if ($act == "circle") { $area_id = sqlReplace(trim($_POST['area_id'])); checkData($area_id, "ÇøÓòID", 0); $sql = "select ac.areacircle_circle,c.circle_name from " . WIIDBPRE . "_areacircle ac," . WIIDBPRE . "_circle c where ac.areacircle_circle=c.circle_id and areacircle_area=" . $area_id; $rs = mysql_query($sql); while ($rows = mysql_fetch_assoc($rs)) { $str .= "<option value='" . $rows['areacircle_circle'] . "'>" . $rows['circle_name'] . "</option>"; } } if ($act == "spot") { $circle_id = sqlReplace(trim($_POST['circle_id'])); $sql = "select spot_id,spot_name from " . WIIDBPRE . "_spot where spot_circle=" . $circle_id; $rs = mysql_query($sql); while ($rows = mysql_fetch_assoc($rs)) { $str .= "<option value='" . $rows['spot_id'] . "'>" . $rows['spot_name'] . "</option>"; } } echo $str;
<?php require_once "usercheck2.php"; $pw = sqlReplace(trim($_POST['pw'])); $newpw = sqlReplace(trim($_POST['newpw'])); $repw = sqlReplace(trim($_POST['repw'])); checkData($pw, '原密码', 1); checkData($newpw, '新密码', 1); if ($newpw != $repw) { alertInfo("两次密码不一致", "", 1); } $check_sql = "select user_password,user_salt from " . WIIDBPRE . "_user where user_id=" . $QIYU_ID_USER; $check_rs = mysql_query($check_sql); $check_row = mysql_fetch_assoc($check_rs); if (!$check_row) { alertInfo('非法用户', '', 1); } else { $oldpw = md5(md5($pw . $check_row['user_salt'])); if ($oldpw != $check_row['user_password']) { alertInfo('原密码输入不正确', '', 1); } else { $upd_sql = "update " . WIIDBPRE . "_user set user_password='******'user_salt'])) . "' where user_id=" . $QIYU_ID_USER; if (mysql_query($upd_sql)) { alertInfo('修改成功', 'usercenter.php', 0); } else { alertInfo('修改失败', '', 1); } } }
} break; case 'type': $id = sqlReplace(trim($_GET['id'])); $id = checkData($id, "ID", 0); $sql = "select * from qiyu_comment where comment_id=" . $id; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if (!$row) { alertInfo('您要审核的数据不存在', '', 1); } else { $sql2 = "update qiyu_comment set comment_type='1' where comment_id=" . $id; if (mysql_query($sql2)) { alertInfo('审核成功', '', 1); } else { alertInfo('审核失败,原因SQL出现异常', '', 1); } } break; case "savetime": $i = trim($_POST['i']); for ($x = 1; $x <= $i; $x++) { $id = $_POST['id' . $x]; $id = checkData($id, 'ID', 0); $time = $_POST['time' . $x]; $sql = "update " . WIIDBPRE . "_comment set comment_addtime='" . $time . "' where comment_id=" . $id; mysql_query($sql); } alertInfo('保存成功!', "", 1); break; }
<?php require_once "autoload.php"; // Vérifie qu'on a toutes les informations, mais ne vérifie pas le contenu function checkData() { return isset($_POST['id']) && isset($_POST['nom']) && isset($_POST['prénom']) && isset($_POST['tél']); } // Insertion d'un nouveau contact dans la base if (checkData()) { $contacts = new ContactsDAO(MaBD::getInstance()); $maj = new Contact(array('id' => $_POST['id'], 'nom' => $_POST['nom'], 'prénom' => $_POST['prénom'], 'tél' => $_POST['tél'])); $res = $contacts->update($maj); if ($res === 0) { echo json_encode(false); } else { echo json_encode(true); } } else { echo json_encode(false); }
public function get_game_list() { $gData = checkData($_GET); $gameArr = $this->getGameDataList(1); //var_dump($gameArr);exit(); $key = $gData['key']; if (empty($key)) { $gameData[0]['game_id'] = 0; $gameData[0]['game_name'] = ''; } else { $sql = "SELECT game_id,game_name_cn FROM app_new_game_info_detail WHERE game_name_cn LIKE'%" . $key . "%'"; $data = $this->db->find($sql); $gameData = array(); foreach ($data as $_k => $_v) { $gameData[$_k]['game_id'] = $_v['game_id']; $gameData[$_k]['game_name'] = $_v['game_name_cn']; } } $array['result'] = $gameData; echo json_encode($array); exit; }
function checkSession() { $user_res = getCurrUserInfo(); $user = $user_res['rows'][0]['id']; $query = 'SELECT * FROM "MapSessions" WHERE "LastAction" + INTERVAL \'30 MINUTES\' > NOW()'; $res = PQuery($query); $sesUserId = $res['rows'][0]['UserId']; if ($res['count'] > 0) { return $user == $sesUserId ? TRUE : FALSE; } else { checkData(); return TRUE; } return $res['count'] > 0 ? $user == $sesUserId ? TRUE : FALSE : TRUE; }
public function dept_del() { $gData = checkData($_GET); $id = $gData['id']; if ($id <= 0) { ajaxReturn('参数错误', 300); } $sql = "delete from system_dept where id={$id} or dept={$id}"; if ($this->db->query($sql)) { ajaxReturn('删除成功', 200); } else { ajaxReturn('删除失败', 300); } }