function check_profile() { global $_POST; global $CONST; if (isset($_POST["question"]) && filter_var($_POST["question"], FILTER_VALIDATE_REGEXP, array("options" => array('regexp' => "/^{$_SESSION["level"]}[1-{$CONST["questions"]}]\$/")))) { return check_question($_POST["question"]); } else { if (isset($_POST["advance"]) && filter_var($_POST["advance"], FILTER_VALIDATE_REGEXP, array("options" => array('regexp' => "/^[a-z\\d]+\$/i")))) { return check_level($_POST["advance"]); } else { return NULL; } } }
function upload_question($strs, $time, $array) { global $_W; //print_r($array);exit; $question_type = $strs[0]; $level = $strs[1]; $question = $strs[2]; $answer = $strs[3]; $answer1 = $strs[4]; $answer2 = $strs[5]; $answer3 = $strs[6]; $answer4 = $strs[7]; $answer5 = $strs[8]; $answer6 = $strs[9]; $explain = $strs[10]; $row_num = $array['row_num']; $insert = array(); //$insert['userid'] = $userid; if (empty($question_type) || empty($question) || empty($answer)) { return 0; } switch ($question_type) { case '单选题': $type = 2; $insert['answer'] = $answer; break; case '多选题': $type = 3; $insert['answer'] = $answer; break; case '判断题': $type = 1; if ($answer == '正确') { $insert['answer'] = 1; } else { $insert['answer'] = 0; } break; } if ($type > 1) { $answer_array = array($answer1, $answer2, $answer3, $answer4, $answer5, $answer6); $insert['items'] = serialize($answer_array); } $insert['type'] = $type; $insert['question'] = $row_num . "------" . $question; $flag = check_question($insert, 0); if ($flag == 0) { if (!empty($array['poolid'])) { $insert['poolid'] = $array['poolid']; } $insert['level'] = $level; $insert['explain'] = $explain; $insert['weid'] = $_W['weid']; pdo_insert('ewei_exam_question', $insert); } }
mysqli_query($db_connection, $result); $_SESSION["question"] = ""; mysqli_close($db_connection); header("Location: ./profile.php"); die; } function check_question() { global $_POST; if (isset($_POST["answer"])) { return check_answer($_POST["answer"]); } else { return NULL; } } $wrong_msg = check_question(); unset($_POST); $query = "SELECT * FROM `Questions` AS `Q` " . "LEFT JOIN `Questions-{$_SESSION["username"]}` AS `Q-U` ON `Q-U`.`Question ID`=`Q`.`Question ID` " . "WHERE `Q`.`Question ID` = '{$_SESSION["question"]}';"; $question = mysqli_fetch_array(mysqli_query($db_connection, $query)); ?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>NJATH - Question</title> <link href="question.css" rel="stylesheet" type="text/css" /> <link href="navbar.css" rel="stylesheet" type="text/css" /> </head>
foreach ($current_round_questions as $question) { $q_ids[] = $question->id; } $shown_questions = array(); // this array contain numbers of questions that were shown // if we have array in session we assign it to the array $shown_questions isset($_SESSION['q_array']) ? $shown_questions = $_SESSION['q_array'] : false; $question_number = rand(1, $num_questions - 1); // we randomly pick question // function checks if this question number is in the $shown_questions array function check_question($q, $a) { return in_array($q, $a); } // while expression is true, meaning we already chosen this question, we pick another one until the statement is false while (check_question($question_number, $shown_questions)) { $question_number = rand(1, $num_questions - 1); // we pick random number from all questions } $shown_questions[] = $question_number; // here we put the question into array so that we know which questions were shown previously sort($shown_questions); //echo "ilość pytań: " . $num_questions . " "; //echo "wylosowany numer: " . $question_number . " "; //echo "shown_questions: " . count($shown_questions) . " "; // we store the array of shown questions in the session so that it can be retrieved when this pages loads next time $_SESSION['q_array'] = $shown_questions; //print_r( $_SESSION['q_array'] ); // adds to the total number of questions isset($_SESSION['question_number']) ? $_SESSION['question_number']++ : ($_SESSION['question_number'] = 0); // display question
exit('管理员关闭了注册功能,请不要非法注册'); } //为防止恶意注册,跨站攻击 check_code($_POST['code'], $_SESSION['code']); //引入验证文件 include ROOT_PATH . 'includes/check.func.php'; //创建空数组,用来存放提交的合法数据 $clean = array(); //可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等。 //唯一标识符第二个作用,登录cookie验证 $clean['uniqid'] = check_uniqid($_POST['uniqid'], $_SESSION['uniqid']); //active也是唯一标识符,用来给刚注册的用户做激活处理用,不然也不能登录 $clean['active'] = sha1_uniqid(); $clean['username'] = check_username($_POST['username'], 2, 20); $clean['password'] = check_password($_POST['password'], $_POST['aginePassword'], 6); $clean['question'] = check_question($_POST['question'], 2, 20); $clean['answer'] = check_answer($_POST['question'], $_POST['answer'], 2, 20); $clean['sex'] = check_sex($_POST['sex']); $clean['photo'] = check_photo($_POST['photo']); $clean['email'] = check_email($_POST['email'], 6, 40); $clean['qq'] = check_qq($_POST['qq']); $clean['url'] = check_url($_POST['url'], 40); //新增用户之前,判断用户名是否重复 is_repeat("SELECT bbs_username FROM bbs_users WHERE bbs_username='******'username']}' LIMIT 1", '对不起,该用户名已被注册'); //新增用户 //在双引号里面直接方变量可以$username,但如果是数组,就必须加一个花括号 query("INSERT INTO bbs_users (\n bbs_uniqid,\n bbs_active,\n bbs_username,\n bbs_password,\n bbs_question,\n bbs_answer,\n bbs_sex,\n bbs_photo,\n bbs_email,\n bbs_qq,\n bbs_url,\n bbs_reg_time,\n bbs_last_time,\n bbs_last_ip\n ) \n VALUES (\n '{$clean['uniqid']}',\n '{$clean['active']}',\n '{$clean['username']}',\n '{$clean['password']}',\n '{$clean['question']}',\n '{$clean['answer']}',\n '{$clean['sex']}',\n '{$clean['photo']}',\n '{$clean['email']}',\n '{$clean['qq']}',\n '{$clean['url']}',\n NOW(),\n NOW(),\n '{$_SERVER["REMOTE_ADDR"]}'\n )"); if (affected_rows() == 1) { //获取刚刚新增的id $clean['id'] = mysql_insert_id(); //关闭数据库
if (!empty($global_clean['code'])) { //如果关闭了验证码验证 if (!($_POST['code'] == $_SESSION['code'])) { location('验证码错误,请重新输入!', 'member_modify.php'); } } include 'includes/register.fun.php'; //引入验证函数库 $clean = array(); //运行验证username的函数check_username(); // echo $_POST['uniqid'].'<br />'.$_SESSION['uniqid'].'<br />'; // $clean['uniqid'] = check_uniqid($_POST['uniqid'],$_SESSION['uniqid']); $clean['active'] = sha1(uniqid(rand(), true)); $clean['username'] = check_username($_POST['username']); $clean['password'] = check_password($_POST['password'], $_POST['yespassword']); $clean['question'] = check_question($_POST['question']); $clean['answer'] = check_answer($_POST['question'], $_POST['answer']); $clean['sex'] = check_sex($_POST['sex']); $clean['face'] = check_face($_POST['face']); $clean['email'] = check_email($_POST['email']); $clean['qq'] = check_qq($_POST['qq']); $clean['url'] = check_url($_POST['url']); //插入之前要判断是否存在相同的用户名 $query = mysql_query("select username from user where username='******'username']}'"); if (is_array(mysql_fetch_array($query, MYSQL_ASSOC))) { echo "<script type='javascript'>alert('用户名已经存在,请重新注册!');history.back();</script>"; exit; } mysql_query("insert into user \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t(active,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tusername,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tpassword,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tquestion,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tanswer,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tsex,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tface,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\temail,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tqq,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\turl,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\treg_time,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tlast_time,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tlast_ip\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t\t values \r\n\t\t\t\t\t\t\t\t\t\t\t('{$clean['active']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['password']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['question']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['answer']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['sex']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['face']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['email']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['qq']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['url']}',\r\n\t\t\t\t\t\t\t\t\t\t\tnow(),\r\n\t\t\t\t\t\t\t\t\t\t\tnow(),\r\n\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}'\r\n\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t ") or die('数据库插入出错' . mysql_error()); //判断是否插入成功,用mysql_affected_row()进行判断 if (mysql_affected_rows() == 1) {