<?php require 'func/base.php'; require 'func/sql.class.php'; $sqlhelper = new func\SqlHelper(); $uname = $sqlhelper->getSql($_POST['username']); $pwd = $sqlhelper->getSql($_POST['pwd']); $email = $sqlhelper->getSql($_POST['email']); $age = $sqlhelper->getSql($_POST['age']); $role = $sqlhelper->getSql($_POST['role']); $sql = "insert into users(name,pwd,email,tel,age,role) values('{$uname}','{$pwd}','{$email}','{$tel}',{$age},{$role})"; if ($sqlhelper->update($sql)) { $sql = "select id,name from users where name = '{$uname}'"; $ret = $sqlhelper->query($sql); if ($role == 1) { $_SESSION[SESSION_UER_ID] = $ret[0]['id']; $_SESSION[SESSION_UER_NAME] = $ret[0]['name']; header("Location: index.php"); } else { header("Location: index.php"); } } else { error_log($sqlhelper->sqlerror); header("Location: regedit.php"); }
require 'func/base.php'; require 'func/sql.class.php'; $userid = $_SESSION[SESSION_UER_ID]; $sqlhelper = new func\SqlHelper(); $event = $_POST["event"]; if ($event == "loadPage") { $name = $_POST["name"]; $tel = $_POST["tel"]; $email = $_POST["email"]; $age = $_POST["age"]; $type = $_POST["type"]; $page = (int) $_POST["page"]; $sql = " select * from users u where not exists(select 1 from usership s where s.userid = {$userid} and s._userid=u.id) and id <> {$userid} "; if (!empty($name)) { $sql = $sql . "and name like '%" . $sqlhelper->getSql($name) . "%'"; } if (!empty($tel)) { $sql = $sql . "and tel like '%" . $sqlhelper->getSql($tel) . "%'"; } if (!empty($email)) { $sql = $sql . "and email like '%" . $sqlhelper->getSql($email) . "%'"; } if (!empty($age)) { if ($age == 1) { $sql = $sql . ' and age <=18 '; } elseif ($age == 2) { $sql = $sql . ' and age >18 and age <=30 '; } elseif ($age == 3) { $sql = $sql . ' and age >30 and age <=40 '; } elseif ($age == 4) {
<?php require 'func/base.php'; require 'func/sql.class.php'; $type = $_POST["type"]; $userid = $_SESSION[SESSION_UER_ID]; $sqlhelper = new func\SqlHelper(); if ($type == "send") { $ruserid = $_POST["ruserid"]; $content = $_POST["content"]; $content = htmlspecialchars($content); // 取消html特殊字符,当文本显示 $sql = "insert into chat_log(suser_id,ruser_id,content,cdate,issread,isrread) values({$userid},{$ruserid},'" . $sqlhelper->getSql($content) . "',now(),1,1)"; if ($sqlhelper->update($sql)) { $ret = array("code" => 0, "data" => "ok"); echo json_encode($ret); } else { $ret = array("code" => 1, "data" => "更新错误" . $sqlhelper->sqlerror); echo json_encode($ret); } } elseif ($type == "slist") { $beg = time(); $isall = $_POST["isall"]; $isnorun = $_POST["isnorun"]; $ruserid = $_POST["ruserid"]; $users = getUserOnline($userid); $recs = null; $lists = null; dojump($userid); // 更新最近发送请求的时间 $lists = getListInfo($userid, $ruserid);
<?php require 'func/base.php'; require 'func/sql.class.php'; $sqlhelper = new func\SqlHelper(); $username = $sqlhelper->getSql($_POST['username']); $pwd = $sqlhelper->getSql($_POST['pwd']); $sql = "select max(id) id from users where name = '{$username}' and pwd = '{$pwd}' and role=1"; $ret = $sqlhelper->query($sql); if ($ret && $ret[0]['id']) { $_SESSION[SESSION_UER_NAME] = $username; $_SESSION[SESSION_UER_ID] = $ret[0]['id']; header("Location: index.php"); } else { error_log($sqlhelper->sqlerror); header("Location: login.php"); }