function bangding($fromUsername, $uid, $pwd)
{
$s = "SELECT `pwd` FROM `user_bangding` WHERE `uid` = '{$uid}'";
$res = _select_data($s);
$data = mysql_fetch_array($res);
if ($pwd == $data['pwd']) {
$sql = "UPDATE `user_bangding` SET `from_user` = '{$fromUsername}' WHERE `uid` = '{$uid}'";
$res = _update_data($sql);
if ($res == 1) {
echo "绑定成功 ↖点击此处返回";
} else {
echo "绑定" . $uid . "失败<br/>请重新绑定~";
}
} else {
echo "绑定失败,密码错误!!!<br/>请联系管理员";
}
}
<title>xxx</title>
<link href="./css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="./css/style.css" />
<style type="text/css">
body {
background: #ffffff url() top center no-repeat !important;
background-size:100% auto !important;
}
</style>
</head>
<body>
<?php
include_once './sql.php';
$user = $_GET["user"];
$n = $_GET["n"];
if ($n >= 0 && $n <= 100) {
$sql = "select fenshu from score where id = '{$user}'";
$result = _select_data($sql);
$m = mysql_fetch_array($result);
$q = $m['fenshu'];
if ($q != 0 && $q != 100) {
$sql = "UPDATE `score` SET `fenshu`= '{$n}' where id = '{$user}'";
_update_data($sql);
}
}
?>
<img src = "xxx" width="100%" >
</body>
</html>
public function responseMsg()
{
//get post data, May be due to the different environments
$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
//extract post data
if (!empty($postStr)) {
/* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,
the best way is to check the validity of xml by yourself */
libxml_disable_entity_loader(true);
$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
$fromUsername = $postObj->FromUserName;
$toUsername = $postObj->ToUserName;
$keyword = trim($postObj->Content);
$time = time();
$event = $postObj->Event;
$textTpl = "<xml>\n\t\t\t\t\t\t\t<ToUserName><![CDATA[%s]]></ToUserName>\n\t\t\t\t\t\t\t<FromUserName><![CDATA[%s]]></FromUserName>\n\t\t\t\t\t\t\t<CreateTime>%s</CreateTime>\n\t\t\t\t\t\t\t<MsgType><![CDATA[%s]]></MsgType>\n\t\t\t\t\t\t\t<Content><![CDATA[%s]]></Content>\n\t\t\t\t\t\t\t<FuncFlag>0</FuncFlag>\n\t\t\t\t\t\t\t</xml>";
$imageTpl = "<xml>\n\t\t\t\t\t\t\t<ToUserName><![CDATA[%s]]></ToUserName>\n\t\t\t\t\t\t\t<FromUserName><![CDATA[%s]]></FromUserName>\n\t\t\t\t\t\t\t<CreateTime>%s</CreateTime>\n\t\t\t\t\t\t\t<MsgType><![CDATA[news]]></MsgType>//消息类型为news(图文)\n\t\t\t\t\t\t\t<ArticleCount>1</ArticleCount>//图文数量为1(单图文)\n\t\t\t\t\t\t\t<Articles>\n\t\t\t\t\t\t\t<item>//第一张图文消息\n\t\t\t\t\t\t\t<Title><![CDATA[%s]]></Title> //标题\n\t\t\t\t\t\t\t<Description><![CDATA[%s]]></Description>//描述\n\t\t\t\t\t\t\t<PicUrl><![CDATA[%s]]></PicUrl>//打开前的图片链接地址\n\t\t\t\t\t\t\t<Url><![CDATA[%s]]></Url>//点击进入后显示的图片链接地址\n\t\t\t\t\t\t\t</item>\n\t\t\t\t\t\t\t</Articles>\n\t\t\t\t\t\t\t</xml> ";
if (!empty($event)) {
$gz[0] = " 欢迎使用微管理系统^_^";
$gz[1] = " 【绑定】- 输入关键词或数字\n [1]绑定角色 [2]修改角色\n [3]取消绑定";
$gz[2] = " 【签到】- 输入关键词或数字\n [4]进行签到 [5]查看签到";
$gz[3] = " 【信息】- 输入关键词或数字\n [6]查看信息 [7]更改状态";
$gz[4] = " 【请假】- 输入关键词或数字\n [8]申请请假 [9]审核请假\n [10]查看状态";
// $gz[5] = " 【任务】- 输入关键词或数字\n [11]发布任务 [12]查看任务";
$gz[5] = " 》》》》》 Tips 《《《《《\n 输入'0'、'首页'、'功能'、'菜单'\n 查看功能菜单";
$gz[6] = " Powered By Fan(毕设)";
$num = count($gz);
$gzTpl = "<xml>\n <ToUserName><![CDATA[%s]]></ToUserName>\n <FromUserName><![CDATA[%s]]></FromUserName>\n <CreateTime>%s</CreateTime>\n <MsgType><![CDATA[news]]></MsgType>\n <ArticleCount>{$num}</ArticleCount>\n <Articles>";
for ($i = 0; $i <= $num; $i++) {
$gzTpl .= "<item>\n <Title>{$gz[$i]}</Title>\n <Description></Description>\n <PicUrl><![CDATA[]]></PicUrl>\n <Url><![CDATA[]]></Url>\n </item>";
}
$gzTpl .= "</Articles>\n <FuncFlag>1</FunFlag>\n </xml>";
$resultStr = sprintf($gzTpl, $fromUsername, $toUsername, $time);
echo $resultStr;
}
$sql = "SELECT flag_id FROM user_flags WHERE from_user = '******'";
$result = _select_data($sql);
while ($rows = mysql_fetch_array($result)) {
$user_flag = $rows[flag_id];
}
if (trim($keyword) != $user_flag && is_numeric($keyword)) {
$user_flag = '';
$sql = "DELETE FROM user_flags WHERE from_user = '******'";
_delete_data($sql);
}
if (empty($user_flag)) {
// 功能
if ($keyword == '0' || $keyword == '功能' || $keyword == '首页' || $keyword == '菜单') {
$gz[0] = " 欢迎使用微管理系统^_^";
$gz[1] = " 【绑定】- 输入关键词或数字\n [1]绑定角色 [2]修改权限\n [3]取消绑定";
$gz[2] = " 【签到】- 输入关键词或数字\n [4]进行签到 [5]查看签到";
$gz[3] = " 【信息】- 输入关键词或数字\n [6]查看信息 [7]更改信息";
$gz[4] = " 【请假】- 输入关键词或数字\n [8]申请请假 [9]审核请假\n [10]查看状态";
// $gz[5] = " 【任务】- 输入关键词或数字\n [11]发布任务 [12]查看任务";
$gz[5] = " 》》》》》 Tips 《《《《《\n 输入'0'、'首页'、'功能'、'菜单'\n 查看功能菜单";
$gz[6] = " Powered By Fan(毕设)";
$num = count($gz);
$gzTpl = "<xml>\n <ToUserName><![CDATA[%s]]></ToUserName>\n <FromUserName><![CDATA[%s]]></FromUserName>\n <CreateTime>%s</CreateTime>\n <MsgType><![CDATA[news]]></MsgType>\n <ArticleCount>{$num}</ArticleCount>\n <Articles>";
for ($i = 0; $i <= $num; $i++) {
$gzTpl .= "<item>\n <Title>{$gz[$i]}</Title>\n <Description></Description>\n <PicUrl><![CDATA[]]></PicUrl>\n <Url><![CDATA[]]></Url>\n </item>";
}
$gzTpl .= "</Articles>\n <FuncFlag>1</FunFlag>\n </xml>";
$resultStr = sprintf($gzTpl, $fromUsername, $toUsername, $time);
echo $resultStr;
}
// 用户绑定对应角色
if ($keyword == '1' || $keyword == '绑定角色') {
$sql = "SELECT `uid` FROM `user_bangding` WHERE `from_user` = '{$fromUsername}'";
$result = _select_data($sql);
// 查找是否已存在信息
while ($rows = mysql_fetch_array($result)) {
$data = $rows['uid'];
}
if (empty($data)) {
$msgType = "text";
$contentStr = '<a href="http://wglpt.sinaapp.com/bd/bangding.php?openid=' . $fromUsername . '">点击绑定角色~</a>';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
} else {
$msgType = "text";
$contentStr = "用户" . $data . "已存在\n请重新绑定~";
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
}
// 用户修改权限
if ($keyword == '2' || $keyword == '修改权限') {
$sql = "SELECT * FROM `user_bangding` WHERE `from_user` = '{$fromUsername}'";
$res = _select_data($sql);
while ($rows = mysql_fetch_array($res)) {
$data = $rows['type'];
}
if ($data == 1) {
$msgType = "text";
$contentStr = '<a href="http://wglpt.sinaapp.com/bd/quanxian.php?openid=' . $fromUsername . '">点击进入修改权限~</a>';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
} else {
$msgType = "text";
$contentStr = "暂无权限!\n请联系管理员";
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
}
// 用户解除绑定
if ($keyword == '3' || $keyword == '解绑' || $keyword == '取消绑定') {
$sql = "SELECT * FROM `user_bangding` WHERE `from_user` = '{$fromUsername}'";
$res = _select_data($sql);
while ($rows = mysql_fetch_array($res)) {
$data = $rows['uid'];
}
if (!empty($data)) {
$sql1 = "UPDATE `user_bangding` SET `from_user` = '' WHERE `uid` = '{$data}'";
$res1 = _update_data($sql1);
if ($res1 == 1) {
$msgType = "text";
$contentStr = '解绑工号成功~';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
} else {
$msgType = "text";
$contentStr = '解绑工号失败!';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
} else {
$msgType = "text";
$contentStr = '未绑定工号!';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
}
// 用户签到
if ($keyword == '4' || $keyword == '进行签到') {
// 每天定时corn清空表
$sql = "SELECT `from_user` FROM `user_qiandao` WHERE `from_user` = '{$fromUsername}'";
$result = _select_data($sql);
// 查找是否已存在信息
while ($rows = mysql_fetch_array($result)) {
$data = $rows['from_user'];
}
if (empty($data)) {
// 签到时间为9点,8点开始
$time = strtotime("9:00:00") - time();
if ($time > 0 && $time < 3600) {
$sql = "INSERT INTO `user_qiandao` (`from_user`) values ('{$fromUsername}')";
$res = _insert_data($sql);
if ($res == 1) {
$msgType = "text";
$contentStr = "签到成功~";
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
} else {
$msgType = "text";
$contentStr = "签到失败\n请重新签到!";
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
} elseif ($time > 3600) {
$msgType = "text";
$contentStr = "还没到签到时间!";
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
} else {
// 添加迟到状态
$qtime = date("H:i:s");
$sql = "INSERT INTO `user_qiandao` (`from_user`, `late`, `time`) values ('{$fromUsername}', '1', '{$qtime}')";
$res = _insert_data($sql);
if ($res == 1) {
$msgType = "text";
$contentStr = "签到成功\n已迟到!";
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
} else {
$msgType = "text";
$contentStr = "签到失败\n请重新签到!";
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
}
} else {
$msgType = "text";
$contentStr = "你已签到!";
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
}
// 查看签到
if ($keyword == '5' || $keyword == '查看签到') {
$sql = "SELECT q.`late`, q.`time`, q.`from_user`, i.`uid`, i.`name` FROM `user_qiandao` q, `user_info` i WHERE q.`from_user` = i.`from_user`";
$res = _select_data($sql);
$v = '';
while ($rows = mysql_fetch_array($res)) {
if ($rows['late'] == '1') {
$late = '迟到';
} else {
$late = '正常';
}
$v .= $rows['uid'] . ' ---- ' . $rows['name'] . ' ---- ' . $late . ' ---- ' . $rows['time'] . "\n";
$title = "工号---姓名---状态---时间";
$PicUrl = "";
$Description = $v;
$Url = "";
$resultStr = sprintf($imageTpl, $fromUsername, $toUsername, $time, $title, $Description, $PicUrl, $Url);
echo $resultStr;
}
}
// 用户信息
if ($keyword == '6' || $keyword == '信息' || $keyword == '查看信息') {
// 先检查用户是否在职
$sql = "SELECT `state` FROM `user_info` WHERE `from_user` = '{$fromUsername}'";
$res = _select_data($sql);
$rows = mysql_fetch_array($res);
if ($rows['state'] == 1) {
// 开始读取用户列表
$sql = "SELECT * FROM `user_info`";
$res = _select_data($sql);
$v = '';
while ($rows = mysql_fetch_array($res)) {
if ($rows['state'] == 1) {
$state = '在职';
} else {
$state = '其他';
}
$v .= $rows['uid'] . ' ---- ' . $rows['name'] . ' ---- ' . $rows['job'] . ' ---- ' . $state . "\n";
}
$title = "工号---姓名---职务---状态";
$PicUrl = "";
$Description = $v;
$Url = "http://wglpt.sinaapp.com/yh/yhlb.php";
$resultStr = sprintf($imageTpl, $fromUsername, $toUsername, $time, $title, $Description, $PicUrl, $Url);
echo $resultStr;
} else {
$msgType = "text";
$contentStr = '对不起,你没有权限!';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
}
// 用户编辑
if ($keyword == '7' || $keyword == '更改信息' || $keyword == '更新状态' || $keyword == '信息编辑' || $keyword == '编辑信息') {
// 先检查用户是否在职
$sql = "SELECT `state` FROM `user_info` WHERE `from_user` = '{$fromUsername}'";
$res = _select_data($sql);
$rows = mysql_fetch_array($res);
if ($rows['state'] == 1) {
// 开始读取用户列表
$sql = "SELECT * FROM `user_info`";
$res = _select_data($sql);
$v = '';
while ($rows = mysql_fetch_array($res)) {
if ($rows['state'] == 1) {
$state = '在职';
} else {
$state = '其他';
}
$v .= $rows['uid'] . ' ---- ' . $rows['name'] . ' ---- ' . $state . "\n";
}
$title = "工号---姓名---状态";
$PicUrl = "";
$Description = $v;
$Url = "http://wglpt.sinaapp.com/yh/yhbj.php";
$resultStr = sprintf($imageTpl, $fromUsername, $toUsername, $time, $title, $Description, $PicUrl, $Url);
echo $resultStr;
} else {
$msgType = "text";
$contentStr = '对不起,你没有权限!';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
}
// 请假申请
if ($keyword == '8' || $keyword == '请假' || $keyword == '申请请假') {
$msgType = "text";
$contentStr = '<a href="http://wglpt.sinaapp.com/qj/qingjia.php?openid=' . $fromUsername . '">点击申请请假~</a>';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
// 请假审核
if ($keyword == '9' || $keyword == '审核请假' || $keyword == '请假审核') {
$msgType = "text";
$contentStr = '<a href="http://wglpt.sinaapp.com/qj/qjlb.php?openid=' . $fromUsername . '">点击进行请假审核~</a>';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
// 请假结果
if ($keyword == '10' || $keyword == '查看状态' || $keyword == '请假结果') {
// 先检查用户是否在职
$sql = "SELECT `state` FROM `user_info` WHERE `from_user` = '{$fromUsername}'";
$res = _select_data($sql);
$rows = mysql_fetch_array($res);
if ($rows['state'] == 1) {
// 开始读取用户列表
$sql = "SELECT * FROM `user_qingjia`";
$res = _select_data($sql);
$v = '';
while ($rows = mysql_fetch_array($res)) {
if ($rows['pass'] == 1) {
$pass = '******';
} else {
$pass = '******';
}
$v .= $rows['id'] . ' ---- ' . $rows['name'] . ' ---- [ ' . $rows['time'] . ' ~ ' . $rows['endtime'] . ' ] ---- ' . $pass . "\n";
}
$title = "请假序号---姓名---[ 开始时间 ~ 结束时间 ]---状态";
$PicUrl = "";
$Description = $v;
$Url = "";
$resultStr = sprintf($imageTpl, $fromUsername, $toUsername, $time, $title, $Description, $PicUrl, $Url);
echo $resultStr;
} else {
$msgType = "text";
$contentStr = '对不起,你没有权限!';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
}
// 请假审核
if ($keyword == '11' || $keyword == '任务分配' || $keyword == '任务设置') {
$msgType = "text";
$contentStr = '<a href="http://wglpt.sinaapp.com/rw/rwsz.php?openid=' . $fromUsername . '">点击进行任务分配~</a>';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
// 查看任务
if ($keyword == '12' || $keyword == '我的任务' || $keyword == '查看任务') {
// 先检查用户是否在职
$sql = "SELECT `uid`, `state` FROM `user_info` WHERE `from_user` = '{$fromUsername}'";
$res = _select_data($sql);
$rows = mysql_fetch_array($res);
$uid = $rows['uid'];
if ($rows['state'] == 1) {
// 开始读取用户列表
$sql = "SELECT * FROM `user_renwu` WHERE `uid` = '{$uid}'";
$res = _select_data($sql);
$v = '';
while ($rows = mysql_fetch_array($res)) {
if ($rows['state'] == 1) {
$state = '完成';
} else {
$state = '未完成';
}
$v .= $rows['id'] . ' ---- ' . $rows['name'] . ' ---- ' . $rows['time'] . ' ---- ' . $rows['endtime'] . ' ---- ' . $state . "\n";
}
$title = "任务序号---任务---开始时间---截止时间---状态";
//
$PicUrl = "";
$Description = $v;
$Url = "http://wglpt.sinaapp.com/rw/rwxq.php?uid={$uid}";
$resultStr = sprintf($imageTpl, $fromUsername, $toUsername, $time, $title, $Description, $PicUrl, $Url);
echo $resultStr;
} else {
$msgType = "text";
$contentStr = '对不起,你没有权限!';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
}
// 用户绑定对应角色
if ($keyword == '管理员登录') {
$msgType = "text";
$contentStr = '<a href="http://wglpt.sinaapp.com/login.php">管理页面~</a>';
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
} else {
echo "Input something...";
}
} else {
echo "";
exit;
}
}
</head>
<body>
<?php
/**
* Created by PhpStorm.
* User: Fancy
* Date: 15.12.9
* Time: 17:22
*/
require_once './sql.php';
if (isset($_POST["submit"])) {
$type = $_POST["type"];
$uid = $_POST['uid'];
$sql = "UPDATE `user_bangding` SET `type` = '{$type}' WHERE `uid` = '{$uid}'";
$res = _update_data($sql);
if ($res == 1) {
echo '<script> location.replace("./admin.php"); </script>';
} else {
echo "修改" . $uid . "失败<br/>请重新修改~";
}
exit;
}
$getuid = $_GET['uid'];
$sql = "SELECT * FROM `user_bangding` WHERE `uid` = '{$getuid}'";
$res = _select_data($sql);
$rows = mysql_fetch_array($res);
?>
<div class="container">
<form action="http://wglpt.sinaapp.com/adminEdit.php" method="post">
public function responseMsg()
{
//get post data, May be due to the different environments
$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
//extract post data
if (!empty($postStr)) {
$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
$fromUsername = $postObj->FromUserName;
$toUsername = $postObj->ToUserName;
$keyword = trim($postObj->Content);
$time = time();
$event = $postObj->Event;
$textTpl = "<xml>\n <ToUserName><![CDATA[%s]]></ToUserName>\n <FromUserName><![CDATA[%s]]></FromUserName>\n <CreateTime>%s</CreateTime>\n <MsgType><![CDATA[text]]></MsgType>\n <Content><![CDATA[%s]]></Content>\n </xml>";
$newsTpl1 = "<xml>\n <ToUserName><![CDATA[%s]]></ToUserName>\n <FromUserName><![CDATA[%s]]></FromUserName>\n <CreateTime>%s</CreateTime>\n <MsgType><![CDATA[news]]></MsgType>\n <ArticleCount>1</ArticleCount>\n <Articles>\n <item>\n <Title><![CDATA[xxx]]></Title>\n <Description><![CDATA[xxx]]></Description>\n <PicUrl><![CDATA[http://xxx/images/fm.jpg]]></PicUrl>\n <Url><![CDATA[http://xxx/index.php?openid=" . $postObj->FromUserName . "]]></Url>\n </item>\n </Articles>\n </xml> ";
if (!empty($event)) {
$sql = "insert into score (`id`,`fenshu`,`paiming`) VALUES ('{$fromUsername}',1,0)";
_insert_data($sql);
$resultStr = sprintf($newsTpl1, $fromUsername, $toUsername, $time);
echo $resultStr;
}
if (empty($user_flag)) {
if ($keyword == "xx") {
$sql = "SELECT fenshu FROM score WHERE id = '{$fromUsername}'";
$result = _select_data($sql);
$n = mysql_fetch_array($result);
$q = $n['fenshu'];
if ($q == 100) {
$sql = "SELECT paiming FROM score WHERE id='{$fromUsername}'";
$result = _select_data($sql);
$n = mysql_fetch_array($result);
$p = $n['paiming'];
//$contentStr=$p;
if ($p == 0) {
$sql = "SELECT count(id) as shu FROM score WHERE fenshu = '100'";
$result = _select_data($sql);
$n = mysql_fetch_array($result);
$q = $n['shu'];
// $n=mysql_fetch_array($result);
//$q = $n['fenshu'];
//$contentStr=$q;
$contentStr = 'xxx';
$sql = "UPDATE `score` SET `paiming`= '{$q}' where id = '{$fromUsername}'";
_update_data($sql);
} else {
$contentStr = 'xxx';
}
} else {
if ($q == 0) {
$contentStr = 'xxx';
} else {
$contentStr = 'xxx';
}
}
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $contentStr);
echo $resultStr;
}
if (!empty($sql)) {
_insert_data($sql);
}
} else {
}
} else {
echo "";
exit;
}
}
