/**
+--------------------------------------------------
* 生成图片缩略图
+--------------------------------------------------
*/
public function img_thumb()
{
$gData = checkData($_GET);
$w = $gData['w'] + 0;
$h = $gData['h'] + 0;
$allow_width = array(300, 720);
$allow_height = array(168, 405);
if (!in_array($w, $allow_width)) {
die(json_encode(array('code' => -201, "msg" => "参数错误")));
}
if (!in_array($h, $allow_height)) {
die(json_encode(array('code' => -202, "msg" => "参数错误")));
}
$img_path = substr(HTML_PATH, 0, -1);
///images/videos/14999572630/screenshot/1d1c67cd5c1926a6e379fb78c711b87b_360X640.png
$img_file = MD5(xxx);
if (!file_exists($img_file)) {
//生成图片
} else {
//读取图片
}
// $this->img_operate->open($img_path.$addData['pic_url']);
// if ($this->img_operate->width() == '135' && $this->img_operate->height() == '135') {
// $this->img_operate->save(HTML_PATH . '/images/videos/' . $_v['video_id'] . '/yingyongbao/', $imageName);
// } else {
// $this->img_operate->thumb(300, 300, 3)->save(HTML_PATH . '/images/videos/' . $_v['video_id'] . '/yingyongbao/', $imageName);
// $this->img_operate->open(HTML_PATH . '/images/videos/' . $_v['video_id'] . '/yingyongbao/' . $imageName);
// $this->img_operate->thumb(135, 135, 1)->save(HTML_PATH . '/images/videos/' . $_v['video_id'] . '/yingyongbao/', $imageName);
// }
//
// $this->img_operate->thumb(300, 300, 3)->save(HTML_PATH . '/images/videos/' . $_v['video_id'] . '/yingyongbao/', $imageName);
// $this->img_operate->open(HTML_PATH . '/images/videos/' . $_v['video_id'] . '/yingyongbao/' . $imageName);
}
/** markdown格式接口 */
public function develop_public()
{
$gData = checkData($_GET);
$int_opt = $gData['int_opt'];
if (!$int_opt) {
ajaxReturn('非法操作[缺少必须参数]', 300);
}
//样式
echo '<style>
.markdown-here-wrapper h1{ font-size: 20px; font-weight:bold; margin-top: 10px;}
.markdown-here-wrapper h2{ font-size: 18px; font-weight:bold; margin-top: 10px;}
.markdown-here-wrapper h3{ font-size: 16px; font-weight:bold; margin-top: 10px;}
.markdown-here-wrapper table{ border-collapse: collapse; border: 1px solid yellowgreen;}
.markdown-here-wrapper th { vertical-align: baseline; border: 1px solid yellowgreen; font-weight:bold; font-size: 18px;}
.markdown-here-wrapper td { vertical-align: middle; border: 1px solid yellowgreen; font-size: 18px;}
.markdown-here-wrapper tr { border: 1px solid yellowgreen;}
.markdown-here-wrapper p a{font-size: 16px;}
</style>';
$output = $text = file_get_contents(MODULE_PATH . 'develop_info/' . $int_opt . '.md');
$parser = new MarkdownExtra();
$my_html = $parser->transform($output);
$this->s->assign('my_html', $my_html);
$this->s->display('interface_admin/interface_list.html');
}
/** 用户登录 */
public function login()
{
$pData = checkData($_POST);
$AdminUserTable = $this->OperateTable['AdminUserTable'];
$AdminRoleTable = $this->OperateTable['AdminRoleTable'];
$user_name = $pData['user_name'];
$user_pass = $pData['user_pass'];
$verify_code = $pData['verify_code'];
//已经登录,跳转到管理首页
$user_id = !empty($_SESSION['user_id']) ? $_SESSION['user_id'] : 0;
if ($user_id) {
toUrl('INDEX');
}
if ($user_name && !$user_pass) {
$this->s->assign('error', '请同时输入账号、密码和动态密码');
}
if ($pData) {
if (MD5($verify_code) != $_SESSION['verify_code']) {
$this->s->assign('error', '验证码错误!');
$this->s->display('admin/login.html');
exit;
}
}
if ($pData && $user_name && $user_pass) {
/*
//获取密保key
$sql = "SELECT mb_key FROM $AdminUserTable WHERE user_name='{$user_name}' AND status=1";
$userData = $this->db->get($sql);
$mb_key = $userData['mb_key'];
$pass = MD5(MD5($mb_key . $user_pass));
*/
$pass = MD5($user_pass);
$sql = "SELECT user_id,user_name,role_id,auth FROM {$AdminUserTable} WHERE user_name='{$user_name}' AND user_pass='******' AND status=1";
$data = $this->db->get($sql);
if ($data) {
$ip = $_SERVER['REMOTE_ADDR'];
$ltime = time();
$login_sql = "UPDATE {$AdminUserTable} SET lastlogin_ip='{$ip}',lastlogin_time={$ltime},login_times=login_times+1 WHERE user_name='" . $data['user_name'] . "'";
$this->db->query($login_sql);
$_SESSION['user_id'] = array('user_id' => $data['user_id'], 'user_name' => $data['user_name']);
//权限记录[菜单操作权限]
if ($data['user_id'] == 1) {
//超级管理员,所有权限
$_SESSION['user_id']['actionid'] = 'all';
} else {
//权限组权限+用户单独权限
$auth_sql = "SELECT auth FROM {$AdminRoleTable} WHERE role_id=" . $data['role_id'];
$auth_data = $this->db->get($auth_sql);
$_SESSION['user_id']['actionid'] = array_merge((array) unserialize($data['auth']), (array) unserialize($auth_data['auth']));
}
toUrl('INDEX');
//跳转至首页
} else {
$this->s->assign('error', "账号或密码错误");
}
}
$this->s->display('admin/login.html');
}
function checkEmail($email)
{
global $errors;
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors['email'] = "Invalid email format";
}
return checkData($email);
}
/** 左侧菜单栏[横向导航条] */
public function left()
{
$getData = checkData($_GET);
//管理菜单
$mid = !empty($getData['mid']) ? $getData['mid'] : 2;
//默认管理游戏盒子
$menuData = $this->leftMenu($mid);
$this->s->assign('menuData', $menuData);
$this->s->display('system/leftMenu.html');
}
function checkData($data)
{
if (is_array($data)) {
foreach ($data as $key => $v) {
$data[$key] = checkData($v);
}
} else {
$data = getStr($data);
}
return $data;
}
/**
*更新bid
*/
public function deleteBid()
{
$pData = checkData($_REQUEST);
$id = $pData['id'];
if (!$id) {
ajaxReturn('不能为空', 300);
}
$delete_sql = "DELETE FROM waplog.`wap_bid_list` where id={$id}";
if ($this->db->query($delete_sql)) {
ajaxReturn('删除成功', 200);
} else {
ajaxReturn('删除失败', 300);
}
/*
$id = $gData['id'];
$sql = "select * from waplog.`wap_bid_list` WHERE id={$id}";
$data = $this->db->get($sql);
$this->s->assign('result', $data);*/
}
if (empty($userID2)) {
alertInfo('短信未配置,请配置', "site_sms.php", 0);
}
$tags = sqlReplace(trim($_POST['receiver']));
//收件人
$tags = str_replace(';', ';', $tags);
$tags = str_replace('#', '', $tags);
$tags = str_replace('$', '', $tags);
//$total=sqlReplace(trim($_GET['total']));//此次发送的数量
$emailstr = sqlReplace(trim($_POST['receiver']));
//收件人
$emailstr = str_replace(';', ';', $emailstr);
$content = sqlReplace(trim($_POST['fbContent']));
//短信内容
checkData($emailstr, '收件人', 1);
checkData($content, '短信内容', 1);
//对收件人$emailstr进行处理
$alltel = '';
$tgs = '';
if ($emailstr) {
$emailarr = explode(';', $emailstr);
$i = 0;
$j = 0;
$total = 0;
foreach ($emailarr as $t) {
if ($t) {
$email = '';
$tg = '';
//if(preg_match('/#(.*?)#/',$t,$info)){
$substr_t = substr($t, 0, 1);
if ($substr_t == '#') {
<?php /** * userorderscore2.php */ require_once "usercheck2.php"; $POSITION_HEADER = "用户中心"; $id = sqlReplace(trim($_GET['id'])); checkData($id, 'id', 1); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="style.css" type="text/css"/> <link rel="icon" href="<?php echo $imgstr2; ?> " type="image/x-icon" /> <link rel="shortcut icon" href="<?php echo $imgstr2; ?> " type="image/x-icon" /> <script src="js/jquery-1.3.1.js" type="text/javascript"></script> <script src="js/addbg.js" type="text/javascript"></script> <script src="js/tab.js" type="text/javascript"></script> <title> 用户中心 - <?php echo $SHOP_NAME; ?> - <?php echo $powered;
<?php
/**
* shopreg_do.php
*/
require_once "../include/dbconn.php";
$act = sqlReplace(trim($_GET['act']));
switch ($act) {
case "login":
$account = sqlReplace(trim($_POST['account']));
$pwd = sqlReplace(trim($_POST['pw']));
checkData($account, '用户名', 1);
checkData($pwd, '密码', 1);
$code = sqlReplace(trim($_POST["imgcode"]));
//验证码
if (empty($code)) {
alertInfo('验证码不能为空', "", 1);
}
if ($code != $_SESSION['imgcode']) {
alertInfo('验证码不正确,请检查!', "", 1);
}
$sql = "select * from qiyu_shop where shop_account='" . $account . "'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$salt = $rows['shop_salt'];
$pw = md5(md5($pwd) . $salt);
$sqlStr = "select * from qiyu_shop where shop_account='" . $account . "' and shop_password='******'";
$rs_r = mysql_query($sqlStr);
$row = mysql_fetch_assoc($rs_r);
if ($row) {
$pw = sqlReplace($_POST['pw']);
$repw = sqlReplace($_POST['repw']);
$vCode = sqlReplace($_POST['vcode']);
//$code = sqlReplace($_POST['a']);
$agree = sqlReplace($_POST['agree']);
$p = empty($_GET['p']) ? '' : sqlReplace(trim($_GET['p']));
//从订单页来的标示
$shopID = empty($_GET['shopID']) ? '0' : sqlReplace(trim($_GET['shopID']));
$shopSpot = empty($_GET['shopSpot']) ? '0' : sqlReplace(trim($_GET['shopSpot']));
$shopCircle = empty($_GET['shopCircle']) ? '0' : sqlReplace(trim($_GET['shopCircle']));
$savesession = $phone . ',' . $agree;
//存session
$_SESSION['reginfo1'] = $savesession;
checkData($phone, '手机号', 1);
checkData($pw, '密码', 1);
checkData($repw, '确认密码', 1);
if ($pw != $repw) {
alertInfo("两次输入的密码不同", "userreg.php", 0);
}
/*
if ($vCode!=$code){
alertInfo("验证码错误","",1);
} */
if ($vCode != $_SESSION["imgcode"]) {
alertInfo("验证码错误", "", 1);
}
if (empty($agree) && $site_isshowprotocol == '1') {
alertInfo("请选择同意协议", "", 1);
}
//检查手机的存在
$sqlStr = "select user_id from qiyu_user where user_phone='" . $phone . "'";
define('BASE_PATH', dirname(__FILE__) . DIRECTORY_SEPARATOR . '../../' . DIRECTORY_SEPARATOR);
define('MODULE_PATH', BASE_PATH . 'modules' . DIRECTORY_SEPARATOR);
//模块文件夹地址
define('MODEL_PATH', BASE_PATH . 'model' . DIRECTORY_SEPARATOR);
//模型文件夹地址
define('CLASS_PATH', BASE_PATH . 'common/libs/classes' . DIRECTORY_SEPARATOR);
//公共类文件夹地址
define('FUNC_PATH', BASE_PATH . 'common/libs/functions' . DIRECTORY_SEPARATOR);
//公共函数文件夹地址
define('CACHE_PATH', BASE_PATH . 'caches' . DIRECTORY_SEPARATOR);
//缓存文件夹路径
require_once FUNC_PATH . 'global.func.php';
require_once CLASS_PATH . 'mysql.class.php';
require_once CLASS_PATH . 'tpl.class.php';
require_once CLASS_PATH . 'Base.class.php';
$getData = checkData($_GET);
$module = 'v3';
if (isset($_SERVER["PATH_INFO"])) {
list($n, $c, $a) = explode('/', $_SERVER["PATH_INFO"]);
$control = empty($c) ? 'index' : strtolower($c);
$action = empty($a) ? 'index' : strtolower($a);
} else {
$control = !empty($getData['c']) ? $getData['c'] : 'index';
$action = !empty($getData['a']) ? $getData['a'] : 'index';
}
$controlFile = MODULE_PATH . $module . DIRECTORY_SEPARATOR . $control . '.php';
if (!file_exists($controlFile)) {
die('Forbidden!');
}
require_once $controlFile;
$name = '\\modules\\' . $module . '\\' . $control;
<?php
//our control
//form_catcher.php
require 'model/model.php';
function getPostTime()
{
return date("Y-m-d h:i:s", time());
}
function checkData()
{
$data_array = null;
if (isset($_POST['username']) && isset($_POST['message'])) {
if ($_POST['username'] != "" && $_POST['message'] != "") {
$data_array = array("username" => $_POST['username'], "message" => $_POST['message'], "time" => getPostTime());
}
}
return $data_array;
}
if ($data_array = checkData()) {
writeToFile($data_array);
}
header("Location: index.php");
<?php
/**
* demand.php 提交需求
*/
require 'include/dbconn.php';
$content = sqlReplace(trim($_GET['content']));
checkData($content, '内容', 1);
$ip = $_SERVER['REMOTE_ADDR'];
$sql = "insert into " . WIIDBPRE . "_demand(demand_content,demand_addtime,demand_ip) values('" . $content . "',now(),'" . $ip . "')";
$rs = mysql_query($sql);
if (!$rs) {
//alertInfo('此收藏已不存在',"usercenter.php?tab=4",0);
echo '未知原因,提交失败';
} else {
echo '感谢您的关注,我们会尽快开发您周边的餐厅';
}
/** 修改帐号密码 */
public function chang_user_pass()
{
$pData = checkData($_POST);
$AdminUserTable = $this->OperateTable['AdminUserTable'];
$user_name = $_SESSION['user_id']['user_name'];
$user_id = $_SESSION['user_id']['user_id'];
if ($user_name == 'weedong91admin' || $user_id == 1) {
ajaxReturn('不能修改超级管理员帐号密码', 300);
}
$info_sql = "SELECT user_id,user_pass,user_name FROM {$AdminUserTable} WHERE user_id={$user_id} LIMIT 1";
$infoData = $this->db->get($info_sql);
$uData['user_id'] = $infoData['user_id'];
$uData['user_name'] = $infoData['user_name'];
$uData['user_pass'] = $infoData['user_pass'];
if ($user_name != $uData['user_name'] || $user_id != $uData['user_id']) {
ajaxReturn('非法操作[!!!]', 300);
}
if ($pData) {
/*$old_pass = MD5(MD5($pData['old_pass']));
$user_pass = MD5(MD5($pData['user_pass']));
$auth_pass = MD5(MD5($pData['auth_pass']));*/
$old_pass = MD5($pData['old_pass']);
$user_pass = MD5($pData['user_pass']);
$auth_pass = MD5($pData['auth_pass']);
if ($user_pass != $auth_pass) {
ajaxReturn('两次密码输入不同,请重新输入', 300);
}
if ($old_pass != $uData['user_pass']) {
ajaxReturn('您的旧密码错误,请重新输入', 300);
}
$sql = "UPDATE {$AdminUserTable} SET user_pass='******' WHERE user_id=" . $uData['user_id'] . " AND user_pass='******'user_pass'] . "' LIMIT 1";
if ($this->db->query($sql)) {
$this->setLog('修改用户密码{' . $user_name . '}成功!');
$back_json = '{
"statusCode":"200",
"message":"修改用户密码{' . $user_name . '}成功!",
"callbackType":"closeCurrent"
}';
echo $back_json;
exit;
} else {
$this->setLog('修改用户密码{' . $user_name . '}失败!');
ajaxReturn('修改用户密码{' . $user_name . '}失败!', 300);
}
}
$this->s->assign('uData', $uData);
$this->s->display('admin/chang_user_pass.html');
}
$content = str_replace("'", "'", $content);
$content = str_replace("<br />", "</p><p>", $content);
//检验数据的合法性
checkData($title, '标题', 1);
$sql = "select * from " . WIIDBPRE . "_about where about_id=" . $id;
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if (!$row) {
alertInfo('非法操作', 'about_list.php', 0);
} else {
$sql2 = "update " . WIIDBPRE . "_about set about_title='" . $title . "',about_type='" . $type . "',about_content='" . $content . "' where about_id=" . $id;
if (mysql_query($sql2)) {
alertInfo('修改成功', 'about.php', 0);
} else {
alertInfo('修改失败,原因SQL出现异常', 'about.php', 0);
}
}
break;
case "save":
$i = trim($_POST['i']);
for ($x = 1; $x <= $i; $x++) {
$id = $_POST['id' . $x];
$id = checkData($id, 'ID', 0);
$order = $_POST['order' . $x];
$order = checkData($order, 'ID', 0);
$sql = "update " . WIIDBPRE . "_about set about_order=" . $order . " where about_id=" . $id . "";
mysql_query($sql);
}
alertInfo('保存成功!', "about.php", 0);
break;
}
$sql2 = "update qiyu_order set order_status='1' where order_id=" . $id . " and order_status='0'";
if (mysql_query($sql2)) {
//添加订单记录
$orderContent = "<span class='greenbg'><span><span>我们正在下单</span></span></span>";
$orderContent .= "亲,大厨正在努力烹制美味的食物,请耐心等待!";
addOrderType($order, HTMLEncode($orderContent));
alertInfo('确定成功', 'userorder.php?key=' . $key . $url, 0);
} else {
alertInfo('确定失败,原因SQL出现异常', 'userorder.php?key=' . $key . $url, 0);
}
}
break;
case 'finish':
$id = sqlReplace(trim($_GET['id']));
$key = sqlReplace(trim($_GET['key']));
$id = checkData($id, "ID", 0);
$sql = "select * from qiyu_order where order_id=" . $id . " and order_status='1'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if (!$row) {
alertInfo('订单不存在', 'userorder.php?key=' . $key . $url, 0);
} else {
$order = $row['order_id2'];
$sql2 = "update qiyu_order set order_status='4' where order_id=" . $id . " and order_status='1'";
if (mysql_query($sql2)) {
//添加订单记录
$orderContent = "<span class='greenbg'><span><span>订单已完成</span></span></span>";
$orderContent .= "亲,享受美味的时候,别忘了继续光顾" . $SHOP_NAME . "哦,我们将更好的为您服务。";
addOrderType($order, HTMLEncode($orderContent));
$sql3 = "select order_user,order_id,order_id2 from qiyu_order where order_id=" . $id . " and order_status='4'";
$results = mysql_query($sql3);
} else {
setTmpMapLastEdit();
print json_encode(array("error" => false));
}
} elseif ($_POST['mode'] == "addNetworkBox") {
$networkBoxType = $obj->{'networkBoxType'};
$invNum = $obj->{'invNum'};
$boxId = addNetworkBox($networkBoxType, $invNum, TRUE);
if (isset($boxId['id'])) {
$result = array("NetworkBoxId" => $boxId['id']);
} else {
$result = array("error" => isset($boxId['error']) ? $boxId['error'] : NULL);
}
setTmpMapLastEdit();
setMapUserActivity($uId);
print json_encode($result);
die;
} elseif ($_POST['mode'] == "save") {
$result = saveTmpData();
if (defined($result['error'])) {
print json_encode(array("error" => $result['error']));
} else {
print json_encode(array("error" => false));
}
} elseif ($_POST['mode'] == "cancel") {
setMapLastEdit();
$result = checkData();
print json_encode($result);
}
setMapUserActivity($uId);
}
*/
if ($_POST) {
$share = '0';
// check data
if (isset($_POST['umessage'])) {
$_POST['umessage'] = checkData($_POST['umessage']);
}
// check data & strip tags
if (isset($_POST['toname'])) {
$_POST['toname'] = checkData(strip_tags($_POST['toname']));
}
if (isset($_POST['umid'])) {
$_POST['umid'] = checkData(strip_tags($_POST['umid']));
}
if (isset($_POST['newRoomName'])) {
$_POST['newRoomName'] = checkData(strip_tags($_POST['newRoomName']));
}
// check data is numeric
if (isset($_POST['uid'])) {
$_POST['uid'] = checkNumeric($_POST['uid']);
}
if (isset($_POST['room'])) {
$_POST['room'] = checkNumeric($_POST['room']);
}
if (isset($_POST['addRoom'])) {
$_POST['addRoom'] = checkNumeric($_POST['addRoom']);
}
if (isset($_POST['newRoomOwner'])) {
$_POST['newRoomOwner'] = checkNumeric($_POST['newRoomOwner']);
}
if (isset($_POST['status'])) {
echo "H";
exit;
}
} else {
echo "H";
exit;
}
//echo "E|".$vercodePhone;
}
break;
case "update":
$phone = sqlReplace($_POST['phone']);
$pw = sqlReplace($_POST['pw']);
$pw2 = sqlReplace($_POST['repw']);
checkData($pw, '新密码', 1);
checkData($pw2, '确认密码', 1);
if ($pw != $pw2) {
alertInfo("两次输入的密码不同", "", 1);
}
$sql = "select * from qiyu_user where user_phone='" . $phone . "'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$vercode = getRndCode(6);
$pw = md5(md5($pw . $vercode));
$sqlStr = "update qiyu_user set user_password='******',user_salt='" . $vercode . "' where user_phone='" . $phone . "'";
mysql_query($sqlStr);
alertInfo("修改成功,请登录", "userlogin.php", 0);
} else {
alertInfo("手机号不存在", "userpw.php", 0);
}
</select>
</td>
</tr>
<tr>
<td align="right" colspan="2"><input type="submit" value="Submit" name="submit" ></td>
</tr>
</form>
</table>
<?php
require "db_utils.php";
if (isset($_POST['submit'])) {
if ($_POST['password'] == $_POST['password2']) {
if (checkData($_POST["user_name"], $_POST["password"], $_POST["user_email"])) {
$regtime = time();
writeUserInDatabase($_POST["user_name"], $_POST["password"], $_POST["user_email"], $regtime, $_POST["account"]);
$_SESSION['user_name'] = $_POST['user_name'];
header("location: index.php");
}
} else {
echo "<p>Passwords don't match. \n Please try again.</p>";
}
}
?>
<div id="alreadyreg">
<a href="login.php">Already registered? Please Login! </a>
$error = "It is too long.";
}
}
}
}
return $error;
}
if (!empty($_POST)) {
$data = cleanData($_POST);
$errors['survey-name'] = checkData($data['survey-name'], 3, 50, 0);
$errors['survey-description'] = checkData($data['survey-description'], 3, 250, 0);
$errors['choice1'] = checkData($data['choice1'], 2, 50, 0);
$errors['choice2'] = checkData($data['choice2'], 2, 50, 0);
$errors['choice3'] = checkData($data['choice3'], 2, 50, 1);
$errors['choice4'] = checkData($data['choice4'], 2, 50, 1);
$errors['choice5'] = checkData($data['choice5'], 2, 50, 1);
$req = $pdo->prepare('SELECT id, name FROM surveys WHERE name = :name');
$req->bindvalue(':name', $data['survey-name'], PDO::PARAM_STR);
$req->execute();
if ($res = $req->fetch()) {
$dataId = $res['id'];
$errors['survey-name'] = 'This survey already exists';
$disableForm = 'This survey already exists, <a href="survey-' . $dataId . '.html">please check it.</a>';
}
foreach ($errors as $key => $value) {
if (empty($value)) {
unset($errors[$key]);
}
}
if (empty($errors)) {
$req = $pdo->prepare('INSERT INTO surveys(name, description, choice1, choice2, choice3, choice4, choice5) VALUES (:name, :description, :choice1, :choice2, :choice3, :choice4, :choice5)');
*/
require 'include/dbconn.php';
$user_account = sqlReplace(trim($_POST['z_phone']));
$loginUrl = $_SESSION['login_url'];
$pw = sqlReplace(trim($_POST['pw']));
$cookie = empty($_POST['cookie']) ? "" : sqlReplace($_POST['cookie']);
$re_name = empty($_POST['re_name']) ? "" : sqlReplace($_POST['re_name']);
$sinaUid = empty($_SESSION['sinaUid']) ? '' : sqlReplace($_SESSION['sinaUid']);
$sinaNick = empty($_SESSION['sinaNick']) ? '' : sqlReplace($_SESSION['sinaNick']);
$p = empty($_GET['p']) ? '' : sqlReplace(trim($_GET['p']));
//从订单页来的标示
$shopID = empty($_GET['shopID']) ? '0' : sqlReplace(trim($_GET['shopID']));
$shopSpot = empty($_GET['shopSpot']) ? '0' : sqlReplace(trim($_GET['shopSpot']));
$shopCircle = empty($_GET['shopCircle']) ? '0' : sqlReplace(trim($_GET['shopCircle']));
checkData($user_account, '手机号', 1);
checkData($pw, '密码', 1);
$sqlStr = "select * from " . WIIDBPRE . "_user where user_account='" . $user_account . "'";
$result = mysql_query($sqlStr) or die("查询失败,请检查SQL语句。");
$row = mysql_fetch_assoc($result);
if ($row) {
$ip = $_SERVER['REMOTE_ADDR'];
$pwd = md5(md5($pw . $row['user_salt']));
$sql = "select * from qiyu_user where user_account='" . $user_account . "' and user_password='******'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$sql2 = "update qiyu_user set user_experience=user_experience+" . expUserLogin . " where user_account='" . $user_account . "' and user_password='******'";
mysql_query($sql2);
date_default_timezone_set('PRC');
$time = date('Y-m-d H:i:s');
if (!empty($sinaUid)) {
<?php
/**
* area_ajax.php
*/
require '../include/dbconn.php';
$str = '';
$act = $_POST['act'];
if ($act == "circle") {
$area_id = sqlReplace(trim($_POST['area_id']));
checkData($area_id, "ÇøÓòID", 0);
$sql = "select ac.areacircle_circle,c.circle_name from " . WIIDBPRE . "_areacircle ac," . WIIDBPRE . "_circle c where ac.areacircle_circle=c.circle_id and areacircle_area=" . $area_id;
$rs = mysql_query($sql);
while ($rows = mysql_fetch_assoc($rs)) {
$str .= "<option value='" . $rows['areacircle_circle'] . "'>" . $rows['circle_name'] . "</option>";
}
}
if ($act == "spot") {
$circle_id = sqlReplace(trim($_POST['circle_id']));
$sql = "select spot_id,spot_name from " . WIIDBPRE . "_spot where spot_circle=" . $circle_id;
$rs = mysql_query($sql);
while ($rows = mysql_fetch_assoc($rs)) {
$str .= "<option value='" . $rows['spot_id'] . "'>" . $rows['spot_name'] . "</option>";
}
}
echo $str;
<?php
require_once "usercheck2.php";
$pw = sqlReplace(trim($_POST['pw']));
$newpw = sqlReplace(trim($_POST['newpw']));
$repw = sqlReplace(trim($_POST['repw']));
checkData($pw, '原密码', 1);
checkData($newpw, '新密码', 1);
if ($newpw != $repw) {
alertInfo("两次密码不一致", "", 1);
}
$check_sql = "select user_password,user_salt from " . WIIDBPRE . "_user where user_id=" . $QIYU_ID_USER;
$check_rs = mysql_query($check_sql);
$check_row = mysql_fetch_assoc($check_rs);
if (!$check_row) {
alertInfo('非法用户', '', 1);
} else {
$oldpw = md5(md5($pw . $check_row['user_salt']));
if ($oldpw != $check_row['user_password']) {
alertInfo('原密码输入不正确', '', 1);
} else {
$upd_sql = "update " . WIIDBPRE . "_user set user_password='******'user_salt'])) . "' where user_id=" . $QIYU_ID_USER;
if (mysql_query($upd_sql)) {
alertInfo('修改成功', 'usercenter.php', 0);
} else {
alertInfo('修改失败', '', 1);
}
}
}
}
break;
case 'type':
$id = sqlReplace(trim($_GET['id']));
$id = checkData($id, "ID", 0);
$sql = "select * from qiyu_comment where comment_id=" . $id;
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if (!$row) {
alertInfo('您要审核的数据不存在', '', 1);
} else {
$sql2 = "update qiyu_comment set comment_type='1' where comment_id=" . $id;
if (mysql_query($sql2)) {
alertInfo('审核成功', '', 1);
} else {
alertInfo('审核失败,原因SQL出现异常', '', 1);
}
}
break;
case "savetime":
$i = trim($_POST['i']);
for ($x = 1; $x <= $i; $x++) {
$id = $_POST['id' . $x];
$id = checkData($id, 'ID', 0);
$time = $_POST['time' . $x];
$sql = "update " . WIIDBPRE . "_comment set comment_addtime='" . $time . "' where comment_id=" . $id;
mysql_query($sql);
}
alertInfo('保存成功!', "", 1);
break;
}
<?php
require_once "autoload.php";
// Vérifie qu'on a toutes les informations, mais ne vérifie pas le contenu
function checkData()
{
return isset($_POST['id']) && isset($_POST['nom']) && isset($_POST['prénom']) && isset($_POST['tél']);
}
// Insertion d'un nouveau contact dans la base
if (checkData()) {
$contacts = new ContactsDAO(MaBD::getInstance());
$maj = new Contact(array('id' => $_POST['id'], 'nom' => $_POST['nom'], 'prénom' => $_POST['prénom'], 'tél' => $_POST['tél']));
$res = $contacts->update($maj);
if ($res === 0) {
echo json_encode(false);
} else {
echo json_encode(true);
}
} else {
echo json_encode(false);
}
public function get_game_list()
{
$gData = checkData($_GET);
$gameArr = $this->getGameDataList(1);
//var_dump($gameArr);exit();
$key = $gData['key'];
if (empty($key)) {
$gameData[0]['game_id'] = 0;
$gameData[0]['game_name'] = '';
} else {
$sql = "SELECT game_id,game_name_cn FROM app_new_game_info_detail WHERE game_name_cn LIKE'%" . $key . "%'";
$data = $this->db->find($sql);
$gameData = array();
foreach ($data as $_k => $_v) {
$gameData[$_k]['game_id'] = $_v['game_id'];
$gameData[$_k]['game_name'] = $_v['game_name_cn'];
}
}
$array['result'] = $gameData;
echo json_encode($array);
exit;
}
function checkSession()
{
$user_res = getCurrUserInfo();
$user = $user_res['rows'][0]['id'];
$query = 'SELECT * FROM "MapSessions"
WHERE "LastAction" + INTERVAL \'30 MINUTES\' > NOW()';
$res = PQuery($query);
$sesUserId = $res['rows'][0]['UserId'];
if ($res['count'] > 0) {
return $user == $sesUserId ? TRUE : FALSE;
} else {
checkData();
return TRUE;
}
return $res['count'] > 0 ? $user == $sesUserId ? TRUE : FALSE : TRUE;
}
public function dept_del()
{
$gData = checkData($_GET);
$id = $gData['id'];
if ($id <= 0) {
ajaxReturn('参数错误', 300);
}
$sql = "delete from system_dept where id={$id} or dept={$id}";
if ($this->db->query($sql)) {
ajaxReturn('删除成功', 200);
} else {
ajaxReturn('删除失败', 300);
}
}
