/** * 功能:根据省id获取对应市结点内容 * 参数:省id * 返回: * 备注: */ public function getCityByProId() { $data = array(array('province_id', 'int')); dataFilter($data, 'post'); $rs = M('s_city')->select('CityID,CityName', 'ProvinceID=' . $data['province_id']); returnJson(SUCCESS, $rs); }
public function addPraise() { $data = array(array('obj_id', 'int')); dataFilter($data, 'post'); $user_id = 1; $rs = D('Praise')->addPraise($user_id, $data['obj_id']); $msg = $rs == -1 ? '取消点赞成功!' : '点赞成功!'; returnJson(SUCCESS, $msg); }
/** * 地址修改 */ public function alterAddr() { codecheck(); $data = array(array('addr', 'string'), array('name', 'string'), array('phone', 'string'), array('id', 'int')); dataFilter($data, 'post'); $id = $data['id']; unset($data['id']); D('Address')->update($data, 'cust_id=' . $_SESSION['userinfo']['id'] . ' AND id=' . $id); returnJson(SUCCESS, '', '操作成功'); }
/** * 修改绑定手机号 */ public function modifyPhoneNum() { new Codecheck(); $data = array(array('phone', 'string'), array('identifyCode', 'string'), array('new_phone', 'string')); dataFilter($data, 'post'); if (D('identify')->checkCorrent($data['phone'], $data['identifyCode'])) { $upData = array('c_phone' => $data['new_phone']); D('Customer')->update($upData, 'c_id=' . $_SESSION['userinfo']['cc_cust_id']); returnJson(SUCCESS, '修改成功'); } returnJson(FAIL, '验证码错误'); }
/** * 发送消息 */ public function sendMsg() { $cust_id = 2; $data = array(array('target_id', 'int'), array('msg_type', 'int'), array('msg', 'string'), array('perOrGroup', 'int')); dataFilter($data, 'post'); $user_id = $group_id = 0; $data['perOrGroup'] == 1 ? $user_id = $data['target_id'] : ($group_id = $data['target_id']); $userData = array('um_cust_id' => $cust_id, 'um_receive_userid' => $user_id, 'um_perOrGroup' => $data['perOrGroup'], 'um_group_id' => $group_id); $conData = array('cm_time' => NOW, 'cm_content' => $data['msg'], 'cm_type' => $data['msg_type']); $msg_id = D('Chatmsg')->sendMsg($userData, $conData); $retData = array('msg_id' => $msg_id, 'msg' => $data['msg'], 'msg_type' => $data['msg_type'], 'msg_time' => $data['msg'], 'perOrGroup' => $data['perOrGroup'], 'receive_userid' => $user_id, 'group_id' => $group_id); returnJson(SUCCESS, $retData); }
public function sendMsg() { $data = array(array('msg_type', 'int'), array('target_id', 'int'), array('perOrGroup', 'int')); dataFilter($data, 'post'); $provArr = array('20' => 'imgStrategy', '21' => 'voiceStrategy', '22' => 'otherStrategy'); $this->msg_type = $data['msg_type']; $data['perOrGroup'] == 1 ? $this->user_id = $data['target_id'] : ($this->group_id = $data['target_id']); $this->perOrGroup = $data['perOrGroup']; if (isset($_FILES['fname']) && $_FILES['fname']) { $this->{$provArr}[$data['msg_type']](); } else { returnJson(FAIL, 'unlawfule request'); } }
/** * 判断验证码是否相同 */ public function isEqualCode() { $data = array(array('phone', 'string', 'sj', '手机'), array('identifyCode', 'string')); dataFilter($data, 'post'); if (D('Checkcode')->checkCorrent($data['phone'], $data['identifyCode'])) { returnJson(SUCCESS, '', '验证成功'); } else { returnJson(FAIL, '验证码错误'); } $data = D('Basefilter')->postFilter($filterData); if ($data) { if (D('Code')->checkCorrent($data['phone'], $data['code'])) { returnJson(SUCCESS, '', '验证成功'); } else { returnJson(FAIL, '验证码错误'); } } else { returnJson(FAIL, 'unlawful request'); } }
public function checkCode() { if (!isset($_POST['code'])) { returnJson(CODE_RROR, '校验码错误'); } $data = array(array('code', 'string')); dataFilter($data, 'post'); //校验码检查 $rs = D('CustCode')->checkValid($data['code']); if ($rs === false) { returnJson(CODE_RROR, '校验码错误'); } else { if ($rs == -1) { returnJson(CODE_EXPIRE, '用户校验码已过期,请重新登陆'); } else { $_SESSION['userinfo'] = array(); $_SESSION['userinfo']['id'] = $rs; } } return true; }
/** * 保存用户编辑资料 */ public function saveEdit() { codecheck(); //参数对应 $refData = array('icon_id' => array('icon_id', 'int'), 'nicname' => array('nicname', 'string'), 'birth_time' => array('birth_time', 'int'), 'mail' => array('mail', ''), 'sex' => array('sex', 'ing'), 'sign' => array('sign', 'string')); $upData = array(); foreach ($refData as $k => $v) { if (isset($_POST[$k])) { $tmp = array(array($k, $v[1])); dataFilter($tmp, 'post'); $upData[$v[0]] = $tmp[$k]; } } if ($upData) { if (isset($upData['nicname'])) { $upData['pinyin'] = D('Language.Chn2pinyin')->Pinyin($upData['nicname']); } D('Customer')->update($upData, 'id=' . $_SESSION['userinfo']['id']); } $retData = D('Customer')->getUserinfo($_SESSION['userinfo']['id']); returnJson(SUCCESS, $retData); }
} $mysqli->set_charset('utf8'); function dataFilter($str) { return addslashes(htmlspecialchars(trim($str), ENT_COMPAT, 'UTF-8')); } if (isset($_GET['action'])) { $action = intval($_GET['action']); } if (isset($action) && $action == 1) { $sql = "SELECT * FROM comment"; $mysqli_result = $mysqli->query($sql); if ($mysqli_result && $mysqli_result->num_rows > 0) { $result = array(); $i = 0; while ($row = $mysqli_result->fetch_array(MYSQL_ASSOC)) { $result[$i]['author'] = $row['name']; $result[$i]['text'] = $row['text']; $i++; } $mysqli_result->free(); } echo json_encode($result); } if (isset($action) && $action == 2) { $name = dataFilter($_POST['name']); $text = dataFilter($_POST['text']); $time = time(); $sql = "INSERT INTO comment(name, text, time) VALUES('{$name}', '{$text}', {$time})"; $res = $mysqli->query($sql); }
if ($step == 1) { $rslt2 = class_exists('PDO') ? 1 : 0; $rslt3 = checkWritable() ? 1 : 0; $rslt4 = 1; if ($rslt2 == 0) { $rslt5 = 0; } else { $PDOSupported = PDO::getAvailableDrivers(); $rslt5 = in_array('sqlite', $PDOSupported) || in_array('mysql', $PDOSupported) ? 1 : 0; } $rslt6 = $rslt2 * $rslt3 * $rslt4 * $rslt5; die(json_encode(array('rslt2' => $rslt2, 'rslt3' => $rslt3, 'rslt4' => $rslt4, 'rslt5' => $rslt5, 'rslt6' => $rslt6))); } if ($step == 2) { if (isset($_POST['instd'])) { $instd = dataFilter(array('siteAuthor', 'siteKey', 'dbType', 'dbName', 'dbAddr', 'dbUser', 'dbPass'), $_POST['instd']); $dbConfContent = $instd['dbType'] == 'SQLite' ? "<?php \r\ndefine ('DBTYPE', 'SQLite');\r\ndefine ('DBNAME', '{$instd['dbName']}');" : "<?php \r\ndefine ('DBTYPE', 'MySQL');\r\ndefine ('DBNAME', '{$instd['dbName']}');\r\ndefine ('DBADDR', '{$instd['dbAddr']}');\r\ndefine ('DBUSERNAME', '{$instd['dbUser']}');\r\ndefine ('DBPASSWORD', '{$instd['dbPass']}');"; $writeResult = @file_put_contents('./conf/dbcon.php', $dbConfContent); $siteURL = curPageURL(); $siteAuthor = htmlspecialchars($instd['siteAuthor'], ENT_QUOTES, 'UTF-8'); $siteKey = sha1($instd['siteKey']); $infoConfContent = "<?php\n\$conf=array (\n 'siteName' => '{$l['data.sitename']}',\n 'siteURL' => '{$siteURL}',\n 'authorName' => '{$siteAuthor}',\n 'authorIntro' => '{$l['data.siteintro']}',\n 'siteKey' => '{$siteKey}',\n 'timeZone' => 'Asia/Shanghai',\n 'pageCache' => '0',\n 'commentOpt' => '0',\n 'comFrequency' => '10',\n 'comPerLoad' => '20',\n 'siteTheme' => 'default',\n 'siteLang' => '{$l['data.lang']}',\n 'perPage' => '3',\n 'linkPrefixIndex' => 'index.php',\n 'linkPrefixCategory' => 'category.php',\n 'linkPrefixArticle' => 'read.php',\n 'linkPrefixTag' => 'tag.php',\n 'social-sina-weibo' => '',\n 'social-weixin' => '',\n 'social-twitter' => '',\n 'social-facebook' => '',\n 'social-douban' => '',\n 'social-instagram' => '',\n 'social-renren' => '',\n 'social-linkedin' => '',\n 'externalLinks' => 'http://bw.bo-blog.com=bW Home',\n);"; $writeResult = $writeResult && @file_put_contents('./conf/info.php', $infoConfContent); $servicesConfContent = "<?php\n\$conf+=array (\n 'duoshuoID' => '',\n 'disqusID' => '',\n 'sinaAKey' => '',\n 'sinaSKey' => '',\n 'qiniuAKey' => '',\n 'qiniuSKey' => '',\n 'qiniuBucket' => '',\n 'qiniuSync' => '',\n 'qiniuUpload' => '0',\n 'qiniuDomain' => '',\n);"; $writeResult = $writeResult && @file_put_contents('./conf/services.php', $servicesConfContent); if (!$writeResult) { $rslt7 = $rslt8 = $rslt9 = 0; $rslt10 = $l['data.error']; } else { $rslt7 = 1; define('P', './');
$article->getSinglePageList(); $adminsinglepagelist = $article->articleList; $view->setMaster('admin'); $view->setPassData(array('adminarticlelist' => $adminarticlelist, 'admindraftlist' => $admindraftlist, 'adminsinglepagelist' => $adminsinglepagelist, 'admincatelist' => bw::$cateList, 'themeList' => $view->scanForThemes(), 'newCSRFCode' => $admin->getCSRFCode('newarticle'), 'oldCSRFCode' => $admin->getCSRFCode('navibar'), 'cateCSRFCode' => $admin->getCSRFCode('category'))); $view->setWorkFlow(array('adminarticlelist', 'admincategorylist', 'adminarticles', 'admin')); $view->finalize(); } } if ($canonical->currentArgs['mainAction'] == 'services') { if ($canonical->currentArgs['subAction'] == 'store') { $admin->checkCSRFCode('services'); if (!isset($_REQUEST['smt'])) { stopError($conf['l']['admin:msg:NoData']); } $acceptedKeys = array('duoshuoID', 'disqusID', 'sinaAKey', 'sinaSKey', 'qiniuAKey', 'qiniuSKey', 'qiniuBucket', 'qiniuSync', 'qiniuUpload', 'qiniuDomain', 'APIOpen', 'basicAPI', 'advancedAPI', 'aliyunAKey', 'aliyunSKey', 'aliyunBucket', 'aliyunRegion'); $smt = dataFilter($acceptedKeys, $_REQUEST['smt']); $basicAPI = @explode('<>', $smt['basicAPI']); $advancedAPI = @explode('<>', $smt['advancedAPI']); $smt = array_map('htmlspecialchars', $smt); $smt['basicAPI'] = array_filter($basicAPI, 'strlen'); $smt['advancedAPI'] = array_filter($advancedAPI, 'strlen'); if ($smt['qiniuBucket'] == '1') { require_once P . "inc/script/qiniu/QiniuClient.php"; $qiniuClient = new qiniuClient($smt['qiniuAKey'], $smt['qiniuSKey']); $result = $qiniuClient->listFiles($smt['qiniuBucket'], $limit = 1); if (!$result) { stopError($conf['l']['admin:msg:QiniuError'] . $qiniuClient->err); } } $valString = "<?php\r\n\$conf+=" . var_export($smt, true) . ";?>"; $rS = file_put_contents(P . "conf/services.php", $valString);
private function checkComData($smt) { $acceptedKeys = array('userName', 'userURL', 'userContent', 'aID', 'comkey', 'socialkey', 'userAvatar'); $smt = dataFilter($acceptedKeys, $smt); if (empty($smt['aID']) || $smt['userName'] === '' || empty($smt['userContent']) || empty($smt['comkey'])) { stopError(bw::$conf['l']['admin:msg:NoData']); } $smt['userName'] = htmlspecialchars($smt['userName'], ENT_QUOTES, 'UTF-8'); $smt['userURL'] = htmlspecialchars($smt['userURL'], ENT_QUOTES, 'UTF-8'); $smt['userContent'] = htmlspecialchars($smt['userContent'], ENT_QUOTES, 'UTF-8'); return $smt; }
private function checkArticleData($smt) { $acceptedKeys = array('aTitle', 'aID', 'aContent', 'aCateURLName', 'aTime', 'aTags'); if (isset($smt['originID'])) { $acceptedKeys[] = 'originID'; } $smt = dataFilter($acceptedKeys, $smt); if (empty($smt['aTitle']) || $smt['aID'] === '' || empty($smt['aContent'])) { stopError(bw::$conf['l']['admin:msg:NoData']); } if (!array_key_exists($smt['aCateURLName'], bw::$cateData) && $smt['aCateURLName'] != '_trash' && $smt['aCateURLName'] != '_page') { stopError(bw::$conf['l']['admin:msg:NotExist'] . ': ' . $smt['aCateURLName']); } if (empty($smt['aTime'])) { $smt['aTime'] = $this->cutTime; } else { $smt['aTime'] = date('Y-m-d H:i:s', strtotime($smt['aTime'])); } $smt['aTitle'] = htmlspecialchars($smt['aTitle'], ENT_QUOTES, 'UTF-8'); $smt['aID'] = urlencode($smt['aID']); return $smt; }