function check_profile()
{
global $_POST;
global $CONST;
if (isset($_POST["question"]) && filter_var($_POST["question"], FILTER_VALIDATE_REGEXP, array("options" => array('regexp' => "/^{$_SESSION["level"]}[1-{$CONST["questions"]}]\$/")))) {
return check_question($_POST["question"]);
} else {
if (isset($_POST["advance"]) && filter_var($_POST["advance"], FILTER_VALIDATE_REGEXP, array("options" => array('regexp' => "/^[a-z\\d]+\$/i")))) {
return check_level($_POST["advance"]);
} else {
return NULL;
}
}
}
function upload_question($strs, $time, $array)
{
global $_W;
//print_r($array);exit;
$question_type = $strs[0];
$level = $strs[1];
$question = $strs[2];
$answer = $strs[3];
$answer1 = $strs[4];
$answer2 = $strs[5];
$answer3 = $strs[6];
$answer4 = $strs[7];
$answer5 = $strs[8];
$answer6 = $strs[9];
$explain = $strs[10];
$row_num = $array['row_num'];
$insert = array();
//$insert['userid'] = $userid;
if (empty($question_type) || empty($question) || empty($answer)) {
return 0;
}
switch ($question_type) {
case '单选题':
$type = 2;
$insert['answer'] = $answer;
break;
case '多选题':
$type = 3;
$insert['answer'] = $answer;
break;
case '判断题':
$type = 1;
if ($answer == '正确') {
$insert['answer'] = 1;
} else {
$insert['answer'] = 0;
}
break;
}
if ($type > 1) {
$answer_array = array($answer1, $answer2, $answer3, $answer4, $answer5, $answer6);
$insert['items'] = serialize($answer_array);
}
$insert['type'] = $type;
$insert['question'] = $row_num . "------" . $question;
$flag = check_question($insert, 0);
if ($flag == 0) {
if (!empty($array['poolid'])) {
$insert['poolid'] = $array['poolid'];
}
$insert['level'] = $level;
$insert['explain'] = $explain;
$insert['weid'] = $_W['weid'];
pdo_insert('ewei_exam_question', $insert);
}
}
mysqli_query($db_connection, $result);
$_SESSION["question"] = "";
mysqli_close($db_connection);
header("Location: ./profile.php");
die;
}
function check_question()
{
global $_POST;
if (isset($_POST["answer"])) {
return check_answer($_POST["answer"]);
} else {
return NULL;
}
}
$wrong_msg = check_question();
unset($_POST);
$query = "SELECT * FROM `Questions` AS `Q` " . "LEFT JOIN `Questions-{$_SESSION["username"]}` AS `Q-U` ON `Q-U`.`Question ID`=`Q`.`Question ID` " . "WHERE `Q`.`Question ID` = '{$_SESSION["question"]}';";
$question = mysqli_fetch_array(mysqli_query($db_connection, $query));
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>NJATH - Question</title>
<link href="question.css" rel="stylesheet" type="text/css" />
<link href="navbar.css" rel="stylesheet" type="text/css" />
</head>
foreach ($current_round_questions as $question) {
$q_ids[] = $question->id;
}
$shown_questions = array();
// this array contain numbers of questions that were shown
// if we have array in session we assign it to the array $shown_questions
isset($_SESSION['q_array']) ? $shown_questions = $_SESSION['q_array'] : false;
$question_number = rand(1, $num_questions - 1);
// we randomly pick question
// function checks if this question number is in the $shown_questions array
function check_question($q, $a)
{
return in_array($q, $a);
}
// while expression is true, meaning we already chosen this question, we pick another one until the statement is false
while (check_question($question_number, $shown_questions)) {
$question_number = rand(1, $num_questions - 1);
// we pick random number from all questions
}
$shown_questions[] = $question_number;
// here we put the question into array so that we know which questions were shown previously
sort($shown_questions);
//echo "ilość pytań: " . $num_questions . " ";
//echo "wylosowany numer: " . $question_number . " ";
//echo "shown_questions: " . count($shown_questions) . " ";
// we store the array of shown questions in the session so that it can be retrieved when this pages loads next time
$_SESSION['q_array'] = $shown_questions;
//print_r( $_SESSION['q_array'] );
// adds to the total number of questions
isset($_SESSION['question_number']) ? $_SESSION['question_number']++ : ($_SESSION['question_number'] = 0);
// display question
exit('管理员关闭了注册功能,请不要非法注册');
}
//为防止恶意注册,跨站攻击
check_code($_POST['code'], $_SESSION['code']);
//引入验证文件
include ROOT_PATH . 'includes/check.func.php';
//创建空数组,用来存放提交的合法数据
$clean = array();
//可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等。
//唯一标识符第二个作用,登录cookie验证
$clean['uniqid'] = check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
//active也是唯一标识符,用来给刚注册的用户做激活处理用,不然也不能登录
$clean['active'] = sha1_uniqid();
$clean['username'] = check_username($_POST['username'], 2, 20);
$clean['password'] = check_password($_POST['password'], $_POST['aginePassword'], 6);
$clean['question'] = check_question($_POST['question'], 2, 20);
$clean['answer'] = check_answer($_POST['question'], $_POST['answer'], 2, 20);
$clean['sex'] = check_sex($_POST['sex']);
$clean['photo'] = check_photo($_POST['photo']);
$clean['email'] = check_email($_POST['email'], 6, 40);
$clean['qq'] = check_qq($_POST['qq']);
$clean['url'] = check_url($_POST['url'], 40);
//新增用户之前,判断用户名是否重复
is_repeat("SELECT bbs_username FROM bbs_users WHERE bbs_username='******'username']}' LIMIT 1", '对不起,该用户名已被注册');
//新增用户
//在双引号里面直接方变量可以$username,但如果是数组,就必须加一个花括号
query("INSERT INTO bbs_users (\n bbs_uniqid,\n bbs_active,\n bbs_username,\n bbs_password,\n bbs_question,\n bbs_answer,\n bbs_sex,\n bbs_photo,\n bbs_email,\n bbs_qq,\n bbs_url,\n bbs_reg_time,\n bbs_last_time,\n bbs_last_ip\n ) \n VALUES (\n '{$clean['uniqid']}',\n '{$clean['active']}',\n '{$clean['username']}',\n '{$clean['password']}',\n '{$clean['question']}',\n '{$clean['answer']}',\n '{$clean['sex']}',\n '{$clean['photo']}',\n '{$clean['email']}',\n '{$clean['qq']}',\n '{$clean['url']}',\n NOW(),\n NOW(),\n '{$_SERVER["REMOTE_ADDR"]}'\n )");
if (affected_rows() == 1) {
//获取刚刚新增的id
$clean['id'] = mysql_insert_id();
//关闭数据库
if (!empty($global_clean['code'])) {
//如果关闭了验证码验证
if (!($_POST['code'] == $_SESSION['code'])) {
location('验证码错误,请重新输入!', 'member_modify.php');
}
}
include 'includes/register.fun.php';
//引入验证函数库
$clean = array();
//运行验证username的函数check_username();
// echo $_POST['uniqid'].'<br />'.$_SESSION['uniqid'].'<br />';
// $clean['uniqid'] = check_uniqid($_POST['uniqid'],$_SESSION['uniqid']);
$clean['active'] = sha1(uniqid(rand(), true));
$clean['username'] = check_username($_POST['username']);
$clean['password'] = check_password($_POST['password'], $_POST['yespassword']);
$clean['question'] = check_question($_POST['question']);
$clean['answer'] = check_answer($_POST['question'], $_POST['answer']);
$clean['sex'] = check_sex($_POST['sex']);
$clean['face'] = check_face($_POST['face']);
$clean['email'] = check_email($_POST['email']);
$clean['qq'] = check_qq($_POST['qq']);
$clean['url'] = check_url($_POST['url']);
//插入之前要判断是否存在相同的用户名
$query = mysql_query("select username from user where username='******'username']}'");
if (is_array(mysql_fetch_array($query, MYSQL_ASSOC))) {
echo "<script type='javascript'>alert('用户名已经存在,请重新注册!');history.back();</script>";
exit;
}
mysql_query("insert into user \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t(active,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tusername,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tpassword,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tquestion,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tanswer,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tsex,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tface,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\temail,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tqq,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\turl,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\treg_time,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tlast_time,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tlast_ip\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t\t values \r\n\t\t\t\t\t\t\t\t\t\t\t('{$clean['active']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['password']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['question']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['answer']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['sex']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['face']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['email']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['qq']}',\r\n\t\t\t\t\t\t\t\t\t\t\t'{$clean['url']}',\r\n\t\t\t\t\t\t\t\t\t\t\tnow(),\r\n\t\t\t\t\t\t\t\t\t\t\tnow(),\r\n\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}'\r\n\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t ") or die('数据库插入出错' . mysql_error());
//判断是否插入成功,用mysql_affected_row()进行判断
if (mysql_affected_rows() == 1) {
