} if (!!($rows = fetch_array("SELECT bbs_uniqid FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) { //为了防止cookie伪造,要比对一下唯一标识符uniqid uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']); //引入验证文件 include ROOT_PATH . 'includes/check.func.php'; //创建空数组,用来存放提交的合法数据 $clean = array(); $clean['password'] = check_modify_password($_POST['password'], 6); $clean['sex'] = check_sex($_POST['sex']); $clean['photo'] = check_photo($_POST['photo']); $clean['email'] = check_email($_POST['email'], 6, 40); $clean['qq'] = check_qq($_POST['qq']); $clean['url'] = check_url($_POST['url'], 40); $clean['switch'] = $_POST['switch']; $clean['signature'] = check_signature($_POST['signature'], 200); //修改资料 if (empty($clean['password'])) { query("UPDATE bbs_users SET \n bbs_sex='{$clean['sex']}',\n bbs_photo='{$clean['photo']}',\n bbs_email='{$clean['email']}',\n bbs_qq='{$clean['qq']}',\n bbs_url='{$clean['url']}',\n bbs_switch='{$clean['switch']}',\n bbs_signature='{$clean['signature']}'\n WHERE\n bbs_username='******'username']}'\n "); } else { query("UPDATE bbs_users SET \n bbs_password='******'password']}',\n bbs_sex='{$clean['sex']}',\n bbs_photo='{$clean['photo']}',\n bbs_email='{$clean['email']}',\n bbs_qq='{$clean['qq']}',\n bbs_url='{$clean['url']}',\n bbs_switch='{$clean['switch']}',\n bbs_signature='{$clean['signature']}'\n WHERE\n bbs_username='******'username']}'\n "); } //可以生成新的唯一标识符,这样更安全 } //判断是否修改成功 //当什么都是不修改时,影响条数为0 if (affected_rows() >= 0) { //关闭数据库 close(); //清除session //session_destroy();
$xml = isset($GLOBALS['HTTP_RAW_POST_DATA']) ? $GLOBALS['HTTP_RAW_POST_DATA'] : ''; $log->record_array($_GET); $log->record($xml); $data = simplexml_load_string($xml); $temp = ''; //检查请求是否来自微信服务器 if (isset($data->ToUserName)) { $public_account = $data->ToUserName; //公众号原始ID if ($public_account != $config['public_account']) { echo '目标服务号不存在'; exit; } $token = $config['token']; //公众号token if (!check_signature($_GET['signature'], $_GET['timestamp'], $_GET['nonce'], $token)) { echo '请求服务器错误'; exit; } } $openid = isset($data->FromUserName) ? $data->FromUserName : ''; $openid = $db->escape($openid); $public_account = isset($data->ToUserName) ? $data->ToUserName : ''; $public_account = $db->escape($public_account); //处理请求信息 $response_id = 0; $response = ''; if (!isset($data->MsgType)) { $data->MsgType = ''; } switch (strtolower($data->MsgType)) {