function bangding($fromUsername, $uid, $pwd) { $s = "SELECT `pwd` FROM `user_bangding` WHERE `uid` = '{$uid}'"; $res = _select_data($s); $data = mysql_fetch_array($res); if ($pwd == $data['pwd']) { $sql = "UPDATE `user_bangding` SET `from_user` = '{$fromUsername}' WHERE `uid` = '{$uid}'"; $res = _update_data($sql); if ($res == 1) { echo "绑定成功 ↖点击此处返回"; } else { echo "绑定" . $uid . "失败<br/>请重新绑定~"; } } else { echo "绑定失败,密码错误!!!<br/>请联系管理员"; } }
<title>xxx</title> <link href="./css/bootstrap.min.css" rel="stylesheet"> <link rel="stylesheet" href="./css/style.css" /> <style type="text/css"> body { background: #ffffff url() top center no-repeat !important; background-size:100% auto !important; } </style> </head> <body> <?php include_once './sql.php'; $user = $_GET["user"]; $n = $_GET["n"]; if ($n >= 0 && $n <= 100) { $sql = "select fenshu from score where id = '{$user}'"; $result = _select_data($sql); $m = mysql_fetch_array($result); $q = $m['fenshu']; if ($q != 0 && $q != 100) { $sql = "UPDATE `score` SET `fenshu`= '{$n}' where id = '{$user}'"; _update_data($sql); } } ?> <img src = "xxx" width="100%" > </body> </html>
public function responseMsg() { //get post data, May be due to the different environments $postStr = $GLOBALS["HTTP_RAW_POST_DATA"]; //extract post data if (!empty($postStr)) { /* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection, the best way is to check the validity of xml by yourself */ libxml_disable_entity_loader(true); $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA); $fromUsername = $postObj->FromUserName; $toUsername = $postObj->ToUserName; $keyword = trim($postObj->Content); $time = time(); $event = $postObj->Event; $textTpl = "<xml>\n\t\t\t\t\t\t\t<ToUserName><![CDATA[%s]]></ToUserName>\n\t\t\t\t\t\t\t<FromUserName><![CDATA[%s]]></FromUserName>\n\t\t\t\t\t\t\t<CreateTime>%s</CreateTime>\n\t\t\t\t\t\t\t<MsgType><![CDATA[%s]]></MsgType>\n\t\t\t\t\t\t\t<Content><![CDATA[%s]]></Content>\n\t\t\t\t\t\t\t<FuncFlag>0</FuncFlag>\n\t\t\t\t\t\t\t</xml>"; $imageTpl = "<xml>\n\t\t\t\t\t\t\t<ToUserName><![CDATA[%s]]></ToUserName>\n\t\t\t\t\t\t\t<FromUserName><![CDATA[%s]]></FromUserName>\n\t\t\t\t\t\t\t<CreateTime>%s</CreateTime>\n\t\t\t\t\t\t\t<MsgType><![CDATA[news]]></MsgType>//消息类型为news(图文)\n\t\t\t\t\t\t\t<ArticleCount>1</ArticleCount>//图文数量为1(单图文)\n\t\t\t\t\t\t\t<Articles>\n\t\t\t\t\t\t\t<item>//第一张图文消息\n\t\t\t\t\t\t\t<Title><![CDATA[%s]]></Title> //标题\n\t\t\t\t\t\t\t<Description><![CDATA[%s]]></Description>//描述\n\t\t\t\t\t\t\t<PicUrl><![CDATA[%s]]></PicUrl>//打开前的图片链接地址\n\t\t\t\t\t\t\t<Url><![CDATA[%s]]></Url>//点击进入后显示的图片链接地址\n\t\t\t\t\t\t\t</item>\n\t\t\t\t\t\t\t</Articles>\n\t\t\t\t\t\t\t</xml> "; if (!empty($event)) { $gz[0] = " 欢迎使用微管理系统^_^"; $gz[1] = " 【绑定】- 输入关键词或数字\n [1]绑定角色 [2]修改角色\n [3]取消绑定"; $gz[2] = " 【签到】- 输入关键词或数字\n [4]进行签到 [5]查看签到"; $gz[3] = " 【信息】- 输入关键词或数字\n [6]查看信息 [7]更改状态"; $gz[4] = " 【请假】- 输入关键词或数字\n [8]申请请假 [9]审核请假\n [10]查看状态"; // $gz[5] = " 【任务】- 输入关键词或数字\n [11]发布任务 [12]查看任务"; $gz[5] = " 》》》》》 Tips 《《《《《\n 输入'0'、'首页'、'功能'、'菜单'\n 查看功能菜单"; $gz[6] = " Powered By Fan(毕设)"; $num = count($gz); $gzTpl = "<xml>\n <ToUserName><![CDATA[%s]]></ToUserName>\n <FromUserName><![CDATA[%s]]></FromUserName>\n <CreateTime>%s</CreateTime>\n <MsgType><![CDATA[news]]></MsgType>\n <ArticleCount>{$num}</ArticleCount>\n <Articles>"; for ($i = 0; $i <= $num; $i++) { $gzTpl .= "<item>\n <Title>{$gz[$i]}</Title>\n <Description></Description>\n <PicUrl><![CDATA[]]></PicUrl>\n <Url><![CDATA[]]></Url>\n </item>"; } $gzTpl .= "</Articles>\n <FuncFlag>1</FunFlag>\n </xml>"; $resultStr = sprintf($gzTpl, $fromUsername, $toUsername, $time); echo $resultStr; } $sql = "SELECT flag_id FROM user_flags WHERE from_user = '******'"; $result = _select_data($sql); while ($rows = mysql_fetch_array($result)) { $user_flag = $rows[flag_id]; } if (trim($keyword) != $user_flag && is_numeric($keyword)) { $user_flag = ''; $sql = "DELETE FROM user_flags WHERE from_user = '******'"; _delete_data($sql); } if (empty($user_flag)) { // 功能 if ($keyword == '0' || $keyword == '功能' || $keyword == '首页' || $keyword == '菜单') { $gz[0] = " 欢迎使用微管理系统^_^"; $gz[1] = " 【绑定】- 输入关键词或数字\n [1]绑定角色 [2]修改权限\n [3]取消绑定"; $gz[2] = " 【签到】- 输入关键词或数字\n [4]进行签到 [5]查看签到"; $gz[3] = " 【信息】- 输入关键词或数字\n [6]查看信息 [7]更改信息"; $gz[4] = " 【请假】- 输入关键词或数字\n [8]申请请假 [9]审核请假\n [10]查看状态"; // $gz[5] = " 【任务】- 输入关键词或数字\n [11]发布任务 [12]查看任务"; $gz[5] = " 》》》》》 Tips 《《《《《\n 输入'0'、'首页'、'功能'、'菜单'\n 查看功能菜单"; $gz[6] = " Powered By Fan(毕设)"; $num = count($gz); $gzTpl = "<xml>\n <ToUserName><![CDATA[%s]]></ToUserName>\n <FromUserName><![CDATA[%s]]></FromUserName>\n <CreateTime>%s</CreateTime>\n <MsgType><![CDATA[news]]></MsgType>\n <ArticleCount>{$num}</ArticleCount>\n <Articles>"; for ($i = 0; $i <= $num; $i++) { $gzTpl .= "<item>\n <Title>{$gz[$i]}</Title>\n <Description></Description>\n <PicUrl><![CDATA[]]></PicUrl>\n <Url><![CDATA[]]></Url>\n </item>"; } $gzTpl .= "</Articles>\n <FuncFlag>1</FunFlag>\n </xml>"; $resultStr = sprintf($gzTpl, $fromUsername, $toUsername, $time); echo $resultStr; } // 用户绑定对应角色 if ($keyword == '1' || $keyword == '绑定角色') { $sql = "SELECT `uid` FROM `user_bangding` WHERE `from_user` = '{$fromUsername}'"; $result = _select_data($sql); // 查找是否已存在信息 while ($rows = mysql_fetch_array($result)) { $data = $rows['uid']; } if (empty($data)) { $msgType = "text"; $contentStr = '<a href="http://wglpt.sinaapp.com/bd/bangding.php?openid=' . $fromUsername . '">点击绑定角色~</a>'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } else { $msgType = "text"; $contentStr = "用户" . $data . "已存在\n请重新绑定~"; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } } // 用户修改权限 if ($keyword == '2' || $keyword == '修改权限') { $sql = "SELECT * FROM `user_bangding` WHERE `from_user` = '{$fromUsername}'"; $res = _select_data($sql); while ($rows = mysql_fetch_array($res)) { $data = $rows['type']; } if ($data == 1) { $msgType = "text"; $contentStr = '<a href="http://wglpt.sinaapp.com/bd/quanxian.php?openid=' . $fromUsername . '">点击进入修改权限~</a>'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } else { $msgType = "text"; $contentStr = "暂无权限!\n请联系管理员"; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } } // 用户解除绑定 if ($keyword == '3' || $keyword == '解绑' || $keyword == '取消绑定') { $sql = "SELECT * FROM `user_bangding` WHERE `from_user` = '{$fromUsername}'"; $res = _select_data($sql); while ($rows = mysql_fetch_array($res)) { $data = $rows['uid']; } if (!empty($data)) { $sql1 = "UPDATE `user_bangding` SET `from_user` = '' WHERE `uid` = '{$data}'"; $res1 = _update_data($sql1); if ($res1 == 1) { $msgType = "text"; $contentStr = '解绑工号成功~'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } else { $msgType = "text"; $contentStr = '解绑工号失败!'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } } else { $msgType = "text"; $contentStr = '未绑定工号!'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } } // 用户签到 if ($keyword == '4' || $keyword == '进行签到') { // 每天定时corn清空表 $sql = "SELECT `from_user` FROM `user_qiandao` WHERE `from_user` = '{$fromUsername}'"; $result = _select_data($sql); // 查找是否已存在信息 while ($rows = mysql_fetch_array($result)) { $data = $rows['from_user']; } if (empty($data)) { // 签到时间为9点,8点开始 $time = strtotime("9:00:00") - time(); if ($time > 0 && $time < 3600) { $sql = "INSERT INTO `user_qiandao` (`from_user`) values ('{$fromUsername}')"; $res = _insert_data($sql); if ($res == 1) { $msgType = "text"; $contentStr = "签到成功~"; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } else { $msgType = "text"; $contentStr = "签到失败\n请重新签到!"; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } } elseif ($time > 3600) { $msgType = "text"; $contentStr = "还没到签到时间!"; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } else { // 添加迟到状态 $qtime = date("H:i:s"); $sql = "INSERT INTO `user_qiandao` (`from_user`, `late`, `time`) values ('{$fromUsername}', '1', '{$qtime}')"; $res = _insert_data($sql); if ($res == 1) { $msgType = "text"; $contentStr = "签到成功\n已迟到!"; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } else { $msgType = "text"; $contentStr = "签到失败\n请重新签到!"; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } } } else { $msgType = "text"; $contentStr = "你已签到!"; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } } // 查看签到 if ($keyword == '5' || $keyword == '查看签到') { $sql = "SELECT q.`late`, q.`time`, q.`from_user`, i.`uid`, i.`name` FROM `user_qiandao` q, `user_info` i WHERE q.`from_user` = i.`from_user`"; $res = _select_data($sql); $v = ''; while ($rows = mysql_fetch_array($res)) { if ($rows['late'] == '1') { $late = '迟到'; } else { $late = '正常'; } $v .= $rows['uid'] . ' ---- ' . $rows['name'] . ' ---- ' . $late . ' ---- ' . $rows['time'] . "\n"; $title = "工号---姓名---状态---时间"; $PicUrl = ""; $Description = $v; $Url = ""; $resultStr = sprintf($imageTpl, $fromUsername, $toUsername, $time, $title, $Description, $PicUrl, $Url); echo $resultStr; } } // 用户信息 if ($keyword == '6' || $keyword == '信息' || $keyword == '查看信息') { // 先检查用户是否在职 $sql = "SELECT `state` FROM `user_info` WHERE `from_user` = '{$fromUsername}'"; $res = _select_data($sql); $rows = mysql_fetch_array($res); if ($rows['state'] == 1) { // 开始读取用户列表 $sql = "SELECT * FROM `user_info`"; $res = _select_data($sql); $v = ''; while ($rows = mysql_fetch_array($res)) { if ($rows['state'] == 1) { $state = '在职'; } else { $state = '其他'; } $v .= $rows['uid'] . ' ---- ' . $rows['name'] . ' ---- ' . $rows['job'] . ' ---- ' . $state . "\n"; } $title = "工号---姓名---职务---状态"; $PicUrl = ""; $Description = $v; $Url = "http://wglpt.sinaapp.com/yh/yhlb.php"; $resultStr = sprintf($imageTpl, $fromUsername, $toUsername, $time, $title, $Description, $PicUrl, $Url); echo $resultStr; } else { $msgType = "text"; $contentStr = '对不起,你没有权限!'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } } // 用户编辑 if ($keyword == '7' || $keyword == '更改信息' || $keyword == '更新状态' || $keyword == '信息编辑' || $keyword == '编辑信息') { // 先检查用户是否在职 $sql = "SELECT `state` FROM `user_info` WHERE `from_user` = '{$fromUsername}'"; $res = _select_data($sql); $rows = mysql_fetch_array($res); if ($rows['state'] == 1) { // 开始读取用户列表 $sql = "SELECT * FROM `user_info`"; $res = _select_data($sql); $v = ''; while ($rows = mysql_fetch_array($res)) { if ($rows['state'] == 1) { $state = '在职'; } else { $state = '其他'; } $v .= $rows['uid'] . ' ---- ' . $rows['name'] . ' ---- ' . $state . "\n"; } $title = "工号---姓名---状态"; $PicUrl = ""; $Description = $v; $Url = "http://wglpt.sinaapp.com/yh/yhbj.php"; $resultStr = sprintf($imageTpl, $fromUsername, $toUsername, $time, $title, $Description, $PicUrl, $Url); echo $resultStr; } else { $msgType = "text"; $contentStr = '对不起,你没有权限!'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } } // 请假申请 if ($keyword == '8' || $keyword == '请假' || $keyword == '申请请假') { $msgType = "text"; $contentStr = '<a href="http://wglpt.sinaapp.com/qj/qingjia.php?openid=' . $fromUsername . '">点击申请请假~</a>'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } // 请假审核 if ($keyword == '9' || $keyword == '审核请假' || $keyword == '请假审核') { $msgType = "text"; $contentStr = '<a href="http://wglpt.sinaapp.com/qj/qjlb.php?openid=' . $fromUsername . '">点击进行请假审核~</a>'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } // 请假结果 if ($keyword == '10' || $keyword == '查看状态' || $keyword == '请假结果') { // 先检查用户是否在职 $sql = "SELECT `state` FROM `user_info` WHERE `from_user` = '{$fromUsername}'"; $res = _select_data($sql); $rows = mysql_fetch_array($res); if ($rows['state'] == 1) { // 开始读取用户列表 $sql = "SELECT * FROM `user_qingjia`"; $res = _select_data($sql); $v = ''; while ($rows = mysql_fetch_array($res)) { if ($rows['pass'] == 1) { $pass = '******'; } else { $pass = '******'; } $v .= $rows['id'] . ' ---- ' . $rows['name'] . ' ---- [ ' . $rows['time'] . ' ~ ' . $rows['endtime'] . ' ] ---- ' . $pass . "\n"; } $title = "请假序号---姓名---[ 开始时间 ~ 结束时间 ]---状态"; $PicUrl = ""; $Description = $v; $Url = ""; $resultStr = sprintf($imageTpl, $fromUsername, $toUsername, $time, $title, $Description, $PicUrl, $Url); echo $resultStr; } else { $msgType = "text"; $contentStr = '对不起,你没有权限!'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } } // 请假审核 if ($keyword == '11' || $keyword == '任务分配' || $keyword == '任务设置') { $msgType = "text"; $contentStr = '<a href="http://wglpt.sinaapp.com/rw/rwsz.php?openid=' . $fromUsername . '">点击进行任务分配~</a>'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } // 查看任务 if ($keyword == '12' || $keyword == '我的任务' || $keyword == '查看任务') { // 先检查用户是否在职 $sql = "SELECT `uid`, `state` FROM `user_info` WHERE `from_user` = '{$fromUsername}'"; $res = _select_data($sql); $rows = mysql_fetch_array($res); $uid = $rows['uid']; if ($rows['state'] == 1) { // 开始读取用户列表 $sql = "SELECT * FROM `user_renwu` WHERE `uid` = '{$uid}'"; $res = _select_data($sql); $v = ''; while ($rows = mysql_fetch_array($res)) { if ($rows['state'] == 1) { $state = '完成'; } else { $state = '未完成'; } $v .= $rows['id'] . ' ---- ' . $rows['name'] . ' ---- ' . $rows['time'] . ' ---- ' . $rows['endtime'] . ' ---- ' . $state . "\n"; } $title = "任务序号---任务---开始时间---截止时间---状态"; // $PicUrl = ""; $Description = $v; $Url = "http://wglpt.sinaapp.com/rw/rwxq.php?uid={$uid}"; $resultStr = sprintf($imageTpl, $fromUsername, $toUsername, $time, $title, $Description, $PicUrl, $Url); echo $resultStr; } else { $msgType = "text"; $contentStr = '对不起,你没有权限!'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } } // 用户绑定对应角色 if ($keyword == '管理员登录') { $msgType = "text"; $contentStr = '<a href="http://wglpt.sinaapp.com/login.php">管理页面~</a>'; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; } } else { echo "Input something..."; } } else { echo ""; exit; } }
</head> <body> <?php /** * Created by PhpStorm. * User: Fancy * Date: 15.12.9 * Time: 17:22 */ require_once './sql.php'; if (isset($_POST["submit"])) { $type = $_POST["type"]; $uid = $_POST['uid']; $sql = "UPDATE `user_bangding` SET `type` = '{$type}' WHERE `uid` = '{$uid}'"; $res = _update_data($sql); if ($res == 1) { echo '<script> location.replace("./admin.php"); </script>'; } else { echo "修改" . $uid . "失败<br/>请重新修改~"; } exit; } $getuid = $_GET['uid']; $sql = "SELECT * FROM `user_bangding` WHERE `uid` = '{$getuid}'"; $res = _select_data($sql); $rows = mysql_fetch_array($res); ?> <div class="container"> <form action="http://wglpt.sinaapp.com/adminEdit.php" method="post">
public function responseMsg() { //get post data, May be due to the different environments $postStr = $GLOBALS["HTTP_RAW_POST_DATA"]; //extract post data if (!empty($postStr)) { $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA); $fromUsername = $postObj->FromUserName; $toUsername = $postObj->ToUserName; $keyword = trim($postObj->Content); $time = time(); $event = $postObj->Event; $textTpl = "<xml>\n <ToUserName><![CDATA[%s]]></ToUserName>\n <FromUserName><![CDATA[%s]]></FromUserName>\n <CreateTime>%s</CreateTime>\n <MsgType><![CDATA[text]]></MsgType>\n <Content><![CDATA[%s]]></Content>\n </xml>"; $newsTpl1 = "<xml>\n <ToUserName><![CDATA[%s]]></ToUserName>\n <FromUserName><![CDATA[%s]]></FromUserName>\n <CreateTime>%s</CreateTime>\n <MsgType><![CDATA[news]]></MsgType>\n <ArticleCount>1</ArticleCount>\n <Articles>\n <item>\n <Title><![CDATA[xxx]]></Title>\n <Description><![CDATA[xxx]]></Description>\n <PicUrl><![CDATA[http://xxx/images/fm.jpg]]></PicUrl>\n <Url><![CDATA[http://xxx/index.php?openid=" . $postObj->FromUserName . "]]></Url>\n </item>\n </Articles>\n </xml> "; if (!empty($event)) { $sql = "insert into score (`id`,`fenshu`,`paiming`) VALUES ('{$fromUsername}',1,0)"; _insert_data($sql); $resultStr = sprintf($newsTpl1, $fromUsername, $toUsername, $time); echo $resultStr; } if (empty($user_flag)) { if ($keyword == "xx") { $sql = "SELECT fenshu FROM score WHERE id = '{$fromUsername}'"; $result = _select_data($sql); $n = mysql_fetch_array($result); $q = $n['fenshu']; if ($q == 100) { $sql = "SELECT paiming FROM score WHERE id='{$fromUsername}'"; $result = _select_data($sql); $n = mysql_fetch_array($result); $p = $n['paiming']; //$contentStr=$p; if ($p == 0) { $sql = "SELECT count(id) as shu FROM score WHERE fenshu = '100'"; $result = _select_data($sql); $n = mysql_fetch_array($result); $q = $n['shu']; // $n=mysql_fetch_array($result); //$q = $n['fenshu']; //$contentStr=$q; $contentStr = 'xxx'; $sql = "UPDATE `score` SET `paiming`= '{$q}' where id = '{$fromUsername}'"; _update_data($sql); } else { $contentStr = 'xxx'; } } else { if ($q == 0) { $contentStr = 'xxx'; } else { $contentStr = 'xxx'; } } $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $contentStr); echo $resultStr; } if (!empty($sql)) { _insert_data($sql); } } else { } } else { echo ""; exit; } }