function responseMsg()
{
//get post data, May be due to the different environments
//$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
$postStr = file_get_contents("php://input");
log_file("postStr:" . $postStr);
//extract post data
if (!empty($postStr)) {
/* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,
the best way is to check the validity of xml by yourself */
libxml_disable_entity_loader(true);
$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
//
$msgType = trim($postObj->MsgType);
log_file("msgType:{$msgType}");
switch ($msgType) {
case "text":
$resultStr = handleText($postObj);
break;
case "event":
$resultStr = handleEvent($postObj);
break;
case "video":
$resultStr = handleVideo($postObj);
break;
case "voice":
$resultStr = handleVoice($postObj);
break;
case "image":
$resultStr = handleImage($postObj);
break;
default:
$resultStr = response_text($postObj, "");
break;
}
echo $resultStr;
} else {
echo "";
exit;
}
}
function responseMsg()
{
$postStr = file_get_contents("php://input");
log_file("postStr:" . $postStr);
if (!empty($postStr)) {
libxml_disable_entity_loader(true);
$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
//
$msgType = trim($postObj->MsgType);
log_file("msgType:{$msgType}");
switch ($msgType) {
case "text":
$resultStr = handleText($postObj);
break;
case "event":
$resultStr = handleEvent($postObj);
break;
case "video":
$resultStr = handleVideo($postObj);
break;
case "voice":
$resultStr = handleVoice($postObj);
break;
case "image":
$resultStr = handleImage($postObj);
break;
default:
$resultStr = response_text($postObj, "");
break;
}
echo $resultStr;
} else {
echo "";
exit;
}
}
<?php
require_once 'header.php';
if (!$loggedin) {
die;
}
$text = handleText($conn, $user);
handleImage($user);
showAvatar($user);
echo <<<_END
<form method='post' action='editProfile.php' enctype='multipart/form-data'>
<h3>Enter or edit your details and/or upload an image</h3>
<textarea name='text' cols='50' rows='3'>{$text}</textarea><br>
Image: <input type='file' name='image' size='14'>
<input type='submit' value='Save Profile'>
_END;
//********Functions*************
function handleText($conn, $user)
{
$query = "SELECT * FROM profiles WHERE user='******'";
$result = queryMysql($conn, $query);
if (isset($_POST['text'])) {
$text = $_POST['text'];
$text = $conn->real_escape_string($text);
if ($result->num_rows) {
$query = "UPDATE profiles SET text='{$text}' WHERE user='******'";
} else {
$query = "INSERT INTO profiles VALUES('{$user}', '{$text}')";
}
queryMysql($conn, $query);
} else {
