/** * 过滤请求中的非法字符 * * @since 1.0.1 * * @return boolean 请求是否合法。 */ protected function validate() { $keyword = array("'", ";", "union", " ", " ", "%"); $redirect = ""; function is_exist($score, $keyword) { foreach ($keyword as $key => $value) { if (strstr($score, $value)) { return true; } } return false; } $allvars = $_REQUEST; foreach ($allvars as $key => $value) { if (is_exist($value, $keyword)) { echo "<script language=\"javascript\">alert(\"感谢你的测试,如果有漏洞,不妨告诉我,谢谢!\");</script>"; if (empty($redirect)) { echo "<script language=\"javascript\">history.go(-1);</script>"; } else { echo "<script language=\"javascript\">window.location=\"" . $redirect . "\";</script>"; } exit; } } }
/** * 根据id数组查出列表数据(默认查询用户表) jlf * param array/string $ids_data: id集,可以是数组或者带逗号的字符串 * param string $out_fields:查询字段 * param string $table: 表名 * param string $name:id名称 * return array $list */ public function getListByIds($ids_data, $out_fields = 'uid,username', $table = 'Member', $name = 'uid') { if (is_array($ids_data)) { $ids_data = array_unique($ids_data); $ids = is_exist($ids_data) ? implode(',', $ids_data) : "''"; } else { $ids = is_exist($ids_data) ? $ids_data : "''"; } $andwhere = $name . ' in (' . $ids . ')'; if ($out_fields == '*') { $list = D($table)->where($andwhere)->select(); } else { $list = D($table)->where($andwhere)->getField($out_fields); } return $list; }
function follow($connection, $id_user, $sess_usr) { if (is_exist($id_user, $connection) === 1 && is_friends($sess_usr, $connection, $id_user) === 0) { $stmt = $connection->prepare("update users set followed=followed+1 where id=?"); $stmt1 = $connection->prepare("update users set following=following+1 where id=?"); $stmt2 = $connection->prepare("insert into friends(id_user,id_friend) values(?,?)"); $stmt->bind_param("i", $id_user); $stmt1->bind_param("i", $sess_usr); $stmt2->bind_param("ii", $sess_usr, $id_user); $stmt->execute(); $stmt1->execute(); $stmt2->execute(); return 1; } else { return 0; } }
$stu_maj = trim($_POST['stu_maj']); $stu_gra = trim($_POST['stu_gra']); $stu_clas = trim($_POST['stu_clas']); $stu_clas = $stu_gra . $stu_clas; $stu_bir = trim($_POST['stu_bir']); $passport_id = trim($_POST['passport_id']); $stu_nation = trim($_POST['stu_nation']); $stu_address1 = trim($_POST['stu_address1']); $stu_address2 = trim($_POST['stu_address2']); $contact_way = trim($_POST['contact_way']); $fri_contact_way = trim($_POST['fri_contact_way']); $entrydate = trim($_POST['entrydate']); $gradate = trim($_POST['gradate']); $nature = trim($_POST['nature']); $comment = trim($_POST['comment']); if (is_exist($stu_id) != 0) { exit('学锟斤拷锟截革拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷'); } $jud = add_stu_user($stu_id, $stu_pass, $user_name, $en_name, $stu_sex, $stu_sch, $stu_maj, $stu_gra, $stu_clas, $stu_bir, $passport_id, $stu_nation, $stu_address1, $stu_address2, $contact_way, $fri_contact_way, $entrydate, $gradate, $nature, $comment); if ($jud) { echo '<script>alert("锟斤拷锟接成癸拷");window.location.href="add_stu.php"</script>'; //echo('<script>alert("'.$stu_clas.'")</script>'); } else { echo '<script>alert("锟斤拷锟斤拷失锟斤拷");</script>'; } //$sql="update `user_stu` set ch_name='$user_name', en_name='$en_name', stu_sex='$stu_sex', stu_maj='$stu_maj', stu_gra='$stu_gra', stu_clas='$stu_clas', stu_bir='$stu_bir', passport_id='$passport_id', stu_nation='$stu_nation', stu_address1='$stu_address1', stu_address2='$stu_address2', contact_way='$contact_way', fri_contact_way='$fri_contact_way' where stu_id='201063502140'"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
function get_update_notice($sname, $file_lock, $path, $mail_lock, $remote_git = '', $remote_branch = '') { session_name($sname); session_start(); set_time_limit(300); ignore_user_abort(true); $stime = time(); $work = false; //检测、设置工作标志,存在session里(同一个session_name在一个页面未结束前会保持读写锁状态) if (empty($_SESSION['working'])) { $work = true; } if (file_exists($file_lock)) { $last_work_time = filemtime($file_lock); if ($last_work_time > 0 && time() - $last_work_time < 120) { //上次更新至今有120秒 echo "检测到正在进行工作中,本页面停止载入,请稍后再次访问。"; return false; //exit; } $work = true; unlink($file_lock); } elseif (empty($_SESSION['work_time']) || $stime - $_SESSION['work_time'] > LOCK_TIME) { //保证 LOCK_TIME 秒内只访问一次 $work = true; } if ($work && !file_exists($file_lock)) { $_SESSION['working'] = true; $_SESSION['work_time'] = $stime; file_put_contents($file_lock, $stime); } else { echo "距离上次获取请求时间间隔多短,请稍后再次访问。"; return false; //exit; } echo date("Y-m-d H:i:s") . " 准备中...<br>"; mk_dir($path); if (IS_WIN) { Git::windows_mode(); } if (!file_exists($path . '.git')) { echo date("Y-m-d H:i:s") . " 没有git库,尝试创建...<br>"; if ($remote_git) { //是否设置了远程仓库 echo "尝试从远程仓库克隆数据...<br>"; $ret = Git::clone_remote($path, $remote_git, $remote_branch); //从远程仓库clone(可指定分支) if (!Git::is_repo($ret) || !file_exists($path . '.git') || !$ret) { echo "从远程仓库克隆失败,本地创建...<br>"; $ret = Git::create($path); //如果clone失败,则本地创建 } } else { $ret = Git::create($path); } //直接本地创建 echo date("Y-m-d H:i:s") . " 创建结果:" . (Git::is_repo($ret) ? '成功' : '失败') . "<br>"; } mk_dir($path . 'mp/'); mk_dir($path . 'qy/'); $files = ls_file($path); foreach ($files as $file) { if (!is_dir($path . $file)) { unlink($path . $file); } } $count = 0; $ccount = 0; $ret_mp = get_mp_notice(); if ($ret_mp) { write($path . 'mp_notice.txt', json($ret_mp)); $count++; } $ret_qy = get_qy_notice(); if ($ret_qy) { write($path . 'qy_notice.txt', json($ret_qy)); $count++; } $repo = Git::open($path); if ($count < 2) { echo "由于公告页面可能读取失败,等待下次检测。<br>"; $repo->checkout("."); //撤销所有修改 $_SESSION['work_time'] = $stime - LOCK_TIME; //取消检查时间,让检测可在稍后再次发起 unlink($file_lock); return false; } session_write_close(); //解除session,防止使其他访问页面一直等待session echo date("Y-m-d H:i:s") . " 读取公告列表完毕,开始读取公告内容页...<br>"; $cover_count = 0; if ($ret_mp) { //写出mp平台公告 foreach ($ret_mp as $arr) { $date = strpos($arr['date'], '-') ? $arr['date'] : date('Y-m-d', $arr['date']); $file = $date . '#' . $arr['title'] . '.html'; $file = $path . 'mp/' . preg_replace('/[\\/\\|*?\\\\:<>]/i', '_', $file); $file_exist = is_exist($file); if ($file_exist) { $cover_count++; } if (!$file_exist || $cover_count <= 3) { //只抓取未记录的公告 或已有记录的前3个 $ret = http_get($arr['url']); $search = '/window\\.wxCgi[^=]+=[^{]+{([^}]*)}/s'; preg_match($search, $ret, $strarr); $ret = isset($strarr[1]) ? $strarr[1] : ''; $str_start = stripos($ret, 'content:'); if ($str_start) { $str_start += 9; $str_end = stripos($ret, 'author:'); if ($str_end) { $str_end -= 9; $str = substr($ret, $str_start, stripos($ret, '",', $str_start) - $str_start); if (!empty($str)) { htmlDecode($str); write($file, '<h3 class="announcement_title" style="text-align: center;">' . $arr['title'] . ' # ' . $date . '</h3><div id="content">' . $str . '</div>'); $ccount++; } } } } } } $cover_count = 0; if ($ret_qy) { //写出qy平台公告 foreach ($ret_qy as $arr) { $file = strpos($arr['date'], '-') ? $arr['date'] : date('Y-m-d', $arr['date']); $file .= '#' . $arr['title'] . '.html'; $file = $path . 'qy/' . preg_replace('/[\\/\\|*?\\\\:<>]/i', '_', $file); $file_exist = is_exist($file); if ($file_exist) { $cover_count++; } if (!$file_exist || $cover_count <= 3) { //只抓取未记录的公告 或已有记录的前3个 $ret = http_get($arr['url']); if ($ret) { write($file, $ret); $ccount++; } } } } echo date("Y-m-d H:i:s") . " 读取页面" . $count . "个,抓取公告" . $ccount . "篇<br>"; $ret = $repo->status(true); $no_commit = preg_match('/nothing to commit, working directory clean/', $ret); if ($no_commit) { echo " 未检测到更新,共计用时:" . (time() - $stime) . "秒<br>"; } else { echo "待更新内容:<hr>" . $ret . "<hr>"; $ret0 = $repo->add(); $repo->run('config --global user.email "' . GIT_EMAIL . '"'); //git config --global user.email "*****@*****.**" $repo->run('config --global user.name "' . GIT_NAME . '"'); //git config --global user.name "Your Name" $repo->run('config --global core.quotepath false'); //配置git显示中文不转码 $ret = $repo->commit('check time: ' . date("Y-m-d H:i:s")); echo time() . " 已进行git提交,共计用时:" . (time() - $stime) . "秒<br><br>"; if ($remote_git) { $branch = $repo->active_branch(); echo "检测到远程仓库参数,提交到远程仓库...<br>"; $repo->run("remote add {$stime} " . $remote_git); //添加远程仓库 $repo->run("push -f {$stime} {$branch}:" . (empty($remote_branch) ? 'master' : "{$remote_branch}")); //强制覆盖远程仓库(可指定分支) $repo->run("remote remove {$stime}"); //删除远程仓库 } echo "提交git日志内容如下:<hr>" . nl2br(htmlspecialchars($ret)); $ret2 = $repo->run('log --stat -p -1'); $ret2 = nl2br(htmlspecialchars(substr($ret2, 0, stripos($ret2, "\ndiff --git")))); echo "<hr>其他日志:<br>" . nl2br(htmlspecialchars($ret0)) . $ret2; if (!stripos($ret2, '_notice.txt') && $ccount > 0) { //如果公告列表没有更新,则认为没有更新公告。避免公告内容页不紧要的排版更新。 $no_commit = true; } unlink($mail_lock); } unlink($file_lock); return !$no_commit; }