/**
* 过滤请求中的非法字符
*
* @since 1.0.1
*
* @return boolean 请求是否合法。
*/
protected function validate()
{
$keyword = array("'", ";", "union", " ", " ", "%");
$redirect = "";
function is_exist($score, $keyword)
{
foreach ($keyword as $key => $value) {
if (strstr($score, $value)) {
return true;
}
}
return false;
}
$allvars = $_REQUEST;
foreach ($allvars as $key => $value) {
if (is_exist($value, $keyword)) {
echo "<script language=\"javascript\">alert(\"感谢你的测试,如果有漏洞,不妨告诉我,谢谢!\");</script>";
if (empty($redirect)) {
echo "<script language=\"javascript\">history.go(-1);</script>";
} else {
echo "<script language=\"javascript\">window.location=\"" . $redirect . "\";</script>";
}
exit;
}
}
}
/**
* 根据id数组查出列表数据(默认查询用户表) jlf
* param array/string $ids_data: id集,可以是数组或者带逗号的字符串
* param string $out_fields:查询字段
* param string $table: 表名
* param string $name:id名称
* return array $list
*/
public function getListByIds($ids_data, $out_fields = 'uid,username', $table = 'Member', $name = 'uid')
{
if (is_array($ids_data)) {
$ids_data = array_unique($ids_data);
$ids = is_exist($ids_data) ? implode(',', $ids_data) : "''";
} else {
$ids = is_exist($ids_data) ? $ids_data : "''";
}
$andwhere = $name . ' in (' . $ids . ')';
if ($out_fields == '*') {
$list = D($table)->where($andwhere)->select();
} else {
$list = D($table)->where($andwhere)->getField($out_fields);
}
return $list;
}
function follow($connection, $id_user, $sess_usr)
{
if (is_exist($id_user, $connection) === 1 && is_friends($sess_usr, $connection, $id_user) === 0) {
$stmt = $connection->prepare("update users set followed=followed+1 where id=?");
$stmt1 = $connection->prepare("update users set following=following+1 where id=?");
$stmt2 = $connection->prepare("insert into friends(id_user,id_friend) values(?,?)");
$stmt->bind_param("i", $id_user);
$stmt1->bind_param("i", $sess_usr);
$stmt2->bind_param("ii", $sess_usr, $id_user);
$stmt->execute();
$stmt1->execute();
$stmt2->execute();
return 1;
} else {
return 0;
}
}
$stu_maj = trim($_POST['stu_maj']);
$stu_gra = trim($_POST['stu_gra']);
$stu_clas = trim($_POST['stu_clas']);
$stu_clas = $stu_gra . $stu_clas;
$stu_bir = trim($_POST['stu_bir']);
$passport_id = trim($_POST['passport_id']);
$stu_nation = trim($_POST['stu_nation']);
$stu_address1 = trim($_POST['stu_address1']);
$stu_address2 = trim($_POST['stu_address2']);
$contact_way = trim($_POST['contact_way']);
$fri_contact_way = trim($_POST['fri_contact_way']);
$entrydate = trim($_POST['entrydate']);
$gradate = trim($_POST['gradate']);
$nature = trim($_POST['nature']);
$comment = trim($_POST['comment']);
if (is_exist($stu_id) != 0) {
exit('学锟斤拷锟截革拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷');
}
$jud = add_stu_user($stu_id, $stu_pass, $user_name, $en_name, $stu_sex, $stu_sch, $stu_maj, $stu_gra, $stu_clas, $stu_bir, $passport_id, $stu_nation, $stu_address1, $stu_address2, $contact_way, $fri_contact_way, $entrydate, $gradate, $nature, $comment);
if ($jud) {
echo '<script>alert("锟斤拷锟接成癸拷");window.location.href="add_stu.php"</script>';
//echo('<script>alert("'.$stu_clas.'")</script>');
} else {
echo '<script>alert("锟斤拷锟斤拷失锟斤拷");</script>';
}
//$sql="update `user_stu` set ch_name='$user_name', en_name='$en_name', stu_sex='$stu_sex', stu_maj='$stu_maj', stu_gra='$stu_gra', stu_clas='$stu_clas', stu_bir='$stu_bir', passport_id='$passport_id', stu_nation='$stu_nation', stu_address1='$stu_address1', stu_address2='$stu_address2', contact_way='$contact_way', fri_contact_way='$fri_contact_way' where stu_id='201063502140'";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
function get_update_notice($sname, $file_lock, $path, $mail_lock, $remote_git = '', $remote_branch = '')
{
session_name($sname);
session_start();
set_time_limit(300);
ignore_user_abort(true);
$stime = time();
$work = false;
//检测、设置工作标志,存在session里(同一个session_name在一个页面未结束前会保持读写锁状态)
if (empty($_SESSION['working'])) {
$work = true;
}
if (file_exists($file_lock)) {
$last_work_time = filemtime($file_lock);
if ($last_work_time > 0 && time() - $last_work_time < 120) {
//上次更新至今有120秒
echo "检测到正在进行工作中,本页面停止载入,请稍后再次访问。";
return false;
//exit;
}
$work = true;
unlink($file_lock);
} elseif (empty($_SESSION['work_time']) || $stime - $_SESSION['work_time'] > LOCK_TIME) {
//保证 LOCK_TIME 秒内只访问一次
$work = true;
}
if ($work && !file_exists($file_lock)) {
$_SESSION['working'] = true;
$_SESSION['work_time'] = $stime;
file_put_contents($file_lock, $stime);
} else {
echo "距离上次获取请求时间间隔多短,请稍后再次访问。";
return false;
//exit;
}
echo date("Y-m-d H:i:s") . " 准备中...<br>";
mk_dir($path);
if (IS_WIN) {
Git::windows_mode();
}
if (!file_exists($path . '.git')) {
echo date("Y-m-d H:i:s") . " 没有git库,尝试创建...<br>";
if ($remote_git) {
//是否设置了远程仓库
echo "尝试从远程仓库克隆数据...<br>";
$ret = Git::clone_remote($path, $remote_git, $remote_branch);
//从远程仓库clone(可指定分支)
if (!Git::is_repo($ret) || !file_exists($path . '.git') || !$ret) {
echo "从远程仓库克隆失败,本地创建...<br>";
$ret = Git::create($path);
//如果clone失败,则本地创建
}
} else {
$ret = Git::create($path);
}
//直接本地创建
echo date("Y-m-d H:i:s") . " 创建结果:" . (Git::is_repo($ret) ? '成功' : '失败') . "<br>";
}
mk_dir($path . 'mp/');
mk_dir($path . 'qy/');
$files = ls_file($path);
foreach ($files as $file) {
if (!is_dir($path . $file)) {
unlink($path . $file);
}
}
$count = 0;
$ccount = 0;
$ret_mp = get_mp_notice();
if ($ret_mp) {
write($path . 'mp_notice.txt', json($ret_mp));
$count++;
}
$ret_qy = get_qy_notice();
if ($ret_qy) {
write($path . 'qy_notice.txt', json($ret_qy));
$count++;
}
$repo = Git::open($path);
if ($count < 2) {
echo "由于公告页面可能读取失败,等待下次检测。<br>";
$repo->checkout(".");
//撤销所有修改
$_SESSION['work_time'] = $stime - LOCK_TIME;
//取消检查时间,让检测可在稍后再次发起
unlink($file_lock);
return false;
}
session_write_close();
//解除session,防止使其他访问页面一直等待session
echo date("Y-m-d H:i:s") . " 读取公告列表完毕,开始读取公告内容页...<br>";
$cover_count = 0;
if ($ret_mp) {
//写出mp平台公告
foreach ($ret_mp as $arr) {
$date = strpos($arr['date'], '-') ? $arr['date'] : date('Y-m-d', $arr['date']);
$file = $date . '#' . $arr['title'] . '.html';
$file = $path . 'mp/' . preg_replace('/[\\/\\|*?\\\\:<>]/i', '_', $file);
$file_exist = is_exist($file);
if ($file_exist) {
$cover_count++;
}
if (!$file_exist || $cover_count <= 3) {
//只抓取未记录的公告 或已有记录的前3个
$ret = http_get($arr['url']);
$search = '/window\\.wxCgi[^=]+=[^{]+{([^}]*)}/s';
preg_match($search, $ret, $strarr);
$ret = isset($strarr[1]) ? $strarr[1] : '';
$str_start = stripos($ret, 'content:');
if ($str_start) {
$str_start += 9;
$str_end = stripos($ret, 'author:');
if ($str_end) {
$str_end -= 9;
$str = substr($ret, $str_start, stripos($ret, '",', $str_start) - $str_start);
if (!empty($str)) {
htmlDecode($str);
write($file, '<h3 class="announcement_title" style="text-align: center;">' . $arr['title'] . ' # ' . $date . '</h3><div id="content">' . $str . '</div>');
$ccount++;
}
}
}
}
}
}
$cover_count = 0;
if ($ret_qy) {
//写出qy平台公告
foreach ($ret_qy as $arr) {
$file = strpos($arr['date'], '-') ? $arr['date'] : date('Y-m-d', $arr['date']);
$file .= '#' . $arr['title'] . '.html';
$file = $path . 'qy/' . preg_replace('/[\\/\\|*?\\\\:<>]/i', '_', $file);
$file_exist = is_exist($file);
if ($file_exist) {
$cover_count++;
}
if (!$file_exist || $cover_count <= 3) {
//只抓取未记录的公告 或已有记录的前3个
$ret = http_get($arr['url']);
if ($ret) {
write($file, $ret);
$ccount++;
}
}
}
}
echo date("Y-m-d H:i:s") . " 读取页面" . $count . "个,抓取公告" . $ccount . "篇<br>";
$ret = $repo->status(true);
$no_commit = preg_match('/nothing to commit, working directory clean/', $ret);
if ($no_commit) {
echo " 未检测到更新,共计用时:" . (time() - $stime) . "秒<br>";
} else {
echo "待更新内容:<hr>" . $ret . "<hr>";
$ret0 = $repo->add();
$repo->run('config --global user.email "' . GIT_EMAIL . '"');
//git config --global user.email "*****@*****.**"
$repo->run('config --global user.name "' . GIT_NAME . '"');
//git config --global user.name "Your Name"
$repo->run('config --global core.quotepath false');
//配置git显示中文不转码
$ret = $repo->commit('check time: ' . date("Y-m-d H:i:s"));
echo time() . " 已进行git提交,共计用时:" . (time() - $stime) . "秒<br><br>";
if ($remote_git) {
$branch = $repo->active_branch();
echo "检测到远程仓库参数,提交到远程仓库...<br>";
$repo->run("remote add {$stime} " . $remote_git);
//添加远程仓库
$repo->run("push -f {$stime} {$branch}:" . (empty($remote_branch) ? 'master' : "{$remote_branch}"));
//强制覆盖远程仓库(可指定分支)
$repo->run("remote remove {$stime}");
//删除远程仓库
}
echo "提交git日志内容如下:<hr>" . nl2br(htmlspecialchars($ret));
$ret2 = $repo->run('log --stat -p -1');
$ret2 = nl2br(htmlspecialchars(substr($ret2, 0, stripos($ret2, "\ndiff --git"))));
echo "<hr>其他日志:<br>" . nl2br(htmlspecialchars($ret0)) . $ret2;
if (!stripos($ret2, '_notice.txt') && $ccount > 0) {
//如果公告列表没有更新,则认为没有更新公告。避免公告内容页不紧要的排版更新。
$no_commit = true;
}
unlink($mail_lock);
}
unlink($file_lock);
return !$no_commit;
}
