//修改资料
if (@$_GET['action'] == 'modify') {
//为防止恶意注册,跨站攻击
if ($system['code'] == 1) {
check_code($_POST['code'], $_SESSION['code']);
}
if (!!($rows = fetch_array("SELECT bbs_uniqid FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) {
//为了防止cookie伪造,要比对一下唯一标识符uniqid
uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']);
//引入验证文件
include ROOT_PATH . 'includes/check.func.php';
//创建空数组,用来存放提交的合法数据
$clean = array();
$clean['password'] = check_modify_password($_POST['password'], 6);
$clean['sex'] = check_sex($_POST['sex']);
$clean['photo'] = check_photo($_POST['photo']);
$clean['email'] = check_email($_POST['email'], 6, 40);
$clean['qq'] = check_qq($_POST['qq']);
$clean['url'] = check_url($_POST['url'], 40);
$clean['switch'] = $_POST['switch'];
$clean['signature'] = check_signature($_POST['signature'], 200);
//修改资料
if (empty($clean['password'])) {
query("UPDATE bbs_users SET \n bbs_sex='{$clean['sex']}',\n bbs_photo='{$clean['photo']}',\n bbs_email='{$clean['email']}',\n bbs_qq='{$clean['qq']}',\n bbs_url='{$clean['url']}',\n bbs_switch='{$clean['switch']}',\n bbs_signature='{$clean['signature']}'\n WHERE\n bbs_username='******'username']}'\n ");
} else {
query("UPDATE bbs_users SET \n bbs_password='******'password']}',\n bbs_sex='{$clean['sex']}',\n bbs_photo='{$clean['photo']}',\n bbs_email='{$clean['email']}',\n bbs_qq='{$clean['qq']}',\n bbs_url='{$clean['url']}',\n bbs_switch='{$clean['switch']}',\n bbs_signature='{$clean['signature']}'\n WHERE\n bbs_username='******'username']}'\n ");
}
//可以生成新的唯一标识符,这样更安全
}
//判断是否修改成功
//当什么都是不修改时,影响条数为0
exit;
}
//note 判断是否有权限
if (!checkGroup('check', $h)) {
// salert('您没有此审核操作的权限');exit;
}
//note Control Case:
switch ($h) {
//note 站内信
case 'letter':
check_letter();
break;
//note 形象照
//note 形象照
case 'photo':
check_photo();
break;
//note 内心独白
//note 内心独白
case 'monolog':
check_monolog();
break;
//note 相传图片
//note 相传图片
case 'image':
check_image();
break;
//note 毕业院校
//note 毕业院校
case 'school':
check_school();
