private static function setInfo($name, $value) { try { $safeName = ensureString($name, 11); $safeValue = ensureString($value, 50); } catch (Exception $e) { throw new Exception('写入应用信息:$name -> $value 时出错:' . $e->getMessage()); return null; } $cacheKey = 'app_' . $safeName; setCache($cacheKey, $safeValue); $result = runSql("update wa_app set `value` = '{$safeValue}' where `name` = 'app_{$safeName}' limit 1"); if (!$result) { throw new Exception('设置应用信息:' . $name . ' -> ' . $value . '时出错。'); } return $result; }
public static function CreateComment($creator, $post, $content, $replyto) { try { $safeCreator = ensureInt($creator, 10); $safePost = ensureInt($post, 10); $safeContent = '\'' . ensureString($content, 1000) . '\''; $safeReplyto = '\'' . ensureString($replyto, 10, false, true) . '\''; } catch (Exception $e) { throw new Exception('创建回复时出错:' . $e->getMessage()); return null; } $sql = "insert into wa_comment (`comment_creator`, `comment_post`, `comment_content`, `comment_replyto`) values ({$safeCreator}, {$safePost}, {$safeContent}, {$safeReplyto});"; $result = runSql($sql); if (!$result) { throw new Exception('创建回复时出错。'); return null; } $cacheKey = 'postcomment_' . $safePost; $cache = setCache($cacheKey, null); $ret = lastId(); return $ret; }
public static function SetPostInfo($id, $wall, $title, $content) { try { $safeId = ensureInt($id, 10); $safeWall = ensureInt($wall, 10); $safeTitle = '\'' . ensureString($title, 100) . '\''; $safeContent = '\'' . ensureString($content, 10000) . '\''; } catch (Exception $e) { throw new Exception('设置墙贴信息失败:' . $e->getMessage()); return null; } $sql = "update wa_post set `post_wall` = {$safeWall}, `post_title` = {$safeTitle}, `post_content` = {$safeContent} where `post_id` = {$safeId} limit 1"; $ret = runSql($sql); if (!$ret) { throw new Exception('设置墙贴信息失败。'); return false; } $postInfo = self::GetPostInfo($safeId); $cacheKey = 'postinfo_' . $safeId; setCache($cacheKey, ''); return $ret; }
public static function CreateMsg($sender, $receiver, $content, $sysmsg = false) { try { $safeSender = ensureInt($sender, 10); $safeReceiver = ensureInt($receiver, 10); $safeContent = '\'' . ensureString($content, 1000) . '\''; } catch (Exception $e) { throw new Exception('创建消息失败:' . $e->getMessage()); return null; } if (!$sysmsg) { WaDialog::CreateDialog($safeSender, $safeReceiver); } WaDialog::CreateDialog($safeReceiver, $safeSender); $msgSql = "insert into wa_msg (`msg_sender`, `msg_receiver`, `msg_content`) values ({$safeSender}, {$safeReceiver}, {$safeContent})"; $result = runSql($msgSql); if (!$result) { throw new Exception('创建消息失败。'); return null; } $lastId = lastId(); $cacheKey = "userunreadmsg_{$safeReceiver}"; $cache = getCache($cacheKey); if ($cache) { array_unshift($cache, array('msg_id' => $lastId)); setCache($cacheKey, $cache); } /*$cacheKey = "usermsg_$safeReceiver"; $cache =getCache($cacheKey); if ($cache) { array_unshift($cache, array('msg_id' => $lastId)); setCache($cacheKey, $cache); } $cacheKey = 'userunreadmsg_' . $safeReceiver;*/ $cacheKey = "usermsg_{$safeSender_}{$safeReceiver}"; $cache = getCache($cacheKey); if ($cache) { array_unshift($cache, array('msg_id' => $lastId)); setCache($cacheKey, $cache); } $cacheKey = "usermsg_{$safeReceiver_}{$safeSender}"; $cache = getCache($cacheKey); if ($cache) { array_unshift($cache, array('msg_id' => $lastId)); setCache($cacheKey, $cache); } return $lastId; }
public static function SetWallInfo($id, $info) { $safeInfo = array(); try { $safeId = ensureInt($id, 10); $safeInfo['wall_creator'] = ensureInt($info['wall_creator'], 10); $safeInfo['wall_name'] = '\'' . ensureString($info['wall_name'], 30) . '\''; $safeInfo['wall_type'] = ensureInt($info['wall_type'], 3); $safeInfo['wall_desc'] = '\'' . ensureString($info['wall_desc'], 300) . '\''; $safeInfo['wall_access'] = ensureInt($info['wall_access'], 2); if ($info['wall_joinkey'] != null) { $safeInfo['wall_joinkey'] = '\'' . ensureString($info['wall_joinkey'], 40) . '\''; } if ($info['wall_bgtype'] != null) { $safeInfo['wall_bgtype'] = ensureInt($info['wall_bgtype'], 1); } $safeInfo['wall_usercount'] = ensureInt($info['wall_usercount'], 10); } catch (Exception $e) { throw new Exception('设置墙信息失败:' . $e->getMessage()); return false; } $sql = 'update wa_wall set'; while (list($key, $value) = each($safeInfo)) { $sql .= " `{$key}` = {$value},"; } $sql = trim($sql, ','); $sql .= ' where wall_id = ' . $safeId . ' limit 1;'; $ret = runSql($sql); if ($ret) { $cacheKey = 'wallinfo_' . $safeId; setCache($cacheKey, null); } return $ret; }
function ensureArray($unsafeArray, $keyLen = -1, $valueLen = -1) { $ret = array(); reset($unsafeArray); while (list($key, $value) = each($unsafeArray)) { //if (strlen($key) >$keyLen) continue; //if (is_string($value) && strlen($value) > $valueLen) continue; $safeKey = ensureString($key, $keyLen); $safeValue = ensureString($value, $valueLen); $ret[$safeKey] = $safeValue; } return $ret; }
define('GROUP_LENGTH', 30); define('OS_LENGTH', 20); define('VV_VERSION_LENGTH', 30); define('COUNTRY_LENGTH', 30); define('ARCHITECTURE_LENGTH', 10); define('ADRESSING_LENGTH', 10); define('COMPILATION_DATE_LENGTH', 30); function ensureString($var, $length) { $var = str_replace("\n", '', $var); $var = str_replace(TOKEN_CSV, '', $var); return substr($var, 0, $length); } function writeLine($file, $data) { fwrite($file, implode(TOKEN_CSV, $data) . ENTRY_SEPARATOR); } $data['name'] = ensureString($_GET['name'], NAME_LENGTH); $data['lastname'] = ensureString($_GET['lastName'], NAME_LENGTH); $data['email'] = ensureString($_GET['email'], EMAIL_LENGTH); $data['group'] = ensureString($_GET['group'], GROUP_LENGTH); $data['ip'] = $_SERVER['REMOTE_ADDR']; $data['os'] = ensureString($_GET['os'], OS_LENGTH); $data['vvVersion'] = ensureString($_GET['vvVersion'], VV_VERSION_LENGTH); $data['time'] = date("F j, Y, g:i a"); $data['geoloc'] = ensureString(file_get_contents('http://api.hostip.info/country.php?ip=' . $_SERVER['REMOTE_ADDR']), COUNTRY_LENGTH); $data['architecture'] = ensureString($_GET['architecture'], ARCHITECTURE_LENGTH); $data['adressing'] = ensureString($_GET['adressing'], ADRESSING_LENGTH); $data['compilationDate'] = ensureString($_GET['compilationDate'], COMPILATION_DATE_LENGTH); writeLine($file, $data); fclose();
public static function SetUserProfile($id, $profile) { $safeProfile = array(); try { $safeId = ensureInt($id, 10); $safeProfile['user_gender'] = ensureInt($profile['user_gender'], 1); $safeProfile['user_birth'] = '\'' . ensureDate($profile['user_birth'], true) . '\''; $safeProfile['user_desc'] = '\'' . ensureString($profile['user_desc'], 100, false, true) . '\''; $safeProfile['user_address'] = '\'' . ensureString($profile['user_address'], 40, false, true) . '\''; } catch (Exception $e) { throw new Exception('设置用户资料出错:' . $e->getMessage() . implode(';', $profile)); return false; } $sql = 'update wa_userprofile set'; while (list($key, $value) = each($safeProfile)) { $sql .= " `{$key}` = {$value},"; } $sql = trim($sql, ','); $sql .= ' where user_id = ' . $safeId . ';'; $ret = runSql($sql); if ($ret) { $cacheKey = 'userprofile_' . $safeId; setCache($cacheKey, null); } return $ret; }