// 扣钱成功,写task表
$sql = "insert into task (owner_id, publisher_id, type, base_price, amount, status, create_at, expire_in) values('{$_SESSION['uid']}', '{$_SESSION['uid']}', 1, '{$db_base_price}', '{$amount}', 1, now(), '{$expire_in_sec}')";
$num = $dbo->exeUpdate($sql);
if (1 != $num) {
// 写数据表失败,回滚金钱数据
$sql2 = "update user set realtime_money=realtime_money + {$db_total_price} where user_id = '{$_SESSION['uid']}' limit 1";
$num2 = $dbo->exeUpdate($sql2);
if (1 != $num2) {
$msg = "回滚金钱数据失败,这个比较糟糕。SQL:" . $sql2;
debug($msg, __FILE__, __LINE__);
}
$msg = '数据库task表插入出错,SQL:' . $sql;
debug($msg, __FILE__, __LINE__);
}
$last_task_id = $dbo->lastInsertId();
$text = $dbo->real_escape_string($status['text']);
$screen_name = $dbo->real_escape_string($status['user']['screen_name']);
$location = $dbo->real_escape_string($status['user']['location']);
$description = $dbo->real_escape_string($status['user']['description']);
$sql = "insert into task_info_sina_repost values(NULL, '{$last_task_id}', '{$_SESSION['sid']}', '{$wid}', '{$text}', '{$screen_name}', '{$location}', '{$description}', '{$status['user']['profile_image_url']}', '{$status['thumbnail_pic_url']}', '{$status['bmiddle_pic_url']}', '{$status['original_pic_url']}')";
$num = $dbo->exeUpdate($sql);
if (1 != $num) {
$msg = '数据库插入数据出错。SQL:' . $sql;
debug($msg, __FILE__, __LINE__);
// 回滚金钱数据和task表数据
$sql1 = "delete from task where task_id = '{$last_task_id}' limit 1";
$num1 = $dbo->exeUpdate($sql1);
$sql2 = "update user set realtime_money = realtime_money + {$db_total_price} where user_id = '{$_SESSION['uid']}' limit 1";
$num2 = $dbo->exeUpdate($sql2);
if (1 != $num1) {
$msg = "回滚金钱数据失败,这个比较糟糕。SQL:" . $sql1;
echo '对不起,该注册链接已经失效。<a href="' . $siteRoot . 'pre_reg.php">点此重新获取</a>注册链接,或<a href="' . $siteRoot . 'index.php">点此登录</a>。';
$dbo->close();
exit;
}
} else {
// 没有带token和email
header('Location:' . $siteRoot . 'pre_reg.php');
$dbo->close();
exit;
}
// token和email有效
if (isset($_POST['submitted'])) {
// 当前页面已提交,现在处理提交的数据
$dbo = new dbex($dbServs);
$err_msg = array();
$e = $dbo->real_escape_string($email);
$n = trim($_POST['name']);
if (check_nickname_fail($n)) {
$err_msg[] = "请填写符合规定的用户昵称";
} else {
if ($dbo->checkExist($n, 'nick_name')) {
$err_msg[] = "这个昵称太热门,已经被使用了,您换一个试试";
}
}
$n = $dbo->real_escape_string($n);
$p1 = trim($_POST['pass1']);
$p2 = trim($_POST['pass2']);
if (check_password_fail($p1)) {
$err_msg[] = "请设置符合规定的密码";
} else {
if ($p1 !== $p2) {
header('Location:' . $siteRoot . 'my.php');
exit;
}
// 尚未登录,进行登录
if (isset($_POST['submitted']) && isset($_POST['email']) && isset($_POST['pass'])) {
$e = trim($_POST['email']);
$p = trim($_POST['pass']);
if (check_email_fail($e) || check_password_fail($p)) {
// 邮箱或密码格式不对
header('Location:' . $siteRoot . 'index.php?login_error=wrong_format');
exit;
}
include_once $webRoot . "lib/dbo.class.php";
include_once $dbConfFile;
$dbo = new dbex($dbServs);
$e = $dbo->real_escape_string($e);
$ency_p = md5($p);
$sql = "select user_id, nick_name, role, level, realtime_money from user where email = '{$e}' and pass = sha1('{$ency_p}') limit 1";
$res = $dbo->query($sql);
if (1 != $res->num_rows) {
// 邮箱与密码不匹配
header('Location:' . $siteRoot . 'index.php?login_error=mismatch');
exit;
}
// 登录成功
$row = $res->fetch_array();
$_SESSION['uid'] = $row['user_id'];
$_SESSION['name'] = $row['nick_name'];
$_SESSION['role'] = user_role_switch($row['role'], false);
// from num to string
$_SESSION['level'] = $row['level'];
