// 扣钱成功,写task表 $sql = "insert into task (owner_id, publisher_id, type, base_price, amount, status, create_at, expire_in) values('{$_SESSION['uid']}', '{$_SESSION['uid']}', 1, '{$db_base_price}', '{$amount}', 1, now(), '{$expire_in_sec}')"; $num = $dbo->exeUpdate($sql); if (1 != $num) { // 写数据表失败,回滚金钱数据 $sql2 = "update user set realtime_money=realtime_money + {$db_total_price} where user_id = '{$_SESSION['uid']}' limit 1"; $num2 = $dbo->exeUpdate($sql2); if (1 != $num2) { $msg = "回滚金钱数据失败,这个比较糟糕。SQL:" . $sql2; debug($msg, __FILE__, __LINE__); } $msg = '数据库task表插入出错,SQL:' . $sql; debug($msg, __FILE__, __LINE__); } $last_task_id = $dbo->lastInsertId(); $text = $dbo->real_escape_string($status['text']); $screen_name = $dbo->real_escape_string($status['user']['screen_name']); $location = $dbo->real_escape_string($status['user']['location']); $description = $dbo->real_escape_string($status['user']['description']); $sql = "insert into task_info_sina_repost values(NULL, '{$last_task_id}', '{$_SESSION['sid']}', '{$wid}', '{$text}', '{$screen_name}', '{$location}', '{$description}', '{$status['user']['profile_image_url']}', '{$status['thumbnail_pic_url']}', '{$status['bmiddle_pic_url']}', '{$status['original_pic_url']}')"; $num = $dbo->exeUpdate($sql); if (1 != $num) { $msg = '数据库插入数据出错。SQL:' . $sql; debug($msg, __FILE__, __LINE__); // 回滚金钱数据和task表数据 $sql1 = "delete from task where task_id = '{$last_task_id}' limit 1"; $num1 = $dbo->exeUpdate($sql1); $sql2 = "update user set realtime_money = realtime_money + {$db_total_price} where user_id = '{$_SESSION['uid']}' limit 1"; $num2 = $dbo->exeUpdate($sql2); if (1 != $num1) { $msg = "回滚金钱数据失败,这个比较糟糕。SQL:" . $sql1;
echo '对不起,该注册链接已经失效。<a href="' . $siteRoot . 'pre_reg.php">点此重新获取</a>注册链接,或<a href="' . $siteRoot . 'index.php">点此登录</a>。'; $dbo->close(); exit; } } else { // 没有带token和email header('Location:' . $siteRoot . 'pre_reg.php'); $dbo->close(); exit; } // token和email有效 if (isset($_POST['submitted'])) { // 当前页面已提交,现在处理提交的数据 $dbo = new dbex($dbServs); $err_msg = array(); $e = $dbo->real_escape_string($email); $n = trim($_POST['name']); if (check_nickname_fail($n)) { $err_msg[] = "请填写符合规定的用户昵称"; } else { if ($dbo->checkExist($n, 'nick_name')) { $err_msg[] = "这个昵称太热门,已经被使用了,您换一个试试"; } } $n = $dbo->real_escape_string($n); $p1 = trim($_POST['pass1']); $p2 = trim($_POST['pass2']); if (check_password_fail($p1)) { $err_msg[] = "请设置符合规定的密码"; } else { if ($p1 !== $p2) {
header('Location:' . $siteRoot . 'my.php'); exit; } // 尚未登录,进行登录 if (isset($_POST['submitted']) && isset($_POST['email']) && isset($_POST['pass'])) { $e = trim($_POST['email']); $p = trim($_POST['pass']); if (check_email_fail($e) || check_password_fail($p)) { // 邮箱或密码格式不对 header('Location:' . $siteRoot . 'index.php?login_error=wrong_format'); exit; } include_once $webRoot . "lib/dbo.class.php"; include_once $dbConfFile; $dbo = new dbex($dbServs); $e = $dbo->real_escape_string($e); $ency_p = md5($p); $sql = "select user_id, nick_name, role, level, realtime_money from user where email = '{$e}' and pass = sha1('{$ency_p}') limit 1"; $res = $dbo->query($sql); if (1 != $res->num_rows) { // 邮箱与密码不匹配 header('Location:' . $siteRoot . 'index.php?login_error=mismatch'); exit; } // 登录成功 $row = $res->fetch_array(); $_SESSION['uid'] = $row['user_id']; $_SESSION['name'] = $row['nick_name']; $_SESSION['role'] = user_role_switch($row['role'], false); // from num to string $_SESSION['level'] = $row['level'];