<?php
/**************************
sendPost
Input:
content: POST
Output:
'success'
'fail'
**************************/
require "permit.php";
require "conn.php";
$content = req_sec(isset($_POST['content']) ? $_POST['content'] : "");
if ($content == "") {
echo 'fail';
} else {
$query = "INSERT INTO posts(uid, content, sendtime) VALUES('{$my_uid}','{$content}',UNIX_TIMESTAMP(NOW()))";
mysql_query($query);
$rowsnum = mysql_affected_rows();
if ($rowsnum > 0) {
echo 'success';
} else {
echo 'fail';
}
}
<?php
/**************************
setContact
Input:
uid: POST
Output:
'success'
'fail'
**************************/
require "permit.php";
require "conn.php";
$uid = req_sec(isset($_POST['uid']) ? $_POST['uid'] : "");
if ($uid == "") {
echo 'fail';
} else {
$query = "UPDATE `contacts` SET `permit` = '1' WHERE (`uid2` ={$my_uid} AND `uid` ={$uid})OR(`uid` ={$my_uid} AND `uid2` ={$uid})";
mysql_query($query);
$rowsnum = mysql_affected_rows();
if ($rowsnum > 0) {
if ($rowsnum == 1) {
$query = "INSERT INTO contacts(uid,uid2,permit) VALUES('{$my_uid}','{$uid}','1')";
mysql_query($query);
}
echo 'success';
} else {
echo 'fail';
}
}
<?php
/**************************
getPost
Input:
lastupdate: POST
Output:
HTML
**************************/
require "permit.php";
require "conn.php";
$lastupdate = req_sec(isset($_POST['lastupdate']) ? $_POST['lastupdate'] : "0");
$query = "SELECT * FROM posts WHERE ((sendtime+1)*1000)>{$lastupdate} AND deleted='0' AND (uid IN (SELECT uid FROM contacts WHERE uid2={$my_uid} AND permit=1) OR uid={$my_uid}) ORDER BY sendtime DESC";
$res = mysql_query($query);
while ($row = mysql_fetch_array($res)) {
$uid = $row['uid'];
$content = $row['content'];
$dateStr = date('Y年m月d日 H:i:s', $row['sendtime']);
$query = "SELECT * FROM users WHERE uid='{$uid}'";
$res2 = mysql_query($query);
if ($row2 = mysql_fetch_array($res2)) {
$nickname = $row2['nickname'];
?>
<div class="moments-item">
<img src="style/images/avatar.jpg" class="avatar" border="0" />
<p class="nickname"><?php
echo $nickname;
?>
</p>
'usr': POST, username
'psw': POST, password
Output:
'success'
'password'
'username'
**************************/
session_start();
if (isset($_SESSION['username'])) {
echo 'Unauthorized Access';
exit;
}
require "conn.php";
$usr = req_sec(isset($_POST['usr']) ? $_POST['usr'] : "");
$psw = req_sec(isset($_POST['psw']) ? $_POST['psw'] : "");
if ($usr != "" && $psw != "") {
$query = "SELECT * FROM users WHERE username='******'";
$res = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($res);
if ($row) {
$password = $row['password'];
if ($psw === $password) {
$_SESSION['username'] = $usr;
$_SESSION['uid'] = $row['uid'];
$_SESSION['nickname'] = $row['nickname'];
setcookie(session_name(), session_id(), time() + 18000, '/');
echo 'success';
} else {
echo 'password';
}
/**************************
sendFriend
Input:
usr2: POST
Output:
'notfound'
'duplicate'
'success'
'fail'
**************************/
require "permit.php";
require "conn.php";
$usr2 = req_sec(isset($_POST['username']) ? $_POST['username'] : "");
if ($usr2 == "" || $usr2 === $my_usr) {
echo 'fail';
} else {
$query = "SELECT username,uid FROM users WHERE username='******'";
$res = mysql_query($query);
$row = mysql_fetch_array($res);
if (!$row) {
echo 'notfound';
} else {
$uid2 = $row['uid'];
$query = "SELECT uid,uid2,permit FROM contacts WHERE uid='{$my_uid}' AND uid2='{$uid2}'";
$res2 = mysql_query($query);
$row2 = mysql_fetch_array($res2);
if ($row2) {
$permit = $row2['permit'];
setProfile
Input:
'nickname': POST
'gender': POST
'whatsup': POST
'region': POST
Output:
'success'
'fail'
**************************/
require "permit.php";
require "conn.php";
$nickname = req_sec(isset($_POST['nickname']) ? $_POST['nickname'] : "");
$gender = req_sec(isset($_POST['gender']) ? $_POST['gender'] : "");
$whatsup = req_sec(isset($_POST['whatsup']) ? $_POST['whatsup'] : "");
$region = req_sec(isset($_POST['region']) ? $_POST['region'] : "");
$usrstr = req_sec(isset($_SESSION['username']) ? $_SESSION['username'] : "");
if ($nickname != "" && $gender != "") {
$query = "UPDATE `users` SET `nickname` = '{$nickname}', `gender` = '{$gender}', `whatsup` = '{$whatsup}', `region` = '{$region}' WHERE `uid` ={$my_uid}";
$res = mysql_query($query);
if ($res) {
$_SESSION['nickname'] = $nickname;
echo 'success';
} else {
echo 'fail';
}
} else {
echo 'fail';
}