/[LeafOK_CVS]/fenglin/bbs/preference_service.php
ViewVC logotype

Contents of /fenglin/bbs/preference_service.php

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.6 - (show annotations)
Wed Apr 23 05:56:10 2025 UTC (10 months, 3 weeks ago) by sysadm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.5: +0 -0 lines
FILE REMOVED 
Rename preference_service.php to user_service_update_pref.php
1 <?php
2 require_once "../lib/db_open.inc.php";
3 require_once "../lib/str_process.inc.php";
4 require_once "./session_init.inc.php";
5 require_once "./check_sub.inc.php";
6
7 force_login();
8
9 $user_tz = (isset($_POST["user_tz"]) ? $_POST["user_tz"] : "");
10 $photo = (isset($_POST["photo"]) ? intval($_POST["photo"]) : 0);
11 $introduction = str_replace("\r\n", "\n", (isset($_POST["introduction"]) ? $_POST["introduction"] : ""));
12 $sign_1 = str_replace("\r\n", "\n", (isset($_POST["sign_1"]) ? $_POST["sign_1"] : ""));
13 $sign_2 = str_replace("\r\n", "\n", (isset($_POST["sign_2"]) ? $_POST["sign_2"] : ""));
14 $sign_3 = str_replace("\r\n", "\n", (isset($_POST["sign_3"]) ? $_POST["sign_3"] : ""));
15
16 $result_set = array(
17 "return" => array(
18 "code" => 0,
19 "message" => "",
20 "errorFields" => array(),
21 )
22 );
23
24 header("Content-Type:application/json; charset=utf-8");
25
26 // Validate input data
27 $timezone_identifiers = DateTimeZone::listIdentifiers();
28 if (!in_array($user_tz, $timezone_identifiers, true))
29 {
30 $result_set["return"]["code"] = -1;
31 array_push($result_set["return"]["errorFields"], array(
32 "id" => "user_tz",
33 "errMsg" => "不存在的时区",
34 ));
35 }
36
37 $r_introduction = check_badwords(split_line($introduction, "", 80, 10), "****");
38 if ($introduction != $r_introduction)
39 {
40 $result_set["return"]["code"] = -1;
41 array_push($result_set["return"]["errorFields"], array(
42 "id" => "introduction",
43 "errMsg" => "不符合要求",
44 "updateValue" => $r_introduction,
45 ));
46 }
47
48 $r_sign_1 = check_badwords(split_line($sign_1, "", 80, 10), "****");
49 if ($sign_1 != $r_sign_1)
50 {
51 $result_set["return"]["code"] = -1;
52 array_push($result_set["return"]["errorFields"], array(
53 "id" => "sign_1",
54 "errMsg" => "不符合要求",
55 "updateValue" => $r_sign_1,
56 ));
57 }
58
59 $r_sign_2 = check_badwords(split_line($sign_2, "", 80, 10), "****");
60 if ($sign_2 != $r_sign_2)
61 {
62 $result_set["return"]["code"] = -1;
63 array_push($result_set["return"]["errorFields"], array(
64 "id" => "sign_2",
65 "errMsg" => "不符合要求",
66 "updateValue" => $r_sign_2,
67 ));
68 }
69
70 $r_sign_3 = check_badwords(split_line($sign_3, "", 80, 10), "****");
71 if ($sign_3 != $r_sign_3)
72 {
73 $result_set["return"]["code"] = -1;
74 array_push($result_set["return"]["errorFields"], array(
75 "id" => "sign_3",
76 "errMsg" => "不符合要求",
77 "updateValue" => $r_sign_3,
78 ));
79 }
80
81 if ($result_set["return"]["code"] != 0)
82 {
83 mysqli_close($db_conn);
84 exit(json_encode($result_set));
85 }
86
87 // Validate photo file
88 $photo_file_count = (isset($_FILES['photo_file']['error']) ? count($_FILES['photo_file']['error']) : 0);
89 if ($photo_file_count > 1)
90 {
91 $result_set["return"]["code"] = -1;
92 array_push($result_set["return"]["errorFields"], array(
93 "id" => "photo_file",
94 "errMsg" => "只能上传单个文件",
95 ));
96
97 mysqli_close($db_conn);
98 exit(json_encode($result_set));
99 }
100
101 // Store photo file
102 for ($i = 0; $i < $photo_file_count; $i++)
103 {
104 if (!isset($_FILES['photo_file']['error'][$i]) || $_FILES['photo_file']['error'][$i] != UPLOAD_ERR_OK)
105 {
106 $result_set["return"]["code"] = -1;
107 array_push($result_set["return"]["errorFields"], array(
108 "id" => "photo_file",
109 "errMsg" => "上传文件错误",
110 ));
111
112 mysqli_close($db_conn);
113 exit(json_encode($result_set));
114 }
115
116 $filesize = $_FILES['photo_file']['size'][$i];
117 $filename = $_FILES['photo_file']['name'][$i];
118
119 if ($filesize <= 0)
120 {
121 continue;
122 }
123
124 if ($filesize > 1024 * 16)
125 {
126 $result_set["return"]["code"] = -1;
127 array_push($result_set["return"]["errorFields"], array(
128 "id" => "photo_file",
129 "errMsg" => "文件大小超过限制",
130 ));
131
132 mysqli_close($db_conn);
133 exit(json_encode($result_set));
134 }
135
136 $ext = strtolower(substr($filename, (strrpos($filename, ".") ? strrpos($filename, ".") + 1 : 0)));
137 switch ($ext)
138 {
139 case "bmp":
140 case "gif":
141 case "jpg":
142 case "jpeg":
143 case "png":
144 case "tif":
145 case "tiff":
146 break;
147 default:
148 $result_set["return"]["code"] = -1;
149 array_push($result_set["return"]["errorFields"], array(
150 "id" => "photo_file",
151 "errMsg" => "不支持的文件扩展名",
152 ));
153
154 mysqli_close($db_conn);
155 exit(json_encode($result_set));
156 }
157
158 $finfo = new finfo(FILEINFO_MIME_TYPE);
159 $mime_type = $finfo->file($_FILES['photo_file']['tmp_name'][$i]);
160 $real_ext = array_search($mime_type, array(
161 'bmp' => 'image/x-ms-bmp',
162 'jpg' => 'image/jpeg',
163 'png' => 'image/png',
164 'gif' => 'image/gif',
165 'tif' => 'image/tiff',
166 ), true);
167
168 if ($real_ext === false)
169 {
170 $result_set["return"]["code"] = -1;
171 array_push($result_set["return"]["errorFields"], array(
172 "id" => "photo_file",
173 "errMsg" => "不支持的文件格式",
174 ));
175
176 mysqli_close($db_conn);
177 exit(json_encode($result_set));
178 }
179
180 if (($size = getimagesize($_FILES['photo_file']['tmp_name'][$i]))==NULL)
181 {
182 $result_set["return"]["code"] = -1;
183 array_push($result_set["return"]["errorFields"], array(
184 "id" => "photo_file",
185 "errMsg" => "分析文件出错",
186 ));
187
188 mysqli_close($db_conn);
189 exit(json_encode($result_set));
190 }
191
192 if ($size[0] > 120 || $size[1] > 120)
193 {
194 $result_set["return"]["code"] = -1;
195 array_push($result_set["return"]["errorFields"], array(
196 "id" => "photo_file",
197 "errMsg" => "图片尺寸超过限制",
198 ));
199
200 mysqli_close($db_conn);
201 exit(json_encode($result_set));
202 }
203
204 $file_path = "images/face/upload_photo/face_" . $_SESSION["BBS_uid"] . "." . $ext;
205
206 if(!move_uploaded_file($_FILES['photo_file']['tmp_name'][$i], $file_path))
207 {
208 $result_set["return"]["code"] = -2;
209 $result_set["return"]["message"] = "Copy file error";
210
211 mysqli_close($db_conn);
212 exit(json_encode($result_set));
213 }
214 }
215
216 // Secure SQL statement
217 $introduction = mysqli_real_escape_string($db_conn, $introduction);
218 $sign_1 = mysqli_real_escape_string($db_conn, $sign_1);
219 $sign_2 = mysqli_real_escape_string($db_conn, $sign_2);
220 $sign_3 = mysqli_real_escape_string($db_conn, $sign_3);
221
222 $sql = "UPDATE user_pubinfo SET user_timezone = '$user_tz', introduction = '$introduction', ".
223 "sign_1 = '$sign_1', sign_2 = '$sign_2', sign_3 = '$sign_3', ".
224 ($photo_file_count > 0 ? "photo = 999, photo_enable = 0, photo_ext='$ext'" : "photo = $photo") .
225 " WHERE UID=" . $_SESSION["BBS_uid"];
226
227 $rs = mysqli_query($db_conn, $sql);
228 if ($rs == false)
229 {
230 $result_set["return"]["code"] = -2;
231 $result_set["return"]["message"] = "Update data error: " . mysqli_error($db_conn);
232
233 mysqli_close($db_conn);
234 exit(json_encode($result_set));
235 }
236
237 // Update user_tz in session data
238 $_SESSION["BBS_user_tz"] = new DateTimeZone($user_tz);
239
240 mysqli_close($db_conn);
241 exit(json_encode($result_set));
242 ?>
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1