--- fenglin/bbs/reg_user_service.php	2025/03/31 14:13:22	1.1
+++ fenglin/bbs/reg_user_service.php	2025/04/23 05:13:56	1.7
@@ -1,4 +1,4 @@
-<?
+<?php
 	require_once "../lib/common.inc.php";
 	require_once "../lib/str_process.inc.php";
 	require_once "../lib/vn_gif.inc.php";
@@ -10,18 +10,18 @@
 
 	$data = json_decode(file_get_contents("php://input"), true);
 
-	$username = (isset($data["username"]) ? $data["username"] : "");
-	$nickname = (isset($data["nickname"]) ? $data["nickname"] : "");
+	$username = (isset($data["username"]) ? trim($data["username"]) : "");
+	$nickname = (isset($data["nickname"]) ? trim($data["nickname"]) : "");
 	$realname = (isset($data["realname"]) ? trim($data["realname"]) : "");
 	$gender = (isset($data["gender"]) ? $data["gender"] : "");
 	$gender_public = (isset($data["gender_public"]) && $data["gender_public"] == "1" ? 1 : 0);
-	$email = (isset($data["email"]) ? $data["email"] : "");
+	$email = (isset($data["email"]) ? trim($data["email"]) : "");
 	$year = (isset($data["year"]) ? intval($data["year"]) : 0);
 	$month = (isset($data["month"]) ? intval($data["month"]) : 0);
 	$day = (isset($data["day"]) ? intval($data["day"]) : 0);
-	$qq = (isset($data["qq"]) ? $data["qq"] : "");
+	$qq = (isset($data["qq"]) ? trim($data["qq"]) : "");
 	$agreement = (isset($data["agreement"]) && $data["agreement"] == "1");
-	$vn_str = (isset($data["vn_str"]) ? $data["vn_str"] : "");
+	$vn_str = (isset($data["vn_str"]) ? trim($data["vn_str"]) : "");
 
 	$result_set = array(
 		"return" => array(
@@ -130,7 +130,7 @@
 		));
 	}
 
-	if ((!isset($_SESSION["BBS_reg_vn_str"])) || $_SESSION["BBS_reg_vn_str"] == "" || VN_check($_SESSION["BBS_reg_vn_str"], $vn_str) != 0)
+	if ((!isset($_SESSION["BBS_vn_str"])) || $_SESSION["BBS_vn_str"] == "" || strcasecmp($_SESSION["BBS_vn_str"], $vn_str) != 0)
 	{
 		$result_set["return"]["code"] = -1;
 		array_push($result_set["return"]["errorFields"], array(
@@ -145,6 +145,10 @@
 		exit(json_encode($result_set));
 	}
 
+	// Secure SQL statement
+	$nickname = mysqli_real_escape_string($db_conn, $nickname);
+	$realname = mysqli_real_escape_string($db_conn, $realname);
+	
 	// Begin transaction
 	$rs = mysqli_query($db_conn, "SET autocommit=0");
 	if ($rs == false)
@@ -167,8 +171,7 @@
 	}
 
 	// Check availability of username and nickname
-	$sql = "SELECT UID FROM user_list WHERE username = '" .
-			mysqli_real_escape_string($db_conn, $username) . "'";
+	$sql = "SELECT UID FROM user_list WHERE username = '$username' FOR UPDATE";
 	
 	$rs = mysqli_query($db_conn, $sql);
 	if ($rs == false)
@@ -190,8 +193,7 @@
 	}
 	mysqli_free_result($rs);
 
-	$sql = "SELECT UID FROM user_nickname WHERE nickname = '" .
-			mysqli_real_escape_string($db_conn, $nickname) . "'";
+	$sql = "SELECT UID FROM user_nickname WHERE nickname = '$nickname' FOR UPDATE";
 
 	$rs = mysqli_query($db_conn, $sql);
 	if ($rs == false)
@@ -213,8 +215,7 @@
 	}
 	mysqli_free_result($rs);
 	
-	$sql = "SELECT UID FROM user_pubinfo WHERE email = '" .
-			mysqli_real_escape_string($db_conn, $email) . "'";
+	$sql = "SELECT UID FROM user_pubinfo WHERE email = '$email' FOR UPDATE";
 	
 	$rs = mysqli_query($db_conn, $sql);
 	if ($rs == false)
@@ -259,8 +260,8 @@
 
 	$uid = mysqli_insert_id($db_conn);
 
-	$sql = "INSERT INTO user_reginfo(UID, name, birthday, signup_dt, signup_ip) VALUES($uid, '" .
-			mysqli_real_escape_string($db_conn, $realname) . "', '$year-$month-$day', NOW(), '".
+	$sql = "INSERT INTO user_reginfo(UID, name, birthday, signup_dt, signup_ip)
+			VALUES($uid, '$realname', '$year-$month-$day', NOW(), '".
 			client_addr() . "')";
 
 	$rs = mysqli_query($db_conn, $sql);
@@ -273,8 +274,8 @@
 		exit(json_encode($result_set));
 	}
 
-	$sql = "INSERT INTO user_pubinfo(UID, nickname, email, gender, gender_pub, qq, last_login_dt) VALUES($uid, '" .
-			mysqli_real_escape_string($db_conn, $nickname) . "', '$email', '$gender', $gender_public, '$qq', NOW())";
+	$sql = "INSERT INTO user_pubinfo(UID, nickname, email, gender, gender_pub, qq, last_login_dt)
+			VALUES($uid, '$nickname', '$email', '$gender', $gender_public, '$qq', NOW())";
 
 	$rs = mysqli_query($db_conn, $sql);
 	if ($rs == false)
@@ -286,8 +287,8 @@
 		exit(json_encode($result_set));
 	}
 
-	$sql = "INSERT INTO user_nickname(UID, nickname, begin_dt, begin_reason) VALUES($uid, '" .
-			mysqli_real_escape_string($db_conn, $nickname) . "', NOW(), 'R')";
+	$sql = "INSERT INTO user_nickname(UID, nickname, begin_dt, begin_reason)
+			VALUES($uid, '$nickname', NOW(), 'R')";
 
 	$rs = mysqli_query($db_conn, $sql);
 	if ($rs == false)
@@ -333,7 +334,7 @@
 		exit(json_encode($result_set));
 	}
 
-	$_SESSION["BBS_reg_vn_str"] == "";
+	$_SESSION["BBS_vn_str"] = "";
 
 	mysqli_close($db_conn);
 	exit(json_encode($result_set));