/[LeafOK_CVS]/fenglin/bbs/section_service_master.php
ViewVC logotype

Contents of /fenglin/bbs/section_service_master.php

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.5 - (show annotations)
Tue Nov 4 11:13:39 2025 UTC (4 months, 1 week ago) by sysadm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.4: +1 -1 lines 
Update username check criteria to keep compatible with some special username (length = 3)
1 <?php
2 require_once "../lib/db_open.inc.php";
3 require_once "../lib/str_process.inc.php";
4 require_once "./session_init.inc.php";
5 require_once "./check_sub.inc.php";
6
7 $data = json_decode(file_get_contents("php://input"), true);
8
9 $sid = (isset($data["sid"]) ? intval($data["sid"]) : 0);
10 $op = (isset($data["op"]) ? intval($data["op"]) : 0);
11 $username = (isset($data["username"]) ? trim($data["username"]) : "");
12 $type = (isset($data["type"]) && $data["type"] == "1" ? 1 : 0);
13
14 $result_set = array(
15 "return" => array(
16 "code" => 0,
17 "message" => "",
18 "errorFields" => array(),
19 )
20 );
21
22 header("Content-Type:application/json; charset=utf-8");
23
24 // Validate input data
25 if (!preg_match("/^[A-Za-z][A-Za-z0-9_]{2,11}$/", $username))
26 {
27 $result_set["return"]["code"] = -1;
28 array_push($result_set["return"]["errorFields"], array(
29 "id" => "username",
30 "errMsg" => "用户名不符合格式要求",
31 ));
32 }
33
34 if ($result_set["return"]["code"] != 0)
35 {
36 mysqli_close($db_conn);
37 exit(json_encode($result_set));
38 }
39
40 if (!$_SESSION["BBS_priv"]->checkpriv($sid, S_MAN_M)
41 || ($type == 1 && (!$_SESSION["BBS_priv"]->checkpriv($sid, S_ADMIN))))
42 {
43 $result_set["return"]["code"] = -1;
44 array_push($result_set["return"]["errorFields"], array(
45 "id" => "master",
46 "errMsg" => "没有权限",
47 ));
48
49 mysqli_close($db_conn);
50 exit(json_encode($result_set));
51 }
52
53 // Begin transaction
54 $rs = mysqli_query($db_conn, "SET autocommit=0");
55 if ($rs == false)
56 {
57 $result_set["return"]["code"] = -2;
58 $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
59
60 mysqli_close($db_conn);
61 exit(json_encode($result_set));
62 }
63
64 $rs = mysqli_query($db_conn, "BEGIN");
65 if ($rs == false)
66 {
67 $result_set["return"]["code"] = -2;
68 $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
69
70 mysqli_close($db_conn);
71 exit(json_encode($result_set));
72 }
73
74 // Check user status
75 $sql = "SELECT UID FROM user_list WHERE username = '$username' AND verified";
76
77 $rs = mysqli_query($db_conn, $sql);
78 if ($rs == false)
79 {
80 $result_set["return"]["code"] = -2;
81 $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
82
83 mysqli_close($db_conn);
84 exit(json_encode($result_set));
85 }
86
87 if ($row = mysqli_fetch_array($rs))
88 {
89 $uid = $row["UID"];
90 }
91 else
92 {
93 $result_set["return"]["code"] = -1;
94 array_push($result_set["return"]["errorFields"], array(
95 "id" => "username",
96 "errMsg" => "用户不存在或尚未验证",
97 ));
98
99 mysqli_close($db_conn);
100 exit(json_encode($result_set));
101 }
102 mysqli_free_result($rs);
103
104 // Check section status
105 $sql = "SELECT SID FROM section_config INNER JOIN section_class
106 WHERE SID = $sid AND section_config.enable AND section_class.enable";
107
108 $rs = mysqli_query($db_conn, $sql);
109 if ($rs == false)
110 {
111 $result_set["return"]["code"] = -2;
112 $result_set["return"]["message"] = "Query section master error: " . mysqli_error($db_conn);
113
114 mysqli_close($db_conn);
115 exit(json_encode($result_set));
116 }
117
118 if (mysqli_num_rows($rs) == 0)
119 {
120 $result_set["return"]["code"] = -1;
121 array_push($result_set["return"]["errorFields"], array(
122 "id" => "master",
123 "errMsg" => "版块不存在",
124 ));
125
126 mysqli_close($db_conn);
127 exit(json_encode($result_set));
128 }
129 mysqli_free_result($rs);
130
131 // Check existing section master
132 $has_major = false;
133 $user_found = false;
134 $user_type = 0;
135
136 $sql = "SELECT UID, major FROM section_master
137 WHERE SID = $sid AND enable AND (NOW() BETWEEN begin_dt AND end_dt)
138 FOR UPDATE";
139
140 $rs = mysqli_query($db_conn, $sql);
141 if ($rs == false)
142 {
143 $result_set["return"]["code"] = -2;
144 $result_set["return"]["message"] = "Query section master error: " . mysqli_error($db_conn);
145
146 mysqli_close($db_conn);
147 exit(json_encode($result_set));
148 }
149
150 while ($row = mysqli_fetch_array($rs))
151 {
152 if ($uid == $row["UID"])
153 {
154 $user_found = true;
155 $user_type = $row["major"];
156 }
157
158 if (!$has_major && $row["major"])
159 {
160 $has_major = true;
161 }
162 }
163 mysqli_free_result($rs);
164
165 if ($user_found && $op == 1)
166 {
167 $result_set["return"]["code"] = -1;
168 array_push($result_set["return"]["errorFields"], array(
169 "id" => "master",
170 "errMsg" => "用户已经是版主",
171 ));
172
173 mysqli_close($db_conn);
174 exit(json_encode($result_set));
175 }
176
177 if ($op == 2 || $op == 3)
178 {
179 if (!$user_found)
180 {
181 $result_set["return"]["code"] = -1;
182 array_push($result_set["return"]["errorFields"], array(
183 "id" => "master",
184 "errMsg" => "未找到记录",
185 ));
186
187 mysqli_close($db_conn);
188 exit(json_encode($result_set));
189 }
190
191 if ($user_type == 1 && (!$_SESSION["BBS_priv"]->checkpriv($sid, S_ADMIN)))
192 {
193 $result_set["return"]["code"] = -1;
194 array_push($result_set["return"]["errorFields"], array(
195 "id" => "master",
196 "errMsg" => "没有管理员权限",
197 ));
198
199 mysqli_close($db_conn);
200 exit(json_encode($result_set));
201 }
202 }
203
204 switch($op)
205 {
206 case 1: // Appoint
207 if ($type == 1 && $has_major)
208 {
209 $result_set["return"]["code"] = -1;
210 array_push($result_set["return"]["errorFields"], array(
211 "id" => "master",
212 "errMsg" => "只能有一位正版主",
213 ));
214
215 mysqli_close($db_conn);
216 exit(json_encode($result_set));
217 }
218
219 $sql = "INSERT INTO section_master(UID, SID, begin_dt, end_dt, enable, major)
220 VALUES($uid, $sid, NOW(), ADDDATE(NOW(), INTERVAL 6 MONTH), 1, $type)";
221
222 $rs = mysqli_query($db_conn, $sql);
223 if ($rs == false)
224 {
225 $result_set["return"]["code"] = -2;
226 $result_set["return"]["message"] = "Add section master error: " . mysqli_error($db_conn);
227
228 mysqli_close($db_conn);
229 exit(json_encode($result_set));
230 }
231
232 break; // case 1: Appoint
233 case 2: // Dismiss
234 $sql = "UPDATE section_master SET enable = 0, end_dt = NOW()
235 WHERE UID = $uid AND SID = $sid AND enable
236 AND (NOW() BETWEEN begin_dt AND end_dt)";
237
238 $rs = mysqli_query($db_conn, $sql);
239 if ($rs == false)
240 {
241 $result_set["return"]["code"] = -2;
242 $result_set["return"]["message"] = "Update section master error: " . mysqli_error($db_conn);
243
244 mysqli_close($db_conn);
245 exit(json_encode($result_set));
246 }
247
248 break; // case 2: Dismiss
249 case 3: // Renew
250 $sql = "UPDATE section_master SET end_dt = ADDDATE(end_dt, INTERVAL 6 MONTH)
251 WHERE UID = $uid AND SID = $sid AND enable
252 AND (NOW() BETWEEN begin_dt AND end_dt)";
253
254 $rs = mysqli_query($db_conn, $sql);
255 if ($rs == false)
256 {
257 $result_set["return"]["code"] = -2;
258 $result_set["return"]["message"] = "Update section master error: " . mysqli_error($db_conn);
259
260 mysqli_close($db_conn);
261 exit(json_encode($result_set));
262 }
263
264 break; // case 3 : Renew
265 default: // Invalid Op
266 $result_set["return"]["code"] = -1;
267 array_push($result_set["return"]["errorFields"], array(
268 "id" => "master",
269 "errMsg" => "非法操作",
270 ));
271
272 mysqli_close($db_conn);
273 exit(json_encode($result_set));
274
275 break; // default: Invalid Op
276 }
277
278 // Commit transaction
279 $rs = mysqli_query($db_conn, "COMMIT");
280 if ($rs == false)
281 {
282 $result_set["return"]["code"] = -2;
283 $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
284
285 mysqli_close($db_conn);
286 exit(json_encode($result_set));
287 }
288
289 mysqli_close($db_conn);
290 exit(json_encode($result_set));
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1