/[LeafOK_CVS]/fenglin/bbs/update_profile_service.php
ViewVC logotype

Annotation of /fenglin/bbs/update_profile_service.php

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.5 - (hide annotations)
Wed Apr 9 06:00:54 2025 UTC (11 months, 1 week ago) by sysadm
Branch: MAIN
Changes since 1.4: +2 -2 lines 
Refine
1 sysadm 1.1 <?
2     require_once "../lib/common.inc.php";
3     require_once "../lib/db_open.inc.php";
4     require_once "../lib/send_mail.inc.php";
5     require_once "../lib/str_process.inc.php";
6     require_once "../lib/passwd.inc.php";
7     require_once "./common_lib.inc.php";
8     require_once "./session_init.inc.php";
9    
10     force_login();
11    
12     $data = json_decode(file_get_contents("php://input"), true);
13    
14     $realname = (isset($data["realname"]) ? trim($data["realname"]) : "");
15     $gender = (isset($data["gender"]) ? $data["gender"] : "");
16     $gender_public = (isset($data["gender_public"]) && $data["gender_public"] == "1" ? 1 : 0);
17 sysadm 1.5 $email = (isset($data["email"]) ? trim($data["email"]) : "");
18 sysadm 1.1 $year = (isset($data["year"]) ? intval($data["year"]) : 0);
19     $month = (isset($data["month"]) ? intval($data["month"]) : 0);
20     $day = (isset($data["day"]) ? intval($data["day"]) : 0);
21 sysadm 1.5 $qq = (isset($data["qq"]) ? trim($data["qq"]) : "");
22 sysadm 1.1
23     $result_set = array(
24     "return" => array(
25     "code" => 0,
26     "message" => "",
27     "errorFields" => array(),
28     )
29     );
30    
31     header("Content-Type:application/json; charset=utf-8");
32    
33     // Validate input data
34     if ($realname == "" || preg_match("/[\t\r\n]/", $realname) || str_length($realname) > 10)
35     {
36     $result_set["return"]["code"] = -1;
37     array_push($result_set["return"]["errorFields"], array(
38     "id" => "realname",
39     "errMsg" => "不符合格式要求",
40     ));
41     }
42    
43     if ($gender != "M" && $gender != "F")
44     {
45     $result_set["return"]["code"] = -1;
46     array_push($result_set["return"]["errorFields"], array(
47     "id" => "gender",
48     "errMsg" => "未指定性别",
49     ));
50     }
51    
52 sysadm 1.4 if (!preg_match("/^[A-Za-z0-9_.-]+@([A-Za-z0-9-]+[.])+[A-Za-z0-9-]+$/", $email))
53     {
54     $result_set["return"]["code"] = -1;
55     array_push($result_set["return"]["errorFields"], array(
56     "id" => "email",
57     "errMsg" => "不符合格式要求",
58     ));
59     }
60    
61 sysadm 1.1 if (!checkdate($month, $day, $year))
62     {
63     $result_set["return"]["code"] = -1;
64     array_push($result_set["return"]["errorFields"], array(
65     "id" => "birthday",
66     "errMsg" => "非法日期",
67     ));
68     }
69     else if ((new DateTimeImmutable("$year-$month-$day")) > (new DateTimeImmutable("-16 year")))
70     {
71     $result_set["return"]["code"] = -1;
72     array_push($result_set["return"]["errorFields"], array(
73     "id" => "birthday",
74     "errMsg" => "需年满16周岁才能使用本站服务",
75     ));
76     }
77    
78     if ($qq != "" && !preg_match("/^[0-9]{5,11}$/", $qq))
79     {
80     $result_set["return"]["code"] = -1;
81     array_push($result_set["return"]["errorFields"], array(
82     "id" => "qq",
83     "errMsg" => "不符合格式要求",
84     ));
85     }
86    
87     if ($result_set["return"]["code"] != 0)
88     {
89     mysqli_close($db_conn);
90     exit(json_encode($result_set));
91     }
92    
93 sysadm 1.4 // Secure SQL statement
94     $realname = mysqli_real_escape_string($db_conn, $realname);
95    
96 sysadm 1.1 // Begin transaction
97     $rs = mysqli_query($db_conn, "SET autocommit=0");
98     if ($rs == false)
99     {
100     $result_set["return"]["code"] = -2;
101     $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
102    
103     mysqli_close($db_conn);
104     exit(json_encode($result_set));
105     }
106    
107     $rs = mysqli_query($db_conn, "BEGIN");
108     if ($rs == false)
109     {
110     $result_set["return"]["code"] = -2;
111     $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
112    
113     mysqli_close($db_conn);
114     exit(json_encode($result_set));
115     }
116    
117     $sql = "SELECT email FROM user_pubinfo WHERE UID = " . $_SESSION["BBS_uid"];
118    
119     $rs = mysqli_query($db_conn, $sql);
120     if ($rs == false)
121     {
122     $result_set["return"]["code"] = -2;
123     $result_set["return"]["message"] = "Query user info error: " . mysqli_error($db_conn);
124    
125     mysqli_close($db_conn);
126     exit(json_encode($result_set));
127     }
128    
129     if($row = mysqli_fetch_array($rs))
130     {
131 sysadm 1.4 $old_email = $row["email"];
132 sysadm 1.1 }
133     else
134     {
135     $result_set["return"]["code"] = -2;
136     $result_set["return"]["message"] = "个人资料不存在";
137    
138     mysqli_close($db_conn);
139     exit(json_encode($result_set));
140     }
141    
142     mysqli_free_result($rs);
143    
144 sysadm 1.4 // Update email
145     if ($old_email != $email)
146     {
147     $sql = "SELECT UID FROM user_pubinfo WHERE email = '$email'";
148    
149     $rs = mysqli_query($db_conn, $sql);
150     if ($rs == false)
151     {
152     $result_set["return"]["code"] = -2;
153     $result_set["return"]["message"] = "Query user email error: " . mysqli_error($db_conn);
154    
155     mysqli_close($db_conn);
156     exit(json_encode($result_set));
157     }
158    
159     if (mysqli_num_rows($rs) >= $BBS_max_user_per_email)
160     {
161     $result_set["return"]["code"] = -1;
162     array_push($result_set["return"]["errorFields"], array(
163     "id" => "email",
164     "errMsg" => "该邮箱的使用次数已超过限制",
165     ));
166    
167     mysqli_close($db_conn);
168     exit(json_encode($result_set));
169     }
170     mysqli_free_result($rs);
171    
172     // Generate verify code
173     $verify_code = gen_passwd(10);
174    
175     $sql = "INSERT INTO user_modify_email_verify (UID, email, verify_code, dt, ip) VALUES(" .
176     $_SESSION["BBS_uid"] . ", '$email', '$verify_code', NOW(), '" . client_addr() . "')";
177    
178     $rs = mysqli_query($db_conn, $sql);
179     if ($rs == false)
180     {
181     $result_set["return"]["code"] = -2;
182     $result_set["return"]["message"] = "Update email error: " . mysqli_error($db_conn);
183    
184     mysqli_close($db_conn);
185     exit(json_encode($result_set));
186     }
187    
188     //Send mail
189     $from = "";
190     $fromname = $BBS_name;
191     $to = $email;
192     $toname = $_SESSION["BBS_username"];
193     $subject = $BBS_name . "修改邮件地址确认";
194     $body = $_SESSION["BBS_username"] . ":\n 您好!\n" .
195     " 请访问以下链接确认更改注册邮件地址:\n" .
196     "https://$BBS_host_name/bbs/modify_email_verify.php?code=$verify_code\n\n" .
197     " 感谢您的大力支持!\n\n" .
198     $BBS_name . "\n" . date("Y年m月d日") . "\n";
199    
200     $ret = send_mail($from, $fromname, $to, $toname, $subject, $body, $db_conn);
201     if ($ret == false)
202     {
203     $result_set["return"]["code"] = -2;
204     $result_set["return"]["message"] = "Add email error: " . mysqli_error($db_conn);
205    
206     mysqli_close($db_conn);
207     exit(json_encode($result_set));
208     }
209     }
210    
211     $sql = "UPDATE user_reginfo SET name = '$realname',
212     birthday = '$year-$month-$day', signup_ip='" . client_addr() .
213 sysadm 1.1 "' WHERE UID = " . $_SESSION["BBS_uid"];
214    
215     $rs = mysqli_query($db_conn, $sql);
216     if ($rs == false)
217     {
218     $result_set["return"]["code"] = -2;
219     $result_set["return"]["message"] = "Update user reginfo error: " . mysqli_error($db_conn);
220    
221     mysqli_close($db_conn);
222     exit(json_encode($result_set));
223     }
224    
225     $sql = "UPDATE user_pubinfo SET gender = '$gender', gender_pub = $gender_public,
226     qq = '$qq' WHERE UID =" . $_SESSION["BBS_uid"];
227    
228     $rs = mysqli_query($db_conn, $sql);
229     if ($rs == false)
230     {
231     $result_set["return"]["code"] = -2;
232     $result_set["return"]["message"] = "Update user pubinfo error: " . mysqli_error($db_conn);
233    
234     mysqli_close($db_conn);
235     exit(json_encode($result_set));
236     }
237    
238     $sql = "INSERT INTO user_modify_log(UID, modify_dt, modify_ip, complete) VALUES(".
239     $_SESSION["BBS_uid"] . ", NOW(), '" . client_addr() . "', 1)";
240    
241     $rs = mysqli_query($db_conn, $sql);
242     if ($rs == false)
243     {
244     $result_set["return"]["code"] = -2;
245     $result_set["return"]["message"] = "Add log error: " . mysqli_error($db_conn);
246    
247     mysqli_close($db_conn);
248     exit(json_encode($result_set));
249     }
250    
251     //Send mail
252     $from = "";
253     $fromname = $BBS_name;
254 sysadm 1.4 $to = $old_email;
255 sysadm 1.1 $toname = $_SESSION["BBS_username"];
256     $subject = $BBS_name . "用户资料更改通知";
257 sysadm 1.2 $body = $_SESSION["BBS_username"] . ":\n 您好!\n" .
258     " 您在本站的注册资料已经于" . date("Y年m月d日 H:i:s") . "更改。\n" .
259 sysadm 1.3 " 为了您的个人资料的安全,如果此情况与事实不符,请立即与我们联系。\n\n" .
260 sysadm 1.1 $BBS_name . "\n" . date("Y年m月d日") . "\n";
261    
262     $ret = send_mail($from, $fromname, $to, $toname, $subject, $body, $db_conn);
263     if ($ret == false)
264     {
265     $result_set["return"]["code"] = -2;
266     $result_set["return"]["message"] = "Add email error: " . mysqli_error($db_conn);
267    
268     mysqli_close($db_conn);
269     exit(json_encode($result_set));
270     }
271    
272     // Commit transaction
273     $rs = mysqli_query($db_conn, "COMMIT");
274     if ($rs == false)
275     {
276     $result_set["return"]["code"] = -2;
277     $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
278    
279     mysqli_close($db_conn);
280     exit(json_encode($result_set));
281     }
282    
283     mysqli_close($db_conn);
284     exit(json_encode($result_set));
285     ?>
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1