--- fenglin/bbs/update_profile_service.php	2025/04/01 12:18:40	1.4
+++ fenglin/bbs/update_profile_service.php	2025/04/23 04:51:55	1.8
@@ -1,24 +1,26 @@
-<?
+<?php
 	require_once "../lib/common.inc.php";
 	require_once "../lib/db_open.inc.php";
+	require_once "../lib//score_change.inc.php";
 	require_once "../lib/send_mail.inc.php";
 	require_once "../lib/str_process.inc.php";
 	require_once "../lib/passwd.inc.php";
-	require_once "./common_lib.inc.php";
 	require_once "./session_init.inc.php";
+	require_once "./reg_check.inc.php";
 
 	force_login();
 
 	$data = json_decode(file_get_contents("php://input"), true);
 
+	$nickname = (isset($data["nickname"]) ? trim($data["nickname"]) : "");
 	$realname = (isset($data["realname"]) ? trim($data["realname"]) : "");
 	$gender = (isset($data["gender"]) ? $data["gender"] : "");
 	$gender_public = (isset($data["gender_public"]) && $data["gender_public"] == "1" ? 1 : 0);
-	$email = (isset($data["email"]) ? $data["email"] : "");
+	$email = (isset($data["email"]) ? trim($data["email"]) : "");
 	$year = (isset($data["year"]) ? intval($data["year"]) : 0);
 	$month = (isset($data["month"]) ? intval($data["month"]) : 0);
 	$day = (isset($data["day"]) ? intval($data["day"]) : 0);
-	$qq = (isset($data["qq"]) ? $data["qq"] : "");
+	$qq = (isset($data["qq"]) ? trim($data["qq"]) : "");
 
 	$result_set = array(
 		"return" => array(
@@ -31,6 +33,23 @@
 	header("Content-Type:application/json; charset=utf-8");
 
 	// Validate input data
+	if ($nickname == "" || preg_match("/[[:space:]]/", $nickname) || str_length($nickname) > 20)
+	{
+		$result_set["return"]["code"] = -1;
+		array_push($result_set["return"]["errorFields"], array(
+			"id" => "nickname",
+			"errMsg" => "不符合格式要求",
+		));
+	}
+	else if (!check_str($nickname) && !$_SESSION["BBS_priv"]->checklevel(P_ADMIN_M | P_ADMIN_S))
+	{
+		$result_set["return"]["code"] = -1;
+		array_push($result_set["return"]["errorFields"], array(
+			"id" => "nickname",
+			"errMsg" => "昵称不可用",
+		));
+	}
+
 	if ($realname == "" || preg_match("/[\t\r\n]/", $realname) || str_length($realname) > 10)
 	{
 		$result_set["return"]["code"] = -1;
@@ -91,6 +110,7 @@
 	}
 
 	// Secure SQL statement
+	$nickname = mysqli_real_escape_string($db_conn, $nickname);
 	$realname = mysqli_real_escape_string($db_conn, $realname);
 	
 	// Begin transaction
@@ -114,7 +134,8 @@
 		exit(json_encode($result_set));
 	}
 
-	$sql = "SELECT email FROM user_pubinfo WHERE UID = " . $_SESSION["BBS_uid"];
+	$sql = "SELECT nickname, email FROM user_pubinfo WHERE UID = " . $_SESSION["BBS_uid"] .
+			" FOR UPDATE";
 
 	$rs = mysqli_query($db_conn, $sql);
 	if ($rs == false)
@@ -126,8 +147,9 @@
 		exit(json_encode($result_set));
 	}
 
-	if($row = mysqli_fetch_array($rs))
+	if ($row = mysqli_fetch_array($rs))
 	{
+		$old_nickname = $row["nickname"];
 		$old_email = $row["email"];
 	}
 	else
@@ -141,10 +163,110 @@
 
 	mysqli_free_result($rs);
 
+	// Update nickname
+	if ($old_nickname != $nickname)
+	{
+		$sql = "SELECT DISTINCT UID FROM user_nickname WHERE nickname = '$nickname'";
+
+		$rs = mysqli_query($db_conn, $sql);
+		if ($rs == false)
+		{
+			$result_set["return"]["code"] = -2;
+			$result_set["return"]["message"] = "Query nickname error: " . mysqli_error($db_conn);
+	
+			mysqli_close($db_conn);
+			exit(json_encode($result_set));
+		}
+	
+		$free_change = false;
+		if ($row = mysqli_fetch_array($rs))
+		{
+			if ($row["UID"] == $_SESSION["BBS_uid"]) // Re-use old nickname
+			{
+				$free_change = true;
+			}
+			else // Unavailable nickname
+			{
+				$result_set["return"]["code"] = -1;
+				array_push($result_set["return"]["errorFields"], array(
+					"id" => "nickname",
+					"errMsg" => "昵称已存在",
+				));
+	
+				mysqli_close($db_conn);
+				exit(json_encode($result_set));
+			}
+		}
+		mysqli_free_result($rs);
+
+		if (!$free_change)
+		{
+			$ret = score_change($_SESSION["BBS_uid"], -abs($BBS_nickname_change_fee), "更改昵称", $db_conn);
+			if ($ret < 0)
+			{
+				$result_set["return"]["code"] = -2;
+				$result_set["return"]["message"] = "Query score error: " . mysqli_error($db_conn);
+		
+				mysqli_close($db_conn);
+				exit(json_encode($result_set));
+			}
+			else if ($ret > 0)
+			{
+				$result_set["return"]["code"] = -1;
+				array_push($result_set["return"]["errorFields"], array(
+					"id" => "nickname",
+					"errMsg" => "积分不足",
+				));
+		
+				mysqli_close($db_conn);
+				exit(json_encode($result_set));
+			}
+		}
+
+		$sql = "UPDATE user_nickname SET end_dt = NOW(), end_reason = 'C'
+				WHERE UID = " . $_SESSION["BBS_uid"] . " AND end_dt IS NULL";
+
+		$rs = mysqli_query($db_conn, $sql);
+		if ($rs == false)
+		{
+			$result_set["return"]["code"] = -2;
+			$result_set["return"]["message"] = "Update old nickname error: " . mysqli_error($db_conn);
+
+			mysqli_close($db_conn);
+			exit(json_encode($result_set));
+		}
+
+		$sql = "INSERT INTO user_nickname(UID, nickname, begin_dt, begin_reason)
+				VALUES(" . $_SESSION["BBS_uid"] . ", '$nickname', NOW(), 'C')";
+
+		$rs = mysqli_query($db_conn, $sql);
+		if ($rs == false)
+		{
+			$result_set["return"]["code"] = -2;
+			$result_set["return"]["message"] = "Insert new nickname error: " . mysqli_error($db_conn);
+
+			mysqli_close($db_conn);
+			exit(json_encode($result_set));
+		}
+
+		$sql = "UPDATE user_pubinfo SET nickname = '$nickname' WHERE UID = " .
+				$_SESSION["BBS_uid"];
+
+		$rs = mysqli_query($db_conn, $sql);
+		if ($rs == false)
+		{
+			$result_set["return"]["code"] = -2;
+			$result_set["return"]["message"] = "Update nickname error: " . mysqli_error($db_conn);
+
+			mysqli_close($db_conn);
+			exit(json_encode($result_set));
+		}
+	}
+
 	// Update email
 	if ($old_email != $email)
 	{
-		$sql = "SELECT UID FROM user_pubinfo WHERE email = '$email'";
+		$sql = "SELECT UID FROM user_pubinfo WHERE email = '$email' FOR SHARE";
 
 		$rs = mysqli_query($db_conn, $sql);
 		if ($rs == false)