fenglin/bbs/user_service_update_pref.php

<?php
        require_once "../lib/db_open.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "./session_init.inc.php";
        require_once "./check_sub.inc.php";

        force_login();

        $user_tz = (isset($_POST["user_tz"]) ? $_POST["user_tz"] : "");
        $photo = (isset($_POST["photo"]) ? intval($_POST["photo"]) : 0);
        $introduction = str_replace("\r\n", "\n", (isset($_POST["introduction"]) ? $_POST["introduction"] : ""));
        $sign_1 = str_replace("\r\n", "\n", (isset($_POST["sign_1"]) ? $_POST["sign_1"] : ""));
        $sign_2 = str_replace("\r\n", "\n", (isset($_POST["sign_2"]) ? $_POST["sign_2"] : ""));
        $sign_3 = str_replace("\r\n", "\n", (isset($_POST["sign_3"]) ? $_POST["sign_3"] : ""));

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        $timezone_identifiers = DateTimeZone::listIdentifiers();
        if (!in_array($user_tz, $timezone_identifiers, true))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "user_tz",
                        "errMsg" => "不存在的时区",
                ));
        }

        $r_introduction = check_badwords(split_line($introduction, "", 80, 10), "****");
        if ($introduction != $r_introduction)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "introduction",
                        "errMsg" => "不符合要求",
                        "updateValue" => $r_introduction,
                ));
        }

        $r_sign_1 = check_badwords(split_line($sign_1, "", 80, 10), "****");
        if ($sign_1 != $r_sign_1)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "sign_1",
                        "errMsg" => "不符合要求",
                        "updateValue" => $r_sign_1,
                ));
        }

        $r_sign_2 = check_badwords(split_line($sign_2, "", 80, 10), "****");
        if ($sign_2 != $r_sign_2)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "sign_2",
                        "errMsg" => "不符合要求",
                        "updateValue" => $r_sign_2,
                ));
        }

        $r_sign_3 = check_badwords(split_line($sign_3, "", 80, 10), "****");
        if ($sign_3 != $r_sign_3)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "sign_3",
                        "errMsg" => "不符合要求",
                        "updateValue" => $r_sign_3,
                ));
        }

        if ($result_set["return"]["code"] != 0)
        {
                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Validate photo file
        $photo_file_count = (isset($_FILES['photo_file']['error']) ? count($_FILES['photo_file']['error']) : 0);
        if ($photo_file_count > 1)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "photo_file",
                        "errMsg" => "只能上传单个文件",
                ));

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Store photo file
        for ($i = 0; $i < $photo_file_count; $i++)
        {
                if (!isset($_FILES['photo_file']['error'][$i]) || $_FILES['photo_file']['error'][$i] != UPLOAD_ERR_OK)
                {
                        $result_set["return"]["code"] = -1;
                        array_push($result_set["return"]["errorFields"], array(
                                "id" => "photo_file",
                                "errMsg" => "上传文件错误",
                        ));

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                $filesize = $_FILES['photo_file']['size'][$i];
                $filename = $_FILES['photo_file']['name'][$i];

                if ($filesize <= 0)
                {
                        continue;
                }

                if ($filesize > 1024 * 16)
                {
                        $result_set["return"]["code"] = -1;
                        array_push($result_set["return"]["errorFields"], array(
                                "id" => "photo_file",
                                "errMsg" => "文件大小超过限制",
                        ));

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
                switch ($ext)
                {
                        case "bmp":
                        case "gif":
                        case "jpg":
                        case "jpeg":
                        case "png":
                        case "tif":
                        case "tiff":
                                break;
                        default:
                                $result_set["return"]["code"] = -1;
                                array_push($result_set["return"]["errorFields"], array(
                                        "id" => "photo_file",
                                        "errMsg" => "不支持的文件扩展名",
                                ));

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                }

                $finfo = new finfo(FILEINFO_MIME_TYPE);
                $mime_type = $finfo->file($_FILES['photo_file']['tmp_name'][$i]);
                $real_ext = array_search($mime_type, array(
                                'bmp' => 'image/x-ms-bmp',
                                'jpg' => 'image/jpeg',
                                'png' => 'image/png',
                                'gif' => 'image/gif',
                                'tif' => 'image/tiff',
                                ), true);

                if ($real_ext === false)
                {
                        $result_set["return"]["code"] = -1;
                        array_push($result_set["return"]["errorFields"], array(
                                "id" => "photo_file",
                                "errMsg" => "不支持的文件格式",
                        ));

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                if (($size = getimagesize($_FILES['photo_file']['tmp_name'][$i]))==NULL)
                {
                        $result_set["return"]["code"] = -1;
                        array_push($result_set["return"]["errorFields"], array(
                                "id" => "photo_file",
                                "errMsg" => "分析文件出错",
                        ));

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                if ($size[0] > 120 || $size[1] > 120)
                {
                        $result_set["return"]["code"] = -1;
                        array_push($result_set["return"]["errorFields"], array(
                                "id" => "photo_file",
                                "errMsg" => "图片尺寸超过限制",
                        ));

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                $file_path = "images/face/upload_photo/face_" . $_SESSION["BBS_uid"] . "." . $ext;

                if(!move_uploaded_file($_FILES['photo_file']['tmp_name'][$i], $file_path))
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Copy file error";

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }
        }

        // Secure SQL statement
        $introduction = mysqli_real_escape_string($db_conn, $introduction);
        $sign_1 = mysqli_real_escape_string($db_conn, $sign_1);
        $sign_2 = mysqli_real_escape_string($db_conn, $sign_2);
        $sign_3 = mysqli_real_escape_string($db_conn, $sign_3);

        $sql = "UPDATE user_pubinfo SET user_timezone = '$user_tz', introduction = '$introduction', ".
                "sign_1 = '$sign_1', sign_2 = '$sign_2', sign_3 = '$sign_3', ".
                ($photo_file_count > 0 ? "photo = 999, photo_enable = 0, photo_ext='$ext'" : "photo = $photo") .
                " WHERE UID=" . $_SESSION["BBS_uid"];

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Update data error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Update user_tz in session data
        $_SESSION["BBS_user_tz"] = new DateTimeZone($user_tz);

        mysqli_close($db_conn);
        exit(json_encode($result_set));
?>
1	sysadm	1.1	<?php
2			require_once "../lib/db_open.inc.php";
3			require_once "../lib/str_process.inc.php";
4			require_once "./session_init.inc.php";
5			require_once "./check_sub.inc.php";
6
7			force_login();
8
9			$user_tz = (isset($_POST["user_tz"]) ? $_POST["user_tz"] : "");
10			$photo = (isset($_POST["photo"]) ? intval($_POST["photo"]) : 0);
11			$introduction = str_replace("\r\n", "\n", (isset($_POST["introduction"]) ? $_POST["introduction"] : ""));
12			$sign_1 = str_replace("\r\n", "\n", (isset($_POST["sign_1"]) ? $_POST["sign_1"] : ""));
13			$sign_2 = str_replace("\r\n", "\n", (isset($_POST["sign_2"]) ? $_POST["sign_2"] : ""));
14			$sign_3 = str_replace("\r\n", "\n", (isset($_POST["sign_3"]) ? $_POST["sign_3"] : ""));
15
16			$result_set = array(
17			"return" => array(
18			"code" => 0,
19			"message" => "",
20			"errorFields" => array(),
21			)
22			);
23
24			header("Content-Type:application/json; charset=utf-8");
25
26			// Validate input data
27			$timezone_identifiers = DateTimeZone::listIdentifiers();
28			if (!in_array($user_tz, $timezone_identifiers, true))
29			{
30			$result_set["return"]["code"] = -1;
31			array_push($result_set["return"]["errorFields"], array(
32			"id" => "user_tz",
33			"errMsg" => "不存在的时区",
34			));
35			}
36
37			$r_introduction = check_badwords(split_line($introduction, "", 80, 10), "****");
38			if ($introduction != $r_introduction)
39			{
40			$result_set["return"]["code"] = -1;
41			array_push($result_set["return"]["errorFields"], array(
42			"id" => "introduction",
43			"errMsg" => "不符合要求",
44			"updateValue" => $r_introduction,
45			));
46			}
47
48			$r_sign_1 = check_badwords(split_line($sign_1, "", 80, 10), "****");
49			if ($sign_1 != $r_sign_1)
50			{
51			$result_set["return"]["code"] = -1;
52			array_push($result_set["return"]["errorFields"], array(
53			"id" => "sign_1",
54			"errMsg" => "不符合要求",
55			"updateValue" => $r_sign_1,
56			));
57			}
58
59			$r_sign_2 = check_badwords(split_line($sign_2, "", 80, 10), "****");
60			if ($sign_2 != $r_sign_2)
61			{
62			$result_set["return"]["code"] = -1;
63			array_push($result_set["return"]["errorFields"], array(
64			"id" => "sign_2",
65			"errMsg" => "不符合要求",
66			"updateValue" => $r_sign_2,
67			));
68			}
69
70			$r_sign_3 = check_badwords(split_line($sign_3, "", 80, 10), "****");
71			if ($sign_3 != $r_sign_3)
72			{
73			$result_set["return"]["code"] = -1;
74			array_push($result_set["return"]["errorFields"], array(
75			"id" => "sign_3",
76			"errMsg" => "不符合要求",
77			"updateValue" => $r_sign_3,
78			));
79			}
80
81			if ($result_set["return"]["code"] != 0)
82			{
83			mysqli_close($db_conn);
84			exit(json_encode($result_set));
85			}
86
87			// Validate photo file
88			$photo_file_count = (isset($_FILES['photo_file']['error']) ? count($_FILES['photo_file']['error']) : 0);
89			if ($photo_file_count > 1)
90			{
91			$result_set["return"]["code"] = -1;
92			array_push($result_set["return"]["errorFields"], array(
93			"id" => "photo_file",
94			"errMsg" => "只能上传单个文件",
95			));
96
97			mysqli_close($db_conn);
98			exit(json_encode($result_set));
99			}
100
101			// Store photo file
102			for ($i = 0; $i < $photo_file_count; $i++)
103			{
104			if (!isset($_FILES['photo_file']['error'][$i]) \|\| $_FILES['photo_file']['error'][$i] != UPLOAD_ERR_OK)
105			{
106			$result_set["return"]["code"] = -1;
107			array_push($result_set["return"]["errorFields"], array(
108			"id" => "photo_file",
109			"errMsg" => "上传文件错误",
110			));
111	sysadm	1.3
112	sysadm	1.1	mysqli_close($db_conn);
113			exit(json_encode($result_set));
114			}
115
116			$filesize = $_FILES['photo_file']['size'][$i];
117			$filename = $_FILES['photo_file']['name'][$i];
118
119			if ($filesize <= 0)
120			{
121			continue;
122			}
123
124			if ($filesize > 1024 * 16)
125			{
126			$result_set["return"]["code"] = -1;
127			array_push($result_set["return"]["errorFields"], array(
128			"id" => "photo_file",
129			"errMsg" => "文件大小超过限制",
130			));
131	sysadm	1.3
132	sysadm	1.1	mysqli_close($db_conn);
133			exit(json_encode($result_set));
134			}
135
136	sysadm	1.2	$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
137	sysadm	1.1	switch ($ext)
138			{
139			case "bmp":
140			case "gif":
141			case "jpg":
142			case "jpeg":
143			case "png":
144			case "tif":
145			case "tiff":
146			break;
147			default:
148			$result_set["return"]["code"] = -1;
149			array_push($result_set["return"]["errorFields"], array(
150			"id" => "photo_file",
151			"errMsg" => "不支持的文件扩展名",
152			));
153	sysadm	1.3
154	sysadm	1.1	mysqli_close($db_conn);
155			exit(json_encode($result_set));
156			}
157	sysadm	1.3
158	sysadm	1.1	$finfo = new finfo(FILEINFO_MIME_TYPE);
159			$mime_type = $finfo->file($_FILES['photo_file']['tmp_name'][$i]);
160			$real_ext = array_search($mime_type, array(
161			'bmp' => 'image/x-ms-bmp',
162			'jpg' => 'image/jpeg',
163			'png' => 'image/png',
164			'gif' => 'image/gif',
165			'tif' => 'image/tiff',
166			), true);
167	sysadm	1.3
168	sysadm	1.1	if ($real_ext === false)
169			{
170			$result_set["return"]["code"] = -1;
171			array_push($result_set["return"]["errorFields"], array(
172			"id" => "photo_file",
173			"errMsg" => "不支持的文件格式",
174			));
175	sysadm	1.3
176	sysadm	1.1	mysqli_close($db_conn);
177			exit(json_encode($result_set));
178			}
179
180			if (($size = getimagesize($_FILES['photo_file']['tmp_name'][$i]))==NULL)
181			{
182			$result_set["return"]["code"] = -1;
183			array_push($result_set["return"]["errorFields"], array(
184			"id" => "photo_file",
185			"errMsg" => "分析文件出错",
186			));
187	sysadm	1.3
188	sysadm	1.1	mysqli_close($db_conn);
189			exit(json_encode($result_set));
190			}
191	sysadm	1.3
192	sysadm	1.1	if ($size[0] > 120 \|\| $size[1] > 120)
193			{
194			$result_set["return"]["code"] = -1;
195			array_push($result_set["return"]["errorFields"], array(
196			"id" => "photo_file",
197			"errMsg" => "图片尺寸超过限制",
198			));
199	sysadm	1.3
200	sysadm	1.1	mysqli_close($db_conn);
201			exit(json_encode($result_set));
202			}
203
204			$file_path = "images/face/upload_photo/face_" . $_SESSION["BBS_uid"] . "." . $ext;
205
206			if(!move_uploaded_file($_FILES['photo_file']['tmp_name'][$i], $file_path))
207			{
208			$result_set["return"]["code"] = -2;
209			$result_set["return"]["message"] = "Copy file error";
210	sysadm	1.3
211	sysadm	1.1	mysqli_close($db_conn);
212			exit(json_encode($result_set));
213			}
214			}
215
216			// Secure SQL statement
217			$introduction = mysqli_real_escape_string($db_conn, $introduction);
218			$sign_1 = mysqli_real_escape_string($db_conn, $sign_1);
219			$sign_2 = mysqli_real_escape_string($db_conn, $sign_2);
220			$sign_3 = mysqli_real_escape_string($db_conn, $sign_3);
221
222			$sql = "UPDATE user_pubinfo SET user_timezone = '$user_tz', introduction = '$introduction', ".
223			"sign_1 = '$sign_1', sign_2 = '$sign_2', sign_3 = '$sign_3', ".
224			($photo_file_count > 0 ? "photo = 999, photo_enable = 0, photo_ext='$ext'" : "photo = $photo") .
225			" WHERE UID=" . $_SESSION["BBS_uid"];
226
227			$rs = mysqli_query($db_conn, $sql);
228			if ($rs == false)
229			{
230			$result_set["return"]["code"] = -2;
231			$result_set["return"]["message"] = "Update data error: " . mysqli_error($db_conn);
232
233			mysqli_close($db_conn);
234			exit(json_encode($result_set));
235			}
236
237			// Update user_tz in session data
238			$_SESSION["BBS_user_tz"] = new DateTimeZone($user_tz);
239
240			mysqli_close($db_conn);
241			exit(json_encode($result_set));
242			?>
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1