/[LeafOK_CVS]/fenglin/bbs/user_service_update_pref.php
ViewVC logotype

Annotation of /fenglin/bbs/user_service_update_pref.php

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.7 - (hide annotations)
Thu Nov 6 12:39:59 2025 UTC (4 months, 1 week ago) by sysadm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.6: +3 -2 lines 
Optimize implementation of check_badwords()
Add param $bw_count to get the count of badwords replaced
1 sysadm 1.1 <?php
2     require_once "../lib/db_open.inc.php";
3 sysadm 1.6 require_once "../lib/lml.inc.php";
4 sysadm 1.1 require_once "../lib/str_process.inc.php";
5     require_once "./session_init.inc.php";
6     require_once "./check_sub.inc.php";
7    
8     force_login();
9    
10 sysadm 1.6 function check_input_data(string $input_str, string $id_str, array & $result_set, int $max_line_cnt) : bool
11     {
12 sysadm 1.7 $bw_count = 0;
13     $r_input_str = check_badwords($input_str, "****", $bw_count);
14     if ($bw_count > 0)
15 sysadm 1.6 {
16     $result_set["return"]["code"] = -1;
17     array_push($result_set["return"]["errorFields"], array(
18     "id" => $id_str,
19     "errMsg" => "非法内容已被过滤",
20     "updateValue" => $r_input_str,
21     ));
22    
23     return false;
24     }
25    
26     $r_input_str = LML($input_str, 80);
27     if (split_line($r_input_str, "", 256, $max_line_cnt) != $r_input_str)
28     {
29     $result_set["return"]["code"] = -1;
30     array_push($result_set["return"]["errorFields"], array(
31     "id" => $id_str,
32     "errMsg" => "内容超过长度限制",
33     "updateValue" => $input_str,
34     ));
35    
36     return false;
37     }
38    
39     return true;
40     }
41    
42 sysadm 1.1 $user_tz = (isset($_POST["user_tz"]) ? $_POST["user_tz"] : "");
43     $photo = (isset($_POST["photo"]) ? intval($_POST["photo"]) : 0);
44     $introduction = str_replace("\r\n", "\n", (isset($_POST["introduction"]) ? $_POST["introduction"] : ""));
45     $sign_1 = str_replace("\r\n", "\n", (isset($_POST["sign_1"]) ? $_POST["sign_1"] : ""));
46     $sign_2 = str_replace("\r\n", "\n", (isset($_POST["sign_2"]) ? $_POST["sign_2"] : ""));
47     $sign_3 = str_replace("\r\n", "\n", (isset($_POST["sign_3"]) ? $_POST["sign_3"] : ""));
48    
49     $result_set = array(
50     "return" => array(
51     "code" => 0,
52     "message" => "",
53     "errorFields" => array(),
54     )
55     );
56    
57     header("Content-Type:application/json; charset=utf-8");
58    
59     // Validate input data
60     $timezone_identifiers = DateTimeZone::listIdentifiers();
61     if (!in_array($user_tz, $timezone_identifiers, true))
62     {
63     $result_set["return"]["code"] = -1;
64     array_push($result_set["return"]["errorFields"], array(
65     "id" => "user_tz",
66     "errMsg" => "不存在的时区",
67     ));
68     }
69    
70 sysadm 1.6 check_input_data($introduction, "introduction", $result_set, 10);
71 sysadm 1.1
72 sysadm 1.6 check_input_data($sign_1, "sign_1", $result_set, 10);
73     check_input_data($sign_2, "sign_2", $result_set, 10);
74     check_input_data($sign_3, "sign_3", $result_set, 10);
75 sysadm 1.1
76     if ($result_set["return"]["code"] != 0)
77     {
78     mysqli_close($db_conn);
79     exit(json_encode($result_set));
80     }
81    
82     // Validate photo file
83     $photo_file_count = (isset($_FILES['photo_file']['error']) ? count($_FILES['photo_file']['error']) : 0);
84     if ($photo_file_count > 1)
85     {
86     $result_set["return"]["code"] = -1;
87     array_push($result_set["return"]["errorFields"], array(
88     "id" => "photo_file",
89     "errMsg" => "只能上传单个文件",
90     ));
91    
92     mysqli_close($db_conn);
93     exit(json_encode($result_set));
94     }
95    
96     // Store photo file
97     for ($i = 0; $i < $photo_file_count; $i++)
98     {
99     if (!isset($_FILES['photo_file']['error'][$i]) || $_FILES['photo_file']['error'][$i] != UPLOAD_ERR_OK)
100     {
101     $result_set["return"]["code"] = -1;
102     array_push($result_set["return"]["errorFields"], array(
103     "id" => "photo_file",
104     "errMsg" => "上传文件错误",
105     ));
106 sysadm 1.3
107 sysadm 1.1 mysqli_close($db_conn);
108     exit(json_encode($result_set));
109     }
110    
111     $filesize = $_FILES['photo_file']['size'][$i];
112     $filename = $_FILES['photo_file']['name'][$i];
113    
114     if ($filesize <= 0)
115     {
116     continue;
117     }
118    
119     if ($filesize > 1024 * 16)
120     {
121     $result_set["return"]["code"] = -1;
122     array_push($result_set["return"]["errorFields"], array(
123     "id" => "photo_file",
124     "errMsg" => "文件大小超过限制",
125     ));
126 sysadm 1.3
127 sysadm 1.1 mysqli_close($db_conn);
128     exit(json_encode($result_set));
129     }
130    
131 sysadm 1.2 $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
132 sysadm 1.1 switch ($ext)
133     {
134     case "bmp":
135     case "gif":
136     case "jpg":
137     case "jpeg":
138     case "png":
139     case "tif":
140     case "tiff":
141     break;
142     default:
143     $result_set["return"]["code"] = -1;
144     array_push($result_set["return"]["errorFields"], array(
145     "id" => "photo_file",
146     "errMsg" => "不支持的文件扩展名",
147     ));
148 sysadm 1.3
149 sysadm 1.1 mysqli_close($db_conn);
150     exit(json_encode($result_set));
151     }
152 sysadm 1.3
153 sysadm 1.1 $finfo = new finfo(FILEINFO_MIME_TYPE);
154     $mime_type = $finfo->file($_FILES['photo_file']['tmp_name'][$i]);
155     $real_ext = array_search($mime_type, array(
156     'bmp' => 'image/x-ms-bmp',
157     'jpg' => 'image/jpeg',
158     'png' => 'image/png',
159     'gif' => 'image/gif',
160     'tif' => 'image/tiff',
161     ), true);
162 sysadm 1.3
163 sysadm 1.1 if ($real_ext === false)
164     {
165     $result_set["return"]["code"] = -1;
166     array_push($result_set["return"]["errorFields"], array(
167     "id" => "photo_file",
168     "errMsg" => "不支持的文件格式",
169     ));
170 sysadm 1.3
171 sysadm 1.1 mysqli_close($db_conn);
172     exit(json_encode($result_set));
173     }
174    
175     if (($size = getimagesize($_FILES['photo_file']['tmp_name'][$i]))==NULL)
176     {
177     $result_set["return"]["code"] = -1;
178     array_push($result_set["return"]["errorFields"], array(
179     "id" => "photo_file",
180     "errMsg" => "分析文件出错",
181     ));
182 sysadm 1.3
183 sysadm 1.1 mysqli_close($db_conn);
184     exit(json_encode($result_set));
185     }
186 sysadm 1.3
187 sysadm 1.1 if ($size[0] > 120 || $size[1] > 120)
188     {
189     $result_set["return"]["code"] = -1;
190     array_push($result_set["return"]["errorFields"], array(
191     "id" => "photo_file",
192     "errMsg" => "图片尺寸超过限制",
193     ));
194 sysadm 1.3
195 sysadm 1.1 mysqli_close($db_conn);
196     exit(json_encode($result_set));
197     }
198    
199     $file_path = "images/face/upload_photo/face_" . $_SESSION["BBS_uid"] . "." . $ext;
200    
201     if(!move_uploaded_file($_FILES['photo_file']['tmp_name'][$i], $file_path))
202     {
203     $result_set["return"]["code"] = -2;
204     $result_set["return"]["message"] = "Copy file error";
205 sysadm 1.3
206 sysadm 1.1 mysqli_close($db_conn);
207     exit(json_encode($result_set));
208     }
209     }
210    
211     // Secure SQL statement
212     $introduction = mysqli_real_escape_string($db_conn, $introduction);
213     $sign_1 = mysqli_real_escape_string($db_conn, $sign_1);
214     $sign_2 = mysqli_real_escape_string($db_conn, $sign_2);
215     $sign_3 = mysqli_real_escape_string($db_conn, $sign_3);
216    
217     $sql = "UPDATE user_pubinfo SET user_timezone = '$user_tz', introduction = '$introduction', ".
218     "sign_1 = '$sign_1', sign_2 = '$sign_2', sign_3 = '$sign_3', ".
219     ($photo_file_count > 0 ? "photo = 999, photo_enable = 0, photo_ext='$ext'" : "photo = $photo") .
220     " WHERE UID=" . $_SESSION["BBS_uid"];
221    
222     $rs = mysqli_query($db_conn, $sql);
223     if ($rs == false)
224     {
225     $result_set["return"]["code"] = -2;
226     $result_set["return"]["message"] = "Update data error: " . mysqli_error($db_conn);
227    
228     mysqli_close($db_conn);
229     exit(json_encode($result_set));
230     }
231    
232     // Update user_tz in session data
233     $_SESSION["BBS_user_tz"] = new DateTimeZone($user_tz);
234    
235     mysqli_close($db_conn);
236     exit(json_encode($result_set));
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1