/[LeafOK_CVS]/fenglin/bbs/user_service_update_pref.php
ViewVC logotype

Contents of /fenglin/bbs/user_service_update_pref.php

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.7 - (show annotations)
Thu Nov 6 12:39:59 2025 UTC (4 months, 1 week ago) by sysadm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.6: +3 -2 lines 
Optimize implementation of check_badwords()
Add param $bw_count to get the count of badwords replaced
1 <?php
2 require_once "../lib/db_open.inc.php";
3 require_once "../lib/lml.inc.php";
4 require_once "../lib/str_process.inc.php";
5 require_once "./session_init.inc.php";
6 require_once "./check_sub.inc.php";
7
8 force_login();
9
10 function check_input_data(string $input_str, string $id_str, array & $result_set, int $max_line_cnt) : bool
11 {
12 $bw_count = 0;
13 $r_input_str = check_badwords($input_str, "****", $bw_count);
14 if ($bw_count > 0)
15 {
16 $result_set["return"]["code"] = -1;
17 array_push($result_set["return"]["errorFields"], array(
18 "id" => $id_str,
19 "errMsg" => "非法内容已被过滤",
20 "updateValue" => $r_input_str,
21 ));
22
23 return false;
24 }
25
26 $r_input_str = LML($input_str, 80);
27 if (split_line($r_input_str, "", 256, $max_line_cnt) != $r_input_str)
28 {
29 $result_set["return"]["code"] = -1;
30 array_push($result_set["return"]["errorFields"], array(
31 "id" => $id_str,
32 "errMsg" => "内容超过长度限制",
33 "updateValue" => $input_str,
34 ));
35
36 return false;
37 }
38
39 return true;
40 }
41
42 $user_tz = (isset($_POST["user_tz"]) ? $_POST["user_tz"] : "");
43 $photo = (isset($_POST["photo"]) ? intval($_POST["photo"]) : 0);
44 $introduction = str_replace("\r\n", "\n", (isset($_POST["introduction"]) ? $_POST["introduction"] : ""));
45 $sign_1 = str_replace("\r\n", "\n", (isset($_POST["sign_1"]) ? $_POST["sign_1"] : ""));
46 $sign_2 = str_replace("\r\n", "\n", (isset($_POST["sign_2"]) ? $_POST["sign_2"] : ""));
47 $sign_3 = str_replace("\r\n", "\n", (isset($_POST["sign_3"]) ? $_POST["sign_3"] : ""));
48
49 $result_set = array(
50 "return" => array(
51 "code" => 0,
52 "message" => "",
53 "errorFields" => array(),
54 )
55 );
56
57 header("Content-Type:application/json; charset=utf-8");
58
59 // Validate input data
60 $timezone_identifiers = DateTimeZone::listIdentifiers();
61 if (!in_array($user_tz, $timezone_identifiers, true))
62 {
63 $result_set["return"]["code"] = -1;
64 array_push($result_set["return"]["errorFields"], array(
65 "id" => "user_tz",
66 "errMsg" => "不存在的时区",
67 ));
68 }
69
70 check_input_data($introduction, "introduction", $result_set, 10);
71
72 check_input_data($sign_1, "sign_1", $result_set, 10);
73 check_input_data($sign_2, "sign_2", $result_set, 10);
74 check_input_data($sign_3, "sign_3", $result_set, 10);
75
76 if ($result_set["return"]["code"] != 0)
77 {
78 mysqli_close($db_conn);
79 exit(json_encode($result_set));
80 }
81
82 // Validate photo file
83 $photo_file_count = (isset($_FILES['photo_file']['error']) ? count($_FILES['photo_file']['error']) : 0);
84 if ($photo_file_count > 1)
85 {
86 $result_set["return"]["code"] = -1;
87 array_push($result_set["return"]["errorFields"], array(
88 "id" => "photo_file",
89 "errMsg" => "只能上传单个文件",
90 ));
91
92 mysqli_close($db_conn);
93 exit(json_encode($result_set));
94 }
95
96 // Store photo file
97 for ($i = 0; $i < $photo_file_count; $i++)
98 {
99 if (!isset($_FILES['photo_file']['error'][$i]) || $_FILES['photo_file']['error'][$i] != UPLOAD_ERR_OK)
100 {
101 $result_set["return"]["code"] = -1;
102 array_push($result_set["return"]["errorFields"], array(
103 "id" => "photo_file",
104 "errMsg" => "上传文件错误",
105 ));
106
107 mysqli_close($db_conn);
108 exit(json_encode($result_set));
109 }
110
111 $filesize = $_FILES['photo_file']['size'][$i];
112 $filename = $_FILES['photo_file']['name'][$i];
113
114 if ($filesize <= 0)
115 {
116 continue;
117 }
118
119 if ($filesize > 1024 * 16)
120 {
121 $result_set["return"]["code"] = -1;
122 array_push($result_set["return"]["errorFields"], array(
123 "id" => "photo_file",
124 "errMsg" => "文件大小超过限制",
125 ));
126
127 mysqli_close($db_conn);
128 exit(json_encode($result_set));
129 }
130
131 $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
132 switch ($ext)
133 {
134 case "bmp":
135 case "gif":
136 case "jpg":
137 case "jpeg":
138 case "png":
139 case "tif":
140 case "tiff":
141 break;
142 default:
143 $result_set["return"]["code"] = -1;
144 array_push($result_set["return"]["errorFields"], array(
145 "id" => "photo_file",
146 "errMsg" => "不支持的文件扩展名",
147 ));
148
149 mysqli_close($db_conn);
150 exit(json_encode($result_set));
151 }
152
153 $finfo = new finfo(FILEINFO_MIME_TYPE);
154 $mime_type = $finfo->file($_FILES['photo_file']['tmp_name'][$i]);
155 $real_ext = array_search($mime_type, array(
156 'bmp' => 'image/x-ms-bmp',
157 'jpg' => 'image/jpeg',
158 'png' => 'image/png',
159 'gif' => 'image/gif',
160 'tif' => 'image/tiff',
161 ), true);
162
163 if ($real_ext === false)
164 {
165 $result_set["return"]["code"] = -1;
166 array_push($result_set["return"]["errorFields"], array(
167 "id" => "photo_file",
168 "errMsg" => "不支持的文件格式",
169 ));
170
171 mysqli_close($db_conn);
172 exit(json_encode($result_set));
173 }
174
175 if (($size = getimagesize($_FILES['photo_file']['tmp_name'][$i]))==NULL)
176 {
177 $result_set["return"]["code"] = -1;
178 array_push($result_set["return"]["errorFields"], array(
179 "id" => "photo_file",
180 "errMsg" => "分析文件出错",
181 ));
182
183 mysqli_close($db_conn);
184 exit(json_encode($result_set));
185 }
186
187 if ($size[0] > 120 || $size[1] > 120)
188 {
189 $result_set["return"]["code"] = -1;
190 array_push($result_set["return"]["errorFields"], array(
191 "id" => "photo_file",
192 "errMsg" => "图片尺寸超过限制",
193 ));
194
195 mysqli_close($db_conn);
196 exit(json_encode($result_set));
197 }
198
199 $file_path = "images/face/upload_photo/face_" . $_SESSION["BBS_uid"] . "." . $ext;
200
201 if(!move_uploaded_file($_FILES['photo_file']['tmp_name'][$i], $file_path))
202 {
203 $result_set["return"]["code"] = -2;
204 $result_set["return"]["message"] = "Copy file error";
205
206 mysqli_close($db_conn);
207 exit(json_encode($result_set));
208 }
209 }
210
211 // Secure SQL statement
212 $introduction = mysqli_real_escape_string($db_conn, $introduction);
213 $sign_1 = mysqli_real_escape_string($db_conn, $sign_1);
214 $sign_2 = mysqli_real_escape_string($db_conn, $sign_2);
215 $sign_3 = mysqli_real_escape_string($db_conn, $sign_3);
216
217 $sql = "UPDATE user_pubinfo SET user_timezone = '$user_tz', introduction = '$introduction', ".
218 "sign_1 = '$sign_1', sign_2 = '$sign_2', sign_3 = '$sign_3', ".
219 ($photo_file_count > 0 ? "photo = 999, photo_enable = 0, photo_ext='$ext'" : "photo = $photo") .
220 " WHERE UID=" . $_SESSION["BBS_uid"];
221
222 $rs = mysqli_query($db_conn, $sql);
223 if ($rs == false)
224 {
225 $result_set["return"]["code"] = -2;
226 $result_set["return"]["message"] = "Update data error: " . mysqli_error($db_conn);
227
228 mysqli_close($db_conn);
229 exit(json_encode($result_set));
230 }
231
232 // Update user_tz in session data
233 $_SESSION["BBS_user_tz"] = new DateTimeZone($user_tz);
234
235 mysqli_close($db_conn);
236 exit(json_encode($result_set));
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1