fenglin/bbs/user_service_update_profile.php

<?php
        require_once "../lib/common.inc.php";
        require_once "../lib/db_open.inc.php";
        require_once "../lib//score_change.inc.php";
        require_once "../lib/send_mail.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "../lib/passwd.inc.php";
        require_once "./session_init.inc.php";
        require_once "./user_reg_check.inc.php";

        force_login();

        $data = json_decode(file_get_contents("php://input"), true);

        $nickname = (isset($data["nickname"]) ? trim($data["nickname"]) : "");
        $realname = (isset($data["realname"]) ? trim($data["realname"]) : "");
        $gender = (isset($data["gender"]) ? $data["gender"] : "");
        $gender_public = (isset($data["gender_public"]) && $data["gender_public"] == "1" ? 1 : 0);
        $email = (isset($data["email"]) ? trim($data["email"]) : "");
        $year = (isset($data["year"]) ? intval($data["year"]) : 0);
        $month = (isset($data["month"]) ? intval($data["month"]) : 0);
        $day = (isset($data["day"]) ? intval($data["day"]) : 0);
        $qq = (isset($data["qq"]) ? trim($data["qq"]) : "");

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if ($nickname == "" || preg_match("/[[:space:]]/", $nickname) || str_length($nickname) > 20)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "nickname",
                        "errMsg" => "不符合格式要求",
                ));
        }
        else if (!check_str($nickname) && !$_SESSION["BBS_priv"]->checklevel(P_ADMIN_M | P_ADMIN_S))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "nickname",
                        "errMsg" => "昵称不可用",
                ));
        }

        if ($realname == "" || preg_match("/[\t\r\n]/", $realname) || str_length($realname) > 10)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "realname",
                        "errMsg" => "不符合格式要求",
                ));
        }

        if ($gender != "M" && $gender != "F")
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "gender",
                        "errMsg" => "未指定性别",
                ));
        }

        if (!preg_match("/^[A-Za-z0-9_.-]+@([A-Za-z0-9-]+[.])+[A-Za-z0-9-]+$/", $email))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "email",
                        "errMsg" => "不符合格式要求",
                ));
        }

        if (!checkdate($month, $day, $year))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "birthday",
                        "errMsg" => "非法日期",
                ));
        }
        else if ((new DateTimeImmutable("$year-$month-$day")) > (new DateTimeImmutable("-16 year")))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "birthday",
                        "errMsg" => "需年满16周岁才能使用本站服务",
                ));
        }

        if ($qq != "" && !preg_match("/^[0-9]{5,11}$/", $qq))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "qq",
                        "errMsg" => "不符合格式要求",
                ));
        }

        if ($result_set["return"]["code"] != 0)
        {
                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Secure SQL statement
        $nickname = mysqli_real_escape_string($db_conn, $nickname);
        $realname = mysqli_real_escape_string($db_conn, $realname);

        // Begin transaction
        $rs = mysqli_query($db_conn, "SET autocommit=0");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $rs = mysqli_query($db_conn, "BEGIN");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $sql = "SELECT nickname, email FROM user_pubinfo WHERE UID = " . $_SESSION["BBS_uid"] .
                        " FOR UPDATE";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user info error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if ($row = mysqli_fetch_array($rs))
        {
                $old_nickname = $row["nickname"];
                $old_email = $row["email"];
        }
        else
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "个人资料不存在";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_free_result($rs);

        // Update nickname
        if ($old_nickname != $nickname)
        {
                $sql = "SELECT DISTINCT UID FROM user_nickname WHERE nickname = '$nickname'";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Query nickname error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                $free_change = false;
                if ($row = mysqli_fetch_array($rs))
                {
                        if ($row["UID"] == $_SESSION["BBS_uid"]) // Re-use old nickname
                        {
                                $free_change = true;
                        }
                        else // Unavailable nickname
                        {
                                $result_set["return"]["code"] = -1;
                                array_push($result_set["return"]["errorFields"], array(
                                        "id" => "nickname",
                                        "errMsg" => "昵称已存在",
                                ));

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }
                mysqli_free_result($rs);

                if (!$free_change)
                {
                        $ret = score_change($_SESSION["BBS_uid"], -abs($BBS_nickname_change_fee), "更改昵称", $db_conn);
                        if ($ret < 0)
                        {
                                $result_set["return"]["code"] = -2;
                                $result_set["return"]["message"] = "Query score error: " . mysqli_error($db_conn);

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                        else if ($ret > 0)
                        {
                                $result_set["return"]["code"] = -1;
                                array_push($result_set["return"]["errorFields"], array(
                                        "id" => "nickname",
                                        "errMsg" => "积分不足",
                                ));

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }

                $sql = "UPDATE user_nickname SET end_dt = NOW(), end_reason = 'C'
                                WHERE UID = " . $_SESSION["BBS_uid"] . " AND end_dt IS NULL";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Update old nickname error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                $sql = "INSERT INTO user_nickname(UID, nickname, begin_dt, begin_reason)
                                VALUES(" . $_SESSION["BBS_uid"] . ", '$nickname', NOW(), 'C')";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Insert new nickname error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                $sql = "UPDATE user_pubinfo SET nickname = '$nickname' WHERE UID = " .
                                $_SESSION["BBS_uid"];

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Update nickname error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }
        }

        // Update email
        if ($old_email != $email)
        {
                $sql = "SELECT UID FROM user_pubinfo WHERE email = '$email' FOR SHARE";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Query user email error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                if (mysqli_num_rows($rs) >= $BBS_max_user_per_email)
                {
                        $result_set["return"]["code"] = -1;
                        array_push($result_set["return"]["errorFields"], array(
                                "id" => "email",
                                "errMsg" => "该邮箱的使用次数已超过限制",
                        ));

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }
                mysqli_free_result($rs);

                // Generate verify code
                $verify_code = gen_passwd(10);

                $sql = "INSERT INTO user_modify_email_verify (UID, email, verify_code, dt, ip) VALUES(" .
                                $_SESSION["BBS_uid"] . ", '$email', '$verify_code', NOW(), '" . client_addr() . "')";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Update email error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                //Send mail
                $from = "";
                $fromname = $BBS_name;
                $to = $email;
                $toname = $_SESSION["BBS_username"];
                $subject = $BBS_name . "修改邮件地址确认";
                $body = $_SESSION["BBS_username"] . ":\n    您好！\n" .
                                "    请访问以下链接确认更改注册邮件地址：\n" .
                                "https://$BBS_host_name/bbs/user_email_verify.php?code=$verify_code\n\n" .
                                "    感谢您的大力支持！\n\n" .
                                $BBS_name . "\n" . date("Y年m月d日") . "\n";

                $ret = send_mail($from, $fromname, $to, $toname, $subject, $body, $db_conn);
                if ($ret == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Add email error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }
        }

        $sql = "UPDATE user_reginfo SET name = '$realname',
                        birthday = '$year-$month-$day', signup_ip='" . client_addr() .
                        "' WHERE UID = " . $_SESSION["BBS_uid"];

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Update user reginfo error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $sql = "UPDATE user_pubinfo SET gender = '$gender', gender_pub = $gender_public,
                        qq = '$qq' WHERE UID =" . $_SESSION["BBS_uid"];

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Update user pubinfo error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $sql = "INSERT INTO user_modify_log(UID, modify_dt, modify_ip, complete) VALUES(".
                        $_SESSION["BBS_uid"] . ", NOW(), '" . client_addr() . "', 1)";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Add log error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        //Send mail
        $from = "";
        $fromname = $BBS_name;
        $to = $old_email;
        $toname = $_SESSION["BBS_username"];
        $subject = $BBS_name . "用户资料更改通知";
        $body = $_SESSION["BBS_username"] . ":\n    您好！\n" .
                        "    您在本站的注册资料已经于" . date("Y年m月d日 H:i:s") . "更改。\n" .
                        "    为了您的个人资料的安全，如果此情况与事实不符，请立即与我们联系。\n\n" .
                        $BBS_name . "\n" . date("Y年m月d日") . "\n";

        $ret = send_mail($from, $fromname, $to, $toname, $subject, $body, $db_conn);
        if ($ret == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Add email error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Commit transaction
        $rs = mysqli_query($db_conn, "COMMIT");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $rs = mysqli_query($db_conn, "SET autocommit=1");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (send_mail_do($db_conn) < 0)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "User updated, but send mail error";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
1	sysadm	1.1	<?php
2			require_once "../lib/common.inc.php";
3			require_once "../lib/db_open.inc.php";
4			require_once "../lib//score_change.inc.php";
5			require_once "../lib/send_mail.inc.php";
6			require_once "../lib/str_process.inc.php";
7			require_once "../lib/passwd.inc.php";
8			require_once "./session_init.inc.php";
9			require_once "./user_reg_check.inc.php";
10
11			force_login();
12
13			$data = json_decode(file_get_contents("php://input"), true);
14
15			$nickname = (isset($data["nickname"]) ? trim($data["nickname"]) : "");
16			$realname = (isset($data["realname"]) ? trim($data["realname"]) : "");
17			$gender = (isset($data["gender"]) ? $data["gender"] : "");
18			$gender_public = (isset($data["gender_public"]) && $data["gender_public"] == "1" ? 1 : 0);
19			$email = (isset($data["email"]) ? trim($data["email"]) : "");
20			$year = (isset($data["year"]) ? intval($data["year"]) : 0);
21			$month = (isset($data["month"]) ? intval($data["month"]) : 0);
22			$day = (isset($data["day"]) ? intval($data["day"]) : 0);
23			$qq = (isset($data["qq"]) ? trim($data["qq"]) : "");
24
25			$result_set = array(
26			"return" => array(
27			"code" => 0,
28			"message" => "",
29			"errorFields" => array(),
30			)
31			);
32
33			header("Content-Type:application/json; charset=utf-8");
34
35			// Validate input data
36			if ($nickname == "" \|\| preg_match("/[[:space:]]/", $nickname) \|\| str_length($nickname) > 20)
37			{
38			$result_set["return"]["code"] = -1;
39			array_push($result_set["return"]["errorFields"], array(
40			"id" => "nickname",
41			"errMsg" => "不符合格式要求",
42			));
43			}
44			else if (!check_str($nickname) && !$_SESSION["BBS_priv"]->checklevel(P_ADMIN_M \| P_ADMIN_S))
45			{
46			$result_set["return"]["code"] = -1;
47			array_push($result_set["return"]["errorFields"], array(
48			"id" => "nickname",
49			"errMsg" => "昵称不可用",
50			));
51			}
52
53			if ($realname == "" \|\| preg_match("/[\t\r\n]/", $realname) \|\| str_length($realname) > 10)
54			{
55			$result_set["return"]["code"] = -1;
56			array_push($result_set["return"]["errorFields"], array(
57			"id" => "realname",
58			"errMsg" => "不符合格式要求",
59			));
60			}
61
62			if ($gender != "M" && $gender != "F")
63			{
64			$result_set["return"]["code"] = -1;
65			array_push($result_set["return"]["errorFields"], array(
66			"id" => "gender",
67			"errMsg" => "未指定性别",
68			));
69			}
70
71			if (!preg_match("/^[A-Za-z0-9_.-]+@([A-Za-z0-9-]+[.])+[A-Za-z0-9-]+$/", $email))
72			{
73			$result_set["return"]["code"] = -1;
74			array_push($result_set["return"]["errorFields"], array(
75			"id" => "email",
76			"errMsg" => "不符合格式要求",
77			));
78			}
79
80			if (!checkdate($month, $day, $year))
81			{
82			$result_set["return"]["code"] = -1;
83			array_push($result_set["return"]["errorFields"], array(
84			"id" => "birthday",
85			"errMsg" => "非法日期",
86			));
87			}
88			else if ((new DateTimeImmutable("$year-$month-$day")) > (new DateTimeImmutable("-16 year")))
89			{
90			$result_set["return"]["code"] = -1;
91			array_push($result_set["return"]["errorFields"], array(
92			"id" => "birthday",
93			"errMsg" => "需年满16周岁才能使用本站服务",
94			));
95			}
96
97			if ($qq != "" && !preg_match("/^[0-9]{5,11}$/", $qq))
98			{
99			$result_set["return"]["code"] = -1;
100			array_push($result_set["return"]["errorFields"], array(
101			"id" => "qq",
102			"errMsg" => "不符合格式要求",
103			));
104			}
105
106			if ($result_set["return"]["code"] != 0)
107			{
108			mysqli_close($db_conn);
109			exit(json_encode($result_set));
110			}
111
112			// Secure SQL statement
113			$nickname = mysqli_real_escape_string($db_conn, $nickname);
114			$realname = mysqli_real_escape_string($db_conn, $realname);
115	sysadm	1.2
116	sysadm	1.1	// Begin transaction
117			$rs = mysqli_query($db_conn, "SET autocommit=0");
118			if ($rs == false)
119			{
120			$result_set["return"]["code"] = -2;
121			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
122
123			mysqli_close($db_conn);
124			exit(json_encode($result_set));
125			}
126	sysadm	1.2
127	sysadm	1.1	$rs = mysqli_query($db_conn, "BEGIN");
128			if ($rs == false)
129			{
130			$result_set["return"]["code"] = -2;
131			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
132
133			mysqli_close($db_conn);
134			exit(json_encode($result_set));
135			}
136
137			$sql = "SELECT nickname, email FROM user_pubinfo WHERE UID = " . $_SESSION["BBS_uid"] .
138			" FOR UPDATE";
139
140			$rs = mysqli_query($db_conn, $sql);
141			if ($rs == false)
142			{
143			$result_set["return"]["code"] = -2;
144			$result_set["return"]["message"] = "Query user info error: " . mysqli_error($db_conn);
145
146			mysqli_close($db_conn);
147			exit(json_encode($result_set));
148			}
149
150			if ($row = mysqli_fetch_array($rs))
151			{
152			$old_nickname = $row["nickname"];
153			$old_email = $row["email"];
154			}
155			else
156			{
157			$result_set["return"]["code"] = -2;
158			$result_set["return"]["message"] = "个人资料不存在";
159
160			mysqli_close($db_conn);
161			exit(json_encode($result_set));
162			}
163
164			mysqli_free_result($rs);
165
166			// Update nickname
167			if ($old_nickname != $nickname)
168			{
169			$sql = "SELECT DISTINCT UID FROM user_nickname WHERE nickname = '$nickname'";
170
171			$rs = mysqli_query($db_conn, $sql);
172			if ($rs == false)
173			{
174			$result_set["return"]["code"] = -2;
175			$result_set["return"]["message"] = "Query nickname error: " . mysqli_error($db_conn);
176	sysadm	1.2
177	sysadm	1.1	mysqli_close($db_conn);
178			exit(json_encode($result_set));
179			}
180	sysadm	1.2
181	sysadm	1.1	$free_change = false;
182			if ($row = mysqli_fetch_array($rs))
183			{
184			if ($row["UID"] == $_SESSION["BBS_uid"]) // Re-use old nickname
185			{
186			$free_change = true;
187			}
188			else // Unavailable nickname
189			{
190			$result_set["return"]["code"] = -1;
191			array_push($result_set["return"]["errorFields"], array(
192			"id" => "nickname",
193			"errMsg" => "昵称已存在",
194			));
195	sysadm	1.2
196	sysadm	1.1	mysqli_close($db_conn);
197			exit(json_encode($result_set));
198			}
199			}
200			mysqli_free_result($rs);
201
202			if (!$free_change)
203			{
204			$ret = score_change($_SESSION["BBS_uid"], -abs($BBS_nickname_change_fee), "更改昵称", $db_conn);
205			if ($ret < 0)
206			{
207			$result_set["return"]["code"] = -2;
208			$result_set["return"]["message"] = "Query score error: " . mysqli_error($db_conn);
209	sysadm	1.2
210	sysadm	1.1	mysqli_close($db_conn);
211			exit(json_encode($result_set));
212			}
213			else if ($ret > 0)
214			{
215			$result_set["return"]["code"] = -1;
216			array_push($result_set["return"]["errorFields"], array(
217			"id" => "nickname",
218			"errMsg" => "积分不足",
219			));
220	sysadm	1.2
221	sysadm	1.1	mysqli_close($db_conn);
222			exit(json_encode($result_set));
223			}
224			}
225
226			$sql = "UPDATE user_nickname SET end_dt = NOW(), end_reason = 'C'
227			WHERE UID = " . $_SESSION["BBS_uid"] . " AND end_dt IS NULL";
228
229			$rs = mysqli_query($db_conn, $sql);
230			if ($rs == false)
231			{
232			$result_set["return"]["code"] = -2;
233			$result_set["return"]["message"] = "Update old nickname error: " . mysqli_error($db_conn);
234
235			mysqli_close($db_conn);
236			exit(json_encode($result_set));
237			}
238
239			$sql = "INSERT INTO user_nickname(UID, nickname, begin_dt, begin_reason)
240			VALUES(" . $_SESSION["BBS_uid"] . ", '$nickname', NOW(), 'C')";
241
242			$rs = mysqli_query($db_conn, $sql);
243			if ($rs == false)
244			{
245			$result_set["return"]["code"] = -2;
246			$result_set["return"]["message"] = "Insert new nickname error: " . mysqli_error($db_conn);
247
248			mysqli_close($db_conn);
249			exit(json_encode($result_set));
250			}
251
252			$sql = "UPDATE user_pubinfo SET nickname = '$nickname' WHERE UID = " .
253			$_SESSION["BBS_uid"];
254
255			$rs = mysqli_query($db_conn, $sql);
256			if ($rs == false)
257			{
258			$result_set["return"]["code"] = -2;
259			$result_set["return"]["message"] = "Update nickname error: " . mysqli_error($db_conn);
260
261			mysqli_close($db_conn);
262			exit(json_encode($result_set));
263			}
264			}
265
266			// Update email
267			if ($old_email != $email)
268			{
269			$sql = "SELECT UID FROM user_pubinfo WHERE email = '$email' FOR SHARE";
270
271			$rs = mysqli_query($db_conn, $sql);
272			if ($rs == false)
273			{
274			$result_set["return"]["code"] = -2;
275			$result_set["return"]["message"] = "Query user email error: " . mysqli_error($db_conn);
276
277			mysqli_close($db_conn);
278			exit(json_encode($result_set));
279			}
280
281			if (mysqli_num_rows($rs) >= $BBS_max_user_per_email)
282			{
283			$result_set["return"]["code"] = -1;
284			array_push($result_set["return"]["errorFields"], array(
285			"id" => "email",
286			"errMsg" => "该邮箱的使用次数已超过限制",
287			));
288
289			mysqli_close($db_conn);
290			exit(json_encode($result_set));
291			}
292			mysqli_free_result($rs);
293
294			// Generate verify code
295			$verify_code = gen_passwd(10);
296
297			$sql = "INSERT INTO user_modify_email_verify (UID, email, verify_code, dt, ip) VALUES(" .
298			$_SESSION["BBS_uid"] . ", '$email', '$verify_code', NOW(), '" . client_addr() . "')";
299
300			$rs = mysqli_query($db_conn, $sql);
301			if ($rs == false)
302			{
303			$result_set["return"]["code"] = -2;
304			$result_set["return"]["message"] = "Update email error: " . mysqli_error($db_conn);
305
306			mysqli_close($db_conn);
307			exit(json_encode($result_set));
308			}
309
310			//Send mail
311			$from = "";
312			$fromname = $BBS_name;
313			$to = $email;
314			$toname = $_SESSION["BBS_username"];
315			$subject = $BBS_name . "修改邮件地址确认";
316			$body = $_SESSION["BBS_username"] . ":\n 您好！\n" .
317			" 请访问以下链接确认更改注册邮件地址：\n" .
318			"https://$BBS_host_name/bbs/user_email_verify.php?code=$verify_code\n\n" .
319			" 感谢您的大力支持！\n\n" .
320			$BBS_name . "\n" . date("Y年m月d日") . "\n";
321
322			$ret = send_mail($from, $fromname, $to, $toname, $subject, $body, $db_conn);
323			if ($ret == false)
324			{
325			$result_set["return"]["code"] = -2;
326			$result_set["return"]["message"] = "Add email error: " . mysqli_error($db_conn);
327
328			mysqli_close($db_conn);
329			exit(json_encode($result_set));
330			}
331			}
332
333			$sql = "UPDATE user_reginfo SET name = '$realname',
334			birthday = '$year-$month-$day', signup_ip='" . client_addr() .
335			"' WHERE UID = " . $_SESSION["BBS_uid"];
336
337			$rs = mysqli_query($db_conn, $sql);
338			if ($rs == false)
339			{
340			$result_set["return"]["code"] = -2;
341			$result_set["return"]["message"] = "Update user reginfo error: " . mysqli_error($db_conn);
342
343			mysqli_close($db_conn);
344			exit(json_encode($result_set));
345			}
346
347			$sql = "UPDATE user_pubinfo SET gender = '$gender', gender_pub = $gender_public,
348			qq = '$qq' WHERE UID =" . $_SESSION["BBS_uid"];
349
350			$rs = mysqli_query($db_conn, $sql);
351			if ($rs == false)
352			{
353			$result_set["return"]["code"] = -2;
354			$result_set["return"]["message"] = "Update user pubinfo error: " . mysqli_error($db_conn);
355
356			mysqli_close($db_conn);
357			exit(json_encode($result_set));
358			}
359
360			$sql = "INSERT INTO user_modify_log(UID, modify_dt, modify_ip, complete) VALUES(".
361			$_SESSION["BBS_uid"] . ", NOW(), '" . client_addr() . "', 1)";
362
363			$rs = mysqli_query($db_conn, $sql);
364			if ($rs == false)
365			{
366			$result_set["return"]["code"] = -2;
367			$result_set["return"]["message"] = "Add log error: " . mysqli_error($db_conn);
368
369			mysqli_close($db_conn);
370			exit(json_encode($result_set));
371			}
372
373			//Send mail
374			$from = "";
375			$fromname = $BBS_name;
376			$to = $old_email;
377			$toname = $_SESSION["BBS_username"];
378			$subject = $BBS_name . "用户资料更改通知";
379			$body = $_SESSION["BBS_username"] . ":\n 您好！\n" .
380			" 您在本站的注册资料已经于" . date("Y年m月d日 H:i:s") . "更改。\n" .
381			" 为了您的个人资料的安全，如果此情况与事实不符，请立即与我们联系。\n\n" .
382			$BBS_name . "\n" . date("Y年m月d日") . "\n";
383
384			$ret = send_mail($from, $fromname, $to, $toname, $subject, $body, $db_conn);
385			if ($ret == false)
386			{
387			$result_set["return"]["code"] = -2;
388			$result_set["return"]["message"] = "Add email error: " . mysqli_error($db_conn);
389
390			mysqli_close($db_conn);
391			exit(json_encode($result_set));
392			}
393
394			// Commit transaction
395			$rs = mysqli_query($db_conn, "COMMIT");
396			if ($rs == false)
397			{
398			$result_set["return"]["code"] = -2;
399			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
400
401			mysqli_close($db_conn);
402			exit(json_encode($result_set));
403			}
404
405	sysadm	1.4	$rs = mysqli_query($db_conn, "SET autocommit=1");
406			if ($rs == false)
407			{
408			$result_set["return"]["code"] = -2;
409			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
410
411			mysqli_close($db_conn);
412			exit(json_encode($result_set));
413			}
414
415			if (send_mail_do($db_conn) < 0)
416			{
417			$result_set["return"]["code"] = -2;
418			$result_set["return"]["message"] = "User updated, but send mail error";
419
420			mysqli_close($db_conn);
421			exit(json_encode($result_set));
422			}
423
424	sysadm	1.1	mysqli_close($db_conn);
425			exit(json_encode($result_set));
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1