1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
<?php
require_once('common.php');
$userid = $_COOKIE['userid'];
$usersec = $_COOKIE['usersec'];
$type = $_POST['type'];
if(!sec_checkuser($userid,$usersec)){
exit('Euser');
}
$userid = pg_escape_string($userid);
$sqlc = pg_connect('host=localhost port=5432 dbname='.DB_NAME.' user='.DB_USER.' password='.DB_PASSWORD);
if($type == 'userinfo'){
$nickname = $_POST['nickname'];
$aboutme = $_POST['aboutme'];
$headimg = $_POST['headimg'];
if($nickname == '' || strlen($nickname) > 16 || $nickname != pg_escape_string($nickname)){
exit('Enickname');
}
if(strlen($aboutme) > 4096){
exit('Eaboutme');
}
if($headimg == '' || strlen($headimg) > 4096){
exit('Eheadimg');
}
$sqlr = pg_query_params($sqlc,'UPDATE "user" SET "nickname"=$1,"aboutme"=$2,"headimg"=$3 WHERE "userid"=$4;',
array($nickname,$aboutme,$headimg,$userid));
pg_free_result($sqlr);
}else if($type == 'squareadd'){
$squareid = $_POST['squareid'];
if($squareid == '' || strval(intval($squareid)) != $squareid){
exit('Eerror');
}
$squareid = pg_escape_string($squareid);
$sqlr = pg_query_params($sqlc,'SELECT "squareid" FROM "square" WHERE "squareid"=$1 LIMIT 1',
array($squareid));
if(pg_num_rows($sqlr) == 0){
exit('Eerror');
pg_free_result($sqlr);
}
pg_free_result($sqlr);
$sqlr = pg_query_params($sqlc,'SELECT array_to_string("squarelist",\',\') AS "squarelist" FROM "user" WHERE "userid"=$1 LIMIT 1;',
array($userid));
if(($sqlo = pg_fetch_object($sqlr)) == null){
pg_free_result($sqlr);
exit('Eerror');
}
$squarelist = explode(',',$sqlo->squarelist);
pg_free_result($sqlr);
for($idx = 0;$idx < count($squarelist);$idx++){
if($squarelist[$idx] == $squareid){
exit('Eerror');
}
}
$squarelist[] = $squareid;
$sqlr = pg_query_params($sqlc,'UPDATE "user" SET "squarelist"=\'{'.implode(',',$squarelist).'}\' WHERE "userid"=$1;',
array($userid));
pg_free_result($sqlr);
}else if($type == 'squareremove'){
$squareid = $_POST['squareid'];
if($squareid == '' || strval(intval($squareid)) != $squareid){
exit('Eerror');
}
if($squareid == '1'){
exit('Ecant');
}
$sqlr = pg_query_params($sqlc,'SELECT array_to_string("squarelist",\',\') AS "squarelist" FROM "user" WHERE "userid"=$1 LIMIT 1;',
array($userid));
if(($sqlo = pg_fetch_object($sqlr)) == null){
pg_free_result($sqlr);
exit('Eerror');
}
$squarelist = explode(',',$sqlo->squarelist);
pg_free_result($sqlr);
for($idx = 0;$idx < count($squarelist);$idx++){
if($squarelist[$idx] == $squareid){
array_splice($squarelist,$idx,1);
break;
}
}
$sqlr = pg_query_params($sqlc,'UPDATE "user" SET "squarelist"=\'{'.implode(',',$squarelist).'}\' WHERE "userid"=$1;',
array($userid));
pg_free_result($sqlr);
}else{
exit('Eerror');
}
pg_close($sqlc);
echo 'S';
?>
|