Api.txt

/*
* File:交互接口
* Author:易如意
* QQ:51154393
* url:www.eruyi.cn
** 注意:请勿使用记事本修改,保存时必须保证以《 UTF8 无 BOM 格式编码》,否则会影响返回的数据
*/
include("include/option.php");
include("include/http.php");
date_default_timezone_set('PRC');
$action = isset($_GET['action']) ? addslashes($_GET['action']) : '';

if($action == 'goods'){//商品输出
$sql = "SELECT * FROM `eruyi_goods`";
$ret = [];
$record = $db->query($sql);
while ($row = $db->fetch_array($record)) {
$ret[] = [
'gid' => $row['id'],
'name' => $row['g_name'],
'day' => $row['vip_time'],
'money' => $row['g_money']
];
}
$arr = array('code' => 200, 'msg' => '商品获取完成', 'data' => $ret);
echo json_encode($arr);
exit();
}

if($action == 'order'){//订单查询
$oid = isset($_GET['oid']) ? addslashes($_GET['oid']) : '';
if( $oid == '') exit('1020');//订单号为空
$sql="select * from `eruyi_order` where `order`='$oid'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
$tate = $have['state'];
if($tate == 0){
exit('100');//等待支付
}else if($tate == 1){
exit('200');//支付成功、充值成功
}exit('-100');//支付成功,充值失败

}exit('1021');//订单号不存在
}


if($action == 'pay'){//支付订单创建
$user = isset($_POST['user']) ? addslashes($_POST['user']) : '';
$pid = isset($_POST['pid']) ? addslashes($_POST['pid']) : '';
$gid = isset($_POST['gid']) ? addslashes($_POST['gid']) : '';
$order = isset($_POST['order']) ? addslashes($_POST['order']) : '';
if($user == '') exit('101');//账号为空
if($order == ''){
$order = date('YmdHis') . str_pad(mt_rand(1, 99999), 5, '0', STR_PAD_LEFT);
}
if($pid == ''){
exit('1010');//支付类型为空
}else if($pid == '1'){//支付宝
$type='alipay';
}else if($pid == '2'){//微信
$type='wxpay';
}else if($pid == '3'){//QQ钱包
$type='qqpay';
}
if($gid == '') exit('1011');//商品ID为空
$sql="select * from eruyi_goods where id='$gid'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if(!$have) exit('1012');//没有该商品ID

$sql="SELECT * FROM `eruyi_option`";
$query=$db->query($sql);
$havea=$db->fetch_array($query);
if(!$havea) exit('1013');//sql语句执行失败
$appid = $havea['pay_appid'];
if($appid == '') exit('1014');//APPid不能为空,请前往后台设置
$appkey = $havea['pay_appkey'];
if($appkey == '') exit('1015');//APPkey不能为空,请前往后台设置
$notify_url= $havea['pay_notify'];
if(dirname($_SERVER["REQUEST_URI"]) == '\\' || dirname($_SERVER["REQUEST_URI"]) == '/'){
$return_url = 'http://'.$_SERVER['SERVER_NAME'];
}else {
$return_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER["REQUEST_URI"]);
}
if($notify_url == '') exit('1016');//充值成功通知地址不能为空
$g_money = $have['g_money'];
$g_name = $have['g_name'];
$vip_day = $have['vip_time'];
$o_time = time();

$sitename = '易如意用户系统';
$o_info = 'money='.$g_money.'&name='.$g_name.'¬ify_url='.$notify_url.'&out_trade_no='.$order.'&pid='.$appid.'&return_url='.$return_url.'&sitename='.$sitename.'&type='.$type;
$sing = md5Sign($o_info,$appkey);
$sql="INSERT INTO `eruyi_order` (`order`, `user`, `money`, `goods`, `vip_day`, `o_time`, `gid`, `pay_type`, `state`) VALUES ('$order', '$user', '$g_money', '$g_name', '$vip_day', '$o_time', '$gid', '$pid', '0')";
$query=$db->query($sql);
if(!$query) exit('1017');//订单入库失败
$http = new http('https://pay.qfme.cn/submit.php');
$http->https();
$http->setHeader(array('User-Agent: Mozilla/5.0 (Linux; U; Android 8.1.0; zh-cn; BLA-AL00 Build/HUAWEIBLA-AL00) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.132 MQQBrowser/8.9 Mobile Safari/537.36'));
$data = $o_info.'&sign='.$sing.'&sign_type=MD5';

$retdata = $http->post($data);
echo $retdata;
return;
}
//用户注册
if($action == 'register'){
$user = isset($_POST['user']) ? addslashes($_POST['user']) : '';
$password = isset($_POST['password']) ? addslashes($_POST['password']) : '';
$superpass = isset($_POST['superpass']) ? addslashes($_POST['superpass']) : '';
$inv = isset($_POST['inv']) ? addslashes($_POST['inv']) : '';
$regdate = time();
$regip = getIp();
$markcode = isset($_POST['markcode']) ? addslashes($_POST['markcode']) : '';
if($user == '') exit('101');
if($password == '') exit('102');
if($superpass == '') exit('103');
if($markcode == '') exit('104');
if (preg_match ("/^[\w]{2,11}$/",$user)==0)exit('109');
$sql="select * from eruyi_user where user='$user'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have) exit('105');
if($ipon != 0){
$regtime = $regdate-$ipon*3600;
$sql="select * from eruyi_user where regip='$regip' and `regdate`>'$regtime'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have) exit('106');
}
if($codeon != 0){
$regtime = $regdate-$codeon*3600;
$sql="select * from eruyi_user where markcode='$markcode' and `regdate`>'$regtime'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have) exit('107');
}

if ($inv != ''){
$sql="select * from eruyi_user where uid='$inv'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if ($have){
if ($invvip != 0){
if (time() > $have['vip']){
$vip = $regdate + 3600*$invvip;
$sql = "UPDATE `eruyi_user` SET `vip`='$vip',`i_inv`=`i_inv`+ 1 WHERE uid='$inv'";
}else {
$vip = 3600*$invvip;
$sql = "UPDATE `eruyi_user` SET `vip`=`vip`+ $vip,`i_inv`=`i_inv`+ 1 WHERE uid='$inv'";
}
$query=$db->query($sql);
}
}else {
exit('1005');
}
}
$pass = md5($password);
if ($regvip == 0){
$vip = 0;
}else {
$vip = $regdate + 60*$regvip;
}
$token = md5($user.getcode());
$sql="INSERT INTO `eruyi_user`(`user`, `password`, `inv`, `vip`, `superpass`, `money`, `regdate`, `regip`, `markcode`,`lock`) VALUES ('$user','$pass','$inv','$vip','$superpass','0','$regdate','$regip','$markcode','n')";
$query=$db->query($sql);
if($query){
exit('200');
}
}

//微信登入/注册
if($action == 'wx_login'){
$openid = isset($_POST['openid']) ? addslashes($_POST['openid']) : '';
$access_token = isset($_POST['access_token']) ? addslashes($_POST['access_token']) : '';
$inv = isset($_POST['inv']) ? addslashes($_POST['inv']) : '';
$regdate = time();
$regip = getIp();
$markcode = isset($_POST['markcode']) ? addslashes($_POST['markcode']) : '';
if($openid == '') exit('1001');
if($access_token == '') exit('1002');
if($markcode == '') exit('104');
if(dirname($_SERVER["REQUEST_URI"]) == '\\' || dirname($_SERVER["REQUEST_URI"]) == '/'){
$av_url = 'http://'.$_SERVER['SERVER_NAME'];
}else {
$av_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER["REQUEST_URI"]);
}
$url = 'https://api.weixin.qq.com/sns/userinfo?access_token='.$access_token.'&openid='.$openid.'&lang=zh_CN';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL,$url);
curl_setopt($curl, CURLOPT_HEADER,0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);//禁止调用时就输出获取到的数据
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,false);
$data = curl_exec($curl);
curl_close($curl);
$res = json_decode($data, true);
//echo $data;
if (isset($res['errcode']))exit('1003');
if ($res['openid'] != $openid) exit('1004');
$name = $res['nickname'];
$pic = $res['headimgurl'];
$sql="select * from eruyi_user where wx_openid='$openid'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
//if($have['markcode']!=$markcode) exit('108');
if($have['lock']=='y') exit('112');
$token = md5($openid.getcode());
$sql="UPDATE `eruyi_user` SET `token`='$token' WHERE wx_openid='$openid'";
$query=$db->query($sql);
if($query){
if(substr($have['pic'],0,4)=='http'){
$pic = $have['pic'];
}else{
$pic = $av_url.$have['pic'];
}
$udata = array(
'uid'=>$have['uid'],
'user'=>$have['user'],
'pic'=>$pic,
'name'=>$have['name'],
'vip'=>$have['vip'],
'token'=>$token
);
$jdata = json_encode($udata);
echo $jdata;
exit;
}
}else {
if($ipon != 0){
$regtime = $regdate-$ipon*3600;
$sql="select * from eruyi_user where regip='$regip' and `regdate`>'$regtime'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have) exit('106');
}
if($codeon != 0){
$regtime = $regdate-$codeon*3600;
$sql="select * from eruyi_user where markcode='$markcode' and `regdate`>'$regtime'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have) exit('107');
}
if ($inv != ''){
$sql="select * from eruyi_user where uid='$inv'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if ($have){
if ($invvip != 0){
if (time() > $have['vip']){
$vip = $regdate + 3600*$invvip;
$sql = "UPDATE `eruyi_user` SET `vip`='$vip',`i_inv`=`i_inv`+ 1 WHERE uid='$inv'";
}else {
$vip = 3600*$invvip;
$sql = "UPDATE `eruyi_user` SET `vip`=`vip`+ $vip,`i_inv`=`i_inv`+ 1 WHERE uid='$inv'";
}
$query=$db->query($sql);
}
}else {
exit('1005');
}
}
if ($regvip == 0){
$vip = 0;
}else {
$vip = $regdate + 60*$regvip;
}

$sql="INSERT INTO `eruyi_user`(`name`,`pic`,`wx_openid`,`inv`, `vip`,`money`, `regdate`, `regip`, `markcode`,`lock`,`token`) VALUES ('$name','$pic','$openid','$inv','$vip','0','$regdate','$regip','$markcode','n','$token')";
$query=$db->query($sql);
if($query){
$sql="select * from eruyi_user where wx_openid='$openid'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
//if($have['markcode']!=$markcode) exit('108');
if($have['lock']=='y') exit('112');
$token = md5($openid.getcode());
$sql="UPDATE `eruyi_user` SET `token`='$token' WHERE wx_openid='$openid'";
$query=$db->query($sql);
if($query){
$udata = array(
'uid'=>$have['uid'],
'user'=>$have['user'],
'pic'=>$have['pic'],
'name'=>$have['name'],
'vip'=>$have['vip'],
'token'=>$token
);
$jdata = json_encode($udata);
echo $jdata;
exit;
}
}
}
}
}

//用户登陆
if($action == 'login'){
$user = isset($_POST['user']) ? addslashes($_POST['user']) : '';
$password = isset($_POST['password']) ? addslashes($_POST['password']) : '';
$markcode = isset($_POST['markcode']) ? addslashes($_POST['markcode']) : '';
if(dirname($_SERVER["REQUEST_URI"]) == '\\' || dirname($_SERVER["REQUEST_URI"]) == '/'){
$av_url = 'http://'.$_SERVER['SERVER_NAME'];
}else {
$av_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER["REQUEST_URI"]);
}
if($user == '') exit('101');
if($password == '') exit('102');
if($markcode == '') exit('104');
$pass = md5($password);
$sql="select * from eruyi_user where user='$user' and `password`='$pass'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
if($check_code==1){
if($have['markcode']!=$markcode) exit('108');
}
if($have['lock']=='y') exit('112');
$token = md5($user.getcode());
$sql="UPDATE `eruyi_user` SET `token`='$token' WHERE user='$user'";
$query=$db->query($sql);
if($query){
if(substr($have['pic'],0,4)=='http'){
$pic = $have['pic'];
}else{
$pic = $av_url.$have['pic'];
}
$udata = array(
'uid'=>$have['uid'],
'user'=>$have['user'],
'pic'=>$pic,
'name'=>$have['name'],
'vip'=>$have['vip'],
'token'=>$token
);
$jdata = json_encode($udata);
echo $jdata;
exit;
}
}else{
exit('110');
}
}

//修改机器码
if($action == 'editcode'){
$user = isset($_POST['user']) ? addslashes($_POST['user']) : '';
$superpass = isset($_POST['superpass']) ? addslashes($_POST['superpass']) : '';
$newcode = isset($_POST['newcode']) ? addslashes($_POST['newcode']) : '';
if($user == '') exit('101');
if($superpass == '') exit('103');
if($newcode == '') exit('104');
$sql="select * from eruyi_user where user='$user' and `superpass`='$superpass'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if(!$have) exit('123');
$now = time();
if($have['codetime']+24*3600 > $now) exit('124');
$sql="UPDATE `eruyi_user` SET `markcode`='$newcode',`codetime`='$now' WHERE user='$user'";
$query=$db->query($sql);
if($query){
exit('200');
}
}

//找回密码
if($action == 'findpass'){
$user = isset($_POST['user']) ? addslashes($_POST['user']) : '';
$password = isset($_POST['password']) ? addslashes($_POST['password']) : '';
$superpass = isset($_POST['superpass']) ? addslashes($_POST['superpass']) : '';
if($user == '') exit('101');
if($superpass == '') exit('103');
if($password == '') exit('102');
$sql="select * from eruyi_user where user='$user' and `superpass`='$superpass'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if(!$have) exit('123');
$pass = md5($password);
$sql="UPDATE `eruyi_user` SET `password`='$pass' WHERE user='$user'";
$query=$db->query($sql);
if($query){
exit('200');
}
}

//卡密升级
if($action == 'checkkami'){
$token = isset($_POST['token']) ? addslashes($_POST['token']) : '';
$kami = isset($_POST['kami']) ? addslashes($_POST['kami']) : '';
if($token == '') exit('150');
if($kami == '') exit('130');
$sql="select * from eruyi_kami where kami='$kami'";
$query=$db->query($sql);
$khave=$db->fetch_array($query);
if(!$khave) exit('131');
if($khave['new']!='y') exit('132');
$sql="select * from eruyi_user where `token`='$token'";
$query=$db->query($sql);
$uhave=$db->fetch_array($query);
if(!$uhave) exit('151');
$user = $uhave['user'];
if($uhave['vip']=='999999999') exit('134');
$KMtime = array(
'TK'=>24*3600,
'ZK'=>7*24*3600,
'YK'=>30*24*3600,
'BNK'=>180*24*3600,
'NK'=>365*24*3600
);
$KMtype = $khave['type'];
if($uhave['vip']>time()){
if($KMtype == 'YJK'){
$sql="UPDATE `eruyi_user` SET `vip`='999999999' WHERE token='$token'";
}else{
$sql="UPDATE `eruyi_user` SET `vip`=`vip`+$KMtime[$KMtype] WHERE token='$token'";
}
}else{
if($KMtype == 'YJK'){
$vip = '999999999';
}else{
$vip = time()+$KMtime[$KMtype];
}
$sql="UPDATE `eruyi_user` SET `vip`='$vip' WHERE token='$token'";
}
$query=$db->query($sql);
if($query){
$date = time();
$sql="UPDATE `eruyi_kami` SET `new`='n',`user`='$user',`date`='$date' WHERE kami='$kami'";
$query=$db->query($sql);
if($query) exit('200');
}else{
exit('135');
}
}

//获取信息
if($action == 'getinfo'){
$token = isset($_POST['token']) ? addslashes($_POST['token']) : '';
if(dirname($_SERVER["REQUEST_URI"]) == '\\' || dirname($_SERVER["REQUEST_URI"]) == '/'){
$av_url = 'http://'.$_SERVER['SERVER_NAME'];
}else {
$av_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER["REQUEST_URI"]);
}
if($token == '') exit('150');
$sql="select * from eruyi_user where `token`='$token'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
if($have['lock']=='y') exit('112');
if(substr($have['pic'],0,4)=='http'){
$pic = $have['pic'];
}else{
$pic = $av_url.$have['pic'];
}
if ($charge == 0){
$vip = '999999999';
}else{
$vip = $have['vip'];
}
$udata = array(
'uid'=>$have['uid'],
'i_inv'=>$have['i_inv'],
'user'=>$have['user'],
'pic'=>$pic,
'name'=>$have['name'],
'wx_openid'=>$have['wx_openid'],
'vip'=>$vip,
'money'=>$have['money'],
'markcode'=>$have['markcode']
);
$jdata = json_encode($udata);
echo $jdata;
exit;
}else{
exit('151');
}
}

//会员验证
if($action == 'getvip'){
$token = isset($_POST['token']) ? addslashes($_POST['token']) : '';
if($token == '') exit('150');
$sql="select * from eruyi_user where token ='$token'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
if($have['lock']=='y') exit('112');
if ($charge == 0){
exit('200');
}else {
$vip = $have['vip'];
if($vip == '999999999' || $vip > time()){
exit('200');
}else if($vip < time()){
exit('201');
}
}
}else{
exit('151');
}
}

//签到
if($action == 'diary'){
date_default_timezone_set('PRC');
$token = isset($_POST['token']) ? addslashes($_POST['token']) : '';
$day = date("Y-m-d");
if($token == '') exit('150');
if($diaryvip == 0) exit('172');
$sql="select * from eruyi_user where `token`='$token'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
if($have['lock']=='y') exit('112');
if ($have['diary'] == $day ){
exit('171');
}else {
if ($have['vip']=='999999999'){
$sql="UPDATE `eruyi_user` SET `diary` = '$day' WHERE `eruyi_user`.`token`='$token'";
}else if(time() > $have['vip']) {
$vip = time() + 60 * $diaryvip;
$sql="UPDATE `eruyi_user` SET `diary` = '$day',`vip` = '$vip' WHERE `eruyi_user`.`token`='$token'";
}else{
$vip = 60 * $diaryvip;
$sql="UPDATE `eruyi_user` SET `diary` = '$day',`vip` = `vip` + $vip WHERE `eruyi_user`.`token`='$token'";
}
$query=$db->query($sql);
if($query){
exit('200');
}exit('173');
}
}else{
exit('151');
}
}

//绑定微信
if($action == 'wx_bind'){
$token = isset($_POST['token']) ? addslashes($_POST['token']) : '';
$openid = isset($_POST['openid']) ? addslashes($_POST['openid']) : '';
$access_token = isset($_POST['access_token']) ? addslashes($_POST['access_token']) : '';
if($token == '') exit('150');
if($openid == '') exit('1001');
if($access_token == '') exit('1002');
$sql="select * from eruyi_user where wx_openid='$openid'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have) exit('1006');
$sql="select * from eruyi_user where token ='$token'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
if($have['wx_openid'] != null) exit('1007');
$url = 'https://api.weixin.qq.com/sns/userinfo?access_token='.$access_token.'&openid='.$openid.'&lang=zh_CN';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL,$url);
curl_setopt($curl, CURLOPT_HEADER,0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);//禁止调用时就输出获取到的数据
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,false);
$data = curl_exec($curl);
curl_close($curl);
$res = json_decode($data, true);
if (isset($res['errcode']))exit('1003');
if ($res['openid'] != $openid) exit('1004');
$name = $res['nickname'];
$pic = $res['headimgurl'];
$sql="UPDATE `eruyi_user` SET `wx_openid` = '$openid',`password` = '$pass' WHERE `eruyi_user`.`token`='$token'";
$query=$db->query($sql);
if($query){
exit('200');
}exit('1008');
}exit('151');
}

//设置账号密码
if($action == 'alteruser'){
$token = isset($_POST['token']) ? addslashes($_POST['token']) : '';
$user = isset($_POST['user']) ? addslashes($_POST['user']) : '';
$password = isset($_POST['password']) ? addslashes($_POST['password']) : '';
$superpass = isset($_POST['superpass']) ? addslashes($_POST['superpass']) : '';
if($user == '') exit('101');
if($password == '') exit('102');
if($superpass == '') exit('103');
if($token == '') exit('150');
$pass = md5($password);
if (preg_match ("/^[\w]{5,11}$/",$user)==0)exit('109');
$sql="select * from eruyi_user where user='$user'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have) exit('105');
$sql="select * from eruyi_user where token ='$token'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
if ($have['user'] == '' or $have['user'] == null){
$sql="UPDATE `eruyi_user` SET `user` = '$user',`password` = '$pass',`superpass` = '$superpass' WHERE `eruyi_user`.`token`='$token'";
$query=$db->query($sql);
if($query){
exit('200');
}exit('181');
}exit('180');
}else {
exit('151');
}
}



//修改名称
if($action == 'altername'){
$token = isset($_POST['token']) ? addslashes($_POST['token']) : '';
$name = isset($_POST['name']) ? addslashes($_POST['name']) : '';
if($token == '') exit('150');
if($name == '') exit('130');
$sql="select * from eruyi_user where token ='$token'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
$sql="UPDATE `eruyi_user` SET `name` = '$name' WHERE `eruyi_user`.`token`='$token'";
$query=$db->query($sql);
if($query) exit('200');
}else {
exit('151');
}
}

//上传头像
if($action == 'alterpic'){
$type = isset($_GET['type']) ? addslashes($_GET['type']) : '';
$token = isset($_GET['token']) ? addslashes($_GET['token']) : '';
if($type == '') exit('160');
if($token == '') exit('150');
$sql="select * from eruyi_user where token ='$token'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
$user = $have['uid'];
}else{
exit('151');
}
$local_path = "./pic/";
if (!file_exists($local_path)) mkdir($local_path);
if ($type == 'e4a'){
$target_path = $local_path.$user.".png";
$result = move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path);
$pic = substr( $target_path,1);
}elseif ($type == 'bbp'){
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
foreach ( $_FILES as $name=>$file ) {
$fn=$file['name'];
$ft=strrpos($fn,'.',0);
$fe=substr($fn,$ft);
$fp='pic/'.$user.$fe;
$result = move_uploaded_file($file['tmp_name'],$fp);
$pic = "/" . $fp;
}
}else{
exit('161');
}
}else{
exit('162');
}
if($result) {
$sql= "UPDATE `eruyi_user` SET `pic` = '$pic' WHERE `eruyi_user`.`token`='$token'";
$query=$db->query($sql);
if($query){
exit('200');
} else {
exit('163');
}
} else{
exit('162');
}
}
if($action == 'alterpicHtml'){
$type = isset($_GET['type']) ? addslashes($_GET['type']) : '';
$token = isset($_GET['token']) ? addslashes($_GET['token']) : '';
if($type == '') exit('160');
if($token == '') exit('150');
$sql="select * from eruyi_user where token ='$token'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
$user = $have['uid'];
}else{
exit('151');
}
$local_path = "./pic/";
if (!file_exists($local_path)) mkdir($local_path);
if ($type == 'e4a'){
$target_path = $local_path.$user.".png";
$result = move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path);
$pic = substr( $target_path,1);
}elseif ($type == 'bbp'){
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
foreach ( $_FILES as $name=>$file ) {
$fn=$file['name'];
$ft=strrpos($fn,'.',0);
$fe=substr($fn,$ft);
$fp='pic/'.$user.$fe;
$result = move_uploaded_file($file['tmp_name'],$fp);
$pic = "/" . $fp;
}
}else{
exit('161');
}
}else{
exit('162');
}
if($result) {
$sql= "UPDATE `eruyi_user` SET `pic` = '$pic' WHERE `eruyi_user`.`token`='$token'";
$query=$db->query($sql);
if($query){
exit('头像更换成功');
} else {
exit('163');
}
} else{
exit('162');
}
}

//修改密码
if($action == 'modify'){
$user = isset($_POST['user']) ? addslashes($_POST['user']) : '';
$password = isset($_POST['password']) ? addslashes($_POST['password']) : '';
$newpass = isset($_POST['newpass']) ? addslashes($_POST['newpass']) : '';
if($user == '') exit('101');
if($password == '') exit('102');
if($newpass == '') exit('141');
$pass = md5($password);
$sql="select * from eruyi_user where user='$user' and `password`='$pass'";
$query=$db->query($sql);
$have=$db->fetch_array($query);
if($have){
$npass = md5($newpass);
$sql="UPDATE `eruyi_user` SET `password`='$npass' WHERE user='$user'";
$query=$db->query($sql);
if($query){
exit('200');
}
}else{
exit('110');
}
}

echo "

Error

";

/*
* File:使用函数
* Author:易如意
* QQ:51154393
* Url:www.eruyi.cn
*/
function getIp() {
$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
if (!ip2long($ip)) {
$ip = '';
}
return $ip;
}
function getcode(){
$str = null;
$strPol = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz";
$max = strlen($strPol)-1;
for($i=0;$i<32;$i++){
$str.=$strPol[rand(0,$max)];
}
return $str;
}

function md5Sign($prestr, $key) {
$prestr = $prestr . $key;
return md5($prestr);
}
?>

0 Downloads (24.5 KB)