7 years ago · 156e1ff5fb
--- a/protected/controller/AdminController.php
+++ b/protected/controller/AdminController.php
@@ -78,7 +78,7 @@ class AdminController extends DooController {
 
				 		$client = new client ( ZHSSO );
			
 
				 		
			
 
				 		$is_login = $client->zhsso_member_login ( $data ['name'], $data ['password'] );
			
 
				-		
			
 
				+
			
 
				 		$is_login = explode ( "\r", $is_login );
			
 
				 		
			
 
				 		if (is_numeric ( $is_login [0] )) {
			
@@ -95,9 +95,9 @@ class AdminController extends DooController {
 
				 			elseif ($is_login [0] == - 3) //USER_NOACTION
			
 
				 				$this->Messager ( "用户未激活", "http://sso.smartcost.com.cn/" );
			
 
				 		} elseif (! empty ( $is_login [0] )) {
			
 
				-			
			
 
				+
			
 
				 			$group = $this->userlogic->get_group_by_id ( $user ['groupid'] );
			
 
				-			
			
 
				+
			
 
				 			if ($group ['grouptype'] != 1) {
			
 
				 				
			
 
				 				setcookie ( "auth_main", "", time () + 3600 * 24, "/", COOKIE_WEB_SITE );
			
--- a/protected/controller/UserController.php
+++ b/protected/controller/UserController.php
@@ -173,7 +173,7 @@ class UserController extends DooController {
 
				 		$is_login = explode ( "\r", $is_login );
			
 
				 
			
 
				 
			
 
				-		
			
 
				+
			
 
				 		if (is_numeric ( $is_login [0] )) {
			
 
				 			if ($is_login [0] == USERNAME_ONFINE) {
			
 
				 				
			
@@ -433,7 +433,9 @@ class UserController extends DooController {
 
				 			$this->Messager ( "请先付款", "/question/add_vip" );
			
 
				 		
			
 
				 		$title = $this->get_args ( 'title' );
			
 
				-		
			
 
				+        // xxs过滤
			
 
				+        $title = htmlspecialchars($title);
			
 
				+
			
 
				 		$description = stripcslashes ( $this->get_args ( 'description' ) );
			
 
				 		
			
 
				 		if (empty ( $title ) || empty ( $description ))
			
@@ -480,7 +482,7 @@ class UserController extends DooController {
 
				 		$data ['qq'] = $this->userinfo ['qq'];
			
 
				 		
			
 
				 		$data ['phone'] = $this->userinfo ['phone'];
			
 
				-		
			
 
				+
			
 
				 		if (! empty ( $rs )) { //防止重复提交
			
 
				 			$data ['qid'] = $rs ['id'];
			
 
				 			
			
@@ -509,7 +511,7 @@ class UserController extends DooController {
 
				 		$data ['authorid'] = $this->userinfo ['uid'];
			
 
				 		
			
 
				 		$id = $this->userlogic->add_vip_question ( $data );
			
 
				-		
			
 
				+
			
 
				 		if ($id == 0)
			
 
				 			$this->Messager ( "操作失败-请重新操作", "/question/postenter" );
			
 
				 		
			
@@ -563,7 +565,7 @@ class UserController extends DooController {
 
				 		       $this->Messager("请检查验证是否正确", "/question/add");
			
 
				 		    }
			
 
				 		}
			
 
				-		
			
 
				+
			
 
				 //		die;
			
 
				 		
			
 
				 //		if(!isset($_POST['vc']) || ($_SESSION['vc']!=$_POST['vc'])){
			
@@ -582,6 +584,8 @@ class UserController extends DooController {
 
				 			$this->Messager ( "每" . $auth ['TIME_INTERVAL']/60 . "分钟内只可以发布" . $auth ['TIME_TOTALS'] . "条", "/" );
			
 
				 		
			
 
				 		$data ['title'] = $this->get_args ( 'title' );
			
 
				+		// 防止xxs攻击
			
 
				+        $data['title'] = htmlspecialchars($data['title']);
			
 
				 		
			
 
				 		$data ['category_id'] = $this->get_args ( 'category_id' );
			
 
				 		
			
@@ -605,7 +609,7 @@ class UserController extends DooController {
 
				 		//|| empty ( $data ['description'] )
			
 
				 		if (empty ( $data ['title'] ) || (! is_numeric ( $data ['category_id'] )))
			
 
				 			$this->Messager ( "问题发起不成功，请重新填写", "/question/add" );
			
 
				-		
			
 
				+
			
 
				 		$id = $this->userlogic->add_question ( $data );
			
 
				 		$_SESSION['vc']='NULL';
			
 
				 		if ($id) {
			
--- a/protected/logic/BaseLogic.php
+++ b/protected/logic/BaseLogic.php
@@ -302,7 +302,7 @@ abstract class BaseLogic {
 
				 		$is_succes = explode ( "\r", $is_succes );
			
 
				 
			
 
				 		$ts = json_decode ( $is_succes ['0'], true );
			
 
				-		
			
 
				+
			
 
				 		return $ts;
			
 
				 	}
			
 
				 	
			
--- a/protected/logic/UserLogic.php
+++ b/protected/logic/UserLogic.php
@@ -61,7 +61,7 @@ class UserLogic extends BaseLogic {
 
				 	 */
			
 
				 	function update_vip_question($id = 0, $title = "", $description = "", $uid = 0, $phone = "", $qq = "") {
			
 
				 		$this->vipquestiondao->id = $id;
			
 
				-		
			
 
				+
			
 
				 		$this->vipquestiondao->title = $title;
			
 
				 		
			
 
				 		$this->vipquestiondao->description = $description;
			
@@ -138,8 +138,7 @@ class UserLogic extends BaseLogic {
 
				 		if ($data ['price'] > 0) {
			
 
				 			//扣除通行证的钱	//用户表和记录表
			
 
				 			$is = $this->set_credit3 ( - $data ['price'], $data ['authorid'], RICH_ACTION_OFFER, SSO_UID );
			
 
				-			
			
 
				-			if ($is === false)
			
 
				+			if (!$is)
			
 
				 				return 0;
			
 
				 		}
			
 
				 		
			
@@ -1089,18 +1088,18 @@ class UserLogic extends BaseLogic {
 
				 	function set_credit3($price = 0, $uid = 0, $action_type = "", $sso_uid = 0) {
			
 
				 		if ($sso_uid == 0)
			
 
				 			return 0;
			
 
				-		
			
 
				+
			
 
				 		$sso_price = abs ( $price );
			
 
				-		
			
 
				+
			
 
				 		//扣除或者增加通行证金额
			
 
				 		if ($price < 0)
			
 
				 			$is = $this->offer_price_by_sso ( $sso_price, $sso_uid );
			
 
				 		else
			
 
				 			$is = $this->add_price_by_sso ( $sso_price, $sso_uid );
			
 
				-		
			
 
				+
			
 
				 		if ($is <= 0)
			
 
				 			return 0;
			
 
				-		
			
 
				+
			
 
				 		$this->userdao->add_credit3 ( $price, $uid, $action_type );
			
 
				 		
			
 
				 		return $is;