WooYun.org

public function saveself()
    {
        $user = $_SESSION['youyax_user'];
        if ($user == "" || $user == null)
            $this->redirect("Index" . C('default_url') . "index" . C('static_url'));
        $face = addslashes($_POST['face']);
        mysql_query("update " . C('db_prefix') . "user set  face='" . $face . "'  where user='" . $user . "'");
        mysql_query("update " . C('db_prefix') . "talk set  face='" . $face . "'  where zuozhe='" . $user . "'");
        mysql_query("update " . C('db_prefix') . "reply set  face1='" . $face . "'  where zuozhe1='" . $user . "'");
        mysql_query("update " . C('db_prefix') . "mark2 set  pic='" . $face . "'  where marker='" . $user . "'");
        mysql_query("update " . C('db_prefix') . "mark1 set  pic='" . $face . "'  where marker='" . $user . "'");
        $this->assign('jumpurl', $this->youyax_url . "/Index" . C('default_url') . "self" . C('static_url'))->assign('msgtitle', '操作成功')->assign('message', '图片更新成功！')->success();
    }

public function mark()
    {
    	$mix = require("./Conf/mix.config.php");
        if ($mix['is_limit_time']) {
            if (!LimitAction::limit_time($mix['limit_time'])) {
                $this->assign("msgtitle", "操作限制!")->assign("message", "在" . $mix['limit_time'] . "秒内不能发帖和回帖！")->assign("jumpurl", C('SITE'))->error();
            }
        }
        $tid = intval($_POST['id']);
        if (!is_numeric($tid)) {
            $this->assign("msgtitle", "操作错误!")->assign("message", "点评序号不为非数字!")->assign("jumpurl", C('SITE'))->error();
        }
        $rid     = intval($_POST['id2']);
        $mid     = intval($_POST['mid']);
        $content = filter_var($_POST['t'], FILTER_CALLBACK, array(
            "options" => "filter_function"
        ));
        $content = nl2br(addslashes(htmlspecialchars($content, ENT_QUOTES,"UTF-8")));
        $reply_u = addslashes($_POST['reply_u']);

if (empty($rid)) {                 
                        $user = $this->find(C('db_prefix') . "user", "string", "user='" . $marker . "'");//这里出库
                        $pic  = $user['face'];//出库
                        /*$result = $this->find(C('db_prefix') . "mark1", "string", "tid=" . $tid . " and marker='" . $marker . "'");
                        if ($result) {
                        echo "<script>alert('您不能重复点评');</script>";
                        } else {*/
                        if (!empty($reply_u)) {
                            $res = $this->find(C('db_prefix') . "mark1", "string", "marker='" . $reply_u . "' and id=" . $mid);
                            if ($res) {
                                $content = "<span style=\'vertical-align:top;display:inline-block;*display:inline;\'>" . $_SESSION['youyax_user'] . " @ " . $reply_u . " ：</span><span style=\'display:inline-block;*display:inline;\'>" . $content . "</span>";
                            } else {
                                $this->assign("code", "操作错误!")->assign("msg", "非法操作")->display("Public/exception.html");
                                echo "<script>setTimeout(function(){window.parent.location.href='" . $this->youyax_url . "/Content" . C('default_url') . "index" . C('default_url') . "id" . C('default_url') . $tid . C('static_url') . "#p" . $num2 . "';},3000)</script>";
                                exit;
                            }
                        }
					
                        mysql_query("insert into " . C('db_prefix') . "mark1(tid,marker,pic,count,content,time) values(" . $tid . ",'" . $marker . "','" . $pic . "',1,'" . $content . "',now())")//$pic带入查询;