最近的一次應用是基本完成了業務系統,需要整合Discuz進去作為交流版塊使用。于是,涉及到用戶系統的整合和版面的增刪操作。UCenter提供了API進行用戶的增刪管理,自然可以用,但為了保證用戶id的統一性,暴力地繞過了UCenter API,而采用直接操作數據庫的方式來完成用戶增刪,當然版面的增刪也是操作數據庫來完成。
1、增加用戶到Discuz和UCenter的代碼
復制代碼
代碼如下:
$uid = 100; // 用戶編號
$username = "maple"; // 用戶名
$password = "mypassword"; // 用戶密碼
$salt = md5((string)rand()); // 隨機字符用于加密
$password = md5(md5($pwd) . $salt); // 加密后的密碼
$groupid = 10; // 用戶組編號
$timestamp = time(); // 時間戳
$bbsemail = "[email protected]"; // 注冊郵箱,不能重復
execute_sql("INSERT INTO cdb_members (uid, username, password, secques, gender, adminid, groupid, regip, regdate, lastvisit, lastactivity, posts, credits, email, bday, sigstatus, tpp, ppp, styleid, dateformat, timeformat, showemail, newsletter, invisible, timeoffset) VALUES ('$uid', '$username', '$salt', '$password', '0', '0', '$groupid', 'Manual Acting', '$timestamp', '$timestamp', '$timestamp', '0', '0', '$bbsemail', '0000-00-00', '0', '0', '0', '0', '0', 'H:i', '1', '1', '0', '8')");
execute_sql("INSERT INTO cdb_memberfields (uid) VALUES ('$uid')");
execute_sql("INSERT INTO `cdb_uc_members` SET uid='$uid', username='$username', password='$password', email='$bbsemail', regip='Manual Acting', regdate='$timestamp', salt='$salt'");
2、在Discuz和UCenter中刪除用戶的代碼
復制代碼
代碼如下:
$uid = 100; // 要刪除的用戶編號
execute_sql("DELETE FROM `cdb_members` WHERE uid=$uid");
execute_sql("DELETE FROM `cdb_memberfields` WHERE uid=$uid");
execute_sql("DELETE FROM `cdb_uc_members` WHERE uid=$uid");
execute_sql("DELETE FROM `cdb_uc_memberfields` WHERE uid=$uid");
3、在Discuz中增加版面并設置版主的代碼
復制代碼
代碼如下:
$uid = 100; // 版主用戶編號
$fid = 100; // 版面編號,需要保證不與現有版面編號重復
$forum_name = "Test Forum"; // 版面名稱
execute_sql("INSERT INTO `cdb_forums` (`fid`, `fup`, `type`, `name`, `status`, `displayorder`, `styleid`, `threads`, `posts`, `todayposts`, `lastpost`, `allowsmilies`, `allowhtml`, `allowbbcode`, `allowimgcode`, `allowmediacode`, `allowanonymous`, `allowshare`, `allowpostspecial`, `allowspecialonly`, `alloweditrules`, `allowfeed`, `recyclebin`, `modnewposts`, `jammer`, `disablewatermark`, `inheritedmod`, `autoclose`, `forumcolumns`, `threadcaches`, `alloweditpost`, `simple`, `modworks`, `allowtag`, `allowglobalstick`) VALUES
('$fid', 3, 'forum', '$forum_name', 1, 0, 0, 0, 0, 0, '', 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1);");
execute_sql("INSERT INTO `cdb_forumfields` (`fid`, `description`, `password`, `icon`, `postcredits`, `replycredits`, `getattachcredits`, `postattachcredits`, `digestcredits`, `redirect`, `attachextensions`, `formulaperm`, `moderators`, `rules`, `threadtypes`, `threadsorts`, `viewperm`, `postperm`, `replyperm`, `getattachperm`, `postattachperm`, `keywords`, `supe_pushsetting`, `modrecommend`, `tradetypes`, `typemodels`, `threadplugin`, `extra`) VALUES ('$fid', '', '', '', '', '', '', '', '', '', '', 'a:5:{i:0;s:0:\"\";i:1;s:0:\"\";s:5:\"medal\";N;s:7:\"message\";s:0:\"\";s:5:\"users\";s:0:\"\";}', '', '', '', '', ' 9 10 11 12 13 14 15 20 21 16 17 18 19 1 2 3 4 5 6 7 8 ', ' 20 21 1 2 3 ', ' 20 21 1 2 3 ', ' 20 21 1 2 3 ', ' 20 21 1 2 3 ', '', '', 'a:8:{s:4:\"open\";s:1:\"0\";s:3:\"num\";i:10;s:8:\"imagenum\";i:5;s:10:\"imagewidth\";i:200;s:11:\"imageheight\";i:150;s:9:\"maxlength\";i:0;s:9:\"cachelife\";i:900;s:8:\"dateline\";i:0;}', '', '', 'N;', 'a:1:{s:9:\"namecolor\";s:0:\"\";}');");
execute_sql("UPDATE cdb_members SET adminid='3' WHERE uid='$uid'");
execute_sql("INSERT INTO cdb_moderators (uid, fid, inherited) VALUES ('$uid', '$fid', '1')");
4、在Discuz中刪除版面并取消版主管理權限的代碼
復制代碼
代碼如下:
$uid = 100; // 要刪除版面的版主用戶編號
$fid = 100; // 要刪除的版面編號
execute_sql("DELETE FROM cdb_forums WHERE fid='$fid'");
execute_sql("DELETE FROM cdb_forumfields WHERE fid='$fid'");
execute_sql("DELETE FROM cdb_moderators WHERE fid='$fid'");
execute_sql("UPDATE cdb_members SET adminid='0' WHERE uid='$uid'");
直接操作數據庫的好處是業務邏輯簡單,操作方便,與現有系統整合容易;缺點就是很流氓很暴力,需要保證操作數據的有效性,如增加的版面的fid要保證唯一。
![discuz 查詢語句安全威脅[Query] SELECT /*!40001 SQL_CACHE */的解決方法](/uploads/allimg/190927/1-1Z92G10530622-lp.jpg "discuz 查詢語句安全威脅[Query] SELECT /*!40001 SQL_CACHE */的解決方法")
