function _initialize()
{
// 用户权限检查
if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) {
import('ORG.Util.RBAC');
if (!RBAC::AccessDecision()) {
//检查认证识别号
if (!$_SESSION[C('USER_AUTH_KEY')]) {
//跳转到认证网关
redirect(PHP_FILE . C('USER_AUTH_GATEWAY'));
}
// 没有权限 抛出错误
if (C('RBAC_ERROR_PAGE')) {
// 定义权限错误页面
redirect(C('USER_AUTH_GATEWAY'));
} else {
if (C('GUEST_AUTH_ON')) {
$this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY'));
}
// 提示错误信息
$this->error(L('_VALID_ACCESS_'));
}
}
if (!get_magic_quotes_gpc()) {
!empty($_POST) && Add_S($_POST);
!empty($_GET) && Add_S($_GET);
!empty($_COOKIE) && Add_S($_COOKIE);
!empty($_SESSION) && Add_S($_SESSION);
}
!empty($_FILES) && Add_S($_FILES);
}
}
function _initialize()
{
if (!get_magic_quotes_gpc()) {
!empty($_POST) && Add_S($_POST);
!empty($_GET) && Add_S($_GET);
!empty($_COOKIE) && Add_S($_COOKIE);
!empty($_SESSION) && Add_S($_SESSION);
}
!empty($_FILES) && Add_S($_FILES);
}
function Add_S(&$array)
{
if (is_array($array)) {
foreach ($array as $key => $value) {
if (!is_array($value)) {
$array[$key] = addslashes(trim($value));
} else {
Add_S($array[$key]);
}
}
}
}
/**
* 解析用DES加密的字符串, 返回 key => value 数组。
* @param type $desparam
* @param type $key
* @return type
*/
static function parse_des_urlparam($desparam, $os, $key)
{
$des = DES::share($os);
$params = $des->decode($desparam, $key);
$arrParam = array();
$arrTmp = explode("&", $params);
foreach ($arrTmp as $p) {
$item = explode("=", $p);
if (count($item) == 2) {
$arrParam[$item[0]] = $item[1];
}
}
$arrParam = Add_S($arrParam);
return $arrParam;
}
function Add_S($array)
{
foreach ($array as $key => $value) {
if (!is_array($value)) {
$filter = "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\\s*?\\(.*\\)|sleep\\s*?\\(.*\\)|load_file\\s*?\\()|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\\s+?[\\w]+?\\s+?\\bin\\b\\s*?\\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT(\\(|@{1,2}\\w+?\\s*|\\s+?.+?|.*(`|'|\").+(`|'|\")\\s*)|UPDATE\\s*(\\(.+\\)\\s*|@{1,2}.+?\\s*|\\s+?.+?|(`|'|\").*?(`|'|\")\\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM\\s+?|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)|FROM\\s.?|\\(select|\\(\\sselect|\\bunion\\b|select\\s.+?";
//过滤子查询各种
!get_magic_quotes_gpc() && ($value = addslashes($value));
$value = check_sql($value);
webscan_StOpAttack($key, $value, $filter, "GET");
$array[$key] = $value;
} else {
$array[$key] = Add_S($array[$key]);
}
}
return $array;
}
/**
* 过滤 数组 中的不安全字符和函数
* @param type $array
* @return type
*/
function Add_S($array)
{
foreach ($array as $key => $value) {
if (!is_array($value)) {
$value = str_replace("&#x", "& # x", $value);
//过滤一些不安全字符
$value = preg_replace("/eval/i", "eva l", $value);
//过滤不安全函数
!get_magic_quotes_gpc() && ($value = addslashes($value));
$array[$key] = $value;
} else {
$array[$key] = Add_S($array[$key]);
}
}
return $array;
}
adminmsg('fup_empty');
}
$checked = $ifsave == 1 ? 'checked' : '';
empty($forumnum) && ($forumnum = 5);
require_once R_P . "require/forum.php";
$setfid_style = getstyles($style);
}
include PrintEot('setforum');
exit;
} else {
InitGP(array('vieworder', 'forumadmin', 'style', 'keywords', 'descrip', 'logo', 'ifsave', 'addtype'));
InitGP(array('descrip'), 'P', 0);
$forumtype = $forum[$fup]['type'] == 'category' ? 'forum' : ($forum[$fup]['type'] == 'forum' ? 'sub' : 'sub2');
if ($forum[$fup]['type'] != 'category') {
$fupset = $db->get_one("SELECT f.allowhide,f.allowsell,f.allowtype,f.copyctrl,f.viewsub,f.allowvisit,f.allowpost,f.allowrp,f.allowdownload,f.allowupload,f.f_type,f.f_check,f.cms,f.ifhide,fe.creditset,fe.forumset FROM pw_forums f LEFT JOIN pw_forumsextra fe USING(fid) WHERE f.fid=" . pwEscape($fup));
Add_S($fupset);
@extract($fupset, EXTR_OVERWRITE);
}
foreach ($name as $key => $value) {
if (empty($value)) {
continue;
}
$value = str_replace('<iframe', '<iframe', $value);
$descrip[$key] = str_replace('<iframe', '<iframe', $descrip[$key]);
$keywords[$key] = Char_cv($keywords[$key]);
strlen($descrip[$key]) > 250 && adminmsg('descrip_long');
$newadmin = array();
$str_admin = '';
$admin_a = explode(",", $forumadmin[$key]);
foreach ($admin_a as $aid => $avalue) {
$avalue = trim($avalue);
$userdb['timedf'] < 0 ? ${'zone_0' . $temptimedf} = 'selected' : (${'zone_' . $temptimedf} = 'selected');
}
$ubinding = array();
$query = $db->query("SELECT m.uid,m.username,m.groupid,m.memberid,m.regdate,mb.postnum FROM pw_userbinding u1 LEFT JOIN pw_userbinding u2 ON u1.id=u2.id LEFT JOIN pw_members m ON m.uid=u2.uid LEFT JOIN pw_memberdata mb ON m.uid=mb.uid WHERE u1.uid=" . pwEscape($winduid));
while ($rt = $db->fetch_array($query)) {
if ($rt['uid'] != $winduid) {
$rt['groupid'] == '-1' && ($rt['groupid'] = $rt['memberid']);
$rt['regdate'] = get_date($rt['regdate']);
$ubinding[] = $rt;
}
}
require_once PrintEot('profile_modify');
footer();
} elseif ($_POST['step'] == '2') {
PostCheck();
Add_S($userdb);
$ustatus = '';
$upmembers = $upmemdata = $upmeminfo = array();
if ($ifppt) {
include_once D_P . 'data/bbscache/dbreg.php';
InitGP(array('propwd', 'proemail'), 'P');
if ($propwd || $userdb['email'] != $proemail) {
if ($_POST['oldpwd']) {
if (strlen($userdb['password']) == 16) {
$_POST['oldpwd'] = substr(md5($_POST['oldpwd']), 8, 16);
//支持 16 位 md5截取密码
} else {
$_POST['oldpwd'] = md5($_POST['oldpwd']);
}
}
$userdb['password'] != $_POST['oldpwd'] && Showmsg('pwd_confirm_fail');
function updatecache_fd1()
{
global $db;
$db->update("UPDATE pw_forums SET childid='0',fupadmin=''");
$query = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='category' ORDER BY vieworder");
while ($cate = $db->fetch_array($query)) {
Add_S($cate);
$query2 = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='forum' AND fup=" . pwEscape($cate['fid']));
if ($db->num_rows($query2)) {
$havechild[] = $cate['fid'];
while ($forum = $db->fetch_array($query2)) {
Add_S($forum);
$fupadmin = trim($cate['forumadmin']);
if ($fupadmin) {
$db->update("UPDATE pw_forums SET fupadmin=" . pwEscape($fupadmin) . " WHERE fid=" . pwEscape($forum['fid']));
}
if (trim($forum['forumadmin'])) {
$fupadmin .= $fupadmin ? substr($forum['forumadmin'], 1) : $forum['forumadmin'];
//is
}
$query3 = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='sub' AND fup=" . pwEscape($forum['fid']));
if ($db->num_rows($query3)) {
$havechild[] = $forum['fid'];
while ($sub1 = $db->fetch_array($query3)) {
Add_S($sub1);
$fupadmin1 = $fupadmin;
if ($fupadmin1) {
$db->update("UPDATE pw_forums SET fupadmin=" . pwEscape($fupadmin1) . " WHERE fid=" . pwEscape($sub1['fid']));
}
if (trim($sub1['forumadmin'])) {
$fupadmin1 .= $fupadmin1 ? substr($sub1['forumadmin'], 1) : $sub1['forumadmin'];
}
$query4 = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='sub' AND fup=" . pwEscape($sub1['fid']));
if ($db->num_rows($query4)) {
$havechild[] = $sub1['fid'];
while ($sub2 = $db->fetch_array($query4)) {
Add_S($sub2);
$fupadmin2 = $fupadmin1;
if ($fupadmin2) {
$db->update("UPDATE pw_forums SET fupadmin=" . pwEscape($fupadmin2) . " WHERE fid=" . pwEscape($sub2['fid']));
}
}
}
}
}
}
}
}
if ($havechild) {
$havechilds = pwImplode($havechild);
$db->update("UPDATE pw_forums SET childid='1' WHERE fid IN({$havechilds})");
}
}
!function_exists('adminmsg') && exit('Forbidden');
$basename = "{$admin_file}?adminjob=unituser";
require_once R_P . 'require/credit.php';
if (!$action) {
require_once PrintEot('unituser');
} elseif ($_POST['action'] == "unit") {
InitGP(array('uids', 'newuid'), 'P');
if (!$uids) {
adminmsg('unituser_username_empty');
}
if (!$newuid) {
adminmsg('unituser_newname_empty');
}
$touser = $db->get_one("SELECT username FROM pw_members WHERE uid=" . pwEscape($newuid));
Add_S($touser);
if (!$touser['username']) {
adminmsg('unituser_newname_error');
}
$oldinfo = array();
$uids = explode(',', $uids);
foreach ($uids as $key => $val) {
if (is_numeric($val)) {
if ($val == $newuid) {
adminmsg('unituser_samename');
}
$rt = $db->get_one("SELECT m.uid,m.username,md.postnum,md.digests,md.rvrc,md.money,md.credit,md.currency,mi.deposit,mi.ddeposit FROM pw_members m LEFT JOIN pw_memberdata md ON m.uid=md.uid LEFT JOIN pw_memberinfo mi ON m.uid=mi.uid WHERE m.uid=" . pwEscape($val));
if (!$rt['uid']) {
adminmsg('unituser_username_error');
} else {
$oldinfo[] = $rt;
function checkpass($CK)
{
Add_S($CK);
global $db, $manager, $db_ifsafecv, $db_gdcheck;
if ($_POST['Login_f'] == 1 && $db_gdcheck & 32) {
GdConfirm($_POST['lg_num']);
}
if (CkInArray($CK[1], $manager)) {
global $manager_pwd;
$v_key = array_search($CK[1], $manager);
if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) {
$rt = $db->get_one("SELECT uid,username,groupid,groups,password,safecv FROM pw_members WHERE username="******"SELECT m.uid,m.username,m.groupid,m.groups,m.password,m.safecv,m.groupid,u.gptype,p.rvalue as allowadmincp FROM pw_members m LEFT JOIN pw_usergroups u ON u.gid=m.groupid LEFT JOIN pw_permission p ON p.uid='0' AND p.fid='0' AND p.gid=m.groupid AND p.rkey='allowadmincp' WHERE m.username=" . pwEscape($CK[1]));
if (!$rt['allowadmincp'] || $rt['gptype'] != 'system' && $rt['gptype'] != 'special' || $db_ifsafecv && $rt['safecv'] != $CK['3']) {
return false;
}
if (!SafeCheck($CK, PwdCode($rt['password'])) || !admincheck($rt['uid'], $CK[1], $rt['groupid'], $rt['groups'], 'check')) {
return false;
}
$rightset = $db->get_value('SELECT value FROM pw_adminset WHERE gid=' . pwEscape($rt['groupid']));
if ($rightset) {
if (!is_array($rightset = unserialize($rightset))) {
$rightset = array();
}
} else {
$rightset = array();
}
require GetLang('purview');
foreach ($rightset as $key => $value) {
$rightset[$key] = isset($purview[$key]) && $rightset[$key] == 1 ? 1 : 0;
}
$rightset['gid'] = $rt['groupid'];
}
return $rightset;
}
$newtype = addslashes(Char_cv($newtype));
if ($favor) {
$db->update("UPDATE pw_favors SET type=" . pwEscape($newtype) . "WHERE uid=" . pwEscape($winduid));
} else {
$db->update("INSERT INTO pw_favors SET" . pwSqlSingle(array('uid' => $winduid, 'type' => $newtype)));
}
refreshto("u.php?action=favor", 'operate_success');
} elseif ($job == 'deltype') {
PostCheck();
!$isU && Showmsg('space_over_right');
(int) $type < 1 && Showmsg('type_error');
$tnum = $type - 1;
$rs = $db->get_one("SELECT tids,type FROM pw_favors WHERE uid=" . pwEscape($winduid));
$tiddb = getfavor($rs['tids']);
$typedb = explode(',', $rs['type']);
Add_S($typedb);
unset($typedb[$tnum]);
if ($tiddb[$type]) {
foreach ($tiddb[$type] as $key => $val) {
$tiddb['0'][$val] = $val;
}
}
unset($tiddb[$type]);
$newtids = makefavor($tiddb);
$newtype = Char_cv(implode(',', $typedb));
$db->update("UPDATE pw_favors SET " . pwSqlSingle(array('tids' => $newtids, 'type' => $newtype)) . "WHERE uid=" . pwEscape($winduid));
refreshto("u.php?action=favor", 'operate_success');
}
function getfavor($tids)
{
$tids = explode('|', $tids);
function checkuptoadmin($CK)
{
Add_S($CK);
global $db, $manager;
if (is_array($manager) && CkInArray($CK[1], $manager)) {
global $manager_pwd;
$v_key = array_search($CK[1], $manager);
if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) {
$rt = $db->get_one("SELECT uid,username,groupid,groups,password FROM pw_members WHERE username="******"SELECT uid,username,groupid,groups,password FROM pw_members WHERE username=" . pwEscape($CK[1]));
if (!SafeCheck($CK, PwdCode($rt['password']))) {
return false;
}
}
return true;
} else {
return false;
}
}
function Add_S(&$array)
{
global $config;
if (is_array($array)) {
foreach ($array as $key => $value) {
if (!is_array($value)) {
if ($value == ' ') {
$array[$key] = "";
}
if ($config['html'] == '1') {
$array[$key] = fCharchr($value);
} else {
$value = fShowhtml($value);
$array[$key] = addslashes(trim(ltrim($value)));
}
} else {
Add_S($array[$key]);
}
}
} else {
if ($array == ' ') {
$array = "";
}
if ($config['html'] == '1') {
$array = fCharchr($array);
} else {
$array = fShowhtml($array);
$array = addslashes(trim(ltrim($array)));
}
}
}
if (empty($val)) {
unset($tiddb[$key]);
}
}
$newtids = makefavor($tiddb);
$db->update("UPDATE pw_favors SET tids=" . pwEscape($newtids) . "WHERE uid=" . pwEscape($winduid));
}
refreshto("{$basename}" . 'a=my&see=postfavor', 'operate_success');
} elseif ($job == 'deltype') {
PostCheck();
(int) $ftype < 1 && Showmsg('type_error');
$tnum = $ftype - 1;
$rs = $db->get_one("SELECT tids,type FROM pw_favors WHERE uid=" . pwEscape($winduid));
list($tiddb) = getfavor($rs['tids']);
$ftypedb = explode(',', $rs['type']);
Add_S($ftypedb);
unset($ftypedb[$tnum]);
if ($tiddb[$ftype]) {
foreach ($tiddb[$ftype] as $key => $val) {
$tiddb['0'][$val] = $val;
}
}
unset($tiddb[$ftype]);
$newtids = makefavor($tiddb);
$newtype = Char_cv(implode(',', $ftypedb));
$db->update("UPDATE pw_favors SET " . pwSqlSingle(array('tids' => $newtids, 'type' => $newtype)) . "WHERE uid=" . pwEscape($winduid));
refreshto("{$basename}" . 'a=my&see=postfavor', 'operate_success');
}
// require_once(M_P.'require/header.php');
if ($space == 1 && defined('F_M')) {
$isGM = CkInArray($windid, $manager);
if ($j > 1) {
$i++;
$j = 0;
}
}
require_once PrintEot('ajax');
ajax_footer();
} elseif ($action == 'dig') {
PostCheck();
!$_G['dig'] && Showmsg("dig_right");
$read = $db->get_one("SELECT t.author,t.subject,t.dig,f.forumset FROM pw_threads t LEFT JOIN pw_forumsextra f USING(fid) WHERE tid=" . pwEscape($tid));
!$read && Showmsg('data_error');
$forumset = unserialize($read['forumset']);
!$forumset['dig'] && Showmsg('forum_dig_allow');
$rt = $db->get_one("SELECT uid,digtid FROM pw_memberinfo WHERE uid=" . pwEscape($winduid));
Add_S($rt);
if (strpos(",{$rt['digtid']},", ",{$tid},") === false) {
$read['dig']++;
$db->update("UPDATE pw_threads SET dig=dig+1 WHERE tid=" . pwEscape($tid));
if ($rt) {
strlen($rt['digtid']) > 2000 && ($rt['digtid'] = '');
$rt['digtid'] .= ($rt['digtid'] ? ',' : '') . $tid;
$db->update("UPDATE pw_memberinfo SET digtid=" . pwEscape($rt['digtid']) . "WHERE uid=" . pwEscape($winduid));
} else {
$db->update("INSERT INTO pw_memberinfo SET " . pwSqlSingle(array('uid' => $winduid, 'digtid' => $tid)));
}
require_once R_P . 'require/posthost.php';
PostHost("http://push.phpwind.net/push.php?type=dig&url=" . rawurlencode("{$db_bbsurl}/read.php?tid={$tid}") . "&tocharset={$db_charset}&title=" . rawurlencode($read['subject']) . "&bbsname=" . rawurlencode($db_bbsname), "");
Showmsg('dig_success');
} else {
Showmsg("dig_limit");
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
error_reporting(7);
//set_magic_quotes_runtime(0);
require_once 'Common/Config.inc.php';
require_once 'Common/Common.inc.php';
require_once 'Common/Function.inc.php';
require_once 'Common/Runtime.inc.php';
//添加自动加载Class路径
add_autoload_path(ZJ_PHP_PATH . "Lib/", true);
add_autoload_path(ZJ_PHP_PATH . "Extend/", true);
$_POST = Add_S($_POST);
$_GET = Add_S($_GET);
$_COOKIE = Add_S($_COOKIE);
// 可以用 $q_xx 直接访问 $_REQUEST["aa"];
foreach ($_REQUEST as $key => $value) {
$name1 = "q_" . $key;
${$name1} = $value;
}
//请求的Action和Method,在Runtime的Query对其赋值。
$_QueryAction = "";
$_QueryMethod = "";
ob_start();
//JS跨域
if (getC("CORS")) {
@header('Access-Control-Allow-Origin: ' . getC("CORS"));
}
@header('Content-Type: text/html; charset=' . WEB_LANG);
//xxx/index.php?doTaskQueue
*/
if (!defined('SI_IMAGE_GIF')) {
define('SI_IMAGE_GIF', 3);
}
/**
* Securimage CAPTCHA Class.
*
* @package Securimage
* @subpackage classes
*
*/
ob_start();
@(include_once '../../common.inc.php');
if (!get_magic_quotes_gpc() && function_exists('Add_S')) {
Add_S($_POST);
Add_S($_GET);
}
ob_end_clean();
class Securimage
{
/**
* The desired width of the CAPTCHA image.
*
* @var int
*/
var $image_width;
/**
* The desired width of the CAPTCHA image.
*
* @var int
*/
