function SendAppmsg($toname, $fromname, $subject, $content)
{
$msg = array('toUser' => $toname, 'fromUid' => '-1', 'fromUser' => $fromname, 'subject' => Char_cv(stripslashes($subject)), 'content' => Char_cv(stripslashes($content)));
require_once R_P . 'require/msg.php';
pwSendMsg($msg);
return new ApiResponse(true);
}
function initCurrUpload($key, $value)
{
list($t, $i) = explode('_', $key);
$arr = array('id' => intval($i), 'attname' => $t, 'name' => Char_cv($value['name']), 'size' => intval($value['size']), 'type' => 'zip', 'ifthumb' => 0, 'fileuploadurl' => '');
$arr['ext'] = strtolower(substr(strrchr($arr['name'], '.'), 1));
return $arr;
}
function PW_Appclient()
{
global $db_siteappkey, $timestamp, $db_sitehash, $db_siteownerid, $db_siteid, $db_bbsurl, $db_charset, $db_appifopen, $db_appbbs, $db_appo, $pwServer;
$db_bbsurl = Char_cv("http://" . $pwServer['HTTP_HOST'] . substr($pwServer['PHP_SELF'], 0, strrpos($pwServer['PHP_SELF'], '/')));
if (!file_exists(D_P . "data/bbscache/forum_appinfo.php")) {
require_once R_P . "admin/cache.php";
updatecache_f();
}
@(include_once D_P . "data/bbscache/forum_appinfo.php");
$this->_db = $GLOBALS['db'];
$this->appkey = $db_siteappkey;
$this->timestamp = time();
$this->sitehash = $db_sitehash;
$this->siteownerid = $db_siteownerid;
$this->siteid = $db_siteid;
$this->bbsurl = $db_bbsurl;
$this->charset = $db_charset;
$this->appifopen = $db_appifopen;
$this->appbbs = $db_appbbs;
$this->appo = $db_appo;
$this->_appsdb = array();
$this->_app_array = array();
$this->_appslist = $this->getApplist();
$this->appinfo = $forum_appinfo;
}
function reply($mid, $subject, $message)
{
global $_USERS;
$mid = GetNum($mid);
$temparray = $this->getone($mid);
$addarray = array('fromuid' => $_USERS['uid'], 'fromuname' => $_USERS['uname'], 'touid' => $temparray['fromuid'], 'touname' => $temparray['fromuname'], 'type' => 2, 'subject' => Char_cv($subject), 'sendtime' => time(), 'writetime' => time(), 'hasview' => 0, 'isadmin' => 0, 'message' => Char_cv($message));
return $this->add($addarray);
}
function writetoollog($log)
{
global $db, $db_bbsurl;
$log['type'] = getLangInfo('toollog', $log['type']);
$log['filename'] = Char_cv($log['filename']);
$log['username'] = Char_cv($log['username']);
$log['descrip'] = Char_cv(getLangInfo('toollog', $log['descrip'], $log));
$db->update("INSERT INTO pw_toollog SET " . pwSqlSingle(array('type' => $log['type'], 'filename' => $log['filename'], 'nums' => $log['nums'], 'money' => $log['money'], 'descrip' => $log['descrip'], 'uid' => $log['uid'], 'touid' => $log['touid'], 'username' => $log['username'], 'ip' => $log['ip'], 'time' => $log['time'])));
}
function add($uid, $appid, $appname, $allowfeed, $descrip)
{
global $timestamp;
$this->db->query_unbuffered("REPLACE INTO " . UC_DBTABLEPRE . "userapp SET " . pwSqlSingle(array('uid' => $uid, 'appid' => $appid, 'appname' => $appname, 'allowfeed' => $allowfeed)));
if ($allowfeed) {
$descrip = Char_cv($descrip);
$this->db->query_unbuffered("INSERT INTO " . UC_DBTABLEPRE . "feed SET " . pwSqlSingle(array('uid' => $uid, 'type' => 'app', 'descrip' => $descrip, 'timestamp' => $timestamp), false));
}
return new ApiResponse(true);
}
function writeforumlog($log)
{
$log['username1'] = Char_cv($log['username1']);
$log['username2'] = Char_cv($log['username2']);
$log['field1'] = Char_cv($log['field1']);
$log['field2'] = Char_cv($log['field2']);
$log['field3'] = Char_cv($log['field3']);
$log['descrip'] = Char_cv(getLangInfo('log', $log['descrip'], $log));
$GLOBALS['db']->update("INSERT INTO pw_forumlog SET " . pwSqlSingle(array('type' => $log['type'], 'username1' => $log['username1'], 'username2' => $log['username2'], 'field1' => $log['field1'], 'field2' => $log['field2'], 'field3' => $log['field3'], 'descrip' => $log['descrip'], 'timestamp' => $log['timestamp'], 'ip' => $log['ip']), false));
}
function publishTemplatizedAction($uid, $descrip, $appid)
{
//插入动态信息
global $timestamp;
$rt = $this->db->get_one("SELECT allowfeed FROM pw_userapp WHERE uid=" . pwEscape($uid) . " AND appid=" . pwEscape($appid));
if ($rt['allowfeed']) {
$descrip = Char_cv($descrip);
$this->db->update("INSERT INTO pw_feed SET " . pwSqlSingle(array('uid' => $uid, 'type' => 'app', 'descrip' => $descrip, 'timestamp' => $timestamp), false));
return new ApiResponse(true);
}
return new ApiResponse(false);
}
function setCustomdata($customdata)
{
global $db_union;
if (!is_array($db_union)) {
$db_union = explode("\t", stripslashes($db_union));
}
$custominfo = unserialize($db_union[7]);
if ($custominfo && $customdata) {
foreach ($customdata as $key => $val) {
$key = Char_cv($key);
$customdata[stripslashes($key)] = stripslashes($val);
}
$this->memberinfo['customdata'] = serialize($customdata);
}
}
function _setData()
{
$goodsname = Char_cv(GetGP('goodsname'));
$price = Char_cv(GetGP('price'));
$costprice = Char_cv(GetGP('costprice'));
$locus = Char_cv(GetGP('locus'));
$mailfee = Char_cv(GetGP('mailfee'));
$expressfee = Char_cv(GetGP('expressfee'));
$emsfee = Char_cv(GetGP('emsfee'));
$degree = intval(GetGP('degree'));
$ptype = intval(GetGP('ptype'));
$goodsnum = intval(GetGP('goodsnum'));
$paymethod = Char_cv(GetGP('paymethod'), 1);
$transport = intval(GetGP('transport'));
!$goodsname && ($goodsname = Char_cv($_POST['atc_title']));
if (!is_numeric($costprice) || $costprice <= 0) {
Showmsg('goods_setprice');
}
$goodsnum < 1 && Showmsg('goods_num_error');
$paymethod && ($paymethod = array_sum($paymethod));
$paymethod < 1 && Showmsg('goods_pay_error');
!is_numeric($price) && ($price = 0);
if ($transport) {
!is_numeric($mailfee) && ($mailfee = 0);
!is_numeric($expressfee) && ($expressfee = 0);
!is_numeric($emsfee) && ($emsfee = 0);
if (!$mailfee && !$expressfee && !$emsfee) {
Showmsg('goods_logistics');
}
} else {
$mailfee = $expressfee = $emsfee = 0;
}
$goodsicon = '';
$this->data['name'] = $goodsname;
$this->data['price'] = $price;
$this->data['costprice'] = $costprice;
$this->data['locus'] = $locus;
$this->data['mailfee'] = $mailfee;
$this->data['expressfee'] = $expressfee;
$this->data['emsfee'] = $emsfee;
$this->data['degree'] = $degree;
$this->data['type'] = $ptype;
$this->data['num'] = $goodsnum;
$this->data['paymethod'] = $paymethod;
$this->data['transport'] = $transport;
}
function setData()
{
$bonus = Char_cv(GetGP('bonus', 'P'), true);
$ctype = Char_cv(GetGP('ctype', 'P'));
$bonus['best'] < $this->b_val && Showmsg('credit_limit');
$bonus['active'] < $this->a_val && Showmsg('credit_limit');
reset($this->allowcredit);
if (!$ctype['best']) {
$ctype['best'] = current($this->allowcredit);
}
if (!$ctype['active']) {
$ctype['active'] = current($this->allowcredit);
}
if (!in_array($ctype['best'], $this->allowcredit) || !in_array($ctype['active'], $this->allowcredit)) {
Showmsg('reward_credit_error');
}
$this->data['cbtype'] = $ctype['best'];
$this->data['catype'] = $ctype['active'];
$this->data['cbval'] = $bonus['best'];
$this->data['caval'] = $bonus['active'];
}
function ModeList()
{
$modes = array();
if ($fp = opendir(R_P . 'mode')) {
while ($modedir = readdir($fp)) {
if (strpos($modedir, '.') === false) {
$infodb = array();
if (function_exists('file_get_contents')) {
$filedata = @file_get_contents(R_P . "mode/{$modedir}/info.xml");
} else {
$filedata = readover(R_P . "mode/{$modedir}/info.xml");
}
if (preg_match('/\\<modename\\>(.+?)\\<\\/modename\\>\\s+\\<descrip\\>(.+?)\\<\\/descrip\\>/is', $filedata, $infodb)) {
$infodb[1] && ($modename = Char_cv(str_replace(array("\n"), '', $infodb[1])));
}
$modes[$modedir] = array('m_name' => $modename, 'ifopen' => 1, 'title' => $modename);
}
}
closedir($fp);
}
return $modes;
}
function _setData()
{
$this->data['subject'] = Char_cv(GetGP('act_subject', 'P'));
$this->data['location'] = Char_cv(GetGP('act_location', 'P'));
$this->data['sexneed'] = intval(GetGP('act_sex'));
$act_starttime = Char_cv(GetGP('act_starttime'));
$act_deadline = Char_cv(GetGP('act_deadline'));
$act_endtime = Char_cv(GetGP('act_endtime'));
$act_num = intval(GetGP('act_num'));
$act_costs = intval(GetGP('act_costs'));
!($this->data['subject'] && $act_starttime && $act_deadline) && Showmsg('active_data_empty');
$act_starttime = PwStrtoTime($act_starttime);
$act_endtime = PwStrtoTime($act_endtime);
$act_deadline = PwStrtoTime($act_deadline);
$act_num < 1 && ($act_num = 0);
$act_costs < 1 && ($act_costs = 0);
$this->data['starttime'] = $act_starttime;
$this->data['deadline'] = $act_deadline;
$this->data['endtime'] = $act_endtime;
$this->data['num'] = $act_num;
$this->data['costs'] = $act_costs;
}
function _setData()
{
global $timestamp;
$endtime = Char_cv(GetGP('endtime'));
$obtitle = Char_cv(GetGP('obtitle'));
$retitle = Char_cv(GetGP('retitle'));
$umpire = Char_cv(GetGP('umpire'));
$endtime = PwStrtoTime($endtime);
$endtime < $timestamp && Showmsg('debate_time');
if (empty($obtitle) || empty($retitle)) {
Showmsg('debate_notitle');
} elseif (strlen($obtitle) > 255 || strlen($retitle) > 255) {
Showmsg('debate_titlelen');
}
if ($umpire) {
$umpireuid = $this->db->get_value("SELECT uid FROM pw_members WHERE username=" . pwEscape($umpire));
empty($umpireuid) && Showmsg('debate_noumpire');
}
$this->data['endtime'] = $endtime;
$this->data['obtitle'] = $obtitle;
$this->data['retitle'] = $retitle;
$this->data['umpire'] = $umpire;
$this->data['postdate'] = $timestamp;
}
!$modelid && ($topiccatestyle = 'style="display:none"');
!$pcid && ($postcatestyle = 'style="display:none"');
//团购活动
@(include_once D_P . 'data/bbscache/postcate_config.php');
}
$ajaxurl = EncodeUrl($basename);
include PrintEot('setforum');
exit;
} elseif ($_POST['step'] == 2) {
$forum = $db->get_one("SELECT type,fup,forumadmin,logo FROM pw_forums WHERE fid=" . pwEscape($fid));
InitGP(array('name', 'descrip', 'metadescrip'), 'P', 0);
InitGP(array('vieworder', 'dirname', 'style', 'across', 'keywords'), 'P');
$name = str_replace('<iframe', '<iframe', $name);
$descrip = str_replace('<iframe', '<iframe', $descrip);
$metadescrip = str_replace('<iframe', '<iframe', $metadescrip);
$keywords = Char_cv($keywords);
strlen($descrip) > 250 && adminmsg('descrip_long');
strlen($metadescrip) > 250 && adminmsg('descrip_long');
if ($forum['type'] == 'category') {
$db->update("UPDATE pw_forums SET " . pwSqlSingle(array('name' => $name, 'vieworder' => $vieworder, 'dirname' => $dirname, 'style' => $style, 'across' => $across, 'cms' => $cms)) . " WHERE fid=" . pwEscape($fid));
} else {
InitGP(array('forumsetdb', 'uploadset', 'rewarddb', 'cfup', 'ffup', 'showsub', 'ifhide', 'viewsub', 'allowhide', 'allowsell', 'copyctrl', 'f_check', 'password', 'allowvisit', 'allowread', 'allowpost', 'allowrp', 'allowupload', 'allowdownload', 'otherfid', 'otherforum', 'allowtime', 'allowtype', 'recycle', 'forumsell', 'sdate', 'cprice', 'rprice', 'logotype', 'logo_upload', 'logo_url', 'ifdellogo', 't_view_db', 'new_t_view_db', 't_logo_db', 'new_t_logo_db', 'new_t_sub_logo_db', 'new_t_sub_view_db', 't_type', 'modelid', 'pcid'), 'P');
InitGP(array('t_db', 'new_t_db', 'new_t_sub_db', 'f_type'), 'P', 0);
InitGP(array('ifcms'));
//主题分类
//更新原有的分类
foreach ($t_db as $key => $value) {
$db->update("UPDATE pw_topictype SET " . pwSqlSingle(array('name' => $value, 'vieworder' => $t_view_db[$key], 'logo' => $t_logo_db[$key])) . " WHERE id=" . pwEscape($key));
}
//增加新分类
foreach ($new_t_db as $key => $value) {
}
require_once PrintEot('forumcp');
footer();
} elseif ($type == 'addmsg') {
if (empty($_POST['step'])) {
$adminname = explode(',', trim($forums['forumadmin'], ','));
require_once PrintEot('forumcp');
footer();
} else {
PostCheck();
!$fid && Showmsg('annouce_fid');
InitGP(array('msgtype', 'toname', 'savetime'), 'P');
!$msgtype && !$toname && Showmsg('forummsg_object');
$msgtype == 1 ? $toname = '' : ($msgtype = 2);
$savetime = $timestamp + (intval($savetime) > 0 ? intval($savetime) : 30) * 86400;
$message = trim(Char_cv($_POST['message']));
!$message && Showmsg('forummsg_content');
$toname = "," . implode(',', $toname) . ",";
$pwSQL = pwSqlSingle(array('fid' => $fid, 'uid' => $winduid, 'username' => $windid, 'toname' => $toname, 'msgtype' => $msgtype, 'posttime' => $timestamp, 'savetime' => $savetime, 'message' => $message));
$db->update("INSERT INTO pw_forummsg SET {$pwSQL}");
refreshto("forumcp.php?action=edit&type=msg&fid={$fid}", 'operate_success');
}
}
} elseif ($action == 'del') {
PostCheck();
InitGP(array('selid', 'type'));
$selids = array();
foreach ($selid as $key => $value) {
is_numeric($value) && ($selids[] = $value);
}
if ($selids) {
function Getcustom($data, $unserialize = true, $strips = null)
{
global $db_union;
$customdata = array();
if (!$data || ($unserialize ? !is_array($data = unserialize($data)) : !is_array($data))) {
$data = array();
} elseif (!is_array($custominfo = unserialize($db_union[7]))) {
$custominfo = array();
}
if (!empty($data) && !empty($custominfo)) {
foreach ($data as $key => $value) {
if (!empty($strips)) {
$customdata[stripslashes(Char_cv($key))] = stripslashes(Char_cv($value));
} elseif ($custominfo[$key] && $value) {
$customdata[$key] = $value;
}
}
}
return array($customdata, $custominfo);
}
}
if ($action == 'update') {
include D_P . 'data/bbscache/forum_cache.php';
InitGP(array('contents', 'forums'), 'p');
foreach ($forums as $key => $value) {
$forums[$key]['title'] = $value['title'] = Char_cv(strip_tags($value['title']));
$forums[$key]['descrip'] = $value['descrip'] = Char_cv(strip_tags($value['descrip']));
$forums[$key]['keywords'] = $value['keywords'] = Char_cv(strip_tags($value['keywords']));
if ($forum[$key]['title'] != $value['title'] || $forum[$key]['descrip'] != $value['descrip'] || $forum[$key]['keywords'] != $value['keywords']) {
$db->update("UPDATE pw_forums SET title=" . pwEscape($value['title']) . ",metadescrip=" . pwEscape($value['descrip']) . ",keywords=" . pwEscape($value['keywords']) . " WHERE fid = " . pwEscape($key));
}
}
updatecache_f();
$db_bbstitle = array('index' => Char_cv(strip_tags($contents['title_index'])), 'thread' => Char_cv(strip_tags($contents['title_thread'])), 'read' => Char_cv(strip_tags($contents['title_read'])));
$db_metadescrip = array('index' => Char_cv(strip_tags($contents['metadesc_index'])), 'thread' => Char_cv(strip_tags($contents['metadesc_thread'])), 'read' => Char_cv(strip_tags($contents['metadesc_read'])));
$db_metakeyword = array('index' => Char_cv(strip_tags($contents['metakeyword_index'])), 'thread' => Char_cv(strip_tags($contents['metakeyword_thread'])), 'read' => Char_cv(strip_tags($contents['metakeyword_read'])));
$config = array();
$config[] = array('db_name' => $db_names[0], 'vtype' => 'array', 'db_value' => serialize($db_bbstitle));
$config[] = array('db_name' => $db_names[1], 'vtype' => 'array', 'db_value' => serialize($db_metadescrip));
$config[] = array('db_name' => $db_names[2], 'vtype' => 'array', 'db_value' => serialize($db_metakeyword));
$sql = "REPLACE INTO pw_config (db_name,vtype,db_value) VALUES " . pwSqlMulti($config);
$db->update($sql);
updatecache_c();
$basename = $basename . '&mode=' . $mode;
adminmsg('operate_success');
} else {
if (!file_exists(D_P . 'data/bbscache/config.php') || !isset($db_bbstitle) || !isset($db_metadescrip) || !isset($db_metakeyword)) {
$sql = "SELECT * FROM pw_config WHERE db_name IN ( " . pwImplode($db_names) . " ) ";
$query = $db->query($sql);
while ($rt = $db->fetch_array($query)) {
${$rt['db_name']} = unserialize($rt['db_value']);
}
include PrintEot('postcate');
exit;
} elseif ($step == '2') {
InitGP(array('subject', 'atc_content', 'uids'));
$cache_file = D_P . "data/bbscache/" . substr(md5($admin_pwd), 10, 10) . ".txt";
if (!$nexto) {
writeover($cache_file, $atc_content);
} else {
$atc_content = readover($cache_file);
}
if (empty($subject) || empty($atc_content)) {
adminmsg('sendmsg_empty', 'javascript:history.go(-1);');
}
$subject = Char_cv($subject);
$sendmessage = Char_cv($atc_content);
$percount = 1;
empty($nexto) && ($nexto = 1);
$uids = explode(',', $uids);
$count = count($uids);
if ($uids) {
$uids = pwImplode($uids);
$msg_a = array();
$query = $db->query("SELECT uid,username,email,newpm FROM pw_members WHERE uid IN({$uids})");
while (@extract($db->fetch_array($query))) {
$sendmessage = str_replace("\$email", $email, $atc_content);
$sendmessage = str_replace("\$windid", $username, $sendmessage);
$msg_a[] = array($uid, '0', 'System', 'rebox', '1', $timestamp, $subject, $sendmessage);
}
//TODO 新消息提醒
if ($msg_a) {
if (!If_manager) {
Iplimit();
$temp_a = array_merge($_POST, $_GET);
foreach ($temp_a as $key => $value) {
if ($key != 'module') {
CheckVar($value);
}
}
unset($temp_a);
$admin_level = $ltitle[$admin_gid];
} else {
$admin_level = getLangInfo('other', 'admin_level');
//'manager';
}
$_postdata = $_POST ? PostLog($_POST) : '';
$new_record = '|' . str_replace('|', '|', Char_cv($admin_name)) . '||' . str_replace('|', '|', Char_cv($REQUEST_URI)) . "|{$onlineip}|{$timestamp}|{$_postdata}|\n";
writeover($bbsrecordfile, $new_record, "ab");
if ($pwServer['REQUEST_METHOD'] == 'POST') {
$referer_a = @parse_url($pwServer['HTTP_REFERER']);
if ($referer_a['host']) {
list($http_host) = explode(':', $pwServer['HTTP_HOST']);
if ($referer_a['host'] != $http_host) {
adminmsg('undefined_action');
}
}
unset($referer_a);
PostCheck($verify);
}
unset($_postdata, $new_record, $bbsrecordfile, $dbhost, $dbuser, $dbpw, $dbname, $pconnect, $newmanager, $newmngpwd);
function HtmlConvert(&$array)
{
$atc_content = $reinfo['content'];
}
} elseif (is_numeric($touid)) {
$reinfo = $db->get_one("SELECT uid,username FROM pw_members WHERE uid=" . pwEscape($touid));
if ($type == 'birth') {
$subject = getLangInfo('writemsg', 'birth_title');
$atc_content = getLangInfo('writemsg', 'birth_content');
}
}
require_once PrintEot('ajax');
ajax_footer();
} else {
PostCheck(1, $db_gdcheck & 8);
InitGP(array('msg_title', 'pwuser', 'ifsave'), 'P');
InitGP(array('atc_content'), 'P', 0);
$atc_content = trim(Char_cv($atc_content));
if (!$atc_content || !$msg_title || !$pwuser) {
Showmsg('msg_empty');
} elseif (strlen($msg_title) > 75 || strlen($atc_content) > 1500) {
Showmsg('msg_subject_limit');
}
require_once R_P . 'require/bbscode.php';
$wordsfb = L::loadClass('FilterUtil');
if (($banword = $wordsfb->comprise($msg_title)) !== false) {
Showmsg('title_wordsfb');
}
if (($banword = $wordsfb->comprise($atc_content, false)) !== false) {
Showmsg('content_wordsfb');
}
$msgq && Qcheck($_POST['qanswer'], $_POST['qkey']);
$rt = $db->get_one("SELECT uid,banpm,msggroups FROM pw_members WHERE username=" . pwEscape($pwuser));
function addLog($creditlog, $username, $uid, $logtype)
{
global $db, $creditset, $credit, $timestamp, $db_ifcredit, $onlineip;
$credit_pop = '';
$cLog = array();
empty($creditset) && ($creditset = array());
foreach ($creditset as $key => $affect) {
if (isset($credit->cType[$key]) && $affect != 0 && isset($creditlog[$key])) {
$log['username'] = Char_cv($username);
$log['cname'] = $credit->cType[$key];
$log['affect'] = $affect;
$log['affect'] > 0 && ($log['affect'] = '+' . $log['affect']);
$log['descrip'] = Char_cv(getLangInfo('creditlog', $logtype, $log));
$credit_pop .= $key . ":" . $log['affect'] . '|';
$cLog[] = array($uid, $log['username'], $key, $affect, $timestamp, $logtype, $onlineip, $log['descrip']);
}
}
if ($db_ifcredit && $credit_pop) {
//Credit Changes Tips
$credit_pop = $logtype . '|' . $credit_pop;
$db->update("UPDATE pw_memberdata SET creditpop=" . pwEscape($credit_pop) . " WHERE uid=" . pwEscape($uid), 0);
}
if (!empty($cLog)) {
$db->update("INSERT INTO pw_creditlog (uid,username,ctype,affect,adddate,logtype,ip,descrip) VALUES " . pwSqlMulti($cLog, false));
}
$cLog = array();
}
<?php
!function_exists('readover') && exit('Forbidden');
include_once D_P . 'data/bbscache/forum_cache.php';
$query = $db->query("SELECT t.tid,t.fid,t.authorid,t.subject,t.postdate FROM pw_threads t LEFT JOIN pw_reward r USING(tid) WHERE t.special='3' AND t.state='0' AND r.timelimit<'{$timestamp}' ORDER BY t.postdate ASC LIMIT 100");
$tids = $uiddb = $msg_a = array();
while ($rt = $db->fetch_array($query)) {
$rt['postdate'] = get_date($rt['postdate']);
$tids[$rt['tid']] = $rt;
}
$title = Char_cv(getLangInfo('writemsg', 'rewardmsg_notice_title'));
foreach ($tids as $tid => $msg) {
$L = array('tid' => $tid, 'subject' => $msg['subject'], 'postdate' => $msg['postdate'], 'fid' => $msg['fid'], 'name' => $forum[$msg['fid']]['name']);
$content = Char_cv(getLangInfo('writemsg', 'rewardmsg_notice_content', $L));
$msg_a[] = array($msg['authorid'], '0', 'SYSTEM', 'rebox', '1', $timestamp, $title, $content);
}
if ($msg_a) {
require_once R_P . 'require/msg.php';
send_msgc($msg_a);
}
/**
* 验证是否登录
* @return boolean
*/
public function is_login()
{
$cookie = array_var($_COOKIE, AUTH_KEY . '_admin_auth');
if (isset($cookie) and !empty($cookie)) {
$cookie_data = explode(':', authcode($cookie, $operation = 'DECODE'));
if (count($cookie_data) == 3) {
$current_cookie_auth = $cookie_data[1];
if ($current_cookie_auth == $this->get_user_agent()) {
$current_cookie_username = $cookie_data[0];
$current_cookie_password = $cookie_data[2];
if (self::verify_login_in($current_cookie_username, $current_cookie_password)) {
$post = $_POST;
if ($_GET['c'] == 'config' && $_GET['a'] == 'mail') {
unset($post['config']['smtppass']);
}
$_postdata = $post ? PostLog($post) : '';
$REQUEST_URI = '?' . $_SERVER['QUERY_STRING'];
$onlineip = get_client_ip();
$timestamp = time();
$admin_recordfile = PATH_ADMIN_LOG_PATH . "/admin_log_" . date('Y-m-d') . ".php";
$record_name = str_replace('|', '|', Char_cv($current_cookie_username));
$record_URI = str_replace('|', '|', Char_cv($REQUEST_URI));
$new_record = "<?die;?>" . date('Y-m-d H:i:s') . "|{$record_name}|{$record_URI}|{$onlineip}|{$timestamp}|{$_postdata}|\n";
if (USERNAME != 'admin') {
writeover($admin_recordfile, $new_record, "ab");
$oparr = doqueryurl();
$opuser = USERNAME;
$opaday = date('Ymd', time());
$opctrl = 'c=' . $_GET['c'];
$opact = 'a=' . $_GET['a'];
$opstring = $oparr[2];
$times = time();
if ($_GET['a'] == 'welcome' || $_GET['a'] == 'menu' || $_GET['a'] == 'top' || $_GET['a'] == 'getusermsgstatus') {
} else {
$oplogdata = array();
$oplogdata['aday'] = $opaday;
$oplogdata['username'] = $opuser;
$oplogdata['ctrl'] = $opctrl;
$oplogdata['act'] = $opact;
$oplogdata['query'] = $opstring;
$oplogdata['timestamp'] = $times;
pm_db::query("INSERT INTO iosadm_oplog (aday,username,ctrl,act,`query`,timestamp) VALUES ('{$opaday}','{$opuser}','{$opctrl}','{$opact}','{$opstring}','{$times}')");
}
}
}
return true;
}
// username_exists( )
}
//$current_cookie_auth
}
return false;
}
}
} else {
$evalue = $Table->getone($aid);
//print_r($evalue);
include "tpl/otype_list.htm";
}
} elseif ($action == "edit") {
InitGP(array("node", "typeid", "typename"));
//初始化变量全局返回
if (!empty($_POST) and !empty($typename)) {
$typeid = GetNum($typeid);
if (empty($typename)) {
showmsg("名称不能为空!", PHP_SELF);
}
//出错!
$arrayadd = array("node" => Char_cv($node), "typename" => Char_cv($typename), "listorder" => GetNum($listorder));
$info = $Table->edit($typeid, $arrayadd);
if ($info == "OK") {
showmsg("更新成功!", PHP_SELF);
//出错!
} else {
showmsg("更新失败!", "-1");
//出错!
}
} else {
$evalue = $Table->getone($aid);
//print_r($evalue);
include "tpl/otype_list.htm";
}
} elseif ($action == "del" && !empty($did)) {
//执行删除操作
!$isU && Showmsg('space_over_right');
(int) $type < 1 && Showmsg('type_error');
$tnum = $type - 1;
$rs = $db->get_one("SELECT tids,type FROM pw_favors WHERE uid=" . pwEscape($winduid));
$tiddb = getfavor($rs['tids']);
$typedb = explode(',', $rs['type']);
Add_S($typedb);
unset($typedb[$tnum]);
if ($tiddb[$type]) {
foreach ($tiddb[$type] as $key => $val) {
$tiddb['0'][$val] = $val;
}
}
unset($tiddb[$type]);
$newtids = makefavor($tiddb);
$newtype = Char_cv(implode(',', $typedb));
$db->update("UPDATE pw_favors SET " . pwSqlSingle(array('tids' => $newtids, 'type' => $newtype)) . "WHERE uid=" . pwEscape($winduid));
refreshto("u.php?action=favor", 'operate_success');
}
function getfavor($tids)
{
$tids = explode('|', $tids);
$tiddb = array();
foreach ($tids as $key => $t) {
if ($t) {
$v = explode(',', $t);
foreach ($v as $k => $v1) {
$tiddb[$key][$v1] = $v1;
}
}
}
function getallbyanonymous($anonymous)
{
$anonymous = Char_cv($anonymous);
return $this->getdata("", "anonymous = '{$anonymous}'", "goodsseller desc,gid desc");
}
function HackList()
{
$hackdb = array();
if ($fp = opendir(R_P . 'hack')) {
$infodb = array();
while ($hackdir = readdir($fp)) {
if (strpos($hackdir, '.') === false) {
$hackopen = 0;
$hackname = $hackdir;
$filedata = readover(R_P . "hack/{$hackdir}/info.xml");
if (preg_match('/\\<hackname\\>(.+?)\\<\\/hackname\\>\\s+\\<ifopen\\>(.+?)\\<\\/ifopen\\>/is', $filedata, $infodb)) {
$infodb[1] && ($hackname = Char_cv(str_replace(array("\n"), '', $infodb[1])));
$hackopen = (int) $infodb[2];
}
$hackdb[$hackdir] = array($hackname, $hackdir, $hackopen);
}
}
closedir($fp);
}
return $hackdb;
}
$installdb['noindex'][$key] = $value;
}
}
if ($fp = opendir(R_P . 'hack')) {
$infodb = array();
while ($hackdir = readdir($fp)) {
if (strpos($hackdir, '.') === false && empty($db_hackdb[$hackdir])) {
$hackname = $hackdir;
$hackopen = 0;
if (function_exists('file_get_contents')) {
$filedata = @file_get_contents(R_P . "hack/{$hackdir}/info.xml");
} else {
$filedata = readover(R_P . "hack/{$hackdir}/info.xml");
}
if (preg_match('/\\<hackname\\>(.+?)\\<\\/hackname\\>\\s+\\<ifopen\\>(.+?)\\<\\/ifopen\\>/is', $filedata, $infodb)) {
$infodb[1] && ($hackname = Char_cv(str_replace(array("\n"), '', $infodb[1])));
$hackopen = (int) $infodb[2];
}
$hackurl = EncodeUrl("{$basename}&action=add&hackdir={$hackdir}&hackname=" . rawurlencode($hackname) . "&hackopen={$hackopen}");
$uninstalldb[] = array($hackname, $hackdir, $hackopen, $hackurl);
}
}
closedir($fp);
}
unset($db_hackdb);
include PrintEot('hackcenter');
exit;
} elseif ($action == 'edit') {
InitGP(array('hackname'), 'GP', 0);
//InitGP(array('hackopen'),'GP',2);
//$navMenu = L::loadClass('navmenu');
$p_name = Char_cv($pdata->name);
$p_price = GetNum($pdata->price);
$p_fee = GetNum($pdata->freight);
$p_num = GetNum($pdata->buyNum);
$p_note = Char_cv($pdata->remark);
$p_url = Char_cv($pdata->href);
$p_size = Char_cv($pdata->chicun);
$p_color = Char_cv($pdata->yanse);
$p_saler = Char_cv($pdata->shopName);
$s_url = Char_cv($pdata->shopHref);
$picture = Char_cv($pdata->picture);
$type = GetNum($pdata->type);
if ($type == 0) {
$type = 1;
}
$expressno = Char_cv($pdata->expressno);
if (strlen($p_name) <= 0 || strlen($p_price) <= 0 || $p_fee < 0 || strlen($p_num) <= 0 || strlen($p_url) <= 0) {
echo 132;
return;
}
$preg = $shopsite->getpreg($p_url);
//获取站点
//放入购物车处理
$addarray = array('goodsurl' => $p_url, 'goodsname' => $p_name, 'goodsprice' => $p_price, 'sendprice' => $p_fee, 'goodsnum' => $p_num, 'goodsimg' => $picture, 'goodssize' => $p_size, 'goodscolor' => $p_color, 'goodsseller' => $p_saler, 'sellerurl' => $s_url, 'goodssite' => $preg['shopname'], 'siteurl' => $preg['shopurl'], 'expressno' => $expressno, 'type' => $type, 'goodsremark' => $p_note, 'addtime' => time());
include INC_PATH . "/cart.class.php";
$Cart = CartClass::init();
$info = $Cart->add($addarray);
if (GetNum($info)) {
echo json_encode('OK');
} else {
echo $info;
