function checkLogin()
{
global $db;
$m_name = be("post", "m_name");
$m_name = chkSql($m_name, true);
$m_password = be("post", "m_password");
$m_password = chkSql($m_password, true);
$m_password = md5($m_password);
$m_check = be("post", "m_check");
if (isN($m_name) || isN($m_password) || isN($m_check)) {
alertUrl("请输入您的用户名或密码!", "?action=login");
}
$row = $db->getRow("SELECT * FROM {pre}manager WHERE m_name='" . $m_name . "' AND m_password = '******' AND m_status=1");
if ($row && $m_check == app_safecode) {
sCookie("adminid", $row["m_id"]);
sCookie("adminname", $row["m_name"]);
sCookie("adminlevels", $row["m_levels"]);
$randnum = md5(rand(1, 99999999));
sCookie("admincheck", md5($randnum . $row["m_name"] . $row["m_id"]));
$db->Update("{pre}manager", array("m_logintime", "m_loginip", "m_random"), array(date("Y-m-d H:i:s"), getIP(), $randnum), " m_id=" . $row["m_id"]);
echo "<script>top.location.href='index.php';</script>";
} else {
alertUrl("您输入的用户名和密码不正确或者您不是系统管理员!", "?action=login");
}
}
function chkLogin()
{
global $db;
$m_id = getCookie("adminid");
$m_id = chkSql($m_id, true);
$m_name = getCookie("adminname");
// writetofile("operate.log", "loginame:{".$m_name ."};action:{".be("all","action")."};referce:{".getReferer()."}.request:{".$_SERVER["REQUEST_URI"]."};parameters GET:{".json_encode($_GET)."}" );
writetofile("operate.log", "loginame:{" . $m_name . "};action:{" . be("all", "action") . "};referce:{" . getReferer() . "}.request:{" . $_SERVER["REQUEST_URI"] . "};parameters POST:{" . json_encode($_POST) . "}");
$m_name = chkSql($m_name, true);
if (!isN($m_name) && !isN($m_id)) {
$row = $db->getRow("SELECT * FROM {pre}manager WHERE m_name='" . $m_name . "' AND m_id= '" . $m_id . "' AND m_status ='1'");
if ($row) {
$loginValidate = md5($row["m_random"] . $row["m_name"] . $row["m_id"]);
if (getCookie("admincheck") != $loginValidate) {
sCookie("admincheck", "");
die("<script>top.location.href='index.php?action=login';</script>");
}
} else {
sCookie("admincheck", "");
die("<script>top.location.href='index.php?action=login';</script>");
}
} else {
die("<script>top.location.href='index.php?action=login';</script>");
}
}
if (strpos($tpl->H, '{maccms:count_gbook_all}')) {
$tpl->H = str_replace("{maccms:count_gbook_all}", $tpl->getDataCount('gbook', "all"), $tpl->H);
}
if (strpos($tpl->H, '{maccms:count_gbook_day}')) {
$tpl->H = str_replace("{maccms:count_gbook_day}", $tpl->getDataCount('gbook', "day"), $tpl->H);
}
$tpl->pageshow();
} elseif ($method == 'save') {
$g_vid = be("all", "g_vid");
$g_vid = chkSql($g_vid);
$g_name = be("all", "g_name");
$g_name = chkSql($g_name);
$g_content = be("all", "g_content");
$g_content = chkSql($g_content);
$g_code = be("all", "g_code");
$g_code = chkSql($g_code);
if (!isNum($g_vid)) {
$g_vid = 0;
}
if (isN($g_name) || isN($g_content)) {
alert('请输入昵称和内容');
exit;
}
if ($MAC['other']['gbookverify'] == 1 && $_SESSION["code_gbook"] != $g_code) {
alert('验证码错误');
exit;
}
if (getTimeSpan("last_gbooktime") < $MAC['other']['gbooktime']) {
alert('请不要频繁操作');
exit;
}
$tpl->C["siteaid"] = 14;
$tpl->P['cp'] = 'vodtopic';
$tpl->P['cn'] = $tpl->P['id'] . '-' . $tpl->P['pg'] . '-' . $tpl->P['order'] . '-' . $tpl->P['by'];
echoPageCache($tpl->P['cp'], $tpl->P['cn']);
$tpl->P['vodtopicid'] = $tpl->P['id'];
$tpl->T = $MAC_CACHE['vodtopic'][$tpl->P['vodtopicid']];
if (!is_array($tpl->T)) {
showMsg("获取数据失败,请勿非法传递参数", "../");
}
$db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']);
$tpl->loadtopic('vod');
$tpl->pageshow();
} elseif ($method == 'search') {
$tpl->C["siteaid"] = 15;
$wd = trim(be("all", "wd"));
$wd = chkSql($wd);
if (!empty($wd)) {
$tpl->P["wd"] = $wd;
}
//if(empty($tpl->P["wd"]) && empty($tpl->P["ids"]) && empty($tpl->P["pinyin"]) && empty($tpl->P["starring"]) && empty($tpl->P["directed"]) && empty($tpl->P["area"]) && empty($tpl->P["lang"]) && empty($tpl->P["year"]) && empty($tpl->P["letter"]) && empty($tpl->P["tag"]) && empty($tpl->P["type"]) && empty($tpl->P["typeid"]) && empty($tpl->P["classid"]) ){ alert ("搜索参数不正确"); }
if ($tpl->P['pg'] == 1 && getTimeSpan("last_searchtime") < $MAC['app']['searchtime']) {
showMsg("请不要频繁操作,时间间隔为" . $MAC['app']['searchtime'] . "秒", MAC_PATH);
exit;
}
$tpl->P['cp'] = 'vodsearch';
$tpl->P['cn'] = urlencode($tpl->P['wd']) . '-' . $tpl->P['pg'] . '-' . $tpl->P['order'] . '-' . $tpl->P['by'] . '-' . $tpl->P['ids'] . '-' . $tpl->P['pinyin'] . '-' . $tpl->P['type'] . '-' . $tpl->P['year'] . '-' . $tpl->P['letter'] . '-' . $tpl->P['typeid'] . '-' . $tpl->P['classid'] . '-' . urlencode($tpl->P['area']) . '-' . urlencode($tpl->P['lang']) . '-' . urlencode($tpl->P['tag']) . '-' . urlencode($tpl->P['starring']) . '-' . urlencode($tpl->P['directed']);
echoPageCache($tpl->P['cp'], $tpl->P['cn']);
$tpl->P["where"] = '';
$tpl->P["des"] = '';
$db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']);
foreach ($tpl->P as $k => $v) {
exit;
}
$g_name = badFilter($g_name);
$g_content = badFilter($g_content);
$g_ip = ip2long(getIP());
$g_time = time();
$db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']);
$db->Add("{pre}gbook", array("g_vid", "g_hide", "g_name", "g_ip", "g_time", "g_content"), array($g_vid, $g_hide, $g_name, $g_ip, $g_time, $g_content));
$_SESSION["last_gbook"] = time();
$_SESSION["code_gbook"] = "";
echo "<script>alert('报错成功,多谢支持!');window.close();</script>";
} elseif ($ac == 'suggest') {
$q = be("get", "q");
$q = chkSql($q);
$t = be("get", "t");
$t = chkSql($t);
$res = '{"status":0,"info":"err","data":[{}]}';
if (!empty($q)) {
$q = mysql_real_escape_string($q);
$sql = "SELECT d_name from {pre}vod WHERE d_name like '" . $q . "%' or d_enname like '" . $q . "%' ";
if ($t == 'art') {
"SELECT a_name from {pre}art WHERE a_name like '" . $q . "%' or a_enname like '" . $q . "%' ";
}
$rs = $db->queryArray($sql, false);
if ($rs) {
echo '{"status":1,"info":"ok","data":' . json_encode($rs) . '}';
return;
}
unset($rs);
}
echo $res;
$curhours = date("H", time());
if (strlen($oldhours) == 1 && intval($oldhours) < 10) {
$oldhours = '0' . $oldhours;
}
if (strlen($curhours) == 1 && intval($curhours) < 10) {
$curhours = substr($curhours, 1, 1);
}
if (!empty($m) && $tname == $m || $tstatus == 1 && (empty($truntime) || $oldweek . "-" . $oldhours != $curweek . "-" . $curhours && strpos($tweeks, $curweek) > -1 && strpos($thours, $curhours) > -1)) {
$timmingnode->getElementsByTagName("runtime")->item(0)->nodeValue = time();
$doc->save($xmlpath);
$p = array();
$m = $tparamets;
$par = explode('-', $m);
$parlen = count($par);
$ac = $par[0];
$colnum = array('id', 'pg');
if ($parlen >= 2) {
$method = $par[1];
for ($i = 2; $i < $parlen; $i += 2) {
$p[$par[$i]] = in_array($par[$i], $colnum) ? intval($par[$i + 1]) : chkSql(urldecode($par[$i + 1]));
}
}
if ($p['pg'] < 1) {
$p['pg'] = 1;
}
unset($colnum);
$db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']);
include MAC_ROOT . "/inc/timming/" . $tfile;
}
}
unset($doc, $p, $par);
require "conn.php";
require MAC_ROOT . '/inc/common/360_safe3.php';
if ($MAC['api']['vod']['status'] == 0) {
echo "closed";
exit;
}
$db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']);
$ac = be("get", "ac");
$t = intval(be("get", "t"));
$pg = intval(be("get", "pg"));
$h = intval(be("get", "h"));
$wd = be("get", "wd");
$wd = chkSql($wd);
$ids = be("all", "ids");
$ids = chkSql($ids);
if ($pg < 1) {
$pg = 1;
}
if ($ac == 'videolist') {
$cp = 'api';
$cn = 'videolist' . $t . "-" . $pg . "-" . $wd . "-" . $h . "-" . str_replace(",", "", $ids);
echoPageCache($cp, $cn);
$xmla = "<?xml version=\"1.0\" encoding=\"utf-8\"?>";
$xmla .= "<rss version=\"5.1\">";
$sql = "select * from {pre}vod where 1=1 ";
$sql1 = "select count(*) from {pre}vod where 1=1 ";
if (!empty($ids)) {
$arr = explode(',', $ids);
for ($i = 0; $i < count($arr); $i++) {
$arr[$i] = intval($arr[$i]);
if (!isNum($buynum)) {
alert("充值金额必须是数字!");
exit;
} else {
$buynum = intval($buynum);
}
if ($buynum < app_buymin) {
alert("最小充值金额是" . app_buymin . "元,请重填!");
exit;
}
} elseif ($method == 'paysave') {
chkLogin();
$cardnum = be("post", "cardnum");
$cardnum = chkSql($cardnum);
$cardpwd = be("post", "cardpwd");
$cardpwd = chkSql($cardpwd);
if (isN($cardnum)) {
alert("卡号不能为空!");
exit;
}
if (isN($cardpwd)) {
alert("卡号密码不能为空");
exit;
}
$sql = "SELECT * FROM {pre}user_card WHERE c_number='" . mysql_real_escape_string($cardnum) . "'and c_pass='******'";
$row = $db->getRow($sql);
if (!$row) {
alert("该充值卡不存在或者卡号密码错了");
exit;
} else {
if ($row["c_used"] == 1) {
function score()
{
global $db, $action, $id;
$score = be("get", "score");
$score = chkSql($score, true);
$ac3 = be("get", "ac3");
if (getCookie("vodscore_" . $id) == "ok") {
echo "haved";
exit;
}
if (!isNum($id)) {
echo "err";
exit;
}
if (!isNum($score)) {
$score = 0;
} else {
$score = intval($score);
}
if ($score < 0) {
$score = 0;
}
if ($score > 10) {
$score = 10;
}
$res = 0;
$row = $db->getRow("SELECT d_score,d_scorecount FROM {pre}vod WHERE d_id=" . $id);
if ($row) {
$d_score = $row["d_score"] + $score;
$d_scorecount = $row["d_scorecount"] + 1;
$db->Update("{pre}vod", array("d_score", "d_scorecount"), array($d_score, $d_scorecount), "d_id=" . $id);
$res = round($d_score / $d_scorecount, 1);
if ($ac3 == "all") {
$res = $d_score . "," . $d_scorecount . "," . round($d_score / $d_scorecount, 1);
}
}
unset($row);
sCookie("vodscore_" . $id, "ok");
echo $res;
}
$db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']);
$tpl->mark();
$tpl->H = str_replace("{maccms:commentverify}", $MAC['other']['commentverify'], $tpl->H);
$ps = 'MAC.Comment.Show(\'{url}\')';
$tpl->pageshow($ps);
} elseif ($method == 'save') {
$c_vid = intval(be("all", "vid"));
$c_vid = chkSql($c_vid);
$c_name = be("all", "c_name");
$c_name = chkSql($c_name);
$c_type = intval(be("all", "aid"));
$c_type = chkSql($c_type);
$c_content = be("all", "c_content");
$c_content = chkSql($c_content);
$c_code = be("all", "c_code");
$c_code = chkSql($c_code);
if ($c_type >= 16 && $c_type <= 18) {
$c_type = 16;
}
if (isN($c_name) || isN($c_content)) {
echo '请输入昵称和内容';
exit;
}
if ($MAC['other']['commentverify'] == 1 && $_SESSION["code_comment"] != $c_code) {
echo '验证码错误';
exit;
}
if (getTimeSpan("last_commenttime") < $MAC['other']['commenttime']) {
echo '请不要频繁操作';
exit;
}
