function parse() { if (isset($_SESSION['db_data']) || $_GET['action'] == 'resetpass' || $_GET['action'] == 'changemail' || $_GET['action'] == 'resetpassmail') { return get_parser(); } if (isset($_POST['usr_email'])) { return user_login(myfilter($_POST['usr_email'], 'user'), myfilter($_POST['password'], 'password'), myfilter($_POST['remember_me'], 'bool')); } if (isset($_COOKIE['cookie']['user']) && isset($_COOKIE['cookie']['pass'])) { return cookie_login(myfilter($_COOKIE['cookie']['user'], '_id'), myfilter($_COOKIE['cookie']['pass'], 'password')); } if (isset($_GET['action'])) { $_SESSION['get'] = $_GET; } return echo_front_page(); }
</script> </head> <body> <?php $sql = "select * from hy_category"; $rs = mysql_query($sql, $conn); while ($row = mysql_fetch_assoc($rs)) { $cate_array[$row['id']] = $row['name']; //set cate id(article fid) as cate name } $title = ''; //为了分页方便 $fid = 0; $p = 1; if (!empty($_GET["title"])) { $title = myfilter($_GET["title"], 3); } if (!empty($_GET["fid"])) { $fid = intval($_GET["fid"]); } if (!empty($_GET["p"])) { $p = intval($_GET["p"]); } if (!empty($_GET["title"]) && empty($fid)) { $cSql = "select id from hy_article where title like '%{$title}%'"; $pSql = "select * from hy_article where title like '%{$title}%'"; $condition = "标题中含有'{$title}'"; } if (empty($_GET["title"]) && !empty($fid)) { $cSql = "select id from hy_article where fid={$fid}"; $pSql = "select * from hy_article where fid={$fid}";
} else { msg($rs['errorMsg']); jump($_SERVER['HTTP_REFERER']); } } if (!empty($_POST["type"]) && $_POST["type"] == "file") { //file if ($_FILES["file"]["name"] == '') { msg('请上传文件!'); jump($_SERVER['HTTP_REFERER']); } if (empty($_POST["name"]) || empty($_POST['fid']) || !is_numeric($_POST["fid"])) { msg('请将信息填写完整'); jump($_SERVER['HTTP_REFERER']); } $name = myfilter($_POST["name"], 3); $fid = $_POST['fid']; $upload_time = date("Y-m-d H:i:s"); $rs = uploadFile("file"); if ($rs['error'] == 0) { $sql = "insert into hy_product_file(name,file,fid,upload_time)values('{$name}','{$rs["fileName"]}',{$fid},'{$upload_time}')"; if (mysql_query($sql, $conn)) { mysql_close($conn); msg("添加成功!"); jump("file_list.php?fid=" . $fid); //jump('product_succeed.php?fid='.$fid); } else { msg("失败了!"); exit(mysql_error()); mysql_close($conn); }
<?php header("Content-type: text/html; charset=utf-8"); include_once "inc/function.php"; if (empty($_POST) && empty($_GET)) { msg('Error:Invalid Request!'); if (!empty($_SERVER['HTTP_REFERER'])) { jump($_SERVER['HTTP_REFERER']); } else { jump("index.php"); } exit; } include_once "inc/config.php"; include_once "inc/conn.php"; $email = myfilter($_POST["email"], 3); $rule = "/^([a-zA-Z0-9]+[_|\\-|\\.]?)*[a-zA-Z0-9]+@([a-zA-Z0-9]+[_|\\-|\\.]?)*[a-zA-Z0-9]+\\.[a-zA-Z]{2,5}\$/"; $test = "*****@*****.**"; $result = preg_match($rule, $test); if (!$result) { msg("请输入正确的电子邮件地址"); if (!empty($_SERVER['HTTP_REFERER'])) { jump($_SERVER['HTTP_REFERER']); } else { jump("index.php"); } } $sql = "select id from hy_email where email='" . $email . "'"; $rs = mysql_query($sql, $conn); if (mysql_num_rows($rs) > 0) { msg("此电子邮件已存在");
if (mysql_query($sql, $conn)) { if ($is_newFile) { $file = "../uploads/" . getPath($_POST["old_file"], 'file'); @unlink($file); } msg("附件修改成功"); mysql_close($conn); jump("file_list.php?fid=" . $fid); } else { echo '附件修改失败!错误信息:'; exit(mysql_error()); } } if (!empty($_POST["type"]) && $_POST["type"] == "gbook") { //guest book $reply_content = myfilter($_POST["reply_content"], 3); $is_show = $_POST["is_show"]; $id = $_POST['id']; $replier = ''; $reply_time = ''; if (!empty($reply_content)) { $replier = $_SESSION["hy_uid"]; $reply_time = date("Y-m-d H:i:s"); } $sql = "update hy_guestbook set reply_content='{$reply_content}',is_show='{$is_show}',reply_time='{$reply_time}',replier={$replier} where id={$id}"; if (mysql_query($sql, $conn)) { jump("gbook_detail.php?id=" . $id); } else { exit(mysql_error()); } }
function html5_admin_bug($lang, $mod = null) { $conf = configurations(); global $text_cont; $id = myfilter($_GET['id'], '_id'); if (is_array($mod)) { return redirect($lang, '?action=' . $mod[0] . $mod[1] . '&mod=' . $mod[2]); } $content = html5_user_bug($lang, $mod); $status = getvalue(explode('">', getvalue(explode('<span class="status ', $content), 1)), 0); $content = explode('<span class="status ', $content); $content[1] = getvalue(explode($status . '</span>', $content[1]), 1); $html_var = '<form action="?action=editbug&id=' . $id . '" method="post"><select name="status">'; foreach ($conf['bugs'] as $key => $value) { foreach ($value as $svalue) { if ($status === $svalue) { $def = 'selected="selected"'; } else { $def = null; } $html_var .= '<option value="' . $svalue . '" ' . $def . '>' . $key . '/' . $svalue . '</option>'; } } $html_var .= '</select><input type="submit" value="' . $text_cont[18][$lang] . '" /></form>'; return $content[0] . $html_var . $content[1]; }
<?php require_once "inc/function.php"; if (empty($_GET["q"])) { header("Content-type: text/html; charset=utf-8"); msg("Invalid Argument!"); jump("index.php"); } require_once "inc/config.php"; require_once "inc/conn.php"; $q = myfilter($_GET["q"], 3); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>后羿科技</title> <link rel="stylesheet" type="text/css" href="css/reset.css"> <link rel="stylesheet" type="text/css" href="css/base.css"> <link rel="stylesheet" type="text/css" href="css/tipTip.css"> <link rel="stylesheet" type="text/css" href="css/short-code.css"> <link rel="stylesheet" type="text/css" href="css/prettyPhoto.css"> <link rel="stylesheet" type="text/css" href="css/css3.css"> <link rel="stylesheet" type="text/css" href="css/slider.css"> <link rel="stylesheet" type="text/css" href="css/font-awesome.min.css"> <link rel="stylesheet" type="text/css" href="css/footable.core.css?v=2-0-1"/> <script type="text/javascript" src="js/jquery-1.9.1.min.js"></script> <script type="text/javascript" src="js/jquery.nivo.slider.js"></script> <script type="text/javascript" src="js/cufon-yui.js"></script> <script type="text/javascript" src="js/TitilliumText.font.js"></script> <script type="text/javascript" src="js/scripts.js"></script> <script type="text/javascript" src="js/shortcode.js"></script>
<?php include_once "inc/function.php"; include_once "inc/config.php"; include_once "inc/conn.php"; $name = myfilter($_POST["name"], 3); $email = myfilter($_POST["email"], 3); $title = myfilter($_POST["title"], 3); $contents = myfilter($_POST["contents"], 3); $sql = "insert into hy_guestbook(name,email,title,contents,ip,create_time)values('" . $name . "','" . $email . "','" . $title . "','" . $contents . "','" . $_SERVER['REMOTE_ADDR'] . "','" . date('Y-m-d H:i:s') . "')"; if (mysql_query($sql, $conn)) { echo 'goal'; } else { exit(mysql_error()); } mysql_close($conn);
<h2><a href="article.php?fid=<?php echo $row["fid"]; ?> &id=<?php echo $row["id"]; ?> " class="first-word"><?php echo $row["title"]; ?> </a></h2> <div class="posts-info"><span class="date" title=""><?php echo $row['create_time']; ?> </span></div> <p><?php echo mb_substr(myfilter($row['contents'], 3), 0, 150, 'utf-8'); ?> ......</p> <a class="read-more-cn" href="article.php?fid=<?php echo $row["fid"]; ?> &id=<?php echo $row["id"]; ?> " title="Read more" target="_blank">Read more</a></div> </li> <?php } ?> </ul> <!--Pagination-->