function initCurrUpload($key, $value) { list($t, $i) = explode('_', $key); $arr = array('id' => intval($i), 'attname' => $t, 'name' => S::escapeChar($value['name']), 'size' => intval($value['size']), 'type' => 'zip', 'ifthumb' => 0, 'fileuploadurl' => ''); $arr['ext'] = strtolower(substr(strrchr($arr['name'], '.'), 1)); return $arr; }
function setData() { $bonus = S::escapeChar(S::getGP('bonus', 'P'), true); $ctype = S::escapeChar(S::getGP('ctype', 'P')); if (empty($bonus)) { $bonus = array(); $bonus['best'] = $this->b_val; $bonus['active'] = $this->a_val; } $bonus['best'] < $this->b_val && Showmsg('credit_limit'); $bonus['active'] < $this->a_val && Showmsg('credit_limit'); reset($this->allowcredit); if (!$ctype['best']) { $ctype['best'] = current($this->allowcredit); } if (!$ctype['active']) { $ctype['active'] = current($this->allowcredit); } if (!in_array($ctype['best'], $this->allowcredit) || !in_array($ctype['active'], $this->allowcredit)) { Showmsg('reward_credit_error'); } $this->data['cbtype'] = $ctype['best']; $this->data['catype'] = $ctype['active']; $this->data['cbval'] = $bonus['best']; $this->data['caval'] = $bonus['active']; }
function writetoollog($log) { global $db, $db_bbsurl; $log['type'] = getLangInfo('toollog', $log['type']); $log['filename'] = S::escapeChar($log['filename']); $log['username'] = S::escapeChar($log['username']); $log['descrip'] = S::escapeChar(getLangInfo('toollog', $log['descrip'], $log)); $db->update("INSERT INTO pw_toollog SET " . S::sqlSingle(array('type' => $log['type'], 'filename' => $log['filename'], 'nums' => $log['nums'], 'money' => $log['money'], 'descrip' => $log['descrip'], 'uid' => $log['uid'], 'touid' => $log['touid'], 'username' => $log['username'], 'ip' => $log['ip'], 'time' => $log['time']))); }
function writeforumlog($log) { $log['username1'] = S::escapeChar($log['username1']); $log['username2'] = S::escapeChar($log['username2']); $log['field1'] = S::escapeChar($log['field1']); $log['field2'] = S::escapeChar($log['field2']); $log['field3'] = S::escapeChar($log['field3']); $log['descrip'] = S::escapeChar(getLangInfo('log', $log['descrip'], $log)); $GLOBALS['db']->update("INSERT INTO pw_forumlog SET " . S::sqlSingle(array('type' => $log['type'], 'username1' => $log['username1'], 'username2' => $log['username2'], 'field1' => $log['field1'], 'field2' => $log['field2'], 'field3' => $log['field3'], 'descrip' => $log['descrip'], 'timestamp' => $log['timestamp'], 'ip' => $log['ip']), false)); }
function update($uploaddb) { global $db_charset; $this->transfer(); foreach ($uploaddb as $value) { $value['descrip'] = S::escapeChar(S::getGP('atc_desc' . $value['id'], 'P')); $value['name'] = stripslashes(pwConvert($value['name'], $db_charset, 'utf-8')); $this->attachs[] = $value; } return $uploaddb; }
function getBbsUrl() { global $pwServer, $db_dir; $dirstrpos = strpos($pwServer['PHP_SELF'], $db_dir); if ($dirstrpos !== false) { $tmp = substr($pwServer['PHP_SELF'], 0, $dirstrpos); $pwServer['PHP_SELF'] = "{$tmp}.php"; } else { $tmp = $pwServer['PHP_SELF']; } return S::escapeChar("http://" . $pwServer['HTTP_HOST'] . substr($tmp, 0, strrpos($tmp, '/'))); }
function publishTemplatizedAction($uid, $descrip, $appid) { //插入动态信息 global $timestamp; //$rt = $this->db->get_one("SELECT * FROM pw_userapp WHERE uid=".S::sqlEscape($uid)." AND appid=".S::sqlEscape($appid)); $appclient = L::loadClass('appclient'); $rt = $appclient->getUserAppByUidAndAppid($uid, $appid); if ($rt['allowfeed']) { $descrip = S::escapeChar($descrip); $this->db->update("INSERT INTO pw_feed SET " . S::sqlSingle(array('uid' => $uid, 'type' => 'app', 'descrip' => $descrip, 'timestamp' => $timestamp), false)); return new ApiResponse(true); } return new ApiResponse(false); }
function setCustomdata($customdata) { global $db_union; if (!is_array($db_union)) { $db_union = explode("\t", stripslashes($db_union)); } $custominfo = unserialize($db_union[7]); if ($custominfo && $customdata) { foreach ($customdata as $key => $val) { $key = S::escapeChar($key); $customdata[stripslashes($key)] = stripslashes($val); } $this->memberinfo['customdata'] = serialize($customdata); } }
function _setData() { $goodsname = S::escapeChar(S::getGP('goodsname')); $price = S::escapeChar(S::getGP('price')); $costprice = S::escapeChar(S::getGP('costprice')); $locus = S::escapeChar(S::getGP('locus')); $mailfee = S::escapeChar(S::getGP('mailfee')); $expressfee = S::escapeChar(S::getGP('expressfee')); $emsfee = S::escapeChar(S::getGP('emsfee')); $icon = S::escapeChar(S::getGP('attachment_1')); $degree = intval(S::getGP('degree')); $ptype = intval(S::getGP('ptype')); $goodsnum = intval(S::getGP('goodsnum')); $paymethod = S::escapeChar(S::getGP('paymethod'), 1); $transport = intval(S::getGP('transport')); !$goodsname && ($goodsname = S::escapeChar($_POST['atc_title'])); if (!is_numeric($costprice) || $costprice <= 0) { Showmsg('goods_setprice'); } $goodsnum < 1 && Showmsg('goods_num_error'); $paymethod && ($paymethod = array_sum($paymethod)); $paymethod < 1 && Showmsg('goods_pay_error'); !is_numeric($price) && ($price = 0); if ($transport) { !is_numeric($mailfee) && ($mailfee = 0); !is_numeric($expressfee) && ($expressfee = 0); !is_numeric($emsfee) && ($emsfee = 0); if (!$mailfee && !$expressfee && !$emsfee) { Showmsg('goods_logistics'); } } else { $mailfee = $expressfee = $emsfee = 0; } $goodsicon = ''; $this->data['name'] = $goodsname; $this->data['price'] = $price; $this->data['costprice'] = $costprice; $this->data['locus'] = $locus; $this->data['mailfee'] = $mailfee; $this->data['expressfee'] = $expressfee; $this->data['emsfee'] = $emsfee; $this->data['degree'] = $degree; $this->data['type'] = $ptype; $this->data['num'] = $goodsnum; $this->data['paymethod'] = $paymethod; $this->data['transport'] = $transport; $icon && ($this->data['icon'] = $icon); }
function add($uid, $appid, $appname, $allowfeed, $descrip) { global $timestamp; /* $this->db->update("REPLACE INTO pw_userapp SET " . S::sqlSingle(array( 'uid' => $uid, 'appid' => $appid, 'appname' => $appname, ))); */ pwQuery::replace('pw_userapp', array('uid' => $uid, 'appid' => $appid, 'appname' => $appname)); if ($allowfeed) { $descrip = S::escapeChar($descrip); $this->db->update("INSERT INTO pw_feed SET " . S::sqlSingle(array('uid' => $uid, 'type' => 'app', 'descrip' => $descrip, 'timestamp' => $timestamp), false)); } return new ApiResponse(true); }
/** * 以某个用户的身份给另一个用户发送短消息 * @param int $userId 发送者uid * @param string $receiver 接受者用户名 * @param string $subject 标题 * @param string $content 内容 * return bool */ function sendMessage($userId, $receiver, $subject, $content) { global $winddb, $winduid, $windid, $groupid, $_G, $SYSTEM; $userService = $this->_getUserService(); $winddb = $userService->get($userId, true, true); $winduid = $winddb['uid']; $groupid = $winddb['groupid']; $windid = $winddb['username']; $groupid == '-1' && ($groupid = $winddb['memberid']); if (file_exists(D_P . "data/groupdb/group_{$groupid}.php")) { extract(pwCache::getData(S::escapePath(D_P . "data/groupdb/group_{$groupid}.php", false))); } else { extract(pwCache::getData(D_P . 'data/groupdb/group_1.php', false)); } M::sendMessage($userId, array($receiver), array('create_uid' => $winduid, 'create_username' => $windid, 'title' => S::escapeChar(stripslashes($subject)), 'content' => S::escapeChar(stripslashes($content)))); return new ApiResponse(true); }
function _setData() { $this->data['subject'] = S::escapeChar(S::getGP('act_subject', 'P')); $this->data['location'] = S::escapeChar(S::getGP('act_location', 'P')); $this->data['sexneed'] = intval(S::getGP('act_sex')); $act_starttime = S::escapeChar(S::getGP('act_starttime')); $act_deadline = S::escapeChar(S::getGP('act_deadline')); $act_endtime = S::escapeChar(S::getGP('act_endtime')); $act_num = intval(S::getGP('act_num')); $act_costs = intval(S::getGP('act_costs')); !($this->data['subject'] && $act_starttime && $act_deadline) && Showmsg('active_data_empty'); $act_starttime = PwStrtoTime($act_starttime); $act_endtime = PwStrtoTime($act_endtime); $act_deadline = PwStrtoTime($act_deadline); $act_num < 1 && ($act_num = 0); $act_costs < 1 && ($act_costs = 0); $this->data['starttime'] = $act_starttime; $this->data['deadline'] = $act_deadline; $this->data['endtime'] = $act_endtime; $this->data['num'] = $act_num; $this->data['costs'] = $act_costs; }
function PW_Appclient() { global $db_siteappkey, $timestamp, $db_sitehash, $db_siteownerid, $db_siteid, $db_charset, $db_appifopen, $pwServer, $db_server_url, $db_bbsname; $db_bbsurl = S::escapeChar("http://" . $pwServer['HTTP_HOST'] . substr($pwServer['PHP_SELF'], 0, strrpos($pwServer['PHP_SELF'], '/'))); if (!file_exists(D_P . "data/bbscache/forum_appinfo.php")) { require_once R_P . "admin/cache.php"; updatecache_f(); } //* @include_once pwCache::getPath(D_P . "data/bbscache/forum_appinfo.php"); extract(pwCache::getData(D_P . "data/bbscache/forum_appinfo.php", false)); $this->_db = $GLOBALS['db']; $this->appkey = $db_siteappkey; $this->timestamp = $timestamp; $this->siteid = $db_siteid; $this->siteownerid = $db_siteownerid; $this->sitehash = $db_sitehash; $this->bbsname = $db_bbsname; $this->bbsurl = $db_bbsurl; $this->charset = $db_charset; $this->appifopen = $db_appifopen; $this->server_url = $db_server_url; $this->appinfo = $forum_appinfo; }
function _setData() { global $timestamp; $endtime = S::escapeChar(S::getGP('endtime')); $obtitle = S::escapeChar(S::getGP('obtitle')); $retitle = S::escapeChar(S::getGP('retitle')); $umpire = S::escapeChar(S::getGP('umpire')); $endtime = PwStrtoTime($endtime); $endtime < $timestamp && Showmsg('debate_time'); if (empty($obtitle) || empty($retitle)) { Showmsg('debate_notitle'); } elseif (strlen($obtitle) > 255 || strlen($retitle) > 255) { Showmsg('debate_titlelen'); } if ($umpire) { $umpireuid = $this->db->get_value("SELECT uid FROM pw_members WHERE username=" . S::sqlEscape($umpire)); empty($umpireuid) && Showmsg('debate_noumpire'); } $this->data['endtime'] = $endtime; $this->data['obtitle'] = $obtitle; $this->data['retitle'] = $retitle; $this->data['umpire'] = $umpire; $this->data['postdate'] = $timestamp; }
function setDataAlipay($uid, $tableName, $fieldName, $required = false) { if (!$this->memberData[$uid][$tableName]['tradeinfo']) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $userInfo = $userService->get($uid, true, false, true); if (!$userInfo) { return false; } $this->memberData[$uid][$tableName]['tradeinfo'] = $userInfo['tradeinfo']; } $tradeInfo = @(array) unserialize($userInfo['tradeinfo']); $tradeInfo[$fieldName] = S::escapeChar(S::getGP($fieldName, 'P')); if (!$required && !$tradeInfo[$fieldName] || $tradeInfo[$fieldName] && $this->checkAlipay($tradeInfo[$fieldName]) === true) { $this->memberData[$uid][$tableName]['tradeinfo'] = serialize($tradeInfo); return true; } else { return false; } }
<?php !function_exists('readover') && exit('Forbidden'); $cachefile = D_P . 'data/bbscache/brith_cache.php'; if ((!file_exists($cachefile) || pwFilemtime($cachefile) <= $tdtime) && procLock('birth')) { list($nyear, $nmonth, $nday) = explode('-', get_date($timestamp, 'Y-n-j')); $birthnum = 0; $query = $db->query("SELECT username,bday,gender FROM pw_members WHERE MONTH(bday)=" . S::sqlEscape($nmonth) . " AND DAYOFMONTH(bday)=" . S::sqlEscape($nday) . " LIMIT 200"); while ($rt = $db->fetch_array($query)) { $birthnum++; if ($rt['gender'] == 1) { $rt['gender'] = getLangInfo('other', 'men'); } elseif ($rt['gender'] == 2) { $rt['gender'] = getLangInfo('other', 'women'); } else { $rt['gender'] = ''; } $rt['username'] = S::escapeChar($rt['username']); $rt['age'] = $nyear - substr($rt['bday'], 0, strpos($rt['bday'], '-')); $brithcache .= ' <span><a target="_blank" class=" _cardshow" data-card-url="pw_ajax.php?action=smallcard&type=showcard&username='******'" data-card-key=' . $rt[username] . ' href="u.php?username='******'username']) . "\" title=\"{$rt['username']}{$rt['gender']}" . getLangInfo('other', 'indexbirth', array('age' => $rt['age'])) . "\">{$rt['username']}</a></span>"; } pwCache::writeover($cachefile, "<?php\r\n\$birthnum=" . pw_var_export($birthnum) . ";\r\n\$brithcache=" . pw_var_export($brithcache) . ";\r\n?>"); procUnLock('birth'); } else { include_once $cachefile; } $db_bdayautohide && !$brithcache && ($brithcache = 'empty');
$count = $db->get_value("SELECT COUNT(*) AS count FROM temp"); } (!is_numeric($page) || $page < 1) && ($page = 1); $pages = numofpage($count, $page, ceil($count / $db_perpage), "{$basename}&action={$action}&{$pageurl}"); $limit = S::sqlLimit(($page - 1) * $db_perpage, $db_perpage); $query = $db->query("SELECT fid,gid FROM pw_permission WHERE {$sql} GROUP BY fid,gid {$limit}"); while ($rd = $db->fetch_array($query)) { $g_d[] = $rd; } $jschk = ($fid || $gid) && $pages ? 'true' : 'false'; include PrintEot('singleright'); exit; } elseif ($action == 'setright') { //单用户权限设置 S::gp(array('uid', 'gid', 'fid'), 'GP', 2); $pwuser = S::escapeChar(S::getGP('pwuser')); $jumpurl = "{$basename}&action={$job}"; $f = $db->get_one("SELECT name,type FROM pw_forums WHERE fid=" . S::sqlEscape($fid)); empty($f) && adminmsg('undefined_action', $jumpurl); //* include_once pwCache::getPath(D_P.'data/bbscache/forumcache.php'); pwCache::getData(D_P . 'data/bbscache/forumcache.php'); list($hidefid, $hideforum) = GetHiddenForum(); $forumcache .= $hideforum; $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ if (empty($_POST['step'])) { if ($job == 'user') { if ($pwuser) { //add $rt = $userService->getByUserName($pwuser); if (empty($rt)) {
Showmsg('colony_manager'); } $rt['ifadmin'] != -1 && $trueMemberCount++; $toUsers[] = $rt['username']; } //* $db->update("DELETE FROM pw_cmembers WHERE colonyid=" . S::sqlEscape($cyid) . " AND uid IN(" . S::sqlImplode($selid) . ")"); pwQuery::delete('pw_cmembers', 'colonyid=:colonyid AND uid IN (:uid)', array($cyid, $selid)); $newColony->updateInfoCount(array('members' => -$trueMemberCount)); $colony['members'] -= $trueMemberCount; updateGroupLevel($colony['id'], $colony); break; default: Showmsg('undefined_action'); } if ($toUsers) { M::sendNotice($toUsers, array('title' => getLangInfo('writemsg', 'o_' . $operateStep . '_title', array('cname' => S::escapeChar($colony['cname']))), 'content' => getLangInfo('writemsg', 'o_' . $operateStep . '_content', array('cname' => S::escapeChar($colony['cname']), 'curl' => "{$db_bbsurl}/{$basename}cyid={$cyid}")))); } refreshto("{$basename}", 'operate_success'); } } elseif ($a == 'fanoutmsg') { define('AJAX', 1); !$ifadmin && Showmsg('undefined_action'); if (empty($_POST['step'])) { S::gp(array('selid', 'group'), null, 2); $uids = $usernames = array(); if ($selid) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ foreach ($userService->getByUserIds($selid) as $rt) { $uids[] = $rt['uid']; $usernames[] = $rt['username'];
Showmsg('请选择分类!'); } if (empty($o_style_relation[$firstgradestyle])) { $styleid = $firstgradestyle; } else { !in_array($secondgradestyle, $o_style_relation[$firstgradestyle]) && Showmsg('请选择二级分类!'); $styleid = $secondgradestyle; } } strlen($annouce) > 50000 && Showmsg('colony_annoucelimit'); $annouce = explode("\n", $annouce, 5); end($annouce); $annouce[key($annouce)] = str_replace(array("\r", "\n"), '', current($annouce)); $annouce = implode("\r\n", $annouce); S::gp(array('title1', 'title2', 'title3', 'title4')); $titlefont = S::escapeChar("{$title1}~{$title2}~{$title3}~{$title4}~{$title5}~{$title6}~"); $pwSQL = array('cname' => $cname, 'styleid' => $styleid, 'descrip' => $descrip, 'annouce' => $annouce, 'titlefont' => $titlefont); require_once R_P . 'require/functions.php'; require_once A_P . 'groups/lib/imgupload.class.php'; if (empty($q_1)) { $img = new CnimgUpload($cyid); PwUpload::upload($img); pwFtpClose($ftp); if ($cnimg = $img->getImgUrl()) { $pwSQL['cnimg'] = substr(strrchr($cnimg, '/'), 1); } } else { $pwSQL['cnimg'] = ''; } if (empty($q_2)) { $banner = new BannerUpload($cyid);
if ($count > ($step * $percount)) { $step++; $j_url = "$basename&action=$action&step=$step&subject=" . rawurlencode($subject) . "&by=$by"; adminmsg("sendmsg_step", EncodeUrl($j_url), 1); } else { P_unlink($cache_file); adminmsg('sendmsg_success'); }*/ } elseif ($by == 3) { //增加按用户发送@modify panjl@2010-11-3 !$touser && adminmsg('operate_error'); if (empty($subject) || empty($atc_content)) { adminmsg('sendmsg_empty'); } $subject = S::escapeChar($subject); $sendmessage = S::escapeChar($atc_content); $userService = L::loadClass('UserService', 'user'); $to_a_temp = explode(',', $touser); $to_a = array(); $to_a_err = array(); foreach ($to_a_temp as $value) { $flag = $userService->isExistByUserName($value); if (true === $flag) { array_push($to_a, $value); } else { array_push($to_a_err, $value); } } $to_a && ($sqlwhere = "username IN(" . S::sqlImplode($to_a) . ")"); $count = count($to_a); if ($sqlwhere) {
} $config['groups_creditlog'] = is_array($creditlog) && !empty($creditlog) ? $creditlog : array(); foreach ($config as $key => $value) { setConfig("o_{$key}", $value, null, true); } updatecache_conf('o', true); adminmsg('operate_success', $j_url); } } elseif ($action == 'setting') { !is_array($config = $_POST['config']) && ($config = array()); foreach ($config as $key => $value) { if ($value) { $isint = false; if ($_POST['step'] == 'basic') { if ($key == 'name' || $key == 'moneytype') { $config[$key] = S::escapeChar($value); } elseif ($key == 'rate') { $config[$key] = (double) $value; } else { $isint = true; } } else { $isint = true; } $isint && ($config[$key] = (int) $value); } } if ($_POST['step'] == 'basic') { !is_array($groups = $_POST['groups']) && ($groups = array()); $config['groups'] = ',' . implode(',', $groups) . ','; }
!defined('P_W') && exit('Forbidden'); $db_mode = 'area'; define('M_P', R_P . "mode/{$db_mode}/"); $m = $db_mode; $db_modepages = $db_modepages[$db_mode]; $channelImagePath = 'mode/area/images'; $pwModeCss = 'mode/area/images/area_read_style.css'; $searchadd = $thread_children = $thread_online = $fastpost = $updatetop = $urladd = ''; wind_forumcheck($foruminfo); $forumname = strip_tags($foruminfo['name']); list($guidename, $forumtitle) = $pwforum->getTitle(); //list($guidename,$forumtitle) = getforumtitle(forumindex($foruminfo['fup'],1)); $db_metakeyword = trim(str_replace(array('|', ' - ', ' ', ',, ', ', , '), ', ', $forumtitle), ', '); $foruminfo['keywords'] && ($db_metakeyword = $foruminfo['keywords'] . ',' . $db_metakeyword); if ($foruminfo['descrip']) { $db_metadescrip = S::escapeChar(strip_tags($foruminfo['descrip'])); $db_metadescrip = $db_bbsname . ',' . str_replace(array("\n", ' ', '&', '<', '>'), '', $db_metadescrip); } $toptids = $foruminfo['topthreads']; $pwSystem = array(); $isGM = $isBM = $admincheck = $ajaxcheck = $managecheck = $pwAnonyHide = $pwPostHide = $pwSellHide = $pwEncodeHide = 0; if ($groupid != 'guest') { $isGM = S::inArray($windid, $manager); $isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid); $admincheck = $isGM || $isBM ? 1 : 0; if (!$isGM) { $pwSystem = pwRights($isBM); if ($pwSystem && ($pwSystem['tpccheck'] || $pwSystem['digestadmin'] || $pwSystem['lockadmin'] || $pwSystem['pushadmin'] || $pwSystem['coloradmin'] || $pwSystem['downadmin'] || $pwSystem['delatc'] || $pwSystem['moveatc'] || $pwSystem['copyatc'] || $pwSystem['topped'] || $pwSystem['unite'] || $pwSystem['tpctype'])) { //system rights $managecheck = 1; }
<?php !defined('P_W') && exit('Forbidden'); require_once R_P . 'require/bbscode.php'; S::gp(array('pcid', 'modelid'), 'P', 2); $fielddb = array(); $data = array(); $atc_content = S::escapeChar(stripslashes(S::getGP('atc_content', 'P'))); $pcinfo = S::escapeChar(stripslashes(S::getGP('pcinfo', 'P'))); if ($modelid > 0) { $query = $db->query("SELECT fieldid,fieldname FROM pw_topicfield WHERE modelid=" . S::sqlEscape($modelid)); while ($rt = $db->fetch_array($query)) { $fielddb[$rt['fieldid']] = $rt['fieldname']; } $pcdb = getPcviewdata($pcinfo, 'topic'); L::loadClass('posttopic', 'forum', false); $postTopic = new postTopic($data); $topicvalue = $postTopic->getTopicvalue($modelid, $pcdb); } elseif ($pcid > 0) { $query = $db->query("SELECT fieldid,fieldname FROM pw_pcfield WHERE pcid=" . S::sqlEscape($pcid)); while ($rt = $db->fetch_array($query)) { $fielddb[$rt['fieldname']] = $rt['fieldid']; } $pcdb = getPcviewdata($pcinfo, 'postcate'); L::loadClass('postcate', 'forum', false); $postCate = new postCate($data); list(, $topicvalue) = $postCate->getCatevalue($pcid, $pcdb); } $atc_content = wordsConvert($atc_content); $atc_content = convert($atc_content, $db_windpost); $preatc = str_replace("\n", "<br>", $atc_content);
$db->update(pwQuery::buildClause("UPDATE :pw_table SET article=article+:article,subtopic=subtopic+:subtopic WHERE fid=:fid", array('pw_forumdata', $article, $topic, $fup))); } } elseif ($type == 'category') { $topic = $article = 0; } $lt = $db->get_one("SELECT tid,author,postdate,lastpost,lastposter,subject FROM pw_threads WHERE fid=" . S::sqlEscape($fid) . "AND specialsort=0 AND ifcheck=1 AND lastpost>0 ORDER BY lastpost DESC LIMIT 0,1"); if ($lt['tid']) { $lt['subject'] = substrs($lt['subject'], 21); if ($lt['postdate'] != $lt['lastpost']) { $lt['subject'] = 'Re:' . $lt['subject']; $add = '&page=e#a'; } $toread = $cms ? '&toread=1' : ''; $htmurl = $db_readdir . '/' . $fid . '/' . date('ym', $lt['postdate']) . '/' . $lt['tid'] . '.html'; $new_url = file_exists(R_P . $htmurl) && $allowhtm == 1 && !$cms ? "{$R_url}/{$htmurl}" : "read.php?tid={$lt['tid']}{$toread}{$add}"; $lastinfo = addslashes(S::escapeChar($lt['subject']) . "\t" . $lt['lastposter'] . "\t" . $lt['lastpost'] . "\t" . $new_url); } else { $lastinfo = ''; } //* $db->update("UPDATE pw_forumdata SET topic=".S::sqlEscape($topic).',article=article+'.S::sqlEscape($article).',lastpost='.S::sqlEscape($lastinfo).' WHERE fid='.S::sqlEscape($fid)); $db->update(pwQuery::buildClause("UPDATE :pw_table SET topic=:topic, article=article+:article,lastpost=:lastpost WHERE fid=:fid", array('pw_forumdata', $topic, $article, $lastinfo, $fid))); } if ($goon) { adminmsg('updatecache_step', EncodeUrl($j_url)); } else { adminmsg('operate_success'); } } elseif ($action == 'thread') { $pwServer['REQUEST_METHOD'] != 'POST' && PostCheck($verify); S::gp(array('step', 'percount')); !$step && ($step = 1);
function checkdata() { $this->data['title'] = S::escapeChar($this->data['title']); //$this->data['ifwordsfb'] = $this->wordsfb->ifwordsfb(stripslashes($this->data['content'])); if ($this->data['convert']) { $this->data['content'] = $this->html_check($this->data['content']); $this->windcodeCheck(); } else { $this->data['convert'] = 1; } if ($this->data['ifsign'] < 2) { $this->data['content'] = S::escapeChar($this->data['content']); } else { $this->data['content'] = preg_replace(array("/<script.*>.*<\\/script>/is", "/<(([^\"']|\"[^\"]*\"|'[^']*')*?)>/eis", "/javascript/i", "/<iframe[^>]*>.*<\\/iframe>/is"), array("", "\$this->jscv('\\1')", "java script", ''), str_replace('.', '.', $this->data['content'])); } //$this->setIfcheck(); $this->wordFilter(); $this->checkLinks(); $this->setAttachs(); }
require_once R_P . 'require/credit.php'; $creditset = $db->get_value("SELECT creditset FROM pw_forumsextra WHERE fid=" . S::sqlEscape($fid)); $creditset = $creditset ? unserialize($creditset) : array(); } $ajaxurl = EncodeUrl($basename); include PrintEot('setforum'); exit; } elseif ($_POST['step'] == 2) { $forum = $db->get_one("SELECT type,fup,forumadmin,logo FROM pw_forums WHERE fid=" . S::sqlEscape($fid)); S::gp(array('name', 'descrip', 'metadescrip'), 'P', 0); S::gp(array('vieworder', 'dirname', 'style', 'across', 'keywords', 'c_type'), 'P'); Cookie('thisPWTabs', $c_type, 'F', false); $name = str_replace('<iframe', '<iframe', $name); $descrip = str_replace('<iframe', '<iframe', $descrip); $metadescrip = str_replace('<iframe', '<iframe', $metadescrip); $keywords = S::escapeChar($keywords); //去掉版块简介字数限制@modify panjl@2010-11-2 //strlen($descrip)>250 && adminmsg('descrip_long'); strlen($metadescrip) > 250 && adminmsg('descrip_long', $basename . $c_type . '&action=edit&fid=' . $fid); if ($forum['type'] == 'category') { /* $db->update("UPDATE pw_forums SET " . S::sqlSingle(array( 'name' => $name, 'vieworder' => $vieworder, 'dirname' => $dirname, 'style' => $style, 'across' => $across, 'cms' => $cms )) . " WHERE fid=".S::sqlEscape($fid)); */ pwQuery::update('pw_forums', 'fid=:fid', array($fid), array('name' => $name, 'vieworder' => $vieworder, 'dirname' => $dirname, 'style' => $style, 'across' => $across, 'cms' => $cms));
/** * 记录积分日志 * * @param string $logtype 日志类型 * @param array $setv 积分值 array('money' => ??, 'rvrc' => ??, ...) * @param array $log 日志信息描述 */ function addLog($logtype, $setv, $log) { global $db_ifcredit, $timestamp; $credit_pop = ''; $uid = $log['uid']; foreach ($setv as $key => $affect) { if (isset($this->cType[$key]) && $affect != 0 && $this->_checkLogSet($logtype, $key)) { $log['username'] = S::escapeChar($log['username']); $log['cname'] = $this->cType[$key]; $log['affect'] = $affect; $log['affect'] > 0 && ($log['affect'] = '+' . $log['affect']); $log['descrip'] = S::escapeChar(strip_tags(getLangInfo('creditlog', $logtype, $log))); $credit_pop .= $key . ":" . $log['affect'] . '|'; $this->cLog[] = array($log['uid'], $log['username'], $key, $affect, $timestamp, $logtype, $log['ip'], $log['descrip']); } } if ($db_ifcredit && $credit_pop) { //Credit Changes Tips $credit_pop = $logtype . '|' . $credit_pop; $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $userService->update($uid, array(), array('creditpop' => $credit_pop)); } }
function addLog($creditlog, $username, $uid, $logtype) { global $db, $creditset, $credit, $timestamp, $db_ifcredit, $onlineip; $credit_pop = ''; $cLog = array(); empty($creditset) && ($creditset = array()); foreach ($creditset as $key => $affect) { if (isset($credit->cType[$key]) && $affect != 0 && isset($creditlog[$key])) { $log['username'] = S::escapeChar($username); $log['cname'] = $credit->cType[$key]; $log['affect'] = $affect; $log['affect'] > 0 && ($log['affect'] = '+' . $log['affect']); $log['descrip'] = S::escapeChar(getLangInfo('creditlog', $logtype, $log)); $credit_pop .= $key . ":" . $log['affect'] . '|'; $cLog[] = array($uid, $log['username'], $key, $affect, $timestamp, $logtype, $onlineip, $log['descrip']); } } if ($db_ifcredit && $credit_pop) { //Credit Changes Tips $credit_pop = $logtype . '|' . $credit_pop; $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $userService->update($uid, array(), array('creditpop' => $credit_pop)); } if (!empty($cLog)) { $db->update("INSERT INTO pw_creditlog (uid,username,ctype,affect,adddate,logtype,ip,descrip) VALUES " . S::sqlMulti($cLog, false)); } $cLog = array(); }
if ($read['pid']) { $threadService = L::loadClass('threads', 'forum'); $atData = $threadService->getAtUsers($tid, array($read['pid'])); $read['atusers'] = $atData[$read['pid']]; } if (is_numeric($winduid) && strlen($windpwd) >= 16) { $winddb = User_info(); list($winduid, $groupid, $userrvrc, $windid, $_datefm, $_timedf, $credit_pop) = array($winddb['uid'], $winddb['groupid'], floor($winddb['rvrc'] / 10), $winddb['username'], $winddb['datefm'], $winddb['timedf'], $winddb['creditpop']); if ($credit_pop && $db_ifcredit) { //Credit Changes Tips $credit_pop = str_replace(array('<', '"', '>'), array('<', '"', '>'), $credit_pop); list($tmpCreditPop, $creditOuterData) = array('', array()); $creditOuterData = explode(',', $credit_pop); foreach ($creditOuterData as $value) { $creditdb = explode('|', $value); $tmpCreditPop .= ($tmpCreditPop ? '<br/>' : '') . S::escapeChar(GetCreditLang('creditpop', $creditdb['0'])); unset($creditdb['0']); foreach ($creditdb as $val) { list($credit_1, $credit_2) = explode(':', $val); $tmpCreditPop .= '<span class="st2">' . pwCreditNames($credit_1) . ' <span class="f24">' . $credit_2 . '</span></span>'; } } $credit_pop = $tmpCreditPop; $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $userService->update($winduid, array(), array('creditpop' => '')); } } $db_ifcredit && $credit_pop && (require PrintEot('credit_pop')); require_once PrintEot('read_addfloor'); // $output = ob_get_contents();
} require_once PrintEot('forumcp'); footer(); } elseif ($type == 'addmsg') { if (empty($_POST['step'])) { $adminname = explode(',', trim($forums['forumadmin'], ',')); require_once PrintEot('forumcp'); footer(); } else { PostCheck(); !$fid && Showmsg('annouce_fid'); S::gp(array('msgtype', 'toname', 'savetime'), 'P'); !$msgtype && !$toname && Showmsg('forummsg_object'); $msgtype == 1 ? $toname = '' : ($msgtype = 2); $savetime = $timestamp + (intval($savetime) > 0 ? intval($savetime) : 30) * 86400; $message = trim(S::escapeChar($_POST['message'])); !$message && Showmsg('forummsg_content'); $toname = "," . implode(',', $toname) . ","; $pwSQL = S::sqlSingle(array('fid' => $fid, 'uid' => $winduid, 'username' => $windid, 'toname' => $toname, 'msgtype' => $msgtype, 'posttime' => $timestamp, 'savetime' => $savetime, 'message' => $message)); $db->update("INSERT INTO pw_forummsg SET {$pwSQL}"); refreshto("forumcp.php?action=edit&type=msg&fid={$fid}", 'operate_success'); } } } elseif ($action == 'del') { PostCheck(); S::gp(array('selid', 'type')); $selids = array(); foreach ($selid as $key => $value) { is_numeric($value) && ($selids[] = $value); } if ($selids) {