function SendAppmsg($toname, $fromname, $subject, $content) { $msg = array('toUser' => $toname, 'fromUid' => '-1', 'fromUser' => $fromname, 'subject' => Char_cv(stripslashes($subject)), 'content' => Char_cv(stripslashes($content))); require_once R_P . 'require/msg.php'; pwSendMsg($msg); return new ApiResponse(true); }
function initCurrUpload($key, $value) { list($t, $i) = explode('_', $key); $arr = array('id' => intval($i), 'attname' => $t, 'name' => Char_cv($value['name']), 'size' => intval($value['size']), 'type' => 'zip', 'ifthumb' => 0, 'fileuploadurl' => ''); $arr['ext'] = strtolower(substr(strrchr($arr['name'], '.'), 1)); return $arr; }
function PW_Appclient() { global $db_siteappkey, $timestamp, $db_sitehash, $db_siteownerid, $db_siteid, $db_bbsurl, $db_charset, $db_appifopen, $db_appbbs, $db_appo, $pwServer; $db_bbsurl = Char_cv("http://" . $pwServer['HTTP_HOST'] . substr($pwServer['PHP_SELF'], 0, strrpos($pwServer['PHP_SELF'], '/'))); if (!file_exists(D_P . "data/bbscache/forum_appinfo.php")) { require_once R_P . "admin/cache.php"; updatecache_f(); } @(include_once D_P . "data/bbscache/forum_appinfo.php"); $this->_db = $GLOBALS['db']; $this->appkey = $db_siteappkey; $this->timestamp = time(); $this->sitehash = $db_sitehash; $this->siteownerid = $db_siteownerid; $this->siteid = $db_siteid; $this->bbsurl = $db_bbsurl; $this->charset = $db_charset; $this->appifopen = $db_appifopen; $this->appbbs = $db_appbbs; $this->appo = $db_appo; $this->_appsdb = array(); $this->_app_array = array(); $this->_appslist = $this->getApplist(); $this->appinfo = $forum_appinfo; }
function reply($mid, $subject, $message) { global $_USERS; $mid = GetNum($mid); $temparray = $this->getone($mid); $addarray = array('fromuid' => $_USERS['uid'], 'fromuname' => $_USERS['uname'], 'touid' => $temparray['fromuid'], 'touname' => $temparray['fromuname'], 'type' => 2, 'subject' => Char_cv($subject), 'sendtime' => time(), 'writetime' => time(), 'hasview' => 0, 'isadmin' => 0, 'message' => Char_cv($message)); return $this->add($addarray); }
function writetoollog($log) { global $db, $db_bbsurl; $log['type'] = getLangInfo('toollog', $log['type']); $log['filename'] = Char_cv($log['filename']); $log['username'] = Char_cv($log['username']); $log['descrip'] = Char_cv(getLangInfo('toollog', $log['descrip'], $log)); $db->update("INSERT INTO pw_toollog SET " . pwSqlSingle(array('type' => $log['type'], 'filename' => $log['filename'], 'nums' => $log['nums'], 'money' => $log['money'], 'descrip' => $log['descrip'], 'uid' => $log['uid'], 'touid' => $log['touid'], 'username' => $log['username'], 'ip' => $log['ip'], 'time' => $log['time']))); }
function add($uid, $appid, $appname, $allowfeed, $descrip) { global $timestamp; $this->db->query_unbuffered("REPLACE INTO " . UC_DBTABLEPRE . "userapp SET " . pwSqlSingle(array('uid' => $uid, 'appid' => $appid, 'appname' => $appname, 'allowfeed' => $allowfeed))); if ($allowfeed) { $descrip = Char_cv($descrip); $this->db->query_unbuffered("INSERT INTO " . UC_DBTABLEPRE . "feed SET " . pwSqlSingle(array('uid' => $uid, 'type' => 'app', 'descrip' => $descrip, 'timestamp' => $timestamp), false)); } return new ApiResponse(true); }
function writeforumlog($log) { $log['username1'] = Char_cv($log['username1']); $log['username2'] = Char_cv($log['username2']); $log['field1'] = Char_cv($log['field1']); $log['field2'] = Char_cv($log['field2']); $log['field3'] = Char_cv($log['field3']); $log['descrip'] = Char_cv(getLangInfo('log', $log['descrip'], $log)); $GLOBALS['db']->update("INSERT INTO pw_forumlog SET " . pwSqlSingle(array('type' => $log['type'], 'username1' => $log['username1'], 'username2' => $log['username2'], 'field1' => $log['field1'], 'field2' => $log['field2'], 'field3' => $log['field3'], 'descrip' => $log['descrip'], 'timestamp' => $log['timestamp'], 'ip' => $log['ip']), false)); }
function publishTemplatizedAction($uid, $descrip, $appid) { //插入动态信息 global $timestamp; $rt = $this->db->get_one("SELECT allowfeed FROM pw_userapp WHERE uid=" . pwEscape($uid) . " AND appid=" . pwEscape($appid)); if ($rt['allowfeed']) { $descrip = Char_cv($descrip); $this->db->update("INSERT INTO pw_feed SET " . pwSqlSingle(array('uid' => $uid, 'type' => 'app', 'descrip' => $descrip, 'timestamp' => $timestamp), false)); return new ApiResponse(true); } return new ApiResponse(false); }
function setCustomdata($customdata) { global $db_union; if (!is_array($db_union)) { $db_union = explode("\t", stripslashes($db_union)); } $custominfo = unserialize($db_union[7]); if ($custominfo && $customdata) { foreach ($customdata as $key => $val) { $key = Char_cv($key); $customdata[stripslashes($key)] = stripslashes($val); } $this->memberinfo['customdata'] = serialize($customdata); } }
function _setData() { $goodsname = Char_cv(GetGP('goodsname')); $price = Char_cv(GetGP('price')); $costprice = Char_cv(GetGP('costprice')); $locus = Char_cv(GetGP('locus')); $mailfee = Char_cv(GetGP('mailfee')); $expressfee = Char_cv(GetGP('expressfee')); $emsfee = Char_cv(GetGP('emsfee')); $degree = intval(GetGP('degree')); $ptype = intval(GetGP('ptype')); $goodsnum = intval(GetGP('goodsnum')); $paymethod = Char_cv(GetGP('paymethod'), 1); $transport = intval(GetGP('transport')); !$goodsname && ($goodsname = Char_cv($_POST['atc_title'])); if (!is_numeric($costprice) || $costprice <= 0) { Showmsg('goods_setprice'); } $goodsnum < 1 && Showmsg('goods_num_error'); $paymethod && ($paymethod = array_sum($paymethod)); $paymethod < 1 && Showmsg('goods_pay_error'); !is_numeric($price) && ($price = 0); if ($transport) { !is_numeric($mailfee) && ($mailfee = 0); !is_numeric($expressfee) && ($expressfee = 0); !is_numeric($emsfee) && ($emsfee = 0); if (!$mailfee && !$expressfee && !$emsfee) { Showmsg('goods_logistics'); } } else { $mailfee = $expressfee = $emsfee = 0; } $goodsicon = ''; $this->data['name'] = $goodsname; $this->data['price'] = $price; $this->data['costprice'] = $costprice; $this->data['locus'] = $locus; $this->data['mailfee'] = $mailfee; $this->data['expressfee'] = $expressfee; $this->data['emsfee'] = $emsfee; $this->data['degree'] = $degree; $this->data['type'] = $ptype; $this->data['num'] = $goodsnum; $this->data['paymethod'] = $paymethod; $this->data['transport'] = $transport; }
function setData() { $bonus = Char_cv(GetGP('bonus', 'P'), true); $ctype = Char_cv(GetGP('ctype', 'P')); $bonus['best'] < $this->b_val && Showmsg('credit_limit'); $bonus['active'] < $this->a_val && Showmsg('credit_limit'); reset($this->allowcredit); if (!$ctype['best']) { $ctype['best'] = current($this->allowcredit); } if (!$ctype['active']) { $ctype['active'] = current($this->allowcredit); } if (!in_array($ctype['best'], $this->allowcredit) || !in_array($ctype['active'], $this->allowcredit)) { Showmsg('reward_credit_error'); } $this->data['cbtype'] = $ctype['best']; $this->data['catype'] = $ctype['active']; $this->data['cbval'] = $bonus['best']; $this->data['caval'] = $bonus['active']; }
function ModeList() { $modes = array(); if ($fp = opendir(R_P . 'mode')) { while ($modedir = readdir($fp)) { if (strpos($modedir, '.') === false) { $infodb = array(); if (function_exists('file_get_contents')) { $filedata = @file_get_contents(R_P . "mode/{$modedir}/info.xml"); } else { $filedata = readover(R_P . "mode/{$modedir}/info.xml"); } if (preg_match('/\\<modename\\>(.+?)\\<\\/modename\\>\\s+\\<descrip\\>(.+?)\\<\\/descrip\\>/is', $filedata, $infodb)) { $infodb[1] && ($modename = Char_cv(str_replace(array("\n"), '', $infodb[1]))); } $modes[$modedir] = array('m_name' => $modename, 'ifopen' => 1, 'title' => $modename); } } closedir($fp); } return $modes; }
function _setData() { $this->data['subject'] = Char_cv(GetGP('act_subject', 'P')); $this->data['location'] = Char_cv(GetGP('act_location', 'P')); $this->data['sexneed'] = intval(GetGP('act_sex')); $act_starttime = Char_cv(GetGP('act_starttime')); $act_deadline = Char_cv(GetGP('act_deadline')); $act_endtime = Char_cv(GetGP('act_endtime')); $act_num = intval(GetGP('act_num')); $act_costs = intval(GetGP('act_costs')); !($this->data['subject'] && $act_starttime && $act_deadline) && Showmsg('active_data_empty'); $act_starttime = PwStrtoTime($act_starttime); $act_endtime = PwStrtoTime($act_endtime); $act_deadline = PwStrtoTime($act_deadline); $act_num < 1 && ($act_num = 0); $act_costs < 1 && ($act_costs = 0); $this->data['starttime'] = $act_starttime; $this->data['deadline'] = $act_deadline; $this->data['endtime'] = $act_endtime; $this->data['num'] = $act_num; $this->data['costs'] = $act_costs; }
function _setData() { global $timestamp; $endtime = Char_cv(GetGP('endtime')); $obtitle = Char_cv(GetGP('obtitle')); $retitle = Char_cv(GetGP('retitle')); $umpire = Char_cv(GetGP('umpire')); $endtime = PwStrtoTime($endtime); $endtime < $timestamp && Showmsg('debate_time'); if (empty($obtitle) || empty($retitle)) { Showmsg('debate_notitle'); } elseif (strlen($obtitle) > 255 || strlen($retitle) > 255) { Showmsg('debate_titlelen'); } if ($umpire) { $umpireuid = $this->db->get_value("SELECT uid FROM pw_members WHERE username=" . pwEscape($umpire)); empty($umpireuid) && Showmsg('debate_noumpire'); } $this->data['endtime'] = $endtime; $this->data['obtitle'] = $obtitle; $this->data['retitle'] = $retitle; $this->data['umpire'] = $umpire; $this->data['postdate'] = $timestamp; }
!$modelid && ($topiccatestyle = 'style="display:none"'); !$pcid && ($postcatestyle = 'style="display:none"'); //团购活动 @(include_once D_P . 'data/bbscache/postcate_config.php'); } $ajaxurl = EncodeUrl($basename); include PrintEot('setforum'); exit; } elseif ($_POST['step'] == 2) { $forum = $db->get_one("SELECT type,fup,forumadmin,logo FROM pw_forums WHERE fid=" . pwEscape($fid)); InitGP(array('name', 'descrip', 'metadescrip'), 'P', 0); InitGP(array('vieworder', 'dirname', 'style', 'across', 'keywords'), 'P'); $name = str_replace('<iframe', '<iframe', $name); $descrip = str_replace('<iframe', '<iframe', $descrip); $metadescrip = str_replace('<iframe', '<iframe', $metadescrip); $keywords = Char_cv($keywords); strlen($descrip) > 250 && adminmsg('descrip_long'); strlen($metadescrip) > 250 && adminmsg('descrip_long'); if ($forum['type'] == 'category') { $db->update("UPDATE pw_forums SET " . pwSqlSingle(array('name' => $name, 'vieworder' => $vieworder, 'dirname' => $dirname, 'style' => $style, 'across' => $across, 'cms' => $cms)) . " WHERE fid=" . pwEscape($fid)); } else { InitGP(array('forumsetdb', 'uploadset', 'rewarddb', 'cfup', 'ffup', 'showsub', 'ifhide', 'viewsub', 'allowhide', 'allowsell', 'copyctrl', 'f_check', 'password', 'allowvisit', 'allowread', 'allowpost', 'allowrp', 'allowupload', 'allowdownload', 'otherfid', 'otherforum', 'allowtime', 'allowtype', 'recycle', 'forumsell', 'sdate', 'cprice', 'rprice', 'logotype', 'logo_upload', 'logo_url', 'ifdellogo', 't_view_db', 'new_t_view_db', 't_logo_db', 'new_t_logo_db', 'new_t_sub_logo_db', 'new_t_sub_view_db', 't_type', 'modelid', 'pcid'), 'P'); InitGP(array('t_db', 'new_t_db', 'new_t_sub_db', 'f_type'), 'P', 0); InitGP(array('ifcms')); //主题分类 //更新原有的分类 foreach ($t_db as $key => $value) { $db->update("UPDATE pw_topictype SET " . pwSqlSingle(array('name' => $value, 'vieworder' => $t_view_db[$key], 'logo' => $t_logo_db[$key])) . " WHERE id=" . pwEscape($key)); } //增加新分类 foreach ($new_t_db as $key => $value) {
} require_once PrintEot('forumcp'); footer(); } elseif ($type == 'addmsg') { if (empty($_POST['step'])) { $adminname = explode(',', trim($forums['forumadmin'], ',')); require_once PrintEot('forumcp'); footer(); } else { PostCheck(); !$fid && Showmsg('annouce_fid'); InitGP(array('msgtype', 'toname', 'savetime'), 'P'); !$msgtype && !$toname && Showmsg('forummsg_object'); $msgtype == 1 ? $toname = '' : ($msgtype = 2); $savetime = $timestamp + (intval($savetime) > 0 ? intval($savetime) : 30) * 86400; $message = trim(Char_cv($_POST['message'])); !$message && Showmsg('forummsg_content'); $toname = "," . implode(',', $toname) . ","; $pwSQL = pwSqlSingle(array('fid' => $fid, 'uid' => $winduid, 'username' => $windid, 'toname' => $toname, 'msgtype' => $msgtype, 'posttime' => $timestamp, 'savetime' => $savetime, 'message' => $message)); $db->update("INSERT INTO pw_forummsg SET {$pwSQL}"); refreshto("forumcp.php?action=edit&type=msg&fid={$fid}", 'operate_success'); } } } elseif ($action == 'del') { PostCheck(); InitGP(array('selid', 'type')); $selids = array(); foreach ($selid as $key => $value) { is_numeric($value) && ($selids[] = $value); } if ($selids) {
function Getcustom($data, $unserialize = true, $strips = null) { global $db_union; $customdata = array(); if (!$data || ($unserialize ? !is_array($data = unserialize($data)) : !is_array($data))) { $data = array(); } elseif (!is_array($custominfo = unserialize($db_union[7]))) { $custominfo = array(); } if (!empty($data) && !empty($custominfo)) { foreach ($data as $key => $value) { if (!empty($strips)) { $customdata[stripslashes(Char_cv($key))] = stripslashes(Char_cv($value)); } elseif ($custominfo[$key] && $value) { $customdata[$key] = $value; } } } return array($customdata, $custominfo); }
} if ($action == 'update') { include D_P . 'data/bbscache/forum_cache.php'; InitGP(array('contents', 'forums'), 'p'); foreach ($forums as $key => $value) { $forums[$key]['title'] = $value['title'] = Char_cv(strip_tags($value['title'])); $forums[$key]['descrip'] = $value['descrip'] = Char_cv(strip_tags($value['descrip'])); $forums[$key]['keywords'] = $value['keywords'] = Char_cv(strip_tags($value['keywords'])); if ($forum[$key]['title'] != $value['title'] || $forum[$key]['descrip'] != $value['descrip'] || $forum[$key]['keywords'] != $value['keywords']) { $db->update("UPDATE pw_forums SET title=" . pwEscape($value['title']) . ",metadescrip=" . pwEscape($value['descrip']) . ",keywords=" . pwEscape($value['keywords']) . " WHERE fid = " . pwEscape($key)); } } updatecache_f(); $db_bbstitle = array('index' => Char_cv(strip_tags($contents['title_index'])), 'thread' => Char_cv(strip_tags($contents['title_thread'])), 'read' => Char_cv(strip_tags($contents['title_read']))); $db_metadescrip = array('index' => Char_cv(strip_tags($contents['metadesc_index'])), 'thread' => Char_cv(strip_tags($contents['metadesc_thread'])), 'read' => Char_cv(strip_tags($contents['metadesc_read']))); $db_metakeyword = array('index' => Char_cv(strip_tags($contents['metakeyword_index'])), 'thread' => Char_cv(strip_tags($contents['metakeyword_thread'])), 'read' => Char_cv(strip_tags($contents['metakeyword_read']))); $config = array(); $config[] = array('db_name' => $db_names[0], 'vtype' => 'array', 'db_value' => serialize($db_bbstitle)); $config[] = array('db_name' => $db_names[1], 'vtype' => 'array', 'db_value' => serialize($db_metadescrip)); $config[] = array('db_name' => $db_names[2], 'vtype' => 'array', 'db_value' => serialize($db_metakeyword)); $sql = "REPLACE INTO pw_config (db_name,vtype,db_value) VALUES " . pwSqlMulti($config); $db->update($sql); updatecache_c(); $basename = $basename . '&mode=' . $mode; adminmsg('operate_success'); } else { if (!file_exists(D_P . 'data/bbscache/config.php') || !isset($db_bbstitle) || !isset($db_metadescrip) || !isset($db_metakeyword)) { $sql = "SELECT * FROM pw_config WHERE db_name IN ( " . pwImplode($db_names) . " ) "; $query = $db->query($sql); while ($rt = $db->fetch_array($query)) { ${$rt['db_name']} = unserialize($rt['db_value']);
} include PrintEot('postcate'); exit; } elseif ($step == '2') { InitGP(array('subject', 'atc_content', 'uids')); $cache_file = D_P . "data/bbscache/" . substr(md5($admin_pwd), 10, 10) . ".txt"; if (!$nexto) { writeover($cache_file, $atc_content); } else { $atc_content = readover($cache_file); } if (empty($subject) || empty($atc_content)) { adminmsg('sendmsg_empty', 'javascript:history.go(-1);'); } $subject = Char_cv($subject); $sendmessage = Char_cv($atc_content); $percount = 1; empty($nexto) && ($nexto = 1); $uids = explode(',', $uids); $count = count($uids); if ($uids) { $uids = pwImplode($uids); $msg_a = array(); $query = $db->query("SELECT uid,username,email,newpm FROM pw_members WHERE uid IN({$uids})"); while (@extract($db->fetch_array($query))) { $sendmessage = str_replace("\$email", $email, $atc_content); $sendmessage = str_replace("\$windid", $username, $sendmessage); $msg_a[] = array($uid, '0', 'System', 'rebox', '1', $timestamp, $subject, $sendmessage); } //TODO 新消息提醒 if ($msg_a) {
if (!If_manager) { Iplimit(); $temp_a = array_merge($_POST, $_GET); foreach ($temp_a as $key => $value) { if ($key != 'module') { CheckVar($value); } } unset($temp_a); $admin_level = $ltitle[$admin_gid]; } else { $admin_level = getLangInfo('other', 'admin_level'); //'manager'; } $_postdata = $_POST ? PostLog($_POST) : ''; $new_record = '|' . str_replace('|', '|', Char_cv($admin_name)) . '||' . str_replace('|', '|', Char_cv($REQUEST_URI)) . "|{$onlineip}|{$timestamp}|{$_postdata}|\n"; writeover($bbsrecordfile, $new_record, "ab"); if ($pwServer['REQUEST_METHOD'] == 'POST') { $referer_a = @parse_url($pwServer['HTTP_REFERER']); if ($referer_a['host']) { list($http_host) = explode(':', $pwServer['HTTP_HOST']); if ($referer_a['host'] != $http_host) { adminmsg('undefined_action'); } } unset($referer_a); PostCheck($verify); } unset($_postdata, $new_record, $bbsrecordfile, $dbhost, $dbuser, $dbpw, $dbname, $pconnect, $newmanager, $newmngpwd); function HtmlConvert(&$array) {
$atc_content = $reinfo['content']; } } elseif (is_numeric($touid)) { $reinfo = $db->get_one("SELECT uid,username FROM pw_members WHERE uid=" . pwEscape($touid)); if ($type == 'birth') { $subject = getLangInfo('writemsg', 'birth_title'); $atc_content = getLangInfo('writemsg', 'birth_content'); } } require_once PrintEot('ajax'); ajax_footer(); } else { PostCheck(1, $db_gdcheck & 8); InitGP(array('msg_title', 'pwuser', 'ifsave'), 'P'); InitGP(array('atc_content'), 'P', 0); $atc_content = trim(Char_cv($atc_content)); if (!$atc_content || !$msg_title || !$pwuser) { Showmsg('msg_empty'); } elseif (strlen($msg_title) > 75 || strlen($atc_content) > 1500) { Showmsg('msg_subject_limit'); } require_once R_P . 'require/bbscode.php'; $wordsfb = L::loadClass('FilterUtil'); if (($banword = $wordsfb->comprise($msg_title)) !== false) { Showmsg('title_wordsfb'); } if (($banword = $wordsfb->comprise($atc_content, false)) !== false) { Showmsg('content_wordsfb'); } $msgq && Qcheck($_POST['qanswer'], $_POST['qkey']); $rt = $db->get_one("SELECT uid,banpm,msggroups FROM pw_members WHERE username=" . pwEscape($pwuser));
function addLog($creditlog, $username, $uid, $logtype) { global $db, $creditset, $credit, $timestamp, $db_ifcredit, $onlineip; $credit_pop = ''; $cLog = array(); empty($creditset) && ($creditset = array()); foreach ($creditset as $key => $affect) { if (isset($credit->cType[$key]) && $affect != 0 && isset($creditlog[$key])) { $log['username'] = Char_cv($username); $log['cname'] = $credit->cType[$key]; $log['affect'] = $affect; $log['affect'] > 0 && ($log['affect'] = '+' . $log['affect']); $log['descrip'] = Char_cv(getLangInfo('creditlog', $logtype, $log)); $credit_pop .= $key . ":" . $log['affect'] . '|'; $cLog[] = array($uid, $log['username'], $key, $affect, $timestamp, $logtype, $onlineip, $log['descrip']); } } if ($db_ifcredit && $credit_pop) { //Credit Changes Tips $credit_pop = $logtype . '|' . $credit_pop; $db->update("UPDATE pw_memberdata SET creditpop=" . pwEscape($credit_pop) . " WHERE uid=" . pwEscape($uid), 0); } if (!empty($cLog)) { $db->update("INSERT INTO pw_creditlog (uid,username,ctype,affect,adddate,logtype,ip,descrip) VALUES " . pwSqlMulti($cLog, false)); } $cLog = array(); }
<?php !function_exists('readover') && exit('Forbidden'); include_once D_P . 'data/bbscache/forum_cache.php'; $query = $db->query("SELECT t.tid,t.fid,t.authorid,t.subject,t.postdate FROM pw_threads t LEFT JOIN pw_reward r USING(tid) WHERE t.special='3' AND t.state='0' AND r.timelimit<'{$timestamp}' ORDER BY t.postdate ASC LIMIT 100"); $tids = $uiddb = $msg_a = array(); while ($rt = $db->fetch_array($query)) { $rt['postdate'] = get_date($rt['postdate']); $tids[$rt['tid']] = $rt; } $title = Char_cv(getLangInfo('writemsg', 'rewardmsg_notice_title')); foreach ($tids as $tid => $msg) { $L = array('tid' => $tid, 'subject' => $msg['subject'], 'postdate' => $msg['postdate'], 'fid' => $msg['fid'], 'name' => $forum[$msg['fid']]['name']); $content = Char_cv(getLangInfo('writemsg', 'rewardmsg_notice_content', $L)); $msg_a[] = array($msg['authorid'], '0', 'SYSTEM', 'rebox', '1', $timestamp, $title, $content); } if ($msg_a) { require_once R_P . 'require/msg.php'; send_msgc($msg_a); }
/** * 验证是否登录 * @return boolean */ public function is_login() { $cookie = array_var($_COOKIE, AUTH_KEY . '_admin_auth'); if (isset($cookie) and !empty($cookie)) { $cookie_data = explode(':', authcode($cookie, $operation = 'DECODE')); if (count($cookie_data) == 3) { $current_cookie_auth = $cookie_data[1]; if ($current_cookie_auth == $this->get_user_agent()) { $current_cookie_username = $cookie_data[0]; $current_cookie_password = $cookie_data[2]; if (self::verify_login_in($current_cookie_username, $current_cookie_password)) { $post = $_POST; if ($_GET['c'] == 'config' && $_GET['a'] == 'mail') { unset($post['config']['smtppass']); } $_postdata = $post ? PostLog($post) : ''; $REQUEST_URI = '?' . $_SERVER['QUERY_STRING']; $onlineip = get_client_ip(); $timestamp = time(); $admin_recordfile = PATH_ADMIN_LOG_PATH . "/admin_log_" . date('Y-m-d') . ".php"; $record_name = str_replace('|', '|', Char_cv($current_cookie_username)); $record_URI = str_replace('|', '|', Char_cv($REQUEST_URI)); $new_record = "<?die;?>" . date('Y-m-d H:i:s') . "|{$record_name}|{$record_URI}|{$onlineip}|{$timestamp}|{$_postdata}|\n"; if (USERNAME != 'admin') { writeover($admin_recordfile, $new_record, "ab"); $oparr = doqueryurl(); $opuser = USERNAME; $opaday = date('Ymd', time()); $opctrl = 'c=' . $_GET['c']; $opact = 'a=' . $_GET['a']; $opstring = $oparr[2]; $times = time(); if ($_GET['a'] == 'welcome' || $_GET['a'] == 'menu' || $_GET['a'] == 'top' || $_GET['a'] == 'getusermsgstatus') { } else { $oplogdata = array(); $oplogdata['aday'] = $opaday; $oplogdata['username'] = $opuser; $oplogdata['ctrl'] = $opctrl; $oplogdata['act'] = $opact; $oplogdata['query'] = $opstring; $oplogdata['timestamp'] = $times; pm_db::query("INSERT INTO iosadm_oplog (aday,username,ctrl,act,`query`,timestamp) VALUES ('{$opaday}','{$opuser}','{$opctrl}','{$opact}','{$opstring}','{$times}')"); } } } return true; } // username_exists( ) } //$current_cookie_auth } return false; }
} } else { $evalue = $Table->getone($aid); //print_r($evalue); include "tpl/otype_list.htm"; } } elseif ($action == "edit") { InitGP(array("node", "typeid", "typename")); //初始化变量全局返回 if (!empty($_POST) and !empty($typename)) { $typeid = GetNum($typeid); if (empty($typename)) { showmsg("名称不能为空!", PHP_SELF); } //出错! $arrayadd = array("node" => Char_cv($node), "typename" => Char_cv($typename), "listorder" => GetNum($listorder)); $info = $Table->edit($typeid, $arrayadd); if ($info == "OK") { showmsg("更新成功!", PHP_SELF); //出错! } else { showmsg("更新失败!", "-1"); //出错! } } else { $evalue = $Table->getone($aid); //print_r($evalue); include "tpl/otype_list.htm"; } } elseif ($action == "del" && !empty($did)) { //执行删除操作
!$isU && Showmsg('space_over_right'); (int) $type < 1 && Showmsg('type_error'); $tnum = $type - 1; $rs = $db->get_one("SELECT tids,type FROM pw_favors WHERE uid=" . pwEscape($winduid)); $tiddb = getfavor($rs['tids']); $typedb = explode(',', $rs['type']); Add_S($typedb); unset($typedb[$tnum]); if ($tiddb[$type]) { foreach ($tiddb[$type] as $key => $val) { $tiddb['0'][$val] = $val; } } unset($tiddb[$type]); $newtids = makefavor($tiddb); $newtype = Char_cv(implode(',', $typedb)); $db->update("UPDATE pw_favors SET " . pwSqlSingle(array('tids' => $newtids, 'type' => $newtype)) . "WHERE uid=" . pwEscape($winduid)); refreshto("u.php?action=favor", 'operate_success'); } function getfavor($tids) { $tids = explode('|', $tids); $tiddb = array(); foreach ($tids as $key => $t) { if ($t) { $v = explode(',', $t); foreach ($v as $k => $v1) { $tiddb[$key][$v1] = $v1; } } }
function getallbyanonymous($anonymous) { $anonymous = Char_cv($anonymous); return $this->getdata("", "anonymous = '{$anonymous}'", "goodsseller desc,gid desc"); }
function HackList() { $hackdb = array(); if ($fp = opendir(R_P . 'hack')) { $infodb = array(); while ($hackdir = readdir($fp)) { if (strpos($hackdir, '.') === false) { $hackopen = 0; $hackname = $hackdir; $filedata = readover(R_P . "hack/{$hackdir}/info.xml"); if (preg_match('/\\<hackname\\>(.+?)\\<\\/hackname\\>\\s+\\<ifopen\\>(.+?)\\<\\/ifopen\\>/is', $filedata, $infodb)) { $infodb[1] && ($hackname = Char_cv(str_replace(array("\n"), '', $infodb[1]))); $hackopen = (int) $infodb[2]; } $hackdb[$hackdir] = array($hackname, $hackdir, $hackopen); } } closedir($fp); } return $hackdb; }
$installdb['noindex'][$key] = $value; } } if ($fp = opendir(R_P . 'hack')) { $infodb = array(); while ($hackdir = readdir($fp)) { if (strpos($hackdir, '.') === false && empty($db_hackdb[$hackdir])) { $hackname = $hackdir; $hackopen = 0; if (function_exists('file_get_contents')) { $filedata = @file_get_contents(R_P . "hack/{$hackdir}/info.xml"); } else { $filedata = readover(R_P . "hack/{$hackdir}/info.xml"); } if (preg_match('/\\<hackname\\>(.+?)\\<\\/hackname\\>\\s+\\<ifopen\\>(.+?)\\<\\/ifopen\\>/is', $filedata, $infodb)) { $infodb[1] && ($hackname = Char_cv(str_replace(array("\n"), '', $infodb[1]))); $hackopen = (int) $infodb[2]; } $hackurl = EncodeUrl("{$basename}&action=add&hackdir={$hackdir}&hackname=" . rawurlencode($hackname) . "&hackopen={$hackopen}"); $uninstalldb[] = array($hackname, $hackdir, $hackopen, $hackurl); } } closedir($fp); } unset($db_hackdb); include PrintEot('hackcenter'); exit; } elseif ($action == 'edit') { InitGP(array('hackname'), 'GP', 0); //InitGP(array('hackopen'),'GP',2); //$navMenu = L::loadClass('navmenu');
$p_name = Char_cv($pdata->name); $p_price = GetNum($pdata->price); $p_fee = GetNum($pdata->freight); $p_num = GetNum($pdata->buyNum); $p_note = Char_cv($pdata->remark); $p_url = Char_cv($pdata->href); $p_size = Char_cv($pdata->chicun); $p_color = Char_cv($pdata->yanse); $p_saler = Char_cv($pdata->shopName); $s_url = Char_cv($pdata->shopHref); $picture = Char_cv($pdata->picture); $type = GetNum($pdata->type); if ($type == 0) { $type = 1; } $expressno = Char_cv($pdata->expressno); if (strlen($p_name) <= 0 || strlen($p_price) <= 0 || $p_fee < 0 || strlen($p_num) <= 0 || strlen($p_url) <= 0) { echo 132; return; } $preg = $shopsite->getpreg($p_url); //获取站点 //放入购物车处理 $addarray = array('goodsurl' => $p_url, 'goodsname' => $p_name, 'goodsprice' => $p_price, 'sendprice' => $p_fee, 'goodsnum' => $p_num, 'goodsimg' => $picture, 'goodssize' => $p_size, 'goodscolor' => $p_color, 'goodsseller' => $p_saler, 'sellerurl' => $s_url, 'goodssite' => $preg['shopname'], 'siteurl' => $preg['shopurl'], 'expressno' => $expressno, 'type' => $type, 'goodsremark' => $p_note, 'addtime' => time()); include INC_PATH . "/cart.class.php"; $Cart = CartClass::init(); $info = $Cart->add($addarray); if (GetNum($info)) { echo json_encode('OK'); } else { echo $info;