Ejemplo n.º 1
0
function EditSearchLoadTb($add, $userid, $username)
{
    global $empire, $dbtbpre;
    $lid = (int) $add['lid'];
    $tbname = RepPostVar($add['tbname']);
    $titlefield = RepPostVar($add['titlefield']);
    $infotextfield = RepPostVar($add['infotextfield']);
    $smalltextfield = RepPostVar($add['smalltextfield']);
    $loadnum = (int) $add['loadnum'];
    if (!$tbname || !$titlefield || !$infotextfield || !$smalltextfield || !$loadnum) {
        printerror("EmptySearchLoadTb", "history.go(-1)");
    }
    //操作权限
    CheckLevel($userid, $username, $classid, "searchall");
    if ($tbname != $add['oldtbname']) {
        //表是否存在
        $tbnum = $empire->gettotal("select count(*) as total from {$dbtbpre}enewssearchall_load where tbname='{$tbname}' and lid<>{$lid} limit 1");
        if ($tbnum) {
            printerror("ReSearchLoadTb", "history.go(-1)");
        }
    }
    $sql = $empire->query("update {$dbtbpre}enewssearchall_load set tbname='{$tbname}',titlefield='{$titlefield}',infotextfield='{$infotextfield}',smalltextfield='{$smalltextfield}',loadnum='{$loadnum}' where lid='{$lid}'");
    GetSearchAllTb();
    if ($sql) {
        //操作日志
        insert_dolog("lid=" . $lid . "&tbname=" . $tbname);
        printerror("EditSearchLoadTbSuccess", "ListSearchLoadTb.php" . hReturnEcmsHashStrHref2(1));
    } else {
        printerror("DbError", "history.go(-1)");
    }
}
Ejemplo n.º 2
0
function AddGbook($add)
{
    global $empire, $dbtbpre, $level_r, $public_r;
    //验证IP
    eCheckAccessDoIp('gbook');
    CheckCanPostUrl();
    //验证来源
    $bid = (int) getcvar('gbookbid');
    if (empty($bid)) {
        $bid = intval($add[bid]);
    }
    $name = RepPostStr(trim($add[name]));
    $email = RepPostStr($add[email]);
    $call = RepPostStr($add[call]);
    $lytext = RepPostStr($add[lytext]);
    if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) {
        printerror("EmptyGbookname", "history.go(-1)", 1);
    }
    if (!chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    //验证码
    $keyvname = 'checkgbookkey';
    if ($public_r['gbkey_ok']) {
        ecmsCheckShowKey($keyvname, $add['key'], 1);
    }
    $lasttime = getcvar('lastgbooktime');
    if ($lasttime) {
        if (time() - $lasttime < $public_r['regbooktime']) {
            printerror("GbOutTime", "", 1);
        }
    }
    //版面是否存在
    $br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';");
    if (empty($br[bid])) {
        printerror("EmptyGbook", "history.go(-1)", 1);
    }
    //权限
    if ($br['groupid']) {
        $user = islogin();
        if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
            printerror("HaveNotEnLevel", "history.go(-1)", 1);
        }
    }
    $lytime = date("Y-m-d H:i:s");
    $ip = egetip();
    $userid = (int) getcvar('mluserid');
    $username = RepPostVar(getcvar('mlusername'));
    $sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('{$name}','{$email}','{$call}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}');");
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        esetcookie("lastgbooktime", time(), time() + 3600 * 24);
        //设置最后发表时间
        $reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']);
        printerror("AddGbookSuccess", $reurl, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Ejemplo n.º 3
0
function EditPubVar($add, $userid, $username)
{
    global $empire, $dbtbpre;
    $add[varid] = (int) $add['varid'];
    $add[myvar] = RepPostVar($add[myvar]);
    if (!$add[varid] || !$add[myvar] || !$add[varname]) {
        printerror("EmptyPubVar", "history.go(-1)");
    }
    //验证权限
    CheckLevel($userid, $username, $classid, "pubvar");
    if ($add[myvar] != $add[oldmyvar]) {
        $num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewspubvar where myvar='{$add['myvar']}' and varid<>{$add['varid']} limit 1");
        if ($num) {
            printerror("RePubVar", "history.go(-1)");
        }
    }
    $add[varvalue] = AddAddsData(RepPhpAspJspcode($add[varvalue]));
    $classid = (int) $add[classid];
    $tocache = (int) $add[tocache];
    $add[myorder] = (int) $add[myorder];
    $sql = $empire->query("update {$dbtbpre}enewspubvar set myvar='{$add['myvar']}',varname='{$add['varname']}',varvalue='" . $add[varvalue] . "',varsay='{$add['varsay']}',myorder='{$add['myorder']}',classid='{$classid}',tocache='{$tocache}' where varid='{$add['varid']}'");
    if ($tocache || $add['oldtocache']) {
        GetConfig();
    }
    if ($sql) {
        //操作日志
        insert_dolog("varid=" . $add[varid] . "<br>var=" . $add[myvar]);
        printerror("EditPubVarSuccess", "ListPubVar.php?classid={$add['cid']}" . hReturnEcmsHashStrHref2(0));
    } else {
        printerror("DbError", "history.go(-1)");
    }
}
Ejemplo n.º 4
0
function EditSp($add, $userid, $username)
{
    global $empire, $dbtbpre;
    $add['varname'] = RepPostVar($add['varname']);
    $spid = (int) $add[spid];
    if (!$spid || !$add[spname] || !$add[varname]) {
        printerror("EmptySp", "history.go(-1)");
    }
    //验证权限
    CheckLevel($userid, $username, $classid, "sp");
    $num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewssp where varname='{$add['varname']}' and spid<>{$spid} limit 1");
    if ($num) {
        printerror("HaveSp", "history.go(-1)");
    }
    $add[sptype] = (int) $add[sptype];
    $add[cid] = (int) $add[cid];
    $add[classid] = (int) $add[classid];
    $add[tempid] = (int) $add[tempid];
    $add[maxnum] = (int) $add[maxnum];
    $sptime = time();
    $groupid = ReturnSpGroup($add[groupid]);
    $userclass = ReturnSpGroup($add[userclass]);
    $username = '******' . $add[username] . ',';
    $add[isclose] = (int) $add[isclose];
    $add[cladd] = (int) $add[cladd];
    $sql = $empire->query("update {$dbtbpre}enewssp set spname='{$add['spname']}',varname='{$add['varname']}',sppic='{$add['sppic']}',spsay='{$add['spsay']}',sptype='{$add['sptype']}',cid='{$add['cid']}',classid='{$add['classid']}',tempid='{$add['tempid']}',maxnum='{$add['maxnum']}',groupid='{$groupid}',userclass='{$userclass}',username='******',isclose='{$add['isclose']}',cladd='{$add['cladd']}' where spid='{$spid}'");
    if ($sql) {
        //操作日志
        insert_dolog("spid=" . $spid . "<br>spname=" . $add[spname]);
        printerror("EditSpSuccess", "ListSp.php?cid={$add['fcid']}&fclassid={$add['fclassid']}&fsptype={$add['fsptype']}");
    } else {
        printerror("DbError", "history.go(-1)");
    }
}
Ejemplo n.º 5
0
function EditFriend($add)
{
    global $empire, $dbtbpre;
    //是否登陆
    $user_r = islogin();
    $fid = (int) $add['fid'];
    $fname = RepPostVar(trim($add['fname']));
    $add['fcid'] = (int) $add['fcid'];
    if (!$fname || !$fid) {
        printerror("EmptyFriend", "", 1);
    }
    //加自己为好友
    if ($fname == $user_r['username']) {
        printerror("NotAddFriendSelf", "", 1);
    }
    $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$fname}' limit 1");
    if (!$num) {
        printerror("NotFriendUsername", "", 1);
    }
    //重复提交
    if ($fname != $add['oldfname']) {
        $num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewshy where fname='{$fname}' and userid='{$user_r['userid']}' limit 1");
        if ($num) {
            printerror("ReAddFriend", "", 1);
        }
    }
    $cid = (int) $add['cid'];
    $fsay = RepPostStr($add['fsay']);
    $sql = $empire->query("update {$dbtbpre}enewshy set fname='" . addslashes($fname) . "',cid={$cid},fsay='" . addslashes($fsay) . "' where fid={$fid} and userid='{$user_r['userid']}'");
    if ($sql) {
        printerror("EditFriendSuccess", "../member/friend/?cid={$add['fcid']}", 1);
    } else {
        printerror("DbError", "", 1);
    }
}
Ejemplo n.º 6
0
function EditSafeInfo($add)
{
    global $empire, $dbtbpre, $public_r;
    $user_r = islogin();
    //是否登陆
    $userid = $user_r[userid];
    $username = $user_r[username];
    $rnd = $user_r[rnd];
    //邮箱
    $email = trim($add['email']);
    if (!$email || !chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    $email = RepPostStr($email);
    //验证原密码
    $oldpassword = RepPostVar($add[oldpassword]);
    if (!$oldpassword) {
        printerror('FailOldPassword', '', 1);
    }
    $add[password] = RepPostVar($add[password]);
    $num = 0;
    $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,password,salt') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}'");
    if (empty($ur['userid'])) {
        printerror('FailOldPassword', '', 1);
    }
    if (!eDoCkMemberPw($oldpassword, $ur['password'], $ur['salt'])) {
        printerror('FailOldPassword', '', 1);
    }
    //邮箱
    $pr = $empire->fetch1("select regemailonly from {$dbtbpre}enewspublic limit 1");
    if ($pr['regemailonly']) {
        $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' and " . egetmf('userid') . "<>'{$userid}' limit 1");
        if ($num) {
            printerror("ReEmailFail", "history.go(-1)", 1);
        }
    }
    //密码
    $a = '';
    $salt = '';
    $truepassword = '';
    if ($add[password]) {
        if ($add[password] !== $add[repassword]) {
            printerror('NotRepassword', 'history.go(-1)', 1);
        }
        $salt = eReturnMemberSalt();
        $password = eDoMemberPw($add[password], $salt);
        $a = "," . egetmf('password') . "='{$password}'," . egetmf('salt') . "='{$salt}'";
        $truepassword = $add[password];
    }
    $sql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('email') . "='{$email}'" . $a . " where " . egetmf('userid') . "='{$userid}'");
    if ($sql) {
        //易通行系统
        DoEpassport('editpassword', $userid, $username, $truepassword, $salt, $email, $user_r['groupid'], '');
        printerror("EditInfoSuccess", "../member/EditInfo/EditSafeInfo.php", 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Ejemplo n.º 7
0
function ReInfoUrl($start, $classid, $from, $retype, $startday, $endday, $startid, $endid, $tbname, $userid, $username)
{
    global $empire, $public_r, $class_r, $fun_r, $dbtbpre;
    //验证权限
    //CheckLevel($userid,$username,$classid,"changedata");
    $start = (int) $start;
    $tbname = RepPostVar($tbname);
    if (empty($tbname) || !eCheckTbname($tbname)) {
        printerror("ErrorUrl", "history.go(-1)");
    }
    $add1 = '';
    //按栏目刷新
    $classid = (int) $classid;
    if ($classid) {
        if (empty($class_r[$classid][islast])) {
            $where = ReturnClass($class_r[$classid][sonclass]);
        } else {
            $where = "classid='{$classid}'";
        }
        $add1 = " and (" . $where . ")";
    }
    //按ID刷新
    if ($retype) {
        $startid = (int) $startid;
        $endid = (int) $endid;
        if ($endid) {
            $add1 .= " and id>={$startid} and id<={$endid}";
        }
    } else {
        $startday = RepPostVar($startday);
        $endday = RepPostVar($endday);
        if ($startday && $endday) {
            $add1 .= " and truetime>=" . to_time($startday . " 00:00:00") . " and truetime<=" . to_time($endday . " 23:59:59");
        }
    }
    $b = 0;
    $sql = $empire->query("select id,classid,checked from {$dbtbpre}ecms_" . $tbname . "_index where id>{$start}" . $add1 . " order by id limit " . $public_r[delnewsnum]);
    while ($r = $empire->fetch($sql)) {
        $b = 1;
        $new_start = $r[id];
        //返回表
        $infotb = ReturnInfoMainTbname($tbname, $r['checked']);
        $infor = $empire->fetch1("select newspath,filename,groupid,isurl,titleurl from " . $infotb . " where id='{$r['id']}' limit 1");
        $infourl = GotoGetTitleUrl($r['classid'], $r['id'], $infor['newspath'], $infor['filename'], $infor['groupid'], $infor['isurl'], $infor['titleurl']);
        $empire->query("update " . $infotb . " set titleurl='{$infourl}' where id='{$r['id']}' limit 1");
    }
    if (empty($b)) {
        insert_dolog("");
        //操作日志
        printerror("ReInfoUrlSuccess", $from);
    }
    echo $fun_r[OneReInfoUrlSuccess] . "(ID:<font color=red><b>" . $new_start . "</b></font>)<script>self.location.href='ReInfoUrl.php?enews=ReInfoUrl&tbname={$tbname}&classid={$classid}&start={$new_start}&from=" . urlencode($from) . "&retype={$retype}&startday={$startday}&endday={$endday}&startid={$startid}&endid={$endid}" . hReturnEcmsHashStrHref(0) . "';</script>";
    exit;
}
Ejemplo n.º 8
0
function SetWap($add, $userid, $username)
{
    global $empire, $dbtbpre;
    $wapopen = (int) $add['wapopen'];
    $wapdefstyle = (int) $add['wapdefstyle'];
    $wapshowmid = RepPostVar($add['wapshowmid']);
    $waplistnum = (int) $add['waplistnum'];
    $wapsubtitle = (int) $add['wapsubtitle'];
    $wapchar = (int) $add['wapchar'];
    $sql = $empire->query("update {$dbtbpre}enewspublic set wapopen={$wapopen},wapdefstyle={$wapdefstyle},wapshowmid='{$wapshowmid}',waplistnum={$waplistnum},wapsubtitle={$wapsubtitle},wapshowdate='{$add['wapshowdate']}',wapchar={$wapchar} limit 1");
    //操作日志
    insert_dolog("");
    printerror("SetWapSuccess", "SetWap.php");
}
Ejemplo n.º 9
0
function EditSp($add, $userid, $username)
{
    global $empire, $dbtbpre;
    $add['varname'] = RepPostVar($add['varname']);
    $spid = (int) $add[spid];
    if (!$spid || !$add[spname] || !$add[varname]) {
        printerror("EmptySp", "history.go(-1)");
    }
    //验证权限
    CheckLevel($userid, $username, $classid, "sp");
    $num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewssp where varname='{$add['varname']}' and spid<>{$spid} limit 1");
    if ($num) {
        printerror("HaveSp", "history.go(-1)");
    }
    $add[sptype] = (int) $add[sptype];
    $add[cid] = (int) $add[cid];
    $add[classid] = (int) $add[classid];
    $add[tempid] = (int) $add[tempid];
    $add[maxnum] = (int) $add[maxnum];
    $sptime = time();
    $groupid = ReturnSpGroup($add[groupid]);
    $userclass = ReturnSpGroup($add[userclass]);
    $username = '******' . $add[username] . ',';
    $add[isclose] = (int) $add[isclose];
    $add[cladd] = (int) $add[cladd];
    $add['refile'] = (int) $add['refile'];
    $add['spfile'] = DoRepFileXg($add['spfile']);
    $add['oldspfile'] = DoRepFileXg($add['oldspfile']);
    $add['spfileline'] = (int) $add['spfileline'];
    $add['spfilesub'] = (int) $add['spfilesub'];
    $add['filepass'] = (int) $add['filepass'];
    $sql = $empire->query("update {$dbtbpre}enewssp set spname='{$add['spname']}',varname='{$add['varname']}',sppic='{$add['sppic']}',spsay='{$add['spsay']}',sptype='{$add['sptype']}',cid='{$add['cid']}',classid='{$add['classid']}',tempid='{$add['tempid']}',maxnum='{$add['maxnum']}',groupid='{$groupid}',userclass='{$userclass}',username='******',isclose='{$add['isclose']}',cladd='{$add['cladd']}',refile='{$add['refile']}',spfile='{$add['spfile']}',spfileline='{$add['spfileline']}',spfilesub='{$add['spfilesub']}' where spid='{$spid}'");
    //更新附件
    UpdateTheFileEditOther(7, $spid, 'other');
    //生成碎片文件
    if ($add['refile']) {
        //旧文件
        if ($add['spfile'] != $add['oldspfile']) {
            DelSpReFile($add['oldspfile']);
        }
        DoSpReFile($add, 0);
    }
    if ($sql) {
        //操作日志
        insert_dolog("spid=" . $spid . "<br>spname=" . $add[spname]);
        printerror("EditSpSuccess", "ListSp.php?cid={$add['fcid']}&fclassid={$add['fclassid']}&fsptype={$add['fsptype']}" . hReturnEcmsHashStrHref2(0));
    } else {
        printerror("DbError", "history.go(-1)");
    }
}
Ejemplo n.º 10
0
function AddMemberFeedback($add)
{
    global $empire, $dbtbpre;
    //验证码
    $keyvname = 'checkspacefbkey';
    ecmsCheckShowKey($keyvname, $add['key'], 1);
    //用户
    $userid = intval($add['userid']);
    $ur = $empire->fetch1("select " . egetmf('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
    if (empty($ur['userid'])) {
        printerror("NotUsername", "", 1);
    }
    //发表者
    $uid = (int) getcvar('mluserid');
    if ($uid) {
        $uname = RepPostVar(getcvar('mlusername'));
    } else {
        $uid = 0;
        $uname = '';
    }
    $uname = RepPostStr($uname);
    $name = RepPostStr($add['name']);
    $company = RepPostStr($add['company']);
    $phone = RepPostStr($add['phone']);
    $fax = RepPostStr($add['fax']);
    $email = RepPostStr($add['email']);
    $address = RepPostStr($add['address']);
    $zip = RepPostStr($add['zip']);
    $title = RepPostStr($add['title']);
    $ftext = RepPostStr($add['ftext']);
    if (!trim($name) || !trim($title) || !trim($ftext)) {
        printerror("EmptyMemberFeedback", "history.go(-1)", 1);
    }
    $addtime = date("Y-m-d H:i:s");
    $ip = egetip();
    $eipport = egetipport();
    $sql = $empire->query("insert into {$dbtbpre}enewsmemberfeedback(name,company,phone,fax,email,address,zip,title,ftext,userid,ip,uid,uname,addtime,eipport) values('{$name}','{$company}','{$phone}','{$fax}','{$email}','{$address}','{$zip}','{$title}','{$ftext}',{$userid},'{$ip}',{$uid},'{$uname}','{$addtime}','{$eipport}');");
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        printerror("AddMemberFeedbackSuccess", $_SERVER['HTTP_REFERER'], 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Ejemplo n.º 11
0
function EditInfoType($add, $userid, $username)
{
    global $empire, $dbtbpre, $emod_r;
    $tid = (int) $add['tid'];
    $tbname = RepPostVar($add['tbname']);
    $mid = (int) $add[mid];
    $typeid = $add['typeid'];
    $tname = $add['tname'];
    $myorder = $add['myorder'];
    $yhid = $add['yhid'];
    $deltypeid = $add['deltypeid'];
    $count = count($typeid);
    if (!$tid || !$tbname || !$mid || !$count) {
        printerror("EmptyInfoTypeName", "history.go(-1)");
    }
    //删除
    $del = 0;
    $ids = '';
    $delcount = count($deltypeid);
    if ($delcount) {
        $dh = '';
        for ($j = 0; $j < $delcount; $j++) {
            $ids .= $dh . intval($deltypeid[$j]);
            $dh = ',';
        }
        $empire->query("delete from {$dbtbpre}enewsinfotype where typeid in (" . $ids . ")");
        if ($emod_r[$mid][tbname]) {
            $empire->query("update {$dbtbpre}ecms_" . $emod_r[$mid][tbname] . " set ttid=0 where ttid in (" . $ids . ")");
        }
        $del = 1;
    }
    //修改
    for ($i = 0; $i < $count; $i++) {
        if (strstr(',' . $ids . ',', ',' . $typeid[$i] . ',')) {
            continue;
        }
        $empire->query("update {$dbtbpre}enewsinfotype set tname='" . $tname[$i] . "',myorder='" . intval($myorder[$i]) . "',yhid='" . intval($yhid[$i]) . "' where typeid='" . intval($typeid[$i]) . "'");
    }
    GetClass();
    //更新缓存
    //操作日志
    insert_dolog("mid=" . $mid . "&del={$del}");
    printerror("EditInfoTypeSuccess", "InfoType.php?tid={$tid}&tbname={$tbname}&mid={$mid}");
}
Ejemplo n.º 12
0
function DelDoLog_date($add, $userid, $username)
{
    global $empire, $dbtbpre;
    //验证权限
    CheckLevel($userid, $username, $classid, "log");
    $start = RepPostVar($add['startday']);
    $end = RepPostVar($add['endday']);
    if (!$start || !$end) {
        printerror('EmptyDelLogTime', '');
    }
    $startday = $start . ' 00:00:00';
    $endday = $end . ' 23:59:59';
    $sql = $empire->query("delete from {$dbtbpre}enewsdolog where logtime<='{$endday}' and logtime>='{$startday}'");
    if ($sql) {
        //操作日志
        insert_dolog("time=" . $start . "~" . $end);
        printerror("DelLogSuccess", "ListDolog.php" . hReturnEcmsHashStrHref2(1));
    } else {
        printerror("DbError", "history.go(-1)");
    }
}
Ejemplo n.º 13
0
function AddMemberGbook($add)
{
    global $empire, $dbtbpre;
    //验证码
    $keyvname = 'checkspacegbkey';
    ecmsCheckShowKey($keyvname, $add['key'], 1);
    //用户
    $userid = intval($add['userid']);
    $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
    if (empty($ur['userid'])) {
        printerror("NotUsername", "", 1);
    }
    //发表者
    $uid = (int) getcvar('mluserid');
    if ($uid) {
        $uname = RepPostVar(getcvar('mlusername'));
    } else {
        $uid = 0;
        $uname = trim($add['uname']);
    }
    $uname = RepPostStr($uname);
    $gbtext = RepPostStr($add['gbtext']);
    if (empty($uname) || !trim($gbtext)) {
        printerror("EmptyMemberGbook", "history.go(-1)", 1);
    }
    $isprivate = intval($add['isprivate']);
    $addtime = date("Y-m-d H:i:s");
    $ip = egetip();
    $eipport = egetipport();
    $sql = $empire->query("insert into {$dbtbpre}enewsmembergbook(userid,isprivate,uid,uname,ip,addtime,gbtext,retext,eipport) values({$userid},{$isprivate},{$uid},'{$uname}','{$ip}','{$addtime}','{$gbtext}','','{$eipport}');");
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        printerror("AddMemberGbookSuccess", $_SERVER['HTTP_REFERER'], 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Ejemplo n.º 14
0
function AddMsg($add)
{
    global $empire, $level_r, $dbtbpre;
    $user = islogin();
    $title = RepPostStr(trim($add['title']));
    $to_username = RepPostVar(trim($add['to_username']));
    $msgtext = RepPostStr($add['msgtext']);
    if (empty($title) || !trim($msgtext) || empty($to_username)) {
        printerror("EmptyMsg", "", 1);
    }
    if ($user['username'] == $to_username) {
        printerror("MsgToself", "", 1);
    }
    //字数
    $len = strlen($msgtext);
    if ($len > $level_r[$user[groupid]][msglen]) {
        printerror("MoreMsglen", "", 1);
    }
    //接收方是否存在
    $r = $empire->fetch1("select " . eReturnSelectMemberF('userid,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$to_username}' limit 1");
    if (!$r['userid']) {
        printerror("MsgNotToUsername", "", 1);
    }
    //对方短消息是否满
    $mnum = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsqmsg where to_username='******'");
    if ($mnum + 1 > $level_r[$r[groupid]][msgnum]) {
        printerror("UserMoreMsgnum", "", 1);
    }
    $msgtime = date("Y-m-d H:i:s");
    $sql = $empire->query("insert into {$dbtbpre}enewsqmsg(title,msgtext,haveread,msgtime,to_username,from_userid,from_username,isadmin,issys) values('" . addslashes($title) . "','" . addslashes($msgtext) . "',0,'{$msgtime}','{$to_username}','{$user['userid']}','{$user['username']}',0,0);");
    $newhavemsg = eReturnSetHavemsg($user['havemsg'], 0);
    $usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('havemsg') . "='{$newhavemsg}' where " . egetmf('username') . "='{$to_username}' limit 1");
    if ($sql) {
        printerror("AddMsgSuccess", "../member/msg/", 1);
    } else {
        printerror("DbError", "", 1);
    }
}
Ejemplo n.º 15
0
function CardGetFen($username, $reusername, $card_no, $password)
{
    global $empire, $dbtbpre;
    $card_no = RepPostVar($card_no);
    $password = RepPostVar($password);
    $username = RepPostVar($username);
    if (!trim($username) || !trim($card_no) || !trim($password)) {
        printerror("EmptyGetCard", "history.go(-1)", 1);
    }
    if ($username != $reusername) {
        printerror("DifCardUsername", "history.go(-1)", 1);
    }
    $user = $empire->fetch1("select " . eReturnSelectMemberF('userid,userdate,username') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
    if (!$user['userid']) {
        printerror("ExiestCardUsername", "history.go(-1)", 1);
    }
    $num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewscard where card_no='" . $card_no . "' and password='******' limit 1");
    if (!$num) {
        printerror("CardPassError", "history.go(-1)", 1);
    }
    //是否过期
    $buytime = date("Y-m-d H:i:s");
    $r = $empire->fetch1("select cardfen,money,endtime,carddate,cdgroupid,cdzgroupid from {$dbtbpre}enewscard where card_no='{$card_no}' limit 1");
    if ($r[endtime] != "0000-00-00") {
        $endtime = to_date($r[endtime]);
        if ($endtime < time()) {
            printerror("CardOutDate", "history.go(-1)", 1);
        }
    }
    //充值
    eAddFenToUser($r[cardfen], $r[carddate], $r[cdgroupid], $r[cdzgroupid], $user);
    $sql1 = $empire->query("delete from {$dbtbpre}enewscard where card_no='{$card_no}'");
    //删除卡号
    //备份购买记录
    BakBuy($user['userid'], $username, $card_no, $r[cardfen], $r[money], $r[carddate], 0);
    printerror("CardGetFenSuccess", "../member/card/", 1);
}
Ejemplo n.º 16
0
	document.images.<?php 
    echo $menuname;
    ?>
img.src="<?php 
    echo $noaddimgurl;
    ?>
";
	</script>
	<?php 
}
//网页标题
$thispagetitle = $public_diyr['pagetitle'] ? $public_diyr['pagetitle'] : '会员中心';
//会员信息
$tmgetuserid = (int) getcvar('mluserid');
//用户ID
$tmgetusername = RepPostVar(getcvar('mlusername'));
//用户名
$tmgetgroupid = (int) getcvar('mlgroupid');
//用户组ID
$tmgetgroupname = '游客';
//会员组名称
if ($tmgetgroupid) {
    $tmgetgroupname = $level_r[$tmgetgroupid]['groupname'];
    if (!$tmgetgroupname) {
        include_once ECMS_PATH . DASHBOARD . '/data/dbcache/MemberLevel.php';
        $tmgetgroupname = $level_r[$tmgetgroupid]['groupname'];
    }
}
//模型
$tgetmid = (int) $_GET['mid'];
?>
Ejemplo n.º 17
0
function MemberConnect_BindUser($userid)
{
    global $empire, $dbtbpre, $public_r;
    $apptype = RepPostVar($_SESSION['apptype']);
    $openid = RepPostVar($_SESSION['openid']);
    if (!trim($apptype) || !trim($openid)) {
        printerror2('来自的链接不存在', '../../../');
    }
    $appr = MemberConnect_CheckApptype($apptype);
    //验证登录方式
    MemberConnect_CheckBindKey($apptype, $openid);
    MemberConnect_InsertBind($apptype, $openid, $userid);
    MemberConnect_ResetVar();
}
Ejemplo n.º 18
0
function Ebak_ReplaceTable($tablename, $oldpre, $newpre, $dbname)
{
    global $empire;
    if (!$oldpre) {
        printerror("EmptyReplaceTablePre", "history.go(-1)");
    }
    $dbname = RepPostVar($dbname);
    $empire->query("use `{$dbname}`");
    $count = count($tablename);
    if (empty($count)) {
        printerror("EmptyChangeTb", "history.go(-1)");
    }
    for ($i = 0; $i < $count; $i++) {
        $newtbname = str_replace($oldpre, $newpre, $tablename[$i]);
        $empire->query("ALTER TABLE `" . $tablename[$i] . "` RENAME `" . $newtbname . "`;");
    }
    printerror("ReplaceTbSuccess", "ChangeTable.php?mydbname={$dbname}");
}
Ejemplo n.º 19
0
function login1($username, $password, $lifetime, $key, $location)
{
    global $empire, $user_tablename, $user_userid, $user_username, $user_password, $user_dopass, $user_group, $user_groupid, $user_rnd, $public_r, $user_salt, $user_saltnum, $dbtbpre, $eloginurl, $user_checked;
    if ($eloginurl) {
        Header("Location:{$eloginurl}");
        exit;
    }
    $dopr = 1;
    if ($_POST['prtype']) {
        $dopr = 9;
    }
    if (!trim($username) || !trim($password)) {
        printerror("EmptyLogin", "history.go(-1)", $dopr);
    }
    //验证码
    $keyvname = 'checkloginkey';
    if ($public_r['loginkey_ok']) {
        ecmsCheckShowKey($keyvname, $key, $dopr);
    }
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    //编码转换
    $utfusername = doUtfAndGbk($username, 0);
    $password = doUtfAndGbk($password, 0);
    //密码
    if (empty($user_dopass)) {
        $password = md5($password);
    }
    if ($user_dopass == 3) {
        $password = substr(md5($password), 8, 16);
    }
    //双重md5
    $num = 0;
    if ($user_dopass == 2) {
        $ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
        $password = md5(md5($password) . $ur[$user_salt]);
        $num = 0;
        if ($password == $ur[$user_password]) {
            $num = 1;
        }
        if (empty($ur[$user_userid])) {
            $num = 0;
        }
    } else {
        $num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='" . $password . "' limit 1");
    }
    if (!$num) {
        printerror("FailPassword", "history.go(-1)", $dopr);
    }
    $r = $empire->fetch1("select * from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
    if ($r[$user_checked] == 0) {
        if ($public_r['regacttype'] == 1) {
            printerror('NotCheckedUser', '../member/register/regsend.php', 1);
        } else {
            printerror('NotCheckedUser', '', 1);
        }
    }
    $time = date("Y-m-d H:i:s");
    $rnd = make_password(12);
    //取得随机密码
    //默认会员组
    if (empty($r[$user_group])) {
        $r[$user_group] = $user_groupid;
    }
    $r[$user_group] = (int) $r[$user_group];
    $usql = $empire->query("update " . $user_tablename . " set " . $user_rnd . "='{$rnd}'," . $user_group . "=" . $r[$user_group] . " where " . $user_userid . "='{$r[$user_userid]}'");
    //设置cookie
    $logincookie = 0;
    if ($lifetime) {
        $logincookie = time() + $lifetime;
    }
    $set1 = esetcookie("mlusername", $username, $logincookie);
    $set2 = esetcookie("mluserid", $r[$user_userid], $logincookie);
    $set3 = esetcookie("mlgroupid", $r[$user_group], $logincookie);
    $set4 = esetcookie("mlrnd", $rnd, $logincookie);
    //登录附加cookie
    AddLoginCookie($r);
    $location = "../member/cp/";
    $returnurl = getcvar('returnurl');
    if ($returnurl) {
        $location = $returnurl;
    }
    if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) {
        $location = "../member/iframe/";
    }
    if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) {
        $location = "../member/cp/";
        $_POST['ecmsfrom'] = '';
    }
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    $set6 = esetcookie("returnurl", "");
    if ($set1 && $set2) {
        $location = DoingReturnUrl($location, $_POST['ecmsfrom']);
        printerror("LoginSuccess", $location, $dopr);
    } else {
        printerror("NotCookie", "history.go(-1)", $dopr);
    }
}
Ejemplo n.º 20
0
function DelMoreGbook($add, $logininid, $loginin)
{
    global $empire, $dbtbpre;
    CheckLevel($logininid, $loginin, $classid, "gbook");
    //验证权限
    //变量处理
    $name = RepPostStr($add['name']);
    $ip = RepPostVar($add['ip']);
    $email = RepPostStr($add['email']);
    $mycall = RepPostStr($add['mycall']);
    $lytext = RepPostStr($add['lytext']);
    $startlyid = (int) $add['startlyid'];
    $endlyid = (int) $add['endlyid'];
    $startlytime = RepPostVar($add['startlytime']);
    $endlytime = RepPostVar($add['endlytime']);
    $checked = (int) $add['checked'];
    $ismember = (int) $add['ismember'];
    $bid = (int) $add['bid'];
    $havere = (int) $add['havere'];
    $where = '';
    //留言分类
    if ($bid) {
        $where .= " and bid='{$bid}'";
    }
    //是否会员
    if ($ismember) {
        if ($ismember == 1) {
            $where .= " and userid=0";
        } else {
            $where .= " and userid>0";
        }
    }
    //留言ID
    if ($endlyid) {
        $where .= ' and lyid BETWEEN ' . $startlyid . ' and ' . $endlyid;
    }
    //发布时间
    if ($startlytime && $endlytime) {
        $where .= " and lytime>='{$startlytime}' and lytime<='{$endlytime}'";
    }
    //是否审核
    if ($checked) {
        $checkval = $checked == 1 ? 0 : 1;
        $where .= " and checked='{$checkval}'";
    }
    //是否回复
    if ($havere) {
        if ($havere == 1) {
            $where .= " and retext<>''";
        } else {
            $where .= " and retext=''";
        }
    }
    //姓名
    if ($name) {
        $where .= " and name like '%{$name}%'";
    }
    //发布IP
    if ($ip) {
        $where .= " and ip like '%{$ip}%'";
    }
    //邮箱
    if ($email) {
        $where .= " and email like '%{$email}%'";
    }
    //电话
    if ($mycall) {
        $where .= " and `mycall` like '%{$mycall}%'";
    }
    //留言内容
    if ($lytext) {
        $where .= " and lytext like '%{$lytext}%'";
    }
    if (!$where) {
        printerror("EmptyDelMoreGbook", "history.go(-1)");
    }
    $where = substr($where, 5);
    $sql = $empire->query("delete from {$dbtbpre}enewsgbook where " . $where);
    insert_dolog("");
    //操作日志
    printerror("DelGbookSuccess", "DelMoreGbook.php" . hReturnEcmsHashStrHref2(1));
}
Ejemplo n.º 21
0
function ReturnSearchAllSql($add)
{
    global $public_r, $class_r;
    //关闭
    if (empty($public_r['openschall'])) {
        printerror("SchallClose", '', 1);
    }
    //关键字
    $keyboard = RepPostVar2($add['keyboard']);
    if (!trim($keyboard)) {
        printerror('EmptySchallKeyboard', '', 1);
    }
    $strlen = strlen($keyboard);
    if ($strlen < $public_r['schallminlen'] || $strlen > $public_r['schallmaxlen']) {
        printerror('SchallMinKeyboard', '', 1);
    }
    $returnr['keyboard'] = ehtmlspecialchars($keyboard);
    $returnr['search'] = "&keyboard=" . $keyboard;
    //字段
    $field = (int) $add['field'];
    if ($field) {
        $returnr['search'] .= "&field=" . $field;
    }
    if ($field == 1) {
        if ($public_r['schallfield'] != 1) {
            printerror('SchallNotOpenTitleText', '', 1);
        }
        $sf = "title,infotext";
    } elseif ($field == 2) {
        if ($public_r['schallfield'] == 3) {
            printerror('SchallNotOpenTitle', '', 1);
        }
        $sf = "title";
    } elseif ($field == 3) {
        if ($public_r['schallfield'] == 2) {
            printerror('SchallNotOpenText', '', 1);
        }
        $sf = "infotext";
    } else {
        $sf = ReturnSearchAllField(0);
    }
    $where = '';
    //栏目
    $classid = RepPostVar($add['classid']);
    if ($classid) {
        $returnr['search'] .= "&classid=" . $classid;
        if (strstr($classid, ",")) {
            $son_r = sys_ReturnMoreClass($classid, 1);
            $where .= '(' . $son_r[1] . ') and ';
        } else {
            $classid = (int) $classid;
            $where .= $class_r[$classid][islast] ? "classid='{$classid}' and " : ReturnClass($class_r[$classid][sonclass]) . ' and ';
        }
    }
    //关键字
    if (strstr($keyboard, ' ')) {
        $andkey = '';
        $keyr = explode(' ', $keyboard);
        $kcount = count($keyr);
        for ($i = 0; $i < $kcount; $i++) {
            if (strlen($keyr[$i]) < $public_r['schallminlen']) {
                continue;
            }
            $kb = SearchAllChangeChar($keyr[$i]);
            //转码
            $kb = SearchReturnSaveStr($kb);
            $kb = RepPostVar2($kb);
            if (!trim($kb)) {
                continue;
            }
            $where .= $andkey . "MATCH(" . $sf . ") AGAINST('" . $kb . "' IN BOOLEAN MODE)";
            $andkey = ' and ';
        }
        if (empty($where)) {
            printerror('SchallMinKeyboard', '', 1);
        }
    } else {
        $keyboard = SearchAllChangeChar($keyboard);
        //转码
        $keyboard = SearchReturnSaveStr($keyboard);
        $keyboard = RepPostVar2($keyboard);
        if (!trim($keyboard)) {
            printerror('EmptySchallKeyboard', '', 1);
        }
        $where .= "MATCH(" . $sf . ") AGAINST('" . $keyboard . "' IN BOOLEAN MODE)";
    }
    $returnr['where'] = $where;
    return $returnr;
}
Ejemplo n.º 22
0
function AddDd($add)
{
    global $empire, $user_tablename, $user_money, $user_userid, $user_userfen, $user_rnd, $public_r, $dbtbpre;
    //验证权限
    ShopCheckAddDdGroup();
    //购物车无内容
    if (!getcvar('mybuycar')) {
        printerror("EmptyBuycar", "history.go(-1)", 1);
    }
    $add[ddno] = RepPostVar($add[ddno]);
    $add[truename] = RepPostStr($add[truename]);
    $add[oicq] = RepPostStr($add[oicq]);
    $add[msn] = RepPostStr($add[msn]);
    $add[call] = RepPostStr($add[call]);
    $add[phone] = RepPostStr($add[phone]);
    $add[email] = RepPostStr($add[email]);
    $add[address] = RepPostStr($add[address]);
    $add[zip] = RepPostStr($add[zip]);
    $add[bz] = RepPostStr($add[bz]);
    $add[g_truename] = RepPostStr($add[g_truename]);
    $add[g_oicq] = RepPostStr($add[g_oicq]);
    $add[g_msn] = RepPostStr($add[g_msn]);
    $add[g_call] = RepPostStr($add[g_call]);
    $add[g_phone] = RepPostStr($add[g_phone]);
    $add[g_email] = RepPostStr($add[g_email]);
    $add[g_address] = RepPostStr($add[g_address]);
    $add[g_zip] = RepPostStr($add[g_zip]);
    $add[fptt] = RepPostStr($add[fptt]);
    $add[fp] = (int) $add[fp];
    $add[psid] = (int) $add[psid];
    $add[payfsid] = (int) $add[payfsid];
    if (!$add[truename] || !$add[call] || !$add[email] || !$add[address] || !$add[g_truename] || !$add[g_call] || !$add[g_address] || !$add[g_email] || !$add[psid] || !$add[payfsid]) {
        printerror("MustEnterSelect", "history.go(-1)", 1);
    }
    $mess = "AddDdSuccess";
    $haveprice = 0;
    $payby = 0;
    //返回购物车存放格式
    $buyr = ReturnBuycardd();
    $alltotal = $buyr[2];
    $alltotalfen = $buyr[1];
    $buycar = $buyr[3];
    //发票
    $fptotal = 0;
    if ($add[fp]) {
        $fptotal = $alltotal * ($public_r[fpnum] / 100);
    }
    //配送方式
    $pr = $empire->fetch1("select pid,pname,price from {$dbtbpre}enewsshopps where pid='{$add['psid']}'");
    if (empty($pr[pid])) {
        printerror("NotPsid", "history.go(-1)", 1);
    }
    //支付方式
    $payr = $empire->fetch1("select payid,payname,payurl,userpay,userfen from {$dbtbpre}enewsshoppayfs where payid='{$add['payfsid']}'");
    if (empty($payr[payid])) {
        printerror("NotPayfsid", "history.go(-1)", 1);
    }
    //取得用户信息
    $userid = (int) getcvar('mluserid');
    $username = RepPostVar(getcvar('mlusername'));
    if ($userid) {
        $rnd = RepPostVar(getcvar('mlrnd'));
        $user = $empire->fetch1("select " . $user_userid . "," . $user_money . "," . $user_userfen . " from " . $user_tablename . " where " . $user_userid . "='{$userid}' and " . $user_rnd . "='{$rnd}' limit 1");
        if (!$user[$user_userid]) {
            printerror("MustSingleUser", "history.go(-1)", 1);
        }
    }
    $location = "../ShopSys/buycar/";
    //直接扣点
    if ($payr[userfen]) {
        if ($buyr[0]) {
            printerror("NotProductForBuyfen", "history.go(-1)", 1);
        } else {
            if ($userid) {
                $buyallfen = $alltotalfen + $pr[price];
                if ($buyallfen > $user[$user_userfen]) {
                    printerror("NotEnoughFenBuy", "history.go(-1)", 1);
                }
                //扣除点数
                $usql = $empire->query("update " . $user_tablename . " set " . $user_userfen . "=" . $user_userfen . "-" . $buyallfen . " where " . $user_userid . "='{$userid}'");
                if ($usql) {
                    $mess = "AddDdSuccessa";
                    $payby = 1;
                    $haveprice = 1;
                }
            } else {
                printerror("NotLoginTobuy", "history.go(-1)", 1);
            }
        }
    } elseif ($payr[userpay]) {
        if ($userid) {
            $buyallmoney = $alltotal + $pr[price] + $fptotal;
            if ($buyallmoney > $user[$user_money]) {
                printerror("NotEnoughMoneyBuy", "history.go(-1)", 1);
            }
            //扣除金额
            $usql = $empire->query("update " . $user_tablename . " set " . $user_money . "=" . $user_money . "-" . $buyallmoney . " where " . $user_userid . "='{$userid}'");
            if ($usql) {
                $mess = "AddDdSuccessa";
                $payby = 2;
                $haveprice = 1;
            }
        } else {
            printerror("NotLoginTobuy", "history.go(-1)", 1);
        }
    } elseif ($payr[payurl]) {
        $mess = "AddDdAndToPaySuccess";
        $location = $payr[payurl];
    } else {
    }
    $ddtime = date("Y-m-d H:i:s");
    $pr[price] = (double) $pr[price];
    $alltotal = (double) $alltotal;
    $alltotalfen = (double) $alltotalfen;
    $fptotal = (double) $fptotal;
    $sql = $empire->query("insert into {$dbtbpre}enewsshopdd(ddno,ddtime,userid,username,outproduct,haveprice,checked,truename,oicq,msn,email,`call`,phone,address,zip,bz,g_truename,g_oicq,g_msn,g_email,g_call,g_phone,g_address,g_zip,buycar,psid,psname,pstotal,alltotal,payfsid,payfsname,payby,alltotalfen,fp,fptt,fptotal) values('{$add['ddno']}','{$ddtime}',{$userid},'{$username}',0,'{$haveprice}',0,'{$add['truename']}','{$add['oicq']}','{$add['msn']}','{$add['email']}','{$add['call']}','{$add['phone']}','{$add['address']}','{$add['zip']}','{$add['bz']}','{$add['g_truename']}','{$add['g_oicq']}','{$add['g_msn']}','{$add['g_email']}','{$add['g_call']}','{$add['g_phone']}','{$add['g_address']}','{$add['g_zip']}','" . addslashes($buycar) . "','{$add['psid']}','{$pr['pname']}',{$pr['price']},{$alltotal},'{$add['payfsid']}','{$payr['payname']}','{$payby}',{$alltotalfen},{$add['fp']},'{$add['fptt']}',{$fptotal});");
    if ($sql) {
        $ddid = $empire->lastid();
        $set = esetcookie("paymoneyddid", $ddid, 0);
        SetBuycar("");
        printerror($mess, $location, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Ejemplo n.º 23
0
Archivo: func.php Proyecto: aising/ding
/**
 * 获取传递的参数
 * @param string $method 接口方法名
 */
function getParaArr($method, $isCheck = false)
{
    $paraArr = array();
    $paraConf = __loadConfig('config_interface_parame');
    $paraKeyArr = $paraConf[$method];
    sort($paraKeyArr);
    foreach ($paraKeyArr as &$value) {
        $paraArr[$value] = requestContext($value);
    }
    if ($isCheck) {
        //获取公用参数
        $sig = isset($_GET['sig']) && RepPostVar($_GET['sig']) ? RepPostVar($_GET['sig']) : '';
        //校验,先对数组转为字符串,然后加上密钥,再与传递过来的Sig比对
        $verifyStr = arrToStr($paraArr, '') . 'secret=' . SECRET;
        if ($sig != md5($verifyStr)) {
            return 0;
        } else {
            return $paraArr;
        }
    } else {
        return $paraArr;
    }
}
Ejemplo n.º 24
0
function AddFeedback($add)
{
    global $empire, $dbtbpre, $level_r, $public_r;
    CheckCanPostUrl();
    //验证来源
    if ($add['bid']) {
        $bid = (int) $add['bid'];
    } else {
        $bid = (int) getcvar('feedbackbid');
    }
    if (empty($bid)) {
        printerror("EmptyFeedbackname", "history.go(-1)", 1);
    }
    //验证码
    $keyvname = 'checkfeedbackkey';
    if ($public_r['fbkey_ok']) {
        ecmsCheckShowKey($keyvname, $add['key'], 1);
    }
    //版面是否存在
    $br = $empire->fetch1("select bid,enter,mustenter,filef,groupid,checkboxf from {$dbtbpre}enewsfeedbackclass where bid='{$bid}';");
    if (empty($br['bid'])) {
        printerror("EmptyFeedback", "history.go(-1)", 1);
    }
    //权限
    if ($br['groupid']) {
        $user = islogin();
        if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
            printerror("HaveNotEnLevel", "history.go(-1)", 1);
        }
    }
    $pr = $empire->fetch1("select feedbacktfile,feedbackfilesize,feedbackfiletype from {$dbtbpre}enewspublic limit 1");
    //必填项
    $mustr = explode(",", $br['mustenter']);
    $count = count($mustr);
    for ($i = 1; $i < $count - 1; $i++) {
        $mf = $mustr[$i];
        if (strstr($br['filef'], "," . $mf . ",")) {
            if (!$pr['feedbacktfile']) {
                printerror("NotOpenFBFile", "", 1);
            }
            if (!$_FILES[$mf]['name']) {
                printerror("EmptyFeedbackname", "", 1);
            }
        } else {
            $chmustval = ReturnFBCheckboxAddF($add[$mf], $mf, $br['checkboxf']);
            if (!trim($chmustval)) {
                printerror("EmptyFeedbackname", "", 1);
            }
        }
    }
    $saytime = date("Y-m-d H:i:s");
    //字段处理
    $dh = "";
    $tranf = "";
    $record = "<!--record-->";
    $field = "<!--field--->";
    $er = explode($record, $br['enter']);
    $count = count($er);
    for ($i = 0; $i < $count - 1; $i++) {
        $er1 = explode($field, $er[$i]);
        $f = $er1[1];
        //附件
        $add[$f] = str_replace('[!#@-', 'ecms', $add[$f]);
        if (strstr($br['filef'], "," . $f . ",")) {
            if ($_FILES[$f]['name']) {
                if (!$pr['feedbacktfile']) {
                    printerror("NotOpenFBFile", "", 1);
                }
                $filetype = GetFiletype($_FILES[$f]['name']);
                //取得文件类型
                if (CheckSaveTranFiletype($filetype)) {
                    printerror("NotQTranFiletype", "", 1);
                }
                if (!strstr($pr['feedbackfiletype'], "|" . $filetype . "|")) {
                    printerror("NotQTranFiletype", "", 1);
                }
                if ($_FILES[$f]['size'] > $pr['feedbackfilesize'] * 1024) {
                    printerror("TooBigQTranFile", "", 1);
                }
                $tranf .= $dh . $f;
                $dh = ",";
                $fval = "[!#@-" . $f . "-@!]";
            } else {
                $fval = "";
            }
        } else {
            $add[$f] = ReturnFBCheckboxAddF($add[$f], $f, $br['checkboxf']);
            $fval = $add[$f];
        }
        $addf .= ",`" . $f . "`";
        $addval .= ",'" . addslashes(RepPostStr($fval)) . "'";
    }
    $type = 0;
    $classid = 0;
    $filename = '';
    $filepath = '';
    $userid = (int) getcvar('mluserid');
    $username = RepPostVar(getcvar('mlusername'));
    $filepass = ReturnTranFilepass();
    //上传附件
    if ($tranf) {
        $dh = "";
        $tranr = explode(",", $tranf);
        $count = count($tranr);
        for ($i = 0; $i < $count; $i++) {
            $tf = $tranr[$i];
            $tfr = DoTranFile($_FILES[$tf]['tmp_name'], $_FILES[$tf]['name'], $_FILES[$tf]['type'], $_FILES[$tf]['size'], $classid);
            if ($tfr['tran']) {
                $filepath = $tfr[filepath];
                //写入数据库
                $filetime = $saytime;
                $filesize = (int) $_FILES[$tf]['size'];
                eInsertFileTable($tfr[filename], $filesize, $tfr[filepath], '[Member]' . $username, $classid, '[FB]' . addslashes(RepPostStr($add[title])), $type, $filepass, $filepass, $public_r[fpath], 0, 4, 0);
                $repfval = ($tfr[filepath] ? $tfr[filepath] . '/' : '') . $tfr[filename];
                $filename .= $dh . $tfr[filename];
                $dh = ",";
            } else {
                $repfval = "";
            }
            $addval = str_replace("[!#@-" . $tf . "-@!]", $repfval, $addval);
        }
    }
    $ip = egetip();
    $eipport = egetipport();
    $sql = $empire->query("insert into {$dbtbpre}enewsfeedback(bid,saytime,ip,filepath,filename,userid,username,haveread,eipport" . $addf . ") values('{$bid}','{$saytime}','{$ip}','{$filepath}','{$filename}','{$userid}','{$username}',0,'{$eipport}'" . $addval . ");");
    $fid = $empire->lastid();
    //更新附件
    UpdateTheFileOther(4, $fid, $filepass, 'other');
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        $reurl = DoingReturnUrl("../tool/feedback/?bid={$bid}", $add['ecmsfrom']);
        printerror("AddFeedbackSuccess", $reurl, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Ejemplo n.º 25
0
function DelMorePl($add, $logininid, $loginin)
{
    global $empire, $dbtbpre, $class_r;
    CheckLevel($logininid, $loginin, $classid, "pl");
    //验证权限
    //变量处理
    $username = RepPostVar($add['username']);
    $sayip = RepPostVar($add['sayip']);
    $startplid = (int) $add['startplid'];
    $endplid = (int) $add['endplid'];
    $startsaytime = RepPostVar($add['startsaytime']);
    $endsaytime = RepPostVar($add['endsaytime']);
    $checked = (int) $add['checked'];
    $ismember = (int) $add['ismember'];
    $classid = (int) $add['classid'];
    $id = RepPostVar($add['id']);
    $where = '';
    //栏目
    if ($classid) {
        if (empty($class_r[$classid][islast])) {
            $cwhere = ReturnClass($class_r[$classid][sonclass]);
        } else {
            $cwhere = "classid='{$classid}'";
        }
        $where .= " and " . $cwhere;
    }
    //信息ID
    if ($id) {
        $idr = explode(',', $id);
        $ids = '';
        $dh = '';
        $count = count($idr);
        for ($i = 0; $i < $count; $i++) {
            $ids .= $dh . intval($idr[$i]);
            $dh = ',';
        }
        $where .= " and id in (" . $ids . ")";
    }
    //是否会员
    if ($ismember) {
        if ($ismember == 1) {
            $where .= " and userid=0";
        } else {
            $where .= " and userid>0";
        }
    }
    //发布者
    if ($username) {
        $where .= " and username like '%{$username}%'";
    }
    //发布IP
    if ($sayip) {
        $where .= " and sayip like '%{$sayip}%'";
    }
    //评论ID
    if ($endplid) {
        $where .= ' and plid BETWEEN ' . $startplid . ' and ' . $endplid;
    }
    //发布时间
    if ($startsaytime && $endsaytime) {
        $where .= " and saytime>='{$startsaytime}' and saytime<='{$endsaytime}'";
    }
    //是否审核
    if ($checked) {
        $checkval = $checked == 1 ? 0 : 1;
        $where .= " and checked='{$checkval}'";
    }
    if (!$where) {
        printerror("EmptyDelMorePl", "history.go(-1)");
    }
    $where = substr($where, 5);
    $sql = $empire->query("select plid,id,classid,stb from {$dbtbpre}enewspl where " . $where);
    $dh = '';
    $b = 0;
    while ($r = $empire->fetch($sql)) {
        $b = 1;
        $startid = $r['plid'];
        if ($class_r[$r[classid]][tbname]) {
            $empire->query("update {$dbtbpre}ecms_" . $class_r[$r[classid]][tbname] . " set plnum=plnum-1 where id='{$r['id']}'");
        }
        $empire->query("delete from {$dbtbpre}enewspl_data_" . $r[stb] . " where plid='{$r['plid']}'");
    }
    $sql = $empire->query("delete from {$dbtbpre}enewspl where " . $where);
    insert_dolog("");
    //操作日志
    printerror("DelPlSuccess", "DelMorePl.php");
}
Ejemplo n.º 26
0
function Ebak_DoEbak($add){
	global $empire,$bakpath,$fun_r,$phome_db_ver;
	$dbname=RepPostVar($add['mydbname']);
	if(empty($dbname))
	{
		printerror("NotChangeDb","history.go(-1)");
	}
	$tablename=$add['tablename'];
	$count=count($tablename);
	if(empty($count))
	{
		printerror("EmptyChangeTb","history.go(-1)");
	}
	$add['baktype']=(int)$add['baktype'];
	$add['filesize']=(int)$add['filesize'];
	$add['bakline']=(int)$add['bakline'];
	$add['autoauf']=(int)$add['autoauf'];
	if((!$add['filesize']&&!$add['baktype'])||(!$add['bakline']&&$add['baktype']))
	{
		printerror("EmptyBakFilesize","history.go(-1)");
	}
	//目录名
	if(empty($add['mypath']))
	{
		$add['mypath']=$dbname."_".date("YmdHis");
	}
    DoMkdir($bakpath."/".$add['mypath']);
	//生成说明文件
	$readme=$add['readme'];
	$rfile=$bakpath."/".$add['mypath']."/readme.txt";
	$readme.="\r\n\r\nBaktime: ".date("Y-m-d H:i:s");
	WriteFiletext_n($rfile,$readme);

	$b_table="";
	$d_table="";
	for($i=0;$i<$count;$i++)
	{
		$b_table.=$tablename[$i].",";
		$d_table.="\$tb[".$tablename[$i]."]=0;\r\n";
    }
	//去掉最后一个,
	$b_table=substr($b_table,0,strlen($b_table)-1);
	$bakstru=(int)$add['bakstru'];
	$bakstrufour=(int)$add['bakstrufour'];
	$beover=(int)$add['beover'];
	$waitbaktime=(int)$add['waitbaktime'];
	$bakdatatype=(int)$add['bakdatatype'];
	if($add['insertf']=='insert')
	{
		$insertf='insert';
	}
	else
	{
		$insertf='replace';
	}
	if($phome_db_ver=='4.0'&&$add['dbchar']=='auto')
	{
		$add['dbchar']='';
	}
	$string="<?php
	\$b_table=\"".$b_table."\";
	".$d_table."
	\$b_baktype=".$add['baktype'].";
	\$b_filesize=".$add['filesize'].";
	\$b_bakline=".$add['bakline'].";
	\$b_autoauf=".$add['autoauf'].";
	\$b_dbname=\"".$dbname."\";
	\$b_stru=".$bakstru.";
	\$b_strufour=".$bakstrufour.";
	\$b_dbchar=\"".addslashes($add['dbchar'])."\";
	\$b_beover=".$beover.";
	\$b_insertf=\"".addslashes($insertf)."\";
	\$b_autofield=\",".addslashes($add['autofield']).",\";
	\$b_bakdatatype=".$bakdatatype.";
	?>";
	$cfile=$bakpath."/".$add['mypath']."/config.php";
	WriteFiletext_n($cfile,$string);
	if($add['baktype'])
	{
		$phome='BakExeT';
	}
	else
	{
		$phome='BakExe';
	}
	echo $fun_r['StartToBak']."<script>self.location.href='phomebak.php?phome=$phome&t=0&s=0&p=0&mypath=$add[mypath]&waitbaktime=$waitbaktime';</script>";
	exit();
}
Ejemplo n.º 27
0
}
//导入设置
$loadfile = RepPostVar($_GET['savefilename']);
if (strstr($loadfile, '.') || strstr($loadfile, '/') || strstr($loadfile, "\\")) {
    $loadfile = '';
}
if (empty($loadfile)) {
    $loadfile = 'def';
}
$loadfile = 'setsave/' . $loadfile;
@(include $loadfile);
if ($dmypath) {
    $mypath = $dmypath;
}
//查询
$keyboard = RepPostVar($_GET['keyboard']);
if (empty($keyboard)) {
    $keyboard = $dkeyboard;
    if (empty($keyboard)) {
        $keyboard = $baktbpre;
    }
}
$and = "";
if ($keyboard) {
    $and = " LIKE '%{$keyboard}%'";
}
$sql = $empire->query("SHOW TABLE STATUS" . $and);
include "lang/dbchar.php";
require LoadAdminTemp('eChangeTable.php');
db_close();
$empire = null;
Ejemplo n.º 28
0
        }
        $pageclassid = $trueclassid;
        $GLOBALS['navclassid'] = $trueclassid;
    }
    if (empty($class_r[$trueclassid][tbname])) {
        printerror('ErrorUrl', '', 1);
    }
    $search .= '&classid=' . $classid;
}
//时间
if ($_GET['endtime']) {
    $starttime = RepPostVar($_GET['starttime']);
    if (empty($starttime)) {
        $starttime = '0000-00-00';
    }
    $endtime = RepPostVar($_GET['endtime']);
    if (empty($endtime)) {
        $endtime = '0000-00-00';
    }
    if ($endtime != '0000-00-00') {
        $add .= " and (newstime BETWEEN '" . to_time($starttime . " 00:00:00") . "' and '" . to_time($endtime . " 23:59:59") . "')";
        $search .= '&starttime=' . $starttime . '&endtime=' . $endtime;
    }
}
//每页显示记录数
$line = (int) $_GET['line'];
if ($line < 1 || $line > 80) {
    $line = intval($public_r['tagslistnum']);
}
if (empty($line)) {
    printerror('ErrorUrl', '', 1);
Ejemplo n.º 29
0
<?php

require "../class/connect.php";
require "../class/db_sql.php";
require "../class/q_functions.php";
require "../data/dbcache/class.php";
require LoadLang("pub/fun.php");
$link = db_connect();
$empire = new mysqlquery();
eCheckCloseMods('pl');
//关闭模块
//用户名
$lusername = getcvar('mlusername');
$lpassword = '';
if ($lusername) {
    $lusername = RepPostVar($lusername);
    $lpassword = md5($lusername);
}
$id = (int) $_GET['id'];
$classid = (int) $_GET['classid'];
//专题
$doaction = $_GET['doaction'] == 'dozt' ? 'dozt' : '';
$rewritedoaction = 'doinfo';
if ($doaction == 'dozt') {
    $rewritedoaction = 'dozt';
    if (empty($classid)) {
        printerror("ErrorUrl", "history.go(-1)", 1);
    }
    $n_r = $empire->fetch1("select ztid,ztname,intro,ztimg,ztpagekey,restb from {$dbtbpre}enewszt where ztid='{$classid}'");
    if (!$n_r['ztid']) {
        printerror("ErrorUrl", "history.go(-1)", 1);
Ejemplo n.º 30
0
$empire = new mysqlquery();
$editor = 1;
//验证用户
$lur = is_login();
$logininid = $lur['userid'];
$loginin = $lur['username'];
$loginrnd = $lur['rnd'];
$loginlevel = $lur['groupid'];
$loginadminstyleid = $lur['adminstyleid'];
//ehash
$ecms_hashur = hReturnEcmsHashStrAll();
//验证权限
CheckLevel($logininid, $loginin, $classid, "f");
$fid = (int) $_GET['fid'];
$tid = (int) $_GET['tid'];
$tbname = RepPostVar($_GET['tbname']);
if (!$fid || !$tid || !$tbname) {
    printerror("ErrorUrl", "history.go(-1)");
}
$fr = $empire->fetch1("select fid,f,fname,isadd,tid,tbname,tbdataf from {$dbtbpre}enewsf where fid='{$fid}'");
if (!$fr[fid]) {
    printerror("ErrorUrl", "history.go(-1)");
}
if (empty($fr[isadd])) {
    printerror("NotIsAdd", "history.go(-1)");
}
$tid = $fr[tid];
$tbname = $fr[tbname];
if ($fr[tbdataf]) {
    $doing = '字段转移到主表';
} else {