if (!defined('SABLOG_ROOT') || !isset($php_self) || !preg_match("/[\\/\\\\]cp\\.php\$/", $php_self)) { exit('Access Denied'); } //权限检查 permission(1); $linkid = (int) $linkid; if ($message) { $messages = array(1 => '该链接已经存在', 2 => '添加链接成功', 3 => '编辑链接成功', 4 => '至少要填写名称和地址', 5 => '选定项目已删除', 6 => '选定项目已启用', 7 => '选定项目已禁用', 8 => '选定项目已设置首页显示', 9 => '选定项目已取消首页显示', 10 => '没有选择任何项目', 11 => '链接不存在'); } !$action && ($action = 'list'); $location = ''; $doit = in_array($doit, array('home', 'page', 'delete', 'enable', 'disable')) ? $doit : ''; if ($action == 'addlink' || $action == 'modlink') { $new_name = char_cv(trim($_POST['new_name'])); $new_url = char_cv(trim($_POST['new_url'])); $new_note = char_cv(trim($_POST['new_note'])); if ($new_name && $new_url) { if ($action == 'addlink') { $query = $DB->query("SELECT COUNT(linkid) FROM {$db_prefix}links WHERE name='{$new_name}' AND url='{$new_url}'"); } else { $query = $DB->query("SELECT COUNT(linkid) FROM {$db_prefix}links WHERE name='{$new_name}' AND url='{$new_url}' AND linkid!='{$linkid}'"); } if ($DB->result($query, 0)) { $location = getlink('link', 'list', array('message' => 1)); } else { if ($action == 'addlink') { $DB->query("INSERT INTO\t{$db_prefix}links (name,url,note,visible) VALUES ('{$new_name}','{$new_url}','{$new_note}','1')"); $location = getlink('link', 'list', array('message' => 2)); } else { $DB->query("UPDATE {$db_prefix}links SET name='{$new_name}', url='{$new_url}', note='{$new_note}' WHERE linkid='{$linkid}'"); $location = getlink('link', 'list', array('message' => 3));
exit('error: 403 该帐户已被禁用'); } else { if ($cur_user['flag'] == 1) { header("content-Type: text/html; charset=UTF-8"); exit('error: 401 该帐户还在审核中'); } } $tip1 = ''; $tip2 = ''; $tip3 = ''; $av_time = ''; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $action = $_POST['action']; if ($action == 'info') { $email = addslashes(filter_chr(trim($_POST['email']))); $url = char_cv(filter_chr(trim($_POST['url']))); $about = addslashes(trim($_POST['about'])); if ($DBS->unbuffered_query("UPDATE yunbbs_users SET email='{$email}', url='{$url}', about='{$about}' WHERE id='{$cur_uid}'")) { //更新缓存 $cur_user['email'] = $email; $cur_user['url'] = $url; $cur_user['about'] = $about; $tip1 = '已成功保存'; } else { $tip1 = '数据库更新失败,修改尚未保存,请稍后再试'; } } else { if ($action == 'avatar') { if ($_FILES['avatar']['size'] && $_FILES['avatar']['size'] < 301000) { $img_info = getimagesize($_FILES['avatar']['tmp_name']); if ($img_info) {
if ($options['gzipcompress'] && extension_loaded('zlib')) { @ob_start('ob_gzhandler'); } else { $options['gzipcompress'] = 0; ob_start(); } !$options['templatename'] && ($options['templatename'] = 'default'); $maxpages = $options['maxpages'] ? $options['maxpages'] : 1000; $options['title'] = $options['name']; $timeoffset = !$options['server_timezone'] || $options['server_timezone'] == '111' ? 0 : $options['server_timezone']; // 系统URL if (!$options['url']) { //HTTP_HOST已经包含端口信息,不必加SERVER_PORT了. $options['url'] = 'http://' . char_cv($_SERVER['HTTP_HOST']) . preg_replace("/\\/+(admin|archiver|tools|wap)?\\/*\$/i", '', substr($php_self, 0, strrpos($php_self, '/'))) . '/'; } else { $options['url'] = str_replace(array('{host}', 'index.php'), array(char_cv($_SERVER['HTTP_HOST']), ''), $options['url']); if (substr($options['url'], -1) != '/') { $options['url'] = $options['url'] . '/'; } } $cachelost = ''; $cachelost .= @(include SABLOG_ROOT . 'data/cache/cache_statistics.php') ? '' : 'statistics,'; $cachelost .= @(include SABLOG_ROOT . 'data/cache/cache_newarticles.php') ? '' : 'newarticles,'; $cachelost .= @(include SABLOG_ROOT . 'data/cache/cache_stick.php') ? '' : 'stick,'; $cachelost .= @(include SABLOG_ROOT . 'data/cache/cache_newcomments.php') ? '' : 'newcomments,'; $cachelost .= @(include SABLOG_ROOT . 'data/cache/cache_categories.php') ? '' : 'categories,'; $cachelost .= @(include SABLOG_ROOT . 'data/cache/cache_archives.php') ? '' : 'archives,'; if ($options['randarticle_num']) { $cachelost .= @(include SABLOG_ROOT . 'data/cache/cache_allarticleids.php') ? '' : 'allarticleids,'; } if ($options['hottags_shownum']) {
if ($type == 'comment') { $sql_query .= " AND c.type='comment'"; $pagelink .= '&type=comment'; $subnav = '评论'; } elseif ($type == 'trackback') { $sql_query .= " AND c.type='trackback'"; $pagelink .= '&type=trackback'; $subnav = '引用'; } if ($articleid) { $article = $DB->fetch_one_array("SELECT title FROM {$db_prefix}articles WHERE articleid='{$articleid}'"); $sql_query .= " AND c.articleid='{$articleid}'"; $pagelink .= '&articleid=' . $articleid; $subnav = '《' . $article['title'] . '》的评论'; } $ip = char_cv($ip); if ($ip) { $frontlen = strrpos($ip, '.'); $ipc = substr($ip, 0, $frontlen); $sql_query .= " AND (c.ipaddress LIKE '%" . $ipc . "%')"; $pagelink .= '&ip=' . $ip; $subnav = '与 ' . $ip . ' 同一C段提交的评论'; } $pagenum = 15; if ($page) { $start_limit = ($page - 1) * $pagenum; } else { $start_limit = 0; $page = 1; } $total = $DB->result($DB->query("SELECT COUNT(commentid) FROM {$db_prefix}comments c {$sql_query}"), 0);
if (getstrlen($v[$i]) > 30) { wap_message('每个关键字不能超过30个字符', array('title' => '重新发表', 'link' => 'index.php?action=addarticle')); } } } } if ($title == '' || getstrlen($title) > 120) { wap_message('标题不能为空并且不能多于120个字节', array('title' => '重新发表', 'link' => 'index.php?action=addarticle')); } if (!$mids) { wap_message('你还没有选择分类', array('title' => '重新发表', 'link' => 'index.php?action=addarticle')); } if (!$content) { wap_message('内容不能为空', array('title' => '重新发表', 'link' => 'index.php?action=addarticle')); } $title = char_cv($title); $r = $DB->result($DB->query("SELECT COUNT(articleid) FROM {$db_prefix}articles WHERE title='{$title}'"), 0); if ($r) { wap_message('数据库中已存在一样的标题了,建议您换一个', array('title' => '重新发表', 'link' => 'index.php?action=addarticle')); } // 插入数据部分 $DB->query("INSERT INTO {$db_prefix}articles (uid, title, content, dateline) VALUES ('{$sax_uid}', '{$title}', '{$content} <br /><br /><span style=\"font-weight:bold;color:#4685C4;background-color:#E9F1F8;\">自 WAP 发表</span>', '{$timestamp}')"); $articleid = $DB->insert_id(); // 关联文章分类 foreach ($mids as $mid) { $DB->unbuffered_query("UPDATE {$db_prefix}metas SET count=count+1 WHERE mid='{$mid}' AND type='category'"); $DB->query("INSERT INTO {$db_prefix}relationships (cid, mid) VALUES ('{$articleid}', '{$mid}')"); } // 插入/更新Tags if ($keywords) { $tagdb = explode(',', $keywords);
//检测密码 if (!$password || getstrlen($password) < 8) { redirect('密码不能为空并且密码长度不能小于8位.', $reg_url); } if ($password != $comfirpassword) { redirect('请确认输入的密码一致.', $reg_url); } if (strpos($password, "\n") !== false || strpos($password, "\r") !== false || strpos($password, "\t") !== false) { redirect('密码包含不可接受字符.', $reg_url); } $username = char_cv($username); $r = $DB->fetch_one_array("SELECT userid FROM {$db_prefix}users WHERE username='******' LIMIT 1"); if ($r['userid']) { redirect('该用户名已被注册.'); } $email = char_cv($email); $r = $DB->fetch_one_array("SELECT userid FROM {$db_prefix}users WHERE email='{$email}' LIMIT 1"); if ($r['userid']) { redirect('该E-mail已被注册.'); } $password = md5($password); $DB->query("INSERT INTO {$db_prefix}users (username, password, logincount, loginip, logintime, email, url, regdateline, regip, groupid, lastip, lastvisit, lastactivity) VALUES ('{$username}', '{$password}', '1', '{$onlineip}', '{$timestamp}', '{$email}', '{$url}', '{$timestamp}', '{$onlineip}', '3', '{$onlineip}', '{$timestamp}', '{$timestamp}')"); $sax_uid = $DB->insert_id(); //保存COOKIE scookie('sax_auth', authcode("{$sax_uid}\t{$password}\t1"), $login_life); //更新数据库中的登陆会话 updatesession(); redirect('注册成功.', $options['url']); } //登陆状态检测 if (!$sax_uid || !$sax_pw || !$sax_logincount) {
if ($page) { $start_limit = ($page - 1) * $pagenum; } else { $start_limit = 0; $page = 1; } $sqladd = ' WHERE 1 '; $pagelink = ''; //察看用户组 if ($groupid && in_array($groupid, array(1, 2, 3))) { $sqladd .= " AND groupid='{$groupid}'"; $pagelink .= '&groupid=' . $groupid; $subnav = $groupdb[$groupid]; } //搜索用户 $srhname = char_cv($srhname); if ($srhname) { $sqladd .= " AND (BINARY username LIKE '%" . str_replace('_', '\\_', $srhname) . "%' OR username='******')"; $pagelink .= '&srhname=' . $srhname; } $usertotal = $DB->result($DB->query("SELECT COUNT(userid) FROM {$db_prefix}users"), 0); $admintotal = $DB->result($DB->query("SELECT COUNT(userid) FROM {$db_prefix}users WHERE groupid='1'"), 0); $editortotal = $DB->result($DB->query("SELECT COUNT(userid) FROM {$db_prefix}users WHERE groupid='2'"), 0); $publictotal = $usertotal - $admintotal - $editortotal; $total = $DB->result($DB->query("SELECT COUNT(userid) FROM {$db_prefix}users " . $sqladd), 0); $multipage = multi($total, $pagenum, $page, 'cp.php?job=user&action=list' . $pagelink); $query = $DB->query("SELECT userid,email,username,url,regdateline,groupid,lastvisit FROM {$db_prefix}users {$sqladd} ORDER BY userid DESC LIMIT {$start_limit}, {$pagenum}"); $userdb = array(); while ($user = $DB->fetch_array($query)) { $user['regdateline'] = sadate('Y-m-d H:i', $user['regdateline'], 1); $user['lastvisit'] = $user['lastvisit'] ? sadate('Y-m-d H:i', $user['lastvisit'], 1) : '从未';
<?php include_once "../check.php"; $ChannelId = char_cv("ChannelId"); $ChannelId = 1; if ($ChannelId) { if (!file_exists(ONEZ_ROOT . './onezdata/cache/channel/' . $ChannelId . '.php')) { exit('Channel Error!'); } else { Channel($ChannelId); } } switch ($action = char_cv("action", "get")) { case "send": mkdirs(ONEZ_ROOT . './onezdata/online'); @touch(ONEZ_ROOT . './onezdata/online/' . $userid); $touser = Char_Cv('touser'); $content = Char_Cv('msg'); $content = oiconv('utf-8', 'gbk', $content); $content = delhtml($content); $content = str_replace("\r\n", '[br]', $content); $content = str_replace("\n", '[br]', $content); if ($setting['badwords']) { $A = $B = array(); foreach (explode("\n", $setting['badwords']) as $v) { $v = Trim($v); if ($v) { $A[] = $v; $B[] = '*'; } }
$state = '禁用'; $location = getlink('template', 'stylevar', array('message' => 7, 'stylevarid' => $stylevarid)); } else { $visible = 1; $state = '启用'; $location = getlink('template', 'stylevar', array('message' => 8, 'stylevarid' => $stylevarid)); } $DB->unbuffered_query("UPDATE {$db_prefix}stylevars SET visible='{$visible}' WHERE stylevarid='{$stylevarid}'"); stylevars_recache(); header("Location: {$location}"); exit; } if ($action == 'addstylevar' || $action == 'modstylevar') { $new_title = strtolower(sax_addslashes($_POST['new_title'])); $new_value = sax_addslashes($_POST['new_value']); $new_description = char_cv($_POST['new_description']); $goaction = str_replace('stylevar', '', $action); if ($new_title) { if (!preg_match("/^[a-z]+[a-z0-9_]*\$/i", $new_title)) { $location = getlink('template', $goaction, array('message' => 9, 'stylevarid' => $stylevarid)); } if ($action == 'addstylevar') { $query = $DB->query("SELECT COUNT(stylevarid) FROM {$db_prefix}stylevars WHERE title='{$new_title}'"); } else { $query = $DB->query("SELECT COUNT(stylevarid) FROM {$db_prefix}stylevars WHERE title='{$new_title}' AND stylevarid!='{$stylevarid}'"); } if ($DB->result($query, 0)) { $location = getlink('template', $goaction, array('message' => 10, 'stylevarid' => $stylevarid)); } else { if ($action == 'addstylevar') { $DB->query("INSERT INTO {$db_prefix}stylevars (title, value, description) VALUES ('{$new_title}', '{$new_value}', '{$new_description}')");
if ($cids) { $aids = get_cids($cids); $query_sql .= " AND articleid IN ({$aids})"; } $query_sql .= " AND ({$sqltxtsrch}) ORDER BY dateline DESC LIMIT 500"; //搜索500个出来足够了.保证效率.反正一般BLOG也没有多少数据. $totals = 0; $ids = $comma = ''; $query = $DB->query($query_sql); while ($article = $DB->fetch_array($query)) { $ids .= $comma . $article['articleid']; $comma = ','; $totals++; } $DB->free_result($query); $DB->query("INSERT INTO {$db_prefix}searchindex (keywords, searchstring, dateline, expiration, totals, ids, ipaddress, uid) VALUES ('" . char_cv($keywords) . "', '{$searchstring}', '{$timestamp}', '" . ($timestamp + 3600) . "', '{$totals}', '{$ids}', '{$onlineip}', '{$sax_uid}')"); $searchid = $DB->insert_id(); } $gourl = getsearchlink($searchid); if ($options['showmsg']) { message('搜索成功完成,现在将转入结果页面.', $gourl); } else { $gourl = str_replace("&", "&", $gourl); @header("Location: " . $gourl); exit; } } } message('未定义操作', $referer); // 检查用户提交内容合法性 function checkcontent($content)
$location = getlink('category', $goaction, array('message' => 2)); } $new_name = char_cv($new_name); if ($action == 'add') { $r = $DB->fetch_one_array("SELECT mid FROM {$db_prefix}metas WHERE type='{$type}' AND name='{$new_name}' LIMIT 1"); } else { $r = $DB->fetch_one_array("SELECT mid FROM {$db_prefix}metas WHERE type='{$type}' AND mid!='{$mid}' AND name='{$new_name}' LIMIT 1"); } if ($r) { $location = getlink('category', $goaction, array('message' => 3)); } if ($new_url) { if (!checkalias($new_url)) { $location = getlink('category', $goaction, array('message' => 4)); } else { $new_url = char_cv($new_url); if ($action == 'add') { $r = $DB->fetch_one_array("SELECT mid FROM {$db_prefix}metas WHERE type='{$type}' AND slug='{$new_url}' LIMIT 1"); } else { $r = $DB->fetch_one_array("SELECT mid FROM {$db_prefix}metas WHERE type='{$type}' AND slug='{$new_url}' AND mid!='{$mid}' LIMIT 1"); } if ($r) { $location = getlink('category', $goaction, array('message' => 5)); } } } else { $new_url = $new_name; } if (!$location) { if ($action == 'add') { insert_meta($new_name, $new_url, $type);