function submitcheck($var, $checksec = 0) { global $_SGLOBAL, $_SCONFIG; if (!empty($_POST[$var]) && $_SERVER['REQUEST_METHOD'] == 'POST') { if ((empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])) && $_POST['formhash'] == formhash()) { if (empty($_SCONFIG['noseccode']) && $checksec) { if (!empty($_POST['seccode'])) { if (ckseccode($_POST['seccode'])) { return true; } showmessage('incorrect_code'); } return false; } else { return true; } } else { showmessage('submit_invalid'); } } else { return false; } }
<?php /** * @package iCMS * @copyright 2007-2010, iDreamSoft * @license http://www.idreamsoft.com iDreamSoft * @author coolmoo <*****@*****.**> */ require_once dirname(__FILE__) . '/config.php'; if (empty($_POST['do'])) { $iCMS->comment((int) $_GET['indexId'], (int) $_GET['mId'], (int) $_GET['sortId']); } elseif ($_POST['do'] == 'save') { require_once iPATH . 'include/UI.class.php'; $frame = $_POST['iframe'] ? true : false; ckseccode($_POST['seccode']) && javascript::json(0, 'error:seccode', $frame); //去除链接 // $contents = preg_replace("/(<a[ \t\r\n]{1,}href=[\"']{0,}http:\/\/[^\/]([^>]*)>)|(<\/a>)/isU","",stripslashes($_POST['commentext'])); // $contents = addslashes(dhtmlspecialchars($contents)); $contents = dhtmlspecialchars($_POST['commentext']); $title = dhtmlspecialchars($_POST['title']); $username = dhtmlspecialchars($_POST['username']); $indexId = (int) $_POST['indexId']; $sortId = (int) $_POST['sortId']; $mId = (int) $_POST['mId']; $quote = (int) $_POST['quote']; $reply = (int) $_POST['reply']; $floor = (int) $_POST['floor']; $anonymous = (int) $_POST['anonymous']; empty($contents) && javascript::json(0, 'comment:empty', $frame); WordFilter($username) && javascript::json(0, 'filter:username', $frame); WordFilter($contents) && javascript::json(0, 'filter:content', $frame);
/** * @package iCMS V3.1 * @copyright 2007-2009, iDreamSoft * @license http://www.idreamsoft.cn iDreamSoft * @author coolmoo <*****@*****.**> */ require_once "global.php"; $do = $_GET['do']; if (empty($do)) { require_once iPATH . "include/function/template.php"; $iCMS->comment((int) $_GET['aid'], (int) $_GET['mid'], (int) $_GET['sortid']); } else { if ($do == 'replay') { $frame = $_POST['iframe'] ? true : false; if ($_POST['action'] == 'save') { ckseccode($_POST['seccode']) && msgJson(0, 'error:seccode', $frame); $username = dhtmlspecialchars($_POST['username']); $password = trim($_POST['password']); $iseditor = (int) $_POST['iseditor']; // //去除链接 $commentext = preg_replace("/(<a[ \t\r\n]{1,}href=[\"']{0,}http:\\/\\/[^\\/]([^>]*)>)|(<\\/a>)/isU", "", stripslashes($_POST['commentext'])); $commentext = str_replace(array('<p> </p>', '<p style="margin: 9px 3px; color: #000000; line-height: 20px; text-align: left"> </p>'), '', $commentext); $commentext = $iseditor ? addslashes(sechtml($commentext)) : addslashes(dhtmlspecialchars($commentext)); $title = dhtmlspecialchars($_POST['title']); $aid = (int) $_POST['aid']; $sortid = (int) $_POST['sortid']; $mid = (int) $_POST['mid']; $quote = (int) $_POST['quote']; WordFilter($username) && msgJson(0, 'filter:username', $frame); WordFilter($commentext) && msgJson(0, 'filter:content', $frame); WordFilter($title) && msgJson(0, 'filter:title', $frame);
function DoRegister() { if (MEMBER_ID != 0 and false == $this->IsAdmin) { $this->Messager('您已经是注册用户,无需再注册!', -1); } $regstatus = jsg_member_register_check_status(); if ($regstatus['error']) { $this->Messager($regstatus['error'], null); } $message = array(); $timestamp = time(); $noemail = 0; $sms_ckret = 0; if ($this->_sms_register()) { $sms_bind_num = $this->Post['sms_bind_num']; $sms_bind_key = $this->Post['sms_bind_key']; $sms_ckret = sms_check_bind_key($sms_bind_num, $sms_bind_key); if ($sms_ckret) { $this->Messager($sms_ckret, -1); } $noemail = jconf::get('sms', 'register_verify', 'noemail'); if ($noemail) { $this->Post['email'] = $sms_bind_num . '@139.com'; } } if ($this->Config['seccode_enable'] == 1 && $this->Config['seccode_register']) { if (!ckseccode(@$_POST['seccode'])) { $this->Messager("验证码输入错误", -1); } } elseif ($this->Config['seccode_enable'] > 1 && $this->Config['seccode_register'] && $this->yxm_title && $this->Config['seccode_pub_key'] && $this->Config['seccode_pri_key']) { $YinXiangMa_response = jlogic('seccode')->CheckYXM(@$_POST['add_YinXiangMa_challenge'], @$_POST['add_YXM_level'][0], @$_POST['add_YXM_input_result']); if ($YinXiangMa_response != "true") { $this->Messager("验证码输入错误", -1); } } $inviter_member = array(); $invite_code = $this->Post['invite_code'] ? $this->Post['invite_code'] : $this->Get['invite_code']; $check_result = jsg_member_register_check_invite($invite_code); if ($regstatus['invite_enable'] && !$regstatus['normal_enable']) { if (!$invite_code) { $this->Messager("本站目前需要有好友邀请链接才能注册。<br><br>看看<a href=\"?mod=topic&code=top\">达人榜</a>中有没有你认识的人,让他给你发一个好友邀请。", null); } if (!$check_result) { $this->Messager("对不起,您访问的邀请链接不正确或者因邀请数已满而失效,请重新与邀请人索取链接。", null); } } if ($check_result['uid'] > 0) { $inviter_member = jsg_member_info($check_result['uid']); } if (!$inviter_member && $this->Config['register_invite_input']) { $inviter_member = jsg_member_info($this->Post['inviter_nickname'], 'nickname'); } $password = $this->Post['password']; $email = $this->Post['email']; $username = $nickname = $this->Post['nickname']; if (strlen($password) < 5) { $this->Messager("密码过短,请设置至少5位", -1); } if ($password != $this->Post['password2']) { $this->Messager("两次输入的密码不相同", -1); } if ($GLOBALS['_J']['plugins']['func']['reg']) { hookscript('reg', 'funcs', array('param' => $this->Post, 'step' => 'check'), 'reg'); } $uid = jsg_member_register($nickname, $password, $email); if ($uid < 1) { $regconf = jconf::get('register'); $rets = array('0' => '【注册失败】有可能是站点关闭了注册功能', '-1' => '帐户/昵称 不合法,含有不允许注册的字符,请尝试更换一个。', '-2' => '帐户/昵称 不允许注册,含有被保留的字符,请尝试更换一个。', '-3' => '帐户/昵称 已经存在了,请尝试更换一个。', '-4' => 'Email 不合法,请输入正确的Email地址。', '-5' => 'Email 不允许注册,请尝试更换一个。', '-6' => 'Email 已经存在了,请尝试更换一个。', '-7' => '您的IP地址 ' . $GLOBALS['_J']['client_ip'] . ' 已经被限制注册了(一个IP地址 ' . $regconf['time_html'] . ' 之内,最多只能注册 ' . $regconf['limit'] . ' 个用户),请稍后再试或联系管理员'); $this->Messager($rets[$uid], null); } $datas = array(); $datas['uid'] = $uid; if ($this->_sms_register()) { $datas['phone'] = $sms_bind_num; } jtable('members')->update($datas); if ($this->_sms_register()) { $_sms_info = _sms_client_user($sms_bind_num); $_sms_sets = array('uid' => $uid, 'username' => $username, 'bind_key' => 0, 'bind_key_time' => 0, 'try_bind_times' => '+1', 'last_try_bind_time' => $timestamp); sms_client_user_update($_sms_sets, $_sms_info); } if ($inviter_member) { jsg_member_register_by_invite($inviter_member['uid'], $uid, $check_result); } $rets = jsg_member_login($uid, $password, 'uid'); $redirect_to = jget('referer'); if (!$redirect_to || $redirect_to == $this->Config['site_url']) { if ($this->Config['reg_email_verify']) { $redirect_to = jurl('index.php?mod=member&code=setverify&ids=' . $uid . '&from=reg'); } elseif ($this->Config['reg_step3_radio']) { $redirect_to = jurl('index.php?mod=member&code=follow_channel'); } elseif ($this->Config['reg_step4_radio']) { $redirect_to = jurl('index.php?mod=member&code=follow_member'); } elseif ($this->Config['reg_step5_radio']) { $redirect_to = jurl('index.php?mod=member&code=add_face'); } elseif ($this->Config['reg_step6_radio']) { $redirect_to = jurl('index.php?mod=member&code=member_profile'); } elseif ($this->Config['reg_step7_radio']) { $redirect_to = jurl('index.php?mod=member&code=do_first_topic'); } else { $redirect_to = jurl('index.php?mod=topic'); } } $this->Messager(NULL, $redirect_to, 0); }
capi_showmessage_by_data('user_name_is_not_legitimate'); } @(include_once S_ROOT . './uc_client/client.php'); $ucresult = uc_user_checkname($username); if ($ucresult == -1) { capi_showmessage_by_data('user_name_is_not_legitimate'); } elseif ($ucresult == -2) { capi_showmessage_by_data('include_not_registered_words'); } elseif ($ucresult == -3) { capi_showmessage_by_data('user_name_already_exists'); } else { capi_showmessage_by_data('succeed'); } } elseif ($op == "checkseccode") { include_once S_ROOT . './source/function_cp.php'; if (ckseccode(trim($_REQUEST['seccode']))) { capi_showmessage_by_data('succeed'); } else { capi_showmessage_by_data('incorrect_code'); } } elseif ($op == "seccode") { //验证码 $seccode = mkseccode(); //设定cookie capi_showmessage_by_data("rest_success", 0, array("seccode_auth" => rawurlencode(authcode($seccode, 'ENCODE')), "seccode" => $seccode)); } //生成随机 function mkseccode() { $seccode = random(6, 1); $s = sprintf('%04s', base_convert($seccode, 10, 24));
if ($_SGLOBAL['supe_uid'] != $blog['uid'] && !checkperm('manageblog')) { showmessage('no_authority_operation_of_the_log'); } } //添加编辑操作 if (submitcheck('blogsubmit')) { if (empty($blog['blogid'])) { $blog = array(); } else { if (!checkperm('allowblog')) { ckspacelog(); showmessage('no_authority_to_add_log'); } } //验证码 if (checkperm('seccode') && !ckseccode($_POST['seccode'])) { showmessage('incorrect_code'); } include_once S_ROOT . './source/function_blog.php'; if ($newblog = blog_post($_POST, $blog)) { if (empty($blog) && $newblog['topicid']) { $url = 'space.php?do=topic&topicid=' . $newblog['topicid'] . '&view=blog'; } else { $url = 'space.php?uid=' . $newblog['uid'] . '&do=blog&id=' . $newblog['blogid']; } showmessage('do_success', $url, 0); } else { showmessage('that_should_at_least_write_things'); } } if ($_GET['op'] == 'delete') {
<?php /** * @package iCMS V3.1 * @copyright 2007-2009, iDreamSoft * @license http://www.idreamsoft.cn iDreamSoft * @author coolmoo <*****@*****.**> */ header('Content-Type: text/html; charset=utf-8'); require_once dirname(__FILE__) . '/../global.php'; require_once iPATH . "admin/admin.class.php"; require_once iPATH . "admin/function.php"; require_once iPATH . 'admin/admincp.lang.php'; $iCMS->rewrite = false; unset($_keywords); $do = $_GET['do']; $operation = !empty($_GET['operation']) && is_string($_GET['operation']) ? trim($_GET['operation']) : ''; $frames = isset($_GET['frames']) ? $_GET['frames'] : $_POST['frames']; $action = $_POST['action']; $Admin = new Admin(); $_GET['do'] == 'logout' && $Admin->logout(__SELF__); if ($action == "login") { ckseccode($_POST['seccode']) && alert('验证码错误!'); $username = $_POST['username']; $password = md5($_POST['password']); } $Admin->checklogin($username, $password); admincp_log(); $Admin->MP("ADMINCP", "ADMINCP_Permission_Denied"); $menu_array = (include iPATH . 'admin/menu.array.php');
} include_once template('all_activate'); } elseif ($op == 'checkcollegeid') { include_once S_ROOT . '../lib/db.class.php'; include_once S_ROOT . '../model/base.php'; $collegeid = trim($_GET['collegeid']); if (empty($collegeid)) { showmessage('collegeid_is_null'); } $result = check_collegeid($collegeid); if ($result == -1) { showmessage('collegeid_is_invalid'); } elseif ($result == -2) { showmessage('collegeid_is_not_legitimate'); } elseif ($result == -3) { showmessage('collegeid_is_active'); } elseif ($result == -4) { showmessage('email_not_exist'); } elseif ($result == -5) { showmessage('mail_not_adequent'); } else { showmessage('succeed'); } } elseif ($op == "checkseccode") { include_once S_ROOT . './source/function_cp.php'; if (ckseccode(trim($_GET['seccode']))) { showmessage('succeed'); } else { showmessage('incorrect_code'); } }
function DoLogin() { if ($this->Config['seccode_enable'] == 1 && $this->Config['seccode_login']) { if (!ckseccode(@$_POST['seccode'])) { $this->Messager("验证码输入错误", -1); } } elseif ($this->Config['seccode_enable'] > 1 && $this->Config['seccode_login'] && $this->yxm_title && $this->Config['seccode_pub_key'] && $this->Config['seccode_pri_key']) { $YinXiangMa_response = jlogic('seccode')->CheckYXM(@$_POST['YinXiangMa_challenge'], @$_POST['YXM_level'][0], @$_POST['YXM_input_result']); if ($YinXiangMa_response != "true") { $this->Messager("验证码输入错误", -1); } } if ($this->Username == "" || $this->Password == "") { $this->Messager("无法登录,用户名或密码不能为空", -1); } $username = $this->Username; $password = $this->Password; $referer = jget('referer'); if (!$referer) { $referer = jsg_getcookie('referer'); } $rets = jsg_member_login($username, $password); $uid = (int) $rets['uid']; if ($uid < 1) { $this->Messager($rets['error'], null); } $member = jsg_member_info(MEMBER_ID); $this->Config['reg_email_verify'] == 1 && $member['email_checked'] == 0 && ($referer = 'index.php?mod=member&code=setverify&ids=' . $uid); $this->Config['email_must_be_true'] == 2 && $member['email_checked'] == 0 && ($referer = 'index.php?mod=member&code=setverify&ids=' . $uid); if ($this->Config['extcredits_enable'] && $uid > 0) { update_credits_by_action('login', $uid); } Load::logic('other'); $otherLogic = new OtherLogic(); $sql = "SELECT m.id as medal_id,m.medal_img,m.medal_name,m.medal_depict,m.conditions,u.dateline,y.apply_id\r\n\t\t\t\tFROM " . TABLE_PREFIX . "medal m\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "user_medal u ON (u.medalid = m.id AND u.uid = '{$uid}')\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "medal_apply y ON (y.medal_id = m.id AND y.uid = '{$uid}')\r\n\t\t\t\tWHERE m.is_open = 1\r\n\t\t\t\tORDER BY u.dateline DESC,m.id"; $query = $this->DatabaseHandler->Query($sql); while (false != ($rs = $query->GetRow())) { $rs['conditions'] = unserialize($rs['conditions']); if (in_array($rs['conditions']['type'], array('topic', 'reply', 'tag', 'invite', 'fans', 'sign')) && !$rs['dateline']) { $result .= $otherLogic->autoCheckMedal($rs['medal_id'], $uid); } } $redirecto = $referer ? $referer : referer(); $redirecto = str_replace('#', '', $redirecto); if ($this->Post['loginType'] == 'share') { $redirecto = $this->Post['return_url']; $this->Messager(null, $redirecto, 0); } if ($this->Post['loginType'] == 'show_login') { $this->Messager(NULL, $redirecto, 0); } if ($rets['uc_syn_html']) { $this->Messager("登录成功{$rets['uc_syn_html']}", $redirecto, 3); } else { $this->Messager(null, $redirecto); } }
* @license http://www.idreamsoft.com iDreamSoft * @author coolmoo <*****@*****.**> */ /*************设置public目录路径**************/ /** ../ 表示global.php文件位于上层目录 */ define('iCMSPATH', '../'); /*********************************************/ /*********************************************/ require_once dirname(__FILE__) . '/' . iCMSPATH . 'global.php'; define('uPATH', dirname(strtr(__FILE__, '\\', '/')) . "/"); define('__USERCP__', __SELF__ . '?mo'); require_once iPATH . 'include/member.class.php'; require_once iPATH . 'admin/function.php'; require_once iPATH . 'include/UI.class.php'; if ($_POST['action'] == "login") { ckseccode($_POST['seccode'], 'U') && javascript::alert('验证码错误!'); } member::checklogin(); class UserCP { function __construct() { global $iCMS, $firstcount, $pagenav; $this->iCMS =& $iCMS; $this->pagenav =& $pagenav; $this->firstcount =& $firstcount; $this->uiBasePath = $iCMS->config['publicURL'] . '/ui'; $this->module = $_GET['mo'] ? $_GET['mo'] : ''; $this->action = isset($_GET['do']) ? $_GET['do'] : $_POST['do']; $this->param = isset($_GET['param']) ? $_GET['param'] : $_POST['param']; empty($this->action) && ($this->action = 'manage');
function quickregister_interface($quickcollegeid, $quickpassword) { //先是验证是否已经激活 $collegeid = trim($quickcollegeid); $collegepw = $quickpassword; $verifyname = verifycollegeid($collegeid, $collegepw); $res_json = array(); if ($verifyname == -1) { $res_json = array('status' => "error", "reason" => 'collegeid_is_null'); } elseif ($verifyname == -2) { $res_json = array('status' => 'error', 'reason' => 'collegepassword_is_null'); } if (empty($verifyname->out->string)) { $res_json = array('status' => 'error', 'reason' => 'verify_fail'); } $username = $collegeid; $password = $collegepw; $query = $_SGLOBAL['db']->query("SELECT identifier,identifier_not_use, realname,birthday, sex, defaultemail, isactive, emaildateline FROM " . tname('baseprofile') . " WHERE collegeid='{$collegeid}' and (usertype like binary '教师' or (usertype between 1 and 5) or usertype like binary '学生') limit 1"); $one = $_SGLOBAL['db']->fetch_array($query); $id = $one['identifier_not_use']; $realname = $one['realname']; $birthday_exist = $one['birthday']; if (strlen($id) == 18) { $birthday_id = substr($id, 6, 8); } elseif (strlen($id) == 16) { $birthday_id = '19' . substr($id, 6, 6); } if ($one) { $wheresql = "0"; if ($id) { $wheresql .= " or identifier_not_use='" . $id . "'"; } if (strlen($birthday_exist) == 8) { $wheresql .= " or (realname='" . $realname . "' and birthday='" . $birthday_exist . "')"; } if ($birthday_id) { $wheresql .= " or (realname='" . $realname . "' and birthday='" . $birthday_id . "')"; } $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('baseprofile') . " WHERE {$wheresql}"); $flagnotactive = 0; $flagactive = 0; $userlines = $recordids = array(); $c_uid = 0; while ($row = $_SGLOBAL['db']->fetch_array($query)) { $userlines[] = $row; if ($row['isactive'] == '1') { $flagactive = 1; } else { $flagnotactive = 1; $recordids[] = $row['userid']; } if ($row['uid']) { if (!$c_uid) { $c_uid = $row['uid']; } elseif ($c_uid != $row['uid']) { $act_err = 1; } } } //如果一个人激活了多个ihome账号时,系统将向ihome邮箱发送检查邮件 if ($act_err) { $title = cplang('active_different_uids_title'); $content = $collegeid . " " . $realname . " " . cplang('active_different_uids_content'); $cid = inserttable('mailcron', array('email' => '*****@*****.**'), 1); $setarr = array('cid' => $cid, 'subject' => addslashes(stripslashes($title)), 'message' => addslashes(stripslashes($content)), 'dateline' => $_GLOBAL['timestamp']); inserttable('mailqueue', $setarr); } //如果既有激活的 也有没激活的 更新没激活的信息 if ($flagactive == 1 && $flagnotactive == 1) { $useridlist = implode(',', $recordids); $_SGLOBAL['db']->query("UPDATE " . tname('baseprofile') . " SET isactive=1, uid={$c_uid} WHERE userid in ({$useridlist})"); foreach ($userlines as $value) { if ($value['isactive'] != '1') { if ($value['academy']) { if ($value['usertype'] == '教师' || $value['usertype'] == 5 || $value['usertype'] == 4) { $workinfo = array('uid' => $c_uid, 'type' => 'work', 'title' => '北京航空航天大学', 'subtitle' => $value['academy'], 'startyear' => $value['startyear'], 'city' => '北京'); inserttable('spaceinfo', $workinfo, 1); } if (strlen($value['collegeid']) != 5 && strlen($value['collegeid']) != 6) { if (!in_array($value['collegeid'], $collegeids)) { $collegeids[] = $value['collegeid']; $eduinfo = array('uid' => $c_uid, 'type' => 'edu', 'title' => '北京航空航天大学', 'subtitle' => $value['academy'], 'startyear' => $value['startyear']); inserttable('spaceinfo', $eduinfo, 1); } } } } } $res_json = array("status" => "error", "indentifier is active"); } elseif ($flagactive == 1) { $res_json = array("status" => "error", "indentifier is active"); } } else { $res_json = array('status' => "error", "reason" => "Please use correct register method!"); } if ($_SCONFIG['seccode_register']) { include_once S_ROOT . '../source/function_cp.php'; if (!ckseccode($_POST['quickseccode'])) { $res_json = array("status" => "error", "reason" => 'incorrect_code'); } } if (!@(include_once S_ROOT . '../uc_client/client.php')) { $res_json = array("status" => "error", "reason" => 'system_error'); } $email = isemail(trim($_POST['quickemail'])) ? trim($_POST['quickemail']) : ''; if (empty($email)) { $res_json = array('status' => 'error', 'reason' => 'email_format_is_wrong'); } if ($count = getcount('space', array('username' => $username))) { $res_json = array('status' => 'error', 'reason' => 'user_name_already_exists'); } if ($count = getcount('spacefield', array('email' => $email))) { $res_json = array('status' => 'error', 'reason' => 'email_has_been_registered'); } $onlineip = getonlineip(); if ($_SCONFIG['regipdate']) { $query = $_SGLOBAL['db']->query("SELECT dateline FROM " . tname('space') . " WHERE regip='{$onlineip}' ORDER BY dateline DESC LIMIT 1"); if ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($_SGLOBAL['timestamp'] - $value['dateline'] < $_SCONFIG['regipdate'] * 3600) { $res_json = array('status' => 'regip_has_been_registered'); } } } //验证完成 //创建新用户.开始 $newuid = uc_user_register($username, $password, $email); if ($newuid <= 0) { if ($newuid == -1) { $res_json = array('status' => 'error', 'reason' => 'user_name_is_not_legitimate'); } elseif ($newuid == -2) { $res_json = array('status' => 'error', 'reason' => 'include_not_registered_words'); } elseif ($newuid == -3) { $res_json = array('status' => 'error', 'reason' => 'user_name_already_exists'); } elseif ($newuid == -4) { $res_json = array('status' => 'error', 'reason' => 'email_format_is_wrong'); } elseif ($newuid == -5) { $res_json = array('status' => 'error', 'reason' => 'email_not_registered'); } elseif ($newuid == -6) { $res_json = array('status' => 'error', 'reason' => 'email_has_been_registered'); } else { $res_json = array('status' => 'error', 'reason' => 'register_error'); } } else { //检查uid是否在ucenter里面,如果不在,就采取野蛮方式插入新纪录 $q = $_SGLOBAL['db']->query("SELECT uid FROM ihomeuser_members WHERE uid='{$newuid}'"); $members_match = $_SGLOBAL['db']->fetch_array($q); $members_match = $members_match['uid']; $q = $_SGLOBAL['db']->query("SELECT uid FROM ihomeuser_memberfields WHERE uid='{$newuid}'"); $memberfields_match = $_SGLOBAL['db']->fetch_array($q); $memberfields_match = $memberfields_match['uid']; if (!$members_match && !$memberfields_match) { $salt = substr(uniqid(rand()), -6); $hhpassword = md5(md5($password) . $salt); $sqladd = "uid='" . intval($newuid) . "',"; $sqladd .= " secques='',"; $_SGLOBAL['db']->query("INSERT INTO ihomeuser_members SET {$sqladd} username='******', password='******', email='{$email}', regip='" . $_SERVER["HTTP_X_FORWARDED_FOR"] . "', regdate='" . time() . "', salt='{$salt}'"); $_SGLOBAL['db']->query("INSERT INTO ihomeuser_memberfields SET uid='{$newuid}'"); } $setarr = array('uid' => $newuid, 'username' => $username, 'password' => md5($password)); inserttable('member', $setarr, 0, true); //add action log inserttable('actionlog', array('uid' => "{$newuid}", 'dateline' => "{$_SGLOBAL['timestamp']}", 'action' => 'register', 'value' => 'quick')); include_once S_ROOT . './source/function_space.php'; $space = space_open($newuid, $username, 0, $email); //默认好友 $flog = $inserts = $fuids = $pokes = array(); if (!empty($_SCONFIG['defaultfusername'])) { $query = $_SGLOBAL['db']->query("SELECT uid,username FROM " . tname('space') . " WHERE\tusername IN (" . simplode(explode(',', $_SCONFIG['defaultfusername'])) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $value = saddslashes($value); $fuids[] = $value['uid']; $inserts[] = "('{$newuid}','{$value['uid']}','{$value['username']}','1','{$_SGLOBAL['timestamp']}')"; $inserts[] = "('{$value['uid']}','{$newuid}','{$username}','1','{$_SGLOBAL['timestamp']}')"; $pokes[] = "('{$newuid}','{$value['uid']}','{$value['username']}','" . addslashes($_SCONFIG['defaultpoke']) . "','{$_SGLOBAL['timestamp']}')"; $flog[] = "('{$value['uid']}','{$newuid}','add','{$_SGLOBAL['timestamp']}')"; } if ($inserts) { $_SGLOBAL['db']->query("REPLACE INTO " . tname('friend') . " (uid,fuid,fusername,status,dateline) VALUES " . implode(',', $inserts)); $_SGLOBAL['db']->query("REPLACE INTO " . tname('poke') . " (uid,fromuid,fromusername,note,dateline) VALUES " . implode(',', $pokes)); $_SGLOBAL['db']->query("REPLACE INTO " . tname('friendlog') . " (uid,fuid,action,dateline) VALUES " . implode(',', $flog)); //添加到附加表 $friendstr = empty($fuids) ? '' : implode(',', $fuids); updatetable('space', array('friendnum' => count($fuids), 'pokenum' => count($pokes)), array('uid' => $newuid)); updatetable('spacefield', array('friend' => $friendstr, 'feedfriend' => $friendstr), array('uid' => $newuid)); //更新默认用户好友缓存 include_once S_ROOT . '../source/function_cp.php'; foreach ($fuids as $fuid) { friend_cache($fuid); } } } //好友邀请 if ($invitearr) { include_once S_ROOT . '../source/function_cp.php'; invite_update($invitearr['id'], $setarr['uid'], $setarr['username'], $invitearr['uid'], $invitearr['username'], $app); //如果提交的邮箱地址与邀请相符的则直接通过邮箱验证 if ($invitearr['email'] == $email) { updatetable('spacefield', array('emailcheck' => 1), array('uid' => $newuid)); } //统计更新 include_once S_ROOT . '../source/function_cp.php'; if ($app) { updatestat('appinvite'); } else { updatestat('invite'); } } //标记为已激活,并反写uid if ($recordids) { $useridlist = implode(',', $recordids); $_SGLOBAL['db']->query("UPDATE " . tname('baseprofile') . " SET isactive=1, uid={$newuid} WHERE userid in ({$useridlist})"); } $insertinfo = array('identifier' => $one['identifier'], 'realname' => $realname, 'defaultemail' => $one['defaultemail']); //获得用户生日数据 //$decid = M_decode($value['identifier'], aeskeyA); $UserBirthday = ''; if ($birthday_id) { $UserBirthday = $birthday_id; } elseif ($birthday_exist) { $UserBirthday = $birthday_exist; } if ($UserBirthday) { $insertinfo['birthyear'] = intval(substr($UserBirthday, 0, 4)); $insertinfo['birthmonth'] = intval(substr($UserBirthday, 4, 2)); $insertinfo['birthday'] = intval(substr($UserBirthday, 6, 2)); } if ($one['sex'] == '男') { $sexc = 1; } else { if ($one['sex'] == '女') { $sexc = 2; } else { $sexc = 0; } } $insertinfo['sex'] = $sexc; //print_r($insertinfo);exit(); //更新spacefield updatetable('spacefield', $insertinfo, array('uid' => $newuid)); if ($insertinfo['birthyear'] && $insertinfo['birthmonth'] && $insertinfo['birthday']) { $_SGLOBAL['db']->query("INSERT INTO " . tname('spaceinfo') . " (type,subtype,uid,friend) VALUES ('base','birth'," . $newuid . ",3)"); } //更新space $space = array('uid' => $newuid, 'name' => $realname, 'namestatus' => 1); //print_r($space); //exit(); updatetable('space', $space, array('uid' => $newuid)); foreach ($userlines as $value) { if ($value['isactive'] != '1') { if ($value['academy']) { if ($value['usertype'] == '教师' || $value['usertype'] == 5 || $value['usertype'] == 4) { $workinfo = array('uid' => $newuid, 'type' => 'work', 'title' => '北京航空航天大学', 'subtitle' => $value['academy'], 'startyear' => $value['startyear'], 'city' => '北京'); inserttable('spaceinfo', $workinfo, 1); } if (strlen($value['collegeid']) != 5 && strlen($value['collegeid']) != 6) { if (!empty($value['class']) && !empty($value['startyear'])) { $eduinfo = array('uid' => $newuid, 'type' => 'edu', 'title' => '北京航空航天大学', 'subtitle' => $value['academy'] . $value['startyear'] . '级' . $value['class'] . '班', 'startyear' => $value['startyear']); $tagname = $value['startyear'] . '年' . $value['class'] . '班'; auto_join($newuid, $tagname, $_SGLOBAL['db']); inserttable('spaceinfo', $eduinfo, 1); } } } } } //毕业校友的就业信息 $query1 = $_SGLOBAL['db']->query("SELECT * FROM " . tname('stuemp') . " WHERE collegeid='{$value['collegeid']}'"); if ($value1 = $_SGLOBAL['db']->fetch_array($query1)) { $setarr1 = array('uid' => $newuid, 'type' => 'work', 'title' => $value['unit'], 'province' => $value['province'], 'city' => $value['city']); inserttable('spaceinfo', $setarr1, 1); } //变更记录 if ($_SCONFIG['my_status']) { inserttable('userlog', array('uid' => $newuid, 'action' => 'add', 'dateline' => $_SGLOBAL['timestamp']), 0, true); } //创建新用户结束 $res_json = array('status' => 'correct', 'uid' => $newuid, 'username' => $username, 'password' => $password, 'email' => $email); } //自动为用户添加好友 if ($userlines) { autobefriends($userlines, $newuid, $_POST['username']); } echo json_encode($res_json); return json_encode($res_json); }
<?php /** * @package iCMS * @copyright 2007-2010, iDreamSoft * @license http://www.idreamsoft.com iDreamSoft * @author coolmoo <*****@*****.**> */ require_once dirname(__FILE__) . '/../global.php'; define('__ADMINCP__', __SELF__ . '?mo'); error_reporting(E_ALL ^ E_NOTICE); iCMS_DB::$show_errors = true; require_once iPATH . 'include/member.class.php'; require_once iPATH . 'include/forum.class.php'; require_once iPATH . 'admin/function.php'; require_once iPATH . 'admin/admincp.lang.php'; require_once iPATH . 'include/UI.class.php'; require_once iPATH . 'admin/menu.class.php'; require_once iPATH . 'admin/admincp.class.php'; //admincp_log(); if ($_POST['action'] == "login") { ckseccode($_POST['seccode'], 'B') && javascript::alert("验证码错误!", 'js:parent.$("#seccodeimg").click();'); } member::$isAdmin = true; member::checklogin(); member::MP("ADMINCP", "ADMINCP_Permission_Denied");
function Login() { $username = trim(jget('username')); $password = jget('password'); if ($this->Config['seccode_enable'] == 1 && $this->Config['seccode_login']) { if (!ckseccode(@$_POST['seccode'])) { json_error("验证码输入错误"); } } elseif ($this->Config['seccode_enable'] > 1 && $this->Config['seccode_login'] && $this->yxm_title && $this->Config['seccode_pub_key'] && $this->Config['seccode_pri_key']) { $YinXiangMa_response = jlogic('seccode')->CheckYXM(@$_POST['YinXiangMa_challenge'], @$_POST['YXM_level'][0], @$_POST['YXM_input_result']); if ($YinXiangMa_response != "true") { json_error("验证码输入错误"); } } if ($username == "" || $password == "") { json_error("无法登录,用户名或密码不能为空"); } if ($this->Config['login_by_uid']) { is_numeric($username) && json_error("禁止使用UID登录"); } if ($GLOBALS['_J']['plugins']['func']['login']) { hookscript('login', 'funcs', array('param' => $this->Post, 'step' => 'check'), 'login'); } $referer = jget('referer'); if (!$referer) { $referer = jsg_getcookie('referer'); } $rets = jsg_member_login($username, $password); $uid = (int) $rets['uid']; if ($uid < 1) { json_error($rets['error']); } $member = jsg_member_info($uid); $this->Config['email_must_be_true'] == 2 && $member['email_checked'] == 0 && ($referer = 'index.php?mod=member&code=setverify&ids=' . $uid); if ($this->Config['extcredits_enable'] && $uid > 0) { update_credits_by_action('login', $uid); } Load::logic('other'); $otherLogic = new OtherLogic(); $sql = "SELECT m.id as medal_id,m.medal_img,m.medal_name,m.medal_depict,m.conditions,u.dateline,y.apply_id\r\n\t\t\t\tFROM " . TABLE_PREFIX . "medal m\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "user_medal u ON (u.medalid = m.id AND u.uid = '{$uid}')\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "medal_apply y ON (y.medal_id = m.id AND y.uid = '{$uid}')\r\n\t\t\t\tWHERE m.is_open = 1\r\n\t\t\t\tORDER BY u.dateline DESC,m.id"; $query = $this->DatabaseHandler->Query($sql); while (false != ($rs = $query->GetRow())) { $rs['conditions'] = unserialize($rs['conditions']); if (in_array($rs['conditions']['type'], array('topic', 'reply', 'tag', 'invite', 'fans')) && !$rs['dateline']) { $result .= $otherLogic->autoCheckMedal($rs['medal_id'], $uid); } } $redirecto = $referer ? $referer : referer(); if (!$redirecto || strpos($redirecto, 'login') !== false) { $redirecto = "index.php?"; } $redirecto = str_replace('#', '', $redirecto); if ($rets['uc_syn_html']) { json_result("登录成功{$rets['uc_syn_html']}", $redirecto); } else { json_result('登录成功', $redirecto); } }
$url_plus = "uid={$uid}&invite={$invite}"; } //没有登录表单 $_SGLOBAL['nologinform'] = 1; if (capi_submitcheck('loginsubmit')) { $password = $_REQUEST['password']; $username = trim($_REQUEST['username']); $cookietime = intval($_REQUEST['cookietime']); $cookiecheck = $cookietime ? ' checked' : ''; $membername = $username; if (empty($_REQUEST['username'])) { capi_showmessage_by_data('users_were_not_empty_please_re_login'); } if ($_SCONFIG['seccode_login']) { include_once S_ROOT . './source/function_cp.php'; if (!ckseccode($_REQUEST['seccode'])) { $_SGLOBAL['input_seccode'] = 1; include template('do_login'); exit; } } //同步获取用户源 if (!($passport = getpassport($username, $password))) { capi_showmessage_by_data('login_failure_please_re_login', 1, 'do.php?ac=' . $_SCONFIG['login_action']); } $setarr = array('uid' => $passport['uid'], 'username' => addslashes($passport['username']), 'password' => md5("{$passport['uid']}|{$_SGLOBAL['timestamp']}")); include_once S_ROOT . './source/function_space.php'; //开通空间 $query = $_SGLOBAL['db']->query("SELECT s.*, sf.* FROM " . tname('space') . " s LEFT JOIN " . tname('spacefield') . " sf ON sf.uid=s.uid WHERE s.uid='{$setarr['uid']}'"); if (!($space = $_SGLOBAL['db']->fetch_array($query))) { $space = space_open($setarr['uid'], $setarr['username'], 0, $passport['email']);
break; case 'login': $iCMS->assign('forward', __REF__); $iCMS->iPrint("usercp/login.htm", "login"); break; case 'logout': set_cookie("user", '', -31536000); set_cookie("seccode", '', -31536000); set_cookie("username", '', -31536000); break; default: require_once iPATH . 'include/UI.class.php'; $action = $_POST['action']; //$forward= $_POST['forward']; if ($action == 'register') { ckseccode($_POST['seccode']) && javascript::json('seccode', 'error:seccode'); $username = dhtmlspecialchars($_POST['username']); $email = dhtmlspecialchars($_POST['email']); !preg_match("/^([\\w\\.-]+)@([a-zA-Z0-9-]+)(\\.[a-zA-Z\\.]+)\$/i", $email) && javascript::json('email', 'register:emailerror'); WordFilter($username) && javascript::json('username', 'filter:username'); iCMS_DB::getValue("SELECT uid FROM `#iCMS@__members` where `username`='{$username}'") && javascript::json('username', 'register:usernameusr'); $password = md5(trim($_POST['password'])); $pwdrepeat = md5(trim($_POST['pwdrepeat'])); $password != $pwdrepeat && javascript::json('pwdrepeat', 'register:different'); $gender = intval($_POST['gender']); $nickname = dhtmlspecialchars($_POST['nickname']); cstrlen($nickname) > 12 && javascript::json(0, 'register:nicknamelong'); $info = array(); $_POST['icq'] && ($info['icq'] = intval($_POST['icq'])); $_POST['home'] && ($info['home'] = dhtmlspecialchars(stripslashes($_POST['home']))); $_POST['year'] && ($info['year'] = intval($_POST['year']));
function SmsSend() { if (!sms_init()) { $this->Messager('还没有开启手机短信功能', null); } $act_name = '请输入手机验证码'; $rets = array(); $key = jget('key', 'txt'); $gsms = jget('sms', 'txt'); if ($key && $gsms) { $sms = $gsms; $act_name = '请重新输入手机验证码'; } else { if ($this->Config['seccode_enable'] == 1 && $this->Config['seccode_password']) { if (!ckseccode(@$_POST['seccode'])) { $this->Messager("验证码输入错误", -1); } } elseif ($this->Config['seccode_enable'] > 1 && $this->Config['seccode_password'] && $this->yxm_title && $this->Config['seccode_pub_key'] && $this->Config['seccode_pri_key']) { $YinXiangMa_response = jlogic('seccode')->CheckYXM(@$_POST['add_YinXiangMa_challenge'], @$_POST['add_YXM_level'][0], @$_POST['add_YXM_input_result']); if ($YinXiangMa_response != "true") { $this->Messager("验证码输入错误", -1); } } $sms = jpost('sms', 'txt'); $rets = sms_send_verify($sms); } if ($rets['error']) { $this->Messager($rets['result']); } else { include template('get_password_sms_send'); } }
<?php require_once "global.php"; require_once iPATH . "include/function/template.php"; $do = $_GET['do']; if (empty($do)) { $iCMS->iPrint("iSYSTEM", "register"); } elseif ($do == 'post') { if ($_POST['action'] == 'save') { ckseccode($_POST['seccode']) && msgJson('seccode', 'error:seccode'); $username = dhtmlspecialchars($_POST['username']); WordFilter($username) && msgJson('username', 'filter:username'); cstrlen($username) < 3 && msgJson('username', 'register:usernameShort'); cstrlen($username) > 12 && msgJson('username', 'register:usernameLong'); $iCMS->db->getValue("SELECT uid FROM `#iCMS@__members` where `username`='{$username}'") && msgJson('username', 'register:usernameusr'); $password = md5(trim($_POST['password'])); $pwdrepeat = md5(trim($_POST['pwdrepeat'])); $password != $pwdrepeat && msgJson('pwdrepeat', 'register:different'); $_POST['email'] && !eregi("^([_\\.0-9a-z-]+)@([0-9a-z][0-9a-z-]+)\\.([a-z]{2,6})\$", $_POST['email']) && msgJson('email', 'register:emailerror'); $email = $_POST['email']; $gender = intval($_POST['gender']); $nickname = dhtmlspecialchars($_POST['nickname']); // cstrlen($info['nickname'])>12 && msgJson(0,'register:nicknamelong'); $_POST['icq'] && ($info['icq'] = intval($_POST['icq'])); $_POST['home'] && ($info['home'] = dhtmlspecialchars(stripslashes($_POST['home']))); $_POST['year'] && ($info['year'] = intval($_POST['year'])); $_POST['month'] && ($info['month'] = intval($_POST['month'])); $_POST['day'] && ($info['day'] = intval($_POST['day'])); $_POST['from'] && ($info['from'] = dhtmlspecialchars(stripslashes($_POST['from']))); $_POST['signature'] && ($info['signature'] = dhtmlspecialchars(stripslashes($_POST['signature']))); $info = empty($info) ? '' : addslashes(serialize($info));
if ($topicid) { $topic = topic_get($topicid); } if ($topic) { $actives = array('share' => ' class="active"'); } $_SGLOBAL['refer'] = 'space.php?do=share&view=me'; $type = 'link'; $_GET['op'] = 'link'; break; } // add share if (submitcheck('sharesubmit')) { $_POST['topicid'] = topic_check($_POST['topicid'], 'share'); //Verification code if ($type == 'link' && checkperm('seccode') && !ckseccode($_POST['seccode'])) { showmessage('incorrect_code'); } if (empty($_POST['refer'])) { $_POST['refer'] = "space.php?do=share&view=me"; } if ($type == 'link') { $link = shtmlspecialchars(trim($_POST['link'])); if ($link) { if (!preg_match("/^(http|ftp|https|mms)\\:\\/\\/.{4,300}\$/i", $link)) { $link = ''; } } if (empty($link)) { showmessage('url_incorrect_format'); }
if ($status == -1) { //视频认证 if ($tospace['videostatus']) { ckvideophoto('friend', $tospace); } if (empty($_SGLOBAL['check_bot'])) { $before_time = $_SGLOBAL['timestamp'] - 10 * 60; $query = $_SGLOBAL['db']->query("select count(*) from " . tname('friend') . " where status = 0 and dateline > {$before_time}"); if ($item = $_SGLOBAL['db']->fetch_array($query)) { if ($item['count(*)'] >= 10) { $_SGLOBAL['check_bot'] = 1; } } } if (submitcheck('addsubmit')) { if ($_SGLOBAL['check_bot'] && !ckseccode($_POST['seccode'])) { showmessage('incorrect_code'); } $setarr = array('uid' => $_SGLOBAL['supe_uid'], 'fuid' => $uid, 'fusername' => addslashes($tospace['username']), 'gid' => intval($_POST['gid']), 'note' => getstr($_POST['note'], 50, 1, 1), 'dateline' => $_SGLOBAL['timestamp']); inserttable('friend', $setarr); //if I am a publicpage, and the user follow me, then be friends directly. //by xuxing@ihome. 2013-4-28 if ($_SGLOBAL['member']['groupid'] == 3 && in_array($uid, explode(',', $_SGLOBAL['member']['aud']))) { //showmessage($space['uid'].'---'.$space['username'].'----'.$tospace['uid'].'---'.$tospace['username']); friend_update($tospace['uid'], $tospace['username'], $space['uid'], $space['username'], 'add', 0); notification_add($tospace['uid'], 'friend', cplang('note_friend_add')); showmessage('friends_add', $_POST['refer'], 1, array($_SN[$tospace['uid']])); exit; } //end by xuxing. //发送邮件通知
case 'logout': member::cleancookie(); break; default: require_once iPATH . 'include/UI.class.php'; $action = $_POST['action']; //$forward= $_POST['forward']; if ($action == 'register') { ckseccode($_POST['seccode'], 'U') && javascript::json('seccode', 'error:seccode'); $username = dhtmlspecialchars($_POST['username']); !preg_match("/^([\\w\\.-]+)@([a-zA-Z0-9-]+)(\\.[a-zA-Z\\.]+)\$/i", $username) && javascript::json('username', 'register:emailerror'); iCMS_DB::getValue("SELECT uid FROM `#iCMS@__members` where `username`='{$username}'") && javascript::json('username', 'register:emailusr'); $password = md5(trim($_POST['password'])); $pwdrepeat = md5(trim($_POST['pwdrepeat'])); $password != $pwdrepeat && javascript::json('pwdrepeat', 'register:different'); $nickname = dhtmlspecialchars($_POST['nickname']); cstrlen($nickname) > 12 && javascript::json(0, 'register:nicknamelong'); iCMS_DB::query("INSERT INTO `#iCMS@__members` (`groupid`,`username`,`password`,`nickname`,`gender`,`info`,`power`,`cpower`,`regtime`,`lastip`,`lastlogintime`,`logintimes`,`post`,`type`,`status`) VALUES ('4','{$username}','{$password}', '{$nickname}','2','','','','" . time() . "','" . getip() . "', '" . time() . "','0','0','0','1') "); $uid = iCMS_DB::$insert_id; //设置为登陆状态 member::set_user_cookie($username, $password, $nickname); javascript::json(1, 'register:finish'); } elseif ($action == "login") { ckseccode($_POST['seccode'], 'U') && javascript::json(0, 'error:seccode'); if (member::checklogin(true)) { javascript::json(1, 'login:success'); } else { javascript::json(0, 'login:failed'); } } }
} } elseif ($op == "checkfreshmanseccode") { include_once S_ROOT . './source/function_cp.php'; if (ckseccode(trim($_GET['freshmanseccode']))) { showmessage('succeed'); } else { showmessage('incorrect_code'); } } if (submitcheck('freshmanregistersubmit')) { //接收信息 $realname = trim($_POST['freshmanrealname']); $birthday = trim($_POST['freshmanbirthday']); $email = trim($_POST['freshmanemail']); include_once S_ROOT . './source/function_cp.php'; if (!ckseccode($_POST['freshmanseccode'])) { showmessage('incorrect_code'); } //验证信息 $email = isemail($email) ? $email : ''; if (empty($email)) { showmessage('email_format_is_wrong'); } if ($_SCONFIG['checkemail']) { if ($count = getcount('spacefield', array('email' => $email))) { showmessage('email_has_been_registered'); } } $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('baseprofile') . " WHERE realname='{$realname}' and birthday='{$birthday}' and startyear={$ThisYear} limit 1"); $bp = $_SGLOBAL['db']->fetch_array($query); if (empty($bp)) {
if ($uid && $code && !$reward['credit']) { $m_space = getspace($uid); if ($code == space_key($m_space, $app)) { //验证通过 $invitearr['uid'] = $uid; $invitearr['username'] = $m_space['username']; } $url_plus = "uid={$uid}&app={$app}&code={$code}"; } elseif ($uid && $invite) { include_once S_ROOT . './source/function_cp.php'; $invitearr = invite_get($uid, $invite); $url_plus = "uid={$uid}&invite={$invite}"; } if ($_SCONFIG['seccode_login']) { include_once S_ROOT . './source/function_cp.php'; if (!ckseccode($_POST['seccode'])) { $_SGLOBAL['input_seccode'] = 1; include template('do_login'); exit; } } $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('member') . " WHERE username='******'"); $value = $_SGLOBAL['db']->fetch_array($query); if (empty($value)) { showmessage('login_failure_please_re_login', 'do.php?ac=' . $_SCONFIG['login_action']); } $password = $value[2]; //同步获取用户源 if (!($passport = getpassport($username, $password))) { showmessage('login_failure_please_re_login', 'do.php?ac=' . $_SCONFIG['login_action']); }
if ($_SGLOBAL['supe_uid'] != $bwzt['uid'] && !checkperm('managebwzt')) { capi_showmessage_by_data('no_authority_operation_of_the_log'); } } //添加编辑操作 if (capi_submitcheck('bwztsubmit')) { if (empty($bwzt['bwztid'])) { $bwzt = array(); } else { if (!checkperm('allowbwzt')) { ckspacelog(); capi_showmessage_by_data('no_authority_to_add_log'); } } //验证码 if (checkperm('seccode') && !ckseccode($_REQUEST['seccode'])) { capi_showmessage_by_data('incorrect_code'); } include_once S_ROOT . './source/function_bwzt.php'; if ($op == 'alterstatus') { if ($newbwztstatus = bwzt_alterstatus($_GET['status'], $bwzt)) { capi_showmessage_by_data('do_success', 0, $newbwztstatus); } else { capi_showmessage_by_data('alter_status_failed'); } } if ($newbwzt = bwzt_post($_POST, $bwzt)) { if (empty($bwzt) && $newbwzt['topicid']) { $url = 'space.php?do=topic&topicid=' . $newbwzt['topicid'] . '&view=bwzt'; } else { $url = 'space.php?uid=' . $newbwzt['uid'] . '&do=bwzt&id=' . $newbwzt['bwztid'];