$g_content = be("all", "g_content"); $g_content = chkSql($g_content); $g_code = be("all", "g_code"); $g_code = chkSql($g_code); if (!isNum($g_vid)) { $g_vid = 0; } if (isN($g_name) || isN($g_content)) { alert('请输入昵称和内容'); exit; } if ($MAC['other']['gbookverify'] == 1 && $_SESSION["code_gbook"] != $g_code) { alert('验证码错误'); exit; } if (getTimeSpan("last_gbooktime") < $MAC['other']['gbooktime']) { alert('请不要频繁操作'); exit; } $pattern = '/[^\\x00-\\x80]/'; if (!preg_match($pattern, $g_content)) { alert('内容必须包含中文,请重新输入!'); exit; } $g_name = badFilter($g_name); $g_name = strip_tags($g_name); $g_content = badFilter($g_content); $g_content = strip_tags($g_content); $g_ip = ip2long(getIP()); $g_time = time(); if ($MAC['other']['gbookaudit'] == 1) {
$u_answer = chkSql($u_answer); if (strlen($u_name) > 32) { $u_name = substring($u_name, 32); } if (strlen($u_question) > 255) { $u_question = substring($u_question, 255); } if (strlen($u_answer) > 255) { $u_answer = substring($u_answer, 255); } $u_password = md5($u_password); if (empty($u_question) || empty($u_answer) || empty($u_password) || empty($u_name)) { alert("表单信息不完整,请重填!"); exit; } if (getTimeSpan("last_findpass") < 5) { alert("系统繁忙,请稍候重试"); exit; } $_SESSION["last_findpass"] = time(); $row = $db->getRow("SELECT * FROM {pre}user WHERE u_name='" . mysql_real_escape_string($u_name) . "'"); if (!$row) { alert("重置密码失败1"); return; } else { if ($u_question != $row["u_question"] || $u_answer != $row["u_answer"]) { alert("重置密码失败2"); return; } $db->Update("{pre}user", array("u_password"), array($u_password), "u_id=" . $row["u_id"]); alertUrl("重置密码成功,正在转向登录页面", "?action=login");
$tpl->T = $MAC_CACHE['vodtopic'][$tpl->P['vodtopicid']]; if (!is_array($tpl->T)) { showMsg("获取数据失败,请勿非法传递参数", "../"); } $db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']); $tpl->loadtopic('vod'); $tpl->pageshow(); } elseif ($method == 'search') { $tpl->C["siteaid"] = 15; $wd = trim(be("all", "wd")); $wd = chkSql($wd); if (!empty($wd)) { $tpl->P["wd"] = $wd; } //if(empty($tpl->P["wd"]) && empty($tpl->P["ids"]) && empty($tpl->P["pinyin"]) && empty($tpl->P["starring"]) && empty($tpl->P["directed"]) && empty($tpl->P["area"]) && empty($tpl->P["lang"]) && empty($tpl->P["year"]) && empty($tpl->P["letter"]) && empty($tpl->P["tag"]) && empty($tpl->P["type"]) && empty($tpl->P["typeid"]) && empty($tpl->P["classid"]) ){ alert ("搜索参数不正确"); } if ($tpl->P['pg'] == 1 && getTimeSpan("last_searchtime") < $MAC['app']['searchtime']) { showMsg("请不要频繁操作,时间间隔为" . $MAC['app']['searchtime'] . "秒", MAC_PATH); exit; } $tpl->P['cp'] = 'vodsearch'; $tpl->P['cn'] = urlencode($tpl->P['wd']) . '-' . $tpl->P['pg'] . '-' . $tpl->P['order'] . '-' . $tpl->P['by'] . '-' . $tpl->P['ids'] . '-' . $tpl->P['pinyin'] . '-' . $tpl->P['type'] . '-' . $tpl->P['year'] . '-' . $tpl->P['letter'] . '-' . $tpl->P['typeid'] . '-' . $tpl->P['classid'] . '-' . urlencode($tpl->P['area']) . '-' . urlencode($tpl->P['lang']) . '-' . urlencode($tpl->P['tag']) . '-' . urlencode($tpl->P['starring']) . '-' . urlencode($tpl->P['directed']); echoPageCache($tpl->P['cp'], $tpl->P['cn']); $tpl->P["where"] = ''; $tpl->P["des"] = ''; $db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']); foreach ($tpl->P as $k => $v) { if (!is_numeric($v)) { $tpl->P[$k] = mysql_real_escape_string($v); } } if (!empty($tpl->P["year"])) {
$c_content = be("all", "c_content"); $c_content = chkSql($c_content); $c_code = be("all", "c_code"); $c_code = chkSql($c_code); if ($c_type >= 16 && $c_type <= 18) { $c_type = 16; } if (isN($c_name) || isN($c_content)) { echo '请输入昵称和内容'; exit; } if ($MAC['other']['commentverify'] == 1 && $_SESSION["code_comment"] != $c_code) { echo '验证码错误'; exit; } if (getTimeSpan("last_commenttime") < $MAC['other']['commenttime']) { echo '请不要频繁操作'; exit; } $pattern = '/[^\\x00-\\x80]/'; if (!preg_match($pattern, $c_content)) { echo '内容必须包含中文,请重新输入!'; exit; } $c_name = badFilter($c_name); $c_name = strip_tags($c_name); $c_content = badFilter($c_content); $c_content = strip_tags($c_content); $c_ip = ip2long(getIP()); $c_time = time(); if ($MAC['other']['commentaudit'] == 1) {