function UpdateSql($data, $table, $where, $strict = false)
{
$f = '';
$field = array();
if ($strict) {
$fieldrows = $GLOBALS['db']->fetch_first("select * from " . tname($table));
$field = array_keys($fieldrows);
}
foreach ($data as $key => $val) {
if ($strict) {
if (in_array($key, $field)) {
$d = $i > 0 ? ',' : '';
$f .= $d . "`" . $key . "`=" . "'" . global_addslashes(trim($val)) . "'";
$i++;
}
} else {
$d = $i > 0 ? ',' : '';
$f .= $d . "`" . $key . "`=" . "'" . global_addslashes(trim($val)) . "'";
$i++;
}
}
$sql = "update " . tname($table) . " set ";
$sql .= $f . " where 1 " . $where;
return $sql;
}
function login_action()
{
if (submitcheck('commit')) {
$data['email'] = global_addslashes(trim($_POST['user_name']));
$data['pwd'] = md52($_POST['pwd']);
$user = $this->user->GetOne('and email="' . $data['email'] . '" and pwd="' . $data['pwd'] . '" and usertype!="nulluser"');
if ($user) {
if ($user['usertype'] == 'adminuser') {
$GLOBALS['session']->set(array('adminid' => $user['uid'], 'username' => $user['email']));
exit('<SCRIPT LANGUAGE="JavaScript">
<!--
window.open("index.php?con=admin","_top","");
//-->
</SCRIPT>');
} else {
$GLOBALS['session']->set(array('uid' => $user['uid'], 'username' => $user['email']));
sheader($_POST['referer'] ? $_POST['referer'] : 'index.php', 3, '登录成功');
}
} else {
sheader(url('user', 'login'), 3, '登录失败,请重新登录');
}
} else {
$referer = dreferer();
include template('login');
}
}
function global_addslashes($string, $force = 1)
{
if ($force) {
$string = stripslashes_deep($string);
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = global_addslashes($val, $force);
}
} else {
$source = array('select', '`', 'where', 'and', 'update', 'insert', 'delete', '<script', '<?', '?>', 'or', 'eval');
$dst = array('', '', '', '', '', '', '', '', '', '', '', '');
$string = str_replace($source, $dst, addslashes($string));
}
} else {
$string = stripslashes_deep($string);
}
return $string;
}
<?php
/*
[Phpup.Net!] (C)2009-2011 Phpup.net.
This is NOT a freeware, use is subject to license terms
$Id: getinfo.php 2010-08-24 10:42 $
*/
error_reporting(0);
define('IN_PROVERB', 1);
date_default_timezone_set('Asia/Shanghai');
define('BIDCMS_CLIENT_SESSION', 'proverb');
define('ROOT_PATH', str_replace('inc', '', str_replace('\\', '/', dirname(__FILE__))));
include ROOT_PATH . '/data/config.inc.php';
header("Content-type:text/html;charset=" . $proverbcharset);
include ROOT_PATH . '/data/cache/setting.php';
require ROOT_PATH . '/inc/session/session_operator_native.class.php';
$session = new session_operator_native();
$session->session_start();
include ROOT_PATH . '/inc/upyun.class.php';
include ROOT_PATH . '/inc/global.func.php';
$setting = $content;
define('TPL_DIR', !empty($setting['site_template_dir']) ? $setting['site_template_dir'] : 'default');
$_REQUEST = global_addslashes($_REQUEST);
$_GET = global_addslashes($_GET);
$_POST = global_addslashes($_POST);
require ROOT_PATH . '/inc/mysql.class.php';
//初始化数据连接
$db = new proverb_mysql();
$db->connect($proverbdbhost, $proverbdbuser, $proverbdbpw, $proverbdbname);
function showmessage($js = true)
{
if ($js) {
echo "<script language='javascript'>alert('" . global_addslashes(str_replace("\n", '', $this->error)) . "');</script>";
exit;
} else {
echo nl2br($this->error);
}
}
function manageuser_action()
{
$ext = '';
$container = '';
if ($_REQUEST['username']) {
$container .= ' and username like "%' . global_addslashes($_REQUEST['username']) . '%"';
$ext = '&username='******'username'];
}
$showpage = array('isshow' => 1, 'currentpage' => intval($_REQUEST['page']), 'pagesize' => 20, 'url' => 'index.php?con=' . $GLOBALS['setting']['adminpath'] . '&act=admin' . $ext, 'example' => 3);
$user_mod = new common('admin');
$userlist = $user_mod->GetPage($showpage, $container);
include ROOT_PATH . '/views/admin/manageuser.php';
}
function _autoInsertGroup($ids)
{
$container = $ids == -1 ? 'and id>0' : 'and id in (' . ($ids ? $ids : 0) . ')';
$data = $this->tempsite->GetPage(array('isshow' => 0), $container);
set_time_limit(0);
foreach ($data as $k => $v) {
$o = $v['oldprice'] > 0 ? $v['oldprice'] : 1;
$data[$k]['discount'] = intval($v['nowprice'] * 100 / $v['oldprice']) / 10;
$newtime = explode('+', $v['lasttime']);
$startnewtime = explode('+', $v['starttime']);
$data[$k]['grouptype'] = $grouptype;
$data[$k]['cityname'] = $v['cityname'] ? $v['cityname'] : '其它';
$data[$k]['cityid'] = $v['cityname'] ? Pinyin($v['cityname']) : 'qita';
$lasttime = str_replace('日', '', str_replace('月', '-', str_replace('年', '-', trim($newtime[0]))));
$lasttime = str_replace('秒', '', str_replace('分', ':', str_replace('时', ':', $lasttime)));
$starttime = str_replace('日', '', str_replace('月', '-', str_replace('年', '-', trim($startnewtime[0]))));
$starttime = str_replace('秒', '', str_replace('分', ':', str_replace('时', ':', $starttime)));
$data[$k]['lasttime'] = strtotime($lasttime) > 0 ? strtotime($lasttime) : $lasttime;
$data[$k]['starttime'] = strtotime($starttime) > 0 ? strtotime($starttime) : $starttime;
$data[$k]['ispassed'] = $GLOBALS['setting']['site_allow_passed'] ? 1 : 0;
if ($v['thumb']) {
if ($GLOBALS['allowremote']) {
$thumb = $this->curl->get($v['thumb']);
if ($thumb) {
$file = explode('.', $v['thumb']);
$dir = 'data/upload/' . date('Y/m');
mkdir2(ROOT_PATH . '/' . $dir);
$stuff = str_replace('/', '', $file[count($file) - 1]);
if (!in_array(substr($stuff, 4), array('jpeg', 'png', 'jpg', 'gif'))) {
$stuff = 'jpg';
}
$file = md52(microtime()) . '.' . $stuff;
writefile(ROOT_PATH . '/' . $dir . '/' . $file, $thumb);
$data[$k]['thumb'] = $dir . '/' . $file;
} else {
$data[$k]['thumb'] = $v['thumb'];
}
}
}
}
foreach ($data as $k => $v) {
$group = $this->group->GetOne('and subject="' . global_addslashes($v['subject']) . '" and siteid=' . $v['siteid']);
if (!$group) {
unset($v['id']);
$this->group->InsertData($v);
}
}
$this->tempsite->DeleteData('1 ' . $container);
sleep(1);
}
function global_addslashes($string, $force = 1)
{
if ($force) {
$string = stripslashes_deep($string);
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = global_addslashes($val, $force);
}
} else {
$string = addslashes($string);
}
} else {
$string = stripslashes_deep($string);
}
return $string;
}