function handleSave($populate = true)
 {
     if ($populate) {
         $this->_populateFromRequest();
         if (isset($_REQUEST['subpanel_title']) && isset($_REQUEST['subpanel_title_key'])) {
             $authenticatedUserLanguage = !empty($_SESSION['authenticated_user_language']) ? $_SESSION['authenticated_user_language'] : false;
             $selected_lang = !empty($_REQUEST['selected_lang']) ? $_REQUEST['selected_lang'] : $authenticatedUserLanguage;
             if (empty($selected_lang)) {
                 $selected_lang = $GLOBALS['sugar_config']['default_language'];
             }
             require_once 'modules/ModuleBuilder/parsers/parser.label.php';
             $labelParser = new ParserLabel($_REQUEST['view_module'], isset($_REQUEST['view_package']) ? $_REQUEST['view_package'] : null);
             $labelParser->addLabels($selected_lang, array($_REQUEST['subpanel_title_key'] => remove_xss(from_html($_REQUEST['subpanel_title']))), $_REQUEST['view_module']);
         }
     }
     // Bug 46291 - Missing widget_class for edit_button and remove_button
     foreach ($this->_viewdefs as $key => $def) {
         if (isset($this->_fielddefs[$key]['widget_class'])) {
             $this->_viewdefs[$key]['widget_class'] = $this->_fielddefs[$key]['widget_class'];
         }
     }
     $defs = $this->restoreInvisibleFields($this->_invisibleFields, $this->_viewdefs);
     // unlike our parent, do not force the field names back to upper case
     $defs = $this->makeRelateFieldsAsLink($defs);
     $this->implementation->deploy($defs);
 }
Ejemplo n.º 2
0
 /**
  * 从字符串中抓取远程图片
  *
  * @author tuzwu
  * @createtime
  * @modifytime
  * @param	
  * @return string 替换后的字符串
  */
 public function save_remote($str = '', $watermark_enable = false)
 {
     if (empty($str)) {
         return false;
     }
     $list = $replace_array = array();
     //这里存放结果map
     $c1 = preg_match_all('/<img\\s.*?>/', $str, $m1);
     //先取出所有img标签文本
     for ($i = 0; $i < $c1; $i++) {
         $c2 = preg_match_all('/(\\w+)\\s*=\\s*(?:(?:(["\'])(.*?)(?=\\2))|([^\\/\\s]*))/', $m1[0][$i], $m2);
         //匹配所有属性
         for ($j = 0; $j < $c2; $j++) {
             $img_attr = $m2[1][$j];
             if (!in_array($img_attr, array('src', 'alt', 'title'))) {
                 continue;
             }
             $list[$i][$img_attr] = !empty($m2[4][$j]) ? $m2[4][$j] : $m2[3][$j];
         }
     }
     foreach ($list as $k => $v) {
         if (strpos($v['src'], '://') === false || strpos_array($v['src'], array('127.0.0.1', 'localhost', ATTACHMENT_URL)) !== false) {
             continue;
         }
         $alt = isset($v['alt']) ? remove_xss($v['alt']) : remove_xss($v['title']);
         $new_path = $this->get_remote_file($v['src'], array('alt' => $alt));
         if ($new_path) {
             $replace_array['old'][] = $v['src'];
             $replace_array['new'][] = $new_path;
         }
     }
     return empty($replace_array['new']) ? $str : str_ireplace($replace_array['old'], $replace_array['new'], $str);
 }
Ejemplo n.º 3
0
 /**
  * 添加公告
  */
 public function add()
 {
     if (isset($GLOBALS['submit'])) {
         if (empty($GLOBALS['usernames'])) {
             MSG('收件人不能为空');
         }
         if (empty($GLOBALS['content'])) {
             MSG('不能发送空白内容');
         }
         $formdata = array();
         $formdata['content'] = remove_xss($GLOBALS['content']);
         $formdata['addtime'] = SYS_TIME;
         $formdata['uid'] = $_SESSION['uid'];
         $formdata['username'] = $_SESSION['uid'];
         $usernames = $GLOBALS['usernames'];
         $usernames = explode(',', $usernames);
         $success_user = $error_user = array();
         foreach ($usernames as $name) {
             $mr = $this->db->get_one('member', array('username' => $name));
             if ($mr) {
                 $success_user[] = $name;
                 $formdata['touid'] = $mr['uid'];
                 $this->db->insert('message', $formdata);
             } else {
                 $error_user[] = $name;
             }
         }
         $success_user = implode(',', $success_user);
         $error_user = implode(',', $error_user);
         MSG('成功发送给:' . $success_user . '<br>失败用户名:' . $error_user);
     } else {
         $show_formjs = 1;
         include $this->template('add');
     }
 }
 public function push()
 {
     load("extend");
     $data = array();
     if (session('?uid')) {
         $uid = session('uid');
         $data['uid'] = $uid;
     } elseif (session('?oid')) {
         $oid = session('oid');
         $data['oid'] = $oid;
     }
     //提交到数据库
     $Advice = M('Advice');
     //验证
     $Advice->check('c', '1,200', 'length');
     $content = $this->_post('c');
     //过滤
     $content = remove_xss($content);
     $data['content'] = $content;
     $data['ctime'] = time();
     //提交
     if ($Advice->add($data)) {
         $this->ajaxReturn(1, '提交成功', 1);
     } else {
         $this->ajaxReturn(0, '提交失败', 1);
     }
 }
Ejemplo n.º 5
0
 public function add()
 {
     $memberinfo = $this->memberinfo;
     if (isset($GLOBALS['submit'])) {
         $formdata = array();
         $formdata['addressee'] = remove_xss($GLOBALS['addressee']);
         $formdata['address'] = remove_xss($GLOBALS['address']);
         $formdata['uid'] = $memberinfo['uid'];
         if ($GLOBALS['LK1_1'] == '0') {
             MSG('请选择所在地区省份', HTTP_REFERER);
         }
         if ($GLOBALS['LK1_2'] == '0') {
             MSG('请选择所在地区市级', HTTP_REFERER);
         }
         $formdata['province'] = remove_xss($GLOBALS['LK1_1']);
         $formdata['city'] = remove_xss($GLOBALS['LK1_2']);
         $formdata['area'] = remove_xss(trim($GLOBALS['LK1_3'], '0'));
         $formdata['mobile'] = remove_xss($GLOBALS['mobile']);
         $formdata['tel'] = remove_xss($GLOBALS['tel1']) . '-' . remove_xss($GLOBALS['tel2']) . '-' . remove_xss($GLOBALS['tel2']);
         $formdata['tel'] = rtrim($formdata['tel'], '-');
         $formdata['zipcode'] = intval($GLOBALS['zipcode']);
         $formdata['isdefault'] = intval($GLOBALS['isdefault']);
         $GLOBALS['addressid'] = $this->db->insert('express_address', $formdata);
         if ($formdata['isdefault']) {
             $this->setdefault();
         }
         if ($GLOBALS['forward'] == 1) {
             MSG(L('operation_success'), '/index?m=order&f=order_goods&v=cart');
         } else {
             MSG(L('operation_success'), '/index.php?m=order&f=address&v=listing&acbar=1');
         }
     }
     include T('order', 'address_add');
 }
Ejemplo n.º 6
0
 /**
  * 修改公告
  */
 public function edit()
 {
     $id = intval($GLOBALS['id']);
     if (isset($GLOBALS['submit'])) {
         $formdata = $GLOBALS['form'];
         $formdata['title'] = remove_xss($formdata['title']);
         $formdata['note'] = remove_xss($formdata['note']);
         $formdata['addtime'] = SYS_TIME;
         $formdata['endtime'] = strtotime($GLOBALS['endtime']);
         $formdata['publisher'] = get_cookie('username');
         $formdata['css'] = 'color:#' . remove_xss(ltrim($GLOBALS['title_css'], '#') . ';' . $GLOBALS['font_weight']);
         $linkageid = $this->db->update('affiche', $formdata, array('id' => $id));
         MSG(L('operation success'), '?m=affiche&f=index&v=listing' . $this->su());
     } else {
         $show_formjs = 1;
         $form = load_class('form');
         load_function('admin');
         $endtime = SYS_TIME + 86400 * 30;
         $endtime = date('Y-m-d');
         $r = $this->db->get_one('affiche', array('id' => $id));
         $styles = style($r['css']);
         //color:#ff0000;font-weight:bold
         $font_weight = $styles['font-weight'];
         $color = $styles['color'];
         include $this->template('edit');
     }
 }
Ejemplo n.º 7
0
    function index()
    {
        $data = '<LINK REL="stylesheet" href="javascript:alert(\'XSS\');">
<IMG src=\'vbscript:msgbox("XSS")\'>
<IMG src="mocha:[code]">
<IMG src="livescript:[code]">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'XSS\');">
<IFRAME src=javascript:alert(\'XSS\')></IFRAME>
<FRAMESET><FRAME src=javascript:alert(\'XSS\')></FRAME></FRAMESET>
<TABLE BACKGROUND="javascript:alert(\'XSS\')">
<DIV STYLE="background-image: url(javascript:alert(\'XSS\'))">
<DIV STYLE="behaviour: url(\'http://www.how-to-hack.org/exploit.html\');">
<DIV STYLE="width: expression(alert(\'XSS\'));">
<STYLE>@im\\port\'\\ja\\vasc\\ript:alert("XSS")\';</STYLE>
<IMG STYLE=\'xss:expre\\ssion(alert("XSS"))\'>
<STYLE TYPE="text/javascript">alert(\'XSS\');</STYLE>
<STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert(\'XSS\')");}</STYLE><A class="XSS"></A>
<STYLE type="text/css">BODY{background:url("javascript:alert(\'XSS\')")}</STYLE>
<DIV STYLE="background-image: url(http://www.baidu.com)">
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> 

<IMG SRC="jav&#x0D;ascript:alert(\'XSS\');"> 
"<IMG SRC=java/0script:alert(\'XSS\')>";’ > out 
<IMG SRC=" javascript:alert(\'XSS\');"> 
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>

这里是中文

<IMG SRC="jav&#x09;ascript:alert(\'XSS\');">
<IMG SRC="jav&#x0A;ascript:alert(\'XSS\');">
';
        echo remove_xss($data);
    }
Ejemplo n.º 8
0
 public function ask()
 {
     $formdata = array();
     $formdata['title'] = isset($GLOBALS['title']) ? remove_xss($GLOBALS['title']) : strcut($GLOBALS['content'], 80);
     $formdata['content'] = $GLOBALS['content'];
     $formdata['addtime'] = SYS_TIME;
     $formdata['publisher'] = $this->memberinfo['username'];
     $formdata['ip'] = get_ip();
     $this->db->insert('guestbook', $formdata);
     MSG('您的提问已经提交,我们的专家会尽快给您回复', '?m=guestbook&f=myissue&v=listing');
 }
Ejemplo n.º 9
0
 /**
  * ajax获取tags,用于keyword表单字段的自动填充
  *
  * @author tuzwu
  * @createtime
  * @modifytime
  * @param	
  * @return
  */
 public function ajax_auto_complete()
 {
     $tag = isset($GLOBALS['term']) ? remove_xss($GLOBALS['term']) : MSG(L('parameter_error'));
     $where = ' tag like "%' . $tag . '%" ';
     $tag_info = $this->db->get_list('tag', $where, 'tag', 0, 10, 1);
     foreach ($tag_info as $k => $v) {
         $tag_info[$k]['label'] = $tag_info[$k]['value'] = $v['tag'];
         unset($tag_info[$k]['tag']);
     }
     exit(json_encode($tag_info));
 }
Ejemplo n.º 10
0
 /**
  * search mec
  */
 public function search2()
 {
     $categorys = get_cache('category', 'content');
     $cityname = remove_xss($GLOBALS['cityname']);
     $page = max(intval($GLOBALS['page']), 1);
     $urlrule = 'javascript:change_pagemap2({$page});';
     $where = "`status`=9 AND `title` LIKE '%{$cityname}%'";
     $result = $this->db->get_list('mec', $where, '*', 0, 10, $page, 'id DESC', '', '', $urlrule, '', 3);
     $pages = $this->db->pages;
     include T('content', 'map-search2', TPLID);
 }
Ejemplo n.º 11
0
function dxss($string, $force = 1)
{
    if (is_array($string)) {
        $keys = array_keys($string);
        foreach ($keys as $key) {
            $val = $string[$key];
            unset($string[$key]);
            $string[$key] = dxss($val, $force);
        }
    } else {
        $string = remove_xss($string);
    }
    return $string;
}
Ejemplo n.º 12
0
 /**
  * Takes in the request params from a save request and processes
  * them for the save.
  * @param REQUEST $params       Labels as "label_".System label => Display label pairs
  * @param string $language      Language key, for example 'en_us'
  */
 function handleSave($params, $language)
 {
     $labels = array();
     foreach ($params as $key => $value) {
         if (preg_match('/^label_/', $key) && strcmp($value, 'no_change') != 0) {
             $labels[strtoupper(substr($key, 6))] = remove_xss(from_html($value), false);
         }
     }
     if (!empty($this->packageName)) {
         return self::addLabels($language, $labels, $this->moduleName, "custom/modulebuilder/packages/{$this->packageName}/modules/{$this->moduleName}/language");
     } else {
         return self::addLabels($language, $labels, $this->moduleName);
     }
 }
Ejemplo n.º 13
0
 private function _escape_data($data)
 {
     if (!is_array($data) || count($data) == 0) {
         return $data;
     }
     foreach ($data as $key => $value) {
         $html_flg = preg_match('/^html/', $key);
         if (is_array($value)) {
             $data[$key] = $this->_escape_data($value);
         } else {
             if (is_string($value) && !$html_flg) {
                 $data[$key] = remove_xss(htmlspecialchars($value));
             }
         }
     }
     return $data;
 }
Ejemplo n.º 14
0
 function login_sub()
 {
     $_POST['admin_name'] == NULL || $_POST['admin_pwd'] == NULL && exit;
     if (isset($_COOKIE['qcs_auth'])) {
         $id = explode("\t", strcode($_COOKIE['qcs_auth'], $this->setting['auth_key'], 'DECODE'));
         (!is_numeric($id[0]) || $id[0] != 1) && $this->redirect('Index/index');
     } else {
         $this->redirect('Account/login');
     }
     if (M('user')->where(array('name' => remove_xss($_POST['admin_name']), 'pwd' => pwd_encode($_POST['admin_pwd'])))->getField('id') == 1) {
         Session::set('aid', 1);
         $this->redirect('Admin/main');
     } else {
         $this->assign('script', '<script>alert("您的输入有误,请重新输入")</script>');
         $this->display('Admin/login');
     }
 }
Ejemplo n.º 15
0
 /**
  * 编辑来源
  */
 public function edit()
 {
     $fromid = intval($GLOBALS['fromid']);
     if (isset($GLOBALS['submit'])) {
         $formdata = array();
         $formdata['name'] = remove_xss($GLOBALS['form']['name']);
         $formdata['url'] = remove_xss($GLOBALS['form']['url']);
         $formdata['logo'] = remove_xss($GLOBALS['form']['logo']);
         $formdata['updatetime'] = '0000-00-00 00:00:00';
         $this->db->update('copyfrom', $formdata, array('fromid' => $fromid));
         MSG(L('operation success'), HTTP_REFERER);
     } else {
         $show_formjs = 1;
         $form = load_class('form');
         $r = $this->db->get_one('copyfrom', array('fromid' => $fromid));
         include $this->template('copyfrom_edit');
     }
 }
Ejemplo n.º 16
0
 public function insert()
 {
     $rs = D("Home.User");
     if ($rs->create()) {
         $userid = $rs->add();
         if ($userid) {
             $username = remove_xss(trim($_POST['username']));
             $userpwd = md5(trim($_POST['userpwd']));
             $rs->addcookie($username, $userpwd, $userid);
             $this->assign("jumpUrl", 'index.php?s=User/Show');
             $this->success('恭喜您,注册成功,马上进入用户中心!');
         } else {
             $this->error('注册失败,请重试!');
         }
     } else {
         $this->error($rs->getError());
     }
 }
Ejemplo n.º 17
0
/**
 * 安全过滤函数
 *
 * @param $string
 * @return string
 */
function safe_replace($string)
{
    $string = str_replace('%20', '', $string);
    $string = str_replace('%27', '', $string);
    $string = str_replace('%2527', '', $string);
    $string = str_replace('*', '', $string);
    $string = str_replace('"', '&quot;', $string);
    $string = str_replace("'", '', $string);
    $string = str_replace('"', '', $string);
    $string = str_replace(';', '', $string);
    $string = str_replace('<', '&lt;', $string);
    $string = str_replace('>', '&gt;', $string);
    $string = str_replace("{", '', $string);
    $string = str_replace('}', '', $string);
    $string = str_replace('\\', '', $string);
    $string = remove_xss($string);
    return $string;
}
 public function update()
 {
     //输出gb2312码,ajax默认转的是utf-8
     header("Content-type: text/html; charset=utf-8");
     if (!isset($_POST['author']) or !isset($_POST['content'])) {
         alert('非法操作!', 3);
     }
     //读取数据库和缓存
     $pl = M('guestbook');
     $config = F('basic', '', './Web/Conf/');
     //相关判断
     if (Session::is_set('posttime')) {
         $temp = Session::get('posttime') + $config['postovertime'];
         if (time() < $temp) {
             echo "请不要连续发布!";
             exit;
         }
     }
     //准备工作
     if ($config['bookoff'] == 0) {
         $data['status'] = 0;
     }
     //先解密js的escape
     $data['author'] = htmlspecialchars(unescape($_POST['author']));
     $data['content'] = htmlspecialchars(trim(unescape($_POST['content'])));
     $data['title'] = htmlspecialchars(trim(unescape($_POST['title'])));
     $data['tel'] = htmlspecialchars(trim(unescape($_POST['tel'])));
     $data['ip'] = remove_xss(htmlentities(get_client_ip()));
     $data['addtime'] = date('Y-m-d H:i:s');
     //处理数据
     if ($pl->add($data)) {
         Session::set('posttime', time());
         if ($config['bookoff'] == 0) {
             echo '发布成功,留言需要管理员审核!';
             exit;
         } else {
             echo '发布成功!';
             exit;
         }
     } else {
         echo '发布失败!';
         exit;
     }
 }
Ejemplo n.º 19
0
 /**
  * 回复
  */
 public function reply()
 {
     $id = $GLOBALS['id'];
     $reply_user = get_cookie('wz_name');
     if (isset($GLOBALS['submit'])) {
         $status = 9;
         if (!empty($GLOBALS['reply_user'])) {
             $reply_user = remove_xss($GLOBALS['reply_user']);
         }
         $this->db->update('guestbook', array('status' => $status, 'reply' => $GLOBALS['reply'], 'replytime' => SYS_TIME, 'reply_user' => $reply_user), array('id' => $id));
         $r = $this->db->get_one('guestbook', array('id' => $id));
         $mr = $this->db->get_one('member', array('username' => $r['publisher']));
         //邮箱有验证状态时发送邮件通知
         if ($mr['ischeck_email']) {
             load_function('preg_check');
             $config = get_cache('sendmail');
             $password = decode($config['password']);
             //load_function('sendmail');
             $subject = '有人回复了您的提问,请登录查询';
             $message = "提问内容:" . $r['title'] . "<br>详细回复请登录:<br><a href='" . WEBURL . "index.php?m=guestbook&f=myissue&v=listing' target='_blank'>" . WEBURL . 'index.php?m=guestbook&f=myissue&v=listing</a> 查看';
             $mail = load_class('sendmail');
             $mail->setServer($config['smtp_server'], $config['smtp_user'], $password);
             //设置smtp服务器,普通连接方式
             $mail->setFrom($config['send_email']);
             //设置发件人
             $mail->setReceiver($mr['email']);
             //设置收件人,多个收件人,调用多次
             $mail->setMail($subject, $message);
             //设置邮件主题、内容
             $mail->sendMail();
             //发送
         }
         MSG(L('operation success'), $GLOBALS['forward']);
     } else {
         load_class('form');
         $r = $this->db->get_one('guestbook', array('id' => $id));
         $model_r = $this->db->get_one('model', array('m' => 'guestbook'));
         require get_cache_path('guestbook_form', 'model');
         $form_build = new form_build($model_r['modelid']);
         $formdata = $form_build->execute($r);
         include $this->template('reply');
     }
 }
Ejemplo n.º 20
0
 /**
  * 发货
  */
 public function send()
 {
     $orderid = intval($GLOBALS['orderid']);
     if (isset($GLOBALS['submit'])) {
         $formdata = array();
         $formdata['post_time'] = SYS_TIME;
         $formdata['status'] = 3;
         $formdata['express'] = $GLOBALS['express'];
         $formdata['snid'] = remove_xss($GLOBALS['snid']);
         $formdata['note'] = remove_xss($GLOBALS['note']);
         $this->db->update('order_point', $formdata, array('orderid' => $orderid));
         MSG(L('operation_success') . '<script>top.window.frames["iframeid"].location.reload();top.dialog.get(window).close().remove();</script>');
     } else {
         $r = $this->db->get_one('order_point', array('orderid' => $orderid));
         $er = $this->db->get_one('express_address', array('addressid' => $r['addressid']));
         $result = $this->db->get_list('express', '', '*', 0, 50, 0, 'eid ASC');
         include $this->template('send');
     }
 }
Ejemplo n.º 21
0
 /**
  * 积分入帐
  */
 public function add()
 {
     $config = get_cache('point_config');
     if ($config['status'] != 1) {
         MSG('未开启后台积分入帐,如需开启请在积分配置中开启');
     }
     if (isset($GLOBALS['submit'])) {
         load_function('common', 'pay');
         $formdata = array();
         $formdata['username'] = remove_xss($GLOBALS['username']);
         $mr = $this->db->get_one('member', array('username' => $formdata['username']));
         if (!$mr) {
             MSG('用户不存在');
         }
         $formdata['uid'] = $mr['uid'];
         $plus_minus = intval($GLOBALS['plus_minus']);
         $username = get_cookie('username');
         $point = intval($GLOBALS['point']);
         if ($plus_minus == 1) {
             $plus_minus_type = '增加';
             $plus_minus = '+';
             $left_point = $mr['points'] + $point;
         } else {
             $plus_minus_type = '减少';
             $plus_minus = '-';
             $left_point = $mr['points'] - $point;
             if ($left_point <= 0) {
                 MSG('用户积分为:' . $mr['points'] . ',不足扣除' . $point);
             }
         }
         $payname = $username . '后台管理:' . $plus_minus_type . '积分,用户剩余积分:' . $left_point . '<br>' . $GLOBALS['note'];
         $credit_api = load_class('credit_api', 'credit');
         $credit_api->handle($mr['uid'], $plus_minus, $point, $payname);
         MSG(L('operation success'), HTTP_REFERER);
     } else {
         $show_formjs = 1;
         $form = load_class('form');
         $options = $this->db->get_list('kind', array('keyid' => 'link'));
         $options = key_value($options, 'kid', 'name');
         include $this->template('add');
     }
 }
Ejemplo n.º 22
0
 public function add()
 {
     $seo_title = '发私信';
     $memberinfo = $this->memberinfo;
     if (isset($GLOBALS['submit'])) {
         $tousername = sql_replace($GLOBALS['tousername']);
         if ($tousername == '') {
             MSG('用户名错误');
         }
         $r = $this->db->get_one('member', array('username' => $tousername));
         if (!$r) {
             MSG('用户名错误');
         }
         $content = remove_xss($GLOBALS['content']);
         $this->db->insert('message', array('uid' => $memberinfo['uid'], 'touid' => $r['uid'], 'username' => $memberinfo['username'], 'addtime' => SYS_TIME, 'content' => $content));
         MSG('私信发送成功', HTTP_REFERER);
     } else {
         $username = isset($GLOBALS['username']) ? remove_xss($GLOBALS['username']) : '';
         include T('message', 'add');
     }
 }
Ejemplo n.º 23
0
 /**
  * 添加敏感词
  */
 public function add()
 {
     if (isset($GLOBALS['submit'])) {
         $words = explode("\n", $GLOBALS['badword']);
         foreach ($words as $word) {
             $word = trim($word);
             if (empty($word)) {
                 continue;
             }
             $uid = $_SESSION['uid'];
             $r = $this->db->get_one('badword', array('word' => $word));
             if ($r) {
                 continue;
             }
             $word = remove_xss($word);
             $this->db->insert('badword', array('word' => $word, 'addtime' => SYS_TIME, 'uid' => $uid));
         }
         MSG(L('operation success'), HTTP_REFERER);
     } else {
         include $this->template('badword_add');
     }
 }
Ejemplo n.º 24
0
 /**
  * 修改公告
  */
 public function edit()
 {
     $id = intval($GLOBALS['id']);
     if (isset($GLOBALS['submit'])) {
         $formdata = $GLOBALS['form'];
         $formdata['title'] = remove_xss($formdata['title']);
         $formdata['thumb'] = remove_xss($formdata['thumb']);
         $linkageid = $this->db->update('express', $formdata, array('eid' => $id));
         MSG(L('operation success'), '?m=order&f=express&v=listing' . $this->su());
     } else {
         $show_formjs = 1;
         $form = load_class('form');
         load_function('admin');
         $endtime = SYS_TIME + 86400 * 30;
         $endtime = date('Y-m-d');
         $r = $this->db->get_one('express', array('eid' => $id));
         $styles = style($r['css']);
         //color:#ff0000;font-weight:bold
         $font_weight = $styles['font-weight'];
         $color = $styles['color'];
         include $this->template('express_edit');
     }
 }
Ejemplo n.º 25
0
 /**
  * 申请
  */
 public function apply()
 {
     $memberinfo = $this->memberinfo;
     $orderid = intval($GLOBALS['orderid']);
     $r = $this->db->get_one('receipt', array('uid' => $memberinfo['uid'], 'orderid' => $orderid));
     if ($r) {
         MSG('您没有需要开具的订单');
     }
     $where = "`uid`=" . $memberinfo['uid'] . " AND `orderid`='{$orderid}' AND `status` IN(1,5)";
     $order_result = $this->db->get_one('order_goods', $where);
     if (!$order_result) {
         MSG('您没有需要开具的订单');
     }
     if (empty($GLOBALS['title'])) {
         MSG('请填写发票抬头');
     }
     if (empty($GLOBALS['linkman'])) {
         MSG('请填写联系人名称');
     }
     if (empty($GLOBALS['address'])) {
         MSG('请填写联系人地址');
     }
     if (empty($GLOBALS['tel'])) {
         MSG('请填写联系人电话');
     }
     $formdata = array();
     $formdata['orderid'] = $orderid;
     $formdata['title'] = remove_xss($GLOBALS['title']);
     $formdata['linkman'] = remove_xss($GLOBALS['linkman']);
     $formdata['address'] = remove_xss($GLOBALS['address']);
     $formdata['tel'] = remove_xss($GLOBALS['tel']);
     $formdata['zip'] = intval($GLOBALS['zip']);
     $formdata['uid'] = $memberinfo['uid'];
     $formdata['addtime'] = SYS_TIME;
     $this->db->insert('receipt', $formdata);
     MSG('发票申请已提交', HTTP_REFERER);
 }
Ejemplo n.º 26
0
 /**
  * 编辑个人信息
  */
 public function edit_info()
 {
     $uid = $_SESSION['uid'];
     if (isset($GLOBALS['submit'])) {
         $formdata = array();
         if (empty($GLOBALS['form']['password'])) {
             $formdata['password'] = '';
         } else {
             $factor = substr(random_string('md5'), 0, 6);
             $password = md5(md5($GLOBALS['form']['password']) . $factor);
             $formdata['password'] = $password;
             $formdata['factor'] = $factor;
         }
         $GLOBALS['form'] = remove_xss($GLOBALS['form']);
         $formdata['truename'] = $GLOBALS['form']['truename'];
         $formdata['lang'] = $GLOBALS['form']['lang'];
         $formdata['department'] = $GLOBALS['form']['department'];
         $formdata['face'] = $GLOBALS['form']['face'];
         $formdata['lang'] = $GLOBALS['form']['lang'];
         $formdata['email'] = $GLOBALS['form']['email'];
         $formdata['tel'] = $GLOBALS['form']['tel'];
         $formdata['mobile'] = $GLOBALS['form']['mobile'];
         $formdata['remark'] = $GLOBALS['form']['remark'];
         $this->db->update('admin', $formdata, array('uid' => $uid));
         MSG(L('edit success'), HTTP_REFERER);
     } else {
         $show_formjs = 1;
         $form = load_class('form');
         $roles = $this->db->get_list('admin_role', '', '*', 0, 100);
         $r = $this->db->get_one('admin', array('uid' => $uid));
         $mr = $this->db->get_one('member', array('uid' => $uid));
         $username = $mr['username'];
         $langs = array('zh-cn' => '中文');
         include $this->template('edit_info');
     }
 }
Ejemplo n.º 27
0
 /**
  * 修改配置
  */
 public function edit()
 {
     $id = intval($GLOBALS['id']);
     $r = $this->db->get_one('payment', array('id' => $id));
     if (!$r) {
         MSG('支付方式不存在');
     }
     if (isset($GLOBALS['submit'])) {
         $formdata = array();
         $formdata['note'] = isset($GLOBALS['note']) ? remove_xss($GLOBALS['note']) : '';
         $formdata['setting'] = isset($GLOBALS['setting']) ? serialize($GLOBALS['setting']) : '';
         $formdata['status'] = intval($GLOBALS['status']);
         $this->db->update('payment', $formdata, array('id' => $id));
         MSG(L('operation_success'), '?m=pay&f=pay_config&v=listing' . $this->su(), 500);
     } else {
         if ($r['status'] == 0) {
             MSG('该功能尚未开发,如需帮助,请联系我们!');
         }
         $show_formjs = 1;
         $setting = array();
         $setting = unserialize($r['setting']);
         include $this->template('config_' . $id);
     }
 }
Ejemplo n.º 28
0
 /**
  * 修改友情链接
  */
 public function edit()
 {
     $linkid = intval($GLOBALS['linkid']);
     if (isset($GLOBALS['submit'])) {
         $formdata = array();
         $formdata['sitename'] = remove_xss($GLOBALS['form']['sitename']);
         $formdata['url'] = remove_xss($GLOBALS['form']['url']);
         $formdata['logo'] = remove_xss($GLOBALS['form']['logo']);
         $formdata['remark'] = remove_xss($GLOBALS['form']['remark']);
         $formdata['username'] = get_cookie('username');
         $formdata['addtime'] = SYS_TIME;
         $formdata['kid'] = intval($GLOBALS['form']['kid']);
         $this->db->update('link', $formdata, array('linkid' => $linkid));
         $forward = $GLOBALS['forward'];
         MSG(L('operation success'), $forward);
     } else {
         $show_formjs = 1;
         $form = load_class('form');
         $r = $this->db->get_one('link', array('linkid' => $linkid));
         $options = $this->db->get_list('kind', array('keyid' => 'link'));
         $options = key_value($options, 'kid', 'name');
         include $this->template('edit');
     }
 }
Ejemplo n.º 29
0
 public function save()
 {
     $id = intval($this->input->post('id'));
     $user = $this->input->post('user', true);
     $singer = $this->input->post('singer', true);
     $addtime = $this->input->post('addtime', true);
     $data['yid'] = intval($this->input->post('yid'));
     $data['tid'] = intval($this->input->post('tid'));
     $data['cid'] = intval($this->input->post('cid'));
     $data['name'] = $this->input->post('name', true);
     $data['pic'] = $this->input->post('pic', true);
     $data['neir'] = remove_xss($this->input->post('neir'));
     $data['hits'] = intval($this->input->post('hits'));
     $data['yhits'] = intval($this->input->post('yhits'));
     $data['zhits'] = intval($this->input->post('zhits'));
     $data['rhits'] = intval($this->input->post('rhits'));
     $data['shits'] = intval($this->input->post('shits'));
     $data['tags'] = $this->input->post('tags', true);
     $data['color'] = $this->input->post('color', true);
     $data['singerid'] = intval(getzd('singer', 'id', $singer, 'name'));
     $data['uid'] = intval(getzd('user', 'id', $user, 'name'));
     $data['neir'] = remove_xss($this->input->post('neir'));
     $data['diqu'] = $this->input->post('diqu', true);
     $data['yuyan'] = $this->input->post('yuyan', true);
     $data['year'] = $this->input->post('year', true);
     $data['fxgs'] = $this->input->post('fxgs', true);
     $data['skins'] = $this->input->post('skins', true);
     $data['title'] = $this->input->post('title', true);
     $data['keywords'] = $this->input->post('keywords', true);
     $data['description'] = $this->input->post('description', true);
     if (empty($data['name'])) {
         admin_msg(L('plub_85'), 'javascript:history.back();', 'no');
     }
     if ($id == 0) {
         //新增
         $data['addtime'] = time();
         $this->CsdjDB->get_insert('dance_topic', $data);
     } else {
         if ($data['tid'] == 0) {
             $this->dt($id);
         }
         if ($addtime == 'ok') {
             $data['addtime'] = time();
         }
         $this->CsdjDB->get_update('dance_topic', $id, $data);
     }
     admin_msg(L('plub_70'), site_url('dance/admin/topic'), 'ok');
     //操作成功
 }
Ejemplo n.º 30
0
 /**
  *发表话题
  *@date 2010-6-4
  *@time 下午04:36:18
  */
 function add_post()
 {
     //搜索群组
     if (!$this->_is_login()) {
         $this->ajaxReturn('login', "Login please.", '0');
     }
     $dao = D("Post");
     $vo = $dao->create();
     if ($vo) {
         if (empty($vo['message'])) {
             $this->ajaxReturn('0', 'You must fill in the field of "Content".', '0');
         }
         $vo['title'] = $vo['title'] ? $vo['title'] : "";
         $vo['aid'] = $vo['aid'] ? $vo['aid'] : "0";
         $vo['qid'] = $vo['qid'] ? $vo['qid'] : "0";
         $vo['l'] = $vo['l'] ? $vo['l'] : "1";
         $vo['topid'] = $vo['topid'] ? $vo['topid'] : "0";
         $vo['requery'] = $vo['requery'] ? $vo['requery'] : "0";
         $vo['qidstr'] = $vo['qidstr'] ? $vo['qidstr'] : "0";
         $vo['message'] = nl2br(remove_xss($vo['message']));
         $vo['is_show'] = 1;
         if ($vo['topid'] != '0' && $vo['qid'] == '0') {
             //主题的回复
             $top = $dao->where("topid={$vo['topid']}")->field('id,l,topid')->order("l DESC")->find();
             $vo['l'] = $top['l'] + 1;
         } elseif ($vo['topid'] == '0' && $vo['qid'] == '0') {
             //主题
             $vo['l'] = '0';
         } elseif ($vo['topid'] != '0' && $vo['qid'] != '0') {
             //主题回复的回复
             $top = $dao->where("qid={$vo['qid']}")->field('id,l,topid')->order("l DESC")->find();
             $vo['l'] = $top['l'] + 1;
         }
         //dump($vo);
         $pid = $dao->add($vo);
         if ($pid) {
             if ($vo['topid'] != '0') {
                 $this->posts_lasttime($vo['topid']);
             }
             $data = $dao->where("id={$pid}")->find();
             $data['dateline'] = toDate($data['dateline'], 'Y-m-d');
             $data['lasttime'] = toDate($data['lasttime'], 'Y-m-d');
             if ($data['l'] == '0') {
                 $this->edit_thread($data['gid']);
             } else {
                 $this->edit_thread($data['gid'], 2);
             }
             $this->ajaxReturn($data, "You’ve sent successfully.", '1');
         } else {
             $this->ajaxReturn('0', "You’ve sent successfully.", '0');
         }
     } else {
         $this->ajaxReturn('0', 'Replied successfully!', '0');
     }
 }