function handleSave($populate = true)
{
if ($populate) {
$this->_populateFromRequest();
if (isset($_REQUEST['subpanel_title']) && isset($_REQUEST['subpanel_title_key'])) {
$authenticatedUserLanguage = !empty($_SESSION['authenticated_user_language']) ? $_SESSION['authenticated_user_language'] : false;
$selected_lang = !empty($_REQUEST['selected_lang']) ? $_REQUEST['selected_lang'] : $authenticatedUserLanguage;
if (empty($selected_lang)) {
$selected_lang = $GLOBALS['sugar_config']['default_language'];
}
require_once 'modules/ModuleBuilder/parsers/parser.label.php';
$labelParser = new ParserLabel($_REQUEST['view_module'], isset($_REQUEST['view_package']) ? $_REQUEST['view_package'] : null);
$labelParser->addLabels($selected_lang, array($_REQUEST['subpanel_title_key'] => remove_xss(from_html($_REQUEST['subpanel_title']))), $_REQUEST['view_module']);
}
}
// Bug 46291 - Missing widget_class for edit_button and remove_button
foreach ($this->_viewdefs as $key => $def) {
if (isset($this->_fielddefs[$key]['widget_class'])) {
$this->_viewdefs[$key]['widget_class'] = $this->_fielddefs[$key]['widget_class'];
}
}
$defs = $this->restoreInvisibleFields($this->_invisibleFields, $this->_viewdefs);
// unlike our parent, do not force the field names back to upper case
$defs = $this->makeRelateFieldsAsLink($defs);
$this->implementation->deploy($defs);
}
/**
* 从字符串中抓取远程图片
*
* @author tuzwu
* @createtime
* @modifytime
* @param
* @return string 替换后的字符串
*/
public function save_remote($str = '', $watermark_enable = false)
{
if (empty($str)) {
return false;
}
$list = $replace_array = array();
//这里存放结果map
$c1 = preg_match_all('/<img\\s.*?>/', $str, $m1);
//先取出所有img标签文本
for ($i = 0; $i < $c1; $i++) {
$c2 = preg_match_all('/(\\w+)\\s*=\\s*(?:(?:(["\'])(.*?)(?=\\2))|([^\\/\\s]*))/', $m1[0][$i], $m2);
//匹配所有属性
for ($j = 0; $j < $c2; $j++) {
$img_attr = $m2[1][$j];
if (!in_array($img_attr, array('src', 'alt', 'title'))) {
continue;
}
$list[$i][$img_attr] = !empty($m2[4][$j]) ? $m2[4][$j] : $m2[3][$j];
}
}
foreach ($list as $k => $v) {
if (strpos($v['src'], '://') === false || strpos_array($v['src'], array('127.0.0.1', 'localhost', ATTACHMENT_URL)) !== false) {
continue;
}
$alt = isset($v['alt']) ? remove_xss($v['alt']) : remove_xss($v['title']);
$new_path = $this->get_remote_file($v['src'], array('alt' => $alt));
if ($new_path) {
$replace_array['old'][] = $v['src'];
$replace_array['new'][] = $new_path;
}
}
return empty($replace_array['new']) ? $str : str_ireplace($replace_array['old'], $replace_array['new'], $str);
}
/**
* 添加公告
*/
public function add()
{
if (isset($GLOBALS['submit'])) {
if (empty($GLOBALS['usernames'])) {
MSG('收件人不能为空');
}
if (empty($GLOBALS['content'])) {
MSG('不能发送空白内容');
}
$formdata = array();
$formdata['content'] = remove_xss($GLOBALS['content']);
$formdata['addtime'] = SYS_TIME;
$formdata['uid'] = $_SESSION['uid'];
$formdata['username'] = $_SESSION['uid'];
$usernames = $GLOBALS['usernames'];
$usernames = explode(',', $usernames);
$success_user = $error_user = array();
foreach ($usernames as $name) {
$mr = $this->db->get_one('member', array('username' => $name));
if ($mr) {
$success_user[] = $name;
$formdata['touid'] = $mr['uid'];
$this->db->insert('message', $formdata);
} else {
$error_user[] = $name;
}
}
$success_user = implode(',', $success_user);
$error_user = implode(',', $error_user);
MSG('成功发送给:' . $success_user . '<br>失败用户名:' . $error_user);
} else {
$show_formjs = 1;
include $this->template('add');
}
}
public function push()
{
load("extend");
$data = array();
if (session('?uid')) {
$uid = session('uid');
$data['uid'] = $uid;
} elseif (session('?oid')) {
$oid = session('oid');
$data['oid'] = $oid;
}
//提交到数据库
$Advice = M('Advice');
//验证
$Advice->check('c', '1,200', 'length');
$content = $this->_post('c');
//过滤
$content = remove_xss($content);
$data['content'] = $content;
$data['ctime'] = time();
//提交
if ($Advice->add($data)) {
$this->ajaxReturn(1, '提交成功', 1);
} else {
$this->ajaxReturn(0, '提交失败', 1);
}
}
public function add()
{
$memberinfo = $this->memberinfo;
if (isset($GLOBALS['submit'])) {
$formdata = array();
$formdata['addressee'] = remove_xss($GLOBALS['addressee']);
$formdata['address'] = remove_xss($GLOBALS['address']);
$formdata['uid'] = $memberinfo['uid'];
if ($GLOBALS['LK1_1'] == '0') {
MSG('请选择所在地区省份', HTTP_REFERER);
}
if ($GLOBALS['LK1_2'] == '0') {
MSG('请选择所在地区市级', HTTP_REFERER);
}
$formdata['province'] = remove_xss($GLOBALS['LK1_1']);
$formdata['city'] = remove_xss($GLOBALS['LK1_2']);
$formdata['area'] = remove_xss(trim($GLOBALS['LK1_3'], '0'));
$formdata['mobile'] = remove_xss($GLOBALS['mobile']);
$formdata['tel'] = remove_xss($GLOBALS['tel1']) . '-' . remove_xss($GLOBALS['tel2']) . '-' . remove_xss($GLOBALS['tel2']);
$formdata['tel'] = rtrim($formdata['tel'], '-');
$formdata['zipcode'] = intval($GLOBALS['zipcode']);
$formdata['isdefault'] = intval($GLOBALS['isdefault']);
$GLOBALS['addressid'] = $this->db->insert('express_address', $formdata);
if ($formdata['isdefault']) {
$this->setdefault();
}
if ($GLOBALS['forward'] == 1) {
MSG(L('operation_success'), '/index?m=order&f=order_goods&v=cart');
} else {
MSG(L('operation_success'), '/index.php?m=order&f=address&v=listing&acbar=1');
}
}
include T('order', 'address_add');
}
/**
* 修改公告
*/
public function edit()
{
$id = intval($GLOBALS['id']);
if (isset($GLOBALS['submit'])) {
$formdata = $GLOBALS['form'];
$formdata['title'] = remove_xss($formdata['title']);
$formdata['note'] = remove_xss($formdata['note']);
$formdata['addtime'] = SYS_TIME;
$formdata['endtime'] = strtotime($GLOBALS['endtime']);
$formdata['publisher'] = get_cookie('username');
$formdata['css'] = 'color:#' . remove_xss(ltrim($GLOBALS['title_css'], '#') . ';' . $GLOBALS['font_weight']);
$linkageid = $this->db->update('affiche', $formdata, array('id' => $id));
MSG(L('operation success'), '?m=affiche&f=index&v=listing' . $this->su());
} else {
$show_formjs = 1;
$form = load_class('form');
load_function('admin');
$endtime = SYS_TIME + 86400 * 30;
$endtime = date('Y-m-d');
$r = $this->db->get_one('affiche', array('id' => $id));
$styles = style($r['css']);
//color:#ff0000;font-weight:bold
$font_weight = $styles['font-weight'];
$color = $styles['color'];
include $this->template('edit');
}
}
function index()
{
$data = '<LINK REL="stylesheet" href="javascript:alert(\'XSS\');">
<IMG src=\'vbscript:msgbox("XSS")\'>
<IMG src="mocha:[code]">
<IMG src="livescript:[code]">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'XSS\');">
<IFRAME src=javascript:alert(\'XSS\')></IFRAME>
<FRAMESET><FRAME src=javascript:alert(\'XSS\')></FRAME></FRAMESET>
<TABLE BACKGROUND="javascript:alert(\'XSS\')">
<DIV STYLE="background-image: url(javascript:alert(\'XSS\'))">
<DIV STYLE="behaviour: url(\'http://www.how-to-hack.org/exploit.html\');">
<DIV STYLE="width: expression(alert(\'XSS\'));">
<STYLE>@im\\port\'\\ja\\vasc\\ript:alert("XSS")\';</STYLE>
<IMG STYLE=\'xss:expre\\ssion(alert("XSS"))\'>
<STYLE TYPE="text/javascript">alert(\'XSS\');</STYLE>
<STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert(\'XSS\')");}</STYLE><A class="XSS"></A>
<STYLE type="text/css">BODY{background:url("javascript:alert(\'XSS\')")}</STYLE>
<DIV STYLE="background-image: url(http://www.baidu.com)">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC="jav
ascript:alert(\'XSS\');">
"<IMG SRC=java/0script:alert(\'XSS\')>";’ > out
<IMG SRC=" javascript:alert(\'XSS\');">
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
这里是中文
<IMG SRC="jav	ascript:alert(\'XSS\');">
<IMG SRC="jav
ascript:alert(\'XSS\');">
';
echo remove_xss($data);
}
public function ask()
{
$formdata = array();
$formdata['title'] = isset($GLOBALS['title']) ? remove_xss($GLOBALS['title']) : strcut($GLOBALS['content'], 80);
$formdata['content'] = $GLOBALS['content'];
$formdata['addtime'] = SYS_TIME;
$formdata['publisher'] = $this->memberinfo['username'];
$formdata['ip'] = get_ip();
$this->db->insert('guestbook', $formdata);
MSG('您的提问已经提交,我们的专家会尽快给您回复', '?m=guestbook&f=myissue&v=listing');
}
/**
* ajax获取tags,用于keyword表单字段的自动填充
*
* @author tuzwu
* @createtime
* @modifytime
* @param
* @return
*/
public function ajax_auto_complete()
{
$tag = isset($GLOBALS['term']) ? remove_xss($GLOBALS['term']) : MSG(L('parameter_error'));
$where = ' tag like "%' . $tag . '%" ';
$tag_info = $this->db->get_list('tag', $where, 'tag', 0, 10, 1);
foreach ($tag_info as $k => $v) {
$tag_info[$k]['label'] = $tag_info[$k]['value'] = $v['tag'];
unset($tag_info[$k]['tag']);
}
exit(json_encode($tag_info));
}
/**
* search mec
*/
public function search2()
{
$categorys = get_cache('category', 'content');
$cityname = remove_xss($GLOBALS['cityname']);
$page = max(intval($GLOBALS['page']), 1);
$urlrule = 'javascript:change_pagemap2({$page});';
$where = "`status`=9 AND `title` LIKE '%{$cityname}%'";
$result = $this->db->get_list('mec', $where, '*', 0, 10, $page, 'id DESC', '', '', $urlrule, '', 3);
$pages = $this->db->pages;
include T('content', 'map-search2', TPLID);
}
function dxss($string, $force = 1)
{
if (is_array($string)) {
$keys = array_keys($string);
foreach ($keys as $key) {
$val = $string[$key];
unset($string[$key]);
$string[$key] = dxss($val, $force);
}
} else {
$string = remove_xss($string);
}
return $string;
}
/**
* Takes in the request params from a save request and processes
* them for the save.
* @param REQUEST $params Labels as "label_".System label => Display label pairs
* @param string $language Language key, for example 'en_us'
*/
function handleSave($params, $language)
{
$labels = array();
foreach ($params as $key => $value) {
if (preg_match('/^label_/', $key) && strcmp($value, 'no_change') != 0) {
$labels[strtoupper(substr($key, 6))] = remove_xss(from_html($value), false);
}
}
if (!empty($this->packageName)) {
return self::addLabels($language, $labels, $this->moduleName, "custom/modulebuilder/packages/{$this->packageName}/modules/{$this->moduleName}/language");
} else {
return self::addLabels($language, $labels, $this->moduleName);
}
}
private function _escape_data($data)
{
if (!is_array($data) || count($data) == 0) {
return $data;
}
foreach ($data as $key => $value) {
$html_flg = preg_match('/^html/', $key);
if (is_array($value)) {
$data[$key] = $this->_escape_data($value);
} else {
if (is_string($value) && !$html_flg) {
$data[$key] = remove_xss(htmlspecialchars($value));
}
}
}
return $data;
}
function login_sub()
{
$_POST['admin_name'] == NULL || $_POST['admin_pwd'] == NULL && exit;
if (isset($_COOKIE['qcs_auth'])) {
$id = explode("\t", strcode($_COOKIE['qcs_auth'], $this->setting['auth_key'], 'DECODE'));
(!is_numeric($id[0]) || $id[0] != 1) && $this->redirect('Index/index');
} else {
$this->redirect('Account/login');
}
if (M('user')->where(array('name' => remove_xss($_POST['admin_name']), 'pwd' => pwd_encode($_POST['admin_pwd'])))->getField('id') == 1) {
Session::set('aid', 1);
$this->redirect('Admin/main');
} else {
$this->assign('script', '<script>alert("您的输入有误,请重新输入")</script>');
$this->display('Admin/login');
}
}
/**
* 编辑来源
*/
public function edit()
{
$fromid = intval($GLOBALS['fromid']);
if (isset($GLOBALS['submit'])) {
$formdata = array();
$formdata['name'] = remove_xss($GLOBALS['form']['name']);
$formdata['url'] = remove_xss($GLOBALS['form']['url']);
$formdata['logo'] = remove_xss($GLOBALS['form']['logo']);
$formdata['updatetime'] = '0000-00-00 00:00:00';
$this->db->update('copyfrom', $formdata, array('fromid' => $fromid));
MSG(L('operation success'), HTTP_REFERER);
} else {
$show_formjs = 1;
$form = load_class('form');
$r = $this->db->get_one('copyfrom', array('fromid' => $fromid));
include $this->template('copyfrom_edit');
}
}
public function insert()
{
$rs = D("Home.User");
if ($rs->create()) {
$userid = $rs->add();
if ($userid) {
$username = remove_xss(trim($_POST['username']));
$userpwd = md5(trim($_POST['userpwd']));
$rs->addcookie($username, $userpwd, $userid);
$this->assign("jumpUrl", 'index.php?s=User/Show');
$this->success('恭喜您,注册成功,马上进入用户中心!');
} else {
$this->error('注册失败,请重试!');
}
} else {
$this->error($rs->getError());
}
}
/**
* 安全过滤函数
*
* @param $string
* @return string
*/
function safe_replace($string)
{
$string = str_replace('%20', '', $string);
$string = str_replace('%27', '', $string);
$string = str_replace('%2527', '', $string);
$string = str_replace('*', '', $string);
$string = str_replace('"', '"', $string);
$string = str_replace("'", '', $string);
$string = str_replace('"', '', $string);
$string = str_replace(';', '', $string);
$string = str_replace('<', '<', $string);
$string = str_replace('>', '>', $string);
$string = str_replace("{", '', $string);
$string = str_replace('}', '', $string);
$string = str_replace('\\', '', $string);
$string = remove_xss($string);
return $string;
}
public function update()
{
//输出gb2312码,ajax默认转的是utf-8
header("Content-type: text/html; charset=utf-8");
if (!isset($_POST['author']) or !isset($_POST['content'])) {
alert('非法操作!', 3);
}
//读取数据库和缓存
$pl = M('guestbook');
$config = F('basic', '', './Web/Conf/');
//相关判断
if (Session::is_set('posttime')) {
$temp = Session::get('posttime') + $config['postovertime'];
if (time() < $temp) {
echo "请不要连续发布!";
exit;
}
}
//准备工作
if ($config['bookoff'] == 0) {
$data['status'] = 0;
}
//先解密js的escape
$data['author'] = htmlspecialchars(unescape($_POST['author']));
$data['content'] = htmlspecialchars(trim(unescape($_POST['content'])));
$data['title'] = htmlspecialchars(trim(unescape($_POST['title'])));
$data['tel'] = htmlspecialchars(trim(unescape($_POST['tel'])));
$data['ip'] = remove_xss(htmlentities(get_client_ip()));
$data['addtime'] = date('Y-m-d H:i:s');
//处理数据
if ($pl->add($data)) {
Session::set('posttime', time());
if ($config['bookoff'] == 0) {
echo '发布成功,留言需要管理员审核!';
exit;
} else {
echo '发布成功!';
exit;
}
} else {
echo '发布失败!';
exit;
}
}
/**
* 回复
*/
public function reply()
{
$id = $GLOBALS['id'];
$reply_user = get_cookie('wz_name');
if (isset($GLOBALS['submit'])) {
$status = 9;
if (!empty($GLOBALS['reply_user'])) {
$reply_user = remove_xss($GLOBALS['reply_user']);
}
$this->db->update('guestbook', array('status' => $status, 'reply' => $GLOBALS['reply'], 'replytime' => SYS_TIME, 'reply_user' => $reply_user), array('id' => $id));
$r = $this->db->get_one('guestbook', array('id' => $id));
$mr = $this->db->get_one('member', array('username' => $r['publisher']));
//邮箱有验证状态时发送邮件通知
if ($mr['ischeck_email']) {
load_function('preg_check');
$config = get_cache('sendmail');
$password = decode($config['password']);
//load_function('sendmail');
$subject = '有人回复了您的提问,请登录查询';
$message = "提问内容:" . $r['title'] . "<br>详细回复请登录:<br><a href='" . WEBURL . "index.php?m=guestbook&f=myissue&v=listing' target='_blank'>" . WEBURL . 'index.php?m=guestbook&f=myissue&v=listing</a> 查看';
$mail = load_class('sendmail');
$mail->setServer($config['smtp_server'], $config['smtp_user'], $password);
//设置smtp服务器,普通连接方式
$mail->setFrom($config['send_email']);
//设置发件人
$mail->setReceiver($mr['email']);
//设置收件人,多个收件人,调用多次
$mail->setMail($subject, $message);
//设置邮件主题、内容
$mail->sendMail();
//发送
}
MSG(L('operation success'), $GLOBALS['forward']);
} else {
load_class('form');
$r = $this->db->get_one('guestbook', array('id' => $id));
$model_r = $this->db->get_one('model', array('m' => 'guestbook'));
require get_cache_path('guestbook_form', 'model');
$form_build = new form_build($model_r['modelid']);
$formdata = $form_build->execute($r);
include $this->template('reply');
}
}
/**
* 发货
*/
public function send()
{
$orderid = intval($GLOBALS['orderid']);
if (isset($GLOBALS['submit'])) {
$formdata = array();
$formdata['post_time'] = SYS_TIME;
$formdata['status'] = 3;
$formdata['express'] = $GLOBALS['express'];
$formdata['snid'] = remove_xss($GLOBALS['snid']);
$formdata['note'] = remove_xss($GLOBALS['note']);
$this->db->update('order_point', $formdata, array('orderid' => $orderid));
MSG(L('operation_success') . '<script>top.window.frames["iframeid"].location.reload();top.dialog.get(window).close().remove();</script>');
} else {
$r = $this->db->get_one('order_point', array('orderid' => $orderid));
$er = $this->db->get_one('express_address', array('addressid' => $r['addressid']));
$result = $this->db->get_list('express', '', '*', 0, 50, 0, 'eid ASC');
include $this->template('send');
}
}
/**
* 积分入帐
*/
public function add()
{
$config = get_cache('point_config');
if ($config['status'] != 1) {
MSG('未开启后台积分入帐,如需开启请在积分配置中开启');
}
if (isset($GLOBALS['submit'])) {
load_function('common', 'pay');
$formdata = array();
$formdata['username'] = remove_xss($GLOBALS['username']);
$mr = $this->db->get_one('member', array('username' => $formdata['username']));
if (!$mr) {
MSG('用户不存在');
}
$formdata['uid'] = $mr['uid'];
$plus_minus = intval($GLOBALS['plus_minus']);
$username = get_cookie('username');
$point = intval($GLOBALS['point']);
if ($plus_minus == 1) {
$plus_minus_type = '增加';
$plus_minus = '+';
$left_point = $mr['points'] + $point;
} else {
$plus_minus_type = '减少';
$plus_minus = '-';
$left_point = $mr['points'] - $point;
if ($left_point <= 0) {
MSG('用户积分为:' . $mr['points'] . ',不足扣除' . $point);
}
}
$payname = $username . '后台管理:' . $plus_minus_type . '积分,用户剩余积分:' . $left_point . '<br>' . $GLOBALS['note'];
$credit_api = load_class('credit_api', 'credit');
$credit_api->handle($mr['uid'], $plus_minus, $point, $payname);
MSG(L('operation success'), HTTP_REFERER);
} else {
$show_formjs = 1;
$form = load_class('form');
$options = $this->db->get_list('kind', array('keyid' => 'link'));
$options = key_value($options, 'kid', 'name');
include $this->template('add');
}
}
public function add()
{
$seo_title = '发私信';
$memberinfo = $this->memberinfo;
if (isset($GLOBALS['submit'])) {
$tousername = sql_replace($GLOBALS['tousername']);
if ($tousername == '') {
MSG('用户名错误');
}
$r = $this->db->get_one('member', array('username' => $tousername));
if (!$r) {
MSG('用户名错误');
}
$content = remove_xss($GLOBALS['content']);
$this->db->insert('message', array('uid' => $memberinfo['uid'], 'touid' => $r['uid'], 'username' => $memberinfo['username'], 'addtime' => SYS_TIME, 'content' => $content));
MSG('私信发送成功', HTTP_REFERER);
} else {
$username = isset($GLOBALS['username']) ? remove_xss($GLOBALS['username']) : '';
include T('message', 'add');
}
}
/**
* 添加敏感词
*/
public function add()
{
if (isset($GLOBALS['submit'])) {
$words = explode("\n", $GLOBALS['badword']);
foreach ($words as $word) {
$word = trim($word);
if (empty($word)) {
continue;
}
$uid = $_SESSION['uid'];
$r = $this->db->get_one('badword', array('word' => $word));
if ($r) {
continue;
}
$word = remove_xss($word);
$this->db->insert('badword', array('word' => $word, 'addtime' => SYS_TIME, 'uid' => $uid));
}
MSG(L('operation success'), HTTP_REFERER);
} else {
include $this->template('badword_add');
}
}
/**
* 修改公告
*/
public function edit()
{
$id = intval($GLOBALS['id']);
if (isset($GLOBALS['submit'])) {
$formdata = $GLOBALS['form'];
$formdata['title'] = remove_xss($formdata['title']);
$formdata['thumb'] = remove_xss($formdata['thumb']);
$linkageid = $this->db->update('express', $formdata, array('eid' => $id));
MSG(L('operation success'), '?m=order&f=express&v=listing' . $this->su());
} else {
$show_formjs = 1;
$form = load_class('form');
load_function('admin');
$endtime = SYS_TIME + 86400 * 30;
$endtime = date('Y-m-d');
$r = $this->db->get_one('express', array('eid' => $id));
$styles = style($r['css']);
//color:#ff0000;font-weight:bold
$font_weight = $styles['font-weight'];
$color = $styles['color'];
include $this->template('express_edit');
}
}
/**
* 申请
*/
public function apply()
{
$memberinfo = $this->memberinfo;
$orderid = intval($GLOBALS['orderid']);
$r = $this->db->get_one('receipt', array('uid' => $memberinfo['uid'], 'orderid' => $orderid));
if ($r) {
MSG('您没有需要开具的订单');
}
$where = "`uid`=" . $memberinfo['uid'] . " AND `orderid`='{$orderid}' AND `status` IN(1,5)";
$order_result = $this->db->get_one('order_goods', $where);
if (!$order_result) {
MSG('您没有需要开具的订单');
}
if (empty($GLOBALS['title'])) {
MSG('请填写发票抬头');
}
if (empty($GLOBALS['linkman'])) {
MSG('请填写联系人名称');
}
if (empty($GLOBALS['address'])) {
MSG('请填写联系人地址');
}
if (empty($GLOBALS['tel'])) {
MSG('请填写联系人电话');
}
$formdata = array();
$formdata['orderid'] = $orderid;
$formdata['title'] = remove_xss($GLOBALS['title']);
$formdata['linkman'] = remove_xss($GLOBALS['linkman']);
$formdata['address'] = remove_xss($GLOBALS['address']);
$formdata['tel'] = remove_xss($GLOBALS['tel']);
$formdata['zip'] = intval($GLOBALS['zip']);
$formdata['uid'] = $memberinfo['uid'];
$formdata['addtime'] = SYS_TIME;
$this->db->insert('receipt', $formdata);
MSG('发票申请已提交', HTTP_REFERER);
}
/**
* 编辑个人信息
*/
public function edit_info()
{
$uid = $_SESSION['uid'];
if (isset($GLOBALS['submit'])) {
$formdata = array();
if (empty($GLOBALS['form']['password'])) {
$formdata['password'] = '';
} else {
$factor = substr(random_string('md5'), 0, 6);
$password = md5(md5($GLOBALS['form']['password']) . $factor);
$formdata['password'] = $password;
$formdata['factor'] = $factor;
}
$GLOBALS['form'] = remove_xss($GLOBALS['form']);
$formdata['truename'] = $GLOBALS['form']['truename'];
$formdata['lang'] = $GLOBALS['form']['lang'];
$formdata['department'] = $GLOBALS['form']['department'];
$formdata['face'] = $GLOBALS['form']['face'];
$formdata['lang'] = $GLOBALS['form']['lang'];
$formdata['email'] = $GLOBALS['form']['email'];
$formdata['tel'] = $GLOBALS['form']['tel'];
$formdata['mobile'] = $GLOBALS['form']['mobile'];
$formdata['remark'] = $GLOBALS['form']['remark'];
$this->db->update('admin', $formdata, array('uid' => $uid));
MSG(L('edit success'), HTTP_REFERER);
} else {
$show_formjs = 1;
$form = load_class('form');
$roles = $this->db->get_list('admin_role', '', '*', 0, 100);
$r = $this->db->get_one('admin', array('uid' => $uid));
$mr = $this->db->get_one('member', array('uid' => $uid));
$username = $mr['username'];
$langs = array('zh-cn' => '中文');
include $this->template('edit_info');
}
}
/**
* 修改配置
*/
public function edit()
{
$id = intval($GLOBALS['id']);
$r = $this->db->get_one('payment', array('id' => $id));
if (!$r) {
MSG('支付方式不存在');
}
if (isset($GLOBALS['submit'])) {
$formdata = array();
$formdata['note'] = isset($GLOBALS['note']) ? remove_xss($GLOBALS['note']) : '';
$formdata['setting'] = isset($GLOBALS['setting']) ? serialize($GLOBALS['setting']) : '';
$formdata['status'] = intval($GLOBALS['status']);
$this->db->update('payment', $formdata, array('id' => $id));
MSG(L('operation_success'), '?m=pay&f=pay_config&v=listing' . $this->su(), 500);
} else {
if ($r['status'] == 0) {
MSG('该功能尚未开发,如需帮助,请联系我们!');
}
$show_formjs = 1;
$setting = array();
$setting = unserialize($r['setting']);
include $this->template('config_' . $id);
}
}
/**
* 修改友情链接
*/
public function edit()
{
$linkid = intval($GLOBALS['linkid']);
if (isset($GLOBALS['submit'])) {
$formdata = array();
$formdata['sitename'] = remove_xss($GLOBALS['form']['sitename']);
$formdata['url'] = remove_xss($GLOBALS['form']['url']);
$formdata['logo'] = remove_xss($GLOBALS['form']['logo']);
$formdata['remark'] = remove_xss($GLOBALS['form']['remark']);
$formdata['username'] = get_cookie('username');
$formdata['addtime'] = SYS_TIME;
$formdata['kid'] = intval($GLOBALS['form']['kid']);
$this->db->update('link', $formdata, array('linkid' => $linkid));
$forward = $GLOBALS['forward'];
MSG(L('operation success'), $forward);
} else {
$show_formjs = 1;
$form = load_class('form');
$r = $this->db->get_one('link', array('linkid' => $linkid));
$options = $this->db->get_list('kind', array('keyid' => 'link'));
$options = key_value($options, 'kid', 'name');
include $this->template('edit');
}
}
public function save()
{
$id = intval($this->input->post('id'));
$user = $this->input->post('user', true);
$singer = $this->input->post('singer', true);
$addtime = $this->input->post('addtime', true);
$data['yid'] = intval($this->input->post('yid'));
$data['tid'] = intval($this->input->post('tid'));
$data['cid'] = intval($this->input->post('cid'));
$data['name'] = $this->input->post('name', true);
$data['pic'] = $this->input->post('pic', true);
$data['neir'] = remove_xss($this->input->post('neir'));
$data['hits'] = intval($this->input->post('hits'));
$data['yhits'] = intval($this->input->post('yhits'));
$data['zhits'] = intval($this->input->post('zhits'));
$data['rhits'] = intval($this->input->post('rhits'));
$data['shits'] = intval($this->input->post('shits'));
$data['tags'] = $this->input->post('tags', true);
$data['color'] = $this->input->post('color', true);
$data['singerid'] = intval(getzd('singer', 'id', $singer, 'name'));
$data['uid'] = intval(getzd('user', 'id', $user, 'name'));
$data['neir'] = remove_xss($this->input->post('neir'));
$data['diqu'] = $this->input->post('diqu', true);
$data['yuyan'] = $this->input->post('yuyan', true);
$data['year'] = $this->input->post('year', true);
$data['fxgs'] = $this->input->post('fxgs', true);
$data['skins'] = $this->input->post('skins', true);
$data['title'] = $this->input->post('title', true);
$data['keywords'] = $this->input->post('keywords', true);
$data['description'] = $this->input->post('description', true);
if (empty($data['name'])) {
admin_msg(L('plub_85'), 'javascript:history.back();', 'no');
}
if ($id == 0) {
//新增
$data['addtime'] = time();
$this->CsdjDB->get_insert('dance_topic', $data);
} else {
if ($data['tid'] == 0) {
$this->dt($id);
}
if ($addtime == 'ok') {
$data['addtime'] = time();
}
$this->CsdjDB->get_update('dance_topic', $id, $data);
}
admin_msg(L('plub_70'), site_url('dance/admin/topic'), 'ok');
//操作成功
}
/**
*发表话题
*@date 2010-6-4
*@time 下午04:36:18
*/
function add_post()
{
//搜索群组
if (!$this->_is_login()) {
$this->ajaxReturn('login', "Login please.", '0');
}
$dao = D("Post");
$vo = $dao->create();
if ($vo) {
if (empty($vo['message'])) {
$this->ajaxReturn('0', 'You must fill in the field of "Content".', '0');
}
$vo['title'] = $vo['title'] ? $vo['title'] : "";
$vo['aid'] = $vo['aid'] ? $vo['aid'] : "0";
$vo['qid'] = $vo['qid'] ? $vo['qid'] : "0";
$vo['l'] = $vo['l'] ? $vo['l'] : "1";
$vo['topid'] = $vo['topid'] ? $vo['topid'] : "0";
$vo['requery'] = $vo['requery'] ? $vo['requery'] : "0";
$vo['qidstr'] = $vo['qidstr'] ? $vo['qidstr'] : "0";
$vo['message'] = nl2br(remove_xss($vo['message']));
$vo['is_show'] = 1;
if ($vo['topid'] != '0' && $vo['qid'] == '0') {
//主题的回复
$top = $dao->where("topid={$vo['topid']}")->field('id,l,topid')->order("l DESC")->find();
$vo['l'] = $top['l'] + 1;
} elseif ($vo['topid'] == '0' && $vo['qid'] == '0') {
//主题
$vo['l'] = '0';
} elseif ($vo['topid'] != '0' && $vo['qid'] != '0') {
//主题回复的回复
$top = $dao->where("qid={$vo['qid']}")->field('id,l,topid')->order("l DESC")->find();
$vo['l'] = $top['l'] + 1;
}
//dump($vo);
$pid = $dao->add($vo);
if ($pid) {
if ($vo['topid'] != '0') {
$this->posts_lasttime($vo['topid']);
}
$data = $dao->where("id={$pid}")->find();
$data['dateline'] = toDate($data['dateline'], 'Y-m-d');
$data['lasttime'] = toDate($data['lasttime'], 'Y-m-d');
if ($data['l'] == '0') {
$this->edit_thread($data['gid']);
} else {
$this->edit_thread($data['gid'], 2);
}
$this->ajaxReturn($data, "You’ve sent successfully.", '1');
} else {
$this->ajaxReturn('0', "You’ve sent successfully.", '0');
}
} else {
$this->ajaxReturn('0', 'Replied successfully!', '0');
}
}