public function doIndex_BoxPost()
{
$rc['login'] = bus('post')['login'];
$rc['password'] = bus('post')['password'];
$rc['groupId'] = intval(bus('post')['group']);
$rc['des'] = bus('post')['des'];
//addslashes()和stripslashes()
//监测空值
if (empty($rc['login']) || empty($rc['login'])) {
echo json_encode(['code' => -200, 'msg' => '用户名或密码空']);
exit;
}
//监测重复
$login = saddslashes($rc['login']);
$sql = "select count(*) from user where login = '******'";
$num = sapp('db')->getone($sql);
if ($num) {
echo json_encode(['code' => -200, 'msg' => '该用户名存在']);
exit;
}
//hash
$rc['password'] = shamhash($rc['password']);
//--------------------------------------------------------
$rc = saddslashes($rc);
sapp('db')->autoExecute('user', $rc, 'INSERT');
//--------------------------------------------------------
echo json_encode(['code' => 200, 'msg' => '-']);
}
function _init_input()
{
global $_G;
if (!MAGIC_QUOTES_GPC) {
$_GET = saddslashes($_GET);
$_POST = saddslashes($_POST);
$_COOKIE = saddslashes($_COOKIE);
$_FILES = saddslashes($_FILES);
}
$prelength = strlen($_G['config']['cookie']['cookiepre']);
foreach ($_COOKIE as $key => $value) {
if (substr($key, 0, $prelength) == $_G['config']['cookie']['cookiepre']) {
$_G['cookie'][substr($key, $prelength)] = $value;
}
}
$_G['inajax'] = empty($_GET['inajax']) ? 0 : intval($_GET['inajax']);
$_G['page'] = $_GET['page'] = isset($_GET['page']) && intval($_GET['page']) > 0 ? intval($_GET['page']) : 1;
if (substr($_G['setting']['attachmentdir'], 0, 2) == './') {
define('A_DIR', B_ROOT . $_G['setting']['attachmentdir']);
} else {
define('A_DIR', $_G['setting']['attachmentdir']);
}
if (empty($_G['setting']['attachmenturl']) && substr($_G['setting']['attachmentdir'], 0, 2) == './') {
$_G['setting']['attachmenturl'] = substr($_G['setting']['attachmentdir'], 2);
}
if (empty($_G['setting']['attachmenturl'])) {
$_G['setting']['attachmenturl'] = 'attachments';
}
// 外部調用帶絕對地址
define('A_URL', B_URL . '/' . $_G['setting']['attachmenturl']);
}
function saddslashes($string)
{
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = saddslashes($val);
}
} else {
$string = addslashes($string);
}
return $string;
}
function xmltag_close($parser, $tag)
{
$flag = false;
switch ($tag) {
case 'int':
case 'i4':
$value = intval(trim($this->xmlmessage->tag_content));
$flag = true;
break;
case 'double':
$value = (double) trim($this->xmlmessage->tag_content);
$flag = true;
break;
case 'string':
$value = $this->xmlmessage->tag_content;
$flag = true;
break;
case 'dateTime.iso8601':
$value = $this->convertDate($this->xmlmessage->tag_content);
$flag = true;
break;
case 'value':
if (trim($this->xmlmessage->tag_content) != '' || $this->xmlmessage->last_open == 'value') {
$value = (string) trim($this->xmlmessage->tag_content);
$flag = true;
}
break;
case 'boolean':
$value = (bool) trim($this->xmlmessage->tag_content);
$flag = true;
break;
case 'base64':
$value = saddslashes(base64_decode(trim($this->xmlmessage->tag_content)));
$flag = true;
break;
case 'data':
case 'struct':
$value = array_pop($this->xmlmessage->structs);
array_pop($this->xmlmessage->structTypes);
$flag = true;
break;
case 'member':
array_pop($this->xmlmessage->struct_name);
break;
case 'name':
$this->xmlmessage->struct_name[] = trim($this->xmlmessage->tag_content);
break;
case 'methodName':
$this->xmlmessage->methodname = trim($this->xmlmessage->tag_content);
break;
}
if ($flag) {
if (count($this->xmlmessage->structs) > 0) {
if ($this->xmlmessage->structTypes[count($this->xmlmessage->structTypes) - 1] == 'struct') {
$this->xmlmessage->structs[count($this->xmlmessage->structs) - 1][$this->xmlmessage->struct_name[count($this->xmlmessage->struct_name) - 1]] = $value;
} else {
$this->xmlmessage->structs[count($this->xmlmessage->structs) - 1][] = $value;
}
} else {
$this->xmlmessage->params[] = $value;
}
}
if (!in_array($tag, array('data', 'struct', 'member'))) {
$this->xmlmessage->tag_content = '';
}
}
//附件如何处理?
if ($value['haveattach']) {
$subquery = $_SGLOBAL['db']->query("SELECT * FROM {$tpre}attachments WHERE itemid='{$value['itemid']}'");
while ($subvalue = $_SGLOBAL['db']->fetch_array($subquery)) {
if (strexists($value['message'], $value['filepath']) || strexists($value['message'], $value['thumbpath'])) {
continue;
}
if ($subvalue['isimage']) {
//图片
$value['message'] .= "<div><img src=\"{$_SC[attachurl]}{$subvalue['filepath']}\"></div>";
} else {
$value['message'] .= "<div><strong>文件</strong>: <a href=\"{$_SC[attachurl]}{$subvalue['filepath']}\">{$subvalue['filename']}</a></div>";
}
}
}
$value = saddslashes($value);
$setarr = array('blogid' => $value['itemid'], 'uid' => $value['uid'], 'username' => $value['username'], 'subject' => $value['subject'], 'classid' => $value['itemtypeid'], 'viewnum' => $value['viewnum'], 'replynum' => $value['replynum'], 'dateline' => $value['dateline'], 'noreply' => empty($value['allowreply']) ? 1 : 0, 'friend' => $value['folder'] > 1 ? 1 : 0);
inserttable('blog', $setarr, 0, true);
$setarr = array('blogid' => $value['itemid'], 'message' => message_replace($value['message']), 'postip' => $value['postip']);
inserttable('blogfield', $setarr, 0, true);
}
show_next('图片主题数据');
} elseif ($_GET['step'] == 13) {
$msg = <<<EOF
\t<form method="post" action="convert.php">
\t<table>
\t<tr><td colspan="2">数据转换完成!<br><br>
\t最后,请输入你的用户名,系统将您设为UCenter Home的管理员!
\t</td></tr>
\t<tr><td>您的用户名</td><td><input type="text" name="username" value="" size="30"></td></tr>
\t<tr><td></td><td><input type="submit" name="opensubmit" value="设为管理员"></td></tr>
}
include_once S_ROOT . './function/common.func.php';
@(include_once S_ROOT . './data/system/config.cache.php');
$_SCONFIG = array_merge($_SSCONFIG, $_SC);
//合并配置
extract($_SC);
if (!get_magic_quotes_gpc()) {
$_GET = saddslashes($_GET);
$_POST = saddslashes($_POST);
$_COOKIE = saddslashes($_COOKIE);
}
//COOKIE
$prelength = strlen($_SC['cookiepre']);
foreach ($_COOKIE as $key => $val) {
if (substr($key, 0, $prelength) == $_SC['cookiepre']) {
$_SCOOKIE[substr($key, $prelength)] = empty($magic_quote) ? saddslashes($val) : $val;
}
}
$mtime = explode(' ', microtime());
$_SGLOBAL['supe_starttime'] = $mtime[1] + $mtime[0];
$_SGLOBAL['timestamp'] = time();
$_SGLOBAL['inajax'] = empty($_GET['inajax']) ? 0 : intval($_GET['inajax']);
define('S_URL', $_SC['siteurl']);
define('B_URL', $_SC['bbsurl']);
if (!empty($_SC['bbsver'])) {
define('B_VER', $_SC['bbsver'] >= 5 ? 5 : $_SC['bbsver']);
}
if (!empty($headercharset)) {
header('Content-Type: text/html; charset=' . $_SC['charset']);
}
//ONLINE IP
function synlogin($get, $post)
{
global $_SGLOBAL;
if (!API_SYNLOGIN) {
return API_RETURN_FORBIDDEN;
}
//note 同步登录 API 接口
obclean();
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
$cookietime = 31536000;
$uid = intval($get['uid']);
$query = $_SGLOBAL['db']->query("SELECT uid, username, password FROM " . tname('member') . " WHERE uid='{$uid}'");
if ($member = $_SGLOBAL['db']->fetch_array($query)) {
include_once S_ROOT . './source/function_space.php';
$member = saddslashes($member);
$space = insertsession($member);
//设置cookie
ssetcookie('auth', authcode("{$member['password']}\t{$member['uid']}", 'ENCODE'), $cookietime);
}
ssetcookie('loginuser', $get['username'], $cookietime);
}
function getstr($string, $length, $in_slashes = 0, $out_slashes = 0, $censor = 0, $bbcode = 0, $html = 0)
{
global $_SC, $_SGLOBAL;
$string = trim($string);
if ($in_slashes) {
//传入的字符有slashes
$string = sstripslashes($string);
}
if ($html < 0) {
//去掉html标签
$string = preg_replace("/(\\<[^\\<]*\\>|\r|\n|\\s|\\[.+?\\])/is", ' ', $string);
$string = shtmlspecialchars($string);
} elseif ($html == 0) {
//转换html标签
$string = shtmlspecialchars($string);
}
if ($censor) {
//词语屏蔽
@(include_once S_ROOT . './data/data_censor.php');
if ($_SGLOBAL['censor']['banned'] && preg_match($_SGLOBAL['censor']['banned'], $string)) {
showmessage('information_contains_the_shielding_text');
} else {
$string = empty($_SGLOBAL['censor']['filter']) ? $string : @preg_replace($_SGLOBAL['censor']['filter']['find'], $_SGLOBAL['censor']['filter']['replace'], $string);
}
}
if ($length && strlen($string) > $length) {
//截断字符
$wordscut = '';
if (strtolower($_SC['charset']) == 'utf-8') {
//utf8编码
$n = 0;
$tn = 0;
$noc = 0;
while ($n < strlen($string)) {
$t = ord($string[$n]);
if ($t == 9 || $t == 10 || 32 <= $t && $t <= 126) {
$tn = 1;
$n++;
$noc++;
} elseif (194 <= $t && $t <= 223) {
$tn = 2;
$n += 2;
$noc += 2;
} elseif (224 <= $t && $t < 239) {
$tn = 3;
$n += 3;
$noc += 2;
} elseif (240 <= $t && $t <= 247) {
$tn = 4;
$n += 4;
$noc += 2;
} elseif (248 <= $t && $t <= 251) {
$tn = 5;
$n += 5;
$noc += 2;
} elseif ($t == 252 || $t == 253) {
$tn = 6;
$n += 6;
$noc += 2;
} else {
$n++;
}
if ($noc >= $length) {
break;
}
}
if ($noc > $length) {
$n -= $tn;
}
$wordscut = substr($string, 0, $n);
} else {
for ($i = 0; $i < $length - 1; $i++) {
if (ord($string[$i]) > 127) {
$wordscut .= $string[$i] . $string[$i + 1];
$i++;
} else {
$wordscut .= $string[$i];
}
}
}
$string = $wordscut;
}
if ($bbcode) {
include_once S_ROOT . './source/function_bbcode.php';
$string = bbcode($string, $bbcode);
}
if ($out_slashes) {
$string = saddslashes($string);
}
return trim($string);
}
function uploadfile($valuearr, $mid = 2, $itemid = 0, $havethumb = 1, $width = 100, $height = 100)
{
global $_G, $_SGLOBAL;
$setsqlarr = array();
$hash = getmodelhash($mid, $itemid);
if (!empty($valuearr)) {
foreach ($valuearr as $value) {
if (!preg_match("/^(img|flash|file)\$/i", $value['formtype'])) {
continue;
}
$filearr = $_FILES[$value['fieldname']];
if (!empty($filearr['name'])) {
$setsqlarr[$value['fieldname']] = array('fieldcomment' => $value['fieldcomment'], 'filepath' => '', 'error' => '', 'aid' => '');
if (empty($filearr['size']) || empty($filearr['tmp_name'])) {
//獲取上傳文件大小失敗,請選擇其他文件上傳
$setsqlarr[$value['fieldname']]['error'] = modelmsg('get_upload_size_error');
break;
}
$fileext = fileext($filearr['name']);
if ($value['fieldname'] == 'subjectimage') {
$newfilearr = loadClass('attach')->savelocalfile($filearr, array($width, $height), '', 1);
//標題圖片上傳
} else {
list($width, $height) = explode(',', $value['thumbsize']);
$newfilearr = loadClass('attach')->savelocalfile($filearr, array($width, $height), '', 1);
//自定義圖片上傳
}
if ($value['formtype'] == 'img') {
$attachinfo = @getimagesize(A_DIR . '/' . $newfilearr['file']);
if (empty($attachinfo) || $attachinfo[2] < 1 && $attachinfo[2] > 3) {
$setsqlarr[$value['fieldname']]['error'] = modelmsg('get_upload_size_error');
@unlink(A_DIR . '/' . $newfilearr['file']);
if ($newfilearr['thumb'] != $newfilearr['file']) {
@unlink(A_DIR . '/' . $newfilearr['thumb']);
}
break;
}
}
if (empty($newfilearr['file'])) {
//上傳文件失敗,請您稍後嘗試重新上傳
$setsqlarr[$value['fieldname']]['error'] = modelmsg('upload_error');
break;
}
//數據庫
$insertsqlarr = array('uid' => $_G['uid'], 'dateline' => $_G['timestamp'], 'filename' => saddslashes($filearr['name']), 'subject' => $value['fieldname'], 'attachtype' => $fileext, 'isimage' => in_array($fileext, array('jpg', 'jpeg', 'gif', 'png')) ? 1 : 0, 'size' => $filearr['size'], 'filepath' => $newfilearr['file'], 'thumbpath' => $newfilearr['thumb'], 'hash' => $hash);
$aid = inserttable('attachments', $insertsqlarr, 1);
$setsqlarr[$value['fieldname']]['filepath'] = $value['formtype'] != 'file' ? $newfilearr['file'] : $aid;
$setsqlarr[$value['fieldname']]['aid'] = $aid;
}
}
}
return $setsqlarr;
}
/**
* 用户输入转义
*/
function saddslashes($string)
{
if (!get_magic_quotes_gpc()) {
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = saddslashes($val);
}
} else {
$string = addslashes($string);
}
}
return $string;
}
function saveurlarr($msgarr, $varname)
{
global $_SGLOBAL;
global $thevalue, $_SCONFIG;
include_once S_ROOT . './function/upload.func.php';
$isimage = 0;
if ($varname == 'picarr') {
$isimage = 1;
}
if (!empty($msgarr[$varname]) && is_array($msgarr[$varname])) {
foreach ($msgarr[$varname] as $ukey => $url) {
if ($isimage) {
$patharr = saveremotefile($url, $_SCONFIG['thumbarray']['news']);
} else {
$patharr = saveremotefile($url, array(), 0);
}
$subject = strtolower(trim(substr($patharr['name'], 0, strrpos($patharr['name'], '.'))));
$msgarr['patharr'][] = array('uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp'], 'catid' => $msgarr['importcatid'], 'itemid' => 0, 'filename' => saddslashes($patharr['name']), 'subject' => trim(shtmlspecialchars($subject)), 'attachtype' => $patharr['type'], 'type' => 'news', 'isimage' => in_array($patharr['type'], array('jpg', 'jpeg', 'gif', 'png')) ? 1 : 0, 'size' => $patharr['size'], 'filepath' => $patharr['file'], 'thumbpath' => $patharr['thumb'], 'isavailable' => 1, 'hash' => '');
if (!empty($patharr['file'])) {
$msgarr['message'] = str_replace($url, A_URL . '/' . $patharr['file'], $msgarr['message']);
$msgarr[$varname][$ukey] = str_replace($url, A_DIR . '/' . $patharr['file'], $msgarr[$varname][$ukey]);
}
}
}
return $msgarr;
}
} else {
if (in_array($return, array(-1, -2, -3, -4))) {
showmessage('message_can_not_send' . abs($return));
} else {
showmessage('message_can_not_send');
}
}
}
} elseif ($_GET['op'] == 'ignore') {
if (submitcheck('ignoresubmit')) {
uc_pm_blackls_set($_SGLOBAL['supe_uid'], $_POST['ignorelist']);
showmessage('do_success', 'space.php?do=pm&view=ignore');
}
} else {
//新用户见习
cknewuser();
if (!checkperm('allowpm')) {
ckspacelog();
showmessage('no_privilege');
}
//发送
$friends = array();
if ($space['friendnum']) {
$query = $_SGLOBAL['db']->query("SELECT fuid AS uid, fusername AS username FROM " . tname('friend') . " WHERE uid={$_SGLOBAL['supe_uid']} AND status='1' ORDER BY num DESC, dateline DESC LIMIT 0,100");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$value['username'] = saddslashes($value['username']);
$friends[] = $value;
}
}
}
include_once template("cp_pm");
$comment['ip'] = preg_replace("/^(\\d{1,3})\\.(\\d{1,3})\\.\\d{1,3}\\.\\d{1,3}\$/", "\$1.\$2.*.*", $comment['ip']);
$html = '<div id="cid_{cid}_' . $comment['floornum'] . '_title" class="old_title"><span class="author">' . $_G['setting']['sitename'];
if (!$comment['hidelocation']) {
$html .= $comment['iplocation'] != 'LAN' ? $comment['iplocation'] : $lang['mars'];
}
$html .= $lang['visitor'];
if (!empty($comment['authorid']) && !$comment['hideauthor']) {
$html .= " [{$comment['author']}] ";
}
if (!$comment['hideip']) {
$html .= " ({$comment['ip']}) ";
}
$html .= $lang['from_the_original_note'] . '</span><span class="color_red">' . $comment['floornum'] . '</span></div>';
$comment['message'] = str_replace('<div class="new"', $html . '<div id="cid_{cid}_' . $comment['floornum'] . '_detail" class="detail"', $comment['message']);
$comment['message'] = '<div id="cid_{cid}_' . $comment['floornum'] . '" class="old">' . $comment['message'] . '</div>';
$comment['message'] = saddslashes($comment['message']);
$_POST['message'] = $comment['message'] . $_POST['commentmessage'];
}
//回複詞語屏蔽
$_POST['commentmessage'] = censor($_POST['commentmessage']);
$shopuid = getshopuid($type);
$subtype = !empty($commentscorestr) ? '1' : '0';
$setsqlarr = array('itemid' => $itemid, 'type' => $type, 'uid' => $item['uid'], 'authorid' => $_G['uid'], 'author' => $_G['username'], 'ip' => $_G['clientip'], 'dateline' => $_G['timestamp'], 'subject' => '', 'message' => $_POST['commentmessage'], 'floornum' => $comment['floornum'], 'hideauthor' => $_POST['hideauthor'], 'hideip' => $_POST['hideip'], 'hidelocation' => $_POST['hidelocation'], 'firstcid' => $comment['firstcid'], 'upcid' => $upcid, 'shopuid' => $shopuid, 'status' => 1, 'isprivate' => $isprivate, 'subtype' => $subtype);
$cid = inserttable('spacecomments', $setsqlarr, 1);
if ($cid && !empty($commentscorestr)) {
$commentscore = $score = 0;
$commentscorearr = array();
for ($i = 1; $i <= 8; $i++) {
if (strpos($commentscorestr, '1' . $i . '@')) {
$commentscore = substr($commentscorestr, strpos($commentscorestr, '@1' . $i . '@') + 4, 1);
if (is_numeric($commentscore) && $commentscore <= 5 && $commentscore > 0) {
function feed_publish($id, $idtype, $add = 0)
{
global $_SGLOBAL;
$setarr = array();
switch ($idtype) {
case 'blogid':
$query = $_SGLOBAL['db']->query("SELECT b.*, bf.* FROM " . tname('blog') . " b\r\n\t\t\t\tLEFT JOIN " . tname('blogfield') . " bf ON bf.blogid=b.blogid\r\n\t\t\t\tWHERE b.blogid='{$id}'");
if ($value = $_SGLOBAL['db']->fetch_array($query)) {
if ($value['friend'] != 3) {
//
$setarr['icon'] = 'blog';
$setarr['id'] = $value['blogid'];
$setarr['idtype'] = $idtype;
$setarr['uid'] = $value['uid'];
$setarr['username'] = $value['username'];
$setarr['dateline'] = $value['dateline'];
$setarr['target_ids'] = $value['target_ids'];
$setarr['friend'] = $value['friend'];
$setarr['hot'] = $value['hot'];
//ϸ
$url = "space.php?uid={$value['uid']}&do=blog&id={$value['blogid']}";
if ($value['friend'] == 4) {
//
$setarr['title_template'] = cplang('feed_blog_password');
$setarr['title_data'] = array('subject' => "<a href=\"{$url}\">{$value['subject']}</a>");
} else {
//˽
if ($value['pic']) {
$setarr['image_1'] = pic_cover_get($value['pic'], $value['picflag']);
$setarr['image_1_link'] = $url;
}
$setarr['title_template'] = cplang('feed_blog');
$setarr['body_template'] = '<b>{subject}</b><br>{summary}';
$setarr['body_data'] = array('subject' => "<a href=\"{$url}\">{$value['subject']}</a>", 'summary' => getstr($value['message'], 150, 1, 1, 0, 0, -1));
}
}
}
break;
case 'albumid':
$key = 1;
if ($id > 0) {
$query = $_SGLOBAL['db']->query("SELECT p.*, a.username, a.albumname, a.picnum, a.friend, a.target_ids FROM " . tname('pic') . " p\r\n\t\t\t\t\tLEFT JOIN " . tname('album') . " a ON a.albumid=p.albumid\r\n\t\t\t\t\tWHERE p.albumid='{$id}' ORDER BY dateline DESC LIMIT 0,4");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
if ($value['friend'] <= 2) {
if (empty($setarr['icon'])) {
//
$setarr['icon'] = 'album';
$setarr['id'] = $value['albumid'];
$setarr['idtype'] = $idtype;
$setarr['uid'] = $value['uid'];
$setarr['username'] = $value['username'];
$setarr['dateline'] = $value['dateline'];
$setarr['target_ids'] = $value['target_ids'];
$setarr['friend'] = $value['friend'];
//ϸ
$setarr['title_template'] = '{actor} ' . cplang('upload_album');
$setarr['body_template'] = '<b>{album}</b><br>' . cplang('the_total_picture', array('{picnum}'));
$setarr['body_data'] = array('album' => "<a href=\"space.php?uid={$value['uid']}&do=album&id={$value['albumid']}\">{$value['albumname']}</a>", 'picnum' => $value['picnum']);
}
$setarr['image_' . $key] = pic_get($value['filepath'], $value['thumb'], $value['remote']);
$setarr['image_' . $key . '_link'] = "space.php?uid={$value['uid']}&do=album&picid={$value['picid']}";
$key++;
} else {
break;
}
}
} else {
//Ĭ album
$picnum = $_SGLOBAL['db']->result($_SGLOBAL['db']->query("SELECT COUNT(*) FROM " . tname('pic') . " WHERE uid='{$_SGLOBAL['supe_uid']}' AND albumid='0'"), 0);
if ($picnum >= 1) {
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE uid='{$_SGLOBAL['supe_uid']}' AND albumid='0' ORDER BY dateline DESC LIMIT 0,4");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
if (empty($setarr['icon'])) {
//
$setarr['icon'] = 'album';
$setarr['uid'] = $value['uid'];
$setarr['username'] = $_SGLOBAL['supe_username'];
$setarr['dateline'] = $value['dateline'];
//ϸ
$setarr['title_template'] = '{actor} ' . cplang('upload_album');
$setarr['body_template'] = '<b>{album}</b><br>' . cplang('the_total_picture', array('{picnum}'));
$setarr['body_data'] = array('album' => "<a href=\"space.php?uid={$value['uid']}&do=album&id=-1\">" . cplang('default_albumname') . "</a>", 'picnum' => $picnum);
}
$setarr['image_' . $key] = pic_get($value['filepath'], $value['thumb'], $value['remote']);
$setarr['image_' . $key . '_link'] = "space.php?uid={$value['uid']}&do=album&picid={$value['picid']}";
$key++;
}
}
}
break;
case 'picid':
$plussql = $id > 0 ? "p.picid='{$id}'" : "p.uid='{$_SGLOBAL['supe_uid']}' ORDER BY dateline DESC LIMIT 1";
$query = $_SGLOBAL['db']->query("SELECT p.*, a.friend, a.target_ids, s.username FROM " . tname('pic') . " p\r\n\t\t\t\tLEFT JOIN " . tname('space') . " s ON s.uid=p.uid\r\n\t\t\t\tLEFT JOIN " . tname('album') . " a ON a.albumid=p.albumid WHERE {$plussql}");
if ($value = $_SGLOBAL['db']->fetch_array($query)) {
if (empty($value['friend'])) {
// privacy
//
$setarr['icon'] = 'album';
$setarr['id'] = $value['picid'];
$setarr['idtype'] = $idtype;
$setarr['uid'] = $value['uid'];
$setarr['username'] = $value['username'];
$setarr['dateline'] = $value['dateline'];
$setarr['target_ids'] = $value['target_ids'];
$setarr['friend'] = $value['friend'];
$setarr['hot'] = $value['hot'];
//ϸ
$url = "space.php?uid={$value['uid']}&do=album&picid={$value['picid']}";
$setarr['image_1'] = pic_get($value['filepath'], $value['thumb'], $value['remote']);
$setarr['image_1_link'] = $url;
$setarr['title_template'] = '{actor} ' . cplang('upload_a_new_picture');
$setarr['body_template'] = '{title}';
$setarr['body_data'] = array('title' => $value['title']);
}
}
break;
case 'tid':
$query = $_SGLOBAL['db']->query("SELECT t.*, p.* FROM " . tname('thread') . " t\r\n\t\t\t\tLEFT JOIN " . tname('post') . " p ON p.tid=t.tid AND p.isthread='1'\r\n\t\t\t\tWHERE t.tid='{$id}'");
if ($value = $_SGLOBAL['db']->fetch_array($query)) {
//
$setarr['icon'] = 'thread';
$setarr['id'] = $value['tid'];
$setarr['idtype'] = $idtype;
$setarr['uid'] = $value['uid'];
$setarr['username'] = $value['username'];
$setarr['dateline'] = $value['dateline'];
$setarr['hot'] = $value['hot'];
//ϸ
$url = "space.php?uid={$value['uid']}&do=thread&id={$value['tid']}";
if ($value['eventid']) {
// event
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("event") . " WHERE eventid='{$value['eventid']}'");
$event = $_SGLOBAL['db']->fetch_array($query);
$setarr['title_template'] = cplang('feed_eventthread');
$setarr['body_template'] = '<b>{subject}</b><br>' . cplang('event') . ': {event}<br>{summary}';
$setarr['body_data'] = array('subject' => "<a href=\"{$url}&eventid={$value['eventid']}\">{$value['subject']}</a>", 'event' => "<a href=\"space.php?do=event&id={$value['eventid']}\">{$event['title']}</a>", 'summary' => getstr($value['message'], 150, 1, 1, 0, 0, -1));
} else {
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("mtag") . " WHERE tagid='{$value['tagid']}'");
$mtag = $_SGLOBAL['db']->fetch_array($query);
$setarr['title_template'] = cplang('feed_thread');
$setarr['body_template'] = '<b>{subject}</b><br>' . cplang('mtag') . ': {mtag}<br>{summary}';
$setarr['body_data'] = array('subject' => "<a href=\"{$url}\">{$value['subject']}</a>", 'mtag' => "<a href=\"space.php?do=mtag&tagid={$value['tagid']}\">{$mtag['tagname']}</a>", 'summary' => getstr($value['message'], 150, 1, 1, 0, 0, -1));
}
}
break;
case 'pid':
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('poll') . " WHERE pid='{$id}'");
if ($value = $_SGLOBAL['db']->fetch_array($query)) {
//
$setarr['icon'] = 'poll';
$setarr['id'] = $value['pid'];
$setarr['idtype'] = $idtype;
$setarr['uid'] = $value['uid'];
$setarr['username'] = $value['username'];
$setarr['dateline'] = $value['dateline'];
$setarr['hot'] = $value['hot'];
//ϸ
$url = "space.php?uid={$value['uid']}&do=poll&pid={$value['pid']}";
$setarr['title_template'] = cplang('feed_poll');
$setarr['body_template'] = '<a href="{url}"><strong>{subject}</strong></a>{option}';
$optionstr = '';
$opquery = $_SGLOBAL['db']->query("SELECT * FROM " . tname("polloption") . " WHERE pid='{$value['pid']}' LIMIT 0,2");
while ($opt = $_SGLOBAL['db']->fetch_array($opquery)) {
$optionstr .= '<br><input type="' . ($value['maxchoice'] > 1 ? 'checkbox' : 'radio') . '" disabled name="poll_' . $opt['oid'] . '"/>' . $opt['option'];
}
$setarr['body_data'] = array('url' => $url, 'subject' => $value['subject'], 'option' => $optionstr);
$setarr['body_general'] = $value['percredit'] ? cplang('reward_info', array($value['percredit'])) : '';
}
break;
case 'eventid':
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('event') . " WHERE eventid='{$id}'");
if ($value = $_SGLOBAL['db']->fetch_array($query)) {
//
$setarr['icon'] = 'event';
$setarr['id'] = $value['eventid'];
$setarr['idtype'] = $idtype;
$setarr['uid'] = $value['uid'];
$setarr['username'] = $value['username'];
$setarr['dateline'] = $value['dateline'];
$setarr['hot'] = $value['hot'];
//ϸ
$url = "space.php?do=event&id={$value['eventid']}";
$setarr['title_template'] = cplang('event_add');
$setarr['body_template'] = cplang('event_feed_info');
$setarr['body_data'] = array('title' => "<a href=\"{$url}\">{$value['title']}</a>", 'country' => $value['country'], 'province' => $value['province'], 'city' => $value['city'], 'location' => $value['location'], 'starttime' => sgmdate('m-d H:i', $value['starttime']), 'endtime' => sgmdate('m-d H:i', $value['endtime']));
//
if ($value['poster']) {
$setarr['image_1'] = pic_get($value['poster'], $value['thumb'], $value['remote']);
$setarr['image_1_link'] = $url;
}
}
break;
case 'sid':
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('share') . " WHERE sid='{$id}'");
if ($value = $_SGLOBAL['db']->fetch_array($query)) {
//
$setarr['icon'] = 'share';
$setarr['id'] = $value['sid'];
$setarr['idtype'] = $idtype;
$setarr['uid'] = $value['uid'];
$setarr['username'] = $value['username'];
$setarr['dateline'] = $value['dateline'];
$setarr['hot'] = $value['hot'];
//ϸ
$url = "space.php?uid={$value['uid']}&do=share&id={$value['sid']}";
$setarr['title_template'] = '{actor} ' . $value['title_template'];
$setarr['body_template'] = $value['body_template'];
$setarr['body_data'] = $value['body_data'];
$setarr['body_general'] = $value['body_general'];
$setarr['image_1'] = $value['image'];
$setarr['image_1_link'] = $value['image_link'];
}
break;
}
if ($setarr['icon']) {
$setarr['appid'] = UC_APPID;
//ݴ
$setarr['title_data'] = serialize($setarr['title_data']);
// groups ת
if ($idtype != 'sid') {
$setarr['body_data'] = serialize($setarr['body_data']);
// groups ת
}
$setarr['hash_template'] = md5($setarr['title_template'] . "\t" . $setarr['body_template']);
//ϲhash
$setarr['hash_data'] = md5($setarr['title_template'] . "\t" . $setarr['title_data'] . "\t" . $setarr['body_template'] . "\t" . $setarr['body_data']);
//ϲhash
$setarr = saddslashes($setarr);
$feedid = 0;
if (!$add && $setarr['id']) {
$query = $_SGLOBAL['db']->query("SELECT feedid FROM " . tname('feed') . " WHERE id='{$id}' AND idtype='{$idtype}'");
$feedid = $_SGLOBAL['db']->result($query, 0);
}
if ($feedid) {
updatetable('feed', $setarr, array('feedid' => $feedid));
} else {
inserttable('feed', $setarr);
}
}
}
$failingmail = array();
foreach ($mails as $key => $value) {
$value = trim($value);
if (empty($value) || !isemail($value)) {
$failingmail[] = $value;
continue;
}
if ($reward['credit']) {
//计算积分扣减积分
$credit = intval($reward['credit']) * ($invitenum + 1);
if (!isemail($value) || $reward['credit'] && $credit > $space['credit']) {
$failingmail[] = $value;
continue;
}
$code = strtolower(random(6));
$setarr = array('uid' => $_SGLOBAL['supe_uid'], 'code' => $code, 'email' => saddslashes($value), 'type' => 1);
$id = inserttable('invite', $setarr, 1);
if ($id) {
$mailvar[4] = "{$siteurl}invite.php?{$id}{$code}{$inviteapp}";
// $mailvar[4] = "http://openid.enjoyoung.cn/account/new?{$id}{$code}{$inviteapp}&renturn_to=uchome";
createmail($value, $mailvar);
$invitenum++;
} else {
$failingmail[] = $value;
}
} else {
$mailvar[4] = "{$siteurl}invite.php?u={$space['uid']}&c={$invite_code}{$inviteapp}";
// $mailvar[4] = "http://openid.enjoyoung.cn/account/new?u=$space[uid]&c=$invite_code{$inviteapp}&renturn_to=uchome";
if ($appid) {
$mailvar[6] = $appinfo['appname'];
}
function deletespace($uid, $force = 0)
{
global $_SGLOBAL, $_SC, $_SCONFIG;
$delspace = array();
$allowmanage = checkperm('managedelspace');
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('space') . " WHERE uid='{$uid}'");
if ($value = $_SGLOBAL['db']->fetch_array($query)) {
if ($force || $allowmanage && $value['uid'] != $_SGLOBAL['supe_uid']) {
$delspace = $value;
//如果不是强制删除则入删除记录表
if (!$force) {
$setarr = array('uid' => $value['uid'], 'username' => saddslashes($value['username']), 'opuid' => $_SGLOBAL['supe_uid'], 'opusername' => $_SGLOBAL['supe_username'], 'flag' => '-1', 'dateline' => $_SGLOBAL['timestamp']);
inserttable('spacelog', $setarr, 0, true);
}
}
}
if (empty($delspace)) {
return array();
}
//履盖权限设置
$_SGLOBAL['usergroup'][$_SGLOBAL['member']['groupid']]['managebatch'] = 1;
//space
$_SGLOBAL['db']->query("DELETE FROM " . tname('space') . " WHERE uid='{$uid}'");
//spacefield
$_SGLOBAL['db']->query("DELETE FROM " . tname('spacefield') . " WHERE uid='{$uid}'");
//feed
$_SGLOBAL['db']->query("DELETE FROM " . tname('feed') . " WHERE uid='{$uid}' OR (id='{$uid}' AND idtype='uid')");
//记录
$doids = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('doing') . " WHERE uid='{$uid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$doids[$value['doid']] = $value['doid'];
}
$_SGLOBAL['db']->query("DELETE FROM " . tname('doing') . " WHERE uid='{$uid}'");
//删除记录回复
$_SGLOBAL['db']->query("DELETE FROM " . tname('docomment') . " WHERE doid IN (" . simplode($doids) . ") OR uid='{$uid}'");
//分享
$_SGLOBAL['db']->query("DELETE FROM " . tname('share') . " WHERE uid='{$uid}'");
//数据
$_SGLOBAL['db']->query("DELETE FROM " . tname('album') . " WHERE uid='{$uid}'");
//删除积分记录
$_SGLOBAL['db']->query("DELETE FROM " . tname('creditlog') . " WHERE uid='{$uid}'");
//删除通知
$_SGLOBAL['db']->query("DELETE FROM " . tname('notification') . " WHERE (uid='{$uid}' OR authorid='{$uid}')");
//删除打招呼
$_SGLOBAL['db']->query("DELETE FROM " . tname('poke') . " WHERE (uid='{$uid}' OR fromuid='{$uid}')");
//删除他仓建的投票
$pollid = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('poll') . " WHERE uid='{$uid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$pollid[$value['pid']] = $value['pid'];
}
deletepolls($pollid);
//删除他参与的投票
$pollid = array();
$query = $_SGLOBAL['db']->query("SELECT pid FROM " . tname('polluser') . " WHERE uid='{$uid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$pollid[$value['pid']] = $value['pid'];
}
//扣除投票数
if ($pollid) {
$_SGLOBAL['db']->query("UPDATE " . tname('poll') . " SET voternum=voternum-1 WHERE pid IN (" . simplode($pollid) . ")");
}
$_SGLOBAL['db']->query("DELETE FROM " . tname('polluser') . " WHERE uid='{$uid}'");
//活动
$ids = array();
$query = $_SGLOBAL['db']->query('SELECT eventid FROM ' . tname('event') . " WHERE uid = '{$uid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$ids[] = $value['eventid'];
}
deleteevents($ids);
//删除他参加的活动
$ids = $ids1 = $ids2 = array();
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('userevent') . " WHERE uid = '{$uid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
if ($value['status'] == 1) {
$ids1[] = $value['eventid'];
//关注
} elseif ($value['status'] > 1) {
$ids2[] = $value['eventid'];
//参加
}
$ids[] = $value['eventid'];
}
if ($ids1) {
$_SGLOBAL['db']->query('UPDATE ' . tname('event') . ' SET follownum = follownum - 1 WHERE eventid IN (' . simplode($ids1) . ')');
}
if ($ids2) {
$_SGLOBAL['db']->query('UPDATE ' . tname('event') . ' SET membernum = membernum - 1 WHERE eventid IN (' . simplode($ids2) . ')');
// to to: 最好还要检查并减去他携带的人数
}
if ($ids) {
$_SGLOBAL['db']->query('DELETE FROM ' . tname('userevent') . ' WHERE eventid IN (' . simplode($ids) . ") AND uid = '{$uid}'");
}
//删除相关活动邀请
$_SGLOBAL['db']->query('DELETE FROM ' . tname('eventinvite') . " WHERE uid = '{$uid}' OR touid = '{$uid}'");
//删除上传的活动图片
$_SGLOBAL['db']->query('DELETE FROM ' . tname('eventpic') . " WHERE picid = '{$uid}'");
//to do: 最好同时更新活动图片数和活动话题数
//道具
$_SGLOBAL['db']->query('DELETE FROM ' . tname('usermagic') . " WHERE uid = '{$uid}'");
$_SGLOBAL['db']->query('DELETE FROM ' . tname('magicinlog') . " WHERE uid = '{$uid}'");
$_SGLOBAL['db']->query('DELETE FROM ' . tname('magicuselog') . " WHERE uid = '{$uid}'");
//pic
//删除图片附件
$pics = array();
$query = $_SGLOBAL['db']->query("SELECT filepath FROM " . tname('pic') . " WHERE uid='{$uid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$pics[] = $value;
}
//数据
$_SGLOBAL['db']->query("DELETE FROM " . tname('pic') . " WHERE uid='{$uid}'");
//blog
$blogids = array();
$query = $_SGLOBAL['db']->query("SELECT blogid FROM " . tname('blog') . " WHERE uid='{$uid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$blogids[$value['blogid']] = $value['blogid'];
//tag
$tags = array();
$subquery = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM " . tname('tagblog') . " WHERE blogid='{$value['blogid']}'");
while ($tag = $_SGLOBAL['db']->fetch_array($subquery)) {
$tags[$tag['tagid']] = $tag['tagid'];
}
if ($tags) {
$_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET blognum=blognum-1 WHERE tagid IN (" . simplode($tags) . ")");
$_SGLOBAL['db']->query("DELETE FROM " . tname('tagblog') . " WHERE blogid='{$value['blogid']}'");
}
}
//数据删除
$_SGLOBAL['db']->query("DELETE FROM " . tname('blog') . " WHERE uid='{$uid}'");
$_SGLOBAL['db']->query("DELETE FROM " . tname('blogfield') . " WHERE uid='{$uid}'");
//bwzt
$bwztids = array();
$query = $_SGLOBAL['db']->query("SELECT bwztid FROM " . tname('bwzt') . " WHERE uid='{$uid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$bwztids[$value['bwztid']] = $value['bwztid'];
//tag
$tags = array();
$subquery = $_SGLOBAL['db']->query("SELECT tagid, bwztid FROM " . tname('tagbwzt') . " WHERE bwztid='{$value['bwztid']}'");
while ($tag = $_SGLOBAL['db']->fetch_array($subquery)) {
$tags[$tag['tagid']] = $tag['tagid'];
}
if ($tags) {
$_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET bwztnum=bwztnum-1 WHERE tagid IN (" . simplode($tags) . ")");
$_SGLOBAL['db']->query("DELETE FROM " . tname('tagbwzt') . " WHERE bwztid='{$value['bwztid']}'");
}
}
//数据删除
$_SGLOBAL['db']->query("DELETE FROM " . tname('bwzt') . " WHERE uid='{$uid}'");
$_SGLOBAL['db']->query("DELETE FROM " . tname('bwztfield') . " WHERE uid='{$uid}'");
//评论
$_SGLOBAL['db']->query("DELETE FROM " . tname('comment') . " WHERE (uid='{$uid}' OR authorid='{$uid}' OR (id='{$uid}' AND idtype='uid'))");
//访客
$_SGLOBAL['db']->query("DELETE FROM " . tname('visitor') . " WHERE (uid='{$uid}' OR vuid='{$uid}')");
//删除任务记录
$_SGLOBAL['db']->query("DELETE FROM " . tname('usertask') . " WHERE uid='{$uid}'");
//class
$_SGLOBAL['db']->query("DELETE FROM " . tname('class') . " WHERE uid='{$uid}'");
//friend
//好友
$_SGLOBAL['db']->query("DELETE FROM " . tname('friend') . " WHERE (uid='{$uid}' OR fuid='{$uid}')");
//member
$_SGLOBAL['db']->query("DELETE FROM " . tname('member') . " WHERE uid='{$uid}'");
//删除脚印
$_SGLOBAL['db']->query("DELETE FROM " . tname('clickuser') . " WHERE uid='{$uid}'");
//删除黑名单
$_SGLOBAL['db']->query("DELETE FROM " . tname('blacklist') . " WHERE (uid='{$uid}' OR buid='{$uid}')");
//删除邀请记录
$_SGLOBAL['db']->query("DELETE FROM " . tname('invite') . " WHERE (uid='{$uid}' OR fuid='{$uid}')");
//删除邮件队列
$_SGLOBAL['db']->query("DELETE FROM " . tname('mailcron') . ", " . tname('mailqueue') . " USING " . tname('mailcron') . ", " . tname('mailqueue') . " WHERE " . tname('mailcron') . ".touid='{$uid}' AND " . tname('mailcron') . ".cid=" . tname('mailqueue') . ".cid");
//漫游邀请
$_SGLOBAL['db']->query("DELETE FROM " . tname('myinvite') . " WHERE (touid='{$uid}' OR fromuid='{$uid}')");
$_SGLOBAL['db']->query("DELETE FROM " . tname('userapp') . " WHERE uid='{$uid}'");
$_SGLOBAL['db']->query("DELETE FROM " . tname('userappfield') . " WHERE uid='{$uid}'");
//mtag
//thread
$tids = array();
$query = $_SGLOBAL['db']->query("SELECT tid, tagid FROM " . tname('thread') . " WHERE uid='{$uid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$tids[$value['tagid']][] = $value['tid'];
}
foreach ($tids as $tagid => $v_tids) {
deletethreads($tagid, $v_tids);
}
//post
$pids = array();
$query = $_SGLOBAL['db']->query("SELECT pid, tagid FROM " . tname('post') . " WHERE uid='{$uid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$pids[$value['tagid']][] = $value['pid'];
}
foreach ($pids as $tagid => $v_pids) {
deleteposts($tagid, $v_pids);
}
$_SGLOBAL['db']->query("DELETE FROM " . tname('thread') . " WHERE uid='{$uid}'");
$_SGLOBAL['db']->query("DELETE FROM " . tname('post') . " WHERE uid='{$uid}'");
//session
$_SGLOBAL['db']->query("DELETE FROM " . tname('session') . " WHERE uid='{$uid}'");
//排行榜
$_SGLOBAL['db']->query("DELETE FROM " . tname('show') . " WHERE uid='{$uid}'");
//群组
$mtagids = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('tagspace') . " WHERE uid='{$uid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$mtagids[$value['tagid']] = $value['tagid'];
}
if ($mtagids) {
$_SGLOBAL['db']->query("UPDATE " . tname('mtag') . " SET membernum=membernum-1 WHERE tagid IN (" . simplode($mtagids) . ")");
$_SGLOBAL['db']->query("DELETE FROM " . tname('tagspace') . " WHERE uid='{$uid}'");
}
$_SGLOBAL['db']->query("DELETE FROM " . tname('mtaginvite') . " WHERE (uid='{$uid}' OR fromuid='{$uid}')");
//删除图片
deletepicfiles($pics);
//删除图片
//删除举报
$_SGLOBAL['db']->query("DELETE FROM " . tname('report') . " WHERE id='{$uid}' AND idtype='uid'");
//变更记录
if ($_SCONFIG['my_status']) {
inserttable('userlog', array('uid' => $uid, 'action' => 'delete', 'dateline' => $_SGLOBAL['timestamp']), 0, true);
}
return $delspace;
}
$start = empty($_GET['start']) ? 0 : intval($_GET['start']);
$countnum = 0;
$lastfileid = 0;
$sitemap_path = S_ROOT . './data/sitemap/';
if (!file_exists($sitemap_path)) {
@mkdir($sitemap_path, '0666');
}
if (submitcheck('thevalue')) {
if (!preg_match("/^[0-9a-z_]+\$/i", $_POST['mapname']) || strlen($_POST['mapname']) > 50) {
showmessage('sitemap_name_error');
}
$mapdata = addslashes(serialize($sitemapdata));
$_POST['maptype'] = saddslashes(shtmlspecialchars($_POST['maptype']));
$_POST['mapnum'] = $_POST['maptype'] == 'google' ? intval($_POST['mapnum_google']) : intval($_POST['mapnum_baidu']);
$_POST['createtype'] = intval($_POST['createtype']);
$_POST['changefreq'] = $_POST['maptype'] == 'google' ? saddslashes(shtmlspecialchars($_POST['changefreq_google'])) : saddslashes(shtmlspecialchars($_POST['changefreq_baidu']));
if (!empty($_POST['slogid'])) {
$_SGLOBAL['db']->query("UPDATE " . tname('sitemaplogs') . " SET mapname='{$_POST['mapname']}', maptype='{$_POST['maptype']}', mapnum='{$_POST['mapnum']}', createtype='{$_POST['createtype']}', changefreq='{$_POST['changefreq']}' WHERE slogid='{$_POST['slogid']}'");
showmessage('sitemap_config_update', $theurl);
} else {
$query = $_SGLOBAL['db']->query("SELECT count(*) FROM " . tname('sitemaplogs') . " WHERE mapname='{$_POST['mapname']}'");
if ($value = $_SGLOBAL['db']->result($query, 0)) {
showmessage('sitemap_name_exists');
}
$_SGLOBAL['db']->query("INSERT INTO " . tname('sitemaplogs') . "(mapname, maptype, mapnum, mapdata, createtype, changefreq) VALUES ('{$_POST['mapname']}', '{$_POST['maptype']}', '{$_POST['mapnum']}', '{$mapdata}', '{$_POST['createtype']}', '{$_POST['changefreq']}')");
showmessage('sitemap_config_add', $theurl);
}
} elseif (submitcheck('listsubmit')) {
if (!empty($_POST['slogidarr'])) {
$slogidarr = implode('\',\'', $_POST['slogidarr']);
$_SGLOBAL['db']->query('DELETE FROM ' . tname('sitemaplogs') . ' WHERE slogid IN (\'' . $slogidarr . '\')');
//µÚÒ»´Î
$doingnum = getcount('doing', array('uid' => $space['uid']));
$setarr['doingnum'] = "doingnum='{$doingnum}'";
} else {
$setarr['doingnum'] = "doingnum=doingnum+1";
}
}
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET " . implode(',', $setarr) . " WHERE uid='{$_SGLOBAL['supe_uid']}'");
$title_template = cplang(cplang('feed_doing_title'));
$title_data = saddslashes(serialize(sstripslashes(array('message' => $message))));
$body_template = $body_data = '';
if ($complainOK) {
$title_template = cplang(cplang('feed_complain'));
$title_data = '';
$body_template = '{message}';
$body_data = saddslashes(serialize(sstripslashes(array('message' => $message))));
}
//ʼþfeed
if ($add_doing) {
$ip = getonlineip();
$ip_detail = getIpDetails();
$lon = $ip_detail['latitude'];
$lat = $ip_detail['longitude'];
$pos = "http://lbs.juhe.cn/api/getaddressbylngb?lngx=" . $lat . "&lngy=" . $lon;
$opts = array('http' => array('method' => 'GET', 'time' => 1));
$context = stream_context_create($opts);
$res = file_get_contents($pos, false, $context);
$res = json_decode($res, 1);
$address = $res['row']['result']['formatted_address'];
if ($picid && $filepath) {
$feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => $title_template, 'title_data' => $title_data, 'body_template' => $body_template, 'body_data' => $body_data, 'id' => $newdoid, 'idtype' => 'doid', 'fromdevice' => 'web', 'image_1' => pic_get($filepath, 1, 0), 'image_1_link' => "space.php?uid={$_SGLOBAL['supe_uid']}&do=album&picid={$picid}", 'ip' => $ip, 'address' => $address);
/**
* 模型在线投稿提交处理函数
*/
function modelpost($cacheinfo, $cp = 1)
{
global $_SGLOBAL, $theurl, $_SCONFIG;
include_once S_ROOT . './function/upload.func.php';
$_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0;
$itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0;
$hash = '';
$op = 'add';
$resultitems = $resultmessage = array();
$modelsinfoarr = $cacheinfo['models'];
$columnsinfoarr = $cacheinfo['columns'];
//获取等级信息
if ($cacheinfo['models']['modelname'] == 'defect') {
switch ($_POST['grade']) {
case 1:
$_POST['grade'] = '64';
break;
case 2:
$_POST['grade'] = '32';
break;
case 3:
$_POST['grade'] = '16';
break;
case 4:
$_POST['grade'] = '9';
break;
case 5:
$_POST['grade'] = '4';
break;
case 6:
$_POST['grade'] = '1';
break;
case 7:
$_POST['grade'] = '-1';
break;
case 8:
$_POST['grade'] = '-2';
break;
case 9:
$_POST['grade'] = '-3';
break;
}
$gradearr = array('0' => $alang['general_state'], '64' => $alang['check_grade_1'], '32' => $alang['check_grade_2'], '16' => $alang['check_grade_3_1'], '9' => $alang['check_grade_3_2'], '4' => $alang['check_grade_3_3'], '1' => $alang['check_grade_4'], '-1' => $alang['check_grade_5'], '-2' => $alang['check_grade_6'], '-3' => $alang['check_grade_7']);
if (!empty($_SCONFIG['checkgrade'])) {
$newgradearr = explode("\t", $_SCONFIG['checkgrade']);
$gradearr['64'] = $newgradearr[0];
$gradearr['32'] = $newgradearr[1];
$gradearr['16'] = $newgradearr[2];
$gradearr['9'] = $newgradearr[3];
$gradearr['4'] = $newgradearr[4];
$gradearr['1'] = $newgradearr[5];
$gradearr['-1'] = $newgradearr[6];
$gradearr['-2'] = $newgradearr[7];
$gradearr['-3'] = $newgradearr[8];
}
} else {
$gradearr = array('0' => $alang['general_state'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5'], '6' => $alang['check_grade_6'], '7' => $alang['check_grade_7']);
if (!empty($_SCONFIG['checkgrade'])) {
$newgradearr = explode("\t", $_SCONFIG['checkgrade']);
for ($i = 0; $i < count($newgradearr); $i++) {
if (!empty($newgradearr[$i])) {
$gradearr[$i + 1] = $newgradearr[$i];
}
}
}
}
if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) {
showmessage('parameter_error');
}
$feedcolum = array();
foreach ($columnsinfoarr as $result) {
if ($result['isfixed'] == 1) {
$resultitems[] = $result;
} else {
$resultmessage[] = $result;
}
if ($result['formtype'] == 'linkage') {
if (!empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]];
}
} elseif ($result['formtype'] == 'timestamp') {
if (empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $_SGLOBAL['timestamp'];
} else {
$_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]);
}
}
}
//更新用户最新更新时间
if (empty($itemid) && $_SGLOBAL['supe_uid']) {
updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid']));
}
//输入检查
$_POST['catid'] = intval($_POST['catid']);
$_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0;
$_POST['subject'] = shtmlspecialchars(trim($_POST['subject']));
//检查输入
if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) {
showmessage('space_suject_length_error');
}
if (empty($_POST['catid'])) {
showmessage('admin_func_catid_error');
}
if (!empty($_FILES['subjectimage']['name'])) {
$fileext = fileext($_FILES['subjectimage']['name']);
if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) {
showmessage('document_types_can_only_upload_pictures');
}
}
//数据检查
checkvalues(array_merge($resultitems, $resultmessage), 0, 1);
//修改时检验标题图片是否修改
$defaultmessage = array();
if (!empty($itemid)) {
if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) {
//当file删除时,或修改时执行删除操作
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\'');
$defaultmessage = $_SGLOBAL['db']->fetch_array($query);
$hash = getmodelhash($_GET['mid'], $itemid);
deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage'));
//删除附件表
updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid));
$ext = fileext($defaultmessage['subjectimage']);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage['subjectimage']);
}
}
//构建数据
$setsqlarr = $setitemsqlarr = array();
$setsqlarr = getsetsqlarr($resultitems);
$setsqlarr['catid'] = $_POST['catid'];
$setsqlarr['subject'] = $_POST['subject'];
$setsqlarr['allowreply'] = $_POST['allowreply'];
$setsqlarr['grade'] = intval($_POST['grade']);
//modify by jyf,没权限的用户不能改审核等级
if ($setsqlarr['grade'] > 0) {
if (!checkperm('manageeditpost')) {
showmessage('no_permission');
}
}
//end
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
$setsqlarr['uid'] = $_SGLOBAL['supe_uid'];
$setsqlarr['username'] = $_SGLOBAL['supe_username'];
$setsqlarr['lastpost'] = $setsqlarr['dateline'];
$modelsinfoarr['subjectimagewidth'] = 400;
$modelsinfoarr['subjectimageheight'] = 300;
if (!empty($modelsinfoarr['thumbsize'])) {
$modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize']));
$modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0];
$modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1];
}
$uploadfilearr = $ids = array();
$subjectimageid = '';
$uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']);
if (!empty($uploadfilearr)) {
$feedsubjectimg = $uploadfilearr;
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//词语过滤
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
//发布时间
if (empty($_POST['dateline'])) {
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
} else {
$setsqlarr['dateline'] = sstrtotime($_POST['dateline']);
if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) {
//不能早于2年
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
}
}
//附件处理-by jyf
if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
$setsqlarr['attaches'] = implode(',', $_POST['divupload']);
}
//创新园地新增两个字段-------89184
if ($cacheinfo['models']['modelname'] == 'creative') {
if (empty($_POST['creative_value'])) {
showmessage('请输入创新价值说明');
}
if (empty($_POST['creative_days'])) {
showmessage('本创新所耗的工作量');
}
$setsqlarr['value'] = $_POST['creative_value'];
$setsqlarr['days'] = $_POST['creative_days'];
}
if (!checkperm('allowdirectpost') || checkperm('managemodpost')) {
//不需要审核时入item表
if (empty($itemid)) {
//插入数据
$itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1);
//取消邮件通知 --89184
$email = get_cate_mail($_POST['catid']);
$url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
if ($_POST['modelname'] == 'creative') {
if ($_POST['creative_type'] == '流程建议') {
$email = $email . ',' . get_cate_process_mail($setsqlarr['catid']);
}
}
$emails = explode(',', $email);
if (count($emails) > 0) {
include S_ROOT . './function/sendmail.fun.php';
$url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
if ($cacheinfo['models']['modelname'] == 'creative') {
$msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的创新:<br />' . $url1;
sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的创新《' . $_POST['subject'] . "》", $msg1);
} else {
if ($cacheinfo['models']['modelname'] == 'defect') {
$msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例:<br />' . $url1;
sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例《' . $_POST['subject'] . "》", $msg1);
}
}
}
} else {
//更新
$op = 'update';
unset($setsqlarr['uid']);
unset($setsqlarr['username']);
unset($setsqlarr['lastpost']);
if ($setsqlarr['grade'] > 0) {
$setsqlarr['shenhezhe'] = $_SGLOBAL['supe_username'];
if ($_POST['modelname'] == 'creative') {
if ($_POST['creative_type'] == '主管月度创新') {
if (!check_cate_director($setsqlarr['catid'])) {
showmessage('no_permission');
}
}
}
}
updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid));
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\'');
$defaultmessage = $_SGLOBAL['db']->fetch_array($query);
//邮件通知--等级审核
if ($setsqlarr['grade'] > 0) {
$sqlstr = 'SELECT u.*, s.* FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' s LEFT JOIN ' . tname('members') . ' u ON u.uid=s.uid WHERE s.itemid=\'' . $itemid . '\'';
$query = $_SGLOBAL['db']->query($sqlstr);
$value = $_SGLOBAL['db']->fetch_array($query);
$email = $value['email'];
if (!empty($email)) {
include S_ROOT . './function/sendmail.fun.php';
$url = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
$emails = explode(',', $email);
if ($_POST['modelname'] == 'creative') {
$msg = '你的创新已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
} else {
$msg = '你的缺陷预防案例已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
}
sendmail($emails, $setsqlarr['subject'], $msg);
}
}
}
if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=1, type=\'' . $modelsinfoarr['modelname'] . '\', itemid=' . $itemid . ', catid=\'' . $_POST['catid'] . '\' WHERE hash=\'' . $_POST['hash'] . '\'');
}
$hash = getmodelhash($_POST['mid'], $itemid);
if (!empty($ids)) {
$ids = simplode($ids);
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$do = 'pass';
} else {
if (!empty($uploadfilearr['subjectimage']['aid'])) {
$subjectimageid = $uploadfilearr['subjectimage']['aid'];
}
$setitemsqlarr = $setsqlarr;
$do = 'me';
}
if ($op == 'update') {
if (!empty($resultmessage)) {
foreach ($resultmessage as $value) {
if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) {
if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) {
//当file删除时,或修改时执行删除操作
deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname']));
//删除附件表
updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid']));
$ext = fileext($defaultmessage[$value['fieldname']]);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]);
}
}
}
}
}
//内容
$setsqlarr = $uploadfilearr = $ids = array();
$setsqlarr = getsetsqlarr($resultmessage);
$uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0);
$setsqlarr['message'] = trim($_POST['message']);
$setsqlarr['postip'] = $_SGLOBAL['onlineip'];
if (!empty($uploadfilearr)) {
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//添加内容
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') {
//不需要审核时入message表
if ($op == 'add') {
$setsqlarr['itemid'] = $itemid;
//添加内容
inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr);
getreward('postinfo');
if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) {
$feed['icon'] = 'comment';
$feed['title_template'] = 'feed_model_title';
$murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
$aurl = A_URL;
if (empty($_SCONFIG['siteurl'])) {
$siteurl = getsiteurl();
$murl = $siteurl . $murl;
$aurl = $siteurl . $aurl;
} else {
$siteurl = S_URL_ALL;
}
$feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>');
$feed['body_template'] = 'feed_model_message';
$feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150));
if (!empty($feedsubjectimg)) {
$feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl);
} else {
foreach ($feedcolum as $feedimgvalue) {
if ($feedimgvalue['filepath']) {
$feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl);
break;
}
}
if (empty($feed['images'])) {
$picurl = getmessagepic(stripslashes($_POST['message']));
if ($picurl && strpos($picurl, '://') === false) {
$picurl = $siteurl . '/' . $picurl;
}
if (!empty($picurl)) {
$feed['images'][] = array('url' => $picurl, 'link' => $murl);
}
}
}
postfeed($feed);
}
} else {
//更新内容
updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid));
}
updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash));
if (checkperm('allowdirectpost') && $op == 'update') {
deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1);
}
if (checkperm('allowdirectpost') && $op == 'update') {
$jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('writing_success_online_please_wait_for_audit', $jpurl);
} else {
$jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('online_contributions_success', $jpurl);
}
} else {
$setsqlarr = array_merge($setitemsqlarr, $setsqlarr);
$setsqlarr['addfeed'] = $_POST['addfeed'];
$setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1);
if (!empty($_POST['itemid'])) {
$itemid = intval($_POST['itemid']);
updatetable('modelfolders', $setsqlarr, array('itemid' => $itemid));
} else {
$itemid = inserttable('modelfolders', $setsqlarr, 1);
}
if (!empty($subjectimageid)) {
$ids[] = $subjectimageid;
}
if (!empty($ids)) {
$ids = simplode($ids);
$hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT);
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('writing_success_online_please_wait_for_audit', $jpurl);
}
}
if (preg_match("/\\.swf\$/i", $link)) {
$arr['title_template'] = cplang('share_flash');
$arr['body_data']['flashaddr'] = $link;
$type = 'flash';
}
}
$arr['body_general'] = getstr($_POST['general'], 150, 1, 1, 1, 1);
$arr['type'] = $type;
$arr['uid'] = $_SGLOBAL['supe_uid'];
$arr['username'] = $_SGLOBAL['supe_username'];
$arr['dateline'] = $_SGLOBAL['timestamp'];
$arr['topicid'] = $_POST['topicid'];
$arr['body_data'] = serialize($arr['body_data']);
// groups ת
//
$setarr = saddslashes($arr);
//ת
$sid = inserttable('share', $setarr, 1);
//Statistics
updatestat('share');
// share notice
if ($note_uid && $note_uid != $_SGLOBAL['supe_uid']) {
notification_add($note_uid, 'sharenotice', $note_message);
}
// update user Statistics
if (empty($space['sharenum'])) {
$space['sharenum'] = getcount('share', array('uid' => $space['uid']));
$sharenumsql = "sharenum=" . $space['sharenum'];
} else {
$sharenumsql = 'sharenum=sharenum+1';
}
@include_once(S_ROOT.'./uc_client/data/cache/creditsettings.php');
if(submitcheck('exchangesubmit')) {
$netamount = $tocredits = 0;
$tocredits = $_POST['tocredits'];
$outexange = strexists($tocredits, '|');
if(!$outexange && !$_CACHE['creditsettings'][$tocredits]['ratio']) {
showmessage('credits_exchange_invalid');
}
$amount = intval($_POST['amount']);
if($amount <= 0) {
showmessage('credits_transaction_amount_invalid');
}
@include_once(S_ROOT.'./uc_client/client.php');
$ucresult = uc_user_login($_SGLOBAL['supe_username'], $_POST['password']);
list($tmp['uid']) = saddslashes($ucresult);
if($tmp['uid'] <= 0) {
showmessage('credits_password_invalid');
} elseif($space['credit']-$amount < 0) {
showmessage('credits_balance_insufficient');
}
$netamount = floor($amount * 1/$_CACHE['creditsettings'][$tocredits]['ratio']);
list($toappid, $tocredits) = explode('|', $tocredits);
$ucresult = uc_credit_exchange_request($_SGLOBAL['supe_uid'], $_CACHE['creditsettings'][$tocredits]['creditsrc'], $tocredits, $toappid, $netamount);
if(!$ucresult) {
showmessage('extcredits_dataerror');
}
$_SGLOBAL['db']->query("UPDATE ".tname('space')." SET credit=credit-$amount WHERE uid='$_SGLOBAL[supe_uid]'");
function verify_eventmembers($uids, $status)
{
global $_SGLOBAL, $event;
if ($_SGLOBAL['supe_userevent']['status'] < 3) {
showmessage('no_privilege_manage_event_members');
}
$eventid = $_SGLOBAL['supe_userevent']['eventid'];
if ($eventid != $event['eventid']) {
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("event") . " WHERE eventid='{$eventid}'");
$event = $_SGLOBAL['db']->fetch_array($query);
}
$status = intval($status);
if ($status < -1 || $status > 3) {
showmessage("bad_userevent_status");
// Please select the correct status of the event Members
}
if ($event['verify'] == 0 && $status == 0) {
showmessage("event_not_set_verify");
}
if ($status == 3 && $_SGLOBAL['supe_uid'] != $event['uid']) {
showmessage("only_creator_can_set_admin");
// Only Founder can set the administrator
}
$newids = $actions = $userevents = array();
$num = 0;
// changing Event Member Number
$query = $_SGLOBAL['db']->query("SELECT ue.*, sf.* FROM " . tname("userevent") . " ue LEFT JOIN " . tname("spacefield") . " sf ON ue.uid=sf.uid WHERE ue.uid IN (" . simplode($uids) . ") AND ue.eventid='{$eventid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
if ($value['status'] == $status || $event['uid'] == $value['uid'] || $value['status'] == 1) {
// The same status, creator, who does not deal with concerned about
continue;
}
if ($status == 2) {
//Set to ordinary member
$newids[] = $value['uid'];
$userevents[$value['uid']] = $value;
if ($value['status'] == 0) {
// Join
$actions[$value['uid']] = "set_verify";
$num += $value['fellow'] + 1;
} elseif ($value['status'] == 3) {
// cancel the Organizer status
$actions[$value['uid']] = "unset_admin";
}
} elseif ($status == 3) {
//Set to Organizer
$newids[] = $value['uid'];
$userevents[$value['uid']] = $value;
$actions[$value['uid']] = "set_admin";
if ($value['status'] == 0) {
$num += $value['fellow'] + 1;
}
} elseif ($status == 0) {
//Set to Pending
$newids[] = $value['uid'];
$userevents[$value['uid']] = $value;
$actions[$value['uid']] = "unset_verify";
if ($value['status'] >= 2) {
$num -= $value['fellow'] + 1;
}
} elseif ($status == -1) {
//Delete Members
$newids[] = $value['uid'];
$userevents[$value['uid']] = $value;
$actions[$value['uid']] = "set_delete";
if ($value['status'] >= 2) {
$num -= $value['fellow'] + 1;
}
}
}
if (empty($newids)) {
return array();
}
if ($event['limitnum'] > 0 && $event['membernum'] + $num > $event['limitnum']) {
// Event Number of members is over
showmessage("event_will_full");
}
$note_inserts = $note_ids = $feed_inserts = array();
$feedarr = array('appid' => UC_APPID, 'icon' => 'event', 'uid' => '', 'username' => '', 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('event_join'), 'title_data' => array('title' => $event['title'], "eventid" => $event['eventid'], "uid" => $event['uid'], "username" => $event['username']), 'body_template' => '', 'body_data' => array(), 'body_general' => '', 'image_1' => '', 'image_1_link' => '', 'image_2' => '', 'image_2_link' => '', 'image_3' => '', 'image_3_link' => '', 'image_4' => '', 'image_4_link' => '', 'target_ids' => '', 'friend' => '');
$feedarr = sstripslashes($feedarr);
//Remove escape chars
$feedarr['title_data'] = serialize(sstripslashes($feedarr['title_data']));
//Serialize
$feedarr['body_data'] = serialize(sstripslashes($feedarr['body_data']));
//Serialize
$feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']);
//Like hash
$feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']);
//Merged hash
$feedarr = saddslashes($feedarr);
//Add slashes
foreach ($newids as $id) {
if ($status > 1 && $userevents[$id]['status'] == 0) {
// Approved to participate in the Event, participate in activities publish to feed
$feedarr['uid'] = $userevents[$id]['uid'];
$feedarr['username'] = $userevents[$id]['username'];
$feed_inserts[] = "('{$feedarr['appid']}', 'event', '{$feedarr['uid']}', '{$feedarr['username']}', '{$feedarr['dateline']}', '0', '{$feedarr['hash_template']}', '{$feedarr['hash_data']}', '{$feedarr['title_template']}', '{$feedarr['title_data']}', '{$feedarr['body_template']}', '{$feedarr['body_data']}', '{$feedarr['body_general']}', '{$feedarr['image_1']}', '{$feedarr['image_1_link']}', '{$feedarr['image_2']}', '{$feedarr['image_2_link']}', '{$feedarr['image_3']}', '{$feedarr['image_3_link']}', '{$feedarr['image_4']}', '{$feedarr['image_4_link']}')";
}
$userevents[$id]['privacy'] = empty($userevents[$id]['privacy']) ? array() : unserialize($userevents[$id]['privacy']);
$filter = empty($userevents[$id]['privacy']['filter_note']) ? array() : array_keys($userevents[$id]['privacy']['filter_note']);
if (cknote_uid(array("type" => "eventmemberstatus", "authorid" => $_SGLOBAL['supe_uid']), $filter)) {
$note_ids[] = $id;
$note_msg = cplang('eventmember_' . $actions[$id], array("space.php?do=event&id=" . $event['eventid'], $event['title']));
$note_inserts[] = "('{$id}', 'eventmemberstatus', '1', '{$_SGLOBAL['supe_uid']}', '{$_SGLOBAL['supe_username']}', '" . addslashes($note_msg) . "', '{$_SGLOBAL['timestamp']}')";
}
}
if ($note_ids) {
$_SGLOBAL['db']->query("INSERT INTO " . tname('notification') . " (`uid`, `type`, `new`, `authorid`, `author`, `note`, `dateline`) VALUES " . implode(',', $note_inserts));
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET notenum=notenum+1 WHERE uid IN (" . simplode($note_ids) . ")");
}
if ($feed_inserts) {
$_SGLOBAL['db']->query("INSERT INTO " . tname('feed') . " (`appid` ,`icon` ,`uid` ,`username` ,`dateline` ,`friend` ,`hash_template` ,`hash_data` ,`title_template` ,`title_data` ,`body_template` ,`body_data` ,`body_general` ,`image_1` ,`image_1_link` ,`image_2` ,`image_2_link` ,`image_3` ,`image_3_link` ,`image_4` ,`image_4_link`) VALUES " . implode(',', $feed_inserts));
}
if ($status == -1) {
// Delete
$_SGLOBAL['db']->query("DELETE FROM " . tname("userevent") . " WHERE uid IN (" . simplode($newids) . ") AND eventid='{$eventid}'");
} else {
// Set status
$_SGLOBAL['db']->query("UPDATE " . tname("userevent") . " SET status='{$status}' WHERE uid IN (" . simplode($newids) . ") AND eventid='{$eventid}'");
}
// Modify Event Number of members
if ($num != 0) {
$_SGLOBAL['db']->query("UPDATE " . tname("event") . " SET membernum = membernum + ({$num}) WHERE eventid='{$eventid}'");
}
return $newids;
}
inserttable('usergroups', $setarr);
} else {
//更新
updatetable('usergroups', $setarr, array('groupid' => $thevalue['groupid']));
}
//更新缓存
include_once S_ROOT . './function/cache.func.php';
updategroupcache();
showmessage('do_success', S_URL . '/admincp.php?action=usergroups');
} elseif (submitcheck('copysubmit')) {
//移除不需要复制的变量
unset($thevalue['grouptitle']);
unset($thevalue['groupid']);
unset($thevalue['explower']);
unset($thevalue['system']);
$copyvalue = saddslashes($thevalue);
foreach ($_POST['aimgroup'] as $key => $value) {
$groupid = intval($value);
updatetable('usergroups', $copyvalue, array('groupid' => $groupid));
}
//更新缓存
include_once S_ROOT . './function/cache.func.php';
updategroupcache();
showmessage('do_success', S_URL . '/admincp.php?action=usergroups');
} elseif (submitcheck('explowersubmit')) {
if (count($_POST['explower']) != count(array_unique($_POST['explower']))) {
showmessage('integral_limit_duplication_with_other_user_group');
} else {
if (!empty($_POST['explower'])) {
$oldexplower = array();
$query = $_SGLOBAL['db']->query("SELECT groupid, explower FROM " . tname('usergroups'));
foreach ($_POST['option'] as $key => $val) {
$optionarr[] = intval($val);
if (count($optionarr) >= $poll['maxchoice']) {
break;
}
}
$query = $_SGLOBAL['db']->query("SELECT `option` FROM " . tname('polloption') . " WHERE oid IN ('" . implode("','", $optionarr) . "') AND pid='{$pid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$list[] = saddslashes($value['option']);
}
if (empty($list)) {
showmessage('please_select_items_to_vote');
}
//Total votes
$_SGLOBAL['db']->query("UPDATE " . tname('polloption') . " SET votenum=votenum+1 WHERE oid IN ('" . implode("','", $optionarr) . "') AND pid='{$pid}'");
$setarr = array('uid' => $_SGLOBAL['supe_uid'], 'username' => $_POST['anonymous'] ? '' : $_SGLOBAL['supe_username'], 'pid' => $pid, 'option' => saddslashes('"' . implode(cplang('poll_separator'), $list) . '"'), 'dateline' => $_SGLOBAL['timestamp']);
inserttable('polluser', $setarr);
$sql = '';
//Determine whether operating too fast
if ($poll['credit'] && $poll['percredit'] && $poll['uid'] != $_SGLOBAL['supe_uid']) {
if ($poll['credit'] <= $poll['percredit']) {
$poll['percredit'] = $poll['credit'];
$sql = ',percredit=0';
}
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET credit=credit+{$poll['percredit']} WHERE uid='{$_SGLOBAL['supe_uid']}'");
} else {
$poll['percredit'] = 0;
}
$_SGLOBAL['db']->query("UPDATE " . tname('poll') . " SET voternum=voternum+1, lastvote='{$_SGLOBAL['timestamp']}', credit=credit-{$poll['percredit']} {$sql} WHERE pid='{$pid}'");
// real name
realname_get();
function invite_get($uid, $code) {
global $_SGLOBAL, $_SN;
$invitearr = array();
if($uid && $code) {
$query = $_SGLOBAL['db']->query("SELECT i.*, s.username, s.name, s.namestatus
FROM ".tname('invite')." i
LEFT JOIN ".tname('space')." s ON s.uid=i.uid
WHERE i.uid='$uid' AND i.code='$code' AND i.fuid='0'");
if($invitearr = $_SGLOBAL['db']->fetch_array($query)) {
realname_set($invitearr['uid'], $invitearr['username'], $invitearr['name'], $invitearr['namestatus']);
$invitearr = saddslashes($invitearr);
}
}
return $invitearr;
}
} else {
$refer = S_URL_ALL;
}
}
include_once S_ROOT . './uc_client/client.php';
switch ($action) {
case 'login':
$cookietime = 0;
if (!empty($_POST['cookietime'])) {
$cookietime = intval($_POST['cookietime']);
}
if (submitcheck('loginsubmit')) {
$password = $_POST['password'];
$username = $_POST['username'];
$ucresult = uc_user_login($username, $password, $loginfield == 'uid');
list($members['uid'], $members['username'], $members['password'], $members['email']) = saddslashes($ucresult);
if ($members['uid'] <= 0) {
showmessage('login_error', geturl('action/login'));
} else {
if (empty($_SCONFIG['noseccode'])) {
if (!empty($_POST['seccode'])) {
if (!ckseccode($_POST['seccode'])) {
showmessage('incorrect_code', geturl('action/login'));
}
} else {
$guidearr = array();
include template('site_secques');
exit;
}
}
}
function IHomeServiceCreateComplain($params = NULL)
{
global $_SGLOBAL;
if ($params['uid']) {
if ($params['uid'] <= 0) {
$errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct. the id must be a positive interger.");
return json_encode($errorMsg);
} else {
$sql = "select name,username from " . tname('space') . " where uid = " . $params['uid'];
$query = $_SGLOBAL['db']->query($sql);
if ($row = $_SGLOBAL['db']->fetch_array($query)) {
if ($row['name']) {
$params['uname'] = $row['name'];
} else {
$params['uname'] = $row['username'];
}
} else {
$errorMsg = array("errorNo" => "500", "content" => "the uid is not exist");
return json_encode($errorMsg);
}
}
} else {
$errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter uid.the uid is not exist or the uid is not a positive interger.");
return json_encode($errorMsg);
}
// 忽略department_id_list
if (!$params['content']) {
$errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter message.the message is not exist or the message is empty.");
return json_encode($errorMsg);
}
if ($params['device'] && !in_array($params['device'], array('web', 'wechat', 'mobile'))) {
$errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct. the parameter device is out of range.");
return json_encode($errorMsg);
}
$UserIds = array();
$mood = 0;
$params['status'] = 'init';
$params['reply_count'] = 0;
$params['timestamp'] = time();
$params['department_list'] = array();
$params['operation_list'] = array();
$params['reply_list'] = array();
preg_match("/\\[em\\:(\\d+)\\:\\]/s", $params['content'], $ms);
$mood = empty($ms[1]) ? 0 : intval($ms[1]);
$message = rawurldecode(getstr($params['content'], 1000, 1, 1, 1, 2));
preg_match_all("/[@](.*)[(]([\\d]+)[)]\\s*/U", $message, $matches, PREG_SET_ORDER);
# 加上链接
foreach ($matches as $value) {
$TmpString = $value[0];
$TmpName = $value[1];
$UserId = $value[2];
$result = $_SGLOBAL['db']->query("select uid,username,name from " . tname('space') . " where uid={$UserId}");
if ($rs = $_SGLOBAL['db']->fetch_array($result)) {
$realname = $rs['name'];
if (empty($realname)) {
$realname = $rs['username'];
}
$params['department_list'][intval($UserId)] = $realname;
$ValidValue = getAtName($TmpString, $TmpName, $realname);
$ValidValue = trim($ValidValue);
$at_friend = "space.php?uid=" . $UserId;
if ($ValidValue != false) {
$message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $message);
if (!in_array($UserId, $UserIds)) {
$UserIds[] = $UserId;
}
}
}
}
$message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $message);
$message = preg_replace("/\\<br.*?\\>/is", ' ', $message);
$params['content'] = $message;
$setarr = array('uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'from' => $params['uid'], 'message' => $message, 'mood' => $mood, 'ip' => getonlineip(), 'fromdevice' => 'web');
if ($params['device']) {
$setarr['fromdevice'] = $params['device'];
}
if ($params['ip']) {
$setarr['ip'] = $params['ip'];
}
$newdoid = inserttable('doing', $setarr, 1);
@(include_once S_ROOT . './data/data_creditrule.php');
$isComplain = TRUE;
/*if($isComplain && ($_SGLOBAL['member']['credit'] < $_SGLOBAL['creditrule']['complain']['credit'])){ # 如果积分不够
$isComplain = FALSE;
$note = cplang('note_complain_credit_failed', array("space.php?do=doing&doid=$newdoid"));
notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note);
$complain_msg = 'note_complain_credit_failed';
}*/
# 这部分可能会出错
foreach ($UserIds as $UserId) {
if ($isComplain) {
$UserDept = isDepartment($UserId, 1);
if ($UserDept) {
$nowtime = time();
$complain = array('doid' => $newdoid, 'uid' => $params['uid'], 'uname' => $params['uname'], 'atdepartment' => $UserDept['department'], 'atdeptuid' => $UserId, 'from' => $params['uid'], 'atuid' => $UserId, 'atuname' => $UserDept['department'], 'isreply' => 0, 'addtime' => $nowtime, 'dateline' => $nowtime, 'expire' => 0, 'times' => 1, 'issendmsg' => 0, 'message' => $message, 'datatime' => date("Ymd", $nowtime));
inserttable('complain', $complain, 0);
$note = cplang('note_complain_buchu', array("space.php?do=complain_item&doid={$newdoid}", date('Y-m-d H:i', $nowtime + 3600 * 24)));
notification_complain_add($UserId, 'complain', $note);
$complainOK = TRUE;
} else {
$note = cplang('note_doing_at', array("space.php?do=doing&doid={$newdoid}"));
notification_add($UserId, 'atyou', $note);
}
}
}
if ($complainOK) {
$note = cplang('note_complain_user_success', array("space.php?do=complain_item&doid={$newdoid}"));
notification_complain_add($params['uid'], 'complain', $note);
$complain_msg = 'note_complain_user_success';
getreward('complain', 1, $params['uid']);
}
if (!$complainOK && $isComplain) {
if ($UserId == '0000') {
//系统管理员 虽然并没有什么用
$note = cplang("您好,您的诉求已发送成功。谢谢您对ihome社区的大力支持!", array("space.php?do=doing&doid={$newdoid}"));
notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note);
} else {
$note = cplang('note_complain_user_failed', array("space.php?do=doing&doid={$newdoid}"));
notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note);
$complain_msg = 'note_complain_user_failed';
}
}
$feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid', 'fromdevice' => 'web', 'ip' => getonlineip());
if ($params['device']) {
$feedarr['fromdevice'] = $params['device'];
}
if ($params['ip']) {
$feedarr['ip'] = $params['ip'];
}
$feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']);
//ϲºÃhash
$feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']);
//ºÏ²¢hash
$feedid = inserttable('feed', $feedarr, 1);
updatestat('doing');
$setarr = array('note' => $message);
$reward = getreward('doing', 0);
updatetable('spacefield', $setarr, array('uid' => $params['uid']));
return json_encode($params);
}
public function login($userlogin = '')
{
$userlogin = saddslashes($userlogin);
$sql = "SELECT * FROM `user`\n WHERE `user`.login = '******'\n ";
$res = sapp('db')->getrow($sql);
return $res;
}
error_reporting(0);
$_SGLOBAL = $_SCONFIG = array();
//程序目录
define('S_ROOT', substr(dirname(__FILE__), 0, -7));
include_once S_ROOT . './function/common.func.php';
//获取时间
$_SGLOBAL['timestamp'] = time();
if (!@(include_once S_ROOT . './config.php')) {
@(include_once S_ROOT . './config.new.php');
show_msg('您需要首先将程序根目录下面的 "config.new.php" 文件重命名为 "config.php"', 999);
}
extract($_SC);
//GPC过滤
if (!get_magic_quotes_gpc()) {
$_GET = saddslashes($_GET);
$_POST = saddslashes($_POST);
}
ob_start();
$theurl = 'index.php';
$sqlfile = S_ROOT . './data/install.sql';
if (!file_exists($sqlfile)) {
show_msg('请上传最新的 install.sql 数据库结构文件到程序的 ./data 目录下面,再重新运行本程序', 999);
}
$configfile = S_ROOT . './config.php';
//变量
$step = empty($_GET['step']) ? 0 : intval($_GET['step']);
$action = empty($_GET['action']) ? '' : trim($_GET['action']);
$nowarr = array('', '', '', '', '', '', '');
$formhash = formhash();
$lockfile = S_ROOT . './data/install.lock';
if (file_exists($lockfile)) {
$rs = $_SGLOBAL['db']->fetch_array($result);
$realname = $rs['name'];
//调用检查函数将@后的内容进行验证,为UID对应的姓名相同则返回@与姓名,不相同则继续判断下一个@,没有找到匹配的最终将返回false
$ValidValue = getAtName($TmpString, $TmpName, $realname);
$ValidValue = trim($ValidValue);
$at_friend = "space.php?uid=" . $UserId;
$Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message);
}
//替换表情
$Message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $Message);
$Message = preg_replace("/\\<br.*?\\>/is", ' ', $Message);
//print_r($Message);
$arr = array("username" => getstr($username, 15, 1, 1, 1), "message" => $Message, "uid" => intval($userid), "replynum" => 0, "mood" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'ip' => getonlineip());
$newdoid = inserttable('doing', $arr, 1);
//事件feed
$feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $userid, 'username' => $username, 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $Message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid');
$feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']);
//喜好hash
$feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']);
//合并hash
inserttable('feed', $feedarr, 1);
updatestat('doing');
//更新空间note
$setarr = array('note' => $Message);
if (!empty($_POST['spacenote'])) {
$reward = getreward('updatemood', 0);
$setarr['spacenote'] = $Message;
} else {
$reward = getreward('doing', 0);
}
updatetable('spacefield', $setarr, array('uid' => $userid));
