function setData() { $bonus = S::escapeChar(S::getGP('bonus', 'P'), true); $ctype = S::escapeChar(S::getGP('ctype', 'P')); if (empty($bonus)) { $bonus = array(); $bonus['best'] = $this->b_val; $bonus['active'] = $this->a_val; } $bonus['best'] < $this->b_val && Showmsg('credit_limit'); $bonus['active'] < $this->a_val && Showmsg('credit_limit'); reset($this->allowcredit); if (!$ctype['best']) { $ctype['best'] = current($this->allowcredit); } if (!$ctype['active']) { $ctype['active'] = current($this->allowcredit); } if (!in_array($ctype['best'], $this->allowcredit) || !in_array($ctype['active'], $this->allowcredit)) { Showmsg('reward_credit_error'); } $this->data['cbtype'] = $ctype['best']; $this->data['catype'] = $ctype['active']; $this->data['cbval'] = $bonus['best']; $this->data['caval'] = $bonus['active']; }
function getguestIndexpath() { global $db_guestdir; $mode = S::getGP('m'); $mode = $mode && in_array($mode, array('bbs', 'area', 'o')) ? $mode : ''; return D_P . "{$db_guestdir}/index" . $mode . ".html"; }
function initData() { global $timestamp; !$_POST['vt_select'] && Showmsg('postfunc_noempty'); $vt_select = S::getGP('vt_select', 'P'); $vt_select = explode("\n", $vt_select); $votearray = array(); foreach ($vt_select as $key => $option) { if ($option = trim($option)) { $votearray[] = array(stripslashes($option), 0); } } $vtcount = count($votearray); if ($vtcount > $this->maxselect) { Showmsg('vote_num_limit'); } $regdatelimit = S::getGP('regdatelimit', 'P'); $multiplevote = intval(S::getGP('multiplevote', 'P')); $mostvotes = intval(S::getGP('mostvotes', 'P')); $timelimit = intval(S::getGP('timelimit', 'P')); $modifiable = intval(S::getGP('modifiable', 'P')); $previewable = intval(S::getGP('previewable', 'P')); $leastvotes = intval(S::getGP('leastvotes', 'P')); $postnumlimit = intval(S::getGP('postnumlimit', 'P')); if (empty($multiplevote)) { $mostvotes = 1; } elseif ($mostvotes > $vtcount || $mostvotes < 1) { $mostvotes = $vtcount; } if (empty($multiplevote) || $leastvotes > $mostvotes || $leastvotes < 1) { $leastvotes = 1; } $timelimit < 0 && ($timelimit = 0); $postnumlimit < 0 && ($postnumlimit = 0); $regdatelimit = strtotime($regdatelimit); $regdatelimit = $regdatelimit > $timestamp ? $timestamp : $regdatelimit; $creditlimit = S::getGP('creditlimit', 'P'); $creditlimit_temp = array(); foreach ($creditlimit as $key => $value) { if (!empty($value)) { $creditlimit_temp[$key] = (int) $value; } } $this->data['voteopts'] = serialize($votearray); $this->data['modifiable'] = $modifiable; $this->data['previewable'] = $previewable; $this->data['multiple'] = $multiplevote; $this->data['mostvotes'] = $mostvotes; $this->data['leastvotes'] = $leastvotes; $this->data['timelimit'] = $timelimit; $this->data['regdatelimit'] = $regdatelimit; $this->data['creditlimit'] = serialize($creditlimit_temp); $this->data['postnumlimit'] = $postnumlimit; }
function update($uploaddb) { global $db_charset; $this->transfer(); foreach ($uploaddb as $value) { $value['descrip'] = S::escapeChar(S::getGP('atc_desc' . $value['id'], 'P')); $value['name'] = stripslashes(pwConvert($value['name'], $db_charset, 'utf-8')); $this->attachs[] = $value; } return $uploaddb; }
function _setData() { $goodsname = S::escapeChar(S::getGP('goodsname')); $price = S::escapeChar(S::getGP('price')); $costprice = S::escapeChar(S::getGP('costprice')); $locus = S::escapeChar(S::getGP('locus')); $mailfee = S::escapeChar(S::getGP('mailfee')); $expressfee = S::escapeChar(S::getGP('expressfee')); $emsfee = S::escapeChar(S::getGP('emsfee')); $icon = S::escapeChar(S::getGP('attachment_1')); $degree = intval(S::getGP('degree')); $ptype = intval(S::getGP('ptype')); $goodsnum = intval(S::getGP('goodsnum')); $paymethod = S::escapeChar(S::getGP('paymethod'), 1); $transport = intval(S::getGP('transport')); !$goodsname && ($goodsname = S::escapeChar($_POST['atc_title'])); if (!is_numeric($costprice) || $costprice <= 0) { Showmsg('goods_setprice'); } $goodsnum < 1 && Showmsg('goods_num_error'); $paymethod && ($paymethod = array_sum($paymethod)); $paymethod < 1 && Showmsg('goods_pay_error'); !is_numeric($price) && ($price = 0); if ($transport) { !is_numeric($mailfee) && ($mailfee = 0); !is_numeric($expressfee) && ($expressfee = 0); !is_numeric($emsfee) && ($emsfee = 0); if (!$mailfee && !$expressfee && !$emsfee) { Showmsg('goods_logistics'); } } else { $mailfee = $expressfee = $emsfee = 0; } $goodsicon = ''; $this->data['name'] = $goodsname; $this->data['price'] = $price; $this->data['costprice'] = $costprice; $this->data['locus'] = $locus; $this->data['mailfee'] = $mailfee; $this->data['expressfee'] = $expressfee; $this->data['emsfee'] = $emsfee; $this->data['degree'] = $degree; $this->data['type'] = $ptype; $this->data['num'] = $goodsnum; $this->data['paymethod'] = $paymethod; $this->data['transport'] = $transport; $icon && ($this->data['icon'] = $icon); }
function setCustomfield($customfield) { global $value; $srcValue = $value; if (empty($customfield) || !is_array($customfield)) { return; } foreach ($customfield as $key => $value) { $field = "field_" . (int) $value['id']; $v = S::escapeChar(S::getGP($field, 'P')); if ($value['required'] && !$v) { Showmsg('field_empty'); } if ($value['maxlen'] && strlen($v) > $value['maxlen']) { Showmsg('field_lenlimit'); } $v && ($this->memberinfo[$field] = $v); } $value = $srcValue; }
function _setData() { $this->data['subject'] = S::escapeChar(S::getGP('act_subject', 'P')); $this->data['location'] = S::escapeChar(S::getGP('act_location', 'P')); $this->data['sexneed'] = intval(S::getGP('act_sex')); $act_starttime = S::escapeChar(S::getGP('act_starttime')); $act_deadline = S::escapeChar(S::getGP('act_deadline')); $act_endtime = S::escapeChar(S::getGP('act_endtime')); $act_num = intval(S::getGP('act_num')); $act_costs = intval(S::getGP('act_costs')); !($this->data['subject'] && $act_starttime && $act_deadline) && Showmsg('active_data_empty'); $act_starttime = PwStrtoTime($act_starttime); $act_endtime = PwStrtoTime($act_endtime); $act_deadline = PwStrtoTime($act_deadline); $act_num < 1 && ($act_num = 0); $act_costs < 1 && ($act_costs = 0); $this->data['starttime'] = $act_starttime; $this->data['deadline'] = $act_deadline; $this->data['endtime'] = $act_endtime; $this->data['num'] = $act_num; $this->data['costs'] = $act_costs; }
function update($uploaddb) { global $db_enhideset, $db_sellset, $timestamp, $db_ifpwcache; $this->transfer(); foreach ($uploaddb as $value) { $value['name'] = addslashes($value['name']); if ($value['attname'] == 'replace' && isset($this->replacedb[$value['id']])) { $aid = $value['id']; $value['needrvrc'] = $this->replacedb[$aid]['needrvrc']; $value['special'] = $this->replacedb[$aid]['special']; $value['ctype'] = $this->replacedb[$aid]['ctype']; $value['descrip'] = $this->replacedb[$aid]['desc']; $this->pw_attachs->updateById($aid, array('name' => $value['name'], 'type' => $value['type'], 'size' => $value['size'], 'attachurl' => $value['fileuploadurl'], 'needrvrc' => $value['needrvrc'], 'special' => $value['special'], 'ctype' => $value['ctype'], 'uploadtime' => $timestamp, 'descrip' => $value['descrip'], 'ifthumb' => $value['ifthumb'])); $this->replacedb[$aid]['name'] = $value['name']; $this->replacedb[$aid]['type'] = $value['type']; $this->replacedb[$aid]['size'] = $value['size']; $this->replacedb[$aid]['ifthumb'] = $value['ifthumb']; } else { $value['descrip'] = S::escapeChar(S::getGP('atc_desc' . $value['id'], 'P')); $value['needrvrc'] = intval(S::getGP('atc_needrvrc' . $value['id'], 'P')); $value['special'] = intval(S::getGP('att_special' . $value['id'], 'P')); $value['ctype'] = S::getGP('att_ctype' . $value['id'], 'P'); if ($value['needrvrc'] > 0 && ($value['special'] == 1 && $this->post->allowencode && in_array($value['ctype'], $db_enhideset['type']) || $value['special'] == 2 && $this->post->allowsell && in_array($value['ctype'], $db_sellset['type']))) { } else { $value['needrvrc'] = $value['special'] = 0; $value['ctype'] = ''; } $aid = $this->pw_attachs->add(array('fid' => $this->forum->fid, 'uid' => $this->post->uid, 'hits' => 0, 'name' => $value['name'], 'type' => $value['type'], 'size' => $value['size'], 'attachurl' => $value['fileuploadurl'], 'needrvrc' => $value['needrvrc'], 'special' => $value['special'], 'ctype' => $value['ctype'], 'uploadtime' => $timestamp, 'descrip' => $value['descrip'], 'ifthumb' => $value['ifthumb'])); $this->attachs[$aid] = array('aid' => $aid, 'name' => stripslashes($value['name']), 'type' => $value['type'], 'attachurl' => $value['fileuploadurl'], 'needrvrc' => $value['needrvrc'], 'special' => $value['special'], 'ctype' => $value['ctype'], 'size' => $value['size'], 'hits' => 0, 'desc' => str_replace('\\', '', $value['descrip']), 'ifthumb' => $value['ifthumb']); $this->idrelate[$aid] = $value['id']; $this->post->user['uploadnum']++; $this->post->user['uploadtime'] = $timestamp; } if ($value['type'] == 'img') { $this->ifupload = 1; $this->uploadImgNum++; } else { $this->ifupload = $value['type'] == 'txt' ? 2 : 3; } //Start elementupdate if ($db_ifpwcache & 512 && $value['type'] == 'img' && !$value['needrvrc'] && !$this->elementpic) { $this->elementpic = array('aid' => $aid, 'attachurl' => $value['fileuploadurl'], 'ifthumb' => $value['ifthumb']); } //End elementupdate } $this->addCredit(); return true; }
function setDataAlipay($uid, $tableName, $fieldName, $required = false) { if (!$this->memberData[$uid][$tableName]['tradeinfo']) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $userInfo = $userService->get($uid, true, false, true); if (!$userInfo) { return false; } $this->memberData[$uid][$tableName]['tradeinfo'] = $userInfo['tradeinfo']; } $tradeInfo = @(array) unserialize($userInfo['tradeinfo']); $tradeInfo[$fieldName] = S::escapeChar(S::getGP($fieldName, 'P')); if (!$required && !$tradeInfo[$fieldName] || $tradeInfo[$fieldName] && $this->checkAlipay($tradeInfo[$fieldName]) === true) { $this->memberData[$uid][$tableName]['tradeinfo'] = serialize($tradeInfo); return true; } else { return false; } }
$value = $tmp; } else { $value = $tmp[0]; } } else { $value = stripslashes(str_replace(array('=', '&'), array('=', '&'), $value)); /*other*/ } $config[$key] = is_array($value) ? $value : $value; } $config['size'] = $config['size'] . "px"; $config = addslashes(serialize($config)); if ($id) { $db->update("UPDATE pw_advert SET " . S::sqlSingle(array('ckey' => $advert['ckey'], 'stime' => $advert['stime'], 'etime' => $advert['etime'], 'ifshow' => $advert['ifshow'], 'orderby' => $advert['orderby'], 'descrip' => $advert['descrip'], 'config' => $config)) . " WHERE type='1' AND id=" . S::sqlEscape($id)); } else { $otherkey = (array) S::getGP('otherkey'); $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $winduid = $userService->getUserIdByUserName($admin_name); foreach ($otherkey as $value) { if (!$cates[$value] || $advert['ckey'] == $value) { continue; } $db->update("INSERT INTO pw_advert SET " . S::sqlSingle(array('uid' => $winduid, 'type' => 1, 'ckey' => $value, 'stime' => $advert['stime'], 'etime' => $advert['etime'], 'ifshow' => $advert['ifshow'], 'orderby' => $advert['orderby'], 'descrip' => $advert['descrip'], 'config' => $config))); } $db->update("INSERT INTO pw_advert SET " . S::sqlSingle(array('uid' => $winduid, 'type' => 1, 'ckey' => $advert['ckey'], 'stime' => $advert['stime'], 'etime' => $advert['etime'], 'ifshow' => $advert['ifshow'], 'orderby' => $advert['orderby'], 'descrip' => $advert['descrip'], 'config' => $config))); $id = $db->insert_id(); } if ($advert['ifshow']) { $db->update("UPDATE pw_advert SET ifshow=1 WHERE type=0 AND ifshow=0 AND ckey=" . S::sqlEscape($advert['ckey'])); }
$count = $db->get_value("SELECT COUNT(*) AS count FROM temp"); } (!is_numeric($page) || $page < 1) && ($page = 1); $pages = numofpage($count, $page, ceil($count / $db_perpage), "{$basename}&action={$action}&{$pageurl}"); $limit = S::sqlLimit(($page - 1) * $db_perpage, $db_perpage); $query = $db->query("SELECT fid,gid FROM pw_permission WHERE {$sql} GROUP BY fid,gid {$limit}"); while ($rd = $db->fetch_array($query)) { $g_d[] = $rd; } $jschk = ($fid || $gid) && $pages ? 'true' : 'false'; include PrintEot('singleright'); exit; } elseif ($action == 'setright') { //单用户权限设置 S::gp(array('uid', 'gid', 'fid'), 'GP', 2); $pwuser = S::escapeChar(S::getGP('pwuser')); $jumpurl = "{$basename}&action={$job}"; $f = $db->get_one("SELECT name,type FROM pw_forums WHERE fid=" . S::sqlEscape($fid)); empty($f) && adminmsg('undefined_action', $jumpurl); //* include_once pwCache::getPath(D_P.'data/bbscache/forumcache.php'); pwCache::getData(D_P . 'data/bbscache/forumcache.php'); list($hidefid, $hideforum) = GetHiddenForum(); $forumcache .= $hideforum; $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ if (empty($_POST['step'])) { if ($job == 'user') { if ($pwuser) { //add $rt = $userService->getByUserName($pwuser); if (empty($rt)) {
adminmsg('operate_success', "{$basename}" . "&action=check"); } else { if (empty($pid)) { adminmsg('operate_error'); } if (is_array($pid)) { if (!($selid = checkselid($pid))) { $basename = "javascript:history.go(-1);"; adminmsg('operate_error'); } $objid = array_keys($pid); } else { $selid = (int) $pid; $objid = (int) $pid; } $ptable = S::getGP('ptable'); if (is_array($ptable)) { if ($db_plist && count($db_plist) > 1) { foreach ($ptable as $key => $value) { if (isset($db_plist[$value])) { $postslist[$value] = GetPtable($value); } } } else { $postslist[] = 'pw_posts'; } } else { $postslist[] = GetPtable($ptable); } foreach ($postslist as $pw_posts) { $fids = $tids = $db_threads = array();
} if ($_POST['step'] != 2) { include PrintEot('manager'); exit; } else { if (!$username) { adminmsg('manager_empty'); } if (str_replace(array('\\', '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#'), '', $username) != $username) { adminmsg('manager_errorusername'); } $key = (int) array_search($oldname, $manager); if (!$password) { $password = $manager_pwd[$key]; } else { if (S::getGP('check_pwd') != $password) { adminmsg('password_confirm'); } if (str_replace(array('\\', '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#'), '', $password) != $password) { adminmsg('manager_errorpassword'); } $password = $manager_pwd[$key] = md5($password); } if ($username != $oldname) { if (S::inArray($username, $manager)) { adminmsg('manager_had'); } $manager[$key] = $username; $oldname == $admin_name && Cookie('AdminUser', '', 0); } $newconfig = array('dbhost' => $dbhost, 'dbuser' => $dbuser, 'dbpw' => $dbpw, 'dbname' => $dbname, 'database' => $database, 'PW' => $PW, 'pconnect' => $pconnect, 'charset' => $charset, 'manager' => $manager, 'manager_pwd' => $manager_pwd, 'db_hostweb' => $db_hostweb, 'db_distribute' => $db_distribute, 'attach_url' => $attach_url, 'slaveConfigs' => $slaveConfigs);
$iconfile = ''; } require_once uTemplate::PrintEot('info_face'); pwOutPut(); } else { if ($step == '2') { PostCheck(); S::slashes($userdb); S::gp(array('facetype', 'proicon'), 'P'); require_once R_P . 'require/showimg.php'; $user_a = explode('|', $winddb['icon']); $usericon = ''; if ($facetype == 1) { $usericon = setIcon($proicon, $facetype, $user_a); } elseif ($_G['allowportait'] && $facetype == 2) { $httpurl = S::getGP('httpurl', 'P'); if (strncmp($httpurl[0], 'http://', 7) != 0 || strrpos($httpurl[0], '|') !== false) { refreshto("profile.php?action=modify&info_type={$info_type}&facetype={$facetype}", getLangInfo('msg', 'illegal_customimg'), 2, true); } $proicon = S::escapeChar($httpurl[0]); $httpurl[1] = (int) $httpurl[1]; $httpurl[2] = (int) $httpurl[2]; $httpurl[3] = (int) $httpurl[3]; $httpurl[4] = (int) $httpurl[4]; list($user_a[2], $user_a[3]) = flexlen($httpurl[1], $httpurl[2], $httpurl[3], $httpurl[4]); $usericon = setIcon($proicon, $facetype, $user_a); unset($httpurl); } pwFtpClose($ftp); //update member $usericon && ($result = $userService->update($winduid, array('icon' => $usericon)));
$moneyName = $credit->cType[$key]; $unit = $credit->cUnit[$key]; $creditPops .= $value . $unit . $moneyName . ","; } $deletePhotoCredit = $creditset ? '删除照片会扣除积分:' . $creditPops . '继续吗?' : '是否确认删除?'; list($photo, $nearphoto, $prePid, $nextPid) = $result; $isown = $photo['ownerid'] == $winduid ? '1' : '0'; if (!$isown) { //转跳处理 $url = $db_bbsurl . "/apps.php?q=photos&a=view&pid=" . $pid . "&uid=" . $photo['ownerid']; ObHeader($url); } $u = $photo['ownerid']; $username = $photo['owner']; $aid = $photo['aid']; $page = (int) S::getGP('page'); $page < 1 && ($page = 1); $url = $basename . 'a=view&pid=' . $pid; $url .= $ifriend == 1 ? '&ifriend=' . $ifriend . '&' : '&'; require_once R_P . 'require/bbscode.php'; list($commentdb, $subcommentdb, $pages) = getCommentDbByTypeid('photo', $pid, $page, $url); $comment_type = 'photo'; $comment_typeid = $pid; $ouserdataService = L::loadClass('Ouserdata', 'sns'); /* @var $ouserdataService PW_Ouserdata */ $myOuserData = $ouserdataService->get($photo['ownerid']); $weiboPriv = false; !$myOuserData['index_privacy'] && !$myOuserData['photos_privacy'] && !$photo['private'] && ($weiboPriv = true); } elseif ($a == 'next') { define('AJAX', 1); S::gp(array('pid'));
<?php !defined('P_W') && exit('Forbidden'); require_once R_P . 'require/bbscode.php'; S::gp(array('pcid', 'modelid'), 'P', 2); $fielddb = array(); $data = array(); $atc_content = S::escapeChar(stripslashes(S::getGP('atc_content', 'P'))); $pcinfo = S::escapeChar(stripslashes(S::getGP('pcinfo', 'P'))); if ($modelid > 0) { $query = $db->query("SELECT fieldid,fieldname FROM pw_topicfield WHERE modelid=" . S::sqlEscape($modelid)); while ($rt = $db->fetch_array($query)) { $fielddb[$rt['fieldid']] = $rt['fieldname']; } $pcdb = getPcviewdata($pcinfo, 'topic'); L::loadClass('posttopic', 'forum', false); $postTopic = new postTopic($data); $topicvalue = $postTopic->getTopicvalue($modelid, $pcdb); } elseif ($pcid > 0) { $query = $db->query("SELECT fieldid,fieldname FROM pw_pcfield WHERE pcid=" . S::sqlEscape($pcid)); while ($rt = $db->fetch_array($query)) { $fielddb[$rt['fieldname']] = $rt['fieldid']; } $pcdb = getPcviewdata($pcinfo, 'postcate'); L::loadClass('postcate', 'forum', false); $postCate = new postCate($data); list(, $topicvalue) = $postCate->getCatevalue($pcid, $pcdb); } $atc_content = wordsConvert($atc_content); $atc_content = convert($atc_content, $db_windpost); $preatc = str_replace("\n", "<br>", $atc_content);
} //发送结束 //passport if ($db_pptifopen && $db_ppttype == 'server' && ($db_ppturls || $forward)) { $action = 'login'; $jumpurl = $forward ? $forward : $db_ppturls; empty($forward) && ($forward = $db_bbsurl); require_once R_P . 'require/passport_server.php'; } //passport $verifyhash = GetVerify($winduid); ObHeader("{$db_registerfile}?step=finish&verify={$verifyhash}"); } elseif ($step == 'finish') { S::gp(array('email', 'newemail', 'regname', 'option', 'r')); S::gp(array('facetype'), 'G'); if (S::getGP('vip') == 'activating') { S::gp(array('r_uid', 'pwd', 'toemail'), 'G'); $r_uid = (int) $r_uid; $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ if ($rg_config['rg_emailcheck'] == 0) { Showmsg('reg_jihuo_success'); } if (!$userService->activateUser($r_uid, $pwd, $db_sitehash, $toemail)) { Showmsg('reg_jihuo_fail'); } Cookie('regactivate', 1); require_once PrintEot('register'); footer(); } if ($option && $option != 'uploadicon') {
function initData() { /*初始化上传信息*/ global $timestamp, $db_topicname, $tid, $limitnums; $postcate = S::getGP('postcate', 'P'); $query = $this->db->query("SELECT fieldname,name,type,rules,ifmust,ifable FROM pw_pcfield WHERE pcid=" . S::sqlEscape($this->pcid)); while ($rt = $this->db->fetch_array($query)) { if ($rt['type'] != 'upload' && $rt['ifable'] && $rt['ifmust'] && !S::isNatualValue($postcate[$rt['fieldname']])) { $db_topicname = $rt['name']; Showmsg('topic_field_must'); } if (in_array($rt['fieldname'], array('tel', 'phone', 'limitnum'))) { $postcate[$rt['fieldname']] && !is_numeric($postcate[$rt['fieldname']]) && Showmsg('telphone_error'); } elseif (in_array($rt['fieldname'], array('price', 'deposit', 'mprice'))) { $postcate[$rt['fieldname']] && !is_numeric($postcate[$rt['fieldname']]) && Showmsg('numeric_error'); $postcate[$rt['fieldname']] = number_format(floatval($postcate[$rt['fieldname']]), 2, '.', ''); } if ($postcate[$rt['fieldname']]) { if ($rt['type'] == 'number') { !is_numeric($postcate[$rt['fieldname']]) && Showmsg('number_error'); $limitnum = unserialize($rt['rules']); if ($limitnum['minnum'] && $limitnum['maxnum'] && ($postcate[$rt['fieldname']] < $limitnum['minnum'] || $postcate[$rt['fieldname']] > $limitnum['maxnum'])) { $db_topicname = $rt['name']; Showmsg('topic_number_limit'); } } elseif ($rt['type'] == 'range') { !is_numeric($postcate[$rt['fieldname']]) && Showmsg('number_error'); } elseif ($rt['type'] == 'email') { if (!preg_match("/^[-a-zA-Z0-9_\\.]+@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$/", $postcate[$rt['fieldname']])) { Showmsg('illegal_email'); } } elseif ($rt['type'] == 'checkbox') { $checkboxs = ','; foreach ($postcate[$rt['fieldname']] as $value) { $checkboxs .= $value . ','; } $postcate[$rt['fieldname']] = $checkboxs; } elseif ($rt['type'] == 'calendar') { //日期值检查 $checkTime = strtotime($postcate[$rt['fieldname']]); if (!$checkTime || -1 == $checkTime) { $GLOBALS['db_actname'] = $rt['name']; Showmsg('calendar_wrong_format'); } //end $postcate[$rt['fieldname']] = PwStrtoTime($postcate[$rt['fieldname']]); } } } $limitnums = $this->db->get_value("SELECT SUM(nums) as num FROM pw_pcmember WHERE tid=" . S::sqlEscape($tid)); if ($postcate['limitnum'] && $limitnums > $postcate['limitnum']) { Showmsg('pclimitnum_error'); } $postcate['begintime'] > $postcate['endtime'] && Showmsg('begin_endtime'); $postcate['endtime'] < $timestamp && Showmsg('截止时间必须大于当前时间'); $this->data['postcate'] = serialize($postcate); }
function wap_footer() { global $wind_version, $db_obstart, $windid, $db_charset, $db_wapcharset, $chs, $timestamp, $db_online, $db, $db_wapregist, $rg_allowregister, $online_info, $db_bbsurl; Update_ol(); $userinbbs = $guestinbbs = 0; if (empty($db_online)) { extract(pwCache::getData(D_P . 'data/bbscache/olcache.php', false)); } else { if (count($online_info = explode("\t", GetCookie('online_info'))) == 3 && $timestamp - $online_info[0] < 60) { list(, $userinbbs, $guestinbbs) = $online_info; } else { $onlineService = L::loadClass('OnlineService', 'user'); $userinbbs = $onlineService->countOnlineUser(); $guestinbbs = $onlineService->countOnlineGuest(); Cookie('online_info', $timestamp . "\t" . $userinbbs . "\t" . $guestinbbs); } } $usertotal = $guestinbbs + $userinbbs; $ft_time = get_date($timestamp); require_once PrintWAP('footer'); $output = ob_get_contents(); ob_end_clean(); $db_obstart && function_exists('ob_gzhandler') ? ob_start('ob_gzhandler') : ob_start(); if ($db_charset != 'utf8') { L::loadClass('Chinese', 'utility/lang', false); $chs = new Chinese(); $output = $chs->Convert($output, $db_charset, $db_wapcharset ? 'UTF8' : 'UNICODE'); } $output = str_replace(array('<!--<!---->', '<!---->-->', '<!---->', "\r\n\r\n"), '', $output); $wap_view = S::getGP('wap_view'); if ($wap_view) { $output = preg_replace('/<a[^>]*>([^<]+|.*?)?<\\/a>/i', "\\1", $output); } echo $output; ob_flush(); exit; }
<?php require_once 'wap_global.php'; $a = S::getGP('a'); empty($a) && ($a = "index"); if (in_array($a, array('index', 'quit', 'forum', 'read', 'list', 'myfav', 'myhome', 'login', 'search', 'bbsinfo', 'items', 'msg', 'recommend', 'reply_all', 'reply', 'mawhole', 'upload', 'job', 'ms_index', 'mybbs', 'myphone', 'upface', 'post', 'register', 'action', 'addtofav'))) { require_once S::escapePath(W_P . "control/" . $a . ".php"); } else { exit('Forbidden'); }
if (@file_exists($tmpCachefile)) { $resume = true; $pwSendmail['lasttime'] = get_date(pwFilemtime($tmpCachefile)); } include PrintEot('sendmail'); exit; } elseif ($action == "send") { $pwServer['REQUEST_METHOD'] != 'POST' && PostCheck($verify); S::gp(array('by', 'subject', 'percount')); $atc_content = $_POST['atc_content']; if (empty($subject) || empty($atc_content)) { adminmsg('sendmsg_empty'); } $pwSendmail = array(); if ($by == 0) { $sendto = S::getGP('sendto'); !$sendto && adminmsg('operate_error'); settype($sendto, 'array'); $pwSendmail['info'] = $sendto; $pwSendmail['count'] = $db->get_value("SELECT COUNT(*) FROM pw_members WHERE groupid IN(" . S::sqlImplode($sendto) . ")"); } elseif ($by == 1) { $onlineuser = GetOnlineUser(); $uids = array(); foreach ($onlineuser as $key => $value) { is_numeric($key) && ($uids[] = $key); } $pwSendmail['count'] = count($uids); } elseif ($by == 2) { S::gp(array('starttime', 'endtime'), 'P'); $stime = PwStrtoTime($starttime); $etime = PwStrtoTime($endtime);
include_once R_P . 'require/forum.php'; if ($admin_gid == 5) { list($allowfid, $forumcache) = GetAllowForum($admin_name); $sql = $allowfid ? "fid IN({$allowfid})" : '0'; } else { //* include pwCache::getPath(D_P.'data/bbscache/forumcache.php'); pwCache::getData(D_P . 'data/bbscache/forumcache.php'); list($hidefid, $hideforum) = GetHiddenForum(); if ($admin_gid == 3) { $forumcache .= $hideforum; $sql = '1'; } else { $sql = $hidefid ? "fid NOT IN({$hidefid})" : '1'; } } $action = S::getGP('action'); if (!$action) { if (!$_POST['step']) { S::gp(array('fid', 'username', 'uid', 'page')); if (is_numeric($fid)) { $sql .= " AND fid=" . S::sqlEscape($fid); } elseif ($sql == '1') { $fids = array(); foreach ($forum as $key => $value) { $fids[] = $key; } $fids && ($sql .= " AND fid IN(" . S::sqlImplode($fids) . ")"); } $sql .= " AND ifcheck='0'"; if ($username) { $sql .= " AND author like " . S::sqlEscape("%{$username}%");
<?php define('SCR', 'index'); require_once 'global.php'; $cateid = (int) S::getGP('cateid'); $m = S::getGP('m'); if ($db_channeldomain && ($secdomain = array_search($pwServer['HTTP_HOST'], $db_channeldomain))) { $m = 'area'; // $db_bbsurl = $_mainUrl; $alias = $secdomain; define('HTML_CHANNEL', 1); } selectMode($m); if (defined('M_P') && file_exists(M_P . 'index.php')) { pwCache::getData(S::escapePath(D_P . 'data/bbscache/' . $db_mode . '_config.php')); if (file_exists(M_P . 'require/core.php')) { require_once M_P . 'require/core.php'; } $basename = "index.php?m={$m}"; require_once M_P . 'index.php'; exit; } pwCache::getData(D_P . 'data/bbscache/cache_index.php'); pwCache::getData(D_P . 'data/bbscache/forum_cache.php'); //notice $noticedb = array(); foreach ($notice_A as $value) { if ($value['startdate'] <= $timestamp && (!$value['enddate'] || $value['enddate'] >= $timestamp)) { $value['startdate'] = $value['stime'] ? $value['stime'] : get_date($value['startdate'], 'y-m-d'); !$value['url'] && ($value['url'] = 'notice.php#' . $value['aid']); $noticedb[$value['aid']] = $value;
Showmsg('debate_judgesuccess'); } else { $debate = $db->get_one("SELECT obvote,revote,obposts,reposts,umpirepoint,debater,judge FROM pw_debates WHERE tid=" . S::sqlEscape($tid)); if (!$debate['debater']) { $debater = array(); $query = $db->query("SELECT dd.authorid,dd.vote,m.username FROM pw_debatedata dd LEFT JOIN pw_members m ON dd.authorid=m.uid WHERE dd.tid=" . S::sqlEscape($tid) . "ORDER BY dd.vote DESC LIMIT 10"); while ($rt = $db->fetch_array($query)) { $debater[$rt['authorid']]['vote'] += $rt['vote']; $debater[$rt['authorid']]['username'] = $rt['username']; } } require_once PrintEot('ajax'); ajax_footer(); } } elseif ($do == 'agree') { $pid = (int) S::getGP('pid'); $debate = $db->get_one("SELECT endtime,judge FROM pw_debates WHERE tid=" . S::sqlEscape($tid)); empty($debate) && Showmsg('data_error'); if ($debate['judge'] > 0 || $debate['endtime'] < $timestamp) { Showmsg('debate_over'); } $debate = $db->get_one("SELECT authorid,vote,voteids FROM pw_debatedata WHERE pid=" . S::sqlEscape($pid) . "AND tid=" . S::sqlEscape($tid)); empty($debate) && Showmsg('data_error'); $debate['authorid'] == $winduid && Showmsg('debate_voteself'); if (strpos($debate['voteids'], $winduid) !== false) { Showmsg('debate_voted'); } $debate['voteids'] .= "{$winduid},"; $db->update("UPDATE pw_debatedata SET vote=vote+1,voteids=" . S::sqlEscape($debate['voteids'], false) . "WHERE pid=" . S::sqlEscape($pid) . "AND tid=" . S::sqlEscape($tid)); $vote = $debate['vote'] + 1; Showmsg('debate_agree');
$colonyOwner = $memdb[$colony['admin']]; unset($memdb[$colony['admin']]); $colonyOwner && array_unshift($memdb, $colonyOwner); } } $urladd = $group ? '&group=' . $group : ''; require_once PrintEot('thread_member'); footer(); } else { !$ifadmin && Showmsg('undefined_action'); S::gp(array('selid'), 'P', 2); if (!$selid || !is_array($selid)) { Showmsg('id_error'); } $toUsers = array(); $operateStep = S::getGP('operateStep', 'P'); switch ($operateStep) { case 'addadmin': $colony['admin'] != $windid && $groupid != 3 && Showmsg('colony_manager'); $query = $db->query("SELECT ifadmin,username FROM pw_cmembers WHERE colonyid=" . S::sqlEscape($cyid) . ' AND uid IN(' . S::sqlImplode($selid) . ") AND ifadmin!='1'"); $newMemberCount = 0; while ($rt = $db->fetch_array($query)) { $rt['ifadmin'] == -1 && $newMemberCount++; $toUsers[] = $rt['username']; } $newColony->updateInfoCount(array('members' => $newMemberCount)); //* $db->update("UPDATE pw_cmembers SET ifadmin='1' WHERE colonyid=" . S::sqlEscape($cyid) . ' AND uid IN(' . S::sqlImplode($selid) . ") AND ifadmin!='1'"); pwQuery::update('pw_cmembers', 'colonyid=:colonyid AND uid IN (:uid) AND ifadmin!=:ifadmin', array($cyid, $selid, 1), array('ifadmin' => 1)); break; case 'deladmin': $colony['admin'] != $windid && $groupid != 3 && Showmsg('colony_manager');
function initData() { /*初始化上传信息*/ global $timestamp, $db_topicname; $topic = S::getGP('topic', 'P'); $query = $this->db->query("SELECT fieldid,name,type,rules,ifmust,ifable FROM pw_topicfield WHERE modelid=" . S::sqlEscape($this->modelid)); while ($rt = $this->db->fetch_array($query)) { if ($rt['type'] != 'upload' && $rt['ifable'] && $rt['ifmust'] && !S::isNatualValue($topic[$rt['fieldid']])) { $db_topicname = $rt['name']; Showmsg('topic_field_must'); } if (S::isNatualValue($topic[$rt['fieldid']])) { if ($rt['type'] == 'number') { !is_numeric($topic[$rt['fieldid']]) && Showmsg('number_error'); $limitnum = unserialize($rt['rules']); if ($limitnum['minnum'] !== '' && $topic[$rt['fieldid']] < $limitnum['minnum'] || $limitnum['maxnum'] !== '' && $topic[$rt['fieldid']] > $limitnum['maxnum']) { $db_topicname = $rt['name']; Showmsg('topic_number_limit'); } } elseif ($rt['type'] == 'range') { !is_numeric($topic[$rt['fieldid']]) && Showmsg('number_error'); } elseif ($rt['type'] == 'email') { if (!preg_match("/^[-a-zA-Z0-9_\\.]+@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$/", $topic[$rt['fieldid']])) { Showmsg('illegal_email'); } } elseif ($rt['type'] == 'checkbox') { $checkboxs = ','; foreach ($topic[$rt['fieldid']] as $value) { $checkboxs .= $value . ','; } $topic[$rt['fieldid']] = $checkboxs; } elseif ($rt['type'] == 'calendar') { $topic[$rt['fieldid']] = PwStrtoTime($topic[$rt['fieldid']]); } } } $this->data['topic'] = serialize($topic); }
Showmsg('unenough_money'); } } $credit->addLog('hack_toolbuy', array($toolinfo['creditype'] => -$price), array('uid' => $winduid, 'username' => $windid, 'ip' => $onlineip, 'nums' => $nums, 'toolname' => $toolinfo['name'])); $credit->set($winduid, $toolinfo['creditype'], -$price); $db->update("UPDATE pw_tools SET stock=stock-" . S::sqlEscape($nums) . " WHERE id=" . S::sqlEscape($id)); $db->pw_update("SELECT uid FROM pw_usertool WHERE uid=" . S::sqlEscape($winduid) . " AND toolid=" . S::sqlEscape($id), "UPDATE pw_usertool SET nums=nums+" . S::sqlEscape($nums) . " WHERE uid=" . S::sqlEscape($winduid) . " AND toolid=" . S::sqlEscape($id), "INSERT INTO pw_usertool SET " . S::sqlSingle(array('nums' => $nums, 'uid' => $winduid, 'toolid' => $id, 'sellstatus' => $sell_status))); require_once R_P . 'require/tool.php'; $logdata = array('type' => 'buy', 'nums' => $nums, 'money' => $price, 'descrip' => 'buy_descrip', 'uid' => $winduid, 'username' => $windid, 'ip' => $onlineip, 'time' => $timestamp, 'toolname' => $toolinfo['name'], 'from' => ''); writetoollog($logdata); procUnLock('tool_buy', $winduid); } refreshto("profile.php?action=toolcenter", 'operate_success'); } } elseif ($job == 'use' || $job == 'ajax') { $toolid = (int) S::getGP('toolid'); if (!$toolid) { $tooldb = array(); $query = $db->query("SELECT * FROM pw_usertool u LEFT JOIN pw_tools t ON t.id=u.toolid WHERE u.uid=" . S::sqlEscape($winduid) . "ORDER BY vieworder"); while ($rt = $db->fetch_array($query)) { $rt['descrip'] = substrs($rt['descrip'], 45); $tooldb[] = $rt; } if (!$tooldb) { Showmsg('no_tool'); } require_once uTemplate::PrintEot('profile_toolcenter'); pwOutPut(); } $tooldb = $db->get_one("SELECT u.nums,t.name,t.filename,t.state,t.type,t.conditions FROM pw_usertool u LEFT JOIN pw_tools t ON t.id=u.toolid WHERE u.uid=" . S::sqlEscape($winduid) . "AND u.toolid=" . S::sqlEscape($toolid)); !$db_toolifopen && Showmsg('toolcenter_close');
$arr_posts[$key]['mark'] = $fourmid; } if ($arr_posts) { $sql = "REPLACE INTO pw_elements(id,value,addition,special,type,mark) VALUES" . S::sqlMulti($arr_posts, true); $db->update($sql); } } } else { break; } } if ($step < $total) { adminmsg('updatecache_total_step', "{$basename}&action=update&type=newpic&step={$step}"); } } elseif ($type == 'hotfavor') { $step = intval(S::getGP('step')); //* require_once pwCache::getPath(D_P.'data/bbscache/forum_cache.php'); pwCache::getData(D_P . 'data/bbscache/forum_cache.php'); $arr_forumkeys = array_keys($forum); if (!$step) { $step = 0; $db->query("DELETE FROM pw_elements WHERE type='hotfavor'"); } $total = count($arr_forumkeys); for ($i = 0; $i < 5; $i++) { if ($step < $total) { $fourmid = $arr_forumkeys[$step]; !$forum[$fourmid] && adminmsg('undefined_action'); $step++; if ($forum[$fourmid]['type'] == 'category') { continue;
<?php defined('P_W') || exit('Forbidden'); define('SCR', 'read'); require_once R_P . 'require/forum.php'; require_once R_P . 'require/bbscode.php'; //* include_once pwCache::getPath(D_P.'data/bbscache/cache_read.php'); pwCache::getData(D_P . 'data/bbscache/cache_read.php'); define("AJAX", 1); S::gp(array('type', 'stylepath')); S::gp(array('fpage', 'uid', 'toread'), 'GP', 2); $_showSmallImg = 5; $ordertype = S::getGP('ordertype'); $fieldadd = $tablaadd = $sqladd = $fastpost = $special = $ifmagic = $urladd = $fieldinfo = $tableinfo = ''; $_uids = $_pids = array(); $page = S::getGP('page'); //* $threads = L::loadClass('Threads', 'forum'); //* $read = $threads->getThreads($tid); $_cacheService = Perf::gatherCache('pw_threads'); $read = $_cacheService->getThreadByThreadId($tid); !$read && Showmsg('illegal_tid'); $_uids[$read['authorid']] = 'UID_' . $read['authorid']; #用户 list($fid, $ptable, $ifcheck, $openIndex) = array($read['fid'], $read['ptable'], $read['ifcheck'], getstatus($read['tpcstatus'], 2)); $pw_posts = GetPtable($ptable); /*The app client*/ if ($db_siteappkey && ($db_apps_list['17']['status'] == 1 || is_array($db_threadconfig))) { $appclient = L::loadClass('appclient'); if ($db_apps_list['17']['status'] == 1) { $forumappinfo = array(); $forumappinfo = $appclient->showForumappinfo($fid, 'read', '17');
$newcreditset[$key][$k] = ''; } } } $newcreditset = serialize($newcreditset); $forumset = serialize($newforumset); $db->update("INSERT INTO pw_forumsextra SET forumset=" . S::sqlEscape($forumset, false) . ',creditset=' . S::sqlEscape($newcreditset, false) . ',fid=' . S::sqlEscape($selfid)); } } } updatecache_f(); $basename = "{$admin_file}?adminjob=setforum&action=edit&fid={$fid}&c_type={$c_type}"; adminmsg('operate_success'); } } elseif ($action == 'changename') { $fid = (int) S::getGP('fid'); S::gp(array('fname'), 'P', 0); $fname = str_replace('<iframe', '<iframe', $fname); $fname = str_replace(array('<iframe', '"', "'"), array("<iframe", "", ""), $fname); //$db->update("UPDATE pw_forums SET name=" . S::sqlEscape($fname)." WHERE fid=".S::sqlEscape($fid)); pwQuery::update('pw_forums', 'fid=:fid', array($fid), array('name' => $fname)); updatecache_f(); $msg = getLangInfo('cpmsg', 'operate_success'); echo $msg; ajax_footer(); } elseif ($action == 'delttype') { S::gp(array('type', 'id', 'fid')); $id_array = array(); if ($type == 'top') { $query = $db->query("SELECT id FROM pw_topictype WHERE upid=" . S::sqlEscape($id)); while ($rt = $db->fetch_array($query)) {