if (count($online_info = explode("\t", GetCookie('online_info'))) == 3 && $timestamp - $online_info[0] < 60) { list(, $userinbbs, $guestinbbs) = $online_info; } else { $onlineService = L::loadClass('OnlineService', 'user'); $userinbbs = $onlineService->countOnlineUser(); $guestinbbs = $onlineService->countOnlineGuest(); Cookie('online_info', $timestamp . "\t" . $userinbbs . "\t" . $guestinbbs); } } if ($last_statistictime == 0 || get_date($timestamp, 'G') - get_date($last_statistictime, 'G') > 1 || $timestamp - $last_statistictime > 3600) { $stasticsService = L::loadClass('Statistics', 'datanalyse'); $stasticsService->updateOnlineInfo(); } $usertotal = $guestinbbs + $userinbbs; if ($db_indexonline) { S::gp(array('online')); empty($online) && ($online = GetCookie('online')); if ($online == 'yes') { if ($usertotal > 2000 && !S::inArray($windid, $manager)) { //$online = 'no'; Cookie('online', 'no'); } else { $index_whosonline = ''; $db_online = intval($db_online); Cookie('online', $online); include_once S::escapePath(R_P . "require/online_{$db_online}.php"); } } if ($online == 'no') { Cookie('online', 'no'); }
<?php !defined('P_W') && exit('Forbidden'); S::gp(array('aid'), 'GP', 2); empty($aid) && Showmsg('job_attach_error'); $attachService = L::loadClass('attachs', 'forum'); $attachInfo = $attachService->getByAid($aid); if (!S::isArray($attachInfo) || $attachInfo['type'] != 'img' || !$attachInfo['tid']) { Showmsg('job_attach_error'); } $isGM = S::inArray($windid, $manager); !$isGM && $groupid == 3 && ($isGM = 1); $adminCheck = $attachInfo['uid'] == $winduid || $isGM ? 1 : 0; if (!$adminCheck) { Showmsg('没有权限设置封面!'); } $tucoolService = L::loadClass('tucool', 'forum'); if ($tucoolService->setCover($attachInfo['tid'], $attachInfo['attachurl'], $attachInfo['ifthumb'])) { echo "success"; ajax_footer(); } Showmsg('undefined_action');
$message['content'] = messageReplace($message['content']); $notReadCount = (int) $messageServer->countNoticesNotRead($winduid); } if ($smstype && in_array($action, array('info', 'next', 'previous'))) { $navtype = $messageServer->getReverseConst($smstype); $navtype = explode('_', $navtype); $nav[$navtype[1]] = 'class = current'; } if (empty($action) || in_array($action, array('unread', 'system', 'postcate', 'active', 'apps', 'comment', 'guestbook'))) { if ($action != 'unread') { $notReadCount = (int) $messageServer->countNoticesNotRead($winduid); list($today, $yesterday, $tTimes, $yTimes, $mTimes) = getSubListInfo($noticeList); } $pages = numofpage($noticeCount, $page, $pageCount, "{$normalUrl}&action={$action}&"); } elseif ($action == 'checkover') { S::gp(array('rid', 'dir'), 'GP'); if ($dir == 'previous') { $message = $messageServer->getUpNotice($winduid, $rid, $smstype); } else { $message = $messageServer->getDownNotice($winduid, $rid, $smstype); } if ($message) { echo "success\t"; } else { echo "over\t"; } ajax_footer(); } $messageServer->resetStatistics(array($winduid), 'notice_num'); !defined('AJAX') && (include_once R_P . 'actions/message/ms_header.php'); require messageEot($subtype);
<?php !defined('P_W') && exit('Forbidden'); !$fid && Showmsg('undefined_action'); S::gp(array('type')); $myshortcut = explode(',', $winddb['shortcut']); foreach ($myshortcut as $key => $value) { if (!$value || !is_numeric($value)) { unset($myshortcut[$key]); } } $myshortcut = array_unique($myshortcut); $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ if ($type == "delete") { if (empty($myshortcut) && $db_shortcutforum) { $myshortcut = array_keys($db_shortcutforum); } if (in_array($fid, $myshortcut)) { $shortcut = array_diff($myshortcut, array($fid)); } $shortcut = $shortcut ? $shortcut : array(); $shortcut = ',' . implode(',', $shortcut) . ','; $shortcut .= $shortcut . "\t" . $winddb['appshortcut']; $userService->update($winduid, array('shortcut' => $shortcut)); Showmsg("shortcutno"); } elseif (in_array($fid, $myshortcut)) { foreach ($myshortcut as $key => $value) { if (!$value || $value == $fid) { unset($myshortcut[$key]); }
<?php !defined('P_W') && exit('Forbidden'); S::gp(array('page', 'tid', 'jointype', 'payway', 'ifend', 'pcid')); $isadminright = $jointype == 3 ? 0 : 1; L::loadClass('postcate', 'forum', false); $postCate = new postCate($data); list(, $isviewright) = $postCate->getViewright($pcid, $tid); $memberdb = array(); $count = $sum = $paysum = 0; $query = $db->query("SELECT ifpay,nums FROM pw_pcmember WHERE tid=" . S::sqlEscape($tid)); while ($rt = $db->fetch_array($query)) { $count++; if ($rt['ifpay']) { $paysum += $rt['nums']; } $sum += $rt['nums']; } $page < 1 && ($page = 1); $numofpage = ceil($count / $db_perpage); if ($numofpage && $page > $numofpage) { $page = $numofpage; } $start = ($page - 1) * $db_perpage; $limit = S::sqlLimit($start, $db_perpage); $pages = numofpage($count, $page, $numofpage, "pw_ajax.php?action={$action}&tid={$tid}&jointype={$jointype}&payway={$payway}&", null, 'ajaxview'); $i = $pcid = 0; $query = $db->query("SELECT pcmid,uid,pcid,username,nums,totalcash,phone,mobile,address,extra,ifpay,jointime FROM pw_pcmember WHERE tid=" . S::sqlEscape($tid) . " ORDER BY (uid=" . S::sqlEscape($winduid) . ") DESC,ifpay ASC,pcmid DESC {$limit}"); while ($rt = $db->fetch_array($query)) { if ($i == 0) { $pcid = $rt['pcid'];
} $query = $db->query("SELECT gid,rkey,rvalue FROM pw_permission WHERE uid='0' AND fid='0' AND gid=" . S::sqlEscape($gid) . " AND rkey IN ('sellinfo','sellprice','rmbprice','selltype','selllimit','allowbuy')"); while ($permi = $db->fetch_array($query)) { $rt['sright'][$permi['rkey']] = $permi['rvalue']; } if (!$rt['sright']['allowbuy']) { Showmsg('special_allowbuy'); } if (empty($_POST['step'])) { $rt['sright']['selltype'] = $credit->cType[$rt['sright']['selltype']]; require_once uTemplate::PrintEot('profile_buy'); pwOutPut(); } else { PostCheck(); S::gp(array('pwpwd'), 'P'); S::gp(array('days', 'buymethod', 'options'), null, 2); if (!is_numeric($days) || $days <= 0) { Showmsg('illegal_nums'); } if ($days < $rt['sright']['selllimit']) { Showmsg('special_selllimit'); } $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $mb = $userService->get($winduid); if ($gid == $groupid || strpos($mb['groups'], ",{$gid},") !== false) { Showmsg('specialgroup_noneed'); } if ($buymethod) { if ($rt['sright']['rmbprice'] <= 0) { Showmsg('undefined_action');
<?php !defined('P_W') && exit('Forbidden'); define('AJAX', '1'); require_once R_P . 'require/functions.php'; !$winduid && Showmsg('not_login'); S::gp(array('action')); if ($action == 'delatt') { PostCheck(); S::gp(array('did', 'aid')); empty($aid) && Showmsg('job_attach_error'); $attach = $db->get_one("SELECT * FROM pw_attachs WHERE aid=" . S::sqlEscape($aid)); !$attach && Showmsg('job_attach_error'); if (empty($attach['attachurl']) || strpos($attach['attachurl'], '..') !== false) { Showmsg('job_attach_error'); } $aid = $attach['aid']; //获取管理权限 $isGM = S::inArray($windid, $manager); !$isGM && ($groupid = 3 && ($isGM = 1)); if ($isGM) { $admincheck = 1; } else { $admincheck = 0; } $attach['attachurl'] = "diary/" . $attach['attachurl']; if ($admincheck || $attach['uid'] == $winduid) { pwDelatt($attach['attachurl'], $db_ifftp); pwFtpClose($ftp); $diaryService = L::loadClass('Diary', 'diary'); /* @var $diaryService PW_Diary */
<?php !function_exists('adminmsg') && exit('Forbidden'); $basename = "{$admin_file}?adminjob=setads"; if ($action != 'submit') { ${'ads_' . $db_ads} = 'checked'; include PrintEot('setads'); } elseif ($_POST['action'] == "submit") { S::gp(array('ads'), 'P'); setConfig('db_ads', $ads); updatecache_c(); adminmsg('operate_success'); }
<?php !defined('P_W') && exit('Forbidden'); define('AJAX', 1); S::gp(array('style', 'stopicid', 'blockid')); $stopicid = (int) $stopicid; $layout = $stopic_service->getStyleConfig($style, 'layout_set'); if (!$layout || $stopicid === '' || $blockid === '') { echo "error"; ajax_footer(); } $layout['bannerurl'] = $stopic_service->getStyleBanner($style); $stopic_service->addUnit(array('stopic_id' => $stopicid, 'html_id' => $blockid, 'title' => '', 'data' => array('image' => $layout['bannerurl']))); $layout = styleJsonEncode($layout); echo "success\t" . $layout; ajax_footer(); function styleJsonEncode($var) { switch (gettype($var)) { case 'boolean': return $var ? 'true' : 'false'; case 'NULL': return 'null'; case 'integer': return (int) $var; case 'double': case 'float': return (double) $var; case 'string': return '"' . addslashes(str_replace(array("\r\n", "\n", "\r", "\t"), array('<br />', '<br />', '<br />', ''), $var)) . '"'; case 'array':
//活动被取消无法支付 $param = array('buyer_name' => $memberdb['username'], 'out_biz_no' => $defaultValue['out_biz_no'], 'out_trade_no' => $out_trade_no, 'amount' => $memberdb['totalcash'], 'notify_url' => "{$db_bbsurl}/act_alipay_receive.php", 'return_url' => "{$db_bbsurl}/read.php?tid={$tid}"); if ($fromuid != '-1') { //是否代付 $fromusername = $db->get_value("SELECT username FROM pw_members WHERE uid=" . S::sqlEscape($fromuid)); $issubstitute = 1; } else { $fromuid = $issubstitute = 0; $fromusername = ''; } $sqlarray = array('out_trade_no' => $out_trade_no, 'issubstitute' => $issubstitute, 'fromuid' => $fromuid, 'fromusername' => $fromusername); $db->update("UPDATE pw_activitymembers SET " . S::sqlSingle($sqlarray) . " WHERE actuid=" . S::sqlEscape($actuid)); ObHeader($AlipayInterface->alipayurl($param)); } elseif ($action == 'refund_aa_payment') { //退款 S::gp(array('tid', 'actuid', 'actmid'), GP, 2); $memberdb = $db->get_one("SELECT am.ifpay,am.isrefund,am.username,am.totalcash,am.out_trade_no,am.refundcost,t.authorid FROM pw_activitymembers am LEFT JOIN pw_threads t USING(tid) WHERE am.actuid=" . S::sqlEscape($actuid)); $tempcost = $db->get_value("SELECT SUM(totalcash) as sum FROM pw_activitymembers WHERE isrefund=1 AND fupid=" . S::sqlEscape($actuid)); //已退费用 if ($memberdb['isrefund'] || $memberdb['authorid'] != $winduid) { //退款交易无法操作、不是发起人无法操作 Showmsg('act_refund_noright'); } $memberdb['ifpay'] != 1 && Showmsg('act_refund_error'); //支付宝支付成功才能退款 if (!$memberdb['refundcost'] || !preg_match("/^(([1-9]\\d*)|0)(\\.\\d{0,2})?\$/", $memberdb['refundcost']) || $memberdb['refundcost'] > number_format($memberdb['totalcash'] - $tempcost, 2, '.', '')) { //费用错误、超出剩余费用 Showmsg('act_refund_cash_error'); } $refundcost = number_format($memberdb['refundcost'], 2, '.', ''); //退款金额
while ($rt = $db->fetch_array($query)) { if (($GLOBALS['banword'] = $filterService->comprise($rt['keyword'])) !== false) { continue; } $searchHotwords[] = $rt; } // if (!$db_dopen) {/*日志应用关闭*/ // $search_type_disabled['diary'] = "disabled"; // if ($search_type_expand['diary']) $search_type_expand['diary'] = ""; // } // if (!$db_groups_open){/*群组应用关闭*/ // $search_type_disabled['group'] = "disabled"; // if ($search_type_expand['group']) $search_type_expand['group'] = ""; // } } else { S::gp(array('schctl', 'config', 'hotwordsconfig', 'view', 'new_view')); $schctl['schstart'] > 23 && ($schctl['schstart'] = 0); $schctl['schend'] > 23 && ($schctl['schend'] = 0); $config['opensch'] = $schctl['opensch'] . "\t" . $schctl['schstart'] . "\t" . $schctl['schend']; $config['maxresult'] = intval($config['maxresult']); $config['schwait'] = intval($config['schwait']); // $config['hotwords'] = trim($config['hotwords']); $config['filterids'] = trim($config['filterids']); $config['operate_log'] = (array) $config['operate_log']; $config['search_type_expand'] = (array) $config['search_type_expand']; $config['openbuildattachs'] = $config['openbuildattachs']; if ($config['operate_log'] && array_diff($config['operate_log'], array('log_forums', 'log_threads', 'log_posts', 'log_diarys', 'log_members', 'log_colonys'))) { showMsg("抱歉,操作行为记录类型不存在"); } if ($config['search_type_expand'] && array_diff($config['search_type_expand'], array('cms', 'diary', 'group'))) { showMsg("抱歉,搜索类型扩展不存在");
Showmsg('您选择的用户没有接受的权限!'); } //* $db->update("UPDATE pw_colonys SET admin=" . S::sqlEscape($userdb['username']) . ' WHERE id=' . S::sqlEscape($cyid)); pwQuery::update('pw_colonys', 'id=:id', array($cyid), array('admin' => $userdb['username'])); M::sendNotice(array($userdb['username']), array('title' => getLangInfo('writemsg', 'group_attorn_title'), 'content' => getLangInfo('writemsg', 'group_attorn_content', array('username' => $windid, 'cyid' => $cyid, 'cname' => $colony['cname'], 'descrip' => $colony['descrip'])))); refreshto("thread.php?cyid={$cyid}", '转让群组成功!'); } } elseif ($t == 'disband') { if (!($windid == $colony['admin'] && $groupRight['allowdisband'] || $groupid == '3')) { Showmsg('colony_out_right'); } if (empty($_POST['step'])) { require_once PrintEot('thread_set'); footer(); } else { S::gp(array('password')); if (!threadSetCheckOwnerPassword($winduid, $password)) { Showmsg('您输入的密码不正确!'); } if ($db->get_value("SELECT COUNT(*) as sum FROM pw_cnalbum WHERE atype=1 AND ownerid=" . S::sqlEscape($cyid)) > 0) { Showmsg('colony_del_photo'); } if ($colony['cnimg']) { require_once R_P . 'require/functions.php'; pwDelatt("cn_img/{$colony['cnimg']}", $db_ifftp); pwFtpClose($ftp); } $query = $db->query("SELECT uid FROM pw_cmembers WHERE colonyid=" . S::sqlEscape($cyid) . " AND ifadmin != '-1'"); while ($rt = $db->fetch_array($query)) { $cMembers[] = $rt['uid']; }
if ($v < 1) { continue; } $medalService->{$functionName}($v); } adminmsg('operate_success', "{$basename}&action=verify"); } /* 勋章设置 */ } elseif ($action == 'set') { S::gp(array('step'), 'P'); if (!$step) { ifcheck($db_md_ifopen, 'ifopen'); ifcheck($db_md_ifapply, 'ifapply'); require_once PrintApp('admin_set'); } else { S::gp(array('config'), 'P'); foreach ($config as $key => $value) { setConfig($key, $value); } updatecache_c(); adminmsg('operate_success', "{$basename}&action=set"); } } /** * JSON处理 * * @return Ambigous <multitype:, string> */ function getMedalJson($medal) { $openMedalTemp = array();
} refreshto("apps.php?q=group&a=thread&cyid={$cyid}", 'highlight_success'); } } elseif ($action == 'del') { if (empty($_POST['step'])) { if (defined('AJAX')) { $a = 'del'; require_once PrintEot('m_ajax'); ajax_footer(); } else { require_once PrintEot('m_topicadmin'); footer(); } } else { PostCheck(); S::gp(array('ifdel', 'ifmsg')); $msgdb = array(); require_once R_P . 'require/credit.php'; $creditset = $credit->creditset($foruminfo['creditset'], $db_creditset); $msg_delrvrc = $ifdel ? abs($creditset['Delete']['rvrc']) : 0; $msg_delmoney = $ifdel ? abs($creditset['Delete']['money']) : 0; $delarticle = L::loadClass('DelArticle', 'forum'); $readdb = $delarticle->getTopicDb('tid ' . $delarticle->sqlFormatByIds($selids)); foreach ($readdb as $key => $read) { if ($ifmsg) { isset($msg_delrvrc) && ($tmp_msg_delrvrc = $msg_delrvrc != 0 ? "-{$msg_delrvrc}" : 0); isset($msg_delmoney) && ($tmp_msg_delmoney = $msg_delmoney != 0 ? "-{$msg_delmoney}" : 0); $msgdb[] = array('toUser' => $read['author'], 'title' => getLangInfo('writemsg', 'del_title'), 'content' => getLangInfo('writemsg', 'del_content', array('manager' => $windid, 'fid' => $read['fid'], 'tid' => $read['tid'], 'subject' => $read['subject'], 'postdate' => get_date($read['postdate']), 'forum' => strip_tags($forum[$fid]['name']), 'affect' => "{$db_rvrcname}:{$tmp_msg_delrvrc},{$db_moneyname}:{$tmp_msg_delmoney}", 'admindate' => get_date($timestamp), 'reason' => stripslashes($atc_content)))); } } $delarticle->delTopic($readdb, $db_recycle, $ifdel, array('reason' => $atc_content));
S::gp(array('aid')); $aid = (int) $aid; empty($aid) && Showmsg('data_error'); require_once PrintEot('m_ajax_photos'); ajax_footer(); } elseif ($a == 'createajax') { define('AJAX', 1); define('F_M', true); banUser(); S::gp(array('job')); require_once PrintEot('m_ajax_photos'); ajax_footer(); } elseif ($a == 'getallowflash') { define('AJAX', 1); define('F_M', true); S::gp(array('aid')); $aid = (int) $aid; if ($aid) { $albumInfo = $photoService->getAlbumInfo($aid); $photonums = $albumInfo['photonum']; $o_maxphotonum && $photonums >= $o_maxphotonum && Showmsg('colony_photofull'); if ($o_maxphotonum) { $allowmutinum = $o_maxphotonum - $photonums; } else { $allowmutinum = 'infinite'; } } echo "ok\t{$allowmutinum}"; ajax_footer(); } if ($s) {
<?php !defined('P_W') && exit('Forbidden'); S::gp(array('jobact')); if ("delete" == $jobact) { S::gp(array('stopic_ids')); if (!is_array($stopic_ids) || !count($stopic_ids)) { Showmsg('没选择要删除的专题,请您重试', $stopic_admin_url . "&job={$job}"); } if (!$stopic_service->deleteSTopics($stopic_ids)) { Showmsg('所有信息均未修改,请您重试', $stopic_admin_url . "&job={$job}"); } ObHeader($stopic_admin_url . "&job={$job}"); } else { S::gp(array('page', 'search_title', 'search_cid')); $page = intval($page); $sum = $stopic_service->countSTopic($search_title, $search_cid); $total = ceil($sum / $db_perpage); if ($page <= 0) { $page = 1; } if ($page > $total) { $page = $total; } $pages = numofpage($sum, $page, $total, $stopic_admin_url . "&job={$job}&search_title={$search_title}&search_cid={$search_cid}&"); $stopic_list = $stopic_service->findSTopicInPage($page, $db_perpage, $search_title, $search_cid); $category_list = $stopic_service->getCategorys(); } include stopic_use_layout('admin');
$num = 0; $query = $db->query("SELECT fid,name FROM pw_forums WHERE type<>'category' AND cms='0'"); while ($fm = $db->fetch_array($query)) { if (strpos($fids, ',' . $fm['fid'] . ',') !== false) { $num++; $htm_tr = $num % 5 == 0 ? '</tr><tr>' : ''; $forumcheck .= "<td width='20%'>{$fm['name']}</td>{$htm_tr}"; } } } !$rt['creditype'] && ($rt['creditype'] = 'currency'); require_once uTemplate::PrintEot('profile_toolcenter'); pwOutPut(); } else { if (procLock('tool_buy', $winduid)) { S::gp(array('buymethod', 'nums'), null, 2); $toolinfo = $db->get_one("SELECT * FROM pw_tools WHERE id=" . S::sqlEscape($id)); if ($nums <= 0) { procUnLock('tool_buy', $winduid); Showmsg('illegal_nums'); } if ($toolinfo['stock'] < $nums) { procUnLock('tool_buy', $winduid); Showmsg('unenough_stock'); } if ($buymethod) { if ($toolinfo['rmb'] <= 0) { procUnLock('tool_buy', $winduid); Showmsg('undefined_action'); } //* include_once pwCache::getPath(D_P.'data/bbscache/ol_config.php');
<?php !defined('P_W') && exit('Forbidden'); S::gp(array('fid', 'tid', 'pid'), null, 2); $pingdata = $db->get_one("SELECT id FROM pw_pinglog WHERE fid=" . S::sqlEscape($fid) . " AND tid=" . S::sqlEscape($tid) . " AND pid=" . S::sqlEscape($pid) . " AND pinger=" . S::sqlEscape($windid)); $user_has_ping = $pingdata ? true : false; $pid = $pid ? $pid : "tpc"; require_once PrintEot('ajax'); ajax_footer();
<?php !defined('P_W') && exit('Forbidden'); PostCheck(); S::gp(array('aid', 'page')); empty($aid) && Showmsg('job_attach_error'); $pw_attachs = L::loadDB('attachs', 'forum'); $attach = $pw_attachs->get($aid); !$attach && Showmsg('job_attach_error'); if (empty($attach['attachurl']) || strpos($attach['attachurl'], '..') !== false) { Showmsg('job_attach_error'); } $fid = $attach['fid']; $aid = $attach['aid']; $tid = $attach['tid']; $pid = $attach['pid']; if (!($foruminfo = L::forum($fid))) { Showmsg('data_error'); } require_once R_P . 'require/forum.php'; require_once R_P . 'require/updateforum.php'; wind_forumcheck($foruminfo); $isGM = S::inArray($windid, $manager); //获取管理权限 $isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid); if ($isGM || pwRights($isBM, 'delattach')) { $admincheck = 1; } else { $admincheck = 0; } if ($groupid != 'guest' && ($admincheck || $attach['uid'] == $winduid)) {
} $db->update("DELETE FROM pw_attachs WHERE {$sql} AND aid IN({$attachs})"); } adminmsg('attachstats_del', "{$basename}&fid={$fid}&uid={$uid}&filename=" . rawurlencode($filename) . "&hits={$hits}&ifmore={$ifmore}&filesize={$filesize}&ifless={$ifless}&orderway={$orderway}&asc={$asc}&postdate1={$postdate1}&postdate2={$postdate2}&pernum={$pernum}&page={$page}"); } elseif ($action == 'msgList') { S::gp(array('page'), 'GP'); $messageServer = L::loadClass('message', 'message'); $attachCount = $messageServer->countAllAttachs(); $pageCount = ceil($attachCount / $db_perpage); $page = $page < 0 || empty($page) ? 1 : ($page > $pageCount ? $pageCount : $page); $attachList = $messageServer->getAllAttachs($page, $db_perpage); $pages = numofpage($attachCount, $page, $pageCount, $basename . '&action=msgList&'); include PrintEot('attachment'); exit; } elseif ($action == 'msgDel') { S::gp(array('mids'), 'GP'); !is_array($mids) && adminmsg('请选择要删除的附件'); $messageServer = L::loadClass('message', 'message'); $messageServer->deleteAttachsByMessageIds($mids); adminmsg('附件删除成功!', "{$basename}&action=msgList&"); } function attachcheck($file) { global $cache_file, $attachdir, $admin_pwd, $filename, $filesize, $ifless, $postdate1, $postdate2, $direct, $attachdir; if ($filename && strpos($file, $filename) === false) { return; } if ($filesize) { if ($ifless && filesize("{$attachdir}/{$file}") >= $filesize * 1024) { return; } elseif (!$ifless && filesize("{$attachdir}/{$file}") <= $filesize * 1024) {
<?php !defined('P_W') && exit('Forbidden'); S::gp(array('subjectid', 'page', 'type')); $u = "http://dm.phpwind.net/misc"; $subjectid = (int) $subjectid; (!is_numeric($page) || $page < 1) && ($page = 1); $s = '300.xml'; if ($type == 'general') { $s = $subjectid ? $subjectid . '_' . $page . '.xml' : '300.xml'; } elseif ($type == 'magic') { $s = $subjectid ? $subjectid . '_' . $page . '.xml' : '200.xml'; } $cachefile = D_P . "data/bbscache/myshow_{$s}"; if (!file_exists($cachefile) || $timestamp - pwFilemtime($cachefile) > 43200) { $data = ''; if ($subjectid) { $url = "{$u}/list/{$s}?{$timestamp}"; } else { $url = "{$u}/menu/{$s}?{$timestamp}"; } require_once R_P . 'require/posthost.php'; $data = PostHost($url); if ($data && strpos($data, '<?xml') !== false) { //* writeover($cachefile, $data); pwCache::writeover($cachefile, $data); } } header("Content-Type: text/xml; charset=UTF-8"); $data = pwCache::readover($cachefile); echo $data;
<?php define('PRO', '1'); define('SCR', 'profile'); require_once 'global.php'; !$winduid && Showmsg('not_login'); S::gp(array('action')); require_once R_P . 'require/showimg.php'; //list($faceurl) = showfacedesign($winddb['icon'],1,'s'); //导航 $homenavigation = array(); $navConfigService = L::loadClass('navconfig', 'site'); $homenavigation = $navConfigService->userHomeNavigation(PW_NAV_TYPE_MAIN, 'o'); empty($action) && ($action = 'modify'); $pro_tab = $action; $USCR = 'set_profile'; $db_menuinit .= ",'td_userinfomore' : 'menu_userinfomore'"; if (file_exists(R_P . "u/require/profile/{$action}.php")) { require_once R_P . 'u/require/core.php'; require_once R_P . 'u/lib/space.class.php'; $newSpace = new PwSpace($winduid); $space =& $newSpace->getInfo(); //* include_once pwCache::getPath(D_P . 'data/bbscache/o_config.php'); pwCache::getData(D_P . 'data/bbscache/o_config.php'); require_once S::escapePath(R_P . "u/require/profile/{$action}.php"); } else { Showmsg('undefined_action'); } exit;
<?php !defined('P_W') && exit('Forbidden'); define("H_R", R_P . "hack/rate/"); define("L_R", R_P . "lib/rate/"); S::gp(array('ajax')); $action = strtolower($job ? $job : "admin"); $filepath = H_R . "action/" . $action . "Action.php"; !file_exists($filepath) && exit; if ($job != "ajax") { require H_R . '/template/layout.php'; } else { require_once S::escapePath($filepath); }
<?php define('SCR', 'show'); require_once 'global.php'; require_once R_P . 'require/header.php'; require_once R_P . 'require/forum.php'; //* include_once pwCache::getPath(D_P.'data/bbscache/forumcache.php'); //* include_once pwCache::getPath(D_P.'data/bbscache/forum_cache.php'); pwCache::getData(D_P . 'data/bbscache/forumcache.php'); pwCache::getData(D_P . 'data/bbscache/forum_cache.php'); !$_G['show'] && Showmsg('groupright_show'); $db_showperpage = 16; S::gp(array('pwuser', 'uid', 'action', 'type', 'page', 'aid')); $fidoff = array(); $query = $db->query("SELECT fid,allowvisit,password,f_type,forumsell FROM pw_forums WHERE type<>'category'"); while ($rt = $db->fetch_array($query)) { if ($rt['f_type'] == 'hidden' || $rt['password'] || $rt['forumsell'] || $rt['allowvisit'] && strpos($rt['allowvisit'], ",{$groupid},") === false) { $fidoff[] = $rt['fid']; } } $sqladd = "1"; if ($pwuser || is_numeric($uid)) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ if ($pwuser) { $userInfo = $userService->getByUserName($pwuser); } elseif (is_numeric($uid)) { $userInfo = $userService->get($uid); } if (!$userInfo) { $errorname = $pwuser;
$sqladd = 'AND t.authorid=' . S::sqlEscape($uid) . " AND t.anonymous='0'"; $urladd = "&uid={$uid}"; $openIndex = false; } if ($openIndex) { #高楼帖子索引 $count = 1 + $db->get_value("SELECT max(floor) FROM pw_postsfloor WHERE tid =" . S::sqlEscape($tid)); } else { $count = $read['replies'] + 1; } $topped_count = $read['topreplays']; //帖子来源分类 $read_category = getThreadType(); //门户阅读方式 if ($foruminfo['ifcms'] && $db_modes['area']['ifopen']) { S::gp(array('viewbbs')); if (!$viewbbs) { require_once R_P . 'mode/area/area_read.php'; exit; } $viewbbs = $viewbbs ? "&viewbbs={$viewbbs}" : ""; } if ($winddb['p_num']) { $db_readperpage = $winddb['p_num']; } elseif ($forumset['readnum']) { $db_readperpage = $forumset['readnum']; } $numofpage = ceil(($count + $topped_count) / $db_readperpage); if ($page == 'e' || $page > $numofpage) { $numofpage == 1 && $page > 1 && ObHeader("read.php?tid={$tid}&toread={$toread}"); $page = $numofpage;
foreach ($creditdb as $key => $value) { if (is_numeric($key) && is_numeric($value)) { /** $db->pw_update( "SELECT uid FROM pw_membercredit WHERE uid=".S::sqlEscape($uid)."AND cid=".S::sqlEscape($key), "UPDATE pw_membercredit SET value=".S::sqlEscape($value)."WHERE uid=".S::sqlEscape($uid)."AND cid=".S::sqlEscape($key), "INSERT INTO pw_membercredit SET ".S::sqlSingle(array('uid'=>$uid,'cid'=>$key,'value'=>$value)) ); **/ $db->pw_update("SELECT uid FROM pw_membercredit WHERE uid=" . S::sqlEscape($uid) . "AND cid=" . S::sqlEscape($key), pwQuery::updateClause('pw_membercredit', 'uid=:uid AND cid=:cid', array($uid, $key), array('value' => $value)), pwQuery::insertClause('pw_membercredit', array('uid' => $uid, 'cid' => $key, 'value' => $value))); } } adminmsg('operate_success'); } } else { S::gp(array('page'), 'GP', 2); $page < 1 && ($page = 1); $limit = S::sqlLimit(($page - 1) * $db_perpage, $db_perpage); $rt = $db->get_one("SELECT COUNT(*) AS sum FROM pw_membercredit WHERE value!=0"); $pages = numofpage($rt['sum'], $page, ceil($rt['sum'] / $db_perpage), "{$basename}&"); $query = $db->query("SELECT m.uid,m.username,mc.cid,mc.value FROM pw_membercredit mc LEFT JOIN pw_members m USING(uid) WHERE value!=0 ORDER BY cid, value DESC {$limit}"); while ($rt = $db->fetch_array($query)) { $rt['name'] = $_CREDITDB[$rt['cid']][0]; $creditdb[] = $rt; } include PrintEot('usermanage'); exit; } } function initGroupOptions() {
adminmsg('user_not_exists'); } $uid = $userdb['uid']; } if ($uid) { $sql .= " AND fs.uid=" . S::sqlEscape($uid); } if ($fid) { $sql .= " AND fs.fid=" . S::sqlEscape($fid); } $page < 1 && ($page = 1); $limit = S::sqlLimit(($page - 1) * $db_perpage, $db_perpage); $rt = $db->get_one("SELECT COUNT(*) AS sum FROM pw_forumsell fs {$sql}"); $pages = numofpage($rt['sum'], $page, ceil($rt['sum'] / $db_perpage), "{$basename}&uid={$uid}&fid={$fid}&"); $buydb = array(); $query = $db->query("SELECT fs.*,m.username,m.uid FROM pw_forumsell fs LEFT JOIN pw_members m USING(uid) {$sql} ORDER BY fs.overdate DESC {$limit}"); while ($rt = $db->fetch_array($query)) { $rt['buydate'] = get_date($rt['buydate']); $rt['overtime'] = get_date($rt['overdate']); $buydb[] = $rt; } include PrintEot('forumsell'); exit; } elseif ($_POST['action'] == 'del') { S::gp(array('selid')); if (!($selid = checkselid($selid))) { adminmsg('operate_error'); } $db->update("DELETE FROM pw_forumsell WHERE id IN({$selid})"); adminmsg('operate_success'); }
$emails[$key] = str_replace(' ', '', $emails[$key]); if (!$email) { unset($emails[$key]); } elseif (!preg_match("/^[-a-zA-Z0-9_\\.]+@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$/", $emails[$key])) { Showmsg('mode_o_email_format_err'); } } } !$emails && Showmsg('mode_o_email_empty'); require_once R_P . 'require/sendemail.php'; foreach ($emails as $email) { sendemail($email, 'email_' . $type . '_invite_subject', 'email_' . $type . '_invite_content'); } Showmsg('operate_success'); } elseif ($_POST['step'] == 2) { S::gp(array('sendtoname', 'touid'), 'P'); $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $uids = array(); if ($sendtoname) { $userId = $userService->getUserIdByUserName($sendtoname); if (!$userId) { $errorname = $sendtoname; Showmsg('user_not_exists'); } $uids[] = $userId; } if (is_array($touid)) { foreach ($touid as $key => $value) { if (is_numeric($value)) { $uids[] = $value;
$robbuildService = L::loadClass("robbuild", 'forum'); $fieldsdata = array('authorid' => $winduid, 'starttime' => $robstarttime, 'endtime' => $robendtime, 'endbuild' => $robendbuild, 'awardbuilds' => $robawardbuilds, 'postdate' => $timestamp); if ($message = $robbuildService->checkAddData($foruminfo['allowrob'], $fieldsdata)) { Showmsg($message); } $robbuildService->initData($fieldsdata); $postdata->setStatus('2'); $postdata->setStatus('7'); } L::loadClass('attupload', 'upload', false); /*上传错误检查 $return = PwUpload::checkUpload(); $return !== true && Showmsg($return); end*/ if (PwUpload::getUploadNum() || $flashatt) { S::gp(array('savetoalbum', 'albumid'), 'P', 2); $postdata->att = new AttUpload($winduid, $flashatt, $savetoalbum, $albumid); $postdata->att->check(); } $postdata->iscontinue = (int) $iscontinue; $topicpost->execute($postdata); $tid = $topicpost->getNewId(); // defend start CloudWind::yunUserDefend('postthread', $winduid, $windid, $timestamp, $cloud_information[1] ? $timestamp - $cloud_information[1] : 0, $tid ? 101 : 102, '', $postdata->data['content'], '', ''); // defend end defined('AJAX') && ($pinfo = $pinfo . $tid); if ($postSpecial) { $postSpecial->insertData($tid); } if ($postTopic) { //分类主题插入数据
<?php !defined('P_W') && exit('Forbidden'); S::gp(array('tid', 'pcid'), G, 2); $read = $db->get_one("SELECT authorid,subject,fid FROM pw_threads WHERE tid=" . S::sqlEscape($tid)); $foruminfo = $db->get_one('SELECT forumadmin,fupadmin FROM pw_forums WHERE fid=' . S::sqlEscape($read['fid'])); $isGM = S::inArray($windid, $manager); $isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid); L::loadClass('postcate', 'forum', false); $post = array(); $postCate = new postCate($post); $isadminright = $postCate->getAdminright($pcid, $read['authorid']); if (!$isadminright) { Showmsg('pcexport_none'); } $memberdb = array(); $query = $db->query("SELECT username,mobile,phone,address,nums,ifpay,totalcash,name,zip,message FROM pw_pcmember WHERE tid=" . S::sqlEscape($tid)); while ($rt = $db->fetch_array($query)) { if ($rt['ifpay'] == 1) { $rt['ifpay'] = getLangInfo('other', 'pc_payed'); } else { $rt['ifpay'] = getLangInfo('other', 'pc_paying'); } if ($db_charset == 'utf-8' || $db_charset == 'big5') { foreach ($rt as $key => $value) { $rt[$key] = pwConvert($value, 'gbk', $db_charset); } } $memberdb[] = $rt; } $titledb = array(getLangInfo('other', 'pc_id') . "\t", getLangInfo('other', 'pc_username') . "\t", getLangInfo('other', 'pc_name') . "\t", getLangInfo('other', 'pc_mobile') . "\t", getLangInfo('other', 'pc_phone') . "\t", getLangInfo('other', 'pc_address') . "\t", getLangInfo('other', 'pc_zip') . "\t", getLangInfo('other', 'pc_nums') . "\t", getLangInfo('other', 'pc_totalcash') . "\t", getLangInfo('other', 'pc_message') . "\t", getLangInfo('other', 'pc_ifpay') . "\t\n");