include PrintEot('usermanage'); exit; } elseif ($adminitem == 'unituser') { require_once R_P . 'require/credit.php'; if ($_POST['action'] == "unit") { S::gp(array('uids', 'newuid'), 'P'); if (!$uids) { adminmsg('unituser_username_empty'); } if (!$newuid) { adminmsg('unituser_newname_empty'); } $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $touser = $userService->get($newuid); S::slashes($touser); if (!$touser['username']) { adminmsg('unituser_newname_error'); } $oldinfo = array(); $uids = explode(',', $uids); foreach ($uids as $key => $value) { if (is_numeric($value)) { if ($value == $newuid) { adminmsg('unituser_samename'); } $rt = $userService->get($value, true, true, true); if (!$rt['uid']) { adminmsg('unituser_username_error'); } else { $oldinfo[] = $rt;
$checked = $ifsave == 1 ? 'checked' : ''; empty($forumnum) && ($forumnum = 5); require_once R_P . "require/forum.php"; $setfid_style = getstyles($style); } include PrintEot('setforum'); exit; } else { S::gp(array('vieworder', 'forumadmin', 'style', 'keywords', 'descrip', 'logo', 'ifsave', 'addtype')); S::gp(array('descrip'), 'P', 0); $fidArr = array(); //存放新增的版块id数组 $forumtype = $forum[$fup]['type'] == 'category' ? 'forum' : ($forum[$fup]['type'] == 'forum' ? 'sub' : 'sub2'); if ($forum[$fup]['type'] != 'category') { $fupset = $db->get_one("SELECT f.allowhide,f.allowrob,f.allowsell,f.allowtype,f.copyctrl,f.viewsub,f.allowvisit,f.allowpost,f.allowrp,f.allowdownload,f.allowupload,f.f_type,f.f_check,f.cms,f.ifhide,fe.creditset,fe.forumset FROM pw_forums f LEFT JOIN pw_forumsextra fe USING(fid) WHERE f.fid=" . S::sqlEscape($fup)); S::slashes($fupset); @extract($fupset, EXTR_OVERWRITE); } foreach ($name as $key => $value) { if (empty($value)) { continue; } $value = str_replace('<iframe', '<iframe', $value); $descrip[$key] = str_replace('<iframe', '<iframe', $descrip[$key]); $keywords[$key] = S::escapeChar($keywords[$key]); // strlen($descrip[$key])>250 && adminmsg('descrip_long'); $newadmin = array(); $str_admin = ''; $admin_a = explode(",", $forumadmin[$key]); foreach ($admin_a as $aid => $avalue) { $avalue = trim($avalue);
function updatecache_fd1() { global $db; require_once R_P . 'admin/cache.php'; //* $db->update("UPDATE pw_forums SET childid='0',fupadmin=''"); $db->update(pwQuery::buildClause("UPDATE :pw_table SET childid='0',fupadmin=''", array('pw_forums'))); $query = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='category' ORDER BY vieworder"); while ($cate = $db->fetch_array($query)) { S::slashes($cate); $query2 = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='forum' AND fup=" . S::sqlEscape($cate['fid'])); if ($db->num_rows($query2)) { $havechild[] = $cate['fid']; while ($forum = $db->fetch_array($query2)) { S::slashes($forum); $fupadmin = trim($cate['forumadmin']); if ($fupadmin) { //$db->update("UPDATE pw_forums SET fupadmin=".S::sqlEscape($fupadmin)." WHERE fid=".S::sqlEscape($forum['fid'])); pwQuery::update('pw_forums', 'fid=:fid', array($forum['fid']), array('fupadmin' => $fupadmin)); } if (trim($forum['forumadmin'])) { $fupadmin .= $fupadmin ? substr($forum['forumadmin'], 1) : $forum['forumadmin']; //is } $query3 = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='sub' AND fup=" . S::sqlEscape($forum['fid'])); if ($db->num_rows($query3)) { $havechild[] = $forum['fid']; while ($sub1 = $db->fetch_array($query3)) { S::slashes($sub1); $fupadmin1 = $fupadmin; if ($fupadmin1) { //$db->update("UPDATE pw_forums SET fupadmin=".S::sqlEscape($fupadmin1)." WHERE fid=".S::sqlEscape($sub1['fid'])); pwQuery::update('pw_forums', 'fid=:fid', array($sub1['fid']), array('fupadmin' => $fupadmin1)); } if (trim($sub1['forumadmin'])) { $fupadmin1 .= $fupadmin1 ? substr($sub1['forumadmin'], 1) : $sub1['forumadmin']; } $query4 = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='sub' AND fup=" . S::sqlEscape($sub1['fid'])); if ($db->num_rows($query4)) { $havechild[] = $sub1['fid']; while ($sub2 = $db->fetch_array($query4)) { S::slashes($sub2); $fupadmin2 = $fupadmin1; if ($fupadmin2) { //$db->update("UPDATE pw_forums SET fupadmin=".S::sqlEscape($fupadmin2)." WHERE fid=".S::sqlEscape($sub2['fid'])); pwQuery::update('pw_forums', 'fid=:fid', array($sub2['fid']), array('fupadmin' => $fupadmin2)); } } } } } } } } if ($havechild) { /* $havechilds = S::sqlImplode($havechild); $db->update("UPDATE pw_forums SET childid='1' WHERE fid IN($havechilds)"); */ pwQuery::update('pw_forums', 'fid IN(:fid)', array($havechild), array('childid' => '1')); } }
/** * 变量转义 * @param $array */ function slashes(&$array) { if (is_array($array)) { foreach ($array as $key => $value) { if (is_array($value)) { S::slashes($array[$key]); } else { $array[$key] = addslashes($value); } } } }
} } !$mids && Showmsg('mawhole_nodata'); $pw_attachs = L::loadDB('attachs', 'forum'); $pw_attachs->updateByTid($mids, array('fid' => $to_id)); //* $threads = L::loadClass('Threads', 'forum'); //* $threads->delThreads($mids); Perf::gatherInfo('changeThreadWithThreadIds', array('tid' => $mids)); //$mids = S::sqlImplode($mids); $updatetop = $todaypost = $topic_all = $replies_all = 0; $cy_tids = array(); $query = $db->query("SELECT tid,fid as tfid,author,postdate,subject,replies,topped,ptable,ifcheck,tpcstatus,modelid,special,specialsort FROM pw_threads WHERE tid IN(" . S::sqlImplode($mids) . ")"); //tucool $tucoolService = L::loadClass('Tucool', 'forum'); while ($rt = $db->fetch_array($query)) { S::slashes($rt); @extract($rt); $tfid != $fid && Showmsg('admin_forum_right'); $ptable_a[$ptable] = 1; $postdate > $tdtime && ($todaypost += $replies + 1); $ifcheck && $topic_all++; $replies_all += $replies; if ($rt['tpcstatus'] && getstatus($rt['tpcstatus'], 1)) { $cy_tids[$rt['tid']] = $rt['tid']; } // 静态模版更新 if ($foruminfo['allowhtm'] == 1) { $date = date('ym', $postdate); $htmurldel = R_P . $db_readdir . '/' . $fid . '/' . $date . '/' . $tid . '.html'; P_unlink($htmurldel); }
$icon_encode_url = 'saveFace=' . $save_param . '&url=' . $default_pic . '&imgsize=' . $db_imgsize . '&'; } else { $icon_encode_url = ''; } if ($icontype == 2) { $httpurl = $iconurl; } if ($icontype != 1) { $iconfile = ''; } require_once uTemplate::PrintEot('info_face'); pwOutPut(); } else { if ($step == '2') { PostCheck(); S::slashes($userdb); S::gp(array('facetype', 'proicon'), 'P'); require_once R_P . 'require/showimg.php'; $user_a = explode('|', $winddb['icon']); $usericon = ''; if ($facetype == 1) { $usericon = setIcon($proicon, $facetype, $user_a); } elseif ($_G['allowportait'] && $facetype == 2) { $httpurl = S::getGP('httpurl', 'P'); if (strncmp($httpurl[0], 'http://', 7) != 0 || strrpos($httpurl[0], '|') !== false) { refreshto("profile.php?action=modify&info_type={$info_type}&facetype={$facetype}", getLangInfo('msg', 'illegal_customimg'), 2, true); } $proicon = S::escapeChar($httpurl[0]); $httpurl[1] = (int) $httpurl[1]; $httpurl[2] = (int) $httpurl[2]; $httpurl[3] = (int) $httpurl[3];
function checkpass($CK) { S::slashes($CK); global $db, $manager, $db_ifsafecv; if (S::inArray($CK[1], $manager)) { global $manager_pwd; $v_key = array_search($CK[1], $manager); $ifQuery = true; // In order ot get bubble info if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $rt = $userService->getByUserName($CK[1], true, true); if (!SafeCheck($CK, PwdCode($rt['password'])) || $db_ifsafecv && $rt['safecv'] != $CK['3']) { return false; } if (!admincheck($rt['uid'], $rt['username'], $rt['groupid'], $rt['groups'], 'check')) { return false; } $ifQuery = false; } elseif ($db_ifsafecv) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $rt = $userService->getByUserName($CK[1], true, true); if ($rt && $rt['safecv'] != $CK['3']) { return false; } $ifQuery = false; } if ($ifQuery) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $rt = $userService->getByUserName($CK[1], true, true); } define('If_manager', 1); $rightset['gid'] = 3; $rightset['all'] = 1; $rightset['bubble'] = $rt['bubble']; require GetLang('purview'); foreach ($purview as $key => $value) { $rightset[$key] = 1; } foreach ($nav_manager['option'] as $key => $value) { $rightset[$key] = 1; } } else { $rt = $db->get_one("SELECT m.uid,m.username,m.groupid,m.groups,m.password,m.safecv,m.groupid,u.gptype,p.rvalue as allowadmincp,md.bubble FROM pw_members m LEFT JOIN pw_usergroups u ON u.gid=m.groupid LEFT JOIN pw_permission p ON p.uid='0' AND p.fid='0' AND p.gid=m.groupid AND p.rkey='allowadmincp' LEFT JOIN pw_memberdata md ON md.uid = m.uid WHERE m.username=" . S::sqlEscape($CK[1])); if (!$rt['allowadmincp'] || $rt['gptype'] != 'system' && $rt['gptype'] != 'special' || $db_ifsafecv && $rt['safecv'] != $CK['3']) { return false; } if (!SafeCheck($CK, PwdCode($rt['password'])) || !admincheck($rt['uid'], $CK[1], $rt['groupid'], $rt['groups'], 'check')) { return false; } $rightset = $db->get_value('SELECT value FROM pw_adminset WHERE gid=' . S::sqlEscape($rt['groupid'])); if ($rightset) { if (!is_array($rightset = unserialize($rightset))) { $rightset = array(); } } else { $rightset = array(); } require GetLang('purview'); foreach ($rightset as $key => $value) { $rightset[$key] = isset($purview[$key]) && $rightset[$key] == 1 ? 1 : 0; } $rightset['gid'] = $rt['groupid']; $rightset['bubble'] = $rt['bubble']; } $rightset['uid'] = $rt['uid']; return $rightset; }
/** * 加转义 * * @param mixed $array */ function Add_S(&$array) { S::slashes($array); }