function initData() { global $timestamp; !$_POST['vt_select'] && Showmsg('postfunc_noempty'); $vt_select = GetGP('vt_select', 'P'); $vt_select = explode("\n", $vt_select); $votearray = array(); foreach ($vt_select as $key => $option) { if ($option = trim($option)) { $votearray[] = array(stripslashes($option), 0); } } $vtcount = count($votearray); if ($vtcount > $this->maxselect) { Showmsg('vote_num_limit'); } $regdatelimit = GetGP('regdatelimit', 'P'); $multiplevote = intval(GetGP('multiplevote', 'P')); $mostvotes = intval(GetGP('mostvotes', 'P')); $timelimit = intval(GetGP('timelimit', 'P')); $modifiable = intval(GetGP('modifiable', 'P')); $previewable = intval(GetGP('previewable', 'P')); $leastvotes = intval(GetGP('leastvotes', 'P')); $postnumlimit = intval(GetGP('postnumlimit', 'P')); if (empty($multiplevote)) { $mostvotes = 1; } elseif ($mostvotes > $vtcount || $mostvotes < 1) { $mostvotes = $vtcount; } if (empty($multiplevote) || $leastvotes > $mostvotes || $leastvotes < 1) { $leastvotes = 1; } $timelimit < 0 && ($timelimit = 0); $postnumlimit < 0 && ($postnumlimit = 0); $regdatelimit = strtotime($regdatelimit); $regdatelimit = $regdatelimit > $timestamp ? $timestamp : $regdatelimit; $creditlimit = GetGP('creditlimit', 'P'); $creditlimit_temp = array(); foreach ($creditlimit as $key => $value) { if (!empty($value)) { $creditlimit_temp[$key] = (int) $value; } } $this->data['voteopts'] = serialize($votearray); $this->data['modifiable'] = $modifiable; $this->data['previewable'] = $previewable; $this->data['multiple'] = $multiplevote; $this->data['mostvotes'] = $mostvotes; $this->data['leastvotes'] = $leastvotes; $this->data['timelimit'] = $timelimit; $this->data['regdatelimit'] = $regdatelimit; $this->data['creditlimit'] = serialize($creditlimit_temp); $this->data['postnumlimit'] = $postnumlimit; }
function _setData() { $goodsname = Char_cv(GetGP('goodsname')); $price = Char_cv(GetGP('price')); $costprice = Char_cv(GetGP('costprice')); $locus = Char_cv(GetGP('locus')); $mailfee = Char_cv(GetGP('mailfee')); $expressfee = Char_cv(GetGP('expressfee')); $emsfee = Char_cv(GetGP('emsfee')); $degree = intval(GetGP('degree')); $ptype = intval(GetGP('ptype')); $goodsnum = intval(GetGP('goodsnum')); $paymethod = Char_cv(GetGP('paymethod'), 1); $transport = intval(GetGP('transport')); !$goodsname && ($goodsname = Char_cv($_POST['atc_title'])); if (!is_numeric($costprice) || $costprice <= 0) { Showmsg('goods_setprice'); } $goodsnum < 1 && Showmsg('goods_num_error'); $paymethod && ($paymethod = array_sum($paymethod)); $paymethod < 1 && Showmsg('goods_pay_error'); !is_numeric($price) && ($price = 0); if ($transport) { !is_numeric($mailfee) && ($mailfee = 0); !is_numeric($expressfee) && ($expressfee = 0); !is_numeric($emsfee) && ($emsfee = 0); if (!$mailfee && !$expressfee && !$emsfee) { Showmsg('goods_logistics'); } } else { $mailfee = $expressfee = $emsfee = 0; } $goodsicon = ''; $this->data['name'] = $goodsname; $this->data['price'] = $price; $this->data['costprice'] = $costprice; $this->data['locus'] = $locus; $this->data['mailfee'] = $mailfee; $this->data['expressfee'] = $expressfee; $this->data['emsfee'] = $emsfee; $this->data['degree'] = $degree; $this->data['type'] = $ptype; $this->data['num'] = $goodsnum; $this->data['paymethod'] = $paymethod; $this->data['transport'] = $transport; }
function setCustomfield($customfield) { global $value; $srcValue = $value; if (empty($customfield) || !is_array($customfield)) { return; } foreach ($customfield as $key => $value) { $field = "field_" . (int) $value['id']; $v = Char_cv(GetGP($field, 'P')); if ($value['required'] && !$v) { Showmsg('field_empty'); } if ($value['maxlen'] && strlen($v) > $value['maxlen']) { Showmsg('field_lenlimit'); } $v && ($this->memberinfo[$field] = $v); } $value = $srcValue; }
function setData() { $bonus = Char_cv(GetGP('bonus', 'P'), true); $ctype = Char_cv(GetGP('ctype', 'P')); $bonus['best'] < $this->b_val && Showmsg('credit_limit'); $bonus['active'] < $this->a_val && Showmsg('credit_limit'); reset($this->allowcredit); if (!$ctype['best']) { $ctype['best'] = current($this->allowcredit); } if (!$ctype['active']) { $ctype['active'] = current($this->allowcredit); } if (!in_array($ctype['best'], $this->allowcredit) || !in_array($ctype['active'], $this->allowcredit)) { Showmsg('reward_credit_error'); } $this->data['cbtype'] = $ctype['best']; $this->data['catype'] = $ctype['active']; $this->data['cbval'] = $bonus['best']; $this->data['caval'] = $bonus['active']; }
function _setData() { $this->data['subject'] = Char_cv(GetGP('act_subject', 'P')); $this->data['location'] = Char_cv(GetGP('act_location', 'P')); $this->data['sexneed'] = intval(GetGP('act_sex')); $act_starttime = Char_cv(GetGP('act_starttime')); $act_deadline = Char_cv(GetGP('act_deadline')); $act_endtime = Char_cv(GetGP('act_endtime')); $act_num = intval(GetGP('act_num')); $act_costs = intval(GetGP('act_costs')); !($this->data['subject'] && $act_starttime && $act_deadline) && Showmsg('active_data_empty'); $act_starttime = PwStrtoTime($act_starttime); $act_endtime = PwStrtoTime($act_endtime); $act_deadline = PwStrtoTime($act_deadline); $act_num < 1 && ($act_num = 0); $act_costs < 1 && ($act_costs = 0); $this->data['starttime'] = $act_starttime; $this->data['deadline'] = $act_deadline; $this->data['endtime'] = $act_endtime; $this->data['num'] = $act_num; $this->data['costs'] = $act_costs; }
<?php !function_exists('readover') && exit('Forbidden'); $debatestand = 0; if ($groupid != 'guest' && !$tpc_locked) { $debatestand = $db->get_value("SELECT standpoint FROM pw_debatedata WHERE pid='0' AND tid=" . pwEscape($tid) . "AND authorid=" . pwEscape($winduid)); $debatestand = (int) $debatestand; ${'debate_' . $debatestand} = 'SELECTED'; } if ($page == 1) { $debate = $db->get_one("SELECT obtitle,retitle,endtime,obvote,revote,obposts,reposts,umpire,umpirepoint,debater,judge FROM pw_debates WHERE tid=" . pwEscape($tid)); } $stand = (int) GetGP('stand'); if (!is_numeric($uid) && $read['replies'] > 0 && $stand > 0 && $stand < 4) { if ($stand == 3) { $rt = $db->get_one("SELECT COUNT(*) AS n FROM pw_debatedata WHERE pid>'0' AND tid=" . pwEscape($tid)); $read['replies'] -= $rt['n']; $sqladd = " AND dd.standpoint IS NULL"; } else { $rt = $db->get_one("SELECT COUNT(*) AS n FROM pw_debatedata WHERE pid>'0' AND tid=" . pwEscape($tid) . " AND standpoint=" . pwEscape($stand)); $read['replies'] = $rt['n']; $sqladd = " AND dd.standpoint=" . pwEscape($stand); } $urladd = "&stand={$stand}"; $count = $read['replies'] + 1; $numofpage = ceil($count / $db_readperpage); if ($page == 'e' || $page > $numofpage) { $page = $numofpage; } } $fieldadd .= ',dd.standpoint,dd.vote';
!defined('A_P') && exit('Forbidden'); !$winduid && Showmsg('not_login'); /* * 用户组分享权限 */ if ($shareGM == 1) { Showmsg('share_group_right'); } InitGP(array('link', 'descrip', 'ifhidden', 'type'), 'P', 1); $share = array(); $link = str_replace('=', '=', $link); $ifhidden = (int) $ifhidden; if ($type && in_array($type, array('user', 'photo', 'album', 'group', 'diary', 'topic', 'reply'))) { $type_tmp = $type; define('AJAX', '1'); $id = (int) GetGP('id'); !$id && Showmsg('data_error'); if ($type == 'user') { if ($id == $winduid) { showmsg('data_error'); } $userdb = getOneInfo($id); empty($userdb) && Showmsg('data_error'); $link = $db_bbsurl . '/u.php?uid=' . $id; $type = 'user'; $share['user']['username'] = $userdb['username']; $share['user']['image'] = $userdb['face']; } elseif ($type == 'photo') { $photo = $db->get_one("SELECT p.pid,p.aid,p.path,p.uploader,p.ifthumb,a.aname,a.private,a.ownerid FROM pw_cnphoto p LEFT JOIN pw_cnalbum a ON p.aid=a.aid WHERE p.pid=" . pwEscape($id) . " AND a.atype='0'"); empty($photo) && Showmsg('data_error'); $link = $db_bbsurl . '/{#APPS_BASEURL#}q=photos&space=1&a=view&pid=' . $id;
function_exists('date_default_timezone_set') && date_default_timezone_set('Etc/GMT+0'); require_once R_P . 'require/common.php'; pwInitGlobals(); include_once D_P . 'data/bbscache/config.php'; $timestamp = time(); $db_cvtime != 0 && ($timestamp += $db_cvtime * 60); $onlineip = pwGetIp(); $db_cc && pwDefendCc($db_cc); $ceversion = defined('CE') ? 1 : 0; #PHPWind version list($wind_version, $wind_repair, $wind_from) = explode(',', WIND_VERSION); InitGP(array('adminjob', 'admintype', 'type', 'hackset', 'a_type', 'action', 'verify', 'adskin', 'job', 'ajax', 'admin_keyword')); if (strpos($adminjob, '..') !== false || $admintype && strpos($admintype, '..') !== false) { exit('Forbidden'); } isset($_GET['adskin']) && ($adskin = GetGP('adskin')); isset($adskin) ? Cookie('adskin', $adskin) : ($adskin = GetCookie('adskin')); if ($ajax) { define('AJAX', '1'); } if ($db_forcecharset && !defined('AJAX')) { @header("Content-Type:text/html; charset={$db_charset}"); } ObStart(); file_exists('install.php') && adminmsg('installfile_exists'); $admin_file = $pwServer['PHP_SELF']; $REQUEST_URI = trim($pwServer['PHP_SELF'] . '?' . $pwServer['QUERY_STRING'], '#'); if ($adminjob == 'quit') { Cookie('AdminUser', '', 0); ObHeader($admin_file); }
if ($config['multi'] > 1) { $value = $tmp; } else { $value = $tmp[0]; } } else { $value = stripslashes(str_replace(array('=', '&'), array('=', '&'), $value)); /*other*/ } $config[$key] = is_array($value) ? $value : stripslashes($value); } $config = addslashes(serialize($config)); if ($id) { $db->update("UPDATE pw_advert SET " . pwSqlSingle(array('ckey' => $advert['ckey'], 'stime' => $advert['stime'], 'etime' => $advert['etime'], 'ifshow' => $advert['ifshow'], 'orderby' => $advert['orderby'], 'descrip' => $advert['descrip'], 'config' => $config)) . " WHERE type='3' AND id=" . pwEscape($id)); } else { $otherkey = (array) GetGP('otherkey'); $winduid = $db->get_value("SELECT uid FROM pw_members WHERE username="******"INSERT INTO pw_advert SET " . pwSqlSingle(array('uid' => $winduid, 'type' => 3, 'ckey' => $advert['ckey'], 'stime' => $advert['stime'], 'etime' => $advert['etime'], 'ifshow' => $advert['ifshow'], 'orderby' => $advert['orderby'], 'descrip' => $advert['descrip'], 'config' => $config))); $id = $db->insert_id(); } if ($advert['ifshow']) { $db->update("UPDATE pw_advert SET ifshow=1 WHERE type=2 AND ifshow=0 AND ckey=" . pwEscape($advert['ckey'])); } updatecache_c(); $basename .= $id ? "&action=edit&id={$id}" : "&action=add"; adminmsg('operate_success'); } elseif (in_array($action, array('del', 'show', 'hide'))) { InitGP(array('selid', 'id')); $selid = $selid ? $selid : array($id); //only for array
<?php !function_exists('adminmsg') && exit('Forbidden'); $basename = "{$admin_file}?adminjob=pushdata"; $push = L::loadClass('push'); InitGP(array('action', 'step')); if (empty($action)) { $query = GetGP('query'); if (is_string($query)) { $query = unserialize(base64_decode($query)); } $query = Char_cv($query); $pushdata = $where = array(); if (!$query['uid'] && $query['username']) { $query['uid'] = $GLOBALS['db']->get_value("SELECT uid FROM pw_members WHERE username="******"pushid IN (" . pwImplode($query['pushid'], false) . ")"; } else { $where[] = "pushid=" . pwEscape($query['pushid'], false); } } if ($query['ifshow']) { $where[] = "ifshow=" . pwEscape($query['ifshow'], false); } if ($query['uid']) { $where[] = "uid=" . pwEscape($query['uid'], false);
function wap_checkVerify($hash = 'verifyhash') { GetGP('verify') != $GLOBALS[$hash] && wap_msg('illegal_request'); }
$arr_posts[$key]['mark'] = $fourmid; } if ($arr_posts) { $sql = "INSERT INTO pw_elements(id,value,addition,special,type,mark) VALUES" . pwSqlMulti($arr_posts, true); $db->update($sql); } } } else { break; } } if ($step < $total) { adminmsg('updatecache_total_step', "{$basename}&action=update&type=newpic&step={$step}"); } } elseif ($type == 'hotfavor') { $step = intval(GetGP('step')); require_once D_P . 'data/bbscache/forum_cache.php'; $arr_forumkeys = array_keys($forum); if (!$step) { $step = 0; $db->query("DELETE FROM pw_elements WHERE type='hotfavor'"); } $total = count($arr_forumkeys); for ($i = 0; $i < 5; $i++) { if ($step < $total) { $fourmid = $arr_forumkeys[$step]; !$forum[$fourmid] && adminmsg('undefined_action'); $step++; if ($forum[$fourmid]['type'] == 'category') { continue; } else {
ajax_footer(); } elseif ($a == 'next') { define('AJAX', 1); $did = (int) GetGP('did'); $sqladd = "WHERE uid=" . pwEscape($u); if ($u != $winduid) { $sqladd .= " AND privacy!=2 AND did>" . pwEscape($did); } else { $sqladd .= " AND did>" . pwEscape($did); } $did = $db->get_value("SELECT MIN(did) FROM pw_diary {$sqladd}"); echo "success\t{$did}"; ajax_footer(); } elseif ($a == 'pre') { define('AJAX', 1); $did = (int) GetGP('did'); $sqladd = "WHERE uid=" . pwEscape($u); if ($u != $winduid) { $sqladd .= " AND privacy!=2 AND did<" . pwEscape($did); } else { $sqladd .= " AND did<" . pwEscape($did); } $did = $db->get_value("SELECT MAX(did) FROM pw_diary {$sqladd}"); echo "success\t{$did}"; ajax_footer(); } //require_once(M_P.'require/header.php'); if ($space == 1 && defined('F_M')) { require_once R_P . 'require/credit.php'; list($userdb, $ismyfriend, $friendcheck, $usericon, $usercredit, $totalcredit, $appcount, $p_list) = getAppleftinfo($u); require_once PrintEot('header');
if (@file_exists($tmpCachefile)) { $resume = true; $pwSendmail['lasttime'] = get_date(pwFilemtime($tmpCachefile)); } include PrintEot('sendmail'); exit; } elseif ($action == "send") { $pwServer['REQUEST_METHOD'] != 'POST' && PostCheck($verify); InitGP(array('by', 'subject', 'percount')); $atc_content = $_POST['atc_content']; if (empty($subject) || empty($atc_content)) { adminmsg('sendmsg_empty'); } $pwSendmail = array(); if ($by == 0) { $sendto = GetGP('sendto'); !$sendto && adminmsg('operate_error'); settype($sendto, 'array'); $pwSendmail['info'] = $sendto; $pwSendmail['count'] = $db->get_value("SELECT COUNT(*) FROM pw_members WHERE groupid IN(" . pwImplode($sendto) . ")"); } elseif ($by == 1) { require_once R_P . 'require/getonlineuser.php'; $onlineuser = GetOnlineUser(); $uids = array(); foreach ($onlineuser as $key => $value) { is_numeric($key) && ($uids[] = $key); } $pwSendmail['count'] = count($uids); } elseif ($by == 2) { InitGP(array('starttime', 'endtime'), 'P'); $stime = PwStrtoTime($starttime);
function initData() { /*初始化上传信息*/ global $timestamp, $db_topicname; $topic = GetGP('topic', 'P'); $query = $this->db->query("SELECT fieldid,name,type,rules,ifmust,ifable FROM pw_topicfield WHERE modelid=" . pwEscape($this->modelid)); while ($rt = $this->db->fetch_array($query)) { if ($rt['type'] != 'upload' && $rt['ifable'] && $rt['ifmust'] && !$topic[$rt['fieldid']]) { $db_topicname = $rt['name']; Showmsg('topic_field_must'); } if ($topic[$rt['fieldid']]) { if ($rt['type'] == 'number') { !is_numeric($topic[$rt['fieldid']]) && Showmsg('number_error'); $limitnum = unserialize($rt['rules']); if ($limitnum['minnum'] && $limitnum['maxnum'] && ($topic[$rt['fieldid']] < $limitnum['minnum'] || $topic[$rt['fieldid']] > $limitnum['maxnum'])) { $db_topicname = $rt['name']; Showmsg('topic_number_limit'); } } elseif ($rt['type'] == 'range') { !is_numeric($topic[$rt['fieldid']]) && Showmsg('number_error'); } elseif ($rt['type'] == 'email') { if (!preg_match("/^[-a-zA-Z0-9_\\.]+@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$/", $topic[$rt['fieldid']])) { Showmsg('illegal_email'); } } elseif ($rt['type'] == 'checkbox') { $checkboxs = ','; foreach ($topic[$rt['fieldid']] as $value) { $checkboxs .= $value . ','; } $topic[$rt['fieldid']] = $checkboxs; } elseif ($rt['type'] == 'calendar') { $topic[$rt['fieldid']] = PwStrtoTime($topic[$rt['fieldid']]); } } } $this->data['topic'] = serialize($topic); }
if ($e_check == 1) { Showmsg('请输入正确的电子邮箱地址!'); } } if (!preg_match('/^[a-z0-9\\-_\\.]{2,}@([a-z\\-0-9]+\\.)+[a-z]{2,3}$/i', $email)) { Showmsg('电子邮箱地址格式有误,请重新填写!'); } $db->update("INSERT INTO pw_clientorder SET " . S::sqlSingle(array('order_no' => $order_no, 'type' => 4, 'uid' => 0, 'price' => $inv_price, 'payemail' => $email, 'number' => $invnum, 'date' => $timestamp, 'state' => 0))); if (!$ol_payto) { Showmsg('olpay_alipayerror'); } require_once R_P . 'require/onlinepay.php'; $olpay = new OnlinePay($ol_payto); ObHeader($olpay->alipayurl($order_no, $invnum * $inv_price, 4, $db_registerfile)); } } elseif (GetGP('action', 'P') == 'auth') { /*实名认证获取验证码*/ InitGP('mobile'); $authService = L::loadClass('Authentication', 'user'); if ($_POST['step'] == '1') { $status = $authService->getverify('register', $mobile, ip2long($onlineip), false, 'register'); echo $status; } elseif ($_POST['step'] == '2') { InitGP('authverify'); $status = $authService->checkverify($mobile, ip2long($onlineip), $authverify); echo $status ? 0 : 5; } ajax_footer(); } if ($rg_config['rg_allowregister'] == 0 || $rg_config['rg_registertype'] == 1 && date('j', $timestamp) != $rg_config['rg_regmon'] || $rg_config['rg_registertype'] == 2 && date('w', $timestamp) != $rg_config['rg_regweek']) { Showmsg($rg_config['rg_whyregclose']);
exit('redirecting...'); } else { $task['error']['all'] = '哎呀,数据写入失败了!请备份内容,然后重新再试.'; $error = $task['error']; } } else { $task['error']['all'] = '哎呀,负责人字段格式出错了!'; $error = $task['error']; } } else { /* 验证失败 */ $error = $task['error']; } } elseif ('update' == $action) { /* 修改提交 */ $tid = GetGP('tid'); // task id if (0 < $tid) { $task = validator_submit_task($data); if (!isset($task['error']) && isset($task['ret'])) { /* 验证成功 */ // 默认字段 $ret = $task['ret']; $ret['modify_time'] = time(); // 组装SQL $sql = 'UPDATE pw_teamtasks SET ' . pwSqlSingle($ret) . ' WHERE tid = ' . pwEscape($tid) . " AND (publisher_id = {$winduid} OR owner_id = {$winduid})"; //echo $sql;exit; // 修改数据 $db->update($sql); $rows = $db->affected_rows(); // 修改结果
<?php !defined('M_P') && exit('Forbidden'); $tab = GetGP('tab'); if (!$winduid) { Showmsg('not_login'); } require_once R_P . 'require/showimg.php'; !$o_browseopen && Showmsg('browse_close'); $thisbase = $basename; $basename = $basename . 'space=1&'; if ($tab == 'w' && $o_browse & 4) { $newWrite = browseWrite(15); } elseif ($tab == 'p' && $db_phopen && $o_browse & 16) { $albumdb = browseAlbum(10); } elseif ($tab == 's' && $db_share_open && $o_browse & 8) { $newShares = browseShare(20); } elseif ($tab == 'd' && $db_dopen && $o_browse & 64) { list($newDiarys, $diarytype) = browseDiary(20); } elseif ($tab == 't' && $o_browse & 128) { $newsubject = browseNewSubject(30); } elseif ($tab == 'g' && $db_groups_open && $o_browse & 32) { $reGroups = browseGroup(15); $cMembers = array(); $colonyids = pwImplode(array_keys($reGroups)); if ($colonyids) { $query = $db->query("SELECT id,ifadmin,colonyid FROM pw_cmembers WHERE colonyid IN ({$colonyids}) AND uid=" . pwEscape($winduid, false)); while ($rt = $db->fetch_array($query)) { $cMembers[$rt['colonyid']] = 1; } }
<?php define('SCR', 'read'); require_once 'global.php'; require_once R_P . 'require/forum.php'; require_once R_P . 'require/bbscode.php'; include_once D_P . 'data/bbscache/cache_read.php'; InitGP(array('fpage', 'uid', 'toread', 'ordertype'), 2); $fieldadd = $tablaadd = $sqladd = $fastpost = $special = $ifmagic = $urladd = $fieldinfo = $tableinfo = ''; $_uids = $_pids = array(); $page = GetGP('page'); $page < 1 && $page != 'e' && ($page = 1); $threads = L::loadClass('Threads'); $read = $threads->getThreads($tid, !($page > 1)); !$read && Showmsg('illegal_tid'); $_uids[$read['authorid']] = 'UID_' . $read['authorid']; #用户 $fid = $read['fid']; $ptable = $read['ptable']; $ifcheck = $read['ifcheck']; $pw_posts = GetPtable($ptable); $openIndex = getstatus($read['tpcstatus'], 2); /*The app client*/ if ($db_siteappkey) { $appclient = L::loadClass('appclient'); $forumappinfo = $appclient->showForumappinfo($fid, 'read', '17'); $threadright = $appclient->getThreadRight(); } /*The app client*/ //读取版块信息及权限判断 if (!($foruminfo = L::forum($fid))) {
define('SCR', 'faq'); require_once 'global.php'; @(include_once D_P . 'data/bbscache/help_cache.php'); require_once R_P . 'require/header.php'; $nav = array(); $pages = $db_unioninfo = ''; $catedb = array(); $hid = (int) $_GET['hid']; if (!$hid) { list($db_unioninfo) = explode("\t", readover(D_P . 'data/bbscache/info.txt')); if (strpos($db_unioninfo, '<pwhd>') === false) { $db_unioninfo = ''; } } if (GetGP('action') != 'dosch') { $listdb = $fathers = array(); $hids = array(); $lv = 0; isset($_HELP[$hid]['lv']) && ($lv = $_HELP[$hid]['lv'] + 1); if ($_HELP[$hid]['title']) { $_HELP[$hid]['fathers'] && ($fathers = explode(',', $_HELP[$hid]['fathers'])); foreach ($fathers as $key) { $nav[] = "<a href=\"faq.php?hid={$_HELP[$key][hid]}#faq{$_HELP[$key][hid]}\">{$_HELP[$key][title]}</a>"; } $nav[] = $_HELP[$hid]['title']; } foreach ($_HELP as $key => $value) { if ($hid > 0 && strpos(",{$value['fathers']},", ",{$hid},") === false) { continue; }
include_once D_P . 'data/bbscache/forum_cache.php'; //notice $noticedb = array(); foreach ($notice_A as $value) { if ($value['startdate'] <= $timestamp && (!$value['enddate'] || $value['enddate'] >= $timestamp)) { $value['startdate'] = get_date($value['startdate'], 'y-m-d'); !$value['url'] && ($value['url'] = "notice.php#{$value['aid']}"); $noticedb[$value['aid']] = array('url' => $value['url'], 'subject' => $value['subject'], 'startdate' => $value['startdate']); } } $notice_A = $noticedb; unset($noticedb, $db_setindex); $topics = $article = $tposts = 0; InitGP(array('cateid'), 'GP', 2); $secdomain = null; $m = GetGP('m'); if (!$cateid && $db_modedomain && ($secdomain = array_search($pwServer['HTTP_HOST'], $db_modedomain))) { if (substr($secdomain, 0, 5) == 'cate_') { $cateid = substr($secdomain, 5); $db_bbsurl = $_mainUrl; $m = 'area'; } } #模式首页SEO设置 if (!$pw_seoset) { $pw_seoset = L::loadClass('seoset'); } $pw_seoset->set_mode($m); $webPageTitle = $pw_seoset->getPageTitle(); $metaDescription = $pw_seoset->getPageMetadescrip(); $metaKeywords = $pw_seoset->getPageMetakeyword();
<?php !function_exists('readover') && exit('Forbidden'); define('AREA_SCR', 'push'); $action = GetGP('action'); $allow_actions = array('default', 'pushto'); $action = in_array($action, $allow_actions) ? $action : 'default'; $thisBaseName = $basename . 'q=push'; include M_P . "require/push/{$action}.php";
echo "ok\t{$out}"; ajax_footer(); } elseif ($action == 'delmutiatt') { $aids = array(); $query = $db->query("SELECT aid,attachurl FROM pw_attachs WHERE tid='0' AND pid='0' AND uid=" . pwEscape($winduid)); while ($rt = $db->fetch_array($query)) { if (file_exists($attachpath . '/mutiupload/' . $rt['attachurl'])) { P_unlink($attachpath . '/mutiupload/' . $rt['attachurl']); } $aids[] = $rt['aid']; } $db->update("DELETE FROM pw_attachs WHERE aid IN (" . pwImplode($aids) . ')'); echo 'ok'; ajax_footer(); } elseif ($action == 'delmutiattone') { $aid = (int) GetGP('aid'); if ($aid <= 0) { echo "error"; } else { $db->update("DELETE FROM pw_attachs WHERE aid=" . pwEscape($aid) . " AND tid='0' AND pid='0' AND uid=" . pwEscape($winduid) . " LIMIT 1"); echo "ok"; } ajax_footer(); } elseif ($action == 'msggoto') { InitGP(array('from', 'type')); InitGP(array('mid'), 'GP', 2); switch ($from) { case 'read': $sqlwhere = " AND type='rebox' AND touid=" . pwEscape($winduid) . "AND fromuid<>0"; break; case 'readn':
list($isU, $privacy) = pwUserPrivacy($u, $userdb); if ($groupid == 3 || $isU == 2 || $isU != 2 && $privacy['index']) { $SpaceShow = 1; } if (!$SpaceShow) { Showmsg('mode_o_index_right'); } $friend = $db->get_one("SELECT m.uid,m.username,m.icon,md.f_num FROM pw_members m LEFT JOIN pw_memberdata md ON m.uid=md.uid WHERE m.uid=" . pwEscape($u)); $username = $friend['username']; $count = $friend['f_num']; $addurl = 'u=' . $u . '&'; list($pages, $limit) = pwLimitPages($count, $page, "{$thisbase}{$addurl}"); } else { InitGP('ftid', '', 2); if (isset($_GET['ftid'])) { $ftype = (int) GetGP('ftid'); } $username = $windid; $query = $db->query("SELECT * FROM pw_friendtype WHERE uid=" . pwEscape($winduid) . " ORDER BY ftid"); $friendtype = array(); while ($rt = $db->fetch_array($query)) { $friendtype[$rt['ftid']] = $rt; } $count = $winddb['f_num']; list($pages, $limit) = pwLimitPages($count, $page, "{$thisbase}"); } $friends = getFriends($u, $start, $db_perpage, $ftype, 1); if ($friends) { foreach ($friends as $key => $value) { $value['isfriend'] = isFriend($winduid, $value['uid']); $friends[$key] = $value;
$limit = pwLimit(($page - 1) * $db_perpage, $db_perpage); $rt = $db->get_one("SELECT COUNT(*) AS n FROM pw_draft d {$sqladd}"); $pages = numofpage($rt['n'], $page, ceil($rt['n'] / $db_perpage), "{$basename}&uid={$uid}&keyword=" . rawurlencode($keyword) . "&"); $draft = array(); $query = $db->query("SELECT d.*,m.username FROM pw_draft d LEFT JOIN pw_members m USING(uid) {$sqladd} {$limit}"); while ($rt = $db->fetch_array($query)) { $draft[] = $rt; } include PrintEot('draftset'); exit; } elseif ($action == 'del') { if (!$_POST['step']) { include PrintEot('draftset'); exit; } else { if (GetGP('clear')) { $db->query("TRUNCATE TABLE pw_draft"); } else { InitGP(array('username', 'keyword', 'num')); $num < 1 && ($num = 200); $sql = ''; if ($username) { $rt = $db->get_one("SELECT uid FROM pw_members WHERE username="******" AND uid=" . pwEscape($rt['uid']); } if ($keyword) { $sql .= " AND content LIKE " . pwEscape("%{$keyword}%");
} else { # 回复 if (empty($pid)) { adminmsg('operate_error'); } if (is_array($pid)) { if (!($selid = checkselid($pid))) { $basename = "javascript:history.go(-1);"; adminmsg('operate_error'); } $objid = array_keys($pid); } else { $selid = (int) $pid; $objid[] = GetGP('id'); } $ptable = GetGP('ptable'); if (is_array($ptable)) { if ($db_plist && count($db_plist) > 1) { foreach ($ptable as $key => $value) { if (isset($db_plist[$value])) { $postslist[$value] = GetPtable($value); } } } else { $postslist[] = 'pw_posts'; } } else { $postslist[] = GetPtable($ptable); } foreach ($postslist as $pw_posts) { $fids = $tids = array();
$newforumset[$key] = $value; } else { $newforumset[$key] = 0; } } $forumset = serialize($newforumset); $db->update("INSERT INTO pw_forumsextra SET forumset=" . pwEscape($forumset) . ',fid=' . pwEscape($selfid)); } } } updatecache_f(); $basename = "{$admin_file}?adminjob=setforum&action=edit&fid={$fid}"; adminmsg('operate_success'); } } elseif ($action == 'changename') { $fid = (int) GetGP('fid'); InitGP(array('fname'), 'P', 0); $fname = str_replace('<iframe', '<iframe', $fname); $fname = str_replace(array('<iframe', '"', "'"), array("<iframe", "", ""), $fname); $db->update("UPDATE pw_forums SET name=" . pwEscape($fname) . " WHERE fid=" . pwEscape($fid)); updatecache_f(); $msg = getLangInfo('cpmsg', 'operate_success'); echo $msg; ajax_footer(); } elseif ($action == 'delttype') { InitGP(array('type', 'id')); $id_array = array(); if ($type == 'top') { $query = $db->query("SELECT id FROM pw_topictype WHERE upid=" . pwEscape($id)); while ($rt = $db->fetch_array($query)) { $id_array[] = $rt['id'];
substr($config['bbsurl'], 0, 4) != 'http' && adminmsg('bbsurl_http'); substr($config['bbsurl'], -1) == '/' && ($config['bbsurl'] = substr($config['bbsurl'], 0, -1)); //global if ($config['datefm']) { if (strpos($config['datefm'], 'mm') !== false) { $config['datefm'] = str_replace('mm', 'm', $config['datefm']); } else { $config['datefm'] = str_replace('m', 'n', $config['datefm']); } if (strpos($config['datefm'], 'dd') !== false) { $config['datefm'] = str_replace('dd', 'd', $config['datefm']); } else { $config['datefm'] = str_replace('d', 'j', $config['datefm']); } $config['datefm'] = str_replace(array('yyyy', 'yy'), array('Y', 'y'), $config['datefm']); $config['datefm'] .= GetGP('time_f', 'P') == '12' ? ' h:i A' : ' H:i'; } else { $config['datefm'] = 'Y-n-j H:i'; } $config['ajax'] = intval(array_sum($cajax)); $config['onlinetime'] *= 60; substr($config['ckpath'], -1) != '/' && ($config['ckpath'] .= '/'); unset($postctl, $schctl, $cajax); } if ($admintype == 'safe' || $settingdb['safe']) { InitGP(array('answer'), 'P'); InitGP(array('question'), 'P', 0); InitGP(array('safegroup', 'gdcheck', 'gdstyle', 'gdsize', 'qcheck'), 'P', 2); //speed $config['onlinelmt'] = (int) $config['onlinelmt'] > 0 ? intval($config['onlinelmt']) : 0; $config['obstart'] = (int) $config['obstart'] > 9 ? 9 : intval($config['obstart']);
// if ($photo['groupid'] == 6 && $db_shield && $groupid != 3) { // $thumb_basepath = $pwModeImg.'/banuser.gif'; // } // $nearphoto[] = array('pid'=>$pid,'path'=>$thumb_basepath); // // $next_photo = $db->get_one("SELECT p.pid,p.path,p.ifthumb,m.groupid FROM pw_cnphoto p LEFT JOIN pw_cnalbum a ON p.aid=a.aid LEFT JOIN pw_members m ON p.uploader=m.username WHERE p.pid>".pwEscape($pid)." AND a.ownerid=".pwEscape($u)." AND p.aid=".pwEscape($aid)." ORDER BY pid"); // if ($next_photo) { // $next_photo['path'] = getphotourl($next_photo['path'],$next_photo['ifthumb']); // if ($next_photo['groupid'] == 6 && $db_shield && $groupid != 3) { // $next_photo['path'] = $pwModeImg.'/banuser.gif'; // } // $nearphoto[] = $next_photo; // } else { // $nearphoto[] = array('pid'=>'end','path'=>'images/apps/pend.jpg'); // } $page = (int) GetGP('page'); $page < 1 && ($page = 1); $url = $basename . 'a=view&pid=' . $pid . '&'; require_once R_P . 'require/bbscode.php'; list($commentdb, $subcommentdb, $pages) = getCommentDbByTypeid('photo', $pid, $page, $url); $comment_type = 'photo'; $comment_typeid = $pid; } elseif ($a == 'next') { define('AJAX', 1); InitGP(array('pid', 'aid'), null, 2); if ($aid) { $next_photo = $db->get_one("SELECT c.pid,c.path,c.ifthumb,m.groupid FROM pw_cnphoto c LEFT JOIN pw_members m ON c.uploader=m.username WHERE c.pid>" . pwEscape($pid) . " AND c.aid=" . pwEscape($aid) . " ORDER BY c.pid"); if ($next_photo) { $next_photo['path'] = getphotourl($next_photo['path'], $next_photo['ifthumb']); if ($next_photo['groupid'] == 6 && $db_shield && $groupid != 3) { $next_photo['path'] = $pwModeImg . '/banuser.gif';
} if ($_POST['step'] != 2) { include PrintEot('manager'); exit; } else { if (!$username) { adminmsg('manager_empty'); } if (str_replace(array('\\', '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#'), '', $username) != $username) { adminmsg('manager_errorusername'); } $key = (int) array_search($oldname, $manager); if (!$password) { $password = $manager_pwd[$key]; } else { if (GetGP('check_pwd') != $password) { adminmsg('password_confirm'); } if (str_replace(array('\\', '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#'), '', $password) != $password) { adminmsg('manager_errorpassword'); } $password = $manager_pwd[$key] = md5($password); } if ($username != $oldname) { if (CkInArray($username, $manager)) { adminmsg('manager_had'); } $manager[$key] = $username; $oldname == $admin_name && Cookie('AdminUser', '', 0); } $newconfig = array('dbhost' => $dbhost, 'dbuser' => $dbuser, 'dbpw' => $dbpw, 'dbname' => $dbname, 'database' => $database, 'PW' => $PW, 'pconnect' => $pconnect, 'charset' => $charset, 'manager' => $manager, 'manager_pwd' => $manager_pwd, 'db_hostweb' => $db_hostweb, 'attach_url' => $attach_url);