function initData()
{
global $timestamp;
!$_POST['vt_select'] && Showmsg('postfunc_noempty');
$vt_select = GetGP('vt_select', 'P');
$vt_select = explode("\n", $vt_select);
$votearray = array();
foreach ($vt_select as $key => $option) {
if ($option = trim($option)) {
$votearray[] = array(stripslashes($option), 0);
}
}
$vtcount = count($votearray);
if ($vtcount > $this->maxselect) {
Showmsg('vote_num_limit');
}
$regdatelimit = GetGP('regdatelimit', 'P');
$multiplevote = intval(GetGP('multiplevote', 'P'));
$mostvotes = intval(GetGP('mostvotes', 'P'));
$timelimit = intval(GetGP('timelimit', 'P'));
$modifiable = intval(GetGP('modifiable', 'P'));
$previewable = intval(GetGP('previewable', 'P'));
$leastvotes = intval(GetGP('leastvotes', 'P'));
$postnumlimit = intval(GetGP('postnumlimit', 'P'));
if (empty($multiplevote)) {
$mostvotes = 1;
} elseif ($mostvotes > $vtcount || $mostvotes < 1) {
$mostvotes = $vtcount;
}
if (empty($multiplevote) || $leastvotes > $mostvotes || $leastvotes < 1) {
$leastvotes = 1;
}
$timelimit < 0 && ($timelimit = 0);
$postnumlimit < 0 && ($postnumlimit = 0);
$regdatelimit = strtotime($regdatelimit);
$regdatelimit = $regdatelimit > $timestamp ? $timestamp : $regdatelimit;
$creditlimit = GetGP('creditlimit', 'P');
$creditlimit_temp = array();
foreach ($creditlimit as $key => $value) {
if (!empty($value)) {
$creditlimit_temp[$key] = (int) $value;
}
}
$this->data['voteopts'] = serialize($votearray);
$this->data['modifiable'] = $modifiable;
$this->data['previewable'] = $previewable;
$this->data['multiple'] = $multiplevote;
$this->data['mostvotes'] = $mostvotes;
$this->data['leastvotes'] = $leastvotes;
$this->data['timelimit'] = $timelimit;
$this->data['regdatelimit'] = $regdatelimit;
$this->data['creditlimit'] = serialize($creditlimit_temp);
$this->data['postnumlimit'] = $postnumlimit;
}
function _setData()
{
$goodsname = Char_cv(GetGP('goodsname'));
$price = Char_cv(GetGP('price'));
$costprice = Char_cv(GetGP('costprice'));
$locus = Char_cv(GetGP('locus'));
$mailfee = Char_cv(GetGP('mailfee'));
$expressfee = Char_cv(GetGP('expressfee'));
$emsfee = Char_cv(GetGP('emsfee'));
$degree = intval(GetGP('degree'));
$ptype = intval(GetGP('ptype'));
$goodsnum = intval(GetGP('goodsnum'));
$paymethod = Char_cv(GetGP('paymethod'), 1);
$transport = intval(GetGP('transport'));
!$goodsname && ($goodsname = Char_cv($_POST['atc_title']));
if (!is_numeric($costprice) || $costprice <= 0) {
Showmsg('goods_setprice');
}
$goodsnum < 1 && Showmsg('goods_num_error');
$paymethod && ($paymethod = array_sum($paymethod));
$paymethod < 1 && Showmsg('goods_pay_error');
!is_numeric($price) && ($price = 0);
if ($transport) {
!is_numeric($mailfee) && ($mailfee = 0);
!is_numeric($expressfee) && ($expressfee = 0);
!is_numeric($emsfee) && ($emsfee = 0);
if (!$mailfee && !$expressfee && !$emsfee) {
Showmsg('goods_logistics');
}
} else {
$mailfee = $expressfee = $emsfee = 0;
}
$goodsicon = '';
$this->data['name'] = $goodsname;
$this->data['price'] = $price;
$this->data['costprice'] = $costprice;
$this->data['locus'] = $locus;
$this->data['mailfee'] = $mailfee;
$this->data['expressfee'] = $expressfee;
$this->data['emsfee'] = $emsfee;
$this->data['degree'] = $degree;
$this->data['type'] = $ptype;
$this->data['num'] = $goodsnum;
$this->data['paymethod'] = $paymethod;
$this->data['transport'] = $transport;
}
function setCustomfield($customfield)
{
global $value;
$srcValue = $value;
if (empty($customfield) || !is_array($customfield)) {
return;
}
foreach ($customfield as $key => $value) {
$field = "field_" . (int) $value['id'];
$v = Char_cv(GetGP($field, 'P'));
if ($value['required'] && !$v) {
Showmsg('field_empty');
}
if ($value['maxlen'] && strlen($v) > $value['maxlen']) {
Showmsg('field_lenlimit');
}
$v && ($this->memberinfo[$field] = $v);
}
$value = $srcValue;
}
function setData()
{
$bonus = Char_cv(GetGP('bonus', 'P'), true);
$ctype = Char_cv(GetGP('ctype', 'P'));
$bonus['best'] < $this->b_val && Showmsg('credit_limit');
$bonus['active'] < $this->a_val && Showmsg('credit_limit');
reset($this->allowcredit);
if (!$ctype['best']) {
$ctype['best'] = current($this->allowcredit);
}
if (!$ctype['active']) {
$ctype['active'] = current($this->allowcredit);
}
if (!in_array($ctype['best'], $this->allowcredit) || !in_array($ctype['active'], $this->allowcredit)) {
Showmsg('reward_credit_error');
}
$this->data['cbtype'] = $ctype['best'];
$this->data['catype'] = $ctype['active'];
$this->data['cbval'] = $bonus['best'];
$this->data['caval'] = $bonus['active'];
}
function _setData()
{
$this->data['subject'] = Char_cv(GetGP('act_subject', 'P'));
$this->data['location'] = Char_cv(GetGP('act_location', 'P'));
$this->data['sexneed'] = intval(GetGP('act_sex'));
$act_starttime = Char_cv(GetGP('act_starttime'));
$act_deadline = Char_cv(GetGP('act_deadline'));
$act_endtime = Char_cv(GetGP('act_endtime'));
$act_num = intval(GetGP('act_num'));
$act_costs = intval(GetGP('act_costs'));
!($this->data['subject'] && $act_starttime && $act_deadline) && Showmsg('active_data_empty');
$act_starttime = PwStrtoTime($act_starttime);
$act_endtime = PwStrtoTime($act_endtime);
$act_deadline = PwStrtoTime($act_deadline);
$act_num < 1 && ($act_num = 0);
$act_costs < 1 && ($act_costs = 0);
$this->data['starttime'] = $act_starttime;
$this->data['deadline'] = $act_deadline;
$this->data['endtime'] = $act_endtime;
$this->data['num'] = $act_num;
$this->data['costs'] = $act_costs;
}
<?php
!function_exists('readover') && exit('Forbidden');
$debatestand = 0;
if ($groupid != 'guest' && !$tpc_locked) {
$debatestand = $db->get_value("SELECT standpoint FROM pw_debatedata WHERE pid='0' AND tid=" . pwEscape($tid) . "AND authorid=" . pwEscape($winduid));
$debatestand = (int) $debatestand;
${'debate_' . $debatestand} = 'SELECTED';
}
if ($page == 1) {
$debate = $db->get_one("SELECT obtitle,retitle,endtime,obvote,revote,obposts,reposts,umpire,umpirepoint,debater,judge FROM pw_debates WHERE tid=" . pwEscape($tid));
}
$stand = (int) GetGP('stand');
if (!is_numeric($uid) && $read['replies'] > 0 && $stand > 0 && $stand < 4) {
if ($stand == 3) {
$rt = $db->get_one("SELECT COUNT(*) AS n FROM pw_debatedata WHERE pid>'0' AND tid=" . pwEscape($tid));
$read['replies'] -= $rt['n'];
$sqladd = " AND dd.standpoint IS NULL";
} else {
$rt = $db->get_one("SELECT COUNT(*) AS n FROM pw_debatedata WHERE pid>'0' AND tid=" . pwEscape($tid) . " AND standpoint=" . pwEscape($stand));
$read['replies'] = $rt['n'];
$sqladd = " AND dd.standpoint=" . pwEscape($stand);
}
$urladd = "&stand={$stand}";
$count = $read['replies'] + 1;
$numofpage = ceil($count / $db_readperpage);
if ($page == 'e' || $page > $numofpage) {
$page = $numofpage;
}
}
$fieldadd .= ',dd.standpoint,dd.vote';
!defined('A_P') && exit('Forbidden');
!$winduid && Showmsg('not_login');
/*
* 用户组分享权限
*/
if ($shareGM == 1) {
Showmsg('share_group_right');
}
InitGP(array('link', 'descrip', 'ifhidden', 'type'), 'P', 1);
$share = array();
$link = str_replace('=', '=', $link);
$ifhidden = (int) $ifhidden;
if ($type && in_array($type, array('user', 'photo', 'album', 'group', 'diary', 'topic', 'reply'))) {
$type_tmp = $type;
define('AJAX', '1');
$id = (int) GetGP('id');
!$id && Showmsg('data_error');
if ($type == 'user') {
if ($id == $winduid) {
showmsg('data_error');
}
$userdb = getOneInfo($id);
empty($userdb) && Showmsg('data_error');
$link = $db_bbsurl . '/u.php?uid=' . $id;
$type = 'user';
$share['user']['username'] = $userdb['username'];
$share['user']['image'] = $userdb['face'];
} elseif ($type == 'photo') {
$photo = $db->get_one("SELECT p.pid,p.aid,p.path,p.uploader,p.ifthumb,a.aname,a.private,a.ownerid FROM pw_cnphoto p LEFT JOIN pw_cnalbum a ON p.aid=a.aid WHERE p.pid=" . pwEscape($id) . " AND a.atype='0'");
empty($photo) && Showmsg('data_error');
$link = $db_bbsurl . '/{#APPS_BASEURL#}q=photos&space=1&a=view&pid=' . $id;
function_exists('date_default_timezone_set') && date_default_timezone_set('Etc/GMT+0');
require_once R_P . 'require/common.php';
pwInitGlobals();
include_once D_P . 'data/bbscache/config.php';
$timestamp = time();
$db_cvtime != 0 && ($timestamp += $db_cvtime * 60);
$onlineip = pwGetIp();
$db_cc && pwDefendCc($db_cc);
$ceversion = defined('CE') ? 1 : 0;
#PHPWind version
list($wind_version, $wind_repair, $wind_from) = explode(',', WIND_VERSION);
InitGP(array('adminjob', 'admintype', 'type', 'hackset', 'a_type', 'action', 'verify', 'adskin', 'job', 'ajax', 'admin_keyword'));
if (strpos($adminjob, '..') !== false || $admintype && strpos($admintype, '..') !== false) {
exit('Forbidden');
}
isset($_GET['adskin']) && ($adskin = GetGP('adskin'));
isset($adskin) ? Cookie('adskin', $adskin) : ($adskin = GetCookie('adskin'));
if ($ajax) {
define('AJAX', '1');
}
if ($db_forcecharset && !defined('AJAX')) {
@header("Content-Type:text/html; charset={$db_charset}");
}
ObStart();
file_exists('install.php') && adminmsg('installfile_exists');
$admin_file = $pwServer['PHP_SELF'];
$REQUEST_URI = trim($pwServer['PHP_SELF'] . '?' . $pwServer['QUERY_STRING'], '#');
if ($adminjob == 'quit') {
Cookie('AdminUser', '', 0);
ObHeader($admin_file);
}
if ($config['multi'] > 1) {
$value = $tmp;
} else {
$value = $tmp[0];
}
} else {
$value = stripslashes(str_replace(array('=', '&'), array('=', '&'), $value));
/*other*/
}
$config[$key] = is_array($value) ? $value : stripslashes($value);
}
$config = addslashes(serialize($config));
if ($id) {
$db->update("UPDATE pw_advert SET " . pwSqlSingle(array('ckey' => $advert['ckey'], 'stime' => $advert['stime'], 'etime' => $advert['etime'], 'ifshow' => $advert['ifshow'], 'orderby' => $advert['orderby'], 'descrip' => $advert['descrip'], 'config' => $config)) . " WHERE type='3' AND id=" . pwEscape($id));
} else {
$otherkey = (array) GetGP('otherkey');
$winduid = $db->get_value("SELECT uid FROM pw_members WHERE username="******"INSERT INTO pw_advert SET " . pwSqlSingle(array('uid' => $winduid, 'type' => 3, 'ckey' => $advert['ckey'], 'stime' => $advert['stime'], 'etime' => $advert['etime'], 'ifshow' => $advert['ifshow'], 'orderby' => $advert['orderby'], 'descrip' => $advert['descrip'], 'config' => $config)));
$id = $db->insert_id();
}
if ($advert['ifshow']) {
$db->update("UPDATE pw_advert SET ifshow=1 WHERE type=2 AND ifshow=0 AND ckey=" . pwEscape($advert['ckey']));
}
updatecache_c();
$basename .= $id ? "&action=edit&id={$id}" : "&action=add";
adminmsg('operate_success');
} elseif (in_array($action, array('del', 'show', 'hide'))) {
InitGP(array('selid', 'id'));
$selid = $selid ? $selid : array($id);
//only for array
<?php
!function_exists('adminmsg') && exit('Forbidden');
$basename = "{$admin_file}?adminjob=pushdata";
$push = L::loadClass('push');
InitGP(array('action', 'step'));
if (empty($action)) {
$query = GetGP('query');
if (is_string($query)) {
$query = unserialize(base64_decode($query));
}
$query = Char_cv($query);
$pushdata = $where = array();
if (!$query['uid'] && $query['username']) {
$query['uid'] = $GLOBALS['db']->get_value("SELECT uid FROM pw_members WHERE username="******"pushid IN (" . pwImplode($query['pushid'], false) . ")";
} else {
$where[] = "pushid=" . pwEscape($query['pushid'], false);
}
}
if ($query['ifshow']) {
$where[] = "ifshow=" . pwEscape($query['ifshow'], false);
}
if ($query['uid']) {
$where[] = "uid=" . pwEscape($query['uid'], false);
function wap_checkVerify($hash = 'verifyhash')
{
GetGP('verify') != $GLOBALS[$hash] && wap_msg('illegal_request');
}
$arr_posts[$key]['mark'] = $fourmid;
}
if ($arr_posts) {
$sql = "INSERT INTO pw_elements(id,value,addition,special,type,mark) VALUES" . pwSqlMulti($arr_posts, true);
$db->update($sql);
}
}
} else {
break;
}
}
if ($step < $total) {
adminmsg('updatecache_total_step', "{$basename}&action=update&type=newpic&step={$step}");
}
} elseif ($type == 'hotfavor') {
$step = intval(GetGP('step'));
require_once D_P . 'data/bbscache/forum_cache.php';
$arr_forumkeys = array_keys($forum);
if (!$step) {
$step = 0;
$db->query("DELETE FROM pw_elements WHERE type='hotfavor'");
}
$total = count($arr_forumkeys);
for ($i = 0; $i < 5; $i++) {
if ($step < $total) {
$fourmid = $arr_forumkeys[$step];
!$forum[$fourmid] && adminmsg('undefined_action');
$step++;
if ($forum[$fourmid]['type'] == 'category') {
continue;
} else {
ajax_footer();
} elseif ($a == 'next') {
define('AJAX', 1);
$did = (int) GetGP('did');
$sqladd = "WHERE uid=" . pwEscape($u);
if ($u != $winduid) {
$sqladd .= " AND privacy!=2 AND did>" . pwEscape($did);
} else {
$sqladd .= " AND did>" . pwEscape($did);
}
$did = $db->get_value("SELECT MIN(did) FROM pw_diary {$sqladd}");
echo "success\t{$did}";
ajax_footer();
} elseif ($a == 'pre') {
define('AJAX', 1);
$did = (int) GetGP('did');
$sqladd = "WHERE uid=" . pwEscape($u);
if ($u != $winduid) {
$sqladd .= " AND privacy!=2 AND did<" . pwEscape($did);
} else {
$sqladd .= " AND did<" . pwEscape($did);
}
$did = $db->get_value("SELECT MAX(did) FROM pw_diary {$sqladd}");
echo "success\t{$did}";
ajax_footer();
}
//require_once(M_P.'require/header.php');
if ($space == 1 && defined('F_M')) {
require_once R_P . 'require/credit.php';
list($userdb, $ismyfriend, $friendcheck, $usericon, $usercredit, $totalcredit, $appcount, $p_list) = getAppleftinfo($u);
require_once PrintEot('header');
if (@file_exists($tmpCachefile)) {
$resume = true;
$pwSendmail['lasttime'] = get_date(pwFilemtime($tmpCachefile));
}
include PrintEot('sendmail');
exit;
} elseif ($action == "send") {
$pwServer['REQUEST_METHOD'] != 'POST' && PostCheck($verify);
InitGP(array('by', 'subject', 'percount'));
$atc_content = $_POST['atc_content'];
if (empty($subject) || empty($atc_content)) {
adminmsg('sendmsg_empty');
}
$pwSendmail = array();
if ($by == 0) {
$sendto = GetGP('sendto');
!$sendto && adminmsg('operate_error');
settype($sendto, 'array');
$pwSendmail['info'] = $sendto;
$pwSendmail['count'] = $db->get_value("SELECT COUNT(*) FROM pw_members WHERE groupid IN(" . pwImplode($sendto) . ")");
} elseif ($by == 1) {
require_once R_P . 'require/getonlineuser.php';
$onlineuser = GetOnlineUser();
$uids = array();
foreach ($onlineuser as $key => $value) {
is_numeric($key) && ($uids[] = $key);
}
$pwSendmail['count'] = count($uids);
} elseif ($by == 2) {
InitGP(array('starttime', 'endtime'), 'P');
$stime = PwStrtoTime($starttime);
function initData()
{
/*初始化上传信息*/
global $timestamp, $db_topicname;
$topic = GetGP('topic', 'P');
$query = $this->db->query("SELECT fieldid,name,type,rules,ifmust,ifable FROM pw_topicfield WHERE modelid=" . pwEscape($this->modelid));
while ($rt = $this->db->fetch_array($query)) {
if ($rt['type'] != 'upload' && $rt['ifable'] && $rt['ifmust'] && !$topic[$rt['fieldid']]) {
$db_topicname = $rt['name'];
Showmsg('topic_field_must');
}
if ($topic[$rt['fieldid']]) {
if ($rt['type'] == 'number') {
!is_numeric($topic[$rt['fieldid']]) && Showmsg('number_error');
$limitnum = unserialize($rt['rules']);
if ($limitnum['minnum'] && $limitnum['maxnum'] && ($topic[$rt['fieldid']] < $limitnum['minnum'] || $topic[$rt['fieldid']] > $limitnum['maxnum'])) {
$db_topicname = $rt['name'];
Showmsg('topic_number_limit');
}
} elseif ($rt['type'] == 'range') {
!is_numeric($topic[$rt['fieldid']]) && Showmsg('number_error');
} elseif ($rt['type'] == 'email') {
if (!preg_match("/^[-a-zA-Z0-9_\\.]+@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$/", $topic[$rt['fieldid']])) {
Showmsg('illegal_email');
}
} elseif ($rt['type'] == 'checkbox') {
$checkboxs = ',';
foreach ($topic[$rt['fieldid']] as $value) {
$checkboxs .= $value . ',';
}
$topic[$rt['fieldid']] = $checkboxs;
} elseif ($rt['type'] == 'calendar') {
$topic[$rt['fieldid']] = PwStrtoTime($topic[$rt['fieldid']]);
}
}
}
$this->data['topic'] = serialize($topic);
}
if ($e_check == 1) {
Showmsg('请输入正确的电子邮箱地址!');
}
}
if (!preg_match('/^[a-z0-9\\-_\\.]{2,}@([a-z\\-0-9]+\\.)+[a-z]{2,3}$/i', $email)) {
Showmsg('电子邮箱地址格式有误,请重新填写!');
}
$db->update("INSERT INTO pw_clientorder SET " . S::sqlSingle(array('order_no' => $order_no, 'type' => 4, 'uid' => 0, 'price' => $inv_price, 'payemail' => $email, 'number' => $invnum, 'date' => $timestamp, 'state' => 0)));
if (!$ol_payto) {
Showmsg('olpay_alipayerror');
}
require_once R_P . 'require/onlinepay.php';
$olpay = new OnlinePay($ol_payto);
ObHeader($olpay->alipayurl($order_no, $invnum * $inv_price, 4, $db_registerfile));
}
} elseif (GetGP('action', 'P') == 'auth') {
/*实名认证获取验证码*/
InitGP('mobile');
$authService = L::loadClass('Authentication', 'user');
if ($_POST['step'] == '1') {
$status = $authService->getverify('register', $mobile, ip2long($onlineip), false, 'register');
echo $status;
} elseif ($_POST['step'] == '2') {
InitGP('authverify');
$status = $authService->checkverify($mobile, ip2long($onlineip), $authverify);
echo $status ? 0 : 5;
}
ajax_footer();
}
if ($rg_config['rg_allowregister'] == 0 || $rg_config['rg_registertype'] == 1 && date('j', $timestamp) != $rg_config['rg_regmon'] || $rg_config['rg_registertype'] == 2 && date('w', $timestamp) != $rg_config['rg_regweek']) {
Showmsg($rg_config['rg_whyregclose']);
exit('redirecting...');
} else {
$task['error']['all'] = '哎呀,数据写入失败了!请备份内容,然后重新再试.';
$error = $task['error'];
}
} else {
$task['error']['all'] = '哎呀,负责人字段格式出错了!';
$error = $task['error'];
}
} else {
/* 验证失败 */
$error = $task['error'];
}
} elseif ('update' == $action) {
/* 修改提交 */
$tid = GetGP('tid');
// task id
if (0 < $tid) {
$task = validator_submit_task($data);
if (!isset($task['error']) && isset($task['ret'])) {
/* 验证成功 */
// 默认字段
$ret = $task['ret'];
$ret['modify_time'] = time();
// 组装SQL
$sql = 'UPDATE pw_teamtasks SET ' . pwSqlSingle($ret) . ' WHERE tid = ' . pwEscape($tid) . " AND (publisher_id = {$winduid} OR owner_id = {$winduid})";
//echo $sql;exit;
// 修改数据
$db->update($sql);
$rows = $db->affected_rows();
// 修改结果
<?php
!defined('M_P') && exit('Forbidden');
$tab = GetGP('tab');
if (!$winduid) {
Showmsg('not_login');
}
require_once R_P . 'require/showimg.php';
!$o_browseopen && Showmsg('browse_close');
$thisbase = $basename;
$basename = $basename . 'space=1&';
if ($tab == 'w' && $o_browse & 4) {
$newWrite = browseWrite(15);
} elseif ($tab == 'p' && $db_phopen && $o_browse & 16) {
$albumdb = browseAlbum(10);
} elseif ($tab == 's' && $db_share_open && $o_browse & 8) {
$newShares = browseShare(20);
} elseif ($tab == 'd' && $db_dopen && $o_browse & 64) {
list($newDiarys, $diarytype) = browseDiary(20);
} elseif ($tab == 't' && $o_browse & 128) {
$newsubject = browseNewSubject(30);
} elseif ($tab == 'g' && $db_groups_open && $o_browse & 32) {
$reGroups = browseGroup(15);
$cMembers = array();
$colonyids = pwImplode(array_keys($reGroups));
if ($colonyids) {
$query = $db->query("SELECT id,ifadmin,colonyid FROM pw_cmembers WHERE colonyid IN ({$colonyids}) AND uid=" . pwEscape($winduid, false));
while ($rt = $db->fetch_array($query)) {
$cMembers[$rt['colonyid']] = 1;
}
}
<?php
define('SCR', 'read');
require_once 'global.php';
require_once R_P . 'require/forum.php';
require_once R_P . 'require/bbscode.php';
include_once D_P . 'data/bbscache/cache_read.php';
InitGP(array('fpage', 'uid', 'toread', 'ordertype'), 2);
$fieldadd = $tablaadd = $sqladd = $fastpost = $special = $ifmagic = $urladd = $fieldinfo = $tableinfo = '';
$_uids = $_pids = array();
$page = GetGP('page');
$page < 1 && $page != 'e' && ($page = 1);
$threads = L::loadClass('Threads');
$read = $threads->getThreads($tid, !($page > 1));
!$read && Showmsg('illegal_tid');
$_uids[$read['authorid']] = 'UID_' . $read['authorid'];
#用户
$fid = $read['fid'];
$ptable = $read['ptable'];
$ifcheck = $read['ifcheck'];
$pw_posts = GetPtable($ptable);
$openIndex = getstatus($read['tpcstatus'], 2);
/*The app client*/
if ($db_siteappkey) {
$appclient = L::loadClass('appclient');
$forumappinfo = $appclient->showForumappinfo($fid, 'read', '17');
$threadright = $appclient->getThreadRight();
}
/*The app client*/
//读取版块信息及权限判断
if (!($foruminfo = L::forum($fid))) {
define('SCR', 'faq');
require_once 'global.php';
@(include_once D_P . 'data/bbscache/help_cache.php');
require_once R_P . 'require/header.php';
$nav = array();
$pages = $db_unioninfo = '';
$catedb = array();
$hid = (int) $_GET['hid'];
if (!$hid) {
list($db_unioninfo) = explode("\t", readover(D_P . 'data/bbscache/info.txt'));
if (strpos($db_unioninfo, '<pwhd>') === false) {
$db_unioninfo = '';
}
}
if (GetGP('action') != 'dosch') {
$listdb = $fathers = array();
$hids = array();
$lv = 0;
isset($_HELP[$hid]['lv']) && ($lv = $_HELP[$hid]['lv'] + 1);
if ($_HELP[$hid]['title']) {
$_HELP[$hid]['fathers'] && ($fathers = explode(',', $_HELP[$hid]['fathers']));
foreach ($fathers as $key) {
$nav[] = "<a href=\"faq.php?hid={$_HELP[$key][hid]}#faq{$_HELP[$key][hid]}\">{$_HELP[$key][title]}</a>";
}
$nav[] = $_HELP[$hid]['title'];
}
foreach ($_HELP as $key => $value) {
if ($hid > 0 && strpos(",{$value['fathers']},", ",{$hid},") === false) {
continue;
}
include_once D_P . 'data/bbscache/forum_cache.php';
//notice
$noticedb = array();
foreach ($notice_A as $value) {
if ($value['startdate'] <= $timestamp && (!$value['enddate'] || $value['enddate'] >= $timestamp)) {
$value['startdate'] = get_date($value['startdate'], 'y-m-d');
!$value['url'] && ($value['url'] = "notice.php#{$value['aid']}");
$noticedb[$value['aid']] = array('url' => $value['url'], 'subject' => $value['subject'], 'startdate' => $value['startdate']);
}
}
$notice_A = $noticedb;
unset($noticedb, $db_setindex);
$topics = $article = $tposts = 0;
InitGP(array('cateid'), 'GP', 2);
$secdomain = null;
$m = GetGP('m');
if (!$cateid && $db_modedomain && ($secdomain = array_search($pwServer['HTTP_HOST'], $db_modedomain))) {
if (substr($secdomain, 0, 5) == 'cate_') {
$cateid = substr($secdomain, 5);
$db_bbsurl = $_mainUrl;
$m = 'area';
}
}
#模式首页SEO设置
if (!$pw_seoset) {
$pw_seoset = L::loadClass('seoset');
}
$pw_seoset->set_mode($m);
$webPageTitle = $pw_seoset->getPageTitle();
$metaDescription = $pw_seoset->getPageMetadescrip();
$metaKeywords = $pw_seoset->getPageMetakeyword();
<?php
!function_exists('readover') && exit('Forbidden');
define('AREA_SCR', 'push');
$action = GetGP('action');
$allow_actions = array('default', 'pushto');
$action = in_array($action, $allow_actions) ? $action : 'default';
$thisBaseName = $basename . 'q=push';
include M_P . "require/push/{$action}.php";
echo "ok\t{$out}";
ajax_footer();
} elseif ($action == 'delmutiatt') {
$aids = array();
$query = $db->query("SELECT aid,attachurl FROM pw_attachs WHERE tid='0' AND pid='0' AND uid=" . pwEscape($winduid));
while ($rt = $db->fetch_array($query)) {
if (file_exists($attachpath . '/mutiupload/' . $rt['attachurl'])) {
P_unlink($attachpath . '/mutiupload/' . $rt['attachurl']);
}
$aids[] = $rt['aid'];
}
$db->update("DELETE FROM pw_attachs WHERE aid IN (" . pwImplode($aids) . ')');
echo 'ok';
ajax_footer();
} elseif ($action == 'delmutiattone') {
$aid = (int) GetGP('aid');
if ($aid <= 0) {
echo "error";
} else {
$db->update("DELETE FROM pw_attachs WHERE aid=" . pwEscape($aid) . " AND tid='0' AND pid='0' AND uid=" . pwEscape($winduid) . " LIMIT 1");
echo "ok";
}
ajax_footer();
} elseif ($action == 'msggoto') {
InitGP(array('from', 'type'));
InitGP(array('mid'), 'GP', 2);
switch ($from) {
case 'read':
$sqlwhere = " AND type='rebox' AND touid=" . pwEscape($winduid) . "AND fromuid<>0";
break;
case 'readn':
list($isU, $privacy) = pwUserPrivacy($u, $userdb);
if ($groupid == 3 || $isU == 2 || $isU != 2 && $privacy['index']) {
$SpaceShow = 1;
}
if (!$SpaceShow) {
Showmsg('mode_o_index_right');
}
$friend = $db->get_one("SELECT m.uid,m.username,m.icon,md.f_num FROM pw_members m LEFT JOIN pw_memberdata md ON m.uid=md.uid WHERE m.uid=" . pwEscape($u));
$username = $friend['username'];
$count = $friend['f_num'];
$addurl = 'u=' . $u . '&';
list($pages, $limit) = pwLimitPages($count, $page, "{$thisbase}{$addurl}");
} else {
InitGP('ftid', '', 2);
if (isset($_GET['ftid'])) {
$ftype = (int) GetGP('ftid');
}
$username = $windid;
$query = $db->query("SELECT * FROM pw_friendtype WHERE uid=" . pwEscape($winduid) . " ORDER BY ftid");
$friendtype = array();
while ($rt = $db->fetch_array($query)) {
$friendtype[$rt['ftid']] = $rt;
}
$count = $winddb['f_num'];
list($pages, $limit) = pwLimitPages($count, $page, "{$thisbase}");
}
$friends = getFriends($u, $start, $db_perpage, $ftype, 1);
if ($friends) {
foreach ($friends as $key => $value) {
$value['isfriend'] = isFriend($winduid, $value['uid']);
$friends[$key] = $value;
$limit = pwLimit(($page - 1) * $db_perpage, $db_perpage);
$rt = $db->get_one("SELECT COUNT(*) AS n FROM pw_draft d {$sqladd}");
$pages = numofpage($rt['n'], $page, ceil($rt['n'] / $db_perpage), "{$basename}&uid={$uid}&keyword=" . rawurlencode($keyword) . "&");
$draft = array();
$query = $db->query("SELECT d.*,m.username FROM pw_draft d LEFT JOIN pw_members m USING(uid) {$sqladd} {$limit}");
while ($rt = $db->fetch_array($query)) {
$draft[] = $rt;
}
include PrintEot('draftset');
exit;
} elseif ($action == 'del') {
if (!$_POST['step']) {
include PrintEot('draftset');
exit;
} else {
if (GetGP('clear')) {
$db->query("TRUNCATE TABLE pw_draft");
} else {
InitGP(array('username', 'keyword', 'num'));
$num < 1 && ($num = 200);
$sql = '';
if ($username) {
$rt = $db->get_one("SELECT uid FROM pw_members WHERE username="******" AND uid=" . pwEscape($rt['uid']);
}
if ($keyword) {
$sql .= " AND content LIKE " . pwEscape("%{$keyword}%");
} else {
# 回复
if (empty($pid)) {
adminmsg('operate_error');
}
if (is_array($pid)) {
if (!($selid = checkselid($pid))) {
$basename = "javascript:history.go(-1);";
adminmsg('operate_error');
}
$objid = array_keys($pid);
} else {
$selid = (int) $pid;
$objid[] = GetGP('id');
}
$ptable = GetGP('ptable');
if (is_array($ptable)) {
if ($db_plist && count($db_plist) > 1) {
foreach ($ptable as $key => $value) {
if (isset($db_plist[$value])) {
$postslist[$value] = GetPtable($value);
}
}
} else {
$postslist[] = 'pw_posts';
}
} else {
$postslist[] = GetPtable($ptable);
}
foreach ($postslist as $pw_posts) {
$fids = $tids = array();
$newforumset[$key] = $value;
} else {
$newforumset[$key] = 0;
}
}
$forumset = serialize($newforumset);
$db->update("INSERT INTO pw_forumsextra SET forumset=" . pwEscape($forumset) . ',fid=' . pwEscape($selfid));
}
}
}
updatecache_f();
$basename = "{$admin_file}?adminjob=setforum&action=edit&fid={$fid}";
adminmsg('operate_success');
}
} elseif ($action == 'changename') {
$fid = (int) GetGP('fid');
InitGP(array('fname'), 'P', 0);
$fname = str_replace('<iframe', '<iframe', $fname);
$fname = str_replace(array('<iframe', '"', "'"), array("<iframe", "", ""), $fname);
$db->update("UPDATE pw_forums SET name=" . pwEscape($fname) . " WHERE fid=" . pwEscape($fid));
updatecache_f();
$msg = getLangInfo('cpmsg', 'operate_success');
echo $msg;
ajax_footer();
} elseif ($action == 'delttype') {
InitGP(array('type', 'id'));
$id_array = array();
if ($type == 'top') {
$query = $db->query("SELECT id FROM pw_topictype WHERE upid=" . pwEscape($id));
while ($rt = $db->fetch_array($query)) {
$id_array[] = $rt['id'];
substr($config['bbsurl'], 0, 4) != 'http' && adminmsg('bbsurl_http');
substr($config['bbsurl'], -1) == '/' && ($config['bbsurl'] = substr($config['bbsurl'], 0, -1));
//global
if ($config['datefm']) {
if (strpos($config['datefm'], 'mm') !== false) {
$config['datefm'] = str_replace('mm', 'm', $config['datefm']);
} else {
$config['datefm'] = str_replace('m', 'n', $config['datefm']);
}
if (strpos($config['datefm'], 'dd') !== false) {
$config['datefm'] = str_replace('dd', 'd', $config['datefm']);
} else {
$config['datefm'] = str_replace('d', 'j', $config['datefm']);
}
$config['datefm'] = str_replace(array('yyyy', 'yy'), array('Y', 'y'), $config['datefm']);
$config['datefm'] .= GetGP('time_f', 'P') == '12' ? ' h:i A' : ' H:i';
} else {
$config['datefm'] = 'Y-n-j H:i';
}
$config['ajax'] = intval(array_sum($cajax));
$config['onlinetime'] *= 60;
substr($config['ckpath'], -1) != '/' && ($config['ckpath'] .= '/');
unset($postctl, $schctl, $cajax);
}
if ($admintype == 'safe' || $settingdb['safe']) {
InitGP(array('answer'), 'P');
InitGP(array('question'), 'P', 0);
InitGP(array('safegroup', 'gdcheck', 'gdstyle', 'gdsize', 'qcheck'), 'P', 2);
//speed
$config['onlinelmt'] = (int) $config['onlinelmt'] > 0 ? intval($config['onlinelmt']) : 0;
$config['obstart'] = (int) $config['obstart'] > 9 ? 9 : intval($config['obstart']);
// if ($photo['groupid'] == 6 && $db_shield && $groupid != 3) {
// $thumb_basepath = $pwModeImg.'/banuser.gif';
// }
// $nearphoto[] = array('pid'=>$pid,'path'=>$thumb_basepath);
//
// $next_photo = $db->get_one("SELECT p.pid,p.path,p.ifthumb,m.groupid FROM pw_cnphoto p LEFT JOIN pw_cnalbum a ON p.aid=a.aid LEFT JOIN pw_members m ON p.uploader=m.username WHERE p.pid>".pwEscape($pid)." AND a.ownerid=".pwEscape($u)." AND p.aid=".pwEscape($aid)." ORDER BY pid");
// if ($next_photo) {
// $next_photo['path'] = getphotourl($next_photo['path'],$next_photo['ifthumb']);
// if ($next_photo['groupid'] == 6 && $db_shield && $groupid != 3) {
// $next_photo['path'] = $pwModeImg.'/banuser.gif';
// }
// $nearphoto[] = $next_photo;
// } else {
// $nearphoto[] = array('pid'=>'end','path'=>'images/apps/pend.jpg');
// }
$page = (int) GetGP('page');
$page < 1 && ($page = 1);
$url = $basename . 'a=view&pid=' . $pid . '&';
require_once R_P . 'require/bbscode.php';
list($commentdb, $subcommentdb, $pages) = getCommentDbByTypeid('photo', $pid, $page, $url);
$comment_type = 'photo';
$comment_typeid = $pid;
} elseif ($a == 'next') {
define('AJAX', 1);
InitGP(array('pid', 'aid'), null, 2);
if ($aid) {
$next_photo = $db->get_one("SELECT c.pid,c.path,c.ifthumb,m.groupid FROM pw_cnphoto c LEFT JOIN pw_members m ON c.uploader=m.username WHERE c.pid>" . pwEscape($pid) . " AND c.aid=" . pwEscape($aid) . " ORDER BY c.pid");
if ($next_photo) {
$next_photo['path'] = getphotourl($next_photo['path'], $next_photo['ifthumb']);
if ($next_photo['groupid'] == 6 && $db_shield && $groupid != 3) {
$next_photo['path'] = $pwModeImg . '/banuser.gif';
}
if ($_POST['step'] != 2) {
include PrintEot('manager');
exit;
} else {
if (!$username) {
adminmsg('manager_empty');
}
if (str_replace(array('\\', '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#'), '', $username) != $username) {
adminmsg('manager_errorusername');
}
$key = (int) array_search($oldname, $manager);
if (!$password) {
$password = $manager_pwd[$key];
} else {
if (GetGP('check_pwd') != $password) {
adminmsg('password_confirm');
}
if (str_replace(array('\\', '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#'), '', $password) != $password) {
adminmsg('manager_errorpassword');
}
$password = $manager_pwd[$key] = md5($password);
}
if ($username != $oldname) {
if (CkInArray($username, $manager)) {
adminmsg('manager_had');
}
$manager[$key] = $username;
$oldname == $admin_name && Cookie('AdminUser', '', 0);
}
$newconfig = array('dbhost' => $dbhost, 'dbuser' => $dbuser, 'dbpw' => $dbpw, 'dbname' => $dbname, 'database' => $database, 'PW' => $PW, 'pconnect' => $pconnect, 'charset' => $charset, 'manager' => $manager, 'manager_pwd' => $manager_pwd, 'db_hostweb' => $db_hostweb, 'attach_url' => $attach_url);
