Example #1
0
function savegbform()
{
    global $db;
    $title = Html2Text($_POST["title"]);
    $content = HtmlReplace($_POST["content"]);
    $fileurl = HtmlReplace($_POST["fileurl"]);
    $replyid = intval($_POST["replyid"]);
    if (empty($title) || empty($content)) {
        header("location:./");
        exit;
    } else {
        $array = array('title' => $title, 'content' => $content, 'fileurl' => $fileurl, 'replyid' => $replyid, 'addtime' => time(), 'ip' => ip());
        $db->insert("ve123_guestbook", $array);
        header("location:./");
    }
}
Example #2
0
function savegbform()
{
    global $db, $http_referer;
    $title = Html2Text($_POST["title"]);
    $content = HtmlReplace($_POST["content"]);
    $fileurl = HtmlReplace($_POST["fileurl"]);
    $replyid = intval($_POST["replyid"]);
    if (empty($title) || empty($content)) {
        header("location:" . $http_referer . "");
        exit;
    } else {
        $array = array('title' => $title, 'content' => $content, 'fileurl' => $fileurl, 'replyid' => $replyid, 'addtime' => time(), 'ip' => ip());
        $db->insert("kuaso_guestbook", $array);
        $db->query("update kuaso_guestbook set reply_time='" . time() . "' where gid='" . $replyid . "'");
        header("location:" . $http_referer . "");
    }
}
Example #3
0
function checklogin()
{
    global $db;
    $adminname = htmlspecialchars($_POST['adminname']);
    $password = htmlspecialchars($_POST['password']);
    $imagecode = trim(HtmlReplace($_POST['entered_imagecode']));
    if ($_SESSION['dd_ckstr'] != $imagecode) {
        jsalert('验证码错误!', 'login.php');
        break;
    }
    $result = $db->query("select * from ve123_admin where adminname='{$adminname}' and password='******'");
    $num = $db->num_rows($result);
    if ($num > 0) {
        $rs = $db->fetch_array($result);
        $array = array('lastloginip' => $rs['loginip'], 'loginip' => ip(), 'lastlogintime' => $rs['logintime'], 'logintime' => date('Y-y-d H:i:s'));
        $db->update('ve123_admin', $array, "admin_id={$rs['admin_id']}");
        setcookie('adminname', $adminname);
        header('location:index.php');
    } else {
        jsalert('用户名或密码错误!', 'login.php');
    }
}
Example #4
0
 function MakeField($fname, $fvalue, $addvalue = '')
 {
     if ($fvalue == '') {
         $fvalue = $this->ChannelFields[$fname]['default'];
     }
     //处理各种数据类型
     $ftype = $this->ChannelFields[$fname]['type'];
     if ($ftype == 'text') {
         $fvalue = HtmlReplace($fvalue);
     } else {
         if ($ftype == 'textdata') {
             if (!is_file($GLOBALS['cfg_basedir'] . $fvalue)) {
                 return '';
             }
             $fp = fopen($GLOBALS['cfg_basedir'] . $fvalue, 'r');
             $fvalue = '';
             while (!feof($fp)) {
                 $fvalue .= fgets($fp, 1024);
             }
             fclose($fp);
         } else {
             if ($ftype == 'addon') {
                 $foldvalue = $fvalue;
                 $tmptext = GetSysTemplets("channel_addon.htm");
                 $fvalue = str_replace('~link~', $foldvalue, $tmptext);
                 $fvalue = str_replace('~phpurl~', $GLOBALS['cfg_phpurl'], $fvalue);
             } else {
                 if (file_exists(DEDEINC . '/taglib/channel/' . $ftype . '.lib.php')) {
                     include_once DEDEINC . '/taglib/channel/' . $ftype . '.lib.php';
                     $func = 'ch_' . $ftype;
                     $fvalue = $func($fvalue, $addvalue, $this, $fname);
                 }
             }
         }
     }
     return $fvalue;
 }
Example #5
0
set_time_limit(0);
require "global.php";
require_once PATH . "include/spider/spider_class.php";
$spider = new spider();
headhtml();
?>
<table width="100%" border="0" cellpadding="3" cellspacing="1" class="tablebg">
  <tr>
    <td><form id="form1" name="form1" method="post" action="?action=start">
      <input type="submit" name="Submit" value="开始一键找站" />
        </form>
    </td>
  </tr>
</table>
<?php 
$action = HtmlReplace(trim($_GET["action"]));
switch ($action) {
    case "start":
        start();
        break;
}
function start()
{
    global $spider;
    echo "正在处理中...<br>";
    print str_repeat(" ", 4096);
    ob_flush();
    flush();
    sleep(1);
    $url = "http://www.hao123.com/";
    $spider->url($url);
Example #6
0
         ResetVdValue();
         ShowMsg('验证码错误!', '-1');
         exit;
     }
     $uidnum = intval($uidnum);
     if (empty($uidnum)) {
         ShowMsg('参数错误!', '-1');
         exit;
     }
     if (strlen($msg) < 6) {
         ShowMsg('你的留言内容太短!', '-1');
         exit;
     }
     $uname = HtmlReplace($uname, 1);
     $msg = cn_substrR(HtmlReplace($msg), 2048);
     $title = cn_substrR(HtmlReplace($title), 255);
     if ($cfg_ml->M_UserName != '' && $cfg_ml->M_ID != $uidnum) {
         $gid = $cfg_ml->M_UserName;
     } else {
         $gid = '';
     }
     $inquery = "INSERT INTO `#@__member_guestbook`(mid,gid,title,msg,uname,ip,dtime)\n   VALUES ('{$uidnum}','{$gid}','{$title}','{$msg}','{$uname}','" . GetIP() . "'," . time() . "); ";
     $dsql->ExecuteNoneQuery($inquery);
     ShowMsg('成功提交你的留言!', "index.php?uid={$uid}&action=guestbook");
     exit;
 } else {
     if ($action == 'guestbookdel') {
         CheckRank(0, 0);
         if ($cfg_ml->M_LoginID != $uid) {
             ShowMsg('这条留言不是给你的,你不能删除!', -1);
             exit;
Example #7
0
                     if (!isset(${$vs[0]})) {
                         ${$vs[0]} = '';
                     }
                     ${$vs[0]} = GetFieldValueA(${$vs[0]}, $vs[1], $arcID);
                 }
             }
             $inadd_f .= ',' . $vs[0];
             $inadd_v .= " ,'" . ${$vs[0]} . "' ";
         }
     }
 }
 //处理图片文档的自定义属性
 if ($litpic != '') {
     $flag = 'p';
 }
 $body = HtmlReplace($body, -1);
 //生成文档ID
 $arcID = GetIndexKey($arcrank, $typeid, $sortrank, $channelid, $senddate, $mid);
 if (empty($arcID)) {
     ShowMsg("无法获得主键,因此无法进行后续操作!", "-1");
     exit;
 }
 //保存到主表
 $inQuery = "INSERT INTO `#@__archives`(id,typeid,sortrank,flag,ismake,channel,arcrank,click,money,title,shorttitle,\r\ncolor,writer,source,litpic,pubdate,senddate,mid,description,keywords)\r\nVALUES ('{$arcID}','{$typeid}','{$sortrank}','{$flag}','{$ismake}','{$channelid}','{$arcrank}','0','{$money}','{$title}','{$shorttitle}',\r\n'{$color}','{$writer}','{$source}','{$litpic}','{$pubdate}','{$senddate}','{$mid}','{$description}','{$keywords}'); ";
 if (!$dsql->ExecuteNoneQuery($inQuery)) {
     $gerr = $dsql->GetError();
     $dsql->ExecuteNoneQuery("Delete From `#@__arctiny` where id='{$arcID}' ");
     ShowMsg("把数据保存到数据库主表 `#@__archives` 时出错,请联系管理员。", "javascript:;");
     exit;
 }
 //软件链接列表
Example #8
0
        $dsql->SetQuery("Select id,typename,channeltype From `#@__arctype`");
        $dsql->Execute();
        while ($row = $dsql->GetArray()) {
            fwrite($fp, "\$typeArr[{$row['id']}] = '{$row['typename']}';\r\n");
        }
        fwrite($fp, '?' . '>');
        fclose($fp);
    }
    //引入栏目缓存并看关键字是否有相关栏目内容
    require_once $typenameCacheFile;
    if (isset($typeArr) && is_array($typeArr)) {
        foreach ($typeArr as $id => $typename) {
            //$keywordn = str_replace($typename, ' ', $keyword);
            $keywordn = $keyword;
            if ($keyword != $keywordn) {
                $keyword = HtmlReplace($keywordn);
                $typeid = intval($id);
                break;
            }
        }
    }
}
$keyword = addslashes(cn_substr($keyword, 30));
$typeid = intval($typeid);
if ($cfg_notallowstr != '' && preg_match("#" . $cfg_notallowstr . "#i", $keyword)) {
    ShowMsg("你的搜索关键字中存在非法内容,被系统禁止!", "-1");
    exit;
}
if (($keyword == '' || strlen($keyword) < 2) && empty($typeid)) {
    ShowMsg('关键字不能小于2个字节!', '-1');
    exit;
Example #9
0
$action = isset($action) ? trim($action) : '';
if (!$cfg_ml->IsLogin()) {
    ShowMsg("未登录前不充许该操作!", "-1");
    exit;
}
if ($id < 1) {
    ShowMsg("错误,未定义的操作!", "-1");
    exit;
}
if ($action == "save") {
    $svali = GetCkVdValue();
    if (strtolower($vdcode) != $svali || $svali == "") {
        ShowMsg("认证码错误!", "-1");
        exit;
    }
    $subject = cn_substrR(trim(HtmlReplace($subject), 2), 80);
    $text = preg_replace("#<(iframe|script)#i", "", $text);
    if (CountStrLen($text) < 3 || CountStrLen($text) > 1000) {
        ShowMsg("内容字数应该在3-1000个汉字!", "-1");
        exit;
    }
    if (preg_match("#{$cfg_notallowstr}#", $subject) || preg_match("#{$cfg_notallowstr}#", $text)) {
        ShowMsg("含有非法字符!", "-1");
        exit;
    }
    $subject = preg_replace("/{$cfg_replacestr}/", "***", $subject);
    $text = preg_replace("/{$cfg_replacestr}/", "***", $text);
    $userip = GetIP();
    $SetQuery = "INSERT INTO #@__group_guestbook(gid,title,uname,userid,stime,message,ip) ";
    $SetQuery .= "VALUES('{$id}','{$subject}','" . $cfg_ml->M_UserName . "','" . $cfg_ml->M_ID . "','" . time() . "','{$text}','{$userip}');";
    if ($db->ExecuteNoneQuery($SetQuery)) {
Example #10
0
 *  圈子分类设置
 *
 * @version        $Id: group_store.php 1 15:34 2011-1-21 tianya $
 * @package        DedeCMS.Administrator
 * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 */
require_once dirname(__FILE__) . "/config.php";
CheckPurview('group_Store');
require_once DEDEINC . '/datalistcp.class.php';
setcookie("ENV_GOBACK_URL", $dedeNowurl, time() + 3600, "/");
$id = isset($id) && is_numeric($id) ? $id : 0;
$action = isset($action) ? trim($action) : '';
if ($action == "add") {
    $storename = cn_substrR(HtmlReplace($storename, 2), 20);
    $tops = preg_replace("#[^0-9]#", "", $tops);
    $orders = preg_replace("#[^0-9]#", "", $orders);
    if ($tops < 1) {
        $tops = 0;
    }
    if ($orders < 1) {
        $orders = 0;
    }
    if (empty($storename)) {
        $msg = "错误,分类名不能为空!";
    } else {
        $db->ExecuteNoneQuery("INSERT INTO #@__store_groups(storename,tops,orders) VALUES('" . $storename . "','" . $tops . "','" . $orders . "');");
        $msg = "成功添加分类";
    }
} else {
Example #11
0
<?php

/*
	[kuaso!] (C)209-2010 Kuaso Inc.
	
	This is NOT a freeware, use is subject to license terms

	$Id: shoulu.php 2010-01-24 16:17:18Z anjel $
*/
require "../global.php";
$url = HtmlReplace($_GET["ref"]);
if ($url != $config["url"] && stristr($url, "http://")) {
    $url = GetSiteUrl($url);
    $site = $db->get_one("select * from kuaso_sites where url='{$url}'");
    if (empty($site)) {
        $array = array('url' => $url, 'spider_depth' => $config["spider_depth"], 'indexdate' => time(), 'addtime' => time());
        $db->insert("kuaso_sites", $array);
    }
    $site = $db->get_one("select * from kuaso_sites where url='{$url}'");
    if (!empty($site)) {
        $ip = ip();
        //$referer=$_SERVER['HTTP_REFERER'];
        $v = $db->get_one("select * from kuaso_stat_visitor where v_ip='" . $ip . "' and v_time>='" . (time() - 86400 * 1) . "'");
        if (empty($v)) {
            $array = array('v_time' => time(), 'v_ip' => $ip);
            $db->insert("kuaso_stat_visitor", $array);
            $db->query("update kuaso_sites set com_time='" . time() . "',com_count_ip=com_count_ip+1 where url='" . $url . "'");
        }
    }
    $site = $db->get_one("select * from kuaso_sites where url='{$url}'");
    if (!empty($site)) {
Example #12
0
  </div>
  <!--login start-->
  <div class="login" style="position: relative;">
    <div class="login_month"></div>
    <div class="login_month_img1"></div>
    <div class="login_month_img"></div>
    <div class="login_top"></div>
    <div class="login_middle">
      <div class="login_middle_img"></div>
      <div class="login_middle_img1" style="background-position: -416px -46px;"></div>
      <div class="login_middle_clear"></div>
	<form action=\'login.php\' METHOD=post onSubmit="return checkData()">
	<input type="hidden" name="action" value="login">
      <table class="login_table" border="0" cellspacing="0">
			';
$msg = HtmlReplace($_GET['msg']);
if (empty($msg)) {
    echo '请输入用户名';
} else {
    echo $msg;
}
echo '			</td>
		</tr>
		<tr>
      <form name="form" method="post" action="/s/web__login.asp?action=login">
		
      <table class="login_table" border="0" cellspacing="0">
        <tbody><tr>
          <td class="login_table_text1">用户名</td>
          <td class="login_table_text1_1"><input class="login_table_text1_input" name="entered_login"id="entered_login"  maxlength="50" style="border-color: rgb(132, 161, 189); font-weight: bold; font-family: Verdana,Arial,Helvetica,sans-serif; ime-mode: disabled;" type="text" ></td>
          <td class="login_table_text1_img" title="$ Googie.cn"></td>
Example #13
0
function dolistform()
{
    global $db;
    $site_id = $_POST['site_id'];
    $do_action = HtmlReplace($_POST['do_action']);
    for ($i = 0; $i < count($site_id); $i++) {
        $site_id_str = $site_id_str . $site_id[$i] . ',';
    }
    $site_id_str = rtrim($site_id_str, ',');
    if (empty($site_id_str)) {
        return;
    }
    if ($do_action == 'del') {
        $sql = 'delete from ve123_sites where site_id in(' . $site_id_str . ')';
    }
    $db->query($sql);
    header('location:' . $_SERVER['HTTP_REFERER']);
}
Example #14
0
<?php

/**
 * @version        $Id: buy_action.php 1 8:38 2010年7月9日Z tianya $
 * @package        DedeCMS.Member
 * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 */
require_once dirname(__FILE__) . "/config.php";
CheckRank(0, 0);
$menutype = 'mydede';
$menutype_son = 'op';
require_once DEDEINC . '/dedetemplate.class.php';
$product = isset($product) ? trim(HtmlReplace($product, 1)) : '';
$mid = $cfg_ml->M_ID;
$ptype = '';
$pname = '';
$price = '';
$mtime = time();
if (isset($pd_encode) && isset($pd_verify) && md5("payment" . $pd_encode . $cfg_cookie_encode) == $pd_verify) {
    parse_str(mchStrCode($pd_encode, 'DECODE'), $mch_Post);
    $product = preg_replace("#[^0-9a-z]#i", "", $mch_Post['product']);
    $pid = preg_replace("#[^0-9a-z]#i", "", $mch_Post['pid']);
    $row = $dsql->GetOne("SELECT * FROM #@__member_operation WHERE mid='{$mid}' And sta=0 AND product='{$product}'");
    if (!isset($row['buyid'])) {
        ShowMsg("请不要重复提交表单!", 'javascript:;');
        exit;
    }
    if (!isset($paytype)) {
        ShowMsg("请选择支付方式!", 'javascript:;');
Example #15
0
 if ($cInfos['issend'] != 1 || $cInfos['ispart'] != 0 || $cInfos['channeltype'] != $channelid || $cInfos['cissend'] != 1) {
     ShowMsg("你所选择的栏目不支持投稿!", "-1");
     exit;
 }
 //文档的默认状态
 if ($cInfos['arcsta'] == 0) {
     $arcrank = 0;
 } else {
     if ($cInfos['arcsta'] == 1) {
         $arcrank = 0;
     } else {
         $arcrank = -1;
     }
 }
 //对保存的内容进行处理
 $title = cn_substrR(HtmlReplace($title, 1), $cfg_title_maxlen);
 $mid = $cfg_ml->M_ID;
 //处理上传的缩略图
 $litpic = MemberUploads('litpic', $oldlitpic, $mid, 'image', '', $cfg_ddimg_width, $cfg_ddimg_height, false);
 if ($litpic != '') {
     SaveUploadInfo($title, $litpic, 1);
 } else {
     $litpic = $oldlitpic;
 }
 //分析处理附加表数据
 $inadd_f = '';
 if (!empty($dede_addonfields)) {
     $addonfields = explode(';', $dede_addonfields);
     if (is_array($addonfields)) {
         foreach ($addonfields as $v) {
             if ($v == '') {
Example #16
0
 $ip = GetIP();
 $dtime = time();
 if (!empty($cfg_feedback_time)) {
     //检查最后发表评论时间,如果未登陆判断当前IP最后评论时间
     $where = $cfg_ml->M_ID > 0 ? "WHERE `mid` = '{$cfg_ml->M_ID}' " : "WHERE `ip` = '{$ip}' ";
     $row = $dsql->GetOne("SELECT dtime FROM `#@__feedback` {$where} ORDER BY `id` DESC ");
     if (is_array($row) && $dtime - $row['dtime'] < $cfg_feedback_time) {
         ResetVdValue();
         echo '<font color="red">管理员设置了评论间隔时间,请稍等休息一下!</font>';
         exit;
     }
 }
 $face = intval($face);
 extract($arcRow, EXTR_SKIP);
 $msg = cn_substrR(TrimMsg($msg), 500);
 $username = cn_substrR(HtmlReplace($username, 2), 20);
 if (empty($feedbacktype) || $feedbacktype != 'good' && $feedbacktype != 'bad') {
     $feedbacktype = 'feedback';
 }
 //保存评论内容
 if (!empty($fid)) {
     $row = $dsql->GetOne("Select username,msg from `#@__feedback` where id ='{$fid}' ");
     $qmsg = '{quote}{title}' . $row['username'] . ' 的原帖:{/title}{content}' . $row['msg'] . '{/content}{/quote}';
     $msg = addslashes($qmsg) . $msg;
 }
 $ischeck = $cfg_feedbackcheck == 'Y' ? 0 : 1;
 $arctitle = addslashes($title);
 $inquery = "INSERT INTO `#@__feedback`(`aid`,`typeid`,`username`,`arctitle`,`ip`,`ischeck`,`dtime`, `mid`,`bad`,`good`,`ftype`,`face`,`msg`)\r\n\t               VALUES ('{$aid}','{$typeid}','{$username}','{$arctitle}','{$ip}','{$ischeck}','{$dtime}', '{$cfg_ml->M_ID}','0','0','{$feedbacktype}','{$face}','{$msg}'); ";
 $rs = $dsql->ExecuteNoneQuery($inquery);
 if (!$rs) {
     echo "<font color='red'>发表评论出错了!</font>";
Example #17
0
function saveconfig()
{
    global $db;
    $name = HtmlReplace($_POST["name"]);
    $user_agent = HtmlReplace($_POST["user_agent"]);
    $adtitle = $_POST["adtitle"];
    $copyright = $_POST["copyright"];
    $icp = HtmlReplace($_POST["icp"]);
    $url = HtmlReplace($_POST["url"]);
    $status_content = HtmlReplace($_POST["status_content"]);
    $statcode = $_POST["statcode"];
    $Keywords = HtmlReplace($_POST["Keywords"]);
    $description = $_POST["description"];
    $telephone = $_POST["telephone"];
    $qq = $_POST["qq"];
    $spider_depth = intval($_POST["spider_depth"]);
    $is_tijiao_shoulu = $_POST["is_tijiao_shoulu"];
    $filter_word = $_POST["filter_word"];
    $array = array('name' => $name, 'user_agent' => $user_agent, 'adtitle' => $adtitle, 'copyright' => $copyright, 'icp' => $icp, 'statcode' => $statcode, 'url' => $url, 'status_content' => $status_content, 'Keywords' => $Keywords, 'description' => $description, 'telephone' => $telephone, 'qq' => $qq, 'is_tijiao_shoulu' => $is_tijiao_shoulu, 'spider_depth' => $spider_depth, 'filter_word' => $filter_word);
    $db->update("ve123_siteconfig", $array, "config_id='1'");
    $config = $db->get_one("select * from ve123_siteconfig limit 1");
    $str .= "<?php" . chr(13) . chr(10);
    $str .= "\$config['name']=\"" . $name . "\";" . chr(13) . chr(10);
    $str .= "\$config['user_agent']=\"" . $user_agent . "\";" . chr(13) . chr(10);
    $str .= "\$config['adtitle']=\"" . $adtitle . "\";" . chr(13) . chr(10);
    $str .= "\$config['copyright']=\"" . $copyright . "\";" . chr(13) . chr(10);
    $str .= "\$config['icp']=\"" . $icp . "\";" . chr(13) . chr(10);
    $str .= "\$config['url']=\"" . $url . "\";" . chr(13) . chr(10);
    $str .= "\$config['status_content']=\"" . $status_content . "\";" . chr(13) . chr(10);
    $str .= "\$config['statcode']=\"" . addslashes($statcode) . "\";" . chr(13) . chr(10);
    $str .= "\$config['Keywords']=\"" . $Keywords . "\";" . chr(13) . chr(10);
    $str .= "\$config['description']=\"" . $description . "\";" . chr(13) . chr(10);
    $str .= "\$config['telephone']=\"" . $telephone . "\";" . chr(13) . chr(10);
    $str .= "\$config['qq']=\"" . $qq . "\";" . chr(13) . chr(10);
    $str .= "\$config['is_tijiao_shoulu']=\"" . $is_tijiao_shoulu . "\";" . chr(13) . chr(10);
    $str .= "\$config['spider_depth']=" . $spider_depth . ";" . chr(13) . chr(10);
    $str .= "\$config['author']=\"" . $config["author"] . "\";" . chr(13) . chr(10);
    $str .= "\$config['copyright']=\"" . $copyright . "\";" . chr(13) . chr(10);
    $str .= "\$config['filter_word']=" . var_export(explode(",", $filter_word), true) . ";" . chr(13) . chr(10);
    $str .= "?>";
    $fp = @fopen("../cache/site_config.php", "w") or die("写方式打开文件失败,请检查程序目录是否为可写");
    //配置conn.php文件
    @fputs($fp, $str) or die("文件写入失败,请检查程序目录是否为可写");
    @fclose($fp);
    jsalert("修改成功!");
}
Example #18
0
 //会员的默认金币
 $dfscores = 0;
 $dfmoney = 0;
 $dfrank = $dsql->GetOne("SELECT money,scores FROM `#@__arcrank` WHERE rank='10' ");
 if (is_array($dfrank)) {
     $dfmoney = $dfrank['money'];
     $dfscores = $dfrank['scores'];
 }
 $jointime = time();
 $logintime = time();
 $joinip = GetIP();
 $loginip = GetIP();
 $pwd = md5($userpwd);
 $mtype = RemoveXSS(HtmlReplace($mtype, 1));
 $safeanswer = HtmlReplace($safeanswer);
 $safequestion = HtmlReplace($safequestion);
 $spaceSta = $cfg_mb_spacesta < 0 ? $cfg_mb_spacesta : 0;
 $inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`pwd` ,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,\n        `matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` )\n       VALUES ('{$mtype}','{$userid}','{$pwd}','{$uname}','{$sex}','10','{$dfmoney}','{$email}','{$dfscores}',\n       '0','{$spaceSta}','','{$safequestion}','{$safeanswer}','{$jointime}','{$joinip}','{$logintime}','{$loginip}'); ";
 if ($dsql->ExecuteNoneQuery($inQuery)) {
     $mid = $dsql->GetLastID();
     //写入默认会员详细资料
     if ($mtype == '个人') {
         $space = 'person';
     } else {
         if ($mtype == '企业') {
             $space = 'company';
         } else {
             $space = 'person';
         }
     }
     //写入默认统计数据
Example #19
0
<?php

require 'global.php';
$action = $_POST['action'];
if ($action == 'savereg') {
    $user_name = HtmlReplace($_POST['user_name']);
    $password = HtmlReplace($_POST['passwd1']);
    $email = HtmlReplace($_POST['email']);
    $real_name = HtmlReplace($_POST['real_name']);
    $question = HtmlReplace($_POST['question']);
    $answer = HtmlReplace($_POST['answer']);
    $check = $db->get_one("select * from ve123_zz_user where user_name='" . $user_name . "'");
    if (empty($check)) {
        $array = array('user_name' => $user_name, 'password' => md5($password), 'real_name' => $real_name, 'question' => $question, 'answer' => $answer, 'email' => $email, 'reg_ip' => ip(), 'reg_time' => time(), 'points' => $zz_config['zs_points']);
        $db->insert('ve123_zz_user', $array);
        $_SESSION['user_name'] = $user_name;
        header('location:./');
    } else {
        header('location:reg.php?msg=' . urlencode('用户名已存在,请换个再试!'));
    }
}
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>';
echo $config['name'];
echo '推广平台</title>
<link href="images/reg.css" rel="stylesheet" type="text/css">
</head>
}
//文档的默认状态
if ($cInfos['arcsta'] == 0) {
    $ismake = 0;
    $arcrank = 0;
} else {
    if ($cInfos['arcsta'] == 1) {
        $ismake = -1;
        $arcrank = 0;
    } else {
        $ismake = 0;
        $arcrank = -1;
    }
}
//对保存的内容进行处理
$title = cn_substrR(HtmlReplace($title, 1), $cfg_title_maxlen);
$writer = cn_substrR(HtmlReplace($writer, 1), 20);
if (empty($description)) {
    $description = '';
}
$description = cn_substrR(HtmlReplace($description, 1), 250);
$keywords = cn_substrR(HtmlReplace($tags, 1), 30);
$mid = $cfg_ml->M_ID;
$isadmin = $cfg_ml->fields['matt'] == 10 ? true : false;
//处理上传的缩略图
$litpic = MemberUploads('litpic', $oldlitpic, $mid, 'image', '', $cfg_ddimg_width, $cfg_ddimg_height, false, $isadmin);
if ($litpic != '') {
    SaveUploadInfo($title, $litpic, 1);
} else {
    $litpic = $oldlitpic;
}
Example #21
0
     $aid = intval($aid);
     if (empty($aid)) {
         exit("<font color='red'>参数错误!</font>");
     }
     $dsql->ExecuteNoneQuery("DELETE FROM  `#@__member_flink` WHERE aid='{$aid}' AND mid='" . $cfg_ml->M_ID . "';");
     echo "<font color='red'>成功删除链接:{$aid}</font>";
     GetLinkList($dsql);
 } else {
     if ($dopost == "update") {
         AjaxHead();
         $aid = intval($aid);
         if (!preg_match("#^http:\\/\\/#", $url)) {
             $url = "http://" . HtmlReplace($url, 2);
         }
         $title = HtmlReplace($title);
         $url = HtmlReplace($url);
         $upquery = "UPDATE `#@__member_flink` SET title='{$title}',url='{$url}' WHERE aid='{$aid}' AND mid='" . $cfg_ml->M_ID . "'; ";
         $rs = $dsql->ExecuteNoneQuery($upquery);
         if ($rs) {
             echo "<font color='red'>成功更新链接:{$title}</font>";
             GetLinkList($dsql);
             exit;
         } else {
             echo "<font color='red'>更新链接:{$title} 失败!</font>";
             GetLinkList($dsql);
             exit;
         }
     } else {
         if ($dopost == "reload") {
             AjaxHead();
             GetLinkList($dsql);
Example #22
0
             ShowMsg("成功退出登录!", "index.php", 0, 2000);
             exit;
         }
     }
 } else {
     if ($fmdo == 'moodmsg') {
         //用户登录
         if ($dopost == "sendmsg") {
             if (!empty($content)) {
                 $ip = GetIP();
                 $dtime = time();
                 $ischeck = $cfg_mb_msgischeck == 'Y' ? 0 : 1;
                 if ($cfg_soft_lang == 'gb2312') {
                     $content = utf82gb(nl2br($content));
                 }
                 $content = cn_substrR(HtmlReplace($content, 1), 360);
                 //对表情进行解析
                 $content = addslashes(preg_replace("/\\[face:(\\d{1,2})\\]/is", "<img src='" . $cfg_memberurl . "/templets/images/smiley/\\1.gif' style='cursor: pointer; position: relative;'>", $content));
                 $content = RemoveXSS($content);
                 $inquery = "INSERT INTO `#@__member_msg`(`mid`,`userid`,`ip`,`ischeck`,`dtime`, `msg`)\n                   VALUES ('{$cfg_ml->M_ID}','{$cfg_ml->M_LoginID}','{$ip}','{$ischeck}','{$dtime}', '{$content}'); ";
                 $rs = $dsql->ExecuteNoneQuery($inquery);
                 if (!$rs) {
                     $output['type'] = 'error';
                     $output['data'] = '更新失败,请重试.';
                     exit;
                 }
                 $output['type'] = 'success';
                 if ($cfg_soft_lang == 'gb2312') {
                     $content = utf82gb(nl2br($content));
                 }
                 $output['data'] = stripslashes($content);
Example #23
0
 * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 */
require_once dirname(__FILE__) . "/../include/common.inc.php";
require_once DEDEINC . '/memberlogin.class.php';
$htmltitle = "错误提交";
$aid = isset($aid) && is_numeric($aid) ? $aid : 0;
if (empty($dopost)) {
    $row = $dsql->GetOne(" SELECT a.`title`,b.`typename` FROM `#@__archives` a left join `#@__arctype` b on(a.typeid=b.id) WHERE a.`id` ='{$aid}'");
    if (!$row) {
        ShowMsg("谢谢您对本网站的支持,我们会尽快处理您的建议!", "javascript:window.close();");
        exit;
    }
    $title = $row['typename'] . "-" . $row['title'];
    require_once DEDEROOT . "/templets/plus/erraddsave.htm";
    $url = $_SERVER["HTTP_REFERER"];
    echo $url;
} elseif ($dopost == "saveedit") {
    $cfg_ml = new MemberLogin();
    $title = HtmlReplace($title);
    $type = isset($type) && is_numeric($type) ? $type : 0;
    $mid = isset($cfg_ml->M_ID) ? $cfg_ml->M_ID : 0;
    $err = trimMsg(cn_substr($err, 2000), 1);
    $oktxt = trimMsg(cn_substr($erradd, 2000), 1);
    $time = time();
    $query = "INSERT INTO `#@__erradd`(aid,mid,title,type,errtxt,oktxt,sendtime)\r\n                  VALUES ('{$aid}','{$mid}','{$title}','{$type}','{$err}','{$oktxt}','{$time}'); ";
    $dsql->ExecuteNoneQuery($query);
    ShowMsg("谢谢您对本网站的支持,我们会尽快处理您的建议!", "javascript:window.close();");
    exit;
}
Example #24
0
<?php

require "global.php";
$action = $_POST["action"];
if ($action == "savereg") {
    $user_name = HtmlReplace($_POST["user_name"]);
    $password = HtmlReplace($_POST["passwd1"]);
    $email = HtmlReplace($_POST["email"]);
    $real_name = HtmlReplace($_POST["real_name"]);
    $check = $db->get_one("select * from ve123_zz_user where user_name='" . $user_name . "'");
    if (empty($check)) {
        $array = array('user_name' => $user_name, 'password' => md5($password), 'real_name' => $real_name, 'email' => $email, 'reg_ip' => ip(), 'reg_time' => time(), 'points' => $zz_config["zs_points"]);
        $db->insert("ve123_zz_user", $array);
        $_SESSION["user_name"] = $user_name;
        header("location:./");
    } else {
        header("location:reg.php?msg=" . urlencode("用户名已存在,请换个再试!"));
    }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title><?php 
echo $config["name"];
?>
推广平台</title>
<link href="images/reg.css" rel="stylesheet" type="text/css">
</head>
Example #25
0
function saveform()
{
    global $db;
    $title = HtmlReplace(trim($_POST['title']));
    $url = HtmlReplace(trim($_POST['url']));
    $class_id = intval($_POST['class_id']);
    $link_id = intval($_POST['link_id']);
    $do_action = $_POST['do_action'];
    if ($do_action == 'modify') {
        $array = array('title' => $title, 'url' => $url, 'class_id' => $class_id);
        $db->update('ve123_dh_links', $array, "link_id='{$link_id}'");
        jsalert('修改成功');
    } else {
        $array = array('title' => $title, 'url' => $url, 'class_id' => $class_id);
        $db->insert('ve123_dh_links', $array);
        jsalert('提交成功');
    }
}
Example #26
0
            ShowMsg("你上传的Logo文件超过了系统限制大小:{$cfg_max_face} K!", '-1');
            exit;
        }
        //删除旧图片(防止文件扩展名不同,如:原来的是gif,后来的是jpg)
        if (eregi("\\.(jpg|gif|png)\$", $oldspacelogo) && file_exists($cfg_basedir . $oldspacelogo)) {
            @unlink($cfg_basedir . $oldspacelogo);
        }
        //上传新工图片
        $spacelogo = MemberUploads('spacelogo', '', $cfg_ml->M_ID, 'image', 'mylogo', 200, 50);
    } else {
        $spacelogo = $oldspacelogo;
    }
    $pagesize = intval($pagesize);
    $spacename = cn_substrR(HtmlReplace($spacename, 2), 50);
    $sign = cn_substrR(HtmlReplace($sign), 100);
    $spacenews = HtmlReplace($spacenews, -1);
    $query = "update `#@__member_space` set `pagesize` = '{$pagesize}',`spacename`='{$spacename}' , spacelogo='{$spacelogo}', `sign` = '{$sign}' ,`spacenews`='{$spacenews}' where mid='{$cfg_ml->M_ID}' ";
    $dsql->ExecuteNoneQuery($query);
    if ($cfg_ml->M_Spacesta >= 0) {
        $dsql->ExecuteNoneQuery("update `#@__member` set spacesta=1 where mid='{$cfg_ml->M_ID}' And spacesta < 1 ");
    }
    ShowMsg('成功更新空间信息!', 'edit_space_info.php');
    exit;
} else {
    $row = $dsql->GetOne("select * from `#@__member_space` where mid='" . $cfg_ml->M_ID . "'");
    if (!is_array($row)) {
        $inquery = "Insert Into `#@__member_space`(`mid` ,`pagesize` ,`matt` ,`spacename` ,`spacelogo` , `sign` ,`spacenews`)\r\n\t\t\t    Values('{$cfg_ml->M_ID}', '10', '0', '{$cfg_ml->M_UserName}的空间', '', '', ''); ";
        $row['spacename'] = '';
        $row['sign'] = '';
        $row['pagesize'] = 10;
        $row['spacestyle'] = 'person';
Example #27
0
    }
    if ($arow['mid'] != $cfg_ml->M_ID) {
        ShowMsg("你没有修改这个附件的权限!", "-1");
        exit;
    }
    include DEDEMEMBER . "/templets/uploads_edit.htm";
    exit;
} else {
    if ($dopost == 'save') {
        $title = HtmlReplace($title, 2);
        if ($mediatype == 1) {
            $utype = 'image';
        } else {
            if ($mediatype == 2) {
                $utype = 'flash';
            } else {
                if ($mediatype == 3) {
                    $utype = 'media';
                } else {
                    $utype = 'addon';
                }
            }
        }
        $title = HtmlReplace($title, 2);
        $exname = preg_replace("#(.*)/#", "", $oldurl);
        $exname = preg_replace("#\\.(.*)\$#", "", $exname);
        $filename = MemberUploads('addonfile', $oldurl, $cfg_ml->M_ID, $utype, $exname, -1, -1, TRUE);
        SaveUploadInfo($title, $filename, $mediatype);
        ShowMsg("成功修改文件!", "uploads_edit.php?aid={$aid}");
    }
}
Example #28
0
     qiangzhisave();
     break;
 case "addform":
     addform($action);
     break;
 case "qiangzhi":
     qiangzhi($action);
     break;
 case "modify":
     addform($action);
     break;
 case "options":
     options(intval($_GET["site_id"]));
     break;
 case "dell_links":
     dell_links(HtmlReplace($_GET["url"]));
     break;
 case "del":
     $site_id = intval($_GET["site_id"]);
     $db->query("delete from ve123_sites where site_id='" . $site_id . "'");
     break;
 case "add_in_site_link":
     $site_id = $_GET["site_id"];
     echo "<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr><td width=\"98%\"><iframe src=\"start.php?action=add_in_site_link&site_id=" . $site_id . "\" height=\"450\" width=\"100%\"></iframe></td></tr></table><br>";
     break;
 case "add_all_lry":
     //收录全站
     $site_id = $_GET["site_id"];
     echo "<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr><td width=\"98%\"><iframe src=\"start.php?action=add_all_lry&site_id=" . $site_id . "\" height=\"450\" width=\"100%\"></iframe></td></tr></table><br>";
     break;
 case "update_in_site_all_links":
Example #29
0
     if ($subject == '') {
         ShowMsg("请填写信息标题!", "-1");
         exit;
     }
     $msg = CheckUserID($msgtoid, "用户名", false);
     if ($msg != 'ok') {
         ShowMsg($msg, "-1");
         exit;
     }
     $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE userid LIKE '{$msgtoid}' ");
     if (!is_array($row)) {
         ShowMsg("你指定的用户不存在,不能发送信息!", "-1");
         exit;
     }
     $subject = cn_substrR(HtmlReplace($subject, 1), 60);
     $message = cn_substrR(HtmlReplace($message, 0), 1024);
     $sendtime = $writetime = time();
     //发给收件人(收件人可管理)
     $inquery1 = "INSERT INTO `#@__member_pms` (`floginid`,`fromid`,`toid`,`tologinid`,`folder`,`subject`,`sendtime`,`writetime`,`hasview`,`isadmin`,`message`)\r\n      VALUES ('{$cfg_ml->M_LoginID}','{$cfg_ml->M_ID}','{$row['mid']}','{$row['userid']}','inbox','{$subject}','{$sendtime}','{$writetime}','0','0','{$message}'); ";
     //保留到自己的发件箱(自己可管理)
     $inquery2 = "INSERT INTO `#@__member_pms` (`floginid`,`fromid`,`toid`,`tologinid`,`folder`,`subject`,`sendtime`,`writetime`,`hasview`,`isadmin`,`message`)\r\n      VALUES ('{$cfg_ml->M_LoginID}','{$cfg_ml->M_ID}','{$row['mid']}','{$row['userid']}','outbox','{$subject}','{$sendtime}','{$writetime}','0','0','{$message}'); ";
     $dsql->ExecuteNoneQuery($inquery1);
     $dsql->ExecuteNoneQuery($inquery2);
     ShowMsg("成功发送一条信息!", "pm.php?dopost=outbox");
     exit;
 } else {
     if ($dopost == 'del') {
         $ids = preg_replace("#[^0-9,]#", "", $ids);
         if ($folder == 'inbox') {
             $boxsql = "SELECT * FROM `#@__member_pms` WHERE id IN({$ids}) AND folder LIKE 'inbox' AND toid='{$cfg_ml->M_ID}'";
             $dsql->SetQuery($boxsql);
Example #30
0
function saveform()
{
    global $db, $config;
    $title = addslashes(HtmlReplace(trim($_POST["title"])));
    $content = trim($_POST["content"]);
    $filename = HtmlReplace(trim($_POST["filename"]));
    $url = HtmlReplace(trim($_POST["url"]));
    $sortid = intval($_POST["sortid"]);
    $about_id = intval($_POST["about_id"]);
    $do_action = HtmlReplace($_POST["do_action"]);
    $is_show = $_POST["is_show"];
    ob_start();
    require "temp/a.php";
    $str = ob_get_contents();
    ob_end_clean();
    $str = stripslashes($str);
    file_put_contents("../a/" . $filename . ".html", $str);
    if ($do_action == "modify") {
        $array = array('title' => $title, 'content' => $content, 'url' => $url, 'filename' => $filename, 'sortid' => $sortid, 'is_show' => $is_show);
        $db->update("ve123_about", $array, "about_id='{$about_id}'");
        jsalert("修改成功");
    } else {
        $array = array('title' => $title, 'content' => $content, 'url' => $url, 'filename' => $filename, 'sortid' => $sortid, 'is_show' => $is_show);
        $db->insert("ve123_about", $array);
        jsalert("提交成功");
    }
}