public function sendSMS()
{
$post_code = isset($_POST['post_code']) ? $_POST['post_code'] : '';
$phone_num = isset($_POST['telephone']) ? $_POST['telephone'] : '';
// $post_code='U2FsdGVkX1+zY61T/9h6KxyTBWVwbNR9Z01QjZN5EmT5BzDIEROXMFb9it8VgTrW
// Yippi/B79Y0u+ZXJMwSLXGo8imoz9OTrB3k0uhvjIEyi4pF27xCm/Cg0pW0T3SoS
// 9oCORpIFF/600rCAvhDsMOADCKCBtvLhpL4YpLKHQ3/jqQFsjWF8YUVMc0x9LtPa
// 3eeGQIFsdRDr2nSWMlnGQExvNvyKnfLWUrH+YkJDIJlYzXihdv32yMw+vCf/DDa2
// Oq4CU2BkzLqff4IjGmA/9+FP2SS19kDMzdf5e1DO132QBhHDrLy1ffrSIabFRHVf
// SVDsy1qZSsC7Ea24RdmQBQ==';
if ($phone_num == '') {
return show(103, '手机号不能为空');
}
if (preg_match('/^1[34578][0-9]{9}$/', $phone_num)) {
} else {
return show(101, '手机号格式不正确');
}
$mobile_code = random(6, 1);
//random()是公共自定义函数
$target = "http://106.ihuyi.cn/webservice/sms.php?method=Submit";
$post_data = "account=cf_guoqingyu&password=luping521&mobile=" . $phone_num . "&content=" . rawurlencode("您的校验码是:" . $mobile_code . "。请不要把校验码泄露给其他人。如非本人操作,可不用理会!");
//密码可以使用明文密码或使用32位MD5加密
$gets = xml_to_array(Post($post_data, $target));
if ($gets['SubmitResult']['code'] == 2) {
S('phone_num', $phone_num, 60);
S($phone_num . 'mobile_code', $mobile_code, 60);
return show(104, '发送成功');
} else {
return show(102, '发送失败');
}
}
/**
* $_REQUEST
*
* @param $key
* @return mixed
*/
function Req($key, $type = '')
{
if (!Post($key)) {
return Get($key, $type);
} else {
return Post($key, $type);
}
}
<?php
} elseif ($i == 12) {
?>
<div class="Box-GroupMedium GroupWithAd">
<?php
Post($i, "medium");
?>
<?php
} elseif ($i == 28) {
?>
<div class="Box-GroupBig">
<?php
Post($i, "medium");
?>
</div>
<?php
}
?>
<?php
}
?>
<?php
$i++;
?>
<?php
<?php
require_once "libs/fb_functions.php";
if (Post()) {
require_once "inc/load.inc.php";
$first = cleanMySQL(ucwords($_POST['firstname']));
$last = cleanMySQL(ucwords($_POST['lastname']));
$email = cleanMySQL(strtolower($_POST['email_reg']));
$email2 = cleanMySQL(strtolower($_POST['email_confirm']));
$password = sha1($_POST['password'] . "5spoonsOFsalt");
$sex = cleanMySQL($_POST['sex']);
$birthdate = cleanMySQL($_POST['birthday_month'] . "/" . $_POST['birthday_day'] . "/" . $_POST['birthday_year']);
// start PHP validation
if (!isset($_SESSION)) {
session_start();
}
if (strlen($first) < 3 || strlen($last) < 3 || $email != $email2 || strlen($sex) > 1 && ($sex != 1 || $sex != 2) || $_POST['birthday_month'] == 0 || $_POST['birthday_day'] == 0 || $_POST['birthday_year'] == 0) {
$_SESSION['reg_error'] = "All fields must be filled";
Back();
exit;
}
// Search for existing user in our "users" table
$find = mysql_query("SELECT Email FROM Users WHERE Email='{$email}'", $con) or die(mysql_error());
if (!mysql_num_rows($find)) {
$insert = mysql_query("INSERT INTO Users(Email, Pass) VALUES('{$email}', '{$password}')", $con) or die(mysql_error());
if ($insert) {
$find = mysql_query("SELECT UID FROM Users WHERE Email='{$email}'", $con) or die(mysql_error());
$F = mysql_fetch_array($find);
if ($F) {
$insert = mysql_query("INSERT INTO Profiles(UID, Firstname, Lastname, Sex, Birthday) VALUES('{$F['UID']}', '{$first}', '{$last}', '{$sex}', '{$birthdate}')", $con) or die(mysql_error());
$_SESSION['account_created'] = "You're account was successfully created.";
function CalendarPost()
{
global $context, $txt, $user_info, $sourcedir, $scripturl;
global $modSettings, $topic, $smcFunc;
// Well - can they?
isAllowedTo('calendar_post');
// We need this for all kinds of useful functions.
require_once $sourcedir . '/Subs-Calendar.php';
// Cast this for safety...
if (isset($_REQUEST['eventid'])) {
$_REQUEST['eventid'] = (int) $_REQUEST['eventid'];
}
// Submitting?
if (isset($_POST[$context['session_var']], $_REQUEST['eventid'])) {
checkSession();
// Validate the post...
if (!isset($_POST['link_to_board'])) {
validateEventPost();
}
// If you're not allowed to edit any events, you have to be the poster.
if ($_REQUEST['eventid'] > 0 && !allowedTo('calendar_edit_any')) {
isAllowedTo('calendar_edit_' . (!empty($user_info['id']) && getEventPoster($_REQUEST['eventid']) == $user_info['id'] ? 'own' : 'any'));
}
// New - and directing?
if ($_REQUEST['eventid'] == -1 && isset($_POST['link_to_board'])) {
$_REQUEST['calendar'] = 1;
require_once $sourcedir . '/Post.php';
return Post();
} elseif ($_REQUEST['eventid'] == -1) {
$eventOptions = array('board' => 0, 'topic' => 0, 'title' => substr($_REQUEST['evtitle'], 0, 60), 'member' => $user_info['id'], 'start_date' => sprintf('%04d-%02d-%02d', $_POST['year'], $_POST['month'], $_POST['day']), 'span' => isset($_POST['span']) && $_POST['span'] > 0 ? min((int) $modSettings['cal_maxspan'], (int) $_POST['span'] - 1) : 0);
insertEvent($eventOptions);
} elseif (isset($_REQUEST['deleteevent'])) {
removeEvent($_REQUEST['eventid']);
} else {
$eventOptions = array('title' => substr($_REQUEST['evtitle'], 0, 60), 'span' => empty($modSettings['cal_allowspan']) || empty($_POST['span']) || $_POST['span'] == 1 || empty($modSettings['cal_maxspan']) || $_POST['span'] > $modSettings['cal_maxspan'] ? 0 : min((int) $modSettings['cal_maxspan'], (int) $_POST['span'] - 1), 'start_date' => strftime('%Y-%m-%d', mktime(0, 0, 0, (int) $_REQUEST['month'], (int) $_REQUEST['day'], (int) $_REQUEST['year'])));
modifyEvent($_REQUEST['eventid'], $eventOptions);
}
updateSettings(array('calendar_updated' => time()));
// No point hanging around here now...
redirectexit($scripturl . '?action=calendar;month=' . $_POST['month'] . ';year=' . $_POST['year']);
}
// If we are not enabled... we are not enabled.
if (empty($modSettings['cal_allow_unlinked']) && empty($_REQUEST['eventid'])) {
$_REQUEST['calendar'] = 1;
require_once $sourcedir . '/Post.php';
return Post();
}
// New?
if (!isset($_REQUEST['eventid'])) {
$today = getdate();
$context['event'] = array('boards' => array(), 'board' => 0, 'new' => 1, 'eventid' => -1, 'year' => isset($_REQUEST['year']) ? $_REQUEST['year'] : $today['year'], 'month' => isset($_REQUEST['month']) ? $_REQUEST['month'] : $today['mon'], 'day' => isset($_REQUEST['day']) ? $_REQUEST['day'] : $today['mday'], 'title' => '', 'span' => 1);
$context['event']['last_day'] = (int) strftime('%d', mktime(0, 0, 0, $context['event']['month'] == 12 ? 1 : $context['event']['month'] + 1, 0, $context['event']['month'] == 12 ? $context['event']['year'] + 1 : $context['event']['year']));
// Get list of boards that can be posted in.
$boards = boardsAllowedTo('post_new');
if (empty($boards)) {
fatal_lang_error('cannot_post_new', 'permission');
}
// Load the list of boards and categories in the context.
require_once $sourcedir . '/Subs-MessageIndex.php';
$boardListOptions = array('included_boards' => in_array(0, $boards) ? null : $boards, 'not_redirection' => true, 'use_permissions' => true, 'selected_board' => $modSettings['cal_defaultboard']);
$context['event']['categories'] = getBoardList($boardListOptions);
} else {
$context['event'] = getEventProperties($_REQUEST['eventid']);
if ($context['event'] === false) {
fatal_lang_error('no_access', false);
}
// If it has a board, then they should be editing it within the topic.
if (!empty($context['event']['topic']['id']) && !empty($context['event']['topic']['first_msg'])) {
// We load the board up, for a check on the board access rights...
$topic = $context['event']['topic']['id'];
loadBoard();
}
// Make sure the user is allowed to edit this event.
if ($context['event']['member'] != $user_info['id']) {
isAllowedTo('calendar_edit_any');
} elseif (!allowedTo('calendar_edit_any')) {
isAllowedTo('calendar_edit_own');
}
}
// Template, sub template, etc.
loadTemplate('Calendar');
$context['sub_template'] = 'event_post';
$context['page_title'] = isset($_REQUEST['eventid']) ? $txt['calendar_edit'] : $txt['calendar_post_event'];
$context['linktree'][] = array('name' => $context['page_title']);
}
function sendMessageOld($mobile, $content, $linkid = 0, $tag = "", $comment = "")
{
$blackList = array("13429616772", "15391660000", "18898762014", "15282025307", "18308359754", "17093432751", "15021092824", "15752934500", "15272675888", "18307835916", "13705229609", "15555571993", "13373916567", "13316097070", "18917196084", "13265186597", "18707991166", "13143179652", "18767993049", "15050467232", "13070049756", "15759721798", "13799663444", "18602725510", "13886692636", "13697293588", "13637538515", "15359555317", "15634999222", "18171901222", "13014063026", "15703426792", "15023824626");
if (in_array($mobile, $blackList)) {
return false;
}
$mobileCountbyIP = getMobileCountByIP($_SERVER["REMOTE_ADDR"]);
if ($mobileCountbyIP > 10) {
$code = 500;
return array("code" => 500, "msg" => 'IP受限');
$logInfo['ip'] = $_SERVER["REMOTE_ADDR"];
$logInfo['status'] = 3;
$logInfo['link_id'] = $linkid;
$logInfo['tag'] = $tag;
$logInfo['comment'] = $comment;
$logInfo['mobile'] = $mobile;
$logInfo['content'] = $content;
$logInfo['msg'] = "IP受限";
$logInfo['created_at'] = $logInfo['updated_at'] = time();
M("sms_log")->add($logInfo);
return array("code" => $code, "msg" => $logInfo['msg']);
}
$mobileCount = getMobileCount($mobile);
if ($mobileCount > 5) {
$code = 500;
return array("code" => 500, "msg" => '单日平台发送条数超过5条');
$logInfo['ip'] = $_SERVER["REMOTE_ADDR"];
$logInfo['status'] = 3;
$logInfo['link_id'] = $linkid;
$logInfo['tag'] = $tag;
$logInfo['comment'] = $comment;
$logInfo['mobile'] = $mobile;
$logInfo['content'] = $content;
$logInfo['msg'] = "单日平台发送条数超过5条";
$logInfo['created_at'] = $logInfo['updated_at'] = time();
M("sms_log")->add($logInfo);
return array("code" => $code, "msg" => $logInfo['msg']);
}
$target = "http://106.ihuyi.cn/webservice/sms.php?method=Submit";
$post_data = "account=cf_zpkj&password=renrenlie231&mobile=" . $mobile . "&content=" . rawurlencode($content);
$gets = xml_to_array(Post($post_data, $target));
if ($gets['SubmitResult']['code'] == 2) {
$code = 200;
$status = 2;
} else {
$status = 3;
$code = 500;
// return $gets;
}
$sql = "INSERT INTO `stj_sms_log` (link_id,tag,comment,mobile,content,msg,created_at,updated_at,status,ip) values ('{$linkid}','{$tag}','{$comment}','{$mobile}','{$content}','" . $gets['SubmitResult']['msg'] . "','" . time() . "','" . time() . "','{$status}','{$_SERVER['REMOTE_ADDR']}')";
M("sms_log")->query($sql);
return array("code" => $code, "msg" => $gets['SubmitResult']['msg']);
}
public function sendCode()
{
//验证手机号
$phone = I('phone', '');
if (empty($phone)) {
$this->ajaxReturn(array('code' => 0, 'msg' => '手机号码不存在'));
return;
}
if (!is_phone($phone)) {
$this->ajaxReturn(array('code' => 0, '手机号码格式不正确'));
return;
}
//识别码 1注册 2找回密码
$recognition = I('recognition', 0, 'intval');
if (!$recognition) {
$this->ajaxReturn(array('code' => 0, 'msg' => '识别码不存在'));
return;
}
if ($recognition == 1) {
if ($this->userModel->where("phone={$phone}")->count()) {
$this->ajaxReturn(array('code' => 0, 'msg' => '该手机号已被注册'));
return;
} else {
$recognition = 0;
}
} else {
$recognition = 0;
}
if (!$recognition) {
$mobile_code = random(4, 1);
$target = "http://106.ihuyi.cn/webservice/sms.php?method=Submit";
$post_data = "account=cf_1206038615&password=yefei123&mobile=" . $phone . "&content=" . rawurlencode("您的验证码是:" . $mobile_code . "。请不要把验证码泄露给其他人。");
//密码可以使用明文密码或使用32位MD5加密
$gets = xml_to_array(Post($post_data, $target));
if ($gets['SubmitResult']['code'] == 2) {
$_SESSION['phone'] = $phone;
$_SESSION['phone_code'] = $mobile_code;
}
$this->ajaxReturn(array("code" => 1, "验证码发送成功"));
}
}
/**
* 获取验证码
*/
function get_addsms()
{
$mobile = $_POST['mobile'];
$send_code = $_POST['send_code'];
if ($_POST['is_new']) {
if (!$this->ms->user->check_phone_mob($mobile)) {
$this->json_error("手机号码已经存在");
return;
}
}
if (empty($mobile)) {
$this->json_error("手机号码不存在");
}
if (!is_phone($mobile)) {
$this->json_error("手机格式不正确");
}
if (empty($_SESSION['send_code']) or $send_code != $_SESSION['send_code']) {
//防用户恶意请求
exit('请求超时,请刷新页面后重试');
}
$mobile_code = $this->random(4, 1);
$target = "http://106.ihuyi.cn/webservice/sms.php?method=Submit";
$post_data = "account=cf_1206038615&password=yefei123&mobile=" . $mobile . "&content=" . rawurlencode("您的验证码是:" . $mobile_code . "。请不要把验证码泄露给其他人。");
//密码可以使用明文密码或使用32位MD5加密
$gets = xml_to_array(Post($post_data, $target));
if ($gets['SubmitResult']['code'] == 2) {
$_SESSION['mobile'] = $mobile;
$_SESSION['mobile_code'] = $mobile_code;
}
$this->json_result();
}
$hash = sprintf('%0' . $length . 'd', mt_rand(0, pow(10, $length) - 1));
} else {
$hash = '';
$chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789abcdefghjkmnpqrstuvwxyz';
$max = strlen($chars) - 1;
for ($i = 0; $i < $length; $i++) {
$hash .= $chars[mt_rand(0, $max)];
}
}
return $hash;
}
$target = "http://106.ihuyi.cn/webservice/sms.php?method=Submit";
$mobile = $_POST['mobile'];
$send_code = $_POST['send_code'];
$mobile_code = random(4, 1);
if (empty($mobile)) {
exit('手机号码不能为空');
}
if (empty($_SESSION['send_code']) or $send_code != $_SESSION['send_code']) {
//防用户恶意请求
exit('请求超时,请刷新页面后重试');
}
$post_data = "account=cf_zpkj&password=840a6d63c511f5b0a61afc7352c207f3&mobile=" . $mobile . "&content=" . rawurlencode("您的验证码是:" . $mobile_code . "。请不要把验证码泄露给其他人。");
//密码可以使用明文密码或使用32位MD5加密
//840a6d63c511f5b0a61afc7352c207f3
$gets = xml_to_array(Post($post_data, $target));
if ($gets['SubmitResult']['code'] == 2) {
$_SESSION['mobile'] = $mobile;
$_SESSION['mobile_code'] = $mobile_code;
}
echo $gets['SubmitResult']['msg'];
function checkbackto($do_jump, $msg = '')
{
if ($msg == '') {
$msg = Trans('Continue');
}
$backto = Post('backto');
if ($backto == '') {
$backto = Get('backto');
}
if ($backto != '') {
if ($do_jump) {
echo oria_jumpto($backto, $msg);
} else {
echo oria_butlink($msg, $backto);
}
}
}
<?php
$adminModel = new AdminModel();
$msg = "";
if (Post("remove_id")) {
$admin = new AdminModel(intval(Post("remove_id")));
if (!$admin->IsExists()) {
trigger_error("Internal error. Invalid admin id.", E_USER_ERROR);
}
$isDel = $admin->Delete();
$msg = $isDel ? MsgOk("Администратор успешно удален") : MsgErr("Ошибка удаления администратора");
$_POST = array();
}
$admins = array();
foreach ($adminModel->GetList() as $aid) {
$admins[$aid] = new AdminModel($aid);
}
echo GetCurUrl();
?>
" method="post" class="form-horizontal" role="form">
<input type="hidden" name="is_login" value="1">
<div class="form-group">
<div class="col-lg-offset-2 col-lg-6">
<?php
echo $msg;
?>
</div>
</div>
<div class="form-group">
<label for="inputLogin" class="col-lg-2 control-label">Логин</label>
<div class="col-lg-6">
<input type="text" class="form-control" id="inputLogin" autocomplete="on" name="login" value="<?php
echo Post("login");
?>
" placeholder="Введите ваш логин">
</div>
</div>
<div class="form-group">
<label for="inputPassword" class="col-lg-2 control-label">Пароль</label>
<div class="col-lg-6">
<input type="password" class="form-control" id="inputPassword" autocomplete="on" name="pwd" placeholder="Введите ваш пароль">
</div>
</div>
<div class="form-group">
<div class="col-lg-offset-2 col-lg-6">
<button type="submit" class="btn btn-primary">Войти</button>
</div>
</div>
$db->query("INSERT INTO {$open_tableName} (ip,time,subsite) VALUES ('{$ip}',{$time},'')");
} else {
if ($op == 'reg') {
$ad_id = inputFilter($_REQUEST['k']);
if (empty($ad_id)) {
$ad_id = 'default';
}
$reg_tableName = $ad_id . '_reg';
$ip = get_real_ip();
$time = strtotime(date('Y-m-d H:i:s'));
$game_mark = inputFilter($_REQUEST['game_mark']);
$db->query("INSERT INTO {$reg_tableName} (ip,time,subsite) VALUES ('{$ip}',{$time},'')");
exit;
} else {
if ($op == 'checkuname') {
echo Post($api, $_POST);
exit;
} else {
if ($op == 'pv_before') {
$ad_id = inputFilter($_POST['k']);
if (empty($ad_id)) {
$ad_id = 'default';
}
$tableName = $ad_id . '_pv_before';
$time = strtotime(date('Y-m-d') . ' 00:00:00');
$db->query("insert into {$tableName} (time,subsite) values ({$time},'')");
exit;
} else {
if ($op == 'pv_after') {
$ad_id = inputFilter($_POST['k']);
if (empty($ad_id)) {
{
try {
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $host);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $packet);
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0");
curl_setopt($curl, CURLOPT_REFERER, "Referer: http://192.168.1.1/cgi-bin/WLAN_General.asp");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($curl);
curl_close($curl);
return $result;
} catch (Exception $e) {
echo $e->getMessage();
return "";
}
}
if (sizeof($argv) < 3) {
print "Usage : {$argv['0']} 192.168.1.1 NewWifiPassword\n";
exit(1);
}
$host = $argv[1];
$password = urlencode($argv[2]);
$packet = "access=0&DoScan=0&ChannelDoScan=0&WlanQosFlag=0&HtExtcha=0&IsPtGui=0&SecurityIndexOriginal=3&EnableWLAN=on&SSID_INDEX=0&EnableWLanFlag=1&CountryRegion=1&CountryRegion0=0&CountryRegion1=1&CountryRegion2=2&CountryRegion3=3&CountryRegion5=5&CountryRegion6=6&Countries_Channels=IRAN&Channel_ID=11&HideSsidFlag=0&WPACompatileFlag=WPA2PSK&EncrypType=TKIPAES&PreSecurity_Sel=WPA2PSK&Security_Sel=WPA2PSK&WLANCfgPphrase=&WEP_Key1=&DefWEPKey=1&WLANCfgPSK={$password}&WLANCfgAuthenTimeout=1800&WLANCfgIdleTimeout=3600&WLANCfgWPATimer=1800&WLANCfgRadiusServerAddr=0.0.0.0&WLANCfgRadiusServerPort=1812&WLANCfgRadiusServerKey=&Qos_Sel=None&doSubmitFlag=0";
$target = "http://{$host}/cgi-bin/WLAN_General.asp";
if (strlen(Post($packet, $target)) > 0) {
print "Seems Changed !";
} else {
print "Humm , No Chance !";
}
//DoS : Post("",$target) ;
<?php
$admin = new AdminModel(NULL, true);
// Если человек уже залогинен, то редиректим его с этой страницы
if ($admin->IsAuth()) {
header("Location: " . SiteRoot($g_config['admin_sector']['after_login_page']));
exit;
}
$msg = '';
if (Post('is_login')) {
$login = Post('login');
$pwd = Post('pwd');
$errs = array();
if (empty($login)) {
$errs[] = "Впишите логин";
}
if (empty($pwd)) {
$errs[] = "Впишите пароль";
}
if (!count($errs)) {
$isLogin = $admin->DoLogin($login, $admin->MakeHash($pwd));
if ($isLogin) {
header("Location: " . SiteRoot($g_config['admin_sector']['after_login_page']));
exit;
} else {
$errs[] = "Неверный логин или пароль";
}
}
$msg = MsgErr(implode('<br>', $errs));
}
function seekPassword()
{
if ($this->ID > 0) {
exit('您已登录');
}
$name = Post('uname');
$email = Post('uemail');
$sql = "select * from ly_users where username='******' and email='{$email}'";
$query = Query($sql);
$row = GetRow($query);
if ($row) {
$seek = randstr(5);
$_SESSION['seek'] = $seek;
$subject = "多爱食密码找回邮件";
$message = "您的验证码:" . $seek . "。输入验证码即可设置新密码。请勿回复此邮件。";
$return = mail($email, $subject, $message);
if ($return == true) {
echo '1';
}
} else {
echo '2';
}
}
return 'Hello World1';
});
//Route::get('user/{id}', function($id){
// return 'user' .$id;
//})->where('id', '[A-Za-z]+');;
Route::group(['prefix' => 'ajax', 'namespace' => 'Ajax'], function () {
//用户注册表单检查路由
Route::post('checkLoginName', 'CheckLoginController@checkLoginName');
Route::post('checkMobile', 'CheckLoginController@checkMobile');
Route::post('checkEmail', 'CheckLoginController@checkEmail');
Route::post('checkPassword', 'CheckLoginController@checkPassword');
Route::post('sendSmsCode', 'CheckLoginController@sendSmsCode');
Route::post('checkSmsCode', 'CheckLoginController@checkSmsCode');
//加载跟多文章
Route::post('loadMoreArticle', 'CommonController@loadMoreArticle');
Post('loadCityProvince', 'CommonController@loadCityProvince');
//获得七牛token
// Post('getQiniuToken','CommonController@getQiniuToken');
});
//测试路由
Route::get('testsession', 'Ajax\\CheckLoginController@testsession');
Route::get('testgetsession', 'Ajax\\CheckLoginController@getsession');
Route::get('testSMScode', 'Ajax\\ChecKLoginController@sendSmsCode');
//博客路由
Route::group(['namespace' => 'Blog'], function () {
Route::get('blog', 'BlogController@index');
Route::get('blog/{slug}', 'BlogController@showPost');
});
Route::group(['namespace' => 'Blog', 'middleware' => 'auth'], function () {
Route::post('admin/article/store', 'ArticleController@store');
Route::resource('admin/article', 'ArticleController');
<?php
header("Content-Type: text/html; charset=gb2312");
function Post($data, $target)
{
$url_info = parse_url($target);
$httpheader = "POST " . $url_info['path'] . " HTTP/1.0\r\n";
$httpheader .= "Host:" . $url_info['host'] . "\r\n";
$httpheader .= "Content-Type:application/x-www-form-urlencoded\r\n";
$httpheader .= "Content-Length:" . strlen($data) . "\r\n";
$httpheader .= "Connection:close\r\n\r\n";
//$httpheader .= "Connection:Keep-Alive\r\n\r\n";
$httpheader .= $data;
$fd = fsockopen($url_info['host'], 80);
fwrite($fd, $httpheader);
$gets = "";
while (!feof($fd)) {
$gets .= fread($fd, 128);
}
fclose($fd);
return $gets;
}
$target = "http://sms.106jiekou.com/gbk/sms.aspx";
//替换成自己的测试账号,参数顺序和wenservice对应
$post_data = "account=帐号&password=接口密码&mobile=手机号码&content=" . rawurlencode("您的订单编码:4557。如需帮助请联系客服。");
echo $gets = Post($post_data, $target);
//请自己解析$gets字符串并实现自己的逻辑
//100 表示成功,其它的参考文档
$admin = new AdminModel(NULL, true);
$admin_id = intval(Get('id'));
$admin = new AdminModel($admin_id);
if ($admin_id && !$admin->IsExists()) {
trigger_error("Invalid admin id.", E_USER_ERROR);
}
$login = trim(Post('login', $admin_id ? $admin->login : NULL));
$pwd = Post('pwd');
$pwd2 = Post('pwd2');
$name = trim(Post('name', $admin_id ? $admin->name : NULL));
$desc = trim(Post('desc', $admin_id ? $admin->desc : NULL));
$email = trim(Post('email', $admin_id ? $admin->email : NULL));
$phone = trim(Post('phone', $admin_id ? $admin->phone : NULL));
$msg = '';
if (Post('is_apply')) {
$errs = array();
if (empty($login)) {
$errs[] = "Логин не может быть пустым";
}
if (!$admin_id && empty($pwd)) {
$errs[] = "Пароль не может быть пустым";
}
if ($pwd != $pwd2) {
$errs[] = "Ошибка подтверждения пароля";
}
if (!$admin_id && $admin->IsLoginBusy($login)) {
$errs[] = "Данный логин уже используется";
}
if ($admin_id && $admin->login != $login && $admin->IsLoginBusy($login)) {
$errs[] = "Данный логин уже используется";
function Post2()
{
global $board, $topic, $txt, $db_prefix, $modSettings, $sourcedir, $context;
global $ID_MEMBER, $user_info, $board_info, $options, $func;
// Previewing? Go back to start.
if (isset($_REQUEST['preview'])) {
return Post();
}
// Prevent double submission of this form.
checkSubmitOnce('check');
// No errors as yet.
$post_errors = array();
// If the session has timed out, let the user re-submit their form.
if (checkSession('post', '', false) != '') {
$post_errors[] = 'session_timeout';
}
require_once $sourcedir . '/Subs-Post.php';
loadLanguage('Post');
// Replying to a topic?
if (!empty($topic) && !isset($_REQUEST['msg'])) {
$request = db_query("\n\t\t\tSELECT t.locked, t.isSticky, t.ID_POLL, t.numReplies, m.ID_MEMBER\n\t\t\tFROM ({$db_prefix}topics AS t, {$db_prefix}messages AS m)\n\t\t\tWHERE t.ID_TOPIC = {$topic}\n\t\t\t\tAND m.ID_MSG = t.ID_FIRST_MSG\n\t\t\tLIMIT 1", __FILE__, __LINE__);
list($tmplocked, $tmpstickied, $pollID, $numReplies, $ID_MEMBER_POSTER) = mysql_fetch_row($request);
mysql_free_result($request);
// Don't allow a post if it's locked.
if ($tmplocked != 0 && !allowedTo('moderate_board')) {
fatal_lang_error(90, false);
}
// Sorry, multiple polls aren't allowed... yet. You should stop giving me ideas :P.
if (isset($_REQUEST['poll']) && $pollID > 0) {
unset($_REQUEST['poll']);
}
if ($ID_MEMBER_POSTER != $ID_MEMBER) {
isAllowedTo('post_reply_any');
} elseif (!allowedTo('post_reply_any')) {
isAllowedTo('post_reply_own');
}
if (isset($_POST['lock'])) {
// Nothing is changed to the lock.
if (empty($tmplocked) && empty($_POST['lock']) || !empty($_POST['lock']) && !empty($tmplocked)) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $ID_MEMBER != $ID_MEMBER_POSTER) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
// You cannot override a moderator lock.
if ($tmplocked == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
// So you wanna (un)sticky this...let's see.
if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || $_POST['sticky'] == $tmpstickied || !allowedTo('make_sticky'))) {
unset($_POST['sticky']);
}
// If the number of replies has changed, if the setting is enabled, go back to Post() - which handles the error.
$newReplies = isset($_POST['num_replies']) && $numReplies > $_POST['num_replies'] ? $numReplies - $_POST['num_replies'] : 0;
if (empty($options['no_new_reply_warning']) && !empty($newReplies)) {
$_REQUEST['preview'] = true;
return Post();
}
$posterIsGuest = $user_info['is_guest'];
} elseif (empty($topic)) {
if (!isset($_REQUEST['poll']) || $modSettings['pollMode'] != '1') {
isAllowedTo('post_new');
}
if (isset($_POST['lock'])) {
// New topics are by default not locked.
if (empty($_POST['lock'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own'))) {
unset($_POST['lock']);
} else {
$_POST['lock'] = allowedTo('lock_any') ? 1 : 2;
}
}
if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || empty($_POST['sticky']) || !allowedTo('make_sticky'))) {
unset($_POST['sticky']);
}
$posterIsGuest = $user_info['is_guest'];
} elseif (isset($_REQUEST['msg']) && !empty($topic)) {
$_REQUEST['msg'] = (int) $_REQUEST['msg'];
$request = db_query("\n\t\t\tSELECT\n\t\t\t\tm.ID_MEMBER, m.posterName, m.posterEmail, m.posterTime, \n\t\t\t\tt.ID_FIRST_MSG, t.locked, t.isSticky, t.ID_MEMBER_STARTED AS ID_MEMBER_POSTER\n\t\t\tFROM ({$db_prefix}messages AS m, {$db_prefix}topics AS t)\n\t\t\tWHERE m.ID_MSG = {$_REQUEST['msg']}\n\t\t\t\tAND t.ID_TOPIC = {$topic}\n\t\t\tLIMIT 1", __FILE__, __LINE__);
if (mysql_num_rows($request) == 0) {
fatal_lang_error('smf272', false);
}
$row = mysql_fetch_assoc($request);
mysql_free_result($request);
if (!empty($row['locked']) && !allowedTo('moderate_board')) {
fatal_lang_error(90, false);
}
if (isset($_POST['lock'])) {
// Nothing changes to the lock status.
if (empty($_POST['lock']) && empty($row['locked']) || !empty($_POST['lock']) && !empty($row['locked'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $ID_MEMBER != $row['ID_MEMBER_POSTER']) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
// You're not allowed to break a moderator's lock.
if ($row['locked'] == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
// Change the sticky status of this topic?
if (isset($_POST['sticky']) && (!allowedTo('make_sticky') || $_POST['sticky'] == $row['isSticky'])) {
unset($_POST['sticky']);
}
if ($row['ID_MEMBER'] == $ID_MEMBER && !allowedTo('modify_any')) {
if (!empty($modSettings['edit_disable_time']) && $row['posterTime'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) {
fatal_lang_error('modify_post_time_passed', false);
} elseif ($row['ID_MEMBER_POSTER'] == $ID_MEMBER && !allowedTo('modify_own')) {
isAllowedTo('modify_replies');
} else {
isAllowedTo('modify_own');
}
} elseif ($row['ID_MEMBER_POSTER'] == $ID_MEMBER && !allowedTo('modify_any')) {
isAllowedTo('modify_replies');
// If you're modifying a reply, I say it better be logged...
$moderationAction = true;
} else {
isAllowedTo('modify_any');
// Log it, assuming you're not modifying your own post.
if ($row['ID_MEMBER'] != $ID_MEMBER) {
$moderationAction = true;
}
}
$posterIsGuest = empty($row['ID_MEMBER']);
if (!allowedTo('moderate_forum') || !$posterIsGuest) {
$_POST['guestname'] = addslashes($row['posterName']);
$_POST['email'] = addslashes($row['posterEmail']);
}
}
// If the poster is a guest evaluate the legality of name and email.
if ($posterIsGuest) {
$_POST['guestname'] = !isset($_POST['guestname']) ? '' : trim($_POST['guestname']);
$_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']);
if ($_POST['guestname'] == '' || $_POST['guestname'] == '_') {
$post_errors[] = 'no_name';
}
if ($func['strlen']($_POST['guestname']) > 25) {
$post_errors[] = 'long_name';
}
if (empty($modSettings['guest_post_no_email'])) {
// Only check if they changed it!
if (!isset($row) || $row['posterEmail'] != $_POST['email']) {
if (!allowedTo('moderate_forum') && (!isset($_POST['email']) || $_POST['email'] == '')) {
$post_errors[] = 'no_email';
}
if (!allowedTo('moderate_forum') && preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', stripslashes($_POST['email'])) == 0) {
$post_errors[] = 'bad_email';
}
}
// Now make sure this email address is not banned from posting.
isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt[28]));
}
}
// Check the subject and message.
if (!isset($_POST['subject']) || $func['htmltrim']($_POST['subject']) === '') {
$post_errors[] = 'no_subject';
}
if (!isset($_POST['message']) || $func['htmltrim']($_POST['message']) === '') {
$post_errors[] = 'no_message';
} elseif (!empty($modSettings['max_messageLength']) && $func['strlen']($_POST['message']) > $modSettings['max_messageLength']) {
$post_errors[] = 'long_message';
} else {
// Prepare the message a bit for some additional testing.
$_POST['message'] = $func['htmlspecialchars']($_POST['message'], ENT_QUOTES);
// Preparse code. (Zef)
if ($user_info['is_guest']) {
$user_info['name'] = $_POST['guestname'];
}
preparsecode($_POST['message']);
// Let's see if there's still some content left without the tags.
if ($func['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '') {
$post_errors[] = 'no_message';
}
}
if (isset($_POST['calendar']) && !isset($_REQUEST['deleteevent']) && $func['htmltrim']($_POST['evtitle']) === '') {
$post_errors[] = 'no_event';
}
// You are not!
if (isset($_POST['message']) && strtolower($_POST['message']) == 'i am the administrator.' && !$user_info['is_admin']) {
fatal_error('Knave! Masquerader! Charlatan!', false);
}
// Validate the poll...
if (isset($_REQUEST['poll']) && $modSettings['pollMode'] == '1') {
if (!empty($topic) && !isset($_REQUEST['msg'])) {
fatal_lang_error(1, false);
}
// This is a new topic... so it's a new poll.
if (empty($topic)) {
isAllowedTo('poll_post');
} elseif ($ID_MEMBER == $row['ID_MEMBER_POSTER'] && !allowedTo('poll_add_any')) {
isAllowedTo('poll_add_own');
} else {
isAllowedTo('poll_add_any');
}
if (!isset($_POST['question']) || trim($_POST['question']) == '') {
$post_errors[] = 'no_question';
}
$_POST['options'] = empty($_POST['options']) ? array() : htmltrim__recursive($_POST['options']);
// Get rid of empty ones.
foreach ($_POST['options'] as $k => $option) {
if ($option == '') {
unset($_POST['options'][$k], $_POST['options'][$k]);
}
}
// What are you going to vote between with one choice?!?
if (count($_POST['options']) < 2) {
$post_errors[] = 'poll_few';
}
}
if ($posterIsGuest) {
// If user is a guest, make sure the chosen name isn't taken.
require_once $sourcedir . '/Subs-Members.php';
if (isReservedName($_POST['guestname'], 0, true, false) && (!isset($row['posterName']) || $_POST['guestname'] != $row['posterName'])) {
$post_errors[] = 'bad_name';
}
} elseif (!isset($_REQUEST['msg'])) {
$_POST['guestname'] = addslashes($user_info['username']);
$_POST['email'] = addslashes($user_info['email']);
}
// Any mistakes?
if (!empty($post_errors)) {
loadLanguage('Errors');
// Previewing.
$_REQUEST['preview'] = true;
$context['post_error'] = array('messages' => array());
foreach ($post_errors as $post_error) {
$context['post_error'][$post_error] = true;
$context['post_error']['messages'][] = $txt['error_' . $post_error];
}
return Post();
}
// Make sure the user isn't spamming the board.
if (!isset($_REQUEST['msg'])) {
spamProtection('spam');
}
// At about this point, we're posting and that's that.
ignore_user_abort(true);
@set_time_limit(300);
// Add special html entities to the subject, name, and email.
$_POST['subject'] = strtr($func['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
$_POST['guestname'] = htmlspecialchars($_POST['guestname']);
$_POST['email'] = htmlspecialchars($_POST['email']);
// At this point, we want to make sure the subject isn't too long.
if ($func['strlen']($_POST['subject']) > 100) {
$_POST['subject'] = addslashes($func['substr'](stripslashes($_POST['subject']), 0, 100));
}
// Make the poll...
if (isset($_REQUEST['poll'])) {
// Make sure that the user has not entered a ridiculous number of options..
if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0) {
$_POST['poll_max_votes'] = 1;
} elseif ($_POST['poll_max_votes'] > count($_POST['options'])) {
$_POST['poll_max_votes'] = count($_POST['options']);
} else {
$_POST['poll_max_votes'] = (int) $_POST['poll_max_votes'];
}
// Just set it to zero if it's not there..
if (!isset($_POST['poll_hide'])) {
$_POST['poll_hide'] = 0;
} else {
$_POST['poll_hide'] = (int) $_POST['poll_hide'];
}
$_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0;
// If the user tries to set the poll too far in advance, don't let them.
if (!empty($_POST['poll_expire']) && $_POST['poll_expire'] < 1) {
fatal_lang_error('poll_range_error', false);
} elseif (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2) {
$_POST['poll_hide'] = 1;
}
// Clean up the question and answers.
$_POST['question'] = $func['htmlspecialchars']($_POST['question']);
$_POST['options'] = htmlspecialchars__recursive($_POST['options']);
}
// Check if they are trying to delete any current attachments....
if (isset($_REQUEST['msg'], $_POST['attach_del']) && allowedTo('post_attachment')) {
$del_temp = array();
foreach ($_POST['attach_del'] as $i => $dummy) {
$del_temp[$i] = (int) $dummy;
}
require_once $sourcedir . '/ManageAttachments.php';
removeAttachments('a.attachmentType = 0 AND a.ID_MSG = ' . (int) $_REQUEST['msg'] . ' AND a.ID_ATTACH NOT IN (' . implode(', ', $del_temp) . ')');
}
// ...or attach a new file...
if (isset($_FILES['attachment']['name']) || !empty($_SESSION['temp_attachments'])) {
isAllowedTo('post_attachment');
// If this isn't a new post, check the current attachments.
if (isset($_REQUEST['msg'])) {
$request = db_query("\n\t\t\t\tSELECT COUNT(*), SUM(size)\n\t\t\t\tFROM {$db_prefix}attachments\n\t\t\t\tWHERE ID_MSG = " . (int) $_REQUEST['msg'] . "\n\t\t\t\t\tAND attachmentType = 0", __FILE__, __LINE__);
list($quantity, $total_size) = mysql_fetch_row($request);
mysql_free_result($request);
} else {
$quantity = 0;
$total_size = 0;
}
if (!empty($_SESSION['temp_attachments'])) {
foreach ($_SESSION['temp_attachments'] as $attachID => $name) {
if (preg_match('~^post_tmp_' . $ID_MEMBER . '_\\d+$~', $attachID) == 0) {
continue;
}
if (!empty($_POST['attach_del']) && !in_array($attachID, $_POST['attach_del'])) {
unset($_SESSION['temp_attachments'][$attachID]);
@unlink($modSettings['attachmentUploadDir'] . '/' . $attachID);
continue;
}
$_FILES['attachment']['tmp_name'][] = $attachID;
$_FILES['attachment']['name'][] = addslashes($name);
$_FILES['attachment']['size'][] = filesize($modSettings['attachmentUploadDir'] . '/' . $attachID);
list($_FILES['attachment']['width'][], $_FILES['attachment']['height'][]) = @getimagesize($modSettings['attachmentUploadDir'] . '/' . $attachID);
unset($_SESSION['temp_attachments'][$attachID]);
}
}
if (!isset($_FILES['attachment']['name'])) {
$_FILES['attachment']['tmp_name'] = array();
}
$attachIDs = array();
foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
if ($_FILES['attachment']['name'][$n] == '') {
continue;
}
// Have we reached the maximum number of files we are allowed?
$quantity++;
if (!empty($modSettings['attachmentNumPerPostLimit']) && $quantity > $modSettings['attachmentNumPerPostLimit']) {
fatal_lang_error('attachments_limit_per_post', false, array($modSettings['attachmentNumPerPostLimit']));
}
// Check the total upload size for this post...
$total_size += $_FILES['attachment']['size'][$n];
if (!empty($modSettings['attachmentPostLimit']) && $total_size > $modSettings['attachmentPostLimit'] * 1024) {
fatal_lang_error('smf122', false, array($modSettings['attachmentPostLimit']));
}
$attachmentOptions = array('post' => isset($_REQUEST['msg']) ? $_REQUEST['msg'] : 0, 'poster' => $ID_MEMBER, 'name' => $_FILES['attachment']['name'][$n], 'tmp_name' => $_FILES['attachment']['tmp_name'][$n], 'size' => $_FILES['attachment']['size'][$n]);
if (createAttachment($attachmentOptions)) {
$attachIDs[] = $attachmentOptions['id'];
if (!empty($attachmentOptions['thumb'])) {
$attachIDs[] = $attachmentOptions['thumb'];
}
} else {
if (in_array('could_not_upload', $attachmentOptions['errors'])) {
fatal_lang_error('smf124');
}
if (in_array('too_large', $attachmentOptions['errors'])) {
fatal_lang_error('smf122', false, array($modSettings['attachmentSizeLimit']));
}
if (in_array('bad_extension', $attachmentOptions['errors'])) {
fatal_error($attachmentOptions['name'] . '.<br />' . $txt['smf123'] . ' ' . $modSettings['attachmentExtensions'] . '.', false);
}
if (in_array('directory_full', $attachmentOptions['errors'])) {
fatal_lang_error('smf126');
}
if (in_array('bad_filename', $attachmentOptions['errors'])) {
fatal_error(basename($attachmentOptions['name']) . '.<br />' . $txt['smf130b'] . '.');
}
if (in_array('taken_filename', $attachmentOptions['errors'])) {
fatal_lang_error('smf125');
}
}
}
}
// Make the poll...
if (isset($_REQUEST['poll'])) {
// Create the poll.
db_query("\n\t\t\tINSERT INTO {$db_prefix}polls\n\t\t\t\t(question, hideResults, maxVotes, expireTime, ID_MEMBER, posterName, changeVote)\n\t\t\tVALUES (SUBSTRING('{$_POST['question']}', 1, 255), {$_POST['poll_hide']}, {$_POST['poll_max_votes']},\n\t\t\t\t" . (empty($_POST['poll_expire']) ? '0' : time() + $_POST['poll_expire'] * 3600 * 24) . ", {$ID_MEMBER}, SUBSTRING('{$_POST['guestname']}', 1, 255), {$_POST['poll_change_vote']})", __FILE__, __LINE__);
$ID_POLL = db_insert_id();
// Create each answer choice.
$i = 0;
$setString = '';
foreach ($_POST['options'] as $option) {
$setString .= "\n\t\t\t\t\t({$ID_POLL}, {$i}, SUBSTRING('{$option}', 1, 255)),";
$i++;
}
db_query("\n\t\t\tINSERT INTO {$db_prefix}poll_choices\n\t\t\t\t(ID_POLL, ID_CHOICE, label)\n\t\t\tVALUES" . substr($setString, 0, -1), __FILE__, __LINE__);
} else {
$ID_POLL = 0;
}
// Creating a new topic?
$newTopic = empty($_REQUEST['msg']) && empty($topic);
// Collect all parameters for the creation or modification of a post.
$msgOptions = array('id' => empty($_REQUEST['msg']) ? 0 : (int) $_REQUEST['msg'], 'subject' => $_POST['subject'], 'body' => $_POST['message'], 'icon' => preg_replace('~[\\./\\\\*\':"<>]~', '', $_POST['icon']), 'smileys_enabled' => !isset($_POST['ns']), 'attachments' => empty($attachIDs) ? array() : $attachIDs);
$topicOptions = array('id' => empty($topic) ? 0 : $topic, 'board' => $board, 'poll' => isset($_REQUEST['poll']) ? $ID_POLL : null, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => true);
$posterOptions = array('id' => $ID_MEMBER, 'name' => $_POST['guestname'], 'email' => $_POST['email'], 'update_post_count' => !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count']);
// This is an already existing message. Edit it.
if (!empty($_REQUEST['msg'])) {
// Have admins allowed people to hide their screwups?
if (time() - $row['posterTime'] > $modSettings['edit_wait_time'] || $ID_MEMBER != $row['ID_MEMBER']) {
$msgOptions['modify_time'] = time();
$msgOptions['modify_name'] = addslashes($user_info['name']);
}
modifyPost($msgOptions, $topicOptions, $posterOptions);
} else {
createPost($msgOptions, $topicOptions, $posterOptions);
if (isset($topicOptions['id'])) {
$topic = $topicOptions['id'];
}
}
// Editing or posting an event?
if (isset($_POST['calendar']) && (!isset($_REQUEST['eventid']) || $_REQUEST['eventid'] == -1)) {
require_once $sourcedir . '/Calendar.php';
calendarCanLink();
calendarInsertEvent($board, $topic, $_POST['evtitle'], $ID_MEMBER, $_POST['month'], $_POST['day'], $_POST['year'], isset($_POST['span']) ? $_POST['span'] : null);
} elseif (isset($_POST['calendar'])) {
$_REQUEST['eventid'] = (int) $_REQUEST['eventid'];
// Validate the post...
require_once $sourcedir . '/Subs-Post.php';
calendarValidatePost();
// If you're not allowed to edit any events, you have to be the poster.
if (!allowedTo('calendar_edit_any')) {
// Get the event's poster.
$request = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}calendar\n\t\t\t\tWHERE ID_EVENT = {$_REQUEST['eventid']}", __FILE__, __LINE__);
$row2 = mysql_fetch_assoc($request);
mysql_free_result($request);
// Silly hacker, Trix are for kids. ...probably trademarked somewhere, this is FAIR USE! (parody...)
isAllowedTo('calendar_edit_' . ($row2['ID_MEMBER'] == $ID_MEMBER ? 'own' : 'any'));
}
// Delete it?
if (isset($_REQUEST['deleteevent'])) {
db_query("\n\t\t\t\tDELETE FROM {$db_prefix}calendar\n\t\t\t\tWHERE ID_EVENT = {$_REQUEST['eventid']}\n\t\t\t\tLIMIT 1", __FILE__, __LINE__);
} else {
$span = !empty($modSettings['cal_allowspan']) && !empty($_REQUEST['span']) ? min((int) $modSettings['cal_maxspan'], (int) $_REQUEST['span'] - 1) : 0;
$start_time = mktime(0, 0, 0, (int) $_REQUEST['month'], (int) $_REQUEST['day'], (int) $_REQUEST['year']);
db_query("\n\t\t\t\tUPDATE {$db_prefix}calendar\n\t\t\t\tSET endDate = '" . strftime('%Y-%m-%d', $start_time + $span * 86400) . "',\n\t\t\t\t\tstartDate = '" . strftime('%Y-%m-%d', $start_time) . "',\n\t\t\t\t\ttitle = '" . $func['htmlspecialchars']($_REQUEST['evtitle'], ENT_QUOTES) . "'\n\t\t\t\tWHERE ID_EVENT = {$_REQUEST['eventid']}\n\t\t\t\tLIMIT 1", __FILE__, __LINE__);
}
updateStats('calendar');
}
// Marking read should be done even for editing messages....
if (!$user_info['is_guest']) {
// Mark all the parents read. (since you just posted and they will be unread.)
if (!empty($board_info['parent_boards'])) {
db_query("\n\t\t\t\tUPDATE {$db_prefix}log_boards\n\t\t\t\tSET ID_MSG = {$modSettings['maxMsgID']}\n\t\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}\n\t\t\t\t\tAND ID_BOARD IN (" . implode(',', array_keys($board_info['parent_boards'])) . ")", __FILE__, __LINE__);
}
}
// Turn notification on or off. (note this just blows smoke if it's already on or off.)
if (!empty($_POST['notify'])) {
if (allowedTo('mark_any_notify')) {
db_query("\n\t\t\t\tINSERT IGNORE INTO {$db_prefix}log_notify\n\t\t\t\t\t(ID_MEMBER, ID_TOPIC, ID_BOARD)\n\t\t\t\tVALUES ({$ID_MEMBER}, {$topic}, 0)", __FILE__, __LINE__);
}
} elseif (!$newTopic) {
db_query("\n\t\t\tDELETE FROM {$db_prefix}log_notify\n\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}\n\t\t\t\tAND ID_TOPIC = {$topic}\n\t\t\tLIMIT 1", __FILE__, __LINE__);
}
// Log an act of moderation - modifying.
if (!empty($moderationAction)) {
logAction('modify', array('topic' => $topic, 'message' => (int) $_REQUEST['msg'], 'member' => $row['ID_MEMBER']));
}
if (isset($_POST['lock']) && $_POST['lock'] != 2) {
logAction('lock', array('topic' => $topicOptions['id']));
}
if (isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics'])) {
logAction('sticky', array('topic' => $topicOptions['id']));
}
// Notify any members who have notification turned on for this topic.
if ($newTopic) {
notifyMembersBoard();
} elseif (empty($_REQUEST['msg'])) {
sendNotifications($topic, 'reply');
}
// Returning to the topic?
if (!empty($_REQUEST['goback'])) {
// Mark the board as read.... because it might get confusing otherwise.
db_query("\n\t\t\tUPDATE {$db_prefix}log_boards\n\t\t\tSET ID_MSG = {$modSettings['maxMsgID']}\n\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}\n\t\t\t\tAND ID_BOARD = {$board}", __FILE__, __LINE__);
}
if (!empty($_POST['announce_topic'])) {
redirectexit('action=announce;sa=selectgroup;topic=' . $topic . (!empty($_POST['move']) && allowedTo('move_any') ? ';move' : '') . (empty($_REQUEST['goback']) ? '' : ';goback'));
}
if (!empty($_POST['move']) && allowedTo('move_any')) {
redirectexit('action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback'));
}
// Return to post if the mod is on.
if (isset($_REQUEST['msg']) && !empty($_REQUEST['goback'])) {
redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg'] . '#msg' . $_REQUEST['msg'], $context['browser']['is_ie']);
} elseif (!empty($_REQUEST['goback'])) {
redirectexit('topic=' . $topic . '.new#new', $context['browser']['is_ie']);
} else {
redirectexit('board=' . $board . '.0');
}
}
<?php
include_once 'includes/header.php';
if (isset($_GET['id'])) {
Post('webapps', $_GET['id']);
} else {
?>
<h2 class="uk-h2">Web Applications:</h2>
<?php
PostLoop('webapps');
}
?>
<hr class="uk-article-divider">
<?php
include_once 'includes/footer.php';
function Post2()
{
global $board, $topic, $txt, $modSettings, $sourcedir, $context;
global $user_info, $board_info, $options, $smcFunc;
// Sneaking off, are we?
if (empty($_POST) && empty($topic)) {
redirectexit('action=post;board=' . $board . '.0');
} elseif (empty($_POST) && !empty($topic)) {
redirectexit('action=post;topic=' . $topic . '.0');
}
// No need!
$context['robot_no_index'] = true;
// If we came from WYSIWYG then turn it back into BBC regardless.
if (!empty($_REQUEST['message_mode']) && isset($_REQUEST['message'])) {
require_once $sourcedir . '/Subs-Editor.php';
$_REQUEST['message'] = html_to_bbc($_REQUEST['message']);
// We need to unhtml it now as it gets done shortly.
$_REQUEST['message'] = un_htmlspecialchars($_REQUEST['message']);
// We need this for everything else.
$_POST['message'] = $_REQUEST['message'];
}
// Previewing? Go back to start.
if (isset($_REQUEST['preview'])) {
return Post();
}
// Prevent double submission of this form.
checkSubmitOnce('check');
// No errors as yet.
$post_errors = array();
// If the session has timed out, let the user re-submit their form.
if (checkSession('post', '', false) != '') {
$post_errors[] = 'session_timeout';
}
// Wrong verification code?
if (!$user_info['is_admin'] && !$user_info['is_mod'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || $user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1)) {
require_once $sourcedir . '/Subs-Editor.php';
$verificationOptions = array('id' => 'post');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
$post_errors = array_merge($post_errors, $context['require_verification']);
}
}
require_once $sourcedir . '/Subs-Post.php';
loadLanguage('Post');
// If this isn't a new topic load the topic info that we need.
if (!empty($topic)) {
$request = $smcFunc['db_query']('', '
SELECT locked, is_sticky, id_poll, approved, id_first_msg, id_last_msg, id_member_started, id_board
FROM {db_prefix}topics
WHERE id_topic = {int:current_topic}
LIMIT 1', array('current_topic' => $topic));
$topic_info = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// Though the topic should be there, it might have vanished.
if (!is_array($topic_info)) {
fatal_lang_error('topic_doesnt_exist');
}
// Did this topic suddenly move? Just checking...
if ($topic_info['id_board'] != $board) {
fatal_lang_error('not_a_topic');
}
}
// Replying to a topic?
if (!empty($topic) && !isset($_REQUEST['msg'])) {
// Don't allow a post if it's locked.
if ($topic_info['locked'] != 0 && !allowedTo('moderate_board')) {
fatal_lang_error('topic_locked', false);
}
// Sorry, multiple polls aren't allowed... yet. You should stop giving me ideas :P.
if (isset($_REQUEST['poll']) && $topic_info['id_poll'] > 0) {
unset($_REQUEST['poll']);
}
// Do the permissions and approval stuff...
$becomesApproved = true;
if ($topic_info['id_member_started'] != $user_info['id']) {
if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_any') && !allowedTo('post_reply_any')) {
$becomesApproved = false;
} else {
isAllowedTo('post_reply_any');
}
} elseif (!allowedTo('post_reply_any')) {
if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_own') && !allowedTo('post_reply_own')) {
$becomesApproved = false;
} else {
isAllowedTo('post_reply_own');
}
}
if (isset($_POST['lock'])) {
// Nothing is changed to the lock.
if (empty($topic_info['locked']) && empty($_POST['lock']) || !empty($_POST['lock']) && !empty($topic_info['locked'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $topic_info['id_member_started']) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
// You cannot override a moderator lock.
if ($topic_info['locked'] == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
// So you wanna (un)sticky this...let's see.
if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || $_POST['sticky'] == $topic_info['is_sticky'] || !allowedTo('make_sticky'))) {
unset($_POST['sticky']);
}
// If the number of replies has changed, if the setting is enabled, go back to Post() - which handles the error.
if (empty($options['no_new_reply_warning']) && isset($_POST['last_msg']) && $topic_info['id_last_msg'] > $_POST['last_msg']) {
$_REQUEST['preview'] = true;
return Post();
}
$posterIsGuest = $user_info['is_guest'];
} elseif (empty($topic)) {
// Now don't be silly, new topics will get their own id_msg soon enough.
unset($_REQUEST['msg'], $_POST['msg'], $_GET['msg']);
// Do like, the permissions, for safety and stuff...
$becomesApproved = true;
if ($modSettings['postmod_active'] && !allowedTo('post_new') && allowedTo('post_unapproved_topics')) {
$becomesApproved = false;
} else {
isAllowedTo('post_new');
}
if (isset($_POST['lock'])) {
// New topics are by default not locked.
if (empty($_POST['lock'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own'))) {
unset($_POST['lock']);
} else {
$_POST['lock'] = allowedTo('lock_any') ? 1 : 2;
}
}
if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || empty($_POST['sticky']) || !allowedTo('make_sticky'))) {
unset($_POST['sticky']);
}
$posterIsGuest = $user_info['is_guest'];
} elseif (isset($_REQUEST['msg']) && !empty($topic)) {
$_REQUEST['msg'] = (int) $_REQUEST['msg'];
$request = $smcFunc['db_query']('', '
SELECT id_member, poster_name, poster_email, poster_time, approved
FROM {db_prefix}messages
WHERE id_msg = {int:id_msg}
LIMIT 1', array('id_msg' => $_REQUEST['msg']));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('cant_find_messages', false);
}
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
if (!empty($topic_info['locked']) && !allowedTo('moderate_board')) {
fatal_lang_error('topic_locked', false);
}
if (isset($_POST['lock'])) {
// Nothing changes to the lock status.
if (empty($_POST['lock']) && empty($topic_info['locked']) || !empty($_POST['lock']) && !empty($topic_info['locked'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $topic_info['id_member_started']) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
// You're not allowed to break a moderator's lock.
if ($topic_info['locked'] == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
// Change the sticky status of this topic?
if (isset($_POST['sticky']) && (!allowedTo('make_sticky') || $_POST['sticky'] == $topic_info['is_sticky'])) {
unset($_POST['sticky']);
}
if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) {
if ((!$modSettings['postmod_active'] || $row['approved']) && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) {
fatal_lang_error('modify_post_time_passed', false);
} elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('modify_own')) {
isAllowedTo('modify_replies');
} else {
isAllowedTo('modify_own');
}
} elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('modify_any')) {
isAllowedTo('modify_replies');
// If you're modifying a reply, I say it better be logged...
$moderationAction = true;
} else {
isAllowedTo('modify_any');
// Log it, assuming you're not modifying your own post.
if ($row['id_member'] != $user_info['id']) {
$moderationAction = true;
}
}
$posterIsGuest = empty($row['id_member']);
// Can they approve it?
$can_approve = allowedTo('approve_posts');
$becomesApproved = $modSettings['postmod_active'] ? $can_approve && !$row['approved'] ? !empty($_REQUEST['approve']) ? 1 : 0 : $row['approved'] : 1;
$approve_has_changed = $row['approved'] != $becomesApproved;
if (!allowedTo('moderate_forum') || !$posterIsGuest) {
$_POST['guestname'] = $row['poster_name'];
$_POST['email'] = $row['poster_email'];
}
}
// If the poster is a guest evaluate the legality of name and email.
if ($posterIsGuest) {
$_POST['guestname'] = !isset($_POST['guestname']) ? '' : trim($_POST['guestname']);
$_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']);
if ($_POST['guestname'] == '' || $_POST['guestname'] == '_') {
$post_errors[] = 'no_name';
}
if ($smcFunc['strlen']($_POST['guestname']) > 25) {
$post_errors[] = 'long_name';
}
if (empty($modSettings['guest_post_no_email'])) {
// Only check if they changed it!
if (!isset($row) || $row['poster_email'] != $_POST['email']) {
if (!allowedTo('moderate_forum') && (!isset($_POST['email']) || $_POST['email'] == '')) {
$post_errors[] = 'no_email';
}
if (!allowedTo('moderate_forum') && preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['email']) == 0) {
$post_errors[] = 'bad_email';
}
}
// Now make sure this email address is not banned from posting.
isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
}
// In case they are making multiple posts this visit, help them along by storing their name.
if (empty($post_errors)) {
$_SESSION['guest_name'] = $_POST['guestname'];
$_SESSION['guest_email'] = $_POST['email'];
}
}
// Check the subject and message.
if (!isset($_POST['subject']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['subject'])) === '') {
$post_errors[] = 'no_subject';
}
if (!isset($_POST['message']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['message']), ENT_QUOTES) === '') {
$post_errors[] = 'no_message';
} elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_POST['message']) > $modSettings['max_messageLength']) {
$post_errors[] = 'long_message';
} else {
// Prepare the message a bit for some additional testing.
$_POST['message'] = $smcFunc['htmlspecialchars']($_POST['message'], ENT_QUOTES);
// Preparse code. (Zef)
if ($user_info['is_guest']) {
$user_info['name'] = $_POST['guestname'];
}
preparsecode($_POST['message']);
// Let's see if there's still some content left without the tags.
if ($smcFunc['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($_POST['message'], '[html]') === false)) {
$post_errors[] = 'no_message';
}
}
if (isset($_POST['calendar']) && !isset($_REQUEST['deleteevent']) && $smcFunc['htmltrim']($_POST['evtitle']) === '') {
$post_errors[] = 'no_event';
}
// You are not!
if (isset($_POST['message']) && strtolower($_POST['message']) == 'i am the administrator.' && !$user_info['is_admin']) {
fatal_error('Knave! Masquerader! Charlatan!', false);
}
// Validate the poll...
if (isset($_REQUEST['poll']) && $modSettings['pollMode'] == '1') {
if (!empty($topic) && !isset($_REQUEST['msg'])) {
fatal_lang_error('no_access', false);
}
// This is a new topic... so it's a new poll.
if (empty($topic)) {
isAllowedTo('poll_post');
} elseif ($user_info['id'] == $topic_info['id_member_started'] && !allowedTo('poll_add_any')) {
isAllowedTo('poll_add_own');
} else {
isAllowedTo('poll_add_any');
}
if (!isset($_POST['question']) || trim($_POST['question']) == '') {
$post_errors[] = 'no_question';
}
$_POST['options'] = empty($_POST['options']) ? array() : htmltrim__recursive($_POST['options']);
// Get rid of empty ones.
foreach ($_POST['options'] as $k => $option) {
if ($option == '') {
unset($_POST['options'][$k], $_POST['options'][$k]);
}
}
// What are you going to vote between with one choice?!?
if (count($_POST['options']) < 2) {
$post_errors[] = 'poll_few';
}
}
if ($posterIsGuest) {
// If user is a guest, make sure the chosen name isn't taken.
require_once $sourcedir . '/Subs-Members.php';
if (isReservedName($_POST['guestname'], 0, true, false) && (!isset($row['poster_name']) || $_POST['guestname'] != $row['poster_name'])) {
$post_errors[] = 'bad_name';
}
} elseif (!isset($_REQUEST['msg'])) {
$_POST['guestname'] = $user_info['username'];
$_POST['email'] = $user_info['email'];
}
// Any mistakes?
if (!empty($post_errors)) {
loadLanguage('Errors');
// Previewing.
$_REQUEST['preview'] = true;
$context['post_error'] = array('messages' => array());
foreach ($post_errors as $post_error) {
$context['post_error'][$post_error] = true;
if ($post_error == 'long_message') {
$txt['error_' . $post_error] = sprintf($txt['error_' . $post_error], $modSettings['max_messageLength']);
}
$context['post_error']['messages'][] = $txt['error_' . $post_error];
}
return Post();
}
// Make sure the user isn't spamming the board.
if (!isset($_REQUEST['msg'])) {
spamProtection('post');
}
// At about this point, we're posting and that's that.
ignore_user_abort(true);
@set_time_limit(300);
// Add special html entities to the subject, name, and email.
$_POST['subject'] = strtr($smcFunc['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
$_POST['guestname'] = htmlspecialchars($_POST['guestname']);
$_POST['email'] = htmlspecialchars($_POST['email']);
// At this point, we want to make sure the subject isn't too long.
if ($smcFunc['strlen']($_POST['subject']) > 100) {
$_POST['subject'] = $smcFunc['substr']($_POST['subject'], 0, 100);
}
// Make the poll...
if (isset($_REQUEST['poll'])) {
// Make sure that the user has not entered a ridiculous number of options..
if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0) {
$_POST['poll_max_votes'] = 1;
} elseif ($_POST['poll_max_votes'] > count($_POST['options'])) {
$_POST['poll_max_votes'] = count($_POST['options']);
} else {
$_POST['poll_max_votes'] = (int) $_POST['poll_max_votes'];
}
$_POST['poll_expire'] = (int) $_POST['poll_expire'];
$_POST['poll_expire'] = $_POST['poll_expire'] > 9999 ? 9999 : ($_POST['poll_expire'] < 0 ? 0 : $_POST['poll_expire']);
// Just set it to zero if it's not there..
if (!isset($_POST['poll_hide'])) {
$_POST['poll_hide'] = 0;
} else {
$_POST['poll_hide'] = (int) $_POST['poll_hide'];
}
$_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0;
$_POST['poll_guest_vote'] = isset($_POST['poll_guest_vote']) ? 1 : 0;
// Make sure guests are actually allowed to vote generally.
if ($_POST['poll_guest_vote']) {
require_once $sourcedir . '/Subs-Members.php';
$allowedVoteGroups = groupsAllowedTo('poll_vote', $board);
if (!in_array(-1, $allowedVoteGroups['allowed'])) {
$_POST['poll_guest_vote'] = 0;
}
}
// If the user tries to set the poll too far in advance, don't let them.
if (!empty($_POST['poll_expire']) && $_POST['poll_expire'] < 1) {
fatal_lang_error('poll_range_error', false);
} elseif (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2) {
$_POST['poll_hide'] = 1;
}
// Clean up the question and answers.
$_POST['question'] = htmlspecialchars($_POST['question']);
$_POST['question'] = $smcFunc['truncate']($_POST['question'], 255);
$_POST['question'] = preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', $_POST['question']);
$_POST['options'] = htmlspecialchars__recursive($_POST['options']);
}
// Check if they are trying to delete any current attachments....
if (isset($_REQUEST['msg'], $_POST['attach_del']) && (allowedTo('post_attachment') || $modSettings['postmod_active'] && allowedTo('post_unapproved_attachments'))) {
$del_temp = array();
foreach ($_POST['attach_del'] as $i => $dummy) {
$del_temp[$i] = (int) $dummy;
}
require_once $sourcedir . '/ManageAttachments.php';
$attachmentQuery = array('attachment_type' => 0, 'id_msg' => (int) $_REQUEST['msg'], 'not_id_attach' => $del_temp);
removeAttachments($attachmentQuery);
}
// ...or attach a new file...
if (isset($_FILES['attachment']['name']) || !empty($_SESSION['temp_attachments']) && empty($_POST['from_qr'])) {
// Verify they can post them!
if (!$modSettings['postmod_active'] || !allowedTo('post_unapproved_attachments')) {
isAllowedTo('post_attachment');
}
// Make sure we're uploading to the right place.
if (!empty($modSettings['currentAttachmentUploadDir'])) {
if (!is_array($modSettings['attachmentUploadDir'])) {
$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
}
// The current directory, of course!
$current_attach_dir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
} else {
$current_attach_dir = $modSettings['attachmentUploadDir'];
}
// If this isn't a new post, check the current attachments.
if (isset($_REQUEST['msg'])) {
$request = $smcFunc['db_query']('', '
SELECT COUNT(*), SUM(size)
FROM {db_prefix}attachments
WHERE id_msg = {int:id_msg}
AND attachment_type = {int:attachment_type}', array('id_msg' => (int) $_REQUEST['msg'], 'attachment_type' => 0));
list($quantity, $total_size) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
} else {
$quantity = 0;
$total_size = 0;
}
if (!empty($_SESSION['temp_attachments'])) {
foreach ($_SESSION['temp_attachments'] as $attachID => $name) {
if (preg_match('~^post_tmp_' . $user_info['id'] . '_\\d+$~', $attachID) == 0) {
continue;
}
if (!empty($_POST['attach_del']) && !in_array($attachID, $_POST['attach_del'])) {
unset($_SESSION['temp_attachments'][$attachID]);
@unlink($current_attach_dir . '/' . $attachID);
continue;
}
$_FILES['attachment']['tmp_name'][] = $attachID;
$_FILES['attachment']['name'][] = $name;
$_FILES['attachment']['size'][] = filesize($current_attach_dir . '/' . $attachID);
list($_FILES['attachment']['width'][], $_FILES['attachment']['height'][]) = @getimagesize($current_attach_dir . '/' . $attachID);
unset($_SESSION['temp_attachments'][$attachID]);
}
}
if (!isset($_FILES['attachment']['name'])) {
$_FILES['attachment']['tmp_name'] = array();
}
$attachIDs = array();
foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
if ($_FILES['attachment']['name'][$n] == '') {
continue;
}
// Have we reached the maximum number of files we are allowed?
$quantity++;
if (!empty($modSettings['attachmentNumPerPostLimit']) && $quantity > $modSettings['attachmentNumPerPostLimit']) {
checkSubmitOnce('free');
fatal_lang_error('attachments_limit_per_post', false, array($modSettings['attachmentNumPerPostLimit']));
}
// Check the total upload size for this post...
$total_size += $_FILES['attachment']['size'][$n];
if (!empty($modSettings['attachmentPostLimit']) && $total_size > $modSettings['attachmentPostLimit'] * 1024) {
checkSubmitOnce('free');
fatal_lang_error('file_too_big', false, array($modSettings['attachmentPostLimit']));
}
$attachmentOptions = array('post' => isset($_REQUEST['msg']) ? $_REQUEST['msg'] : 0, 'poster' => $user_info['id'], 'name' => $_FILES['attachment']['name'][$n], 'tmp_name' => $_FILES['attachment']['tmp_name'][$n], 'size' => $_FILES['attachment']['size'][$n], 'approved' => !$modSettings['postmod_active'] || allowedTo('post_attachment'));
if (createAttachment($attachmentOptions)) {
$attachIDs[] = $attachmentOptions['id'];
if (!empty($attachmentOptions['thumb'])) {
$attachIDs[] = $attachmentOptions['thumb'];
}
} else {
if (in_array('could_not_upload', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_lang_error('attach_timeout', 'critical');
}
if (in_array('too_large', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_lang_error('file_too_big', false, array($modSettings['attachmentSizeLimit']));
}
if (in_array('bad_extension', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_error($attachmentOptions['name'] . '.<br />' . $txt['cant_upload_type'] . ' ' . $modSettings['attachmentExtensions'] . '.', false);
}
if (in_array('directory_full', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_lang_error('ran_out_of_space', 'critical');
}
if (in_array('bad_filename', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_error(basename($attachmentOptions['name']) . '.<br />' . $txt['restricted_filename'] . '.', 'critical');
}
if (in_array('taken_filename', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_lang_error('filename_exists');
}
if (in_array('bad_attachment', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_lang_error('bad_attachment');
}
}
}
}
// Make the poll...
if (isset($_REQUEST['poll'])) {
// Create the poll.
$smcFunc['db_insert']('', '{db_prefix}polls', array('question' => 'string-255', 'hide_results' => 'int', 'max_votes' => 'int', 'expire_time' => 'int', 'id_member' => 'int', 'poster_name' => 'string-255', 'change_vote' => 'int', 'guest_vote' => 'int'), array($_POST['question'], $_POST['poll_hide'], $_POST['poll_max_votes'], empty($_POST['poll_expire']) ? 0 : time() + $_POST['poll_expire'] * 3600 * 24, $user_info['id'], $_POST['guestname'], $_POST['poll_change_vote'], $_POST['poll_guest_vote']), array('id_poll'));
$id_poll = $smcFunc['db_insert_id']('{db_prefix}polls', 'id_poll');
// Create each answer choice.
$i = 0;
$pollOptions = array();
foreach ($_POST['options'] as $option) {
$pollOptions[] = array($id_poll, $i, $option);
$i++;
}
$smcFunc['db_insert']('insert', '{db_prefix}poll_choices', array('id_poll' => 'int', 'id_choice' => 'int', 'label' => 'string-255'), $pollOptions, array('id_poll', 'id_choice'));
} else {
$id_poll = 0;
}
// Creating a new topic?
$newTopic = empty($_REQUEST['msg']) && empty($topic);
$_POST['icon'] = !empty($attachIDs) && $_POST['icon'] == 'xx' ? 'clip' : $_POST['icon'];
// Collect all parameters for the creation or modification of a post.
$msgOptions = array('id' => empty($_REQUEST['msg']) ? 0 : (int) $_REQUEST['msg'], 'subject' => $_POST['subject'], 'body' => $_POST['message'], 'icon' => preg_replace('~[\\./\\\\*:"\'<>]~', '', $_POST['icon']), 'smileys_enabled' => !isset($_POST['ns']), 'attachments' => empty($attachIDs) ? array() : $attachIDs, 'approved' => $becomesApproved);
$topicOptions = array('id' => empty($topic) ? 0 : $topic, 'board' => $board, 'poll' => isset($_REQUEST['poll']) ? $id_poll : null, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => true, 'is_approved' => !$modSettings['postmod_active'] || empty($topic) || !empty($board_info['cur_topic_approved']));
$posterOptions = array('id' => $user_info['id'], 'name' => $_POST['guestname'], 'email' => $_POST['email'], 'update_post_count' => !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count']);
// This is an already existing message. Edit it.
if (!empty($_REQUEST['msg'])) {
// Have admins allowed people to hide their screwups?
if (time() - $row['poster_time'] > $modSettings['edit_wait_time'] || $user_info['id'] != $row['id_member']) {
$msgOptions['modify_time'] = time();
$msgOptions['modify_name'] = $user_info['name'];
}
// This will save some time...
if (empty($approve_has_changed)) {
unset($msgOptions['approved']);
}
modifyPost($msgOptions, $topicOptions, $posterOptions);
} else {
createPost($msgOptions, $topicOptions, $posterOptions);
if (isset($topicOptions['id'])) {
$topic = $topicOptions['id'];
}
}
// Editing or posting an event?
if (isset($_POST['calendar']) && (!isset($_REQUEST['eventid']) || $_REQUEST['eventid'] == -1)) {
require_once $sourcedir . '/Subs-Calendar.php';
// Make sure they can link an event to this post.
canLinkEvent();
// Insert the event.
$eventOptions = array('board' => $board, 'topic' => $topic, 'title' => $_POST['evtitle'], 'member' => $user_info['id'], 'start_date' => sprintf('%04d-%02d-%02d', $_POST['year'], $_POST['month'], $_POST['day']), 'span' => isset($_POST['span']) && $_POST['span'] > 0 ? min((int) $modSettings['cal_maxspan'], (int) $_POST['span'] - 1) : 0);
insertEvent($eventOptions);
} elseif (isset($_POST['calendar'])) {
$_REQUEST['eventid'] = (int) $_REQUEST['eventid'];
// Validate the post...
require_once $sourcedir . '/Subs-Calendar.php';
validateEventPost();
// If you're not allowed to edit any events, you have to be the poster.
if (!allowedTo('calendar_edit_any')) {
// Get the event's poster.
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}calendar
WHERE id_event = {int:id_event}', array('id_event' => $_REQUEST['eventid']));
$row2 = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// Silly hacker, Trix are for kids. ...probably trademarked somewhere, this is FAIR USE! (parody...)
isAllowedTo('calendar_edit_' . ($row2['id_member'] == $user_info['id'] ? 'own' : 'any'));
}
// Delete it?
if (isset($_REQUEST['deleteevent'])) {
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}calendar
WHERE id_event = {int:id_event}', array('id_event' => $_REQUEST['eventid']));
} else {
$span = !empty($modSettings['cal_allowspan']) && !empty($_REQUEST['span']) ? min((int) $modSettings['cal_maxspan'], (int) $_REQUEST['span'] - 1) : 0;
$start_time = mktime(0, 0, 0, (int) $_REQUEST['month'], (int) $_REQUEST['day'], (int) $_REQUEST['year']);
$smcFunc['db_query']('', '
UPDATE {db_prefix}calendar
SET end_date = {date:end_date},
start_date = {date:start_date},
title = {string:title}
WHERE id_event = {int:id_event}', array('end_date' => strftime('%Y-%m-%d', $start_time + $span * 86400), 'start_date' => strftime('%Y-%m-%d', $start_time), 'id_event' => $_REQUEST['eventid'], 'title' => $smcFunc['htmlspecialchars']($_REQUEST['evtitle'], ENT_QUOTES)));
}
updateSettings(array('calendar_updated' => time()));
}
// Marking read should be done even for editing messages....
// Mark all the parents read. (since you just posted and they will be unread.)
if (!$user_info['is_guest'] && !empty($board_info['parent_boards'])) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}log_boards
SET id_msg = {int:id_msg}
WHERE id_member = {int:current_member}
AND id_board IN ({array_int:board_list})', array('current_member' => $user_info['id'], 'board_list' => array_keys($board_info['parent_boards']), 'id_msg' => $modSettings['maxMsgID']));
}
// Turn notification on or off. (note this just blows smoke if it's already on or off.)
if (!empty($_POST['notify']) && allowedTo('mark_any_notify')) {
$smcFunc['db_insert']('ignore', '{db_prefix}log_notify', array('id_member' => 'int', 'id_topic' => 'int', 'id_board' => 'int'), array($user_info['id'], $topic, 0), array('id_member', 'id_topic', 'id_board'));
} elseif (!$newTopic) {
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}log_notify
WHERE id_member = {int:current_member}
AND id_topic = {int:current_topic}', array('current_member' => $user_info['id'], 'current_topic' => $topic));
}
// Log an act of moderation - modifying.
if (!empty($moderationAction)) {
logAction('modify', array('topic' => $topic, 'message' => (int) $_REQUEST['msg'], 'member' => $row['id_member'], 'board' => $board));
}
if (isset($_POST['lock']) && $_POST['lock'] != 2) {
logAction('lock', array('topic' => $topicOptions['id'], 'board' => $topicOptions['board']));
}
if (isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics'])) {
logAction('sticky', array('topic' => $topicOptions['id'], 'board' => $topicOptions['board']));
}
// Notify any members who have notification turned on for this topic - only do this if it's going to be approved(!)
if ($becomesApproved) {
if ($newTopic) {
$notifyData = array('body' => $_POST['message'], 'subject' => $_POST['subject'], 'name' => $user_info['name'], 'poster' => $user_info['id'], 'msg' => $msgOptions['id'], 'board' => $board, 'topic' => $topic);
notifyMembersBoard($notifyData);
} elseif (empty($_REQUEST['msg'])) {
// Only send it to everyone if the topic is approved, otherwise just to the topic starter if they want it.
if ($topic_info['approved']) {
sendNotifications($topic, 'reply');
} else {
sendNotifications($topic, 'reply', array(), $topic_info['id_member_started']);
}
}
}
// Returning to the topic?
if (!empty($_REQUEST['goback'])) {
// Mark the board as read.... because it might get confusing otherwise.
$smcFunc['db_query']('', '
UPDATE {db_prefix}log_boards
SET id_msg = {int:maxMsgID}
WHERE id_member = {int:current_member}
AND id_board = {int:current_board}', array('current_board' => $board, 'current_member' => $user_info['id'], 'maxMsgID' => $modSettings['maxMsgID']));
}
if ($board_info['num_topics'] == 0) {
cache_put_data('board-' . $board, null, 120);
}
if (!empty($_POST['announce_topic'])) {
redirectexit('action=announce;sa=selectgroup;topic=' . $topic . (!empty($_POST['move']) && allowedTo('move_any') ? ';move' : '') . (empty($_REQUEST['goback']) ? '' : ';goback'));
}
if (!empty($_POST['move']) && allowedTo('move_any')) {
redirectexit('action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback'));
}
// Return to post if the mod is on.
if (isset($_REQUEST['msg']) && !empty($_REQUEST['goback'])) {
redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg'] . '#msg' . $_REQUEST['msg'], $context['browser']['is_ie']);
} elseif (!empty($_REQUEST['goback'])) {
redirectexit('topic=' . $topic . '.new#new', $context['browser']['is_ie']);
} else {
redirectexit('board=' . $board . '.0');
}
}
<?php
include_once 'includes/header.php';
if (!$_GET['id']) {
?>
<h2 class="uk-h2">Projects:</h2>
<?php
PostLoop('projects');
} else {
Post('projects', $_GET['id']);
}
?>
<hr class="uk-article-divider">
<?php
include_once 'includes/footer.php';
public function send_sms()
{
if (IS_AJAX) {
$telephone = M('users')->field('telephone')->where('id=' . $_SESSION['uid'])->select();
$mobile_code = random(6, 1);
//random()是公共自定义函数
$target = "121.199.16.178/webservice/sms.php?method=Submit";
$post_data = "account=cf_guoqingyu&password=luping521&mobile=" . $telephone[0]['telephone'] . "&content=" . rawurlencode("您的校验码是:" . $mobile_code . "。请不要把校验码泄露给其他人。如非本人操作,可不用理会!");
if (S('mobile_code')) {
echo json_encode(9);
exit;
} else {
$gets = xml_to_array(Post($post_data, $target));
S('mobile_code', $mobile_code, 60);
exit;
}
}
}
<?php
} else {
?>
<?php
if (is_category('mixes')) {
?>
<?php
PostLarge($i, "thumbnail");
?>
<?php
} else {
?>
<?php
Post($i, "thumbnail");
?>
<?php
}
?>
<?php
}
?>
<?php
$i++;
?>
<?php
function sendMessage($mobile, $content)
{
$codeMsg = array("100" => "全部成功", "101" => "参数错误", "102" => "号码错误", "103" => "当日余量不足", "104" => "请求超时", "105" => "用户余量不足", "106" => "非法用户", "107" => "提交号码超限", "111" => "签名不合法", "120" => "内容长度超长,请不要超过500个字", "121" => "内容中有屏蔽词");
if (is_array($mobile)) {
foreach ($mobile as $key => $val) {
$rule = "/^((13[0-9])|147|(15[0-35-9])|180|182|(18[5-9]))[0-9]{8}\$/A";
preg_match($rule, $mobile, $result);
if (!$result) {
unset($mobile[$key]);
}
}
$mobile = explode(",", $mobile);
}
$data['username'] = "******";
$data['pwd'] = md5("S2pKDu7q");
$data['extnum'] = "";
$data['p'] = $mobile;
$data['isUrlEncode'] = "no";
$data['charSetStr'] = "utf8";
$data['msg'] = $content;
$jasonCallback = Post($data, "http://api.app2e.com/smsBigSend.api.php");
$arCallback = json_decode($jasonCallback, true);
$logInfo = array();
if ($arCallback['status'] == 100) {
$logInfo['status'] = 2;
$code = 200;
} else {
$code = 500;
$logInfo['status'] = 3;
}
return array("code" => $code, "msg" => $codeMsg[$arCallback['status']]);
}
?>
<header>
<div style="background: #44AA66; font-size: 20px">
<div style=" font-family:Verdana; text-align: center;"> <h1>GESTION DE JARDINERIA</h1> </div>
<div class="Usuario" align="center" style=" padding-top:3em;">
<form action="" method="POST">
<table>
<tr>
<td>
<label>USUARIO: </label>
<td>
<input type="text" name="USUARIO" class="form-control" <?php
echo Post('USUARIO');
?>
>
<tr>
<td>
<label>CONTRASEÑA:   </label>
<td>
<input type="password" name="PASS" class="form-control">
<tr>
<td>
<td>
<input class="btn btn-default" type="submit" value="INICIAR">
<a href='?ctrl=cerrar'><input class='btn btn-default' type='button' value ='CERRAR SESION'></input></a>
</table>
</form>
function CalendarPost()
{
global $context, $txt, $db_prefix, $user_info, $sourcedir, $scripturl;
global $modSettings, $topic, $ID_MEMBER, $func;
// Well - can they?
isAllowedTo('calendar_post');
// Cast this for safety...
if (isset($_REQUEST['eventid'])) {
$_REQUEST['eventid'] = (int) $_REQUEST['eventid'];
}
// Submitting?
if (isset($_POST['sc'], $_REQUEST['eventid'])) {
checkSession();
// Validate the post...
if (!isset($_POST['link_to_board'])) {
require_once $sourcedir . '/Subs-Post.php';
calendarValidatePost();
}
// If you're not allowed to edit any events, you have to be the poster.
if ($_REQUEST['eventid'] > 0 && !allowedTo('calendar_edit_any')) {
// Get the event's poster.
$request = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}calendar\n\t\t\t\tWHERE ID_EVENT = {$_REQUEST['eventid']}\n\t\t\t\tLIMIT 1", __FILE__, __LINE__);
list($poster) = mysql_fetch_row($request);
mysql_free_result($request);
// Finally, test if they can either edit ANY, or just their own...
if (!allowedTo('calendar_edit_any')) {
isAllowedTo('calendar_edit_' . ($poster == $ID_MEMBER ? 'own' : 'any'));
}
}
// New - and directing?
if ($_REQUEST['eventid'] == -1 && isset($_POST['link_to_board'])) {
$_REQUEST['calendar'] = 1;
require_once $sourcedir . '/Post.php';
return Post();
} elseif ($_REQUEST['eventid'] == -1) {
calendarInsertEvent(0, 0, $_POST['evtitle'], $ID_MEMBER, $_POST['month'], $_POST['day'], $_POST['year'], isset($_POST['span']) ? $_POST['span'] : null);
} elseif (isset($_REQUEST['deleteevent'])) {
db_query("\n\t\t\t\tDELETE FROM {$db_prefix}calendar\n\t\t\t\tWHERE ID_EVENT = {$_REQUEST['eventid']}\n\t\t\t\tLIMIT 1", __FILE__, __LINE__);
} else {
// Calculate the eventDate depending on span.
$span = empty($modSettings['cal_allowspan']) || empty($_POST['span']) || $_POST['span'] == 1 || empty($modSettings['cal_maxspan']) || $_POST['span'] > $modSettings['cal_maxspan'] ? 0 : min((int) $modSettings['cal_maxspan'], (int) $_POST['span'] - 1);
$start_time = mktime(0, 0, 0, (int) $_REQUEST['month'], (int) $_REQUEST['day'], (int) $_REQUEST['year']);
db_query("\n\t\t\t\tUPDATE {$db_prefix}calendar\n\t\t\t\tSET \n\t\t\t\t\tstartDate = '" . strftime('%Y-%m-%d', $start_time) . "',\n\t\t\t\t\tendDate = '" . strftime('%Y-%m-%d', $start_time + $span * 86400) . "', \n\t\t\t\t\ttitle = '" . $func['htmlspecialchars']($_REQUEST['evtitle'], ENT_QUOTES) . "'\n\t\t\t\tWHERE ID_EVENT = {$_REQUEST['eventid']}\n\t\t\t\tLIMIT 1", __FILE__, __LINE__);
}
updateStats('calendar');
// No point hanging around here now...
redirectexit($scripturl . '?action=calendar;month=' . $_POST['month'] . ';year=' . $_POST['year']);
}
// If we are not enabled... we are not enabled.
if (empty($modSettings['cal_allow_unlinked']) && empty($_REQUEST['eventid'])) {
$_REQUEST['calendar'] = 1;
require_once $sourcedir . '/Post.php';
return Post();
}
// New?
if (!isset($_REQUEST['eventid'])) {
$today = getdate();
$context['event'] = array('boards' => array(), 'board' => !empty($modSettings['cal_defaultboard']) ? $modSettings['cal_defaultboard'] : 0, 'new' => 1, 'eventid' => -1, 'year' => isset($_REQUEST['year']) ? $_REQUEST['year'] : $today['year'], 'month' => isset($_REQUEST['month']) ? $_REQUEST['month'] : $today['mon'], 'day' => isset($_REQUEST['day']) ? $_REQUEST['day'] : $today['mday'], 'title' => '', 'span' => 1);
// Get list of boards that can be posted in.
$boards = boardsAllowedTo('post_new');
if (empty($boards)) {
fatal_lang_error('cannot_post_new');
}
$request = db_query("\n\t\t\tSELECT c.name AS catName, c.ID_CAT, b.ID_BOARD, b.name AS boardName, b.childLevel\n\t\t\tFROM {$db_prefix}boards AS b\n\t\t\t\tLEFT JOIN {$db_prefix}categories AS c ON (c.ID_CAT = b.ID_CAT)\n\t\t\tWHERE {$user_info['query_see_board']}" . (in_array(0, $boards) ? '' : "\n\t\t\t\tAND b.ID_BOARD IN (" . implode(', ', $boards) . ")"), __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($request)) {
$context['event']['boards'][] = array('id' => $row['ID_BOARD'], 'name' => $row['boardName'], 'childLevel' => $row['childLevel'], 'prefix' => str_repeat(' ', $row['childLevel'] * 3), 'cat' => array('id' => $row['ID_CAT'], 'name' => $row['catName']));
}
mysql_free_result($request);
} else {
$request = db_query("\n\t\t\tSELECT\n\t\t\t\tc.ID_EVENT, c.ID_BOARD, c.ID_TOPIC, MONTH(c.startDate) AS month,\n\t\t\t\tDAYOFMONTH(c.startDate) AS day, YEAR(c.startDate) AS year,\n\t\t\t\t(TO_DAYS(c.endDate) - TO_DAYS(c.startDate)) AS span, c.ID_MEMBER, c.title,\n\t\t\t\tt.ID_FIRST_MSG, t.ID_MEMBER_STARTED\n\t\t\tFROM {$db_prefix}calendar AS c\n\t\t\t\tLEFT JOIN {$db_prefix}topics AS t ON (t.ID_TOPIC = c.ID_TOPIC)\n\t\t\tWHERE c.ID_EVENT = {$_REQUEST['eventid']}", __FILE__, __LINE__);
// If nothing returned, we are in poo, poo.
if (mysql_num_rows($request) == 0) {
fatal_lang_error(1);
}
$row = mysql_fetch_assoc($request);
mysql_free_result($request);
// If it has a board, then they should be editing it within the topic.
if ($row['ID_TOPIC'] && $row['ID_FIRST_MSG']) {
// We load the board up, for a check on the board access rights...
$topic = $row['ID_TOPIC'];
loadBoard();
}
// Make sure the user is allowed to edit this event.
if ($row['ID_MEMBER'] != $ID_MEMBER) {
isAllowedTo('calendar_edit_any');
} elseif (!allowedTo('calendar_edit_any')) {
isAllowedTo('calendar_edit_own');
}
$context['event'] = array('boards' => array(), 'board' => $row['ID_BOARD'], 'new' => 0, 'eventid' => $_REQUEST['eventid'], 'year' => $row['year'], 'month' => $row['month'], 'day' => $row['day'], 'title' => $row['title'], 'span' => 1 + $row['span']);
}
$context['event']['last_day'] = (int) strftime('%d', mktime(0, 0, 0, $context['event']['month'] == 12 ? 1 : $context['event']['month'] + 1, 0, $context['event']['month'] == 12 ? $context['event']['year'] + 1 : $context['event']['year']));
// Template, sub template, etc.
loadTemplate('Calendar');
$context['sub_template'] = 'event_post';
$context['page_title'] = isset($_REQUEST['eventid']) ? $txt['calendar20'] : $txt['calendar23'];
$context['linktree'][] = array('name' => $context['page_title']);
}
echo Post('ope');
?>
"></td>
<tr>
<td><label for="exampleInputDescripcion">Descripcion</label></td>
<td><textarea class="form-control" rows="4" name="Descr" ><?php
echo Post('Descr');
?>
</textarea></td>
<tr/>
<tr>
<td><label for="exampleInputAno">Anotacion</label></td>
<td><textarea class="form-control" rows="4" name="anoA" placeholder=" Datos de interes" >
<?php
echo Post('anoA');
?>
</textarea>
</td>
<tr>
<td><label for="exampleInputEstado">Estado</label></td>
<td><div class="radio">
<input type="radio" name="ESTADO" id="optionsRadios1" value="Terminada" >
<label>Terminada</label>
</div>
<div class="radio" name="ESTADO">
<input type="radio" name="ESTADO" id="optionsRadios2" value="Pendiente" checked>
<label>Pendiente</label>
</div>
<div class="radio" name="ESTADO">
