<?php require_once '../inc/init.php'; $langid = intval($_GET['langid']); $urlrewrite = intval($cache_settings['urlrewrite']); _header_('Content-Type:text/xml;'); print "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n"; $lastmod = getDateStr(time(), "dateonly", false); print <<<EOT <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"> EOT; $rows = $db->row_select("channels", "langid={$langid}", "5000", "id,ishidden,channeltype,pid,systemtype"); $i = 0; foreach ($rows as $channel) { if ($channel['channeltype'] == '4') { continue; } $priority = 1 - $i++ / 10000; $priority = $priority < 0.6 ? 0.6 : $priority; $priority = number_format($priority, 2); $locurl = $webcore->genNavLink($channel); $locurl = str_replace('/sitemap/', '/', $locurl); print <<<EOT <url> <loc>{$locurl}</loc> <priority>{$priority}</priority> <changefreq>daily</changefreq> <lastmod>{$lastmod}</lastmod> </url>
$filepath = getUrlPath() . '/' . $filepath; $filepath = preg_replace('/\\/' . ADMIN_DIR . '\\//i', '/', $filepath); //ob_end_clean(); header("HTTP/1.1 301 Moved Permanently"); header("Last-Modified:" . date('r')); header("Expires: " . date('r', time() + 86400)); header("Location:{$filepath}"); exit; } $filepath = ATT_PATH . "/uploadfile/attachment/" . $row['filepath']; $filename = stristr($_SERVER['HTTP_USER_AGENT'], 'MSIE') ? urlencode($row['filename']) : $row['filename']; ob_end_clean(); _header_('Content-Encoding: none'); _header_('Content-Type: application/octet-stream'); _header_('Content-Disposition: attachment; filename="' . $filename . '"'); _header_('Content-Length: ' . filesize($filepath)); getlocalfile($filepath, 1); function getlocalfile($filename, $readmod = 2, $range = 0) { if ($readmod == 1 || $readmod == 3 || $readmod == 4) { if ($fp = @fopen($filename, 'rb')) { @fseek($fp, $range); if (function_exists('fpassthru') && ($readmod == 3 || $readmod == 4)) { @fpassthru($fp); } else { echo @fread($fp, filesize($filename)); } } @fclose($fp); } else { @readfile($filename);
function checkViewLang($type, $id) { global $_SLANG; $reallangid; switch ($type) { case 'articlelist': case 'page': $row = $this->db->row_select_one("channels", "id={$id}"); empty($row) && exitRes($_SLANG['webcore.channel.ne']); $reallangid = $row['langid']; break; case 'productlist': $row = $this->db->row_select_one("procates", "id={$id}"); empty($row) && exitRes($_SLANG['webcore.cate.ne']); $reallangid = $row['langid']; break; case 'product': $row = $this->db->row_select_one("products", "id={$id}"); empty($row) && exitRes($_SLANG['webcore.product.ne']); $reallangid = $row['langid']; break; case 'view': $row = $this->db->row_select_one("articles", "id={$id}"); empty($row) && exitRes($_SLANG['webcore.art.ne']); $reallangid = $row['langid']; break; } setCookies("langid", $reallangid, 3600 * 24 * 365); $tourl = ''; unset($_GET['langid']); foreach ($_GET as $getkey => $getvalue) { !empty($getvalue) && ($tourl .= "&{$getkey}={$getvalue}"); } $tourl = "{$type}.php?langid={$reallangid}{$tourl}"; //exit($tourl); _header_("location:{$tourl}"); }
if (file_exists('install') && !file_exists('install/install.lock')) { header("location:install"); exit; } require_once './inc/init.php'; if ($_GET['langid']) { $refer = $_SERVER['HTTP_REFERER']; if (!empty($_GET['preview']) || !stristr($refer, $_SERVER['HTTP_HOST']) || !stristr($refer, 'admin/')) { $refer = "index.php"; } $refer = empty($refer) ? "index.php" : $refer; _header_("location:{$refer}"); exit; } if ($_GET['alangid']) { _header_("location:admin/index.php"); exit; } //程序实现伪静态 if ($cache_settings['urlrewrite'] == '1') { $uri_ = $_SERVER["REQUEST_URI"]; $uri_parm = array(); $p = '/\\?(.*).html/isU'; preg_match($p, $uri_, $r); $uri_ = $r[1]; $parms_vars = explode("-", $uri_); switch ($parms_vars[0]) { case 'articlelist': if (!empty($parms_vars[1])) { $_GET['cid'] = intval($parms_vars[1]); }
//var_dump($lg);exit; if ($lg['memberid'] == 0 || $lg['groupid'] == 0) { $lg['groupid'] = GROUP_GUESS; //自动登录 if (!empty($lg['membername']) && !empty($lg['memberpass'])) { $lgrow = $db->row_select_one("members", "membername='{$lg[membername]}' and memberpass='******'", "id,groupid"); if (empty($lgrow)) { $lg['groupid'] = GROUP_GUESS; } else { if ($lgrow['groupid'] == GROUP_NOVERIFY || $lgrow['groupid'] == GROUP_NOVISIT || $lgrow['groupid'] == GROUP_VERIFYFAILED) { //待验证 //禁止访问 //验证不通过 $cleart = -86400 * 365 * 2; setCookies('membername', '', $cleart); setCookies('memberpass', '', $cleart); setCookies('expire', '', $cleart); _header_("location:index.php"); } else { setCookies('memberauth', md5($lg['membername'] . $lg['memberpass'] . $cache_settings['salt']), $lg['expire']); wSESSION('memberid', $lgrow['id']); wSESSION('groupid', $lgrow['groupid']); $lg['memberid'] = intval(rSESSION('memberid')); $lg['groupid'] = intval(rSESSION('groupid')); } } } } //模板相关 $_SYS['styleid'] = $cache_settings['template']; if (isset($_GET['preview'])) { $_SYS['styleid'] = $_GET['styleid']; $_SYS['styleid'] = str_replace(array("'", "/", "\\", "\"", "."), array('', '', '', '', ''), $_SYS['styleid']);
if ($username == '' || $userpass == '' || $userpass == '') { $errtips = 'login_detailsrequired'; } elseif (strtolower(rSESSION('validationcode')) != strtolower($securitycode)) { $errtips = 'login_validationcodeerr'; } else { $userpass = encrypt($username, $userpass); $row = $db->row_select_one("users", "username='******' and userpass='******'"); if ($row == null) { $errtips = 'login_namepasserr'; } else { $uobj['lastip'] = getIP(); $uobj['lasttime'] = time(); $db->row_update("users", $uobj, "id={$row['id']}"); wSESSION('isadmin', 1); wSESSION('userid', $row['id']); _header_("location:{$ref}"); $errtips = 'login_succeed'; } } } else { //$ref = $_GET["ref"]; if ($ref == "") { $ref = "index.php"; } } $errtipsstr = array('login_detailsrequired' => $_AL['login.required'], 'login_validationcodeerr' => $_AL['login.codeerr'], 'login_namepasserr' => $_AL['login.usererr']); print <<<EOT <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>
function attachment() { $host_referer = parse_url($_SERVER['HTTP_REFERER']); $host_server = $_SERVER['HTTP_HOST']; if (($pos = strpos($host_server, ':')) !== FALSE) { $host_server = substr($host_server, 0, $pos); } if ($_SERVER['HTTP_REFERER'] && !($host_referer['host'] == $host_server)) { $this->error('来源错误'); } $id = I('get.id'); $id = empty($id) ? 0 : intval(I('get.id')); if (empty($id)) { $this->error('文件ID不存在'); } $attach = D('attachments'); $row = $attach->where("id={$id}")->find(); if (empty($row)) { $this->error('文件不存在'); } $filepath = "/Public/uploadfile/images/" . $row['filepath']; //if is image and redirect //if(intval($_GET['r'])==1 && $row['type']==1){ if ($row['type'] == 1) { if (!file_exists("." . $filepath)) { $this->error('文件已经被删除'); } //ob_end_clean(); $filepath = __ROOT__ . $filepath; header("HTTP/1.1 301 Moved Permanently"); header("Last-Modified:" . date('r')); header("Expires: " . date('r', time() + 86400)); header("Location:{$filepath}"); exit; } $filepath = ATT_PATH . "/uploadfile/attachment/" . $row['filepath']; $filename = stristr($_SERVER['HTTP_USER_AGENT'], 'MSIE') ? urlencode($row['filename']) : $row['filename']; ob_end_clean(); _header_('Content-Encoding: none'); _header_('Content-Type: application/octet-stream'); _header_('Content-Disposition: attachment; filename="' . $filename . '"'); _header_('Content-Length: ' . filesize($filepath)); getlocalfile($filepath, 1); function getlocalfile($filename, $readmod = 2, $range = 0) { if ($readmod == 1 || $readmod == 3 || $readmod == 4) { if ($fp = @fopen($filename, 'rb')) { @fseek($fp, $range); if (function_exists('fpassthru') && ($readmod == 3 || $readmod == 4)) { @fpassthru($fp); } else { echo @fread($fp, filesize($filename)); } } @fclose($fp); } else { @readfile($filename); } @flush(); @ob_flush(); @ob_end_flush(); } }
$db->row_insert("procates", $procate); $procate['cateid'] = $db->insert_id(); } writeProductsCateCache(); succeedFlag(); } catch (Exception $e) { echo $e; } break; case "sethide": $procateid = intval($_GET['procateid']); $hide = intval($_GET['hide']); $procate['ishidden'] = $hide; $db->row_update("procates", $procate, "id={$procateid}"); writeProductsCateCache(); _header_("location:admin.php?inc=procate&action=set"); //succeedFlag(); break; case "delprocate": try { $cid = intval($_GET['cid']); if (empty($cid)) { exit($_AL['all.parmerr']); } $rows = $db->row_select("procates", "pid={$cid}"); if (!empty($rows)) { exit($_AL['procate.deldown.failed']); } //del products $db->row_delete("products", "cid={$cid}"); //del procates
break; case "verifyY": $msg['state'] = 1; $db->row_update("msgs", $msg, "id in ({$idstr})"); break; case "verifyN": $msg['state'] = 0; $db->row_update("msgs", $msg, "id in ({$idstr})"); break; default: echo $_AL['all.noaction']; break; } succeedFlag(); } } catch (Exception $e) { echo $e; } break; case "verify": $id = intval($_GET['id']); $state = intval($_GET['state']); $msg['state'] = $state; $db->row_update("msgs", $msg, "id={$id}"); _header_("location:{$_SERVER['HTTP_REFERER']}"); //succeedFlag(); break; default: echo $_AL['all.noaction']; break; }
<?php require_once "./../inc/init.php"; require_once "./inc/adminfun.php"; require_once "./language/language.php"; if (!isAdmin()) { _header_("location:login.php?ref=" . urlencode($_SERVER['REQUEST_URI'])); } $inc = strFilter($_GET['inc']); $action = strFilter($_GET['action']); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>www.6kzz.com</title> <link href="css/pager.css" rel="stylesheet" type="text/css" /> <link href="css/global.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="../getfiles.php?t=js&v=<?php echo $_SYS['VERSION']; ?> &f=tab|util|ajax|choosedate|color|jquery|admin"></script> <script type="text/javascript" src="../inc/kindeditor/kindeditor.js"></script> <script type="text/javascript" src="../js/admin.js"></script> <script type="text/javascript"> var popwin = window.parent.popwin; </script> <style> body{margin:10px;} </style> </head>