function explore_field($field)
{
if (!isset($_SESSION['minesweeper'][$field]) || !in_array($_SESSION['minesweeper'][$field], array(MINESWEEPER_NOT_EXPLORED, MINESWEEPER_FLAGGED))) {
return;
}
$mines = 0;
// Make reference to that long name
$fields =& $_SESSION['minesweeper'];
// @ operator helps avoiding isset()... (it removes E_NOTICEs)
// left side options
if ($field % MINEGRID_WIDTH !== 1) {
$mines += check_field(@$fields[$field - MINEGRID_WIDTH - 1]);
$mines += check_field(@$fields[$field - 1]);
$mines += check_field(@$fields[$field + MINEGRID_WIDTH - 1]);
}
// bottom and top
$mines += check_field(@$fields[$field - MINEGRID_WIDTH]);
$mines += check_field(@$fields[$field + MINEGRID_WIDTH]);
// right side options
if ($field % MINEGRID_WIDTH !== 0) {
$mines += check_field(@$fields[$field - MINEGRID_WIDTH + 1]);
$mines += check_field(@$fields[$field + 1]);
$mines += check_field(@$fields[$field + MINEGRID_WIDTH + 1]);
}
$fields[$field] = $mines;
if ($mines === 0) {
if ($field % MINEGRID_WIDTH !== 1) {
explore_field($field - MINEGRID_WIDTH - 1);
explore_field($field - 1);
explore_field($field + MINEGRID_WIDTH - 1);
}
explore_field($field - MINEGRID_WIDTH);
explore_field($field + MINEGRID_WIDTH);
if ($field % MINEGRID_WIDTH !== 0) {
explore_field($field - MINEGRID_WIDTH + 1);
explore_field($field + 1);
explore_field($field + MINEGRID_WIDTH + 1);
}
}
}
function textarea($field)
{
$required = '';
$req = '';
$email_field = '';
if ($field['zn_cf_required']) {
$required = 'zn_required_field';
if (check_field($field['zn_cf_name'])) {
$req = 'error';
}
}
if ($field['zn_cf_f_email'] == 'yes') {
$email_field = 'zn_email_field';
}
$field_name = preg_replace('~[\\W\\s]~', '_', $field['zn_cf_name']);
echo '<div class="control-group ' . $req . '">';
echo '<label class="control-label" for="' . $field_name . '">' . $field['zn_cf_name'] . '</label>';
echo '<div class="controls">';
echo '<textarea id="' . $field_name . '" name="' . $field_name . '" placeholder="' . $field['zn_cf_name'] . '" class=" textarea zn_cf_textarea ' . $required . ' ' . $email_field . '" title="' . $field['zn_cf_name'] . '" ></textarea> ';
echo '</div>';
echo '</div><!-- end control group -->';
}
function m__save_message()
{
global $dbm, $table_name;
$table_name = "message";
if (isset($_SESSION['postdata']['message']) && time() - $_SESSION['postdata']['message'] < 60) {
die('{"code":"101","msg":"歇会再留言吧"}');
}
//查询该独立模型字段
$sql = "select * from " . TB_PREFIX . "extern_fields where extern_name = '" . $table_name . "'";
$querys = $dbm->query($sql);
$fields = array();
//判断字段输入是否合法
foreach ($querys['list'] as $v) {
$fields[$v['field']] = isset($_POST['extern___' . $v['field']]) ? $_POST['extern___' . $v['field']] : '';
$extern = get_field_remark($table_name, $v['field']);
//获取特殊字段说明
if (!empty($extern)) {
check_field($extern, $fields[$v['field']]);
}
//验证合法性
}
$fields['create_time'] = time();
//print_r($fields);die;
//插入数据
$ret = $dbm->single_insert(TB_PREFIX . $table_name, $fields);
//print_r($ret);
if ($ret['error'] == '' && $ret['autoid'] > 0) {
//如果开启了留言到邮箱,就发送一封邮件到绑定的邮箱
if (MESSAGE_EMAIL != '') {
$countent = "电话:" . @$fields['phone'] . " \r\n<br> 留言内容:" . @$fields['content'] . " \r\n<br> QQ号:" . @$fields['qq'] . " \r\n<br> 性别:" . @$fields['gender'];
@helper::send_email($fields['nick_name'], MESSAGE_EMAIL, $fields['nick_name'] . "的留言", $countent);
}
$_SESSION['postdata']['message'] = time();
die('{"code":"0","msg":"留言成功,我们会尽快联系您"}');
} else {
die('{"code":"100","msg":"留言失败"}');
}
}
} else {
print '<div class="flash_notice">' . $output . '</div>';
}
break;
##########################################################
# EDIT FEED
##########################################################
##########################################################
# EDIT FEED
##########################################################
case 'edit':
$tribe_id = trim($_POST['tribe_id']);
$rs_tribe = $core->con->select("SELECT * FROM " . $core->prefix . "tribe WHERE tribe_id = '{$tribe_id}'");
$new_name = !empty($_POST['tribe_name']) ? $_POST['tribe_name'] : $rs_tribe->f('tribe_name');
$new_ordering = !empty($_POST['tribe_order']) ? intval($_POST['tribe_order']) : $rs_tribe->f('ordering');
$new_name = check_field('Tribe name', $new_name);
$error = array();
if ($new_name['success'] && is_int($new_ordering)) {
$new_name['value'] = htmlentities($new_name['value'], ENT_QUOTES, mb_detect_encoding($new_name['value']));
$cur = $core->con->openCursor($core->prefix . 'tribe');
$cur->tribe_name = $new_name['value'];
$cur->ordering = $new_ordering;
$cur->modified = array(' NOW() ');
$cur->update("WHERE tribe_id = '{$tribe_id}'");
$output = sprintf(T_("Tribe %s successfully updated"), $new_name['value']);
} else {
if (!$new_name['success']) {
$error[] = $new_name['error'];
}
if (!is_int($new_ordering)) {
$error[] = T_('The ordering has to be an integer value.');
/**
* update a user record
* this function is registered in xajax
* @param string $title title of page
* @param string $key_string comma separated name value pairs
* @param array $form_values values of new record (array of name value pairs)
* @return xajaxResponse every xajax registered function needs to return this object
*/
function action_update_user_settings_record($title, $key_string, $form_values)
{
global $logging;
global $user;
global $user_settings_table_configuration;
global $firstthingsfirst_field_descriptions;
global $user_start_time_array;
# WARNING: this function is almost identical to function UserAdministration::action_update_user_admin_record
# changes in this function should also lead to changes in that function
$logging->info("USER_ACTION " . __METHOD__ . " (user="******", title={$title}, key_string={$key_string})");
# store start time
$user_start_time_array[__METHOD__] = microtime(TRUE);
$html_str = "";
$name_keys = array_keys($form_values);
$new_form_values = array();
$fields = $user->get_fields();
$field_keys = array_keys($fields);
# create necessary objects
$result = new Result();
$response = new xajaxResponse();
$html_database_table = new HtmlDatabaseTable($user_settings_table_configuration);
foreach ($name_keys as $name_key) {
$value_array = explode(GENERAL_SEPARATOR, $name_key);
$db_field_name = $value_array[0];
$field_type = $value_array[1];
$field_number = $value_array[2];
$check_functions = explode(" ", $firstthingsfirst_field_descriptions[$field_type][FIELD_DESCRIPTION_FIELD_INPUT_CHECKS]);
$result->reset();
$logging->debug("field (name=" . $db_field_name . ", type=" . $field_type . ", number=" . $field_number . ")");
# check field values (check password field only when new password has been set)
if ($db_field_name != USER_PW_FIELD_NAME || $db_field_name == USER_PW_FIELD_NAME && strlen($form_values[$name_key]) > 0) {
check_field($check_functions, $db_field_name, $form_values[$name_key], $user->get_date_format(), $result);
if (strlen($result->get_error_message_str()) > 0) {
set_error_message($name_key, "right", $result->get_error_message_str(), "", "", $response);
return $response;
}
}
# set new value
$new_form_values[$db_field_name] = $result->get_result_str();
$logging->debug("setting new form value (db_field_name=" . $db_field_name . ", result=" . $result->get_result_str() . ")");
}
# check if someone tries to change user admin
if ($user->get_name() == "admin") {
# check if the name of user admin is changed
if ($new_form_values[USER_NAME_FIELD_NAME] != "admin") {
set_error_message("record_contents_buttons", "right", "ERROR_CANNOT_UPDATE_NAME_USER_ADMIN", "", "", $response);
return $response;
}
}
# display error when insertion returns false
if (!$user->update($key_string, $new_form_values, TRUE)) {
$logging->warn("update user settings record returns false");
$error_message_str = $user->get_error_message_str();
$error_log_str = $user->get_error_log_str();
$error_str = $user->get_error_str();
set_error_message("record_contents_buttons", "right", $error_message_str, $error_log_str, $error_str, $response);
return $response;
}
# redirect to portal page with new user settings activated
$response->script("window.location.assign('index.php?action=" . ACTION_GET_PORTAL_PAGE . "')");
# check post conditions not necessary
# log total time for this function
$logging->info(get_function_time_str(__METHOD__));
return $response;
}
}
}
$temp[] = array('D' => $dir, 'N' => $name, 'S' => $size, 'T' => $time, 'I' => uniqid(), 'X' => -1);
echo json_encode(array('code' => 0, 'index' => 0));
/* clear the first one */
if (count($temp) > 10) {
$first = array_shift($temp);
for ($i = 0; $i <= $first['X']; $i++) {
$kv->delete($first['I'] . ':' . $i);
}
}
kv_set($kv, ':temp', serialize($temp));
exit;
break;
case "chunk":
check_field('index');
$index = (int) $_REQUEST['index'];
$raw = file_get_contents('php://input');
for (reset($temp); $it = each($temp);) {
$f = $it[1];
if ($f['D'] == $dir && $f['N'] == $name) {
if ($index != $f['X'] + 1) {
exit_json(3, 'Unwanted index.');
} else {
if (strlen($raw) != ($f['S'] - $index * 3145728 >= 3145728 ? 3145728 : $f['S'] % 3145728)) {
exit_json(4, 'Broken chunk.');
} else {
if (!kv_set($kv, $f['I'] . ':' . $index, $raw)) {
#debuging
$s = new SaeStorage();
$s->write('s3', 'error', $raw);
include dirname(__FILE__) . '/tpl.php';
#
header('Content-type: text/html; charset=utf-8');
$form_values = array("user_id" => "", "fullname" => "", "email" => "", "password" => "");
$flash = '';
session_start();
require_once dirname(__FILE__) . '/inc/lib/recaptchalib.php';
$privatekey = "6LdEeQgAAAAAABrweqchK5omdyYS_fUeDqvDRq3Q";
$publickey = "6LdEeQgAAAAAACLccbiO8TNaptSmepfMFEDL3hj2";
if (isset($_POST) && isset($_POST['submit'])) {
$captcha = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
# On recupere les infos
$user_id = check_field('user_id', trim($_POST['user_id']), 'not_empty');
$fullname = check_field('fullname', trim($_POST['fullname']), '', false);
$email = check_field('email', trim($_POST['email']), 'email');
$password = check_field('password', trim($_POST['pass']), 'not_empty');
if ($user_id) {
$form_values["user_id"] = $user_id['value'];
}
if ($fullname) {
$form_values["fullname"] = $fullname['value'];
}
if ($email) {
$form_values["email"] = $email['value'];
}
if ($password) {
$form_values["password"] = $password['value'];
}
if (!$captcha->is_valid) {
$flash = array('type' => 'error', 'msg' => sprintf(T_("The reCAPTCHA wasn't entered correctly. Go back and try it again. (reCAPTCHA said: %s)"), $captcha->error));
} else {
/**
* import uploaded list records to current list
* this function is registered in xajax
* @param string $list_title title of list
* @param string $file_specs specifications of uploaded file to be precessed
* @return xajaxResponse every xajax registered function needs to return this object
*/
function action_import_list_records($list_title, $file_specs, $field_seperator)
{
global $logging;
global $user;
global $list_table_configuration;
global $user_start_time_array;
global $firstthingsfirst_field_descriptions;
$file_specs_array = explode("|", $file_specs);
$file_name = $file_specs_array[0];
$file_org_name = $file_specs_array[1];
$file_size = $file_specs_array[2];
$file_type = $file_specs_array[3];
$logging->error("USER_ACTION " . __METHOD__ . " (user="******", list_title={$list_title}, file_name={$file_name} ({$file_size}), field_seperator={$field_seperator})");
# store start time
$user_start_time_array[__METHOD__] = microtime(TRUE);
# create necessary objects
$result = new Result();
$response = new xajaxResponse();
$html_database_table = new HtmlDatabaseTable($list_table_configuration);
# check if a file_name has been given
if ($file_name == "NO_FILE") {
$logging->warn("no file was uploaded");
set_error_message("button_import", "above", "ERROR_UPLOAD_SELECT_FILE", "", "", $response);
return $response;
}
$full_file_name = "uploads/{$file_name}";
# create list table object
$list_table = new ListTable($list_title);
if ($list_table->get_is_valid() == FALSE) {
$logging->warn("create list object returns false");
$error_message_str = $list_table->get_error_message_str();
$error_log_str = $list_table->get_error_log_str();
$error_str = $list_table->get_error_str();
set_error_message("button_import", "above", $error_message_str, $error_log_str, $error_str, $response);
return $response;
}
$logging->debug("starting to read uploaded file ({$full_file_name}=" . $full_file_name . ")");
if (file_exists($full_file_name) == FALSE) {
$logging->warn("cannot find uploaded file");
set_error_message("button_import", "above", "ERROR_UPLOAD_FILE_NOT_FOUND", "", "", $response);
return $response;
}
$fields = $list_table->get_fields();
# line number counter
$line_number = 1;
# database field names of all columns to import
$import_db_field_names = array_slice($list_table->get_db_field_names(), 1);
$num_of_import_db_field_names = count($import_db_field_names);
# open file to import
$file_handler = fopen($full_file_name, "r");
if ($file_handler == FALSE) {
$logging->warn("could not open file to import (file_name={$full_file_name})");
set_error_message("button_import", "above", "ERROR_UPLOAD_COULD_NOT_OPEN", "", "", $response);
return $response;
}
# read a line from the file to import
while (($line_array = fgetcsv($file_handler, 10000, $field_seperator)) !== FALSE) {
$logging->debug("reading line (line_number={$line_number})");
# add dummy column for attachments
array_push($line_array, "@");
$num_of_columns = count($line_array);
# check if number of columns is correct
if ($num_of_columns != $num_of_import_db_field_names) {
$logging->warn("wrong colum count (num_of_columns={$num_of_columns}, num_of_import_db_field_names={$num_of_import_db_field_names})");
$error_message_str = "LABEL_IMPORT_LINE_NUMBER {$line_number} <br> ERROR_IMPORT_WRONG_COLUMN_COUNT";
set_error_message("button_import", "above", $error_message_str, "", "", $response);
return $response;
}
$insert_array = array();
$counter = 0;
# create an array with all db_field_names and values from file
foreach ($import_db_field_names as $db_field_name) {
$field_name = $fields[$db_field_name][0];
$field_type = $fields[$db_field_name][1];
$check_functions = explode(" ", $firstthingsfirst_field_descriptions[$field_type][FIELD_DESCRIPTION_FIELD_INPUT_CHECKS]);
$result->reset();
# check field values and store new field value in result
check_field($check_functions, $db_field_name, $line_array[$counter], $user->get_date_format(), $result);
if (strlen($result->get_error_message_str()) > 0) {
$error_message_str = "LABEL_IMPORT_LINE_NUMBER {$line_number} <br> LABEL_IMPORT_FIELDNAME {$field_name} <br> " . $result->get_error_message_str();
#$error_message_str = $result->get_error_message_str();
set_error_message(button_import, "above", $error_message_str, "", "", $response);
return $response;
}
$logging->debug("field (name={$db_field_name}, type={$field_type}, content=" . $result->get_result_str() . ")");
# convert auto created and auto modified fields
if ($field_type == FIELD_TYPE_DEFINITION_AUTO_CREATED || $field_type == FIELD_TYPE_DEFINITION_AUTO_MODIFIED) {
$insert_array[$db_field_name] = 0;
}
# store the new field value (either as note or as normal value)
if ($field_type == FIELD_TYPE_DEFINITION_NOTES_FIELD) {
$insert_array[$db_field_name] = array(array(0, $result->get_result_str()));
} else {
if ($field_type == FIELD_TYPE_DEFINITION_ATTACHMENTS) {
$insert_array[$db_field_name] = array(array(0, LISTTABLEATTACHMENT_EMPTY_ATTACHMENT . "|-|-|-"));
} else {
$insert_array[$db_field_name] = $result->get_result_str();
}
}
$counter++;
}
# insert a line
$return_value = $list_table->insert($insert_array, $user->get_name());
if ($return_value == 0) {
$logging->warn("insert list record returns false");
$error_message_str = LABEL_IMPORT_LINE_NUMBER . " {$line_number} <br> " . $result->get_error_message_str();
#$error_message_str = $list_table->get_error_message_str();
$error_log_str = $list_table->get_error_log_str();
$error_str = $list_table->get_error_str();
set_error_message("button_import", "above", $error_message_str, $error_log_str, $error_str, $response);
return $response;
}
$line_number++;
}
$logging->debug("imported all lines from file (line_number={$line_number})");
# delete the import file
fclose($file_handler);
unlink($full_file_name);
# set content
$result->reset();
$html_database_table->get_content($list_table, $list_title, "", DATABASETABLE_UNKWOWN_PAGE, $result);
$response->custom_response->assign_with_effect(LIST_CSS_NAME_PREFIX . "content_pane", $result->get_result_str());
# set action pane
$html_str = $html_database_table->get_action_bar($list_title, "");
$response->custom_response->assign_with_effect("action_pane", $html_str);
# set footer
$response->assign("footer_text", "innerHTML", get_footer($list_table->get_creator_modifier_array()));
# check post conditions
if (check_postconditions($result, $response) == FALSE) {
return $response;
}
set_info_message("action_bar_button_import", "above", "LABEL_IMPORT_SUCCESS", $response);
# log total time for this function
$logging->info(get_function_time_str(__METHOD__));
return $response;
}
print '<div class="flash_notice">' . T_('User status toggled') . '</div>';
break;
##########################################################
# UPDATE USER
##########################################################
##########################################################
# UPDATE USER
##########################################################
case 'update':
$user_id = urldecode(trim($_POST['user_id']));
$user = $core->con->select("SELECT * FROM " . $core->prefix . "user WHERE user_id = '{$user_id}'");
$new_fullname = !empty($_POST['efullname']) ? $_POST['efullname'] : $user->f('user_fullname');
$new_email = !empty($_POST['eemail']) ? $_POST['eemail'] : $user->f('user_email');
$new_fullname = check_field('fullname', $new_fullname);
$new_email = check_field('email', $new_email, 'email');
$new_password = check_field('password', array("password" => trim($_POST['password']), "password2" => trim($_POST['password2'])), 'password', false);
$error = array();
if ($new_email['success'] && $new_fullname['success'] && $new_password['success']) {
$new_fullname['value'] = htmlentities($new_fullname['value'], ENT_QUOTES, mb_detect_encoding($new_fullname['value']));
$sql = "SELECT user_id, user_fullname, user_email FROM " . $core->prefix . "user\n\t\t\t\tWHERE lower(user_id) != '" . strtolower($user_id) . "'\n\t\t\t\tAND (lower(user_fullname) = '" . strtolower($new_fullname['value']) . "'\n\t\t\t\tOR lower(user_email) = '" . strtolower($new_email['value']) . "')";
$rs1 = $core->con->select($sql);
if ($rs1->count() > 0) {
if ($rs1->f('user_fullname') == $new_fullname['value']) {
$error[] = sprintf(T_('The user %s already exists'), $new_fullname['value']);
}
if ($rs1->f('user_email') == $new_email['value']) {
$error[] = sprintf(T_('The email address %s is already in use by %s'), $new_email['value'], $rs1->f('user_id'));
}
}
if (empty($error)) {
$cur = $core->con->openCursor($core->prefix . 'user');
unset($node['D'][$it[0]]);
$done = true;
// kv_set($kv, $dir, serialize($node));
// exit_redirect('home.php?path=' . $dir);
}
}
}
if ($done) {
kv_set($kv, $dir, serialize($node));
exit;
} else {
exit_json(1, 'No such file or directory.');
}
break;
case 'rename':
check_field('name', 'value');
$name = $_REQUEST['name'];
$value = $_REQUEST['value'];
foreach ($node['R'] as $f) {
if (!strcasecmp($f['N'], $value)) {
exit_print("New name already exists. <a href=\"home.php?path=" . $dir . "\">Back home</a>?");
}
}
foreach ($node['D'] as $f) {
if (!strcasecmp($f['N'], $value)) {
exit_print("New name already exists. <a href=\"home.php?path=" . $dir . "\">Back home</a>?");
}
}
for (reset($node['R']); $it = each($node['R']);) {
if (!strcasecmp($it[1]['N'], $name)) {
/* for ($i = 0; $i * 3145728 < $it[1]['S']; $i++) {
public function dogetpassword_m()
{
global_run();
//验证码
$verify = strim($_REQUEST['sms_verify']);
if (empty($verify)) {
showErr("请输入验证码", 1);
}
$mobile = strim($_REQUEST['user_mobile']);
$data = check_field("getpassword_mobile", $mobile, 0);
if (!$data['status']) {
ajax_return($data);
} else {
$user_info = $GLOBALS['db']->getRow('select * from ' . DB_PREFIX . "user where mobile='" . $mobile . "' and password_verify = '" . $verify . "'");
if ($user_info) {
$GLOBALS['db']->query("delete from " . DB_PREFIX . "sms_mobile_verify where mobile_phone = '" . $mobile . "'");
showSuccess("验证成功", 1, url("index", "user#modify_password", array("id" => $user_info['id'], "code" => $verify)));
} else {
showErr("验证码错误", 1);
}
}
}
/**
* 验证会员字段
*/
public function check_field()
{
$field = strim($_REQUEST['field']);
$value = strim($_REQUEST['value']);
$user_id = intval($_REQUEST['user_id']);
$data = check_field($field, $value, $user_id);
ajax_return($data);
}
print '<div class="flash_notice">' . $output . '</div>';
}
break;
##########################################################
# EDIT FEED
##########################################################
##########################################################
# EDIT FEED
##########################################################
case 'edit':
$feed_id = trim($_POST['ef_id']);
$feed = $core->con->select("SELECT * FROM " . $core->prefix . "feed WHERE feed_id = '{$feed_id}'");
$new_name = !empty($_POST['ef_name']) ? $_POST['ef_name'] : $feed->f('feed_name');
$new_url = !empty($_POST['ef_url']) ? $_POST['ef_url'] : $feed->f('feed_url');
$new_name = check_field('Feed name', $new_name);
$new_url = check_field('Feed url', $new_url, 'feed');
$error = array();
if ($new_name['success'] && $new_url['success']) {
#FIXME : check if this line is needed (also used in user_api)
$new_name['value'] = htmlentities($new_name['value'], ENT_QUOTES, mb_detect_encoding($new_name['value']));
$rs1 = $core->con->select("SELECT feed_url, user_id FROM " . $core->prefix . "feed\n\t\t\t\tWHERE feed_id != '" . $feed_id . "'\n\t\t\t\tAND feed_url = '" . $new_url['value'] . "'");
if ($rs1->count() > 0) {
$error[] = sprintf(T_('The feed %s is already used by user %s'), $new_url['value'], $rs->f('user_id'));
}
if (empty($error)) {
$cur = $core->con->openCursor($core->prefix . 'feed');
$cur->feed_name = $new_name['value'];
$cur->feed_url = $new_url['value'];
$cur->modified = array(' NOW() ');
$cur->update("WHERE feed_id = '{$feed_id}'");
$output = sprintf(T_("Feed %s successfully updated"), $new_url['value']);
function m__save()
{
global $dbm, $c;
check_level($_POST['alone_table'] . "_01");
$params = array();
if (!isset($_POST['alone_table']) || empty($_POST['alone_table'])) {
die('{"code":"210","msg":"独立表异常!"}');
}
unset($_POST['hashtoken']);
foreach ($_POST as $k => $v) {
$k = str_replace('extern___', '', $k);
$params[$k] = helper::escape($v, 1);
$params[$k] = isset($params[$k]) && !empty($params[$k]) ? trim($params[$k]) : '';
$extern = get_field_remark($_POST['alone_table'], $k);
//获取特殊字段说明
if (!empty($extern)) {
check_field($extern, $v);
}
//验证合法性
}
$ext_tb = $params['alone_table'];
$ext_sql = "select * from " . TB_PREFIX . "extern_fields where extern_name='{$ext_tb}'";
$ext_data = $dbm->query($ext_sql);
if (count($ext_data['list']) > 0) {
$extern_attr_content = $ext_data['list'];
foreach ($extern_attr_content as $attr) {
foreach ($params as $k => $v) {
// 判断独立表的字段类型,日期类型进行数据转换
if ($k == $attr['field'] && $attr['form_type'] == 'date') {
$params[$k] = strtotime($v);
}
}
}
}
if ($_POST['info_id'] == '' || $_POST['info_id'] == '0') {
unset($params['reso']);
unset($params['info_id']);
unset($params['alone_table']);
$params['create_time'] = time();
//添加记录
$table = $_POST['alone_table'];
$ret = $dbm->single_insert(TB_PREFIX . $table, $params);
if ($ret['error'] == '') {
die('{"code":"0","msg":"添加成功"}');
}
die('{"code":"210","msg":"添加失败"}');
/*
print_r($params);
die();*/
} else {
//更新记录
if (!is_numeric($_POST['info_id'])) {
die('{"code":"220","msg":"ID必须是数字"}');
}
$id = intval($_POST['info_id']);
$table_name = $_POST['alone_table'];
unset($params['reso']);
unset($params['info_id']);
unset($params['alone_table']);
$where = "{$table_name}_id = {$id}";
$ret = $dbm->single_update(TB_PREFIX . $table_name, $params, $where);
//print_r($ret); die();
if ($ret['error'] != '') {
die('{"code":"230","msg":"更新失败"}');
}
die('{"code":"0","msg":"更新成功"}');
}
}
/**
* update a record
* this function is registered in xajax
* @param string $title title of page
* @param string $key_string comma separated name value pairs
* @param array $form_values values of new record (array of name value pairs)
* @return xajaxResponse every xajax registered function needs to return this object
*/
function action_update_user_admin_record($title, $key_string, $form_values)
{
global $logging;
global $user;
global $user_admin_table_configuration;
global $firstthingsfirst_field_descriptions;
global $user_start_time_array;
# WARNING: this function is almost identical to function UserSettings::action_update_user_setting_record
# changes in this function should also lead to changes in that function
$logging->info("USER_ACTION " . __METHOD__ . " (user="******", title={$title}, key_string={$key_string})");
# store start time
$user_start_time_array[__METHOD__] = microtime(TRUE);
$html_str = "";
$name_keys = array_keys($form_values);
$new_form_values = array();
$fields = $user->get_fields();
$field_keys = array_keys($fields);
# create the key_string for user admin (who always has id=1)
$key_string_admin_user = DatabaseTable::_get_encoded_key_string(array(DB_ID_FIELD_NAME => "1"));
# create necessary objects
$result = new Result();
$response = new xajaxResponse();
$html_database_table = new HtmlDatabaseTable($user_admin_table_configuration);
foreach ($name_keys as $name_key) {
$value_array = explode(GENERAL_SEPARATOR, $name_key);
$db_field_name = $value_array[0];
$field_type = $value_array[1];
$field_number = $value_array[2];
$check_functions = explode(" ", $firstthingsfirst_field_descriptions[$field_type][FIELD_DESCRIPTION_FIELD_INPUT_CHECKS]);
$result->reset();
$logging->debug("field (name=" . $db_field_name . ", type=" . $field_type . ", number=" . $field_number . ")");
# check field values (check password field only when new password has been set)
if ($db_field_name != USER_PW_FIELD_NAME || $db_field_name == USER_PW_FIELD_NAME && strlen($form_values[$name_key]) > 0) {
check_field($check_functions, $db_field_name, $form_values[$name_key], $user->get_date_format(), $result);
if (strlen($result->get_error_message_str()) > 0) {
set_error_message($name_key, "right", $result->get_error_message_str(), "", "", $response);
return $response;
}
}
# set new value
$new_form_values[$db_field_name] = $result->get_result_str();
$logging->debug("setting new form value (db_field_name=" . $db_field_name . ", result=" . $result->get_result_str() . ")");
}
# check if all booleans have been set
foreach ($field_keys as $db_field_name) {
if ($fields[$db_field_name][1] == FIELD_TYPE_DEFINITION_BOOL) {
if (!isset($new_form_values[$db_field_name])) {
$logging->debug("found an unset bool field");
$new_form_values[$db_field_name] = "0";
}
}
}
# check if someone tries to change user admin
if ($key_string_admin_user == $key_string) {
# check if the name of user admin is changed
if ($new_form_values[USER_NAME_FIELD_NAME] != "admin") {
set_error_message("record_contents_buttons", "right", "ERROR_CANNOT_UPDATE_NAME_USER_ADMIN", "", "", $response);
return $response;
}
# check if the permissions of user admin is changed
if ($new_form_values[USER_CAN_CREATE_LIST_FIELD_NAME] != "1" || $new_form_values[USER_IS_ADMIN_FIELD_NAME] != "1") {
set_error_message("record_contents_buttons", "right", "ERROR_CANNOT_UPDATE_PERMISSIONS_USER_ADMIN", "", "", $response);
return $response;
}
}
# display error when insertion returns false
if (!$user->update($key_string, $new_form_values)) {
$logging->warn("update user admin record returns false");
$error_message_str = $user->get_error_message_str();
$error_log_str = $user->get_error_log_str();
$error_str = $user->get_error_str();
set_error_message("record_contents_buttons", "right", $error_message_str, $error_log_str, $error_str, $response);
return $response;
}
# set content
$result->reset();
$html_database_table->get_content($user, $title, "", DATABASETABLE_UNKWOWN_PAGE, $result);
$response->custom_response->assign_with_effect(USER_ADMIN_CSS_NAME_PREFIX . "content_pane", $result->get_result_str());
# set action pane
$html_str = $html_database_table->get_action_bar($title, "");
$response->custom_response->assign_with_effect("action_pane", $html_str);
# check post conditions
if (check_postconditions($result, $response) == FALSE) {
return $response;
}
# log total time for this function
$logging->info(get_function_time_str(__METHOD__));
return $response;
}
function check_fields(&$fields, $show_messages = true)
{
global $system_fields;
$err = ZBX_VALID_OK;
$fields = array_merge($fields, $system_fields);
foreach ($fields as $field => $checks) {
$err |= check_field($fields, $field, $checks);
}
unset_not_in_list($fields);
unset_if_zero($fields);
if ($err != ZBX_VALID_OK) {
unset_action_vars($fields);
}
$fields = null;
if ($err & ZBX_VALID_ERROR) {
invalid_url();
}
if ($show_messages) {
show_messages();
}
return $err == ZBX_VALID_OK ? 1 : 0;
}
}
$statusnet = $_POST['statusnet'] == 'true' ? 1 : 0;
$statusnet_account = check_field(T_('Statusnet Account'), $_POST['statusnet-account'], 'url');
$reddit = $_POST['reddit'] == 'true' ? 1 : 0;
if (!in_array($newsletter, array('nomail', 'dayly', 'weekly', 'monthly'))) {
$error[] = T_('Error detected');
}
if ($statusnet == 1) {
if (!$statusnet_account['success']) {
$error[] = T_("Please check statusnet URL : Invalid URL");
}
}
$shaarli_instance = '';
if ($shaarli == 1) {
if ($shaarli_type == 'remote') {
$instance = check_field(T_('Shaarli instance'), $_POST['shaarli-instance'], 'url');
if (!$instance['success']) {
$error[] = T_("Please check shaarli URL : Invalid URL");
} else {
$shaarli_instance = $instance['value'];
}
} else {
$shaarli_instance = BP_PLANET_URL . '/shaarli/?user='******'social.newsletter', $newsletter, 'string');
$user_settings->put('social.twitter', $twitter, 'boolean');
$user_settings->put('social.google', $google, 'boolean');
$user_settings->put('social.shaarli', $shaarli, 'boolean');
if ($shaarli == 1) {
### Mise en cache
#debutCache();
### Initialisation variables de traitement
$flash = array();
# Tableau pour l'affichage des messages d'erreurs, d'avertissement, de notice, ...
$confirmation = '';
# Message de confirmation
### Initialisation des variables formulaires
# Adresse e-mail expéditrice
$sender = isset($_POST['newsletter_sender']) ? check_field(T_('Sender'), $_POST['newsletter_sender'], 'email') : check_field(T_('Sender'), $blog_settings->get('author_mail'), 'email');
# Adresses e-mail destinataires
$recipients = isset($_POST['newsletter_recipient']) ? check_recipients(T_('Recipients'), $_POST['newsletter_recipient']) : check_recipients(T_('Recipients'), '');
# Sujet de la newsletter
$subject = isset($_POST['newsletter_subject']) ? check_field(T_('Subject'), cleanupString($_POST['newsletter_subject']), 'not_empty') : '';
# Contenu de la newsletter
$message = isset($_POST['newsletter_message']) ? check_field(T_('Message'), cleanupString($_POST['newsletter_message']), 'not_empty') : '';
### On verifie que le formulaire est bien saisie
if (isset($_POST) && isset($_POST['submitNewsletter'])) {
if ($sender['success'] && $recipients['success'] && $subject['success'] && $message['success']) {
$msg = htmlspecialchars(preg_replace('/\\n/', '<br/>', $message['value']));
$confirmation .= '<p>';
$confirmation .= '<form name="NewsletterConfirm" method="POST">';
$confirmation .= ' <u>' . T_('Are you sure you want to send this newsletter?') . '</u>';
$confirmation .= '<br /><br />';
$confirmation .= '<input type="hidden" name="sender" value="' . htmlspecialchars($sender['value']) . '" />';
$confirmation .= '<input type="hidden" name="recipients" value="' . htmlspecialchars($recipients['value']) . '" />';
$confirmation .= '<input type="hidden" name="subject" value="' . htmlspecialchars($subject['value']) . '" />';
$confirmation .= '<input type="hidden" name="message" value="' . $msg . '" />';
$confirmation .= ' <input type="submit" class="button br3px" name="confirmSubmit" value="' . T_('Yes') . '" />';
$confirmation .= ' <input type="button" class="button br3px" name="reset" value="' . T_('No') . '" />';
$confirmation .= '</form>';
foreach ($error as $value) {
$output .= "<li>" . $value . "</li>";
}
$output .= "</ul>";
print '<div class="flash_error">' . $output . '</div>';
} else {
print '<div class="flash_notice">' . $output . '</div>';
}
break;
case "feed_from_site":
if (isset($_GET['site'])) {
$url = trim($_GET["site"]);
} else {
$url = trim($_POST["site"]);
}
$site_url = check_field('site', urldecode($url), 'url');
$feeds = array();
if ($site_url['success']) {
require_once dirname(__FILE__) . '/../../inc/lib/simplepie_1.3.compiled.php';
$simplepie = new SimplePie();
$simplepie->set_feed_url($site_url['value']);
$simplepie->init();
$simplepie->handle_content_type();
foreach ($simplepie->get_all_discovered_feeds() as $ob) {
$feeds[] = $ob->url;
}
}
header('Content-type: application/json; charset=utf-8');
print json_encode($feeds);
break;
##########################################################
__error(T_("Permission denied"), T_('You are not allowed to see this page.') . ' ' . T_('You can delete your session if you logout : ') . '<a href="?logout">Logout</a>');
exit;
}
$planet_author_mail = $email = $blog_settings->get('author_mail');
$planet_author_site = $url = $blog_settings->get('author_site');
$planet_author = $author = $blog_settings->get('author');
$planet_author_jabber = $blog_settings->get('author_jabber');
$planet_author_im = $blog_settings->get('author_im');
$planet_author_about = $blog_settings->get('author_about');
$flash = array();
# On verifie que le formulaire est bien saisie
if (isset($_POST) && isset($_POST['submit'])) {
# On recupere les infos
$email = check_field(T_('Reference contact email'), trim($_POST['planet_author_mail']), 'email');
$url = check_field(T_('Author Website'), trim($_POST['planet_author_site']), 'url');
$author = check_field(T_('Contact Name'), trim($_POST['planet_author']), 'not_empty');
$planet_author_jabber = trim($_POST['planet_author_jabber']);
$planet_author_im = trim($_POST['planet_author_im']);
$planet_author_about = htmlentities($_POST['planet_author_about'], ENT_QUOTES, mb_detect_encoding($_POST['planet_author_about']));
if ($email['success'] && $url['success'] && $author['success']) {
$planet_author_mail = $email['value'];
$planet_author_site = $url['value'];
$planet_author = $author['value'];
$blog_settings->put('author', $planet_author, "string");
$blog_settings->put('author_mail', $planet_author_mail, "string");
$blog_settings->put('author_site', $planet_author_site, "string");
$blog_settings->put('author_jabber', $planet_author_jabber, "string");
$blog_settings->put('author_im', $planet_author_im, "string");
$blog_settings->put('author_about', $planet_author_about, "string");
$flash['notice'][] = T_("Modification succeeded");
} else {
$output .= "</ul>";
print '<div class="flash_error">' . $output . '</div>';
} else {
print '<div class="flash_notice">' . $output . '</div>';
}
break;
##########################################################
# UPDATE SITE
##########################################################
##########################################################
# UPDATE SITE
##########################################################
case 'update':
$site_id = trim($_POST['site_id']);
$site_url = check_field('site_url', trim($_POST['esite_url']), 'url');
$site_name = check_field('site_name', trim($_POST['esite_name']));
$error = array();
if ($site_url['success'] && $site_name['success']) {
$rs = $core->con->select("SELECT * FROM " . $core->prefix . "site\n\t\t\t\tWHERE site_url = '" . $site_url['value'] . "'\n\t\t\t\tAND site_id != " . $site_id);
if ($rs->count() > 0) {
if ($rs->f('user_id') == $user_id) {
$error[] = sprintf(T_('The user %s already own the website %s'), $user_id, $site_url['value']);
} else {
$error[] = sprintf(T_('The website %s is owned by user %s'), $site_url['value'], $rs->f('user_id'));
}
}
if (empty($error)) {
$cur = $core->con->openCursor($core->prefix . 'site');
$cur->site_url = $site_url['value'];
$cur->site_name = $site_name['value'];
$cur->modified = array(' NOW() ');
include dirname(__FILE__) . '/tpl.php';
#
header('Content-type: text/html; charset=utf-8');
$flash = '';
if (isset($_POST) && isset($_POST['submit'])) {
require_once dirname(__FILE__) . '/inc/lib/recaptchalib.php';
$privatekey = "6LdEeQgAAAAAABrweqchK5omdyYS_fUeDqvDRq3Q";
$captcha = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$captcha->is_valid) {
$flash = array('type' => 'error', 'msg' => sprintf(T_("The reCAPTCHA wasn't entered correctly. Go back and try it again. (reCAPTCHA said: %s)"), $captcha->error));
} else {
# On recupere les infos
$name = check_field('name', trim($_POST['name']), 'not_empty');
$email = check_field('email', trim($_POST['email']), 'email');
$subject = check_field('subject', trim($_POST['subject']), 'not_empty');
$content = check_field('content', trim($_POST['content']), 'not_empty');
$ip = getIP();
if ($name['success'] && $email['success'] && $subject['success'] && $content['success']) {
# Construction du mail
$objet = "Contact: " . $subject['value'];
$msg = T_("Name/Nickname : ") . $name['value'];
$msg .= "\n" . T_("Email : ") . $email['value'];
$msg .= "\n" . T_("Subject : ") . $subject['value'];
$msg .= "\n" . T_("Content of the message: ") . $content['value'];
$msg .= "\nIP : {$ip}";
# Envoi du mail
$envoi = sendmail($email['value'], $blog_settings->get('author_mail'), $objet, $msg);
# Message d'information
if ($envoi) {
$flash = array('type' => 'notice', 'msg' => T_("Your email has been sent !"));
} else {
function check_fields(&$fields, $show_messages = true)
{
// VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION
$system_fields = array('sid' => array(T_ZBX_STR, O_OPT, P_SYS, HEX(), null), 'triggers_hash' => array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY, null), 'print' => array(T_ZBX_INT, O_OPT, P_SYS, IN('1'), null), 'page' => array(T_ZBX_INT, O_OPT, P_SYS, null, null), 'ddreset' => array(T_ZBX_INT, O_OPT, P_SYS, null, null));
$fields = zbx_array_merge($system_fields, $fields);
$err = ZBX_VALID_OK;
foreach ($fields as $field => $checks) {
$err |= check_field($fields, $field, $checks);
}
unset_not_in_list($fields);
unset_if_zero($fields);
if ($err != ZBX_VALID_OK) {
unset_action_vars($fields);
}
$fields = null;
if ($err & ZBX_VALID_ERROR) {
invalid_url();
}
if ($show_messages && $err != ZBX_VALID_OK) {
show_messages($err == ZBX_VALID_OK, null, _('Page received incorrect data'));
}
return $err == ZBX_VALID_OK;
}
$replace = array();
$forms = array();
$sql_form = mysql_query("SELECT form_id, name, butt FROM " . TABLE_QUESTIONNAIRE . " ORDER BY form_id") or Error(1, __FILE__, __LINE__);
while ($info_form = @mysql_fetch_array($sql_form)) {
$sql = mysql_query("SELECT field_id, name, public FROM " . TABLE_QUESTFIELD . " WHERE form_id={$info_form['form_id']} ORDER BY ord") or Error(1, __FILE__, __LINE__);
$fields = array();
$field_name = "";
while ($info = @mysql_fetch_array($sql)) {
$info['name'] = htmlspecialchars($info['name'], ENT_COMPAT, 'cp1251');
if (!$info['name']) {
$info['name'] = NONAME;
}
$info['edit_link'] = ADMIN_URL . "?p={$part}&field_id={$info['field_id']}";
$info['del_link'] = "";
$info['icount'] = 0;
if ($i = check_field($info['field_id'])) {
$info['icount'] = $i;
} else {
$info['del_link'] = ADMIN_URL . "?p={$part}&del_field={$info['field_id']}";
}
if ($info['field_id'] == $field_id) {
$form_id = $info_form['form_id'];
$field_name = $info['name'];
}
$fields[] = $info;
}
$info_form['fields'] = $fields;
$info_form['del_link'] = ADMIN_URL . "?p={$part}&del_form={$info_form['form_id']}";
$info_form['edit_link'] = ADMIN_URL . "?p={$part}&form_id={$info_form['form_id']}";
$forms[] = $info_form;
}
if (md5($password) == $account['password']) {
if ($_REQUEST['newpwd'] == $_REQUEST['newpwd2']) {
$account['password'] = md5($_REQUEST['newpwd']);
kv_set($kv, ':account', serialize($account));
$_SESSION['msg'] = 'Password has been changed.';
unset($_SESSION['auth']);
exit_redirect('index.php');
} else {
exit_print("Confirm doesn't match. <a href=\"home.php\">Back Home</a>?");
}
} else {
exit_print("Password is wrong. <a href=\"home.php\">Back Home</a>?");
}
break;
case 'login':
check_field('username', 'password');
if ($username != $account['username'] || md5($password) != $account['password']) {
$_SESSION['msg'] = 'User name or password wrong!';
exit_redirect('index.php');
}
$_SESSION['auth'] = 'OK';
exit_redirect('home.php');
break;
case 'logout':
$_SESSION['auth'] = '';
exit_redirect('index.php');
break;
default:
exit_print('Action unkown');
break;
}
