function check_all($mail, $cn, $homephone, $mobile)
{
$error = 0;
if ($cn == '') {
$error = 1;
echo "Debe ingrear nombre y/o apellido como mínimo para el contacto con teléfono (si tiene) {$homephone} o correo (si tiene) {$mail} <br />";
} else {
if ($mail != '' && !check_email_address($mail)) {
$error = 1;
echo "El correo electrónico ({$mail}) no es válido<br />";
} else {
if (!check_name($cn)) {
$error = 1;
echo "El nombre ({$cn}) no es válido<br />";
} else {
if ($homephone != '' && !check_phone($homephone)) {
$error = 1;
echo "El primer teléfono ({$homephone}) no es válido<br />";
} else {
if ($mobile != '' && !check_phone($mobile)) {
$error = 1;
echo "El segundo teléfono ({$mobile}) no es válido<br />";
} else {
if ($mail == '' && $homephone == '') {
$error = 1;
echo "El contacto {$cn} debe tener teléfono o correo electrónico<br />";
}
}
}
}
}
}
return $error == 0;
}
function im_ali($id, $style = 0)
{
if ($id) {
if (!check_name($id) && strtoupper(DT_CHARSET) != 'UTF-8') {
$id = convert($id, 'GBK', 'UTF-8');
}
$id = urlencode($id);
return '<a href="http://amos.alicdn.com/msg.aw?v=2&uid=' . $id . '&site=cnalichn&s=6&charset=UTF-8" target="_blank" rel="nofollow"><img src="http://amos.alicdn.com/online.aw?v=2&uid=' . $id . '&site=cnalichn&s=6&charset=UTF-8" title="点击旺旺交谈/留言" alt="" align="absmiddle" onerror="this.src=DTPath+\'file/image/ali-off.gif\';" onload="if(this.width>20)this.src=SKPath+\'image/ali-off.gif\';"/></a>';
}
return '';
}
function get_chat_id($f, $t)
{
global $DT_TIME;
if (!check_name($f)) {
$chat_browerid = get_cookie('chat_browerid');
if (!preg_match("/^[a-z0-9]{6}\$/i", $chat_browerid)) {
$chat_browerid = random(6);
set_cookie('chat_browerid', $chat_browerid, $DT_TIME + 365 * 86400);
}
$f = md5($f . '|' . $chat_browerid . $_SERVER['HTTP_USER_AGENT']);
}
return md5(strcmp($f, $t) > 0 ? $f . '|' . $t : $t . '|' . $f);
}
function do_attrib($post, $pseudo)
{
$retour = "";
$start = "<tr class='mh_tdtitre' align='center'><td class='mh_tdpage'>";
$end = "</td></tr>";
if (array_key_exists('attrib', $post)) {
$nom_attrib = htmlspecialchars(trim($post['attrib']), ENT_QUOTES);
$pseudo = htmlspecialchars(trim($pseudo), ENT_QUOTES);
// vérifie les saisies
if (empty($nom_attrib)) {
$retour .= $start . "<h3>Veuillez saisir un nom d'attribution !</h3>" . $end;
}
if (!empty($nom_attrib) && !empty($pseudo)) {
$retour .= $start . "<h2>Nom de l'attribution : " . $nom_attrib . "</h3>" . $end;
// ajoute l'attribution au fichier xml si le nom n'existe pas
if (check_name($nom_attrib)) {
create_attrib($nom_attrib, $pseudo);
$retour .= $start . create_troll_form($nom_attrib) . $end;
} else {
$retour .= $start . "<h3>Le nom d'attribution existe déja !</h3>" . $end;
}
}
}
if (array_key_exists('chance', $post) && array_key_exists('pseudo', $post)) {
$nom_attrib = $post['hidden'];
$chance = intval(trim($post['chance']));
$pseudo = htmlspecialchars(trim($post['pseudo']), ENT_QUOTES, "UTF-8");
$retour .= $start . "<h2>Nom de l'attribution : " . $nom_attrib . "</h2>" . $end;
// vérifie les saisies
if (empty($pseudo)) {
$retour .= $start . "<h3>Veuillez saisir un nom de Troll !</h3>" . $end;
}
if (empty($chance) || !is_int($chance) || $chance <= 0) {
$retour .= $start . "<h3>Le nombre de chance est incorrecte ! ( Seulement un chiffre strictement supérieur à 0 )</h3>" . $end;
}
// ajoute le participant au fichier xml
if (!empty($pseudo) && !empty($chance) && is_int($chance) && $chance > 0) {
create_participant($pseudo, $chance);
}
$attrib = get_last_attribution(get_dom());
// affiche les deux formulaires ainsi que les participants
$retour .= $start . create_troll_form($nom_attrib) . $end;
if (check_participants($attrib)) {
$retour .= $start . get_participants($attrib) . $end;
}
$retour .= "<br/>";
$retour .= $start . create_validation_form($nom_attrib) . $end;
}
return $retour;
}
function im_ali($id, $style = 0)
{
if ($id) {
$tb = 0;
if (substr($id, 0, 3) == 'TB:') {
$tb = 1;
$id = substr($id, 3);
}
if (!check_name($id) && DT_CHARSET != 'UTF-8') {
$id = convert($id, 'GBK', 'UTF-8');
}
$id = urlencode($id);
return ($tb ? '<a href="http://www.taobao.com/webww/ww.php?ver=3&touid=' . $id . '&siteid=cntaobao&status=2&charset=UTF-8" target="_blank" rel="nofollow"><img src="http://amos.alicdn.com/realonline.aw?v=2&uid=' . $id . '&site=cntaobao&s=2&charset=UTF-8"' : '<a href="http://amos.alicdn.com/msg.aw?v=2&uid=' . $id . '&site=cnalichn&s=6&charset=UTF-8" target="_blank" rel="nofollow"><img src="http://amos.alicdn.com/online.aw?v=2&uid=' . $id . '&site=cnalichn&s=6&charset=UTF-8"') . ' title="点击旺旺交谈/留言" alt="" align="absmiddle" onerror="this.src=DTPath+\'file/image/ali-off.gif\';" onload="if(this.width>20)this.src=SKPath+\'image/ali-off.gif\';"/></a>';
}
return '';
}
function pass($post)
{
global $L;
if (!is_array($post)) {
return false;
}
if (!check_name($post['username'])) {
return $this->_($L['expert_pass_username']);
}
if (!$post['title']) {
return $this->_($L['expert_pass_truename']);
}
if (strlen($post['major']) < 4) {
return $this->_($L['expert_pass_major']);
}
return true;
}
function _moduleContent(&$smarty, $module_name)
{
global $arrConf;
//folder path for custom templates
$local_templates_dir = getWebDirModule($module_name);
//conexion resource
$pDB = new paloDB($arrConf['elastix_dsn']["elastix"]);
//user credentials
global $arrCredentials;
$dsn_agi_manager = getDNSAGIManager();
$action = getAction();
$content = "";
switch ($action) {
case "add":
$content = form_Recordings($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $arrCredentials);
break;
case "record":
$content = record($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $dsn_agi_manager, $arrCredentials);
break;
case "hangup":
$content = hangup($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $dsn_agi_manager, $arrCredentials);
break;
case "save":
$content = save_recording($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $arrCredentials);
break;
case "remove":
$content = remove_recording($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $arrCredentials);
break;
case "check_call_status":
$content = checkCallStatus("call_status", $smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $dsn_agi_manager, $arrCredentials);
break;
case "checkName":
$content = check_name($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $dsn_agi_manager, $arrCredentials);
break;
case "download":
$content = downloadFile($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $dsn_agi_manager, $arrCredentials);
break;
default:
$content = reportRecording($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $arrCredentials);
break;
}
return $content;
}
function register_user()
{
global $db;
try {
$user = $_POST['user'];
$name = $_POST['name'];
$email = $_POST['email'];
$hashPass = $_POST['pass'];
$confirmationPass = $_POST['confPass'];
if ($confirmationPass != $hashPass) {
$msg = "Passwords don't match";
return $msg;
} else {
if (!check_user_name($user)) {
$msg = "Only letters and numbers allowed for UserName";
return $msg;
} else {
if (!check_name($name)) {
$msg = "Only letters and white space allowed for Name";
return $msg;
} else {
if (!check_email_exists($email)) {
$msg = "E-mail already used";
return $msg;
} else {
if (!check_user($user)) {
$msg = "Username already taken, please choose another";
return $msg;
} else {
$pass = md5($hashPass);
$ins = $db->prepare('INSERT INTO User (user,name,email,password) Values (?, ?, ?, ?)');
$ins->execute(array($user, $name, $email, $pass));
return send_email($email, $name);
}
}
}
}
}
} catch (PDOException $e) {
echo $e->getMessage();
}
}
function pass($post)
{
global $L;
if (!is_array($post)) {
return false;
}
if (!$post['catid']) {
return $this->_(lang('message->pass_catid'));
}
if (!$post['title']) {
return $this->_($L['group_pass_title']);
}
if (!is_url($post['thumb'])) {
return $this->_($L['group_pass_thumb']);
}
if (!check_name($post['username'])) {
return $this->_($L['group_pass_username']);
}
return true;
}
function update_company_setting($userid, $setting)
{
global $db;
$S = get_company_setting($userid);
foreach ($setting as $k => $v) {
if (!check_name($k)) {
continue;
}
if (is_array($v)) {
foreach ($v as $i => $j) {
$v[$i] = str_replace(',', '', $j);
}
$v = implode(',', $v);
}
if (isset($S[$k])) {
$db->query("UPDATE {$db->pre}company_setting SET item_value='{$v}' WHERE userid={$userid} AND item_key='{$k}'");
} else {
$db->query("INSERT INTO {$db->pre}company_setting (userid,item_key,item_value) VALUES ('{$userid}','{$k}','{$v}')");
}
}
return true;
}
function set($post)
{
global $MOD, $DT_TIME, $_username, $_userid;
$post['addtime'] = isset($post['addtime']) && $post['addtime'] ? strtotime($post['addtime']) : $DT_TIME;
$post['edittime'] = $DT_TIME;
check_name($post['ask']) or $post['ask'] = '';
$post['title'] = trim($post['title']);
$post['content'] = addslashes(save_remote(save_local(stripslashes($post['content']))));
$post['introduce'] = addslashes(get_intro($post['content'], 120));
clear_upload($post['content']);
if ($this->itemid) {
$post['editor'] = $_username;
$new = $post['content'];
$r = $this->get_one();
$old = $r['content'];
delete_diff($new, $old);
}
$content = $post['content'];
unset($post['content']);
$post = dhtmlspecialchars($post);
$post['content'] = dsafe($content);
$post['content'] = addslashes(save_remote(save_local(stripslashes($post['content']))));
return array_map("trim", $post);
}
if ($dontshowtableagain != 1) {
if (!empty($delete_errors)) {
$main_content .= '<div class="SmallBox" > <div class="MessageContainer" > <div class="BoxFrameHorizontal" style="background-image:url(' . $layout_name . '/images/content/box-frame-horizontal.gif);" /></div> <div class="BoxFrameEdgeLeftTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></div> <div class="BoxFrameEdgeRightTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></div> <div class="ErrorMessage" > <div class="BoxFrameVerticalLeft" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></div> <div class="BoxFrameVerticalRight" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></div> <div class="AttentionSign" style="background-image:url(' . $layout_name . '/images/content/attentionsign.gif);" /></div><b>The Following Errors Have Occurred:</b><br/>';
foreach ($delete_errors as $delete_error) {
$main_content .= '<li>' . $delete_error;
}
$main_content .= '</div> <div class="BoxFrameHorizontal" style="background-image:url(' . $layout_name . '/images/content/box-frame-horizontal.gif);" /></div> <div class="BoxFrameEdgeRightBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></div> <div class="BoxFrameEdgeLeftBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></div> </div></div><br/>';
}
$main_content .= 'To delete a character enter the name of the character and your password.<br/><br/><form action="?subtopic=accountmanagement&action=deletecharacter" method="post" ><input type="hidden" name="deletecharactersave" value="1"><div class="TableContainer" > <table class="Table1" cellpadding="0" cellspacing="0" > <div class="CaptionContainer" > <div class="CaptionInnerContainer" > <span class="CaptionEdgeLeftTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span> <span class="CaptionEdgeRightTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span> <span class="CaptionBorderTop" style="background-image:url(' . $layout_name . '/images/content/table-headline-border.gif);" ></span> <span class="CaptionVerticalLeft" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></span> <div class="Text" >Delete Character</div> <span class="CaptionVerticalRight" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></span> <span class="CaptionBorderBottom" style="background-image:url(' . $layout_name . '/images/content/table-headline-border.gif);" ></span> <span class="CaptionEdgeLeftBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span> <span class="CaptionEdgeRightBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span> </div> </div> <tr> <td> <div class="InnerTableContainer" > <table style="width:100%;" ><tr><td class="LabelV" ><span >Character Name:</td><td style="width:90%;" ><input name="delete_name" value="" size="30" maxlength="29" ></td></tr><tr><td class="LabelV" ><span >Password:</td><td><input type="password" name="delete_password" size="30" maxlength="29" ></td></tr> </table> </div> </table></div></td></tr><br/><table style="width:100%" ><tr align="center" ><td><table border="0" cellspacing="0" cellpadding="0" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url(' . $layout_name . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $layout_name . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Submit" alt="Submit" src="' . $layout_name . '/images/buttons/_sbutton_submit.gif" ></div></div></td><tr></form></table></td><td><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url(' . $layout_name . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $layout_name . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $layout_name . '/images/buttons/_sbutton_back.gif" ></div></div></td></tr></form></table></td></tr></table>';
}
}
//### UNDELETE character from account ###
if ($action == "undelete") {
$player_name = trim($_GET['name']);
if (!empty($player_name)) {
if (check_name($player_name)) {
$player = new Player();
$player->find($player_name);
if ($player->isLoaded()) {
$player_account = $player->getAccount();
if ($account_logged->getId() == $player_account->getId()) {
if (!$player->isOnline()) {
$player->set('deleted', 0);
$player->save();
$main_content .= '<div class="TableContainer" > <table class="Table1" cellpadding="0" cellspacing="0" > <div class="CaptionContainer" > <div class="CaptionInnerContainer" > <span class="CaptionEdgeLeftTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span> <span class="CaptionEdgeRightTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span> <span class="CaptionBorderTop" style="background-image:url(' . $layout_name . '/images/content/table-headline-border.gif);" ></span> <span class="CaptionVerticalLeft" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></span> <div class="Text" >Character Undeleted</div> <span class="CaptionVerticalRight" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></span> <span class="CaptionBorderBottom" style="background-image:url(' . $layout_name . '/images/content/table-headline-border.gif);" ></span> <span class="CaptionEdgeLeftBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span> <span class="CaptionEdgeRightBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span> </div> </div> <tr> <td> <div class="InnerTableContainer" > <table style="width:100%;" ><tr><td>The character <b>' . htmlspecialchars($player_name) . '</b> has been undeleted.</td></tr> </table> </div> </table></div></td></tr><br><center><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url(' . $layout_name . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $layout_name . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $layout_name . '/images/buttons/_sbutton_back.gif" ></div></div></td></tr></form></table></center>';
} else {
$delete_errors[] = 'This character is online.';
}
} else {
$delete_errors[] = 'Character <b>' . htmlspecialchars($player_name) . '</b> is not on your account.';
}
//-----------------------------------------------------------------------------//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------//-----------------------------------------------------------------------------
if ($action == 'passleadership') {
$guild_id = (int) $_REQUEST['guild'];
$pass_to = trim($_REQUEST['player']);
if (empty($guild_errors)) {
$guild = new Guild();
$guild->load($guild_id);
if (!$guild->isLoaded()) {
$guild_errors[] = 'Guild with ID <b>' . $guild_id . '</b> doesn\'t exist.';
}
}
if (empty($guild_errors)) {
if ($_POST['todo'] == 'save') {
if (!check_name($pass_to)) {
$guild_errors2[] = 'Invalid player name format.';
}
if (empty($guild_errors2)) {
$to_player = new Player();
$to_player->find($pass_to);
if (!$to_player->isLoaded()) {
$guild_errors2[] = 'Player with name <b>' . htmlspecialchars($pass_to) . '</b> doesn\'t exist.';
}
if (empty($guild_errors2)) {
$to_player_rank = $to_player->getRank();
if (!empty($to_player_rank)) {
$to_player_guild = $to_player_rank->getGuild();
if ($to_player_guild->getId() != $guild->getId()) {
$guild_errors2[] = 'Player with name <b>' . htmlspecialchars($to_player->getName()) . '</b> isn\'t from your guild.';
}
}
} else {
$main_content .= 'Player or account of player <b>' . htmlspecialchars($nick) . '</b> doesn\'t exist.';
}
} else {
$main_content .= 'Invalid player name format. If you have other characters on account try with other name.';
}
$main_content .= '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><center>
<a href="?subtopic=lostaccount&action=step1&action_type=reckey&nick=' . urlencode($nick) . '" border="0"><IMG SRC="' . $layout_name . '/images/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></center>
</TD></TR></FORM></TABLE></TABLE>';
} elseif ($action == 'step3') {
$rec_key = trim($_REQUEST['key']);
$nick = $_REQUEST['nick'];
$new_pass = trim($_REQUEST['passor']);
$new_email = trim($_REQUEST['email']);
if (check_name($nick)) {
$player = new Player();
$account = new Account();
$player->find($nick);
if ($player->isLoaded()) {
$account = $player->getAccount();
}
if ($account->isLoaded()) {
$account_key = $account->getCustomField('key');
if (!empty($account_key)) {
if ($account_key == $rec_key) {
if (check_password($new_pass)) {
if (check_mail($new_email)) {
$account->setEMail($new_email);
$account->setPassword($new_pass);
$account->save();
<?php
/*
[Destoon B2B System] Copyright (c) 2008-2015 www.destoon.com
This is NOT a freeware, use is subject to license.txt
*/
$moduleid = 10;
require 'common.inc.php';
require DT_ROOT . '/module/club/common.inc.php';
$head_title = $MOD['name'] . $DT['seo_delimiter'] . $head_title;
switch ($action) {
case 'user':
isset($username) && check_name($username) or $username = '';
$username or mobile_msg($L['msg_not_user']);
$_userid or dheader('login.php?forward=' . urlencode('know.php?action=' . $action . '&username='******'msg_not_user']);
$typeid = isset($typeid) && $typeid == 1 ? 1 : 0;
if ($typeid == 1) {
$condition = "status=3 AND username='******'";
$r = $db->get_one("SELECT COUNT(*) AS num FROM {$table}_answer WHERE {$condition}", 'CACHE');
$items = $r['num'];
$pages = mobile_pages($items, $page, $pagesize);
$lists = array();
if ($items) {
$result = $db->query("SELECT * FROM {$table}_answer WHERE {$condition} ORDER BY addtime DESC LIMIT {$offset},{$pagesize}");
while ($r = $db->fetch_array($result)) {
$r['title'] = get_intro($r['content'], 50);
$r['date'] = timetodate($r['addtime'], 'Y/m/d H:i');
$lists[] = $r;
}
//query
$link;
$str_query;
$str_update;
$result;
//query result
$row;
//1 data array
$return_string;
//1.get information from client
if (($cmd = check_command($_GET["cmd"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR_CMD;
return;
}
if (($searchTraineesNameSpeaker = check_name($_GET["searchTraineesNameSpeaker"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR;
return;
}
//link
$link = @mysqli_connect(DB_HOST, ADMIN_ACCOUNT, ADMIN_PASSWORD, CONNECT_DB);
if (!$link) {
sleep(DELAY_SEC);
echo DB_ERROR;
return;
}
//----- query -----
//***Step16 页面搜索SQl语句 起始
$str_query1 = "select te.TrainingId, te.UserId, te.RegisterDate, te.Status, ti.TrainingName, ti.ApproreLevel, u.UserName, u.EmployeeId, ti.SpeakerName \nfrom trainees as te left join trainings as ti on te.TrainingId = ti.TrainingId\nleft join wutian.users as u on te.UserId = u.UserId where te.Status >=0 and ExamineUser like '%,{$user_id},%'";
//TODO: trim space
//query
$link;
$str_query;
$str_update;
$result;
//query result
$row;
//1 data array
$return_string;
//1.get information from client
if (($cmd = check_command($_GET["cmd"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR_CMD;
return;
}
if (($searchCoursewaresNameDesc = check_name($_GET["searchCoursewaresNameDesc"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR;
return;
}
if (($statusCheckbox = check_number($_GET["statusCheckbox"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR;
return;
}
//link
$link = @mysqli_connect(DB_HOST, ADMIN_ACCOUNT, ADMIN_PASSWORD, CONNECT_DB);
if (!$link) {
sleep(DELAY_SEC);
echo DB_ERROR;
return;
//query
$link;
$str_query;
$str_update;
$result;
//query result
$row;
//1 data array
$return_string;
//1.get information from client
if (($cmd = check_command($_GET["cmd"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR_CMD;
return;
}
if (($searchFilesNameCode = check_name($_GET["searchFilesNameCode"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR;
return;
}
if (($statusCheckbox = check_number($_GET["statusCheckbox"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR;
return;
}
if (($searchFilesfrom1 = check_range_begin($_GET["searchFilesfrom1"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR;
return;
}
if (($searchFilesto1 = check_range_end($_GET["searchFilesto1"])) == SYMBOL_ERROR) {
<?php
/*
[Destoon B2B System] Copyright (c) 2008-2015 www.destoon.com
This is NOT a freeware, use is subject to license.txt
*/
$_COOKIE = array();
require '../common.inc.php';
if ($DT_BOT) {
dhttp(403);
}
$username = isset($username) ? trim($username) : '';
$userid = isset($userid) ? intval($userid) : 0;
$style = isset($style) ? intval($style) : 0;
$online = 0;
if (check_name($username)) {
$o = $db->get_one("SELECT online FROM {$DT_PRE}online WHERE username='******'");
if ($o && $o['online']) {
$online = 1;
}
} else {
if ($userid) {
$o = $db->get_one("SELECT online FROM {$DT_PRE}online WHERE userid={$userid}");
if ($o && $o['online']) {
$online = 1;
}
}
}
$ico = DT_STATIC . 'file/image/web' . ($style ? $style : '') . ($online ? '' : '-off') . '.gif';
dheader($ico);
</tr>
<?php
foreach ($lists as $k => $v) {
?>
<tr onmouseover="this.className='on';" onmouseout="this.className='';" align="center">
<td><input type="checkbox" name="chatid[]" value="<?php
echo $v['chatid'];
?>
"/></td>
<td><img src="<?php
echo useravatar($v['fromuser']);
?>
" style="padding:5px;"/></td>
<td>
<?php
if (check_name($v['fromuser'])) {
?>
<a href="javascript:_user('<?php
echo $v['fromuser'];
?>
')"><?php
echo $v['fromuser'];
?>
</a>
<?php
} else {
?>
<a href="javascript:_ip('<?php
echo $v['fromuser'];
?>
')" title="IP:<?php
$buy_id = (int) $_POST['buy_id'];
$buy_name = trim($_POST['buy_name']);
$buy_from = trim($_POST['buy_from']);
if (empty($buy_from)) {
$buy_from = 'Anonymous';
}
if (empty($buy_id)) {
$errormessage .= 'Please <a href="?subtopic=shopsystem">select item</a> first.';
} else {
if (!check_name($buy_from)) {
$errormessage .= 'Invalid nick ("from player") format. Please <a href="?subtopic=shopsystem&action=select_player&buy_id=' . $buy_id . '">select other name</a> or contact with administrator.';
} else {
$buy_offer = getItemByID($buy_id);
if (isset($buy_offer['id'])) {
if ($user_premium_points >= $buy_offer['points']) {
if (check_name($buy_name)) {
$buy_player = new Player();
$buy_player->find($buy_name);
if ($buy_player->isLoaded()) {
$buy_player_account = $buy_player->getAccount();
if ($_SESSION['viewed_confirmation_page'] == 'yes' && $_POST['buy_confirmed'] == 'yes') {
if ($buy_offer['type'] == 'item') {
$sql = 'INSERT INTO ' . $SQL->tableName('z_ots_comunication') . ' (' . $SQL->fieldName('id') . ',' . $SQL->fieldName('name') . ',' . $SQL->fieldName('type') . ',' . $SQL->fieldName('action') . ',' . $SQL->fieldName('param1') . ',' . $SQL->fieldName('param2') . ',' . $SQL->fieldName('param3') . ',' . $SQL->fieldName('param4') . ',' . $SQL->fieldName('param5') . ',' . $SQL->fieldName('param6') . ',' . $SQL->fieldName('param7') . ',' . $SQL->fieldName('delete_it') . ') VALUES (NULL, ' . $SQL->quote($buy_player->getName()) . ', ' . $SQL->quote('login') . ', ' . $SQL->quote('give_item') . ', ' . $SQL->quote($buy_offer['item_id']) . ', ' . $SQL->quote($buy_offer['item_count']) . ', ' . $SQL->quote('') . ', ' . $SQL->quote('') . ', ' . $SQL->quote('item') . ', ' . $SQL->quote($buy_offer['name']) . ', ' . $SQL->quote($buy_offer['id']) . ', ' . $SQL->quote(1) . ');';
$SQL->query($sql);
$save_transaction = 'INSERT INTO ' . $SQL->tableName('z_shop_history_item') . ' (' . $SQL->fieldName('id') . ',' . $SQL->fieldName('to_name') . ',' . $SQL->fieldName('to_account') . ',' . $SQL->fieldName('from_nick') . ',' . $SQL->fieldName('from_account') . ',' . $SQL->fieldName('price') . ',' . $SQL->fieldName('offer_id') . ',' . $SQL->fieldName('trans_state') . ',' . $SQL->fieldName('trans_start') . ',' . $SQL->fieldName('trans_real') . ') VALUES (' . $SQL->lastInsertId() . ', ' . $SQL->quote($buy_player->getName()) . ', ' . $SQL->quote($buy_player_account->getId()) . ', ' . $SQL->quote($buy_from) . ', ' . $SQL->quote($account_logged->getId()) . ', ' . $SQL->quote($buy_offer['points']) . ', ' . $SQL->quote($buy_offer['name']) . ', ' . $SQL->quote('wait') . ', ' . $SQL->quote(time()) . ', ' . $SQL->quote(0) . ');';
$SQL->query($save_transaction);
$account_logged->setCustomField('premium_points', $user_premium_points - $buy_offer['points']);
$user_premium_points = $user_premium_points - $buy_offer['points'];
$main_content .= '<TABLE WIDTH=100% BORDER=0 CELLSPACING=1 CELLPADDING=4>
<TR><TD BGCOLOR="' . $config['site']['vdarkborder'] . '" ALIGN=left CLASS=white><B>Item added!</B></TD></TR>
<TR><TD BGCOLOR="' . $config['site']['lightborder'] . '" ALIGN=left><b>' . htmlspecialchars($buy_offer['name']) . '</b> added to player <b>' . htmlspecialchars($buy_player->getName()) . '</b> items (he will get this items after relog) for <b>' . $buy_offer['points'] . ' premium points</b> from your account.<br />Now you have <b>' . $user_premium_points . ' premium points</b>.<br /><a href="?subtopic=shopsystem">GO TO MAIN SHOP SITE</a></TD></TR>
<?php
defined('IN_DESTOON') or exit('Access Denied');
require DT_ROOT . '/module/' . $module . '/common.inc.php';
$reason = $L['invite_title'];
$userurl = '';
if (isset($user) && check_name($user)) {
$c = $db->get_one("SELECT linkurl,username FROM {$DT_PRE}company WHERE username='******'");
if ($c) {
$userurl = $c['linkurl'];
$user = $username = $c['username'];
$could_credit = true;
if ($MOD['credit_ip'] <= 0) {
$could_credit = false;
}
if ($could_credit) {
$r = $db->get_one("SELECT itemid FROM {$DT_PRE}finance_credit WHERE note='{$DT_IP}' AND addtime>{$DT_TIME}-86400");
if ($r) {
$could_credit = false;
}
}
if ($could_credit && $MOD['credit_maxip'] > 0) {
$r = $db->get_one("SELECT SUM(amount) AS total FROM {$DT_PRE}finance_credit WHERE username='******' AND addtime>{$DT_TIME}-86400 AND reason='{$reason}'");
if ($r['total'] > $MOD['credit_maxip']) {
$could_credit = false;
}
}
if ($could_credit) {
credit_add($username, $MOD['credit_ip']);
credit_record($username, $MOD['credit_ip'], 'system', $reason, $DT_IP);
set_cookie('inviter', encrypt($username, DT_KEY . 'INVITER'), $DT_TIME + 30 * 86400);
$username = $domain = '';
if (isset($homepage) && check_name($homepage)) {
$username = $homepage;
} else {
if (!$cityid) {
$host = get_env('host');
if (substr($host, 0, 4) == 'www.') {
$whost = $host;
$host = substr($host, 4);
} else {
$whost = $host;
}
if ($host && strpos(DT_PATH, $host) === false) {
if (substr($host, -strlen($CFG['com_domain'])) == $CFG['com_domain']) {
$www = substr($host, 0, -strlen($CFG['com_domain']));
if (check_name($www)) {
$username = $homepage = $www;
} else {
include load('company.lang');
$head_title = $L['not_company'];
dhttp(404, $DT_BOT);
include template('com-notfound', 'message');
exit;
}
} else {
if ($whost == $host) {
//301 xxx.com to www.xxx.com
$w3 = 'www.' . $host;
$c = $db->get_one("SELECT userid FROM {$DT_PRE}company WHERE domain='{$w3}'");
if ($c) {
d301('http://' . $w3);
function admin_notice()
{
global $DT, $MODULE, $db, $moduleid, $file, $itemid, $action, $reason, $msg, $eml, $sms, $wec;
if (!is_array($itemid)) {
return;
}
if (count($itemid) == 0) {
return;
}
$S = array('delete' => '已经被删除', 'check' => '已经通过审核', 'reject' => '没有通过审核', 'onsale' => '已经上架', 'unsale' => '已经下架');
$N = array('honor' => '荣誉资质', 'news' => '公司新闻', 'page' => '公司单页', 'link' => '友情链接');
if (!isset($S[$action])) {
return;
}
if ($moduleid > 4) {
$table = get_table($moduleid);
$name = $MODULE[$moduleid]['name'];
if ($moduleid == 9) {
if ($file == 'resume') {
$table = $db->pre . $file;
$name = '简历';
} else {
$name = '招聘';
}
} else {
if ($moduleid == 16) {
$name = '商品';
}
}
} else {
if (isset($N[$file])) {
$table = $db->pre . $file;
$name = $N[$file];
} else {
return;
}
}
if ($reason == '操作原因') {
$reason = '';
}
$msg = isset($msg) ? 1 : 0;
if (strlen($reason) > 2) {
$msg = 1;
}
$eml = isset($eml) ? 1 : 0;
if ($msg == 0 && $eml == 0) {
return;
}
$sms = isset($sms) ? 1 : 0;
$wec = isset($wec) ? 1 : 0;
if ($msg == 0) {
$sms = $wec = 0;
}
$result = $db->query("SELECT itemid,title,username,linkurl FROM {$table} WHERE itemid IN (" . implode(',', $itemid) . ")");
while ($r = $db->fetch_array($result)) {
$username = $r['username'];
if (!check_name($username)) {
continue;
}
$title = $r['title'];
$linkurl = strpos($r['linkurl'], '://') === false ? $MODULE[$moduleid]['linkurl'] . $r['linkurl'] : $r['linkurl'];
$subject = '您发布的[' . $name . ']' . $title . '(ID:' . $r['itemid'] . ')' . $S[$action];
$body = '尊敬的会员:<br/>您发布的[' . $name . ']<a href="' . $linkurl . '" target="_blank">' . $title . '</a>(ID:' . $r['itemid'] . ')' . $S[$action] . '!<br/>';
if ($reason) {
$body .= '操作原因:<br/>' . $reason . '<br/>';
}
$body .= '如果您对此操作有异议,请及时与网站联系。';
if ($msg) {
send_message($username, $subject, $body);
}
if ($wec) {
send_weixin($username, $subject);
}
if ($eml || $sms) {
$user = userinfo($username);
if ($eml) {
send_mail($user['email'], $subject, $body);
}
if ($sms) {
send_sms($user['mobile'], $subject . $DT['sms_sign']);
}
}
}
}
$items = $sum;
} else {
$r = $db->get_one("SELECT COUNT(*) AS num FROM {$DT_PRE}member_check WHERE {$condition}");
$items = $r['num'];
}
$pages = pages($items, $page, $pagesize);
$lists = array();
$result = $db->query("SELECT * FROM {$DT_PRE}member_check WHERE {$condition} ORDER BY addtime DESC LIMIT {$offset},{$pagesize}");
while ($r = $db->fetch_array($result)) {
$r['addtime'] = timetodate($r['addtime'], 6);
$lists[] = $r;
}
include tpl('validate_member', $module);
break;
case 'show':
check_name($username) or msg();
$t = $db->get_one("SELECT * FROM {$DT_PRE}member_check WHERE username='******'");
$t or msg('记录不存在');
$U = userinfo($username);
$U or msg('会员不存在');
$E = dstripslashes(unserialize($t['content']));
$userid = $U['userid'];
$content_table = content_table(4, $userid, is_file(DT_CACHE . '/4.part'), $DT_PRE . 'company_data');
$t = $db->get_one("SELECT * FROM {$content_table} WHERE userid={$userid}");
$U['content'] = $t['content'];
if (isset($E['regunit']) && !isset($E['capital'])) {
$E['capital'] = $U['capital'];
}
if ($submit) {
$sql1 = $sql2 = $sql3 = '';
if (in_array('thumb', $pass) && isset($E['thumb'])) {
<?php
$name = stripslashes(ucwords(strtolower(trim($_REQUEST['name']))));
if (empty($name)) {
$main_content .= 'Here you can get detailed information about a certain player on ' . $config['server']['serverName'] . '.<BR> <FORM ACTION="?subtopic=characters" METHOD=post><TABLE WIDTH=100% BORDER=0 CELLSPACING=1 CELLPADDING=4><TR><TD BGCOLOR="' . $config['site']['vdarkborder'] . '" CLASS=white><B>Search Character</B></TD></TR><TR><TD BGCOLOR="' . $config['site']['darkborder'] . '"><TABLE BORDER=0 CELLPADDING=1><TR><TD>Name:</TD><TD><INPUT NAME="name" VALUE=""SIZE=29 MAXLENGTH=29></TD><TD><INPUT TYPE=image NAME="Submit" SRC="' . $layout_name . '/images/buttons/sbutton_submit.gif" BORDER=0 WIDTH=120 HEIGHT=18></TD></TR></TABLE></TD></TR></TABLE></FORM>';
} else {
if (check_name($name)) {
$player = $ots->createObject('Player');
$player->find($name);
if ($player->isLoaded()) {
$account = $player->getAccount();
$main_content .= '<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%><TR><TD><IMG SRC="' . $layout_name . '/images/general/blank.gif" WIDTH=10 HEIGHT=1 BORDER=0></TD><TD><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR=' . $config['site']['vdarkborder'] . '><TD COLSPAN=2 CLASS=white><B>Character Information</B></TD></TR>';
if (is_int($number_of_rows / 2)) {
$bgcolor = $config['site']['darkborder'];
} else {
$bgcolor = $config['site']['lightborder'];
}
$number_of_rows++;
$main_content .= '<TR BGCOLOR="' . $bgcolor . '"><TD WIDTH=20%>Name:</TD><TD><font color="';
$main_content .= $player->isOnline() ? 'green' : 'red';
$main_content .= '"><b>' . $player->getName() . '</b></font>';
if ($player->isDeleted()) {
$main_content .= '<font color="red"> [DELETED]</font>';
}
if ($player->isNameLocked()) {
$main_content .= '<font color="red"> [NAMELOCK]</font>';
}
$main_content .= '</TD></TR>';
if ($player->getOldName()) {
if (is_int($number_of_rows / 2)) {
$bgcolor = $config['site']['darkborder'];
function userinfo($username, $cache = 1)
{
global $db, $dc, $CFG;
if (!check_name($username)) {
return array();
}
$user = array();
if ($cache && $CFG['db_expires']) {
$user = $dc->get('user-' . $username);
if ($user) {
return $user;
}
}
$user = $db->get_one("SELECT * FROM {$db->pre}member m, {$db->pre}company c WHERE m.userid=c.userid AND m.username='******'");
if ($cache && $CFG['db_expires'] && $user) {
$dc->set('user-' . $username, $user, $CFG['db_expires']);
}
return $user;
}
$db->query("INSERT INTO {$DT_PRE}validate (type,username,ip,addtime,status,title,editor,edittime) VALUES ('email','{$username}','{$DT_IP}','{$DT_TIME}','3','{$email}','system','{$DT_TIME}')");
}
require MD_ROOT . '/member.class.php';
$do = new member();
$do->login($username, '', 0, true);
message($L['send_check_success'], $MOD['linkurl']);
} else {
if ($DT['mail_type'] == 'close') {
message($L['send_mail_close']);
}
if ($MOD['checkuser'] != 2) {
dheader(DT_PATH);
}
if ($submit) {
captcha($captcha);
check_name($username) or message($L['send_check_username_bad']);
$user = userinfo($username);
if ($user) {
if ($user['groupid'] != 4) {
dalert($L['send_check_deny'], DT_PATH);
}
if ($user['password'] != dpassword($password, $user['passsalt'])) {
message($L['send_check_password_bad']);
}
$email = trim($email);
if ($email && $email != $user['email']) {
is_email($email) or message($L['send_check_email_bad']);
$r = $db->get_one("SELECT userid FROM {$DT_PRE}member WHERE email='{$email}'");
if ($r) {
message($L['send_check_email_repeat']);
}
//query
$link;
$str_query;
$str_update;
$result;
//query result
$row;
//1 data array
$return_string;
//1.get information from client
if (($cmd = check_command($_GET["cmd"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR_CMD;
return;
}
if (($searchpptsNameDesc = check_name($_GET["searchpptsNameDesc"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR;
return;
}
if (($statusCheckbox = check_number($_GET["statusCheckbox"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR;
return;
}
if (($searchpptsfrom1 = check_range_begin($_GET["searchpptsfrom1"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR;
return;
}
if (($searchpptsto1 = check_range_end($_GET["searchpptsto1"])) == SYMBOL_ERROR) {
//query
$link;
$str_query;
$str_update;
$result;
//query result
$row;
//1 data array
$return_string;
//1.get information from client
if (($cmd = check_command($_GET["cmd"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR_CMD;
return;
}
if (($searchRollCallsName = check_name($_GET["searchRollCallsName"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR;
return;
}
if (($statusCheckbox = check_number($_GET["statusCheckbox"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR;
return;
}
if (($searchRollCallsfrom12 = check_range_begin($_GET["searchRollCallsfrom12"])) == SYMBOL_ERROR) {
sleep(DELAY_SEC);
echo SYMBOL_ERROR;
return;
}
if (($searchRollCallsto12 = check_range_end($_GET["searchRollCallsto12"])) == SYMBOL_ERROR) {
){kind=link}