function index()
{
global $smarty, $viewhelper, $tpl_dir;
$this->loadModel("userpage");
$smarty->setTemplateDir(PHPB2B_ROOT . $tpl_dir . DS, 'pages');
$conditions = array();
$tpl_file = "pages/default";
!empty($_GET) && ($_GET = clear_html($_GET));
if (isset($_GET['id'])) {
$id = intval($_GET['id']);
$conditions[] = "id=" . $id;
} elseif (!empty($_GET['name'])) {
$conditions[] = "name='" . trim($_GET['name']) . "' OR title='" . trim($_GET['name']) . "'";
} elseif (!empty($_GET['title'])) {
$conditions[] = "title='" . trim($_GET['title']) . "' OR name='" . trim($_GET['title']) . "'";
}
$this->userpage->setCondition($conditions);
$result = $this->userpage->dbstuff->GetRow("SELECT * FROM {$this->userpage->table_prefix}userpages " . $this->userpage->getCondition());
if (!empty($result)) {
$title = $result['title'];
$viewhelper->setTitle($title);
$viewhelper->setPosition($title);
if (!empty($result['templet_name'])) {
$tpl_file = "pages/" . $result['templet_name'];
} elseif ($viewhelper->tpl_exists($smarty->template_dir . "pages/" . $result['name'] . $smarty->tpl_ext)) {
$tpl_file = "pages/" . $result['name'];
}
setvar("item", pb_lang_split_recursive($result));
} else {
setvar("item", array());
}
$smarty->assign('position', $viewhelper->getPosition());
$smarty->assign('page_title', $viewhelper->getTitle());
$smarty->display($tpl_file . $smarty->tpl_ext);
}
function __construct()
{
!empty($_GET) && ($_GET = clear_html($_GET));
if (isset($_GET['q'])) {
$this->keyword = $_GET['q'] = strip_tags(htmlspecialchars($_GET['q']));
}
if (!empty($_GET['module']) && in_array($_GET['module'], $this->allowed_search)) {
$this->module = strip_tags(htmlspecialchars($_GET['module']));
}
setvar("module", $this->module);
}
$perpage = 20;
$rs = $db->fetch_one_array("select count(*) as total_num from {$sql_do}");
$total_num = $rs['total_num'];
$start_num = ($pg - 1) * $perpage;
$q = $db->query("select fl.userid,file_id,file_key,file_name,file_extension,file_size,file_time,server_oid,file_store_path,file_real_name,is_image,file_downs,file_views,u.username from {$sql_do} order by {$sql_order} limit {$start_num},{$perpage}");
$files_array = array();
while ($rs = $db->fetch_array($q)) {
$tmp_ext = $rs['file_extension'] ? '.' . $rs['file_extension'] : "";
$rs['file_thumb'] = get_file_thumb($rs);
$rs['file_name_all'] = str_ireplace($word, '<span class=txtred>' . $word . '</span>', filter_word($rs['file_name'] . $tmp_ext));
$rs[file_name] = filter_word($rs['file_name'] . $tmp_ext);
$rs['file_size'] = get_size($rs['file_size']);
$rs['file_time'] = date("Y-m-d", $rs['file_time']);
$rs['a_downfile'] = urr("downfile", "file_id={$rs['file_id']}&file_key={$rs['file_key']}");
$rs['a_viewfile'] = urr("viewfile", "file_id={$rs['file_id']}");
$rs[file_description] = clear_html($rs[file_description], 50);
$rs['a_space'] = urr("space", "username="******"search", "action=search&word=" . rawurlencode($word) . "&scope={$scope}&n={$n_t}");
$_REQUEST['allow_cats'][] = "all";
}
if (!count($_REQUEST['cat_add'])) {
$_REQUEST['cat_add'][] = "all";
}
if (!count($_REQUEST['cat_allow_addnews'])) {
$_REQUEST['cat_allow_addnews'][] = "all";
}
$group_name = $db->safesql(strip_tags(clear_html($_REQUEST['group_name'])));
$group_icon = $db->safesql(strip_tags(clear_html($_REQUEST['group_icon'])));
$files_type = $db->safesql(strip_tags(clear_html($_REQUEST['files_type'])));
$group_prefix = $db->safesql(trim(clear_html($_REQUEST['group_prefix'])));
$group_suffix = $db->safesql(trim(clear_html($_REQUEST['group_suffix'])));
$allow_cats = $db->safesql(clear_html(implode(',', $_REQUEST['allow_cats'])));
$cat_add = $db->safesql(clear_html(implode(',', $_REQUEST['cat_add'])));
$cat_allow_addnews = $db->safesql(clear_html(implode(',', $_REQUEST['cat_allow_addnews'])));
$allow_admin = intval($_REQUEST['allow_admin']);
$allow_offline = intval($_REQUEST['allow_offline']);
$allow_main = intval($_REQUEST['allow_main']);
$allow_adds = intval($_REQUEST['allow_adds']);
$moderation = intval($_REQUEST['moderation']);
$allow_edit = intval($_REQUEST['allow_edit']);
$allow_all_edit = intval($_REQUEST['allow_all_edit']);
$allow_addc = intval($_REQUEST['allow_addc']);
$allow_editc = intval($_REQUEST['allow_editc']);
$allow_delc = intval($_REQUEST['allow_delc']);
$edit_allc = intval($_REQUEST['edit_allc']);
$del_allc = intval($_REQUEST['del_allc']);
$allow_hide = intval($_REQUEST['allow_hide']);
$allow_pm = intval($_REQUEST['allow_pm']);
$allow_vote = intval($_REQUEST['allow_vote']);
/**
* search
* @list
*/
function lists()
{
global $G, $viewhelper, $pos;
uses("trade", "industry", "area", "tradefield", "form", "tag");
$trusttypes = cache_read("trusttype");
$countries = cache_read("country");
$membergroups = cache_read("membergroup");
$area = new Areas();
$offer = new Tradefields();
$trade = new Trades();
$form = new Forms();
$industry = new Industries();
$tag = new Tags();
$conditions = array();
$industry_id = $area_id = 0;
$conditions[] = "t.status=1";
!empty($_GET) && ($_GET = clear_html($_GET));
if (isset($_GET['navid'])) {
setvar("nav_id", intval($_GET['navid']));
}
$viewhelper->setTitle(L('offer', 'tpl'));
$viewhelper->setPosition(L('offer', 'tpl'), "index.php?do=offer");
$trade_types = cache_read("type", "offertype");
if (isset($_GET['typeid'])) {
$type_id = intval($_GET['typeid']);
$conditions[] = "t.type_id='" . $type_id . "'";
setvar("typeid", $type_id);
$type_name = $trade_types[$type_id];
$viewhelper->setTitle($type_name);
$viewhelper->setPosition($type_name, "index.php?do=offer&action=lists&typeid=" . $type_id);
}
if (isset($_GET['industryid'])) {
$industry_id = intval($_GET['industryid']);
$tmp_info = $industry->setInfo($industry_id);
if (!empty($tmp_info)) {
$sub_ids = $industry->getSubDatas($tmp_info['id']);
$sub_ids = array_keys($sub_ids);
$conditions[] = "t.industry_id IN (" . implode(",", $sub_ids) . ")";
$viewhelper->setTitle($tmp_info['name']);
$viewhelper->setPosition($tmp_info['name'], "index.php?do=offer&action=lists&industryid=" . $tmp_info['id']);
}
}
if (isset($_GET['areaid'])) {
$area_id = intval($_GET['areaid']);
$tmp_info = $area->setInfo($area_id);
if (!empty($tmp_info)) {
$sub_ids = $area->getSubDatas($tmp_info['id']);
$sub_ids = array_keys($sub_ids);
$conditions[] = "t.area_id IN (" . implode(",", $sub_ids) . ")";
$viewhelper->setTitle($tmp_info['name']);
$viewhelper->setPosition($tmp_info['name'], "index.php?do=offer&action=lists&areaid=" . $tmp_info['id']);
}
}
if (isset($_GET['type'])) {
if ($_GET['type'] == "urgent") {
$conditions[] = "t.if_urgent='1'";
}
}
if (!empty($_GET['price_start']) || !empty($_GET['price_end'])) {
$conditions[] = "t.price BETWEEN " . intval($_GET['price_start']) . " AND " . intval($_GET['price_end']);
}
if (!empty($_GET['picture'])) {
$conditions[] = "t.picture!=''";
}
if (!empty($_GET['urgent'])) {
$conditions[] = "t.if_urgent=1";
}
if (!empty($_GET['commend'])) {
$conditions[] = "t.if_commend=1";
}
if (!empty($_GET['country'])) {
$conditions[] = "t.country_id='" . intval($_GET['country']) . "'";
}
if (!empty($_GET['sure'])) {
$conditions[] = "m.trusttype_ids='" . intval($_GET['sure']) . "'";
}
if (!empty($_GET['date'])) {
$d = intval($_GET['date']);
if ($d <= 7948800) {
$conditions[] = "t.submit_time<='" . intval($_GET['date']) . "'";
}
}
if (isset($_GET['q'])) {
$searchkeywords = $_GET['q'];
$viewhelper->setTitle(L("search_in_keyword", "tpl", $searchkeywords));
$viewhelper->setPosition(L("search_in_keyword", "tpl", $searchkeywords));
$conditions[] = "t.title like '%" . $searchkeywords . "%'";
setvar("highlight_str", $searchkeywords);
}
if (isset($_GET['pubdate'])) {
switch ($_GET['pubdate']) {
case "l3":
$conditions[] = "t.submit_time>" . ($offer->timestamp - 3 * 86400);
break;
case "l10":
$conditions[] = "t.submit_time>" . ($offer->timestamp - 10 * 86400);
break;
case "l30":
$conditions[] = "t.submit_time>" . ($offer->timestamp - 30 * 86400);
break;
default:
break;
}
}
if ($G['setting']['offer_expire_method'] == 2 || $G['setting']['offer_expire_method'] == 3) {
$conditions[] = "t.expire_time>" . $offer->timestamp;
}
$amount = $trade->findCount(null, $conditions, null, "t");
$result = $trade->getRenderDatas($conditions, $G['setting']['offer_filter']);
$important_result = $trade->getStickyDatas();
setvar("StickyItems", $important_result);
setvar('items', $result);
setvar('trusttype', $trusttypes);
setvar('countries', $countries);
setvar("paging", array('total' => $amount));
render("offer/list");
}
$in_front = true;
$title = __('extract_file') . ' - ' . $settings['site_title'];
include PHPDISK_ROOT . "./includes/header.inc.php";
switch ($action) {
case 'file_extract':
form_auth(gpc('formhash', 'P', ''), formhash());
$extract_code = trim(gpc('extract_code', 'P', ''));
if (strlen($extract_code) == 8) {
$rs = $db->fetch_one_array("select fl.*,u.username from {$tpf}files fl,{$tpf}users u where u.userid=fl.userid and file_key='{$extract_code}'");
if ($rs) {
$tmp_ext = $rs['file_extension'] ? '.' . $rs['file_extension'] : "";
$rs[a_space] = urr("space", "username="******"Y-m-d H:i", $rs['file_time']);
$rs['a_viewfile'] = urr("viewfile", "file_id={$rs[file_id]}");
$rs[file_description] = clear_html(filter_word($rs[file_description]), 50);
$files_array[] = $rs;
} else {
$sysmsg[] = __('extract_code_not_found');
}
unset($rs);
}
require_once template_echo('pd_extract', $user_tpl_dir);
break;
default:
require_once template_echo('pd_extract', $user_tpl_dir);
}
include PHPDISK_ROOT . "./includes/footer.inc.php";
$sql_do = " {$tpf}files fl," . get_table_day_down() . " dd,{$tpf}users u where fl.file_id=dd.file_id and fl.userid=u.userid {$cate_sql} and dd.d_week='{$d_val}' and fl.is_del=0";
} else {
$sql_do = " {$tpf}files fl," . get_table_day_down() . " dd,{$tpf}users u where fl.file_id=dd.file_id and fl.userid=u.userid {$cate_sql} and dd.{$o_type}='{$d_val}' and fl.is_del=0";
}
}
$rs = $db->fetch_one_array("select count(*) as total_num from {$sql_do}");
$total_num = $rs['total_num'];
$start_num = ($pg - 1) * $perpage;
if ($o_type == 'd_all') {
$q = $db->query("select fl.*,u.username from {$sql_do} group by file_id order by fl.file_downs desc,file_id desc limit {$start_num},{$perpage}");
} else {
$q = $db->query("select fl.*,u.username from {$sql_do} group by file_id order by fl.file_downs desc,fl.file_id desc limit {$start_num},{$perpage}");
}
$files_array = array();
while ($rs = $db->fetch_array($q)) {
$tmp_ext = $rs['file_extension'] ? '.' . $rs['file_extension'] : "";
$rs['file_thumb'] = get_file_thumb($rs);
$rs['file_name_all'] = filter_word($rs['file_name'] . $tmp_ext);
$rs['file_name'] = cutstr(filter_word($rs['file_name'] . $tmp_ext), 80);
$rs['file_size'] = get_size($rs['file_size']);
$rs[file_description] = clear_html(filter_word($rs['file_description']), 80);
$rs['file_time'] = date("Y-m-d", $rs['file_time']);
$rs['a_viewfile'] = urr("viewfile", "file_id={$rs['file_id']}");
$rs[a_space] = urr("space", "username="******"hotfile.php?o_type={$o_type}&cate_id=" . $cate_id);
require_once template_echo('pd_hotfile', $user_tpl_dir);
include PHPDISK_ROOT . "./includes/footer.inc.php";
function clear_html($string)
{
$farr = array("/\\s+/", "/<(\\/?)(script|i?frame|style|html|body|title|link|meta|\\?|\\%)([^>]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\\s*=([^>]*>)/isU");
$tarr = array(" ", "����", "");
if (is_array($string)) {
foreach ($string as $key => $val) {
$str[$key] = clear_html($val);
}
} else {
$str = preg_replace($farr, $tarr, $string);
}
return $str;
}
$sysmsg[] = __('online_demo_deny');
}
if (!$error) {
for ($i = 0; $i < count($annids); $i++) {
$db->query_unbuffered("update {$tpf}announces set show_order='" . (int) $show_order[$i] . "' where annid='" . (int) $annids[$i] . "'");
}
redirect(urr(ADMINCP, "item={$item}&menu=extend&action=index"), '', 0);
} else {
redirect('back', $sysmsg);
}
} else {
$q = $db->query("select * from {$tpf}announces order by show_order asc,annid asc");
$announces = array();
while ($rs = $db->fetch_array($q)) {
$rs['status_text'] = $rs['is_hidden'] ? '<span class="txtblue">' . __('display') . '</span>' : __('hidden');
$rs['short_content'] = clear_html($rs['content'], 45);
$rs['content'] = preg_replace("/<.+?>/i", "", str_replace(array('<br>', '"'), array(LF, ''), $rs['content']));
$rs['a_modify_announce'] = urr(ADMINCP, "item={$item}&menu=extend&action=modify_announce&annid={$rs['annid']}");
$rs['a_delete_announce'] = urr(ADMINCP, "item={$item}&menu=extend&action=delete_announce&annid={$rs['annid']}");
$rs['a_change_status'] = urr(ADMINCP, "item={$item}&menu=extend&action=change_status&annid={$rs['annid']}");
$rs['expand'] = $rs['is_expand'] ? '<span class="txtblue">' . __('yes') . '</span>' : '<span class="txtgray">' . __('no') . '</span>';
$announces[] = $rs;
}
$db->free($q);
unset($rs);
require_once template_echo($item, $admin_tpl_dir, '', 1);
}
break;
case 'add_announce':
if ($task == 'add_announce') {
form_auth(gpc('formhash', 'P', ''), formhash());
