function index() { global $smarty, $viewhelper, $tpl_dir; $this->loadModel("userpage"); $smarty->setTemplateDir(PHPB2B_ROOT . $tpl_dir . DS, 'pages'); $conditions = array(); $tpl_file = "pages/default"; !empty($_GET) && ($_GET = clear_html($_GET)); if (isset($_GET['id'])) { $id = intval($_GET['id']); $conditions[] = "id=" . $id; } elseif (!empty($_GET['name'])) { $conditions[] = "name='" . trim($_GET['name']) . "' OR title='" . trim($_GET['name']) . "'"; } elseif (!empty($_GET['title'])) { $conditions[] = "title='" . trim($_GET['title']) . "' OR name='" . trim($_GET['title']) . "'"; } $this->userpage->setCondition($conditions); $result = $this->userpage->dbstuff->GetRow("SELECT * FROM {$this->userpage->table_prefix}userpages " . $this->userpage->getCondition()); if (!empty($result)) { $title = $result['title']; $viewhelper->setTitle($title); $viewhelper->setPosition($title); if (!empty($result['templet_name'])) { $tpl_file = "pages/" . $result['templet_name']; } elseif ($viewhelper->tpl_exists($smarty->template_dir . "pages/" . $result['name'] . $smarty->tpl_ext)) { $tpl_file = "pages/" . $result['name']; } setvar("item", pb_lang_split_recursive($result)); } else { setvar("item", array()); } $smarty->assign('position', $viewhelper->getPosition()); $smarty->assign('page_title', $viewhelper->getTitle()); $smarty->display($tpl_file . $smarty->tpl_ext); }
function __construct() { !empty($_GET) && ($_GET = clear_html($_GET)); if (isset($_GET['q'])) { $this->keyword = $_GET['q'] = strip_tags(htmlspecialchars($_GET['q'])); } if (!empty($_GET['module']) && in_array($_GET['module'], $this->allowed_search)) { $this->module = strip_tags(htmlspecialchars($_GET['module'])); } setvar("module", $this->module); }
$perpage = 20; $rs = $db->fetch_one_array("select count(*) as total_num from {$sql_do}"); $total_num = $rs['total_num']; $start_num = ($pg - 1) * $perpage; $q = $db->query("select fl.userid,file_id,file_key,file_name,file_extension,file_size,file_time,server_oid,file_store_path,file_real_name,is_image,file_downs,file_views,u.username from {$sql_do} order by {$sql_order} limit {$start_num},{$perpage}"); $files_array = array(); while ($rs = $db->fetch_array($q)) { $tmp_ext = $rs['file_extension'] ? '.' . $rs['file_extension'] : ""; $rs['file_thumb'] = get_file_thumb($rs); $rs['file_name_all'] = str_ireplace($word, '<span class=txtred>' . $word . '</span>', filter_word($rs['file_name'] . $tmp_ext)); $rs[file_name] = filter_word($rs['file_name'] . $tmp_ext); $rs['file_size'] = get_size($rs['file_size']); $rs['file_time'] = date("Y-m-d", $rs['file_time']); $rs['a_downfile'] = urr("downfile", "file_id={$rs['file_id']}&file_key={$rs['file_key']}"); $rs['a_viewfile'] = urr("viewfile", "file_id={$rs['file_id']}"); $rs[file_description] = clear_html($rs[file_description], 50); $rs['a_space'] = urr("space", "username="******"search", "action=search&word=" . rawurlencode($word) . "&scope={$scope}&n={$n_t}");
$_REQUEST['allow_cats'][] = "all"; } if (!count($_REQUEST['cat_add'])) { $_REQUEST['cat_add'][] = "all"; } if (!count($_REQUEST['cat_allow_addnews'])) { $_REQUEST['cat_allow_addnews'][] = "all"; } $group_name = $db->safesql(strip_tags(clear_html($_REQUEST['group_name']))); $group_icon = $db->safesql(strip_tags(clear_html($_REQUEST['group_icon']))); $files_type = $db->safesql(strip_tags(clear_html($_REQUEST['files_type']))); $group_prefix = $db->safesql(trim(clear_html($_REQUEST['group_prefix']))); $group_suffix = $db->safesql(trim(clear_html($_REQUEST['group_suffix']))); $allow_cats = $db->safesql(clear_html(implode(',', $_REQUEST['allow_cats']))); $cat_add = $db->safesql(clear_html(implode(',', $_REQUEST['cat_add']))); $cat_allow_addnews = $db->safesql(clear_html(implode(',', $_REQUEST['cat_allow_addnews']))); $allow_admin = intval($_REQUEST['allow_admin']); $allow_offline = intval($_REQUEST['allow_offline']); $allow_main = intval($_REQUEST['allow_main']); $allow_adds = intval($_REQUEST['allow_adds']); $moderation = intval($_REQUEST['moderation']); $allow_edit = intval($_REQUEST['allow_edit']); $allow_all_edit = intval($_REQUEST['allow_all_edit']); $allow_addc = intval($_REQUEST['allow_addc']); $allow_editc = intval($_REQUEST['allow_editc']); $allow_delc = intval($_REQUEST['allow_delc']); $edit_allc = intval($_REQUEST['edit_allc']); $del_allc = intval($_REQUEST['del_allc']); $allow_hide = intval($_REQUEST['allow_hide']); $allow_pm = intval($_REQUEST['allow_pm']); $allow_vote = intval($_REQUEST['allow_vote']);
/** * search * @list */ function lists() { global $G, $viewhelper, $pos; uses("trade", "industry", "area", "tradefield", "form", "tag"); $trusttypes = cache_read("trusttype"); $countries = cache_read("country"); $membergroups = cache_read("membergroup"); $area = new Areas(); $offer = new Tradefields(); $trade = new Trades(); $form = new Forms(); $industry = new Industries(); $tag = new Tags(); $conditions = array(); $industry_id = $area_id = 0; $conditions[] = "t.status=1"; !empty($_GET) && ($_GET = clear_html($_GET)); if (isset($_GET['navid'])) { setvar("nav_id", intval($_GET['navid'])); } $viewhelper->setTitle(L('offer', 'tpl')); $viewhelper->setPosition(L('offer', 'tpl'), "index.php?do=offer"); $trade_types = cache_read("type", "offertype"); if (isset($_GET['typeid'])) { $type_id = intval($_GET['typeid']); $conditions[] = "t.type_id='" . $type_id . "'"; setvar("typeid", $type_id); $type_name = $trade_types[$type_id]; $viewhelper->setTitle($type_name); $viewhelper->setPosition($type_name, "index.php?do=offer&action=lists&typeid=" . $type_id); } if (isset($_GET['industryid'])) { $industry_id = intval($_GET['industryid']); $tmp_info = $industry->setInfo($industry_id); if (!empty($tmp_info)) { $sub_ids = $industry->getSubDatas($tmp_info['id']); $sub_ids = array_keys($sub_ids); $conditions[] = "t.industry_id IN (" . implode(",", $sub_ids) . ")"; $viewhelper->setTitle($tmp_info['name']); $viewhelper->setPosition($tmp_info['name'], "index.php?do=offer&action=lists&industryid=" . $tmp_info['id']); } } if (isset($_GET['areaid'])) { $area_id = intval($_GET['areaid']); $tmp_info = $area->setInfo($area_id); if (!empty($tmp_info)) { $sub_ids = $area->getSubDatas($tmp_info['id']); $sub_ids = array_keys($sub_ids); $conditions[] = "t.area_id IN (" . implode(",", $sub_ids) . ")"; $viewhelper->setTitle($tmp_info['name']); $viewhelper->setPosition($tmp_info['name'], "index.php?do=offer&action=lists&areaid=" . $tmp_info['id']); } } if (isset($_GET['type'])) { if ($_GET['type'] == "urgent") { $conditions[] = "t.if_urgent='1'"; } } if (!empty($_GET['price_start']) || !empty($_GET['price_end'])) { $conditions[] = "t.price BETWEEN " . intval($_GET['price_start']) . " AND " . intval($_GET['price_end']); } if (!empty($_GET['picture'])) { $conditions[] = "t.picture!=''"; } if (!empty($_GET['urgent'])) { $conditions[] = "t.if_urgent=1"; } if (!empty($_GET['commend'])) { $conditions[] = "t.if_commend=1"; } if (!empty($_GET['country'])) { $conditions[] = "t.country_id='" . intval($_GET['country']) . "'"; } if (!empty($_GET['sure'])) { $conditions[] = "m.trusttype_ids='" . intval($_GET['sure']) . "'"; } if (!empty($_GET['date'])) { $d = intval($_GET['date']); if ($d <= 7948800) { $conditions[] = "t.submit_time<='" . intval($_GET['date']) . "'"; } } if (isset($_GET['q'])) { $searchkeywords = $_GET['q']; $viewhelper->setTitle(L("search_in_keyword", "tpl", $searchkeywords)); $viewhelper->setPosition(L("search_in_keyword", "tpl", $searchkeywords)); $conditions[] = "t.title like '%" . $searchkeywords . "%'"; setvar("highlight_str", $searchkeywords); } if (isset($_GET['pubdate'])) { switch ($_GET['pubdate']) { case "l3": $conditions[] = "t.submit_time>" . ($offer->timestamp - 3 * 86400); break; case "l10": $conditions[] = "t.submit_time>" . ($offer->timestamp - 10 * 86400); break; case "l30": $conditions[] = "t.submit_time>" . ($offer->timestamp - 30 * 86400); break; default: break; } } if ($G['setting']['offer_expire_method'] == 2 || $G['setting']['offer_expire_method'] == 3) { $conditions[] = "t.expire_time>" . $offer->timestamp; } $amount = $trade->findCount(null, $conditions, null, "t"); $result = $trade->getRenderDatas($conditions, $G['setting']['offer_filter']); $important_result = $trade->getStickyDatas(); setvar("StickyItems", $important_result); setvar('items', $result); setvar('trusttype', $trusttypes); setvar('countries', $countries); setvar("paging", array('total' => $amount)); render("offer/list"); }
$in_front = true; $title = __('extract_file') . ' - ' . $settings['site_title']; include PHPDISK_ROOT . "./includes/header.inc.php"; switch ($action) { case 'file_extract': form_auth(gpc('formhash', 'P', ''), formhash()); $extract_code = trim(gpc('extract_code', 'P', '')); if (strlen($extract_code) == 8) { $rs = $db->fetch_one_array("select fl.*,u.username from {$tpf}files fl,{$tpf}users u where u.userid=fl.userid and file_key='{$extract_code}'"); if ($rs) { $tmp_ext = $rs['file_extension'] ? '.' . $rs['file_extension'] : ""; $rs[a_space] = urr("space", "username="******"Y-m-d H:i", $rs['file_time']); $rs['a_viewfile'] = urr("viewfile", "file_id={$rs[file_id]}"); $rs[file_description] = clear_html(filter_word($rs[file_description]), 50); $files_array[] = $rs; } else { $sysmsg[] = __('extract_code_not_found'); } unset($rs); } require_once template_echo('pd_extract', $user_tpl_dir); break; default: require_once template_echo('pd_extract', $user_tpl_dir); } include PHPDISK_ROOT . "./includes/footer.inc.php";
$sql_do = " {$tpf}files fl," . get_table_day_down() . " dd,{$tpf}users u where fl.file_id=dd.file_id and fl.userid=u.userid {$cate_sql} and dd.d_week='{$d_val}' and fl.is_del=0"; } else { $sql_do = " {$tpf}files fl," . get_table_day_down() . " dd,{$tpf}users u where fl.file_id=dd.file_id and fl.userid=u.userid {$cate_sql} and dd.{$o_type}='{$d_val}' and fl.is_del=0"; } } $rs = $db->fetch_one_array("select count(*) as total_num from {$sql_do}"); $total_num = $rs['total_num']; $start_num = ($pg - 1) * $perpage; if ($o_type == 'd_all') { $q = $db->query("select fl.*,u.username from {$sql_do} group by file_id order by fl.file_downs desc,file_id desc limit {$start_num},{$perpage}"); } else { $q = $db->query("select fl.*,u.username from {$sql_do} group by file_id order by fl.file_downs desc,fl.file_id desc limit {$start_num},{$perpage}"); } $files_array = array(); while ($rs = $db->fetch_array($q)) { $tmp_ext = $rs['file_extension'] ? '.' . $rs['file_extension'] : ""; $rs['file_thumb'] = get_file_thumb($rs); $rs['file_name_all'] = filter_word($rs['file_name'] . $tmp_ext); $rs['file_name'] = cutstr(filter_word($rs['file_name'] . $tmp_ext), 80); $rs['file_size'] = get_size($rs['file_size']); $rs[file_description] = clear_html(filter_word($rs['file_description']), 80); $rs['file_time'] = date("Y-m-d", $rs['file_time']); $rs['a_viewfile'] = urr("viewfile", "file_id={$rs['file_id']}"); $rs[a_space] = urr("space", "username="******"hotfile.php?o_type={$o_type}&cate_id=" . $cate_id); require_once template_echo('pd_hotfile', $user_tpl_dir); include PHPDISK_ROOT . "./includes/footer.inc.php";
function clear_html($string) { $farr = array("/\\s+/", "/<(\\/?)(script|i?frame|style|html|body|title|link|meta|\\?|\\%)([^>]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\\s*=([^>]*>)/isU"); $tarr = array(" ", "����", ""); if (is_array($string)) { foreach ($string as $key => $val) { $str[$key] = clear_html($val); } } else { $str = preg_replace($farr, $tarr, $string); } return $str; }
$sysmsg[] = __('online_demo_deny'); } if (!$error) { for ($i = 0; $i < count($annids); $i++) { $db->query_unbuffered("update {$tpf}announces set show_order='" . (int) $show_order[$i] . "' where annid='" . (int) $annids[$i] . "'"); } redirect(urr(ADMINCP, "item={$item}&menu=extend&action=index"), '', 0); } else { redirect('back', $sysmsg); } } else { $q = $db->query("select * from {$tpf}announces order by show_order asc,annid asc"); $announces = array(); while ($rs = $db->fetch_array($q)) { $rs['status_text'] = $rs['is_hidden'] ? '<span class="txtblue">' . __('display') . '</span>' : __('hidden'); $rs['short_content'] = clear_html($rs['content'], 45); $rs['content'] = preg_replace("/<.+?>/i", "", str_replace(array('<br>', '"'), array(LF, ''), $rs['content'])); $rs['a_modify_announce'] = urr(ADMINCP, "item={$item}&menu=extend&action=modify_announce&annid={$rs['annid']}"); $rs['a_delete_announce'] = urr(ADMINCP, "item={$item}&menu=extend&action=delete_announce&annid={$rs['annid']}"); $rs['a_change_status'] = urr(ADMINCP, "item={$item}&menu=extend&action=change_status&annid={$rs['annid']}"); $rs['expand'] = $rs['is_expand'] ? '<span class="txtblue">' . __('yes') . '</span>' : '<span class="txtgray">' . __('no') . '</span>'; $announces[] = $rs; } $db->free($q); unset($rs); require_once template_echo($item, $admin_tpl_dir, '', 1); } break; case 'add_announce': if ($task == 'add_announce') { form_auth(gpc('formhash', 'P', ''), formhash());