Example #1
0
 public function editDetails()
 {
     $objLinkTxt = M('linktxt');
     $id = intval($_GET['id']);
     if ($_POST) {
         $POST = deep_htmlspecialchars($_POST);
         parent::checkField('link_name', $POST['link_name'], 'require', '友情链接名称不能为空');
         parent::checkField('link_url', $POST['link_url'], 'require', '友情链接地址不能为空');
         parent::checkField('explain', $POST['explain'], 'require', '友情链接备注不能为空');
         $data = array();
         $data['id'] = $POST['id'];
         $data['link_name'] = $POST['link_name'];
         $data['status'] = $POST['status'];
         $data['link_url'] = $POST['link_url'];
         $data['explain'] = $POST['explain'];
         $result = $objLinkTxt->data($data)->save();
         if ($result) {
             $this->success('修改成功', U(GROUP_NAME . '/Link/detailslist'));
         } else {
             $this->error('修改失败');
         }
     } else {
         $data = $objLinkTxt->where('id=' . $id)->find();
         $data = deep_htmlspecialchars_decode($data);
         $this->assign('data', $data);
         $this->display();
     }
 }
Example #2
0
 public function site()
 {
     $objSite = M('site');
     if ($_POST) {
         $POST = deep_htmlspecialchars($_POST);
         $data = array();
         $data['id'] = $POST['id'];
         $data['site_name'] = $POST['site_name'];
         $data['site_url'] = $POST['site_url'];
         $data['company'] = $POST['company'];
         $data['address'] = $POST['address'];
         $data['zipcode'] = $POST['zipcode'];
         $data['telephone'] = $POST['telephone'];
         $data['cellphone'] = $POST['cellphone'];
         $data['email'] = $POST['email'];
         $data['icp'] = $POST['icp'];
         $data['third_code'] = $POST['third_code'];
         $result = $objSite->data($data)->save();
         if ($result) {
             $this->success('保存成功');
         } else {
             $this->error('系统繁忙,请稍后再试');
         }
     } else {
         $data = $objSite->where('id=1')->find();
         $data = deep_htmlspecialchars_decode($data);
         $this->assign('data', $data);
         $this->display();
     }
 }
Example #3
0
 public function index()
 {
     $objAsk = M('ask');
     $objUser = M('user');
     $word = deep_htmlspecialchars($_GET["word"]);
     $this->assign('searchWord', $word);
     if ($word == '') {
         redirect($_SERVER['HTTP_REFERER']);
     }
     //如果没有输入关键字 就重定向到上一页面
     import('ORG.Util.Page');
     //导入分页类
     $count = $objAsk->where('INSTR(ask_name, "' . $word . '")>0')->count();
     //统计总数
     $this->assign('countSearch', $count);
     $page = new page($count, 10);
     $page->setConfig('theme', '%upPage% %first% %prePage% %linkPage% %downPage%');
     $resultList = $objAsk->where('INSTR(ask_name, "' . $word . '")>0')->order('add_time desc')->limit($page->firstRow . ',' . $page->listRows)->select();
     foreach ($resultList as $k1 => $v1) {
         $resultList[$k1]['username'] = $objUser->where('id=' . $v1['uid'])->getField('username');
     }
     $resultList = deep_htmlspecialchars_decode($resultList);
     $show = $page->show();
     $this->assign('resultList', $resultList);
     $this->assign('page', $show);
     $this->display();
 }
Example #4
0
 public function deleteDetails()
 {
     $objStudy = M('single');
     $idList = deep_htmlspecialchars(implode(',', $_POST['id']));
     //implode()把数组组成字符串
     if ($_POST) {
         $objStudy->where('`id` in (' . $idList . ')')->delete();
     }
     $this->success('删除成功', U(GROUP_NAME . '/Single/singleList'));
 }
Example #5
0
 public function indexAction()
 {
     $word = deep_htmlspecialchars($this->get("word"));
     if (!$word) {
         $where = "status=-1";
     } else {
         $where = "status=1 AND title like '%" . $word . "%'";
     }
     $total = $this->m_search->getSearchArticle(0, $where);
     //获取符合条件的总是
     $page = $this->get('page');
     $page = $page ? $page : 1;
     $size = 15;
     $start = ($page - 1) * $size;
     $limit = $start . ',' . $size;
     $url = '/search?word=' . $word . "&page=";
     $buffer["word"] = $word;
     $buffer['pageNav'] = buildPage($page, $total, $url, $size, 5);
     $buffer["list"] = $this->m_search->getSearchArticle(1, $where, $limit);
     $m_user = $this->load("User");
     foreach ($buffer['list'] as $k => $v) {
         $buffer['list'][$k]["username"] = $m_user->SelectFieldByID("username", $v["user_id"]);
         $buffer['list'][$k]["avatar"] = $m_user->SelectFieldByID("avatar", $v["user_id"]);
         if ($v["table_name"] == "study") {
             $buffer['list'][$k]["url"] = "/study/detail?id=" . $v["id"];
         } elseif ($v["table_name"] == "discuss") {
             $buffer['list'][$k]["url"] = "/discuss/detail?id=" . $v["id"];
         } elseif ($v["table_name"] == "travel") {
             $buffer['list'][$k]["url"] = "/travel/detail?id=" . $v["id"];
         }
     }
     $buffer["list"] = deep_htmlspecialchars_decode($buffer['list']);
     $buffer['pageTitle'] = $this->get("word") . "_泰语导航网";
     $buffer["curNav"] = 5;
     $this->getView()->assign($buffer);
 }
Example #6
0
 public function deleteDetails()
 {
     $objDiscuss = M('discuss');
     $idList = deep_htmlspecialchars(implode(',', $_POST['id']));
     //implode()把数组组成字符串
     if ($_POST) {
         $objDiscuss->where('`id` in (' . $idList . ')')->delete();
     }
     $this->success('删除成功', U(GROUP_NAME . '/Discuss/detailslist'));
 }
Example #7
0
 public function addLetter()
 {
     parent::isLogin();
     //登录判断
     $userId = intval($_GET['user_id']);
     $objLetter = M('letter');
     $objUser = M('user');
     if (IS_POST) {
         $POST = deep_htmlspecialchars($_POST);
         parent::checkField('username', $POST['username'], 'require', '私信的用户名不能为空!');
         parent::checkField('title', $POST['title'], 'require', '私信标题不能为空');
         parent::checkField('content', $POST['content'], 'require', '私信内容不能为空');
         $result = $objUser->where(array('username' => $POST['username']))->field('id,username')->find();
         if (!$result) {
             $this->error('私信的用户不存在!');
         }
         if ($result['id'] == $_SESSION['uid']) {
             $this->error('不能跟自己私信!');
         }
         $data = array();
         $data['send_uid'] = $POST['uid'];
         $data['receive_uid'] = $result['id'];
         $data['receive_user'] = $POST['username'];
         $data['send_user'] = $POST['send_user'];
         $data['title'] = $POST['title'];
         $data['content'] = $POST['content'];
         $data['time'] = time();
         $result2 = $objLetter->add($data);
         if ($result2) {
             $this->success('发送私信成功');
         } else {
             $this->error('发送私信失败,请稍后再试!');
         }
     } else {
         $username = $objUser->where('id=' . $userId)->getField('username');
         $this->assign('username', $username);
         $this->display();
     }
 }
Example #8
0
function deep_htmlspecialchars($mix, $quotestyle = ENT_QUOTES)
{
    if (get_magic_quotes_gpc()) {
        $mix = deep_stripslashes($mix);
    }
    if (gettype($mix) == 'array') {
        foreach ($mix as $key => $value) {
            if (gettype($value) == 'array') {
                $mix[$key] = deep_htmlspecialchars($value, $quotestyle);
            } else {
                $value = htmlspecialchars($value, $quotestyle);
                $value = str_replace(' ', ' ', $value);
                $value = preg_replace('#\\n#', '\\n', $value);
                $value = preg_replace('#\\r#', '\\r', $value);
                $mix[$key] = $value;
            }
        }
        return $mix;
    } else {
        $mix = htmlspecialchars($mix, $quotestyle);
        $mix = str_replace(' ', ' ', $mix);
        return $mix;
    }
}
Example #9
0
 public function memberLevel()
 {
     if (IS_POST) {
         $POST = deep_htmlspecialchars($_POST);
         $file = './Conf/Config.php';
         $config = array_merge(include $file, array_change_key_case($POST, CASE_UPPER));
         //把表单中发送过来的键值小写-大写
         $str = "<?php\r\nreturn " . var_export($config, true) . ";\r\n?>";
         //把数组转成字符串 方便下面函数重新写入
         if (file_put_contents($file, $str)) {
             $this->success('修改成功', $_SERVER['HTTP_REFERER']);
         } else {
             $this->error('修改失败');
         }
     } else {
         $this->display();
     }
 }
Example #10
0
 public function handleEditArticleAction()
 {
     if (!$this->getRequest()->isXmlHttpRequest()) {
         parent::notify("页面不存在");
         return false;
     }
     $uid = $this->getSession("uid");
     $email = $this->getSession("email");
     if (!isset($uid) || empty($uid) || !isset($email) || empty($email)) {
         $this->notify("请先登录", "http://" . $_SERVER["HTTP_HOST"] . "/login");
         return false;
     }
     Yaf_Dispatcher::getInstance()->disableView();
     $id = parent::getPost("id");
     $article = $this->m_study->Where("id=" . $id . " AND uid=" . $uid)->SelectOne();
     if (!$article) {
         die(json_encode(array("status" => 0, "msg" => "只能编辑自己的文章")));
     }
     if (!intval($article["status"])) {
         $this->notify("页面不存在");
         Yaf_Dispatcher::getInstance()->disableView();
         return false;
     }
     $title = parent::getPost("title");
     $category = (int) parent::getPost("category");
     $brief = parent::getPost("brief");
     $content = deep_htmlspecialchars(parent::getPost("content", false));
     $result = $this->m_study->UpdateByID(array("study_name" => $title, "sort_id" => $category, "content" => $content, "brief" => $brief), $id);
     if ($result) {
         die(json_encode(array("status" => 1, "msg" => "编辑文章成功", "url" => "http://" . $_SERVER["HTTP_HOST"] . "/study/detail?id=" . $id)));
     } else {
         die(json_encode(array("status" => 0, "msg" => "编辑文章失败")));
     }
 }
Example #11
0
 public function deleteComment()
 {
     $id = intval($_GET['cid']);
     $verify = deep_htmlspecialchars($_GET['item']);
     $aid = intval($_GET['aid']);
     if ($id == '') {
         $this->error('删除失败...', $_SERVER['HTTP_REFERER'], 1);
     }
     if ($aid == '') {
         $this->error('删除失败...', $_SERVER['HTTP_REFERER'], 1);
     }
     if ($verify == '') {
         $this->error('删除失败...', $_SERVER['HTTP_REFERER'], 1);
     }
     $objComment = M('comment');
     $result = $objComment->where(array('id' => $id))->getField('time');
     if (md5($result) != $verify) {
         $this->error('删除失败...', $_SERVER['HTTP_REFERER'], 1);
     }
     $idList = parent::getCidList('comment', $id, '1');
     $where = 'id in(' . $idList . ')';
     $result2 = $objComment->where($where)->delete();
     if ($result2) {
         M('ask')->where('id=' . $aid)->setDec('comment_num', $result2);
         $this->success('删除成功', $_SERVER['HTTP_REFERER'], 1);
     } else {
         $this->error('删除失败...', $_SERVER['HTTP_REFERER'], 1);
     }
 }
Example #12
0
 /**
  *param string $username 昵称
  */
 public function checkUsername($username)
 {
     $username = deep_htmlspecialchars($username);
     $result = $this->Where("username = '******'")->Field("id")->selectOne();
     return deep_htmlspecialchars_decode($result);
 }