public function editDetails() { $objLinkTxt = M('linktxt'); $id = intval($_GET['id']); if ($_POST) { $POST = deep_htmlspecialchars($_POST); parent::checkField('link_name', $POST['link_name'], 'require', '友情链接名称不能为空'); parent::checkField('link_url', $POST['link_url'], 'require', '友情链接地址不能为空'); parent::checkField('explain', $POST['explain'], 'require', '友情链接备注不能为空'); $data = array(); $data['id'] = $POST['id']; $data['link_name'] = $POST['link_name']; $data['status'] = $POST['status']; $data['link_url'] = $POST['link_url']; $data['explain'] = $POST['explain']; $result = $objLinkTxt->data($data)->save(); if ($result) { $this->success('修改成功', U(GROUP_NAME . '/Link/detailslist')); } else { $this->error('修改失败'); } } else { $data = $objLinkTxt->where('id=' . $id)->find(); $data = deep_htmlspecialchars_decode($data); $this->assign('data', $data); $this->display(); } }
public function site() { $objSite = M('site'); if ($_POST) { $POST = deep_htmlspecialchars($_POST); $data = array(); $data['id'] = $POST['id']; $data['site_name'] = $POST['site_name']; $data['site_url'] = $POST['site_url']; $data['company'] = $POST['company']; $data['address'] = $POST['address']; $data['zipcode'] = $POST['zipcode']; $data['telephone'] = $POST['telephone']; $data['cellphone'] = $POST['cellphone']; $data['email'] = $POST['email']; $data['icp'] = $POST['icp']; $data['third_code'] = $POST['third_code']; $result = $objSite->data($data)->save(); if ($result) { $this->success('保存成功'); } else { $this->error('系统繁忙,请稍后再试'); } } else { $data = $objSite->where('id=1')->find(); $data = deep_htmlspecialchars_decode($data); $this->assign('data', $data); $this->display(); } }
public function index() { $objAsk = M('ask'); $objUser = M('user'); $word = deep_htmlspecialchars($_GET["word"]); $this->assign('searchWord', $word); if ($word == '') { redirect($_SERVER['HTTP_REFERER']); } //如果没有输入关键字 就重定向到上一页面 import('ORG.Util.Page'); //导入分页类 $count = $objAsk->where('INSTR(ask_name, "' . $word . '")>0')->count(); //统计总数 $this->assign('countSearch', $count); $page = new page($count, 10); $page->setConfig('theme', '%upPage% %first% %prePage% %linkPage% %downPage%'); $resultList = $objAsk->where('INSTR(ask_name, "' . $word . '")>0')->order('add_time desc')->limit($page->firstRow . ',' . $page->listRows)->select(); foreach ($resultList as $k1 => $v1) { $resultList[$k1]['username'] = $objUser->where('id=' . $v1['uid'])->getField('username'); } $resultList = deep_htmlspecialchars_decode($resultList); $show = $page->show(); $this->assign('resultList', $resultList); $this->assign('page', $show); $this->display(); }
public function deleteDetails() { $objStudy = M('single'); $idList = deep_htmlspecialchars(implode(',', $_POST['id'])); //implode()把数组组成字符串 if ($_POST) { $objStudy->where('`id` in (' . $idList . ')')->delete(); } $this->success('删除成功', U(GROUP_NAME . '/Single/singleList')); }
public function indexAction() { $word = deep_htmlspecialchars($this->get("word")); if (!$word) { $where = "status=-1"; } else { $where = "status=1 AND title like '%" . $word . "%'"; } $total = $this->m_search->getSearchArticle(0, $where); //获取符合条件的总是 $page = $this->get('page'); $page = $page ? $page : 1; $size = 15; $start = ($page - 1) * $size; $limit = $start . ',' . $size; $url = '/search?word=' . $word . "&page="; $buffer["word"] = $word; $buffer['pageNav'] = buildPage($page, $total, $url, $size, 5); $buffer["list"] = $this->m_search->getSearchArticle(1, $where, $limit); $m_user = $this->load("User"); foreach ($buffer['list'] as $k => $v) { $buffer['list'][$k]["username"] = $m_user->SelectFieldByID("username", $v["user_id"]); $buffer['list'][$k]["avatar"] = $m_user->SelectFieldByID("avatar", $v["user_id"]); if ($v["table_name"] == "study") { $buffer['list'][$k]["url"] = "/study/detail?id=" . $v["id"]; } elseif ($v["table_name"] == "discuss") { $buffer['list'][$k]["url"] = "/discuss/detail?id=" . $v["id"]; } elseif ($v["table_name"] == "travel") { $buffer['list'][$k]["url"] = "/travel/detail?id=" . $v["id"]; } } $buffer["list"] = deep_htmlspecialchars_decode($buffer['list']); $buffer['pageTitle'] = $this->get("word") . "_泰语导航网"; $buffer["curNav"] = 5; $this->getView()->assign($buffer); }
public function deleteDetails() { $objDiscuss = M('discuss'); $idList = deep_htmlspecialchars(implode(',', $_POST['id'])); //implode()把数组组成字符串 if ($_POST) { $objDiscuss->where('`id` in (' . $idList . ')')->delete(); } $this->success('删除成功', U(GROUP_NAME . '/Discuss/detailslist')); }
public function addLetter() { parent::isLogin(); //登录判断 $userId = intval($_GET['user_id']); $objLetter = M('letter'); $objUser = M('user'); if (IS_POST) { $POST = deep_htmlspecialchars($_POST); parent::checkField('username', $POST['username'], 'require', '私信的用户名不能为空!'); parent::checkField('title', $POST['title'], 'require', '私信标题不能为空'); parent::checkField('content', $POST['content'], 'require', '私信内容不能为空'); $result = $objUser->where(array('username' => $POST['username']))->field('id,username')->find(); if (!$result) { $this->error('私信的用户不存在!'); } if ($result['id'] == $_SESSION['uid']) { $this->error('不能跟自己私信!'); } $data = array(); $data['send_uid'] = $POST['uid']; $data['receive_uid'] = $result['id']; $data['receive_user'] = $POST['username']; $data['send_user'] = $POST['send_user']; $data['title'] = $POST['title']; $data['content'] = $POST['content']; $data['time'] = time(); $result2 = $objLetter->add($data); if ($result2) { $this->success('发送私信成功'); } else { $this->error('发送私信失败,请稍后再试!'); } } else { $username = $objUser->where('id=' . $userId)->getField('username'); $this->assign('username', $username); $this->display(); } }
function deep_htmlspecialchars($mix, $quotestyle = ENT_QUOTES) { if (get_magic_quotes_gpc()) { $mix = deep_stripslashes($mix); } if (gettype($mix) == 'array') { foreach ($mix as $key => $value) { if (gettype($value) == 'array') { $mix[$key] = deep_htmlspecialchars($value, $quotestyle); } else { $value = htmlspecialchars($value, $quotestyle); $value = str_replace(' ', ' ', $value); $value = preg_replace('#\\n#', '\\n', $value); $value = preg_replace('#\\r#', '\\r', $value); $mix[$key] = $value; } } return $mix; } else { $mix = htmlspecialchars($mix, $quotestyle); $mix = str_replace(' ', ' ', $mix); return $mix; } }
public function memberLevel() { if (IS_POST) { $POST = deep_htmlspecialchars($_POST); $file = './Conf/Config.php'; $config = array_merge(include $file, array_change_key_case($POST, CASE_UPPER)); //把表单中发送过来的键值小写-大写 $str = "<?php\r\nreturn " . var_export($config, true) . ";\r\n?>"; //把数组转成字符串 方便下面函数重新写入 if (file_put_contents($file, $str)) { $this->success('修改成功', $_SERVER['HTTP_REFERER']); } else { $this->error('修改失败'); } } else { $this->display(); } }
public function handleEditArticleAction() { if (!$this->getRequest()->isXmlHttpRequest()) { parent::notify("页面不存在"); return false; } $uid = $this->getSession("uid"); $email = $this->getSession("email"); if (!isset($uid) || empty($uid) || !isset($email) || empty($email)) { $this->notify("请先登录", "http://" . $_SERVER["HTTP_HOST"] . "/login"); return false; } Yaf_Dispatcher::getInstance()->disableView(); $id = parent::getPost("id"); $article = $this->m_study->Where("id=" . $id . " AND uid=" . $uid)->SelectOne(); if (!$article) { die(json_encode(array("status" => 0, "msg" => "只能编辑自己的文章"))); } if (!intval($article["status"])) { $this->notify("页面不存在"); Yaf_Dispatcher::getInstance()->disableView(); return false; } $title = parent::getPost("title"); $category = (int) parent::getPost("category"); $brief = parent::getPost("brief"); $content = deep_htmlspecialchars(parent::getPost("content", false)); $result = $this->m_study->UpdateByID(array("study_name" => $title, "sort_id" => $category, "content" => $content, "brief" => $brief), $id); if ($result) { die(json_encode(array("status" => 1, "msg" => "编辑文章成功", "url" => "http://" . $_SERVER["HTTP_HOST"] . "/study/detail?id=" . $id))); } else { die(json_encode(array("status" => 0, "msg" => "编辑文章失败"))); } }
public function deleteComment() { $id = intval($_GET['cid']); $verify = deep_htmlspecialchars($_GET['item']); $aid = intval($_GET['aid']); if ($id == '') { $this->error('删除失败...', $_SERVER['HTTP_REFERER'], 1); } if ($aid == '') { $this->error('删除失败...', $_SERVER['HTTP_REFERER'], 1); } if ($verify == '') { $this->error('删除失败...', $_SERVER['HTTP_REFERER'], 1); } $objComment = M('comment'); $result = $objComment->where(array('id' => $id))->getField('time'); if (md5($result) != $verify) { $this->error('删除失败...', $_SERVER['HTTP_REFERER'], 1); } $idList = parent::getCidList('comment', $id, '1'); $where = 'id in(' . $idList . ')'; $result2 = $objComment->where($where)->delete(); if ($result2) { M('ask')->where('id=' . $aid)->setDec('comment_num', $result2); $this->success('删除成功', $_SERVER['HTTP_REFERER'], 1); } else { $this->error('删除失败...', $_SERVER['HTTP_REFERER'], 1); } }
/** *param string $username 昵称 */ public function checkUsername($username) { $username = deep_htmlspecialchars($username); $result = $this->Where("username = '******'")->Field("id")->selectOne(); return deep_htmlspecialchars_decode($result); }