if ($DB->query("UPDATE `" . $table_forum . "` SET `friend`='" . substr($friendBar, 0, -1) . "' WHERE `fid`=" . $fid)) {
echo "1";
}
}
$DB->close();
}
exit;
}
if (isset($_GET['fid']) && is_numeric($_GET['fid']) && $_GET['fid'] >= 1) {
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
$forumArr = $QA->getForumInfo($_GET['fid']);
if (!empty($forumArr['fid'])) {
if (isset($_POST['name'], $_POST['category'], $_POST['intro'], $_POST['push'])) {
$name = strAddslashes(trim($_POST['name']));
$cid = $_POST['category'];
$intro = filterCode($_POST['intro']);
$push = $_POST['push'];
if (empty($name) || getStrlen($name) > 15 || !wordCheck($name)) {
echo "<script>alert('换一个吧名吧');</script>";
} else {
$BId = $DB->fetch_one("SELECT `fid` FROM `" . $table_forum . "` WHERE lower(`name`)='" . strtolower($name) . "'");
if (!empty($BId) && $BId != $forumArr['fid']) {
echo "<script>alert('该吧已存在,请更换吧名。');</script>";
} else {
if (getStrlen($intro) > 90) {
echo "<script>alert('吧简介不能超过90个字');</script>";
} else {
$forumInfo['cid'] = $cid;
$forumInfo['name'] = $name;
$forumInfo['synopsis'] = $intro;
if ($forumArr['commend'] == 0) {
<?php
require dirname(__FILE__) . "/global.php";
if ($loginArr['state'] == 0) {
header("location:./login.php");
} else {
if (isset($_GET['do'], $_POST['reportcontent'], $_POST['reportpid']) && $_GET['do'] == "report") {
$content = trim(filterCode($_POST['reportcontent']));
$pid = intval($_POST['reportpid']);
$content_len = getStrlen($content);
if ($content_len < 3 || $content_len > 80) {
echo "1 举报原由应控制在3到80个字之间";
} else {
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
$postArr = $TB->getPostInfo($pid);
if (empty($postArr['pid'])) {
echo "0 该帖已被删除!";
} else {
$reportArr['uname'] = $loginArr['name'];
$reportArr['uid'] = $loginArr['uid'];
$reportArr['fid'] = $postArr['fid'];
$reportArr['tid'] = $postArr['tid'];
$reportArr['pid'] = $postArr['pid'];
$reportArr['author'] = $postArr['author'];
$reportArr['authorid'] = $postArr['authorid'];
$reportArr['message'] = $content;
$reportArr['dateline'] = time();
if ($DB->query($DB->insert_sql("`" . $table_report . "`", $reportArr))) {
echo "0 举报成功,感谢您对本吧的支持。";
} else {
echo "1 数据库繁忙,请重试!";
if (isset($_POST['do']) && $_POST['do'] == "Reply") {
if ($userGroup[$loginArr['group']]['reply'] == 0) {
die("0 " . $userGroup[$loginArr['group']]['name'] . "不能回复帖子");
}
$postTime = time();
if (isset($_COOKIE['lastPostTime']) && $postTime - $_COOKIE['lastPostTime'] < 10) {
die("0 您的回帖速度太快了!");
}
if (isset($_POST['tid'], $_POST['fid'], $_POST['title'], $_POST['content'])) {
$topicId = intval($_POST['tid']);
$forumId = intval($_POST['fid']);
$floorId = intval(preg_replace("/回复(\\d+):(.*)/is", "\\1", $_POST['title']));
if ($floorId < 1) {
$floorId = 1;
}
$content = filterCode(htmlToUBB($_POST['content']), false);
$checkContent = checkPostContent($content);
if ($checkContent != "") {
die("0 " . $checkContent);
}
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
$forumArr = $DB->fetch_one_array("SELECT `fid`,`moderator` FROM `" . $table_forum . "` WHERE `fid`=" . $forumId);
if (empty($forumArr['fid'])) {
$DB->close();
die("0 该吧不存在或者已被删除");
}
if ($DB->fetch_one("SELECT `lockout` FROM `" . $table_topic . "` WHERE `tid`=" . $topicId) != 0) {
$DB->close();
die("0 该主题已被锁定,禁止回复!");
}
$postTotal = $DB->fetch_one("SELECT COUNT(`pid`) FROM `" . $table_post . "` WHERE `tid`=" . $topicId);
require dirname(__FILE__) . "/global.php";
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
if (isset($_POST['deleteId']) && !empty($_POST['deleteId'])) {
$deleteId = $_POST['deleteId'];
if (count(explode(",", $deleteId)) > 1) {
$D = "IN (" . $deleteId . ")";
} else {
$D = "= " . $deleteId;
}
$DB->query("DELETE FROM `" . $table_topic . "` WHERE `tid` " . $D);
$DB->query("DELETE FROM `" . $table_post . "` WHERE `tid` " . $D);
$DB->query("DELETE FROM `" . $table_post2 . "` WHERE `tid` " . $D);
$DB->close();
echo "1";
exit;
}
$where = "";
if (isset($_GET['wd']) && !empty($_GET['wd'])) {
$where = "WHERE `subject` LIKE '" . trim(filterCode($_GET['wd'])) . "%'";
}
$topicArr = $QA->getTopic($where, $page, "30");
$DB->close();
unset($DB, $QA);
$tmp =& myTpl("topic_list.html");
$tmp->assign('codeName', $code_name);
$tmp->assign('codeVersion', $code_version);
$tmp->assign('siteName', $site_name);
$tmp->assign('siteDomain', $site_domain);
$tmp->assign('siteCatalog', $site_catalog);
$tmp->assign('topicArr', $topicArr);
$tmp->output();
<?php
require dirname(__FILE__) . "/global.php";
if (isset($_SERVER['HTTP_REFERER'])) {
$fromUrl = $_SERVER['HTTP_REFERER'];
} else {
$fromUrl = "./";
}
if (isset($_GET['wd'], $_GET['tb']) && !empty($_GET['wd']) && is_numeric($_GET['tb'])) {
$keyword = trim(filterCode($_GET['wd']));
$startTime = microtime(true);
if (!empty($keyword) && $_GET['tb'] == 1) {
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
$forumId = $DB->fetch_one("SELECT `fid` FROM `" . $table_forum . "` WHERE lower(`name`)='" . strtolower($keyword) . "'");
$DB->close();
if (empty($forumId)) {
header("location:./create.php?name=" . urlencode(filterHTML($keyword, false)));
} else {
if ($site_rewrite) {
header("location:./bar-" . $forumId . "-1.html");
} else {
header("location:./forum.php?fid=" . $forumId);
}
}
} else {
if (!empty($keyword) && $_GET['tb'] == 3) {
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
$userId = $DB->fetch_one("SELECT `uid` FROM `" . $table_member . "` WHERE lower(`name`)='" . strtolower($keyword) . "'");
$DB->close();
header("location:./search.php?wd=" . urlencode(filterHTML($keyword, false)) . "&tb=4&id=" . $userId);
} else {
function handreg($nickname, $email, $password)
{
require_once "../global.php";
error_reporting(~E_ALL);
$email = strtolower(stripslashes(trim($email)));
$nickname = filterCode($nickname, true);
$password = stripslashes($password);
if (!emailCheck($email)) {
$remsg["msg"] = "邮件地址不正确1" . $email;
$remsg["jg"] = "2";
return $remsg;
}
$nicknameError = checkNickname($nickname);
if ($nicknameError != "") {
$remsg["msg"] = $nicknameError;
$remsg["jg"] = "2";
return $remsg;
}
if (substr_count($password, " ") > 0) {
$remsg["msg"] = "密码不能使用空格2";
$remsg["jg"] = "2";
return $remsg;
}
if (strlen($password) < 6 || strlen($password) > 26) {
$remsg["msg"] = "密码长度不合法3";
$remsg["jg"] = "2";
return $remsg;
}
$DB = database();
if (PHPSay::getMemberCount($DB, "email", $email) != 0) {
$remsg["msg"] = "邮件地址已被占用,请进行帐号绑定4";
$remsg["jg"] = "3";
return $remsg;
} else {
if (PHPSay::getMemberCount($DB, "nickname", $nickname) != 0) {
$remsg["msg"] = "昵称已被占用,请进行帐号绑定5";
$remsg["jg"] = "3";
return $remsg;
} else {
$userID = PHPSay::memberJoin($DB, $nickname, $email, md5($password), "");
if ($userID > 0) {
newAvatar($userID, "");
loginCookie($PHPSayConfig['ppsecure'], $userID, $nickname, 1);
$remsg["msg"] = "注册成功";
$remsg["jg"] = "1";
return $remsg;
} else {
$remsg["msg"] = "注册失败6";
$remsg["jg"] = "2";
return $remsg;
}
}
}
$DB->close();
}
/**
* Add a comment to a file
* @param file The destination file path
* @param name The user's name
* @param email The user's email
* @param url The user's site url
* @param body The user's message
* @param abuse Set 1 to mark the message as an abuse
* @param approved Set 1 to mark the message as approved
*/
function addComment($file, $name, $email, $url, $body, $abuse = "0", $approved = 0)
{
global $imSettings;
$name = filterCode($name);
$email = filterCode($email);
$url = filterCode($url);
$body = filterCode($body);
$locked = 0;
$comments = $this->getComments($file);
if (!is_array($comments)) {
$comments = array();
}
if ($url != "" && stripos($url, "http://") === FALSE) {
$url = "http://" . $url;
}
$comments[] = array("name" => $name, "email" => $email, "url" => $url, "body" => $body, "abuse" => $abuse, "timestamp" => date("d-m-Y H:i:s"), "approved" => $approved);
if ($file != "" && trim($name) != "" && trim($email) != "" && trim($body) != "") {
return $this->writeXML($file, $comments);
} else {
return -1;
}
}
<?php
require dirname(__FILE__) . "/global.php";
if ($loginArr['state'] == 0) {
header("location:./login.php");
} else {
if (isset($_GET['do'], $_POST['applyreason'], $_POST['applyfid'], $_POST['applytype']) && $_GET['do'] == "apply") {
$content = trim(filterCode($_POST['applyreason']));
$fid = intval($_POST['applyfid']);
$type = intval($_POST['applytype']);
$content_len = getStrlen($content);
if ($content_len < 10 || $content_len > 90) {
echo "1 理由应控制在10到90个字之间!";
} else {
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
$ForumArr = $TB->getForumInfo($fid);
if (empty($ForumArr['fid']) || $type != "1" && $type != "0") {
echo "0 非法请求!";
} else {
$isModerator = 0;
for ($i = 0; $i < count($ForumArr['moderator']); $i++) {
if ($ForumArr['moderator'][$i]['uid'] == $loginArr['uid']) {
$isModerator = 1;
}
}
if ($type == "1" && $isModerator == "0" || $type == "0" && $isModerator == "1") {
$cSql = "SELECT COUNT(`aid`) FROM `" . $table_apply . "` WHERE `type`=" . $type;
if ($DB->fetch_one($cSql . " AND `uid`=" . $loginArr['uid'] . " AND `fid`=" . $ForumArr['fid']) == 0) {
$applyArr['type'] = $type;
$applyArr['uname'] = $loginArr['name'];
$applyArr['uid'] = $loginArr['uid'];
<?php
ini_set('display_errors', 'on');
ini_set('errors_reporting', ~E_ALL);
$res = array();
if (isset($_REQUEST['code'])) {
$code = filterCode($_REQUEST['code']);
if ($code) {
$root = dirname(__FILE__) . '/';
require_once "{$root}include/githubapi/GithubApi.php";
require_once "{$root}config.php";
$config['github']['variables']['code'] = $code;
@unlink($config['github']['token_file']);
$res = array('result' => 'ok');
try {
$github_api = new GithubApi($config['github']);
$token = array('token' => $github_api->authGetToken());
file_put_contents($config['github']['token_file'], $token);
} catch (Exception $e) {
$res = array('error' => 'Fatal error. ' . $e->getMessage());
}
} else {
$res = array('error' => 'Invalid request');
}
}
header('Content-Type: application/json');
echo json_encode($res);
exit;
function filterCode($code)
{
return preg_replace('~[^A-Za-z0-9]~', '', substr(trim($code), 0, 32));
