<?php !function_exists('html') && exit('ERR'); $rsdb = $db->get_one("SELECT * FROM {$pre}article WHERE aid='{$id}'"); if (!$id) { showerr("数据不存在"); } if ($step == 2) { $rs = $db->get_one("SELECT * FROM `{$pre}report` WHERE `ip`='{$onlineip}'"); if (!$web_admin && $timestamp - $rs[posttime] < 30) { showerr("请30秒后再举报信息"); } if (!$Type) { showerr("请选择一个类型"); } elseif (strlen($myname) > 30) { showerr("你的称呼不能大于30个字符"); } $Title = "来自“{$webdb[webname]}”的邮件,你朋友“{$myname}”给你推荐了一篇精彩文章!!"; $rs[email] = $email; $content = filtrate($content); $Type = filtrate($Type); $Content = str_replace("\n", "<br>", $Content); $db->query("INSERT INTO `{$pre}report` ( `aid` , `type` , `uid` , `name` , `content` , `posttime` , `ip` ) VALUES ('{$id}','{$Type}','{$lfjuid}','{$myname}','{$content}','{$timestamp}','{$onlineip}')"); refreshto("{$webdb['www_url']}/", "谢谢你,举报本条信息!", 5); } require ROOT_PATH . "inc/head.php"; require html("report"); require ROOT_PATH . "inc/foot.php";
<?php if (!function_exists('html')) { die('F'); } require_once dirname(__FILE__) . "/googlemap.inc.php"; explain_url($city_id); $title = filtrate($title); $cityname || ($cityname = '北京'); eregi("^[a-z0-9 ]+\$", $cityname) || ($cityname = '中国' . $cityname); //中文城市名要加上中国二字 print <<<EOT <!DOCTYPE html> <html dir="LTR"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <title>谷歌地图位置显示 {$titleDB['title']}</title> <link href="{$webdb['www_url']}/images/default/googlemap.css" rel="stylesheet" type="text/css" /> <SCRIPT LANGUAGE="JavaScript"> <!-- if('{$showDomain}'=='1'){ \tif('{$webdb['cookieDomain']}'!='')document.domain = '{$webdb['cookieDomain']}'; }else{ \twindow.onerror=function (){ \t\turl = '{$WEBURL}'; \t\turl +=url.indexOf('?')>0?'&':'?'; \t\tif('{$webdb['cookieDomain']}'!='')window.location.href=url+'showDomain=1'; \t\treturn true; \t};
showerr("你的空间不足,上传失败,<A HREF='?uid={$lfjuid}'>点击查看你的空间容量信息</A>"); } $array[updateTable] = 1; //统计用户上传的文件占用空间大小 $filename = upfile(is_array($postfile) ? $_FILES[postfile][tmp_name] : $postfile, $array); $icon = "icon/{$lfjuid}" . strtolower(strrchr($filename, ".")); @unlink(ROOT_PATH . "{$webdb['updir']}/{$icon}"); rename(ROOT_PATH . "{$webdb['updir']}/icon/{$filename}", ROOT_PATH . "{$webdb['updir']}/{$icon}"); $icon_array = getimagesize(ROOT_PATH . "{$webdb['updir']}/{$icon}"); if ($icon_array[0] > 150 || $icon_array[1] > 150) { $icon_url = "{$webdb['www_url']}/{$webdb['updir']}/{$icon}"; } } if ($icon) { $filetype = strtolower(strrchr($icon, ".")); $icon = filtrate($icon); if ($filetype != '.gif' && $filetype != '.jpg') { showerr("头像只能是.gif或.jpg格式"); } } //过滤不健康的字 $truename = replace_bad_word($truename); $introduce = replace_bad_word($introduce); $address = replace_bad_word($address); if ($cityid) { @extract($db->get_one("SELECT fup AS provinceid FROM {$pre}area WHERE fid='{$cityid}'")); } $array = array("uid" => $lfjuid, "username" => $lfjid, "email" => $email, "password" => $password, "icon" => $icon, "sex" => $sex, "bday" => $bday, "introduce" => $introduce, "oicq" => $oicq, "msn" => $msn, "homepage" => $homepage, "address" => $address, "postalcode" => $postalcode, "mobphone" => $mobphone, "telephone" => $telephone, "idcard" => $idcard, "truename" => $truename, "provinceid" => $provinceid, "cityid" => $cityid); if ($lfjdb[email_yz] && $lfjdb[email] != $email) { if (!$webdb[EditYzEmail]) { showerr("你不可以再修改邮箱,因为已经审核过了.");
} $yz = 1; if (!$web_admin) { if ($webdb[Info_PostCommentType] == 2) { die('管理员设置不可以发表评论'); } elseif ($webdb[Info_PostCommentType] == 1 && !$lfjuid) { die('管理员设置游客不可以发表评论'); } if ($webdb[Info_PassCommentType] == 2) { $yz = 0; } elseif ($webdb[Info_PassCommentType] == 1 && !$lfjuid) { $yz = 0; } } $username = filtrate($username); $content = filtrate($content); $content = str_replace("@@br@@", "<br>", $content); //过滤不健康的字 $username = replace_bad_word($username); $content = replace_bad_word($content); //处理有人恶意用他人帐号做署名的 if ($username) { $rs = $db->get_one(" SELECT {$TB['uid']} AS uid FROM {$TB['table']} WHERE {$TB['username']}='{$username}' "); if ($rs[uid] != $lfjuid) { $username = "******"; } } $rss = $db->get_one(" SELECT * FROM {$_pre}content WHERE id='{$id}' "); if (!$rss) { die("原数据不存在"); }
require dirname(__FILE__) . "/" . "foot.php"; } elseif ($action == 'add' && $Apower[membermenu_list]) { if ($gid == 2) { showmsg("不能是游客组"); } if (!$postdb[name]) { showmsg("名称不能为空"); } if ($fid && !$postdb['linkurl']) { showmsg("链接地址不能为空"); } if (!$addsort && !$fid) { showmsg("请选择一个分类"); } $postdb[name] = filtrate($postdb[name]); $postdb[linkurl] = filtrate($postdb[linkurl]); $db->query("INSERT INTO `{$pre}admin_menu` (`fid`, `name`, `linkurl`, `color`, `target`, `groupid`, `list`) VALUES ('{$fid}', '{$postdb['name']}', '{$postdb['linkurl']}', '{$postdb['color']}', '{$postdb['target']}','-{$gid}', '{$postdb['list']}')"); jump("添加成功", "?lfj={$lfj}&job=list&gid={$gid}", 1); } elseif ($action == 'delete' && $Apower[membermenu_list]) { $rs = $db->get_one("SELECT * FROM {$pre}admin_menu WHERE fid='{$id}'"); if ($rs) { showmsg("请先删除子菜单或者把子菜单移走.才能删除此菜单"); } $db->query("DELETE FROM `{$pre}admin_menu` WHERE id='{$id}'"); jump("删除成功", "?lfj={$lfj}&job=list&gid={$gid}", 1); } elseif ($action == "editlist" && $Apower[membermenu_list]) { foreach ($order as $key => $value) { $db->query("UPDATE {$pre}admin_menu SET list='{$value}' WHERE id='{$key}'"); } jump("修改成功", "?lfj={$lfj}&job=list&gid={$gid}", 1); } elseif ($job == "sysmenu" && $Apower[membermenu_list]) {
header("location:{$detail['showurl']}"); exit; } } } /** *文章检查 **/ check_article($rsdb); //统计点击次数 $db->query("UPDATE {$pre}article{$erp} SET hits=hits+1,lastview='{$timestamp}' WHERE aid='{$aid}'"); //SEO $titleDB[title] = filtrate(strip_tags("{$rsdb['title']} - {$fidDB['name']} - {$webdb['webname']}")); $titleDB[keywords] = filtrate($rsdb[keywords]); $rsdb[description] || ($rsdb[description] = get_word(preg_replace("/(<([^<]+)>|\t| |\n)/is", "", $rsdb[content]), 250)); $titleDB[description] = filtrate($rsdb[description]); //文章风格 $STYLE = $rsdb[style] ? $rsdb[style] : ($fidDB[style] ? $fidDB[style] : $STYLE); //相关栏目名称模板 if (is_file(html("{$webdb['SideSortStyle']}"))) { $sortnameTPL = html("{$webdb['SideSortStyle']}"); } else { $sortnameTPL = html("side_sort/0"); } /** *模板选择 **/ //类似大旗那样,框架网页模板 if ($rsdb[iframeurl]) { $head_tpl = "template/default/none.htm"; $main_tpl = "template/default/none.htm";
} else { showerr("还没通过审核"); } } /** *内容页的风格优先于栏目的风格,栏目的风格优先于系统的风格 **/ if ($rsdb[style]) { $STYLE = $rsdb[style]; } elseif ($fidDB[style]) { $STYLE = $fidDB[style]; } //SEO $titleDB[title] = filtrate(strip_tags("{$rsdb['title']} - {$city_DB[name][$city_id]}{$fidDB['name']} - {$webdb['Info_webname']}")); $titleDB[keywords] = filtrate(strip_tags($rsdb[keywords])); $titleDB[description] = filtrate(get_word(strip_tags($rsdb[content]), 200)) . filtrate(strip_tags("{$fidDB['metadescription']} {$webdb['Info_metadescription']}")); /** *栏目指定了哪些用户组才能看信息内容 **/ if ($fidDB[allowviewcontent]) { if (!$web_admin && !in_array($groupdb[gid], explode(",", $fidDB[allowviewcontent]))) { if (!$lfjid || !in_array($lfjid, explode(",", $fidDB[admin]))) { showerr("你所在用户组,无权浏览"); } } } /** *对信息内容字段的处理 **/ $Module_db->hidefield = true; $Module_db->classidShowAll = true;
showerr('栏目不存在!'); } //SEO $titleDB[title] = "{$fidDB['name']} - {$webdb['Info_webname']}"; /** *模型参数配置文件 **/ $field_db = $module_DB[$fidDB[mid]][field]; if (!$lfjuid) { showerr('你还没有登录!'); } elseif ($fidDB[type]) { showerr("大分类,不允许发表内容"); } if ($action == "postnew" || $action == "edit") { $postdb['title'] = filtrate($postdb['title']); $postdb['keywords'] = filtrate($postdb['keywords']); } /**处理提交的新发表内容**/ if ($action == "postnew") { /*验证码处理*/ if (!$web_admin) { if (!check_imgnum($yzimg)) { showerr("验证码不符合,发布失败"); } } if (!$postdb[title]) { showerr("标题不能为空"); } elseif (strlen($postdb[title]) > 80) { showerr("标题不能大于40个汉字."); } if (eregi("[a-z0-9]{15,}", $postdb[title])) {
function checkpost($field_db, &$postdb, $rsdb = '') { foreach ($field_db as $key => $rs) { //检查必填项目 if ($rs[mustfill] == 1) { if (is_array($postdb[$rs[field_name]])) { if (implode('', $postdb[$rs[field_name]]) === '') { showerr("{$rs['title']},你必须选择一项"); } } elseif ($postdb[$rs[field_name]] === '' || !isset($postdb[$rs[field_name]])) { showerr("{$rs['title']},不能为空"); } } //检查是否是整数 if ($rs[field_type] == 'int' && $postdb[$rs[field_name]] && !ereg("^[-0-9]+\$", $postdb[$rs[field_name]])) { showerr("{$rs['title']} 必须为整数"); } //检查是否超出字数 if ($rs[field_type] == 'varchar') { $rs[field_leng] = $rs[field_leng] ? $rs[field_leng] : 255; if (strlen($postdb[$rs[field_name]]) > $rs[field_leng]) { showerr("{$rs['title']} 不能超过 {$rs[field_leng]} 个字"); } } if ($rs[field_type] == 'int') { $rs[field_leng] = $rs[field_leng] ? $rs[field_leng] : 10; if (strlen($postdb[$rs[field_name]]) > $rs[field_leng]) { showerr("{$rs['title']} 不能超过 {$rs[field_leng]} 个字"); } } if ($rs[form_type] == 'upmorefile' || $rs[form_type] == 'upmorepic') { //修改的时候 $array = array(); if ($rsdb[$rs[field_name]]) { $detail = explode("\n", $rsdb[$rs[field_name]]); foreach ($detail as $value) { $d = explode("@@@", $value); $array[] = $d[0]; } } foreach ($postdb[$rs[field_name]][url] as $key => $value) { if (!$value) { continue; } //修改的时候.就不需要 if (!@in_array($value, $array)) { //$this->cut_img($value,$postdb); //裁个小图出来 //$this->img_water($value); //加水印 } //标题介绍图 if (!$postdb[picurl]) { $postdb[picurl] = $value; $postdb[ispic] = 1; } $_array[] = "{$value}@@@{$postdb[$rs[field_name]][name][$key]}@@@{$postdb[$rs[field_name]][fen][$key]}"; } $postdb[$rs[field_name]] = implode("\n", $_array); } if ($rs[form_type] == 'ieedit' || $rs[form_type] == 'ieeditsimp') { global $lfjdb, $_pre; $postdb[$key] = str_replace("<img ", "<img onload=\\'if(this.width>600)makesmallpic(this,600,800);\\' ", $postdb[$key]); $postdb[$key] = move_attachment($lfjdb[uid], $postdb[$key], "{$_pre}/" . date("W")); $postdb[$key] = En_TruePath($postdb[$key]); //过滤js代码 $postdb[$key] = preg_replace('/javascript/i', 'java script', $postdb[$key]); //过滤框架代码 $postdb[$key] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $postdb[$key]); } elseif ($rs[form_type] == 'classdb') { $postdb[$key] = filtrate(implode("/#/", $postdb[$key])); } else { if (is_array($postdb[$key])) { $postdb[$key] = implode("/", $postdb[$key]); } //过滤不安全的字符 $postdb[$key] = filtrate($postdb[$key]); } if (strlen($postdb[$key]) > 30000) { showerr("内容不能大于1.5万个汉字"); } } }
@(include_once ROOT_PATH . 'inc/biz/function.php'); if (!$webdb['debug']) { error_reporting(0); } @(include_once ROOT_PATH . "data/module.php"); @(include_once ROOT_PATH . "data/htmltype.php"); @(include_once ROOT_PATH . "data/showhtmltype.php"); require_once ROOT_PATH . "data/mysql_config.php"; require_once ROOT_PATH . 'inc/mysql_class.php'; require_once ROOT_PATH . 'inc/class.user.php'; require_once ROOT_PATH . 'data/level.php'; $timestamp = time() + $webdb['time'] * 60; $_POST[loginname] && ($_POST[loginname] = filtrate($_POST[loginname])); $_POST[loginpwd] && ($_POST[loginpwd] = filtrate($_POST[loginpwd])); $FROMURL = filtrate($FROMURL); $WEBURL = filtrate($WEBURL); /** *封IP **/ $IS_BIZ && Limt_IP('ForbidIp'); list($usr_sid, $usr_oltime, $usr_lastvist, $usr_lasturl) = explode("\t", get_cookie('USR')); if (!$usr_sid) { $usr_sid = rands(8); } unset($_ENV, $HTTP_COOKIE, $HTTP_ENV_VARS, $_REQUEST, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_POST_FILES, $HTTP_COOKIE_VARS); $db = new MYSQL_DB(); unset($web_admin, $sort_admin, $lfjid, $lfjuid, $lfjpwd, $lfjdb, $groupdb); $usr_oltime = intval($usr_oltime); /*用户登录模块*/ if ($webdb[passport_type] && is_file(ROOT_PATH . "inc/passport/{$webdb[passport_type]}.php")) { require_once ROOT_PATH . "inc/passport/{$webdb[passport_type]}.php";
function register_user($array) { global $webdb; if ($this->get_passport($array[username], 'name')) { return '当前用户已经存在了'; } if (!$array[username]) { return '用户名不能为空'; } elseif (!$array[email]) { return '邮箱不能为空'; } elseif (!$array[password]) { return '密码不能为空'; } elseif (strlen($array[username]) > 15 || strlen($array[username]) < 3) { return '用户名不能小于3个字节或大于15个字节'; } elseif (strlen($array[password]) > 30 || strlen($array[password]) < 5) { return '密码不能小于5个字符或大于30个字符'; } elseif (!ereg("^[-a-zA-Z0-9_\\.]+\\@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$", $array[email])) { return '邮箱不符合规则'; } elseif ($webdb[emailOnly] && $this->check_emailexists($array[email])) { return '当前邮箱已被注册了,请更换一个邮箱!'; } $S_key = array('|', ' ', '', "'", '"', '/', '*', ',', '~', ';', '<', '>', '$', "\\", "\r", "\t", "\n", "`", "!", "?", "%", "^"); foreach ($S_key as $value) { if (strpos($array[username], $value) !== false) { return '用户名中包含有禁止的符号“{$value}”'; } if (strpos($password, $value) !== false) { return '密码中包含有禁止的符号“{$value}”'; } } foreach ($array as $key => $value) { $array[$key] = filtrate($value); } $array[uid] = $this->register_passport($array); $this->register_data($array); return $array[uid]; }
<?php require dirname(__FILE__) . "/" . "global.php"; require_once ROOT_PATH . "inc/class.inc.php"; $Guidedb = new Guide_DB(); $Guidedb->mid = $mid; $keyword = str_replace("%", "\\%", $keyword); $keyword = trim($keyword); $rows = 20; if (($_GET[type] || $_POST[type]) && !$keyword) { showerr("关键字不能为空"); } if ($_GET[keyword] || $_POST[keyword]) { $type = filtrate($type); $search_module = 0; if (!$type) { $type = 'title'; } if (!$web_admin) { if (!$groupdb[SearchArticleType]) { showerr("你所在用户组,无权使用搜索!"); } elseif ($type == 'content' && $groupdb[SearchArticleType] != 2) { showerr("你所在用户组,无权搜索文章内容!"); } } if ($_POST[keyword] && $timestamp - $_COOKIE[searchTime] < 3) { showerr("3秒钟内,请不要重复提交查询"); } setcookie("searchTime", $timestamp, $timestamp + 3); $SQL = " A.yz=1 "; if ($mid == -1) {
$postdb[ispic] = 0; } //图片目录转移 $postdb[content] = move_attachment($lfjdb[uid], $postdb[content], "{$_pre}/{$fid}"); //获取远程图片 $postdb[content] = get_outpic($postdb[content], $fid, $GetOutPic); $postdb[content] = En_TruePath($postdb[content]); $postdb[content] = preg_replace('/javascript/i', 'java script', $postdb[content]); //过滤js代码 $postdb[content] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $postdb[content]); //过滤框架代码 foreach ($postdb as $key => $value) { if ($key == 'content') { continue; } $postdb[$key] = filtrate($value); } $db->query("UPDATE `{$_pre}content` SET title='{$postdb['title']}',keywords='{$postdb['keywords']}',picurl='{$postdb['picurl']}',ispic='{$postdb['ispic']}',city_id='{$city_id}',iframeurl='{$postdb['iframeurl']}',jumpurl='{$postdb['jumpurl']}',author='{$postdb['author']}',copyfrom='{$postdb['copyfrom']}',copyfromurl='{$postdb['copyfromurl']}' WHERE id='{$id}'"); $db->query("UPDATE `{$_pre}content_1` SET content='{$postdb['content']}' WHERE id='{$id}'"); refreshto("list.php?job=list", "<a href='{$Mdomain}/bencandy.php?fid={$fid}&id={$id}&rid={$rid}' target='_blank'>查看效果</a> <a href='list.php?job=list'>返回列表</a> <a href='{$FROMURL}'>继续修改</a>", 600); } else { $atc = "postnew"; $isiframe[0] = " checked "; require ROOT_PATH . "member/head.php"; require dirname(__FILE__) . "/template/post.htm"; require ROOT_PATH . "member/foot.php"; } //采集外部图片 function get_outpic($str, $fid = 0, $getpic = 1) { global $webdb, $_pre;
/*缩略图处理*/ if ($postdb[picurl] && !strstr($postdb[picurl], "http://")) { //图片目录转移 move_attachment($lfjdb[uid], tempdir($postdb[picurl]), "special/{$postdb['fid']}"); if (file_exists(ROOT_PATH . "{$webdb['updir']}/special/{$postdb['fid']}/" . basename($postdb[picurl]))) { $postdb[picurl] = "special/{$postdb['fid']}/" . basename($postdb[picurl]); } $water_info = getimagesize(ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}"); if ($webdb[if_gdimg] && $water_info[0] > 150) { gdpic(ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}", ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}", 200, 150); } } $postdb[title] = filtrate($postdb[title]); $postdb[content] = filtrate($postdb[content]); $postdb[picurl] = filtrate($postdb[picurl]); $postdb[banner] = filtrate($postdb[banner]); $postdb[allowpost] = @implode(",", $postdb[allowpost]); } } if ($job == 'listsp') { $rows = 10; if ($page < 1) { $page = 1; } $min = ($page - 1) * $rows; $showpage = getpage("{$pre}special", "WHERE uid='{$lfjuid}'", "?job=listsp", $rows); $query = $db->query("SELECT S.*,F.name AS fname FROM {$pre}special S LEFT JOIN {$pre}spsort F ON S.fid=F.fid WHERE S.uid='{$lfjuid}' ORDER BY id DESC LIMIT {$min},{$rows}"); while ($rs = $db->fetch_array($query)) { $detail = explode(",", $rs[aids]); $rs[NUM] = count($detail); $rs[picurl] = tempdir($rs[picurl]);
function label_set_rs($format, $rs) { global $db, $pre, $timestamp, $webdb, $TB_url; //分类的话,对于分表的情况,要特别处理,不支持其它频道调用,会出错 if ($format[SYS] == 'fenlei' && !$rs[posttime]) { global $Fid_db; $_erp = $Fid_db[tableid][$rs[fid]]; $rs = $db->get_one("SELECT * FROM {$pre}{$format[wninfo]}content{$_erp} WHERE id='{$rs['id']}' "); } //读取自定义字段的表,方便调用,如果声明了noReadMid就不要读了 if ($format[wninfo] && $rs[mid] && !$format[noReadMid]) { $_rss = $db->get_one("SELECT * FROM {$pre}{$format[wninfo]}content_{$rs[mid]} WHERE id='{$rs['id']}' "); $_rss && ($rs = $rs + $_rss); //文章要读取自定义字段的表,方便调用 } elseif ($format[SYS] == 'artcile' && $rs[mid]) { $_rss = $db->get_one("SELECT * FROM {$pre}article_content_{$rs[mid]} WHERE aid='{$rs['aid']}' "); $_rss && ($rs = $rs + $_rss); } //扩展接口,少用 if ($format[eval_code]) { eval($format[eval_code]); } //附件处理 if ($format[SYS] == 'pwbbs') { //隐藏或出售贴 if ($ifhide || strstr($rs[content], '[sell=')) { $rs[content] = '******'; } $rs[content] = preg_replace("/\\[([^\\]]+)\\]/is", "", $rs[content]); global $db_attachname; $rs[picurl] = ''; if ($rs[attachurl]) { //兼容旧版与非主题有图片的. if (is_file(ROOT_PATH . "{$webdb['passport_path']}/{$db_attachname}/thumb/{$rs['attachurl']}")) { $rs[picurl] = "{$webdb['passport_url']}/{$db_attachname}/thumb/{$rs['attachurl']}"; } else { $rs[picurl] = "{$webdb['passport_url']}/{$db_attachname}/{$rs['attachurl']}"; } } $dfont = explode("~", $rs[titlefont]); $rs[titlecolor] = $dfont[0]; } elseif ($format[SYS] == 'dzbbs') { $rs[content] = preg_replace("/\\[([^\\]]+)\\]/is", "", $rs[content]); global $_DCACHE; $rs[picurl] = ''; $rs[attachment] && ($rs[picurl] = "{$webdb['passport_url']}/{$_DCACHE[settings][attachurl]}/{$rs['attachment']}"); } $rs[full_time] = $rs[posttime]; $rs[full_title] = $rs[title]; //内容 $rs[description] && ($rs[content] = $rs[description]); $rs[content] = preg_replace('/<([^<]*)>/is', "", $rs[content]); //把HTML代码过滤掉 $rs[content] = preg_replace('/ | | /is', "", $rs[content]); //把多余的空格去除掉 $rs[full_content] = $rs[content]; $rs[content] = get_word($rs[content], $format[content_num]); //标题样式 $rs[fontweight] = $rs[fontcolor] = ''; $rs[fonttype] == 1 && ($rs[fontweight] = 'font-weight:bold;'); $rs[titlecolor] && ($rs[fontcolor] = "color:{$rs['titlecolor']};"); //标题 $rs[smalltitle] && ($rs[title] = $rs[smalltitle]); //如果有简短标题的话,就使用简短标题 $rs[title] = preg_replace('/<([^<]*)>/is', "", $rs[title]); $rs[title] = get_word($rs[title], $format[titlenum], $format[titleflood]); if (!$format[timeformat]) { $format[timeformat] = "Y/m/d"; } $rs[posttime] = date($format[timeformat], $rs[posttime]); if ($rs[picurl]) { $rs[picurl] = filtrate($rs[picurl]); $rs[picurl] = tempdir($rs[picurl]); //4:3的图 $rs[picurl2] = "{$rs['picurl']}.jpg"; //3:4的图 $rs[picurl3] = "{$rs['picurl']}.jpg.jpg"; //1:1的图 } else { $rs[picurl2] = $rs[picurl3] = ""; } //最新文章 if ($timestamp - $rs[full_time] < $format[newhour] * 3600) { $rs['new'] = "<img src='{$webdb['www_url']}/images/default/new.gif' border=0>"; } else { $rs['new'] = ""; } //热门文章 if ($format[hothits] && $rs[hits] > $format[hothits]) { $rs[hot] = "<img src='{$webdb['www_url']}/images/default/hot.gif' border=0>"; } else { $rs[hot] = ""; } //V6以前的版本需要用到 if ($format[SYS] == 'artcile') { $rs[id] = $rs[aid]; } //主要是针对$url,$listurl这两个地址得到其真实网址 $detail = make_ture_path($format, $rs); $rs[tpl_1code] = $detail[tpl_1code]; $rs[showurl] = $detail[showurl]; //主要针对幻灯片 $detail[urlDB] && ($rs[urlDB] = $detail[urlDB]); //针对标签里的PHP逻辑,对自定义URL要做处理 $rs[tpl_2code] = $detail[tpl_2code]; //不一定都存在的 $rs[dirid] = floor($rs[id] / 1000); $rs[time_Y] = date("Y", $rs[full_time]); $rs[time_W] = date("W", $rs[full_time]); $rs[time_y] = date("y", $rs[full_time]); $rs[time_m] = date("m", $rs[full_time]); $rs[time_d] = date("d", $rs[full_time]); $rs[time_H] = date("H", $rs[full_time]); $rs[time_i] = date("i", $rs[full_time]); $rs[time_s] = date("s", $rs[full_time]); return $rs; }
function member_field($array) { $post_tpl = "<!--\r\n<?php\r\nprint <<<EOT\r\n--> \r\n<table width=\"100%\" border=\"0\" cellspacing=\"3\" cellpadding=\"3\"><tr><td width='28%'></td><td width='72%'></td></tr>"; $show_tpl = "<!--\r\n<?php\r\nprint <<<EOT\r\n--> \r\n<table width=\"100%\" border=\"0\" cellspacing=\"3\" cellpadding=\"3\">"; foreach ($array as $key => $rs) { if ($rs[mustfill]) { $namedb[] = filtrate($rs[title]); $iddb[] = "atc_{$rs[field_name]}"; } $post_tpl .= make_post_table($rs); $show_tpl .= "<tr> <td style='border-bottom:1px dotted #ccc;'>{$rs[title]}:</td> <td style='border-bottom:1px dotted #ccc;'>{\$rsdb[{$rs[field_name]}]} {$rs[form_units]} </td></tr>"; } if ($namedb) { $_name = implode(",", $namedb); $_id = implode(",", $iddb); $post_tpl = str_replace("<table", "<table onmouseover=\"ckregdata('{$_id}','{$_name}');\"", $post_tpl); } $post_tpl .= "</table>\r\n<!--\r\nEOT;\r\n?>-->"; $show_tpl .= "</table>\r\n<!--\r\nEOT;\r\n?>-->"; write_file(ROOT_PATH . "template/default/regfield_show.htm", $show_tpl); write_file(ROOT_PATH . "template/default/regfield.htm", $post_tpl); }
if ($job) { $query = $db->query(" SELECT * FROM {$_pre}config "); while ($rs = $db->fetch_array($query)) { $webdb[$rs[c_key]] = $rs[c_value]; } } if ($job == "label") { echo "<META HTTP-EQUIV=REFRESH CONTENT='0;URL=../{$dirname}/index.php?jobs=show'>"; exit; } elseif ($job == "config") { $showNoPassComment[intval($webdb[showNoPassComment])] = ' checked '; $webdb[Info_webOpen] ? $Info_webOpen1 = 'checked' : ($Info_webOpen0 = 'checked'); $Info_webOpen[intval($webdb[Info_webOpen])] = ' checked '; $yzImgGuestBook[intval($webdb[yzImgGuestBook])] = ' checked '; $viewNoPassGuestBook[intval($webdb[viewNoPassGuestBook])] = ' checked '; $ifOpenGuestBook[intval($webdb[ifOpenGuestBook])] = ' checked '; $groupPassPassGuestBook = group_box("webdbs[groupPassPassGuestBook]", explode(",", $webdb[groupPassPassGuestBook])); $module_close[intval($webdb[module_close])] = " checked "; get_admin_html('config'); } elseif ($action == "config") { if (isset($webdbs[Info_webadmin])) { $webdbs[Info_webadmin] = filtrate($webdbs[Info_webadmin]); $db->query("UPDATE {$pre}module SET adminmember='{$webdbs['Info_webadmin']}' WHERE id='{$webdb['module_id']}'"); } if (isset($webdbs[Info_weburl])) { $webdbs[Info_weburl] = filtrate($webdbs[Info_weburl]); $db->query("UPDATE {$pre}module SET domain='{$webdbs['Info_weburl']}' WHERE id='{$webdb['module_id']}'"); } module_write_config_cache($webdbs); refreshto($FROMURL, "修改成功"); }
} elseif ($job == 'send') { if ($step == 2) { $rsdb = $userDB->get_passport($touser, 'name'); if (!$rsdb) { showerr("当前用户不存在"); } if (!$title) { showerr("标题不能为空"); } if (strlen($array[title]) > 100) { showerr("标题太长了!"); } $array[touid] = $rsdb[uid]; $array[fromuid] = $lfjuid; $array[fromer] = $lfjid; $array[title] = filtrate($title); //针对火狐浏览器做的处理 $postdb[content] = str_replace("=\\\"../{$webdb['updir']}/", "=\\\"{$webdb['www_url']}/{$webdb['updir']}/", $postdb[content]); $postdb[content] = preg_replace('/javascript/i', 'java script', $postdb[content]); $postdb[content] = preg_replace('/<(script)([^<>]*)>/i', '<\\1\\2>', $postdb[content]); $postdb[content] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $postdb[content]); $array[content] = stripslashes($postdb[content]); $array[content] = En_TruePath($array[content], 1); pm_msgbox($array); refreshto("?job=list", "发送成功", 1); } if ($uid) { $rsdb = $userDB->get_passport($uid); $username = $rsdb[username]; } require dirname(__FILE__) . "/" . "head.php";
<?php require_once dirname(__FILE__) . "/" . "global.php"; $etype = $etype ? 'simple' : 'full'; $_GET[id] = filtrate($_GET[id]); print <<<EOT <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=gb2312"> <title>Æ벩Õûվϵͳ</title> </head> <body leftmargin="0" topmargin="0"> <SCRIPT LANGUAGE="JavaScript"> <!-- var bokecc_id='{$webdb['bokecc_id']}'; var KE_EDITOR_TYPE = "{$etype}"; //--> </SCRIPT> <script type="text/javascript" src="{$webdb['www_url']}/ewebeditor/KindEditor.js"></script> <input type="hidden" name="content" id="content"> <script type="text/javascript"> var editor = new KindEditor("editor"); editor.hiddenName = "content"; editor.skinPath = "{$webdb['www_url']}/ewebeditor/skins/default/"; editor.iconPath = "{$webdb['www_url']}/images/default/faceicon/"; editor.imageAttachPath = "upload_files"; editor.imageUploadCgi = "upfile_eweb.php"; editor.cssPath = "{$webdb['www_url']}/ewebeditor/common.css"; editor.editorWidth = "100%";
$array[updateTable] = 1; //统计用户上传的文件占用空间大小 $filename = upfile($postfile, $array); $postdb[logo] = "friendlink/{$filename}"; } } if ($postdb[logo] && !eregi("(gif|jpg|png)\$", $postdb[logo])) { showerr("LOGO,只能上传GIF,JPG,PNG格式的文件,你不能上传此文件:{$array['name']}"); } if (!strstr($postdb[url], 'htttp://')) { $postdb[url] = "htttp://" . $postdb[url]; } $postdb[name] = filtrate($postdb[name]); $postdb[url] = filtrate($postdb[url]); $postdb[descrip] = filtrate($postdb[descrip]); $postdb[logo] = filtrate($postdb[logo]); } if ($action == 'reg') { if (!$lfjid) { showerr('请先登录'); } $db->query("INSERT INTO `{$pre}friendlink` (`name` , `url` ,`fid` , `logo` , `descrip` , `list`,ifhide,yz,iswordlink,uid,username ) VALUES ('{$postdb['name']}','{$postdb['url']}','{$postdb['fid']}','{$postdb['logo']}','{$postdb['descrip']}','0','1','0','0','{$lfjuid}','{$lfjid}')"); refreshto("?", "你的申请资料已经提交成功,请等待管理员审核后,才可以显示出来", '10'); } else { $select_fid = select_fsort("postdb[fid]", ""); require ROOT_PATH . "inc/head.php"; require html("friendlink"); require ROOT_PATH . "inc/foot.php"; } function select_fsort($name, $ckfid) {
$erp = $Fid_db[iftable][$fid]; if ($job == 'postnew' && $webdb[ForbidRepeatTitle] && $db->get_one("SELECT * FROM {$pre}article{$erp} WHERE title='{$postdb['title']}' AND fid='{$fid}'")) { showerr("系统不允许本栏目有重复的标题,请更换标题!"); } //一些权限功能的设置 article_more_set_ckecked($job); //过滤一些用害的代码 $postdb[title] = filtrate($postdb[title]); $postdb[subhead] = filtrate($postdb[subhead]); $postdb[keywords] = filtrate($postdb[keywords]); $postdb[smalltitle] = filtrate($postdb[smalltitle]); $postdb[picurl] = filtrate($postdb[picurl]); //$postdb[description]= filtrate($postdb[description]); $postdb[author] = filtrate($postdb[author]); $postdb[copyfrom] = filtrate($postdb[copyfrom]); $postdb[copyfromurl] = filtrate($postdb[copyfromurl]); $postdb[description] = preg_replace('/javascript/i', 'java script', $postdb[description]); $postdb[description] = preg_replace('/<(script)([^<>]*)>/i', '<\\1\\2>', $postdb[description]); $postdb[description] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $postdb[description]); //针对火狐浏览器做的处理 $postdb[content] = str_replace("=\\\"../{$webdb['updir']}/", "=\\\"{$webdb['www_url']}/{$webdb['updir']}/", $postdb[content]); if (!$groupdb[PostNoDelCode]) { $postdb[content] = preg_replace('/javascript/i', 'java script', $postdb[content]); $postdb[content] = preg_replace('/<(script)([^<>]*)>/i', '<\\1\\2>', $postdb[content]); $postdb[content] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $postdb[content]); } //对自定义模块表单数据进行判断 if ($mid) { query_article_module($mid, '', $post_db, ''); } //采集外部图片
if ($mobphone && !ereg("^1([0-9]{10})\$", $mobphone)) { showerr('手机号码有误!'); } if ($password != $password2) { showerr("两次输入密码不一样"); } elseif ($msn && !ereg("^[-a-zA-Z0-9_\\.]+\\@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$", $msn)) { showerr("MSN不符合规则"); } if ($webdb[forbidRegName]) { $detail = explode("\r\n", $webdb[forbidRegName]); if (in_array($username, $detail)) { showerr("受保护的帐号,不允许使用,请更换一个吧"); } } $msn = filtrate($msn); $homepage = filtrate($homepage); $gtype = 0; //需要用户填写资料后,才能成为企业用户.如不填写资料也能成为企业用户的话,请把下面的//线取消即可 //$gtype=$grouptype==1?1:0; if ($groupid == 3 || $groupid == 4 || $memberlevel[$groupid] || !in_array($groupid, explode(",", $webdb[reg_group]))) { $groupid = 8; } $groupid || ($groupid = 8); $array = array('username' => $username, 'password' => $password, 'groupid' => intval($groupid), 'grouptype' => $gtype, 'yz' => $webdb[RegYz], 'lastvist' => $timestamp, 'lastip' => $onlineip, 'regdate' => $timestamp, 'regip' => $onlineip, 'sex' => $sex, 'bday' => "{$bday_y}-{$bday_m}-{$bday_d}", 'oicq' => $oicq, 'msn' => $msn, 'homepage' => $homepage, 'email' => $email, 'mobphone' => $mobphone); //用户注册 $uid = $userDB->register_user($array); if (!is_numeric($uid)) { showerr($uid); } if ($webdb[RegCompany] && $gtype == 1) { //注册企业用户
$gudie = getGuide($fid, "{$admin_path}&job=listsort&fid="); $query = $db->query("SELECT * FROM {$_pre}class WHERE fup='{$fid}' ORDER BY list DESC"); while ($rs = $db->fetch_array($query)) { extract($db->get_one("SELECT COUNT(*) AS NUM FROM {$_pre}class WHERE fup='{$rs['fid']}'")); $rs[NUM] = intval($NUM); $listdb[] = $rs; } get_admin_html('sort'); } elseif ($action == "addsort") { if (!$name) { showerr('名称不能为空!'); } $detail = explode("\r\n", $name); foreach ($detail as $key => $value) { if ($value) { $value = filtrate($value); $db->query("INSERT INTO {$_pre}class (name,fup) VALUES ('{$value}','{$fup}')"); } } refreshto("{$FROMURL}", "创建成功"); } elseif ($job == "editsort") { $rsdb = $db->get_one("SELECT * FROM {$_pre}class WHERE fid='{$fid}'"); $gudie = getGuide($rsdb[fup], "{$admin_path}&job=listsort&fid="); get_admin_html('editsort'); } elseif ($action == "editsort") { $db->query("UPDATE {$_pre}class SET name='{$postdb['name']}' WHERE fid='{$postdb['fid']}' "); refreshto("{$FROMURL}", "修改成功"); } elseif ($action == "delete") { if (!$fid_db && $fid) { $fid_db[] = $fid; }
function edit_vote($aid) { global $db, $pre, $timestamp, $votesdb, $vote_db, $ModuleDB; //没安装投票模块 if (!$ModuleDB['vote_']) { return; } $vote_path = $ModuleDB['vote_']['dirname'] ? $ModuleDB['vote_']['dirname'] : 'vote'; $vote_db[begintime] && ($vote_db[begintime] = preg_replace("/([\\d]+)-([\\d]+)-([\\d]+) ([\\d]+):([\\d]+):([\\d]+)/eis", "mk_time('\\4','\\5', '\\6', '\\2', '\\3', '\\1')", $vote_db[begintime])); $vote_db[endtime] && ($vote_db[endtime] = preg_replace("/([\\d]+)-([\\d]+)-([\\d]+) ([\\d]+):([\\d]+):([\\d]+)/eis", "mk_time('\\4','\\5', '\\6', '\\2', '\\3', '\\1')", $vote_db[endtime])); $vote_db[votetype] = intval($vote_db[votetype]); $tplcode = addslashes(read_file(ROOT_PATH . "{$vote_path}/template/default/vote_js/{$vote_db['votetype']}.htm")); $vote_db[name] = filtrate($vote_db[name]); $vote_db[about] = filtrate($vote_db[about]); $db->query("UPDATE `{$pre}vote_topic` SET name='{$vote_db['name']}',about='{$vote_db['about']}',type='{$vote_db['type']}',limittime='{$vote_db['limittime']}',limitip='{$vote_db['limitip']}',begintime='{$vote_db['begintime']}',endtime='{$vote_db['endtime']}',forbidguestvote='{$vote_db['forbidguestvote']}',votetype='{$vote_db['votetype']}',tplcode='{$tplcode}' WHERE aid='{$aid}'"); @extract($db->get_one("SELECT cid FROM `{$pre}vote_topic` WHERE aid='{$aid}'")); foreach ($votesdb as $key => $v) { $v[title] = filtrate($v[title]); $v[img] = filtrate($v[img]); $v[describes] = filtrate($v[describes]); $v[url] = filtrate($v[url]); if ($v[id]) { $db->query("UPDATE `{$pre}vote_element` SET title='{$v['title']}',list='{$v['list']}',img='{$v['img']}',describes='{$v['describes']}',url='{$v['url']}' WHERE id='{$v['id']}' AND cid='{$cid}'"); } else { $v[title] && $db->query("INSERT INTO `{$pre}vote_element` (`cid` , `title` , `img`, `describes`, `url` ) VALUES ('{$cid}', '{$v['title']}', '{$v['img']}', '{$v['describes']}', '{$v['url']}')"); } } }
jump("修改成功", $FROMURL); } elseif ($job == "list" && $Apower[comment_list]) { !$page && ($page = 1); $rows = 20; $min = ($page - 1) * $rows; $SQL = " WHERE 1 "; if ($aid) { $SQL .= " AND aid='{$aid}' "; } if ($type == 'noyz') { $SQL .= " AND yz='0' "; } $showpage = getpage("{$pre}comment", "{$SQL}", "index.php?lfj={$lfj}&job={$job}&aid={$aid}", "{$rows}"); $query = $db->query(" SELECT * FROM {$pre}comment {$SQL} ORDER BY cid DESC LIMIT {$min},{$rows} "); while ($rs = $db->fetch_array($query)) { $rs[content] = filtrate(get_word($rs[content], 60)); $rs[posttime] = date("Y-m-d", $rs[posttime]); $rs[username] = $rs[username] ? $rs[username] : $rs[ip]; if ($rs[yz] == 1) { $rs[yz] = "<A HREF='index.php?lfj=comment&action=list&jobs=unyz&ciddb[{$rs[cid]}]={$rs['cid']}' style='color:blue;' title='已通过审核,点击取消审核'><img src='../member/images/check_yes.gif'></A>"; } elseif ($rs[yz] == 0) { $rs[yz] = "<A HREF='index.php?lfj=comment&action=list&jobs=yz&ciddb[{$rs[cid]}]={$rs['cid']}' style='color:red;' title='还没通过审核,点击通过审核'><img src='../member/images/check_no.gif'></A>"; } if ($rs[ifcom] == 1) { $rs[com] = "<A HREF='index.php?lfj=comment&action=list&jobs=uncom&ciddb[{$rs[cid]}]={$rs['cid']}' style='color:red;' title='已推荐为精华,点击可取消精华'><img src='../images/default/good_ico.gif'></A>"; } elseif ($rs[ifcom] == 0) { $rs[com] = "<A HREF='index.php?lfj=comment&action=list&jobs=com&ciddb[{$rs[cid]}]={$rs['cid']}' title='非精华,点击可推荐为精华'><img src='../member/images/nogood_ico.gif'></A>"; } $listdb[] = $rs; } require dirname(__FILE__) . "/" . "head.php";
<?php if (!$FROMURL) { //die(); } //$urlstring=mymd5($urlstring,'DE'); $urlstring = filtrate(urldecode($urlstring)); echo "\nvar www_url='{$webdb['www_url']}';\ndocument.write(\"<SCRIPT LANGUAGE='JavaScript' src='{$webdb['www_url']}/images/default/player.js'><\\/SCRIPT>\");\nplayurl='{$urlstring}';\n";
if ($fidDB[fmid] && !$fidDB[config][ListShowType]) { $listTPL = html("list_tpl/mod_{$fidDB['fmid']}"); } if (!$listTPL) { $listTPL = html("list_tpl/0", ROOT_PATH . "template/default/{$fidDB[config][ListShowType]}.htm"); } $atc_content = ''; //跳转到外部地址 if ($fidDB[jumpurl]) { $atc_content = "<META HTTP-EQUIV=REFRESH CONTENT='0;URL={$fidDB['jumpurl']}'>"; $atc_content = str_replace("?", "?&", $atc_content); } //SEO $titleDB[title] = filtrate("{$fidDB['name']} - {$webdb['webname']}"); $titleDB[keywords] = filtrate("{$fidDB['metakeywords']} {$webdb['metakeywords']}"); $titleDB[description] = filtrate("{$fidDB['descrip']}"); $fidDB[style] && ($STYLE = $fidDB[style]); /*模板*/ $FidTpl = unserialize($fidDB[template]); $head_tpl = $FidTpl['head']; $foot_tpl = $FidTpl['foot']; /** *获取标签参数,其他模块的列表可以是$ch='2';$chtype=2,3,4,5,6,7,8,; **/ $chdb[main_tpl] = html("list", $FidTpl['list']); /** *标签 **/ $ch_fid = intval($fidDB[config][label_list]); //是否定义了栏目专用标签 $ch_pagetype = 2;
foreach ($detail as $key => $value) { if (!$value) { unset($detail[$key]); } else { $rs = $db->get_one("SELECT groupid,uid FROM {$pre}memberdata WHERE username='******'"); if (!$rs) { showmsg("你设置的版主:{$value},帐号不存在,或者还没激活帐号.请检查之"); } elseif ($rs[groupid] != 3 && $rs[groupid] != 5 && $rs[groupid] != 4) { //$db->query("UPDATE {$pre}memberdata SET groupid='5' WHERE uid='$rs[uid]' "); } } } $detail && ($postdb[admin] = ',' . implode(',', $detail) . ','); } $postdb[descrip] = En_TruePath($postdb[descrip]); $postdb[name] = filtrate($postdb[name]); $db->query("UPDATE {$pre}fu_sort SET fup='{$postdb['fup']}',name='{$postdb['name']}',type='{$postdb['type']}',admin='{$postdb['admin']}',passwd='{$postdb['passwd']}',logo='{$postdb['logo']}',descrip='{$postdb['descrip']}',style='{$postdb['style']}',template='{$postdb['template']}',jumpurl='{$postdb['jumpurl']}',listorder='{$postdb['listorder']}',maxperpage='{$postdb['maxperpage']}',allowcomment='{$postdb['allowcomment']}',allowpost='{$postdb['allowpost']}',allowviewtitle='{$postdb['allowviewtitle']}',allowviewcontent='{$postdb['allowviewcontent']}',allowdownload='{$postdb['allowdownload']}',forbidshow='{$postdb['forbidshow']}',config='{$postdb['config']}',list_html='{$postdb['list_html']}',bencandy_html='{$postdb['bencandy_html']}',fmid='{$postdb['fmid']}',domain='{$postdb['domain']}',metakeywords='{$postdb['metakeywords']}',domain_dir='{$postdb['domain_dir']}'{$SQL} WHERE fid='{$postdb['fid']}' "); mod_sort_class("{$pre}fu_sort", 0, 0); //更新class mod_sort_sons("{$pre}fu_sort", 0); //更新sons /*更新导航缓存*/ cache_guide(); //get_htmltype(); jump("修改成功", "{$FROMURL}"); } elseif ($job == 'batch_edit' && $Apower[fu_sort_power]) { if (!$fiddb) { showmsg("请选择一个栏目"); } $sort_fup = $Guidedb->Select("{$pre}fu_sort", "postdb[fup]", $rsdb[fup]); $style_select = select_style('postdb[style]', $rsdb[style]);
showerr("联系手机号码不能为空"); } if (!ereg("^1[0-9]{10}\$", $mobphone)) { showerr("手机号码有误"); } $buyer = filtrate($buyer); $sex = filtrate($sex); $telphone = filtrate($telphone); $mobphone = filtrate($mobphone); $email = filtrate($email); $oicq = filtrate($oicq); $postalcode = filtrate($postalcode); $sendType = filtrate($sendType); $payType = filtrate($payType); $address = filtrate($address); $otherSay = filtrate($otherSay); $array = explode(",", $buyid); unset($orderid); $totalmoney = 0; $shopmoney = 0; foreach ($array as $key => $value) { if (!is_numeric($value)) { continue; } if (!$orderid) { $db->query("INSERT INTO `{$pre}shoporderuser` (`uid` , `username` , `truename` , `sex` , `telphone` , `mobphone` , `email` , `oicq` , `postalcode` , `sendtype` , `paytype` , `olpaytype` , `address` , `othersay` , `posttime` ) \n\t\t\t\tVALUES \n\t\t\t('{$lfjuid}','{$lfjid}','{$buyer}','{$sex}','{$telphone}','{$mobphone}','{$email}','{$oicq}','{$postalcode}','{$sendType}','{$payType}','{$olpaytype}','{$address}','{$otherSay}','{$timestamp}')"); @extract($db->get_one("SELECT id AS orderid FROM `{$pre}shoporderuser` ORDER BY id DESC LIMIT 1")); } $erp = get_id_table($value); $rs = $db->get_one("SELECT * FROM {$pre}article{$erp} WHERE aid={$value} "); if ($rs[mid]) {
// showerr("手机号码不符合规则"); // } if (!$postdb[email]) { showerr("邮箱不能为空"); } if ($postdb[email] && !ereg("^[-a-zA-Z0-9_\\.]+\\@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$", $postdb[email])) { showerr("邮箱不符合规则"); } // if($postdb[weburl]&&!eregi(":\/\/",$postdb[weburl])){ // $postdb[weburl]="http://$postdb[weburl]"; // } // if($postdb[blogurl]&&!eregi(":\/\/",$postdb[blogurl])){ // $postdb[blogurl]="http://$postdb[blogurl]"; // } foreach ($postdb as $key => $value) { $postdb[$key] = filtrate($postdb[$key]); } $yz = 0; if ($web_admin) { $yz = 1; } elseif ($webdb[groupPassPassGuestBook]) { $webdb[groupPassPassGuestBook] = explode(",", $webdb[groupPassPassGuestBook]); if (in_array($groupdb[gid], $webdb[groupPassPassGuestBook])) { $yz = 1; } } //过滤不健康的字 // $postdb[content]=replace_bad_word($postdb[content]); // $postdb[username]=replace_bad_word($postdb[username]); //处理有人恶意用他人帐号做署名的 // if($postdb[username]){