Example #1
0
 public function doIndex_BoxPost()
 {
     $rc['login'] = bus('post')['login'];
     $rc['password'] = bus('post')['password'];
     $rc['groupId'] = intval(bus('post')['group']);
     $rc['des'] = bus('post')['des'];
     //addslashes()和stripslashes()
     //监测空值
     if (empty($rc['login']) || empty($rc['login'])) {
         echo json_encode(['code' => -200, 'msg' => '用户名或密码空']);
         exit;
     }
     //监测重复
     $login = saddslashes($rc['login']);
     $sql = "select count(*) from user where login = '******'";
     $num = sapp('db')->getone($sql);
     if ($num) {
         echo json_encode(['code' => -200, 'msg' => '该用户名存在']);
         exit;
     }
     //hash
     $rc['password'] = shamhash($rc['password']);
     //--------------------------------------------------------
     $rc = saddslashes($rc);
     sapp('db')->autoExecute('user', $rc, 'INSERT');
     //--------------------------------------------------------
     echo json_encode(['code' => 200, 'msg' => '-']);
 }
Example #2
0
 function _init_input()
 {
     global $_G;
     if (!MAGIC_QUOTES_GPC) {
         $_GET = saddslashes($_GET);
         $_POST = saddslashes($_POST);
         $_COOKIE = saddslashes($_COOKIE);
         $_FILES = saddslashes($_FILES);
     }
     $prelength = strlen($_G['config']['cookie']['cookiepre']);
     foreach ($_COOKIE as $key => $value) {
         if (substr($key, 0, $prelength) == $_G['config']['cookie']['cookiepre']) {
             $_G['cookie'][substr($key, $prelength)] = $value;
         }
     }
     $_G['inajax'] = empty($_GET['inajax']) ? 0 : intval($_GET['inajax']);
     $_G['page'] = $_GET['page'] = isset($_GET['page']) && intval($_GET['page']) > 0 ? intval($_GET['page']) : 1;
     if (substr($_G['setting']['attachmentdir'], 0, 2) == './') {
         define('A_DIR', B_ROOT . $_G['setting']['attachmentdir']);
     } else {
         define('A_DIR', $_G['setting']['attachmentdir']);
     }
     if (empty($_G['setting']['attachmenturl']) && substr($_G['setting']['attachmentdir'], 0, 2) == './') {
         $_G['setting']['attachmenturl'] = substr($_G['setting']['attachmentdir'], 2);
     }
     if (empty($_G['setting']['attachmenturl'])) {
         $_G['setting']['attachmenturl'] = 'attachments';
     }
     // 外部調用帶絕對地址
     define('A_URL', B_URL . '/' . $_G['setting']['attachmenturl']);
 }
Example #3
0
function saddslashes($string)
{
    if (is_array($string)) {
        foreach ($string as $key => $val) {
            $string[$key] = saddslashes($val);
        }
    } else {
        $string = addslashes($string);
    }
    return $string;
}
Example #4
0
 function xmltag_close($parser, $tag)
 {
     $flag = false;
     switch ($tag) {
         case 'int':
         case 'i4':
             $value = intval(trim($this->xmlmessage->tag_content));
             $flag = true;
             break;
         case 'double':
             $value = (double) trim($this->xmlmessage->tag_content);
             $flag = true;
             break;
         case 'string':
             $value = $this->xmlmessage->tag_content;
             $flag = true;
             break;
         case 'dateTime.iso8601':
             $value = $this->convertDate($this->xmlmessage->tag_content);
             $flag = true;
             break;
         case 'value':
             if (trim($this->xmlmessage->tag_content) != '' || $this->xmlmessage->last_open == 'value') {
                 $value = (string) trim($this->xmlmessage->tag_content);
                 $flag = true;
             }
             break;
         case 'boolean':
             $value = (bool) trim($this->xmlmessage->tag_content);
             $flag = true;
             break;
         case 'base64':
             $value = saddslashes(base64_decode(trim($this->xmlmessage->tag_content)));
             $flag = true;
             break;
         case 'data':
         case 'struct':
             $value = array_pop($this->xmlmessage->structs);
             array_pop($this->xmlmessage->structTypes);
             $flag = true;
             break;
         case 'member':
             array_pop($this->xmlmessage->struct_name);
             break;
         case 'name':
             $this->xmlmessage->struct_name[] = trim($this->xmlmessage->tag_content);
             break;
         case 'methodName':
             $this->xmlmessage->methodname = trim($this->xmlmessage->tag_content);
             break;
     }
     if ($flag) {
         if (count($this->xmlmessage->structs) > 0) {
             if ($this->xmlmessage->structTypes[count($this->xmlmessage->structTypes) - 1] == 'struct') {
                 $this->xmlmessage->structs[count($this->xmlmessage->structs) - 1][$this->xmlmessage->struct_name[count($this->xmlmessage->struct_name) - 1]] = $value;
             } else {
                 $this->xmlmessage->structs[count($this->xmlmessage->structs) - 1][] = $value;
             }
         } else {
             $this->xmlmessage->params[] = $value;
         }
     }
     if (!in_array($tag, array('data', 'struct', 'member'))) {
         $this->xmlmessage->tag_content = '';
     }
 }
Example #5
0
        //附件如何处理?
        if ($value['haveattach']) {
            $subquery = $_SGLOBAL['db']->query("SELECT * FROM {$tpre}attachments WHERE itemid='{$value['itemid']}'");
            while ($subvalue = $_SGLOBAL['db']->fetch_array($subquery)) {
                if (strexists($value['message'], $value['filepath']) || strexists($value['message'], $value['thumbpath'])) {
                    continue;
                }
                if ($subvalue['isimage']) {
                    //图片
                    $value['message'] .= "<div><img src=\"{$_SC[attachurl]}{$subvalue['filepath']}\"></div>";
                } else {
                    $value['message'] .= "<div><strong>文件</strong>: <a href=\"{$_SC[attachurl]}{$subvalue['filepath']}\">{$subvalue['filename']}</a></div>";
                }
            }
        }
        $value = saddslashes($value);
        $setarr = array('blogid' => $value['itemid'], 'uid' => $value['uid'], 'username' => $value['username'], 'subject' => $value['subject'], 'classid' => $value['itemtypeid'], 'viewnum' => $value['viewnum'], 'replynum' => $value['replynum'], 'dateline' => $value['dateline'], 'noreply' => empty($value['allowreply']) ? 1 : 0, 'friend' => $value['folder'] > 1 ? 1 : 0);
        inserttable('blog', $setarr, 0, true);
        $setarr = array('blogid' => $value['itemid'], 'message' => message_replace($value['message']), 'postip' => $value['postip']);
        inserttable('blogfield', $setarr, 0, true);
    }
    show_next('图片主题数据');
} elseif ($_GET['step'] == 13) {
    $msg = <<<EOF
\t<form method="post" action="convert.php">
\t<table>
\t<tr><td colspan="2">数据转换完成!<br><br>
\t最后,请输入你的用户名,系统将您设为UCenter Home的管理员!
\t</td></tr>
\t<tr><td>您的用户名</td><td><input type="text" name="username" value="" size="30"></td></tr>
\t<tr><td></td><td><input type="submit" name="opensubmit" value="设为管理员"></td></tr>
Example #6
0
}
include_once S_ROOT . './function/common.func.php';
@(include_once S_ROOT . './data/system/config.cache.php');
$_SCONFIG = array_merge($_SSCONFIG, $_SC);
//合并配置
extract($_SC);
if (!get_magic_quotes_gpc()) {
    $_GET = saddslashes($_GET);
    $_POST = saddslashes($_POST);
    $_COOKIE = saddslashes($_COOKIE);
}
//COOKIE
$prelength = strlen($_SC['cookiepre']);
foreach ($_COOKIE as $key => $val) {
    if (substr($key, 0, $prelength) == $_SC['cookiepre']) {
        $_SCOOKIE[substr($key, $prelength)] = empty($magic_quote) ? saddslashes($val) : $val;
    }
}
$mtime = explode(' ', microtime());
$_SGLOBAL['supe_starttime'] = $mtime[1] + $mtime[0];
$_SGLOBAL['timestamp'] = time();
$_SGLOBAL['inajax'] = empty($_GET['inajax']) ? 0 : intval($_GET['inajax']);
define('S_URL', $_SC['siteurl']);
define('B_URL', $_SC['bbsurl']);
if (!empty($_SC['bbsver'])) {
    define('B_VER', $_SC['bbsver'] >= 5 ? 5 : $_SC['bbsver']);
}
if (!empty($headercharset)) {
    header('Content-Type: text/html; charset=' . $_SC['charset']);
}
//ONLINE IP
Example #7
0
 function synlogin($get, $post)
 {
     global $_SGLOBAL;
     if (!API_SYNLOGIN) {
         return API_RETURN_FORBIDDEN;
     }
     //note 同步登录 API 接口
     obclean();
     header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
     $cookietime = 31536000;
     $uid = intval($get['uid']);
     $query = $_SGLOBAL['db']->query("SELECT uid, username, password FROM " . tname('member') . " WHERE uid='{$uid}'");
     if ($member = $_SGLOBAL['db']->fetch_array($query)) {
         include_once S_ROOT . './source/function_space.php';
         $member = saddslashes($member);
         $space = insertsession($member);
         //设置cookie
         ssetcookie('auth', authcode("{$member['password']}\t{$member['uid']}", 'ENCODE'), $cookietime);
     }
     ssetcookie('loginuser', $get['username'], $cookietime);
 }
Example #8
0
function getstr($string, $length, $in_slashes = 0, $out_slashes = 0, $censor = 0, $bbcode = 0, $html = 0)
{
    global $_SC, $_SGLOBAL;
    $string = trim($string);
    if ($in_slashes) {
        //传入的字符有slashes
        $string = sstripslashes($string);
    }
    if ($html < 0) {
        //去掉html标签
        $string = preg_replace("/(\\<[^\\<]*\\>|\r|\n|\\s|\\[.+?\\])/is", ' ', $string);
        $string = shtmlspecialchars($string);
    } elseif ($html == 0) {
        //转换html标签
        $string = shtmlspecialchars($string);
    }
    if ($censor) {
        //词语屏蔽
        @(include_once S_ROOT . './data/data_censor.php');
        if ($_SGLOBAL['censor']['banned'] && preg_match($_SGLOBAL['censor']['banned'], $string)) {
            showmessage('information_contains_the_shielding_text');
        } else {
            $string = empty($_SGLOBAL['censor']['filter']) ? $string : @preg_replace($_SGLOBAL['censor']['filter']['find'], $_SGLOBAL['censor']['filter']['replace'], $string);
        }
    }
    if ($length && strlen($string) > $length) {
        //截断字符
        $wordscut = '';
        if (strtolower($_SC['charset']) == 'utf-8') {
            //utf8编码
            $n = 0;
            $tn = 0;
            $noc = 0;
            while ($n < strlen($string)) {
                $t = ord($string[$n]);
                if ($t == 9 || $t == 10 || 32 <= $t && $t <= 126) {
                    $tn = 1;
                    $n++;
                    $noc++;
                } elseif (194 <= $t && $t <= 223) {
                    $tn = 2;
                    $n += 2;
                    $noc += 2;
                } elseif (224 <= $t && $t < 239) {
                    $tn = 3;
                    $n += 3;
                    $noc += 2;
                } elseif (240 <= $t && $t <= 247) {
                    $tn = 4;
                    $n += 4;
                    $noc += 2;
                } elseif (248 <= $t && $t <= 251) {
                    $tn = 5;
                    $n += 5;
                    $noc += 2;
                } elseif ($t == 252 || $t == 253) {
                    $tn = 6;
                    $n += 6;
                    $noc += 2;
                } else {
                    $n++;
                }
                if ($noc >= $length) {
                    break;
                }
            }
            if ($noc > $length) {
                $n -= $tn;
            }
            $wordscut = substr($string, 0, $n);
        } else {
            for ($i = 0; $i < $length - 1; $i++) {
                if (ord($string[$i]) > 127) {
                    $wordscut .= $string[$i] . $string[$i + 1];
                    $i++;
                } else {
                    $wordscut .= $string[$i];
                }
            }
        }
        $string = $wordscut;
    }
    if ($bbcode) {
        include_once S_ROOT . './source/function_bbcode.php';
        $string = bbcode($string, $bbcode);
    }
    if ($out_slashes) {
        $string = saddslashes($string);
    }
    return trim($string);
}
Example #9
0
function uploadfile($valuearr, $mid = 2, $itemid = 0, $havethumb = 1, $width = 100, $height = 100)
{
    global $_G, $_SGLOBAL;
    $setsqlarr = array();
    $hash = getmodelhash($mid, $itemid);
    if (!empty($valuearr)) {
        foreach ($valuearr as $value) {
            if (!preg_match("/^(img|flash|file)\$/i", $value['formtype'])) {
                continue;
            }
            $filearr = $_FILES[$value['fieldname']];
            if (!empty($filearr['name'])) {
                $setsqlarr[$value['fieldname']] = array('fieldcomment' => $value['fieldcomment'], 'filepath' => '', 'error' => '', 'aid' => '');
                if (empty($filearr['size']) || empty($filearr['tmp_name'])) {
                    //獲取上傳文件大小失敗,請選擇其他文件上傳
                    $setsqlarr[$value['fieldname']]['error'] = modelmsg('get_upload_size_error');
                    break;
                }
                $fileext = fileext($filearr['name']);
                if ($value['fieldname'] == 'subjectimage') {
                    $newfilearr = loadClass('attach')->savelocalfile($filearr, array($width, $height), '', 1);
                    //標題圖片上傳
                } else {
                    list($width, $height) = explode(',', $value['thumbsize']);
                    $newfilearr = loadClass('attach')->savelocalfile($filearr, array($width, $height), '', 1);
                    //自定義圖片上傳
                }
                if ($value['formtype'] == 'img') {
                    $attachinfo = @getimagesize(A_DIR . '/' . $newfilearr['file']);
                    if (empty($attachinfo) || $attachinfo[2] < 1 && $attachinfo[2] > 3) {
                        $setsqlarr[$value['fieldname']]['error'] = modelmsg('get_upload_size_error');
                        @unlink(A_DIR . '/' . $newfilearr['file']);
                        if ($newfilearr['thumb'] != $newfilearr['file']) {
                            @unlink(A_DIR . '/' . $newfilearr['thumb']);
                        }
                        break;
                    }
                }
                if (empty($newfilearr['file'])) {
                    //上傳文件失敗,請您稍後嘗試重新上傳
                    $setsqlarr[$value['fieldname']]['error'] = modelmsg('upload_error');
                    break;
                }
                //數據庫
                $insertsqlarr = array('uid' => $_G['uid'], 'dateline' => $_G['timestamp'], 'filename' => saddslashes($filearr['name']), 'subject' => $value['fieldname'], 'attachtype' => $fileext, 'isimage' => in_array($fileext, array('jpg', 'jpeg', 'gif', 'png')) ? 1 : 0, 'size' => $filearr['size'], 'filepath' => $newfilearr['file'], 'thumbpath' => $newfilearr['thumb'], 'hash' => $hash);
                $aid = inserttable('attachments', $insertsqlarr, 1);
                $setsqlarr[$value['fieldname']]['filepath'] = $value['formtype'] != 'file' ? $newfilearr['file'] : $aid;
                $setsqlarr[$value['fieldname']]['aid'] = $aid;
            }
        }
    }
    return $setsqlarr;
}
Example #10
0
/**
 * 用户输入转义
 */
function saddslashes($string)
{
    if (!get_magic_quotes_gpc()) {
        if (is_array($string)) {
            foreach ($string as $key => $val) {
                $string[$key] = saddslashes($val);
            }
        } else {
            $string = addslashes($string);
        }
    }
    return $string;
}
Example #11
0
function saveurlarr($msgarr, $varname)
{
    global $_SGLOBAL;
    global $thevalue, $_SCONFIG;
    include_once S_ROOT . './function/upload.func.php';
    $isimage = 0;
    if ($varname == 'picarr') {
        $isimage = 1;
    }
    if (!empty($msgarr[$varname]) && is_array($msgarr[$varname])) {
        foreach ($msgarr[$varname] as $ukey => $url) {
            if ($isimage) {
                $patharr = saveremotefile($url, $_SCONFIG['thumbarray']['news']);
            } else {
                $patharr = saveremotefile($url, array(), 0);
            }
            $subject = strtolower(trim(substr($patharr['name'], 0, strrpos($patharr['name'], '.'))));
            $msgarr['patharr'][] = array('uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp'], 'catid' => $msgarr['importcatid'], 'itemid' => 0, 'filename' => saddslashes($patharr['name']), 'subject' => trim(shtmlspecialchars($subject)), 'attachtype' => $patharr['type'], 'type' => 'news', 'isimage' => in_array($patharr['type'], array('jpg', 'jpeg', 'gif', 'png')) ? 1 : 0, 'size' => $patharr['size'], 'filepath' => $patharr['file'], 'thumbpath' => $patharr['thumb'], 'isavailable' => 1, 'hash' => '');
            if (!empty($patharr['file'])) {
                $msgarr['message'] = str_replace($url, A_URL . '/' . $patharr['file'], $msgarr['message']);
                $msgarr[$varname][$ukey] = str_replace($url, A_DIR . '/' . $patharr['file'], $msgarr[$varname][$ukey]);
            }
        }
    }
    return $msgarr;
}
Example #12
0
        } else {
            if (in_array($return, array(-1, -2, -3, -4))) {
                showmessage('message_can_not_send' . abs($return));
            } else {
                showmessage('message_can_not_send');
            }
        }
    }
} elseif ($_GET['op'] == 'ignore') {
    if (submitcheck('ignoresubmit')) {
        uc_pm_blackls_set($_SGLOBAL['supe_uid'], $_POST['ignorelist']);
        showmessage('do_success', 'space.php?do=pm&view=ignore');
    }
} else {
    //新用户见习
    cknewuser();
    if (!checkperm('allowpm')) {
        ckspacelog();
        showmessage('no_privilege');
    }
    //发送
    $friends = array();
    if ($space['friendnum']) {
        $query = $_SGLOBAL['db']->query("SELECT fuid AS uid, fusername AS username FROM " . tname('friend') . " WHERE uid={$_SGLOBAL['supe_uid']} AND status='1' ORDER BY num DESC, dateline DESC LIMIT 0,100");
        while ($value = $_SGLOBAL['db']->fetch_array($query)) {
            $value['username'] = saddslashes($value['username']);
            $friends[] = $value;
        }
    }
}
include_once template("cp_pm");
Example #13
0
     $comment['ip'] = preg_replace("/^(\\d{1,3})\\.(\\d{1,3})\\.\\d{1,3}\\.\\d{1,3}\$/", "\$1.\$2.*.*", $comment['ip']);
     $html = '<div id="cid_{cid}_' . $comment['floornum'] . '_title" class="old_title"><span class="author">' . $_G['setting']['sitename'];
     if (!$comment['hidelocation']) {
         $html .= $comment['iplocation'] != 'LAN' ? $comment['iplocation'] : $lang['mars'];
     }
     $html .= $lang['visitor'];
     if (!empty($comment['authorid']) && !$comment['hideauthor']) {
         $html .= " [{$comment['author']}] ";
     }
     if (!$comment['hideip']) {
         $html .= " ({$comment['ip']}) ";
     }
     $html .= $lang['from_the_original_note'] . '</span><span class="color_red">' . $comment['floornum'] . '</span></div>';
     $comment['message'] = str_replace('<div class="new"', $html . '<div id="cid_{cid}_' . $comment['floornum'] . '_detail" class="detail"', $comment['message']);
     $comment['message'] = '<div id="cid_{cid}_' . $comment['floornum'] . '" class="old">' . $comment['message'] . '</div>';
     $comment['message'] = saddslashes($comment['message']);
     $_POST['message'] = $comment['message'] . $_POST['commentmessage'];
 }
 //回複詞語屏蔽
 $_POST['commentmessage'] = censor($_POST['commentmessage']);
 $shopuid = getshopuid($type);
 $subtype = !empty($commentscorestr) ? '1' : '0';
 $setsqlarr = array('itemid' => $itemid, 'type' => $type, 'uid' => $item['uid'], 'authorid' => $_G['uid'], 'author' => $_G['username'], 'ip' => $_G['clientip'], 'dateline' => $_G['timestamp'], 'subject' => '', 'message' => $_POST['commentmessage'], 'floornum' => $comment['floornum'], 'hideauthor' => $_POST['hideauthor'], 'hideip' => $_POST['hideip'], 'hidelocation' => $_POST['hidelocation'], 'firstcid' => $comment['firstcid'], 'upcid' => $upcid, 'shopuid' => $shopuid, 'status' => 1, 'isprivate' => $isprivate, 'subtype' => $subtype);
 $cid = inserttable('spacecomments', $setsqlarr, 1);
 if ($cid && !empty($commentscorestr)) {
     $commentscore = $score = 0;
     $commentscorearr = array();
     for ($i = 1; $i <= 8; $i++) {
         if (strpos($commentscorestr, '1' . $i . '@')) {
             $commentscore = substr($commentscorestr, strpos($commentscorestr, '@1' . $i . '@') + 4, 1);
             if (is_numeric($commentscore) && $commentscore <= 5 && $commentscore > 0) {
Example #14
0
function feed_publish($id, $idtype, $add = 0)
{
    global $_SGLOBAL;
    $setarr = array();
    switch ($idtype) {
        case 'blogid':
            $query = $_SGLOBAL['db']->query("SELECT b.*, bf.* FROM " . tname('blog') . " b\r\n\t\t\t\tLEFT JOIN " . tname('blogfield') . " bf ON bf.blogid=b.blogid\r\n\t\t\t\tWHERE b.blogid='{$id}'");
            if ($value = $_SGLOBAL['db']->fetch_array($query)) {
                if ($value['friend'] != 3) {
                    //
                    $setarr['icon'] = 'blog';
                    $setarr['id'] = $value['blogid'];
                    $setarr['idtype'] = $idtype;
                    $setarr['uid'] = $value['uid'];
                    $setarr['username'] = $value['username'];
                    $setarr['dateline'] = $value['dateline'];
                    $setarr['target_ids'] = $value['target_ids'];
                    $setarr['friend'] = $value['friend'];
                    $setarr['hot'] = $value['hot'];
                    //ϸ
                    $url = "space.php?uid={$value['uid']}&do=blog&id={$value['blogid']}";
                    if ($value['friend'] == 4) {
                        //
                        $setarr['title_template'] = cplang('feed_blog_password');
                        $setarr['title_data'] = array('subject' => "<a href=\"{$url}\">{$value['subject']}</a>");
                    } else {
                        //˽
                        if ($value['pic']) {
                            $setarr['image_1'] = pic_cover_get($value['pic'], $value['picflag']);
                            $setarr['image_1_link'] = $url;
                        }
                        $setarr['title_template'] = cplang('feed_blog');
                        $setarr['body_template'] = '<b>{subject}</b><br>{summary}';
                        $setarr['body_data'] = array('subject' => "<a href=\"{$url}\">{$value['subject']}</a>", 'summary' => getstr($value['message'], 150, 1, 1, 0, 0, -1));
                    }
                }
            }
            break;
        case 'albumid':
            $key = 1;
            if ($id > 0) {
                $query = $_SGLOBAL['db']->query("SELECT p.*, a.username, a.albumname, a.picnum, a.friend, a.target_ids FROM " . tname('pic') . " p\r\n\t\t\t\t\tLEFT JOIN " . tname('album') . " a ON a.albumid=p.albumid\r\n\t\t\t\t\tWHERE p.albumid='{$id}' ORDER BY dateline DESC LIMIT 0,4");
                while ($value = $_SGLOBAL['db']->fetch_array($query)) {
                    if ($value['friend'] <= 2) {
                        if (empty($setarr['icon'])) {
                            //
                            $setarr['icon'] = 'album';
                            $setarr['id'] = $value['albumid'];
                            $setarr['idtype'] = $idtype;
                            $setarr['uid'] = $value['uid'];
                            $setarr['username'] = $value['username'];
                            $setarr['dateline'] = $value['dateline'];
                            $setarr['target_ids'] = $value['target_ids'];
                            $setarr['friend'] = $value['friend'];
                            //ϸ
                            $setarr['title_template'] = '{actor} ' . cplang('upload_album');
                            $setarr['body_template'] = '<b>{album}</b><br>' . cplang('the_total_picture', array('{picnum}'));
                            $setarr['body_data'] = array('album' => "<a href=\"space.php?uid={$value['uid']}&do=album&id={$value['albumid']}\">{$value['albumname']}</a>", 'picnum' => $value['picnum']);
                        }
                        $setarr['image_' . $key] = pic_get($value['filepath'], $value['thumb'], $value['remote']);
                        $setarr['image_' . $key . '_link'] = "space.php?uid={$value['uid']}&do=album&picid={$value['picid']}";
                        $key++;
                    } else {
                        break;
                    }
                }
            } else {
                //Ĭ album
                $picnum = $_SGLOBAL['db']->result($_SGLOBAL['db']->query("SELECT COUNT(*) FROM " . tname('pic') . " WHERE uid='{$_SGLOBAL['supe_uid']}' AND albumid='0'"), 0);
                if ($picnum >= 1) {
                    $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE uid='{$_SGLOBAL['supe_uid']}' AND albumid='0' ORDER BY dateline DESC LIMIT 0,4");
                    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
                        if (empty($setarr['icon'])) {
                            //
                            $setarr['icon'] = 'album';
                            $setarr['uid'] = $value['uid'];
                            $setarr['username'] = $_SGLOBAL['supe_username'];
                            $setarr['dateline'] = $value['dateline'];
                            //ϸ
                            $setarr['title_template'] = '{actor} ' . cplang('upload_album');
                            $setarr['body_template'] = '<b>{album}</b><br>' . cplang('the_total_picture', array('{picnum}'));
                            $setarr['body_data'] = array('album' => "<a href=\"space.php?uid={$value['uid']}&do=album&id=-1\">" . cplang('default_albumname') . "</a>", 'picnum' => $picnum);
                        }
                        $setarr['image_' . $key] = pic_get($value['filepath'], $value['thumb'], $value['remote']);
                        $setarr['image_' . $key . '_link'] = "space.php?uid={$value['uid']}&do=album&picid={$value['picid']}";
                        $key++;
                    }
                }
            }
            break;
        case 'picid':
            $plussql = $id > 0 ? "p.picid='{$id}'" : "p.uid='{$_SGLOBAL['supe_uid']}' ORDER BY dateline DESC LIMIT 1";
            $query = $_SGLOBAL['db']->query("SELECT p.*, a.friend, a.target_ids, s.username FROM " . tname('pic') . " p\r\n\t\t\t\tLEFT JOIN " . tname('space') . " s ON s.uid=p.uid\r\n\t\t\t\tLEFT JOIN " . tname('album') . " a ON a.albumid=p.albumid WHERE {$plussql}");
            if ($value = $_SGLOBAL['db']->fetch_array($query)) {
                if (empty($value['friend'])) {
                    // privacy
                    //
                    $setarr['icon'] = 'album';
                    $setarr['id'] = $value['picid'];
                    $setarr['idtype'] = $idtype;
                    $setarr['uid'] = $value['uid'];
                    $setarr['username'] = $value['username'];
                    $setarr['dateline'] = $value['dateline'];
                    $setarr['target_ids'] = $value['target_ids'];
                    $setarr['friend'] = $value['friend'];
                    $setarr['hot'] = $value['hot'];
                    //ϸ
                    $url = "space.php?uid={$value['uid']}&do=album&picid={$value['picid']}";
                    $setarr['image_1'] = pic_get($value['filepath'], $value['thumb'], $value['remote']);
                    $setarr['image_1_link'] = $url;
                    $setarr['title_template'] = '{actor} ' . cplang('upload_a_new_picture');
                    $setarr['body_template'] = '{title}';
                    $setarr['body_data'] = array('title' => $value['title']);
                }
            }
            break;
        case 'tid':
            $query = $_SGLOBAL['db']->query("SELECT t.*, p.* FROM " . tname('thread') . " t\r\n\t\t\t\tLEFT JOIN " . tname('post') . " p ON p.tid=t.tid AND p.isthread='1'\r\n\t\t\t\tWHERE t.tid='{$id}'");
            if ($value = $_SGLOBAL['db']->fetch_array($query)) {
                //
                $setarr['icon'] = 'thread';
                $setarr['id'] = $value['tid'];
                $setarr['idtype'] = $idtype;
                $setarr['uid'] = $value['uid'];
                $setarr['username'] = $value['username'];
                $setarr['dateline'] = $value['dateline'];
                $setarr['hot'] = $value['hot'];
                //ϸ
                $url = "space.php?uid={$value['uid']}&do=thread&id={$value['tid']}";
                if ($value['eventid']) {
                    // event
                    $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("event") . " WHERE eventid='{$value['eventid']}'");
                    $event = $_SGLOBAL['db']->fetch_array($query);
                    $setarr['title_template'] = cplang('feed_eventthread');
                    $setarr['body_template'] = '<b>{subject}</b><br>' . cplang('event') . ': {event}<br>{summary}';
                    $setarr['body_data'] = array('subject' => "<a href=\"{$url}&eventid={$value['eventid']}\">{$value['subject']}</a>", 'event' => "<a href=\"space.php?do=event&id={$value['eventid']}\">{$event['title']}</a>", 'summary' => getstr($value['message'], 150, 1, 1, 0, 0, -1));
                } else {
                    $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("mtag") . " WHERE tagid='{$value['tagid']}'");
                    $mtag = $_SGLOBAL['db']->fetch_array($query);
                    $setarr['title_template'] = cplang('feed_thread');
                    $setarr['body_template'] = '<b>{subject}</b><br>' . cplang('mtag') . ': {mtag}<br>{summary}';
                    $setarr['body_data'] = array('subject' => "<a href=\"{$url}\">{$value['subject']}</a>", 'mtag' => "<a href=\"space.php?do=mtag&tagid={$value['tagid']}\">{$mtag['tagname']}</a>", 'summary' => getstr($value['message'], 150, 1, 1, 0, 0, -1));
                }
            }
            break;
        case 'pid':
            $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('poll') . " WHERE pid='{$id}'");
            if ($value = $_SGLOBAL['db']->fetch_array($query)) {
                //
                $setarr['icon'] = 'poll';
                $setarr['id'] = $value['pid'];
                $setarr['idtype'] = $idtype;
                $setarr['uid'] = $value['uid'];
                $setarr['username'] = $value['username'];
                $setarr['dateline'] = $value['dateline'];
                $setarr['hot'] = $value['hot'];
                //ϸ
                $url = "space.php?uid={$value['uid']}&do=poll&pid={$value['pid']}";
                $setarr['title_template'] = cplang('feed_poll');
                $setarr['body_template'] = '<a href="{url}"><strong>{subject}</strong></a>{option}';
                $optionstr = '';
                $opquery = $_SGLOBAL['db']->query("SELECT * FROM " . tname("polloption") . " WHERE pid='{$value['pid']}' LIMIT 0,2");
                while ($opt = $_SGLOBAL['db']->fetch_array($opquery)) {
                    $optionstr .= '<br><input type="' . ($value['maxchoice'] > 1 ? 'checkbox' : 'radio') . '" disabled name="poll_' . $opt['oid'] . '"/>' . $opt['option'];
                }
                $setarr['body_data'] = array('url' => $url, 'subject' => $value['subject'], 'option' => $optionstr);
                $setarr['body_general'] = $value['percredit'] ? cplang('reward_info', array($value['percredit'])) : '';
            }
            break;
        case 'eventid':
            $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('event') . " WHERE eventid='{$id}'");
            if ($value = $_SGLOBAL['db']->fetch_array($query)) {
                //
                $setarr['icon'] = 'event';
                $setarr['id'] = $value['eventid'];
                $setarr['idtype'] = $idtype;
                $setarr['uid'] = $value['uid'];
                $setarr['username'] = $value['username'];
                $setarr['dateline'] = $value['dateline'];
                $setarr['hot'] = $value['hot'];
                //ϸ
                $url = "space.php?do=event&id={$value['eventid']}";
                $setarr['title_template'] = cplang('event_add');
                $setarr['body_template'] = cplang('event_feed_info');
                $setarr['body_data'] = array('title' => "<a href=\"{$url}\">{$value['title']}</a>", 'country' => $value['country'], 'province' => $value['province'], 'city' => $value['city'], 'location' => $value['location'], 'starttime' => sgmdate('m-d H:i', $value['starttime']), 'endtime' => sgmdate('m-d H:i', $value['endtime']));
                //
                if ($value['poster']) {
                    $setarr['image_1'] = pic_get($value['poster'], $value['thumb'], $value['remote']);
                    $setarr['image_1_link'] = $url;
                }
            }
            break;
        case 'sid':
            $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('share') . " WHERE sid='{$id}'");
            if ($value = $_SGLOBAL['db']->fetch_array($query)) {
                //
                $setarr['icon'] = 'share';
                $setarr['id'] = $value['sid'];
                $setarr['idtype'] = $idtype;
                $setarr['uid'] = $value['uid'];
                $setarr['username'] = $value['username'];
                $setarr['dateline'] = $value['dateline'];
                $setarr['hot'] = $value['hot'];
                //ϸ
                $url = "space.php?uid={$value['uid']}&do=share&id={$value['sid']}";
                $setarr['title_template'] = '{actor} ' . $value['title_template'];
                $setarr['body_template'] = $value['body_template'];
                $setarr['body_data'] = $value['body_data'];
                $setarr['body_general'] = $value['body_general'];
                $setarr['image_1'] = $value['image'];
                $setarr['image_1_link'] = $value['image_link'];
            }
            break;
    }
    if ($setarr['icon']) {
        $setarr['appid'] = UC_APPID;
        //ݴ
        $setarr['title_data'] = serialize($setarr['title_data']);
        // groups ת
        if ($idtype != 'sid') {
            $setarr['body_data'] = serialize($setarr['body_data']);
            // groups ת
        }
        $setarr['hash_template'] = md5($setarr['title_template'] . "\t" . $setarr['body_template']);
        //ϲhash
        $setarr['hash_data'] = md5($setarr['title_template'] . "\t" . $setarr['title_data'] . "\t" . $setarr['body_template'] . "\t" . $setarr['body_data']);
        //ϲhash
        $setarr = saddslashes($setarr);
        $feedid = 0;
        if (!$add && $setarr['id']) {
            $query = $_SGLOBAL['db']->query("SELECT feedid FROM " . tname('feed') . " WHERE id='{$id}' AND idtype='{$idtype}'");
            $feedid = $_SGLOBAL['db']->result($query, 0);
        }
        if ($feedid) {
            updatetable('feed', $setarr, array('feedid' => $feedid));
        } else {
            inserttable('feed', $setarr);
        }
    }
}
Example #15
0
 $failingmail = array();
 foreach ($mails as $key => $value) {
     $value = trim($value);
     if (empty($value) || !isemail($value)) {
         $failingmail[] = $value;
         continue;
     }
     if ($reward['credit']) {
         //计算积分扣减积分
         $credit = intval($reward['credit']) * ($invitenum + 1);
         if (!isemail($value) || $reward['credit'] && $credit > $space['credit']) {
             $failingmail[] = $value;
             continue;
         }
         $code = strtolower(random(6));
         $setarr = array('uid' => $_SGLOBAL['supe_uid'], 'code' => $code, 'email' => saddslashes($value), 'type' => 1);
         $id = inserttable('invite', $setarr, 1);
         if ($id) {
             $mailvar[4] = "{$siteurl}invite.php?{$id}{$code}{$inviteapp}";
             // $mailvar[4] = "http://openid.enjoyoung.cn/account/new?{$id}{$code}{$inviteapp}&amp;renturn_to=uchome";
             createmail($value, $mailvar);
             $invitenum++;
         } else {
             $failingmail[] = $value;
         }
     } else {
         $mailvar[4] = "{$siteurl}invite.php?u={$space['uid']}&amp;c={$invite_code}{$inviteapp}";
         // $mailvar[4] = "http://openid.enjoyoung.cn/account/new?u=$space[uid]&amp;c=$invite_code{$inviteapp}&amp;renturn_to=uchome";
         if ($appid) {
             $mailvar[6] = $appinfo['appname'];
         }
Example #16
0
function deletespace($uid, $force = 0)
{
    global $_SGLOBAL, $_SC, $_SCONFIG;
    $delspace = array();
    $allowmanage = checkperm('managedelspace');
    $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('space') . " WHERE uid='{$uid}'");
    if ($value = $_SGLOBAL['db']->fetch_array($query)) {
        if ($force || $allowmanage && $value['uid'] != $_SGLOBAL['supe_uid']) {
            $delspace = $value;
            //如果不是强制删除则入删除记录表
            if (!$force) {
                $setarr = array('uid' => $value['uid'], 'username' => saddslashes($value['username']), 'opuid' => $_SGLOBAL['supe_uid'], 'opusername' => $_SGLOBAL['supe_username'], 'flag' => '-1', 'dateline' => $_SGLOBAL['timestamp']);
                inserttable('spacelog', $setarr, 0, true);
            }
        }
    }
    if (empty($delspace)) {
        return array();
    }
    //履盖权限设置
    $_SGLOBAL['usergroup'][$_SGLOBAL['member']['groupid']]['managebatch'] = 1;
    //space
    $_SGLOBAL['db']->query("DELETE FROM " . tname('space') . " WHERE uid='{$uid}'");
    //spacefield
    $_SGLOBAL['db']->query("DELETE FROM " . tname('spacefield') . " WHERE uid='{$uid}'");
    //feed
    $_SGLOBAL['db']->query("DELETE FROM " . tname('feed') . " WHERE uid='{$uid}' OR (id='{$uid}' AND idtype='uid')");
    //记录
    $doids = array();
    $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('doing') . " WHERE uid='{$uid}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $doids[$value['doid']] = $value['doid'];
    }
    $_SGLOBAL['db']->query("DELETE FROM " . tname('doing') . " WHERE uid='{$uid}'");
    //删除记录回复
    $_SGLOBAL['db']->query("DELETE FROM " . tname('docomment') . " WHERE doid IN (" . simplode($doids) . ") OR uid='{$uid}'");
    //分享
    $_SGLOBAL['db']->query("DELETE FROM " . tname('share') . " WHERE uid='{$uid}'");
    //数据
    $_SGLOBAL['db']->query("DELETE FROM " . tname('album') . " WHERE uid='{$uid}'");
    //删除积分记录
    $_SGLOBAL['db']->query("DELETE FROM " . tname('creditlog') . " WHERE uid='{$uid}'");
    //删除通知
    $_SGLOBAL['db']->query("DELETE FROM " . tname('notification') . " WHERE (uid='{$uid}' OR authorid='{$uid}')");
    //删除打招呼
    $_SGLOBAL['db']->query("DELETE FROM " . tname('poke') . " WHERE (uid='{$uid}' OR fromuid='{$uid}')");
    //删除他仓建的投票
    $pollid = array();
    $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('poll') . " WHERE uid='{$uid}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $pollid[$value['pid']] = $value['pid'];
    }
    deletepolls($pollid);
    //删除他参与的投票
    $pollid = array();
    $query = $_SGLOBAL['db']->query("SELECT pid FROM " . tname('polluser') . " WHERE uid='{$uid}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $pollid[$value['pid']] = $value['pid'];
    }
    //扣除投票数
    if ($pollid) {
        $_SGLOBAL['db']->query("UPDATE " . tname('poll') . " SET voternum=voternum-1 WHERE pid IN (" . simplode($pollid) . ")");
    }
    $_SGLOBAL['db']->query("DELETE FROM " . tname('polluser') . " WHERE uid='{$uid}'");
    //活动
    $ids = array();
    $query = $_SGLOBAL['db']->query('SELECT eventid FROM ' . tname('event') . " WHERE uid = '{$uid}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $ids[] = $value['eventid'];
    }
    deleteevents($ids);
    //删除他参加的活动
    $ids = $ids1 = $ids2 = array();
    $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('userevent') . " WHERE uid = '{$uid}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        if ($value['status'] == 1) {
            $ids1[] = $value['eventid'];
            //关注
        } elseif ($value['status'] > 1) {
            $ids2[] = $value['eventid'];
            //参加
        }
        $ids[] = $value['eventid'];
    }
    if ($ids1) {
        $_SGLOBAL['db']->query('UPDATE ' . tname('event') . ' SET follownum = follownum - 1 WHERE eventid IN (' . simplode($ids1) . ')');
    }
    if ($ids2) {
        $_SGLOBAL['db']->query('UPDATE ' . tname('event') . ' SET membernum = membernum - 1 WHERE eventid IN (' . simplode($ids2) . ')');
        // to to: 最好还要检查并减去他携带的人数
    }
    if ($ids) {
        $_SGLOBAL['db']->query('DELETE FROM ' . tname('userevent') . ' WHERE eventid IN (' . simplode($ids) . ") AND uid = '{$uid}'");
    }
    //删除相关活动邀请
    $_SGLOBAL['db']->query('DELETE FROM ' . tname('eventinvite') . " WHERE uid = '{$uid}' OR touid = '{$uid}'");
    //删除上传的活动图片
    $_SGLOBAL['db']->query('DELETE FROM ' . tname('eventpic') . " WHERE picid = '{$uid}'");
    //to do: 最好同时更新活动图片数和活动话题数
    //道具
    $_SGLOBAL['db']->query('DELETE FROM ' . tname('usermagic') . " WHERE uid = '{$uid}'");
    $_SGLOBAL['db']->query('DELETE FROM ' . tname('magicinlog') . " WHERE uid = '{$uid}'");
    $_SGLOBAL['db']->query('DELETE FROM ' . tname('magicuselog') . " WHERE uid = '{$uid}'");
    //pic
    //删除图片附件
    $pics = array();
    $query = $_SGLOBAL['db']->query("SELECT filepath FROM " . tname('pic') . " WHERE uid='{$uid}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $pics[] = $value;
    }
    //数据
    $_SGLOBAL['db']->query("DELETE FROM " . tname('pic') . " WHERE uid='{$uid}'");
    //blog
    $blogids = array();
    $query = $_SGLOBAL['db']->query("SELECT blogid FROM " . tname('blog') . " WHERE uid='{$uid}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $blogids[$value['blogid']] = $value['blogid'];
        //tag
        $tags = array();
        $subquery = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM " . tname('tagblog') . " WHERE blogid='{$value['blogid']}'");
        while ($tag = $_SGLOBAL['db']->fetch_array($subquery)) {
            $tags[$tag['tagid']] = $tag['tagid'];
        }
        if ($tags) {
            $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET blognum=blognum-1 WHERE tagid IN (" . simplode($tags) . ")");
            $_SGLOBAL['db']->query("DELETE FROM " . tname('tagblog') . " WHERE blogid='{$value['blogid']}'");
        }
    }
    //数据删除
    $_SGLOBAL['db']->query("DELETE FROM " . tname('blog') . " WHERE uid='{$uid}'");
    $_SGLOBAL['db']->query("DELETE FROM " . tname('blogfield') . " WHERE uid='{$uid}'");
    //bwzt
    $bwztids = array();
    $query = $_SGLOBAL['db']->query("SELECT bwztid FROM " . tname('bwzt') . " WHERE uid='{$uid}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $bwztids[$value['bwztid']] = $value['bwztid'];
        //tag
        $tags = array();
        $subquery = $_SGLOBAL['db']->query("SELECT tagid, bwztid FROM " . tname('tagbwzt') . " WHERE bwztid='{$value['bwztid']}'");
        while ($tag = $_SGLOBAL['db']->fetch_array($subquery)) {
            $tags[$tag['tagid']] = $tag['tagid'];
        }
        if ($tags) {
            $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET bwztnum=bwztnum-1 WHERE tagid IN (" . simplode($tags) . ")");
            $_SGLOBAL['db']->query("DELETE FROM " . tname('tagbwzt') . " WHERE bwztid='{$value['bwztid']}'");
        }
    }
    //数据删除
    $_SGLOBAL['db']->query("DELETE FROM " . tname('bwzt') . " WHERE uid='{$uid}'");
    $_SGLOBAL['db']->query("DELETE FROM " . tname('bwztfield') . " WHERE uid='{$uid}'");
    //评论
    $_SGLOBAL['db']->query("DELETE FROM " . tname('comment') . " WHERE (uid='{$uid}' OR authorid='{$uid}' OR (id='{$uid}' AND idtype='uid'))");
    //访客
    $_SGLOBAL['db']->query("DELETE FROM " . tname('visitor') . " WHERE (uid='{$uid}' OR vuid='{$uid}')");
    //删除任务记录
    $_SGLOBAL['db']->query("DELETE FROM " . tname('usertask') . " WHERE uid='{$uid}'");
    //class
    $_SGLOBAL['db']->query("DELETE FROM " . tname('class') . " WHERE uid='{$uid}'");
    //friend
    //好友
    $_SGLOBAL['db']->query("DELETE FROM " . tname('friend') . " WHERE (uid='{$uid}' OR fuid='{$uid}')");
    //member
    $_SGLOBAL['db']->query("DELETE FROM " . tname('member') . " WHERE uid='{$uid}'");
    //删除脚印
    $_SGLOBAL['db']->query("DELETE FROM " . tname('clickuser') . " WHERE uid='{$uid}'");
    //删除黑名单
    $_SGLOBAL['db']->query("DELETE FROM " . tname('blacklist') . " WHERE (uid='{$uid}' OR buid='{$uid}')");
    //删除邀请记录
    $_SGLOBAL['db']->query("DELETE FROM " . tname('invite') . " WHERE (uid='{$uid}' OR fuid='{$uid}')");
    //删除邮件队列
    $_SGLOBAL['db']->query("DELETE FROM " . tname('mailcron') . ", " . tname('mailqueue') . " USING " . tname('mailcron') . ", " . tname('mailqueue') . " WHERE " . tname('mailcron') . ".touid='{$uid}' AND " . tname('mailcron') . ".cid=" . tname('mailqueue') . ".cid");
    //漫游邀请
    $_SGLOBAL['db']->query("DELETE FROM " . tname('myinvite') . " WHERE (touid='{$uid}' OR fromuid='{$uid}')");
    $_SGLOBAL['db']->query("DELETE FROM " . tname('userapp') . " WHERE uid='{$uid}'");
    $_SGLOBAL['db']->query("DELETE FROM " . tname('userappfield') . " WHERE uid='{$uid}'");
    //mtag
    //thread
    $tids = array();
    $query = $_SGLOBAL['db']->query("SELECT tid, tagid FROM " . tname('thread') . " WHERE uid='{$uid}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $tids[$value['tagid']][] = $value['tid'];
    }
    foreach ($tids as $tagid => $v_tids) {
        deletethreads($tagid, $v_tids);
    }
    //post
    $pids = array();
    $query = $_SGLOBAL['db']->query("SELECT pid, tagid FROM " . tname('post') . " WHERE uid='{$uid}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $pids[$value['tagid']][] = $value['pid'];
    }
    foreach ($pids as $tagid => $v_pids) {
        deleteposts($tagid, $v_pids);
    }
    $_SGLOBAL['db']->query("DELETE FROM " . tname('thread') . " WHERE uid='{$uid}'");
    $_SGLOBAL['db']->query("DELETE FROM " . tname('post') . " WHERE uid='{$uid}'");
    //session
    $_SGLOBAL['db']->query("DELETE FROM " . tname('session') . " WHERE uid='{$uid}'");
    //排行榜
    $_SGLOBAL['db']->query("DELETE FROM " . tname('show') . " WHERE uid='{$uid}'");
    //群组
    $mtagids = array();
    $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('tagspace') . " WHERE uid='{$uid}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $mtagids[$value['tagid']] = $value['tagid'];
    }
    if ($mtagids) {
        $_SGLOBAL['db']->query("UPDATE " . tname('mtag') . " SET membernum=membernum-1 WHERE tagid IN (" . simplode($mtagids) . ")");
        $_SGLOBAL['db']->query("DELETE FROM " . tname('tagspace') . " WHERE uid='{$uid}'");
    }
    $_SGLOBAL['db']->query("DELETE FROM " . tname('mtaginvite') . " WHERE (uid='{$uid}' OR fromuid='{$uid}')");
    //删除图片
    deletepicfiles($pics);
    //删除图片
    //删除举报
    $_SGLOBAL['db']->query("DELETE FROM " . tname('report') . " WHERE id='{$uid}' AND idtype='uid'");
    //变更记录
    if ($_SCONFIG['my_status']) {
        inserttable('userlog', array('uid' => $uid, 'action' => 'delete', 'dateline' => $_SGLOBAL['timestamp']), 0, true);
    }
    return $delspace;
}
Example #17
0
$start = empty($_GET['start']) ? 0 : intval($_GET['start']);
$countnum = 0;
$lastfileid = 0;
$sitemap_path = S_ROOT . './data/sitemap/';
if (!file_exists($sitemap_path)) {
    @mkdir($sitemap_path, '0666');
}
if (submitcheck('thevalue')) {
    if (!preg_match("/^[0-9a-z_]+\$/i", $_POST['mapname']) || strlen($_POST['mapname']) > 50) {
        showmessage('sitemap_name_error');
    }
    $mapdata = addslashes(serialize($sitemapdata));
    $_POST['maptype'] = saddslashes(shtmlspecialchars($_POST['maptype']));
    $_POST['mapnum'] = $_POST['maptype'] == 'google' ? intval($_POST['mapnum_google']) : intval($_POST['mapnum_baidu']);
    $_POST['createtype'] = intval($_POST['createtype']);
    $_POST['changefreq'] = $_POST['maptype'] == 'google' ? saddslashes(shtmlspecialchars($_POST['changefreq_google'])) : saddslashes(shtmlspecialchars($_POST['changefreq_baidu']));
    if (!empty($_POST['slogid'])) {
        $_SGLOBAL['db']->query("UPDATE " . tname('sitemaplogs') . " SET mapname='{$_POST['mapname']}', maptype='{$_POST['maptype']}', mapnum='{$_POST['mapnum']}', createtype='{$_POST['createtype']}', changefreq='{$_POST['changefreq']}' WHERE slogid='{$_POST['slogid']}'");
        showmessage('sitemap_config_update', $theurl);
    } else {
        $query = $_SGLOBAL['db']->query("SELECT count(*) FROM " . tname('sitemaplogs') . " WHERE mapname='{$_POST['mapname']}'");
        if ($value = $_SGLOBAL['db']->result($query, 0)) {
            showmessage('sitemap_name_exists');
        }
        $_SGLOBAL['db']->query("INSERT INTO " . tname('sitemaplogs') . "(mapname, maptype, mapnum, mapdata, createtype, changefreq) VALUES ('{$_POST['mapname']}', '{$_POST['maptype']}', '{$_POST['mapnum']}', '{$mapdata}', '{$_POST['createtype']}', '{$_POST['changefreq']}')");
        showmessage('sitemap_config_add', $theurl);
    }
} elseif (submitcheck('listsubmit')) {
    if (!empty($_POST['slogidarr'])) {
        $slogidarr = implode('\',\'', $_POST['slogidarr']);
        $_SGLOBAL['db']->query('DELETE FROM ' . tname('sitemaplogs') . ' WHERE slogid IN (\'' . $slogidarr . '\')');
Example #18
0
         //µÚÒ»´Î
         $doingnum = getcount('doing', array('uid' => $space['uid']));
         $setarr['doingnum'] = "doingnum='{$doingnum}'";
     } else {
         $setarr['doingnum'] = "doingnum=doingnum+1";
     }
 }
 $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET " . implode(',', $setarr) . " WHERE uid='{$_SGLOBAL['supe_uid']}'");
 $title_template = cplang(cplang('feed_doing_title'));
 $title_data = saddslashes(serialize(sstripslashes(array('message' => $message))));
 $body_template = $body_data = '';
 if ($complainOK) {
     $title_template = cplang(cplang('feed_complain'));
     $title_data = '';
     $body_template = '{message}';
     $body_data = saddslashes(serialize(sstripslashes(array('message' => $message))));
 }
 //ʼþfeed
 if ($add_doing) {
     $ip = getonlineip();
     $ip_detail = getIpDetails();
     $lon = $ip_detail['latitude'];
     $lat = $ip_detail['longitude'];
     $pos = "http://lbs.juhe.cn/api/getaddressbylngb?lngx=" . $lat . "&lngy=" . $lon;
     $opts = array('http' => array('method' => 'GET', 'time' => 1));
     $context = stream_context_create($opts);
     $res = file_get_contents($pos, false, $context);
     $res = json_decode($res, 1);
     $address = $res['row']['result']['formatted_address'];
     if ($picid && $filepath) {
         $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => $title_template, 'title_data' => $title_data, 'body_template' => $body_template, 'body_data' => $body_data, 'id' => $newdoid, 'idtype' => 'doid', 'fromdevice' => 'web', 'image_1' => pic_get($filepath, 1, 0), 'image_1_link' => "space.php?uid={$_SGLOBAL['supe_uid']}&do=album&picid={$picid}", 'ip' => $ip, 'address' => $address);
Example #19
0
/**
 * 模型在线投稿提交处理函数
 */
function modelpost($cacheinfo, $cp = 1)
{
    global $_SGLOBAL, $theurl, $_SCONFIG;
    include_once S_ROOT . './function/upload.func.php';
    $_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0;
    $itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0;
    $hash = '';
    $op = 'add';
    $resultitems = $resultmessage = array();
    $modelsinfoarr = $cacheinfo['models'];
    $columnsinfoarr = $cacheinfo['columns'];
    //获取等级信息
    if ($cacheinfo['models']['modelname'] == 'defect') {
        switch ($_POST['grade']) {
            case 1:
                $_POST['grade'] = '64';
                break;
            case 2:
                $_POST['grade'] = '32';
                break;
            case 3:
                $_POST['grade'] = '16';
                break;
            case 4:
                $_POST['grade'] = '9';
                break;
            case 5:
                $_POST['grade'] = '4';
                break;
            case 6:
                $_POST['grade'] = '1';
                break;
            case 7:
                $_POST['grade'] = '-1';
                break;
            case 8:
                $_POST['grade'] = '-2';
                break;
            case 9:
                $_POST['grade'] = '-3';
                break;
        }
        $gradearr = array('0' => $alang['general_state'], '64' => $alang['check_grade_1'], '32' => $alang['check_grade_2'], '16' => $alang['check_grade_3_1'], '9' => $alang['check_grade_3_2'], '4' => $alang['check_grade_3_3'], '1' => $alang['check_grade_4'], '-1' => $alang['check_grade_5'], '-2' => $alang['check_grade_6'], '-3' => $alang['check_grade_7']);
        if (!empty($_SCONFIG['checkgrade'])) {
            $newgradearr = explode("\t", $_SCONFIG['checkgrade']);
            $gradearr['64'] = $newgradearr[0];
            $gradearr['32'] = $newgradearr[1];
            $gradearr['16'] = $newgradearr[2];
            $gradearr['9'] = $newgradearr[3];
            $gradearr['4'] = $newgradearr[4];
            $gradearr['1'] = $newgradearr[5];
            $gradearr['-1'] = $newgradearr[6];
            $gradearr['-2'] = $newgradearr[7];
            $gradearr['-3'] = $newgradearr[8];
        }
    } else {
        $gradearr = array('0' => $alang['general_state'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5'], '6' => $alang['check_grade_6'], '7' => $alang['check_grade_7']);
        if (!empty($_SCONFIG['checkgrade'])) {
            $newgradearr = explode("\t", $_SCONFIG['checkgrade']);
            for ($i = 0; $i < count($newgradearr); $i++) {
                if (!empty($newgradearr[$i])) {
                    $gradearr[$i + 1] = $newgradearr[$i];
                }
            }
        }
    }
    if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) {
        showmessage('parameter_error');
    }
    $feedcolum = array();
    foreach ($columnsinfoarr as $result) {
        if ($result['isfixed'] == 1) {
            $resultitems[] = $result;
        } else {
            $resultmessage[] = $result;
        }
        if ($result['formtype'] == 'linkage') {
            if (!empty($_POST[$result['fieldname']])) {
                $_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]];
            }
        } elseif ($result['formtype'] == 'timestamp') {
            if (empty($_POST[$result['fieldname']])) {
                $_POST[$result['fieldname']] = $_SGLOBAL['timestamp'];
            } else {
                $_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]);
            }
        }
    }
    //更新用户最新更新时间
    if (empty($itemid) && $_SGLOBAL['supe_uid']) {
        updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid']));
    }
    //输入检查
    $_POST['catid'] = intval($_POST['catid']);
    $_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0;
    $_POST['subject'] = shtmlspecialchars(trim($_POST['subject']));
    //检查输入
    if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) {
        showmessage('space_suject_length_error');
    }
    if (empty($_POST['catid'])) {
        showmessage('admin_func_catid_error');
    }
    if (!empty($_FILES['subjectimage']['name'])) {
        $fileext = fileext($_FILES['subjectimage']['name']);
        if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) {
            showmessage('document_types_can_only_upload_pictures');
        }
    }
    //数据检查
    checkvalues(array_merge($resultitems, $resultmessage), 0, 1);
    //修改时检验标题图片是否修改
    $defaultmessage = array();
    if (!empty($itemid)) {
        if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) {
            //当file删除时,或修改时执行删除操作
            $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\'');
            $defaultmessage = $_SGLOBAL['db']->fetch_array($query);
            $hash = getmodelhash($_GET['mid'], $itemid);
            deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage'));
            //删除附件表
            updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid));
            $ext = fileext($defaultmessage['subjectimage']);
            if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
                @unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg');
            }
            @unlink(A_DIR . '/' . $defaultmessage['subjectimage']);
        }
    }
    //构建数据
    $setsqlarr = $setitemsqlarr = array();
    $setsqlarr = getsetsqlarr($resultitems);
    $setsqlarr['catid'] = $_POST['catid'];
    $setsqlarr['subject'] = $_POST['subject'];
    $setsqlarr['allowreply'] = $_POST['allowreply'];
    $setsqlarr['grade'] = intval($_POST['grade']);
    //modify by jyf,没权限的用户不能改审核等级
    if ($setsqlarr['grade'] > 0) {
        if (!checkperm('manageeditpost')) {
            showmessage('no_permission');
        }
    }
    //end
    $setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
    $setsqlarr['uid'] = $_SGLOBAL['supe_uid'];
    $setsqlarr['username'] = $_SGLOBAL['supe_username'];
    $setsqlarr['lastpost'] = $setsqlarr['dateline'];
    $modelsinfoarr['subjectimagewidth'] = 400;
    $modelsinfoarr['subjectimageheight'] = 300;
    if (!empty($modelsinfoarr['thumbsize'])) {
        $modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize']));
        $modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0];
        $modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1];
    }
    $uploadfilearr = $ids = array();
    $subjectimageid = '';
    $uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']);
    if (!empty($uploadfilearr)) {
        $feedsubjectimg = $uploadfilearr;
        foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
            if (empty($tmpvalue['error'])) {
                $setsqlarr[$tmpkey] = $tmpvalue['filepath'];
            }
            if (!empty($tmpvalue['aid'])) {
                $ids[] = $tmpvalue['aid'];
            }
        }
    }
    //词语过滤
    if (!empty($modelsinfoarr['allowfilter'])) {
        $setsqlarr = scensor($setsqlarr, 1);
    }
    //发布时间
    if (empty($_POST['dateline'])) {
        $setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
    } else {
        $setsqlarr['dateline'] = sstrtotime($_POST['dateline']);
        if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) {
            //不能早于2年
            $setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
        }
    }
    //附件处理-by jyf
    if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
        $setsqlarr['attaches'] = implode(',', $_POST['divupload']);
    }
    //创新园地新增两个字段-------89184
    if ($cacheinfo['models']['modelname'] == 'creative') {
        if (empty($_POST['creative_value'])) {
            showmessage('请输入创新价值说明');
        }
        if (empty($_POST['creative_days'])) {
            showmessage('本创新所耗的工作量');
        }
        $setsqlarr['value'] = $_POST['creative_value'];
        $setsqlarr['days'] = $_POST['creative_days'];
    }
    if (!checkperm('allowdirectpost') || checkperm('managemodpost')) {
        //不需要审核时入item表
        if (empty($itemid)) {
            //插入数据
            $itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1);
            //取消邮件通知                    --89184
            $email = get_cate_mail($_POST['catid']);
            $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
            if ($_POST['modelname'] == 'creative') {
                if ($_POST['creative_type'] == '流程建议') {
                    $email = $email . ',' . get_cate_process_mail($setsqlarr['catid']);
                }
            }
            $emails = explode(',', $email);
            if (count($emails) > 0) {
                include S_ROOT . './function/sendmail.fun.php';
                $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
                if ($cacheinfo['models']['modelname'] == 'creative') {
                    $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的创新:<br />' . $url1;
                    sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的创新《' . $_POST['subject'] . "》", $msg1);
                } else {
                    if ($cacheinfo['models']['modelname'] == 'defect') {
                        $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例:<br />' . $url1;
                        sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例《' . $_POST['subject'] . "》", $msg1);
                    }
                }
            }
        } else {
            //更新
            $op = 'update';
            unset($setsqlarr['uid']);
            unset($setsqlarr['username']);
            unset($setsqlarr['lastpost']);
            if ($setsqlarr['grade'] > 0) {
                $setsqlarr['shenhezhe'] = $_SGLOBAL['supe_username'];
                if ($_POST['modelname'] == 'creative') {
                    if ($_POST['creative_type'] == '主管月度创新') {
                        if (!check_cate_director($setsqlarr['catid'])) {
                            showmessage('no_permission');
                        }
                    }
                }
            }
            updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid));
            $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\'');
            $defaultmessage = $_SGLOBAL['db']->fetch_array($query);
            //邮件通知--等级审核
            if ($setsqlarr['grade'] > 0) {
                $sqlstr = 'SELECT u.*, s.* FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' s LEFT JOIN ' . tname('members') . ' u ON u.uid=s.uid WHERE s.itemid=\'' . $itemid . '\'';
                $query = $_SGLOBAL['db']->query($sqlstr);
                $value = $_SGLOBAL['db']->fetch_array($query);
                $email = $value['email'];
                if (!empty($email)) {
                    include S_ROOT . './function/sendmail.fun.php';
                    $url = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
                    $emails = explode(',', $email);
                    if ($_POST['modelname'] == 'creative') {
                        $msg = '你的创新已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
                    } else {
                        $msg = '你的缺陷预防案例已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
                    }
                    sendmail($emails, $setsqlarr['subject'], $msg);
                }
            }
        }
        if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
            $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=1, type=\'' . $modelsinfoarr['modelname'] . '\', itemid=' . $itemid . ', catid=\'' . $_POST['catid'] . '\' WHERE hash=\'' . $_POST['hash'] . '\'');
        }
        $hash = getmodelhash($_POST['mid'], $itemid);
        if (!empty($ids)) {
            $ids = simplode($ids);
            $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
        }
        $do = 'pass';
    } else {
        if (!empty($uploadfilearr['subjectimage']['aid'])) {
            $subjectimageid = $uploadfilearr['subjectimage']['aid'];
        }
        $setitemsqlarr = $setsqlarr;
        $do = 'me';
    }
    if ($op == 'update') {
        if (!empty($resultmessage)) {
            foreach ($resultmessage as $value) {
                if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) {
                    if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) {
                        //当file删除时,或修改时执行删除操作
                        deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname']));
                        //删除附件表
                        updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid']));
                        $ext = fileext($defaultmessage[$value['fieldname']]);
                        if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
                            @unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg');
                        }
                        @unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]);
                    }
                }
            }
        }
    }
    //内容
    $setsqlarr = $uploadfilearr = $ids = array();
    $setsqlarr = getsetsqlarr($resultmessage);
    $uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0);
    $setsqlarr['message'] = trim($_POST['message']);
    $setsqlarr['postip'] = $_SGLOBAL['onlineip'];
    if (!empty($uploadfilearr)) {
        foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
            if (empty($tmpvalue['error'])) {
                $setsqlarr[$tmpkey] = $tmpvalue['filepath'];
            }
            if (!empty($tmpvalue['aid'])) {
                $ids[] = $tmpvalue['aid'];
            }
        }
    }
    //添加内容
    if (!empty($modelsinfoarr['allowfilter'])) {
        $setsqlarr = scensor($setsqlarr, 1);
    }
    if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') {
        //不需要审核时入message表
        if ($op == 'add') {
            $setsqlarr['itemid'] = $itemid;
            //添加内容
            inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr);
            getreward('postinfo');
            if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) {
                $feed['icon'] = 'comment';
                $feed['title_template'] = 'feed_model_title';
                $murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
                $aurl = A_URL;
                if (empty($_SCONFIG['siteurl'])) {
                    $siteurl = getsiteurl();
                    $murl = $siteurl . $murl;
                    $aurl = $siteurl . $aurl;
                } else {
                    $siteurl = S_URL_ALL;
                }
                $feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>');
                $feed['body_template'] = 'feed_model_message';
                $feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150));
                if (!empty($feedsubjectimg)) {
                    $feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl);
                } else {
                    foreach ($feedcolum as $feedimgvalue) {
                        if ($feedimgvalue['filepath']) {
                            $feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl);
                            break;
                        }
                    }
                    if (empty($feed['images'])) {
                        $picurl = getmessagepic(stripslashes($_POST['message']));
                        if ($picurl && strpos($picurl, '://') === false) {
                            $picurl = $siteurl . '/' . $picurl;
                        }
                        if (!empty($picurl)) {
                            $feed['images'][] = array('url' => $picurl, 'link' => $murl);
                        }
                    }
                }
                postfeed($feed);
            }
        } else {
            //更新内容
            updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid));
        }
        updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash));
        if (checkperm('allowdirectpost') && $op == 'update') {
            deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1);
        }
        if (checkperm('allowdirectpost') && $op == 'update') {
            $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
            showmessage('writing_success_online_please_wait_for_audit', $jpurl);
        } else {
            $jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
            showmessage('online_contributions_success', $jpurl);
        }
    } else {
        $setsqlarr = array_merge($setitemsqlarr, $setsqlarr);
        $setsqlarr['addfeed'] = $_POST['addfeed'];
        $setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1);
        if (!empty($_POST['itemid'])) {
            $itemid = intval($_POST['itemid']);
            updatetable('modelfolders', $setsqlarr, array('itemid' => $itemid));
        } else {
            $itemid = inserttable('modelfolders', $setsqlarr, 1);
        }
        if (!empty($subjectimageid)) {
            $ids[] = $subjectimageid;
        }
        if (!empty($ids)) {
            $ids = simplode($ids);
            $hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT);
            $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
        }
        $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
        showmessage('writing_success_online_please_wait_for_audit', $jpurl);
    }
}
Example #20
0
     if (preg_match("/\\.swf\$/i", $link)) {
         $arr['title_template'] = cplang('share_flash');
         $arr['body_data']['flashaddr'] = $link;
         $type = 'flash';
     }
 }
 $arr['body_general'] = getstr($_POST['general'], 150, 1, 1, 1, 1);
 $arr['type'] = $type;
 $arr['uid'] = $_SGLOBAL['supe_uid'];
 $arr['username'] = $_SGLOBAL['supe_username'];
 $arr['dateline'] = $_SGLOBAL['timestamp'];
 $arr['topicid'] = $_POST['topicid'];
 $arr['body_data'] = serialize($arr['body_data']);
 // groups ת
 //
 $setarr = saddslashes($arr);
 //ת
 $sid = inserttable('share', $setarr, 1);
 //Statistics
 updatestat('share');
 // share notice
 if ($note_uid && $note_uid != $_SGLOBAL['supe_uid']) {
     notification_add($note_uid, 'sharenotice', $note_message);
 }
 // update  user Statistics
 if (empty($space['sharenum'])) {
     $space['sharenum'] = getcount('share', array('uid' => $space['uid']));
     $sharenumsql = "sharenum=" . $space['sharenum'];
 } else {
     $sharenumsql = 'sharenum=sharenum+1';
 }
Example #21
0
	
	@include_once(S_ROOT.'./uc_client/data/cache/creditsettings.php');
	if(submitcheck('exchangesubmit')) {
		$netamount = $tocredits = 0;
		$tocredits = $_POST['tocredits'];
		$outexange = strexists($tocredits, '|');
		if(!$outexange && !$_CACHE['creditsettings'][$tocredits]['ratio']) {
			showmessage('credits_exchange_invalid');
		}
		$amount = intval($_POST['amount']);
		if($amount <= 0) {
			showmessage('credits_transaction_amount_invalid');
		}
		@include_once(S_ROOT.'./uc_client/client.php');
		$ucresult = uc_user_login($_SGLOBAL['supe_username'], $_POST['password']);
		list($tmp['uid']) = saddslashes($ucresult);
		
		if($tmp['uid'] <= 0) {
			showmessage('credits_password_invalid');
		} elseif($space['credit']-$amount < 0) {
			showmessage('credits_balance_insufficient');
		}
		$netamount = floor($amount * 1/$_CACHE['creditsettings'][$tocredits]['ratio']);
		list($toappid, $tocredits) = explode('|', $tocredits);
		
		$ucresult = uc_credit_exchange_request($_SGLOBAL['supe_uid'], $_CACHE['creditsettings'][$tocredits]['creditsrc'], $tocredits, $toappid, $netamount);
		if(!$ucresult) {
			showmessage('extcredits_dataerror');
		}
		$_SGLOBAL['db']->query("UPDATE ".tname('space')." SET credit=credit-$amount WHERE uid='$_SGLOBAL[supe_uid]'");
		
Example #22
0
function verify_eventmembers($uids, $status)
{
    global $_SGLOBAL, $event;
    if ($_SGLOBAL['supe_userevent']['status'] < 3) {
        showmessage('no_privilege_manage_event_members');
    }
    $eventid = $_SGLOBAL['supe_userevent']['eventid'];
    if ($eventid != $event['eventid']) {
        $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("event") . " WHERE eventid='{$eventid}'");
        $event = $_SGLOBAL['db']->fetch_array($query);
    }
    $status = intval($status);
    if ($status < -1 || $status > 3) {
        showmessage("bad_userevent_status");
        // Please select the correct status of the event Members
    }
    if ($event['verify'] == 0 && $status == 0) {
        showmessage("event_not_set_verify");
    }
    if ($status == 3 && $_SGLOBAL['supe_uid'] != $event['uid']) {
        showmessage("only_creator_can_set_admin");
        // Only Founder can set the administrator
    }
    $newids = $actions = $userevents = array();
    $num = 0;
    // changing Event Member Number
    $query = $_SGLOBAL['db']->query("SELECT ue.*, sf.* FROM " . tname("userevent") . " ue LEFT JOIN " . tname("spacefield") . " sf ON ue.uid=sf.uid WHERE ue.uid IN (" . simplode($uids) . ") AND ue.eventid='{$eventid}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        if ($value['status'] == $status || $event['uid'] == $value['uid'] || $value['status'] == 1) {
            // The same status, creator, who does not deal with concerned about
            continue;
        }
        if ($status == 2) {
            //Set to ordinary member
            $newids[] = $value['uid'];
            $userevents[$value['uid']] = $value;
            if ($value['status'] == 0) {
                // Join
                $actions[$value['uid']] = "set_verify";
                $num += $value['fellow'] + 1;
            } elseif ($value['status'] == 3) {
                // cancel the Organizer status
                $actions[$value['uid']] = "unset_admin";
            }
        } elseif ($status == 3) {
            //Set to Organizer
            $newids[] = $value['uid'];
            $userevents[$value['uid']] = $value;
            $actions[$value['uid']] = "set_admin";
            if ($value['status'] == 0) {
                $num += $value['fellow'] + 1;
            }
        } elseif ($status == 0) {
            //Set to Pending
            $newids[] = $value['uid'];
            $userevents[$value['uid']] = $value;
            $actions[$value['uid']] = "unset_verify";
            if ($value['status'] >= 2) {
                $num -= $value['fellow'] + 1;
            }
        } elseif ($status == -1) {
            //Delete Members
            $newids[] = $value['uid'];
            $userevents[$value['uid']] = $value;
            $actions[$value['uid']] = "set_delete";
            if ($value['status'] >= 2) {
                $num -= $value['fellow'] + 1;
            }
        }
    }
    if (empty($newids)) {
        return array();
    }
    if ($event['limitnum'] > 0 && $event['membernum'] + $num > $event['limitnum']) {
        // Event Number of members is over
        showmessage("event_will_full");
    }
    $note_inserts = $note_ids = $feed_inserts = array();
    $feedarr = array('appid' => UC_APPID, 'icon' => 'event', 'uid' => '', 'username' => '', 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('event_join'), 'title_data' => array('title' => $event['title'], "eventid" => $event['eventid'], "uid" => $event['uid'], "username" => $event['username']), 'body_template' => '', 'body_data' => array(), 'body_general' => '', 'image_1' => '', 'image_1_link' => '', 'image_2' => '', 'image_2_link' => '', 'image_3' => '', 'image_3_link' => '', 'image_4' => '', 'image_4_link' => '', 'target_ids' => '', 'friend' => '');
    $feedarr = sstripslashes($feedarr);
    //Remove escape chars
    $feedarr['title_data'] = serialize(sstripslashes($feedarr['title_data']));
    //Serialize
    $feedarr['body_data'] = serialize(sstripslashes($feedarr['body_data']));
    //Serialize
    $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']);
    //Like hash
    $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']);
    //Merged hash
    $feedarr = saddslashes($feedarr);
    //Add slashes
    foreach ($newids as $id) {
        if ($status > 1 && $userevents[$id]['status'] == 0) {
            // Approved to participate in the Event, participate in activities publish to feed
            $feedarr['uid'] = $userevents[$id]['uid'];
            $feedarr['username'] = $userevents[$id]['username'];
            $feed_inserts[] = "('{$feedarr['appid']}', 'event', '{$feedarr['uid']}', '{$feedarr['username']}', '{$feedarr['dateline']}', '0', '{$feedarr['hash_template']}', '{$feedarr['hash_data']}', '{$feedarr['title_template']}', '{$feedarr['title_data']}', '{$feedarr['body_template']}', '{$feedarr['body_data']}', '{$feedarr['body_general']}', '{$feedarr['image_1']}', '{$feedarr['image_1_link']}', '{$feedarr['image_2']}', '{$feedarr['image_2_link']}', '{$feedarr['image_3']}', '{$feedarr['image_3_link']}', '{$feedarr['image_4']}', '{$feedarr['image_4_link']}')";
        }
        $userevents[$id]['privacy'] = empty($userevents[$id]['privacy']) ? array() : unserialize($userevents[$id]['privacy']);
        $filter = empty($userevents[$id]['privacy']['filter_note']) ? array() : array_keys($userevents[$id]['privacy']['filter_note']);
        if (cknote_uid(array("type" => "eventmemberstatus", "authorid" => $_SGLOBAL['supe_uid']), $filter)) {
            $note_ids[] = $id;
            $note_msg = cplang('eventmember_' . $actions[$id], array("space.php?do=event&id=" . $event['eventid'], $event['title']));
            $note_inserts[] = "('{$id}', 'eventmemberstatus', '1', '{$_SGLOBAL['supe_uid']}', '{$_SGLOBAL['supe_username']}', '" . addslashes($note_msg) . "', '{$_SGLOBAL['timestamp']}')";
        }
    }
    if ($note_ids) {
        $_SGLOBAL['db']->query("INSERT INTO " . tname('notification') . " (`uid`, `type`, `new`, `authorid`, `author`, `note`, `dateline`) VALUES " . implode(',', $note_inserts));
        $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET notenum=notenum+1 WHERE uid IN (" . simplode($note_ids) . ")");
    }
    if ($feed_inserts) {
        $_SGLOBAL['db']->query("INSERT INTO " . tname('feed') . " (`appid` ,`icon` ,`uid` ,`username` ,`dateline` ,`friend` ,`hash_template` ,`hash_data` ,`title_template` ,`title_data` ,`body_template` ,`body_data` ,`body_general` ,`image_1` ,`image_1_link` ,`image_2` ,`image_2_link` ,`image_3` ,`image_3_link` ,`image_4` ,`image_4_link`) VALUES " . implode(',', $feed_inserts));
    }
    if ($status == -1) {
        // Delete
        $_SGLOBAL['db']->query("DELETE FROM " . tname("userevent") . " WHERE uid IN (" . simplode($newids) . ") AND eventid='{$eventid}'");
    } else {
        // Set status
        $_SGLOBAL['db']->query("UPDATE " . tname("userevent") . " SET status='{$status}' WHERE uid IN (" . simplode($newids) . ") AND eventid='{$eventid}'");
    }
    // Modify Event Number of members
    if ($num != 0) {
        $_SGLOBAL['db']->query("UPDATE " . tname("event") . " SET membernum = membernum + ({$num}) WHERE eventid='{$eventid}'");
    }
    return $newids;
}
Example #23
0
        inserttable('usergroups', $setarr);
    } else {
        //更新
        updatetable('usergroups', $setarr, array('groupid' => $thevalue['groupid']));
    }
    //更新缓存
    include_once S_ROOT . './function/cache.func.php';
    updategroupcache();
    showmessage('do_success', S_URL . '/admincp.php?action=usergroups');
} elseif (submitcheck('copysubmit')) {
    //移除不需要复制的变量
    unset($thevalue['grouptitle']);
    unset($thevalue['groupid']);
    unset($thevalue['explower']);
    unset($thevalue['system']);
    $copyvalue = saddslashes($thevalue);
    foreach ($_POST['aimgroup'] as $key => $value) {
        $groupid = intval($value);
        updatetable('usergroups', $copyvalue, array('groupid' => $groupid));
    }
    //更新缓存
    include_once S_ROOT . './function/cache.func.php';
    updategroupcache();
    showmessage('do_success', S_URL . '/admincp.php?action=usergroups');
} elseif (submitcheck('explowersubmit')) {
    if (count($_POST['explower']) != count(array_unique($_POST['explower']))) {
        showmessage('integral_limit_duplication_with_other_user_group');
    } else {
        if (!empty($_POST['explower'])) {
            $oldexplower = array();
            $query = $_SGLOBAL['db']->query("SELECT groupid, explower FROM " . tname('usergroups'));
Example #24
0
 foreach ($_POST['option'] as $key => $val) {
     $optionarr[] = intval($val);
     if (count($optionarr) >= $poll['maxchoice']) {
         break;
     }
 }
 $query = $_SGLOBAL['db']->query("SELECT `option` FROM " . tname('polloption') . " WHERE oid IN ('" . implode("','", $optionarr) . "') AND pid='{$pid}'");
 while ($value = $_SGLOBAL['db']->fetch_array($query)) {
     $list[] = saddslashes($value['option']);
 }
 if (empty($list)) {
     showmessage('please_select_items_to_vote');
 }
 //Total votes
 $_SGLOBAL['db']->query("UPDATE " . tname('polloption') . " SET votenum=votenum+1 WHERE oid IN ('" . implode("','", $optionarr) . "') AND pid='{$pid}'");
 $setarr = array('uid' => $_SGLOBAL['supe_uid'], 'username' => $_POST['anonymous'] ? '' : $_SGLOBAL['supe_username'], 'pid' => $pid, 'option' => saddslashes('"' . implode(cplang('poll_separator'), $list) . '"'), 'dateline' => $_SGLOBAL['timestamp']);
 inserttable('polluser', $setarr);
 $sql = '';
 //Determine whether operating too fast
 if ($poll['credit'] && $poll['percredit'] && $poll['uid'] != $_SGLOBAL['supe_uid']) {
     if ($poll['credit'] <= $poll['percredit']) {
         $poll['percredit'] = $poll['credit'];
         $sql = ',percredit=0';
     }
     $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET credit=credit+{$poll['percredit']} WHERE uid='{$_SGLOBAL['supe_uid']}'");
 } else {
     $poll['percredit'] = 0;
 }
 $_SGLOBAL['db']->query("UPDATE " . tname('poll') . " SET voternum=voternum+1, lastvote='{$_SGLOBAL['timestamp']}', credit=credit-{$poll['percredit']} {$sql} WHERE pid='{$pid}'");
 // real name
 realname_get();
function invite_get($uid, $code) {
	global $_SGLOBAL, $_SN;

	$invitearr = array();
	if($uid && $code) {
		$query = $_SGLOBAL['db']->query("SELECT i.*, s.username, s.name, s.namestatus
			FROM ".tname('invite')." i
			LEFT JOIN ".tname('space')." s ON s.uid=i.uid
			WHERE i.uid='$uid' AND i.code='$code' AND i.fuid='0'");
		if($invitearr = $_SGLOBAL['db']->fetch_array($query)) {
			realname_set($invitearr['uid'], $invitearr['username'], $invitearr['name'], $invitearr['namestatus']);
			$invitearr = saddslashes($invitearr);
		}
	}
	return $invitearr;
}
Example #26
0
    } else {
        $refer = S_URL_ALL;
    }
}
include_once S_ROOT . './uc_client/client.php';
switch ($action) {
    case 'login':
        $cookietime = 0;
        if (!empty($_POST['cookietime'])) {
            $cookietime = intval($_POST['cookietime']);
        }
        if (submitcheck('loginsubmit')) {
            $password = $_POST['password'];
            $username = $_POST['username'];
            $ucresult = uc_user_login($username, $password, $loginfield == 'uid');
            list($members['uid'], $members['username'], $members['password'], $members['email']) = saddslashes($ucresult);
            if ($members['uid'] <= 0) {
                showmessage('login_error', geturl('action/login'));
            } else {
                if (empty($_SCONFIG['noseccode'])) {
                    if (!empty($_POST['seccode'])) {
                        if (!ckseccode($_POST['seccode'])) {
                            showmessage('incorrect_code', geturl('action/login'));
                        }
                    } else {
                        $guidearr = array();
                        include template('site_secques');
                        exit;
                    }
                }
            }
Example #27
0
function IHomeServiceCreateComplain($params = NULL)
{
    global $_SGLOBAL;
    if ($params['uid']) {
        if ($params['uid'] <= 0) {
            $errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct. the id must be a positive interger.");
            return json_encode($errorMsg);
        } else {
            $sql = "select name,username from " . tname('space') . " where uid = " . $params['uid'];
            $query = $_SGLOBAL['db']->query($sql);
            if ($row = $_SGLOBAL['db']->fetch_array($query)) {
                if ($row['name']) {
                    $params['uname'] = $row['name'];
                } else {
                    $params['uname'] = $row['username'];
                }
            } else {
                $errorMsg = array("errorNo" => "500", "content" => "the uid is not exist");
                return json_encode($errorMsg);
            }
        }
    } else {
        $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter uid.the uid is not exist or the uid is not a positive interger.");
        return json_encode($errorMsg);
    }
    // 忽略department_id_list
    if (!$params['content']) {
        $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter message.the message is not exist or the message is empty.");
        return json_encode($errorMsg);
    }
    if ($params['device'] && !in_array($params['device'], array('web', 'wechat', 'mobile'))) {
        $errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct. the parameter device is out of range.");
        return json_encode($errorMsg);
    }
    $UserIds = array();
    $mood = 0;
    $params['status'] = 'init';
    $params['reply_count'] = 0;
    $params['timestamp'] = time();
    $params['department_list'] = array();
    $params['operation_list'] = array();
    $params['reply_list'] = array();
    preg_match("/\\[em\\:(\\d+)\\:\\]/s", $params['content'], $ms);
    $mood = empty($ms[1]) ? 0 : intval($ms[1]);
    $message = rawurldecode(getstr($params['content'], 1000, 1, 1, 1, 2));
    preg_match_all("/[@](.*)[(]([\\d]+)[)]\\s*/U", $message, $matches, PREG_SET_ORDER);
    # 加上链接
    foreach ($matches as $value) {
        $TmpString = $value[0];
        $TmpName = $value[1];
        $UserId = $value[2];
        $result = $_SGLOBAL['db']->query("select uid,username,name from " . tname('space') . " where uid={$UserId}");
        if ($rs = $_SGLOBAL['db']->fetch_array($result)) {
            $realname = $rs['name'];
            if (empty($realname)) {
                $realname = $rs['username'];
            }
            $params['department_list'][intval($UserId)] = $realname;
            $ValidValue = getAtName($TmpString, $TmpName, $realname);
            $ValidValue = trim($ValidValue);
            $at_friend = "space.php?uid=" . $UserId;
            if ($ValidValue != false) {
                $message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $message);
                if (!in_array($UserId, $UserIds)) {
                    $UserIds[] = $UserId;
                }
            }
        }
    }
    $message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $message);
    $message = preg_replace("/\\<br.*?\\>/is", ' ', $message);
    $params['content'] = $message;
    $setarr = array('uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'from' => $params['uid'], 'message' => $message, 'mood' => $mood, 'ip' => getonlineip(), 'fromdevice' => 'web');
    if ($params['device']) {
        $setarr['fromdevice'] = $params['device'];
    }
    if ($params['ip']) {
        $setarr['ip'] = $params['ip'];
    }
    $newdoid = inserttable('doing', $setarr, 1);
    @(include_once S_ROOT . './data/data_creditrule.php');
    $isComplain = TRUE;
    /*if($isComplain && ($_SGLOBAL['member']['credit'] < $_SGLOBAL['creditrule']['complain']['credit'])){ # 如果积分不够
          $isComplain = FALSE;
          $note = cplang('note_complain_credit_failed', array("space.php?do=doing&doid=$newdoid"));
          notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note);
          $complain_msg = 'note_complain_credit_failed';
      }*/
    # 这部分可能会出错
    foreach ($UserIds as $UserId) {
        if ($isComplain) {
            $UserDept = isDepartment($UserId, 1);
            if ($UserDept) {
                $nowtime = time();
                $complain = array('doid' => $newdoid, 'uid' => $params['uid'], 'uname' => $params['uname'], 'atdepartment' => $UserDept['department'], 'atdeptuid' => $UserId, 'from' => $params['uid'], 'atuid' => $UserId, 'atuname' => $UserDept['department'], 'isreply' => 0, 'addtime' => $nowtime, 'dateline' => $nowtime, 'expire' => 0, 'times' => 1, 'issendmsg' => 0, 'message' => $message, 'datatime' => date("Ymd", $nowtime));
                inserttable('complain', $complain, 0);
                $note = cplang('note_complain_buchu', array("space.php?do=complain_item&doid={$newdoid}", date('Y-m-d H:i', $nowtime + 3600 * 24)));
                notification_complain_add($UserId, 'complain', $note);
                $complainOK = TRUE;
            } else {
                $note = cplang('note_doing_at', array("space.php?do=doing&doid={$newdoid}"));
                notification_add($UserId, 'atyou', $note);
            }
        }
    }
    if ($complainOK) {
        $note = cplang('note_complain_user_success', array("space.php?do=complain_item&doid={$newdoid}"));
        notification_complain_add($params['uid'], 'complain', $note);
        $complain_msg = 'note_complain_user_success';
        getreward('complain', 1, $params['uid']);
    }
    if (!$complainOK && $isComplain) {
        if ($UserId == '0000') {
            //系统管理员 虽然并没有什么用
            $note = cplang("您好,您的诉求已发送成功。谢谢您对ihome社区的大力支持!", array("space.php?do=doing&doid={$newdoid}"));
            notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note);
        } else {
            $note = cplang('note_complain_user_failed', array("space.php?do=doing&doid={$newdoid}"));
            notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note);
            $complain_msg = 'note_complain_user_failed';
        }
    }
    $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid', 'fromdevice' => 'web', 'ip' => getonlineip());
    if ($params['device']) {
        $feedarr['fromdevice'] = $params['device'];
    }
    if ($params['ip']) {
        $feedarr['ip'] = $params['ip'];
    }
    $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']);
    //ϲºÃhash
    $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']);
    //ºÏ²¢hash
    $feedid = inserttable('feed', $feedarr, 1);
    updatestat('doing');
    $setarr = array('note' => $message);
    $reward = getreward('doing', 0);
    updatetable('spacefield', $setarr, array('uid' => $params['uid']));
    return json_encode($params);
}
Example #28
0
 public function login($userlogin = '')
 {
     $userlogin = saddslashes($userlogin);
     $sql = "SELECT * FROM `user`\n                              WHERE `user`.login = '******'\n                              ";
     $res = sapp('db')->getrow($sql);
     return $res;
 }
Example #29
0
File: index.php Project: cwcw/cms
error_reporting(0);
$_SGLOBAL = $_SCONFIG = array();
//程序目录
define('S_ROOT', substr(dirname(__FILE__), 0, -7));
include_once S_ROOT . './function/common.func.php';
//获取时间
$_SGLOBAL['timestamp'] = time();
if (!@(include_once S_ROOT . './config.php')) {
    @(include_once S_ROOT . './config.new.php');
    show_msg('您需要首先将程序根目录下面的 "config.new.php" 文件重命名为 "config.php"', 999);
}
extract($_SC);
//GPC过滤
if (!get_magic_quotes_gpc()) {
    $_GET = saddslashes($_GET);
    $_POST = saddslashes($_POST);
}
ob_start();
$theurl = 'index.php';
$sqlfile = S_ROOT . './data/install.sql';
if (!file_exists($sqlfile)) {
    show_msg('请上传最新的 install.sql 数据库结构文件到程序的 ./data 目录下面,再重新运行本程序', 999);
}
$configfile = S_ROOT . './config.php';
//变量
$step = empty($_GET['step']) ? 0 : intval($_GET['step']);
$action = empty($_GET['action']) ? '' : trim($_GET['action']);
$nowarr = array('', '', '', '', '', '', '');
$formhash = formhash();
$lockfile = S_ROOT . './data/install.lock';
if (file_exists($lockfile)) {
Example #30
0
     $rs = $_SGLOBAL['db']->fetch_array($result);
     $realname = $rs['name'];
     //调用检查函数将@后的内容进行验证,为UID对应的姓名相同则返回@与姓名,不相同则继续判断下一个@,没有找到匹配的最终将返回false
     $ValidValue = getAtName($TmpString, $TmpName, $realname);
     $ValidValue = trim($ValidValue);
     $at_friend = "space.php?uid=" . $UserId;
     $Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message);
 }
 //替换表情
 $Message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $Message);
 $Message = preg_replace("/\\<br.*?\\>/is", ' ', $Message);
 //print_r($Message);
 $arr = array("username" => getstr($username, 15, 1, 1, 1), "message" => $Message, "uid" => intval($userid), "replynum" => 0, "mood" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'ip' => getonlineip());
 $newdoid = inserttable('doing', $arr, 1);
 //事件feed
 $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $userid, 'username' => $username, 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $Message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid');
 $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']);
 //喜好hash
 $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']);
 //合并hash
 inserttable('feed', $feedarr, 1);
 updatestat('doing');
 //更新空间note
 $setarr = array('note' => $Message);
 if (!empty($_POST['spacenote'])) {
     $reward = getreward('updatemood', 0);
     $setarr['spacenote'] = $Message;
 } else {
     $reward = getreward('doing', 0);
 }
 updatetable('spacefield', $setarr, array('uid' => $userid));