public function doIndex_BoxPost() { $rc['login'] = bus('post')['login']; $rc['password'] = bus('post')['password']; $rc['groupId'] = intval(bus('post')['group']); $rc['des'] = bus('post')['des']; //addslashes()和stripslashes() //监测空值 if (empty($rc['login']) || empty($rc['login'])) { echo json_encode(['code' => -200, 'msg' => '用户名或密码空']); exit; } //监测重复 $login = saddslashes($rc['login']); $sql = "select count(*) from user where login = '******'"; $num = sapp('db')->getone($sql); if ($num) { echo json_encode(['code' => -200, 'msg' => '该用户名存在']); exit; } //hash $rc['password'] = shamhash($rc['password']); //-------------------------------------------------------- $rc = saddslashes($rc); sapp('db')->autoExecute('user', $rc, 'INSERT'); //-------------------------------------------------------- echo json_encode(['code' => 200, 'msg' => '-']); }
function _init_input() { global $_G; if (!MAGIC_QUOTES_GPC) { $_GET = saddslashes($_GET); $_POST = saddslashes($_POST); $_COOKIE = saddslashes($_COOKIE); $_FILES = saddslashes($_FILES); } $prelength = strlen($_G['config']['cookie']['cookiepre']); foreach ($_COOKIE as $key => $value) { if (substr($key, 0, $prelength) == $_G['config']['cookie']['cookiepre']) { $_G['cookie'][substr($key, $prelength)] = $value; } } $_G['inajax'] = empty($_GET['inajax']) ? 0 : intval($_GET['inajax']); $_G['page'] = $_GET['page'] = isset($_GET['page']) && intval($_GET['page']) > 0 ? intval($_GET['page']) : 1; if (substr($_G['setting']['attachmentdir'], 0, 2) == './') { define('A_DIR', B_ROOT . $_G['setting']['attachmentdir']); } else { define('A_DIR', $_G['setting']['attachmentdir']); } if (empty($_G['setting']['attachmenturl']) && substr($_G['setting']['attachmentdir'], 0, 2) == './') { $_G['setting']['attachmenturl'] = substr($_G['setting']['attachmentdir'], 2); } if (empty($_G['setting']['attachmenturl'])) { $_G['setting']['attachmenturl'] = 'attachments'; } // 外部調用帶絕對地址 define('A_URL', B_URL . '/' . $_G['setting']['attachmenturl']); }
function saddslashes($string) { if (is_array($string)) { foreach ($string as $key => $val) { $string[$key] = saddslashes($val); } } else { $string = addslashes($string); } return $string; }
function xmltag_close($parser, $tag) { $flag = false; switch ($tag) { case 'int': case 'i4': $value = intval(trim($this->xmlmessage->tag_content)); $flag = true; break; case 'double': $value = (double) trim($this->xmlmessage->tag_content); $flag = true; break; case 'string': $value = $this->xmlmessage->tag_content; $flag = true; break; case 'dateTime.iso8601': $value = $this->convertDate($this->xmlmessage->tag_content); $flag = true; break; case 'value': if (trim($this->xmlmessage->tag_content) != '' || $this->xmlmessage->last_open == 'value') { $value = (string) trim($this->xmlmessage->tag_content); $flag = true; } break; case 'boolean': $value = (bool) trim($this->xmlmessage->tag_content); $flag = true; break; case 'base64': $value = saddslashes(base64_decode(trim($this->xmlmessage->tag_content))); $flag = true; break; case 'data': case 'struct': $value = array_pop($this->xmlmessage->structs); array_pop($this->xmlmessage->structTypes); $flag = true; break; case 'member': array_pop($this->xmlmessage->struct_name); break; case 'name': $this->xmlmessage->struct_name[] = trim($this->xmlmessage->tag_content); break; case 'methodName': $this->xmlmessage->methodname = trim($this->xmlmessage->tag_content); break; } if ($flag) { if (count($this->xmlmessage->structs) > 0) { if ($this->xmlmessage->structTypes[count($this->xmlmessage->structTypes) - 1] == 'struct') { $this->xmlmessage->structs[count($this->xmlmessage->structs) - 1][$this->xmlmessage->struct_name[count($this->xmlmessage->struct_name) - 1]] = $value; } else { $this->xmlmessage->structs[count($this->xmlmessage->structs) - 1][] = $value; } } else { $this->xmlmessage->params[] = $value; } } if (!in_array($tag, array('data', 'struct', 'member'))) { $this->xmlmessage->tag_content = ''; } }
//附件如何处理? if ($value['haveattach']) { $subquery = $_SGLOBAL['db']->query("SELECT * FROM {$tpre}attachments WHERE itemid='{$value['itemid']}'"); while ($subvalue = $_SGLOBAL['db']->fetch_array($subquery)) { if (strexists($value['message'], $value['filepath']) || strexists($value['message'], $value['thumbpath'])) { continue; } if ($subvalue['isimage']) { //图片 $value['message'] .= "<div><img src=\"{$_SC[attachurl]}{$subvalue['filepath']}\"></div>"; } else { $value['message'] .= "<div><strong>文件</strong>: <a href=\"{$_SC[attachurl]}{$subvalue['filepath']}\">{$subvalue['filename']}</a></div>"; } } } $value = saddslashes($value); $setarr = array('blogid' => $value['itemid'], 'uid' => $value['uid'], 'username' => $value['username'], 'subject' => $value['subject'], 'classid' => $value['itemtypeid'], 'viewnum' => $value['viewnum'], 'replynum' => $value['replynum'], 'dateline' => $value['dateline'], 'noreply' => empty($value['allowreply']) ? 1 : 0, 'friend' => $value['folder'] > 1 ? 1 : 0); inserttable('blog', $setarr, 0, true); $setarr = array('blogid' => $value['itemid'], 'message' => message_replace($value['message']), 'postip' => $value['postip']); inserttable('blogfield', $setarr, 0, true); } show_next('图片主题数据'); } elseif ($_GET['step'] == 13) { $msg = <<<EOF \t<form method="post" action="convert.php"> \t<table> \t<tr><td colspan="2">数据转换完成!<br><br> \t最后,请输入你的用户名,系统将您设为UCenter Home的管理员! \t</td></tr> \t<tr><td>您的用户名</td><td><input type="text" name="username" value="" size="30"></td></tr> \t<tr><td></td><td><input type="submit" name="opensubmit" value="设为管理员"></td></tr>
} include_once S_ROOT . './function/common.func.php'; @(include_once S_ROOT . './data/system/config.cache.php'); $_SCONFIG = array_merge($_SSCONFIG, $_SC); //合并配置 extract($_SC); if (!get_magic_quotes_gpc()) { $_GET = saddslashes($_GET); $_POST = saddslashes($_POST); $_COOKIE = saddslashes($_COOKIE); } //COOKIE $prelength = strlen($_SC['cookiepre']); foreach ($_COOKIE as $key => $val) { if (substr($key, 0, $prelength) == $_SC['cookiepre']) { $_SCOOKIE[substr($key, $prelength)] = empty($magic_quote) ? saddslashes($val) : $val; } } $mtime = explode(' ', microtime()); $_SGLOBAL['supe_starttime'] = $mtime[1] + $mtime[0]; $_SGLOBAL['timestamp'] = time(); $_SGLOBAL['inajax'] = empty($_GET['inajax']) ? 0 : intval($_GET['inajax']); define('S_URL', $_SC['siteurl']); define('B_URL', $_SC['bbsurl']); if (!empty($_SC['bbsver'])) { define('B_VER', $_SC['bbsver'] >= 5 ? 5 : $_SC['bbsver']); } if (!empty($headercharset)) { header('Content-Type: text/html; charset=' . $_SC['charset']); } //ONLINE IP
function synlogin($get, $post) { global $_SGLOBAL; if (!API_SYNLOGIN) { return API_RETURN_FORBIDDEN; } //note 同步登录 API 接口 obclean(); header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $cookietime = 31536000; $uid = intval($get['uid']); $query = $_SGLOBAL['db']->query("SELECT uid, username, password FROM " . tname('member') . " WHERE uid='{$uid}'"); if ($member = $_SGLOBAL['db']->fetch_array($query)) { include_once S_ROOT . './source/function_space.php'; $member = saddslashes($member); $space = insertsession($member); //设置cookie ssetcookie('auth', authcode("{$member['password']}\t{$member['uid']}", 'ENCODE'), $cookietime); } ssetcookie('loginuser', $get['username'], $cookietime); }
function getstr($string, $length, $in_slashes = 0, $out_slashes = 0, $censor = 0, $bbcode = 0, $html = 0) { global $_SC, $_SGLOBAL; $string = trim($string); if ($in_slashes) { //传入的字符有slashes $string = sstripslashes($string); } if ($html < 0) { //去掉html标签 $string = preg_replace("/(\\<[^\\<]*\\>|\r|\n|\\s|\\[.+?\\])/is", ' ', $string); $string = shtmlspecialchars($string); } elseif ($html == 0) { //转换html标签 $string = shtmlspecialchars($string); } if ($censor) { //词语屏蔽 @(include_once S_ROOT . './data/data_censor.php'); if ($_SGLOBAL['censor']['banned'] && preg_match($_SGLOBAL['censor']['banned'], $string)) { showmessage('information_contains_the_shielding_text'); } else { $string = empty($_SGLOBAL['censor']['filter']) ? $string : @preg_replace($_SGLOBAL['censor']['filter']['find'], $_SGLOBAL['censor']['filter']['replace'], $string); } } if ($length && strlen($string) > $length) { //截断字符 $wordscut = ''; if (strtolower($_SC['charset']) == 'utf-8') { //utf8编码 $n = 0; $tn = 0; $noc = 0; while ($n < strlen($string)) { $t = ord($string[$n]); if ($t == 9 || $t == 10 || 32 <= $t && $t <= 126) { $tn = 1; $n++; $noc++; } elseif (194 <= $t && $t <= 223) { $tn = 2; $n += 2; $noc += 2; } elseif (224 <= $t && $t < 239) { $tn = 3; $n += 3; $noc += 2; } elseif (240 <= $t && $t <= 247) { $tn = 4; $n += 4; $noc += 2; } elseif (248 <= $t && $t <= 251) { $tn = 5; $n += 5; $noc += 2; } elseif ($t == 252 || $t == 253) { $tn = 6; $n += 6; $noc += 2; } else { $n++; } if ($noc >= $length) { break; } } if ($noc > $length) { $n -= $tn; } $wordscut = substr($string, 0, $n); } else { for ($i = 0; $i < $length - 1; $i++) { if (ord($string[$i]) > 127) { $wordscut .= $string[$i] . $string[$i + 1]; $i++; } else { $wordscut .= $string[$i]; } } } $string = $wordscut; } if ($bbcode) { include_once S_ROOT . './source/function_bbcode.php'; $string = bbcode($string, $bbcode); } if ($out_slashes) { $string = saddslashes($string); } return trim($string); }
function uploadfile($valuearr, $mid = 2, $itemid = 0, $havethumb = 1, $width = 100, $height = 100) { global $_G, $_SGLOBAL; $setsqlarr = array(); $hash = getmodelhash($mid, $itemid); if (!empty($valuearr)) { foreach ($valuearr as $value) { if (!preg_match("/^(img|flash|file)\$/i", $value['formtype'])) { continue; } $filearr = $_FILES[$value['fieldname']]; if (!empty($filearr['name'])) { $setsqlarr[$value['fieldname']] = array('fieldcomment' => $value['fieldcomment'], 'filepath' => '', 'error' => '', 'aid' => ''); if (empty($filearr['size']) || empty($filearr['tmp_name'])) { //獲取上傳文件大小失敗,請選擇其他文件上傳 $setsqlarr[$value['fieldname']]['error'] = modelmsg('get_upload_size_error'); break; } $fileext = fileext($filearr['name']); if ($value['fieldname'] == 'subjectimage') { $newfilearr = loadClass('attach')->savelocalfile($filearr, array($width, $height), '', 1); //標題圖片上傳 } else { list($width, $height) = explode(',', $value['thumbsize']); $newfilearr = loadClass('attach')->savelocalfile($filearr, array($width, $height), '', 1); //自定義圖片上傳 } if ($value['formtype'] == 'img') { $attachinfo = @getimagesize(A_DIR . '/' . $newfilearr['file']); if (empty($attachinfo) || $attachinfo[2] < 1 && $attachinfo[2] > 3) { $setsqlarr[$value['fieldname']]['error'] = modelmsg('get_upload_size_error'); @unlink(A_DIR . '/' . $newfilearr['file']); if ($newfilearr['thumb'] != $newfilearr['file']) { @unlink(A_DIR . '/' . $newfilearr['thumb']); } break; } } if (empty($newfilearr['file'])) { //上傳文件失敗,請您稍後嘗試重新上傳 $setsqlarr[$value['fieldname']]['error'] = modelmsg('upload_error'); break; } //數據庫 $insertsqlarr = array('uid' => $_G['uid'], 'dateline' => $_G['timestamp'], 'filename' => saddslashes($filearr['name']), 'subject' => $value['fieldname'], 'attachtype' => $fileext, 'isimage' => in_array($fileext, array('jpg', 'jpeg', 'gif', 'png')) ? 1 : 0, 'size' => $filearr['size'], 'filepath' => $newfilearr['file'], 'thumbpath' => $newfilearr['thumb'], 'hash' => $hash); $aid = inserttable('attachments', $insertsqlarr, 1); $setsqlarr[$value['fieldname']]['filepath'] = $value['formtype'] != 'file' ? $newfilearr['file'] : $aid; $setsqlarr[$value['fieldname']]['aid'] = $aid; } } } return $setsqlarr; }
/** * 用户输入转义 */ function saddslashes($string) { if (!get_magic_quotes_gpc()) { if (is_array($string)) { foreach ($string as $key => $val) { $string[$key] = saddslashes($val); } } else { $string = addslashes($string); } } return $string; }
function saveurlarr($msgarr, $varname) { global $_SGLOBAL; global $thevalue, $_SCONFIG; include_once S_ROOT . './function/upload.func.php'; $isimage = 0; if ($varname == 'picarr') { $isimage = 1; } if (!empty($msgarr[$varname]) && is_array($msgarr[$varname])) { foreach ($msgarr[$varname] as $ukey => $url) { if ($isimage) { $patharr = saveremotefile($url, $_SCONFIG['thumbarray']['news']); } else { $patharr = saveremotefile($url, array(), 0); } $subject = strtolower(trim(substr($patharr['name'], 0, strrpos($patharr['name'], '.')))); $msgarr['patharr'][] = array('uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp'], 'catid' => $msgarr['importcatid'], 'itemid' => 0, 'filename' => saddslashes($patharr['name']), 'subject' => trim(shtmlspecialchars($subject)), 'attachtype' => $patharr['type'], 'type' => 'news', 'isimage' => in_array($patharr['type'], array('jpg', 'jpeg', 'gif', 'png')) ? 1 : 0, 'size' => $patharr['size'], 'filepath' => $patharr['file'], 'thumbpath' => $patharr['thumb'], 'isavailable' => 1, 'hash' => ''); if (!empty($patharr['file'])) { $msgarr['message'] = str_replace($url, A_URL . '/' . $patharr['file'], $msgarr['message']); $msgarr[$varname][$ukey] = str_replace($url, A_DIR . '/' . $patharr['file'], $msgarr[$varname][$ukey]); } } } return $msgarr; }
} else { if (in_array($return, array(-1, -2, -3, -4))) { showmessage('message_can_not_send' . abs($return)); } else { showmessage('message_can_not_send'); } } } } elseif ($_GET['op'] == 'ignore') { if (submitcheck('ignoresubmit')) { uc_pm_blackls_set($_SGLOBAL['supe_uid'], $_POST['ignorelist']); showmessage('do_success', 'space.php?do=pm&view=ignore'); } } else { //新用户见习 cknewuser(); if (!checkperm('allowpm')) { ckspacelog(); showmessage('no_privilege'); } //发送 $friends = array(); if ($space['friendnum']) { $query = $_SGLOBAL['db']->query("SELECT fuid AS uid, fusername AS username FROM " . tname('friend') . " WHERE uid={$_SGLOBAL['supe_uid']} AND status='1' ORDER BY num DESC, dateline DESC LIMIT 0,100"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $value['username'] = saddslashes($value['username']); $friends[] = $value; } } } include_once template("cp_pm");
$comment['ip'] = preg_replace("/^(\\d{1,3})\\.(\\d{1,3})\\.\\d{1,3}\\.\\d{1,3}\$/", "\$1.\$2.*.*", $comment['ip']); $html = '<div id="cid_{cid}_' . $comment['floornum'] . '_title" class="old_title"><span class="author">' . $_G['setting']['sitename']; if (!$comment['hidelocation']) { $html .= $comment['iplocation'] != 'LAN' ? $comment['iplocation'] : $lang['mars']; } $html .= $lang['visitor']; if (!empty($comment['authorid']) && !$comment['hideauthor']) { $html .= " [{$comment['author']}] "; } if (!$comment['hideip']) { $html .= " ({$comment['ip']}) "; } $html .= $lang['from_the_original_note'] . '</span><span class="color_red">' . $comment['floornum'] . '</span></div>'; $comment['message'] = str_replace('<div class="new"', $html . '<div id="cid_{cid}_' . $comment['floornum'] . '_detail" class="detail"', $comment['message']); $comment['message'] = '<div id="cid_{cid}_' . $comment['floornum'] . '" class="old">' . $comment['message'] . '</div>'; $comment['message'] = saddslashes($comment['message']); $_POST['message'] = $comment['message'] . $_POST['commentmessage']; } //回複詞語屏蔽 $_POST['commentmessage'] = censor($_POST['commentmessage']); $shopuid = getshopuid($type); $subtype = !empty($commentscorestr) ? '1' : '0'; $setsqlarr = array('itemid' => $itemid, 'type' => $type, 'uid' => $item['uid'], 'authorid' => $_G['uid'], 'author' => $_G['username'], 'ip' => $_G['clientip'], 'dateline' => $_G['timestamp'], 'subject' => '', 'message' => $_POST['commentmessage'], 'floornum' => $comment['floornum'], 'hideauthor' => $_POST['hideauthor'], 'hideip' => $_POST['hideip'], 'hidelocation' => $_POST['hidelocation'], 'firstcid' => $comment['firstcid'], 'upcid' => $upcid, 'shopuid' => $shopuid, 'status' => 1, 'isprivate' => $isprivate, 'subtype' => $subtype); $cid = inserttable('spacecomments', $setsqlarr, 1); if ($cid && !empty($commentscorestr)) { $commentscore = $score = 0; $commentscorearr = array(); for ($i = 1; $i <= 8; $i++) { if (strpos($commentscorestr, '1' . $i . '@')) { $commentscore = substr($commentscorestr, strpos($commentscorestr, '@1' . $i . '@') + 4, 1); if (is_numeric($commentscore) && $commentscore <= 5 && $commentscore > 0) {
function feed_publish($id, $idtype, $add = 0) { global $_SGLOBAL; $setarr = array(); switch ($idtype) { case 'blogid': $query = $_SGLOBAL['db']->query("SELECT b.*, bf.* FROM " . tname('blog') . " b\r\n\t\t\t\tLEFT JOIN " . tname('blogfield') . " bf ON bf.blogid=b.blogid\r\n\t\t\t\tWHERE b.blogid='{$id}'"); if ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($value['friend'] != 3) { // $setarr['icon'] = 'blog'; $setarr['id'] = $value['blogid']; $setarr['idtype'] = $idtype; $setarr['uid'] = $value['uid']; $setarr['username'] = $value['username']; $setarr['dateline'] = $value['dateline']; $setarr['target_ids'] = $value['target_ids']; $setarr['friend'] = $value['friend']; $setarr['hot'] = $value['hot']; //ϸ $url = "space.php?uid={$value['uid']}&do=blog&id={$value['blogid']}"; if ($value['friend'] == 4) { // $setarr['title_template'] = cplang('feed_blog_password'); $setarr['title_data'] = array('subject' => "<a href=\"{$url}\">{$value['subject']}</a>"); } else { //˽ if ($value['pic']) { $setarr['image_1'] = pic_cover_get($value['pic'], $value['picflag']); $setarr['image_1_link'] = $url; } $setarr['title_template'] = cplang('feed_blog'); $setarr['body_template'] = '<b>{subject}</b><br>{summary}'; $setarr['body_data'] = array('subject' => "<a href=\"{$url}\">{$value['subject']}</a>", 'summary' => getstr($value['message'], 150, 1, 1, 0, 0, -1)); } } } break; case 'albumid': $key = 1; if ($id > 0) { $query = $_SGLOBAL['db']->query("SELECT p.*, a.username, a.albumname, a.picnum, a.friend, a.target_ids FROM " . tname('pic') . " p\r\n\t\t\t\t\tLEFT JOIN " . tname('album') . " a ON a.albumid=p.albumid\r\n\t\t\t\t\tWHERE p.albumid='{$id}' ORDER BY dateline DESC LIMIT 0,4"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($value['friend'] <= 2) { if (empty($setarr['icon'])) { // $setarr['icon'] = 'album'; $setarr['id'] = $value['albumid']; $setarr['idtype'] = $idtype; $setarr['uid'] = $value['uid']; $setarr['username'] = $value['username']; $setarr['dateline'] = $value['dateline']; $setarr['target_ids'] = $value['target_ids']; $setarr['friend'] = $value['friend']; //ϸ $setarr['title_template'] = '{actor} ' . cplang('upload_album'); $setarr['body_template'] = '<b>{album}</b><br>' . cplang('the_total_picture', array('{picnum}')); $setarr['body_data'] = array('album' => "<a href=\"space.php?uid={$value['uid']}&do=album&id={$value['albumid']}\">{$value['albumname']}</a>", 'picnum' => $value['picnum']); } $setarr['image_' . $key] = pic_get($value['filepath'], $value['thumb'], $value['remote']); $setarr['image_' . $key . '_link'] = "space.php?uid={$value['uid']}&do=album&picid={$value['picid']}"; $key++; } else { break; } } } else { //Ĭ album $picnum = $_SGLOBAL['db']->result($_SGLOBAL['db']->query("SELECT COUNT(*) FROM " . tname('pic') . " WHERE uid='{$_SGLOBAL['supe_uid']}' AND albumid='0'"), 0); if ($picnum >= 1) { $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE uid='{$_SGLOBAL['supe_uid']}' AND albumid='0' ORDER BY dateline DESC LIMIT 0,4"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if (empty($setarr['icon'])) { // $setarr['icon'] = 'album'; $setarr['uid'] = $value['uid']; $setarr['username'] = $_SGLOBAL['supe_username']; $setarr['dateline'] = $value['dateline']; //ϸ $setarr['title_template'] = '{actor} ' . cplang('upload_album'); $setarr['body_template'] = '<b>{album}</b><br>' . cplang('the_total_picture', array('{picnum}')); $setarr['body_data'] = array('album' => "<a href=\"space.php?uid={$value['uid']}&do=album&id=-1\">" . cplang('default_albumname') . "</a>", 'picnum' => $picnum); } $setarr['image_' . $key] = pic_get($value['filepath'], $value['thumb'], $value['remote']); $setarr['image_' . $key . '_link'] = "space.php?uid={$value['uid']}&do=album&picid={$value['picid']}"; $key++; } } } break; case 'picid': $plussql = $id > 0 ? "p.picid='{$id}'" : "p.uid='{$_SGLOBAL['supe_uid']}' ORDER BY dateline DESC LIMIT 1"; $query = $_SGLOBAL['db']->query("SELECT p.*, a.friend, a.target_ids, s.username FROM " . tname('pic') . " p\r\n\t\t\t\tLEFT JOIN " . tname('space') . " s ON s.uid=p.uid\r\n\t\t\t\tLEFT JOIN " . tname('album') . " a ON a.albumid=p.albumid WHERE {$plussql}"); if ($value = $_SGLOBAL['db']->fetch_array($query)) { if (empty($value['friend'])) { // privacy // $setarr['icon'] = 'album'; $setarr['id'] = $value['picid']; $setarr['idtype'] = $idtype; $setarr['uid'] = $value['uid']; $setarr['username'] = $value['username']; $setarr['dateline'] = $value['dateline']; $setarr['target_ids'] = $value['target_ids']; $setarr['friend'] = $value['friend']; $setarr['hot'] = $value['hot']; //ϸ $url = "space.php?uid={$value['uid']}&do=album&picid={$value['picid']}"; $setarr['image_1'] = pic_get($value['filepath'], $value['thumb'], $value['remote']); $setarr['image_1_link'] = $url; $setarr['title_template'] = '{actor} ' . cplang('upload_a_new_picture'); $setarr['body_template'] = '{title}'; $setarr['body_data'] = array('title' => $value['title']); } } break; case 'tid': $query = $_SGLOBAL['db']->query("SELECT t.*, p.* FROM " . tname('thread') . " t\r\n\t\t\t\tLEFT JOIN " . tname('post') . " p ON p.tid=t.tid AND p.isthread='1'\r\n\t\t\t\tWHERE t.tid='{$id}'"); if ($value = $_SGLOBAL['db']->fetch_array($query)) { // $setarr['icon'] = 'thread'; $setarr['id'] = $value['tid']; $setarr['idtype'] = $idtype; $setarr['uid'] = $value['uid']; $setarr['username'] = $value['username']; $setarr['dateline'] = $value['dateline']; $setarr['hot'] = $value['hot']; //ϸ $url = "space.php?uid={$value['uid']}&do=thread&id={$value['tid']}"; if ($value['eventid']) { // event $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("event") . " WHERE eventid='{$value['eventid']}'"); $event = $_SGLOBAL['db']->fetch_array($query); $setarr['title_template'] = cplang('feed_eventthread'); $setarr['body_template'] = '<b>{subject}</b><br>' . cplang('event') . ': {event}<br>{summary}'; $setarr['body_data'] = array('subject' => "<a href=\"{$url}&eventid={$value['eventid']}\">{$value['subject']}</a>", 'event' => "<a href=\"space.php?do=event&id={$value['eventid']}\">{$event['title']}</a>", 'summary' => getstr($value['message'], 150, 1, 1, 0, 0, -1)); } else { $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("mtag") . " WHERE tagid='{$value['tagid']}'"); $mtag = $_SGLOBAL['db']->fetch_array($query); $setarr['title_template'] = cplang('feed_thread'); $setarr['body_template'] = '<b>{subject}</b><br>' . cplang('mtag') . ': {mtag}<br>{summary}'; $setarr['body_data'] = array('subject' => "<a href=\"{$url}\">{$value['subject']}</a>", 'mtag' => "<a href=\"space.php?do=mtag&tagid={$value['tagid']}\">{$mtag['tagname']}</a>", 'summary' => getstr($value['message'], 150, 1, 1, 0, 0, -1)); } } break; case 'pid': $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('poll') . " WHERE pid='{$id}'"); if ($value = $_SGLOBAL['db']->fetch_array($query)) { // $setarr['icon'] = 'poll'; $setarr['id'] = $value['pid']; $setarr['idtype'] = $idtype; $setarr['uid'] = $value['uid']; $setarr['username'] = $value['username']; $setarr['dateline'] = $value['dateline']; $setarr['hot'] = $value['hot']; //ϸ $url = "space.php?uid={$value['uid']}&do=poll&pid={$value['pid']}"; $setarr['title_template'] = cplang('feed_poll'); $setarr['body_template'] = '<a href="{url}"><strong>{subject}</strong></a>{option}'; $optionstr = ''; $opquery = $_SGLOBAL['db']->query("SELECT * FROM " . tname("polloption") . " WHERE pid='{$value['pid']}' LIMIT 0,2"); while ($opt = $_SGLOBAL['db']->fetch_array($opquery)) { $optionstr .= '<br><input type="' . ($value['maxchoice'] > 1 ? 'checkbox' : 'radio') . '" disabled name="poll_' . $opt['oid'] . '"/>' . $opt['option']; } $setarr['body_data'] = array('url' => $url, 'subject' => $value['subject'], 'option' => $optionstr); $setarr['body_general'] = $value['percredit'] ? cplang('reward_info', array($value['percredit'])) : ''; } break; case 'eventid': $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('event') . " WHERE eventid='{$id}'"); if ($value = $_SGLOBAL['db']->fetch_array($query)) { // $setarr['icon'] = 'event'; $setarr['id'] = $value['eventid']; $setarr['idtype'] = $idtype; $setarr['uid'] = $value['uid']; $setarr['username'] = $value['username']; $setarr['dateline'] = $value['dateline']; $setarr['hot'] = $value['hot']; //ϸ $url = "space.php?do=event&id={$value['eventid']}"; $setarr['title_template'] = cplang('event_add'); $setarr['body_template'] = cplang('event_feed_info'); $setarr['body_data'] = array('title' => "<a href=\"{$url}\">{$value['title']}</a>", 'country' => $value['country'], 'province' => $value['province'], 'city' => $value['city'], 'location' => $value['location'], 'starttime' => sgmdate('m-d H:i', $value['starttime']), 'endtime' => sgmdate('m-d H:i', $value['endtime'])); // if ($value['poster']) { $setarr['image_1'] = pic_get($value['poster'], $value['thumb'], $value['remote']); $setarr['image_1_link'] = $url; } } break; case 'sid': $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('share') . " WHERE sid='{$id}'"); if ($value = $_SGLOBAL['db']->fetch_array($query)) { // $setarr['icon'] = 'share'; $setarr['id'] = $value['sid']; $setarr['idtype'] = $idtype; $setarr['uid'] = $value['uid']; $setarr['username'] = $value['username']; $setarr['dateline'] = $value['dateline']; $setarr['hot'] = $value['hot']; //ϸ $url = "space.php?uid={$value['uid']}&do=share&id={$value['sid']}"; $setarr['title_template'] = '{actor} ' . $value['title_template']; $setarr['body_template'] = $value['body_template']; $setarr['body_data'] = $value['body_data']; $setarr['body_general'] = $value['body_general']; $setarr['image_1'] = $value['image']; $setarr['image_1_link'] = $value['image_link']; } break; } if ($setarr['icon']) { $setarr['appid'] = UC_APPID; //ݴ $setarr['title_data'] = serialize($setarr['title_data']); // groups ת if ($idtype != 'sid') { $setarr['body_data'] = serialize($setarr['body_data']); // groups ת } $setarr['hash_template'] = md5($setarr['title_template'] . "\t" . $setarr['body_template']); //ϲhash $setarr['hash_data'] = md5($setarr['title_template'] . "\t" . $setarr['title_data'] . "\t" . $setarr['body_template'] . "\t" . $setarr['body_data']); //ϲhash $setarr = saddslashes($setarr); $feedid = 0; if (!$add && $setarr['id']) { $query = $_SGLOBAL['db']->query("SELECT feedid FROM " . tname('feed') . " WHERE id='{$id}' AND idtype='{$idtype}'"); $feedid = $_SGLOBAL['db']->result($query, 0); } if ($feedid) { updatetable('feed', $setarr, array('feedid' => $feedid)); } else { inserttable('feed', $setarr); } } }
$failingmail = array(); foreach ($mails as $key => $value) { $value = trim($value); if (empty($value) || !isemail($value)) { $failingmail[] = $value; continue; } if ($reward['credit']) { //计算积分扣减积分 $credit = intval($reward['credit']) * ($invitenum + 1); if (!isemail($value) || $reward['credit'] && $credit > $space['credit']) { $failingmail[] = $value; continue; } $code = strtolower(random(6)); $setarr = array('uid' => $_SGLOBAL['supe_uid'], 'code' => $code, 'email' => saddslashes($value), 'type' => 1); $id = inserttable('invite', $setarr, 1); if ($id) { $mailvar[4] = "{$siteurl}invite.php?{$id}{$code}{$inviteapp}"; // $mailvar[4] = "http://openid.enjoyoung.cn/account/new?{$id}{$code}{$inviteapp}&renturn_to=uchome"; createmail($value, $mailvar); $invitenum++; } else { $failingmail[] = $value; } } else { $mailvar[4] = "{$siteurl}invite.php?u={$space['uid']}&c={$invite_code}{$inviteapp}"; // $mailvar[4] = "http://openid.enjoyoung.cn/account/new?u=$space[uid]&c=$invite_code{$inviteapp}&renturn_to=uchome"; if ($appid) { $mailvar[6] = $appinfo['appname']; }
function deletespace($uid, $force = 0) { global $_SGLOBAL, $_SC, $_SCONFIG; $delspace = array(); $allowmanage = checkperm('managedelspace'); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('space') . " WHERE uid='{$uid}'"); if ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($force || $allowmanage && $value['uid'] != $_SGLOBAL['supe_uid']) { $delspace = $value; //如果不是强制删除则入删除记录表 if (!$force) { $setarr = array('uid' => $value['uid'], 'username' => saddslashes($value['username']), 'opuid' => $_SGLOBAL['supe_uid'], 'opusername' => $_SGLOBAL['supe_username'], 'flag' => '-1', 'dateline' => $_SGLOBAL['timestamp']); inserttable('spacelog', $setarr, 0, true); } } } if (empty($delspace)) { return array(); } //履盖权限设置 $_SGLOBAL['usergroup'][$_SGLOBAL['member']['groupid']]['managebatch'] = 1; //space $_SGLOBAL['db']->query("DELETE FROM " . tname('space') . " WHERE uid='{$uid}'"); //spacefield $_SGLOBAL['db']->query("DELETE FROM " . tname('spacefield') . " WHERE uid='{$uid}'"); //feed $_SGLOBAL['db']->query("DELETE FROM " . tname('feed') . " WHERE uid='{$uid}' OR (id='{$uid}' AND idtype='uid')"); //记录 $doids = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('doing') . " WHERE uid='{$uid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $doids[$value['doid']] = $value['doid']; } $_SGLOBAL['db']->query("DELETE FROM " . tname('doing') . " WHERE uid='{$uid}'"); //删除记录回复 $_SGLOBAL['db']->query("DELETE FROM " . tname('docomment') . " WHERE doid IN (" . simplode($doids) . ") OR uid='{$uid}'"); //分享 $_SGLOBAL['db']->query("DELETE FROM " . tname('share') . " WHERE uid='{$uid}'"); //数据 $_SGLOBAL['db']->query("DELETE FROM " . tname('album') . " WHERE uid='{$uid}'"); //删除积分记录 $_SGLOBAL['db']->query("DELETE FROM " . tname('creditlog') . " WHERE uid='{$uid}'"); //删除通知 $_SGLOBAL['db']->query("DELETE FROM " . tname('notification') . " WHERE (uid='{$uid}' OR authorid='{$uid}')"); //删除打招呼 $_SGLOBAL['db']->query("DELETE FROM " . tname('poke') . " WHERE (uid='{$uid}' OR fromuid='{$uid}')"); //删除他仓建的投票 $pollid = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('poll') . " WHERE uid='{$uid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $pollid[$value['pid']] = $value['pid']; } deletepolls($pollid); //删除他参与的投票 $pollid = array(); $query = $_SGLOBAL['db']->query("SELECT pid FROM " . tname('polluser') . " WHERE uid='{$uid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $pollid[$value['pid']] = $value['pid']; } //扣除投票数 if ($pollid) { $_SGLOBAL['db']->query("UPDATE " . tname('poll') . " SET voternum=voternum-1 WHERE pid IN (" . simplode($pollid) . ")"); } $_SGLOBAL['db']->query("DELETE FROM " . tname('polluser') . " WHERE uid='{$uid}'"); //活动 $ids = array(); $query = $_SGLOBAL['db']->query('SELECT eventid FROM ' . tname('event') . " WHERE uid = '{$uid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $ids[] = $value['eventid']; } deleteevents($ids); //删除他参加的活动 $ids = $ids1 = $ids2 = array(); $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('userevent') . " WHERE uid = '{$uid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($value['status'] == 1) { $ids1[] = $value['eventid']; //关注 } elseif ($value['status'] > 1) { $ids2[] = $value['eventid']; //参加 } $ids[] = $value['eventid']; } if ($ids1) { $_SGLOBAL['db']->query('UPDATE ' . tname('event') . ' SET follownum = follownum - 1 WHERE eventid IN (' . simplode($ids1) . ')'); } if ($ids2) { $_SGLOBAL['db']->query('UPDATE ' . tname('event') . ' SET membernum = membernum - 1 WHERE eventid IN (' . simplode($ids2) . ')'); // to to: 最好还要检查并减去他携带的人数 } if ($ids) { $_SGLOBAL['db']->query('DELETE FROM ' . tname('userevent') . ' WHERE eventid IN (' . simplode($ids) . ") AND uid = '{$uid}'"); } //删除相关活动邀请 $_SGLOBAL['db']->query('DELETE FROM ' . tname('eventinvite') . " WHERE uid = '{$uid}' OR touid = '{$uid}'"); //删除上传的活动图片 $_SGLOBAL['db']->query('DELETE FROM ' . tname('eventpic') . " WHERE picid = '{$uid}'"); //to do: 最好同时更新活动图片数和活动话题数 //道具 $_SGLOBAL['db']->query('DELETE FROM ' . tname('usermagic') . " WHERE uid = '{$uid}'"); $_SGLOBAL['db']->query('DELETE FROM ' . tname('magicinlog') . " WHERE uid = '{$uid}'"); $_SGLOBAL['db']->query('DELETE FROM ' . tname('magicuselog') . " WHERE uid = '{$uid}'"); //pic //删除图片附件 $pics = array(); $query = $_SGLOBAL['db']->query("SELECT filepath FROM " . tname('pic') . " WHERE uid='{$uid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $pics[] = $value; } //数据 $_SGLOBAL['db']->query("DELETE FROM " . tname('pic') . " WHERE uid='{$uid}'"); //blog $blogids = array(); $query = $_SGLOBAL['db']->query("SELECT blogid FROM " . tname('blog') . " WHERE uid='{$uid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $blogids[$value['blogid']] = $value['blogid']; //tag $tags = array(); $subquery = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM " . tname('tagblog') . " WHERE blogid='{$value['blogid']}'"); while ($tag = $_SGLOBAL['db']->fetch_array($subquery)) { $tags[$tag['tagid']] = $tag['tagid']; } if ($tags) { $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET blognum=blognum-1 WHERE tagid IN (" . simplode($tags) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('tagblog') . " WHERE blogid='{$value['blogid']}'"); } } //数据删除 $_SGLOBAL['db']->query("DELETE FROM " . tname('blog') . " WHERE uid='{$uid}'"); $_SGLOBAL['db']->query("DELETE FROM " . tname('blogfield') . " WHERE uid='{$uid}'"); //bwzt $bwztids = array(); $query = $_SGLOBAL['db']->query("SELECT bwztid FROM " . tname('bwzt') . " WHERE uid='{$uid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $bwztids[$value['bwztid']] = $value['bwztid']; //tag $tags = array(); $subquery = $_SGLOBAL['db']->query("SELECT tagid, bwztid FROM " . tname('tagbwzt') . " WHERE bwztid='{$value['bwztid']}'"); while ($tag = $_SGLOBAL['db']->fetch_array($subquery)) { $tags[$tag['tagid']] = $tag['tagid']; } if ($tags) { $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET bwztnum=bwztnum-1 WHERE tagid IN (" . simplode($tags) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('tagbwzt') . " WHERE bwztid='{$value['bwztid']}'"); } } //数据删除 $_SGLOBAL['db']->query("DELETE FROM " . tname('bwzt') . " WHERE uid='{$uid}'"); $_SGLOBAL['db']->query("DELETE FROM " . tname('bwztfield') . " WHERE uid='{$uid}'"); //评论 $_SGLOBAL['db']->query("DELETE FROM " . tname('comment') . " WHERE (uid='{$uid}' OR authorid='{$uid}' OR (id='{$uid}' AND idtype='uid'))"); //访客 $_SGLOBAL['db']->query("DELETE FROM " . tname('visitor') . " WHERE (uid='{$uid}' OR vuid='{$uid}')"); //删除任务记录 $_SGLOBAL['db']->query("DELETE FROM " . tname('usertask') . " WHERE uid='{$uid}'"); //class $_SGLOBAL['db']->query("DELETE FROM " . tname('class') . " WHERE uid='{$uid}'"); //friend //好友 $_SGLOBAL['db']->query("DELETE FROM " . tname('friend') . " WHERE (uid='{$uid}' OR fuid='{$uid}')"); //member $_SGLOBAL['db']->query("DELETE FROM " . tname('member') . " WHERE uid='{$uid}'"); //删除脚印 $_SGLOBAL['db']->query("DELETE FROM " . tname('clickuser') . " WHERE uid='{$uid}'"); //删除黑名单 $_SGLOBAL['db']->query("DELETE FROM " . tname('blacklist') . " WHERE (uid='{$uid}' OR buid='{$uid}')"); //删除邀请记录 $_SGLOBAL['db']->query("DELETE FROM " . tname('invite') . " WHERE (uid='{$uid}' OR fuid='{$uid}')"); //删除邮件队列 $_SGLOBAL['db']->query("DELETE FROM " . tname('mailcron') . ", " . tname('mailqueue') . " USING " . tname('mailcron') . ", " . tname('mailqueue') . " WHERE " . tname('mailcron') . ".touid='{$uid}' AND " . tname('mailcron') . ".cid=" . tname('mailqueue') . ".cid"); //漫游邀请 $_SGLOBAL['db']->query("DELETE FROM " . tname('myinvite') . " WHERE (touid='{$uid}' OR fromuid='{$uid}')"); $_SGLOBAL['db']->query("DELETE FROM " . tname('userapp') . " WHERE uid='{$uid}'"); $_SGLOBAL['db']->query("DELETE FROM " . tname('userappfield') . " WHERE uid='{$uid}'"); //mtag //thread $tids = array(); $query = $_SGLOBAL['db']->query("SELECT tid, tagid FROM " . tname('thread') . " WHERE uid='{$uid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $tids[$value['tagid']][] = $value['tid']; } foreach ($tids as $tagid => $v_tids) { deletethreads($tagid, $v_tids); } //post $pids = array(); $query = $_SGLOBAL['db']->query("SELECT pid, tagid FROM " . tname('post') . " WHERE uid='{$uid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $pids[$value['tagid']][] = $value['pid']; } foreach ($pids as $tagid => $v_pids) { deleteposts($tagid, $v_pids); } $_SGLOBAL['db']->query("DELETE FROM " . tname('thread') . " WHERE uid='{$uid}'"); $_SGLOBAL['db']->query("DELETE FROM " . tname('post') . " WHERE uid='{$uid}'"); //session $_SGLOBAL['db']->query("DELETE FROM " . tname('session') . " WHERE uid='{$uid}'"); //排行榜 $_SGLOBAL['db']->query("DELETE FROM " . tname('show') . " WHERE uid='{$uid}'"); //群组 $mtagids = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('tagspace') . " WHERE uid='{$uid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $mtagids[$value['tagid']] = $value['tagid']; } if ($mtagids) { $_SGLOBAL['db']->query("UPDATE " . tname('mtag') . " SET membernum=membernum-1 WHERE tagid IN (" . simplode($mtagids) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('tagspace') . " WHERE uid='{$uid}'"); } $_SGLOBAL['db']->query("DELETE FROM " . tname('mtaginvite') . " WHERE (uid='{$uid}' OR fromuid='{$uid}')"); //删除图片 deletepicfiles($pics); //删除图片 //删除举报 $_SGLOBAL['db']->query("DELETE FROM " . tname('report') . " WHERE id='{$uid}' AND idtype='uid'"); //变更记录 if ($_SCONFIG['my_status']) { inserttable('userlog', array('uid' => $uid, 'action' => 'delete', 'dateline' => $_SGLOBAL['timestamp']), 0, true); } return $delspace; }
$start = empty($_GET['start']) ? 0 : intval($_GET['start']); $countnum = 0; $lastfileid = 0; $sitemap_path = S_ROOT . './data/sitemap/'; if (!file_exists($sitemap_path)) { @mkdir($sitemap_path, '0666'); } if (submitcheck('thevalue')) { if (!preg_match("/^[0-9a-z_]+\$/i", $_POST['mapname']) || strlen($_POST['mapname']) > 50) { showmessage('sitemap_name_error'); } $mapdata = addslashes(serialize($sitemapdata)); $_POST['maptype'] = saddslashes(shtmlspecialchars($_POST['maptype'])); $_POST['mapnum'] = $_POST['maptype'] == 'google' ? intval($_POST['mapnum_google']) : intval($_POST['mapnum_baidu']); $_POST['createtype'] = intval($_POST['createtype']); $_POST['changefreq'] = $_POST['maptype'] == 'google' ? saddslashes(shtmlspecialchars($_POST['changefreq_google'])) : saddslashes(shtmlspecialchars($_POST['changefreq_baidu'])); if (!empty($_POST['slogid'])) { $_SGLOBAL['db']->query("UPDATE " . tname('sitemaplogs') . " SET mapname='{$_POST['mapname']}', maptype='{$_POST['maptype']}', mapnum='{$_POST['mapnum']}', createtype='{$_POST['createtype']}', changefreq='{$_POST['changefreq']}' WHERE slogid='{$_POST['slogid']}'"); showmessage('sitemap_config_update', $theurl); } else { $query = $_SGLOBAL['db']->query("SELECT count(*) FROM " . tname('sitemaplogs') . " WHERE mapname='{$_POST['mapname']}'"); if ($value = $_SGLOBAL['db']->result($query, 0)) { showmessage('sitemap_name_exists'); } $_SGLOBAL['db']->query("INSERT INTO " . tname('sitemaplogs') . "(mapname, maptype, mapnum, mapdata, createtype, changefreq) VALUES ('{$_POST['mapname']}', '{$_POST['maptype']}', '{$_POST['mapnum']}', '{$mapdata}', '{$_POST['createtype']}', '{$_POST['changefreq']}')"); showmessage('sitemap_config_add', $theurl); } } elseif (submitcheck('listsubmit')) { if (!empty($_POST['slogidarr'])) { $slogidarr = implode('\',\'', $_POST['slogidarr']); $_SGLOBAL['db']->query('DELETE FROM ' . tname('sitemaplogs') . ' WHERE slogid IN (\'' . $slogidarr . '\')');
//µÚÒ»´Î $doingnum = getcount('doing', array('uid' => $space['uid'])); $setarr['doingnum'] = "doingnum='{$doingnum}'"; } else { $setarr['doingnum'] = "doingnum=doingnum+1"; } } $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET " . implode(',', $setarr) . " WHERE uid='{$_SGLOBAL['supe_uid']}'"); $title_template = cplang(cplang('feed_doing_title')); $title_data = saddslashes(serialize(sstripslashes(array('message' => $message)))); $body_template = $body_data = ''; if ($complainOK) { $title_template = cplang(cplang('feed_complain')); $title_data = ''; $body_template = '{message}'; $body_data = saddslashes(serialize(sstripslashes(array('message' => $message)))); } //ʼþfeed if ($add_doing) { $ip = getonlineip(); $ip_detail = getIpDetails(); $lon = $ip_detail['latitude']; $lat = $ip_detail['longitude']; $pos = "http://lbs.juhe.cn/api/getaddressbylngb?lngx=" . $lat . "&lngy=" . $lon; $opts = array('http' => array('method' => 'GET', 'time' => 1)); $context = stream_context_create($opts); $res = file_get_contents($pos, false, $context); $res = json_decode($res, 1); $address = $res['row']['result']['formatted_address']; if ($picid && $filepath) { $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => $title_template, 'title_data' => $title_data, 'body_template' => $body_template, 'body_data' => $body_data, 'id' => $newdoid, 'idtype' => 'doid', 'fromdevice' => 'web', 'image_1' => pic_get($filepath, 1, 0), 'image_1_link' => "space.php?uid={$_SGLOBAL['supe_uid']}&do=album&picid={$picid}", 'ip' => $ip, 'address' => $address);
/** * 模型在线投稿提交处理函数 */ function modelpost($cacheinfo, $cp = 1) { global $_SGLOBAL, $theurl, $_SCONFIG; include_once S_ROOT . './function/upload.func.php'; $_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0; $itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0; $hash = ''; $op = 'add'; $resultitems = $resultmessage = array(); $modelsinfoarr = $cacheinfo['models']; $columnsinfoarr = $cacheinfo['columns']; //获取等级信息 if ($cacheinfo['models']['modelname'] == 'defect') { switch ($_POST['grade']) { case 1: $_POST['grade'] = '64'; break; case 2: $_POST['grade'] = '32'; break; case 3: $_POST['grade'] = '16'; break; case 4: $_POST['grade'] = '9'; break; case 5: $_POST['grade'] = '4'; break; case 6: $_POST['grade'] = '1'; break; case 7: $_POST['grade'] = '-1'; break; case 8: $_POST['grade'] = '-2'; break; case 9: $_POST['grade'] = '-3'; break; } $gradearr = array('0' => $alang['general_state'], '64' => $alang['check_grade_1'], '32' => $alang['check_grade_2'], '16' => $alang['check_grade_3_1'], '9' => $alang['check_grade_3_2'], '4' => $alang['check_grade_3_3'], '1' => $alang['check_grade_4'], '-1' => $alang['check_grade_5'], '-2' => $alang['check_grade_6'], '-3' => $alang['check_grade_7']); if (!empty($_SCONFIG['checkgrade'])) { $newgradearr = explode("\t", $_SCONFIG['checkgrade']); $gradearr['64'] = $newgradearr[0]; $gradearr['32'] = $newgradearr[1]; $gradearr['16'] = $newgradearr[2]; $gradearr['9'] = $newgradearr[3]; $gradearr['4'] = $newgradearr[4]; $gradearr['1'] = $newgradearr[5]; $gradearr['-1'] = $newgradearr[6]; $gradearr['-2'] = $newgradearr[7]; $gradearr['-3'] = $newgradearr[8]; } } else { $gradearr = array('0' => $alang['general_state'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5'], '6' => $alang['check_grade_6'], '7' => $alang['check_grade_7']); if (!empty($_SCONFIG['checkgrade'])) { $newgradearr = explode("\t", $_SCONFIG['checkgrade']); for ($i = 0; $i < count($newgradearr); $i++) { if (!empty($newgradearr[$i])) { $gradearr[$i + 1] = $newgradearr[$i]; } } } } if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) { showmessage('parameter_error'); } $feedcolum = array(); foreach ($columnsinfoarr as $result) { if ($result['isfixed'] == 1) { $resultitems[] = $result; } else { $resultmessage[] = $result; } if ($result['formtype'] == 'linkage') { if (!empty($_POST[$result['fieldname']])) { $_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]]; } } elseif ($result['formtype'] == 'timestamp') { if (empty($_POST[$result['fieldname']])) { $_POST[$result['fieldname']] = $_SGLOBAL['timestamp']; } else { $_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]); } } } //更新用户最新更新时间 if (empty($itemid) && $_SGLOBAL['supe_uid']) { updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid'])); } //输入检查 $_POST['catid'] = intval($_POST['catid']); $_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0; $_POST['subject'] = shtmlspecialchars(trim($_POST['subject'])); //检查输入 if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) { showmessage('space_suject_length_error'); } if (empty($_POST['catid'])) { showmessage('admin_func_catid_error'); } if (!empty($_FILES['subjectimage']['name'])) { $fileext = fileext($_FILES['subjectimage']['name']); if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) { showmessage('document_types_can_only_upload_pictures'); } } //数据检查 checkvalues(array_merge($resultitems, $resultmessage), 0, 1); //修改时检验标题图片是否修改 $defaultmessage = array(); if (!empty($itemid)) { if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) { //当file删除时,或修改时执行删除操作 $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\''); $defaultmessage = $_SGLOBAL['db']->fetch_array($query); $hash = getmodelhash($_GET['mid'], $itemid); deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage')); //删除附件表 updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid)); $ext = fileext($defaultmessage['subjectimage']); if (in_array($ext, array('jpg', 'jpeg', 'png'))) { @unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg'); } @unlink(A_DIR . '/' . $defaultmessage['subjectimage']); } } //构建数据 $setsqlarr = $setitemsqlarr = array(); $setsqlarr = getsetsqlarr($resultitems); $setsqlarr['catid'] = $_POST['catid']; $setsqlarr['subject'] = $_POST['subject']; $setsqlarr['allowreply'] = $_POST['allowreply']; $setsqlarr['grade'] = intval($_POST['grade']); //modify by jyf,没权限的用户不能改审核等级 if ($setsqlarr['grade'] > 0) { if (!checkperm('manageeditpost')) { showmessage('no_permission'); } } //end $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; $setsqlarr['uid'] = $_SGLOBAL['supe_uid']; $setsqlarr['username'] = $_SGLOBAL['supe_username']; $setsqlarr['lastpost'] = $setsqlarr['dateline']; $modelsinfoarr['subjectimagewidth'] = 400; $modelsinfoarr['subjectimageheight'] = 300; if (!empty($modelsinfoarr['thumbsize'])) { $modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize'])); $modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0]; $modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1]; } $uploadfilearr = $ids = array(); $subjectimageid = ''; $uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']); if (!empty($uploadfilearr)) { $feedsubjectimg = $uploadfilearr; foreach ($uploadfilearr as $tmpkey => $tmpvalue) { if (empty($tmpvalue['error'])) { $setsqlarr[$tmpkey] = $tmpvalue['filepath']; } if (!empty($tmpvalue['aid'])) { $ids[] = $tmpvalue['aid']; } } } //词语过滤 if (!empty($modelsinfoarr['allowfilter'])) { $setsqlarr = scensor($setsqlarr, 1); } //发布时间 if (empty($_POST['dateline'])) { $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; } else { $setsqlarr['dateline'] = sstrtotime($_POST['dateline']); if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) { //不能早于2年 $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; } } //附件处理-by jyf if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) { $setsqlarr['attaches'] = implode(',', $_POST['divupload']); } //创新园地新增两个字段-------89184 if ($cacheinfo['models']['modelname'] == 'creative') { if (empty($_POST['creative_value'])) { showmessage('请输入创新价值说明'); } if (empty($_POST['creative_days'])) { showmessage('本创新所耗的工作量'); } $setsqlarr['value'] = $_POST['creative_value']; $setsqlarr['days'] = $_POST['creative_days']; } if (!checkperm('allowdirectpost') || checkperm('managemodpost')) { //不需要审核时入item表 if (empty($itemid)) { //插入数据 $itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1); //取消邮件通知 --89184 $email = get_cate_mail($_POST['catid']); $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); if ($_POST['modelname'] == 'creative') { if ($_POST['creative_type'] == '流程建议') { $email = $email . ',' . get_cate_process_mail($setsqlarr['catid']); } } $emails = explode(',', $email); if (count($emails) > 0) { include S_ROOT . './function/sendmail.fun.php'; $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); if ($cacheinfo['models']['modelname'] == 'creative') { $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的创新:<br />' . $url1; sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的创新《' . $_POST['subject'] . "》", $msg1); } else { if ($cacheinfo['models']['modelname'] == 'defect') { $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例:<br />' . $url1; sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例《' . $_POST['subject'] . "》", $msg1); } } } } else { //更新 $op = 'update'; unset($setsqlarr['uid']); unset($setsqlarr['username']); unset($setsqlarr['lastpost']); if ($setsqlarr['grade'] > 0) { $setsqlarr['shenhezhe'] = $_SGLOBAL['supe_username']; if ($_POST['modelname'] == 'creative') { if ($_POST['creative_type'] == '主管月度创新') { if (!check_cate_director($setsqlarr['catid'])) { showmessage('no_permission'); } } } } updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid)); $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\''); $defaultmessage = $_SGLOBAL['db']->fetch_array($query); //邮件通知--等级审核 if ($setsqlarr['grade'] > 0) { $sqlstr = 'SELECT u.*, s.* FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' s LEFT JOIN ' . tname('members') . ' u ON u.uid=s.uid WHERE s.itemid=\'' . $itemid . '\''; $query = $_SGLOBAL['db']->query($sqlstr); $value = $_SGLOBAL['db']->fetch_array($query); $email = $value['email']; if (!empty($email)) { include S_ROOT . './function/sendmail.fun.php'; $url = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); $emails = explode(',', $email); if ($_POST['modelname'] == 'creative') { $msg = '你的创新已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url; } else { $msg = '你的缺陷预防案例已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url; } sendmail($emails, $setsqlarr['subject'], $msg); } } } if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) { $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=1, type=\'' . $modelsinfoarr['modelname'] . '\', itemid=' . $itemid . ', catid=\'' . $_POST['catid'] . '\' WHERE hash=\'' . $_POST['hash'] . '\''); } $hash = getmodelhash($_POST['mid'], $itemid); if (!empty($ids)) { $ids = simplode($ids); $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')'); } $do = 'pass'; } else { if (!empty($uploadfilearr['subjectimage']['aid'])) { $subjectimageid = $uploadfilearr['subjectimage']['aid']; } $setitemsqlarr = $setsqlarr; $do = 'me'; } if ($op == 'update') { if (!empty($resultmessage)) { foreach ($resultmessage as $value) { if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) { if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) { //当file删除时,或修改时执行删除操作 deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname'])); //删除附件表 updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid'])); $ext = fileext($defaultmessage[$value['fieldname']]); if (in_array($ext, array('jpg', 'jpeg', 'png'))) { @unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg'); } @unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]); } } } } } //内容 $setsqlarr = $uploadfilearr = $ids = array(); $setsqlarr = getsetsqlarr($resultmessage); $uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0); $setsqlarr['message'] = trim($_POST['message']); $setsqlarr['postip'] = $_SGLOBAL['onlineip']; if (!empty($uploadfilearr)) { foreach ($uploadfilearr as $tmpkey => $tmpvalue) { if (empty($tmpvalue['error'])) { $setsqlarr[$tmpkey] = $tmpvalue['filepath']; } if (!empty($tmpvalue['aid'])) { $ids[] = $tmpvalue['aid']; } } } //添加内容 if (!empty($modelsinfoarr['allowfilter'])) { $setsqlarr = scensor($setsqlarr, 1); } if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') { //不需要审核时入message表 if ($op == 'add') { $setsqlarr['itemid'] = $itemid; //添加内容 inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr); getreward('postinfo'); if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) { $feed['icon'] = 'comment'; $feed['title_template'] = 'feed_model_title'; $murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); $aurl = A_URL; if (empty($_SCONFIG['siteurl'])) { $siteurl = getsiteurl(); $murl = $siteurl . $murl; $aurl = $siteurl . $aurl; } else { $siteurl = S_URL_ALL; } $feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>'); $feed['body_template'] = 'feed_model_message'; $feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150)); if (!empty($feedsubjectimg)) { $feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl); } else { foreach ($feedcolum as $feedimgvalue) { if ($feedimgvalue['filepath']) { $feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl); break; } } if (empty($feed['images'])) { $picurl = getmessagepic(stripslashes($_POST['message'])); if ($picurl && strpos($picurl, '://') === false) { $picurl = $siteurl . '/' . $picurl; } if (!empty($picurl)) { $feed['images'][] = array('url' => $picurl, 'link' => $murl); } } } postfeed($feed); } } else { //更新内容 updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid)); } updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash)); if (checkperm('allowdirectpost') && $op == 'update') { deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1); } if (checkperm('allowdirectpost') && $op == 'update') { $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('writing_success_online_please_wait_for_audit', $jpurl); } else { $jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('online_contributions_success', $jpurl); } } else { $setsqlarr = array_merge($setitemsqlarr, $setsqlarr); $setsqlarr['addfeed'] = $_POST['addfeed']; $setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1); if (!empty($_POST['itemid'])) { $itemid = intval($_POST['itemid']); updatetable('modelfolders', $setsqlarr, array('itemid' => $itemid)); } else { $itemid = inserttable('modelfolders', $setsqlarr, 1); } if (!empty($subjectimageid)) { $ids[] = $subjectimageid; } if (!empty($ids)) { $ids = simplode($ids); $hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT); $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')'); } $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('writing_success_online_please_wait_for_audit', $jpurl); } }
if (preg_match("/\\.swf\$/i", $link)) { $arr['title_template'] = cplang('share_flash'); $arr['body_data']['flashaddr'] = $link; $type = 'flash'; } } $arr['body_general'] = getstr($_POST['general'], 150, 1, 1, 1, 1); $arr['type'] = $type; $arr['uid'] = $_SGLOBAL['supe_uid']; $arr['username'] = $_SGLOBAL['supe_username']; $arr['dateline'] = $_SGLOBAL['timestamp']; $arr['topicid'] = $_POST['topicid']; $arr['body_data'] = serialize($arr['body_data']); // groups ת // $setarr = saddslashes($arr); //ת $sid = inserttable('share', $setarr, 1); //Statistics updatestat('share'); // share notice if ($note_uid && $note_uid != $_SGLOBAL['supe_uid']) { notification_add($note_uid, 'sharenotice', $note_message); } // update user Statistics if (empty($space['sharenum'])) { $space['sharenum'] = getcount('share', array('uid' => $space['uid'])); $sharenumsql = "sharenum=" . $space['sharenum']; } else { $sharenumsql = 'sharenum=sharenum+1'; }
@include_once(S_ROOT.'./uc_client/data/cache/creditsettings.php'); if(submitcheck('exchangesubmit')) { $netamount = $tocredits = 0; $tocredits = $_POST['tocredits']; $outexange = strexists($tocredits, '|'); if(!$outexange && !$_CACHE['creditsettings'][$tocredits]['ratio']) { showmessage('credits_exchange_invalid'); } $amount = intval($_POST['amount']); if($amount <= 0) { showmessage('credits_transaction_amount_invalid'); } @include_once(S_ROOT.'./uc_client/client.php'); $ucresult = uc_user_login($_SGLOBAL['supe_username'], $_POST['password']); list($tmp['uid']) = saddslashes($ucresult); if($tmp['uid'] <= 0) { showmessage('credits_password_invalid'); } elseif($space['credit']-$amount < 0) { showmessage('credits_balance_insufficient'); } $netamount = floor($amount * 1/$_CACHE['creditsettings'][$tocredits]['ratio']); list($toappid, $tocredits) = explode('|', $tocredits); $ucresult = uc_credit_exchange_request($_SGLOBAL['supe_uid'], $_CACHE['creditsettings'][$tocredits]['creditsrc'], $tocredits, $toappid, $netamount); if(!$ucresult) { showmessage('extcredits_dataerror'); } $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET credit=credit-$amount WHERE uid='$_SGLOBAL[supe_uid]'");
function verify_eventmembers($uids, $status) { global $_SGLOBAL, $event; if ($_SGLOBAL['supe_userevent']['status'] < 3) { showmessage('no_privilege_manage_event_members'); } $eventid = $_SGLOBAL['supe_userevent']['eventid']; if ($eventid != $event['eventid']) { $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("event") . " WHERE eventid='{$eventid}'"); $event = $_SGLOBAL['db']->fetch_array($query); } $status = intval($status); if ($status < -1 || $status > 3) { showmessage("bad_userevent_status"); // Please select the correct status of the event Members } if ($event['verify'] == 0 && $status == 0) { showmessage("event_not_set_verify"); } if ($status == 3 && $_SGLOBAL['supe_uid'] != $event['uid']) { showmessage("only_creator_can_set_admin"); // Only Founder can set the administrator } $newids = $actions = $userevents = array(); $num = 0; // changing Event Member Number $query = $_SGLOBAL['db']->query("SELECT ue.*, sf.* FROM " . tname("userevent") . " ue LEFT JOIN " . tname("spacefield") . " sf ON ue.uid=sf.uid WHERE ue.uid IN (" . simplode($uids) . ") AND ue.eventid='{$eventid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($value['status'] == $status || $event['uid'] == $value['uid'] || $value['status'] == 1) { // The same status, creator, who does not deal with concerned about continue; } if ($status == 2) { //Set to ordinary member $newids[] = $value['uid']; $userevents[$value['uid']] = $value; if ($value['status'] == 0) { // Join $actions[$value['uid']] = "set_verify"; $num += $value['fellow'] + 1; } elseif ($value['status'] == 3) { // cancel the Organizer status $actions[$value['uid']] = "unset_admin"; } } elseif ($status == 3) { //Set to Organizer $newids[] = $value['uid']; $userevents[$value['uid']] = $value; $actions[$value['uid']] = "set_admin"; if ($value['status'] == 0) { $num += $value['fellow'] + 1; } } elseif ($status == 0) { //Set to Pending $newids[] = $value['uid']; $userevents[$value['uid']] = $value; $actions[$value['uid']] = "unset_verify"; if ($value['status'] >= 2) { $num -= $value['fellow'] + 1; } } elseif ($status == -1) { //Delete Members $newids[] = $value['uid']; $userevents[$value['uid']] = $value; $actions[$value['uid']] = "set_delete"; if ($value['status'] >= 2) { $num -= $value['fellow'] + 1; } } } if (empty($newids)) { return array(); } if ($event['limitnum'] > 0 && $event['membernum'] + $num > $event['limitnum']) { // Event Number of members is over showmessage("event_will_full"); } $note_inserts = $note_ids = $feed_inserts = array(); $feedarr = array('appid' => UC_APPID, 'icon' => 'event', 'uid' => '', 'username' => '', 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('event_join'), 'title_data' => array('title' => $event['title'], "eventid" => $event['eventid'], "uid" => $event['uid'], "username" => $event['username']), 'body_template' => '', 'body_data' => array(), 'body_general' => '', 'image_1' => '', 'image_1_link' => '', 'image_2' => '', 'image_2_link' => '', 'image_3' => '', 'image_3_link' => '', 'image_4' => '', 'image_4_link' => '', 'target_ids' => '', 'friend' => ''); $feedarr = sstripslashes($feedarr); //Remove escape chars $feedarr['title_data'] = serialize(sstripslashes($feedarr['title_data'])); //Serialize $feedarr['body_data'] = serialize(sstripslashes($feedarr['body_data'])); //Serialize $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); //Like hash $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); //Merged hash $feedarr = saddslashes($feedarr); //Add slashes foreach ($newids as $id) { if ($status > 1 && $userevents[$id]['status'] == 0) { // Approved to participate in the Event, participate in activities publish to feed $feedarr['uid'] = $userevents[$id]['uid']; $feedarr['username'] = $userevents[$id]['username']; $feed_inserts[] = "('{$feedarr['appid']}', 'event', '{$feedarr['uid']}', '{$feedarr['username']}', '{$feedarr['dateline']}', '0', '{$feedarr['hash_template']}', '{$feedarr['hash_data']}', '{$feedarr['title_template']}', '{$feedarr['title_data']}', '{$feedarr['body_template']}', '{$feedarr['body_data']}', '{$feedarr['body_general']}', '{$feedarr['image_1']}', '{$feedarr['image_1_link']}', '{$feedarr['image_2']}', '{$feedarr['image_2_link']}', '{$feedarr['image_3']}', '{$feedarr['image_3_link']}', '{$feedarr['image_4']}', '{$feedarr['image_4_link']}')"; } $userevents[$id]['privacy'] = empty($userevents[$id]['privacy']) ? array() : unserialize($userevents[$id]['privacy']); $filter = empty($userevents[$id]['privacy']['filter_note']) ? array() : array_keys($userevents[$id]['privacy']['filter_note']); if (cknote_uid(array("type" => "eventmemberstatus", "authorid" => $_SGLOBAL['supe_uid']), $filter)) { $note_ids[] = $id; $note_msg = cplang('eventmember_' . $actions[$id], array("space.php?do=event&id=" . $event['eventid'], $event['title'])); $note_inserts[] = "('{$id}', 'eventmemberstatus', '1', '{$_SGLOBAL['supe_uid']}', '{$_SGLOBAL['supe_username']}', '" . addslashes($note_msg) . "', '{$_SGLOBAL['timestamp']}')"; } } if ($note_ids) { $_SGLOBAL['db']->query("INSERT INTO " . tname('notification') . " (`uid`, `type`, `new`, `authorid`, `author`, `note`, `dateline`) VALUES " . implode(',', $note_inserts)); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET notenum=notenum+1 WHERE uid IN (" . simplode($note_ids) . ")"); } if ($feed_inserts) { $_SGLOBAL['db']->query("INSERT INTO " . tname('feed') . " (`appid` ,`icon` ,`uid` ,`username` ,`dateline` ,`friend` ,`hash_template` ,`hash_data` ,`title_template` ,`title_data` ,`body_template` ,`body_data` ,`body_general` ,`image_1` ,`image_1_link` ,`image_2` ,`image_2_link` ,`image_3` ,`image_3_link` ,`image_4` ,`image_4_link`) VALUES " . implode(',', $feed_inserts)); } if ($status == -1) { // Delete $_SGLOBAL['db']->query("DELETE FROM " . tname("userevent") . " WHERE uid IN (" . simplode($newids) . ") AND eventid='{$eventid}'"); } else { // Set status $_SGLOBAL['db']->query("UPDATE " . tname("userevent") . " SET status='{$status}' WHERE uid IN (" . simplode($newids) . ") AND eventid='{$eventid}'"); } // Modify Event Number of members if ($num != 0) { $_SGLOBAL['db']->query("UPDATE " . tname("event") . " SET membernum = membernum + ({$num}) WHERE eventid='{$eventid}'"); } return $newids; }
inserttable('usergroups', $setarr); } else { //更新 updatetable('usergroups', $setarr, array('groupid' => $thevalue['groupid'])); } //更新缓存 include_once S_ROOT . './function/cache.func.php'; updategroupcache(); showmessage('do_success', S_URL . '/admincp.php?action=usergroups'); } elseif (submitcheck('copysubmit')) { //移除不需要复制的变量 unset($thevalue['grouptitle']); unset($thevalue['groupid']); unset($thevalue['explower']); unset($thevalue['system']); $copyvalue = saddslashes($thevalue); foreach ($_POST['aimgroup'] as $key => $value) { $groupid = intval($value); updatetable('usergroups', $copyvalue, array('groupid' => $groupid)); } //更新缓存 include_once S_ROOT . './function/cache.func.php'; updategroupcache(); showmessage('do_success', S_URL . '/admincp.php?action=usergroups'); } elseif (submitcheck('explowersubmit')) { if (count($_POST['explower']) != count(array_unique($_POST['explower']))) { showmessage('integral_limit_duplication_with_other_user_group'); } else { if (!empty($_POST['explower'])) { $oldexplower = array(); $query = $_SGLOBAL['db']->query("SELECT groupid, explower FROM " . tname('usergroups'));
foreach ($_POST['option'] as $key => $val) { $optionarr[] = intval($val); if (count($optionarr) >= $poll['maxchoice']) { break; } } $query = $_SGLOBAL['db']->query("SELECT `option` FROM " . tname('polloption') . " WHERE oid IN ('" . implode("','", $optionarr) . "') AND pid='{$pid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $list[] = saddslashes($value['option']); } if (empty($list)) { showmessage('please_select_items_to_vote'); } //Total votes $_SGLOBAL['db']->query("UPDATE " . tname('polloption') . " SET votenum=votenum+1 WHERE oid IN ('" . implode("','", $optionarr) . "') AND pid='{$pid}'"); $setarr = array('uid' => $_SGLOBAL['supe_uid'], 'username' => $_POST['anonymous'] ? '' : $_SGLOBAL['supe_username'], 'pid' => $pid, 'option' => saddslashes('"' . implode(cplang('poll_separator'), $list) . '"'), 'dateline' => $_SGLOBAL['timestamp']); inserttable('polluser', $setarr); $sql = ''; //Determine whether operating too fast if ($poll['credit'] && $poll['percredit'] && $poll['uid'] != $_SGLOBAL['supe_uid']) { if ($poll['credit'] <= $poll['percredit']) { $poll['percredit'] = $poll['credit']; $sql = ',percredit=0'; } $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET credit=credit+{$poll['percredit']} WHERE uid='{$_SGLOBAL['supe_uid']}'"); } else { $poll['percredit'] = 0; } $_SGLOBAL['db']->query("UPDATE " . tname('poll') . " SET voternum=voternum+1, lastvote='{$_SGLOBAL['timestamp']}', credit=credit-{$poll['percredit']} {$sql} WHERE pid='{$pid}'"); // real name realname_get();
function invite_get($uid, $code) { global $_SGLOBAL, $_SN; $invitearr = array(); if($uid && $code) { $query = $_SGLOBAL['db']->query("SELECT i.*, s.username, s.name, s.namestatus FROM ".tname('invite')." i LEFT JOIN ".tname('space')." s ON s.uid=i.uid WHERE i.uid='$uid' AND i.code='$code' AND i.fuid='0'"); if($invitearr = $_SGLOBAL['db']->fetch_array($query)) { realname_set($invitearr['uid'], $invitearr['username'], $invitearr['name'], $invitearr['namestatus']); $invitearr = saddslashes($invitearr); } } return $invitearr; }
} else { $refer = S_URL_ALL; } } include_once S_ROOT . './uc_client/client.php'; switch ($action) { case 'login': $cookietime = 0; if (!empty($_POST['cookietime'])) { $cookietime = intval($_POST['cookietime']); } if (submitcheck('loginsubmit')) { $password = $_POST['password']; $username = $_POST['username']; $ucresult = uc_user_login($username, $password, $loginfield == 'uid'); list($members['uid'], $members['username'], $members['password'], $members['email']) = saddslashes($ucresult); if ($members['uid'] <= 0) { showmessage('login_error', geturl('action/login')); } else { if (empty($_SCONFIG['noseccode'])) { if (!empty($_POST['seccode'])) { if (!ckseccode($_POST['seccode'])) { showmessage('incorrect_code', geturl('action/login')); } } else { $guidearr = array(); include template('site_secques'); exit; } } }
function IHomeServiceCreateComplain($params = NULL) { global $_SGLOBAL; if ($params['uid']) { if ($params['uid'] <= 0) { $errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct. the id must be a positive interger."); return json_encode($errorMsg); } else { $sql = "select name,username from " . tname('space') . " where uid = " . $params['uid']; $query = $_SGLOBAL['db']->query($sql); if ($row = $_SGLOBAL['db']->fetch_array($query)) { if ($row['name']) { $params['uname'] = $row['name']; } else { $params['uname'] = $row['username']; } } else { $errorMsg = array("errorNo" => "500", "content" => "the uid is not exist"); return json_encode($errorMsg); } } } else { $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter uid.the uid is not exist or the uid is not a positive interger."); return json_encode($errorMsg); } // 忽略department_id_list if (!$params['content']) { $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter message.the message is not exist or the message is empty."); return json_encode($errorMsg); } if ($params['device'] && !in_array($params['device'], array('web', 'wechat', 'mobile'))) { $errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct. the parameter device is out of range."); return json_encode($errorMsg); } $UserIds = array(); $mood = 0; $params['status'] = 'init'; $params['reply_count'] = 0; $params['timestamp'] = time(); $params['department_list'] = array(); $params['operation_list'] = array(); $params['reply_list'] = array(); preg_match("/\\[em\\:(\\d+)\\:\\]/s", $params['content'], $ms); $mood = empty($ms[1]) ? 0 : intval($ms[1]); $message = rawurldecode(getstr($params['content'], 1000, 1, 1, 1, 2)); preg_match_all("/[@](.*)[(]([\\d]+)[)]\\s*/U", $message, $matches, PREG_SET_ORDER); # 加上链接 foreach ($matches as $value) { $TmpString = $value[0]; $TmpName = $value[1]; $UserId = $value[2]; $result = $_SGLOBAL['db']->query("select uid,username,name from " . tname('space') . " where uid={$UserId}"); if ($rs = $_SGLOBAL['db']->fetch_array($result)) { $realname = $rs['name']; if (empty($realname)) { $realname = $rs['username']; } $params['department_list'][intval($UserId)] = $realname; $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; if ($ValidValue != false) { $message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $message); if (!in_array($UserId, $UserIds)) { $UserIds[] = $UserId; } } } } $message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $message); $message = preg_replace("/\\<br.*?\\>/is", ' ', $message); $params['content'] = $message; $setarr = array('uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'from' => $params['uid'], 'message' => $message, 'mood' => $mood, 'ip' => getonlineip(), 'fromdevice' => 'web'); if ($params['device']) { $setarr['fromdevice'] = $params['device']; } if ($params['ip']) { $setarr['ip'] = $params['ip']; } $newdoid = inserttable('doing', $setarr, 1); @(include_once S_ROOT . './data/data_creditrule.php'); $isComplain = TRUE; /*if($isComplain && ($_SGLOBAL['member']['credit'] < $_SGLOBAL['creditrule']['complain']['credit'])){ # 如果积分不够 $isComplain = FALSE; $note = cplang('note_complain_credit_failed', array("space.php?do=doing&doid=$newdoid")); notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note); $complain_msg = 'note_complain_credit_failed'; }*/ # 这部分可能会出错 foreach ($UserIds as $UserId) { if ($isComplain) { $UserDept = isDepartment($UserId, 1); if ($UserDept) { $nowtime = time(); $complain = array('doid' => $newdoid, 'uid' => $params['uid'], 'uname' => $params['uname'], 'atdepartment' => $UserDept['department'], 'atdeptuid' => $UserId, 'from' => $params['uid'], 'atuid' => $UserId, 'atuname' => $UserDept['department'], 'isreply' => 0, 'addtime' => $nowtime, 'dateline' => $nowtime, 'expire' => 0, 'times' => 1, 'issendmsg' => 0, 'message' => $message, 'datatime' => date("Ymd", $nowtime)); inserttable('complain', $complain, 0); $note = cplang('note_complain_buchu', array("space.php?do=complain_item&doid={$newdoid}", date('Y-m-d H:i', $nowtime + 3600 * 24))); notification_complain_add($UserId, 'complain', $note); $complainOK = TRUE; } else { $note = cplang('note_doing_at', array("space.php?do=doing&doid={$newdoid}")); notification_add($UserId, 'atyou', $note); } } } if ($complainOK) { $note = cplang('note_complain_user_success', array("space.php?do=complain_item&doid={$newdoid}")); notification_complain_add($params['uid'], 'complain', $note); $complain_msg = 'note_complain_user_success'; getreward('complain', 1, $params['uid']); } if (!$complainOK && $isComplain) { if ($UserId == '0000') { //系统管理员 虽然并没有什么用 $note = cplang("您好,您的诉求已发送成功。谢谢您对ihome社区的大力支持!", array("space.php?do=doing&doid={$newdoid}")); notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note); } else { $note = cplang('note_complain_user_failed', array("space.php?do=doing&doid={$newdoid}")); notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note); $complain_msg = 'note_complain_user_failed'; } } $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid', 'fromdevice' => 'web', 'ip' => getonlineip()); if ($params['device']) { $feedarr['fromdevice'] = $params['device']; } if ($params['ip']) { $feedarr['ip'] = $params['ip']; } $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); //ϲºÃhash $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); //ºÏ²¢hash $feedid = inserttable('feed', $feedarr, 1); updatestat('doing'); $setarr = array('note' => $message); $reward = getreward('doing', 0); updatetable('spacefield', $setarr, array('uid' => $params['uid'])); return json_encode($params); }
public function login($userlogin = '') { $userlogin = saddslashes($userlogin); $sql = "SELECT * FROM `user`\n WHERE `user`.login = '******'\n "; $res = sapp('db')->getrow($sql); return $res; }
error_reporting(0); $_SGLOBAL = $_SCONFIG = array(); //程序目录 define('S_ROOT', substr(dirname(__FILE__), 0, -7)); include_once S_ROOT . './function/common.func.php'; //获取时间 $_SGLOBAL['timestamp'] = time(); if (!@(include_once S_ROOT . './config.php')) { @(include_once S_ROOT . './config.new.php'); show_msg('您需要首先将程序根目录下面的 "config.new.php" 文件重命名为 "config.php"', 999); } extract($_SC); //GPC过滤 if (!get_magic_quotes_gpc()) { $_GET = saddslashes($_GET); $_POST = saddslashes($_POST); } ob_start(); $theurl = 'index.php'; $sqlfile = S_ROOT . './data/install.sql'; if (!file_exists($sqlfile)) { show_msg('请上传最新的 install.sql 数据库结构文件到程序的 ./data 目录下面,再重新运行本程序', 999); } $configfile = S_ROOT . './config.php'; //变量 $step = empty($_GET['step']) ? 0 : intval($_GET['step']); $action = empty($_GET['action']) ? '' : trim($_GET['action']); $nowarr = array('', '', '', '', '', '', ''); $formhash = formhash(); $lockfile = S_ROOT . './data/install.lock'; if (file_exists($lockfile)) {
$rs = $_SGLOBAL['db']->fetch_array($result); $realname = $rs['name']; //调用检查函数将@后的内容进行验证,为UID对应的姓名相同则返回@与姓名,不相同则继续判断下一个@,没有找到匹配的最终将返回false $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; $Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message); } //替换表情 $Message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $Message); $Message = preg_replace("/\\<br.*?\\>/is", ' ', $Message); //print_r($Message); $arr = array("username" => getstr($username, 15, 1, 1, 1), "message" => $Message, "uid" => intval($userid), "replynum" => 0, "mood" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'ip' => getonlineip()); $newdoid = inserttable('doing', $arr, 1); //事件feed $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $userid, 'username' => $username, 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $Message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid'); $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); //喜好hash $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); //合并hash inserttable('feed', $feedarr, 1); updatestat('doing'); //更新空间note $setarr = array('note' => $Message); if (!empty($_POST['spacenote'])) { $reward = getreward('updatemood', 0); $setarr['spacenote'] = $Message; } else { $reward = getreward('doing', 0); } updatetable('spacefield', $setarr, array('uid' => $userid));