solutions will be better for different programs; see section 13 for the specific requirements. You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see <http://www.gnu.org/licenses/>. */ require_once 'Connections/SQL.php'; require_once 'config.php'; require_once 'include/view.php'; if (!isset($_SESSION['Center_Username'])) { header("Location: index.php?login"); exit; } $_member = sc_get_result("SELECT * FROM `member` WHERE `id` = '%d'", array($_SESSION['Center_Id'])); $_avatar_dir = 'include/avatar/'; $upload_error = null; if (@$_GET['step'] == 2 && !isset($_GET['no']) && isset($_FILES['upload'])) { try { //檢查頭貼資料夾是否存在 if (!is_dir($_avatar_dir)) { //不存在的話就創建頭貼資料夾 if (!mkdir($_avatar_dir)) { die("頭貼資料夾不存在,並且創建失敗"); } } if ($_FILES['upload']['name'] != "" && is_uploaded_file($_FILES['upload']['tmp_name'])) { if (!isset($_FILES['upload']['error']) > 0) { throw new Exception("檔案上傳失敗"); }
<li><?php echo $_floor; ?> 樓</li> <?php if ($_reply['row']['author'] == $_SESSION['Center_Id']) { ?> <li> <a href="forumedit.php?reply&id=<?php echo $_reply['row']['id']; ?> " class="btn btn-info btn-sm"> 編輯 </a> </li> <?php } ?> </ul> <div class="con"><?php echo sc_removal_escape_string($_reply['row']['content']); ?> </div> </div> <?php } while ($_reply['row'] = $_reply['query']->fetch_assoc()); } $_all_reply = sc_get_result("SELECT COUNT(*) FROM `forum_reply` WHERE `post_id`='%d'", array($_post['row']['id'])); echo sc_page_pagination('forumview.php', @$_GET['page'], implode('', $_all_reply['row']), $center['forum']['limit'], '&id=' . $_post['row']['id']); } $view->render();
if (isset($_POST['content']) && trim($_POST['content']) != '') { $_chat = sc_get_result("SELECT * FROM `chat` ORDER BY `mktime` ASC"); if ($_chat['num_rows'] > 50) { $SQL->query("TRUNCATE TABLE `chat`"); } $SQL->query("INSERT INTO `chat` (`content`, `mktime`, `author`) VALUES ('%s', now(), '%s')", array(htmlspecialchars($_POST['content']), $_SESSION_scratch['Center_Id'])); sc_tag_member(htmlspecialchars($_POST['content']), rtrim(sc_get_headurl(), 'include/ajax') . '/chat.php', $_SESSION_scratch['Center_Username'] . '在聊天室提到你', $_SESSION_scratch['Center_Id']); header("Content-type: application/json"); echo json_encode(array("success" => true)); } } elseif (isset($_POST['last'])) { $_last = intval($_POST['last']); $_timeout = 20; $i = 0; while ($i < $_timeout) { $_result = sc_get_result("SELECT * FROM `chat` WHERE `mktime` > '%s'", array(date('Y-m-d H:i:s', $_last))); $_data = array(); $_data['last'] = time(); if ($_result['num_rows'] > 0) { do { $_member = $SQL->query("SELECT `username` FROM `member` WHERE `id` = '%d'", array($_result['row']['author']))->fetch_assoc(); $t = strtotime($_result['row']['mktime']); if (date('d') == date('d', $t)) { $_data['data'][] = array('id' => $_result['row']['id'], 'content' => $_result['row']['content'], 'mktime' => date('H:i:s', $t), 'author' => $_member['username']); } else { $_data['data'][] = array('id' => $_result['row']['id'], 'content' => $_result['row']['content'], 'mktime' => $_result['row']['mktime'], 'author' => $_member['username']); } } while ($_result['row'] = $_result['query']->fetch_assoc()); break; } $i++;
<ul class="list-inline" style="font-size:80%;color:rgb(100,100,100);"> <?php if ($_post['row']['level'] > 1) { ?> <li><span class="label"><?php echo sc_member_level($_post['row']['level']); ?> </span></li> <?php } ?> <li><?php echo $_post['row']['mktime']; ?> </li> <li><?php echo date('Y-m-d H:i', strtotime($_post['row']['mktime'])); ?> </li> <li><?php echo $_post_reply['num_rows']; ?> 回覆</li> </ul> </div> <?php } while ($_post['row'] = $_post['query']->fetch_assoc()); $_all = sc_get_result("SELECT COUNT(*) FROM `forum` WHERE `title` LIKE '%%%s%%' OR `content` LIKE '%%%s%%'", array(sc_xss_filter($_GET['q']), sc_xss_filter($_GET['q']))); echo sc_page_pagination('forumsearch.php', @$_GET['page'], implode('', $_all['row']), $center['forum']['limit'], '&q=' . sc_xss_filter($_GET['q'])); } $view->render();
$_joined = sprintf(" AND `joined` > '%s'", date('Y-m-d H:i:s', $POST_joined['0'])); } elseif ($POST_joined['1'] > 0) { $_joined = sprintf(" AND `joined` < '%s'", date('Y-m-d H:i:s', $POST_joined['1'])); } else { $_joined = ''; } if ($POST_last_login['0'] > 0 && $POST_last_login['1'] > 0) { $_last_login = sprintf(" AND `last_login` BETWEEN '%s' AND '%s'", date('Y-m-d H:i:s', $POST_last_login['0']), date('Y-m-d H:i:s', $POST_last_login['1'])); } elseif ($POST_last_login['0'] > 0) { $_last_login = sprintf(" AND `last_login` > '%s'", date('Y-m-d H:i:s', $POST_last_login['0'])); } elseif ($POST_last_login['1'] > 0) { $_last_login = sprintf(" AND `last_login` < '%s'", date('Y-m-d H:i:s', $POST_last_login['1'])); } else { $_last_login = ''; } $_member = sc_get_result("SELECT * FROM `member` WHERE `username` LIKE '%%%s%%' AND `email` LIKE '%%%s%%' AND `web_site` LIKE '%%%s%%' {$_last_login} {$_joined} {$_level} ORDER BY `id` ASC", array(sc_namefilter($_POST['username']), $_POST['email'], $_POST['web_site'])); } $view = new View('theme/admin_default.html', 'admin/nav.php', '', $center['site_name'], '會員搜尋', true); ?> <h2 class="page-header">會員搜尋</h2> <?php if (!isset($_GET['search']) or !isset($_POST['level']) or !isset($_POST['joined']) or !isset($_POST['last_login']) or !isset($_POST['username']) or !isset($_POST['email']) or !isset($_POST['web_site'])) { ?> <form class="form-horizontal form-sm" action="membersearch.php?search" method="POST"> <div class="form-group"> <label class="col-sm-3 control-label" for="username">帳號:</label> <div class="col-sm-9"> <input class="form-control" name="username" type="text"> </div> </div> <div class="form-group">
if ($_member['num_rows'] < 1 or $_POST['email'] != $_member['row']['email']) { $_GET['nouser'] = true; } else { $_subject = "重設密碼 - {$center['site_name']}"; $_body = "{$_member['row']['username']} 您好\n\t\t\n 請點擊以下連結重設您的密碼 \n\t\t\n " . sc_get_headurl() . "getpassword.php?id={$_member['row']['id']}&auth=" . md5($_member['row']['rekey']) . "\n\t\t\n (若是您沒有申請重設密碼,請忽略此信件)"; $_header = "From: {$center['site_name']} <{$center['mail']}> \n"; $_header .= 'Content-type:text/plain; charset=UTF-8'; mb_internal_encoding('UTF-8'); $_subject = mb_encode_mimeheader($_subject, 'UTF-8'); if (mail($_member['row']['email'], $_subject, $_body, $_header)) { $_step = 2; } } } elseif (isset($_GET['auth']) && trim($_GET['auth']) != '' && isset($_GET['id']) && abs($_GET['id']) != '') { $_uid = abs($_GET['id']); $_member = sc_get_result("SELECT * FROM member WHERE `id` = '%d'", array($_uid)); if ($_member['num_rows'] > 0) { if (md5($_member['row']['rekey']) == $_GET['auth']) { $_rekey_SQL = sprintf(",`rekey` = '%s'", substr(sc_keygen($_GET['auth']), 0, 16)); $_step = 3; if (isset($_POST['password']) && trim($_POST['password']) != '') { $SQL->query("UPDATE member SET `password` = '%s' {$_rekey_SQL} WHERE `id` = '%d'", array(sc_password($_POST['password'], $_member['row']['username']), $_uid)); $_step = 4; header("Location: index.php?getpassword"); exit; } } } } $view = new View('include/theme/default.html', 'include/nav.php', NULL, $center['site_name'], '重設密碼'); if (isset($_GET['nouser'])) {
<?php if ($_post['row']['level'] > 1) { ?> <li><span class="label"><?php echo sc_member_level($_post['row']['level']); ?> </span></li> <?php } ?> <li><?php echo $_author['row']['username']; ?> </li> <li><?php echo date('Y-m-d H:i', strtotime($_post['row']['mktime'])); ?> </li> <li><?php echo implode('', $_reply['row']); ?> 回覆</li> </ul> </div> <?php } while ($_post['row'] = $_post['query']->fetch_assoc()); $_all_post = sc_get_result("SELECT COUNT(*) FROM `forum` WHERE `title` LIKE '%%%s%%' OR `content` LIKE '%%%s%%' OR `author` LIKE '%%%s%%' {$_block} {$_level} {$_mktime}", array(sc_xss_filter($_GET['q']), sc_xss_filter($_GET['q']), $_GET['author'])); echo sc_page_pagination('forumsearch.php', @$_GET['page'], implode('', $_all_post['row']), $center['forum']['limit'], '&q=' . sc_xss_filter($_GET['q']) . '&author=' . urlencode(sc_namefilter($_GET['author'])) . '&block=' . urlencode(abs($_GET['block'])) . '&level=' . urlencode(abs($_GET['level'])) . '&mktime[]=' . $GET_mktime['0'] . '&mktime[]=' . $GET_mktime['1']); } } $view->render();
}); </script> <table class="table table-striped"> <thead> <tr> <th>區塊</th> <th>位置</th> <th>帖數</th> <th>最後發帖</th> <th></th> </tr> </thead> <tbody> <?php do { $_block_post = sc_get_result("SELECT * FROM `forum` WHERE `block`='%d' ORDER BY `mktime` DESC", array($_forum['row']['id'])); ?> <tr> <td> <a href="forum.php?fid=<?php echo $_forum['row']['id']; ?> "> <?php echo $_forum['row']['blockname']; ?> </a> </td> <td><?php echo $_forum['row']['position']; ?>
<table class="table table-striped table-hover"> <thead> <tr> <th>帖子</th> <th>區塊</th> <th>回覆</th> <th>最後回覆</th> <th>發表時間</th> <th></th> </tr> </thead> <tbody> <?php do { $_reply = sc_get_result("SELECT * FROM `forum_reply` WHERE `post_id` = '%d' ORDER BY `mktime` DESC", array($_mypost['row']['id'])); $_author = sc_get_result("SELECT `username` FROM `member` WHERE `id` = '%d'", array($_reply['row']['author'])); $_block = $SQL->query("SELECT * FROM `forum_block` WHERE `id`='%d'", array($_mypost['row']['block']))->fetch_assoc(); ?> <tr> <td> <a href="forumview.php?id=<?php echo $_mypost['row']['id']; ?> "><?php echo $_mypost['row']['title']; ?> </a> <?php if ($_mypost['row']['level'] > 1) { ?>
<http://www.gnu.org/licenses/>. */ set_include_path('../include/'); $includepath = true; require_once '../Connections/SQL.php'; require_once '../config.php'; require_once 'view.php'; if (!isset($_SESSION['Center_Username']) or $_SESSION['Center_UserGroup'] != 9) { header("Location: ../index.php"); exit; } if (isset($_POST['merge']) && isset($_POST['block']) && abs($_POST['merge']) != abs($_POST['block'])) { $SQL->query("UPDATE `forum` SET `block` = '%d' WHERE `block` = '%d'", array(abs($_POST['block']), abs($_POST['merge']))); $SQL->query("DELETE FROM `forum_block` WHERE `id` ='%d'", array(abs($_POST['merge']))); } $_block = sc_get_result("SELECT * FROM `forum_block` ORDER BY `position` ASC"); $view = new View('theme/admin_default.html', 'admin/nav.php', '', $center['site_name'], '區塊合併', true); ?> <h2 class="page-header">區塊合併</h2> <p>轉移舊區塊的所有帖子,並同時刪除舊區塊</p> <form class="form-xs" action="forummerge.php" method="POST"> <div class="form-group"> 將舊區塊 <select class="form-control" name="merge" required="required"> <?php do { ?> <option value="<?php echo $_block['row']['id']; ?> "><?php
exit; } if (isset($_POST['title']) && isset($_POST['content']) && trim(htmlspecialchars($_POST['title'])) != '' && trim(strip_tags($_POST['content']), " ") != '') { $_block_auth = $SQL->query("SELECT * FROM `forum_block` WHERE `id` = '%d'", array(abs($_POST['block'])))->num_rows; if ($_block_auth <= 0) { die; } $SQL->query("UPDATE `forum` SET `title` = '%s', `content` = '%s',`block`='%d',`level`='%d' WHERE `id` = '%d' AND `author` = '%d'", array(htmlspecialchars($_POST['title']), sc_xss_filter($_POST['content']), abs($_POST['block']), abs($_POST['level']), $_GET['id'], $_SESSION['Center_Id'])); header("Location: forumview.php?editok&id=" . $_post['row']['id']); } } elseif (isset($_GET['reply'])) { if (isset($_GET['post'])) { header("Location: forum.php"); exit; } $_reply = sc_get_result("SELECT * FROM `forum_reply` WHERE `id` = '%d' AND `author` = '%d'", array($_GET['id'], $_SESSION['Center_Id'])); if ($_reply['num_rows'] <= 0) { header("Location: forum.php"); exit; } if (isset($_POST['content']) && trim(strip_tags($_POST['content']), " ") != '') { $SQL->query("UPDATE `forum_reply` SET `content` = '%s' WHERE `id` = '%d' AND `author` = '%d'", array(sc_xss_filter($_POST['content']), $_GET['id'], $_SESSION['Center_Id'])); header("Location: forumview.php?editok&id=" . $_reply['row']['post_id']); } } else { header("Location: forum.php"); exit; } $view = new View('include/theme/default.html', 'include/nav.php', NULL, $center['site_name'], '論壇編輯'); $view->addScript("include/js/notice.js"); $view->addCSS("include/js/cleditor/jquery.cleditor.css");
$_data = array(); if ($_unread_count != $_last) { $_data['count'] = $_unread_count; break; } $i++; sleep(1); } header("Content-type: application/json"); echo json_encode($_data); } elseif (isset($_POST['last'])) { $_last = intval($_POST['last']); $_all_rows = $SQL->query("SELECT * FROM `notice` WHERE `send_to`='%d'", array($_SESSION_scratch['Center_Id']))->num_rows; if ($_all_rows > 30) { $SQL->query("DELETE FROM `notice` WHERE `send_to`='%d' ORDER BY `mktime` ASC LIMIT 1", array($_SESSION_scratch['Center_Id'])); } $_result = sc_get_result("SELECT * FROM `notice` WHERE `send_to`='%d' AND `mktime` > '%s' ORDER BY `mktime` ASC", array($_SESSION_scratch['Center_Id'], date('Y-m-d H:i:s', $_last))); $_data = array(); $_data['last'] = time(); if ($_result['num_rows'] > 0) { do { $_send_from = sc_get_result("SELECT `username` FROM `member` WHERE `id` = '%d'", array($_result['row']['send_from'])); $_send_to = sc_get_result("SELECT `username` FROM `member` WHERE `id` = '%d'", array($_result['row']['send_to'])); $_data['data'][] = array('id' => $_result['row']['id'], 'url' => $_result['row']['url'], 'content' => $_result['row']['content'], 'status' => $_result['row']['status'], 'send_from' => $_send_from['row']['username'], 'send_from_avatar' => sc_avatar_url($_result['row']['send_from'], true), 'send_to' => $_send_to['row']['username'], 'mktime' => $_result['row']['mktime']); } while ($_result['row'] = $_result['query']->fetch_assoc()); } $SQL->query("UPDATE `notice` SET `status` = '1' WHERE `send_to`='%d' AND `status`='0' ORDER BY `mktime` DESC LIMIT 5", array($_SESSION_scratch['Center_Id'])); header("Content-type: application/json"); echo json_encode($_data); } die;
echo $_member['row']['web_site']; ?> </small></td> <td><?php echo sc_member_level($_member['row']['level']); ?> </td> <td> <a href="member.php?edit=<?php echo $_member['row']['id']; ?> " class="btn btn-info btn-sm">編輯</a> <a href="member.php?del=<?php echo $_member['row']['id']; ?> " class="btn btn-danger btn-sm">刪除</a> </td> </tr> <?php } while ($_member['row'] = $_member['query']->fetch_assoc()); ?> </table> <div> <?php $_all_nav = sc_get_result("SELECT COUNT(*) FROM `member`"); echo sc_page_pagination('member.php', @$_GET['page'], implode('', $_all_nav['row']), 30); ?> </div> <?php } $view->render();
exit; } if (isset($_POST['title']) && isset($_POST['content']) && trim(htmlspecialchars($_POST['title'])) != '' && trim(strip_tags($_POST['content']), " ") != '') { $_block_auth = $SQL->query("SELECT * FROM `forum_block` WHERE `id` = '%d'", array(abs($_POST['block'])))->num_rows; if ($_block_auth <= 0) { die; } $SQL->query("UPDATE `forum` SET `title` = '%s', `content` = '%s',`block`='%d',`level`='%d' WHERE `id` = '%d'", array(htmlspecialchars($_POST['title']), sc_xss_filter($_POST['content']), abs($_POST['block']), abs($_POST['level']), $_GET['id'])); header("Location: forumview.php?editok&id=" . $_post['row']['id']); } } elseif (isset($_GET['reply'])) { if (isset($_GET['post'])) { header("Location: forum.php"); exit; } $_reply = sc_get_result("SELECT * FROM `forum_reply` WHERE `id` = '%d'", array($_GET['id'])); if ($_reply['num_rows'] <= 0) { header("Location: forum.php"); exit; } if (isset($_POST['content']) && trim(strip_tags($_POST['content']), " ") != '') { $SQL->query("UPDATE `forum_reply` SET `content` = '%s' WHERE `id` = '%d'", array(sc_xss_filter($_POST['content']), $_GET['id'])); header("Location: forumview.php?editok&id=" . $_reply['row']['post_id']); } } else { header("Location: forum.php"); exit; } $view = new View('theme/admin_default.html', 'admin/nav.php', '', $center['site_name'], '論壇編輯', true); $view->addCSS("../include/js/cleditor/jquery.cleditor.css"); $view->addScript("../include/js/cleditor/jquery.cleditor.min.js");
} $query[] = "ALTER TABLE `forum_reply` CHANGE `id` `id` int NOT NULL AUTO_INCREMENT FIRST, CHANGE `post` `post_id` int NOT NULL AFTER `id`, CHANGE `reply` `content` text COLLATE 'utf8_unicode_ci' NOT NULL AFTER `post_id`, CHANGE `ptime` `mktime` datetime NOT NULL AFTER `content`, CHANGE `posted` `author` int NOT NULL AFTER `mktime`"; $query[] = "ALTER TABLE `forum_block` CHANGE `ptime` `mktime` datetime NOT NULL AFTER `position`"; $_member = sc_get_result("SELECT * FROM `member`"); if ($_member['num_rows'] > 0) { do { if ($_member['row']['avatar'] == '../images/default_avatar.png') { $_avatar = 'default.png'; } else { $_avatar = ltrim($_member['row']['avatar'], '../images/avatar/'); } $query[] = sprintf("UPDATE `member` SET `avatar` = '%s' WHERE `id` = '%d'", $_avatar, $_member['row']['id']); } while ($_member['row'] = $_member['query']->fetch_assoc()); } $query[] = "ALTER TABLE `member` CHANGE `id` `id` int NOT NULL AUTO_INCREMENT FIRST, CHANGE `name` `username` varchar(30) COLLATE 'utf8_unicode_ci' NOT NULL AFTER `id`, CHANGE `level` `level` tinyint NOT NULL AFTER `rekey`;"; $_notice = sc_get_result("SELECT * FROM `notice`"); if ($_notice['num_rows'] > 0) { do { $query[] = sprintf("UPDATE `notice` SET `send_from` = '%d' WHERE `send_from` = '%s'", $_m_id[$_notice['row']['send_from']], $_notice['row']['send_from']); $query[] = sprintf("UPDATE `notice` SET `send_to` = '%d' WHERE `send_to` = '%s'", $_m_id[$_notice['row']['send_to']], $_notice['row']['send_to']); } while ($_notice['row'] = $_notice['query']->fetch_assoc()); } $query[] = "ALTER TABLE `notice` CHANGE `id` `id` int NOT NULL AUTO_INCREMENT FIRST,CHANGE `ptime` `mktime` datetime NOT NULL AFTER `send_to`,CHANGE `send_from` `send_from` int NOT NULL AFTER `status`,CHANGE `send_to` `send_to` int NOT NULL AFTER `send_from`"; foreach ($query as $val) { if ($val != '') { $SQL->query($val); } } rename('include/avatar/default.png', 'images/avatar/default.png'); sc_deletedir('include/avatar/'); rename('images/avatar/', 'include/avatar/');
function sc_avatar_url($_id, $_only_file_name = false) { $_avatar = sc_get_result("SELECT `avatar` FROM `member` WHERE `id` = '%s'", array(abs($_id))); if ($_avatar['num_rows'] > 0) { if ($_only_file_name) { return $_avatar['row']['avatar']; } else { $_headurl = rtrim(rtrim(rtrim(sc_get_headurl(), '/include'), '/admin'), '/ajax') . '/'; return $_headurl . 'include/avatar/' . $_avatar['row']['avatar']; } } else { return -1; } }