solutions will be better for different programs; see section 13 for the
specific requirements.
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU AGPL, see
<http://www.gnu.org/licenses/>.
*/
require_once 'Connections/SQL.php';
require_once 'config.php';
require_once 'include/view.php';
if (!isset($_SESSION['Center_Username'])) {
header("Location: index.php?login");
exit;
}
$_member = sc_get_result("SELECT * FROM `member` WHERE `id` = '%d'", array($_SESSION['Center_Id']));
$_avatar_dir = 'include/avatar/';
$upload_error = null;
if (@$_GET['step'] == 2 && !isset($_GET['no']) && isset($_FILES['upload'])) {
try {
//檢查頭貼資料夾是否存在
if (!is_dir($_avatar_dir)) {
//不存在的話就創建頭貼資料夾
if (!mkdir($_avatar_dir)) {
die("頭貼資料夾不存在,並且創建失敗");
}
}
if ($_FILES['upload']['name'] != "" && is_uploaded_file($_FILES['upload']['tmp_name'])) {
if (!isset($_FILES['upload']['error']) > 0) {
throw new Exception("檔案上傳失敗");
}
<li><?php
echo $_floor;
?>
樓</li>
<?php
if ($_reply['row']['author'] == $_SESSION['Center_Id']) {
?>
<li>
<a href="forumedit.php?reply&id=<?php
echo $_reply['row']['id'];
?>
" class="btn btn-info btn-sm">
編輯
</a>
</li>
<?php
}
?>
</ul>
<div class="con"><?php
echo sc_removal_escape_string($_reply['row']['content']);
?>
</div>
</div>
<?php
} while ($_reply['row'] = $_reply['query']->fetch_assoc());
}
$_all_reply = sc_get_result("SELECT COUNT(*) FROM `forum_reply` WHERE `post_id`='%d'", array($_post['row']['id']));
echo sc_page_pagination('forumview.php', @$_GET['page'], implode('', $_all_reply['row']), $center['forum']['limit'], '&id=' . $_post['row']['id']);
}
$view->render();
if (isset($_POST['content']) && trim($_POST['content']) != '') {
$_chat = sc_get_result("SELECT * FROM `chat` ORDER BY `mktime` ASC");
if ($_chat['num_rows'] > 50) {
$SQL->query("TRUNCATE TABLE `chat`");
}
$SQL->query("INSERT INTO `chat` (`content`, `mktime`, `author`) VALUES ('%s', now(), '%s')", array(htmlspecialchars($_POST['content']), $_SESSION_scratch['Center_Id']));
sc_tag_member(htmlspecialchars($_POST['content']), rtrim(sc_get_headurl(), 'include/ajax') . '/chat.php', $_SESSION_scratch['Center_Username'] . '在聊天室提到你', $_SESSION_scratch['Center_Id']);
header("Content-type: application/json");
echo json_encode(array("success" => true));
}
} elseif (isset($_POST['last'])) {
$_last = intval($_POST['last']);
$_timeout = 20;
$i = 0;
while ($i < $_timeout) {
$_result = sc_get_result("SELECT * FROM `chat` WHERE `mktime` > '%s'", array(date('Y-m-d H:i:s', $_last)));
$_data = array();
$_data['last'] = time();
if ($_result['num_rows'] > 0) {
do {
$_member = $SQL->query("SELECT `username` FROM `member` WHERE `id` = '%d'", array($_result['row']['author']))->fetch_assoc();
$t = strtotime($_result['row']['mktime']);
if (date('d') == date('d', $t)) {
$_data['data'][] = array('id' => $_result['row']['id'], 'content' => $_result['row']['content'], 'mktime' => date('H:i:s', $t), 'author' => $_member['username']);
} else {
$_data['data'][] = array('id' => $_result['row']['id'], 'content' => $_result['row']['content'], 'mktime' => $_result['row']['mktime'], 'author' => $_member['username']);
}
} while ($_result['row'] = $_result['query']->fetch_assoc());
break;
}
$i++;
<ul class="list-inline" style="font-size:80%;color:rgb(100,100,100);">
<?php
if ($_post['row']['level'] > 1) {
?>
<li><span class="label"><?php
echo sc_member_level($_post['row']['level']);
?>
</span></li>
<?php
}
?>
<li><?php
echo $_post['row']['mktime'];
?>
</li>
<li><?php
echo date('Y-m-d H:i', strtotime($_post['row']['mktime']));
?>
</li>
<li><?php
echo $_post_reply['num_rows'];
?>
回覆</li>
</ul>
</div>
<?php
} while ($_post['row'] = $_post['query']->fetch_assoc());
$_all = sc_get_result("SELECT COUNT(*) FROM `forum` WHERE `title` LIKE '%%%s%%' OR `content` LIKE '%%%s%%'", array(sc_xss_filter($_GET['q']), sc_xss_filter($_GET['q'])));
echo sc_page_pagination('forumsearch.php', @$_GET['page'], implode('', $_all['row']), $center['forum']['limit'], '&q=' . sc_xss_filter($_GET['q']));
}
$view->render();
$_joined = sprintf(" AND `joined` > '%s'", date('Y-m-d H:i:s', $POST_joined['0']));
} elseif ($POST_joined['1'] > 0) {
$_joined = sprintf(" AND `joined` < '%s'", date('Y-m-d H:i:s', $POST_joined['1']));
} else {
$_joined = '';
}
if ($POST_last_login['0'] > 0 && $POST_last_login['1'] > 0) {
$_last_login = sprintf(" AND `last_login` BETWEEN '%s' AND '%s'", date('Y-m-d H:i:s', $POST_last_login['0']), date('Y-m-d H:i:s', $POST_last_login['1']));
} elseif ($POST_last_login['0'] > 0) {
$_last_login = sprintf(" AND `last_login` > '%s'", date('Y-m-d H:i:s', $POST_last_login['0']));
} elseif ($POST_last_login['1'] > 0) {
$_last_login = sprintf(" AND `last_login` < '%s'", date('Y-m-d H:i:s', $POST_last_login['1']));
} else {
$_last_login = '';
}
$_member = sc_get_result("SELECT * FROM `member` WHERE `username` LIKE '%%%s%%' AND `email` LIKE '%%%s%%' AND `web_site` LIKE '%%%s%%' {$_last_login} {$_joined} {$_level} ORDER BY `id` ASC", array(sc_namefilter($_POST['username']), $_POST['email'], $_POST['web_site']));
}
$view = new View('theme/admin_default.html', 'admin/nav.php', '', $center['site_name'], '會員搜尋', true);
?>
<h2 class="page-header">會員搜尋</h2>
<?php
if (!isset($_GET['search']) or !isset($_POST['level']) or !isset($_POST['joined']) or !isset($_POST['last_login']) or !isset($_POST['username']) or !isset($_POST['email']) or !isset($_POST['web_site'])) {
?>
<form class="form-horizontal form-sm" action="membersearch.php?search" method="POST">
<div class="form-group">
<label class="col-sm-3 control-label" for="username">帳號:</label>
<div class="col-sm-9">
<input class="form-control" name="username" type="text">
</div>
</div>
<div class="form-group">
if ($_member['num_rows'] < 1 or $_POST['email'] != $_member['row']['email']) {
$_GET['nouser'] = true;
} else {
$_subject = "重設密碼 - {$center['site_name']}";
$_body = "{$_member['row']['username']} 您好\n\t\t\n 請點擊以下連結重設您的密碼 \n\t\t\n " . sc_get_headurl() . "getpassword.php?id={$_member['row']['id']}&auth=" . md5($_member['row']['rekey']) . "\n\t\t\n (若是您沒有申請重設密碼,請忽略此信件)";
$_header = "From: {$center['site_name']} <{$center['mail']}> \n";
$_header .= 'Content-type:text/plain; charset=UTF-8';
mb_internal_encoding('UTF-8');
$_subject = mb_encode_mimeheader($_subject, 'UTF-8');
if (mail($_member['row']['email'], $_subject, $_body, $_header)) {
$_step = 2;
}
}
} elseif (isset($_GET['auth']) && trim($_GET['auth']) != '' && isset($_GET['id']) && abs($_GET['id']) != '') {
$_uid = abs($_GET['id']);
$_member = sc_get_result("SELECT * FROM member WHERE `id` = '%d'", array($_uid));
if ($_member['num_rows'] > 0) {
if (md5($_member['row']['rekey']) == $_GET['auth']) {
$_rekey_SQL = sprintf(",`rekey` = '%s'", substr(sc_keygen($_GET['auth']), 0, 16));
$_step = 3;
if (isset($_POST['password']) && trim($_POST['password']) != '') {
$SQL->query("UPDATE member SET `password` = '%s' {$_rekey_SQL} WHERE `id` = '%d'", array(sc_password($_POST['password'], $_member['row']['username']), $_uid));
$_step = 4;
header("Location: index.php?getpassword");
exit;
}
}
}
}
$view = new View('include/theme/default.html', 'include/nav.php', NULL, $center['site_name'], '重設密碼');
if (isset($_GET['nouser'])) {
<?php
if ($_post['row']['level'] > 1) {
?>
<li><span class="label"><?php
echo sc_member_level($_post['row']['level']);
?>
</span></li>
<?php
}
?>
<li><?php
echo $_author['row']['username'];
?>
</li>
<li><?php
echo date('Y-m-d H:i', strtotime($_post['row']['mktime']));
?>
</li>
<li><?php
echo implode('', $_reply['row']);
?>
回覆</li>
</ul>
</div>
<?php
} while ($_post['row'] = $_post['query']->fetch_assoc());
$_all_post = sc_get_result("SELECT COUNT(*) FROM `forum` WHERE `title` LIKE '%%%s%%' OR `content` LIKE '%%%s%%' OR `author` LIKE '%%%s%%' {$_block} {$_level} {$_mktime}", array(sc_xss_filter($_GET['q']), sc_xss_filter($_GET['q']), $_GET['author']));
echo sc_page_pagination('forumsearch.php', @$_GET['page'], implode('', $_all_post['row']), $center['forum']['limit'], '&q=' . sc_xss_filter($_GET['q']) . '&author=' . urlencode(sc_namefilter($_GET['author'])) . '&block=' . urlencode(abs($_GET['block'])) . '&level=' . urlencode(abs($_GET['level'])) . '&mktime[]=' . $GET_mktime['0'] . '&mktime[]=' . $GET_mktime['1']);
}
}
$view->render();
});
</script>
<table class="table table-striped">
<thead>
<tr>
<th>區塊</th>
<th>位置</th>
<th>帖數</th>
<th>最後發帖</th>
<th></th>
</tr>
</thead>
<tbody>
<?php
do {
$_block_post = sc_get_result("SELECT * FROM `forum` WHERE `block`='%d' ORDER BY `mktime` DESC", array($_forum['row']['id']));
?>
<tr>
<td>
<a href="forum.php?fid=<?php
echo $_forum['row']['id'];
?>
">
<?php
echo $_forum['row']['blockname'];
?>
</a>
</td>
<td><?php
echo $_forum['row']['position'];
?>
<table class="table table-striped table-hover">
<thead>
<tr>
<th>帖子</th>
<th>區塊</th>
<th>回覆</th>
<th>最後回覆</th>
<th>發表時間</th>
<th></th>
</tr>
</thead>
<tbody>
<?php
do {
$_reply = sc_get_result("SELECT * FROM `forum_reply` WHERE `post_id` = '%d' ORDER BY `mktime` DESC", array($_mypost['row']['id']));
$_author = sc_get_result("SELECT `username` FROM `member` WHERE `id` = '%d'", array($_reply['row']['author']));
$_block = $SQL->query("SELECT * FROM `forum_block` WHERE `id`='%d'", array($_mypost['row']['block']))->fetch_assoc();
?>
<tr>
<td>
<a href="forumview.php?id=<?php
echo $_mypost['row']['id'];
?>
"><?php
echo $_mypost['row']['title'];
?>
</a>
<?php
if ($_mypost['row']['level'] > 1) {
?>
<http://www.gnu.org/licenses/>.
*/
set_include_path('../include/');
$includepath = true;
require_once '../Connections/SQL.php';
require_once '../config.php';
require_once 'view.php';
if (!isset($_SESSION['Center_Username']) or $_SESSION['Center_UserGroup'] != 9) {
header("Location: ../index.php");
exit;
}
if (isset($_POST['merge']) && isset($_POST['block']) && abs($_POST['merge']) != abs($_POST['block'])) {
$SQL->query("UPDATE `forum` SET `block` = '%d' WHERE `block` = '%d'", array(abs($_POST['block']), abs($_POST['merge'])));
$SQL->query("DELETE FROM `forum_block` WHERE `id` ='%d'", array(abs($_POST['merge'])));
}
$_block = sc_get_result("SELECT * FROM `forum_block` ORDER BY `position` ASC");
$view = new View('theme/admin_default.html', 'admin/nav.php', '', $center['site_name'], '區塊合併', true);
?>
<h2 class="page-header">區塊合併</h2>
<p>轉移舊區塊的所有帖子,並同時刪除舊區塊</p>
<form class="form-xs" action="forummerge.php" method="POST">
<div class="form-group">
將舊區塊
<select class="form-control" name="merge" required="required">
<?php
do {
?>
<option value="<?php
echo $_block['row']['id'];
?>
"><?php
exit;
}
if (isset($_POST['title']) && isset($_POST['content']) && trim(htmlspecialchars($_POST['title'])) != '' && trim(strip_tags($_POST['content']), " ") != '') {
$_block_auth = $SQL->query("SELECT * FROM `forum_block` WHERE `id` = '%d'", array(abs($_POST['block'])))->num_rows;
if ($_block_auth <= 0) {
die;
}
$SQL->query("UPDATE `forum` SET `title` = '%s', `content` = '%s',`block`='%d',`level`='%d' WHERE `id` = '%d' AND `author` = '%d'", array(htmlspecialchars($_POST['title']), sc_xss_filter($_POST['content']), abs($_POST['block']), abs($_POST['level']), $_GET['id'], $_SESSION['Center_Id']));
header("Location: forumview.php?editok&id=" . $_post['row']['id']);
}
} elseif (isset($_GET['reply'])) {
if (isset($_GET['post'])) {
header("Location: forum.php");
exit;
}
$_reply = sc_get_result("SELECT * FROM `forum_reply` WHERE `id` = '%d' AND `author` = '%d'", array($_GET['id'], $_SESSION['Center_Id']));
if ($_reply['num_rows'] <= 0) {
header("Location: forum.php");
exit;
}
if (isset($_POST['content']) && trim(strip_tags($_POST['content']), " ") != '') {
$SQL->query("UPDATE `forum_reply` SET `content` = '%s' WHERE `id` = '%d' AND `author` = '%d'", array(sc_xss_filter($_POST['content']), $_GET['id'], $_SESSION['Center_Id']));
header("Location: forumview.php?editok&id=" . $_reply['row']['post_id']);
}
} else {
header("Location: forum.php");
exit;
}
$view = new View('include/theme/default.html', 'include/nav.php', NULL, $center['site_name'], '論壇編輯');
$view->addScript("include/js/notice.js");
$view->addCSS("include/js/cleditor/jquery.cleditor.css");
$_data = array();
if ($_unread_count != $_last) {
$_data['count'] = $_unread_count;
break;
}
$i++;
sleep(1);
}
header("Content-type: application/json");
echo json_encode($_data);
} elseif (isset($_POST['last'])) {
$_last = intval($_POST['last']);
$_all_rows = $SQL->query("SELECT * FROM `notice` WHERE `send_to`='%d'", array($_SESSION_scratch['Center_Id']))->num_rows;
if ($_all_rows > 30) {
$SQL->query("DELETE FROM `notice` WHERE `send_to`='%d' ORDER BY `mktime` ASC LIMIT 1", array($_SESSION_scratch['Center_Id']));
}
$_result = sc_get_result("SELECT * FROM `notice` WHERE `send_to`='%d' AND `mktime` > '%s' ORDER BY `mktime` ASC", array($_SESSION_scratch['Center_Id'], date('Y-m-d H:i:s', $_last)));
$_data = array();
$_data['last'] = time();
if ($_result['num_rows'] > 0) {
do {
$_send_from = sc_get_result("SELECT `username` FROM `member` WHERE `id` = '%d'", array($_result['row']['send_from']));
$_send_to = sc_get_result("SELECT `username` FROM `member` WHERE `id` = '%d'", array($_result['row']['send_to']));
$_data['data'][] = array('id' => $_result['row']['id'], 'url' => $_result['row']['url'], 'content' => $_result['row']['content'], 'status' => $_result['row']['status'], 'send_from' => $_send_from['row']['username'], 'send_from_avatar' => sc_avatar_url($_result['row']['send_from'], true), 'send_to' => $_send_to['row']['username'], 'mktime' => $_result['row']['mktime']);
} while ($_result['row'] = $_result['query']->fetch_assoc());
}
$SQL->query("UPDATE `notice` SET `status` = '1' WHERE `send_to`='%d' AND `status`='0' ORDER BY `mktime` DESC LIMIT 5", array($_SESSION_scratch['Center_Id']));
header("Content-type: application/json");
echo json_encode($_data);
}
die;
echo $_member['row']['web_site'];
?>
</small></td>
<td><?php
echo sc_member_level($_member['row']['level']);
?>
</td>
<td>
<a href="member.php?edit=<?php
echo $_member['row']['id'];
?>
" class="btn btn-info btn-sm">編輯</a>
<a href="member.php?del=<?php
echo $_member['row']['id'];
?>
" class="btn btn-danger btn-sm">刪除</a>
</td>
</tr>
<?php
} while ($_member['row'] = $_member['query']->fetch_assoc());
?>
</table>
<div>
<?php
$_all_nav = sc_get_result("SELECT COUNT(*) FROM `member`");
echo sc_page_pagination('member.php', @$_GET['page'], implode('', $_all_nav['row']), 30);
?>
</div>
<?php
}
$view->render();
exit;
}
if (isset($_POST['title']) && isset($_POST['content']) && trim(htmlspecialchars($_POST['title'])) != '' && trim(strip_tags($_POST['content']), " ") != '') {
$_block_auth = $SQL->query("SELECT * FROM `forum_block` WHERE `id` = '%d'", array(abs($_POST['block'])))->num_rows;
if ($_block_auth <= 0) {
die;
}
$SQL->query("UPDATE `forum` SET `title` = '%s', `content` = '%s',`block`='%d',`level`='%d' WHERE `id` = '%d'", array(htmlspecialchars($_POST['title']), sc_xss_filter($_POST['content']), abs($_POST['block']), abs($_POST['level']), $_GET['id']));
header("Location: forumview.php?editok&id=" . $_post['row']['id']);
}
} elseif (isset($_GET['reply'])) {
if (isset($_GET['post'])) {
header("Location: forum.php");
exit;
}
$_reply = sc_get_result("SELECT * FROM `forum_reply` WHERE `id` = '%d'", array($_GET['id']));
if ($_reply['num_rows'] <= 0) {
header("Location: forum.php");
exit;
}
if (isset($_POST['content']) && trim(strip_tags($_POST['content']), " ") != '') {
$SQL->query("UPDATE `forum_reply` SET `content` = '%s' WHERE `id` = '%d'", array(sc_xss_filter($_POST['content']), $_GET['id']));
header("Location: forumview.php?editok&id=" . $_reply['row']['post_id']);
}
} else {
header("Location: forum.php");
exit;
}
$view = new View('theme/admin_default.html', 'admin/nav.php', '', $center['site_name'], '論壇編輯', true);
$view->addCSS("../include/js/cleditor/jquery.cleditor.css");
$view->addScript("../include/js/cleditor/jquery.cleditor.min.js");
}
$query[] = "ALTER TABLE `forum_reply` CHANGE `id` `id` int NOT NULL AUTO_INCREMENT FIRST, CHANGE `post` `post_id` int NOT NULL AFTER `id`, CHANGE `reply` `content` text COLLATE 'utf8_unicode_ci' NOT NULL AFTER `post_id`, CHANGE `ptime` `mktime` datetime NOT NULL AFTER `content`, CHANGE `posted` `author` int NOT NULL AFTER `mktime`";
$query[] = "ALTER TABLE `forum_block` CHANGE `ptime` `mktime` datetime NOT NULL AFTER `position`";
$_member = sc_get_result("SELECT * FROM `member`");
if ($_member['num_rows'] > 0) {
do {
if ($_member['row']['avatar'] == '../images/default_avatar.png') {
$_avatar = 'default.png';
} else {
$_avatar = ltrim($_member['row']['avatar'], '../images/avatar/');
}
$query[] = sprintf("UPDATE `member` SET `avatar` = '%s' WHERE `id` = '%d'", $_avatar, $_member['row']['id']);
} while ($_member['row'] = $_member['query']->fetch_assoc());
}
$query[] = "ALTER TABLE `member` CHANGE `id` `id` int NOT NULL AUTO_INCREMENT FIRST, CHANGE `name` `username` varchar(30) COLLATE 'utf8_unicode_ci' NOT NULL AFTER `id`, CHANGE `level` `level` tinyint NOT NULL AFTER `rekey`;";
$_notice = sc_get_result("SELECT * FROM `notice`");
if ($_notice['num_rows'] > 0) {
do {
$query[] = sprintf("UPDATE `notice` SET `send_from` = '%d' WHERE `send_from` = '%s'", $_m_id[$_notice['row']['send_from']], $_notice['row']['send_from']);
$query[] = sprintf("UPDATE `notice` SET `send_to` = '%d' WHERE `send_to` = '%s'", $_m_id[$_notice['row']['send_to']], $_notice['row']['send_to']);
} while ($_notice['row'] = $_notice['query']->fetch_assoc());
}
$query[] = "ALTER TABLE `notice` CHANGE `id` `id` int NOT NULL AUTO_INCREMENT FIRST,CHANGE `ptime` `mktime` datetime NOT NULL AFTER `send_to`,CHANGE `send_from` `send_from` int NOT NULL AFTER `status`,CHANGE `send_to` `send_to` int NOT NULL AFTER `send_from`";
foreach ($query as $val) {
if ($val != '') {
$SQL->query($val);
}
}
rename('include/avatar/default.png', 'images/avatar/default.png');
sc_deletedir('include/avatar/');
rename('images/avatar/', 'include/avatar/');
function sc_avatar_url($_id, $_only_file_name = false)
{
$_avatar = sc_get_result("SELECT `avatar` FROM `member` WHERE `id` = '%s'", array(abs($_id)));
if ($_avatar['num_rows'] > 0) {
if ($_only_file_name) {
return $_avatar['row']['avatar'];
} else {
$_headurl = rtrim(rtrim(rtrim(sc_get_headurl(), '/include'), '/admin'), '/ajax') . '/';
return $_headurl . 'include/avatar/' . $_avatar['row']['avatar'];
}
} else {
return -1;
}
}
