<?php
require dirname(__FILE__) . "/global.php";
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
$where1 = "";
$where2 = "";
if (isset($_GET['name']) && !empty($_GET['name'])) {
$name = trim(strtolower(strAddslashes($_GET['name'])));
$where1 = "WHERE lower(`name`) LIKE '" . $name . "%'";
$where2 = "WHERE lower(I.`name`) LIKE '" . $name . "%'";
}
$forumArr = $QA->getForumList($where1, $where2, $page, "30");
$DB->close();
unset($DB, $QA);
$tmp =& myTpl("forum_list.html");
$tmp->assign('codeName', $code_name);
$tmp->assign('codeVersion', $code_version);
$tmp->assign('siteName', $site_name);
$tmp->assign('siteDomain', $site_domain);
$tmp->assign('siteCatalog', $site_catalog);
$tmp->assign('forumArr', $forumArr);
$tmp->output();
<?php
require dirname(__FILE__) . "/global.php";
if (isset($_GET['do'], $_POST['username'], $_POST['userpwd'], $_POST['repwd'], $_POST['useremail']) && $_GET['do'] == "reg") {
$uname = strAddslashes(trim($_POST['username']));
$checkname = usernameCheck($uname);
if (!empty($checkname)) {
die("1 " . $checkname);
}
$passwd = stripslashes(trim($_POST['userpwd']));
$repasswd = stripslashes(trim($_POST['repwd']));
if (strlen($passwd) < 6 || strlen($passwd) > 18) {
die("1 密码长度应控制在6至18个字符之间。");
}
if ($passwd != $repasswd) {
die("1 两次输入的密码不一致。");
}
$email = strtolower(trim($_POST['useremail']));
if (strlen($email) > 45 || !emailcheck($email)) {
die("1 电子邮件地址不合法。");
}
$actionTime = time();
$actionIp = getClientIP();
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
if ($DB->fetch_one("SELECT COUNT(`bid`) FROM `" . $table_black . "` WHERE `uname`='" . $actionIp . "'") != 0) {
echo "1 很抱歉,系统拒绝了您的注册!请与管理员联系。";
} else {
if ($DB->fetch_one("SELECT COUNT(`uid`) FROM `" . $table_member . "` WHERE lower(`name`)='" . strtolower($uname) . "'") != 0) {
echo "1 用户昵称已被占用";
} else {
if ($DB->fetch_one("SELECT COUNT(`uid`) FROM `" . $table_member . "` WHERE `email` = '" . $email . "'") != 0) {
<?php
require dirname(__FILE__) . "/global.php";
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
$where = "";
if (isset($_GET['te'], $_GET['wd']) && !empty($_GET['wd'])) {
$keyword = strAddslashes(strtolower(trim($_GET['wd'])));
if ($_GET['te'] == "uid" && is_numeric($keyword) && $keyword >= 1) {
$where = "WHERE `uid` = " . $keyword;
}
if ($_GET['te'] == "name") {
$where = "WHERE lower(`name`) LIKE '" . $keyword . "%'";
}
if ($_GET['te'] == "email" && emailcheck($keyword)) {
$where = "WHERE `email` = '" . $keyword . "'";
}
}
$MemberArr = $QA->getMember($where, $page, 30);
$DB->close();
unset($DB, $QA);
$tmp =& myTpl("user_list.html");
$tmp->assign('codeName', $code_name);
$tmp->assign('codeVersion', $code_version);
$tmp->assign('siteName', $site_name);
$tmp->assign('siteDomain', $site_domain);
$tmp->assign('siteCatalog', $site_catalog);
$tmp->assign('MemberArr', $MemberArr);
$tmp->output();
}
}
if ($DB->query("UPDATE `" . $table_forum . "` SET `friend`='" . substr($friendBar, 0, -1) . "' WHERE `fid`=" . $fid)) {
echo "1";
}
}
$DB->close();
}
exit;
}
if (isset($_GET['fid']) && is_numeric($_GET['fid']) && $_GET['fid'] >= 1) {
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
$forumArr = $QA->getForumInfo($_GET['fid']);
if (!empty($forumArr['fid'])) {
if (isset($_POST['name'], $_POST['category'], $_POST['intro'], $_POST['push'])) {
$name = strAddslashes(trim($_POST['name']));
$cid = $_POST['category'];
$intro = filterCode($_POST['intro']);
$push = $_POST['push'];
if (empty($name) || getStrlen($name) > 15 || !wordCheck($name)) {
echo "<script>alert('换一个吧名吧');</script>";
} else {
$BId = $DB->fetch_one("SELECT `fid` FROM `" . $table_forum . "` WHERE lower(`name`)='" . strtolower($name) . "'");
if (!empty($BId) && $BId != $forumArr['fid']) {
echo "<script>alert('该吧已存在,请更换吧名。');</script>";
} else {
if (getStrlen($intro) > 90) {
echo "<script>alert('吧简介不能超过90个字');</script>";
} else {
$forumInfo['cid'] = $cid;
$forumInfo['name'] = $name;
require dirname(__FILE__) . "/global.php";
if (isset($_GET['do']) && $_GET['do'] == "logout") {
foreach ($_COOKIE as $key => $val) {
setcookie($key, '', time() - 3600, $cookie_path, $cookie_domain);
}
if (isset($_SERVER['HTTP_REFERER'])) {
$backUrl = $_SERVER['HTTP_REFERER'];
} else {
$backUrl = "./";
}
header("location:" . $backUrl);
} else {
if (isset($_GET['do']) && $_GET['do'] == "login") {
if (isset($_POST['login-user'], $_POST['login-pwd'])) {
$loginUser = strAddslashes(trim($_POST['login-user']));
$loginPwd = stripslashes(trim($_POST['login-pwd']));
if (strlen($loginUser) < 2 || strlen($loginUser) > 45 || strlen($loginPwd) < 6 || strlen($loginPwd) > 18) {
echo "0 用户名或者密码不符合要求";
} else {
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
if (!emailcheck($loginUser)) {
$LoginType = "lower(`name`)";
} else {
$LoginType = "`email`";
}
$userArr = $TB->getMemberInfo($LoginType, strtolower($loginUser));
if (!empty($userArr['uid'])) {
if ($userArr['password'] == md5($loginPwd)) {
$loginTime = time();
$loginIp = getClientIP();
echo "<script>top.location.href='./';</script>";
} else {
for ($i = 0; $i < count($ForumArr['moderator']); $i++) {
if ($ForumArr['moderator'][$i]['uid'] == $loginArr['uid']) {
$isModerator = 1;
}
}
if (!isset($isModerator)) {
if ($site_rewrite) {
echo "<script>top.location.href='./bar-" . $ForumArr['fid'] . "-1.html';</script>";
} else {
echo "<script>top.location.href='./forum.php?fid=" . $ForumArr['fid'] . "';</script>";
}
} else {
if (isset($_GET['do'], $_POST['bar']) && $_GET['do'] == "append") {
$forumName = strAddslashes(trim($_POST['bar']));
if (empty($forumName) || !wordCheck($forumName)) {
echo "<script>alert('请输入正确的同盟吧吧名');</script>";
} else {
$FSQL = "SELECT `fid`,`name` FROM `" . $table_forum . "` WHERE lower(`name`)='" . strtolower($forumName) . "'";
$FriendArr = $DB->fetch_one_array($FSQL);
if (empty($FriendArr['fid']) || $FriendArr['fid'] == $ForumArr['fid']) {
echo "<script>alert('吧名无效');</script>";
} else {
for ($j = 0; $j < count($ForumArr['friend']); $j++) {
if ($ForumArr['friend'][$j]['fid'] == $FriendArr['fid']) {
$isFriend = 1;
}
}
if (isset($isFriend)) {
echo "<script>alert('该同盟吧已存在');</script>";
if ($DB->fetch_one("SELECT COUNT(`cid`) FROM `" . $table_catalog . "` WHERE `fatherid`=" . $cId) == 0) {
if ($DB->query("DELETE FROM `" . $table_catalog . "` WHERE `cid`=" . $cId)) {
echo "1";
} else {
echo "0";
}
} else {
echo "2";
}
}
$DB->close();
exit;
}
if (isset($_GET['action'], $_POST['father'], $_POST['name'], $_POST['cid']) && $_GET['action'] == "do") {
$fatherId = $_POST['father'];
$name = trim(strAddslashes($_POST['name']));
$cid = $_POST['cid'];
if (empty($name) || !wordCheck($name) || getStrlen($name) > 15) {
echo "<script>alert('名称不合法');</script>";
} else {
if ($fatherId > 0 && $DB->fetch_one("SELECT COUNT(`cid`) FROM `" . $table_catalog . "` WHERE `cid`=" . $fatherId) < 1) {
echo "<script>alert('上级目录不存在');</script>";
} else {
$infoArr['fatherid'] = $fatherId;
$infoArr['name'] = $name;
if (empty($cid)) {
$Sql = $DB->insert_sql("`" . $table_catalog . "`", $infoArr);
} else {
$Sql = $DB->update_sql("`" . $table_catalog . "`", $infoArr, "`cid`=" . $cid);
}
if ($DB->query($Sql)) {
$forumArr = $DB->fetch_one_array("SELECT `name`,`synopsis` FROM `" . $table_temp . "` WHERE `fid`=" . $_POST['forumId']);
if (!empty($forumArr['name'])) {
$infoArr['cid'] = "0";
$infoArr['name'] = $forumArr['name'];
$infoArr['synopsis'] = $forumArr['synopsis'];
$infoArr['moderator'] = "";
$infoArr['friend'] = "";
if ($DB->fetch_one("SELECT COUNT(`fid`) FROM `" . $table_forum . "` WHERE `name`='" . $forumArr['name'] . "'") == 0) {
$DB->query($DB->insert_sql("`" . $table_forum . "`", $infoArr));
}
}
}
$DB->query("DELETE FROM `" . $table_temp . "` WHERE `fid`=" . $_POST['forumId']);
$DB->close();
die("1");
}
$where = "";
if (isset($_GET['name']) && !empty($_GET['name'])) {
$where = "WHERE lower(`name`) LIKE '" . trim(strtolower(strAddslashes($_GET['name']))) . "%'";
}
$forumArr = $QA->getForumTemp($where, $page, "30");
$DB->close();
unset($DB, $QA);
$tmp =& myTpl("forum_temp.html");
$tmp->assign('codeName', $code_name);
$tmp->assign('codeVersion', $code_version);
$tmp->assign('siteName', $site_name);
$tmp->assign('siteDomain', $site_domain);
$tmp->assign('siteCatalog', $site_catalog);
$tmp->assign('forumArr', $forumArr);
$tmp->output();
<?php
require dirname(__FILE__) . "/global.php";
$dbFile = dirname(__FILE__) . "/../database/db.filter.php";
if (isset($_GET['action']) && $_GET['action'] == "update") {
if (isset($_POST['ID'], $_POST['OLD'], $_POST['NEW'])) {
$filterWords = array();
$IdNum = count($_POST['ID']) - 1;
for ($i = 0; $i <= $IdNum; $i++) {
$OldWord = strAddslashes(trim($_POST['OLD'][$i]));
$NewWord = strAddslashes(trim($_POST['NEW'][$i]));
if (!empty($OldWord) && !empty($NewWord)) {
$filterWords[] = array($OldWord, $NewWord);
}
}
if (@is_writable($dbFile)) {
$handle = @fopen($dbFile, 'w');
if (@flock($handle, LOCK_EX)) {
@fwrite($handle, '<?php exit;?>' . serialize($filterWords));
@flock($handle, LOCK_UN);
}
@fclose($handle);
die("<script>alert('更新成功');</script>");
} else {
die("<script>alert('数据文件不可写');</script>");
}
}
}
$filterWords = unserialize(substr(file_get_contents($dbFile), 13));
$tmp =& myTpl("set_filter.html");
$tmp->assign('codeName', $code_name);
