$email = $strUser['email'];
//发送邮件
$subject = $TS_SITE['site_title'] . '会员真实性验证';
$content = '尊敬的' . $strUser['username'] . ',<br />请点击以下链接进行会员验证:<a href="' . $TS_SITE['link_url'] . 'index.php?app=user&ac=verify&ts=do&email=' . $email . '&verifycode=' . $verifycode . '">' . $TS_SITE['link_url'] . 'index.php?app=user&ac=verify&ts=do&email=' . $email . '&verifycode=' . $verifycode . '</a>';
$result = aac('mail')->postMail($email, $subject, $content);
if ($result == '0') {
tsNotice("验证失败,可能是你的Email邮箱错误哦^_^");
} elseif ($result == '1') {
tsNotice("系统已经向你的邮箱发送了验证邮件,请尽快查收^_^");
}
break;
//接收验证
//接收验证
case "do":
$email = tsFilter($_GET['email']);
$verifycode = tsFilter($_GET['verifycode']);
$verify = $new['user']->findCount('user_info', array('email' => $email, 'verifycode' => $verifycode));
if ($verify > 0) {
$new['user']->update('user_info', array('email' => $email), array('isverify' => '1'));
tsNotice("Email验证成功!", '点击回首页!', SITE_URL);
} else {
tsNotice("Email验证失败!");
}
break;
//修改Email
//修改Email
case "setemail":
$userid = aac('user')->isLogin();
if ($_POST['token'] != $_SESSION['token']) {
tsNotice('非法操作!');
}
if ($TS_CF['session']) {
include 'tsSession.php';
ini_set('session.save_handler', 'user');
session_set_save_handler(array('tsSession', 'open'), array('tsSession', 'close'), array('tsSession', 'read'), array('tsSession', 'write'), array('tsSession', 'destroy'), array('tsSession', 'gc'));
}
session_start();
//启动Memcache
if ($TS_CF['memcache'] && extension_loaded('memcache')) {
$TS_MC = Memcache::connect($TS_CF['memcache']['host'], $TS_CF['memcache']['port']);
}
//加密用户操作
if (!isset($_SESSION['token'])) {
$_SESSION['token'] = sha1(uniqid(mt_rand(), TRUE));
}
if ($_REQUEST['token']) {
if (tsFilter($_REQUEST['token']) != $_SESSION['token']) {
tsNotice('非法操作!');
}
}
//处理html编码
header('Content-Type: text/html; charset=UTF-8');
//安装专用变量
$install = isset($_GET['install']) ? $_GET['install'] : 'index';
//安装配置文件,数据库配置判断
if (!is_file('data/config.inc.php')) {
include 'install/index.php';
exit;
}
//开始处理url路由,支持APP二级域名
if ($TS_CF['subdomain']) {
ini_set("session.cookie_domain", '.' . $TS_CF['subdomain']['domain']);
<?php
defined('IN_TS') or die('Access Denied.');
//用户是否登录
$userid = aac('user')->isLogin();
switch ($ts) {
//发送消息页面
case "add":
$touserid = intval($_GET['touserid']);
if ($userid == $touserid || !$touserid) {
tsNotice("Sorry!自己不能给自己发送消息的!& 对方为空!");
}
$strUser = $new['user']->getOneUser($userid);
$strTouser = $new['user']->getOneUser($touserid);
if (!$strTouser) {
tsNotice("Sorry!对方不存在!");
}
$title = "发送短消息";
include template("message_add");
break;
case "do":
$msg_userid = $userid;
$msg_touserid = intval($_POST['touserid']);
$msg_content = tsFilter($_POST['content']);
aac('system')->antiWord($msg_content);
aac('message')->sendmsg($msg_userid, $msg_touserid, $msg_content);
header("Location: " . tsUrl('message', 'my'));
break;
}
<?php
defined('IN_TS') or die('Access Denied.');
$name = urldecode(tsFilter($_GET['id']));
//$name=mb_convert_encoding($name,'UTF-8', 'GB2312');
$tagid = aac('tag')->getTagId(t($name));
if ($tagid == 0) {
header("HTTP/1.1 404 Not Found");
header("Status: 404 Not Found");
$title = '404';
include pubTemplate("404");
exit;
}
$strTag = $new['group']->find('tag', array('tagid' => $tagid));
$strTag['tagname'] = htmlspecialchars($strTag['tagname']);
//文化
$arrGroupTagId = $new['group']->findAll('tag_group_index', array('tagid' => $tagid));
if ($arrGroupTagId) {
foreach ($arrGroupTagId as $key => $item) {
$arrGroup[] = aac('group')->getOneGroup($item['groupid']);
}
}
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$url = tsUrl('group', 'tag', array('id' => urlencode($name), 'page' => ''));
$lstart = $page * 30 - 30;
$arrTagId = $new['group']->findAll('tag_topic_index', array('tagid' => $tagid), null, null, $lstart . ',30');
foreach ($arrTagId as $item) {
$strTopic = $new['group']->find('group_topic', array('topicid' => $item['topicid']));
if ($strTopic == '') {
$new['group']->delete('tag_topic_index', array('topicid' => $item['topicid'], 'tagid' => $item['tagid']));
}
$arrPlugin[$key]['name'] = $item;
$arrPlugin[$key]['about'] = (require_once 'plugins/' . $apps . '/' . $item . '/about.php');
}
}
$app_plugins = fileRead('data/' . $apps . '_plugins.php');
if ($app_plugins == '') {
$app_plugins = $tsMySqlCache->get($apps . '_plugins');
}
include template("plugin_list");
break;
//插件停启用
//插件停启用
case "do":
$apps = tsFilter($_GET['apps']);
$isused = intval($_GET['isused']);
$pname = tsFilter($_GET['pname']);
$app_plugins = fileRead('data/' . $apps . '_plugins.php');
if ($app_plugins == '') {
$app_plugins = $tsMySqlCache->get($apps . '_plugins');
}
//0停用1启用
if ($isused == '0') {
$pkey = array_search($pname, $app_plugins);
unset($app_plugins[$pkey]);
fileWrite($apps . '_plugins.php', 'data', $app_plugins);
$tsMySqlCache->set($apps . '_plugins', $app_plugins);
qiMsg("插件停用成功!");
} elseif ($isused == '1') {
array_push($app_plugins, $pname);
if (file_exists('plugins/' . $apps . '/' . $pname . '/install.sql')) {
$sql = file_get_contents('plugins/' . $apps . '/' . $pname . '/install.sql');
}
}
$usernameNum = $new['user']->findCount('user_info', array('username' => $username));
if ($usernameNum > '0') {
echo '{"info":"用户名已经存在!","status":"n"}';
} else {
echo '{"info":"验证成功!","status":"y"}';
}
break;
//验证邀请码是否使用
//验证邀请码是否使用
case "isinvitecode":
$invitecode = tsFilter($_GET['invitecode']);
$codeNum = $db->once_num_rows("select * from " . dbprefix . "user_invites where invitecode='{$invitecode}' and isused='0'");
if ($codeNum > 0) {
echo 'true';
} else {
echo 'false';
}
break;
//验证码
//验证码
case "code":
$authcode = strtolower(tsFilter($_POST["param"]));
if ($authcode == $_SESSION['verify']) {
echo '{"info":"通过!","status":"y"}';
} else {
echo '{"info":"验证码输入有误","status":"n"}';
}
break;
}
<?php
defined('IN_TS') or die('Access Denied.');
//搜索结果
$kw = urldecode(tsFilter($_GET['kw']));
if ($kw == '') {
header("Location: " . tsUrl('search'));
exit;
}
$kw = t($kw);
if (count_string_len($kw) < 2) {
header("Location: " . tsUrl('search'));
exit;
}
switch ($ts) {
case "":
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$url = tsUrl('search', 's', array('kw' => $kw, 'page' => ''));
$lstart = $page * 10 - 10;
$arrAlls = $db->fetch_all_assoc("select groupid as id,'group' as type from " . dbprefix . "group where `groupname` like '%{$kw}%' union select topicid as id,'topic' as type from " . dbprefix . "group_topic WHERE `title` like '%{$kw}%' union select userid as id,'user' as type from " . dbprefix . "user_info where username like '%{$kw}%' union select articleid as id,'article' as type from " . dbprefix . "article where `title` like '%{$kw}%' limit {$lstart},10 ");
foreach ($arrAlls as $item) {
if ($item['type'] == 'group') {
$arrGroup[] = $new['search']->find('group', array('groupid' => $item['id']));
} elseif ($item['type'] == 'topic') {
$arrTopic[] = $new['search']->find('group_topic', array('topicid' => $item['id']));
} elseif ($item['type'] == 'user') {
$arrUser[] = $new['search']->find('user_info', array('userid' => $item['id']));
} elseif ($item['type'] == 'article') {
$arrArticle[] = $new['search']->find('article', array('articleid' => $item['id']));
}
}
/**
* ThinkSAAS专用上传函数
* @param unknown $files 要上传的文件 如$_FILES['photo']
* @param unknown $projectid 上传针对的项目id 如$userid
* @param unknown $dir 上传到目录 如 user
* @param unknown $uptypes 上传类型,数组 array('jpg','png','gif')
* @return multitype:string unknown mixed |boolean 返回数组:array('name'=>'','path'=>'','url'=>'','path'=>'','size'=>'')
*/
function tsUpload($files, $projectid, $dir, $uptypes)
{
if ($files['size'] > 0) {
//上传图片大小控制
if (in_array('png', $uptypes) || in_array('jpg', $uptypes) || in_array('gif', $uptypes) || in_array('jpeg', $uptypes)) {
if ($GLOBALS['TS_SITE']['photo_size']) {
$upsize = $GLOBALS['TS_SITE']['photo_size'] * 1048576;
if ($files['size'] > $upsize) {
tsNotice('上传图片不能超过' . $GLOBALS['TS_SITE']['photo_size'] . 'M,请修改小点后再上传!');
}
}
}
$menu2 = intval($projectid / 1000);
$menu1 = intval($menu2 / 1000);
$path = $menu1 . '/' . $menu2;
$dest_dir = 'uploadfile/' . $dir . '/' . $path;
createFolders($dest_dir);
//$ext = pathinfo($files['name'],PATHINFO_EXTENSION);
$arrType = explode('.', strtolower($files['name']));
// 转小写一下
$type = array_pop($arrType);
if (in_array($type, $uptypes)) {
$name = $projectid . '.' . $type;
$dest = $dest_dir . '/' . $name;
// 先删除
unlink($dest);
// 后上传
move_uploaded_file($files['tmp_name'], mb_convert_encoding($dest, "gb2312", "UTF-8"));
chmod($dest, 0777);
$filesize = filesize($dest);
if (intval($filesize) > 0) {
return array('name' => tsFilter($files['name']), 'path' => $path, 'url' => $path . '/' . $name, 'type' => $type, 'size' => tsFilter($files['size']));
} else {
return false;
}
} else {
return false;
}
}
}
<?php
defined('IN_TS') or die('Access Denied.');
switch ($ts) {
//用户列表
case "list":
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$userid = intval($_GET['userid']);
$username = tsFilter($_GET['username']);
$arrData = null;
if ($userid > 0 && $username == '') {
$arrData = array('userid' => $userid);
} elseif ($userid == 0 && $username != '') {
$arrData = array('username' => $username);
} elseif ($userid > 0 && $username != '') {
$arrData = array('userid' => $userid, 'username' => $username);
}
$lstart = $page * 20 - 20;
$url = SITE_URL . 'index.php?app=user&ac=admin&mg=user&ts=list&userid=' . $userid . '&username='******'&page=';
$arrAllUser = $new['user']->findAll('user_info', $arrData, 'userid desc', null, $lstart . ',20');
$userNum = $new['user']->findCount('user_info');
$pageUrl = pagination($userNum, 20, $page, $url);
include template("admin/user_list");
break;
//用户编辑
//用户编辑
case "edit":
$userid = $_GET['userid'];
$strUser = $new['user']->getOneUser($userid);
include template("admin/user_edit");
break;
<?php
defined('IN_TS') or die('Access Denied.');
switch ($ts) {
case "":
$objname = tsFilter($_GET['objname']);
$idname = tsFilter($_GET['idname']);
$objid = intval($_GET['objid']);
include template("add_ajax");
break;
case "do":
$objname = tsFilter($_POST['objname']);
$idname = tsFilter($_POST['idname']);
$objid = intval($_POST['objid']);
$tags = t($_POST['tags']);
$new['tag']->addTag($objname, $idname, $objid, $tags);
tsNotice('标签添加成功!');
break;
}
<?php
if (isset($_GET['Submit'])) {
// Retrieve data
$id = $_GET['id'];
$id = tsFilter($id);
$getid = "SELECT first_name, last_name FROM users WHERE user_id = '{$id}'";
$result = mysql_query($getid) or die('<pre>' . mysql_error() . '</pre>');
$num = mysql_numrows($result);
$i = 0;
while ($i < $num) {
$first = mysql_result($result, $i, "first_name");
$last = mysql_result($result, $i, "last_name");
$html .= '<pre>';
$html .= 'ID: ' . $id . '<br>First name: ' . $first . '<br>Surname: ' . $last;
$html .= '</pre>';
$i++;
}
}
function tsFilter($value)
{
$value = trim($value);
//定义不允许提交的SQl命令和关键字
$words = array();
$words[] = "add ";
$words[] = "and ";
$words[] = "count ";
$words[] = "order ";
$words[] = "table ";
$words[] = "by ";
$words[] = "create ";
