/**
* 权限控制,默认为查看 view
*/
public function _initialize()
{
parent::_initialize();
//权限判断
if (user_info('roleid') != 1 && strpos(ACTION_NAME, 'public_') === false) {
$category_priv_db = M('category_priv');
$tmp = explode('_', ACTION_NAME, 1);
$action = strtolower($tmp[0]);
unset($tmp);
$auth = dict('auth', 'Category');
//权限列表
if (!in_array($action, array_keys($auth))) {
$action = 'view';
}
$catid = I('get.catid', 0, 'intval');
$roleid = user_info('roleid');
$info = $category_priv_db->where(array('catid' => $catid, 'roleid' => $roleid, 'action' => $action))->count();
if (!$info) {
//兼容iframe加载
if (IS_GET && strpos(ACTION_NAME, '_iframe') !== false) {
exit('<style type="text/css">body{margin:0;padding:0}</style><div style="padding:6px;font-size:12px">您没有权限操作该项</div>');
}
//普通返回
if (IS_AJAX && IS_GET) {
exit('<div style="padding:6px">您没有权限操作该项</div>');
} else {
$this->error('您没有权限操作该项');
}
}
}
}
function friend_pagesetup()
{
// register links --
global $profile_id;
global $PAGE;
global $CFG;
global $metatags;
require_once dirname(__FILE__) . "/default_template.php";
require_once dirname(__FILE__) . "/lib/friends_config.php";
$metatags .= "<link rel=\"stylesheet\" href=\"" . $CFG->wwwroot . "mod/friend/css.css\" type=\"text/css\" media=\"screen\" />";
$page_owner = $profile_id;
if (isloggedin()) {
if (defined("context") && context == "network" && $page_owner == $_SESSION['userid']) {
$PAGE->menu[] = array('name' => 'friends', 'html' => "<li><a href=\"{$CFG->wwwroot}{$_SESSION['username']}/friends/\" class=\"selected\" >" . __gettext("Contacts") . '</a></li>');
} else {
$PAGE->menu[] = array('name' => 'friends', 'html' => "<li><a href=\"{$CFG->wwwroot}{$_SESSION['username']}/friends/\" >" . __gettext("Contacts") . '</a></li>');
}
}
if (defined("context") && context == "network") {
if (user_type($page_owner) == "person" || user_type($page_owner) == "external") {
$friends_username = user_info('username', $page_owner);
$PAGE->menu_sub[] = array('name' => 'friend', 'html' => a_href("{$CFG->wwwroot}{$friends_username}/friends/", __gettext("My friends")));
/*$PAGE->menu_sub[] = array( 'name' => 'friend:of',
'html' => a_href( "{$CFG->wwwroot}{$friends_username}/friendsof/",
__gettext("Friend of")));*/
if (isloggedin() && $page_owner == $_SESSION['userid']) {
$PAGE->menu_sub[] = array('name' => 'friend:requests', 'html' => a_href("{$CFG->wwwroot}{$friends_username}/friends/requests", __gettext("Friendship requests")));
}
if (FRIENDS_FOAF) {
$PAGE->menu_sub[] = array('name' => 'friend:foaf', 'html' => a_href("{$CFG->wwwroot}{$friends_username}/foaf/", __gettext("FOAF")));
}
}
}
}
function messages_pagesetup()
{
// register links --
global $profile_id, $PAGE, $CFG, $metatags, $function, $USER;
$pgowner = $profile_id;
require_once $CFG->dirroot . "mod/messages/lib/messages_config.php";
require_once $CFG->dirroot . "mod/messages/default_template.php";
if (isloggedin() && user_info("user_type", $_SESSION['userid']) != "external") {
// Add the JavaScript functions
// Lose the trailing slash
$url = substr($CFG->wwwroot, 0, -1);
$metatags .= "<script language=\"javascript\" type=\"text/javascript\" src=\"{$url}/mod/messages/messages.js\"></script>";
$metatags .= "<link rel=\"stylesheet\" href=\"" . $CFG->wwwroot . "mod/messages/css.css\" type=\"text/css\" media=\"screen\" />";
$messages = count_records_select('messages', 'to_id=' . $USER->ident . " AND status='unread'");
if (defined("context") && context == "messages" && $pgowner == $_SESSION['userid']) {
$PAGE->menu[] = array('name' => 'messages', 'html' => '<li><a href="' . $CFG->wwwroot . $_SESSION['username'] . '/messages/" class="selected">' . __gettext("Messages") . " ({$messages})" . '</a></li>');
} else {
$PAGE->menu[] = array('name' => 'messages', 'html' => '<li><a href="' . $CFG->wwwroot . $_SESSION['username'] . '/messages/">' . __gettext("Messages") . " ({$messages})" . '</a></li>');
}
if (profile_permissions_check("profile") && defined("context") && context == "messages") {
if (user_type($pgowner) == "person") {
$PAGE->menu_sub[] = array('name' => 'messages:list', 'html' => '<a href="' . $CFG->wwwroot . $_SESSION['username'] . '/messages/">' . __gettext("View Messages") . '</a>');
$PAGE->menu_sub[] = array('name' => 'messages:compose', 'html' => '<a href="' . $CFG->wwwroot . $_SESSION['username'] . '/messages/compose">' . __gettext("Compose") . '</a>');
$PAGE->menu_sub[] = array('name' => 'messages:sent', 'html' => '<a href="' . $CFG->wwwroot . $_SESSION['username'] . '/messages/sent">' . __gettext("Sent Messages") . '</a>');
}
}
}
}
function newsclient_pagesetup()
{
// register links --
global $profile_id;
global $PAGE;
global $CFG;
$page_owner = $profile_id;
$rss_username = user_info('username', $page_owner);
if (isloggedin()) {
/*if (defined("context") && context == "resources" && $page_owner == $_SESSION['userid']) {
$PAGE->menu[] = array( 'name' => 'feeds',
'html' => "<li><a href=\"{$CFG->wwwroot}{$_SESSION['username']}/feeds/\" class=\"selected\" >" .__gettext("Your Resources").'</a></li>');
} else {
$PAGE->menu[] = array( 'name' => 'feeds',
'html' => "<li><a href=\"{$CFG->wwwroot}{$_SESSION['username']}/feeds/\" >" .__gettext("Your Resources").'</a></li>');
}*/
}
if (defined("context") && context == "resources") {
if ($page_owner != -1) {
$PAGE->menu_sub[] = array('name' => 'newsfeed:subscription', 'html' => a_href($CFG->wwwroot . $rss_username . "/feeds/", __gettext("Feeds")));
if (permissions_check("profile", $page_owner) && isloggedin()) {
$PAGE->menu_sub[] = array('name' => 'newsfeed:subscription:publish:blog', 'html' => a_href($CFG->wwwroot . "_rss/blog.php?profile_name=" . user_info("username", $page_owner), __gettext("Publish to blog")));
}
$PAGE->menu_sub[] = array('name' => 'newsclient', 'html' => a_href($CFG->wwwroot . $rss_username . "/feeds/all/", __gettext("View aggregator")));
}
$PAGE->menu_sub[] = array('name' => 'feed', 'html' => a_href($CFG->wwwroot . "_rss/popular.php", __gettext("Popular Feeds")));
/*
$PAGE->menu_sub[] = array( 'name' => 'feed',
'html' => a_href( $CFG->wwwroot."help/feeds_help.php",
"Page help"));
*/
}
}
function GZ_user_info($user_id)
{
global $db, $ecs;
$user_info = user_info($user_id);
$collection_num = $db->getOne("SELECT COUNT(*) FROM " . $ecs->table('collect_goods') . " WHERE user_id='{$user_id}' ORDER BY add_time DESC");
$await_pay = $db->getOne("SELECT COUNT(*) FROM " . $ecs->table('order_info') . " WHERE user_id = '{$user_id}'" . GZ_order_query_sql('await_pay'));
$await_ship = $db->getOne("SELECT COUNT(*) FROM " . $ecs->table('order_info') . " WHERE user_id = '{$user_id}'" . GZ_order_query_sql('await_ship'));
$shipped = $db->getOne("SELECT COUNT(*) FROM " . $ecs->table('order_info') . " WHERE user_id = '{$user_id}'" . GZ_order_query_sql('shipped'));
$finished = $db->getOne("SELECT COUNT(*) FROM " . $ecs->table('order_info') . " WHERE user_id = '{$user_id}'" . GZ_order_query_sql('finished'));
// include_once(ROOT_PATH .'includes/lib_clips.php');
// $rank = get_rank_info();
// print_r($rank);exit;
/* 取得用户等级 */
if ($user_info['user_rank'] == 0) {
// 非特殊等级,根据等级积分计算用户等级(注意:不包括特殊等级)
$sql = 'SELECT rank_id, rank_name FROM ' . $GLOBALS['ecs']->table('user_rank') . " WHERE special_rank = '0' AND min_points <= " . intval($user_info['rank_points']) . ' AND max_points > ' . intval($user_info['rank_points']);
} else {
// 特殊等级
$sql = 'SELECT rank_id, rank_name FROM ' . $GLOBALS['ecs']->table('user_rank') . " WHERE rank_id = '{$user_info['user_rank']}'";
}
if ($row = $GLOBALS['db']->getRow($sql)) {
$user_info['user_rank_name'] = $row['rank_name'];
} else {
$user_info['user_rank_name'] = '非特殊等级';
}
$sql = 'SELECT * FROM ' . $GLOBALS['ecs']->table('user_rank') . " WHERE special_rank = '0' AND min_points = '0'";
$row = $GLOBALS['db']->getRow($sql);
if ($user_info['user_rank_name'] == $row['rank_name']) {
$level = 0;
} else {
$level = 1;
}
return array('id' => $user_info['user_id'], 'name' => $user_info['user_name'], 'rank_name' => $user_info['user_rank_name'], 'rank_level' => $level, 'collection_num' => $collection_num, 'email' => $user_info['email'], "order_num" => array('await_pay' => $await_pay, 'await_ship' => $await_ship, 'shipped' => $shipped, 'finished' => $finished));
}
/**
* 获取工具栏按钮
* @param $id
* @return array
*/
public function getToolBar($id)
{
$roleid = user_info('roleid');
$result = $this->where(array('parentid' => $id, 'display' => 1, 'toolbar' => 1))->order('listorder ASC')->limit(1000)->select();
//菜单图标
foreach ($result as &$info) {
$info['icon'] = menu_icon($info['level'], $info['icon']);
}
//权限检查
if ($roleid == 1) {
return $result ? $result : array();
}
$admin_role_priv_db = M('admin_role_priv');
$array = array();
foreach ($result as $v) {
$action = $v['a'];
if (preg_match('/^public_/', $action)) {
$array[] = $v;
} else {
if (preg_match('/^ajax_(\\w+)_/', $action, $_match)) {
$action = $_match[1];
}
$r = $admin_role_priv_db->where(array('c' => $v['c'], 'a' => $action, 'roleid' => $roleid))->find();
if ($r) {
$array[] = $v;
}
}
}
return $array;
}
function user_link($id = false, $blank = false)
{
$data = user_info($id);
if (!$data) {
return '<span class="user_link">Гость</span>';
}
return '<span class="user_link"><img src="' . URL . '/tpl/img/icons/user.png" alt="" style="vertical-align:middle;"/> <a href="' . URL . '/user/' . $id . '/"' . ($blank ? ' target="_blank"' : '') . '>' . $data['name'] . '</a></span>';
}
function init()
{
# Okay, init user session with it's login & password
$login = @$_COOKIE['login'];
$passw = @$_COOKIE['passw'];
$uid = user_password($login, $passw, true);
if (!$uid) {
return $this->error('LOGIN_ERROR', 'Invalid login or password');
}
$uinfo = user_info($uid);
$this->make_sid($uid);
# Generate SID
echo '<user>';
echo '<sid>' . $this->sid . '</sid>';
echo '<lk>' . $this->lk . '</lk>';
echo '<uid>' . $uid . '</uid>';
echo '<name>' . htmlspecialchars($uinfo['name']) . '</name>';
echo '<seed>' . mt_rand() . '</seed>';
echo '</user>' . "\n";
# Version info
if (@$_COOKIE['v'] && @$_COOKIE['os']) {
$ver = explode('.', $_COOKIE['v']);
$ver = sprintf('%02d%02d%02d', @$ver[0], @$ver[1], @$ver[2]);
$ver = intval($ver);
$os = preg_replace('/[^a-z0-9]/', '', strtolower($_COOKIE['os']));
# Check version
$lastv = ldb_select('client_version', array('ver', 'veri', 'tms_publish'), '`veri`>' . $ver . ' AND `os_' . $os . '`=\'Y\' AND `published`=\'Y\' ORDER BY `veri` DESC LIMIT 1');
$lastv = @$lastv[0];
if ($lastv) {
echo '<newversion ver="' . $lastv['ver'] . '" tms_publish="' . $lastv['tms_publish'] . '"/>' . "\n";
}
}
include_once CORE_PATH . '/ttl.php';
echo '<ttl default="' . $GLOBALS['ttl_def'] . '">' . "\n";
foreach ($GLOBALS['ttl'] as $k => $v) {
echo '<rec name="' . htmlspecialchars($v) . '" value="' . $k . '"' . ($k == $GLOBALS['ttl'] ? ' default="default"' : '') . '/>' . "\n";
}
echo '</ttl>' . "\n";
# Get file list...
$u_list = ldb_select('upload', '*', '`uid`=' . $uid . ' ORDER BY `tms_upload` ASC');
echo '<uploads>' . "\n";
for ($x = 0; $x < count($u_list); $x++) {
echo '<upload id="' . $u_list[$x]['id'] . '" code="' . $u_list[$x]['code'] . '" ph="' . $u_list[$x]['ph'] . '" comment="' . htmlspecialchars($u_list[$x]['comment']) . '" tms_upload="' . $u_list[$x]['tms_upload'] . '" tms_last="' . $u_list[$x]['tms_last'] . '" ttl="' . $u_list[$x]['ttl'] . '" tms_delete="' . $u_list[$x]['tms_delete'] . '" prolong="' . ($u_list[$x]['prolong'] == 'Y' ? 1 : 0) . '">';
echo '<files>';
$f_list = ldb_select('file', '*', '`upid`=' . $u_list[$x]['id'] . ' ORDER BY `tms_add` ASC');
for ($f = 0; $f < count($f_list); $f++) {
echo '<file id="' . $f_list[$f]['id'] . '" n="' . $f_list[$f]['upn'] . '" dh="' . $f_list[$f]['dh'] . '" name="' . htmlspecialchars($f_list[$f]['file_name']) . '" size="' . $f_list[$f]['file_size'] . '" tms_add="' . $f_list[$f]['tms_add'] . '"/>';
}
echo '</files>';
echo '</upload>';
}
echo '</uploads>' . "\n";
# Save data
return;
}
/**
* Weblog class constructor
*
* <p>Will set all weblog properties, if the provided weblog id exist
* (which effectively will be a user id, regardless if one is dealing
* with a person or a community - for Elgg both are users).</p>
*
* @param int $user_id The user id.
* @param int $blog_id The weblog id.
*/
function Weblog($user_id, $blog_id)
{
$this->community = false;
// dealing with community or not
// username/id conversions
if (is_numeric($user_id)) {
$this->user_id = $user_id;
} elseif (is_string($user_id)) {
$this->user_id = user_info_username('ident', $user_id);
}
if (is_numeric($blog_id)) {
$this->ident = $blog_id;
} elseif (is_string($blog_id)) {
$this->ident = user_info_username('ident', $blog_id);
}
// Are we dealing with a person or a community?
if (user_type($this->ident) == "person") {
if ($result = get_record('users', 'ident', $this->user_id)) {
$this->user_name = $result->name;
$this->user_username = $result->username;
}
$posts = get_records_select('weblog_posts', "owner = ? AND weblog = ?", array($this->user_id, $this->user_id), 'posted DESC');
$this->blog_name = $this->user_name;
$this->blog_username = $this->user_username;
$this->owner = $this->user_id;
} else {
// It's a community
$this->community = true;
// Get the owner
$this->owner = user_info('owner', $this->ident);
// Inject an SQL restriction if the user is not owner
$sql_insert = "";
if ($this->owner != $this->user_id) {
$sql_insert = " and owner = {$this->user_id} ";
}
if ($result = get_record('users', 'ident', $this->ident)) {
$this->blog_name = $result->name;
$this->blog_username = $result->username;
}
$posts = get_records_select('weblog_posts', "weblog = {$this->ident} {$sql_insert}", null, 'posted DESC');
$user = run('users:instance', array('user_id' => $this->user_id));
$this->user_name = $user->getName();
$this->user_username = $user->getUserName();
}
$this->posts = array();
if (is_array($posts) && sizeof($posts) > 0) {
foreach ($posts as $post) {
$this->posts[] = $post->ident;
}
} else {
}
}
/**
* 登录验证
*/
public function login($username, $password)
{
$times_db = M('times');
//查询帐号
$info = $this->where(array('username' => $username, 'status' => 1))->find();
if (!$info) {
$this->error = '用户不存在!';
return false;
}
//密码错误剩余重试次数
$rtime = $times_db->where(array('username' => $username, 'type' => '0'))->find();
if ($rtime['times'] >= C('MAX_LOGIN_TIMES')) {
$minute = C('LOGIN_WAIT_TIME') - floor((time() - $rtime['time']) / 60);
if ($minute > 0) {
$this->error = "密码重试次数太多,请过{$minute}分钟后重新登录!";
return false;
} else {
$times_db->where(array('username' => $username, 'type' => '0'))->delete();
}
}
$password = md5(md5($password) . $info['encrypt']);
$ip = get_client_ip(0, true);
if ($info['password'] != $password) {
if ($rtime && $rtime['times'] < C('MAX_LOGIN_TIMES')) {
$times = C('MAX_LOGIN_TIMES') - intval($rtime['times']);
$times_db->where(array('username' => $username, 'type' => '0'))->save(array('ip' => $ip));
$times_db->where(array('username' => $username, 'type' => '0'))->setInc('times');
} else {
$times_db->where(array('username' => $username, 'type' => '0'))->delete();
$times_db->add(array('username' => $username, 'ip' => $ip, 'type' => '0', 'time' => time(), 'times' => 1));
$times = C('MAX_LOGIN_TIMES');
}
$this->error = "密码错误,您还有{$times}次尝试机会!";
return false;
}
$times_db->where(array('username' => $username, 'type' => '0'))->delete();
$this->where(array('userid' => $info['userid']))->save(array('lastloginip' => $ip, 'lastlogintime' => time()));
//登录日志
$admin_log_db = M('admin_log');
$admin_log_db->add(array('userid' => $info['userid'], 'username' => $username, 'httpuseragent' => $_SERVER['HTTP_USER_AGENT'], 'ip' => $ip, 'time' => date('Y-m-d H:i:s'), 'type' => 'login', 'sessionid' => session_id()));
$admin_role_db = D('AdminRole');
$roleInfo = $admin_role_db->field(array('rolename', 'roleid'))->where(array('roleid' => $info['roleid'], 'status' => 1))->find();
if (!$roleInfo) {
$this->error = '用户已被冻结!';
return false;
}
$info['rolename'] = $roleInfo['rolename'];
user_info('', $info);
//登录信息更新
S('USER_LOGIN_INFO_' . $info['userid'], array('sessid' => session_id(), 'time' => date('Y-m-d H:i:s'), 'useragent' => $_SERVER['HTTP_USER_AGENT'], 'ip' => $ip, 'identity' => cookie('identity')));
return true;
}
function template_pagesetup()
{
// register links --
global $profile_id;
global $PAGE;
global $CFG;
$page_owner = $profile_id;
if (defined("context") && context == "account" && !$CFG->disable_templatechanging && user_info("user_type", $_SESSION['userid']) != "external") {
if ($page_owner == $_SESSION['userid'] && $page_owner != -1) {
$PAGE->menu_sub[] = array('name' => 'template:change', 'html' => a_href("{$CFG->wwwroot}mod/template/", __gettext("Change theme")));
}
}
$CFG->templates->variables_substitute['templatesroot'][] = "templates_root";
}
function a_home_pagesetup()
{
// register links --
global $profile_id;
global $PAGE;
global $CFG;
$page_owner = $profile_id;
$rss_username = user_info('username', $page_owner);
define("home", $context);
if (isloggedin()) {
if (defined("context") && context == "home" && $page_owner == $_SESSION['userid']) {
$PAGE->menu[] = array('name' => 'home', 'html' => "<li><a href=\"{$CFG->wwwroot}/ \" class=\"selected\" >" . __gettext("Home") . '</a></li>');
} else {
$PAGE->menu[] = array('name' => 'home', 'html' => "<li><a href=\"{$CFG->wwwroot} \" >" . __gettext("Home") . '</a></li>');
}
}
}
function display_wad_table($limit = 0)
{
echo "\n<table>\n\t<tr>\n\t\t<th></th>\n\t\t<th>File</th>\n\t\t<th>Size</th>\n\t\t<th>Uploaded by</th>\n\t\t<th>Date and time</th>\n\t\t<th>MD5</th>\n\t</tr>\n";
$db = getsql();
$limitstring = '';
if ($limit > 0) {
$limitstring = " LIMIT {$limit}";
}
$q = $db->query("SELECT * FROM `wads` ORDER BY `time` DESC {$limitstring}");
if ($q->num_rows < 1) {
echo "\n<div id='serversbox'>\n\t<div style='width: 100%; text-align: center'>\n\t\tThere are no WADs uploaded yet.\n\t\t";
if (is_authed()) {
echo "\n\t\t<br />\n\t\tFeel free to upload one from the main WADs page.\n\t\t";
}
echo "\n\t</div>\n</div>\n\t\t\t\t\t";
} elseif ($q->num_rows > 0) {
while ($o = $q->fetch_object()) {
$id = $o->id;
$size = human_filesize(filesize(disciple_json()->serverdata . '/wads/' . $o->filename));
$filename = $o->filename;
$uploader = $o->uploader;
$uploader_name = user_info($uploader)->username;
$time = date('Y-m-d \\a\\t H:i:s', $o->time);
echo "\n<tr id='wadrow-{$id}'>\n\t<td>\n";
if (is_authed()) {
if (user_info()->userlevel >= UL_ADMINISTRATOR || $uploader == $_SESSION['id']) {
echo "<a href='javascript:deleteWad({$id});' title='Delete'><i class='material-icons'>delete</i></a>";
}
if (user_info()->userlevel >= UL_ADMINISTRATOR) {
if ($db->query("SELECT * FROM `wadbans` WHERE `md5`='" . $o->md5 . "'")->num_rows == 0) {
echo "<a href='javascript:banWad({$id});' title='Ban'><i class='material-icons'>not_interested</i></a>";
} else {
echo "<a href='javascript:unbanWad({$id});' title='Unban'><i class='material-icons'>done</i></a>";
}
}
}
echo "\n</td>\n<td><a href='/wads/{$filename}'>{$filename}</a></td>\n<td>{$size}</td>\n<td>{$uploader_name}</td>\n<td>{$time}</td>\n<td id='wadmd5-{$id}'><a href='javascript:wadMd5({$id});'>Show</a></td>\n</tr>\n";
}
echo "</table>";
}
}
function view()
{
global $data;
global $page_owner;
global $CFG;
/*$run_result = '';
$usertype = user_type($page_owner);
$icon = user_info('icon',$page_owner);
$username = user_info('username',$page_owner);
$icon_url = $CFG->wwwroot.'_icon/user/'.$icon.'/w/240';
// $first_column_fields = array('biography','likes','dislikes');
// $id_block_fields = array('gender','town','country','birth_date');
// Cycle through all defined profile detail fields and display them
$allvalues = get_records('profile_data','owner',$this->id);
$first_column_fields = array();
$second_column_fields = array();
$firstcol = "";
$secondcol = "";
foreach($data['profile:details'] as $field) {
if (is_array($field)) {
$flabel = !empty($field[0]) ? $field[0] : '';
$fname = !empty($field[1]) ? $field[1] : '';
$ftype = !empty($field[2]) ? $field[2] : '';
$fblurb = !empty($field[3]) ? $field[3] : '';
$fusertype = !empty($field[4]) ? $field[4] : '';
$finvisible = false;
$frequired = false;
$fcat = __gettext("Main");
// Otherwise map things the new way!
} else {
$flabel = $field->name;
$fname = $field->internal_name;
$ftype = $field->field_type;
$fblurb = $field->description;
$fusertype = $field->user_type;
$finvisible = $field->invisible;
$frequired = $field->required;
if (!isset($field->col1)) {
$col1 = false;
} else {
$col1 = $field->col1;
$first_column_fields[] = $fname;
}
if (!isset($field->col2)) {
$col2 = false;
} else {
$col2 = $field->col2;
$second_column_fields[] = $fname;
}
if (!empty($field->category)) {
$fcat = $field->category;
} else {
$fcat = __gettext("Main");
}
}
if (empty($fusertype) || $usertype == $fusertype) {
// $field is an array, with the name
// of the field in $field[0]
if (in_array($fname,$first_column_fields)) {
$firstcol .= $this->field_display($field,$allvalues);
} else if (in_array($fname,$second_column_fields)) {
$secondcol .= $this->field_display($field,$allvalues);
}
}
}*/
// $other_fields = array_merge($first_column_fields,$second_column_fields);
//$run_result .= '<div class="profile_main">'."\n";
//$run_result .= '<div class="profile_primary">'."\n";
// $run_result .= '<div class="profile_icon"><img src="'.$icon_url.'"></div>'."\n";
//$run_result .= $firstcol;
/*$run_result .= templates_draw(array(
'context' => 'databox1',
'name' => __gettext("Extended profile"),
'column1' => "<a href=\"{$CFG->wwwroot}profile/extended.php?profile_name={$username}\">" . __gettext("Click here to view extended profile") . "</a>"
)
);*/
//$run_result .= '</div>'."\n";
//$run_result .= '<div class="profile_secondary">'."\n";
//$run_result .= $secondcol;
//$run_result .= "</div>\n";
//$run_result .= '<div class="profile_main_bottom"></div>'."</div>\n";
/*//Pruebas con el perfil extendido
$profile_name = optional_param('profile_name', '', PARAM_ALPHANUM);
if (!empty($profile_name)) {
$profile_id = user_info_username('ident', $profile_name);
}
if (empty($profile_id)) {
$profile_id = optional_param('profile_id', -1, PARAM_INT);
}
// and the page_owner naturally
$page_owner = $profile_id;
define("context", "profile");
//templates_page_setup();
// init library
$profile = new ElggProfile($profile_id);
$title = user_name($profile_id); //$profile->display_name();
$body = $profile->view();
$run_result .= $body;*/
// Draw the user's comment wall
if (function_exists("commentwall_displayonprofile")) {
$offset = optional_param('offset', 0);
$limit = optional_param('limit', 3);
$run_result .= commentwall_displayonprofile($page_owner, $limit, $offset);
}
$view = array();
$view['body'] = $run_result;
$run_result = '';
$username = user_info('username', $this->id);
$run_result .= '<div id="profile_widgets">' . "\n";
$run_result .= widget_page_display($page_owner, 'profile', 0, 2);
$run_result .= "</div>\n";
$view['body'] .= $run_result;
return $view;
}
<?
//TODO: Redo html
if (!check_perms('admin_manage_permissions')) { error(403); }
if(!isset($_REQUEST['userid']) || !is_number($_REQUEST['userid'])){ error(404); }
include(SERVER_ROOT."/classes/permissions_form.php");
list($UserID, $Username, $PermissionID) = array_values(user_info($_REQUEST['userid']));
$DB->query("SELECT
p.Values,
u.CustomPermissions
FROM users_main AS u
LEFT JOIN permissions AS p ON u.PermissionID=p.ID
WHERE u.ID='$UserID'");
list($Defaults,$Customs)=$DB->next_record(MYSQLI_NUM, array(0,1));
$Defaults = unserialize($Defaults);
$Delta=array();
if (isset($_POST['action'])) {
foreach ($PermissionsArray as $Perm => $Explaination) {
$Setting = (isset($_POST['perm_'.$Perm]))?1:0;
$Default = (isset($Defaults[$Perm]))?1:0;
if ($Setting != $Default) {
$Delta[$Perm] = $Setting;
}
}
$Cache->begin_transaction('user_info_heavy_'.$UserID);
function photogallery_folder_view($folder)
{
global $CFG, $metatags, $messages;
require_once $CFG->dirroot . 'lib/filelib.php';
$metatags .= file_get_contents($CFG->dirroot . "mod/photogallery/css");
$metatags .= <<<END
<script type="text/javascript">
var elggWwwRoot = "{$CFG->wwwroot}";
</script>
<script type="text/javascript" src="{$CFG->wwwroot}mod/photogallery/lightbox/js/prototype.js"></script>
<script type="text/javascript" src="{$CFG->wwwroot}mod/photogallery/lightbox/js/scriptaculous.js?load=effects"></script>
<script type="text/javascript" src="{$CFG->wwwroot}mod/photogallery/lightbox/js/lightbox.js"></script>
<link rel="stylesheet" href="{$CFG->wwwroot}mod/photogallery/lightbox/css/lightbox.css" type="text/css" media="screen" />
END;
$file_html = "";
$photo_html = "";
$folder_html = "";
// Get all the files in this folder
if ($files = get_records_select('files', "folder = ? AND files_owner = ? ORDER BY time_uploaded desc", array($folder->ident, $folder->files_owner))) {
foreach ($files as $file) {
if (run("users:access_level_check", $file->access) == true) {
$image = $CFG->wwwroot . "_files/icon.php?id=" . $file->ident . "&w=200&h=200";
$filepath = $CFG->wwwroot . user_info("username", $file->files_owner) . "/files/{$folder->ident}/{$file->ident}/" . urlencode($file->originalname);
$image = "<a href=\"{$CFG->wwwroot}_files/icon.php?id={$file->ident}&w=500&h=500\" rel=\"lightbox[folder]\"><img src=\"{$image}\" /></a>";
$fileinfo = round($file->size / 1048576, 4) . "Mb";
$filelinks = file_edit_links($file);
$uploaded = sprintf(__gettext("Uploaded on %s"), strftime("%A, %d %B %Y", $file->time_uploaded));
$keywords = display_output_field(array("", "keywords", "file", "file", $file->ident, $file->owner));
$mimetype = mimeinfo('type', $file->originalname);
if (empty($file->title)) {
$file->title = __gettext("No title");
}
if (substr_count($mimetype, "image") > 0) {
$photo_html .= <<<END
<div class="photogallery-photo-container">
<div class="photogallery-photo-image">
{$image}
</div>
<div class="photogallery-photo-info">
<h2 class="photogallery-photo-title"><a href="{$filepath}" >{$file->title}</a></h2>
<p class="photogallery-photo-description">
{$file->description}
</p>
<p class="photogallery-photo-keywords">
{$keywords}
</p>
<p class="photogallery-photo-infobar">
{$uploaded}<br />
{$fileinfo} {$mimetype} {$filelinks}
</p>
</div>
</div>
END;
} else {
$file_html .= <<<END
<div class="photogallery-file-container">
<div class="photogallery-file-image">
<a href="{$filepath}">{$image}</a>
</div>
<div class="photogallery-file-info">
<h2 class="photogallery-file-title"><a href="{$filepath}">{$file->title}</a></h2>
<p>{$file->description}</p>
<p class="photogallery-file-keywords">
{$keywords}
</p>
<p class="photogallery-file-infobar">
{$uploaded}<br />
{$fileinfo} {$mimetype} {$filelinks}
</p>
</div>
</div>
END;
}
}
}
}
if ($subfolders = get_records_select('file_folders', "parent = ? AND files_owner = ? ORDER BY name desc", array($folder->ident, $folder->owner))) {
foreach ($subfolders as $subfolder) {
$folderlinks = file_folder_edit_links($subfolder);
$keywords = display_output_field(array("", "keywords", "folder", "folder", $subfolder->ident, $subfolder->owner));
$filepath = $CFG->wwwroot . user_info("username", $folder->files_owner) . "/files/" . $subfolder->ident;
$folder_html .= <<<END
<div class="photogallery-file-container">
<div class="photogallery-file-image">
<a href="{$filepath}"><img src="{$CFG->wwwroot}_files/folder.png" /></a>
</div>
<div class="photogallery-file-info">
<h2 class="photogallery-file-title"><a href="{$filepath}">{$subfolder->name}</a></h2>
<p class="photogallery-file-keywords">
{$keywords}
</p>
<p class="photogallery-file-infobar">
{$folderlinks}
</p>
</div>
</div>
END;
}
}
if (!empty($file_html)) {
$file_html = "<h2>" . __gettext("Non-photo files") . "</h2>" . $file_html;
}
if (!empty($folder_html)) {
$folder_html = "<h2>" . __gettext("Subfolders") . "</h2>" . $folder_html;
}
$body = $photo_html . $file_html . $folder_html;
if (empty($body)) {
$body = "<p>" . __gettext("This folder is currently empty.") . "</p>";
}
return $body;
}
/**
* 获取需要显示的银行
* @ReturnRes 为空是仅仅返回支付银行,否则返回完整html格式
* @retuen array 支付方式
**/
function show_bank($ReturnRes = '')
{
//dump()
//增加区分网页版支付还是手机平台支付 Platform_pay '系统平台支付 0:默认 电脑版 1:手机版wap支付方式'
$BankList = $GLOBALS['db']->getAll("select bank_name,bank_code,bank_img from " . $GLOBALS['ecs']->table('show_bank') . " where state = 1 AND Platform_pay = 0");
if (!$BankList) {
return false;
}
if (!$ReturnRes) {
$arr = shou_bank_height($BankList, $num = 3);
$BankList['css']['height'] = $arr['height'];
$BankList['css']['andHeight'] = $arr['andHeight'];
return $BankList;
} else {
$BankHtml = '';
$BankHtml .= '<div class="flowBox">';
$BankHtml .= '<style>.zhifu li{width:205px;height:40px;float:left;margin:10px 0 0 30px;}';
$BankHtml .= '.zhifu input{float:left;margin-top:10px;}';
$BankHtml .= '.zhifu img{width:120px;height:30px;}';
$BankHtml .= '</style>';
$BankHtml .= '<script>function morezhifu(){document.getElementById("zhifu").style.height ="100px";
document.getElementById("jsa").style.display="none";
document.getElementById("zhifuand").style.display="";}</script>';
$BankHtml .= '<h6><span>支付方式</span></h6>';
if ($GLOBALS['_SESSION']['user_id']) {
$user_info = user_info($GLOBALS['_SESSION']['user_id']);
$BankHtml .= '<ul class="zhifu" id="yue" style="width:920px;height:50px;border-bottom:1px solid #B5877D;margin-left:10px;">';
$BankHtml .= '<li style="margin-left:20px;margin-top:15px;height:30px;">';
$BankHtml .= '<input style="margin-top:2px;" type="radio" value="1" name="payment">';
$BankHtml .= '使用余额支付(余额' . $user_info['user_money'] . ')</li></ul>';
}
$arr = shou_bank_height($BankList, $num = 4);
$height = $arr['height'];
$andHeight = $arr['andHeight'];
$BankHtml .= '<ul class="zhifu" id="zhifu" style="width:950px;height:' . $height . 'px;">';
foreach ($BankList as $k => $v) {
$k++;
$BankHtml .= '<li><input type="radio" value="' . $v['bank_code'] . '" name="payment"><img src="' . $v['bank_img'] . '" ></li>';
if (count($BankList) > 8 && $k == 8) {
$BankHtml .= '<li id="jsa"><a href="javascript:morezhifu();" style="color:#E66A14;">更多银行 >></a></li></ul>';
$BankHtml .= '<ul class="zhifu" id="zhifuand" style="width:950px;height:' . $andHeight . 'px;display:none;">';
}
}
$BankHtml .= '</ul>';
if ($GLOBALS['_SESSION']['user_id']) {
$BankHtml .= '<ul class="" id="cod" style="width:920px;height:40px;border-top:1px solid #B5877D;margin-left:10px;">';
$BankHtml .= '<li style="margin-left:20px;margin-top:15px;height:30px;">';
$BankHtml .= '<input style="margin-top:2px;" type="radio" value="2" name="payment">货到付款</li></ul>';
}
$BankHtml .= '</div>';
return $BankHtml;
}
}
function cancel_delivery($order_id, $delivery_id)
{
global $db, $ecs;
/* 取得参数 */
$delivery = '';
/* 根据发货单id查询发货单信息 */
if (!empty($delivery_id)) {
$delivery_order = delivery_order_info($delivery_id);
} else {
sys_msg('订单号不能为空!', 1);
}
/* 查询订单信息 */
$order = order_info($order_id);
/* 取消当前发货单物流单号 */
$_delivery['invoice_no'] = '';
$_delivery['status'] = 2;
$query = $db->autoExecute($ecs->table('delivery_order'), $_delivery, 'UPDATE', "delivery_id = {$delivery_id}", 'SILENT');
if (!$query) {
/* 操作失败 */
$links[] = array('text' => $GLOBALS['_LANG']['delivery_sn'] . $GLOBALS['_LANG']['detail'], 'href' => 'order.php?act=delivery_info&delivery_id=' . $delivery_id);
sys_msg($GLOBALS['_LANG']['act_false'], 1, $links);
exit;
}
/* 修改定单发货单号 */
$invoice_no_order = explode('<br>', $order['invoice_no']);
$invoice_no_delivery = explode('<br>', $delivery_order['invoice_no']);
foreach ($invoice_no_order as $key => $value) {
$delivery_key = array_search($value, $invoice_no_delivery);
if ($delivery_key !== false) {
unset($invoice_no_order[$key], $invoice_no_delivery[$delivery_key]);
if (count($invoice_no_delivery) == 0) {
break;
}
}
}
$_order['invoice_no'] = implode('<br>', $invoice_no_order);
/* 更新配送状态 */
$order_finish = get_all_delivery_finish($order_id);
$shipping_status = $order_finish == -1 ? SS_SHIPPED_PART : SS_SHIPPED_ING;
$arr['shipping_status'] = $shipping_status;
if ($shipping_status == SS_SHIPPED_ING) {
$arr['shipping_time'] = '';
// 发货时间
}
$arr['invoice_no'] = $_order['invoice_no'];
update_order($order_id, $arr);
/* 发货单取消发货记录log */
order_action($order['order_sn'], $order['order_status'], $shipping_status, $order['pay_status'], $action_note, null, 1);
/* 如果使用库存,则增加库存 */
if ($_CFG['use_storage'] == '1' && $_CFG['stock_dec_time'] == SDT_SHIP) {
// 检查此单发货商品数量
$virtual_goods = array();
$delivery_stock_sql = "SELECT DG.goods_id, DG.product_id, DG.is_real, SUM(DG.send_number) AS sums\r\n FROM " . $GLOBALS['ecs']->table('delivery_goods') . " AS DG\r\n WHERE DG.delivery_id = '{$delivery_id}'\r\n GROUP BY DG.goods_id ";
$delivery_stock_result = $GLOBALS['db']->getAll($delivery_stock_sql);
foreach ($delivery_stock_result as $key => $value) {
/* 虚拟商品 */
if ($value['is_real'] == 0) {
continue;
}
//(货品)
if (!empty($value['product_id'])) {
$minus_stock_sql = "UPDATE " . $GLOBALS['ecs']->table('products') . "\r\n SET product_number = product_number + " . $value['sums'] . "\r\n WHERE product_id = " . $value['product_id'];
$GLOBALS['db']->query($minus_stock_sql, 'SILENT');
}
$minus_stock_sql = "UPDATE " . $GLOBALS['ecs']->table('goods') . "\r\n SET goods_number = goods_number + " . $value['sums'] . "\r\n WHERE goods_id = " . $value['goods_id'];
$GLOBALS['db']->query($minus_stock_sql, 'SILENT');
}
}
/* 发货单全退回时,退回其它 */
if ($order['order_status'] == SS_SHIPPED_ING) {
/* 如果订单用户不为空,计算积分,并退回 */
if ($order['user_id'] > 0) {
/* 取得用户信息 */
$user = user_info($order['user_id']);
/* 计算并退回积分 */
$integral = integral_to_give($order);
log_account_change($order['user_id'], 0, 0, -1 * intval($integral['rank_points']), -1 * intval($integral['custom_points']), sprintf($GLOBALS['_LANG']['return_order_gift_integral'], $order['order_sn']));
/* todo 计算并退回红包 */
return_order_bonus($order_id);
}
}
/* 清除缓存 */
clear_cache_files();
/* 操作成功 */
$links[] = array('text' => $GLOBALS['_LANG']['delivery_sn'] . $GLOBALS['_LANG']['detail'], 'href' => 'order.php?act=delivery_info&delivery_id=' . $delivery_id);
sys_msg($GLOBALS['_LANG']['act_ok'], 0, $links);
}
/**
* Return the basic HTML for a message (given its database row),
* where the title is a heading 2 and the body is in a paragraph.
*
* @param string $message the message body
* @return string HTML output
* @todo TODO refactor, separate display and logic
* @author Ben WerdMuller <*****@*****.**>
*/
function display_message($message)
{
global $CFG;
if ($message->from_id == -1) {
$from->name = __gettext("System");
} else {
$from = get_record_sql("select * from " . $CFG->prefix . "users where ident = " . $message->from_id);
}
$title = "[" . __gettext("Message from ");
if ($message->from_id != -1) {
$title .= "<a href=\"" . $CFG->wwwroot . user_info("username", $message->from_id) . "/\">";
}
$title .= $from->name;
if ($message->from_id != -1) {
$title .= "</a>";
}
$title .= "] " . $message->title;
$body = "<p>" . nl2br(str_replace("\t", " ", activate_urls($message->body))) . "</p>";
$body = templates_draw(array('context' => 'databox1', 'name' => $title, 'column1' => $body));
return $body;
}
if ($filter == "judges") {
$email_subject .= "Judging at " . $_SESSION['contestName'];
} elseif ($filter == "stewards") {
$email_subject .= "Stewarding at " . $_SESSION['contestName'];
} else {
$email_subject .= $_SESSION['contestName'];
}
do {
$output_datatables_add_link = "";
$output_datatables_edit_link = "";
$output_datatables_delete_link = "";
$output_datatables_print_link = "";
$output_datatables_other_link = "";
$output_datatables_view_link = "";
$output_datatables_actions = "";
$user_info = user_info($row_brewer['uid']);
$user_info = explode("^", $user_info);
$table_assign_judge = table_assignments($user_info[0], "J", $_SESSION['prefsTimeZone'], $_SESSION['prefsDateFormat'], $_SESSION['prefsTimeFormat'], 1);
$table_assign_steward = table_assignments($user_info[0], "S", $_SESSION['prefsTimeZone'], $_SESSION['prefsDateFormat'], $_SESSION['prefsTimeFormat'], 1);
if ($filter == "judges") {
$locations = $row_brewer['brewerJudgeLocation'];
}
if ($filter == "stewards") {
$locations = $row_brewer['brewerStewardLocation'];
}
if ($_SESSION['brewerCountry'] == "United States") {
$us_phone = TRUE;
} else {
$us_phone = FALSE;
}
unset($brewer_assignment);
//This is a hybrid to reduce the catalogue down to the page elements: We use the page limit % catalogue
$Thread = array_slice($Catalogue,((TORRENT_COMMENTS_PER_PAGE*$Page-TORRENT_COMMENTS_PER_PAGE)%THREAD_CATALOGUE),TORRENT_COMMENTS_PER_PAGE,true);
?>
<div class="linkbox"><a name="comments"></a>
<?
$Pages=get_pages($Page,$Results,TORRENT_COMMENTS_PER_PAGE,9,'#comments');
echo $Pages;
?>
</div>
<?
//---------- Begin printing
foreach($Thread as $Key => $Post){
list($PostID, $AuthorID, $AddedTime, $Body, $EditedUserID, $EditedTime, $EditedUsername) = array_values($Post);
list($AuthorID, $Username, $PermissionID, $Artist, $Donor, $Warned, $Avatar, $Enabled, $UserTitle) = array_values(user_info($AuthorID));
?>
<table class="forum_post box vertical_margin" id="post<?php
echo $PostID;
?>
">
<tr class="colhead_dark">
<td colspan="2">
<span style="float:left;"><a href='#post<?php
echo $PostID;
?>
'>#<?php
echo $PostID;
?>
</a>
by <strong><?php
ecs_header("Location: ./\n");
exit;
}
/* 检查订单是否未付款,检查应付款金额是否大于0 */
if ($order['pay_status'] != PS_UNPAYED || $order['order_amount'] <= 0) {
$err->add($_LANG['error_order_is_paid']);
$err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id);
}
/* 计算应付款金额(减去支付费用) */
$order['order_amount'] -= $order['pay_fee'];
/* 余额是否超过了应付款金额,改为应付款金额 */
if ($surplus > $order['order_amount']) {
$surplus = $order['order_amount'];
}
/* 取得用户信息 */
$user = user_info($_SESSION['user_id']);
/* 用户帐户余额是否足够 */
if ($surplus > $user['user_money'] + $user['credit_line']) {
$err->add($_LANG['error_surplus_not_enough']);
$err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id);
}
/* 修改订单,重新计算支付费用 */
$order['surplus'] += $surplus;
$order['order_amount'] -= $surplus;
if ($order['order_amount'] > 0) {
$cod_fee = 0;
if ($order['shipping_id'] > 0) {
$regions = array($order['country'], $order['province'], $order['city'], $order['district']);
$shipping = shipping_area_info($order['shipping_id'], $regions);
if ($shipping['support_cod'] == '1') {
$cod_fee = $shipping['pay_fee'];
function file_folder_view($folder)
{
global $CFG;
/*
* View a specific folder
* (Access rights are presumed)
*/
// Find out who's the owner
global $page_owner;
$owner_username = user_info('username', $page_owner);
// If we're not in the parent folder, provide a link to return to the parent
/*
if ($folder->ident != -1) {
$folder->name = stripslashes($folder->name);
}
*/
$body = "<h2>" . $folder->name . "</h2>";
// Firstly, get a list of folders
// Display folders we actually have access to
if ($folder->idents = get_records_select('file_folders', "parent = {$folder->ident} AND (" . run("users:access_level_sql_where") . ") and files_owner = {$page_owner}")) {
$subFolders = __gettext("Subfolders");
// gettext variable
$body .= <<<END
<h3>
{$subFolders}
</h3>
END;
foreach ($folder->idents as $folder->ident_details) {
if (run("users:access_level_check", $folder->ident_details->access) == true) {
$username = $owner_username;
$ident = (int) $folder->ident_details->ident;
$name = get_access_description($folder->ident_details->access);
$name .= stripslashes($folder->ident_details->name);
$folder->identmenu = file_folder_edit_links($folder->ident_details);
$keywords = display_output_field(array("", "keywords", "folder", "folder", $ident, $folder->ident_details->owner));
if ($keywords) {
$keywords = __gettext("Keywords: ") . $keywords;
}
$body .= templates_draw(array('context' => 'folder', 'username' => $username, 'url' => $CFG->wwwroot . "{$username}/files/{$ident}", 'ident' => $ident, 'name' => $name, 'menu' => $folder->identmenu, 'icon' => $CFG->wwwroot . "mod/file/folder.png", 'keywords' => $keywords));
}
}
}
// Then get a list of files
// View files we actually have access to
if ($files = get_records_select('files', "folder = ? AND files_owner = ?", array($folder->ident, $page_owner))) {
foreach ($files as $file) {
if (run("users:access_level_check", $file->access) == true || $file->owner == $_SESSION['userid']) {
$username = $owner_username;
$ident = (int) $file->ident;
$folder->ident = $file->folder;
$title = get_access_description($file->access);
$title .= stripslashes($file->title);
$description = nl2br(stripslashes($file->description));
$filetitle = urlencode($title);
$originalname = stripslashes($file->originalname);
$filemenu = round($file->size / 1048576, 4) . "MB ";
$icon = $CFG->wwwroot . "_icon/file/" . $file->ident;
$filepath = $CFG->wwwroot . "{$username}/files/{$folder->ident}/{$ident}/" . urlencode($originalname);
$mimetype = mimeinfo('type', $file->originalname);
if ($mimetype == "audio/mpeg" || $mimetype == "audio/mp3") {
$filemenu .= " <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\"\n codebase=\"http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0\"\n width=\"17\" height=\"17\" >\n <param name=\"allowScriptAccess\" value=\"sameDomain\" />\n <param name=\"movie\" value=\"" . $CFG->wwwroot . "mod/file/mp3player/musicplayer.swf?song_url={$filepath}&song_title={$filetitle}\" />\n <param name=\"quality\" value=\"high\" />\n <embed src=\"" . $CFG->wwwroot . "mod/file/mp3player/musicplayer.swf?song_url={$filepath}&song_title={$filetitle}\"\n quality=\"high\" bgcolor=\"#E6E6E6\" name=\"xspf_player\" allowscriptaccess=\"sameDomain\"\n type=\"application/x-shockwave-flash\"\n pluginspage=\"http://www.macromedia.com/go/getflashplayer\"\n align=\"center\" height=\"17\" width=\"17\" />\n </object>";
}
$filemenu = file_edit_links($file);
$keywords = display_output_field(array("", "keywords", "file", "file", $ident, $file->owner));
if ($keywords) {
$keywords = __gettext("Keywords: ") . $keywords;
}
$body .= templates_draw(array('context' => 'file', 'username' => $username, 'title' => $title, 'ident' => $ident, 'folder' => $folder->ident, 'description' => $description, 'originalname' => $originalname, 'url' => $filepath, 'menu' => $filemenu, 'icon' => $icon, 'keywords' => $keywords));
$body .= display_run_displayobjectannotations($file, "file::file");
}
}
}
// Deliver an apologetic message if there aren't any files or folders
if (empty($files) && empty($folder->idents)) {
$body .= "<p>" . __gettext("This folder is currently empty.") . "</p>";
}
return $body;
}
$_POST['inv_payee'] = isset($_POST['inv_payee']) ? htmlspecialchars($_POST['inv_payee']) : '';
$_POST['inv_content'] = isset($_POST['inv_content']) ? htmlspecialchars($_POST['inv_content']) : '';
$_POST['postscript'] = isset($_POST['postscript']) ? htmlspecialchars($_POST['postscript']) : '';
$order = array('shipping_id' => intval($_POST['shipping']), 'pay_id' => isset($_POST['payment']) ? intval($_POST['payment']) : '0', 'pack_id' => isset($_POST['pack']) ? intval($_POST['pack']) : 0, 'card_id' => isset($_POST['card']) ? intval($_POST['card']) : 0, 'card_message' => trim($_POST['card_message']), 'surplus' => isset($_POST['surplus']) ? floatval($_POST['surplus']) : 0.0, 'integral' => isset($_POST['integral']) ? intval($_POST['integral']) : 0, 'bonus_id' => isset($_POST['bonus']) ? intval($_POST['bonus']) : 0, 'need_inv' => empty($_POST['need_inv']) ? 0 : 1, 'inv_type' => $_POST['inv_type'], 'inv_payee' => trim($_POST['inv_payee']), 'inv_content' => $_POST['inv_content'], 'postscript' => trim($_POST['postscript']), 'how_oos' => isset($_LANG['oos'][$_POST['how_oos']]) ? addslashes($_LANG['oos'][$_POST['how_oos']]) : '', 'need_insure' => isset($_POST['need_insure']) ? intval($_POST['need_insure']) : 0, 'user_id' => $_SESSION['user_id'], 'add_time' => gmtime(), 'order_status' => OS_UNCONFIRMED, 'shipping_status' => SS_UNSHIPPED, 'pay_status' => PS_UNPAYED, 'agency_id' => get_agency_by_regions(array($consignee['country'], $consignee['province'], $consignee['city'], $consignee['district'])));
/* 扩展信息 */
if (isset($_SESSION['flow_type']) && intval($_SESSION['flow_type']) != CART_GENERAL_GOODS) {
$order['extension_code'] = $_SESSION['extension_code'];
$order['extension_id'] = $_SESSION['extension_id'];
} else {
$order['extension_code'] = '';
$order['extension_id'] = 0;
}
/* 检查积分余额是否合法 */
$user_id = $_SESSION['user_id'];
if ($user_id > 0) {
$user_info = user_info($user_id);
$order['surplus'] = min($order['surplus'], $user_info['user_money'] + $user_info['credit_line']);
if ($order['surplus'] < 0) {
$order['surplus'] = 0;
}
// 查询用户有多少积分
$flow_points = flow_available_points();
// 该订单允许使用的积分
$user_points = $user_info['pay_points'];
// 用户的积分总数
$order['integral'] = min($order['integral'], $user_points, $flow_points);
if ($order['integral'] < 0) {
$order['integral'] = 0;
}
} else {
$order['surplus'] = 0;
$_REQUEST['refund_note'] = isset($_REQUEST['refund_note']) ? $_REQUEST['refund'] : '';
/* 标记订单为“退货”、“未付款”、“未发货” */
$arr = array('order_status' => OS_RETURNED, 'pay_status' => PS_UNPAYED, 'shipping_status' => SS_UNSHIPPED, 'money_paid' => 0, 'invoice_no' => '', 'order_amount' => $order['money_paid']);
update_order($order_id, $arr);
/* todo 处理退款 */
if ($order['pay_status'] != PS_UNPAYED) {
$refund_type = $_REQUEST['refund'];
$refund_note = $_REQUEST['refund'];
order_refund($order, $refund_type, $refund_note);
}
/* 记录log */
order_action($order['order_sn'], OS_RETURNED, SS_UNSHIPPED, PS_UNPAYED, $action_note);
/* 如果订单用户不为空,计算积分,并退回 */
if ($order['user_id'] > 0) {
/* 取得用户信息 */
$user = user_info($order['user_id']);
$sql = "SELECT goods_number, send_number FROM" . $GLOBALS['ecs']->table('order_goods') . "\n WHERE order_id = '" . $order['order_id'] . "'";
$goods_num = $db->query($sql);
$goods_num = $db->fetchRow($goods_num);
if ($goods_num['goods_number'] == $goods_num['send_number']) {
/* 计算并退回积分 */
$integral = integral_to_give($order);
log_account_change($order['user_id'], 0, 0, -1 * intval($integral['rank_points']), -1 * intval($integral['custom_points']), sprintf($_LANG['return_order_gift_integral'], $order['order_sn']));
}
/* todo 计算并退回红包 */
return_order_bonus($order_id);
}
/* 如果使用库存,则增加库存(不论何时减库存都需要) */
if ($_CFG['use_storage'] == '1') {
if ($_CFG['stock_dec_time'] == SDT_SHIP) {
change_order_goods_storage($order['order_id'], false, SDT_SHIP);
<?php
require_once 'inc/lib.php';
session_start();
if (!($user = user_info($_SESSION['user']))) {
exit;
}
switch ($_POST['req']) {
case 'dir':
// Initial vars
$dirs = array();
$files = array();
// Get directory contents
$h = opendir($user['home'] . $_POST['dir']);
while (false !== ($f = readdir($h))) {
if ($f != '.' && $f != '..') {
if (is_dir($user['home'] . $_POST['dir'] . '/' . $f)) {
$dirs[] = $f;
} elseif (is_file($user['home'] . $_POST['dir'] . '/' . $f)) {
$files[] = $f;
}
}
}
closedir($h);
unset($f);
// Sort data
sort($dirs);
sort($files);
// Get file sizes
$sizes = array();
foreach ($files as $f) {
function action_act_edit_surplus()
{
$user = $GLOBALS['user'];
$_CFG = $GLOBALS['_CFG'];
$_LANG = $GLOBALS['_LANG'];
$smarty = $GLOBALS['smarty'];
$db = $GLOBALS['db'];
$ecs = $GLOBALS['ecs'];
$user_id = $_SESSION['user_id'];
/* 检查是否登录 */
if ($_SESSION['user_id'] <= 0) {
ecs_header("Location: ./\n");
exit;
}
/* 检查订单号 */
$order_id = intval($_POST['order_id']);
if ($order_id <= 0) {
ecs_header("Location: ./\n");
exit;
}
/* 检查余额 */
$surplus = floatval($_POST['surplus']);
if ($surplus <= 0) {
$err->add($_LANG['error_surplus_invalid']);
$err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id);
}
include_once ROOT_PATH . 'includes/lib_order.php';
/* 取得订单 */
$order = order_info($order_id);
if (empty($order)) {
ecs_header("Location: ./\n");
exit;
}
/* 检查订单用户跟当前用户是否一致 */
if ($_SESSION['user_id'] != $order['user_id']) {
ecs_header("Location: ./\n");
exit;
}
/* 检查订单是否未付款,检查应付款金额是否大于0 */
if ($order['pay_status'] != PS_UNPAYED || $order['order_amount'] <= 0) {
$err->add($_LANG['error_order_is_paid']);
$err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id);
}
/* 计算应付款金额(减去支付费用) */
$order['order_amount'] -= $order['pay_fee'];
/* 余额是否超过了应付款金额,改为应付款金额 */
if ($surplus > $order['order_amount']) {
$surplus = $order['order_amount'];
}
/* 取得用户信息 */
$user = user_info($_SESSION['user_id']);
/* 用户帐户余额是否足够 */
if ($surplus > $user['user_money'] + $user['credit_line']) {
$err->add($_LANG['error_surplus_not_enough']);
$err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id);
}
/* 修改订单,重新计算支付费用 */
$order['surplus'] += $surplus;
$order['order_amount'] -= $surplus;
if ($order['order_amount'] > 0) {
$cod_fee = 0;
if ($order['shipping_id'] > 0) {
$regions = array($order['country'], $order['province'], $order['city'], $order['district']);
$shipping = shipping_area_info($order['shipping_id'], $regions);
if ($shipping['support_cod'] == '1') {
$cod_fee = $shipping['pay_fee'];
}
}
$pay_fee = 0;
if ($order['pay_id'] > 0) {
$pay_fee = pay_fee($order['pay_id'], $order['order_amount'], $cod_fee);
}
$order['pay_fee'] = $pay_fee;
$order['order_amount'] += $pay_fee;
}
/* 如果全部支付,设为已确认、已付款 */
if ($order['order_amount'] == 0) {
if ($order['order_status'] == OS_UNCONFIRMED) {
$order['order_status'] = OS_CONFIRMED;
$order['confirm_time'] = gmtime();
}
$order['pay_status'] = PS_PAYED;
$order['pay_time'] = gmtime();
}
$order = addslashes_deep($order);
update_order($order_id, $order);
/* 更新用户余额 */
$change_desc = sprintf($_LANG['pay_order_by_surplus'], $order['order_sn']);
log_account_change($user['user_id'], -1 * $surplus, 0, 0, 0, $change_desc);
/* 跳转 */
ecs_header('Location: user.php?act=order_detail&order_id=' . $order_id . "\n");
exit;
}
/* 取得拍卖活动信息 */
$auction = auction_info($id);
if (empty($auction)) {
ecs_header("Location: ./\n");
exit;
}
/* 活动是否正在进行 */
if ($auction['status_no'] != UNDER_WAY) {
show_message($_LANG['au_not_under_way'], '', '', 'error');
}
/* 是否登录 */
$user_id = $_SESSION['user_id'];
if ($user_id <= 0) {
show_message($_LANG['au_bid_after_login']);
}
$user = user_info($user_id);
/* 取得出价 */
$bid_price = isset($_POST['price']) ? round(floatval($_POST['price']), 2) : 0;
if ($bid_price <= 0) {
show_message($_LANG['au_bid_price_error'], '', '', 'error');
}
/* 如果有一口价且出价大于等于一口价,则按一口价算 */
$is_ok = false;
// 出价是否ok
if ($auction['end_price'] > 0) {
if ($bid_price >= $auction['end_price']) {
$bid_price = $auction['end_price'];
$is_ok = true;
}
}
/* 出价是否有效:区分第一次和非第一次 */
<?php
require_once 'inc/lib.php';
session_start();
if (empty($_SESSION['user']) || !($user = user_info($_SESSION['user']))) {
// Not logged in, redirect to login page
header('Location: .');
exit('Not Authorized');
}
if (empty($_REQUEST['file'])) {
// Not file specified, return to file list
header('Location: files.php');
exit('No file specified');
}
// Prevent a simple directory security issue
if (strpos($_REQUEST['file'], '..') !== false) {
exit('Invalid file path.');
}
// Save file if edited
if (isset($_POST['text']) && !empty($_POST['file'])) {
$file = $user['home'] . $_POST['file'];
$text = $_POST['text'];
if (get_magic_quotes_gpc()) {
$text = stripslashes($text);
}
$saved = file_put_contents($file, $text);
}
// Determine current directory
$dir = rtrim($_REQUEST['file'], basename($_REQUEST['file']));
$dir = rtrim($dir, '/');
?>
<td BGCOLOR="#FFFFFF"><img SRC="https://www.benfund.com/clear.gif" height=2 width=20></td>
</tr>
<tr>
<td BGCOLOR="#33CCFF"><font color="#000099" face="Arial,Helvetica"><a href="../logout.php">Log
Out </a></font></td>
</tr>
</table></center>
<p><img SRC="https://www.benfund.com/clear.gif" height=46 width=20> <br>
<b></b></p>
<p> <br>
</p></td>
<td valign="top" WIDTH="640"><!-- InstanceBeginEditable name="EditRegion3" -->
<?php
user_info($id, $pw);
$group = $row['g_name'];
$cause = $row['cause'];
?>
<p align="center">You can download a flyer in the form of a PDF from this
page. It contains all the necessary information for anyone who reads it
to make a donation. You need Adobe Reader to view the flyers and print
them.If you do not have adobe reader get it here.</p>
<p align="center"><a href="http://adobe.com/products/acrobat/readstep2.html"><img src="images/get_adobe_reader.gif" width="88" height="31" border="0"></a></p>
<p align="center">If you have Adobe Reader and wish to generate flyers click
the button below.</p>
<form name="form1" method="post" action="pdf_create.php">
<div align="center">
<input name="id" type="hidden" id="id" value="<?php
echo $id;
?>
