/** * 权限控制,默认为查看 view */ public function _initialize() { parent::_initialize(); //权限判断 if (user_info('roleid') != 1 && strpos(ACTION_NAME, 'public_') === false) { $category_priv_db = M('category_priv'); $tmp = explode('_', ACTION_NAME, 1); $action = strtolower($tmp[0]); unset($tmp); $auth = dict('auth', 'Category'); //权限列表 if (!in_array($action, array_keys($auth))) { $action = 'view'; } $catid = I('get.catid', 0, 'intval'); $roleid = user_info('roleid'); $info = $category_priv_db->where(array('catid' => $catid, 'roleid' => $roleid, 'action' => $action))->count(); if (!$info) { //兼容iframe加载 if (IS_GET && strpos(ACTION_NAME, '_iframe') !== false) { exit('<style type="text/css">body{margin:0;padding:0}</style><div style="padding:6px;font-size:12px">您没有权限操作该项</div>'); } //普通返回 if (IS_AJAX && IS_GET) { exit('<div style="padding:6px">您没有权限操作该项</div>'); } else { $this->error('您没有权限操作该项'); } } } }
function friend_pagesetup() { // register links -- global $profile_id; global $PAGE; global $CFG; global $metatags; require_once dirname(__FILE__) . "/default_template.php"; require_once dirname(__FILE__) . "/lib/friends_config.php"; $metatags .= "<link rel=\"stylesheet\" href=\"" . $CFG->wwwroot . "mod/friend/css.css\" type=\"text/css\" media=\"screen\" />"; $page_owner = $profile_id; if (isloggedin()) { if (defined("context") && context == "network" && $page_owner == $_SESSION['userid']) { $PAGE->menu[] = array('name' => 'friends', 'html' => "<li><a href=\"{$CFG->wwwroot}{$_SESSION['username']}/friends/\" class=\"selected\" >" . __gettext("Contacts") . '</a></li>'); } else { $PAGE->menu[] = array('name' => 'friends', 'html' => "<li><a href=\"{$CFG->wwwroot}{$_SESSION['username']}/friends/\" >" . __gettext("Contacts") . '</a></li>'); } } if (defined("context") && context == "network") { if (user_type($page_owner) == "person" || user_type($page_owner) == "external") { $friends_username = user_info('username', $page_owner); $PAGE->menu_sub[] = array('name' => 'friend', 'html' => a_href("{$CFG->wwwroot}{$friends_username}/friends/", __gettext("My friends"))); /*$PAGE->menu_sub[] = array( 'name' => 'friend:of', 'html' => a_href( "{$CFG->wwwroot}{$friends_username}/friendsof/", __gettext("Friend of")));*/ if (isloggedin() && $page_owner == $_SESSION['userid']) { $PAGE->menu_sub[] = array('name' => 'friend:requests', 'html' => a_href("{$CFG->wwwroot}{$friends_username}/friends/requests", __gettext("Friendship requests"))); } if (FRIENDS_FOAF) { $PAGE->menu_sub[] = array('name' => 'friend:foaf', 'html' => a_href("{$CFG->wwwroot}{$friends_username}/foaf/", __gettext("FOAF"))); } } } }
function messages_pagesetup() { // register links -- global $profile_id, $PAGE, $CFG, $metatags, $function, $USER; $pgowner = $profile_id; require_once $CFG->dirroot . "mod/messages/lib/messages_config.php"; require_once $CFG->dirroot . "mod/messages/default_template.php"; if (isloggedin() && user_info("user_type", $_SESSION['userid']) != "external") { // Add the JavaScript functions // Lose the trailing slash $url = substr($CFG->wwwroot, 0, -1); $metatags .= "<script language=\"javascript\" type=\"text/javascript\" src=\"{$url}/mod/messages/messages.js\"></script>"; $metatags .= "<link rel=\"stylesheet\" href=\"" . $CFG->wwwroot . "mod/messages/css.css\" type=\"text/css\" media=\"screen\" />"; $messages = count_records_select('messages', 'to_id=' . $USER->ident . " AND status='unread'"); if (defined("context") && context == "messages" && $pgowner == $_SESSION['userid']) { $PAGE->menu[] = array('name' => 'messages', 'html' => '<li><a href="' . $CFG->wwwroot . $_SESSION['username'] . '/messages/" class="selected">' . __gettext("Messages") . " ({$messages})" . '</a></li>'); } else { $PAGE->menu[] = array('name' => 'messages', 'html' => '<li><a href="' . $CFG->wwwroot . $_SESSION['username'] . '/messages/">' . __gettext("Messages") . " ({$messages})" . '</a></li>'); } if (profile_permissions_check("profile") && defined("context") && context == "messages") { if (user_type($pgowner) == "person") { $PAGE->menu_sub[] = array('name' => 'messages:list', 'html' => '<a href="' . $CFG->wwwroot . $_SESSION['username'] . '/messages/">' . __gettext("View Messages") . '</a>'); $PAGE->menu_sub[] = array('name' => 'messages:compose', 'html' => '<a href="' . $CFG->wwwroot . $_SESSION['username'] . '/messages/compose">' . __gettext("Compose") . '</a>'); $PAGE->menu_sub[] = array('name' => 'messages:sent', 'html' => '<a href="' . $CFG->wwwroot . $_SESSION['username'] . '/messages/sent">' . __gettext("Sent Messages") . '</a>'); } } } }
function newsclient_pagesetup() { // register links -- global $profile_id; global $PAGE; global $CFG; $page_owner = $profile_id; $rss_username = user_info('username', $page_owner); if (isloggedin()) { /*if (defined("context") && context == "resources" && $page_owner == $_SESSION['userid']) { $PAGE->menu[] = array( 'name' => 'feeds', 'html' => "<li><a href=\"{$CFG->wwwroot}{$_SESSION['username']}/feeds/\" class=\"selected\" >" .__gettext("Your Resources").'</a></li>'); } else { $PAGE->menu[] = array( 'name' => 'feeds', 'html' => "<li><a href=\"{$CFG->wwwroot}{$_SESSION['username']}/feeds/\" >" .__gettext("Your Resources").'</a></li>'); }*/ } if (defined("context") && context == "resources") { if ($page_owner != -1) { $PAGE->menu_sub[] = array('name' => 'newsfeed:subscription', 'html' => a_href($CFG->wwwroot . $rss_username . "/feeds/", __gettext("Feeds"))); if (permissions_check("profile", $page_owner) && isloggedin()) { $PAGE->menu_sub[] = array('name' => 'newsfeed:subscription:publish:blog', 'html' => a_href($CFG->wwwroot . "_rss/blog.php?profile_name=" . user_info("username", $page_owner), __gettext("Publish to blog"))); } $PAGE->menu_sub[] = array('name' => 'newsclient', 'html' => a_href($CFG->wwwroot . $rss_username . "/feeds/all/", __gettext("View aggregator"))); } $PAGE->menu_sub[] = array('name' => 'feed', 'html' => a_href($CFG->wwwroot . "_rss/popular.php", __gettext("Popular Feeds"))); /* $PAGE->menu_sub[] = array( 'name' => 'feed', 'html' => a_href( $CFG->wwwroot."help/feeds_help.php", "Page help")); */ } }
function GZ_user_info($user_id) { global $db, $ecs; $user_info = user_info($user_id); $collection_num = $db->getOne("SELECT COUNT(*) FROM " . $ecs->table('collect_goods') . " WHERE user_id='{$user_id}' ORDER BY add_time DESC"); $await_pay = $db->getOne("SELECT COUNT(*) FROM " . $ecs->table('order_info') . " WHERE user_id = '{$user_id}'" . GZ_order_query_sql('await_pay')); $await_ship = $db->getOne("SELECT COUNT(*) FROM " . $ecs->table('order_info') . " WHERE user_id = '{$user_id}'" . GZ_order_query_sql('await_ship')); $shipped = $db->getOne("SELECT COUNT(*) FROM " . $ecs->table('order_info') . " WHERE user_id = '{$user_id}'" . GZ_order_query_sql('shipped')); $finished = $db->getOne("SELECT COUNT(*) FROM " . $ecs->table('order_info') . " WHERE user_id = '{$user_id}'" . GZ_order_query_sql('finished')); // include_once(ROOT_PATH .'includes/lib_clips.php'); // $rank = get_rank_info(); // print_r($rank);exit; /* 取得用户等级 */ if ($user_info['user_rank'] == 0) { // 非特殊等级,根据等级积分计算用户等级(注意:不包括特殊等级) $sql = 'SELECT rank_id, rank_name FROM ' . $GLOBALS['ecs']->table('user_rank') . " WHERE special_rank = '0' AND min_points <= " . intval($user_info['rank_points']) . ' AND max_points > ' . intval($user_info['rank_points']); } else { // 特殊等级 $sql = 'SELECT rank_id, rank_name FROM ' . $GLOBALS['ecs']->table('user_rank') . " WHERE rank_id = '{$user_info['user_rank']}'"; } if ($row = $GLOBALS['db']->getRow($sql)) { $user_info['user_rank_name'] = $row['rank_name']; } else { $user_info['user_rank_name'] = '非特殊等级'; } $sql = 'SELECT * FROM ' . $GLOBALS['ecs']->table('user_rank') . " WHERE special_rank = '0' AND min_points = '0'"; $row = $GLOBALS['db']->getRow($sql); if ($user_info['user_rank_name'] == $row['rank_name']) { $level = 0; } else { $level = 1; } return array('id' => $user_info['user_id'], 'name' => $user_info['user_name'], 'rank_name' => $user_info['user_rank_name'], 'rank_level' => $level, 'collection_num' => $collection_num, 'email' => $user_info['email'], "order_num" => array('await_pay' => $await_pay, 'await_ship' => $await_ship, 'shipped' => $shipped, 'finished' => $finished)); }
/** * 获取工具栏按钮 * @param $id * @return array */ public function getToolBar($id) { $roleid = user_info('roleid'); $result = $this->where(array('parentid' => $id, 'display' => 1, 'toolbar' => 1))->order('listorder ASC')->limit(1000)->select(); //菜单图标 foreach ($result as &$info) { $info['icon'] = menu_icon($info['level'], $info['icon']); } //权限检查 if ($roleid == 1) { return $result ? $result : array(); } $admin_role_priv_db = M('admin_role_priv'); $array = array(); foreach ($result as $v) { $action = $v['a']; if (preg_match('/^public_/', $action)) { $array[] = $v; } else { if (preg_match('/^ajax_(\\w+)_/', $action, $_match)) { $action = $_match[1]; } $r = $admin_role_priv_db->where(array('c' => $v['c'], 'a' => $action, 'roleid' => $roleid))->find(); if ($r) { $array[] = $v; } } } return $array; }
function user_link($id = false, $blank = false) { $data = user_info($id); if (!$data) { return '<span class="user_link">Гость</span>'; } return '<span class="user_link"><img src="' . URL . '/tpl/img/icons/user.png" alt="" style="vertical-align:middle;"/> <a href="' . URL . '/user/' . $id . '/"' . ($blank ? ' target="_blank"' : '') . '>' . $data['name'] . '</a></span>'; }
function init() { # Okay, init user session with it's login & password $login = @$_COOKIE['login']; $passw = @$_COOKIE['passw']; $uid = user_password($login, $passw, true); if (!$uid) { return $this->error('LOGIN_ERROR', 'Invalid login or password'); } $uinfo = user_info($uid); $this->make_sid($uid); # Generate SID echo '<user>'; echo '<sid>' . $this->sid . '</sid>'; echo '<lk>' . $this->lk . '</lk>'; echo '<uid>' . $uid . '</uid>'; echo '<name>' . htmlspecialchars($uinfo['name']) . '</name>'; echo '<seed>' . mt_rand() . '</seed>'; echo '</user>' . "\n"; # Version info if (@$_COOKIE['v'] && @$_COOKIE['os']) { $ver = explode('.', $_COOKIE['v']); $ver = sprintf('%02d%02d%02d', @$ver[0], @$ver[1], @$ver[2]); $ver = intval($ver); $os = preg_replace('/[^a-z0-9]/', '', strtolower($_COOKIE['os'])); # Check version $lastv = ldb_select('client_version', array('ver', 'veri', 'tms_publish'), '`veri`>' . $ver . ' AND `os_' . $os . '`=\'Y\' AND `published`=\'Y\' ORDER BY `veri` DESC LIMIT 1'); $lastv = @$lastv[0]; if ($lastv) { echo '<newversion ver="' . $lastv['ver'] . '" tms_publish="' . $lastv['tms_publish'] . '"/>' . "\n"; } } include_once CORE_PATH . '/ttl.php'; echo '<ttl default="' . $GLOBALS['ttl_def'] . '">' . "\n"; foreach ($GLOBALS['ttl'] as $k => $v) { echo '<rec name="' . htmlspecialchars($v) . '" value="' . $k . '"' . ($k == $GLOBALS['ttl'] ? ' default="default"' : '') . '/>' . "\n"; } echo '</ttl>' . "\n"; # Get file list... $u_list = ldb_select('upload', '*', '`uid`=' . $uid . ' ORDER BY `tms_upload` ASC'); echo '<uploads>' . "\n"; for ($x = 0; $x < count($u_list); $x++) { echo '<upload id="' . $u_list[$x]['id'] . '" code="' . $u_list[$x]['code'] . '" ph="' . $u_list[$x]['ph'] . '" comment="' . htmlspecialchars($u_list[$x]['comment']) . '" tms_upload="' . $u_list[$x]['tms_upload'] . '" tms_last="' . $u_list[$x]['tms_last'] . '" ttl="' . $u_list[$x]['ttl'] . '" tms_delete="' . $u_list[$x]['tms_delete'] . '" prolong="' . ($u_list[$x]['prolong'] == 'Y' ? 1 : 0) . '">'; echo '<files>'; $f_list = ldb_select('file', '*', '`upid`=' . $u_list[$x]['id'] . ' ORDER BY `tms_add` ASC'); for ($f = 0; $f < count($f_list); $f++) { echo '<file id="' . $f_list[$f]['id'] . '" n="' . $f_list[$f]['upn'] . '" dh="' . $f_list[$f]['dh'] . '" name="' . htmlspecialchars($f_list[$f]['file_name']) . '" size="' . $f_list[$f]['file_size'] . '" tms_add="' . $f_list[$f]['tms_add'] . '"/>'; } echo '</files>'; echo '</upload>'; } echo '</uploads>' . "\n"; # Save data return; }
/** * Weblog class constructor * * <p>Will set all weblog properties, if the provided weblog id exist * (which effectively will be a user id, regardless if one is dealing * with a person or a community - for Elgg both are users).</p> * * @param int $user_id The user id. * @param int $blog_id The weblog id. */ function Weblog($user_id, $blog_id) { $this->community = false; // dealing with community or not // username/id conversions if (is_numeric($user_id)) { $this->user_id = $user_id; } elseif (is_string($user_id)) { $this->user_id = user_info_username('ident', $user_id); } if (is_numeric($blog_id)) { $this->ident = $blog_id; } elseif (is_string($blog_id)) { $this->ident = user_info_username('ident', $blog_id); } // Are we dealing with a person or a community? if (user_type($this->ident) == "person") { if ($result = get_record('users', 'ident', $this->user_id)) { $this->user_name = $result->name; $this->user_username = $result->username; } $posts = get_records_select('weblog_posts', "owner = ? AND weblog = ?", array($this->user_id, $this->user_id), 'posted DESC'); $this->blog_name = $this->user_name; $this->blog_username = $this->user_username; $this->owner = $this->user_id; } else { // It's a community $this->community = true; // Get the owner $this->owner = user_info('owner', $this->ident); // Inject an SQL restriction if the user is not owner $sql_insert = ""; if ($this->owner != $this->user_id) { $sql_insert = " and owner = {$this->user_id} "; } if ($result = get_record('users', 'ident', $this->ident)) { $this->blog_name = $result->name; $this->blog_username = $result->username; } $posts = get_records_select('weblog_posts', "weblog = {$this->ident} {$sql_insert}", null, 'posted DESC'); $user = run('users:instance', array('user_id' => $this->user_id)); $this->user_name = $user->getName(); $this->user_username = $user->getUserName(); } $this->posts = array(); if (is_array($posts) && sizeof($posts) > 0) { foreach ($posts as $post) { $this->posts[] = $post->ident; } } else { } }
/** * 登录验证 */ public function login($username, $password) { $times_db = M('times'); //查询帐号 $info = $this->where(array('username' => $username, 'status' => 1))->find(); if (!$info) { $this->error = '用户不存在!'; return false; } //密码错误剩余重试次数 $rtime = $times_db->where(array('username' => $username, 'type' => '0'))->find(); if ($rtime['times'] >= C('MAX_LOGIN_TIMES')) { $minute = C('LOGIN_WAIT_TIME') - floor((time() - $rtime['time']) / 60); if ($minute > 0) { $this->error = "密码重试次数太多,请过{$minute}分钟后重新登录!"; return false; } else { $times_db->where(array('username' => $username, 'type' => '0'))->delete(); } } $password = md5(md5($password) . $info['encrypt']); $ip = get_client_ip(0, true); if ($info['password'] != $password) { if ($rtime && $rtime['times'] < C('MAX_LOGIN_TIMES')) { $times = C('MAX_LOGIN_TIMES') - intval($rtime['times']); $times_db->where(array('username' => $username, 'type' => '0'))->save(array('ip' => $ip)); $times_db->where(array('username' => $username, 'type' => '0'))->setInc('times'); } else { $times_db->where(array('username' => $username, 'type' => '0'))->delete(); $times_db->add(array('username' => $username, 'ip' => $ip, 'type' => '0', 'time' => time(), 'times' => 1)); $times = C('MAX_LOGIN_TIMES'); } $this->error = "密码错误,您还有{$times}次尝试机会!"; return false; } $times_db->where(array('username' => $username, 'type' => '0'))->delete(); $this->where(array('userid' => $info['userid']))->save(array('lastloginip' => $ip, 'lastlogintime' => time())); //登录日志 $admin_log_db = M('admin_log'); $admin_log_db->add(array('userid' => $info['userid'], 'username' => $username, 'httpuseragent' => $_SERVER['HTTP_USER_AGENT'], 'ip' => $ip, 'time' => date('Y-m-d H:i:s'), 'type' => 'login', 'sessionid' => session_id())); $admin_role_db = D('AdminRole'); $roleInfo = $admin_role_db->field(array('rolename', 'roleid'))->where(array('roleid' => $info['roleid'], 'status' => 1))->find(); if (!$roleInfo) { $this->error = '用户已被冻结!'; return false; } $info['rolename'] = $roleInfo['rolename']; user_info('', $info); //登录信息更新 S('USER_LOGIN_INFO_' . $info['userid'], array('sessid' => session_id(), 'time' => date('Y-m-d H:i:s'), 'useragent' => $_SERVER['HTTP_USER_AGENT'], 'ip' => $ip, 'identity' => cookie('identity'))); return true; }
function template_pagesetup() { // register links -- global $profile_id; global $PAGE; global $CFG; $page_owner = $profile_id; if (defined("context") && context == "account" && !$CFG->disable_templatechanging && user_info("user_type", $_SESSION['userid']) != "external") { if ($page_owner == $_SESSION['userid'] && $page_owner != -1) { $PAGE->menu_sub[] = array('name' => 'template:change', 'html' => a_href("{$CFG->wwwroot}mod/template/", __gettext("Change theme"))); } } $CFG->templates->variables_substitute['templatesroot'][] = "templates_root"; }
function a_home_pagesetup() { // register links -- global $profile_id; global $PAGE; global $CFG; $page_owner = $profile_id; $rss_username = user_info('username', $page_owner); define("home", $context); if (isloggedin()) { if (defined("context") && context == "home" && $page_owner == $_SESSION['userid']) { $PAGE->menu[] = array('name' => 'home', 'html' => "<li><a href=\"{$CFG->wwwroot}/ \" class=\"selected\" >" . __gettext("Home") . '</a></li>'); } else { $PAGE->menu[] = array('name' => 'home', 'html' => "<li><a href=\"{$CFG->wwwroot} \" >" . __gettext("Home") . '</a></li>'); } } }
function display_wad_table($limit = 0) { echo "\n<table>\n\t<tr>\n\t\t<th></th>\n\t\t<th>File</th>\n\t\t<th>Size</th>\n\t\t<th>Uploaded by</th>\n\t\t<th>Date and time</th>\n\t\t<th>MD5</th>\n\t</tr>\n"; $db = getsql(); $limitstring = ''; if ($limit > 0) { $limitstring = " LIMIT {$limit}"; } $q = $db->query("SELECT * FROM `wads` ORDER BY `time` DESC {$limitstring}"); if ($q->num_rows < 1) { echo "\n<div id='serversbox'>\n\t<div style='width: 100%; text-align: center'>\n\t\tThere are no WADs uploaded yet.\n\t\t"; if (is_authed()) { echo "\n\t\t<br />\n\t\tFeel free to upload one from the main WADs page.\n\t\t"; } echo "\n\t</div>\n</div>\n\t\t\t\t\t"; } elseif ($q->num_rows > 0) { while ($o = $q->fetch_object()) { $id = $o->id; $size = human_filesize(filesize(disciple_json()->serverdata . '/wads/' . $o->filename)); $filename = $o->filename; $uploader = $o->uploader; $uploader_name = user_info($uploader)->username; $time = date('Y-m-d \\a\\t H:i:s', $o->time); echo "\n<tr id='wadrow-{$id}'>\n\t<td>\n"; if (is_authed()) { if (user_info()->userlevel >= UL_ADMINISTRATOR || $uploader == $_SESSION['id']) { echo "<a href='javascript:deleteWad({$id});' title='Delete'><i class='material-icons'>delete</i></a>"; } if (user_info()->userlevel >= UL_ADMINISTRATOR) { if ($db->query("SELECT * FROM `wadbans` WHERE `md5`='" . $o->md5 . "'")->num_rows == 0) { echo "<a href='javascript:banWad({$id});' title='Ban'><i class='material-icons'>not_interested</i></a>"; } else { echo "<a href='javascript:unbanWad({$id});' title='Unban'><i class='material-icons'>done</i></a>"; } } } echo "\n</td>\n<td><a href='/wads/{$filename}'>{$filename}</a></td>\n<td>{$size}</td>\n<td>{$uploader_name}</td>\n<td>{$time}</td>\n<td id='wadmd5-{$id}'><a href='javascript:wadMd5({$id});'>Show</a></td>\n</tr>\n"; } echo "</table>"; } }
function view() { global $data; global $page_owner; global $CFG; /*$run_result = ''; $usertype = user_type($page_owner); $icon = user_info('icon',$page_owner); $username = user_info('username',$page_owner); $icon_url = $CFG->wwwroot.'_icon/user/'.$icon.'/w/240'; // $first_column_fields = array('biography','likes','dislikes'); // $id_block_fields = array('gender','town','country','birth_date'); // Cycle through all defined profile detail fields and display them $allvalues = get_records('profile_data','owner',$this->id); $first_column_fields = array(); $second_column_fields = array(); $firstcol = ""; $secondcol = ""; foreach($data['profile:details'] as $field) { if (is_array($field)) { $flabel = !empty($field[0]) ? $field[0] : ''; $fname = !empty($field[1]) ? $field[1] : ''; $ftype = !empty($field[2]) ? $field[2] : ''; $fblurb = !empty($field[3]) ? $field[3] : ''; $fusertype = !empty($field[4]) ? $field[4] : ''; $finvisible = false; $frequired = false; $fcat = __gettext("Main"); // Otherwise map things the new way! } else { $flabel = $field->name; $fname = $field->internal_name; $ftype = $field->field_type; $fblurb = $field->description; $fusertype = $field->user_type; $finvisible = $field->invisible; $frequired = $field->required; if (!isset($field->col1)) { $col1 = false; } else { $col1 = $field->col1; $first_column_fields[] = $fname; } if (!isset($field->col2)) { $col2 = false; } else { $col2 = $field->col2; $second_column_fields[] = $fname; } if (!empty($field->category)) { $fcat = $field->category; } else { $fcat = __gettext("Main"); } } if (empty($fusertype) || $usertype == $fusertype) { // $field is an array, with the name // of the field in $field[0] if (in_array($fname,$first_column_fields)) { $firstcol .= $this->field_display($field,$allvalues); } else if (in_array($fname,$second_column_fields)) { $secondcol .= $this->field_display($field,$allvalues); } } }*/ // $other_fields = array_merge($first_column_fields,$second_column_fields); //$run_result .= '<div class="profile_main">'."\n"; //$run_result .= '<div class="profile_primary">'."\n"; // $run_result .= '<div class="profile_icon"><img src="'.$icon_url.'"></div>'."\n"; //$run_result .= $firstcol; /*$run_result .= templates_draw(array( 'context' => 'databox1', 'name' => __gettext("Extended profile"), 'column1' => "<a href=\"{$CFG->wwwroot}profile/extended.php?profile_name={$username}\">" . __gettext("Click here to view extended profile") . "</a>" ) );*/ //$run_result .= '</div>'."\n"; //$run_result .= '<div class="profile_secondary">'."\n"; //$run_result .= $secondcol; //$run_result .= "</div>\n"; //$run_result .= '<div class="profile_main_bottom"></div>'."</div>\n"; /*//Pruebas con el perfil extendido $profile_name = optional_param('profile_name', '', PARAM_ALPHANUM); if (!empty($profile_name)) { $profile_id = user_info_username('ident', $profile_name); } if (empty($profile_id)) { $profile_id = optional_param('profile_id', -1, PARAM_INT); } // and the page_owner naturally $page_owner = $profile_id; define("context", "profile"); //templates_page_setup(); // init library $profile = new ElggProfile($profile_id); $title = user_name($profile_id); //$profile->display_name(); $body = $profile->view(); $run_result .= $body;*/ // Draw the user's comment wall if (function_exists("commentwall_displayonprofile")) { $offset = optional_param('offset', 0); $limit = optional_param('limit', 3); $run_result .= commentwall_displayonprofile($page_owner, $limit, $offset); } $view = array(); $view['body'] = $run_result; $run_result = ''; $username = user_info('username', $this->id); $run_result .= '<div id="profile_widgets">' . "\n"; $run_result .= widget_page_display($page_owner, 'profile', 0, 2); $run_result .= "</div>\n"; $view['body'] .= $run_result; return $view; }
<? //TODO: Redo html if (!check_perms('admin_manage_permissions')) { error(403); } if(!isset($_REQUEST['userid']) || !is_number($_REQUEST['userid'])){ error(404); } include(SERVER_ROOT."/classes/permissions_form.php"); list($UserID, $Username, $PermissionID) = array_values(user_info($_REQUEST['userid'])); $DB->query("SELECT p.Values, u.CustomPermissions FROM users_main AS u LEFT JOIN permissions AS p ON u.PermissionID=p.ID WHERE u.ID='$UserID'"); list($Defaults,$Customs)=$DB->next_record(MYSQLI_NUM, array(0,1)); $Defaults = unserialize($Defaults); $Delta=array(); if (isset($_POST['action'])) { foreach ($PermissionsArray as $Perm => $Explaination) { $Setting = (isset($_POST['perm_'.$Perm]))?1:0; $Default = (isset($Defaults[$Perm]))?1:0; if ($Setting != $Default) { $Delta[$Perm] = $Setting; } } $Cache->begin_transaction('user_info_heavy_'.$UserID);
function photogallery_folder_view($folder) { global $CFG, $metatags, $messages; require_once $CFG->dirroot . 'lib/filelib.php'; $metatags .= file_get_contents($CFG->dirroot . "mod/photogallery/css"); $metatags .= <<<END <script type="text/javascript"> var elggWwwRoot = "{$CFG->wwwroot}"; </script> <script type="text/javascript" src="{$CFG->wwwroot}mod/photogallery/lightbox/js/prototype.js"></script> <script type="text/javascript" src="{$CFG->wwwroot}mod/photogallery/lightbox/js/scriptaculous.js?load=effects"></script> <script type="text/javascript" src="{$CFG->wwwroot}mod/photogallery/lightbox/js/lightbox.js"></script> <link rel="stylesheet" href="{$CFG->wwwroot}mod/photogallery/lightbox/css/lightbox.css" type="text/css" media="screen" /> END; $file_html = ""; $photo_html = ""; $folder_html = ""; // Get all the files in this folder if ($files = get_records_select('files', "folder = ? AND files_owner = ? ORDER BY time_uploaded desc", array($folder->ident, $folder->files_owner))) { foreach ($files as $file) { if (run("users:access_level_check", $file->access) == true) { $image = $CFG->wwwroot . "_files/icon.php?id=" . $file->ident . "&w=200&h=200"; $filepath = $CFG->wwwroot . user_info("username", $file->files_owner) . "/files/{$folder->ident}/{$file->ident}/" . urlencode($file->originalname); $image = "<a href=\"{$CFG->wwwroot}_files/icon.php?id={$file->ident}&w=500&h=500\" rel=\"lightbox[folder]\"><img src=\"{$image}\" /></a>"; $fileinfo = round($file->size / 1048576, 4) . "Mb"; $filelinks = file_edit_links($file); $uploaded = sprintf(__gettext("Uploaded on %s"), strftime("%A, %d %B %Y", $file->time_uploaded)); $keywords = display_output_field(array("", "keywords", "file", "file", $file->ident, $file->owner)); $mimetype = mimeinfo('type', $file->originalname); if (empty($file->title)) { $file->title = __gettext("No title"); } if (substr_count($mimetype, "image") > 0) { $photo_html .= <<<END <div class="photogallery-photo-container"> <div class="photogallery-photo-image"> {$image} </div> <div class="photogallery-photo-info"> <h2 class="photogallery-photo-title"><a href="{$filepath}" >{$file->title}</a></h2> <p class="photogallery-photo-description"> {$file->description} </p> <p class="photogallery-photo-keywords"> {$keywords} </p> <p class="photogallery-photo-infobar"> {$uploaded}<br /> {$fileinfo} {$mimetype} {$filelinks} </p> </div> </div> END; } else { $file_html .= <<<END <div class="photogallery-file-container"> <div class="photogallery-file-image"> <a href="{$filepath}">{$image}</a> </div> <div class="photogallery-file-info"> <h2 class="photogallery-file-title"><a href="{$filepath}">{$file->title}</a></h2> <p>{$file->description}</p> <p class="photogallery-file-keywords"> {$keywords} </p> <p class="photogallery-file-infobar"> {$uploaded}<br /> {$fileinfo} {$mimetype} {$filelinks} </p> </div> </div> END; } } } } if ($subfolders = get_records_select('file_folders', "parent = ? AND files_owner = ? ORDER BY name desc", array($folder->ident, $folder->owner))) { foreach ($subfolders as $subfolder) { $folderlinks = file_folder_edit_links($subfolder); $keywords = display_output_field(array("", "keywords", "folder", "folder", $subfolder->ident, $subfolder->owner)); $filepath = $CFG->wwwroot . user_info("username", $folder->files_owner) . "/files/" . $subfolder->ident; $folder_html .= <<<END <div class="photogallery-file-container"> <div class="photogallery-file-image"> <a href="{$filepath}"><img src="{$CFG->wwwroot}_files/folder.png" /></a> </div> <div class="photogallery-file-info"> <h2 class="photogallery-file-title"><a href="{$filepath}">{$subfolder->name}</a></h2> <p class="photogallery-file-keywords"> {$keywords} </p> <p class="photogallery-file-infobar"> {$folderlinks} </p> </div> </div> END; } } if (!empty($file_html)) { $file_html = "<h2>" . __gettext("Non-photo files") . "</h2>" . $file_html; } if (!empty($folder_html)) { $folder_html = "<h2>" . __gettext("Subfolders") . "</h2>" . $folder_html; } $body = $photo_html . $file_html . $folder_html; if (empty($body)) { $body = "<p>" . __gettext("This folder is currently empty.") . "</p>"; } return $body; }
/** * 获取需要显示的银行 * @ReturnRes 为空是仅仅返回支付银行,否则返回完整html格式 * @retuen array 支付方式 **/ function show_bank($ReturnRes = '') { //dump() //增加区分网页版支付还是手机平台支付 Platform_pay '系统平台支付 0:默认 电脑版 1:手机版wap支付方式' $BankList = $GLOBALS['db']->getAll("select bank_name,bank_code,bank_img from " . $GLOBALS['ecs']->table('show_bank') . " where state = 1 AND Platform_pay = 0"); if (!$BankList) { return false; } if (!$ReturnRes) { $arr = shou_bank_height($BankList, $num = 3); $BankList['css']['height'] = $arr['height']; $BankList['css']['andHeight'] = $arr['andHeight']; return $BankList; } else { $BankHtml = ''; $BankHtml .= '<div class="flowBox">'; $BankHtml .= '<style>.zhifu li{width:205px;height:40px;float:left;margin:10px 0 0 30px;}'; $BankHtml .= '.zhifu input{float:left;margin-top:10px;}'; $BankHtml .= '.zhifu img{width:120px;height:30px;}'; $BankHtml .= '</style>'; $BankHtml .= '<script>function morezhifu(){document.getElementById("zhifu").style.height ="100px"; document.getElementById("jsa").style.display="none"; document.getElementById("zhifuand").style.display="";}</script>'; $BankHtml .= '<h6><span>支付方式</span></h6>'; if ($GLOBALS['_SESSION']['user_id']) { $user_info = user_info($GLOBALS['_SESSION']['user_id']); $BankHtml .= '<ul class="zhifu" id="yue" style="width:920px;height:50px;border-bottom:1px solid #B5877D;margin-left:10px;">'; $BankHtml .= '<li style="margin-left:20px;margin-top:15px;height:30px;">'; $BankHtml .= '<input style="margin-top:2px;" type="radio" value="1" name="payment">'; $BankHtml .= '使用余额支付(余额' . $user_info['user_money'] . ')</li></ul>'; } $arr = shou_bank_height($BankList, $num = 4); $height = $arr['height']; $andHeight = $arr['andHeight']; $BankHtml .= '<ul class="zhifu" id="zhifu" style="width:950px;height:' . $height . 'px;">'; foreach ($BankList as $k => $v) { $k++; $BankHtml .= '<li><input type="radio" value="' . $v['bank_code'] . '" name="payment"><img src="' . $v['bank_img'] . '" ></li>'; if (count($BankList) > 8 && $k == 8) { $BankHtml .= '<li id="jsa"><a href="javascript:morezhifu();" style="color:#E66A14;">更多银行 >></a></li></ul>'; $BankHtml .= '<ul class="zhifu" id="zhifuand" style="width:950px;height:' . $andHeight . 'px;display:none;">'; } } $BankHtml .= '</ul>'; if ($GLOBALS['_SESSION']['user_id']) { $BankHtml .= '<ul class="" id="cod" style="width:920px;height:40px;border-top:1px solid #B5877D;margin-left:10px;">'; $BankHtml .= '<li style="margin-left:20px;margin-top:15px;height:30px;">'; $BankHtml .= '<input style="margin-top:2px;" type="radio" value="2" name="payment">货到付款</li></ul>'; } $BankHtml .= '</div>'; return $BankHtml; } }
function cancel_delivery($order_id, $delivery_id) { global $db, $ecs; /* 取得参数 */ $delivery = ''; /* 根据发货单id查询发货单信息 */ if (!empty($delivery_id)) { $delivery_order = delivery_order_info($delivery_id); } else { sys_msg('订单号不能为空!', 1); } /* 查询订单信息 */ $order = order_info($order_id); /* 取消当前发货单物流单号 */ $_delivery['invoice_no'] = ''; $_delivery['status'] = 2; $query = $db->autoExecute($ecs->table('delivery_order'), $_delivery, 'UPDATE', "delivery_id = {$delivery_id}", 'SILENT'); if (!$query) { /* 操作失败 */ $links[] = array('text' => $GLOBALS['_LANG']['delivery_sn'] . $GLOBALS['_LANG']['detail'], 'href' => 'order.php?act=delivery_info&delivery_id=' . $delivery_id); sys_msg($GLOBALS['_LANG']['act_false'], 1, $links); exit; } /* 修改定单发货单号 */ $invoice_no_order = explode('<br>', $order['invoice_no']); $invoice_no_delivery = explode('<br>', $delivery_order['invoice_no']); foreach ($invoice_no_order as $key => $value) { $delivery_key = array_search($value, $invoice_no_delivery); if ($delivery_key !== false) { unset($invoice_no_order[$key], $invoice_no_delivery[$delivery_key]); if (count($invoice_no_delivery) == 0) { break; } } } $_order['invoice_no'] = implode('<br>', $invoice_no_order); /* 更新配送状态 */ $order_finish = get_all_delivery_finish($order_id); $shipping_status = $order_finish == -1 ? SS_SHIPPED_PART : SS_SHIPPED_ING; $arr['shipping_status'] = $shipping_status; if ($shipping_status == SS_SHIPPED_ING) { $arr['shipping_time'] = ''; // 发货时间 } $arr['invoice_no'] = $_order['invoice_no']; update_order($order_id, $arr); /* 发货单取消发货记录log */ order_action($order['order_sn'], $order['order_status'], $shipping_status, $order['pay_status'], $action_note, null, 1); /* 如果使用库存,则增加库存 */ if ($_CFG['use_storage'] == '1' && $_CFG['stock_dec_time'] == SDT_SHIP) { // 检查此单发货商品数量 $virtual_goods = array(); $delivery_stock_sql = "SELECT DG.goods_id, DG.product_id, DG.is_real, SUM(DG.send_number) AS sums\r\n FROM " . $GLOBALS['ecs']->table('delivery_goods') . " AS DG\r\n WHERE DG.delivery_id = '{$delivery_id}'\r\n GROUP BY DG.goods_id "; $delivery_stock_result = $GLOBALS['db']->getAll($delivery_stock_sql); foreach ($delivery_stock_result as $key => $value) { /* 虚拟商品 */ if ($value['is_real'] == 0) { continue; } //(货品) if (!empty($value['product_id'])) { $minus_stock_sql = "UPDATE " . $GLOBALS['ecs']->table('products') . "\r\n SET product_number = product_number + " . $value['sums'] . "\r\n WHERE product_id = " . $value['product_id']; $GLOBALS['db']->query($minus_stock_sql, 'SILENT'); } $minus_stock_sql = "UPDATE " . $GLOBALS['ecs']->table('goods') . "\r\n SET goods_number = goods_number + " . $value['sums'] . "\r\n WHERE goods_id = " . $value['goods_id']; $GLOBALS['db']->query($minus_stock_sql, 'SILENT'); } } /* 发货单全退回时,退回其它 */ if ($order['order_status'] == SS_SHIPPED_ING) { /* 如果订单用户不为空,计算积分,并退回 */ if ($order['user_id'] > 0) { /* 取得用户信息 */ $user = user_info($order['user_id']); /* 计算并退回积分 */ $integral = integral_to_give($order); log_account_change($order['user_id'], 0, 0, -1 * intval($integral['rank_points']), -1 * intval($integral['custom_points']), sprintf($GLOBALS['_LANG']['return_order_gift_integral'], $order['order_sn'])); /* todo 计算并退回红包 */ return_order_bonus($order_id); } } /* 清除缓存 */ clear_cache_files(); /* 操作成功 */ $links[] = array('text' => $GLOBALS['_LANG']['delivery_sn'] . $GLOBALS['_LANG']['detail'], 'href' => 'order.php?act=delivery_info&delivery_id=' . $delivery_id); sys_msg($GLOBALS['_LANG']['act_ok'], 0, $links); }
/** * Return the basic HTML for a message (given its database row), * where the title is a heading 2 and the body is in a paragraph. * * @param string $message the message body * @return string HTML output * @todo TODO refactor, separate display and logic * @author Ben WerdMuller <*****@*****.**> */ function display_message($message) { global $CFG; if ($message->from_id == -1) { $from->name = __gettext("System"); } else { $from = get_record_sql("select * from " . $CFG->prefix . "users where ident = " . $message->from_id); } $title = "[" . __gettext("Message from "); if ($message->from_id != -1) { $title .= "<a href=\"" . $CFG->wwwroot . user_info("username", $message->from_id) . "/\">"; } $title .= $from->name; if ($message->from_id != -1) { $title .= "</a>"; } $title .= "] " . $message->title; $body = "<p>" . nl2br(str_replace("\t", " ", activate_urls($message->body))) . "</p>"; $body = templates_draw(array('context' => 'databox1', 'name' => $title, 'column1' => $body)); return $body; }
if ($filter == "judges") { $email_subject .= "Judging at " . $_SESSION['contestName']; } elseif ($filter == "stewards") { $email_subject .= "Stewarding at " . $_SESSION['contestName']; } else { $email_subject .= $_SESSION['contestName']; } do { $output_datatables_add_link = ""; $output_datatables_edit_link = ""; $output_datatables_delete_link = ""; $output_datatables_print_link = ""; $output_datatables_other_link = ""; $output_datatables_view_link = ""; $output_datatables_actions = ""; $user_info = user_info($row_brewer['uid']); $user_info = explode("^", $user_info); $table_assign_judge = table_assignments($user_info[0], "J", $_SESSION['prefsTimeZone'], $_SESSION['prefsDateFormat'], $_SESSION['prefsTimeFormat'], 1); $table_assign_steward = table_assignments($user_info[0], "S", $_SESSION['prefsTimeZone'], $_SESSION['prefsDateFormat'], $_SESSION['prefsTimeFormat'], 1); if ($filter == "judges") { $locations = $row_brewer['brewerJudgeLocation']; } if ($filter == "stewards") { $locations = $row_brewer['brewerStewardLocation']; } if ($_SESSION['brewerCountry'] == "United States") { $us_phone = TRUE; } else { $us_phone = FALSE; } unset($brewer_assignment);
//This is a hybrid to reduce the catalogue down to the page elements: We use the page limit % catalogue $Thread = array_slice($Catalogue,((TORRENT_COMMENTS_PER_PAGE*$Page-TORRENT_COMMENTS_PER_PAGE)%THREAD_CATALOGUE),TORRENT_COMMENTS_PER_PAGE,true); ?> <div class="linkbox"><a name="comments"></a> <? $Pages=get_pages($Page,$Results,TORRENT_COMMENTS_PER_PAGE,9,'#comments'); echo $Pages; ?> </div> <? //---------- Begin printing foreach($Thread as $Key => $Post){ list($PostID, $AuthorID, $AddedTime, $Body, $EditedUserID, $EditedTime, $EditedUsername) = array_values($Post); list($AuthorID, $Username, $PermissionID, $Artist, $Donor, $Warned, $Avatar, $Enabled, $UserTitle) = array_values(user_info($AuthorID)); ?> <table class="forum_post box vertical_margin" id="post<?php echo $PostID; ?> "> <tr class="colhead_dark"> <td colspan="2"> <span style="float:left;"><a href='#post<?php echo $PostID; ?> '>#<?php echo $PostID; ?> </a> by <strong><?php
ecs_header("Location: ./\n"); exit; } /* 检查订单是否未付款,检查应付款金额是否大于0 */ if ($order['pay_status'] != PS_UNPAYED || $order['order_amount'] <= 0) { $err->add($_LANG['error_order_is_paid']); $err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id); } /* 计算应付款金额(减去支付费用) */ $order['order_amount'] -= $order['pay_fee']; /* 余额是否超过了应付款金额,改为应付款金额 */ if ($surplus > $order['order_amount']) { $surplus = $order['order_amount']; } /* 取得用户信息 */ $user = user_info($_SESSION['user_id']); /* 用户帐户余额是否足够 */ if ($surplus > $user['user_money'] + $user['credit_line']) { $err->add($_LANG['error_surplus_not_enough']); $err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id); } /* 修改订单,重新计算支付费用 */ $order['surplus'] += $surplus; $order['order_amount'] -= $surplus; if ($order['order_amount'] > 0) { $cod_fee = 0; if ($order['shipping_id'] > 0) { $regions = array($order['country'], $order['province'], $order['city'], $order['district']); $shipping = shipping_area_info($order['shipping_id'], $regions); if ($shipping['support_cod'] == '1') { $cod_fee = $shipping['pay_fee'];
function file_folder_view($folder) { global $CFG; /* * View a specific folder * (Access rights are presumed) */ // Find out who's the owner global $page_owner; $owner_username = user_info('username', $page_owner); // If we're not in the parent folder, provide a link to return to the parent /* if ($folder->ident != -1) { $folder->name = stripslashes($folder->name); } */ $body = "<h2>" . $folder->name . "</h2>"; // Firstly, get a list of folders // Display folders we actually have access to if ($folder->idents = get_records_select('file_folders', "parent = {$folder->ident} AND (" . run("users:access_level_sql_where") . ") and files_owner = {$page_owner}")) { $subFolders = __gettext("Subfolders"); // gettext variable $body .= <<<END <h3> {$subFolders} </h3> END; foreach ($folder->idents as $folder->ident_details) { if (run("users:access_level_check", $folder->ident_details->access) == true) { $username = $owner_username; $ident = (int) $folder->ident_details->ident; $name = get_access_description($folder->ident_details->access); $name .= stripslashes($folder->ident_details->name); $folder->identmenu = file_folder_edit_links($folder->ident_details); $keywords = display_output_field(array("", "keywords", "folder", "folder", $ident, $folder->ident_details->owner)); if ($keywords) { $keywords = __gettext("Keywords: ") . $keywords; } $body .= templates_draw(array('context' => 'folder', 'username' => $username, 'url' => $CFG->wwwroot . "{$username}/files/{$ident}", 'ident' => $ident, 'name' => $name, 'menu' => $folder->identmenu, 'icon' => $CFG->wwwroot . "mod/file/folder.png", 'keywords' => $keywords)); } } } // Then get a list of files // View files we actually have access to if ($files = get_records_select('files', "folder = ? AND files_owner = ?", array($folder->ident, $page_owner))) { foreach ($files as $file) { if (run("users:access_level_check", $file->access) == true || $file->owner == $_SESSION['userid']) { $username = $owner_username; $ident = (int) $file->ident; $folder->ident = $file->folder; $title = get_access_description($file->access); $title .= stripslashes($file->title); $description = nl2br(stripslashes($file->description)); $filetitle = urlencode($title); $originalname = stripslashes($file->originalname); $filemenu = round($file->size / 1048576, 4) . "MB "; $icon = $CFG->wwwroot . "_icon/file/" . $file->ident; $filepath = $CFG->wwwroot . "{$username}/files/{$folder->ident}/{$ident}/" . urlencode($originalname); $mimetype = mimeinfo('type', $file->originalname); if ($mimetype == "audio/mpeg" || $mimetype == "audio/mp3") { $filemenu .= " <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\"\n codebase=\"http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0\"\n width=\"17\" height=\"17\" >\n <param name=\"allowScriptAccess\" value=\"sameDomain\" />\n <param name=\"movie\" value=\"" . $CFG->wwwroot . "mod/file/mp3player/musicplayer.swf?song_url={$filepath}&song_title={$filetitle}\" />\n <param name=\"quality\" value=\"high\" />\n <embed src=\"" . $CFG->wwwroot . "mod/file/mp3player/musicplayer.swf?song_url={$filepath}&song_title={$filetitle}\"\n quality=\"high\" bgcolor=\"#E6E6E6\" name=\"xspf_player\" allowscriptaccess=\"sameDomain\"\n type=\"application/x-shockwave-flash\"\n pluginspage=\"http://www.macromedia.com/go/getflashplayer\"\n align=\"center\" height=\"17\" width=\"17\" />\n </object>"; } $filemenu = file_edit_links($file); $keywords = display_output_field(array("", "keywords", "file", "file", $ident, $file->owner)); if ($keywords) { $keywords = __gettext("Keywords: ") . $keywords; } $body .= templates_draw(array('context' => 'file', 'username' => $username, 'title' => $title, 'ident' => $ident, 'folder' => $folder->ident, 'description' => $description, 'originalname' => $originalname, 'url' => $filepath, 'menu' => $filemenu, 'icon' => $icon, 'keywords' => $keywords)); $body .= display_run_displayobjectannotations($file, "file::file"); } } } // Deliver an apologetic message if there aren't any files or folders if (empty($files) && empty($folder->idents)) { $body .= "<p>" . __gettext("This folder is currently empty.") . "</p>"; } return $body; }
$_POST['inv_payee'] = isset($_POST['inv_payee']) ? htmlspecialchars($_POST['inv_payee']) : ''; $_POST['inv_content'] = isset($_POST['inv_content']) ? htmlspecialchars($_POST['inv_content']) : ''; $_POST['postscript'] = isset($_POST['postscript']) ? htmlspecialchars($_POST['postscript']) : ''; $order = array('shipping_id' => intval($_POST['shipping']), 'pay_id' => isset($_POST['payment']) ? intval($_POST['payment']) : '0', 'pack_id' => isset($_POST['pack']) ? intval($_POST['pack']) : 0, 'card_id' => isset($_POST['card']) ? intval($_POST['card']) : 0, 'card_message' => trim($_POST['card_message']), 'surplus' => isset($_POST['surplus']) ? floatval($_POST['surplus']) : 0.0, 'integral' => isset($_POST['integral']) ? intval($_POST['integral']) : 0, 'bonus_id' => isset($_POST['bonus']) ? intval($_POST['bonus']) : 0, 'need_inv' => empty($_POST['need_inv']) ? 0 : 1, 'inv_type' => $_POST['inv_type'], 'inv_payee' => trim($_POST['inv_payee']), 'inv_content' => $_POST['inv_content'], 'postscript' => trim($_POST['postscript']), 'how_oos' => isset($_LANG['oos'][$_POST['how_oos']]) ? addslashes($_LANG['oos'][$_POST['how_oos']]) : '', 'need_insure' => isset($_POST['need_insure']) ? intval($_POST['need_insure']) : 0, 'user_id' => $_SESSION['user_id'], 'add_time' => gmtime(), 'order_status' => OS_UNCONFIRMED, 'shipping_status' => SS_UNSHIPPED, 'pay_status' => PS_UNPAYED, 'agency_id' => get_agency_by_regions(array($consignee['country'], $consignee['province'], $consignee['city'], $consignee['district']))); /* 扩展信息 */ if (isset($_SESSION['flow_type']) && intval($_SESSION['flow_type']) != CART_GENERAL_GOODS) { $order['extension_code'] = $_SESSION['extension_code']; $order['extension_id'] = $_SESSION['extension_id']; } else { $order['extension_code'] = ''; $order['extension_id'] = 0; } /* 检查积分余额是否合法 */ $user_id = $_SESSION['user_id']; if ($user_id > 0) { $user_info = user_info($user_id); $order['surplus'] = min($order['surplus'], $user_info['user_money'] + $user_info['credit_line']); if ($order['surplus'] < 0) { $order['surplus'] = 0; } // 查询用户有多少积分 $flow_points = flow_available_points(); // 该订单允许使用的积分 $user_points = $user_info['pay_points']; // 用户的积分总数 $order['integral'] = min($order['integral'], $user_points, $flow_points); if ($order['integral'] < 0) { $order['integral'] = 0; } } else { $order['surplus'] = 0;
$_REQUEST['refund_note'] = isset($_REQUEST['refund_note']) ? $_REQUEST['refund'] : ''; /* 标记订单为“退货”、“未付款”、“未发货” */ $arr = array('order_status' => OS_RETURNED, 'pay_status' => PS_UNPAYED, 'shipping_status' => SS_UNSHIPPED, 'money_paid' => 0, 'invoice_no' => '', 'order_amount' => $order['money_paid']); update_order($order_id, $arr); /* todo 处理退款 */ if ($order['pay_status'] != PS_UNPAYED) { $refund_type = $_REQUEST['refund']; $refund_note = $_REQUEST['refund']; order_refund($order, $refund_type, $refund_note); } /* 记录log */ order_action($order['order_sn'], OS_RETURNED, SS_UNSHIPPED, PS_UNPAYED, $action_note); /* 如果订单用户不为空,计算积分,并退回 */ if ($order['user_id'] > 0) { /* 取得用户信息 */ $user = user_info($order['user_id']); $sql = "SELECT goods_number, send_number FROM" . $GLOBALS['ecs']->table('order_goods') . "\n WHERE order_id = '" . $order['order_id'] . "'"; $goods_num = $db->query($sql); $goods_num = $db->fetchRow($goods_num); if ($goods_num['goods_number'] == $goods_num['send_number']) { /* 计算并退回积分 */ $integral = integral_to_give($order); log_account_change($order['user_id'], 0, 0, -1 * intval($integral['rank_points']), -1 * intval($integral['custom_points']), sprintf($_LANG['return_order_gift_integral'], $order['order_sn'])); } /* todo 计算并退回红包 */ return_order_bonus($order_id); } /* 如果使用库存,则增加库存(不论何时减库存都需要) */ if ($_CFG['use_storage'] == '1') { if ($_CFG['stock_dec_time'] == SDT_SHIP) { change_order_goods_storage($order['order_id'], false, SDT_SHIP);
<?php require_once 'inc/lib.php'; session_start(); if (!($user = user_info($_SESSION['user']))) { exit; } switch ($_POST['req']) { case 'dir': // Initial vars $dirs = array(); $files = array(); // Get directory contents $h = opendir($user['home'] . $_POST['dir']); while (false !== ($f = readdir($h))) { if ($f != '.' && $f != '..') { if (is_dir($user['home'] . $_POST['dir'] . '/' . $f)) { $dirs[] = $f; } elseif (is_file($user['home'] . $_POST['dir'] . '/' . $f)) { $files[] = $f; } } } closedir($h); unset($f); // Sort data sort($dirs); sort($files); // Get file sizes $sizes = array(); foreach ($files as $f) {
function action_act_edit_surplus() { $user = $GLOBALS['user']; $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $user_id = $_SESSION['user_id']; /* 检查是否登录 */ if ($_SESSION['user_id'] <= 0) { ecs_header("Location: ./\n"); exit; } /* 检查订单号 */ $order_id = intval($_POST['order_id']); if ($order_id <= 0) { ecs_header("Location: ./\n"); exit; } /* 检查余额 */ $surplus = floatval($_POST['surplus']); if ($surplus <= 0) { $err->add($_LANG['error_surplus_invalid']); $err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id); } include_once ROOT_PATH . 'includes/lib_order.php'; /* 取得订单 */ $order = order_info($order_id); if (empty($order)) { ecs_header("Location: ./\n"); exit; } /* 检查订单用户跟当前用户是否一致 */ if ($_SESSION['user_id'] != $order['user_id']) { ecs_header("Location: ./\n"); exit; } /* 检查订单是否未付款,检查应付款金额是否大于0 */ if ($order['pay_status'] != PS_UNPAYED || $order['order_amount'] <= 0) { $err->add($_LANG['error_order_is_paid']); $err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id); } /* 计算应付款金额(减去支付费用) */ $order['order_amount'] -= $order['pay_fee']; /* 余额是否超过了应付款金额,改为应付款金额 */ if ($surplus > $order['order_amount']) { $surplus = $order['order_amount']; } /* 取得用户信息 */ $user = user_info($_SESSION['user_id']); /* 用户帐户余额是否足够 */ if ($surplus > $user['user_money'] + $user['credit_line']) { $err->add($_LANG['error_surplus_not_enough']); $err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id); } /* 修改订单,重新计算支付费用 */ $order['surplus'] += $surplus; $order['order_amount'] -= $surplus; if ($order['order_amount'] > 0) { $cod_fee = 0; if ($order['shipping_id'] > 0) { $regions = array($order['country'], $order['province'], $order['city'], $order['district']); $shipping = shipping_area_info($order['shipping_id'], $regions); if ($shipping['support_cod'] == '1') { $cod_fee = $shipping['pay_fee']; } } $pay_fee = 0; if ($order['pay_id'] > 0) { $pay_fee = pay_fee($order['pay_id'], $order['order_amount'], $cod_fee); } $order['pay_fee'] = $pay_fee; $order['order_amount'] += $pay_fee; } /* 如果全部支付,设为已确认、已付款 */ if ($order['order_amount'] == 0) { if ($order['order_status'] == OS_UNCONFIRMED) { $order['order_status'] = OS_CONFIRMED; $order['confirm_time'] = gmtime(); } $order['pay_status'] = PS_PAYED; $order['pay_time'] = gmtime(); } $order = addslashes_deep($order); update_order($order_id, $order); /* 更新用户余额 */ $change_desc = sprintf($_LANG['pay_order_by_surplus'], $order['order_sn']); log_account_change($user['user_id'], -1 * $surplus, 0, 0, 0, $change_desc); /* 跳转 */ ecs_header('Location: user.php?act=order_detail&order_id=' . $order_id . "\n"); exit; }
/* 取得拍卖活动信息 */ $auction = auction_info($id); if (empty($auction)) { ecs_header("Location: ./\n"); exit; } /* 活动是否正在进行 */ if ($auction['status_no'] != UNDER_WAY) { show_message($_LANG['au_not_under_way'], '', '', 'error'); } /* 是否登录 */ $user_id = $_SESSION['user_id']; if ($user_id <= 0) { show_message($_LANG['au_bid_after_login']); } $user = user_info($user_id); /* 取得出价 */ $bid_price = isset($_POST['price']) ? round(floatval($_POST['price']), 2) : 0; if ($bid_price <= 0) { show_message($_LANG['au_bid_price_error'], '', '', 'error'); } /* 如果有一口价且出价大于等于一口价,则按一口价算 */ $is_ok = false; // 出价是否ok if ($auction['end_price'] > 0) { if ($bid_price >= $auction['end_price']) { $bid_price = $auction['end_price']; $is_ok = true; } } /* 出价是否有效:区分第一次和非第一次 */
<?php require_once 'inc/lib.php'; session_start(); if (empty($_SESSION['user']) || !($user = user_info($_SESSION['user']))) { // Not logged in, redirect to login page header('Location: .'); exit('Not Authorized'); } if (empty($_REQUEST['file'])) { // Not file specified, return to file list header('Location: files.php'); exit('No file specified'); } // Prevent a simple directory security issue if (strpos($_REQUEST['file'], '..') !== false) { exit('Invalid file path.'); } // Save file if edited if (isset($_POST['text']) && !empty($_POST['file'])) { $file = $user['home'] . $_POST['file']; $text = $_POST['text']; if (get_magic_quotes_gpc()) { $text = stripslashes($text); } $saved = file_put_contents($file, $text); } // Determine current directory $dir = rtrim($_REQUEST['file'], basename($_REQUEST['file'])); $dir = rtrim($dir, '/'); ?>
<td BGCOLOR="#FFFFFF"><img SRC="https://www.benfund.com/clear.gif" height=2 width=20></td> </tr> <tr> <td BGCOLOR="#33CCFF"><font color="#000099" face="Arial,Helvetica"><a href="../logout.php">Log Out </a></font></td> </tr> </table></center> <p><img SRC="https://www.benfund.com/clear.gif" height=46 width=20> <br> <b></b></p> <p> <br> </p></td> <td valign="top" WIDTH="640"><!-- InstanceBeginEditable name="EditRegion3" --> <?php user_info($id, $pw); $group = $row['g_name']; $cause = $row['cause']; ?> <p align="center">You can download a flyer in the form of a PDF from this page. It contains all the necessary information for anyone who reads it to make a donation. You need Adobe Reader to view the flyers and print them.If you do not have adobe reader get it here.</p> <p align="center"><a href="http://adobe.com/products/acrobat/readstep2.html"><img src="images/get_adobe_reader.gif" width="88" height="31" border="0"></a></p> <p align="center">If you have Adobe Reader and wish to generate flyers click the button below.</p> <form name="form1" method="post" action="pdf_create.php"> <div align="center"> <input name="id" type="hidden" id="id" value="<?php echo $id; ?>