} elseif ($action == 'deleteuser') { $_uid = param(2, 0); $method != 'POST' and message(-1, 'Method error'); empty($group['allowdeleteuser']) and message(-1, '您无权删除用户'); $u = user_read($_uid); empty($u) and message(-1, '用户不存在或者已经被删除。'); $u['gid'] < 6 and message(-1, '不允许删除管理组,请先调整用户用户组。'); $r = user_delete($_uid); $r === FALSE ? message(-1, '删除失败') : message(0, '删除成功'); } elseif ($action == 'banip') { $method != 'POST' and message(-1, 'Method error'); $_ip = xn_urldecode(param(2)); empty($_ip) and message(-1, 'IP 为空'); $_ip = long2ip(ip2long($_ip)); // 安全过滤 $day = intval(xn_urldecode(param(3))); empty($group['allowbanuser']) and message(-1, '您无权禁止 IP'); $arr = explode('.', $_ip); $arr[0] == '0' and message(-1, 'IP 地址不能以 0 开头。'); $banip = banip_read_by_ip($_ip); if ($day == -1) { $r = banip_delete($banip['banid']); } else { $day == 0 and $day = 3650; $arr = array('ip0' => $arr[0], 'ip1' => $arr[1], 'ip2' => $arr[2], 'ip3' => $arr[3], 'uid' => $uid, 'create_date' => $time, 'uid' => $uid, 'expiry' => $time + 86400 * $day); if (empty($banip)) { $r = banip_create($arr); } else { $r = banip_update($banip['banid'], $arr); } }
<?php !defined('DEBUG') and exit('Access Denied.'); include './xiunophp/xn_html_safe.func.php'; // 模板初始化依赖 $keyword = param('keyword'); !$keyword and $keyword = xn_urldecode(param(1)); $threadlist = thread_find_by_keyword($keyword); // 去除无权限的主题 thread_list_access_filter($threadlist, $gid); if (empty($threadlist) || empty($threadlist[0])) { $fid = 0; $tid = 0; $thread = array(); $postlist = array(); $first = array(); } else { $thread = $threadlist[0]; $tid = $thread['tid']; $fid = $thread['fid']; $postlist = post_find_by_tid($tid); $first = $postlist[$thread['firstpid']]; unset($postlist[$thread['firstpid']]); $allowpost = forum_access_user($fid, $gid, 'allowpost'); $allowupdate = forum_access_mod($fid, $gid, 'allowupdate'); $allowdelete = forum_access_mod($fid, $gid, 'allowdelete'); } $header['title'] = $keyword . '-' . $conf['sitename']; // 网站标题 $header['keywords'] = $keyword; // 关键词
} $_user = user_read($_uid); if (empty($_user)) { $err .= "{$_uid} 不存在; "; continue; } if ($_user['gid'] > 4) { $err .= "{$_uid} 不是斑竹; "; continue; } $names[] = $_user['username']; } $s = implode(',', $names); $err ? message(1, $err) : message(0, $s); } elseif ($action == 'getuid') { $names = xn_urldecode(param(2)); $arr = explode(',', $names); $ids = array(); $err = ''; foreach ($arr as $name) { if (empty($name)) { continue; } $_user = user_read_by_username($name); if (empty($_user)) { $err .= "{$name} 不存在; "; continue; } if ($_user['gid'] > 4) { $err .= "{$name} 不是斑竹; "; continue;
function decrypt($txt, $key = 'abcd9667676effff') { return xxtea_decrypt(base64_decode(xn_urldecode($txt)), $key); }