function setData()
{
$bonus = S::escapeChar(S::getGP('bonus', 'P'), true);
$ctype = S::escapeChar(S::getGP('ctype', 'P'));
if (empty($bonus)) {
$bonus = array();
$bonus['best'] = $this->b_val;
$bonus['active'] = $this->a_val;
}
$bonus['best'] < $this->b_val && Showmsg('credit_limit');
$bonus['active'] < $this->a_val && Showmsg('credit_limit');
reset($this->allowcredit);
if (!$ctype['best']) {
$ctype['best'] = current($this->allowcredit);
}
if (!$ctype['active']) {
$ctype['active'] = current($this->allowcredit);
}
if (!in_array($ctype['best'], $this->allowcredit) || !in_array($ctype['active'], $this->allowcredit)) {
Showmsg('reward_credit_error');
}
$this->data['cbtype'] = $ctype['best'];
$this->data['catype'] = $ctype['active'];
$this->data['cbval'] = $bonus['best'];
$this->data['caval'] = $bonus['active'];
}
function getguestIndexpath()
{
global $db_guestdir;
$mode = S::getGP('m');
$mode = $mode && in_array($mode, array('bbs', 'area', 'o')) ? $mode : '';
return D_P . "{$db_guestdir}/index" . $mode . ".html";
}
function initData()
{
global $timestamp;
!$_POST['vt_select'] && Showmsg('postfunc_noempty');
$vt_select = S::getGP('vt_select', 'P');
$vt_select = explode("\n", $vt_select);
$votearray = array();
foreach ($vt_select as $key => $option) {
if ($option = trim($option)) {
$votearray[] = array(stripslashes($option), 0);
}
}
$vtcount = count($votearray);
if ($vtcount > $this->maxselect) {
Showmsg('vote_num_limit');
}
$regdatelimit = S::getGP('regdatelimit', 'P');
$multiplevote = intval(S::getGP('multiplevote', 'P'));
$mostvotes = intval(S::getGP('mostvotes', 'P'));
$timelimit = intval(S::getGP('timelimit', 'P'));
$modifiable = intval(S::getGP('modifiable', 'P'));
$previewable = intval(S::getGP('previewable', 'P'));
$leastvotes = intval(S::getGP('leastvotes', 'P'));
$postnumlimit = intval(S::getGP('postnumlimit', 'P'));
if (empty($multiplevote)) {
$mostvotes = 1;
} elseif ($mostvotes > $vtcount || $mostvotes < 1) {
$mostvotes = $vtcount;
}
if (empty($multiplevote) || $leastvotes > $mostvotes || $leastvotes < 1) {
$leastvotes = 1;
}
$timelimit < 0 && ($timelimit = 0);
$postnumlimit < 0 && ($postnumlimit = 0);
$regdatelimit = strtotime($regdatelimit);
$regdatelimit = $regdatelimit > $timestamp ? $timestamp : $regdatelimit;
$creditlimit = S::getGP('creditlimit', 'P');
$creditlimit_temp = array();
foreach ($creditlimit as $key => $value) {
if (!empty($value)) {
$creditlimit_temp[$key] = (int) $value;
}
}
$this->data['voteopts'] = serialize($votearray);
$this->data['modifiable'] = $modifiable;
$this->data['previewable'] = $previewable;
$this->data['multiple'] = $multiplevote;
$this->data['mostvotes'] = $mostvotes;
$this->data['leastvotes'] = $leastvotes;
$this->data['timelimit'] = $timelimit;
$this->data['regdatelimit'] = $regdatelimit;
$this->data['creditlimit'] = serialize($creditlimit_temp);
$this->data['postnumlimit'] = $postnumlimit;
}
function update($uploaddb)
{
global $db_charset;
$this->transfer();
foreach ($uploaddb as $value) {
$value['descrip'] = S::escapeChar(S::getGP('atc_desc' . $value['id'], 'P'));
$value['name'] = stripslashes(pwConvert($value['name'], $db_charset, 'utf-8'));
$this->attachs[] = $value;
}
return $uploaddb;
}
function _setData()
{
$goodsname = S::escapeChar(S::getGP('goodsname'));
$price = S::escapeChar(S::getGP('price'));
$costprice = S::escapeChar(S::getGP('costprice'));
$locus = S::escapeChar(S::getGP('locus'));
$mailfee = S::escapeChar(S::getGP('mailfee'));
$expressfee = S::escapeChar(S::getGP('expressfee'));
$emsfee = S::escapeChar(S::getGP('emsfee'));
$icon = S::escapeChar(S::getGP('attachment_1'));
$degree = intval(S::getGP('degree'));
$ptype = intval(S::getGP('ptype'));
$goodsnum = intval(S::getGP('goodsnum'));
$paymethod = S::escapeChar(S::getGP('paymethod'), 1);
$transport = intval(S::getGP('transport'));
!$goodsname && ($goodsname = S::escapeChar($_POST['atc_title']));
if (!is_numeric($costprice) || $costprice <= 0) {
Showmsg('goods_setprice');
}
$goodsnum < 1 && Showmsg('goods_num_error');
$paymethod && ($paymethod = array_sum($paymethod));
$paymethod < 1 && Showmsg('goods_pay_error');
!is_numeric($price) && ($price = 0);
if ($transport) {
!is_numeric($mailfee) && ($mailfee = 0);
!is_numeric($expressfee) && ($expressfee = 0);
!is_numeric($emsfee) && ($emsfee = 0);
if (!$mailfee && !$expressfee && !$emsfee) {
Showmsg('goods_logistics');
}
} else {
$mailfee = $expressfee = $emsfee = 0;
}
$goodsicon = '';
$this->data['name'] = $goodsname;
$this->data['price'] = $price;
$this->data['costprice'] = $costprice;
$this->data['locus'] = $locus;
$this->data['mailfee'] = $mailfee;
$this->data['expressfee'] = $expressfee;
$this->data['emsfee'] = $emsfee;
$this->data['degree'] = $degree;
$this->data['type'] = $ptype;
$this->data['num'] = $goodsnum;
$this->data['paymethod'] = $paymethod;
$this->data['transport'] = $transport;
$icon && ($this->data['icon'] = $icon);
}
function setCustomfield($customfield)
{
global $value;
$srcValue = $value;
if (empty($customfield) || !is_array($customfield)) {
return;
}
foreach ($customfield as $key => $value) {
$field = "field_" . (int) $value['id'];
$v = S::escapeChar(S::getGP($field, 'P'));
if ($value['required'] && !$v) {
Showmsg('field_empty');
}
if ($value['maxlen'] && strlen($v) > $value['maxlen']) {
Showmsg('field_lenlimit');
}
$v && ($this->memberinfo[$field] = $v);
}
$value = $srcValue;
}
function _setData()
{
$this->data['subject'] = S::escapeChar(S::getGP('act_subject', 'P'));
$this->data['location'] = S::escapeChar(S::getGP('act_location', 'P'));
$this->data['sexneed'] = intval(S::getGP('act_sex'));
$act_starttime = S::escapeChar(S::getGP('act_starttime'));
$act_deadline = S::escapeChar(S::getGP('act_deadline'));
$act_endtime = S::escapeChar(S::getGP('act_endtime'));
$act_num = intval(S::getGP('act_num'));
$act_costs = intval(S::getGP('act_costs'));
!($this->data['subject'] && $act_starttime && $act_deadline) && Showmsg('active_data_empty');
$act_starttime = PwStrtoTime($act_starttime);
$act_endtime = PwStrtoTime($act_endtime);
$act_deadline = PwStrtoTime($act_deadline);
$act_num < 1 && ($act_num = 0);
$act_costs < 1 && ($act_costs = 0);
$this->data['starttime'] = $act_starttime;
$this->data['deadline'] = $act_deadline;
$this->data['endtime'] = $act_endtime;
$this->data['num'] = $act_num;
$this->data['costs'] = $act_costs;
}
function update($uploaddb)
{
global $db_enhideset, $db_sellset, $timestamp, $db_ifpwcache;
$this->transfer();
foreach ($uploaddb as $value) {
$value['name'] = addslashes($value['name']);
if ($value['attname'] == 'replace' && isset($this->replacedb[$value['id']])) {
$aid = $value['id'];
$value['needrvrc'] = $this->replacedb[$aid]['needrvrc'];
$value['special'] = $this->replacedb[$aid]['special'];
$value['ctype'] = $this->replacedb[$aid]['ctype'];
$value['descrip'] = $this->replacedb[$aid]['desc'];
$this->pw_attachs->updateById($aid, array('name' => $value['name'], 'type' => $value['type'], 'size' => $value['size'], 'attachurl' => $value['fileuploadurl'], 'needrvrc' => $value['needrvrc'], 'special' => $value['special'], 'ctype' => $value['ctype'], 'uploadtime' => $timestamp, 'descrip' => $value['descrip'], 'ifthumb' => $value['ifthumb']));
$this->replacedb[$aid]['name'] = $value['name'];
$this->replacedb[$aid]['type'] = $value['type'];
$this->replacedb[$aid]['size'] = $value['size'];
$this->replacedb[$aid]['ifthumb'] = $value['ifthumb'];
} else {
$value['descrip'] = S::escapeChar(S::getGP('atc_desc' . $value['id'], 'P'));
$value['needrvrc'] = intval(S::getGP('atc_needrvrc' . $value['id'], 'P'));
$value['special'] = intval(S::getGP('att_special' . $value['id'], 'P'));
$value['ctype'] = S::getGP('att_ctype' . $value['id'], 'P');
if ($value['needrvrc'] > 0 && ($value['special'] == 1 && $this->post->allowencode && in_array($value['ctype'], $db_enhideset['type']) || $value['special'] == 2 && $this->post->allowsell && in_array($value['ctype'], $db_sellset['type']))) {
} else {
$value['needrvrc'] = $value['special'] = 0;
$value['ctype'] = '';
}
$aid = $this->pw_attachs->add(array('fid' => $this->forum->fid, 'uid' => $this->post->uid, 'hits' => 0, 'name' => $value['name'], 'type' => $value['type'], 'size' => $value['size'], 'attachurl' => $value['fileuploadurl'], 'needrvrc' => $value['needrvrc'], 'special' => $value['special'], 'ctype' => $value['ctype'], 'uploadtime' => $timestamp, 'descrip' => $value['descrip'], 'ifthumb' => $value['ifthumb']));
$this->attachs[$aid] = array('aid' => $aid, 'name' => stripslashes($value['name']), 'type' => $value['type'], 'attachurl' => $value['fileuploadurl'], 'needrvrc' => $value['needrvrc'], 'special' => $value['special'], 'ctype' => $value['ctype'], 'size' => $value['size'], 'hits' => 0, 'desc' => str_replace('\\', '', $value['descrip']), 'ifthumb' => $value['ifthumb']);
$this->idrelate[$aid] = $value['id'];
$this->post->user['uploadnum']++;
$this->post->user['uploadtime'] = $timestamp;
}
if ($value['type'] == 'img') {
$this->ifupload = 1;
$this->uploadImgNum++;
} else {
$this->ifupload = $value['type'] == 'txt' ? 2 : 3;
}
//Start elementupdate
if ($db_ifpwcache & 512 && $value['type'] == 'img' && !$value['needrvrc'] && !$this->elementpic) {
$this->elementpic = array('aid' => $aid, 'attachurl' => $value['fileuploadurl'], 'ifthumb' => $value['ifthumb']);
}
//End elementupdate
}
$this->addCredit();
return true;
}
function setDataAlipay($uid, $tableName, $fieldName, $required = false)
{
if (!$this->memberData[$uid][$tableName]['tradeinfo']) {
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
$userInfo = $userService->get($uid, true, false, true);
if (!$userInfo) {
return false;
}
$this->memberData[$uid][$tableName]['tradeinfo'] = $userInfo['tradeinfo'];
}
$tradeInfo = @(array) unserialize($userInfo['tradeinfo']);
$tradeInfo[$fieldName] = S::escapeChar(S::getGP($fieldName, 'P'));
if (!$required && !$tradeInfo[$fieldName] || $tradeInfo[$fieldName] && $this->checkAlipay($tradeInfo[$fieldName]) === true) {
$this->memberData[$uid][$tableName]['tradeinfo'] = serialize($tradeInfo);
return true;
} else {
return false;
}
}
$value = $tmp;
} else {
$value = $tmp[0];
}
} else {
$value = stripslashes(str_replace(array('=', '&'), array('=', '&'), $value));
/*other*/
}
$config[$key] = is_array($value) ? $value : $value;
}
$config['size'] = $config['size'] . "px";
$config = addslashes(serialize($config));
if ($id) {
$db->update("UPDATE pw_advert SET " . S::sqlSingle(array('ckey' => $advert['ckey'], 'stime' => $advert['stime'], 'etime' => $advert['etime'], 'ifshow' => $advert['ifshow'], 'orderby' => $advert['orderby'], 'descrip' => $advert['descrip'], 'config' => $config)) . " WHERE type='1' AND id=" . S::sqlEscape($id));
} else {
$otherkey = (array) S::getGP('otherkey');
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
$winduid = $userService->getUserIdByUserName($admin_name);
foreach ($otherkey as $value) {
if (!$cates[$value] || $advert['ckey'] == $value) {
continue;
}
$db->update("INSERT INTO pw_advert SET " . S::sqlSingle(array('uid' => $winduid, 'type' => 1, 'ckey' => $value, 'stime' => $advert['stime'], 'etime' => $advert['etime'], 'ifshow' => $advert['ifshow'], 'orderby' => $advert['orderby'], 'descrip' => $advert['descrip'], 'config' => $config)));
}
$db->update("INSERT INTO pw_advert SET " . S::sqlSingle(array('uid' => $winduid, 'type' => 1, 'ckey' => $advert['ckey'], 'stime' => $advert['stime'], 'etime' => $advert['etime'], 'ifshow' => $advert['ifshow'], 'orderby' => $advert['orderby'], 'descrip' => $advert['descrip'], 'config' => $config)));
$id = $db->insert_id();
}
if ($advert['ifshow']) {
$db->update("UPDATE pw_advert SET ifshow=1 WHERE type=0 AND ifshow=0 AND ckey=" . S::sqlEscape($advert['ckey']));
}
$count = $db->get_value("SELECT COUNT(*) AS count FROM temp");
}
(!is_numeric($page) || $page < 1) && ($page = 1);
$pages = numofpage($count, $page, ceil($count / $db_perpage), "{$basename}&action={$action}&{$pageurl}");
$limit = S::sqlLimit(($page - 1) * $db_perpage, $db_perpage);
$query = $db->query("SELECT fid,gid FROM pw_permission WHERE {$sql} GROUP BY fid,gid {$limit}");
while ($rd = $db->fetch_array($query)) {
$g_d[] = $rd;
}
$jschk = ($fid || $gid) && $pages ? 'true' : 'false';
include PrintEot('singleright');
exit;
} elseif ($action == 'setright') {
//单用户权限设置
S::gp(array('uid', 'gid', 'fid'), 'GP', 2);
$pwuser = S::escapeChar(S::getGP('pwuser'));
$jumpurl = "{$basename}&action={$job}";
$f = $db->get_one("SELECT name,type FROM pw_forums WHERE fid=" . S::sqlEscape($fid));
empty($f) && adminmsg('undefined_action', $jumpurl);
//* include_once pwCache::getPath(D_P.'data/bbscache/forumcache.php');
pwCache::getData(D_P . 'data/bbscache/forumcache.php');
list($hidefid, $hideforum) = GetHiddenForum();
$forumcache .= $hideforum;
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
if (empty($_POST['step'])) {
if ($job == 'user') {
if ($pwuser) {
//add
$rt = $userService->getByUserName($pwuser);
if (empty($rt)) {
adminmsg('operate_success', "{$basename}" . "&action=check");
} else {
if (empty($pid)) {
adminmsg('operate_error');
}
if (is_array($pid)) {
if (!($selid = checkselid($pid))) {
$basename = "javascript:history.go(-1);";
adminmsg('operate_error');
}
$objid = array_keys($pid);
} else {
$selid = (int) $pid;
$objid = (int) $pid;
}
$ptable = S::getGP('ptable');
if (is_array($ptable)) {
if ($db_plist && count($db_plist) > 1) {
foreach ($ptable as $key => $value) {
if (isset($db_plist[$value])) {
$postslist[$value] = GetPtable($value);
}
}
} else {
$postslist[] = 'pw_posts';
}
} else {
$postslist[] = GetPtable($ptable);
}
foreach ($postslist as $pw_posts) {
$fids = $tids = $db_threads = array();
}
if ($_POST['step'] != 2) {
include PrintEot('manager');
exit;
} else {
if (!$username) {
adminmsg('manager_empty');
}
if (str_replace(array('\\', '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#'), '', $username) != $username) {
adminmsg('manager_errorusername');
}
$key = (int) array_search($oldname, $manager);
if (!$password) {
$password = $manager_pwd[$key];
} else {
if (S::getGP('check_pwd') != $password) {
adminmsg('password_confirm');
}
if (str_replace(array('\\', '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#'), '', $password) != $password) {
adminmsg('manager_errorpassword');
}
$password = $manager_pwd[$key] = md5($password);
}
if ($username != $oldname) {
if (S::inArray($username, $manager)) {
adminmsg('manager_had');
}
$manager[$key] = $username;
$oldname == $admin_name && Cookie('AdminUser', '', 0);
}
$newconfig = array('dbhost' => $dbhost, 'dbuser' => $dbuser, 'dbpw' => $dbpw, 'dbname' => $dbname, 'database' => $database, 'PW' => $PW, 'pconnect' => $pconnect, 'charset' => $charset, 'manager' => $manager, 'manager_pwd' => $manager_pwd, 'db_hostweb' => $db_hostweb, 'db_distribute' => $db_distribute, 'attach_url' => $attach_url, 'slaveConfigs' => $slaveConfigs);
$iconfile = '';
}
require_once uTemplate::PrintEot('info_face');
pwOutPut();
} else {
if ($step == '2') {
PostCheck();
S::slashes($userdb);
S::gp(array('facetype', 'proicon'), 'P');
require_once R_P . 'require/showimg.php';
$user_a = explode('|', $winddb['icon']);
$usericon = '';
if ($facetype == 1) {
$usericon = setIcon($proicon, $facetype, $user_a);
} elseif ($_G['allowportait'] && $facetype == 2) {
$httpurl = S::getGP('httpurl', 'P');
if (strncmp($httpurl[0], 'http://', 7) != 0 || strrpos($httpurl[0], '|') !== false) {
refreshto("profile.php?action=modify&info_type={$info_type}&facetype={$facetype}", getLangInfo('msg', 'illegal_customimg'), 2, true);
}
$proicon = S::escapeChar($httpurl[0]);
$httpurl[1] = (int) $httpurl[1];
$httpurl[2] = (int) $httpurl[2];
$httpurl[3] = (int) $httpurl[3];
$httpurl[4] = (int) $httpurl[4];
list($user_a[2], $user_a[3]) = flexlen($httpurl[1], $httpurl[2], $httpurl[3], $httpurl[4]);
$usericon = setIcon($proicon, $facetype, $user_a);
unset($httpurl);
}
pwFtpClose($ftp);
//update member
$usericon && ($result = $userService->update($winduid, array('icon' => $usericon)));
$moneyName = $credit->cType[$key];
$unit = $credit->cUnit[$key];
$creditPops .= $value . $unit . $moneyName . ",";
}
$deletePhotoCredit = $creditset ? '删除照片会扣除积分:' . $creditPops . '继续吗?' : '是否确认删除?';
list($photo, $nearphoto, $prePid, $nextPid) = $result;
$isown = $photo['ownerid'] == $winduid ? '1' : '0';
if (!$isown) {
//转跳处理
$url = $db_bbsurl . "/apps.php?q=photos&a=view&pid=" . $pid . "&uid=" . $photo['ownerid'];
ObHeader($url);
}
$u = $photo['ownerid'];
$username = $photo['owner'];
$aid = $photo['aid'];
$page = (int) S::getGP('page');
$page < 1 && ($page = 1);
$url = $basename . 'a=view&pid=' . $pid;
$url .= $ifriend == 1 ? '&ifriend=' . $ifriend . '&' : '&';
require_once R_P . 'require/bbscode.php';
list($commentdb, $subcommentdb, $pages) = getCommentDbByTypeid('photo', $pid, $page, $url);
$comment_type = 'photo';
$comment_typeid = $pid;
$ouserdataService = L::loadClass('Ouserdata', 'sns');
/* @var $ouserdataService PW_Ouserdata */
$myOuserData = $ouserdataService->get($photo['ownerid']);
$weiboPriv = false;
!$myOuserData['index_privacy'] && !$myOuserData['photos_privacy'] && !$photo['private'] && ($weiboPriv = true);
} elseif ($a == 'next') {
define('AJAX', 1);
S::gp(array('pid'));
<?php
!defined('P_W') && exit('Forbidden');
require_once R_P . 'require/bbscode.php';
S::gp(array('pcid', 'modelid'), 'P', 2);
$fielddb = array();
$data = array();
$atc_content = S::escapeChar(stripslashes(S::getGP('atc_content', 'P')));
$pcinfo = S::escapeChar(stripslashes(S::getGP('pcinfo', 'P')));
if ($modelid > 0) {
$query = $db->query("SELECT fieldid,fieldname FROM pw_topicfield WHERE modelid=" . S::sqlEscape($modelid));
while ($rt = $db->fetch_array($query)) {
$fielddb[$rt['fieldid']] = $rt['fieldname'];
}
$pcdb = getPcviewdata($pcinfo, 'topic');
L::loadClass('posttopic', 'forum', false);
$postTopic = new postTopic($data);
$topicvalue = $postTopic->getTopicvalue($modelid, $pcdb);
} elseif ($pcid > 0) {
$query = $db->query("SELECT fieldid,fieldname FROM pw_pcfield WHERE pcid=" . S::sqlEscape($pcid));
while ($rt = $db->fetch_array($query)) {
$fielddb[$rt['fieldname']] = $rt['fieldid'];
}
$pcdb = getPcviewdata($pcinfo, 'postcate');
L::loadClass('postcate', 'forum', false);
$postCate = new postCate($data);
list(, $topicvalue) = $postCate->getCatevalue($pcid, $pcdb);
}
$atc_content = wordsConvert($atc_content);
$atc_content = convert($atc_content, $db_windpost);
$preatc = str_replace("\n", "<br>", $atc_content);
}
//发送结束
//passport
if ($db_pptifopen && $db_ppttype == 'server' && ($db_ppturls || $forward)) {
$action = 'login';
$jumpurl = $forward ? $forward : $db_ppturls;
empty($forward) && ($forward = $db_bbsurl);
require_once R_P . 'require/passport_server.php';
}
//passport
$verifyhash = GetVerify($winduid);
ObHeader("{$db_registerfile}?step=finish&verify={$verifyhash}");
} elseif ($step == 'finish') {
S::gp(array('email', 'newemail', 'regname', 'option', 'r'));
S::gp(array('facetype'), 'G');
if (S::getGP('vip') == 'activating') {
S::gp(array('r_uid', 'pwd', 'toemail'), 'G');
$r_uid = (int) $r_uid;
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
if ($rg_config['rg_emailcheck'] == 0) {
Showmsg('reg_jihuo_success');
}
if (!$userService->activateUser($r_uid, $pwd, $db_sitehash, $toemail)) {
Showmsg('reg_jihuo_fail');
}
Cookie('regactivate', 1);
require_once PrintEot('register');
footer();
}
if ($option && $option != 'uploadicon') {
function initData()
{
/*初始化上传信息*/
global $timestamp, $db_topicname, $tid, $limitnums;
$postcate = S::getGP('postcate', 'P');
$query = $this->db->query("SELECT fieldname,name,type,rules,ifmust,ifable FROM pw_pcfield WHERE pcid=" . S::sqlEscape($this->pcid));
while ($rt = $this->db->fetch_array($query)) {
if ($rt['type'] != 'upload' && $rt['ifable'] && $rt['ifmust'] && !S::isNatualValue($postcate[$rt['fieldname']])) {
$db_topicname = $rt['name'];
Showmsg('topic_field_must');
}
if (in_array($rt['fieldname'], array('tel', 'phone', 'limitnum'))) {
$postcate[$rt['fieldname']] && !is_numeric($postcate[$rt['fieldname']]) && Showmsg('telphone_error');
} elseif (in_array($rt['fieldname'], array('price', 'deposit', 'mprice'))) {
$postcate[$rt['fieldname']] && !is_numeric($postcate[$rt['fieldname']]) && Showmsg('numeric_error');
$postcate[$rt['fieldname']] = number_format(floatval($postcate[$rt['fieldname']]), 2, '.', '');
}
if ($postcate[$rt['fieldname']]) {
if ($rt['type'] == 'number') {
!is_numeric($postcate[$rt['fieldname']]) && Showmsg('number_error');
$limitnum = unserialize($rt['rules']);
if ($limitnum['minnum'] && $limitnum['maxnum'] && ($postcate[$rt['fieldname']] < $limitnum['minnum'] || $postcate[$rt['fieldname']] > $limitnum['maxnum'])) {
$db_topicname = $rt['name'];
Showmsg('topic_number_limit');
}
} elseif ($rt['type'] == 'range') {
!is_numeric($postcate[$rt['fieldname']]) && Showmsg('number_error');
} elseif ($rt['type'] == 'email') {
if (!preg_match("/^[-a-zA-Z0-9_\\.]+@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$/", $postcate[$rt['fieldname']])) {
Showmsg('illegal_email');
}
} elseif ($rt['type'] == 'checkbox') {
$checkboxs = ',';
foreach ($postcate[$rt['fieldname']] as $value) {
$checkboxs .= $value . ',';
}
$postcate[$rt['fieldname']] = $checkboxs;
} elseif ($rt['type'] == 'calendar') {
//日期值检查
$checkTime = strtotime($postcate[$rt['fieldname']]);
if (!$checkTime || -1 == $checkTime) {
$GLOBALS['db_actname'] = $rt['name'];
Showmsg('calendar_wrong_format');
}
//end
$postcate[$rt['fieldname']] = PwStrtoTime($postcate[$rt['fieldname']]);
}
}
}
$limitnums = $this->db->get_value("SELECT SUM(nums) as num FROM pw_pcmember WHERE tid=" . S::sqlEscape($tid));
if ($postcate['limitnum'] && $limitnums > $postcate['limitnum']) {
Showmsg('pclimitnum_error');
}
$postcate['begintime'] > $postcate['endtime'] && Showmsg('begin_endtime');
$postcate['endtime'] < $timestamp && Showmsg('截止时间必须大于当前时间');
$this->data['postcate'] = serialize($postcate);
}
function wap_footer()
{
global $wind_version, $db_obstart, $windid, $db_charset, $db_wapcharset, $chs, $timestamp, $db_online, $db, $db_wapregist, $rg_allowregister, $online_info, $db_bbsurl;
Update_ol();
$userinbbs = $guestinbbs = 0;
if (empty($db_online)) {
extract(pwCache::getData(D_P . 'data/bbscache/olcache.php', false));
} else {
if (count($online_info = explode("\t", GetCookie('online_info'))) == 3 && $timestamp - $online_info[0] < 60) {
list(, $userinbbs, $guestinbbs) = $online_info;
} else {
$onlineService = L::loadClass('OnlineService', 'user');
$userinbbs = $onlineService->countOnlineUser();
$guestinbbs = $onlineService->countOnlineGuest();
Cookie('online_info', $timestamp . "\t" . $userinbbs . "\t" . $guestinbbs);
}
}
$usertotal = $guestinbbs + $userinbbs;
$ft_time = get_date($timestamp);
require_once PrintWAP('footer');
$output = ob_get_contents();
ob_end_clean();
$db_obstart && function_exists('ob_gzhandler') ? ob_start('ob_gzhandler') : ob_start();
if ($db_charset != 'utf8') {
L::loadClass('Chinese', 'utility/lang', false);
$chs = new Chinese();
$output = $chs->Convert($output, $db_charset, $db_wapcharset ? 'UTF8' : 'UNICODE');
}
$output = str_replace(array('<!--<!---->', '<!---->-->', '<!---->', "\r\n\r\n"), '', $output);
$wap_view = S::getGP('wap_view');
if ($wap_view) {
$output = preg_replace('/<a[^>]*>([^<]+|.*?)?<\\/a>/i', "\\1", $output);
}
echo $output;
ob_flush();
exit;
}
<?php
require_once 'wap_global.php';
$a = S::getGP('a');
empty($a) && ($a = "index");
if (in_array($a, array('index', 'quit', 'forum', 'read', 'list', 'myfav', 'myhome', 'login', 'search', 'bbsinfo', 'items', 'msg', 'recommend', 'reply_all', 'reply', 'mawhole', 'upload', 'job', 'ms_index', 'mybbs', 'myphone', 'upface', 'post', 'register', 'action', 'addtofav'))) {
require_once S::escapePath(W_P . "control/" . $a . ".php");
} else {
exit('Forbidden');
}
if (@file_exists($tmpCachefile)) {
$resume = true;
$pwSendmail['lasttime'] = get_date(pwFilemtime($tmpCachefile));
}
include PrintEot('sendmail');
exit;
} elseif ($action == "send") {
$pwServer['REQUEST_METHOD'] != 'POST' && PostCheck($verify);
S::gp(array('by', 'subject', 'percount'));
$atc_content = $_POST['atc_content'];
if (empty($subject) || empty($atc_content)) {
adminmsg('sendmsg_empty');
}
$pwSendmail = array();
if ($by == 0) {
$sendto = S::getGP('sendto');
!$sendto && adminmsg('operate_error');
settype($sendto, 'array');
$pwSendmail['info'] = $sendto;
$pwSendmail['count'] = $db->get_value("SELECT COUNT(*) FROM pw_members WHERE groupid IN(" . S::sqlImplode($sendto) . ")");
} elseif ($by == 1) {
$onlineuser = GetOnlineUser();
$uids = array();
foreach ($onlineuser as $key => $value) {
is_numeric($key) && ($uids[] = $key);
}
$pwSendmail['count'] = count($uids);
} elseif ($by == 2) {
S::gp(array('starttime', 'endtime'), 'P');
$stime = PwStrtoTime($starttime);
$etime = PwStrtoTime($endtime);
include_once R_P . 'require/forum.php';
if ($admin_gid == 5) {
list($allowfid, $forumcache) = GetAllowForum($admin_name);
$sql = $allowfid ? "fid IN({$allowfid})" : '0';
} else {
//* include pwCache::getPath(D_P.'data/bbscache/forumcache.php');
pwCache::getData(D_P . 'data/bbscache/forumcache.php');
list($hidefid, $hideforum) = GetHiddenForum();
if ($admin_gid == 3) {
$forumcache .= $hideforum;
$sql = '1';
} else {
$sql = $hidefid ? "fid NOT IN({$hidefid})" : '1';
}
}
$action = S::getGP('action');
if (!$action) {
if (!$_POST['step']) {
S::gp(array('fid', 'username', 'uid', 'page'));
if (is_numeric($fid)) {
$sql .= " AND fid=" . S::sqlEscape($fid);
} elseif ($sql == '1') {
$fids = array();
foreach ($forum as $key => $value) {
$fids[] = $key;
}
$fids && ($sql .= " AND fid IN(" . S::sqlImplode($fids) . ")");
}
$sql .= " AND ifcheck='0'";
if ($username) {
$sql .= " AND author like " . S::sqlEscape("%{$username}%");
<?php
define('SCR', 'index');
require_once 'global.php';
$cateid = (int) S::getGP('cateid');
$m = S::getGP('m');
if ($db_channeldomain && ($secdomain = array_search($pwServer['HTTP_HOST'], $db_channeldomain))) {
$m = 'area';
// $db_bbsurl = $_mainUrl;
$alias = $secdomain;
define('HTML_CHANNEL', 1);
}
selectMode($m);
if (defined('M_P') && file_exists(M_P . 'index.php')) {
pwCache::getData(S::escapePath(D_P . 'data/bbscache/' . $db_mode . '_config.php'));
if (file_exists(M_P . 'require/core.php')) {
require_once M_P . 'require/core.php';
}
$basename = "index.php?m={$m}";
require_once M_P . 'index.php';
exit;
}
pwCache::getData(D_P . 'data/bbscache/cache_index.php');
pwCache::getData(D_P . 'data/bbscache/forum_cache.php');
//notice
$noticedb = array();
foreach ($notice_A as $value) {
if ($value['startdate'] <= $timestamp && (!$value['enddate'] || $value['enddate'] >= $timestamp)) {
$value['startdate'] = $value['stime'] ? $value['stime'] : get_date($value['startdate'], 'y-m-d');
!$value['url'] && ($value['url'] = 'notice.php#' . $value['aid']);
$noticedb[$value['aid']] = $value;
Showmsg('debate_judgesuccess');
} else {
$debate = $db->get_one("SELECT obvote,revote,obposts,reposts,umpirepoint,debater,judge FROM pw_debates WHERE tid=" . S::sqlEscape($tid));
if (!$debate['debater']) {
$debater = array();
$query = $db->query("SELECT dd.authorid,dd.vote,m.username FROM pw_debatedata dd LEFT JOIN pw_members m ON dd.authorid=m.uid WHERE dd.tid=" . S::sqlEscape($tid) . "ORDER BY dd.vote DESC LIMIT 10");
while ($rt = $db->fetch_array($query)) {
$debater[$rt['authorid']]['vote'] += $rt['vote'];
$debater[$rt['authorid']]['username'] = $rt['username'];
}
}
require_once PrintEot('ajax');
ajax_footer();
}
} elseif ($do == 'agree') {
$pid = (int) S::getGP('pid');
$debate = $db->get_one("SELECT endtime,judge FROM pw_debates WHERE tid=" . S::sqlEscape($tid));
empty($debate) && Showmsg('data_error');
if ($debate['judge'] > 0 || $debate['endtime'] < $timestamp) {
Showmsg('debate_over');
}
$debate = $db->get_one("SELECT authorid,vote,voteids FROM pw_debatedata WHERE pid=" . S::sqlEscape($pid) . "AND tid=" . S::sqlEscape($tid));
empty($debate) && Showmsg('data_error');
$debate['authorid'] == $winduid && Showmsg('debate_voteself');
if (strpos($debate['voteids'], $winduid) !== false) {
Showmsg('debate_voted');
}
$debate['voteids'] .= "{$winduid},";
$db->update("UPDATE pw_debatedata SET vote=vote+1,voteids=" . S::sqlEscape($debate['voteids'], false) . "WHERE pid=" . S::sqlEscape($pid) . "AND tid=" . S::sqlEscape($tid));
$vote = $debate['vote'] + 1;
Showmsg('debate_agree');
$colonyOwner = $memdb[$colony['admin']];
unset($memdb[$colony['admin']]);
$colonyOwner && array_unshift($memdb, $colonyOwner);
}
}
$urladd = $group ? '&group=' . $group : '';
require_once PrintEot('thread_member');
footer();
} else {
!$ifadmin && Showmsg('undefined_action');
S::gp(array('selid'), 'P', 2);
if (!$selid || !is_array($selid)) {
Showmsg('id_error');
}
$toUsers = array();
$operateStep = S::getGP('operateStep', 'P');
switch ($operateStep) {
case 'addadmin':
$colony['admin'] != $windid && $groupid != 3 && Showmsg('colony_manager');
$query = $db->query("SELECT ifadmin,username FROM pw_cmembers WHERE colonyid=" . S::sqlEscape($cyid) . ' AND uid IN(' . S::sqlImplode($selid) . ") AND ifadmin!='1'");
$newMemberCount = 0;
while ($rt = $db->fetch_array($query)) {
$rt['ifadmin'] == -1 && $newMemberCount++;
$toUsers[] = $rt['username'];
}
$newColony->updateInfoCount(array('members' => $newMemberCount));
//* $db->update("UPDATE pw_cmembers SET ifadmin='1' WHERE colonyid=" . S::sqlEscape($cyid) . ' AND uid IN(' . S::sqlImplode($selid) . ") AND ifadmin!='1'");
pwQuery::update('pw_cmembers', 'colonyid=:colonyid AND uid IN (:uid) AND ifadmin!=:ifadmin', array($cyid, $selid, 1), array('ifadmin' => 1));
break;
case 'deladmin':
$colony['admin'] != $windid && $groupid != 3 && Showmsg('colony_manager');
function initData()
{
/*初始化上传信息*/
global $timestamp, $db_topicname;
$topic = S::getGP('topic', 'P');
$query = $this->db->query("SELECT fieldid,name,type,rules,ifmust,ifable FROM pw_topicfield WHERE modelid=" . S::sqlEscape($this->modelid));
while ($rt = $this->db->fetch_array($query)) {
if ($rt['type'] != 'upload' && $rt['ifable'] && $rt['ifmust'] && !S::isNatualValue($topic[$rt['fieldid']])) {
$db_topicname = $rt['name'];
Showmsg('topic_field_must');
}
if (S::isNatualValue($topic[$rt['fieldid']])) {
if ($rt['type'] == 'number') {
!is_numeric($topic[$rt['fieldid']]) && Showmsg('number_error');
$limitnum = unserialize($rt['rules']);
if ($limitnum['minnum'] !== '' && $topic[$rt['fieldid']] < $limitnum['minnum'] || $limitnum['maxnum'] !== '' && $topic[$rt['fieldid']] > $limitnum['maxnum']) {
$db_topicname = $rt['name'];
Showmsg('topic_number_limit');
}
} elseif ($rt['type'] == 'range') {
!is_numeric($topic[$rt['fieldid']]) && Showmsg('number_error');
} elseif ($rt['type'] == 'email') {
if (!preg_match("/^[-a-zA-Z0-9_\\.]+@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$/", $topic[$rt['fieldid']])) {
Showmsg('illegal_email');
}
} elseif ($rt['type'] == 'checkbox') {
$checkboxs = ',';
foreach ($topic[$rt['fieldid']] as $value) {
$checkboxs .= $value . ',';
}
$topic[$rt['fieldid']] = $checkboxs;
} elseif ($rt['type'] == 'calendar') {
$topic[$rt['fieldid']] = PwStrtoTime($topic[$rt['fieldid']]);
}
}
}
$this->data['topic'] = serialize($topic);
}
Showmsg('unenough_money');
}
}
$credit->addLog('hack_toolbuy', array($toolinfo['creditype'] => -$price), array('uid' => $winduid, 'username' => $windid, 'ip' => $onlineip, 'nums' => $nums, 'toolname' => $toolinfo['name']));
$credit->set($winduid, $toolinfo['creditype'], -$price);
$db->update("UPDATE pw_tools SET stock=stock-" . S::sqlEscape($nums) . " WHERE id=" . S::sqlEscape($id));
$db->pw_update("SELECT uid FROM pw_usertool WHERE uid=" . S::sqlEscape($winduid) . " AND toolid=" . S::sqlEscape($id), "UPDATE pw_usertool SET nums=nums+" . S::sqlEscape($nums) . " WHERE uid=" . S::sqlEscape($winduid) . " AND toolid=" . S::sqlEscape($id), "INSERT INTO pw_usertool SET " . S::sqlSingle(array('nums' => $nums, 'uid' => $winduid, 'toolid' => $id, 'sellstatus' => $sell_status)));
require_once R_P . 'require/tool.php';
$logdata = array('type' => 'buy', 'nums' => $nums, 'money' => $price, 'descrip' => 'buy_descrip', 'uid' => $winduid, 'username' => $windid, 'ip' => $onlineip, 'time' => $timestamp, 'toolname' => $toolinfo['name'], 'from' => '');
writetoollog($logdata);
procUnLock('tool_buy', $winduid);
}
refreshto("profile.php?action=toolcenter", 'operate_success');
}
} elseif ($job == 'use' || $job == 'ajax') {
$toolid = (int) S::getGP('toolid');
if (!$toolid) {
$tooldb = array();
$query = $db->query("SELECT * FROM pw_usertool u LEFT JOIN pw_tools t ON t.id=u.toolid WHERE u.uid=" . S::sqlEscape($winduid) . "ORDER BY vieworder");
while ($rt = $db->fetch_array($query)) {
$rt['descrip'] = substrs($rt['descrip'], 45);
$tooldb[] = $rt;
}
if (!$tooldb) {
Showmsg('no_tool');
}
require_once uTemplate::PrintEot('profile_toolcenter');
pwOutPut();
}
$tooldb = $db->get_one("SELECT u.nums,t.name,t.filename,t.state,t.type,t.conditions FROM pw_usertool u LEFT JOIN pw_tools t ON t.id=u.toolid WHERE u.uid=" . S::sqlEscape($winduid) . "AND u.toolid=" . S::sqlEscape($toolid));
!$db_toolifopen && Showmsg('toolcenter_close');
$arr_posts[$key]['mark'] = $fourmid;
}
if ($arr_posts) {
$sql = "REPLACE INTO pw_elements(id,value,addition,special,type,mark) VALUES" . S::sqlMulti($arr_posts, true);
$db->update($sql);
}
}
} else {
break;
}
}
if ($step < $total) {
adminmsg('updatecache_total_step', "{$basename}&action=update&type=newpic&step={$step}");
}
} elseif ($type == 'hotfavor') {
$step = intval(S::getGP('step'));
//* require_once pwCache::getPath(D_P.'data/bbscache/forum_cache.php');
pwCache::getData(D_P . 'data/bbscache/forum_cache.php');
$arr_forumkeys = array_keys($forum);
if (!$step) {
$step = 0;
$db->query("DELETE FROM pw_elements WHERE type='hotfavor'");
}
$total = count($arr_forumkeys);
for ($i = 0; $i < 5; $i++) {
if ($step < $total) {
$fourmid = $arr_forumkeys[$step];
!$forum[$fourmid] && adminmsg('undefined_action');
$step++;
if ($forum[$fourmid]['type'] == 'category') {
continue;
<?php
defined('P_W') || exit('Forbidden');
define('SCR', 'read');
require_once R_P . 'require/forum.php';
require_once R_P . 'require/bbscode.php';
//* include_once pwCache::getPath(D_P.'data/bbscache/cache_read.php');
pwCache::getData(D_P . 'data/bbscache/cache_read.php');
define("AJAX", 1);
S::gp(array('type', 'stylepath'));
S::gp(array('fpage', 'uid', 'toread'), 'GP', 2);
$_showSmallImg = 5;
$ordertype = S::getGP('ordertype');
$fieldadd = $tablaadd = $sqladd = $fastpost = $special = $ifmagic = $urladd = $fieldinfo = $tableinfo = '';
$_uids = $_pids = array();
$page = S::getGP('page');
//* $threads = L::loadClass('Threads', 'forum');
//* $read = $threads->getThreads($tid);
$_cacheService = Perf::gatherCache('pw_threads');
$read = $_cacheService->getThreadByThreadId($tid);
!$read && Showmsg('illegal_tid');
$_uids[$read['authorid']] = 'UID_' . $read['authorid'];
#用户
list($fid, $ptable, $ifcheck, $openIndex) = array($read['fid'], $read['ptable'], $read['ifcheck'], getstatus($read['tpcstatus'], 2));
$pw_posts = GetPtable($ptable);
/*The app client*/
if ($db_siteappkey && ($db_apps_list['17']['status'] == 1 || is_array($db_threadconfig))) {
$appclient = L::loadClass('appclient');
if ($db_apps_list['17']['status'] == 1) {
$forumappinfo = array();
$forumappinfo = $appclient->showForumappinfo($fid, 'read', '17');
$newcreditset[$key][$k] = '';
}
}
}
$newcreditset = serialize($newcreditset);
$forumset = serialize($newforumset);
$db->update("INSERT INTO pw_forumsextra SET forumset=" . S::sqlEscape($forumset, false) . ',creditset=' . S::sqlEscape($newcreditset, false) . ',fid=' . S::sqlEscape($selfid));
}
}
}
updatecache_f();
$basename = "{$admin_file}?adminjob=setforum&action=edit&fid={$fid}&c_type={$c_type}";
adminmsg('operate_success');
}
} elseif ($action == 'changename') {
$fid = (int) S::getGP('fid');
S::gp(array('fname'), 'P', 0);
$fname = str_replace('<iframe', '<iframe', $fname);
$fname = str_replace(array('<iframe', '"', "'"), array("<iframe", "", ""), $fname);
//$db->update("UPDATE pw_forums SET name=" . S::sqlEscape($fname)." WHERE fid=".S::sqlEscape($fid));
pwQuery::update('pw_forums', 'fid=:fid', array($fid), array('name' => $fname));
updatecache_f();
$msg = getLangInfo('cpmsg', 'operate_success');
echo $msg;
ajax_footer();
} elseif ($action == 'delttype') {
S::gp(array('type', 'id', 'fid'));
$id_array = array();
if ($type == 'top') {
$query = $db->query("SELECT id FROM pw_topictype WHERE upid=" . S::sqlEscape($id));
while ($rt = $db->fetch_array($query)) {
