Example #1
0
    if (count($online_info = explode("\t", GetCookie('online_info'))) == 3 && $timestamp - $online_info[0] < 60) {
        list(, $userinbbs, $guestinbbs) = $online_info;
    } else {
        $onlineService = L::loadClass('OnlineService', 'user');
        $userinbbs = $onlineService->countOnlineUser();
        $guestinbbs = $onlineService->countOnlineGuest();
        Cookie('online_info', $timestamp . "\t" . $userinbbs . "\t" . $guestinbbs);
    }
}
if ($last_statistictime == 0 || get_date($timestamp, 'G') - get_date($last_statistictime, 'G') > 1 || $timestamp - $last_statistictime > 3600) {
    $stasticsService = L::loadClass('Statistics', 'datanalyse');
    $stasticsService->updateOnlineInfo();
}
$usertotal = $guestinbbs + $userinbbs;
if ($db_indexonline) {
    S::gp(array('online'));
    empty($online) && ($online = GetCookie('online'));
    if ($online == 'yes') {
        if ($usertotal > 2000 && !S::inArray($windid, $manager)) {
            //$online = 'no';
            Cookie('online', 'no');
        } else {
            $index_whosonline = '';
            $db_online = intval($db_online);
            Cookie('online', $online);
            include_once S::escapePath(R_P . "require/online_{$db_online}.php");
        }
    }
    if ($online == 'no') {
        Cookie('online', 'no');
    }
Example #2
0
<?php

!defined('P_W') && exit('Forbidden');
S::gp(array('aid'), 'GP', 2);
empty($aid) && Showmsg('job_attach_error');
$attachService = L::loadClass('attachs', 'forum');
$attachInfo = $attachService->getByAid($aid);
if (!S::isArray($attachInfo) || $attachInfo['type'] != 'img' || !$attachInfo['tid']) {
    Showmsg('job_attach_error');
}
$isGM = S::inArray($windid, $manager);
!$isGM && $groupid == 3 && ($isGM = 1);
$adminCheck = $attachInfo['uid'] == $winduid || $isGM ? 1 : 0;
if (!$adminCheck) {
    Showmsg('没有权限设置封面!');
}
$tucoolService = L::loadClass('tucool', 'forum');
if ($tucoolService->setCover($attachInfo['tid'], $attachInfo['attachurl'], $attachInfo['ifthumb'])) {
    echo "success";
    ajax_footer();
}
Showmsg('undefined_action');
Example #3
0
    $message['content'] = messageReplace($message['content']);
    $notReadCount = (int) $messageServer->countNoticesNotRead($winduid);
}
if ($smstype && in_array($action, array('info', 'next', 'previous'))) {
    $navtype = $messageServer->getReverseConst($smstype);
    $navtype = explode('_', $navtype);
    $nav[$navtype[1]] = 'class = current';
}
if (empty($action) || in_array($action, array('unread', 'system', 'postcate', 'active', 'apps', 'comment', 'guestbook'))) {
    if ($action != 'unread') {
        $notReadCount = (int) $messageServer->countNoticesNotRead($winduid);
        list($today, $yesterday, $tTimes, $yTimes, $mTimes) = getSubListInfo($noticeList);
    }
    $pages = numofpage($noticeCount, $page, $pageCount, "{$normalUrl}&action={$action}&");
} elseif ($action == 'checkover') {
    S::gp(array('rid', 'dir'), 'GP');
    if ($dir == 'previous') {
        $message = $messageServer->getUpNotice($winduid, $rid, $smstype);
    } else {
        $message = $messageServer->getDownNotice($winduid, $rid, $smstype);
    }
    if ($message) {
        echo "success\t";
    } else {
        echo "over\t";
    }
    ajax_footer();
}
$messageServer->resetStatistics(array($winduid), 'notice_num');
!defined('AJAX') && (include_once R_P . 'actions/message/ms_header.php');
require messageEot($subtype);
Example #4
0
<?php

!defined('P_W') && exit('Forbidden');
!$fid && Showmsg('undefined_action');
S::gp(array('type'));
$myshortcut = explode(',', $winddb['shortcut']);
foreach ($myshortcut as $key => $value) {
    if (!$value || !is_numeric($value)) {
        unset($myshortcut[$key]);
    }
}
$myshortcut = array_unique($myshortcut);
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
if ($type == "delete") {
    if (empty($myshortcut) && $db_shortcutforum) {
        $myshortcut = array_keys($db_shortcutforum);
    }
    if (in_array($fid, $myshortcut)) {
        $shortcut = array_diff($myshortcut, array($fid));
    }
    $shortcut = $shortcut ? $shortcut : array();
    $shortcut = ',' . implode(',', $shortcut) . ',';
    $shortcut .= $shortcut . "\t" . $winddb['appshortcut'];
    $userService->update($winduid, array('shortcut' => $shortcut));
    Showmsg("shortcutno");
} elseif (in_array($fid, $myshortcut)) {
    foreach ($myshortcut as $key => $value) {
        if (!$value || $value == $fid) {
            unset($myshortcut[$key]);
        }
Example #5
0
<?php

!defined('P_W') && exit('Forbidden');
S::gp(array('page', 'tid', 'jointype', 'payway', 'ifend', 'pcid'));
$isadminright = $jointype == 3 ? 0 : 1;
L::loadClass('postcate', 'forum', false);
$postCate = new postCate($data);
list(, $isviewright) = $postCate->getViewright($pcid, $tid);
$memberdb = array();
$count = $sum = $paysum = 0;
$query = $db->query("SELECT ifpay,nums FROM pw_pcmember WHERE tid=" . S::sqlEscape($tid));
while ($rt = $db->fetch_array($query)) {
    $count++;
    if ($rt['ifpay']) {
        $paysum += $rt['nums'];
    }
    $sum += $rt['nums'];
}
$page < 1 && ($page = 1);
$numofpage = ceil($count / $db_perpage);
if ($numofpage && $page > $numofpage) {
    $page = $numofpage;
}
$start = ($page - 1) * $db_perpage;
$limit = S::sqlLimit($start, $db_perpage);
$pages = numofpage($count, $page, $numofpage, "pw_ajax.php?action={$action}&tid={$tid}&jointype={$jointype}&payway={$payway}&", null, 'ajaxview');
$i = $pcid = 0;
$query = $db->query("SELECT pcmid,uid,pcid,username,nums,totalcash,phone,mobile,address,extra,ifpay,jointime FROM pw_pcmember WHERE tid=" . S::sqlEscape($tid) . " ORDER BY (uid=" . S::sqlEscape($winduid) . ") DESC,ifpay ASC,pcmid DESC {$limit}");
while ($rt = $db->fetch_array($query)) {
    if ($i == 0) {
        $pcid = $rt['pcid'];
Example #6
0
 }
 $query = $db->query("SELECT gid,rkey,rvalue FROM pw_permission WHERE uid='0' AND fid='0' AND gid=" . S::sqlEscape($gid) . " AND rkey IN ('sellinfo','sellprice','rmbprice','selltype','selllimit','allowbuy')");
 while ($permi = $db->fetch_array($query)) {
     $rt['sright'][$permi['rkey']] = $permi['rvalue'];
 }
 if (!$rt['sright']['allowbuy']) {
     Showmsg('special_allowbuy');
 }
 if (empty($_POST['step'])) {
     $rt['sright']['selltype'] = $credit->cType[$rt['sright']['selltype']];
     require_once uTemplate::PrintEot('profile_buy');
     pwOutPut();
 } else {
     PostCheck();
     S::gp(array('pwpwd'), 'P');
     S::gp(array('days', 'buymethod', 'options'), null, 2);
     if (!is_numeric($days) || $days <= 0) {
         Showmsg('illegal_nums');
     }
     if ($days < $rt['sright']['selllimit']) {
         Showmsg('special_selllimit');
     }
     $userService = L::loadClass('UserService', 'user');
     /* @var $userService PW_UserService */
     $mb = $userService->get($winduid);
     if ($gid == $groupid || strpos($mb['groups'], ",{$gid},") !== false) {
         Showmsg('specialgroup_noneed');
     }
     if ($buymethod) {
         if ($rt['sright']['rmbprice'] <= 0) {
             Showmsg('undefined_action');
Example #7
0
<?php

!defined('P_W') && exit('Forbidden');
define('AJAX', '1');
require_once R_P . 'require/functions.php';
!$winduid && Showmsg('not_login');
S::gp(array('action'));
if ($action == 'delatt') {
    PostCheck();
    S::gp(array('did', 'aid'));
    empty($aid) && Showmsg('job_attach_error');
    $attach = $db->get_one("SELECT * FROM pw_attachs WHERE aid=" . S::sqlEscape($aid));
    !$attach && Showmsg('job_attach_error');
    if (empty($attach['attachurl']) || strpos($attach['attachurl'], '..') !== false) {
        Showmsg('job_attach_error');
    }
    $aid = $attach['aid'];
    //获取管理权限
    $isGM = S::inArray($windid, $manager);
    !$isGM && ($groupid = 3 && ($isGM = 1));
    if ($isGM) {
        $admincheck = 1;
    } else {
        $admincheck = 0;
    }
    $attach['attachurl'] = "diary/" . $attach['attachurl'];
    if ($admincheck || $attach['uid'] == $winduid) {
        pwDelatt($attach['attachurl'], $db_ifftp);
        pwFtpClose($ftp);
        $diaryService = L::loadClass('Diary', 'diary');
        /* @var $diaryService PW_Diary */
Example #8
0
<?php

!function_exists('adminmsg') && exit('Forbidden');
$basename = "{$admin_file}?adminjob=setads";
if ($action != 'submit') {
    ${'ads_' . $db_ads} = 'checked';
    include PrintEot('setads');
} elseif ($_POST['action'] == "submit") {
    S::gp(array('ads'), 'P');
    setConfig('db_ads', $ads);
    updatecache_c();
    adminmsg('operate_success');
}
Example #9
0
<?php

!defined('P_W') && exit('Forbidden');
define('AJAX', 1);
S::gp(array('style', 'stopicid', 'blockid'));
$stopicid = (int) $stopicid;
$layout = $stopic_service->getStyleConfig($style, 'layout_set');
if (!$layout || $stopicid === '' || $blockid === '') {
    echo "error";
    ajax_footer();
}
$layout['bannerurl'] = $stopic_service->getStyleBanner($style);
$stopic_service->addUnit(array('stopic_id' => $stopicid, 'html_id' => $blockid, 'title' => '', 'data' => array('image' => $layout['bannerurl'])));
$layout = styleJsonEncode($layout);
echo "success\t" . $layout;
ajax_footer();
function styleJsonEncode($var)
{
    switch (gettype($var)) {
        case 'boolean':
            return $var ? 'true' : 'false';
        case 'NULL':
            return 'null';
        case 'integer':
            return (int) $var;
        case 'double':
        case 'float':
            return (double) $var;
        case 'string':
            return '"' . addslashes(str_replace(array("\r\n", "\n", "\r", "\t"), array('<br />', '<br />', '<br />', ''), $var)) . '"';
        case 'array':
Example #10
0
    //活动被取消无法支付
    $param = array('buyer_name' => $memberdb['username'], 'out_biz_no' => $defaultValue['out_biz_no'], 'out_trade_no' => $out_trade_no, 'amount' => $memberdb['totalcash'], 'notify_url' => "{$db_bbsurl}/act_alipay_receive.php", 'return_url' => "{$db_bbsurl}/read.php?tid={$tid}");
    if ($fromuid != '-1') {
        //是否代付
        $fromusername = $db->get_value("SELECT username FROM pw_members WHERE uid=" . S::sqlEscape($fromuid));
        $issubstitute = 1;
    } else {
        $fromuid = $issubstitute = 0;
        $fromusername = '';
    }
    $sqlarray = array('out_trade_no' => $out_trade_no, 'issubstitute' => $issubstitute, 'fromuid' => $fromuid, 'fromusername' => $fromusername);
    $db->update("UPDATE pw_activitymembers SET " . S::sqlSingle($sqlarray) . " WHERE actuid=" . S::sqlEscape($actuid));
    ObHeader($AlipayInterface->alipayurl($param));
} elseif ($action == 'refund_aa_payment') {
    //退款
    S::gp(array('tid', 'actuid', 'actmid'), GP, 2);
    $memberdb = $db->get_one("SELECT am.ifpay,am.isrefund,am.username,am.totalcash,am.out_trade_no,am.refundcost,t.authorid FROM pw_activitymembers am LEFT JOIN pw_threads t USING(tid) WHERE am.actuid=" . S::sqlEscape($actuid));
    $tempcost = $db->get_value("SELECT SUM(totalcash) as sum FROM pw_activitymembers WHERE isrefund=1 AND fupid=" . S::sqlEscape($actuid));
    //已退费用
    if ($memberdb['isrefund'] || $memberdb['authorid'] != $winduid) {
        //退款交易无法操作、不是发起人无法操作
        Showmsg('act_refund_noright');
    }
    $memberdb['ifpay'] != 1 && Showmsg('act_refund_error');
    //支付宝支付成功才能退款
    if (!$memberdb['refundcost'] || !preg_match("/^(([1-9]\\d*)|0)(\\.\\d{0,2})?\$/", $memberdb['refundcost']) || $memberdb['refundcost'] > number_format($memberdb['totalcash'] - $tempcost, 2, '.', '')) {
        //费用错误、超出剩余费用
        Showmsg('act_refund_cash_error');
    }
    $refundcost = number_format($memberdb['refundcost'], 2, '.', '');
    //退款金额
Example #11
0
     while ($rt = $db->fetch_array($query)) {
         if (($GLOBALS['banword'] = $filterService->comprise($rt['keyword'])) !== false) {
             continue;
         }
         $searchHotwords[] = $rt;
     }
     //		if (!$db_dopen) {/*日志应用关闭*/
     //			$search_type_disabled['diary'] = "disabled";
     //			if ($search_type_expand['diary']) $search_type_expand['diary'] = "";
     //		}
     //		if (!$db_groups_open){/*群组应用关闭*/
     //			 $search_type_disabled['group'] = "disabled";
     //			 if ($search_type_expand['group']) $search_type_expand['group'] = "";
     //		}
 } else {
     S::gp(array('schctl', 'config', 'hotwordsconfig', 'view', 'new_view'));
     $schctl['schstart'] > 23 && ($schctl['schstart'] = 0);
     $schctl['schend'] > 23 && ($schctl['schend'] = 0);
     $config['opensch'] = $schctl['opensch'] . "\t" . $schctl['schstart'] . "\t" . $schctl['schend'];
     $config['maxresult'] = intval($config['maxresult']);
     $config['schwait'] = intval($config['schwait']);
     //		$config['hotwords'] = trim($config['hotwords']);
     $config['filterids'] = trim($config['filterids']);
     $config['operate_log'] = (array) $config['operate_log'];
     $config['search_type_expand'] = (array) $config['search_type_expand'];
     $config['openbuildattachs'] = $config['openbuildattachs'];
     if ($config['operate_log'] && array_diff($config['operate_log'], array('log_forums', 'log_threads', 'log_posts', 'log_diarys', 'log_members', 'log_colonys'))) {
         showMsg("抱歉,操作行为记录类型不存在");
     }
     if ($config['search_type_expand'] && array_diff($config['search_type_expand'], array('cms', 'diary', 'group'))) {
         showMsg("抱歉,搜索类型扩展不存在");
Example #12
0
            Showmsg('您选择的用户没有接受的权限!');
        }
        //* $db->update("UPDATE pw_colonys SET admin=" . S::sqlEscape($userdb['username']) . ' WHERE id=' . S::sqlEscape($cyid));
        pwQuery::update('pw_colonys', 'id=:id', array($cyid), array('admin' => $userdb['username']));
        M::sendNotice(array($userdb['username']), array('title' => getLangInfo('writemsg', 'group_attorn_title'), 'content' => getLangInfo('writemsg', 'group_attorn_content', array('username' => $windid, 'cyid' => $cyid, 'cname' => $colony['cname'], 'descrip' => $colony['descrip']))));
        refreshto("thread.php?cyid={$cyid}", '转让群组成功!');
    }
} elseif ($t == 'disband') {
    if (!($windid == $colony['admin'] && $groupRight['allowdisband'] || $groupid == '3')) {
        Showmsg('colony_out_right');
    }
    if (empty($_POST['step'])) {
        require_once PrintEot('thread_set');
        footer();
    } else {
        S::gp(array('password'));
        if (!threadSetCheckOwnerPassword($winduid, $password)) {
            Showmsg('您输入的密码不正确!');
        }
        if ($db->get_value("SELECT COUNT(*) as sum FROM pw_cnalbum WHERE atype=1 AND ownerid=" . S::sqlEscape($cyid)) > 0) {
            Showmsg('colony_del_photo');
        }
        if ($colony['cnimg']) {
            require_once R_P . 'require/functions.php';
            pwDelatt("cn_img/{$colony['cnimg']}", $db_ifftp);
            pwFtpClose($ftp);
        }
        $query = $db->query("SELECT uid FROM pw_cmembers WHERE colonyid=" . S::sqlEscape($cyid) . " AND ifadmin != '-1'");
        while ($rt = $db->fetch_array($query)) {
            $cMembers[] = $rt['uid'];
        }
Example #13
0
            if ($v < 1) {
                continue;
            }
            $medalService->{$functionName}($v);
        }
        adminmsg('operate_success', "{$basename}&action=verify");
    }
    /* 勋章设置 */
} elseif ($action == 'set') {
    S::gp(array('step'), 'P');
    if (!$step) {
        ifcheck($db_md_ifopen, 'ifopen');
        ifcheck($db_md_ifapply, 'ifapply');
        require_once PrintApp('admin_set');
    } else {
        S::gp(array('config'), 'P');
        foreach ($config as $key => $value) {
            setConfig($key, $value);
        }
        updatecache_c();
        adminmsg('operate_success', "{$basename}&action=set");
    }
}
/**
 * JSON处理
 * 
 * @return Ambigous <multitype:, string>
 */
function getMedalJson($medal)
{
    $openMedalTemp = array();
Example #14
0
        }
        refreshto("apps.php?q=group&a=thread&cyid={$cyid}", 'highlight_success');
    }
} elseif ($action == 'del') {
    if (empty($_POST['step'])) {
        if (defined('AJAX')) {
            $a = 'del';
            require_once PrintEot('m_ajax');
            ajax_footer();
        } else {
            require_once PrintEot('m_topicadmin');
            footer();
        }
    } else {
        PostCheck();
        S::gp(array('ifdel', 'ifmsg'));
        $msgdb = array();
        require_once R_P . 'require/credit.php';
        $creditset = $credit->creditset($foruminfo['creditset'], $db_creditset);
        $msg_delrvrc = $ifdel ? abs($creditset['Delete']['rvrc']) : 0;
        $msg_delmoney = $ifdel ? abs($creditset['Delete']['money']) : 0;
        $delarticle = L::loadClass('DelArticle', 'forum');
        $readdb = $delarticle->getTopicDb('tid ' . $delarticle->sqlFormatByIds($selids));
        foreach ($readdb as $key => $read) {
            if ($ifmsg) {
                isset($msg_delrvrc) && ($tmp_msg_delrvrc = $msg_delrvrc != 0 ? "-{$msg_delrvrc}" : 0);
                isset($msg_delmoney) && ($tmp_msg_delmoney = $msg_delmoney != 0 ? "-{$msg_delmoney}" : 0);
                $msgdb[] = array('toUser' => $read['author'], 'title' => getLangInfo('writemsg', 'del_title'), 'content' => getLangInfo('writemsg', 'del_content', array('manager' => $windid, 'fid' => $read['fid'], 'tid' => $read['tid'], 'subject' => $read['subject'], 'postdate' => get_date($read['postdate']), 'forum' => strip_tags($forum[$fid]['name']), 'affect' => "{$db_rvrcname}:{$tmp_msg_delrvrc},{$db_moneyname}:{$tmp_msg_delmoney}", 'admindate' => get_date($timestamp), 'reason' => stripslashes($atc_content))));
            }
        }
        $delarticle->delTopic($readdb, $db_recycle, $ifdel, array('reason' => $atc_content));
Example #15
0
    S::gp(array('aid'));
    $aid = (int) $aid;
    empty($aid) && Showmsg('data_error');
    require_once PrintEot('m_ajax_photos');
    ajax_footer();
} elseif ($a == 'createajax') {
    define('AJAX', 1);
    define('F_M', true);
    banUser();
    S::gp(array('job'));
    require_once PrintEot('m_ajax_photos');
    ajax_footer();
} elseif ($a == 'getallowflash') {
    define('AJAX', 1);
    define('F_M', true);
    S::gp(array('aid'));
    $aid = (int) $aid;
    if ($aid) {
        $albumInfo = $photoService->getAlbumInfo($aid);
        $photonums = $albumInfo['photonum'];
        $o_maxphotonum && $photonums >= $o_maxphotonum && Showmsg('colony_photofull');
        if ($o_maxphotonum) {
            $allowmutinum = $o_maxphotonum - $photonums;
        } else {
            $allowmutinum = 'infinite';
        }
    }
    echo "ok\t{$allowmutinum}";
    ajax_footer();
}
if ($s) {
Example #16
0
<?php

!defined('P_W') && exit('Forbidden');
S::gp(array('jobact'));
if ("delete" == $jobact) {
    S::gp(array('stopic_ids'));
    if (!is_array($stopic_ids) || !count($stopic_ids)) {
        Showmsg('没选择要删除的专题,请您重试', $stopic_admin_url . "&job={$job}");
    }
    if (!$stopic_service->deleteSTopics($stopic_ids)) {
        Showmsg('所有信息均未修改,请您重试', $stopic_admin_url . "&job={$job}");
    }
    ObHeader($stopic_admin_url . "&job={$job}");
} else {
    S::gp(array('page', 'search_title', 'search_cid'));
    $page = intval($page);
    $sum = $stopic_service->countSTopic($search_title, $search_cid);
    $total = ceil($sum / $db_perpage);
    if ($page <= 0) {
        $page = 1;
    }
    if ($page > $total) {
        $page = $total;
    }
    $pages = numofpage($sum, $page, $total, $stopic_admin_url . "&job={$job}&search_title={$search_title}&search_cid={$search_cid}&");
    $stopic_list = $stopic_service->findSTopicInPage($page, $db_perpage, $search_title, $search_cid);
    $category_list = $stopic_service->getCategorys();
}
include stopic_use_layout('admin');
Example #17
0
         $num = 0;
         $query = $db->query("SELECT fid,name FROM pw_forums WHERE type<>'category' AND cms='0'");
         while ($fm = $db->fetch_array($query)) {
             if (strpos($fids, ',' . $fm['fid'] . ',') !== false) {
                 $num++;
                 $htm_tr = $num % 5 == 0 ? '</tr><tr>' : '';
                 $forumcheck .= "<td width='20%'>{$fm['name']}</td>{$htm_tr}";
             }
         }
     }
     !$rt['creditype'] && ($rt['creditype'] = 'currency');
     require_once uTemplate::PrintEot('profile_toolcenter');
     pwOutPut();
 } else {
     if (procLock('tool_buy', $winduid)) {
         S::gp(array('buymethod', 'nums'), null, 2);
         $toolinfo = $db->get_one("SELECT * FROM pw_tools WHERE id=" . S::sqlEscape($id));
         if ($nums <= 0) {
             procUnLock('tool_buy', $winduid);
             Showmsg('illegal_nums');
         }
         if ($toolinfo['stock'] < $nums) {
             procUnLock('tool_buy', $winduid);
             Showmsg('unenough_stock');
         }
         if ($buymethod) {
             if ($toolinfo['rmb'] <= 0) {
                 procUnLock('tool_buy', $winduid);
                 Showmsg('undefined_action');
             }
             //* include_once pwCache::getPath(D_P.'data/bbscache/ol_config.php');
Example #18
0
<?php

!defined('P_W') && exit('Forbidden');
S::gp(array('fid', 'tid', 'pid'), null, 2);
$pingdata = $db->get_one("SELECT id FROM pw_pinglog WHERE fid=" . S::sqlEscape($fid) . " AND tid=" . S::sqlEscape($tid) . " AND pid=" . S::sqlEscape($pid) . " AND pinger=" . S::sqlEscape($windid));
$user_has_ping = $pingdata ? true : false;
$pid = $pid ? $pid : "tpc";
require_once PrintEot('ajax');
ajax_footer();
Example #19
0
<?php

!defined('P_W') && exit('Forbidden');
PostCheck();
S::gp(array('aid', 'page'));
empty($aid) && Showmsg('job_attach_error');
$pw_attachs = L::loadDB('attachs', 'forum');
$attach = $pw_attachs->get($aid);
!$attach && Showmsg('job_attach_error');
if (empty($attach['attachurl']) || strpos($attach['attachurl'], '..') !== false) {
    Showmsg('job_attach_error');
}
$fid = $attach['fid'];
$aid = $attach['aid'];
$tid = $attach['tid'];
$pid = $attach['pid'];
if (!($foruminfo = L::forum($fid))) {
    Showmsg('data_error');
}
require_once R_P . 'require/forum.php';
require_once R_P . 'require/updateforum.php';
wind_forumcheck($foruminfo);
$isGM = S::inArray($windid, $manager);
//获取管理权限
$isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid);
if ($isGM || pwRights($isBM, 'delattach')) {
    $admincheck = 1;
} else {
    $admincheck = 0;
}
if ($groupid != 'guest' && ($admincheck || $attach['uid'] == $winduid)) {
Example #20
0
        }
        $db->update("DELETE FROM pw_attachs WHERE {$sql} AND aid IN({$attachs})");
    }
    adminmsg('attachstats_del', "{$basename}&fid={$fid}&uid={$uid}&filename=" . rawurlencode($filename) . "&hits={$hits}&ifmore={$ifmore}&filesize={$filesize}&ifless={$ifless}&orderway={$orderway}&asc={$asc}&postdate1={$postdate1}&postdate2={$postdate2}&pernum={$pernum}&page={$page}");
} elseif ($action == 'msgList') {
    S::gp(array('page'), 'GP');
    $messageServer = L::loadClass('message', 'message');
    $attachCount = $messageServer->countAllAttachs();
    $pageCount = ceil($attachCount / $db_perpage);
    $page = $page < 0 || empty($page) ? 1 : ($page > $pageCount ? $pageCount : $page);
    $attachList = $messageServer->getAllAttachs($page, $db_perpage);
    $pages = numofpage($attachCount, $page, $pageCount, $basename . '&action=msgList&');
    include PrintEot('attachment');
    exit;
} elseif ($action == 'msgDel') {
    S::gp(array('mids'), 'GP');
    !is_array($mids) && adminmsg('请选择要删除的附件');
    $messageServer = L::loadClass('message', 'message');
    $messageServer->deleteAttachsByMessageIds($mids);
    adminmsg('附件删除成功!', "{$basename}&action=msgList&");
}
function attachcheck($file)
{
    global $cache_file, $attachdir, $admin_pwd, $filename, $filesize, $ifless, $postdate1, $postdate2, $direct, $attachdir;
    if ($filename && strpos($file, $filename) === false) {
        return;
    }
    if ($filesize) {
        if ($ifless && filesize("{$attachdir}/{$file}") >= $filesize * 1024) {
            return;
        } elseif (!$ifless && filesize("{$attachdir}/{$file}") <= $filesize * 1024) {
Example #21
0
<?php

!defined('P_W') && exit('Forbidden');
S::gp(array('subjectid', 'page', 'type'));
$u = "http://dm.phpwind.net/misc";
$subjectid = (int) $subjectid;
(!is_numeric($page) || $page < 1) && ($page = 1);
$s = '300.xml';
if ($type == 'general') {
    $s = $subjectid ? $subjectid . '_' . $page . '.xml' : '300.xml';
} elseif ($type == 'magic') {
    $s = $subjectid ? $subjectid . '_' . $page . '.xml' : '200.xml';
}
$cachefile = D_P . "data/bbscache/myshow_{$s}";
if (!file_exists($cachefile) || $timestamp - pwFilemtime($cachefile) > 43200) {
    $data = '';
    if ($subjectid) {
        $url = "{$u}/list/{$s}?{$timestamp}";
    } else {
        $url = "{$u}/menu/{$s}?{$timestamp}";
    }
    require_once R_P . 'require/posthost.php';
    $data = PostHost($url);
    if ($data && strpos($data, '<?xml') !== false) {
        //* writeover($cachefile, $data);
        pwCache::writeover($cachefile, $data);
    }
}
header("Content-Type: text/xml; charset=UTF-8");
$data = pwCache::readover($cachefile);
echo $data;
Example #22
0
<?php

define('PRO', '1');
define('SCR', 'profile');
require_once 'global.php';
!$winduid && Showmsg('not_login');
S::gp(array('action'));
require_once R_P . 'require/showimg.php';
//list($faceurl) = showfacedesign($winddb['icon'],1,'s');
//导航
$homenavigation = array();
$navConfigService = L::loadClass('navconfig', 'site');
$homenavigation = $navConfigService->userHomeNavigation(PW_NAV_TYPE_MAIN, 'o');
empty($action) && ($action = 'modify');
$pro_tab = $action;
$USCR = 'set_profile';
$db_menuinit .= ",'td_userinfomore' : 'menu_userinfomore'";
if (file_exists(R_P . "u/require/profile/{$action}.php")) {
    require_once R_P . 'u/require/core.php';
    require_once R_P . 'u/lib/space.class.php';
    $newSpace = new PwSpace($winduid);
    $space =& $newSpace->getInfo();
    //* include_once pwCache::getPath(D_P . 'data/bbscache/o_config.php');
    pwCache::getData(D_P . 'data/bbscache/o_config.php');
    require_once S::escapePath(R_P . "u/require/profile/{$action}.php");
} else {
    Showmsg('undefined_action');
}
exit;
Example #23
0
<?php

!defined('P_W') && exit('Forbidden');
define("H_R", R_P . "hack/rate/");
define("L_R", R_P . "lib/rate/");
S::gp(array('ajax'));
$action = strtolower($job ? $job : "admin");
$filepath = H_R . "action/" . $action . "Action.php";
!file_exists($filepath) && exit;
if ($job != "ajax") {
    require H_R . '/template/layout.php';
} else {
    require_once S::escapePath($filepath);
}
Example #24
0
<?php

define('SCR', 'show');
require_once 'global.php';
require_once R_P . 'require/header.php';
require_once R_P . 'require/forum.php';
//* include_once pwCache::getPath(D_P.'data/bbscache/forumcache.php');
//* include_once pwCache::getPath(D_P.'data/bbscache/forum_cache.php');
pwCache::getData(D_P . 'data/bbscache/forumcache.php');
pwCache::getData(D_P . 'data/bbscache/forum_cache.php');
!$_G['show'] && Showmsg('groupright_show');
$db_showperpage = 16;
S::gp(array('pwuser', 'uid', 'action', 'type', 'page', 'aid'));
$fidoff = array();
$query = $db->query("SELECT fid,allowvisit,password,f_type,forumsell FROM pw_forums WHERE type<>'category'");
while ($rt = $db->fetch_array($query)) {
    if ($rt['f_type'] == 'hidden' || $rt['password'] || $rt['forumsell'] || $rt['allowvisit'] && strpos($rt['allowvisit'], ",{$groupid},") === false) {
        $fidoff[] = $rt['fid'];
    }
}
$sqladd = "1";
if ($pwuser || is_numeric($uid)) {
    $userService = L::loadClass('UserService', 'user');
    /* @var $userService PW_UserService */
    if ($pwuser) {
        $userInfo = $userService->getByUserName($pwuser);
    } elseif (is_numeric($uid)) {
        $userInfo = $userService->get($uid);
    }
    if (!$userInfo) {
        $errorname = $pwuser;
Example #25
0
    $sqladd = 'AND t.authorid=' . S::sqlEscape($uid) . " AND t.anonymous='0'";
    $urladd = "&uid={$uid}";
    $openIndex = false;
}
if ($openIndex) {
    #高楼帖子索引
    $count = 1 + $db->get_value("SELECT max(floor) FROM pw_postsfloor WHERE tid =" . S::sqlEscape($tid));
} else {
    $count = $read['replies'] + 1;
}
$topped_count = $read['topreplays'];
//帖子来源分类
$read_category = getThreadType();
//门户阅读方式
if ($foruminfo['ifcms'] && $db_modes['area']['ifopen']) {
    S::gp(array('viewbbs'));
    if (!$viewbbs) {
        require_once R_P . 'mode/area/area_read.php';
        exit;
    }
    $viewbbs = $viewbbs ? "&viewbbs={$viewbbs}" : "";
}
if ($winddb['p_num']) {
    $db_readperpage = $winddb['p_num'];
} elseif ($forumset['readnum']) {
    $db_readperpage = $forumset['readnum'];
}
$numofpage = ceil(($count + $topped_count) / $db_readperpage);
if ($page == 'e' || $page > $numofpage) {
    $numofpage == 1 && $page > 1 && ObHeader("read.php?tid={$tid}&toread={$toread}");
    $page = $numofpage;
Example #26
0
            foreach ($creditdb as $key => $value) {
                if (is_numeric($key) && is_numeric($value)) {
                    /**
                    					$db->pw_update(
                    						"SELECT uid FROM pw_membercredit WHERE uid=".S::sqlEscape($uid)."AND cid=".S::sqlEscape($key),
                    						"UPDATE pw_membercredit SET value=".S::sqlEscape($value)."WHERE uid=".S::sqlEscape($uid)."AND cid=".S::sqlEscape($key),
                    						"INSERT INTO pw_membercredit SET ".S::sqlSingle(array('uid'=>$uid,'cid'=>$key,'value'=>$value))
                    					);
                    					**/
                    $db->pw_update("SELECT uid FROM pw_membercredit WHERE uid=" . S::sqlEscape($uid) . "AND cid=" . S::sqlEscape($key), pwQuery::updateClause('pw_membercredit', 'uid=:uid AND cid=:cid', array($uid, $key), array('value' => $value)), pwQuery::insertClause('pw_membercredit', array('uid' => $uid, 'cid' => $key, 'value' => $value)));
                }
            }
            adminmsg('operate_success');
        }
    } else {
        S::gp(array('page'), 'GP', 2);
        $page < 1 && ($page = 1);
        $limit = S::sqlLimit(($page - 1) * $db_perpage, $db_perpage);
        $rt = $db->get_one("SELECT COUNT(*) AS sum FROM pw_membercredit WHERE value!=0");
        $pages = numofpage($rt['sum'], $page, ceil($rt['sum'] / $db_perpage), "{$basename}&");
        $query = $db->query("SELECT m.uid,m.username,mc.cid,mc.value FROM pw_membercredit mc LEFT JOIN pw_members m USING(uid) WHERE value!=0 ORDER BY cid, value DESC {$limit}");
        while ($rt = $db->fetch_array($query)) {
            $rt['name'] = $_CREDITDB[$rt['cid']][0];
            $creditdb[] = $rt;
        }
        include PrintEot('usermanage');
        exit;
    }
}
function initGroupOptions()
{
Example #27
0
            adminmsg('user_not_exists');
        }
        $uid = $userdb['uid'];
    }
    if ($uid) {
        $sql .= " AND fs.uid=" . S::sqlEscape($uid);
    }
    if ($fid) {
        $sql .= " AND fs.fid=" . S::sqlEscape($fid);
    }
    $page < 1 && ($page = 1);
    $limit = S::sqlLimit(($page - 1) * $db_perpage, $db_perpage);
    $rt = $db->get_one("SELECT COUNT(*) AS sum FROM pw_forumsell fs {$sql}");
    $pages = numofpage($rt['sum'], $page, ceil($rt['sum'] / $db_perpage), "{$basename}&uid={$uid}&fid={$fid}&");
    $buydb = array();
    $query = $db->query("SELECT fs.*,m.username,m.uid FROM pw_forumsell fs LEFT JOIN pw_members m USING(uid) {$sql} ORDER BY fs.overdate DESC {$limit}");
    while ($rt = $db->fetch_array($query)) {
        $rt['buydate'] = get_date($rt['buydate']);
        $rt['overtime'] = get_date($rt['overdate']);
        $buydb[] = $rt;
    }
    include PrintEot('forumsell');
    exit;
} elseif ($_POST['action'] == 'del') {
    S::gp(array('selid'));
    if (!($selid = checkselid($selid))) {
        adminmsg('operate_error');
    }
    $db->update("DELETE FROM pw_forumsell WHERE id IN({$selid})");
    adminmsg('operate_success');
}
Example #28
0
             $emails[$key] = str_replace('&nbsp;', '', $emails[$key]);
             if (!$email) {
                 unset($emails[$key]);
             } elseif (!preg_match("/^[-a-zA-Z0-9_\\.]+@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$/", $emails[$key])) {
                 Showmsg('mode_o_email_format_err');
             }
         }
     }
     !$emails && Showmsg('mode_o_email_empty');
     require_once R_P . 'require/sendemail.php';
     foreach ($emails as $email) {
         sendemail($email, 'email_' . $type . '_invite_subject', 'email_' . $type . '_invite_content');
     }
     Showmsg('operate_success');
 } elseif ($_POST['step'] == 2) {
     S::gp(array('sendtoname', 'touid'), 'P');
     $userService = L::loadClass('UserService', 'user');
     /* @var $userService PW_UserService */
     $uids = array();
     if ($sendtoname) {
         $userId = $userService->getUserIdByUserName($sendtoname);
         if (!$userId) {
             $errorname = $sendtoname;
             Showmsg('user_not_exists');
         }
         $uids[] = $userId;
     }
     if (is_array($touid)) {
         foreach ($touid as $key => $value) {
             if (is_numeric($value)) {
                 $uids[] = $value;
Example #29
0
     $robbuildService = L::loadClass("robbuild", 'forum');
     $fieldsdata = array('authorid' => $winduid, 'starttime' => $robstarttime, 'endtime' => $robendtime, 'endbuild' => $robendbuild, 'awardbuilds' => $robawardbuilds, 'postdate' => $timestamp);
     if ($message = $robbuildService->checkAddData($foruminfo['allowrob'], $fieldsdata)) {
         Showmsg($message);
     }
     $robbuildService->initData($fieldsdata);
     $postdata->setStatus('2');
     $postdata->setStatus('7');
 }
 L::loadClass('attupload', 'upload', false);
 /*上传错误检查
 	$return = PwUpload::checkUpload();
 	$return !== true && Showmsg($return);
 	end*/
 if (PwUpload::getUploadNum() || $flashatt) {
     S::gp(array('savetoalbum', 'albumid'), 'P', 2);
     $postdata->att = new AttUpload($winduid, $flashatt, $savetoalbum, $albumid);
     $postdata->att->check();
 }
 $postdata->iscontinue = (int) $iscontinue;
 $topicpost->execute($postdata);
 $tid = $topicpost->getNewId();
 // defend start
 CloudWind::yunUserDefend('postthread', $winduid, $windid, $timestamp, $cloud_information[1] ? $timestamp - $cloud_information[1] : 0, $tid ? 101 : 102, '', $postdata->data['content'], '', '');
 // defend end
 defined('AJAX') && ($pinfo = $pinfo . $tid);
 if ($postSpecial) {
     $postSpecial->insertData($tid);
 }
 if ($postTopic) {
     //分类主题插入数据
Example #30
0
<?php

!defined('P_W') && exit('Forbidden');
S::gp(array('tid', 'pcid'), G, 2);
$read = $db->get_one("SELECT authorid,subject,fid FROM pw_threads WHERE tid=" . S::sqlEscape($tid));
$foruminfo = $db->get_one('SELECT forumadmin,fupadmin FROM pw_forums WHERE fid=' . S::sqlEscape($read['fid']));
$isGM = S::inArray($windid, $manager);
$isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid);
L::loadClass('postcate', 'forum', false);
$post = array();
$postCate = new postCate($post);
$isadminright = $postCate->getAdminright($pcid, $read['authorid']);
if (!$isadminright) {
    Showmsg('pcexport_none');
}
$memberdb = array();
$query = $db->query("SELECT username,mobile,phone,address,nums,ifpay,totalcash,name,zip,message FROM pw_pcmember WHERE tid=" . S::sqlEscape($tid));
while ($rt = $db->fetch_array($query)) {
    if ($rt['ifpay'] == 1) {
        $rt['ifpay'] = getLangInfo('other', 'pc_payed');
    } else {
        $rt['ifpay'] = getLangInfo('other', 'pc_paying');
    }
    if ($db_charset == 'utf-8' || $db_charset == 'big5') {
        foreach ($rt as $key => $value) {
            $rt[$key] = pwConvert($value, 'gbk', $db_charset);
        }
    }
    $memberdb[] = $rt;
}
$titledb = array(getLangInfo('other', 'pc_id') . "\t", getLangInfo('other', 'pc_username') . "\t", getLangInfo('other', 'pc_name') . "\t", getLangInfo('other', 'pc_mobile') . "\t", getLangInfo('other', 'pc_phone') . "\t", getLangInfo('other', 'pc_address') . "\t", getLangInfo('other', 'pc_zip') . "\t", getLangInfo('other', 'pc_nums') . "\t", getLangInfo('other', 'pc_totalcash') . "\t", getLangInfo('other', 'pc_message') . "\t", getLangInfo('other', 'pc_ifpay') . "\t\n");