if ($gzipcompress && function_exists('ob_gzhandler') && CURSCRIPT != 'wap') {
ob_start('ob_gzhandler');
} else {
$gzipcompress = 0;
ob_start();
}
$dblink = new db_sql();
$dblink->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
$_DCOOKIE = $_DCACHE = array();
list($cyask_uid, $username, $email) = explode("\t", uc_authcode($_COOKIE['auth'], 'DECODE'));
define('FORMHASH', form_hash());
$styleid = $_DCOOKIE['styleid'] ? $_DCOOKIE['styleid'] : 1;
$cyask_adminid = 0;
if ($cyask_uid) {
$query = $dblink->query("SELECT username,password,adminid,groupid FROM {$dbprefix}members WHERE uid={$cyask_uid}");
$members = $dblink->fetch_array($query);
if (empty($members)) {
$members = array();
list($uid, $uname, $email) = uc_get_user($cyask_uid, 1);
$dblink->query("INSERT INTO {$dbprefix}members(uid,username,email,adminid,groupid,regdate) VALUES('{$cyask_uid}','{$username}','{$email}','5','0','" . time() . "')");
$cyask_user = $username;
unset($uid, $uname);
$adminid = '5';
$groupid = 0;
$cyask_adminid = $adminid == 1 || $groupid == 3 ? 1 : 0;
} else {
$cyask_user = $members['username'];
$adminid = $members['adminid'];
$groupid = $members['groupid'];
$cyask_adminid = $adminid == 1 || $groupid == 3 ? 1 : 0;
$dblink->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
$_DCOOKIE = $_DCACHE = array();
$prelength = strlen($cookiepre);
foreach ($_COOKIE as $key => $val) {
if (substr($key, 0, $prelength) == $cookiepre) {
$_DCOOKIE[substr($key, $prelength)] = daddslashes($val);
}
}
unset($prelength);
list($cyask_uid, $cyask_user, $cyask_pw) = isset($_DCOOKIE['compound']) ? explode("\t", authcode($_DCOOKIE['compound'], 'DECODE', $cyask_key)) : array(0, '', '');
$cyask_uid = intval($cyask_uid);
$styleid = $_DCOOKIE['styleid'] ? $_DCOOKIE['styleid'] : 1;
///////////////////////提取身份///////////////////////////
if ($cyask_uid) {
$query = $dblink->query("SELECT adminid FROM {$tablepre}member WHERE uid={$cyask_uid}");
$members = $dblink->fetch_array($query);
$cyask_adminid = $members['adminid'];
}
$cache_variable_file = CYASK_ROOT . './askdata/cache/cache_variable.php';
if (file_exists($cache_variable_file)) {
include_once $cache_variable_file;
} else {
create_cache('variable');
include_once $cache_variable_file;
}
$cache_style_file = CYASK_ROOT . './askdata/cache/cache_style.php';
if (file_exists($cache_style_file)) {
include_once $cache_style_file;
} else {
create_cache('style');
$fp = fopen($cachefile, 'w');
$s = "<?php\r\n";
$s .= '$_CACHE[\'settings\'] = ' . var_export($post, TRUE) . ";\r\n";
fwrite($fp, $s);
fclose($fp);
exit(API_RETURN_SUCCEED);
} elseif ($action == 'updatecredit') {
!UPDATECREDIT && exit(API_RETURN_FORBIDDEN);
$credit = intval($get['credit']);
$amount = intval($get['amount']);
$uid = intval($get['uid']);
require_once DISCUZ_ROOT . './include/db_' . $database . '.php';
$dblink = new db_sql();
$dblink->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
$dblink->query("UPDATE {$dbprefix}members SET scores=scores+'{$amount}' WHERE uid='{$uid}'");
if ($amount > 0) {
$add = $amount;
$minus = 0;
} else {
$add = 0;
$minus = $amount;
}
$query = $dblink->query("SEELCT scores FROM {$dbprefix}members WHERE uid='{$uid}'");
$row = $dblink->fetch_array($query);
$time = time();
$scores = $row['scores'];
unset($query, $row);
$dblink->query("INSERT INTO {$dbprefix}scorelog(uid,optime,add,minus,op,scores,opuid) VALUES('{$uid}','{$time}','{$add}','{$minus}','{$op}','{$scores}','{$opuid}')");
exit(API_RETURN_SUCCEED);
} elseif ($action == 'getcreditsettings') {
echo " <tr>\n";
echo " <td>\n";
echo " <hr noshade align=\"center\" width=\"100%\" size=\"1\">\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td><b><font color=\"#FF0000\">></font><font color=\"#000000\"> {$lang['create_table']}</font></b></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>\n";
$fp = fopen($sqlfile, 'rb');
$sqlcontent = fread($fp, 2048000);
$sqlcontent = str_replace("\r\n", "\n", $sqlcontent);
fclose($fp);
run_query($sqlcontent);
$db->query("DELETE FROM {$tablepre}member");
$db->query("INSERT INTO {$tablepre}member SET uid='{$uid}',username='******',password='******',email='{$email}',adminid=1,attachopen=1");
$db->query("DELETE FROM {$tablepre}admin");
$db->query("INSERT INTO {$tablepre}admin SET uid='{$uid}',adminid=1,sid='all'");
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>\n";
echo " <hr noshade align=\"center\" width=\"100%\" size=\"1\">\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td><b><font color=\"#FF0000\">></font><font color=\"#000000\"> {$lang['init_file']}</font></b></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>\n";
echo " <tr>\n";
echo " <td>\n";
echo " <hr noshade align=\"center\" width=\"100%\" size=\"1\">\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td><b><font color=\"#FF0000\">></font><font color=\"#000000\"> {$lang['create_table']}</font></b></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>\n";
$fp = fopen($sqlfile, 'rb');
$sql = fread($fp, filesize($sqlfile));
fclose($fp);
$db->select_db($dbname);
runquery($sql);
$query = $db->query("INSERT INTO {$dbprefix}members(uid,username,email,adminid,regdate,groupid) VALUES('{$uid}','{$username}','{$email}','1','" . time() . "','1')");
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>\n";
echo " <hr noshade align=\"center\" width=\"100%\" size=\"1\">\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td><b><font color=\"#FF0000\">></font><font color=\"#000000\"> {$lang['init_file']}</font></b></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>\n";
loginit('adminlog');
loginit('errorlog');
dir_clear('./askdata/templates');
function OnCheckRegId()
{
ShowMsg("OnCheckRegId.");
$userid = $_GET['memberid'];
global $db;
global $dbaddr, $dbuser, $dbpwd, $dbname;
if (!$db) {
$db = new db_sql();
$db->connect($dbaddr, $dbuser, $dbpwd, $dbname);
ShowMsg("receate db .");
}
if (!$db) {
return;
}
$sql = "select userid from tb_members where userid='" . $userid . "'";
ShowMsg("query db width ." . $sql);
$query = $db->query($sql);
if (!$query) {
echo GetErrorResult("CHECK_MEM_ID", 0);
$db->close();
return;
}
$count = $db->num_rows($query);
$db->close();
if ($count > 0) {
echo GetErrorResult("CHECK_MEM_ID", 2);
} else {
echo GetErrorResult("CHECK_MEM_ID", 0);
}
return TRUE;
}
