function TakeNavigateList($group = false, $skip = 0, $take = 10, $orderby = "convert(`group` USING gbk) COLLATE gbk_chinese_ci,displayorder,navid") { global $yiqi_db; if ($group) { return $yiqi_db->get_results(CheckSql("select * from yiqi_navigate as nav where nav.group = '{$group}' AND nav.status = 'ok' order by {$orderby} limit {$skip},{$take}")); } else { return $yiqi_db->get_results(CheckSql("select * from yiqi_navigate as nav where nav.status = 'ok' order by {$orderby} limit {$skip},{$take}")); } }
function TakeMetaList($skip = 0, $take = 10, $orderby = "metaid") { global $yiqi_db; if ($take < 1) { return $yiqi_db->get_results(CheckSql("select metaid from yiqi_meta")); } else { return $yiqi_db->get_results(CheckSql("select * from yiqi_meta order by {$orderby} limit {$skip},{$take}")); } }
function TakeKeywordsList($skip = 0, $take = 10, $where = "", $orderby = "displayorder") { global $yiqi_db; if ($where == "") { return $yiqi_db->get_results(CheckSql("select * from yiqi_keywords order by {$orderby} limit {$skip},{$take}")); } else { return $yiqi_db->get_results(CheckSql("select * from yiqi_keywords {$where} order by {$orderby} limit {$skip},{$take}")); } }
function GetDefaultTemplets() { global $yiqi_db; $defaulttemplets = $yiqi_db->get_row(CheckSql("select * from yiqi_settings where varname = 'sitetemplets' limit 1")); if (is_object($defaulttemplets)) { return $this->GetTemplets($defaulttemplets->value); } else { return null; } }
function checkauth() { global $yiqi_db; global $adminuserinfo; $pagename = end(explode("/", $_SERVER["PHP_SELF"])); $sql = "select * from yiqi_regular where value like '{$pagename}%' limit 1"; $regularinfo = $yiqi_db->get_row(CheckSql($sql)); $userregular = explode("|", $adminuserinfo->regular); if (!checkregular($regularinfo->rid)) { ShowMsg("您没有权限访问此页", "back"); exit; } }
/** * 035.* 执行一条sql语句 * 036.* @param string $sql 要执行的sql语句 * 037.* @param string $type 如果$type为UNBUFFERED:则执行mysql_unbuffered_query();他与mysql_query的区别是,执行后不获取和缓存结果的行 * 038.* @return object * 039. * */ function query($sql, $type = '') { $sql = CheckSql($sql); //检查安全过滤sql $func = $type == 'UNBUFFERED' && @function_exists('mysql_unbuffered_query') ? 'mysql_unbuffered_query' : 'mysql_query'; if (!($query = $func($sql, $this->link))) { if (in_array($this->errno(), array(2006, 2013)) && substr($type, 0, 5) != 'RETRY') { $this->close(); require ROOT_PATH . '/config.inc.php'; $this->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect); $this->query($sql, 'RETRY' . $type); } elseif ($type != 'SILENT' && substr($type, 5) != 'SILENT') { $this->halt('MySQL Query Error', $sql); } } $this->querynum++; return $query; }
function formaturl($params) { global $yiqi_db; extract($params); $sql = "select * from yiqi_settings where varname = 'urlrewrite' limit 1"; $result = $yiqi_db->get_row(CheckSql($sql)); if (strpos($name, "http://") === 0) { return $name; } $name = urlencode($name); if ($result->value == "true" || $result->value == "html" || $generatehtml) { switch ($type) { case "category": if (is_numeric($page) && $page > 1) { $urlinfo = "category/{$name}" . "_" . "{$page}/"; } else { $urlinfo = "category/{$name}/"; } break; case "article": $urlinfo = "article/{$name}.html"; break; case "product": $urlinfo = "product/{$name}.html"; break; case "catalog": $urlinfo = "catalog/{$name}/"; break; case "comment": $urlinfo = "comment.html"; break; case "sitemap": $urlinfo = "sitemap.xml"; break; } } else { switch ($type) { case "category": if (is_numeric($page)) { $urlinfo = "category.php?name={$name}&p={$page}"; } else { $urlinfo = "category.php?name={$name}"; } break; case "article": $urlinfo = "article.php?name={$name}"; break; case "product": $urlinfo = "product.php?name={$name}"; break; case "catalog": $urlinfo = "catalog.php?type={$name}"; break; case "comment": $urlinfo = "comment.php"; break; case "sitemap": $urlinfo = "sitemap.php"; break; } } $rurl = $siteurl . "/" . $urlinfo; if ($generatehtml) { $rurl = $urlinfo; } return $rurl; }
function TakeUserList($skip = 0, $take = 10) { global $yiqi_db; return $yiqi_db->get_results(CheckSql("select * from yiqi_users order by adddate desc,uid desc limit {$skip},{$take}")); }
} if (empty($categoryfilename)) { $categoryfilename = date("YmdHis"); } $categoryfilename = str_replace(" ", "-", $categoryfilename); $existfilename = $categorydata->ExistFilename($categoryfilename); if ($existfilename == 1) { if ($categoryfilename != $catinfo->filename) { if (strpos($categoryfilename, "http://") !== 0) { exit("指定的文件名已经存在"); } } } $categorytemplets = str_replace("{style}/", "", $categorytemplets); $sql = "UPDATE yiqi_category SET name = '{$categoryname}',seotitle='{$categoryseotitle}',seokeywords='{$categoryseokeywords}',seodescription='{$categoryseodescription}',description='{$categorydescription}',filename = '{$categoryfilename}',templets = '{$categorytemplets}',takenumber = '{$categorytakenumber}' WHERE cid = '{$cid}'"; $result = $yiqi_db->query(CheckSql($sql)); if ($result == 1) { $genehtml = getset("urlrewrite")->value; if ($genehtml == "html") { $category = $categorydata->GetCategory($cid); if (!$tempinfo->template_exists($category->templets)) { exit("没有找到文章模板,请与管理员联系!"); } $curpage = 1; $source = getcategorysource($category, $curpage); $total = $source['totalpage']; $urlparam = array('name' => $category->filename, 'type' => 'category', 'generatehtml' => 1, 'page' => $curpage); $fileurl = formaturl($urlparam); $cachedata->WriteFileCache(YIQIROOT . '/' . $fileurl . 'index.html', $source['source'], true); while ($total > $curpage) { $curpage++;
function UpdateCount($aid) { global $yiqi_db; $sql = "UPDATE yiqi_article SET viewcount = viewcount+1 where aid = '{$aid}' limit 1"; $yiqi_db->query(CheckSql($sql)); }
function lib_sql(&$ctag, &$refObj) { global $dsql, $sqlCt, $cfg_soft_lang; $attlist = "sql|appname"; FillAttsDefault($ctag->CAttribute->Items, $attlist); extract($ctag->CAttribute->Items, EXTR_SKIP); //传递环境参数 preg_match_all("/~([A-Za-z0-9]+)~/s", $sql, $conditions); $appname = empty($appname) ? 'default' : $appname; if (is_array($conditions)) { foreach ($conditions[1] as $key => $value) { if (isset($refObj->Fields[$value])) { $sql = str_replace($conditions[0][$key], "'" . addslashes($refObj->Fields[$value]) . "'", $sql); } } } $revalue = ''; $Innertext = trim($ctag->GetInnerText()); if ($sql == '' || $Innertext == '') { return ''; } if (empty($sqlCt)) { $sqlCt = 0; } $ctp = new DedeTagParse(); $ctp->SetNameSpace('field', '[', ']'); $ctp->LoadSource($Innertext); $thisrs = 'sq' . $sqlCt; $GLOBALS['autoindex'] = 0; // 引入配置文件 if ($appname != 'default') { require_once DEDEDATA . '/tag/sql.inc.php'; global $sqltag; $config = $sqltag[$appname]; if (!isset($config['dbname'])) { return ''; } // 链接数据库 $linkid = @mysql_connect($config['dbhost'], $config['dbuser'], $config['dbpwd']); if (!$linkid) { return ''; } @mysql_select_db($config['dbname']); $mysqlver = explode('.', $dsql->GetVersion()); $mysqlver = $mysqlver[0] . '.' . $mysqlver[1]; // 设定数据库编码及长连接 if ($mysqlver > 4.0) { @mysql_query("SET NAMES '" . $config['dblanguage'] . "', character_set_client=binary, sql_mode='', interactive_timeout=3600 ;", $linkid); } $prefix = "#@__"; $sql = str_replace($prefix, $config['dbprefix'], $sql); // 校验SQL字符串并获取数组返回 $sql = CheckSql($sql); $rs = @mysql_query($sql, $linkid); while ($row = mysql_fetch_array($rs, MYSQL_ASSOC)) { $sqlCt++; $GLOBALS['autoindex']++; // 根据程序判断编码类型,并进行转码,这里主要就是gbk和utf-8 if (substr($cfg_soft_lang, 0, 2) != substr($config['dblanguage'], 0, 2)) { $row = AutoCharset($row, $config['dblanguage'], $cfg_soft_lang); } foreach ($ctp->CTags as $tagid => $ctag) { if ($ctag->GetName() == 'array') { $ctp->Assign($tagid, $row); } else { if (!empty($row[$ctag->GetName()])) { $ctp->Assign($tagid, $row[$ctag->GetName()]); } else { $ctp->Assign($tagid, ""); } } } $revalue .= $ctp->GetResult(); } @mysql_free_result($rs); } else { $dsql->Execute($thisrs, $sql); while ($row = $dsql->GetArray($thisrs)) { $sqlCt++; $GLOBALS['autoindex']++; foreach ($ctp->CTags as $tagid => $ctag) { if ($ctag->GetName() == 'array') { $ctp->Assign($tagid, $row); } else { if (!empty($row[$ctag->GetName()])) { $ctp->Assign($tagid, $row[$ctag->GetName()]); } else { $ctp->Assign($tagid, ""); } } } $revalue .= $ctp->GetResult(); } } return $revalue; }
<?php if (isset($_GET['Submit'])) { // Retrieve data $id = $_GET['id']; $id = CheckSql($id, 'select'); $getid = "SELECT first_name, last_name FROM users WHERE user_id = {$id}"; $result = mysql_query($getid) or die('<pre>' . mysql_error() . '</pre>'); $num = mysql_numrows($result); $i = 0; while ($i < $num) { $first = mysql_result($result, $i, "first_name"); $last = mysql_result($result, $i, "last_name"); $html .= '<pre>'; $html .= 'ID: ' . $id . '<br>First name: ' . $first . '<br>Surname: ' . $last; $html .= '</pre>'; $i++; } } //SQL语句过滤程序,由80sec提供,这里作了适当的修改 function CheckSql($db_string, $querytype = 'select') { $clean = ''; $error = ''; $old_pos = 0; $pos = -1; $userIP = GetIP(); $getUrl = GetCurUrl(); //如果是普通查询语句,直接过滤一些特殊语法 if ($querytype == 'select') { $notallow1 = "[^0-9a-z@\\._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@\\.-]{1,}";
function SetQuery($sql) { $prefix = "#@__"; $sql = str_replace($prefix, $this->dbPrefix, $sql); $this->queryString = $sql; if ($this->safeCheck) { CheckSql($this->queryString); //检查安全性 } return $this->queryString; }
require_once 'product.class.php'; require_once 'link.class.php'; require_once 'category.class.php'; require_once 'navigate.class.php'; require_once 'cache.class.php'; require_once 'meta.class.php'; $tempinfo = new Templets(); $templets = $tempinfo->GetDefaultTemplets(); if ($templets == null) { $templets->directory = "default"; } $tempinfo->template_dir = YIQIROOT . '/templets/' . $templets->directory . '/'; $tempinfo->assign("templets", $templets); $tempinfo->compile_dir = YIQIROOT . '/cache/compile/'; $sql = "select * from yiqi_settings"; $settinglist = $yiqi_db->get_results(CheckSql($sql)); if (count($settinglist) > 0) { foreach ($settinglist as $settinginfo) { $tempinfo->assign($settinginfo->varname, $settinginfo->value); } } $categorydata = new Category(); $categorylist = $categorydata->GetSubCategory(0, "product"); $tempinfo->assign("categorylist", $categorylist); $tempinfo->register_function("formaturl", "formaturl"); $tempinfo->register_function("readrss", "readrss"); //定义区域 $citys = array("zhengzhou" => "郑州", "taiyuan" => "太原", "xian" => "西安", "xinxiang" => "新乡", "xuchang" => "许昌", "jiaozuo" => "焦作", "anyang" => "安阳", "xinyang" => "信阳", "puyang" => "濮阳", "datong" => "大同"); $cv = $_GET['city']; $city = $cv ? $citys[$cv] : ""; $tempinfo->assign('city', $city);
function Execute($id = "me", $sql = '') { global $dsql; if (!$dsql->isInit) { $this->Init($this->pconnect); } if ($dsql->isClose) { $this->Open(FALSE); $dsql->isClose = FALSE; } if (!empty($sql)) { $this->SetQuery($sql); } //SQL语句安全检查 if ($this->safeCheck) { CheckSql($this->queryString); } $t1 = ExecTime(); $this->result[$id] = mysql_query($this->queryString, $this->linkID); if ($this->recordLog) { $queryTime = ExecTime() - $t1; $this->RecordLog($queryTime); } if (!empty($this->result[$id]) && $this->result[$id] === FALSE) { $this->DisplayError(mysql_error() . " <br />Error sql: <font color='red'>" . $this->queryString . "</font>"); } }
function TakeLinkList($skip = 0, $take = 10, $orderby = "displayorder") { global $yiqi_db; return $yiqi_db->get_results(CheckSql("select * from yiqi_link where status = 'ok' order by {$orderby} limit {$skip},{$take}")); }
function UpdateCount($pid) { global $yiqi_db; $sql = "UPDATE yiqi_product SET viewcount = viewcount+1 where pid = '{$pid}' limit 1"; $yiqi_db->query(CheckSql($sql)); }
function GetSubCategory($pid = 0, $type = 'article', $orderby = "displayorder") { global $yiqi_db; $sql = "select * from yiqi_category where pid = '{$pid}' and type = '{$type}' order by {$orderby}"; $results = $yiqi_db->get_results(CheckSql($sql)); if (count($results)) { return $results; } else { return null; } }
function TakeCommentsList($skip = 0, $take = 10, $orderby = "adddate desc") { global $yiqi_db; return $yiqi_db->get_results(CheckSql("select * from yiqi_comments order by {$orderby} limit {$skip},{$take}")); }
function build() { $timefile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".time"; $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid"; if ($GLOBALS["VERBOSE"]) { echo "{$timefile} = {$timefile}\n"; } $unix = new unix(); $pid = $unix->get_pid_from_file($pidfile); if ($unix->process_exists($pid)) { echo "Already PID {$pid} is running\n"; die; } @file_put_contents($pidfile, getmypid()); if (!$GLOBALS["VERBOSE"]) { $time = $unix->file_time_min($timefile); if ($time < 50) { echo "Only each 50mn\n"; die; } @unlink($timefile); @file_put_contents($timefile, time()); } $mysar = $unix->find_program("mysar"); if (!is_file($mysar)) { echo "mysar, no such binary...\n"; return; } if ($GLOBALS["VERBOSE"]) { echo "TimeFile: {$timefile}\n"; } $BaseWorkDir = "/var/log/squid"; if (!($handle = opendir($BaseWorkDir))) { return; } while (false !== ($fileZ = readdir($handle))) { if ($fileZ == ".") { continue; } if ($fileZ == "..") { continue; } $filename = "{$BaseWorkDir}/{$fileZ}"; if (is_dir($filename)) { continue; } $time = $unix->file_time_min($filename); $filedate = date('Y-m-d H:i:s', filemtime($filename)); if (preg_match("#ziproxy#", $filename)) { continue; } if (preg_match("#access\\.log\\.[0-9]+\$#", $filename)) { continue; } if (preg_match("#sarg\\.log\\.[0-9]+\$#", $filename)) { @mkdir("/home/squid/sarg_logs"); if (@copy($filename, "/home/squid/sarg_logs/" . basename($filename) . "." . filemtime($filename))) { @unlink($filename); } continue; } } $q = new mysql_squid_builder(); if ($q->mysql_port != 3306) { $q->EnableSquidRemoteMySQL = 0; } echo "Build config Use remote MySQL server = {$q->EnableSquidRemoteMySQL}\n"; $f[] = "username={$q->mysql_admin}"; $f[] = "password={$q->mysql_password}"; $f[] = "database=squidlogs"; if ($q->EnableSquidRemoteMySQL == 1) { echo "Build config Use remote MySQL server = {$q->mysql_admin}@{$q->mysql_server}:{$q->mysql_password}\n"; $f[] = "server={$q->mysql_server}:{$q->mysql_port}"; } else { echo "Build config Use Local MySQL server = {$q->SocketName}\n"; $f[] = "server=127.0.0.1"; } $f[] = "pidfile=/var/run/mysar.pid"; //$f[]="logfile=/var/log/squid/access.log"; $syslog = new mysql_storelogs(); //$syslog->checkTables(); @file_put_contents("/etc/mysar.conf", @implode("\n", $f)); CheckSql(); echo "Done...\n"; $NICE = $unix->EXEC_NICE(); }
$urlparam = array('name' => $product->filename, 'type' => 'product', 'generatehtml' => 1); $fileurl = formaturl($urlparam); $cachedata->WriteFileCache(YIQIROOT . '/' . $fileurl, $source, true); $alltrue = $all == "true" ? "all=true&" : ''; $nextlink = "?" . $alltrue . "gt=product&ids=" . ($ids + 1); redirect("" . $nextlink); } elseif ($all == "true") { redirect("?all=true>=category"); } else { $htmlmsg = "生成HTML完成."; } break; case "category": chmod(YIQIROOT . "/category/", 0777); $sql = "SELECT * from yiqi_category"; $categorylist = $yiqi_db->get_results(CheckSql($sql)); $categorycount = count($categorylist); if (!$ids) { $ids = 1; } if ($ids <= $categorycount) { $curpage = $_GET['page']; if ($curpage < 1) { $curpage = 1; } $alltrue = $all == "true" ? "all=true&" : ''; $htmlmsg = "共 {$categorycount} 分类,正在生成第 {$ids} 个, 第 {$curpage} 页..."; $category = $categorylist[$ids - 1]; $source = getcategorysource($category, $curpage); $total = $source['totalpage']; $urlparam = array('name' => $category->filename, 'type' => 'category', 'generatehtml' => 1, 'page' => $curpage);
function GetRegular($pid = 0) { global $yiqi_db; $sql = "SELECT * FROM yiqi_regular WHERE pid = '{$pid}' order by displayorder"; return $yiqi_db->get_results(CheckSql($sql)); }
} $commentdata = new Comments(); $commentcount = $commentdata->GetCommentsList(); $total = count($commentcount); $take = 20; $skip = ($curpage - 1) * $take; $totalpage = (int) ($total % $take == 0 ? $total / $take : $total / $take + 1); $commentlist = $commentdata->TakeCommentsList($skip, $take); $action = $_POST["action"]; if ($action == "delete") { $idarr = $_POST["chk"]; if (count($idarr) > 0) { foreach ($idarr as $id) { if (is_numeric($id)) { $sql = "DELETE FROM yiqi_comments WHERE cid = '{$id}' limit 1"; $yiqi_db->query(CheckSql($sql)); } } ShowMsg("指定留言删除成功"); } } $adminpagetitle = "留言列表"; include "admin.header.php"; ?> <div class="main_body"> <form action="comments.php" method="post"> <table class="inputform" cellpadding="1" cellspacing="1"> <tr style="background:#f6f6f6;"><td class="w10"></td><td class="w20">标题</td><td class="w20">留言人姓名</td><td class="w20">联系方式</td><td class="w20">留言时间</td><td class="w10">相关操作</td></tr> <?php if (count($commentlist) > 0) { foreach ($commentlist as $comment) {
function Execute($id = "me", $sql = '') { global $dsql; if ($dsql->isClose) { $this->Open(false); $dsql->isClose = false; } if (!empty($sql)) { $this->SetQuery($sql); } //SQL语句安全检查 if ($this->safeCheck) { CheckSql($this->queryString); } $t1 = ExecTime(); $this->result[$id] = mysql_query($this->queryString, $this->linkID); //$queryTime = ExecTime() - $t1; //查询性能测试 //if($queryTime > 0.05) { //echo $this->queryString."--{$queryTime}<hr />\r\n"; //} if ($this->result[$id] === false) { $this->DisplayError(mysql_error() . " <br />Error sql: <font color='red'>" . $this->queryString . "</font>"); } }