Exemple #1
0
 function TakeNavigateList($group = false, $skip = 0, $take = 10, $orderby = "convert(`group` USING gbk) COLLATE gbk_chinese_ci,displayorder,navid")
 {
     global $yiqi_db;
     if ($group) {
         return $yiqi_db->get_results(CheckSql("select * from yiqi_navigate as nav where nav.group = '{$group}' AND nav.status = 'ok' order by {$orderby} limit {$skip},{$take}"));
     } else {
         return $yiqi_db->get_results(CheckSql("select * from yiqi_navigate as nav where nav.status = 'ok' order by {$orderby} limit {$skip},{$take}"));
     }
 }
Exemple #2
0
 function TakeMetaList($skip = 0, $take = 10, $orderby = "metaid")
 {
     global $yiqi_db;
     if ($take < 1) {
         return $yiqi_db->get_results(CheckSql("select metaid from yiqi_meta"));
     } else {
         return $yiqi_db->get_results(CheckSql("select * from yiqi_meta order by {$orderby} limit {$skip},{$take}"));
     }
 }
Exemple #3
0
 function TakeKeywordsList($skip = 0, $take = 10, $where = "", $orderby = "displayorder")
 {
     global $yiqi_db;
     if ($where == "") {
         return $yiqi_db->get_results(CheckSql("select * from yiqi_keywords order by {$orderby} limit {$skip},{$take}"));
     } else {
         return $yiqi_db->get_results(CheckSql("select * from yiqi_keywords {$where} order by {$orderby} limit {$skip},{$take}"));
     }
 }
Exemple #4
0
 function GetDefaultTemplets()
 {
     global $yiqi_db;
     $defaulttemplets = $yiqi_db->get_row(CheckSql("select * from yiqi_settings where varname = 'sitetemplets' limit 1"));
     if (is_object($defaulttemplets)) {
         return $this->GetTemplets($defaulttemplets->value);
     } else {
         return null;
     }
 }
Exemple #5
0
function checkauth()
{
    global $yiqi_db;
    global $adminuserinfo;
    $pagename = end(explode("/", $_SERVER["PHP_SELF"]));
    $sql = "select * from yiqi_regular where value like '{$pagename}%' limit 1";
    $regularinfo = $yiqi_db->get_row(CheckSql($sql));
    $userregular = explode("|", $adminuserinfo->regular);
    if (!checkregular($regularinfo->rid)) {
        ShowMsg("您没有权限访问此页", "back");
        exit;
    }
}
 /** 
  * 035.* 执行一条sql语句 
  * 036.* @param string $sql 要执行的sql语句 
  * 037.* @param string $type 如果$type为UNBUFFERED:则执行mysql_unbuffered_query();他与mysql_query的区别是,执行后不获取和缓存结果的行 
  * 038.* @return object 
  * 039.
  * */
 function query($sql, $type = '')
 {
     $sql = CheckSql($sql);
     //检查安全过滤sql
     $func = $type == 'UNBUFFERED' && @function_exists('mysql_unbuffered_query') ? 'mysql_unbuffered_query' : 'mysql_query';
     if (!($query = $func($sql, $this->link))) {
         if (in_array($this->errno(), array(2006, 2013)) && substr($type, 0, 5) != 'RETRY') {
             $this->close();
             require ROOT_PATH . '/config.inc.php';
             $this->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
             $this->query($sql, 'RETRY' . $type);
         } elseif ($type != 'SILENT' && substr($type, 5) != 'SILENT') {
             $this->halt('MySQL Query Error', $sql);
         }
     }
     $this->querynum++;
     return $query;
 }
Exemple #7
0
function formaturl($params)
{
    global $yiqi_db;
    extract($params);
    $sql = "select * from yiqi_settings where varname = 'urlrewrite' limit 1";
    $result = $yiqi_db->get_row(CheckSql($sql));
    if (strpos($name, "http://") === 0) {
        return $name;
    }
    $name = urlencode($name);
    if ($result->value == "true" || $result->value == "html" || $generatehtml) {
        switch ($type) {
            case "category":
                if (is_numeric($page) && $page > 1) {
                    $urlinfo = "category/{$name}" . "_" . "{$page}/";
                } else {
                    $urlinfo = "category/{$name}/";
                }
                break;
            case "article":
                $urlinfo = "article/{$name}.html";
                break;
            case "product":
                $urlinfo = "product/{$name}.html";
                break;
            case "catalog":
                $urlinfo = "catalog/{$name}/";
                break;
            case "comment":
                $urlinfo = "comment.html";
                break;
            case "sitemap":
                $urlinfo = "sitemap.xml";
                break;
        }
    } else {
        switch ($type) {
            case "category":
                if (is_numeric($page)) {
                    $urlinfo = "category.php?name={$name}&p={$page}";
                } else {
                    $urlinfo = "category.php?name={$name}";
                }
                break;
            case "article":
                $urlinfo = "article.php?name={$name}";
                break;
            case "product":
                $urlinfo = "product.php?name={$name}";
                break;
            case "catalog":
                $urlinfo = "catalog.php?type={$name}";
                break;
            case "comment":
                $urlinfo = "comment.php";
                break;
            case "sitemap":
                $urlinfo = "sitemap.php";
                break;
        }
    }
    $rurl = $siteurl . "/" . $urlinfo;
    if ($generatehtml) {
        $rurl = $urlinfo;
    }
    return $rurl;
}
Exemple #8
0
 function TakeUserList($skip = 0, $take = 10)
 {
     global $yiqi_db;
     return $yiqi_db->get_results(CheckSql("select * from yiqi_users order by adddate desc,uid desc limit {$skip},{$take}"));
 }
Exemple #9
0
 }
 if (empty($categoryfilename)) {
     $categoryfilename = date("YmdHis");
 }
 $categoryfilename = str_replace(" ", "-", $categoryfilename);
 $existfilename = $categorydata->ExistFilename($categoryfilename);
 if ($existfilename == 1) {
     if ($categoryfilename != $catinfo->filename) {
         if (strpos($categoryfilename, "http://") !== 0) {
             exit("指定的文件名已经存在");
         }
     }
 }
 $categorytemplets = str_replace("{style}/", "", $categorytemplets);
 $sql = "UPDATE yiqi_category SET name = '{$categoryname}',seotitle='{$categoryseotitle}',seokeywords='{$categoryseokeywords}',seodescription='{$categoryseodescription}',description='{$categorydescription}',filename = '{$categoryfilename}',templets = '{$categorytemplets}',takenumber = '{$categorytakenumber}' WHERE cid = '{$cid}'";
 $result = $yiqi_db->query(CheckSql($sql));
 if ($result == 1) {
     $genehtml = getset("urlrewrite")->value;
     if ($genehtml == "html") {
         $category = $categorydata->GetCategory($cid);
         if (!$tempinfo->template_exists($category->templets)) {
             exit("没有找到文章模板,请与管理员联系!");
         }
         $curpage = 1;
         $source = getcategorysource($category, $curpage);
         $total = $source['totalpage'];
         $urlparam = array('name' => $category->filename, 'type' => 'category', 'generatehtml' => 1, 'page' => $curpage);
         $fileurl = formaturl($urlparam);
         $cachedata->WriteFileCache(YIQIROOT . '/' . $fileurl . 'index.html', $source['source'], true);
         while ($total > $curpage) {
             $curpage++;
Exemple #10
0
 function UpdateCount($aid)
 {
     global $yiqi_db;
     $sql = "UPDATE yiqi_article SET viewcount = viewcount+1 where aid = '{$aid}' limit 1";
     $yiqi_db->query(CheckSql($sql));
 }
Exemple #11
0
function lib_sql(&$ctag, &$refObj)
{
    global $dsql, $sqlCt, $cfg_soft_lang;
    $attlist = "sql|appname";
    FillAttsDefault($ctag->CAttribute->Items, $attlist);
    extract($ctag->CAttribute->Items, EXTR_SKIP);
    //传递环境参数
    preg_match_all("/~([A-Za-z0-9]+)~/s", $sql, $conditions);
    $appname = empty($appname) ? 'default' : $appname;
    if (is_array($conditions)) {
        foreach ($conditions[1] as $key => $value) {
            if (isset($refObj->Fields[$value])) {
                $sql = str_replace($conditions[0][$key], "'" . addslashes($refObj->Fields[$value]) . "'", $sql);
            }
        }
    }
    $revalue = '';
    $Innertext = trim($ctag->GetInnerText());
    if ($sql == '' || $Innertext == '') {
        return '';
    }
    if (empty($sqlCt)) {
        $sqlCt = 0;
    }
    $ctp = new DedeTagParse();
    $ctp->SetNameSpace('field', '[', ']');
    $ctp->LoadSource($Innertext);
    $thisrs = 'sq' . $sqlCt;
    $GLOBALS['autoindex'] = 0;
    // 引入配置文件
    if ($appname != 'default') {
        require_once DEDEDATA . '/tag/sql.inc.php';
        global $sqltag;
        $config = $sqltag[$appname];
        if (!isset($config['dbname'])) {
            return '';
        }
        // 链接数据库
        $linkid = @mysql_connect($config['dbhost'], $config['dbuser'], $config['dbpwd']);
        if (!$linkid) {
            return '';
        }
        @mysql_select_db($config['dbname']);
        $mysqlver = explode('.', $dsql->GetVersion());
        $mysqlver = $mysqlver[0] . '.' . $mysqlver[1];
        // 设定数据库编码及长连接
        if ($mysqlver > 4.0) {
            @mysql_query("SET NAMES '" . $config['dblanguage'] . "', character_set_client=binary, sql_mode='', interactive_timeout=3600 ;", $linkid);
        }
        $prefix = "#@__";
        $sql = str_replace($prefix, $config['dbprefix'], $sql);
        // 校验SQL字符串并获取数组返回
        $sql = CheckSql($sql);
        $rs = @mysql_query($sql, $linkid);
        while ($row = mysql_fetch_array($rs, MYSQL_ASSOC)) {
            $sqlCt++;
            $GLOBALS['autoindex']++;
            // 根据程序判断编码类型,并进行转码,这里主要就是gbk和utf-8
            if (substr($cfg_soft_lang, 0, 2) != substr($config['dblanguage'], 0, 2)) {
                $row = AutoCharset($row, $config['dblanguage'], $cfg_soft_lang);
            }
            foreach ($ctp->CTags as $tagid => $ctag) {
                if ($ctag->GetName() == 'array') {
                    $ctp->Assign($tagid, $row);
                } else {
                    if (!empty($row[$ctag->GetName()])) {
                        $ctp->Assign($tagid, $row[$ctag->GetName()]);
                    } else {
                        $ctp->Assign($tagid, "");
                    }
                }
            }
            $revalue .= $ctp->GetResult();
        }
        @mysql_free_result($rs);
    } else {
        $dsql->Execute($thisrs, $sql);
        while ($row = $dsql->GetArray($thisrs)) {
            $sqlCt++;
            $GLOBALS['autoindex']++;
            foreach ($ctp->CTags as $tagid => $ctag) {
                if ($ctag->GetName() == 'array') {
                    $ctp->Assign($tagid, $row);
                } else {
                    if (!empty($row[$ctag->GetName()])) {
                        $ctp->Assign($tagid, $row[$ctag->GetName()]);
                    } else {
                        $ctp->Assign($tagid, "");
                    }
                }
            }
            $revalue .= $ctp->GetResult();
        }
    }
    return $revalue;
}
Exemple #12
0
<?php

if (isset($_GET['Submit'])) {
    // Retrieve data
    $id = $_GET['id'];
    $id = CheckSql($id, 'select');
    $getid = "SELECT first_name, last_name FROM users WHERE user_id = {$id}";
    $result = mysql_query($getid) or die('<pre>' . mysql_error() . '</pre>');
    $num = mysql_numrows($result);
    $i = 0;
    while ($i < $num) {
        $first = mysql_result($result, $i, "first_name");
        $last = mysql_result($result, $i, "last_name");
        $html .= '<pre>';
        $html .= 'ID: ' . $id . '<br>First name: ' . $first . '<br>Surname: ' . $last;
        $html .= '</pre>';
        $i++;
    }
}
//SQL语句过滤程序,由80sec提供,这里作了适当的修改
function CheckSql($db_string, $querytype = 'select')
{
    $clean = '';
    $error = '';
    $old_pos = 0;
    $pos = -1;
    $userIP = GetIP();
    $getUrl = GetCurUrl();
    //如果是普通查询语句,直接过滤一些特殊语法
    if ($querytype == 'select') {
        $notallow1 = "[^0-9a-z@\\._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@\\.-]{1,}";
Exemple #13
0
 function SetQuery($sql)
 {
     $prefix = "#@__";
     $sql = str_replace($prefix, $this->dbPrefix, $sql);
     $this->queryString = $sql;
     if ($this->safeCheck) {
         CheckSql($this->queryString);
         //检查安全性
     }
     return $this->queryString;
 }
Exemple #14
0
require_once 'product.class.php';
require_once 'link.class.php';
require_once 'category.class.php';
require_once 'navigate.class.php';
require_once 'cache.class.php';
require_once 'meta.class.php';
$tempinfo = new Templets();
$templets = $tempinfo->GetDefaultTemplets();
if ($templets == null) {
    $templets->directory = "default";
}
$tempinfo->template_dir = YIQIROOT . '/templets/' . $templets->directory . '/';
$tempinfo->assign("templets", $templets);
$tempinfo->compile_dir = YIQIROOT . '/cache/compile/';
$sql = "select * from yiqi_settings";
$settinglist = $yiqi_db->get_results(CheckSql($sql));
if (count($settinglist) > 0) {
    foreach ($settinglist as $settinginfo) {
        $tempinfo->assign($settinginfo->varname, $settinginfo->value);
    }
}
$categorydata = new Category();
$categorylist = $categorydata->GetSubCategory(0, "product");
$tempinfo->assign("categorylist", $categorylist);
$tempinfo->register_function("formaturl", "formaturl");
$tempinfo->register_function("readrss", "readrss");
//定义区域
$citys = array("zhengzhou" => "郑州", "taiyuan" => "太原", "xian" => "西安", "xinxiang" => "新乡", "xuchang" => "许昌", "jiaozuo" => "焦作", "anyang" => "安阳", "xinyang" => "信阳", "puyang" => "濮阳", "datong" => "大同");
$cv = $_GET['city'];
$city = $cv ? $citys[$cv] : "";
$tempinfo->assign('city', $city);
Exemple #15
0
 function Execute($id = "me", $sql = '')
 {
     global $dsql;
     if (!$dsql->isInit) {
         $this->Init($this->pconnect);
     }
     if ($dsql->isClose) {
         $this->Open(FALSE);
         $dsql->isClose = FALSE;
     }
     if (!empty($sql)) {
         $this->SetQuery($sql);
     }
     //SQL语句安全检查
     if ($this->safeCheck) {
         CheckSql($this->queryString);
     }
     $t1 = ExecTime();
     $this->result[$id] = mysql_query($this->queryString, $this->linkID);
     if ($this->recordLog) {
         $queryTime = ExecTime() - $t1;
         $this->RecordLog($queryTime);
     }
     if (!empty($this->result[$id]) && $this->result[$id] === FALSE) {
         $this->DisplayError(mysql_error() . " <br />Error sql: <font color='red'>" . $this->queryString . "</font>");
     }
 }
Exemple #16
0
 function TakeLinkList($skip = 0, $take = 10, $orderby = "displayorder")
 {
     global $yiqi_db;
     return $yiqi_db->get_results(CheckSql("select * from yiqi_link where status = 'ok' order by {$orderby} limit {$skip},{$take}"));
 }
Exemple #17
0
 function UpdateCount($pid)
 {
     global $yiqi_db;
     $sql = "UPDATE yiqi_product SET viewcount = viewcount+1 where pid = '{$pid}' limit 1";
     $yiqi_db->query(CheckSql($sql));
 }
Exemple #18
0
 function GetSubCategory($pid = 0, $type = 'article', $orderby = "displayorder")
 {
     global $yiqi_db;
     $sql = "select * from yiqi_category where pid = '{$pid}' and type = '{$type}' order by {$orderby}";
     $results = $yiqi_db->get_results(CheckSql($sql));
     if (count($results)) {
         return $results;
     } else {
         return null;
     }
 }
Exemple #19
0
 function TakeCommentsList($skip = 0, $take = 10, $orderby = "adddate desc")
 {
     global $yiqi_db;
     return $yiqi_db->get_results(CheckSql("select * from yiqi_comments order by {$orderby} limit {$skip},{$take}"));
 }
Exemple #20
0
function build()
{
    $timefile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".time";
    $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
    if ($GLOBALS["VERBOSE"]) {
        echo "{$timefile} = {$timefile}\n";
    }
    $unix = new unix();
    $pid = $unix->get_pid_from_file($pidfile);
    if ($unix->process_exists($pid)) {
        echo "Already PID {$pid} is running\n";
        die;
    }
    @file_put_contents($pidfile, getmypid());
    if (!$GLOBALS["VERBOSE"]) {
        $time = $unix->file_time_min($timefile);
        if ($time < 50) {
            echo "Only each 50mn\n";
            die;
        }
        @unlink($timefile);
        @file_put_contents($timefile, time());
    }
    $mysar = $unix->find_program("mysar");
    if (!is_file($mysar)) {
        echo "mysar, no such binary...\n";
        return;
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "TimeFile: {$timefile}\n";
    }
    $BaseWorkDir = "/var/log/squid";
    if (!($handle = opendir($BaseWorkDir))) {
        return;
    }
    while (false !== ($fileZ = readdir($handle))) {
        if ($fileZ == ".") {
            continue;
        }
        if ($fileZ == "..") {
            continue;
        }
        $filename = "{$BaseWorkDir}/{$fileZ}";
        if (is_dir($filename)) {
            continue;
        }
        $time = $unix->file_time_min($filename);
        $filedate = date('Y-m-d H:i:s', filemtime($filename));
        if (preg_match("#ziproxy#", $filename)) {
            continue;
        }
        if (preg_match("#access\\.log\\.[0-9]+\$#", $filename)) {
            continue;
        }
        if (preg_match("#sarg\\.log\\.[0-9]+\$#", $filename)) {
            @mkdir("/home/squid/sarg_logs");
            if (@copy($filename, "/home/squid/sarg_logs/" . basename($filename) . "." . filemtime($filename))) {
                @unlink($filename);
            }
            continue;
        }
    }
    $q = new mysql_squid_builder();
    if ($q->mysql_port != 3306) {
        $q->EnableSquidRemoteMySQL = 0;
    }
    echo "Build config Use remote MySQL server = {$q->EnableSquidRemoteMySQL}\n";
    $f[] = "username={$q->mysql_admin}";
    $f[] = "password={$q->mysql_password}";
    $f[] = "database=squidlogs";
    if ($q->EnableSquidRemoteMySQL == 1) {
        echo "Build config Use remote MySQL server = {$q->mysql_admin}@{$q->mysql_server}:{$q->mysql_password}\n";
        $f[] = "server={$q->mysql_server}:{$q->mysql_port}";
    } else {
        echo "Build config Use Local MySQL server = {$q->SocketName}\n";
        $f[] = "server=127.0.0.1";
    }
    $f[] = "pidfile=/var/run/mysar.pid";
    //$f[]="logfile=/var/log/squid/access.log";
    $syslog = new mysql_storelogs();
    //$syslog->checkTables();
    @file_put_contents("/etc/mysar.conf", @implode("\n", $f));
    CheckSql();
    echo "Done...\n";
    $NICE = $unix->EXEC_NICE();
}
Exemple #21
0
         $urlparam = array('name' => $product->filename, 'type' => 'product', 'generatehtml' => 1);
         $fileurl = formaturl($urlparam);
         $cachedata->WriteFileCache(YIQIROOT . '/' . $fileurl, $source, true);
         $alltrue = $all == "true" ? "all=true&" : '';
         $nextlink = "?" . $alltrue . "gt=product&ids=" . ($ids + 1);
         redirect("" . $nextlink);
     } elseif ($all == "true") {
         redirect("?all=true&gt=category");
     } else {
         $htmlmsg = "生成HTML完成.";
     }
     break;
 case "category":
     chmod(YIQIROOT . "/category/", 0777);
     $sql = "SELECT * from yiqi_category";
     $categorylist = $yiqi_db->get_results(CheckSql($sql));
     $categorycount = count($categorylist);
     if (!$ids) {
         $ids = 1;
     }
     if ($ids <= $categorycount) {
         $curpage = $_GET['page'];
         if ($curpage < 1) {
             $curpage = 1;
         }
         $alltrue = $all == "true" ? "all=true&" : '';
         $htmlmsg = "共 {$categorycount} 分类,正在生成第 {$ids} 个, 第 {$curpage} 页...";
         $category = $categorylist[$ids - 1];
         $source = getcategorysource($category, $curpage);
         $total = $source['totalpage'];
         $urlparam = array('name' => $category->filename, 'type' => 'category', 'generatehtml' => 1, 'page' => $curpage);
Exemple #22
0
function GetRegular($pid = 0)
{
    global $yiqi_db;
    $sql = "SELECT * FROM yiqi_regular WHERE pid = '{$pid}' order by displayorder";
    return $yiqi_db->get_results(CheckSql($sql));
}
Exemple #23
0
}
$commentdata = new Comments();
$commentcount = $commentdata->GetCommentsList();
$total = count($commentcount);
$take = 20;
$skip = ($curpage - 1) * $take;
$totalpage = (int) ($total % $take == 0 ? $total / $take : $total / $take + 1);
$commentlist = $commentdata->TakeCommentsList($skip, $take);
$action = $_POST["action"];
if ($action == "delete") {
    $idarr = $_POST["chk"];
    if (count($idarr) > 0) {
        foreach ($idarr as $id) {
            if (is_numeric($id)) {
                $sql = "DELETE FROM yiqi_comments WHERE cid = '{$id}' limit 1";
                $yiqi_db->query(CheckSql($sql));
            }
        }
        ShowMsg("指定留言删除成功");
    }
}
$adminpagetitle = "留言列表";
include "admin.header.php";
?>
<div class="main_body">
<form action="comments.php" method="post">
<table class="inputform" cellpadding="1" cellspacing="1">
<tr style="background:#f6f6f6;"><td class="w10"></td><td class="w20">标题</td><td class="w20">留言人姓名</td><td class="w20">联系方式</td><td class="w20">留言时间</td><td class="w10">相关操作</td></tr>
<?php 
if (count($commentlist) > 0) {
    foreach ($commentlist as $comment) {
Exemple #24
0
 function Execute($id = "me", $sql = '')
 {
     global $dsql;
     if ($dsql->isClose) {
         $this->Open(false);
         $dsql->isClose = false;
     }
     if (!empty($sql)) {
         $this->SetQuery($sql);
     }
     //SQL语句安全检查
     if ($this->safeCheck) {
         CheckSql($this->queryString);
     }
     $t1 = ExecTime();
     $this->result[$id] = mysql_query($this->queryString, $this->linkID);
     //$queryTime = ExecTime() - $t1;
     //查询性能测试
     //if($queryTime > 0.05) {
     //echo $this->queryString."--{$queryTime}<hr />\r\n";
     //}
     if ($this->result[$id] === false) {
         $this->DisplayError(mysql_error() . " <br />Error sql: <font color='red'>" . $this->queryString . "</font>");
     }
 }