function PwPost(&$forum) { global $db, $winddb, $groupid, $_time, $_G, $manager, $windid, $winduid; $this->db =& $db; $this->user =& $winddb; $this->groupid =& $groupid; $this->hours =& $_time['hours']; $this->forum =& $forum; $this->uid =& $winduid; $this->username =& $windid; $this->_G =& $_G; $this->isGM = CkInArray($this->username, $manager); $this->isBM = $this->forum->isBM($this->username); $this->admincheck = $this->isGM || $this->isBM; $this->allowhide = $this->forum->foruminfo['allowhide'] && $this->_G['allowhidden']; $this->allowsell = $this->forum->foruminfo['allowsell'] && $this->_G['allowsell']; $this->allowencode = $this->forum->forumset['allowencode'] && $this->_G['allowencode']; }
function wap_check($fid, $action) { global $db, $groupid, $_G, $_time, $db_titlemax, $db_postmin, $db_postmax, $subject, $content; $subject = trim($subject); $content = trim($content); if ($action == 'new' && (!$subject || strlen($subject) > $db_titlemax)) { wap_msg('subject_limit'); } if (strlen($content) >= $db_postmax || strlen($content) < $db_postmin) { wap_msg('content_limit'); } $fm = $db->get_one("SELECT f.forumadmin,f.fupadmin,f.password,f.allowvisit,f.f_type,f.f_check,f.allowpost,f.allowrp,fe.forumset FROM pw_forums f LEFT JOIN pw_forumsextra fe USING(fid) WHERE f.fid=" . pwEscape($fid)); $forumset = unserialize($fm['forumset']); if (!$fm || $fm['password'] != '' || $fm['f_type'] == 'hidden' || $fm['allowvisit'] && @strpos($fm['allowvisit'], ",{$groupid},") === false) { wap_msg('post_right'); } if ($action == 'new') { $isGM = CkInArray($GLOBALS['windid'], $GLOBALS['manager']); $isBM = admincheck($fm['forumadmin'], $fm['fupadmin'], $GLOBALS['windid']); if ($fm['f_check'] == '1' || $fm['f_check'] == '3') { wap_msg('post_right'); } if ($fm['allowpost'] && strpos($fm['allowpost'], ",{$groupid},") === false) { wap_msg('post_right'); } if (!$fm['allowpost'] && $_G['allowpost'] == 0) { wap_msg('post_group'); } if ($forumset['allowtime'] && !$isGM && !allowcheck($forumset['allowtime'], "{$_time['hours']}", '') && !pwRights($isBM, 'allowtime')) { wap_msg('post_right'); } } elseif ($action == 'reply') { if ($fm['f_check'] == '2' || $fm['f_check'] == '3') { wap_msg('reply_right'); } if ($fm['allowrp'] && strpos($fm['allowrp'], ",{$groupid},") === false) { wap_msg('reply_right'); } if (!$fm['allowrp'] && $_G['allowrp'] == 0) { wap_msg('reply_group'); } } }
function forumcheck($user, $groupid) { if ($this->foruminfo['f_type'] == 'former' && $groupid == 'guest' && $_COOKIE) { Showmsg('forum_former'); } if (!empty($this->foruminfo['style']) && file_exists(D_P . "data/style/{$this->foruminfo[style]}.php")) { $GLOBALS['skin'] = $this->foruminfo['style']; } $pwdcheck = GetCookie('pwdcheck'); if ($this->foruminfo['password'] != '' && ($groupid == 'guest' || $pwdcheck[$this->fid] != $this->foruminfo['password'] && !CkInArray($user['username'], $GLOBALS['manager']))) { require_once R_P . 'require/forumpw.php'; } if (!$this->allowvisit($user, $groupid)) { Showmsg('forum_jiami'); } if (!$this->foruminfo['cms'] && $this->foruminfo['f_type'] == 'hidden' && !$this->foruminfo['allowvisit']) { Showmsg('forum_hidden'); } }
function wind_forumcheck($forum) { global $windid, $groupid, $tid, $fid, $skin, $winddb, $manager; if ($forum['f_type'] == 'former' && $groupid == 'guest' && $_COOKIE) { Showmsg('forum_former'); } if (!empty($forum['style']) && file_exists(D_P . "data/style/{$forum['style']}.php")) { $skin = $forum['style']; } $pwdcheck = GetCookie('pwdcheck'); if ($forum['password'] != '' && ($groupid == 'guest' || $pwdcheck[$fid] != $forum['password'] && !CkInArray($windid, $manager))) { require_once R_P . 'require/forumpw.php'; } if ($forum['allowvisit'] && !allowcheck($forum['allowvisit'], $groupid, $winddb['groups'], $fid, $winddb['visit'])) { Showmsg('forum_jiami'); } if (!$forum['cms'] && $forum['f_type'] == 'hidden' && !$forum['allowvisit']) { Showmsg('forum_hidden'); } }
$query = $db->query("SELECT aid,COUNT(*) AS sum FROM pw_cnphoto WHERE aid IN(" . pwImplode(array($aid, $photo['aid'])) . ') GROUP BY aid'); while ($rt = $db->fetch_array($query)) { $phnum[$rt['aid']] = $rt['sum']; } if ($photo['path'] == $photo['lastphoto']) { $lastphoto = $db->get_value("SELECT path FROM pw_cnphoto WHERE aid=" . pwEscape($photo['aid']) . " ORDER BY pid DESC LIMIT 1"); } $db->update("UPDATE pw_cnalbum SET " . pwSqlSingle(array('photonum' => $phnum[$aid] ? $phnum[$aid] : 0, 'lastpid' => implode(',', getLastPid($aid)))) . ' WHERE aid=' . pwEscape($aid)); $db->update("UPDATE pw_cnalbum SET " . pwSqlSingle(array('photonum' => $phnum[$photo['aid']] ? $phnum[$photo['aid']] : 0, 'lastpid' => implode(',', getLastPid($photo['aid'])), 'lastphoto' => $lastphoto)) . ' WHERE aid=' . pwEscape($photo['aid'])); } refreshto("{$basename}a=view&pid={$pid}", 'operate_success'); } } elseif ($a == 'delphoto') { define('AJAX', '1'); InitGP(array('pid'), null, 2); $isGM = CkInArray($windid, $manager); !$isGM && $groupid == 3 && ($isGM = 1); if ($isGM) { $whereadd = ''; } else { $whereadd = " AND ca.ownerid=" . pwEscape($winduid); } $photo = $db->get_one("SELECT cp.path,cp.uploader,ca.aid,ca.lastphoto,ca.lastpid,m.uid FROM pw_cnphoto cp LEFT JOIN pw_cnalbum ca ON cp.aid=ca.aid LEFT JOIN pw_members m ON cp.uploader=m.username WHERE cp.pid=" . pwEscape($pid) . " AND ca.atype='0' {$whereadd}"); if (empty($photo)) { Showmsg('data_error'); } $db->update("DELETE FROM pw_cnphoto WHERE pid=" . pwEscape($pid)); $pwSQL = array(); if ($photo['path'] == $photo['lastphoto']) { $pwSQL['lastphoto'] = $db->get_value("SELECT path FROM pw_cnphoto WHERE aid=" . pwEscape($photo['aid']) . " ORDER BY pid DESC LIMIT 1"); }
$upmembers = $upmemdata = $upmeminfo = array(); if ($ifppt) { include_once D_P . 'data/bbscache/dbreg.php'; InitGP(array('propwd', 'proemail'), 'P'); if ($propwd || $userdb['email'] != $proemail) { if ($_POST['oldpwd']) { if (strlen($userdb['password']) == 16) { $_POST['oldpwd'] = substr(md5($_POST['oldpwd']), 8, 16); //支持 16 位 md5截取密码 } else { $_POST['oldpwd'] = md5($_POST['oldpwd']); } } $userdb['password'] != $_POST['oldpwd'] && Showmsg('pwd_confirm_fail'); if ($propwd) { CkInArray($windid, $manager) && Showmsg('pro_manager'); $propwd != $_POST['check_pwd'] && Showmsg('password_confirm'); if ($propwd != str_replace(array("\\", '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#', '%'), '', $propwd)) { Showmsg('illegal_password'); } list($rg_regminpwd, $rg_regmaxpwd) = explode("\t", $rg_pwdlen); if (strlen($propwd) < $rg_regminpwd) { Showmsg('reg_password_minlimit'); } elseif ($rg_regmaxpwd && strlen($propwd) > $rg_regmaxpwd) { Showmsg('reg_password_maxlimit'); } elseif ($rg_npdifferf && $propwd == $windid) { Showmsg('reg_nameuptopwd'); } if ($rg_pwdcomplex) { $arr_rule = array(); $arr_rule = explode(',', $rg_pwdcomplex);
function checkpass($CK) { Add_S($CK); global $db, $manager, $db_ifsafecv, $db_gdcheck; if ($_POST['Login_f'] == 1 && $db_gdcheck & 32) { GdConfirm($_POST['lg_num']); } if (CkInArray($CK[1], $manager)) { global $manager_pwd; $v_key = array_search($CK[1], $manager); if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) { $rt = $db->get_one("SELECT uid,username,groupid,groups,password,safecv FROM pw_members WHERE username="******"SELECT m.uid,m.username,m.groupid,m.groups,m.password,m.safecv,m.groupid,u.gptype,p.rvalue as allowadmincp FROM pw_members m LEFT JOIN pw_usergroups u ON u.gid=m.groupid LEFT JOIN pw_permission p ON p.uid='0' AND p.fid='0' AND p.gid=m.groupid AND p.rkey='allowadmincp' WHERE m.username=" . pwEscape($CK[1])); if (!$rt['allowadmincp'] || $rt['gptype'] != 'system' && $rt['gptype'] != 'special' || $db_ifsafecv && $rt['safecv'] != $CK['3']) { return false; } if (!SafeCheck($CK, PwdCode($rt['password'])) || !admincheck($rt['uid'], $CK[1], $rt['groupid'], $rt['groups'], 'check')) { return false; } $rightset = $db->get_value('SELECT value FROM pw_adminset WHERE gid=' . pwEscape($rt['groupid'])); if ($rightset) { if (!is_array($rightset = unserialize($rightset))) { $rightset = array(); } } else { $rightset = array(); } require GetLang('purview'); foreach ($rightset as $key => $value) { $rightset[$key] = isset($purview[$key]) && $rightset[$key] == 1 ? 1 : 0; } $rightset['gid'] = $rt['groupid']; } return $rightset; }
function pingCheck($checkType = '') { global $db_pingtime, $timestamp, $gp_gptype, $winduid, $windid, $manager, $_G; $pids = array_keys($this->postData); foreach ($pids as $k => $v) { !is_numeric($v) && ($pids[$k] = 0); } foreach ($this->postData as $pid => $post) { if ($db_pingtime && $timestamp - $post['postdate'] > $db_pingtime * 3600 && $gp_gptype != 'system') { return 'pingtime_over'; } if ($winduid == $post['authorid'] && $checkType == 1 && !CkInArray($windid, $manager)) { return 'masigle_manager'; } } if ($checkType == '1' && $_G['markable'] < 2 && $this->isPing($this->tid, $pids)) { return 'no_markagain'; } if ($checkType == '2' && $this->isNotPing($this->tid, $pids)) { return 'have_not_showping'; } return true; }
adminmsg('manager_errorusername'); } $key = (int) array_search($oldname, $manager); if (!$password) { $password = $manager_pwd[$key]; } else { if (GetGP('check_pwd') != $password) { adminmsg('password_confirm'); } if (str_replace(array('\\', '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#'), '', $password) != $password) { adminmsg('manager_errorpassword'); } $password = $manager_pwd[$key] = md5($password); } if ($username != $oldname) { if (CkInArray($username, $manager)) { adminmsg('manager_had'); } $manager[$key] = $username; $oldname == $admin_name && Cookie('AdminUser', '', 0); } $newconfig = array('dbhost' => $dbhost, 'dbuser' => $dbuser, 'dbpw' => $dbpw, 'dbname' => $dbname, 'database' => $database, 'PW' => $PW, 'pconnect' => $pconnect, 'charset' => $charset, 'manager' => $manager, 'manager_pwd' => $manager_pwd, 'db_hostweb' => $db_hostweb, 'attach_url' => $attach_url); require_once R_P . 'require/updateset.php'; write_config($newconfig); unset($newconfig); pwUpdateManager($username, $password); adminmsg('operate_success'); } } elseif ($action == 'delete') { if ($_POST['step'] != 2) { $inputmsg = '<input name="step" type="hidden" value="2" /><input name="action" type="hidden" value="delete" /><input name="username" type="hidden" value="' . $oldname . '" />';
$query = $db->query("SELECT uid,username,email,icon as face,regdate,honor FROM pw_members WHERE {$where} " . "ORDER BY regdate DESC " . $limit); while ($rt = $db->fetch_array($query)) { list($rt['face']) = showfacedesign($rt['face'], '1', 'm'); $rt['regdate'] = get_date($rt['regdate']); $rt['honor'] = substrs($rt['honor'], 50); $members[] = $rt; } } else { $mfriendkeys = $friendkeys = array(); if ($myfriends = getFriends($winduid, 0)) { $friendkeys = array_keys($myfriends); if ($friendkeys) { $query = $db->query('SELECT friendid FROM pw_friends WHERE uid IN(' . pwImplode($friendkeys) . ') AND status=0 LIMIT 30'); $mfriends = array(); while ($rt = $db->fetch_array($query)) { if ($rt['friendid'] != $winduid && !CkInArray($rt['friendid'], $friendkeys)) { isset($mfriends[$rt['friendid']]) ? $mfriends[$rt['friendid']]++ : ($mfriends[$rt['friendid']] = 1); } } arsort($mfriends); if (count($mfriends) > 6) { $i = 0; $temp_friend = array(); foreach ($mfriends as $key => $value) { $temp_friend[$key] = $value; $i++; if ($i == 6) { break; } } $mfriends = $temp_friend;
$per['uploadmaxsize'] = ceil(($gRight['uploadmaxsize'] ? $gRight['uploadmaxsize'] : $db_uploadmaxsize) / 1024); !$gRight['uploadtype'] && ($gRight['uploadtype'] = $db_uploadfiletype); $gRight['uploadtype'] = unserialize($gRight['uploadtype']); $per['uptype'] = ''; foreach ($gRight['uploadtype'] as $key => $value) { $per['uptype'] .= ($per['uptype'] ? ', ' : '') . "{$key}:{$value}"; } unset($creditdb, $groups, $value, $ltitle, $gRight); } else { require_once R_P . 'require/forum.php'; if (!($rt = L::forum($fid))) { Showmsg('data_error'); } (!$rt || $rt['type'] == 'category') && Showmsg('data_error'); $forumset = $rt['forumset']; if (!CkInArray($windid, $manager)) { wind_forumcheck($rt); } $forumset['link'] && Showmsg('data_error'); $per = $forumright = array(); $creditset = $credit->creditset($rt['creditset'], $db_creditset); foreach ($creditset as $key => $value) { foreach ($value as $k => $v) { $forumright[$k][$key] = (int) $v; } } $per['upload'] = $per['down'] = $per['rp'] = $per['post'] = $per['visit'] = 1; $per['name'] = strip_tags($rt['name']); if ($rt['allowvisit'] && strpos($rt['allowvisit'], ',' . $groupid . ',') === false) { $per['visit'] = 0; }
$sys_mail = 'Disabled'; } @extract($db->get_one('SELECT totalmember,yposts FROM pw_bbsinfo WHERE id=1')); @extract($db->get_one('SELECT SUM(topic) AS threads,SUM(article) AS posts FROM pw_forumdata')); $hits = $db->get_value('SELECT SUM(hits) FROM pw_threads'); $cachetime = $timestamp + 60 * 60 * 12; writeover(D_P . 'data/bbscache/admin_cache.php', "<?php die;?>{$cachetime}|{$pw_size}|{$o_size}|{$dbversion}|{$max_upload}|{$max_ex_time}|{$sys_mail}|{$totalmember}|{$threads}|{$posts}|{$hits}|{$yposts}\r\n{$cachetext[1]}"); } $altertime = gmdate('Y-m-d H:i', $timestamp + $db_timedf * 3600); $systemtime = $db_cvtime == 0 ? $altertime : gmdate('Y-m-d H:i', time() + $db_timedf * 3600); $sysversion = PHP_VERSION; $sysos = str_replace('PHP/' . $sysversion, '', GetServer('SERVER_SOFTWARE')); $ifcookie = isset($_COOKIE) ? 'SUCCESS' : 'FAIL'; } if (!$job || $job == 'desktop') { if (CkInArray($admin_name, $manager)) { $u = 1; if (pwWritable(D_P . 'data/sql_config.php')) { $warnid += 1; } if (is_dir('data')) { $warnid += 2; } if (ini_get('register_globals')) { $warnid += 4; } if (file_exists('admin.php')) { $warnid += 8; } if (!$db_ifsafecv || strpos($db_safegroup, ',3,') === false || strpos($db_safegroup, ',4,') === false || strpos($db_safegroup, ',5,') === false) { $warnid += 16;
function checkName($regname) { if (!PW_Register::checkNameLen(strlen($regname))) { Showmsg('reg_username_limit'); } if (str_replace($this->illegalChar, '', $regname) != $regname) { Showmsg('illegal_username'); } if (!L::reg('rg_rglower') && !PW_Register::checkRglower($regname)) { Showmsg('username_limit'); } if (CkInArray(strtolower($regname), array('guest', 'system'))) { Showmsg('illegal_username'); } $banname = explode(',', L::reg('rg_banname')); foreach ($banname as $key => $value) { if ($value && strpos($regname, $value) !== false) { Showmsg('illegal_username'); } } if ($regname !== Sql_cv($regname)) { Showmsg('illegal_username'); } }
$rt['content'] = str_replace("\n", "<br>", $rt['content']); include_once D_P . 'data/bbscache/wordsfb.php'; foreach ($alarm as $key => $value) { $rt['content'] = str_replace($key, '<span style="background-color:#ffff66">' . $key . '</span>', $rt['content']); } include PrintEot('content'); exit; } elseif ($type == 'post') { $pw_posts = GetPtable('N', $tid); $rt = $db->get_one("SELECT pid,tid,subject,content FROM {$pw_posts} WHERE pid=" . pwEscape($id)); $rt['content'] = str_replace("\n", "<br>", $rt['content']); include_once D_P . 'data/bbscache/wordsfb.php'; foreach ($alarm as $key => $value) { $rt['content'] = str_replace($key, '<span style="background-color:#ffff66">' . $key . '</span>', $rt['content']); } include PrintEot('content'); exit; } elseif ($type == 'message') { $rt = $db->get_one("SELECT m.touid,mc.title,mc.content FROM pw_msg m LEFT JOIN pw_msgc mc USING(mid) WHERE m.mid=" . pwEscape($id)); $msg = $db->get_one("SELECT username,groupid FROM pw_members WHERE uid=" . pwEscape($rt['touid'])); if ($msg['username'] && CkInArray($msg['username'], $manager) && !If_manager) { adminmsg('msg_managerright'); } if ($msg['groupid'] == 3 && $admin_gid != 3) { adminmsg('msg_adminright'); } $rt['subject'] = $rt['title']; $rt['content'] = str_replace("\n", "<br>", $rt['content']); include PrintEot('content'); exit; }
if ($filesize) { if ($ifless) { $sql .= " AND (size<" . pwEscape($filesize) . ')'; } else { $sql .= " AND (size>" . pwEscape($filesize) . ')'; } } if ($postdate1) { $uploadtime = PwStrtoTime($postdate1); is_numeric($uploadtime) && ($sql .= " AND uploadtime>" . pwEscape($uploadtime)); } if ($postdate2) { $uploadtime = PwStrtoTime($postdate2); is_numeric($uploadtime) && ($sql .= " AND uploadtime<" . pwEscape($uploadtime)); } if (CkInArray($orderway, array('uploadtime', 'size', 'rvrc', 'name', 'hits'))) { $order = "ORDER BY {$orderway}"; $asc == 'DESC' && ($order .= ' ' . $asc); } else { $order = ''; } $pernum = is_numeric($pernum) ? $pernum : 20; $page < 1 && ($page = 1); $limit = pwLimit(($page - 1) * $pernum, $pernum); $rt = $db->get_one("SELECT COUNT(*) AS count FROM pw_attachs WHERE {$sql}"); $sum = $rt['count']; $numofpage = ceil($sum / $pernum); $pages = numofpage($sum, $page, $numofpage, "{$basename}&action=search&fid={$fid}&uid={$uid}&filename=" . rawurlencode($filename) . "&hits={$hits}&ifmore={$ifmore}&filesize={$filesize}&ifless={$ifless}&orderway={$orderway}&asc={$asc}&postdate1={$postdate1}&postdate2={$postdate2}&pernum={$pernum}&"); $attachdb = $thread = array(); $query = $db->query("SELECT * FROM pw_attachs WHERE {$sql} {$order} {$limit}"); while (@extract($db->fetch_array($query))) {
!defined('W_P') && exit('Forbidden'); !$windid && wap_msg('not_login'); InitGP(array('action', 'tid')); $rts = array(); $result = $db->query("SELECT typeid FROM pw_collection WHERE type = 'postfavor' AND typeid = " . S::sqlEscape($tid) . " AND uid = " . S::sqlEscape($winduid)); while ($rt = $db->fetch_array($result)) { $rts[] = $rt['typeid']; } $rs['tids'] = implode(',', $rts); $rs['type'] = ''; if ($rs['tids']) { $count = 0; $tiddb = getFavor($rs['tids']); foreach ($tiddb as $key => $t) { if (is_array($t)) { if (CkInArray($tid, $t)) { favShowMsg('job_favor_error'); } $count += count($t); } else { unset($tiddb[$key]); } } $count > $_G['maxfavor'] && favShowMsg('job_favor_full'); InitGP(array('type'), 2); $typeid = array('0' => 'default'); if ($rs['type']) { $typeid = array_merge($typeid, explode(',', $rs['type'])); if (!isset($type)) { echo 'type' . $type; }
$userdb['todaypost'] = 0; } $averagepost = round($userdb['postnum'] / ceil(($timestamp - $userdb['regdate']) / (3600 * 24)), 2); $userdb['regdate'] = get_date($userdb['regdate'], 'Y-m-d'); $userdb['lastvisit'] = get_date($userdb['lastvisit'], 'Y-m-d'); $userdb['onlineip'] = explode('|', $userdb['onlineip']); $userdb['introduce'] = nl2br($userdb['introduce']); $all_userinfo = array('gender', 'bday', 'location', 'digests', 'todaypost', 'oicq', 'yahoo', 'msn', 'email', 'onlinetime', 'regdate', 'lastvisit', 'onlineip', 'uid'); $need_userinfo = array('digests', 'todaypost', 'onlinetime', 'regdate', 'lastvisit', 'uid'); foreach ($all_userinfo as $key => $value) { if (!in_array($value, $need_userinfo)) { if (empty($userdb[$value])) { continue; } if ($value == 'email') { if (!getstatus($userdb['userstatus'], 7) && !CkInArray($windid, $manager) && $userdb['uid'] != $winduid) { continue; } } elseif ($value == 'onlineip') { if (!$isGM && $groupid != '3' && $winduid != $userdb['uid']) { continue; } $userdb[$value] = $userdb[$value][0]; } elseif ($value == 'gender') { $userdb[$value] = getLangInfo('other', 'gender_' . $userdb[$value]); } } $user_profile[$value] = array(getLangInfo('other', 'profile_' . $value), $userdb[$value]); } $userdb['site'] = $userdb['site'] ? '<a href="' . $userdb['site'] . '" target="_blank" >' . $userdb['site'] . '</a>' : ''; //用户app统计
} $e_check == 0 && wap_msg('email_check'); } $email_check = $db->get_one('SELECT COUNT(*) AS count FROM pw_members WHERE email=' . pwEscape($regemail)); if ($email_check['count']) { wap_msg('reg_email_have_same', $basename); } } if ($regname !== Sql_cv($regname)) { wap_msg('illegal_username', $basename); } $rs = $db->get_one('SELECT COUNT(*) AS count FROM pw_members WHERE username='******'count'] > 0) { wap_msg('username_same', $basename); } CkInArray(strtolower($regname), array('guest', 'system')) && wap_msg('illegal_username'); $rg_banname = explode(',', $rg_banname); foreach ($rg_banname as $value) { if ($value && strpos($regname, $value) !== false) { wap_msg('illegal_username', $basename); } } if ($rg_ifcheck == '1') { $rg_groupid = '7'; //后台控制是否需要验证 } else { $rg_groupid = '-1'; } if ($rg_emailcheck == 1) { $rg_yz = num_rand(9); } else {
function deleteThreadsHander($tidarray) { global $windid, $manager, $groupid; PostCheck(); (!CkInArray($windid, $manager) || $groupid != 3) && Showmsg('mawhole_right'); if ($tidarray == "") { Showmsg('data_error'); } $tidarray = explode("|", $tidarray); if (!is_array($tidarray)) { Showmsg('data_error'); } $forums = array(); foreach ($tidarray as $v) { if ($v == "") { continue; } list($fid, $tid) = explode("_", $v); if (intval($fid) < 0 && intval($tid) < 0) { continue; } $forums[$fid][] = $tid; } $threadManager = L::loadclass('threadmanager'); foreach ($forums as $fid => $threadIds) { $threadManager->deleteByThreadIds($fid, $threadIds); } echo getLangInfo('other', 'search_manager_success'); ajax_footer(); }
$tmpIP = ip2long($onlineip); if ($tmpIP != -1 && $tmpIP !== FALSE) { $tmpVisitips = explode(',', $db_visitips); foreach ($tmpVisitips as $value) { if (!trim($value)) { continue; } $tmpSIP = ip2long(str_replace('*', '1', $value)); $tmpEIP = ip2long(str_replace('*', '255', $value)); if ($tmpIP >= $tmpSIP && $tmpIP <= $tmpEIP) { $tmpAllowvisit = true; break; } } } } if ($tmpAllowvisit === false) { if (!$windid) { Showmsg($db_visitmsg); } elseif (!CkInArray($windid, $manager) && strpos($db_visitgroup, ',' . $groupid . ',') === false && strpos(strtolower($db_visituser), ',' . strtolower($windid) . ',') === false) { PwNewDB(); require_once R_P . 'require/checkpass.php'; Loginout(); Showmsg('visiter_login'); } } } elseif (!$windid) { Showmsg($db_visitmsg); } } unset($AdminUser, $CK, $bbsclose);
} else { $userinbbs = $guestinbbs = 0; $query = $db->query("SELECT uid!=0 as ifuser,COUNT(*) AS count FROM pw_online GROUP BY uid!='0'"); while ($rt = $db->fetch_array($query)) { if ($rt['ifuser']) { $userinbbs = $rt['count']; } else { $guestinbbs = $rt['count']; } } } if ($db_indexonline) { InitGP(array('online')); empty($online) && ($online = GetCookie('online')); if ($online == 'yes') { if ($guestinbbs + $userinbbs > 2000 && !CkInArray($windid, $manager)) { $online = 'no'; } else { $db_online = intval($db_online); include_once Pcv(R_P . "require/online_{$db_online}.php"); } } Cookie('online', $online); } $usertotal = $guestinbbs + $userinbbs; $showgroup = $db_showgroup ? explode(',', $db_showgroup) : array(); // Share union if ($db_indexmqshare && $sharelink[1]) { $sharelink[1] = "<marquee scrolldelay=\"100\" scrollamount=\"4\" onmouseout=\"if (document.all!=null){this.start()}\" onmouseover=\"if (document.all!=null){this.stop()}\" behavior=\"alternate\">{$sharelink['1']}</marquee>"; } //update pw_feed
function isGM($name) { global $manager; return CkInArray($name, $manager); }
function checkuptoadmin($CK) { Add_S($CK); global $db, $manager; if (is_array($manager) && CkInArray($CK[1], $manager)) { global $manager_pwd; $v_key = array_search($CK[1], $manager); if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) { $rt = $db->get_one("SELECT uid,username,groupid,groups,password FROM pw_members WHERE username="******"SELECT uid,username,groupid,groups,password FROM pw_members WHERE username=" . pwEscape($CK[1])); if (!SafeCheck($CK, PwdCode($rt['password']))) { return false; } } return true; } else { return false; } }
<?php define('SCR', 'sendpwd'); require_once 'global.php'; require L::style('', $skinco, true); if ("wind" != $tplpath && file_exists(D_P . 'data/style/' . $tplpath . '_css.htm')) { $css_path = D_P . 'data/style/' . $tplpath . '_css.htm'; } else { $css_path = D_P . 'data/style/wind_css.htm'; } S::gp(array('action')); !CkInArray($action, array('getback', 'getverify', 'checkverify')) && ($action = 'sendpwd'); //!CkInArray($action ,array('getverify','checkverify')) && require_once(R_P.'require/header.php');; if ($action == 'sendpwd') { if ($_POST['step'] != 2) { if ($db_authstate && $db_authgetpwd) { $authService = L::loadClass('Authentication', 'user'); list($authStep, $remainTime, $waitTime, $mobile) = $authService->getStatus('findpwd'); $authStep_1 = $authStep_2 = 'none'; ${'authStep_' . $authStep} = ''; $verifyUsername = $authStep == 1 ? '' : getCookie('findpwd_verifyUsername'); } require_once PrintEot('sendpwd'); footer(); } else { PostCheck(0, $db_gdcheck & 16); S::gp(array('type', 'pwuser', 'email', 'authmobile', 'question', 'customquest', 'answer')); $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $userarray = $userService->getByUserName($pwuser); if ($db_ifsafecv) {
} } } elseif ($type == 'msg') { $msgdb = array(); $pages = ''; $page = $_GET['page']; (int) $page < 1 && ($page = 1); $query = $db->query('SELECT id,uid,username,toname,msgtype,posttime,savetime,message FROM pw_forummsg WHERE fid=' . pwEscape($fid) . ' ORDER BY posttime DESC ' . pwLimit(($page - 1) * $db_perpage, $db_perpage)); while ($rt = $db->fetch_array($query)) { if ($rt['savetime'] < $timestamp) { $db->query("DELETE FROM pw_forummsg WHERE id='{$rt['id']}'"); } else { $rt['posttime'] = $rt['posttime'] ? get_date($rt['posttime'], 'Y-m-d H:i') : '--'; $rt['savetime'] = $rt['savetime'] ? get_date($rt['savetime'], 'Y-m-d H:i') : '--'; if (strpos($rt['toname'], ',' . $windid . ',') !== false && $rt['msgtype'] == '2' || $groupid == '3' || $groupid == '4' || CkInArray($windid, $manager) || $rt['msgtype'] == '1' || $rt['uid'] == $winduid) { if ($rt['uid'] != $winduid && $groupid != '3' && $groupid != '4' && CkInArray($windid, $manager) === false) { $rt['ifuse'] = 'disabled'; } else { $rt['ifuse'] = ''; } $msgdb[] = $rt; } } } $db->free_result($query); $count = $db->get_value('SELECT COUNT(*) FROM pw_forummsg WHERE fid=' . pwEscape($fid)); if ($count > $db_perpage) { require_once R_P . 'require/forum.php'; $pages = numofpage($count, $page, ceil($count / $db_perpage), "forumcp.php?action=edit&fid={$fid}&type={$type}&"); } if ($_POST['demsg']) {
adminmsg('msg_adminright'); } if ($type == 'rebox' || $type == 'sebox') { $sql .= " AND m.type=" . pwEscape($type) . "AND m.fromuid=" . pwEscape($rt['uid']); } else { $sql .= " AND m.fromuid=" . pwEscape($rt['uid']); } } } if ($touser) { $touser = str_replace('*', '%', $touser); $rt = $db->get_one("SELECT uid,username,groupid FROM pw_members WHERE username LIKE " . pwEscape($touser)); if (!$rt) { $errorname = $touser; adminmsg('user_not_exists'); } elseif (CkInArray($rt['username'], $manager) && !If_manager) { adminmsg('msg_managerright'); } elseif ($rt['groupid'] == 3 && $admin_gid != 3) { adminmsg('msg_adminright'); } if ($type == 'rebox' || $type == 'sebox') { $sql .= " AND m.type=" . pwEscape($type) . "AND m.touid=" . pwEscape($rt['uid']); } else { $sql .= " AND m.touid=" . pwEscape($rt['uid']); } } if ($msgdate) { $schtime = $timestamp - $msgdate * 24 * 3600; $sql .= " AND m.mdate<" . pwEscape($schtime); } $rs = $db->get_one("SELECT COUNT(*) AS count FROM pw_msg m{$mc_tab} WHERE {$sql}");
} elseif ($_POST['action'] == 'editforum') { InitGP(array('forumadmin'), 'P', 0); InitGP(array('order'), 'P', 2); $errorname = array(); $forumdb = $db->query("SELECT fid,forumadmin,vieworder FROM pw_forums WHERE cms!='1'"); while ($foruminfo = $db->fetch_array($forumdb)) { $pwSQL = $admin_a = $admin_n = $admin_d = array(); if ($foruminfo['forumadmin'] != $forumadmin[$foruminfo['fid']] && $foruminfo['forumadmin'] != ',' . $forumadmin[$foruminfo['fid']] . ',') { $admin_a = explode(',', $forumadmin[$foruminfo['fid']]); if ($admin_a) { $query = $db->query("SELECT username FROM pw_members WHERE username IN (" . pwImplode($admin_a) . ")"); while ($member = $db->fetch_array($query)) { $admin_d[] = $member['username']; } foreach ($admin_a as $value) { if (CkInArray($value, $admin_d)) { $admin_n[] = $value; } } } if ($admin_n) { $pwSQL['forumadmin'] = ',' . implode(',', $admin_n) . ','; } else { $pwSQL['forumadmin'] = ''; } $errorname = array_merge($errorname, array_diff($admin_a, $admin_n)); } if ($order[$foruminfo['fid']] != $foruminfo['vieworder']) { $pwSQL['vieworder'] = $order[$foruminfo['fid']]; } if ($pwSQL) {
Ipban(); Cookie('lastvisit', $c_oltime . "\t" . $timestamp . "\t" . $REQUEST_URI); if ($groupid == 'guest' && $db_guestdir && GetGcache()) { require_once R_P . 'require/guestfunc.php'; getguestcache(); } PwNewDB(); unset($db_whybbsclose, $db_whycmsclose, $db_ipban, $db_diy, $dbhost, $dbuser, $dbpw, $dbname, $pconnect, $manager_pwd, $newmanager); if ($groupid == 'guest') { require_once D_P . 'data/groupdb/group_2.php'; } elseif (file_exists(D_P . "data/groupdb/group_{$groupid}.php")) { require_once Pcv(D_P . "data/groupdb/group_{$groupid}.php"); } else { require_once D_P . 'data/groupdb/group_1.php'; } if ($_G['pwdlimitime'] && !CkInArray($windid, $manager) && $timestamp - 86400 * $_G['pwdlimitime'] > $winddb['pwdctime'] && !defined('PRO')) { Showmsg('pwdchange_prompt'); } //获取页面title信息 $pw_seoset = L::loadClass('seoset'); $webPageTitle = $pw_seoset->getPageTitle(); $metaDescription = $pw_seoset->getPageMetadescrip(); $metaKeywords = $pw_seoset->getPageMetakeyword(); function runTask() { $taskClass = L::loadclass('task'); $taskClass->run(); } function runJob() { global $db_job_isopen, $winduid, $groupid;
function hidden($cost, $code) { global $groupid, $code_num, $code_htm; $code_num++; if ($groupid != 'guest') { global $db, $isGM, $winddb, $userrvrc, $userpath, $windid, $tpc_author, $_CREDITDB, $winduid, $db_enhideset, $pwEncodeHide; static $sCredit = null; list($creditvalue, $credittype) = explode(',', $cost); if (!$credittype || !CkInArray($credittype, $db_enhideset['type'])) { $credittype = 'rvrc'; } if (in_array($credittype, array('money', 'rvrc', 'credit', 'currency'))) { $creditname = $GLOBALS['db_' . $credittype . 'name']; $usercredit = $credittype == 'rvrc' ? $userrvrc : $winddb[$credittype]; } elseif (isset($_CREDITDB[$credittype])) { $creditname = $_CREDITDB[$credittype][0]; if (!isset($sCredit)) { $query = $db->query("SELECT uid,cid,value FROM pw_membercredit WHERE uid=" . pwEscape($winduid)); while ($rt = $db->fetch_array($query)) { $sCredit[$rt['cid']] = $rt['value']; } $db->free_result($query); } $usercredit = $sCredit[$credittype]; } else { $creditname = $GLOBALS['db_moneyname']; $usercredit = $winddb['money']; } $creditvalue = intval(trim(stripslashes($creditvalue))); if ($windid != $tpc_author && $usercredit < $creditvalue && !$isGM && !$pwEncodeHide) { $code = "<blockquote class=\"blockquote\" style=\"margin:10px 0;\">" . getLangInfo('bbscode', 'bbcode_encode1', array('name' => $creditname, 'value' => $creditvalue)) . "</blockquote>"; } else { $code = "<h6 class=\"quote\" style=\"padding:0;margin:0;\"><span class=\"s3 f12 fn\">" . getLangInfo('bbscode', 'bbcode_encode2', array('name' => $creditname, 'value' => $creditvalue)) . "</span></h6><blockquote class=\"blockquote\" style=\"margin:10px 0;\">" . str_replace('\\"', '"', $code) . "</blockquote>"; } } else { $code = "<blockquote class=\"blockquote\" style=\"margin:10px 0;\">" . getLangInfo('bbscode', 'bbcode_encode3') . "</blockquote>"; } $code_htm[4][$code_num] = $code; return "<\twind_code_{$code_num}\t>"; }
} } } } } } $jscredit = pwJsonEncode($markset); if (!$admincheck && !$_G['markable'] || !$credittype) { Showmsg('no_markright'); } $anonymous = 0; foreach ($atcdb as $pid => $atc) { if ($db_pingtime && $timestamp - $atc['postdate'] > $db_pingtime * 3600 && $gp_gptype != 'system') { Showmsg('pingtime_over'); } if ($winduid == $atc['authorid'] && !CkInArray($windid, $manager)) { Showmsg('masigle_manager'); } $has_ping = $db->get_one("SELECT * FROM pw_pinglog WHERE fid=" . pwEscape($fid) . " AND tid=" . pwEscape($tid) . " AND pid=" . pwEscape(intval($pid)) . " AND pinger=" . pwEscape($windid) . " LIMIT 1"); if ($_POST['step'] == 1 && $_G['markable'] < 2 && $has_ping) { Showmsg('no_markagain'); } if ($_POST['step'] > 1 && !$has_ping) { Showmsg('have_not_showping'); } $atc['anonymous'] && $anonymous++; } $count = count($atcdb); if (empty($_POST['step'])) { $creditselect = ''; foreach ($credittype as $key => $cid) {