Exemple #1
0
 function PwPost(&$forum)
 {
     global $db, $winddb, $groupid, $_time, $_G, $manager, $windid, $winduid;
     $this->db =& $db;
     $this->user =& $winddb;
     $this->groupid =& $groupid;
     $this->hours =& $_time['hours'];
     $this->forum =& $forum;
     $this->uid =& $winduid;
     $this->username =& $windid;
     $this->_G =& $_G;
     $this->isGM = CkInArray($this->username, $manager);
     $this->isBM = $this->forum->isBM($this->username);
     $this->admincheck = $this->isGM || $this->isBM;
     $this->allowhide = $this->forum->foruminfo['allowhide'] && $this->_G['allowhidden'];
     $this->allowsell = $this->forum->foruminfo['allowsell'] && $this->_G['allowsell'];
     $this->allowencode = $this->forum->forumset['allowencode'] && $this->_G['allowencode'];
 }
Exemple #2
0
function wap_check($fid, $action)
{
    global $db, $groupid, $_G, $_time, $db_titlemax, $db_postmin, $db_postmax, $subject, $content;
    $subject = trim($subject);
    $content = trim($content);
    if ($action == 'new' && (!$subject || strlen($subject) > $db_titlemax)) {
        wap_msg('subject_limit');
    }
    if (strlen($content) >= $db_postmax || strlen($content) < $db_postmin) {
        wap_msg('content_limit');
    }
    $fm = $db->get_one("SELECT f.forumadmin,f.fupadmin,f.password,f.allowvisit,f.f_type,f.f_check,f.allowpost,f.allowrp,fe.forumset FROM pw_forums f LEFT JOIN pw_forumsextra fe USING(fid) WHERE f.fid=" . pwEscape($fid));
    $forumset = unserialize($fm['forumset']);
    if (!$fm || $fm['password'] != '' || $fm['f_type'] == 'hidden' || $fm['allowvisit'] && @strpos($fm['allowvisit'], ",{$groupid},") === false) {
        wap_msg('post_right');
    }
    if ($action == 'new') {
        $isGM = CkInArray($GLOBALS['windid'], $GLOBALS['manager']);
        $isBM = admincheck($fm['forumadmin'], $fm['fupadmin'], $GLOBALS['windid']);
        if ($fm['f_check'] == '1' || $fm['f_check'] == '3') {
            wap_msg('post_right');
        }
        if ($fm['allowpost'] && strpos($fm['allowpost'], ",{$groupid},") === false) {
            wap_msg('post_right');
        }
        if (!$fm['allowpost'] && $_G['allowpost'] == 0) {
            wap_msg('post_group');
        }
        if ($forumset['allowtime'] && !$isGM && !allowcheck($forumset['allowtime'], "{$_time['hours']}", '') && !pwRights($isBM, 'allowtime')) {
            wap_msg('post_right');
        }
    } elseif ($action == 'reply') {
        if ($fm['f_check'] == '2' || $fm['f_check'] == '3') {
            wap_msg('reply_right');
        }
        if ($fm['allowrp'] && strpos($fm['allowrp'], ",{$groupid},") === false) {
            wap_msg('reply_right');
        }
        if (!$fm['allowrp'] && $_G['allowrp'] == 0) {
            wap_msg('reply_group');
        }
    }
}
Exemple #3
0
 function forumcheck($user, $groupid)
 {
     if ($this->foruminfo['f_type'] == 'former' && $groupid == 'guest' && $_COOKIE) {
         Showmsg('forum_former');
     }
     if (!empty($this->foruminfo['style']) && file_exists(D_P . "data/style/{$this->foruminfo[style]}.php")) {
         $GLOBALS['skin'] = $this->foruminfo['style'];
     }
     $pwdcheck = GetCookie('pwdcheck');
     if ($this->foruminfo['password'] != '' && ($groupid == 'guest' || $pwdcheck[$this->fid] != $this->foruminfo['password'] && !CkInArray($user['username'], $GLOBALS['manager']))) {
         require_once R_P . 'require/forumpw.php';
     }
     if (!$this->allowvisit($user, $groupid)) {
         Showmsg('forum_jiami');
     }
     if (!$this->foruminfo['cms'] && $this->foruminfo['f_type'] == 'hidden' && !$this->foruminfo['allowvisit']) {
         Showmsg('forum_hidden');
     }
 }
Exemple #4
0
function wind_forumcheck($forum)
{
    global $windid, $groupid, $tid, $fid, $skin, $winddb, $manager;
    if ($forum['f_type'] == 'former' && $groupid == 'guest' && $_COOKIE) {
        Showmsg('forum_former');
    }
    if (!empty($forum['style']) && file_exists(D_P . "data/style/{$forum['style']}.php")) {
        $skin = $forum['style'];
    }
    $pwdcheck = GetCookie('pwdcheck');
    if ($forum['password'] != '' && ($groupid == 'guest' || $pwdcheck[$fid] != $forum['password'] && !CkInArray($windid, $manager))) {
        require_once R_P . 'require/forumpw.php';
    }
    if ($forum['allowvisit'] && !allowcheck($forum['allowvisit'], $groupid, $winddb['groups'], $fid, $winddb['visit'])) {
        Showmsg('forum_jiami');
    }
    if (!$forum['cms'] && $forum['f_type'] == 'hidden' && !$forum['allowvisit']) {
        Showmsg('forum_hidden');
    }
}
Exemple #5
0
            $query = $db->query("SELECT aid,COUNT(*) AS sum FROM pw_cnphoto WHERE aid IN(" . pwImplode(array($aid, $photo['aid'])) . ') GROUP BY aid');
            while ($rt = $db->fetch_array($query)) {
                $phnum[$rt['aid']] = $rt['sum'];
            }
            if ($photo['path'] == $photo['lastphoto']) {
                $lastphoto = $db->get_value("SELECT path FROM pw_cnphoto WHERE aid=" . pwEscape($photo['aid']) . " ORDER BY pid DESC LIMIT 1");
            }
            $db->update("UPDATE pw_cnalbum SET " . pwSqlSingle(array('photonum' => $phnum[$aid] ? $phnum[$aid] : 0, 'lastpid' => implode(',', getLastPid($aid)))) . ' WHERE aid=' . pwEscape($aid));
            $db->update("UPDATE pw_cnalbum SET " . pwSqlSingle(array('photonum' => $phnum[$photo['aid']] ? $phnum[$photo['aid']] : 0, 'lastpid' => implode(',', getLastPid($photo['aid'])), 'lastphoto' => $lastphoto)) . ' WHERE aid=' . pwEscape($photo['aid']));
        }
        refreshto("{$basename}a=view&pid={$pid}", 'operate_success');
    }
} elseif ($a == 'delphoto') {
    define('AJAX', '1');
    InitGP(array('pid'), null, 2);
    $isGM = CkInArray($windid, $manager);
    !$isGM && $groupid == 3 && ($isGM = 1);
    if ($isGM) {
        $whereadd = '';
    } else {
        $whereadd = " AND ca.ownerid=" . pwEscape($winduid);
    }
    $photo = $db->get_one("SELECT cp.path,cp.uploader,ca.aid,ca.lastphoto,ca.lastpid,m.uid FROM pw_cnphoto cp LEFT JOIN pw_cnalbum ca ON cp.aid=ca.aid LEFT JOIN pw_members m ON cp.uploader=m.username WHERE cp.pid=" . pwEscape($pid) . " AND ca.atype='0' {$whereadd}");
    if (empty($photo)) {
        Showmsg('data_error');
    }
    $db->update("DELETE FROM pw_cnphoto WHERE pid=" . pwEscape($pid));
    $pwSQL = array();
    if ($photo['path'] == $photo['lastphoto']) {
        $pwSQL['lastphoto'] = $db->get_value("SELECT path FROM pw_cnphoto WHERE aid=" . pwEscape($photo['aid']) . " ORDER BY pid DESC LIMIT 1");
    }
Exemple #6
0
 $upmembers = $upmemdata = $upmeminfo = array();
 if ($ifppt) {
     include_once D_P . 'data/bbscache/dbreg.php';
     InitGP(array('propwd', 'proemail'), 'P');
     if ($propwd || $userdb['email'] != $proemail) {
         if ($_POST['oldpwd']) {
             if (strlen($userdb['password']) == 16) {
                 $_POST['oldpwd'] = substr(md5($_POST['oldpwd']), 8, 16);
                 //支持 16 位 md5截取密码
             } else {
                 $_POST['oldpwd'] = md5($_POST['oldpwd']);
             }
         }
         $userdb['password'] != $_POST['oldpwd'] && Showmsg('pwd_confirm_fail');
         if ($propwd) {
             CkInArray($windid, $manager) && Showmsg('pro_manager');
             $propwd != $_POST['check_pwd'] && Showmsg('password_confirm');
             if ($propwd != str_replace(array("\\", '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#', '%'), '', $propwd)) {
                 Showmsg('illegal_password');
             }
             list($rg_regminpwd, $rg_regmaxpwd) = explode("\t", $rg_pwdlen);
             if (strlen($propwd) < $rg_regminpwd) {
                 Showmsg('reg_password_minlimit');
             } elseif ($rg_regmaxpwd && strlen($propwd) > $rg_regmaxpwd) {
                 Showmsg('reg_password_maxlimit');
             } elseif ($rg_npdifferf && $propwd == $windid) {
                 Showmsg('reg_nameuptopwd');
             }
             if ($rg_pwdcomplex) {
                 $arr_rule = array();
                 $arr_rule = explode(',', $rg_pwdcomplex);
Exemple #7
0
function checkpass($CK)
{
    Add_S($CK);
    global $db, $manager, $db_ifsafecv, $db_gdcheck;
    if ($_POST['Login_f'] == 1 && $db_gdcheck & 32) {
        GdConfirm($_POST['lg_num']);
    }
    if (CkInArray($CK[1], $manager)) {
        global $manager_pwd;
        $v_key = array_search($CK[1], $manager);
        if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) {
            $rt = $db->get_one("SELECT uid,username,groupid,groups,password,safecv FROM pw_members WHERE username="******"SELECT m.uid,m.username,m.groupid,m.groups,m.password,m.safecv,m.groupid,u.gptype,p.rvalue as allowadmincp FROM pw_members m LEFT JOIN pw_usergroups u ON u.gid=m.groupid LEFT JOIN pw_permission p ON p.uid='0' AND p.fid='0' AND p.gid=m.groupid AND p.rkey='allowadmincp' WHERE m.username=" . pwEscape($CK[1]));
        if (!$rt['allowadmincp'] || $rt['gptype'] != 'system' && $rt['gptype'] != 'special' || $db_ifsafecv && $rt['safecv'] != $CK['3']) {
            return false;
        }
        if (!SafeCheck($CK, PwdCode($rt['password'])) || !admincheck($rt['uid'], $CK[1], $rt['groupid'], $rt['groups'], 'check')) {
            return false;
        }
        $rightset = $db->get_value('SELECT value FROM pw_adminset WHERE gid=' . pwEscape($rt['groupid']));
        if ($rightset) {
            if (!is_array($rightset = unserialize($rightset))) {
                $rightset = array();
            }
        } else {
            $rightset = array();
        }
        require GetLang('purview');
        foreach ($rightset as $key => $value) {
            $rightset[$key] = isset($purview[$key]) && $rightset[$key] == 1 ? 1 : 0;
        }
        $rightset['gid'] = $rt['groupid'];
    }
    return $rightset;
}
Exemple #8
0
 function pingCheck($checkType = '')
 {
     global $db_pingtime, $timestamp, $gp_gptype, $winduid, $windid, $manager, $_G;
     $pids = array_keys($this->postData);
     foreach ($pids as $k => $v) {
         !is_numeric($v) && ($pids[$k] = 0);
     }
     foreach ($this->postData as $pid => $post) {
         if ($db_pingtime && $timestamp - $post['postdate'] > $db_pingtime * 3600 && $gp_gptype != 'system') {
             return 'pingtime_over';
         }
         if ($winduid == $post['authorid'] && $checkType == 1 && !CkInArray($windid, $manager)) {
             return 'masigle_manager';
         }
     }
     if ($checkType == '1' && $_G['markable'] < 2 && $this->isPing($this->tid, $pids)) {
         return 'no_markagain';
     }
     if ($checkType == '2' && $this->isNotPing($this->tid, $pids)) {
         return 'have_not_showping';
     }
     return true;
 }
Exemple #9
0
            adminmsg('manager_errorusername');
        }
        $key = (int) array_search($oldname, $manager);
        if (!$password) {
            $password = $manager_pwd[$key];
        } else {
            if (GetGP('check_pwd') != $password) {
                adminmsg('password_confirm');
            }
            if (str_replace(array('\\', '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#'), '', $password) != $password) {
                adminmsg('manager_errorpassword');
            }
            $password = $manager_pwd[$key] = md5($password);
        }
        if ($username != $oldname) {
            if (CkInArray($username, $manager)) {
                adminmsg('manager_had');
            }
            $manager[$key] = $username;
            $oldname == $admin_name && Cookie('AdminUser', '', 0);
        }
        $newconfig = array('dbhost' => $dbhost, 'dbuser' => $dbuser, 'dbpw' => $dbpw, 'dbname' => $dbname, 'database' => $database, 'PW' => $PW, 'pconnect' => $pconnect, 'charset' => $charset, 'manager' => $manager, 'manager_pwd' => $manager_pwd, 'db_hostweb' => $db_hostweb, 'attach_url' => $attach_url);
        require_once R_P . 'require/updateset.php';
        write_config($newconfig);
        unset($newconfig);
        pwUpdateManager($username, $password);
        adminmsg('operate_success');
    }
} elseif ($action == 'delete') {
    if ($_POST['step'] != 2) {
        $inputmsg = '<input name="step" type="hidden" value="2" /><input name="action" type="hidden" value="delete" /><input name="username" type="hidden" value="' . $oldname . '" />';
Exemple #10
0
     $query = $db->query("SELECT uid,username,email,icon as face,regdate,honor FROM pw_members WHERE {$where} " . "ORDER BY regdate DESC " . $limit);
     while ($rt = $db->fetch_array($query)) {
         list($rt['face']) = showfacedesign($rt['face'], '1', 'm');
         $rt['regdate'] = get_date($rt['regdate']);
         $rt['honor'] = substrs($rt['honor'], 50);
         $members[] = $rt;
     }
 } else {
     $mfriendkeys = $friendkeys = array();
     if ($myfriends = getFriends($winduid, 0)) {
         $friendkeys = array_keys($myfriends);
         if ($friendkeys) {
             $query = $db->query('SELECT friendid FROM pw_friends WHERE uid IN(' . pwImplode($friendkeys) . ') AND status=0 LIMIT 30');
             $mfriends = array();
             while ($rt = $db->fetch_array($query)) {
                 if ($rt['friendid'] != $winduid && !CkInArray($rt['friendid'], $friendkeys)) {
                     isset($mfriends[$rt['friendid']]) ? $mfriends[$rt['friendid']]++ : ($mfriends[$rt['friendid']] = 1);
                 }
             }
             arsort($mfriends);
             if (count($mfriends) > 6) {
                 $i = 0;
                 $temp_friend = array();
                 foreach ($mfriends as $key => $value) {
                     $temp_friend[$key] = $value;
                     $i++;
                     if ($i == 6) {
                         break;
                     }
                 }
                 $mfriends = $temp_friend;
Exemple #11
0
     $per['uploadmaxsize'] = ceil(($gRight['uploadmaxsize'] ? $gRight['uploadmaxsize'] : $db_uploadmaxsize) / 1024);
     !$gRight['uploadtype'] && ($gRight['uploadtype'] = $db_uploadfiletype);
     $gRight['uploadtype'] = unserialize($gRight['uploadtype']);
     $per['uptype'] = '';
     foreach ($gRight['uploadtype'] as $key => $value) {
         $per['uptype'] .= ($per['uptype'] ? ', ' : '') . "{$key}:{$value}";
     }
     unset($creditdb, $groups, $value, $ltitle, $gRight);
 } else {
     require_once R_P . 'require/forum.php';
     if (!($rt = L::forum($fid))) {
         Showmsg('data_error');
     }
     (!$rt || $rt['type'] == 'category') && Showmsg('data_error');
     $forumset = $rt['forumset'];
     if (!CkInArray($windid, $manager)) {
         wind_forumcheck($rt);
     }
     $forumset['link'] && Showmsg('data_error');
     $per = $forumright = array();
     $creditset = $credit->creditset($rt['creditset'], $db_creditset);
     foreach ($creditset as $key => $value) {
         foreach ($value as $k => $v) {
             $forumright[$k][$key] = (int) $v;
         }
     }
     $per['upload'] = $per['down'] = $per['rp'] = $per['post'] = $per['visit'] = 1;
     $per['name'] = strip_tags($rt['name']);
     if ($rt['allowvisit'] && strpos($rt['allowvisit'], ',' . $groupid . ',') === false) {
         $per['visit'] = 0;
     }
Exemple #12
0
            $sys_mail = 'Disabled';
        }
        @extract($db->get_one('SELECT totalmember,yposts FROM pw_bbsinfo WHERE id=1'));
        @extract($db->get_one('SELECT SUM(topic) AS threads,SUM(article) AS posts FROM pw_forumdata'));
        $hits = $db->get_value('SELECT SUM(hits) FROM pw_threads');
        $cachetime = $timestamp + 60 * 60 * 12;
        writeover(D_P . 'data/bbscache/admin_cache.php', "<?php die;?>{$cachetime}|{$pw_size}|{$o_size}|{$dbversion}|{$max_upload}|{$max_ex_time}|{$sys_mail}|{$totalmember}|{$threads}|{$posts}|{$hits}|{$yposts}\r\n{$cachetext[1]}");
    }
    $altertime = gmdate('Y-m-d H:i', $timestamp + $db_timedf * 3600);
    $systemtime = $db_cvtime == 0 ? $altertime : gmdate('Y-m-d H:i', time() + $db_timedf * 3600);
    $sysversion = PHP_VERSION;
    $sysos = str_replace('PHP/' . $sysversion, '', GetServer('SERVER_SOFTWARE'));
    $ifcookie = isset($_COOKIE) ? 'SUCCESS' : 'FAIL';
}
if (!$job || $job == 'desktop') {
    if (CkInArray($admin_name, $manager)) {
        $u = 1;
        if (pwWritable(D_P . 'data/sql_config.php')) {
            $warnid += 1;
        }
        if (is_dir('data')) {
            $warnid += 2;
        }
        if (ini_get('register_globals')) {
            $warnid += 4;
        }
        if (file_exists('admin.php')) {
            $warnid += 8;
        }
        if (!$db_ifsafecv || strpos($db_safegroup, ',3,') === false || strpos($db_safegroup, ',4,') === false || strpos($db_safegroup, ',5,') === false) {
            $warnid += 16;
Exemple #13
0
 function checkName($regname)
 {
     if (!PW_Register::checkNameLen(strlen($regname))) {
         Showmsg('reg_username_limit');
     }
     if (str_replace($this->illegalChar, '', $regname) != $regname) {
         Showmsg('illegal_username');
     }
     if (!L::reg('rg_rglower') && !PW_Register::checkRglower($regname)) {
         Showmsg('username_limit');
     }
     if (CkInArray(strtolower($regname), array('guest', 'system'))) {
         Showmsg('illegal_username');
     }
     $banname = explode(',', L::reg('rg_banname'));
     foreach ($banname as $key => $value) {
         if ($value && strpos($regname, $value) !== false) {
             Showmsg('illegal_username');
         }
     }
     if ($regname !== Sql_cv($regname)) {
         Showmsg('illegal_username');
     }
 }
Exemple #14
0
    $rt['content'] = str_replace("\n", "<br>", $rt['content']);
    include_once D_P . 'data/bbscache/wordsfb.php';
    foreach ($alarm as $key => $value) {
        $rt['content'] = str_replace($key, '<span style="background-color:#ffff66">' . $key . '</span>', $rt['content']);
    }
    include PrintEot('content');
    exit;
} elseif ($type == 'post') {
    $pw_posts = GetPtable('N', $tid);
    $rt = $db->get_one("SELECT pid,tid,subject,content FROM {$pw_posts} WHERE pid=" . pwEscape($id));
    $rt['content'] = str_replace("\n", "<br>", $rt['content']);
    include_once D_P . 'data/bbscache/wordsfb.php';
    foreach ($alarm as $key => $value) {
        $rt['content'] = str_replace($key, '<span style="background-color:#ffff66">' . $key . '</span>', $rt['content']);
    }
    include PrintEot('content');
    exit;
} elseif ($type == 'message') {
    $rt = $db->get_one("SELECT m.touid,mc.title,mc.content FROM pw_msg m LEFT JOIN pw_msgc mc USING(mid) WHERE m.mid=" . pwEscape($id));
    $msg = $db->get_one("SELECT username,groupid FROM pw_members WHERE uid=" . pwEscape($rt['touid']));
    if ($msg['username'] && CkInArray($msg['username'], $manager) && !If_manager) {
        adminmsg('msg_managerright');
    }
    if ($msg['groupid'] == 3 && $admin_gid != 3) {
        adminmsg('msg_adminright');
    }
    $rt['subject'] = $rt['title'];
    $rt['content'] = str_replace("\n", "<br>", $rt['content']);
    include PrintEot('content');
    exit;
}
Exemple #15
0
 if ($filesize) {
     if ($ifless) {
         $sql .= " AND (size<" . pwEscape($filesize) . ')';
     } else {
         $sql .= " AND (size>" . pwEscape($filesize) . ')';
     }
 }
 if ($postdate1) {
     $uploadtime = PwStrtoTime($postdate1);
     is_numeric($uploadtime) && ($sql .= " AND uploadtime>" . pwEscape($uploadtime));
 }
 if ($postdate2) {
     $uploadtime = PwStrtoTime($postdate2);
     is_numeric($uploadtime) && ($sql .= " AND uploadtime<" . pwEscape($uploadtime));
 }
 if (CkInArray($orderway, array('uploadtime', 'size', 'rvrc', 'name', 'hits'))) {
     $order = "ORDER BY {$orderway}";
     $asc == 'DESC' && ($order .= ' ' . $asc);
 } else {
     $order = '';
 }
 $pernum = is_numeric($pernum) ? $pernum : 20;
 $page < 1 && ($page = 1);
 $limit = pwLimit(($page - 1) * $pernum, $pernum);
 $rt = $db->get_one("SELECT COUNT(*) AS count FROM pw_attachs WHERE {$sql}");
 $sum = $rt['count'];
 $numofpage = ceil($sum / $pernum);
 $pages = numofpage($sum, $page, $numofpage, "{$basename}&action=search&fid={$fid}&uid={$uid}&filename=" . rawurlencode($filename) . "&hits={$hits}&ifmore={$ifmore}&filesize={$filesize}&ifless={$ifless}&orderway={$orderway}&asc={$asc}&postdate1={$postdate1}&postdate2={$postdate2}&pernum={$pernum}&");
 $attachdb = $thread = array();
 $query = $db->query("SELECT * FROM pw_attachs WHERE {$sql} {$order} {$limit}");
 while (@extract($db->fetch_array($query))) {
Exemple #16
0
!defined('W_P') && exit('Forbidden');
!$windid && wap_msg('not_login');
InitGP(array('action', 'tid'));
$rts = array();
$result = $db->query("SELECT typeid FROM pw_collection WHERE type = 'postfavor' AND typeid = " . S::sqlEscape($tid) . " AND uid = " . S::sqlEscape($winduid));
while ($rt = $db->fetch_array($result)) {
    $rts[] = $rt['typeid'];
}
$rs['tids'] = implode(',', $rts);
$rs['type'] = '';
if ($rs['tids']) {
    $count = 0;
    $tiddb = getFavor($rs['tids']);
    foreach ($tiddb as $key => $t) {
        if (is_array($t)) {
            if (CkInArray($tid, $t)) {
                favShowMsg('job_favor_error');
            }
            $count += count($t);
        } else {
            unset($tiddb[$key]);
        }
    }
    $count > $_G['maxfavor'] && favShowMsg('job_favor_full');
    InitGP(array('type'), 2);
    $typeid = array('0' => 'default');
    if ($rs['type']) {
        $typeid = array_merge($typeid, explode(',', $rs['type']));
        if (!isset($type)) {
            echo 'type' . $type;
        }
Exemple #17
0
    $userdb['todaypost'] = 0;
}
$averagepost = round($userdb['postnum'] / ceil(($timestamp - $userdb['regdate']) / (3600 * 24)), 2);
$userdb['regdate'] = get_date($userdb['regdate'], 'Y-m-d');
$userdb['lastvisit'] = get_date($userdb['lastvisit'], 'Y-m-d');
$userdb['onlineip'] = explode('|', $userdb['onlineip']);
$userdb['introduce'] = nl2br($userdb['introduce']);
$all_userinfo = array('gender', 'bday', 'location', 'digests', 'todaypost', 'oicq', 'yahoo', 'msn', 'email', 'onlinetime', 'regdate', 'lastvisit', 'onlineip', 'uid');
$need_userinfo = array('digests', 'todaypost', 'onlinetime', 'regdate', 'lastvisit', 'uid');
foreach ($all_userinfo as $key => $value) {
    if (!in_array($value, $need_userinfo)) {
        if (empty($userdb[$value])) {
            continue;
        }
        if ($value == 'email') {
            if (!getstatus($userdb['userstatus'], 7) && !CkInArray($windid, $manager) && $userdb['uid'] != $winduid) {
                continue;
            }
        } elseif ($value == 'onlineip') {
            if (!$isGM && $groupid != '3' && $winduid != $userdb['uid']) {
                continue;
            }
            $userdb[$value] = $userdb[$value][0];
        } elseif ($value == 'gender') {
            $userdb[$value] = getLangInfo('other', 'gender_' . $userdb[$value]);
        }
    }
    $user_profile[$value] = array(getLangInfo('other', 'profile_' . $value), $userdb[$value]);
}
$userdb['site'] = $userdb['site'] ? '<a href="' . $userdb['site'] . '" target="_blank" >' . $userdb['site'] . '</a>' : '';
//用户app统计
Exemple #18
0
         }
         $e_check == 0 && wap_msg('email_check');
     }
     $email_check = $db->get_one('SELECT COUNT(*) AS count FROM pw_members WHERE email=' . pwEscape($regemail));
     if ($email_check['count']) {
         wap_msg('reg_email_have_same', $basename);
     }
 }
 if ($regname !== Sql_cv($regname)) {
     wap_msg('illegal_username', $basename);
 }
 $rs = $db->get_one('SELECT COUNT(*) AS count FROM pw_members WHERE username='******'count'] > 0) {
     wap_msg('username_same', $basename);
 }
 CkInArray(strtolower($regname), array('guest', 'system')) && wap_msg('illegal_username');
 $rg_banname = explode(',', $rg_banname);
 foreach ($rg_banname as $value) {
     if ($value && strpos($regname, $value) !== false) {
         wap_msg('illegal_username', $basename);
     }
 }
 if ($rg_ifcheck == '1') {
     $rg_groupid = '7';
     //后台控制是否需要验证
 } else {
     $rg_groupid = '-1';
 }
 if ($rg_emailcheck == 1) {
     $rg_yz = num_rand(9);
 } else {
Exemple #19
0
function deleteThreadsHander($tidarray)
{
    global $windid, $manager, $groupid;
    PostCheck();
    (!CkInArray($windid, $manager) || $groupid != 3) && Showmsg('mawhole_right');
    if ($tidarray == "") {
        Showmsg('data_error');
    }
    $tidarray = explode("|", $tidarray);
    if (!is_array($tidarray)) {
        Showmsg('data_error');
    }
    $forums = array();
    foreach ($tidarray as $v) {
        if ($v == "") {
            continue;
        }
        list($fid, $tid) = explode("_", $v);
        if (intval($fid) < 0 && intval($tid) < 0) {
            continue;
        }
        $forums[$fid][] = $tid;
    }
    $threadManager = L::loadclass('threadmanager');
    foreach ($forums as $fid => $threadIds) {
        $threadManager->deleteByThreadIds($fid, $threadIds);
    }
    echo getLangInfo('other', 'search_manager_success');
    ajax_footer();
}
Exemple #20
0
            $tmpIP = ip2long($onlineip);
            if ($tmpIP != -1 && $tmpIP !== FALSE) {
                $tmpVisitips = explode(',', $db_visitips);
                foreach ($tmpVisitips as $value) {
                    if (!trim($value)) {
                        continue;
                    }
                    $tmpSIP = ip2long(str_replace('*', '1', $value));
                    $tmpEIP = ip2long(str_replace('*', '255', $value));
                    if ($tmpIP >= $tmpSIP && $tmpIP <= $tmpEIP) {
                        $tmpAllowvisit = true;
                        break;
                    }
                }
            }
        }
        if ($tmpAllowvisit === false) {
            if (!$windid) {
                Showmsg($db_visitmsg);
            } elseif (!CkInArray($windid, $manager) && strpos($db_visitgroup, ',' . $groupid . ',') === false && strpos(strtolower($db_visituser), ',' . strtolower($windid) . ',') === false) {
                PwNewDB();
                require_once R_P . 'require/checkpass.php';
                Loginout();
                Showmsg('visiter_login');
            }
        }
    } elseif (!$windid) {
        Showmsg($db_visitmsg);
    }
}
unset($AdminUser, $CK, $bbsclose);
Exemple #21
0
} else {
    $userinbbs = $guestinbbs = 0;
    $query = $db->query("SELECT uid!=0 as ifuser,COUNT(*) AS count FROM pw_online GROUP BY uid!='0'");
    while ($rt = $db->fetch_array($query)) {
        if ($rt['ifuser']) {
            $userinbbs = $rt['count'];
        } else {
            $guestinbbs = $rt['count'];
        }
    }
}
if ($db_indexonline) {
    InitGP(array('online'));
    empty($online) && ($online = GetCookie('online'));
    if ($online == 'yes') {
        if ($guestinbbs + $userinbbs > 2000 && !CkInArray($windid, $manager)) {
            $online = 'no';
        } else {
            $db_online = intval($db_online);
            include_once Pcv(R_P . "require/online_{$db_online}.php");
        }
    }
    Cookie('online', $online);
}
$usertotal = $guestinbbs + $userinbbs;
$showgroup = $db_showgroup ? explode(',', $db_showgroup) : array();
// Share union
if ($db_indexmqshare && $sharelink[1]) {
    $sharelink[1] = "<marquee scrolldelay=\"100\" scrollamount=\"4\" onmouseout=\"if (document.all!=null){this.start()}\" onmouseover=\"if (document.all!=null){this.stop()}\" behavior=\"alternate\">{$sharelink['1']}</marquee>";
}
//update pw_feed
Exemple #22
0
function isGM($name)
{
    global $manager;
    return CkInArray($name, $manager);
}
Exemple #23
0
function checkuptoadmin($CK)
{
    Add_S($CK);
    global $db, $manager;
    if (is_array($manager) && CkInArray($CK[1], $manager)) {
        global $manager_pwd;
        $v_key = array_search($CK[1], $manager);
        if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) {
            $rt = $db->get_one("SELECT uid,username,groupid,groups,password FROM pw_members WHERE username="******"SELECT uid,username,groupid,groups,password FROM pw_members WHERE username=" . pwEscape($CK[1]));
            if (!SafeCheck($CK, PwdCode($rt['password']))) {
                return false;
            }
        }
        return true;
    } else {
        return false;
    }
}
Exemple #24
0
<?php

define('SCR', 'sendpwd');
require_once 'global.php';
require L::style('', $skinco, true);
if ("wind" != $tplpath && file_exists(D_P . 'data/style/' . $tplpath . '_css.htm')) {
    $css_path = D_P . 'data/style/' . $tplpath . '_css.htm';
} else {
    $css_path = D_P . 'data/style/wind_css.htm';
}
S::gp(array('action'));
!CkInArray($action, array('getback', 'getverify', 'checkverify')) && ($action = 'sendpwd');
//!CkInArray($action ,array('getverify','checkverify')) && require_once(R_P.'require/header.php');;
if ($action == 'sendpwd') {
    if ($_POST['step'] != 2) {
        if ($db_authstate && $db_authgetpwd) {
            $authService = L::loadClass('Authentication', 'user');
            list($authStep, $remainTime, $waitTime, $mobile) = $authService->getStatus('findpwd');
            $authStep_1 = $authStep_2 = 'none';
            ${'authStep_' . $authStep} = '';
            $verifyUsername = $authStep == 1 ? '' : getCookie('findpwd_verifyUsername');
        }
        require_once PrintEot('sendpwd');
        footer();
    } else {
        PostCheck(0, $db_gdcheck & 16);
        S::gp(array('type', 'pwuser', 'email', 'authmobile', 'question', 'customquest', 'answer'));
        $userService = L::loadClass('UserService', 'user');
        /* @var $userService PW_UserService */
        $userarray = $userService->getByUserName($pwuser);
        if ($db_ifsafecv) {
Exemple #25
0
         }
     }
 } elseif ($type == 'msg') {
     $msgdb = array();
     $pages = '';
     $page = $_GET['page'];
     (int) $page < 1 && ($page = 1);
     $query = $db->query('SELECT id,uid,username,toname,msgtype,posttime,savetime,message FROM pw_forummsg WHERE fid=' . pwEscape($fid) . ' ORDER BY posttime DESC ' . pwLimit(($page - 1) * $db_perpage, $db_perpage));
     while ($rt = $db->fetch_array($query)) {
         if ($rt['savetime'] < $timestamp) {
             $db->query("DELETE FROM pw_forummsg WHERE id='{$rt['id']}'");
         } else {
             $rt['posttime'] = $rt['posttime'] ? get_date($rt['posttime'], 'Y-m-d H:i') : '--';
             $rt['savetime'] = $rt['savetime'] ? get_date($rt['savetime'], 'Y-m-d H:i') : '--';
             if (strpos($rt['toname'], ',' . $windid . ',') !== false && $rt['msgtype'] == '2' || $groupid == '3' || $groupid == '4' || CkInArray($windid, $manager) || $rt['msgtype'] == '1' || $rt['uid'] == $winduid) {
                 if ($rt['uid'] != $winduid && $groupid != '3' && $groupid != '4' && CkInArray($windid, $manager) === false) {
                     $rt['ifuse'] = 'disabled';
                 } else {
                     $rt['ifuse'] = '';
                 }
                 $msgdb[] = $rt;
             }
         }
     }
     $db->free_result($query);
     $count = $db->get_value('SELECT COUNT(*) FROM pw_forummsg WHERE fid=' . pwEscape($fid));
     if ($count > $db_perpage) {
         require_once R_P . 'require/forum.php';
         $pages = numofpage($count, $page, ceil($count / $db_perpage), "forumcp.php?action=edit&fid={$fid}&type={$type}&");
     }
     if ($_POST['demsg']) {
Exemple #26
0
             adminmsg('msg_adminright');
         }
         if ($type == 'rebox' || $type == 'sebox') {
             $sql .= " AND m.type=" . pwEscape($type) . "AND m.fromuid=" . pwEscape($rt['uid']);
         } else {
             $sql .= " AND m.fromuid=" . pwEscape($rt['uid']);
         }
     }
 }
 if ($touser) {
     $touser = str_replace('*', '%', $touser);
     $rt = $db->get_one("SELECT uid,username,groupid FROM pw_members WHERE username LIKE " . pwEscape($touser));
     if (!$rt) {
         $errorname = $touser;
         adminmsg('user_not_exists');
     } elseif (CkInArray($rt['username'], $manager) && !If_manager) {
         adminmsg('msg_managerright');
     } elseif ($rt['groupid'] == 3 && $admin_gid != 3) {
         adminmsg('msg_adminright');
     }
     if ($type == 'rebox' || $type == 'sebox') {
         $sql .= " AND m.type=" . pwEscape($type) . "AND m.touid=" . pwEscape($rt['uid']);
     } else {
         $sql .= " AND m.touid=" . pwEscape($rt['uid']);
     }
 }
 if ($msgdate) {
     $schtime = $timestamp - $msgdate * 24 * 3600;
     $sql .= " AND m.mdate<" . pwEscape($schtime);
 }
 $rs = $db->get_one("SELECT COUNT(*) AS count FROM pw_msg m{$mc_tab} WHERE {$sql}");
Exemple #27
0
} elseif ($_POST['action'] == 'editforum') {
    InitGP(array('forumadmin'), 'P', 0);
    InitGP(array('order'), 'P', 2);
    $errorname = array();
    $forumdb = $db->query("SELECT fid,forumadmin,vieworder FROM pw_forums WHERE cms!='1'");
    while ($foruminfo = $db->fetch_array($forumdb)) {
        $pwSQL = $admin_a = $admin_n = $admin_d = array();
        if ($foruminfo['forumadmin'] != $forumadmin[$foruminfo['fid']] && $foruminfo['forumadmin'] != ',' . $forumadmin[$foruminfo['fid']] . ',') {
            $admin_a = explode(',', $forumadmin[$foruminfo['fid']]);
            if ($admin_a) {
                $query = $db->query("SELECT username FROM pw_members WHERE username IN (" . pwImplode($admin_a) . ")");
                while ($member = $db->fetch_array($query)) {
                    $admin_d[] = $member['username'];
                }
                foreach ($admin_a as $value) {
                    if (CkInArray($value, $admin_d)) {
                        $admin_n[] = $value;
                    }
                }
            }
            if ($admin_n) {
                $pwSQL['forumadmin'] = ',' . implode(',', $admin_n) . ',';
            } else {
                $pwSQL['forumadmin'] = '';
            }
            $errorname = array_merge($errorname, array_diff($admin_a, $admin_n));
        }
        if ($order[$foruminfo['fid']] != $foruminfo['vieworder']) {
            $pwSQL['vieworder'] = $order[$foruminfo['fid']];
        }
        if ($pwSQL) {
Exemple #28
0
Ipban();
Cookie('lastvisit', $c_oltime . "\t" . $timestamp . "\t" . $REQUEST_URI);
if ($groupid == 'guest' && $db_guestdir && GetGcache()) {
    require_once R_P . 'require/guestfunc.php';
    getguestcache();
}
PwNewDB();
unset($db_whybbsclose, $db_whycmsclose, $db_ipban, $db_diy, $dbhost, $dbuser, $dbpw, $dbname, $pconnect, $manager_pwd, $newmanager);
if ($groupid == 'guest') {
    require_once D_P . 'data/groupdb/group_2.php';
} elseif (file_exists(D_P . "data/groupdb/group_{$groupid}.php")) {
    require_once Pcv(D_P . "data/groupdb/group_{$groupid}.php");
} else {
    require_once D_P . 'data/groupdb/group_1.php';
}
if ($_G['pwdlimitime'] && !CkInArray($windid, $manager) && $timestamp - 86400 * $_G['pwdlimitime'] > $winddb['pwdctime'] && !defined('PRO')) {
    Showmsg('pwdchange_prompt');
}
//获取页面title信息
$pw_seoset = L::loadClass('seoset');
$webPageTitle = $pw_seoset->getPageTitle();
$metaDescription = $pw_seoset->getPageMetadescrip();
$metaKeywords = $pw_seoset->getPageMetakeyword();
function runTask()
{
    $taskClass = L::loadclass('task');
    $taskClass->run();
}
function runJob()
{
    global $db_job_isopen, $winduid, $groupid;
Exemple #29
0
function hidden($cost, $code)
{
    global $groupid, $code_num, $code_htm;
    $code_num++;
    if ($groupid != 'guest') {
        global $db, $isGM, $winddb, $userrvrc, $userpath, $windid, $tpc_author, $_CREDITDB, $winduid, $db_enhideset, $pwEncodeHide;
        static $sCredit = null;
        list($creditvalue, $credittype) = explode(',', $cost);
        if (!$credittype || !CkInArray($credittype, $db_enhideset['type'])) {
            $credittype = 'rvrc';
        }
        if (in_array($credittype, array('money', 'rvrc', 'credit', 'currency'))) {
            $creditname = $GLOBALS['db_' . $credittype . 'name'];
            $usercredit = $credittype == 'rvrc' ? $userrvrc : $winddb[$credittype];
        } elseif (isset($_CREDITDB[$credittype])) {
            $creditname = $_CREDITDB[$credittype][0];
            if (!isset($sCredit)) {
                $query = $db->query("SELECT uid,cid,value FROM pw_membercredit WHERE uid=" . pwEscape($winduid));
                while ($rt = $db->fetch_array($query)) {
                    $sCredit[$rt['cid']] = $rt['value'];
                }
                $db->free_result($query);
            }
            $usercredit = $sCredit[$credittype];
        } else {
            $creditname = $GLOBALS['db_moneyname'];
            $usercredit = $winddb['money'];
        }
        $creditvalue = intval(trim(stripslashes($creditvalue)));
        if ($windid != $tpc_author && $usercredit < $creditvalue && !$isGM && !$pwEncodeHide) {
            $code = "<blockquote class=\"blockquote\" style=\"margin:10px 0;\">" . getLangInfo('bbscode', 'bbcode_encode1', array('name' => $creditname, 'value' => $creditvalue)) . "</blockquote>";
        } else {
            $code = "<h6 class=\"quote\" style=\"padding:0;margin:0;\"><span class=\"s3 f12 fn\">" . getLangInfo('bbscode', 'bbcode_encode2', array('name' => $creditname, 'value' => $creditvalue)) . "</span></h6><blockquote class=\"blockquote\" style=\"margin:10px 0;\">" . str_replace('\\"', '"', $code) . "</blockquote>";
        }
    } else {
        $code = "<blockquote class=\"blockquote\" style=\"margin:10px 0;\">" . getLangInfo('bbscode', 'bbcode_encode3') . "</blockquote>";
    }
    $code_htm[4][$code_num] = $code;
    return "<\twind_code_{$code_num}\t>";
}
Exemple #30
0
                     }
                 }
             }
         }
     }
 }
 $jscredit = pwJsonEncode($markset);
 if (!$admincheck && !$_G['markable'] || !$credittype) {
     Showmsg('no_markright');
 }
 $anonymous = 0;
 foreach ($atcdb as $pid => $atc) {
     if ($db_pingtime && $timestamp - $atc['postdate'] > $db_pingtime * 3600 && $gp_gptype != 'system') {
         Showmsg('pingtime_over');
     }
     if ($winduid == $atc['authorid'] && !CkInArray($windid, $manager)) {
         Showmsg('masigle_manager');
     }
     $has_ping = $db->get_one("SELECT * FROM pw_pinglog WHERE fid=" . pwEscape($fid) . " AND tid=" . pwEscape($tid) . " AND pid=" . pwEscape(intval($pid)) . " AND pinger=" . pwEscape($windid) . " LIMIT 1");
     if ($_POST['step'] == 1 && $_G['markable'] < 2 && $has_ping) {
         Showmsg('no_markagain');
     }
     if ($_POST['step'] > 1 && !$has_ping) {
         Showmsg('have_not_showping');
     }
     $atc['anonymous'] && $anonymous++;
 }
 $count = count($atcdb);
 if (empty($_POST['step'])) {
     $creditselect = '';
     foreach ($credittype as $key => $cid) {