function AddGbook($add) { global $empire, $dbtbpre, $level_r, $public_r; //验证IP eCheckAccessDoIp('gbook'); CheckCanPostUrl(); //验证来源 $bid = (int) getcvar('gbookbid'); if (empty($bid)) { $bid = intval($add[bid]); } $name = RepPostStr(trim($add[name])); $email = RepPostStr($add[email]); $call = RepPostStr($add[call]); $lytext = RepPostStr($add[lytext]); if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) { printerror("EmptyGbookname", "history.go(-1)", 1); } if (!chemail($email)) { printerror("EmailFail", "history.go(-1)", 1); } //验证码 $keyvname = 'checkgbookkey'; if ($public_r['gbkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } $lasttime = getcvar('lastgbooktime'); if ($lasttime) { if (time() - $lasttime < $public_r['regbooktime']) { printerror("GbOutTime", "", 1); } } //版面是否存在 $br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';"); if (empty($br[bid])) { printerror("EmptyGbook", "history.go(-1)", 1); } //权限 if ($br['groupid']) { $user = islogin(); if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) { printerror("HaveNotEnLevel", "history.go(-1)", 1); } } $lytime = date("Y-m-d H:i:s"); $ip = egetip(); $userid = (int) getcvar('mluserid'); $username = RepPostVar(getcvar('mlusername')); $sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('{$name}','{$email}','{$call}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}');"); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { esetcookie("lastgbooktime", time(), time() + 3600 * 24); //设置最后发表时间 $reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']); printerror("AddGbookSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function AddFeedback($add) { global $empire, $dbtbpre, $level_r, $public_r; CheckCanPostUrl(); //验证来源 if ($add['bid']) { $bid = (int) $add['bid']; } else { $bid = (int) getcvar('feedbackbid'); } if (empty($bid)) { printerror("EmptyFeedbackname", "history.go(-1)", 1); } //验证码 $keyvname = 'checkfeedbackkey'; if ($public_r['fbkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } //版面是否存在 $br = $empire->fetch1("select bid,enter,mustenter,filef,groupid,checkboxf from {$dbtbpre}enewsfeedbackclass where bid='{$bid}';"); if (empty($br['bid'])) { printerror("EmptyFeedback", "history.go(-1)", 1); } //权限 if ($br['groupid']) { $user = islogin(); if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) { printerror("HaveNotEnLevel", "history.go(-1)", 1); } } $pr = $empire->fetch1("select feedbacktfile,feedbackfilesize,feedbackfiletype from {$dbtbpre}enewspublic limit 1"); //必填项 $mustr = explode(",", $br['mustenter']); $count = count($mustr); for ($i = 1; $i < $count - 1; $i++) { $mf = $mustr[$i]; if (strstr($br['filef'], "," . $mf . ",")) { if (!$pr['feedbacktfile']) { printerror("NotOpenFBFile", "", 1); } if (!$_FILES[$mf]['name']) { printerror("EmptyFeedbackname", "", 1); } } else { $chmustval = ReturnFBCheckboxAddF($add[$mf], $mf, $br['checkboxf']); if (!trim($chmustval)) { printerror("EmptyFeedbackname", "", 1); } } } $saytime = date("Y-m-d H:i:s"); //字段处理 $dh = ""; $tranf = ""; $record = "<!--record-->"; $field = "<!--field--->"; $er = explode($record, $br['enter']); $count = count($er); for ($i = 0; $i < $count - 1; $i++) { $er1 = explode($field, $er[$i]); $f = $er1[1]; //附件 $add[$f] = str_replace('[!#@-', 'ecms', $add[$f]); if (strstr($br['filef'], "," . $f . ",")) { if ($_FILES[$f]['name']) { if (!$pr['feedbacktfile']) { printerror("NotOpenFBFile", "", 1); } $filetype = GetFiletype($_FILES[$f]['name']); //取得文件类型 if (CheckSaveTranFiletype($filetype)) { printerror("NotQTranFiletype", "", 1); } if (!strstr($pr['feedbackfiletype'], "|" . $filetype . "|")) { printerror("NotQTranFiletype", "", 1); } if ($_FILES[$f]['size'] > $pr['feedbackfilesize'] * 1024) { printerror("TooBigQTranFile", "", 1); } $tranf .= $dh . $f; $dh = ","; $fval = "[!#@-" . $f . "-@!]"; } else { $fval = ""; } } else { $add[$f] = ReturnFBCheckboxAddF($add[$f], $f, $br['checkboxf']); $fval = $add[$f]; } $addf .= ",`" . $f . "`"; $addval .= ",'" . addslashes(RepPostStr($fval)) . "'"; } $type = 0; $classid = 0; $filename = ''; $filepath = ''; $userid = (int) getcvar('mluserid'); $username = RepPostVar(getcvar('mlusername')); $filepass = ReturnTranFilepass(); //上传附件 if ($tranf) { $dh = ""; $tranr = explode(",", $tranf); $count = count($tranr); for ($i = 0; $i < $count; $i++) { $tf = $tranr[$i]; $tfr = DoTranFile($_FILES[$tf]['tmp_name'], $_FILES[$tf]['name'], $_FILES[$tf]['type'], $_FILES[$tf]['size'], $classid); if ($tfr['tran']) { $filepath = $tfr[filepath]; //写入数据库 $filetime = $saytime; $filesize = (int) $_FILES[$tf]['size']; eInsertFileTable($tfr[filename], $filesize, $tfr[filepath], '[Member]' . $username, $classid, '[FB]' . addslashes(RepPostStr($add[title])), $type, $filepass, $filepass, $public_r[fpath], 0, 4, 0); $repfval = ($tfr[filepath] ? $tfr[filepath] . '/' : '') . $tfr[filename]; $filename .= $dh . $tfr[filename]; $dh = ","; } else { $repfval = ""; } $addval = str_replace("[!#@-" . $tf . "-@!]", $repfval, $addval); } } $ip = egetip(); $eipport = egetipport(); $sql = $empire->query("insert into {$dbtbpre}enewsfeedback(bid,saytime,ip,filepath,filename,userid,username,haveread,eipport" . $addf . ") values('{$bid}','{$saytime}','{$ip}','{$filepath}','{$filename}','{$userid}','{$username}',0,'{$eipport}'" . $addval . ");"); $fid = $empire->lastid(); //更新附件 UpdateTheFileOther(4, $fid, $filepass, 'other'); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { $reurl = DoingReturnUrl("../tool/feedback/?bid={$bid}", $add['ecmsfrom']); printerror("AddFeedbackSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function login1($username, $password, $lifetime, $key, $location) { global $empire, $user_tablename, $user_userid, $user_username, $user_password, $user_dopass, $user_group, $user_groupid, $user_rnd, $public_r, $user_salt, $user_saltnum, $dbtbpre, $eloginurl, $user_checked; if ($eloginurl) { Header("Location:{$eloginurl}"); exit; } $dopr = 1; if ($_POST['prtype']) { $dopr = 9; } if (!trim($username) || !trim($password)) { printerror("EmptyLogin", "history.go(-1)", $dopr); } //验证码 $keyvname = 'checkloginkey'; if ($public_r['loginkey_ok']) { ecmsCheckShowKey($keyvname, $key, $dopr); } $username = RepPostVar($username); $password = RepPostVar($password); //编码转换 $utfusername = doUtfAndGbk($username, 0); $password = doUtfAndGbk($password, 0); //密码 if (empty($user_dopass)) { $password = md5($password); } if ($user_dopass == 3) { $password = substr(md5($password), 8, 16); } //双重md5 $num = 0; if ($user_dopass == 2) { $ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1"); $password = md5(md5($password) . $ur[$user_salt]); $num = 0; if ($password == $ur[$user_password]) { $num = 1; } if (empty($ur[$user_userid])) { $num = 0; } } else { $num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='" . $password . "' limit 1"); } if (!$num) { printerror("FailPassword", "history.go(-1)", $dopr); } $r = $empire->fetch1("select * from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1"); if ($r[$user_checked] == 0) { if ($public_r['regacttype'] == 1) { printerror('NotCheckedUser', '../member/register/regsend.php', 1); } else { printerror('NotCheckedUser', '', 1); } } $time = date("Y-m-d H:i:s"); $rnd = make_password(12); //取得随机密码 //默认会员组 if (empty($r[$user_group])) { $r[$user_group] = $user_groupid; } $r[$user_group] = (int) $r[$user_group]; $usql = $empire->query("update " . $user_tablename . " set " . $user_rnd . "='{$rnd}'," . $user_group . "=" . $r[$user_group] . " where " . $user_userid . "='{$r[$user_userid]}'"); //设置cookie $logincookie = 0; if ($lifetime) { $logincookie = time() + $lifetime; } $set1 = esetcookie("mlusername", $username, $logincookie); $set2 = esetcookie("mluserid", $r[$user_userid], $logincookie); $set3 = esetcookie("mlgroupid", $r[$user_group], $logincookie); $set4 = esetcookie("mlrnd", $rnd, $logincookie); //登录附加cookie AddLoginCookie($r); $location = "../member/cp/"; $returnurl = getcvar('returnurl'); if ($returnurl) { $location = $returnurl; } if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) { $location = "../member/iframe/"; } if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) { $location = "../member/cp/"; $_POST['ecmsfrom'] = ''; } ecmsEmptyShowKey($keyvname); //清空验证码 $set6 = esetcookie("returnurl", ""); if ($set1 && $set2) { $location = DoingReturnUrl($location, $_POST['ecmsfrom']); printerror("LoginSuccess", $location, $dopr); } else { printerror("NotCookie", "history.go(-1)", $dopr); } }
function register($add) { global $empire, $dbtbpre, $public_r, $ecms_config; //关闭注册 if ($public_r['register_ok']) { printerror('CloseRegister', '', 1); } //验证时间段允许操作 eCheckTimeCloseDo('reg'); //验证IP eCheckAccessDoIp('register'); if (!empty($ecms_config['member']['registerurl'])) { Header("Location:" . $ecms_config['member']['registerurl']); exit; } //已经登陆不能注册 if (getcvar('mluserid')) { printerror('LoginToRegister', '', 1); } CheckCanPostUrl(); //验证来源 $username = trim($add['username']); $password = trim($add['password']); $username = RepPostVar($username); $password = RepPostVar($password); $email = RepPostStr($add['email']); if (!$username || !$password || !$email) { printerror("EmptyMember", "history.go(-1)", 1); } $tobind = (int) $add['tobind']; //验证码 $keyvname = 'checkregkey'; if ($public_r['regkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } $user_groupid = eReturnMemberDefGroupid(); $groupid = (int) $add['groupid']; $groupid = empty($groupid) ? $user_groupid : $groupid; CheckMemberGroupCanReg($groupid); //IP $regip = egetip(); $regipport = egetipport(); //用户字数 $pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1"); $userlen = strlen($username); if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) { printerror('FaiUserlen', '', 1); } //密码字数 $passlen = strlen($password); if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) { printerror('FailPasslen', '', 1); } if ($add['repassword'] !== $password) { printerror('NotRepassword', '', 1); } if (!chemail($email)) { printerror('EmailFail', '', 1); } if (strstr($username, '|') || strstr($username, '*')) { printerror('NotSpeWord', '', 1); } //同一IP注册 eCheckIpRegTime($regip, $pr['regretime']); //保留用户 toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword'); $username = RepPostStr($username); //重复用户 $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); if ($num) { printerror('ReUsername', '', 1); } //重复邮箱 if ($pr['regemailonly']) { $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' limit 1"); if ($num) { printerror('ReEmailFail', '', 1); } } //注册时间 $lasttime = time(); $registertime = eReturnAddMemberRegtime(); $rnd = make_password(20); //产生随机密码 $userkey = eReturnMemberUserKey(); //密码 $truepassword = $password; $salt = eReturnMemberSalt(); $password = eDoMemberPw($password, $salt); //审核 $checked = ReturnGroupChecked($groupid); if ($checked && $public_r['regacttype'] == 1) { $checked = 0; } //验证附加表必填项 $mr['add_filepass'] = ReturnTranFilepass(); $fid = GetMemberFormId($groupid); $member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username); $sql = $empire->query("insert into " . eReturnMemberTable() . "(" . eReturnInsertMemberF('username,password,rnd,email,registertime,groupid,userfen,userdate,money,zgroupid,havemsg,checked,salt,userkey') . ") values('{$username}','{$password}','{$rnd}','{$email}','{$registertime}','{$groupid}','{$public_r['reggetfen']}','0','0','0','0','{$checked}','{$salt}','{$userkey}');"); //取得userid $userid = $empire->lastid(); //附加表 $addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'"); if (!$addr[userid]) { $spacestyleid = ReturnGroupSpaceStyleid($groupid); $sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}','{$lasttime}','{$regip}','1','{$regipport}','{$regipport}'" . $member_r[1] . ");"); } //更新附件 UpdateTheFileOther(6, $userid, $mr['add_filepass'], 'member'); ecmsEmptyShowKey($keyvname); //清空验证码 //绑定帐号 if ($tobind) { MemberConnect_BindUser($userid); } if ($sql) { //邮箱激活 if ($checked == 0 && $public_r['regacttype'] == 1) { include 'class/member_actfun.php'; SendActUserEmail($userid, $username, $email); } //审核 if ($checked == 0) { $location = DoingReturnUrl("../../", $_POST['ecmsfrom']); printerror("RegisterSuccessCheck", $location, 1); } $logincookie = 0; if ($ecms_config['member']['regcookietime']) { $logincookie = time() + $ecms_config['member']['regcookietime']; } $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1"); $set1 = esetcookie("mlusername", $username, $logincookie); $set2 = esetcookie("mluserid", $userid, $logincookie); $set3 = esetcookie("mlgroupid", $groupid, $logincookie); $set4 = esetcookie("mlrnd", $rnd, $logincookie); //验证符 qGetLoginAuthstr($userid, $username, $rnd, $groupid, $logincookie); //登录附加cookie AddLoginCookie($r); $location = "../member/cp/"; $returnurl = getcvar('returnurl'); if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) { $location = $returnurl; } $set5 = esetcookie("returnurl", ""); //易通行系统 DoEpassport('reg', $userid, $username, $truepassword, $salt, $email, $groupid, $registertime); $location = DoingReturnUrl($location, $_POST['ecmsfrom']); printerror("RegisterSuccess", $location, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function qloginout($userid, $username, $rnd) { global $empire, $public_r, $ecms_config; //是否登陆 $user_r = islogin(); if ($ecms_config['member']['quiturl']) { Header("Location:" . $ecms_config['member']['quiturl']); exit; } EmptyEcmsCookie(); $dopr = 1; if ($_GET['prtype']) { $dopr = 9; } $gotourl = "../../"; if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) { $gotourl = $public_r['newsurl'] . "e/member/iframe/"; } //易通行系统 DoEpassport('logout', $user_r['userid'], $user_r['username'], '', '', '', '', ''); $gotourl = DoingReturnUrl($gotourl, $_GET['ecmsfrom']); printerror("ExitSuccess", $gotourl, $dopr); }
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add) { global $empire, $dbtbpre, $public_r, $class_r, $level_r; //验证本时间允许操作 eCheckTimeCloseDo('pl'); //验证IP eCheckAccessDoIp('pl'); $id = (int) $id; $repid = (int) $repid; $classid = (int) $classid; //验证码 $keyvname = 'checkplkey'; if ($public_r['plkey_ok']) { ecmsCheckShowKey($keyvname, $key, 1); } $username = RepPostVar($username); $password = RepPostVar($password); $muserid = (int) getcvar('mluserid'); $musername = RepPostVar(getcvar('mlusername')); $mgroupid = (int) getcvar('mlgroupid'); if ($muserid) { $cklgr = qCheckLoginAuthstr(); if ($cklgr['islogin']) { $username = $musername; } else { $muserid = 0; } } else { if (empty($nomember)) { if (!$username || !$password) { printerror("FailPassword", "history.go(-1)", 1); } $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password,checked,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); if (empty($ur['userid'])) { printerror("FailPassword", "history.go(-1)", 1); } if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) { printerror("FailPassword", "history.go(-1)", 1); } if ($ur['checked'] == 0) { printerror("NotCheckedUser", '', 1); } $muserid = $ur['userid']; $mgroupid = $ur['groupid']; } else { $muserid = 0; } } if ($public_r['plgroupid']) { if (!$muserid) { printerror("GuestNotToPl", "history.go(-1)", 1); } if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) { printerror("NotLevelToPl", "history.go(-1)", 1); } } //专题 $doaction = $add['doaction']; if ($doaction == 'dozt') { if (!trim($saytext) || !$classid) { printerror("EmptyPl", "history.go(-1)", 1); } //是否关闭评论 $r = $empire->fetch1("select ztid,closepl,checkpl,restb from {$dbtbpre}enewszt where ztid='{$classid}'"); if (!$r['ztid']) { printerror("ErrorUrl", "history.go(-1)", 1); } if ($r['closepl']) { printerror("CloseClassPl", "history.go(-1)", 1); } //审核 if ($r['checkpl']) { $checked = 1; } else { $checked = 0; } $restb = $r['restb']; $pubid = '-' . $classid; $id = 0; $pagefunr = eReturnRewritePlUrl($classid, $id, 'dozt', 0, 0, 1); $returl = $pagefunr['pageurl']; } else { if (!trim($saytext) || !$id || !$classid) { printerror("EmptyPl", "history.go(-1)", 1); } //表存在 if (empty($class_r[$classid][tbname])) { printerror("ErrorUrl", "history.go(-1)", 1); } //是否关闭评论 $r = $empire->fetch1("select classid,stb,restb from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' limit 1"); if (!$r['classid'] || $r['classid'] != $classid) { printerror("ErrorUrl", "history.go(-1)", 1); } if ($class_r[$r[classid]][openpl]) { printerror("CloseClassPl", "history.go(-1)", 1); } //单信息关闭评论 $pubid = ReturnInfoPubid($classid, $id); $finfor = $empire->fetch1("select closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . "_data_" . $r['stb'] . " where id='{$id}' limit 1"); if ($finfor['closepl']) { printerror("CloseInfoPl", "history.go(-1)", 1); } //审核 if ($class_r[$classid][checkpl]) { $checked = 1; } else { $checked = 0; } $restb = $r['restb']; $pagefunr = eReturnRewritePlUrl($classid, $id, 'doinfo', 0, 0, 1); $returl = $pagefunr['pageurl']; } //设置参数 $plsetr = $empire->fetch1("select pltime,plsize,plincludesize,plclosewords,plmustf,plf,plmaxfloor,plquotetemp from {$dbtbpre}enewspl_set limit 1"); if (strlen($saytext) > $plsetr['plsize']) { $GLOBALS['setplsize'] = $plsetr['plsize']; printerror("PlSizeTobig", "history.go(-1)", 1); } $time = time(); $saytime = $time; $pltime = getcvar('lastpltime'); if ($pltime) { if ($time - $pltime < $plsetr['pltime']) { $GLOBALS['setpltime'] = $plsetr['pltime']; printerror("PlOutTime", "history.go(-1)", 1); } } $sayip = egetip(); $eipport = egetipport(); $username = str_replace("\r\n", "", $username); $username = RepPostStr($username); $saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext))); if ($repid) { $saytext = RepPlTextQuote($repid, $saytext, $plsetr, $restb); CkPlQuoteFloor($plsetr['plmaxfloor'], $saytext); //验证楼层 } //过滤字符 $saytext = ReplacePlWord($plsetr['plclosewords'], $saytext); if ($level_r[$mgroupid]['plchecked']) { $checked = 0; } $ret_r = ReturnPlAddF($add, $plsetr, 0); //主表 $sql = $empire->query("insert into {$dbtbpre}enewspl_" . $restb . "(pubid,username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,saytext,eipport" . $ret_r['fields'] . ") values('{$pubid}','" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'" . addslashes($saytext) . "','{$eipport}'" . $ret_r['values'] . ");"); $plid = $empire->lastid(); if ($doaction != 'dozt') { //信息表加1 $usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}' limit 1"); } //更新新评论数 DoUpdateAddDataNum('pl', $restb, 1); //设置最后发表时间 $set1 = esetcookie("lastpltime", time(), time() + 3600 * 24); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { $reurl = DoingReturnUrl($returl, $_POST['ecmsfrom']); printerror("AddPlSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function DodoInfo($add, $ecms = 0) { global $empire, $public_r, $emod_r, $level_r, $class_r, $dbtbpre, $fun_r; //验证来源 if ($ecms == 0 || $ecms == 1) { CheckCanPostUrl(); } //开启投稿 if ($public_r['addnews_ok']) { printerror("CloseQAdd", "", 1); } //验证本时间允许操作 eCheckTimeCloseDo('info'); $classid = (int) $add['classid']; $mid = (int) $class_r[$classid]['modid']; if (!$mid || !$classid) { printerror("EmptyQinfoCid", "", 1); } $tbname = $emod_r[$mid]['tbname']; $qenter = $emod_r[$mid]['qenter']; if (!$tbname || !$qenter || $qenter == ',') { printerror("ErrorUrl", "history.go(-1)", 1); } $muserid = (int) getcvar('mluserid'); $musername = RepPostVar(getcvar('mlusername')); $mrnd = RepPostVar(getcvar('mlrnd')); //取得栏目信息 $isadd = 0; if ($ecms == 0) { $isadd = 1; } $setuserday = ''; $cr = DoQCheckAddLevel($classid, $muserid, $musername, $mrnd, $ecms, $isadd); $setuserday = $cr['checkaddnumquery']; $filepass = (int) $add['filepass']; $id = (int) $add['id']; $infor = array(); //组合标题属性 $titlecolor = RepPostStr(RepPhpAspJspcodeText($add[titlecolor])); $titlefont = TitleFont($add[titlefont], $titlecolor); $titlecolor = ""; $titlefont = ""; $ttid = (int) $add['ttid']; $keyboard = addslashes(RepPostStr(trim(DoReplaceQjDh($add[keyboard])))); $keyid = ''; //返回关键字组合 if ($keyboard && strstr($qenter, ',special.field,')) { $keyboard = str_replace('[!--f--!]', 'ecms', $keyboard); $keyid = GetKeyid($keyboard, $classid, $id, $class_r[$classid][link_num]); } //验证码 $keyvname = 'checkinfokey'; //moreport if (Moreport_ReturnMustDt()) { define('ECMS_SELFPATH', eReturnEcmsMainPortPath()); Moreport_ResetMainTempGid(); } //-----------------增加 if ($ecms == 0) { //时间 $lasttime = getcvar('lastaddinfotime'); if ($lasttime) { if (time() - $lasttime < $public_r['readdinfotime']) { printerror("QAddInfoOutTime", "", 1); } } //验证码 if ($cr['qaddshowkey']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } //IP发布数限制 $check_ip = egetip(); $check_checked = $cr['wfid'] ? 0 : $cr['checkqadd']; eCheckIpAddInfoNum($check_ip, $tbname, $mid, $check_checked); //返回字段 $ret_r = ReturnQAddinfoF($mid, $add, $infor, $classid, $filepass, $muserid, $musername, 0); $checked = $cr['checkqadd']; $havehtml = 0; $newspath = date($cr['newspath']); $truetime = time(); $newstime = $truetime; $newstempid = $cr['newstempid']; $haveaddfen = 0; //强制签发 $isqf = 0; if ($cr['wfid']) { $checked = 0; $isqf = 1; } //增扣点 if ($checked && $muserid) { AddInfoFen($cr['addinfofen'], $muserid); $haveaddfen = 1; } if (empty($muserid)) { $musername = $fun_r['guest']; } //会员投稿数更新 if ($setuserday) { $empire->query($setuserday); } //发布时间 if (!strstr($qenter, ',newstime,')) { $ret_r[0] = ",newstime" . $ret_r[0]; $ret_r[1] = ",'{$newstime}'" . $ret_r[1]; } else { if ($add['newstime']) { $newstime = to_time($add['newstime']); $newstime = intval($newstime); } } //附加链接参数 $addecmscheck = empty($checked) ? '&ecmscheck=1' : ''; //索引表 $indexsql = $empire->query("insert into {$dbtbpre}ecms_" . $tbname . "_index(classid,checked,newstime,truetime,lastdotime,havehtml) values('{$classid}','{$checked}','{$newstime}','{$truetime}','{$truetime}','{$havehtml}');"); $id = $empire->lastid(); //返回表信息 $infotbr = ReturnInfoTbname($tbname, $checked, $ret_r[4]); //主表 $sql = $empire->query("insert into " . $infotbr['tbname'] . "(id,classid,ttid,onclick,plnum,totaldown,newspath,filename,userid,username,firsttitle,isgood,istop,isqf,ismember,isurl,truetime,lastdotime,havehtml,groupid,userfen,titlefont,titleurl,stb,fstb,restb,keyboard" . $ret_r[0] . ") values('{$id}','{$classid}','{$ttid}',0,0,0,'{$newspath}','','" . $muserid . "','" . addslashes($musername) . "',0,0,0,'{$isqf}',1,0,'{$truetime}','{$truetime}','{$havehtml}',0,0,'{$titlefont}','','{$ret_r['4']}','{$public_r['filedeftb']}','{$public_r['pldeftb']}','{$keyboard}'" . $ret_r[1] . ");"); //副表 $fsql = $empire->query("insert into " . $infotbr['datatbname'] . "(id,classid,keyid,dokey,newstempid,closepl,haveaddfen,infotags" . $ret_r[2] . ") values('{$id}','{$classid}','{$keyid}',1,'{$newstempid}',0,'{$haveaddfen}',''" . $ret_r[3] . ");"); //扣点记录 if ($haveaddfen) { if ($cr['addinfofen'] < 0) { BakDown($classid, $id, 0, $muserid, $musername, RepPostStr($add[title]), abs($cr['addinfofen']), 3); } } //签发 if ($isqf == 1) { InfoInsertToWorkflow($id, $classid, $cr['wfid'], $muserid, addslashes($musername)); } //文件命名 $filename = ReturnInfoFilename($classid, $id, ''); //信息地址 $infourl = GotoGetTitleUrl($classid, $id, $newspath, $filename, 0, 0, ''); $usql = $empire->query("update " . $infotbr['tbname'] . " set filename='{$filename}',titleurl='{$infourl}' where id='{$id}'"); //修改ispic UpdateTheIspic($classid, $id, $checked); //修改附件 if ($filepass) { UpdateTheFile($id, $filepass, $classid, $public_r['filedeftb']); } //更新栏目信息数 AddClassInfos($classid, '+1', '+1', $checked); //更新新信息数 DoUpdateAddDataNum('info', $class_r[$classid]['tid'], 1); //清除验证码 ecmsEmptyShowKey($keyvname); esetcookie("qeditinfo", "", 0); //生成页面 if ($checked && !$cr['showdt']) { $titleurl = qAddGetHtml($classid, $id); } //生成列表 if ($checked) { qAddListHtml($classid, $mid, $cr['qaddlist'], $cr['listdt']); //生成上一篇 if ($cr['repreinfo']) { $prer = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id<{$id} and classid='{$classid}' order by id desc limit 1"); GetHtml($prer['classid'], $prer['id'], $prer, 1); } } if ($sql) { $reurl = DoingReturnUrl("AddInfo.php?classid={$classid}&mid={$mid}" . $addecmscheck, $add['ecmsfrom']); if ($add['gotoinfourl'] && $checked) { if ($cr['showdt'] == 1) { $reurl = $public_r[newsurl] . "e/action/ShowInfo/?classid={$classid}&id={$id}"; } elseif ($cr['showdt'] == 2) { $rewriter = eReturnRewriteInfoUrl($classid, $id, 1); $reurl = $rewriter['pageurl']; } else { $reurl = $titleurl; } } esetcookie("lastaddinfotime", time(), time() + 3600 * 24); //设置最后发表时间 printerror("AddQinfoSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } } elseif ($ecms == 1) { if (!$id) { printerror("ErrorUrl", "history.go(-1)", 1); } //检测权限 $infor = CheckQdoinfo($classid, $id, $muserid, $tbname, $cr['adminqinfo'], 1); //检测时间 if ($public_r['qeditinfotime']) { if (time() - $infor['truetime'] > $public_r['qeditinfotime'] * 60) { printerror("QEditInfoOutTime", "history.go(-1)", 1); } } $iaddfield = ''; $addfield = ''; $faddfield = ''; //返回字段 $ret_r = ReturnQAddinfoF($mid, $add, $infor, $classid, $filepass, $muserid, $musername, 1); if ($keyboard) { $addfield = ",keyboard='{$keyboard}'"; $faddfield = ",keyid='{$keyid}'"; } //时间 if (strstr($qenter, ',newstime,')) { if ($add['newstime']) { $newstime = to_time($add['newstime']); $newstime = intval($newstime); $iaddfield .= ",newstime='{$newstime}'"; } } //修改是否需要审核 $ychecked = $infor['checked']; if ($cr['qeditchecked']) { $infor['checked'] = 0; $iaddfield .= ",checked=0"; $relist = 1; //删除原页面 DelNewsFile($infor[filename], $infor[newspath], $infor[classid], $infor[newstext], $infor[groupid]); } //会员投稿数更新 if ($setuserday) { //$empire->query($setuserday); } $lastdotime = time(); //附加链接参数 $addecmscheck = empty($infor['checked']) ? '&ecmscheck=1' : ''; //索引表 $indexsql = $empire->query("update {$dbtbpre}ecms_" . $tbname . "_index set lastdotime={$lastdotime},havehtml=0" . $iaddfield . " where id='{$id}'"); //返回表信息 $infotbr = ReturnInfoTbname($tbname, $ychecked, $infor['stb']); //主表 $sql = $empire->query("update " . $infotbr['tbname'] . " set lastdotime={$lastdotime},havehtml=0,ttid='{$ttid}'" . $addfield . $ret_r[0] . " where id={$id} and classid={$classid} and userid='{$muserid}' and ismember=1"); //副表 $fsql = $empire->query("update " . $infotbr['datatbname'] . " set classid='{$classid}'" . $faddfield . $ret_r[3] . " where id='{$id}'"); //修改ispic UpdateTheIspic($classid, $id, $ychecked); //更新附件 UpdateTheFileEdit($classid, $id, $infor['fstb']); //未审核信息互转 if ($ychecked != $infor['checked']) { MoveCheckInfoData($tbname, $ychecked, $infor['stb'], "id='{$id}'"); //更新栏目信息数 if ($infor['checked']) { AddClassInfos($classid, '', '+1'); } else { AddClassInfos($classid, '', '-1'); } } esetcookie("qeditinfo", "", 0); //生成页面 if ($infor['checked'] && !$cr['showdt']) { $titleurl = qAddGetHtml($classid, $id); } //生成列表 if ($infor['checked'] || $relist == 1) { qAddListHtml($classid, $mid, $cr['qaddlist'], $cr['listdt']); } //生成上一篇 if ($cr['repreinfo'] && $infor['checked']) { $prer = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id<{$id} and classid='{$classid}' order by id desc limit 1"); GetHtml($prer['classid'], $prer['id'], $prer, 1); } if ($sql) { $reurl = DoingReturnUrl("ListInfo.php?mid={$mid}" . $addecmscheck, $add['ecmsfrom']); if ($add['editgotoinfourl'] && $infor['checked']) { if ($cr['showdt'] == 1) { $reurl = $public_r[newsurl] . "e/action/ShowInfo/?classid={$classid}&id={$id}"; } elseif ($cr['showdt'] == 2) { $rewriter = eReturnRewriteInfoUrl($classid, $id, 1); $reurl = $rewriter['pageurl']; } else { $reurl = $titleurl; } } printerror("EditQinfoSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } } elseif ($ecms == 2) { if (!$id) { printerror("ErrorUrl", "history.go(-1)", 1); } //检测权限 $r = CheckQdoinfo($classid, $id, $muserid, $tbname, $cr['adminqinfo'], 2); //附加链接参数 $addecmscheck = empty($r['checked']) ? '&ecmscheck=1' : ''; //返回表信息 $infotbr = ReturnInfoTbname($tbname, $r['checked'], $r['stb']); $stf = $emod_r[$mid]['savetxtf']; $pf = $emod_r[$mid]['pagef']; //分页字段 if ($pf) { if (strstr($emod_r[$mid]['tbdataf'], ',' . $pf . ',')) { $finfor = $empire->fetch1("select " . $pf . " from " . $infotbr['datatbname'] . " where id='{$id}' limit 1"); $r[$pf] = $finfor[$pf]; } } //存文本 if ($stf) { $newstextfile = $r[$stf]; $r[$stf] = GetTxtFieldText($r[$stf]); //删除文件 DelTxtFieldText($newstextfile); } //删除信息文件 DelNewsFile($r[filename], $r[newspath], $classid, $r[$pf], $r[groupid]); $indexsql = $empire->query("delete from {$dbtbpre}ecms_" . $tbname . "_index where id='{$id}'"); $sql = $empire->query("delete from " . $infotbr['tbname'] . " where id={$id} and classid={$classid} and userid='{$muserid}' and ismember=1"); $fsql = $empire->query("delete from " . $infotbr['datatbname'] . " where id={$id}"); esetcookie("qdelinfo", "", 0); //更新栏目信息数 AddClassInfos($classid, '-1', '-1', $r['checked']); //删除其它表记录和附件 DelSingleInfoOtherData($classid, $id, $r, 0, 0); //生成列表 if ($r['checked']) { qAddListHtml($classid, $mid, $cr['qaddlist'], $cr['listdt']); //生成上一篇 if ($cr['repreinfo']) { $prer = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id<{$id} and classid='{$classid}' order by id desc limit 1"); GetHtml($prer['classid'], $prer['id'], $prer, 1); //下一篇 $nextr = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id>{$id} and classid='{$classid}' order by id limit 1"); if ($nextr['id']) { GetHtml($nextr['classid'], $nextr['id'], $nextr, 1); } } } if ($sql) { $reurl = DoingReturnUrl("ListInfo.php?mid={$mid}", $add['ecmsfrom']); printerror("DelQinfoSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } } else { printerror("ErrorUrl", "", 1); } }
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add) { global $empire, $public_r, $class_r, $user_userid, $user_username, $user_password, $user_dopass, $user_tablename, $user_salt, $user_checked, $user_group, $dbtbpre, $level_r; //验证IP eCheckAccessDoIp('pl'); $id = (int) $id; $repid = (int) $repid; $classid = (int) $classid; //验证码 $keyvname = 'checkplkey'; if ($public_r['plkey_ok']) { ecmsCheckShowKey($keyvname, $key, 1); } $username = RepPostVar($username); $password = RepPostVar($password); $muserid = (int) getcvar('mluserid'); $musername = RepPostVar(getcvar('mlusername')); $mgroupid = (int) getcvar('mlgroupid'); if ($muserid) { $username = $musername; } else { if (empty($nomember)) { //编码转换 $utfusername = doUtfAndGbk($username, 0); $password = doUtfAndGbk($password, 0); //密码 if (empty($user_dopass)) { $password = md5($password); } if ($user_dopass == 3) { $password = substr(md5($password), 8, 16); } //双重md5 if ($user_dopass == 2) { $ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . "," . $user_checked . "," . $user_group . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1"); $password = md5(md5($password) . $ur[$user_salt]); $cuser = 0; if ($password == $ur[$user_password]) { $cuser = 1; } if (empty($ur[$user_userid])) { $cuser = 0; } } else { $ur = $empire->fetch1("select " . $user_userid . "," . $user_checked . "," . $user_group . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='{$password}' limit 1"); $cuser = 0; if ($ur[$user_userid]) { $cuser = 1; } } if (empty($cuser)) { printerror("FailPassword", "history.go(-1)", 1); } if ($ur[$user_checked] == 0) { printerror("NotCheckedUser", '', 1); } $muserid = $ur[$user_userid]; $mgroupid = $ur[$user_group]; } else { $muserid = 0; } } if ($public_r['plgroupid']) { if (!$muserid) { printerror("GuestNotToPl", "history.go(-1)", 1); } if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) { printerror("NotLevelToPl", "history.go(-1)", 1); } } if (!trim($saytext) || !$id || !$classid) { printerror("EmptyPl", "history.go(-1)", 1); } //表存在 if (empty($class_r[$classid][tbname])) { printerror("ErrorUrl", "history.go(-1)", 1); } if (strlen($saytext) > $public_r[plsize]) { printerror("PlSizeTobig", "history.go(-1)", 1); } $saytime = date("Y-m-d H:i:s"); $time = time(); $pltime = getcvar('lastpltime'); if ($pltime) { if ($time - $pltime < $public_r[pltime]) { printerror("PlOutTime", "history.go(-1)", 1); } } //是否关闭评论 $r = $empire->fetch1("select classid,closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' and classid='{$classid}'"); if (empty($r[classid])) { printerror("ErrorUrl", "history.go(-1)", 1); } if ($class_r[$r[classid]][openpl]) { printerror("CloseClassPl", "history.go(-1)", 1); } //单信息关闭评论 if ($r['closepl']) { printerror("CloseInfoPl", "history.go(-1)", 1); } $sayip = egetip(); $username = RepPostStr($username); $username = str_replace("\r\n", "", $username); $saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext))); $pr = $empire->fetch1("select plclosewords,plf,plmustf,pldeftb from {$dbtbpre}enewspublic limit 1"); if ($repid) { if (trim($saytext) == "[quote]" . $repid . "[/quote]") { printerror("EmptyPl", "history.go(-1)", 1); } $saytext = RepPlTextQuote($repid, $saytext, $pr); } //过滤字符 $saytext = ReplacePlWord($pr['plclosewords'], $saytext); //审核 if ($class_r[$classid][checkpl]) { $checked = 1; } else { $checked = 0; } $ret_r = ReturnPlAddF($add, $pr, 0); //主表 $sql = $empire->query("insert into {$dbtbpre}enewspl(username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,stb) values('" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'{$pr['pldeftb']}');"); $plid = $empire->lastid(); //副表 $fsql = $empire->query("insert into {$dbtbpre}enewspl_data_" . $pr['pldeftb'] . "(plid,classid,id,saytext" . $ret_r['fields'] . ") values('{$plid}','{$classid}','{$id}','" . addslashes($saytext) . "'" . $ret_r['values'] . ");"); //信息表加1 $usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}'"); //设置最后发表时间 $set1 = esetcookie("lastpltime", time(), time() + 3600 * 24); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { $reurl = DoingReturnUrl("../pl/?classid={$classid}&id={$id}", $_POST['ecmsfrom']); printerror("AddPlSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
//变量 if ($_GET['searchget'] == 1) { $_POST = $_GET; } $ip = egetip(); $searchtime = time(); $getvar = $_POST['getvar']; if (empty($getvar)) { $getfrom = "history.go(-1)"; $dogetvar = ''; } else { $getfrom = "../../search/"; $dogetvar = "&getvar=1"; } //返回 $getfrom = DoingReturnUrl($getfrom, $_POST['ecmsfrom']); //搜索用户组 if ($public_r['searchgroupid']) { $psearchgroupid = $public_r['searchgroupid']; @(include "../data/dbcache/MemberLevel.php"); $searchgroupid = (int) getcvar('mlgroupid'); if ($level_r[$searchgroupid][level] < $level_r[$psearchgroupid][level]) { printerror("NotLevelToSearch", $getfrom, 1); } } //搜索间隔 $lastsearchtime = getcvar('lastsearchtime'); if ($lastsearchtime) { if ($searchtime - $lastsearchtime < $public_r[searchtime]) { printerror("SearchOutTime", $getfrom, 1); }