function EditSearchLoadTb($add, $userid, $username)
{
global $empire, $dbtbpre;
$lid = (int) $add['lid'];
$tbname = RepPostVar($add['tbname']);
$titlefield = RepPostVar($add['titlefield']);
$infotextfield = RepPostVar($add['infotextfield']);
$smalltextfield = RepPostVar($add['smalltextfield']);
$loadnum = (int) $add['loadnum'];
if (!$tbname || !$titlefield || !$infotextfield || !$smalltextfield || !$loadnum) {
printerror("EmptySearchLoadTb", "history.go(-1)");
}
//操作权限
CheckLevel($userid, $username, $classid, "searchall");
if ($tbname != $add['oldtbname']) {
//表是否存在
$tbnum = $empire->gettotal("select count(*) as total from {$dbtbpre}enewssearchall_load where tbname='{$tbname}' and lid<>{$lid} limit 1");
if ($tbnum) {
printerror("ReSearchLoadTb", "history.go(-1)");
}
}
$sql = $empire->query("update {$dbtbpre}enewssearchall_load set tbname='{$tbname}',titlefield='{$titlefield}',infotextfield='{$infotextfield}',smalltextfield='{$smalltextfield}',loadnum='{$loadnum}' where lid='{$lid}'");
GetSearchAllTb();
if ($sql) {
//操作日志
insert_dolog("lid=" . $lid . "&tbname=" . $tbname);
printerror("EditSearchLoadTbSuccess", "ListSearchLoadTb.php" . hReturnEcmsHashStrHref2(1));
} else {
printerror("DbError", "history.go(-1)");
}
}
function AddGbook($add)
{
global $empire, $dbtbpre, $level_r, $public_r;
//验证IP
eCheckAccessDoIp('gbook');
CheckCanPostUrl();
//验证来源
$bid = (int) getcvar('gbookbid');
if (empty($bid)) {
$bid = intval($add[bid]);
}
$name = RepPostStr(trim($add[name]));
$email = RepPostStr($add[email]);
$call = RepPostStr($add[call]);
$lytext = RepPostStr($add[lytext]);
if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) {
printerror("EmptyGbookname", "history.go(-1)", 1);
}
if (!chemail($email)) {
printerror("EmailFail", "history.go(-1)", 1);
}
//验证码
$keyvname = 'checkgbookkey';
if ($public_r['gbkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
$lasttime = getcvar('lastgbooktime');
if ($lasttime) {
if (time() - $lasttime < $public_r['regbooktime']) {
printerror("GbOutTime", "", 1);
}
}
//版面是否存在
$br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';");
if (empty($br[bid])) {
printerror("EmptyGbook", "history.go(-1)", 1);
}
//权限
if ($br['groupid']) {
$user = islogin();
if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
printerror("HaveNotEnLevel", "history.go(-1)", 1);
}
}
$lytime = date("Y-m-d H:i:s");
$ip = egetip();
$userid = (int) getcvar('mluserid');
$username = RepPostVar(getcvar('mlusername'));
$sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('{$name}','{$email}','{$call}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
esetcookie("lastgbooktime", time(), time() + 3600 * 24);
//设置最后发表时间
$reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']);
printerror("AddGbookSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function EditPubVar($add, $userid, $username)
{
global $empire, $dbtbpre;
$add[varid] = (int) $add['varid'];
$add[myvar] = RepPostVar($add[myvar]);
if (!$add[varid] || !$add[myvar] || !$add[varname]) {
printerror("EmptyPubVar", "history.go(-1)");
}
//验证权限
CheckLevel($userid, $username, $classid, "pubvar");
if ($add[myvar] != $add[oldmyvar]) {
$num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewspubvar where myvar='{$add['myvar']}' and varid<>{$add['varid']} limit 1");
if ($num) {
printerror("RePubVar", "history.go(-1)");
}
}
$add[varvalue] = AddAddsData(RepPhpAspJspcode($add[varvalue]));
$classid = (int) $add[classid];
$tocache = (int) $add[tocache];
$add[myorder] = (int) $add[myorder];
$sql = $empire->query("update {$dbtbpre}enewspubvar set myvar='{$add['myvar']}',varname='{$add['varname']}',varvalue='" . $add[varvalue] . "',varsay='{$add['varsay']}',myorder='{$add['myorder']}',classid='{$classid}',tocache='{$tocache}' where varid='{$add['varid']}'");
if ($tocache || $add['oldtocache']) {
GetConfig();
}
if ($sql) {
//操作日志
insert_dolog("varid=" . $add[varid] . "<br>var=" . $add[myvar]);
printerror("EditPubVarSuccess", "ListPubVar.php?classid={$add['cid']}" . hReturnEcmsHashStrHref2(0));
} else {
printerror("DbError", "history.go(-1)");
}
}
function EditSp($add, $userid, $username)
{
global $empire, $dbtbpre;
$add['varname'] = RepPostVar($add['varname']);
$spid = (int) $add[spid];
if (!$spid || !$add[spname] || !$add[varname]) {
printerror("EmptySp", "history.go(-1)");
}
//验证权限
CheckLevel($userid, $username, $classid, "sp");
$num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewssp where varname='{$add['varname']}' and spid<>{$spid} limit 1");
if ($num) {
printerror("HaveSp", "history.go(-1)");
}
$add[sptype] = (int) $add[sptype];
$add[cid] = (int) $add[cid];
$add[classid] = (int) $add[classid];
$add[tempid] = (int) $add[tempid];
$add[maxnum] = (int) $add[maxnum];
$sptime = time();
$groupid = ReturnSpGroup($add[groupid]);
$userclass = ReturnSpGroup($add[userclass]);
$username = '******' . $add[username] . ',';
$add[isclose] = (int) $add[isclose];
$add[cladd] = (int) $add[cladd];
$sql = $empire->query("update {$dbtbpre}enewssp set spname='{$add['spname']}',varname='{$add['varname']}',sppic='{$add['sppic']}',spsay='{$add['spsay']}',sptype='{$add['sptype']}',cid='{$add['cid']}',classid='{$add['classid']}',tempid='{$add['tempid']}',maxnum='{$add['maxnum']}',groupid='{$groupid}',userclass='{$userclass}',username='******',isclose='{$add['isclose']}',cladd='{$add['cladd']}' where spid='{$spid}'");
if ($sql) {
//操作日志
insert_dolog("spid=" . $spid . "<br>spname=" . $add[spname]);
printerror("EditSpSuccess", "ListSp.php?cid={$add['fcid']}&fclassid={$add['fclassid']}&fsptype={$add['fsptype']}");
} else {
printerror("DbError", "history.go(-1)");
}
}
function EditFriend($add)
{
global $empire, $dbtbpre;
//是否登陆
$user_r = islogin();
$fid = (int) $add['fid'];
$fname = RepPostVar(trim($add['fname']));
$add['fcid'] = (int) $add['fcid'];
if (!$fname || !$fid) {
printerror("EmptyFriend", "", 1);
}
//加自己为好友
if ($fname == $user_r['username']) {
printerror("NotAddFriendSelf", "", 1);
}
$num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$fname}' limit 1");
if (!$num) {
printerror("NotFriendUsername", "", 1);
}
//重复提交
if ($fname != $add['oldfname']) {
$num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewshy where fname='{$fname}' and userid='{$user_r['userid']}' limit 1");
if ($num) {
printerror("ReAddFriend", "", 1);
}
}
$cid = (int) $add['cid'];
$fsay = RepPostStr($add['fsay']);
$sql = $empire->query("update {$dbtbpre}enewshy set fname='" . addslashes($fname) . "',cid={$cid},fsay='" . addslashes($fsay) . "' where fid={$fid} and userid='{$user_r['userid']}'");
if ($sql) {
printerror("EditFriendSuccess", "../member/friend/?cid={$add['fcid']}", 1);
} else {
printerror("DbError", "", 1);
}
}
function EditSafeInfo($add)
{
global $empire, $dbtbpre, $public_r;
$user_r = islogin();
//是否登陆
$userid = $user_r[userid];
$username = $user_r[username];
$rnd = $user_r[rnd];
//邮箱
$email = trim($add['email']);
if (!$email || !chemail($email)) {
printerror("EmailFail", "history.go(-1)", 1);
}
$email = RepPostStr($email);
//验证原密码
$oldpassword = RepPostVar($add[oldpassword]);
if (!$oldpassword) {
printerror('FailOldPassword', '', 1);
}
$add[password] = RepPostVar($add[password]);
$num = 0;
$ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,password,salt') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}'");
if (empty($ur['userid'])) {
printerror('FailOldPassword', '', 1);
}
if (!eDoCkMemberPw($oldpassword, $ur['password'], $ur['salt'])) {
printerror('FailOldPassword', '', 1);
}
//邮箱
$pr = $empire->fetch1("select regemailonly from {$dbtbpre}enewspublic limit 1");
if ($pr['regemailonly']) {
$num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' and " . egetmf('userid') . "<>'{$userid}' limit 1");
if ($num) {
printerror("ReEmailFail", "history.go(-1)", 1);
}
}
//密码
$a = '';
$salt = '';
$truepassword = '';
if ($add[password]) {
if ($add[password] !== $add[repassword]) {
printerror('NotRepassword', 'history.go(-1)', 1);
}
$salt = eReturnMemberSalt();
$password = eDoMemberPw($add[password], $salt);
$a = "," . egetmf('password') . "='{$password}'," . egetmf('salt') . "='{$salt}'";
$truepassword = $add[password];
}
$sql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('email') . "='{$email}'" . $a . " where " . egetmf('userid') . "='{$userid}'");
if ($sql) {
//易通行系统
DoEpassport('editpassword', $userid, $username, $truepassword, $salt, $email, $user_r['groupid'], '');
printerror("EditInfoSuccess", "../member/EditInfo/EditSafeInfo.php", 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function ReInfoUrl($start, $classid, $from, $retype, $startday, $endday, $startid, $endid, $tbname, $userid, $username)
{
global $empire, $public_r, $class_r, $fun_r, $dbtbpre;
//验证权限
//CheckLevel($userid,$username,$classid,"changedata");
$start = (int) $start;
$tbname = RepPostVar($tbname);
if (empty($tbname) || !eCheckTbname($tbname)) {
printerror("ErrorUrl", "history.go(-1)");
}
$add1 = '';
//按栏目刷新
$classid = (int) $classid;
if ($classid) {
if (empty($class_r[$classid][islast])) {
$where = ReturnClass($class_r[$classid][sonclass]);
} else {
$where = "classid='{$classid}'";
}
$add1 = " and (" . $where . ")";
}
//按ID刷新
if ($retype) {
$startid = (int) $startid;
$endid = (int) $endid;
if ($endid) {
$add1 .= " and id>={$startid} and id<={$endid}";
}
} else {
$startday = RepPostVar($startday);
$endday = RepPostVar($endday);
if ($startday && $endday) {
$add1 .= " and truetime>=" . to_time($startday . " 00:00:00") . " and truetime<=" . to_time($endday . " 23:59:59");
}
}
$b = 0;
$sql = $empire->query("select id,classid,checked from {$dbtbpre}ecms_" . $tbname . "_index where id>{$start}" . $add1 . " order by id limit " . $public_r[delnewsnum]);
while ($r = $empire->fetch($sql)) {
$b = 1;
$new_start = $r[id];
//返回表
$infotb = ReturnInfoMainTbname($tbname, $r['checked']);
$infor = $empire->fetch1("select newspath,filename,groupid,isurl,titleurl from " . $infotb . " where id='{$r['id']}' limit 1");
$infourl = GotoGetTitleUrl($r['classid'], $r['id'], $infor['newspath'], $infor['filename'], $infor['groupid'], $infor['isurl'], $infor['titleurl']);
$empire->query("update " . $infotb . " set titleurl='{$infourl}' where id='{$r['id']}' limit 1");
}
if (empty($b)) {
insert_dolog("");
//操作日志
printerror("ReInfoUrlSuccess", $from);
}
echo $fun_r[OneReInfoUrlSuccess] . "(ID:<font color=red><b>" . $new_start . "</b></font>)<script>self.location.href='ReInfoUrl.php?enews=ReInfoUrl&tbname={$tbname}&classid={$classid}&start={$new_start}&from=" . urlencode($from) . "&retype={$retype}&startday={$startday}&endday={$endday}&startid={$startid}&endid={$endid}" . hReturnEcmsHashStrHref(0) . "';</script>";
exit;
}
function SetWap($add, $userid, $username)
{
global $empire, $dbtbpre;
$wapopen = (int) $add['wapopen'];
$wapdefstyle = (int) $add['wapdefstyle'];
$wapshowmid = RepPostVar($add['wapshowmid']);
$waplistnum = (int) $add['waplistnum'];
$wapsubtitle = (int) $add['wapsubtitle'];
$wapchar = (int) $add['wapchar'];
$sql = $empire->query("update {$dbtbpre}enewspublic set wapopen={$wapopen},wapdefstyle={$wapdefstyle},wapshowmid='{$wapshowmid}',waplistnum={$waplistnum},wapsubtitle={$wapsubtitle},wapshowdate='{$add['wapshowdate']}',wapchar={$wapchar} limit 1");
//操作日志
insert_dolog("");
printerror("SetWapSuccess", "SetWap.php");
}
function EditSp($add, $userid, $username)
{
global $empire, $dbtbpre;
$add['varname'] = RepPostVar($add['varname']);
$spid = (int) $add[spid];
if (!$spid || !$add[spname] || !$add[varname]) {
printerror("EmptySp", "history.go(-1)");
}
//验证权限
CheckLevel($userid, $username, $classid, "sp");
$num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewssp where varname='{$add['varname']}' and spid<>{$spid} limit 1");
if ($num) {
printerror("HaveSp", "history.go(-1)");
}
$add[sptype] = (int) $add[sptype];
$add[cid] = (int) $add[cid];
$add[classid] = (int) $add[classid];
$add[tempid] = (int) $add[tempid];
$add[maxnum] = (int) $add[maxnum];
$sptime = time();
$groupid = ReturnSpGroup($add[groupid]);
$userclass = ReturnSpGroup($add[userclass]);
$username = '******' . $add[username] . ',';
$add[isclose] = (int) $add[isclose];
$add[cladd] = (int) $add[cladd];
$add['refile'] = (int) $add['refile'];
$add['spfile'] = DoRepFileXg($add['spfile']);
$add['oldspfile'] = DoRepFileXg($add['oldspfile']);
$add['spfileline'] = (int) $add['spfileline'];
$add['spfilesub'] = (int) $add['spfilesub'];
$add['filepass'] = (int) $add['filepass'];
$sql = $empire->query("update {$dbtbpre}enewssp set spname='{$add['spname']}',varname='{$add['varname']}',sppic='{$add['sppic']}',spsay='{$add['spsay']}',sptype='{$add['sptype']}',cid='{$add['cid']}',classid='{$add['classid']}',tempid='{$add['tempid']}',maxnum='{$add['maxnum']}',groupid='{$groupid}',userclass='{$userclass}',username='******',isclose='{$add['isclose']}',cladd='{$add['cladd']}',refile='{$add['refile']}',spfile='{$add['spfile']}',spfileline='{$add['spfileline']}',spfilesub='{$add['spfilesub']}' where spid='{$spid}'");
//更新附件
UpdateTheFileEditOther(7, $spid, 'other');
//生成碎片文件
if ($add['refile']) {
//旧文件
if ($add['spfile'] != $add['oldspfile']) {
DelSpReFile($add['oldspfile']);
}
DoSpReFile($add, 0);
}
if ($sql) {
//操作日志
insert_dolog("spid=" . $spid . "<br>spname=" . $add[spname]);
printerror("EditSpSuccess", "ListSp.php?cid={$add['fcid']}&fclassid={$add['fclassid']}&fsptype={$add['fsptype']}" . hReturnEcmsHashStrHref2(0));
} else {
printerror("DbError", "history.go(-1)");
}
}
function AddMemberFeedback($add)
{
global $empire, $dbtbpre;
//验证码
$keyvname = 'checkspacefbkey';
ecmsCheckShowKey($keyvname, $add['key'], 1);
//用户
$userid = intval($add['userid']);
$ur = $empire->fetch1("select " . egetmf('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
if (empty($ur['userid'])) {
printerror("NotUsername", "", 1);
}
//发表者
$uid = (int) getcvar('mluserid');
if ($uid) {
$uname = RepPostVar(getcvar('mlusername'));
} else {
$uid = 0;
$uname = '';
}
$uname = RepPostStr($uname);
$name = RepPostStr($add['name']);
$company = RepPostStr($add['company']);
$phone = RepPostStr($add['phone']);
$fax = RepPostStr($add['fax']);
$email = RepPostStr($add['email']);
$address = RepPostStr($add['address']);
$zip = RepPostStr($add['zip']);
$title = RepPostStr($add['title']);
$ftext = RepPostStr($add['ftext']);
if (!trim($name) || !trim($title) || !trim($ftext)) {
printerror("EmptyMemberFeedback", "history.go(-1)", 1);
}
$addtime = date("Y-m-d H:i:s");
$ip = egetip();
$eipport = egetipport();
$sql = $empire->query("insert into {$dbtbpre}enewsmemberfeedback(name,company,phone,fax,email,address,zip,title,ftext,userid,ip,uid,uname,addtime,eipport) values('{$name}','{$company}','{$phone}','{$fax}','{$email}','{$address}','{$zip}','{$title}','{$ftext}',{$userid},'{$ip}',{$uid},'{$uname}','{$addtime}','{$eipport}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
printerror("AddMemberFeedbackSuccess", $_SERVER['HTTP_REFERER'], 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function EditInfoType($add, $userid, $username)
{
global $empire, $dbtbpre, $emod_r;
$tid = (int) $add['tid'];
$tbname = RepPostVar($add['tbname']);
$mid = (int) $add[mid];
$typeid = $add['typeid'];
$tname = $add['tname'];
$myorder = $add['myorder'];
$yhid = $add['yhid'];
$deltypeid = $add['deltypeid'];
$count = count($typeid);
if (!$tid || !$tbname || !$mid || !$count) {
printerror("EmptyInfoTypeName", "history.go(-1)");
}
//删除
$del = 0;
$ids = '';
$delcount = count($deltypeid);
if ($delcount) {
$dh = '';
for ($j = 0; $j < $delcount; $j++) {
$ids .= $dh . intval($deltypeid[$j]);
$dh = ',';
}
$empire->query("delete from {$dbtbpre}enewsinfotype where typeid in (" . $ids . ")");
if ($emod_r[$mid][tbname]) {
$empire->query("update {$dbtbpre}ecms_" . $emod_r[$mid][tbname] . " set ttid=0 where ttid in (" . $ids . ")");
}
$del = 1;
}
//修改
for ($i = 0; $i < $count; $i++) {
if (strstr(',' . $ids . ',', ',' . $typeid[$i] . ',')) {
continue;
}
$empire->query("update {$dbtbpre}enewsinfotype set tname='" . $tname[$i] . "',myorder='" . intval($myorder[$i]) . "',yhid='" . intval($yhid[$i]) . "' where typeid='" . intval($typeid[$i]) . "'");
}
GetClass();
//更新缓存
//操作日志
insert_dolog("mid=" . $mid . "&del={$del}");
printerror("EditInfoTypeSuccess", "InfoType.php?tid={$tid}&tbname={$tbname}&mid={$mid}");
}
function DelDoLog_date($add, $userid, $username)
{
global $empire, $dbtbpre;
//验证权限
CheckLevel($userid, $username, $classid, "log");
$start = RepPostVar($add['startday']);
$end = RepPostVar($add['endday']);
if (!$start || !$end) {
printerror('EmptyDelLogTime', '');
}
$startday = $start . ' 00:00:00';
$endday = $end . ' 23:59:59';
$sql = $empire->query("delete from {$dbtbpre}enewsdolog where logtime<='{$endday}' and logtime>='{$startday}'");
if ($sql) {
//操作日志
insert_dolog("time=" . $start . "~" . $end);
printerror("DelLogSuccess", "ListDolog.php" . hReturnEcmsHashStrHref2(1));
} else {
printerror("DbError", "history.go(-1)");
}
}
function AddMemberGbook($add)
{
global $empire, $dbtbpre;
//验证码
$keyvname = 'checkspacegbkey';
ecmsCheckShowKey($keyvname, $add['key'], 1);
//用户
$userid = intval($add['userid']);
$ur = $empire->fetch1("select " . eReturnSelectMemberF('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
if (empty($ur['userid'])) {
printerror("NotUsername", "", 1);
}
//发表者
$uid = (int) getcvar('mluserid');
if ($uid) {
$uname = RepPostVar(getcvar('mlusername'));
} else {
$uid = 0;
$uname = trim($add['uname']);
}
$uname = RepPostStr($uname);
$gbtext = RepPostStr($add['gbtext']);
if (empty($uname) || !trim($gbtext)) {
printerror("EmptyMemberGbook", "history.go(-1)", 1);
}
$isprivate = intval($add['isprivate']);
$addtime = date("Y-m-d H:i:s");
$ip = egetip();
$eipport = egetipport();
$sql = $empire->query("insert into {$dbtbpre}enewsmembergbook(userid,isprivate,uid,uname,ip,addtime,gbtext,retext,eipport) values({$userid},{$isprivate},{$uid},'{$uname}','{$ip}','{$addtime}','{$gbtext}','','{$eipport}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
printerror("AddMemberGbookSuccess", $_SERVER['HTTP_REFERER'], 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function AddMsg($add)
{
global $empire, $level_r, $dbtbpre;
$user = islogin();
$title = RepPostStr(trim($add['title']));
$to_username = RepPostVar(trim($add['to_username']));
$msgtext = RepPostStr($add['msgtext']);
if (empty($title) || !trim($msgtext) || empty($to_username)) {
printerror("EmptyMsg", "", 1);
}
if ($user['username'] == $to_username) {
printerror("MsgToself", "", 1);
}
//字数
$len = strlen($msgtext);
if ($len > $level_r[$user[groupid]][msglen]) {
printerror("MoreMsglen", "", 1);
}
//接收方是否存在
$r = $empire->fetch1("select " . eReturnSelectMemberF('userid,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$to_username}' limit 1");
if (!$r['userid']) {
printerror("MsgNotToUsername", "", 1);
}
//对方短消息是否满
$mnum = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsqmsg where to_username='******'");
if ($mnum + 1 > $level_r[$r[groupid]][msgnum]) {
printerror("UserMoreMsgnum", "", 1);
}
$msgtime = date("Y-m-d H:i:s");
$sql = $empire->query("insert into {$dbtbpre}enewsqmsg(title,msgtext,haveread,msgtime,to_username,from_userid,from_username,isadmin,issys) values('" . addslashes($title) . "','" . addslashes($msgtext) . "',0,'{$msgtime}','{$to_username}','{$user['userid']}','{$user['username']}',0,0);");
$newhavemsg = eReturnSetHavemsg($user['havemsg'], 0);
$usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('havemsg') . "='{$newhavemsg}' where " . egetmf('username') . "='{$to_username}' limit 1");
if ($sql) {
printerror("AddMsgSuccess", "../member/msg/", 1);
} else {
printerror("DbError", "", 1);
}
}
function CardGetFen($username, $reusername, $card_no, $password)
{
global $empire, $dbtbpre;
$card_no = RepPostVar($card_no);
$password = RepPostVar($password);
$username = RepPostVar($username);
if (!trim($username) || !trim($card_no) || !trim($password)) {
printerror("EmptyGetCard", "history.go(-1)", 1);
}
if ($username != $reusername) {
printerror("DifCardUsername", "history.go(-1)", 1);
}
$user = $empire->fetch1("select " . eReturnSelectMemberF('userid,userdate,username') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if (!$user['userid']) {
printerror("ExiestCardUsername", "history.go(-1)", 1);
}
$num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewscard where card_no='" . $card_no . "' and password='******' limit 1");
if (!$num) {
printerror("CardPassError", "history.go(-1)", 1);
}
//是否过期
$buytime = date("Y-m-d H:i:s");
$r = $empire->fetch1("select cardfen,money,endtime,carddate,cdgroupid,cdzgroupid from {$dbtbpre}enewscard where card_no='{$card_no}' limit 1");
if ($r[endtime] != "0000-00-00") {
$endtime = to_date($r[endtime]);
if ($endtime < time()) {
printerror("CardOutDate", "history.go(-1)", 1);
}
}
//充值
eAddFenToUser($r[cardfen], $r[carddate], $r[cdgroupid], $r[cdzgroupid], $user);
$sql1 = $empire->query("delete from {$dbtbpre}enewscard where card_no='{$card_no}'");
//删除卡号
//备份购买记录
BakBuy($user['userid'], $username, $card_no, $r[cardfen], $r[money], $r[carddate], 0);
printerror("CardGetFenSuccess", "../member/card/", 1);
}
document.images.<?php
echo $menuname;
?>
img.src="<?php
echo $noaddimgurl;
?>
";
</script>
<?php
}
//网页标题
$thispagetitle = $public_diyr['pagetitle'] ? $public_diyr['pagetitle'] : '会员中心';
//会员信息
$tmgetuserid = (int) getcvar('mluserid');
//用户ID
$tmgetusername = RepPostVar(getcvar('mlusername'));
//用户名
$tmgetgroupid = (int) getcvar('mlgroupid');
//用户组ID
$tmgetgroupname = '游客';
//会员组名称
if ($tmgetgroupid) {
$tmgetgroupname = $level_r[$tmgetgroupid]['groupname'];
if (!$tmgetgroupname) {
include_once ECMS_PATH . DASHBOARD . '/data/dbcache/MemberLevel.php';
$tmgetgroupname = $level_r[$tmgetgroupid]['groupname'];
}
}
//模型
$tgetmid = (int) $_GET['mid'];
?>
function MemberConnect_BindUser($userid)
{
global $empire, $dbtbpre, $public_r;
$apptype = RepPostVar($_SESSION['apptype']);
$openid = RepPostVar($_SESSION['openid']);
if (!trim($apptype) || !trim($openid)) {
printerror2('来自的链接不存在', '../../../');
}
$appr = MemberConnect_CheckApptype($apptype);
//验证登录方式
MemberConnect_CheckBindKey($apptype, $openid);
MemberConnect_InsertBind($apptype, $openid, $userid);
MemberConnect_ResetVar();
}
function Ebak_ReplaceTable($tablename, $oldpre, $newpre, $dbname)
{
global $empire;
if (!$oldpre) {
printerror("EmptyReplaceTablePre", "history.go(-1)");
}
$dbname = RepPostVar($dbname);
$empire->query("use `{$dbname}`");
$count = count($tablename);
if (empty($count)) {
printerror("EmptyChangeTb", "history.go(-1)");
}
for ($i = 0; $i < $count; $i++) {
$newtbname = str_replace($oldpre, $newpre, $tablename[$i]);
$empire->query("ALTER TABLE `" . $tablename[$i] . "` RENAME `" . $newtbname . "`;");
}
printerror("ReplaceTbSuccess", "ChangeTable.php?mydbname={$dbname}");
}
function login1($username, $password, $lifetime, $key, $location)
{
global $empire, $user_tablename, $user_userid, $user_username, $user_password, $user_dopass, $user_group, $user_groupid, $user_rnd, $public_r, $user_salt, $user_saltnum, $dbtbpre, $eloginurl, $user_checked;
if ($eloginurl) {
Header("Location:{$eloginurl}");
exit;
}
$dopr = 1;
if ($_POST['prtype']) {
$dopr = 9;
}
if (!trim($username) || !trim($password)) {
printerror("EmptyLogin", "history.go(-1)", $dopr);
}
//验证码
$keyvname = 'checkloginkey';
if ($public_r['loginkey_ok']) {
ecmsCheckShowKey($keyvname, $key, $dopr);
}
$username = RepPostVar($username);
$password = RepPostVar($password);
//编码转换
$utfusername = doUtfAndGbk($username, 0);
$password = doUtfAndGbk($password, 0);
//密码
if (empty($user_dopass)) {
$password = md5($password);
}
if ($user_dopass == 3) {
$password = substr(md5($password), 8, 16);
}
//双重md5
$num = 0;
if ($user_dopass == 2) {
$ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
$password = md5(md5($password) . $ur[$user_salt]);
$num = 0;
if ($password == $ur[$user_password]) {
$num = 1;
}
if (empty($ur[$user_userid])) {
$num = 0;
}
} else {
$num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='" . $password . "' limit 1");
}
if (!$num) {
printerror("FailPassword", "history.go(-1)", $dopr);
}
$r = $empire->fetch1("select * from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
if ($r[$user_checked] == 0) {
if ($public_r['regacttype'] == 1) {
printerror('NotCheckedUser', '../member/register/regsend.php', 1);
} else {
printerror('NotCheckedUser', '', 1);
}
}
$time = date("Y-m-d H:i:s");
$rnd = make_password(12);
//取得随机密码
//默认会员组
if (empty($r[$user_group])) {
$r[$user_group] = $user_groupid;
}
$r[$user_group] = (int) $r[$user_group];
$usql = $empire->query("update " . $user_tablename . " set " . $user_rnd . "='{$rnd}'," . $user_group . "=" . $r[$user_group] . " where " . $user_userid . "='{$r[$user_userid]}'");
//设置cookie
$logincookie = 0;
if ($lifetime) {
$logincookie = time() + $lifetime;
}
$set1 = esetcookie("mlusername", $username, $logincookie);
$set2 = esetcookie("mluserid", $r[$user_userid], $logincookie);
$set3 = esetcookie("mlgroupid", $r[$user_group], $logincookie);
$set4 = esetcookie("mlrnd", $rnd, $logincookie);
//登录附加cookie
AddLoginCookie($r);
$location = "../member/cp/";
$returnurl = getcvar('returnurl');
if ($returnurl) {
$location = $returnurl;
}
if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) {
$location = "../member/iframe/";
}
if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) {
$location = "../member/cp/";
$_POST['ecmsfrom'] = '';
}
ecmsEmptyShowKey($keyvname);
//清空验证码
$set6 = esetcookie("returnurl", "");
if ($set1 && $set2) {
$location = DoingReturnUrl($location, $_POST['ecmsfrom']);
printerror("LoginSuccess", $location, $dopr);
} else {
printerror("NotCookie", "history.go(-1)", $dopr);
}
}
function DelMoreGbook($add, $logininid, $loginin)
{
global $empire, $dbtbpre;
CheckLevel($logininid, $loginin, $classid, "gbook");
//验证权限
//变量处理
$name = RepPostStr($add['name']);
$ip = RepPostVar($add['ip']);
$email = RepPostStr($add['email']);
$mycall = RepPostStr($add['mycall']);
$lytext = RepPostStr($add['lytext']);
$startlyid = (int) $add['startlyid'];
$endlyid = (int) $add['endlyid'];
$startlytime = RepPostVar($add['startlytime']);
$endlytime = RepPostVar($add['endlytime']);
$checked = (int) $add['checked'];
$ismember = (int) $add['ismember'];
$bid = (int) $add['bid'];
$havere = (int) $add['havere'];
$where = '';
//留言分类
if ($bid) {
$where .= " and bid='{$bid}'";
}
//是否会员
if ($ismember) {
if ($ismember == 1) {
$where .= " and userid=0";
} else {
$where .= " and userid>0";
}
}
//留言ID
if ($endlyid) {
$where .= ' and lyid BETWEEN ' . $startlyid . ' and ' . $endlyid;
}
//发布时间
if ($startlytime && $endlytime) {
$where .= " and lytime>='{$startlytime}' and lytime<='{$endlytime}'";
}
//是否审核
if ($checked) {
$checkval = $checked == 1 ? 0 : 1;
$where .= " and checked='{$checkval}'";
}
//是否回复
if ($havere) {
if ($havere == 1) {
$where .= " and retext<>''";
} else {
$where .= " and retext=''";
}
}
//姓名
if ($name) {
$where .= " and name like '%{$name}%'";
}
//发布IP
if ($ip) {
$where .= " and ip like '%{$ip}%'";
}
//邮箱
if ($email) {
$where .= " and email like '%{$email}%'";
}
//电话
if ($mycall) {
$where .= " and `mycall` like '%{$mycall}%'";
}
//留言内容
if ($lytext) {
$where .= " and lytext like '%{$lytext}%'";
}
if (!$where) {
printerror("EmptyDelMoreGbook", "history.go(-1)");
}
$where = substr($where, 5);
$sql = $empire->query("delete from {$dbtbpre}enewsgbook where " . $where);
insert_dolog("");
//操作日志
printerror("DelGbookSuccess", "DelMoreGbook.php" . hReturnEcmsHashStrHref2(1));
}
function ReturnSearchAllSql($add)
{
global $public_r, $class_r;
//关闭
if (empty($public_r['openschall'])) {
printerror("SchallClose", '', 1);
}
//关键字
$keyboard = RepPostVar2($add['keyboard']);
if (!trim($keyboard)) {
printerror('EmptySchallKeyboard', '', 1);
}
$strlen = strlen($keyboard);
if ($strlen < $public_r['schallminlen'] || $strlen > $public_r['schallmaxlen']) {
printerror('SchallMinKeyboard', '', 1);
}
$returnr['keyboard'] = ehtmlspecialchars($keyboard);
$returnr['search'] = "&keyboard=" . $keyboard;
//字段
$field = (int) $add['field'];
if ($field) {
$returnr['search'] .= "&field=" . $field;
}
if ($field == 1) {
if ($public_r['schallfield'] != 1) {
printerror('SchallNotOpenTitleText', '', 1);
}
$sf = "title,infotext";
} elseif ($field == 2) {
if ($public_r['schallfield'] == 3) {
printerror('SchallNotOpenTitle', '', 1);
}
$sf = "title";
} elseif ($field == 3) {
if ($public_r['schallfield'] == 2) {
printerror('SchallNotOpenText', '', 1);
}
$sf = "infotext";
} else {
$sf = ReturnSearchAllField(0);
}
$where = '';
//栏目
$classid = RepPostVar($add['classid']);
if ($classid) {
$returnr['search'] .= "&classid=" . $classid;
if (strstr($classid, ",")) {
$son_r = sys_ReturnMoreClass($classid, 1);
$where .= '(' . $son_r[1] . ') and ';
} else {
$classid = (int) $classid;
$where .= $class_r[$classid][islast] ? "classid='{$classid}' and " : ReturnClass($class_r[$classid][sonclass]) . ' and ';
}
}
//关键字
if (strstr($keyboard, ' ')) {
$andkey = '';
$keyr = explode(' ', $keyboard);
$kcount = count($keyr);
for ($i = 0; $i < $kcount; $i++) {
if (strlen($keyr[$i]) < $public_r['schallminlen']) {
continue;
}
$kb = SearchAllChangeChar($keyr[$i]);
//转码
$kb = SearchReturnSaveStr($kb);
$kb = RepPostVar2($kb);
if (!trim($kb)) {
continue;
}
$where .= $andkey . "MATCH(" . $sf . ") AGAINST('" . $kb . "' IN BOOLEAN MODE)";
$andkey = ' and ';
}
if (empty($where)) {
printerror('SchallMinKeyboard', '', 1);
}
} else {
$keyboard = SearchAllChangeChar($keyboard);
//转码
$keyboard = SearchReturnSaveStr($keyboard);
$keyboard = RepPostVar2($keyboard);
if (!trim($keyboard)) {
printerror('EmptySchallKeyboard', '', 1);
}
$where .= "MATCH(" . $sf . ") AGAINST('" . $keyboard . "' IN BOOLEAN MODE)";
}
$returnr['where'] = $where;
return $returnr;
}
function AddDd($add)
{
global $empire, $user_tablename, $user_money, $user_userid, $user_userfen, $user_rnd, $public_r, $dbtbpre;
//验证权限
ShopCheckAddDdGroup();
//购物车无内容
if (!getcvar('mybuycar')) {
printerror("EmptyBuycar", "history.go(-1)", 1);
}
$add[ddno] = RepPostVar($add[ddno]);
$add[truename] = RepPostStr($add[truename]);
$add[oicq] = RepPostStr($add[oicq]);
$add[msn] = RepPostStr($add[msn]);
$add[call] = RepPostStr($add[call]);
$add[phone] = RepPostStr($add[phone]);
$add[email] = RepPostStr($add[email]);
$add[address] = RepPostStr($add[address]);
$add[zip] = RepPostStr($add[zip]);
$add[bz] = RepPostStr($add[bz]);
$add[g_truename] = RepPostStr($add[g_truename]);
$add[g_oicq] = RepPostStr($add[g_oicq]);
$add[g_msn] = RepPostStr($add[g_msn]);
$add[g_call] = RepPostStr($add[g_call]);
$add[g_phone] = RepPostStr($add[g_phone]);
$add[g_email] = RepPostStr($add[g_email]);
$add[g_address] = RepPostStr($add[g_address]);
$add[g_zip] = RepPostStr($add[g_zip]);
$add[fptt] = RepPostStr($add[fptt]);
$add[fp] = (int) $add[fp];
$add[psid] = (int) $add[psid];
$add[payfsid] = (int) $add[payfsid];
if (!$add[truename] || !$add[call] || !$add[email] || !$add[address] || !$add[g_truename] || !$add[g_call] || !$add[g_address] || !$add[g_email] || !$add[psid] || !$add[payfsid]) {
printerror("MustEnterSelect", "history.go(-1)", 1);
}
$mess = "AddDdSuccess";
$haveprice = 0;
$payby = 0;
//返回购物车存放格式
$buyr = ReturnBuycardd();
$alltotal = $buyr[2];
$alltotalfen = $buyr[1];
$buycar = $buyr[3];
//发票
$fptotal = 0;
if ($add[fp]) {
$fptotal = $alltotal * ($public_r[fpnum] / 100);
}
//配送方式
$pr = $empire->fetch1("select pid,pname,price from {$dbtbpre}enewsshopps where pid='{$add['psid']}'");
if (empty($pr[pid])) {
printerror("NotPsid", "history.go(-1)", 1);
}
//支付方式
$payr = $empire->fetch1("select payid,payname,payurl,userpay,userfen from {$dbtbpre}enewsshoppayfs where payid='{$add['payfsid']}'");
if (empty($payr[payid])) {
printerror("NotPayfsid", "history.go(-1)", 1);
}
//取得用户信息
$userid = (int) getcvar('mluserid');
$username = RepPostVar(getcvar('mlusername'));
if ($userid) {
$rnd = RepPostVar(getcvar('mlrnd'));
$user = $empire->fetch1("select " . $user_userid . "," . $user_money . "," . $user_userfen . " from " . $user_tablename . " where " . $user_userid . "='{$userid}' and " . $user_rnd . "='{$rnd}' limit 1");
if (!$user[$user_userid]) {
printerror("MustSingleUser", "history.go(-1)", 1);
}
}
$location = "../ShopSys/buycar/";
//直接扣点
if ($payr[userfen]) {
if ($buyr[0]) {
printerror("NotProductForBuyfen", "history.go(-1)", 1);
} else {
if ($userid) {
$buyallfen = $alltotalfen + $pr[price];
if ($buyallfen > $user[$user_userfen]) {
printerror("NotEnoughFenBuy", "history.go(-1)", 1);
}
//扣除点数
$usql = $empire->query("update " . $user_tablename . " set " . $user_userfen . "=" . $user_userfen . "-" . $buyallfen . " where " . $user_userid . "='{$userid}'");
if ($usql) {
$mess = "AddDdSuccessa";
$payby = 1;
$haveprice = 1;
}
} else {
printerror("NotLoginTobuy", "history.go(-1)", 1);
}
}
} elseif ($payr[userpay]) {
if ($userid) {
$buyallmoney = $alltotal + $pr[price] + $fptotal;
if ($buyallmoney > $user[$user_money]) {
printerror("NotEnoughMoneyBuy", "history.go(-1)", 1);
}
//扣除金额
$usql = $empire->query("update " . $user_tablename . " set " . $user_money . "=" . $user_money . "-" . $buyallmoney . " where " . $user_userid . "='{$userid}'");
if ($usql) {
$mess = "AddDdSuccessa";
$payby = 2;
$haveprice = 1;
}
} else {
printerror("NotLoginTobuy", "history.go(-1)", 1);
}
} elseif ($payr[payurl]) {
$mess = "AddDdAndToPaySuccess";
$location = $payr[payurl];
} else {
}
$ddtime = date("Y-m-d H:i:s");
$pr[price] = (double) $pr[price];
$alltotal = (double) $alltotal;
$alltotalfen = (double) $alltotalfen;
$fptotal = (double) $fptotal;
$sql = $empire->query("insert into {$dbtbpre}enewsshopdd(ddno,ddtime,userid,username,outproduct,haveprice,checked,truename,oicq,msn,email,`call`,phone,address,zip,bz,g_truename,g_oicq,g_msn,g_email,g_call,g_phone,g_address,g_zip,buycar,psid,psname,pstotal,alltotal,payfsid,payfsname,payby,alltotalfen,fp,fptt,fptotal) values('{$add['ddno']}','{$ddtime}',{$userid},'{$username}',0,'{$haveprice}',0,'{$add['truename']}','{$add['oicq']}','{$add['msn']}','{$add['email']}','{$add['call']}','{$add['phone']}','{$add['address']}','{$add['zip']}','{$add['bz']}','{$add['g_truename']}','{$add['g_oicq']}','{$add['g_msn']}','{$add['g_email']}','{$add['g_call']}','{$add['g_phone']}','{$add['g_address']}','{$add['g_zip']}','" . addslashes($buycar) . "','{$add['psid']}','{$pr['pname']}',{$pr['price']},{$alltotal},'{$add['payfsid']}','{$payr['payname']}','{$payby}',{$alltotalfen},{$add['fp']},'{$add['fptt']}',{$fptotal});");
if ($sql) {
$ddid = $empire->lastid();
$set = esetcookie("paymoneyddid", $ddid, 0);
SetBuycar("");
printerror($mess, $location, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
/**
* 获取传递的参数
* @param string $method 接口方法名
*/
function getParaArr($method, $isCheck = false)
{
$paraArr = array();
$paraConf = __loadConfig('config_interface_parame');
$paraKeyArr = $paraConf[$method];
sort($paraKeyArr);
foreach ($paraKeyArr as &$value) {
$paraArr[$value] = requestContext($value);
}
if ($isCheck) {
//获取公用参数
$sig = isset($_GET['sig']) && RepPostVar($_GET['sig']) ? RepPostVar($_GET['sig']) : '';
//校验,先对数组转为字符串,然后加上密钥,再与传递过来的Sig比对
$verifyStr = arrToStr($paraArr, '') . 'secret=' . SECRET;
if ($sig != md5($verifyStr)) {
return 0;
} else {
return $paraArr;
}
} else {
return $paraArr;
}
}
function AddFeedback($add)
{
global $empire, $dbtbpre, $level_r, $public_r;
CheckCanPostUrl();
//验证来源
if ($add['bid']) {
$bid = (int) $add['bid'];
} else {
$bid = (int) getcvar('feedbackbid');
}
if (empty($bid)) {
printerror("EmptyFeedbackname", "history.go(-1)", 1);
}
//验证码
$keyvname = 'checkfeedbackkey';
if ($public_r['fbkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
//版面是否存在
$br = $empire->fetch1("select bid,enter,mustenter,filef,groupid,checkboxf from {$dbtbpre}enewsfeedbackclass where bid='{$bid}';");
if (empty($br['bid'])) {
printerror("EmptyFeedback", "history.go(-1)", 1);
}
//权限
if ($br['groupid']) {
$user = islogin();
if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
printerror("HaveNotEnLevel", "history.go(-1)", 1);
}
}
$pr = $empire->fetch1("select feedbacktfile,feedbackfilesize,feedbackfiletype from {$dbtbpre}enewspublic limit 1");
//必填项
$mustr = explode(",", $br['mustenter']);
$count = count($mustr);
for ($i = 1; $i < $count - 1; $i++) {
$mf = $mustr[$i];
if (strstr($br['filef'], "," . $mf . ",")) {
if (!$pr['feedbacktfile']) {
printerror("NotOpenFBFile", "", 1);
}
if (!$_FILES[$mf]['name']) {
printerror("EmptyFeedbackname", "", 1);
}
} else {
$chmustval = ReturnFBCheckboxAddF($add[$mf], $mf, $br['checkboxf']);
if (!trim($chmustval)) {
printerror("EmptyFeedbackname", "", 1);
}
}
}
$saytime = date("Y-m-d H:i:s");
//字段处理
$dh = "";
$tranf = "";
$record = "<!--record-->";
$field = "<!--field--->";
$er = explode($record, $br['enter']);
$count = count($er);
for ($i = 0; $i < $count - 1; $i++) {
$er1 = explode($field, $er[$i]);
$f = $er1[1];
//附件
$add[$f] = str_replace('[!#@-', 'ecms', $add[$f]);
if (strstr($br['filef'], "," . $f . ",")) {
if ($_FILES[$f]['name']) {
if (!$pr['feedbacktfile']) {
printerror("NotOpenFBFile", "", 1);
}
$filetype = GetFiletype($_FILES[$f]['name']);
//取得文件类型
if (CheckSaveTranFiletype($filetype)) {
printerror("NotQTranFiletype", "", 1);
}
if (!strstr($pr['feedbackfiletype'], "|" . $filetype . "|")) {
printerror("NotQTranFiletype", "", 1);
}
if ($_FILES[$f]['size'] > $pr['feedbackfilesize'] * 1024) {
printerror("TooBigQTranFile", "", 1);
}
$tranf .= $dh . $f;
$dh = ",";
$fval = "[!#@-" . $f . "-@!]";
} else {
$fval = "";
}
} else {
$add[$f] = ReturnFBCheckboxAddF($add[$f], $f, $br['checkboxf']);
$fval = $add[$f];
}
$addf .= ",`" . $f . "`";
$addval .= ",'" . addslashes(RepPostStr($fval)) . "'";
}
$type = 0;
$classid = 0;
$filename = '';
$filepath = '';
$userid = (int) getcvar('mluserid');
$username = RepPostVar(getcvar('mlusername'));
$filepass = ReturnTranFilepass();
//上传附件
if ($tranf) {
$dh = "";
$tranr = explode(",", $tranf);
$count = count($tranr);
for ($i = 0; $i < $count; $i++) {
$tf = $tranr[$i];
$tfr = DoTranFile($_FILES[$tf]['tmp_name'], $_FILES[$tf]['name'], $_FILES[$tf]['type'], $_FILES[$tf]['size'], $classid);
if ($tfr['tran']) {
$filepath = $tfr[filepath];
//写入数据库
$filetime = $saytime;
$filesize = (int) $_FILES[$tf]['size'];
eInsertFileTable($tfr[filename], $filesize, $tfr[filepath], '[Member]' . $username, $classid, '[FB]' . addslashes(RepPostStr($add[title])), $type, $filepass, $filepass, $public_r[fpath], 0, 4, 0);
$repfval = ($tfr[filepath] ? $tfr[filepath] . '/' : '') . $tfr[filename];
$filename .= $dh . $tfr[filename];
$dh = ",";
} else {
$repfval = "";
}
$addval = str_replace("[!#@-" . $tf . "-@!]", $repfval, $addval);
}
}
$ip = egetip();
$eipport = egetipport();
$sql = $empire->query("insert into {$dbtbpre}enewsfeedback(bid,saytime,ip,filepath,filename,userid,username,haveread,eipport" . $addf . ") values('{$bid}','{$saytime}','{$ip}','{$filepath}','{$filename}','{$userid}','{$username}',0,'{$eipport}'" . $addval . ");");
$fid = $empire->lastid();
//更新附件
UpdateTheFileOther(4, $fid, $filepass, 'other');
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
$reurl = DoingReturnUrl("../tool/feedback/?bid={$bid}", $add['ecmsfrom']);
printerror("AddFeedbackSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function DelMorePl($add, $logininid, $loginin)
{
global $empire, $dbtbpre, $class_r;
CheckLevel($logininid, $loginin, $classid, "pl");
//验证权限
//变量处理
$username = RepPostVar($add['username']);
$sayip = RepPostVar($add['sayip']);
$startplid = (int) $add['startplid'];
$endplid = (int) $add['endplid'];
$startsaytime = RepPostVar($add['startsaytime']);
$endsaytime = RepPostVar($add['endsaytime']);
$checked = (int) $add['checked'];
$ismember = (int) $add['ismember'];
$classid = (int) $add['classid'];
$id = RepPostVar($add['id']);
$where = '';
//栏目
if ($classid) {
if (empty($class_r[$classid][islast])) {
$cwhere = ReturnClass($class_r[$classid][sonclass]);
} else {
$cwhere = "classid='{$classid}'";
}
$where .= " and " . $cwhere;
}
//信息ID
if ($id) {
$idr = explode(',', $id);
$ids = '';
$dh = '';
$count = count($idr);
for ($i = 0; $i < $count; $i++) {
$ids .= $dh . intval($idr[$i]);
$dh = ',';
}
$where .= " and id in (" . $ids . ")";
}
//是否会员
if ($ismember) {
if ($ismember == 1) {
$where .= " and userid=0";
} else {
$where .= " and userid>0";
}
}
//发布者
if ($username) {
$where .= " and username like '%{$username}%'";
}
//发布IP
if ($sayip) {
$where .= " and sayip like '%{$sayip}%'";
}
//评论ID
if ($endplid) {
$where .= ' and plid BETWEEN ' . $startplid . ' and ' . $endplid;
}
//发布时间
if ($startsaytime && $endsaytime) {
$where .= " and saytime>='{$startsaytime}' and saytime<='{$endsaytime}'";
}
//是否审核
if ($checked) {
$checkval = $checked == 1 ? 0 : 1;
$where .= " and checked='{$checkval}'";
}
if (!$where) {
printerror("EmptyDelMorePl", "history.go(-1)");
}
$where = substr($where, 5);
$sql = $empire->query("select plid,id,classid,stb from {$dbtbpre}enewspl where " . $where);
$dh = '';
$b = 0;
while ($r = $empire->fetch($sql)) {
$b = 1;
$startid = $r['plid'];
if ($class_r[$r[classid]][tbname]) {
$empire->query("update {$dbtbpre}ecms_" . $class_r[$r[classid]][tbname] . " set plnum=plnum-1 where id='{$r['id']}'");
}
$empire->query("delete from {$dbtbpre}enewspl_data_" . $r[stb] . " where plid='{$r['plid']}'");
}
$sql = $empire->query("delete from {$dbtbpre}enewspl where " . $where);
insert_dolog("");
//操作日志
printerror("DelPlSuccess", "DelMorePl.php");
}
function Ebak_DoEbak($add){
global $empire,$bakpath,$fun_r,$phome_db_ver;
$dbname=RepPostVar($add['mydbname']);
if(empty($dbname))
{
printerror("NotChangeDb","history.go(-1)");
}
$tablename=$add['tablename'];
$count=count($tablename);
if(empty($count))
{
printerror("EmptyChangeTb","history.go(-1)");
}
$add['baktype']=(int)$add['baktype'];
$add['filesize']=(int)$add['filesize'];
$add['bakline']=(int)$add['bakline'];
$add['autoauf']=(int)$add['autoauf'];
if((!$add['filesize']&&!$add['baktype'])||(!$add['bakline']&&$add['baktype']))
{
printerror("EmptyBakFilesize","history.go(-1)");
}
//目录名
if(empty($add['mypath']))
{
$add['mypath']=$dbname."_".date("YmdHis");
}
DoMkdir($bakpath."/".$add['mypath']);
//生成说明文件
$readme=$add['readme'];
$rfile=$bakpath."/".$add['mypath']."/readme.txt";
$readme.="\r\n\r\nBaktime: ".date("Y-m-d H:i:s");
WriteFiletext_n($rfile,$readme);
$b_table="";
$d_table="";
for($i=0;$i<$count;$i++)
{
$b_table.=$tablename[$i].",";
$d_table.="\$tb[".$tablename[$i]."]=0;\r\n";
}
//去掉最后一个,
$b_table=substr($b_table,0,strlen($b_table)-1);
$bakstru=(int)$add['bakstru'];
$bakstrufour=(int)$add['bakstrufour'];
$beover=(int)$add['beover'];
$waitbaktime=(int)$add['waitbaktime'];
$bakdatatype=(int)$add['bakdatatype'];
if($add['insertf']=='insert')
{
$insertf='insert';
}
else
{
$insertf='replace';
}
if($phome_db_ver=='4.0'&&$add['dbchar']=='auto')
{
$add['dbchar']='';
}
$string="<?php
\$b_table=\"".$b_table."\";
".$d_table."
\$b_baktype=".$add['baktype'].";
\$b_filesize=".$add['filesize'].";
\$b_bakline=".$add['bakline'].";
\$b_autoauf=".$add['autoauf'].";
\$b_dbname=\"".$dbname."\";
\$b_stru=".$bakstru.";
\$b_strufour=".$bakstrufour.";
\$b_dbchar=\"".addslashes($add['dbchar'])."\";
\$b_beover=".$beover.";
\$b_insertf=\"".addslashes($insertf)."\";
\$b_autofield=\",".addslashes($add['autofield']).",\";
\$b_bakdatatype=".$bakdatatype.";
?>";
$cfile=$bakpath."/".$add['mypath']."/config.php";
WriteFiletext_n($cfile,$string);
if($add['baktype'])
{
$phome='BakExeT';
}
else
{
$phome='BakExe';
}
echo $fun_r['StartToBak']."<script>self.location.href='phomebak.php?phome=$phome&t=0&s=0&p=0&mypath=$add[mypath]&waitbaktime=$waitbaktime';</script>";
exit();
}
}
//导入设置
$loadfile = RepPostVar($_GET['savefilename']);
if (strstr($loadfile, '.') || strstr($loadfile, '/') || strstr($loadfile, "\\")) {
$loadfile = '';
}
if (empty($loadfile)) {
$loadfile = 'def';
}
$loadfile = 'setsave/' . $loadfile;
@(include $loadfile);
if ($dmypath) {
$mypath = $dmypath;
}
//查询
$keyboard = RepPostVar($_GET['keyboard']);
if (empty($keyboard)) {
$keyboard = $dkeyboard;
if (empty($keyboard)) {
$keyboard = $baktbpre;
}
}
$and = "";
if ($keyboard) {
$and = " LIKE '%{$keyboard}%'";
}
$sql = $empire->query("SHOW TABLE STATUS" . $and);
include "lang/dbchar.php";
require LoadAdminTemp('eChangeTable.php');
db_close();
$empire = null;
}
$pageclassid = $trueclassid;
$GLOBALS['navclassid'] = $trueclassid;
}
if (empty($class_r[$trueclassid][tbname])) {
printerror('ErrorUrl', '', 1);
}
$search .= '&classid=' . $classid;
}
//时间
if ($_GET['endtime']) {
$starttime = RepPostVar($_GET['starttime']);
if (empty($starttime)) {
$starttime = '0000-00-00';
}
$endtime = RepPostVar($_GET['endtime']);
if (empty($endtime)) {
$endtime = '0000-00-00';
}
if ($endtime != '0000-00-00') {
$add .= " and (newstime BETWEEN '" . to_time($starttime . " 00:00:00") . "' and '" . to_time($endtime . " 23:59:59") . "')";
$search .= '&starttime=' . $starttime . '&endtime=' . $endtime;
}
}
//每页显示记录数
$line = (int) $_GET['line'];
if ($line < 1 || $line > 80) {
$line = intval($public_r['tagslistnum']);
}
if (empty($line)) {
printerror('ErrorUrl', '', 1);
<?php
require "../class/connect.php";
require "../class/db_sql.php";
require "../class/q_functions.php";
require "../data/dbcache/class.php";
require LoadLang("pub/fun.php");
$link = db_connect();
$empire = new mysqlquery();
eCheckCloseMods('pl');
//关闭模块
//用户名
$lusername = getcvar('mlusername');
$lpassword = '';
if ($lusername) {
$lusername = RepPostVar($lusername);
$lpassword = md5($lusername);
}
$id = (int) $_GET['id'];
$classid = (int) $_GET['classid'];
//专题
$doaction = $_GET['doaction'] == 'dozt' ? 'dozt' : '';
$rewritedoaction = 'doinfo';
if ($doaction == 'dozt') {
$rewritedoaction = 'dozt';
if (empty($classid)) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
$n_r = $empire->fetch1("select ztid,ztname,intro,ztimg,ztpagekey,restb from {$dbtbpre}enewszt where ztid='{$classid}'");
if (!$n_r['ztid']) {
printerror("ErrorUrl", "history.go(-1)", 1);
$empire = new mysqlquery();
$editor = 1;
//验证用户
$lur = is_login();
$logininid = $lur['userid'];
$loginin = $lur['username'];
$loginrnd = $lur['rnd'];
$loginlevel = $lur['groupid'];
$loginadminstyleid = $lur['adminstyleid'];
//ehash
$ecms_hashur = hReturnEcmsHashStrAll();
//验证权限
CheckLevel($logininid, $loginin, $classid, "f");
$fid = (int) $_GET['fid'];
$tid = (int) $_GET['tid'];
$tbname = RepPostVar($_GET['tbname']);
if (!$fid || !$tid || !$tbname) {
printerror("ErrorUrl", "history.go(-1)");
}
$fr = $empire->fetch1("select fid,f,fname,isadd,tid,tbname,tbdataf from {$dbtbpre}enewsf where fid='{$fid}'");
if (!$fr[fid]) {
printerror("ErrorUrl", "history.go(-1)");
}
if (empty($fr[isadd])) {
printerror("NotIsAdd", "history.go(-1)");
}
$tid = $fr[tid];
$tbname = $fr[tbname];
if ($fr[tbdataf]) {
$doing = '字段转移到主表';
} else {
