function ModulePage()
{
if ($this->ADMIN_ONLY && !adminAuthenticate('check')) {
// 只容許管理員生成靜態庫存頁面
echo 'Access Denied.';
return;
}
$res = isset($_GET['res']) ? $_GET['res'] : 0;
// 欲生成靜態庫存頁面之討論串編號
if (!$res || !$this->MULTI_COPY && glob($this->ARCHIVE_ROOT . $res . '-*.xml')) {
echo 'No argument or the archive already existed.';
// 參數不對或XML檔案已存在
} else {
$this->GenerateArchive($res);
// 生成靜態庫存頁面
echo 'FINISH.';
}
}
function ModulePage()
{
global $PMS;
if (!adminAuthenticate('check')) {
die('[Error] Access Denied.');
}
// 進行新增、刪除等動作
if (isset($_POST['operate'])) {
$op = $_POST['operate'];
// 新增資料
$ndata = isset($_POST['newdata']) ? get_magic_quotes_gpc() ? stripslashes($_POST['newdata']) : $_POST['newdata'] : '';
// 資料內容
$nperiod = isset($_POST['newperiod']) ? intval($_POST['newperiod']) : 0;
// 封鎖天數
$ndesc = isset($_POST['newdesc']) ? CleanStr($_POST['newdesc']) : '';
// 註解
if ($ndata && ($op == 'badstr' || $op == 'badua') && ($nperiod || isset($_POST['plaintext']))) {
$ndata = preg_quote($ndata, '`');
}
// plain text, not regex
// 刪除資料
$del = isset($_POST['del']) ? $_POST['del'] : null;
$newline = '';
$ismodified = $op != 'imghash' && ($ndata != '' || $del != null);
// 是否需要修改檔案內容
if ($ismodified) {
switch ($op) {
case 'ip':
$file = $this->ipfile;
if ($ndata != '') {
$newline = $ndata . "\t" . $ndesc . "\t" . time() . "\t" . $nperiod . "\n";
}
break;
case 'img':
$file = $this->imgfile;
if ($ndata != '') {
$newline = $ndata . "\t" . $ndesc . "\n";
}
break;
case 'badstr':
$file = $this->badstrfile;
if ($ndata != '') {
$newline = $ndata . "\t" . $ndesc . "\n";
}
break;
case 'badua':
$file = $this->baduafile;
if ($ndata != '') {
$newline = $ndata . "\t" . $ndesc . "\n";
}
break;
}
$this->_arrangeRecord($file, $del, $newline);
// 同步進行刪除及更新
}
if ($op == 'imghash') {
foreach ($del as $file) {
if (file_exists($this->imghash_imgdir . $file)) {
unlink($this->imghash_imgdir . $file);
}
if (file_exists($this->imghash_hashdir . $file . '.imghash')) {
unlink($this->imghash_hashdir . $file . '.imghash');
}
}
}
if (isset($_POST['ajax'])) {
// AJAX 要求在此即停止,一般要求則繼續印出頁面
$extend = $op == 'ip' ? '<td>' . date('Y/m/d H:m:s', time()) . " ({$nperiod})</td>" : '';
// IP黑名單資訊比圖檔多
echo '<tr><td>' . htmlspecialchars($ndata) . '</td><td>' . $ndesc . '</td>' . $extend . '<td><input type="checkbox" name="del[]" value="#NO#" /></td></tr>';
return;
}
}
$dat = '';
$PMS->hookModuleMethod('Head', array(&$this, '_hookHeadCSS'));
head($dat);
$dat .= '<div class="bar_admin">封鎖黑名單管理</div>
<div id="content">
<form action="' . $this->mypage . '" method="post">
<div id="ipconfig"><input type="hidden" name="operate" value="ip" />
IP 黑名單<br />
Pattern: <input type="text" name="newdata" size="30" />
Period: <input type="text" name="newperiod" size="5" value="0" />Day(s)
Desc: <input type="text" name="newdesc" size="30" />
<input type="submit" value="新增" onclick="return add(this.form);" /><br />
<div class="dos_list_short">
<table border="0" width="100%">
<tr><td>Pattern</td><td>Description</td><td>Add Date (Period)</td><td>Delete</td></tr>
';
foreach ($this->_parseBlackListFile($this->ipfile) as $i => $l) {
$dat .= '<tr><td>' . htmlspecialchars($l[0]) . '</td><td>' . (isset($l[1]) ? $l[1] : '') . '</td>' . '<td>' . (isset($l[2]) ? date('Y/m/d H:m:s', $l[2]) : '-') . (isset($l[3]) ? ' (' . $l[3] . ')' : ' (0)') . '</td>' . '<td><input type="checkbox" name="del[]" value="' . $i . '" /></td></tr>' . "\n";
}
$dat .= '</table>
</div>
<input type="submit" value="刪除" />
</div>
</form>
<form action="' . $this->mypage . '" method="post">
<div id="imgconfig"><input type="hidden" name="operate" value="img" />
圖檔 MD5 黑名單<br />
MD5: <input type="text" name="newdata" size="30" />
Desc: <input type="text" name="newdesc" size="30" />
<input type="hidden" name="newperiod" value="0" />
<input type="submit" value="新增" onclick="return add(this.form);" /><br />
<div class="dos_list_short">
<table border="0" width="100%">
<tr><td>MD5</td><td>Description</td><td>Delete</td></tr>
';
foreach ($this->_parseBlackListFile($this->imgfile) as $i => $l) {
$dat .= '<tr><td>' . htmlspecialchars($l[0]) . '</td><td>' . (isset($l[1]) ? $l[1] : '') . '</td><td><input type="checkbox" name="del[]" value="' . $i . '" /></td></tr>' . "\n";
}
$dat .= '</table>
</div>
<input type="submit" value="刪除" />
</div>
</form>';
if ($this->use_imghash) {
$dat .= '<form action="' . $this->mypage . '" method="post">
<div id="imgconfig"><input type="hidden" name="operate" value="imghash" />
圖檔 imghash 黑名單<br />
<div class="dos_list_short">
<table border="0" width="100%">
<tr><td>File</td><td>Preview</td><td>Delete</td></tr>
';
$pfolder = opendir($this->imghash_imgdir);
//Folder
$pnamebase = array();
while ($file = readdir($pfolder)) {
if (is_file($this->imghash_imgdir . $file)) {
$dat .= '<tr><td>' . $file . '</td><td><a href="' . $this->imghash_imgdir . $file . '" target="_blank">■</a></td><td><input type="checkbox" name="del[]" value="' . $file . '" /></td></tr>' . "\n";
}
}
closedir($pfolder);
$dat .= '</table>
</div>
<input type="submit" value="刪除" />
</div>
</form>';
}
$dat .= '<form action="' . $this->mypage . '" method="post">
<div id="imgconfig"><input type="hidden" name="operate" value="badstr" />
文字黑名單<br />
文字列(可用正規表達式,不需用 / 斜線): <input type="text" name="newdata" size="30" />
Desc: <input type="text" name="newdesc" size="30" />
<input type="hidden" name="newperiod" value="0" /> <label><input type="checkbox" name="plaintext" value="1" onchange="this.form.newperiod.value=this.checked?1:0" />純文字</label>
<input type="submit" value="新增" onclick="return add(this.form);" /><br />
<div class="dos_list_short">
<table border="0" width="100%">
<tr><td>文字列</td><td>Description</td><td>Delete</td></tr>
';
foreach ($this->_parseBlackListFile($this->badstrfile) as $i => $l) {
$dat .= '<tr><td>' . htmlspecialchars($l[0]) . '</td><td>' . (isset($l[1]) ? $l[1] : '') . '</td><td><input type="checkbox" name="del[]" value="' . $i . '" /></td></tr>' . "\n";
}
$dat .= '</table>
</div>
<input type="submit" value="刪除" />
</div>';
$dat .= '<form action="' . $this->mypage . '" method="post">
<div id="uaconfig"><input type="hidden" name="operate" value="badua" />
User Agent黑名單<br />
文字列(可用正規表達式,不需用 / 斜線): <input type="text" name="newdata" size="30" />
Desc: <input type="text" name="newdesc" size="30" />
<input type="hidden" name="newperiod" value="0" /> <label><input type="checkbox" name="plaintext" value="1" onchange="this.form.newperiod.value=this.checked?1:0" />純文字</label>
<input type="submit" value="新增" onclick="return add(this.form);" /><br />
<div class="dos_list_short">
<table border="0" width="100%">
<tr><td>文字列</td><td>Description</td><td>Delete</td></tr>
';
foreach ($this->_parseBlackListFile($this->baduafile) as $i => $l) {
$dat .= '<tr><td>' . htmlspecialchars($l[0]) . '</td><td>' . (isset($l[1]) ? $l[1] : '') . '</td><td><input type="checkbox" name="del[]" value="' . $i . '" /></td></tr>' . "\n";
}
$dat .= '</table>
</div>
<input type="submit" value="刪除" />
</div>
</form>
<hr />
<div id="help"><pre>
說明
Pattern:
可封鎖特定IP/Hostname發文。以使用者的IP位置或Host名稱進行判斷,所以兩種形式都可以使用。
例如 127.0.0.1 (IP) 和 localhost (Host) 代表的都是相同的電腦。
接受下列格式
- 完全相符
即是完全一模一樣的情況下才封鎖。
範例:
127.0.0.1 (127.0.0.1 O;127.0.0.2 X)
localhost (localhost O;local X)
- 萬用字元
可接受 * , ? 來代替一段未知的字元 (如同大家熟知的使用方式),這樣一來可匹配的情況將增加。
範例:
192.168.0.* (192.168.0.3 O;192.168.1.3 X)
local* (localhost O;remotehost X)
- 正規表達式
使用Regular Expression來進行匹配,可作出更多樣、更適合的條件。注意使用時需要使用 / 斜線將表達式括住。
範例:
/127\\.0\\.0\\.[0-9]{2}/ (127.0.0.28 O;127.0.0.1 X)
/^.+\\.proxy\\.com$/ (gate1.proxy.com O;proxy2.com.tw X)
- CIDR Notation
使用 Classless Addressing 這種更有彈性的方式切割子網路,其表示法稱作 CIDR,以一段IP位置加上Mask來劃分子網路 (注意此表示法僅能使用 IP)。
範例:
192.168.0.1/20 (192.168.7.243 O;192.168.18.144 X)
Period:
設定封鎖期限,在過期時可以自動刪除解鎖,以天為單位。如果想永久封鎖 (系統不自動回收,需手動解鎖) 則將此值設為 0 (0 表示無期限)。</pre>
</div>
</div>';
foot($dat);
echo $dat;
}
function valid()
{
$PMS = PMCLibrary::getPMSInstance();
$pass = isset($_POST['pass']) ? $_POST['pass'] : '';
// 管理者密碼
$haveperm = false;
$isCheck = adminAuthenticate('check');
// 登入是否正確
if (!$isCheck && $pass) {
$haveperm = passwordVerify($pass);
$PMS->useModuleMethods('Authenticate', array($pass, 'admin', &$haveperm));
if ($haveperm) {
adminAuthenticate('login');
$isCheck = true;
} else {
error(_T('admin_wrongpassword'));
}
}
$dat = '';
head($dat);
$links = '[<a href="' . PHP_SELF2 . '?' . time() . '">' . _T('return') . '</a>] [<a href="' . PHP_SELF . '?mode=remake">' . _T('admin_remake') . '</a>] [<a href="' . PHP_SELF . '?page_num=0">' . _T('admin_frontendmanage') . '</a>]';
$PMS->useModuleMethods('LinksAboveBar', array(&$links, 'admin', $isCheck));
// LinksAboveBar hook point
$dat .= '<div id="banner">' . $links . '<div class="bar_admin">' . _T('admin_top') . '</div>
</div>
<form action="' . PHP_SELF . '" method="post" name="adminform">
<div id="admin-check" style="text-align: center;">
';
echo $dat;
if (!$isCheck) {
echo '<br />
<input type="radio" name="admin" value="del" checked="checked" />' . _T('admin_manageposts') . '
<input type="radio" name="admin" value="optimize" />' . _T('admin_optimize') . '
<input type="radio" name="admin" value="check" />' . _T('admin_check') . '
<input type="radio" name="admin" value="repair" />' . _T('admin_repair') . '
<input type="radio" name="admin" value="export" />' . _T('admin_export') . '<br />
<input type="hidden" name="mode" value="admin" />
<input type="password" name="pass" size="8" />
<input type="submit" value="' . _T('admin_verify_btn') . '" />
</div>
</form>';
die("\n</body>\n</html>");
} elseif (!isset($_REQUEST['admin'])) {
echo '<br />
<input type="radio" name="admin" value="del" checked="checked" />' . _T('admin_manageposts') . '
<input type="radio" name="admin" value="optimize" />' . _T('admin_optimize') . '
<input type="radio" name="admin" value="check" />' . _T('admin_check') . '
<input type="radio" name="admin" value="repair" />' . _T('admin_repair') . '
<input type="radio" name="admin" value="export" />' . _T('admin_export') . '
<input type="radio" name="admin" value="logout" />' . _T('admin_logout') . '<br />
<input type="hidden" name="mode" value="admin" />
<input type="submit" value="' . _T('admin_submit_btn') . '" />
</div>
</form>';
die("\n</body>\n</html>");
}
}
function ModulePage()
{
global $PIO, $FileIO, $PMS, $language, $BAD_STRING, $BAD_FILEMD5, $BAD_IPADDR, $LIMIT_SENSOR;
if (!isset($_GET['no'])) {
die('[Error] not enough parameter.');
}
if (!isset($_POST['mode'])) {
// 顯示表單
if (!$this->shown_in_page && !adminAuthenticate('check')) {
die('[Error] Access Denied.');
}
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
extract($post[0]);
$PMS->loadModules('mod_bbcode');
//嘗試載入mod_bbcode
if ($bbcode = $PMS->getModuleInstance('mod_bbcode')) {
$bbcode->_html2bb($com);
}
$name = preg_replace('|<span.*?>(.*?)</span>|', '\\1', $name);
$dat = '';
head($dat);
$PMS->hookModuleMethod('PostInfo', array($this, '_EditPostInfo'));
form($dat, $resto, false, $this->mypage . '&no=' . $_GET['no'], $name, $email, $sub, str_replace('<br />', "\n", $com), substr(str_replace(',', ',', $category), 1, -1), 'edit');
foot($dat);
echo $dat;
} else {
// 儲存
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
error(_T('regist_notpost'));
}
// 非正規POST方式
$post = $PIO->fetchPosts($_GET['no']);
$newValues = array();
if (!count($post)) {
die('[Error] Post does not exist.');
}
$name = isset($_POST[FT_NAME]) ? $_POST[FT_NAME] : '';
$email = isset($_POST[FT_EMAIL]) ? $_POST[FT_EMAIL] : '';
$sub = isset($_POST[FT_SUBJECT]) ? $_POST[FT_SUBJECT] : '';
$com = isset($_POST[FT_COMMENT]) ? $_POST[FT_COMMENT] : '';
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : '';
$category = isset($_POST['category']) ? $_POST['category'] : '';
$resto = isset($_POST['resto']) ? $_POST['resto'] : 0;
$upfile = '';
$upfile_path = '';
$upfile_name = false;
$upfile_status = 4;
$pwdc = isset($_COOKIE['pwdc']) ? $_COOKIE['pwdc'] : '';
if ($resto && !$PIO->isThread($resto)) {
die('[Error] Thread was deleted.');
}
$is_admin = $haveperm = $pwd == ADMIN_PASS || adminAuthenticate('check');
$PMS->useModuleMethods('Authenticate', array($pwd, 'useredit', &$haveperm));
if ($pwd == '' && $pwdc != '') {
$pwd = $pwdc;
}
$pwd_md5 = substr(md5($pwd), 2, 8);
$host = gethostbyaddr(getREMOTE_ADDR());
if (!($pwd_md5 == $post[0]['pwd'] || $host == $post[0]['host'] || $haveperm)) {
die('[Error] Access denied.');
}
// 欄位陷阱
$FTname = isset($_POST['name']) ? $_POST['name'] : '';
$FTemail = isset($_POST['email']) ? $_POST['email'] : '';
$FTsub = isset($_POST['sub']) ? $_POST['sub'] : '';
$FTcom = isset($_POST['com']) ? $_POST['com'] : '';
$FTreply = isset($_POST['reply']) ? $_POST['reply'] : '';
if ($FTname != 'spammer' || $FTemail != '*****@*****.**' || $FTsub != 'DO NOT FIX THIS' || $FTcom != 'EID OG SMAPS' || $FTreply != '') {
error(_T('regist_nospam'));
}
// 封鎖:IP/Hostname/DNSBL 檢查機能
$ip = getREMOTE_ADDR();
$host = gethostbyaddr($ip);
$baninfo = '';
if (BanIPHostDNSBLCheck($ip, $host, $baninfo)) {
error(_T('regist_ipfiltered', $baninfo));
}
// 封鎖:限制出現之文字
foreach ($BAD_STRING as $value) {
if (strpos($com, $value) !== false || strpos($sub, $value) !== false || strpos($name, $value) !== false || strpos($email, $value) !== false) {
error(_T('regist_wordfiltered'));
}
}
$PMS->useModuleMethods('RegistBegin', array(&$name, &$email, &$sub, &$com, array('file' => &$upfile, 'path' => &$upfile_path, 'name' => &$upfile_name, 'status' => &$upfile_status), array('ip' => $ip, 'host' => $host)));
// "RegistBegin" Hook Point
// 檢查是否輸入櫻花日文假名
$chkanti = array($name, $email, $sub, $com);
foreach ($chkanti as $anti) {
if (anti_sakura($anti)) {
error(_T('regist_sakuradetected'));
}
}
// 檢查表單欄位內容並修整
if (strlen($name) > 100) {
error(_T('regist_nametoolong'));
}
if (strlen($email) > 100) {
error(_T('regist_emailtoolong'));
}
if (strlen($sub) > 100) {
error(_T('regist_topictoolong'));
}
if (strlen($resto) > 10) {
error(_T('regist_longthreadnum'));
}
$email = CleanStr($email);
$email = str_replace("\r\n", '', $email);
$sub = CleanStr($sub);
$sub = str_replace("\r\n", '', $sub);
$resto = CleanStr($resto);
$resto = str_replace("\r\n", '', $resto);
// 名稱修整
$name = CleanStr($name);
$name = str_replace(_T('trip_pre'), _T('trip_pre_fake'), $name);
// 防止トリップ偽造
$name = str_replace(CAP_SUFFIX, _T('cap_char_fake'), $name);
// 防止管理員キャップ偽造
$name = str_replace("\r\n", '', $name);
$nameOri = $name;
// 名稱
if (preg_match('/(.*?)[##](.*)/u', $name, $regs)) {
// トリップ(Trip)機能
$name = $nameOri = $regs[1];
$cap = strtr($regs[2], array('&' => '&'));
$salt = preg_replace('/[^\\.-z]/', '.', substr($cap . 'H.', 1, 2));
$salt = strtr($salt, ':;<=>?@[\\]^_`', 'ABCDEFGabcdef');
$name = $name . _T('trip_pre') . substr(crypt($cap, $salt), -10);
}
if (CAP_ENABLE && preg_match('/(.*?)[##](.*)/', $email, $aregs)) {
// 管理員キャップ(Cap)機能
$acap_name = $nameOri;
$acap_pwd = strtr($aregs[2], array('&' => '&'));
if ($acap_name == CAP_NAME && $acap_pwd == CAP_PASS) {
$name = '<span class="admin_cap">' . $name . CAP_SUFFIX . '</span>';
$is_admin = true;
$email = $aregs[1];
// 去除 #xx 密碼
}
}
if (!$is_admin) {
// 非管理員
$name = str_replace(_T('admin'), '"' . _T('admin') . '"', $name);
$name = str_replace(_T('deletor'), '"' . _T('deletor') . '"', $name);
}
$name = str_replace('&◆', '&◆', $name);
// 避免 &#xxxx; 後面被視為 Trip 留下 & 造成解析錯誤
// 內文修整
if (strlen($com) > COMM_MAX && !$is_admin) {
error(_T('regist_commenttoolong'));
}
$com = CleanStr($com, $is_admin);
// 引入$is_admin參數是因為當管理員キャップ啟動時,允許管理員依config設定是否使用HTML
$com = str_replace("\r\n", "\n", $com);
$com = str_replace("\r", "\n", $com);
$com = ereg_replace("\n(( | )*\n){3,}", "\n", $com);
if (!BR_CHECK || substr_count($com, "\n") < BR_CHECK) {
$com = nl2br($com);
}
// 換行字元用<br />代替
$com = str_replace("\n", '', $com);
// 若還有\n換行字元則取消換行
if ($category && USE_CATEGORY) {
// 修整標籤樣式
$category = explode(',', $category);
// 把標籤拆成陣列
$category = ',' . implode(',', array_map('trim', $category)) . ',';
// 去空白再合併為單一字串 (左右含,便可以直接以,XX,形式搜尋)
} else {
$category = '';
}
$age = false;
$dest = '';
$W = $post[0]['tw'];
$H = $post[0]['th'];
$imgW = $post[0]['imgw'];
$imgH = $post[0]['imgh'];
$status = $post[0]['status'];
$PMS->useModuleMethods('RegistBeforeCommit', array(&$name, &$email, &$sub, &$com, &$category, &$age, $dest, $resto, array($W, $H, $imgW, $imgH), &$status));
// "RegistBeforeCommit" Hook Point
if ($name != $post[0]['name'] && $_POST[FT_NAME]) {
$newValues['name'] = $name;
}
if ($email != $post[0]['email'] && $_POST[FT_EMAIL]) {
$newValues['email'] = $email;
}
if ($sub != $post[0]['sub'] && $_POST[FT_SUBJECT]) {
$newValues['sub'] = $sub;
}
if ($com != $post[0]['com'] && $_POST[FT_COMMENT]) {
$newValues['com'] = $com;
}
if ($category != $post[0]['category'] && $_POST['category']) {
$newValues['category'] = $category;
}
$PIO->updatePost($_GET['no'], $newValues);
$PIO->dbCommit();
$parentNo = $post[0]['resto'] ? $post[0]['resto'] : $post[0]['no'];
$threads = array_flip($PIO->fetchThreadList());
$threadPage = floor($threads[$parentNo] / PAGE_DEF);
if (STATIC_HTML_UNTIL == -1 || $threadPage <= STATIC_HTML_UNTIL) {
updatelog(0, $threadPage, true);
}
// 僅更新討論串出現那頁
deleteCache(array($parentNo));
// 刪除討論串舊快取
header('HTTP/1.1 302 Moved Temporarily');
header('Location: ' . fullURL() . PHP_SELF2 . '?' . time());
}
}
function ModulePage()
{
global $PIO;
if (!adminAuthenticate('check')) {
die('403 Access denied');
}
$act = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($act == 'reorder') {
// 排序
$newTop = explode('|', $_POST['newTopmost']);
$newTop = array_reverse($newTop);
$newTop = trim(implode("\n", $newTop));
$this->_write($this->TOPMOST_LOG, $newTop);
$newBottom = trim(implode("\n", explode('|', $_POST['newBottommost'])));
$this->_write($this->BOTTOMMOST_LOG, $newBottom);
die('Done. Please go back.');
}
}
switch ($act) {
case 'top':
// 置頂
if ($PIO->isThread($_GET['no'])) {
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
$this->_write($this->TOPMOST_LOG, $_GET['no'] . "\n" . @file_get_contents($this->TOPMOST_LOG));
die('Done. Please go back.');
} else {
die('[Error] Thread does not exist.');
}
break;
case 'bottom':
// 置底
if ($PIO->isThread($_GET['no'])) {
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
$this->_write($this->BOTTOMMOST_LOG, @file_get_contents($this->BOTTOMMOST_LOG) . $_GET['no'] . "\n");
die('Done. Please go back.');
} else {
die('[Error] Thread does not exist.');
}
break;
default:
$dat = '';
head($dat);
echo $dat;
$dat = '';
echo '<script type="text/javascript">
function move(target,index,to) {
var list = document.getElementById(target);
var total = list.options.length-1;
if (index == -1) return false;
if (to == +1 && index == total) return false;
if (to == -1 && index == 0) return false;
var items = new Array;
var values = new Array;
for (i = total; i >= 0; i--) {
items[i] = list.options[i].text;
values[i] = list.options[i].value;
}
for (i = total; i >= 0; i--) {
if (index == i) {
list.options[i + to] = new Option(items[i],values[i], 0, 1);
list.options[i] = new Option(items[i + to], values[i +to]);
i--;
} else {
list.options[i] = new Option(items[i], values[i]);
}
}
list.focus();
return true;
}
function add(target,name,value){
target.options[target.length] = new Option(name, value);
}
function remove(target){
var list = document.getElementById(target);
var selIndex = list.selectedIndex;
if (selIndex != -1) {
for(i=list.length-1; i>=0; i--)
{
if(list.options[i].selected)
{
list.options[i] = null;
}
}
if (list.length > 0) {
list.selectedIndex = selIndex == 0 ? 0 : selIndex - 1;
}
}
}
function place(){
placeInHidden("|", "topmost", "ntop");
placeInHidden("|", "buttommost", "nbottom");
}
function placeInHidden(delim, selStr, hidStr){
var selObj = document.getElementById(selStr);
var hideObj = document.getElementById(hidStr);
hideObj.value = "";
for (i = 0; i <= selObj.options.length-1; i++) {
hideObj.value += selObj.options[i].value + delim;
}
}
</script>
<form action=' . $this->mypage . ' method="post" onsubmit="place()">
<input type="hidden" name="action" value="reorder" />
<table>
<tr>
<td>置頂:</td><td></td><td>置底:</td><td></td>
</tr>
<tr>
<td align="middle">';
echo ' <select id="topmost" size="30">';
$logs = @file($this->TOPMOST_LOG);
// order asc
$logs = array_reverse($logs);
foreach ($logs as $tm) {
echo ' <option value="' . $tm . '" >' . $tm . '</option>';
}
echo ' </select>
</td>
<td>
<input type="button" value="↑"
onClick="move(\'topmost\',document.getElementById(\'topmost\').selectedIndex,-1)"><br/><br/>
<input type="button" value="↓"
onClick="move(\'topmost\',document.getElementById(\'topmost\').selectedIndex,+1)"><br/><br/>
<input type="button" value="解"
onClick="remove(\'topmost\')">
</td>
<td align="middle">';
echo ' <select id="buttommost" size="30">';
$logs = @file($this->BOTTOMMOST_LOG);
// order asc
foreach ($logs as $bm) {
echo ' <option value="' . $bm . '" >' . $bm . '</option>';
}
echo ' </select>
</td>
<td>
<input type="button" value="↑"
onClick="move(\'buttommost\',document.getElementById(\'buttommost\').selectedIndex,-1)"><br/><br/>
<input type="button" value="↓"
onClick="move(\'buttommost\',document.getElementById(\'buttommost\').selectedIndex,+1)"><br/><br/>
<input type="button" value="解"
onClick="remove(\'buttommost\')">
</td>
</tr>
<tr><td colspan="4"><input type="hidden" name="newTopmost" id="ntop" value="" /><input type="hidden" name="newBottommost" id="nbottom" value="" />
<input type="hidden" name="action" value="reorder">
<input type="submit">
</td>
</tr>
</table></form>';
$dat = '';
foot($dat);
echo $dat;
}
}
function ModulePage()
{
global $PMS, $PIO, $FileIO;
if (!adminAuthenticate('check')) {
die('[Error] Access Denied.');
}
$content = '';
// POST
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
// 刪除
$del = isset($_POST['del']) ? $_POST['del'] : null;
if ($del != null) {
$files = $PIO->removePosts($del);
$delta_totalsize = 0;
if (count($files)) {
$delta_totalsize -= $FileIO->deleteImage($files);
}
if ($delta_totalsize != 0) {
total_size($delta_totalsize);
}
foreach ($del as $n) {
if ($oldCaches = glob('./cache/' . $n . '-*')) {
foreach ($oldCaches as $o) {
@unlink($o);
}
}
}
}
// 對 host 作 search
$filter = isset($_POST['filter']) ? CleanStr($_POST['filter']) : '';
if ($filter != '') {
$res = $PIO->searchPost($filter, '`host`', 'AND');
foreach ($res as $p) {
$no = $p['no'];
$now = $p['now'];
$host = $p['host'];
$com = htmlspecialchars(str_cut(str_replace('<br />', ' ', $p['com']), 50));
$content .= <<<HERE
<tr>
\t<td><input type="checkbox" name="del[]" value="{$no}" /></td>
\t<td>{$no}</td>
\t<td>{$now}</td>
\t<td>{$com}</td>
\t<td>{$host}</td>
</tr>
HERE;
}
// 沒結果
if (count($res) == 0) {
$content = '<tr><td rows="5">Not Found</td></tr>';
}
}
// AJAX 要求在此即停止,一般要求則繼續印出頁面
if (isset($_POST['ajax'])) {
echo $content;
return;
}
}
// 顯示表單
$dat = '';
head($dat);
$dat .= '<div class="bar_admin">搜尋 IP</div>
<div id="content">
<form action="' . $this->SELF . '" method="post">
<div id="ipconfig">
Filter: <input type="text" name="filter" size="30" />
<input type="submit" value="搜尋" onclick="return search(this.form);" /><br />
<table border="0" width="100%">
<tr><th>Delete</th><th>No.</th><th>Date</th><th>Comment</th><th>Host</th></tr>
' . $content . '
</table>
<input type="submit" value="刪除" />
</div>
</form>
<hr />
</div>
<script type="text/javascript">
// <![CDATA[
function search(form){
var f = form.filter.value;
$.post("' . str_replace('&', '&', $this->SELF) . '", {filter: f, ajax: true}, function(d){
$("table", form)
// Remove all items except header
.find("tr:gt(0)").remove()
// Fill the results
.end().append(d);
});
return false;
}
// ]]>
</script>
';
foot($dat);
echo $dat;
}
$_SESSION['no_ssl'] = true;
if (defined('DEBUG_MODE') && DEBUG_MODE === true) {
popup_info('Succefully connected the Session Manager using HTTP method, will alwais use HTTP for this session');
}
}
$_SESSION['admin_login'] = $login_;
$_SESSION['admin_password'] = $password_;
$_SESSION['service'] = $service;
return true;
}
if (isset($_POST['admin_login']) && $_POST['admin_login'] != '' && isset($_POST['admin_password']) && $_POST['admin_password'] != '') {
unset($_SESSION['admin_login']);
if (isset($_SESSION['admin_ovd_user'])) {
unset($_SESSION['admin_ovd_user']);
}
adminAuthenticate($_POST['admin_login'], $_POST['admin_password']);
}
if (array_key_exists('service', $_SESSION) and array_key_exists('admin_login', $_SESSION) and array_key_exists('admin_password', $_SESSION)) {
if (isset($_SESSION['redirect'])) {
$buf = base64_decode($_SESSION['redirect']);
unset($_SESSION['redirect']);
redirect($buf);
} else {
redirect('index.php');
}
}
$main_title = DEFAULT_PAGE_TITLE;
header_static($main_title . ' - ' . _('Administration'));
?>
<script type="text/javascript">
Event.observe(window, 'load', function() {
function ModulePage()
{
global $PIO, $FileIO;
if (!adminAuthenticate('check')) {
die('403 Access denied');
}
$act = isset($_GET['action']) ? $_GET['action'] : '';
switch ($act) {
case 'sage':
// 強制sage
if ($PIO->isThread($_GET['no'])) {
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
$flgh = $PIO->getPostStatus($post[0]['status']);
$flgh->toggle('asage');
$PIO->setPostStatus($post[0]['no'], $flgh->toString());
$PIO->dbCommit();
die('Done. Please go back.');
} else {
die('[Error] Thread does not exist.');
}
break;
case 'thumb':
// 替換縮圖
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
if ($post[0]['ext']) {
if (!$FileIO->imageExists($post[0]['tim'] . $post[0]['ext'])) {
die('[Error] attachment does not exist.');
}
$flgh = $PIO->getPostStatus($post[0]['status']);
$flgh->toggle('htmb');
$PIO->setPostStatus($post[0]['no'], $flgh->toString());
$PIO->dbCommit();
die('Done. Please go back.');
} else {
die('[Error] Post does not have attechment.');
}
break;
case 'agif':
// 動態GIF
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
if ($post[0]['ext'] && $post[0]['ext'] == '.gif') {
if (!$FileIO->imageExists($post[0]['tim'] . $post[0]['ext'])) {
die('[Error] attachment does not exist.');
}
$flgh = $PIO->getPostStatus($post[0]['status']);
$flgh->toggle('agif');
$PIO->setPostStatus($post[0]['no'], $flgh->toString());
$PIO->dbCommit();
die('Done. Please go back.');
} else {
die('[Error] Post does not have attechment.');
}
break;
}
}
public function ModulePage()
{
$PIO = PMCLibrary::getPIOInstance();
$thisPage = $this->getModulePageURL();
// 基底位置
$dat = '';
// HTML Buffer
$listMax = $PIO->threadCount();
// 討論串總筆數
$pageMax = ceil($listMax / $this->THREADLIST_NUMBER) - 1;
// 分頁最大編號
$page = isset($_GET['page']) ? intval($_GET['page']) : 0;
// 目前所在分頁頁數
$sort = isset($_GET['sort']) ? $_GET['sort'] : 'no';
if ($page < 0 || $page > $pageMax) {
exit('Page out of range.');
}
// $page 超過範圍
if (strpos($sort, 'post') !== false) {
$plist = $PIO->fetchThreadList();
$pc = $this->_getPostCounts($plist);
$this->_kasort($pc, $sort == 'postdesc', true);
// 切出需要的大小
$plist = array_slice(array_keys($pc), $this->THREADLIST_NUMBER * $page, $this->THREADLIST_NUMBER);
} else {
$plist = $PIO->fetchThreadList($this->THREADLIST_NUMBER * $page, $this->THREADLIST_NUMBER, $sort == 'date' ? false : true);
// 編號由大到小排序
self::$PMS->useModuleMethods('ThreadOrder', array(0, $page, 0, &$plist));
// "ThreadOrder" Hook Point
$pc = $this->_getPostCounts($plist);
}
$post = $PIO->fetchPosts($plist);
// 取出資料
$post_count = count($post);
if ($sort == 'date' || strpos($sort, 'post') !== false) {
// 要重排次序
$mypost = array();
foreach ($plist as $p) {
while (list($k, $v) = each($post)) {
if ($v['no'] == $p) {
$mypost[] = $v;
unset($post[$k]);
break;
}
}
reset($post);
}
$post = $mypost;
}
head($dat);
$dat .= '<script>
var selectall = "";
function checkall(){
selectall = selectall ? "" : "checked";
var inputs = document.getElementsByTagName("input");
for(x=0; x < inputs.length; x++){
if(inputs[x].type == "checkbox" && parseInt(inputs[x].name)) {
inputs[x].checked = selectall;
}
}
}
</script>';
$dat .= '<div id="contents">
[<a href="' . PHP_SELF2 . '?' . time() . '">' . _T('return') . '</a>]
<div class="bar_reply">' . $this->_T('page_title') . '</div>' . ($this->SHOW_FORM ? '<form action="' . PHP_SELF . '" method="post">' : '') . '<table align="center" width="98%"><tr>
' . ($this->SHOW_FORM ? '<th><a href="javascript:checkall()">↓</a></th>' : '') . '
<th><a href="' . $thisPage . '&sort=no">No.' . ($sort == 'no' ? ' ▼' : '') . '</a></th>
<th width="48%">' . _T('form_topic') . '</th>
<th>' . _T('form_name') . '</th>
<th><a href="' . $thisPage . '&sort=' . ($sort == 'postdesc' ? 'postasc' : 'postdesc') . '">' . _T('reply_btn') . ($sort == 'postdesc' ? ' ▼' : ($sort == 'postasc' ? ' ▲' : '')) . '</a></th>
<th><a href="' . $thisPage . '&sort=date">' . $this->_T('date') . ($sort == 'date' ? ' ▼' : '') . '</a></th></tr>
';
for ($i = 0; $i < $post_count; $i++) {
list($no, $sub, $name, $now) = array($post[$i]['no'], $post[$i]['sub'], $post[$i]['name'], $post[$i]['now']);
$rescount = $pc[$no] - 1;
if ($this->HIGHLIGHT_COUNT > 0 && $rescount > $this->HIGHLIGHT_COUNT) {
$rescount = '<span style="color:red">' . $rescount . '</span>';
}
$dat .= '<tr class="ListRow' . ($i % 2 + 1) . '_bg">' . ($this->SHOW_FORM ? '<td><input type="checkbox" name="' . $no . '" value="delete" /></td>' : '') . '<td>' . $no . '</td><td><a href="' . PHP_SELF . '?res=' . $no . '">' . $sub . '</a></td><td>' . $name . '</td><td>' . $rescount . '</td><td>' . $now . '</td></tr>' . "\n";
}
$dat .= '</table>
<hr />
<div id="page_switch">
<table border="1" style="float: left;"><tr>
';
if ($page) {
$dat .= '<td><a href="' . $thisPage . '&page=' . ($page - 1) . '&sort=' . $sort . '">' . _T('prev_page') . '</a></td>';
} else {
$dat .= '<td style="white-space: nowrap;">' . _T('first_page') . '</td>';
}
$dat .= '<td>';
for ($i = 0; $i <= $pageMax; $i++) {
if ($i == $page) {
$dat .= '[<b>' . $i . '</b>] ';
} else {
$dat .= '[<a href="' . $thisPage . '&page=' . $i . '&sort=' . $sort . '">' . $i . '</a>] ';
}
}
$dat .= '</td>';
if ($page < $pageMax) {
$dat .= '<td><a href="' . $thisPage . '&page=' . ($page + 1) . '&sort=' . $sort . '">' . _T('next_page') . '</a></td>';
} else {
$dat .= '<td style="white-space: nowrap;">' . _T('last_page') . '</td>';
}
$dat .= '
</tr></table>
</div>';
if ($this->SHOW_FORM) {
$adminMode = adminAuthenticate('check');
// 前端管理模式
$adminFunc = '';
// 前端管理選擇
if ($adminMode) {
$adminFunc = '<select name="func"><option value="delete">' . _T('admin_delete') . '</option>';
$funclist = array();
$dummy = '';
self::$PMS->useModuleMethods('AdminFunction', array('add', &$funclist, null, &$dummy));
// "AdminFunction" Hook Point
foreach ($funclist as $f) {
$adminFunc .= '<option value="' . $f[0] . '">' . $f[1] . '</option>' . "\n";
}
$adminFunc .= '</select>';
}
$pte_vals = array('{$DEL_HEAD_TEXT}' => '<input type="hidden" name="mode" value="usrdel" />' . _T('del_head'), '{$DEL_IMG_ONLY_FIELD}' => '<input type="checkbox" name="onlyimgdel" id="onlyimgdel" value="on" />', '{$DEL_IMG_ONLY_TEXT}' => _T('del_img_only'), '{$DEL_PASS_TEXT}' => ($adminMode ? $adminFunc : '') . _T('del_pass'), '{$DEL_PASS_FIELD}' => '<input type="password" name="pwd" size="8" value="" />', '{$DEL_SUBMIT_BTN}' => '<input type="submit" value="' . _T('del_btn') . '" />');
$dat .= PMCLibrary::getPTEInstance()->ParseBlock('DELFORM', $pte_vals) . '</form>';
}
$dat .= '</div>';
foot($dat);
echo $dat;
}
$policy = $user->getPolicy();
if (isset($policy['canUseAdminPanel']) && $policy['canUseAdminPanel'] == true) {
return $user;
}
Logger::info('main', 'login.php failed to log in ' . $login_ . ' : access denied to admin panel');
$_SESSION['admin_error'] = _('Unauthorized access');
return false;
}
if (isset($_POST['admin_login']) && $_POST['admin_login'] != '' && isset($_POST['admin_password']) && $_POST['admin_password'] != '') {
unset($_SESSION['admin_login']);
if (isset($_SESSION['admin_ovd_user'])) {
unset($_SESSION['admin_ovd_user']);
}
$login = $_POST['admin_login'];
$password = $_POST['admin_password'];
if (adminAuthenticate($login, $password)) {
$_SESSION['admin_login'] = $login;
} else {
$user = authenticate_ovd_user($login, $password);
if ($user !== false) {
$_SESSION['admin_login'] = $login;
$_SESSION['admin_ovd_user'] = $user;
}
}
}
if (isset($_SESSION['admin_login'])) {
if (isset($_SESSION['redirect'])) {
$buf = base64_decode($_SESSION['redirect']);
unset($_SESSION['redirect']);
redirect($buf);
} else {
public function ModulePage()
{
$PIO = PMCLibrary::getPIOInstance();
if (!isset($_GET['no'])) {
die('[Error] not enough parameter.');
}
if (isset($_GET['action'])) {
if (adminAuthenticate('check')) {
$pushcount = '';
$puststart = 0;
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
// 被推之文章不存在
extract($post[0]);
if ($status != '') {
$f = $PIO->getPostStatus($status);
$pushcount = $f->value('mppCnt');
// 被推次數
}
if (($puststart = strpos($com, $this->PUSHPOST_SEPARATOR . '<br />')) === false) {
die('[Error] No pushpost.');
}
$ocom = substr($com, 0, $puststart);
$pushpost = explode('<br />', substr($com, $puststart + strlen($this->PUSHPOST_SEPARATOR . '<br />')));
$com = $ocom;
if ($_GET['action'] == 'del') {
// list
$p_count = 1;
$com .= '<div class="pushpost">';
foreach ($pushpost as $p) {
$com .= '<input type="checkbox" name="' . $p_count++ . '" value="delete" />' . $p . '<br />';
}
$com .= '</div>';
$dat = '';
head($dat);
$dat .= '<div class="bar_reply">' . $this->_T('deletepush') . '</div>';
$dat .= '<form action="' . $this->getModulePageURL(array('action' => 'delpush', 'no' => $_GET['no'])) . '" method="post">';
$dat .= PMCLibrary::getPTEInstance()->ParseBlock('SEARCHRESULT', array('{$NO}' => $no, '{$SUB}' => $sub, '{$NAME}' => $name, '{$NOW}' => $now, '{$COM}' => $com, '{$CATEGORY}' => $category, '{$NAME_TEXT}' => _T('post_name'), '{$CATEGORY_TEXT}' => _T('post_category')));
echo $dat, '<input type="submit" value="' . _T('del_btn') . '" /></form></body></html>';
return;
} else {
if ($_GET['action'] == 'delpush') {
// delete
$delno = array();
reset($_POST);
while ($item = each($_POST)) {
if ($item[1] == 'delete' && $item[0] != 'func') {
array_push($delno, $item[0]);
}
}
if (count($delno)) {
foreach ($delno as $d) {
if (isset($pushpost[$d - 1])) {
unset($pushpost[$d - 1]);
}
}
}
$pushcount = count($pushpost);
if ($pushcount) {
$f->update('mppCnt', $pushcount);
// 更新推文次數
$com = $ocom . $this->PUSHPOST_SEPARATOR . '<br />' . implode('<br />', $pushpost);
} else {
$f->remove('mppCnt');
// 刪除推文次數
$com = $ocom;
}
$PIO->updatePost($_GET['no'], array('com' => $com, 'status' => $f->toString()));
// 更新推文
$PIO->dbCommit();
header('HTTP/1.1 302 Moved Temporarily');
header('Location: ' . fullURL() . PHP_SELF . '?page_num=0');
return;
} else {
die('[Error] unknown action.');
}
}
} else {
die('[Error] unauthenticated action.');
}
}
// 非 AJAX 推文,產出表單供填寫
if (!isset($_POST['comm'])) {
echo $this->printStaticForm(intval($_GET['no']));
} else {
// 處理推文
// 傳送方法不正確
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
die(_T('regist_notpost'));
}
// 查IP
$baninfo = '';
$ip = getREMOTE_ADDR();
$host = gethostbyaddr($ip);
if (BanIPHostDNSBLCheck($ip, $host, $baninfo)) {
die(_T('regist_ipfiltered', $baninfo));
}
$name = CleanStr($_POST['name']);
$comm = CleanStr($_POST['comm']);
if (strlen($name) > 30) {
die($this->_T('maxlength'));
}
// 名稱太長
if (strlen($comm) > 160) {
die($this->_T('maxlength'));
}
// 太多字
if (strlen($comm) == 0) {
die($this->_T('nocomment'));
}
// 沒打字
$name = str_replace(array(_T('trip_pre'), _T('admin'), _T('deletor')), array(_T('trip_pre_fake'), '"' . _T('admin') . '"', '"' . _T('deletor') . '"'), $name);
// 生成ID, Trip 等識別資訊
$pushID = $this->getID();
$pushtime = gmdate('y/m/d H:i', time() + intval(TIME_ZONE) * 3600);
if (preg_match('/(.*?)[##](.*)/u', $name, $regs)) {
$cap = strtr($regs[2], array('&' => '&'));
$salt = strtr(preg_replace('/[^\\.-z]/', '.', substr($cap . 'H.', 1, 2)), ':;<=>?@[\\]^_`', 'ABCDEFGabcdef');
$name = $regs[1] . _T('trip_pre') . substr(crypt($cap, $salt), -10);
}
if (!$name || preg_match("/^[ | |]*\$/", $name)) {
if (ALLOW_NONAME) {
$name = DEFAULT_NONAME;
} else {
die(_T('regist_withoutname'));
}
// 不接受匿名
}
if (ALLOW_NONAME == 2) {
// 強制砍名
$name = preg_match('/(\\' . _T('trip_pre') . '.{10})/', $name, $matches) ? $matches[1] . ':' : DEFAULT_NONAME . ':';
} else {
$name .= ':';
}
$pushpost = "{$name} {$comm} ({$pushID} {$pushtime})";
// 推文主體
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
// 被推之文章不存在
$parentNo = $post[0]['resto'] ? $post[0]['resto'] : $post[0]['no'];
$threads = array_flip($PIO->fetchThreadList());
$threadPage = floor($threads[$parentNo] / PAGE_DEF);
$p = $parentNo == $post[0]['no'] ? $post : $PIO->fetchPosts($parentNo);
// 取出首篇
$flgh = $PIO->getPostStatus($p[0]['status']);
if ($flgh->exists('TS')) {
die('[Error] ' . _T('regist_threadlocked'));
}
// 首篇禁止回應/同時表示禁止推文
$post[0]['com'] .= (strpos($post[0]['com'], $this->PUSHPOST_SEPARATOR . '<br />') === false ? '<br />' . $this->PUSHPOST_SEPARATOR : '') . '<br /> ' . $pushpost;
$flgh2 = $PIO->getPostStatus($post[0]['status']);
$flgh2->plus('mppCnt');
// 推文次數+1
$PIO->updatePost($_GET['no'], array('com' => $post[0]['com'], 'status' => $flgh2->toString()));
// 更新推文
$PIO->dbCommit();
// mod_audit logcat
$this->callCHP('mod_audit_logcat', array(sprintf('[%s] No.%d %s (%s)', __CLASS__, $_GET['no'], $comm, $pushID)));
if (STATIC_HTML_UNTIL == -1 || $threadPage <= STATIC_HTML_UNTIL) {
// 僅更新討論串出現那頁
updatelog(0, $threadPage, true);
}
deleteCache(array($parentNo));
// 刪除討論串舊快取
if (isset($_POST['ajaxmode'])) {
echo '+OK ', $pushpost;
} else {
header('HTTP/1.1 302 Moved Temporarily');
header('Location: ' . fullURL() . PHP_SELF2 . '?' . time());
}
}
}
function ModulePage()
{
global $PTE, $PMS, $PIO, $FileIO;
$thisPage = $PMS->getModulePageURL('mod_catalog');
// 基底位置
$dat = '';
// HTML Buffer
$listMax = $PIO->postCount();
// 文章總筆數
$pageMax = ceil($listMax / $this->CATALOG_NUMBER) - 1;
// 分頁最大編號
$page = isset($_GET['page']) ? intval($_GET['page']) : 0;
// 目前所在分頁頁數
if ($page < 0 || $page > $pageMax) {
exit('Page out of range.');
}
// $page 超過範圍
if (!$this->USE_SEARCH_CODE && !isset($_GET['search'])) {
$plist = $PIO->fetchPostList(0, $this->CATALOG_NUMBER * $page, $this->CATALOG_NUMBER);
// 取得定位正確的 N 筆資料號碼
$post = $PIO->fetchPosts($plist);
// 取出資料
} else {
$post = $PIO->searchPost(array('.'), 'ext', 'AND');
$pageMax = ceil(count($post) / $this->CATALOG_NUMBER) - 1;
$post = array_slice($post, $this->CATALOG_NUMBER * $page, $this->CATALOG_NUMBER);
}
$post_count = count($post);
$PMS->hookModuleMethod('Head', array(&$this, 'hookHeadCSS'));
head($dat);
$dat .= '<div id="contents">
[<a href="' . PHP_SELF2 . '?' . time() . '">回到版面</a>]
<div class="bar_reply">相簿模式' . (@$_GET['style'] == 'detail' ? ' <a href="' . $thisPage . ($page ? '&page=' . $page : '') . (isset($_GET['search']) ? '&search' : '') . '&style=simple">■</a>' : ' <a href="' . $thisPage . ($page ? '&page=' . $page : '') . (isset($_GET['search']) ? '&search' : '') . '&style=detail">≡</a>') . '</div>
';
if ($_GET['style'] == 'detail') {
$dat .= '<script>
function hover(obj,ishover){
if(ishover) obj.className="tools-expend";
else obj.className="tools";
}
</script>
<form action="' . PHP_SELF . '" method="post">';
}
// 逐步取資料
for ($i = 0; $i < $post_count; $i++) {
list($no, $resto, $imgw, $imgh, $tw, $th, $tim, $ext, $now) = array($post[$i]['no'], $post[$i]['resto'], $post[$i]['imgw'], $post[$i]['imgh'], $post[$i]['tw'], $post[$i]['th'], $post[$i]['tim'], $post[$i]['ext'], $post[$i]['now']);
if ($FileIO->imageExists($tim . $ext)) {
$dat .= '<div class="list">' . (@$_GET['style'] == 'detail' ? '<div class="tools" onmouseover="hover(this,true)" onmouseout="hover(this,false)"><input type="checkbox" name="' . $no . '" value="delete" /><a href="' . PHP_SELF . '?res=' . ($resto ? $resto : $no) . '#r' . $no . '">†</a></div>' : '') . '<a href="' . $FileIO->getImageURL($tim . $ext) . '" rel="_blank"><img src="' . $FileIO->getImageURL($tim . 's.jpg') . '" style="' . $this->OptimizeImageWH($tw, $th) . '" title="' . (@$_GET['style'] == 'detail' ? 'No.' . $no . ($resto ? '(' . $resto . ')' : '') . ' ' . $now . ' ' : '') . $imgw . 'x' . $imgh . '" alt="' . $tim . $ext . '" /></a></div>' . "\n";
}
}
$dat .= '</div><hr />';
if (@$_GET['style'] == 'detail') {
$adminMode = adminAuthenticate('check');
// 前端管理模式
$adminFunc = '';
// 前端管理選擇
if ($adminMode) {
$adminFunc = '<select name="func"><option value="delete">' . _T('admin_delete') . '</option>';
$funclist = array();
$dummy = '';
$PMS->useModuleMethods('AdminFunction', array('add', &$funclist, null, &$dummy));
// "AdminFunction" Hook Point
foreach ($funclist as $f) {
$adminFunc .= '<option value="' . $f[0] . '">' . $f[1] . '</option>' . "\n";
}
$adminFunc .= '</select>';
}
$pte_vals = array('{$DEL_HEAD_TEXT}' => '<input type="hidden" name="mode" value="usrdel" />' . _T('del_head'), '{$DEL_IMG_ONLY_FIELD}' => '<input type="checkbox" name="onlyimgdel" id="onlyimgdel" value="on" />', '{$DEL_IMG_ONLY_TEXT}' => _T('del_img_only'), '{$DEL_PASS_TEXT}' => ($adminMode ? $adminFunc : '') . _T('del_pass'), '{$DEL_PASS_FIELD}' => '<input type="password" name="pwd" size="8" value="" />', '{$DEL_SUBMIT_BTN}' => '<input type="submit" value="' . _T('del_btn') . '" />');
$dat .= $PTE->ParseBlock('DELFORM', $pte_vals) . '</form>';
}
$dat .= '
<div id="page_switch">
<table border="1" style="float: left;"><tr>
';
if ($page) {
$dat .= '<td><a href="' . $thisPage . '&page=' . ($page - 1) . (@$_GET['style'] == 'detail' ? '&style=detail' : '') . (isset($_GET['search']) ? '&search' : '') . '">上一頁</a></td>';
} else {
$dat .= '<td style="white-space: nowrap;">第一頁</td>';
}
$dat .= '<td>';
for ($i = 0; $i <= $pageMax; $i++) {
if ($i == $page) {
$dat .= '[<b>' . $i . '</b>] ';
} else {
$dat .= '[<a href="' . $thisPage . '&page=' . $i . (@$_GET['style'] == 'detail' ? '&style=detail' : '') . (isset($_GET['search']) ? '&search' : '') . '">' . $i . '</a>] ';
}
}
$dat .= '</td>';
if ($page < $pageMax) {
$dat .= '<td><a href="' . $thisPage . '&page=' . ($page + 1) . (@$_GET['style'] == 'detail' ? '&style=detail' : '') . (isset($_GET['search']) ? '&search' : '') . '">下一頁</a></td>';
} else {
$dat .= '<td style="white-space: nowrap;">最後一頁</td>';
}
$dat .= '
</tr></table>
</div>
';
foot($dat);
echo $dat;
}
