function AddGbook($add) { global $empire, $dbtbpre, $level_r, $public_r; //验证IP eCheckAccessDoIp('gbook'); CheckCanPostUrl(); //验证来源 $bid = (int) getcvar('gbookbid'); if (empty($bid)) { $bid = intval($add[bid]); } $name = RepPostStr(trim($add[name])); $email = RepPostStr($add[email]); $call = RepPostStr($add[call]); $lytext = RepPostStr($add[lytext]); if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) { printerror("EmptyGbookname", "history.go(-1)", 1); } if (!chemail($email)) { printerror("EmailFail", "history.go(-1)", 1); } //验证码 $keyvname = 'checkgbookkey'; if ($public_r['gbkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } $lasttime = getcvar('lastgbooktime'); if ($lasttime) { if (time() - $lasttime < $public_r['regbooktime']) { printerror("GbOutTime", "", 1); } } //版面是否存在 $br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';"); if (empty($br[bid])) { printerror("EmptyGbook", "history.go(-1)", 1); } //权限 if ($br['groupid']) { $user = islogin(); if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) { printerror("HaveNotEnLevel", "history.go(-1)", 1); } } $lytime = date("Y-m-d H:i:s"); $ip = egetip(); $userid = (int) getcvar('mluserid'); $username = RepPostVar(getcvar('mlusername')); $sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('{$name}','{$email}','{$call}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}');"); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { esetcookie("lastgbooktime", time(), time() + 3600 * 24); //设置最后发表时间 $reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']); printerror("AddGbookSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function DelMsg_all($mid) { global $empire, $dbtbpre; $user = islogin(); $count = count($mid); if (!$count) { printerror("EmptyDelMsg", "", 1); } for ($i = 0; $i < $count; $i++) { $add .= "mid='" . intval($mid[$i]) . "' or "; } $add = substr($add, 0, strlen($add) - 4); $sql = $empire->query("delete from {$dbtbpre}enewsqmsg where (" . $add . ") and to_username='******'username']}'"); if ($sql) { $num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsqmsg where to_username='******'username']}' and haveread=0 limit 1"); if (!$num) { $newhavemsg = eReturnSetHavemsg($user['havemsg'], 0); $newhavemsg = $newhavemsg == 2 || $newhavemsg == 3 ? 2 : 0; $empire->query("update " . eReturnMemberTable() . " set " . egetmf('havemsg') . "='{$newhavemsg}' where " . egetmf('userid') . "='{$user['userid']}'"); } printerror("DelMsgSuccess", "../member/msg/", 1); } else { printerror("DbError", "", 1); } }
public function run(&$params) { // //判断当前访问的url在不在这个数组中,如果在就直接访问 $accessarr = array('Login/login', 'Login/logout'); $requestURL = CONTROLLER_NAME . '/' . ACTION_NAME; if (in_array($requestURL, $accessarr)) { return; } //判断用户是否登录,如果未登录直接重定向到登录页面 if (!islogin()) { $loginService = D('Login', 'Service'); $loginService->autoLogin(); redirect(U('Login/login'), 1, '请登陆!'); exit; } //判断是否是超级管理员 if (isSuperUser()) { return; } //最后在判断是否有访问某个控制器里方法的权限; $arr = userUrl(); $arr = array_column($arr, 'url'); if (!in_array($requestURL, $arr)) { echo "没有该权限"; exit; } }
public function updateUser() { $user_id = session('user_id'); if (!islogin()) { $this->error('您还未登录', U('User/login')); } //显示当前个人信息 $user = M('InfoUser'); $temp = $user->where("user_id = '{$user_id}'")->getField('user_email,user_phone,user_address,user_name'); $userdata = current($temp); $this->assign("userdata", $userdata); if (IS_POST) { $data['user_id'] = session('user_id'); $data['user_phone'] = I('user_phone'); $data['user_address'] = I('user_address'); $data['user_email'] = I('user_email'); $user = new InfoUserModel(); $result = $user->updateUserInfo($data); if ($result) { $this->success("修改成功"); } else { $this->error($user->getError()); } } else { $this->display(); } }
function getProjectList() { if (islogin()) { return getProjectListFromDB($_SESSION['ID']); } else { echo "Please login first!"; } }
public function index() { if (islogin() && $_SESSION["user_level"] == 2) { $this->display(); } else { $this->redirect('Home/User/login'); } }
function birthday_comment() { ?> <div class="mdl-card mdl-shadow--4dp mdl-cell mdl-cell--12-col"> <style> .demo-blog--blogpost .demo-blog__posts > .mdl-card .mdl-card__media { /*background-image: url('images/road_big.jpg');*/ height: 100px; } </style> <div class="mdl-card__media mdl-color-text--grey-50"> <h3><?php echo "Wish your Friend"; ?> </h3> </div> <div class="mdl-color-text--primary-contrast mdl-card__supporting-text comments"> <?php // including the birthday_wish forum if (islogin()) { $comment = $_POST['comment']; if (isset($comment) && !empty($comment)) { $comobj = new birthday(); $comobj->get_comment($uid, $comment); $comobj->check_exist(); $comobj->add_comment(); } } include 'core.php'; include 'birthday_wish.form.php'; // including the comments include 'birthday_wish.func.php'; include 'dbms/dbms_imp.php'; $today = date('Y-m-d'); $resultc = $connection->query("SELECT * FROM `bd_comments` WHERE `date`='{$today}' ORDER BY `bcid` DESC"); if (!$resultc) { echo "Comment loading failed" . mysqli_error($connection) . "<br/> Report it to Developers"; } while ($rows = $resultc->fetch_array()) { $comm = new birthday($rows[0]); birthday_wish($comm); } mysqli_close($connection); ?> </div> </div> <?php }
function MemberConnect_DelBind($id) { global $empire, $dbtbpre, $public_r; $user_r = islogin(); //是否登陆 $id = (int) $id; $sql = $empire->query("delete from {$dbtbpre}enewsmember_connect where id='{$id}' and userid='{$user_r['userid']}';"); if ($sql) { printerror2("已解除绑定", "../memberconnect/ListBind.php"); } else { printerror("DbError", "history.go(-1)", 1); } }
function DoSetSpace($add) { global $empire, $dbtbpre; $user_r = islogin(); //是否登陆 $spacename = RepPostStr($add['spacename']); $spacegg = RepPostStr($add['spacegg']); $sql = $empire->query("update {$dbtbpre}enewsmemberadd set spacename='{$spacename}',spacegg='{$spacegg}' where userid='{$user_r['userid']}' limit 1"); if ($sql) { printerror('SetSpaceSuccess', 'SetSpace.php', 1); } else { printerror('DbError', '', 1); } }
function ShowPayfs($payfsid, $r, $price) { global $empire, $public_r, $dbtbpre, $totalr, $shoppr; $payfsid = (int) $payfsid; $add = $empire->fetch1("select payid,payname,payurl,paysay,userpay,userfen from {$dbtbpre}enewsshoppayfs where payid='{$payfsid}' and isclose=0"); if (empty($add[payid])) { printerror('请选择支付方式', '', 1, 0, 1); } //总金额 $buyallmoney = $totalr['totalmoney'] + $price - $totalr['pretotal']; if ($add[userfen] && $r[fp]) { printerror("FenNotFp", "history.go(-1)", 1); } //发票 if ($r[fp]) { $fptotal = ($totalr['totalmoney'] - $totalr['pretotal']) * ($shoppr[fpnum] / 100); $afp = "+发票费(" . $fptotal . ")"; $buyallmoney += $fptotal; } $buyallfen = $totalr['totalfen'] + $price; $returntotal = "采购总额(" . $totalr['totalmoney'] . ")+配送费(" . $price . ")" . $afp . "-优惠(" . $totalr['pretotal'] . ")=总额(<b>" . $buyallmoney . " 元</b>)"; $mytotal = "结算总金额为:<b><font color=red>" . $buyallmoney . " 元</font></b> 全部"; //是否登陆 if ($add[userfen] || $add[userpay]) { if (!getcvar('mluserid')) { printerror("NotLoginTobuy", "history.go(-1)", 1); } $user = islogin(); //点数购买 if ($add[userfen]) { if ($buyallfen > $user[userfen]) { printerror("NotEnoughFenBuy", "history.go(-1)", 1); } $returntotal = "采购总点数(" . $totalr['totalfen'] . ")+配送点数费(" . $price . ")=总点数(<b>" . $buyallfen . " 点</b>)"; $mytotal = "结算总点数为:<b><font color=red>" . $buyallfen . " 点</font></b> 全部"; } else { if ($buyallmoney > $user[money]) { printerror("NotEnoughMoneyBuy", "history.go(-1)", 1); } } } echo "<table width='100%' border=0 align=center cellpadding=3 cellspacing=1><tr><td>" . $add[payname] . "</td></tr></table>"; $return[0] = $returntotal; $return[1] = $mytotal; return $return; }
public function index() { islogin(); $this->assign('searchurl', U('Search/index')); $model = new \Home\Model\MovieModel(); $account = M('account'); $user_id = getUserId(); //var_dump($user_id); $join = ['left join schedule on schedule.schedule_id=account.schedule_id', 'left join movie on movie.movie_id=schedule.movie_id']; $userinfo = $model->select('user', 'user_id=' . $user_id); $where = 'account.user_id=' . $user_id; $filed = 'account_id,user_id,buy_time,schedule.schedule_id,name,schedule.movie_id,date,price'; $records = $account->join($join)->where($where)->field($filed)->select(); //var_dump($userinfo); $this->assign('records', $records); $this->assign('userinfo', $userinfo[0]); $this->display(); }
function EditInfo($post) { global $empire, $dbtbpre, $public_r; $user_r = islogin(); //是否登陆 $userid = $user_r[userid]; $username = $user_r[username]; $dousername = $username; $rnd = $user_r[rnd]; $groupid = $user_r[groupid]; if (!$userid || !$username) { printerror("NotEmpty", "history.go(-1)", 1); } //验证附加表必填项 $addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'"); $user_r = $empire->fetch1("select " . eReturnSelectMemberF('groupid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}'"); $fid = GetMemberFormId($user_r['groupid']); if (empty($addr[userid])) { $mr['add_filepass'] = $userid; $member_r = ReturnDoMemberF($fid, $post, $mr, 0, $dousername); } else { $addr['add_filepass'] = $userid; $member_r = ReturnDoMemberF($fid, $post, $addr, 1, $dousername); } //附加表 if (empty($addr[userid])) { //IP $regip = egetip(); $regipport = egetipport(); $lasttime = time(); $sql = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$regip}','{$lasttime}','{$regip}',1,'{$regipport}','{$regipport}'" . $member_r[1] . ");"); } else { $sql = $empire->query("update {$dbtbpre}enewsmemberadd set userid='{$userid}'" . $member_r[0] . " where userid='{$userid}'"); } //更新附件 UpdateTheFileEditOther(6, $userid, 'member'); if ($sql) { printerror("EditInfoSuccess", "../member/EditInfo/", 1); } else { printerror("DbError", "history.go(-1)", 1); } }
public function index() { islogin(); $id = I('get.schedule_id'); $allcss = ['ticket']; $model = new \Home\Model\MovieModel(); $join = [' movie on movie.movie_id=schedule.movie_id ']; $seat = $model->select('account', ' schedule_id=' . $id); $movieInfo = $model->select('schedule', ' schedule_id=' . $id, '', $join); //var_dump($movieInfo); //var_dump($seat); $this->assign('movieInfo', $movieInfo[0]); $this->assign('schedule_id', $id); $this->assign('seat', $seat); $this->assign('movieurl', U('Movie/index')); $this->assign('searchurl', U('Search/index')); $this->assign('allcss', $allcss); $this->assign('buy', U('buy')); $this->assign('user', U('user/index')); $this->display(); }
function DelMemberGbook_All($add) { global $empire, $dbtbpre; $user_r = islogin(); //ÊÇ·ñµÇ½ $gid = $add['gid']; $count = count($gid); if (empty($count)) { printerror("NotDelMemberGbookid", "history.go(-1)", 1); } for ($i = 0; $i < $count; $i++) { $addsql .= "gid='" . intval($gid[$i]) . "' or "; } $addsql = substr($addsql, 0, strlen($addsql) - 4); $sql = $empire->query("delete from {$dbtbpre}enewsmembergbook where (" . $addsql . ") and userid='{$user_r['userid']}'"); if ($sql) { printerror("DelMemberGbookSuccess", $_SERVER['HTTP_REFERER'], 1); } else { printerror("DbError", "history.go(-1)", 1); } }
} } } return FALSE; } if ($_POST['login'] && $_POST['passwd'] && $_POST['submit']) { $login = $_POST['login']; $passwd = $_POST['passwd']; $submit = $_POST['submit']; if ($submit === "OK") { if (!file_exists("../private/passwd")) { mkdir("../private", 0755); $chain = $chain . serialize("{") . serialize("login") . serialize($login) . serialize("passwd") . serialize(hash("whirlpool", $passwd)) . serialize("}") . "\n"; file_put_contents("../private/passwd", $chain); } else { $chain = file_get_contents("../private/passwd"); if (!islogin($login, $chain)) { $chain = $chain . serialize("{") . serialize("login") . serialize($login) . serialize("passwd") . serialize(hash("whirlpool", $passwd)) . serialize("}"); file_put_contents("../private/passwd", $chain . "\n"); } else { echo "ERROR" . "\n"; exit; } } echo $submit . "\n"; } else { echo "ERROR" . "\n"; } } else { echo "ERROR" . "\n"; }
<?php // including the header of the document require 'header.php'; // including the blog layout ?> <div> <div class="demo-blog demo-blog--blogpost mdl-layout mdl-js-layout has-drawer is-upgraded"> <main class="mdl-layout__content"> <!--<div class="demo-back"> <a class="mdl-button mdl-js-button mdl-js-ripple-effect mdl-button--icon" href="index.html" title="go back" role="button"> <i class="material-icons" role="presentation">arrow_back</i> </a> </div>--> <div class="demo-blog__posts mdl-grid"> <?php if (islogin()) { include 'display/functions/amazing.func.php'; amazing($heading = 'Already loged in', $content = 'It seems You are already loged in.<br/>No need to login Again. :)', $link = '#'); } else { //login forum include 'display/functions/login.func.php'; login($message = ''); } ?> <!--navigation panel for large database--> </div> <?php require 'footer.php'; ?> </main> <!--<div class="mdl-layout__obfuscator"></div>-->
function loginout1($userid, $username, $rnd) { global $empire, $public_r, $equiturl; //是否登陆 $user_r = islogin(); if ($equiturl) { Header("Location:{$equiturl}"); exit; } EmptyEcmsCookie(); $dopr = 1; if ($_GET['prtype']) { $dopr = 9; } $gotourl = "../../"; if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) { $gotourl = $public_r['newsurl'] . "e/member/iframe/"; } $gotourl = DoingReturnUrl($gotourl, $_GET['ecmsfrom']); printerror("ExitSuccess", $gotourl, $dopr); }
<?php require "../lib/lib_teamcalendar.php"; if (!islogin()) { header("Location: ../index.php"); } $pdo = pdoconnect(); $stmt = $pdo->prepare("DELETE FROM `request` WHERE `requestid` = :requestid"); $stmt->bindParam(':requestid', $_REQUEST['requestid']); $stmt->execute();
<?php require 'class/connect.php'; require 'class/db_sql.php'; require 'class/functions.php'; require LoadLang('f.php'); $phome = $_GET['phome']; if (empty($phome)) { $phome = $_POST['phome']; } //怫 if ($phome == "login" || $phome == "ChangeLanguage") { } else { $lur = islogin(); $loginin = $lur['username']; $rnd = $lur['rnd']; } if ($phome == "SetDb" || $phome == "DoRep" || $phome == "DoOpi" || $phome == "DoDrop" || $phome == "DropDb" || $phome == "CreateDb" || $phome == "EmptyTable" || $phome == "DoSave" || $phome == "DoDelSave" || $phome == "DelBakpath" || $phome == "DelZip" || $phome == "DoExecSql" || $phome == "DoTranExecSql" || $phome == "RepPathFiletext" || $phome == 'ReplaceTable') { include "class/combakfun.php"; } if ($phome == "SetDb" || $phome == "login" || $phome == "exit" || $phome == "ChangeLanguage") { } else { $link = db_connect(); $empire = new mysqlquery(); } if ($phome == "SetDb") { Ebak_SetDb($_POST); } elseif ($phome == "DoRep") { $tablename = $_POST['tablename']; $mydbname = $_POST['mydbname']; Ebak_Rep($tablename, $mydbname);
function ShopDdToPay($ddid) { global $empire, $dbtbpre; $ddid = (int) $ddid; if (!$ddid) { printerror("NotShopDdId", "history.go(-1)", 1); } //是否登陆 $user_r = islogin(); $r = $empire->fetch1("select ddid,payfsid,haveprice from {$dbtbpre}enewsshopdd where ddid='{$ddid}' and userid='{$user_r['userid']}' limit 1"); if (!$r['ddid']) { printerror("NotShopDdId", "history.go(-1)", 1); } if ($r['haveprice']) { printerror("ShopDdIdHavePrice", "history.go(-1)", 1); } if (empty($r['payfsid'])) { printerror("NotPayfsid", "history.go(-1)", 1); } //支付方式 $payr = $empire->fetch1("select payid,payurl from {$dbtbpre}enewsshoppayfs where payid='{$r['payfsid']}'"); if (!$payr['payid'] || !$payr['payurl']) { printerror("NotPayfsid", "history.go(-1)", 1); } $location = $payr['payurl']; esetcookie("paymoneyddid", $ddid, 0); Header("Refresh:0; URL={$location}"); }
function register() { $fname = "Firstname"; $sname = "Surname"; $username = "******"; $emailid = "Email id"; include 'core.inc.php'; if (islogin() == 0) { if (isset($_POST['firstname']) && isset($_POST['surname']) && isset($_POST['password']) && isset($_POST['password_again']) && isset($_POST['emailid'])) { $fname = $_POST['firstname']; $sname = $_POST['surname']; $passw = $_POST['password']; $passw_again = $_POST['password_again']; $emailid = $_POST['emailid']; $acess = 0; if (!empty($fname) && !empty($sname) && !empty($passw) && !empty($passw_again) && !empty($emailid)) { include_once '/functions/passwordcheck.function.php'; $acess = passwordcheck($passw, $passw_again); if ($debug && $register_check) { echo $fname . '.<br/>' . $sname . '.<br/>' . $passw . '<br/>' . $emailid . '.<br/>'; } if ($acess) { //neutralizing the data $fname1 = htmlentities($fname); $sname1 = htmlentities($sname); $emailid1 = $emailid; $add_acess = 0; //checking for email id already exist or not include '/functions/read_db.function.php'; $email_exist = read_db('$emailid', 'email', 'user'); if ($email_exist) { $add_acess = 1; } else { $add_acess = 0; } //writing data to database if ($add_acess == 1) { include '/dbms/dbms_imp.php'; $insert_query = "INSERT INTO `user` (`uid`, `fname`, `lname`, `email`, `password`) \r\n\t\t\t\t\t\t\t\t\t\tVALUES ('','{$fname1}','{$sname1}','{$emailid}','{$passw}')"; // add to database $mysql_query_run = $connection->query($insert_query); if (!$mysql_query_run) { // error occurs echo "<br>Error writing data" . @mysqli_error($connection); } else { echo "Thank You for joining us</br></br> To Continue Please <a href=\"login.php\">login</a>.</br></br>"; //sucess in adding the data. } //die(); //to kill rest of page } elseif ($add_acess == 0) { include '/forums/register.forum.php'; } else { echo "<br>Some internal problem has occurred please report it.<br/>\r\n\t\t\t\t\t\tyou found reporting under contact us page<br>Thanks for your corporation."; } } else { include '/forums/register.forum.php'; } } else { echo "Some error has occur.<br/> Please check the Information provided by you.<br/>\r\n\t\t\t\t\tMight be you have left out something<br/>"; include '/forums/register.forum.php'; } } else { echo "All fields are necessary <br/><br/>"; include '/forums/register.forum.php'; } } else { if (islogin() == 1) { echo "<br/> You'r already registered and loggedin"; } } }
} if ($a == 2) { file_put_contents("../private/passwd", $ch2); return TRUE; } return FALSE; } if ($_POST['login'] && $_POST['newpw'] && $_POST['oldpw'] && $_POST['submit']) { $login = $_POST['login']; $passwd = $_POST['newpw']; $oldpwd = $_POST['oldpw']; $submit = $_POST['submit']; if ($submit === "OK") { if (!file_exists("../private/passwd")) { echo "ERROR\n"; exit; } else { $chain = file_get_contents("../private/passwd"); if (islogin($login, $chain) && chpasswd($login, $oldpwd, $passwd, $chain)) { echo $submit . "\n"; } else { echo "ERROR\n"; exit; } } } else { echo "ERROR" . "\n"; } } else { echo "ERROR" . "\n"; }
<?php require "../../../class/connect.php"; require "../../../class/q_functions.php"; require "../../../class/db_sql.php"; require "../../../class/user.php"; $link = db_connect(); $empire = new mysqlquery(); $editor = 2; $user = islogin(); $mid = (int) $_GET['mid']; $out = $_GET['out']; if (empty($mid)) { printerror("HaveNotMsg", "", 1); } $r = $empire->fetch1("select mid,title,msgtext,from_userid,from_username,msgtime,haveread,issys from {$dbtbpre}enewsqmsg where mid={$mid} and to_username='******'username']}' limit 1"); if (empty($r[mid])) { printerror("HaveNotMsg", "", 1); } if ($r['issys']) { $r[from_username] = "<b>系统信息</b>"; } if (!$r['haveread']) { $usql = $empire->query("update {$user_tablename} set " . $user_havemsg . "=0 where " . $user_userid . "='{$user['userid']}'"); $usql = $empire->query("update {$dbtbpre}enewsqmsg set haveread=1 where mid={$mid}"); } //导入模板 require ECMS_PATH . 'e/template/member/ViewMsg.php'; db_close(); $empire = null;
function AddFeedback($add) { global $empire, $dbtbpre, $level_r, $public_r; CheckCanPostUrl(); //验证来源 if ($add['bid']) { $bid = (int) $add['bid']; } else { $bid = (int) getcvar('feedbackbid'); } if (empty($bid)) { printerror("EmptyFeedbackname", "history.go(-1)", 1); } //验证码 $keyvname = 'checkfeedbackkey'; if ($public_r['fbkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } //版面是否存在 $br = $empire->fetch1("select bid,enter,mustenter,filef,groupid,checkboxf from {$dbtbpre}enewsfeedbackclass where bid='{$bid}';"); if (empty($br['bid'])) { printerror("EmptyFeedback", "history.go(-1)", 1); } //权限 if ($br['groupid']) { $user = islogin(); if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) { printerror("HaveNotEnLevel", "history.go(-1)", 1); } } $pr = $empire->fetch1("select feedbacktfile,feedbackfilesize,feedbackfiletype from {$dbtbpre}enewspublic limit 1"); //必填项 $mustr = explode(",", $br['mustenter']); $count = count($mustr); for ($i = 1; $i < $count - 1; $i++) { $mf = $mustr[$i]; if (strstr($br['filef'], "," . $mf . ",")) { if (!$pr['feedbacktfile']) { printerror("NotOpenFBFile", "", 1); } if (!$_FILES[$mf]['name']) { printerror("EmptyFeedbackname", "", 1); } } else { $chmustval = ReturnFBCheckboxAddF($add[$mf], $mf, $br['checkboxf']); if (!trim($chmustval)) { printerror("EmptyFeedbackname", "", 1); } } } $saytime = date("Y-m-d H:i:s"); //字段处理 $dh = ""; $tranf = ""; $record = "<!--record-->"; $field = "<!--field--->"; $er = explode($record, $br['enter']); $count = count($er); for ($i = 0; $i < $count - 1; $i++) { $er1 = explode($field, $er[$i]); $f = $er1[1]; //附件 $add[$f] = str_replace('[!#@-', 'ecms', $add[$f]); if (strstr($br['filef'], "," . $f . ",")) { if ($_FILES[$f]['name']) { if (!$pr['feedbacktfile']) { printerror("NotOpenFBFile", "", 1); } $filetype = GetFiletype($_FILES[$f]['name']); //取得文件类型 if (CheckSaveTranFiletype($filetype)) { printerror("NotQTranFiletype", "", 1); } if (!strstr($pr['feedbackfiletype'], "|" . $filetype . "|")) { printerror("NotQTranFiletype", "", 1); } if ($_FILES[$f]['size'] > $pr['feedbackfilesize'] * 1024) { printerror("TooBigQTranFile", "", 1); } $tranf .= $dh . $f; $dh = ","; $fval = "[!#@-" . $f . "-@!]"; } else { $fval = ""; } } else { $add[$f] = ReturnFBCheckboxAddF($add[$f], $f, $br['checkboxf']); $fval = $add[$f]; } $addf .= ",`" . $f . "`"; $addval .= ",'" . addslashes(RepPostStr($fval)) . "'"; } $type = 0; $classid = 0; $filename = ''; $filepath = ''; $userid = (int) getcvar('mluserid'); $username = RepPostVar(getcvar('mlusername')); $filepass = ReturnTranFilepass(); //上传附件 if ($tranf) { $dh = ""; $tranr = explode(",", $tranf); $count = count($tranr); for ($i = 0; $i < $count; $i++) { $tf = $tranr[$i]; $tfr = DoTranFile($_FILES[$tf]['tmp_name'], $_FILES[$tf]['name'], $_FILES[$tf]['type'], $_FILES[$tf]['size'], $classid); if ($tfr['tran']) { $filepath = $tfr[filepath]; //写入数据库 $filetime = $saytime; $filesize = (int) $_FILES[$tf]['size']; eInsertFileTable($tfr[filename], $filesize, $tfr[filepath], '[Member]' . $username, $classid, '[FB]' . addslashes(RepPostStr($add[title])), $type, $filepass, $filepass, $public_r[fpath], 0, 4, 0); $repfval = ($tfr[filepath] ? $tfr[filepath] . '/' : '') . $tfr[filename]; $filename .= $dh . $tfr[filename]; $dh = ","; } else { $repfval = ""; } $addval = str_replace("[!#@-" . $tf . "-@!]", $repfval, $addval); } } $ip = egetip(); $eipport = egetipport(); $sql = $empire->query("insert into {$dbtbpre}enewsfeedback(bid,saytime,ip,filepath,filename,userid,username,haveread,eipport" . $addf . ") values('{$bid}','{$saytime}','{$ip}','{$filepath}','{$filename}','{$userid}','{$username}',0,'{$eipport}'" . $addval . ");"); $fid = $empire->lastid(); //更新附件 UpdateTheFileOther(4, $fid, $filepass, 'other'); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { $reurl = DoingReturnUrl("../tool/feedback/?bid={$bid}", $add['ecmsfrom']); printerror("AddFeedbackSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
<?php require "class/connect.php"; include "class/config.php"; include "class/db_sql.php"; include "class/functions.php"; $loginin = getcvar('bakusername'); $rnd = getcvar('bakrnd'); islogin($loginin, $rnd); $link = db_connect(); $empire = new mysqlquery(); $mydbname = RepPostVar($_GET['mydbname']); if (empty($mydbname)) { printerror("NotChangeDb", "history.go(-1)"); } //选择数据库 $udb = $empire->query("use `" . $mydbname . "`"); //存放目录 $mypath = $mydbname . "_" . date("YmdHis"); if ($phpsafemod) { $mypath = "safemod"; } //导入设置 $loadfile = RepPostVar($_GET['savefilename']); if (strstr($loadfile, '.') || strstr($loadfile, '/') || strstr($loadfile, "\\")) { $loadfile = ''; } if (empty($loadfile)) { $loadfile = 'def'; } $loadfile = 'setsave/' . $loadfile;
<html> <head> <meta charset="UTF-8"> <title>Self-Advisor: Registration Complete</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css"> <link rel="stylesheet" type="text/css" href="css/stylesheet.css" /> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script> <script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script> <script type="text/JavaScript" src="js/sha512.js"></script> <script type="text/JavaScript" src="js/forms.js"></script> </head> <body> <?php if (islogin($mysqli) == true) { ?> <div class="container"> <nav class="navbar navbar-default"> <div class="container-fluid"> <div class="navbar-header"> <a class="navbar-brand" href="index.php"> <img src="templates/logo2.png" height="33"width="124"></a> </div> </div> </nav> </div> <div class="container"> <div class = "col-sm-3"></div> <div class ="col-sm-6"> <h1>Registration successful!</h1>
<?php require "../../lib/lib_teamcalendar.php"; if (!islogin() || !isset($_GET['id']) || !isjoined($_GET['id']) || getlevel($_GET['id']) != 1) { header('Location: ../../index.php'); } $pdo = pdoconnect(); ?> <img id="loadimg" src="calendar/ajax-loader.gif" alt="Loading.." class="hide"/> <button onclick="prev();" class="btn btn-info btn-xs">돌아가기</button> <h2>멤버</h2> <table class="table table-sm"> <tr> <th>이름</th> <th></th> </tr> <?php $stmt = $pdo->prepare("SELECT `user`.`name`,`user`.`userid` FROM `joined` LEFT JOIN `user` ON `joined`.`userid`=`user`.`userid` WHERE `joined`.`groupid`=:groupid AND `joined`.`level`=0"); $stmt->bindParam(':groupid', $_GET['id']); $stmt->execute(); $data = $stmt->fetchAll(PDO::FETCH_ASSOC); for ($i = 0; $i < count($data); $i++) { echo "<tr><td>{$data[$i]['name']}</td><td><button onclick=\"member_out({$data[$i]['userid']});\" class=\"btn btn-info btn-xs\">추방</button></td></tr>"; } ?> </table> <h2>가입 신청</h2> <table class="table table-sm"> <tr> <th>이름</th> <th></th>
} if (islogin() == 0) { if ($current_file == "/resolution/index.php") { ?> <li class="current_page_item"><a href="index.php" accesskey="1" title="">Home</a></li> <li><a href="login.php" accesskey="2" title="">Login</a></li> <?php } elseif ($current_file == "/resolution/login.php") { ?> <li ><a href="index.php" accesskey="1" title="">Home</a></li> <li class="current_page_item"><a href="login.php" accesskey="2" title="">Login</a></li> <?php } } elseif (islogin() == 1) { if ($current_file == "/resolution/index.php") { ?> <li class="current_page_item"><a href="index.php" accesskey="1" title=""><?php echo "{$fname}"; ?> </a></li> <li><a href="logout.php" accesskey="2" title="">Logout</a></li> <?php } } ?> </ul> </div>
<?php include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; if (islogin($mysqli) == false) { header('Location: ./index.php'); } if (isset($_POST['clear'])) { $studentid = $_SESSION['user_id']; $mystmt = $mysqli->prepare("UPDATE progress SET taken= 0 WHERE studentid= ?"); $mystmt->bind_param('i', $studentid); $mystmt->execute(); $mystmt = $mysqli->prepare("UPDATE studentrecord SET completedhours = 0 WHERE id= ?"); $mystmt->bind_param('i', $studentid); $mystmt->execute(); header("Refresh:0"); } if (isset($_POST['degreeplan'])) { if ($_POST['degreeplan'] != "Select Degree Plan") { $studentid = htmlentities($_SESSION['user_id']); $_SESSION['program'] = $_POST['degreeplan']; //UPDATE STUDENT RECORD $zero = 0; $sql = "INSERT INTO studentrecord\n VALUES (" . $studentid . ",'" . $_POST['degreeplan'] . "'," . $zero . ")\n ON DUPLICATE KEY UPDATE program ='" . $_POST['degreeplan'] . "'"; $mydata = mysqli_query($mysqli, $sql); //DELETE OLD DEGREE PLAN $sql = "DELETE FROM progress WHERE studentid = " . $studentid; $mydata = mysqli_query($mysqli, $sql); //INSERT NEW DEGREE PLAN $sql = "SELECT * FROM program,inprogram,courses\n WHERE program.id = inprogram.programid\n && inprogram.courseid = courses.id\n && program.name = '" . $_POST['degreeplan'] . "'"; $mydata = mysqli_query($mysqli, $sql);
public function enable($id) { if (islogin()) { if ($this->Mdl_admin->enable($id)) { setInformUser('success', 'user successfully enabled '); redirect(base_url('admin/getUsers')); } else { setInformUser('error', 'Some error Occurred '); redirect(base_url('admin/getUsers')); } } else { redirect(base_url('users')); } }