function AddGbook($add)
{
global $empire, $dbtbpre, $level_r, $public_r;
//验证IP
eCheckAccessDoIp('gbook');
CheckCanPostUrl();
//验证来源
$bid = (int) getcvar('gbookbid');
if (empty($bid)) {
$bid = intval($add[bid]);
}
$name = RepPostStr(trim($add[name]));
$email = RepPostStr($add[email]);
$call = RepPostStr($add[call]);
$lytext = RepPostStr($add[lytext]);
if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) {
printerror("EmptyGbookname", "history.go(-1)", 1);
}
if (!chemail($email)) {
printerror("EmailFail", "history.go(-1)", 1);
}
//验证码
$keyvname = 'checkgbookkey';
if ($public_r['gbkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
$lasttime = getcvar('lastgbooktime');
if ($lasttime) {
if (time() - $lasttime < $public_r['regbooktime']) {
printerror("GbOutTime", "", 1);
}
}
//版面是否存在
$br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';");
if (empty($br[bid])) {
printerror("EmptyGbook", "history.go(-1)", 1);
}
//权限
if ($br['groupid']) {
$user = islogin();
if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
printerror("HaveNotEnLevel", "history.go(-1)", 1);
}
}
$lytime = date("Y-m-d H:i:s");
$ip = egetip();
$userid = (int) getcvar('mluserid');
$username = RepPostVar(getcvar('mlusername'));
$sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('{$name}','{$email}','{$call}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
esetcookie("lastgbooktime", time(), time() + 3600 * 24);
//设置最后发表时间
$reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']);
printerror("AddGbookSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function DelMsg_all($mid)
{
global $empire, $dbtbpre;
$user = islogin();
$count = count($mid);
if (!$count) {
printerror("EmptyDelMsg", "", 1);
}
for ($i = 0; $i < $count; $i++) {
$add .= "mid='" . intval($mid[$i]) . "' or ";
}
$add = substr($add, 0, strlen($add) - 4);
$sql = $empire->query("delete from {$dbtbpre}enewsqmsg where (" . $add . ") and to_username='******'username']}'");
if ($sql) {
$num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsqmsg where to_username='******'username']}' and haveread=0 limit 1");
if (!$num) {
$newhavemsg = eReturnSetHavemsg($user['havemsg'], 0);
$newhavemsg = $newhavemsg == 2 || $newhavemsg == 3 ? 2 : 0;
$empire->query("update " . eReturnMemberTable() . " set " . egetmf('havemsg') . "='{$newhavemsg}' where " . egetmf('userid') . "='{$user['userid']}'");
}
printerror("DelMsgSuccess", "../member/msg/", 1);
} else {
printerror("DbError", "", 1);
}
}
public function run(&$params)
{
//
//判断当前访问的url在不在这个数组中,如果在就直接访问
$accessarr = array('Login/login', 'Login/logout');
$requestURL = CONTROLLER_NAME . '/' . ACTION_NAME;
if (in_array($requestURL, $accessarr)) {
return;
}
//判断用户是否登录,如果未登录直接重定向到登录页面
if (!islogin()) {
$loginService = D('Login', 'Service');
$loginService->autoLogin();
redirect(U('Login/login'), 1, '请登陆!');
exit;
}
//判断是否是超级管理员
if (isSuperUser()) {
return;
}
//最后在判断是否有访问某个控制器里方法的权限;
$arr = userUrl();
$arr = array_column($arr, 'url');
if (!in_array($requestURL, $arr)) {
echo "没有该权限";
exit;
}
}
public function updateUser()
{
$user_id = session('user_id');
if (!islogin()) {
$this->error('您还未登录', U('User/login'));
}
//显示当前个人信息
$user = M('InfoUser');
$temp = $user->where("user_id = '{$user_id}'")->getField('user_email,user_phone,user_address,user_name');
$userdata = current($temp);
$this->assign("userdata", $userdata);
if (IS_POST) {
$data['user_id'] = session('user_id');
$data['user_phone'] = I('user_phone');
$data['user_address'] = I('user_address');
$data['user_email'] = I('user_email');
$user = new InfoUserModel();
$result = $user->updateUserInfo($data);
if ($result) {
$this->success("修改成功");
} else {
$this->error($user->getError());
}
} else {
$this->display();
}
}
function getProjectList()
{
if (islogin()) {
return getProjectListFromDB($_SESSION['ID']);
} else {
echo "Please login first!";
}
}
public function index()
{
if (islogin() && $_SESSION["user_level"] == 2) {
$this->display();
} else {
$this->redirect('Home/User/login');
}
}
function birthday_comment()
{
?>
<div class="mdl-card mdl-shadow--4dp mdl-cell mdl-cell--12-col">
<style>
.demo-blog--blogpost .demo-blog__posts > .mdl-card .mdl-card__media
{
/*background-image: url('images/road_big.jpg');*/
height: 100px;
}
</style>
<div class="mdl-card__media mdl-color-text--grey-50">
<h3><?php
echo "Wish your Friend";
?>
</h3>
</div>
<div class="mdl-color-text--primary-contrast mdl-card__supporting-text comments">
<?php
// including the birthday_wish forum
if (islogin()) {
$comment = $_POST['comment'];
if (isset($comment) && !empty($comment)) {
$comobj = new birthday();
$comobj->get_comment($uid, $comment);
$comobj->check_exist();
$comobj->add_comment();
}
}
include 'core.php';
include 'birthday_wish.form.php';
// including the comments
include 'birthday_wish.func.php';
include 'dbms/dbms_imp.php';
$today = date('Y-m-d');
$resultc = $connection->query("SELECT * FROM `bd_comments` WHERE `date`='{$today}' ORDER BY `bcid` DESC");
if (!$resultc) {
echo "Comment loading failed" . mysqli_error($connection) . "<br/> Report it to Developers";
}
while ($rows = $resultc->fetch_array()) {
$comm = new birthday($rows[0]);
birthday_wish($comm);
}
mysqli_close($connection);
?>
</div>
</div>
<?php
}
function MemberConnect_DelBind($id)
{
global $empire, $dbtbpre, $public_r;
$user_r = islogin();
//是否登陆
$id = (int) $id;
$sql = $empire->query("delete from {$dbtbpre}enewsmember_connect where id='{$id}' and userid='{$user_r['userid']}';");
if ($sql) {
printerror2("已解除绑定", "../memberconnect/ListBind.php");
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function DoSetSpace($add)
{
global $empire, $dbtbpre;
$user_r = islogin();
//是否登陆
$spacename = RepPostStr($add['spacename']);
$spacegg = RepPostStr($add['spacegg']);
$sql = $empire->query("update {$dbtbpre}enewsmemberadd set spacename='{$spacename}',spacegg='{$spacegg}' where userid='{$user_r['userid']}' limit 1");
if ($sql) {
printerror('SetSpaceSuccess', 'SetSpace.php', 1);
} else {
printerror('DbError', '', 1);
}
}
function ShowPayfs($payfsid, $r, $price)
{
global $empire, $public_r, $dbtbpre, $totalr, $shoppr;
$payfsid = (int) $payfsid;
$add = $empire->fetch1("select payid,payname,payurl,paysay,userpay,userfen from {$dbtbpre}enewsshoppayfs where payid='{$payfsid}' and isclose=0");
if (empty($add[payid])) {
printerror('请选择支付方式', '', 1, 0, 1);
}
//总金额
$buyallmoney = $totalr['totalmoney'] + $price - $totalr['pretotal'];
if ($add[userfen] && $r[fp]) {
printerror("FenNotFp", "history.go(-1)", 1);
}
//发票
if ($r[fp]) {
$fptotal = ($totalr['totalmoney'] - $totalr['pretotal']) * ($shoppr[fpnum] / 100);
$afp = "+发票费(" . $fptotal . ")";
$buyallmoney += $fptotal;
}
$buyallfen = $totalr['totalfen'] + $price;
$returntotal = "采购总额(" . $totalr['totalmoney'] . ")+配送费(" . $price . ")" . $afp . "-优惠(" . $totalr['pretotal'] . ")=总额(<b>" . $buyallmoney . " 元</b>)";
$mytotal = "结算总金额为:<b><font color=red>" . $buyallmoney . " 元</font></b> 全部";
//是否登陆
if ($add[userfen] || $add[userpay]) {
if (!getcvar('mluserid')) {
printerror("NotLoginTobuy", "history.go(-1)", 1);
}
$user = islogin();
//点数购买
if ($add[userfen]) {
if ($buyallfen > $user[userfen]) {
printerror("NotEnoughFenBuy", "history.go(-1)", 1);
}
$returntotal = "采购总点数(" . $totalr['totalfen'] . ")+配送点数费(" . $price . ")=总点数(<b>" . $buyallfen . " 点</b>)";
$mytotal = "结算总点数为:<b><font color=red>" . $buyallfen . " 点</font></b> 全部";
} else {
if ($buyallmoney > $user[money]) {
printerror("NotEnoughMoneyBuy", "history.go(-1)", 1);
}
}
}
echo "<table width='100%' border=0 align=center cellpadding=3 cellspacing=1><tr><td>" . $add[payname] . "</td></tr></table>";
$return[0] = $returntotal;
$return[1] = $mytotal;
return $return;
}
public function index()
{
islogin();
$this->assign('searchurl', U('Search/index'));
$model = new \Home\Model\MovieModel();
$account = M('account');
$user_id = getUserId();
//var_dump($user_id);
$join = ['left join schedule on schedule.schedule_id=account.schedule_id', 'left join movie on movie.movie_id=schedule.movie_id'];
$userinfo = $model->select('user', 'user_id=' . $user_id);
$where = 'account.user_id=' . $user_id;
$filed = 'account_id,user_id,buy_time,schedule.schedule_id,name,schedule.movie_id,date,price';
$records = $account->join($join)->where($where)->field($filed)->select();
//var_dump($userinfo);
$this->assign('records', $records);
$this->assign('userinfo', $userinfo[0]);
$this->display();
}
function EditInfo($post)
{
global $empire, $dbtbpre, $public_r;
$user_r = islogin();
//是否登陆
$userid = $user_r[userid];
$username = $user_r[username];
$dousername = $username;
$rnd = $user_r[rnd];
$groupid = $user_r[groupid];
if (!$userid || !$username) {
printerror("NotEmpty", "history.go(-1)", 1);
}
//验证附加表必填项
$addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'");
$user_r = $empire->fetch1("select " . eReturnSelectMemberF('groupid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}'");
$fid = GetMemberFormId($user_r['groupid']);
if (empty($addr[userid])) {
$mr['add_filepass'] = $userid;
$member_r = ReturnDoMemberF($fid, $post, $mr, 0, $dousername);
} else {
$addr['add_filepass'] = $userid;
$member_r = ReturnDoMemberF($fid, $post, $addr, 1, $dousername);
}
//附加表
if (empty($addr[userid])) {
//IP
$regip = egetip();
$regipport = egetipport();
$lasttime = time();
$sql = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$regip}','{$lasttime}','{$regip}',1,'{$regipport}','{$regipport}'" . $member_r[1] . ");");
} else {
$sql = $empire->query("update {$dbtbpre}enewsmemberadd set userid='{$userid}'" . $member_r[0] . " where userid='{$userid}'");
}
//更新附件
UpdateTheFileEditOther(6, $userid, 'member');
if ($sql) {
printerror("EditInfoSuccess", "../member/EditInfo/", 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
public function index()
{
islogin();
$id = I('get.schedule_id');
$allcss = ['ticket'];
$model = new \Home\Model\MovieModel();
$join = [' movie on movie.movie_id=schedule.movie_id '];
$seat = $model->select('account', ' schedule_id=' . $id);
$movieInfo = $model->select('schedule', ' schedule_id=' . $id, '', $join);
//var_dump($movieInfo);
//var_dump($seat);
$this->assign('movieInfo', $movieInfo[0]);
$this->assign('schedule_id', $id);
$this->assign('seat', $seat);
$this->assign('movieurl', U('Movie/index'));
$this->assign('searchurl', U('Search/index'));
$this->assign('allcss', $allcss);
$this->assign('buy', U('buy'));
$this->assign('user', U('user/index'));
$this->display();
}
function DelMemberGbook_All($add)
{
global $empire, $dbtbpre;
$user_r = islogin();
//ÊÇ·ñµÇ½
$gid = $add['gid'];
$count = count($gid);
if (empty($count)) {
printerror("NotDelMemberGbookid", "history.go(-1)", 1);
}
for ($i = 0; $i < $count; $i++) {
$addsql .= "gid='" . intval($gid[$i]) . "' or ";
}
$addsql = substr($addsql, 0, strlen($addsql) - 4);
$sql = $empire->query("delete from {$dbtbpre}enewsmembergbook where (" . $addsql . ") and userid='{$user_r['userid']}'");
if ($sql) {
printerror("DelMemberGbookSuccess", $_SERVER['HTTP_REFERER'], 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
}
}
}
return FALSE;
}
if ($_POST['login'] && $_POST['passwd'] && $_POST['submit']) {
$login = $_POST['login'];
$passwd = $_POST['passwd'];
$submit = $_POST['submit'];
if ($submit === "OK") {
if (!file_exists("../private/passwd")) {
mkdir("../private", 0755);
$chain = $chain . serialize("{") . serialize("login") . serialize($login) . serialize("passwd") . serialize(hash("whirlpool", $passwd)) . serialize("}") . "\n";
file_put_contents("../private/passwd", $chain);
} else {
$chain = file_get_contents("../private/passwd");
if (!islogin($login, $chain)) {
$chain = $chain . serialize("{") . serialize("login") . serialize($login) . serialize("passwd") . serialize(hash("whirlpool", $passwd)) . serialize("}");
file_put_contents("../private/passwd", $chain . "\n");
} else {
echo "ERROR" . "\n";
exit;
}
}
echo $submit . "\n";
} else {
echo "ERROR" . "\n";
}
} else {
echo "ERROR" . "\n";
}
<?php
// including the header of the document
require 'header.php';
// including the blog layout
?>
<div>
<div class="demo-blog demo-blog--blogpost mdl-layout mdl-js-layout has-drawer is-upgraded">
<main class="mdl-layout__content">
<!--<div class="demo-back">
<a class="mdl-button mdl-js-button mdl-js-ripple-effect mdl-button--icon" href="index.html" title="go back" role="button">
<i class="material-icons" role="presentation">arrow_back</i>
</a>
</div>-->
<div class="demo-blog__posts mdl-grid">
<?php
if (islogin()) {
include 'display/functions/amazing.func.php';
amazing($heading = 'Already loged in', $content = 'It seems You are already loged in.<br/>No need to login Again. :)', $link = '#');
} else {
//login forum
include 'display/functions/login.func.php';
login($message = '');
}
?>
<!--navigation panel for large database-->
</div>
<?php
require 'footer.php';
?>
</main>
<!--<div class="mdl-layout__obfuscator"></div>-->
function loginout1($userid, $username, $rnd)
{
global $empire, $public_r, $equiturl;
//是否登陆
$user_r = islogin();
if ($equiturl) {
Header("Location:{$equiturl}");
exit;
}
EmptyEcmsCookie();
$dopr = 1;
if ($_GET['prtype']) {
$dopr = 9;
}
$gotourl = "../../";
if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) {
$gotourl = $public_r['newsurl'] . "e/member/iframe/";
}
$gotourl = DoingReturnUrl($gotourl, $_GET['ecmsfrom']);
printerror("ExitSuccess", $gotourl, $dopr);
}
<?php
require "../lib/lib_teamcalendar.php";
if (!islogin()) {
header("Location: ../index.php");
}
$pdo = pdoconnect();
$stmt = $pdo->prepare("DELETE FROM `request` WHERE `requestid` = :requestid");
$stmt->bindParam(':requestid', $_REQUEST['requestid']);
$stmt->execute();
<?php
require 'class/connect.php';
require 'class/db_sql.php';
require 'class/functions.php';
require LoadLang('f.php');
$phome = $_GET['phome'];
if (empty($phome)) {
$phome = $_POST['phome'];
}
//怫
if ($phome == "login" || $phome == "ChangeLanguage") {
} else {
$lur = islogin();
$loginin = $lur['username'];
$rnd = $lur['rnd'];
}
if ($phome == "SetDb" || $phome == "DoRep" || $phome == "DoOpi" || $phome == "DoDrop" || $phome == "DropDb" || $phome == "CreateDb" || $phome == "EmptyTable" || $phome == "DoSave" || $phome == "DoDelSave" || $phome == "DelBakpath" || $phome == "DelZip" || $phome == "DoExecSql" || $phome == "DoTranExecSql" || $phome == "RepPathFiletext" || $phome == 'ReplaceTable') {
include "class/combakfun.php";
}
if ($phome == "SetDb" || $phome == "login" || $phome == "exit" || $phome == "ChangeLanguage") {
} else {
$link = db_connect();
$empire = new mysqlquery();
}
if ($phome == "SetDb") {
Ebak_SetDb($_POST);
} elseif ($phome == "DoRep") {
$tablename = $_POST['tablename'];
$mydbname = $_POST['mydbname'];
Ebak_Rep($tablename, $mydbname);
function ShopDdToPay($ddid)
{
global $empire, $dbtbpre;
$ddid = (int) $ddid;
if (!$ddid) {
printerror("NotShopDdId", "history.go(-1)", 1);
}
//是否登陆
$user_r = islogin();
$r = $empire->fetch1("select ddid,payfsid,haveprice from {$dbtbpre}enewsshopdd where ddid='{$ddid}' and userid='{$user_r['userid']}' limit 1");
if (!$r['ddid']) {
printerror("NotShopDdId", "history.go(-1)", 1);
}
if ($r['haveprice']) {
printerror("ShopDdIdHavePrice", "history.go(-1)", 1);
}
if (empty($r['payfsid'])) {
printerror("NotPayfsid", "history.go(-1)", 1);
}
//支付方式
$payr = $empire->fetch1("select payid,payurl from {$dbtbpre}enewsshoppayfs where payid='{$r['payfsid']}'");
if (!$payr['payid'] || !$payr['payurl']) {
printerror("NotPayfsid", "history.go(-1)", 1);
}
$location = $payr['payurl'];
esetcookie("paymoneyddid", $ddid, 0);
Header("Refresh:0; URL={$location}");
}
function register()
{
$fname = "Firstname";
$sname = "Surname";
$username = "******";
$emailid = "Email id";
include 'core.inc.php';
if (islogin() == 0) {
if (isset($_POST['firstname']) && isset($_POST['surname']) && isset($_POST['password']) && isset($_POST['password_again']) && isset($_POST['emailid'])) {
$fname = $_POST['firstname'];
$sname = $_POST['surname'];
$passw = $_POST['password'];
$passw_again = $_POST['password_again'];
$emailid = $_POST['emailid'];
$acess = 0;
if (!empty($fname) && !empty($sname) && !empty($passw) && !empty($passw_again) && !empty($emailid)) {
include_once '/functions/passwordcheck.function.php';
$acess = passwordcheck($passw, $passw_again);
if ($debug && $register_check) {
echo $fname . '.<br/>' . $sname . '.<br/>' . $passw . '<br/>' . $emailid . '.<br/>';
}
if ($acess) {
//neutralizing the data
$fname1 = htmlentities($fname);
$sname1 = htmlentities($sname);
$emailid1 = $emailid;
$add_acess = 0;
//checking for email id already exist or not
include '/functions/read_db.function.php';
$email_exist = read_db('$emailid', 'email', 'user');
if ($email_exist) {
$add_acess = 1;
} else {
$add_acess = 0;
}
//writing data to database
if ($add_acess == 1) {
include '/dbms/dbms_imp.php';
$insert_query = "INSERT INTO `user` (`uid`, `fname`, `lname`, `email`, `password`) \r\n\t\t\t\t\t\t\t\t\t\tVALUES ('','{$fname1}','{$sname1}','{$emailid}','{$passw}')";
// add to database
$mysql_query_run = $connection->query($insert_query);
if (!$mysql_query_run) {
// error occurs
echo "<br>Error writing data" . @mysqli_error($connection);
} else {
echo "Thank You for joining us</br></br> To Continue Please <a href=\"login.php\">login</a>.</br></br>";
//sucess in adding the data.
}
//die(); //to kill rest of page
} elseif ($add_acess == 0) {
include '/forums/register.forum.php';
} else {
echo "<br>Some internal problem has occurred please report it.<br/>\r\n\t\t\t\t\t\tyou found reporting under contact us page<br>Thanks for your corporation.";
}
} else {
include '/forums/register.forum.php';
}
} else {
echo "Some error has occur.<br/> Please check the Information provided by you.<br/>\r\n\t\t\t\t\tMight be you have left out something<br/>";
include '/forums/register.forum.php';
}
} else {
echo "All fields are necessary <br/><br/>";
include '/forums/register.forum.php';
}
} else {
if (islogin() == 1) {
echo "<br/> You'r already registered and loggedin";
}
}
}
}
if ($a == 2) {
file_put_contents("../private/passwd", $ch2);
return TRUE;
}
return FALSE;
}
if ($_POST['login'] && $_POST['newpw'] && $_POST['oldpw'] && $_POST['submit']) {
$login = $_POST['login'];
$passwd = $_POST['newpw'];
$oldpwd = $_POST['oldpw'];
$submit = $_POST['submit'];
if ($submit === "OK") {
if (!file_exists("../private/passwd")) {
echo "ERROR\n";
exit;
} else {
$chain = file_get_contents("../private/passwd");
if (islogin($login, $chain) && chpasswd($login, $oldpwd, $passwd, $chain)) {
echo $submit . "\n";
} else {
echo "ERROR\n";
exit;
}
}
} else {
echo "ERROR" . "\n";
}
} else {
echo "ERROR" . "\n";
}
<?php
require "../../../class/connect.php";
require "../../../class/q_functions.php";
require "../../../class/db_sql.php";
require "../../../class/user.php";
$link = db_connect();
$empire = new mysqlquery();
$editor = 2;
$user = islogin();
$mid = (int) $_GET['mid'];
$out = $_GET['out'];
if (empty($mid)) {
printerror("HaveNotMsg", "", 1);
}
$r = $empire->fetch1("select mid,title,msgtext,from_userid,from_username,msgtime,haveread,issys from {$dbtbpre}enewsqmsg where mid={$mid} and to_username='******'username']}' limit 1");
if (empty($r[mid])) {
printerror("HaveNotMsg", "", 1);
}
if ($r['issys']) {
$r[from_username] = "<b>系统信息</b>";
}
if (!$r['haveread']) {
$usql = $empire->query("update {$user_tablename} set " . $user_havemsg . "=0 where " . $user_userid . "='{$user['userid']}'");
$usql = $empire->query("update {$dbtbpre}enewsqmsg set haveread=1 where mid={$mid}");
}
//导入模板
require ECMS_PATH . 'e/template/member/ViewMsg.php';
db_close();
$empire = null;
function AddFeedback($add)
{
global $empire, $dbtbpre, $level_r, $public_r;
CheckCanPostUrl();
//验证来源
if ($add['bid']) {
$bid = (int) $add['bid'];
} else {
$bid = (int) getcvar('feedbackbid');
}
if (empty($bid)) {
printerror("EmptyFeedbackname", "history.go(-1)", 1);
}
//验证码
$keyvname = 'checkfeedbackkey';
if ($public_r['fbkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
//版面是否存在
$br = $empire->fetch1("select bid,enter,mustenter,filef,groupid,checkboxf from {$dbtbpre}enewsfeedbackclass where bid='{$bid}';");
if (empty($br['bid'])) {
printerror("EmptyFeedback", "history.go(-1)", 1);
}
//权限
if ($br['groupid']) {
$user = islogin();
if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
printerror("HaveNotEnLevel", "history.go(-1)", 1);
}
}
$pr = $empire->fetch1("select feedbacktfile,feedbackfilesize,feedbackfiletype from {$dbtbpre}enewspublic limit 1");
//必填项
$mustr = explode(",", $br['mustenter']);
$count = count($mustr);
for ($i = 1; $i < $count - 1; $i++) {
$mf = $mustr[$i];
if (strstr($br['filef'], "," . $mf . ",")) {
if (!$pr['feedbacktfile']) {
printerror("NotOpenFBFile", "", 1);
}
if (!$_FILES[$mf]['name']) {
printerror("EmptyFeedbackname", "", 1);
}
} else {
$chmustval = ReturnFBCheckboxAddF($add[$mf], $mf, $br['checkboxf']);
if (!trim($chmustval)) {
printerror("EmptyFeedbackname", "", 1);
}
}
}
$saytime = date("Y-m-d H:i:s");
//字段处理
$dh = "";
$tranf = "";
$record = "<!--record-->";
$field = "<!--field--->";
$er = explode($record, $br['enter']);
$count = count($er);
for ($i = 0; $i < $count - 1; $i++) {
$er1 = explode($field, $er[$i]);
$f = $er1[1];
//附件
$add[$f] = str_replace('[!#@-', 'ecms', $add[$f]);
if (strstr($br['filef'], "," . $f . ",")) {
if ($_FILES[$f]['name']) {
if (!$pr['feedbacktfile']) {
printerror("NotOpenFBFile", "", 1);
}
$filetype = GetFiletype($_FILES[$f]['name']);
//取得文件类型
if (CheckSaveTranFiletype($filetype)) {
printerror("NotQTranFiletype", "", 1);
}
if (!strstr($pr['feedbackfiletype'], "|" . $filetype . "|")) {
printerror("NotQTranFiletype", "", 1);
}
if ($_FILES[$f]['size'] > $pr['feedbackfilesize'] * 1024) {
printerror("TooBigQTranFile", "", 1);
}
$tranf .= $dh . $f;
$dh = ",";
$fval = "[!#@-" . $f . "-@!]";
} else {
$fval = "";
}
} else {
$add[$f] = ReturnFBCheckboxAddF($add[$f], $f, $br['checkboxf']);
$fval = $add[$f];
}
$addf .= ",`" . $f . "`";
$addval .= ",'" . addslashes(RepPostStr($fval)) . "'";
}
$type = 0;
$classid = 0;
$filename = '';
$filepath = '';
$userid = (int) getcvar('mluserid');
$username = RepPostVar(getcvar('mlusername'));
$filepass = ReturnTranFilepass();
//上传附件
if ($tranf) {
$dh = "";
$tranr = explode(",", $tranf);
$count = count($tranr);
for ($i = 0; $i < $count; $i++) {
$tf = $tranr[$i];
$tfr = DoTranFile($_FILES[$tf]['tmp_name'], $_FILES[$tf]['name'], $_FILES[$tf]['type'], $_FILES[$tf]['size'], $classid);
if ($tfr['tran']) {
$filepath = $tfr[filepath];
//写入数据库
$filetime = $saytime;
$filesize = (int) $_FILES[$tf]['size'];
eInsertFileTable($tfr[filename], $filesize, $tfr[filepath], '[Member]' . $username, $classid, '[FB]' . addslashes(RepPostStr($add[title])), $type, $filepass, $filepass, $public_r[fpath], 0, 4, 0);
$repfval = ($tfr[filepath] ? $tfr[filepath] . '/' : '') . $tfr[filename];
$filename .= $dh . $tfr[filename];
$dh = ",";
} else {
$repfval = "";
}
$addval = str_replace("[!#@-" . $tf . "-@!]", $repfval, $addval);
}
}
$ip = egetip();
$eipport = egetipport();
$sql = $empire->query("insert into {$dbtbpre}enewsfeedback(bid,saytime,ip,filepath,filename,userid,username,haveread,eipport" . $addf . ") values('{$bid}','{$saytime}','{$ip}','{$filepath}','{$filename}','{$userid}','{$username}',0,'{$eipport}'" . $addval . ");");
$fid = $empire->lastid();
//更新附件
UpdateTheFileOther(4, $fid, $filepass, 'other');
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
$reurl = DoingReturnUrl("../tool/feedback/?bid={$bid}", $add['ecmsfrom']);
printerror("AddFeedbackSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
<?php
require "class/connect.php";
include "class/config.php";
include "class/db_sql.php";
include "class/functions.php";
$loginin = getcvar('bakusername');
$rnd = getcvar('bakrnd');
islogin($loginin, $rnd);
$link = db_connect();
$empire = new mysqlquery();
$mydbname = RepPostVar($_GET['mydbname']);
if (empty($mydbname)) {
printerror("NotChangeDb", "history.go(-1)");
}
//选择数据库
$udb = $empire->query("use `" . $mydbname . "`");
//存放目录
$mypath = $mydbname . "_" . date("YmdHis");
if ($phpsafemod) {
$mypath = "safemod";
}
//导入设置
$loadfile = RepPostVar($_GET['savefilename']);
if (strstr($loadfile, '.') || strstr($loadfile, '/') || strstr($loadfile, "\\")) {
$loadfile = '';
}
if (empty($loadfile)) {
$loadfile = 'def';
}
$loadfile = 'setsave/' . $loadfile;
<html>
<head>
<meta charset="UTF-8">
<title>Self-Advisor: Registration Complete</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="css/stylesheet.css" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<script type="text/JavaScript" src="js/sha512.js"></script>
<script type="text/JavaScript" src="js/forms.js"></script>
</head>
<body>
<?php
if (islogin($mysqli) == true) {
?>
<div class="container">
<nav class="navbar navbar-default">
<div class="container-fluid">
<div class="navbar-header">
<a class="navbar-brand" href="index.php"> <img src="templates/logo2.png" height="33"width="124"></a>
</div>
</div>
</nav>
</div>
<div class="container">
<div class = "col-sm-3"></div>
<div class ="col-sm-6">
<h1>Registration successful!</h1>
<?php
require "../../lib/lib_teamcalendar.php";
if (!islogin() || !isset($_GET['id']) || !isjoined($_GET['id']) || getlevel($_GET['id']) != 1) {
header('Location: ../../index.php');
}
$pdo = pdoconnect();
?>
<img id="loadimg" src="calendar/ajax-loader.gif" alt="Loading.." class="hide"/>
<button onclick="prev();" class="btn btn-info btn-xs">돌아가기</button>
<h2>멤버</h2>
<table class="table table-sm">
<tr>
<th>이름</th>
<th></th>
</tr>
<?php
$stmt = $pdo->prepare("SELECT `user`.`name`,`user`.`userid` FROM `joined` LEFT JOIN `user` ON `joined`.`userid`=`user`.`userid` WHERE `joined`.`groupid`=:groupid AND `joined`.`level`=0");
$stmt->bindParam(':groupid', $_GET['id']);
$stmt->execute();
$data = $stmt->fetchAll(PDO::FETCH_ASSOC);
for ($i = 0; $i < count($data); $i++) {
echo "<tr><td>{$data[$i]['name']}</td><td><button onclick=\"member_out({$data[$i]['userid']});\" class=\"btn btn-info btn-xs\">추방</button></td></tr>";
}
?>
</table>
<h2>가입 신청</h2>
<table class="table table-sm">
<tr>
<th>이름</th>
<th></th>
}
if (islogin() == 0) {
if ($current_file == "/resolution/index.php") {
?>
<li class="current_page_item"><a href="index.php" accesskey="1" title="">Home</a></li>
<li><a href="login.php" accesskey="2" title="">Login</a></li>
<?php
} elseif ($current_file == "/resolution/login.php") {
?>
<li ><a href="index.php" accesskey="1" title="">Home</a></li>
<li class="current_page_item"><a href="login.php" accesskey="2" title="">Login</a></li>
<?php
}
} elseif (islogin() == 1) {
if ($current_file == "/resolution/index.php") {
?>
<li class="current_page_item"><a href="index.php" accesskey="1" title=""><?php
echo "{$fname}";
?>
</a></li>
<li><a href="logout.php" accesskey="2" title="">Logout</a></li>
<?php
}
}
?>
</ul>
</div>
<?php
include_once 'includes/db_connect.php';
include_once 'includes/functions.php';
if (islogin($mysqli) == false) {
header('Location: ./index.php');
}
if (isset($_POST['clear'])) {
$studentid = $_SESSION['user_id'];
$mystmt = $mysqli->prepare("UPDATE progress SET taken= 0 WHERE studentid= ?");
$mystmt->bind_param('i', $studentid);
$mystmt->execute();
$mystmt = $mysqli->prepare("UPDATE studentrecord SET completedhours = 0 WHERE id= ?");
$mystmt->bind_param('i', $studentid);
$mystmt->execute();
header("Refresh:0");
}
if (isset($_POST['degreeplan'])) {
if ($_POST['degreeplan'] != "Select Degree Plan") {
$studentid = htmlentities($_SESSION['user_id']);
$_SESSION['program'] = $_POST['degreeplan'];
//UPDATE STUDENT RECORD
$zero = 0;
$sql = "INSERT INTO studentrecord\n VALUES (" . $studentid . ",'" . $_POST['degreeplan'] . "'," . $zero . ")\n ON DUPLICATE KEY UPDATE program ='" . $_POST['degreeplan'] . "'";
$mydata = mysqli_query($mysqli, $sql);
//DELETE OLD DEGREE PLAN
$sql = "DELETE FROM progress WHERE studentid = " . $studentid;
$mydata = mysqli_query($mysqli, $sql);
//INSERT NEW DEGREE PLAN
$sql = "SELECT * FROM program,inprogram,courses\n WHERE program.id = inprogram.programid\n && inprogram.courseid = courses.id\n && program.name = '" . $_POST['degreeplan'] . "'";
$mydata = mysqli_query($mysqli, $sql);
public function enable($id)
{
if (islogin()) {
if ($this->Mdl_admin->enable($id)) {
setInformUser('success', 'user successfully enabled ');
redirect(base_url('admin/getUsers'));
} else {
setInformUser('error', 'Some error Occurred ');
redirect(base_url('admin/getUsers'));
}
} else {
redirect(base_url('users'));
}
}
