if (isset($_GET['code']) && trim($_GET['code']) != '') {
require_once 'lib/t163.php';
$db_o = new t163PHP($config['t163_key'], $config['t163_se']);
$result = $db_o->access_token($config['site_url'] . 't163_callback.php', $_GET['code']);
}
if (isset($result['access_token']) && $result['access_token'] != '') {
$s_t = $result['access_token'];
$s_r = $result['refresh_token'];
$edate = time() + $result['expires_in'];
if ($c_log) {
$ar = getainfo($_SESSION[$config['u_hash']], 'id, name');
$s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('t163', 'text'));
$q_dby = mysql_query($s_dby) or die('');
$r_dby = mysql_fetch_assoc($q_dby);
if (mysql_num_rows($q_dby) > 0) {
$u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']);
$result = mysql_query($u_db) or die('');
} else {
$i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('t163', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'));
$result = mysql_query($i_db) or die('');
}
mysql_free_result($q_dby);
setsinfo($ar['name'] . ' 绑定了网易微博', $ar['id']);
} else {
$_SESSION['t163_login_u_t'] = $s_t;
$_SESSION['t163_login_u_r'] = $s_r;
$_SESSION['t163_login_u_edate'] = $edate;
}
}
}
header('Location:' . $u);
if (isset($_GET['code']) && trim($_GET['code']) != '') {
require_once 'lib/kaixin.php';
$db_o = new kaixinPHP($config['kx001_key'], $config['kx001_se']);
$result = $db_o->access_token($config['site_url'] . 'kx001_callback.php', $_GET['code']);
}
if (isset($result['access_token']) && $result['access_token'] != '') {
$s_t = $result['access_token'];
$s_r = $result['refresh_token'];
$edate = time() + $result['expires_in'];
if ($c_log) {
$ar = getainfo($_SESSION[$config['u_hash']], 'id, name');
$s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('kx001', 'text'));
$q_dby = mysql_query($s_dby) or die('');
$r_dby = mysql_fetch_assoc($q_dby);
if (mysql_num_rows($q_dby) > 0) {
$u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']);
$result = mysql_query($u_db) or die('');
} else {
$i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('kx001', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'));
$result = mysql_query($i_db) or die('');
}
mysql_free_result($q_dby);
setsinfo($ar['name'] . ' 绑定了开心网', $ar['id']);
} else {
$_SESSION['kx001_login_u_t'] = $s_t;
$_SESSION['kx001_login_u_r'] = $s_r;
$_SESSION['kx001_login_u_edate'] = $edate;
}
}
}
header('Location:' . $u);
} else {
$u = './?m=login&t=qq';
}
if ($config['is_qq'] > 0 && $config['qq_app_id'] != '' && $config['qq_app_key'] != '') {
if (isset($_GET['code']) && trim($_GET['code']) != '') {
require_once 'lib/qq.php';
$o = new qqPHP($config['qq_app_id'], $config['qq_app_key']);
$result = $o->access_token($config['site_url'] . 'qq_callback.php', $_GET['code']);
}
if (isset($result['access_token']) && $result['access_token'] != '') {
$s_t = $result['access_token'];
if ($c_log) {
$ar = getainfo($_SESSION[$config['u_hash']], 'id, name');
$s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('qq', 'text'));
$q_dby = mysql_query($s_dby) or die('');
$r_dby = mysql_fetch_assoc($q_dby);
if (mysql_num_rows($q_dby) > 0) {
$u_db = sprintf('update %s set s_t=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), $r_dby['id']);
$result = mysql_query($u_db) or die('');
} else {
$i_db = sprintf('insert into %s (aid, name, s_t) values (%s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('qq', 'text'), SQLString($s_t, 'text'));
$result = mysql_query($i_db) or die('');
}
mysql_free_result($q_dby);
setsinfo($ar['name'] . ' 绑定了QQ', $ar['id']);
} else {
$_SESSION['qq_login_u_t'] = $s_t;
}
}
}
header('Location:' . $u);
if (trim($_POST['flickr_url']) != '' && trim($_POST['flickr_id']) != '' && trim($_POST['flickr_name']) != '' && $config['is_flickr'] > 0 && ($config['is_uflickr'] > 0 || $config['flickr_key'] != '')) {
$flickr_url = htmlspecialchars(trim($_POST['flickr_url']), ENT_QUOTES);
$flickr_id = htmlspecialchars(trim($_POST['flickr_id']), ENT_QUOTES);
$flickr_name = htmlspecialchars(trim($_POST['flickr_name']), ENT_QUOTES);
$s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $r_dbu['id'], SQLString('flickr', 'text'));
$q_dby = mysql_query($s_dby) or die('');
$r_dby = mysql_fetch_assoc($q_dby);
if (mysql_num_rows($q_dby) > 0) {
$u_db = sprintf('update %s set s_id=%s, s_t=%s, s_n=%s where id=%s', $dbprefix . 'member', SQLString($flickr_id, 'text'), SQLString($flickr_url, 'text'), SQLString($flickr_name, 'text'), $r_dby['id']);
$result = mysql_query($u_db) or die('');
} else {
$i_db = sprintf('insert into %s (aid, name, s_id, s_t, s_n) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $r_dbu['id'], SQLString('flickr', 'text'), SQLString($flickr_id, 'text'), SQLString($flickr_url, 'text'), SQLString($flickr_name, 'text'));
$result = mysql_query($i_db) or die('');
}
mysql_free_result($q_dby);
setsinfo($r_dbu['name'] . ' 绑定了Flickr', $r_dbu['id']);
$e = 1;
} else {
$e = 2;
}
} elseif (isset($_POST['isl_sina_h']) && intval($_POST['isl_sina_h']) > 0) {
$is_show = isset($_POST['is_show']) && $_POST['is_show'] == 1 ? 1 : 0;
$u_db = sprintf('update %s set is_show=%s where id=%s', $dbprefix . 'm_sync', $is_show, intval($_POST['isl_sina_h']));
$result = mysql_query($u_db) or die('');
$e = 1;
} elseif (isset($_POST['isl_tqq_h']) && intval($_POST['isl_tqq_h']) > 0) {
$is_show = isset($_POST['is_show']) && $_POST['is_show'] == 1 ? 1 : 0;
$u_db = sprintf('update %s set is_show=%s where id=%s', $dbprefix . 'm_sync', $is_show, intval($_POST['isl_tqq_h']));
$result = mysql_query($u_db) or die('');
$e = 1;
} elseif (isset($_POST['isl_fb_h']) && intval($_POST['isl_fb_h']) > 0) {
if (isset($_GET['code']) && trim($_GET['code']) != '') {
require_once 'lib/douban.php';
$db_o = new doubanPHP($config['douban_key'], $config['douban_se']);
$result = $db_o->access_token($config['site_url'] . 'douban_callback.php', $_GET['code']);
}
if (isset($result['access_token']) && $result['access_token'] != '') {
$s_t = $result['access_token'];
$s_r = $result['refresh_token'];
$edate = time() + $result['expires_in'];
if ($c_log) {
$ar = getainfo($_SESSION[$config['u_hash']], 'id, name');
$s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('douban', 'text'));
$q_dby = mysql_query($s_dby) or die('');
$r_dby = mysql_fetch_assoc($q_dby);
if (mysql_num_rows($q_dby) > 0) {
$u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']);
$result = mysql_query($u_db) or die('');
} else {
$i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('douban', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'));
$result = mysql_query($i_db) or die('');
}
mysql_free_result($q_dby);
setsinfo($ar['name'] . ' 绑定了豆瓣', $ar['id']);
} else {
$_SESSION['douban_login_u_t'] = $s_t;
$_SESSION['douban_login_u_r'] = $s_r;
$_SESSION['douban_login_u_edate'] = $edate;
}
}
}
header('Location:' . $u);
$status = $config['veri'] > 0 ? 0 : 1;
$gid = isset($_POST['gid']) && isset($g_c) && in_array($_POST['gid'], $g_c) && isset($g_a[$_POST['gid']]) ? $_POST['gid'] : 0;
$jaid = isset($idb) ? $idb['aid'] : 0;
$rela = isset($_POST['rela']) ? htmlspecialchars(trim($_POST['rela']), ENT_QUOTES) : '';
$email = htmlspecialchars(trim($_POST['email']), ENT_QUOTES);
$s_dbu = sprintf('select id from %s where username=%s limit 1', $dbprefix . 'member', SQLString($username, 'text'));
$q_dbu = mysql_query($s_dbu) or die('');
if (mysql_num_rows($q_dbu) > 0) {
$e = 1;
} else {
$i_db = sprintf('insert into %s (username, password, name, status, regdate, gid, jaid, rela, email) values (%s, %s, %s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'member', SQLString($username, 'text'), SQLString($password, 'text'), SQLString($name, 'text'), SQLString($status, 'int'), time(), SQLString($gid, 'int'), SQLString($jaid, 'int'), SQLString($rela, 'text'), SQLString($email, 'text'));
$result = mysql_query($i_db) or die('');
$nid = mysql_insert_id();
$i_db = sprintf('insert into %s (aid, datetime, ip_i, online) values (%s, %s, inet_aton(%s), 0)', $dbprefix . 'online', $nid, time(), SQLString(getIP(), 'text'));
$result = mysql_query($i_db) or die('');
setsinfo($name . ' 新用户注册' . (isset($g_a[$gid]) ? ',身份:' . $g_a[$gid] : '') . (isset($idb) ? ',邀请人:<a href="?m=user&id=' . $idb['aid'] . '">' . $idb['name'] . '</a>' : '') . ($config['veri'] > 0 ? '' : ',等待审核') . ($rela != '' ? "\r\r" . $rela : ''), $nid);
if (isset($_SESSION['login_sync_tn']) && $_SESSION['login_sync_tn'] != '' && isset($a_sync[$_SESSION['login_sync_tn']])) {
$i_db = sprintf('insert into %s (aid, name, s_id, s_t, s_r, s_s, edate) values (%s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $nid, SQLString($_SESSION['login_sync_tn'], 'text'), SQLString($_SESSION['login_sync_id'], 'text'), SQLString($_SESSION['login_sync_t'], 'text'), SQLString($_SESSION['login_sync_r'], 'text'), SQLString($_SESSION['login_sync_s'], 'text'), SQLString($_SESSION['login_sync_edate'], 'int'));
$result = mysql_query($i_db) or die('');
$_SESSION['login_sync_tn'] = '';
$_SESSION['login_sync_id'] = '';
$_SESSION['login_sync_t'] = '';
$_SESSION['login_sync_r'] = '';
$_SESSION['login_sync_s'] = '';
$_SESSION['login_sync_u'] = '';
$_SESSION['login_sync_edate'] = 0;
}
if (isset($idb)) {
$u_db = sprintf('update %s set jid=%s where id=%s', $dbprefix . 'invite', $nid, $idb['id']);
$result = mysql_query($u_db) or die('');
}
if (isset($_GET['code']) && trim($_GET['code']) != '') {
require_once 'lib/live.php';
$db_o = new livePHP($config['live_key'], $config['live_se']);
$result = $db_o->access_token($config['site_url'] . 'live_callback.php', $_GET['code']);
}
if (isset($result['access_token']) && $result['access_token'] != '') {
$s_t = $result['access_token'];
$s_r = $result['refresh_token'];
$edate = time() + $result['expires_in'];
if ($c_log) {
$ar = getainfo($_SESSION[$config['u_hash']], 'id, name');
$s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('live', 'text'));
$q_dby = mysql_query($s_dby) or die('');
$r_dby = mysql_fetch_assoc($q_dby);
if (mysql_num_rows($q_dby) > 0) {
$u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']);
$result = mysql_query($u_db) or die('');
} else {
$i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('live', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'));
$result = mysql_query($i_db) or die('');
}
mysql_free_result($q_dby);
setsinfo($ar['name'] . ' 绑定了Microsoft账户', $ar['id']);
} else {
$_SESSION['live_login_u_t'] = $s_t;
$_SESSION['live_login_u_r'] = $s_r;
$_SESSION['live_login_u_edate'] = $edate;
}
}
}
header('Location:' . $u);
exit;
}
mysql_free_result($q_dbc);
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($c_log) {
$title = htmlspecialchars(trim($_POST['title']), ENT_QUOTES);
$cont = htmlspecialchars(trim($_POST['rinfo']), ENT_QUOTES);
$cdate = htmlspecialchars(trim($_POST['cdate']), ENT_QUOTES);
$cloc = htmlspecialchars(trim($_POST['cloc']), ENT_QUOTES);
$cpay = htmlspecialchars(trim($_POST['cpay']), ENT_QUOTES);
if ($title != '') {
$i_db = sprintf('insert into %s (title, content, cdate, cloc, cpay, aid, datetime) values (%s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'camp', SQLString($title, 'text'), SQLString($cont, 'text'), SQLString($cdate, 'text'), SQLString($cloc, 'text'), SQLString($cpay, 'text'), $_SESSION[$config['u_hash']], time());
$result = mysql_query($i_db) or die('');
$nid = mysql_insert_id();
setsinfo($pn . ' 发起新活动', $_SESSION[$config['u_hash']], $nid, 3);
}
}
header('Location:./?m=camp');
exit;
} else {
$title .= '班级活动';
$s_a_dbc = sprintf('select a.*, b.name from %s as a, %s as b where a.aid=b.id and a.disp=0 order by a.closed, a.sticky desc, a.datetime desc', $dbprefix . 'camp', $dbprefix . 'member');
$q_a_dbc = mysql_query($s_a_dbc) or die('');
$c_dbc = mysql_num_rows($q_a_dbc);
if ($c_dbc > 0) {
$p_dbc = ceil($c_dbc / $config['pagesize']);
if ($page > $p_dbc) {
$page = $p_dbc;
}
$s_dbc = sprintf('%s limit %d, %d', $s_a_dbc, ($page - 1) * $config['pagesize'], $config['pagesize']);
$_SESSION['tw_login_token'] = '';
unset($_SESSION['tw_login_token']);
$_SESSION['tw_login_secret'] = '';
unset($_SESSION['tw_login_secret']);
}
if ($token != '' && $secret != '') {
require_once 'lib/twitterOAuth.php';
$to = new TwitterOAuth($config['tw_key'], $config['tw_se'], $token, $secret);
$tok = $to->getAccessToken();
if ($tok['oauth_token'] != '' && $tok['oauth_token_secret'] != '') {
if ($c_log) {
$s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('twitter', 'text'));
$q_dby = mysql_query($s_dby) or die('');
$r_dby = mysql_fetch_assoc($q_dby);
if (mysql_num_rows($q_dby) > 0) {
$u_db = sprintf('update %s set s_t=%s, s_s=%s where id=%s', $dbprefix . 'm_sync', SQLString($tok['oauth_token'], 'text'), SQLString($tok['oauth_token_secret'], 'text'), $r_dby['id']);
$result = mysql_query($u_db) or die('');
} else {
$i_db = sprintf('insert into %s (aid, name, s_t, s_s) values (%s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('twitter', 'text'), SQLString($tok['oauth_token'], 'text'), SQLString($tok['oauth_token_secret'], 'text'));
$result = mysql_query($i_db) or die('');
}
mysql_free_result($q_dby);
setsinfo($ar['name'] . ' 绑定了Twitter', $ar['id']);
} else {
$_SESSION['tw_login_u_t'] = $tok['oauth_token'];
$_SESSION['tw_login_u_s'] = $tok['oauth_token_secret'];
}
}
}
}
header('Location:' . $u);
session_unset();
session_start();
$_SESSION[$config['u_hash']] = $r_dbu['id'];
if (isset($_SESSION['login_sync_tn']) && $_SESSION['login_sync_tn'] != '' && isset($a_sync[$_SESSION['login_sync_tn']])) {
$s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $r_dbu['id'], SQLString($_SESSION['login_sync_tn'], 'text'));
$q_dby = mysql_query($s_dby) or die('');
$r_dby = mysql_fetch_assoc($q_dby);
if (mysql_num_rows($q_dby) > 0) {
$u_db = sprintf('update %s set s_id=%s, s_t=%s, s_r=%s, s_s=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($_SESSION['login_sync_id'], 'text'), SQLString($_SESSION['login_sync_t'], 'text'), SQLString($_SESSION['login_sync_r'], 'text'), SQLString($_SESSION['login_sync_s'], 'text'), SQLString($_SESSION['login_sync_edate'], 'int'), $r_dby['id']);
$result = mysql_query($u_db) or die('');
} else {
$i_db = sprintf('insert into %s (aid, name, s_id, s_t, s_r, s_s, edate) values (%s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $r_dbu['id'], SQLString($_SESSION['login_sync_tn'], 'text'), SQLString($_SESSION['login_sync_id'], 'text'), SQLString($_SESSION['login_sync_t'], 'text'), SQLString($_SESSION['login_sync_r'], 'text'), SQLString($_SESSION['login_sync_s'], 'text'), SQLString($_SESSION['login_sync_edate'], 'int'));
$result = mysql_query($i_db) or die('');
}
mysql_free_result($q_dby);
setsinfo($r_dbu['name'] . ' 绑定了' . $a_sync[$_SESSION['login_sync_tn']], $r_dbu['id']);
$_SESSION['login_sync_tn'] = '';
$_SESSION['login_sync_id'] = '';
$_SESSION['login_sync_t'] = '';
$_SESSION['login_sync_r'] = '';
$_SESSION['login_sync_s'] = '';
$_SESSION['login_sync_u'] = '';
$_SESSION['login_sync_edate'] = 0;
}
if (isset($_POST['remember']) && $_POST['remember'] == '1') {
setcookie($config['u_hash'] . '_u', $username, time() + 86400 * 30);
setcookie($config['u_hash'] . '_p', $password, time() + 86400 * 30);
} else {
setcookie($config['u_hash'] . '_u', '', time());
setcookie($config['u_hash'] . '_p', '', time());
}
}
if (isset($_GET['cid']) && intval($_GET['cid']) > 0 && $menua[$mid][0] != 5) {
if ($c_log && $pa == 9) {
$s_dbu = sprintf('select id, name from %s where id=%s and status=0 limit 1', $dbprefix . 'member', SQLString($_GET['cid'], 'int'));
$q_dbu = mysql_query($s_dbu) or die('');
$r_dbu = mysql_fetch_assoc($q_dbu);
if (mysql_num_rows($q_dbu) > 0) {
$c = $r_dbu['name'] . ' 被设置为';
if (isset($_GET['p']) && $_GET['p'] == 1) {
$c .= '普通用户';
$power = 0;
} else {
$c .= '管理员';
$power = 4;
}
setsinfo($c, $r_dbu['id']);
$u_db = sprintf('update %s set power=%s where id=%s', $dbprefix . 'member', SQLString($power, 'int'), $r_dbu['id']);
$result = mysql_query($u_db) or die('');
}
mysql_free_result($q_dbu);
}
header('Location:./?m=user');
exit;
}
if (isset($_GET['did']) && intval($_GET['did']) > 0 && $menua[$mid][0] != 5) {
if ($c_log && $pa == 9) {
$s_dbu = sprintf('select id, photo from %s where id=%s limit 1', $dbprefix . 'member', SQLString($_GET['did'], 'int'));
$q_dbu = mysql_query($s_dbu) or die('');
$r_dbu = mysql_fetch_assoc($q_dbu);
if (mysql_num_rows($q_dbu) > 0) {
if ($r_dbu['photo'] != '') {
* 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。
*/
$page = isset($_GET['page']) && intval($_GET['page']) > 0 ? intval($_GET['page']) : 1;
$pagesize = 50;
if (isset($_GET['id']) && intval($_GET['id']) > 0) {
$s_dbp = sprintf('select a.*, b.power, b.name from %s as a, %s as b where a.id=%s and a.aid=b.id and a.disp=0 limit 1', $dbprefix . 'photo', $dbprefix . 'member', intval($_GET['id']));
$q_dbp = mysql_query($s_dbp) or die('');
$r_dbp = mysql_fetch_assoc($q_dbp);
if (mysql_num_rows($q_dbp) > 0) {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $c_log) {
$cont = htmlspecialchars(trim($_POST['rinfo']), ENT_QUOTES);
if ($cont != '') {
$i_db = sprintf('insert into %s (content, aid, pid, datetime) values (%s, %s, %s, %s)', $dbprefix . 'pcomment', SQLString($cont, 'text'), $_SESSION[$config['u_hash']], $r_dbp['id'], time());
$result = mysql_query($i_db) or die('');
$nid = mysql_insert_id();
setsinfo($pn . ' 发表评论', $r_dbp['aid'], $r_dbp['id'], 2);
}
header('Location:./?m=album&id=' . $r_dbp['id'] . (isset($nid) ? '#topic-' . $nid : ''));
exit;
} else {
$t = $r_dbp['title'] != '' ? $r_dbp['title'] : ($r_dbp['vid'] > 0 ? '视频' : '照片') . ' #' . $r_dbp['id'];
$title .= $t;
$u = $r_dbp['url'];
if ($r_dbp['upload'] == 0) {
$tb_i = '';
if (strstr($u, '[/]')) {
$a_u = explode('[/]', $u);
$l_u = count($a_u) - 1;
$t_u = $a_u[$l_u];
if (trim($t_u) != '' && strstr(trim($t_u), '://')) {
$tb_i = trim($t_u);
exit;
}
$content .= '<div class="photo_list"><img src="' . $v . '" class="photo" alt="" width="55" height="55"/> <img src="images/o_2.gif" alt="" title="删除" name="del_img" data-id="' . $k . '" class="f_link"/></div>';
}
}
} else {
if (isset($_GET['did']) && $_GET['did'] == 1) {
foreach ($a_pho as $v) {
if (trim($v) != '' && !strstr($v, '://') && file_exists(trim($v))) {
unlink(trim($v));
}
}
$u_pho = '';
$u_db = sprintf('update %s set photo=%s where id=%s', $dbprefix . 'member', SQLString($u_pho, 'text'), $r_dbu['id']);
$result = mysql_query($u_db) or die('');
setsinfo($r_dbu['name'] . ' 更新了个人资料', $r_dbu['id']);
header('Location:./?m=profile&t=photo&e=1');
exit;
}
$content .= '<img src="' . $a_pho[0] . '" class="photo" alt="" width="55" height="55"/> <img src="images/o_2.gif" alt="" title="删除" name="del_img" data-id="1" class="f_link"/>';
}
} else {
$content .= '<img src="images/dphoto.jpg" class="photo" alt="" width="55" height="55"/>';
}
$content .= '<div class="extr"></div></div><br/><div class="title">' . ($config['avator'] > 0 ? '添加' : '设置') . '头像';
if ($c_pho >= $config['avator'] && $config['avator'] > 0) {
$content .= '</div><div class="lcontent">您已经有' . $config['avator'] . '个头像,达到头像数的最大上限,不能再添加头像!</div>';
} else {
if ($config['upload'] == 0) {
$js_c .= '
$("span[name=\'melink\']").click(function(){
$title = htmlspecialchars(trim($_POST['title']), ENT_QUOTES);
if ($url != '') {
$tbimg = isset($_POST['tbimg']) && trim($_POST['tbimg']) != '' ? getfurl(htmlspecialchars(trim($_POST['tbimg']), ENT_QUOTES)) : '';
if ($tbimg != '' && $up == 0) {
$url .= '[/]' . $tbimg;
}
$cid = isset($_POST['cid']) ? $_POST['cid'] : 0;
$i_db = sprintf('insert into %s (title, url, aid, cid, datetime, upload, vid) values (%s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'photo', SQLString($title, 'text'), SQLString($url, 'text'), $_SESSION[$config['u_hash']], SQLString($cid, 'int'), time(), SQLString($up, 'int'), SQLString($vid, 'int'));
$result = mysql_query($i_db) or die('');
$nid = mysql_insert_id();
if ($cid > 0) {
$ptitle = $title != '' ? $title : '#' . $nid;
$i_db = sprintf('insert into %s (content, aid, cid, sid, datetime) values (%s, %s, %s, %s, %s)', $dbprefix . 'ccomment', SQLString($ptitle, 'text'), $_SESSION[$config['u_hash']], SQLString($cid, 'int'), SQLString($nid, 'int'), time());
$result = mysql_query($i_db) or die('');
}
setsinfo($pn . ' 添加新' . ($vid > 0 ? '视频' : '照片'), $_SESSION[$config['u_hash']], $nid, 2);
}
}
header('Location:./?m=album' . (isset($e) && $e > 0 ? '&e=' . $e . '#msg' : ''));
exit;
} else {
$title .= '照片视频';
$a_msg = array(1 => '文件太大!', '文件类型不可用!', '上传路径不可用!', '上传的不是图片文件!', '上传出错!');
$content .= '<div class="title">照片视频</div><div class="';
$s_a_dbp = sprintf('select a.id, a.title, a.url, a.vid, a.upload, a.disp, b.name from %s as a, %s as b where a.aid=b.id%s order by a.datetime desc', $dbprefix . 'photo', $dbprefix . 'member', $ddb);
$q_a_dbp = mysql_query($s_a_dbp) or die('');
$c_dbp = mysql_num_rows($q_a_dbp);
if ($c_dbp > 0) {
$p_dbp = ceil($c_dbp / $pagesize);
if ($page > $p_dbp) {
$page = $p_dbp;
$isnl = isset($_POST['isnl']) && $_POST['isnl'] == 1 ? 1 : 0;
$url = htmlspecialchars(trim($_POST['url']), ENT_QUOTES);
$email = htmlspecialchars(trim($_POST['email']), ENT_QUOTES);
$phone = htmlspecialchars(trim($_POST['phone']), ENT_QUOTES);
$work = htmlspecialchars(trim($_POST['work']), ENT_QUOTES);
$tel = htmlspecialchars(trim($_POST['tel']), ENT_QUOTES);
$qq = htmlspecialchars(trim($_POST['qq']), ENT_QUOTES);
$msn = htmlspecialchars(trim($_POST['msn']), ENT_QUOTES);
$gtalk = htmlspecialchars(trim($_POST['gtalk']), ENT_QUOTES);
$address = htmlspecialchars(trim($_POST['address']), ENT_QUOTES);
$location = htmlspecialchars(trim($_POST['location']), ENT_QUOTES);
$rela = htmlspecialchars(trim($_POST['rela']), ENT_QUOTES);
$sylorm = isset($_POST['sylorm']) && $_POST['sylorm'] == 1 ? 1 : 0;
$u_db = sprintf('update %s set username=%s, name=%s, gender=%s, bir_y=%s, bir_m=%s, bir_d=%s, isnl=%s, url=%s, email=%s, phone=%s, work=%s, tel=%s, qq=%s, msn=%s, gtalk=%s, address=%s, location=%s, rela=%s, sylorm=%s where id=%s', $dbprefix . 'member', SQLString($username, 'text'), SQLString($name, 'text'), SQLString($gender, 'int'), SQLString($bir_y, 'int'), SQLString($bir_m, 'int'), SQLString($bir_d, 'int'), $isnl, SQLString($url, 'text'), SQLString($email, 'text'), SQLString($phone, 'text'), SQLString($work, 'text'), SQLString($tel, 'text'), SQLString($qq, 'text'), SQLString($msn, 'text'), SQLString($gtalk, 'text'), SQLString($address, 'text'), SQLString($location, 'text'), SQLString($rela, 'text'), $sylorm, $r_dbu['id']);
$result = mysql_query($u_db) or die('');
setsinfo($name . ' 更新了个人资料', $r_dbu['id']);
}
header('Location:./?m=profile' . (isset($e) ? '&e=' . $e : ''));
exit;
} else {
$a_msg = array(1 => '个人资料已修改。', '请使用其他的用户名!');
$content .= '<script type="text/javascript" src="http://api.map.baidu.com/api?v=1.3"></script>' . (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">个人资料</div><div class="lcontent"><form method="post" action="" class="btform" id="pfform"><table><tr><td>用户名:</td><td><input name="username" size="32" value="' . htmlspecialchars($r_dbu['username'], ENT_QUOTES) . '" class="bt_input" rel="用户名" /></td></tr><tr><td>姓名:</td><td><input name="name" size="32" value="' . $r_dbu['name'] . '" class="bt_input" rel="姓名" /></td></tr><tr><td>介绍:</td><td><input name="rela" size="32" value="' . $r_dbu['rela'] . '" /></td></tr><tr><td>性别:</td><td><input type="radio" name="gender" value="0"' . ($r_dbu['gender'] == 0 ? ' checked="checked"' : '') . ' />保密 <input type="radio" name="gender" value="1"' . ($r_dbu['gender'] == 1 ? ' checked="checked"' : '') . ' />男 <input type="radio" name="gender" value="2"' . ($r_dbu['gender'] == 2 ? ' checked="checked"' : '') . ' />女</td></tr><tr><td>生日:</td><td><input name="bir_y" size="5" maxsize="4" value="' . ($r_dbu['bir_y'] > 0 ? $r_dbu['bir_y'] : '') . '" />-<select name="bir_m">';
for ($i = 0; $i < 13; $i++) {
$content .= '<option value="' . $i . '"' . ($r_dbu['bir_m'] == $i ? ' selected="selected"' : '') . '>' . ($i > 0 ? $i : '-') . '</option>';
}
$content .= '</select>-<select name="bir_d">';
for ($i = 0; $i < 32; $i++) {
$content .= '<option value="' . $i . '"' . ($r_dbu['bir_d'] == $i ? ' selected="selected"' : '') . '>' . ($i > 0 ? $i : '-') . '</option>';
}
$content .= '</select></td></tr><tr><td>历法:</td><td><input type="radio" name="isnl" value="0"' . ($r_dbu['isnl'] == 0 ? ' checked="checked"' : '') . ' />公历 <input type="radio" name="isnl" value="1"' . ($r_dbu['isnl'] == 1 ? ' checked="checked"' : '') . ' />农历</td></tr><tr><td>手机:</td><td><input name="phone" id="formphone" size="32" value="' . $r_dbu['phone'] . '" /></td></tr><tr><td>联系电话:</td><td><input name="tel" size="32" value="' . $r_dbu['tel'] . '" /></td></tr><tr><td>电子邮件:</td><td><input name="email" size="32" value="' . $r_dbu['email'] . '" /></td></tr><tr><td>主页:</td><td><input name="url" size="32" value="' . $r_dbu['url'] . '" /></td></tr><tr><td>QQ:</td><td><input name="qq" size="32" value="' . $r_dbu['qq'] . '" /></td></tr><tr><td>MSN:</td><td><input name="msn" size="32" value="' . $r_dbu['msn'] . '" /></td></tr><tr><td>GTalk:</td><td><input name="gtalk" size="32" value="' . $r_dbu['gtalk'] . '" /></td></tr><tr><td>住址:</td><td><input name="address" id="formaddress" size="32" value="' . $r_dbu['address'] . '" title="准确填写详细住址后可以在地图上显示" /><span name="s_cbt" data-id="map_tr" class="mlink f_link">从地图上选取</span></td></tr><tr id="map_tr" style="display: none;"><td></td><td><input type="hidden" id="cmid" value="0"/>操作方法:左键按住移动,滚轮放大缩小,左键单击选取地点 <span name="h_cbt" data-id="map_tr" class="mlink f_link">关闭地图</span><div style="width: 400px;height: 300px;border:1px solid #999;" id="map_container"></div></td></tr><tr><td>籍贯:</td><td><input name="location" size="32" value="' . $r_dbu['location'] . '" /></td></tr><tr><td>工作单位:</td><td><input name="work" size="32" value="' . $r_dbu['work'] . '" /></td></tr><tr><td colspan="2"><input name="sylorm" type="checkbox" value="1"' . ($r_dbu['sylorm'] > 0 ? ' checked="checked"' : '') . '/>使用站外账号登录记住登录<br/><input type="submit" value="修改" class="button" /></td></tr></table></form></div>';
$js_c .= '
} else {
$u = './?m=login&t=facebook';
}
if ($config['is_fb'] > 0 && $config['fb_app_id'] != '' && $config['fb_se'] != '') {
if (isset($_GET['code']) && trim($_GET['code']) != '') {
require_once 'lib/facebook.php';
$o = new facebookPHP($config['fb_app_id'], $config['fb_se']);
$result = $o->access_token($config['site_url'] . 'facebook_callback.php', $_GET['code']);
}
if (isset($result['access_token']) && $result['access_token'] != '') {
$s_t = $result['access_token'];
if ($c_log) {
$ar = getainfo($_SESSION[$config['u_hash']], 'id, name');
$s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('facebook', 'text'));
$q_dby = mysql_query($s_dby) or die('');
$r_dby = mysql_fetch_assoc($q_dby);
if (mysql_num_rows($q_dby) > 0) {
$u_db = sprintf('update %s set s_t=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), $r_dby['id']);
$result = mysql_query($u_db) or die('');
} else {
$i_db = sprintf('insert into %s (aid, name, s_t) values (%s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('facebook', 'text'), SQLString($s_t, 'text'));
$result = mysql_query($i_db) or die('');
}
mysql_free_result($q_dby);
setsinfo($ar['name'] . ' 绑定了Facebook', $ar['id']);
} else {
$_SESSION['facebook_login_u_t'] = $s_t;
}
}
}
header('Location:' . $u);
if (isset($_GET['code']) && trim($_GET['code']) != '') {
require_once 'lib/google.php';
$db_o = new googlePHP($config['google_key'], $config['google_se']);
$result = $db_o->access_token($config['site_url'] . 'google_callback.php', $_GET['code']);
}
if (isset($result['access_token']) && $result['access_token'] != '') {
$s_t = $result['access_token'];
$s_r = $result['refresh_token'];
$edate = time() + $result['expires_in'];
if ($c_log) {
$ar = getainfo($_SESSION[$config['u_hash']], 'id, name');
$s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('google', 'text'));
$q_dby = mysql_query($s_dby) or die('');
$r_dby = mysql_fetch_assoc($q_dby);
if (mysql_num_rows($q_dby) > 0) {
$u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']);
$result = mysql_query($u_db) or die('');
} else {
$i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('google', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'));
$result = mysql_query($i_db) or die('');
}
mysql_free_result($q_dby);
setsinfo($ar['name'] . ' 绑定了Google', $ar['id']);
} else {
$_SESSION['google_login_u_t'] = $s_t;
$_SESSION['google_login_u_r'] = $s_r;
$_SESSION['google_login_u_edate'] = $edate;
}
}
}
header('Location:' . $u);
if (isset($_GET['code']) && trim($_GET['code']) != '') {
require_once 'lib/instagram.php';
$io = new instagramPHP($config['instagram_key'], $config['instagram_se']);
$result = $io->access_token($config['site_url'] . 'instagram_callback.php', $_GET['code']);
}
if (isset($result['access_token']) && $result['access_token'] != '') {
$s_t = $result['access_token'];
$s_id = $ia['user']['id'];
if ($c_log) {
$ar = getainfo($_SESSION[$config['u_hash']], 'id, name');
$d_db = sprintf('delete from %s where s_id=%s and aid<>%s and name=%s', $dbprefix . 'm_sync', SQLString($s_id, 'text'), $ar['id'], SQLString('instagram', 'text'));
$result = mysql_query($d_db) or die('');
$s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('instagram', 'text'));
$q_dby = mysql_query($s_dby) or die('');
$r_dby = mysql_fetch_assoc($q_dby);
if (mysql_num_rows($q_dby) > 0) {
$u_db = sprintf('update %s set s_id=%s, s_t=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_id, 'text'), SQLString($s_t, 'text'), $r_dby['id']);
$result = mysql_query($u_db) or die('');
} else {
$i_db = sprintf('insert into %s (aid, name, s_id, s_t) values (%s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('instagram', 'text'), SQLString($s_id, 'text'), SQLString($s_t, 'text'));
$result = mysql_query($i_db) or die('');
}
mysql_free_result($q_dby);
setsinfo($ar['name'] . ' 绑定了Instagram', $ar['id']);
} else {
$_SESSION['instagram_login_u_id'] = $s_id;
$_SESSION['instagram_login_u_t'] = $s_t;
}
}
}
header('Location:' . $u);
if (isset($_GET['code']) && trim($_GET['code']) != '') {
require_once 'lib/baidu.php';
$bo = new baiduPHP($config['baidu_key'], $config['baidu_se']);
$result = $bo->access_token($config['site_url'] . 'baidu_callback.php', $_GET['code']);
}
if (isset($result['access_token']) && $result['access_token'] != '') {
$s_t = $result['access_token'];
$s_r = $result['refresh_token'];
$edate = time() + $result['expires_in'];
if ($c_log) {
$ar = getainfo($_SESSION[$config['u_hash']], 'id, name');
$s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('baidu', 'text'));
$q_dby = mysql_query($s_dby) or die('');
$r_dby = mysql_fetch_assoc($q_dby);
if (mysql_num_rows($q_dby) > 0) {
$u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']);
$result = mysql_query($u_db) or die('');
} else {
$i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('baidu', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'));
$result = mysql_query($i_db) or die('');
}
mysql_free_result($q_dby);
setsinfo($ar['name'] . ' 绑定了百度', $ar['id']);
} else {
$_SESSION['baidu_login_u_t'] = $s_t;
$_SESSION['baidu_login_u_r'] = $s_r;
$_SESSION['baidu_login_u_edate'] = $edate;
}
}
}
header('Location:' . $u);
