if (isset($_GET['code']) && trim($_GET['code']) != '') { require_once 'lib/t163.php'; $db_o = new t163PHP($config['t163_key'], $config['t163_se']); $result = $db_o->access_token($config['site_url'] . 't163_callback.php', $_GET['code']); } if (isset($result['access_token']) && $result['access_token'] != '') { $s_t = $result['access_token']; $s_r = $result['refresh_token']; $edate = time() + $result['expires_in']; if ($c_log) { $ar = getainfo($_SESSION[$config['u_hash']], 'id, name'); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('t163', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('t163', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($ar['name'] . ' 绑定了网易微博', $ar['id']); } else { $_SESSION['t163_login_u_t'] = $s_t; $_SESSION['t163_login_u_r'] = $s_r; $_SESSION['t163_login_u_edate'] = $edate; } } } header('Location:' . $u);
if (isset($_GET['code']) && trim($_GET['code']) != '') { require_once 'lib/kaixin.php'; $db_o = new kaixinPHP($config['kx001_key'], $config['kx001_se']); $result = $db_o->access_token($config['site_url'] . 'kx001_callback.php', $_GET['code']); } if (isset($result['access_token']) && $result['access_token'] != '') { $s_t = $result['access_token']; $s_r = $result['refresh_token']; $edate = time() + $result['expires_in']; if ($c_log) { $ar = getainfo($_SESSION[$config['u_hash']], 'id, name'); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('kx001', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('kx001', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($ar['name'] . ' 绑定了开心网', $ar['id']); } else { $_SESSION['kx001_login_u_t'] = $s_t; $_SESSION['kx001_login_u_r'] = $s_r; $_SESSION['kx001_login_u_edate'] = $edate; } } } header('Location:' . $u);
} else { $u = './?m=login&t=qq'; } if ($config['is_qq'] > 0 && $config['qq_app_id'] != '' && $config['qq_app_key'] != '') { if (isset($_GET['code']) && trim($_GET['code']) != '') { require_once 'lib/qq.php'; $o = new qqPHP($config['qq_app_id'], $config['qq_app_key']); $result = $o->access_token($config['site_url'] . 'qq_callback.php', $_GET['code']); } if (isset($result['access_token']) && $result['access_token'] != '') { $s_t = $result['access_token']; if ($c_log) { $ar = getainfo($_SESSION[$config['u_hash']], 'id, name'); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('qq', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_t=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_t) values (%s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('qq', 'text'), SQLString($s_t, 'text')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($ar['name'] . ' 绑定了QQ', $ar['id']); } else { $_SESSION['qq_login_u_t'] = $s_t; } } } header('Location:' . $u);
if (trim($_POST['flickr_url']) != '' && trim($_POST['flickr_id']) != '' && trim($_POST['flickr_name']) != '' && $config['is_flickr'] > 0 && ($config['is_uflickr'] > 0 || $config['flickr_key'] != '')) { $flickr_url = htmlspecialchars(trim($_POST['flickr_url']), ENT_QUOTES); $flickr_id = htmlspecialchars(trim($_POST['flickr_id']), ENT_QUOTES); $flickr_name = htmlspecialchars(trim($_POST['flickr_name']), ENT_QUOTES); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $r_dbu['id'], SQLString('flickr', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_id=%s, s_t=%s, s_n=%s where id=%s', $dbprefix . 'member', SQLString($flickr_id, 'text'), SQLString($flickr_url, 'text'), SQLString($flickr_name, 'text'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_id, s_t, s_n) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $r_dbu['id'], SQLString('flickr', 'text'), SQLString($flickr_id, 'text'), SQLString($flickr_url, 'text'), SQLString($flickr_name, 'text')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($r_dbu['name'] . ' 绑定了Flickr', $r_dbu['id']); $e = 1; } else { $e = 2; } } elseif (isset($_POST['isl_sina_h']) && intval($_POST['isl_sina_h']) > 0) { $is_show = isset($_POST['is_show']) && $_POST['is_show'] == 1 ? 1 : 0; $u_db = sprintf('update %s set is_show=%s where id=%s', $dbprefix . 'm_sync', $is_show, intval($_POST['isl_sina_h'])); $result = mysql_query($u_db) or die(''); $e = 1; } elseif (isset($_POST['isl_tqq_h']) && intval($_POST['isl_tqq_h']) > 0) { $is_show = isset($_POST['is_show']) && $_POST['is_show'] == 1 ? 1 : 0; $u_db = sprintf('update %s set is_show=%s where id=%s', $dbprefix . 'm_sync', $is_show, intval($_POST['isl_tqq_h'])); $result = mysql_query($u_db) or die(''); $e = 1; } elseif (isset($_POST['isl_fb_h']) && intval($_POST['isl_fb_h']) > 0) {
if (isset($_GET['code']) && trim($_GET['code']) != '') { require_once 'lib/douban.php'; $db_o = new doubanPHP($config['douban_key'], $config['douban_se']); $result = $db_o->access_token($config['site_url'] . 'douban_callback.php', $_GET['code']); } if (isset($result['access_token']) && $result['access_token'] != '') { $s_t = $result['access_token']; $s_r = $result['refresh_token']; $edate = time() + $result['expires_in']; if ($c_log) { $ar = getainfo($_SESSION[$config['u_hash']], 'id, name'); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('douban', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('douban', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($ar['name'] . ' 绑定了豆瓣', $ar['id']); } else { $_SESSION['douban_login_u_t'] = $s_t; $_SESSION['douban_login_u_r'] = $s_r; $_SESSION['douban_login_u_edate'] = $edate; } } } header('Location:' . $u);
$status = $config['veri'] > 0 ? 0 : 1; $gid = isset($_POST['gid']) && isset($g_c) && in_array($_POST['gid'], $g_c) && isset($g_a[$_POST['gid']]) ? $_POST['gid'] : 0; $jaid = isset($idb) ? $idb['aid'] : 0; $rela = isset($_POST['rela']) ? htmlspecialchars(trim($_POST['rela']), ENT_QUOTES) : ''; $email = htmlspecialchars(trim($_POST['email']), ENT_QUOTES); $s_dbu = sprintf('select id from %s where username=%s limit 1', $dbprefix . 'member', SQLString($username, 'text')); $q_dbu = mysql_query($s_dbu) or die(''); if (mysql_num_rows($q_dbu) > 0) { $e = 1; } else { $i_db = sprintf('insert into %s (username, password, name, status, regdate, gid, jaid, rela, email) values (%s, %s, %s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'member', SQLString($username, 'text'), SQLString($password, 'text'), SQLString($name, 'text'), SQLString($status, 'int'), time(), SQLString($gid, 'int'), SQLString($jaid, 'int'), SQLString($rela, 'text'), SQLString($email, 'text')); $result = mysql_query($i_db) or die(''); $nid = mysql_insert_id(); $i_db = sprintf('insert into %s (aid, datetime, ip_i, online) values (%s, %s, inet_aton(%s), 0)', $dbprefix . 'online', $nid, time(), SQLString(getIP(), 'text')); $result = mysql_query($i_db) or die(''); setsinfo($name . ' 新用户注册' . (isset($g_a[$gid]) ? ',身份:' . $g_a[$gid] : '') . (isset($idb) ? ',邀请人:<a href="?m=user&id=' . $idb['aid'] . '">' . $idb['name'] . '</a>' : '') . ($config['veri'] > 0 ? '' : ',等待审核') . ($rela != '' ? "\r\r" . $rela : ''), $nid); if (isset($_SESSION['login_sync_tn']) && $_SESSION['login_sync_tn'] != '' && isset($a_sync[$_SESSION['login_sync_tn']])) { $i_db = sprintf('insert into %s (aid, name, s_id, s_t, s_r, s_s, edate) values (%s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $nid, SQLString($_SESSION['login_sync_tn'], 'text'), SQLString($_SESSION['login_sync_id'], 'text'), SQLString($_SESSION['login_sync_t'], 'text'), SQLString($_SESSION['login_sync_r'], 'text'), SQLString($_SESSION['login_sync_s'], 'text'), SQLString($_SESSION['login_sync_edate'], 'int')); $result = mysql_query($i_db) or die(''); $_SESSION['login_sync_tn'] = ''; $_SESSION['login_sync_id'] = ''; $_SESSION['login_sync_t'] = ''; $_SESSION['login_sync_r'] = ''; $_SESSION['login_sync_s'] = ''; $_SESSION['login_sync_u'] = ''; $_SESSION['login_sync_edate'] = 0; } if (isset($idb)) { $u_db = sprintf('update %s set jid=%s where id=%s', $dbprefix . 'invite', $nid, $idb['id']); $result = mysql_query($u_db) or die(''); }
if (isset($_GET['code']) && trim($_GET['code']) != '') { require_once 'lib/live.php'; $db_o = new livePHP($config['live_key'], $config['live_se']); $result = $db_o->access_token($config['site_url'] . 'live_callback.php', $_GET['code']); } if (isset($result['access_token']) && $result['access_token'] != '') { $s_t = $result['access_token']; $s_r = $result['refresh_token']; $edate = time() + $result['expires_in']; if ($c_log) { $ar = getainfo($_SESSION[$config['u_hash']], 'id, name'); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('live', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('live', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($ar['name'] . ' 绑定了Microsoft账户', $ar['id']); } else { $_SESSION['live_login_u_t'] = $s_t; $_SESSION['live_login_u_r'] = $s_r; $_SESSION['live_login_u_edate'] = $edate; } } } header('Location:' . $u);
exit; } mysql_free_result($q_dbc); } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($c_log) { $title = htmlspecialchars(trim($_POST['title']), ENT_QUOTES); $cont = htmlspecialchars(trim($_POST['rinfo']), ENT_QUOTES); $cdate = htmlspecialchars(trim($_POST['cdate']), ENT_QUOTES); $cloc = htmlspecialchars(trim($_POST['cloc']), ENT_QUOTES); $cpay = htmlspecialchars(trim($_POST['cpay']), ENT_QUOTES); if ($title != '') { $i_db = sprintf('insert into %s (title, content, cdate, cloc, cpay, aid, datetime) values (%s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'camp', SQLString($title, 'text'), SQLString($cont, 'text'), SQLString($cdate, 'text'), SQLString($cloc, 'text'), SQLString($cpay, 'text'), $_SESSION[$config['u_hash']], time()); $result = mysql_query($i_db) or die(''); $nid = mysql_insert_id(); setsinfo($pn . ' 发起新活动', $_SESSION[$config['u_hash']], $nid, 3); } } header('Location:./?m=camp'); exit; } else { $title .= '班级活动'; $s_a_dbc = sprintf('select a.*, b.name from %s as a, %s as b where a.aid=b.id and a.disp=0 order by a.closed, a.sticky desc, a.datetime desc', $dbprefix . 'camp', $dbprefix . 'member'); $q_a_dbc = mysql_query($s_a_dbc) or die(''); $c_dbc = mysql_num_rows($q_a_dbc); if ($c_dbc > 0) { $p_dbc = ceil($c_dbc / $config['pagesize']); if ($page > $p_dbc) { $page = $p_dbc; } $s_dbc = sprintf('%s limit %d, %d', $s_a_dbc, ($page - 1) * $config['pagesize'], $config['pagesize']);
$_SESSION['tw_login_token'] = ''; unset($_SESSION['tw_login_token']); $_SESSION['tw_login_secret'] = ''; unset($_SESSION['tw_login_secret']); } if ($token != '' && $secret != '') { require_once 'lib/twitterOAuth.php'; $to = new TwitterOAuth($config['tw_key'], $config['tw_se'], $token, $secret); $tok = $to->getAccessToken(); if ($tok['oauth_token'] != '' && $tok['oauth_token_secret'] != '') { if ($c_log) { $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('twitter', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_t=%s, s_s=%s where id=%s', $dbprefix . 'm_sync', SQLString($tok['oauth_token'], 'text'), SQLString($tok['oauth_token_secret'], 'text'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_t, s_s) values (%s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('twitter', 'text'), SQLString($tok['oauth_token'], 'text'), SQLString($tok['oauth_token_secret'], 'text')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($ar['name'] . ' 绑定了Twitter', $ar['id']); } else { $_SESSION['tw_login_u_t'] = $tok['oauth_token']; $_SESSION['tw_login_u_s'] = $tok['oauth_token_secret']; } } } } header('Location:' . $u);
session_unset(); session_start(); $_SESSION[$config['u_hash']] = $r_dbu['id']; if (isset($_SESSION['login_sync_tn']) && $_SESSION['login_sync_tn'] != '' && isset($a_sync[$_SESSION['login_sync_tn']])) { $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $r_dbu['id'], SQLString($_SESSION['login_sync_tn'], 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_id=%s, s_t=%s, s_r=%s, s_s=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($_SESSION['login_sync_id'], 'text'), SQLString($_SESSION['login_sync_t'], 'text'), SQLString($_SESSION['login_sync_r'], 'text'), SQLString($_SESSION['login_sync_s'], 'text'), SQLString($_SESSION['login_sync_edate'], 'int'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_id, s_t, s_r, s_s, edate) values (%s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $r_dbu['id'], SQLString($_SESSION['login_sync_tn'], 'text'), SQLString($_SESSION['login_sync_id'], 'text'), SQLString($_SESSION['login_sync_t'], 'text'), SQLString($_SESSION['login_sync_r'], 'text'), SQLString($_SESSION['login_sync_s'], 'text'), SQLString($_SESSION['login_sync_edate'], 'int')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($r_dbu['name'] . ' 绑定了' . $a_sync[$_SESSION['login_sync_tn']], $r_dbu['id']); $_SESSION['login_sync_tn'] = ''; $_SESSION['login_sync_id'] = ''; $_SESSION['login_sync_t'] = ''; $_SESSION['login_sync_r'] = ''; $_SESSION['login_sync_s'] = ''; $_SESSION['login_sync_u'] = ''; $_SESSION['login_sync_edate'] = 0; } if (isset($_POST['remember']) && $_POST['remember'] == '1') { setcookie($config['u_hash'] . '_u', $username, time() + 86400 * 30); setcookie($config['u_hash'] . '_p', $password, time() + 86400 * 30); } else { setcookie($config['u_hash'] . '_u', '', time()); setcookie($config['u_hash'] . '_p', '', time()); }
} if (isset($_GET['cid']) && intval($_GET['cid']) > 0 && $menua[$mid][0] != 5) { if ($c_log && $pa == 9) { $s_dbu = sprintf('select id, name from %s where id=%s and status=0 limit 1', $dbprefix . 'member', SQLString($_GET['cid'], 'int')); $q_dbu = mysql_query($s_dbu) or die(''); $r_dbu = mysql_fetch_assoc($q_dbu); if (mysql_num_rows($q_dbu) > 0) { $c = $r_dbu['name'] . ' 被设置为'; if (isset($_GET['p']) && $_GET['p'] == 1) { $c .= '普通用户'; $power = 0; } else { $c .= '管理员'; $power = 4; } setsinfo($c, $r_dbu['id']); $u_db = sprintf('update %s set power=%s where id=%s', $dbprefix . 'member', SQLString($power, 'int'), $r_dbu['id']); $result = mysql_query($u_db) or die(''); } mysql_free_result($q_dbu); } header('Location:./?m=user'); exit; } if (isset($_GET['did']) && intval($_GET['did']) > 0 && $menua[$mid][0] != 5) { if ($c_log && $pa == 9) { $s_dbu = sprintf('select id, photo from %s where id=%s limit 1', $dbprefix . 'member', SQLString($_GET['did'], 'int')); $q_dbu = mysql_query($s_dbu) or die(''); $r_dbu = mysql_fetch_assoc($q_dbu); if (mysql_num_rows($q_dbu) > 0) { if ($r_dbu['photo'] != '') {
* 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。 */ $page = isset($_GET['page']) && intval($_GET['page']) > 0 ? intval($_GET['page']) : 1; $pagesize = 50; if (isset($_GET['id']) && intval($_GET['id']) > 0) { $s_dbp = sprintf('select a.*, b.power, b.name from %s as a, %s as b where a.id=%s and a.aid=b.id and a.disp=0 limit 1', $dbprefix . 'photo', $dbprefix . 'member', intval($_GET['id'])); $q_dbp = mysql_query($s_dbp) or die(''); $r_dbp = mysql_fetch_assoc($q_dbp); if (mysql_num_rows($q_dbp) > 0) { if ($_SERVER['REQUEST_METHOD'] == 'POST' && $c_log) { $cont = htmlspecialchars(trim($_POST['rinfo']), ENT_QUOTES); if ($cont != '') { $i_db = sprintf('insert into %s (content, aid, pid, datetime) values (%s, %s, %s, %s)', $dbprefix . 'pcomment', SQLString($cont, 'text'), $_SESSION[$config['u_hash']], $r_dbp['id'], time()); $result = mysql_query($i_db) or die(''); $nid = mysql_insert_id(); setsinfo($pn . ' 发表评论', $r_dbp['aid'], $r_dbp['id'], 2); } header('Location:./?m=album&id=' . $r_dbp['id'] . (isset($nid) ? '#topic-' . $nid : '')); exit; } else { $t = $r_dbp['title'] != '' ? $r_dbp['title'] : ($r_dbp['vid'] > 0 ? '视频' : '照片') . ' #' . $r_dbp['id']; $title .= $t; $u = $r_dbp['url']; if ($r_dbp['upload'] == 0) { $tb_i = ''; if (strstr($u, '[/]')) { $a_u = explode('[/]', $u); $l_u = count($a_u) - 1; $t_u = $a_u[$l_u]; if (trim($t_u) != '' && strstr(trim($t_u), '://')) { $tb_i = trim($t_u);
exit; } $content .= '<div class="photo_list"><img src="' . $v . '" class="photo" alt="" width="55" height="55"/> <img src="images/o_2.gif" alt="" title="删除" name="del_img" data-id="' . $k . '" class="f_link"/></div>'; } } } else { if (isset($_GET['did']) && $_GET['did'] == 1) { foreach ($a_pho as $v) { if (trim($v) != '' && !strstr($v, '://') && file_exists(trim($v))) { unlink(trim($v)); } } $u_pho = ''; $u_db = sprintf('update %s set photo=%s where id=%s', $dbprefix . 'member', SQLString($u_pho, 'text'), $r_dbu['id']); $result = mysql_query($u_db) or die(''); setsinfo($r_dbu['name'] . ' 更新了个人资料', $r_dbu['id']); header('Location:./?m=profile&t=photo&e=1'); exit; } $content .= '<img src="' . $a_pho[0] . '" class="photo" alt="" width="55" height="55"/> <img src="images/o_2.gif" alt="" title="删除" name="del_img" data-id="1" class="f_link"/>'; } } else { $content .= '<img src="images/dphoto.jpg" class="photo" alt="" width="55" height="55"/>'; } $content .= '<div class="extr"></div></div><br/><div class="title">' . ($config['avator'] > 0 ? '添加' : '设置') . '头像'; if ($c_pho >= $config['avator'] && $config['avator'] > 0) { $content .= '</div><div class="lcontent">您已经有' . $config['avator'] . '个头像,达到头像数的最大上限,不能再添加头像!</div>'; } else { if ($config['upload'] == 0) { $js_c .= ' $("span[name=\'melink\']").click(function(){
$title = htmlspecialchars(trim($_POST['title']), ENT_QUOTES); if ($url != '') { $tbimg = isset($_POST['tbimg']) && trim($_POST['tbimg']) != '' ? getfurl(htmlspecialchars(trim($_POST['tbimg']), ENT_QUOTES)) : ''; if ($tbimg != '' && $up == 0) { $url .= '[/]' . $tbimg; } $cid = isset($_POST['cid']) ? $_POST['cid'] : 0; $i_db = sprintf('insert into %s (title, url, aid, cid, datetime, upload, vid) values (%s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'photo', SQLString($title, 'text'), SQLString($url, 'text'), $_SESSION[$config['u_hash']], SQLString($cid, 'int'), time(), SQLString($up, 'int'), SQLString($vid, 'int')); $result = mysql_query($i_db) or die(''); $nid = mysql_insert_id(); if ($cid > 0) { $ptitle = $title != '' ? $title : '#' . $nid; $i_db = sprintf('insert into %s (content, aid, cid, sid, datetime) values (%s, %s, %s, %s, %s)', $dbprefix . 'ccomment', SQLString($ptitle, 'text'), $_SESSION[$config['u_hash']], SQLString($cid, 'int'), SQLString($nid, 'int'), time()); $result = mysql_query($i_db) or die(''); } setsinfo($pn . ' 添加新' . ($vid > 0 ? '视频' : '照片'), $_SESSION[$config['u_hash']], $nid, 2); } } header('Location:./?m=album' . (isset($e) && $e > 0 ? '&e=' . $e . '#msg' : '')); exit; } else { $title .= '照片视频'; $a_msg = array(1 => '文件太大!', '文件类型不可用!', '上传路径不可用!', '上传的不是图片文件!', '上传出错!'); $content .= '<div class="title">照片视频</div><div class="'; $s_a_dbp = sprintf('select a.id, a.title, a.url, a.vid, a.upload, a.disp, b.name from %s as a, %s as b where a.aid=b.id%s order by a.datetime desc', $dbprefix . 'photo', $dbprefix . 'member', $ddb); $q_a_dbp = mysql_query($s_a_dbp) or die(''); $c_dbp = mysql_num_rows($q_a_dbp); if ($c_dbp > 0) { $p_dbp = ceil($c_dbp / $pagesize); if ($page > $p_dbp) { $page = $p_dbp;
$isnl = isset($_POST['isnl']) && $_POST['isnl'] == 1 ? 1 : 0; $url = htmlspecialchars(trim($_POST['url']), ENT_QUOTES); $email = htmlspecialchars(trim($_POST['email']), ENT_QUOTES); $phone = htmlspecialchars(trim($_POST['phone']), ENT_QUOTES); $work = htmlspecialchars(trim($_POST['work']), ENT_QUOTES); $tel = htmlspecialchars(trim($_POST['tel']), ENT_QUOTES); $qq = htmlspecialchars(trim($_POST['qq']), ENT_QUOTES); $msn = htmlspecialchars(trim($_POST['msn']), ENT_QUOTES); $gtalk = htmlspecialchars(trim($_POST['gtalk']), ENT_QUOTES); $address = htmlspecialchars(trim($_POST['address']), ENT_QUOTES); $location = htmlspecialchars(trim($_POST['location']), ENT_QUOTES); $rela = htmlspecialchars(trim($_POST['rela']), ENT_QUOTES); $sylorm = isset($_POST['sylorm']) && $_POST['sylorm'] == 1 ? 1 : 0; $u_db = sprintf('update %s set username=%s, name=%s, gender=%s, bir_y=%s, bir_m=%s, bir_d=%s, isnl=%s, url=%s, email=%s, phone=%s, work=%s, tel=%s, qq=%s, msn=%s, gtalk=%s, address=%s, location=%s, rela=%s, sylorm=%s where id=%s', $dbprefix . 'member', SQLString($username, 'text'), SQLString($name, 'text'), SQLString($gender, 'int'), SQLString($bir_y, 'int'), SQLString($bir_m, 'int'), SQLString($bir_d, 'int'), $isnl, SQLString($url, 'text'), SQLString($email, 'text'), SQLString($phone, 'text'), SQLString($work, 'text'), SQLString($tel, 'text'), SQLString($qq, 'text'), SQLString($msn, 'text'), SQLString($gtalk, 'text'), SQLString($address, 'text'), SQLString($location, 'text'), SQLString($rela, 'text'), $sylorm, $r_dbu['id']); $result = mysql_query($u_db) or die(''); setsinfo($name . ' 更新了个人资料', $r_dbu['id']); } header('Location:./?m=profile' . (isset($e) ? '&e=' . $e : '')); exit; } else { $a_msg = array(1 => '个人资料已修改。', '请使用其他的用户名!'); $content .= '<script type="text/javascript" src="http://api.map.baidu.com/api?v=1.3"></script>' . (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">个人资料</div><div class="lcontent"><form method="post" action="" class="btform" id="pfform"><table><tr><td>用户名:</td><td><input name="username" size="32" value="' . htmlspecialchars($r_dbu['username'], ENT_QUOTES) . '" class="bt_input" rel="用户名" /></td></tr><tr><td>姓名:</td><td><input name="name" size="32" value="' . $r_dbu['name'] . '" class="bt_input" rel="姓名" /></td></tr><tr><td>介绍:</td><td><input name="rela" size="32" value="' . $r_dbu['rela'] . '" /></td></tr><tr><td>性别:</td><td><input type="radio" name="gender" value="0"' . ($r_dbu['gender'] == 0 ? ' checked="checked"' : '') . ' />保密 <input type="radio" name="gender" value="1"' . ($r_dbu['gender'] == 1 ? ' checked="checked"' : '') . ' />男 <input type="radio" name="gender" value="2"' . ($r_dbu['gender'] == 2 ? ' checked="checked"' : '') . ' />女</td></tr><tr><td>生日:</td><td><input name="bir_y" size="5" maxsize="4" value="' . ($r_dbu['bir_y'] > 0 ? $r_dbu['bir_y'] : '') . '" />-<select name="bir_m">'; for ($i = 0; $i < 13; $i++) { $content .= '<option value="' . $i . '"' . ($r_dbu['bir_m'] == $i ? ' selected="selected"' : '') . '>' . ($i > 0 ? $i : '-') . '</option>'; } $content .= '</select>-<select name="bir_d">'; for ($i = 0; $i < 32; $i++) { $content .= '<option value="' . $i . '"' . ($r_dbu['bir_d'] == $i ? ' selected="selected"' : '') . '>' . ($i > 0 ? $i : '-') . '</option>'; } $content .= '</select></td></tr><tr><td>历法:</td><td><input type="radio" name="isnl" value="0"' . ($r_dbu['isnl'] == 0 ? ' checked="checked"' : '') . ' />公历 <input type="radio" name="isnl" value="1"' . ($r_dbu['isnl'] == 1 ? ' checked="checked"' : '') . ' />农历</td></tr><tr><td>手机:</td><td><input name="phone" id="formphone" size="32" value="' . $r_dbu['phone'] . '" /></td></tr><tr><td>联系电话:</td><td><input name="tel" size="32" value="' . $r_dbu['tel'] . '" /></td></tr><tr><td>电子邮件:</td><td><input name="email" size="32" value="' . $r_dbu['email'] . '" /></td></tr><tr><td>主页:</td><td><input name="url" size="32" value="' . $r_dbu['url'] . '" /></td></tr><tr><td>QQ:</td><td><input name="qq" size="32" value="' . $r_dbu['qq'] . '" /></td></tr><tr><td>MSN:</td><td><input name="msn" size="32" value="' . $r_dbu['msn'] . '" /></td></tr><tr><td>GTalk:</td><td><input name="gtalk" size="32" value="' . $r_dbu['gtalk'] . '" /></td></tr><tr><td>住址:</td><td><input name="address" id="formaddress" size="32" value="' . $r_dbu['address'] . '" title="准确填写详细住址后可以在地图上显示" /><span name="s_cbt" data-id="map_tr" class="mlink f_link">从地图上选取</span></td></tr><tr id="map_tr" style="display: none;"><td></td><td><input type="hidden" id="cmid" value="0"/>操作方法:左键按住移动,滚轮放大缩小,左键单击选取地点 <span name="h_cbt" data-id="map_tr" class="mlink f_link">关闭地图</span><div style="width: 400px;height: 300px;border:1px solid #999;" id="map_container"></div></td></tr><tr><td>籍贯:</td><td><input name="location" size="32" value="' . $r_dbu['location'] . '" /></td></tr><tr><td>工作单位:</td><td><input name="work" size="32" value="' . $r_dbu['work'] . '" /></td></tr><tr><td colspan="2"><input name="sylorm" type="checkbox" value="1"' . ($r_dbu['sylorm'] > 0 ? ' checked="checked"' : '') . '/>使用站外账号登录记住登录<br/><input type="submit" value="修改" class="button" /></td></tr></table></form></div>'; $js_c .= '
} else { $u = './?m=login&t=facebook'; } if ($config['is_fb'] > 0 && $config['fb_app_id'] != '' && $config['fb_se'] != '') { if (isset($_GET['code']) && trim($_GET['code']) != '') { require_once 'lib/facebook.php'; $o = new facebookPHP($config['fb_app_id'], $config['fb_se']); $result = $o->access_token($config['site_url'] . 'facebook_callback.php', $_GET['code']); } if (isset($result['access_token']) && $result['access_token'] != '') { $s_t = $result['access_token']; if ($c_log) { $ar = getainfo($_SESSION[$config['u_hash']], 'id, name'); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('facebook', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_t=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_t) values (%s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('facebook', 'text'), SQLString($s_t, 'text')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($ar['name'] . ' 绑定了Facebook', $ar['id']); } else { $_SESSION['facebook_login_u_t'] = $s_t; } } } header('Location:' . $u);
if (isset($_GET['code']) && trim($_GET['code']) != '') { require_once 'lib/google.php'; $db_o = new googlePHP($config['google_key'], $config['google_se']); $result = $db_o->access_token($config['site_url'] . 'google_callback.php', $_GET['code']); } if (isset($result['access_token']) && $result['access_token'] != '') { $s_t = $result['access_token']; $s_r = $result['refresh_token']; $edate = time() + $result['expires_in']; if ($c_log) { $ar = getainfo($_SESSION[$config['u_hash']], 'id, name'); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('google', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('google', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($ar['name'] . ' 绑定了Google', $ar['id']); } else { $_SESSION['google_login_u_t'] = $s_t; $_SESSION['google_login_u_r'] = $s_r; $_SESSION['google_login_u_edate'] = $edate; } } } header('Location:' . $u);
if (isset($_GET['code']) && trim($_GET['code']) != '') { require_once 'lib/instagram.php'; $io = new instagramPHP($config['instagram_key'], $config['instagram_se']); $result = $io->access_token($config['site_url'] . 'instagram_callback.php', $_GET['code']); } if (isset($result['access_token']) && $result['access_token'] != '') { $s_t = $result['access_token']; $s_id = $ia['user']['id']; if ($c_log) { $ar = getainfo($_SESSION[$config['u_hash']], 'id, name'); $d_db = sprintf('delete from %s where s_id=%s and aid<>%s and name=%s', $dbprefix . 'm_sync', SQLString($s_id, 'text'), $ar['id'], SQLString('instagram', 'text')); $result = mysql_query($d_db) or die(''); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('instagram', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_id=%s, s_t=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_id, 'text'), SQLString($s_t, 'text'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_id, s_t) values (%s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('instagram', 'text'), SQLString($s_id, 'text'), SQLString($s_t, 'text')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($ar['name'] . ' 绑定了Instagram', $ar['id']); } else { $_SESSION['instagram_login_u_id'] = $s_id; $_SESSION['instagram_login_u_t'] = $s_t; } } } header('Location:' . $u);
if (isset($_GET['code']) && trim($_GET['code']) != '') { require_once 'lib/baidu.php'; $bo = new baiduPHP($config['baidu_key'], $config['baidu_se']); $result = $bo->access_token($config['site_url'] . 'baidu_callback.php', $_GET['code']); } if (isset($result['access_token']) && $result['access_token'] != '') { $s_t = $result['access_token']; $s_r = $result['refresh_token']; $edate = time() + $result['expires_in']; if ($c_log) { $ar = getainfo($_SESSION[$config['u_hash']], 'id, name'); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('baidu', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('baidu', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($ar['name'] . ' 绑定了百度', $ar['id']); } else { $_SESSION['baidu_login_u_t'] = $s_t; $_SESSION['baidu_login_u_r'] = $s_r; $_SESSION['baidu_login_u_edate'] = $edate; } } } header('Location:' . $u);