function html2bbcode($message) { global $_SGLOBAL; if(empty($_SGLOBAL['html_s_exp'])) { $_SGLOBAL['html_s_exp'] = array( "/\<div class=\"quote\"\>\<span class=\"q\"\>(.*?)\<\/span\>\<\/div\>/is", "/\<a href=\"(.+?)\".*?\<\/a\>/is", "/(\r\n|\n|\r)/", "/<br.*>/siU", "/[ \t]*\<img src=\"image\/face\/(.+?).gif\".*?\>[ \t]*/is", "/\s*\<img src=\"(.+?)\".*?\>\s*/is" ); $_SGLOBAL['html_r_exp'] = array( "[quote]\\1[/quote]", "\\1", '', "\n", "[em:\\1:]", "\n[img]\\1[/img]\n" ); $_SGLOBAL['html_s_str'] = array('<b>', '</b>', '<i>','</i>', '<u>', '</u>', ' ', ' ', ' ', '<', '>', '&'); $_SGLOBAL['html_r_str'] = array('[b]', '[/b]','[i]', '[/i]', '[u]', '[/u]', "\t", ' ', ' ', '<', '>', '&'); } @$message = str_replace($_SGLOBAL['html_s_str'], $_SGLOBAL['html_r_str'], preg_replace($_SGLOBAL['html_s_exp'], $_SGLOBAL['html_r_exp'], $message)); $message = shtmlspecialchars($message); return trim($message); }
static function checkHtml($html) { $html = stripslashes($html); preg_match_all("/<([^<]+)>/is", $html, $ms); $searchs[] = '<'; $replaces[] = '<'; $searchs[] = '>'; $replaces[] = '>'; if ($ms[1]) { $allowtags = 'img|a|font|div|table|tbody|caption|tr|td|th|br |p|b|strong|i|u|em|span|ol|ul|li|blockquote |object|param|embed'; //允许的标签 $ms[1] = array_unique($ms[1]); foreach ($ms[1] as $value) { $searchs[] = "<" . $value . ">"; $value = shtmlspecialchars($value); $value = str_replace(array('/', '/*'), array('.', '/.'), $value); $skipkeys = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload', 'javascript', 'script', 'eval', 'behaviour', 'expression', 'style', 'class'); $skipstr = implode('|', $skipkeys); $value = preg_replace(array("/({$skipstr})/i"), '.', $value); if (!preg_match("/^[/|s]?({$allowtags})(s+|\$)/is", $value)) { $value = ''; } $replaces[] = empty($value) ? '' : "<" . str_replace('"', '"', $value) . ">"; } } $html = str_replace($searchs, $replaces, $html); $html = addslashes($html); return $html; }
function checkhtml($html) { $html = stripslashes($html); preg_match_all("/\\<([^\\<]+)\\>/is", $html, $ms); $searchs[] = '<'; $replaces[] = '<'; $searchs[] = '>'; $replaces[] = '>'; if ($ms[1]) { $allowtags = 'img|font|div|table|tbody|tr|td|th|br|p|b|strong|i|u|em|span|ol|ul|li'; //允许的标签 $ms[1] = array_unique($ms[1]); foreach ($ms[1] as $value) { $searchs[] = "<" . $value . ">"; $value = shtmlspecialchars($value); $value = str_replace(array('\\', '/*'), array('.', '/.'), $value); $value = preg_replace(array("/(javascript|script|eval|behaviour|expression)/i", "/(\\s+|"|')on/i"), array('.', ' .'), $value); if (!preg_match("/^[\\/|\\s]?({$allowtags})(\\s+|\$)/is", $value)) { $value = ''; } $replaces[] = empty($value) ? '' : "<" . str_replace('"', '"', $value) . ">"; } } $html = str_replace($searchs, $replaces, $html); //$html = addslashes($html); return $html; }
function codedisp($code) { global $discuzcodes, $_DCACHE; $discuzcodes['pcodecount']++; $code = shtmlspecialchars(str_replace('\\"', '"', preg_replace("/^[\n\r]*(.+?)[\n\r]*\$/is", "\\1", $code))); $discuzcodes['codehtml'][$discuzcodes['pcodecount']] = "<p style=\"font-weight: bold; margin: 1em 1em 0 1em;\">CODE:</p><code style=\"display: block; margin: 0 1em 1em; padding: 0.5em; border: 1px solid #CCC; font: 12px Courier, monospace; line-height: 1.8em;\">{$code}</code>"; $discuzcodes['codecount']++; return "[\tDISCUZ_CODE_{$discuzcodes['pcodecount']}\t]"; }
function spacecutstr($str, $length) { $bbcodes = 'b|i|u|color|size|font|align|list|indent|url|email|code|free|table|tr|td|img|swf|payto|float'; $str = shtmlspecialchars(cutstr(strip_tags(preg_replace(array("/\\[hide=?\\d*\\](.+?)\\[\\/hide\\]/is", "/\\[quote](.*)\\[\\/quote]/siU", "/\\[({$bbcodes})=?.*\\]/iU", "/\\[\\/({$bbcodes})\\]/i", "/\\[attach\\](\\d+)\\[\\/attach\\]/i"), array("[b]***[/b]", '', '', '', ''), $str)), $length)); $find = array("/http:\\/\\/[a-z0-9\\/\\-_+=.~!%@?#%&;:\$\\()|]+?\\.(jpg|gif|png|bmp)/is", "/(\n|\r|\r\n){2,}/", "/\\s{2,}/"); $replace = array("<img onload=\"if(this.width>320) {this.resized=true;this.width=320;}\" src=\"\\0\">", "\r\n", ''); $str = preg_replace($find, $replace, $str); return trim(nl2br($str)); }
function getcssname($dirname) { $css = sreadfile(S_ROOT.'./theme/'.$dirname.'/style.css'); if($css) { preg_match("/\[name\](.+?)\[\/name\]/i", $css, $mathes); if(!empty($mathes[1])) $name = shtmlspecialchars($mathes[1]); } else { $name = 'No name'; } return $name; }
function shtmlspecialchars($string) { if (is_array($string)) { foreach ($string as $key => $val) { $string[$key] = shtmlspecialchars($val); } } else { $string = preg_replace('/&((#(\\d{3,5}|x[a-fA-F0-9]{4})|[a-zA-Z][a-z0-9]{2,5});)/', '&\\1', str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $string)); } return $string; }
function posttag($tagnamestr) { global $_SGLOBAL, $lang; $tagarr = array('existsname' => array(), 'nonename' => array(), 'closename' => array(), 'existsid' => array()); if (empty($tagnamestr)) { return $tagarr; } $tagnamearr = array(); $valuearr = explode(' ', str_replace(',', ' ', shtmlspecialchars($tagnamestr))); foreach ($valuearr as $value) { if (count($tagnamearr) > 10) { break; } $value = posttagcheck($value); if ($value) { $tagnamearr[md5($value)] = $value; } } if (empty($tagnamearr)) { return $tagarr; } $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('tags') . ' WHERE tagname IN (' . simplode($tagnamearr) . ')'); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $tagarr['existsid'][] = $value['tagid']; $tagarr['existsname'][] = $value['tagname']; if ($value['close']) { $tagarr['closename'][] = $value['tagname']; } } if (!empty($tagarr['existsname'])) { foreach ($tagnamearr as $value) { if (!in_array($value, $tagarr['existsname'])) { $tagarr['nonename'][] = $value; } } } else { $tagarr['nonename'] = $tagnamearr; } if (!empty($tagarr['closename'])) { showmessage($lang['not_allowed_to_belong_to_the_following_tag'] . ':<p>' . implode(',', $tagarr['closename']) . '</p>'); } return $tagarr; }
/** * 模型在线投稿提交处理函数 */ function modelpost($cacheinfo, $cp = 1) { global $_SGLOBAL, $theurl, $_SCONFIG; include_once S_ROOT . './function/upload.func.php'; $_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0; $itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0; $hash = ''; $op = 'add'; $resultitems = $resultmessage = array(); $modelsinfoarr = $cacheinfo['models']; $columnsinfoarr = $cacheinfo['columns']; //获取等级信息 if ($cacheinfo['models']['modelname'] == 'defect') { switch ($_POST['grade']) { case 1: $_POST['grade'] = '64'; break; case 2: $_POST['grade'] = '32'; break; case 3: $_POST['grade'] = '16'; break; case 4: $_POST['grade'] = '9'; break; case 5: $_POST['grade'] = '4'; break; case 6: $_POST['grade'] = '1'; break; case 7: $_POST['grade'] = '-1'; break; case 8: $_POST['grade'] = '-2'; break; case 9: $_POST['grade'] = '-3'; break; } $gradearr = array('0' => $alang['general_state'], '64' => $alang['check_grade_1'], '32' => $alang['check_grade_2'], '16' => $alang['check_grade_3_1'], '9' => $alang['check_grade_3_2'], '4' => $alang['check_grade_3_3'], '1' => $alang['check_grade_4'], '-1' => $alang['check_grade_5'], '-2' => $alang['check_grade_6'], '-3' => $alang['check_grade_7']); if (!empty($_SCONFIG['checkgrade'])) { $newgradearr = explode("\t", $_SCONFIG['checkgrade']); $gradearr['64'] = $newgradearr[0]; $gradearr['32'] = $newgradearr[1]; $gradearr['16'] = $newgradearr[2]; $gradearr['9'] = $newgradearr[3]; $gradearr['4'] = $newgradearr[4]; $gradearr['1'] = $newgradearr[5]; $gradearr['-1'] = $newgradearr[6]; $gradearr['-2'] = $newgradearr[7]; $gradearr['-3'] = $newgradearr[8]; } } else { $gradearr = array('0' => $alang['general_state'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5'], '6' => $alang['check_grade_6'], '7' => $alang['check_grade_7']); if (!empty($_SCONFIG['checkgrade'])) { $newgradearr = explode("\t", $_SCONFIG['checkgrade']); for ($i = 0; $i < count($newgradearr); $i++) { if (!empty($newgradearr[$i])) { $gradearr[$i + 1] = $newgradearr[$i]; } } } } if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) { showmessage('parameter_error'); } $feedcolum = array(); foreach ($columnsinfoarr as $result) { if ($result['isfixed'] == 1) { $resultitems[] = $result; } else { $resultmessage[] = $result; } if ($result['formtype'] == 'linkage') { if (!empty($_POST[$result['fieldname']])) { $_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]]; } } elseif ($result['formtype'] == 'timestamp') { if (empty($_POST[$result['fieldname']])) { $_POST[$result['fieldname']] = $_SGLOBAL['timestamp']; } else { $_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]); } } } //更新用户最新更新时间 if (empty($itemid) && $_SGLOBAL['supe_uid']) { updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid'])); } //输入检查 $_POST['catid'] = intval($_POST['catid']); $_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0; $_POST['subject'] = shtmlspecialchars(trim($_POST['subject'])); //检查输入 if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) { showmessage('space_suject_length_error'); } if (empty($_POST['catid'])) { showmessage('admin_func_catid_error'); } if (!empty($_FILES['subjectimage']['name'])) { $fileext = fileext($_FILES['subjectimage']['name']); if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) { showmessage('document_types_can_only_upload_pictures'); } } //数据检查 checkvalues(array_merge($resultitems, $resultmessage), 0, 1); //修改时检验标题图片是否修改 $defaultmessage = array(); if (!empty($itemid)) { if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) { //当file删除时,或修改时执行删除操作 $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\''); $defaultmessage = $_SGLOBAL['db']->fetch_array($query); $hash = getmodelhash($_GET['mid'], $itemid); deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage')); //删除附件表 updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid)); $ext = fileext($defaultmessage['subjectimage']); if (in_array($ext, array('jpg', 'jpeg', 'png'))) { @unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg'); } @unlink(A_DIR . '/' . $defaultmessage['subjectimage']); } } //构建数据 $setsqlarr = $setitemsqlarr = array(); $setsqlarr = getsetsqlarr($resultitems); $setsqlarr['catid'] = $_POST['catid']; $setsqlarr['subject'] = $_POST['subject']; $setsqlarr['allowreply'] = $_POST['allowreply']; $setsqlarr['grade'] = intval($_POST['grade']); //modify by jyf,没权限的用户不能改审核等级 if ($setsqlarr['grade'] > 0) { if (!checkperm('manageeditpost')) { showmessage('no_permission'); } } //end $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; $setsqlarr['uid'] = $_SGLOBAL['supe_uid']; $setsqlarr['username'] = $_SGLOBAL['supe_username']; $setsqlarr['lastpost'] = $setsqlarr['dateline']; $modelsinfoarr['subjectimagewidth'] = 400; $modelsinfoarr['subjectimageheight'] = 300; if (!empty($modelsinfoarr['thumbsize'])) { $modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize'])); $modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0]; $modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1]; } $uploadfilearr = $ids = array(); $subjectimageid = ''; $uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']); if (!empty($uploadfilearr)) { $feedsubjectimg = $uploadfilearr; foreach ($uploadfilearr as $tmpkey => $tmpvalue) { if (empty($tmpvalue['error'])) { $setsqlarr[$tmpkey] = $tmpvalue['filepath']; } if (!empty($tmpvalue['aid'])) { $ids[] = $tmpvalue['aid']; } } } //词语过滤 if (!empty($modelsinfoarr['allowfilter'])) { $setsqlarr = scensor($setsqlarr, 1); } //发布时间 if (empty($_POST['dateline'])) { $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; } else { $setsqlarr['dateline'] = sstrtotime($_POST['dateline']); if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) { //不能早于2年 $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; } } //附件处理-by jyf if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) { $setsqlarr['attaches'] = implode(',', $_POST['divupload']); } //创新园地新增两个字段-------89184 if ($cacheinfo['models']['modelname'] == 'creative') { if (empty($_POST['creative_value'])) { showmessage('请输入创新价值说明'); } if (empty($_POST['creative_days'])) { showmessage('本创新所耗的工作量'); } $setsqlarr['value'] = $_POST['creative_value']; $setsqlarr['days'] = $_POST['creative_days']; } if (!checkperm('allowdirectpost') || checkperm('managemodpost')) { //不需要审核时入item表 if (empty($itemid)) { //插入数据 $itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1); //取消邮件通知 --89184 $email = get_cate_mail($_POST['catid']); $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); if ($_POST['modelname'] == 'creative') { if ($_POST['creative_type'] == '流程建议') { $email = $email . ',' . get_cate_process_mail($setsqlarr['catid']); } } $emails = explode(',', $email); if (count($emails) > 0) { include S_ROOT . './function/sendmail.fun.php'; $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); if ($cacheinfo['models']['modelname'] == 'creative') { $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的创新:<br />' . $url1; sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的创新《' . $_POST['subject'] . "》", $msg1); } else { if ($cacheinfo['models']['modelname'] == 'defect') { $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例:<br />' . $url1; sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例《' . $_POST['subject'] . "》", $msg1); } } } } else { //更新 $op = 'update'; unset($setsqlarr['uid']); unset($setsqlarr['username']); unset($setsqlarr['lastpost']); if ($setsqlarr['grade'] > 0) { $setsqlarr['shenhezhe'] = $_SGLOBAL['supe_username']; if ($_POST['modelname'] == 'creative') { if ($_POST['creative_type'] == '主管月度创新') { if (!check_cate_director($setsqlarr['catid'])) { showmessage('no_permission'); } } } } updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid)); $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\''); $defaultmessage = $_SGLOBAL['db']->fetch_array($query); //邮件通知--等级审核 if ($setsqlarr['grade'] > 0) { $sqlstr = 'SELECT u.*, s.* FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' s LEFT JOIN ' . tname('members') . ' u ON u.uid=s.uid WHERE s.itemid=\'' . $itemid . '\''; $query = $_SGLOBAL['db']->query($sqlstr); $value = $_SGLOBAL['db']->fetch_array($query); $email = $value['email']; if (!empty($email)) { include S_ROOT . './function/sendmail.fun.php'; $url = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); $emails = explode(',', $email); if ($_POST['modelname'] == 'creative') { $msg = '你的创新已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url; } else { $msg = '你的缺陷预防案例已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url; } sendmail($emails, $setsqlarr['subject'], $msg); } } } if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) { $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=1, type=\'' . $modelsinfoarr['modelname'] . '\', itemid=' . $itemid . ', catid=\'' . $_POST['catid'] . '\' WHERE hash=\'' . $_POST['hash'] . '\''); } $hash = getmodelhash($_POST['mid'], $itemid); if (!empty($ids)) { $ids = simplode($ids); $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')'); } $do = 'pass'; } else { if (!empty($uploadfilearr['subjectimage']['aid'])) { $subjectimageid = $uploadfilearr['subjectimage']['aid']; } $setitemsqlarr = $setsqlarr; $do = 'me'; } if ($op == 'update') { if (!empty($resultmessage)) { foreach ($resultmessage as $value) { if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) { if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) { //当file删除时,或修改时执行删除操作 deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname'])); //删除附件表 updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid'])); $ext = fileext($defaultmessage[$value['fieldname']]); if (in_array($ext, array('jpg', 'jpeg', 'png'))) { @unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg'); } @unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]); } } } } } //内容 $setsqlarr = $uploadfilearr = $ids = array(); $setsqlarr = getsetsqlarr($resultmessage); $uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0); $setsqlarr['message'] = trim($_POST['message']); $setsqlarr['postip'] = $_SGLOBAL['onlineip']; if (!empty($uploadfilearr)) { foreach ($uploadfilearr as $tmpkey => $tmpvalue) { if (empty($tmpvalue['error'])) { $setsqlarr[$tmpkey] = $tmpvalue['filepath']; } if (!empty($tmpvalue['aid'])) { $ids[] = $tmpvalue['aid']; } } } //添加内容 if (!empty($modelsinfoarr['allowfilter'])) { $setsqlarr = scensor($setsqlarr, 1); } if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') { //不需要审核时入message表 if ($op == 'add') { $setsqlarr['itemid'] = $itemid; //添加内容 inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr); getreward('postinfo'); if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) { $feed['icon'] = 'comment'; $feed['title_template'] = 'feed_model_title'; $murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); $aurl = A_URL; if (empty($_SCONFIG['siteurl'])) { $siteurl = getsiteurl(); $murl = $siteurl . $murl; $aurl = $siteurl . $aurl; } else { $siteurl = S_URL_ALL; } $feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>'); $feed['body_template'] = 'feed_model_message'; $feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150)); if (!empty($feedsubjectimg)) { $feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl); } else { foreach ($feedcolum as $feedimgvalue) { if ($feedimgvalue['filepath']) { $feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl); break; } } if (empty($feed['images'])) { $picurl = getmessagepic(stripslashes($_POST['message'])); if ($picurl && strpos($picurl, '://') === false) { $picurl = $siteurl . '/' . $picurl; } if (!empty($picurl)) { $feed['images'][] = array('url' => $picurl, 'link' => $murl); } } } postfeed($feed); } } else { //更新内容 updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid)); } updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash)); if (checkperm('allowdirectpost') && $op == 'update') { deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1); } if (checkperm('allowdirectpost') && $op == 'update') { $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('writing_success_online_please_wait_for_audit', $jpurl); } else { $jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('online_contributions_success', $jpurl); } } else { $setsqlarr = array_merge($setitemsqlarr, $setsqlarr); $setsqlarr['addfeed'] = $_POST['addfeed']; $setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1); if (!empty($_POST['itemid'])) { $itemid = intval($_POST['itemid']); updatetable('modelfolders', $setsqlarr, array('itemid' => $itemid)); } else { $itemid = inserttable('modelfolders', $setsqlarr, 1); } if (!empty($subjectimageid)) { $ids[] = $subjectimageid; } if (!empty($ids)) { $ids = simplode($ids); $hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT); $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')'); } $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('writing_success_online_please_wait_for_audit', $jpurl); } }
} $configs = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('config')); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $configs[$value['var']] = shtmlspecialchars($value['datavalue']); } if (empty($configs['feedfilternum']) || $configs['feedfilternum'] < 1) { $configs['feedfilternum'] = 1; } $datasets = $datas = $mails = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('data')); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($value['var'] == 'setting' || $value['var'] == 'mail') { $datasets[$value['var']] = empty($value['datavalue']) ? array() : unserialize($value['datavalue']); } else { $datasets[$value['var']] = shtmlspecialchars($value['datavalue']); } } $datas = $datasets['setting']; $mails = $datasets['mail']; // templates directory $templatearr = array('default' => 'default'); $tpl_dir = sreaddir(S_ROOT . './template'); foreach ($tpl_dir as $dir) { if (file_exists(S_ROOT . './template/' . $dir . '/style.css')) { $templatearr[$dir] = $dir; } } $templateselect = array($configs['template'] => ' selected'); $toselect = array($configs['timeoffset'] => ' selected'); $onlineip = getonlineip();
/** * 拼合sql語句 * return array */ function getsetsqlarr($valuearr) { $setsqlarr = array(); if (!empty($valuearr)) { foreach ($valuearr as $value) { if (isset($_POST[$value['fieldname']])) { if (!preg_match("/^(img|flash|file)\$/i", $value['formtype'])) { //提交來後的數據過濾 if (preg_match("/^(VARCHAR|CHAR|TEXT|MEDIUMTEXT|LONGTEXT)\$/i", $value['fieldtype'])) { if ($value['formtype'] == 'checkbox') { $_POST[$value['fieldname']] = implode("\n", shtmlspecialchars($_POST[$value['fieldname']])); } if (empty($value['ishtml'])) { $_POST[$value['fieldname']] = shtmlspecialchars(trim($_POST[$value['fieldname']])); } else { $_POST[$value['fieldname']] = trim($_POST[$value['fieldname']]); } if (!empty($value['isbbcode'])) { $_POST[$value['fieldname']] = modeldiscuzcode($_POST[$value['fieldname']]); } } elseif (preg_match("/^(TINYINT|SMALLINT|MEDIUMINT|INT|BIGINT)\$/i", $value['fieldtype'])) { $_POST[$value['fieldname']] = intval($_POST[$value['fieldname']]); } $setsqlarr[$value['fieldname']] = $_POST[$value['fieldname']]; } elseif ($value['isimage']) { $setsqlarr[$value['fieldname']] = $_POST[$value['fieldname']]; } } } } return $setsqlarr; }
$start = empty($_GET['start']) ? 0 : intval($_GET['start']); $countnum = 0; $lastfileid = 0; $sitemap_path = S_ROOT . './data/sitemap/'; if (!file_exists($sitemap_path)) { @mkdir($sitemap_path, '0666'); } if (submitcheck('thevalue')) { if (!preg_match("/^[0-9a-z_]+\$/i", $_POST['mapname']) || strlen($_POST['mapname']) > 50) { showmessage('sitemap_name_error'); } $mapdata = addslashes(serialize($sitemapdata)); $_POST['maptype'] = saddslashes(shtmlspecialchars($_POST['maptype'])); $_POST['mapnum'] = $_POST['maptype'] == 'google' ? intval($_POST['mapnum_google']) : intval($_POST['mapnum_baidu']); $_POST['createtype'] = intval($_POST['createtype']); $_POST['changefreq'] = $_POST['maptype'] == 'google' ? saddslashes(shtmlspecialchars($_POST['changefreq_google'])) : saddslashes(shtmlspecialchars($_POST['changefreq_baidu'])); if (!empty($_POST['slogid'])) { $_SGLOBAL['db']->query("UPDATE " . tname('sitemaplogs') . " SET mapname='{$_POST['mapname']}', maptype='{$_POST['maptype']}', mapnum='{$_POST['mapnum']}', createtype='{$_POST['createtype']}', changefreq='{$_POST['changefreq']}' WHERE slogid='{$_POST['slogid']}'"); showmessage('sitemap_config_update', $theurl); } else { $query = $_SGLOBAL['db']->query("SELECT count(*) FROM " . tname('sitemaplogs') . " WHERE mapname='{$_POST['mapname']}'"); if ($value = $_SGLOBAL['db']->result($query, 0)) { showmessage('sitemap_name_exists'); } $_SGLOBAL['db']->query("INSERT INTO " . tname('sitemaplogs') . "(mapname, maptype, mapnum, mapdata, createtype, changefreq) VALUES ('{$_POST['mapname']}', '{$_POST['maptype']}', '{$_POST['mapnum']}', '{$mapdata}', '{$_POST['createtype']}', '{$_POST['changefreq']}')"); showmessage('sitemap_config_add', $theurl); } } elseif (submitcheck('listsubmit')) { if (!empty($_POST['slogidarr'])) { $slogidarr = implode('\',\'', $_POST['slogidarr']); $_SGLOBAL['db']->query('DELETE FROM ' . tname('sitemaplogs') . ' WHERE slogid IN (\'' . $slogidarr . '\')');
function printruledebug($infoarr) { global $alang; $rule = ''; if (is_array($infoarr['code'])) { $infoarr['code'] = implode("\n", $infoarr['code']); } if (!empty($infoarr['code'])) { showprogress($alang['robot_debug_regional_source'], 1); showprogress('<textarea style="width:95%;" rows="7">' . $infoarr['code'] . '</textarea>'); } else { showprogress($alang['robot_debug_not_content'], 1); } $rule = shtmlspecialchars(getregularstring($infoarr['rule'], 'from')); showprogress($alang['robot_debug_url'], 1); showprogress('<input type="text" style="width: 95%" value="' . $infoarr['url'] . '">'); showprogress($alang['robot_debug_regular'], 1); showprogress('<input type="text" style="width: 95%" value="' . $rule . '">'); showprogress($alang['robot_debug_source_code'], 1); showprogress('<textarea style="width:95%;" rows="7">' . shtmlspecialchars($infoarr['source']) . '</textarea>'); exit; }
} } } if (!$managebatch && $opnum > 1) { cpmessage('choose_to_delete_the_tag', $_POST['mpurl']); } $_POST['ids'] = $newids; if ($_POST['optype'] == 'delete') { include_once S_ROOT . './source/function_delete.php'; if (!empty($_POST['ids']) && deletetags($_POST['ids'])) { cpmessage('do_success', $_POST['mpurl']); } else { cpmessage('choose_to_delete_the_tag', $_POST['mpurl']); } } elseif ($_POST['optype'] == 'merge') { $_POST['newtagname'] = shtmlspecialchars(trim($_POST['newtagname'])); if (strlen($_POST['newtagname']) < 1 || strlen($_POST['newtagname']) > 30) { cpmessage('to_merge_the_tag_name_of_the_length_discrepancies', $_POST['mpurl']); } // retrieve the new tag if there is $newtagid = getcount('tag', array('tagname' => $_POST['newtagname']), 'tagid'); if (empty($newtagid)) { // add tag $setarr = array('tagname' => $_POST['newtagname'], 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']); $newtagid = inserttable('tag', $setarr, 1); } //ʼϲ include_once S_ROOT . './source/function_op.php'; if (!empty($_POST['ids']) && mergetag($_POST['ids'], $newtagid)) { cpmessage('do_success', $_POST['mpurl']); } else {
$tplname = substr($file, 0, -4); $pos = strpos($file, '_'); if ($pos) { $tpls[substr($tplname, 0, $pos)][] = array($file, $status); } else { $tpls['base'][] = array($file, $status); } } } closedir($dh); } } elseif ($_GET['op'] == 'edit') { $filename = checkfilename($_GET['filename']); $filefullname = $tpldir . $filename; $fp = fopen($filefullname, 'rb'); $content = trim(shtmlspecialchars(fread($fp, filesize($filefullname)))); fclose($fp); } elseif ($_GET['op'] == 'repair') { $filename = checkfilename($_GET['filename']); $filefullname = $tpldir . $filename; //复制当前的文件 $d_file = $filefullname . '.bak'; if (file_exists($d_file)) { if (!@copy($d_file, $filefullname)) { swritefile($filefullname, sreadfile($d_file)); @unlink($d_file); } else { @unlink($d_file); } } else { cpmessage('designated_template_files_can_not_be_restored');
$type = 'link'; $_GET['op'] = 'link'; break; } // add share if (submitcheck('sharesubmit')) { $_POST['topicid'] = topic_check($_POST['topicid'], 'share'); //Verification code if ($type == 'link' && checkperm('seccode') && !ckseccode($_POST['seccode'])) { showmessage('incorrect_code'); } if (empty($_POST['refer'])) { $_POST['refer'] = "space.php?do=share&view=me"; } if ($type == 'link') { $link = shtmlspecialchars(trim($_POST['link'])); if ($link) { if (!preg_match("/^(http|ftp|https|mms)\\:\\/\\/.{4,300}\$/i", $link)) { $link = ''; } } if (empty($link)) { showmessage('url_incorrect_format'); } $arr['title_template'] = cplang('share_link'); $arr['body_template'] = '{link}'; $link_text = sub_url($link, 45); $arr['body_data'] = array('link' => "<a href=\"{$link}\" target=\"_blank\">{$link_text}</a>", 'data' => $link); $parseLink = parse_url($link); if (preg_match("/(youku.com|youtube.com|5show.com|ku6.com|sohu.com|mofile.com|sina.com.cn)\$/i", $parseLink['host'], $hosts)) { $flashvar = getflash($link, $hosts[1]);
$valued = $item[$value['fieldname']]; } if ($value['formtype'] != 'timestamp') { $htmlarr[$value['id']]['input'] = label(array('type' => $value['formtype'], 'alang' => $value['fieldcomment'], 'name' => $value['fieldname'], 'options' => $temparr2, 'rows' => 10, 'width' => '30%', 'size' => '60', 'value' => $valued, 'other' => $other, 'fileurl' => $fileurl), 0); } else { $item[$value['fieldname']] = sgmdate($item[$value['fieldname']]); $htmlarr[$value['id']]['input'] = <<<EOF \t\t\t<input type="text" name="{$value['fieldname']}" id="{$value['fieldname']}" readonly="readonly" value="{$item[$value['fieldname']]}" /><img src="{$siteurl}/admin/images/time.gif" onClick="getDatePicker('{$value['fieldname']}', event, 21)" /> EOF; } } } elseif ($op == 'view') { if (empty($_SGLOBAL['supe_uid'])) { showmessage('no_permission'); } $item['subject'] = shtmlspecialchars($item['subject']); if (!empty($item['subjectimage'])) { $fileext = fileext($item['subjectimage']); $item['subjectimage'] = $item['subjectthumb'] = A_URL . '/' . $item['subjectimage']; if (preg_match("/^(jpg|jpeg|png)\$/i", $fileext)) { $item['subjectthumb'] = substr($item['subjectimage'], 0, strrpos($item['subjectimage'], '.')) . '.thumb.jpg'; } } if (!empty($cacheinfo['columns'])) { $htmlarr = array(); foreach ($cacheinfo['columns'] as $temp) { $tmpvalue = trim($item[$temp['fieldname']]); if (empty($temp['isfile']) && strlen($tmpvalue) > 0 || !empty($temp['isfile']) && $tmpvalue != 0) { if ($temp['formtype'] == 'checkbox') { $tmpvalue = explode("\n", $item[$temp['fieldname']]); } elseif ($temp['formtype'] == 'textarea' && empty($temp['ishtml'])) {
if (!empty($multipage)) { echo label(array('type' => 'table-start', 'class' => 'listpage')); echo '<tr><td>' . $multipage . '</td></tr>'; echo label(array('type' => 'table-end')); } echo '<div class="buttons">'; echo label(array('type' => 'button-submit', 'name' => 'listsubmit', 'value' => $alang['common_submit'])); echo label(array('type' => 'button-reset', 'name' => 'listreset', 'value' => $alang['common_reset'])); echo '</div>'; echo '<input name="listsubmitok" type="hidden" value="yes" />'; echo label(array('type' => 'form-end')); } //THE VALUE SHOW if (is_array($thevalue) && $thevalue) { echo label(array('type' => 'form-start', 'name' => 'thevalueform', 'action' => $theurl, 'other' => ' onSubmit="return validate(this)"')); echo label(array('type' => 'div-start')); echo label(array('type' => 'table-start')); echo label(array('type' => 'input', 'alang' => 'tag_title_tagname', 'name' => 'newmaintagname', 'size' => 20, 'width' => '30%', 'value' => $thevalue['tagname'])); echo label(array('type' => 'tag', 'alang' => 'tag_title_relativetags', 'values' => $thevalue['relativetags'])); echo label(array('type' => 'table-end')); echo label(array('type' => 'div-end')); echo '<div class="buttons">'; echo label(array('type' => 'button-submit', 'name' => 'thevaluesubmit', 'value' => $alang['common_submit'])); echo label(array('type' => 'button-reset', 'name' => 'thevaluereset', 'value' => $alang['common_reset'])); echo '</div>'; echo '<input name="tagid" type="hidden" value="' . $thevalue['tagid'] . '" />'; echo '<input name="valuesubmit" type="hidden" value="yes" />'; echo '<input name="maintagname" type="hidden" value="' . shtmlspecialchars($thevalue['tagname']) . '" />'; echo '<input name="spacenewsnum" type="hidden" value="' . $thevalue['spacenewsnum'] . '" />'; echo label(array('type' => 'form-end')); }
if (!checkperm('manageprofield')) { cpmessage('no_authority_management_operation'); } @(include_once S_ROOT . './data/data_profield.php'); //取得单个数据 $thevalue = $list = array(); $_GET['fieldid'] = empty($_GET['fieldid']) ? 0 : intval($_GET['fieldid']); if ($_GET['fieldid']) { $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('profield') . " WHERE fieldid='{$_GET['fieldid']}'"); $thevalue = $_SGLOBAL['db']->fetch_array($query); } if (!empty($_GET['op']) && $_GET['op'] != 'add' && empty($thevalue)) { cpmessage('there_is_no_designated_users_columns'); } if (submitcheck('fieldsubmit')) { $setarr = array('title' => shtmlspecialchars(trim($_POST['title'])), 'note' => shtmlspecialchars(trim($_POST['note'])), 'formtype' => shtmlspecialchars(trim($_POST['formtype'])), 'inputnum' => intval($_POST['inputnum']), 'choice' => shtmlspecialchars(trim($_POST['choice'])), 'mtagminnum' => intval($_POST['mtagminnum']), 'manualmoderator' => intval($_POST['manualmoderator']), 'manualmember' => intval($_POST['manualmember']), 'displayorder' => intval($_POST['displayorder'])); $_POST['fieldid'] = intval($_POST['fieldid']); if (empty($thevalue['fieldid'])) { inserttable('profield', $setarr); } else { updatetable('profield', $setarr, array('fieldid' => $thevalue['fieldid'])); } //更新缓存 include_once S_ROOT . './source/function_cache.php'; profield_cache(); cpmessage('do_success', 'admincp.php?ac=profield'); } elseif (submitcheck('ordersubmit')) { foreach ($_POST['displayorder'] as $fieldid => $value) { updatetable('profield', array('displayorder' => intval($value)), array('fieldid' => intval($fieldid))); } //更新缓存
if (!checkperm('manageattachmenttypes')) { showmessage('no_authority_management_operation'); } $perpage = 20; $urlplus = ''; $newurl = $theurl . $urlplus; $page = intval(postget('page')); $page < 1 ? $page = 1 : ''; $start = ($page - 1) * $perpage; //INIT RESULT VAR $listarr = array(); $thevalue = array(); //POST METHOD if (submitcheck('valuesubmit')) { //ONE UPDATE OR ADD $_POST['fileext'] = shtmlspecialchars(trim($_POST['fileext'])); if (strlen($_POST['fileext']) < 1 || strlen($_POST['fileext']) > 10) { showmessage('attachmenttype_check_fileext'); } $_POST['maxsize'] = intval($_POST['maxsize']); $_POST['maxsize'] = $_POST['maxsize'] * 1024; $sqlarr = array('fileext' => $_POST['fileext'], 'maxsize' => intval($_POST['maxsize'])); if (empty($_POST['id'])) { //ADD $insertsqlarr = $sqlarr; inserttable('attachmenttypes', $insertsqlarr); showmessage('attachmenttype_add_success', $newurl); } else { //UPDATE $setsqlarr = $sqlarr; updatetable('attachmenttypes', $setsqlarr, array('id' => $_POST['id']));
$messageenc = rawurlencode(strip_tags(preg_replace("/\\[.+?\\]/U", '', $_GET['messageenc']))); $data = @implode('', file("http://keyword.discuz.com/related_kw.html?title={$subjectenc}&content={$messageenc}&ics={$_SC['charset']}&ocs={$_SC['charset']}")); if ($data) { $parser = xml_parser_create(); xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0); xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1); xml_parse_into_struct($parser, $data, $values, $index); xml_parser_free($parser); $kws = array(); foreach ($values as $valuearray) { if ($valuearray['tag'] == 'kw' || $valuearray['tag'] == 'ekw') { if (PHP_VERSION > '5' && $_SC['charset'] != 'utf-8') { $kws[] = siconv(trim($valuearray['value']), $_SC['charset'], 'utf-8'); //编码转换 } else { $kws[] = trim($valuearray['value']); } } } $return = ''; if ($kws) { foreach ($kws as $kw) { $kw = shtmlspecialchars($kw); $return .= $kw . ' '; } $return = trim($return); } showmessage($return); } else { showmessage(' '); }
function picurl_get($picurl, $maxlenth='200') { $picurl = shtmlspecialchars(trim($picurl)); if($picurl) { if(preg_match("/^http\:\/\/.{5,$maxlenth}\.(jpg|gif|png)$/i", $picurl)) return $picurl; } return ''; }
function getsiteurl() { global $_SCONFIG; if (empty($_SCONFIG['siteallurl'])) { $uri = $_SERVER['REQUEST_URI'] ? $_SERVER['REQUEST_URI'] : ($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']); return shtmlspecialchars('http://' . $_SERVER['HTTP_HOST'] . substr($uri, 0, strrpos($uri, '/') + 1)); } else { return $_SCONFIG['siteallurl']; } }
$upcid = empty($_POST['upcid']) ? 0 : intval($_POST['upcid']); if (empty($itemid)) { array_push($checkresults, array('message' => $lang['not_found'])); } if (empty($_G['uid'])) { if (empty($_G['setting']['allowguest'])) { setcookie('_refer', rawurlencode(geturl('action/viewcomment/itemid/' . $itemid, 1))); array_push($checkresults, array('message' => $lang['no_login'])); } } $table_name = ($ismodle ? $type : 'space') . 'items'; $query = DB::query('SELECT * FROM ' . tname($table_name) . ' WHERE itemid=\'' . $itemid . '\' AND allowreply=\'1\''); if (!($item = DB::fetch($query))) { array_push($checkresults, array('message' => $lang['no_permission'])); } $_POST['commentmessage'] = shtmlspecialchars(trim($_POST['commentmessage'])); if ($_POST['commentmessage'] == $_G['setting']['commdefault'] || bstrlen($_POST['commentmessage']) < 1 || bstrlen($_POST['commentmessage']) > 250) { array_push($checkresults, array('commentmessage' => $lang['wordlimited'])); } if (!empty($commentscorestr)) { $rootcatid = getrootcatid($item['catid']); $scorenum = DB::result_first("SELECT cm.scorenum FROM " . tname('categories') . " c\n\t\t\t\t\t\t\t\t\t\tLEFT JOIN " . tname('commentmodels') . " cm ON cm.cmid=c.cmid\n\t\t\t\t\t\t\t\t\t\tWHERE c.catid = '{$rootcatid}'"); if (bstrlen($commentscorestr) < $scorenum * 5) { array_push($checkresults, array('score' => $lang['scorelimited'])); } } if (!empty($_G['setting']['commenttime']) && !ckfounder($_G['uid'])) { if ($_G['timestamp'] - $_G['member']['lastcommenttime'] < $_G['setting']['commenttime']) { array_push($checkresults, array('message' => $lang['comment_too_much'])); } }
//权限 if (!checkperm('manageusergroups')) { showmessage('no_authority_management_operation'); } //取得单个数据 $thevalue = $list = array(); $_GET['groupid'] = empty($_GET['groupid']) ? 0 : intval($_GET['groupid']); if ($_GET['groupid']) { $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('usergroups') . " WHERE groupid='{$_GET['groupid']}'"); if (!($thevalue = $_SGLOBAL['db']->fetch_array($query))) { showmessage('user_group_does_not_exist'); } } if (submitcheck('thevaluesubmit')) { //用户组名 $_POST['set']['grouptitle'] = saddslashes(shtmlspecialchars($_POST['set']['grouptitle'])); if (empty($_POST['set']['grouptitle'])) { showmessage('user_group_were_not_empty'); } $setarr = array('grouptitle' => $_POST['set']['grouptitle']); //详细权限 $nones = array('groupid', 'grouptitle'); foreach ($_POST['set'] as $key => $value) { if (!in_array($key, $nones)) { $value = intval($value); if ($thevalue[$key] != $value) { $setarr[$key] = $value; } } } if (empty($thevalue['groupid'])) {
$_SCONFIG['template'] = $_SCOOKIE['mytemplate']; } else { ssetcookie('mytemplate', '', 365000); } } //处理REQUEST_URI if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING']; } } if ($_SERVER['REQUEST_URI']) { $temp = urldecode($_SERVER['REQUEST_URI']); if (strexists($temp, '<') || strexists($temp, '"')) { $_GET = shtmlspecialchars($_GET); //XSS } } //判断用户登录状态 checkauth(); $_SGLOBAL['uhash'] = md5($_SGLOBAL['supe_uid'] . "\t" . substr($_SGLOBAL['timestamp'], 0, 6)); //用户菜单 getuserapp(); //处理UC应用 $_SCONFIG['uc_status'] = 0; $_SGLOBAL['appmenus'] = $_SGLOBAL['appmenu'] = array(); if ($_SGLOBAL['app']) { foreach ($_SGLOBAL['app'] as $appid => $value) { if (UC_APPID != $appid) { $_SCONFIG['uc_status'] = 1;
$passwordstyle = $selectgroupstyle = 'display:none'; if ($blog['friend'] == 4) { $passwordstyle = ''; } elseif ($blog['friend'] == 2) { $selectgroupstyle = ''; if ($blog['target_ids']) { $names = array(); $query = $_SGLOBAL['db']->query("SELECT username FROM " . tname('space') . " WHERE uid IN ({$blog['target_ids']})"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $names[] = $value['username']; } $blog['target_names'] = implode(' ', $names); } } $blog['message'] = str_replace('&', '&amp;', $blog['message']); $blog['message'] = shtmlspecialchars($blog['message']); $allowhtml = checkperm('allowhtml'); //好友组 $groups = getfriendgroup(); //参与热点 $topic = array(); $topicid = $_GET['topicid'] = intval($_GET['topicid']); if ($topicid) { $topic = topic_get($topicid); } if ($topic) { $actives = array('blog' => ' class="active"'); } //菜单激活 $menuactives = array('space' => ' class="active"'); }
[UCenter Home] (C) 2007-2008 Comsenz Inc. $Id: link.php 10953 2009-01-12 02:55:37Z liguode $ */ include_once('./common.php'); if(empty($_GET['url'])) { showmessage('do_success', $refer, 0); } else { $url = $_GET['url']; if(!$_SCONFIG['linkguide']) { showmessage('do_success', $url, 0);//直接跳转 } } $space = array(); if($_SGLOBAL['supe_uid']) { $space = getspace($_SGLOBAL['supe_uid']); } if(empty($space)) { //游客直接跳转 showmessage('do_success', $url, 0); } $url = shtmlspecialchars($url); if(!preg_match("/^http\:\/\//i", $url)) $url = "http://".$url; //模板调用 include_once template("iframe"); ?>
show_msg('UCenter 服务端字符集与当前应用的字符集不同,请下载 ' . $ucdbcharset . ' 编码的 SupeSite 进行安装,下载地址:http://download.comsenz.com/'); } $tagtemplates = 'apptagtemplates[template]=' . urlencode('<a href="{url}" target="_blank">{subject}</a>') . '&' . 'apptagtemplates[fields][subject]=' . urlencode('资讯标题') . '&' . 'apptagtemplates[fields][url]=' . urlencode('资讯地址'); $uri = $_SERVER['REQUEST_URI'] ? $_SERVER['REQUEST_URI'] : ($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']); $app_url = strtolower(substr($_SERVER['SERVER_PROTOCOL'], 0, strpos($_SERVER['SERVER_PROTOCOL'], '/'))) . '://' . $_SERVER['HTTP_HOST'] . substr($uri, 0, strrpos($uri, '/install/')); $app_name = trim($_POST['sitename']); $postdata = "m=app&a=add&ucfounder=&ucfounderpw=" . urlencode($_POST['ucfounderpw']) . "&apptype=" . urlencode('SUPESITE') . "&appname=" . urlencode($app_name) . "&appurl=" . urlencode($app_url) . "&appip=&appcharset=" . $_SC['charset'] . '&appdbcharset=' . $_SC['dbcharset'] . '&release=' . UC_CLIENT_RELEASE . '&' . $tagtemplates; $s = sfopen($ucapi . '/index.php', 500, $postdata, '', 1, $ucip); if (empty($s)) { show_msg('UCenter用户中心无法连接'); } elseif ($s == '-1') { show_msg('UCenter管理员帐号密码不正确'); } else { $ucs = explode('|', $s); if (empty($ucs[0]) || empty($ucs[1])) { show_msg('UCenter返回的数据出现问题,请参考:<br />' . shtmlspecialchars($s)); } else { //处理成功 $apphidden = ''; //验证是否可以直接联接MySQL $link = mysql_connect($ucs[2], $ucs[4], $ucs[5], 1); $connect = $link && mysql_select_db($ucs[3], $link) ? 'mysql' : ''; //返回 foreach (array('key', 'appid', 'dbhost', 'dbname', 'dbuser', 'dbpw', 'dbcharset', 'dbtablepre', 'charset') as $key => $value) { if ($value == 'dbtablepre') { $ucs[$key] = '`' . $ucs[3] . '`.' . $ucs[$key]; } $apphidden .= "<input type=\"hidden\" name=\"uc[{$value}]\" value=\"" . $ucs[$key] . "\" />"; } //内置 $apphidden .= "<input type=\"hidden\" name=\"uc[connect]\" value=\"{$connect}\" />";
//取得单个数据 $thevalue = $list = array(); $_GET['gid'] = empty($_GET['gid'])?0:intval($_GET['gid']); if($_GET['gid']) { $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('usergroup')." WHERE gid='$_GET[gid]'"); if(!$thevalue = $_SGLOBAL['db']->fetch_array($query)) { cpmessage('user_group_does_not_exist'); } $thevalue['magicaward'] = unserialize($thevalue['magicaward']); } if(submitcheck('thevaluesubmit')) { //用户组名 $_POST['set']['grouptitle'] = shtmlspecialchars($_POST['set']['grouptitle']); if(empty($_POST['set']['grouptitle'])) cpmessage('user_group_were_not_empty'); $setarr = array('grouptitle' => $_POST['set']['grouptitle']); //系统 if(isset($thevalue['system'])) { $_POST['set']['system'] = $thevalue['system']; } else { $_POST['set']['system'] = intval($_POST['set']['system']); } if(empty($_POST['set']['system'])) { //普通用户组 $_POST['set']['explower'] = empty($_POST['set']['explower'])?0:intval($_POST['set']['explower']); if($_POST['set']['explower'] > 999999999 || $_POST['set']['explower'] < -999999999) cpmessage('integral_limit_error'); $lowgid = $_SGLOBAL['db']->result($_SGLOBAL['db']->query("SELECT gid FROM ".tname('usergroup')." where explower = '{$_POST['set']['explower']}' AND system='0'"), 0); if(!empty($lowgid) && $lowgid != $_GET['gid']) {