function html2bbcode($message) {
	global $_SGLOBAL;
	
	if(empty($_SGLOBAL['html_s_exp'])) {
		$_SGLOBAL['html_s_exp'] = array(
			"/\<div class=\"quote\"\>\<span class=\"q\"\>(.*?)\<\/span\>\<\/div\>/is",
			"/\<a href=\"(.+?)\".*?\<\/a\>/is",
			"/(\r\n|\n|\r)/",
			"/<br.*>/siU",
			"/[ \t]*\<img src=\"image\/face\/(.+?).gif\".*?\>[ \t]*/is",
			"/\s*\<img src=\"(.+?)\".*?\>\s*/is"
		);
		$_SGLOBAL['html_r_exp'] = array(
			"[quote]\\1[/quote]",
			"\\1",
			'',
			"\n",
			"[em:\\1:]",
			"\n[img]\\1[/img]\n"
		);
		$_SGLOBAL['html_s_str'] = array('<b>', '</b>', '<i>','</i>', '<u>', '</u>', '&nbsp; &nbsp; &nbsp; &nbsp; ', '&nbsp; &nbsp;', '&nbsp;&nbsp;', '&lt;', '&gt;', '&amp;');
		$_SGLOBAL['html_r_str'] = array('[b]', '[/b]','[i]', '[/i]', '[u]', '[/u]', "\t", '   ', '  ', '<', '>', '&');
	}	
	
	@$message = str_replace($_SGLOBAL['html_s_str'], $_SGLOBAL['html_r_str'],
		preg_replace($_SGLOBAL['html_s_exp'], $_SGLOBAL['html_r_exp'], $message));
		
	$message = shtmlspecialchars($message);
	
	return trim($message);
}
Exemple #2
0
    static function checkHtml($html)
    {
        $html = stripslashes($html);
        preg_match_all("/<([^<]+)>/is", $html, $ms);
        $searchs[] = '<';
        $replaces[] = '<';
        $searchs[] = '>';
        $replaces[] = '>';
        if ($ms[1]) {
            $allowtags = 'img|a|font|div|table|tbody|caption|tr|td|th|br
						|p|b|strong|i|u|em|span|ol|ul|li|blockquote
						|object|param|embed';
            //允许的标签
            $ms[1] = array_unique($ms[1]);
            foreach ($ms[1] as $value) {
                $searchs[] = "<" . $value . ">";
                $value = shtmlspecialchars($value);
                $value = str_replace(array('/', '/*'), array('.', '/.'), $value);
                $skipkeys = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload', 'javascript', 'script', 'eval', 'behaviour', 'expression', 'style', 'class');
                $skipstr = implode('|', $skipkeys);
                $value = preg_replace(array("/({$skipstr})/i"), '.', $value);
                if (!preg_match("/^[/|s]?({$allowtags})(s+|\$)/is", $value)) {
                    $value = '';
                }
                $replaces[] = empty($value) ? '' : "<" . str_replace('"', '"', $value) . ">";
            }
        }
        $html = str_replace($searchs, $replaces, $html);
        $html = addslashes($html);
        return $html;
    }
 function checkhtml($html)
 {
     $html = stripslashes($html);
     preg_match_all("/\\<([^\\<]+)\\>/is", $html, $ms);
     $searchs[] = '<';
     $replaces[] = '&lt;';
     $searchs[] = '>';
     $replaces[] = '&gt;';
     if ($ms[1]) {
         $allowtags = 'img|font|div|table|tbody|tr|td|th|br|p|b|strong|i|u|em|span|ol|ul|li';
         //允许的标签
         $ms[1] = array_unique($ms[1]);
         foreach ($ms[1] as $value) {
             $searchs[] = "&lt;" . $value . "&gt;";
             $value = shtmlspecialchars($value);
             $value = str_replace(array('\\', '/*'), array('.', '/.'), $value);
             $value = preg_replace(array("/(javascript|script|eval|behaviour|expression)/i", "/(\\s+|&quot;|')on/i"), array('.', ' .'), $value);
             if (!preg_match("/^[\\/|\\s]?({$allowtags})(\\s+|\$)/is", $value)) {
                 $value = '';
             }
             $replaces[] = empty($value) ? '' : "<" . str_replace('&quot;', '"', $value) . ">";
         }
     }
     $html = str_replace($searchs, $replaces, $html);
     //$html = addslashes($html);
     return $html;
 }
Exemple #4
0
function codedisp($code)
{
    global $discuzcodes, $_DCACHE;
    $discuzcodes['pcodecount']++;
    $code = shtmlspecialchars(str_replace('\\"', '"', preg_replace("/^[\n\r]*(.+?)[\n\r]*\$/is", "\\1", $code)));
    $discuzcodes['codehtml'][$discuzcodes['pcodecount']] = "<p style=\"font-weight: bold; margin: 1em 1em 0 1em;\">CODE:</p><code style=\"display: block; margin: 0 1em 1em; padding: 0.5em; border: 1px solid #CCC; font: 12px Courier, monospace; line-height: 1.8em;\">{$code}</code>";
    $discuzcodes['codecount']++;
    return "[\tDISCUZ_CODE_{$discuzcodes['pcodecount']}\t]";
}
Exemple #5
0
 function spacecutstr($str, $length)
 {
     $bbcodes = 'b|i|u|color|size|font|align|list|indent|url|email|code|free|table|tr|td|img|swf|payto|float';
     $str = shtmlspecialchars(cutstr(strip_tags(preg_replace(array("/\\[hide=?\\d*\\](.+?)\\[\\/hide\\]/is", "/\\[quote](.*)\\[\\/quote]/siU", "/\\[({$bbcodes})=?.*\\]/iU", "/\\[\\/({$bbcodes})\\]/i", "/\\[attach\\](\\d+)\\[\\/attach\\]/i"), array("[b]***[/b]", '', '', '', ''), $str)), $length));
     $find = array("/http:\\/\\/[a-z0-9\\/\\-_+=.~!%@?#%&;:\$\\()|]+?\\.(jpg|gif|png|bmp)/is", "/(\n|\r|\r\n){2,}/", "/\\s{2,}/");
     $replace = array("<img onload=\"if(this.width>320) {this.resized=true;this.width=320;}\" src=\"\\0\">", "\r\n", '');
     $str = preg_replace($find, $replace, $str);
     return trim(nl2br($str));
 }
function getcssname($dirname) {
	$css = sreadfile(S_ROOT.'./theme/'.$dirname.'/style.css');
	if($css) {
		preg_match("/\[name\](.+?)\[\/name\]/i", $css, $mathes);
		if(!empty($mathes[1])) $name = shtmlspecialchars($mathes[1]);
	} else {
		$name = 'No name';
	}
	return $name;
}
function shtmlspecialchars($string)
{
    if (is_array($string)) {
        foreach ($string as $key => $val) {
            $string[$key] = shtmlspecialchars($val);
        }
    } else {
        $string = preg_replace('/&amp;((#(\\d{3,5}|x[a-fA-F0-9]{4})|[a-zA-Z][a-z0-9]{2,5});)/', '&\\1', str_replace(array('&', '"', '<', '>'), array('&amp;', '&quot;', '&lt;', '&gt;'), $string));
    }
    return $string;
}
Exemple #8
0
function posttag($tagnamestr)
{
    global $_SGLOBAL, $lang;
    $tagarr = array('existsname' => array(), 'nonename' => array(), 'closename' => array(), 'existsid' => array());
    if (empty($tagnamestr)) {
        return $tagarr;
    }
    $tagnamearr = array();
    $valuearr = explode(' ', str_replace(',', ' ', shtmlspecialchars($tagnamestr)));
    foreach ($valuearr as $value) {
        if (count($tagnamearr) > 10) {
            break;
        }
        $value = posttagcheck($value);
        if ($value) {
            $tagnamearr[md5($value)] = $value;
        }
    }
    if (empty($tagnamearr)) {
        return $tagarr;
    }
    $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('tags') . ' WHERE tagname IN (' . simplode($tagnamearr) . ')');
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $tagarr['existsid'][] = $value['tagid'];
        $tagarr['existsname'][] = $value['tagname'];
        if ($value['close']) {
            $tagarr['closename'][] = $value['tagname'];
        }
    }
    if (!empty($tagarr['existsname'])) {
        foreach ($tagnamearr as $value) {
            if (!in_array($value, $tagarr['existsname'])) {
                $tagarr['nonename'][] = $value;
            }
        }
    } else {
        $tagarr['nonename'] = $tagnamearr;
    }
    if (!empty($tagarr['closename'])) {
        showmessage($lang['not_allowed_to_belong_to_the_following_tag'] . ':<p>' . implode(',', $tagarr['closename']) . '</p>');
    }
    return $tagarr;
}
Exemple #9
0
/**
 * 模型在线投稿提交处理函数
 */
function modelpost($cacheinfo, $cp = 1)
{
    global $_SGLOBAL, $theurl, $_SCONFIG;
    include_once S_ROOT . './function/upload.func.php';
    $_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0;
    $itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0;
    $hash = '';
    $op = 'add';
    $resultitems = $resultmessage = array();
    $modelsinfoarr = $cacheinfo['models'];
    $columnsinfoarr = $cacheinfo['columns'];
    //获取等级信息
    if ($cacheinfo['models']['modelname'] == 'defect') {
        switch ($_POST['grade']) {
            case 1:
                $_POST['grade'] = '64';
                break;
            case 2:
                $_POST['grade'] = '32';
                break;
            case 3:
                $_POST['grade'] = '16';
                break;
            case 4:
                $_POST['grade'] = '9';
                break;
            case 5:
                $_POST['grade'] = '4';
                break;
            case 6:
                $_POST['grade'] = '1';
                break;
            case 7:
                $_POST['grade'] = '-1';
                break;
            case 8:
                $_POST['grade'] = '-2';
                break;
            case 9:
                $_POST['grade'] = '-3';
                break;
        }
        $gradearr = array('0' => $alang['general_state'], '64' => $alang['check_grade_1'], '32' => $alang['check_grade_2'], '16' => $alang['check_grade_3_1'], '9' => $alang['check_grade_3_2'], '4' => $alang['check_grade_3_3'], '1' => $alang['check_grade_4'], '-1' => $alang['check_grade_5'], '-2' => $alang['check_grade_6'], '-3' => $alang['check_grade_7']);
        if (!empty($_SCONFIG['checkgrade'])) {
            $newgradearr = explode("\t", $_SCONFIG['checkgrade']);
            $gradearr['64'] = $newgradearr[0];
            $gradearr['32'] = $newgradearr[1];
            $gradearr['16'] = $newgradearr[2];
            $gradearr['9'] = $newgradearr[3];
            $gradearr['4'] = $newgradearr[4];
            $gradearr['1'] = $newgradearr[5];
            $gradearr['-1'] = $newgradearr[6];
            $gradearr['-2'] = $newgradearr[7];
            $gradearr['-3'] = $newgradearr[8];
        }
    } else {
        $gradearr = array('0' => $alang['general_state'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5'], '6' => $alang['check_grade_6'], '7' => $alang['check_grade_7']);
        if (!empty($_SCONFIG['checkgrade'])) {
            $newgradearr = explode("\t", $_SCONFIG['checkgrade']);
            for ($i = 0; $i < count($newgradearr); $i++) {
                if (!empty($newgradearr[$i])) {
                    $gradearr[$i + 1] = $newgradearr[$i];
                }
            }
        }
    }
    if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) {
        showmessage('parameter_error');
    }
    $feedcolum = array();
    foreach ($columnsinfoarr as $result) {
        if ($result['isfixed'] == 1) {
            $resultitems[] = $result;
        } else {
            $resultmessage[] = $result;
        }
        if ($result['formtype'] == 'linkage') {
            if (!empty($_POST[$result['fieldname']])) {
                $_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]];
            }
        } elseif ($result['formtype'] == 'timestamp') {
            if (empty($_POST[$result['fieldname']])) {
                $_POST[$result['fieldname']] = $_SGLOBAL['timestamp'];
            } else {
                $_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]);
            }
        }
    }
    //更新用户最新更新时间
    if (empty($itemid) && $_SGLOBAL['supe_uid']) {
        updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid']));
    }
    //输入检查
    $_POST['catid'] = intval($_POST['catid']);
    $_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0;
    $_POST['subject'] = shtmlspecialchars(trim($_POST['subject']));
    //检查输入
    if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) {
        showmessage('space_suject_length_error');
    }
    if (empty($_POST['catid'])) {
        showmessage('admin_func_catid_error');
    }
    if (!empty($_FILES['subjectimage']['name'])) {
        $fileext = fileext($_FILES['subjectimage']['name']);
        if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) {
            showmessage('document_types_can_only_upload_pictures');
        }
    }
    //数据检查
    checkvalues(array_merge($resultitems, $resultmessage), 0, 1);
    //修改时检验标题图片是否修改
    $defaultmessage = array();
    if (!empty($itemid)) {
        if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) {
            //当file删除时,或修改时执行删除操作
            $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\'');
            $defaultmessage = $_SGLOBAL['db']->fetch_array($query);
            $hash = getmodelhash($_GET['mid'], $itemid);
            deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage'));
            //删除附件表
            updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid));
            $ext = fileext($defaultmessage['subjectimage']);
            if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
                @unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg');
            }
            @unlink(A_DIR . '/' . $defaultmessage['subjectimage']);
        }
    }
    //构建数据
    $setsqlarr = $setitemsqlarr = array();
    $setsqlarr = getsetsqlarr($resultitems);
    $setsqlarr['catid'] = $_POST['catid'];
    $setsqlarr['subject'] = $_POST['subject'];
    $setsqlarr['allowreply'] = $_POST['allowreply'];
    $setsqlarr['grade'] = intval($_POST['grade']);
    //modify by jyf,没权限的用户不能改审核等级
    if ($setsqlarr['grade'] > 0) {
        if (!checkperm('manageeditpost')) {
            showmessage('no_permission');
        }
    }
    //end
    $setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
    $setsqlarr['uid'] = $_SGLOBAL['supe_uid'];
    $setsqlarr['username'] = $_SGLOBAL['supe_username'];
    $setsqlarr['lastpost'] = $setsqlarr['dateline'];
    $modelsinfoarr['subjectimagewidth'] = 400;
    $modelsinfoarr['subjectimageheight'] = 300;
    if (!empty($modelsinfoarr['thumbsize'])) {
        $modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize']));
        $modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0];
        $modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1];
    }
    $uploadfilearr = $ids = array();
    $subjectimageid = '';
    $uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']);
    if (!empty($uploadfilearr)) {
        $feedsubjectimg = $uploadfilearr;
        foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
            if (empty($tmpvalue['error'])) {
                $setsqlarr[$tmpkey] = $tmpvalue['filepath'];
            }
            if (!empty($tmpvalue['aid'])) {
                $ids[] = $tmpvalue['aid'];
            }
        }
    }
    //词语过滤
    if (!empty($modelsinfoarr['allowfilter'])) {
        $setsqlarr = scensor($setsqlarr, 1);
    }
    //发布时间
    if (empty($_POST['dateline'])) {
        $setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
    } else {
        $setsqlarr['dateline'] = sstrtotime($_POST['dateline']);
        if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) {
            //不能早于2年
            $setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
        }
    }
    //附件处理-by jyf
    if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
        $setsqlarr['attaches'] = implode(',', $_POST['divupload']);
    }
    //创新园地新增两个字段-------89184
    if ($cacheinfo['models']['modelname'] == 'creative') {
        if (empty($_POST['creative_value'])) {
            showmessage('请输入创新价值说明');
        }
        if (empty($_POST['creative_days'])) {
            showmessage('本创新所耗的工作量');
        }
        $setsqlarr['value'] = $_POST['creative_value'];
        $setsqlarr['days'] = $_POST['creative_days'];
    }
    if (!checkperm('allowdirectpost') || checkperm('managemodpost')) {
        //不需要审核时入item表
        if (empty($itemid)) {
            //插入数据
            $itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1);
            //取消邮件通知                    --89184
            $email = get_cate_mail($_POST['catid']);
            $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
            if ($_POST['modelname'] == 'creative') {
                if ($_POST['creative_type'] == '流程建议') {
                    $email = $email . ',' . get_cate_process_mail($setsqlarr['catid']);
                }
            }
            $emails = explode(',', $email);
            if (count($emails) > 0) {
                include S_ROOT . './function/sendmail.fun.php';
                $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
                if ($cacheinfo['models']['modelname'] == 'creative') {
                    $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的创新:<br />' . $url1;
                    sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的创新《' . $_POST['subject'] . "》", $msg1);
                } else {
                    if ($cacheinfo['models']['modelname'] == 'defect') {
                        $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例:<br />' . $url1;
                        sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例《' . $_POST['subject'] . "》", $msg1);
                    }
                }
            }
        } else {
            //更新
            $op = 'update';
            unset($setsqlarr['uid']);
            unset($setsqlarr['username']);
            unset($setsqlarr['lastpost']);
            if ($setsqlarr['grade'] > 0) {
                $setsqlarr['shenhezhe'] = $_SGLOBAL['supe_username'];
                if ($_POST['modelname'] == 'creative') {
                    if ($_POST['creative_type'] == '主管月度创新') {
                        if (!check_cate_director($setsqlarr['catid'])) {
                            showmessage('no_permission');
                        }
                    }
                }
            }
            updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid));
            $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\'');
            $defaultmessage = $_SGLOBAL['db']->fetch_array($query);
            //邮件通知--等级审核
            if ($setsqlarr['grade'] > 0) {
                $sqlstr = 'SELECT u.*, s.* FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' s LEFT JOIN ' . tname('members') . ' u ON u.uid=s.uid WHERE s.itemid=\'' . $itemid . '\'';
                $query = $_SGLOBAL['db']->query($sqlstr);
                $value = $_SGLOBAL['db']->fetch_array($query);
                $email = $value['email'];
                if (!empty($email)) {
                    include S_ROOT . './function/sendmail.fun.php';
                    $url = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
                    $emails = explode(',', $email);
                    if ($_POST['modelname'] == 'creative') {
                        $msg = '你的创新已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
                    } else {
                        $msg = '你的缺陷预防案例已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
                    }
                    sendmail($emails, $setsqlarr['subject'], $msg);
                }
            }
        }
        if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
            $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=1, type=\'' . $modelsinfoarr['modelname'] . '\', itemid=' . $itemid . ', catid=\'' . $_POST['catid'] . '\' WHERE hash=\'' . $_POST['hash'] . '\'');
        }
        $hash = getmodelhash($_POST['mid'], $itemid);
        if (!empty($ids)) {
            $ids = simplode($ids);
            $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
        }
        $do = 'pass';
    } else {
        if (!empty($uploadfilearr['subjectimage']['aid'])) {
            $subjectimageid = $uploadfilearr['subjectimage']['aid'];
        }
        $setitemsqlarr = $setsqlarr;
        $do = 'me';
    }
    if ($op == 'update') {
        if (!empty($resultmessage)) {
            foreach ($resultmessage as $value) {
                if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) {
                    if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) {
                        //当file删除时,或修改时执行删除操作
                        deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname']));
                        //删除附件表
                        updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid']));
                        $ext = fileext($defaultmessage[$value['fieldname']]);
                        if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
                            @unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg');
                        }
                        @unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]);
                    }
                }
            }
        }
    }
    //内容
    $setsqlarr = $uploadfilearr = $ids = array();
    $setsqlarr = getsetsqlarr($resultmessage);
    $uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0);
    $setsqlarr['message'] = trim($_POST['message']);
    $setsqlarr['postip'] = $_SGLOBAL['onlineip'];
    if (!empty($uploadfilearr)) {
        foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
            if (empty($tmpvalue['error'])) {
                $setsqlarr[$tmpkey] = $tmpvalue['filepath'];
            }
            if (!empty($tmpvalue['aid'])) {
                $ids[] = $tmpvalue['aid'];
            }
        }
    }
    //添加内容
    if (!empty($modelsinfoarr['allowfilter'])) {
        $setsqlarr = scensor($setsqlarr, 1);
    }
    if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') {
        //不需要审核时入message表
        if ($op == 'add') {
            $setsqlarr['itemid'] = $itemid;
            //添加内容
            inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr);
            getreward('postinfo');
            if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) {
                $feed['icon'] = 'comment';
                $feed['title_template'] = 'feed_model_title';
                $murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
                $aurl = A_URL;
                if (empty($_SCONFIG['siteurl'])) {
                    $siteurl = getsiteurl();
                    $murl = $siteurl . $murl;
                    $aurl = $siteurl . $aurl;
                } else {
                    $siteurl = S_URL_ALL;
                }
                $feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>');
                $feed['body_template'] = 'feed_model_message';
                $feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150));
                if (!empty($feedsubjectimg)) {
                    $feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl);
                } else {
                    foreach ($feedcolum as $feedimgvalue) {
                        if ($feedimgvalue['filepath']) {
                            $feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl);
                            break;
                        }
                    }
                    if (empty($feed['images'])) {
                        $picurl = getmessagepic(stripslashes($_POST['message']));
                        if ($picurl && strpos($picurl, '://') === false) {
                            $picurl = $siteurl . '/' . $picurl;
                        }
                        if (!empty($picurl)) {
                            $feed['images'][] = array('url' => $picurl, 'link' => $murl);
                        }
                    }
                }
                postfeed($feed);
            }
        } else {
            //更新内容
            updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid));
        }
        updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash));
        if (checkperm('allowdirectpost') && $op == 'update') {
            deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1);
        }
        if (checkperm('allowdirectpost') && $op == 'update') {
            $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
            showmessage('writing_success_online_please_wait_for_audit', $jpurl);
        } else {
            $jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
            showmessage('online_contributions_success', $jpurl);
        }
    } else {
        $setsqlarr = array_merge($setitemsqlarr, $setsqlarr);
        $setsqlarr['addfeed'] = $_POST['addfeed'];
        $setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1);
        if (!empty($_POST['itemid'])) {
            $itemid = intval($_POST['itemid']);
            updatetable('modelfolders', $setsqlarr, array('itemid' => $itemid));
        } else {
            $itemid = inserttable('modelfolders', $setsqlarr, 1);
        }
        if (!empty($subjectimageid)) {
            $ids[] = $subjectimageid;
        }
        if (!empty($ids)) {
            $ids = simplode($ids);
            $hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT);
            $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
        }
        $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
        showmessage('writing_success_online_please_wait_for_audit', $jpurl);
    }
}
Exemple #10
0
}
$configs = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('config'));
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
    $configs[$value['var']] = shtmlspecialchars($value['datavalue']);
}
if (empty($configs['feedfilternum']) || $configs['feedfilternum'] < 1) {
    $configs['feedfilternum'] = 1;
}
$datasets = $datas = $mails = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('data'));
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
    if ($value['var'] == 'setting' || $value['var'] == 'mail') {
        $datasets[$value['var']] = empty($value['datavalue']) ? array() : unserialize($value['datavalue']);
    } else {
        $datasets[$value['var']] = shtmlspecialchars($value['datavalue']);
    }
}
$datas = $datasets['setting'];
$mails = $datasets['mail'];
// templates directory
$templatearr = array('default' => 'default');
$tpl_dir = sreaddir(S_ROOT . './template');
foreach ($tpl_dir as $dir) {
    if (file_exists(S_ROOT . './template/' . $dir . '/style.css')) {
        $templatearr[$dir] = $dir;
    }
}
$templateselect = array($configs['template'] => ' selected');
$toselect = array($configs['timeoffset'] => ' selected');
$onlineip = getonlineip();
/**
 * 拼合sql語句
 * return array
 */
function getsetsqlarr($valuearr)
{
    $setsqlarr = array();
    if (!empty($valuearr)) {
        foreach ($valuearr as $value) {
            if (isset($_POST[$value['fieldname']])) {
                if (!preg_match("/^(img|flash|file)\$/i", $value['formtype'])) {
                    //提交來後的數據過濾
                    if (preg_match("/^(VARCHAR|CHAR|TEXT|MEDIUMTEXT|LONGTEXT)\$/i", $value['fieldtype'])) {
                        if ($value['formtype'] == 'checkbox') {
                            $_POST[$value['fieldname']] = implode("\n", shtmlspecialchars($_POST[$value['fieldname']]));
                        }
                        if (empty($value['ishtml'])) {
                            $_POST[$value['fieldname']] = shtmlspecialchars(trim($_POST[$value['fieldname']]));
                        } else {
                            $_POST[$value['fieldname']] = trim($_POST[$value['fieldname']]);
                        }
                        if (!empty($value['isbbcode'])) {
                            $_POST[$value['fieldname']] = modeldiscuzcode($_POST[$value['fieldname']]);
                        }
                    } elseif (preg_match("/^(TINYINT|SMALLINT|MEDIUMINT|INT|BIGINT)\$/i", $value['fieldtype'])) {
                        $_POST[$value['fieldname']] = intval($_POST[$value['fieldname']]);
                    }
                    $setsqlarr[$value['fieldname']] = $_POST[$value['fieldname']];
                } elseif ($value['isimage']) {
                    $setsqlarr[$value['fieldname']] = $_POST[$value['fieldname']];
                }
            }
        }
    }
    return $setsqlarr;
}
$start = empty($_GET['start']) ? 0 : intval($_GET['start']);
$countnum = 0;
$lastfileid = 0;
$sitemap_path = S_ROOT . './data/sitemap/';
if (!file_exists($sitemap_path)) {
    @mkdir($sitemap_path, '0666');
}
if (submitcheck('thevalue')) {
    if (!preg_match("/^[0-9a-z_]+\$/i", $_POST['mapname']) || strlen($_POST['mapname']) > 50) {
        showmessage('sitemap_name_error');
    }
    $mapdata = addslashes(serialize($sitemapdata));
    $_POST['maptype'] = saddslashes(shtmlspecialchars($_POST['maptype']));
    $_POST['mapnum'] = $_POST['maptype'] == 'google' ? intval($_POST['mapnum_google']) : intval($_POST['mapnum_baidu']);
    $_POST['createtype'] = intval($_POST['createtype']);
    $_POST['changefreq'] = $_POST['maptype'] == 'google' ? saddslashes(shtmlspecialchars($_POST['changefreq_google'])) : saddslashes(shtmlspecialchars($_POST['changefreq_baidu']));
    if (!empty($_POST['slogid'])) {
        $_SGLOBAL['db']->query("UPDATE " . tname('sitemaplogs') . " SET mapname='{$_POST['mapname']}', maptype='{$_POST['maptype']}', mapnum='{$_POST['mapnum']}', createtype='{$_POST['createtype']}', changefreq='{$_POST['changefreq']}' WHERE slogid='{$_POST['slogid']}'");
        showmessage('sitemap_config_update', $theurl);
    } else {
        $query = $_SGLOBAL['db']->query("SELECT count(*) FROM " . tname('sitemaplogs') . " WHERE mapname='{$_POST['mapname']}'");
        if ($value = $_SGLOBAL['db']->result($query, 0)) {
            showmessage('sitemap_name_exists');
        }
        $_SGLOBAL['db']->query("INSERT INTO " . tname('sitemaplogs') . "(mapname, maptype, mapnum, mapdata, createtype, changefreq) VALUES ('{$_POST['mapname']}', '{$_POST['maptype']}', '{$_POST['mapnum']}', '{$mapdata}', '{$_POST['createtype']}', '{$_POST['changefreq']}')");
        showmessage('sitemap_config_add', $theurl);
    }
} elseif (submitcheck('listsubmit')) {
    if (!empty($_POST['slogidarr'])) {
        $slogidarr = implode('\',\'', $_POST['slogidarr']);
        $_SGLOBAL['db']->query('DELETE FROM ' . tname('sitemaplogs') . ' WHERE slogid IN (\'' . $slogidarr . '\')');
Exemple #13
0
function printruledebug($infoarr)
{
    global $alang;
    $rule = '';
    if (is_array($infoarr['code'])) {
        $infoarr['code'] = implode("\n", $infoarr['code']);
    }
    if (!empty($infoarr['code'])) {
        showprogress($alang['robot_debug_regional_source'], 1);
        showprogress('<textarea style="width:95%;" rows="7">' . $infoarr['code'] . '</textarea>');
    } else {
        showprogress($alang['robot_debug_not_content'], 1);
    }
    $rule = shtmlspecialchars(getregularstring($infoarr['rule'], 'from'));
    showprogress($alang['robot_debug_url'], 1);
    showprogress('<input type="text" style="width: 95%" value="' . $infoarr['url'] . '">');
    showprogress($alang['robot_debug_regular'], 1);
    showprogress('<input type="text" style="width: 95%" value="' . $rule . '">');
    showprogress($alang['robot_debug_source_code'], 1);
    showprogress('<textarea style="width:95%;" rows="7">' . shtmlspecialchars($infoarr['source']) . '</textarea>');
    exit;
}
Exemple #14
0
         }
     }
 }
 if (!$managebatch && $opnum > 1) {
     cpmessage('choose_to_delete_the_tag', $_POST['mpurl']);
 }
 $_POST['ids'] = $newids;
 if ($_POST['optype'] == 'delete') {
     include_once S_ROOT . './source/function_delete.php';
     if (!empty($_POST['ids']) && deletetags($_POST['ids'])) {
         cpmessage('do_success', $_POST['mpurl']);
     } else {
         cpmessage('choose_to_delete_the_tag', $_POST['mpurl']);
     }
 } elseif ($_POST['optype'] == 'merge') {
     $_POST['newtagname'] = shtmlspecialchars(trim($_POST['newtagname']));
     if (strlen($_POST['newtagname']) < 1 || strlen($_POST['newtagname']) > 30) {
         cpmessage('to_merge_the_tag_name_of_the_length_discrepancies', $_POST['mpurl']);
     }
     // retrieve the new tag if there is
     $newtagid = getcount('tag', array('tagname' => $_POST['newtagname']), 'tagid');
     if (empty($newtagid)) {
         // add tag
         $setarr = array('tagname' => $_POST['newtagname'], 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']);
         $newtagid = inserttable('tag', $setarr, 1);
     }
     //ʼϲ
     include_once S_ROOT . './source/function_op.php';
     if (!empty($_POST['ids']) && mergetag($_POST['ids'], $newtagid)) {
         cpmessage('do_success', $_POST['mpurl']);
     } else {
Exemple #15
0
                $tplname = substr($file, 0, -4);
                $pos = strpos($file, '_');
                if ($pos) {
                    $tpls[substr($tplname, 0, $pos)][] = array($file, $status);
                } else {
                    $tpls['base'][] = array($file, $status);
                }
            }
        }
        closedir($dh);
    }
} elseif ($_GET['op'] == 'edit') {
    $filename = checkfilename($_GET['filename']);
    $filefullname = $tpldir . $filename;
    $fp = fopen($filefullname, 'rb');
    $content = trim(shtmlspecialchars(fread($fp, filesize($filefullname))));
    fclose($fp);
} elseif ($_GET['op'] == 'repair') {
    $filename = checkfilename($_GET['filename']);
    $filefullname = $tpldir . $filename;
    //复制当前的文件
    $d_file = $filefullname . '.bak';
    if (file_exists($d_file)) {
        if (!@copy($d_file, $filefullname)) {
            swritefile($filefullname, sreadfile($d_file));
            @unlink($d_file);
        } else {
            @unlink($d_file);
        }
    } else {
        cpmessage('designated_template_files_can_not_be_restored');
Exemple #16
0
         $type = 'link';
         $_GET['op'] = 'link';
         break;
 }
 // add share
 if (submitcheck('sharesubmit')) {
     $_POST['topicid'] = topic_check($_POST['topicid'], 'share');
     //Verification code
     if ($type == 'link' && checkperm('seccode') && !ckseccode($_POST['seccode'])) {
         showmessage('incorrect_code');
     }
     if (empty($_POST['refer'])) {
         $_POST['refer'] = "space.php?do=share&view=me";
     }
     if ($type == 'link') {
         $link = shtmlspecialchars(trim($_POST['link']));
         if ($link) {
             if (!preg_match("/^(http|ftp|https|mms)\\:\\/\\/.{4,300}\$/i", $link)) {
                 $link = '';
             }
         }
         if (empty($link)) {
             showmessage('url_incorrect_format');
         }
         $arr['title_template'] = cplang('share_link');
         $arr['body_template'] = '{link}';
         $link_text = sub_url($link, 45);
         $arr['body_data'] = array('link' => "<a href=\"{$link}\" target=\"_blank\">{$link_text}</a>", 'data' => $link);
         $parseLink = parse_url($link);
         if (preg_match("/(youku.com|youtube.com|5show.com|ku6.com|sohu.com|mofile.com|sina.com.cn)\$/i", $parseLink['host'], $hosts)) {
             $flashvar = getflash($link, $hosts[1]);
Exemple #17
0
            $valued = $item[$value['fieldname']];
        }
        if ($value['formtype'] != 'timestamp') {
            $htmlarr[$value['id']]['input'] = label(array('type' => $value['formtype'], 'alang' => $value['fieldcomment'], 'name' => $value['fieldname'], 'options' => $temparr2, 'rows' => 10, 'width' => '30%', 'size' => '60', 'value' => $valued, 'other' => $other, 'fileurl' => $fileurl), 0);
        } else {
            $item[$value['fieldname']] = sgmdate($item[$value['fieldname']]);
            $htmlarr[$value['id']]['input'] = <<<EOF
\t\t\t<input type="text" name="{$value['fieldname']}" id="{$value['fieldname']}" readonly="readonly" value="{$item[$value['fieldname']]}" /><img src="{$siteurl}/admin/images/time.gif" onClick="getDatePicker('{$value['fieldname']}', event, 21)" />
EOF;
        }
    }
} elseif ($op == 'view') {
    if (empty($_SGLOBAL['supe_uid'])) {
        showmessage('no_permission');
    }
    $item['subject'] = shtmlspecialchars($item['subject']);
    if (!empty($item['subjectimage'])) {
        $fileext = fileext($item['subjectimage']);
        $item['subjectimage'] = $item['subjectthumb'] = A_URL . '/' . $item['subjectimage'];
        if (preg_match("/^(jpg|jpeg|png)\$/i", $fileext)) {
            $item['subjectthumb'] = substr($item['subjectimage'], 0, strrpos($item['subjectimage'], '.')) . '.thumb.jpg';
        }
    }
    if (!empty($cacheinfo['columns'])) {
        $htmlarr = array();
        foreach ($cacheinfo['columns'] as $temp) {
            $tmpvalue = trim($item[$temp['fieldname']]);
            if (empty($temp['isfile']) && strlen($tmpvalue) > 0 || !empty($temp['isfile']) && $tmpvalue != 0) {
                if ($temp['formtype'] == 'checkbox') {
                    $tmpvalue = explode("\n", $item[$temp['fieldname']]);
                } elseif ($temp['formtype'] == 'textarea' && empty($temp['ishtml'])) {
Exemple #18
0
    if (!empty($multipage)) {
        echo label(array('type' => 'table-start', 'class' => 'listpage'));
        echo '<tr><td>' . $multipage . '</td></tr>';
        echo label(array('type' => 'table-end'));
    }
    echo '<div class="buttons">';
    echo label(array('type' => 'button-submit', 'name' => 'listsubmit', 'value' => $alang['common_submit']));
    echo label(array('type' => 'button-reset', 'name' => 'listreset', 'value' => $alang['common_reset']));
    echo '</div>';
    echo '<input name="listsubmitok" type="hidden" value="yes" />';
    echo label(array('type' => 'form-end'));
}
//THE VALUE SHOW
if (is_array($thevalue) && $thevalue) {
    echo label(array('type' => 'form-start', 'name' => 'thevalueform', 'action' => $theurl, 'other' => ' onSubmit="return validate(this)"'));
    echo label(array('type' => 'div-start'));
    echo label(array('type' => 'table-start'));
    echo label(array('type' => 'input', 'alang' => 'tag_title_tagname', 'name' => 'newmaintagname', 'size' => 20, 'width' => '30%', 'value' => $thevalue['tagname']));
    echo label(array('type' => 'tag', 'alang' => 'tag_title_relativetags', 'values' => $thevalue['relativetags']));
    echo label(array('type' => 'table-end'));
    echo label(array('type' => 'div-end'));
    echo '<div class="buttons">';
    echo label(array('type' => 'button-submit', 'name' => 'thevaluesubmit', 'value' => $alang['common_submit']));
    echo label(array('type' => 'button-reset', 'name' => 'thevaluereset', 'value' => $alang['common_reset']));
    echo '</div>';
    echo '<input name="tagid" type="hidden" value="' . $thevalue['tagid'] . '" />';
    echo '<input name="valuesubmit" type="hidden" value="yes" />';
    echo '<input name="maintagname" type="hidden" value="' . shtmlspecialchars($thevalue['tagname']) . '" />';
    echo '<input name="spacenewsnum" type="hidden" value="' . $thevalue['spacenewsnum'] . '" />';
    echo label(array('type' => 'form-end'));
}
Exemple #19
0
if (!checkperm('manageprofield')) {
    cpmessage('no_authority_management_operation');
}
@(include_once S_ROOT . './data/data_profield.php');
//取得单个数据
$thevalue = $list = array();
$_GET['fieldid'] = empty($_GET['fieldid']) ? 0 : intval($_GET['fieldid']);
if ($_GET['fieldid']) {
    $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('profield') . " WHERE fieldid='{$_GET['fieldid']}'");
    $thevalue = $_SGLOBAL['db']->fetch_array($query);
}
if (!empty($_GET['op']) && $_GET['op'] != 'add' && empty($thevalue)) {
    cpmessage('there_is_no_designated_users_columns');
}
if (submitcheck('fieldsubmit')) {
    $setarr = array('title' => shtmlspecialchars(trim($_POST['title'])), 'note' => shtmlspecialchars(trim($_POST['note'])), 'formtype' => shtmlspecialchars(trim($_POST['formtype'])), 'inputnum' => intval($_POST['inputnum']), 'choice' => shtmlspecialchars(trim($_POST['choice'])), 'mtagminnum' => intval($_POST['mtagminnum']), 'manualmoderator' => intval($_POST['manualmoderator']), 'manualmember' => intval($_POST['manualmember']), 'displayorder' => intval($_POST['displayorder']));
    $_POST['fieldid'] = intval($_POST['fieldid']);
    if (empty($thevalue['fieldid'])) {
        inserttable('profield', $setarr);
    } else {
        updatetable('profield', $setarr, array('fieldid' => $thevalue['fieldid']));
    }
    //更新缓存
    include_once S_ROOT . './source/function_cache.php';
    profield_cache();
    cpmessage('do_success', 'admincp.php?ac=profield');
} elseif (submitcheck('ordersubmit')) {
    foreach ($_POST['displayorder'] as $fieldid => $value) {
        updatetable('profield', array('displayorder' => intval($value)), array('fieldid' => intval($fieldid)));
    }
    //更新缓存
if (!checkperm('manageattachmenttypes')) {
    showmessage('no_authority_management_operation');
}
$perpage = 20;
$urlplus = '';
$newurl = $theurl . $urlplus;
$page = intval(postget('page'));
$page < 1 ? $page = 1 : '';
$start = ($page - 1) * $perpage;
//INIT RESULT VAR
$listarr = array();
$thevalue = array();
//POST METHOD
if (submitcheck('valuesubmit')) {
    //ONE UPDATE OR ADD
    $_POST['fileext'] = shtmlspecialchars(trim($_POST['fileext']));
    if (strlen($_POST['fileext']) < 1 || strlen($_POST['fileext']) > 10) {
        showmessage('attachmenttype_check_fileext');
    }
    $_POST['maxsize'] = intval($_POST['maxsize']);
    $_POST['maxsize'] = $_POST['maxsize'] * 1024;
    $sqlarr = array('fileext' => $_POST['fileext'], 'maxsize' => intval($_POST['maxsize']));
    if (empty($_POST['id'])) {
        //ADD
        $insertsqlarr = $sqlarr;
        inserttable('attachmenttypes', $insertsqlarr);
        showmessage('attachmenttype_add_success', $newurl);
    } else {
        //UPDATE
        $setsqlarr = $sqlarr;
        updatetable('attachmenttypes', $setsqlarr, array('id' => $_POST['id']));
Exemple #21
0
$messageenc = rawurlencode(strip_tags(preg_replace("/\\[.+?\\]/U", '', $_GET['messageenc'])));
$data = @implode('', file("http://keyword.discuz.com/related_kw.html?title={$subjectenc}&content={$messageenc}&ics={$_SC['charset']}&ocs={$_SC['charset']}"));
if ($data) {
    $parser = xml_parser_create();
    xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
    xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1);
    xml_parse_into_struct($parser, $data, $values, $index);
    xml_parser_free($parser);
    $kws = array();
    foreach ($values as $valuearray) {
        if ($valuearray['tag'] == 'kw' || $valuearray['tag'] == 'ekw') {
            if (PHP_VERSION > '5' && $_SC['charset'] != 'utf-8') {
                $kws[] = siconv(trim($valuearray['value']), $_SC['charset'], 'utf-8');
                //编码转换
            } else {
                $kws[] = trim($valuearray['value']);
            }
        }
    }
    $return = '';
    if ($kws) {
        foreach ($kws as $kw) {
            $kw = shtmlspecialchars($kw);
            $return .= $kw . ' ';
        }
        $return = trim($return);
    }
    showmessage($return);
} else {
    showmessage(' ');
}
function picurl_get($picurl, $maxlenth='200') {
	$picurl = shtmlspecialchars(trim($picurl));
	if($picurl) {
		if(preg_match("/^http\:\/\/.{5,$maxlenth}\.(jpg|gif|png)$/i", $picurl)) return $picurl;
	}
	return '';
}
Exemple #23
0
function getsiteurl()
{
    global $_SCONFIG;
    if (empty($_SCONFIG['siteallurl'])) {
        $uri = $_SERVER['REQUEST_URI'] ? $_SERVER['REQUEST_URI'] : ($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']);
        return shtmlspecialchars('http://' . $_SERVER['HTTP_HOST'] . substr($uri, 0, strrpos($uri, '/') + 1));
    } else {
        return $_SCONFIG['siteallurl'];
    }
}
Exemple #24
0
 $upcid = empty($_POST['upcid']) ? 0 : intval($_POST['upcid']);
 if (empty($itemid)) {
     array_push($checkresults, array('message' => $lang['not_found']));
 }
 if (empty($_G['uid'])) {
     if (empty($_G['setting']['allowguest'])) {
         setcookie('_refer', rawurlencode(geturl('action/viewcomment/itemid/' . $itemid, 1)));
         array_push($checkresults, array('message' => $lang['no_login']));
     }
 }
 $table_name = ($ismodle ? $type : 'space') . 'items';
 $query = DB::query('SELECT * FROM ' . tname($table_name) . ' WHERE itemid=\'' . $itemid . '\' AND allowreply=\'1\'');
 if (!($item = DB::fetch($query))) {
     array_push($checkresults, array('message' => $lang['no_permission']));
 }
 $_POST['commentmessage'] = shtmlspecialchars(trim($_POST['commentmessage']));
 if ($_POST['commentmessage'] == $_G['setting']['commdefault'] || bstrlen($_POST['commentmessage']) < 1 || bstrlen($_POST['commentmessage']) > 250) {
     array_push($checkresults, array('commentmessage' => $lang['wordlimited']));
 }
 if (!empty($commentscorestr)) {
     $rootcatid = getrootcatid($item['catid']);
     $scorenum = DB::result_first("SELECT cm.scorenum FROM " . tname('categories') . " c\n\t\t\t\t\t\t\t\t\t\tLEFT JOIN " . tname('commentmodels') . " cm ON cm.cmid=c.cmid\n\t\t\t\t\t\t\t\t\t\tWHERE c.catid = '{$rootcatid}'");
     if (bstrlen($commentscorestr) < $scorenum * 5) {
         array_push($checkresults, array('score' => $lang['scorelimited']));
     }
 }
 if (!empty($_G['setting']['commenttime']) && !ckfounder($_G['uid'])) {
     if ($_G['timestamp'] - $_G['member']['lastcommenttime'] < $_G['setting']['commenttime']) {
         array_push($checkresults, array('message' => $lang['comment_too_much']));
     }
 }
//权限
if (!checkperm('manageusergroups')) {
    showmessage('no_authority_management_operation');
}
//取得单个数据
$thevalue = $list = array();
$_GET['groupid'] = empty($_GET['groupid']) ? 0 : intval($_GET['groupid']);
if ($_GET['groupid']) {
    $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('usergroups') . " WHERE groupid='{$_GET['groupid']}'");
    if (!($thevalue = $_SGLOBAL['db']->fetch_array($query))) {
        showmessage('user_group_does_not_exist');
    }
}
if (submitcheck('thevaluesubmit')) {
    //用户组名
    $_POST['set']['grouptitle'] = saddslashes(shtmlspecialchars($_POST['set']['grouptitle']));
    if (empty($_POST['set']['grouptitle'])) {
        showmessage('user_group_were_not_empty');
    }
    $setarr = array('grouptitle' => $_POST['set']['grouptitle']);
    //详细权限
    $nones = array('groupid', 'grouptitle');
    foreach ($_POST['set'] as $key => $value) {
        if (!in_array($key, $nones)) {
            $value = intval($value);
            if ($thevalue[$key] != $value) {
                $setarr[$key] = $value;
            }
        }
    }
    if (empty($thevalue['groupid'])) {
Exemple #26
0
        $_SCONFIG['template'] = $_SCOOKIE['mytemplate'];
    } else {
        ssetcookie('mytemplate', '', 365000);
    }
}
//处理REQUEST_URI
if (!isset($_SERVER['REQUEST_URI'])) {
    $_SERVER['REQUEST_URI'] = $_SERVER['PHP_SELF'];
    if (isset($_SERVER['QUERY_STRING'])) {
        $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];
    }
}
if ($_SERVER['REQUEST_URI']) {
    $temp = urldecode($_SERVER['REQUEST_URI']);
    if (strexists($temp, '<') || strexists($temp, '"')) {
        $_GET = shtmlspecialchars($_GET);
        //XSS
    }
}
//判断用户登录状态
checkauth();
$_SGLOBAL['uhash'] = md5($_SGLOBAL['supe_uid'] . "\t" . substr($_SGLOBAL['timestamp'], 0, 6));
//用户菜单
getuserapp();
//处理UC应用
$_SCONFIG['uc_status'] = 0;
$_SGLOBAL['appmenus'] = $_SGLOBAL['appmenu'] = array();
if ($_SGLOBAL['app']) {
    foreach ($_SGLOBAL['app'] as $appid => $value) {
        if (UC_APPID != $appid) {
            $_SCONFIG['uc_status'] = 1;
Exemple #27
0
    $passwordstyle = $selectgroupstyle = 'display:none';
    if ($blog['friend'] == 4) {
        $passwordstyle = '';
    } elseif ($blog['friend'] == 2) {
        $selectgroupstyle = '';
        if ($blog['target_ids']) {
            $names = array();
            $query = $_SGLOBAL['db']->query("SELECT username FROM " . tname('space') . " WHERE uid IN ({$blog['target_ids']})");
            while ($value = $_SGLOBAL['db']->fetch_array($query)) {
                $names[] = $value['username'];
            }
            $blog['target_names'] = implode(' ', $names);
        }
    }
    $blog['message'] = str_replace('&amp;', '&amp;amp;', $blog['message']);
    $blog['message'] = shtmlspecialchars($blog['message']);
    $allowhtml = checkperm('allowhtml');
    //好友组
    $groups = getfriendgroup();
    //参与热点
    $topic = array();
    $topicid = $_GET['topicid'] = intval($_GET['topicid']);
    if ($topicid) {
        $topic = topic_get($topicid);
    }
    if ($topic) {
        $actives = array('blog' => ' class="active"');
    }
    //菜单激活
    $menuactives = array('space' => ' class="active"');
}
Exemple #28
0
	[UCenter Home] (C) 2007-2008 Comsenz Inc.
	$Id: link.php 10953 2009-01-12 02:55:37Z liguode $
*/

include_once('./common.php');

if(empty($_GET['url'])) {
	showmessage('do_success', $refer, 0);
} else {
	$url = $_GET['url'];
	if(!$_SCONFIG['linkguide']) {
		showmessage('do_success', $url, 0);//直接跳转
	}
}

$space = array();
if($_SGLOBAL['supe_uid']) {
	$space = getspace($_SGLOBAL['supe_uid']);
}
if(empty($space)) {
	//游客直接跳转
	showmessage('do_success', $url, 0);
}

$url = shtmlspecialchars($url);
if(!preg_match("/^http\:\/\//i", $url)) $url = "http://".$url;

//模板调用
include_once template("iframe");

?>
Exemple #29
0
     show_msg('UCenter 服务端字符集与当前应用的字符集不同,请下载 ' . $ucdbcharset . ' 编码的 SupeSite 进行安装,下载地址:http://download.comsenz.com/');
 }
 $tagtemplates = 'apptagtemplates[template]=' . urlencode('<a href="{url}" target="_blank">{subject}</a>') . '&' . 'apptagtemplates[fields][subject]=' . urlencode('资讯标题') . '&' . 'apptagtemplates[fields][url]=' . urlencode('资讯地址');
 $uri = $_SERVER['REQUEST_URI'] ? $_SERVER['REQUEST_URI'] : ($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']);
 $app_url = strtolower(substr($_SERVER['SERVER_PROTOCOL'], 0, strpos($_SERVER['SERVER_PROTOCOL'], '/'))) . '://' . $_SERVER['HTTP_HOST'] . substr($uri, 0, strrpos($uri, '/install/'));
 $app_name = trim($_POST['sitename']);
 $postdata = "m=app&a=add&ucfounder=&ucfounderpw=" . urlencode($_POST['ucfounderpw']) . "&apptype=" . urlencode('SUPESITE') . "&appname=" . urlencode($app_name) . "&appurl=" . urlencode($app_url) . "&appip=&appcharset=" . $_SC['charset'] . '&appdbcharset=' . $_SC['dbcharset'] . '&release=' . UC_CLIENT_RELEASE . '&' . $tagtemplates;
 $s = sfopen($ucapi . '/index.php', 500, $postdata, '', 1, $ucip);
 if (empty($s)) {
     show_msg('UCenter用户中心无法连接');
 } elseif ($s == '-1') {
     show_msg('UCenter管理员帐号密码不正确');
 } else {
     $ucs = explode('|', $s);
     if (empty($ucs[0]) || empty($ucs[1])) {
         show_msg('UCenter返回的数据出现问题,请参考:<br />' . shtmlspecialchars($s));
     } else {
         //处理成功
         $apphidden = '';
         //验证是否可以直接联接MySQL
         $link = mysql_connect($ucs[2], $ucs[4], $ucs[5], 1);
         $connect = $link && mysql_select_db($ucs[3], $link) ? 'mysql' : '';
         //返回
         foreach (array('key', 'appid', 'dbhost', 'dbname', 'dbuser', 'dbpw', 'dbcharset', 'dbtablepre', 'charset') as $key => $value) {
             if ($value == 'dbtablepre') {
                 $ucs[$key] = '`' . $ucs[3] . '`.' . $ucs[$key];
             }
             $apphidden .= "<input type=\"hidden\" name=\"uc[{$value}]\" value=\"" . $ucs[$key] . "\" />";
         }
         //内置
         $apphidden .= "<input type=\"hidden\" name=\"uc[connect]\" value=\"{$connect}\" />";
//取得单个数据
$thevalue = $list = array();
$_GET['gid'] = empty($_GET['gid'])?0:intval($_GET['gid']);
if($_GET['gid']) {
	$query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('usergroup')." WHERE gid='$_GET[gid]'");
	if(!$thevalue = $_SGLOBAL['db']->fetch_array($query)) {
		cpmessage('user_group_does_not_exist');
	}
	$thevalue['magicaward'] = unserialize($thevalue['magicaward']);
}

if(submitcheck('thevaluesubmit')) {

	//用户组名
	$_POST['set']['grouptitle'] = shtmlspecialchars($_POST['set']['grouptitle']);
	if(empty($_POST['set']['grouptitle'])) cpmessage('user_group_were_not_empty');
	$setarr = array('grouptitle' => $_POST['set']['grouptitle']);

	//系统
	if(isset($thevalue['system'])) {
		$_POST['set']['system'] = $thevalue['system'];
	} else {
		$_POST['set']['system'] = intval($_POST['set']['system']);
	}
	if(empty($_POST['set']['system'])) {
		//普通用户组
		$_POST['set']['explower'] = empty($_POST['set']['explower'])?0:intval($_POST['set']['explower']);
		if($_POST['set']['explower'] > 999999999 || $_POST['set']['explower'] < -999999999) cpmessage('integral_limit_error');
		$lowgid = $_SGLOBAL['db']->result($_SGLOBAL['db']->query("SELECT gid FROM ".tname('usergroup')." where explower = '{$_POST['set']['explower']}'  AND system='0'"), 0);
		if(!empty($lowgid) && $lowgid != $_GET['gid']) {