<?php

require dirname(__FILE__) . "/global.php";
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
$where1 = "";
$where2 = "";
if (isset($_GET['name']) && !empty($_GET['name'])) {
    $name = trim(strtolower(strAddslashes($_GET['name'])));
    $where1 = "WHERE lower(`name`) LIKE '" . $name . "%'";
    $where2 = "WHERE lower(I.`name`) LIKE '" . $name . "%'";
}
$forumArr = $QA->getForumList($where1, $where2, $page, "30");
$DB->close();
unset($DB, $QA);
$tmp =& myTpl("forum_list.html");
$tmp->assign('codeName', $code_name);
$tmp->assign('codeVersion', $code_version);
$tmp->assign('siteName', $site_name);
$tmp->assign('siteDomain', $site_domain);
$tmp->assign('siteCatalog', $site_catalog);
$tmp->assign('forumArr', $forumArr);
$tmp->output();
Exemple #2
0
<?php

require dirname(__FILE__) . "/global.php";
if (isset($_GET['do'], $_POST['username'], $_POST['userpwd'], $_POST['repwd'], $_POST['useremail']) && $_GET['do'] == "reg") {
    $uname = strAddslashes(trim($_POST['username']));
    $checkname = usernameCheck($uname);
    if (!empty($checkname)) {
        die("1 " . $checkname);
    }
    $passwd = stripslashes(trim($_POST['userpwd']));
    $repasswd = stripslashes(trim($_POST['repwd']));
    if (strlen($passwd) < 6 || strlen($passwd) > 18) {
        die("1 密码长度应控制在6至18个字符之间。");
    }
    if ($passwd != $repasswd) {
        die("1 两次输入的密码不一致。");
    }
    $email = strtolower(trim($_POST['useremail']));
    if (strlen($email) > 45 || !emailcheck($email)) {
        die("1 电子邮件地址不合法。");
    }
    $actionTime = time();
    $actionIp = getClientIP();
    $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
    if ($DB->fetch_one("SELECT COUNT(`bid`) FROM `" . $table_black . "` WHERE `uname`='" . $actionIp . "'") != 0) {
        echo "1 很抱歉,系统拒绝了您的注册!请与管理员联系。";
    } else {
        if ($DB->fetch_one("SELECT COUNT(`uid`) FROM `" . $table_member . "` WHERE lower(`name`)='" . strtolower($uname) . "'") != 0) {
            echo "1 用户昵称已被占用";
        } else {
            if ($DB->fetch_one("SELECT COUNT(`uid`) FROM `" . $table_member . "` WHERE `email` = '" . $email . "'") != 0) {
<?php

require dirname(__FILE__) . "/global.php";
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
$where = "";
if (isset($_GET['te'], $_GET['wd']) && !empty($_GET['wd'])) {
    $keyword = strAddslashes(strtolower(trim($_GET['wd'])));
    if ($_GET['te'] == "uid" && is_numeric($keyword) && $keyword >= 1) {
        $where = "WHERE `uid` = " . $keyword;
    }
    if ($_GET['te'] == "name") {
        $where = "WHERE lower(`name`) LIKE '" . $keyword . "%'";
    }
    if ($_GET['te'] == "email" && emailcheck($keyword)) {
        $where = "WHERE `email` = '" . $keyword . "'";
    }
}
$MemberArr = $QA->getMember($where, $page, 30);
$DB->close();
unset($DB, $QA);
$tmp =& myTpl("user_list.html");
$tmp->assign('codeName', $code_name);
$tmp->assign('codeVersion', $code_version);
$tmp->assign('siteName', $site_name);
$tmp->assign('siteDomain', $site_domain);
$tmp->assign('siteCatalog', $site_catalog);
$tmp->assign('MemberArr', $MemberArr);
$tmp->output();
                }
            }
            if ($DB->query("UPDATE `" . $table_forum . "` SET `friend`='" . substr($friendBar, 0, -1) . "' WHERE `fid`=" . $fid)) {
                echo "1";
            }
        }
        $DB->close();
    }
    exit;
}
if (isset($_GET['fid']) && is_numeric($_GET['fid']) && $_GET['fid'] >= 1) {
    $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
    $forumArr = $QA->getForumInfo($_GET['fid']);
    if (!empty($forumArr['fid'])) {
        if (isset($_POST['name'], $_POST['category'], $_POST['intro'], $_POST['push'])) {
            $name = strAddslashes(trim($_POST['name']));
            $cid = $_POST['category'];
            $intro = filterCode($_POST['intro']);
            $push = $_POST['push'];
            if (empty($name) || getStrlen($name) > 15 || !wordCheck($name)) {
                echo "<script>alert('换一个吧名吧');</script>";
            } else {
                $BId = $DB->fetch_one("SELECT `fid` FROM `" . $table_forum . "` WHERE lower(`name`)='" . strtolower($name) . "'");
                if (!empty($BId) && $BId != $forumArr['fid']) {
                    echo "<script>alert('该吧已存在,请更换吧名。');</script>";
                } else {
                    if (getStrlen($intro) > 90) {
                        echo "<script>alert('吧简介不能超过90个字');</script>";
                    } else {
                        $forumInfo['cid'] = $cid;
                        $forumInfo['name'] = $name;
Exemple #5
0
require dirname(__FILE__) . "/global.php";
if (isset($_GET['do']) && $_GET['do'] == "logout") {
    foreach ($_COOKIE as $key => $val) {
        setcookie($key, '', time() - 3600, $cookie_path, $cookie_domain);
    }
    if (isset($_SERVER['HTTP_REFERER'])) {
        $backUrl = $_SERVER['HTTP_REFERER'];
    } else {
        $backUrl = "./";
    }
    header("location:" . $backUrl);
} else {
    if (isset($_GET['do']) && $_GET['do'] == "login") {
        if (isset($_POST['login-user'], $_POST['login-pwd'])) {
            $loginUser = strAddslashes(trim($_POST['login-user']));
            $loginPwd = stripslashes(trim($_POST['login-pwd']));
            if (strlen($loginUser) < 2 || strlen($loginUser) > 45 || strlen($loginPwd) < 6 || strlen($loginPwd) > 18) {
                echo "0 用户名或者密码不符合要求";
            } else {
                $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
                if (!emailcheck($loginUser)) {
                    $LoginType = "lower(`name`)";
                } else {
                    $LoginType = "`email`";
                }
                $userArr = $TB->getMemberInfo($LoginType, strtolower($loginUser));
                if (!empty($userArr['uid'])) {
                    if ($userArr['password'] == md5($loginPwd)) {
                        $loginTime = time();
                        $loginIp = getClientIP();
     echo "<script>top.location.href='./';</script>";
 } else {
     for ($i = 0; $i < count($ForumArr['moderator']); $i++) {
         if ($ForumArr['moderator'][$i]['uid'] == $loginArr['uid']) {
             $isModerator = 1;
         }
     }
     if (!isset($isModerator)) {
         if ($site_rewrite) {
             echo "<script>top.location.href='./bar-" . $ForumArr['fid'] . "-1.html';</script>";
         } else {
             echo "<script>top.location.href='./forum.php?fid=" . $ForumArr['fid'] . "';</script>";
         }
     } else {
         if (isset($_GET['do'], $_POST['bar']) && $_GET['do'] == "append") {
             $forumName = strAddslashes(trim($_POST['bar']));
             if (empty($forumName) || !wordCheck($forumName)) {
                 echo "<script>alert('请输入正确的同盟吧吧名');</script>";
             } else {
                 $FSQL = "SELECT `fid`,`name` FROM `" . $table_forum . "` WHERE lower(`name`)='" . strtolower($forumName) . "'";
                 $FriendArr = $DB->fetch_one_array($FSQL);
                 if (empty($FriendArr['fid']) || $FriendArr['fid'] == $ForumArr['fid']) {
                     echo "<script>alert('吧名无效');</script>";
                 } else {
                     for ($j = 0; $j < count($ForumArr['friend']); $j++) {
                         if ($ForumArr['friend'][$j]['fid'] == $FriendArr['fid']) {
                             $isFriend = 1;
                         }
                     }
                     if (isset($isFriend)) {
                         echo "<script>alert('该同盟吧已存在');</script>";
Exemple #7
0
        if ($DB->fetch_one("SELECT COUNT(`cid`) FROM `" . $table_catalog . "` WHERE `fatherid`=" . $cId) == 0) {
            if ($DB->query("DELETE FROM `" . $table_catalog . "` WHERE `cid`=" . $cId)) {
                echo "1";
            } else {
                echo "0";
            }
        } else {
            echo "2";
        }
    }
    $DB->close();
    exit;
}
if (isset($_GET['action'], $_POST['father'], $_POST['name'], $_POST['cid']) && $_GET['action'] == "do") {
    $fatherId = $_POST['father'];
    $name = trim(strAddslashes($_POST['name']));
    $cid = $_POST['cid'];
    if (empty($name) || !wordCheck($name) || getStrlen($name) > 15) {
        echo "<script>alert('名称不合法');</script>";
    } else {
        if ($fatherId > 0 && $DB->fetch_one("SELECT COUNT(`cid`) FROM `" . $table_catalog . "` WHERE `cid`=" . $fatherId) < 1) {
            echo "<script>alert('上级目录不存在');</script>";
        } else {
            $infoArr['fatherid'] = $fatherId;
            $infoArr['name'] = $name;
            if (empty($cid)) {
                $Sql = $DB->insert_sql("`" . $table_catalog . "`", $infoArr);
            } else {
                $Sql = $DB->update_sql("`" . $table_catalog . "`", $infoArr, "`cid`=" . $cid);
            }
            if ($DB->query($Sql)) {
        $forumArr = $DB->fetch_one_array("SELECT `name`,`synopsis` FROM `" . $table_temp . "` WHERE `fid`=" . $_POST['forumId']);
        if (!empty($forumArr['name'])) {
            $infoArr['cid'] = "0";
            $infoArr['name'] = $forumArr['name'];
            $infoArr['synopsis'] = $forumArr['synopsis'];
            $infoArr['moderator'] = "";
            $infoArr['friend'] = "";
            if ($DB->fetch_one("SELECT COUNT(`fid`) FROM `" . $table_forum . "` WHERE `name`='" . $forumArr['name'] . "'") == 0) {
                $DB->query($DB->insert_sql("`" . $table_forum . "`", $infoArr));
            }
        }
    }
    $DB->query("DELETE FROM `" . $table_temp . "` WHERE `fid`=" . $_POST['forumId']);
    $DB->close();
    die("1");
}
$where = "";
if (isset($_GET['name']) && !empty($_GET['name'])) {
    $where = "WHERE lower(`name`) LIKE '" . trim(strtolower(strAddslashes($_GET['name']))) . "%'";
}
$forumArr = $QA->getForumTemp($where, $page, "30");
$DB->close();
unset($DB, $QA);
$tmp =& myTpl("forum_temp.html");
$tmp->assign('codeName', $code_name);
$tmp->assign('codeVersion', $code_version);
$tmp->assign('siteName', $site_name);
$tmp->assign('siteDomain', $site_domain);
$tmp->assign('siteCatalog', $site_catalog);
$tmp->assign('forumArr', $forumArr);
$tmp->output();
<?php

require dirname(__FILE__) . "/global.php";
$dbFile = dirname(__FILE__) . "/../database/db.filter.php";
if (isset($_GET['action']) && $_GET['action'] == "update") {
    if (isset($_POST['ID'], $_POST['OLD'], $_POST['NEW'])) {
        $filterWords = array();
        $IdNum = count($_POST['ID']) - 1;
        for ($i = 0; $i <= $IdNum; $i++) {
            $OldWord = strAddslashes(trim($_POST['OLD'][$i]));
            $NewWord = strAddslashes(trim($_POST['NEW'][$i]));
            if (!empty($OldWord) && !empty($NewWord)) {
                $filterWords[] = array($OldWord, $NewWord);
            }
        }
        if (@is_writable($dbFile)) {
            $handle = @fopen($dbFile, 'w');
            if (@flock($handle, LOCK_EX)) {
                @fwrite($handle, '<?php exit;?>' . serialize($filterWords));
                @flock($handle, LOCK_UN);
            }
            @fclose($handle);
            die("<script>alert('更新成功');</script>");
        } else {
            die("<script>alert('数据文件不可写');</script>");
        }
    }
}
$filterWords = unserialize(substr(file_get_contents($dbFile), 13));
$tmp =& myTpl("set_filter.html");
$tmp->assign('codeName', $code_name);