Esempio n. 1
0
function pkpost($cacheinfo, $cp = 1)
{
    global $_G, $_SGLOBAL, $theurl, $mname, $checkresults;
    $itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0;
    $hash = '';
    $op = 'add';
    $mustverify = false;
    $resultitems = $resultmessage = $updateitem = array();
    $modelsinfoarr = $cacheinfo['models'];
    $columnsinfoarr = $cacheinfo['columns'];
    $feedcolum = array();
    foreach ($columnsinfoarr as $result) {
        if ($mname == "groupbuy" && preg_match('/^user_|^ext_/', $result['fieldname'])) {
            continue;
        }
        if ($result['isfixed'] == 1) {
            $resultitems[] = $result;
        } else {
            $resultmessage[] = $result;
        }
        if ($result['formtype'] == 'linkage') {
            if (!empty($_POST[$result['fieldname']])) {
                $_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]];
            }
        } elseif ($result['formtype'] == 'timestamp') {
            if (empty($_POST[$result['fieldname']])) {
                $_POST[$result['fieldname']] = $_G['timestamp'];
            } else {
                $_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]);
            }
        }
    }
    //輸入檢查
    $_POST['subject'] = trim(strip_tags($_POST['subject']));
    $itemid = $_POST['itemid'];
    $checkresults = array();
    if (bstrlen($_POST['subject']) < 1 || bstrlen($_POST['subject']) > 80) {
        array_push($checkresults, array('subject' => lang('space_suject_length_error')));
    }
    //數據檢查
    checkvalues(array_merge($resultitems, $resultmessage), 1, 1);
    //商品價格處理 Start
    if ($modelsinfoarr['modelname'] == 'good') {
        if ($_POST['minprice'] > 0 && $_POST['maxprice'] > 0 && $_POST['maxprice'] < $_POST['minprice']) {
            array_push($checkresults, array('maxprice' => lang('maxprice_must_big_then_minprice')));
        }
    }
    //商品價格處理 End
    //修改時檢驗標題圖片是否修改
    $defaultmessage = array();
    if (!empty($itemid)) {
        if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) {
            //當file刪除時,或修改時執行刪除操作
            $query = DB::query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\'');
            $defaultmessage = DB::fetch($query);
            $hash = getmodelhash($modelsinfoarr['mid'], $itemid);
            deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage'));
            //刪除附件表
            updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid));
            $ext = fileext($defaultmessage['subjectimage']);
            if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
                @unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg');
            }
            @unlink(A_DIR . '/' . $defaultmessage['subjectimage']);
        }
    }
    //構建數據
    $setsqlarr = $setitemsqlarr = array();
    $setsqlarr = getsetsqlarr($resultitems);
    $itemgrade = DB::result_first("SELECT grade FROM " . tname($mname . "items") . " WHERE itemid = '{$itemid}'");
    if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
        $setsqlarr['subjectimage'] = $_POST['subjectimage_value'];
    }
    if (empty($_POST['catid']) || $_POST['catid'] < 0) {
        array_push($checkresults, array('catid' => lang('cat_not_selected')));
    }
    $setsqlarr['catid'] = $_POST['catid'];
    if ($modelsinfoarr['modelname'] != 'shop') {
        //限制必填信息所屬店舖
        if (pkperm('isadmin')) {
            if (empty($_POST['shopid'])) {
                array_push($checkresults, array('shopid' => lang('please_select_shopid')));
            }
            $setsqlarr['shopid'] = intval($_POST['shopid']);
        } else {
            $setsqlarr['shopid'] = $_G['myshopid'];
        }
    } else {
        $setsqlarr['letter'] = !empty($_POST['letter']) ? trim($_POST['letter']) : getletter(trim($_POST['subject']));
        $setsqlarr['keywords'] = trim(strip_tags($_POST['keywords']));
        $setsqlarr['description'] = trim(strip_tags($_POST['description']));
        if (!empty($_POST['syncfid'])) {
            require_once B_ROOT . './api/bbs_syncpost.php';
            if (checkbbsfid($_POST['syncfid'])) {
                $setsqlarr['syncfid'] = intval($_POST['syncfid']);
            } else {
                array_push($checkresults, array('syncfid' => lang('syncfid_noexists')));
            }
        }
    }
    $setsqlarr['subject'] = $_POST['subject'];
    $setsqlarr['allowreply'] = 1;
    if (!empty($checkresults)) {
        cpmsg('addobject_error', '', '', '', true, true, $checkresults);
    }
    if (pkperm('isadmin')) {
        $setsqlarr['grade'] = isset($_POST['grade']) ? $_POST['grade'] : 3;
    } elseif ($_G['myshopstatus'] == 'verified') {
        if (in_array($modelsinfoarr['modelname'], array('good', 'notice', 'consume', 'album', 'groupbuy')) && $itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
            $setsqlarr['grade'] = !empty($itemid) ? 5 : 0;
            if (!empty($itemid)) {
                if (in_array($_POST['grade'], array(2, 3))) {
                    $setsqlarr['grade'] = $_POST['grade'];
                }
            }
            $mustverify = true;
        } else {
            if (in_array($_POST['grade'], array(2, 3))) {
                $setsqlarr['grade'] = $_POST['grade'];
            } else {
                $setsqlarr['grade'] = $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']] ? 0 : 3;
            }
        }
    } elseif ($_G['myshopstatus'] == 'unverified') {
        $setsqlarr['grade'] = 0;
    }
    $setsqlarr['dateline'] = $_G['timestamp'];
    $setsqlarr['uid'] = $_G['uid'];
    $setsqlarr['username'] = $_G['username'];
    $setsqlarr['lastpost'] = $setsqlarr['dateline'];
    // 標題圖片處理 Start
    if (!empty($modelsinfoarr['thumbsize'])) {
        $modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize']));
        $modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0];
        $modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1];
    }
    if ($_POST['imagetype'] == 0 && $modelsinfoarr['modelname'] == 'consume' && $_G['setting']['allowcreateimg']) {
        if ($_GET['action'] == 'add') {
            $hotline = $_SGLOBAL['panelinfo']['tel'];
            $address = $_SGLOBAL['panelinfo']['address'];
        } else {
            $shopinfo = DB::fetch(DB::query("SELECT tel, address FROM " . tname('shopitems') . " WHERE itemid='{$setsqlarr['shopid']}'"));
            $hotline = $shopinfo['tel'];
            $address = $shopinfo['address'];
        }
        $dealer_name = DB::result_first("SELECT subject FROM " . tname('shopitems') . " WHERE itemid='{$setsqlarr['shopid']}'");
        $createimgarr = array('id' => intval($_POST['imgtplid']), 'mid' => intval($modelsinfoarr['mid']), 'itemid' => intval($itemid), 'coupon_title' => $setsqlarr['subject'], 'dealer_id' => $setsqlarr['uid'], 'dealer_name' => $dealer_name, 'begin_date' => date('Y-m-d', $setsqlarr['validity_start']), 'end_date' => date('Y-m-d', $setsqlarr['validity_end']), 'brief' => trim($_POST['message']), 'exception' => trim($_POST['exception']), 'address' => $address, 'hotline' => $hotline, 'subjectimagewidth' => $modelsinfoarr['subjectimagewidth'], 'subjectimageheight' => $modelsinfoarr['subjectimageheight']);
        require_once B_ROOT . './source/adminfunc/tool.func.php';
        if ($consumeimgpath = image_text($createimgarr)) {
            $setsqlarr['subjectimage'] = $consumeimgpath;
            $setsqlarr['imagetype'] = 0;
            $setsqlarr['imgtplid'] = intval($_POST['imgtplid']);
        }
    } else {
        $uploadfilearr = $ids = array();
        $subjectimageid = '';
        $uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => '圖片標題', 'formtype' => 'img')), $modelsinfoarr['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']);
        if (!empty($uploadfilearr)) {
            $feedsubjectimg = $uploadfilearr;
            foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
                if (empty($tmpvalue['error'])) {
                    $setsqlarr[$tmpkey] = $tmpvalue['filepath'];
                }
                if (!empty($tmpvalue['aid'])) {
                    $ids[] = $tmpvalue['aid'];
                }
            }
        }
        if ($modelsinfoarr['modelname'] == 'consume') {
            $setsqlarr['imagetype'] = 1;
        }
    }
    /* --------- 標題圖片處理 End --------------*/
    //詞語過濾
    if (!empty($modelsinfoarr['allowfilter'])) {
        $setsqlarr = scensor($setsqlarr, 1);
    }
    //發佈時間
    $setsqlarr['dateline'] = $_G['timestamp'];
    // 商品添加簡介
    if ($mname == "good") {
        $setsqlarr['intro'] = trim(strip_tags($_POST['intro']));
    }
    if (empty($itemid)) {
        //插入數據
        $itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1);
        if (in_array($modelsinfoarr['modelname'], array('good', 'notice', 'consume', 'album', 'groupbuy'))) {
            itemnumreset($modelsinfoarr['modelname'], $setsqlarr['shopid']);
        }
    } else {
        $_SGLOBAL['itemupdate'] = 1;
        //更新
        $op = 'update';
        unset($setsqlarr['uid']);
        unset($setsqlarr['username']);
        unset($setsqlarr['lastpost']);
        if ($itemgrade == 1 && !pkperm('isadmin')) {
            $setsqlarr['grade'] = 0;
        } elseif ($itemgrade == 1 && pkperm('isadmin')) {
            $setsqlarr['grade'] = 1;
        } elseif ($itemgrade == 0 && !pkperm('isadmin')) {
            $setsqlarr['grade'] = 0;
        } elseif ($itemgrade == 0 && pkperm('isadmin')) {
            $setsqlarr['grade'] = 0;
        }
        if (pkperm('isadmin')) {
            //站長可以post任何數據
            updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid));
            //權限限制
        } else {
            // 店長不允許更改店舖組
            unset($setsqlarr['groupid']);
            if ($modelsinfoarr['modelname'] == 'shop') {
                unset($setsqlarr['validity_start']);
                unset($setsqlarr['validity_end']);
                if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
                    $updatesqlarr = $setsqlarr;
                } else {
                    //店長提交店舖權限檢查
                    updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $_G['myshopid']));
                }
            } else {
                if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
                    $updatesqlarr = $setsqlarr;
                } else {
                    //店長只能更改管理的店舖的信息
                    updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid, 'shopid' => $_G['myshopid']));
                }
            }
        }
        $query = DB::query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE itemid = \'' . $itemid . '\'');
        $defaultmessage = DB::fetch($query);
    }
    $hash = getmodelhash($modelsinfoarr['mid'], $itemid);
    if (!empty($ids)) {
        $ids = simplode($ids);
        DB::query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
    }
    $do = 'pass';
    if ($op == 'update' && !$_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
        if (!empty($resultmessage)) {
            foreach ($resultmessage as $value) {
                if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) {
                    if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) {
                        //當file刪除時,或修改時執行刪除操作
                        deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname']));
                        //刪除附件表
                        updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('itemid' => $itemid));
                        @unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg');
                        @unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']] . '.thumb.jpg');
                        @unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]);
                    }
                }
            }
        }
    }
    //內容
    $setsqlarr = $uploadfilearr = $ids = array();
    $setsqlarr = getsetsqlarr($resultmessage);
    $uploadfilearr = $feedcolum = uploadfile($resultmessage, $modelsinfoarr['modelname'], $itemid, 0);
    $setsqlarr['message'] = trim($_POST['message']);
    $setsqlarr['message'] = saddslashes(html2bbcode(stripslashes($setsqlarr['message'])));
    if ($modelsinfoarr['modelname'] == 'consume') {
        $setsqlarr['exception'] = trim($_POST['exception']);
    }
    if ($_POST['imagetype'] == 0 && $modelsinfoarr['modelname'] == 'consume' && $_G['setting']['allowcreateimg']) {
        $setsqlarr['address'] = trim($_POST['address']);
        $setsqlarr['hotline'] = trim($_POST['hotline']);
    }
    $setsqlarr['postip'] = $_G['clientip'];
    if ($modelsinfoarr['modelname'] == 'shop' && $itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
        $setsqlarr['banner'] = $_POST['banner_value'];
        $setsqlarr['windowsimg'] = $_POST['windowsimg_value'];
    }
    if (!empty($uploadfilearr)) {
        foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
            if (empty($tmpvalue['error'])) {
                $setsqlarr[$tmpkey] = $tmpvalue['filepath'];
            }
            if (!empty($tmpvalue['aid'])) {
                $ids[] = $tmpvalue['aid'];
            }
        }
    }
    //添加內容
    if (!empty($modelsinfoarr['allowfilter'])) {
        $setsqlarr = scensor($setsqlarr, 1);
    }
    if ($op == 'add') {
        $setsqlarr['itemid'] = $itemid;
        //添加內容
        inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr);
    } else {
        if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']] && !pkperm('isadmin')) {
            $_SGLOBAL['updatesqlarr'] = array_merge($updatesqlarr, $setsqlarr);
        } else {
            //更新內容
            updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid));
        }
    }
    updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash));
    return $itemid;
}
Esempio n. 2
0
    } else {
        cpmsg('no_item', 'admin.php?action=commentmodel');
    }
}
if (($_GET['op'] == 'edit' || $_GET['op'] == 'add') && !empty($_POST['valuesubmit'])) {
    $scorename = '';
    $scorearr = array();
    $_POST['modelname'] = trim($_POST['modelname']);
    if (empty($_POST['modelname']) || bstrlen($_POST['modelname']) > 10) {
        array_push($checkresults, array('modelname' => lang('commentmodel_modelname_length_error')));
    }
    $notfillednum = $fillednum = 0;
    for ($i = 1; $i <= 8; $i++) {
        $_POST['score' . $i] = trim($_POST['score' . $i]);
        if (!empty($_POST['score' . $i])) {
            if (bstrlen($_POST['score' . $i]) > 10) {
                array_push($checkresults, array('score' . $i => lang('commentmodel_modelname_length_error')));
            }
            $scorearr[$i] = $_POST['score' . $i];
            $fillednum++;
        } else {
            $notfillednum++;
        }
    }
    if ($notfillednum == 8) {
        cpmsg('commentmodel_score_notwrite');
    }
    if (!empty($checkresults)) {
        cpmsg('add_error', '', 'error', '', true, true, $checkresults);
    }
    $scorename = serialize($scorearr);
Esempio n. 3
0
         array_push($checkresults, array('message' => $lang['no_login']));
     }
 }
 $table_name = ($ismodle ? $type : 'space') . 'items';
 $query = DB::query('SELECT * FROM ' . tname($table_name) . ' WHERE itemid=\'' . $itemid . '\' AND allowreply=\'1\'');
 if (!($item = DB::fetch($query))) {
     array_push($checkresults, array('message' => $lang['no_permission']));
 }
 $_POST['commentmessage'] = shtmlspecialchars(trim($_POST['commentmessage']));
 if ($_POST['commentmessage'] == $_G['setting']['commdefault'] || bstrlen($_POST['commentmessage']) < 1 || bstrlen($_POST['commentmessage']) > 250) {
     array_push($checkresults, array('commentmessage' => $lang['wordlimited']));
 }
 if (!empty($commentscorestr)) {
     $rootcatid = getrootcatid($item['catid']);
     $scorenum = DB::result_first("SELECT cm.scorenum FROM " . tname('categories') . " c\n\t\t\t\t\t\t\t\t\t\tLEFT JOIN " . tname('commentmodels') . " cm ON cm.cmid=c.cmid\n\t\t\t\t\t\t\t\t\t\tWHERE c.catid = '{$rootcatid}'");
     if (bstrlen($commentscorestr) < $scorenum * 5) {
         array_push($checkresults, array('score' => $lang['scorelimited']));
     }
 }
 if (!empty($_G['setting']['commenttime']) && !ckfounder($_G['uid'])) {
     if ($_G['timestamp'] - $_G['member']['lastcommenttime'] < $_G['setting']['commenttime']) {
         array_push($checkresults, array('message' => $lang['comment_too_much']));
     }
 }
 if (!empty($checkresults)) {
     showmessage('comment_submit_error', '', '', '', $checkresults);
 }
 //更新用戶最新更新時間
 if ($_G['uid']) {
     updatetable('members', array('updatetime' => $_G['timestamp'], 'lastcommenttime' => $_G['timestamp']), array('uid' => $_G['uid']));
 }
Esempio n. 4
0
 *      This is NOT a freeware, use is subject to license terms
 *
 *      $Id: brandlinks.inc.php 4337 2010-09-06 04:48:05Z fanshengshuai $
 */
if (!defined('IN_STORE')) {
    exit('Acess Denied');
}
if ($_SGLOBAL['panelinfo']['enablebrandlinks'] < 1) {
    cpmsg('no_perm');
}
$op = trim($_GET['op']);
$linkid = empty($_REQUEST['linkid']) ? '' : intval($_REQUEST['linkid']);
$checkresults = array();
if (submitcheck('valuesubmit')) {
    $displayorder = !empty($_POST['displayorder']) ? intval($_POST['displayorder']) : 100;
    if (empty($_POST['name']) || bstrlen(trim($_POST['name'])) > 30) {
        array_push($checkresults, array('name' => lang('addbrandlinks_name_error')));
    }
    if (empty($_POST['url'])) {
        array_push($checkresults, array('url' => lang('addbrandlinks_url_error')));
    }
    if (!empty($checkresults)) {
        cpmsg('add_error', '', 'error', '', true, true, $checkresults);
    }
    $setsqlarr = array('linkid' => $linkid, 'displayorder' => $displayorder, 'name' => trim($_POST['name']), 'url' => trim($_POST['url']), 'shopid' => $_SGLOBAL['panelinfo']['itemid']);
    inserttable('brandlinks', $setsqlarr, '', 1);
    if (empty($linkid)) {
        itemnumreset('brandlinks', $setsqlarr['shopid']);
    }
    $_BCACHE->deltype('storelist', 'brandlinks', $_G['myshopid']);
    cpmsg('addbrandlinks_success', $BASESCRIPT . '?action=brandlinks', 'succeed');
Esempio n. 5
0
function brandinformation()
{
    global $_G, $_SGLOBAL, $_SERVER;
    if (empty($_G['setting']['siteuniqueid']) || bstrlen($_G['setting']['siteuniqueid']) < 8 || strpos($_G['setting']['siteuniqueid'], 'PK') !== 0) {
        $_G['setting']['siteuniqueid'] = DB::result_first('SELECT value FROM ' . tname('settings') . " WHERE variable='siteuniqueid'");
        if (empty($_G['setting']['siteuniqueid']) || bstrlen($_G['setting']['siteuniqueid']) < 8 || strpos($_G['setting']['siteuniqueid'], 'PK') !== 0) {
            $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz';
            $_G['setting']['siteuniqueid'] = 'PK' . $chars[date('y') % 60] . $chars[date('n')] . $chars[date('j')] . $chars[date('G')] . $chars[date('i')] . $chars[date('s')] . substr(md5($_G['clientip'] . $_G['username'] . $_G['timestamp']), 0, 4) . random(4);
            DB::query('REPLACE INTO ' . tname('settings') . " (variable, value) VALUES ('siteuniqueid', '{$_G['setting']}[siteuniqueid]')");
            require_once B_ROOT . './source/function/cache.func.php';
            updatesettingcache();
        }
    }
    $update = array('id' => $_G['setting']['siteuniqueid'], 'version' => B_VER, 'release' => B_RELEASE, 'php' => PHP_VERSION, 'mysql' => DB::version(), 'charset' => $_G['charset'], 'siteurl' => $_G['setting']['siteurl'], 'sitename' => $_G['setting']['wwwname'] . '->' . $_G['setting']['sitename'], 'email' => $_G['member']['email']);
    $updatetime = @filemtime(B_ROOT . './data/updatetime.lock');
    if (empty($updatetime) || $_G['timestamp'] - $updatetime > 3600 * 4) {
        @touch(B_ROOT . './data/updatetime.lock');
        $update['members'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('members'));
        $update['shops'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('shopitems'));
        $update['discounts'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('shopitems') . " WHERE isdiscount='1'");
        $update['goods'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('gooditems'));
        $update['notices'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('noticeitems'));
        $update['consumes'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('consumeitems'));
        $update['albums'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('albumitems'));
        $update['albumsbbs'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('albumitems') . " WHERE frombbs='1'");
        $update['photos'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('photoitems'));
        $update['comments'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('spacecomments'));
        $update['commentscores'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('commentscores'));
        $update['links'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('brandlinks'));
        $update['reportlog'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('reportlog'));
        foreach (array('shop', 'good', 'notice', 'consume', 'album') as $value) {
            $update[$value . 'cates'] = count($_SGLOBAL[$value . 'cates']);
        }
    }
    $data = '';
    foreach ($update as $key => $value) {
        $data .= $key . '=' . rawurlencode($value) . '&';
    }
    return 'os=pk&update=' . rawurlencode(base64_encode($data)) . '&md5hash=' . substr(md5($_SERVER['HTTP_USER_AGENT'] . implode('', $update) . $_G['timestamp']), 8, 8) . '&timestamp=' . $_G['timestamp'];
}
Esempio n. 6
0
        cpmsg('message_success', 'admin.php?action=block');
    } else {
        cpmsg('notselect_item', 'admin.php?action=block');
    }
}
if (($_GET['op'] == 'edit' || $_GET['op'] == 'add') && !empty($_POST['valuesubmit'])) {
    $blockname = '';
    $blocksqlarr = array();
    $_POST['blocktype'] = 'sql';
    $_POST['blockname'] = trim($_POST['blockname']);
    $postarr = array();
    foreach ($_POST as $pkey => $pvalue) {
        $postarr[$pkey] = shtmlspecialchars($pvalue);
    }
    $blocktext = addslashes(serialize($postarr));
    if (empty($_POST['blockname']) || bstrlen($_POST['blockname']) > 10) {
        array_push($checkresults, array('blockname' => lang('block_blockname_length_error')));
    }
    $_POST['blocksql'] = getblocksql($_POST['blocksql']);
    $blockcodearr[] = 'sql/' . rawurlencode($_POST['blocksql']);
    $_POST['blockstart'] = intval($_POST['blockstart']);
    $_POST['blocklimit'] = intval($_POST['blocklimit']);
    if ($_POST['blocklimit'] < 1) {
        array_push($checkresults, array('blocklimit' => lang('block_thread_code_limit')));
    } else {
        $blockcodearr[] = 'limit/' . $_POST['blockstart'] . ',' . $_POST['blocklimit'];
    }
    if (!empty($_POST['tplname']) && !file_exists(B_ROOT . 'static/blockstyle/' . $_POST['tplname'] . '.html.php')) {
        array_push($checkresults, array('tplnameerror' => lang('block_tplname_error')));
    }
    if (!empty($checkresults)) {
Esempio n. 7
0
 if (submitcheck('attendsubmit')) {
     $checkunits = array(array('subject', '2', '30', $lang['attend_subject_error']), array('address', '5', '30', $lang['attend_address_error']));
     if (!empty($cacheinfo['columns'])) {
         foreach ($cacheinfo['columns'] as $column) {
             if ($column['allowpost'] == 1 && $column['allowshow'] == 1 && $column['formtype'] != 'img' && $column['isrequired'] == 1 && preg_match('/(^ext_)|(^applicant)/', $column['fieldname'])) {
                 $errormessage = !empty($lang['attend_' . $column['fieldname'] . '_error']) ? $lang['attend_' . $column['fieldname'] . '_error'] : ($column['fieldminlength'] < $column['fieldlength'] ? $column['fieldtitle'] . $lang['is'] . $column['fieldminlength'] . '-' . $column['fieldlength'] . $lang['word'] : $column['fieldlength'] . $lang['word']);
                 array_push($checkunits, array($column['fieldname'], $column['fieldminlength'], $column['fieldlength'], $errormessage));
             }
         }
     }
     $checkresults = array();
     foreach ($checkunits as $unit) {
         $intoarray = 0;
         if (empty($_POST[$unit[0]])) {
             $intoarray = 1;
         } elseif (bstrlen($_POST[$unit[0]]) < $unit[1] || bstrlen($_POST[$unit[0]]) > $unit[2]) {
             $intoarray = 1;
         } elseif (in_array($unit[0], array('applicantmobi', 'applicantpost')) && !is_numeric($_POST[$unit[0]])) {
             $intoarray = 1;
         }
         if ($intoarray == 1) {
             $checkresults[] = array($unit[0] => $unit[3]);
         }
     }
     if ($_POST['catid'] < 1) {
         array_push($checkresults, array('catid' => $lang['attend_cat_must_select']));
     }
     if ($_POST['region'] == -1) {
         array_push($checkresults, array('region' => $lang['attend_region']));
     }
     if (empty($_G['uid'])) {
Esempio n. 8
0
 *      [品牌空間] (C)2001-2010 Comsenz Inc.
 *      This is NOT a freeware, use is subject to license terms
 *
 *      $Id: report.php 4372 2010-09-08 08:13:42Z yumiao $
 */
require_once './common.php';
$result = '';
$id = intval($_REQUEST['id']);
$type = trim($_REQUEST['type']);
$reasonid = intval($_REQUEST['reasonid']);
if (empty($_G['uid'])) {
    $result = 'notlogin';
}
if (submitcheck('reportsubmit')) {
    $reason = shtmlspecialchars(trim($_POST['reason']));
    if (bstrlen($reason) < 1 || bstrlen($reason) > 250) {
        $result = 'message_length';
    } elseif (empty($reasonid) || $reasonid < 0) {
        $result = 'notselect_reasonid';
    } else {
        if (!$_G['myshopid']) {
            if (!empty($id) && !empty($type)) {
                if (DB::result_first("SELECT rid FROM " . tname('reportlog') . " WHERE type='{$type}' AND itemid='{$id}' AND uid='{$_G['uid']}'")) {
                    $result = 'only_allowto_report_once';
                } else {
                    $shopid = $type == 'shop' ? $id : DB::result_first("SELECT shopid FROM " . tname($type . 'items') . " WHERE itemid='{$id}'");
                    if ($shopid) {
                        $setsqlarr = array('type' => $type, 'itemid' => $id, 'uid' => $_G['uid'], 'username' => $_G['username'], 'status' => 1, 'reasonid' => $reasonid, 'reason' => $reason, 'shopid' => $shopid, 'dateline' => $_G['timestamp']);
                        $rid = inserttable('reportlog', $setsqlarr, 1);
                        if ($rid) {
                            DB::query("UPDATE " . tname($type . 'items') . " SET displayorder=displayorder+1, reportnum=reportnum+1 WHERE itemid='{$id}'");
Esempio n. 9
0
function change_row(&$im, $size, $angle, $x, $y, $str, $color, $font, $row_charnum)
{
    $searcharray = array("<br/>", "<BR/>", "<br>", "<BR>", "<p>", "</p>", "\\r", "\\n", "\r", "\n");
    $str = str_replace($searcharray, "!)@(", $str);
    $ex_arr = array();
    $ex_arr = explode("!)@(", $str);
    foreach ($ex_arr as $key => $value) {
        $arr = array();
        $count = bstrlen($value, 'utf8');
        $i = 0;
        while ($i < $count - 1) {
            if (function_exists('mb_substr')) {
                $arr[] = mb_substr($value, $i, $row_charnum, "utf-8");
            } else {
                $strcut = cutstr($value, $row_charnum, 0, 'utf8');
                $arr[] = $strcut;
                $value = str_replace($strcut, '', $value);
            }
            $i += $row_charnum;
        }
        if (is_array($arr)) {
            foreach ($arr as $key => $vl) {
                imagettftext($im, $size, $angle, $x, $y, $color, $font, $vl);
                $y += 18;
            }
        }
    }
}
Esempio n. 10
0
 function attach_upload($varname = 'Filedata', $multi = 0)
 {
     global $_G, $_FILES, $_POST, $_SGLOBAL, $_SC;
     $attachdir = A_DIR;
     $attacharray = $path_parts = array();
     $imageexists = 0;
     //static $imgext  = array('jpg', 'jpeg');
     $attach = $_FILES[$varname];
     if (empty($attach)) {
         return 0;
     }
     $attach_saved = false;
     $attach['uid'] = $_G['uid'];
     $filename = saddslashes($attach['name']);
     $attach['title'] = saddslashes(trim(strip_tags(rawurldecode($_POST['title']))));
     $path_parts = pathinfo($filename);
     $attach['ext'] = strtolower($path_parts['extension']);
     //if(!($attach['ext'] == 'jpg' && ($attach['type']=='image/jpeg' || $attach['type']=='application/octet-stream'))) {
     //	return false;
     //}
     // 文件大小檢測
     if (!$this->check_attach_size($attach['size'])) {
         @unlink($attach['tmp_name']);
         return -1;
     }
     $attach['isimage'] = 1;
     $attach['thumb'] = 0;
     $attach['name'] = htmlspecialchars($attach['name'], ENT_QUOTES);
     $attach['name'] = biconv($attach['name'], 'UTF-8', $_G['charset']);
     $attach['title'] = biconv($attach['title'], 'UTF-8', $_G['charset']);
     if (bstrlen($attach['name']) > 45) {
         $attach['name'] = 'abbr_' . md5($attach['name']) . '.' . $attach['ext'];
     }
     if (!is_dir($attachdir . '/photo')) {
         @mkdir($attachdir . '/photo', 0777);
         @fclose(fopen($attachdir . '/photo/index.htm', 'w'));
     }
     $attach_subdir = 'photo/month_' . date('ym');
     $attach_dir = $attachdir . '/' . $attach_subdir;
     if (!is_dir($attach_dir)) {
         @mkdir($attach_dir, 0777);
         @fclose(fopen($attach_dir . '/index.htm', 'w'));
     }
     $attach['attachment'] = $attach_subdir . '/';
     $attach['attachment'] .= date('ymdHi') . substr(md5($filename . microtime() . random(6)), 8, 16) . '.' . $attach['ext'];
     $target = $attachdir . '/' . $attach['attachment'];
     if (@copy($attach['tmp_name'], $target) || function_exists('move_uploaded_file') && @move_uploaded_file($attach['tmp_name'], $target)) {
         @unlink($attach['tmp_name']);
         $attach_saved = true;
     }
     if (!$attach_saved && @is_readable($attach['tmp_name'])) {
         @($fp = fopen($attach['tmp_name'], 'rb'));
         @flock($fp, 2);
         @($attachedfile = fread($fp, $attach['size']));
         @fclose($fp);
         @($fp = fopen($target, 'wb'));
         @flock($fp, 2);
         if (@fwrite($fp, $attachedfile)) {
             @unlink($attach['tmp_name']);
             $attach_saved = true;
         }
         @fclose($fp);
     }
     if ($attach_saved) {
         @chmod($target, 0644);
         $width = $height = $type = 0;
         $attach['thumb'] = $attach['attachment'];
         //$attach['thumb'] = loadClass('image')->makethumb($target, array(320, 240), substr($target, 0, -4).'.thumb.jpg');
     } else {
         return 8;
     }
     $attacharray = $attach;
     return !empty($attacharray) ? $attacharray : false;
 }