Esempio n. 1
0
/**
 * 後台權限檢查
 * @param $permtype='',目前沒有用戶組概念,權限檢查僅為檢查 verified通過驗證的商家/unverified未經審核通過的商家/isadmin站長。以後考慮按功能來分權限
 * @return 是否
 */
function pkperm($permtype)
{
    global $_G;
    if (ckfounder($_G['uid'])) {
        if ($permtype != 'unverified') {
            return true;
            //管理員有所有權限
        } else {
            return false;
        }
    } elseif ($permtype == 'isadmin' && $_G['member']['allowadmincp']) {
        return true;
    } elseif ($_G['uid'] == 0 || !$_G['myshopid'] || $_G['myshopstatus'] == 'none') {
        return false;
        //遊客或者未提交入駐沒有任何權限
    } elseif ($_G['myshopid'] > 0 && $_G['myshopstatus'] == 'unverified' && $permtype == 'unverified') {
        return true;
        //提交入駐申請未審核的
    } elseif ($_G['myshopid'] > 0 && $_G['myshopstatus'] == 'verified') {
        //入駐通過的權限
        switch ($permtype) {
            case 'verified':
                return true;
                break;
            case 'shoplist':
                return false;
                break;
            case 'swfupload':
                return true;
                break;
        }
    }
    return false;
    //默認為無權限
}
Esempio n. 2
0
function isfounder()
{
    global $_G, $_SGLOBAL;
    return ckfounder($_G['uid']);
}
Esempio n. 3
0
        deltree($datadir . '/' . $backupdir . '/');
        showmessage($alang['list_table_not_exists'] . implode('<br />', $dberrorarr));
    }
    //´ò°ü
    require_once S_ROOT . './include/zip.lib.php';
    $zipfile = new Zip($backupfile);
    $zipfilestr = implode(',', $zipfilearr);
    $zipfile->create($zipfilestr, PCLZIP_OPT_REMOVE_PATH, $datadir . '/' . $backupdir);
    if (!empty($zipfilearr)) {
        foreach ($zipfilearr as $tmpvalue) {
            @unlink($tmpvalue);
        }
    }
    showmessage('model_export_suc', CPURL . '?action=models&op=import');
} elseif ($_GET['op'] == 'import') {
    if (!ckfounder($_SGLOBAL['supe_uid'])) {
        showmessage('no_authority_management_operation');
    }
    $backupdir = S_ROOT . '/data/model';
    $exportlog = array();
    $_GET['datafile'] = !empty($_GET['datafile']) ? trim($_GET['datafile']) : '';
    $_GET['do'] = !empty($_GET['do']) ? trim($_GET['do']) : '';
    if (empty($_GET['do']) || $_GET['do'] != 'start') {
        $dir = dir($backupdir);
        while (FALSE !== ($entry = $dir->read())) {
            $filename = $backupdir . '/' . $entry . '/' . $entry . '.zip';
            if (is_file($filename)) {
                $exportlog[] = array('filename' => $entry, 'size' => filesize($filename), 'dateline' => filemtime($filename));
            }
        }
        $dir->close();
Esempio n. 4
0
 $query = DB::query('SELECT * FROM ' . tname($table_name) . ' WHERE itemid=\'' . $itemid . '\' AND allowreply=\'1\'');
 if (!($item = DB::fetch($query))) {
     array_push($checkresults, array('message' => $lang['no_permission']));
 }
 $_POST['commentmessage'] = shtmlspecialchars(trim($_POST['commentmessage']));
 if ($_POST['commentmessage'] == $_G['setting']['commdefault'] || bstrlen($_POST['commentmessage']) < 1 || bstrlen($_POST['commentmessage']) > 250) {
     array_push($checkresults, array('commentmessage' => $lang['wordlimited']));
 }
 if (!empty($commentscorestr)) {
     $rootcatid = getrootcatid($item['catid']);
     $scorenum = DB::result_first("SELECT cm.scorenum FROM " . tname('categories') . " c\n\t\t\t\t\t\t\t\t\t\tLEFT JOIN " . tname('commentmodels') . " cm ON cm.cmid=c.cmid\n\t\t\t\t\t\t\t\t\t\tWHERE c.catid = '{$rootcatid}'");
     if (bstrlen($commentscorestr) < $scorenum * 5) {
         array_push($checkresults, array('score' => $lang['scorelimited']));
     }
 }
 if (!empty($_G['setting']['commenttime']) && !ckfounder($_G['uid'])) {
     if ($_G['timestamp'] - $_G['member']['lastcommenttime'] < $_G['setting']['commenttime']) {
         array_push($checkresults, array('message' => $lang['comment_too_much']));
     }
 }
 if (!empty($checkresults)) {
     showmessage('comment_submit_error', '', '', '', $checkresults);
 }
 //更新用戶最新更新時間
 if ($_G['uid']) {
     updatetable('members', array('updatetime' => $_G['timestamp'], 'lastcommenttime' => $_G['timestamp']), array('uid' => $_G['uid']));
 }
 $_POST['commentmessage'] = str_replace('[br]', '<br>', $_POST['commentmessage']);
 $_POST['commentmessage'] = '<div class=\\"new\\"><span name=\\"cid_{cid}_info\\">' . preg_replace("/\\s*\\[quote\\][\n\r]*(.+?)[\n\r]*\\[\\/quote\\]\\s*/is", "<div class=\"quote\"><blockquote>\\1</blockquote></div>", $_POST['commentmessage']) . '</span></div>';
 $_POST['type'] = saddslashes($_POST['type']);
 //關於蓋樓
Esempio n. 5
0
        ssetcookie('shopid', $_GET['itemid'], 3600 * 10);
        getpanelinfo($_GET['itemid']);
        if (!empty($_G['cookie']['i_referer'])) {
            header('Location: ' . $_G['cookie']['i_referer']);
        }
    } elseif (!empty($_G['cookie']['shopid'])) {
        getpanelinfo(intval($_G['cookie']['shopid']));
    }
    if (!empty($_SGLOBAL['panelinfo'])) {
        echo '<script type="text/javascript" charset="' . $_G['charset'] . '">var leftmenu = $(window.parent.document).find("#leftmenu");leftmenu.find("ul").css("display", "none");$(window.parent.document).find("#menu_paneladd").css("display", "");</script>';
    }
} elseif (in_array($mname, array('good', 'notice', 'album', 'consume', 'groupbuy')) && $_GET['shopid']) {
    getpanelinfo($_GET['shopid']);
    ssetcookie('shopid', $_GET['shopid'], 3600 * 10);
}
if (!ckfounder($_G['uid'])) {
    if (!check_itemaccess($_GET['itemid'], $mname)) {
        cpmsg('no_' . $mname . '_itemaccess', 'admin.php?action=list&m=' . $mname);
    }
}
if (empty($_SGLOBAL['panelinfo']) && !empty($_REQUEST['shopid'])) {
    getpanelinfo($_REQUEST['shopid']);
}
if (!empty($_POST['valuesubmit'])) {
    $checkresults = array();
    if ($mname == "notice" || $mname == "shop") {
        //標題樣式
        empty($_POST['strongsubject']) ? $_POST['strongsubject'] = '' : ($_POST['strongsubject'] = 1);
        empty($_POST['underlinesubject']) ? $_POST['underlinesubject'] = '' : ($_POST['underlinesubject'] = 1);
        empty($_POST['emsubject']) ? $_POST['emsubject'] = '' : ($_POST['emsubject'] = 1);
        empty($_POST['fontcolorsubject']) ? $_POST['fontcolorsubject'] = '#      ' : ($_POST['fontcolorsubject'] = '#' . $_POST['fontcolorsubject']);
Esempio n. 6
0
    $itemidstr = simplode($_POST['item']);
    //用逗号链接所有的操作ID
    $newidarr = array();
    $query = $_SGLOBAL['db']->query("SELECT itemid FROM " . tname('spaceitems') . " WHERE itemid IN ({$itemidstr}) AND type='news' AND uid='{$_GET['uid']}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $newidarr[] = $value['itemid'];
    }
    if (empty($newidarr)) {
        showmessage('space_no_item');
    }
    $itemidstr = simplode($newidarr);
    deleteitems('itemid', $itemidstr, $_POST['opdelete']);
} elseif (submitcheck('actionsubmit')) {
    //权限
    $_POST['uid'] = intval($_POST['uid']);
    if (!checkperm('managemember') || ckfounder($_POST['uid'])) {
        showmessage('no_authority_management_operation');
    }
    if ($_POST['uid'] == $_SGLOBAL['supe_uid']) {
        showmessage('error_lock_self');
    }
    $itemid = array();
    $query = $_SGLOBAL['db']->query("SELECT itemid FROM " . tname('spaceitems') . " WHERE type='news' AND uid='{$_GET['uid']}'");
    while ($value = $_SGLOBAL['db']->fetch_array($query)) {
        $itemid[] = $value['itemid'];
    }
    $itemidstr = simplode($itemid);
    deleteitems('itemid', $itemidstr, 0);
    //永久删除
    deletespace($_POST['uid']);
    //删除用户
Esempio n. 7
0
 *      $Id: common.php 4401 2010-09-13 02:44:25Z fanshengshuai $
 */
define('IN_BRAND', true);
define('B_ROOT', dirname(__FILE__) . DIRECTORY_SEPARATOR);
define('B_VER', '1.2');
define('B_RELEASE', '20100915');
define('D_BUG', '0');
D_BUG ? error_reporting(E_ERROR) : error_reporting(0);
$_SGLOBAL = $_SBLOCK = $_SHTML = $_DCACHE = $_SGET = array();
require_once B_ROOT . './source/function/common.func.php';
require_once B_ROOT . './source/adminfunc/brandpost.func.php';
require_once B_ROOT . './source/class/brand.class.php';
brand::init();
include_once B_ROOT . './language/brand.lang.php';
// 檢查關閉站點
if (!ckfounder($_G['uid']) && $_G['setting']['siteclosed']) {
    if (ACTION != 'auth' && ACTION != 'seccod') {
        showmessage($_G['setting']['siteclosed_reason']);
    }
}
if (!empty($_G['setting']['gzipcompress']) && function_exists('ob_gzhandler')) {
    ob_start('ob_gzhandler');
} else {
    ob_start();
}
@header('Content-Type: text/html; charset=' . $_G['charset']);
$newsiteurl = B_URL;
if (strpos($newsiteurl, '://') === false) {
    $newsiteurl = 'http://' . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']) . $newsiteurl;
}
define('B_URL_ALL', $newsiteurl);
Esempio n. 8
0
function checkclose()
{
    global $_SGLOBAL, $_SCONFIG;
    //站点关闭
    if ($_SCONFIG['close'] && !ckfounder($_SGLOBAL['supe_uid']) && !checkperm('closeignore')) {
        if (empty($_SCONFIG['closereason'])) {
            showmessage('site_temporarily_closed');
        } else {
            showmessage($_SCONFIG['closereason']);
        }
    }
    //IP访问检查
    if ((!ipaccess($_SCONFIG['ipaccess']) || ipbanned($_SCONFIG['ipbanned'])) && !ckfounder($_SGLOBAL['supe_uid']) && !checkperm('closeignore')) {
        showmessage('ip_is_not_allowed_to_visit');
    }
}
Esempio n. 9
0
 if (!$managespace || empty($member)) {
     cpmessage('no_authority_management_operation');
 }
 $setarr = array('name' => getstr($_POST['name'], 20, 1, 1), 'namestatus' => intval($_POST['namestatus']), 'domain' => trim($_POST['domain']), 'addsize' => intval($_POST['addsize']) * 1024 * 1024, 'credit' => intval($_POST['credit']));
 //删除保护
 include_once S_ROOT . './uc_client/client.php';
 if ($_POST['flag'] == 1) {
     $result = uc_user_addprotected(array($member['username']), $_SGLOBAL['supe_username']);
 } else {
     $_POST['flag'] = 0;
     $result = uc_user_deleteprotected(array($member['username']), $_SGLOBAL['supe_username']);
 }
 if ($result) {
     $setarr['flag'] = $_POST['flag'];
 }
 if ($uid != $_SGLOBAL['supe_uid'] || ckfounder($_SGLOBAL['supe_uid'])) {
     if (empty($_POST['groupid'])) {
         $_POST['groupid'] = getgroupid($_POST['credit'], 0);
     }
     $setarr['groupid'] = intval($_POST['groupid']);
 }
 updatetable('space', $setarr, array('uid' => $uid));
 //附属表
 $setarr = array('email' => getstr($_POST['email'], 100, 1, 1), 'emailcheck' => intval($_POST['emailcheck']), 'qq' => getstr($_POST['qq'], 20, 1, 1), 'msn' => getstr($_POST['msn'], 80, 1, 1), 'sex' => intval($_POST['sex']), 'birthyear' => intval($_POST['birthyear']), 'birthmonth' => intval($_POST['birthmonth']), 'birthday' => intval($_POST['birthday']), 'blood' => getstr($_POST['blood'], 5, 1, 1), 'marry' => intval($_POST['marry']), 'birthprovince' => getstr($_POST['birthprovince'], 20, 1, 1), 'birthcity' => getstr($_POST['birthcity'], 20, 1, 1), 'resideprovince' => getstr($_POST['resideprovince'], 20, 1, 1), 'residecity' => getstr($_POST['residecity'], 20, 1, 1));
 foreach ($profilefields as $field => $value) {
     if ($value['formtype'] == 'select') {
         $value['maxsize'] = 255;
     }
     $setarr['field_' . $field] = getstr($_POST['field_' . $field], $value['maxsize'], 1, 1);
 }
 //清空
Esempio n. 10
0
function show_searchfrom_webmaster($mname)
{
    global $_G, $_GET, $_COOKIE, $_SC, $_SERVER, $_SGLOBAL, $catstr, $opcheckstr, $gradestr, $cats;
    $catstr = $opcheckstr = $gradestr = '';
    $typelist = array('shop', 'good', 'consume', 'notice');
    $query = DB::query("SELECT * FROM " . tname("shopgroup") . " ORDER BY id ASC;");
    while ($result = DB::fetch($query)) {
        $catstr .= '<option value="' . $result['id'] . '">' . $result['title'] . '</option>';
    }
    foreach ($_SGLOBAL['shopgrade'] as $key => $value) {
        $opcheckstr .= '&nbsp; <input class="radio" type="radio" name="opcheck" value="' . $key . '" onClick="showchecktxt(' . $key . ');"> ' . $value . ' &nbsp;';
        $gradestr .= '<option value="' . $key . '" ' . ($_GET['grade'] == $key ? 'selected="selected"' : '') . '>' . $value . '</option>';
    }
    //搜索框顯示
    echo '<form method="get" name="listform" id="theform" action="' . $_SERVER['SCRIPT_NAME'] . '">';
    echo '<style>input {width:250px;}</style><input type="hidden" name="action" value="list" /><input type="hidden" name="m" value="' . $mname . '" />';
    showtableheader($mname . '_search', 'notop');
    $search_items[] = $mname . '_subject' . '::<input type="text" name="subject" value="' . $_GET['subject'] . '" size="10" />';
    $search_items[] = $mname . '_username' . '::<input type="text" name="username" value="' . $_GET['username'] . '" size="6" />';
    $search_items[] = $mname . '_itemid' . '::<input type="text" name="itemid" value="' . (empty($_GET['itemid']) ? '' : $_GET['itemid']) . '" size="3" />';
    if ($mname == 'shop') {
        if (pkperm('isadmin') && !ckfounder($_G['uid'])) {
            foreach ($cats as $key => $value) {
                if (!in_array($key, explode(",", $_SGLOBAL['adminsession']['cpgroupshopcats']))) {
                    unset($cats[$key]);
                }
            }
        }
        //所屬用戶組
        $search_items[] = $mname . '_groupid' . '::<select name="groupid" id="shop_incat"><option value="0">' . lang('please_select') . '</option>' . $catstr . '</select>';
        //所屬分類
        $search_items[] = $mname . '_catid' . '::' . InteractionCategoryMenu($cats, 'catid', null, null);
    } else {
        if ($mname == 'album' && $_GET['from'] == 'addphoto') {
            //相冊所屬店舖
            $search_items[] = $mname . '_shopid' . '::<select name="shopid" id="shop_incat"><option value="' . $_G['cookie']['shopid'] . '">' . $_G['cookie']['shopid'] . '</option></select>';
        } else {
            //所屬店舖
            $search_items[] = 'search_shopid' . '::<input type="text" name="shopid" value="' . (empty($_GET['shopid']) ? '' : $_GET['shopid']) . '" size="6" />';
        }
        if ($mname != 'photo') {
            //所屬分類
            $search_items[] = $mname . '_catid' . '::' . InteractionCategoryMenu($cats, 'catid', null, null);
        }
    }
    if ($mname == 'album') {
        //相冊類型默認相冊還是自定義相冊
        $search_items[] = $mname . '_type' . '::<select name="type"><option value="user" selected="selected">' . lang('album_user') . '</option><option value="import">' . lang('album_import') . '</option><option value="default">' . lang('album_default') . '</option></select>';
    } elseif ($mname == 'photo') {
        //none
    } elseif ($mname == "shop") {
        $search_items[] = 'mod_recommend' . '::<select id="recommend" name="recommend">' . '<option value="" selected="selected">' . lang('all') . '</option>' . '<option value="yes">' . lang('yes') . '</option>' . '<option value="no">' . lang('no') . '</option>' . '</select>';
    } else {
        $search_items[] = $mname . '_grade' . '::<select name="grade"><option value="-1">' . lang('please_select') . '</option>' . $gradestr . '</select>';
    }
    $search_items[] = 'order' . '::<select id="order" name="order">' . '<option value="itemid">' . lang($mname . '_dateline') . '</option>' . '<option value="lastpost">' . lang('lastpost') . '</option>' . '<option value="viewnum">' . lang('viewnum') . '</option>' . '<option value="replynum">' . lang('replynum') . '</option>' . '</select>';
    $search_items[] = 'sc' . '::<select id="sc" name="sc">' . '<option value="ASC">' . lang('ASC') . '</option>' . '<option value="DESC" selected>' . lang('DESC') . '</option>' . '</select>';
    if ($mname == 'shop') {
        showshop_byletter();
    }
    foreach ($search_items as $k => $v) {
        $tmp = explode('::', $v);
        showsetting($tmp[0], '', '', $tmp[1]);
    }
    // 顯示搜索按鈕
    showsetting('', '', '', '<input style="width:50px;" class="btn" type="submit" name="filtersubmit" value="' . lang('search') . '" />');
    showtablefooter();
    showformfooter();
}
Esempio n. 11
0
 $content = file_get_contents('php://input');
 $json = json_decode($content);
 $uid = $json->uid;
 $username = $json->username;
 $message = $json->message;
 $wallid = $json->wallid;
 if (inject_check($uid) || inject_check($message) || inject_check($wallid)) {
     returnResponse(40001, "system is busy 05");
 } else {
     $Query = $_SGLOBAL['db']->query("SELECT uid,wallname,`check` FROM " . tname('wall') . " WHERE id = '{$WallId}' ");
     if ($Value = $_SGLOBAL['db']->fetch_array($Query)) {
         $apply = $Value['uid'];
         $check = $Value['check'];
         $WallTitle = $Value['wallname'];
     }
     $isfounder = ckfounder($uid);
     if ($check || $isfounder || $uid == 144 || $uid == $apply) {
         $pass = 1;
     }
     $setarr = array('uid' => $uid, 'pass' => 1, 'username' => $username, 'message' => $message, 'wallid' => $wallid, 'ip' => 'weixin', 'timeline' => $_SGLOBAL['timestamp'], 'fromdevice' => 'wechat');
     //入库
     $newwallid = inserttable('wallfield', $setarr, 1);
     if ($check > 0 && $pass > 0) {
         $message = "<a href=\"plugin.php?pluginid=wall&wallid=" . $WallId . "&ac=track\">#" . $WallTitle . "#</a> " . $message;
         $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $uid, 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $message)))), 'body_template' => '', 'body_data' => '', 'id' => $newwallid, 'idtype' => 'wallid');
         $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']);
         $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']);
         $FeedId = inserttable('feed', $feedarr, 1);
         if ($FeedId) {
             updatetable('wallfield', array('feedid' => $FeedId), array('id' => $id));
         }
Esempio n. 12
0
    exit('Access Denied');
}
$_g_xid = intval($_GET['xid']);
$_g_uid = intval($_GET['uid']);
if ($_REQUEST['id'] && $_REQUEST['xid']) {
    $groupbuy = $_BCACHE->getiteminfo('groupbuy', $_REQUEST['xid'], $_REQUEST['id']);
    $groupbuy['message'] = bbcode2html($groupbuy['message']);
    if (!$groupbuy) {
        showmessage('not_found_msg', 'index.php');
    }
}
if (!empty($_GET['do'])) {
    if (!in_array($_GET['do'], array('markdelstatus', 'marknormalstatus', 'groupbuy_attend_detail'))) {
        showmessage('system_error', '', 'error');
    } else {
        if (!ckfounder($_G['uid']) && !array_key_exists($_REQUEST['id'], $_G['myshopsarr'])) {
            showmessage('no_perm', "store.php?id=" . $_GET['id'] . "&action=groupbuy&xid=" . $_g_xid);
        }
    }
}
if (submitcheck('submitgroupbuyjoin')) {
    @(include_once B_ROOT . './uc_client/client.php');
    $arr_data = array();
    $joininfo = $_POST['join'];
    $arr_data['itemid'] = $joininfo['groupbuyid'];
    $arr_data['uid'] = $_G['uid'];
    $arr_data['username'] = $_G['username'];
    $arr_data['realname'] = $joininfo['realname'];
    $arr_data['mobile'] = $joininfo['mobile'];
    $arr_data['dateline'] = $_G['timestamp'];
    if ($groupbuy['grade'] < 3 || $groupbuy['close'] == 1) {
Esempio n. 13
0
<?php

/*
	[UCenter Home] (C) 2007-2008 Comsenz Inc.
	$Id: inc_debug.php 10784 2008-12-22 07:57:02Z liguode $
*/
if (!defined('IN_UCHOME')) {
    exit('Access Denied');
}
if (D_BUG && ckfounder($_SGLOBAL['supe_uid'])) {
    print <<<EOF
\t<style>
\t.tclass, .tclass2 {
\ttext-align:left;width:900px;border:0;border-collapse:collapse;margin-bottom:5px;table-layout: fixed; word-wrap: break-word;background:#FFF;}
\t.tclass table, .tclass2 table {width:100%;border:0;table-layout: fixed; word-wrap: break-word;}
\t.tclass table td, .tclass2 table td {border-bottom:0;border-right:0;border-color: #ADADAD;}
\t.tclass th, .tclass2 th {border:1px solid #000;background:#CCC;padding: 2px;font-family: Courier New, Arial;font-size: 11px;}
\t.tclass td, .tclass2 td {border:1px solid #000;background:#FFFCCC;padding: 2px;font-family: Courier New, Arial;font-size: 11px;}
\t.tclass2 th {background:#D5EAEA;}
\t.tclass2 td {background:#FFFFFF;}
\t.firsttr td {border-top:0;}
\t.firsttd {border-left:none !important;}
\t.bold {font-weight:bold;}
\t</style>
\t<div id="uchome_debug" style="display:;">
EOF;
    $class = 'tclass2';
    if (empty($_SGLOBAL['debug_query'])) {
        $_SGLOBAL['debug_query'] = array();
    }
    foreach ($_SGLOBAL['debug_query'] as $dkey => $debug) {
Esempio n. 14
0
<?php

/*
	[UCenter Home] (C) 2007-2008 Comsenz Inc.
	$Id: admincp_backup.php 11889 2009-03-30 08:20:43Z xupeng $
*/
if (!defined('IN_UCHOME') || !defined('IN_ADMINCP')) {
    exit('Access Denied');
}
// Check Permissions
if (!checkperm('managebackup') || !ckfounder($_SGLOBAL['supe_uid'])) {
    cpmessage('no_authority_management_operation_backup');
}
//Get sub volume number
$volume = isset($_GET['volume']) ? intval($_GET['volume']) + 1 : 1;
$backupdir = data_get('backupdir');
$x_ver = X_VER;
//Backup file directory
if (empty($backupdir)) {
    $backupdir = random(6);
    data_set('backupdir', $backupdir);
}
$backupdir = 'backup_' . $backupdir;
if (!is_dir(S_ROOT . './data/' . $backupdir)) {
    @mkdir(S_ROOT . './data/' . $backupdir, 0777);
}
// delete Backup files
if (submitcheck('delexportsubmit')) {
    if (!empty($_POST['delexport']) && is_array($_POST['delexport'])) {
        foreach ($_POST['delexport'] as $value) {
            $fileext = fileext($value);
Esempio n. 15
0
         if ($result) {
             $setarr['flag'] = $_POST['flag'];
         }
     }
     if ($uid != $_SGLOBAL['supe_uid'] || ckfounder($_SGLOBAL['supe_uid'])) {
         if (empty($_POST['groupid'])) {
             $_POST['groupid'] = getgroupid($_POST['experience'], 0);
         } else {
             $expiration = $_POST['expiration'] ? sstrtotime($_POST['expiration']) : 0;
             if ($expiration && $expiration <= $_SGLOBAL['timestamp']) {
                 showmessage('time_expired_error');
             }
         }
         include_once S_ROOT . './data/data_usergroup_' . $_POST['groupid'] . '.php';
         $group = $_SGLOBAL['usergroup'][$_POST['groupid']];
         if ($group['manageconfig'] && !ckfounder($_SGLOBAL['supe_uid'])) {
             cpmessage('no_authority_management_operation');
         }
         //有效期
         if ($expiration) {
             $setlogarr = array('uid' => $member['uid'], 'username' => addslashes($member['username']), 'opuid' => $_SGLOBAL['supe_uid'], 'opusername' => $_SGLOBAL['supe_username'], 'expiration' => $expiration, 'dateline' => $_SGLOBAL['timestamp'], 'flag' => 1);
             inserttable('spacelog', $setlogarr, 0, true);
         }
         $setarr['groupid'] = intval($_POST['groupid']);
     }
 }
 //实名管理权限
 if ($managename) {
     $setarr['name'] = getstr($_POST['name'], 20, 1, 1);
     $setarr['namestatus'] = intval($_POST['namestatus']);
     //实名认证通过奖励积分
Esempio n. 16
0
    }
} elseif ($_GET['op'] == 'manage') {
    $groupidarr = array($member['groupid'] => ' selected');
    $groupstr = '';
    foreach ($_SGLOBAL['grouparr'] as $value) {
        if (!(ckfounder($member['uid']) || $_SGLOBAL['supe_uid'] == $member['uid']) || $groupidarr[$value['groupid']]) {
            $groupstr .= '<option value="' . $value['groupid'] . '"' . $groupidarr[$value['groupid']] . ' >' . $value['grouptitle'] . '</option>';
        }
    }
    $avatarstr = avatar($member['uid'], 'middle');
    $member['dateline'] = empty($member['dateline']) ? '-' : date('Y-m-d H:i', $member['dateline']);
    $member['updatetime'] = empty($member['updatetime']) ? '-' : date('Y-m-d H:i', $member['updatetime']);
    $member['lastlogin'] = empty($member['lastlogin']) ? '-' : date('Y-m-d H:i', $member['lastlogin']);
    $member['lastsearchtime'] = empty($member['lastsearchtime']) ? '-' : date('Y-m-d H:i', $member['lastsearchtime']);
    $member['ip'] = empty($member['ip']) ? '-' : trim($member['ip']);
    if (ckfounder($member['uid']) || $_SGLOBAL['supe_uid'] == $member['uid']) {
        $member['flagstr'] = '';
    } else {
        $member['flagstr'] = empty($member['flag']) ? '<a href="' . CPURL . '?action=member&op=delete&uid=' . $member['uid'] . '" onclick="return confirm(\'' . $alang['confirm_the_deletion_user_date'] . '\');">' . $alang['delete_user_date'] . '</a>' : $alang['users_protection_was_not_deleted'];
    }
    $member['flagcheck'] = empty($member['flag']) ? array(' checked', '') : array('', ' checked');
} else {
    $mpurl = CPURL . '?action=' . $action;
    //处理搜索
    $intkeys = array('uid', 'groupid');
    $strkeys = array('username');
    $randkeys = array(array('sstrtotime', 'dateline'), array('sstrtotime', 'updatetime'));
    $likekeys = array();
    $results = getwheres($intkeys, $strkeys, $randkeys, $likekeys, 's.');
    $wherearr = $results['wherearr'];
    $wheresql = empty($wherearr) ? '1' : implode(' AND ', $wherearr);
Esempio n. 17
0
function checkperm($permtype, $gid = 0)
{
    global $_SGLOBAL, $_SCONFIG, $channel, $channels;
    if (!@(include_once S_ROOT . './data/system/group.cache.php')) {
        include_once S_ROOT . './function/cache.func.php';
        updategroupcache();
    }
    $founderprem = array('managetpl', 'managecss', 'managestyletpl');
    if (ckfounder($_SGLOBAL['supe_uid'])) {
        return $permtype == 'allowdirectpost' ? false : true;
        //´´Ê¼È˲»×öȨÏÞ¼ì²é
    } elseif (in_array($permtype, $founderprem)) {
        return false;
        //·Ç´´Ê¼ÈËȨÏÞ
    }
    if (!$gid) {
        if (empty($_SGLOBAL['supe_uid'])) {
            getmember();
        }
        if (empty($_SGLOBAL['member']['groupid'])) {
            $gid = 2;
            //ÓοÍ×é
        } else {
            $gid = intval($_SGLOBAL['member']['groupid']);
            $gid = getgroupid($_SGLOBAL['member']['experience'], $gid);
            if ($gid != $_SGLOBAL['member']['groupid']) {
                updatetable('members', array('groupid' => $gid), array('uid' => $_SGLOBAL['supe_uid']));
                //¸üÐÂÓû§×é
            }
        }
        if (!empty($channel)) {
            if (!empty($channels['menus'][$channel][$permtype])) {
                $extgroupid = explode("\t", $channels['menus'][$channel][$permtype]);
                if (!in_array($gid, $extgroupid)) {
                    return false;
                }
                //ûÓÐƵµÀ·ÃÎÊȨ
            }
        }
    }
    if ($permtype == 'allowmanage') {
        return true;
    }
    return empty($_SGLOBAL['grouparr'][$gid][$permtype]) ? false : true;
}
Esempio n. 18
0
<?php

/*
	[UCenter Home] (C) 2007-2008 Comsenz Inc.
	$Id: admincp_template.php 12901 2009-07-27 07:59:27Z liguode $
*/
if (!defined('IN_UCHOME') || !defined('IN_ADMINCP')) {
    exit('Access Denied');
}
//权限
if (empty($_SC['allowedittpl']) || !checkperm('managetemplate') || !ckfounder($_SGLOBAL['supe_uid'])) {
    cpmessage('no_authority_management_operation_edittpl');
}
$turl = 'admincp.php?ac=template';
//模板目录
$tpldir = S_ROOT . './template/default/';
if (submitcheck('editsubmit')) {
    $filename = checkfilename($_POST['filename']);
    $filefullname = $tpldir . $filename;
    //复制当前的文件
    $d_file = $filefullname . '.bak';
    if (!file_exists($d_file)) {
        if (!@copy($filefullname, $d_file)) {
            swritefile($d_file, sreadfile($filefullname));
        }
    }
    $fp = fopen($filefullname, 'wb');
    flock($fp, 2);
    fwrite($fp, stripslashes($_POST['content']));
    fclose($fp);
    //清空模板缓存
Esempio n. 19
0
<?php

/**
 *      [Discuz!] (C)2001-2099 Comsenz Inc.
 *      This is NOT a freeware, use is subject to license terms
 *
 *      $Id: misc_debug.php 6757 2010-03-25 09:01:29Z cnteacher $
 */
if (!defined('IN_DISCUZ')) {
    exit('Access Denied');
}
if (DISCUZ_DEBUG && ckfounder($_G['uid'])) {
    print <<<EOF
\t<style>
\t.tclass, .tclass2 {
\ttext-align:left;width:900px;border:0;border-collapse:collapse;margin-bottom:5px;table-layout: fixed; word-wrap: break-word;background:#FFF;}
\t.tclass table, .tclass2 table {width:100%;border:0;table-layout: fixed; word-wrap: break-word;}
\t.tclass table td, .tclass2 table td {border-bottom:0;border-right:0;border-color: #ADADAD;}
\t.tclass th, .tclass2 th {border:1px solid #000;background:#CCC;padding: 2px;font-family: Courier New, Arial;font-size: 11px;}
\t.tclass td, .tclass2 td {border:1px solid #000;background:#FFFCCC;padding: 2px;font-family: Courier New, Arial;font-size: 11px;}
\t.tclass2 th {background:#D5EAEA;}
\t.tclass2 td {background:#FFFFFF;}
\t.firsttr td {border-top:0;}
\t.firsttd {border-left:none !important;}
\t.bold {font-weight:bold;}
\t</style>
\t<div id="uchome_debug" style="display:;">
EOF;
    $class = 'tclass2';
    if (empty($_G['debug_query'])) {
        $_G['debug_query'] = array();
Esempio n. 20
0
    } else {
        ssetcookie('_refer', rawurlencode('admincp.php?ac=' . $_GET['ac']));
    }
    // showmessage('to_login', 'do.php?ac='.$_SCONFIG['login_action']); //原始版
    showmessage('to_login', 'OpenID.call.php');
    //OpenID登陆
}
$space = getspace($_SGLOBAL['supe_uid']);
if (empty($space)) {
    showmessage('space_does_not_exist');
}
if (checkperm('banvisit')) {
    ckspacelog();
    showmessage('you_do_not_have_permission_to_visit');
}
$isfounder = ckfounder($_SGLOBAL['supe_uid']);
$acs = array(array('index', 'config', 'privacy', 'ip', 'spam', 'hotuser', 'defaultuser', 'usergroup', 'credit', 'magic', 'magiclog', 'profield', 'ad', 'userapp'), array('tag', 'mtag', 'event', 'report', 'space'), array('cache', 'network', 'profilefield', 'eventclass', 'click', 'task', 'censor', 'stat', 'block', 'cron', 'app', 'log'), array('feed', 'blog', 'album', 'pic', 'comment', 'thread', 'post', 'doing', 'share', 'poll'));
if (!empty($_SC['allowedittpl']) && $isfounder) {
    $acs[2][] = 'template';
}
if ($isfounder) {
    $acs[2][] = 'backup';
}
if (empty($_GET['ac']) || !in_array($_GET['ac'], $acs[0]) && !in_array($_GET['ac'], $acs[1]) && !in_array($_GET['ac'], $acs[2]) && !in_array($_GET['ac'], $acs[3])) {
    $ac = 'index';
} else {
    $ac = $_GET['ac'];
}
//来源
if (!preg_match("/admincp\\.php/", $_SGLOBAL['refer'])) {
    $_SGLOBAL['refer'] = "admincp.php?ac={$ac}";
Esempio n. 21
0
function changeowner($uid = 1, $itemarr = '')
{
    global $_G, $_SGLOBAL, $mname, $cookie_referer, $_BCACHE;
    if (!empty($itemarr)) {
        $uid = intval($uid);
        if ($mname != 'shop') {
            cpmsg('mod_notinshop', $cookie_referer);
            //非店舖不能修改所有者
        }
        if ($uid > 0) {
            require_once B_ROOT . './uc_client/client.php';
            $tmp = uc_get_user($uid, 1);
            $uid = intval($tmp[0]);
            //讓UC驗證該id是否存在
            $username = addslashes($tmp[1]);
            $email = addslashes($tmp[2]);
            if (!($uid > 0 && $username)) {
                cpmsg('no_uid', $cookie_referer, '', '', true, 3);
                //UC中沒有該用戶
            }
            $thisshopid = DB::result_first("SELECT myshopid FROM " . tname('members') . " WHERE uid='{$uid}'");
            if ($thisshopid === false) {
                //會員表中沒有該用戶,自動插入數據
                $insertsqlarr = array('uid' => $uid, 'username' => $username, 'password' => '', 'groupid' => 12, 'email' => $email, 'dateline' => $_G['timestamp'], 'updatetime' => $_G['timestamp'], 'lastlogin' => 0, 'ip' => $_G['clientip']);
                inserttable('members', $insertsqlarr);
            }
            foreach ($itemarr as $itemid) {
                updatemyshopid($itemid);
                updatetable('shopitems', array('uid' => $uid, 'username' => $username), array('itemid' => $itemid));
            }
            if (!ckfounder($uid)) {
                updatetable('members', array('myshopid' => intval($itemarr[0])), array('uid' => $uid));
                $_BCACHE->deltype('sitelist', 'shop', $uid);
            }
        } else {
            cpmsg('no_uidanditemid', $cookie_referer);
            //提交的數據不合法
        }
    }
}