/**
* 後台權限檢查
* @param $permtype='',目前沒有用戶組概念,權限檢查僅為檢查 verified通過驗證的商家/unverified未經審核通過的商家/isadmin站長。以後考慮按功能來分權限
* @return 是否
*/
function pkperm($permtype)
{
global $_G;
if (ckfounder($_G['uid'])) {
if ($permtype != 'unverified') {
return true;
//管理員有所有權限
} else {
return false;
}
} elseif ($permtype == 'isadmin' && $_G['member']['allowadmincp']) {
return true;
} elseif ($_G['uid'] == 0 || !$_G['myshopid'] || $_G['myshopstatus'] == 'none') {
return false;
//遊客或者未提交入駐沒有任何權限
} elseif ($_G['myshopid'] > 0 && $_G['myshopstatus'] == 'unverified' && $permtype == 'unverified') {
return true;
//提交入駐申請未審核的
} elseif ($_G['myshopid'] > 0 && $_G['myshopstatus'] == 'verified') {
//入駐通過的權限
switch ($permtype) {
case 'verified':
return true;
break;
case 'shoplist':
return false;
break;
case 'swfupload':
return true;
break;
}
}
return false;
//默認為無權限
}
function isfounder()
{
global $_G, $_SGLOBAL;
return ckfounder($_G['uid']);
}
deltree($datadir . '/' . $backupdir . '/');
showmessage($alang['list_table_not_exists'] . implode('<br />', $dberrorarr));
}
//´ò°ü
require_once S_ROOT . './include/zip.lib.php';
$zipfile = new Zip($backupfile);
$zipfilestr = implode(',', $zipfilearr);
$zipfile->create($zipfilestr, PCLZIP_OPT_REMOVE_PATH, $datadir . '/' . $backupdir);
if (!empty($zipfilearr)) {
foreach ($zipfilearr as $tmpvalue) {
@unlink($tmpvalue);
}
}
showmessage('model_export_suc', CPURL . '?action=models&op=import');
} elseif ($_GET['op'] == 'import') {
if (!ckfounder($_SGLOBAL['supe_uid'])) {
showmessage('no_authority_management_operation');
}
$backupdir = S_ROOT . '/data/model';
$exportlog = array();
$_GET['datafile'] = !empty($_GET['datafile']) ? trim($_GET['datafile']) : '';
$_GET['do'] = !empty($_GET['do']) ? trim($_GET['do']) : '';
if (empty($_GET['do']) || $_GET['do'] != 'start') {
$dir = dir($backupdir);
while (FALSE !== ($entry = $dir->read())) {
$filename = $backupdir . '/' . $entry . '/' . $entry . '.zip';
if (is_file($filename)) {
$exportlog[] = array('filename' => $entry, 'size' => filesize($filename), 'dateline' => filemtime($filename));
}
}
$dir->close();
$query = DB::query('SELECT * FROM ' . tname($table_name) . ' WHERE itemid=\'' . $itemid . '\' AND allowreply=\'1\'');
if (!($item = DB::fetch($query))) {
array_push($checkresults, array('message' => $lang['no_permission']));
}
$_POST['commentmessage'] = shtmlspecialchars(trim($_POST['commentmessage']));
if ($_POST['commentmessage'] == $_G['setting']['commdefault'] || bstrlen($_POST['commentmessage']) < 1 || bstrlen($_POST['commentmessage']) > 250) {
array_push($checkresults, array('commentmessage' => $lang['wordlimited']));
}
if (!empty($commentscorestr)) {
$rootcatid = getrootcatid($item['catid']);
$scorenum = DB::result_first("SELECT cm.scorenum FROM " . tname('categories') . " c\n\t\t\t\t\t\t\t\t\t\tLEFT JOIN " . tname('commentmodels') . " cm ON cm.cmid=c.cmid\n\t\t\t\t\t\t\t\t\t\tWHERE c.catid = '{$rootcatid}'");
if (bstrlen($commentscorestr) < $scorenum * 5) {
array_push($checkresults, array('score' => $lang['scorelimited']));
}
}
if (!empty($_G['setting']['commenttime']) && !ckfounder($_G['uid'])) {
if ($_G['timestamp'] - $_G['member']['lastcommenttime'] < $_G['setting']['commenttime']) {
array_push($checkresults, array('message' => $lang['comment_too_much']));
}
}
if (!empty($checkresults)) {
showmessage('comment_submit_error', '', '', '', $checkresults);
}
//更新用戶最新更新時間
if ($_G['uid']) {
updatetable('members', array('updatetime' => $_G['timestamp'], 'lastcommenttime' => $_G['timestamp']), array('uid' => $_G['uid']));
}
$_POST['commentmessage'] = str_replace('[br]', '<br>', $_POST['commentmessage']);
$_POST['commentmessage'] = '<div class=\\"new\\"><span name=\\"cid_{cid}_info\\">' . preg_replace("/\\s*\\[quote\\][\n\r]*(.+?)[\n\r]*\\[\\/quote\\]\\s*/is", "<div class=\"quote\"><blockquote>\\1</blockquote></div>", $_POST['commentmessage']) . '</span></div>';
$_POST['type'] = saddslashes($_POST['type']);
//關於蓋樓
ssetcookie('shopid', $_GET['itemid'], 3600 * 10);
getpanelinfo($_GET['itemid']);
if (!empty($_G['cookie']['i_referer'])) {
header('Location: ' . $_G['cookie']['i_referer']);
}
} elseif (!empty($_G['cookie']['shopid'])) {
getpanelinfo(intval($_G['cookie']['shopid']));
}
if (!empty($_SGLOBAL['panelinfo'])) {
echo '<script type="text/javascript" charset="' . $_G['charset'] . '">var leftmenu = $(window.parent.document).find("#leftmenu");leftmenu.find("ul").css("display", "none");$(window.parent.document).find("#menu_paneladd").css("display", "");</script>';
}
} elseif (in_array($mname, array('good', 'notice', 'album', 'consume', 'groupbuy')) && $_GET['shopid']) {
getpanelinfo($_GET['shopid']);
ssetcookie('shopid', $_GET['shopid'], 3600 * 10);
}
if (!ckfounder($_G['uid'])) {
if (!check_itemaccess($_GET['itemid'], $mname)) {
cpmsg('no_' . $mname . '_itemaccess', 'admin.php?action=list&m=' . $mname);
}
}
if (empty($_SGLOBAL['panelinfo']) && !empty($_REQUEST['shopid'])) {
getpanelinfo($_REQUEST['shopid']);
}
if (!empty($_POST['valuesubmit'])) {
$checkresults = array();
if ($mname == "notice" || $mname == "shop") {
//標題樣式
empty($_POST['strongsubject']) ? $_POST['strongsubject'] = '' : ($_POST['strongsubject'] = 1);
empty($_POST['underlinesubject']) ? $_POST['underlinesubject'] = '' : ($_POST['underlinesubject'] = 1);
empty($_POST['emsubject']) ? $_POST['emsubject'] = '' : ($_POST['emsubject'] = 1);
empty($_POST['fontcolorsubject']) ? $_POST['fontcolorsubject'] = '# ' : ($_POST['fontcolorsubject'] = '#' . $_POST['fontcolorsubject']);
$itemidstr = simplode($_POST['item']);
//用逗号链接所有的操作ID
$newidarr = array();
$query = $_SGLOBAL['db']->query("SELECT itemid FROM " . tname('spaceitems') . " WHERE itemid IN ({$itemidstr}) AND type='news' AND uid='{$_GET['uid']}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$newidarr[] = $value['itemid'];
}
if (empty($newidarr)) {
showmessage('space_no_item');
}
$itemidstr = simplode($newidarr);
deleteitems('itemid', $itemidstr, $_POST['opdelete']);
} elseif (submitcheck('actionsubmit')) {
//权限
$_POST['uid'] = intval($_POST['uid']);
if (!checkperm('managemember') || ckfounder($_POST['uid'])) {
showmessage('no_authority_management_operation');
}
if ($_POST['uid'] == $_SGLOBAL['supe_uid']) {
showmessage('error_lock_self');
}
$itemid = array();
$query = $_SGLOBAL['db']->query("SELECT itemid FROM " . tname('spaceitems') . " WHERE type='news' AND uid='{$_GET['uid']}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$itemid[] = $value['itemid'];
}
$itemidstr = simplode($itemid);
deleteitems('itemid', $itemidstr, 0);
//永久删除
deletespace($_POST['uid']);
//删除用户
* $Id: common.php 4401 2010-09-13 02:44:25Z fanshengshuai $
*/
define('IN_BRAND', true);
define('B_ROOT', dirname(__FILE__) . DIRECTORY_SEPARATOR);
define('B_VER', '1.2');
define('B_RELEASE', '20100915');
define('D_BUG', '0');
D_BUG ? error_reporting(E_ERROR) : error_reporting(0);
$_SGLOBAL = $_SBLOCK = $_SHTML = $_DCACHE = $_SGET = array();
require_once B_ROOT . './source/function/common.func.php';
require_once B_ROOT . './source/adminfunc/brandpost.func.php';
require_once B_ROOT . './source/class/brand.class.php';
brand::init();
include_once B_ROOT . './language/brand.lang.php';
// 檢查關閉站點
if (!ckfounder($_G['uid']) && $_G['setting']['siteclosed']) {
if (ACTION != 'auth' && ACTION != 'seccod') {
showmessage($_G['setting']['siteclosed_reason']);
}
}
if (!empty($_G['setting']['gzipcompress']) && function_exists('ob_gzhandler')) {
ob_start('ob_gzhandler');
} else {
ob_start();
}
@header('Content-Type: text/html; charset=' . $_G['charset']);
$newsiteurl = B_URL;
if (strpos($newsiteurl, '://') === false) {
$newsiteurl = 'http://' . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']) . $newsiteurl;
}
define('B_URL_ALL', $newsiteurl);
function checkclose()
{
global $_SGLOBAL, $_SCONFIG;
//站点关闭
if ($_SCONFIG['close'] && !ckfounder($_SGLOBAL['supe_uid']) && !checkperm('closeignore')) {
if (empty($_SCONFIG['closereason'])) {
showmessage('site_temporarily_closed');
} else {
showmessage($_SCONFIG['closereason']);
}
}
//IP访问检查
if ((!ipaccess($_SCONFIG['ipaccess']) || ipbanned($_SCONFIG['ipbanned'])) && !ckfounder($_SGLOBAL['supe_uid']) && !checkperm('closeignore')) {
showmessage('ip_is_not_allowed_to_visit');
}
}
if (!$managespace || empty($member)) {
cpmessage('no_authority_management_operation');
}
$setarr = array('name' => getstr($_POST['name'], 20, 1, 1), 'namestatus' => intval($_POST['namestatus']), 'domain' => trim($_POST['domain']), 'addsize' => intval($_POST['addsize']) * 1024 * 1024, 'credit' => intval($_POST['credit']));
//删除保护
include_once S_ROOT . './uc_client/client.php';
if ($_POST['flag'] == 1) {
$result = uc_user_addprotected(array($member['username']), $_SGLOBAL['supe_username']);
} else {
$_POST['flag'] = 0;
$result = uc_user_deleteprotected(array($member['username']), $_SGLOBAL['supe_username']);
}
if ($result) {
$setarr['flag'] = $_POST['flag'];
}
if ($uid != $_SGLOBAL['supe_uid'] || ckfounder($_SGLOBAL['supe_uid'])) {
if (empty($_POST['groupid'])) {
$_POST['groupid'] = getgroupid($_POST['credit'], 0);
}
$setarr['groupid'] = intval($_POST['groupid']);
}
updatetable('space', $setarr, array('uid' => $uid));
//附属表
$setarr = array('email' => getstr($_POST['email'], 100, 1, 1), 'emailcheck' => intval($_POST['emailcheck']), 'qq' => getstr($_POST['qq'], 20, 1, 1), 'msn' => getstr($_POST['msn'], 80, 1, 1), 'sex' => intval($_POST['sex']), 'birthyear' => intval($_POST['birthyear']), 'birthmonth' => intval($_POST['birthmonth']), 'birthday' => intval($_POST['birthday']), 'blood' => getstr($_POST['blood'], 5, 1, 1), 'marry' => intval($_POST['marry']), 'birthprovince' => getstr($_POST['birthprovince'], 20, 1, 1), 'birthcity' => getstr($_POST['birthcity'], 20, 1, 1), 'resideprovince' => getstr($_POST['resideprovince'], 20, 1, 1), 'residecity' => getstr($_POST['residecity'], 20, 1, 1));
foreach ($profilefields as $field => $value) {
if ($value['formtype'] == 'select') {
$value['maxsize'] = 255;
}
$setarr['field_' . $field] = getstr($_POST['field_' . $field], $value['maxsize'], 1, 1);
}
//清空
function show_searchfrom_webmaster($mname)
{
global $_G, $_GET, $_COOKIE, $_SC, $_SERVER, $_SGLOBAL, $catstr, $opcheckstr, $gradestr, $cats;
$catstr = $opcheckstr = $gradestr = '';
$typelist = array('shop', 'good', 'consume', 'notice');
$query = DB::query("SELECT * FROM " . tname("shopgroup") . " ORDER BY id ASC;");
while ($result = DB::fetch($query)) {
$catstr .= '<option value="' . $result['id'] . '">' . $result['title'] . '</option>';
}
foreach ($_SGLOBAL['shopgrade'] as $key => $value) {
$opcheckstr .= ' <input class="radio" type="radio" name="opcheck" value="' . $key . '" onClick="showchecktxt(' . $key . ');"> ' . $value . ' ';
$gradestr .= '<option value="' . $key . '" ' . ($_GET['grade'] == $key ? 'selected="selected"' : '') . '>' . $value . '</option>';
}
//搜索框顯示
echo '<form method="get" name="listform" id="theform" action="' . $_SERVER['SCRIPT_NAME'] . '">';
echo '<style>input {width:250px;}</style><input type="hidden" name="action" value="list" /><input type="hidden" name="m" value="' . $mname . '" />';
showtableheader($mname . '_search', 'notop');
$search_items[] = $mname . '_subject' . '::<input type="text" name="subject" value="' . $_GET['subject'] . '" size="10" />';
$search_items[] = $mname . '_username' . '::<input type="text" name="username" value="' . $_GET['username'] . '" size="6" />';
$search_items[] = $mname . '_itemid' . '::<input type="text" name="itemid" value="' . (empty($_GET['itemid']) ? '' : $_GET['itemid']) . '" size="3" />';
if ($mname == 'shop') {
if (pkperm('isadmin') && !ckfounder($_G['uid'])) {
foreach ($cats as $key => $value) {
if (!in_array($key, explode(",", $_SGLOBAL['adminsession']['cpgroupshopcats']))) {
unset($cats[$key]);
}
}
}
//所屬用戶組
$search_items[] = $mname . '_groupid' . '::<select name="groupid" id="shop_incat"><option value="0">' . lang('please_select') . '</option>' . $catstr . '</select>';
//所屬分類
$search_items[] = $mname . '_catid' . '::' . InteractionCategoryMenu($cats, 'catid', null, null);
} else {
if ($mname == 'album' && $_GET['from'] == 'addphoto') {
//相冊所屬店舖
$search_items[] = $mname . '_shopid' . '::<select name="shopid" id="shop_incat"><option value="' . $_G['cookie']['shopid'] . '">' . $_G['cookie']['shopid'] . '</option></select>';
} else {
//所屬店舖
$search_items[] = 'search_shopid' . '::<input type="text" name="shopid" value="' . (empty($_GET['shopid']) ? '' : $_GET['shopid']) . '" size="6" />';
}
if ($mname != 'photo') {
//所屬分類
$search_items[] = $mname . '_catid' . '::' . InteractionCategoryMenu($cats, 'catid', null, null);
}
}
if ($mname == 'album') {
//相冊類型默認相冊還是自定義相冊
$search_items[] = $mname . '_type' . '::<select name="type"><option value="user" selected="selected">' . lang('album_user') . '</option><option value="import">' . lang('album_import') . '</option><option value="default">' . lang('album_default') . '</option></select>';
} elseif ($mname == 'photo') {
//none
} elseif ($mname == "shop") {
$search_items[] = 'mod_recommend' . '::<select id="recommend" name="recommend">' . '<option value="" selected="selected">' . lang('all') . '</option>' . '<option value="yes">' . lang('yes') . '</option>' . '<option value="no">' . lang('no') . '</option>' . '</select>';
} else {
$search_items[] = $mname . '_grade' . '::<select name="grade"><option value="-1">' . lang('please_select') . '</option>' . $gradestr . '</select>';
}
$search_items[] = 'order' . '::<select id="order" name="order">' . '<option value="itemid">' . lang($mname . '_dateline') . '</option>' . '<option value="lastpost">' . lang('lastpost') . '</option>' . '<option value="viewnum">' . lang('viewnum') . '</option>' . '<option value="replynum">' . lang('replynum') . '</option>' . '</select>';
$search_items[] = 'sc' . '::<select id="sc" name="sc">' . '<option value="ASC">' . lang('ASC') . '</option>' . '<option value="DESC" selected>' . lang('DESC') . '</option>' . '</select>';
if ($mname == 'shop') {
showshop_byletter();
}
foreach ($search_items as $k => $v) {
$tmp = explode('::', $v);
showsetting($tmp[0], '', '', $tmp[1]);
}
// 顯示搜索按鈕
showsetting('', '', '', '<input style="width:50px;" class="btn" type="submit" name="filtersubmit" value="' . lang('search') . '" />');
showtablefooter();
showformfooter();
}
$content = file_get_contents('php://input');
$json = json_decode($content);
$uid = $json->uid;
$username = $json->username;
$message = $json->message;
$wallid = $json->wallid;
if (inject_check($uid) || inject_check($message) || inject_check($wallid)) {
returnResponse(40001, "system is busy 05");
} else {
$Query = $_SGLOBAL['db']->query("SELECT uid,wallname,`check` FROM " . tname('wall') . " WHERE id = '{$WallId}' ");
if ($Value = $_SGLOBAL['db']->fetch_array($Query)) {
$apply = $Value['uid'];
$check = $Value['check'];
$WallTitle = $Value['wallname'];
}
$isfounder = ckfounder($uid);
if ($check || $isfounder || $uid == 144 || $uid == $apply) {
$pass = 1;
}
$setarr = array('uid' => $uid, 'pass' => 1, 'username' => $username, 'message' => $message, 'wallid' => $wallid, 'ip' => 'weixin', 'timeline' => $_SGLOBAL['timestamp'], 'fromdevice' => 'wechat');
//入库
$newwallid = inserttable('wallfield', $setarr, 1);
if ($check > 0 && $pass > 0) {
$message = "<a href=\"plugin.php?pluginid=wall&wallid=" . $WallId . "&ac=track\">#" . $WallTitle . "#</a> " . $message;
$feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $uid, 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $message)))), 'body_template' => '', 'body_data' => '', 'id' => $newwallid, 'idtype' => 'wallid');
$feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']);
$feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']);
$FeedId = inserttable('feed', $feedarr, 1);
if ($FeedId) {
updatetable('wallfield', array('feedid' => $FeedId), array('id' => $id));
}
exit('Access Denied');
}
$_g_xid = intval($_GET['xid']);
$_g_uid = intval($_GET['uid']);
if ($_REQUEST['id'] && $_REQUEST['xid']) {
$groupbuy = $_BCACHE->getiteminfo('groupbuy', $_REQUEST['xid'], $_REQUEST['id']);
$groupbuy['message'] = bbcode2html($groupbuy['message']);
if (!$groupbuy) {
showmessage('not_found_msg', 'index.php');
}
}
if (!empty($_GET['do'])) {
if (!in_array($_GET['do'], array('markdelstatus', 'marknormalstatus', 'groupbuy_attend_detail'))) {
showmessage('system_error', '', 'error');
} else {
if (!ckfounder($_G['uid']) && !array_key_exists($_REQUEST['id'], $_G['myshopsarr'])) {
showmessage('no_perm', "store.php?id=" . $_GET['id'] . "&action=groupbuy&xid=" . $_g_xid);
}
}
}
if (submitcheck('submitgroupbuyjoin')) {
@(include_once B_ROOT . './uc_client/client.php');
$arr_data = array();
$joininfo = $_POST['join'];
$arr_data['itemid'] = $joininfo['groupbuyid'];
$arr_data['uid'] = $_G['uid'];
$arr_data['username'] = $_G['username'];
$arr_data['realname'] = $joininfo['realname'];
$arr_data['mobile'] = $joininfo['mobile'];
$arr_data['dateline'] = $_G['timestamp'];
if ($groupbuy['grade'] < 3 || $groupbuy['close'] == 1) {
<?php
/*
[UCenter Home] (C) 2007-2008 Comsenz Inc.
$Id: inc_debug.php 10784 2008-12-22 07:57:02Z liguode $
*/
if (!defined('IN_UCHOME')) {
exit('Access Denied');
}
if (D_BUG && ckfounder($_SGLOBAL['supe_uid'])) {
print <<<EOF
\t<style>
\t.tclass, .tclass2 {
\ttext-align:left;width:900px;border:0;border-collapse:collapse;margin-bottom:5px;table-layout: fixed; word-wrap: break-word;background:#FFF;}
\t.tclass table, .tclass2 table {width:100%;border:0;table-layout: fixed; word-wrap: break-word;}
\t.tclass table td, .tclass2 table td {border-bottom:0;border-right:0;border-color: #ADADAD;}
\t.tclass th, .tclass2 th {border:1px solid #000;background:#CCC;padding: 2px;font-family: Courier New, Arial;font-size: 11px;}
\t.tclass td, .tclass2 td {border:1px solid #000;background:#FFFCCC;padding: 2px;font-family: Courier New, Arial;font-size: 11px;}
\t.tclass2 th {background:#D5EAEA;}
\t.tclass2 td {background:#FFFFFF;}
\t.firsttr td {border-top:0;}
\t.firsttd {border-left:none !important;}
\t.bold {font-weight:bold;}
\t</style>
\t<div id="uchome_debug" style="display:;">
EOF;
$class = 'tclass2';
if (empty($_SGLOBAL['debug_query'])) {
$_SGLOBAL['debug_query'] = array();
}
foreach ($_SGLOBAL['debug_query'] as $dkey => $debug) {
<?php
/*
[UCenter Home] (C) 2007-2008 Comsenz Inc.
$Id: admincp_backup.php 11889 2009-03-30 08:20:43Z xupeng $
*/
if (!defined('IN_UCHOME') || !defined('IN_ADMINCP')) {
exit('Access Denied');
}
// Check Permissions
if (!checkperm('managebackup') || !ckfounder($_SGLOBAL['supe_uid'])) {
cpmessage('no_authority_management_operation_backup');
}
//Get sub volume number
$volume = isset($_GET['volume']) ? intval($_GET['volume']) + 1 : 1;
$backupdir = data_get('backupdir');
$x_ver = X_VER;
//Backup file directory
if (empty($backupdir)) {
$backupdir = random(6);
data_set('backupdir', $backupdir);
}
$backupdir = 'backup_' . $backupdir;
if (!is_dir(S_ROOT . './data/' . $backupdir)) {
@mkdir(S_ROOT . './data/' . $backupdir, 0777);
}
// delete Backup files
if (submitcheck('delexportsubmit')) {
if (!empty($_POST['delexport']) && is_array($_POST['delexport'])) {
foreach ($_POST['delexport'] as $value) {
$fileext = fileext($value);
if ($result) {
$setarr['flag'] = $_POST['flag'];
}
}
if ($uid != $_SGLOBAL['supe_uid'] || ckfounder($_SGLOBAL['supe_uid'])) {
if (empty($_POST['groupid'])) {
$_POST['groupid'] = getgroupid($_POST['experience'], 0);
} else {
$expiration = $_POST['expiration'] ? sstrtotime($_POST['expiration']) : 0;
if ($expiration && $expiration <= $_SGLOBAL['timestamp']) {
showmessage('time_expired_error');
}
}
include_once S_ROOT . './data/data_usergroup_' . $_POST['groupid'] . '.php';
$group = $_SGLOBAL['usergroup'][$_POST['groupid']];
if ($group['manageconfig'] && !ckfounder($_SGLOBAL['supe_uid'])) {
cpmessage('no_authority_management_operation');
}
//有效期
if ($expiration) {
$setlogarr = array('uid' => $member['uid'], 'username' => addslashes($member['username']), 'opuid' => $_SGLOBAL['supe_uid'], 'opusername' => $_SGLOBAL['supe_username'], 'expiration' => $expiration, 'dateline' => $_SGLOBAL['timestamp'], 'flag' => 1);
inserttable('spacelog', $setlogarr, 0, true);
}
$setarr['groupid'] = intval($_POST['groupid']);
}
}
//实名管理权限
if ($managename) {
$setarr['name'] = getstr($_POST['name'], 20, 1, 1);
$setarr['namestatus'] = intval($_POST['namestatus']);
//实名认证通过奖励积分
}
} elseif ($_GET['op'] == 'manage') {
$groupidarr = array($member['groupid'] => ' selected');
$groupstr = '';
foreach ($_SGLOBAL['grouparr'] as $value) {
if (!(ckfounder($member['uid']) || $_SGLOBAL['supe_uid'] == $member['uid']) || $groupidarr[$value['groupid']]) {
$groupstr .= '<option value="' . $value['groupid'] . '"' . $groupidarr[$value['groupid']] . ' >' . $value['grouptitle'] . '</option>';
}
}
$avatarstr = avatar($member['uid'], 'middle');
$member['dateline'] = empty($member['dateline']) ? '-' : date('Y-m-d H:i', $member['dateline']);
$member['updatetime'] = empty($member['updatetime']) ? '-' : date('Y-m-d H:i', $member['updatetime']);
$member['lastlogin'] = empty($member['lastlogin']) ? '-' : date('Y-m-d H:i', $member['lastlogin']);
$member['lastsearchtime'] = empty($member['lastsearchtime']) ? '-' : date('Y-m-d H:i', $member['lastsearchtime']);
$member['ip'] = empty($member['ip']) ? '-' : trim($member['ip']);
if (ckfounder($member['uid']) || $_SGLOBAL['supe_uid'] == $member['uid']) {
$member['flagstr'] = '';
} else {
$member['flagstr'] = empty($member['flag']) ? '<a href="' . CPURL . '?action=member&op=delete&uid=' . $member['uid'] . '" onclick="return confirm(\'' . $alang['confirm_the_deletion_user_date'] . '\');">' . $alang['delete_user_date'] . '</a>' : $alang['users_protection_was_not_deleted'];
}
$member['flagcheck'] = empty($member['flag']) ? array(' checked', '') : array('', ' checked');
} else {
$mpurl = CPURL . '?action=' . $action;
//处理搜索
$intkeys = array('uid', 'groupid');
$strkeys = array('username');
$randkeys = array(array('sstrtotime', 'dateline'), array('sstrtotime', 'updatetime'));
$likekeys = array();
$results = getwheres($intkeys, $strkeys, $randkeys, $likekeys, 's.');
$wherearr = $results['wherearr'];
$wheresql = empty($wherearr) ? '1' : implode(' AND ', $wherearr);
function checkperm($permtype, $gid = 0)
{
global $_SGLOBAL, $_SCONFIG, $channel, $channels;
if (!@(include_once S_ROOT . './data/system/group.cache.php')) {
include_once S_ROOT . './function/cache.func.php';
updategroupcache();
}
$founderprem = array('managetpl', 'managecss', 'managestyletpl');
if (ckfounder($_SGLOBAL['supe_uid'])) {
return $permtype == 'allowdirectpost' ? false : true;
//´´Ê¼È˲»×öȨÏÞ¼ì²é
} elseif (in_array($permtype, $founderprem)) {
return false;
//·Ç´´Ê¼ÈËȨÏÞ
}
if (!$gid) {
if (empty($_SGLOBAL['supe_uid'])) {
getmember();
}
if (empty($_SGLOBAL['member']['groupid'])) {
$gid = 2;
//ÓοÍ×é
} else {
$gid = intval($_SGLOBAL['member']['groupid']);
$gid = getgroupid($_SGLOBAL['member']['experience'], $gid);
if ($gid != $_SGLOBAL['member']['groupid']) {
updatetable('members', array('groupid' => $gid), array('uid' => $_SGLOBAL['supe_uid']));
//¸üÐÂÓû§×é
}
}
if (!empty($channel)) {
if (!empty($channels['menus'][$channel][$permtype])) {
$extgroupid = explode("\t", $channels['menus'][$channel][$permtype]);
if (!in_array($gid, $extgroupid)) {
return false;
}
//ûÓÐƵµÀ·ÃÎÊȨ
}
}
}
if ($permtype == 'allowmanage') {
return true;
}
return empty($_SGLOBAL['grouparr'][$gid][$permtype]) ? false : true;
}
<?php
/*
[UCenter Home] (C) 2007-2008 Comsenz Inc.
$Id: admincp_template.php 12901 2009-07-27 07:59:27Z liguode $
*/
if (!defined('IN_UCHOME') || !defined('IN_ADMINCP')) {
exit('Access Denied');
}
//权限
if (empty($_SC['allowedittpl']) || !checkperm('managetemplate') || !ckfounder($_SGLOBAL['supe_uid'])) {
cpmessage('no_authority_management_operation_edittpl');
}
$turl = 'admincp.php?ac=template';
//模板目录
$tpldir = S_ROOT . './template/default/';
if (submitcheck('editsubmit')) {
$filename = checkfilename($_POST['filename']);
$filefullname = $tpldir . $filename;
//复制当前的文件
$d_file = $filefullname . '.bak';
if (!file_exists($d_file)) {
if (!@copy($filefullname, $d_file)) {
swritefile($d_file, sreadfile($filefullname));
}
}
$fp = fopen($filefullname, 'wb');
flock($fp, 2);
fwrite($fp, stripslashes($_POST['content']));
fclose($fp);
//清空模板缓存
<?php
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: misc_debug.php 6757 2010-03-25 09:01:29Z cnteacher $
*/
if (!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (DISCUZ_DEBUG && ckfounder($_G['uid'])) {
print <<<EOF
\t<style>
\t.tclass, .tclass2 {
\ttext-align:left;width:900px;border:0;border-collapse:collapse;margin-bottom:5px;table-layout: fixed; word-wrap: break-word;background:#FFF;}
\t.tclass table, .tclass2 table {width:100%;border:0;table-layout: fixed; word-wrap: break-word;}
\t.tclass table td, .tclass2 table td {border-bottom:0;border-right:0;border-color: #ADADAD;}
\t.tclass th, .tclass2 th {border:1px solid #000;background:#CCC;padding: 2px;font-family: Courier New, Arial;font-size: 11px;}
\t.tclass td, .tclass2 td {border:1px solid #000;background:#FFFCCC;padding: 2px;font-family: Courier New, Arial;font-size: 11px;}
\t.tclass2 th {background:#D5EAEA;}
\t.tclass2 td {background:#FFFFFF;}
\t.firsttr td {border-top:0;}
\t.firsttd {border-left:none !important;}
\t.bold {font-weight:bold;}
\t</style>
\t<div id="uchome_debug" style="display:;">
EOF;
$class = 'tclass2';
if (empty($_G['debug_query'])) {
$_G['debug_query'] = array();
} else {
ssetcookie('_refer', rawurlencode('admincp.php?ac=' . $_GET['ac']));
}
// showmessage('to_login', 'do.php?ac='.$_SCONFIG['login_action']); //原始版
showmessage('to_login', 'OpenID.call.php');
//OpenID登陆
}
$space = getspace($_SGLOBAL['supe_uid']);
if (empty($space)) {
showmessage('space_does_not_exist');
}
if (checkperm('banvisit')) {
ckspacelog();
showmessage('you_do_not_have_permission_to_visit');
}
$isfounder = ckfounder($_SGLOBAL['supe_uid']);
$acs = array(array('index', 'config', 'privacy', 'ip', 'spam', 'hotuser', 'defaultuser', 'usergroup', 'credit', 'magic', 'magiclog', 'profield', 'ad', 'userapp'), array('tag', 'mtag', 'event', 'report', 'space'), array('cache', 'network', 'profilefield', 'eventclass', 'click', 'task', 'censor', 'stat', 'block', 'cron', 'app', 'log'), array('feed', 'blog', 'album', 'pic', 'comment', 'thread', 'post', 'doing', 'share', 'poll'));
if (!empty($_SC['allowedittpl']) && $isfounder) {
$acs[2][] = 'template';
}
if ($isfounder) {
$acs[2][] = 'backup';
}
if (empty($_GET['ac']) || !in_array($_GET['ac'], $acs[0]) && !in_array($_GET['ac'], $acs[1]) && !in_array($_GET['ac'], $acs[2]) && !in_array($_GET['ac'], $acs[3])) {
$ac = 'index';
} else {
$ac = $_GET['ac'];
}
//来源
if (!preg_match("/admincp\\.php/", $_SGLOBAL['refer'])) {
$_SGLOBAL['refer'] = "admincp.php?ac={$ac}";
function changeowner($uid = 1, $itemarr = '')
{
global $_G, $_SGLOBAL, $mname, $cookie_referer, $_BCACHE;
if (!empty($itemarr)) {
$uid = intval($uid);
if ($mname != 'shop') {
cpmsg('mod_notinshop', $cookie_referer);
//非店舖不能修改所有者
}
if ($uid > 0) {
require_once B_ROOT . './uc_client/client.php';
$tmp = uc_get_user($uid, 1);
$uid = intval($tmp[0]);
//讓UC驗證該id是否存在
$username = addslashes($tmp[1]);
$email = addslashes($tmp[2]);
if (!($uid > 0 && $username)) {
cpmsg('no_uid', $cookie_referer, '', '', true, 3);
//UC中沒有該用戶
}
$thisshopid = DB::result_first("SELECT myshopid FROM " . tname('members') . " WHERE uid='{$uid}'");
if ($thisshopid === false) {
//會員表中沒有該用戶,自動插入數據
$insertsqlarr = array('uid' => $uid, 'username' => $username, 'password' => '', 'groupid' => 12, 'email' => $email, 'dateline' => $_G['timestamp'], 'updatetime' => $_G['timestamp'], 'lastlogin' => 0, 'ip' => $_G['clientip']);
inserttable('members', $insertsqlarr);
}
foreach ($itemarr as $itemid) {
updatemyshopid($itemid);
updatetable('shopitems', array('uid' => $uid, 'username' => $username), array('itemid' => $itemid));
}
if (!ckfounder($uid)) {
updatetable('members', array('myshopid' => intval($itemarr[0])), array('uid' => $uid));
$_BCACHE->deltype('sitelist', 'shop', $uid);
}
} else {
cpmsg('no_uidanditemid', $cookie_referer);
//提交的數據不合法
}
}
}