function auth_time($time)
{
global $MOD, $DT_TIME, $L;
if ($MOD['auth_days'] && $DT_TIME - $time > $MOD['auth_days'] * 86400) {
dalert($L['auth_time'], $MOD['linkurl']);
}
}
function auth_time($time, $type = 0)
{
global $MOD, $DT_TIME, $L;
$second = $type ? 600 : 86400;
if ($MOD['auth_days'] && $DT_TIME - $time > $MOD['auth_days'] * $second) {
dalert($L['auth_time'], $MOD['linkurl']);
}
}
function strip_key($array, $deep = 0)
{
foreach ($array as $k => $v) {
if ($deep && !preg_match("/^[a-z0-9_\\-]{1,}\$/i", $k)) {
dhttp(403, 0);
dalert('HTTP 403 Forbidden', DT_PATH);
}
if (is_array($v)) {
strip_key($v, 1);
}
}
}
function property_check($post_ppt)
{
global $post;
include load('include.lang');
$OP = $post['catid'] ? property_option($post['catid']) : array();
if (!$OP) {
return;
}
foreach ($OP as $v) {
if ($v['required'] && !$post_ppt[$v['oid']]) {
$msg = lang($v['type'] > 1 ? $L['fields_choose'] : $L['fields_input'], array($v['name']));
defined('DT_ADMIN') ? msg($msg) : dalert($msg);
}
}
}
<?php
defined('IN_DESTOON') or exit('Access Denied');
login();
require DT_ROOT . '/module/' . $module . '/common.inc.php';
$MG['sendmail'] or dalert(lang('message->without_permission_and_upgrade'), 'goback');
require DT_ROOT . '/include/post.func.php';
if (isset($preview)) {
$title = isset($title) ? trim(stripslashes($title)) : '';
$content = isset($content) ? trim(stripslashes($content)) : '';
include template('send', 'mail');
exit;
}
if ($submit) {
captcha($captcha);
$email = trim($email);
if (!is_email($email)) {
message($L['sendmail_pass_mailto']);
}
$title = trim(stripslashes($title));
if (strlen($title) < 5) {
message($L['pass_title']);
}
$content = trim(stripslashes($content));
if (strlen($content) < 10) {
message($L['pass_content']);
}
clear_upload($content);
$content = dsafe(save_local($content));
$content = ob_template('send', 'mail');
$DT['mail_name'] = $_company;
//dalert($L['not_file'], $linkurl);
}
}
if (isset($mirror)) {
include DT_ROOT . '/file/config/mirror.inc.php';
if (isset($MIRROR[$mirror])) {
if ($local) {
dheader(str_replace(DT_ROOT . '/', $MIRROR[$mirror]['url'], $localfile));
} else {
if ($DT['ftp_remote'] && $DT['remote_url']) {
$fileurl = str_replace($DT['remote_url'], $MIRROR[$mirror]['url'], $fileurl);
}
dheader($fileurl);
}
} else {
dalert($L['not_mirror'], $linkurl);
}
} else {
if ($local) {
if ($MOD['upload'] && filesize($localfile) < $MOD['readsize'] * 1024 * 1024) {
$ext = file_ext($localfile);
if (!in_array($ext, explode('|', $MOD['upload'])) || in_array($ext, array('php', 'sql')) || strpos($localfile, './') !== false) {
dheader($fileurl);
}
//Safe
$title = file_vname($title);
$title or dheader($fileurl);
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Chrome') !== false) {
$title = convert($title, DT_CHARSET, 'UTF-8');
}
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Firefox') !== false) {
<?php
require '../../../common.inc.php';
require 'init.inc.php';
$_REQUEST['code'] or dalert('Error Request.', $MODULE[2]['linkurl'] . $DT['file_login'] . '?step=callback&site=' . $site);
$par = 'grant_type=authorization_code' . '&code=' . $_REQUEST['code'] . '&client_id=' . BD_ID . '&client_secret=' . BD_SECRET . '&redirect_uri=' . urlencode(BD_CALLBACK);
$rec = dcurl(BD_TOKEN_URL, $par);
if (strpos($rec, 'access_token') !== false) {
$arr = json_decode($rec, true);
$_SESSION['bd_access_token'] = $arr['access_token'];
dheader('index.php?time=' . $DT_TIME);
} else {
dalert('Error Token.', $MODULE[2]['linkurl'] . $DT['file_login'] . '?step=token&site=' . $site);
}
<?php
defined('IN_DESTOON') or exit('Access Denied');
login();
require DT_ROOT . '/module/' . $module . '/common.inc.php';
require DT_ROOT . '/include/post.func.php';
isset($item) or message();
$names = $L['type_names'];
isset($names[$item]) or message();
require DT_ROOT . '/include/type.class.php';
$do = new dtype();
$do->item = $item . '-' . $_userid;
if ($submit) {
if ($MG['type_limit'] && $type[0]['typename'] && count($type) > $MG['type_limit']) {
dalert(lang($L['type_msg_limit'], array($MG['type_limit'])), 'goback');
}
$do->update($type);
dmsg($L['op_update_success'], '?item=' . $item);
} else {
$head_title = lang($L['type_title'], array($names[$item]));
$types = $do->get_list();
foreach ($types as $k => $v) {
$types[$k]['style_select'] = dstyle('type[' . $v['typeid'] . '][style]', $v['style']);
}
$new_style = dstyle('type[0][style]');
include template('type', $module);
}
<?php
defined('IN_DESTOON') or exit('Access Denied');
login();
require DT_ROOT . '/module/' . $module . '/common.inc.php';
$MG['homepage'] && $MG['style'] or dalert(lang('message->without_permission_and_upgrade'), 'goback');
require DT_ROOT . '/include/post.func.php';
require MD_ROOT . '/style.class.php';
$do = new style();
$user = userinfo($_username);
$domain = $user['domain'];
if ($itemid) {
$do->itemid = $itemid;
$r = $do->get_one();
$r or message($L['style_msg_not_exist']);
if ($r['groupid']) {
$groupids = explode(',', $r['groupid']);
if (!in_array($_groupid, $groupids)) {
message($L['style_msg_group']);
}
}
if ($action == 'buy' && $r['fee']) {
$currency = $r['currency'];
$months = array(1, 2, 3, 6, 12, 24);
$unit = $currency == 'money' ? $DT['money_unit'] : $DT['credit_unit'];
if ($submit) {
in_array($month, $months) or message($L['style_msg_month']);
$amount = $r['fee'] * $month;
if ($currency == 'money') {
if ($amount > $_money) {
message($L['money_not_enough'], $MODULE[2]['linkurl'] . 'charge.php?action=pay&amount=' . ($amount - $_money));
$db->query("INSERT INTO {$DT_PRE}validate (type,username,ip,addtime,status,title,editor,edittime) VALUES ('mobile','{$username}','{$DT_IP}','{$DT_TIME}','3','{$mobile}','system','{$DT_TIME}')");
message($L['send_mobile_success'], $MOD['linkurl']);
}
message($L['send_mobile_code_error']);
} else {
$DT['sms'] or message($L['send_sms_close']);
$fee = $DT['sms_fee'];
if ($submit) {
is_mobile($mobile) or message($L['send_mobile_bad']);
$r = $db->get_one("SELECT userid FROM {$DT_PRE}member WHERE mobile='{$mobile}' AND vmobile=1 AND userid<>{$_userid}");
if ($r) {
message($L['send_mobile_exist']);
}
if ($fee && $_sms < 1) {
$fee <= $_money or message($L['money_not_enough'], $MOD['linkurl'] . 'charge.php?action=pay');
is_payword($_username, $password) or dalert($L['error_payword']);
}
$auth = random(6, '0123456789');
$content = lang('sms->sms_code', array($auth, $MOD['auth_days'])) . $DT['sms_sign'];
$sms_code = send_sms($mobile, $content);
if (strpos($sms_code, $DT['sms_ok']) !== false) {
if ($fee) {
if ($_sms < 1) {
money_add($_username, -$fee);
money_record($_username, -$fee, $L['in_site'], $_username, $L['send_mobile_record'], $mobile);
} else {
sms_add($_username, -1);
sms_record($_username, -1, $_username, $L['send_mobile_record'], $mobile);
}
}
$db->query("UPDATE {$DT_PRE}member SET auth='{$auth}',authvalue='{$mobile}',authtime='{$DT_TIME}' WHERE username='******'");
}
if ($MST['vmobile'] && $MG['vmobile']) {
$V['vmobile'] or dheader('validate.php?action=mobile&itemid=1');
}
if ($MST['vtruename'] && $MG['vtruename']) {
$V['vtruename'] or dheader('validate.php?action=truename&itemid=1');
}
if ($MST['vcompany'] && $MG['vcompany']) {
$V['vcompany'] or dheader('validate.php?action=company&itemid=1');
}
}
if ($_credit < 0 && $MST['credit_less'] && $action == 'add') {
dheader('credit.php?action=less');
}
if ($submit) {
check_post() or dalert($L['bad_data']);
//safe
$BANWORD = cache_read('banword.php');
if ($BANWORD && isset($post)) {
$keys = array('title', 'tag', 'introduce', 'content');
foreach ($keys as $v) {
if (isset($post[$v])) {
$post[$v] = banword($BANWORD, $post[$v]);
}
}
}
}
$MYMODS = array();
if (isset($MG['moduleids']) && $MG['moduleids']) {
$MYMODS = explode(',', $MG['moduleids']);
}
<?php
require '../../../common.inc.php';
require 'init.inc.php';
$success = 0;
$DS = array();
if ($_SESSION['token']) {
$c = new SaeTClientV2(WB_AKEY, WB_SKEY, $_SESSION['token']['access_token']);
$ms = $c->home_timeline();
$uid_get = $c->get_uid();
$uid = $uid_get['uid'];
$me = $c->show_user_by_id($uid);
if (isset($me['error'])) {
dalert('API Error:' . $me['error'], $MODULE[2]['linkurl'] . $DT['file_login']);
}
if ($me && isset($me['screen_name'])) {
$success = 1;
$openid = $me['id'];
$nickname = convert($me['screen_name'], 'UTF-8', DT_CHARSET);
$avatar = $me['profile_image_url'];
$url = $me['url'];
$DS = array('token');
}
}
require '../destoon.inc.php';
$_userid = isset($_dauth[0]) ? intval($_dauth[0]) : 0;
$_username = isset($_dauth[1]) ? trim($_dauth[1]) : '';
$_groupid = isset($_dauth[2]) ? intval($_dauth[2]) : 3;
$_admin = isset($_dauth[4]) ? intval($_dauth[4]) : 0;
if ($_userid && !defined('DT_NONUSER')) {
$_password = isset($_dauth[3]) ? trim($_dauth[3]) : '';
$USER = $db->get_one("SELECT username,passport,company,truename,password,groupid,email,message,chat,sound,online,sms,credit,money,loginip,admin,aid,edittime,trade FROM {$DT_PRE}member WHERE userid={$_userid}");
if ($USER && $USER['password'] == $_password) {
if ($USER['groupid'] == 2) {
dalert(lang('message->common_forbidden'));
}
extract($USER, EXTR_PREFIX_ALL, '');
if ($USER['loginip'] != $DT_IP && ($DT['ip_login'] == 2 || $DT['ip_login'] == 1 && IN_ADMIN)) {
$_userid = 0;
set_cookie('auth', '');
dalert(lang('message->common_login', array($USER['loginip'])), DT_PATH);
}
} else {
$_userid = 0;
if ($db->linked && !isset($swfupload) && strpos($_SERVER['HTTP_USER_AGENT'], 'Flash') === false) {
set_cookie('auth', '');
}
}
unset($destoon_auth, $USER, $_dauth, $_password);
}
}
if ($_userid == 0) {
$_groupid = 3;
$_username = '';
}
if (!IN_ADMIN) {
$userid or msg('请选择会员');
$db->halt = 0;
if (!$_founder) {
if (is_array($userid)) {
foreach ($userid as $uid) {
$do->userid = $uid;
$user = $do->get_one();
if ($user['groupid'] == 1) {
dalert('您无权删除管理员', '?file=logout');
}
}
} else {
$do->userid = $userid;
$user = $do->get_one();
if ($user['groupid'] == 1) {
dalert('您无权删除管理员', '?file=logout');
}
}
}
if ($do->delete($userid)) {
dmsg('删除成功', $forward);
} else {
msg($do->errmsg);
}
break;
case 'move':
$userid or msg('请选择会员');
$gid = isset($groupids) ? $groupids : $groupid;
if ($gid == 1) {
msg('操作失败! 如果需要添加管理员<br/><a href="?file=admin&action=add">请点这里进入管理员管理...</a>');
}
if ($job != 'guestbook') {
$content .= '<br/>' . $L['content_from'];
}
if ($job == 'guestbook') {
$type = 3;
} else {
if ($job == 'price') {
$type = 2;
} else {
$type = 1;
}
}
if (send_message($username, $title, $content, $type, $_username)) {
dalert($L['msg_home_success'], '', 'parent.window.location=parent.window.location;');
} else {
dalert($_userid ? $L['msg_home_member_failed'] : $L['msg_home_guest_failed']);
}
break;
case 'next':
$itemid or dheader($MOD['linkurl']);
check_name($username) or dheader($MOD['linkurl']);
$user = userinfo($username);
$domain = $user['domain'];
if ($domain) {
$DT['rewrite'] = intval($CFG['com_rewrite']);
}
$r = $db->get_one("SELECT itemid FROM {$DT_PRE}sell_5 WHERE username='******' AND itemid>{$itemid} AND status=3 ORDER BY itemid ASC");
if ($r) {
dheader(userurl($username, 'file=sell&itemid=' . $r['itemid'], $domain));
}
dheader(userurl($username, 'file=sell', $domain));
$do->login($username, '', 0, true);
message($L['send_check_success'], $MOD['linkurl']);
} else {
if ($DT['mail_type'] == 'close') {
message($L['send_mail_close']);
}
if ($MOD['checkuser'] != 2) {
dheader(DT_PATH);
}
if ($submit) {
captcha($captcha);
check_name($username) or message($L['send_check_username_bad']);
$user = userinfo($username);
if ($user) {
if ($user['groupid'] != 4) {
dalert($L['send_check_deny'], DT_PATH);
}
if ($user['password'] != dpassword($password, $user['passsalt'])) {
message($L['send_check_password_bad']);
}
$email = trim($email);
if ($email && $email != $user['email']) {
is_email($email) or message($L['send_check_email_bad']);
$r = $db->get_one("SELECT userid FROM {$DT_PRE}member WHERE email='{$email}'");
if ($r) {
message($L['send_check_email_repeat']);
}
$db->query("UPDATE {$DT_PRE}member SET email='{$email}' WHERE username='******'");
} else {
$email = $user['email'];
}
$post['total_fee'] = $charge * 100;
$post['spbill_create_ip'] = $DT_IP;
$post['notify_url'] = DT_PATH . 'api/pay/' . $bank . '/' . ($PAY[$bank]['notify'] ? $PAY[$bank]['notify'] : 'notify.php');
$post['trade_type'] = 'NATIVE';
$post['product_id'] = $itemid;
$post['sign'] = make_sign($post, $PAY[$bank]['keycode']);
$rec = dcurl('https://api.mch.weixin.qq.com/pay/unifiedorder', make_xml($post));
#log_write($rec, 'wxr', 1);
if (strpos($rec, 'code_url') !== false) {
$x = simplexml_load_string($rec, 'SimpleXMLElement', LIBXML_NOCDATA);
} else {
if (strpos($rec, 'return_msg') !== false) {
$x = simplexml_load_string($rec, 'SimpleXMLElement', LIBXML_NOCDATA);
dalert(convert($x->return_msg, 'UTF-8', DT_CHARSET), $MODULE[2]['linkurl'] . 'charge.php?action=record');
} else {
dalert('Can Not Connect weixin', $MODULE[2]['linkurl'] . 'charge.php?action=record');
}
}
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=<?php
echo DT_CHARSET;
?>
"/>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>微信支付<?php
echo $DT['seo_delimiter'];
echo $DT['sitename'];
?>
</title>
}
if ($could_emailcode) {
$db->query("UPDATE {$DT_PRE}member SET vemail=1 WHERE username='******'");
}
if ($could_mobilecode) {
$db->query("UPDATE {$DT_PRE}member SET vmobile=1 WHERE username='******'");
}
if (!get_cookie('bind')) {
session_destroy();
}
$forward = 'goto.php?action=register_success&username='******'&auth=' . encrypt('LOGIN|' . $username . '|' . $post['password'] . '|' . $DT_TIME, DT_KEY . 'LOGIN') . '&forward=' . urlencode($forward);
dalert('', '', 'parent.window.location="' . $forward . '"');
} else {
$reload_captcha = $MOD['captcha_register'] ? reload_captcha() : '';
$reload_question = $MOD['question_register'] ? reload_question() : '';
dalert($do->errmsg, '', $reload_captcha . $reload_question);
}
} else {
$COM_TYPE = explode('|', $MOD['com_type']);
$COM_SIZE = explode('|', $MOD['com_size']);
$COM_MODE = explode('|', $MOD['com_mode']);
$MONEY_UNIT = explode('|', $MOD['money_unit']);
$mode_check = dcheckbox($COM_MODE, 'post[mode][]', '', 'onclick="check_mode(this);"', 0);
$auth = isset($auth) ? rawurldecode($auth) : '';
$username = $password = $email = $passport = '';
if ($auth) {
$auth = decrypt($auth, DT_KEY . 'UC');
$auth = explode('|', $auth);
$passport = $auth[0];
if (check_name($passport)) {
$username = $passport;
case 'delete':
$MG['delete'] or message();
$itemid or message();
$itemids = is_array($itemid) ? $itemid : array($itemid);
foreach ($itemids as $itemid) {
$do->itemid = $itemid;
$item = $db->get_one("SELECT username FROM {$table} WHERE itemid={$itemid}");
if (!$item || $item['username'] != $_username) {
message();
}
$do->recycle($itemid);
}
dmsg($L['success_delete'], $forward);
break;
case 'refresh':
$MG['refresh_limit'] > -1 or dalert(lang('message->without_permission_and_upgrade'), 'goback');
$do->_update($_username);
$itemid or message($L['select_info']);
$itemids = $itemid;
$s = $f = 0;
foreach ($itemids as $itemid) {
$do->itemid = $itemid;
$item = $db->get_one("SELECT username,edittime FROM {$table} WHERE itemid={$itemid}");
$could_refresh = $item && $item['username'] == $_username;
if ($could_refresh && $MG['refresh_limit'] && $DT_TIME - $item['edittime'] < $MG['refresh_limit']) {
$could_refresh = false;
}
if ($could_refresh && $MOD['credit_refresh'] && $MOD['credit_refresh'] > $_credit) {
$could_refresh = false;
}
if ($could_refresh) {
function dmail($mail_to, $mail_subject, $mail_body, $mail_from = '', $mail_sign = true)
{
global $DT;
if ($DT['mail_type'] == 'close') {
return 'close';
}
$sendmail_from = $mail_from ? $mail_from : $DT['mail_sender'];
$mail_from = "=?" . strtolower(DT_CHARSET) . "?B?" . base64_encode($DT['mail_name'] ? $DT['mail_name'] : $DT['sitename']) . "?= <" . $sendmail_from . ">";
$mail_subject = stripslashes($mail_subject);
$mail_subject = str_replace("\r", '', str_replace("\n", '', $mail_subject));
$mail_subject = "=?" . strtolower(DT_CHARSET) . "?B?" . base64_encode($mail_subject) . "?=";
if ($DT['mail_sign'] && $mail_sign) {
$mail_body .= $DT['mail_sign'];
}
$mail_body = stripslashes($mail_body);
$mail_body = chunk_split(base64_encode(str_replace("\r\n.", " \r\n..", str_replace("\n", "\r\n", str_replace("\r", "\n", str_replace("\r\n", "\n", str_replace("\n\r", "\r", $mail_body)))))));
$mail_dlmt = $DT['mail_delimiter'] == 1 ? "\r\n" : ($DT['mail_delimiter'] == 2 ? "\n" : "\r");
$headers = '';
$headers .= "From: {$mail_from}" . $mail_dlmt;
$headers .= "X-Priority: 3" . $mail_dlmt;
$headers .= "X-Mailer: Destoon" . $mail_dlmt;
$headers .= "MIME-Version: 1.0" . $mail_dlmt;
$headers .= "Content-type: text/html; charset=" . DT_CHARSET . $mail_dlmt;
$headers .= "Content-Transfer-Encoding: base64" . $mail_dlmt;
if ($DT['mail_type'] == 'smtp') {
$host = $DT['smtp_host'] . ':' . $DT['smtp_port'] . ' ';
if (!($fp = fsockopen($DT['smtp_host'], $DT['smtp_port'], $errno, $errstr, 30))) {
$errmsg = $host . 'can not connect to the SMTP server';
if (defined('TESTMAIL')) {
dalert('Error:' . trim($errmsg));
}
log_write($errmsg, 'smtp');
return $errmsg;
}
stream_set_blocking($fp, true);
$RE = fgets($fp, 512);
if (substr($RE, 0, 3) != '220') {
$errmsg = $host . $RE;
if (defined('TESTMAIL')) {
dalert('Error:' . trim($errmsg));
}
log_write($errmsg, 'smtp');
return $errmsg;
}
fputs($fp, ($DT['smtp_auth'] ? 'EHLO' : 'HELO') . " Destoon\r\n");
$RE = fgets($fp, 512);
if (substr($RE, 0, 3) != 220 && substr($RE, 0, 3) != 250) {
$errmsg = $host . 'HELO/EHLO - ' . $RE;
if (defined('TESTMAIL')) {
dalert('Error:' . trim($errmsg));
}
log_write($errmsg, 'smtp');
return $errmsg;
}
while (1) {
if (substr($RE, 3, 1) != '-' || empty($RE)) {
break;
}
$RE = fgets($fp, 512);
}
if ($DT['smtp_auth']) {
fputs($fp, "AUTH LOGIN\r\n");
$RE = fgets($fp, 512);
if (substr($RE, 0, 3) != 334) {
$errmsg = $host . 'AUTH LOGIN - ' . $RE;
if (defined('TESTMAIL')) {
dalert('Error:' . trim($errmsg));
}
log_write($errmsg, 'smtp');
return $errmsg;
}
fputs($fp, base64_encode($DT['smtp_user']) . "\r\n");
$RE = fgets($fp, 512);
if (substr($RE, 0, 3) != 334) {
$errmsg = $host . 'USERNAME - ' . $RE;
if (defined('TESTMAIL')) {
dalert('Error:' . trim($errmsg));
}
log_write($errmsg, 'smtp');
return $errmsg;
}
fputs($fp, base64_encode($DT['smtp_pass']) . "\r\n");
$RE = fgets($fp, 512);
if (substr($RE, 0, 3) != 235) {
$errmsg = $host . 'PASSWORD - ' . $RE;
if (defined('TESTMAIL')) {
dalert('Error:' . trim($errmsg));
}
log_write($errmsg, 'smtp');
return $errmsg;
}
$mail_from = strpos($DT['smtp_user'], '@') !== false ? $DT['smtp_user'] : $DT['mail_sender'];
} else {
$mail_from = $DT['mail_sender'];
}
fputs($fp, "MAIL FROM: <" . preg_replace("/.*\\<(.+?)\\>.*/", "\\1", $mail_from) . ">\r\n");
$RE = fgets($fp, 512);
if (substr($RE, 0, 3) != 250) {
fputs($fp, "MAIL FROM: <" . preg_replace("/.*\\<(.+?)\\>.*/", "\\1", $mail_from) . ">\r\n");
$RE = fgets($fp, 512);
if (substr($RE, 0, 3) != 250) {
$errmsg = $host . 'MAIL FROM - ' . $RE;
if (defined('TESTMAIL')) {
dalert('Error:' . trim($errmsg));
}
log_write($errmsg, 'smtp');
return $errmsg;
}
}
foreach (explode(',', $mail_to) as $touser) {
$touser = trim($touser);
if ($touser) {
fputs($fp, "RCPT TO: <" . preg_replace("/.*\\<(.+?)\\>.*/", "\\1", $touser) . ">\r\n");
$RE = fgets($fp, 512);
if (substr($RE, 0, 3) != 250) {
fputs($fp, "RCPT TO: <" . preg_replace("/.*\\<(.+?)\\>.*/", "\\1", $touser) . ">\r\n");
$RE = fgets($fp, 512);
$errmsg = $host . 'RCPT TO - ' . $RE;
if (defined('TESTMAIL')) {
dalert('Error:' . trim($errmsg));
}
log_write($errmsg, 'smtp');
return $errmsg;
}
}
}
fputs($fp, "DATA\r\n");
$RE = fgets($fp, 512);
if (substr($RE, 0, 3) != 354) {
$errmsg = $host . 'DATA - ' . $RE;
if (defined('TESTMAIL')) {
dalert('Error:' . trim($errmsg));
}
log_write($errmsg, 'smtp');
return $errmsg;
}
list($msec, $sec) = explode(' ', microtime());
$headers .= "Message-ID: <" . date('YmdHis', $sec) . "." . $msec * 1000000 . "." . substr($mail_from, strpos($mail_from, '@')) . ">" . $mail_dlmt;
fputs($fp, "Date: " . date('r') . "\r\n");
fputs($fp, "To: " . $mail_to . "\r\n");
fputs($fp, "Subject: " . $mail_subject . "\r\n");
fputs($fp, $headers . "\r\n");
fputs($fp, "\r\n\r\n");
fputs($fp, "{$mail_body}\r\n.\r\n");
$RE = fgets($fp, 512);
if (substr($RE, 0, 3) != 250) {
$errmsg = $host . 'END - ' . $RE;
if (defined('TESTMAIL')) {
dalert('Error:' . trim($errmsg));
}
log_write($errmsg, 'smtp');
return $errmsg;
}
fputs($fp, "QUIT\r\n");
return 'SUCCESS';
} else {
if ($DT['mail_type'] != 'mail') {
ini_set('SMTP', $DT['smtp_host']);
ini_set('smtp_port', $DT['smtp_port']);
ini_set('sendmail_from', $sendmail_from);
}
return @mail($mail_to, $mail_subject, $mail_body, $headers) ? 'SUCCESS' : '';
}
}
<?php
defined('IN_DESTOON') or exit('Access Denied');
if ($DT_BOT) {
dhttp(403);
}
require DT_ROOT . '/module/' . $module . '/common.inc.php';
check_group($_groupid, $MOD['group_compare']) or dalert(lang('message->without_permission'), 'goback');
$DT_URL = $DT_REF;
$itemid && is_array($itemid) or dalert($L['compare_choose'], 'goback');
$itemid = array_unique($itemid);
$item_nums = count($itemid);
$item_nums < 9 or dalert($L['compare_max'], 'goback');
$item_nums > 1 or dalert($L['compare_min'], 'goback');
$itemid = implode(',', $itemid);
$tags = array();
$result = $db->query("SELECT * FROM {$table} WHERE itemid IN ({$itemid}) ORDER BY addtime DESC");
while ($r = $db->fetch_array($result)) {
if ($r['status'] != 3) {
continue;
}
$r['editdate'] = timetodate($r['edittime'], 3);
$r['adddate'] = timetodate($r['addtime'], 3);
$r['stitle'] = dsubstr($r['title'], 30);
$r['stitle'] = set_style($r['stitle'], $r['style']);
$r['userurl'] = userurl($r['username']);
$r['linkurl'] = $MOD['linkurl'] . $r['linkurl'];
$tags[] = $r;
}
$head_title = $L['compare_title'] . $DT['seo_delimiter'] . $MOD['name'];
include template($MOD['template_compare'] ? $MOD['template_compare'] : 'compare', $module);
$js .= 'window.parent.SetUrl("' . $saveto . '");';
$js .= 'window.parent.GetE("frmUpload").reset();';
} else {
if ($from == 'attach') {
$js .= 'window.parent.GetE("txtUrl").value="' . $saveto . '";';
$js .= 'window.parent.window.parent.Ok();';
} else {
if ($from == 'file') {
if ($moduleid == 2 && $fid == 'chat') {
$js .= $pr . '("word").value="' . $saveto . '";';
$js .= 'window.parent.chat_send();';
} else {
$js .= $pr . '("' . $fid . '").value="' . $saveto . '";';
if ($module == 'down') {
$js .= 'window.parent.initd(' . dround($do->file_size / 1024 / 1024, 2) . ');';
}
}
$js .= 'window.parent.cDialog();';
}
}
}
}
}
dalert('', '', $js);
} else {
$errmsg = 'Error(9)' . $do->errmsg;
if ($swfupload) {
exit(convert($errmsg, DT_CHARSET, 'UTF-8'));
}
dalert($errmsg, '', $errjs);
}
}
$max = $tmp;
} else {
in_array($ext, array('jpg', 'jpeg', 'gif', 'png', 'bmp')) or file_del($f);
}
}
if ($htm) {
dalert('', '', 'parent.Upsuccess("' . $htm . '");');
} else {
dalert('系统未在压缩包内找到HTM文件');
}
} else {
dalert('解压缩失败,请检查目录权限');
}
} else {
dalert($upload->errmsg);
}
break;
case 'read':
if ($word && in_array(file_ext($word), array('htm', 'html'))) {
$data = file_get(DT_ROOT . '/file/temp/' . $word);
if ($data) {
if ($charset) {
$data = convert($data, $charset, DT_CHARSET);
}
if (preg_match("/<body[^>]*>([\\s\\S]+)<\\/body>/i", $data, $m)) {
$data = trim($m[1]);
}
$data = str_replace('<![if !vml]>', '', $data);
$data = str_replace('<![endif]>', '', $data);
$data = str_replace('<o:p>', '', $data);
}
$post = array();
$post['content'] = $word;
$post['type'] = 'reply';
$post['openid'] = $openid;
$post['editor'] = $_username;
$post['addtime'] = $DT_TIME;
$post['misc']['type'] = $type;
$post['misc'] = $post['misc'] ? serialize($post['misc']) : '';
$post = daddslashes($post);
$sql = '';
foreach ($post as $k => $v) {
$sql .= ",{$k}='{$v}'";
}
$db->query("INSERT INTO {$DT_PRE}weixin_chat SET " . substr($sql, 1));
dalert('', '', 'window.parent.chat_show(2);');
break;
case 'load':
$openid or exit;
$chatlast = $_chatlast = intval($chatlast);
$josn = $debug = '';
$i = $j = 0;
if ($chatlast) {
$sql = "SELECT * FROM {$DT_PRE}weixin_chat WHERE openid='{$openid}' AND event=0 AND addtime>{$chatlast} ORDER BY addtime DESC";
} else {
$sql = "SELECT * FROM {$DT_PRE}weixin_chat WHERE openid='{$openid}' AND event=0 ORDER BY addtime DESC LIMIT 20";
}
$lists = array();
$result = $db->query($sql);
while ($r = $db->fetch_array($result)) {
if ($r['type'] == 'reply' && $r['editor'] != $_username) {
function banword($WORD, $string, $extend = true)
{
$string = stripslashes($string);
foreach ($WORD as $v) {
$v[0] = preg_quote($v[0]);
$v[0] = str_replace('/', '\\/', $v[0]);
$v[0] = str_replace("\\*", ".*", $v[0]);
if ($v[2] && $extend) {
if (preg_match("/" . $v[0] . "/i", $string)) {
dalert(lang('include->msg_word_ban'));
}
} else {
if ($string == '') {
break;
}
if (preg_match("/" . $v[0] . "/i", $string)) {
$string = preg_replace("/" . $v[0] . "/i", $v[1], $string);
}
}
}
return addslashes($string);
}
<?php
defined('IN_DESTOON') or exit('Access Denied');
if ($DT_BOT) {
dhttp(403);
}
login();
require DT_ROOT . '/module/' . $module . '/common.inc.php';
SELL_ORDER or dalert(lang('message->without_permission'), 'goback');
require DT_ROOT . '/include/post.func.php';
include load('misc.lang');
include load('member.lang');
include load('order.lang');
if ($submit) {
$ids = '';
if ($post) {
$add = array_map('trim', $add);
$add['address'] = area_pos($add['areaid'], '') . $add['address'];
$add = dhtmlspecialchars($add);
$buyer_address = $add['address'];
if (strlen($buyer_address) < 10) {
message($L['msg_type_address']);
}
$buyer_postcode = $add['postcode'];
if (strlen($buyer_postcode) < 6) {
message($L['msg_type_postcode']);
}
$buyer_name = $add['truename'];
if (strlen($buyer_name) < 2) {
message($L['msg_type_truename']);
}
fields_check($post_fields);
}
if ($CP) {
property_check($post_ppt);
}
if ($FD) {
fields_update($post_fields, $table, $do->itemid);
}
if ($CP) {
property_update($post_ppt, $moduleid, $post['catid'], $do->itemid);
}
$do->edit($post);
set_cookie('dmsg', $L['success_edit']);
dalert('', '', 'parent.window.location="' . $forward . '"');
} else {
dalert($do->errmsg);
}
} else {
extract($item);
}
break;
case 'delete':
$MG['delete'] or message();
$itemid or message();
$itemids = is_array($itemid) ? $itemid : array($itemid);
foreach ($itemids as $itemid) {
$do->itemid = $itemid;
$item = $do->get_one();
if (!$item || $item['username'] != $_username) {
message();
}
case 'last':
if ($_message) {
$item = $db->get_one("SELECT itemid,feedback FROM {$DT_PRE}message WHERE touser='******' AND status=3 AND isread=0 ORDER BY itemid DESC");
if ($item) {
dheader('?action=show&itemid=' . $item['itemid'] . ($item['feedback'] ? '&feedback=1' : ''));
}
}
dheader('?action=index');
break;
default:
if ($MG['inbox_limit']) {
$r = $db->get_one("SELECT COUNT(*) AS num FROM {$DT_PRE}message WHERE touser='******' AND status=3");
$limit_used = $r['num'];
$limit_free = $MG['inbox_limit'] > $limit_used ? $MG['inbox_limit'] - $limit_used : 0;
if ($limit_used >= $MG['inbox_limit']) {
dalert($L['message_msg_inbox_limit'], '?action=empty');
}
}
$status = 3;
$name = $L['message_title_inbox'];
if ($_message) {
$do->fix_message();
}
$condition = "touser='******' AND status={$status} " . $condition;
$messages = $do->get_list($condition);
$systems = $do->get_sys();
$color_select = '';
foreach ($COLORS as $v) {
$color_select .= '<option value="' . $v . '" style="background:#' . $v . ';"> </option>';
}
break;
login();
require DT_ROOT . '/module/' . $module . '/common.inc.php';
if ($_groupid > 5 && !$_edittime && $action == 'add') {
dheader($MODULE[2]['linkurl'] . 'edit.php?tab=2');
}
$MG['homepage'] && $MG['news_limit'] > -1 or dalert(lang('message->without_permission_and_upgrade'), 'goback');
require DT_ROOT . '/include/post.func.php';
$TYPE = get_type('news-' . $_userid);
require MD_ROOT . '/news.class.php';
$do = new news();
switch ($action) {
case 'add':
if ($MG['news_limit']) {
$r = $db->get_one("SELECT COUNT(*) AS num FROM {$DT_PRE}news WHERE username='******' AND status>0");
if ($r['num'] >= $MG['news_limit']) {
dalert(lang($L['limit_add'], array($MG['news_limit'], $r['num'])), 'goback');
}
}
if ($submit) {
if ($do->pass($post)) {
$post['username'] = $_username;
$post['level'] = $post['addtime'] = 0;
$need_check = $MOD['news_check'] == 2 ? $MG['check'] : $MOD['news_check'];
$post['status'] = get_status(3, $need_check);
$do->add($post);
dmsg($L['op_add_success'], '?status=' . $post['status']);
} else {
message($do->errmsg);
}
} else {
foreach ($do->fields as $v) {
function split_sell($part)
{
global $db, $CFG, $MODULE;
$sql = file_get(DT_ROOT . '/file/setting/split_sell.sql');
$sql or dalert('请检查文件file/setting/split_sell.sql是否存在');
$sql = str_replace('destoon_sell', $db->pre . 'sell_' . $part, $sql);
if ($db->version() > '4.1' && $CFG['db_charset']) {
$sql .= " ENGINE=MyISAM DEFAULT CHARSET=" . $CFG['db_charset'];
} else {
$sql .= " TYPE=MyISAM";
}
$sql .= " COMMENT='" . $MODULE[5]['name'] . "分表_" . $part . "';";
$db->query($sql);
}