function save_profile() { need_login('ajax'); $current_id = $this->user->get_field('id'); $arr['user_nicename'] = safe_convert($this->getPost('user_nicename')); $new_pass = $this->getPost('new_pass'); $old_pass = $this->getPost('old_pass'); $new_pass_again = $this->getPost('new_pass_again'); $extra_arr = $this->getPost('extra'); if ($extra_arr['email'] && !check_email($extra_arr['email'])) { form_ajax_failed('text', lang('error_email')); } if ($new_pass) { if (!$this->user->check_pass($current_id, md5($old_pass))) { form_ajax_failed('text', lang('old_pass_error')); } if ($new_pass != $new_pass_again) { form_ajax_failed('text', lang('pass_twice_error')); } $arr['user_pass'] = md5($new_pass); } if ($this->user->update($current_id, $arr)) { $this->user->save_extra($current_id, $extra_arr); form_ajax_success('box', lang('modify_success') . ($new_pass ? lang('pass_edit_ok') : ''), null, 0.5, $_SERVER['HTTP_REFERER']); } else { form_ajax_failed('text', lang('modify_failed')); } }
function save() { need_login('ajax'); $from = $this->getPost('from'); $data['name'] = safe_convert($this->getPost('cate_name')); $data['par_id'] = $this->getPost('par_id'); $data['sort'] = intval($this->getPost('sort')); if ($data['name'] == '') { form_ajax_failed('text', lang('category_name_empty')); } if (($id = $this->mdl_cate->save($data)) == true) { if ($this->getPost('add_nav')) { $nav_data['type'] = 1; $nav_data['name'] = $data['name']; $nav_data['url'] = site_link('albums', 'index', array('cate' => $id)); $nav_data['sort'] = 100; $nav_data['enable'] = 1; $mdl_nav =& loader::model('nav'); $mdl_nav->save($nav_data); //清除菜单缓存 $mdl_nav->clear_nav_cache(); } if ($from) { form_ajax_success('box', lang('create_category_succ') . '<script>setTimeout(function(){ Mui.box.show("' . $from . '",true); },1000)</script>'); } else { form_ajax_success('box', lang('create_category_succ'), null, 0.5, $_SERVER['HTTP_REFERER']); } } else { form_ajax_failed('text', lang('create_category_fail')); } }
function save_reply() { if (!$this->setting->get_conf('system.enable_comment')) { form_ajax_failed('text', lang('album_comment_closed')); } $comment['email'] = safe_convert($this->getPost('email')); $comment['author'] = safe_convert($this->getPost('author')); $comment['content'] = safe_convert($this->getPost('content')); $comment['ref_id'] = intval($this->getPost('ref_id')); $comment['type'] = intval($this->getPost('type')); $comment['reply_author'] = safe_convert($this->getPost('reply_author')); $comment['pid'] = intval($this->getPost('pid')); $this->plugin->trigger('before_post_comment'); if ($this->setting->get_conf('system.enable_comment_captcha') && !$this->user->loggedin()) { $captcha =& loader::lib('captcha'); if (!$captcha->check($this->getPost('captcha'))) { form_ajax_failed('text', lang('invalid_captcha_code')); } } if ($comment['email'] && !check_email($comment['email'])) { form_ajax_failed('text', lang('error_email')); } if (!$comment['author']) { form_ajax_failed('text', lang('error_comment_author')); } if (!$comment['content']) { form_ajax_failed('text', lang('empty_content')); } if (!$comment['ref_id'] || !$comment['type'] || !$comment['pid'] || !$comment['reply_author']) { form_ajax_failed('text', lang('miss_argument')); } $comment['post_time'] = time(); $comment['author_ip'] = get_real_ip(); if ($this->setting->get_conf('system.comment_audit') == 1 && !$this->user->loggedin()) { $comment['status'] = 0; } else { $comment['status'] = 1; } if ($reply_id = $this->mdl_comment->save($comment)) { $comment['id'] = $reply_id; $this->output->set('info', $comment); $this->plugin->trigger('reply_comment', $reply_id); form_ajax_success('text', loader::view('comments/view', false)); } else { form_ajax_failed('text', lang('reply_failed')); } }
function save_priv() { need_login('ajax'); $album['priv_type'] = $this->getPost('priv_type', '0'); $album['priv_pass'] = $this->getPost('priv_pass'); $album['priv_question'] = safe_convert($this->getPost('priv_question')); $album['priv_answer'] = safe_convert($this->getPost('priv_answer')); $id = intval($this->getGet('id')); if ($album['priv_type'] == '1') { if ($album['priv_pass'] == '') { form_ajax_failed('text', lang('album_password_empty')); } } if ($album['priv_type'] == '2') { if ($album['priv_question'] == '') { form_ajax_failed('text', lang('album_question_empty')); } if ($album['priv_answer'] == '') { form_ajax_failed('text', lang('album_answer_empty')); } } if ($this->mdl_album->update($id, $album)) { $this->plugin->trigger('modified_album_priv', $id); form_ajax_success('box', lang('modify_album_priv_success'), null, 0.5, $_SERVER['HTTP_REFERER']); } else { form_ajax_failed('text', lang('modify_album_priv_failed')); } }
$content = safe_convert($content, 0, 1); } else { $content = preg_replace("/\\[code\\](.+?)\\[\\/code\\]/ise", "phpcode('\\1')", $content); $content = safe_convert($content, 1, 1); } if ($comefrom && $originsrc) { $comefrom = safe_convert($comefrom); $originsrc = safe_convert($originsrc); } else { $comefrom = $originsrc = ''; } if ($tags) { $tags_array = @explode(' ', mystrtolower(trim($tags))); $tags_array_all = array_unique($tags_array); $tags = @implode(' ', $tags_array_all); $tags = safe_convert($tags); $tags = str_replace(' ', '', $tags); $tags_array = @explode(' ', $tags); $tags = '>' . str_replace(' ', '>', $tags) . '>'; } else { $tags = ''; } $currentuserid = $userdetail['userid']; if ($changemytime == 1) { acceptrequest('newyear,newmonth,newday,newhour,newmin,newsec'); $finaltime = gmmktime($newhour, $newmin, $newsec, $newmonth, $newday, $newyear) - $config['timezone'] * 3600; } else { $finaltime = time(); } $records = array(); $records[0] = array('blogid' => $blogid, 'title' => $title, 'pubtime' => $finaltime, 'authorid' => $currentuserid, 'replies' => 0, 'tbs' => 0, 'views' => 0, 'property' => $property, 'category' => $category, 'tags' => $tags, 'sticky' => $sticky, 'htmlstat' => $htmlstat, 'ubbstat' => $ubbstat, 'emotstat' => $emotstat, 'content' => $content, 'editorid' => 0, 'edittime' => 0, 'weather' => $sweather, 'mobile' => 0, 'pinged' => $pinged, 'permitgp' => '', 'starred' => $starred, 'blogpsw' => $blogpsw, 'frontpage' => $frontpage, 'entrysummary' => $entrysummary, 'comefrom' => $comefrom, 'originsrc' => $originsrc, 'blogalias' => $blogalias);
} if ($job == 'ajaxverify') { acceptrequest('savecookie,securitycode'); $savecookie = floor($savecookie); if ($config['loginvalidation'] == 1) { if ($db_defaultsessdir != 1) { session_save_path("./{$db_tmpdir}"); } session_cache_limiter("private, must-revalidate"); session_start(); if ($securitycode == '' || strtolower($securitycode) != strtolower($_SESSION['code'])) { catcherror($lnc[165]); } } $password = md5($_POST['password']); $username = safe_convert(mystrtolower($_POST['username'])); $try = $blog->getbyquery("SELECT * FROM `{$db_prefix}user` WHERE LOWER(username)='{$username}' AND `userpsw`='{$password}'"); if (!is_array($try)) { catcherror($lnc[166]); } else { $userid = $try['userid']; catchsuccess("{$userid}-{$password}-{$savecookie}"); } } if ($job == 'ajaxloginsuccess') { if ($permission['CP'] == 1) { $destine = array("{$lnc[163]}|index.php", "{$lnc[107]}|admin.php"); } else { $destine = "{$lnc[163]}|index.php"; } catchsuccess("{$lnc[167]} " . $userdetail['username'], $destine);
$mtitle = $strAttachment; //保存参数 $action = $_GET['action']; $mark_id = intval($_GET['mark_id']); $seekname = encode($_REQUEST['seekname']); $seekcate = isset($_REQUEST['seekcate']) ? encode($_REQUEST['seekcate']) : ""; $seektype = isset($_REQUEST['seektype']) ? $_REQUEST['seektype'] : ""; $editorcode = isset($_GET['editorcode']) ? $_GET['editorcode'] : ""; $basedir = isset($_GET['basedir']) ? $_GET['basedir'] : "../attachments/"; if (!preg_match("/^(..\\/attachments\\/)/i", $basedir)) { $basedir = "../attachments/"; } if (strrpos($basedir, "/") != strlen($basedir) - 1) { $basedir .= "/"; } $basedir = safe_convert($basedir); //操作目录或数据库 if (empty($_GET['job'])) { $job = "folder"; } else { $job = $_GET['job']; } //保存数据 if ($action == "save") { $check_info = 1; $Error_Message = ""; $OK_Message = ""; //检测输入内容 if (empty($_FILES['myfile']) && empty($_POST['remotepath'])) { $ActionMessage = $strErrNull; $check_info = 0;
$func_code = stripslashes($func_code); $func_code = str_replace("\"", "\\\"", $func_code); $func_code = str_replace("\r", '', $func_code); $func_code = str_replace("\n", '\\n', $func_code); $value .= "'type'=>'extraheader', 'code'=>\"{$func_code}\""; break; } } $value = trim($value); if (substr($value, -1, 1) == ',') { $value = substr($value, 0, strlen($value) - 1); } //Remove last ',' $workout = "\$blogitem['" . safe_convert($newitemname) . "']=array({$value});\n"; if ($job == 'modulenew') { $newitemname = safe_convert($newitemname); $newitemname = str_replace('_', '', $newitemname); $newitemnameforcheck = urlencode($newitemname); if (strstr($newitemnameforcheck, '%')) { catcherror($lna[931]); } $maxmodid = $blog->countbyquery("SELECT MAX(`modorder`) FROM `{$db_prefix}mods`"); $maxmodid += 1; $blog->query("INSERT INTO `{$db_prefix}mods` VALUES ('{$newitemposition}', '{$newitemname}', '{$newitemdesc}', '{$newitemactive}', '{$maxmodid}', 'custom')"); if ($newitemactive == 1) { recache_mods(); } mod_append($workout); } else { $blog->query("UPDATE `{$db_prefix}mods` SET `desc`='{$newitemdesc}', `active`='{$newitemactive}' WHERE `name`='{$newitemname}'"); mod_replace($newitemname, $workout, true);
catcherror($lna[1168]); } $newurlcatename = urlencode($newcateurlname); if (strstr($newcateurlname, '%')) { catcherror($lna[1168]); } $newcateurlname = addslashes($newcateurlname); if ($job == 'save') { $queryplus = " AND `cateid`<>'{$itemid}'"; } $tmpresult = $blog->getbyquery("SELECT * FROM `{$db_prefix}categories` WHERE `cateurlname`='{$newcateurlname}' {$queryplus} LIMIT 1"); if ($tmpresult['catename']) { catcherror($lna[1169]); } } $newcatedesc = addslashes(safe_convert(stripslashes($newcatedesc), 1)); $newcatedesc = str_replace('<|>', '<|>', $newcatedesc); if ($job == 'new' || $job == 'newinedit') { $new_cate_id = $maxrecord['maxcateid'] + 1; $targetcate = floor($targetcate); if ($targetcate != -2) { if ($targetcate == -1) { $tmpresult = $blog->getbyquery("SELECT * FROM `{$db_prefix}categories` ORDER BY `cateorder` ASC LIMIT 1"); } else { $tmpresult = $blog->getbyquery("SELECT * FROM `{$db_prefix}categories` WHERE `cateid`='{$targetcate}' LIMIT 1"); $insertcateorder = $tmpresult['cateorder']; $tmpresult = $blog->getbyquery("SELECT * FROM `{$db_prefix}categories` WHERE `cateorder`>'{$insertcateorder}' ORDER BY `cateorder` ASC LIMIT 1"); } if (trim($tmpresult['cateorder']) != '') { $insertcateorder = $tmpresult['cateorder']; $result = $blog->query("UPDATE `{$db_prefix}categories` SET `cateorder`=`cateorder`+1 WHERE `cateorder`>={$insertcateorder}");
function save_display() { $site = $this->getPost('site'); $display = $this->getPost('display'); $this->setting->set_conf('site.footer', safe_convert($site['footer'], true, true)); $this->setting->set_conf('site.logo', $site['logo']); $this->setting->set_conf('display.album_pageset', $display['album_pageset']); $this->setting->set_conf('display.photo_pageset', $display['photo_pageset']); $this->setting->set_conf('display.album_sort_default', $display['album_sort_default']); $this->setting->set_conf('display.photo_sort_default', $display['photo_sort_default']); if ($this->getPost('show_process_info')) { $this->setting->set_conf('system.show_process_info', true); } else { $this->setting->set_conf('system.show_process_info', false); } form_ajax_success('box', lang('save_setting_success'), null, 0.5, $_SERVER['HTTP_REFERER']); }
禁止使用Windows记事本修改文件,由此造成的一切使用不正常恕不解答! PHP+MySQL blog system. Code: Bob Shen Offical site: http://www.bo-blog.com Copyright (c) Bob Shen 中国-上海 In memory of my university life ------------------------------------------------------- */ if (!defined('VALIDREQUEST')) { die('Access Denied.'); } if (!$job) { $job = 'default'; } else { $job = basename($job); } $itemid = safe_convert($itemid); acceptrequest('tag'); if ($tag !== '') { $job = 'show'; } $tag = addslashes(urldecode($tag)); if ($job == 'default') { $sequence = $mbcon['tagorder'] == '1' ? 'tagcounter' : 'tagid'; $tagperpage = floor($mbcon['tagperpage']); $start_id = ($page - 1) * $tagperpage; $alltags = $blog->getarraybyquery("SELECT tagid,tagname,tagcounter FROM `{$db_prefix}tags` ORDER BY {$sequence} DESC LIMIT {$start_id}, {$tagperpage}"); $maxtagcounter = $blog->countbyquery("SELECT MAX(tagcounter) FROM `{$db_prefix}tags`"); $alltagcounter = $blog->countbyquery("SELECT COUNT(tagcounter) FROM `{$db_prefix}tags`"); for ($i = 0; $i < count($alltags['tagid']); $i++) { $bit_tag_size = get_tag_size($alltags['tagcounter'][$i], $maxtagcounter); if ($mbcon['tagunderlinetospace'] == 1) {
function changesingleconfig($configname, $value, $configtype = 'mbcon', $configfile = 'data/mod_config.php') { // Change a single value for config global ${$configtype}, $lnc; $rar = ${$configtype}; $rar[$configname] = $value; $savetext = "<?PHP\n"; while (@(list($key, $val) = @each($rar))) { $savetext .= "\${$configtype}['{$key}']='" . safe_convert(stripslashes($val)) . "';\n"; } if (writetofile($configfile, $savetext)) { return true; } else { catcherror($lnc[7] . $configfile); } }
} --> </script> <?php if (!empty($_GET['action']) && $_GET['action'] == "save") { $check_info = 1; if (empty($_POST['subject']) || empty($_POST['fromaddress']) || empty($_POST['toaddress'])) { $ActionMessage = $strGuestBookBlankError; $check_info = 0; } else { $_POST['validate'] = safe_convert($_POST['validate']); $_POST['subject'] = safe_convert($_POST['subject']); $_POST['fromaddress'] = safe_convert($_POST['fromaddress']); $_POST['toaddress'] = safe_convert($_POST['toaddress']); $_POST['body'] = safe_convert($_POST['body']); } if ($check_info == 1) { $toemail = explode(";", $_POST['toaddress']); foreach ($toemail as $value) { if (check_email($value) == 0) { $ActionMessage = $strErrEmail; $check_info = 0; break; } } } if ($check_info == 1 && check_email($_POST['fromaddress']) == 0) { $ActionMessage = $strErrEmail; $check_info = 0; }
if ($p['newpsw'] != $p['confirmpsw']) { catcherror($lna[496]); } $password = "******" . md5($p['newpsw']) . "', "; } else { $password = ""; } } $email = strtolower(trimplus(safe_convert($p['email']))); $homepage = trimplus(safe_convert($p['homepage'])); $gender = floor($p['gender']); $qq = floor($p['qq']); $msn = trimplus(safe_convert($p['msn'])); $skype = trimplus(safe_convert($p['skype'])); $from = trimplus(safe_convert($p['from'])); $intro = trimplus(safe_convert($p['intro'])); $musergroup = floor($p['usergroup']); if ($job == 'savenewuser') { $currentuserid = $maxrecord['maxuserid'] + 1; $imajikan = time(); $blog->query("INSERT INTO `{$db_prefix}user` VALUES ('{$currentuserid}', '{$username}', '{$password}', '{$imajikan}', '{$musergroup}', '{$email}', '{$homepage}', '{$qq}', '{$msn}', '{$intro}', '{$gender}', '{$skype}', '{$from}', '0', '{$userdetail['ip']}', '')"); $blog->query("UPDATE `{$db_prefix}maxrec` SET `maxuserid`=`maxuserid`+1"); $blog->query("UPDATE `{$db_prefix}counter` SET `users`=`users`+1"); } else { $blog->query("UPDATE `{$db_prefix}user` SET {$password} `usergroup`='{$musergroup}', `email`='{$email}', homepage='{$homepage}', qq='{$qq}', msn='{$msn}', intro='{$intro}', gender='{$gender}', skype='{$skype}', `fromplace`='{$from}' WHERE `userid`='{$p['userid']}'"); recache_adminlist(); } catchsuccess($finishok2, array($backtouseradmin, $backtoaddnew)); } if ($job == 'deluser') { if ($itemid === '') {
function checkuser($username, $password) { global $defualtcategoryid, $DMC, $DBPrefix; $username = safe_convert(trim($username)); $password = md5(safe_convert($password)); $sql = "SELECT * FROM " . $DBPrefix . "members WHERE username='******' and password='******' and role='admin'"; $userInfo = $DMC->fetchArray($DMC->query($sql)); if (count($userInfo) > 0) { return $userInfo; } else { return false; } }
?> " border="0"> </a> </td> <td nowrap class="subcontent-td" style="padding-top:3px;padding-bottom:3px"><?php echo $blogLogo; ?> </td> <td nowrap class="subcontent-td"><?php echo safe_convert($fa['name']); ?> </td> <td nowrap class="subcontent-td"><a href="<?php echo $fa['blogUrl']; ?> " target="_blank"><?php echo safe_convert($fa['blogUrl']); ?> </a></td> </tr> <?php } //end while ?> </table> </div> <br> <div class="bottombar-onebtn"></div> <div class="searchtool"> <input type="radio" name="operation" value="delete" onclick="Javascript:this.form.opmethod.value=1"> <?php echo $strRefuse;
/* ----------------------------------------------------- Bo-Blog 2 : The Blog Reloaded. <<A Bluview Technology Product>> 禁止使用Windows记事本修改文件,由此造成的一切使用不正常恕不解答! PHP+MySQL blog system. Code: Bob Shen Offical site: http://www.bo-blog.com Copyright (c) Bob Shen 中国-上海 In memory of my university life ------------------------------------------------------- */ if (!defined('VALIDREQUEST')) { die('Access Denied.'); } acceptrequest('pageid,pagealias'); $itemid = $pagealias ? safe_convert($pagealias) : floor($pageid); $m_b = new getblogs(); $records = $pagealias ? $m_b->getgroupbyquery("SELECT * FROM `{$db_prefix}pages` WHERE `pagealias`='{$itemid}'") : $m_b->getgroupbyquery("SELECT * FROM `{$db_prefix}pages` WHERE `pageid`='{$itemid}'"); if (is_array($records)) { $section_body_main = $m_b->output_page($records[0]); } else { catcherror($lnc[186]); } //Load plugins $section_body_main[0] = plugin_get('custompagebegin') . $section_body_main[0]; $section_body_main[] = plugin_get('custompageend'); $plugin_closesidebar = $records[0]['closesidebar'] == 1 ? 0 : 1; if ($plugin_closesidebar == 1) { $elements['mainpage'] = str_replace("class=\"content\"", "class=\"content-wide\"", $elements['mainpage']); } $ifannouncement = "none";
$repid = $itemid; } if (empty($job)) { $job = 'default'; } if ($job == 'addadminreply' || $job == 'editadminreply') { if ($permission['ReplyReply'] != 1) { $cancel = $lna[345]; } catcherror($cancel); acceptrequest('adminreplycontent'); $adminreplycontent = trimplus($adminreplycontent); if ($adminreplycontent == '') { catcherror($lna[346]); } $adminreplycontent = safe_convert($adminreplycontent); $currenttime = time(); if ($logstat == 0) { $userdetail['username'] = $lna[901]; } if ($job == 'editadminreply') { $queryplus = "`adminrepeditorid`='{$userdetail['userid']}', `adminrepeditor`='{$userdetail['username']}', `adminrepedittime`='{$currenttime}'"; } else { $queryplus = "`adminreplier`='{$userdetail['username']}', `adminrepid`='{$userdetail['userid']}',`adminreptime`='{$currenttime}'"; } $blog->query("UPDATE `{$db_prefix}replies` SET `adminrepcontent`='{$adminreplycontent}' , {$queryplus} WHERE `repid`='{$repid}'"); if ($ajax != 'on') { catchsuccess($finishok2, array($backtoprevious, $backtoindex, $backtodefault)); } else { // For ajax if ($mbcon['avatar'] == 1 || $mbcon['usergravatar'] == 1 || $mbcon['visitorgravatar'] == 1) {
$deletealias = false; } if ($tags) { $tags_array = @explode(' ', mystrtolower(trim($tags))); $tags_array_all = array_unique($tags_array); $tags = @implode(' ', $tags_array_all); $tags = safe_convert($tags); $tags = str_replace(' ', '', $tags); $tags_array = @explode(' ', $tags); $tags = '>' . str_replace(' ', '>', $tags) . '>'; } else { $tags = ''; } } if ($pinged) { $pinged = safe_convert($pinged); } if (is_array($permitgp)) { $permitgp = array_diff(array_keys($usergp), $permitgp); $permitgp = array_values($permitgp); $permitgp = @implode('|', $permitgp); } $currenttime = time(); $currentuserid = $userdetail['userid']; if ($changemytime == 1) { acceptrequest('newyear,newmonth,newday,newhour,newmin,newsec'); $finaltime = gmmktime($newhour, $newmin, $newsec, $newmonth, $newday, $newyear) - $config['timezone'] * 3600; } elseif ($job == 'store') { $finaltime = $currenttime; } elseif ($ajax != 'on') { $finaltime = $records['pubtime'];
$_POST['addpassword'] = safe_convert($_POST['addpassword']); } if (!empty($_POST['password_con'])) { $_POST['password_con'] = safe_convert($_POST['password_con']); } if (!empty($_POST['email'])) { $_POST['email'] = safe_convert(strip_tags($_POST['email'])); } if (!empty($_POST['nickname'])) { $_POST['nickname'] = safe_convert(strip_tags($_POST['nickname'])); } if (!empty($_POST['oldpassword'])) { $_POST['oldpassword'] = safe_convert($_POST['oldpassword']); } if (!empty($_POST['homePage'])) { $_POST['homePage'] = safe_convert(strip_tags($_POST['homePage'])); } if (!empty($_SESSION['username'])) { //编辑 $rsexits = getFieldValue($DBPrefix . "members", "username='******'username']}' and password=md5('" . $_POST['oldpassword'] . "')", "id"); if ($rsexits == "") { $ActionMessage = "{$strOldPasswordDesc1}"; } else { //检测昵称 if ($_POST['nickname'] != "") { $nickrsexits = getFieldValue($DBPrefix . "members", "username='******'nickname']}' or nickname='{$_POST['nickname']}'", "username"); $check_info = $nickrsexits != "" && $nickrsexits != $_SESSION['username'] ? 0 : 1; } if ($check_info == 0) { $ActionMessage = "{$strCurUserExists}"; } else {
} //检测验证码 if (!empty($_POST['validate'])) { $_POST['validate'] = safe_convert($_POST['validate']); } if ($check_info == 1 && (empty($_POST['validate']) || $_POST['validate'] != $_SESSION['backValidate']) && $settingInfo['isValidateCode'] == 1) { $ActionMessage = $strGuestBookValidError; $check_info = 0; } else { $_SESSION['backValidate'] = ""; //把验证码清除 } if ($check_info == 1) { $blogName = safe_convert(strip_tags($_POST['blogName'])); $blogUrl = safe_convert(strip_tags($_POST['blogUrl'])); $blogLogo = safe_convert(strip_tags($_POST['blogLogo'])); $rsexits = getFieldValue($DBPrefix . "links", "name='{$blogName}' or blogUrl='{$blogUrl}'", "id"); if ($rsexits != "") { $ActionMessage = $strDataExists; } else { $sql = "INSERT INTO " . $DBPrefix . "links(name,blogUrl,blogLogo) VALUES ('{$blogName}','{$blogUrl}','{$blogLogo}')"; $DMC->query($sql); $ActionMessage = "{$strApplyWaitApprove}"; $blogName = $blogUrl = $blogLogo = ""; } } } if (preg_match("/http:\\/\\//is", $settingInfo['linklogo'])) { $logopath = $settingInfo['linklogo']; } else { $logopath = $settingInfo['blogUrl'] . $settingInfo['linklogo'];
function save_desc() { need_login('ajax'); $id = intval($this->getGet('id')); $desc = safe_convert($this->getPost('desc')); if ($desc == '') { form_ajax_failed('text', lang('empty_photo_desc')); } if ($this->mdl_photo->update($id, array('desc' => $desc))) { $this->plugin->trigger('modified_photo_desc', $id); form_ajax_success('text', $desc); } else { form_ajax_failed('text', lang('modify_photo_desc_failed')); } return; }
if (!empty($_SESSION['replytime']) && $_SESSION['replytime'] > time() - $settingInfo['commTimerout']) { $ActionMessage = $strUserCommentTime; $check_info = false; } } if ($check_info && $_POST['message'] == "") { $ActionMessage = "{$strGuestBookBlankError}"; $check_info = false; } //檢查用戶在此處登錄 if ($check_info && $_POST['username'] != "") { if (!empty($_POST['username'])) { $_POST['username'] = safe_convert($_POST['username']); } if (!empty($_POST['replypassword'])) { $_POST['replypassword'] = safe_convert($_POST['replypassword']); } $sql = "SELECT username,role,password FROM {$DBPrefix}members WHERE username='******'username']}' or nickname='{$_POST['username']}'"; $userInfo = $DMC->fetchArray($DMC->query($sql)); if ($userInfo || $settingInfo['master'] == $_POST['username']) { if (md5($_POST['replypassword']) != $userInfo['password']) { $ActionMessage = $strLoginErrUserPWD; $check_info = false; } else { if ($settingInfo['loginStatus'] == 0) { $_SESSION['username'] = $userInfo['username']; $_SESSION['password'] = md5($_POST['replypassword']); $_SESSION['rights'] = $userInfo['role']; } $_POST['username'] = $userInfo['username']; }
function metaWeblog_editPost($values) { global $config, $defualtcategoryid, $db_prefix, $mbconfig; $struct = $values['struct']; $userdetail = check_user($values['username'], $values['password']); $blog = new boblog(); $values['postid'] = floor($values['postid']); $records = $blog->getgroupbyquery("SELECT * FROM `{$db_prefix}blogs` WHERE `blogid`='{$values['postid']}'"); if ($records[0]['blogid'] == '') { xml_error("Entry does not exist."); } if (!$struct['title']) { $title = "Untitled MetaWeblogAPI Entry"; } else { $title = safe_convert($struct['title']); } if (!$struct['description']) { xml_error("You MUST provide a decription element in your post."); } else { $content = reduce_entities($struct['description']); } $nowtime = time(); if ($struct['pubDate']) { $struct['dateCreated'] = $struct['pubDate']; } if ($struct['dateCreated']) { $time = get_time_unix($struct['dateCreated']) + 3600 * $config['timezone']; } else { $time = $records[0]['pubtime']; } $newcym = date("Ym", $time); $newcd = date("d", $time); $blog->query("UPDATE `{$db_prefix}calendar` SET cyearmonth='{$newcym}', cday='{$newcd}' WHERE `cid`='{$values['postid']}'"); //writetofile ('text5.php', $struct['categories']); //For debug only if ($struct['categories'] != '') { $c_tmp = $blog->getgroupbyquery("SELECT cateid FROM `{$db_prefix}categories` WHERE `catename`='{$struct['categories']}'"); $category = $c_tmp[0]['cateid']; if ($category == '') { $category = $defualtcategoryid; } } else { $category = $records[0]['category']; } if ($values['publish'] == 1 && $struct['flNotOnHomePage'] != 1) { $property = 0; } else { $property = 3; } $query = "UPDATE `{$db_prefix}blogs` SET `title`='{$title}', `pubtime`='{$time}', `property`='{$property}', `category`='{$category}', `content`='{$content}', `editorid`='{$userdetail['userid']}', `edittime`='{$nowtime}' WHERE `blogid`='{$values['postid']}'"; recache_latestentries(); recache_currentmonthentries(); recache_categories(); //Update Category counter $blog->query($query); $xml_content = make_xml_piece("boolean", '1'); $body_xml = xml_generate($xml_content); send_response($body_xml); }
$_SESSION['rights'] = ""; unset($_SESSION); session_destroy(); header("Location: index.php"); exit; } if ($_GET['action'] == "login") { $check_info = 1; if (!empty($_POST['username'])) { $_POST['username'] = safe_convert(strip_tags($_POST['username'])); } if (!empty($_POST['password'])) { $_POST['password'] = safe_convert($_POST['password']); } if (!empty($_POST['validate'])) { $_POST['validate'] = safe_convert($_POST['validate']); } if (check_user($_POST['username']) == 0) { $ActionMessage = $strUserLengMax; $check_info = 0; } if ($check_info == 1 && check_password($_POST['password']) == 0) { $ActionMessage = $strPasswordAlert; $check_info = 0; } if ($check_info == 1 && (empty($_POST['validate']) || $_POST['validate'] != $_SESSION['backValidate']) && $settingInfo['uservalid'] == 1) { $ActionMessage = $strLoginValidateError; $check_info = 0; } else { $_SESSION['backValidate'] = ""; //把验证码清除
if (!in_array($destination, $items)) { catcherror($lna[411]); } $importfile = $_FILES['importfile']; $upload_file = $importfile['tmp_name']; $upload_filename = urlencode($importfile['name']); $ext = strtolower(strrchr($upload_filename, '.')); if ($ext != '.txt') { catcherror($lna[412]); } if (!move_uploaded_file($upload_file, "{$db_tmpdir}/{$upload_filename}")) { catcherror($lna[130] . 'temp/'); } $filecontent = @file("{$db_tmpdir}/{$upload_filename}"); $item = trim(@implode(",", $filecontent)); $item = safe_convert($item); $item = str_replace("<br/>", '', $item); extract_forbidden(); $old = @implode(",", $forbidden[$destination]); $item .= ',' . $old; $item = str_replace(",,", ',', $item); $blog->query("UPDATE `{$db_prefix}forbidden` SET `{$destination}`='{$item}'"); @unlink("{$db_tmpdir}/{$upload_filename}"); catchsuccess($finishok, array($backtoforbidden, $backtoemot, $backtoweather, $backtoava)); } if ($job == 'sessiondir') { $checked = $db_defaultsessdir == '1' ? 'checked' : ''; $display_overall .= highlightadminitems('sessiondir', 'misc'); $display_overall_plus = <<<eot <form action="admin.php?go=misc_changesessiondir" method="post" id="ajaxForm1"> <table class='tablewidth' align=center cellpadding=4 cellspacing=0>
$content = str_replace("\r", '', $content); //Disable auto linebreak in WYSIWYG editors } if ($callaftersubmit) { $content = call_user_func($callaftersubmit, $content); } $content = preg_replace("/\\[php\\](.+?)\\[\\/php\\]/ise", "phpcode3('\\1')", $content); if ($htmlstat != 1 || $permission['Html'] != 1) { $content = preg_replace("/\\[code\\](.+?)\\[\\/code\\]/ise", "phpcode2('\\1')", $content); $content = safe_convert($content, 0, 1); } else { $content = preg_replace("/\\[code\\](.+?)\\[\\/code\\]/ise", "phpcode('\\1')", $content); $content = safe_convert($content, 1, 1); } $pagetitle = safe_convert(stripslashes($pagetitle)); $shortcutname = !$shortcutname ? $pagetitle : safe_convert(stripslashes($shortcutname)); $pagealias = blogalias_convert($pagealias); if ($pagealias == '') { $deletealias = true; } else { if ($job == 'restore') { $findalias_plus = "AND `pageid`<>'{$records['pageid']}'"; } $findalias = $blog->getgroupbyquery("SELECT * FROM `{$db_prefix}pages` WHERE `pagealias`='{$pagealias}' {$findalias_plus} LIMIT 1"); if ($findalias[0]['pagealias'] == $pagealias) { $pagealias .= '_' . rand(1000, 9999); } $deletealias = false; } $currentuserid = $userdetail['userid']; $finaltime = time();
</form> eot; } if ($job == 'save') { acceptrequest('newlinkname,newlinkurl,newlinklogo,newlinkdesc,newlinkgptoid,newisdisplay,linkid,tomodify,alsodel'); if ($newlinkname == '' || $newlinkurl == '' || $newlinkgptoid == '') { $cancel = $lna[241]; } if ($tomodify == '1' && $linkid == '') { $cancel = $lna[241]; } catcherror($cancel); $newlinkname = safe_convert(stripslashes($newlinkname)); $newlinkurl = safe_convert(stripslashes($newlinkurl)); $newlinklogo = safe_convert(stripslashes($newlinklogo)); $newlinkdesc = safe_convert(stripslashes($newlinkdesc)); if ($mbcon['anticorrupturl'] == 1) { $newlinkurl = urlconvert($newlinkurl); $newlinklogo = urlconvert($newlinklogo); } if ($tomodify) { $blog->query("UPDATE `{$db_prefix}links` SET `linkname`='{$newlinkname}', `linkurl`='{$newlinkurl}', `linklogo`='{$newlinklogo}', `linkdesc`='{$newlinkdesc}', `linkgptoid`='{$newlinkgptoid}', `isdisplay`='{$newisdisplay}' WHERE `linkid`='{$linkid}'"); $return_display = 'detail'; } else { $new_link_id = $maxrecord['maxlinkid'] + 1; $blog->query("INSERT INTO `{$db_prefix}links` VALUES ({$new_link_id}, '{$newlinkname}', '{$newlinkurl}', '{$newlinklogo}', '{$newlinkdesc}', '{$newlinkgptoid}', {$new_link_id}, '{$newisdisplay}', '', '')"); $blog->query("UPDATE `{$db_prefix}maxrec` SET `maxlinkid`='{$new_link_id}'"); $return_display = 'add'; } if (!empty($alsodel)) { $filename = "data/cache_applylinks.php";
header("Location: admin.php?go=edit"); exit; } checkpermission('CP'); confirmpsw(); //Re-check password //Define some senteces $finishok = $lna[323]; $backtodefault = "{$lna[324]}|admin.php?go=entry_default"; $backtodraft = "{$lna[325]}|admin.php?go=entry_draft"; $backtoaddnew = "{$lna[326]}|admin.php?go=entry_write"; include_once "data/cache_adminlist.php"; if ($job == '' || $job == "default") { acceptrequest('category,property,frontpage,keyword,timeperiod'); $timeperiod = floor($timeperiod); $keyword = safe_convert($keyword); if ($keyword == $lna[1129]) { $keyword = ''; } $adminselection = "<select name='chnadm'>"; foreach ($adminlist as $adk => $adn) { $adminselection .= "<option value='{$adk}'>{$adn}</option>"; } $adminselection .= "</select>"; $propertysel = $timeperiodsel = $frontpagesel = array(); $propertysel[$property] = "selected"; $adminselection2 = "<select name=\"property\"><option value='10' {$propertysel[10]}>{$lna[1130]}</option><option value=0 {$propertysel[0]}>{$lna[269]}</option><option value=1 {$propertysel[1]}>{$lna[270]}</option><option value=2 {$propertysel[2]}>{$lna[271]}</option></select>"; $frontpagesel[$frontpage] = "selected"; $adminselection5 = "<select name=\"frontpage\"><option value='10' {$frontpagesel[10]}>所有日志</option><option value='0' {$frontpagesel[0]}> </option><option value=1 {$frontpagesel[1]}>不显示在首页</option><option value=2 {$frontpagesel[2]}> </option></select>"; $timeperiodsel[$timeperiod] = "selected"; $adminselection4 = "<select name=\"timeperiod\"><option value='0' {$timeperiodsel[0]}>{$lna[1131]}</option><option value=7 {$timeperiodsel[7]}>{$lna[1132]}</option><option value=30 {$timeperiodsel[30]}>{$lna[1133]}</option><option value=90 {$timeperiodsel[90]}>{$lna[1134]}</option><option value=180 {$timeperiodsel[180]}>{$lna[1135]}</option><option value=365 {$timeperiodsel[365]}>{$lna[1136]}</option></select>";
if ($_REQUEST['tem']) { $customtemplate = basename($_REQUEST['tem']); setcookie('blogtemplate', $customtemplate); } else { $customtemplate = basename($_COOKIE['blogtemplate']); } if (!empty($customtemplate) && file_exists("template/{$customtemplate}/info.php")) { require "template/{$customtemplate}/info.php"; } else { require "data/mod_template.php"; } define('elementfile', $template['structure']); //2006-7-2 Seurity Fix, 2006-7-5 modified acceptcookie("userid,userpsw"); $userid = safe_convert($userid); $userpsw = safe_convert($userpsw); $blog = new boblog(); //Initialize Time Info $nowtime['timestamp'] = time(); $nowtime += array('year' => gmdate('Y', $nowtime['timestamp'] + 3600 * $config['timezone']), 'month' => gmdate('n', $nowtime['timestamp'] + 3600 * $config['timezone']), 'day' => gmdate('j', $nowtime['timestamp'] + 3600 * $config['timezone']), 'Ymd' => gmdate('Ymd', $nowtime['timestamp'] + 3600 * $config['timezone']), 'Ym' => gmdate('Ym', $nowtime['timestamp'] + 3600 * $config['timezone'])); //Sessions and Cookies $userdetail = array(); if (empty($userid) || empty($userpsw)) { $userdetail['usergroup'] = 0; $userdetail['userid'] = -1; $logstat = 0; } else { $userdetail = $blog->getbyquery("SELECT * FROM `{$db_prefix}user` WHERE `userid`='{$userid}' AND `userpsw`='{$userpsw}'"); if (!$userdetail) { $userdetail['usergroup'] = 0; $userdetail['userid'] = -1;