} elseif ($action == 'deleteuser') {
$_uid = param(2, 0);
$method != 'POST' and message(-1, 'Method error');
empty($group['allowdeleteuser']) and message(-1, '您无权删除用户');
$u = user_read($_uid);
empty($u) and message(-1, '用户不存在或者已经被删除。');
$u['gid'] < 6 and message(-1, '不允许删除管理组,请先调整用户用户组。');
$r = user_delete($_uid);
$r === FALSE ? message(-1, '删除失败') : message(0, '删除成功');
} elseif ($action == 'banip') {
$method != 'POST' and message(-1, 'Method error');
$_ip = xn_urldecode(param(2));
empty($_ip) and message(-1, 'IP 为空');
$_ip = long2ip(ip2long($_ip));
// 安全过滤
$day = intval(xn_urldecode(param(3)));
empty($group['allowbanuser']) and message(-1, '您无权禁止 IP');
$arr = explode('.', $_ip);
$arr[0] == '0' and message(-1, 'IP 地址不能以 0 开头。');
$banip = banip_read_by_ip($_ip);
if ($day == -1) {
$r = banip_delete($banip['banid']);
} else {
$day == 0 and $day = 3650;
$arr = array('ip0' => $arr[0], 'ip1' => $arr[1], 'ip2' => $arr[2], 'ip3' => $arr[3], 'uid' => $uid, 'create_date' => $time, 'uid' => $uid, 'expiry' => $time + 86400 * $day);
if (empty($banip)) {
$r = banip_create($arr);
} else {
$r = banip_update($banip['banid'], $arr);
}
}
<?php
!defined('DEBUG') and exit('Access Denied.');
include './xiunophp/xn_html_safe.func.php';
// 模板初始化依赖
$keyword = param('keyword');
!$keyword and $keyword = xn_urldecode(param(1));
$threadlist = thread_find_by_keyword($keyword);
// 去除无权限的主题
thread_list_access_filter($threadlist, $gid);
if (empty($threadlist) || empty($threadlist[0])) {
$fid = 0;
$tid = 0;
$thread = array();
$postlist = array();
$first = array();
} else {
$thread = $threadlist[0];
$tid = $thread['tid'];
$fid = $thread['fid'];
$postlist = post_find_by_tid($tid);
$first = $postlist[$thread['firstpid']];
unset($postlist[$thread['firstpid']]);
$allowpost = forum_access_user($fid, $gid, 'allowpost');
$allowupdate = forum_access_mod($fid, $gid, 'allowupdate');
$allowdelete = forum_access_mod($fid, $gid, 'allowdelete');
}
$header['title'] = $keyword . '-' . $conf['sitename'];
// 网站标题
$header['keywords'] = $keyword;
// 关键词
}
$_user = user_read($_uid);
if (empty($_user)) {
$err .= "{$_uid} 不存在; ";
continue;
}
if ($_user['gid'] > 4) {
$err .= "{$_uid} 不是斑竹; ";
continue;
}
$names[] = $_user['username'];
}
$s = implode(',', $names);
$err ? message(1, $err) : message(0, $s);
} elseif ($action == 'getuid') {
$names = xn_urldecode(param(2));
$arr = explode(',', $names);
$ids = array();
$err = '';
foreach ($arr as $name) {
if (empty($name)) {
continue;
}
$_user = user_read_by_username($name);
if (empty($_user)) {
$err .= "{$name} 不存在; ";
continue;
}
if ($_user['gid'] > 4) {
$err .= "{$name} 不是斑竹; ";
continue;
function decrypt($txt, $key = 'abcd9667676effff')
{
return xxtea_decrypt(base64_decode(xn_urldecode($txt)), $key);
}
