/** * Check an entire string * * @param string $words The string of words to check * @return int 2 if blank, 1 if spelt incorrectly, 0 if correct */ function check_words($words) { if (empty($words) || $words == " ") { return 2; } $result = 0; $wordlist = explode(" ", remove_nonalpha($words)); foreach ($wordlist as $word) { if (check_word($word) == 1) { return 1; } } return 0; }
$_CFG['teacher_photo_dir'] = $_CFG['site_dir'] . "data/train_teachers/"; $_CFG['teacher_photo_dir_thumb'] = $_CFG['site_dir'] . "data/train_teachers/thumb/"; $_CFG['train_logo_dir'] = $_CFG['site_dir'] . "data/train_logo/"; $_CFG['train_logo_dir_thumb'] = $_CFG['site_dir'] . "data/train_logo/thumb/"; $_CFG['hunter_photo_dir'] = $_CFG['site_dir'] . "data/hunter/"; $_CFG['hunter_photo_dir_thumb'] = $_CFG['site_dir'] . "data/hunter/thumb/"; $_CFG['site_template'] = $_CFG['site_dir'] . 'templates/' . $_CFG['template_dir']; $_CFG['site_shop_template'] = $_CFG['site_dir'] . 'templates/tpl_shop/default/'; $_CFG['site_campus_template'] = $_CFG['site_dir'] . 'templates/tpl_campus/default/'; $_CFG['site_evaluation_template'] = $_CFG['site_dir'] . 'templates/tpl_evaluation/default/'; $_CFG['site_hunter_template'] = $_CFG['site_dir'] . 'templates/tpl_hunter/default/'; $_CFG['subsite_id'] = 0; subsiteinfo($_CFG); if (defined('REQUEST_MOBILE')) { mobile_subsiteinfo($_CFG); } // $_CFG['m_dir'] = strstr($_CFG['wap_domain'],'/m')===false?$_CFG['site_dir'].'/m'; $_CFG['site_template'] = $_CFG['site_dir'] . 'templates/' . $_CFG['template_dir']; $mypage = $_PAGE[$alias]; $mypage['tag'] ? $page_select = $mypage['tag'] : ''; require_once QISHI_ROOT_PATH . 'include/tpl.inc.php'; if ($_CFG['isclose']) { $smarty->assign('info', $_CFG['close_reason'] = $_CFG['close_reason'] ? $_CFG['close_reason'] : '站点暂时关闭...'); $smarty->display('warning.htm'); exit; } if ($_CFG['filter_ip'] && check_word($_CFG['filter_ip'], $online_ip)) { $smarty->assign('info', $_CFG['filter_ip_tips']); $smarty->display('warning.htm'); exit; }
} if ($hunter_profile['audit'] == "1") { $_CFG['audit_verifyhunter_editjob'] != "-1" ? $setsqlarr['audit'] = intval($_CFG['audit_verifyhunter_editjob']) : ''; } else { $_CFG['audit_unexaminedhunter_editjob'] != "-1" ? $setsqlarr['audit'] = intval($_CFG['audit_unexaminedhunter_editjob']) : ''; } $setsqlarr['contact'] = !empty($_POST['contact']) ? trim($_POST['contact']) : showmsg('您没有填写联系人!', 1); check_word($_CFG['filter'], $_POST['contact']) ? showmsg($_CFG['filter_tips'], 0) : ''; $setsqlarr['qq'] = trim($_POST['qq']); check_word($_CFG['filter'], $_POST['qq']) ? showmsg($_CFG['filter_tips'], 0) : ''; $setsqlarr['telephone'] = !empty($_POST['telephone']) ? trim($_POST['telephone']) : showmsg('您没有填写联系电话!', 1); check_word($_CFG['filter'], $_POST['telephone']) ? showmsg($_CFG['filter_tips'], 0) : ''; $setsqlarr['address'] = !empty($_POST['address']) ? trim($_POST['address']) : showmsg('您没有填写联系地址!', 1); check_word($_CFG['filter'], $_POST['address']) ? showmsg($_CFG['filter_tips'], 0) : ''; $setsqlarr['email'] = !empty($_POST['email']) ? trim($_POST['email']) : showmsg('您没有填写联系邮箱!', 1); check_word($_CFG['filter'], $_POST['email']) ? showmsg($_CFG['filter_tips'], 0) : ''; $setsqlarr['notify'] = intval($_POST['notify']); $setsqlarr['contact_show'] = intval($_POST['contact_show']); $setsqlarr['email_show'] = intval($_POST['email_show']); $setsqlarr['telephone_show'] = intval($_POST['telephone_show']); $setsqlarr['address_show'] = intval($_POST['address_show']); $setsqlarr['qq_show'] = intval($_POST['qq_show']); if (!$db->updatetable(table('hunter_jobs'), $setsqlarr, " id='{$id}' AND uid='{$_SESSION['uid']}' ")) { showmsg("保存失败!", 0); } if ($_CFG['operation_hunter_mode'] == '1') { if ($points_rule['hunter_hunterjobs_edit']['value'] > 0) { report_deal($_SESSION['uid'], $points_rule['hunter_hunterjobs_edit']['type'], $points_rule['hunter_hunterjobs_edit']['value']); $user_points = get_user_points($_SESSION['uid']); $operator = $points_rule['hunter_hunterjobs_edit']['type'] == "1" ? "+" : "-"; write_memberslog($_SESSION['uid'], 3, 9201, $_SESSION['username'], "修改职位:<strong>{$setsqlarr['jobs_name']}</strong>,({$operator}{$points_rule['hunter_hunterjobs_edit']['value']}),(剩余:{$user_points})");
} if ($days > 0) { if (intval($_POST['olddeadline']) >= time()) { $setsqlarr['deadline'] = intval($_POST['olddeadline']) + $days * (60 * 60 * 24); } else { $setsqlarr['deadline'] = strtotime("{$days} day"); } } else { $setsqlarr['deadline'] = intval($_POST['olddeadline']); } $setsqlarr['audit'] = intval($_POST['audit']); $setsqlarr['display'] = intval($_POST['display']); $setsqlarr['contact'] = !empty($_POST['contact']) ? trim($_POST['contact']) : adminmsg('您没有填写联系人!', 1); $setsqlarr['qq'] = trim($_POST['qq']); $setsqlarr['telephone'] = !empty($_POST['telephone']) ? trim($_POST['telephone']) : adminmsg('您没有填写联系电话!', 1); check_word($_CFG['filter'], $_POST['telephone']) ? adminmsg($_CFG['filter_tips'], 0) : ''; $setsqlarr['address'] = !empty($_POST['address']) ? trim($_POST['address']) : adminmsg('您没有填写联系地址!', 1); $setsqlarr['email'] = !empty($_POST['email']) ? trim($_POST['email']) : adminmsg('您没有填写联系邮箱!', 1); $setsqlarr['notify'] = intval($_POST['notify']); $setsqlarr['contact_show'] = intval($_POST['contact_show']); $setsqlarr['email_show'] = intval($_POST['email_show']); $setsqlarr['telephone_show'] = intval($_POST['telephone_show']); $setsqlarr['address_show'] = intval($_POST['address_show']); $setsqlarr['qq_show'] = intval($_POST['qq_show']); $wheresql = " id='" . $id . "' "; if (!$db->updatetable(table('hunter_jobs'), $setsqlarr, $wheresql)) { adminmsg("保存失败!", 0); } write_log("修改猎头职位id为" . $id . "的职位", $_SESSION['admin_name'], 3); $link[0]['text'] = "返回职位列表"; $link[0]['href'] = $_POST['url'];
//保存外发记录 $captcha = get_cache('captcha'); $postcaptcha = trim($_POST['postcaptcha']); if ($captcha['verify_resume_outward'] == '1' && empty($postcaptcha)) { showmsg("请填写验证码", 1); } if ($captcha['verify_resume_outward'] == '1' && strcasecmp($_SESSION['imageCaptcha_content'], $postcaptcha) != 0) { showmsg("验证码错误", 1); } $setsqlarr['resume_id'] = intval($_POST['resume_id']) ? intval($_POST['resume_id']) : showmsg('请选择发送简历!', 1); $setsqlarr['resume_title'] = trim($_POST['resume_title']) ? trim($_POST['resume_title']) : showmsg('请选择发送简历!', 1); $setsqlarr['email'] = trim($_POST['email']) ? trim($_POST['email']) : showmsg('请填写邮箱地址!', 1); $setsqlarr['companyname'] = trim($_POST['companyname']) ? trim($_POST['companyname']) : showmsg('请填写企业名称!', 1); check_word($_CFG['filter'], $_POST['companyname']) ? showmsg($_CFG['filter_tips'], 0) : ''; $setsqlarr['jobs_name'] = trim($_POST['jobs_name']) ? trim($_POST['jobs_name']) : showmsg('请填写职位名称!', 1); check_word($_CFG['filter'], $_POST['jobs_name']) ? showmsg($_CFG['filter_tips'], 0) : ''; //验证邮箱是否正确 $resume_tpl = get_outward_resumes_tpl($_SESSION['uid'], $setsqlarr['resume_id']); $email = explode(';', $setsqlarr['email']); foreach ($email as $key => $value) { if (!preg_match("/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*\$/", $value)) { showmsg('请正确填写邮箱地址!', 1); } $rst = smtp_mail($value, $setsqlarr['resume_title'], $resume_tpl); if ($rst != '1') { showmsg('此邮箱:{$value}发送失败!', 0); } } $setsqlarr['uid'] = intval($_SESSION['uid']); $setsqlarr['addtime'] = time(); //添加简历外发记录
$uid = intval($_SESSION['uid']); $id = intval($_GET['id']); $smarty->assign('news', $db->getone("select * from " . table('company_news') . " where uid='{$uid}' AND id ='{$id}' LIMIT 1")); $smarty->assign('title', '修改公司新闻 - 会员中心 - ' . $_CFG['site_name']); $smarty->display('member_company/company_news_edit.htm'); } elseif ($act == 'company_news_edit_save') { if ($company_profile['audit'] == "1") { $_CFG['audit_verifycom_editnews'] != "-1" ? $setsqlarr['audit'] = intval($_CFG['audit_verifycom_editnews']) : ''; } else { $_CFG['audit_unexaminedcom_editnews'] != "-1" ? $setsqlarr['audit'] = intval($_CFG['audit_unexaminedcom_editnews']) : ''; } $setsqlarr['title'] = !empty($_POST['title']) ? trim($_POST['title']) : showmsg('请填写标题!', 1); check_word($_CFG['filter'], $_POST['title']) ? showmsg($_CFG['filter_tips'], 0) : ''; $setsqlarr['order'] = intval($_POST['order']); $setsqlarr['content'] = !empty($_POST['content']) ? trim($_POST['content']) : showmsg('请填写内容', 1); check_word($_CFG['filter'], $_POST['content']) ? showmsg($_CFG['filter_tips'], 0) : ''; $link[0]['text'] = "新闻列表"; $link[0]['href'] = '?act=company_news'; $uid = intval($_SESSION['uid']); $id = intval($_POST['id']); !$db->updatetable(table('company_news'), $setsqlarr, " uid='{$uid}' AND id='{$id}' ") ? showmsg("修改失败!", 0) : showmsg("修改成功!", 2, $link); } elseif ($act == 'company_news_del') { $id = !empty($_POST['id']) ? $_POST['id'] : $_GET['id']; if (empty($id)) { showmsg("你没有选择新闻!", 1); } if ($n = del_company_news($id, $_SESSION['uid'])) { showmsg("删除成功!共删除 {$n} 行", 2); } else { showmsg("删除失败!", 0); }
$setsqlarr['scale'] = trim($_POST['scale']) ? utf8_to_gbk(trim($_POST['scale'])) : exit('您选择公司规模!'); $setsqlarr['scale_cn'] = utf8_to_gbk(trim($_POST['scale_cn'])); $setsqlarr['registered'] = utf8_to_gbk(trim($_POST['registered'])); $setsqlarr['currency'] = utf8_to_gbk(trim($_POST['currency'])); $setsqlarr['address'] = trim($_POST['address']) ? utf8_to_gbk(trim($_POST['address'])) : exit('请填写通讯地址!'); check_word($_CFG['filter'], $setsqlarr['address']) ? exit($_CFG['filter_tips']) : ''; $setsqlarr['contact'] = trim($_POST['contact']) ? utf8_to_gbk(trim($_POST['contact'])) : exit('请填写联系人!'); check_word($_CFG['filter'], $setsqlarr['contact']) ? exit($_CFG['filter_tips']) : ''; $setsqlarr['telephone'] = trim($_POST['telephone']) ? utf8_to_gbk(trim($_POST['telephone'])) : exit('请填写联系电话!'); check_word($_CFG['filter'], $setsqlarr['telephone']) ? exit($_CFG['filter_tips']) : ''; $setsqlarr['email'] = trim($_POST['email']) ? utf8_to_gbk(trim($_POST['email'])) : exit('请填写联系邮箱!'); check_word($_CFG['filter'], $setsqlarr['email']) ? exit($_CFG['filter_tips']) : ''; $setsqlarr['website'] = utf8_to_gbk(trim($_POST['website'])); check_word($_CFG['filter'], $setsqlarr['website']) ? exit($_CFG['filter_tips']) : ''; $setsqlarr['contents'] = trim($_POST['contents']) ? utf8_to_gbk(trim($_POST['contents'])) : exit('请填写公司简介!'); check_word($_CFG['filter'], $setsqlarr['contents']) ? exit($_CFG['filter_tips']) : ''; $setsqlarr['yellowpages'] = intval($_POST['yellowpages']); $setsqlarr['contact_show'] = intval($_POST['contact_show']); $setsqlarr['email_show'] = intval($_POST['email_show']); $setsqlarr['telephone_show'] = intval($_POST['telephone_show']); $setsqlarr['address_show'] = intval($_POST['address_show']); if ($_CFG['company_repeat'] == "0") { $info = $db->getone("SELECT uid FROM " . table('company_profile') . " WHERE companyname ='{$setsqlarr['companyname']}' AND uid<>'{$_SESSION['uid']}' LIMIT 1"); if (!empty($info)) { exit("{$setsqlarr['companyname']}已经存在,同公司信息不能重复注册"); } } if ($company_profile) { $_CFG['audit_edit_com'] != "-1" ? $setsqlarr['audit'] = intval($_CFG['audit_edit_com']) : ''; if (updatetable(table('company_profile'), $setsqlarr, " uid='{$uid}'")) { $jobarr['companyname'] = $setsqlarr['companyname'];
$setsqlarr['deadline'] = strtotime("" . intval($_CFG['company_add_days']) . " day"); $setsqlarr['key'] = $setsqlarr['jobs_name'] . $company_info['companyname'] . $setsqlarr['category_cn'] . $setsqlarr['district_cn'] . $setsqlarr['contents']; require_once QISHI_ROOT_PATH . 'include/splitword.class.php'; $sp = new SPWord(); $setsqlarr['key'] = "{$setsqlarr['jobs_name']} {$company_info['companyname']} " . $sp->extracttag($setsqlarr['key']); $setsqlarr['key'] = $sp->pad($setsqlarr['key']); if ($company_info['audit'] == "1") { $_CFG['audit_verifycom_editjob'] != "-1" ? $setsqlarr['audit'] = intval($_CFG['audit_verifycom_editjob']) : ''; } else { $_CFG['audit_unexaminedcom_editjob'] != "-1" ? $setsqlarr['audit'] = intval($_CFG['audit_unexaminedcom_editjob']) : ''; } $setsqlarr_contact['contact'] = !empty($_POST['contact']) ? trim($_POST['contact']) : exit('您没有填写联系人!'); $setsqlarr_contact['telephone'] = !empty($_POST['telephone']) ? trim($_POST['telephone']) : exit('您没有填写联系电话!'); $setsqlarr_contact['email'] = !empty($_POST['email']) ? trim($_POST['email']) : exit('您没有填写联系邮箱!'); $setsqlarr_contact['address'] = !empty($_POST['address']) ? trim($_POST['address']) : exit('您没有填写详细地址!'); check_word($_CFG['filter'], $_POST['telephone']) ? exit($_CFG['filter_tips']) : ''; $setsqlarr_contact['contact_show'] = 1; $setsqlarr_contact['email_show'] = 1; $setsqlarr_contact['telephone_show'] = 1; $setsqlarr_contact['address_show'] = 1; if (!$db->updatetable(table('jobs'), $setsqlarr, " id='{$id}' AND uid='{$_SESSION['uid']}' ")) { exit("err"); } if (!$db->updatetable(table('jobs_tmp'), $setsqlarr, " id='{$id}' AND uid='{$_SESSION['uid']}' ")) { exit("err"); } if (!$db->updatetable(table('jobs_contact'), $setsqlarr_contact, " pid='{$id}' ")) { exit("err"); } if ($add_mode == '1') { if ($points_rule['jobs_edit']['value'] > 0) {
require_once 'incl/functions.php'; ?> <?php if (isset($_POST['submit'])) { //checks if a form named submit has been added if (empty($_POST["word"])) { echo "<h3>Word field blank</h3>"; if (empty($_POST["def"])) { echo "<h3>Definition field blank</h3>"; if (empty($_POST["pos"])) { echo "<h3>Part of Speech not selected</h3>"; } } } else { if (!check_word($_POST['word'])) { //checks the name part of the form to see if it already exists add_word($_POST); } else { print "<div><h3>That word already exists in the DB</h3></div>"; } } } ?> <title>Dictionary | The Front Page!</title> <div class = "head"> <link rel="stylesheet" href="jquery/jquery-ui.min.css"> <script src="jquery/external/jquery/jquery.js"></script> <script src="jquery/jquery-ui.min.js"></script>
function check_eval_magic($tplfile, &$content, &$i2, &$ret) { $i = $i2; if (!check_word($content, $i, 'if', 1)) { return 0; } if (!check_word($content, $i, '(')) { return 0; } if (!check_word($content, $i, 'eval')) { return 0; } if (!check_word($content, $i, '(')) { return 0; } if (!check_word($content, $i, '__MAGIC__')) { return 0; } if (!check_word($content, $i, ')')) { return 0; } if (!check_word($content, $i, ')')) { return 0; } if (!check_word($content, $i, 'return')) { return 0; } if (!check_word($content, $i, '$___RET_VALUE')) { return 0; } if (!check_word($content, $i, ';')) { return 0; } $funcname = parse_get_funcname($content, $i2); $i2 = $i; $ret = get_magic_content(strtolower($funcname)); //测试 //统计函数调用个数 //$ret='global $___TEMP_CALLS_COUNT; $___TEMP_CALLS_COUNT[\''.$funcname.'\']=1; '.$ret; $ret = str_replace("\n", ' ', $ret); return 1; }
<div align="center"> <div class="medium"> <?php if ($search) { echo '<table class="Tabella">'; echo '<tr><th class="Title" colspan="5">' . get_text('ModulesFound', 'Languages', $search) . '</th></tr>'; echo '<tr class="Spacer"><td colspan="5"></td></tr>'; echo '<tr>'; echo '<th class="Title">' . get_text('Module', 'Languages') . '</th>'; echo '<th class="Title">' . get_text('Variable', 'Languages') . '</th>'; echo '<th class="Title">' . get_text('Text', 'Languages') . '</th>'; echo '<th class="Title">' . get_text('FunctionS', 'Languages') . '</th>'; echo '<th class="Title">' . get_text('FunctionL', 'Languages') . '</th>'; echo '</tr>'; foreach (check_word($search) as $row) { echo '<tr>'; echo '<td>' . $row[0] . '</td>'; echo '<td>' . $row[1] . '</td>'; echo '<td>' . preg_replace("#({$search})#sim", '<b style="color:red">\\1</b>', $row[2]) . '</td>'; echo '<td>get_text(\'' . $row[1] . '\'' . ($row[0] != 'Common' ? ', \'' . $row[0] . '\'' : '') . ')</td>'; echo '<td>get_text(\'' . $row[1] . '\', \'' . $row[0] . '\', (mixed) $var, [(bool) $translate])</td>'; echo '</tr>'; } echo '</table>'; } echo '<form method="GET" action="">'; echo '<table class="Tabella">'; echo '<tr>'; echo '<td class="Right" nowrap="nowrap">' . get_text('Search', 'Languages') . '</td>'; echo '<td width="100%">';
$setsqlarr['district_cn'] = trim($_POST['district_cn']); $setsqlarr['classtype'] = !empty($_POST['classtype']) ? intval($_POST['classtype']) : adminmsg('请选择上课班制!', 1); $setsqlarr['classtype_cn'] = trim($_POST['classtype_cn']); $setsqlarr['teacher_id'] = !empty($_POST['teacher_id']) ? intval($_POST['teacher_id']) : adminmsg('请选择主讲人!', 1); $setsqlarr['teacher_cn'] = trim($_POST['teacher_cn']); $setsqlarr['starttime'] = intval(convert_datefm($_POST['starttime'], 2)); if (empty($setsqlarr['starttime'])) { adminmsg('请填写开课时间!时间格式:YYYY-MM-DD', 1); } $setsqlarr['train_object'] = !empty($_POST['train_object']) ? trim($_POST['train_object']) : adminmsg('您没有填写授课对象!', 1); $setsqlarr['train_certificate'] = !empty($_POST['train_certificate']) ? trim($_POST['train_certificate']) : ''; $setsqlarr['classhour'] = !empty($_POST['classhour']) ? intval($_POST['classhour']) : adminmsg('您没有填写授课学时!', 1); $setsqlarr['train_expenses'] = !empty($_POST['train_expenses']) ? intval($_POST['train_expenses']) : adminmsg('您没有填写培训费用!', 1); $setsqlarr['favour_expenses'] = !empty($_POST['favour_expenses']) ? intval($_POST['favour_expenses']) : adminmsg('您没有填写优惠价格!', 1); $setsqlarr['contents'] = !empty($_POST['contents']) ? trim($_POST['contents']) : adminmsg('您没有填写课程描述!', 1); check_word($_CFG['filter'], $_POST['contents']) ? adminmsg($_CFG['filter_tips'], 0) : ''; $setsqlarr['refreshtime'] = $timestamp; $setsqlarr['key'] = $setsqlarr['course_name'] . $train_profile['trainname'] . $setsqlarr['teacher_cn'] . $setsqlarr['train_certificate'] . $setsqlarr['category_cn'] . $setsqlarr['district_cn'] . $setsqlarr['contents']; require_once QISHI_ROOT_PATH . 'include/splitword.class.php'; $sp = new SPWord(); $setsqlarr['key'] = "{$setsqlarr['course_name']} {$train_profile['trainname']} {$setsqlarr['teacher_cn']} {$setsqlarr['train_certificate']} " . $sp->extracttag($setsqlarr['key']); $setsqlarr['key'] = $sp->pad($setsqlarr['key']); $setsqlarr['likekey'] = "{$setsqlarr['course_name']},{$train_profile['trainname']},{$setsqlarr['teacher_cn']},{$setsqlarr['train_certificate']}"; $days = intval($_POST['days']); if ($days > 0 && intval($_POST['olddeadline']) - time() > 0) { $setsqlarr['deadline'] = intval($_POST['olddeadline']) + $days * (60 * 60 * 24); } if ($days > 0 && intval($_POST['olddeadline']) - time() < 0) { $setsqlarr['deadline'] = strtotime("" . $days . " day"); } $setsqlarr_contact['contact'] = trim($_POST['contact']);
$setsqlarr['scale'] = trim($_POST['scale']) ? trim($_POST['scale']) : showmsg('您选择公司规模!', 1); $setsqlarr['scale_cn'] = trim($_POST['scale_cn']); $setsqlarr['registered'] = trim($_POST['registered']); $setsqlarr['currency'] = trim($_POST['currency']); $setsqlarr['address'] = trim($_POST['address']) ? trim($_POST['address']) : showmsg('请填写通讯地址!', 1); check_word($_CFG['filter'], $setsqlarr['address']) ? showmsg($_CFG['filter_tips'], 1) : ''; $setsqlarr['contact'] = trim($_POST['contact']) ? trim($_POST['contact']) : showmsg('请填写联系人!', 1); check_word($_CFG['filter'], $setsqlarr['contact']) ? showmsg($_CFG['filter_tips'], 1) : ''; $setsqlarr['telephone'] = trim($_POST['telephone']) ? trim($_POST['telephone']) : showmsg('请填写联系电话!', 1); check_word($_CFG['filter'], $setsqlarr['telephone']) ? showmsg($_CFG['filter_tips'], 1) : ''; $setsqlarr['email'] = trim($_POST['email']) ? trim($_POST['email']) : showmsg('请填写联系邮箱!', 1); check_word($_CFG['filter'], $setsqlarr['email']) ? showmsg($_CFG['filter_tips'], 1) : ''; $setsqlarr['website'] = trim($_POST['website']); check_word($_CFG['filter'], $setsqlarr['website']) ? showmsg($_CFG['filter_tips'], 1) : ''; $setsqlarr['contents'] = trim($_POST['contents']) ? trim($_POST['contents']) : showmsg('请填写公司简介!', 1); check_word($_CFG['filter'], $setsqlarr['contents']) ? showmsg($_CFG['filter_tips'], 1) : ''; $setsqlarr['contact_show'] = intval($_POST['contact_show']); $setsqlarr['email_show'] = intval($_POST['email_show']); $setsqlarr['telephone_show'] = intval($_POST['telephone_show']); $setsqlarr['address_show'] = intval($_POST['address_show']); if ($_CFG['company_repeat'] == "0") { $info = $db->getone("SELECT uid FROM " . table('company_profile') . " WHERE companyname ='{$setsqlarr['companyname']}' AND uid<>'{$_SESSION['uid']}' LIMIT 1"); if (!empty($info)) { showmsg("{$setsqlarr['companyname']}已经存在,同公司信息不能重复注册", 1); } } if ($company_profile) { $_CFG['audit_edit_com'] != "-1" ? $setsqlarr['audit'] = intval($_CFG['audit_edit_com']) : ''; if ($db->updatetable(table('company_profile'), $setsqlarr, " uid='{$uid}'")) { $jobarr['companyname'] = $setsqlarr['companyname']; $jobarr['trade'] = $setsqlarr['trade'];
} $final = trim($_POST[$word]); if (strlen($final) == 0) { return false; } if (strpos($final, ' ') === false) { return htmlspecialchars($final); } else { return false; } } if (isset($_POST['words'])) { // generic check whether all words were entered $word1 = check_word("word1"); $word2 = check_word("word2"); $word3 = check_word("word3"); if ($word1 === false || $word2 === false || $word3 === false) { $_SESSION['flash'] = "Nicht alle eingegebenen Wörter sind gültig."; header("Location: index.php"); exit; } $author = htmlspecialchars(trim($_POST['author'])); if (strlen($author) == 0) { $author = "Anonymous"; } $sql_str = "INSERT INTO `words` (`word1`, `word2`, `word3`, `author`, `new`) VALUES ('" . $sql->real_escape_string($word1) . "', '" . $sql->real_escape_string($word2) . "', '" . $sql->real_escape_string($word3) . "', '" . $sql->real_escape_string($author) . "', 1);"; if (!$sql->query($sql_str)) { $_SESSION['flash'] = "An error occurred: " . $sql->error; header("Location: index.php"); exit; }
$agency = utf8_to_gbk(trim($_POST['agency'])); $course = utf8_to_gbk(trim($_POST['course'])); $description = utf8_to_gbk(trim($_POST['description'])); $setsqlarr['agency'] = $agency ? $agency : exit("请填写培训机构!"); check_word($_CFG['filter'], $setsqlarr['agency']) ? exit($_CFG['filter_tips']) : ''; $setsqlarr['course'] = $course ? $course : exit("请填写培训课程!"); check_word($_CFG['filter'], $setsqlarr['course']) ? exit($_CFG['filter_tips']) : ''; if (trim($_POST['training_start_year']) == "" || trim($_POST['training_start_month']) == "" || trim($_POST['training_end_year']) == "" || trim($_POST['training_end_month']) == "") { exit("请选择培训时间!"); } $setsqlarr['startyear'] = intval($_POST['training_start_year']); $setsqlarr['startmonth'] = intval($_POST['training_start_month']); $setsqlarr['endyear'] = intval($_POST['training_end_year']); $setsqlarr['endmonth'] = intval($_POST['training_end_month']); $setsqlarr['description'] = $description ? $description : exit("请填写培训内容!"); check_word($_CFG['filter'], $setsqlarr['description']) ? exit($_CFG['filter_tips']) : ''; if ($id) { updatetable(table("resume_training"), $setsqlarr, array("id" => $id)); exit("success"); } else { $insert_id = inserttable(table("resume_training"), $setsqlarr, 1); if ($insert_id) { check_resume($_SESSION['uid'], intval($_REQUEST['pid'])); exit("success"); } else { exit("err"); } } } elseif ($act == 'ajax_get_training_list') { $pid = intval($_GET['pid']); $uid = intval($_SESSION['uid']);
function check_eval_magic($tplfile, &$content, &$i2, &$ret) { $i = $i2; if (!check_word($content, $i, 'if', 1)) { return 0; } if (!check_word($content, $i, '(')) { return 0; } if (!check_word($content, $i, 'eval')) { return 0; } if (!check_word($content, $i, '(')) { return 0; } if (!check_word($content, $i, '__MAGIC__')) { return 0; } if (!check_word($content, $i, ')')) { return 0; } if (!check_word($content, $i, ')')) { return 0; } if (!check_word($content, $i, 'return')) { return 0; } if (!check_word($content, $i, '$___RET_VALUE')) { return 0; } if (!check_word($content, $i, ';')) { return 0; } $funcname = parse_get_funcname($content, $i2); $i2 = $i; $ret = get_magic_content($funcname); $ret = str_replace("\n", ' ', $ret); return 1; }