} elseif (chkid($_GET['id'])) { $id = $_GET['id']; try { $content_list = $service->get_content_list($id); if (count($content_list) == 1) { $view->post_breadcrumb = $content_list[0]['title']; $content = $content_list[0]['text']; } else { $error = LANG_ER_NO_DATA; } } catch (Exception $e) { $error = LANG_ER_ERROR; } } else { $error = LANG_ER_WRONG_FORMAT; } if (chkid($_COOKIE['city_id'])) { $city_id = $_COOKIE['city_id']; $view->city = $service->get_city_by_id($city_id); } $view->pushToQueue('breadcrumbs.tpl.php'); $view->pushToQueue('search.tpl.php'); if (!empty($error)) { $view->error_message = $error; $view->pushToQueue('error_message.tpl.php'); } elseif (!empty($content)) { $view->content = $content; $view->pushToQueue('content.tpl.php'); } $view->pushToQueue('footer.tpl.php'); $view->displayQueue();
include 'class/includes.php'; $view = new Savant3(); $service = Service::getInstance(); $view->setPath('template', array(TPL_PATH)); if (isset($_POST['search_term']) && chkid($_POST['city_id'])) { //TODO avoid search if term is empty(?) $search_term = htmlentities(text_only(trim($_POST['search_term'])), ENT_QUOTES, CONF_ENC); if ($search_term == LANG_SEARCH_TEXT) { $search_term = ''; } else { //TODO check for other criteria and if none dispaly message - no search term } $view->search_term = $search_term; $search_term = mb_strtoupper($search_term, CONF_ENC); $city_id = $_POST['city_id']; if (chkid($_POST['cat_id'])) { $cat_id = $_POST['cat_id']; $field_list = $service->get_searchable_field_list($cat_id); if (count($field_list) > 0) { foreach ($field_list as $key => $value) { switch ($value['type']) { case TYPE_NUMBER: if (isset($_POST[$value['name'] . TYPE_NUMBER_FROM]) && ctype_digit($_POST[$value['name'] . TYPE_NUMBER_FROM]) && $_POST[$value['name'] . TYPE_NUMBER_FROM] >= 0) { $field_list[$key]['from'] = text_only($_POST[$value['name'] . TYPE_NUMBER_FROM]); } if (isset($_POST[$value['name'] . TYPE_NUMBER_TO]) && ctype_digit($_POST[$value['name'] . TYPE_NUMBER_TO]) && $_POST[$value['name'] . TYPE_NUMBER_TO] >= 0) { $field_list[$key]['to'] = text_only($_POST[$value['name'] . TYPE_NUMBER_TO]); } break; case TYPE_SELECT: if (isset($_POST[$value['name']]) && ctype_digit($_POST[$value['name']]) && $_POST[$value['name']] >= 0) {
} } } if ($ad_posted) { $view->city = $service->get_city_by_id($city_id); $view->category_path = $service->get_category_path($cat_id); $view->post_breadcrumb = LANG_POST_BC; $view->pushToQueue('breadcrumbs.tpl.php'); $view->field_list = $service->get_searchable_field_list($cat_id); $view->pushToQueue('search.tpl.php'); $view->success_message = LANG_POST_EXPLAIN . '<br/><br/><br/>' . LANG_ER_HOME_PAGE . sprintf(LANG_POST_SUCCESS_POST_NEW, SITE_URL . 'post/' . $view->city['name'] . '/'); $view->pushToQueue('post_success.tpl.php'); } else { if ((chkid($cat_id) || chkid($_POST['cat_id'])) && (chkid($city_id) || chkid($_COOKIE['city_id']))) { //FILL FORM if (!chkid($cat_id)) { $cat_id = $_POST['cat_id']; } $category = $service->get_category($cat_id); if (count($category) == 1) { $view->category = $category[0]; $view->subject = $subject; $view->location = $location; $view->text = $text; $view->email = $email; $view->anonymize = $anonymize; $view->photo = $photo; if (!isset($all_field_list)) { $view->all_field_list = $service->get_all_field_list($cat_id); } else { $view->all_field_list = $all_field_list;
echo_header(); if ($_GET['action'] == 'del') { chkid($_GET['id']); if ($_POST) { $del_query = mysql_query('delete from `music_list` where `id`=\'' . $_GET['id'] . '\''); if ($del_query) { msg('删除成功'); } else { msg('删除失败'); } } else { $select_query = mysql_fetch_array(mysql_query('select * from `music_list` where `id`=\'' . $_GET['id'] . '\'')); echo '<form action="" method="post"><p>您确定要删除 ' . $select_query['name'] . ' - ' . $select_query['singer'] . '么?</p><p><input type="submit" name="submit" value="确定" /><a href="' . $_SERVER['PHP_SELF'] . '">取消</a></p></form>'; } } elseif ($_GET['action'] == 'edit') { chkid($_GET['id']); if ($_POST) { $post_data = get_post_data(); $update_query = mysql_query('update `music_list` set `name`=\'' . $post_data['name'] . '\', `url`=\'' . $post_data['url'] . '\', `singer`=\'' . $post_data['singer'] . '\', `lrc`=\'' . $post_data['lrc'] . '\', `lrc_data`=\'' . $post_data['lrc_data'] . '\' where `id`=\'' . $_GET['id'] . '\''); if ($update_query) { msg('数据插入成功'); } else { msg('数据插入失败<br />' . mysql_errno() . ' ' . mysql_error()); } } else { $select_query = mysql_fetch_array(mysql_query('select * from `music_list` where `id`=\'' . $_GET['id'] . '\'')); echo '<form action="" method="post"><p><label>歌 名:<input type="text" name="name" value="' . $select_query['name'] . '" /></p><p><label>歌 手:<input type="text" name="singer" value="' . $select_query['singer'] . '" /></p><p><label>下载地址:<input type="text" name="url" value="' . $select_query['url'] . '" /></p><p><a href="http://tool.liujiantao.me/upload/" target="_blank">歌曲上传</a></p><p>显示 lrc 歌词: <label><input type="radio" name="lrc" value="1" ' . ($select_query['lrc'] ? 'checked="checked" ' : '') . '/>是</label> <label><input type="radio" name="lrc" value="0" ' . (!$select_query['lrc'] ? 'checked="checked" ' : '') . '/>否</label></p><p>lrc 歌词(可选):<br /><textarea name="lrc_data">' . htmlspecialchars($select_query['lrc_data']) . '</textarea></p><p><input type="submit" name="submit" value="确定" /><a href="' . $_SERVER['PHP_SELF'] . '">取消</a></p></form>'; } } elseif ($_GET['action'] == 'search') { $post_data = get_post_data(); echo '<form action="?action=search" method="post"><p><input name="search" type="text" value="' . $post_data['search'] . '"/></p><p><input type="submit" value="搜索" /></p></form>';
if (!isset($_POST['text']) || trim($_POST['text']) == '') { $error = true; $error_messages['text'] = LANG_POST_EM_AD_EMPTY_MSG; } else { if (strlen($_POST['text']) > AD_MSG_TEXT_LIMIT) { $error = true; $error_messages['text'] = sprintf(LANG_POST_EM_AD_MSG_IS_BIG, AD_MSG_TEXT_LIMIT); } } if (isset($_POST['email']) && trim($_POST['email']) != '') { if (!isemail($_POST['email'])) { $error = true; $error_messages['email'] = LANG_POST_EM_NOT_VALID_EMAIL; } } if (!isset($_POST['ad_id']) || trim($_POST['ad_id']) == '' || trim($_POST['ad_id']) == '0' || !chkid($_POST['ad_id'])) { $error = true; $error_messages['ad_id'] = LANG_POST_EM_EMPTY_AD_ID; } include_once 'securimage/securimage.php'; $securimage = new Securimage(); if ($securimage->check($_POST['captcha_code']) == false) { //die(LANG_AD_SM_FAIL); $error = true; $error_messages['captcha'] = LANG_POST_EM_WRONG_CAPTCHA; } if (!$error) { $text = $_POST['text']; $text = text_only($text); $email = $_POST['email']; //echo '!'.$text;
<?php include 'class/includes.php'; if (chkid($_GET['id'])) { $id = $_GET['id']; $host = SystemConsts::HOST; $database = SystemConsts::DB; $username = SystemConsts::USERNAME; $password = SystemConsts::PASSWORD; @mysql_connect($host, $username, $password) or die("Can not connect to database: " . mysql_error()); @mysql_select_db($database) or die("Can not select the database: " . mysql_error()); $result = mysql_query('SELECT photo.* FROM photo , ad, ad_photo WHERE photo.id=' . $id . ' AND ad_photo.ad_id=ad.id AND ad_photo.photo_id=photo.id AND ad.active=1 AND ad.verified AND DATEDIFF(CURDATE(),date)<' . CONF_DATE_LIMIT . ''); if (mysql_num_rows($result) == 1) { $row = mysql_fetch_array($result); header('Content-length: ' . $row['size']); header('Content-type: ' . $row['type']); echo base64_decode($row['photo']); } else { echo 'image not found'; } // } } else { header('Status: 404'); echo 'no image id or wrong format'; }
<?php include 'class/includes.php'; if (isset($_POST['flag']) && !empty($_POST['flag']) && chkid($_POST['ad_id'])) { $clientip = getip(); $flag = $_POST['flag']; $ad_id = $_POST['ad_id']; $client = $_SERVER['HTTP_USER_AGENT']; $referred = $_SERVER['HTTP_REFERER']; switch ($flag) { case 'spam': //break; //break; case 'miscat': //break; //break; case 'viol': //break; //break; case 'best': $service = Service::getInstance(); $values = array(array('flag' => $flag, 'ad_id' => $ad_id, 'clientip' => $clientip, 'client' => $client, 'referred' => $referred)); if ($service->insert_new_flag($values)) { echo LANG_AD_SF_SUCCESS; } else { echo LANG_AD_SF_FAIL; } break; default: echo 'flag value not found'; break;
<?php include 'class/includes.php'; $service = Service::getInstance(); $view = new Savant3(); $view->setPath('template', array(TPL_PATH)); if (preg_match('/^([A-Za-z_-]{1,20})$/', $_GET['city_name'])) { $city_id = $service->get_city_id_by_name($_GET['city_name']); setcookie('city_id', $city_id, time() + 60 * 60 * 24 * 365 * 10, '/'); } if (preg_match('/^([A-Za-z0-9_-]{1,20})$/', $_GET['cat_name'])) { $cat_id = $service->get_cat_id_by_name($_GET['cat_name']); $view->category = $service->get_category_by_id($cat_id); } if (chkid($cat_id) && chkid($city_id)) { $view->category = $service->get_category_by_id($cat_id); $view->city = $service->get_city_by_id($city_id); $view->ad_list = $service->get_ad_list_for_rss($city_id, $cat_id); header("Content-Type: application/xml; charset=utf-8\r\n"); echo '<?xml version="1.0" encoding="' . CONF_ENC . '" ?>'; $view->pushToQueue('rss.tpl.php'); $view->displayQueue(); } else { header('Status:404'); //echo '!'; }
$action = htmlentities(text_only(trim($_POST['action']), ENT_QUOTES, CONF_ENC, false)); $view = new Savant3(); $view->setPath('template', array(TPL_PATH)); if ($action == 'load') { $view->value_list = array('ad_id' => $ad_id, 'action' => 'submit'); $view->pushToQueue('ad_email_friend.tpl.php'); } elseif ($action == 'submit') { if (empty($friend_email)) { $error_list[] = LANG_AD_EF_F_EMAIL_EMPTY; } elseif (!isemail($friend_email)) { $error_list[] = LANG_AD_EF_F_EMAIL_WRONG_FORMAT; } if (!empty($user_email) && !isemail($user_email)) { $error_list[] = LANG_AD_EF_EMAIL_WRONG_FORMAT; } if (!chkid($ad_id)) { $error_list[] = 'a'; } if (empty($error_list)) { // if (ad_email_friend($ad_id,$friend_email,$user_email)) { // $view->message=LANG_AD_EF_SUCCESS; // $view->pushToQueue('message.tpl.php'); // } // else { $view->message = LANG_AD_EF_FAIL; $view->pushToQueue('message.tpl.php'); // } } else { $view->error_list = $error_list; $view->pushToQueue('error_list.tpl.php'); $view->value_list = array('ad_id' => $ad_id, 'friend_email' => $friend_email, 'user_email' => $user_email, 'action' => 'submit');