} elseif (chkid($_GET['id'])) {
$id = $_GET['id'];
try {
$content_list = $service->get_content_list($id);
if (count($content_list) == 1) {
$view->post_breadcrumb = $content_list[0]['title'];
$content = $content_list[0]['text'];
} else {
$error = LANG_ER_NO_DATA;
}
} catch (Exception $e) {
$error = LANG_ER_ERROR;
}
} else {
$error = LANG_ER_WRONG_FORMAT;
}
if (chkid($_COOKIE['city_id'])) {
$city_id = $_COOKIE['city_id'];
$view->city = $service->get_city_by_id($city_id);
}
$view->pushToQueue('breadcrumbs.tpl.php');
$view->pushToQueue('search.tpl.php');
if (!empty($error)) {
$view->error_message = $error;
$view->pushToQueue('error_message.tpl.php');
} elseif (!empty($content)) {
$view->content = $content;
$view->pushToQueue('content.tpl.php');
}
$view->pushToQueue('footer.tpl.php');
$view->displayQueue();
include 'class/includes.php';
$view = new Savant3();
$service = Service::getInstance();
$view->setPath('template', array(TPL_PATH));
if (isset($_POST['search_term']) && chkid($_POST['city_id'])) {
//TODO avoid search if term is empty(?)
$search_term = htmlentities(text_only(trim($_POST['search_term'])), ENT_QUOTES, CONF_ENC);
if ($search_term == LANG_SEARCH_TEXT) {
$search_term = '';
} else {
//TODO check for other criteria and if none dispaly message - no search term
}
$view->search_term = $search_term;
$search_term = mb_strtoupper($search_term, CONF_ENC);
$city_id = $_POST['city_id'];
if (chkid($_POST['cat_id'])) {
$cat_id = $_POST['cat_id'];
$field_list = $service->get_searchable_field_list($cat_id);
if (count($field_list) > 0) {
foreach ($field_list as $key => $value) {
switch ($value['type']) {
case TYPE_NUMBER:
if (isset($_POST[$value['name'] . TYPE_NUMBER_FROM]) && ctype_digit($_POST[$value['name'] . TYPE_NUMBER_FROM]) && $_POST[$value['name'] . TYPE_NUMBER_FROM] >= 0) {
$field_list[$key]['from'] = text_only($_POST[$value['name'] . TYPE_NUMBER_FROM]);
}
if (isset($_POST[$value['name'] . TYPE_NUMBER_TO]) && ctype_digit($_POST[$value['name'] . TYPE_NUMBER_TO]) && $_POST[$value['name'] . TYPE_NUMBER_TO] >= 0) {
$field_list[$key]['to'] = text_only($_POST[$value['name'] . TYPE_NUMBER_TO]);
}
break;
case TYPE_SELECT:
if (isset($_POST[$value['name']]) && ctype_digit($_POST[$value['name']]) && $_POST[$value['name']] >= 0) {
}
}
}
if ($ad_posted) {
$view->city = $service->get_city_by_id($city_id);
$view->category_path = $service->get_category_path($cat_id);
$view->post_breadcrumb = LANG_POST_BC;
$view->pushToQueue('breadcrumbs.tpl.php');
$view->field_list = $service->get_searchable_field_list($cat_id);
$view->pushToQueue('search.tpl.php');
$view->success_message = LANG_POST_EXPLAIN . '<br/><br/><br/>' . LANG_ER_HOME_PAGE . sprintf(LANG_POST_SUCCESS_POST_NEW, SITE_URL . 'post/' . $view->city['name'] . '/');
$view->pushToQueue('post_success.tpl.php');
} else {
if ((chkid($cat_id) || chkid($_POST['cat_id'])) && (chkid($city_id) || chkid($_COOKIE['city_id']))) {
//FILL FORM
if (!chkid($cat_id)) {
$cat_id = $_POST['cat_id'];
}
$category = $service->get_category($cat_id);
if (count($category) == 1) {
$view->category = $category[0];
$view->subject = $subject;
$view->location = $location;
$view->text = $text;
$view->email = $email;
$view->anonymize = $anonymize;
$view->photo = $photo;
if (!isset($all_field_list)) {
$view->all_field_list = $service->get_all_field_list($cat_id);
} else {
$view->all_field_list = $all_field_list;
echo_header();
if ($_GET['action'] == 'del') {
chkid($_GET['id']);
if ($_POST) {
$del_query = mysql_query('delete from `music_list` where `id`=\'' . $_GET['id'] . '\'');
if ($del_query) {
msg('删除成功');
} else {
msg('删除失败');
}
} else {
$select_query = mysql_fetch_array(mysql_query('select * from `music_list` where `id`=\'' . $_GET['id'] . '\''));
echo '<form action="" method="post"><p>您确定要删除 ' . $select_query['name'] . ' - ' . $select_query['singer'] . '么?</p><p><input type="submit" name="submit" value="确定" /><a href="' . $_SERVER['PHP_SELF'] . '">取消</a></p></form>';
}
} elseif ($_GET['action'] == 'edit') {
chkid($_GET['id']);
if ($_POST) {
$post_data = get_post_data();
$update_query = mysql_query('update `music_list` set `name`=\'' . $post_data['name'] . '\', `url`=\'' . $post_data['url'] . '\', `singer`=\'' . $post_data['singer'] . '\', `lrc`=\'' . $post_data['lrc'] . '\', `lrc_data`=\'' . $post_data['lrc_data'] . '\' where `id`=\'' . $_GET['id'] . '\'');
if ($update_query) {
msg('数据插入成功');
} else {
msg('数据插入失败<br />' . mysql_errno() . ' ' . mysql_error());
}
} else {
$select_query = mysql_fetch_array(mysql_query('select * from `music_list` where `id`=\'' . $_GET['id'] . '\''));
echo '<form action="" method="post"><p><label>歌 名:<input type="text" name="name" value="' . $select_query['name'] . '" /></p><p><label>歌 手:<input type="text" name="singer" value="' . $select_query['singer'] . '" /></p><p><label>下载地址:<input type="text" name="url" value="' . $select_query['url'] . '" /></p><p><a href="http://tool.liujiantao.me/upload/" target="_blank">歌曲上传</a></p><p>显示 lrc 歌词: <label><input type="radio" name="lrc" value="1" ' . ($select_query['lrc'] ? 'checked="checked" ' : '') . '/>是</label> <label><input type="radio" name="lrc" value="0" ' . (!$select_query['lrc'] ? 'checked="checked" ' : '') . '/>否</label></p><p>lrc 歌词(可选):<br /><textarea name="lrc_data">' . htmlspecialchars($select_query['lrc_data']) . '</textarea></p><p><input type="submit" name="submit" value="确定" /><a href="' . $_SERVER['PHP_SELF'] . '">取消</a></p></form>';
}
} elseif ($_GET['action'] == 'search') {
$post_data = get_post_data();
echo '<form action="?action=search" method="post"><p><input name="search" type="text" value="' . $post_data['search'] . '"/></p><p><input type="submit" value="搜索" /></p></form>';
if (!isset($_POST['text']) || trim($_POST['text']) == '') {
$error = true;
$error_messages['text'] = LANG_POST_EM_AD_EMPTY_MSG;
} else {
if (strlen($_POST['text']) > AD_MSG_TEXT_LIMIT) {
$error = true;
$error_messages['text'] = sprintf(LANG_POST_EM_AD_MSG_IS_BIG, AD_MSG_TEXT_LIMIT);
}
}
if (isset($_POST['email']) && trim($_POST['email']) != '') {
if (!isemail($_POST['email'])) {
$error = true;
$error_messages['email'] = LANG_POST_EM_NOT_VALID_EMAIL;
}
}
if (!isset($_POST['ad_id']) || trim($_POST['ad_id']) == '' || trim($_POST['ad_id']) == '0' || !chkid($_POST['ad_id'])) {
$error = true;
$error_messages['ad_id'] = LANG_POST_EM_EMPTY_AD_ID;
}
include_once 'securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
//die(LANG_AD_SM_FAIL);
$error = true;
$error_messages['captcha'] = LANG_POST_EM_WRONG_CAPTCHA;
}
if (!$error) {
$text = $_POST['text'];
$text = text_only($text);
$email = $_POST['email'];
//echo '!'.$text;
<?php
include 'class/includes.php';
if (chkid($_GET['id'])) {
$id = $_GET['id'];
$host = SystemConsts::HOST;
$database = SystemConsts::DB;
$username = SystemConsts::USERNAME;
$password = SystemConsts::PASSWORD;
@mysql_connect($host, $username, $password) or die("Can not connect to database: " . mysql_error());
@mysql_select_db($database) or die("Can not select the database: " . mysql_error());
$result = mysql_query('SELECT photo.* FROM photo , ad, ad_photo WHERE photo.id=' . $id . ' AND ad_photo.ad_id=ad.id AND ad_photo.photo_id=photo.id AND ad.active=1 AND ad.verified AND DATEDIFF(CURDATE(),date)<' . CONF_DATE_LIMIT . '');
if (mysql_num_rows($result) == 1) {
$row = mysql_fetch_array($result);
header('Content-length: ' . $row['size']);
header('Content-type: ' . $row['type']);
echo base64_decode($row['photo']);
} else {
echo 'image not found';
}
// }
} else {
header('Status: 404');
echo 'no image id or wrong format';
}
<?php
include 'class/includes.php';
if (isset($_POST['flag']) && !empty($_POST['flag']) && chkid($_POST['ad_id'])) {
$clientip = getip();
$flag = $_POST['flag'];
$ad_id = $_POST['ad_id'];
$client = $_SERVER['HTTP_USER_AGENT'];
$referred = $_SERVER['HTTP_REFERER'];
switch ($flag) {
case 'spam':
//break;
//break;
case 'miscat':
//break;
//break;
case 'viol':
//break;
//break;
case 'best':
$service = Service::getInstance();
$values = array(array('flag' => $flag, 'ad_id' => $ad_id, 'clientip' => $clientip, 'client' => $client, 'referred' => $referred));
if ($service->insert_new_flag($values)) {
echo LANG_AD_SF_SUCCESS;
} else {
echo LANG_AD_SF_FAIL;
}
break;
default:
echo 'flag value not found';
break;
<?php
include 'class/includes.php';
$service = Service::getInstance();
$view = new Savant3();
$view->setPath('template', array(TPL_PATH));
if (preg_match('/^([A-Za-z_-]{1,20})$/', $_GET['city_name'])) {
$city_id = $service->get_city_id_by_name($_GET['city_name']);
setcookie('city_id', $city_id, time() + 60 * 60 * 24 * 365 * 10, '/');
}
if (preg_match('/^([A-Za-z0-9_-]{1,20})$/', $_GET['cat_name'])) {
$cat_id = $service->get_cat_id_by_name($_GET['cat_name']);
$view->category = $service->get_category_by_id($cat_id);
}
if (chkid($cat_id) && chkid($city_id)) {
$view->category = $service->get_category_by_id($cat_id);
$view->city = $service->get_city_by_id($city_id);
$view->ad_list = $service->get_ad_list_for_rss($city_id, $cat_id);
header("Content-Type: application/xml; charset=utf-8\r\n");
echo '<?xml version="1.0" encoding="' . CONF_ENC . '" ?>';
$view->pushToQueue('rss.tpl.php');
$view->displayQueue();
} else {
header('Status:404');
//echo '!';
}
$action = htmlentities(text_only(trim($_POST['action']), ENT_QUOTES, CONF_ENC, false));
$view = new Savant3();
$view->setPath('template', array(TPL_PATH));
if ($action == 'load') {
$view->value_list = array('ad_id' => $ad_id, 'action' => 'submit');
$view->pushToQueue('ad_email_friend.tpl.php');
} elseif ($action == 'submit') {
if (empty($friend_email)) {
$error_list[] = LANG_AD_EF_F_EMAIL_EMPTY;
} elseif (!isemail($friend_email)) {
$error_list[] = LANG_AD_EF_F_EMAIL_WRONG_FORMAT;
}
if (!empty($user_email) && !isemail($user_email)) {
$error_list[] = LANG_AD_EF_EMAIL_WRONG_FORMAT;
}
if (!chkid($ad_id)) {
$error_list[] = 'a';
}
if (empty($error_list)) {
// if (ad_email_friend($ad_id,$friend_email,$user_email)) {
// $view->message=LANG_AD_EF_SUCCESS;
// $view->pushToQueue('message.tpl.php');
// }
// else {
$view->message = LANG_AD_EF_FAIL;
$view->pushToQueue('message.tpl.php');
// }
} else {
$view->error_list = $error_list;
$view->pushToQueue('error_list.tpl.php');
$view->value_list = array('ad_id' => $ad_id, 'friend_email' => $friend_email, 'user_email' => $user_email, 'action' => 'submit');
