if ($subject == '') { ShowMsg("请填写信息标题!", "-1"); exit; } $msg = CheckUserID($msgtoid, "用户名", false); if ($msg != 'ok') { ShowMsg($msg, "-1"); exit; } $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE userid LIKE '{$msgtoid}' "); if (!is_array($row)) { ShowMsg("你指定的用户不存在,不能发送信息!", "-1"); exit; } $subject = cn_substrR(HtmlReplace($subject, 1), 60); $message = cn_substrR(HtmlReplace($message, 0), 1024); $sendtime = $writetime = time(); //发给收件人(收件人可管理) $inquery1 = "INSERT INTO `#@__member_pms` (`floginid`,`fromid`,`toid`,`tologinid`,`folder`,`subject`,`sendtime`,`writetime`,`hasview`,`isadmin`,`message`)\r\n VALUES ('{$cfg_ml->M_LoginID}','{$cfg_ml->M_ID}','{$row['mid']}','{$row['userid']}','inbox','{$subject}','{$sendtime}','{$writetime}','0','0','{$message}'); "; //保留到自己的发件箱(自己可管理) $inquery2 = "INSERT INTO `#@__member_pms` (`floginid`,`fromid`,`toid`,`tologinid`,`folder`,`subject`,`sendtime`,`writetime`,`hasview`,`isadmin`,`message`)\r\n VALUES ('{$cfg_ml->M_LoginID}','{$cfg_ml->M_ID}','{$row['mid']}','{$row['userid']}','outbox','{$subject}','{$sendtime}','{$writetime}','0','0','{$message}'); "; $dsql->ExecuteNoneQuery($inquery1); $dsql->ExecuteNoneQuery($inquery2); ShowMsg("成功发送一条信息!", "pm.php?dopost=outbox"); exit; } else { if ($dopost == 'del') { $ids = preg_replace("#[^0-9,]#", "", $ids); if ($folder == 'inbox') { $boxsql = "SELECT * FROM `#@__member_pms` WHERE id IN({$ids}) AND folder LIKE 'inbox' AND toid='{$cfg_ml->M_ID}'"; $dsql->SetQuery($boxsql);
if (strtolower($vdcode) != $svali || $svali == '') { ResetVdValue(); ShowMsg('验证码错误!', '-1'); exit; } $uidnum = intval($uidnum); if (empty($uidnum)) { ShowMsg('参数错误!', '-1'); exit; } if (strlen($msg) < 6) { ShowMsg('你的留言内容太短!', '-1'); exit; } $uname = HtmlReplace($uname, 1); $msg = cn_substrR(HtmlReplace($msg), 2048); if ($cfg_ml->M_UserName != '' && $cfg_ml->M_ID != $uidnum) { $gid = $cfg_ml->M_UserName; } else { $gid = ''; } $inquery = "INSERT INTO `#@__member_guestbook`(mid,gid,msg,uname,ip,dtime)\r\n VALUES ('{$uidnum}','{$gid}','{$msg}','{$uname}','" . GetIP() . "'," . time() . "); "; $dsql->ExecuteNoneQuery($inquery); ShowMsg('成功提交你的留言!', "index.php?uid={$uid}&action=guestbook"); exit; } else { if ($action == 'newfriend') { CheckRank(0, 0); if ($_vars['mid'] == $cfg_ml->M_ID) { ShowMsg("你不能加自己为好友!", "index.php?uid=" . $uid); exit;
$action = isset($action) ? trim($action) : ''; if (!$cfg_ml->IsLogin()) { ShowMsg("未登录前不充许该操作!", "-1"); exit; } if ($id < 1) { ShowMsg("错误,未定义的操作!", "-1"); exit; } if ($action == "save") { $svali = GetCkVdValue(); if (strtolower($vdcode) != $svali || $svali == "") { ShowMsg("认证码错误!", "-1"); exit; } $subject = cn_substrR(trim(HtmlReplace($subject), 2), 80); $text = preg_replace("#<(iframe|script)#i", "", $text); if (CountStrLen($text) < 3 || CountStrLen($text) > 1000) { ShowMsg("内容字数应该在3-1000个汉字!", "-1"); exit; } if (preg_match("#{$cfg_notallowstr}#", $subject) || preg_match("#{$cfg_notallowstr}#", $text)) { ShowMsg("含有非法字符!", "-1"); exit; } $subject = preg_replace("/{$cfg_replacestr}/", "***", $subject); $text = preg_replace("/{$cfg_replacestr}/", "***", $text); $userip = GetIP(); $SetQuery = "INSERT INTO #@__group_guestbook(gid,title,uname,userid,stime,message,ip) "; $SetQuery .= "VALUES('{$id}','{$subject}','" . $cfg_ml->M_UserName . "','" . $cfg_ml->M_ID . "','" . time() . "','{$text}','{$userip}');"; if ($db->ExecuteNoneQuery($SetQuery)) {
<?php //AJAX窗体结束 } else { if ($dopost == 'quickEditSave') { require_once DEDEADMIN . '/inc/inc_archives_functions.php'; //权限检测 if (!TestPurview('a_Edit')) { if (TestPurview('a_AccEdit')) { CheckCatalog($typeid, "对不起,你没有操作栏目 {$typeid} 的文档权限!"); } else { CheckArcAdmin($aid, $cuserLogin->getUserID()); } } $title = dede_htmlspecialchars(cn_substrR($title, $cfg_title_maxlen)); $shorttitle = cn_substrR($shorttitle, 36); $keywords = trim(cn_substrR($keywords, 60)); if (!TestPurview('a_Check,a_AccCheck,a_MyCheck')) { $arcrank = -1; } $adminid = $cuserLogin->getUserID(); //属性处理 $flag = isset($flags) ? join(',', $flags) : ''; if (!empty($flag)) { if (preg_match("#p#", $oldflag)) { $flag .= ',p'; } if (preg_match("#j#", $oldflag)) { $flag .= ',j'; } } /*
if (@filesize($_FILES['spacelogo']['tmp_name']) > $maxlength) { ShowMsg("你上传的Logo文件超过了系统限制大小:{$cfg_max_face} K!", '-1'); exit; } //删除旧图片(防止文件扩展名不同,如:原来的是gif,后来的是jpg) if (eregi("\\.(jpg|gif|png)\$", $oldspacelogo) && file_exists($cfg_basedir . $oldspacelogo)) { @unlink($cfg_basedir . $oldspacelogo); } //上传新工图片 $spacelogo = MemberUploads('spacelogo', '', $cfg_ml->M_ID, 'image', 'mylogo', 200, 50); } else { $spacelogo = $oldspacelogo; } $pagesize = intval($pagesize); $spacename = cn_substrR(HtmlReplace($spacename, 2), 50); $sign = cn_substrR(HtmlReplace($sign), 100); $spacenews = HtmlReplace($spacenews, -1); $query = "update `#@__member_space` set `pagesize` = '{$pagesize}',`spacename`='{$spacename}' , spacelogo='{$spacelogo}', `sign` = '{$sign}' ,`spacenews`='{$spacenews}' where mid='{$cfg_ml->M_ID}' "; $dsql->ExecuteNoneQuery($query); if ($cfg_ml->M_Spacesta >= 0) { $dsql->ExecuteNoneQuery("update `#@__member` set spacesta=1 where mid='{$cfg_ml->M_ID}' And spacesta < 1 "); } ShowMsg('成功更新空间信息!', 'edit_space_info.php'); exit; } else { $row = $dsql->GetOne("select * from `#@__member_space` where mid='" . $cfg_ml->M_ID . "'"); if (!is_array($row)) { $inquery = "Insert Into `#@__member_space`(`mid` ,`pagesize` ,`matt` ,`spacename` ,`spacelogo` , `sign` ,`spacenews`)\r\n\t\t\t Values('{$cfg_ml->M_ID}', '10', '0', '{$cfg_ml->M_UserName}的空间', '', '', ''); "; $row['spacename'] = ''; $row['sign'] = ''; $row['pagesize'] = 10;
* 圈子分类设置 * * @version $Id: group_store.php 1 15:34 2011-1-21 tianya $ * @package DedeCMS.Administrator * @copyright Copyright (c) 2007 - 2010, DesDev, Inc. * @license http://help.dedecms.com/usersguide/license.html * @link http://www.dedecms.com */ require_once dirname(__FILE__) . "/config.php"; CheckPurview('group_Store'); require_once DEDEINC . '/datalistcp.class.php'; setcookie("ENV_GOBACK_URL", $dedeNowurl, time() + 3600, "/"); $id = isset($id) && is_numeric($id) ? $id : 0; $action = isset($action) ? trim($action) : ''; if ($action == "add") { $storename = cn_substrR(HtmlReplace($storename, 2), 20); $tops = preg_replace("#[^0-9]#", "", $tops); $orders = preg_replace("#[^0-9]#", "", $orders); if ($tops < 1) { $tops = 0; } if ($orders < 1) { $orders = 0; } if (empty($storename)) { $msg = "错误,分类名不能为空!"; } else { $db->ExecuteNoneQuery("INSERT INTO #@__store_groups(storename,tops,orders) VALUES('" . $storename . "','" . $tops . "','" . $orders . "');"); $msg = "成功添加分类"; } } else {
if ($rs['c'] >= $cfg_group_max && $cfg_group_max > 0) { ShowMsg("超过创建圈子最大数{$cfg_group_max}个!.", "-1"); exit; } $title = "创建圈子"; /*------------ function SaveGroupinfo(); --------------*/ if ($action == "save") { $groupname = cn_substrR($groupname, 16); if (strlen($groupname) < 2 || strlen($groupname) > 20) { ShowMsg("圈子名称过短!,在2-8个字内.", "-1"); exit; } $storeid = preg_replace("#[^0-9]#", "", $store); $description = cn_substrR(HtmlReplace($des, -1), 100); //var_dump($description);exit; if (strlen($description) < 5 || strlen($description) > 200) { ShowMsg("圈子说明在5-100个字符范围内!.", "-1"); exit; } $row = $db->GetOne("SELECT tops FROM #@__store_groups WHERE storeid='{$storeid}'"); if ($row['tops'] > 0) { $rootstoreid = $row['tops']; } else { $rootstoreid = $storeid; } //处理上传的缩略图 $litpic = MemberUploads('litpic', '', $cfg_ml->M_ID, 'image', '', 100, 70, FALSE); if ($litpic != '') { SaveUploadInfo($title, $litpic, 1);
} //文档的默认状态 if ($cInfos['arcsta'] == 0) { $ismake = 0; $arcrank = 0; } else { if ($cInfos['arcsta'] == 1) { $ismake = -1; $arcrank = 0; } else { $ismake = 0; $arcrank = -1; } } //对保存的内容进行处理 $title = cn_substrR(HtmlReplace($title, 1), $cfg_title_maxlen); $writer = cn_substrR(HtmlReplace($writer, 1), 20); if (empty($description)) { $description = ''; } $description = cn_substrR(HtmlReplace($description, 1), 250); $keywords = cn_substrR(HtmlReplace($tags, 1), 30); $mid = $cfg_ml->M_ID; $isadmin = $cfg_ml->fields['matt'] == 10 ? true : false; //处理上传的缩略图 $litpic = MemberUploads('litpic', $oldlitpic, $mid, 'image', '', $cfg_ddimg_width, $cfg_ddimg_height, false, $isadmin); if ($litpic != '') { SaveUploadInfo($title, $litpic, 1); } else { $litpic = $oldlitpic; }
} $ip = GetIP(); $dtime = time(); $uname = trimMsg($uname); $email = trimMsg($email); $homepage = trimMsg($homepage); $homepage = preg_replace("#http:\\/\\/#", '', $homepage); $qq = trimMsg($qq); $msg = trimMsg(cn_substrR($msg, 1024), 1); $tid = empty($tid) ? 0 : intval($tid); $reid = empty($reid) ? 0 : intval($reid); if ($msg == '' || $uname == '') { showMsg('你的姓名和留言内容不能为空!', '-1'); exit; } $title = HtmlReplace(cn_substrR($title, 60), 1); if ($title == '') { $title = '无标题'; } if ($reid != 0) { $row = $dsql->GetOne("SELECT msg FROM `#@__guestbook` WHERE id='{$reid}' "); $msg = "<div class=\\'rebox\\'>" . addslashes($row['msg']) . "</div>\n" . $msg; } $query = "INSERT INTO `#@__guestbook`(title,tid,mid,uname,email,homepage,qq,face,msg,ip,dtime,ischeck)\r\n VALUES ('{$title}','{$tid}','{$g_mid}','{$uname}','{$email}','{$homepage}','{$qq}','{$img}','{$msg}','{$ip}','{$dtime}','{$needCheck}'); "; $dsql->ExecuteNoneQuery($query); $gid = $dsql->GetLastID(); if ($needCheck == 1) { require_once DEDEINC . "/oxwindow.class.php"; $msg = "\r\n <font color='red'><b>成功发送或回复留言!</b></font> <a href='guestbook.php' style='font-size:14px;font-weight:bold'><u>我已经知道了,点击此返回>></u></a>"; $wintitle = "留言发布成功提示"; $wecome_info = "留言发布成功:";
$paytype = isset($paytype) && is_numeric($paytype) ? $paytype : 0; $pid = isset($pid) && is_numeric($pid) ? $pid : 0; if ($paytype < 1) { ShowMsg("请选择支付方式!", "-1"); exit; } if ($pid < 1) { ShowMsg("请选择配送方式!", "-1"); exit; } $address = cn_substrR(trim($address), 200); $des = cn_substrR($des, 100); $postname = cn_substrR(trim($postname), 15); $tel = ereg_replace("[^-0-9,\\/\\| ]", "", $tel); $zip = ereg_replace("[^0-9]", "", $zip); $email = cn_substrR($email, 255); if (empty($tel)) { ShowMsg("请填写正确的收货人联系电话!", "-1"); exit; } if ($zip < 1 || $zip > 999999) { ShowMsg("请填写正确的收货人邮政编码!", "-1"); exit; } //确认用户登录信息 if ($cfg_ml->IsLogin()) { $userid = $cfg_ml->M_ID; } else { $username = trim($username); $password = trim($password); if (empty($username) || $password) {
if ($job == 'check' && $g_isadmin) { $dsql->ExecuteNoneQuery(" UPDATE `#@__guestbook` SET ischeck=1 WHERE id='{$id}' "); ShowMsg("成功审核一条留言!", $GUEST_BOOK_POS); exit; } else { if ($job == 'editok') { $remsg = trim($remsg); if ($remsg != '') { //管理员回复不过滤HTML if ($g_isadmin) { $msg = "<div class=\\'rebox\\'>" . $msg . "</div>\n" . $remsg; //$remsg <br><font color=red>管理员回复:</font> } else { $row = $dsql->GetOne("SELECT msg From `#@__guestbook` WHERE id='{$id}' "); $oldmsg = "<div class=\\'rebox\\'>" . addslashes($row['msg']) . "</div>\n"; $remsg = trimMsg(cn_substrR($remsg, 1024), 1); $msg = $oldmsg . $remsg; } } $dsql->ExecuteNoneQuery("UPDATE `#@__guestbook` SET `msg`='{$msg}', `posttime`='" . time() . "' WHERE id='{$id}' "); ShowMsg("成功更改或回复一条留言!", $GUEST_BOOK_POS); exit; } } } if ($g_isadmin) { $row = $dsql->GetOne("SELECT * FROM `#@__guestbook` WHERE id='{$id}'"); require_once DEDETEMPLATE . '/plus/guestbook-admin.htm'; } else { $row = $dsql->GetOne("SELECT id,title FROM `#@__guestbook` WHERE id='{$id}'"); require_once DEDETEMPLATE . '/plus/guestbook-user.htm';
<?php require_once dirname(__FILE__) . "/config.php"; CheckPurview('member_Pm'); if (!isset($action)) { $action = ''; } if ($action == "post") { $floginid = 'admin'; $fromid = 0; $toid = 0; $tologinid = 0; $sendtime = time(); $writetime = time(); $subject = cn_substrR(HtmlReplace($subject), 70); $message = cn_substrR(HtmlReplace($message), 1000); if (!isset($subject) || empty($subject)) { ShowMsg('短信标题不能为空!', '-1'); exit; } else { if (!isset($message) || empty($message)) { ShowMsg('请填写短信内容!', '-1'); exit; } } #api{{ if (defined('UC_API') && @(include_once DEDEROOT . '/uc_client/client.php')) { uc_pm_send(0, '', $subject, $message); ShowMsg('短信已成功发送', '-1'); exit; }
if (empty($subject)) { $msg = "请填写公告标题!"; } else { if (empty($notice) || CountStrLen($notice > 100)) { $msg = "请填写规定长度的公告内容!"; } else { $SetQuery = "UPDATE #@__group_notice SET title='{$subject}',notice='{$notice}',stime='" . time() . "',ip='{$userip}' WHERE id='{$nid}';"; $db->ExecuteNoneQuery($SetQuery); $msg = "已经更改公告!"; } } ShowMsg($msg, ''); } else { if ($action == "add") { $notice = eregi_replace("<(iframe|script)", "", $notice); $subject = cn_substrR(HtmlReplace($subject, 2), 80); $userip = GetIP(); if (empty($subject)) { $msg = "请填写公告标题!"; } else { if (empty($notice) || CountStrLen($notice > 100)) { $msg = "请填写规定长度的公告内容!"; } else { $SetQuery = "INSERT INTO #@__group_notice(uname,userid,title,notice,stime,gid,ip) VALUES('" . $cfg_ml->M_UserName . "','" . $cfg_ml->M_ID . "','" . $subject . "','" . $notice . "','" . time() . "','{$id}','" . $userip . "');"; $db->ExecuteNoneQuery($SetQuery); $msg = "已经更改公告!"; } } ShowMsg($msg, ''); } }
if ($cInfos['issend'] != 1 || $cInfos['ispart'] != 0 || $cInfos['channeltype'] != $channelid || $cInfos['cissend'] != 1) { ShowMsg("你所选择的栏目不支持投稿!", "-1"); exit; } //文档的默认状态 if ($cInfos['arcsta'] == 0) { $arcrank = 0; } else { if ($cInfos['arcsta'] == 1) { $arcrank = 0; } else { $arcrank = -1; } } //对保存的内容进行处理 $title = cn_substrR(HtmlReplace($title, 1), $cfg_title_maxlen); $mid = $cfg_ml->M_ID; //处理上传的缩略图 $litpic = MemberUploads('litpic', $oldlitpic, $mid, 'image', '', $cfg_ddimg_width, $cfg_ddimg_height, false); if ($litpic != '') { SaveUploadInfo($title, $litpic, 1); } else { $litpic = $oldlitpic; } //分析处理附加表数据 $inadd_f = ''; if (!empty($dede_addonfields)) { $addonfields = explode(';', $dede_addonfields); if (is_array($addonfields)) { foreach ($addonfields as $v) { if ($v == '') {
$groupuid = $row['uid']; $groupisindex = $row['isindex']; $groupsmalltype = $row['smalltype']; if ($cfg_ml->M_ID != $groupuid) { ShowMsg("该圈子不在你的管辖范围内!", "-1"); exit; } //编译小分类成数组 $smalltypes = @explode(",", $row['smalltype']); if (!isset($action)) { $action = ''; } if ($action == "save") { $groupname = cn_substrR($groupname, 75); $storeid = ereg_replace("[^0-9]", "", $store); $description = cn_substrR($des, 100); $row = $db->GetOne("SELECT tops FROM #@__store_groups WHERE storeid='{$storeid}'"); if ($row['tops'] > 0) { $rootstoreid = $row['tops']; } else { $rootstoreid = $storeid; } //处理上传的缩略图 $litpic = MemberUploads('litpic', '', $cfg_ml->M_ID, 'image', '', 100, 70, false); if ($litpic != '') { SaveUploadInfo($groupname, $litpic, 1); } $inQuery = "UPDATE #@__groups SET groupname='" . $groupname . "',des='" . $description . "',groupimg='" . $litpic . "',rootstoreid='{$rootstoreid}',storeid='{$storeid}' WHERE groupid='{$id}' AND uid='" . $cfg_ml->M_ID . "';"; $db->SetQuery($inQuery); if (!$db->ExecuteNoneQuery()) { echo $db->GetError();
function GetData($fname) { $reValue = ''; $ftype = $this->fields[$fname]['type']; $GLOBALS[$fname] = isset($GLOBALS[$fname]) ? $GLOBALS[$fname] : @$GLOBALS['request']->forms[$fname]; //二进制单独处理 if (in_array($ftype, $this->binTypes)) { return $this->GetBinData($fname); } else { if (!isset($GLOBALS[$fname])) { if (isset($this->fields[$fname]['default'])) { return $this->fields[$fname]['default']; } else { if (in_array($ftype, $this->intTypes) || in_array($ftype, $this->floatTypes)) { return 0; } else { if (in_array($ftype, $this->charTypes) || in_array($ftype, $this->textTypes)) { return ''; } else { return 'NULL'; } } } } else { if (preg_match("#YEAR|INT#", $ftype)) { // $temp = isset($GLOBALS[$fname][0])? $GLOBALS[$fname][0] : 0; $negTag = is_int($GLOBALS[$fname]) && $GLOBALS[$fname] < 0 ? '-' : $GLOBALS[$fname]; $reValue = preg_replace("#[^0-9]#", '', $GLOBALS[$fname]); $reValue = empty($reValue) ? 0 : intval($reValue); if ($negTag == '-' && !$this->fields[$fname]['unsigned'] && $reValue != 0 && $ftype != 'YEAR') { $reValue = intval('-' . $reValue); } } else { if (in_array($ftype, $this->floatTypes)) { $negTag = $GLOBALS[$fname][0]; $reValue = preg_replace("#[^0-9\\.]|^\\.#", '', $GLOBALS[$fname]); $reValue = empty($reValue) ? 0 : doubleval($reValue); if ($negTag == '-' && !$this->fields[$fname]['unsigned'] && $reValue != 0) { $reValue = intval('-' . $reValue); } } else { if (in_array($ftype, $this->charTypes)) { $reValue = cn_substrR($this->StringSafe($GLOBALS[$fname]), $this->fields[$fname]['length']); } else { if (in_array($ftype, $this->textTypes)) { $reValue = $this->StringSafe($GLOBALS[$fname]); } else { if ($ftype == 'SET') { $sysSetArr = explode(',', $this->fields[$fname]['em']); if (!is_array($GLOBALS[$fname])) { $setArr[] = $GLOBALS[$fname]; } else { $setArr = $GLOBALS[$fname]; } $reValues = array(); foreach ($setArr as $a) { if (in_array($a, $sysSetArr)) { $reValues[] = $a; } } $reValue = count($reValues) == 0 ? 'NULL' : join(',', $reValues); } else { if ($ftype == 'ENUM') { $sysEnumArr = explode(',', $this->fields[$fname]['em']); if (in_array($GLOBALS[$fname], $sysEnumArr)) { $reValue = $GLOBALS[$fname]; } else { $reValue = 'NULL'; } } else { if (in_array($ftype, $this->dateTypes)) { if ($ftype == 'TIMESTAMP') { $reValue = GetMkTime($GLOBALS[$fname]); } else { $reValue = preg_replace("#[^0-9 :-]#", '', $GLOBALS[$fname]); } } } } } } } } } } return $reValue; }
<?php require_once dirname(__FILE__) . "/config.php"; CheckPurview('sys_Feedback'); $id = isset($id) && is_numeric($id) ? $id : 0; $ENV_GOBACK_URL = empty($_COOKIE['ENV_GOBACK_URL']) ? "story_feedback_main.php" : $_COOKIE['ENV_GOBACK_URL']; if (empty($dopost)) { $dopost = ""; } if ($dopost == 'edit') { $msg = cn_substrR($msg, 2500); $adminmsg = trim($adminmsg); if ($adminmsg != "") { $adminmsg = cn_substrR($adminmsg, 1500); $adminmsg = str_replace("<", "<", $adminmsg); $adminmsg = str_replace(">", ">", $adminmsg); $adminmsg = str_replace(" ", " ", $adminmsg); $adminmsg = str_replace("\r\n", "<br/>\n", $adminmsg); $msg = $msg . "<br/>\n" . "<font color=red>管理员回复: {$adminmsg}</font>\n"; } $query = "UPDATE `#@__bookfeedback` SET username='******',msg='{$msg}',ischeck=1 WHERE id={$id}"; $dsql->ExecuteNoneQuery($query); ShowMsg("成功回复一则留言!", $ENV_GOBACK_URL); exit; } $query = "SELECT * FROM `#@__bookfeedback` WHERE id={$id}"; $row = $dsql->GetOne($query); include DedeInclude('templets/story_feedback_edit.htm');
ShowMsg("成功退出登录!", "index.php", 0, 2000); exit; } } } else { if ($fmdo == 'moodmsg') { //用户登录 if ($dopost == "sendmsg") { if (!empty($content)) { $ip = GetIP(); $dtime = time(); $ischeck = $cfg_mb_msgischeck == 'Y' ? 0 : 1; if ($cfg_soft_lang == 'gb2312') { $content = utf82gb(nl2br($content)); } $content = cn_substrR(HtmlReplace($content, 1), 360); //对表情进行解析 $content = addslashes(preg_replace("/\\[face:(\\d{1,2})\\]/is", "<img src='" . $cfg_memberurl . "/templets/images/smiley/\\1.gif' style='cursor: pointer; position: relative;'>", $content)); $content = RemoveXSS($content); $inquery = "INSERT INTO `#@__member_msg`(`mid`,`userid`,`ip`,`ischeck`,`dtime`, `msg`)\n VALUES ('{$cfg_ml->M_ID}','{$cfg_ml->M_LoginID}','{$ip}','{$ischeck}','{$dtime}', '{$content}'); "; $rs = $dsql->ExecuteNoneQuery($inquery); if (!$rs) { $output['type'] = 'error'; $output['data'] = '更新失败,请重试.'; exit; } $output['type'] = 'success'; if ($cfg_soft_lang == 'gb2312') { $content = utf82gb(nl2br($content)); } $output['data'] = stripslashes($content);
/** * 记录会员操作日志 * * @access public * @param string $type 记录类型 * @param string $title 记录标题 * @param string $note记录描述 * @param string $aid涉及到的内容的id * @return string */ function RecordFeeds($type, $title, $note, $aid) { global $dsql, $cfg_mb_feedcheck; //确定是否需要记录 if (in_array($type, array('add', 'addsoft', 'feedback', 'addfriends', 'stow'))) { $ntime = time(); $title = htmlspecialchars(cn_substrR($title, 255)); if (in_array($type, array('add', 'addsoft', 'feedback', 'stow'))) { $rcdtype = array('add' => ' 成功发布了', 'addsoft' => ' 成功发布了软件', 'feedback' => ' 评论了文章', 'stow' => ' 收藏了'); //内容发布处理 $arcrul = " <a href='/plus/view.php?aid=" . $aid . "'>" . $title . "</a>"; $title = htmlspecialchars($rcdtype[$type] . $arcrul, ENT_QUOTES); } else { if ($type == 'addfriends') { //添加好友处理 $arcrul = " <a href='/member/index.php?uid=" . $aid . "'>" . $aid . "</a>"; $title = htmlspecialchars(' 与' . $arcrul . "成为好友", ENT_QUOTES); } } $note = Html2Text($note); $aid = isset($aid) && is_numeric($aid) ? $aid : 0; $ischeck = $cfg_mb_feedcheck == 'Y' ? 0 : 1; $query = "INSERT INTO `#@__member_feed` (`mid`, `userid`, `uname`, `type`, `aid`, `dtime`,`title`, `note`, `ischeck`) \n Values('{$this->M_ID}', '{$this->M_LoginID}', '{$this->M_UserName}', '{$type}', '{$aid}', '{$ntime}', '{$title}', '{$note}', '{$ischeck}'); "; $rs = $dsql->ExecuteNoneQuery($query); return $rs; } else { return FALSE; } }
$ip = GetIP(); $dtime = time(); if (!empty($cfg_feedback_time)) { //检查最后发表评论时间,如果未登陆判断当前IP最后评论时间 $where = $cfg_ml->M_ID > 0 ? "WHERE `mid` = '{$cfg_ml->M_ID}' " : "WHERE `ip` = '{$ip}' "; $row = $dsql->GetOne("SELECT dtime FROM `#@__feedback` {$where} ORDER BY `id` DESC "); if (is_array($row) && $dtime - $row['dtime'] < $cfg_feedback_time) { ResetVdValue(); echo '<font color="red">管理员设置了评论间隔时间,请稍等休息一下!</font>'; exit; } } $face = intval($face); extract($arcRow, EXTR_SKIP); $msg = cn_substrR(TrimMsg($msg), 500); $username = cn_substrR(HtmlReplace($username, 2), 20); if (empty($feedbacktype) || $feedbacktype != 'good' && $feedbacktype != 'bad') { $feedbacktype = 'feedback'; } //保存评论内容 if (!empty($fid)) { $row = $dsql->GetOne("Select username,msg from `#@__feedback` where id ='{$fid}' "); $qmsg = '{quote}{title}' . $row['username'] . ' 的原帖:{/title}{content}' . $row['msg'] . '{/content}{/quote}'; $msg = addslashes($qmsg) . $msg; } $ischeck = $cfg_feedbackcheck == 'Y' ? 0 : 1; $arctitle = addslashes($title); $inquery = "INSERT INTO `#@__feedback`(`aid`,`typeid`,`username`,`arctitle`,`ip`,`ischeck`,`dtime`, `mid`,`bad`,`good`,`ftype`,`face`,`msg`)\r\n\t VALUES ('{$aid}','{$typeid}','{$username}','{$arctitle}','{$ip}','{$ischeck}','{$dtime}', '{$cfg_ml->M_ID}','0','0','{$feedbacktype}','{$face}','{$msg}'); "; $rs = $dsql->ExecuteNoneQuery($inquery); if (!$rs) { echo "<font color='red'>发表评论出错了!</font>";
if (!preg_match('/[0-9]/', $period)) { ShowMsg("期刊号只能为数字!", "-1"); exit; } if ($title == '') { ShowMsg("请填写信息标题!", "-1"); exit; } if ($message == '') { ShowMsg("请填写内容!", "-1"); exit; } $message = stripslashes($message); $pattern = "/\\" . $cfg_medias_dir . "/"; $message = preg_replace($pattern, $cfg_basehost . $cfg_medias_dir, $message); $title = cn_substrR(HtmlReplace($title, 1), 60); $writer = $cuserLogin->getUserName(); $mid = $cuserLogin->getUserID(); $query = "UPDATE #@__mail_title SET period='{$period}',typeid='{$typeid}',title='{$title}',content='{$message}',writer='{$writer}',mid='{$mid}' WHERE id={$id}"; if (!$dsql->ExecuteNoneQuery($query)) { ShowMsg("更新数据库#@__mail_title表时出错,请检查!", "javascript:;"); exit; } else { ShowMsg("编辑期刊成功!", "mail_title.php"); exit; } } elseif ($dopost == "delete") { $dsql->ExecuteNoneQuery("Delete From `#@__mail_title` where id='{$id}'"); ShowMsg("删除期刊成功!", "mail_title.php"); exit; } else {
if ($row['value'] == '') { $row['value'] = 0; } fwrite($fp, "\${$row['varname']} = " . $row['value'] . ";\r\n"); } else { fwrite($fp, "\${$row['varname']} = '" . str_replace("'", '', $row['value']) . "';\r\n"); } } fwrite($fp, "?" . ">"); fclose($fp); } //保存配置的改动 if ($dopost == "save") { foreach ($_POST as $k => $v) { if (ereg("^edit___", $k)) { $v = cn_substrR(${$k}, 1024); } else { continue; } $k = ereg_replace("^edit___", "", $k); $dsql->ExecuteNoneQuery("Update `#@__sysconfig` set `value`='{$v}' where varname='{$k}' "); } ReWriteConfig(); ShowMsg("成功更改站点配置!", "sys_info.php"); exit; } else { if ($dopost == 'add') { if ($vartype == 'bool' && ($nvarvalue != 'Y' && $nvarvalue != 'N')) { ShowMsg("布尔变量值必须为'Y'或'N'!", "-1"); exit; }
$msg = "错误,分类:{$categories},已存在!"; } } } else { if ($action == 'edit') { if (isset($orders)) { $orders = preg_replace("#[^0-9]#", "", $orders); } else { $orders = 0; } if (isset($categoriesid)) { $categoriesid = preg_replace("#[^0-9]#", "", $categoriesid); } else { $categoriesid = 0; } $categories = cn_substrR(HtmlReplace($categories, 2), 15); if ($userit == 'false' && in_array($categoriesid, $smalltype)) { //移出数组 $k = array_search($categoriesid, $smalltype); unset($smalltype[$k]); } else { if ($userit == 'true' && !in_array($categoriesid, $smalltype)) { @array_push($smalltype, $categoriesid); } } $smalltype = @array_filter($smalltype); $smalltypetxt = @implode(",", $smalltype); $db->ExecuteNoneQuery("UPDATE #@__groups SET smalltype='{$smalltypetxt}' WHERE groupid=" . $id); $db->ExecuteNoneQuery("UPDATE #@__group_smalltypes SET `name`='{$categories}',disorder='{$orders}' WHERE id=" . $categoriesid); $msg = "成功修改类别:{$categories}!"; } else {
ResetVdValue(); ShowMsg('验证码错误!', '-1'); exit; } $uidnum = intval($uidnum); if (empty($uidnum)) { ShowMsg('参数错误!', '-1'); exit; } if (strlen($msg) < 6) { ShowMsg('你的留言内容太短!', '-1'); exit; } $uname = HtmlReplace($uname, 1); $msg = cn_substrR(HtmlReplace($msg), 2048); $title = cn_substrR(HtmlReplace($title), 255); if ($cfg_ml->M_UserName != '' && $cfg_ml->M_ID != $uidnum) { $gid = $cfg_ml->M_UserName; } else { $gid = ''; } $inquery = "INSERT INTO `#@__member_guestbook`(mid,gid,title,msg,uname,ip,dtime)\n VALUES ('{$uidnum}','{$gid}','{$title}','{$msg}','{$uname}','" . GetIP() . "'," . time() . "); "; $dsql->ExecuteNoneQuery($inquery); ShowMsg('成功提交你的留言!', "index.php?uid={$uid}&action=guestbook"); exit; } else { if ($action == 'guestbookdel') { CheckRank(0, 0); if ($cfg_ml->M_LoginID != $uid) { ShowMsg('这条留言不是给你的,你不能删除!', -1); exit;
CheckCatalog($typeid, "对不起,你没有操作栏目 {$typeid} 的权限!"); } //对保存的内容进行处理 if (empty($writer)) { $writer = $cuserLogin->getUserName(); } if (empty($source)) { $source = '未知'; } if (empty($flags)) { $flag = ''; } else { $flag = join(',', $flags); } $senddate = time(); $title = cn_substrR($title, $cfg_title_maxlen); $isremote = empty($isremote) ? 0 : $isremote; $serviterm = empty($serviterm) ? "" : $serviterm; if (!TestPurview('a_Check,a_AccCheck,a_MyCheck')) { $arcrank = -1; } $adminid = $cuserLogin->getUserID(); $userip = GetIP(); if (empty($ddisremote)) { $ddisremote = 0; } $litpic = GetDDImage('none', $picname, $ddisremote); //生成文档ID $arcID = GetIndexKey($arcrank, $typeid, $senddate, $channelid, $senddate, $adminid); if (empty($arcID)) { ShowMsg("无法获得主键,因此无法进行后续操作!", "-1");
CheckArcAdmin($id, $cuserLogin->getUserID()); } } //对保存的内容进行处理 $pubdate = GetMkTime($pubdate); $sortrank = AddDay($pubdate, $sortup); $ismake = $ishtml == 0 ? -1 : 0; $autokey = 1; //$title = htmlspecialchars(cn_substrR($title,$cfg_title_maxlen,ENT_COMPAT ,"GB2312")); $shorttitle = cn_substrR($shorttitle, 36); $color = cn_substrR($color, 7); $writer = cn_substrR($writer, 20); $source = cn_substrR($source, 30); $description = cn_substrR($description, 250); $keywords = trim(cn_substrR($keywords, 60)); $filename = trim(cn_substrR($filename, 40)); $isremote = empty($isremote) ? 0 : $isremote; $serviterm = empty($serviterm) ? "" : $serviterm; if (!TestPurview('a_Check,a_AccCheck,a_MyCheck')) { $arcrank = -1; } $adminid = $cuserLogin->getUserID(); //处理上传的缩略图 if (empty($ddisremote)) { $ddisremote = 0; } $litpic = GetDDImage('none', $picname, $ddisremote); //分析body里的内容 $body = AnalyseHtmlBody($body, $description, $litpic, $keywords, 'htmltext'); //分析处理附加表数据 $inadd_f = '';
} ShowMsg("成功添加回复话题!", "viewthread.php?id={$id}&tid={$tid}"); exit; } else { if ($action == "edit" && ($ismaster || $cfg_ml->M_ID == $uid)) { $svali = GetCkVdValue(); if (strtolower($vdcode) != $svali || $svali == "") { ShowMsg("认证码错误!", "-1"); exit; } $subject = cn_substrR(trim(HtmlReplace($subject, 2)), 80); if (CountStrLen($subject) > 80) { ShowMsg("主题字数应该在3-80个汉字!", "-1"); exit; } $threads = cn_substrR(eregi_replace("<(iframe|script)", "", $threads), 2000); if (CountStrLen($threads) < 3 || CountStrLen($threads) > $cfg_group_words) { ShowMsg("主题内容字数应该在3-{$cfg_group_words}个汉字!", "-1"); exit; } if (empty($threads)) { $threads = $message; } if (ereg("{$cfg_notallowstr}", $subject) || ereg("{$cfg_notallowstr}", $threads)) { ShowMsg("含有非法字符!.", "-1"); exit; } if ($first) { $types = ereg_replace("[^0-9]", "", $types); if ($types < 1) { $types = 0;
continue; } $dname = ${"m_dname" . $id}; $price = ${"m_price" . $id}; $des = ${"m_des" . $id}; if (empty($dname) || strlen($dname) > 100) { $dname = addslashes($row['dname']); } $price = preg_replace("#[^.0-9]#", "", $price); if (empty($price)) { $price = $row['price']; } if (empty($des)) { $des = addslashes($row['des']); } else { $des = cn_substrR($des, 255); } $dsql->ExecuteNoneQuery("UPDATE #@__shops_delivery SET dname='{$dname}',price='{$price}',des='{$des}' WHERE pid='{$id}'"); } ShowMsg("成功修改配送方式!", "shops_delivery.php"); exit; } } } $deliveryarr = array(); $dsql->SetQuery("SELECT pid,dname,price,des FROM #@__shops_delivery ORDER BY orders ASC"); $dsql->Execute(); while ($row = $dsql->GetArray()) { $deliveryarr[] = $row; } $dlist = new DataListCP();
$comface = $oldcomface; } if (empty($city)) { $place = $province; } else { $place = $city; } $tel = GetAlabNum($tel); $fax = GetAlabNum($fax); $mobile = GetAlabNum($mobile); $email = cn_substrR(eregi_replace("[^0-9a-z\\.@-]", '', $email), 50); $url = cn_substrR(eregi_replace("[^0-9a-z\\.:/-]", '', $url), 50); $product = cn_substrR(HtmlReplace($product, 1), 20); $linkman = cn_substrR(HtmlReplace($linkman, 1), 20); $company = cn_substrR(HtmlReplace($company, 1), 36); $address = cn_substrR(HtmlReplace($address, 1), 50); $introduce = HtmlReplace($introduce, -1); $uptime = time(); $dsql->ExecuteNoneQuery("Delete From `#@__member_company` where mid='{$cfg_ml->M_ID}' "); $inquery = "INSERT INTO `#@__member_company` (`mid` , `company` , `product` , `place` , `vocation` , `cosize` , `tel` , `fax` , `linkman` , `address`,`uptime` ,`mobile`,`email`,`url`, `introduce` ,`comface`)\r\n VALUES ('{$cfg_ml->M_ID}','{$company}','{$product}','{$place}','{$vocation}','{$cosize}','{$tel}','{$fax}','{$linkman}','{$address}','{$uptime}','{$mobile}','{$email}','{$url}','{$introduce}', '{$comface}'); "; $rs = $dsql->ExecuteNoneQuery($inquery); if (!$rs) { ShowMsg("保存信息时发生错误,请联系管理员!" . $dsql->GetError(), 'javascript:;'); exit; } if ($cfg_ml->M_Spacesta >= 0) { $dsql->ExecuteNoneQuery("update `#@__member` set spacesta=2 where mid='{$cfg_ml->M_ID}' And spacesta < 2 "); } ShowMsg("成功修改你的企业资料!", 'edit_fullinfo.php'); } else { ShowMsg('系统没提供 ' . $cfg_ml->M_MbType . ' 用户的详细信息数据接口!', '-1');