function shownews($id)
{
global $list_prefix, $NEWS, $MAIN;
$sql = "SELECT * FROM " . $list_prefix . "news WHERE id = '" . $id . "';";
$result = db_query($sql);
$rows = db_num_rows($result);
if ($rows != 0) {
$row = db_fetch_array($result);
$postedby = getuser($row['posted_by']);
//lets insert the prayerrequest into our working copy of this template.
$WORK = insert_into_template($NEWS, "{NEWSTITLE}", stripslashes($row['news_title']));
$WORK = insert_into_template($WORK, "{TEASER}", stripslashes($row['teaser']));
$WORK = insert_into_template($WORK, "{NEWSID}", $row['id']);
$WORK = insert_into_template($WORK, "{POSTEDBY}", $postedby);
$WORK = insert_into_template($WORK, "{BYLINE}", $row['byline']);
$WORK = insert_into_template($WORK, "{DATE}", date("m/d/Y", $row['date']));
$WORK = insert_into_template($WORK, "{CATEGORY}", getcatname($row['category']));
$WORK = insert_into_template($WORK, "{NEWS}", stripslashes($row['news']));
$i++;
//now lets add this request to the CONTENT.
$WORK = insert_into_template($MAIN, "{CONTENT}", $WORK);
$WORK = filltemplate($WORK, striphtml($row['news_title']));
printf("%s", striptemplate($WORK));
}
}
function forum_notify()
{
global $form, $db, $tab, $login, $threadid, $postid, $thisthread, $thisboard, $httpurl, $sendmail;
$userq = $db->query_str("SELECT * FROM {$tab['forum_notify']} WHERE threadid='{$threadid}' AND userid!='{$login['id']}'");
while ($notify = $db->fetch_array($userq)) {
$user = getuser($notify[userid]);
eval("\$mail[header] = \"" . gettemplate("forum.notify.mail.header") . "\";");
eval("\$mail[subject] = \"" . gettemplate("forum.notify.mail.subject") . "\";");
eval("\$mail[body] = \"" . gettemplate("forum.notify.mail.body") . "\";");
$sendmail->mail($user[user_email], $mail[subject], $mail[body], $mail[header]);
}
}
function all_action()
{
global $session;
$uid = $session->get('uid');
//前20个推荐的采集
$pins = bidcms_encode(getallpins());
$userinfo = array();
if ($uid > 0) {
$userinfo = getuser($uid, 0, 1);
}
include template('index_all');
}
function getarticles($perpage)
{
global $list_prefix;
$ARTICLES = loadtmplate("articles.mod");
$CONTENT = "";
//lets calculate our query
$sql = "SELECT * FROM " . $list_prefix . "articles ORDER BY `date` DESC LIMIT 0," . $perpage . ";";
//now lets show the prayerlist entries.
$result = db_query($sql);
if ($result) {
$rows = db_num_rows($result);
} else {
$rows = 0;
}
if ($rows != 0) {
$j = 0;
while ($j < $rows) {
//lets fetch our prayer request from the database.
$row = db_fetch_array($result);
$postedby = getuser($row['posted_by']);
//lets insert the prayerrequest into our working copy of this template.
$WORK = insert_into_template($ARTICLES, "{ARTICLETITLE}", stripslashes($row['article_title']));
$WORK = insert_into_template($WORK, "{TEASER}", stripslashes($row['teaser']));
$WORK = insert_into_template($WORK, "{ARTICLEID}", $row['id']);
$WORK = insert_into_template($WORK, "{POSTEDBY}", $postedby);
$WORK = insert_into_template($WORK, "{BYLINE}", $row['byline']);
$WORK = insert_into_template($WORK, "{DATE}", date("m/d/Y", $row['date']));
$WORK = insert_into_template($WORK, "{CATEGORY}", getcatname($row['category']));
$j++;
//now lets add this request to the CONTENT.
$CONTENT .= $WORK;
}
} else {
$CONTENT .= "There are no active articles at this time.<BR>\r\n";
}
//when we output this lets make sure that the output is stripped of any template elements that are not used.
return striptemplate($CONTENT);
}
<?php
include "../lib/mainfunc.php";
$bid = @$_GET['bid'];
$tid = @$_GET['tid'];
$page = @$_GET['p'];
$see_lz = @$_GET['see_lz'];
$users = getuser();
$currentuser = $users['username'];
if (!$page) {
$page = 1;
}
if (!$bid) {
$bid = 1;
}
if (!$tid) {
$tid = 1;
}
$data = mainfunc(array("bid" => $bid, "tid" => $tid, "p" => $page, "see_lz" => $see_lz), null);
$tdata = mainfunc(array("bid" => $bid, "tid" => $tid, "ask" => "tidinfo"));
$floordata = "";
if ($see_lz != "") {
$floordata = mainfunc(array("bid" => $bid, "tid" => $tid, "ask" => "getlznum"));
$floordata = $floordata[0];
}
if (count($tdata) == 0) {
$tdata = null;
} else {
$tdata = $tdata[0];
}
if ($floordata != "") {
include 'function.php';
?>
<?php
include 'header.php';
?>
<div class='container'>
<?php
$pid = $_GET['pid'];
if (isset($_GET['uid']) && !empty($_GET['uid'])) {
$uid = $_GET['uid'];
} else {
$uid = $_SESSION['myid'];
}
$myid = $_SESSION['myid'];
$username = getuser($uid, 'user_name');
?>
<h3><?php
echo $username;
?>
</h3>
<?php
$query = "select location from pins where pid = '{$pid}'";
$result = $conn->query($query);
$run = $result->fetch_array();
$location = $run['location'];
?>
<h4>Pin from: <a href='locphoto.php?location=<?php
echo $location;
?>
'><?php
<?php
include 'connect.php';
?>
<?php
include 'functions.php';
?>
<?php
include 'header.php';
?>
<div class="container">
<h3>Friends</h3>
<?php
$my_id = $_SESSION['user_id'];
$req_query = mysql_query("SELECT user_one, user_two FROM friends WHERE user_one='{$my_id}' OR user_two='{$my_id}'");
while ($run_req = mysql_fetch_array($req_query)) {
$user_one = $run_req['user_one'];
$user_two = $run_req['user_two'];
if ($user_one == $my_id) {
$user = $user_two;
} else {
$user = $user_one;
}
$username = getuser($user, 'username');
echo "<a class='box' style='display: block;' href='profile.php?user={$user}'>{$username}</a>";
}
?>
</div>
</body>
</html>
?>
<div class="container">
<div class="row">
<div class=" col-sm-8 col-sm-offset-2">
<div class="panel panel-primary">
<div class="panel-heading" >
<?php
echo $post['title'];
?>
by
<a href="user.php?id=<?php
echo $post['user_id'];
?>
">
<?php
$c = getuser($post['user_id']);
echo $c['username'];
?>
</a>
<span style="float:right">
<?php
echo " posted on " . $post['created'];
?>
</span>
</div>
<div class="panel-body" style="color:#191970">
<p class="text-center">
<?php
$a = getimage($post['image_id']);
if ($a) {
echo '<img class="panel" src="images/' . $a['filename'] . '">';
<?php
require_once '../inc/common.php';
$type = isset($_GET['type']) ? (int) $_GET['type'] : 0;
$user = getuser('mid,name,headimgurl');
$user['headimgurl'] = empty($user['headimgurl']) ? '../images/touxiang.png' : $user['headimgurl'];
$pageSize = 5;
$sql = "SELECT count(1) as count FROM m_comment WHERE mid = '{$user['mid']}' AND type = 0";
$sth = $db->prepare($sql);
$sth->execute();
$count = $sth->fetchColumn();
$pageTotal = ceil($count / $pageSize);
if (isset($_GET['aj_comm'])) {
if ($type == 0) {
$table = 'm_goods';
} elseif ($type == 1) {
$table = 'm_activites';
}
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
//获取请求的页数
$start = ($page - 1) * $pageSize;
$sql = "SELECT c.cid,c.pid,c.ctime,c.nice,c.imgs,c.content,g.name FROM m_comment as c\r\n\t\t\t\tLEFT JOIN {$table} as g ON c.pid = g.gid\r\n\t\t\t\tWHERE c.mid = '{$user['mid']}' AND c.type = '{$type}' ORDER BY c.ctime DESC LIMIT {$start}, {$pageSize}";
$sth = $db->prepare($sql);
$sth->execute();
$data = $sth->fetchAll(PDO::FETCH_ASSOC);
foreach ($data as $k => $v) {
$data[$k]['ctime'] = date('Y-m-d', $v['ctime']);
$data[$k]['imgs'] = explode('|', $v['imgs']);
}
die(json_encode($data));
//转换为json数据输出
href="#collapseOne">
<span class="glyphicon glyphicon-chevron-down"></span>
</a>
</div>
</div>
<div class="panel-collapse collapse" id="collapseOne">
<div class="panel-body" >
<?php
require_once 'include/db_connect.php';
if (isset($_GET['user']) and isset($_GET['hash'])) {
$hash = $_GET['hash'];
$user = $_GET['user'];
$ext = mysql_query("select * from conversation where chash='{$hash}' ");
while ($row = mysql_fetch_array($ext)) {
$cfrom = $row['cfrom'];
$cfrom1 = getuser($cfrom, 'user_name');
$msg = $row['msg'];
echo "<ul class='chat'>\n <li class='left clearfix'><span class='chat-img pull-left'>\n <img src='img/user.png' height='50' width='50' alt='User Avatar' class='img-circle' />\n </span>\n <div class='chat-body clearfix'>\n <div class='header'>\n <strong class='primary-font'>" . $cfrom1 . "</strong> <small class='pull-right text-muted'>\n <span class='glyphicon glyphicon-time'></span></small>\n </div>\n <p>\n " . $msg . "\n </p>\n </div>\n </li>\n </ul>";
}
}
?>
</div>
<form action="chatupdate.php" method="post">
<div class="panel-footer">
<div class="input-group">
<input id="btn-input" type="text" class="form-control input-sm" name="message" placeholder="Type your message
here..." />
<input type="hidden" name="user" value="<?php
echo $user;
?>
$ava1 = getavatar($row['user_id'], 'avatar');
$ava = "<img src='{$ava1}' height='30' width='30' class=>";
$tim = $row['time'];
$hash = $row['ghash'];
echo "<div class='post'><div class='panel panel-default'>\n <div class='panel-heading'>" . $ava . $postn . "</div>\n <div class='panel-body'>" . $row['message'] . "\n \n </div><div class='panel-footer'>Posted at  " . $tim . "</div>\n</div>\n </div></div>";
}
if ($type == 'image') {
$postn = getuser($row['user_id'], 'fname');
$ava1 = getavatar($row['user_id'], 'avatar');
$ava = "<img src='{$ava1}' height='30' width='30'>";
$pim = $row['pimage'];
$pim1 = "<img src='{$pim}' class='img-responsive center-block'>";
echo "<div class='post'><div class='panel panel-default'>\n <div class='panel-heading'>" . $ava . $postn . "</div>\n <div class='panel-body'>" . $row['message'] . $pim1 . "\n \n </div>\n </div></div>";
}
if ($type == 'video') {
$postn = getuser($row['user_id'], 'fname');
$ava1 = getavatar($row['user_id'], 'avatar');
$ava = "<img src='{$ava1}' height='30' width='30'>";
$url = $row['url'];
$vi = " <iframe src='{$url}'\n frameborder='0' width='476' height='400'\n allowfullscreen ></iframe >";
echo "<div class='post'><div class='panel panel-default'>\n <div class='panel-heading'>" . $ava . $postn . "</div>\n <div class='panel-body'>" . $row['message'] . $vi . "\n \n </div>\n </div></div>";
}
if ($type == 'location') {
$postn = getuser($row['user_id'], 'fname');
$ava1 = getavatar($row['user_id'], 'avatar');
$ava = "<img src='{$ava1}' height='30' width='30'>";
$pla = $row['place'];
echo "<div class='post'><div class='panel panel-default'>\n <div class='panel-heading'>" . $ava . $postn . "</div>\n <div class='panel-body'>" . $row['message'] . "<br>" . $pla . "\n \n </div>\n </div></div>";
}
}
require_once 'footer.php';
<?php
require_once 'header.php';
?>
<div id="bo">
<?php
require_once 'include/db_connect.php';
require_once 'include/essential.php';
?>
<?php
require_once 'include/db_connect.php';
require_once 'functions.php';
require_once 'include/essential.php';
echo "<h1>Chat List</h1><br>";
$fr = mysql_query("select user_one,user_two from frnd where user_one='{$pid1}' or user_two='{$pid1}'");
while ($frn = mysql_fetch_array($fr)) {
if ($frn['user_one'] == $pid1) {
$frnid = $frn['user_two'];
} else {
$frnid = $frn['user_one'];
}
$frname = getuser($frnid, 'user_name');
echo "<a href='chatbox.php?user={$frnid}'class='btn btn-default btn-lg'style=margin:5px;>{$frname}</a><br><br>";
}
?>
</div>
</body>
<?php
require_once 'footer.php';
?>
</html>
function t_fanli($uid, $money)
{
global $_G;
$org_money = $money;
if ($uid == $this->user['uid']) {
$user = $this->user;
} else {
$user = getuser($uid, 'uid');
}
//if($user['uid'] == $this->user[uid]) return $money;
//if($user['t_uid'] && $user['t_uid'] == $this->user[uid]) return $money; //防止死循环
//4,3,1,1,2
$rank = $user['rank'];
if (!$rank || !$_G['rank'][$rank]) {
return $money;
}
$group = $_G['rank'][$rank];
$bili = intval($group['bili']);
//当前推荐者所在推荐的返利比例
if ($bili <= 0) {
return $money;
}
$yongjin = fix($money * ($bili / 100), 2);
$money = $money - $yongjin;
//给佣金表,增加记录,供用户查询
$log = array();
//第'.($k+1).'级
if (!$this->order['price'] || $yongjin <= 0) {
return $money;
}
$log['desc'] = '您推荐的用户' . $this->user['username'] . '购物消费,您获得:' . $yongjin . '元(' . $bili . '%)';
$add_money = $user['money'] + $yongjin;
update_member(array('money' => $add_money), $user['uid']);
$log['org_money'] = $user['money'];
$log['money'] = $yongjin;
$log['status'] = 1;
$log['uid'] = $user['uid'];
$log['username'] = $user['username'];
$this->write_log($log);
//无限上级推荐人返利
/*if($user['t_uid']>0){
if($user['t_uid'] == $this->user['uid'] || $user['t_uid'] == $user['uid'])continue; //防止死循环
$money = $this->t_fanli($user['t_uid'],$org_money);
}*/
return $money;
}
<div id="wrap">
<div id="header"></div>
<div id="main"><p>
<p><span class="pagetitle">User Account</span></p>
<?php
connect();
//printf('<br />roleid: '.$_SESSION['role_id'].'');
if ($_SESSION['role_id'] == 1) {
printf('Only editors may view this page.');
printf('<script type="text/javascript">
location.replace("author.php");
</script>');
}
$uid = $_GET['perid'];
$arruser = getuser($uid);
$fname = $arruser['fname'];
$lname = $arruser['lname'];
$street = $arruser['street'];
$city = $arruser['city'];
$province = $arruser['province'];
$postal = $arruser['postal'];
$email = $arruser['email'];
$uid = $arruser['per_id'];
$active = $arruser['active'];
printf('<span class="edituser">');
printf('<form name="reg" action="updateuser.php" onsubmit="return validateForm();" method="post" >');
printf('<table>');
printf('<tr><td></td><td><input type=hidden name="uid" value="' . $uid . '"></td></tr>');
printf('<tr><td>Username:</td><td>' . $arruser['uname'] . '</td></tr>');
printf('<tr><td>First name:</td><td><input type=text name="ufname" value="' . $fname . '" size="50"></td></tr>');
function delete_account($usrid)
{
// ------------------ DELETE ACCOUNT ---------------
$usr = @getuser($usrid);
if ($usr !== false) {
$c = $usr['cluster'];
if ($c != '') {
$c = @mysql_num_rows(@db_query('SELECT * FROM users WHERE cluster=' . mysql_escape_string($c)));
if ($c < 2) {
deletecluster($c, true);
} else {
$r = db_query('SELECT id FROM users WHERE cluster=' . mysql_escape_string($usr['cluster']) . ' AND clusterstat=' . CS_ADMIN . ';');
$admins = @mysql_num_rows($r);
if ($usr['clusterstat'] == CS_ADMIN && $admins < 2) {
$r = db_query('SELECT * FROM users WHERE cluster=' . mysql_escape_string($usr['cluster']) . ';');
db_query('UPDATE users SET clusterstat=' . CS_ADMIN . ' WHERE id=' . mysql_result($r, 0, 'id') . ';');
}
}
}
db_query('DELETE FROM mails WHERE user=\'' . mysql_escape_string($usrid) . '\';');
db_query('DELETE FROM sysmsgs WHERE user=\'' . mysql_escape_string($usrid) . '\';');
db_query('DELETE FROM users WHERE id=\'' . mysql_escape_string($usrid) . '\';');
db_query('DELETE FROM abooks WHERE user=\'' . mysql_escape_string($usrid) . '\';');
return $usr;
} else {
return false;
}
}
<?php
require_once 'include/essential.php';
?>
<?php
require_once 'include/db_connect.php';
require_once 'functions.php';
if (isset($_GET['user']) && !empty($_GET['user'])) {
$lid = $_GET['user'];
} else {
$lid = $pid1;
}
$my_id = $pid1;
$luser = getuser($lid, 'user_name');
echo '<h2>' . $luser . '</h2>';
?>
<?php
if ($lid != $my_id) {
$checkfriends = mysql_query("select id from frnd where(user_one='{$my_id}' and user_two='{$lid}') or (user_one='{$lid}' and user_two='{$my_id}')");
if (mysql_num_rows($checkfriends) == 1) {
echo "<a href='#'class='btn btn-primary btn-lg'style=margin:5px;>already friends</a>   " . "<a href='action.php?action=unfriend&user={$lid}'class='btn btn-primary btn-lg'style=margin:5px;>unfriend</a>";
} else {
$from = mysql_query("select id from frnd_req where from1='{$lid}' and to1='{$my_id}'");
$to = mysql_query("select id from frnd_req where from1='{$my_id}' and to1='{$lid}'");
if (mysql_num_rows($from) == 1) {
echo "<a href='action.php?action=accept&user={$lid}'class='btn btn-primary btn-lg'style=margin:5px;>accept</a>   <a href='action.php?action=reject&user={$lid}'class='btn btn-primary btn-lg'style=margin:5px;>decline</a>";
} elseif (mysql_num_rows($to) == 1) {
echo "<a href='action.php?action=cancel&user={$lid}'class='btn btn-primary btn-lg'style=margin:5px;>cancel request</a>";
} else {
function duihuan_main()
{
global $_G, $assign;
$and = '';
//if($assign[goods][tag]) $and .=' AND `tag` ='.$assign[goods][tag];
if ($assign[goods][id]) {
$and .= ' AND id != ' . $assign[goods][id];
$duihuan_success = D(array('and' => ' AND duihuan_id = ' . $assign[goods][id] . " AND status=4", 'order' => 'id DESC ', 'table' => 'duihuan_apply', 'limit' => 80, 'key' => 'duihuan_main_' . $assign[goods][id]));
foreach ($duihuan_success as $k => $v) {
$duihuan_success[$k][user] = getuser($v[uid], 'uid');
}
}
$and_time .= " AND start_time < " . TIMESTAMP;
$and_time .= " AND ( end_time = 0 or end_time > " . TIMESTAMP . ")";
$and .= ' AND `hide`=0 ' . $and_time;
$duihuan_goods = D(array('and' => $and, 'order' => ' `sort` DESC,id DESC ', 'table' => 'duihuan', 'limit' => 4, 'key' => 'duihuan_goods'));
return array('duihuan_goods' => $duihuan_goods, 'duihuan_success' => $duihuan_success);
}
require_once '../functions.php';
$tab = mysql_query("select * from frnd_req");
echo " <table class='table'>\r\n <caption><h1>Pending Requests Table</h1></caption>\r\n <tr>\r\n <th>From</th>\r\n <th>To</th>\r\n \r\n </tr>";
while ($row = mysql_fetch_array($tab)) {
$user = getuser($row['from1'], 'user_name');
$pas = getuser($row['to1'], 'user_name');
echo "<tr>";
echo " <td>{$user}</td>";
echo " <td>{$pas}</td>";
echo "</tr>";
}
?>
<hr style="background: black; color: black; height: 1px;">
<?php
require_once '../include/db_connect.php';
require_once '../functions.php';
$tab = mysql_query("select * from frnd");
echo " <table class='table'>\r\n <caption><h1>Friends Table</h1></caption>\r\n <tr>\r\n <th>User</th>\r\n <th>User</th>\r\n \r\n </tr>";
while ($row = mysql_fetch_array($tab)) {
$user = getuser($row['user_one'], 'user_name');
$pas = getuser($row['user_two'], 'user_name');
echo "<tr>";
echo " <td>{$user}</td>";
echo " <td>{$pas}</td>";
echo "</tr>";
}
?>
<hr style="background: black; color: black; height: 1px;">
</body>
</html>
function shownews($category)
{
global $HTTP_GET_VARS, $NEWS, $list_prefix, $MAIN;
$CONTENT = "";
if (isset($HTTP_GET_VARS['perpage']) && is_numeric($HTTP_GET_VARS['perpage'])) {
$perpage = $HTTP_GET_VARS['perpage'];
} else {
$perpage = 3;
}
//lets see if the user has specified to show all requests on a single page.
if (isset($HTTP_GET_VARS['onepage'])) {
$onepage = 1;
} else {
$onepage = 0;
}
//lets see what page we are on
if (!isset($HTTP_GET_VARS['page']) || !is_numeric($HTTP_GET_VARS['page'])) {
$page = 1;
} else {
$page = $HTTP_GET_VARS['page'];
}
//lets calculate our start position for our query if needed.
$start = ($page - 1) * $perpage;
//lets calculate our query
$sql = "SELECT * FROM " . $list_prefix . "news";
if ($category != 0) {
$sql .= " WHERE category = '" . $category . "'";
}
if ($onepage == 0) {
$sql .= " ORDER BY `date` DESC LIMIT " . $start . "," . $perpage . ";";
} else {
$sql .= " ORDER BY `date` DESC;";
}
//now lets show the prayerlist entries.
$result = db_query($sql);
$rows = db_num_rows($result);
if ($rows != 0) {
$i = 0;
while ($i < $rows) {
//lets fetch our prayer request from the database.
$row = db_fetch_array($result);
$postedby = getuser($row['posted_by']);
//lets insert the prayerrequest into our working copy of this template.
$WORK = insert_into_template($NEWS, "{NEWSTITLE}", stripslashes($row['news_title']));
$WORK = insert_into_template($WORK, "{TEASER}", stripslashes($row['teaser']));
$WORK = insert_into_template($WORK, "{NEWSID}", $row['id']);
$WORK = insert_into_template($WORK, "{POSTEDBY}", $postedby);
$WORK = insert_into_template($WORK, "{BYLINE}", $row['byline']);
$WORK = insert_into_template($WORK, "{DATE}", date("m/d/Y", $row['date']));
$WORK = insert_into_template($WORK, "{CATEGORY}", getcatname($row['category']));
$i++;
//now lets add this request to the CONTENT.
$CONTENT .= $WORK;
}
$sql = "SELECT * FROM " . $list_prefix . "news;";
$result = db_query($sql);
$rows = db_num_rows($result);
$pages = ($rows - $rows % $perpage) / $perpage;
//this is the number of complete pages.
if ($rows % $perpage > 0) {
$pages++;
}
//this will take care of incomplete pages.
//lets list a previous page link if needed.
if ($pages > 1 && $onepage == 0) {
$i = 0;
if ($page != 1) {
$CONTENT .= "<a href='news.php?page" . ($page - 1) . "'>prev</a> \r\n";
}
//lets list all pages a user can click on.
while ($i < $pages) {
$i++;
if ($i != $page) {
$CONTENT .= "<a href='news.php?page=" . $i . "'>" . $i . "</a> \r\n";
} else {
$CONTENT .= $i . " ";
}
}
//lets create a next page link if needed
if ($page != $pages) {
$CONTENT .= "<a href='news.php?page=" . ($page + 1) . "'>next</a>\r\n";
}
$CONTENT .= "<div align=\"right\"><a href='news.php?onepage=1'>Show all requests on one page.</a></div><br />\r\n";
}
} else {
$CONTENT .= "There are no active news at this time.<BR>\r\n";
}
$WORK = insert_into_template($MAIN, "{CONTENT}", $CONTENT);
$WORK = filltemplate($WORK, "News");
//when we output this lets make sure that the output is stripped of any template elements that are not used.
printf("%s", striptemplate($WORK));
}
$blocked = "blocked";
}
if (!$news[activated]) {
$activated = "inactiv";
}
$countcoms = $db->query("SELECT COUNT(*) FROM {$tab['news_comment']} WHERE newsid='{$news['id']}'");
$comments = $countcoms[0];
eval("\$inc[newsselect] .= \"" . gettemplate("news.edit.selectnews.bit") . "\";");
}
eval("\$inc[action] = \"" . gettemplate("news.edit.selectnews") . "\";");
}
############################
if ($adminaction == "news_new" || $fail_new) {
if (!$login) {
eval("\$inc[action] = \"" . gettemplate("fail.access.notloggedin") . "\";");
} else {
$fail = $fail_new;
$user = getuser($login[id]);
$smilies = getsmiliesbit("news.newsform.smilie.bit");
$user_name = mkuser("user_name", 0, $login);
$thisaction = "new_new_save";
eval("\$admin \t= \"" . gettemplate("news.newsform.admin") . "\";");
eval("\$inc[action] = \t\"" . gettemplate("news.admin.newsform") . "\";");
}
}
################
if ($adminaction == "news_config" || $fail_config) {
$fail = $fail_config;
eval("\$inc[action] = \"" . gettemplate("news.admin.config.main") . "\";");
}
################
<?php
require_once '../inc/common.php';
$type = isset($_GET['type']) ? (int) $_GET['type'] : 0;
$user = getuser('mid,headimgurl');
$pageSize = 5;
$sql = "SELECT count(1) as count FROM m_comment WHERE mid = '{$user['mid']}' AND type = 0";
$sth = $db->prepare($sql);
$sth->execute();
$count = $sth->fetchColumn();
$pageTotal = ceil($count / $pageSize);
if (isset($_GET['aj_comm'])) {
if ($type == 0) {
$table = 'm_goods';
} elseif ($type == 1) {
$table = 'm_activites';
}
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
//获取请求的页数
$start = ($page - 1) * $pageSize;
$sql = "SELECT c.cid,c.pid,c.ctime,c.nice,c.imgs,c.content,g.name FROM m_comment as c\r\n\t\t\t\tLEFT JOIN {$table} as g ON c.pid = g.gid\r\n\t\t\t\tWHERE c.mid = '{$user['mid']}' AND c.type = '{$type}' ORDER BY c.ctime DESC LIMIT {$start}, {$pageSize}";
$sth = $db->prepare($sql);
$sth->execute();
$data = $sth->fetchAll(PDO::FETCH_ASSOC);
foreach ($data as $k => $v) {
$data[$k]['ctime'] = date('Y-m-d', $v['ctime']);
$data[$k]['imgs'] = explode('|', $v['imgs']);
}
die(json_encode($data));
//转换为json数据输出
}
if ($right[boardid] == "0" && $right[section] == $sec[forum][id]) {
$board = "<i>ALL BOARDS</i>";
} elseif ($right[boardid]) {
$board = getboard($right[boardid]);
$board = $board[board_name];
} else {
$board = "-----";
}
eval("\$moderators .= \"" . gettemplate("user.admin.rights.listmoderators.bit") . "\";");
}
eval("\$inc[action] = \"" . gettemplate("user.admin.rights") . "\";");
}
#######################################
if ($adminaction == "showuser" || $fail_useredit) {
$fail = $fail_useredit;
$form = getuser($userid);
$form[user_gender] - 2 ? $male = " selected" : ($female = " selected");
$birthday = mkdate($form[user_birth], "d-m-Y");
eval("\$inc[action] = \"" . gettemplate("user.admin.edituser") . "\";");
}
#######################################
if ($adminaction == "showusers") {
if (strtolower($sort) != "desc" && strtolower($sort) != "asc") {
$sort = "ASC";
}
if (strtolower($order) != "user_name" && strtolower($order) != "id") {
$order = "id";
}
if (!$start || !is_numeric($start)) {
$start = 0;
}
}
}
savetraffic(strlen($zip->file()));
$dateiname = "PMs-Backup " . date("d-m-Y") . ".zip";
header("Content-Type: application/octetstream");
header("Content-Disposition: attachment; filename=" . $dateiname);
header("Pragma: no-cache");
header("Expires: 0");
echo $zip->file();
exit;
}
#####
if ($dlsection == "pm" && !is_array($sourceid)) {
$pm = getpm($sourceid);
if ($pm[toid] != $login[id] && $pm[autid] != $login[id]) {
eval("\$inc[action] = \"" . gettemplate("fail.access.noaccess") . "\";");
} else {
$user = getuser($pm[autid]);
$dateiname = "PM-Backup " . date("m-Y") . ".zip";
eval("\$pmdl = \"" . gettemplate("pm.dl") . "\";");
$zip->addFile($pmdl, "PM von {$user['user_name']}.txt");
savetraffic(strlen($zip->file()));
header("Content-Type: application/octetstream");
header("Content-Disposition: attachment; filename=" . $dateiname);
header("Pragma: no-cache");
header("Expires: 0");
echo $zip->file();
exit;
}
}
####
function main()
{
global $_G;
$message = '';
$ip = str_replace('.', '_', $_G[clientip]);
$time = $_SESSION[$ip . '_time'] ? TIMESTAMP - $_SESSION[$ip . '_time'] : 0;
if ($_GET[username] && $_GET[login_submit] && check()) {
if ($_SESSION[$ip] >= 5) {
if ($time <= 0) {
$old_time = intval(0 - $time / 60);
$message = "由于您的密码重试次数太多,您的IP已被禁止,您可在" . $old_time . '分钟后重新登录';
$this->add(array('message' => $message));
$this->show();
exit;
} else {
unset($_SESSION[$ip]);
unset($_SESSION[$ip . '_time']);
}
}
$username = trim($_GET[username]);
$password = trim($_GET[password]);
$user = getuser($username, 'username');
if ($user[uid] > 0 && authcode($user[password], 'decode', $user['key']) == $password) {
$update = array('login_time' => TIMESTAMP, 'login_ip' => $_G['clientip'], 'login_count' => $user[login_count] + 1);
$_G[member] = $user;
$_G[member][group] = $_G[group][$user[groupid]];
$_G[uid] = $user[uid];
$id = $_G[groupid] = $user[groupid];
if ($user[groupid] != 1 && $_G[group][$id]['login_admin'] != 1) {
//权限验证
$message = '您所在用户组无权登录后台';
$this->add(array('message' => $message));
$this->show();
exit;
}
if ($user[groupid] == 1) {
$_G[adminid] = 1;
}
$_G[username] = $user[username];
//登录成功
$auth = authcode($user[uid] . '|' . $user[password], 'encode', '', 86400);
DB::update('member', $update, "uid=" . $user[uid]);
dsetcookie("auth", $auth, 86400);
$_SESSION['auth'] = $auth;
unset($_SESSION[$ip]);
unset($_SESSION[$ip . '_time']);
$url = URL;
header("Location:" . $url);
echo '<script type="text/javascript">window.location.href = "' . $url . '";</script>';
exit;
} else {
$message = '用户不存在或密码不正确';
if (!$_SESSION[$ip]) {
$_SESSION[$ip] = 0;
}
$_SESSION[$ip] += 1;
if ($_SESSION[$ip] >= 5) {
$message = "由于您的密码重试次数太多,您在30分钟禁止登录";
$_SESSION[$ip . '_time'] = TIMESTAMP + 1800;
} else {
if ($_SESSION[$ip] > 2 && $_SESSION[$ip] < 5) {
$message = "您还有" . (5 - $_SESSION[$ip]) . '次机会,否则您将会在30分钟禁止登录';
}
}
}
}
$_G['title'] = '欢迎登录优淘TAE后台';
$this->add(array('message' => $message));
$this->show();
}
<td width="15%" >PostgreSQL: <?php
echo postgresql();
?>
</td>
<td width="15%" >WGet: <?php
echo testwget();
?>
</td>
<td width="25%" >Free space: <?php
echo view_size(diskfreespace(getcwd()));
?>
</td>
</tr>
<tr>
<td width="35%" >User: <font size=2 color=#ff4500><b><?php
echo getuser();
?>
</b></font></td>
<td width="15%" >MSSQL: <?php
echo testmssql();
?>
</td>
<td width="15%" >Perl: <?php
echo testperl();
?>
</td>
<td width="25%" >Server time: <?php
echo date('H:i d-m-Y');
?>
</td>
</tr>
function dir_list_form()
{
global $fm_root_atual, $dir_atual, $quota_mb, $resolveIDs, $order_dir_list_by, $islinux, $cmd_name, $ip, $is_reachable, $path_info, $fm_color;
$ti = getmicrotime();
clearstatcache();
$out = "<table border=0 cellspacing=1 cellpadding=4 width=\"100%\" bgcolor=\"#eeeeee\">\n";
if ($opdir = @opendir($dir_atual)) {
$entry_count = 0;
$file_count = 0;
$dir_count = 0;
$total_size = 0;
$uplink = "";
$entry_list = array();
$highlight_cols = 0;
while ($file = readdir($opdir)) {
if ($file != "." && $file != "..") {
if (is_file($dir_atual . $file)) {
$ext = strtolower(strrchr($file, "."));
$entry_list[$entry_count]["type"] = "file";
// Função filetype() returns only "file"...
$entry_list[$entry_count]["size"] = filesize($dir_atual . $file);
$entry_list[$entry_count]["sizet"] = getsize($dir_atual . $file);
if (strstr($ext, ".")) {
$entry_list[$entry_count]["ext"] = $ext;
$entry_list[$entry_count]["extt"] = $ext;
} else {
$entry_list[$entry_count]["ext"] = "";
$entry_list[$entry_count]["extt"] = " ";
}
$file_count++;
} elseif (is_dir($dir_atual . $file)) {
// Recursive directory size disabled
// $entry_list[$entry_count]["size"] = total_size($dir_atual.$file);
$entry_list[$entry_count]["size"] = 0;
$entry_list[$entry_count]["sizet"] = 0;
$entry_list[$entry_count]["type"] = "dir";
$dir_count++;
}
$entry_list[$entry_count]["name"] = $file;
$entry_list[$entry_count]["date"] = date("Ymd", filemtime($dir_atual . $file));
$entry_list[$entry_count]["time"] = date("his", filemtime($dir_atual . $file));
$entry_list[$entry_count]["datet"] = date("d/m/Y h:i:s", filemtime($dir_atual . $file));
if ($islinux && $resolveIDs) {
$entry_list[$entry_count]["p"] = show_perms(fileperms($dir_atual . $file));
$entry_list[$entry_count]["u"] = getuser(fileowner($dir_atual . $file));
$entry_list[$entry_count]["g"] = getgroup(filegroup($dir_atual . $file));
} else {
$entry_list[$entry_count]["p"] = base_convert(fileperms($dir_atual . $file), 10, 8);
$entry_list[$entry_count]["p"] = substr($entry_list[$entry_count]["p"], strlen($entry_list[$entry_count]["p"]) - 3);
$entry_list[$entry_count]["u"] = fileowner($dir_atual . $file);
$entry_list[$entry_count]["g"] = filegroup($dir_atual . $file);
}
$total_size += $entry_list[$entry_count]["size"];
$entry_count++;
}
}
closedir($opdir);
if ($file_count) {
$highlight_cols = $islinux ? 7 : 5;
} else {
$highlight_cols = $islinux ? 6 : 4;
}
if ($entry_count) {
$or1 = "1A";
$or2 = "2D";
$or3 = "3A";
$or4 = "4A";
$or5 = "5A";
$or6 = "6D";
$or7 = "7D";
switch ($order_dir_list_by) {
case "1A":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "name", SORT_STRING, SORT_ASC);
$or1 = "1D";
break;
case "1D":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "name", SORT_STRING, SORT_DESC);
$or1 = "1A";
break;
case "2A":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "p", SORT_STRING, SORT_ASC, "g", SORT_STRING, SORT_ASC, "u", SORT_STRING, SORT_ASC);
$or2 = "2D";
break;
case "2D":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "p", SORT_STRING, SORT_DESC, "g", SORT_STRING, SORT_ASC, "u", SORT_STRING, SORT_ASC);
$or2 = "2A";
break;
case "3A":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "u", SORT_STRING, SORT_ASC, "g", SORT_STRING, SORT_ASC);
$or3 = "3D";
break;
case "3D":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "u", SORT_STRING, SORT_DESC, "g", SORT_STRING, SORT_ASC);
$or3 = "3A";
break;
case "4A":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "g", SORT_STRING, SORT_ASC, "u", SORT_STRING, SORT_DESC);
$or4 = "4D";
break;
case "4D":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "g", SORT_STRING, SORT_DESC, "u", SORT_STRING, SORT_DESC);
$or4 = "4A";
break;
case "5A":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "size", SORT_NUMERIC, SORT_ASC);
$or5 = "5D";
break;
case "5D":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "size", SORT_NUMERIC, SORT_DESC);
$or5 = "5A";
break;
case "6A":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "date", SORT_STRING, SORT_ASC, "time", SORT_STRING, SORT_ASC, "name", SORT_STRING, SORT_ASC);
$or6 = "6D";
break;
case "6D":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "date", SORT_STRING, SORT_DESC, "time", SORT_STRING, SORT_DESC, "name", SORT_STRING, SORT_ASC);
$or6 = "6A";
break;
case "7A":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "ext", SORT_STRING, SORT_ASC, "name", SORT_STRING, SORT_ASC);
$or7 = "7D";
break;
case "7D":
$entry_list = array_csort($entry_list, "type", SORT_STRING, SORT_ASC, "ext", SORT_STRING, SORT_DESC, "name", SORT_STRING, SORT_ASC);
$or7 = "7A";
break;
}
}
$out .= "\r\n <script language=\"Javascript\" type=\"text/javascript\">\r\n <!--\r\n function getCookieVal (offset) {\r\n var endstr = document.cookie.indexOf (';', offset);\r\n if (endstr == -1) endstr = document.cookie.length;\r\n return unescape(document.cookie.substring(offset, endstr));\r\n }\r\n function getCookie (name) {\r\n var arg = name + '=';\r\n var alen = arg.length;\r\n var clen = document.cookie.length;\r\n var i = 0;\r\n while (i < clen) {\r\n var j = i + alen;\r\n if (document.cookie.substring(i, j) == arg) return getCookieVal (j);\r\n i = document.cookie.indexOf(' ', i) + 1;\r\n if (i == 0) break;\r\n }\r\n return null;\r\n }\r\n function setCookie (name, value) {\r\n var argv = SetCookie.arguments;\r\n var argc = SetCookie.arguments.length;\r\n var expires = (argc > 2) ? argv[2] : null;\r\n var path = (argc > 3) ? argv[3] : null;\r\n var domain = (argc > 4) ? argv[4] : null;\r\n var secure = (argc > 5) ? argv[5] : false;\r\n document.cookie = name + '=' + escape (value) +\r\n ((expires == null) ? '' : ('; expires=' + expires.toGMTString())) +\r\n ((path == null) ? '' : ('; path=' + path)) +\r\n ((domain == null) ? '' : ('; domain=' + domain)) +\r\n ((secure == true) ? '; secure' : '');\r\n }\r\n function delCookie (name) {\r\n var exp = new Date();\r\n exp.setTime (exp.getTime() - 1);\r\n var cval = GetCookie (name);\r\n document.cookie = name + '=' + cval + '; expires=' + exp.toGMTString();\r\n }\r\n function go(arg) {\r\n document.location.href='" . $path_info["basename"] . "?frame=3&dir_atual={$dir_atual}'+arg+'/';\r\n }\r\n function resolveIDs() {\r\n document.location.href='" . $path_info["basename"] . "?frame=3&set_resolveIDs=1&dir_atual={$dir_atual}';\r\n }\r\n var entry_list = new Array();\r\n // Custom object constructor\r\n function entry(name, type, size, selected){\r\n this.name = name;\r\n this.type = type;\r\n this.size = size;\r\n this.selected = false;\r\n }\r\n // Declare entry_list for selection procedures";
foreach ($entry_list as $i => $data) {
$out .= "\nentry_list['entry{$i}'] = new entry('" . $data["name"] . "', '" . $data["type"] . "', " . $data["size"] . ", false);";
}
$out .= "\r\n // Select/Unselect Rows OnClick/OnMouseOver\r\n var lastRows = new Array(null,null);\r\n function selectEntry(Row, Action){\r\n var MarkColor = '#" . $fm_color['Mark'] . "';\r\n var Cells = Row.getElementsByTagName('td');\r\n if (multipleSelection){\r\n // Avoid repeated onmouseover events from same Row ( cell transition )\r\n if (Row != lastRows[0]){\r\n if (Action == 'over') {\r\n if (entry_list[Row.id].selected){\r\n if (entry_list[Row.id].type == 'dir') DefaultColor = '#" . $fm_color['Dir'] . "';\r\n else DefaultColor = '#" . $fm_color['File'] . "';\r\n if (unselect(entry_list[Row.id])) {\r\n for (var c=0; c < " . (int) $highlight_cols . "; c++) {\r\n if (c == 0 && entry_list[Row.id].type=='file' && !entry_list[Row.id].selected) Cells[c].style.backgroundColor = '#" . $fm_color['FileFirstCell'] . "';\r\n else Cells[c].style.backgroundColor = DefaultColor;\r\n }\r\n }\r\n // Change the last Row when you change the movement orientation\r\n if (lastRows[0] != null && lastRows[1] != null){\r\n var LastRowID = lastRows[0].id;\r\n var LastRowDefaultColor;\r\n if (entry_list[LastRowID].type == 'dir') LastRowDefaultColor = '#" . $fm_color['Dir'] . "';\r\n else LastRowDefaultColor = '#" . $fm_color['File'] . "';\r\n if (Row.id == lastRows[1].id){\r\n var LastRowCells = lastRows[0].getElementsByTagName('td');\r\n if (unselect(entry_list[LastRowID])) {\r\n for (var c=0; c < " . (int) $highlight_cols . "; c++) {\r\n if (c == 0 && entry_list[LastRowID].type=='file' && !entry_list[LastRowID].selected) LastRowCells[c].style.backgroundColor = '#" . $fm_color['FileFirstCell'] . "';\r\n else LastRowCells[c].style.backgroundColor = LastRowDefaultColor;\r\n }\r\n }\r\n }\r\n }\r\n } else {\r\n if (select(entry_list[Row.id])){\r\n for (var c=0; c < " . (int) $highlight_cols . "; c++) {\r\n if (c == 0 && entry_list[Row.id].type=='file' && !entry_list[Row.id].selected) Cells[c].style.backgroundColor = '#" . $fm_color['FileFirstCell'] . "';\r\n else Cells[c].style.backgroundColor = MarkColor;\r\n }\r\n }\r\n // Change the last Row when you change the movement orientation\r\n if (lastRows[0] != null && lastRows[1] != null){\r\n var LastRowID = lastRows[0].id;\r\n if (Row.id == lastRows[1].id){\r\n var LastRowCells = lastRows[0].getElementsByTagName('td');\r\n if (select(entry_list[LastRowID])) {\r\n for (var c=0; c < " . (int) $highlight_cols . "; c++) {\r\n if (c == 0 && entry_list[LastRowID].type=='file' && !entry_list[LastRowID].selected) LastRowCells[c].style.backgroundColor = '#" . $fm_color['FileFirstCell'] . "';\r\n else LastRowCells[c].style.backgroundColor = MarkColor;\r\n }\r\n }\r\n }\r\n }\r\n }\r\n lastRows[1] = lastRows[0];\r\n lastRows[0] = Row;\r\n }\r\n }\r\n } else {\r\n if (Action == 'click') {\r\n var newColor = null;\r\n if (entry_list[Row.id].selected){\r\n var DefaultColor;\r\n if (entry_list[Row.id].type == 'dir') DefaultColor = '#" . $fm_color['Dir'] . "';\r\n else DefaultColor = '#" . $fm_color['File'] . "';\r\n if (unselect(entry_list[Row.id])) newColor = DefaultColor;\r\n } else {\r\n if (select(entry_list[Row.id])) newColor = MarkColor;\r\n }\r\n if (newColor) {\r\n lastRows[0] = lastRows[1] = Row;\r\n for (var c=0; c < " . (int) $highlight_cols . "; c++) {\r\n if (c == 0 && entry_list[Row.id].type=='file' && !entry_list[Row.id].selected) Cells[c].style.backgroundColor = '#" . $fm_color['FileFirstCell'] . "';\r\n else Cells[c].style.backgroundColor = newColor;\r\n }\r\n }\r\n }\r\n }\r\n return true;\r\n }\r\n // Disable text selection and bind multiple selection flag\r\n var multipleSelection = false;\r\n if (is.ie) {\r\n document.onselectstart=new Function('return false');\r\n document.onmousedown=switch_flag_on;\r\n document.onmouseup=switch_flag_off;\r\n // Event mouseup is not generated over scrollbar.. curiously, mousedown is.. go figure.\r\n window.onscroll=new Function('multipleSelection=false');\r\n } else {\r\n if (document.layers) window.captureEvents(Event.MOUSEDOWN);\r\n if (document.layers) window.captureEvents(Event.MOUSEUP);\r\n window.onmousedown=switch_flag_on;\r\n window.onmouseup=switch_flag_off;\r\n }\r\n // Using same function and a ternary operator couses bug on double click\r\n function switch_flag_on(e) {\r\n lastRows[0] = lastRows[1] = null;\r\n if (is.ie){\r\n multipleSelection = (event.button == 1);\r\n } else {\r\n multipleSelection = (e.which == 1);\r\n }\r\n return false;\r\n }\r\n function switch_flag_off(e) {\r\n if (is.ie){\r\n multipleSelection = (event.button != 1);\r\n } else {\r\n multipleSelection = (e.which != 1);\r\n }\r\n return false;\r\n }\r\n var total_dirs_selected = 0;\r\n var total_files_selected = 0;\r\n function unselect(Entry){\r\n if (!Entry.selected) return false;\r\n Entry.selected = false;\r\n sel_totalsize -= Entry.size;\r\n if (Entry.type == 'dir') total_dirs_selected--;\r\n else total_files_selected--;\r\n update_sel_status();\r\n return true;\r\n }\r\n function select(Entry){\r\n if(Entry.selected) return false;\r\n Entry.selected = true;\r\n sel_totalsize += Entry.size;\r\n if(Entry.type == 'dir') total_dirs_selected++;\r\n else total_files_selected++;\r\n update_sel_status();\r\n return true;\r\n }\r\n function is_anything_selected(){\r\n var selected_dir_list = new Array();\r\n var selected_file_list = new Array();\r\n for(var x=0;x<" . (int) count($entry_list) . ";x++){\r\n if(entry_list['entry'+x].selected){\r\n if(entry_list['entry'+x].type == 'dir') selected_dir_list.push(entry_list['entry'+x].name);\r\n else selected_file_list.push(entry_list['entry'+x].name);\r\n }\r\n }\r\n document.form_action.selected_dir_list.value = selected_dir_list.join('<|*|>');\r\n document.form_action.selected_file_list.value = selected_file_list.join('<|*|>');\r\n return (total_dirs_selected>0 || total_files_selected>0);\r\n }\r\n function formatsize (arg) {\r\n var resul = '';\r\n if (arg>0){\r\n var j = 0;\r\n var ext = new Array(' bytes',' Kb',' Mb',' Gb',' Tb');\r\n while (arg >= Math.pow(1024,j)) ++j;\r\n resul = (Math.round(arg/Math.pow(1024,j-1)*100)/100) + ext[j-1];\r\n } else resul = '0 Mb';\r\n return resul;\r\n }\r\n var sel_totalsize = 0;\r\n function update_sel_status(){\r\n var t = total_dirs_selected+' " . et('Dir_s') . " " . et('And') . " '+total_files_selected+' " . et('File_s') . " " . et('Selected_s') . " = '+formatsize(sel_totalsize);\r\n document.getElementById(\"sel_status\").innerHTML = t;\r\n }\r\n // Select all/none/inverse\r\n function selectANI(Butt){\r\n var MarkColor = '#" . $fm_color['Mark'] . "';\r\n for(var x=0;x<" . (int) count($entry_list) . ";x++){\r\n if (entry_list['entry'+x].type == 'dir'){\r\n var DefaultColor = '#" . $fm_color['Dir'] . "';\r\n } else {\r\n var DefaultColor = '#" . $fm_color['File'] . "';\r\n }\r\n var Row = document.getElementById('entry'+x);\r\n var Cells = Row.getElementsByTagName('td');\r\n var newColor = null;\r\n switch (Butt.value){\r\n case '" . et('SelAll') . "':\r\n if (select(entry_list[Row.id])) newColor = MarkColor;\r\n break;\r\n case '" . et('SelNone') . "':\r\n if (unselect(entry_list[Row.id])) newColor = DefaultColor;\r\n break;\r\n case '" . et('SelInverse') . "':\r\n if (entry_list[Row.id].selected){\r\n if (unselect(entry_list[Row.id])) newColor = DefaultColor;\r\n } else {\r\n if (select(entry_list[Row.id])) newColor = MarkColor;\r\n }\r\n break;\r\n }\r\n if (newColor) {\r\n for (var c=0; c < " . (int) $highlight_cols . "; c++) {\r\n if (entry_list[Row.id].type=='file' && c==0 && !entry_list[Row.id].selected) Cells[c].style.backgroundColor = '#" . $fm_color['FileFirstCell'] . "';\r\n else Cells[c].style.backgroundColor = newColor;\r\n }\r\n }\r\n }\r\n if (Butt.value == '" . et('SelAll') . "'){\r\n Butt.value = '" . et('SelNone') . "';\r\n } else if (Butt.value == '" . et('SelNone') . "'){\r\n Butt.value = '" . et('SelAll') . "';\r\n }\r\n return true;\r\n }\r\n function download(arg){\r\n parent.frame1.location.href='" . $path_info["basename"] . "?action=3&dir_atual={$dir_atual}&filename='+escape(arg);\r\n }\r\n function upload(){\r\n var w = 400;\r\n var h = 200;\r\n window.open('" . $path_info["basename"] . "?action=10&dir_atual={$dir_atual}', '', 'width='+w+',height='+h+',fullscreen=no,scrollbars=no,resizable=yes,status=no,toolbar=no,menubar=no,location=no');\r\n }\r\n function execute(){\r\n document.form_action.cmd_arg.value = prompt('" . et('TypeCmd') . ".');\r\n if(document.form_action.cmd_arg.value.length>0){\r\n if(confirm('" . et('ConfExec') . " \\' '+document.form_action.cmd_arg.value+' \\' ?')) {\r\n var w = 800;\r\n var h = 600;\r\n window.open('" . $path_info["basename"] . "?action=6&dir_atual={$dir_atual}&cmd='+escape(document.form_action.cmd_arg.value), '', 'width='+w+',height='+h+',fullscreen=no,scrollbars=yes,resizable=yes,status=no,toolbar=no,menubar=no,location=no');\r\n }\r\n }\r\n }\r\n function decompress(arg){\r\n if(confirm('" . strtoupper(et('Decompress')) . " \\' '+arg+' \\' ?')) {\r\n document.form_action.action.value = 72;\r\n document.form_action.cmd_arg.value = arg;\r\n document.form_action.submit();\r\n }\r\n }\r\n function edit_file(arg){\r\n var w = 800;\r\n var h = 600;\r\n if(confirm('" . strtoupper(et('Edit')) . " \\' '+arg+' \\' ?')) window.open('" . $path_info["basename"] . "?action=7&dir_atual={$dir_atual}&filename='+escape(arg), '', 'width='+w+',height='+h+',fullscreen=no,scrollbars=no,resizable=yes,status=no,toolbar=no,menubar=no,location=no');\r\n }\r\n function config(){\r\n var w = 600;\r\n var h = 400;\r\n window.open('" . $path_info["basename"] . "?action=2', 'win_config', 'width='+w+',height='+h+',fullscreen=no,scrollbars=yes,resizable=yes,status=no,toolbar=no,menubar=no,location=no');\r\n }\r\n function server_info(arg){\r\n var w = 800;\r\n var h = 600;\r\n window.open('" . $path_info["basename"] . "?action=5', 'win_serverinfo', 'width='+w+',height='+h+',fullscreen=no,scrollbars=yes,resizable=yes,status=no,toolbar=no,menubar=no,location=no');\r\n }\r\n function shell(){\r\n var w = 800;\r\n var h = 600;\r\n window.open('" . $path_info["basename"] . "?action=9', '', 'width='+w+',height='+h+',fullscreen=no,scrollbars=yes,resizable=yes,status=no,toolbar=no,menubar=no,location=no');\r\n }\r\n function view(arg){\r\n var w = 800;\r\n var h = 600;\r\n if(confirm('" . strtoupper(et('View')) . " \\' '+arg+' \\' ?')) window.open('" . $path_info["basename"] . "?action=4&dir_atual={$dir_atual}&filename='+escape(arg), '', 'width='+w+',height='+h+',fullscreen=no,scrollbars=yes,resizable=yes,status=yes,toolbar=no,menubar=no,location=yes');\r\n }\r\n function rename(arg){\r\n var nome = '';\r\n if (nome = prompt('" . strtoupper(et('Ren')) . " \\' '+arg+' \\' " . et('To') . " ...')) document.location.href='" . $path_info["basename"] . "?frame=3&action=3&dir_atual={$dir_atual}&old_name='+escape(arg)+'&new_name='+escape(nome);\r\n }\r\n function set_dir_dest(arg){\r\n document.form_action.dir_dest.value=arg;\r\n if (document.form_action.action.value.length>0) test(document.form_action.action.value);\r\n else alert('" . et('JSError') . ".');\r\n }\r\n function sel_dir(arg){\r\n document.form_action.action.value = arg;\r\n document.form_action.dir_dest.value='';\r\n if (!is_anything_selected()) alert('" . et('NoSel') . ".');\r\n else {\r\n if (!getCookie('sel_dir_warn')) {\r\n alert('" . et('SelDir') . ".');\r\n document.cookie='sel_dir_warn'+'='+escape('true')+';';\r\n }\r\n parent.frame2.set_flag(true);\r\n }\r\n }\r\n function set_chmod_arg(arg){\r\n document.form_action.chmod_arg.value=arg;\r\n if (document.form_action.action.value.length>0) test(document.form_action.action.value);\r\n else alert('" . et('JSError') . "');\r\n }\r\n function chmod(arg){\r\n document.form_action.action.value = arg;\r\n document.form_action.dir_dest.value='';\r\n document.form_action.chmod_arg.value='';\r\n if (!is_anything_selected()) alert('" . et('NoSel') . ".');\r\n else {\r\n var w = 280;\r\n var h = 180;\r\n window.open('" . $path_info["basename"] . "?action=8', '', 'width='+w+',height='+h+',fullscreen=no,scrollbars=no,resizable=yes,status=no,toolbar=no,menubar=no,location=no');\r\n }\r\n }\r\n function test_action(){\r\n if (document.form_action.action.value != 0) return true;\r\n else return false;\r\n }\r\n function test_prompt(arg){\r\n var erro='';\r\n var conf='';\r\n if (arg == 1){\r\n document.form_action.cmd_arg.value = prompt('" . et('TypeDir') . ".');\r\n } else if (arg == 2){\r\n document.form_action.cmd_arg.value = prompt('" . et('TypeArq') . ".');\r\n } else if (arg == 71){\r\n if (!is_anything_selected()) erro = '" . et('NoSel') . ".';\r\n else document.form_action.cmd_arg.value = prompt('" . et('TypeArqComp') . "');\r\n }\r\n if (erro!=''){\r\n document.form_action.cmd_arg.focus();\r\n alert(erro);\r\n } else if(document.form_action.cmd_arg.value.length>0) {\r\n document.form_action.action.value = arg;\r\n document.form_action.submit();\r\n }\r\n }\r\n function strstr(haystack,needle){\r\n var index = haystack.indexOf(needle);\r\n return (index==-1)?false:index;\r\n }\r\n function valid_dest(dest,orig){\r\n return (strstr(dest,orig)==false)?true:false;\r\n }\r\n // ArrayAlert - Selection debug only\r\n function aa(){\r\n var str = 'selected_dir_list:\\n';\r\n for (x=0;x<selected_dir_list.length;x++){\r\n str += selected_dir_list[x]+'\\n';\r\n }\r\n str += '\\nselected_file_list:\\n';\r\n for (x=0;x<selected_file_list.length;x++){\r\n str += selected_file_list[x]+'\\n';\r\n }\r\n alert(str);\r\n }\r\n function test(arg){\r\n var erro='';\r\n var conf='';\r\n if (arg == 4){\r\n if (!is_anything_selected()) erro = '" . et('NoSel') . ".\\n';\r\n conf = '" . et('RemSel') . " ?\\n';\r\n } else if (arg == 5){\r\n if (!is_anything_selected()) erro = '" . et('NoSel') . ".\\n';\r\n else if(document.form_action.dir_dest.value.length == 0) erro = '" . et('NoDestDir') . ".';\r\n else if(document.form_action.dir_dest.value == document.form_action.dir_atual.value) erro = '" . et('DestEqOrig') . ".';\r\n else if(!valid_dest(document.form_action.dir_dest.value,document.form_action.dir_atual.value)) erro = '" . et('InvalidDest') . ".';\r\n conf = '" . et('CopyTo') . " \\' '+document.form_action.dir_dest.value+' \\' ?\\n';\r\n } else if (arg == 6){\r\n if (!is_anything_selected()) erro = '" . et('NoSel') . ".';\r\n else if(document.form_action.dir_dest.value.length == 0) erro = '" . et('NoDestDir') . ".';\r\n else if(document.form_action.dir_dest.value == document.form_action.dir_atual.value) erro = '" . et('DestEqOrig') . ".';\r\n else if(!valid_dest(document.form_action.dir_dest.value,document.form_action.dir_atual.value)) erro = '" . et('InvalidDest') . ".';\r\n conf = '" . et('MoveTo') . " \\' '+document.form_action.dir_dest.value+' \\' ?\\n';\r\n } else if (arg == 9){\r\n if (!is_anything_selected()) erro = '" . et('NoSel') . ".';\r\n else if(document.form_action.chmod_arg.value.length == 0) erro = '" . et('NoNewPerm') . ".';\r\n conf = '" . et('AlterPermTo') . " \\' '+document.form_action.chmod_arg.value+' \\' ?\\n';\r\n }\r\n if (erro!=''){\r\n document.form_action.cmd_arg.focus();\r\n alert(erro);\r\n } else if(conf!='') {\r\n if(confirm(conf)) {\r\n document.form_action.action.value = arg;\r\n document.form_action.submit();\r\n }\r\n } else {\r\n document.form_action.action.value = arg;\r\n document.form_action.submit();\r\n }\r\n }\r\n //-->\r\n </script>";
$out .= "\r\n <form name=\"form_action\" action=\"" . $path_info["basename"] . "\" method=\"post\" onsubmit=\"return test_action();\">\r\n <input type=hidden name=\"frame\" value=3>\r\n <input type=hidden name=\"action\" value=0>\r\n <input type=hidden name=\"dir_dest\" value=\"\">\r\n <input type=hidden name=\"chmod_arg\" value=\"\">\r\n <input type=hidden name=\"cmd_arg\" value=\"\">\r\n <input type=hidden name=\"dir_atual\" value=\"{$dir_atual}\">\r\n <input type=hidden name=\"dir_antes\" value=\"{$dir_antes}\">\r\n <input type=hidden name=\"selected_dir_list\" value=\"\">\r\n <input type=hidden name=\"selected_file_list\" value=\"\">";
$out .= "\r\n <tr>\r\n <td bgcolor=\"#DDDDDD\" colspan=20><nobr>\r\n <input type=button onclick=\"config()\" value=\"" . et('Config') . "\">\r\n <input type=button onclick=\"server_info()\" value=\"" . et('ServerInfo') . "\">\r\n <input type=button onclick=\"test_prompt(1)\" value=\"" . et('CreateDir') . "\">\r\n <input type=button onclick=\"test_prompt(2)\" value=\"" . et('CreateArq') . "\">\r\n <input type=button onclick=\"execute()\" value=\"" . et('ExecCmd') . "\">\r\n <input type=button onclick=\"upload()\" value=\"" . et('Upload') . "\">\r\n <input type=button onclick=\"shell()\" value=\"" . et('Shell') . "\">\r\n <b>{$ip}</b>\r\n </nobr>";
if ($dir_atual != $fm_root_atual) {
$mat = explode("/", $dir_atual);
$dir_antes = "";
for ($x = 0; $x < count($mat) - 2; $x++) {
$dir_antes .= $mat[$x] . "/";
}
$uplink = "<a href=\"" . $path_info["basename"] . "?frame=3&dir_atual={$dir_antes}\"><<</a> ";
}
if ($entry_count) {
$out .= "\r\n <tr><td bgcolor=\"#DDDDDD\" colspan=20><nobr>{$uplink} <a href=\"" . $path_info["basename"] . "?frame=3&dir_atual={$dir_atual}\">{$dir_atual}</a></nobr>\r\n <tr>\r\n <td bgcolor=\"#DDDDDD\" colspan=20><nobr>\r\n <input type=\"button\" style=\"width:60\" onclick=\"selectANI(this)\" value=\"" . et('SelAll') . "\">\r\n <input type=\"button\" style=\"width:60\" onclick=\"selectANI(this)\" value=\"" . et('SelInverse') . "\">\r\n <input type=\"button\" style=\"width:60\" onclick=\"test(4)\" value=\"" . et('Rem') . "\">\r\n <input type=\"button\" style=\"width:60\" onclick=\"sel_dir(5)\" value=\"" . et('Copy') . "\">\r\n <input type=\"button\" style=\"width:60\" onclick=\"sel_dir(6)\" value=\"" . et('Move') . "\">\r\n <input type=\"button\" style=\"width:100\" onclick=\"test_prompt(71)\" value=\"" . et('Compress') . "\">";
if ($islinux) {
$out .= "\r\n <input type=\"button\" style=\"width:100\" onclick=\"resolveIDs()\" value=\"" . et('ResolveIDs') . "\">";
}
$out .= "\r\n <input type=\"button\" style=\"width:100\" onclick=\"chmod(9)\" value=\"" . et('Perms') . "\">";
$out .= "\r\n </nobr>\r\n <tr><td bgcolor=\"#DDDDDD\" colspan=20><DIV ID=\"sel_status\"></DIV></td></tr>";
$dir_out = "";
$file_out = "";
foreach ($entry_list as $ind => $dir_entry) {
$file = $dir_entry["name"];
if ($dir_entry["type"] == "dir") {
$dir_out .= "\r\n <tr ID=\"entry{$ind}\" onmouseover=\"selectEntry(this, 'over');\" onmousedown=\"selectEntry(this, 'click');\">\r\n <td align=left bgcolor=\"#" . $fm_color['Dir'] . "\"><nobr><a href=\"JavaScript:go('{$file}')\">{$file}</a></nobr>\r\n <td bgcolor=\"#" . $fm_color['Dir'] . "\">" . $dir_entry["p"];
if ($islinux) {
$dir_out .= "<td bgcolor=\"#" . $fm_color['Dir'] . "\">" . $dir_entry["u"] . "<td bgcolor=\"#" . $fm_color['Dir'] . "\">" . $dir_entry["g"];
}
$dir_out .= "\r\n <td bgcolor=\"#" . $fm_color['Dir'] . "\">" . $dir_entry["sizet"] . "\r\n <td bgcolor=\"#" . $fm_color['Dir'] . "\">" . $dir_entry["datet"];
if ($file_count) {
$dir_out .= "\r\n <td bgcolor=\"#" . $fm_color['Dir'] . "\" align=center>";
}
// Opções de diretório
if (is_writable($dir_atual . $file)) {
$dir_out .= "\r\n <td bgcolor=\"#FFFFFF\" align=center><a href=\"JavaScript:if(confirm('" . et('ConfRem') . " \\'" . $file . "\\' ?')) document.location.href='" . $path_info["basename"] . "?frame=3&action=8&cmd_arg=" . $file . "&dir_atual={$dir_atual}'\">" . et('Rem') . "</a>\r\n <td bgcolor=\"#FFFFFF\" align=center><a href=\"JavaScript:rename('{$file}')\">" . et('Ren') . "</a>";
}
$dir_out .= "\r\n </tr>";
} else {
$file_out .= "\r\n <tr ID=\"entry{$ind}\" onmouseover=\"selectEntry(this, 'over');\" onmousedown=\"selectEntry(this, 'click');\">\r\n <td align=left bgcolor=\"#FFFFFF\"><nobr><a href=\"JavaScript:download('{$file}')\">{$file}</a></nobr>\r\n <td bgcolor=\"#" . $fm_color['File'] . "\">" . $dir_entry["p"];
if ($islinux) {
$file_out .= "<td bgcolor=\"#" . $fm_color['File'] . "\">" . $dir_entry["u"] . "<td bgcolor=\"#" . $fm_color['File'] . "\">" . $dir_entry["g"];
}
$file_out .= "\r\n <td bgcolor=\"#" . $fm_color['File'] . "\">" . $dir_entry["sizet"] . "\r\n <td bgcolor=\"#" . $fm_color['File'] . "\">" . $dir_entry["datet"] . "\r\n <td bgcolor=\"#" . $fm_color['File'] . "\">" . $dir_entry["extt"];
// Opções de arquivo
if (is_writable($dir_atual . $file)) {
$file_out .= "\r\n <td bgcolor=\"#FFFFFF\" align=center><a href=\"javascript:if(confirm('" . strtoupper(et('Rem')) . " \\'" . $file . "\\' ?')) document.location.href='" . $path_info["basename"] . "?frame=3&action=8&cmd_arg=" . $file . "&dir_atual={$dir_atual}'\">" . et('Rem') . "</a>\r\n <td bgcolor=\"#FFFFFF\" align=center><a href=\"javascript:rename('{$file}')\">" . et('Ren') . "</a>";
}
if (is_readable($dir_atual . $file) && strpos(".wav#.mp3#.mid#.avi#.mov#.mpeg#.mpg#.rm#.iso#.bin#.img#.dll#.psd#.fla#.swf#.class#.ppt#.jpg#.gif#.png#.wmf#.eps#.bmp#.msi#.exe#.com#.rar#.tar#.zip#.bz2#.tbz2#.bz#.tbz#.bzip#.gzip#.gz#.tgz#", $dir_entry["ext"] . "#") === false) {
$file_out .= "\r\n <td bgcolor=\"#FFFFFF\" align=center><a href=\"javascript:edit_file('{$file}')\">" . et('Edit') . "</a>";
}
if (is_readable($dir_atual . $file) && strlen($dir_entry["ext"]) && strpos(".tar#.zip#.bz2#.tbz2#.bz#.tbz#.bzip#.gzip#.gz#.tgz#", $dir_entry["ext"] . "#") !== false) {
$file_out .= "\r\n <td bgcolor=\"#FFFFFF\" align=center><a href=\"javascript:decompress('{$file}')\">" . et('Decompress') . "</a>";
}
if ($is_reachable && is_readable($dir_atual . $file) && strpos(".txt#.sys#.bat#.ini#.conf#.swf#.php#.php3#.asp#.html#.htm#.jpg#.gif#.png#.bmp#", $dir_entry["ext"] . "#") !== false) {
$file_out .= "\r\n <td bgcolor=\"#FFFFFF\" align=center><a href=\"javascript:view('{$file}');\">" . et('View') . "</a>";
}
$file_out .= "</tr>";
}
}
$out .= $dir_out;
if ($entry_count) {
$out .= "\r\n <tr>\r\n <td bgcolor=\"#DDDDDD\"><a href=\"" . $path_info["basename"] . "?frame=3&or_by={$or1}&dir_atual={$dir_atual}\">" . et('Name') . "</a>\r\n <td bgcolor=\"#DDDDDD\"><a href=\"" . $path_info["basename"] . "?frame=3&or_by={$or2}&dir_atual={$dir_atual}\">" . et('Perms') . "</a>";
if ($islinux) {
$out .= "<td bgcolor=\"#DDDDDD\"><a href=\"" . $path_info["basename"] . "?frame=3&or_by={$or3}&dir_atual={$dir_atual}\">" . et('Owner') . "</a><td bgcolor=\"#DDDDDD\"><a href=\"" . $path_info["basename"] . "?frame=3&or_by={$or4}&dir_atual={$dir_atual}\">" . et('Group') . "</a>";
}
$out .= "\r\n <td bgcolor=\"#DDDDDD\"><a href=\"" . $path_info["basename"] . "?frame=3&or_by={$or5}&dir_atual={$dir_atual}\">" . et('Size') . "</a>\r\n <td bgcolor=\"#DDDDDD\"><a href=\"" . $path_info["basename"] . "?frame=3&or_by={$or6}&dir_atual={$dir_atual}\">" . et('Date') . "</a>";
if ($file_count) {
$out .= "\r\n <td bgcolor=\"#DDDDDD\"><a href=\"" . $path_info["basename"] . "?frame=3&or_by={$or7}&dir_atual={$dir_atual}\">" . et('Type') . "</a>";
}
$out .= "\r\n <td bgcolor=\"#DDDDDD\" colspan=20>";
}
$out .= $file_out;
$out .= "\r\n <tr>\r\n <td bgcolor=\"#DDDDDD\" colspan=20><nobr>\r\n <input type=\"button\" style=\"width:60\" onclick=\"selectANI(this)\" value=\"" . et('SelAll') . "\">\r\n <input type=\"button\" style=\"width:60\" onclick=\"selectANI(this)\" value=\"" . et('SelInverse') . "\">\r\n <input type=\"button\" style=\"width:60\" onclick=\"test(4)\" value=\"" . et('Rem') . "\">\r\n <input type=\"button\" style=\"width:60\" onclick=\"sel_dir(5)\" value=\"" . et('Copy') . "\">\r\n <input type=\"button\" style=\"width:60\" onclick=\"sel_dir(6)\" value=\"" . et('Move') . "\">\r\n <input type=\"button\" style=\"width:100\" onclick=\"test_prompt(71)\" value=\"" . et('Compress') . "\">";
if ($islinux) {
$out .= "\r\n <input type=\"button\" style=\"width:100\" onclick=\"resolveIDs()\" value=\"" . et('ResolveIDs') . "\">";
}
$out .= "\r\n <input type=\"button\" style=\"width:100\" onclick=\"chmod(9)\" value=\"" . et('Perms') . "\">";
$out .= "\r\n </nobr></td>\r\n </tr>";
$out .= "\r\n </form>";
$out .= "\r\n <tr><td bgcolor=\"#DDDDDD\" colspan=20>{$dir_count} " . et('Dir_s') . " " . et('And') . " {$file_count} " . et('File_s') . " = " . formatsize($total_size) . "</td></tr>";
if ($quota_mb) {
$out .= "\r\n <tr><td bgcolor=\"#DDDDDD\" colspan=20>" . et('Partition') . ": " . formatsize($quota_mb * 1024 * 1024) . " " . et('Total') . " - " . formatsize($quota_mb * 1024 * 1024 - total_size($fm_root_atual)) . " " . et('Free') . "</td></tr>";
} else {
$out .= "\r\n <tr><td bgcolor=\"#DDDDDD\" colspan=20>" . et('Partition') . ": " . formatsize(disk_total_space($dir_atual)) . " " . et('Total') . " - " . formatsize(disk_free_space($fm_root_atual)) . " " . et('Free') . "</td></tr>";
}
$tf = getmicrotime();
$tt = $tf - $ti;
$out .= "\r\n <tr><td bgcolor=\"#DDDDDD\" colspan=20>" . et('RenderTime') . ": " . substr($tt, 0, strrpos($tt, ".") + 5) . " " . et('Seconds') . "</td></tr>";
$out .= "\r\n <script language=\"Javascript\" type=\"text/javascript\">\r\n <!--\r\n update_sel_status();\r\n //-->\r\n </script>";
} else {
$out .= "\r\n <tr>\r\n <td bgcolor=\"#DDDDDD\" width=\"1%\">{$uplink}<td bgcolor=\"#DDDDDD\" colspan=20><nobr><a href=\"" . $path_info["basename"] . "?frame=3&dir_atual={$dir_atual}\">{$dir_atual}</a></nobr>\r\n <tr><td bgcolor=\"#DDDDDD\" colspan=20>" . et('EmptyDir') . ".</tr>";
}
} else {
$out .= "<tr><td><font color=red>" . et('IOError') . ".<br>{$dir_atual}</font>";
}
$out .= "</table>";
echo $out;
}
<?php
$cookie_user_id = $HTTP_COOKIE_VARS["cookie_user_id"];
$cookie_user_password = $HTTP_COOKIE_VARS["cookie_user_password"];
$loginsession = $HTTP_SESSION_VARS["loginsession"];
$login = FALSE;
if ($loginform[username] && $loginform[userpassword] || $loginsession || $cookie_user_id && $cookie_user_password) {
///////////////////////////////////
// PREPARE
///////////////////////////////////
if (!$loginform) {
if ($loginsession) {
$loginform[username] = $loginsession[user_login];
$loginform[userpassword] = $loginsession[user_password];
} elseif ($cookie_user_id && $cookie_user_password) {
$user = getuser($cookie_user_id);
$loginform[username] = $user[user_login];
$loginform[userpassword] = $cookie_user_password;
}
}
///////////////////////////////////
// CHECK
///////////////////////////////////
$login = checkuser($logout);
///////////////////////////////////
// LOGIN SUCCESSFULL ??????
///////////////////////////////////
if (!is_array($login)) {
#######LOGIN FAILED#######
if ($login == "1") {
eval("\$inc[action] = \"" . gettemplate("fail.login.noexistinguser") . "\";");
bbsinfo($con, $bid, @$_REQUEST['name']);
} else {
if ($ask == "login") {
login($con, @$_REQUEST['username'], @$_REQUEST['password'], $ip);
} else {
if ($ask == "logout") {
logout($con, $token, $ip);
} else {
if ($ask == "register") {
register($con, $ip);
} else {
if ($ask == "boardcast") {
boardcast($con, $token, $text);
} else {
if ($ask == "getuser") {
getuser($con, $token);
} else {
if ($ask == "userexists") {
userexists($con);
} else {
if ($ask == "hot") {
hot($con, $token);
} else {
if ($ask == "news") {
news($con, $token);
} else {
if ($ask == "tidinfo") {
tidinfo($con, $bid, $tid);
} else {
if ($ask == "recentpost") {
recentpost($con, $view);
$catsquery = $db->query_str("SELECT * FROM {$tab['forum_board']} WHERE is_cat='1' AND visible='1' ORDER BY sort");
while ($cat = $db->fetch_array($catsquery)) {
unset($j, $incf[boardbit]);
$boardsquery = $db->query_str("SELECT * FROM {$tab['forum_board']} WHERE is_cat='0' AND parent_boardid='{$cat['id']}' AND visible='1' ORDER BY sort");
while ($board = $db->fetch_array($boardsquery)) {
//if(!($j%3) && $j) {eval("\$incf[boardbit] .= \"".gettemplate("forum.index.board.bit.tr")."\";");}
if ($board[last_postid]) {
$lastpost = getpost($board[last_postid]);
} else {
unset($lastpost[settime]);
}
if ($board[board_password] && !checkboardpassword($boardpassword_c["{$board['id']}"], $board)) {
eval("\$lastposting = \"" . gettemplate("forum.index.board.bit.lastposting.pwd.noaccess") . "\";");
} else {
if ($board[last_userid]) {
$lastuser = getuser($board[last_userid]);
$last_user_name = mkuser("user_name", $NULL, $lastuser);
$last_time = mkdate($lastpost[settime]);
eval("\$lastposting = \"" . gettemplate("forum.index.board.bit.lastposting") . "\";");
} else {
eval("\$lastposting = \"" . gettemplate("forum.index.board.bit.nolastposting") . "\";");
}
}
if ($login[id] && $lastpost[settime] >= $login[last_forum_read] && $lastpost[aut_id] != $login[id]) {
$css_td = "board_td_unread";
$css_td_font = "board_td_unread_font";
$css_th = "board_th_unread";
$css_th_font = "board_th_unread_font";
} else {
$css_td = "board_td";
$css_td_font = "board_td_font";
$remember = isset($_POST['remember']);
//$password_hash = md5($password);password_hash($password, PASSWORD_DEFAULT)
if (!empty($username) && !empty($password)) {
$query = "SELECT * FROM users WHERE username = '******'";
$result = $conn->query($query);
if ($result->num_rows == 0) {
$status = 'INVALID';
} elseif ($result->num_rows > 0) {
$row = $result->fetch_assoc();
if ($row) {
$password_hash = $row['password'];
if (password_verify($password, $password_hash)) {
if ($remember) {
$_SESSION['username'] = $row['username'];
}
$user = getuser();
$status = 'LOGGED_IN';
} else {
$status = 'FAILED';
}
}
}
} else {
$status = 'BLANK';
}
}
// create the new XML document
$dom = new DOMDocument();
// create the root <response> element
$response = $dom->createElement('response');
$dom->appendChild($response);
