function parseRequest() { global $_SITE_CONFIG; $request = $_GET ? $_GET : $_POST; $module = $request['module']; $method = $request['method']; $log = $request; $log['paramsArray'] = $this->myAddslashes(unserialize($request['params'])); doLog($log, empty($_POST) ? '$_GET: ' : '$_POST: '); $errCode = 0; $errMessage = ''; if ($_SITE_CONFIG['site_close']) { $errCode = 2; $errMessage = 'Site Closed'; } elseif (!$_SITE_CONFIG['my_status']) { $errCode = 2; $errMessage = 'Manyou Service Disabled'; } elseif (!$_SITE_CONFIG['site_key']) { $errCode = 11; $errMessage = 'Client SiteKey NOT Exists'; } elseif (!$_SITE_CONFIG['my_site_key']) { $errCode = 12; $errMessage = 'My SiteKey NOT Exists'; } elseif (empty($module) || empty($method)) { $errCode = '3'; $errMessage = 'Invalid Method: ' . $moudle . '.' . $method; } if (get_magic_quotes_gpc()) { $request['params'] = sstripslashes($request['params']); } $mySign = $module . '|' . $method . '|' . $request['params'] . '|' . $_SITE_CONFIG['my_site_key']; $mySign = md5($mySign); if ($mySign != $request['sign']) { $errCode = '10'; $errMessage = 'Error Sign'; } if ($errCode) { return new APIErrorResponse($errCode, $errMessage); } $params = unserialize($request['params']); $params = $this->myAddslashes($params); if ($module == 'Batch' && $method == 'run') { $response = array(); foreach ($params as $param) { $response[] = $this->callback($param['module'], $param['method'], $param['params']); } return new APIResponse($response, 'Batch'); } return $this->callback($module, $method, $params); }
//输入检查 $_POST['catid'] = intval($_POST['catid']); $_POST['customfieldid'] = intval($_POST['customfieldid']); $_POST['picid'] = empty($_POST['picid']) ? 0 : intval($_POST['picid']); //图文资讯标志 //检查输入 $_POST['subject'] = shtmlspecialchars(trim($_POST['subject'])); //标题支持html if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) { showmessage('space_suject_length_error'); } if (empty($_POST['catid'])) { showmessage('admin_func_catid_error'); } //自定义信息 $setcustomfieldtext = empty($_POST['customfieldtext'][$_POST['customfieldid']]) ? serialize(array()) : addslashes(serialize(shtmlspecialchars(sstripslashes($_POST['customfieldtext'][$_POST['customfieldid']])))); //TAG处理 if (empty($_POST['tagname'])) { $_POST['tagname'] = ''; } $tagarr = posttag($_POST['tagname']); //构建数据 $setsqlarr = array('catid' => $_POST['catid'], 'subject' => scensor($_POST['subject'], 1), 'hash' => $_POST['hash'], 'picid' => $_POST['picid']); $_SGET['folder'] = checkperm('allowdirectpost') ? 1 : (isset($_SGET['folder']) && intval($_SGET['folder']) == 0 ? 0 : 1); //标题样式 empty($_POST['strong']) ? $_POST['strong'] = '' : ($_POST['strong'] = 1); empty($_POST['reply_notify']) ? $_POST['reply_notify'] = 0 : ($_POST['reply_notify'] = intval($_POST['reply_notify'])); empty($_POST['allowedit']) ? $_POST['allowedit'] = 0 : ($_POST['allowedit'] = intval($_POST['allowedit'])); empty($_POST['pollid']) ? $_POST['pollid'] = 0 : ($_POST['pollid'] = intval($_POST['pollid'])); empty($_POST['underline']) ? $_POST['underline'] = '' : ($_POST['underline'] = 1); empty($_POST['em']) ? $_POST['em'] = '' : ($_POST['em'] = 1);
function IHomeServiceCreateComplain($params = NULL) { global $_SGLOBAL; if ($params['uid']) { if ($params['uid'] <= 0) { $errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct. the id must be a positive interger."); return json_encode($errorMsg); } else { $sql = "select name,username from " . tname('space') . " where uid = " . $params['uid']; $query = $_SGLOBAL['db']->query($sql); if ($row = $_SGLOBAL['db']->fetch_array($query)) { if ($row['name']) { $params['uname'] = $row['name']; } else { $params['uname'] = $row['username']; } } else { $errorMsg = array("errorNo" => "500", "content" => "the uid is not exist"); return json_encode($errorMsg); } } } else { $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter uid.the uid is not exist or the uid is not a positive interger."); return json_encode($errorMsg); } // 忽略department_id_list if (!$params['content']) { $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter message.the message is not exist or the message is empty."); return json_encode($errorMsg); } if ($params['device'] && !in_array($params['device'], array('web', 'wechat', 'mobile'))) { $errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct. the parameter device is out of range."); return json_encode($errorMsg); } $UserIds = array(); $mood = 0; $params['status'] = 'init'; $params['reply_count'] = 0; $params['timestamp'] = time(); $params['department_list'] = array(); $params['operation_list'] = array(); $params['reply_list'] = array(); preg_match("/\\[em\\:(\\d+)\\:\\]/s", $params['content'], $ms); $mood = empty($ms[1]) ? 0 : intval($ms[1]); $message = rawurldecode(getstr($params['content'], 1000, 1, 1, 1, 2)); preg_match_all("/[@](.*)[(]([\\d]+)[)]\\s*/U", $message, $matches, PREG_SET_ORDER); # 加上链接 foreach ($matches as $value) { $TmpString = $value[0]; $TmpName = $value[1]; $UserId = $value[2]; $result = $_SGLOBAL['db']->query("select uid,username,name from " . tname('space') . " where uid={$UserId}"); if ($rs = $_SGLOBAL['db']->fetch_array($result)) { $realname = $rs['name']; if (empty($realname)) { $realname = $rs['username']; } $params['department_list'][intval($UserId)] = $realname; $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; if ($ValidValue != false) { $message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $message); if (!in_array($UserId, $UserIds)) { $UserIds[] = $UserId; } } } } $message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $message); $message = preg_replace("/\\<br.*?\\>/is", ' ', $message); $params['content'] = $message; $setarr = array('uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'from' => $params['uid'], 'message' => $message, 'mood' => $mood, 'ip' => getonlineip(), 'fromdevice' => 'web'); if ($params['device']) { $setarr['fromdevice'] = $params['device']; } if ($params['ip']) { $setarr['ip'] = $params['ip']; } $newdoid = inserttable('doing', $setarr, 1); @(include_once S_ROOT . './data/data_creditrule.php'); $isComplain = TRUE; /*if($isComplain && ($_SGLOBAL['member']['credit'] < $_SGLOBAL['creditrule']['complain']['credit'])){ # 如果积分不够 $isComplain = FALSE; $note = cplang('note_complain_credit_failed', array("space.php?do=doing&doid=$newdoid")); notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note); $complain_msg = 'note_complain_credit_failed'; }*/ # 这部分可能会出错 foreach ($UserIds as $UserId) { if ($isComplain) { $UserDept = isDepartment($UserId, 1); if ($UserDept) { $nowtime = time(); $complain = array('doid' => $newdoid, 'uid' => $params['uid'], 'uname' => $params['uname'], 'atdepartment' => $UserDept['department'], 'atdeptuid' => $UserId, 'from' => $params['uid'], 'atuid' => $UserId, 'atuname' => $UserDept['department'], 'isreply' => 0, 'addtime' => $nowtime, 'dateline' => $nowtime, 'expire' => 0, 'times' => 1, 'issendmsg' => 0, 'message' => $message, 'datatime' => date("Ymd", $nowtime)); inserttable('complain', $complain, 0); $note = cplang('note_complain_buchu', array("space.php?do=complain_item&doid={$newdoid}", date('Y-m-d H:i', $nowtime + 3600 * 24))); notification_complain_add($UserId, 'complain', $note); $complainOK = TRUE; } else { $note = cplang('note_doing_at', array("space.php?do=doing&doid={$newdoid}")); notification_add($UserId, 'atyou', $note); } } } if ($complainOK) { $note = cplang('note_complain_user_success', array("space.php?do=complain_item&doid={$newdoid}")); notification_complain_add($params['uid'], 'complain', $note); $complain_msg = 'note_complain_user_success'; getreward('complain', 1, $params['uid']); } if (!$complainOK && $isComplain) { if ($UserId == '0000') { //系统管理员 虽然并没有什么用 $note = cplang("您好,您的诉求已发送成功。谢谢您对ihome社区的大力支持!", array("space.php?do=doing&doid={$newdoid}")); notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note); } else { $note = cplang('note_complain_user_failed', array("space.php?do=doing&doid={$newdoid}")); notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note); $complain_msg = 'note_complain_user_failed'; } } $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid', 'fromdevice' => 'web', 'ip' => getonlineip()); if ($params['device']) { $feedarr['fromdevice'] = $params['device']; } if ($params['ip']) { $feedarr['ip'] = $params['ip']; } $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); //ϲºÃhash $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); //ºÏ²¢hash $feedid = inserttable('feed', $feedarr, 1); updatestat('doing'); $setarr = array('note' => $message); $reward = getreward('doing', 0); updatetable('spacefield', $setarr, array('uid' => $params['uid'])); return json_encode($params); }
function notification_add($uid, $type, $note, $returnid=0) { global $_SGLOBAL; //获取对方的筛选条件 $tospace = getspace($uid); //更新我的好友关系热度 if($_SGLOBAL['supe_uid']) { addfriendnum($tospace['uid'], $tospace['username']); } $setarr = array( 'uid' => $uid, 'type' => $type, 'new' => 1, 'authorid' => $_SGLOBAL['supe_uid'], 'author' => $_SGLOBAL['supe_username'], 'note' => addslashes(sstripslashes($note)), 'dateline' => $_SGLOBAL['timestamp'] ); $filter = empty($tospace['privacy']['filter_note'])?array():array_keys($tospace['privacy']['filter_note']); if(cknote_uid($setarr, $filter)) { //更新用户通知 $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET notenum=notenum+1 WHERE uid='$uid'"); if($returnid) { return inserttable('notification', $setarr, $returnid); } else { inserttable('notification', $setarr); } } }
//链接数据库 dbconnect(); } else { error_reporting(0); set_magic_quotes_runtime(0); defined('MAGIC_QUOTES_GPC') || define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc()); include_once S_ROOT . './config.php'; include_once S_ROOT . './data/data_config.php'; include_once S_ROOT . './source/function_common.php'; //链接数据库 dbconnect(); $get = $post = array(); $code = @$_GET['code']; parse_str(authcode($code, 'DECODE', UC_KEY), $get); if (MAGIC_QUOTES_GPC) { $get = sstripslashes($get); } if ($_SGLOBAL['timestamp'] - $get['time'] > 3600) { exit('Authracation has expiried'); } if (empty($get)) { exit('Invalid Request'); } include_once S_ROOT . './uc_client/lib/xml.class.php'; $post = xml_unserialize(file_get_contents('php://input')); if (in_array($get['action'], array('test', 'deleteuser', 'renameuser', 'gettag', 'synlogin', 'synlogout', 'updatepw', 'updatebadwords', 'updatehosts', 'updateapps', 'updateclient', 'updatecredit', 'getcredit', 'getcreditsettings', 'updatecreditsettings', 'addfeed'))) { $uc_note = new uc_note(); echo $uc_note->{$get}['action']($get, $post); exit; } else { exit(API_RETURN_FAILED);
$replaces[] = $itemvalue[$key]; } $bwzt['related'][$appid]['data'][$itemkey]['html'] = stripslashes(str_replace($searchs, $replaces, $_SGLOBAL['tagtpl']['data'][$appid]['template'])); } else { unset($bwzt['related'][$appid]['data'][$itemkey]); } } } else { $bwzt['related'][$appid]['data'] = ''; } if (empty($bwzt['related'][$appid]['data'])) { unset($bwzt['related'][$appid]); } } } updatetable('bwztfield', array('related' => addslashes(serialize(sstripslashes($bwzt['related']))), 'relatedtime' => $_SGLOBAL['timestamp']), array('bwztid' => $bwzt['bwztid'])); //更新 } else { $bwzt['related'] = empty($bwzt['related']) ? array() : unserialize($bwzt['related']); } //作者的其他最新日志 $otherlist = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('bwzt') . " WHERE uid='{$space['uid']}' ORDER BY dateline DESC LIMIT 0,6"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($value['bwztid'] != $bwzt['bwztid'] && empty($value['friend'])) { $otherlist[] = $value; } } //最新的日志 $newlist = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('bwzt') . " WHERE hot>=3 ORDER BY dateline DESC LIMIT 0,6");
$rs = $_SGLOBAL['db']->fetch_array($result); $realname = $rs['name']; //调用检查函数将@后的内容进行验证,为UID对应的姓名相同则返回@与姓名,不相同则继续判断下一个@,没有找到匹配的最终将返回false $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; $Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message); } //替换表情 $Message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $Message); $Message = preg_replace("/\\<br.*?\\>/is", ' ', $Message); //print_r($Message); $arr = array("username" => getstr($username, 15, 1, 1, 1), "message" => $Message, "uid" => intval($userid), "replynum" => 0, "mood" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'ip' => getonlineip()); $newdoid = inserttable('doing', $arr, 1); //事件feed $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $userid, 'username' => $username, 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $Message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid'); $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); //喜好hash $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); //合并hash inserttable('feed', $feedarr, 1); updatestat('doing'); //更新空间note $setarr = array('note' => $Message); if (!empty($_POST['spacenote'])) { $reward = getreward('updatemood', 0); $setarr['spacenote'] = $Message; } else { $reward = getreward('doing', 0); } updatetable('spacefield', $setarr, array('uid' => $userid));
$query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('tagspace') . " WHERE tagid='{$tagid}' AND grade > 8 LIMIT 0 , 5"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $notearr[] = array('uid' => $value['uid'], 'type' => 'mtag', 'new' => 1, 'authorid' => $_SGLOBAL['supe_uid'], 'author' => $_SGLOBAL['supe_username'], 'note' => addslashes(sstripslashes($message)), 'dateline' => $_SGLOBAL['timestamp']); } if (!$notearr) { $groups = array(); @(include_once S_ROOT . './data/data_usergroup.php'); foreach ($_SGLOBAL['usergroup'] as $gid => $value) { if ($value['managemtag']) { $groups[] = $gid; } } if ($groups) { $query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE groupid IN (" . simplode($groups) . ") LIMIT 0 , 5"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $notearr[] = array('uid' => $value['uid'], 'type' => 'mtag', 'new' => 1, 'authorid' => $_SGLOBAL['supe_uid'], 'author' => $_SGLOBAL['supe_username'], 'note' => addslashes(sstripslashes($message)), 'dateline' => $_SGLOBAL['timestamp']); } } } note_apply($notearr); showmessage('do_success'); } } else { //创建新群组 if (!checkperm('allowmtag')) { showmessage('no_privilege'); } //实名认证 ckrealname('share'); //新用户见习 cknewuser();
if ($listcount) { $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('ads') . $wheresql . ' ORDER BY displayorder LIMIT ' . $start . ',' . $perpage); while ($ad = $_SGLOBAL['db']->fetch_array($query)) { $listvalue[] = $ad; } $multipage = multi($listcount, $perpage, $page, $theurl); } $viewclass = ' class="active"'; } elseif ($_GET['op'] == 'edit') { $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('ads') . " WHERE adid='{$_POST['adid']}'"); $thevalue = $_SGLOBAL['db']->fetch_array($query); if ($thevalue['style'] != 'pageoutindex' && $thevalue['style'] != 'all') { $pageout_style = 'none'; } $parameters = empty($thevalue['parameters']) ? array() : unserialize($thevalue['parameters']); $parameters = sstripslashes($parameters); $isupdate = '<input type="hidden" name="update" value="1"><input type="hidden" name="adid" value="' . $thevalue['adid'] . '">'; } elseif ($_GET['op'] == 'add') { if ($system == '0') { $addsystemclass = ' class="active"'; } else { $adduserclass = ' class="active"'; } $thevalue = array('adid' => '', 'title' => '', 'adtype' => '', 'parameters' => '', 'pagetype' => '', 'type' => '', 'style' => ''); } elseif ($_GET['op'] == 'code') { if (empty($_POST['adid'])) { showmessage('ad_no_ads'); } $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('ads') . " WHERE adid='{$_POST['adid']}' AND system = 1"); if ($thevalue = $_SGLOBAL['db']->fetch_array($query)) { $parameters = unserialize($thevalue['parameters']);
case 'text': $adcodes['textcontent'] = getstr($_POST['adcode']['textcontent'], 0, 1, 1); $adcodes['texturl'] = $_POST['adcode']['texturl']; $adcodes['textsize'] = floatval($_POST['adcode']['textsize']); $size = empty($adcodes['textsize']) ? '' : 'style="font-size:' . $adcodes['textsize'] . 'px;"'; $html = '<span style="padding:0.8em"><a href="' . stripslashes($_POST['adcode']['texturl']) . '" target="_blank" ' . $size . '>' . $adcodes['textcontent'] . '</a></span>'; break; default: break; } if (empty($adcodes)) { cpmessage('please_check_whether_the_option_complete_required'); } else { $adcodes['type'] = $_POST['adcode']['type']; } $setarr = array('title' => $_POST['title'], 'pagetype' => $_POST['pagetype'], 'adcode' => addslashes(serialize(sstripslashes($adcodes))), 'system' => $_POST['system'], 'available' => empty($_POST['system']) ? 1 : intval($_POST['available'])); if (empty($adid)) { $adid = inserttable('ad', $setarr, 1); } else { updatetable('ad', $setarr, array('adid' => $adid)); } //写入模板 $tpl = S_ROOT . './data/adtpl/' . $adid . '.htm'; swritefile($tpl, $html); //缓存更新 include_once S_ROOT . './source/function_cache.php'; ad_cache(); cpmessage('do_success', 'admincp.php?ac=ad'); } elseif (submitcheck('delsubmit')) { include_once S_ROOT . './source/function_delete.php'; if (!empty($_POST['adids']) && deleteads($_POST['adids'])) {
function privacy_update() { global $_SGLOBAL, $space; updatetable('spacefield', array('privacy' => addslashes(serialize(sstripslashes($space['privacy'])))), array('uid' => $_SGLOBAL['supe_uid'])); }
$html = '<span style="padding:0.8em"><a href="'.stripslashes($_POST['adcode']['texturl']).'" target="_blank" '.$size.'>'.$adcodes['textcontent'].'</a></span>'; break; default: break; } if(empty($adcodes)) { cpmessage('please_check_whether_the_option_complete_required'); } else { $adcodes['type'] = $_POST['adcode']['type']; } $setarr = array( 'title' => $_POST['title'], 'pagetype' => $_POST['pagetype'], 'adcode' => addslashes(serialize(sstripslashes($adcodes))), 'system' => $_POST['system'], 'available' => empty($_POST['system'])?1:intval($_POST['available']) ); if(empty($adid)) { $adid = inserttable('ad', $setarr, 1); } else { updatetable('ad', $setarr, array('adid' => $adid)); } //写入模板 $tpl = S_ROOT.'./data/adtpl/'.$adid.'.htm'; swritefile($tpl, $html); //缓存更新
$WallRecFlag = intval($_GET['flag']); if ($WallRecId > 0) { $WallRecFlag = $WallRecFlag ? 0 : 1; if ($WallRecFlag) { updatetable('wallfield', array('pass' => $WallRecFlag, 'display' => 0, 'checktime' => $_SGLOBAL['timestamp']), array('id' => $WallRecId)); // 更新审批状态 } else { updatetable('wallfield', array('pass' => $WallRecFlag, 'display' => 0, 'checktime' => 0), array('id' => $WallRecId)); // 更新审批状态 } } $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('wallfield') . " where id=" . $WallRecId); $value = $_SGLOBAL['db']->fetch_array($query); $message = "<a href=\"plugin.php?pluginid=wall&ac=track&wallid=" . $WallId . "\">#" . $WallTitle . "#</a> " . $value['message']; if ($WallRecFlag && $value['feedid'] == 0) { $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $value['uid'], 'username' => $value['username'], 'dateline' => $value['timeline'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $message)))), 'body_template' => '', 'body_data' => '', 'id' => $value['id'], 'idtype' => 'wallid'); $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); $FeedId = inserttable('feed', $feedarr, 1); if ($FeedId) { updatetable('wallfield', array('feedid' => $FeedId), array('id' => $WallRecId)); } } elseif ($WallRecFlag == 0 && $value['feedid']) { $_SGLOBAL['db']->query("DELETE FROM " . tname("feed") . " WHERE feedid =" . $value['feedid']); updatetable('wallfield', array('feedid' => 0), array('id' => $WallRecId)); } cpmessage("do_success", "admincp.php?ac=wallcontentmanage", 1); } elseif ($op == 'delete') { $WallRecId = intval($_GET['id']); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('wallfield') . " where id=" . $WallRecId); $value = $_SGLOBAL['db']->fetch_array($query);
function verify_eventmembers($uids, $status) { global $_SGLOBAL, $event; if ($_SGLOBAL['supe_userevent']['status'] < 3) { showmessage('no_privilege_manage_event_members'); } $eventid = $_SGLOBAL['supe_userevent']['eventid']; if ($eventid != $event['eventid']) { $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("event") . " WHERE eventid='{$eventid}'"); $event = $_SGLOBAL['db']->fetch_array($query); } $status = intval($status); if ($status < -1 || $status > 3) { showmessage("bad_userevent_status"); // 请选择正确的活动成员状态 } if ($event['verify'] == 0 && $status == 0) { showmessage("event_not_set_verify"); } if ($status == 3 && $_SGLOBAL['supe_uid'] != $event['uid']) { showmessage("only_creator_can_set_admin"); // 只有创建者可以设管理员 } $newids = $actions = $userevents = array(); $num = 0; // 活动人数变化 $query = $_SGLOBAL['db']->query("SELECT ue.*, sf.* FROM " . tname("userevent") . " ue LEFT JOIN " . tname("spacefield") . " sf ON ue.uid=sf.uid WHERE ue.uid IN (" . simplode($uids) . ") AND ue.eventid='{$eventid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($value['status'] == $status || $event['uid'] == $value['uid'] || $value['status'] == 1) { // 相同 status 者,创建者,关注者 不处理 continue; } if ($status == 2) { //设为普通成员 $newids[] = $value['uid']; $userevents[$value['uid']] = $value; if ($value['status'] == 0) { // 加入 $actions[$value['uid']] = "set_verify"; $num += $value['fellow'] + 1; } elseif ($value['status'] == 3) { // 取消组织者身份 $actions[$value['uid']] = "unset_admin"; } } elseif ($status == 3) { //设为组织者 $newids[] = $value['uid']; $userevents[$value['uid']] = $value; $actions[$value['uid']] = "set_admin"; if ($value['status'] == 0) { $num += $value['fellow'] + 1; } } elseif ($status == 0) { //设为待审核 $newids[] = $value['uid']; $userevents[$value['uid']] = $value; $actions[$value['uid']] = "unset_verify"; if ($value['status'] >= 2) { $num -= $value['fellow'] + 1; } } elseif ($status == -1) { //删除成员 $newids[] = $value['uid']; $userevents[$value['uid']] = $value; $actions[$value['uid']] = "set_delete"; if ($value['status'] >= 2) { $num -= $value['fellow'] + 1; } } } if (empty($newids)) { return array(); } if ($event['limitnum'] > 0 && $event['membernum'] + $num > $event['limitnum']) { // 活动人数超了 showmessage("event_will_full"); } $note_inserts = $note_ids = $feed_inserts = array(); $feedarr = array('appid' => UC_APPID, 'icon' => 'event', 'uid' => '', 'username' => '', 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('event_join'), 'title_data' => array('title' => $event['title'], "eventid" => $event['eventid'], "uid" => $event['uid'], "username" => $event['username']), 'body_template' => '', 'body_data' => array(), 'body_general' => '', 'image_1' => '', 'image_1_link' => '', 'image_2' => '', 'image_2_link' => '', 'image_3' => '', 'image_3_link' => '', 'image_4' => '', 'image_4_link' => '', 'target_ids' => '', 'friend' => ''); $feedarr = sstripslashes($feedarr); //去掉转义 $feedarr['title_data'] = serialize(sstripslashes($feedarr['title_data'])); //数组转化 $feedarr['body_data'] = serialize(sstripslashes($feedarr['body_data'])); //数组转化 $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); //喜好hash $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); //合并hash $feedarr = saddslashes($feedarr); //增加转义 foreach ($newids as $id) { if ($status > 1 && $userevents[$id]['status'] == 0) { // 通过审核参加了活动,发布参加活动feed $feedarr['uid'] = $userevents[$id]['uid']; $feedarr['username'] = $userevents[$id]['username']; $feed_inserts[] = "('{$feedarr['appid']}', 'event', '{$feedarr['uid']}', '{$feedarr['username']}', '{$feedarr['dateline']}', '0', '{$feedarr['hash_template']}', '{$feedarr['hash_data']}', '{$feedarr['title_template']}', '{$feedarr['title_data']}', '{$feedarr['body_template']}', '{$feedarr['body_data']}', '{$feedarr['body_general']}', '{$feedarr['image_1']}', '{$feedarr['image_1_link']}', '{$feedarr['image_2']}', '{$feedarr['image_2_link']}', '{$feedarr['image_3']}', '{$feedarr['image_3_link']}', '{$feedarr['image_4']}', '{$feedarr['image_4_link']}')"; } $userevents[$id]['privacy'] = empty($userevents[$id]['privacy']) ? array() : unserialize($userevents[$id]['privacy']); $filter = empty($userevents[$id]['privacy']['filter_note']) ? array() : array_keys($userevents[$id]['privacy']['filter_note']); if (cknote_uid(array("type" => "eventmemberstatus", "authorid" => $_SGLOBAL['supe_uid']), $filter)) { $note_ids[] = $id; $note_msg = cplang('eventmember_' . $actions[$id], array("space.php?do=event&id=" . $event['eventid'], $event['title'])); $note_inserts[] = "('{$id}', 'eventmemberstatus', '1', '{$_SGLOBAL['supe_uid']}', '{$_SGLOBAL['supe_username']}', '" . addslashes($note_msg) . "', '{$_SGLOBAL['timestamp']}')"; } } if ($note_ids) { $_SGLOBAL['db']->query("INSERT INTO " . tname('notification') . " (`uid`, `type`, `new`, `authorid`, `author`, `note`, `dateline`) VALUES " . implode(',', $note_inserts)); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET notenum=notenum+1 WHERE uid IN (" . simplode($note_ids) . ")"); } if ($feed_inserts) { $_SGLOBAL['db']->query("INSERT INTO " . tname('feed') . " (`appid` ,`icon` ,`uid` ,`username` ,`dateline` ,`friend` ,`hash_template` ,`hash_data` ,`title_template` ,`title_data` ,`body_template` ,`body_data` ,`body_general` ,`image_1` ,`image_1_link` ,`image_2` ,`image_2_link` ,`image_3` ,`image_3_link` ,`image_4` ,`image_4_link`) VALUES " . implode(',', $feed_inserts)); } if ($status == -1) { // 删除 $_SGLOBAL['db']->query("DELETE FROM " . tname("userevent") . " WHERE uid IN (" . simplode($newids) . ") AND eventid='{$eventid}'"); } else { // 设置状态 $_SGLOBAL['db']->query("UPDATE " . tname("userevent") . " SET status='{$status}' WHERE uid IN (" . simplode($newids) . ") AND eventid='{$eventid}'"); } // 修改活动人数 if ($num != 0) { $_SGLOBAL['db']->query("UPDATE " . tname("event") . " SET membernum = membernum + ({$num}) WHERE eventid='{$eventid}'"); } return $newids; }
function getstr($string, $length, $in_slashes = 0, $out_slashes = 0, $html = 0, $charset = "utf-8") { $string = trim($string); if ($in_slashes) { //传入的字符有slashes $string = sstripslashes($string); } if ($html < 0) { //去掉html标签 $string = preg_replace("/(\\<[^\\<]*\\>|\r|\n|\\s|\\[.+?\\])/is", ' ', $string); $string = shtmlspecialchars($string); } elseif ($html == 0) { //转换html标签 $string = shtmlspecialchars($string); } if ($length && strlen($string) > $length) { //截断字符 $wordscut = ''; if (strtolower($charset) == 'utf-8') { //utf8编码 $n = 0; $tn = 0; $noc = 0; while ($n < strlen($string)) { $t = ord($string[$n]); if ($t == 9 || $t == 10 || 32 <= $t && $t <= 126) { $tn = 1; $n++; $noc++; } elseif (194 <= $t && $t <= 223) { $tn = 2; $n += 2; $noc += 2; } elseif (224 <= $t && $t < 239) { $tn = 3; $n += 3; $noc += 2; } elseif (240 <= $t && $t <= 247) { $tn = 4; $n += 4; $noc += 2; } elseif (248 <= $t && $t <= 251) { $tn = 5; $n += 5; $noc += 2; } elseif ($t == 252 || $t == 253) { $tn = 6; $n += 6; $noc += 2; } else { $n++; } if ($noc >= $length) { break; } } if ($noc > $length) { $n -= $tn; } $wordscut = substr($string, 0, $n); } else { for ($i = 0; $i < $length - 1; $i++) { if (ord($string[$i]) > 127) { $wordscut .= $string[$i] . $string[$i + 1]; $i++; } else { $wordscut .= $string[$i]; } } } $string = $wordscut; } if ($out_slashes) { //$string = saddslashes($string); } return trim($string); }
function verify_eventmembers($uids, $status) { global $_SGLOBAL, $event; if ($_SGLOBAL['supe_userevent']['status'] < 3) { showmessage('no_privilege_manage_event_members'); } $eventid = $_SGLOBAL['supe_userevent']['eventid']; if ($eventid != $event['eventid']) { $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("event") . " WHERE eventid='{$eventid}'"); $event = $_SGLOBAL['db']->fetch_array($query); } $status = intval($status); if ($status < -1 || $status > 3) { showmessage("bad_userevent_status"); // Please select the correct status of the event Members } if ($event['verify'] == 0 && $status == 0) { showmessage("event_not_set_verify"); } if ($status == 3 && $_SGLOBAL['supe_uid'] != $event['uid']) { showmessage("only_creator_can_set_admin"); // Only Founder can set the administrator } $newids = $actions = $userevents = array(); $num = 0; // changing Event Member Number $query = $_SGLOBAL['db']->query("SELECT ue.*, sf.* FROM " . tname("userevent") . " ue LEFT JOIN " . tname("spacefield") . " sf ON ue.uid=sf.uid WHERE ue.uid IN (" . simplode($uids) . ") AND ue.eventid='{$eventid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($value['status'] == $status || $event['uid'] == $value['uid'] || $value['status'] == 1) { // The same status, creator, who does not deal with concerned about continue; } if ($status == 2) { //Set to ordinary member $newids[] = $value['uid']; $userevents[$value['uid']] = $value; if ($value['status'] == 0) { // Join $actions[$value['uid']] = "set_verify"; $num += $value['fellow'] + 1; } elseif ($value['status'] == 3) { // cancel the Organizer status $actions[$value['uid']] = "unset_admin"; } } elseif ($status == 3) { //Set to Organizer $newids[] = $value['uid']; $userevents[$value['uid']] = $value; $actions[$value['uid']] = "set_admin"; if ($value['status'] == 0) { $num += $value['fellow'] + 1; } } elseif ($status == 0) { //Set to Pending $newids[] = $value['uid']; $userevents[$value['uid']] = $value; $actions[$value['uid']] = "unset_verify"; if ($value['status'] >= 2) { $num -= $value['fellow'] + 1; } } elseif ($status == -1) { //Delete Members $newids[] = $value['uid']; $userevents[$value['uid']] = $value; $actions[$value['uid']] = "set_delete"; if ($value['status'] >= 2) { $num -= $value['fellow'] + 1; } } } if (empty($newids)) { return array(); } if ($event['limitnum'] > 0 && $event['membernum'] + $num > $event['limitnum']) { // Event Number of members is over showmessage("event_will_full"); } $note_inserts = $note_ids = $feed_inserts = array(); $feedarr = array('appid' => UC_APPID, 'icon' => 'event', 'uid' => '', 'username' => '', 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('event_join'), 'title_data' => array('title' => $event['title'], "eventid" => $event['eventid'], "uid" => $event['uid'], "username" => $event['username']), 'body_template' => '', 'body_data' => array(), 'body_general' => '', 'image_1' => '', 'image_1_link' => '', 'image_2' => '', 'image_2_link' => '', 'image_3' => '', 'image_3_link' => '', 'image_4' => '', 'image_4_link' => '', 'target_ids' => '', 'friend' => ''); $feedarr = sstripslashes($feedarr); //Remove escape chars $feedarr['title_data'] = serialize(sstripslashes($feedarr['title_data'])); //Serialize $feedarr['body_data'] = serialize(sstripslashes($feedarr['body_data'])); //Serialize $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); //Like hash $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); //Merged hash $feedarr = saddslashes($feedarr); //Add slashes foreach ($newids as $id) { if ($status > 1 && $userevents[$id]['status'] == 0) { // Approved to participate in the Event, participate in activities publish to feed $feedarr['uid'] = $userevents[$id]['uid']; $feedarr['username'] = $userevents[$id]['username']; $feed_inserts[] = "('{$feedarr['appid']}', 'event', '{$feedarr['uid']}', '{$feedarr['username']}', '{$feedarr['dateline']}', '0', '{$feedarr['hash_template']}', '{$feedarr['hash_data']}', '{$feedarr['title_template']}', '{$feedarr['title_data']}', '{$feedarr['body_template']}', '{$feedarr['body_data']}', '{$feedarr['body_general']}', '{$feedarr['image_1']}', '{$feedarr['image_1_link']}', '{$feedarr['image_2']}', '{$feedarr['image_2_link']}', '{$feedarr['image_3']}', '{$feedarr['image_3_link']}', '{$feedarr['image_4']}', '{$feedarr['image_4_link']}')"; } $userevents[$id]['privacy'] = empty($userevents[$id]['privacy']) ? array() : unserialize($userevents[$id]['privacy']); $filter = empty($userevents[$id]['privacy']['filter_note']) ? array() : array_keys($userevents[$id]['privacy']['filter_note']); if (cknote_uid(array("type" => "eventmemberstatus", "authorid" => $_SGLOBAL['supe_uid']), $filter)) { $note_ids[] = $id; $note_msg = cplang('eventmember_' . $actions[$id], array("space.php?do=event&id=" . $event['eventid'], $event['title'])); $note_inserts[] = "('{$id}', 'eventmemberstatus', '1', '{$_SGLOBAL['supe_uid']}', '{$_SGLOBAL['supe_username']}', '" . addslashes($note_msg) . "', '{$_SGLOBAL['timestamp']}')"; } } if ($note_ids) { $_SGLOBAL['db']->query("INSERT INTO " . tname('notification') . " (`uid`, `type`, `new`, `authorid`, `author`, `note`, `dateline`) VALUES " . implode(',', $note_inserts)); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET notenum=notenum+1 WHERE uid IN (" . simplode($note_ids) . ")"); } if ($feed_inserts) { $_SGLOBAL['db']->query("INSERT INTO " . tname('feed') . " (`appid` ,`icon` ,`uid` ,`username` ,`dateline` ,`friend` ,`hash_template` ,`hash_data` ,`title_template` ,`title_data` ,`body_template` ,`body_data` ,`body_general` ,`image_1` ,`image_1_link` ,`image_2` ,`image_2_link` ,`image_3` ,`image_3_link` ,`image_4` ,`image_4_link`) VALUES " . implode(',', $feed_inserts)); } if ($status == -1) { // Delete $_SGLOBAL['db']->query("DELETE FROM " . tname("userevent") . " WHERE uid IN (" . simplode($newids) . ") AND eventid='{$eventid}'"); } else { // Set status $_SGLOBAL['db']->query("UPDATE " . tname("userevent") . " SET status='{$status}' WHERE uid IN (" . simplode($newids) . ") AND eventid='{$eventid}'"); } // Modify Event Number of members if ($num != 0) { $_SGLOBAL['db']->query("UPDATE " . tname("event") . " SET membernum = membernum + ({$num}) WHERE eventid='{$eventid}'"); } return $newids; }
} $order = !empty($_GET['order']) ? strtolower(trim($_GET['order'])) : 'dateline'; $sc = !empty($_GET['sc']) ? strtoupper(trim($_GET['sc'])) : 'DESC'; if(!in_array($order, array('dateline', 'updatetime', 'viewnum', 'friendnum', 'credit'))) $order = 'dateline'; if(!in_array($sc, array('DESC', 'ASC'))) $sc = 'DESC'; if($wherearr) $sql = 'WHERE '.implode(' AND ', $wherearr); $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('space')." $sql ORDER BY $order $sc LIMIT $start,$limit"); while($value = $_SGLOBAL['db']->fetch_array($query)) { $value['dateline'] = sgmdate('m-d H:i', $value['dateline']); $value['updatetime'] = sgmdate('m-d H:i', $value['updatetime']); $value['userlink'] = $siteurl.'space.php?uid='.$value['uid']; $value['photo'] = ckavatar($value['uid']) ? avatar($value['uid'], 'small',true) : UC_API.'/images/noavatar_small.gif'; $value = sstripslashes($value); $spacelist[] = $value; } echo serialize($spacelist); function getscopequery($var, $tarr, $isdate=0, $pre='') { global $_SGLOBAL; $wheresql = ''; if(!empty($pre)) $pre = $pre.'.'; if($tarr) { if($isdate) { $tarr = intval($tarr); if($tarr) $wheresql = $pre.$var.">='".($_SGLOBAL['timestamp']-$tarr)."'";
$multipage = multi($listcount, $perpage, $_SGET['page'], $theurl . $urlplus); } $rtarr['listcount'] = $listcount; $rtarr['multipage'] = $multipage; $rtarr['listarr'] = $listarr; $viewclass = ' class="active"'; } } elseif ($_GET['op'] == 'edit' || $_GET['op'] == 'view') { $itemid = intval($_GET['itemid']); $sqlplus = ''; if (!empty($itemid)) { $wheresqlstr = getwheresql($wheresqlarr); if (!empty($_GET['folder']) && $_GET['op'] == 'view') { $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('modelfolders') . ' WHERE itemid=\'' . $itemid . '\' AND mid=\'' . $resultmodels['mid'] . '\' AND ' . $wheresqlstr); $thevalue = $_SGLOBAL['db']->fetch_array($query); $thevalue = sstripslashes(unserialize($thevalue['message'])); } else { if ($wheresqlstr != 1) { $wheresqlstr = 'i.' . $wheresqlstr; } $query = $_SGLOBAL['db']->query('SELECT ii.*, i.* FROM ' . tname($resultmodels['modelname'] . 'message') . ' ii ' . 'LEFT JOIN ' . tname($resultmodels['modelname'] . 'items') . ' i ON i.itemid=ii.itemid ' . 'WHERE ii.itemid=\'' . $itemid . '\' AND ' . $wheresqlstr); $thevalue = $_SGLOBAL['db']->fetch_array($query); } if (empty($thevalue)) { showmessage('no_item_or_no_prem', S_URL . '/' . $theurl); } $tmpmessage = $thevalue['message']; if (!empty($thevalue)) { foreach ($thevalue as $tmpkey => $tmpvalue) { if (!empty($cacheinfo['columns'][$tmpkey]['isbbcode'])) { $thevalue[$tmpkey] = modeldiscuzcode($tmpvalue, 'de');
*/ if (!defined('IN_UCHOME')) { exit('Access Denied'); } //从uc获取feed include_once S_ROOT . './uc_client/client.php'; if ($results = uc_feed_get(10)) { //每次取10个 $cols = array('uid', 'username', 'appid', 'icon', 'dateline', 'hash_template', 'hash_data', 'title_template', 'title_data', 'body_template', 'body_data', 'body_general', 'image_1', 'image_1_link', 'image_2', 'image_2_link', 'image_3', 'image_3_link', 'image_4', 'image_4_link', 'target_ids'); $inserts = array(); foreach ($results as $value) { if (empty($value['uid']) || empty($value['username'])) { continue; } $vs = array(); foreach ($cols as $key) { if (is_array($value[$key])) { //数组处理 $value[$key] = addslashes(serialize(sstripslashes($value[$key]))); } else { $value[$key] = addslashes(sstripslashes($value[$key])); } $vs[] = '\'' . $value[$key] . '\''; } $inserts[] = '(' . implode(',', $vs) . ')'; } //入库 if ($inserts) { $_SGLOBAL['db']->query("INSERT INTO " . tname('feed') . " (`" . implode('`,`', $cols) . "`) VALUES " . implode(',', $inserts)); } }
} $start = ($page - 1) * $perpage; if (empty($_SCONFIG['networkpage'])) { $start = 0; } //类型 if ($_GET['type']) { $sub_actives = array('type_' . $_GET['type'] => ' class="active"'); $wheresql = "type='{$_GET['type']}'"; } else { $wheresql = '1'; $sub_actives = array('type_all' => ' class="active"'); } //检查开始数 ckstart($start, $perpage); //处理查询 $list = array(); $count = empty($_SCONFIG['networkpage']) ? 1 : $_SGLOBAL['db']->result($_SGLOBAL['db']->query("SELECT COUNT(*) FROM " . tname('share')), 0); if ($count) { $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('share') . " USE INDEX (dateline) WHERE {$wheresql} ORDER BY dateline DESC LIMIT {$start},{$perpage}"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { realname_set($value['uid'], $value['username']); $value = mkshare($value); $list[] = $value; } } //分页 $multi = empty($_SCONFIG['networkpage']) ? 'networkpage' : multi($count, $perpage, $page, $theurl . "&type={$_GET['type']}"); realname_get(); $_GET = shtmlspecialchars(sstripslashes($_GET));
function sstripslashes($string) { if (is_array($string)) { foreach ($string as $key => $val) { $string[$key] = sstripslashes($val); } } else { $string = stripslashes($string); } return $string; }
function verifyevents($eventids, $grade) { global $_SGLOBAL; $allowmanage = checkperm('manageevent'); $managebatch = checkperm('managebatch'); $opnum = 0; $eventarr = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("event") . " WHERE eventid IN (" . simplode($eventids) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($allowmanage && !$managebatch) { $opnum++; } } if (!$allowmanage || !$managebatch && $opnum > 1) { return array(); } $grade = intval($grade); if (!in_array($grade, array(-2, -1, 1, 2))) { cpmessage('bad_event_grade'); // 错误的活动状态 } $newids = $events = $actions = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('event') . " WHERE eventid IN (" . simplode($eventids) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($grade == $value['grade']) { continue; } $newids[] = $value['eventid']; $events[$value['eventid']] = $value; if ($grade == -1) { $actions[$value['eventid']] = "unverify"; //未通过审核 } elseif ($grade == 1) { if ($value['grade'] == -2) { $actions[$value['eventid']] = "open"; // 开启 } elseif ($value['grade'] < 1) { $actions[$value['eventid']] = "verify"; // 通过审核 } elseif ($value['grade'] == 2) { $actions[$value['eventid']] = "unrecommend"; // 取消推荐 } } elseif ($grade == 2) { //推荐奖励积分 getreward('recommendevent', 1, $value['uid'], '', 0); $actions[$value['eventid']] = "recommend"; //推荐 } elseif ($grade == -2) { $actions[$value['eventid']] = "close"; //关闭 } } if (empty($newids)) { return array(); } @(include_once S_ROOT . './data/data_eventclass.php'); $noteids = $note_inserts = array(); $feed_inserts = array(); foreach ($newids as $id) { $event = $events[$id]; if ($grade >= 1 && $events[$id]['grade'] < 1 && $events[$id]['grade'] >= -1) { // feed:发布活动 $poster = ""; if (empty($event['poster'])) { $poster = $_SGLOBAL['eventclass'][$event['classid']]['poster']; } else { $poster = pic_get($event['poster'], $event['thumb'], $event['remote']); } $feedarr = array('appid' => UC_APPID, 'icon' => 'event', 'uid' => $event['uid'], 'username' => $event['username'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('event_add'), 'title_data' => array('eventid' => $id, 'title' => $event['title']), 'body_template' => cplang('event_feed_info'), 'body_data' => array("eventid" => $id, "title" => $event['title'], "username" => $event['username'], 'starttime' => sgmdate('m-d H:i', $event['starttime']), 'endtime' => sgmdate('m-d H:i', $event['endtime']), 'province' => $event['province'], 'city' => $event['city'], 'location' => $event['location']), 'body_general' => '', 'image_1' => $poster, 'image_1_link' => 'space.php?do=event&id=' . $id, 'image_2' => '', 'image_2_link' => '', 'image_3' => '', 'image_3_link' => '', 'image_4' => '', 'image_4_link' => '', 'target_ids' => '', 'friend' => ''); $feedarr = sstripslashes($feedarr); //去掉转义 $feedarr['title_data'] = serialize(sstripslashes($feedarr['title_data'])); //数组转化 $feedarr['body_data'] = serialize(sstripslashes($feedarr['body_data'])); //数组转化 $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); //喜好hash $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); //合并hash $feedarr = saddslashes($feedarr); //增加转义 $feed_inserts[] = "('{$feedarr['appid']}', 'event', '{$feedarr['uid']}', '{$feedarr['username']}', '{$feedarr['dateline']}', '0', '{$feedarr['hash_template']}', '{$feedarr['hash_data']}', '{$feedarr['title_template']}', '{$feedarr['title_data']}', '{$feedarr['body_template']}', '{$feedarr['body_data']}', '{$feedarr['body_general']}', '{$feedarr['image_1']}', '{$feedarr['image_1_link']}', '{$feedarr['image_2']}', '{$feedarr['image_2_link']}', '{$feedarr['image_3']}', '{$feedarr['image_3_link']}', '{$feedarr['image_4']}', '{$feedarr['image_4_link']}', '', '{$id}', 'eventid')"; } if ($event['uid'] != $_SGLOBAL['supe_uid']) { // 自己的不发送通知 $noteids[] = $event[uid]; $note_msg = cplang('event_set_' . $actions[$id], array("space.php?do=event&id=" . $event['eventid'], $event['title'])); $note_inserts[] = "('{$event['uid']}', 'system', '1', '0', '', '" . addslashes($note_msg) . "', '{$_SGLOBAL['timestamp']}')"; } } unset($events); //修改状态 if ($grade == 2) { // 需要同时修改推荐时间 $_SGLOBAL['db']->query("UPDATE " . tname("event") . " SET grade='{$grade}', recommendtime='{$_SGLOBAL['timestamp']}' WHERE eventid IN (" . simplode($newids) . ")"); } else { $_SGLOBAL['db']->query("UPDATE " . tname("event") . " SET grade='{$grade}' WHERE eventid IN (" . simplode($newids) . ")"); } //通知 if ($note_inserts) { $_SGLOBAL['db']->query("INSERT INTO " . tname('notification') . " (`uid`, `type`, `new`, `authorid`, `author`, `note`, `dateline`) VALUES " . implode(',', $note_inserts)); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET notenum=notenum+1 WHERE uid IN (" . simplode($noteids) . ")"); } //Feed if ($feed_inserts) { $_SGLOBAL['db']->query("INSERT INTO " . tname('feed') . " (`appid` ,`icon` ,`uid` ,`username` ,`dateline` ,`friend` ,`hash_template` ,`hash_data` ,`title_template` ,`title_data` ,`body_template` ,`body_data` ,`body_general` ,`image_1` ,`image_1_link` ,`image_2` ,`image_2_link` ,`image_3` ,`image_3_link` ,`image_4` ,`image_4_link` ,`target_ids` ,`id` ,`idtype`) VALUES " . implode(',', $feed_inserts)); } return $newids; }
cpmsg('no_item', 'admin.php?action=list&m=' . $mname); } if ($mname == 'good' || $mname == 'groupbuy') { $relatedarr = array(); $relatedarr = getrelatedinfo($mname, $editvalue['itemid'], $editvalue['shopid']); } $editvalue['dateline'] = sgmdate($editvalue['dateline']); //管理員查看基本信息&& $mname=='shop' if ($_GET['op'] == 'adminview') { if (empty($_SGLOBAL['panelinfo'])) { getpanelinfo($_GET['itemid']); } if ($_GET['updatepass'] == 1) { $updateser = DB::fetch(DB::query("SELECT * FROM " . tname("itemupdates") . " WHERE itemid='{$_GET['itemid']}' and type = '{$mname}'")); $update = unserialize($updateser['update']); $update = sstripslashes($update); $update['groupid'] = $_SGLOBAL['panelinfo']['group']['title']; $categorylist = getmodelcategory($mname); $update['attr_catid'] = $update['catid']; $update['catid'] = $categorylist[$update['catid']]['name']; $categorylist = getmodelcategory('region'); $update['region'] = $categorylist[$update['region']]['name']; if (!empty($update['subjectimage'])) { $update['subjectimage'] = B_URL . '/' . getattachurl($update['subjectimage']); } if (!empty($update['banner'])) { $update['banner'] = B_URL . '/' . getattachurl($update['banner']); } if (!empty($update['windowsimg'])) { $update['windowsimg'] = B_URL . '/' . getattachurl($update['windowsimg']); }
//以下摘取addnews部分代码,私下觉得@功能不完整! preg_match_all("/[@](.*)[(]([\\d]+)[)]\\s/U", $Message, $Matches, PREG_SET_ORDER); foreach ($Matches as $value) { $TmpString = $value[0]; $TmpName = $value[1]; $UserId = $value[2]; $result = $_SGLOBAL['db']->query("select uid,username,name from " . tname('space') . " where uid={$UserId}"); $rs = $_SGLOBAL['db']->fetch_array($result); $realname = $rs['name']; $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; $Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message); } $Message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $Message); $Message = preg_replace("/\\<br.*?\\>/is", ' ', $Message); chdir("../../"); include_once 'source/function_cp.php'; $MobileFile = pic_save($File, $_POST['albumid'], $Message, $_POST['topicid']); if ($MobileFile && is_array($MobileFile)) { $arr = array("username" => getstr($username, 30, 1, 1, 1), "message" => $Message, "uid" => intval($userid), "replynum" => 0, "mood" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'ip' => getonlineip(), 'fromdevice' => $FromDevice, 'image_1' => pic_get($MobileFile['filepath'], $MobileFile['thumb'], $MobileFile['remote']), 'image_1_link' => "space.php?uid={$MobileFile['uid']}&do=album&picid={$MobileFile['picid']}"); $newdoid = inserttable('doing', $arr, 1); $Feedarray = array('appid' => 'UC_APPID', 'icon' => 'doing', 'id' => $newdoid, 'idtype' => 'doid', 'uid' => $MobileFile['uid'], 'username' => $MobileFile['username'], 'dateline' => $MobileFile['dateline'], 'fromdevice' => $FromDevice, 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $Message)))), 'body_template' => '', 'body_data' => '', 'image_1' => pic_get($MobileFile['filepath'], $MobileFile['thumb'], $MobileFile['remote']), 'image_1_link' => "space.php?uid={$MobileFile['uid']}&do=album&picid={$MobileFile['picid']}"); $Feedarray['hash_template'] = md5($Feedarray['title_template'] . "\t" . $Feedarray['body_template']); $Feedarray['hash_data'] = md5($Feedarray['title_template'] . "\t" . $Feedarray['title_data'] . "\t" . $Feedarray['body_template'] . "\t" . $Feedarray['body_data']); $Feedid = inserttable('feed', $Feedarray, 1); updatestat('doing'); $Result = array('flag' => 'success'); } else { $Result = array('flag' => 'fail_file&msg'); }
if(!$notearr) { $groups = array(); $query = $_SGLOBAL['db']->query("SELECT gid FROM ".tname('usergroup')." WHERE managemtag='1'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $groups[] = $value['gid']; } if($groups) { $query = $_SGLOBAL['db']->query("SELECT uid FROM ".tname('space')." WHERE groupid IN (".simplode($groups).") LIMIT 0 , 5"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $notearr[] = array( 'uid' => $value['uid'], 'type' => 'mtag', 'new' => 1, 'authorid' => $_SGLOBAL['supe_uid'], 'author' => $_SGLOBAL['supe_username'], 'note' => addslashes(sstripslashes($message)), 'dateline' => $_SGLOBAL['timestamp'] ); } } } note_apply($notearr); showmessage('do_success'); } } else { //创建新群组 if(!checkperm('allowmtag')) { ckspacelog(); showmessage('no_privilege'); }
<?php /* [UCenter Home] (C) 2007-2008 Comsenz Inc. $Id: admincp_network.php 10761 2008-12-18 06:55:26Z liguode $ */ if (!defined('IN_UCHOME') || !defined('IN_ADMINCP')) { exit('Access Denied'); } if (!checkperm('managenetwork')) { cpmessage('no_authority_management_operation'); } //取得单个数据 $thevalue = array(); $network = data_get('network'); $network = empty($network) ? array() : unserialize(sstripslashes($network)); $module = trim($_GET['module']) ? trim($_GET['module']) : ''; if (submitcheck('thevaluesubmit')) { $key = key($_POST['network']); $networkcache = array(); $wherearr = $sql = array(); if (empty($_POST['network'][$key]['usedefault'])) { $_POST['network'][$key]['start'] = intval($_POST['network'][$key]['start']); $_POST['network'][$key]['limit'] = intval($_POST['network'][$key]['limit']) ? intval($_POST['network'][$key]['limit']) : 1; $groupids = isset($_POST['network'][$key]['groupid']) ? getdotstring($_POST['network'][$key]['groupid'], 'int') : ''; switch ($key) { case 'space': $uids = getdotstring($_POST['network'][$key]['uid'], 'int'); if ($uids) { $wherearr[] = 'uid IN (' . $uids . ')'; }
if ($avatar_exists) { if (!$space['avatar']) { //奖励积分 $reward = getreward('setavatar', 0); $credit = $reward['credit']; $experience = $reward['experience']; if ($credit) { $setarr['credit'] = "credit=credit+{$credit}"; } if ($experience) { $setarr['experience'] = "experience=experience+{$experience}"; } $setarr['avatar'] = 'avatar=1'; $setarr['updatetime'] = "updatetime={$_SGLOBAL['timestamp']}"; } } else { if ($space['avatar']) { $setarr['avatar'] = 'avatar=0'; } } if ($setarr) { $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET " . implode(',', $setarr) . " WHERE uid='{$space['uid']}'"); } if (empty($_POST['refer'])) { $_POST['refer'] = 'space.php?do=home'; } realname_get(); showmessage('login_success', $app ? "userapp.php?id={$app}" : $_POST['refer'], 0, array($ucsynlogin)); $membername = empty($_SCOOKIE['loginuser']) ? '' : sstripslashes($_SCOOKIE['loginuser']); $cookiecheck = ' checked'; include template('do_login');
} else { $authorarr[0] = $tmpauthorrule; } } if (preg_match("/\\[author\\]/", $_POST['authorrule'])) { $infoarr = array('code' => $authorarr[0], 'url' => $newurlarr[0], 'rule' => $_POST['authorrule'], 'source' => $messagemsgtext); printruledebug($infoarr); } else { showprogress($alang['robot_debug_authorrule_1'], 1); showprogress(shtmlspecialchars($authorarr[0])); } //$authorarr[0] 识别出来的作者 } //发布者UID if ($_POST['debugprocess'] == 'uidrule') { $_POST['uidrule'] = !empty($_POST['uidrule']) ? sstripslashes(trim($_POST['uidrule'])) : ''; if (empty($_POST['uidrule'])) { showprogress($alang['robot_debug_uidrule_0'], 1); exit; } $uidarr = array(); $tmpuidrule = explode('|', $_POST['uidrule']); $tmpuidrule = strim($tmpuidrule); if (is_array($tmpuidrule)) { foreach ($tmpuidrule as $tmpkey => $tmpvalue) { if (empty($tmpvalue)) { unset($tmpuidrule[$tmpkey]); } } $tmprand = 0; $tmprand = rand(0, count($tmpuidrule) - 1);
function newMediaObject($uid, $username, $password, $mediaobject = array()) { global $_SGLOBAL, $space; $fileext = fileext($mediaobject['name']); if (!in_array($fileext, array('jpg', 'gif', 'png'))) { $this->sendFault(500, 'You should choose image file to upload.'); } $this->authUser($username, $password); include_once S_ROOT . './source/function_cp.php'; $struct = array(); if ($stream_save = stream_save(sstripslashes($mediaobject['bits']), '0', $fileext)) { $struct['url'] = pic_get($stream_save['filepath'], $stream_save['thumb'], $stream_save['remote'], 0); } else { $this->sendFault(500, 'Sorry, your image could not be uploaded. Something wrong happened.'); } if (!preg_match("/^(http\\:\\/\\/|\\/)/i", $struct['url'])) { $struct['url'] = $this->siteUrl . $struct['url']; } return $struct; }
//µÚÒ»´Î $doingnum = getcount('doing', array('uid' => $space['uid'])); $setarr['doingnum'] = "doingnum='{$doingnum}'"; } else { $setarr['doingnum'] = "doingnum=doingnum+1"; } } $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET " . implode(',', $setarr) . " WHERE uid='{$_SGLOBAL['supe_uid']}'"); $title_template = cplang(cplang('feed_doing_title')); $title_data = saddslashes(serialize(sstripslashes(array('message' => $message)))); $body_template = $body_data = ''; if ($complainOK) { $title_template = cplang(cplang('feed_complain')); $title_data = ''; $body_template = '{message}'; $body_data = saddslashes(serialize(sstripslashes(array('message' => $message)))); } //ʼþfeed if ($add_doing) { $ip = getonlineip(); $ip_detail = getIpDetails(); $lon = $ip_detail['latitude']; $lat = $ip_detail['longitude']; $pos = "http://lbs.juhe.cn/api/getaddressbylngb?lngx=" . $lat . "&lngy=" . $lon; $opts = array('http' => array('method' => 'GET', 'time' => 1)); $context = stream_context_create($opts); $res = file_get_contents($pos, false, $context); $res = json_decode($res, 1); $address = $res['row']['result']['formatted_address']; if ($picid && $filepath) { $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => $title_template, 'title_data' => $title_data, 'body_template' => $body_template, 'body_data' => $body_data, 'id' => $newdoid, 'idtype' => 'doid', 'fromdevice' => 'web', 'image_1' => pic_get($filepath, 1, 0), 'image_1_link' => "space.php?uid={$_SGLOBAL['supe_uid']}&do=album&picid={$picid}", 'ip' => $ip, 'address' => $address);