function dodefault() { if (!isset($this->post['submit'])) { $this->view->assign("relatedoc", $this->setting['relateddoc']); $this->view->assign("isrelate", $this->setting['isrelate']); $this->view->display("admin_relation"); exit; } $isrelate = $this->post['isrelate']; $setting = array(); $relatedoc = trim($this->post['relatedoc']); $relatelist = array_unique(explode(';', $relatedoc)); foreach ($relatelist as $relate) { $relate = trim($relate); $relate = string::stripscript($relate); if (empty($relate)) { unset($relate); } else { $relate = string::haddslashes($relate); $relatelists[] = $relate; } } if (count($relatelist) > 10) { $this->message($this->view->lang['relatedtitlemore'], 'index.php?admin_relation'); } $setting['relateddoc'] = implode(";", $relatelists); $setting['isrelate'] = $isrelate; $_ENV['setting']->update_setting($setting); $this->cache->removecache('setting'); $this->message($this->view->lang['relatedtitlesuccess'], 'index.php?admin_relation'); }
function dojs() { if (!isset($this->get['2'])) { $datastr = $this->view->lang['parameterError']; return false; } $datastr = $_ENV['datacall']->call($this->get['2'], 2); if (empty($datastr)) { $datastr = $this->view->lang['noDate']; } header("content-type:text/html; charset=" . WIKI_CHARSET); $datastr = nl2br($datastr); $datastr = str_replace("\n", "", $datastr); $datastr = str_replace("\r", "", $datastr); $datastr = string::haddslashes($datastr, 1); echo "document.write('" . $datastr . "')"; }
function doedittask() { if (isset($this->post['submit'])) { $name = string::haddslashes(htmlspecialchars($this->post['newname'])); $w = intval($this->post['weekday']); $d = intval($this->post['day']); $h = intval($this->post['hour']); $i = intval($this->post['minute']); $id = intval(@$this->post['id']); $_ENV['task']->edit_task($id, $name, $w, $d, $h, $i); $this->message($this->view->lang['taskSuccess'], 'index.php?admin_task'); } else { $id = intval($this->get[2]); $task = $_ENV['task']->get_task($id); $this->view->assign('task', $task); $this->view->display('admin_edittask'); } }
function dosavesynonym() { $destdid = $this->post['destdid']; if (!is_numeric($destdid)) { exit; } $synonyms = array(); foreach ($this->post['srctitles'] as $srctitle) { $srctitle = htmlspecialchars(string::haddslashes(string::hiconv(trim($srctitle)))); if ('' != $srctitle) { $synonyms[] = $srctitle; } } $desttitle = trim($this->post['desttitle']); if (WIKI_CHARSET == 'GBK') { $desttitle = string::hiconv($desttitle); } if (empty($synonyms)) { $_ENV['synonym']->removesynonym($destdid); exit("empty"); } $srctitles = $synonyms; $filter = $_ENV["synonym"]->is_filter($srctitles, $desttitle); if ($filter[0] < 0) { echo $filter[0]; exit; } if (is_array($srctitles) && !empty($desttitle)) { $num = $_ENV['synonym']->savesynonym($destdid, $desttitle, $srctitles); if ($num > 0) { $synonyms_list = $_ENV['synonym']->get_synonym_by_dest($destdid, ''); $str = ''; for ($i = 0; $i < count($synonyms_list); $i++) { $str .= "<a href='index.php?doc-innerlink-" . urlencode($synonyms_list[$i]['srctitle']) . "' name='synonym'> " . $synonyms_list[$i]['srctitle'] . "</a>"; } exit($str); } else { exit('0'); } } else { echo $filter[0]; exit; } }
/** * 检查是否已经安装 */ function init_request() { if (!file_exists(HDWIKI_ROOT . '/data/install.lock')) { header('location:install/install.php'); exit; } header('Content-type: text/html; charset=' . WIKI_CHARSET); $querystring = $_SERVER['QUERY_STRING']; if (strpos($querystring, 'plugin-hdapi-hdapi-default') !== false) { $querystring = str_replace('plugin-hdapi-', '', $querystring); } $pos = strpos($querystring, '.'); if ($pos !== false) { $querystring = substr($querystring, 0, $pos); } $this->get = explode('-', $querystring); if (count($this->get) <= 3 && count($_POST) == 0 && substr($querystring, 0, 6) == 'admin_' && substr($querystring, 0, 10) != 'admin_main') { $this->querystring = $querystring; } if (empty($this->get[0])) { $this->get[0] = 'index'; } if (empty($this->get[1])) { $this->get[1] = 'default'; } if (count($this->get) < 2) { exit(' Access Denied !'); } # unset($_ENV, $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_ENV_VARS); $this->get = string::haddslashes($this->get, 1); $this->post = string::haddslashes($_POST); $_COOKIE = string::haddslashes($_COOKIE); $this->checksecurity(); $remain = array('_SERVER', '_FILES', '_COOKIE', 'GLOBALS', 'starttime', 'mquerynum'); foreach ($GLOBALS as $key => $value) { if (!in_array($key, $remain)) { unset($GLOBALS[$key]); } } }
function doadd() { if (!isset($this->post['submit'])) { $this->view->display('admin_addgift'); } else { $title = htmlspecialchars(string::haddslashes(string::hiconv(trim($this->post['title'])))); $credit = trim($this->post['credit']); $description = htmlspecialchars(string::haddslashes(string::hiconv(trim($this->post['description'])))); $imgname = $_FILES['giftfile']['name']; $extname = file::extname($imgname); $destfile = 'uploads/gift/' . util::random(8) . '.' . $extname; $uploadreturn = file::uploadfile($_FILES['giftfile'], $destfile); util::image_compress($destfile, '', 500, 500, ''); $iamge = util::image_compress($destfile, '', 106, 106, '_s'); $destfile = $iamge['tempurl']; if ($uploadreturn['result'] === false) { $this->message($uploadreturn['msg'], 'index.php?admin_gift-search'); } $_ENV['gift']->add($title, $destfile, $credit, $description); $this->message($this->view->lang['usermanageOptSuccess'], 'index.php?admin_gift-search'); } }
function recover($data) { $data = string::haddslashes($data, 1); $this->db->query("INSERT INTO " . DB_TABLEPRE . "user (uid,username,password,email,gender,credit2,credit1,birthday,image,location,regip,regtime,lastip,lasttime,groupid,timeoffset,style,language,signature,creates,edits,views,checkup) \r\n\t\t\t\t\tVALUES ('" . $data['uid'] . "','" . $data['username'] . "','" . $data['password'] . "','" . $data['email'] . "','" . $data['gender'] . "','" . $data['credits'] . "','" . $data['credit1'] . "','" . $data['birthday'] . "','" . $data['image'] . "','" . $data['location'] . "','" . $data['regip'] . "','" . $data['regtime'] . "','" . $data['lastip'] . "','" . $data['lasttime'] . "','" . $data['groupid'] . "','" . $data['timeoffset'] . "','" . $data['style'] . "','" . $data['language'] . "','" . $data['signature'] . "','" . $data['creates'] . "','" . $data['edits'] . "','" . $data['views'] . "','" . $data['checkup'] . "')"); }
function recover($data) { $data = string::haddslashes($data, 1); $this->db->query("INSERT INTO " . DB_TABLEPRE . "attachment (id,did,time,filename,description,filetype,filesize,attachment,downloads,isimage,uid,state,focus) \r\n\t\t\t\t\tVALUES ('" . $data['id'] . "','" . $data['did'] . "','" . $data['time'] . "','" . $data['filename'] . "','" . $data['description'] . "','" . $data['filetype'] . "','" . $data['filesize'] . "','" . $data['attachment'] . "','" . $data['downloads'] . "','" . $data['isimage'] . "','" . $data['uid'] . "','" . $data['state'] . "','" . $data['focus'] . "')"); }
function dosearch() { $num = 16; $page = isset($this->get[3]) ? $this->get[3] : ''; if (empty($page) || !is_numeric($page)) { $page = 1; //下面的search_time代码只有在此时执行。 $search_time = isset($this->setting['search_time']) ? $this->setting['search_time'] : 30; if ('' != $this->hgetcookie('searchtime') && $search_time > $this->time - $this->hgetcookie('searchtime')) { $this->message($this->view->lang['search_time_error1'] . $search_time . $this->view->lang['search_time_error2'], "BACK", 0); } else { $this->hsetcookie('searchtime', $this->time, 24 * 3600 * 365); } } $searchtext = isset($this->post['searchtext']) ? $this->post['searchtext'] : string::haddslashes(urldecode($this->get[2]), 1); $searchtext = string::hiconv(trim($searchtext)); if (empty($searchtext)) { $this->message($this->view->lang['pic_no_title'], 'BACK', 0); } $start_limit = ($page - 1) * $num; $count = $_ENV['pic']->search_pic_num($searchtext); $piclist = $_ENV['pic']->search_pic($searchtext, $start_limit, $num); if (empty($piclist)) { $this->message($this->view->lang['cannotFindPic'], 'BACK', 0); } if ('gbk' == strtolower(WIKI_CHARSET)) { $searchtexts = string::hiconv($searchtext, 'utf-8', 'gbk'); } $url = $this->setting['seo_prefix'] ? "pic-search-" . urlencode($searchtext) : "index.php?pic-search-" . urlencode($searchtext); $departstr = $this->multi($count, $num, $page, $url); $this->view->assign("leftpic", array_shift($piclist)); $this->view->assign("piclist", $piclist); $this->view->assign('departstr', $departstr); $this->view->assign('count', $count); $this->view->assign('navtitle', $searchtext . $this->view->lang['pic_search']); $this->view->assign('searchtext', $searchtext); //$this->view->display('searchpic'); $_ENV['block']->view('searchpic'); }
function editionconvert($type, $number) { if ($type == 'txt') { $changenum = 100; $maxeid = $this->db->result_first("SELECT MAX(eid) FROM " . DB_TABLEPRE . "edition WHERE 1"); if ($maxeid < $number - $changenum) { return true; } $query = $this->db->query("SELECT eid,content FROM " . DB_TABLEPRE . "edition WHERE eid >({$number}-{$changenum}) AND eid <= {$number}"); while ($edition = $this->db->fetch_array($query)) { if ($edition['content']) { $path = 'data/edition/' . ceil($edition['eid'] / $changenum) * $changenum; file::forcemkdir($path); file::writetofile($path . "/" . $edition['eid'] . ".txt", $edition['content']); } } $this->db->query("UPDATE " . DB_TABLEPRE . "edition SET content='' WHERE eid >({$number}-{$changenum}) AND eid <= {$number}"); } else { $dirlist = array(); if ($handle = opendir('data/edition')) { while (false !== ($dir = readdir($handle))) { $dirlist[] = $dir; } closedir($handle); } $maxeid = @max($dirlist); if ($number > $maxeid) { return true; } $path = "data/edition/{$number}"; $files = file::get_file_by_ext($path, array('txt')); foreach ((array) $files as $file) { $eid = substr($file, 0, -4); $filename = $path . "/" . $file; $content = string::haddslashes(file::readfromfile($filename), 1); if ($content) { $this->db->query("UPDATE " . DB_TABLEPRE . "edition SET content='{$content}' WHERE eid={$eid}"); @unlink($filename); } } } return false; }
function check_visitrate() { if ($this->_check_ip_exception()) { // 如果IP存在于IP例外数组,则不判断,直接返回 return true; } else { // 否则判断访问频率 if (isset($this->base->setting['visitrate'])) { $vr_setting = unserialize($this->base->setting['visitrate']); } else { return true; } $ua = isset($_SERVER['HTTP_USER_AGENT']) ? string::haddslashes(substr($_SERVER['HTTP_USER_AGENT'], 0, 255)) : ''; $time_start = $this->base->time - $vr_setting['duration']; $this->db->query("DELETE FROM " . DB_TABLEPRE . "visitlist WHERE `time` <= {$time_start}"); $count = $this->db->fetch_total("visitlist", "`time` > {$time_start} AND `ip` = '{$this->base->ip}' AND `useragent` = '{$ua}'"); if ($count > $vr_setting['pages']) { $this->base->load('banned'); $userip = explode(".", $this->base->ip); $ban_expiration = $vr_setting['ban_time'] > 0 ? 3600 * $vr_setting['ban_time'] : 3600; $this->db->query("INSERT INTO `" . DB_TABLEPRE . "banned` (`ip1`,`ip2`,`ip3`,`ip4`,`admin`,`time`,`expiration`) VALUES \r\n\t\t\t\t\t('{$userip[0]}', '{$userip[1]}', '{$userip[2]}', '{$userip[3]}', 'SYSTEM', '{$this->base->time}', '{$ban_expiration}')"); $_ENV['banned']->updatebannedip(); return false; } else { $this->db->query("INSERT INTO " . DB_TABLEPRE . "visitlist (`ip`,`useragent`,`time`) values ('{$this->base->ip}', '{$ua}', '{$this->base->time}')"); return true; } } }
function copy_edition($eid) { $edition = $this->get_edition($eid); if (!is_array($edition)) { return false; } $edition['tags'] = $data['tag']; $edition['time'] = $this->base->time; $edition['visible'] = $this->base->setting['verify_doc'] ? '0' : '1'; $this->edit_doc(string::haddslashes($edition, 1)); return true; }
function hdgetcat() { $evaljs = ''; $did = intval($this->post['did']); $cats = $_ENV['doc']->get_cids_by_did($did); if ($cats) { foreach ($cats as $cat) { $cat['name'] = string::haddslashes($cat['name'], 1); $evaljs .= "catevalue.scids.push(" . $cat['cid'] . ");catevalue.scnames.push('" . string::haddslashes($cat['name']) . "');"; } } $this->message($evaljs, '', 2); }
function editsql($datacall) { if (empty($datacall)) { return false; } else { $datacall['desc'] = !trim($datacall['desc']) ? $this->base->view->lang['sqlcall'] : trim($datacall['desc']); $datacall['desc'] = string::substring($datacall['desc'], 0, 80); $datacall['param']['tplcode'] = !trim($datacall['param']['tplcode']) ? '' : trim($datacall['param']['tplcode']); $datacall['param']['empty_tplcode'] = !trim($datacall['param']['empty_tplcode']) ? '' : trim($datacall['param']['empty_tplcode']); $param_str = string::haddslashes(serialize(string::hstripslashes($datacall['param'])), 1); $classname = 'sql'; $function = 'sql'; $type = 'sql'; if (isset($datacall['editflag'])) { $sql = "UPDATE `" . DB_TABLEPRE . "datacall` SET "; $sql .= "`name`='" . $datacall['name'] . "',`category`='" . $datacall['category'] . "', `classname`='" . $classname . "', `function`='" . $function . "', `desc`='" . $datacall['desc'] . "', `param`='" . $param_str . "', `cachetime`='" . $datacall['cachetime'] . "'"; $sql .= " WHERE `id`='" . $datacall['id'] . "'"; } else { $sql = 'INSERT INTO ' . DB_TABLEPRE . 'datacall (`name`,`type`, `category`, `classname`, `function`, `desc`, `param`, `cachetime`) '; $sql .= " SELECT '" . $datacall['name'] . "','" . $type . "','" . $datacall['category'] . "','" . $classname . "','" . $function . "', "; $sql .= "'" . $datacall['desc'] . "', '" . $param_str . "', '" . $datacall['cachetime'] . "'"; $sql .= " FROM dual WHERE not exists (SELECT * FROM " . DB_TABLEPRE . "datacall WHERE name= '" . $datacall['name'] . "' )"; } return $this->db->query($sql); } }
function dofulltext() { if (!$this->get[3] && !$this->get[10]) { if (1 == $this->setting['cloud_search']) { // 云搜索开启后,关闭本地搜索 $this->header(); } $all_category = $_ENV['category']->get_category_cache(); $categorytree = $_ENV['category']->get_categrory_tree($all_category); $this->view->assign("categorytree", $categorytree); $_ENV['block']->view('search'); } else { $page = isset($this->get[11]) ? $this->get[11] : ''; if (empty($page) || !is_numeric($page)) { $page = 1; // 指定时间内只能进行一次搜索 $search_time = isset($this->setting['search_time']) ? $this->setting['search_time'] : 30; if ('' != $this->hgetcookie('searchtime') && $search_time > $this->time - $this->hgetcookie('searchtime')) { $this->message($this->view->lang['search_time_error1'] . $search_time . $this->view->lang['search_time_error2'], "BACK", 0); } else { $this->hsetcookie('searchtime', $this->time, 24 * 3600 * 365); } } // 获得搜索类型和搜索关键字 $element['searchtype'] = $this->get[2]; // tag or title $element['keyword'] = isset($this->get[3]) ? string::haddslashes(str_replace(array('-', '.'), array('-', '.'), rawurldecode($this->get[3]))) : ''; // 自动转码,将编码变为当前设置编码 //$element['keyword']= string::hiconv(trim($element['keyword'])); //$element['keyword']=string::haddslashes($element['keyword'],1); $author = isset($this->get[4]) ? string::haddslashes(urldecode($this->get[4])) : ''; $element['author'] = $author ? str_replace('*', '%', $author) : ''; $element['categoryid'] = isset($this->get[5]) ? explode(",", $this->get[5]) : 'all'; $element['timelimited'] = isset($this->get[6]) ? $this->get[6] : 0; $element['withinbefore'] = isset($this->get[7]) ? $this->get[7] : 'within'; $element['ordertype'] = isset($this->get[8]) ? $this->get[8] : 'time'; $element['ascdesc'] = isset($this->get[9]) ? $this->get[9] : 'desc'; if (!(bool) $element['keyword']) { $this->message($this->view->lang['searchKeywordNull'], "BACK", 0); } elseif (strtoupper(substr($element['keyword'], 0, 4)) == 'TAG:' && strlen($element['keyword']) > 4) { $element['keyword'] = substr($element['keyword'], 4); $element['searchtype'] = 'tag'; } if ($element['searchtype'] != "title" && $element['searchtype'] != "tag" && $element['searchtype'] != "content") { $element['searchtype'] = "title"; } if ($element['categoryid'] != "all" && !preg_match("/^\\d[\\d\\,]*?\$/i", implode(",", $element['categoryid']))) { $element['categoryid'][0] = "all"; } if (!is_numeric($element['timelimited'])) { $element['timelimited'] = 0; } if ($element['withinbefore'] != "within" && $element['timelimited'] != "before") { $element['timelimited'] = "within"; } if ($element['ordertype'] != "time" && $element['ordertype'] != "comments" && $element['ordertype'] != "views") { $element['ordertype'] = "time"; } if ($element['ascdesc'] != "asc" && $element['ascdesc'] != "desc") { $element['ascdesc'] = "desc"; } // 初始化云搜索 $cloudsearch = 0; if (1 == $this->setting['cloud_search']) { //最后一次云搜索异常时间 $cloud_search_last_time = $this->hgetcookie('lasttime'); // 异常时,关闭云搜索的时间,默认关闭30秒 $cloud_search_close_time = isset($this->setting['cloud_search_close_time']) ? $this->setting['cloud_search_close_time'] : 30; if (empty($cloud_search_last_time) || $this->time - $cloud_search_last_time > $cloud_search_close_time) { $cloudsearch = 1; // 云搜索 $iframesrc = $_ENV['search']->cloud_search($element['keyword']); $this->view->assign('iframesrc', $iframesrc); if (!$iframesrc || 2 > strlen($iframesrc)) { // 显示超时信息 // 云搜索超时 // 设置暂时关闭云搜索 $this->hsetcookie('lasttime', $this->time, $cloud_search_last_time); $cloudsearch = 0; } } } if (0 == $cloudsearch) { $result = $_ENV['search']->join_sql($element); $count = $_ENV['search']->get_total_num($result['dsql']); $count = $count <= 500 ? $count : 500; // 最多500条记录 $num = isset($this->setting['list_prepage']) ? $this->setting['list_prepage'] : 20; $start_limit = ($page - 1) * $num; $list = $_ENV['search']->fulltext_search($result['sql'], $start_limit, $num); $keyword_for_view = str_replace("|", "\\|", $element['keyword']); foreach ($list as $key => $value) { $list[$key]['title'] = preg_replace("|({$keyword_for_view})|i", "<span style='color:red'>\$1</span>", $value['title']); } $url = "search-fulltext-{$element['searchtype']}-" . str_replace(array('-', '.'), array('-', '.'), rawurlencode($element[keyword])) . "-" . urlencode($element[author]) . "-" . implode(',', $element[categoryid]) . "-{$element['timelimited']}-{$element['withinbefore']}-{$element['ordertype']}-{$element['ascdesc']}-1"; $url = isset($this->setting['seo_prefix']) ? $url : "index.php?" . $url; $departstr = $this->multi($count, $num, $page, $url); $allcategory = $_ENV['category']->get_category_cache(); $categorylist = $_ENV['category']->get_site_category(0, $allcategory); } $searchtext = stripslashes($element['searchtype'] == "tag" ? "TAG:" . stripslashes($element['keyword']) : stripslashes($element['keyword'])); // 标题搜索,查找同义词,并给出提示 if ($element['searchtype'] == "title") { // 查找同义词 $synonym = $_ENV['synonym']->get_synonym_by_src($element['keyword']); if ($synonym) { //header('Location:index.php?doc-innerlink-'.urlencode($synonym['srctitle'])); $synonym['linktitle'] = rawurlencode($synonym['srctitle']); $this->view->assign("synonym", $synonym); //exit; } else { //创建词条提示 $docexit = $this->db->fetch_by_field('doc', 'title', $element['keyword']); if (!$docexit) { $this->view->assign("docnoexit", 1); } } } $title = htmlspecialchars(stripslashes($element['keyword'])); $this->view->assign("title", $title); $this->view->assign("keyword", rawurlencode($element['keyword'])); $this->view->assign("searchword", urlencode(string::hiconv($title, 'utf-8'))); $this->view->assign("search_tip_switch", $this->setting['search_tip_switch']); $this->view->assign('cloudsearch', $cloudsearch); $this->view->assign('categorylist', $categorylist); $this->view->assign("searchtext", $searchtext); $this->view->assign("list", $list); $this->view->assign("count", $count); $this->view->assign('navtitle', $this->view->lang['search'] . '-' . stripslashes(stripslashes($element['keyword']))); $this->view->assign("departstr", $departstr); //$this->view->display("searchresult"); $_ENV['block']->view('searchresult'); } }
function recover($eids) { set_time_limit(0); $return = array(); $models = array('doc' => array('model' => 'doc', 'function' => 'recover'), 'edition' => array('model' => 'doc', 'function' => 'recover_edition'), 'user' => array('model' => 'user', 'function' => 'recover'), 'category' => array('model' => 'category', 'function' => 'recover'), 'attachment' => array('model' => 'attachment', 'function' => 'recover'), 'comment' => array('model' => 'comment', 'function' => 'recover'), 'gift' => array('model' => 'gift', 'function' => 'recover')); $query = $this->db->query("SELECT id,type,keyword,content FROM " . DB_TABLEPRE . "recycle WHERE id IN ({$eids}) "); $deleids = ''; // 最终要从回收站删除的数据ID $dids = ''; $statu = "0"; $titles = array(); //词条 while ($recycle = $this->db->fetch_array($query)) { $content = unserialize($recycle['content']); if ($models[$recycle['type']]['model'] == 'doc') { // 判断词条是否已经存在 $content['doc'][0]['title'] = string::haddslashes($content['doc'][0]['title']); $data = $this->db->fetch_by_field('doc', 'title', $content['doc'][0]['title']); if ((bool) $data) { $return['doc'][]['title'] = $content['doc'][0]['title']; continue; } else { $dids .= $content['doc'][0]['did'] . ','; } } $this->base->load($models[$recycle['type']]['model']); if ($models[$recycle['type']]['model'] == 'user') { // 判断用户是否存在 $user = $_ENV[$models[$recycle['type']]['model']]->get_user('username', $content['username']); if (!empty($user)) { $return['user'][]['username'] = $content['username']; continue; } else { $user = $_ENV[$models[$recycle['type']]['model']]->get_user('email', $content['email']); if (!empty($user)) { $return['user'][]['email'] = $content['email']; continue; } } } $deleids .= $recycle['id'] . ','; // 去掉了不要被删除的ID // 在相应表中插入相应数据 $_ENV[$models[$recycle['type']]['model']]->{$models}[$recycle['type']]['function']($content); if ($recycle['type'] == 'doc') { $titles[addslashes($recycle['keyword'])] = $content['doc'][0]['did']; } } if (!empty($dids) && 1 == $this->base->setting['cloud_search']) { // 恢复词条 通知云搜索 $dids = trim($dids, ','); $_ENV['search']->cloud_change(array('dids' => $dids, 'mode' => '3')); } $deleids = trim($deleids, ','); if (!empty($deleids)) { $this->db->query("DELETE FROM " . DB_TABLEPRE . "recycle where id IN ({$deleids})"); } if (!empty($titles)) { foreach ($titles as $title => $titleid) { $this->db->query("update " . DB_TABLEPRE . "innerlinkcache set titleid='{$titleid}' where title='{$title}'"); } } return $return; }
function recover($data) { $data = string::haddslashes($data, 1); $this->db->query("INSERT INTO " . DB_TABLEPRE . "comment (id,did,comment,reply,author,authorid,oppose,aegis,time) \r\n\t\t\t\t\tVALUES ('" . $data['id'] . "','" . $data['did'] . "','" . $data['comment'] . "','" . $data['reply'] . "','" . $data['author'] . "','" . $data['authorid'] . "','" . $data['oppose'] . "','" . $data['aegis'] . "','" . $data['time'] . "')"); }
function is_filter($srctitles, $desttitle = '', $type = false) { foreach ($srctitles as $srctitle) { if ($srctitle === $desttitle) { return array(-2, $srctitle); } if ($_ENV['doc']->have_danger_word($srctitle)) { return array(-3, $srctitle); } if (!empty($desttitle)) { if ($type) { if ($synonym = $this->get_synonym_by_dest('', $desttitle)) { return array(-4, $desttitle); } } if ($synonym = $this->get_synonym_by_src($srctitle)) { if (string::haddslashes($synonym['desttitle'], 1) != $desttitle) { return array(-5, $srctitle, $synonym['desttitle']); } } if ($synonym = $this->get_synonym_by_dest('', $srctitle)) { return array(-6, $srctitle); } } } return array(1, ''); }
function init_user() { $sid = $this->hgetcookie('sid'); //notice error $auth = $this->hgetcookie('auth'); list($uid, $password) = empty($auth) ? array(0, 0) : string::haddslashes(explode("\t", $this->authcode($auth, 'DECODE')), 1); if (!$sid) { $sid = util::random(6); $this->hsetcookie('sid', $sid, 24 * 3600 * 365); } if ($uid) { if ($password == '') { $sql = 'select u.*, g.grouptitle,g.regulars,g.default,g.type,g.creditslower,g.creditshigher,g.stars,g.color,g.groupavatar from ' . DB_TABLEPRE . 'user u,' . DB_TABLEPRE . 'usergroup g where u.uid=' . $uid . ' and g.groupid=1'; } else { $sql = 'select u.*, g.* from ' . DB_TABLEPRE . 'user u,' . DB_TABLEPRE . 'usergroup g where u.uid=' . $uid . ' and u.groupid=g.groupid'; } $user = $this->db->fetch_first($sql); if ($password == $user['password']) { $this->user = $user; UC_OPEN && $_ENV['ucenter']->avatar(); } } if (!(bool) $this->user) { $this->user = $this->db->fetch_first('select * from ' . DB_TABLEPRE . 'usergroup where groupid=1'); $this->user['uid'] = 0; } $this->user['sid'] = $sid; }
function recover($data) { $data = string::haddslashes($data, 1); $this->db->query("INSERT INTO " . DB_TABLEPRE . "gift (id,title,image,credit,description,time,available) \r\n\t\t\t\t\tVALUES ('" . $data['id'] . "','" . $data['title'] . "','" . $data['image'] . "','" . $data['credit'] . "','" . $data['description'] . "','" . $data['time'] . "','" . $data['available'] . "')"); }
function dodefault() { if (isset($this->post['submit'])) { $ids = isset($this->post['word_id']) ? $this->post['word_id'] : ''; $wordids = $this->post['upword_id']; $find = $this->post['find']; $replacement = $this->post['replacement']; $newfind = string::haddslashes(htmlspecialchars($this->post['newfind'])); $muliword = string::haddslashes(htmlspecialchars($this->post['muliword'])); $newreplacement = string::substring(string::haddslashes(htmlspecialchars($this->post['newreplacement'])), 0, 18); $words = NULL; if (is_array($wordids)) { foreach ($wordids as $id => $wordid) { $find[$id] = string::substring($find[$id], 0, 18); $replacement[$id] = string::substring($replacement[$id], 0, 18); $words[] = array('id' => $wordid, 'find' => $find[$id], 'replacement' => $replacement[$id]); } } if ($ids) { $_ENV['word']->del_words($ids); } if ($words) { $_ENV['word']->edit_words($words, $this->user['username']); } $havebannedwords = array(); $cachewords = $this->cache->getcache('word'); if ($cachewords) { foreach ($cachewords as $cachekey => $cacheword) { $havebannedwords[] = $cachekey; } } $alluploadwords = array(); if ($newfind) { $alluploadwords[] = str_replace(',', ',', $newfind); } if ($muliword) { $textwords = explode(',', str_replace(',', ',', $muliword)); $alluploadwords = array_merge($alluploadwords, $textwords); } if (!empty($_FILES['file_path']['name'])) { $allowexts = array('txt', 'csv'); $ext = substr($_FILES['file_path']['name'], strrpos($_FILES['file_path']['name'], '.') + 1); if (!in_array($ext, $allowexts)) { $this->message($this->view->lang['allowext'], 'index.php?admin_word'); } $alluploadwords = $_ENV['word']->filewords($alluploadwords, $this->setting['attachment_size']); } if ($alluploadwords) { array_walk($alluploadwords, create_function('&$v, $k', '$v = string::substring($v, 0, 18);')); $alluploadwords = array_diff($alluploadwords, $havebannedwords); $alluploadwords = array_unique($alluploadwords); $alluploadwords = array_values($alluploadwords); $_ENV['word']->add_word($alluploadwords, $newreplacement, $this->user['username']); } $this->message($this->view->lang['usermanageOptSuccess'], 'index.php?admin_word'); } else { $page = max(1, intval($this->get[2])); $num = isset($this->setting['list_prepage']) ? $this->setting['list_prepage'] : 20; $start_limit = ($page - 1) * $num; $allnum = $_ENV['word']->get_word_num(); $words = $_ENV['word']->get_word_list($start_limit, $num); $departstr = $this->multi($allnum, $num, $page, 'admin_word-default'); $this->view->assign('departstr', $departstr); $this->view->assign("docsum", $allnum); $this->view->assign('words', $words); $this->view->display('admin_word'); } }
function get_catitem($catid, $cats) { $content = ''; foreach ($cats as $cat) { $catname = htmlspecialchars($cat['name']); $navname = htmlspecialchars(string::haddslashes($catname, 1)); $style = $catid == 0 ? 'style="display:none;"' : ''; $img = $this->get_subcate($cat['cid']) ? '<input onclick="javascript:catevalue.ajax(' . $cat['cid'] . ')" type="image" src="style/default/sign_next.gif"/>' : ''; $content .= '<dd ' . $style . '><label><input type="checkbox" id=' . $cat['cid'] . ' name=' . $catname . ' onclick="javascript:catevalue.cateOk(' . $cat['cid'] . ',\'' . $navname . '\',this.checked)"/>' . $catname . '</label>' . $img . '</dd>'; } return $content; }