function wap_check($fid, $action) { global $db, $groupid, $_G, $_time, $db_titlemax, $db_postmin, $db_postmax, $subject, $content; $subject = trim($subject); $content = trim($content); if ($action == 'new' && (!$subject || strlen($subject) > $db_titlemax)) { wap_msg('subject_limit'); } if (strlen($content) >= $db_postmax || strlen($content) < $db_postmin) { wap_msg('content_limit'); } $fm = $db->get_one("SELECT f.forumadmin,f.fupadmin,f.password,f.allowvisit,f.f_type,f.f_check,f.allowpost,f.allowrp,fe.forumset FROM pw_forums f LEFT JOIN pw_forumsextra fe USING(fid) WHERE f.fid=" . pwEscape($fid)); $forumset = unserialize($fm['forumset']); if (!$fm || $fm['password'] != '' || $fm['f_type'] == 'hidden' || $fm['allowvisit'] && @strpos($fm['allowvisit'], ",{$groupid},") === false) { wap_msg('post_right'); } if ($action == 'new') { $isGM = CkInArray($GLOBALS['windid'], $GLOBALS['manager']); $isBM = admincheck($fm['forumadmin'], $fm['fupadmin'], $GLOBALS['windid']); if ($fm['f_check'] == '1' || $fm['f_check'] == '3') { wap_msg('post_right'); } if ($fm['allowpost'] && strpos($fm['allowpost'], ",{$groupid},") === false) { wap_msg('post_right'); } if (!$fm['allowpost'] && $_G['allowpost'] == 0) { wap_msg('post_group'); } if ($forumset['allowtime'] && !$isGM && !allowcheck($forumset['allowtime'], "{$_time['hours']}", '') && !pwRights($isBM, 'allowtime')) { wap_msg('post_right'); } } elseif ($action == 'reply') { if ($fm['f_check'] == '2' || $fm['f_check'] == '3') { wap_msg('reply_right'); } if ($fm['allowrp'] && strpos($fm['allowrp'], ",{$groupid},") === false) { wap_msg('reply_right'); } if (!$fm['allowrp'] && $_G['allowrp'] == 0) { wap_msg('reply_group'); } } }
<?php !defined('P_W') && exit('Forbidden'); !$winduid && Showmsg('undefined_action'); require_once R_P . 'require/forum.php'; S::gp(array('ifmsg', 'type')); $rt = $db->get_one('SELECT r.*,t.fid,t.author,t.authorid,t.postdate,t.fid,t.subject,t.ptable,t.special,t.state,f.forumadmin,f.fupadmin FROM pw_reward r LEFT JOIN pw_threads t ON r.tid=t.tid LEFT JOIN pw_forums f ON t.fid=f.fid WHERE r.tid=' . S::sqlEscape($tid)); if (empty($rt) || $rt['special'] != 3 || $rt['state'] != 0) { Showmsg('illegal_tid'); } $fid = $rt['fid']; $authorid = $rt['authorid']; $author = $rt['author']; $pw_posts = GetPtable($rt['ptable']); if ($groupid != '3' && $groupid != '4' && !admincheck($rt['forumadmin'], $rt['fupadmin'], $windid)) { Showmsg('mawhole_right'); } if (empty($_POST['step'])) { require_once R_P . 'require/header.php'; require_once PrintEot('reward'); footer(); } else { PostCheck(); require_once R_P . 'require/credit.php'; //* include_once pwCache::getPath(D_P . 'data/bbscache/forum_cache.php'); pwCache::getData(D_P . 'data/bbscache/forum_cache.php'); if ($type == '1') { //$db->update("UPDATE pw_threads SET state='2' WHERE tid=" . S::sqlEscape($tid)); pwQuery::update('pw_threads', 'tid=:tid', array($tid), array('state' => 2)); $credit->addLog('reward_return', array($rt['cbtype'] => $rt['cbval'] * 2), array('uid' => $authorid, 'username' => $author, 'ip' => $onlineip, 'fname' => $forum[$fid]['name'])); $credit->set($authorid, $rt['cbtype'], $rt['cbval'] * 2);
function checkpass($CK) { Add_S($CK); global $db, $manager, $db_ifsafecv, $db_gdcheck; if ($_POST['Login_f'] == 1 && $db_gdcheck & 32) { GdConfirm($_POST['lg_num']); } if (CkInArray($CK[1], $manager)) { global $manager_pwd; $v_key = array_search($CK[1], $manager); if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) { $rt = $db->get_one("SELECT uid,username,groupid,groups,password,safecv FROM pw_members WHERE username="******"SELECT m.uid,m.username,m.groupid,m.groups,m.password,m.safecv,m.groupid,u.gptype,p.rvalue as allowadmincp FROM pw_members m LEFT JOIN pw_usergroups u ON u.gid=m.groupid LEFT JOIN pw_permission p ON p.uid='0' AND p.fid='0' AND p.gid=m.groupid AND p.rkey='allowadmincp' WHERE m.username=" . pwEscape($CK[1])); if (!$rt['allowadmincp'] || $rt['gptype'] != 'system' && $rt['gptype'] != 'special' || $db_ifsafecv && $rt['safecv'] != $CK['3']) { return false; } if (!SafeCheck($CK, PwdCode($rt['password'])) || !admincheck($rt['uid'], $CK[1], $rt['groupid'], $rt['groups'], 'check')) { return false; } $rightset = $db->get_value('SELECT value FROM pw_adminset WHERE gid=' . pwEscape($rt['groupid'])); if ($rightset) { if (!is_array($rightset = unserialize($rightset))) { $rightset = array(); } } else { $rightset = array(); } require GetLang('purview'); foreach ($rightset as $key => $value) { $rightset[$key] = isset($purview[$key]) && $rightset[$key] == 1 ? 1 : 0; } $rightset['gid'] = $rt['groupid']; } return $rightset; }
$groups = explode(",", $members); $groups = array_unique($groups); $uids = $memberdb = array(); foreach ($groups as $value) { if ($value) { $member = $userService->getByUserName($value); if (!$member['uid']) { $errorname = $value; adminmsg('user_not_exists'); } elseif ($member['groupid'] != '-1') { adminmsg('member_only'); } $uids[] = $member['uid']; $memberdb[] = $member; } } !$uids && adminmsg('operate_fail'); $gids = array(); $query = $db->query("SELECT gid FROM pw_usergroups WHERE gptype IN ('system','special','default') AND gid NOT IN (1,2,5)"); while ($rt = $db->fetch_array($query)) { $gids[] = $rt['gid']; } if (in_array($gid, $gids)) { foreach ($memberdb as $member) { admincheck($member['uid'], $member['username'], $gid, $member['groups'], 'update'); } } $uids && $userService->updates($uids, array('groupid' => $gid)); adminmsg('operate_success'); } }
function delforum($fid) { global $db, $db_guestdir, $db_guestthread, $db_guestread; $foruminfo = $db->get_one("SELECT fid,fup,forumadmin FROM pw_forums WHERE fid=" . S::sqlEscape($fid)); //$db->update("DELETE FROM pw_forums WHERE fid=".S::sqlEscape($fid)); pwQuery::delete('pw_forums', 'fid=:fid', array($fid)); //* $db->update("DELETE FROM pw_forumdata WHERE fid=".S::sqlEscape($fid)); pwQuery::delete('pw_forumdata', 'fid=:fid', array($fid)); $db->update("DELETE FROM pw_forumsextra WHERE fid=" . S::sqlEscape($fid)); $db->update("DELETE FROM pw_permission WHERE fid>'0' AND fid=" . S::sqlEscape($fid)); if ($foruminfo['forumadmin']) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $forumadmin = explode(",", $foruminfo['forumadmin']); foreach ($forumadmin as $key => $value) { if ($value) { $gid = $userService->getByUserName($value); if ($gid['groupid'] == 5 && !ifadmin($value)) { $userService->update($gid['uid'], array('groupid' => -1)); admincheck($gid['uid'], $value, $gid['groupid'], '', 'delete'); } } } } if ($db_guestthread || $db_guestread) { require_once R_P . 'require/guestfunc.php'; $db_guestthread && deldir(D_P . "{$db_guestdir}/T_{$fid}"); } //* P_unlink(D_P."data/forums/fid_{$fid}.php"); pwCache::deleteData(D_P . "data/forums/fid_{$fid}.php"); require_once R_P . 'require/functions.php'; require_once R_P . 'require/updateforum.php'; $pw_attachs = L::loadDB('attachs', 'forum'); $ttable_a = $ptable_a = array(); $query = $db->query("SELECT tid,replies,ptable FROM pw_threads WHERE fid=" . S::sqlEscape($fid)); while ($tpc = $db->fetch_array($query)) { $tid = $tpc['tid']; $ttable_a[GetTtable($tid)][] = $tid; $ptable_a[$tpc['ptable']] = 1; $db_guestread && clearguestcache($tid, $tpc['replies']); if ($attachdb = $pw_attachs->getByTid($tid)) { delete_att($attachdb); } } pwFtpClose($GLOBALS['ftp']); foreach ($ttable_a as $pw_tmsgs => $val) { //* $val = S::sqlImplode($val,false); //* $db->update("DELETE FROM $pw_tmsgs WHERE tid IN($val)"); pwQuery::delete($pw_tmsgs, 'tid IN(:tid)', array($val)); } # $db->update("DELETE FROM pw_threads WHERE fid=".S::sqlEscape($fid)); # ThreadManager //* $threadManager = L::loadClass("threadmanager", 'forum'); //* $threadManager->deleteByForumId($fid); $threadService = L::loadclass('threads', 'forum'); $threadService->deleteByForumId($fid); //* Perf::gatherInfo('changeThreadWithForumIds', array('fid'=>$fid)); foreach ($ptable_a as $key => $val) { $pw_posts = GetPtable($key); //$db->update("DELETE FROM $pw_posts WHERE fid=".S::sqlEscape($fid)); pwQuery::delete($pw_posts, 'fid=:fid', array($fid)); } updateforum($foruminfo['fup']); }
$gids[] = $gid; $glist[] = $gid; } $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $query = $db->query("SELECT uid,username,groupid,groups FROM pw_members WHERE groupid<>'-1'"); while (@extract($db->fetch_array($query))) { $username = addslashes($username); if (!in_array($groupid, $gids)) { $userService->update($uid, array('groupid' => -1)); //* $_cache->delete('UID_'.$uid); if ($groups == '') { admincheck($uid, $username, $groupid, $groups, 'delete'); } } else { admincheck($uid, $username, $groupid, $groups, 'update'); } } $db->update("DELETE FROM pw_administrators WHERE groupid NOT IN(" . S::sqlImplode($glist, false) . ") AND groups=''"); adminmsg('operate_success'); } elseif ($action == 'appcount') { $pwServer['REQUEST_METHOD'] != 'POST' && PostCheck($verify); S::gp(array('step', 'percount')); !$step && ($step = 1); !$percount && ($percount = 300); $start = ($step - 1) * $percount; $next = $start + $percount; $step++; $j_url = "{$basename}&action={$action}&step={$step}&percount={$percount}"; $goon = 0; $query = $db->query("SELECT uid,username FROM pw_members WHERE uid>" . S::sqlEscape($start) . " AND uid <= " . S::sqlEscape($next));
adminmsg('manager_right'); } if (ifadmin($oldinfo['username']) && $groupid != '5' && strpos($newgroups, ',5,') === false) { if (strpos($oldinfo['groups'], ',5,') !== false) { adminmsg('setuser_forumadmin'); } else { $newgroups .= $newgroups ? '5,' : ',5,'; } } elseif (!ifadmin($oldinfo['username']) && ($groupid == '5' || strpos($newgroups, ',5,') !== false)) { adminmsg('setuser_forumadmin'); } $newgroups == ',' && ($newgroups = ''); if ($groupid != '-1' || $newgroups) { admincheck($uid, $username, $groupid, $newgroups, 'update'); } elseif ($oldinfo['groupid'] != '-1' || $oldinfo['groups']) { admincheck($uid, $username, $groupid, $newgroups, 'delete'); } $newgroups != $oldinfo['groups'] && ($upmembers['groups'] = $newgroups); /* list($iconurl,$icontype,$iconwidth,$iconheight,$iconfile,$iconpig,$ifhavasmallicon) = showfacedesign(addslashes($oldinfo['icon']),true); if ($facetype == 2) { if (substr($_POST['i_http'],0,4) != 'http' || strrpos($_POST['i_http'],'|') !== false) { adminmsg('illegal_customimg'); } $icontype == 3 && DelIcon($iconfile); $i_w = (int)$_POST['i_w']; $i_h = (int)$_POST['i_h']; $iconfile = $_POST['i_http']; list($iconwidth,$iconheight) = getfacelen($i_w,$i_h); } elseif ($facetype == 3 && $delupload) { DelIcon($delupload);
} if ($groupid == '3' && !If_manager) { adminmsg('manager_right'); } $register = L::loadClass('Register', 'user'); $register->setField('username', $username); $register->setField('password', $password); $register->setField('email', $email); $register->setField('groupid', $groupid); $register->setField('yz', 1); $register->execute(); $customfieldService = L::loadClass('CustomerFieldService', 'user'); /* @var $customfieldService PW_CustomerFieldService */ $customfieldService->saveRegisterCustomerData(); if ($groupid != '-1') { admincheck($register->uid, $username, $groupid, '', 'update'); } adminmsg('operate_success'); } else { initGroupOptions(); include PrintEot('usermanage'); exit; } } elseif ($adminitem == 'usertitle') { //头衔管理 if ($action == 'groups') { S::gp(array('groupid', 'schname'), 'P'); $sql = is_numeric($groupid) ? "a.groups LIKE '%,{$groupid},%'" : "a.groups!=''"; $schname = trim($schname); if ($schname != '') { if (strpos($schname, '*') !== false) {
function pwUpdateManager($username, $password) { global $db; $rt = $db->get_one('SELECT uid,groups FROM pw_members WHERE username='******'uid']) { global $timestamp, $onlineip; $db->update('INSERT INTO pw_members' . ' SET ' . pwSqlSingle(array('username' => $username, 'password' => $password, 'groupid' => 3, 'regdate' => $timestamp))); $rt['uid'] = $db->insert_id(); $db->update('INSERT INTO pw_memberdata' . ' SET ' . pwSqlSingle(array('uid' => $rt['uid'], 'postnum' => 0, 'lastvisit' => $timestamp, 'thisvisit' => $timestamp, 'onlineip' => $onlineip))); } else { $db->update('UPDATE pw_members SET password='******'3' WHERE uid=" . pwEscape($rt['uid'])); } admincheck($rt['uid'], $username, '3', $rt['groups'], 'update'); }
function pwUpdateManager($username, $password) { global $db; $userService = L::loadclass('UserService', 'user'); /* @var $userService PW_UserService */ $rt = $userService->getByUserName($username); if (!$rt['uid']) { global $timestamp, $onlineip; $mainFields = array('username' => $username, 'password' => $password, 'groupid' => 3, 'memberid' => 8, 'regdate' => $timestamp); $memberDataFields = array('postnum' => 0, 'lastvisit' => $timestamp, 'thisvisit' => $timestamp, 'onlineip' => $onlineip); $userService->add($mainFields, $memberDataFields); } else { $userService->update($rt['uid'], array('groupid' => 3, 'password' => $password)); } admincheck($rt['uid'], $username, '3', $rt['groups'], 'update'); }
while ($forum = $db->fetch_array($query1)) { if ($forum['forumadmin'] && strpos($forum['forumadmin'], ",{$rt['username']},") !== false) { $newadmin = str_replace(",{$rt['username']},", ',', $forum['forumadmin']); $newadmin == ',' && ($newadmin = ''); $db->update("UPDATE pw_forums SET forumadmin='{$newadmin}' WHERE fid='{$forum['fid']}'"); } } $updatecache_fd = 1; } $newgroups == ',' && ($newgroups = ''); $db->update("UPDATE pw_members SET groupid=" . pwEscape($newgid, false) . ',groups=' . pwEscape($newgroups, false) . "WHERE uid=" . pwEscape($rt['uid'])); $db->update("DELETE FROM pw_extragroups WHERE uid=" . pwEscape($rt['uid'], false) . 'AND gid=' . pwEscape($rt['gid'], false)); if ($newgid == '-1' && $newgroups == '') { admincheck($rt['uid'], $rt['username'], $newgid, $newgroups, 'delete'); } else { admincheck($rt['uid'], $rt['username'], $newgid, $newgroups, 'update'); } continue; } if ($rt['gid'] != $rt['groupid'] && strpos($rt['groups'], "," . $rt['gid'] . ",") === false) { $db->update("DELETE FROM pw_extragroups WHERE uid=" . pwEscape($rt['uid'], false) . 'AND gid=' . pwEscape($rt['gid'], false)); continue; } $rt['startdate'] = get_date($rt['startdate']); $rt['slevel'] = $ltitle[$rt['gid']]; $rt['tolevel'] = $ltitle[$rt['togid']]; $memberdb[] = $rt; } $updatecache_fd && updatecache_fd(); include PrintEot('uptime'); exit;
} wind_forumcheck($foruminfo); $foruminfo['topic'] = $db->get_value("SELECT topic FROM pw_forumdata WHERE fid=" . S::sqlEscape($fid)); $forumset = $foruminfo['forumset']; $forumname = strip_tags($foruminfo['name']); if ($forumset['link']) { $flink = str_replace("&", "&", $forumset['link']); ObHeader($flink); } //SEO setting $_seo = array('title' => $foruminfo['title'], 'metaDescription' => $foruminfo['metadescrip'], 'metaKeywords' => $foruminfo['keywords']); bbsSeoSettings('thread', $_seo, $foruminfo['name']); if ($groupid != 3 && !$foruminfo['allowvisit'] && !admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid)) { forum_creditcheck(); } if ($groupid != 3 && $foruminfo['forumsell'] && !admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid)) { forum_sell($fid); } $db_perpage = 100; $db_maxpage && $page > $db_maxpage && ($page = $db_maxpage); (!is_numeric($page) || $page < 1) && ($page = 1); if ($page > 1) { $start_limit = ($page - 1) * $db_perpage; } else { $start_limit = 0; $page = 1; } $startid = $start_limit + 1; $count = $foruminfo['topic']; $numofpage = ceil($count / $db_perpage); if ($numofpage && $page > $numofpage) {
/** * 返回报名列表管理/浏览权限 * @param int $authorid 发起人id * @return bool * @access private */ function getAdminRight($authorid) { global $groupid, $manager, $foruminfo, $windid; $isGM = S::inArray($windid, $manager); //是否是创始人 $isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid); //是否有管理权限 if (!$isGM) { #非创始人权限获取 $pwSystem = pwRights($isBM); if ($pwSystem && $pwSystem['activitylist']) { $isBM = 1; } else { $isBM = 0; } } if ($groupid == 3 || $isGM || $isBM || $authorid == $this->winduid) { return true; } return false; }
$reason_a = explode("\n", $db_adminreason); foreach ($reason_a as $k => $v) { if ($v = trim($v)) { $reason_sel .= "<option value=\"{$v}\">{$v}</option>"; } else { $reason_sel .= "<option value=\"\">-------</option>"; } } $rt['leaveword'] = str_replace(' ', ' ', $rt['leaveword']); require_once PrintEot('ajax'); ajax_footer(); } else { PostCheck(); S::gp(array('pid', 'atc_content', 'ifmsg'), 'P'); $tpc = $db->get_one("SELECT t.authorid,t.ptable,f.forumadmin,f.fupadmin FROM pw_threads t LEFT JOIN pw_forums f USING(fid) WHERE t.tid=" . S::sqlEscape($tid)); if ($tpc['authorid'] != $winduid && !S::inArray($windid, $manager) && !admincheck($tpc['forumadmin'], $tpc['fupadmin'], $windid)) { Showmsg('leaveword_error'); } require_once R_P . 'require/bbscode.php'; $atc_content = str_replace('=', '=', $atc_content); $ptable = $tpc['ptable']; $content = convert($atc_content, $db_windpost); //$sqladd = $atc_content == $content ? '' : ",ifconvert='2'"; $_tmp = array(); $_tmp['leaveword'] = $atc_content; $atc_content != $content && ($_tmp['ifconvert'] = 2); $pw_posts = GetPtable($ptable); if ($ifmsg && !empty($atc_content)) { //* include_once pwCache::getPath(D_P . 'data/bbscache/forum_cache.php'); pwCache::getData(D_P . 'data/bbscache/forum_cache.php'); $atc = $db->get_one("SELECT author,fid,subject,content,postdate FROM {$pw_posts} WHERE pid=" . S::sqlEscape($pid) . ' AND tid=' . S::sqlEscape($tid));
function getThreadLevel($type, $fid) { if (!in_array($type, array('thread', 'special'))) { return array('', '', ''); } global $windid, $manager, $SYSTEM; /* thread level */ $isGM = S::inArray($windid, $manager); $isGM ? $admincheck = 1 : 0; if (!$admincheck && $fid) { $_forumsService = L::loadClass('forums', 'forum'); $foruminfo = $_forumsService->getForum($fid); $isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid); $pwSystem = pwRights($isBM, false, $fid); if ($pwSystem && ($pwSystem['tpccheck'] || $pwSystem['digestadmin'] || $pwSystem['lockadmin'] || $pwSystem['pushadmin'] || $pwSystem['coloradmin'] || $pwSystem['downadmin'] || $pwSystem['delatc'] || $pwSystem['moveatc'] || $pwSystem['copyatc'] || $pwSystem['topped'])) { $admincheck = 1; } } $superdelete = $SYSTEM['superright'] && $SYSTEM['delatc'] ? true : false; $superedit = $SYSTEM['superright'] && $SYSTEM['deltpcs'] ? true : false; return array($admincheck, $superdelete, $superedit); }
if ($action) { !$fid && Showmsg('data_error'); if (!($forums = L::forum($fid))) { Showmsg('data_error'); } (!$forums || $forums['type'] == 'category') && Showmsg('data_error'); $isBM = admincheck($forums['forumadmin'], $forums['fupadmin'], $windid); if (!in_array($groupid, array('3', '4')) && !$isBM) { Showmsg('not_forumadmin'); } $forumset = $forums['forumset']; $first_admin = $db_adminset && strpos($forums['forumadmin'], ',' . $windid . ',') === 0 ? 1 : 0; } else { $query = $db->query("SELECT fid,forumadmin,fupadmin FROM pw_forums WHERE cms=0 AND type!='category'"); while ($rt = $db->fetch_array($query)) { if (in_array($groupid, array('3', '4')) || admincheck($rt['forumadmin'], $rt['fupadmin'], $windid)) { $fiddb[] = $rt['fid']; } } !$fiddb && Showmsg('not_forumadmin'); } require_once R_P . 'require/header.php'; if (!$action) { $forum_name = ''; $fids = pwImplode($fiddb); $froumdb = array(); $query = $db->query("SELECT * FROM pw_forums f LEFT JOIN pw_forumdata fd USING(fid) WHERE f.fid IN({$fids})"); while ($rt = $db->fetch_array($query)) { $forumdb[] = $rt; } $i = count($forumdb);
function updateadmin() { global $db; $f_admin = array(); $query = $db->query("SELECT forumadmin FROM pw_forums"); while ($forum = $db->fetch_array($query)) { $adminarray = explode(",", $forum['forumadmin']); foreach ($adminarray as $key => $value) { $value = trim($value); if ($value) { $f_admin[] = $value; } } } $f_admin = array_unique($f_admin); $query = $db->query("SELECT uid,username,groupid,groups FROM pw_administrators WHERE groupid=5 OR groups LIKE '%,5,%'"); while ($rt = $db->fetch_array($query)) { if (!in_array($rt['username'], $f_admin)) { if ($rt['groupid'] == '5') { $db->update("UPDATE pw_members SET groupid='-1' WHERE uid='{$rt['uid']}'"); $rt['groupid'] = -1; } else { $rt['groups'] = str_replace(',5,', ',', $rt['groups']); $rt['groups'] == ',' && ($rt['groups'] = ''); $db->update("UPDATE pw_members SET groups='{$rt['groups']}' WHERE uid='{$rt['uid']}'"); } if ($rt['groupid'] == '-1' && $rt['groups'] == '') { admincheck($rt['uid'], $rt['username'], $rt['groupid'], $rt['groups'], 'delete'); } else { admincheck($rt['uid'], $rt['username'], $rt['groupid'], $rt['groups'], 'update'); } } } if ($f_admin) { $usernames = pwImplode($f_admin); $pwSQL = array(); $query = $db->query("SELECT m.uid,m.username,m.groupid,m.groups,a.groupid AS gid,a.groups AS gps FROM pw_members m LEFT JOIN pw_administrators a ON m.uid=a.uid WHERE m.username IN({$usernames})"); while ($rt = $db->fetch_array($query)) { if ($rt['groupid'] == '-1') { $rt['groups'] = str_replace(',5,', ',', $rt['groups']); $rt['groups'] == ',' && ($rt['groups'] = ''); $db->update("UPDATE pw_members SET groupid='5',groups=" . pwEscape($rt['groups']) . ' WHERE uid=' . pwEscape($rt['uid'])); $rt['groupid'] = 5; } elseif ($rt['groupid'] != '5' && strpos($rt['groups'], ',5,') === false) { $rt['groups'] = $rt['groups'] ? $rt['groups'] . '5,' : ",5,"; $db->update("UPDATE pw_members SET groups=" . pwEscape($rt['groups']) . ' WHERE uid=' . pwEscape($rt['uid'])); } if ($rt['groupid'] != $rt['gid'] || $rt['groups'] != $rt['gps']) { $pwSQL[] = array($rt['uid'], $rt['username'], $rt['groupid'], $rt['groups']); } } if ($pwSQL) { $db->update("REPLACE INTO pw_administrators (uid,username,groupid,groups) VALUES " . pwSqlMulti($pwSQL)); } } }
} } define('FX', 1); } if (!($foruminfo = L::forum($fid))) { $foruminfo = $db->get_one("SELECT f.*,fe.creditset,fe.forumset,fe.commend FROM pw_forums f LEFT JOIN pw_forumsextra fe ON f.fid=fe.fid WHERE f.fid=" . pwEscape($fid)); if ($foruminfo) { $foruminfo['creditset'] = unserialize($foruminfo['creditset']); $foruminfo['forumset'] = unserialize($foruminfo['forumset']); $foruminfo['commend'] = unserialize($foruminfo['commend']); } } !$foruminfo && wap_msg('data_error', $basename); require_once R_P . 'require/forum.php'; wind_forumcheck($foruminfo); if ($groupid == '3' || admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid)) { #获取管理权限 $admincheck = 1; } else { $admincheck = 0; } if ($foruminfo['allowdownload'] && !allowcheck($foruminfo['allowdownload'], $groupid, $winddb['groups']) && !$admincheck) { #版块权限判断 wap_msg('job_attach_forum', $basename); } if (!$foruminfo['allowdownload'] && $_G['allowdownload'] == 0 && !$admincheck) { #用户组权限判断 wap_msg('job_attach_group', $basename); } if (!$attach_url && !$db_ftpweb && !is_readable("{$attachdir}/" . $attach['attachurl'])) { wap_msg('job_attach_error', $basename);
$showfield = array(); $custominfo = $db_union[7] ? (array) unserialize($db_union[7]) : array(); foreach ($custominfo as $key => $val) { if (substr($val[3], 2, 1) == '1') { $showfield[] = $key; } } !empty($showfield) && ($fieldinfo .= ',mi.customdata'); $fieldinfo && ($tableinfo = 'LEFT JOIN pw_memberinfo mi ON mi.uid=m.uid'); /**************************************/ //帖子浏览及管理权限 $isGM = $isBM = $admincheck = $managecheck = $pwPostHide = $pwSellHide = $pwEncodeHide = 0; $pwSystem = array(); if ($groupid != 'guest') { $isGM = S::inArray($windid, $manager); $isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid); $admincheck = $isGM || $isBM ? 1 : 0; if (!$isGM) { #非创始人权限获取 $pwSystem = pwRights($isBM); if ($pwSystem && ($pwSystem['tpccheck'] || $pwSystem['digestadmin'] || $pwSystem['lockadmin'] || $pwSystem['pushadmin'] || $pwSystem['coloradmin'] || $pwSystem['downadmin'] || $pwSystem['delatc'] || $pwSystem['moveatc'] || $pwSystem['copyatc'] || $pwSystem['topped'] || $pwSystem['unite'] || $pwSystem['pingcp'] || $pwSystem['areapush'])) { $managecheck = 1; } $pwPostHide = $pwSystem['posthide']; $pwSellHide = $pwSystem['sellhide']; $pwEncodeHide = $pwSystem['encodehide']; } else { $managecheck = $pwPostHide = $pwSellHide = $pwEncodeHide = 1; } } //版块查看权限
$sql->query("UPDATE `announcements` SET `forum`='{$mergeid}' WHERE `forum`='{$id}'") or die(mysql_error()); $sql->query("DELETE FROM `forummods` WHERE `forum`='{$id}'") or die(mysql_error()); $sql->query("DELETE FROM `forums` WHERE `id`='{$id}'") or die(mysql_error()); $lastthread = $sql->fetchq("SELECT * FROM `threads` WHERE `forum`='{$mergeid}' ORDER BY `lastpostdate` DESC LIMIT 1"); $sql->query("UPDATE `forums` SET\r\n\t\t`numthreads`=`numthreads`+'{$counts['numthreads']}',\r\n\t\t`numposts`=`numposts`+'{$counts['numposts']}',\r\n\t\t`lastpostdate`='{$lastthread['lastpostdate']}',\r\n\t\t`lastpostuser`='{$lastthread['lastposter']}',\r\n\t\t`lastpostid`='{$lastthread['id']}'\r\n\tWHERE `id`='{$mergeid}'") or die(mysql_error()); if (isset($_GET['preview'])) { $prevtext = "preview=" . $_GET['preview']; } trigger_error("DELETED forum ID {$id}; merged into forum ID {$mergeid}", E_USER_NOTICE); header("Location: ?{$prevtext}"); die; } $windowtitle = "Editing Forum List"; require_once 'lib/layout.php'; print "{$header}<br>"; admincheck(); print adminlinkbar('admin-editforums.php'); foreach ($pwlnames as $pwl => $pwlname) { if ($pwl < 0) { continue; } $powers[] = $pwlname; } $powers[] = '[no access]'; $pollstyles = array(-2 => 'Disallowed', -1 => 'Normal', 0 => 'Force Regular', 1 => 'Force Influence'); if (isset($_GET['delete'])) { $forum = intval($_GET['delete']); $forums[-1] = "Choose a forum to merge into..."; $forumquery = $sql->query("SELECT id,title FROM forums ORDER BY catid,forder"); while ($f = $sql->fetch($forumquery, MYSQL_ASSOC)) { $forums[$f['id']] = $f['title'];