function checkLogin() { global $db; $m_name = be("post", "m_name"); $m_name = chkSql($m_name, true); $m_password = be("post", "m_password"); $m_password = chkSql($m_password, true); $m_password = md5($m_password); $m_check = be("post", "m_check"); if (isN($m_name) || isN($m_password) || isN($m_check)) { alertUrl("请输入您的用户名或密码!", "?action=login"); } $row = $db->getRow("SELECT * FROM {pre}manager WHERE m_name='" . $m_name . "' AND m_password = '******' AND m_status=1"); if ($row && $m_check == app_safecode) { sCookie("adminid", $row["m_id"]); sCookie("adminname", $row["m_name"]); sCookie("adminlevels", $row["m_levels"]); $randnum = md5(rand(1, 99999999)); sCookie("admincheck", md5($randnum . $row["m_name"] . $row["m_id"])); $db->Update("{pre}manager", array("m_logintime", "m_loginip", "m_random"), array(date("Y-m-d H:i:s"), getIP(), $randnum), " m_id=" . $row["m_id"]); echo "<script>top.location.href='index.php';</script>"; } else { alertUrl("您输入的用户名和密码不正确或者您不是系统管理员!", "?action=login"); } }
function chkLogin() { global $db; $m_id = getCookie("adminid"); $m_id = chkSql($m_id, true); $m_name = getCookie("adminname"); // writetofile("operate.log", "loginame:{".$m_name ."};action:{".be("all","action")."};referce:{".getReferer()."}.request:{".$_SERVER["REQUEST_URI"]."};parameters GET:{".json_encode($_GET)."}" ); writetofile("operate.log", "loginame:{" . $m_name . "};action:{" . be("all", "action") . "};referce:{" . getReferer() . "}.request:{" . $_SERVER["REQUEST_URI"] . "};parameters POST:{" . json_encode($_POST) . "}"); $m_name = chkSql($m_name, true); if (!isN($m_name) && !isN($m_id)) { $row = $db->getRow("SELECT * FROM {pre}manager WHERE m_name='" . $m_name . "' AND m_id= '" . $m_id . "' AND m_status ='1'"); if ($row) { $loginValidate = md5($row["m_random"] . $row["m_name"] . $row["m_id"]); if (getCookie("admincheck") != $loginValidate) { sCookie("admincheck", ""); die("<script>top.location.href='index.php?action=login';</script>"); } } else { sCookie("admincheck", ""); die("<script>top.location.href='index.php?action=login';</script>"); } } else { die("<script>top.location.href='index.php?action=login';</script>"); } }
if (strpos($tpl->H, '{maccms:count_gbook_all}')) { $tpl->H = str_replace("{maccms:count_gbook_all}", $tpl->getDataCount('gbook', "all"), $tpl->H); } if (strpos($tpl->H, '{maccms:count_gbook_day}')) { $tpl->H = str_replace("{maccms:count_gbook_day}", $tpl->getDataCount('gbook', "day"), $tpl->H); } $tpl->pageshow(); } elseif ($method == 'save') { $g_vid = be("all", "g_vid"); $g_vid = chkSql($g_vid); $g_name = be("all", "g_name"); $g_name = chkSql($g_name); $g_content = be("all", "g_content"); $g_content = chkSql($g_content); $g_code = be("all", "g_code"); $g_code = chkSql($g_code); if (!isNum($g_vid)) { $g_vid = 0; } if (isN($g_name) || isN($g_content)) { alert('请输入昵称和内容'); exit; } if ($MAC['other']['gbookverify'] == 1 && $_SESSION["code_gbook"] != $g_code) { alert('验证码错误'); exit; } if (getTimeSpan("last_gbooktime") < $MAC['other']['gbooktime']) { alert('请不要频繁操作'); exit; }
$tpl->C["siteaid"] = 14; $tpl->P['cp'] = 'vodtopic'; $tpl->P['cn'] = $tpl->P['id'] . '-' . $tpl->P['pg'] . '-' . $tpl->P['order'] . '-' . $tpl->P['by']; echoPageCache($tpl->P['cp'], $tpl->P['cn']); $tpl->P['vodtopicid'] = $tpl->P['id']; $tpl->T = $MAC_CACHE['vodtopic'][$tpl->P['vodtopicid']]; if (!is_array($tpl->T)) { showMsg("获取数据失败,请勿非法传递参数", "../"); } $db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']); $tpl->loadtopic('vod'); $tpl->pageshow(); } elseif ($method == 'search') { $tpl->C["siteaid"] = 15; $wd = trim(be("all", "wd")); $wd = chkSql($wd); if (!empty($wd)) { $tpl->P["wd"] = $wd; } //if(empty($tpl->P["wd"]) && empty($tpl->P["ids"]) && empty($tpl->P["pinyin"]) && empty($tpl->P["starring"]) && empty($tpl->P["directed"]) && empty($tpl->P["area"]) && empty($tpl->P["lang"]) && empty($tpl->P["year"]) && empty($tpl->P["letter"]) && empty($tpl->P["tag"]) && empty($tpl->P["type"]) && empty($tpl->P["typeid"]) && empty($tpl->P["classid"]) ){ alert ("搜索参数不正确"); } if ($tpl->P['pg'] == 1 && getTimeSpan("last_searchtime") < $MAC['app']['searchtime']) { showMsg("请不要频繁操作,时间间隔为" . $MAC['app']['searchtime'] . "秒", MAC_PATH); exit; } $tpl->P['cp'] = 'vodsearch'; $tpl->P['cn'] = urlencode($tpl->P['wd']) . '-' . $tpl->P['pg'] . '-' . $tpl->P['order'] . '-' . $tpl->P['by'] . '-' . $tpl->P['ids'] . '-' . $tpl->P['pinyin'] . '-' . $tpl->P['type'] . '-' . $tpl->P['year'] . '-' . $tpl->P['letter'] . '-' . $tpl->P['typeid'] . '-' . $tpl->P['classid'] . '-' . urlencode($tpl->P['area']) . '-' . urlencode($tpl->P['lang']) . '-' . urlencode($tpl->P['tag']) . '-' . urlencode($tpl->P['starring']) . '-' . urlencode($tpl->P['directed']); echoPageCache($tpl->P['cp'], $tpl->P['cn']); $tpl->P["where"] = ''; $tpl->P["des"] = ''; $db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']); foreach ($tpl->P as $k => $v) {
exit; } $g_name = badFilter($g_name); $g_content = badFilter($g_content); $g_ip = ip2long(getIP()); $g_time = time(); $db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']); $db->Add("{pre}gbook", array("g_vid", "g_hide", "g_name", "g_ip", "g_time", "g_content"), array($g_vid, $g_hide, $g_name, $g_ip, $g_time, $g_content)); $_SESSION["last_gbook"] = time(); $_SESSION["code_gbook"] = ""; echo "<script>alert('报错成功,多谢支持!');window.close();</script>"; } elseif ($ac == 'suggest') { $q = be("get", "q"); $q = chkSql($q); $t = be("get", "t"); $t = chkSql($t); $res = '{"status":0,"info":"err","data":[{}]}'; if (!empty($q)) { $q = mysql_real_escape_string($q); $sql = "SELECT d_name from {pre}vod WHERE d_name like '" . $q . "%' or d_enname like '" . $q . "%' "; if ($t == 'art') { "SELECT a_name from {pre}art WHERE a_name like '" . $q . "%' or a_enname like '" . $q . "%' "; } $rs = $db->queryArray($sql, false); if ($rs) { echo '{"status":1,"info":"ok","data":' . json_encode($rs) . '}'; return; } unset($rs); } echo $res;
$curhours = date("H", time()); if (strlen($oldhours) == 1 && intval($oldhours) < 10) { $oldhours = '0' . $oldhours; } if (strlen($curhours) == 1 && intval($curhours) < 10) { $curhours = substr($curhours, 1, 1); } if (!empty($m) && $tname == $m || $tstatus == 1 && (empty($truntime) || $oldweek . "-" . $oldhours != $curweek . "-" . $curhours && strpos($tweeks, $curweek) > -1 && strpos($thours, $curhours) > -1)) { $timmingnode->getElementsByTagName("runtime")->item(0)->nodeValue = time(); $doc->save($xmlpath); $p = array(); $m = $tparamets; $par = explode('-', $m); $parlen = count($par); $ac = $par[0]; $colnum = array('id', 'pg'); if ($parlen >= 2) { $method = $par[1]; for ($i = 2; $i < $parlen; $i += 2) { $p[$par[$i]] = in_array($par[$i], $colnum) ? intval($par[$i + 1]) : chkSql(urldecode($par[$i + 1])); } } if ($p['pg'] < 1) { $p['pg'] = 1; } unset($colnum); $db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']); include MAC_ROOT . "/inc/timming/" . $tfile; } } unset($doc, $p, $par);
require "conn.php"; require MAC_ROOT . '/inc/common/360_safe3.php'; if ($MAC['api']['vod']['status'] == 0) { echo "closed"; exit; } $db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']); $ac = be("get", "ac"); $t = intval(be("get", "t")); $pg = intval(be("get", "pg")); $h = intval(be("get", "h")); $wd = be("get", "wd"); $wd = chkSql($wd); $ids = be("all", "ids"); $ids = chkSql($ids); if ($pg < 1) { $pg = 1; } if ($ac == 'videolist') { $cp = 'api'; $cn = 'videolist' . $t . "-" . $pg . "-" . $wd . "-" . $h . "-" . str_replace(",", "", $ids); echoPageCache($cp, $cn); $xmla = "<?xml version=\"1.0\" encoding=\"utf-8\"?>"; $xmla .= "<rss version=\"5.1\">"; $sql = "select * from {pre}vod where 1=1 "; $sql1 = "select count(*) from {pre}vod where 1=1 "; if (!empty($ids)) { $arr = explode(',', $ids); for ($i = 0; $i < count($arr); $i++) { $arr[$i] = intval($arr[$i]);
if (!isNum($buynum)) { alert("充值金额必须是数字!"); exit; } else { $buynum = intval($buynum); } if ($buynum < app_buymin) { alert("最小充值金额是" . app_buymin . "元,请重填!"); exit; } } elseif ($method == 'paysave') { chkLogin(); $cardnum = be("post", "cardnum"); $cardnum = chkSql($cardnum); $cardpwd = be("post", "cardpwd"); $cardpwd = chkSql($cardpwd); if (isN($cardnum)) { alert("卡号不能为空!"); exit; } if (isN($cardpwd)) { alert("卡号密码不能为空"); exit; } $sql = "SELECT * FROM {pre}user_card WHERE c_number='" . mysql_real_escape_string($cardnum) . "'and c_pass='******'"; $row = $db->getRow($sql); if (!$row) { alert("该充值卡不存在或者卡号密码错了"); exit; } else { if ($row["c_used"] == 1) {
function score() { global $db, $action, $id; $score = be("get", "score"); $score = chkSql($score, true); $ac3 = be("get", "ac3"); if (getCookie("vodscore_" . $id) == "ok") { echo "haved"; exit; } if (!isNum($id)) { echo "err"; exit; } if (!isNum($score)) { $score = 0; } else { $score = intval($score); } if ($score < 0) { $score = 0; } if ($score > 10) { $score = 10; } $res = 0; $row = $db->getRow("SELECT d_score,d_scorecount FROM {pre}vod WHERE d_id=" . $id); if ($row) { $d_score = $row["d_score"] + $score; $d_scorecount = $row["d_scorecount"] + 1; $db->Update("{pre}vod", array("d_score", "d_scorecount"), array($d_score, $d_scorecount), "d_id=" . $id); $res = round($d_score / $d_scorecount, 1); if ($ac3 == "all") { $res = $d_score . "," . $d_scorecount . "," . round($d_score / $d_scorecount, 1); } } unset($row); sCookie("vodscore_" . $id, "ok"); echo $res; }
$db = new AppDb($MAC['db']['server'], $MAC['db']['user'], $MAC['db']['pass'], $MAC['db']['name']); $tpl->mark(); $tpl->H = str_replace("{maccms:commentverify}", $MAC['other']['commentverify'], $tpl->H); $ps = 'MAC.Comment.Show(\'{url}\')'; $tpl->pageshow($ps); } elseif ($method == 'save') { $c_vid = intval(be("all", "vid")); $c_vid = chkSql($c_vid); $c_name = be("all", "c_name"); $c_name = chkSql($c_name); $c_type = intval(be("all", "aid")); $c_type = chkSql($c_type); $c_content = be("all", "c_content"); $c_content = chkSql($c_content); $c_code = be("all", "c_code"); $c_code = chkSql($c_code); if ($c_type >= 16 && $c_type <= 18) { $c_type = 16; } if (isN($c_name) || isN($c_content)) { echo '请输入昵称和内容'; exit; } if ($MAC['other']['commentverify'] == 1 && $_SESSION["code_comment"] != $c_code) { echo '验证码错误'; exit; } if (getTimeSpan("last_commenttime") < $MAC['other']['commenttime']) { echo '请不要频繁操作'; exit; }