function set($post) { global $MOD, $DT_TIME, $_username, $_userid; $post['addtime'] = isset($post['addtime']) && $post['addtime'] ? strtotime($post['addtime']) : $DT_TIME; $post['edittime'] = $DT_TIME; $post['editor'] = $_username; $post['content'] = addslashes(save_remote(save_local(stripslashes($post['content'])))); clear_upload($post['content']); if ($this->itemid) { $new = $post['content']; $r = $this->get_one(); $old = $r['content']; delete_diff($new, $old); } if ($post['fromtime']) { $post['fromtime'] = strtotime($post['fromtime'] . ' 0:0:0'); } if ($post['totime']) { $post['totime'] = strtotime($post['totime'] . ' 23:59:59'); } $post['groupid'] = implode(',', $post['groupid']); $post['verify'] = intval($post['verify']); $post['display'] = intval($post['display']); return array_map("trim", $post); }
function set($post) { global $MOD, $DT_TIME, $_username, $_userid; $post['edittime'] = $DT_TIME; $post['title'] = trim($post['title']); $post['listorder'] = intval($post['listorder']); clear_upload($post['content']); if ($this->itemid) { $post['editor'] = $_username; $new = $post['content']; $r = $this->get_one(); $old = $r['content']; delete_diff($new, $old); } else { $post['addtime'] = $DT_TIME; } $content = $post['content']; unset($post['content']); $post = dhtmlspecialchars($post); $post['content'] = dsafe($content); if ($MOD['page_clear'] || $MOD['page_save']) { $post['content'] = stripslashes($post['content']); $post['content'] = save_local($post['content']); if ($MOD['page_clear']) { $post['content'] = clear_link($post['content']); } if ($MOD['page_save']) { $post['content'] = save_remote($post['content']); } $post['content'] = addslashes($post['content']); } return array_map("trim", $post); }
function set($post) { global $MOD, $DT_TIME, $_username, $_userid; if (!$this->itemid) { $post['addtime'] = $DT_TIME; } $post['edittime'] = $DT_TIME; $post['editor'] = $_username; clear_upload($post['thumb']); return array_map("trim", $post); }
function edit($post) { $post = $this->set($post); $sql = ''; foreach ($post as $k => $v) { $sql .= ",{$k}='{$v}'"; } $sql = substr($sql, 1); $this->db->query("UPDATE {$this->table} SET {$sql} WHERE itemid={$this->itemid}"); clear_upload($post['content']); return true; }
function set($post) { global $MOD, $DT_TIME, $DT_IP, $_username, $_userid; $post['addtime'] = isset($post['addtime']) && $post['addtime'] ? strtotime($post['addtime']) : $DT_TIME; $post['adddate'] = timetodate($post['addtime'], 3); $post['edittime'] = $DT_TIME; clear_upload($post['thumb'], $this->specialid); if ($this->itemid) { $post['editor'] = $_username; } else { $post['username'] = $post['editor'] = $_username; $post['ip'] = $DT_IP; } return $post; }
function set($post) { global $MOD, $DT_TIME, $_username, $_userid; $post['islink'] = isset($post['islink']) ? 1 : 0; $post['edittime'] = $DT_TIME; $post['editor'] = $_username; $post['content'] = addslashes(save_remote(save_local(stripslashes($post['content'])))); clear_upload($post['content']); if ($this->itemid) { $new = $post['content']; $r = $this->get_one(); $old = $r['content']; delete_diff($new, $old); } return array_map("trim", $post); }
function set($post) { global $MOD, $DT_TIME, $_username, $_userid; $post['addtime'] = isset($post['addtime']) && $post['addtime'] ? datetotime($post['addtime']) : $DT_TIME; $post['edittime'] = $DT_TIME; $post['fromtime'] = datetotime($post['fromtime'] . ' 00:00:00'); $post['totime'] = $post['totime'] ? datetotime($post['totime'] . ' 23:59:59') : 0; $post['title'] = trim($post['title']); clear_upload($post['content'] . $post['thumb']); if ($this->itemid) { $post['editor'] = $_username; $new = $post['content']; if ($post['thumb']) { $new .= '<img src="' . $post['thumb'] . '">'; } $r = $this->get_one(); $old = $r['content']; if ($r['thumb']) { $old .= '<img src="' . $r['thumb'] . '">'; } delete_diff($new, $old); } $content = $post['content']; unset($post['content']); $post = dhtmlspecialchars($post); $post['content'] = dsafe($content); if ($MOD['credit_clear'] || $MOD['credit_save']) { $post['content'] = stripslashes($post['content']); $post['content'] = save_local($post['content']); if ($MOD['credit_clear']) { $post['content'] = clear_link($post['content']); } if ($MOD['credit_save']) { $post['content'] = save_remote($post['content']); } $post['content'] = addslashes($post['content']); } return array_map("trim", $post); }
function set($post) { global $MOD, $DT_TIME, $_username, $_userid; $post['addtime'] = isset($post['addtime']) && $post['addtime'] ? strtotime($post['addtime']) : $DT_TIME; $post['edittime'] = $DT_TIME; $post['content'] = addslashes(save_remote(save_local(stripslashes($post['content'])))); $post['introduce'] = addslashes(get_intro($post['content'], 120)); $post['passport'] = addslashes(get_user($post['username'], 'username', 'passport')); if ($this->itemid) { $post['editor'] = $_username; $new = $post['content']; $r = $this->get_one(); $old = $r['content']; delete_diff($new, $old); } $content = $post['content']; unset($post['content']); $post = dhtmlspecialchars($post); $post['content'] = addslashes(dsafe($content)); clear_upload($post['content']); return array_map("trim", $post); }
function set($post) { global $DT_TIME, $_username; $post['status'] = $post['status'] == 3 ? 3 : 2; if ($this->itemid) { $post['edittime'] = $DT_TIME; $post['editor'] = $_username; $new = $post['content']; $r = $this->get_one(); $old = $r['content']; delete_diff($new, $old); } else { $post['addtime'] = $DT_TIME; } $content = $post['content']; unset($post['content']); $post = dhtmlspecialchars($post); $post['content'] = dsafe($content); $post['content'] = addslashes(save_remote(save_local(stripslashes($post['content'])))); clear_upload($post['content']); return array_map("trim", $post); }
} if ($submit) { captcha($captcha); $email = trim($email); if (!is_email($email)) { message($L['sendmail_pass_mailto']); } $title = trim(stripslashes($title)); if (strlen($title) < 5) { message($L['pass_title']); } $content = trim(stripslashes($content)); if (strlen($content) < 10) { message($L['pass_content']); } clear_upload($content); $content = dsafe(save_local($content)); $content = ob_template('send', 'mail'); $DT['mail_name'] = $_company; if (send_mail($email, $title, $content, '', false)) { //$_email message(lang($L['sendmail_success'], array($email)), 'sendmail.php'); } else { message($L['sendmail_fail']); } } else { $head_title = $L['sendmail_title']; $email = isset($email) ? trim(stripslashes($email)) : ''; $title = isset($title) ? trim(stripslashes($title)) : ''; $content = isset($content) ? trim(stripslashes($content)) : ''; if ($action == 'page' && isset($title) && isset($linkurl)) {
$post['vcompany'] = $user['vcompany']; $post['vtrade'] = $user['vtrade']; $post['trade'] = $user['trade']; $post['support'] = $user['support']; $post['inviter'] = $user['inviter']; if ($post['vmobile']) { $post['mobile'] = $user['mobile']; } if ($post['vtruename']) { $post['truename'] = $user['truename']; } $post = dstripslashes($post); $post_check = array(); if ($_E) { if (in_array('thumb', $_E) || in_array('content', $_E)) { clear_upload($post['thumb'] . $post['content'], $_userid); } foreach ($_E as $k) { if ($post[$k] != $user[$k]) { $post_check[$k] = $post[$k]; $post[$k] = $user[$k]; } } } $post = daddslashes($post); $post_check = daddslashes($post_check); if ($MFD) { fields_check($post_fields, $MFD); } if ($CFD) { fields_check($post_fields, $CFD);
function set($post) { global $MOD, $DT_TIME, $_username; $post['addtime'] = isset($post['addtime']) && $post['addtime'] ? strtotime($post['addtime']) : $DT_TIME; $post['editor'] = $_username; $post['edittime'] = $DT_TIME; $post['minprice'] = dround($post['minprice']); $post['maxprice'] = dround($post['maxprice']); $post['content'] = addslashes(save_remote(save_local(stripslashes($post['content'])))); clear_upload($post['content']); if ($this->itemid) { $new = $post['content']; $r = $this->get_one(); $old = $r['content']; delete_diff($new, $old); } return array_map("trim", $post); }
if ($HOME['banner1'] != $setting['banner1']) { delete_upload($HOME['banner1'], $_userid); } if ($HOME['banner2'] != $setting['banner2']) { delete_upload($HOME['banner2'], $_userid); } if ($HOME['banner3'] != $setting['banner3']) { delete_upload($HOME['banner3'], $_userid); } if ($HOME['banner4'] != $setting['banner4']) { delete_upload($HOME['banner4'], $_userid); } if ($HOME['banner5'] != $setting['banner5']) { delete_upload($HOME['banner5'], $_userid); } clear_upload($setting['background'] . $setting['logo'] . $setting['video'] . $setting['banner'] . $setting['bannerf'] . $setting['banner1'] . $setting['banner2'] . $setting['banner3'] . $setting['banner4'] . $setting['banner5']); $announce = $setting['announce']; unset($setting['announce']); $setting = dhtmlspecialchars($setting); $setting['announce'] = dsafe($announce); update_company_setting($_userid, $setting); dmsg($L['home_msg_save'], 'home.php?tab=' . $tab); } } else { $CS = cache_read('module-4.php'); $api_map = $CS['map']; $api_stats = $CS['stats']; $api_kf = $CS['kf']; $menu_f = ','; foreach (explode(',', $MG['menu_c']) as $v) { $menu_f .= $MFILE[$v] . ',';
function edit($post) { $this->delete($this->itemid, false); $post = $this->set($post); $sql = ''; foreach ($post as $k => $v) { if (in_array($k, $this->fields)) { $sql .= ",{$k}='{$v}'"; } } $sql = substr($sql, 1); $this->db->query("UPDATE {$this->table} SET {$sql} WHERE itemid={$this->itemid}"); $content_table = content_table($this->moduleid, $this->itemid, $this->split, $this->table_data); $this->db->query("UPDATE {$content_table} SET content='{$post['content']}' WHERE itemid={$this->itemid}"); $this->update($this->itemid); clear_upload($post['content'] . $post['thumb'] . $post['video'], $this->itemid); if ($post['status'] > 2) { $this->tohtml($this->itemid, $post['catid']); } return true; }
} dmsg(isset($message['save']) ? $L['message_msg_save_draft'] : $L['message_msg_send'], $forward); } else { message($do->errmsg); } } else { $touser = isset($touser) ? trim($touser) : ''; $title = isset($title) ? stripslashes($title) : ''; $content = isset($content) ? stripslashes($content) : ''; } break; case 'edit': $itemid or message($L['message_msg_choose']); $do->itemid = $itemid; if ($submit) { clear_upload($message['content']); if ($do->edit($message)) { dmsg(isset($message['send']) ? $L['message_msg_send'] : $L['message_msg_edit_draft'], '?action=draft'); } else { message($do->errmsg); } } else { $message = $do->get_one(); if (!$message || $message['status'] != 1 || $message['fromuser'] != $_username) { message($L['message_msg_deny']); } $touser = $message['touser']; $title = $message['title']; $content = $message['content']; } break;
function item_update($post) { global $_userid; $thumb = $post[0]['thumb']; $this->item_add($post[0]); unset($post[0]); foreach ($post as $k => $v) { if ($v['thumb']) { $thumb .= $v['thumb']; } if (isset($v['delete'])) { if ($v['thumb']) { delete_upload($v['thumb'], $_userid); } $this->item_delete($k); unset($post[$k]); } } if ($thumb) { clear_upload($thumb, $this->itemid); } $this->item_edit($post); return true; }
$MOD['vcompany'] or dheader($MOD['linkurl']); $head_title = $L['validate_company_title']; $v = $db->get_one("SELECT * FROM {$DT_PRE}validate WHERE type='{$action}' AND username='******'"); if ($user['vcompany'] || $v) { $action = 'v' . $action; include template('validate', $module); exit; } if ($submit) { if (!$company) { message($L['validate_company_name']); } if (!$thumb) { message($L['validate_company_image']); } clear_upload($thumb . $thumb1 . $thumb2); $company = htmlspecialchars($company); $thumb = htmlspecialchars($thumb); $thumb1 = htmlspecialchars($thumb1); $thumb2 = htmlspecialchars($thumb2); $db->query("INSERT INTO {$DT_PRE}validate (type,username,ip,addtime,status,editor,edittime,title,thumb,thumb1,thumb2) VALUES ('{$action}','{$username}','{$DT_IP}','{$DT_TIME}','2','system','{$DT_TIME}','{$company}','{$thumb}','{$thumb1}','{$thumb2}')"); dmsg($L['validate_company_success'], '?action=' . $action); } else { include template('validate', $module); } break; case 'bank': $head_title = $L['validate_bank_title']; include template('validate', $module); break; default:
function item_update($post) { global $L, $thumb; $post = dhtmlspecialchars($post); foreach ($post as $v) { $thumb .= $v['thumb']; } if ($thumb) { clear_upload($thumb, $this->itemid); } if ($post[0]['thumb']) { $thumb = $post[0]['thumb']; $listorder = intval($post[0]['listorder']); $introduce = $post[0]['introduce']; if ($introduce == $L['photo_intro']) { $introduce = ''; } $this->db->query("INSERT INTO {$this->table_item} (item,thumb,introduce,listorder) VALUES ('{$this->itemid}', '{$thumb}','{$introduce}','{$listorder}')"); } unset($post[0]); foreach ($post as $k => $v) { if (isset($v['delete'])) { $this->item_delete($k); continue; } if ($v['thumb']) { $thumb = $v['thumb']; $listorder = intval($v['listorder']); $introduce = $v['introduce']; if ($introduce == $L['photo_intro']) { $introduce = ''; } $this->db->query("UPDATE {$this->table_item} SET thumb='{$thumb}',introduce='{$introduce}',listorder='{$listorder}' WHERE itemid={$k}"); } else { $this->item_delete($k); } } }
function set_ad($ad) { global $DT_TIME, $_username; $ad = array_map('ad_restore', $ad); if (!$this->aid) { $ad['addtime'] = $DT_TIME; } $ad['edittime'] = $DT_TIME; $ad['editor'] = $_username; $ad['fromtime'] = strtotime($ad['fromtime'] . ' 0:0:0'); $ad['totime'] = strtotime($ad['totime'] . ' 23:59:59'); $ad['username'] or $ad['username'] = $_username; $ad['url'] = ''; if ($ad['typeid'] == 2) { $ad['url'] = $ad['text_url']; } else { if ($ad['typeid'] == 3 || $ad['typeid'] == 5) { $ad['url'] = $ad['image_url']; } else { if ($ad['typeid'] == 4) { $ad['url'] = $ad['flash_url']; } } } clear_upload($ad['image_src'] . $ad['flash_src'] . $ad['code']); return $ad; }
function edit($post) { $this->delete($this->itemid, false); $post = $this->set($post); $sql = ''; foreach ($post as $k => $v) { if (in_array($k, $this->fields)) { $sql .= ",{$k}='{$v}'"; } } $sql = substr($sql, 1); $this->db->query("UPDATE {$this->table} SET {$sql} WHERE itemid={$this->itemid}"); $this->update($this->itemid); clear_upload($post['thumb']); return true; }
defined('IN_DESTOON') or exit('Access Denied'); $tab = isset($tab) ? intval($tab) : 0; $all = isset($all) ? intval($all) : 0; if ($submit) { $tmp = ''; if ($MOD['flvstart'] != $setting['flvstart']) { delete_upload($MOD['flvstart']); $tmp .= $setting['flvstart']; } if ($MOD['flvend'] != $setting['flvend']) { delete_upload($MOD['flvend']); $tmp .= $setting['flvend']; } if ($tmp) { clear_upload($tmp); } if ($setting['split']) { $setting['fulltext'] = 0; cache_write($moduleid . '.part', $moduleid); } else { cache_delete($moduleid . '.part'); } foreach ($setting as $k => $v) { if (strpos($k, 'seo_') === false) { continue; } seo_check($v) or msg('SEO信息包含非法字符'); } update_setting($moduleid, $setting); cache_module($moduleid);
function set_member($member) { global $MOD; $member['email'] = trim($member['email']); $member['mail'] = isset($member['mail']) ? trim($member['mail']) : ''; is_email($member['mail']) or $member['mail'] = ''; $member['msn'] = isset($member['msn']) ? trim($member['msn']) : ''; is_email($member['msn']) or $member['msn'] = ''; $member['qq'] = isset($member['qq']) ? trim($member['qq']) : ''; is_numeric($member['qq']) or $member['qq'] = ''; $member['ali'] = isset($member['ali']) ? trim($member['ali']) : ''; if (!$this->is_clean($member['ali'])) { $member['ali'] = ''; } $member['skype'] = isset($member['skype']) ? trim($member['skype']) : ''; if (!$this->is_clean($member['skype'])) { $member['skype'] = ''; } $member['address'] = isset($member['address']) ? trim($member['address']) : ''; if (!$this->is_clean($member['address'])) { $member['address'] = ''; } $member['postcode'] = isset($member['postcode']) ? trim($member['postcode']) : ''; is_numeric($member['postcode']) or $member['postcode'] = ''; $member['mode'] = isset($member['mode']) && is_array($member['mode']) && $member['mode'] ? implode(',', $member['mode']) : ''; $member['keyword'] = $member['company']; $member['homepage'] = isset($member['homepage']) ? fix_link($member['homepage']) : ''; $member['capital'] = isset($member['capital']) ? dround($member['capital']) : ''; $member['sound'] = intval($member['sound']); if ($this->userid) { $member['keyword'] = $member['company'] . strip_tags(area_pos($member['areaid'], ',')) . ',' . $member['business'] . ',' . $member['sell'] . ',' . $member['buy'] . ',' . $member['mode']; clear_upload($member['thumb'] . $member['introduce'], $this->userid); $new = $member['introduce']; if ($member['thumb']) { $new .= '<img src="' . $member['thumb'] . '">'; } $content_table = content_table(4, $this->userid, is_file(DT_CACHE . '/4.part'), $this->table_company_data); $r = $this->db->get_one("SELECT content FROM {$content_table} WHERE userid={$this->userid}"); $old = $r['content']; $r = $this->get_one(); if ($r['thumb']) { $old .= '<img src="' . $r['thumb'] . '">'; } delete_diff($new, $old); } else { if ($member['thumb']) { clear_upload($member['thumb'] . $member['introduce']); } } $member['content'] = $member['introduce']; $member['introduce'] = addslashes(get_intro($member['content'], $MOD['introduce_length'])); if (!defined('DT_ADMIN')) { $content = $member['content']; unset($member['content']); $member = dhtmlspecialchars($member); $member['content'] = dsafe($content); } if ($MOD['introduce_clear'] || $MOD['introduce_save']) { $member['content'] = stripslashes($member['content']); $member['content'] = save_local($member['content']); if ($MOD['introduce_clear']) { $member['content'] = clear_link($member['content']); } if ($MOD['introduce_save']) { $member['content'] = save_remote($member['content']); } $member['content'] = addslashes($member['content']); } if ($member['catid']) { $catids = explode(',', substr($member['catid'], 1, -1)); $cids = ''; foreach ($catids as $catid) { $C = get_cat($catid); if ($C) { $catid = $C['parentid'] ? $C['arrparentid'] . ',' . $catid : $catid; $cids .= $catid . ','; } } $cids = array_unique(explode(',', substr(str_replace(',0,', ',', ',' . $cids), 1, -1))); $member['catids'] = ',' . implode(',', $cids) . ','; } return $member; }
$config['url'] = $config['url'] . '/'; } if ($config['cookie_domain'] && substr($config['cookie_domain'], 0, 1) != '.') { $config['cookie_domain'] = '.' . $config['cookie_domain']; } if ($config['cookie_domain'] != $CFG['cookie_domain']) { $config['cookie_pre'] = 'D' . random(2) . '_'; } $setting['smtp_pass'] = pass_decode($setting['smtp_pass'], $DT['smtp_pass']); $setting['ftp_pass'] = pass_decode($setting['ftp_pass'], $DT['ftp_pass']); $setting['sms_key'] = pass_decode($setting['sms_key'], $DT['sms_key']); $setting['trade_pw'] = pass_decode($setting['trade_pw'], $DT['trade_pw']); $setting['admin_week'] = implode(',', $setting['admin_week']); $setting['check_week'] = implode(',', $setting['check_week']); if ($setting['logo'] != $DT['logo']) { clear_upload($setting['logo']); } if (!is_write(DT_ROOT . '/config.inc.php')) { msg('根目录config.inc.php无法写入,请设置可写权限'); } $tmp = file_get(DT_ROOT . '/config.inc.php'); foreach ($config as $k => $v) { $tmp = preg_replace("/[\$]CFG\\['{$k}'\\]\\s*\\=\\s*[\"'].*?[\"']/is", "\$CFG['{$k}'] = '{$v}'", $tmp); } file_put(DT_ROOT . '/config.inc.php', $tmp); update_setting($moduleid, $setting); cache_module(1); cache_module(); file_put(DT_ROOT . '/file/avatar/remote.html', $setting['ftp_remote'] && $setting['remote_url'] ? $setting['remote_url'] : 'URL'); $filename = DT_ROOT . '/' . $setting['index'] . '.' . $setting['file_ext']; if (!$setting['index_html'] && $setting['file_ext'] != 'php') {
function _edit($message) { if (!$this->_is_message($message)) { return false; } clear_upload($message['content']); $message['title'] = htmlspecialchars(trim($message['title'])); $message['content'] = dsafe(addslashes(save_remote(save_local(stripslashes($message['content']))))); $message['groupids'] = implode(',', $message['groupids']); $this->db->query("UPDATE {$this->pre}message SET title='{$message['title']}',content='{$message['content']}',groupids='{$message['groupids']}' WHERE itemid='{$this->itemid}' "); return true; }
switch ($action) { case 'send': $chatid or exit('ko'); trim($word) or exit('ko'); if ($MOD['chat_maxlen'] && strlen($word) > $MOD['chat_maxlen'] * 3) { exit('max'); } $word = convert($word, 'UTF-8', DT_CHARSET); $word = stripslashes(trim($word)); $word = strip_tags($word); $word = dsafe($word); $word = nl2br($word); $word = strip_nr($word); $word = str_replace('|', ' ', $word); if ($MOD['chat_file'] && $MG['upload']) { clear_upload($word); } $chat = $db->get_one("SELECT * FROM {$table} WHERE chatid='{$chatid}'"); if ($chat) { $lastmsg = addslashes(dsubstr($word, 50)); if ($chat['touser'] == $_username) { $sql = "fgettime={$DT_TIME},lasttime={$DT_TIME},lastmsg='{$lastmsg}'"; if ($DT_TIME - $chat['freadtime'] > $chat_poll) { $db->query("UPDATE {$DT_PRE}member SET chat=chat+1 WHERE username='******'fromuser']}'"); $sql .= ",fnew=fnew+1"; } $db->query("UPDATE {$table} SET {$sql} WHERE chatid='{$chatid}'"); } else { if ($chat['fromuser'] == $_username) { $sql = "tgettime={$DT_TIME},lasttime={$DT_TIME},lastmsg='{$lastmsg}'"; if ($DT_TIME - $chat['treadtime'] > $chat_poll) {