function html2bbcode($message) {
global $_SGLOBAL;
if(empty($_SGLOBAL['html_s_exp'])) {
$_SGLOBAL['html_s_exp'] = array(
"/\<div class=\"quote\"\>\<span class=\"q\"\>(.*?)\<\/span\>\<\/div\>/is",
"/\<a href=\"(.+?)\".*?\<\/a\>/is",
"/(\r\n|\n|\r)/",
"/<br.*>/siU",
"/[ \t]*\<img src=\"image\/face\/(.+?).gif\".*?\>[ \t]*/is",
"/\s*\<img src=\"(.+?)\".*?\>\s*/is"
);
$_SGLOBAL['html_r_exp'] = array(
"[quote]\\1[/quote]",
"\\1",
'',
"\n",
"[em:\\1:]",
"\n[img]\\1[/img]\n"
);
$_SGLOBAL['html_s_str'] = array('<b>', '</b>', '<i>','</i>', '<u>', '</u>', ' ', ' ', ' ', '<', '>', '&');
$_SGLOBAL['html_r_str'] = array('[b]', '[/b]','[i]', '[/i]', '[u]', '[/u]', "\t", ' ', ' ', '<', '>', '&');
}
@$message = str_replace($_SGLOBAL['html_s_str'], $_SGLOBAL['html_r_str'],
preg_replace($_SGLOBAL['html_s_exp'], $_SGLOBAL['html_r_exp'], $message));
$message = shtmlspecialchars($message);
return trim($message);
}
static function checkHtml($html)
{
$html = stripslashes($html);
preg_match_all("/<([^<]+)>/is", $html, $ms);
$searchs[] = '<';
$replaces[] = '<';
$searchs[] = '>';
$replaces[] = '>';
if ($ms[1]) {
$allowtags = 'img|a|font|div|table|tbody|caption|tr|td|th|br
|p|b|strong|i|u|em|span|ol|ul|li|blockquote
|object|param|embed';
//允许的标签
$ms[1] = array_unique($ms[1]);
foreach ($ms[1] as $value) {
$searchs[] = "<" . $value . ">";
$value = shtmlspecialchars($value);
$value = str_replace(array('/', '/*'), array('.', '/.'), $value);
$skipkeys = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload', 'javascript', 'script', 'eval', 'behaviour', 'expression', 'style', 'class');
$skipstr = implode('|', $skipkeys);
$value = preg_replace(array("/({$skipstr})/i"), '.', $value);
if (!preg_match("/^[/|s]?({$allowtags})(s+|\$)/is", $value)) {
$value = '';
}
$replaces[] = empty($value) ? '' : "<" . str_replace('"', '"', $value) . ">";
}
}
$html = str_replace($searchs, $replaces, $html);
$html = addslashes($html);
return $html;
}
function checkhtml($html)
{
$html = stripslashes($html);
preg_match_all("/\\<([^\\<]+)\\>/is", $html, $ms);
$searchs[] = '<';
$replaces[] = '<';
$searchs[] = '>';
$replaces[] = '>';
if ($ms[1]) {
$allowtags = 'img|font|div|table|tbody|tr|td|th|br|p|b|strong|i|u|em|span|ol|ul|li';
//允许的标签
$ms[1] = array_unique($ms[1]);
foreach ($ms[1] as $value) {
$searchs[] = "<" . $value . ">";
$value = shtmlspecialchars($value);
$value = str_replace(array('\\', '/*'), array('.', '/.'), $value);
$value = preg_replace(array("/(javascript|script|eval|behaviour|expression)/i", "/(\\s+|"|')on/i"), array('.', ' .'), $value);
if (!preg_match("/^[\\/|\\s]?({$allowtags})(\\s+|\$)/is", $value)) {
$value = '';
}
$replaces[] = empty($value) ? '' : "<" . str_replace('"', '"', $value) . ">";
}
}
$html = str_replace($searchs, $replaces, $html);
//$html = addslashes($html);
return $html;
}
function codedisp($code)
{
global $discuzcodes, $_DCACHE;
$discuzcodes['pcodecount']++;
$code = shtmlspecialchars(str_replace('\\"', '"', preg_replace("/^[\n\r]*(.+?)[\n\r]*\$/is", "\\1", $code)));
$discuzcodes['codehtml'][$discuzcodes['pcodecount']] = "<p style=\"font-weight: bold; margin: 1em 1em 0 1em;\">CODE:</p><code style=\"display: block; margin: 0 1em 1em; padding: 0.5em; border: 1px solid #CCC; font: 12px Courier, monospace; line-height: 1.8em;\">{$code}</code>";
$discuzcodes['codecount']++;
return "[\tDISCUZ_CODE_{$discuzcodes['pcodecount']}\t]";
}
function spacecutstr($str, $length)
{
$bbcodes = 'b|i|u|color|size|font|align|list|indent|url|email|code|free|table|tr|td|img|swf|payto|float';
$str = shtmlspecialchars(cutstr(strip_tags(preg_replace(array("/\\[hide=?\\d*\\](.+?)\\[\\/hide\\]/is", "/\\[quote](.*)\\[\\/quote]/siU", "/\\[({$bbcodes})=?.*\\]/iU", "/\\[\\/({$bbcodes})\\]/i", "/\\[attach\\](\\d+)\\[\\/attach\\]/i"), array("[b]***[/b]", '', '', '', ''), $str)), $length));
$find = array("/http:\\/\\/[a-z0-9\\/\\-_+=.~!%@?#%&;:\$\\()|]+?\\.(jpg|gif|png|bmp)/is", "/(\n|\r|\r\n){2,}/", "/\\s{2,}/");
$replace = array("<img onload=\"if(this.width>320) {this.resized=true;this.width=320;}\" src=\"\\0\">", "\r\n", '');
$str = preg_replace($find, $replace, $str);
return trim(nl2br($str));
}
function getcssname($dirname) {
$css = sreadfile(S_ROOT.'./theme/'.$dirname.'/style.css');
if($css) {
preg_match("/\[name\](.+?)\[\/name\]/i", $css, $mathes);
if(!empty($mathes[1])) $name = shtmlspecialchars($mathes[1]);
} else {
$name = 'No name';
}
return $name;
}
function shtmlspecialchars($string)
{
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = shtmlspecialchars($val);
}
} else {
$string = preg_replace('/&((#(\\d{3,5}|x[a-fA-F0-9]{4})|[a-zA-Z][a-z0-9]{2,5});)/', '&\\1', str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $string));
}
return $string;
}
function posttag($tagnamestr)
{
global $_SGLOBAL, $lang;
$tagarr = array('existsname' => array(), 'nonename' => array(), 'closename' => array(), 'existsid' => array());
if (empty($tagnamestr)) {
return $tagarr;
}
$tagnamearr = array();
$valuearr = explode(' ', str_replace(',', ' ', shtmlspecialchars($tagnamestr)));
foreach ($valuearr as $value) {
if (count($tagnamearr) > 10) {
break;
}
$value = posttagcheck($value);
if ($value) {
$tagnamearr[md5($value)] = $value;
}
}
if (empty($tagnamearr)) {
return $tagarr;
}
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('tags') . ' WHERE tagname IN (' . simplode($tagnamearr) . ')');
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$tagarr['existsid'][] = $value['tagid'];
$tagarr['existsname'][] = $value['tagname'];
if ($value['close']) {
$tagarr['closename'][] = $value['tagname'];
}
}
if (!empty($tagarr['existsname'])) {
foreach ($tagnamearr as $value) {
if (!in_array($value, $tagarr['existsname'])) {
$tagarr['nonename'][] = $value;
}
}
} else {
$tagarr['nonename'] = $tagnamearr;
}
if (!empty($tagarr['closename'])) {
showmessage($lang['not_allowed_to_belong_to_the_following_tag'] . ':<p>' . implode(',', $tagarr['closename']) . '</p>');
}
return $tagarr;
}
/**
* 模型在线投稿提交处理函数
*/
function modelpost($cacheinfo, $cp = 1)
{
global $_SGLOBAL, $theurl, $_SCONFIG;
include_once S_ROOT . './function/upload.func.php';
$_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0;
$itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0;
$hash = '';
$op = 'add';
$resultitems = $resultmessage = array();
$modelsinfoarr = $cacheinfo['models'];
$columnsinfoarr = $cacheinfo['columns'];
//获取等级信息
if ($cacheinfo['models']['modelname'] == 'defect') {
switch ($_POST['grade']) {
case 1:
$_POST['grade'] = '64';
break;
case 2:
$_POST['grade'] = '32';
break;
case 3:
$_POST['grade'] = '16';
break;
case 4:
$_POST['grade'] = '9';
break;
case 5:
$_POST['grade'] = '4';
break;
case 6:
$_POST['grade'] = '1';
break;
case 7:
$_POST['grade'] = '-1';
break;
case 8:
$_POST['grade'] = '-2';
break;
case 9:
$_POST['grade'] = '-3';
break;
}
$gradearr = array('0' => $alang['general_state'], '64' => $alang['check_grade_1'], '32' => $alang['check_grade_2'], '16' => $alang['check_grade_3_1'], '9' => $alang['check_grade_3_2'], '4' => $alang['check_grade_3_3'], '1' => $alang['check_grade_4'], '-1' => $alang['check_grade_5'], '-2' => $alang['check_grade_6'], '-3' => $alang['check_grade_7']);
if (!empty($_SCONFIG['checkgrade'])) {
$newgradearr = explode("\t", $_SCONFIG['checkgrade']);
$gradearr['64'] = $newgradearr[0];
$gradearr['32'] = $newgradearr[1];
$gradearr['16'] = $newgradearr[2];
$gradearr['9'] = $newgradearr[3];
$gradearr['4'] = $newgradearr[4];
$gradearr['1'] = $newgradearr[5];
$gradearr['-1'] = $newgradearr[6];
$gradearr['-2'] = $newgradearr[7];
$gradearr['-3'] = $newgradearr[8];
}
} else {
$gradearr = array('0' => $alang['general_state'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5'], '6' => $alang['check_grade_6'], '7' => $alang['check_grade_7']);
if (!empty($_SCONFIG['checkgrade'])) {
$newgradearr = explode("\t", $_SCONFIG['checkgrade']);
for ($i = 0; $i < count($newgradearr); $i++) {
if (!empty($newgradearr[$i])) {
$gradearr[$i + 1] = $newgradearr[$i];
}
}
}
}
if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) {
showmessage('parameter_error');
}
$feedcolum = array();
foreach ($columnsinfoarr as $result) {
if ($result['isfixed'] == 1) {
$resultitems[] = $result;
} else {
$resultmessage[] = $result;
}
if ($result['formtype'] == 'linkage') {
if (!empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]];
}
} elseif ($result['formtype'] == 'timestamp') {
if (empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $_SGLOBAL['timestamp'];
} else {
$_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]);
}
}
}
//更新用户最新更新时间
if (empty($itemid) && $_SGLOBAL['supe_uid']) {
updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid']));
}
//输入检查
$_POST['catid'] = intval($_POST['catid']);
$_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0;
$_POST['subject'] = shtmlspecialchars(trim($_POST['subject']));
//检查输入
if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) {
showmessage('space_suject_length_error');
}
if (empty($_POST['catid'])) {
showmessage('admin_func_catid_error');
}
if (!empty($_FILES['subjectimage']['name'])) {
$fileext = fileext($_FILES['subjectimage']['name']);
if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) {
showmessage('document_types_can_only_upload_pictures');
}
}
//数据检查
checkvalues(array_merge($resultitems, $resultmessage), 0, 1);
//修改时检验标题图片是否修改
$defaultmessage = array();
if (!empty($itemid)) {
if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) {
//当file删除时,或修改时执行删除操作
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\'');
$defaultmessage = $_SGLOBAL['db']->fetch_array($query);
$hash = getmodelhash($_GET['mid'], $itemid);
deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage'));
//删除附件表
updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid));
$ext = fileext($defaultmessage['subjectimage']);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage['subjectimage']);
}
}
//构建数据
$setsqlarr = $setitemsqlarr = array();
$setsqlarr = getsetsqlarr($resultitems);
$setsqlarr['catid'] = $_POST['catid'];
$setsqlarr['subject'] = $_POST['subject'];
$setsqlarr['allowreply'] = $_POST['allowreply'];
$setsqlarr['grade'] = intval($_POST['grade']);
//modify by jyf,没权限的用户不能改审核等级
if ($setsqlarr['grade'] > 0) {
if (!checkperm('manageeditpost')) {
showmessage('no_permission');
}
}
//end
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
$setsqlarr['uid'] = $_SGLOBAL['supe_uid'];
$setsqlarr['username'] = $_SGLOBAL['supe_username'];
$setsqlarr['lastpost'] = $setsqlarr['dateline'];
$modelsinfoarr['subjectimagewidth'] = 400;
$modelsinfoarr['subjectimageheight'] = 300;
if (!empty($modelsinfoarr['thumbsize'])) {
$modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize']));
$modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0];
$modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1];
}
$uploadfilearr = $ids = array();
$subjectimageid = '';
$uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']);
if (!empty($uploadfilearr)) {
$feedsubjectimg = $uploadfilearr;
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//词语过滤
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
//发布时间
if (empty($_POST['dateline'])) {
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
} else {
$setsqlarr['dateline'] = sstrtotime($_POST['dateline']);
if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) {
//不能早于2年
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
}
}
//附件处理-by jyf
if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
$setsqlarr['attaches'] = implode(',', $_POST['divupload']);
}
//创新园地新增两个字段-------89184
if ($cacheinfo['models']['modelname'] == 'creative') {
if (empty($_POST['creative_value'])) {
showmessage('请输入创新价值说明');
}
if (empty($_POST['creative_days'])) {
showmessage('本创新所耗的工作量');
}
$setsqlarr['value'] = $_POST['creative_value'];
$setsqlarr['days'] = $_POST['creative_days'];
}
if (!checkperm('allowdirectpost') || checkperm('managemodpost')) {
//不需要审核时入item表
if (empty($itemid)) {
//插入数据
$itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1);
//取消邮件通知 --89184
$email = get_cate_mail($_POST['catid']);
$url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
if ($_POST['modelname'] == 'creative') {
if ($_POST['creative_type'] == '流程建议') {
$email = $email . ',' . get_cate_process_mail($setsqlarr['catid']);
}
}
$emails = explode(',', $email);
if (count($emails) > 0) {
include S_ROOT . './function/sendmail.fun.php';
$url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
if ($cacheinfo['models']['modelname'] == 'creative') {
$msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的创新:<br />' . $url1;
sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的创新《' . $_POST['subject'] . "》", $msg1);
} else {
if ($cacheinfo['models']['modelname'] == 'defect') {
$msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例:<br />' . $url1;
sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例《' . $_POST['subject'] . "》", $msg1);
}
}
}
} else {
//更新
$op = 'update';
unset($setsqlarr['uid']);
unset($setsqlarr['username']);
unset($setsqlarr['lastpost']);
if ($setsqlarr['grade'] > 0) {
$setsqlarr['shenhezhe'] = $_SGLOBAL['supe_username'];
if ($_POST['modelname'] == 'creative') {
if ($_POST['creative_type'] == '主管月度创新') {
if (!check_cate_director($setsqlarr['catid'])) {
showmessage('no_permission');
}
}
}
}
updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid));
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\'');
$defaultmessage = $_SGLOBAL['db']->fetch_array($query);
//邮件通知--等级审核
if ($setsqlarr['grade'] > 0) {
$sqlstr = 'SELECT u.*, s.* FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' s LEFT JOIN ' . tname('members') . ' u ON u.uid=s.uid WHERE s.itemid=\'' . $itemid . '\'';
$query = $_SGLOBAL['db']->query($sqlstr);
$value = $_SGLOBAL['db']->fetch_array($query);
$email = $value['email'];
if (!empty($email)) {
include S_ROOT . './function/sendmail.fun.php';
$url = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
$emails = explode(',', $email);
if ($_POST['modelname'] == 'creative') {
$msg = '你的创新已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
} else {
$msg = '你的缺陷预防案例已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
}
sendmail($emails, $setsqlarr['subject'], $msg);
}
}
}
if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=1, type=\'' . $modelsinfoarr['modelname'] . '\', itemid=' . $itemid . ', catid=\'' . $_POST['catid'] . '\' WHERE hash=\'' . $_POST['hash'] . '\'');
}
$hash = getmodelhash($_POST['mid'], $itemid);
if (!empty($ids)) {
$ids = simplode($ids);
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$do = 'pass';
} else {
if (!empty($uploadfilearr['subjectimage']['aid'])) {
$subjectimageid = $uploadfilearr['subjectimage']['aid'];
}
$setitemsqlarr = $setsqlarr;
$do = 'me';
}
if ($op == 'update') {
if (!empty($resultmessage)) {
foreach ($resultmessage as $value) {
if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) {
if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) {
//当file删除时,或修改时执行删除操作
deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname']));
//删除附件表
updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid']));
$ext = fileext($defaultmessage[$value['fieldname']]);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]);
}
}
}
}
}
//内容
$setsqlarr = $uploadfilearr = $ids = array();
$setsqlarr = getsetsqlarr($resultmessage);
$uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0);
$setsqlarr['message'] = trim($_POST['message']);
$setsqlarr['postip'] = $_SGLOBAL['onlineip'];
if (!empty($uploadfilearr)) {
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//添加内容
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') {
//不需要审核时入message表
if ($op == 'add') {
$setsqlarr['itemid'] = $itemid;
//添加内容
inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr);
getreward('postinfo');
if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) {
$feed['icon'] = 'comment';
$feed['title_template'] = 'feed_model_title';
$murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
$aurl = A_URL;
if (empty($_SCONFIG['siteurl'])) {
$siteurl = getsiteurl();
$murl = $siteurl . $murl;
$aurl = $siteurl . $aurl;
} else {
$siteurl = S_URL_ALL;
}
$feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>');
$feed['body_template'] = 'feed_model_message';
$feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150));
if (!empty($feedsubjectimg)) {
$feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl);
} else {
foreach ($feedcolum as $feedimgvalue) {
if ($feedimgvalue['filepath']) {
$feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl);
break;
}
}
if (empty($feed['images'])) {
$picurl = getmessagepic(stripslashes($_POST['message']));
if ($picurl && strpos($picurl, '://') === false) {
$picurl = $siteurl . '/' . $picurl;
}
if (!empty($picurl)) {
$feed['images'][] = array('url' => $picurl, 'link' => $murl);
}
}
}
postfeed($feed);
}
} else {
//更新内容
updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid));
}
updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash));
if (checkperm('allowdirectpost') && $op == 'update') {
deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1);
}
if (checkperm('allowdirectpost') && $op == 'update') {
$jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('writing_success_online_please_wait_for_audit', $jpurl);
} else {
$jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('online_contributions_success', $jpurl);
}
} else {
$setsqlarr = array_merge($setitemsqlarr, $setsqlarr);
$setsqlarr['addfeed'] = $_POST['addfeed'];
$setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1);
if (!empty($_POST['itemid'])) {
$itemid = intval($_POST['itemid']);
updatetable('modelfolders', $setsqlarr, array('itemid' => $itemid));
} else {
$itemid = inserttable('modelfolders', $setsqlarr, 1);
}
if (!empty($subjectimageid)) {
$ids[] = $subjectimageid;
}
if (!empty($ids)) {
$ids = simplode($ids);
$hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT);
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('writing_success_online_please_wait_for_audit', $jpurl);
}
}
}
$configs = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('config'));
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$configs[$value['var']] = shtmlspecialchars($value['datavalue']);
}
if (empty($configs['feedfilternum']) || $configs['feedfilternum'] < 1) {
$configs['feedfilternum'] = 1;
}
$datasets = $datas = $mails = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('data'));
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
if ($value['var'] == 'setting' || $value['var'] == 'mail') {
$datasets[$value['var']] = empty($value['datavalue']) ? array() : unserialize($value['datavalue']);
} else {
$datasets[$value['var']] = shtmlspecialchars($value['datavalue']);
}
}
$datas = $datasets['setting'];
$mails = $datasets['mail'];
// templates directory
$templatearr = array('default' => 'default');
$tpl_dir = sreaddir(S_ROOT . './template');
foreach ($tpl_dir as $dir) {
if (file_exists(S_ROOT . './template/' . $dir . '/style.css')) {
$templatearr[$dir] = $dir;
}
}
$templateselect = array($configs['template'] => ' selected');
$toselect = array($configs['timeoffset'] => ' selected');
$onlineip = getonlineip();
/**
* 拼合sql語句
* return array
*/
function getsetsqlarr($valuearr)
{
$setsqlarr = array();
if (!empty($valuearr)) {
foreach ($valuearr as $value) {
if (isset($_POST[$value['fieldname']])) {
if (!preg_match("/^(img|flash|file)\$/i", $value['formtype'])) {
//提交來後的數據過濾
if (preg_match("/^(VARCHAR|CHAR|TEXT|MEDIUMTEXT|LONGTEXT)\$/i", $value['fieldtype'])) {
if ($value['formtype'] == 'checkbox') {
$_POST[$value['fieldname']] = implode("\n", shtmlspecialchars($_POST[$value['fieldname']]));
}
if (empty($value['ishtml'])) {
$_POST[$value['fieldname']] = shtmlspecialchars(trim($_POST[$value['fieldname']]));
} else {
$_POST[$value['fieldname']] = trim($_POST[$value['fieldname']]);
}
if (!empty($value['isbbcode'])) {
$_POST[$value['fieldname']] = modeldiscuzcode($_POST[$value['fieldname']]);
}
} elseif (preg_match("/^(TINYINT|SMALLINT|MEDIUMINT|INT|BIGINT)\$/i", $value['fieldtype'])) {
$_POST[$value['fieldname']] = intval($_POST[$value['fieldname']]);
}
$setsqlarr[$value['fieldname']] = $_POST[$value['fieldname']];
} elseif ($value['isimage']) {
$setsqlarr[$value['fieldname']] = $_POST[$value['fieldname']];
}
}
}
}
return $setsqlarr;
}
$start = empty($_GET['start']) ? 0 : intval($_GET['start']);
$countnum = 0;
$lastfileid = 0;
$sitemap_path = S_ROOT . './data/sitemap/';
if (!file_exists($sitemap_path)) {
@mkdir($sitemap_path, '0666');
}
if (submitcheck('thevalue')) {
if (!preg_match("/^[0-9a-z_]+\$/i", $_POST['mapname']) || strlen($_POST['mapname']) > 50) {
showmessage('sitemap_name_error');
}
$mapdata = addslashes(serialize($sitemapdata));
$_POST['maptype'] = saddslashes(shtmlspecialchars($_POST['maptype']));
$_POST['mapnum'] = $_POST['maptype'] == 'google' ? intval($_POST['mapnum_google']) : intval($_POST['mapnum_baidu']);
$_POST['createtype'] = intval($_POST['createtype']);
$_POST['changefreq'] = $_POST['maptype'] == 'google' ? saddslashes(shtmlspecialchars($_POST['changefreq_google'])) : saddslashes(shtmlspecialchars($_POST['changefreq_baidu']));
if (!empty($_POST['slogid'])) {
$_SGLOBAL['db']->query("UPDATE " . tname('sitemaplogs') . " SET mapname='{$_POST['mapname']}', maptype='{$_POST['maptype']}', mapnum='{$_POST['mapnum']}', createtype='{$_POST['createtype']}', changefreq='{$_POST['changefreq']}' WHERE slogid='{$_POST['slogid']}'");
showmessage('sitemap_config_update', $theurl);
} else {
$query = $_SGLOBAL['db']->query("SELECT count(*) FROM " . tname('sitemaplogs') . " WHERE mapname='{$_POST['mapname']}'");
if ($value = $_SGLOBAL['db']->result($query, 0)) {
showmessage('sitemap_name_exists');
}
$_SGLOBAL['db']->query("INSERT INTO " . tname('sitemaplogs') . "(mapname, maptype, mapnum, mapdata, createtype, changefreq) VALUES ('{$_POST['mapname']}', '{$_POST['maptype']}', '{$_POST['mapnum']}', '{$mapdata}', '{$_POST['createtype']}', '{$_POST['changefreq']}')");
showmessage('sitemap_config_add', $theurl);
}
} elseif (submitcheck('listsubmit')) {
if (!empty($_POST['slogidarr'])) {
$slogidarr = implode('\',\'', $_POST['slogidarr']);
$_SGLOBAL['db']->query('DELETE FROM ' . tname('sitemaplogs') . ' WHERE slogid IN (\'' . $slogidarr . '\')');
function printruledebug($infoarr)
{
global $alang;
$rule = '';
if (is_array($infoarr['code'])) {
$infoarr['code'] = implode("\n", $infoarr['code']);
}
if (!empty($infoarr['code'])) {
showprogress($alang['robot_debug_regional_source'], 1);
showprogress('<textarea style="width:95%;" rows="7">' . $infoarr['code'] . '</textarea>');
} else {
showprogress($alang['robot_debug_not_content'], 1);
}
$rule = shtmlspecialchars(getregularstring($infoarr['rule'], 'from'));
showprogress($alang['robot_debug_url'], 1);
showprogress('<input type="text" style="width: 95%" value="' . $infoarr['url'] . '">');
showprogress($alang['robot_debug_regular'], 1);
showprogress('<input type="text" style="width: 95%" value="' . $rule . '">');
showprogress($alang['robot_debug_source_code'], 1);
showprogress('<textarea style="width:95%;" rows="7">' . shtmlspecialchars($infoarr['source']) . '</textarea>');
exit;
}
}
}
}
if (!$managebatch && $opnum > 1) {
cpmessage('choose_to_delete_the_tag', $_POST['mpurl']);
}
$_POST['ids'] = $newids;
if ($_POST['optype'] == 'delete') {
include_once S_ROOT . './source/function_delete.php';
if (!empty($_POST['ids']) && deletetags($_POST['ids'])) {
cpmessage('do_success', $_POST['mpurl']);
} else {
cpmessage('choose_to_delete_the_tag', $_POST['mpurl']);
}
} elseif ($_POST['optype'] == 'merge') {
$_POST['newtagname'] = shtmlspecialchars(trim($_POST['newtagname']));
if (strlen($_POST['newtagname']) < 1 || strlen($_POST['newtagname']) > 30) {
cpmessage('to_merge_the_tag_name_of_the_length_discrepancies', $_POST['mpurl']);
}
// retrieve the new tag if there is
$newtagid = getcount('tag', array('tagname' => $_POST['newtagname']), 'tagid');
if (empty($newtagid)) {
// add tag
$setarr = array('tagname' => $_POST['newtagname'], 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']);
$newtagid = inserttable('tag', $setarr, 1);
}
//ʼϲ
include_once S_ROOT . './source/function_op.php';
if (!empty($_POST['ids']) && mergetag($_POST['ids'], $newtagid)) {
cpmessage('do_success', $_POST['mpurl']);
} else {
$tplname = substr($file, 0, -4);
$pos = strpos($file, '_');
if ($pos) {
$tpls[substr($tplname, 0, $pos)][] = array($file, $status);
} else {
$tpls['base'][] = array($file, $status);
}
}
}
closedir($dh);
}
} elseif ($_GET['op'] == 'edit') {
$filename = checkfilename($_GET['filename']);
$filefullname = $tpldir . $filename;
$fp = fopen($filefullname, 'rb');
$content = trim(shtmlspecialchars(fread($fp, filesize($filefullname))));
fclose($fp);
} elseif ($_GET['op'] == 'repair') {
$filename = checkfilename($_GET['filename']);
$filefullname = $tpldir . $filename;
//复制当前的文件
$d_file = $filefullname . '.bak';
if (file_exists($d_file)) {
if (!@copy($d_file, $filefullname)) {
swritefile($filefullname, sreadfile($d_file));
@unlink($d_file);
} else {
@unlink($d_file);
}
} else {
cpmessage('designated_template_files_can_not_be_restored');
$type = 'link';
$_GET['op'] = 'link';
break;
}
// add share
if (submitcheck('sharesubmit')) {
$_POST['topicid'] = topic_check($_POST['topicid'], 'share');
//Verification code
if ($type == 'link' && checkperm('seccode') && !ckseccode($_POST['seccode'])) {
showmessage('incorrect_code');
}
if (empty($_POST['refer'])) {
$_POST['refer'] = "space.php?do=share&view=me";
}
if ($type == 'link') {
$link = shtmlspecialchars(trim($_POST['link']));
if ($link) {
if (!preg_match("/^(http|ftp|https|mms)\\:\\/\\/.{4,300}\$/i", $link)) {
$link = '';
}
}
if (empty($link)) {
showmessage('url_incorrect_format');
}
$arr['title_template'] = cplang('share_link');
$arr['body_template'] = '{link}';
$link_text = sub_url($link, 45);
$arr['body_data'] = array('link' => "<a href=\"{$link}\" target=\"_blank\">{$link_text}</a>", 'data' => $link);
$parseLink = parse_url($link);
if (preg_match("/(youku.com|youtube.com|5show.com|ku6.com|sohu.com|mofile.com|sina.com.cn)\$/i", $parseLink['host'], $hosts)) {
$flashvar = getflash($link, $hosts[1]);
$valued = $item[$value['fieldname']];
}
if ($value['formtype'] != 'timestamp') {
$htmlarr[$value['id']]['input'] = label(array('type' => $value['formtype'], 'alang' => $value['fieldcomment'], 'name' => $value['fieldname'], 'options' => $temparr2, 'rows' => 10, 'width' => '30%', 'size' => '60', 'value' => $valued, 'other' => $other, 'fileurl' => $fileurl), 0);
} else {
$item[$value['fieldname']] = sgmdate($item[$value['fieldname']]);
$htmlarr[$value['id']]['input'] = <<<EOF
\t\t\t<input type="text" name="{$value['fieldname']}" id="{$value['fieldname']}" readonly="readonly" value="{$item[$value['fieldname']]}" /><img src="{$siteurl}/admin/images/time.gif" onClick="getDatePicker('{$value['fieldname']}', event, 21)" />
EOF;
}
}
} elseif ($op == 'view') {
if (empty($_SGLOBAL['supe_uid'])) {
showmessage('no_permission');
}
$item['subject'] = shtmlspecialchars($item['subject']);
if (!empty($item['subjectimage'])) {
$fileext = fileext($item['subjectimage']);
$item['subjectimage'] = $item['subjectthumb'] = A_URL . '/' . $item['subjectimage'];
if (preg_match("/^(jpg|jpeg|png)\$/i", $fileext)) {
$item['subjectthumb'] = substr($item['subjectimage'], 0, strrpos($item['subjectimage'], '.')) . '.thumb.jpg';
}
}
if (!empty($cacheinfo['columns'])) {
$htmlarr = array();
foreach ($cacheinfo['columns'] as $temp) {
$tmpvalue = trim($item[$temp['fieldname']]);
if (empty($temp['isfile']) && strlen($tmpvalue) > 0 || !empty($temp['isfile']) && $tmpvalue != 0) {
if ($temp['formtype'] == 'checkbox') {
$tmpvalue = explode("\n", $item[$temp['fieldname']]);
} elseif ($temp['formtype'] == 'textarea' && empty($temp['ishtml'])) {
if (!empty($multipage)) {
echo label(array('type' => 'table-start', 'class' => 'listpage'));
echo '<tr><td>' . $multipage . '</td></tr>';
echo label(array('type' => 'table-end'));
}
echo '<div class="buttons">';
echo label(array('type' => 'button-submit', 'name' => 'listsubmit', 'value' => $alang['common_submit']));
echo label(array('type' => 'button-reset', 'name' => 'listreset', 'value' => $alang['common_reset']));
echo '</div>';
echo '<input name="listsubmitok" type="hidden" value="yes" />';
echo label(array('type' => 'form-end'));
}
//THE VALUE SHOW
if (is_array($thevalue) && $thevalue) {
echo label(array('type' => 'form-start', 'name' => 'thevalueform', 'action' => $theurl, 'other' => ' onSubmit="return validate(this)"'));
echo label(array('type' => 'div-start'));
echo label(array('type' => 'table-start'));
echo label(array('type' => 'input', 'alang' => 'tag_title_tagname', 'name' => 'newmaintagname', 'size' => 20, 'width' => '30%', 'value' => $thevalue['tagname']));
echo label(array('type' => 'tag', 'alang' => 'tag_title_relativetags', 'values' => $thevalue['relativetags']));
echo label(array('type' => 'table-end'));
echo label(array('type' => 'div-end'));
echo '<div class="buttons">';
echo label(array('type' => 'button-submit', 'name' => 'thevaluesubmit', 'value' => $alang['common_submit']));
echo label(array('type' => 'button-reset', 'name' => 'thevaluereset', 'value' => $alang['common_reset']));
echo '</div>';
echo '<input name="tagid" type="hidden" value="' . $thevalue['tagid'] . '" />';
echo '<input name="valuesubmit" type="hidden" value="yes" />';
echo '<input name="maintagname" type="hidden" value="' . shtmlspecialchars($thevalue['tagname']) . '" />';
echo '<input name="spacenewsnum" type="hidden" value="' . $thevalue['spacenewsnum'] . '" />';
echo label(array('type' => 'form-end'));
}
if (!checkperm('manageprofield')) {
cpmessage('no_authority_management_operation');
}
@(include_once S_ROOT . './data/data_profield.php');
//取得单个数据
$thevalue = $list = array();
$_GET['fieldid'] = empty($_GET['fieldid']) ? 0 : intval($_GET['fieldid']);
if ($_GET['fieldid']) {
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('profield') . " WHERE fieldid='{$_GET['fieldid']}'");
$thevalue = $_SGLOBAL['db']->fetch_array($query);
}
if (!empty($_GET['op']) && $_GET['op'] != 'add' && empty($thevalue)) {
cpmessage('there_is_no_designated_users_columns');
}
if (submitcheck('fieldsubmit')) {
$setarr = array('title' => shtmlspecialchars(trim($_POST['title'])), 'note' => shtmlspecialchars(trim($_POST['note'])), 'formtype' => shtmlspecialchars(trim($_POST['formtype'])), 'inputnum' => intval($_POST['inputnum']), 'choice' => shtmlspecialchars(trim($_POST['choice'])), 'mtagminnum' => intval($_POST['mtagminnum']), 'manualmoderator' => intval($_POST['manualmoderator']), 'manualmember' => intval($_POST['manualmember']), 'displayorder' => intval($_POST['displayorder']));
$_POST['fieldid'] = intval($_POST['fieldid']);
if (empty($thevalue['fieldid'])) {
inserttable('profield', $setarr);
} else {
updatetable('profield', $setarr, array('fieldid' => $thevalue['fieldid']));
}
//更新缓存
include_once S_ROOT . './source/function_cache.php';
profield_cache();
cpmessage('do_success', 'admincp.php?ac=profield');
} elseif (submitcheck('ordersubmit')) {
foreach ($_POST['displayorder'] as $fieldid => $value) {
updatetable('profield', array('displayorder' => intval($value)), array('fieldid' => intval($fieldid)));
}
//更新缓存
if (!checkperm('manageattachmenttypes')) {
showmessage('no_authority_management_operation');
}
$perpage = 20;
$urlplus = '';
$newurl = $theurl . $urlplus;
$page = intval(postget('page'));
$page < 1 ? $page = 1 : '';
$start = ($page - 1) * $perpage;
//INIT RESULT VAR
$listarr = array();
$thevalue = array();
//POST METHOD
if (submitcheck('valuesubmit')) {
//ONE UPDATE OR ADD
$_POST['fileext'] = shtmlspecialchars(trim($_POST['fileext']));
if (strlen($_POST['fileext']) < 1 || strlen($_POST['fileext']) > 10) {
showmessage('attachmenttype_check_fileext');
}
$_POST['maxsize'] = intval($_POST['maxsize']);
$_POST['maxsize'] = $_POST['maxsize'] * 1024;
$sqlarr = array('fileext' => $_POST['fileext'], 'maxsize' => intval($_POST['maxsize']));
if (empty($_POST['id'])) {
//ADD
$insertsqlarr = $sqlarr;
inserttable('attachmenttypes', $insertsqlarr);
showmessage('attachmenttype_add_success', $newurl);
} else {
//UPDATE
$setsqlarr = $sqlarr;
updatetable('attachmenttypes', $setsqlarr, array('id' => $_POST['id']));
$messageenc = rawurlencode(strip_tags(preg_replace("/\\[.+?\\]/U", '', $_GET['messageenc'])));
$data = @implode('', file("http://keyword.discuz.com/related_kw.html?title={$subjectenc}&content={$messageenc}&ics={$_SC['charset']}&ocs={$_SC['charset']}"));
if ($data) {
$parser = xml_parser_create();
xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1);
xml_parse_into_struct($parser, $data, $values, $index);
xml_parser_free($parser);
$kws = array();
foreach ($values as $valuearray) {
if ($valuearray['tag'] == 'kw' || $valuearray['tag'] == 'ekw') {
if (PHP_VERSION > '5' && $_SC['charset'] != 'utf-8') {
$kws[] = siconv(trim($valuearray['value']), $_SC['charset'], 'utf-8');
//编码转换
} else {
$kws[] = trim($valuearray['value']);
}
}
}
$return = '';
if ($kws) {
foreach ($kws as $kw) {
$kw = shtmlspecialchars($kw);
$return .= $kw . ' ';
}
$return = trim($return);
}
showmessage($return);
} else {
showmessage(' ');
}
function picurl_get($picurl, $maxlenth='200') {
$picurl = shtmlspecialchars(trim($picurl));
if($picurl) {
if(preg_match("/^http\:\/\/.{5,$maxlenth}\.(jpg|gif|png)$/i", $picurl)) return $picurl;
}
return '';
}
function getsiteurl()
{
global $_SCONFIG;
if (empty($_SCONFIG['siteallurl'])) {
$uri = $_SERVER['REQUEST_URI'] ? $_SERVER['REQUEST_URI'] : ($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']);
return shtmlspecialchars('http://' . $_SERVER['HTTP_HOST'] . substr($uri, 0, strrpos($uri, '/') + 1));
} else {
return $_SCONFIG['siteallurl'];
}
}
$upcid = empty($_POST['upcid']) ? 0 : intval($_POST['upcid']);
if (empty($itemid)) {
array_push($checkresults, array('message' => $lang['not_found']));
}
if (empty($_G['uid'])) {
if (empty($_G['setting']['allowguest'])) {
setcookie('_refer', rawurlencode(geturl('action/viewcomment/itemid/' . $itemid, 1)));
array_push($checkresults, array('message' => $lang['no_login']));
}
}
$table_name = ($ismodle ? $type : 'space') . 'items';
$query = DB::query('SELECT * FROM ' . tname($table_name) . ' WHERE itemid=\'' . $itemid . '\' AND allowreply=\'1\'');
if (!($item = DB::fetch($query))) {
array_push($checkresults, array('message' => $lang['no_permission']));
}
$_POST['commentmessage'] = shtmlspecialchars(trim($_POST['commentmessage']));
if ($_POST['commentmessage'] == $_G['setting']['commdefault'] || bstrlen($_POST['commentmessage']) < 1 || bstrlen($_POST['commentmessage']) > 250) {
array_push($checkresults, array('commentmessage' => $lang['wordlimited']));
}
if (!empty($commentscorestr)) {
$rootcatid = getrootcatid($item['catid']);
$scorenum = DB::result_first("SELECT cm.scorenum FROM " . tname('categories') . " c\n\t\t\t\t\t\t\t\t\t\tLEFT JOIN " . tname('commentmodels') . " cm ON cm.cmid=c.cmid\n\t\t\t\t\t\t\t\t\t\tWHERE c.catid = '{$rootcatid}'");
if (bstrlen($commentscorestr) < $scorenum * 5) {
array_push($checkresults, array('score' => $lang['scorelimited']));
}
}
if (!empty($_G['setting']['commenttime']) && !ckfounder($_G['uid'])) {
if ($_G['timestamp'] - $_G['member']['lastcommenttime'] < $_G['setting']['commenttime']) {
array_push($checkresults, array('message' => $lang['comment_too_much']));
}
}
//权限
if (!checkperm('manageusergroups')) {
showmessage('no_authority_management_operation');
}
//取得单个数据
$thevalue = $list = array();
$_GET['groupid'] = empty($_GET['groupid']) ? 0 : intval($_GET['groupid']);
if ($_GET['groupid']) {
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('usergroups') . " WHERE groupid='{$_GET['groupid']}'");
if (!($thevalue = $_SGLOBAL['db']->fetch_array($query))) {
showmessage('user_group_does_not_exist');
}
}
if (submitcheck('thevaluesubmit')) {
//用户组名
$_POST['set']['grouptitle'] = saddslashes(shtmlspecialchars($_POST['set']['grouptitle']));
if (empty($_POST['set']['grouptitle'])) {
showmessage('user_group_were_not_empty');
}
$setarr = array('grouptitle' => $_POST['set']['grouptitle']);
//详细权限
$nones = array('groupid', 'grouptitle');
foreach ($_POST['set'] as $key => $value) {
if (!in_array($key, $nones)) {
$value = intval($value);
if ($thevalue[$key] != $value) {
$setarr[$key] = $value;
}
}
}
if (empty($thevalue['groupid'])) {
$_SCONFIG['template'] = $_SCOOKIE['mytemplate'];
} else {
ssetcookie('mytemplate', '', 365000);
}
}
//处理REQUEST_URI
if (!isset($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];
}
}
if ($_SERVER['REQUEST_URI']) {
$temp = urldecode($_SERVER['REQUEST_URI']);
if (strexists($temp, '<') || strexists($temp, '"')) {
$_GET = shtmlspecialchars($_GET);
//XSS
}
}
//判断用户登录状态
checkauth();
$_SGLOBAL['uhash'] = md5($_SGLOBAL['supe_uid'] . "\t" . substr($_SGLOBAL['timestamp'], 0, 6));
//用户菜单
getuserapp();
//处理UC应用
$_SCONFIG['uc_status'] = 0;
$_SGLOBAL['appmenus'] = $_SGLOBAL['appmenu'] = array();
if ($_SGLOBAL['app']) {
foreach ($_SGLOBAL['app'] as $appid => $value) {
if (UC_APPID != $appid) {
$_SCONFIG['uc_status'] = 1;
$passwordstyle = $selectgroupstyle = 'display:none';
if ($blog['friend'] == 4) {
$passwordstyle = '';
} elseif ($blog['friend'] == 2) {
$selectgroupstyle = '';
if ($blog['target_ids']) {
$names = array();
$query = $_SGLOBAL['db']->query("SELECT username FROM " . tname('space') . " WHERE uid IN ({$blog['target_ids']})");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$names[] = $value['username'];
}
$blog['target_names'] = implode(' ', $names);
}
}
$blog['message'] = str_replace('&', '&amp;', $blog['message']);
$blog['message'] = shtmlspecialchars($blog['message']);
$allowhtml = checkperm('allowhtml');
//好友组
$groups = getfriendgroup();
//参与热点
$topic = array();
$topicid = $_GET['topicid'] = intval($_GET['topicid']);
if ($topicid) {
$topic = topic_get($topicid);
}
if ($topic) {
$actives = array('blog' => ' class="active"');
}
//菜单激活
$menuactives = array('space' => ' class="active"');
}
[UCenter Home] (C) 2007-2008 Comsenz Inc.
$Id: link.php 10953 2009-01-12 02:55:37Z liguode $
*/
include_once('./common.php');
if(empty($_GET['url'])) {
showmessage('do_success', $refer, 0);
} else {
$url = $_GET['url'];
if(!$_SCONFIG['linkguide']) {
showmessage('do_success', $url, 0);//直接跳转
}
}
$space = array();
if($_SGLOBAL['supe_uid']) {
$space = getspace($_SGLOBAL['supe_uid']);
}
if(empty($space)) {
//游客直接跳转
showmessage('do_success', $url, 0);
}
$url = shtmlspecialchars($url);
if(!preg_match("/^http\:\/\//i", $url)) $url = "http://".$url;
//模板调用
include_once template("iframe");
?>
show_msg('UCenter 服务端字符集与当前应用的字符集不同,请下载 ' . $ucdbcharset . ' 编码的 SupeSite 进行安装,下载地址:http://download.comsenz.com/');
}
$tagtemplates = 'apptagtemplates[template]=' . urlencode('<a href="{url}" target="_blank">{subject}</a>') . '&' . 'apptagtemplates[fields][subject]=' . urlencode('资讯标题') . '&' . 'apptagtemplates[fields][url]=' . urlencode('资讯地址');
$uri = $_SERVER['REQUEST_URI'] ? $_SERVER['REQUEST_URI'] : ($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']);
$app_url = strtolower(substr($_SERVER['SERVER_PROTOCOL'], 0, strpos($_SERVER['SERVER_PROTOCOL'], '/'))) . '://' . $_SERVER['HTTP_HOST'] . substr($uri, 0, strrpos($uri, '/install/'));
$app_name = trim($_POST['sitename']);
$postdata = "m=app&a=add&ucfounder=&ucfounderpw=" . urlencode($_POST['ucfounderpw']) . "&apptype=" . urlencode('SUPESITE') . "&appname=" . urlencode($app_name) . "&appurl=" . urlencode($app_url) . "&appip=&appcharset=" . $_SC['charset'] . '&appdbcharset=' . $_SC['dbcharset'] . '&release=' . UC_CLIENT_RELEASE . '&' . $tagtemplates;
$s = sfopen($ucapi . '/index.php', 500, $postdata, '', 1, $ucip);
if (empty($s)) {
show_msg('UCenter用户中心无法连接');
} elseif ($s == '-1') {
show_msg('UCenter管理员帐号密码不正确');
} else {
$ucs = explode('|', $s);
if (empty($ucs[0]) || empty($ucs[1])) {
show_msg('UCenter返回的数据出现问题,请参考:<br />' . shtmlspecialchars($s));
} else {
//处理成功
$apphidden = '';
//验证是否可以直接联接MySQL
$link = mysql_connect($ucs[2], $ucs[4], $ucs[5], 1);
$connect = $link && mysql_select_db($ucs[3], $link) ? 'mysql' : '';
//返回
foreach (array('key', 'appid', 'dbhost', 'dbname', 'dbuser', 'dbpw', 'dbcharset', 'dbtablepre', 'charset') as $key => $value) {
if ($value == 'dbtablepre') {
$ucs[$key] = '`' . $ucs[3] . '`.' . $ucs[$key];
}
$apphidden .= "<input type=\"hidden\" name=\"uc[{$value}]\" value=\"" . $ucs[$key] . "\" />";
}
//内置
$apphidden .= "<input type=\"hidden\" name=\"uc[connect]\" value=\"{$connect}\" />";
//取得单个数据
$thevalue = $list = array();
$_GET['gid'] = empty($_GET['gid'])?0:intval($_GET['gid']);
if($_GET['gid']) {
$query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('usergroup')." WHERE gid='$_GET[gid]'");
if(!$thevalue = $_SGLOBAL['db']->fetch_array($query)) {
cpmessage('user_group_does_not_exist');
}
$thevalue['magicaward'] = unserialize($thevalue['magicaward']);
}
if(submitcheck('thevaluesubmit')) {
//用户组名
$_POST['set']['grouptitle'] = shtmlspecialchars($_POST['set']['grouptitle']);
if(empty($_POST['set']['grouptitle'])) cpmessage('user_group_were_not_empty');
$setarr = array('grouptitle' => $_POST['set']['grouptitle']);
//系统
if(isset($thevalue['system'])) {
$_POST['set']['system'] = $thevalue['system'];
} else {
$_POST['set']['system'] = intval($_POST['set']['system']);
}
if(empty($_POST['set']['system'])) {
//普通用户组
$_POST['set']['explower'] = empty($_POST['set']['explower'])?0:intval($_POST['set']['explower']);
if($_POST['set']['explower'] > 999999999 || $_POST['set']['explower'] < -999999999) cpmessage('integral_limit_error');
$lowgid = $_SGLOBAL['db']->result($_SGLOBAL['db']->query("SELECT gid FROM ".tname('usergroup')." where explower = '{$_POST['set']['explower']}' AND system='0'"), 0);
if(!empty($lowgid) && $lowgid != $_GET['gid']) {
