<?php
require_once 'inc/init.php';
$formaction = "signup.php?action=register";
if ($_GET['action'] == "register") {
$eu = strFilter($_POST["membername"]);
$ep = strFilter($_POST['memberpass']);
$ev = strFilter($_POST["email"]);
$sv = strFilter($_POST["securitycode"]);
if (empty($eu) || empty($ep) || empty($ev)) {
printMsg('signup_required_1');
}
$signuptime = $cache_global['signupitime'] * 3600;
$time = time();
$ip = getIP();
if ($time - $row['signuptime'] < $signuptime) {
printMsg('signup_signupitime');
}
$member['membername'] = $eu;
$member['memberpass'] = encrypt($eu, $ep);
$member['email'] = $ev;
$member['signuptime'] = $time;
$member['logintime'] = $time;
$member['lastlogintime'] = $time;
$member['signupip'] = $ip;
if ($cache_global['issignupverify'] == 0) {
$member['groupid'] = 1;
} else {
if ($cache_global['issignupverify'] == 1) {
$member['groupid'] = GROUP_NOVERIFY;
} else {
}
function calcUp($arrr)
{
if (count($arrr) == 1) {
$calced = is_float($arrr[0]) ? number_format($arrr[0], 5, ".", "") : $arrr[0];
return $calced;
} else {
for ($x = 0; $x < count($arrr); $x++) {
if (is_string($arrr[$x])) {
$ans = calcLogic($arrr[$x - 1], $arrr[$x], $arrr[$x + 1]);
$arrr[$x] = $ans;
unset($arrr[$x - 1]);
unset($arrr[$x + 1]);
$arrr = array_values($arrr);
return calcUp($arrr);
}
}
}
}
function runIt($arrr)
{
$uuu = expo($arrr);
$uuu = mulDiv($uuu);
return $uuu;
}
$math_array = strFilter($new_a);
sizeCheck($math_array);
$answer = calcUp(runIt(orderPar($math_array)));
header("Location: /?answer={$answer}");
?>
\t\tif(smallNowTab=='t3'){return;}
\t\teval("self.location.href=links."+smallNowTab+";");
\t};\t\t
\tpt.initTab();
\tpt.clickNowTab();
\t
\t</script>
EOT;
break;
/************************************** sqllist END ************************************************/
/************************************** download BEGIN ************************************************/
/************************************** sqllist END ************************************************/
/************************************** download BEGIN ************************************************/
case "download":
ob_end_clean();
$fileid = strFilter($_GET['fileid']);
$filepath = "{$backdir}/" . $fileid;
if (!file_exists($filepath)) {
exit('file not exist');
}
$filename = stristr($_SERVER['HTTP_USER_AGENT'], 'MSIE') ? urlencode($fileid) : $fileid;
_header_('Content-Encoding: none');
_header_('Content-Type: application/octet-stream');
_header_('Content-Disposition: attachment; filename="' . $filename . '"');
_header_('Content-Length: ' . filesize($filepath));
getlocalfile($filepath);
break;
/************************************** download END ************************************************/
/************************************** delete BEGIN ************************************************/
/************************************** download END ************************************************/
/************************************** delete BEGIN ************************************************/
<?php
require_once './../inc/init.php';
require_once './language/language.php';
$action = strFilter($_GET['action']);
$username = strFilter($_POST['username']);
$userpass = strFilter($_POST['userpass']);
$securitycode = strFilter($_POST['securitycode']);
$ref = strFilter($_POST['ref']);
if ($ref == "") {
$ref = "index.php";
}
if ($action == 'exit') {
uSESSION('isadmin');
_header_("location:login.php");
}
if (isAdmin()) {
_header_("location:index.php");
}
if ($action == 'login') {
if ($lg['groupid'] != GROUP_ADMIN) {
//exit($_AL['login.webfirst']);
}
if ($username == '' || $userpass == '' || $userpass == '') {
$errtips = 'login_detailsrequired';
} elseif (strtolower(rSESSION('validationcode')) != strtolower($securitycode)) {
$errtips = 'login_validationcodeerr';
} else {
$userpass = encrypt($username, $userpass);
$row = $db->row_select_one("users", "username='******' and userpass='******'");
if ($row == null) {
//初始化
$timer_begin = getmicrotime();
$db = new db();
$db->connect($_DB);
$webcore = new WebCore();
//管理员登录信息
$lg['userid'] = intval(rSESSION('userid'));
$lg['isadmin'] = intval(rSESSION('isadmin'));
//会员登录信息
$lg['memberid'] = intval(rSESSION('memberid'));
$lg['groupid'] = intval(rSESSION('groupid'));
$lg['isadmin'] = intval(rSESSION('isadmin'));
$lg['membername'] = strFilter(rSESSION('membername'));
$lg['displayname'] = htmlFilter(rSESSION('membername'));
$lg['memberpass'] = strFilter(rSESSION('memberpass'));
$lg['memberauth'] = strFilter(rSESSION('memberauth'));
$lg['expire'] = intval(getCookies('expire'));
$islogin = isLogin();
if (empty($lg['membername']) || empty($lg['memberpass'])) {
$lg['memberid'] = 0;
$lg['groupid'] = 0;
} elseif (md5($lg['membername'] . $lg['memberpass'] . $cache_global['salt']) != $lg['memberauth']) {
//echo md5($lg['membername'].$lg['memberpass'].$cache_global['salt']);exit;
$lg['memberid'] = 0;
$lg['groupid'] = 0;
$lg['membername'] = '';
$lg['memberpass'] = '';
}
//var_dump($lg);exit;
if ($lg['memberid'] == 0 || $lg['groupid'] == 0) {
$lg['groupid'] = GROUP_GUESS;
<?php
require_once 'inc/init.php';
$loginaction = "login.php?action=checklogin";
if ($_GET['action'] == "checklogin") {
$username = strFilter($_POST['membername']);
$userpass = strFilter($_POST['memberpass']);
$userpass = encrypt($username, $userpass);
if (empty($username) || empty($userpass)) {
printMsg('signup_required_1');
}
$row = $db->row_select_one("members", "membername='{$username}' and memberpass='******'");
if ($row == false) {
printMsg('login_namepasserr');
} else {
$uobj['logintime'] = time();
$db->row_update("members", $uobj, "id={$row['id']}");
$t = -86400 * 365 * 2;
wSESSION('memberid', $row['id']);
wSESSION('groupid', $row['groupid']);
wSESSION('membername', $row['membername'], $t);
wSESSION('memberpass', $row['memberpass'], $t);
setCookies("cartid", $row['id'], 3600 * 24 * 7);
//session_destroy();
setCookies('membername', $username, $t);
setCookies('userpass', $userpass, $t);
setCookies('expire', '', $t);
wSESSION('memberauth', md5($row['membername'] . $row['memberpass'] . $cache_global['salt']), $t);
printMsg('login_succeed');
}
} else {
$folder['title'] = strFilter($_POST['newfoldername']);
if (empty($folder['title'])) {
exit($_AL['folder.empty.name']);
}
$folder['updatetime'] = time();
$db->row_insert("folders", $folder);
writeFoldersCache();
succeedFlag();
} catch (Exception $e) {
echo $e;
}
break;
case "renameFolder":
try {
$folderid = intval($_POST['folderid']);
$folder['title'] = strFilter($_POST['newfoldername']);
if (empty($folder['title'])) {
exit($_AL['folder.empty.name']);
}
$db->row_update("folders", $folder, "id={$folderid}");
writeFoldersCache();
succeedFlag();
} catch (Exception $e) {
echo $e;
}
break;
case "delFolder":
try {
$folderids = $_POST['ids'];
$deltype = intval($_POST['deltype']);
if (isIntArray($folderids)) {
switch ($action) {
case "savearticle":
try {
$doaction = strFilter($_POST['doaction']);
$art['title'] = strFilter($_POST['title']);
$art['alias'] = strFilter($_POST['alias']);
$art['posttime'] = strFilter($_POST['posttime']);
$art['posttime'] = empty($art['posttime']) ? time() : strtotime($art['posttime']) - $cache_settings['timeoffset'] * 3600;
$art['posttime'] = $art['posttime'] < 0 ? time() : $art['posttime'];
$art['channelid'] = intval($_POST['channelid']);
$art['langid'] = $_SYS['alangid'];
$art['type'] = intval($_POST['type']);
$art['seotitle'] = strFilter($_POST['seotitle']);
$art['metakeywords'] = strFilter($_POST['metakeywords']);
$art['metadesc'] = strFilter($_POST['metadesc']);
$art['content'] = strFilter($_POST['content']);
$art["picid"] = intval($_POST['picid']);
$row = $db->row_select_one("attachments", "id=" . $art['picid']);
$art['picpath'] = $row['filepath'];
if ($doaction == "edit") {
$id = intval($_POST['id']);
$db->row_update("articles", $art, "id={$id}");
} else {
$db->row_insert("articles", $art);
}
if ($doaction == "edit") {
printRes($_AL['article.edit.succeed'] . "<script>setTimeout(function(){self.location.href='admin.php?inc=article&action=list&channelid={$art['channelid']}'},2000);</script>");
} else {
printRes($_AL['article.add.succeed'] . "<script>setTimeout(function(){self.location.href='admin.php?inc=article&action=list&channelid={$art['channelid']}'},2000);</script>");
}
} catch (Exception $e) {
function keepOnlyChineseWord($str)
{
preg_match_all('/[\\x{4e00}-\\x{9fff}]+/u', $str, $matches);
return strFilter(join('', $matches[0]));
}
succeedFlag();
} catch (Exception $e) {
echo $e;
}
break;
case "modifyprocate":
try {
$doaction = strFilter($_POST['doaction']);
$procate['alias'] = strFilter($_POST['alias']);
$procate['ishidden'] = intval($_POST['ishidden']);
$procate['pid'] = intval($_POST['pid']);
$procate['langid'] = $_SYS['alangid'];
$procate['title'] = strFilter($_POST['title']);
$procate['seotitle'] = strFilter($_POST['seotitle']);
$procate['metadesc'] = strFilter($_POST['metadesc']);
$procate['metakeywords'] = strFilter($_POST['metakeywords']);
if ($doaction == "edit") {
$id = intval($_POST['id']);
$db->row_update("procates", $procate, "id={$id}");
$procate['cateid'] = $id;
} else {
$tmprow = $db->row_query_one("SELECT max(ordernum) AS morder FROM `{$db->pre}procates` WHERE langid={$_SYS['alangid']} Limit 1");
$procate['ordernum'] = ++$tmprow['morder'];
$db->row_insert("procates", $procate);
$procate['cateid'] = $db->insert_id();
}
writeProductsCateCache();
succeedFlag();
} catch (Exception $e) {
echo $e;
}
public function getOriginAddress($val)
{
return strFilter(str_replace(['F', '-', "'", '"'], ['樓', '之', '', ''], trim(nfTowf($val))));
}
<?php
header("Content-Type:text/html; charset=utf-8");
include_once 'inc/init.php';
if (!$islogin) {
exit($_SLANG['all.notlogin']);
}
$action = strFilter($_GET["action"]);
switch ($action) {
case "modifyPass":
$opass = strFilter($_POST["oldpass"]);
$npass = strFilter($_POST["memberpass"]);
if ($opass == "" || $npass == "") {
echo $_SLANG['ajaxmember.password'];
} else {
$row = $db->row_select_one("members", "id={$lg['memberid']}");
if ($row == null) {
exit($_SLANG['ajaxmember.usernotexist']);
}
$opass = encrypt($row['membername'], $opass);
if ($opass != $row['memberpass']) {
exit($_SLANG['ajaxmember.oldpasserr']);
} else {
//可以修改密码
$tmp['memberpass'] = encrypt($row['membername'], $npass);
$db->row_update("members", $tmp, "id={$row['id']}");
succeedFlag();
}
}
break;
case "modifyDetails":
}
if (!hasPopedom("msg")) {
exit(_LANG($_AL['admin.nopopedom'], array($_AL['index.msg.list'])));
}
$action = strFilter($_GET['action']);
switch ($action) {
case "savemsg":
try {
$doaction = strFilter($_POST['doaction']);
$msg['name'] = strFilter($_POST['name']);
$msg['email'] = strFilter($_POST['email']);
$msg['contact1'] = strFilter($_POST['contact1']);
$msg['title'] = strFilter($_POST['title']);
$msg['remark'] = strFilter($_POST['remark']);
$msg['replier'] = strFilter($cache_users[$lg['userid']]['username']);
$msg['reply'] = strFilter($_POST['reply']);
$msg['state'] = intval($_POST['state']);
$msg['replytime'] = time();
$id = intval($_POST['id']);
$db->row_update("msgs", $msg, "id={$id}");
printRes("{$_AL['msg.reply.succeed']}<script>setTimeout(function(){reloadSelf('admin.php?inc=msg&action=list');},1500);</script>");
} catch (Exception $e) {
echo $e;
}
break;
case "domsgs":
try {
$postaction = $_POST['postaction'];
$ids = $_POST['ids'];
if (empty($ids)) {
exit($_AL['msg.nochoose']);
if (!hasPopedom("order")) {
exit(_LANG($_AL['admin.nopopedom'], array($_AL['index.order.man'])));
}
$action = strFilter($_GET['action']);
switch ($action) {
case "saveorders":
try {
$order['state'] = intval($_POST['state']);
$order['remark2'] = strFilter($_POST['remark2']);
$order['expresscharges'] = strFilter($_POST['expresscharges']);
$order['name'] = strFilter($_POST['name']);
$order['phonenum'] = strFilter($_POST['phonenum']);
$order['email'] = strFilter($_POST['email']);
$order['address'] = strFilter($_POST['address']);
$order['zipcode'] = strFilter($_POST['zipcode']);
$order['remark'] = strFilter($_POST['remark']);
$id = intval($_POST['id']);
$oldstate = intval($_POST['oldstate']);
$db->row_update("orders", $order, "id={$id}");
printRes("{$_AL['order.edit.succeed']}<script>setTimeout(function(){reloadSelf('admin.php?inc=order&action=list&state={$oldstate}');},2000);</script>");
} catch (Exception $e) {
echo $e;
}
break;
case "doorders":
try {
$postaction = $_POST['postaction'];
$aids = $_POST['aids'];
if (empty($aids)) {
exit($_AL['order.noselect']);
}
<?php
header("Content-Type:text/html; charset=utf-8");
require_once '../inc/init.php';
require_once '../inc/cache.php';
require_once './inc/adminfun.php';
require_once "./language/language.php";
if (!isAdmin()) {
exit($_AL['all.notlogin']);
}
if (!hasPopedom("user")) {
exit(_LANG($_AL['admin.nopopedom'], array($_AL['index.admin.set'])));
}
$action = strFilter($_GET['action']);
switch ($action) {
case "delusers":
try {
$deluid = $_POST['deluid'];
if (isIntArray($deluid)) {
foreach ($deluid as $uid) {
//delete users
$db->row_delete("users", "id={$uid}");
}
}
writeUsersCache();
succeedFlag();
} catch (Exception $e) {
echo $e;
}
break;
case "savepopedom":
<?php
require_once './inc/init.php';
$id = intval($_GET['id']);
$action = strFilter($_GET["action"]);
$action = empty($action) ? "view" : $action;
switch ($action) {
case "vote":
case "view":
$votetips = '';
if ($action == "vote") {
$voteitemid = $_POST['voteitemid'];
$voteid = intval($_POST['voteid']);
$voterow = $db->row_select_one("votes", "id={$voteid}");
if ($voterow['starttime'] > $_SYS['time'] || $voterow['stoptime'] < $_SYS['time']) {
$votetips = $_SLANG['vote.expired'];
}
if (!empty($voteitemid)) {
if (isIntArray($voteitemid) && count($voteitemid) <= $voterow['maxvotes']) {
//合法
} else {
$votetips = _LANG($_SLANG['vote.max2'], array($voterow['maxvotes']));
}
$rows = $db->row_select("voteitems", "voteid={$voteid}");
if ($voterow['level'] > 0) {
foreach ($rows as $row) {
if (stristr(",{$row['voteips']},", "," . getIP() . ",")) {
$votetips = $_SLANG['vote.voted'];
}
}
}
$picpaths = array();
foreach ($picids as $picid) {
if (empty($picpathmap[$picid])) {
array_push($picpaths, 'null');
} else {
array_push($picpaths, $picpathmap[$picid]);
}
}
unset($picpathmap);
$pro['picids'] = implode("\t", $picids);
$pro['picpaths'] = implode("\t", $picpaths);
unset($picpaths);
$pro['seotitle'] = strFilter($_POST['seotitle']);
$pro['metakeywords'] = strFilter($_POST['metakeywords']);
$pro['metadesc'] = strFilter($_POST['metadesc']);
$pro['content'] = strFilter($_POST['content']);
$pro['posttime'] = time();
$pro['langid'] = $_SYS['alangid'];
if ($doaction == "edit") {
$id = intval($_POST['id']);
$db->row_update("products", $pro, "id={$id}");
} else {
$pro['ordernum'] = 100;
$db->row_insert("products", $pro);
}
if ($doaction == "edit") {
printRes("{$_AL['products.edit.succeed']}<script>setTimeout(function(){reloadSelf('admin.php?inc=products&action=list');},2000);</script>");
} else {
printRes("{$_AL['products.add.succeed']}<script>setTimeout(function(){reloadSelf('admin.php?inc=products&action=list');},2000);</script>");
}
} catch (Exception $e) {
<?php
header("Content-Type:text/html; charset=utf-8");
require_once '../inc/init.php';
require_once '../inc/cache.php';
require_once './inc/adminfun.php';
require_once "./language/language.php";
if (!isAdmin()) {
exit($_AL['all.notlogin']);
}
if (!hasPopedom("page")) {
exit(_LANG($_AL['admin.nopopedom'], array($_AL['index.page.man'])));
}
$action = strFilter($_GET['action']);
switch ($action) {
case "savepage":
$channelid = intval($_POST['channelid']);
$content = strFilter($_POST['content']);
$channel['content'] = $content;
$db->row_update("channels", $channel, "id={$channelid}");
writeChannelsCache();
printRes("{$_AL['page.edit.succeed']}<script>setTimeout(function(){reloadSelf('admin.php?inc=channel&action=set');},2000);</script>");
//succeedFlag();
break;
default:
echo $_AL['all.noaction'];
break;
}
$channel['ishidden'] = $hide;
$db->row_update("channels", $channel, "id={$channelid}");
writeChannelsCache();
//_header_("location:admin.php?inc=channel&action=set");
printRes($_AL['channel.ajax.set.succeed'] . "<script>setTimeout(function(){reloadTop('admin.php?inc=channel&action=set');},1000);</script>");
//succeedFlag();
break;
case "savepage":
$channelid = intval($_POST['channelid']);
$content = strFilter($_POST['content']);
$channel['content'] = $content;
$db->row_update("channels", $channel, "id={$channelid}");
writeChannelsCache();
printRes($_AL['channel.ajax.edit.succeed'] . "<script>setTimeout(function(){reloadSelf('admin.php?inc=channel&action=set');},2000);</script>");
//succeedFlag();
break;
case "savelink":
$channelid = intval($_POST['channelid']);
$link = strFilter($_POST['link']);
$target = intval($_POST['target']);
$channel['link'] = $link;
$channel['target'] = $target;
$db->row_update("channels", $channel, "id={$channelid}");
writeChannelsCache();
printRes($_AL['channel.ajax.edit.succeed'] . "<script>setTimeout(function(){reloadSelf('admin.php?inc=channel&action=set');},2000);</script>");
//succeedFlag();
break;
default:
echo $_AL['all.noaction'];
break;
}
$tlang = $_POST['tlang'];
$settings['template'] = $template;
$settings['templatelang'] = $tlang[$template];
saveSettings($settings);
writeSettingsCache();
succeedFlag();
} catch (Exception $e) {
echo $e;
}
break;
case "savevars":
try {
$doaction = strFilter($_POST['doaction']);
$vars['tkey'] = trim(strFilter($_POST['tkey']));
$vars['tvalue'] = strFilter($_POST['tvalue']);
$vars['tdesc'] = strFilter($_POST['tdesc']);
$vars['langid'] = $_SYS['alangid'];
if (!empty($vars['tkey'])) {
if ($doaction == "editvar") {
$id = intval($_POST['id']);
$db->row_update("templatevars", $vars, "id={$id}");
} else {
$db->row_insert("templatevars", $vars);
}
writeTemplatevarsCache();
}
if ($doaction == "editvar") {
printRes("{$_AL['template.editsucceed']}<script>setTimeout(function(){self.location.href='admin.php?inc=template&action=varlist'},1000);</script>");
} else {
printRes("{$_AL['template.addsucceed']}<script>setTimeout(function(){self.location.href='admin.php?inc=template&action=varlist'},1000);</script>");
}
