<?php require_once 'inc/init.php'; $formaction = "signup.php?action=register"; if ($_GET['action'] == "register") { $eu = strFilter($_POST["membername"]); $ep = strFilter($_POST['memberpass']); $ev = strFilter($_POST["email"]); $sv = strFilter($_POST["securitycode"]); if (empty($eu) || empty($ep) || empty($ev)) { printMsg('signup_required_1'); } $signuptime = $cache_global['signupitime'] * 3600; $time = time(); $ip = getIP(); if ($time - $row['signuptime'] < $signuptime) { printMsg('signup_signupitime'); } $member['membername'] = $eu; $member['memberpass'] = encrypt($eu, $ep); $member['email'] = $ev; $member['signuptime'] = $time; $member['logintime'] = $time; $member['lastlogintime'] = $time; $member['signupip'] = $ip; if ($cache_global['issignupverify'] == 0) { $member['groupid'] = 1; } else { if ($cache_global['issignupverify'] == 1) { $member['groupid'] = GROUP_NOVERIFY; } else {
} function calcUp($arrr) { if (count($arrr) == 1) { $calced = is_float($arrr[0]) ? number_format($arrr[0], 5, ".", "") : $arrr[0]; return $calced; } else { for ($x = 0; $x < count($arrr); $x++) { if (is_string($arrr[$x])) { $ans = calcLogic($arrr[$x - 1], $arrr[$x], $arrr[$x + 1]); $arrr[$x] = $ans; unset($arrr[$x - 1]); unset($arrr[$x + 1]); $arrr = array_values($arrr); return calcUp($arrr); } } } } function runIt($arrr) { $uuu = expo($arrr); $uuu = mulDiv($uuu); return $uuu; } $math_array = strFilter($new_a); sizeCheck($math_array); $answer = calcUp(runIt(orderPar($math_array))); header("Location: /?answer={$answer}"); ?>
\t\tif(smallNowTab=='t3'){return;} \t\teval("self.location.href=links."+smallNowTab+";"); \t};\t\t \tpt.initTab(); \tpt.clickNowTab(); \t \t</script> EOT; break; /************************************** sqllist END ************************************************/ /************************************** download BEGIN ************************************************/ /************************************** sqllist END ************************************************/ /************************************** download BEGIN ************************************************/ case "download": ob_end_clean(); $fileid = strFilter($_GET['fileid']); $filepath = "{$backdir}/" . $fileid; if (!file_exists($filepath)) { exit('file not exist'); } $filename = stristr($_SERVER['HTTP_USER_AGENT'], 'MSIE') ? urlencode($fileid) : $fileid; _header_('Content-Encoding: none'); _header_('Content-Type: application/octet-stream'); _header_('Content-Disposition: attachment; filename="' . $filename . '"'); _header_('Content-Length: ' . filesize($filepath)); getlocalfile($filepath); break; /************************************** download END ************************************************/ /************************************** delete BEGIN ************************************************/ /************************************** download END ************************************************/ /************************************** delete BEGIN ************************************************/
<?php require_once './../inc/init.php'; require_once './language/language.php'; $action = strFilter($_GET['action']); $username = strFilter($_POST['username']); $userpass = strFilter($_POST['userpass']); $securitycode = strFilter($_POST['securitycode']); $ref = strFilter($_POST['ref']); if ($ref == "") { $ref = "index.php"; } if ($action == 'exit') { uSESSION('isadmin'); _header_("location:login.php"); } if (isAdmin()) { _header_("location:index.php"); } if ($action == 'login') { if ($lg['groupid'] != GROUP_ADMIN) { //exit($_AL['login.webfirst']); } if ($username == '' || $userpass == '' || $userpass == '') { $errtips = 'login_detailsrequired'; } elseif (strtolower(rSESSION('validationcode')) != strtolower($securitycode)) { $errtips = 'login_validationcodeerr'; } else { $userpass = encrypt($username, $userpass); $row = $db->row_select_one("users", "username='******' and userpass='******'"); if ($row == null) {
//初始化 $timer_begin = getmicrotime(); $db = new db(); $db->connect($_DB); $webcore = new WebCore(); //管理员登录信息 $lg['userid'] = intval(rSESSION('userid')); $lg['isadmin'] = intval(rSESSION('isadmin')); //会员登录信息 $lg['memberid'] = intval(rSESSION('memberid')); $lg['groupid'] = intval(rSESSION('groupid')); $lg['isadmin'] = intval(rSESSION('isadmin')); $lg['membername'] = strFilter(rSESSION('membername')); $lg['displayname'] = htmlFilter(rSESSION('membername')); $lg['memberpass'] = strFilter(rSESSION('memberpass')); $lg['memberauth'] = strFilter(rSESSION('memberauth')); $lg['expire'] = intval(getCookies('expire')); $islogin = isLogin(); if (empty($lg['membername']) || empty($lg['memberpass'])) { $lg['memberid'] = 0; $lg['groupid'] = 0; } elseif (md5($lg['membername'] . $lg['memberpass'] . $cache_global['salt']) != $lg['memberauth']) { //echo md5($lg['membername'].$lg['memberpass'].$cache_global['salt']);exit; $lg['memberid'] = 0; $lg['groupid'] = 0; $lg['membername'] = ''; $lg['memberpass'] = ''; } //var_dump($lg);exit; if ($lg['memberid'] == 0 || $lg['groupid'] == 0) { $lg['groupid'] = GROUP_GUESS;
<?php require_once 'inc/init.php'; $loginaction = "login.php?action=checklogin"; if ($_GET['action'] == "checklogin") { $username = strFilter($_POST['membername']); $userpass = strFilter($_POST['memberpass']); $userpass = encrypt($username, $userpass); if (empty($username) || empty($userpass)) { printMsg('signup_required_1'); } $row = $db->row_select_one("members", "membername='{$username}' and memberpass='******'"); if ($row == false) { printMsg('login_namepasserr'); } else { $uobj['logintime'] = time(); $db->row_update("members", $uobj, "id={$row['id']}"); $t = -86400 * 365 * 2; wSESSION('memberid', $row['id']); wSESSION('groupid', $row['groupid']); wSESSION('membername', $row['membername'], $t); wSESSION('memberpass', $row['memberpass'], $t); setCookies("cartid", $row['id'], 3600 * 24 * 7); //session_destroy(); setCookies('membername', $username, $t); setCookies('userpass', $userpass, $t); setCookies('expire', '', $t); wSESSION('memberauth', md5($row['membername'] . $row['memberpass'] . $cache_global['salt']), $t); printMsg('login_succeed'); } } else {
$folder['title'] = strFilter($_POST['newfoldername']); if (empty($folder['title'])) { exit($_AL['folder.empty.name']); } $folder['updatetime'] = time(); $db->row_insert("folders", $folder); writeFoldersCache(); succeedFlag(); } catch (Exception $e) { echo $e; } break; case "renameFolder": try { $folderid = intval($_POST['folderid']); $folder['title'] = strFilter($_POST['newfoldername']); if (empty($folder['title'])) { exit($_AL['folder.empty.name']); } $db->row_update("folders", $folder, "id={$folderid}"); writeFoldersCache(); succeedFlag(); } catch (Exception $e) { echo $e; } break; case "delFolder": try { $folderids = $_POST['ids']; $deltype = intval($_POST['deltype']); if (isIntArray($folderids)) {
switch ($action) { case "savearticle": try { $doaction = strFilter($_POST['doaction']); $art['title'] = strFilter($_POST['title']); $art['alias'] = strFilter($_POST['alias']); $art['posttime'] = strFilter($_POST['posttime']); $art['posttime'] = empty($art['posttime']) ? time() : strtotime($art['posttime']) - $cache_settings['timeoffset'] * 3600; $art['posttime'] = $art['posttime'] < 0 ? time() : $art['posttime']; $art['channelid'] = intval($_POST['channelid']); $art['langid'] = $_SYS['alangid']; $art['type'] = intval($_POST['type']); $art['seotitle'] = strFilter($_POST['seotitle']); $art['metakeywords'] = strFilter($_POST['metakeywords']); $art['metadesc'] = strFilter($_POST['metadesc']); $art['content'] = strFilter($_POST['content']); $art["picid"] = intval($_POST['picid']); $row = $db->row_select_one("attachments", "id=" . $art['picid']); $art['picpath'] = $row['filepath']; if ($doaction == "edit") { $id = intval($_POST['id']); $db->row_update("articles", $art, "id={$id}"); } else { $db->row_insert("articles", $art); } if ($doaction == "edit") { printRes($_AL['article.edit.succeed'] . "<script>setTimeout(function(){self.location.href='admin.php?inc=article&action=list&channelid={$art['channelid']}'},2000);</script>"); } else { printRes($_AL['article.add.succeed'] . "<script>setTimeout(function(){self.location.href='admin.php?inc=article&action=list&channelid={$art['channelid']}'},2000);</script>"); } } catch (Exception $e) {
function keepOnlyChineseWord($str) { preg_match_all('/[\\x{4e00}-\\x{9fff}]+/u', $str, $matches); return strFilter(join('', $matches[0])); }
succeedFlag(); } catch (Exception $e) { echo $e; } break; case "modifyprocate": try { $doaction = strFilter($_POST['doaction']); $procate['alias'] = strFilter($_POST['alias']); $procate['ishidden'] = intval($_POST['ishidden']); $procate['pid'] = intval($_POST['pid']); $procate['langid'] = $_SYS['alangid']; $procate['title'] = strFilter($_POST['title']); $procate['seotitle'] = strFilter($_POST['seotitle']); $procate['metadesc'] = strFilter($_POST['metadesc']); $procate['metakeywords'] = strFilter($_POST['metakeywords']); if ($doaction == "edit") { $id = intval($_POST['id']); $db->row_update("procates", $procate, "id={$id}"); $procate['cateid'] = $id; } else { $tmprow = $db->row_query_one("SELECT max(ordernum) AS morder FROM `{$db->pre}procates` WHERE langid={$_SYS['alangid']} Limit 1"); $procate['ordernum'] = ++$tmprow['morder']; $db->row_insert("procates", $procate); $procate['cateid'] = $db->insert_id(); } writeProductsCateCache(); succeedFlag(); } catch (Exception $e) { echo $e; }
public function getOriginAddress($val) { return strFilter(str_replace(['F', '-', "'", '"'], ['樓', '之', '', ''], trim(nfTowf($val)))); }
<?php header("Content-Type:text/html; charset=utf-8"); include_once 'inc/init.php'; if (!$islogin) { exit($_SLANG['all.notlogin']); } $action = strFilter($_GET["action"]); switch ($action) { case "modifyPass": $opass = strFilter($_POST["oldpass"]); $npass = strFilter($_POST["memberpass"]); if ($opass == "" || $npass == "") { echo $_SLANG['ajaxmember.password']; } else { $row = $db->row_select_one("members", "id={$lg['memberid']}"); if ($row == null) { exit($_SLANG['ajaxmember.usernotexist']); } $opass = encrypt($row['membername'], $opass); if ($opass != $row['memberpass']) { exit($_SLANG['ajaxmember.oldpasserr']); } else { //可以修改密码 $tmp['memberpass'] = encrypt($row['membername'], $npass); $db->row_update("members", $tmp, "id={$row['id']}"); succeedFlag(); } } break; case "modifyDetails":
} if (!hasPopedom("msg")) { exit(_LANG($_AL['admin.nopopedom'], array($_AL['index.msg.list']))); } $action = strFilter($_GET['action']); switch ($action) { case "savemsg": try { $doaction = strFilter($_POST['doaction']); $msg['name'] = strFilter($_POST['name']); $msg['email'] = strFilter($_POST['email']); $msg['contact1'] = strFilter($_POST['contact1']); $msg['title'] = strFilter($_POST['title']); $msg['remark'] = strFilter($_POST['remark']); $msg['replier'] = strFilter($cache_users[$lg['userid']]['username']); $msg['reply'] = strFilter($_POST['reply']); $msg['state'] = intval($_POST['state']); $msg['replytime'] = time(); $id = intval($_POST['id']); $db->row_update("msgs", $msg, "id={$id}"); printRes("{$_AL['msg.reply.succeed']}<script>setTimeout(function(){reloadSelf('admin.php?inc=msg&action=list');},1500);</script>"); } catch (Exception $e) { echo $e; } break; case "domsgs": try { $postaction = $_POST['postaction']; $ids = $_POST['ids']; if (empty($ids)) { exit($_AL['msg.nochoose']);
if (!hasPopedom("order")) { exit(_LANG($_AL['admin.nopopedom'], array($_AL['index.order.man']))); } $action = strFilter($_GET['action']); switch ($action) { case "saveorders": try { $order['state'] = intval($_POST['state']); $order['remark2'] = strFilter($_POST['remark2']); $order['expresscharges'] = strFilter($_POST['expresscharges']); $order['name'] = strFilter($_POST['name']); $order['phonenum'] = strFilter($_POST['phonenum']); $order['email'] = strFilter($_POST['email']); $order['address'] = strFilter($_POST['address']); $order['zipcode'] = strFilter($_POST['zipcode']); $order['remark'] = strFilter($_POST['remark']); $id = intval($_POST['id']); $oldstate = intval($_POST['oldstate']); $db->row_update("orders", $order, "id={$id}"); printRes("{$_AL['order.edit.succeed']}<script>setTimeout(function(){reloadSelf('admin.php?inc=order&action=list&state={$oldstate}');},2000);</script>"); } catch (Exception $e) { echo $e; } break; case "doorders": try { $postaction = $_POST['postaction']; $aids = $_POST['aids']; if (empty($aids)) { exit($_AL['order.noselect']); }
<?php header("Content-Type:text/html; charset=utf-8"); require_once '../inc/init.php'; require_once '../inc/cache.php'; require_once './inc/adminfun.php'; require_once "./language/language.php"; if (!isAdmin()) { exit($_AL['all.notlogin']); } if (!hasPopedom("user")) { exit(_LANG($_AL['admin.nopopedom'], array($_AL['index.admin.set']))); } $action = strFilter($_GET['action']); switch ($action) { case "delusers": try { $deluid = $_POST['deluid']; if (isIntArray($deluid)) { foreach ($deluid as $uid) { //delete users $db->row_delete("users", "id={$uid}"); } } writeUsersCache(); succeedFlag(); } catch (Exception $e) { echo $e; } break; case "savepopedom":
<?php require_once './inc/init.php'; $id = intval($_GET['id']); $action = strFilter($_GET["action"]); $action = empty($action) ? "view" : $action; switch ($action) { case "vote": case "view": $votetips = ''; if ($action == "vote") { $voteitemid = $_POST['voteitemid']; $voteid = intval($_POST['voteid']); $voterow = $db->row_select_one("votes", "id={$voteid}"); if ($voterow['starttime'] > $_SYS['time'] || $voterow['stoptime'] < $_SYS['time']) { $votetips = $_SLANG['vote.expired']; } if (!empty($voteitemid)) { if (isIntArray($voteitemid) && count($voteitemid) <= $voterow['maxvotes']) { //合法 } else { $votetips = _LANG($_SLANG['vote.max2'], array($voterow['maxvotes'])); } $rows = $db->row_select("voteitems", "voteid={$voteid}"); if ($voterow['level'] > 0) { foreach ($rows as $row) { if (stristr(",{$row['voteips']},", "," . getIP() . ",")) { $votetips = $_SLANG['vote.voted']; } } }
$picpaths = array(); foreach ($picids as $picid) { if (empty($picpathmap[$picid])) { array_push($picpaths, 'null'); } else { array_push($picpaths, $picpathmap[$picid]); } } unset($picpathmap); $pro['picids'] = implode("\t", $picids); $pro['picpaths'] = implode("\t", $picpaths); unset($picpaths); $pro['seotitle'] = strFilter($_POST['seotitle']); $pro['metakeywords'] = strFilter($_POST['metakeywords']); $pro['metadesc'] = strFilter($_POST['metadesc']); $pro['content'] = strFilter($_POST['content']); $pro['posttime'] = time(); $pro['langid'] = $_SYS['alangid']; if ($doaction == "edit") { $id = intval($_POST['id']); $db->row_update("products", $pro, "id={$id}"); } else { $pro['ordernum'] = 100; $db->row_insert("products", $pro); } if ($doaction == "edit") { printRes("{$_AL['products.edit.succeed']}<script>setTimeout(function(){reloadSelf('admin.php?inc=products&action=list');},2000);</script>"); } else { printRes("{$_AL['products.add.succeed']}<script>setTimeout(function(){reloadSelf('admin.php?inc=products&action=list');},2000);</script>"); } } catch (Exception $e) {
<?php header("Content-Type:text/html; charset=utf-8"); require_once '../inc/init.php'; require_once '../inc/cache.php'; require_once './inc/adminfun.php'; require_once "./language/language.php"; if (!isAdmin()) { exit($_AL['all.notlogin']); } if (!hasPopedom("page")) { exit(_LANG($_AL['admin.nopopedom'], array($_AL['index.page.man']))); } $action = strFilter($_GET['action']); switch ($action) { case "savepage": $channelid = intval($_POST['channelid']); $content = strFilter($_POST['content']); $channel['content'] = $content; $db->row_update("channels", $channel, "id={$channelid}"); writeChannelsCache(); printRes("{$_AL['page.edit.succeed']}<script>setTimeout(function(){reloadSelf('admin.php?inc=channel&action=set');},2000);</script>"); //succeedFlag(); break; default: echo $_AL['all.noaction']; break; }
$channel['ishidden'] = $hide; $db->row_update("channels", $channel, "id={$channelid}"); writeChannelsCache(); //_header_("location:admin.php?inc=channel&action=set"); printRes($_AL['channel.ajax.set.succeed'] . "<script>setTimeout(function(){reloadTop('admin.php?inc=channel&action=set');},1000);</script>"); //succeedFlag(); break; case "savepage": $channelid = intval($_POST['channelid']); $content = strFilter($_POST['content']); $channel['content'] = $content; $db->row_update("channels", $channel, "id={$channelid}"); writeChannelsCache(); printRes($_AL['channel.ajax.edit.succeed'] . "<script>setTimeout(function(){reloadSelf('admin.php?inc=channel&action=set');},2000);</script>"); //succeedFlag(); break; case "savelink": $channelid = intval($_POST['channelid']); $link = strFilter($_POST['link']); $target = intval($_POST['target']); $channel['link'] = $link; $channel['target'] = $target; $db->row_update("channels", $channel, "id={$channelid}"); writeChannelsCache(); printRes($_AL['channel.ajax.edit.succeed'] . "<script>setTimeout(function(){reloadSelf('admin.php?inc=channel&action=set');},2000);</script>"); //succeedFlag(); break; default: echo $_AL['all.noaction']; break; }
$tlang = $_POST['tlang']; $settings['template'] = $template; $settings['templatelang'] = $tlang[$template]; saveSettings($settings); writeSettingsCache(); succeedFlag(); } catch (Exception $e) { echo $e; } break; case "savevars": try { $doaction = strFilter($_POST['doaction']); $vars['tkey'] = trim(strFilter($_POST['tkey'])); $vars['tvalue'] = strFilter($_POST['tvalue']); $vars['tdesc'] = strFilter($_POST['tdesc']); $vars['langid'] = $_SYS['alangid']; if (!empty($vars['tkey'])) { if ($doaction == "editvar") { $id = intval($_POST['id']); $db->row_update("templatevars", $vars, "id={$id}"); } else { $db->row_insert("templatevars", $vars); } writeTemplatevarsCache(); } if ($doaction == "editvar") { printRes("{$_AL['template.editsucceed']}<script>setTimeout(function(){self.location.href='admin.php?inc=template&action=varlist'},1000);</script>"); } else { printRes("{$_AL['template.addsucceed']}<script>setTimeout(function(){self.location.href='admin.php?inc=template&action=varlist'},1000);</script>"); }