function astrfilter($str)
{
if (is_array($str)) {
foreach ($str as $key => $val) {
$str[$key] = astrfilter($val);
}
} else {
$str = str_replace(array('eval'), '', $str);
//屏蔽会造成困扰的关键字;
}
return $str;
}
$adminmsg = file_get_contents('./gamedata/adminmsg.htm');
$systemmsg = file_get_contents('./gamedata/systemmsg.htm');
if ($command == 'edit') {
$ednum = 0;
$edfmt = array('adminmsg' => 'html', 'systemmsg' => 'html', 'startmode' => 'int', 'starthour' => 'int', 'startmin' => 'int', 'iplimit' => 'int', 'newslimit' => 'int', 'alivelimit' => 'int', 'winlimit' => 'int', 'noiselimit' => 'int', 'chatlimit' => 'int', 'chatrefresh' => 'int', 'chatinnews' => 'int');
$edlist = array();
$cmd_info = '';
foreach ($edfmt as $key => $val) {
if (isset($_POST[$key])) {
${'o_' . $key} = ${$key};
if ($val == 'int') {
${$key} = intval($_POST[$key]);
} elseif ($val == 'b') {
intval($_POST[$key]) != 0 ? ${$key} = 1 : (${$key} = 0);
} elseif ($val == 'html') {
${$key} = html_entity_decode(astrfilter($_POST[$key]), ENT_COMPAT);
} else {
${$key} = $_POST[$key];
}
if (${$key} != ${'o_' . $key}) {
$ednum++;
if (${$key} === '') {
$cmd_info .= "{$lang[$key]} 已清空<br>";
} else {
$cmd_info .= "{$lang[$key]} 修改为 {${$key}} <br>";
}
$edlist[$key] = ${$key};
}
}
}
$cmd_info .= "提交的修改请求数量: {$ednum} <br>";
<?php
if (!defined('IN_ADMIN')) {
exit('Access Denied');
}
//if($mygroup < 6){
// exit($_ERROR['no_power']);
//}
$dir = GAME_ROOT . './gamedata/';
if ($command == 'write') {
$nmlimit = astrfilter($postnmlmt);
$iplimit = astrfilter($postiplmt);
writeover("{$dir}banlist.list", "<?php\n\n\$nmlimit = '{$nmlimit}';\n\$iplimit = '{$iplimit}';\n\n?>");
//write_list($dir,$postnmlmt,$postiplmt);
$cmd_info = '新的屏蔽列表已经写入。';
} else {
include_once $dir . 'banlist.list';
}
include template('admin_banlistmng');
exit('Access Denied');
}
if ($command == 'edit') {
$ednum = 0;
$edfmt = array('authkey' => '', 'bbsurl' => '', 'gameurl' => '', 'homepage' => '', 'moveut' => 'int', 'moveutmin' => 'int', 'tplrefresh' => 'b', 'errorinfo' => 'b');
$edlist = array();
$cmd_info = '';
foreach ($edfmt as $key => $val) {
if (isset($_POST[$key])) {
${'o_' . $key} = ${$key};
if ($val == 'int') {
${$key} = intval($_POST[$key]);
} elseif ($val == 'b') {
intval($_POST[$key]) != 0 ? ${$key} = 1 : (${$key} = 0);
} else {
${$key} = astrfilter($_POST[$key]);
}
if (${$key} != ${'o_' . $key}) {
$ednum++;
if (${$key} === '') {
$cmd_info .= "{$lang[$key]} 已清空<br>";
} else {
$cmd_info .= "{$lang[$key]} 修改为 {${$key}} <br>";
}
$edlist[$key] = ${$key};
}
}
}
$cmd_info .= "提交的修改请求数量: {$ednum} <br>";
if ($ednum) {
//$adminlog = '';
$db->query("DELETE FROM {$tablepre}users WHERE uid='{$u}'");
}
} elseif (strpos($urcmd, 'edit') === 0) {
$uid = explode('_', $urcmd);
$no = (int) $uid[1];
$uid = (int) $uid[2];
if (!$uid) {
$cmd_info = "帐户UID错误。";
} elseif (!isset($urdata[$no]) || $urdata[$no]['uid'] != $uid) {
$cmd_info = "该帐户不存在或超出查询范围。";
} elseif ($urdata[$no]['groupid'] > $mygroup) {
$cmd_info = "权限不够,不能修改此帐户信息!";
} else {
$urdata[$no]['motto'] = $urmotto = astrfilter(${'motto_' . $no});
$urdata[$no]['killmsg'] = $urkillmsg = astrfilter(${'killmsg_' . $no});
$urdata[$no]['lastword'] = $urlastword = astrfilter(${'lastword_' . $no});
$urdata[$no]['nicks'] = $urnicks = ${'nicks_' . $no};
$urdata[$no]['achievement'] = $urach = ${'achievement_' . $no};
$urdata[$no]['icon'] = $uricon = (int) ${'icon_' . $no};
$urdata[$no]['credits'] = $urcredits = (int) ${'credits_' . $no};
$urdata[$no]['credits2'] = $urcredits2 = (int) ${'credits2_' . $no};
if (!in_array(${'gender_' . $no}, array('0', 'm', 'f'))) {
$urdata[$no]['gender'] = $urgender = '0';
} else {
$urdata[$no]['gender'] = $urgender = ${'gender_' . $no};
}
if (!empty(${'pass_' . $no})) {
$urpass = md5(${'pass_' . $no});
$db->query("UPDATE {$tablepre}users SET motto='{$urmotto}',killmsg='{$urkillmsg}',lastword='{$urlastword}',icon='{$uricon}',gender='{$urgender}',password='******',credits='{$urcredits}',credits2='{$urcredits2}' ,nicks='{$urnicks}' ,achievement='{$urach}' WHERE uid='{$uid}'");
$cmd_info = "帐户 " . $urdata[$no]['username'] . " 的密码及其他信息已修改!";
} else {
}
} elseif (strpos($urcmd, 'edit') === 0) {
$uid = explode('_', $urcmd);
$no = (int) $uid[1];
$uid = (int) $uid[2];
if (!$uid) {
$cmd_info = "帐户UID错误。";
} elseif (!isset($urdata[$no]) || $urdata[$no]['uid'] != $uid) {
$cmd_info = "该帐户不存在或超出查询范围。";
} elseif ($urdata[$no]['groupid'] >= $mygroup) {
$cmd_info = "权限不够,不能修改此帐户信息!";
} else {
$urdata[$no]['motto'] = $urmotto = astrfilter(${'motto_' . $no});
$urdata[$no]['killmsg'] = $urkillmsg = astrfilter(${'killmsg_' . $no});
$urdata[$no]['lastword'] = $urlastword = astrfilter(${'lastword_' . $no});
$urdata[$no]['gold'] = $urgold = astrfilter(${'gold_' . $no});
$urdata[$no]['icon'] = $uricon = (int) ${'icon_' . $no};
if (!in_array(${'gender_' . $no}, array('0', 'm', 'f'))) {
$urdata[$no]['gender'] = $urgender = '0';
} else {
$urdata[$no]['gender'] = $urgender = ${'gender_' . $no};
}
if (!empty(${'pass_' . $no})) {
$urpass = md5(${'pass_' . $no});
$db->query("UPDATE {$gtablepre}users SET motto='{$urmotto}',killmsg='{$urkillmsg}',lastword='{$urlastword}',icon='{$uricon}',gender='{$urgender}',password='******',gold='{$urgold}' WHERE uid='{$uid}'");
$cmd_info = "帐户 " . $urdata[$no]['username'] . " 的密码及其他信息已修改!";
} else {
$db->query("UPDATE {$gtablepre}users SET motto='{$urmotto}',killmsg='{$urkillmsg}',lastword='{$urlastword}',icon='{$uricon}',gender='{$urgender}',gold='{$urgold}' WHERE uid='{$uid}'");
$cmd_info = "帐户 " . $urdata[$no]['username'] . " 的信息已修改!";
}
}