html_init("gb2312"); html_error_quit("guest 没有Blog!"); exit; } else { $link = pc_db_connect(); $pc = pc_load_infor($link, $currentuser["userid"]); if (!$pc || !pc_is_admin($currentuser, $pc)) { pc_db_close($link); html_error_quit("对不起,您要查看的Blog不存在"); exit; } pc_html_init("gb2312", $pc["NAME"]); $buserid = $_GET["userid"]; if ($_GET["act"] == "add" && $buserid) { $lookupuser = array(); if (bbs_getuser($buserid, $lookupuser) == 0) { echo "<script language=\"javascript\">用户" . $buserid . "不存在!</script>"; } else { $buserid = $lookupuser["userid"]; if (!pc_in_blacklist($link, $buserid, $pc["UID"])) { pc_add_blacklist($link, $buserid, $pc["UID"]); } } } if ($_GET["act"] == "del" && $buserid) { pc_del_blacklist($link, $buserid, $pc["UID"]); } $query = "SELECT * FROM blacklist WHERE uid = " . $pc[UID] . ";"; $result = mysql_query($query, $link); $num = mysql_num_rows($result); ?>
} if ($start <= 0) { $start = $gid; } $board = $_GET["board"]; $brdarr = array(); $bid = bbs_getboard($board, $brdarr); if ($bid == 0) { html_error_quit("错误的讨论区"); } $board = $brdarr["NAME"]; $board_desc = $brdarr["DESC"]; $brd_encode = urlencode($board); //$isnormalboard = bbs_normalboard($board); $lookupuser = array(); $guestUID = bbs_getuser("guest", $lookupuser); $isnormalboard = bbs_checkreadperm($guestUID, $bid); //bbs_set_onboard($bid,1); $usernum = $currentuser["index"]; if (!$isnormalboard && bbs_checkreadperm($usernum, $bid) == 0) { html_error_quit("错误的讨论区"); } $haveprev = 0; $num = bbs_get_threads_from_gid($bid, $gid, $start, $articles, $haveprev); if ($num == 0) { html_error_quit("错误的参数"); } $pagesize = 20; $totalpage = ($num - 1) / $pagesize + 1; $totalpage = intval($totalpage); if ($pno < 1 || $pno > $totalpage) {
<?php require "www2-funcs.php"; login_init(); bbs_session_modify_user_mode(BBS_MODE_QUERY); if (isset($_GET["userid"])) { $userid = trim($_GET["userid"]); $lookupuser = array(); if ($userid == "" || bbs_getuser($userid, $lookupuser) == 0) { html_error_quit("该用户不存在"); } $usermodestr = bbs_getusermode($userid); page_header($lookupuser["userid"], "<a href='bbsqry.php'>查询网友</a>"); ?> <div class="main smaller"> <pre> <?php echo $lookupuser["userid"]; ?> (<?php echo htmlspecialchars($lookupuser["username"]); ?> ) 共上站 <?php echo $lookupuser["numlogins"]; ?> 次,发表过 <?php echo $lookupuser["numposts"]; ?> 篇文章 上次在 [<?php echo date("D M j H:i:s Y", $lookupuser["lastlogin"]);
function add_friend($pc) { $id = $_GET["id"]; $lookupuser = array(); if ($friendid = pc_is_friend($id, $pc["USER"])) { return $friendid . "已在好友列表中!"; } elseif ($id == "" || bbs_getuser($id, $lookupuser) == 0) { return "用户 " . $id . " 不存在!"; } else { $id = $lookupuser["userid"]; pc_add_friend($id, $pc["USER"]); } if (pc_is_groupwork($pc)) { pc_group_logs($link, $pc, "ADD FRIEND: " . $id); } }
<?php include "funcs.php"; $requesttext = int_getreq(); $request = json_decode($requesttext); set_fromhost(); if (bbs_check_ban_ip($request->userid, $fromhost) != 0) { ie("ip denied."); } if ($request->userid == "guest" || bbs_checkpasswd($request->userid, $request->passwd) != 0) { ie("invalid user."); } $bid = $request->bid; $userec = array(); bbs_getuser($request->userid, $userec); $uid = $userec["index"]; $bname = bbs_getbname($bid); if ($bname == "") { ie("board not found."); } if (!bbs_checkreadperm($uid, $bid)) { ie("permission denied."); } $barr = array(); bbs_getboard($bname, $barr); if (bbs_is_readonly_board($barr)) { ie("board is readonly."); } if (!bbs_checkpostperm($uid, $bid)) { ie("post is denied."); }
} $destuserid = $article["OWNER"]; $file = $article["FILENAME"]; } else { if (isset($_GET["file"])) { $file = $_GET["file"]; } if (isset($file) && ($file[0] != 'M' || strstr($file, ".."))) { html_error_quit("错误的文章.."); } $title = isset($_GET["title"]) ? $_GET["title"] . ' ' : ''; $destuserid = isset($_GET["userid"]) ? $_GET["userid"] : ''; } if ($destuserid) { $lookupuser = array(); if (!bbs_getuser($destuserid, $lookupuser)) { html_error_quit("错误的收件人ID"); } if (isset($board) && !bbs_sufficient_score_to_sendmail($lookupuser["userid"])) { html_error_quit("您积分不足,不能给 " . $lookupuser["userid"] . " 发信!"); } } //system mailboxs $mail_box = array(".DIR", ".SENT", ".DELETED"); $mail_boxtitle = array("收件箱", "发件箱", "垃圾箱"); //custom mailboxs $mail_cusbox = bbs_loadmaillist($currentuser["userid"]); $i = 2; if ($mail_cusbox != -1) { foreach ($mail_cusbox as $mailbox) { $i++;
$dirfile = @$_POST["dir"]; if (strstr($dirfile, '..')) { die; } $maildir = bbs_setmailfile($currentuser["userid"], $dirfile); $num = @intval($_POST["num"]); if (!bbs_can_send_mail($mailfile ? 1 : 0)) { html_error_quit("您不能发送信件"); } if ($mailfile == "") { $incept = trim(@$_POST['userid']); if (!$incept) { html_error_quit("请输入收件人ID"); } $lookupuser = array(); if (!bbs_getuser($incept, $lookupuser)) { html_error_quit("错误的收件人ID"); } $incept = $lookupuser['userid']; if (!strcasecmp($incept, 'guest')) { html_error_quit("不能发信给guest"); } if (!bbs_sufficient_score_to_sendmail($incept)) { html_error_quit("您积分不足,不能给 " . $incept . " 发信!"); } } $title = trim(@$_POST["title"]); if (!$title) { $title = '无主题'; } $sig = intval(@$_POST['signature']);
function pc_del_member($link, $pc, $userid) { global $currentuser; if (!$pc || !is_array($pc)) { return FALSE; } if (!pc_is_groupwork($pc)) { return FALSE; } $query = "DELETE FROM members WHERE uid = '" . $pc["UID"] . "' AND username = '******' LIMIT 1;"; if (!mysql_query($query, $link)) { return FALSE; } $action = "DEL MEMBER: " . $userid; if (!pc_group_logs($link, $pc, $action)) { exit("群体BLOG LOG错误"); } $title = $userid . " 由 " . $currentuser["userid"] . " 取消 " . $pc["USER"] . " 群体BLOG的权利"; $content = " 欢迎下次再来 "; // post announcement //bbs_postarticle($pcconfig["APPBOARD"], preg_replace("/\\\(['|\"|\\\])/","$1",$title), preg_replace("/\\\(['|\"|\\\])/","$1",$content), 0 , 0 , 0 , 0); // post mail $lookupuser = array(); if (bbs_getuser($userid, $lookupuser) != 0) { $userid = $lookupuser["userid"]; bbs_postmail($userid, preg_replace("/\\\\(['|\"|\\\\])/", "\$1", $title), preg_replace("/\\\\(['|\"|\\\\])/", "\$1", $content), 0, 0); } return TRUE; }
function atomic_mailpost() { global $currentuser; atomic_mail_header(); if (!bbs_can_send_mail()) { atomic_error("您不能发送信件"); } $num = isset($_GET["num"]) ? @intval($_GET["num"]) : 0; $mail_fullpath = bbs_setmailfile($currentuser["userid"], ".DIR"); if ($num > 0) { $articles = array(); if (bbs_get_records_from_num($mail_fullpath, $num - 1, $articles)) { $title = $articles[0]["TITLE"]; $receiver = $articles[0]["OWNER"]; $shortfilename = $articles[0]["FILENAME"]; $filename = bbs_setmailfile($currentuser["userid"], $shortfilename); } else { atomic_error("错误的参数"); } } if (isset($_GET["post"])) { $title = atomic_get_input(trim(@$_POST["title"])); if (!$title) { $title = '无主题'; } $content = atomic_get_input(@$_POST["text"]); $sig = $currentuser["signature"]; $backup = bbs_is_save2sent() != 0; if ($num > 0) { $ret = bbs_postmail($mail_fullpath, $shortfilename, $num - 1, $title, $content, $sig, $backup); } else { $incept = trim(@$_POST['userid']); if (!$incept) { atomic_error("请输入收件人ID"); } $lookupuser = array(); if (!bbs_getuser($incept, $lookupuser)) { atomic_error("错误的收件人ID"); } $incept = $lookupuser['userid']; if (!strcasecmp($incept, 'guest')) { atomic_error("不能发信给guest"); } if (!bbs_sufficient_score_to_sendmail($incept)) { atomic_error("积分不足,不能发信给" . $incept); } $ret = bbs_postmail($incept, $title, $content, $sig, $backup); } if ($ret < 0) { switch ($ret) { case -1: case -2: atomic_error("无法创建文件"); break; case -3: atomic_error($incept . " 拒收您的邮件"); break; case -4: atomic_error($incept . " 的信箱已满"); break; case -5: atomic_error("两次发文/信间隔过密,请休息几秒再试!"); break; case -6: atomic_error("添加邮件列表出错"); break; case -7: atomic_error("邮件发送成功,但未能保存到发件箱"); break; case -8: atomic_error("找不到所回复的原信。"); break; case -100: atomic_error("错误的收件人ID"); break; default: atomic_error("系统错误,请联系管理员"); } } if ($num > 0) { $url = "?act=mailread&num=" . $num; echo "发送成功!本页面将在3秒后自动返回<a href='{$url}'>原信件</a><meta http-equiv='refresh' content='3; url=" . $url . "'/>"; } else { $url = "?act=mail"; echo "发送成功!本页面将在3秒后自动返回<a href='{$url}'>信件列表</a><meta http-equiv='refresh' content='3; url=" . $url . "'/>"; } atomic_footer(); return; } if ($num > 0) { if (!strncmp($title, "Re: ", 4)) { $nowtitle = $title; } else { $nowtitle = "Re: " . $title; } } else { $nowtitle = ""; } $html = "<form action='?act=mailpost&num=" . $num . "&post=1' method='post'>"; $html .= '标题: <input type="text" name="title" size="40" maxlength="100" value="' . ($nowtitle ? htmlspecialchars($nowtitle, ENT_QUOTES) . " " : "") . '"/><br/>'; if ($num > 0) { $html .= "收件人: " . $receiver . "<br/>"; } else { $html .= '收件人: <input type="text" name="userid"/><br/>'; } $html .= '<textarea name="text" rows="20" cols="80" wrap="physical">'; if ($num > 0) { $html .= "\n\n【 在 " . $receiver . " 的来信中提到: 】\n"; $fp = fopen($filename, "r"); if ($fp) { $lines = 0; for ($i = 0; $i < 4; $i++) { if (($buf = fgets($fp, 500)) == FALSE) { break; } } while (1) { if (($buf = fgets($fp, 500)) == FALSE) { break; } if (strncmp($buf, ": 【", 4) == 0) { continue; } if (strncmp($buf, ": : ", 4) == 0) { continue; } if (strncmp($buf, "--\n", 3) == 0) { break; } if (strncmp($buf, '\\n', 1) == 0) { continue; } if (++$lines > 10) { $html .= ": ...................\n"; break; } $html .= ": " . htmlspecialchars($buf); } fclose($fp); } } $html .= '</textarea><br/><input type="submit" value="发送" /></form>'; echo $html; atomic_footer(); }
function pc_add_users($link, $userid, $corpusname, $manual, $blogtype = "", $groupmanager = "") { global $pcconfig, $currentuser, $bbsman_modes; if (!$userid || !$corpusname) { return -1; } if (!$blogtype) { $blogtype = "normal"; } if ($blogtype == "normal") { $lookupuser = array(); if (bbs_getuser($userid, $lookupuser) == 0) { return -2; } $userid = $lookupuser["userid"]; } else { if (!$pcconfig["TYPES"][$blogtype]) { return -3; } $userid = $pcconfig["TYPES"][$blogtype] . '.' . $userid; if (!$groupmanager) { return -4; } $lookupuser = array(); if (bbs_getuser($groupmanager, $lookupuser) == 0) { return -4; } $groupmanager = $lookupuser["userid"]; } //更新申请表 if ($manual) { $query = "INSERT INTO `newapply` ( `naid` , `username` , `appname` , `appself` , `appdirect` , `hostname` , `apptime` , `manager` , `management` ) " . "VALUES ('', '" . addslashes($userid) . "', '" . addslashes($corpusname) . "', '', '', '" . addslashes($_SERVER["REMOTE_ADDR"]) . "', NOW( ) , '" . addslashes($currentuser["userid"]) . "' , '0');"; } else { $query = "UPDATE newapply SET apptime = apptime ,manager = '" . addslashes($currentuser["userid"]) . "',management = '0' WHERE username = '******'"; } // ORDER BY naid DESC LIMIT 1 ;"; if (!mysql_query($query, $link)) { $errstr = "MySQL Error: " . mysql_error($link); pc_db_close($link); exit($errstr); } if (pc_load_infor($link, $userid)) { return -5; } if ($manual) { $query = "SELECT username FROM newapply WHERE management != 1 AND management != 3 AND management != 0 AND username = '******' LIMIT 0 , 1;"; $result = mysql_query($query, $link); if ($rows = mysql_fetch_array($result)) { return -6; } } //分配个人空间 if ($pcconfig["USERFILES"]) { $userfile_limit = $pcconfig["USERFILESLIMIT"]; $userfile_num_limit = $pcconfig["USERFILESNUMLIMIT"]; } else { $userfile_limit = $userfile_num_limit = 0; } //添加用户 $query = "INSERT INTO `users` ( `uid` , `username` , `corpusname` , `description` , `theme` , `nodelimit` , `dirlimit` , `createtime` , `style` , `backimage` , `visitcount` , `nodescount` , `logoimage` , `modifytime` , `links` , `htmleditor` , `indexnodechars` , `indexnodes` , `useremail` , `favmode` , `updatetime` , `userinfor` , `pctype` ,`defaulttopic`,`userfile`,`filelimit`) " . "VALUES ('', '" . addslashes($userid) . "', '" . addslashes($corpusname) . "', '" . addslashes($corpusname) . "' , 'others', '300', '300', NOW( ) , '0', '' , '0', '0', '' , NOW( ) , '', '1', '600', '5', '', '0', NOW( ) , '' , '0' , '其他类别' , '" . $userfile_limit . "','" . $userfile_num_limit . "');"; if (!mysql_query($query, $link)) { $errstr = "MySQL Error: " . mysql_error($link); pc_db_close($link); exit($errstr); } //log一下 if ($blogtype != "normal") { $action = $groupmanager . " 申请建立群体Blog:" . $userid . "(www)"; pc_logs($link, $action, "", $userid); } $action = $currentuser["userid"] . " 通过 " . $userid . " 的BLOG申请(www)"; pc_logs($link, $action, "", $userid); //发布公告 if ($blogtype == "normal") { bbs_user_setflag($userid, BBS_PCORP_FLAG, 1); $annTitle = "[公告] 批准 " . $userid . " 的 Blog 申请"; $annBody = "\n\n 根据用户 " . $userid . " 申请,经审核、讨论后决定开通该用户\n" . " Blog ,Blog 名称“" . $corpusname . "”。\n\n" . " Blog 大部分功能提供在web 模式下,Blog 名称、描述、\n" . " 分类等属性请用户在web 登录后自行修改。\n\n"; } else { $annTitle = "[公告] 开设 " . $userid . " 群体Blog"; $annBody = "\n\n 根据用户 " . $groupmanager . " 申请,经审核、讨论后决定开设\n" . " " . $userid . " 群体Blog,Blog 名称“" . $corpusname . "”。\n\n" . " Blog 大部分功能提供在web 模式下,Blog 名称、描述、\n" . " 分类等属性请群体Blog管理员在web 登录后自行修改。\n\n"; } $ret = bbs_postarticle($pcconfig["APPBOARD"], preg_replace("/\\\\(['|\"|\\\\])/", "\$1", $annTitle), preg_replace("/\\\\(['|\"|\\\\])/", "\$1", $annBody), 0, 0, 0, 0); if ($ret != 0) { return -7; } //发信件给用户 $ret = bbs_postmail($blogtype == "normal" ? $userid : $groupmanager, preg_replace("/\\\\(['|\"|\\\\])/", "\$1", $annTitle), preg_replace("/\\\\(['|\"|\\\\])/", "\$1", $annBody), 0, 0); if ($ret < 0) { return -8; } //标记公告 //bbs_bmmanage($pcconfig["APPBOARD"],$ret,$bbsman_modes["MARK"],0); if ($manual && $blogtype != "normal") { $pcc = pc_load_infor($link, $userid); if (!$pcc) { return -9; } pc_convertto_group($link, $pcc); pc_add_member($link, $pcc, $groupmanager); } return 0; }
/** * * construct function, initialize all information * usage: $foo = class Favorite (string userId); * * @parm string $userId: whose favorite information * @return true on success * false if some error occur * @access public * */ function Favorite($userId) { $this->userInfo = array(); if (!bbs_getuser($userId, $this->userInfo)) { $this->err = sprintf('User %s is NOT exist!', $userId); return false; } $this->userId = $this->userInfo['userid']; $this->file = $this->_get_file(); return $this->_init(); }
public function getRecord($start, $num) { $users = array(); $ret = bbs_getonline_user_list($start, $num); if ($ret == 0) { return array(); } foreach ($ret as $v) { $info = array(); if (bbs_getuser($v['userid'], $info) == 0) { throw new UserNullException(); } $users[] = new User($info, $v); } return $users; }
<?php // this script deals with inter-site post cross. require "www2-funcs.php"; require "www2-board.php"; if ($_SERVER["REMOTE_ADDR"] != "127.0.0.1") { exit; } $rpid = $_POST["rpid"]; if ($rpid == "") { exit; } // check user exists $userid = $_POST["user"]; $uarr = array(); if ($userid == "" || bbs_getuser($userid, $uarr) == 0) { print "用户 {$userid} 不存在。"; exit; } $uid = $uarr["index"]; // check board exists $bname = $_POST["board"]; $barr = array(); $bid = bbs_getboard($bname, $barr); if ($bid == 0) { print "版面 {$bname} 不存在。"; exit; } $bname = $barr["NAME"]; // check if can post if (bbs_checkreadperm($uid, $bid) == 0) {
assert_login(); $fname = bbs_sethomefile($currentuser["userid"], "ignores"); if (isset($_POST["badlist"])) { $empty = ""; for ($i = 0; $i < BBS_IDLEN; $i++) { $empty .= ""; } $badlist = explode("\n", $_POST["badlist"]); $count = count($badlist); $badstr = ""; $user = array(); $reallist = array(); $rid = 0; for ($i = 0; $i < $count; $i++) { $userid = trim($badlist[$i]); if (bbs_getuser($userid, $user)) { if ($currentuser["userid"] == $user["userid"]) { break; } $repeat = 0; for ($j = 0; $j < $rid; $j++) { if ($reallist[$j] == $user["userid"]) { $repeat = 1; break; } } if (!$repeat) { $badstr .= substr($user["userid"] . $empty, 0, BBS_IDLEN + 1); $reallist[$rid] = $user["userid"]; $rid++; }
/** * function getOnlineFriends get my online friends * online friends has more info * * @return array the element is User * @access public */ public function getOnlineFriends() { $friends = array(); $ret = bbs_getonlinefriends(); if ($ret == 0) { return array(); } foreach ($ret as $v) { $info = array(); if (bbs_getuser($v['userid'], $info) == 0) { throw new UserNullException(); } $friends[] = new User($info, $v); } return $friends; }