function AddGbook($add)
{
global $empire, $dbtbpre, $level_r, $public_r;
//验证IP
eCheckAccessDoIp('gbook');
CheckCanPostUrl();
//验证来源
$bid = (int) getcvar('gbookbid');
if (empty($bid)) {
$bid = intval($add[bid]);
}
$name = RepPostStr(trim($add[name]));
$email = RepPostStr($add[email]);
$call = RepPostStr($add[call]);
$lytext = RepPostStr($add[lytext]);
if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) {
printerror("EmptyGbookname", "history.go(-1)", 1);
}
if (!chemail($email)) {
printerror("EmailFail", "history.go(-1)", 1);
}
//验证码
$keyvname = 'checkgbookkey';
if ($public_r['gbkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
$lasttime = getcvar('lastgbooktime');
if ($lasttime) {
if (time() - $lasttime < $public_r['regbooktime']) {
printerror("GbOutTime", "", 1);
}
}
//版面是否存在
$br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';");
if (empty($br[bid])) {
printerror("EmptyGbook", "history.go(-1)", 1);
}
//权限
if ($br['groupid']) {
$user = islogin();
if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
printerror("HaveNotEnLevel", "history.go(-1)", 1);
}
}
$lytime = date("Y-m-d H:i:s");
$ip = egetip();
$userid = (int) getcvar('mluserid');
$username = RepPostVar(getcvar('mlusername'));
$sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('{$name}','{$email}','{$call}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
esetcookie("lastgbooktime", time(), time() + 3600 * 24);
//设置最后发表时间
$reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']);
printerror("AddGbookSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function AddMemberFeedback($add)
{
global $empire, $dbtbpre;
//验证码
$keyvname = 'checkspacefbkey';
ecmsCheckShowKey($keyvname, $add['key'], 1);
//用户
$userid = intval($add['userid']);
$ur = $empire->fetch1("select " . egetmf('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
if (empty($ur['userid'])) {
printerror("NotUsername", "", 1);
}
//发表者
$uid = (int) getcvar('mluserid');
if ($uid) {
$uname = RepPostVar(getcvar('mlusername'));
} else {
$uid = 0;
$uname = '';
}
$uname = RepPostStr($uname);
$name = RepPostStr($add['name']);
$company = RepPostStr($add['company']);
$phone = RepPostStr($add['phone']);
$fax = RepPostStr($add['fax']);
$email = RepPostStr($add['email']);
$address = RepPostStr($add['address']);
$zip = RepPostStr($add['zip']);
$title = RepPostStr($add['title']);
$ftext = RepPostStr($add['ftext']);
if (!trim($name) || !trim($title) || !trim($ftext)) {
printerror("EmptyMemberFeedback", "history.go(-1)", 1);
}
$addtime = date("Y-m-d H:i:s");
$ip = egetip();
$eipport = egetipport();
$sql = $empire->query("insert into {$dbtbpre}enewsmemberfeedback(name,company,phone,fax,email,address,zip,title,ftext,userid,ip,uid,uname,addtime,eipport) values('{$name}','{$company}','{$phone}','{$fax}','{$email}','{$address}','{$zip}','{$title}','{$ftext}',{$userid},'{$ip}',{$uid},'{$uname}','{$addtime}','{$eipport}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
printerror("AddMemberFeedbackSuccess", $_SERVER['HTTP_REFERER'], 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function AddMemberGbook($add)
{
global $empire, $dbtbpre;
//验证码
$keyvname = 'checkspacegbkey';
ecmsCheckShowKey($keyvname, $add['key'], 1);
//用户
$userid = intval($add['userid']);
$ur = $empire->fetch1("select " . eReturnSelectMemberF('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
if (empty($ur['userid'])) {
printerror("NotUsername", "", 1);
}
//发表者
$uid = (int) getcvar('mluserid');
if ($uid) {
$uname = RepPostVar(getcvar('mlusername'));
} else {
$uid = 0;
$uname = trim($add['uname']);
}
$uname = RepPostStr($uname);
$gbtext = RepPostStr($add['gbtext']);
if (empty($uname) || !trim($gbtext)) {
printerror("EmptyMemberGbook", "history.go(-1)", 1);
}
$isprivate = intval($add['isprivate']);
$addtime = date("Y-m-d H:i:s");
$ip = egetip();
$eipport = egetipport();
$sql = $empire->query("insert into {$dbtbpre}enewsmembergbook(userid,isprivate,uid,uname,ip,addtime,gbtext,retext,eipport) values({$userid},{$isprivate},{$uid},'{$uname}','{$ip}','{$addtime}','{$gbtext}','','{$eipport}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
printerror("AddMemberGbookSuccess", $_SERVER['HTTP_REFERER'], 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function login($username, $password, $key, $post)
{
global $empire, $public_r, $dbtbpre, $do_loginauth, $do_ckhloginfile;
$username = RepPostVar($username);
$password = RepPostVar($password);
if (!$username || !$password) {
printerror("EmptyKey", "index.php");
}
//验证码
$keyvname = 'checkkey';
if (!$public_r['adminloginkey']) {
ecmsCheckShowKey($keyvname, $key, 0, 0);
}
if (strlen($username) > 30 || strlen($password) > 30) {
printerror("EmptyKey", "index.php");
}
$loginip = egetip();
$logintime = time();
CheckLoginNum($loginip, $logintime);
//认证码
if ($do_loginauth && $do_loginauth != $post['loginauth']) {
InsertErrorLoginNum($username, $password, 1, $loginip, $logintime);
printerror("ErrorLoginAuth", "index.php");
}
$user_r = $empire->fetch1("select userid,password,salt,lasttime,lastip from {$dbtbpre}enewsuser where username='******' and checked=0 limit 1");
if (!$user_r['userid']) {
InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
printerror("LoginFail", "index.php");
}
$ch_password = md5(md5($password) . $user_r['salt']);
if ($user_r['password'] != $ch_password) {
InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
printerror("LoginFail", "index.php");
}
//安全问答
$user_addr = $empire->fetch1("select userid,equestion,eanswer from {$dbtbpre}enewsuseradd where userid='{$user_r['userid']}'");
if (!$user_addr['userid']) {
InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
printerror("LoginFail", "index.php");
}
if ($user_addr['equestion']) {
$equestion = (int) $post['equestion'];
$eanswer = $post['eanswer'];
if ($user_addr['equestion'] != $equestion) {
InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
printerror("LoginFail", "index.php");
}
$ckeanswer = ReturnHLoginQuestionStr($user_r['userid'], $username, $user_addr['equestion'], $eanswer);
if ($ckeanswer != $user_addr['eanswer']) {
InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
printerror("LoginFail", "index.php");
}
}
//取得随机密码
$rnd = make_password(20);
$sql = $empire->query("update {$dbtbpre}enewsuser set rnd='{$rnd}',loginnum=loginnum+1,lastip='{$loginip}',lasttime='{$logintime}',pretime='{$user_r['lasttime']}',preip='" . RepPostVar($user_r[lastip]) . "' where username='******' limit 1");
$r = $empire->fetch1("select groupid,userid,styleid from {$dbtbpre}enewsuser where username='******' limit 1");
//样式
if (empty($r[styleid])) {
$stylepath = $public_r['defadminstyle'] ? $public_r['defadminstyle'] : 1;
} else {
$styler = $empire->fetch1("select path,styleid from {$dbtbpre}enewsadminstyle where styleid='{$r['styleid']}'");
if (empty($styler[styleid])) {
$stylepath = $public_r['defadminstyle'] ? $public_r['defadminstyle'] : 1;
} else {
$stylepath = $styler['path'];
}
}
//设置备份
$cdbdata = 0;
$bnum = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsgroup where groupid='{$r['groupid']}' and dodbdata=1");
if ($bnum) {
$cdbdata = 1;
$set5 = esetcookie("ecmsdodbdata", "empirecms", 0, 1);
} else {
$set5 = esetcookie("ecmsdodbdata", "", 0, 1);
}
ecmsEmptyShowKey($keyvname, 0);
//清空验证码
$set4 = esetcookie("loginuserid", $r[userid], 0, 1);
$set1 = esetcookie("loginusername", $username, 0, 1);
$set2 = esetcookie("loginrnd", $rnd, 0, 1);
$set3 = esetcookie("loginlevel", $r[groupid], 0, 1);
$set5 = esetcookie("eloginlic", "empirecmslic", 0, 1);
$set6 = esetcookie("loginadminstyleid", $stylepath, 0, 1);
//COOKIE加密验证
if (empty($do_ckhloginfile)) {
DoEDelFileRnd($r[userid]);
}
DoECookieRnd($r[userid], $username, $rnd, $cdbdata, $r[groupid], intval($stylepath), $logintime);
//最后登陆时间
$set4 = esetcookie("logintime", $logintime, 0, 1);
$set5 = esetcookie("truelogintime", $logintime, 0, 1);
//写入日志
insert_log($username, '', 1, $loginip, 0);
//FireWall
FWSetPassword();
if ($set1 && $set2 && $set3) {
//操作日志
insert_dolog("");
if ($post['adminwindow']) {
?>
<script>
AdminWin=window.open("admin.php","EmpireCMS","scrollbars");
AdminWin.moveTo(0,0);
AdminWin.resizeTo(screen.width,screen.height-30);
self.location.href="blank.php";
</script>
<?php
exit;
} else {
printerror("LoginSuccess", "admin.php");
}
} else {
printerror("NotCookie", "index.php");
}
}
function ReturnAddF($add, $modid, $userid, $username, $do = 0, $rdata = 0, $ch = 0)
{
global $empire, $public_r, $dbtbpre, $emod_r;
if ($do == 0 || $do == 1) {
//导入gd处理文件
if ($add['mark'] || $add['getfirsttitlespic'] || $add['mcreatespic']) {
include_once ECMS_PATH . 'e/class/gd.php';
}
}
$ret_r['tb'] = $emod_r[$modid]['deftb'];
$r = explode(',', $emod_r[$modid][enter]);
$count = count($r) - 1;
if (empty($do)) {
//数据库操作
for ($i = 1; $i < $count; $i++) {
$f = $r[$i];
if ($f == 'special.field' || !strstr($emod_r[$modid]['canaddf'], ',' . $f . ',')) {
continue;
}
$add[$f] = ReturnCheckboxAddF($add[$f], $modid, $f);
//复选框
$value = RepPhpAspJspcodeText($add[$f]);
if ($f == 'newstime') {
$value = empty($value) ? time() : to_time($value);
} elseif ($f == "morepic") {
$value = ReturnMorepicpath($add['msmallpic'], $add['mbigpic'], $add['mpicname'], $add['mdelpicid'], $add['mpicid'], $add, $add['mpicurl_qz'], 0);
} elseif ($f == "downpath") {
$value = ReturnDownpath($add['downname'], $add['downpath'], $add['delpathid'], $add['pathid'], $add['downuser'], $add['fen'], $add['thedownqz'], $add, $add['foruser'], $add['downurl_qz'], 0);
} elseif ($f == "onlinepath") {
$value = ReturnDownpath($add['odownname'], $add['odownpath'], $add['odelpathid'], $add['opathid'], $add['odownuser'], $add['ofen'], $add['othedownqz'], $add, $add['oforuser'], $add['onlineurl_qz'], 0);
} elseif ($f == "smalltext") {
if (!trim($value)) {
$value = SubSmalltextVal($add[newstext], $public_r[smalltextlen]);
//截取新闻内容
}
} elseif ($f == 'infoip') {
$value = egetip();
} elseif ($f == 'infozm') {
$value = $value ? $value : GetInfoZm($add[title]);
}
//处理函数
$value = DoFFun($modid, $f, $value, 1, 0);
//检测必填字段
if ($ch == 1 && empty($add['titleurl'])) {
ChMustAddF($modid, $f, $value);
ChIsOnlyAddF($modid, 0, $f, $value, 0);
//唯一值
}
//编辑器
if ($f == "newstext") {
//远程保存
$value = addslashes(CopyImg(stripSlashes($value), $add[copyimg], $add[copyflash], $add[classid], $add[qz_url], $username, $add['id'], $add['filepass'], $add['mark']));
//替换关键字和字符
$value = DoReplaceKeyAndWord($value, $add['dokey']);
//自动分页
if ($add[autopage] && !strstr($value, "[!--empirenews.page--]")) {
if (empty($add[autosize])) {
$add[autosize] = 5000;
}
$value = AutoDoPage($value, $add[autosize]);
}
}
//存文本
if ($emod_r[$modid]['savetxtf'] && $f == $emod_r[$modid]['savetxtf']) {
//建立目录
$thetxtfile = GetFileMd5();
$truevalue = MkDirTxtFile(date("Y/md"), $thetxtfile);
//写放文件
EditTxtFieldText($truevalue, $value);
$value = $truevalue;
}
if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) {
$ret_r['datafields'] .= "," . $f;
$ret_r['datavalues'] .= ",'" . addslashes($value) . "'";
} else {
$ret_r['fields'] .= "," . $f;
$ret_r['values'] .= ",'" . addslashes($value) . "'";
}
}
} elseif ($do == 1) {
//数据库操作
for ($i = 1; $i < $count; $i++) {
$f = $r[$i];
if ($f == "special.field" || !strstr($emod_r[$modid]['caneditf'], ',' . $f . ',')) {
continue;
}
$add[$f] = ReturnCheckboxAddF($add[$f], $modid, $f);
//复选框
$value = RepPhpAspJspcodeText($add[$f]);
if ($f == 'newstime') {
$value = empty($value) ? time() : to_time($value);
} elseif ($f == "morepic") {
$value = ReturnMorepicpath($add['msmallpic'], $add['mbigpic'], $add['mpicname'], $add['mdelpicid'], $add['mpicid'], $add, $add['mpicurl_qz'], 1);
} elseif ($f == "downpath") {
$value = ReturnDownpath($add['downname'], $add['downpath'], $add['delpathid'], $add['pathid'], $add['downuser'], $add['fen'], $add['thedownqz'], $add, $add['foruser'], $add['downurl_qz'], 1);
} elseif ($f == "onlinepath") {
$value = ReturnDownpath($add['odownname'], $add['odownpath'], $add['odelpathid'], $add['opathid'], $add['odownuser'], $add['ofen'], $add['othedownqz'], $add, $add['oforuser'], $add['onlineurl_qz'], 1);
} elseif ($f == "smalltext") {
if (!trim($value)) {
$value = SubSmalltextVal($add[newstext], $public_r[smalltextlen]);
//截取新闻内容
}
} elseif ($f == 'infozm') {
$value = $value ? $value : GetInfoZm($add[title]);
}
//处理函数
$value = DoFFun($modid, $f, $value, 0, 0);
//检测必填字段
if ($ch == 1 && empty($add['titleurl'])) {
ChMustAddF($modid, $f, $value);
ChIsOnlyAddF($modid, $add[id], $f, $value, 0);
//唯一值
}
//数据同步
SameDataAddF($add[id], $add[classid], $modid, $f, $value);
//内容
if ($f == "newstext") {
//远程保存
$value = addslashes(CopyImg(stripSlashes($value), $add[copyimg], $add[copyflash], $add[classid], $add[qz_url], $username, $add['id'], $add['filepass'], $add['mark']));
//自动分页
if ($add[autopage] && !strstr($value, "[!--empirenews.page--]")) {
if (empty($add[autosize])) {
$add[autosize] = 5000;
}
$value = AutoDoPage($value, $add[autosize]);
}
}
//存文本
if ($emod_r[$modid]['savetxtf'] && $f == $emod_r[$modid]['savetxtf']) {
//建立目录
$newstexttxt_r = explode("/", $add[newstext_url]);
$thetxtfile = $newstexttxt_r[2];
$truevalue = MkDirTxtFile($newstexttxt_r[0] . "/" . $newstexttxt_r[1], $thetxtfile);
//写放文件
EditTxtFieldText($truevalue, $value);
$value = $truevalue;
}
if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) {
$ret_r['datafields'] .= "," . $f;
$ret_r['datavalues'] .= "," . $f . "='" . addslashes($value) . "'";
} else {
$ret_r['fields'] .= "," . $f;
$ret_r['values'] .= "," . $f . "='" . addslashes($value) . "'";
}
}
} elseif ($do == 8) {
//数据库操作
for ($i = 1; $i < $count; $i++) {
$f = $r[$i];
if ($f == 'special.field') {
continue;
}
$value = $add[$f];
//存文本
if ($emod_r[$modid]['savetxtf'] && $f == $emod_r[$modid]['savetxtf']) {
//建立目录
$newstexttxt_r = explode("/", $add[newstext_url]);
$thetxtfile = $newstexttxt_r[2];
$truevalue = MkDirTxtFile($newstexttxt_r[0] . "/" . $newstexttxt_r[1], $thetxtfile);
//写放文件
EditTxtFieldText($truevalue, $value);
$value = $truevalue;
}
if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) {
$ret_r['datafields'] .= "," . $f;
$ret_r['datavalues'] .= "," . $f . "='" . StripAddsData($value) . "'";
} else {
$ret_r['fields'] .= "," . $f;
$ret_r['values'] .= "," . $f . "='" . StripAddsData($value) . "'";
}
}
} elseif ($do == 9) {
//数据库操作
for ($i = 1; $i < $count; $i++) {
$f = $r[$i];
if ($f == 'special.field') {
continue;
}
$value = $add[$f];
//存文本
if ($emod_r[$modid]['savetxtf'] && $f == $emod_r[$modid]['savetxtf']) {
//建立目录
$thetxtfile = GetFileMd5();
$truevalue = MkDirTxtFile(date("Y/md"), $thetxtfile);
//写放文件
EditTxtFieldText($truevalue, $value);
$value = $truevalue;
}
if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) {
$ret_r['datafields'] .= "," . $f;
$ret_r['datavalues'] .= ",'" . StripAddsData($value) . "'";
} else {
$ret_r['fields'] .= "," . $f;
$ret_r['values'] .= ",'" . StripAddsData($value) . "'";
}
}
} elseif ($do == 10) {
//数据库操作
for ($i = 1; $i < $count; $i++) {
$f = $r[$i];
if ($f == 'special.field') {
continue;
}
$value = $add[$f];
if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) {
$ret_r['datafields'] .= "," . $f;
$ret_r['datavalues'] .= ",'" . StripAddsData($value) . "'";
} else {
$ret_r['fields'] .= "," . $f;
$ret_r['values'] .= ",'" . StripAddsData($value) . "'";
}
}
}
return $ret_r;
}
function ReturnDownSysCheckIp()
{
global $DownSys_CheckIp;
$ip = $DownSys_CheckIp ? egetip() : '127.0.0.1';
return $ip;
}
$rechangeclass = '';
//验证会员信息
$mloginauthr = qCheckLoginAuthstr();
//取得登陆会员资料
if ($muserid && $mloginauthr['islogin']) {
$memberinfor = $empire->fetch1("select " . eReturnSelectMemberF('*', 'u.') . ",ui.* from " . eReturnMemberTable() . " u LEFT JOIN {$dbtbpre}enewsmemberadd ui ON u." . egetmf('userid') . "=ui.userid where u." . egetmf('userid') . "='{$muserid}' limit 1");
}
//增加
if ($enews == "MAddInfo") {
$cr = DoQCheckAddLevel($classid, $muserid, $musername, $mrnd, 0, 1);
$mr = $empire->fetch1("select qenter,qmname from {$dbtbpre}enewsmod where mid='{$cr['modid']}'");
if (empty($mr['qenter'])) {
printerror("NotOpenCQInfo", "history.go(-1)", 1);
}
//IP发布数限制
$check_ip = egetip();
$check_checked = $cr['wfid'] ? 0 : $cr['checkqadd'];
eCheckIpAddInfoNum($check_ip, $cr['tbname'], $cr['modid'], $check_checked);
//初始变量
$word = "增加信息";
$ecmsfirstpost = 1;
$rechangeclass = " [<a href='ChangeClass.php?mid=" . $mid . "'>重新选择</a>]";
//验证码
if ($cr['qaddshowkey']) {
$showkey = "<tr bgcolor=\"#FFFFFF\">\n <td width=\"11%\" height=\"25\">验证码</td>\n <td height=\"25\"><input name=\"key\" type=\"text\" size=\"6\">\n <img src=\"../ShowKey/?v=info\" name=\"infoKeyImg\" id=\"infoKeyImg\" onclick=\"infoKeyImg.src='../ShowKey/?v=info&t='+Math.random()\" title=\"看不清楚,点击刷新\"></td></tr>";
}
//图片
$imgwidth = 0;
$imgheight = 0;
//文件验证码
$filepass = time();
$strCmdNo = "1";
//财付通支付为"1" (当前只支持 cmdno=1)
$strBillDate = date('Ymd');
//交易日期 (yyyymmdd)
$desc = $productname;
//商品名称
$strBuyerId = "";
//QQ号码
$strSpBillNo = $ddno ? $ddno : time();
//订单号
esetcookie("checkpaysession", $strSpBillNo, 0);
//设置定单号
$strTransactionId = $bargainor_id . $strBillDate . $strSpBillNo;
//交易订单号
$attach = $strSpBillNo;
$spbill_create_ip = egetip();
//md5
$strSignText = "cmdno=" . $strCmdNo . "&date=" . $strBillDate . "&bargainor_id=" . $bargainor_id . "&transaction_id=" . $strTransactionId . "&sp_billno=" . $strSpBillNo . "&total_fee=" . $total_fee . "&fee_type=" . $fee_type . "&return_url=" . $return_url . "&attach=" . $attach . "&spbill_create_ip=" . $spbill_create_ip . "&key=" . $key;
$strSign = strtoupper(md5($strSignText));
?>
<html>
<title>财付通支付</title>
<meta http-equiv="Cache-Control" content="no-cache"/>
<body>
<form action="https://www.tenpay.com/cgi-bin/v1.0/pay_gate.cgi" name="dopaypost" id="dopaypost">
<input type=hidden name="cmdno" value="<?php
echo $strCmdNo;
?>
">
<input type=hidden name="date" value="<?php
echo $strBillDate;
function AddUser($username, $password, $repassword, $groupid, $adminclass, $checked, $styleid, $loginuserid, $loginusername)
{
global $empire, $class_r, $dbtbpre;
if (!$username || !$password || !$repassword) {
printerror("EmptyUsername", "history.go(-1)");
}
if ($password != $repassword) {
printerror("NotRepassword", "history.go(-1)");
}
if (strlen($password) < 6) {
printerror("LessPassword", "history.go(-1)");
}
//操作权限
CheckLevel($loginuserid, $loginusername, $classid, "user");
$num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsuser where username='******' limit 1");
if ($num) {
printerror("ReUsername", "history.go(-1)");
}
//管理目录
for ($i = 0; $i < count($adminclass); $i++) {
//大栏目
if (empty($class_r[$adminclass[$i]][islast])) {
if (empty($class_r[$adminclass[$i]][sonclass]) || $class_r[$adminclass[$i]][sonclass] == "|") {
continue;
} else {
$andclass = substr($class_r[$adminclass[$i]][sonclass], 1);
}
$insert_class .= $andclass;
} else {
$insert_class .= $adminclass[$i] . "|";
}
}
$insert_class = "|" . $insert_class;
$styleid = (int) $styleid;
$groupid = (int) $groupid;
$checked = (int) $checked;
$filelevel = (int) $_POST['filelevel'];
$classid = (int) $_POST['classid'];
$rnd = make_password(20);
$salt = make_password(8);
$salt2 = make_password(20);
$password = DoEmpireCMSAdminPassword($password, $salt, $salt2);
$truename = ehtmlspecialchars($_POST['truename']);
$email = ehtmlspecialchars($_POST['email']);
$openip = ehtmlspecialchars($_POST['openip']);
$addtime = time();
$addip = egetip();
$addipport = egetipport();
$userprikey = make_password(48);
$sql = $empire->query("insert into {$dbtbpre}enewsuser(username,password,rnd,groupid,adminclass,checked,styleid,filelevel,salt,loginnum,lasttime,lastip,truename,email,classid,addtime,addip,userprikey,salt2,lastipport,preipport,addipport) values('{$username}','{$password}','{$rnd}',{$groupid},'{$insert_class}',{$checked},{$styleid},'{$filelevel}','{$salt}',0,0,'','{$truename}','{$email}','{$classid}','{$addtime}','{$addip}','{$userprikey}','{$salt2}','{$addipport}','{$addipport}','{$addipport}');");
$userid = $empire->lastid();
//安全提问
$equestion = (int) $_POST['equestion'];
$eanswer = $_POST['eanswer'];
if ($equestion) {
if (!$eanswer) {
printerror('EmptyEAnswer', '');
}
$eanswer = ReturnHLoginQuestionStr($userid, $username, $equestion, $eanswer);
} else {
$equestion = 0;
$eanswer = '';
}
$empire->query("insert into {$dbtbpre}enewsuseradd(userid,equestion,eanswer,openip) values('{$userid}','{$equestion}','{$eanswer}','{$openip}');");
if ($sql) {
$cache_enews = 'douserinfo';
$cache_ecmstourl = urlencode('user/AddUser.php?enews=AddUser' . hReturnEcmsHashStrHref2(0));
$cache_mess = 'AddUserSuccess';
$cache_uid = $userid;
$cache_url = "../CreateCache.php?enews={$cache_enews}&uid={$cache_uid}&ecmstourl={$cache_ecmstourl}&mess={$cache_mess}" . hReturnEcmsHashStrHref2(0);
//操作日志
insert_dolog("userid=" . $userid . "<br>username="******"AddUserSuccess","AddUser.php?enews=AddUser".hReturnEcmsHashStrHref2(0));
echo '<meta http-equiv="refresh" content="0;url=' . $cache_url . '">';
db_close();
$empire = null;
exit;
} else {
printerror("DbError", "history.go(-1)");
}
}
function PayApiBuyGroupPay($bgid, $money, $orderid, $userid, $username, $groupid, $ecms_paytype)
{
global $empire, $dbtbpre, $level_r;
$bgid = (int) $bgid;
$userid = (int) $userid;
$username = RepPostVar($username);
$groupid = (int) $groupid;
$ecms_paytype = RepPostVar($ecms_paytype);
//验证是否重复提交
$orderid = RepPostVar($orderid);
$num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewspayrecord where orderid='{$orderid}' limit 1");
if ($num) {
printerror('您已成功充值', '../../../', 1, 0, 1);
}
$buyr = $empire->fetch1("select * from {$dbtbpre}enewsbuygroup where id='{$bgid}'");
if ($buyr['id'] && $money == $buyr['gmoney'] && $level_r[$buyr[buygroupid]][level] <= $level_r[$groupid][level]) {
$money = (double) $money;
//充值
$user = $empire->fetch1("select " . eReturnSelectMemberF('userdate,userid,username') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}'");
eAddFenToUser($buyr['gfen'], $buyr['gdate'], $buyr['ggroupid'], $buyr['gzgroupid'], $user);
$posttime = date("Y-m-d H:i:s");
$payip = egetip();
$paybz = "充值类型:" . addslashes($buyr['gname']);
$paybz = RepPostStr($paybz);
$empire->query("insert into {$dbtbpre}enewspayrecord(id,userid,username,orderid,money,posttime,paybz,type,payip) values(NULL,'{$userid}','{$username}','{$orderid}','{$money}','{$posttime}','{$paybz}','{$ecms_paytype}','{$payip}');");
//备份充值记录
BakBuy($userid, $username, $buyr['gname'], $buyr['gfen'], $money, $buyr['gdate'], 1);
}
printerror('您已成功充值', '../../../', 1, 0, 1);
}
<td><a href="member/ListMember.php?sear=1&schecked=1"><?php
echo $nomembernum;
?>
</a> 人</td>
</tr>
<tr>
<td height="23">过期广告:</td>
<td><a href="tool/ListAd.php?time=1"><?php
echo $outtimeadnum;
?>
</a> 个</td>
</tr>
<tr>
<td height="23">登陆者IP:</td>
<td><?php
echo egetip();
?>
</td>
</tr>
<tr>
<td height="23">程序版本:</td>
<td> <a href="http://www.phome.net" target="_blank"><strong>EmpireCMS
v<?php
echo EmpireCMS_VERSION;
?>
</strong></a> <font color="#666666">(<?php
echo EmpireCMS_LASTTIME;
?>
)</font></td>
</tr>
<tr>
function DodoInfo($add, $ecms = 0)
{
global $empire, $public_r, $emod_r, $level_r, $class_r, $dbtbpre, $fun_r;
//验证来源
if ($ecms == 0 || $ecms == 1) {
CheckCanPostUrl();
}
//开启投稿
if ($public_r['addnews_ok']) {
printerror("CloseQAdd", "", 1);
}
//验证本时间允许操作
eCheckTimeCloseDo('info');
$classid = (int) $add['classid'];
$mid = (int) $class_r[$classid]['modid'];
if (!$mid || !$classid) {
printerror("EmptyQinfoCid", "", 1);
}
$tbname = $emod_r[$mid]['tbname'];
$qenter = $emod_r[$mid]['qenter'];
if (!$tbname || !$qenter || $qenter == ',') {
printerror("ErrorUrl", "history.go(-1)", 1);
}
$muserid = (int) getcvar('mluserid');
$musername = RepPostVar(getcvar('mlusername'));
$mrnd = RepPostVar(getcvar('mlrnd'));
//取得栏目信息
$isadd = 0;
if ($ecms == 0) {
$isadd = 1;
}
$setuserday = '';
$cr = DoQCheckAddLevel($classid, $muserid, $musername, $mrnd, $ecms, $isadd);
$setuserday = $cr['checkaddnumquery'];
$filepass = (int) $add['filepass'];
$id = (int) $add['id'];
$infor = array();
//组合标题属性
$titlecolor = RepPostStr(RepPhpAspJspcodeText($add[titlecolor]));
$titlefont = TitleFont($add[titlefont], $titlecolor);
$titlecolor = "";
$titlefont = "";
$ttid = (int) $add['ttid'];
$keyboard = addslashes(RepPostStr(trim(DoReplaceQjDh($add[keyboard]))));
$keyid = '';
//返回关键字组合
if ($keyboard && strstr($qenter, ',special.field,')) {
$keyboard = str_replace('[!--f--!]', 'ecms', $keyboard);
$keyid = GetKeyid($keyboard, $classid, $id, $class_r[$classid][link_num]);
}
//验证码
$keyvname = 'checkinfokey';
//moreport
if (Moreport_ReturnMustDt()) {
define('ECMS_SELFPATH', eReturnEcmsMainPortPath());
Moreport_ResetMainTempGid();
}
//-----------------增加
if ($ecms == 0) {
//时间
$lasttime = getcvar('lastaddinfotime');
if ($lasttime) {
if (time() - $lasttime < $public_r['readdinfotime']) {
printerror("QAddInfoOutTime", "", 1);
}
}
//验证码
if ($cr['qaddshowkey']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
//IP发布数限制
$check_ip = egetip();
$check_checked = $cr['wfid'] ? 0 : $cr['checkqadd'];
eCheckIpAddInfoNum($check_ip, $tbname, $mid, $check_checked);
//返回字段
$ret_r = ReturnQAddinfoF($mid, $add, $infor, $classid, $filepass, $muserid, $musername, 0);
$checked = $cr['checkqadd'];
$havehtml = 0;
$newspath = date($cr['newspath']);
$truetime = time();
$newstime = $truetime;
$newstempid = $cr['newstempid'];
$haveaddfen = 0;
//强制签发
$isqf = 0;
if ($cr['wfid']) {
$checked = 0;
$isqf = 1;
}
//增扣点
if ($checked && $muserid) {
AddInfoFen($cr['addinfofen'], $muserid);
$haveaddfen = 1;
}
if (empty($muserid)) {
$musername = $fun_r['guest'];
}
//会员投稿数更新
if ($setuserday) {
$empire->query($setuserday);
}
//发布时间
if (!strstr($qenter, ',newstime,')) {
$ret_r[0] = ",newstime" . $ret_r[0];
$ret_r[1] = ",'{$newstime}'" . $ret_r[1];
} else {
if ($add['newstime']) {
$newstime = to_time($add['newstime']);
$newstime = intval($newstime);
}
}
//附加链接参数
$addecmscheck = empty($checked) ? '&ecmscheck=1' : '';
//索引表
$indexsql = $empire->query("insert into {$dbtbpre}ecms_" . $tbname . "_index(classid,checked,newstime,truetime,lastdotime,havehtml) values('{$classid}','{$checked}','{$newstime}','{$truetime}','{$truetime}','{$havehtml}');");
$id = $empire->lastid();
//返回表信息
$infotbr = ReturnInfoTbname($tbname, $checked, $ret_r[4]);
//主表
$sql = $empire->query("insert into " . $infotbr['tbname'] . "(id,classid,ttid,onclick,plnum,totaldown,newspath,filename,userid,username,firsttitle,isgood,istop,isqf,ismember,isurl,truetime,lastdotime,havehtml,groupid,userfen,titlefont,titleurl,stb,fstb,restb,keyboard" . $ret_r[0] . ") values('{$id}','{$classid}','{$ttid}',0,0,0,'{$newspath}','','" . $muserid . "','" . addslashes($musername) . "',0,0,0,'{$isqf}',1,0,'{$truetime}','{$truetime}','{$havehtml}',0,0,'{$titlefont}','','{$ret_r['4']}','{$public_r['filedeftb']}','{$public_r['pldeftb']}','{$keyboard}'" . $ret_r[1] . ");");
//副表
$fsql = $empire->query("insert into " . $infotbr['datatbname'] . "(id,classid,keyid,dokey,newstempid,closepl,haveaddfen,infotags" . $ret_r[2] . ") values('{$id}','{$classid}','{$keyid}',1,'{$newstempid}',0,'{$haveaddfen}',''" . $ret_r[3] . ");");
//扣点记录
if ($haveaddfen) {
if ($cr['addinfofen'] < 0) {
BakDown($classid, $id, 0, $muserid, $musername, RepPostStr($add[title]), abs($cr['addinfofen']), 3);
}
}
//签发
if ($isqf == 1) {
InfoInsertToWorkflow($id, $classid, $cr['wfid'], $muserid, addslashes($musername));
}
//文件命名
$filename = ReturnInfoFilename($classid, $id, '');
//信息地址
$infourl = GotoGetTitleUrl($classid, $id, $newspath, $filename, 0, 0, '');
$usql = $empire->query("update " . $infotbr['tbname'] . " set filename='{$filename}',titleurl='{$infourl}' where id='{$id}'");
//修改ispic
UpdateTheIspic($classid, $id, $checked);
//修改附件
if ($filepass) {
UpdateTheFile($id, $filepass, $classid, $public_r['filedeftb']);
}
//更新栏目信息数
AddClassInfos($classid, '+1', '+1', $checked);
//更新新信息数
DoUpdateAddDataNum('info', $class_r[$classid]['tid'], 1);
//清除验证码
ecmsEmptyShowKey($keyvname);
esetcookie("qeditinfo", "", 0);
//生成页面
if ($checked && !$cr['showdt']) {
$titleurl = qAddGetHtml($classid, $id);
}
//生成列表
if ($checked) {
qAddListHtml($classid, $mid, $cr['qaddlist'], $cr['listdt']);
//生成上一篇
if ($cr['repreinfo']) {
$prer = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id<{$id} and classid='{$classid}' order by id desc limit 1");
GetHtml($prer['classid'], $prer['id'], $prer, 1);
}
}
if ($sql) {
$reurl = DoingReturnUrl("AddInfo.php?classid={$classid}&mid={$mid}" . $addecmscheck, $add['ecmsfrom']);
if ($add['gotoinfourl'] && $checked) {
if ($cr['showdt'] == 1) {
$reurl = $public_r[newsurl] . "e/action/ShowInfo/?classid={$classid}&id={$id}";
} elseif ($cr['showdt'] == 2) {
$rewriter = eReturnRewriteInfoUrl($classid, $id, 1);
$reurl = $rewriter['pageurl'];
} else {
$reurl = $titleurl;
}
}
esetcookie("lastaddinfotime", time(), time() + 3600 * 24);
//设置最后发表时间
printerror("AddQinfoSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
} elseif ($ecms == 1) {
if (!$id) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
//检测权限
$infor = CheckQdoinfo($classid, $id, $muserid, $tbname, $cr['adminqinfo'], 1);
//检测时间
if ($public_r['qeditinfotime']) {
if (time() - $infor['truetime'] > $public_r['qeditinfotime'] * 60) {
printerror("QEditInfoOutTime", "history.go(-1)", 1);
}
}
$iaddfield = '';
$addfield = '';
$faddfield = '';
//返回字段
$ret_r = ReturnQAddinfoF($mid, $add, $infor, $classid, $filepass, $muserid, $musername, 1);
if ($keyboard) {
$addfield = ",keyboard='{$keyboard}'";
$faddfield = ",keyid='{$keyid}'";
}
//时间
if (strstr($qenter, ',newstime,')) {
if ($add['newstime']) {
$newstime = to_time($add['newstime']);
$newstime = intval($newstime);
$iaddfield .= ",newstime='{$newstime}'";
}
}
//修改是否需要审核
$ychecked = $infor['checked'];
if ($cr['qeditchecked']) {
$infor['checked'] = 0;
$iaddfield .= ",checked=0";
$relist = 1;
//删除原页面
DelNewsFile($infor[filename], $infor[newspath], $infor[classid], $infor[newstext], $infor[groupid]);
}
//会员投稿数更新
if ($setuserday) {
//$empire->query($setuserday);
}
$lastdotime = time();
//附加链接参数
$addecmscheck = empty($infor['checked']) ? '&ecmscheck=1' : '';
//索引表
$indexsql = $empire->query("update {$dbtbpre}ecms_" . $tbname . "_index set lastdotime={$lastdotime},havehtml=0" . $iaddfield . " where id='{$id}'");
//返回表信息
$infotbr = ReturnInfoTbname($tbname, $ychecked, $infor['stb']);
//主表
$sql = $empire->query("update " . $infotbr['tbname'] . " set lastdotime={$lastdotime},havehtml=0,ttid='{$ttid}'" . $addfield . $ret_r[0] . " where id={$id} and classid={$classid} and userid='{$muserid}' and ismember=1");
//副表
$fsql = $empire->query("update " . $infotbr['datatbname'] . " set classid='{$classid}'" . $faddfield . $ret_r[3] . " where id='{$id}'");
//修改ispic
UpdateTheIspic($classid, $id, $ychecked);
//更新附件
UpdateTheFileEdit($classid, $id, $infor['fstb']);
//未审核信息互转
if ($ychecked != $infor['checked']) {
MoveCheckInfoData($tbname, $ychecked, $infor['stb'], "id='{$id}'");
//更新栏目信息数
if ($infor['checked']) {
AddClassInfos($classid, '', '+1');
} else {
AddClassInfos($classid, '', '-1');
}
}
esetcookie("qeditinfo", "", 0);
//生成页面
if ($infor['checked'] && !$cr['showdt']) {
$titleurl = qAddGetHtml($classid, $id);
}
//生成列表
if ($infor['checked'] || $relist == 1) {
qAddListHtml($classid, $mid, $cr['qaddlist'], $cr['listdt']);
}
//生成上一篇
if ($cr['repreinfo'] && $infor['checked']) {
$prer = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id<{$id} and classid='{$classid}' order by id desc limit 1");
GetHtml($prer['classid'], $prer['id'], $prer, 1);
}
if ($sql) {
$reurl = DoingReturnUrl("ListInfo.php?mid={$mid}" . $addecmscheck, $add['ecmsfrom']);
if ($add['editgotoinfourl'] && $infor['checked']) {
if ($cr['showdt'] == 1) {
$reurl = $public_r[newsurl] . "e/action/ShowInfo/?classid={$classid}&id={$id}";
} elseif ($cr['showdt'] == 2) {
$rewriter = eReturnRewriteInfoUrl($classid, $id, 1);
$reurl = $rewriter['pageurl'];
} else {
$reurl = $titleurl;
}
}
printerror("EditQinfoSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
} elseif ($ecms == 2) {
if (!$id) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
//检测权限
$r = CheckQdoinfo($classid, $id, $muserid, $tbname, $cr['adminqinfo'], 2);
//附加链接参数
$addecmscheck = empty($r['checked']) ? '&ecmscheck=1' : '';
//返回表信息
$infotbr = ReturnInfoTbname($tbname, $r['checked'], $r['stb']);
$stf = $emod_r[$mid]['savetxtf'];
$pf = $emod_r[$mid]['pagef'];
//分页字段
if ($pf) {
if (strstr($emod_r[$mid]['tbdataf'], ',' . $pf . ',')) {
$finfor = $empire->fetch1("select " . $pf . " from " . $infotbr['datatbname'] . " where id='{$id}' limit 1");
$r[$pf] = $finfor[$pf];
}
}
//存文本
if ($stf) {
$newstextfile = $r[$stf];
$r[$stf] = GetTxtFieldText($r[$stf]);
//删除文件
DelTxtFieldText($newstextfile);
}
//删除信息文件
DelNewsFile($r[filename], $r[newspath], $classid, $r[$pf], $r[groupid]);
$indexsql = $empire->query("delete from {$dbtbpre}ecms_" . $tbname . "_index where id='{$id}'");
$sql = $empire->query("delete from " . $infotbr['tbname'] . " where id={$id} and classid={$classid} and userid='{$muserid}' and ismember=1");
$fsql = $empire->query("delete from " . $infotbr['datatbname'] . " where id={$id}");
esetcookie("qdelinfo", "", 0);
//更新栏目信息数
AddClassInfos($classid, '-1', '-1', $r['checked']);
//删除其它表记录和附件
DelSingleInfoOtherData($classid, $id, $r, 0, 0);
//生成列表
if ($r['checked']) {
qAddListHtml($classid, $mid, $cr['qaddlist'], $cr['listdt']);
//生成上一篇
if ($cr['repreinfo']) {
$prer = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id<{$id} and classid='{$classid}' order by id desc limit 1");
GetHtml($prer['classid'], $prer['id'], $prer, 1);
//下一篇
$nextr = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id>{$id} and classid='{$classid}' order by id limit 1");
if ($nextr['id']) {
GetHtml($nextr['classid'], $nextr['id'], $nextr, 1);
}
}
}
if ($sql) {
$reurl = DoingReturnUrl("ListInfo.php?mid={$mid}", $add['ecmsfrom']);
printerror("DelQinfoSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
} else {
printerror("ErrorUrl", "", 1);
}
}
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add)
{
global $empire, $dbtbpre, $public_r, $class_r, $level_r;
//验证本时间允许操作
eCheckTimeCloseDo('pl');
//验证IP
eCheckAccessDoIp('pl');
$id = (int) $id;
$repid = (int) $repid;
$classid = (int) $classid;
//验证码
$keyvname = 'checkplkey';
if ($public_r['plkey_ok']) {
ecmsCheckShowKey($keyvname, $key, 1);
}
$username = RepPostVar($username);
$password = RepPostVar($password);
$muserid = (int) getcvar('mluserid');
$musername = RepPostVar(getcvar('mlusername'));
$mgroupid = (int) getcvar('mlgroupid');
if ($muserid) {
$cklgr = qCheckLoginAuthstr();
if ($cklgr['islogin']) {
$username = $musername;
} else {
$muserid = 0;
}
} else {
if (empty($nomember)) {
if (!$username || !$password) {
printerror("FailPassword", "history.go(-1)", 1);
}
$ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password,checked,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if (empty($ur['userid'])) {
printerror("FailPassword", "history.go(-1)", 1);
}
if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) {
printerror("FailPassword", "history.go(-1)", 1);
}
if ($ur['checked'] == 0) {
printerror("NotCheckedUser", '', 1);
}
$muserid = $ur['userid'];
$mgroupid = $ur['groupid'];
} else {
$muserid = 0;
}
}
if ($public_r['plgroupid']) {
if (!$muserid) {
printerror("GuestNotToPl", "history.go(-1)", 1);
}
if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) {
printerror("NotLevelToPl", "history.go(-1)", 1);
}
}
//专题
$doaction = $add['doaction'];
if ($doaction == 'dozt') {
if (!trim($saytext) || !$classid) {
printerror("EmptyPl", "history.go(-1)", 1);
}
//是否关闭评论
$r = $empire->fetch1("select ztid,closepl,checkpl,restb from {$dbtbpre}enewszt where ztid='{$classid}'");
if (!$r['ztid']) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
if ($r['closepl']) {
printerror("CloseClassPl", "history.go(-1)", 1);
}
//审核
if ($r['checkpl']) {
$checked = 1;
} else {
$checked = 0;
}
$restb = $r['restb'];
$pubid = '-' . $classid;
$id = 0;
$pagefunr = eReturnRewritePlUrl($classid, $id, 'dozt', 0, 0, 1);
$returl = $pagefunr['pageurl'];
} else {
if (!trim($saytext) || !$id || !$classid) {
printerror("EmptyPl", "history.go(-1)", 1);
}
//表存在
if (empty($class_r[$classid][tbname])) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
//是否关闭评论
$r = $empire->fetch1("select classid,stb,restb from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' limit 1");
if (!$r['classid'] || $r['classid'] != $classid) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
if ($class_r[$r[classid]][openpl]) {
printerror("CloseClassPl", "history.go(-1)", 1);
}
//单信息关闭评论
$pubid = ReturnInfoPubid($classid, $id);
$finfor = $empire->fetch1("select closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . "_data_" . $r['stb'] . " where id='{$id}' limit 1");
if ($finfor['closepl']) {
printerror("CloseInfoPl", "history.go(-1)", 1);
}
//审核
if ($class_r[$classid][checkpl]) {
$checked = 1;
} else {
$checked = 0;
}
$restb = $r['restb'];
$pagefunr = eReturnRewritePlUrl($classid, $id, 'doinfo', 0, 0, 1);
$returl = $pagefunr['pageurl'];
}
//设置参数
$plsetr = $empire->fetch1("select pltime,plsize,plincludesize,plclosewords,plmustf,plf,plmaxfloor,plquotetemp from {$dbtbpre}enewspl_set limit 1");
if (strlen($saytext) > $plsetr['plsize']) {
$GLOBALS['setplsize'] = $plsetr['plsize'];
printerror("PlSizeTobig", "history.go(-1)", 1);
}
$time = time();
$saytime = $time;
$pltime = getcvar('lastpltime');
if ($pltime) {
if ($time - $pltime < $plsetr['pltime']) {
$GLOBALS['setpltime'] = $plsetr['pltime'];
printerror("PlOutTime", "history.go(-1)", 1);
}
}
$sayip = egetip();
$eipport = egetipport();
$username = str_replace("\r\n", "", $username);
$username = RepPostStr($username);
$saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext)));
if ($repid) {
$saytext = RepPlTextQuote($repid, $saytext, $plsetr, $restb);
CkPlQuoteFloor($plsetr['plmaxfloor'], $saytext);
//验证楼层
}
//过滤字符
$saytext = ReplacePlWord($plsetr['plclosewords'], $saytext);
if ($level_r[$mgroupid]['plchecked']) {
$checked = 0;
}
$ret_r = ReturnPlAddF($add, $plsetr, 0);
//主表
$sql = $empire->query("insert into {$dbtbpre}enewspl_" . $restb . "(pubid,username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,saytext,eipport" . $ret_r['fields'] . ") values('{$pubid}','" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'" . addslashes($saytext) . "','{$eipport}'" . $ret_r['values'] . ");");
$plid = $empire->lastid();
if ($doaction != 'dozt') {
//信息表加1
$usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}' limit 1");
}
//更新新评论数
DoUpdateAddDataNum('pl', $restb, 1);
//设置最后发表时间
$set1 = esetcookie("lastpltime", time(), time() + 3600 * 24);
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
$reurl = DoingReturnUrl($returl, $_POST['ecmsfrom']);
printerror("AddPlSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
?>
</a> 人</td>
</tr>
<tr>
<td height="23">过期广告:</td>
<td><a href="tool/ListAd.php?time=1<?php
echo $ecms_hashur['ehref'];
?>
"><?php
echo $outtimeadnum;
?>
</a> 个</td>
</tr>
<tr>
<td height="23">登陆者IP:</td>
<td><? echo egetip();?></td>
</tr>
<tr>
<td height="23">程序版本:</td>
<td> <a href="http://www.phome.net" target="_blank"><strong>EmpireCMS
v<?php
echo EmpireCMS_VERSION;
?>
Free</strong></a> <font color="#666666">(<?php
echo EmpireCMS_LASTTIME;
?>
)</font></td>
</tr>
<tr>
<td height="23">程序编码:</td>
<td><?php
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add)
{
global $empire, $public_r, $class_r, $user_userid, $user_username, $user_password, $user_dopass, $user_tablename, $user_salt, $user_checked, $user_group, $dbtbpre, $level_r;
//验证IP
eCheckAccessDoIp('pl');
$id = (int) $id;
$repid = (int) $repid;
$classid = (int) $classid;
//验证码
$keyvname = 'checkplkey';
if ($public_r['plkey_ok']) {
ecmsCheckShowKey($keyvname, $key, 1);
}
$username = RepPostVar($username);
$password = RepPostVar($password);
$muserid = (int) getcvar('mluserid');
$musername = RepPostVar(getcvar('mlusername'));
$mgroupid = (int) getcvar('mlgroupid');
if ($muserid) {
$username = $musername;
} else {
if (empty($nomember)) {
//编码转换
$utfusername = doUtfAndGbk($username, 0);
$password = doUtfAndGbk($password, 0);
//密码
if (empty($user_dopass)) {
$password = md5($password);
}
if ($user_dopass == 3) {
$password = substr(md5($password), 8, 16);
}
//双重md5
if ($user_dopass == 2) {
$ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . "," . $user_checked . "," . $user_group . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
$password = md5(md5($password) . $ur[$user_salt]);
$cuser = 0;
if ($password == $ur[$user_password]) {
$cuser = 1;
}
if (empty($ur[$user_userid])) {
$cuser = 0;
}
} else {
$ur = $empire->fetch1("select " . $user_userid . "," . $user_checked . "," . $user_group . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='{$password}' limit 1");
$cuser = 0;
if ($ur[$user_userid]) {
$cuser = 1;
}
}
if (empty($cuser)) {
printerror("FailPassword", "history.go(-1)", 1);
}
if ($ur[$user_checked] == 0) {
printerror("NotCheckedUser", '', 1);
}
$muserid = $ur[$user_userid];
$mgroupid = $ur[$user_group];
} else {
$muserid = 0;
}
}
if ($public_r['plgroupid']) {
if (!$muserid) {
printerror("GuestNotToPl", "history.go(-1)", 1);
}
if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) {
printerror("NotLevelToPl", "history.go(-1)", 1);
}
}
if (!trim($saytext) || !$id || !$classid) {
printerror("EmptyPl", "history.go(-1)", 1);
}
//表存在
if (empty($class_r[$classid][tbname])) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
if (strlen($saytext) > $public_r[plsize]) {
printerror("PlSizeTobig", "history.go(-1)", 1);
}
$saytime = date("Y-m-d H:i:s");
$time = time();
$pltime = getcvar('lastpltime');
if ($pltime) {
if ($time - $pltime < $public_r[pltime]) {
printerror("PlOutTime", "history.go(-1)", 1);
}
}
//是否关闭评论
$r = $empire->fetch1("select classid,closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' and classid='{$classid}'");
if (empty($r[classid])) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
if ($class_r[$r[classid]][openpl]) {
printerror("CloseClassPl", "history.go(-1)", 1);
}
//单信息关闭评论
if ($r['closepl']) {
printerror("CloseInfoPl", "history.go(-1)", 1);
}
$sayip = egetip();
$username = RepPostStr($username);
$username = str_replace("\r\n", "", $username);
$saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext)));
$pr = $empire->fetch1("select plclosewords,plf,plmustf,pldeftb from {$dbtbpre}enewspublic limit 1");
if ($repid) {
if (trim($saytext) == "[quote]" . $repid . "[/quote]") {
printerror("EmptyPl", "history.go(-1)", 1);
}
$saytext = RepPlTextQuote($repid, $saytext, $pr);
}
//过滤字符
$saytext = ReplacePlWord($pr['plclosewords'], $saytext);
//审核
if ($class_r[$classid][checkpl]) {
$checked = 1;
} else {
$checked = 0;
}
$ret_r = ReturnPlAddF($add, $pr, 0);
//主表
$sql = $empire->query("insert into {$dbtbpre}enewspl(username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,stb) values('" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'{$pr['pldeftb']}');");
$plid = $empire->lastid();
//副表
$fsql = $empire->query("insert into {$dbtbpre}enewspl_data_" . $pr['pldeftb'] . "(plid,classid,id,saytext" . $ret_r['fields'] . ") values('{$plid}','{$classid}','{$id}','" . addslashes($saytext) . "'" . $ret_r['values'] . ");");
//信息表加1
$usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}'");
//设置最后发表时间
$set1 = esetcookie("lastpltime", time(), time() + 3600 * 24);
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
$reurl = DoingReturnUrl("../pl/?classid={$classid}&id={$id}", $_POST['ecmsfrom']);
printerror("AddPlSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function AddDd($add)
{
global $empire, $public_r, $dbtbpre;
$shoppr = ShopSys_ReturnSet();
//验证权限
ShopCheckAddDdGroup($shoppr);
//购物车无内容
if (!getcvar('mybuycar')) {
printerror("EmptyBuycar", "history.go(-1)", 1);
}
$add[ddno] = RepPostVar($add[ddno]);
$add[truename] = RepPostStr($add[truename]);
$add[oicq] = RepPostStr($add[oicq]);
$add[msn] = RepPostStr($add[msn]);
$add[mycall] = RepPostStr($add[mycall]);
$add[phone] = RepPostStr($add[phone]);
$add[email] = RepPostStr($add[email]);
$add[address] = RepPostStr($add[address]);
$add[zip] = RepPostStr($add[zip]);
$add[signbuild] = RepPostStr($add[signbuild]);
$add[besttime] = RepPostStr($add[besttime]);
$add[bz] = RepPostStr($add[bz]);
$add[fptt] = RepPostStr($add[fptt]);
$add[fpname] = RepPostStr($add[fpname]);
$add[fp] = (int) $add[fp];
$add[psid] = (int) $add[psid];
$add[payfsid] = (int) $add[payfsid];
$add['precode'] = RepPostVar($add['precode']);
//基本必填
if (!$add['ddno']) {
printerror("EmptyBuycar", "history.go(-1)", 1);
}
//必填项
ShopSys_CheckDdMust($add, $shoppr);
$mess = "AddDdSuccess";
$haveprice = 0;
$payby = 0;
//返回购物车存放格式
$buyr = ReturnBuycardd($shoppr);
$alltotal = $buyr[2];
$alltotalfen = $buyr[1];
$buycar = $buyr[3];
$classids = $buyr['classids'];
//配送方式
$pr = array();
if ($shoppr['shoppsmust']) {
$pr = $empire->fetch1("select pid,pname,price from {$dbtbpre}enewsshopps where pid='{$add['psid']}' and isclose=0");
if (empty($pr['pid'])) {
printerror("NotPsid", "history.go(-1)", 1);
}
}
//支付方式
$payr = array();
if ($shoppr['shoppayfsmust']) {
$payr = $empire->fetch1("select payid,payname,payurl,userpay,userfen from {$dbtbpre}enewsshoppayfs where payid='{$add['payfsid']}' and isclose=0");
if (empty($payr['payid'])) {
printerror("NotPayfsid", "history.go(-1)", 1);
}
}
//取得用户信息
$user = array();
$userid = (int) getcvar('mluserid');
$username = RepPostVar(getcvar('mlusername'));
if ($userid) {
$rnd = RepPostVar(getcvar('mlrnd'));
$user = $empire->fetch1("select " . eReturnSelectMemberF('userid,money,userfen,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' and " . egetmf('rnd') . "='{$rnd}' limit 1");
if (!$user['userid']) {
printerror("MustSingleUser", "history.go(-1)", 1);
}
}
//优惠
$prer = array();
$pretotal = 0;
if ($add['precode']) {
$prer = ShopSys_GetPre($add['precode'], $alltotal, $user, $classids);
$pretotal = ShopSys_PreMoney($prer, $alltotal);
}
//运费
$truetotalmoney = $alltotal - $pretotal;
if ($pr['pid']) {
$pr['price'] = ShopSys_PrePsTotal($pr['pid'], $pr['price'], $truetotalmoney, $shoppr);
}
//发票
$fptotal = 0;
if ($add[fp]) {
$fptotal = ($alltotal - $pretotal) * ($shoppr['fpnum'] / 100);
}
//支付金额
$buyallfen = $alltotalfen + $pr['price'];
$buyallmoney = $alltotal + $pr['price'] + $fptotal - $pretotal;
if ($buyallmoney < 0) {
$buyallmoney = 0;
}
$location = "buycar/";
if ($payr[userfen]) {
if ($buyr[0]) {
printerror("NotProductForBuyfen", "history.go(-1)", 1);
} else {
if ($userid) {
$buyallfen = $alltotalfen + $pr[price];
if ($buyallfen > $user['userfen']) {
printerror("NotEnoughFenBuy", "history.go(-1)", 1);
}
//扣除点数
$usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('userfen') . "=" . egetmf('userfen') . "-" . $buyallfen . " where " . egetmf('userid') . "='{$userid}'");
if ($usql) {
$mess = "AddDdSuccessa";
$payby = 1;
$haveprice = 1;
}
} else {
printerror("NotLoginTobuy", "history.go(-1)", 1);
}
}
} elseif ($payr[userpay]) {
if ($userid) {
$buyallmoney = $alltotal + $pr[price] + $fptotal - $pretotal;
if ($buyallmoney < 0) {
$buyallmoney = 0;
}
if ($buyallmoney > $user['money']) {
printerror("NotEnoughMoneyBuy", "history.go(-1)", 1);
}
//扣除金额
$usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('money') . "=" . egetmf('money') . "-" . $buyallmoney . " where " . egetmf('userid') . "='{$userid}'");
if ($usql) {
$mess = "AddDdSuccessa";
$payby = 2;
$haveprice = 1;
}
} else {
printerror("NotLoginTobuy", "history.go(-1)", 1);
}
} elseif ($payr[payurl]) {
$mess = "AddDdAndToPaySuccess";
$location = $payr[payurl];
} else {
}
$ddtime = date("Y-m-d H:i:s");
$ddtruetime = time();
$ip = egetip();
$pr[price] = (double) $pr[price];
$alltotal = (double) $alltotal;
$alltotalfen = (double) $alltotalfen;
$fptotal = (double) $fptotal;
$pretotal = (double) $pretotal;
$sql = $empire->query("insert into {$dbtbpre}enewsshopdd(ddno,ddtime,userid,username,outproduct,haveprice,checked,truename,oicq,msn,email,`mycall`,phone,address,zip,psid,psname,pstotal,alltotal,payfsid,payfsname,payby,alltotalfen,fp,fptt,fptotal,fpname,userip,signbuild,besttime,pretotal,ddtruetime) values('{$add['ddno']}','{$ddtime}',{$userid},'{$username}',0,'{$haveprice}',0,'{$add['truename']}','{$add['oicq']}','{$add['msn']}','{$add['email']}','{$add['mycall']}','{$add['phone']}','{$add['address']}','{$add['zip']}','{$add['psid']}','{$pr['pname']}',{$pr['price']},{$alltotal},'{$add['payfsid']}','{$payr['payname']}','{$payby}',{$alltotalfen},{$add['fp']},'{$add['fptt']}',{$fptotal},'{$add['fpname']}','{$ip}','{$add['signbuild']}','{$add['besttime']}','{$pretotal}','{$ddtruetime}');");
$ddid = $empire->lastid();
$sqladd = $empire->query("insert into {$dbtbpre}enewsshopdd_add(ddid,buycar,bz,retext) values('{$ddid}','" . addslashes($buycar) . "','{$add['bz']}','');");
//减库存
if ($shoppr['cutnumtype'] == 0) {
Shopsys_CutMaxnum($ddid, $buycar, 0, $shoppr, 0);
} else {
if ($haveprice == 1) {
Shopsys_CutMaxnum($ddid, $buycar, 0, $shoppr, 0);
}
}
//优惠码
if ($prer['id']) {
$prer['id'] = (int) $prer['id'];
if ($prer['reuse'] == 0) {
$empire->query("delete from {$dbtbpre}enewsshop_precode where id='" . $prer['id'] . "'");
} elseif ($prer['reuse'] && $prer['usenum']) {
if ($prer['usenum'] <= $prer['haveusenum'] + 1) {
$empire->query("delete from {$dbtbpre}enewsshop_precode where id='" . $prer['id'] . "'");
} else {
$empire->query("update {$dbtbpre}enewsshop_precode set haveusenum=haveusenum+1 where id='" . $prer['id'] . "'");
}
}
}
if ($sql) {
$set = esetcookie("paymoneyddid", $ddid, 0);
SetBuycar("");
printerror($mess, $location, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function qlogin($add)
{
global $empire, $dbtbpre, $public_r, $ecms_config;
if ($ecms_config['member']['loginurl']) {
Header("Location:" . $ecms_config['member']['loginurl']);
exit;
}
$dopr = 1;
if ($_POST['prtype']) {
$dopr = 9;
}
$username = trim($add['username']);
$password = trim($add['password']);
if (!$username || !$password) {
printerror("EmptyLogin", "history.go(-1)", $dopr);
}
$tobind = (int) $add['tobind'];
//验证码
$keyvname = 'checkloginkey';
if ($public_r['loginkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], $dopr);
}
$username = RepPostVar($username);
$password = RepPostVar($password);
$num = 0;
$r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if (!$r['userid']) {
printerror("FailPassword", "history.go(-1)", $dopr);
}
if (!eDoCkMemberPw($password, $r['password'], $r['salt'])) {
printerror("FailPassword", "history.go(-1)", $dopr);
}
if ($r['checked'] == 0) {
if ($public_r['regacttype'] == 1) {
printerror('NotCheckedUser', '../member/register/regsend.php', 1);
} else {
printerror('NotCheckedUser', '', 1);
}
}
//绑定帐号
if ($tobind) {
MemberConnect_BindUser($r['userid']);
}
$rnd = make_password(20);
//取得随机密码
//默认会员组
if (empty($r['groupid'])) {
$r['groupid'] = eReturnMemberDefGroupid();
}
$r['groupid'] = (int) $r['groupid'];
$lasttime = time();
//IP
$lastip = egetip();
$lastipport = egetipport();
$usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('rnd') . "='{$rnd}'," . egetmf('groupid') . "='{$r['groupid']}' where " . egetmf('userid') . "='{$r['userid']}'");
$empire->query("update {$dbtbpre}enewsmemberadd set lasttime='{$lasttime}',lastip='{$lastip}',loginnum=loginnum+1,lastipport='{$lastipport}' where userid='{$r['userid']}'");
//设置cookie
$lifetime = (int) $add['lifetime'];
$logincookie = 0;
if ($lifetime) {
$logincookie = time() + $lifetime;
}
$set1 = esetcookie("mlusername", $username, $logincookie);
$set2 = esetcookie("mluserid", $r['userid'], $logincookie);
$set3 = esetcookie("mlgroupid", $r['groupid'], $logincookie);
$set4 = esetcookie("mlrnd", $rnd, $logincookie);
//验证符
qGetLoginAuthstr($r['userid'], $username, $rnd, $r['groupid'], $logincookie);
//登录附加cookie
AddLoginCookie($r);
$location = "../member/cp/";
$returnurl = getcvar('returnurl');
if ($returnurl) {
$location = $returnurl;
}
if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) {
$location = "../member/iframe/";
}
if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) {
$location = "../member/cp/";
$_POST['ecmsfrom'] = '';
}
ecmsEmptyShowKey($keyvname);
//清空验证码
$set6 = esetcookie("returnurl", "");
if ($set1 && $set2) {
//易通行系统
DoEpassport('login', $r['userid'], $username, $password, $r['salt'], $r['email'], $r['groupid'], $r['registertime']);
$location = DoingReturnUrl($location, $_POST['ecmsfrom']);
printerror("LoginSuccess", $location, $dopr);
} else {
printerror("NotCookie", "history.go(-1)", $dopr);
}
}
function eCheckAccessAdminLoginIp($openips){
if(empty($openips))
{
return '';
}
$userip=egetip();
//允许IP
if($openips)
{
$close=1;
foreach(explode("\n",$openips) as $ctrlip)
{
if(preg_match("/^(".preg_quote(($ctrlip=trim($ctrlip)),'/').")/",$userip))
{
$close=0;
break;
}
}
if($close==1)
{
echo"Ip<font color='#cccccc'>(".$userip.")</font> be prohibited.";
exit();
}
}
}
function FWCheckPassword()
{
global $do_ckhloginip, $efw_open, $efw_pass, $efw_adminckpassvar, $efw_adminckpassval;
if (!$efw_open || !$efw_adminckpassvar || !$efw_adminckpassval) {
return '';
}
$ip = $do_ckhloginip == 0 ? '127.0.0.1' : egetip();
$ecmsckpass = md5(md5($efw_adminckpassval . '-empirecms-' . $efw_pass) . '-' . $ip . '-' . $efw_adminckpassval . '-phome.net-');
if ($ecmsckpass != getcvar($efw_adminckpassvar, 1)) {
FWShowMsg('Password');
}
}
function register($username, $password, $repassword, $email)
{
global $empire, $user_tablename, $public_r, $user_groupid, $user_username, $user_userid, $user_email, $user_password, $user_dopass, $user_rnd, $user_registertime, $user_register, $user_group, $user_saltnum, $user_salt, $user_seting, $forumgroupid, $registerurl, $dbtbpre, $user_regcookietime, $user_userfen, $user_checked, $level_r;
if ($public_r['register_ok']) {
printerror("CloseRegister", "history.go(-1)", 1);
}
//验证IP
eCheckAccessDoIp('register');
if (!empty($registerurl)) {
Header("Location:{$registerurl}");
exit;
}
//已经登陆不能注册
if (getcvar('mluserid')) {
printerror("LoginToRegister", "history.go(-1)", 1);
}
CheckCanPostUrl();
//验证来源
$add = $_POST;
$username = trim($username);
$password = trim($password);
$username = RepPostVar($username);
$password = RepPostVar($password);
if (!$username || !$password || !$email) {
printerror("EmptyMember", "history.go(-1)", 1);
}
//验证码
$keyvname = 'checkregkey';
if ($public_r['regkey_ok']) {
ecmsCheckShowKey($keyvname, $_POST['key'], 1);
}
$user_groupid = (int) $user_groupid;
$groupid = (int) $add[groupid];
$groupid = empty($groupid) ? $user_groupid : $groupid;
CheckMemberGroupCanReg($groupid);
//IP
$regip = egetip();
//用户字数
$pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1");
$userlen = strlen($username);
if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) {
printerror("FaiUserlen", "history.go(-1)", 1);
}
//密码字数
$passlen = strlen($password);
if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) {
printerror("FailPasslen", "history.go(-1)", 1);
}
if ($repassword !== $password) {
printerror("NotRepassword", "history.go(-1)", 1);
}
if (!chemail($email)) {
printerror("EmailFail", "history.go(-1)", 1);
}
if (strstr($username, "|") || strstr($username, "*")) {
printerror("NotSpeWord", "history.go(-1)", 1);
}
//同一IP注册
eCheckIpRegTime($regip, $pr['regretime']);
//保留用户
toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword');
$username = RepPostStr($username);
//重复用户
$num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_username . "='{$username}' limit 1");
if ($num) {
printerror("ReUsername", "history.go(-1)", 1);
}
//重复邮箱
$email = RepPostStr($email);
if ($pr['regemailonly']) {
$num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_email . "='{$email}' limit 1");
if ($num) {
printerror("ReEmailFail", "history.go(-1)", 1);
}
}
//注册时间
if ($user_register) {
$registertime = time();
} else {
$registertime = date("Y-m-d H:i:s");
}
$birthday = $y . $m . $d;
$rnd = make_password(12);
//产生随机密码
//密码
if (empty($user_dopass)) {
$password = md5($password);
} elseif ($user_dopass == 2) {
$salt = make_password($user_saltnum);
$password = md5(md5($password) . $salt);
} elseif ($user_dopass == 3) {
$password = substr(md5($password), 8, 16);
}
//审核
$checked = ReturnGroupChecked($groupid);
if ($checked && $public_r['regacttype'] == 1) {
$checked = 0;
}
//验证附加表必填项
$fid = GetMemberFormId($groupid);
$member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username);
$sql = $empire->query("insert into " . $user_tablename . "(" . $user_username . "," . $user_password . "," . $user_email . "," . $user_registertime . "," . $user_group . "," . $user_rnd . "," . $user_userfen . "," . $user_checked . ") values('{$username}','{$password}','{$email}','{$registertime}','{$groupid}','{$rnd}','{$public_r['reggetfen']}','{$checked}');");
//取得userid
$userid = $empire->lastid();
//附加表
$addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'");
if (!$addr[userid]) {
$spacestyleid = ReturnGroupSpaceStyleid($groupid);
$sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}'" . $member_r[1] . ");");
}
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
//邮箱激活
if ($checked == 0 && $public_r['regacttype'] == 1) {
include '../class/qmemberfun.php';
SendActUserEmail($userid, $username, $email);
}
//审核
if ($checked == 0) {
$location = DoingReturnUrl("../../", $_POST['ecmsfrom']);
printerror("RegisterSuccessCheck", $location, 1);
}
$logincookie = 0;
if ($user_regcookietime) {
$logincookie = time() + $user_regcookietime;
}
$set1 = esetcookie("mlusername", $username, $logincookie);
$set2 = esetcookie("mluserid", $userid, $logincookie);
$set3 = esetcookie("mlgroupid", $groupid, $logincookie);
$set4 = esetcookie("mlrnd", $rnd, $logincookie);
$location = "../member/cp/";
$returnurl = getcvar('returnurl');
if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) {
$location = $returnurl;
}
$set5 = esetcookie("returnurl", "");
$location = DoingReturnUrl($location, $_POST['ecmsfrom']);
printerror("RegisterSuccess", $location, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function register($add)
{
global $empire, $dbtbpre, $public_r, $ecms_config;
//关闭注册
if ($public_r['register_ok']) {
printerror('CloseRegister', '', 1);
}
//验证时间段允许操作
eCheckTimeCloseDo('reg');
//验证IP
eCheckAccessDoIp('register');
if (!empty($ecms_config['member']['registerurl'])) {
Header("Location:" . $ecms_config['member']['registerurl']);
exit;
}
//已经登陆不能注册
if (getcvar('mluserid')) {
printerror('LoginToRegister', '', 1);
}
CheckCanPostUrl();
//验证来源
$username = trim($add['username']);
$password = trim($add['password']);
$username = RepPostVar($username);
$password = RepPostVar($password);
$email = RepPostStr($add['email']);
if (!$username || !$password || !$email) {
printerror("EmptyMember", "history.go(-1)", 1);
}
$tobind = (int) $add['tobind'];
//验证码
$keyvname = 'checkregkey';
if ($public_r['regkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
$user_groupid = eReturnMemberDefGroupid();
$groupid = (int) $add['groupid'];
$groupid = empty($groupid) ? $user_groupid : $groupid;
CheckMemberGroupCanReg($groupid);
//IP
$regip = egetip();
$regipport = egetipport();
//用户字数
$pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1");
$userlen = strlen($username);
if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) {
printerror('FaiUserlen', '', 1);
}
//密码字数
$passlen = strlen($password);
if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) {
printerror('FailPasslen', '', 1);
}
if ($add['repassword'] !== $password) {
printerror('NotRepassword', '', 1);
}
if (!chemail($email)) {
printerror('EmailFail', '', 1);
}
if (strstr($username, '|') || strstr($username, '*')) {
printerror('NotSpeWord', '', 1);
}
//同一IP注册
eCheckIpRegTime($regip, $pr['regretime']);
//保留用户
toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword');
$username = RepPostStr($username);
//重复用户
$num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if ($num) {
printerror('ReUsername', '', 1);
}
//重复邮箱
if ($pr['regemailonly']) {
$num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' limit 1");
if ($num) {
printerror('ReEmailFail', '', 1);
}
}
//注册时间
$lasttime = time();
$registertime = eReturnAddMemberRegtime();
$rnd = make_password(20);
//产生随机密码
$userkey = eReturnMemberUserKey();
//密码
$truepassword = $password;
$salt = eReturnMemberSalt();
$password = eDoMemberPw($password, $salt);
//审核
$checked = ReturnGroupChecked($groupid);
if ($checked && $public_r['regacttype'] == 1) {
$checked = 0;
}
//验证附加表必填项
$mr['add_filepass'] = ReturnTranFilepass();
$fid = GetMemberFormId($groupid);
$member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username);
$sql = $empire->query("insert into " . eReturnMemberTable() . "(" . eReturnInsertMemberF('username,password,rnd,email,registertime,groupid,userfen,userdate,money,zgroupid,havemsg,checked,salt,userkey') . ") values('{$username}','{$password}','{$rnd}','{$email}','{$registertime}','{$groupid}','{$public_r['reggetfen']}','0','0','0','0','{$checked}','{$salt}','{$userkey}');");
//取得userid
$userid = $empire->lastid();
//附加表
$addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'");
if (!$addr[userid]) {
$spacestyleid = ReturnGroupSpaceStyleid($groupid);
$sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}','{$lasttime}','{$regip}','1','{$regipport}','{$regipport}'" . $member_r[1] . ");");
}
//更新附件
UpdateTheFileOther(6, $userid, $mr['add_filepass'], 'member');
ecmsEmptyShowKey($keyvname);
//清空验证码
//绑定帐号
if ($tobind) {
MemberConnect_BindUser($userid);
}
if ($sql) {
//邮箱激活
if ($checked == 0 && $public_r['regacttype'] == 1) {
include 'class/member_actfun.php';
SendActUserEmail($userid, $username, $email);
}
//审核
if ($checked == 0) {
$location = DoingReturnUrl("../../", $_POST['ecmsfrom']);
printerror("RegisterSuccessCheck", $location, 1);
}
$logincookie = 0;
if ($ecms_config['member']['regcookietime']) {
$logincookie = time() + $ecms_config['member']['regcookietime'];
}
$r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
$set1 = esetcookie("mlusername", $username, $logincookie);
$set2 = esetcookie("mluserid", $userid, $logincookie);
$set3 = esetcookie("mlgroupid", $groupid, $logincookie);
$set4 = esetcookie("mlrnd", $rnd, $logincookie);
//验证符
qGetLoginAuthstr($userid, $username, $rnd, $groupid, $logincookie);
//登录附加cookie
AddLoginCookie($r);
$location = "../member/cp/";
$returnurl = getcvar('returnurl');
if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) {
$location = $returnurl;
}
$set5 = esetcookie("returnurl", "");
//易通行系统
DoEpassport('reg', $userid, $username, $truepassword, $salt, $email, $groupid, $registertime);
$location = DoingReturnUrl($location, $_POST['ecmsfrom']);
printerror("RegisterSuccess", $location, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function EditInfo($post)
{
global $empire, $dbtbpre, $public_r;
$user_r = islogin();
//是否登陆
$userid = $user_r[userid];
$username = $user_r[username];
$dousername = $username;
$rnd = $user_r[rnd];
$groupid = $user_r[groupid];
if (!$userid || !$username) {
printerror("NotEmpty", "history.go(-1)", 1);
}
//验证附加表必填项
$addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'");
$user_r = $empire->fetch1("select " . eReturnSelectMemberF('groupid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}'");
$fid = GetMemberFormId($user_r['groupid']);
if (empty($addr[userid])) {
$mr['add_filepass'] = $userid;
$member_r = ReturnDoMemberF($fid, $post, $mr, 0, $dousername);
} else {
$addr['add_filepass'] = $userid;
$member_r = ReturnDoMemberF($fid, $post, $addr, 1, $dousername);
}
//附加表
if (empty($addr[userid])) {
//IP
$regip = egetip();
$regipport = egetipport();
$lasttime = time();
$sql = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$regip}','{$lasttime}','{$regip}',1,'{$regipport}','{$regipport}'" . $member_r[1] . ");");
} else {
$sql = $empire->query("update {$dbtbpre}enewsmemberadd set userid='{$userid}'" . $member_r[0] . " where userid='{$userid}'");
}
//更新附件
UpdateTheFileEditOther(6, $userid, 'member');
if ($sql) {
printerror("EditInfoSuccess", "../member/EditInfo/", 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
}
}
}
}
//变量
$thisdownname = $showdown_r[0];
//当前下载地址名称
$classname = $class_r[$r[classid]]['classname'];
//栏目名
$bclassid = $class_r[$r[classid]]['bclassid'];
//父栏目ID
$bclassname = $class_r[$bclassid]['classname'];
//父栏目名
$titleurl = sys_ReturnBqTitleLink($r);
//信息链接
$newstime = date('Y-m-d H:i:s', $r['newstime']);
$titlepic = $r['titlepic'] ? $r['titlepic'] : $public_r[newsurl] . "e/data/images/notimg.gif";
$ip = egetip();
$pass = md5(ReturnDownSysCheckIp() . "wm_chief" . $public_r[downpass] . $user[userid]);
//验证码
$url = "../doaction.php?enews=DownSoft&classid={$classid}&id={$id}&pathid={$pathid}&pass="******"&p=" . $user[userid] . ":::" . $user[rnd];
//下载地址
$trueurl = ReturnDSofturl($showdown_r[1], $showdown_r[4], '../../', 1);
//真实文件地址
$fen = $showdown_r[3];
//下载点数
$downuser = $level_r[$downgroup][groupname];
//下载等级
@(include '../../data/template/downpagetemp.php');
db_close();
$empire = null;
function FWCheckPassword()
{
global $ecms_config;
if (!$ecms_config['fw']['eopen'] || !$ecms_config['fw']['adminckpassvar'] || !$ecms_config['fw']['adminckpassval']) {
return '';
}
$ip = $ecms_config['esafe']['ckhloginip'] == 0 ? '127.0.0.1' : egetip();
$ecmsckpass = md5(md5($ecms_config['fw']['adminckpassval'] . '-empirecms-' . $ecms_config['fw']['epass']) . '-' . $ip . '-' . $ecms_config['fw']['adminckpassval'] . '-phome.net-');
if ($ecmsckpass != getcvar($ecms_config['fw']['adminckpassvar'], 1)) {
FWShowMsg('Password');
}
}
function AddError($add)
{
global $empire, $class_r, $dbtbpre;
CheckCanPostUrl();
//验证来源
$id = (int) $add['id'];
$classid = (int) $add['classid'];
if (!$classid || !$id || !trim($add[errortext])) {
printerror("EmptyErrortext", "history.go(-1)", 1);
}
//返回标题链接
if (empty($class_r[$classid][tbname])) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
$r = $empire->fetch1("select isurl,titleurl,classid,id from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' limit 1");
if (empty($r[id]) || $r['classid'] != $classid) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
$cid = (int) $add[cid];
$titleurl = sys_ReturnBqTitleLink($r);
$email = RepPostStr($add[email]);
$ip = egetip();
$errortext = RepPostStr($add[errortext]);
$errortime = date("Y-m-d H:i:s");
$sql = $empire->query("insert into {$dbtbpre}enewsdownerror(id,errortext,errorip,errortime,email,classid,cid) values({$id},'" . addslashes($errortext) . "','{$ip}','{$errortime}','" . addslashes($email) . "',{$classid},'{$cid}');");
if ($sql) {
printerror("AddErrorSuccess", $titleurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function DoVote($r, $vote)
{
//投票期限
if ($r['dotime'] != "0000-00-00") {
$endtime = to_date($r['dotime']);
if ($endtime < time()) {
printerror("VoteOutDate", "history.go(-1)", 1);
}
}
//IP限制
if (empty($r['voteip'])) {
$r['voteip'] = '|';
}
$ip = egetip();
if ($r['doip']) {
if (strstr($r['voteip'], '|' . $ip . '|')) {
printerror("ReVote", "history.go(-1)", 1);
}
$r['voteip'] = $r['voteip'] . $ip . "|";
}
$VoteField = "::::::";
$VoteRecord = "\r\n";
$vote_r = explode($VoteRecord, $r['votetext']);
$new_vote_total = 0;
if ($r['voteclass']) {
$vote_count = count($vote);
if (empty($vote_count)) {
printerror("EmptyChangeVote", "history.go(-1)", 1);
}
for ($j = 0; $j < $vote_count; $j++) {
$new_vote_total++;
$v_r = explode($VoteField, $vote_r[$vote[$j] - 1]);
if (empty($v_r[0])) {
continue;
}
$vote_num = $v_r[1] + 1;
$vote_r[$vote[$j] - 1] = $v_r[0] . $VoteField . $vote_num;
}
} else {
if (empty($vote)) {
printerror("NotChangeVote", "history.go(-1)", 1);
}
$v_r = explode($VoteField, $vote_r[$vote - 1]);
if (empty($v_r[0])) {
printerror("NotChangeVote", "history.go(-1)", 1);
}
$vote_num = $v_r[1] + 1;
$vote_r[$vote - 1] = $v_r[0] . $VoteField . $vote_num;
$new_vote_total = 1;
}
for ($n = 0; $n < count($vote_r); $n++) {
$new_votetext .= $vote_r[$n] . $VoteRecord;
}
$new_votetext = substr($new_votetext, 0, strlen($new_votetext) - 2);
//去掉最后的字符
//返回数组
$re['votetotal'] = $new_vote_total;
$re['votetext'] = $new_votetext;
$re['voteip'] = $r['voteip'];
return $re;
}