function AddMemberFeedback($add)
{
global $empire, $dbtbpre;
//验证码
$keyvname = 'checkspacefbkey';
ecmsCheckShowKey($keyvname, $add['key'], 1);
//用户
$userid = intval($add['userid']);
$ur = $empire->fetch1("select " . egetmf('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
if (empty($ur['userid'])) {
printerror("NotUsername", "", 1);
}
//发表者
$uid = (int) getcvar('mluserid');
if ($uid) {
$uname = RepPostVar(getcvar('mlusername'));
} else {
$uid = 0;
$uname = '';
}
$uname = RepPostStr($uname);
$name = RepPostStr($add['name']);
$company = RepPostStr($add['company']);
$phone = RepPostStr($add['phone']);
$fax = RepPostStr($add['fax']);
$email = RepPostStr($add['email']);
$address = RepPostStr($add['address']);
$zip = RepPostStr($add['zip']);
$title = RepPostStr($add['title']);
$ftext = RepPostStr($add['ftext']);
if (!trim($name) || !trim($title) || !trim($ftext)) {
printerror("EmptyMemberFeedback", "history.go(-1)", 1);
}
$addtime = date("Y-m-d H:i:s");
$ip = egetip();
$eipport = egetipport();
$sql = $empire->query("insert into {$dbtbpre}enewsmemberfeedback(name,company,phone,fax,email,address,zip,title,ftext,userid,ip,uid,uname,addtime,eipport) values('{$name}','{$company}','{$phone}','{$fax}','{$email}','{$address}','{$zip}','{$title}','{$ftext}',{$userid},'{$ip}',{$uid},'{$uname}','{$addtime}','{$eipport}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
printerror("AddMemberFeedbackSuccess", $_SERVER['HTTP_REFERER'], 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function AddMemberGbook($add)
{
global $empire, $dbtbpre;
//验证码
$keyvname = 'checkspacegbkey';
ecmsCheckShowKey($keyvname, $add['key'], 1);
//用户
$userid = intval($add['userid']);
$ur = $empire->fetch1("select " . eReturnSelectMemberF('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
if (empty($ur['userid'])) {
printerror("NotUsername", "", 1);
}
//发表者
$uid = (int) getcvar('mluserid');
if ($uid) {
$uname = RepPostVar(getcvar('mlusername'));
} else {
$uid = 0;
$uname = trim($add['uname']);
}
$uname = RepPostStr($uname);
$gbtext = RepPostStr($add['gbtext']);
if (empty($uname) || !trim($gbtext)) {
printerror("EmptyMemberGbook", "history.go(-1)", 1);
}
$isprivate = intval($add['isprivate']);
$addtime = date("Y-m-d H:i:s");
$ip = egetip();
$eipport = egetipport();
$sql = $empire->query("insert into {$dbtbpre}enewsmembergbook(userid,isprivate,uid,uname,ip,addtime,gbtext,retext,eipport) values({$userid},{$isprivate},{$uid},'{$uname}','{$ip}','{$addtime}','{$gbtext}','','{$eipport}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
printerror("AddMemberGbookSuccess", $_SERVER['HTTP_REFERER'], 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function AddFeedback($add)
{
global $empire, $dbtbpre, $level_r, $public_r;
CheckCanPostUrl();
//验证来源
if ($add['bid']) {
$bid = (int) $add['bid'];
} else {
$bid = (int) getcvar('feedbackbid');
}
if (empty($bid)) {
printerror("EmptyFeedbackname", "history.go(-1)", 1);
}
//验证码
$keyvname = 'checkfeedbackkey';
if ($public_r['fbkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
//版面是否存在
$br = $empire->fetch1("select bid,enter,mustenter,filef,groupid,checkboxf from {$dbtbpre}enewsfeedbackclass where bid='{$bid}';");
if (empty($br['bid'])) {
printerror("EmptyFeedback", "history.go(-1)", 1);
}
//权限
if ($br['groupid']) {
$user = islogin();
if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
printerror("HaveNotEnLevel", "history.go(-1)", 1);
}
}
$pr = $empire->fetch1("select feedbacktfile,feedbackfilesize,feedbackfiletype from {$dbtbpre}enewspublic limit 1");
//必填项
$mustr = explode(",", $br['mustenter']);
$count = count($mustr);
for ($i = 1; $i < $count - 1; $i++) {
$mf = $mustr[$i];
if (strstr($br['filef'], "," . $mf . ",")) {
if (!$pr['feedbacktfile']) {
printerror("NotOpenFBFile", "", 1);
}
if (!$_FILES[$mf]['name']) {
printerror("EmptyFeedbackname", "", 1);
}
} else {
$chmustval = ReturnFBCheckboxAddF($add[$mf], $mf, $br['checkboxf']);
if (!trim($chmustval)) {
printerror("EmptyFeedbackname", "", 1);
}
}
}
$saytime = date("Y-m-d H:i:s");
//字段处理
$dh = "";
$tranf = "";
$record = "<!--record-->";
$field = "<!--field--->";
$er = explode($record, $br['enter']);
$count = count($er);
for ($i = 0; $i < $count - 1; $i++) {
$er1 = explode($field, $er[$i]);
$f = $er1[1];
//附件
$add[$f] = str_replace('[!#@-', 'ecms', $add[$f]);
if (strstr($br['filef'], "," . $f . ",")) {
if ($_FILES[$f]['name']) {
if (!$pr['feedbacktfile']) {
printerror("NotOpenFBFile", "", 1);
}
$filetype = GetFiletype($_FILES[$f]['name']);
//取得文件类型
if (CheckSaveTranFiletype($filetype)) {
printerror("NotQTranFiletype", "", 1);
}
if (!strstr($pr['feedbackfiletype'], "|" . $filetype . "|")) {
printerror("NotQTranFiletype", "", 1);
}
if ($_FILES[$f]['size'] > $pr['feedbackfilesize'] * 1024) {
printerror("TooBigQTranFile", "", 1);
}
$tranf .= $dh . $f;
$dh = ",";
$fval = "[!#@-" . $f . "-@!]";
} else {
$fval = "";
}
} else {
$add[$f] = ReturnFBCheckboxAddF($add[$f], $f, $br['checkboxf']);
$fval = $add[$f];
}
$addf .= ",`" . $f . "`";
$addval .= ",'" . addslashes(RepPostStr($fval)) . "'";
}
$type = 0;
$classid = 0;
$filename = '';
$filepath = '';
$userid = (int) getcvar('mluserid');
$username = RepPostVar(getcvar('mlusername'));
$filepass = ReturnTranFilepass();
//上传附件
if ($tranf) {
$dh = "";
$tranr = explode(",", $tranf);
$count = count($tranr);
for ($i = 0; $i < $count; $i++) {
$tf = $tranr[$i];
$tfr = DoTranFile($_FILES[$tf]['tmp_name'], $_FILES[$tf]['name'], $_FILES[$tf]['type'], $_FILES[$tf]['size'], $classid);
if ($tfr['tran']) {
$filepath = $tfr[filepath];
//写入数据库
$filetime = $saytime;
$filesize = (int) $_FILES[$tf]['size'];
eInsertFileTable($tfr[filename], $filesize, $tfr[filepath], '[Member]' . $username, $classid, '[FB]' . addslashes(RepPostStr($add[title])), $type, $filepass, $filepass, $public_r[fpath], 0, 4, 0);
$repfval = ($tfr[filepath] ? $tfr[filepath] . '/' : '') . $tfr[filename];
$filename .= $dh . $tfr[filename];
$dh = ",";
} else {
$repfval = "";
}
$addval = str_replace("[!#@-" . $tf . "-@!]", $repfval, $addval);
}
}
$ip = egetip();
$eipport = egetipport();
$sql = $empire->query("insert into {$dbtbpre}enewsfeedback(bid,saytime,ip,filepath,filename,userid,username,haveread,eipport" . $addf . ") values('{$bid}','{$saytime}','{$ip}','{$filepath}','{$filename}','{$userid}','{$username}',0,'{$eipport}'" . $addval . ");");
$fid = $empire->lastid();
//更新附件
UpdateTheFileOther(4, $fid, $filepass, 'other');
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
$reurl = DoingReturnUrl("../tool/feedback/?bid={$bid}", $add['ecmsfrom']);
printerror("AddFeedbackSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function register($add)
{
global $empire, $dbtbpre, $public_r, $ecms_config;
//关闭注册
if ($public_r['register_ok']) {
printerror('CloseRegister', '', 1);
}
//验证时间段允许操作
eCheckTimeCloseDo('reg');
//验证IP
eCheckAccessDoIp('register');
if (!empty($ecms_config['member']['registerurl'])) {
Header("Location:" . $ecms_config['member']['registerurl']);
exit;
}
//已经登陆不能注册
if (getcvar('mluserid')) {
printerror('LoginToRegister', '', 1);
}
CheckCanPostUrl();
//验证来源
$username = trim($add['username']);
$password = trim($add['password']);
$username = RepPostVar($username);
$password = RepPostVar($password);
$email = RepPostStr($add['email']);
if (!$username || !$password || !$email) {
printerror("EmptyMember", "history.go(-1)", 1);
}
$tobind = (int) $add['tobind'];
//验证码
$keyvname = 'checkregkey';
if ($public_r['regkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
$user_groupid = eReturnMemberDefGroupid();
$groupid = (int) $add['groupid'];
$groupid = empty($groupid) ? $user_groupid : $groupid;
CheckMemberGroupCanReg($groupid);
//IP
$regip = egetip();
$regipport = egetipport();
//用户字数
$pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1");
$userlen = strlen($username);
if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) {
printerror('FaiUserlen', '', 1);
}
//密码字数
$passlen = strlen($password);
if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) {
printerror('FailPasslen', '', 1);
}
if ($add['repassword'] !== $password) {
printerror('NotRepassword', '', 1);
}
if (!chemail($email)) {
printerror('EmailFail', '', 1);
}
if (strstr($username, '|') || strstr($username, '*')) {
printerror('NotSpeWord', '', 1);
}
//同一IP注册
eCheckIpRegTime($regip, $pr['regretime']);
//保留用户
toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword');
$username = RepPostStr($username);
//重复用户
$num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if ($num) {
printerror('ReUsername', '', 1);
}
//重复邮箱
if ($pr['regemailonly']) {
$num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' limit 1");
if ($num) {
printerror('ReEmailFail', '', 1);
}
}
//注册时间
$lasttime = time();
$registertime = eReturnAddMemberRegtime();
$rnd = make_password(20);
//产生随机密码
$userkey = eReturnMemberUserKey();
//密码
$truepassword = $password;
$salt = eReturnMemberSalt();
$password = eDoMemberPw($password, $salt);
//审核
$checked = ReturnGroupChecked($groupid);
if ($checked && $public_r['regacttype'] == 1) {
$checked = 0;
}
//验证附加表必填项
$mr['add_filepass'] = ReturnTranFilepass();
$fid = GetMemberFormId($groupid);
$member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username);
$sql = $empire->query("insert into " . eReturnMemberTable() . "(" . eReturnInsertMemberF('username,password,rnd,email,registertime,groupid,userfen,userdate,money,zgroupid,havemsg,checked,salt,userkey') . ") values('{$username}','{$password}','{$rnd}','{$email}','{$registertime}','{$groupid}','{$public_r['reggetfen']}','0','0','0','0','{$checked}','{$salt}','{$userkey}');");
//取得userid
$userid = $empire->lastid();
//附加表
$addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'");
if (!$addr[userid]) {
$spacestyleid = ReturnGroupSpaceStyleid($groupid);
$sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}','{$lasttime}','{$regip}','1','{$regipport}','{$regipport}'" . $member_r[1] . ");");
}
//更新附件
UpdateTheFileOther(6, $userid, $mr['add_filepass'], 'member');
ecmsEmptyShowKey($keyvname);
//清空验证码
//绑定帐号
if ($tobind) {
MemberConnect_BindUser($userid);
}
if ($sql) {
//邮箱激活
if ($checked == 0 && $public_r['regacttype'] == 1) {
include 'class/member_actfun.php';
SendActUserEmail($userid, $username, $email);
}
//审核
if ($checked == 0) {
$location = DoingReturnUrl("../../", $_POST['ecmsfrom']);
printerror("RegisterSuccessCheck", $location, 1);
}
$logincookie = 0;
if ($ecms_config['member']['regcookietime']) {
$logincookie = time() + $ecms_config['member']['regcookietime'];
}
$r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
$set1 = esetcookie("mlusername", $username, $logincookie);
$set2 = esetcookie("mluserid", $userid, $logincookie);
$set3 = esetcookie("mlgroupid", $groupid, $logincookie);
$set4 = esetcookie("mlrnd", $rnd, $logincookie);
//验证符
qGetLoginAuthstr($userid, $username, $rnd, $groupid, $logincookie);
//登录附加cookie
AddLoginCookie($r);
$location = "../member/cp/";
$returnurl = getcvar('returnurl');
if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) {
$location = $returnurl;
}
$set5 = esetcookie("returnurl", "");
//易通行系统
DoEpassport('reg', $userid, $username, $truepassword, $salt, $email, $groupid, $registertime);
$location = DoingReturnUrl($location, $_POST['ecmsfrom']);
printerror("RegisterSuccess", $location, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function qlogin($add)
{
global $empire, $dbtbpre, $public_r, $ecms_config;
if ($ecms_config['member']['loginurl']) {
Header("Location:" . $ecms_config['member']['loginurl']);
exit;
}
$dopr = 1;
if ($_POST['prtype']) {
$dopr = 9;
}
$username = trim($add['username']);
$password = trim($add['password']);
if (!$username || !$password) {
printerror("EmptyLogin", "history.go(-1)", $dopr);
}
$tobind = (int) $add['tobind'];
//验证码
$keyvname = 'checkloginkey';
if ($public_r['loginkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], $dopr);
}
$username = RepPostVar($username);
$password = RepPostVar($password);
$num = 0;
$r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if (!$r['userid']) {
printerror("FailPassword", "history.go(-1)", $dopr);
}
if (!eDoCkMemberPw($password, $r['password'], $r['salt'])) {
printerror("FailPassword", "history.go(-1)", $dopr);
}
if ($r['checked'] == 0) {
if ($public_r['regacttype'] == 1) {
printerror('NotCheckedUser', '../member/register/regsend.php', 1);
} else {
printerror('NotCheckedUser', '', 1);
}
}
//绑定帐号
if ($tobind) {
MemberConnect_BindUser($r['userid']);
}
$rnd = make_password(20);
//取得随机密码
//默认会员组
if (empty($r['groupid'])) {
$r['groupid'] = eReturnMemberDefGroupid();
}
$r['groupid'] = (int) $r['groupid'];
$lasttime = time();
//IP
$lastip = egetip();
$lastipport = egetipport();
$usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('rnd') . "='{$rnd}'," . egetmf('groupid') . "='{$r['groupid']}' where " . egetmf('userid') . "='{$r['userid']}'");
$empire->query("update {$dbtbpre}enewsmemberadd set lasttime='{$lasttime}',lastip='{$lastip}',loginnum=loginnum+1,lastipport='{$lastipport}' where userid='{$r['userid']}'");
//设置cookie
$lifetime = (int) $add['lifetime'];
$logincookie = 0;
if ($lifetime) {
$logincookie = time() + $lifetime;
}
$set1 = esetcookie("mlusername", $username, $logincookie);
$set2 = esetcookie("mluserid", $r['userid'], $logincookie);
$set3 = esetcookie("mlgroupid", $r['groupid'], $logincookie);
$set4 = esetcookie("mlrnd", $rnd, $logincookie);
//验证符
qGetLoginAuthstr($r['userid'], $username, $rnd, $r['groupid'], $logincookie);
//登录附加cookie
AddLoginCookie($r);
$location = "../member/cp/";
$returnurl = getcvar('returnurl');
if ($returnurl) {
$location = $returnurl;
}
if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) {
$location = "../member/iframe/";
}
if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) {
$location = "../member/cp/";
$_POST['ecmsfrom'] = '';
}
ecmsEmptyShowKey($keyvname);
//清空验证码
$set6 = esetcookie("returnurl", "");
if ($set1 && $set2) {
//易通行系统
DoEpassport('login', $r['userid'], $username, $password, $r['salt'], $r['email'], $r['groupid'], $r['registertime']);
$location = DoingReturnUrl($location, $_POST['ecmsfrom']);
printerror("LoginSuccess", $location, $dopr);
} else {
printerror("NotCookie", "history.go(-1)", $dopr);
}
}
function insert_log($username,$password,$status,$loginip,$loginauth){
global $empire,$ecms_config,$dbtbpre;
if($ecms_config['esafe']['theloginlog'])
{
return "";
}
$password=RepPostVar($password);
$loginauth=RepPostVar($loginauth);
$password='';
if($password)
{
$password=preg_replace("/^(.{".round(strlen($password) / 4)."})(.+?)(.{".round(strlen($password) / 6)."})$/s", "\\1***\\3", $password);
}
$password=RepPostVar($password);
$username=RepPostVar($username);
$loginip=RepPostVar($loginip);
$ipport=egetipport();
$status=RepPostVar($status);
$logintime=date("Y-m-d H:i:s");
$sql=$empire->query("insert into {$dbtbpre}enewslog(username,loginip,logintime,status,password,loginauth,ipport) values('$username','$loginip','$logintime','$status','$password','$loginauth','$ipport');");
}
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add)
{
global $empire, $dbtbpre, $public_r, $class_r, $level_r;
//验证本时间允许操作
eCheckTimeCloseDo('pl');
//验证IP
eCheckAccessDoIp('pl');
$id = (int) $id;
$repid = (int) $repid;
$classid = (int) $classid;
//验证码
$keyvname = 'checkplkey';
if ($public_r['plkey_ok']) {
ecmsCheckShowKey($keyvname, $key, 1);
}
$username = RepPostVar($username);
$password = RepPostVar($password);
$muserid = (int) getcvar('mluserid');
$musername = RepPostVar(getcvar('mlusername'));
$mgroupid = (int) getcvar('mlgroupid');
if ($muserid) {
$cklgr = qCheckLoginAuthstr();
if ($cklgr['islogin']) {
$username = $musername;
} else {
$muserid = 0;
}
} else {
if (empty($nomember)) {
if (!$username || !$password) {
printerror("FailPassword", "history.go(-1)", 1);
}
$ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password,checked,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if (empty($ur['userid'])) {
printerror("FailPassword", "history.go(-1)", 1);
}
if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) {
printerror("FailPassword", "history.go(-1)", 1);
}
if ($ur['checked'] == 0) {
printerror("NotCheckedUser", '', 1);
}
$muserid = $ur['userid'];
$mgroupid = $ur['groupid'];
} else {
$muserid = 0;
}
}
if ($public_r['plgroupid']) {
if (!$muserid) {
printerror("GuestNotToPl", "history.go(-1)", 1);
}
if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) {
printerror("NotLevelToPl", "history.go(-1)", 1);
}
}
//专题
$doaction = $add['doaction'];
if ($doaction == 'dozt') {
if (!trim($saytext) || !$classid) {
printerror("EmptyPl", "history.go(-1)", 1);
}
//是否关闭评论
$r = $empire->fetch1("select ztid,closepl,checkpl,restb from {$dbtbpre}enewszt where ztid='{$classid}'");
if (!$r['ztid']) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
if ($r['closepl']) {
printerror("CloseClassPl", "history.go(-1)", 1);
}
//审核
if ($r['checkpl']) {
$checked = 1;
} else {
$checked = 0;
}
$restb = $r['restb'];
$pubid = '-' . $classid;
$id = 0;
$pagefunr = eReturnRewritePlUrl($classid, $id, 'dozt', 0, 0, 1);
$returl = $pagefunr['pageurl'];
} else {
if (!trim($saytext) || !$id || !$classid) {
printerror("EmptyPl", "history.go(-1)", 1);
}
//表存在
if (empty($class_r[$classid][tbname])) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
//是否关闭评论
$r = $empire->fetch1("select classid,stb,restb from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' limit 1");
if (!$r['classid'] || $r['classid'] != $classid) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
if ($class_r[$r[classid]][openpl]) {
printerror("CloseClassPl", "history.go(-1)", 1);
}
//单信息关闭评论
$pubid = ReturnInfoPubid($classid, $id);
$finfor = $empire->fetch1("select closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . "_data_" . $r['stb'] . " where id='{$id}' limit 1");
if ($finfor['closepl']) {
printerror("CloseInfoPl", "history.go(-1)", 1);
}
//审核
if ($class_r[$classid][checkpl]) {
$checked = 1;
} else {
$checked = 0;
}
$restb = $r['restb'];
$pagefunr = eReturnRewritePlUrl($classid, $id, 'doinfo', 0, 0, 1);
$returl = $pagefunr['pageurl'];
}
//设置参数
$plsetr = $empire->fetch1("select pltime,plsize,plincludesize,plclosewords,plmustf,plf,plmaxfloor,plquotetemp from {$dbtbpre}enewspl_set limit 1");
if (strlen($saytext) > $plsetr['plsize']) {
$GLOBALS['setplsize'] = $plsetr['plsize'];
printerror("PlSizeTobig", "history.go(-1)", 1);
}
$time = time();
$saytime = $time;
$pltime = getcvar('lastpltime');
if ($pltime) {
if ($time - $pltime < $plsetr['pltime']) {
$GLOBALS['setpltime'] = $plsetr['pltime'];
printerror("PlOutTime", "history.go(-1)", 1);
}
}
$sayip = egetip();
$eipport = egetipport();
$username = str_replace("\r\n", "", $username);
$username = RepPostStr($username);
$saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext)));
if ($repid) {
$saytext = RepPlTextQuote($repid, $saytext, $plsetr, $restb);
CkPlQuoteFloor($plsetr['plmaxfloor'], $saytext);
//验证楼层
}
//过滤字符
$saytext = ReplacePlWord($plsetr['plclosewords'], $saytext);
if ($level_r[$mgroupid]['plchecked']) {
$checked = 0;
}
$ret_r = ReturnPlAddF($add, $plsetr, 0);
//主表
$sql = $empire->query("insert into {$dbtbpre}enewspl_" . $restb . "(pubid,username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,saytext,eipport" . $ret_r['fields'] . ") values('{$pubid}','" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'" . addslashes($saytext) . "','{$eipport}'" . $ret_r['values'] . ");");
$plid = $empire->lastid();
if ($doaction != 'dozt') {
//信息表加1
$usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}' limit 1");
}
//更新新评论数
DoUpdateAddDataNum('pl', $restb, 1);
//设置最后发表时间
$set1 = esetcookie("lastpltime", time(), time() + 3600 * 24);
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
$reurl = DoingReturnUrl($returl, $_POST['ecmsfrom']);
printerror("AddPlSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function ReturnQAddinfoF($mid, $add, $infor, $classid, $filepass, $userid, $username, $ecms = 0)
{
global $empire, $dbtbpre, $public_r, $emod_r, $ecms_config;
$ret_r = array();
$pr = $empire->fetch1("select qaddtran,qaddtransize,qaddtranimgtype,qaddtranfile,qaddtranfilesize,qaddtranfiletype,closewords,closewordsf from {$dbtbpre}enewspublic limit 1");
$isadd = $ecms == 0 ? 1 : 0;
qCheckInfoCloseWord($mid, $add, $pr['closewordsf'], $pr['closewords']);
//屏蔽字符验证
//检测必填字段
$pagef = $emod_r[$mid]['pagef'];
$mustr = explode(",", $emod_r[$mid]['mustqenterf']);
$mustcount = count($mustr) - 1;
for ($i = 1; $i < $mustcount; $i++) {
$mf = $mustr[$i];
if (strstr($emod_r[$mid]['filef'], ',' . $mf . ',') || strstr($emod_r[$mid]['imgf'], ',' . $mf . ',') || strstr($emod_r[$mid]['flashf'], ',' . $mf . ',') || $mf == 'downpath' || $mf == 'onlinepath') {
$mfilef = $mf . "file";
//上传文件
if ($_FILES[$mfilef]['name']) {
if (strstr($emod_r[$mid]['imgf'], ',' . $mf . ',')) {
if (!$pr['qaddtran']) {
printerror("CloseQTranPic", "", 1);
}
} else {
if (!$pr['qaddtranfile']) {
printerror("CloseQTranFile", "", 1);
}
}
} elseif (!trim($add[$mf]) && !$infor[$mf]) {
printerror("EmptyQMustF", "", 1);
}
} else {
$chmustval = ReturnCheckboxAddF($add[$mf], $mid, $mf);
//复选框
$chmustval = ReturnMoreValueAddF($add, $chmustval, $mid, $mf, $ecms);
//多值
if (!trim($chmustval)) {
printerror("EmptyQMustF", "", 1);
}
}
}
//字段处理
$dh = "";
$tranf = "";
$fr = explode(',', $emod_r[$mid]['qenter']);
$count = count($fr) - 1;
for ($i = 1; $i < $count; $i++) {
$f = $fr[$i];
if ($f == 'special.field' || $ecms == 0 && !strstr($emod_r[$mid]['canaddf'], ',' . $f . ',') || $ecms == 1 && !strstr($emod_r[$mid]['caneditf'], ',' . $f . ',')) {
continue;
}
//附件
$add[$f] = str_replace('[!#@-', 'ecms', $add[$f]);
if (strstr($emod_r[$mid]['filef'], ',' . $f . ',') || strstr($emod_r[$mid]['imgf'], ',' . $f . ',') || strstr($emod_r[$mid]['flashf'], ',' . $f . ',') || $f == 'downpath' || $f == 'onlinepath') {
//上传附件
$filetf = $f . "file";
if ($_FILES[$filetf]['name']) {
$filetype = GetFiletype($_FILES[$filetf]['name']);
//取得文件类型
if (CheckSaveTranFiletype($filetype)) {
printerror("NotQTranFiletype", "", 1);
}
if (strstr($emod_r[$mid]['imgf'], ',' . $f . ',')) {
if (!$pr['qaddtran']) {
printerror("CloseQTranPic", "", 1);
}
if (!strstr($pr['qaddtranimgtype'], "|" . $filetype . "|")) {
printerror("NotQTranFiletype", "", 1);
}
if ($_FILES[$filetf]['size'] > $pr['qaddtransize'] * 1024) {
printerror("TooBigQTranFile", "", 1);
}
if (!strstr($ecms_config['sets']['tranpicturetype'], ',' . $filetype . ',')) {
printerror("NotQTranFiletype", "", 1);
}
} else {
if (!$pr['qaddtranfile']) {
printerror("CloseQTranFile", "", 1);
}
if (!strstr($pr['qaddtranfiletype'], "|" . $filetype . "|")) {
printerror("NotQTranFiletype", "", 1);
}
if ($_FILES[$filetf]['size'] > $pr['qaddtranfilesize'] * 1024) {
printerror("TooBigQTranFile", "", 1);
}
if (strstr($emod_r[$mid]['flashf'], ',' . $f . ',')) {
if (!strstr($ecms_config['sets']['tranflashtype'], "," . $filetype . ",")) {
printerror("NotQTranFiletype", "", 1);
}
}
if ($f == "onlinepath") {
if (strstr($wmv_type, "," . $filetype . ",")) {
}
}
}
$tranf .= $dh . $f;
$dh = ",";
$fval = "[!#@-" . $f . "-@!]";
} else {
if ($public_r['modinfoedittran'] == 1) {
$fval = $add[$f];
if ($ecms == 1 && $infor[$f] && !trim($fval)) {
$fval = $infor[$f];
//特殊字段
if ($f == "downpath" || $f == "onlinepath") {
$fval = DoReqDownPath($fval);
}
}
} else {
$fval = '';
if ($ecms == 1) {
$fval = $infor[$f];
//特殊字段
if ($f == "downpath" || $f == "onlinepath") {
$fval = DoReqDownPath($fval);
}
}
}
}
} elseif ($f == 'newstime') {
if ($add[$f]) {
$fval = to_time($add[$f]);
} else {
$fval = time();
}
} elseif ($f == 'newstext') {
if ($ecms == 0) {
$fval = DoReplaceKeyAndWord($add[$f], 1, $classid);
//替换关键字和字符
} else {
$fval = $add[$f];
}
} elseif ($f == 'infoip') {
$fval = egetip();
} elseif ($f == 'infoipport') {
$fval = egetipport();
} elseif ($f == 'infozm') {
$fval = $add[$f] ? $add[$f] : GetInfoZm($add[title]);
} else {
$add[$f] = ReturnCheckboxAddF($add[$f], $mid, $f);
//复选框
$add[$f] = ReturnMoreValueAddF($add, $add[$f], $mid, $f, $ecms);
//多值
$fval = $add[$f];
}
$fval = DoFFun($mid, $f, $fval, $isadd, 1);
//执行函数
$modispagef = $pagef == $f ? 1 : 0;
$fval = RepTempvarPostStrT($fval, $modispagef);
if ($pagef != $f) {
$fval = RepTempvarPostStr($fval);
}
ChIsOnlyAddF($mid, $infor[id], $f, $fval, 1);
//唯一值
$fval = DoqValue($mid, $f, $fval);
$fval = DoqSpecialValue($mid, $f, $fval, $add, $infor, $ecms);
$fval = RepPostStr2($fval);
if ($ecms == 1) {
SameDataAddF($info[id], $classid, $mid, $f, $fval);
}
$fval = addslashes($fval);
if ($ecms == 0) {
if (strstr($emod_r[$mid]['tbdataf'], ',' . $f . ',')) {
$ret_r[2] .= "," . $f;
$ret_r[3] .= ",'" . $fval . "'";
} else {
$ret_r[0] .= "," . $f;
$ret_r[1] .= ",'" . $fval . "'";
}
} else {
if ($f == 'infoip' || $f == 'infoipport') {
continue;
}
if (strstr($emod_r[$mid]['tbdataf'], ',' . $f . ',')) {
$ret_r[3] .= "," . $f . "='" . $fval . "'";
} else {
$ret_r[0] .= "," . $f . "='" . $fval . "'";
}
}
}
//上传附件
if ($tranf) {
if ($ecms == 0) {
$infoid = 0;
} else {
$infoid = $infor['id'];
$filepass = 0;
}
$tranr = explode(",", $tranf);
$count = count($tranr);
for ($i = 0; $i < $count; $i++) {
$tf = $tranr[$i];
$tffile = $tf . "file";
$tfr = DoTranFile($_FILES[$tffile]['tmp_name'], $_FILES[$tffile]['name'], $_FILES[$tffile]['type'], $_FILES[$tffile]['size'], $classid);
if ($tfr['tran']) {
//文件类型
$mvf = $tf . "mtfile";
if (strstr($emod_r[$mid]['imgf'], ',' . $tf . ',')) {
$type = 1;
} elseif (strstr($emod_r[$mid]['flashf'], ',' . $tf . ',')) {
$type = 2;
} elseif ($add[$mvf] == 1) {
$type = 3;
} else {
$type = 0;
}
//写入数据库
$filetime = time();
$filesize = (int) $_FILES[$tffile]['size'];
$classid = (int) $classid;
eInsertFileTable($tfr[filename], $filesize, $tfr[filepath], '[Member]' . $username, $classid, '[' . $tf . ']' . addslashes(RepPostStr($add[title])), $type, $infoid, $filepass, $public_r[fpath], 0, 0, $ecms == 1 ? $infor['fstb'] : $public_r['filedeftb']);
//删除旧文件
if ($ecms == 1 && $infor[$tf]) {
DelYQTranFile($classid, $infor['id'], $infor[$tf], $tf, $infor['fstb']);
}
$repfval = $tfr['url'];
} else {
$repfval = $infor[$tf];
//特殊字段
if ($tf == "downpath" || $tf == "onlinepath") {
$repfval = DoReqDownPath($repfval);
}
}
if ($ecms == 0) {
$ret_r[1] = str_replace("[!#@-" . $tf . "-@!]", $repfval, $ret_r[1]);
$ret_r[3] = str_replace("[!#@-" . $tf . "-@!]", $repfval, $ret_r[3]);
} else {
$ret_r[0] = str_replace("[!#@-" . $tf . "-@!]", $repfval, $ret_r[0]);
$ret_r[3] = str_replace("[!#@-" . $tf . "-@!]", $repfval, $ret_r[3]);
}
}
}
$ret_r[4] = $emod_r[$mid]['deftb'];
return $ret_r;
}
function ReturnAddF($add, $modid, $userid, $username, $do = 0, $rdata = 0, $ch = 0)
{
global $empire, $public_r, $dbtbpre, $emod_r;
if ($do == 0 || $do == 1) {
//导入gd处理文件
if ($add['mark'] || $add['getfirsttitlespic'] || $add['mcreatespic']) {
include_once ECMS_PATH . DASHBOARD . '/class/gd.php';
}
}
$ret_r['tb'] = $emod_r[$modid]['deftb'];
$pagef = $emod_r[$modid]['pagef'];
$r = explode(',', $emod_r[$modid][enter]);
$count = count($r) - 1;
if (empty($do)) {
//数据库操作
for ($i = 1; $i < $count; $i++) {
$f = $r[$i];
if ($f == 'special.field' || !strstr($emod_r[$modid]['canaddf'], ',' . $f . ',')) {
continue;
}
$add[$f] = ReturnCheckboxAddF($add[$f], $modid, $f);
//复选框
$add[$f] = ReturnMoreValueAddF($add, $add[$f], $modid, $f, $do);
//多值
$value = RepPhpAspJspcodeText($add[$f]);
if ($f == 'newstime') {
$value = empty($value) ? time() : to_time($value);
} elseif ($f == "morepic") {
$value = ReturnMorepicpath($add['msmallpic'], $add['mbigpic'], $add['mpicname'], $add['mdelpicid'], $add['mpicid'], $add, $add['mpicurl_qz'], 0, 0, $public_r['filedeftb']);
} elseif ($f == "downpath") {
$value = ReturnDownpath($add['downname'], $add['downpath'], $add['delpathid'], $add['pathid'], $add['downuser'], $add['fen'], $add['thedownqz'], $add, $add['foruser'], $add['downurl_qz'], 0);
} elseif ($f == "onlinepath") {
$value = ReturnDownpath($add['odownname'], $add['odownpath'], $add['odelpathid'], $add['opathid'], $add['odownuser'], $add['ofen'], $add['othedownqz'], $add, $add['oforuser'], $add['onlineurl_qz'], 0);
} elseif ($f == "smalltext") {
if (!trim($value)) {
$value = SubSmalltextVal($add[newstext], $public_r[smalltextlen]);
//截取新闻内容
}
} elseif ($f == 'infoip') {
$value = egetip();
} elseif ($f == 'infoipport') {
$value = egetipport();
} elseif ($f == 'infozm') {
$value = $value ? $value : GetInfoZm($add[title]);
}
//处理函数
$value = DoFFun($modid, $f, $value, 1, 0);
$modispagef = $pagef == $f ? 1 : 0;
$value = RepTempvarPostStrT($value, $modispagef);
if ($pagef != $f) {
$value = RepTempvarPostStr($value);
}
//检测必填字段
if ($ch == 1 && empty($add['titleurl'])) {
ChMustAddF($modid, $f, $value);
ChIsOnlyAddF($modid, 0, $f, $value, 0);
//唯一值
}
$value = hRepPostStr2($value);
//编辑器
if ($f == "newstext") {
//远程保存
$value = addslashes(CopyImg(stripSlashes($value), $add[copyimg], $add[copyflash], $add[classid], $add[qz_url], $username, $add['id'], $add['filepass'], $add['mark'], $public_r['filedeftb']));
//替换关键字和字符
$value = DoReplaceKeyAndWord($value, $add['dokey'], $add['classid']);
//自动分页
if ($add[autopage] && !strstr($value, "[!--empirenews.page--]")) {
if (empty($add[autosize])) {
$add[autosize] = 5000;
}
$value = AutoDoPage($value, $add[autosize]);
}
}
//存文本
if ($emod_r[$modid]['savetxtf'] && $f == $emod_r[$modid]['savetxtf']) {
//建立目录
$thetxtfile = GetFileMd5();
$truevalue = MkDirTxtFile(date("Y/md"), $thetxtfile);
//写放文件
EditTxtFieldText($truevalue, $value);
$value = $truevalue;
}
if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) {
$ret_r['datafields'] .= "," . $f;
$ret_r['datavalues'] .= ",'" . addslashes($value) . "'";
} else {
$ret_r['fields'] .= "," . $f;
$ret_r['values'] .= ",'" . addslashes($value) . "'";
}
}
} elseif ($do == 1) {
//数据库操作
for ($i = 1; $i < $count; $i++) {
$f = $r[$i];
if ($f == "special.field" || !strstr($emod_r[$modid]['caneditf'], ',' . $f . ',')) {
continue;
}
$add[$f] = ReturnCheckboxAddF($add[$f], $modid, $f);
//复选框
$add[$f] = ReturnMoreValueAddF($add, $add[$f], $modid, $f, $do);
//多值
$value = RepPhpAspJspcodeText($add[$f]);
if ($f == 'newstime') {
$value = empty($value) ? time() : to_time($value);
} elseif ($f == "morepic") {
$value = ReturnMorepicpath($add['msmallpic'], $add['mbigpic'], $add['mpicname'], $add['mdelpicid'], $add['mpicid'], $add, $add['mpicurl_qz'], 1, 0, intval($add['fstb']));
} elseif ($f == "downpath") {
$value = ReturnDownpath($add['downname'], $add['downpath'], $add['delpathid'], $add['pathid'], $add['downuser'], $add['fen'], $add['thedownqz'], $add, $add['foruser'], $add['downurl_qz'], 1);
} elseif ($f == "onlinepath") {
$value = ReturnDownpath($add['odownname'], $add['odownpath'], $add['odelpathid'], $add['opathid'], $add['odownuser'], $add['ofen'], $add['othedownqz'], $add, $add['oforuser'], $add['onlineurl_qz'], 1);
} elseif ($f == "smalltext") {
if (!trim($value)) {
$value = SubSmalltextVal($add[newstext], $public_r[smalltextlen]);
//截取新闻内容
}
} elseif ($f == 'infozm') {
$value = $value ? $value : GetInfoZm($add[title]);
}
//处理函数
$value = DoFFun($modid, $f, $value, 0, 0);
$modispagef = $pagef == $f ? 1 : 0;
$value = RepTempvarPostStrT($value, $modispagef);
if ($pagef != $f) {
$value = RepTempvarPostStr($value);
}
//检测必填字段
if ($ch == 1 && empty($add['titleurl'])) {
ChMustAddF($modid, $f, $value);
ChIsOnlyAddF($modid, $add[id], $f, $value, 0);
//唯一值
}
$value = hRepPostStr2($value);
//数据同步
SameDataAddF($add[id], $add[classid], $modid, $f, $value);
//内容
if ($f == "newstext") {
//远程保存
$value = addslashes(CopyImg(stripSlashes($value), $add[copyimg], $add[copyflash], $add[classid], $add[qz_url], $username, $add['id'], $add['filepass'], $add['mark'], intval($add['fstb'])));
//自动分页
if ($add[autopage] && !strstr($value, "[!--empirenews.page--]")) {
if (empty($add[autosize])) {
$add[autosize] = 5000;
}
$value = AutoDoPage($value, $add[autosize]);
}
}
//存文本
if ($emod_r[$modid]['savetxtf'] && $f == $emod_r[$modid]['savetxtf']) {
//建立目录
$newstexttxt_r = explode("/", $add[newstext_url]);
$thetxtfile = $newstexttxt_r[2];
$truevalue = MkDirTxtFile($newstexttxt_r[0] . "/" . $newstexttxt_r[1], $thetxtfile);
//写放文件
EditTxtFieldText($truevalue, $value);
$value = $truevalue;
}
if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) {
$ret_r['datafields'] .= "," . $f;
$ret_r['datavalues'] .= "," . $f . "='" . addslashes($value) . "'";
} else {
$ret_r['fields'] .= "," . $f;
$ret_r['values'] .= "," . $f . "='" . addslashes($value) . "'";
}
}
} elseif ($do == 8) {
//数据库操作
for ($i = 1; $i < $count; $i++) {
$f = $r[$i];
if ($f == 'special.field') {
continue;
}
$value = $add[$f];
//存文本
if ($emod_r[$modid]['savetxtf'] && $f == $emod_r[$modid]['savetxtf']) {
//建立目录
$newstexttxt_r = explode("/", $add[newstext_url]);
$thetxtfile = $newstexttxt_r[2];
$truevalue = MkDirTxtFile($newstexttxt_r[0] . "/" . $newstexttxt_r[1], $thetxtfile);
//写放文件
EditTxtFieldText($truevalue, $value);
$value = $truevalue;
}
if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) {
$ret_r['datafields'] .= "," . $f;
$ret_r['datavalues'] .= "," . $f . "='" . StripAddsData($value) . "'";
} else {
$ret_r['fields'] .= "," . $f;
$ret_r['values'] .= "," . $f . "='" . StripAddsData($value) . "'";
}
}
} elseif ($do == 9) {
//数据库操作
for ($i = 1; $i < $count; $i++) {
$f = $r[$i];
if ($f == 'special.field') {
continue;
}
$value = $add[$f];
//存文本
if ($emod_r[$modid]['savetxtf'] && $f == $emod_r[$modid]['savetxtf']) {
//建立目录
$thetxtfile = GetFileMd5();
$truevalue = MkDirTxtFile(date("Y/md"), $thetxtfile);
//写放文件
EditTxtFieldText($truevalue, $value);
$value = $truevalue;
}
if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) {
$ret_r['datafields'] .= "," . $f;
$ret_r['datavalues'] .= ",'" . StripAddsData($value) . "'";
} else {
$ret_r['fields'] .= "," . $f;
$ret_r['values'] .= ",'" . StripAddsData($value) . "'";
}
}
} elseif ($do == 10) {
//数据库操作
for ($i = 1; $i < $count; $i++) {
$f = $r[$i];
if ($f == 'special.field') {
continue;
}
$value = $add[$f];
if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) {
$ret_r['datafields'] .= "," . $f;
$ret_r['datavalues'] .= ",'" . StripAddsData($value) . "'";
} else {
$ret_r['fields'] .= "," . $f;
$ret_r['values'] .= ",'" . StripAddsData($value) . "'";
}
}
}
return $ret_r;
}
function AddGbook($add)
{
global $empire, $dbtbpre, $level_r, $public_r;
//验证本时间允许操作
eCheckTimeCloseDo('gbook');
//验证IP
eCheckAccessDoIp('gbook');
CheckCanPostUrl();
//验证来源
if ($add['bid']) {
$bid = (int) $add['bid'];
} else {
$bid = (int) getcvar('gbookbid');
}
$name = RepPostStr(trim($add[name]));
$email = RepPostStr($add[email]);
$mycall = RepPostStr($add[mycall]);
$lytext = RepPostStr($add[lytext]);
if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) {
printerror("EmptyGbookname", "history.go(-1)", 1);
}
if (!chemail($email)) {
printerror("EmailFail", "history.go(-1)", 1);
}
//验证码
$keyvname = 'checkgbookkey';
if ($public_r['gbkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
$lasttime = getcvar('lastgbooktime');
if ($lasttime) {
if (time() - $lasttime < $public_r['regbooktime']) {
printerror("GbOutTime", "", 1);
}
}
//版面是否存在
$br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';");
if (empty($br[bid])) {
printerror("EmptyGbook", "history.go(-1)", 1);
}
//权限
if ($br['groupid']) {
$user = islogin();
if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
printerror("HaveNotEnLevel", "history.go(-1)", 1);
}
}
$lytime = date("Y-m-d H:i:s");
$ip = egetip();
$eipport = egetipport();
$userid = (int) getcvar('mluserid');
$username = RepPostVar(getcvar('mlusername'));
$sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`mycall`,lytime,lytext,retext,bid,ip,checked,userid,username,eipport) values('{$name}','{$email}','{$mycall}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}','{$eipport}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
esetcookie("lastgbooktime", time(), time() + 3600 * 24);
//设置最后发表时间
$reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']);
printerror("AddGbookSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function AddUser($username, $password, $repassword, $groupid, $adminclass, $checked, $styleid, $loginuserid, $loginusername)
{
global $empire, $class_r, $dbtbpre;
if (!$username || !$password || !$repassword) {
printerror("EmptyUsername", "history.go(-1)");
}
if ($password != $repassword) {
printerror("NotRepassword", "history.go(-1)");
}
if (strlen($password) < 6) {
printerror("LessPassword", "history.go(-1)");
}
//操作权限
CheckLevel($loginuserid, $loginusername, $classid, "user");
$num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsuser where username='******' limit 1");
if ($num) {
printerror("ReUsername", "history.go(-1)");
}
//管理目录
for ($i = 0; $i < count($adminclass); $i++) {
//大栏目
if (empty($class_r[$adminclass[$i]][islast])) {
if (empty($class_r[$adminclass[$i]][sonclass]) || $class_r[$adminclass[$i]][sonclass] == "|") {
continue;
} else {
$andclass = substr($class_r[$adminclass[$i]][sonclass], 1);
}
$insert_class .= $andclass;
} else {
$insert_class .= $adminclass[$i] . "|";
}
}
$insert_class = "|" . $insert_class;
$styleid = (int) $styleid;
$groupid = (int) $groupid;
$checked = (int) $checked;
$filelevel = (int) $_POST['filelevel'];
$classid = (int) $_POST['classid'];
$rnd = make_password(20);
$salt = make_password(8);
$salt2 = make_password(20);
$password = DoEmpireCMSAdminPassword($password, $salt, $salt2);
$truename = ehtmlspecialchars($_POST['truename']);
$email = ehtmlspecialchars($_POST['email']);
$openip = ehtmlspecialchars($_POST['openip']);
$addtime = time();
$addip = egetip();
$addipport = egetipport();
$userprikey = make_password(48);
$sql = $empire->query("insert into {$dbtbpre}enewsuser(username,password,rnd,groupid,adminclass,checked,styleid,filelevel,salt,loginnum,lasttime,lastip,truename,email,classid,addtime,addip,userprikey,salt2,lastipport,preipport,addipport) values('{$username}','{$password}','{$rnd}',{$groupid},'{$insert_class}',{$checked},{$styleid},'{$filelevel}','{$salt}',0,0,'','{$truename}','{$email}','{$classid}','{$addtime}','{$addip}','{$userprikey}','{$salt2}','{$addipport}','{$addipport}','{$addipport}');");
$userid = $empire->lastid();
//安全提问
$equestion = (int) $_POST['equestion'];
$eanswer = $_POST['eanswer'];
if ($equestion) {
if (!$eanswer) {
printerror('EmptyEAnswer', '');
}
$eanswer = ReturnHLoginQuestionStr($userid, $username, $equestion, $eanswer);
} else {
$equestion = 0;
$eanswer = '';
}
$empire->query("insert into {$dbtbpre}enewsuseradd(userid,equestion,eanswer,openip) values('{$userid}','{$equestion}','{$eanswer}','{$openip}');");
if ($sql) {
$cache_enews = 'douserinfo';
$cache_ecmstourl = urlencode('user/AddUser.php?enews=AddUser' . hReturnEcmsHashStrHref2(0));
$cache_mess = 'AddUserSuccess';
$cache_uid = $userid;
$cache_url = "../CreateCache.php?enews={$cache_enews}&uid={$cache_uid}&ecmstourl={$cache_ecmstourl}&mess={$cache_mess}" . hReturnEcmsHashStrHref2(0);
//操作日志
insert_dolog("userid=" . $userid . "<br>username="******"AddUserSuccess","AddUser.php?enews=AddUser".hReturnEcmsHashStrHref2(0));
echo '<meta http-equiv="refresh" content="0;url=' . $cache_url . '">';
db_close();
$empire = null;
exit;
} else {
printerror("DbError", "history.go(-1)");
}
}
function EditInfo($post)
{
global $empire, $dbtbpre, $public_r;
$user_r = islogin();
//是否登陆
$userid = $user_r[userid];
$username = $user_r[username];
$dousername = $username;
$rnd = $user_r[rnd];
$groupid = $user_r[groupid];
if (!$userid || !$username) {
printerror("NotEmpty", "history.go(-1)", 1);
}
//验证附加表必填项
$addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'");
$user_r = $empire->fetch1("select " . eReturnSelectMemberF('groupid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}'");
$fid = GetMemberFormId($user_r['groupid']);
if (empty($addr[userid])) {
$mr['add_filepass'] = $userid;
$member_r = ReturnDoMemberF($fid, $post, $mr, 0, $dousername);
} else {
$addr['add_filepass'] = $userid;
$member_r = ReturnDoMemberF($fid, $post, $addr, 1, $dousername);
}
//附加表
if (empty($addr[userid])) {
//IP
$regip = egetip();
$regipport = egetipport();
$lasttime = time();
$sql = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$regip}','{$lasttime}','{$regip}',1,'{$regipport}','{$regipport}'" . $member_r[1] . ");");
} else {
$sql = $empire->query("update {$dbtbpre}enewsmemberadd set userid='{$userid}'" . $member_r[0] . " where userid='{$userid}'");
}
//更新附件
UpdateTheFileEditOther(6, $userid, 'member');
if ($sql) {
printerror("EditInfoSuccess", "../member/EditInfo/", 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
