function AddMemberFeedback($add) { global $empire, $dbtbpre; //验证码 $keyvname = 'checkspacefbkey'; ecmsCheckShowKey($keyvname, $add['key'], 1); //用户 $userid = intval($add['userid']); $ur = $empire->fetch1("select " . egetmf('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1"); if (empty($ur['userid'])) { printerror("NotUsername", "", 1); } //发表者 $uid = (int) getcvar('mluserid'); if ($uid) { $uname = RepPostVar(getcvar('mlusername')); } else { $uid = 0; $uname = ''; } $uname = RepPostStr($uname); $name = RepPostStr($add['name']); $company = RepPostStr($add['company']); $phone = RepPostStr($add['phone']); $fax = RepPostStr($add['fax']); $email = RepPostStr($add['email']); $address = RepPostStr($add['address']); $zip = RepPostStr($add['zip']); $title = RepPostStr($add['title']); $ftext = RepPostStr($add['ftext']); if (!trim($name) || !trim($title) || !trim($ftext)) { printerror("EmptyMemberFeedback", "history.go(-1)", 1); } $addtime = date("Y-m-d H:i:s"); $ip = egetip(); $eipport = egetipport(); $sql = $empire->query("insert into {$dbtbpre}enewsmemberfeedback(name,company,phone,fax,email,address,zip,title,ftext,userid,ip,uid,uname,addtime,eipport) values('{$name}','{$company}','{$phone}','{$fax}','{$email}','{$address}','{$zip}','{$title}','{$ftext}',{$userid},'{$ip}',{$uid},'{$uname}','{$addtime}','{$eipport}');"); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { printerror("AddMemberFeedbackSuccess", $_SERVER['HTTP_REFERER'], 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function AddMemberGbook($add) { global $empire, $dbtbpre; //验证码 $keyvname = 'checkspacegbkey'; ecmsCheckShowKey($keyvname, $add['key'], 1); //用户 $userid = intval($add['userid']); $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1"); if (empty($ur['userid'])) { printerror("NotUsername", "", 1); } //发表者 $uid = (int) getcvar('mluserid'); if ($uid) { $uname = RepPostVar(getcvar('mlusername')); } else { $uid = 0; $uname = trim($add['uname']); } $uname = RepPostStr($uname); $gbtext = RepPostStr($add['gbtext']); if (empty($uname) || !trim($gbtext)) { printerror("EmptyMemberGbook", "history.go(-1)", 1); } $isprivate = intval($add['isprivate']); $addtime = date("Y-m-d H:i:s"); $ip = egetip(); $eipport = egetipport(); $sql = $empire->query("insert into {$dbtbpre}enewsmembergbook(userid,isprivate,uid,uname,ip,addtime,gbtext,retext,eipport) values({$userid},{$isprivate},{$uid},'{$uname}','{$ip}','{$addtime}','{$gbtext}','','{$eipport}');"); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { printerror("AddMemberGbookSuccess", $_SERVER['HTTP_REFERER'], 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function AddFeedback($add) { global $empire, $dbtbpre, $level_r, $public_r; CheckCanPostUrl(); //验证来源 if ($add['bid']) { $bid = (int) $add['bid']; } else { $bid = (int) getcvar('feedbackbid'); } if (empty($bid)) { printerror("EmptyFeedbackname", "history.go(-1)", 1); } //验证码 $keyvname = 'checkfeedbackkey'; if ($public_r['fbkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } //版面是否存在 $br = $empire->fetch1("select bid,enter,mustenter,filef,groupid,checkboxf from {$dbtbpre}enewsfeedbackclass where bid='{$bid}';"); if (empty($br['bid'])) { printerror("EmptyFeedback", "history.go(-1)", 1); } //权限 if ($br['groupid']) { $user = islogin(); if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) { printerror("HaveNotEnLevel", "history.go(-1)", 1); } } $pr = $empire->fetch1("select feedbacktfile,feedbackfilesize,feedbackfiletype from {$dbtbpre}enewspublic limit 1"); //必填项 $mustr = explode(",", $br['mustenter']); $count = count($mustr); for ($i = 1; $i < $count - 1; $i++) { $mf = $mustr[$i]; if (strstr($br['filef'], "," . $mf . ",")) { if (!$pr['feedbacktfile']) { printerror("NotOpenFBFile", "", 1); } if (!$_FILES[$mf]['name']) { printerror("EmptyFeedbackname", "", 1); } } else { $chmustval = ReturnFBCheckboxAddF($add[$mf], $mf, $br['checkboxf']); if (!trim($chmustval)) { printerror("EmptyFeedbackname", "", 1); } } } $saytime = date("Y-m-d H:i:s"); //字段处理 $dh = ""; $tranf = ""; $record = "<!--record-->"; $field = "<!--field--->"; $er = explode($record, $br['enter']); $count = count($er); for ($i = 0; $i < $count - 1; $i++) { $er1 = explode($field, $er[$i]); $f = $er1[1]; //附件 $add[$f] = str_replace('[!#@-', 'ecms', $add[$f]); if (strstr($br['filef'], "," . $f . ",")) { if ($_FILES[$f]['name']) { if (!$pr['feedbacktfile']) { printerror("NotOpenFBFile", "", 1); } $filetype = GetFiletype($_FILES[$f]['name']); //取得文件类型 if (CheckSaveTranFiletype($filetype)) { printerror("NotQTranFiletype", "", 1); } if (!strstr($pr['feedbackfiletype'], "|" . $filetype . "|")) { printerror("NotQTranFiletype", "", 1); } if ($_FILES[$f]['size'] > $pr['feedbackfilesize'] * 1024) { printerror("TooBigQTranFile", "", 1); } $tranf .= $dh . $f; $dh = ","; $fval = "[!#@-" . $f . "-@!]"; } else { $fval = ""; } } else { $add[$f] = ReturnFBCheckboxAddF($add[$f], $f, $br['checkboxf']); $fval = $add[$f]; } $addf .= ",`" . $f . "`"; $addval .= ",'" . addslashes(RepPostStr($fval)) . "'"; } $type = 0; $classid = 0; $filename = ''; $filepath = ''; $userid = (int) getcvar('mluserid'); $username = RepPostVar(getcvar('mlusername')); $filepass = ReturnTranFilepass(); //上传附件 if ($tranf) { $dh = ""; $tranr = explode(",", $tranf); $count = count($tranr); for ($i = 0; $i < $count; $i++) { $tf = $tranr[$i]; $tfr = DoTranFile($_FILES[$tf]['tmp_name'], $_FILES[$tf]['name'], $_FILES[$tf]['type'], $_FILES[$tf]['size'], $classid); if ($tfr['tran']) { $filepath = $tfr[filepath]; //写入数据库 $filetime = $saytime; $filesize = (int) $_FILES[$tf]['size']; eInsertFileTable($tfr[filename], $filesize, $tfr[filepath], '[Member]' . $username, $classid, '[FB]' . addslashes(RepPostStr($add[title])), $type, $filepass, $filepass, $public_r[fpath], 0, 4, 0); $repfval = ($tfr[filepath] ? $tfr[filepath] . '/' : '') . $tfr[filename]; $filename .= $dh . $tfr[filename]; $dh = ","; } else { $repfval = ""; } $addval = str_replace("[!#@-" . $tf . "-@!]", $repfval, $addval); } } $ip = egetip(); $eipport = egetipport(); $sql = $empire->query("insert into {$dbtbpre}enewsfeedback(bid,saytime,ip,filepath,filename,userid,username,haveread,eipport" . $addf . ") values('{$bid}','{$saytime}','{$ip}','{$filepath}','{$filename}','{$userid}','{$username}',0,'{$eipport}'" . $addval . ");"); $fid = $empire->lastid(); //更新附件 UpdateTheFileOther(4, $fid, $filepass, 'other'); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { $reurl = DoingReturnUrl("../tool/feedback/?bid={$bid}", $add['ecmsfrom']); printerror("AddFeedbackSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function register($add) { global $empire, $dbtbpre, $public_r, $ecms_config; //关闭注册 if ($public_r['register_ok']) { printerror('CloseRegister', '', 1); } //验证时间段允许操作 eCheckTimeCloseDo('reg'); //验证IP eCheckAccessDoIp('register'); if (!empty($ecms_config['member']['registerurl'])) { Header("Location:" . $ecms_config['member']['registerurl']); exit; } //已经登陆不能注册 if (getcvar('mluserid')) { printerror('LoginToRegister', '', 1); } CheckCanPostUrl(); //验证来源 $username = trim($add['username']); $password = trim($add['password']); $username = RepPostVar($username); $password = RepPostVar($password); $email = RepPostStr($add['email']); if (!$username || !$password || !$email) { printerror("EmptyMember", "history.go(-1)", 1); } $tobind = (int) $add['tobind']; //验证码 $keyvname = 'checkregkey'; if ($public_r['regkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } $user_groupid = eReturnMemberDefGroupid(); $groupid = (int) $add['groupid']; $groupid = empty($groupid) ? $user_groupid : $groupid; CheckMemberGroupCanReg($groupid); //IP $regip = egetip(); $regipport = egetipport(); //用户字数 $pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1"); $userlen = strlen($username); if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) { printerror('FaiUserlen', '', 1); } //密码字数 $passlen = strlen($password); if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) { printerror('FailPasslen', '', 1); } if ($add['repassword'] !== $password) { printerror('NotRepassword', '', 1); } if (!chemail($email)) { printerror('EmailFail', '', 1); } if (strstr($username, '|') || strstr($username, '*')) { printerror('NotSpeWord', '', 1); } //同一IP注册 eCheckIpRegTime($regip, $pr['regretime']); //保留用户 toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword'); $username = RepPostStr($username); //重复用户 $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); if ($num) { printerror('ReUsername', '', 1); } //重复邮箱 if ($pr['regemailonly']) { $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' limit 1"); if ($num) { printerror('ReEmailFail', '', 1); } } //注册时间 $lasttime = time(); $registertime = eReturnAddMemberRegtime(); $rnd = make_password(20); //产生随机密码 $userkey = eReturnMemberUserKey(); //密码 $truepassword = $password; $salt = eReturnMemberSalt(); $password = eDoMemberPw($password, $salt); //审核 $checked = ReturnGroupChecked($groupid); if ($checked && $public_r['regacttype'] == 1) { $checked = 0; } //验证附加表必填项 $mr['add_filepass'] = ReturnTranFilepass(); $fid = GetMemberFormId($groupid); $member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username); $sql = $empire->query("insert into " . eReturnMemberTable() . "(" . eReturnInsertMemberF('username,password,rnd,email,registertime,groupid,userfen,userdate,money,zgroupid,havemsg,checked,salt,userkey') . ") values('{$username}','{$password}','{$rnd}','{$email}','{$registertime}','{$groupid}','{$public_r['reggetfen']}','0','0','0','0','{$checked}','{$salt}','{$userkey}');"); //取得userid $userid = $empire->lastid(); //附加表 $addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'"); if (!$addr[userid]) { $spacestyleid = ReturnGroupSpaceStyleid($groupid); $sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}','{$lasttime}','{$regip}','1','{$regipport}','{$regipport}'" . $member_r[1] . ");"); } //更新附件 UpdateTheFileOther(6, $userid, $mr['add_filepass'], 'member'); ecmsEmptyShowKey($keyvname); //清空验证码 //绑定帐号 if ($tobind) { MemberConnect_BindUser($userid); } if ($sql) { //邮箱激活 if ($checked == 0 && $public_r['regacttype'] == 1) { include 'class/member_actfun.php'; SendActUserEmail($userid, $username, $email); } //审核 if ($checked == 0) { $location = DoingReturnUrl("../../", $_POST['ecmsfrom']); printerror("RegisterSuccessCheck", $location, 1); } $logincookie = 0; if ($ecms_config['member']['regcookietime']) { $logincookie = time() + $ecms_config['member']['regcookietime']; } $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1"); $set1 = esetcookie("mlusername", $username, $logincookie); $set2 = esetcookie("mluserid", $userid, $logincookie); $set3 = esetcookie("mlgroupid", $groupid, $logincookie); $set4 = esetcookie("mlrnd", $rnd, $logincookie); //验证符 qGetLoginAuthstr($userid, $username, $rnd, $groupid, $logincookie); //登录附加cookie AddLoginCookie($r); $location = "../member/cp/"; $returnurl = getcvar('returnurl'); if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) { $location = $returnurl; } $set5 = esetcookie("returnurl", ""); //易通行系统 DoEpassport('reg', $userid, $username, $truepassword, $salt, $email, $groupid, $registertime); $location = DoingReturnUrl($location, $_POST['ecmsfrom']); printerror("RegisterSuccess", $location, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function qlogin($add) { global $empire, $dbtbpre, $public_r, $ecms_config; if ($ecms_config['member']['loginurl']) { Header("Location:" . $ecms_config['member']['loginurl']); exit; } $dopr = 1; if ($_POST['prtype']) { $dopr = 9; } $username = trim($add['username']); $password = trim($add['password']); if (!$username || !$password) { printerror("EmptyLogin", "history.go(-1)", $dopr); } $tobind = (int) $add['tobind']; //验证码 $keyvname = 'checkloginkey'; if ($public_r['loginkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], $dopr); } $username = RepPostVar($username); $password = RepPostVar($password); $num = 0; $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); if (!$r['userid']) { printerror("FailPassword", "history.go(-1)", $dopr); } if (!eDoCkMemberPw($password, $r['password'], $r['salt'])) { printerror("FailPassword", "history.go(-1)", $dopr); } if ($r['checked'] == 0) { if ($public_r['regacttype'] == 1) { printerror('NotCheckedUser', '../member/register/regsend.php', 1); } else { printerror('NotCheckedUser', '', 1); } } //绑定帐号 if ($tobind) { MemberConnect_BindUser($r['userid']); } $rnd = make_password(20); //取得随机密码 //默认会员组 if (empty($r['groupid'])) { $r['groupid'] = eReturnMemberDefGroupid(); } $r['groupid'] = (int) $r['groupid']; $lasttime = time(); //IP $lastip = egetip(); $lastipport = egetipport(); $usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('rnd') . "='{$rnd}'," . egetmf('groupid') . "='{$r['groupid']}' where " . egetmf('userid') . "='{$r['userid']}'"); $empire->query("update {$dbtbpre}enewsmemberadd set lasttime='{$lasttime}',lastip='{$lastip}',loginnum=loginnum+1,lastipport='{$lastipport}' where userid='{$r['userid']}'"); //设置cookie $lifetime = (int) $add['lifetime']; $logincookie = 0; if ($lifetime) { $logincookie = time() + $lifetime; } $set1 = esetcookie("mlusername", $username, $logincookie); $set2 = esetcookie("mluserid", $r['userid'], $logincookie); $set3 = esetcookie("mlgroupid", $r['groupid'], $logincookie); $set4 = esetcookie("mlrnd", $rnd, $logincookie); //验证符 qGetLoginAuthstr($r['userid'], $username, $rnd, $r['groupid'], $logincookie); //登录附加cookie AddLoginCookie($r); $location = "../member/cp/"; $returnurl = getcvar('returnurl'); if ($returnurl) { $location = $returnurl; } if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) { $location = "../member/iframe/"; } if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) { $location = "../member/cp/"; $_POST['ecmsfrom'] = ''; } ecmsEmptyShowKey($keyvname); //清空验证码 $set6 = esetcookie("returnurl", ""); if ($set1 && $set2) { //易通行系统 DoEpassport('login', $r['userid'], $username, $password, $r['salt'], $r['email'], $r['groupid'], $r['registertime']); $location = DoingReturnUrl($location, $_POST['ecmsfrom']); printerror("LoginSuccess", $location, $dopr); } else { printerror("NotCookie", "history.go(-1)", $dopr); } }
function insert_log($username,$password,$status,$loginip,$loginauth){ global $empire,$ecms_config,$dbtbpre; if($ecms_config['esafe']['theloginlog']) { return ""; } $password=RepPostVar($password); $loginauth=RepPostVar($loginauth); $password=''; if($password) { $password=preg_replace("/^(.{".round(strlen($password) / 4)."})(.+?)(.{".round(strlen($password) / 6)."})$/s", "\\1***\\3", $password); } $password=RepPostVar($password); $username=RepPostVar($username); $loginip=RepPostVar($loginip); $ipport=egetipport(); $status=RepPostVar($status); $logintime=date("Y-m-d H:i:s"); $sql=$empire->query("insert into {$dbtbpre}enewslog(username,loginip,logintime,status,password,loginauth,ipport) values('$username','$loginip','$logintime','$status','$password','$loginauth','$ipport');"); }
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add) { global $empire, $dbtbpre, $public_r, $class_r, $level_r; //验证本时间允许操作 eCheckTimeCloseDo('pl'); //验证IP eCheckAccessDoIp('pl'); $id = (int) $id; $repid = (int) $repid; $classid = (int) $classid; //验证码 $keyvname = 'checkplkey'; if ($public_r['plkey_ok']) { ecmsCheckShowKey($keyvname, $key, 1); } $username = RepPostVar($username); $password = RepPostVar($password); $muserid = (int) getcvar('mluserid'); $musername = RepPostVar(getcvar('mlusername')); $mgroupid = (int) getcvar('mlgroupid'); if ($muserid) { $cklgr = qCheckLoginAuthstr(); if ($cklgr['islogin']) { $username = $musername; } else { $muserid = 0; } } else { if (empty($nomember)) { if (!$username || !$password) { printerror("FailPassword", "history.go(-1)", 1); } $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password,checked,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); if (empty($ur['userid'])) { printerror("FailPassword", "history.go(-1)", 1); } if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) { printerror("FailPassword", "history.go(-1)", 1); } if ($ur['checked'] == 0) { printerror("NotCheckedUser", '', 1); } $muserid = $ur['userid']; $mgroupid = $ur['groupid']; } else { $muserid = 0; } } if ($public_r['plgroupid']) { if (!$muserid) { printerror("GuestNotToPl", "history.go(-1)", 1); } if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) { printerror("NotLevelToPl", "history.go(-1)", 1); } } //专题 $doaction = $add['doaction']; if ($doaction == 'dozt') { if (!trim($saytext) || !$classid) { printerror("EmptyPl", "history.go(-1)", 1); } //是否关闭评论 $r = $empire->fetch1("select ztid,closepl,checkpl,restb from {$dbtbpre}enewszt where ztid='{$classid}'"); if (!$r['ztid']) { printerror("ErrorUrl", "history.go(-1)", 1); } if ($r['closepl']) { printerror("CloseClassPl", "history.go(-1)", 1); } //审核 if ($r['checkpl']) { $checked = 1; } else { $checked = 0; } $restb = $r['restb']; $pubid = '-' . $classid; $id = 0; $pagefunr = eReturnRewritePlUrl($classid, $id, 'dozt', 0, 0, 1); $returl = $pagefunr['pageurl']; } else { if (!trim($saytext) || !$id || !$classid) { printerror("EmptyPl", "history.go(-1)", 1); } //表存在 if (empty($class_r[$classid][tbname])) { printerror("ErrorUrl", "history.go(-1)", 1); } //是否关闭评论 $r = $empire->fetch1("select classid,stb,restb from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' limit 1"); if (!$r['classid'] || $r['classid'] != $classid) { printerror("ErrorUrl", "history.go(-1)", 1); } if ($class_r[$r[classid]][openpl]) { printerror("CloseClassPl", "history.go(-1)", 1); } //单信息关闭评论 $pubid = ReturnInfoPubid($classid, $id); $finfor = $empire->fetch1("select closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . "_data_" . $r['stb'] . " where id='{$id}' limit 1"); if ($finfor['closepl']) { printerror("CloseInfoPl", "history.go(-1)", 1); } //审核 if ($class_r[$classid][checkpl]) { $checked = 1; } else { $checked = 0; } $restb = $r['restb']; $pagefunr = eReturnRewritePlUrl($classid, $id, 'doinfo', 0, 0, 1); $returl = $pagefunr['pageurl']; } //设置参数 $plsetr = $empire->fetch1("select pltime,plsize,plincludesize,plclosewords,plmustf,plf,plmaxfloor,plquotetemp from {$dbtbpre}enewspl_set limit 1"); if (strlen($saytext) > $plsetr['plsize']) { $GLOBALS['setplsize'] = $plsetr['plsize']; printerror("PlSizeTobig", "history.go(-1)", 1); } $time = time(); $saytime = $time; $pltime = getcvar('lastpltime'); if ($pltime) { if ($time - $pltime < $plsetr['pltime']) { $GLOBALS['setpltime'] = $plsetr['pltime']; printerror("PlOutTime", "history.go(-1)", 1); } } $sayip = egetip(); $eipport = egetipport(); $username = str_replace("\r\n", "", $username); $username = RepPostStr($username); $saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext))); if ($repid) { $saytext = RepPlTextQuote($repid, $saytext, $plsetr, $restb); CkPlQuoteFloor($plsetr['plmaxfloor'], $saytext); //验证楼层 } //过滤字符 $saytext = ReplacePlWord($plsetr['plclosewords'], $saytext); if ($level_r[$mgroupid]['plchecked']) { $checked = 0; } $ret_r = ReturnPlAddF($add, $plsetr, 0); //主表 $sql = $empire->query("insert into {$dbtbpre}enewspl_" . $restb . "(pubid,username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,saytext,eipport" . $ret_r['fields'] . ") values('{$pubid}','" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'" . addslashes($saytext) . "','{$eipport}'" . $ret_r['values'] . ");"); $plid = $empire->lastid(); if ($doaction != 'dozt') { //信息表加1 $usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}' limit 1"); } //更新新评论数 DoUpdateAddDataNum('pl', $restb, 1); //设置最后发表时间 $set1 = esetcookie("lastpltime", time(), time() + 3600 * 24); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { $reurl = DoingReturnUrl($returl, $_POST['ecmsfrom']); printerror("AddPlSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function ReturnQAddinfoF($mid, $add, $infor, $classid, $filepass, $userid, $username, $ecms = 0) { global $empire, $dbtbpre, $public_r, $emod_r, $ecms_config; $ret_r = array(); $pr = $empire->fetch1("select qaddtran,qaddtransize,qaddtranimgtype,qaddtranfile,qaddtranfilesize,qaddtranfiletype,closewords,closewordsf from {$dbtbpre}enewspublic limit 1"); $isadd = $ecms == 0 ? 1 : 0; qCheckInfoCloseWord($mid, $add, $pr['closewordsf'], $pr['closewords']); //屏蔽字符验证 //检测必填字段 $pagef = $emod_r[$mid]['pagef']; $mustr = explode(",", $emod_r[$mid]['mustqenterf']); $mustcount = count($mustr) - 1; for ($i = 1; $i < $mustcount; $i++) { $mf = $mustr[$i]; if (strstr($emod_r[$mid]['filef'], ',' . $mf . ',') || strstr($emod_r[$mid]['imgf'], ',' . $mf . ',') || strstr($emod_r[$mid]['flashf'], ',' . $mf . ',') || $mf == 'downpath' || $mf == 'onlinepath') { $mfilef = $mf . "file"; //上传文件 if ($_FILES[$mfilef]['name']) { if (strstr($emod_r[$mid]['imgf'], ',' . $mf . ',')) { if (!$pr['qaddtran']) { printerror("CloseQTranPic", "", 1); } } else { if (!$pr['qaddtranfile']) { printerror("CloseQTranFile", "", 1); } } } elseif (!trim($add[$mf]) && !$infor[$mf]) { printerror("EmptyQMustF", "", 1); } } else { $chmustval = ReturnCheckboxAddF($add[$mf], $mid, $mf); //复选框 $chmustval = ReturnMoreValueAddF($add, $chmustval, $mid, $mf, $ecms); //多值 if (!trim($chmustval)) { printerror("EmptyQMustF", "", 1); } } } //字段处理 $dh = ""; $tranf = ""; $fr = explode(',', $emod_r[$mid]['qenter']); $count = count($fr) - 1; for ($i = 1; $i < $count; $i++) { $f = $fr[$i]; if ($f == 'special.field' || $ecms == 0 && !strstr($emod_r[$mid]['canaddf'], ',' . $f . ',') || $ecms == 1 && !strstr($emod_r[$mid]['caneditf'], ',' . $f . ',')) { continue; } //附件 $add[$f] = str_replace('[!#@-', 'ecms', $add[$f]); if (strstr($emod_r[$mid]['filef'], ',' . $f . ',') || strstr($emod_r[$mid]['imgf'], ',' . $f . ',') || strstr($emod_r[$mid]['flashf'], ',' . $f . ',') || $f == 'downpath' || $f == 'onlinepath') { //上传附件 $filetf = $f . "file"; if ($_FILES[$filetf]['name']) { $filetype = GetFiletype($_FILES[$filetf]['name']); //取得文件类型 if (CheckSaveTranFiletype($filetype)) { printerror("NotQTranFiletype", "", 1); } if (strstr($emod_r[$mid]['imgf'], ',' . $f . ',')) { if (!$pr['qaddtran']) { printerror("CloseQTranPic", "", 1); } if (!strstr($pr['qaddtranimgtype'], "|" . $filetype . "|")) { printerror("NotQTranFiletype", "", 1); } if ($_FILES[$filetf]['size'] > $pr['qaddtransize'] * 1024) { printerror("TooBigQTranFile", "", 1); } if (!strstr($ecms_config['sets']['tranpicturetype'], ',' . $filetype . ',')) { printerror("NotQTranFiletype", "", 1); } } else { if (!$pr['qaddtranfile']) { printerror("CloseQTranFile", "", 1); } if (!strstr($pr['qaddtranfiletype'], "|" . $filetype . "|")) { printerror("NotQTranFiletype", "", 1); } if ($_FILES[$filetf]['size'] > $pr['qaddtranfilesize'] * 1024) { printerror("TooBigQTranFile", "", 1); } if (strstr($emod_r[$mid]['flashf'], ',' . $f . ',')) { if (!strstr($ecms_config['sets']['tranflashtype'], "," . $filetype . ",")) { printerror("NotQTranFiletype", "", 1); } } if ($f == "onlinepath") { if (strstr($wmv_type, "," . $filetype . ",")) { } } } $tranf .= $dh . $f; $dh = ","; $fval = "[!#@-" . $f . "-@!]"; } else { if ($public_r['modinfoedittran'] == 1) { $fval = $add[$f]; if ($ecms == 1 && $infor[$f] && !trim($fval)) { $fval = $infor[$f]; //特殊字段 if ($f == "downpath" || $f == "onlinepath") { $fval = DoReqDownPath($fval); } } } else { $fval = ''; if ($ecms == 1) { $fval = $infor[$f]; //特殊字段 if ($f == "downpath" || $f == "onlinepath") { $fval = DoReqDownPath($fval); } } } } } elseif ($f == 'newstime') { if ($add[$f]) { $fval = to_time($add[$f]); } else { $fval = time(); } } elseif ($f == 'newstext') { if ($ecms == 0) { $fval = DoReplaceKeyAndWord($add[$f], 1, $classid); //替换关键字和字符 } else { $fval = $add[$f]; } } elseif ($f == 'infoip') { $fval = egetip(); } elseif ($f == 'infoipport') { $fval = egetipport(); } elseif ($f == 'infozm') { $fval = $add[$f] ? $add[$f] : GetInfoZm($add[title]); } else { $add[$f] = ReturnCheckboxAddF($add[$f], $mid, $f); //复选框 $add[$f] = ReturnMoreValueAddF($add, $add[$f], $mid, $f, $ecms); //多值 $fval = $add[$f]; } $fval = DoFFun($mid, $f, $fval, $isadd, 1); //执行函数 $modispagef = $pagef == $f ? 1 : 0; $fval = RepTempvarPostStrT($fval, $modispagef); if ($pagef != $f) { $fval = RepTempvarPostStr($fval); } ChIsOnlyAddF($mid, $infor[id], $f, $fval, 1); //唯一值 $fval = DoqValue($mid, $f, $fval); $fval = DoqSpecialValue($mid, $f, $fval, $add, $infor, $ecms); $fval = RepPostStr2($fval); if ($ecms == 1) { SameDataAddF($info[id], $classid, $mid, $f, $fval); } $fval = addslashes($fval); if ($ecms == 0) { if (strstr($emod_r[$mid]['tbdataf'], ',' . $f . ',')) { $ret_r[2] .= "," . $f; $ret_r[3] .= ",'" . $fval . "'"; } else { $ret_r[0] .= "," . $f; $ret_r[1] .= ",'" . $fval . "'"; } } else { if ($f == 'infoip' || $f == 'infoipport') { continue; } if (strstr($emod_r[$mid]['tbdataf'], ',' . $f . ',')) { $ret_r[3] .= "," . $f . "='" . $fval . "'"; } else { $ret_r[0] .= "," . $f . "='" . $fval . "'"; } } } //上传附件 if ($tranf) { if ($ecms == 0) { $infoid = 0; } else { $infoid = $infor['id']; $filepass = 0; } $tranr = explode(",", $tranf); $count = count($tranr); for ($i = 0; $i < $count; $i++) { $tf = $tranr[$i]; $tffile = $tf . "file"; $tfr = DoTranFile($_FILES[$tffile]['tmp_name'], $_FILES[$tffile]['name'], $_FILES[$tffile]['type'], $_FILES[$tffile]['size'], $classid); if ($tfr['tran']) { //文件类型 $mvf = $tf . "mtfile"; if (strstr($emod_r[$mid]['imgf'], ',' . $tf . ',')) { $type = 1; } elseif (strstr($emod_r[$mid]['flashf'], ',' . $tf . ',')) { $type = 2; } elseif ($add[$mvf] == 1) { $type = 3; } else { $type = 0; } //写入数据库 $filetime = time(); $filesize = (int) $_FILES[$tffile]['size']; $classid = (int) $classid; eInsertFileTable($tfr[filename], $filesize, $tfr[filepath], '[Member]' . $username, $classid, '[' . $tf . ']' . addslashes(RepPostStr($add[title])), $type, $infoid, $filepass, $public_r[fpath], 0, 0, $ecms == 1 ? $infor['fstb'] : $public_r['filedeftb']); //删除旧文件 if ($ecms == 1 && $infor[$tf]) { DelYQTranFile($classid, $infor['id'], $infor[$tf], $tf, $infor['fstb']); } $repfval = $tfr['url']; } else { $repfval = $infor[$tf]; //特殊字段 if ($tf == "downpath" || $tf == "onlinepath") { $repfval = DoReqDownPath($repfval); } } if ($ecms == 0) { $ret_r[1] = str_replace("[!#@-" . $tf . "-@!]", $repfval, $ret_r[1]); $ret_r[3] = str_replace("[!#@-" . $tf . "-@!]", $repfval, $ret_r[3]); } else { $ret_r[0] = str_replace("[!#@-" . $tf . "-@!]", $repfval, $ret_r[0]); $ret_r[3] = str_replace("[!#@-" . $tf . "-@!]", $repfval, $ret_r[3]); } } } $ret_r[4] = $emod_r[$mid]['deftb']; return $ret_r; }
function ReturnAddF($add, $modid, $userid, $username, $do = 0, $rdata = 0, $ch = 0) { global $empire, $public_r, $dbtbpre, $emod_r; if ($do == 0 || $do == 1) { //导入gd处理文件 if ($add['mark'] || $add['getfirsttitlespic'] || $add['mcreatespic']) { include_once ECMS_PATH . DASHBOARD . '/class/gd.php'; } } $ret_r['tb'] = $emod_r[$modid]['deftb']; $pagef = $emod_r[$modid]['pagef']; $r = explode(',', $emod_r[$modid][enter]); $count = count($r) - 1; if (empty($do)) { //数据库操作 for ($i = 1; $i < $count; $i++) { $f = $r[$i]; if ($f == 'special.field' || !strstr($emod_r[$modid]['canaddf'], ',' . $f . ',')) { continue; } $add[$f] = ReturnCheckboxAddF($add[$f], $modid, $f); //复选框 $add[$f] = ReturnMoreValueAddF($add, $add[$f], $modid, $f, $do); //多值 $value = RepPhpAspJspcodeText($add[$f]); if ($f == 'newstime') { $value = empty($value) ? time() : to_time($value); } elseif ($f == "morepic") { $value = ReturnMorepicpath($add['msmallpic'], $add['mbigpic'], $add['mpicname'], $add['mdelpicid'], $add['mpicid'], $add, $add['mpicurl_qz'], 0, 0, $public_r['filedeftb']); } elseif ($f == "downpath") { $value = ReturnDownpath($add['downname'], $add['downpath'], $add['delpathid'], $add['pathid'], $add['downuser'], $add['fen'], $add['thedownqz'], $add, $add['foruser'], $add['downurl_qz'], 0); } elseif ($f == "onlinepath") { $value = ReturnDownpath($add['odownname'], $add['odownpath'], $add['odelpathid'], $add['opathid'], $add['odownuser'], $add['ofen'], $add['othedownqz'], $add, $add['oforuser'], $add['onlineurl_qz'], 0); } elseif ($f == "smalltext") { if (!trim($value)) { $value = SubSmalltextVal($add[newstext], $public_r[smalltextlen]); //截取新闻内容 } } elseif ($f == 'infoip') { $value = egetip(); } elseif ($f == 'infoipport') { $value = egetipport(); } elseif ($f == 'infozm') { $value = $value ? $value : GetInfoZm($add[title]); } //处理函数 $value = DoFFun($modid, $f, $value, 1, 0); $modispagef = $pagef == $f ? 1 : 0; $value = RepTempvarPostStrT($value, $modispagef); if ($pagef != $f) { $value = RepTempvarPostStr($value); } //检测必填字段 if ($ch == 1 && empty($add['titleurl'])) { ChMustAddF($modid, $f, $value); ChIsOnlyAddF($modid, 0, $f, $value, 0); //唯一值 } $value = hRepPostStr2($value); //编辑器 if ($f == "newstext") { //远程保存 $value = addslashes(CopyImg(stripSlashes($value), $add[copyimg], $add[copyflash], $add[classid], $add[qz_url], $username, $add['id'], $add['filepass'], $add['mark'], $public_r['filedeftb'])); //替换关键字和字符 $value = DoReplaceKeyAndWord($value, $add['dokey'], $add['classid']); //自动分页 if ($add[autopage] && !strstr($value, "[!--empirenews.page--]")) { if (empty($add[autosize])) { $add[autosize] = 5000; } $value = AutoDoPage($value, $add[autosize]); } } //存文本 if ($emod_r[$modid]['savetxtf'] && $f == $emod_r[$modid]['savetxtf']) { //建立目录 $thetxtfile = GetFileMd5(); $truevalue = MkDirTxtFile(date("Y/md"), $thetxtfile); //写放文件 EditTxtFieldText($truevalue, $value); $value = $truevalue; } if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) { $ret_r['datafields'] .= "," . $f; $ret_r['datavalues'] .= ",'" . addslashes($value) . "'"; } else { $ret_r['fields'] .= "," . $f; $ret_r['values'] .= ",'" . addslashes($value) . "'"; } } } elseif ($do == 1) { //数据库操作 for ($i = 1; $i < $count; $i++) { $f = $r[$i]; if ($f == "special.field" || !strstr($emod_r[$modid]['caneditf'], ',' . $f . ',')) { continue; } $add[$f] = ReturnCheckboxAddF($add[$f], $modid, $f); //复选框 $add[$f] = ReturnMoreValueAddF($add, $add[$f], $modid, $f, $do); //多值 $value = RepPhpAspJspcodeText($add[$f]); if ($f == 'newstime') { $value = empty($value) ? time() : to_time($value); } elseif ($f == "morepic") { $value = ReturnMorepicpath($add['msmallpic'], $add['mbigpic'], $add['mpicname'], $add['mdelpicid'], $add['mpicid'], $add, $add['mpicurl_qz'], 1, 0, intval($add['fstb'])); } elseif ($f == "downpath") { $value = ReturnDownpath($add['downname'], $add['downpath'], $add['delpathid'], $add['pathid'], $add['downuser'], $add['fen'], $add['thedownqz'], $add, $add['foruser'], $add['downurl_qz'], 1); } elseif ($f == "onlinepath") { $value = ReturnDownpath($add['odownname'], $add['odownpath'], $add['odelpathid'], $add['opathid'], $add['odownuser'], $add['ofen'], $add['othedownqz'], $add, $add['oforuser'], $add['onlineurl_qz'], 1); } elseif ($f == "smalltext") { if (!trim($value)) { $value = SubSmalltextVal($add[newstext], $public_r[smalltextlen]); //截取新闻内容 } } elseif ($f == 'infozm') { $value = $value ? $value : GetInfoZm($add[title]); } //处理函数 $value = DoFFun($modid, $f, $value, 0, 0); $modispagef = $pagef == $f ? 1 : 0; $value = RepTempvarPostStrT($value, $modispagef); if ($pagef != $f) { $value = RepTempvarPostStr($value); } //检测必填字段 if ($ch == 1 && empty($add['titleurl'])) { ChMustAddF($modid, $f, $value); ChIsOnlyAddF($modid, $add[id], $f, $value, 0); //唯一值 } $value = hRepPostStr2($value); //数据同步 SameDataAddF($add[id], $add[classid], $modid, $f, $value); //内容 if ($f == "newstext") { //远程保存 $value = addslashes(CopyImg(stripSlashes($value), $add[copyimg], $add[copyflash], $add[classid], $add[qz_url], $username, $add['id'], $add['filepass'], $add['mark'], intval($add['fstb']))); //自动分页 if ($add[autopage] && !strstr($value, "[!--empirenews.page--]")) { if (empty($add[autosize])) { $add[autosize] = 5000; } $value = AutoDoPage($value, $add[autosize]); } } //存文本 if ($emod_r[$modid]['savetxtf'] && $f == $emod_r[$modid]['savetxtf']) { //建立目录 $newstexttxt_r = explode("/", $add[newstext_url]); $thetxtfile = $newstexttxt_r[2]; $truevalue = MkDirTxtFile($newstexttxt_r[0] . "/" . $newstexttxt_r[1], $thetxtfile); //写放文件 EditTxtFieldText($truevalue, $value); $value = $truevalue; } if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) { $ret_r['datafields'] .= "," . $f; $ret_r['datavalues'] .= "," . $f . "='" . addslashes($value) . "'"; } else { $ret_r['fields'] .= "," . $f; $ret_r['values'] .= "," . $f . "='" . addslashes($value) . "'"; } } } elseif ($do == 8) { //数据库操作 for ($i = 1; $i < $count; $i++) { $f = $r[$i]; if ($f == 'special.field') { continue; } $value = $add[$f]; //存文本 if ($emod_r[$modid]['savetxtf'] && $f == $emod_r[$modid]['savetxtf']) { //建立目录 $newstexttxt_r = explode("/", $add[newstext_url]); $thetxtfile = $newstexttxt_r[2]; $truevalue = MkDirTxtFile($newstexttxt_r[0] . "/" . $newstexttxt_r[1], $thetxtfile); //写放文件 EditTxtFieldText($truevalue, $value); $value = $truevalue; } if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) { $ret_r['datafields'] .= "," . $f; $ret_r['datavalues'] .= "," . $f . "='" . StripAddsData($value) . "'"; } else { $ret_r['fields'] .= "," . $f; $ret_r['values'] .= "," . $f . "='" . StripAddsData($value) . "'"; } } } elseif ($do == 9) { //数据库操作 for ($i = 1; $i < $count; $i++) { $f = $r[$i]; if ($f == 'special.field') { continue; } $value = $add[$f]; //存文本 if ($emod_r[$modid]['savetxtf'] && $f == $emod_r[$modid]['savetxtf']) { //建立目录 $thetxtfile = GetFileMd5(); $truevalue = MkDirTxtFile(date("Y/md"), $thetxtfile); //写放文件 EditTxtFieldText($truevalue, $value); $value = $truevalue; } if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) { $ret_r['datafields'] .= "," . $f; $ret_r['datavalues'] .= ",'" . StripAddsData($value) . "'"; } else { $ret_r['fields'] .= "," . $f; $ret_r['values'] .= ",'" . StripAddsData($value) . "'"; } } } elseif ($do == 10) { //数据库操作 for ($i = 1; $i < $count; $i++) { $f = $r[$i]; if ($f == 'special.field') { continue; } $value = $add[$f]; if (strstr($emod_r[$modid]['tbdataf'], ',' . $f . ',')) { $ret_r['datafields'] .= "," . $f; $ret_r['datavalues'] .= ",'" . StripAddsData($value) . "'"; } else { $ret_r['fields'] .= "," . $f; $ret_r['values'] .= ",'" . StripAddsData($value) . "'"; } } } return $ret_r; }
function AddGbook($add) { global $empire, $dbtbpre, $level_r, $public_r; //验证本时间允许操作 eCheckTimeCloseDo('gbook'); //验证IP eCheckAccessDoIp('gbook'); CheckCanPostUrl(); //验证来源 if ($add['bid']) { $bid = (int) $add['bid']; } else { $bid = (int) getcvar('gbookbid'); } $name = RepPostStr(trim($add[name])); $email = RepPostStr($add[email]); $mycall = RepPostStr($add[mycall]); $lytext = RepPostStr($add[lytext]); if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) { printerror("EmptyGbookname", "history.go(-1)", 1); } if (!chemail($email)) { printerror("EmailFail", "history.go(-1)", 1); } //验证码 $keyvname = 'checkgbookkey'; if ($public_r['gbkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } $lasttime = getcvar('lastgbooktime'); if ($lasttime) { if (time() - $lasttime < $public_r['regbooktime']) { printerror("GbOutTime", "", 1); } } //版面是否存在 $br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';"); if (empty($br[bid])) { printerror("EmptyGbook", "history.go(-1)", 1); } //权限 if ($br['groupid']) { $user = islogin(); if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) { printerror("HaveNotEnLevel", "history.go(-1)", 1); } } $lytime = date("Y-m-d H:i:s"); $ip = egetip(); $eipport = egetipport(); $userid = (int) getcvar('mluserid'); $username = RepPostVar(getcvar('mlusername')); $sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`mycall`,lytime,lytext,retext,bid,ip,checked,userid,username,eipport) values('{$name}','{$email}','{$mycall}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}','{$eipport}');"); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { esetcookie("lastgbooktime", time(), time() + 3600 * 24); //设置最后发表时间 $reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']); printerror("AddGbookSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function AddUser($username, $password, $repassword, $groupid, $adminclass, $checked, $styleid, $loginuserid, $loginusername) { global $empire, $class_r, $dbtbpre; if (!$username || !$password || !$repassword) { printerror("EmptyUsername", "history.go(-1)"); } if ($password != $repassword) { printerror("NotRepassword", "history.go(-1)"); } if (strlen($password) < 6) { printerror("LessPassword", "history.go(-1)"); } //操作权限 CheckLevel($loginuserid, $loginusername, $classid, "user"); $num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsuser where username='******' limit 1"); if ($num) { printerror("ReUsername", "history.go(-1)"); } //管理目录 for ($i = 0; $i < count($adminclass); $i++) { //大栏目 if (empty($class_r[$adminclass[$i]][islast])) { if (empty($class_r[$adminclass[$i]][sonclass]) || $class_r[$adminclass[$i]][sonclass] == "|") { continue; } else { $andclass = substr($class_r[$adminclass[$i]][sonclass], 1); } $insert_class .= $andclass; } else { $insert_class .= $adminclass[$i] . "|"; } } $insert_class = "|" . $insert_class; $styleid = (int) $styleid; $groupid = (int) $groupid; $checked = (int) $checked; $filelevel = (int) $_POST['filelevel']; $classid = (int) $_POST['classid']; $rnd = make_password(20); $salt = make_password(8); $salt2 = make_password(20); $password = DoEmpireCMSAdminPassword($password, $salt, $salt2); $truename = ehtmlspecialchars($_POST['truename']); $email = ehtmlspecialchars($_POST['email']); $openip = ehtmlspecialchars($_POST['openip']); $addtime = time(); $addip = egetip(); $addipport = egetipport(); $userprikey = make_password(48); $sql = $empire->query("insert into {$dbtbpre}enewsuser(username,password,rnd,groupid,adminclass,checked,styleid,filelevel,salt,loginnum,lasttime,lastip,truename,email,classid,addtime,addip,userprikey,salt2,lastipport,preipport,addipport) values('{$username}','{$password}','{$rnd}',{$groupid},'{$insert_class}',{$checked},{$styleid},'{$filelevel}','{$salt}',0,0,'','{$truename}','{$email}','{$classid}','{$addtime}','{$addip}','{$userprikey}','{$salt2}','{$addipport}','{$addipport}','{$addipport}');"); $userid = $empire->lastid(); //安全提问 $equestion = (int) $_POST['equestion']; $eanswer = $_POST['eanswer']; if ($equestion) { if (!$eanswer) { printerror('EmptyEAnswer', ''); } $eanswer = ReturnHLoginQuestionStr($userid, $username, $equestion, $eanswer); } else { $equestion = 0; $eanswer = ''; } $empire->query("insert into {$dbtbpre}enewsuseradd(userid,equestion,eanswer,openip) values('{$userid}','{$equestion}','{$eanswer}','{$openip}');"); if ($sql) { $cache_enews = 'douserinfo'; $cache_ecmstourl = urlencode('user/AddUser.php?enews=AddUser' . hReturnEcmsHashStrHref2(0)); $cache_mess = 'AddUserSuccess'; $cache_uid = $userid; $cache_url = "../CreateCache.php?enews={$cache_enews}&uid={$cache_uid}&ecmstourl={$cache_ecmstourl}&mess={$cache_mess}" . hReturnEcmsHashStrHref2(0); //操作日志 insert_dolog("userid=" . $userid . "<br>username="******"AddUserSuccess","AddUser.php?enews=AddUser".hReturnEcmsHashStrHref2(0)); echo '<meta http-equiv="refresh" content="0;url=' . $cache_url . '">'; db_close(); $empire = null; exit; } else { printerror("DbError", "history.go(-1)"); } }
function EditInfo($post) { global $empire, $dbtbpre, $public_r; $user_r = islogin(); //是否登陆 $userid = $user_r[userid]; $username = $user_r[username]; $dousername = $username; $rnd = $user_r[rnd]; $groupid = $user_r[groupid]; if (!$userid || !$username) { printerror("NotEmpty", "history.go(-1)", 1); } //验证附加表必填项 $addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'"); $user_r = $empire->fetch1("select " . eReturnSelectMemberF('groupid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}'"); $fid = GetMemberFormId($user_r['groupid']); if (empty($addr[userid])) { $mr['add_filepass'] = $userid; $member_r = ReturnDoMemberF($fid, $post, $mr, 0, $dousername); } else { $addr['add_filepass'] = $userid; $member_r = ReturnDoMemberF($fid, $post, $addr, 1, $dousername); } //附加表 if (empty($addr[userid])) { //IP $regip = egetip(); $regipport = egetipport(); $lasttime = time(); $sql = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$regip}','{$lasttime}','{$regip}',1,'{$regipport}','{$regipport}'" . $member_r[1] . ");"); } else { $sql = $empire->query("update {$dbtbpre}enewsmemberadd set userid='{$userid}'" . $member_r[0] . " where userid='{$userid}'"); } //更新附件 UpdateTheFileEditOther(6, $userid, 'member'); if ($sql) { printerror("EditInfoSuccess", "../member/EditInfo/", 1); } else { printerror("DbError", "history.go(-1)", 1); } }