if ($action == 'reg') { $user = isset($_POST['user']) ? addslashes(trim($_POST['user'])) : ''; $email = isset($_POST['email']) ? addslashes(trim($_POST['email'])) : ''; $pw = isset($_POST['pw']) ? addslashes(trim($_POST['pw'])) : ''; $repw = isset($_POST['repw']) ? addslashes(trim($_POST['repw'])) : ''; $chcode = isset($_POST['chcode']) ? addslashes(trim(strtoupper($_POST['chcode']))) : ''; $User_Model = new User_Model(); $error_msg = ''; if ($user == '') { emDirect('./reg.php?error_login=1'); } if ($User_Model->isUserExist($user)) { emDirect('./reg.php?error_exist=1'); } if (strlen($pw) < 6) { emDirect('./reg.php?error_pwd_len=1'); } if ($pw != $repw) { emDirect('./reg.php?error_pwd2=1'); } session_start(); $sessionCode = isset($_SESSION['code']) ? $_SESSION['code'] : ''; if (empty($chcode) || $chcode != $sessionCode) { emDirect('./reg.php?error_chcode=1'); } $PHPASS = new PasswordHash(8, true); $pw = $PHPASS->HashPassword($pw); $User_Model->addUser($user, $pw, ROLE_MEMBER, 'y'); $CACHE->updateCache(array('sta', 'user')); emDirect('./?reg_ok=1'); }
function addComment($name, $content, $mail, $url, $imgcode, $blogId, $pid) { $ipaddr = getIp(); $utctimestamp = time(); if ($pid != 0) { $comment = $this->getOneComment($pid); $content = '@' . addslashes($comment['poster']) . ':' . $content; } $ischkcomment = Option::get('ischkcomment'); $hide = ROLE == ROLE_VISITOR ? $ischkcomment : 'n'; $sql = 'INSERT INTO ' . DB_PREFIX . "comment (date,poster,gid,comment,mail,url,hide,ip,pid)\n VALUES ('{$utctimestamp}','{$name}','{$blogId}','{$content}','{$mail}','{$url}','{$hide}','{$ipaddr}','{$pid}')"; $ret = $this->db->query($sql); $cid = $this->db->insert_id(); $CACHE = Cache::getInstance(); if ($hide == 'n') { $this->db->query('UPDATE ' . DB_PREFIX . "blog SET comnum = comnum + 1 WHERE gid='{$blogId}'"); $CACHE->updateCache(array('sta', 'comment')); doAction('comment_saved', $cid); emDirect(Url::log($blogId) . '#' . $cid); } else { $CACHE->updateCache('sta'); doAction('comment_saved', $cid); emMsg('评论发表成功,请等待管理员审核', Url::log($blogId)); } }
} //上传zip模板 if ($action == 'upload_zip') { LoginAuth::checkToken(); $zipfile = isset($_FILES['tplzip']) ? $_FILES['tplzip'] : ''; if ($zipfile['error'] == 4) { emDirect("./template.php?action=install&error_d=1"); } if (!$zipfile || $zipfile['error'] >= 1 || empty($zipfile['tmp_name'])) { emMsg('模板上传失败'); } if (getFileSuffix($zipfile['name']) != 'zip') { emDirect("./template.php?action=install&error_a=1"); } $ret = emUnZip($zipfile['tmp_name'], '../content/templates/', 'tpl'); switch ($ret) { case 0: emDirect("./template.php?activate_install=1#tpllib"); break; case -2: emDirect("./template.php?action=install&error_e=1"); break; case 1: case 2: emDirect("./template.php?action=install&error_b=1"); break; case 3: emDirect("./template.php?action=install&error_c=1"); break; } }
$pid = isset($_POST['pid']) ? intval(trim($_POST['pid'])) : 0; $navi_data = array('naviname' => $naviname, 'newtab' => $newtab, 'pid' => $pid); if (empty($naviname)) { unset($navi_data['naviname']); } if ($isdefault == 'n') { $navi_data['url'] = $url; } $Navi_Model->updateNavi($navi_data, $naviId); $CACHE->updateCache('navi'); emDirect("./navbar.php?active_edit=1"); } if ($action == 'del') { LoginAuth::checkToken(); $navid = isset($_GET['id']) ? intval($_GET['id']) : ''; $Navi_Model->deleteNavi($navid); $CACHE->updateCache('navi'); emDirect("./navbar.php?active_del=1"); } if ($action == 'hide') { $naviId = isset($_GET['id']) ? intval($_GET['id']) : ''; $Navi_Model->updateNavi(array('hide' => 'y'), $naviId); $CACHE->updateCache('navi'); emDirect('./navbar.php'); } if ($action == 'show') { $naviId = isset($_GET['id']) ? intval($_GET['id']) : ''; $Navi_Model->updateNavi(array('hide' => 'n'), $naviId); $CACHE->updateCache('navi'); emDirect('./navbar.php'); }
if (file_exists($style_path . $file . '/style.css')) { $styleData = implode('', @file($style_path . $file . '/style.css')); preg_match("/Style Name:([^\r\n]+)/i", $styleData, $name); preg_match("/Author:(.*)/i", $styleData, $author); preg_match("/Url:(.*)/i", $styleData, $url); $styleInfo['style_name'] = !empty($name[1]) ? trim($name[1]) : $file; $styleInfo['style_file'] = $file; if (!empty($author[1]) && !empty($url[1])) { $styleInfo['style_author'] = '(作者:<a href="' . $url[1] . '" target="_blank">' . $author[1] . '</a>)'; } elseif (!empty($author[1])) { $styleInfo['style_author'] = '(作者:' . $author[1] . ')'; } else { $styleInfo['style_author'] = ''; } $styles[] = $styleInfo; } } closedir($handle); $stylenums = count($styles); include View::getView('header'); require_once View::getView('style'); include View::getView('footer'); View::output(); } //update if ($action == 'usestyle') { $styleName = isset($_GET['style']) ? addslashes($_GET['style']) : ''; Option::updateOption('admin_style', $styleName); $CACHE->updateCache('options'); emDirect("./style.php?activated=1"); }
/** * 手动退出登录 * @param string * @return null */ public function SignOut($UserInfo = null) { if ($UserInfo) { Juser::setAuthOut(); } emDirect(BLOG_URL); }
$avatar = isset($_POST['avatar']) ? addslashes(trim($_POST['avatar'])) : ''; $type = array('gif', 'jpg', 'jpeg', 'png'); if ($_FILES['avatar']['size'] > 0) { $file_info = uploadFile($_FILES['avatar']['name'], $_FILES['avatar']['error'], $_FILES['avatar']['tmp_name'], $_FILES['avatar']['size'], $type, true); if (!empty($file_info['file_path'])) { $avatar = !empty($file_info['thum_file']) ? $file_info['thum_file'] : $file_info['file_path']; } } $userData = array('name' => $name, 'vipid' => '', 'age' => $age, 'sex' => $sex, 'dance_age' => $dance_age, 'dance_type' => $dance_type, 'province' => $province, 'contact' => $contact, 'company' => $company, 'awards' => $awards, 'homeurl' => $homeurl, 'avatar' => $avatar, 'duty' => '10', 'regist' => 1); $Vip_model->addUser($userData); $mail = new PHPMailer(); $mail->isSMTP(); //Enable SMTP debugging // 0 = off (for production use) // 1 = client messages // 2 = client and server messages $mail->SMTPDebug = 0; $mail->Debugoutput = 'html'; $mail->CharSet = "UTF-8"; $mail->Host = SMTP_HOST; $mail->Port = SMTP_POST; $mail->SMTPAuth = true; $mail->Username = SMTP_USER_NAME; $mail->Password = SMTP_PASSWORD; $mail->setFrom(SMTP_USER_NAME); $mail->addAddress(EMAIL_VIP_VIPORG); $mail->Subject = '新会员申请提醒 姓名:' . $name; $mail->Body = '请去后台管理页面查看并审核'; $mail->send(); emDirect('./payment.php?active_add=1'); }
} if (strlen($reply) > 2000) { emDirect("./comment.php?error_d=1"); } if (isset($_POST['pub_it'])) { $Comment_Model->showComment($commentId); $hide = 'n'; } $Comment_Model->replyComment($blogId, $commentId, $reply, $hide); $CACHE->updateCache('comment'); $CACHE->updateCache('sta'); doAction('comment_reply', $commentId, $reply); emDirect("./comment.php?active_rep=1"); } if ($action == 'doedit') { $name = isset($_POST['name']) ? addslashes(trim($_POST['name'])) : ''; $mail = isset($_POST['mail']) ? addslashes(trim($_POST['mail'])) : ''; $url = isset($_POST['url']) ? addslashes(trim($_POST['url'])) : ''; $comment = isset($_POST['comment']) ? addslashes(trim($_POST['comment'])) : ''; $commentId = isset($_POST['cid']) ? intval($_POST['cid']) : ''; if ($comment == '') { emDirect("./comment.php?error_e=1"); } if (strlen($comment) > 2000) { emDirect("./comment.php?error_d=1"); } $commentData = array('poster' => $name, 'mail' => $mail, 'url' => $url, 'comment' => $comment); $Comment_Model->updateComment($commentData, $commentId); $CACHE->updateCache('comment'); emDirect("./comment.php?active_edit=1"); }
$tagId = isset($_GET['tid']) ? intval($_GET['tid']) : ''; $tag = $Tag_Model->getOneTag($tagId); extract($tag); include View::getView('header'); require_once View::getView('tagedit'); include View::getView('footer'); View::output(); } //标签修改 if ($action == 'update_tag') { $tagName = isset($_POST['tagname']) ? addslashes($_POST['tagname']) : ''; $tagId = isset($_POST['tid']) ? intval($_POST['tid']) : ''; if (empty($tagName)) { emDirect("tag.php?action=mod_tag&tid={$tagId}&error_a=1"); } $Tag_Model->updateTagName($tagId, $tagName); $CACHE->updateCache(array('tags', 'logtags')); emDirect("./tag.php?active_edit=1"); } //批量删除标签 if ($action == 'dell_all_tag') { $tags = isset($_POST['tag']) ? $_POST['tag'] : ''; if (!$tags) { emDirect("./tag.php?error_a=1"); } foreach ($tags as $key => $value) { $Tag_Model->deleteTag($key); } $CACHE->updateCache(array('tags', 'logtags')); emDirect("./tag.php?active_del=1"); }
if (!$t) { emDirect("twitter.php?error_a=1"); } $tdata = array('content' => $Twitter_Model->formatTwitter($t), 'author' => UID, 'date' => time(), 'img' => str_replace('../', '', $img)); $twid = $Twitter_Model->addTwitter($tdata); $CACHE->updateCache(array('sta', 'newtw')); doAction('post_twitter', $t, $twid); emDirect("twitter.php?active_t=1"); } // 删除微语. if ($action == 'del') { LoginAuth::checkToken(); $id = isset($_GET['id']) ? intval($_GET['id']) : ''; $Twitter_Model->delTwitter($id); $CACHE->updateCache(array('sta', 'newtw')); emDirect("twitter.php?active_del=1"); } // 获取回复. if ($action == 'getreply') { $tid = isset($_GET['tid']) ? intval($_GET['tid']) : null; $Reply_Model = new Reply_Model(); $replys = $Reply_Model->getReplys($tid); $response = ''; foreach ($replys as $val) { if ($val['hide'] == 'n') { $style = "background-color:#FFF"; $act = "<span><a href=\"javascript: hidereply({$val['id']},{$tid});\">隐藏</a></span> "; } else { $style = "background-color:#FEE0E4"; $act = "<span><a href=\"javascript: pubreply({$val['id']},{$tid});\">审核</a></span> "; }
} //上传zip插件 if ($action == 'upload_zip') { LoginAuth::checkToken(); $zipfile = isset($_FILES['pluzip']) ? $_FILES['pluzip'] : ''; if ($zipfile['error'] == 4) { emDirect("./plugin.php?error_d=1"); } if (!$zipfile || $zipfile['error'] >= 1 || empty($zipfile['tmp_name'])) { emMsg('插件上传失败'); } if (getFileSuffix($zipfile['name']) != 'zip') { emDirect("./plugin.php?error_f=1"); } $ret = emUnZip($zipfile['tmp_name'], '../content/plugins/', 'plugin'); switch ($ret) { case 0: emDirect("./plugin.php?activate_install=1#tpllib"); break; case -1: emDirect("./plugin.php?error_e=1"); break; case 1: case 2: emDirect("./plugin.php?error_b=1"); break; case 3: emDirect("./plugin.php?error_c=1"); break; } }
<div class="clear"></div> </div> <!-- End .content-box-header --> <div class="content-box-content"> <div class="tab-content default-tab" id="tab1" style="display: block; "> <!-- This is the target div. id must match the href of this div's tab --> <?php require_once 'define.php'; require_once 'mysql.php'; require_once 'FunctionBase.php'; $mysql = MySql::getInstance(); $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; if ($action == 'del' && isset($_REQUEST['id'])) { $id = $_REQUEST['id']; $mysql->query("delete from ErrFeature where id='" . $id . "';"); emDirect("FeatureList.php?active_del=true"); } $rq = $mysql->query('select * from ErrFeature'); ?> <table> <thead> <tr> <th>ID</th> <th>类型</th> <th>特征表达式</th> <th>提示信息</th> <th>操作</th> </tr> </thead> <tfoot> <tr>
header("content-Type: text/html; charset=utf-8"); require_once 'FunctionBase.php'; require_once 'mysql.php'; /* print_r($_REQUEST['feature']); echo '<br />'; print_r($_REQUEST['info']); echo '<br />'; */ $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; $regex = $_REQUEST['regex']; $info = $_REQUEST['info']; $type = $_REQUEST['type']; if ($action == 'new') { $mysql = MySql::getInstance(); $regex = mysql_real_escape_string($regex); $info = mysql_real_escape_string($info); $sql = "insert into ErrFeature(regex, info, type) values('" . $regex . "','" . $info . "','" . $type . "');\n"; $rq = $mysql->query($sql); } else { if ($action == 'update') { $id = intval($_REQUEST['id']); $mysql = MySql::getInstance(); $regex = mysql_real_escape_string($regex); $info = mysql_real_escape_string($info); $sql = "update ErrFeature set regex='" . $regex . "', info='" . $info . "', type='" . $type . "' where id=" . $id . ";"; $rq = $mysql->query($sql); } } emDirect('FeatureList.php');
if ($action == 'update') { $uid = isset($_POST['uid']) ? intval(trim($_POST['uid'])) : ''; $vipid = isset($_POST['vipid']) ? addslashes(trim($_POST['vipid'])) : ''; $name = isset($_POST['name']) ? addslashes(trim($_POST['name'])) : ''; $age = isset($_POST['age']) ? addslashes(trim($_POST['age'])) : ''; $sex = isset($_POST['sex']) ? addslashes(trim($_POST['sex'])) : ''; $province = isset($_POST['province']) ? addslashes(trim($_POST['province'])) : ''; $dance_age = isset($_POST['dance_age']) ? addslashes(trim($_POST['dance_age'])) : ''; $contact = isset($_POST['contact']) ? addslashes(trim($_POST['contact'])) : ''; $dance_type = isset($_POST['dance_type']) ? addslashes(trim($_POST['dance_type'])) : ''; $company = isset($_POST['company']) ? addslashes(trim($_POST['company'])) : ''; $awards = isset($_POST['awards']) ? addslashes(trim($_POST['awards'])) : ''; $homeurl = isset($_POST['homeurl']) ? addslashes(trim($_POST['homeurl'])) : ''; $duty = isset($_POST['duty']) ? addslashes(trim($_POST['duty'])) : ''; $avatar = isset($_POST['avatar']) ? addslashes(trim($_POST['avatar'])) : ''; $type = array('gif', 'jpg', 'jpeg', 'png'); if ($_FILES['avatar']['size'] > 0) { $file_info = uploadFile($_FILES['avatar']['name'], $_FILES['avatar']['error'], $_FILES['avatar']['tmp_name'], $_FILES['avatar']['size'], $type, true); if (!empty($file_info['file_path'])) { $avatar = !empty($file_info['thum_file']) ? $file_info['thum_file'] : $file_info['file_path']; } } $userData = array('name' => $name, 'vipid' => $vipid, 'age' => $age, 'sex' => $sex, 'dance_age' => $dance_age, 'dance_type' => $dance_type, 'province' => $province, 'contact' => $contact, 'company' => $company, 'awards' => $awards, 'homeurl' => $homeurl, 'avatar' => $avatar, 'duty' => $duty, 'regist' => 0); $Vip_model->updateUser($userData, $uid); emDirect('./vip.php?active_update=1'); } if ($action == 'del') { $id = isset($_GET['id']) ? intval($_GET['id']) : ''; $Vip_model->deleteUser($id); emDirect('./vip.php?active_del=1'); }
define('OFFICIAL_SERVICE_HOST', 'http://www.emlog.net/'); //官方服务域名 $sta_cache = $CACHE->readCache('sta'); $user_cache = $CACHE->readCache('user'); $action = isset($_GET['action']) ? addslashes($_GET['action']) : ''; //登录验证 if ($action == 'login') { $username = isset($_POST['user']) ? addslashes(trim($_POST['user'])) : ''; $password = isset($_POST['pw']) ? addslashes(trim($_POST['pw'])) : ''; $ispersis = isset($_POST['ispersis']) ? intval($_POST['ispersis']) : false; $img_code = Option::get('login_code') == 'y' && isset($_POST['imgcode']) ? addslashes(trim(strtoupper($_POST['imgcode']))) : ''; $loginAuthRet = LoginAuth::checkUser($username, $password, $img_code); if ($loginAuthRet === true) { LoginAuth::setAuthCookie($username, $ispersis); emDirect("./"); } else { LoginAuth::loginPage($loginAuthRet); } } //退出 if ($action == 'logout') { setcookie(AUTH_COOKIE_NAME, ' ', time() - 31536000, '/'); emDirect("../"); } if (ISLOGIN === false) { LoginAuth::loginPage(); } $request_uri = strtolower(substr(basename($_SERVER['SCRIPT_NAME']), 0, -4)); if (ROLE == ROLE_WRITER && !in_array($request_uri, array('write_log', 'admin_log', 'attachment', 'blogger', 'comment', 'index', 'save_log'))) { emMsg('权限不足!', './'); }
if ($_FILES['photo']['size'] > 0) { $file_info = uploadFile($_FILES['photo']['name'], $_FILES['photo']['error'], $_FILES['photo']['tmp_name'], $_FILES['photo']['size'], $photo_type, true); if (!empty($file_info['file_path'])) { $usericon = !empty($file_info['thum_file']) ? $file_info['thum_file'] : $file_info['file_path']; } } $User_Model->updateUser(array('nickname' => $nickname, 'email' => $email, 'photo' => $usericon, 'description' => $description), UID); $CACHE->updateCache('user'); emDirect("./blogger.php?active_edit=1"); } if ($action == 'delicon') { LoginAuth::checkToken(); $DB = Database::getInstance(); $query = $DB->query("select photo from " . DB_PREFIX . "user where uid=" . UID); $icon = $DB->fetch_array($query); $icon_1 = $icon['photo']; if (file_exists($icon_1)) { $icon_2 = str_replace('thum-', '', $icon_1); if ($icon_2 != $icon_1 && file_exists($icon_2)) { unlink($icon_2); } $icon_3 = preg_replace("/^(.*)\\/(.*)\$/", "\$1/thum52-\$2", $icon_2); if ($icon_3 != $icon_2 && file_exists($icon_3)) { unlink($icon_3); } unlink($icon_1); } $DB->query("UPDATE " . DB_PREFIX . "user SET photo='' where uid=" . UID); $CACHE->updateCache('user'); emDirect("./blogger.php?active_del=1"); }
if (isset($_POST['alias'])) { $sort_data['alias'] = addslashes(trim($_POST['alias'])); if (!empty($sort_data['alias'])) { if (!preg_match("|^[\\w-]+\$|", $sort_data['alias'])) { emDirect("./sort.php?action=mod_sort&sid={$sid}&error_c=1"); } elseif (preg_match("|^[0-9]+\$|", $sort_data['alias'])) { emDirect("././sort.php?action=mod_sort&sid={$sid}&error_c=1"); } elseif (in_array($sort_data['alias'], array('post', 'record', 'sort', 'tag', 'author', 'page'))) { emDirect("././sort.php?action=mod_sort&sid={$sid}&error_e=1"); } else { $sort_cache = $CACHE->readCache('sort'); unset($sort_cache[$sid]); foreach ($sort_cache as $key => $value) { if ($sort_data['alias'] == $value['alias']) { emDirect("././sort.php?action=mod_sort&sid={$sid}&error_d=1"); } } } } } $Sort_Model->updateSort($sort_data, $sid); $CACHE->updateCache(array('sort', 'logsort', 'navi')); emDirect("./sort.php?active_edit=1"); } if ($action == 'del') { $sid = isset($_GET['sid']) ? intval($_GET['sid']) : ''; LoginAuth::checkToken(); $Sort_Model->deleteSort($sid); $CACHE->updateCache(array('sort', 'logsort', 'navi')); emDirect("./sort.php?active_del=1"); }
if ($action == 'auth') { session_start(); $username = addslashes(trim($_POST['user'])); $password = addslashes(trim($_POST['pw'])); $img_code = Option::get('login_code') == 'y' && isset($_POST['imgcode']) ? addslashes(trim(strtoupper($_POST['imgcode']))) : ''; $ispersis = true; if (LoginAuth::checkUser($username, $password, $img_code) === true) { loginAuth::setAuthCookie($username, $ispersis); emDirect('?tem=' . time()); } else { emDirect("?action=login"); } } if ($action == 'logout') { setcookie(AUTH_COOKIE_NAME, ' ', time() - 31536000, '/'); emDirect('?tem=' . time()); } function mMsg($msg, $url) { include View::getView('header'); include View::getView('msg'); include View::getView('footer'); View::output(); } function authPassword($postPwd, $cookiePwd, $logPwd, $logid) { $pwd = $cookiePwd ? $cookiePwd : $postPwd; if ($pwd !== addslashes($logPwd)) { include View::getView('header'); include View::getView('logauth'); include View::getView('footer');
//操作页面 if ($action == 'operate_page') { $operate = isset($_POST['operate']) ? $_POST['operate'] : ''; $pages = isset($_POST['page']) ? array_map('intval', $_POST['page']) : array(); LoginAuth::checkToken(); $emPage = new Log_Model(); switch ($operate) { case 'del': foreach ($pages as $value) { $emPage->deleteLog($value); unset($navibar[$value]); } $navibar = addslashes(serialize($navibar)); Option::updateOption('navibar', $navibar); $CACHE->updateCache(array('options', 'sta', 'comment', 'logalias')); emDirect("./page.php?active_del=1"); break; case 'hide': case 'pub': $ishide = $operate == 'hide' ? 'y' : 'n'; foreach ($pages as $value) { $emPage->hideSwitch($value, $ishide); $navibar[$value]['hide'] = $ishide; } $navibar = addslashes(serialize($navibar)); Option::updateOption('navibar', $navibar); $CACHE->updateCache(array('options', 'sta', 'comment')); emDirect("./page.php?active_hide_" . $ishide . "=1"); break; } }
#调度执行各种方法 if ($ReflctionClass->hasMethod($Acttion)) { $ReflectionMethod = $ReflctionClass->getMethod($Acttion); if ($ReflectionMethod->isPublic() && !$ReflectionMethod->isStatic()) { if (IS_GET && !in_array($Acttion, array('openlogin'))) { include View::getView('header'); } $ReflectionMethod->inVoke($JuserController, $isLogin); if (IS_GET && !in_array($Acttion, array('openlogin'))) { include View::getView('footer'); } } else { emDirect(BLOG_URL . '?plugin=juser'); } } else { emDirect(BLOG_URL . '?plugin=juser'); } /*===================================================================================================*/ function Juser_getTitle($action) { $Title = array('__empty' => '登录_', 'register' => '注册_', 'login' => '登录_', 'openlogin' => '', 'opencallback' => '', 'usercenter' => '会员中心_', 'userinfo' => '个人资料_', 'userpasswd' => '修改密码_', 'usercomment' => '评论管理_'); return empty($Title[$action]) ? '' : $Title[$action]; } /*===================================================================================================*/ // $options_cache = $CACHE->readCache('options'); // $kl_album_config = unserialize($options_cache['kl_album_config']); // $blogname = $options_cache['blogname']; // $bloginfo = $options_cache['bloginfo']; // $site_title = $options_cache['blogname']; // $site_description = $options_cache['bloginfo']; // $site_key = $options_cache['site_key'];
$numrows = $DB->num_rows($rows); while ($row = $DB->fetch_row($rows)) { $comma = ''; $sql .= "INSERT INTO {$table} VALUES("; for ($i = 0; $i < $numfields; $i++) { $sql .= $comma . "'" . $DB->escape_string($row[$i]) . "'"; $comma = ','; } $sql .= ");\n"; } $sql .= "\n"; return $sql; } /** * 检查文件是否包含BOM(byte-order mark) */ function checkBOM($contents) { $charset[1] = substr($contents, 0, 1); $charset[2] = substr($contents, 1, 1); $charset[3] = substr($contents, 2, 1); if (ord($charset[1]) == 239 && ord($charset[2]) == 187 && ord($charset[3]) == 191) { return true; } else { return false; } } if ($action == 'Cache') { $CACHE->updateCache(); emDirect('./data.php?active_mc=1'); }
if ($comment_order == 'newer') { $ex3 = 'selected="selected"'; } else { $ex4 = 'selected="selected"'; } include View::getView('header'); require_once View::getView('configure'); include View::getView('footer'); View::output(); } if ($action == 'mod_config') { LoginAuth::checkToken(); $getData = array('blogname' => isset($_POST['blogname']) ? addslashes($_POST['blogname']) : '', 'blogurl' => isset($_POST['blogurl']) ? addslashes($_POST['blogurl']) : '', 'bloginfo' => isset($_POST['bloginfo']) ? addslashes($_POST['bloginfo']) : '', 'icp' => isset($_POST['icp']) ? addslashes($_POST['icp']) : '', 'footer_info' => isset($_POST['footer_info']) ? addslashes($_POST['footer_info']) : '', 'index_lognum' => isset($_POST['index_lognum']) ? intval($_POST['index_lognum']) : '', 'timezone' => isset($_POST['timezone']) ? floatval($_POST['timezone']) : '', 'login_code' => isset($_POST['login_code']) ? addslashes($_POST['login_code']) : 'n', 'comment_code' => isset($_POST['comment_code']) ? addslashes($_POST['comment_code']) : 'n', 'comment_needchinese' => isset($_POST['comment_needchinese']) ? addslashes($_POST['comment_needchinese']) : 'n', 'comment_interval' => isset($_POST['comment_interval']) ? intval($_POST['comment_interval']) : 15, 'iscomment' => isset($_POST['iscomment']) ? addslashes($_POST['iscomment']) : 'n', 'ischkcomment' => isset($_POST['ischkcomment']) ? addslashes($_POST['ischkcomment']) : 'n', 'isgzipenable' => isset($_POST['isgzipenable']) ? addslashes($_POST['isgzipenable']) : 'n', 'isxmlrpcenable' => isset($_POST['isxmlrpcenable']) ? addslashes($_POST['isxmlrpcenable']) : 'n', 'ismobile' => isset($_POST['ismobile']) ? addslashes($_POST['ismobile']) : 'n', 'isexcerpt' => isset($_POST['isexcerpt']) ? addslashes($_POST['isexcerpt']) : 'n', 'excerpt_subnum' => isset($_POST['excerpt_subnum']) ? intval($_POST['excerpt_subnum']) : '300', 'isthumbnail' => isset($_POST['isthumbnail']) ? addslashes($_POST['isthumbnail']) : 'n', 'rss_output_num' => isset($_POST['rss_output_num']) ? intval($_POST['rss_output_num']) : 10, 'rss_output_fulltext' => isset($_POST['rss_output_fulltext']) ? addslashes($_POST['rss_output_fulltext']) : 'y', 'isgravatar' => isset($_POST['isgravatar']) ? addslashes($_POST['isgravatar']) : 'n', 'comment_paging' => isset($_POST['comment_paging']) ? addslashes($_POST['comment_paging']) : 'n', 'comment_pnum' => isset($_POST['comment_pnum']) ? intval($_POST['comment_pnum']) : '', 'comment_order' => isset($_POST['comment_order']) ? addslashes($_POST['comment_order']) : 'newer', 'istwitter' => isset($_POST['istwitter']) ? addslashes($_POST['istwitter']) : 'n', 'istreply' => isset($_POST['istreply']) ? addslashes($_POST['istreply']) : 'n', 'ischkreply' => isset($_POST['ischkreply']) ? addslashes($_POST['ischkreply']) : 'n', 'reply_code' => isset($_POST['reply_code']) ? addslashes($_POST['reply_code']) : 'n', 'index_twnum' => isset($_POST['index_twnum']) ? intval($_POST['index_twnum']) : 10, 'att_maxsize' => isset($_POST['att_maxsize']) ? intval($_POST['att_maxsize']) : 20480, 'att_type' => isset($_POST['att_type']) ? str_replace('php', 'x', strtolower(addslashes($_POST['att_type']))) : '', 'att_imgmaxw' => isset($_POST['att_imgmaxw']) ? intval($_POST['att_imgmaxw']) : 420, 'att_imgmaxh' => isset($_POST['att_imgmaxh']) ? intval($_POST['att_imgmaxh']) : 460); if ($getData['login_code'] == 'y' && !function_exists("imagecreate") && !function_exists('imagepng')) { emMsg("开启登录验证码失败!服务器空间不支持GD图形库", "configure.php"); } if ($getData['comment_code'] == 'y' && !function_exists("imagecreate") && !function_exists('imagepng')) { emMsg("开启评论验证码失败!服务器空间不支持GD图形库", "configure.php"); } if ($getData['blogurl'] && substr($getData['blogurl'], -1) != '/') { $getData['blogurl'] .= '/'; } if ($getData['blogurl'] && strncasecmp($getData['blogurl'], 'http', 4)) { $getData['blogurl'] = 'http://' . $getData['blogurl']; } foreach ($getData as $key => $val) { Option::updateOption($key, $val); } $CACHE->updateCache(array('tags', 'options', 'comment', 'record')); emDirect("./configure.php?activated=1"); }
} } //上传zip插件 if ($action == 'upload_zip') { $zipfile = isset($_FILES['pluzip']) ? $_FILES['pluzip'] : ''; if ($zipfile['error'] == 4) { emDirect("./plugin.php?action=install&error_d=1"); } if (!$zipfile || $zipfile['error'] >= 1 || empty($zipfile['tmp_name'])) { emMsg('插件上传失败'); } if (getFileSuffix($zipfile['name']) != 'zip') { emDirect("./plugin.php?action=install&error_a=1"); } $ret = emUnZip($zipfile['tmp_name'], '../content/plugins/', 'plugin'); switch ($ret) { case 0: emDirect("./plugin.php?activate_install=1#tpllib"); break; case -1: emDirect("./plugin.php?action=install&error_e=1"); break; case 1: case 2: emDirect("./plugin.php?action=install&error_b=1"); break; case 3: emDirect("./plugin.php?action=install&error_c=1"); break; } }
$logid = $attach['blogid']; if (file_exists($attach['filepath'])) { @unlink($attach['filepath']) or emMsg("删除附件失败!"); } deleteQiNiu($attach['filepath']); $query = $DB->query("SELECT * FROM " . DB_PREFIX . "attachment WHERE thumfor = " . $attach['aid']); $thum_attach = $DB->fetch_array($query); if ($thum_attach) { if (file_exists($thum_attach['filepath'])) { @unlink($thum_attach['filepath']) or emMsg("删除附件失败!"); } $DB->query("DELETE FROM " . DB_PREFIX . "attachment WHERE aid = {$thum_attach['aid']} "); } $DB->query("UPDATE " . DB_PREFIX . "blog SET attnum=attnum-1 WHERE gid = {$attach['blogid']}"); $DB->query("DELETE FROM " . DB_PREFIX . "attachment WHERE aid = {$attach['aid']} "); emDirect("attachment.php?action=attlib&logid={$logid}"); } //微语图片上传 if ($action == 'upload_tw_img') { $attach = isset($_FILES['attach']) ? $_FILES['attach'] : ''; if ($attach) { $file_info = uploadFile($attach['name'], $attach['error'], $attach['tmp_name'], $attach['size'], Option::getAttType(), false, false); $w = $file_info['width']; $h = $file_info['height']; if ($w > Option::T_IMG_MAX_W || $h > Option::T_IMG_MAX_H) { $uppath = Option::UPLOADFILE_PATH . gmdate('Ym') . '/'; $thum = str_replace($uppath, $uppath . 'thum-', $file_info['file_path']); if (false !== resizeImage($file_info['file_path'], $thum, Option::T_IMG_MAX_W, Option::T_IMG_MAX_H)) { $file_info['file_path'] = $thum; } }
if ($action == 'update_link') { $sitename = isset($_POST['sitename']) ? addslashes(trim($_POST['sitename'])) : ''; $siteurl = isset($_POST['siteurl']) ? addslashes(trim($_POST['siteurl'])) : ''; $description = isset($_POST['description']) ? addslashes(trim($_POST['description'])) : ''; $linkId = isset($_POST['linkid']) ? intval($_POST['linkid']) : ''; if (!preg_match("/^http|ftp.+\$/i", $siteurl)) { $siteurl = 'http://' . $siteurl; } $Link_Model->updateLink(array('sitename' => $sitename, 'siteurl' => $siteurl, 'description' => $description), $linkId); $CACHE->updateCache('link'); emDirect("./link.php?active_edit=1"); } if ($action == 'dellink') { LoginAuth::checkToken(); $linkid = isset($_GET['linkid']) ? intval($_GET['linkid']) : ''; $Link_Model->deleteLink($linkid); $CACHE->updateCache('link'); emDirect("./link.php?active_del=1"); } if ($action == 'hide') { $linkId = isset($_GET['linkid']) ? intval($_GET['linkid']) : ''; $Link_Model->updateLink(array('hide' => 'y'), $linkId); $CACHE->updateCache('link'); emDirect('./link.php'); } if ($action == 'show') { $linkId = isset($_GET['linkid']) ? intval($_GET['linkid']) : ''; $Link_Model->updateLink(array('hide' => 'n'), $linkId); $CACHE->updateCache('link'); emDirect('./link.php'); }
if (strlen($password) > 0 && strlen($password) < 6) { emDirect("./user.php?action=edit&uid={$uid}&error_pwd_len=1"); } if ($password != $password2) { emDirect("./user.php?action=edit&uid={$uid}&error_pwd2=1"); } $userData = array('username' => $login, 'nickname' => $nickname, 'email' => $email, 'description' => $description, 'role' => $role, 'ischeck' => $ischeck); if (!empty($password)) { $PHPASS = new PasswordHash(8, true); $password = $PHPASS->HashPassword($password); $userData['password'] = $password; } $User_Model->updateUser($userData, $uid); $CACHE->updateCache('user'); emDirect('./user.php?active_update=1'); } if ($action == 'del') { LoginAuth::checkToken(); $users = $User_Model->getUsers(); $uid = isset($_GET['uid']) ? intval($_GET['uid']) : ''; if (UID == $uid) { emDirect('./user.php'); } //创始人账户不能被删除 if ($uid == 1) { emDirect('./user.php?error_del_a=1'); } $User_Model->deleteUser($uid); $CACHE->updateCache(array('sta', 'user')); emDirect('./user.php?active_del=1'); }
$CACHE->updateCache(array('sort', 'logsort')); emDirect("./admin_log.php?active_move=1"); break; case 'change_author': if (ROLE != ROLE_ADMIN) { emMsg('权限不足!', './'); } foreach ($logs as $val) { $Log_Model->updateLog(array('author' => $author), $val); } $CACHE->updateCache('sta'); emDirect("./admin_log.php?active_change_author=1"); break; case 'check': if (ROLE != ROLE_ADMIN) { emMsg('权限不足!', './'); } $Log_Model->checkSwitch($gid, 'y'); $CACHE->updateCache(); emDirect("./admin_log.php?active_ck=1"); break; case 'uncheck': if (ROLE != ROLE_ADMIN) { emMsg('权限不足!', './'); } $Log_Model->checkSwitch($gid, 'n'); $CACHE->updateCache(); emDirect("./admin_log.php?active_unck=1"); break; } }
$Tag_Model->updateTag($tagstring, $blogid); $dftnum = ''; } else { if (!($blogid = $Log_Model->isRepeatPost($title, $postTime))) { $blogid = $Log_Model->addlog($logData); } $Tag_Model->addTag($tagstring, $blogid); $dftnum = $Log_Model->getLogNum('y', '', 'blog', 1); } $CACHE->updateCache(); doAction('save_log', $blogid); switch ($action) { case 'autosave': echo "autosave_gid:{$blogid}_df:{$dftnum}_"; break; case 'add': case 'edit': $tbmsg = ''; if ($ishide == 'y') { emDirect("./admin_log.php?pid=draft&active_savedraft=1"); } else { if ($action == 'add' || isset($_POST['pubdf'])) { emDirect("./admin_log.php?active_post=1"); //文章发布成功 } else { emDirect("./admin_log.php?active_savelog=1"); //文章保存成功 } } break; }
Option::updateOption("widgets{$i}", $widgets_str); } } unset($custom_widget[$rmwg]); $custom_widget_str = addslashes(serialize($custom_widget)); Option::updateOption('custom_widget', $custom_widget_str); } break; } $CACHE->updateCache('options'); emDirect("./widgets.php?activated=1"); } //保存组件排序 if ($action == 'compages') { $wgNum = isset($_POST['wgnum']) ? intval($_POST['wgnum']) : 1; //侧边栏编号 1、2、3 …… $widgets = isset($_POST['widgets']) ? serialize($_POST['widgets']) : ''; Option::updateOption("widgets{$wgNum}", $widgets); $CACHE->updateCache('options'); emDirect("./widgets.php?activated=true&wg={$wgNum}"); } //恢复组件设置到初始安装状态 if ($action == 'reset') { $widget_title = serialize(Option::getWidgetTitle()); $default_widget = serialize(Option::getDefWidget()); Option::updateOption("widget_title", $widget_title); Option::updateOption("custom_widget", 'a:0:{}'); Option::updateOption("widgets1", $default_widget); $CACHE->updateCache('options'); emDirect("./widgets.php?activated=1"); }
if ($attach['error'][$i] != 4) { $file_info = uploadFile($attach['name'][$i], $attach['error'][$i], $attach['tmp_name'][$i], $attach['size'][$i], Option::getAttType(), false, $isthumbnail); // 写入附件信息 $query = "INSERT INTO " . DB_PREFIX . "attachment (blogid, filename, filesize, filepath, addtime, width, height, mimetype, thumfor) VALUES ('%s','%s','%s','%s','%s','%s','%s','%s', 0)"; $query = sprintf($query, -1, $file_info['file_name'], $file_info['size'], $file_info['file_path'], time(), $file_info['width'], $file_info['height'], $file_info['mime_type']); $DB->query($query); $aid = $DB->insert_id(); $org_photo_atts[] = $file_info['file_path']; } } } $userData['photos'] = serialize($org_photo_atts); $Viporg_model->addUser($userData); emDirect('./viporg.php?active_add=1'); } if ($action == 'del') { $id = isset($_GET['id']) ? intval($_GET['id']) : ''; $Viporg_model->deleteUser($id); emDirect('./viporg.php?active_del=1'); } if ($action == 'delphoto') { $id = isset($_GET['id']) ? $_GET['id'] : ''; $pic = isset($_GET['pic']) ? $_GET['pic'] : ''; $data = $Viporg_model->getUserDetail($id); $org_photo_atts = $data['photos'] ? unserialize($data['photos']) : array(); $key = array_search($pic, $org_photo_atts); unset($org_photo_atts[$key]); $userData = array('photos' => serialize($org_photo_atts)); $Viporg_model->updateUser($userData, $id); emDirect('./viporg.php?action=edit&uid=' . $id); }