Exemplo n.º 1
0
     echo ']';
     break;
 case 'memcert':
     $info = array();
     if ($option == 'msgcode') {
         if (preg_match("/^1[358]\\d{9}\$/", $mobile)) {
             $msgcode = random(6, 1);
             $id = ${"msgcode_sp{$msgcode_gate}"};
             $pw = ${"msgcode_pw{$msgcode_gate}"};
             if (empty($msgcode_mode) || $msgcode_mode == 1 && empty($msgcode_msg) || $msgcode_mode == 2 && (empty($id) || empty($pw) || empty($msgcode_sms))) {
                 $info = array('time' => -1, 'text' => 'no_msg_gate');
             } elseif ($msgcode_mode == 1) {
                 msetcookie('08cms_msgcode', authcode("{$timestamp}\t{$msgcode}", 'ENCODE'));
                 $info = array('time' => -1, 'text' => str_replace('%s', $msgcode, $msgcode_msg));
             } elseif ($msgcode_mode == 2) {
                 list($inittime, $initcode) = maddslashes(explode("\t", @authcode($m_cookie['08cms_msgcode'], 'DECODE')), 1);
                 if ($timestamp - $inittime > 60) {
                     $msg = str_replace('%s', $msgcode, $msgcode_sms);
                     if ($mcharset != 'gbk' || $mcharset != 'gb2312') {
                         include M_ROOT . 'include/charset.fun.php';
                         $msg = convert_encoding($mcharset, 'gb2312', $msg);
                     }
                     $msg = rawurlencode($msg);
                     $url = $msgcode_gate == 1 ? "http://sms.eshang8.cn/api/?esname={$id}&key=pw&phone={$mobile}&msg={$msg}&smskind=1" : "http://service.winic.org/sys_port/gateway/?id={$id}&pwd={$pw}&to={$mobile}&content={$msg}&time={$timestamp}";
                     include M_ROOT . 'include/http.cls.php';
                     $http = new http();
                     $http->timeout = 60;
                     $msg = $http->fetchtext($url);
                     if ($msgcode_gate == 1) {
                         $msg = $msg === '0';
                     } else {
Exemplo n.º 2
0
}
define('QUOTES_GPC', get_magic_quotes_gpc());
(isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) && exit('08cms Error');
if (!QUOTES_GPC && $_FILES) {
    $_FILES = maddslashes($_FILES);
}
foreach (array('_POST', '_GET') as $_request) {
    foreach (${$_request} as $k => $v) {
        $k[0] != '_' && (${$k} = maddslashes($v));
    }
}
$m_cookie = array();
$cklen = strlen($ckpre);
foreach ($_COOKIE as $k => $v) {
    if (substr($k, 0, $cklen) == $ckpre) {
        $m_cookie[substr($k, $cklen)] = QUOTES_GPC ? $v : maddslashes($v);
    }
}
unset($cklen, $_request, $k, $v);
load_cache('mconfigs,subsites');
@extract($mconfigs);
ini_set('date.timezone', 'ETC/GMT' . (empty($timezone) ? 0 : $timezone));
$timestamp = time();
include_once M_ROOT . './include/mysql.cls.php';
include_once M_ROOT . './include/userinfo.cls.php';
$sid = empty($_GET['sid']) ? empty($_POST['sid']) ? 0 : $_POST['sid'] : $_GET['sid'];
$sid = max(0, intval($sid));
empty($subsites[$sid]) && ($sid = 0);
isset($infloat) || ($infloat = '');
isset($inajax) || ($inajax = '');
$sid && ($templatedir = $subsites[$sid]['templatedir']);
Exemplo n.º 3
0
function maddslashes($string, $force = 0)
{
    !defined('QUOTES_GPC') && define('QUOTES_GPC', get_magic_quotes_gpc());
    if (!QUOTES_GPC || $force) {
        if (is_array($string)) {
            foreach ($string as $key => $val) {
                $string[$key] = maddslashes($val, $force);
            }
        } else {
            $string = addslashes($string);
        }
    }
    return $string;
}
Exemplo n.º 4
0
 function rss_user()
 {
     global $m_cookie, $db, $tblprefix, $nouserinfos, $timestamp;
     $memberid = 0;
     if (!empty($m_cookie['userauth'])) {
         list($memberpwd, $memberid) = maddslashes(explode("\t", authcode($m_cookie['userauth'], 'DECODE')), 1);
     }
     if (empty($memberid) || $memberid != intval($memberid)) {
         $this->info = $nouserinfos;
     } else {
         if (!($this->info = $db->fetch_one("SELECT * FROM {$tblprefix}members WHERE mid={$memberid} AND password='******'"))) {
             $this->info = $nouserinfos;
         }
     }
 }
Exemplo n.º 5
0
 //处理文档模型
 foreach ($ofchannels as $k => $v) {
     if (empty($transtonew[$k])) {
         //新建会员模型
         $sqlstr = '';
         foreach ($v as $key => $val) {
             !in_array($key, array('chid')) && ($sqlstr .= (!$sqlstr ? '' : ',') . "{$key}='" . addslashes($val) . "'");
         }
         $db->query("INSERT INTO {$tblprefix}fchannels SET {$sqlstr}");
         if ($fchid = $db->insert_id()) {
             $db->query("CREATE TABLE {$tblprefix}farchives_{$fchid} (aid mediumint(8) unsigned NOT NULL default '0',PRIMARY KEY (aid))" . (mysql_get_server_info() > '4.1' ? " ENGINE=MYISAM DEFAULT CHARSET={$dbcharset}" : " TYPE=MYISAM"));
             //将模型专用的字段转入进来
             $fields = oread_cache('ffields', $k, '', 'cache');
             foreach ($fields as $k1 => $v1) {
                 $fieldnew = oread_cache('ffield', $k, $k1, 'cache');
                 $fieldnew = maddslashes($fieldnew);
                 if (!$v1['issystem']) {
                     //只转入模型定义的字段
                     $fconfigarr = array('errorurl' => '', 'enamearr' => $usednames['ffields'], 'altertable' => $tblprefix . 'farchives_' . $fchid, 'fieldtable' => $tblprefix . 'ffields', 'sqlstr' => "chid={$fchid},available='1'");
                     list($fmode, $fnew, $fsave) = array('fa', true, true);
                     include M_ROOT . "./include/fields/{$v1['datatype']}.php";
                     if (!($fid = $db->insert_id())) {
                         continue;
                     }
                     $stepadds['ffields'][] = $fid;
                     //记录增加字段
                 } else {
                     //subject字段
                     $sqlstr = "chid='{$fchid}'";
                     foreach ($field as $key => $val) {
                         !in_array($key, array('fid', 'chid')) && ($sqlstr .= (!$sqlstr ? '' : ',') . "{$key}='" . addslashes($val) . "'");
Exemplo n.º 6
0
require_once M_ROOT . './uc_client/client.php';
if ($action == 'login') {
    $ret = uc_user_login($username, $password);
    list($uid, $username, , $email) = maddslashes($ret);
    if ($uid < 0) {
        login_safecheck($username, $errtimes);
        $password = preg_replace("/^(.{" . round(strlen($password) / 4) . "})(.+?)(.{" . round(strlen($password) / 6) . "})\$/s", "\\1***\\3", $password);
        $record = mhtmlspecialchars($timestamp . "\t" . stripslashes($username) . "\t" . $password . "\t" . $onlineip);
        record2file('badlogin', $record);
        #		$msgfunc(lang($uid == -1 ? 'memcnameerror' : 'passerror'),axaction(1,$forward));
        message($cantimes ? 'loginfailed' : 'mloginerrtimes', axaction(1, $forward), $cantimes);
    }
    hidden(uc_user_synlogin($uid));
} elseif ($action == 'memactive') {
    $ret = uc_user_login($username, $password);
    list($uid, $username, , $email) = maddslashes($ret);
    if ($uid < 0) {
        $password = preg_replace("/^(.{" . round(strlen($password) / 4) . "})(.+?)(.{" . round(strlen($password) / 6) . "})\$/s", "\\1***\\3", $password);
        $record = mhtmlspecialchars($timestamp . "\t" . stripslashes($username) . "\t" . $password . "\t" . $onlineip);
        record2file('badlogin', $record);
        mcmessage(lang($uid == -1 ? 'memcnameerror' : 'passerror'), $forward);
    }
    hidden(uc_user_synlogin($uid));
} elseif ($action == 'logout') {
    hidden(uc_user_synlogout());
} elseif ($action == 'memberpwd') {
    $ucresult = uc_user_edit($curuser->info['mname'], $opassword, $npassword, '', 0);
    if ($ucresult == -1) {
        mcmessage(lang('oldpasserr'), 'adminm.php?action=memberpwd');
    } elseif ($ucresult != 1) {
        mcmessage(lang('mempassmodfai'), 'adminm.php?action=memberpwd');
Exemplo n.º 7
0
 function updatecopy($mode = 0)
 {
     //当更新文档时,同时更新其它的副本。
     global $cotypes, $timestamp, $db, $tblprefix, $arc;
     if (!$mode) {
         return false;
     }
     $cpids = array();
     $naid = $this->aid;
     $query = $db->query("SELECT aid FROM {$tblprefix}archives WHERE aid != '{$naid}' AND cpid='" . $this->archive['cpid'] . "'");
     while ($row = $db->fetch_array($query)) {
         $cpids[] = $row['aid'];
     }
     if (!$cpids) {
         return false;
     }
     $this->init();
     $this->set_aid($naid);
     $this->detail_data();
     $archivenew =& $this->archive;
     $archivenew = maddslashes($archivenew);
     $chid = $archivenew['chid'];
     $fields = read_cache('fields', $chid);
     $aedit = new cls_arcedit();
     foreach ($cpids as $aid) {
         $aedit->set_aid($aid);
         $aedit->detail_data();
         $aedit->updatefield('rpmid', $archivenew['rpmid'], 'main');
         $aedit->updatefield('dpmid', $archivenew['dpmid'], 'main');
         $aedit->updatefield('salecp', $archivenew['salecp'], 'main');
         $aedit->updatefield('fsalecp', $archivenew['fsalecp'], 'main');
         $aedit->sale_define();
         $aedit->updatefield('arctpls', $archivenew['arctpls'], 'sub');
         $aedit->updatefield('jumpurl', $archivenew['jumpurl'], 'sub');
         foreach ($fields as $k => $v) {
             if ($v['available'] && !$v['isfunc'] && (!in_array($k, array('subject', 'keywords', 'thumb', 'abstract')) || $mode == 1)) {
                 if (!empty($v['istxt'])) {
                     $txtname = saveastxt(stripslashes($archivenew[$k]), $aedit->namepres[$k]);
                     $aedit->updatefield($k, $txtname, $v['tbl']);
                 } else {
                     $aedit->updatefield($k, $archivenew[$k], $v['tbl']);
                     if ($arr = multi_val_arr($archivenew[$k], $v)) {
                         foreach ($arr as $x => $y) {
                             $aedit->updatefield($k . '_' . $x, $y, $v['tbl']);
                         }
                     }
                 }
             }
         }
         $aedit->updatedb();
         if ($this->channel['autostatic']) {
             arc_static($aid);
             unset($arc);
         }
         $aedit->init();
     }
     return true;
 }