echo ']';
break;
case 'memcert':
$info = array();
if ($option == 'msgcode') {
if (preg_match("/^1[358]\\d{9}\$/", $mobile)) {
$msgcode = random(6, 1);
$id = ${"msgcode_sp{$msgcode_gate}"};
$pw = ${"msgcode_pw{$msgcode_gate}"};
if (empty($msgcode_mode) || $msgcode_mode == 1 && empty($msgcode_msg) || $msgcode_mode == 2 && (empty($id) || empty($pw) || empty($msgcode_sms))) {
$info = array('time' => -1, 'text' => 'no_msg_gate');
} elseif ($msgcode_mode == 1) {
msetcookie('08cms_msgcode', authcode("{$timestamp}\t{$msgcode}", 'ENCODE'));
$info = array('time' => -1, 'text' => str_replace('%s', $msgcode, $msgcode_msg));
} elseif ($msgcode_mode == 2) {
list($inittime, $initcode) = maddslashes(explode("\t", @authcode($m_cookie['08cms_msgcode'], 'DECODE')), 1);
if ($timestamp - $inittime > 60) {
$msg = str_replace('%s', $msgcode, $msgcode_sms);
if ($mcharset != 'gbk' || $mcharset != 'gb2312') {
include M_ROOT . 'include/charset.fun.php';
$msg = convert_encoding($mcharset, 'gb2312', $msg);
}
$msg = rawurlencode($msg);
$url = $msgcode_gate == 1 ? "http://sms.eshang8.cn/api/?esname={$id}&key=pw&phone={$mobile}&msg={$msg}&smskind=1" : "http://service.winic.org/sys_port/gateway/?id={$id}&pwd={$pw}&to={$mobile}&content={$msg}&time={$timestamp}";
include M_ROOT . 'include/http.cls.php';
$http = new http();
$http->timeout = 60;
$msg = $http->fetchtext($url);
if ($msgcode_gate == 1) {
$msg = $msg === '0';
} else {
}
define('QUOTES_GPC', get_magic_quotes_gpc());
(isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) && exit('08cms Error');
if (!QUOTES_GPC && $_FILES) {
$_FILES = maddslashes($_FILES);
}
foreach (array('_POST', '_GET') as $_request) {
foreach (${$_request} as $k => $v) {
$k[0] != '_' && (${$k} = maddslashes($v));
}
}
$m_cookie = array();
$cklen = strlen($ckpre);
foreach ($_COOKIE as $k => $v) {
if (substr($k, 0, $cklen) == $ckpre) {
$m_cookie[substr($k, $cklen)] = QUOTES_GPC ? $v : maddslashes($v);
}
}
unset($cklen, $_request, $k, $v);
load_cache('mconfigs,subsites');
@extract($mconfigs);
ini_set('date.timezone', 'ETC/GMT' . (empty($timezone) ? 0 : $timezone));
$timestamp = time();
include_once M_ROOT . './include/mysql.cls.php';
include_once M_ROOT . './include/userinfo.cls.php';
$sid = empty($_GET['sid']) ? empty($_POST['sid']) ? 0 : $_POST['sid'] : $_GET['sid'];
$sid = max(0, intval($sid));
empty($subsites[$sid]) && ($sid = 0);
isset($infloat) || ($infloat = '');
isset($inajax) || ($inajax = '');
$sid && ($templatedir = $subsites[$sid]['templatedir']);
function maddslashes($string, $force = 0)
{
!defined('QUOTES_GPC') && define('QUOTES_GPC', get_magic_quotes_gpc());
if (!QUOTES_GPC || $force) {
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = maddslashes($val, $force);
}
} else {
$string = addslashes($string);
}
}
return $string;
}
function rss_user()
{
global $m_cookie, $db, $tblprefix, $nouserinfos, $timestamp;
$memberid = 0;
if (!empty($m_cookie['userauth'])) {
list($memberpwd, $memberid) = maddslashes(explode("\t", authcode($m_cookie['userauth'], 'DECODE')), 1);
}
if (empty($memberid) || $memberid != intval($memberid)) {
$this->info = $nouserinfos;
} else {
if (!($this->info = $db->fetch_one("SELECT * FROM {$tblprefix}members WHERE mid={$memberid} AND password='******'"))) {
$this->info = $nouserinfos;
}
}
}
//处理文档模型
foreach ($ofchannels as $k => $v) {
if (empty($transtonew[$k])) {
//新建会员模型
$sqlstr = '';
foreach ($v as $key => $val) {
!in_array($key, array('chid')) && ($sqlstr .= (!$sqlstr ? '' : ',') . "{$key}='" . addslashes($val) . "'");
}
$db->query("INSERT INTO {$tblprefix}fchannels SET {$sqlstr}");
if ($fchid = $db->insert_id()) {
$db->query("CREATE TABLE {$tblprefix}farchives_{$fchid} (aid mediumint(8) unsigned NOT NULL default '0',PRIMARY KEY (aid))" . (mysql_get_server_info() > '4.1' ? " ENGINE=MYISAM DEFAULT CHARSET={$dbcharset}" : " TYPE=MYISAM"));
//将模型专用的字段转入进来
$fields = oread_cache('ffields', $k, '', 'cache');
foreach ($fields as $k1 => $v1) {
$fieldnew = oread_cache('ffield', $k, $k1, 'cache');
$fieldnew = maddslashes($fieldnew);
if (!$v1['issystem']) {
//只转入模型定义的字段
$fconfigarr = array('errorurl' => '', 'enamearr' => $usednames['ffields'], 'altertable' => $tblprefix . 'farchives_' . $fchid, 'fieldtable' => $tblprefix . 'ffields', 'sqlstr' => "chid={$fchid},available='1'");
list($fmode, $fnew, $fsave) = array('fa', true, true);
include M_ROOT . "./include/fields/{$v1['datatype']}.php";
if (!($fid = $db->insert_id())) {
continue;
}
$stepadds['ffields'][] = $fid;
//记录增加字段
} else {
//subject字段
$sqlstr = "chid='{$fchid}'";
foreach ($field as $key => $val) {
!in_array($key, array('fid', 'chid')) && ($sqlstr .= (!$sqlstr ? '' : ',') . "{$key}='" . addslashes($val) . "'");
require_once M_ROOT . './uc_client/client.php';
if ($action == 'login') {
$ret = uc_user_login($username, $password);
list($uid, $username, , $email) = maddslashes($ret);
if ($uid < 0) {
login_safecheck($username, $errtimes);
$password = preg_replace("/^(.{" . round(strlen($password) / 4) . "})(.+?)(.{" . round(strlen($password) / 6) . "})\$/s", "\\1***\\3", $password);
$record = mhtmlspecialchars($timestamp . "\t" . stripslashes($username) . "\t" . $password . "\t" . $onlineip);
record2file('badlogin', $record);
# $msgfunc(lang($uid == -1 ? 'memcnameerror' : 'passerror'),axaction(1,$forward));
message($cantimes ? 'loginfailed' : 'mloginerrtimes', axaction(1, $forward), $cantimes);
}
hidden(uc_user_synlogin($uid));
} elseif ($action == 'memactive') {
$ret = uc_user_login($username, $password);
list($uid, $username, , $email) = maddslashes($ret);
if ($uid < 0) {
$password = preg_replace("/^(.{" . round(strlen($password) / 4) . "})(.+?)(.{" . round(strlen($password) / 6) . "})\$/s", "\\1***\\3", $password);
$record = mhtmlspecialchars($timestamp . "\t" . stripslashes($username) . "\t" . $password . "\t" . $onlineip);
record2file('badlogin', $record);
mcmessage(lang($uid == -1 ? 'memcnameerror' : 'passerror'), $forward);
}
hidden(uc_user_synlogin($uid));
} elseif ($action == 'logout') {
hidden(uc_user_synlogout());
} elseif ($action == 'memberpwd') {
$ucresult = uc_user_edit($curuser->info['mname'], $opassword, $npassword, '', 0);
if ($ucresult == -1) {
mcmessage(lang('oldpasserr'), 'adminm.php?action=memberpwd');
} elseif ($ucresult != 1) {
mcmessage(lang('mempassmodfai'), 'adminm.php?action=memberpwd');
function updatecopy($mode = 0)
{
//当更新文档时,同时更新其它的副本。
global $cotypes, $timestamp, $db, $tblprefix, $arc;
if (!$mode) {
return false;
}
$cpids = array();
$naid = $this->aid;
$query = $db->query("SELECT aid FROM {$tblprefix}archives WHERE aid != '{$naid}' AND cpid='" . $this->archive['cpid'] . "'");
while ($row = $db->fetch_array($query)) {
$cpids[] = $row['aid'];
}
if (!$cpids) {
return false;
}
$this->init();
$this->set_aid($naid);
$this->detail_data();
$archivenew =& $this->archive;
$archivenew = maddslashes($archivenew);
$chid = $archivenew['chid'];
$fields = read_cache('fields', $chid);
$aedit = new cls_arcedit();
foreach ($cpids as $aid) {
$aedit->set_aid($aid);
$aedit->detail_data();
$aedit->updatefield('rpmid', $archivenew['rpmid'], 'main');
$aedit->updatefield('dpmid', $archivenew['dpmid'], 'main');
$aedit->updatefield('salecp', $archivenew['salecp'], 'main');
$aedit->updatefield('fsalecp', $archivenew['fsalecp'], 'main');
$aedit->sale_define();
$aedit->updatefield('arctpls', $archivenew['arctpls'], 'sub');
$aedit->updatefield('jumpurl', $archivenew['jumpurl'], 'sub');
foreach ($fields as $k => $v) {
if ($v['available'] && !$v['isfunc'] && (!in_array($k, array('subject', 'keywords', 'thumb', 'abstract')) || $mode == 1)) {
if (!empty($v['istxt'])) {
$txtname = saveastxt(stripslashes($archivenew[$k]), $aedit->namepres[$k]);
$aedit->updatefield($k, $txtname, $v['tbl']);
} else {
$aedit->updatefield($k, $archivenew[$k], $v['tbl']);
if ($arr = multi_val_arr($archivenew[$k], $v)) {
foreach ($arr as $x => $y) {
$aedit->updatefield($k . '_' . $x, $y, $v['tbl']);
}
}
}
}
}
$aedit->updatedb();
if ($this->channel['autostatic']) {
arc_static($aid);
unset($arc);
}
$aedit->init();
}
return true;
}