<?php
/*
[SupeSite] (C) 2007-2009 Comsenz Inc.
$Id: admin_modelcategories.php 13411 2009-10-22 03:13:01Z zhaofei $
*/
if (!defined('IN_SUPESITE_ADMINCP')) {
exit('Access Denied');
}
//CHECK GET VAR
$_GET['mid'] = postget('mid');
$_GET['mid'] = !empty($_GET['mid']) ? intval($_GET['mid']) : 0;
$resultmodels = array();
if ($_GET['mid'] > 0) {
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('models') . ' WHERE mid = \'' . $_GET['mid'] . '\'');
$resultmodels = $_SGLOBAL['db']->fetch_array($query);
if (empty($resultmodels['mid'])) {
showmessage('not_exist_module');
}
}
if (in_array($resultmodels['modelname'], $_SCONFIG['closechannels'])) {
showmessage('usetype_no_open');
}
$urlplus = '&mid=' . $_GET['mid'];
$newurl = $theurl . $urlplus;
//INIT RESULT VAR
$listarr = array();
$thevalue = array();
$delvalue = array();
//POST METHOD
if (submitcheck('listsubmit')) {
function getrobotmeg($referurl, $robotlevel = 2)
{
global $_SCONFIG;
$searchcursory = array("/\\<(script|style|textarea)[^\\>]*?\\>.*?\\<\\/(\\1)\\>/si", "/\\<!*(--|doctype|html|head|meta|link|body)[^\\>]*?\\>/si", "/<\\/(html|head|meta|link|body)\\>/si", "/([\r\n])\\s+/", "/\\<(table|div)[^\\>]*?\\>/si", "/\\<\\/(table|div)\\>/si");
$replacecursory = array("", "", "", "\\1", "\n\n###table div explode###\n\n", "\n\n###table div explode###\n\n");
$searchaborative = array("/\\<(iframe)[^\\>]*?\\>.*?\\<\\/(\\1)\\>/si", "/\\<[\\/\\!]*?[^\\<\\>]*?\\>/si", "/\t/", "/[\r\n]+/", "/(^[\r\n]|[\r\n]\$)+/", "/&(quot|#34);/i", "/&(amp|#38);/i", "/&(lt|#60);/i", "/&(gt|#62);/i", "/&(nbsp|#160|\t);/i", "/&(iexcl|#161);/i", "/&(cent|#162);/i", "/&(pound|#163);/i", "/&(copy|#169);/i", "/&#(\\d+);/e");
$replaceaborative = array("", "", "", "\n", "", "\"", "&", "<", ">", " ", chr(161), chr(162), chr(163), chr(169), "chr(\\1)");
$arrayrobotmeg = array();
$sourcehtml = sreadfile($referurl, 'r', 1);
//¶ÁÈ¡ÍøÒ³
$sourcecharset = postget('charset');
if (empty($sourcecharset) && $sourcecharset == '') {
preg_match_all("/\\<meta[^\\<\\>]+charset=([^\\<\\>\"\\'\\s]+)[^\\<\\>]*\\>/i", $sourcehtml, $temp, PREG_SET_ORDER);
$sourcecharset = isset($temp) && !empty($temp) ? trim(strtoupper($temp[0][1])) : $_SCONFIG['charset'];
}
$sourcehtml = encodeconvert($sourcecharset, $sourcehtml);
$sourcetext = getimageurl($referurl, preg_replace($searchcursory, $replacecursory, $sourcehtml));
if ($robotlevel == 1) {
$leachsubject = '';
preg_match_all("/\\<title[^\\>]*?\\>(.*)\\<\\/title\\>/is", $sourcetext, $temp, PREG_SET_ORDER);
$leachsubject = $temp[0][1];
$sourcetext = preg_replace("/\n\n###table div explode###\n\n/", '', $sourcetext);
$leachmessage = preg_replace("/[\r\n]+/", '<br />', preg_replace($searchaborative, $replaceaborative, $sourcetext));
} elseif ($robotlevel == 2) {
$arraysource = explode("\n\n###table div explode###\n\n", $sourcetext);
$arraycell = array();
foreach ($arraysource as $value) {
$cell = array('code' => $value, 'text' => preg_replace("/[\n\r\\s]*?/is", "", preg_replace($searchaborative, $replaceaborative, $value)), 'pr' => 0, 'title' => '', 'process' => '');
if ($cell['text'] != '') {
$arraycell[] = getpr($cell, $searchaborative, $replaceaborative);
}
}
$arraysubject = $arraymessage = array();
$leachsubject = $leachmessage = '';
foreach ($arraycell as $value) {
if ($value['title'] == 'title') {
$arraysubject[] = $value;
} elseif ($value['pr'] >= 0) {
$arraymessage[] = $value['code'];
}
}
$pr = '';
foreach ($arraysubject as $value) {
if ($pr < $value['pr'] || empty($pr)) {
$leachsubject = $value['text'];
}
$pr = $value['pr'];
}
$leachmessage = preg_replace("/\\<(p|br)[^\\>]*?\\>/si", "\n", implode("\n", $arraymessage));
$arraymessage = explode("\n", preg_replace($searchaborative, $replaceaborative, $leachmessage));
$leachmessage = '';
foreach ($arraymessage as $value) {
if (trim($value) != '') {
$leachmessage .= "<p>\t" . trim($value) . "</p>";
}
}
}
$arrayrobotmeg['leachsubject'] = $leachsubject;
$arrayrobotmeg['leachmessage'] = $leachmessage;
$arrayrobotmeg['charset'] = $sourcecharset;
return $arrayrobotmeg;
}
if (empty($cacheinfo['models'])) {
showmessage('exists_module_error');
}
$resultmodels = $cacheinfo['models'];
} else {
showmessage('exists_module_error');
}
if (in_array($resultmodels['modelname'], $_SCONFIG['closechannels'])) {
showmessage('usetype_no_open');
}
//获取的变量初始化
$_SGET['page'] = intval(postget('page'));
$_SGET['order'] = postget('order');
$_SGET['sc'] = postget('sc');
$_SGET['searchkey'] = stripsearchkey(postget('searchkey'));
$_SGET['folder'] = intval(postget('folder')) == 0 ? 1 : intval(postget('folder'));
$_SGET['page'] < 1 ? $_SGET['page'] = 1 : '';
if ($_SGET['order'] != 'dateline') {
$_SGET['order'] = '';
}
if (!in_array($_SGET['sc'], array('ASC', 'DESC'))) {
$_SGET['sc'] = 'DESC';
}
$urlplus = '&order=' . $_SGET['order'] . '&sc=' . $_SGET['sc'] . '&searchkey=' . rawurlencode($_SGET['searchkey']);
$newurl = $theurl . $urlplus . '&page=' . $_SGET['page'];
$listarr = array();
//POST METHOD
if (submitcheck('listvaluesubmit')) {
if (empty($_POST['item'])) {
//判断提交过来的是否存在待操作的记录,如果没有,则显示提示信息并退出
showmessage('space_no_item');
if (!defined('IN_SUPESITE_ADMINCP')) {
exit('Access Denied');
}
//权限
if (!checkperm('managehtml')) {
showmessage('no_authority_management_operation');
}
include_once S_ROOT . '/data/system/htmlcat.cache.php';
//资讯HTML存放路径
define('S_HTML_ROOT', S_ROOT . '/' . substr($_SCONFIG['newspath'], 2));
//变量
$op = empty($_GET['op']) ? 'makeindex' : $_GET['op'];
$activearr = array('makeindex' => '', 'makeall' => '', 'makeitemid' => '');
$activearr[$op] = ' class="active"';
$perlisthtml = postget('perlisthtml') ? intval(postget('perlisthtml')) : 20;
$catid = intval(postget('catid'));
//导航处理
if (!empty($catarr) && is_array($catarr)) {
foreach ($catarr as $value) {
$value['url'] = gethtmlurl2($value['catid']) . '/index.html';
$category[] = $value;
}
}
if (submitcheck('indexsubmit')) {
//参数设置
$setsqlarr[] = "('htmlopen', '" . intval($_POST['htmlopen']) . "')";
$index_path = '';
if (!empty($_POST['index_path'])) {
if (is_writable(S_HTML_ROOT . substr($_POST['index_path'], 1))) {
$index_path = S_HTML_ROOT . substr($_POST['index_path'], 1);
} else {
<?php
define('IN_SUPESITE', TRUE);
include_once './common.php';
include_once './function/common.func.php';
$itemid = intval(postget('item_id'));
$errorcontent = postget('errorcontent');
$myopion = postget('myopion');
$sqlstr = "SELECT * FROM " . tname('members') . " WHERE uid='" . $_SGLOBAL['supe_uid'] . "'";
$query = $_SGLOBAL['db']->query($sqlstr);
$value = $_SGLOBAL['db']->fetch_array($query);
$user = $value['username'];
//积分经验
getreward('correct');
//邮件通知
include S_ROOT . './function/sendmail.fun.php';
$sqlstr = 'SELECT u.*, s.* FROM ' . tname('spaceitems') . ' s LEFT JOIN ' . tname('members') . ' u ON u.uid=s.uid WHERE s.itemid=\'' . $itemid . '\'';
$query = $_SGLOBAL['db']->query($sqlstr);
$value = $_SGLOBAL['db']->fetch_array($query);
if (empty($value)) {
echo $lang['not_found'];
} else {
$email = $value['email'];
$url = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?action-viewnews-itemid-' . $itemid;
$msg = $url . "<br />User " . $user . " have different option with you,<br />Your original:<br />" . $errorcontent . "<br /> <br />his option:<br />" . $myopion;
sendmail(array($email), "Notify", $msg);
echo "Success";
}
<?php
/*
[SupeSite] (C) 2007-2009 Comsenz Inc.
$Id: $
*/
if (!defined('IN_SUPESITE')) {
exit('Access Denied');
}
$op = empty($_GET['op']) ? 'list' : trim($_GET['op']);
$channel = $nameid = postget('nameid');
$attach_hash = smd5($_SGLOBAL['supe_uid'] . '/' . $_SGLOBAL['timestamp'] . random(6));
//权限
if ($op == 'add' || $op == 'edit') {
$newchannel = '';
$postmenus = array();
if (checkperm('allowpost')) {
$newchannel = $channel;
}
foreach ($channels['menus'] as $key => $value) {
if (in_array($value['type'], array('type', 'model')) || $value['upnameid'] == 'news') {
$channel = $key;
if (checkperm('allowpost')) {
if (empty($newchannel)) {
$newchannel = $channel;
}
$postmenus[] = $key;
}
}
}
$channel = $nameid = empty($newchannel) ? $nameid : $newchannel;
<?php
/*
[SupeSite] (C) 2007-2008 Comsenz Inc.
$Id: batch.login.php 13411 2009-10-22 03:13:01Z zhaofei $
*/
include_once './common.php';
include_once S_ROOT . './language/batch.lang.php';
$action = empty($_GET['action']) ? '' : $_GET['action'];
if (empty($action)) {
exit('Access Denied');
}
if (postget('refer')) {
$refer = postget('refer');
} else {
if (!empty($_SERVER['HTTP_REFERER'])) {
$refer = $_SERVER['HTTP_REFERER'];
} else {
$refer = S_URL_ALL;
}
}
include_once S_ROOT . './uc_client/client.php';
switch ($action) {
case 'login':
$cookietime = 0;
if (!empty($_POST['cookietime'])) {
$cookietime = intval($_POST['cookietime']);
}
if (submitcheck('loginsubmit')) {
$password = $_POST['password'];
$username = $_POST['username'];
}
$html .= $blang['visitor'];
if (!empty($item['authorid']) && !$item['hideauthor']) {
$html .= " [{$item['author']}] ";
}
$html .= $blang['at'] . sgmdate($item['dateline']) . $blang['released'] . "\n" . cuthtml($item['message'], 100) . '[/quote]';
showxml($html);
}
}
showxml($html);
} elseif ($action == 'getrobotmsg') {
include_once S_ROOT . './function/robot.func.php';
$arrayrobotmeg = array();
if (isset($_POST['referurl']) && !empty($_POST['referurl'])) {
//萃取内容
$robotlevel = intval(postget('robotlevel'));
if ($robotlevel > 2 || $robotlevel < 1) {
exit;
}
$arrayrobotmeg = getrobotmeg($_POST['referurl'], $robotlevel);
}
//检查是否获取到信息
if (!empty($arrayrobotmeg['leachmessage'])) {
$pagebreak = isset($_POST['itemid']) && intval($_POST['itemid']) == 0 ? 1 : 0;
$arrayrobotmeg['leachsubject'] = preg_replace("/\r/", '', $arrayrobotmeg['leachsubject']);
$arrayrobotmeg['leachmessage'] = addslashes($arrayrobotmeg['leachmessage']);
print <<<EOF
\t\t\t<script type="text/javascript">
\t\t\tparent.document.getElementById("subject").value = '{$arrayrobotmeg['leachsubject']}';
\t\t\tparent.document.getElementById("message").innerHTML = '';
\t\t\tfunction init() {
*/
if (!defined('IN_SUPESITE_ADMINCP')) {
exit('Access Denied');
}
//х╗оч
if (!checkperm('manageprefields')) {
showmessage('no_authority_management_operation');
}
$perpage = 20;
empty($_GET['page']) ? $page = 1 : ($page = intval($_GET['page']));
$page < 1 ? $page = 1 : '';
$type = postget('type');
if (empty($type)) {
$type = 'news';
}
$field = postget('field');
$newurl = $theurl . '&type=' . $type . '&field=' . $field;
$start = ($page - 1) * $perpage;
$listarr = array();
$thevalue = array();
//POST METHOD
if (submitcheck('valuesubmit')) {
$_POST['value'] = shtmlspecialchars($_POST['value']);
//ONE UPDATE OR ADD
if (empty($_POST['id'])) {
//ADD
$insertsqlarr = array('type' => $type, 'field' => $_POST['field'], 'value' => $_POST['value'], 'isdefault' => $_POST['isdefault']);
inserttable('prefields', $insertsqlarr, 0);
} else {
//UPDATE ONE
$id = $_POST['id'];
<?php
/*
[SupeSite] (C) 2007-2009 Comsenz Inc.
$Id: modelcomment.php 11485 2009-03-06 07:16:55Z zhaofei $
*/
if (!defined('IN_SUPESITE')) {
exit('Access Denied');
}
include_once S_ROOT . './function/model.func.php';
$modelname = empty($_SGET['name']) ? trim(postget('name')) : trim($_SGET['name']);
$cacheinfo = getmodelinfoall('modelname', $modelname);
if (empty($cacheinfo['models'])) {
showmessage('visit_the_channel_does_not_exist', S_URL);
}
$modelsinfoarr = $cacheinfo['models'];
if (empty($modelsinfoarr['allowcomment'])) {
showmessage('not_found', S_URL);
}
if (submitcheck('submitcomm', 1)) {
$itemid = empty($_POST['itemid']) ? 0 : intval($_POST['itemid']);
if (empty($itemid)) {
showmessage('not_found', S_URL);
}
if (empty($_SGLOBAL['supe_uid'])) {
if (empty($_SCONFIG['allowguest'])) {
$referarr = array();
$referquery = empty($_SERVER['HTTP_REFERER']) ? '' : parse_url($_SERVER['HTTP_REFERER']);
$referquery = empty($referquery['query']) ? '' : $referquery['query'];
if (!empty($referquery)) {
$referquery = addslashes($referquery);
$page = intval(postget('page'));
$page < 1 ? $page = 1 : '';
$start = ($page - 1) * $perpage;
$wheresqlstr = '';
$newurl = $theurl;
$search = trim(postget('search'));
if (submitcheck('searchsubmit') || !empty($search)) {
$_SGET['authorid'] = trim(postget('authorid'));
$_SGET['author'] = trim(postget('author'));
$_SGET['message'] = trim(postget('message'));
$_SGET['url'] = trim(postget('url'));
$_SGET['starttime'] = trim(postget('starttime'));
$_SGET['endtime'] = trim(postget('endtime'));
$_SGET['type'] = trim(postget('type'));
$_SGET['ip'] = trim(postget('ip'));
$_SGET['detail'] = trim(postget('detail'));
$urlplusarr[] = 'search=1';
$where1arr = array();
if (!empty($_SGET['authorid'])) {
$urlplusarr[] = 'authorid=' . $_SGET['authorid'];
$uarr = explode(',', $_SGET['authorid']);
$newuarr = array();
foreach ($uarr as $value) {
$value = intval(trim($value));
if (!empty($value)) {
$newuarr[] = $value;
}
}
if (!empty($newuarr)) {
$where1arr[] = "(authorid IN ('" . implode("','", $newuarr) . "'))";
}
if (!empty($_GET['editaid']) && ($editaid = intval($_GET['editaid']))) {
$editsubject = cutstr(trim(shtmlspecialchars($_POST['editsubject'])), 50);
updatetable('attachments', array('subject' => $editsubject), array('aid' => $editaid));
print <<<END
\t\t<script language="javascript">
\t\tvar div = parent.document.getElementById("div_upload_" + {$editaid});
\t\tvar pf = parent.document.getElementById("phpframe");
\t\tpf.src = "about:blank";
\t\tdiv.innerHTML = "{$editsubject}";
\t\t</script>
END;
exit;
}
//上传文件
//上传模式
$mode = intval(postget('mode'));
if ($mode > 3) {
exit;
}
$hash = trim(preg_replace("/[^a-z0-9\\-\\_]/i", '', trim($_POST['hash'])));
if (strlen($hash) != 16) {
showresult($blang['unable_to_complete_this_craft']);
}
//个数
$filecount = 1;
$query = $_SGLOBAL['db']->query('SELECT COUNT(*) FROM ' . tname('attachments') . ' WHERE hash=\'' . $hash . '\'');
$count = $_SGLOBAL['db']->result($query, 0);
$allowmax = intval($_POST['uploadallowmax']);
if ($allowmax > 0 && $count + $filecount > $allowmax) {
showresult($blang['the_number_has_reached_maximum']);
}
//默认每页显示列表数目
if (!$perpage) {
$perpage = 20;
}
$hashstr = smd5($_SGLOBAL['supe_uid'] . '/' . $_SGLOBAL['timestamp'] . random(6));
//附件识别码
//获取的变量初始化
$_SGET['page'] = intval(postget('page'));
$_SGET['catid'] = intval(postget('catid'));
$_SGET['itemtypeid'] = intval(postget('itemtypeid'));
$_SGET['digest'] = intval(postget('digest'));
$_SGET['fromtype'] = postget('fromtype');
$_SGET['order'] = postget('order');
$_SGET['sc'] = postget('sc');
$_SGET['searchid'] = intval(postget('searchid')) == 0 ? '' : intval(postget('searchid'));
$_SGET['searchkey'] = stripsearchkey(postget('searchkey'));
if (empty($_SGET['subtype'])) {
$_SGET['subtype'] = '';
}
$_SGET['page'] < 1 ? $_SGET['page'] = 1 : '';
if (!in_array($_SGET['order'], array('dateline', 'lastpost', 'uid', 'viewnum', 'replynum'))) {
$_SGET['order'] = '';
}
if (!in_array($_SGET['sc'], array('ASC', 'DESC'))) {
$_SGET['sc'] = 'DESC';
}
$theurl = CPURL . '?action=spacenews';
$urlplus = '&type=' . $type . '&catid=' . $_SGET['catid'] . '&itemtypeid=' . $_SGET['itemtypeid'] . '&folder=' . $_SGET['folder'] . '&digest=' . $_SGET['digest'] . '&order=' . $_SGET['order'] . '&sc=' . $_SGET['sc'] . '&subtype=' . $_SGET['subtype'] . '&perpage=' . $perpage . '&searchkey=' . rawurlencode($_SGET['searchkey']) . '&fromtype=' . $_SGET['fromtype'];
$newurl = $theurl . $urlplus . '&page=' . $_SGET['page'];
$gradearr = array('0' => $alang['general_state'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5']);
if (!empty($_SCONFIG['checkgrade'])) {
exit('Access Denied');
}
//权限
if (!checkperm('manageviewlog')) {
showmessage('no_authority_management_operation');
}
$page = empty($_GET['page']) && intval($_GET['page']) < 1 ? 1 : intval($_GET['page']);
$start = ($page - 1) * $perpage;
$perpage = empty($_GET['perpage']) ? 0 : intval($_GET['perpage']);
//默认每页显示列表数目
if (!$perpage) {
$perpage = 40;
}
$_GET['type'] = empty($_GET['type']) ? 'sys' : trim($_GET['type']);
$starttime = trim(postget('starttime'));
$endtime = trim(postget('endtime'));
$wherearr = array();
if ($starttime) {
$starttime = strtotime($starttime);
$wherearr[] = "(dateline >= '{$starttime}')";
}
if ($endtime) {
$endtime = strtotime($endtime);
$wherearr[] = "(dateline <= '{$endtime}')";
}
if ($wherearr) {
$wheresqlstr = ' WHERE';
$wheresqlstr .= implode(' AND ', $wherearr);
}
$multipage = '';
$list = array();
\t<tr><th><input type="checkbox" name="chkall" onclick="checkall(this.form, 'delexport')">{$alang['space_select_all']}</th></tr>
\t</table>
\t</table>
\t<div class="buttons">
\t\t<input type="submit" name="listsubmit" value="{$alang['common_submit']}" class="submit">
\t</div>
\t</form>
END;
} elseif ($op == 'importstart') {
$do = postget('do');
$delunzip = postget('delunzip');
$datafile = postget('datafile');
$confirm = postget('confirm');
$multivol = postget('multivol');
$datafile_vol1 = postget('datafile_vol1');
$autoimport = postget('autoimport');
if ($do == 'zip') {
require_once S_ROOT . './include/zip.lib.php';
$unzip = new SimpleUnzip();
$unzip->ReadFile($datadir . '/' . $datafile);
if ($unzip->Count() == 0 || $unzip->GetError(0) != 0 || !preg_match('/\\.sql$/i', $importfile = $unzip->GetName(0))) {
showmessage('database_import_file_illegal');
}
$identify = explode(',', base64_decode(preg_replace('/^# identify:\\s*(\\w+).*/s', '\\1', substr($unzip->GetData(0), 0, 256))));
$info = basename($datafile) . '<br />' . $alang['database_export_version'] . ':' . $identify[1] . '<br />' . $alang['database_export_type'] . ':' . $alang['database_export_' . $identify[2]] . '<br />' . $alang['database_method'] . ':' . ($identify[3] == 'multivol' ? $alang['database_multivol'] : $alang['database_shell']) . '<br />';
//检查版本号
$confirm = isset($confirm) ? 1 : 0;
if (!$confirm && $identify[1] != S_VER) {
echo "<table cellspacing='0' cellpadding='0' width='100%' class='helptable'>" . "<form method='post' action='{$theurl}&op=importstart&do=zip&datafile={$datafile}&confirm=yes' name='thevalueform' enctype='multipart/form-data'>" . '<input type="hidden" name="formhash" value="' . formhash() . '">' . "<tr><td align='center'>{$info}<br /><br /><br />{$alang['database_import_confirm']}<br /><br /></td></tr><br />\n" . "<tr><td align='center'><div class='buttons'>" . "<input type='submit' name='confirmed' value='{$alang['common_continue']}' class='submit'>" . " <input type='button' value='{$alang['common_back']}' onClick=\"location.href='{$theurl}&op=import'\"; class='submit'>" . "</div></td></tr></form></table>";
include_once template('admin/tpl/footer.htm', 1);
exit;
*/
if (!defined('IN_SUPESITE_ADMINCP')) {
exit('Acess Denied');
}
//权限
if (!checkperm('managead')) {
showmessage('no_authority_management_operation');
}
$perpage = 20;
$page = intval(postget('page'));
$page > 1 ? '' : ($page = 1);
$start = ($page - 1) * $perpage;
$thevalue = $listvalue = array();
$_GET['op'] = empty($_GET['op']) ? '' : $_GET['op'];
$system = intval(postget('system'));
$_POST['adid'] = intval(postget('adid'));
$_POST['type'] = empty($_POST['type']) ? '' : $_POST['type'];
$_POST['pagestyle'] = empty($_POST['pagestyle']) ? 'all' : $_POST['pagestyle'];
$_POST['pagetype'] = empty($_POST['pagetype']) ? '' : $_POST['pagetype'];
$_POST['starttime'] = empty($_POST['starttime']) ? sgmdate($_SGLOBAL['timestamp'], 'Y-m-d H:i:s') : $_POST['starttime'];
$_POST['endtime'] = empty($_POST['endtime']) ? '' : $_POST['endtime'];
$viewclass = $addsystemclass = $adduserclass = $isupdate = $pageout_style = '';
$adtypearr = array('1' => array('echo' => $alang['ad_adtype_echo'], 'js' => $alang['ad_adtype_js'], 'iframe' => $alang['ad_adtype_iframe']), '0' => array('text' => $alang['ad_adtype_text'], 'code' => $alang['ad_adtype_code'], 'image' => $alang['ad_adtype_image'], 'flash' => $alang['ad_adtype_flash']));
$pagetype = array('onepage' => $alang['ad_adtype_page_one'], 'twopage' => $alang['ad_adtype_page_two'], 'viewpage' => $alang['ad_adtype_page_view']);
$parameters = array('starttime' => $_POST['starttime'], 'endtime' => $_POST['endtime'], 'adechocontent' => '', 'adjscontent' => '', 'adiframecontent' => '', 'adcodecontent' => '', 'textcontent' => '', 'texturl' => '', 'fontsize' => '', 'imagesrc' => '', 'imageurl' => '', 'imagewidth' => '', 'imageheight' => '', 'imagetext' => '', 'flashsrc' => '', 'flashheight' => '', 'flashwidth' => '', 'iframewidth' => '0', 'iframeheight' => '0', 'outwidth' => '250', 'outheight' => '200');
$searcharr = array('all' => $alang['ad_adtype_all_page'], 'pageheadad' => $alang['ad_adtype_pageheadad_page'], 'pagecenterad' => $alang['ad_adtype_pagecenterad_page'], 'pagefootad' => $alang['ad_adtype_pagefootad_page'], 'pagemovead' => $alang['ad_adtype_pagemovead_page'], 'pageoutad' => $alang['ad_adtype_pageoutad_page'], 'pageoutindex' => $alang['ad_adtype_pageoutindex_page'], 'siderad' => $alang['ad_adtype_siderad'], 'viewinad' => $alang['ad_adtype_viewinad']);
if (submitcheck('listsubmit')) {
if (!empty($_POST['displayorderarr']) && is_array($_POST['displayorderarr'])) {
foreach ($_POST['displayorderarr'] as $key => $value) {
if (empty($_POST['adidarr']) || !in_array($key, $_POST['adidarr'])) {
$_POST['available'] = empty($_POST['availablearr'][$key]) ? 0 : 1;
$count = count($listarr);
$itemids = '';
}
//审核级别
$gradearr = array('0' => $alang['check_grade_0'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5']);
if (!empty($_SCONFIG['checkgrade'])) {
$newgradearr = explode("\t", $_SCONFIG['checkgrade']);
for ($i = 0; $i < 5; $i++) {
if (!empty($newgradearr[$i])) {
$gradearr[$i + 1] = $newgradearr[$i];
}
}
}
//分类
$catstr = '';
$ptype = postget('type');
if (!empty($ptype)) {
$catstr .= '<tr>
<th><input class="radio" type="radio" name="theop" value="move">' . $alang['mass_transfer_classification'] . '</th>
<td>
<select name="catid">';
$clistarr = getcategory($ptype);
foreach ($clistarr as $key => $value) {
$catstr .= '<option value="' . $value['catid'] . '">' . $value['pre'] . $value['name'] . '</option>';
}
$catstr .= '</select>
</td>
</tr>';
}
$formhash = formhash();
print <<<END
<td><a href="' . CPURL . '?action=modelfolders&mid=' . $_GET['mid'] . '&folder=2">' . $alang['waste_management_bins'] . '</a></td>';
echo '
</tr>
</table>
</td>
</tr>
</table>
';
//FILTER SHOW
if (!empty($catarr)) {
$orderarr = array('' => $alang['space_order_default'], 'dateline' => $alang['space_order_dateline'], 'lastpost' => $alang['space_order_lastpost'], 'viewnum' => $alang['space_order_viewnum'], 'replynum' => $alang['space_order_replynum']);
$scarr = array('ASC' => $alang['space_sc_asc'], 'DESC' => $alang['space_sc_desc']);
$catselectstr = '<select name="catid">';
$catselectstr .= '<option value="">' . $alang['space_all_catid'] . '</option>';
foreach ($catarr as $key => $value) {
$checkstr = postget('catid') == $value['catid'] ? ' selected' : '';
$catselectstr .= '<option value="' . $value['catid'] . '"' . $checkstr . '>' . $value['pre'] . $value['name'] . '</option>';
}
$catselectstr .= '</select>';
$orderselectstr = getselectstr('order', $orderarr);
$scselectstr = getselectstr('sc', $scarr);
$htmlstr = label(array('type' => 'form-start', 'name' => 'listform', 'action' => $newurl));
$htmlstr .= label(array('type' => 'table-start', 'class' => 'toptable'));
$htmlstr .= '<tr><td>';
$htmlstr .= 'itemid:</label> <input type="text" name="searchid" id="searchid" value="' . $_SGET['searchid'] . '" size="5" /> ';
$htmlstr .= $lang['subject'] . ':</label> <input type="text" name="searchkey" id="searchkey" value="" size="10" /> ';
$htmlstr .= $alang['space_select_filter'] . ': ' . $catselectstr . ' ' . $alang['space_order_filter'] . ': ' . $orderselectstr . ' ' . $scselectstr . ' <input type="hidden" name="mid" value="' . $_GET['mid'] . '"><input type="submit" name="filtersubmit" value="GO">';
$htmlstr .= '</td></tr>';
$htmlstr .= label(array('type' => 'table-end'));
$htmlstr .= label(array('type' => 'form-end'));
echo $htmlstr;
<?php
/*
[SupeSite] (C) 2007-2009 Comsenz Inc.
$Id: poll.php 13342 2009-09-16 05:43:20Z zhaofei $
*/
if (!defined('IN_SUPESITE')) {
exit('Access Denied');
}
//权限
if (!checkperm('allowvote')) {
showmessage('no_permission');
}
$pollid = empty($_SGET['pollid']) ? 0 : intval($_SGET['pollid']);
if (empty($pollid)) {
$pollid = intval(postget('pollid'));
}
if (empty($pollid)) {
showmessage('not_found', S_URL);
}
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('polls') . ' WHERE pollid=\'' . $pollid . '\'');
if (!($poll = $_SGLOBAL['db']->fetch_array($query))) {
showmessage('not_found', S_URL);
}
if (!empty($poll['pollsurl'])) {
sheader($poll['pollsurl']);
}
if (submitcheck('pollsubmit')) {
if (empty($_POST['votekey'])) {
showmessage('no_votekey');
}
$i++;
}
echo '</tr></table>';
echo '<br>';
}
//LIST SHOW
if (is_array($listarr) && $listarr) {
$adminmenu = $comma = '';
$adminmenuarr = array('import' => $alang['robotmessage_import'], 'delete' => $alang['robotmessage_delete']);
foreach ($adminmenuarr as $key => $value) {
$adminmenu .= $comma . '<input type="radio" name="operation" value="' . $key . '" onClick="jsop(this.value)"> ' . $value;
$comma = ' ';
}
$importdeletearr = array('0' => $alang['robotmessage_import_delete_0'], '1' => $alang['robotmessage_import_delete_1']);
$importallarr = array('1' => $alang['into_a_one_time'], '0' => $alang['only_selected_items']);
$robotid = intval(postget('robotid'));
$importcats = label(array('type' => 'select-div', 'alang' => 'robotmessage_import_category', 'name' => 'catid', 'radio' => 1, 'options' => $uplistarr, 'display' => 'none'));
$importcats = '';
$importcats = '<tr id="tr_catid" style="display:none"> <th>选择分类</th> <td><select name="import" id="catid">';
foreach ($uplistarr as $key => $cvalue) {
$importcats .= '<optgroup label="' . $channels['types'][$key]['name'] . '">';
foreach ($cvalue as $value) {
$importcats .= '<option value="' . $key . '_' . $value['catid'] . '"' . $checkstr . '>' . $value['pre'] . $value['name'] . '</option>';
}
$importcats .= '</optgroup>';
}
$importcats .= '</select></td></tr>';
if ($robotid) {
$importcats .= label(array('type' => 'radio', 'alang' => $alang['into_a_one_off'], 'name' => 'importall', 'options' => $importallarr, 'value' => '1', 'display' => 'none'));
}
$importcats .= label(array('type' => 'radio', 'alang' => 'robotmessage_import_delete', 'name' => 'importdelete', 'options' => $importdeletearr, 'value' => '0', 'display' => 'none'));
function checkkey($str, $ischeck = 0)
{
$str = stripsearchkey(postget($str));
if ($ischeck) {
if (empty($str)) {
showmessage('keyword_import_inquiry');
} elseif (strlen($str) < 2) {
showmessage('kwyword_import_short');
}
}
return $str;
}
\t\t</table>
\t</div>
\t<form method="post" name="thevalueform" id="theform" action="{$cpurl}?action=models">
\t<input type="hidden" name="formhash" value="{$formhash}">
\t<div class="buttons">
\t\t<input id="delmodelconfirm" type="submit" name="delmodelconfirm" value="{$alang['delete_model']}">
\t\t<input name="mid" type="hidden" id="mid" value="{$resultmodels['mid']}" />
\t</div>
\t</form>
EOF;
} elseif ($_GET['op'] == 'delfield') {
//ɾ³ý×Ö¶Î
//¼ì²éÄ£ÐÍÊÇ·ñ´æÔÚ
$_GET['mid'] = postget('mid');
$_GET['id'] = postget('id');
$_GET['mid'] = !empty($_GET['mid']) ? intval($_GET['mid']) : 0;
$_GET['id'] = !empty($_GET['id']) ? intval($_GET['id']) : 0;
$resultmodels = array();
$resultmodels = getmodelinfo($_GET['mid']);
$resultfield = array();
if ($_GET['mid'] > 0) {
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('modelcolumns') . ' WHERE id = \'' . $_GET['id'] . '\'');
$resultfield = $_SGLOBAL['db']->fetch_array($query);
if (empty($resultfield)) {
showmessage('field_not_exists');
}
} else {
showmessage('field_not_exists');
}
print <<<EOF
/*
[SupeSite] (C) 2007-2009 Comsenz Inc.
$Id: admin_attachmenttypes.php 13382 2009-10-09 07:06:41Z zhaofei $
*/
if (!defined('IN_SUPESITE_ADMINCP')) {
exit('Access Denied');
}
//х╗оч
if (!checkperm('manageattachmenttypes')) {
showmessage('no_authority_management_operation');
}
$perpage = 20;
$urlplus = '';
$newurl = $theurl . $urlplus;
$page = intval(postget('page'));
$page < 1 ? $page = 1 : '';
$start = ($page - 1) * $perpage;
//INIT RESULT VAR
$listarr = array();
$thevalue = array();
//POST METHOD
if (submitcheck('valuesubmit')) {
//ONE UPDATE OR ADD
$_POST['fileext'] = shtmlspecialchars(trim($_POST['fileext']));
if (strlen($_POST['fileext']) < 1 || strlen($_POST['fileext']) > 10) {
showmessage('attachmenttype_check_fileext');
}
$_POST['maxsize'] = intval($_POST['maxsize']);
$_POST['maxsize'] = $_POST['maxsize'] * 1024;
$sqlarr = array('fileext' => $_POST['fileext'], 'maxsize' => intval($_POST['maxsize']));
echo "非法注入";
exit;
}
if (eregi('select|insert|update|delete|\'|\\/\\*|\\*|\\.\\.\\/|\\.\\/|union|into|load_file|outfile', $knowlege) == true) {
echo "非法注入";
exit;
}
if (eregi('select|insert|update|delete|\'|\\/\\*|\\*|\\.\\.\\/|\\.\\/|union|into|load_file|outfile', $link) == true) {
echo "非法注入";
exit;
}
$type = postget('type');
$product = postget('product');
$person = postget('person');
$knowlege = postget('knowlege');
$link = postget('link');
$action = $_GET['action'];
$typefilter = $_GET['typefilter'];
$personfilter = $_GET['personfilter'];
$productfilter = $_GET['productfilter'];
$now = time();
$tourl = "?type={$type}&product={$product}&person={$person}&typefilter={$typefilter}&personfilter={$personfilter}&productfilter={$productfilter}";
if ($action == "addsave") {
if ($type == "" || $product == "" || $person == "" || $knowlege == "") {
showmessage("必须选择知识类别/适用产品线/适用角色!");
}
$sql = "insert into " . tname('bok') . " (type,product,person,knowlege,link,inserttime,adder,adder_ip) values ('{$type}','{$product}','{$person}','{$knowlege}','{$link}','{$now}','{$_SGLOBAL['member']['uid']}','{$_SGLOBAL['member']['ip']}')";
$_SGLOBAL['db']->query($sql);
showmessage("添加成功!", $tourl);
} else {
if ($action == "del") {
