function init_request()
{
require TIPASK_ROOT . '/config.php';
header('Content-type: text/html; charset=' . TIPASK_CHARSET);
//给浏览器识别,sbie6
$querystring = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
$pos = strpos($querystring, '.');
if ($pos !== false) {
$querystring = substr($querystring, 0, $pos);
}
$andpos = strpos($querystring, "&");
$andpos && ($querystring = substr($querystring, 0, $andpos));
$this->get = explode('/', $querystring);
if (empty($this->get[0])) {
$curPageURL = curPageURL();
$curPageURL = strtr($curPageURL, array('http://' => '', '/' => ''));
if ($curPageURL == config::ADMIN_DOMAIN) {
$this->get[0] = 'admin_main';
} else {
$this->get[0] = 'index';
}
}
if (empty($this->get[1])) {
$this->get[1] = 'default';
}
if (count($this->get) < 2) {
exit(' Access Denied !');
}
unset($GLOBALS, $_ENV, $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_ENV_VARS);
$this->get = taddslashes($this->get, 1);
$this->post = taddslashes(array_merge($_GET, $_POST));
unset($_POST);
}
function init_user()
{
@($auth = tcookie('auth'));
$user = array('uid' => 0);
@(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", strcode($auth, AUTH_KEY, 'DECODE')), 1));
if ($uid && $password) {
$finduser = $this('user')->findById($uid);
$finduser && $password == $finduser['password'] && ($user = $finduser);
}
$user['ip'] = $this->ip;
$this->user = $user;
}
function taddslashes($string, $force = 0)
{
if (!MAGIC_QUOTES_GPC || $force) {
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = taddslashes($val, $force);
}
} else {
$string = addslashes($string);
}
}
return $string;
}
function do_datago($mysql,$tableno,$do,$start,$limit){
global $whereis, $dbhost, $dbuser, $dbpw, $tablepre,$fromdbname, $todbcharset, $dbcfg,$dbcharset;
$allowcharset = array('latin1' => 'gbk','gbk' => 'utf8','utf8' => 'latin1');
$tablename = 'Tables_in_'.strtolower($fromdbname).' ('.$tablepre.'%)';
$mysql = mysql_connect($dbhost, $dbuser, $dbpw);
mysql_select_db($fromdbname);
mysql_query("SET sql_mode=''");
$query = mysql_query('SHOW TABLES LIKE \''.$tablepre.'%\'');
while($t = mysql_fetch_array($query,MYSQL_ASSOC)) {
$tablearray[] = $t[$tablename];
}
$table = $tablearray["$tableno"];
$query = mysql_query('SHOW TABLE STATUS LIKE '.'\''.$table.'\'');
$tableinfo = array();
while($t = mysql_fetch_array($query,MYSQL_ASSOC)) {
$charset = explode('_',$t['Collation']);
$t['Collation'] = $charset[0];
$tableinfo = $t;
}
if($allowcharset[$tableinfo['Collation']] != $todbcharset && $allowcharset[$todbcharset] != $tableinfo['Collation']){
if(strpos($tableinfo['Name'],$todbcharset) == 0) {
$table = '';
} else {
echo "<h4>$title</h4><br><br><table><tr><th>提示信息</th></tr><tr><td>$tableinfo[Name] 表数据库编码出错</td></tr></table>";
exit;
}
}
mysql_query("SET NAMES '$tableinfo[Collation]'");
if($do == 'create') {
$tablecreate=array();
foreach ($tablearray as $key => $value){
$query=mysql_query("SHOW CREATE TABLE $value");
while($t = mysql_fetch_array($query,MYSQL_ASSOC)){
$t['Create Table'] = str_replace($tablepre,$whereis.'_',$t['Create Table']);
$t['Create Table'] = str_replace("$tableinfo[Collation]","$todbcharset",$t['Create Table']);
$t['Create Table'] = str_replace($whereis.'_',$todbcharset.$whereis.'_',$t['Create Table']);
$t['Table'] = str_replace($tablepre,$todbcharset.$whereis.'_',$t['Table']);
$tablecreate[]=$t;
}
}
mysql_query('SET NAMES \''.$todbcharset.'\'');
if(mysql_get_server_info() > '5.0'){
mysql_query("SET sql_mode=''");
}
foreach ($tablecreate as $key => $value){
mysql_query("DROP TABLE IF EXISTS `$value[Table]`");
mysql_query($value['Create Table']);
$count++;
}
$toolstip .= '所有的表创建完成,数据库共有 '.$count.' 个表!<br>';
show_tools_message($toolstip,"tools.php?action=datago&do=data&fromdbname=$fromdbname&todbcharset=$todbcharset&submit=%D7%AA%BB%BB");
} elseif($do == 'data') {
$count = 0;
$data = array();
$newtable = str_replace($tablepre,$todbcharset.$whereis.'_',$table);
if($table) {
mysql_query("SET NAMES '$tableinfo[Collation]'");
$query = mysql_query("SELECT * FROM $table LIMIT $start,$limit");
while($t = mysql_fetch_array($query,MYSQL_ASSOC)) {
$data[] = $t;
}
unset($t);
$todbcharset2 = $todbcharset;
if($tableinfo['Collation'] == 'utf8' || $todbcharset=='utf8'){
$todbcharset2 = $tableinfo['Collation'];
}
mysql_query('SET NAMES \''.$todbcharset2.'\'');
if(mysql_get_server_info() > '5.0'){
mysql_query("SET sql_mode=''");
}
if($start == 0){
mysql_query("TRUNCATE TABLE $newtable");
}
foreach($data as $key => $value){
$sql='';
foreach($value as $tokey => $tovalue){
$tovalue = addslashes($tovalue);
$sql = $sql ? $sql.",'".$tovalue."'" : "'".$tovalue."'";
}
mysql_query("INSERT INTO $newtable VALUES($sql)") or mysql_errno();
$count++;
}
if($count == $limit) {
$start += $count;
show_tools_message("正在转移 $table 表的从 $start 条记录开始的后 $limit 条记录","tools.php?action=datago&do=data&fromdbname=$fromdbname&todbcharset=$todbcharset&tableno=$tableno&start=$start&submit=%D7%AA%BB%BB");
} else {
$tableno ++;
show_tools_message("正在转移 $table 表的从 $start 条记录开始的后 $limit 条记录","tools.php?action=datago&do=data&fromdbname=$fromdbname&todbcharset=$todbcharset&tableno=$tableno&submit=%D7%AA%BB%BB",$time='1000');
}
} elseif($dbcharset == 'latin1' || $todbcharset == 'latin1') {
echo "<div class=\"specialdiv2\" id=\"serialize\">转换提示:<ul>
</ul></div>";
echo '<script>$("serialize").innerHTML+="<li>转换完成!转换后的数据库前缀为:<font color=red>'.$todbcharset.$whereis.'_ </font></li>";
$("serialize").scrollTop=$("serialize").scrollHeight;</script>';
} else {
$toolstip = '数据编码转换完毕,修复序列化数据。';
show_tools_message($toolstip,"tools.php?action=datago&do=serialize&fromdbname=$fromdbname&todbcharset=$todbcharset&submit=%D7%AA%BB%BB");
}
} elseif($do == 'serialize' && $dbcharset!='latin1' && $todbcharset!='latin1') {
if($whereis == 'is_ss') {
$a = array('0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f');
foreach($a as $num) {
mysql_query("TRUNCATE TABLE ".$todbcharset.$whereis.'_'."cache_".$num);
}
}
$arr = getlistarray($whereis,'datago');
$limit = '3000';
echo "<div class=\"specialdiv2\" id=\"serialize\">转换提示:<ul>
</ul></div>";
foreach($arr as $field) {
$stable = $todbcharset.$whereis.'_'.$field[0];
$sfield = $field[1];
$sid = $field[2];
$query = mysql_query("SELECT $sid,$sfield FROM $stable ORDER BY $sid DESC LIMIT $limit");
while($values = mysql_fetch_array($query,MYSQL_ASSOC)) {
$data = $values[$sfield];
$id = $values[$sid];
$data = preg_replace_callback('/s:([0-9]+?):"([\s\S]*?)";/','_serialize',$data);
$data = taddslashes($data);
if(mysql_query("update `$stable` set `$sfield`='$data' where `$sid`='$id'")) {
$toolstip = $stable.' 表的 '.$sid.' 为 '.$id.' 的 '.$sfield.' 字段,修复成功<br/>';
} else {
$toolstip = $stable.' 表的 '.$sid.' 为 '.$id.' 的 '.$sfield.' 字段,<font color=red>修复失败</font><br/>';
}
echo '<script>$("serialize").innerHTML+="'.$toolstip.'";
$("serialize").scrollTop=$("serialize").scrollHeight;</script>';
}
}
mysql_close($mysql);
echo '<script>$("serialize").innerHTML+="<li>转换完成!请检查修复记录。转换后的数据库前缀为:<font color=red>'.$todbcharset.$whereis.'_ </font></li>";
$("serialize").scrollTop=$("serialize").scrollHeight;</script>';
}
}
function onfollow()
{
$qid = intval($this->get[2]);
$question = taddslashes($_ENV['question']->get($qid), 1);
if (!$question) {
$this->message("问题不存在!");
exit;
}
$page = max(1, intval($this->get[3]));
$pagesize = $this->setting['list_default'];
$startindex = ($page - 1) * $pagesize;
$followerlist = $_ENV['question']->get_follower($qid, $startindex, $pagesize);
$rownum = $this->db->fetch_total('question_attention', " qid={$qid} ");
$departstr = page($rownum, $pagesize, $page, "question/follow/{$qid}");
include template("question_follower");
}
function taddslashes($string, $force = 1)
{
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = taddslashes($val, $force);
}
} else {
$string = addslashes($string);
}
return $string;
}
function onad()
{
if (isset($this->post['submit'])) {
$this->setting['ads'] = taddslashes(serialize($this->post['ad']), 1);
$_ENV['setting']->update($this->setting);
$type = 'correctmsg';
$message = '广告修改成功!';
$this->setting = $this->cache->load('setting');
}
$adlist = tstripslashes(unserialize($this->setting['ads']));
include template('setting_ad', 'admin');
}
require_once "../../lib/cache.class.php";
require_once "../../lib/db.class.php";
require_once "./API/qqConnectAPI.php";
define('TIPASK_ROOT', substr(dirname(__FILE__), 0, -15));
define(SITE_URL, 'http://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, -27));
$db = new db(DB_HOST, DB_USER, DB_PW, DB_NAME, DB_CHARSET, DB_CONNECT);
$cache = new cache($db);
$setting = $cache->load('setting');
$qc = new QC();
$token = $qc->qq_callback();
$openid = $qc->get_openid();
$qc = new QC($token, $openid);
$sid = tcookie('sid');
$auth = tcookie('auth');
$user = array();
list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", authcode($auth, 'DECODE')), 1);
$user = array();
if ($uid && $password) {
$user = get_user($uid);
if ($password != $user['password']) {
$user = array();
}
}
if (!$user) {
$user = get_by_openid($openid);
} else {
remove_auth($openid);
add_auth($token, $openid, $uid);
header("Location:" . SITE_URL . "index.php?user/mycategory");
exit;
}
$return = array('msg' => '失败', 'return' => 2);
}
} else {
$return = array('msg' => 'qid不存在', 'return' => 3);
}
}
echo json_encode($return);
} else {
if ($post['act'] == 'user_confirm') {
$qid = intval($post['qid']);
if ($qid <= 0) {
$return = array('msg' => '非法参数qid', 'return' => 4);
} else {
$complainInfo = $_ENV['complain']->Get($qid);
if (isset($complainInfo['id'])) {
$dataArr = array('order_id' => taddslashes($post['order_id']), 'good_id' => taddslashes($post['good_id']), 'author' => taddslashes($post['author']), 'author_id' => taddslashes($post['author_id']));
$result = $_ENV['complain']->Update($qid, $dataArr);
if ($result) {
$_ENV['question']->rebuildQuestionDetail($post['qid'], "complain");
$return = array('msg' => '成功', 'return' => 1);
} else {
$return = array('msg' => '失败', 'return' => 2);
}
} else {
$return = array('msg' => 'qid不存在', 'return' => 3);
}
}
echo json_encode($return);
} else {
if ($post['act'] == 'evaluate_count') {
$count = intval($post['count']);
function init_user()
{
@($sid = tcookie('sid'));
@($auth = tcookie('auth'));
$user = array();
@(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", authcode($auth, 'DECODE')), 1));
if (!$sid) {
$sid = substr(md5(time() . $this->ip . random(6)), 16, 16);
tcookie('sid', $sid, 31536000);
}
$this->load('user');
if ($uid && $password) {
$user = $_ENV['user']->get_by_uid($uid, 0);
$password != $user['password'] && ($user = array());
}
if (!$user) {
$user['uid'] = 0;
$user['groupid'] = 6;
}
$_ENV['user']->refresh_session_time($sid, $user['uid']);
$user['sid'] = $sid;
$user['ip'] = $this->ip;
$user['uid'] && ($user['loginuser'] = $user['username']);
$user['uid'] && ($user['avatar'] = get_avatar_dir($user['uid']));
$this->user = array_merge($user, $this->usergroup[$user['groupid']]);
}
function complainQuestionTransform($post)
{
$qid = intval($post['qid']);
//投诉id
$loginId = taddslashes(trim($post['loginId']));
// 操作人
$to_type = trim($post['to_type']);
// 转换类型 suggest or ask
$LogName = TIPASK_ROOT . "/data/logs/transformLog.txt";
if ($this->base->setting['complainTransAskSuggest'] == 0) {
return 3;
// sc投诉转咨询、建议开关没打开
}
$complainInfo = $this->Get($qid, "*", '0,1,2');
if (!isset($complainInfo['id'])) {
return 4;
// 问题不存在
}
$comment = unserialize($complainInfo['comment']);
//$comment['convert']['to_id'] = 0;
if (intval($comment['convert']['to_id']) == 0) {
$categaryInfo = $_ENV['category']->getByQuestionType($to_type);
// 获取问题分类信息
if (isset($categaryInfo['id'])) {
$complainInfo['cid'] = $categaryInfo['id'];
} else {
$complainInfo['cid'] = $_ENV['question']->getType(1);
}
if (isset($complainInfo['qtype']) && $complainInfo['qtype'] > 0) {
$qtypeInfo = $_ENV['qtype']->GetQType($complainInfo['qtype']);
// 获取问题qtype信息
if (isset($qtypeInfo['id'])) {
$date = date("Y-m-d", $complainInfo['time']);
$_ENV['question']->modifyUserQtypeNum($date, $qtypeInfo['id'], $to_type, 1);
$_ENV['question']->modifyUserQtypeNum($date, $qtypeInfo['id'], 'complain', -1);
}
}
$comment = unserialize($complainInfo['comment']);
$new_comment = serialize(array('reason' => $post['reason']));
if (isset($comment['convert']['from_id']) && $comment['convert']['from_id'] > 0) {
$from_id = $comment['convert']['from_id'];
} else {
$from_id = 0;
}
$contact = unserialize($complainInfo['contact']);
$new_comment = $contact;
$new_comment['convert'] = array('from_type' => 'complain', 'from_id' => $complainInfo['id'], 'reason' => $post['reason']);
$new_comment['OS'] = $comment['OS'];
$new_comment['Browser'] = $comment['Browser'];
$new_comment['order_id'] = $complainInfo['order_id'];
$hidden = $complainInfo['public'] == 2 ? 2 : 1;
$questionInfo = array('author' => $complainInfo['author'], 'author_id' => $complainInfo['author_id'], 'title' => $complainInfo['title'], 'description' => $complainInfo['description'], 'comment' => serialize($new_comment), 'qtype' => $complainInfo['qtype'], 'attach' => $complainInfo['photo'], 'time' => $complainInfo['time'], 'ip' => $complainInfo['ip'], 'cid' => $complainInfo['cid'], 'qtype' => $complainInfo['qtype'], 'hidden' => $hidden);
$this->pdo->begin();
$insertId = $_ENV['question']->insert($questionInfo);
if (intval($insertId) > 0) {
$transform = array('from_id' => $qid, 'from_type' => 'complain', 'to_type' => $to_type, 'to_id' => $insertId, 'ApplyOperator' => $loginId, 'AcceptOperator' => "system", 'comment' => serialize($new_comment), 'acceptTime' => $_SERVER['REQUEST_TIME'], 'applyTime' => $_SERVER['REQUEST_TIME'], 'transform_status' => 1, 'AuthorName' => $complainInfo['author']);
$comment['convert'] = array('to_type' => $to_type, 'to_id' => $insertId, 'transformTime' => $_SERVER['REQUEST_TIME'], 'loginId' => $loginId, 'reason' => $post['reason']);
$dataArr = array('comment' => serialize($comment), 'public' => 1, 'sync' => 1);
// 更新关联投诉ID到投诉表,隐藏该投诉问题
$updateNum = $this->Update($complainInfo['id'], $dataArr);
$transformLogId = $_ENV['question']->insertTransformLog($transform);
if ($updateNum > 0 && $transformLogId > 0) {
$this->pdo->commit();
$this->base->sys_admin_log($insertId, $complainInfo['author'], "投诉单转换,理由:" . $post['reason'], 18);
if ($from_id > 0) {
$QuestionInfo = $_ENV['question']->Get($from_id);
$_ENV['question']->ApplyToOperator($insertId, $QuestionInfo['js_kf'], 18);
}
return $insertId;
// success
} else {
$this->pdo->rollBack();
return 2;
// failure rollback
}
} else {
$this->pdo->rollBack();
return 2;
// failure rollback
}
} else {
return $comment['convert']['to_id'];
// 问题已经转过成功
}
}
