function initCurrUpload($key, $value)
{
list($t, $i) = explode('_', $key);
$arr = array('id' => intval($i), 'attname' => $t, 'name' => S::escapeChar($value['name']), 'size' => intval($value['size']), 'type' => 'zip', 'ifthumb' => 0, 'fileuploadurl' => '');
$arr['ext'] = strtolower(substr(strrchr($arr['name'], '.'), 1));
return $arr;
}
function setData()
{
$bonus = S::escapeChar(S::getGP('bonus', 'P'), true);
$ctype = S::escapeChar(S::getGP('ctype', 'P'));
if (empty($bonus)) {
$bonus = array();
$bonus['best'] = $this->b_val;
$bonus['active'] = $this->a_val;
}
$bonus['best'] < $this->b_val && Showmsg('credit_limit');
$bonus['active'] < $this->a_val && Showmsg('credit_limit');
reset($this->allowcredit);
if (!$ctype['best']) {
$ctype['best'] = current($this->allowcredit);
}
if (!$ctype['active']) {
$ctype['active'] = current($this->allowcredit);
}
if (!in_array($ctype['best'], $this->allowcredit) || !in_array($ctype['active'], $this->allowcredit)) {
Showmsg('reward_credit_error');
}
$this->data['cbtype'] = $ctype['best'];
$this->data['catype'] = $ctype['active'];
$this->data['cbval'] = $bonus['best'];
$this->data['caval'] = $bonus['active'];
}
function writetoollog($log)
{
global $db, $db_bbsurl;
$log['type'] = getLangInfo('toollog', $log['type']);
$log['filename'] = S::escapeChar($log['filename']);
$log['username'] = S::escapeChar($log['username']);
$log['descrip'] = S::escapeChar(getLangInfo('toollog', $log['descrip'], $log));
$db->update("INSERT INTO pw_toollog SET " . S::sqlSingle(array('type' => $log['type'], 'filename' => $log['filename'], 'nums' => $log['nums'], 'money' => $log['money'], 'descrip' => $log['descrip'], 'uid' => $log['uid'], 'touid' => $log['touid'], 'username' => $log['username'], 'ip' => $log['ip'], 'time' => $log['time'])));
}
function writeforumlog($log)
{
$log['username1'] = S::escapeChar($log['username1']);
$log['username2'] = S::escapeChar($log['username2']);
$log['field1'] = S::escapeChar($log['field1']);
$log['field2'] = S::escapeChar($log['field2']);
$log['field3'] = S::escapeChar($log['field3']);
$log['descrip'] = S::escapeChar(getLangInfo('log', $log['descrip'], $log));
$GLOBALS['db']->update("INSERT INTO pw_forumlog SET " . S::sqlSingle(array('type' => $log['type'], 'username1' => $log['username1'], 'username2' => $log['username2'], 'field1' => $log['field1'], 'field2' => $log['field2'], 'field3' => $log['field3'], 'descrip' => $log['descrip'], 'timestamp' => $log['timestamp'], 'ip' => $log['ip']), false));
}
function update($uploaddb)
{
global $db_charset;
$this->transfer();
foreach ($uploaddb as $value) {
$value['descrip'] = S::escapeChar(S::getGP('atc_desc' . $value['id'], 'P'));
$value['name'] = stripslashes(pwConvert($value['name'], $db_charset, 'utf-8'));
$this->attachs[] = $value;
}
return $uploaddb;
}
function getBbsUrl()
{
global $pwServer, $db_dir;
$dirstrpos = strpos($pwServer['PHP_SELF'], $db_dir);
if ($dirstrpos !== false) {
$tmp = substr($pwServer['PHP_SELF'], 0, $dirstrpos);
$pwServer['PHP_SELF'] = "{$tmp}.php";
} else {
$tmp = $pwServer['PHP_SELF'];
}
return S::escapeChar("http://" . $pwServer['HTTP_HOST'] . substr($tmp, 0, strrpos($tmp, '/')));
}
function publishTemplatizedAction($uid, $descrip, $appid)
{
//插入动态信息
global $timestamp;
//$rt = $this->db->get_one("SELECT * FROM pw_userapp WHERE uid=".S::sqlEscape($uid)." AND appid=".S::sqlEscape($appid));
$appclient = L::loadClass('appclient');
$rt = $appclient->getUserAppByUidAndAppid($uid, $appid);
if ($rt['allowfeed']) {
$descrip = S::escapeChar($descrip);
$this->db->update("INSERT INTO pw_feed SET " . S::sqlSingle(array('uid' => $uid, 'type' => 'app', 'descrip' => $descrip, 'timestamp' => $timestamp), false));
return new ApiResponse(true);
}
return new ApiResponse(false);
}
function setCustomdata($customdata)
{
global $db_union;
if (!is_array($db_union)) {
$db_union = explode("\t", stripslashes($db_union));
}
$custominfo = unserialize($db_union[7]);
if ($custominfo && $customdata) {
foreach ($customdata as $key => $val) {
$key = S::escapeChar($key);
$customdata[stripslashes($key)] = stripslashes($val);
}
$this->memberinfo['customdata'] = serialize($customdata);
}
}
function _setData()
{
$goodsname = S::escapeChar(S::getGP('goodsname'));
$price = S::escapeChar(S::getGP('price'));
$costprice = S::escapeChar(S::getGP('costprice'));
$locus = S::escapeChar(S::getGP('locus'));
$mailfee = S::escapeChar(S::getGP('mailfee'));
$expressfee = S::escapeChar(S::getGP('expressfee'));
$emsfee = S::escapeChar(S::getGP('emsfee'));
$icon = S::escapeChar(S::getGP('attachment_1'));
$degree = intval(S::getGP('degree'));
$ptype = intval(S::getGP('ptype'));
$goodsnum = intval(S::getGP('goodsnum'));
$paymethod = S::escapeChar(S::getGP('paymethod'), 1);
$transport = intval(S::getGP('transport'));
!$goodsname && ($goodsname = S::escapeChar($_POST['atc_title']));
if (!is_numeric($costprice) || $costprice <= 0) {
Showmsg('goods_setprice');
}
$goodsnum < 1 && Showmsg('goods_num_error');
$paymethod && ($paymethod = array_sum($paymethod));
$paymethod < 1 && Showmsg('goods_pay_error');
!is_numeric($price) && ($price = 0);
if ($transport) {
!is_numeric($mailfee) && ($mailfee = 0);
!is_numeric($expressfee) && ($expressfee = 0);
!is_numeric($emsfee) && ($emsfee = 0);
if (!$mailfee && !$expressfee && !$emsfee) {
Showmsg('goods_logistics');
}
} else {
$mailfee = $expressfee = $emsfee = 0;
}
$goodsicon = '';
$this->data['name'] = $goodsname;
$this->data['price'] = $price;
$this->data['costprice'] = $costprice;
$this->data['locus'] = $locus;
$this->data['mailfee'] = $mailfee;
$this->data['expressfee'] = $expressfee;
$this->data['emsfee'] = $emsfee;
$this->data['degree'] = $degree;
$this->data['type'] = $ptype;
$this->data['num'] = $goodsnum;
$this->data['paymethod'] = $paymethod;
$this->data['transport'] = $transport;
$icon && ($this->data['icon'] = $icon);
}
function add($uid, $appid, $appname, $allowfeed, $descrip)
{
global $timestamp;
/*
$this->db->update("REPLACE INTO pw_userapp SET " . S::sqlSingle(array(
'uid' => $uid,
'appid' => $appid,
'appname' => $appname,
)));
*/
pwQuery::replace('pw_userapp', array('uid' => $uid, 'appid' => $appid, 'appname' => $appname));
if ($allowfeed) {
$descrip = S::escapeChar($descrip);
$this->db->update("INSERT INTO pw_feed SET " . S::sqlSingle(array('uid' => $uid, 'type' => 'app', 'descrip' => $descrip, 'timestamp' => $timestamp), false));
}
return new ApiResponse(true);
}
/**
* 以某个用户的身份给另一个用户发送短消息
* @param int $userId 发送者uid
* @param string $receiver 接受者用户名
* @param string $subject 标题
* @param string $content 内容
* return bool
*/
function sendMessage($userId, $receiver, $subject, $content)
{
global $winddb, $winduid, $windid, $groupid, $_G, $SYSTEM;
$userService = $this->_getUserService();
$winddb = $userService->get($userId, true, true);
$winduid = $winddb['uid'];
$groupid = $winddb['groupid'];
$windid = $winddb['username'];
$groupid == '-1' && ($groupid = $winddb['memberid']);
if (file_exists(D_P . "data/groupdb/group_{$groupid}.php")) {
extract(pwCache::getData(S::escapePath(D_P . "data/groupdb/group_{$groupid}.php", false)));
} else {
extract(pwCache::getData(D_P . 'data/groupdb/group_1.php', false));
}
M::sendMessage($userId, array($receiver), array('create_uid' => $winduid, 'create_username' => $windid, 'title' => S::escapeChar(stripslashes($subject)), 'content' => S::escapeChar(stripslashes($content))));
return new ApiResponse(true);
}
function _setData()
{
$this->data['subject'] = S::escapeChar(S::getGP('act_subject', 'P'));
$this->data['location'] = S::escapeChar(S::getGP('act_location', 'P'));
$this->data['sexneed'] = intval(S::getGP('act_sex'));
$act_starttime = S::escapeChar(S::getGP('act_starttime'));
$act_deadline = S::escapeChar(S::getGP('act_deadline'));
$act_endtime = S::escapeChar(S::getGP('act_endtime'));
$act_num = intval(S::getGP('act_num'));
$act_costs = intval(S::getGP('act_costs'));
!($this->data['subject'] && $act_starttime && $act_deadline) && Showmsg('active_data_empty');
$act_starttime = PwStrtoTime($act_starttime);
$act_endtime = PwStrtoTime($act_endtime);
$act_deadline = PwStrtoTime($act_deadline);
$act_num < 1 && ($act_num = 0);
$act_costs < 1 && ($act_costs = 0);
$this->data['starttime'] = $act_starttime;
$this->data['deadline'] = $act_deadline;
$this->data['endtime'] = $act_endtime;
$this->data['num'] = $act_num;
$this->data['costs'] = $act_costs;
}
function PW_Appclient()
{
global $db_siteappkey, $timestamp, $db_sitehash, $db_siteownerid, $db_siteid, $db_charset, $db_appifopen, $pwServer, $db_server_url, $db_bbsname;
$db_bbsurl = S::escapeChar("http://" . $pwServer['HTTP_HOST'] . substr($pwServer['PHP_SELF'], 0, strrpos($pwServer['PHP_SELF'], '/')));
if (!file_exists(D_P . "data/bbscache/forum_appinfo.php")) {
require_once R_P . "admin/cache.php";
updatecache_f();
}
//* @include_once pwCache::getPath(D_P . "data/bbscache/forum_appinfo.php");
extract(pwCache::getData(D_P . "data/bbscache/forum_appinfo.php", false));
$this->_db = $GLOBALS['db'];
$this->appkey = $db_siteappkey;
$this->timestamp = $timestamp;
$this->siteid = $db_siteid;
$this->siteownerid = $db_siteownerid;
$this->sitehash = $db_sitehash;
$this->bbsname = $db_bbsname;
$this->bbsurl = $db_bbsurl;
$this->charset = $db_charset;
$this->appifopen = $db_appifopen;
$this->server_url = $db_server_url;
$this->appinfo = $forum_appinfo;
}
function _setData()
{
global $timestamp;
$endtime = S::escapeChar(S::getGP('endtime'));
$obtitle = S::escapeChar(S::getGP('obtitle'));
$retitle = S::escapeChar(S::getGP('retitle'));
$umpire = S::escapeChar(S::getGP('umpire'));
$endtime = PwStrtoTime($endtime);
$endtime < $timestamp && Showmsg('debate_time');
if (empty($obtitle) || empty($retitle)) {
Showmsg('debate_notitle');
} elseif (strlen($obtitle) > 255 || strlen($retitle) > 255) {
Showmsg('debate_titlelen');
}
if ($umpire) {
$umpireuid = $this->db->get_value("SELECT uid FROM pw_members WHERE username=" . S::sqlEscape($umpire));
empty($umpireuid) && Showmsg('debate_noumpire');
}
$this->data['endtime'] = $endtime;
$this->data['obtitle'] = $obtitle;
$this->data['retitle'] = $retitle;
$this->data['umpire'] = $umpire;
$this->data['postdate'] = $timestamp;
}
function setDataAlipay($uid, $tableName, $fieldName, $required = false)
{
if (!$this->memberData[$uid][$tableName]['tradeinfo']) {
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
$userInfo = $userService->get($uid, true, false, true);
if (!$userInfo) {
return false;
}
$this->memberData[$uid][$tableName]['tradeinfo'] = $userInfo['tradeinfo'];
}
$tradeInfo = @(array) unserialize($userInfo['tradeinfo']);
$tradeInfo[$fieldName] = S::escapeChar(S::getGP($fieldName, 'P'));
if (!$required && !$tradeInfo[$fieldName] || $tradeInfo[$fieldName] && $this->checkAlipay($tradeInfo[$fieldName]) === true) {
$this->memberData[$uid][$tableName]['tradeinfo'] = serialize($tradeInfo);
return true;
} else {
return false;
}
}
<?php
!function_exists('readover') && exit('Forbidden');
$cachefile = D_P . 'data/bbscache/brith_cache.php';
if ((!file_exists($cachefile) || pwFilemtime($cachefile) <= $tdtime) && procLock('birth')) {
list($nyear, $nmonth, $nday) = explode('-', get_date($timestamp, 'Y-n-j'));
$birthnum = 0;
$query = $db->query("SELECT username,bday,gender FROM pw_members WHERE MONTH(bday)=" . S::sqlEscape($nmonth) . " AND DAYOFMONTH(bday)=" . S::sqlEscape($nday) . " LIMIT 200");
while ($rt = $db->fetch_array($query)) {
$birthnum++;
if ($rt['gender'] == 1) {
$rt['gender'] = getLangInfo('other', 'men');
} elseif ($rt['gender'] == 2) {
$rt['gender'] = getLangInfo('other', 'women');
} else {
$rt['gender'] = '';
}
$rt['username'] = S::escapeChar($rt['username']);
$rt['age'] = $nyear - substr($rt['bday'], 0, strpos($rt['bday'], '-'));
$brithcache .= ' <span><a target="_blank" class=" _cardshow" data-card-url="pw_ajax.php?action=smallcard&type=showcard&username='******'" data-card-key=' . $rt[username] . ' href="u.php?username='******'username']) . "\" title=\"{$rt['username']}{$rt['gender']}" . getLangInfo('other', 'indexbirth', array('age' => $rt['age'])) . "\">{$rt['username']}</a></span>";
}
pwCache::writeover($cachefile, "<?php\r\n\$birthnum=" . pw_var_export($birthnum) . ";\r\n\$brithcache=" . pw_var_export($brithcache) . ";\r\n?>");
procUnLock('birth');
} else {
include_once $cachefile;
}
$db_bdayautohide && !$brithcache && ($brithcache = 'empty');
$count = $db->get_value("SELECT COUNT(*) AS count FROM temp");
}
(!is_numeric($page) || $page < 1) && ($page = 1);
$pages = numofpage($count, $page, ceil($count / $db_perpage), "{$basename}&action={$action}&{$pageurl}");
$limit = S::sqlLimit(($page - 1) * $db_perpage, $db_perpage);
$query = $db->query("SELECT fid,gid FROM pw_permission WHERE {$sql} GROUP BY fid,gid {$limit}");
while ($rd = $db->fetch_array($query)) {
$g_d[] = $rd;
}
$jschk = ($fid || $gid) && $pages ? 'true' : 'false';
include PrintEot('singleright');
exit;
} elseif ($action == 'setright') {
//单用户权限设置
S::gp(array('uid', 'gid', 'fid'), 'GP', 2);
$pwuser = S::escapeChar(S::getGP('pwuser'));
$jumpurl = "{$basename}&action={$job}";
$f = $db->get_one("SELECT name,type FROM pw_forums WHERE fid=" . S::sqlEscape($fid));
empty($f) && adminmsg('undefined_action', $jumpurl);
//* include_once pwCache::getPath(D_P.'data/bbscache/forumcache.php');
pwCache::getData(D_P . 'data/bbscache/forumcache.php');
list($hidefid, $hideforum) = GetHiddenForum();
$forumcache .= $hideforum;
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
if (empty($_POST['step'])) {
if ($job == 'user') {
if ($pwuser) {
//add
$rt = $userService->getByUserName($pwuser);
if (empty($rt)) {
Showmsg('colony_manager');
}
$rt['ifadmin'] != -1 && $trueMemberCount++;
$toUsers[] = $rt['username'];
}
//* $db->update("DELETE FROM pw_cmembers WHERE colonyid=" . S::sqlEscape($cyid) . " AND uid IN(" . S::sqlImplode($selid) . ")");
pwQuery::delete('pw_cmembers', 'colonyid=:colonyid AND uid IN (:uid)', array($cyid, $selid));
$newColony->updateInfoCount(array('members' => -$trueMemberCount));
$colony['members'] -= $trueMemberCount;
updateGroupLevel($colony['id'], $colony);
break;
default:
Showmsg('undefined_action');
}
if ($toUsers) {
M::sendNotice($toUsers, array('title' => getLangInfo('writemsg', 'o_' . $operateStep . '_title', array('cname' => S::escapeChar($colony['cname']))), 'content' => getLangInfo('writemsg', 'o_' . $operateStep . '_content', array('cname' => S::escapeChar($colony['cname']), 'curl' => "{$db_bbsurl}/{$basename}cyid={$cyid}"))));
}
refreshto("{$basename}", 'operate_success');
}
} elseif ($a == 'fanoutmsg') {
define('AJAX', 1);
!$ifadmin && Showmsg('undefined_action');
if (empty($_POST['step'])) {
S::gp(array('selid', 'group'), null, 2);
$uids = $usernames = array();
if ($selid) {
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
foreach ($userService->getByUserIds($selid) as $rt) {
$uids[] = $rt['uid'];
$usernames[] = $rt['username'];
Showmsg('请选择分类!');
}
if (empty($o_style_relation[$firstgradestyle])) {
$styleid = $firstgradestyle;
} else {
!in_array($secondgradestyle, $o_style_relation[$firstgradestyle]) && Showmsg('请选择二级分类!');
$styleid = $secondgradestyle;
}
}
strlen($annouce) > 50000 && Showmsg('colony_annoucelimit');
$annouce = explode("\n", $annouce, 5);
end($annouce);
$annouce[key($annouce)] = str_replace(array("\r", "\n"), '', current($annouce));
$annouce = implode("\r\n", $annouce);
S::gp(array('title1', 'title2', 'title3', 'title4'));
$titlefont = S::escapeChar("{$title1}~{$title2}~{$title3}~{$title4}~{$title5}~{$title6}~");
$pwSQL = array('cname' => $cname, 'styleid' => $styleid, 'descrip' => $descrip, 'annouce' => $annouce, 'titlefont' => $titlefont);
require_once R_P . 'require/functions.php';
require_once A_P . 'groups/lib/imgupload.class.php';
if (empty($q_1)) {
$img = new CnimgUpload($cyid);
PwUpload::upload($img);
pwFtpClose($ftp);
if ($cnimg = $img->getImgUrl()) {
$pwSQL['cnimg'] = substr(strrchr($cnimg, '/'), 1);
}
} else {
$pwSQL['cnimg'] = '';
}
if (empty($q_2)) {
$banner = new BannerUpload($cyid);
if ($count > ($step * $percount)) {
$step++;
$j_url = "$basename&action=$action&step=$step&subject=" . rawurlencode($subject) . "&by=$by";
adminmsg("sendmsg_step", EncodeUrl($j_url), 1);
} else {
P_unlink($cache_file);
adminmsg('sendmsg_success');
}*/
} elseif ($by == 3) {
//增加按用户发送@modify panjl@2010-11-3
!$touser && adminmsg('operate_error');
if (empty($subject) || empty($atc_content)) {
adminmsg('sendmsg_empty');
}
$subject = S::escapeChar($subject);
$sendmessage = S::escapeChar($atc_content);
$userService = L::loadClass('UserService', 'user');
$to_a_temp = explode(',', $touser);
$to_a = array();
$to_a_err = array();
foreach ($to_a_temp as $value) {
$flag = $userService->isExistByUserName($value);
if (true === $flag) {
array_push($to_a, $value);
} else {
array_push($to_a_err, $value);
}
}
$to_a && ($sqlwhere = "username IN(" . S::sqlImplode($to_a) . ")");
$count = count($to_a);
if ($sqlwhere) {
}
$config['groups_creditlog'] = is_array($creditlog) && !empty($creditlog) ? $creditlog : array();
foreach ($config as $key => $value) {
setConfig("o_{$key}", $value, null, true);
}
updatecache_conf('o', true);
adminmsg('operate_success', $j_url);
}
} elseif ($action == 'setting') {
!is_array($config = $_POST['config']) && ($config = array());
foreach ($config as $key => $value) {
if ($value) {
$isint = false;
if ($_POST['step'] == 'basic') {
if ($key == 'name' || $key == 'moneytype') {
$config[$key] = S::escapeChar($value);
} elseif ($key == 'rate') {
$config[$key] = (double) $value;
} else {
$isint = true;
}
} else {
$isint = true;
}
$isint && ($config[$key] = (int) $value);
}
}
if ($_POST['step'] == 'basic') {
!is_array($groups = $_POST['groups']) && ($groups = array());
$config['groups'] = ',' . implode(',', $groups) . ',';
}
!defined('P_W') && exit('Forbidden');
$db_mode = 'area';
define('M_P', R_P . "mode/{$db_mode}/");
$m = $db_mode;
$db_modepages = $db_modepages[$db_mode];
$channelImagePath = 'mode/area/images';
$pwModeCss = 'mode/area/images/area_read_style.css';
$searchadd = $thread_children = $thread_online = $fastpost = $updatetop = $urladd = '';
wind_forumcheck($foruminfo);
$forumname = strip_tags($foruminfo['name']);
list($guidename, $forumtitle) = $pwforum->getTitle();
//list($guidename,$forumtitle) = getforumtitle(forumindex($foruminfo['fup'],1));
$db_metakeyword = trim(str_replace(array('|', ' - ', ' ', ',, ', ', , '), ', ', $forumtitle), ', ');
$foruminfo['keywords'] && ($db_metakeyword = $foruminfo['keywords'] . ',' . $db_metakeyword);
if ($foruminfo['descrip']) {
$db_metadescrip = S::escapeChar(strip_tags($foruminfo['descrip']));
$db_metadescrip = $db_bbsname . ',' . str_replace(array("\n", ' ', '&', '<', '>'), '', $db_metadescrip);
}
$toptids = $foruminfo['topthreads'];
$pwSystem = array();
$isGM = $isBM = $admincheck = $ajaxcheck = $managecheck = $pwAnonyHide = $pwPostHide = $pwSellHide = $pwEncodeHide = 0;
if ($groupid != 'guest') {
$isGM = S::inArray($windid, $manager);
$isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid);
$admincheck = $isGM || $isBM ? 1 : 0;
if (!$isGM) {
$pwSystem = pwRights($isBM);
if ($pwSystem && ($pwSystem['tpccheck'] || $pwSystem['digestadmin'] || $pwSystem['lockadmin'] || $pwSystem['pushadmin'] || $pwSystem['coloradmin'] || $pwSystem['downadmin'] || $pwSystem['delatc'] || $pwSystem['moveatc'] || $pwSystem['copyatc'] || $pwSystem['topped'] || $pwSystem['unite'] || $pwSystem['tpctype'])) {
//system rights
$managecheck = 1;
}
<?php
!defined('P_W') && exit('Forbidden');
require_once R_P . 'require/bbscode.php';
S::gp(array('pcid', 'modelid'), 'P', 2);
$fielddb = array();
$data = array();
$atc_content = S::escapeChar(stripslashes(S::getGP('atc_content', 'P')));
$pcinfo = S::escapeChar(stripslashes(S::getGP('pcinfo', 'P')));
if ($modelid > 0) {
$query = $db->query("SELECT fieldid,fieldname FROM pw_topicfield WHERE modelid=" . S::sqlEscape($modelid));
while ($rt = $db->fetch_array($query)) {
$fielddb[$rt['fieldid']] = $rt['fieldname'];
}
$pcdb = getPcviewdata($pcinfo, 'topic');
L::loadClass('posttopic', 'forum', false);
$postTopic = new postTopic($data);
$topicvalue = $postTopic->getTopicvalue($modelid, $pcdb);
} elseif ($pcid > 0) {
$query = $db->query("SELECT fieldid,fieldname FROM pw_pcfield WHERE pcid=" . S::sqlEscape($pcid));
while ($rt = $db->fetch_array($query)) {
$fielddb[$rt['fieldname']] = $rt['fieldid'];
}
$pcdb = getPcviewdata($pcinfo, 'postcate');
L::loadClass('postcate', 'forum', false);
$postCate = new postCate($data);
list(, $topicvalue) = $postCate->getCatevalue($pcid, $pcdb);
}
$atc_content = wordsConvert($atc_content);
$atc_content = convert($atc_content, $db_windpost);
$preatc = str_replace("\n", "<br>", $atc_content);
$db->update(pwQuery::buildClause("UPDATE :pw_table SET article=article+:article,subtopic=subtopic+:subtopic WHERE fid=:fid", array('pw_forumdata', $article, $topic, $fup)));
}
} elseif ($type == 'category') {
$topic = $article = 0;
}
$lt = $db->get_one("SELECT tid,author,postdate,lastpost,lastposter,subject FROM pw_threads WHERE fid=" . S::sqlEscape($fid) . "AND specialsort=0 AND ifcheck=1 AND lastpost>0 ORDER BY lastpost DESC LIMIT 0,1");
if ($lt['tid']) {
$lt['subject'] = substrs($lt['subject'], 21);
if ($lt['postdate'] != $lt['lastpost']) {
$lt['subject'] = 'Re:' . $lt['subject'];
$add = '&page=e#a';
}
$toread = $cms ? '&toread=1' : '';
$htmurl = $db_readdir . '/' . $fid . '/' . date('ym', $lt['postdate']) . '/' . $lt['tid'] . '.html';
$new_url = file_exists(R_P . $htmurl) && $allowhtm == 1 && !$cms ? "{$R_url}/{$htmurl}" : "read.php?tid={$lt['tid']}{$toread}{$add}";
$lastinfo = addslashes(S::escapeChar($lt['subject']) . "\t" . $lt['lastposter'] . "\t" . $lt['lastpost'] . "\t" . $new_url);
} else {
$lastinfo = '';
}
//* $db->update("UPDATE pw_forumdata SET topic=".S::sqlEscape($topic).',article=article+'.S::sqlEscape($article).',lastpost='.S::sqlEscape($lastinfo).' WHERE fid='.S::sqlEscape($fid));
$db->update(pwQuery::buildClause("UPDATE :pw_table SET topic=:topic, article=article+:article,lastpost=:lastpost WHERE fid=:fid", array('pw_forumdata', $topic, $article, $lastinfo, $fid)));
}
if ($goon) {
adminmsg('updatecache_step', EncodeUrl($j_url));
} else {
adminmsg('operate_success');
}
} elseif ($action == 'thread') {
$pwServer['REQUEST_METHOD'] != 'POST' && PostCheck($verify);
S::gp(array('step', 'percount'));
!$step && ($step = 1);
function checkdata()
{
$this->data['title'] = S::escapeChar($this->data['title']);
//$this->data['ifwordsfb'] = $this->wordsfb->ifwordsfb(stripslashes($this->data['content']));
if ($this->data['convert']) {
$this->data['content'] = $this->html_check($this->data['content']);
$this->windcodeCheck();
} else {
$this->data['convert'] = 1;
}
if ($this->data['ifsign'] < 2) {
$this->data['content'] = S::escapeChar($this->data['content']);
} else {
$this->data['content'] = preg_replace(array("/<script.*>.*<\\/script>/is", "/<(([^\"']|\"[^\"]*\"|'[^']*')*?)>/eis", "/javascript/i", "/<iframe[^>]*>.*<\\/iframe>/is"), array("", "\$this->jscv('\\1')", "java script", ''), str_replace('.', '.', $this->data['content']));
}
//$this->setIfcheck();
$this->wordFilter();
$this->checkLinks();
$this->setAttachs();
}
require_once R_P . 'require/credit.php';
$creditset = $db->get_value("SELECT creditset FROM pw_forumsextra WHERE fid=" . S::sqlEscape($fid));
$creditset = $creditset ? unserialize($creditset) : array();
}
$ajaxurl = EncodeUrl($basename);
include PrintEot('setforum');
exit;
} elseif ($_POST['step'] == 2) {
$forum = $db->get_one("SELECT type,fup,forumadmin,logo FROM pw_forums WHERE fid=" . S::sqlEscape($fid));
S::gp(array('name', 'descrip', 'metadescrip'), 'P', 0);
S::gp(array('vieworder', 'dirname', 'style', 'across', 'keywords', 'c_type'), 'P');
Cookie('thisPWTabs', $c_type, 'F', false);
$name = str_replace('<iframe', '<iframe', $name);
$descrip = str_replace('<iframe', '<iframe', $descrip);
$metadescrip = str_replace('<iframe', '<iframe', $metadescrip);
$keywords = S::escapeChar($keywords);
//去掉版块简介字数限制@modify panjl@2010-11-2
//strlen($descrip)>250 && adminmsg('descrip_long');
strlen($metadescrip) > 250 && adminmsg('descrip_long', $basename . $c_type . '&action=edit&fid=' . $fid);
if ($forum['type'] == 'category') {
/*
$db->update("UPDATE pw_forums SET " . S::sqlSingle(array(
'name' => $name,
'vieworder' => $vieworder,
'dirname' => $dirname,
'style' => $style,
'across' => $across,
'cms' => $cms
)) . " WHERE fid=".S::sqlEscape($fid));
*/
pwQuery::update('pw_forums', 'fid=:fid', array($fid), array('name' => $name, 'vieworder' => $vieworder, 'dirname' => $dirname, 'style' => $style, 'across' => $across, 'cms' => $cms));
/**
* 记录积分日志
*
* @param string $logtype 日志类型
* @param array $setv 积分值 array('money' => ??, 'rvrc' => ??, ...)
* @param array $log 日志信息描述
*/
function addLog($logtype, $setv, $log)
{
global $db_ifcredit, $timestamp;
$credit_pop = '';
$uid = $log['uid'];
foreach ($setv as $key => $affect) {
if (isset($this->cType[$key]) && $affect != 0 && $this->_checkLogSet($logtype, $key)) {
$log['username'] = S::escapeChar($log['username']);
$log['cname'] = $this->cType[$key];
$log['affect'] = $affect;
$log['affect'] > 0 && ($log['affect'] = '+' . $log['affect']);
$log['descrip'] = S::escapeChar(strip_tags(getLangInfo('creditlog', $logtype, $log)));
$credit_pop .= $key . ":" . $log['affect'] . '|';
$this->cLog[] = array($log['uid'], $log['username'], $key, $affect, $timestamp, $logtype, $log['ip'], $log['descrip']);
}
}
if ($db_ifcredit && $credit_pop) {
//Credit Changes Tips
$credit_pop = $logtype . '|' . $credit_pop;
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
$userService->update($uid, array(), array('creditpop' => $credit_pop));
}
}
function addLog($creditlog, $username, $uid, $logtype)
{
global $db, $creditset, $credit, $timestamp, $db_ifcredit, $onlineip;
$credit_pop = '';
$cLog = array();
empty($creditset) && ($creditset = array());
foreach ($creditset as $key => $affect) {
if (isset($credit->cType[$key]) && $affect != 0 && isset($creditlog[$key])) {
$log['username'] = S::escapeChar($username);
$log['cname'] = $credit->cType[$key];
$log['affect'] = $affect;
$log['affect'] > 0 && ($log['affect'] = '+' . $log['affect']);
$log['descrip'] = S::escapeChar(getLangInfo('creditlog', $logtype, $log));
$credit_pop .= $key . ":" . $log['affect'] . '|';
$cLog[] = array($uid, $log['username'], $key, $affect, $timestamp, $logtype, $onlineip, $log['descrip']);
}
}
if ($db_ifcredit && $credit_pop) {
//Credit Changes Tips
$credit_pop = $logtype . '|' . $credit_pop;
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
$userService->update($uid, array(), array('creditpop' => $credit_pop));
}
if (!empty($cLog)) {
$db->update("INSERT INTO pw_creditlog (uid,username,ctype,affect,adddate,logtype,ip,descrip) VALUES " . S::sqlMulti($cLog, false));
}
$cLog = array();
}
if ($read['pid']) {
$threadService = L::loadClass('threads', 'forum');
$atData = $threadService->getAtUsers($tid, array($read['pid']));
$read['atusers'] = $atData[$read['pid']];
}
if (is_numeric($winduid) && strlen($windpwd) >= 16) {
$winddb = User_info();
list($winduid, $groupid, $userrvrc, $windid, $_datefm, $_timedf, $credit_pop) = array($winddb['uid'], $winddb['groupid'], floor($winddb['rvrc'] / 10), $winddb['username'], $winddb['datefm'], $winddb['timedf'], $winddb['creditpop']);
if ($credit_pop && $db_ifcredit) {
//Credit Changes Tips
$credit_pop = str_replace(array('<', '"', '>'), array('<', '"', '>'), $credit_pop);
list($tmpCreditPop, $creditOuterData) = array('', array());
$creditOuterData = explode(',', $credit_pop);
foreach ($creditOuterData as $value) {
$creditdb = explode('|', $value);
$tmpCreditPop .= ($tmpCreditPop ? '<br/>' : '') . S::escapeChar(GetCreditLang('creditpop', $creditdb['0']));
unset($creditdb['0']);
foreach ($creditdb as $val) {
list($credit_1, $credit_2) = explode(':', $val);
$tmpCreditPop .= '<span class="st2">' . pwCreditNames($credit_1) . ' <span class="f24">' . $credit_2 . '</span></span>';
}
}
$credit_pop = $tmpCreditPop;
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
$userService->update($winduid, array(), array('creditpop' => ''));
}
}
$db_ifcredit && $credit_pop && (require PrintEot('credit_pop'));
require_once PrintEot('read_addfloor');
// $output = ob_get_contents();
}
require_once PrintEot('forumcp');
footer();
} elseif ($type == 'addmsg') {
if (empty($_POST['step'])) {
$adminname = explode(',', trim($forums['forumadmin'], ','));
require_once PrintEot('forumcp');
footer();
} else {
PostCheck();
!$fid && Showmsg('annouce_fid');
S::gp(array('msgtype', 'toname', 'savetime'), 'P');
!$msgtype && !$toname && Showmsg('forummsg_object');
$msgtype == 1 ? $toname = '' : ($msgtype = 2);
$savetime = $timestamp + (intval($savetime) > 0 ? intval($savetime) : 30) * 86400;
$message = trim(S::escapeChar($_POST['message']));
!$message && Showmsg('forummsg_content');
$toname = "," . implode(',', $toname) . ",";
$pwSQL = S::sqlSingle(array('fid' => $fid, 'uid' => $winduid, 'username' => $windid, 'toname' => $toname, 'msgtype' => $msgtype, 'posttime' => $timestamp, 'savetime' => $savetime, 'message' => $message));
$db->update("INSERT INTO pw_forummsg SET {$pwSQL}");
refreshto("forumcp.php?action=edit&type=msg&fid={$fid}", 'operate_success');
}
}
} elseif ($action == 'del') {
PostCheck();
S::gp(array('selid', 'type'));
$selids = array();
foreach ($selid as $key => $value) {
is_numeric($value) && ($selids[] = $value);
}
if ($selids) {
