function is_vdvalue($validate)
{
if ($validate != strtolower(GetCkVdValue())) {
ResetVdValue();
return false;
}
return true;
}
$dsql->Execute();
while ($row = $dsql->GetArray()) {
$friends[] = $row;
}
$row = $dsql->GetOne("SELECT * FROM `#@__member_pms` WHERE id='{$id}' AND (fromid='{$cfg_ml->M_ID}' OR toid='{$cfg_ml->M_ID}')");
if (!is_array($row)) {
ShowMsg('对不起,你指定的消息不存在或你没权限查看!', '-1');
exit;
}
$dsql->ExecuteNoneQuery("UPDATE `#@__member_pms` SET hasview=1 WHERE id='{$id}' AND folder='inbox' AND toid='{$cfg_ml->M_ID}'");
$dsql->ExecuteNoneQuery("UPDATE `#@__member_pms` SET hasview=1 WHERE folder='outbox' AND toid='{$cfg_ml->M_ID}'");
include_once dirname(__FILE__) . '/templets/pm-read.htm';
exit;
} else {
if ($dopost == 'savesend') {
$svali = GetCkVdValue();
if (preg_match("/5/", $safe_gdopen)) {
if (strtolower($vdcode) != $svali || $svali == '') {
ResetVdValue();
ShowMsg('验证码错误!', '-1');
exit;
}
}
$faqkey = isset($faqkey) && is_numeric($faqkey) ? $faqkey : 0;
if ($safe_faq_msg == 1) {
if ($safefaqs[$faqkey]['answer'] != $safeanswer || $safeanswer == '') {
ShowMsg('验证问题答案错误', '-1');
exit;
}
}
if ($subject == '') {
$page = empty($page) ? 1 : intval($page);
$pagesize = 10;
/*----------------------
获得指定页的评论内容
function getlist(){ }
----------------------*/
if ($dopost == 'getlist') {
$totalcount = GetList($page);
GetPageList($pagesize, $totalcount);
exit;
} else {
if ($dopost == 'send') {
require_once DEDEINC . '/charset.func.php';
//检查验证码
if ($cfg_feedback_ck == 'Y') {
$svali = strtolower(trim(GetCkVdValue()));
if (strtolower($validate) != $svali || $svali == '') {
ResetVdValue();
echo '<font color="red">验证码错误,请点击验证码图片更新验证码!</font>';
exit;
}
}
$arcRow = GetOneArchive($aid);
if (empty($arcRow['aid'])) {
echo '<font color="red">无法查看未知文档的评论!</font>';
exit;
}
if (isset($arcRow['notpost']) && $arcRow['notpost'] == 1) {
echo '<font color="red">这篇文档禁止评论!</font>';
exit;
}
<?php
require_once dirname(__FILE__) . '/include/config.inc.php';
//留言内容处理
if (isset($action) and $action == 'add') {
if (empty($nickname) or empty($content) or empty($validate)) {
header('location:message.php');
exit;
}
//检测数据正确性
if (strtolower($validate) != strtolower(GetCkVdValue())) {
ResetVdValue();
ShowMsg('验证码不正确!', '?c=login');
exit;
} else {
$r = $dosql->GetOne("SELECT Max(orderid) AS orderid FROM `#@__message`");
$orderid = empty($r['orderid']) ? 1 : $r['orderid'] + 1;
$nickname = htmlspecialchars($nickname);
$contact = htmlspecialchars($contact);
$content = htmlspecialchars($content);
$posttime = GetMkTime(time());
$ip = gethostbyname($_SERVER['REMOTE_ADDR']);
$sql = "INSERT INTO `#@__message` (siteid, nickname, contact, content, orderid, posttime, htop, rtop, checkinfo, ip) VALUES (1, '{$nickname}', '{$contact}', '{$content}', '{$orderid}', '{$posttime}', '', '', 'false', '{$ip}')";
if ($dosql->ExecNoneQuery($sql)) {
ShowMsg('留言成功,感谢您的支持!', 'message.php');
exit;
}
}
}
//验证码获取函数
function GetCkVdValue()
}
foreach ($ticketinfo as $k => $v) {
$pv->Fields[$k] = $v;
}
$pkname = get_par_value($info['kindlist'], $typeid);
//上一级
//获取上级开启了导航的目的地
getTopNavDest($info['kindlist']);
$pv->SetTemplet(SLINETEMPLATE . "/" . $cfg_df_style . "/" . "spots/" . "spot_booking.htm");
$pv->Display();
exit;
} else {
if ($dopost == "savebooking") {
//验证验证码
$checkcode = $_POST['checkcode'];
$orgCheckcode = GetCkVdValue();
if ($checkcode != $orgCheckcode || empty($checkcode)) {
echo 'nocheckcode';
return;
}
$_SESSION['total_value'] = '';
$needjifen = $usejifen ? Helper_Archive::getNeedJifen($jifentprice) : 0;
$userinfo = $User->getInfoByMid($User->uid);
//获取用户信息
//这里再次判断用户积分是否满足条件.
if ($userinfo['jifen'] < $needjifen) {
$usejifen = 0;
$needjifen = 0;
}
$ordersn = get_order_sn('05');
//订单号
if ($a == 'logout') {
setcookie('username', '', time() - 3600);
setcookie('userid', '', time() - 3600);
setcookie('lastlogintime', '', time() - 3600);
setcookie('lastloginip', '', time() - 3600);
header('location:?c=login');
exit;
} else {
if ($a == 'findpwd2') {
if (!isset($_POST['username'])) {
header('location:?c=findpwd');
exit;
}
//检测验证码
$validate = empty($validate) ? '' : strtolower($validate);
if ($validate == '' || $validate != strtolower(GetCkVdValue())) {
ResetVdValue();
ShowMsg('验证码不正确!', '?c=findpwd');
exit;
} else {
$r = $dosql->GetOne("SELECT `id` FROM `#@__member` WHERE `username`='{$username}'");
if (!isset($r['id'])) {
ShowMsg('请输入正确的账号信息!', '?c=findpwd');
exit;
}
}
} else {
if ($a == 'quesfind') {
if (!isset($_POST['uname'])) {
header('location:?c=findpwd');
exit;
include 'templets/login_ad.htm';
exit;
}
//检测后台目录是否更名
$cururl = GetCurUrl();
if (preg_match('/dede\\/login/i', $cururl)) {
$redmsg = '<div class=\'safe-tips\'>您的管理目录的名称中包含默认名称dede,建议在FTP里把它修改为其它名称,那样会更安全!</div>';
} else {
$redmsg = '';
}
//登录检测
$admindirs = explode('/', str_replace("\\", '/', dirname(__FILE__)));
$admindir = $admindirs[count($admindirs) - 1];
if ($dopost == 'login') {
$validate = empty($validate) ? '' : strtolower(trim($validate));
$svali = strtolower(GetCkVdValue());
if (($validate == '' || $validate != $svali) && preg_match("/6/", $safe_gdopen)) {
ResetVdValue();
ShowMsg('验证码不正确!', 'login.php', 0, 1000);
exit;
} else {
$cuserLogin = new userLogin($admindir);
if (!empty($userid) && !empty($pwd)) {
$res = $cuserLogin->checkUser($userid, $pwd);
//success
if ($res == 1) {
$cuserLogin->keepUser();
if (!empty($gotopage)) {
ShowMsg('成功登录,正在转向管理管理主页!', $gotopage);
exit;
} else {
function ac_edit_save()
{
$data['askaid'] = request('askaid', '');
$data['askaid'] = is_numeric($data['askaid']) ? $data['askaid'] : 0;
$data['title'] = request('title', '');
$data['content'] = request('content', '');
$data['faqkey'] = request('faqkey', '');
$data['vdcode'] = request('vdcode', '');
$data['safeanswer'] = request('safeanswer', '');
//获取问题的基本信息
$question = $this->question->get_one("id='{$data['askaid']}'");
//对问题进行判断
if ($question['uid'] != $this->cfg_ml->M_ID && $this->cfg_ml->isAdmin != 1) {
ShowMsg('非法操作,请返回', '-1');
exit;
} else {
if ($question['expiredtime'] < $GLOBALS['cfg_ask_timestamp'] && $this->cfg_ml->isAdmin != 1) {
ShowMsg('问题已经过期', '-1');
exit;
} else {
if ($question['status'] == 1 && $this->cfg_ml->isAdmin != 1) {
ShowMsg('问题已经解决,不能被修改!', '-1');
exit;
}
}
}
//检查问题名称
if ($data['title'] == '') {
ShowMsg('问题名称不能为空');
exit;
} else {
if (strlen($data['title']) > 80) {
ShowMsg('问题不能大于80字节');
exit;
} else {
if (strlen($data['title']) < 8) {
ShowMsg('问题不能小于8字节');
exit;
}
}
}
//检查问题内容
if (empty($data['content'])) {
ShowMsg('问题说明内容不能为空!');
exit;
}
//检查验证码
if (preg_match("#7#", $GLOBALS['safe_gdopen'])) {
$svali = GetCkVdValue();
if (strtolower($data['vdcode']) != $svali || $svali == '') {
ResetVdValue();
ShowMsg('验证码错误!', '-1');
exit;
}
}
//检查验证问题
$faqkey = isset($data['faqkey']) && is_numeric($data['faqkey']) ? $data['faqkey'] : 0;
if ($GLOBALS['gdfaq_ask'] == 'Y') {
global $safefaqs;
if ($safefaqs[$faqkey]['answer'] != $data['safeanswer'] || $data['safeanswer'] == '') {
ShowMsg('验证问题答案错误', '-1');
exit;
}
}
$data['title'] = preg_replace("#{$GLOBALS['cfg_replacestr']}#", "***", HtmlReplace($data['title'], 1));
$data['content'] = preg_replace("#{$GLOBALS['cfg_replacestr']}#", "***", HtmlReplace($data['content'], -1));
//保存修改问题
$set = "title = '{$data['title']}',content = '{$data['content']}'";
$wheresql = "id ='{$data['askaid']}'";
$rs = $this->question->update_ask($set, $wheresql);
if ($rs) {
//保存附加信息
if ($addition == 1) {
$this->question->update_additions($addi, $data['askaid']);
}
clearmyaddon($data['askaid'], $data['title']);
ShowMsg("编辑成功!", "?ct=question&askaid=" . $data['askaid']);
exit;
} else {
ShowMsg("编辑失败!", "?ct=question&askaid=" . $data['askaid']);
exit;
}
}
else if (thiscode=='')
{
alert('请输入验证码!');
return false;
}
else
return true;
}
</SCRIPT>
<META content="MSHTML 6.00.2900.5583" name=GENERATOR></HEAD>
<BODY leftMargin=0 topMargin=0 onload=document.form1.username.focus() MARGINHEIGHT="0" MARGINWIDTH="0">
<?php
require_once dirname(__FILE__) . "/include/config_rglobals.php";
require_once dirname(__FILE__) . "/include/config_base.php";
if ($action == 'login') {
if (GetCkVdValue() == $code) {
//登陆处理
$username = eregi_replace("['\"\$ \r\n\t;<>\\*%\\?]", '', $username);
$loginip = getip();
$logindate = getdatetimemk(time());
$lsql = new Dedesql(false);
$sql = str_replace('#@__', $cfg_dbprefix, "select * from #@__boss where boss='{$username}' and password='******'");
$lsql->SetQuery($sql);
$lsql->Execute();
$rowcount = $lsql->GetTotalRow();
if ($rowcount == 0) {
$message = '用户或密码错误被系统拒绝登陆!';
WriteNote($message, $logindate, $loginip, $username);
showmsg($message, -1);
} else {
//可以正常登陆,写登陆数据
function validateEmail()
{
global $dsql, $email, $emailcode, $checkcode, $password, $repassword;
$isregcode = Helper_Archive::getEmailMsgConfig('reg_msgcode');
$isregcode = $isregcode['isopen'];
if ($isregcode == 1 && (empty($emailcode) || $_SESSION['emailcode_' . md5($email)] != $emailcode)) {
return '验证码错误';
} else {
if ($isregcode != 1 && (empty($checkcode) || strtolower(GetCkVdValue()) != strtolower($checkcode))) {
return '验证码错误';
}
}
$row = $dsql->GetOne("select count(*) as num from #@__member where email='{$email}'");
if ($row['num'] > 0) {
return '该邮箱已经被注册';
}
$pattern = "/([a-z0-9]*[-_\\.]?[a-z0-9]+)*@([a-z0-9]*[-_]?[a-z0-9]+)+[\\.][a-z]{2,3}([\\.][a-z]{2})?/i";
if (!preg_match($pattern, $email)) {
return '邮箱格式错误';
}
if (strlen($password) < 6) {
return '密码长度不得小于6位';
}
if ($password != $repassword) {
return '密码确认错误';
}
return true;
}
$leaveArr['title'] = strip_tags(trim($_POST['title']));
$leaveArr['content'] = strip_tags(trim($_POST['content']));
$leaveArr['webid'] = $GLOBALS['sys_child_webid'];
$leaveArr['phone'] = strip_tags(trim($_POST['phone']));
$leaveArr['email'] = strip_tags(trim($_POST['email']));
$leaveArr['qq'] = strip_tags(trim($_POST['qq']));
$leaveArr['weixin'] = strip_tags(trim($_POST['weixin']));
$leaveArr['addtime'] = time();
$leaveArr['nickname'] = $_POST['ishidename'] == 1 ? '匿名' : strip_tags($_POST['leavename']);
$leaveArr['nickname'] = empty($leaveArr['nickname']) ? '匿名' : $leaveArr['nickname'];
$leaveArr['ip'] = GetIP();
$leaveArr['questype'] = 1;
if ($User->IsLogin()) {
$leaveArr['memberid'] = $User->uid;
}
$checkcode = GetCkVdValue();
try {
if ($checkcode != $_POST['checkcode']) {
throw new Exception('验证码错误');
}
$_SESSION['total_value'] = '';
if (empty($leaveArr['title'])) {
throw new Exception('标题不能为空');
}
if (empty($leaveArr['content'])) {
throw new Exception('内容不能为空');
}
if (empty($leaveArr['qq']) && empty($leaveArr['phone']) && empty($leaveArr['email']) && empty($leaveArr['weixin'])) {
throw new Exception('请至少填写一种联系方式');
}
$model = new CommonModule('sline_question');
<?php
require_once dirname(__FILE__) . "/../include/common.inc.php";
if ($dopost == 'checkcode') {
$checkc = strtolower(GetCkVdValue());
if ($checkc == strtolower($checkcode)) {
echo 'ok';
} else {
echo 'no';
}
exit;
}
$checkc = strtolower(GetCkVdValue());
if ($checkc != strtolower($checkcode)) {
Helper_Archive::showMsg("验证码错误", -1, 0, 3);
}
if (empty($articleid) || empty($content) || empty($typeid)) {
Helper_Archive::showMsg("评论错误", -1, 0, 3);
}
$pid = empty($pid) ? 0 : $pid;
$dockid = empty($dockid) ? 0 : $dockid;
$memberid = $niming == 1 ? 0 : $User->uid;
$addtime = time();
$content = htmlspecialchars($content);
if (!get_magic_quotes_gpc()) {
$content = addslashes($content);
}
switch ($typeid) {
case 1:
$table = '#@__line';
$urlpath = 'lines';
echo $status;
}
//检测手机短信验证码
if ($action == 'checkmsgcode') {
@session_start();
$status = 0;
$msgcode = $_SESSION['msgcode'];
if ($code == $msgcode) {
$status = 1;
}
echo json_encode(array('status' => $status));
}
//检测一般验证码
if ($action == 'checktxtcode') {
$status = 0;
$txtcode = GetCkVdValue();
if ($code == $txtcode) {
$status = 1;
}
echo json_encode(array('status' => $status));
}
//结伴信息保存
if ($action == 'savejieban') {
@session_start();
$status = 1;
if (!isset($_COOKIE['u_mobile']) && !isset($_COOKIE['u_nickname'])) {
exit;
}
if ($User->IsLogin()) {
$memberid = $User->uid;
} else {
require_once dirname(__FILE__) . "/config.php";
/**
* @desc 找回密码
* @author netman
*/
$step = !empty($step) ? $step : 1;
$pv = new View(0);
//找回密码第一步
if ($step == 1) {
$pv->SetTemplet(MEMBERTEMPLET . "findpass1.htm");
$pv->Display();
exit;
}
//找回密码第二步
if ($step == 2) {
$scode = GetCkVdValue();
//验证码检测
if (strtolower($scode) != strtolower($checkcode)) {
ShowMsg('验证码错误', '-1', 1);
}
//用户名检测
$arr = checkUname($loginname);
$isPhone = strpos($loginname, '@') === false ? true : false;
$msgInfo = Helper_Archive::getDefineMsgInfo2('reg_findpwd');
if (!empty($arr)) {
//短信找回密码是否开启
if ($msgInfo['isopen'] == 1 && $isPhone) {
$findtype = '手机找回';
//$code = getRandCode(5);//验证码
//$content = "尊敬的会员,请您在{$GLOBALS['cfg_webname']}中输入以下验证码:{$code},完成密码找回验证.";
//Helper_Archive::sendMsg($loginname,'',$content);
