function _init()
{
if ($this->action == "modify" && strtolower($this->pwService['REQUEST_METHOD']) == "post") {
$this->_modify();
ObHeader($this->jump);
}
if ($this->action == "delete" && strtolower($this->pwService['REQUEST_METHOD']) == "get") {
$this->_delete();
ObHeader($this->jump);
}
}
}
$db->update("INSERT INTO pw_topiccate" . " SET " . pwSqlSingle(array('name' => $name, 'ifable' => $ifable, 'vieworder' => $vieworder)));
$cateid = $db->insert_id();
$db->update("INSERT INTO pw_topicmodel" . " SET " . pwSqlSingle(array('name' => getLangInfo('other', 'pc_defaultmodel'), 'cateid' => $cateid, 'vieworder' => 0, 'ifable' => 1)));
$modelid = $db->insert_id();
$charset = $db->charset;
$createsql = "CREATE TABLE " . $PW . "topicvalue" . $modelid . " (tid mediumint(8) unsigned NOT NULL,fid SMALLINT(6) UNSIGNED NOT NULL ,ifrecycle TINYINT(1) NOT NULL default 0,PRIMARY KEY (tid))";
if ($db->server_info() >= '4.1') {
$extra = " ENGINE=MyISAM" . ($charset ? " DEFAULT CHARSET={$charset}" : '');
} else {
$extra = " TYPE=MyISAM";
}
$createsql = $createsql . $extra;
$db->query($createsql);
updatecache_topic();
ObHeader("{$basename}&action=editmodel&cateid={$cateid}");
}
} elseif ($action == 'edittopic') {
if (empty($_POST['step'])) {
$selectmodel = '';
extract($db->get_one("SELECT cateid,name,ifable,vieworder,ifdel FROM pw_topiccate WHERE cateid=" . pwEscape($cateid)));
$query = $db->query("SELECT name,modelid,cateid,ifable FROM pw_topicmodel WHERE cateid=" . pwEscape($cateid));
while ($rt = $db->fetch_array($query)) {
$checked = '';
if ($rt['ifable']) {
$checked = 'checked';
}
$selectmodel .= "<span class=\"mr15 w fl\"><input style=\"vertical-align:middle;\" type=\"checkbox\" class=\"input\" name=\"modelid[{$rt['modelid']}]\" value=\"{$rt['ifable']}\" {$checked}>{$rt['name']}</span>";
}
ifcheck($ifable, 'ifable');
include PrintEot('topiccate');
Showmsg('undefined_action');
}
//* include_once pwCache::getPath(D_P.'data/bbscache/ol_config.php');
pwCache::getData(D_P . 'data/bbscache/ol_config.php');
if (!$ol_onlinepay) {
Showmsg($ol_whycolse);
}
$grouptitle = $rt['grouptitle'];
$order_no = '1' . str_pad($winduid, 10, "0", STR_PAD_LEFT) . get_date($timestamp, 'YmdHis') . num_rand(5);
$db->update("INSERT INTO pw_clientorder SET " . S::sqlSingle(array('order_no' => $order_no, 'type' => 3, 'uid' => $winduid, 'paycredit' => $gid, 'price' => $rt['sright']['rmbprice'], 'number' => $days, 'date' => $timestamp, 'state' => 0, 'extra_1' => $options)));
if (!$ol_payto) {
Showmsg('olpay_alipayerror');
}
require_once R_P . 'require/onlinepay.php';
$olpay = new OnlinePay($ol_payto);
ObHeader($olpay->alipayurl($order_no, round($rt['sright']['rmbprice'] * $days, 2), 3));
}
if (md5($pwpwd) != $mb['password']) {
Showmsg('password_error');
}
if ($rt['sright']['sellprice'] <= 0) {
Showmsg('undefined_action');
}
$needcur = $days * $rt['sright']['sellprice'];
$cur = $credit->get($winduid, $rt['sright']['selltype']);
if ($cur === false) {
Showmsg('numerics_checkfailed');
}
if ($cur < $needcur) {
Showmsg('noenough_currency');
}
require_once R_P . 'require/credit.php';
$o_photos_creditset = unserialize($o_photos_creditset);
$creditset = getCreditset($o_photos_creditset['Deletephoto'], false);
$creditset = array_diff($creditset, array(0));
foreach ($creditset as $key => $value) {
$moneyName = $credit->cType[$key];
$unit = $credit->cUnit[$key];
$creditPops .= $value . $unit . $moneyName . ",";
}
$deletePhotoCredit = $creditset ? '删除照片会扣除积分:' . $creditPops . '继续吗?' : '是否确认删除?';
list($photo, $nearphoto, $prePid, $nextPid) = $result;
$isown = $photo['ownerid'] == $winduid ? '1' : '0';
if (!$isown) {
//转跳处理
$url = $db_bbsurl . "/apps.php?q=photos&a=view&pid=" . $pid . "&uid=" . $photo['ownerid'];
ObHeader($url);
}
$u = $photo['ownerid'];
$username = $photo['owner'];
$aid = $photo['aid'];
$page = (int) S::getGP('page');
$page < 1 && ($page = 1);
$url = $basename . 'a=view&pid=' . $pid;
$url .= $ifriend == 1 ? '&ifriend=' . $ifriend . '&' : '&';
require_once R_P . 'require/bbscode.php';
list($commentdb, $subcommentdb, $pages) = getCommentDbByTypeid('photo', $pid, $page, $url);
$comment_type = 'photo';
$comment_typeid = $pid;
$ouserdataService = L::loadClass('Ouserdata', 'sns');
/* @var $ouserdataService PW_Ouserdata */
$myOuserData = $ouserdataService->get($photo['ownerid']);
$memberdb['ifpay'] != 1 && Showmsg('act_refund_error');
//支付宝支付成功才能退款
if (!$memberdb['refundcost'] || !preg_match("/^(([1-9]\\d*)|0)(\\.\\d{0,2})?\$/", $memberdb['refundcost']) || $memberdb['refundcost'] > number_format($memberdb['totalcash'] - $tempcost, 2, '.', '')) {
//费用错误、超出剩余费用
Showmsg('act_refund_cash_error');
}
$refundcost = number_format($memberdb['refundcost'], 2, '.', '');
//退款金额
$defaultValueTableName = getActivityValueTableNameByActmid();
$defaultValue = $db->get_one("SELECT user_id,paymethod,endtime FROM {$defaultValueTableName} WHERE tid=" . S::sqlEscape($tid));
$defaultValue['endtime'] + 30 * 86400 < $timestamp && Showmsg('act_endtime_toolong');
//结束时间后一个月,>0 则可以操作,< 0无法操作
$defaultValue['paymethod'] != 1 && Showmsg('act_toalipay_paymethod');
//支付宝支付才能退款
$param = array('out_trade_no' => $memberdb['out_trade_no'], 'operator_id' => $defaultValue['user_id'], 'refund_fee' => $refundcost, 'notify_url' => "{$db_bbsurl}/act_alipay_receive.php", 'return_url' => "{$db_bbsurl}/read.php?tid={$tid}");
ObHeader($AlipayInterface->alipayurl($param));
}
/**
* 生成随机码
* @param int $len 位数
* @param string 随机串
*/
function generatestr($len)
{
mt_srand((double) microtime() * 1000000);
$keychars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWYXZ";
$maxlen = strlen($keychars) - 1;
$str = '';
for ($i = 0; $i < $len; $i++) {
$str .= $keychars[mt_rand(0, $maxlen)];
}
/*删除静态*/
$htmurl = $db_htmdir . '/' . $dfid . '/' . get_date('ym', $threaddb['postdate']) . '/' . $dtid . '.html';
if (file_exists(R_P . $htmurl)) {
P_unlink(R_P . $htmurl);
}
}
//* P_unlink(D_P.'data/bbscache/c_cache.php');
pwCache::deleteData(D_P . 'data/bbscache/c_cache.php');
adminmsg('operate_success', "{$admin_file}?adminjob=superdel&admintype=article&action={$action}&fid={$_POST['fid']}&tid={$_POST['tid']}&pstart={$pstart}&pend={$pend}&author=" . rawurlencode($author) . "&keyword=" . rawurlencode($keyword) . "&userip={$userip}&tcounts={$tcounts}&counts={$counts}&nums={$nums}&ptable={$ptable}&page={$page}");
}
} elseif ($action == 'view') {
S::gp(array('tid', 'pid'));
$pw_posts = GetPtable('N', $tid);
$rt = $db->get_one("SELECT COUNT(*) AS sum FROM {$pw_posts} WHERE tid=" . S::sqlEscape($tid) . 'AND pid<' . S::sqlEscape($pid));
$page = ceil(($rt['sum'] + 1.5) / $db_readperpage);
ObHeader("read.php?tid={$tid}&page={$page}#{$pid}");
}
} elseif ($admintype == 'message') {
$basename = "{$admin_file}?adminjob=superdel&admintype=message";
$messageServer = L::loadClass('message', 'message');
if (empty($action)) {
include PrintEot('superdel');
exit;
} elseif ($action == 'del') {
S::gp(array('stime', 'etime', 'fromuser', 'keyword', 'lines', 'direct', 'page'));
if (!empty($fromuser)) {
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
$userdb = $userService->getByUserName($fromuser);
empty($userdb) && adminmsg('输入的用户不存在');
}
$attimages[$rt['attachurl']] = is_array($a_url) ? $a_url[0] : $a_url;
}
}
$attimages = serialize($attimages);
$share['topic']['abstract'] = $replydb['content'];
$share['topic']['imgs'] = $attimages;
}
}
PostCheck(1, $o_share_gdcheck, $o_share_qcheck);
/**
* 禁止受限制用户发言
*/
banUser();
$ifhidden != 0 && $ifhidden != 1 && ($ifhidden = 0);
if (!$link) {
ObHeader('mode.php?m=$m&q=share');
}
!preg_match("/^https?\\:\\/\\/.{4,255}\$/i", $link) && Showmsg('mode_share_link_error');
if (strlen($descrip) > 300) {
Showmsg('mode_share_descrip_toolang');
}
require_once R_P . 'require/postfunc.php';
require_once R_P . 'require/bbscode.php';
$wordsfb = L::loadClass('FilterUtil');
if (($banword = $wordsfb->comprise($descrip)) !== false) {
Showmsg('post_wordsfb');
}
$share['link'] = $link;
$share['descrip'] = $descrip;
$parselink = parse_url($link);
if (!$type) {
}
InitGP(array("stopic_title", "banner_url", "nav_set", "layout_set", "is_new_bg", "bg_id", "seo_keyword", "seo_desc"));
$title = trim($stopic_title);
if ("" == $title) {
Showmsg("对不起,请填写标题", "javascript:history.back();");
}
if ($is_new_bg) {
$bg_id = 0;
}
if ($is_new_bg && count($_FILES) && $_FILES["background"]["name"] && $_FILES["background"]["size"]) {
$new_bg_id = $stopic_service->uploadPicture($_FILES, $stopic_data['category_id'], $admin_name);
!$new_bg_id && Showmsg("对不起,背景图片增加失败", $stopic_admin_url);
$bg_id = $new_bg_id;
}
$stopic_service->updateSTopicById($stopic_id, array("title" => $title, "banner_url" => $banner_url, "nav_config" => stopic_filter_navconfig($nav_set), "layout_config" => $layout_set, "bg_id" => $bg_id, "seo_keyword" => $seo_keyword, "seo_desc" => $seo_desc));
ObHeader($basename . '&job=editstopic&stopic_id=' . $stopic_id);
} else {
Showmsg("对不起,参数错误");
}
function stopic_filter_navconfig($nav_set)
{
$nav_config = array();
if (isset($nav_set['text']) && is_array($nav_set['text']) && count($nav_set['text'])) {
foreach ($nav_set['text'] as $k => $v) {
if ($v && $nav_set['url'][$k]) {
$nav_config[] = array('text' => $v, 'url' => $nav_set['url'][$k]);
}
}
} else {
return "";
}
} else {
!$attach['ctype'] && ($attach['ctype'] = 'rvrc');
$usercredit = $credit->get($winduid, $attach['ctype']);
if ($usercredit < $attach['needrvrc']) {
$needrvrc = $attach['needrvrc'];
$creditName = $credit->cType[$attach['ctype']];
wap_msg($downloadmoney > 0 && $uploadcredit == $attach['ctype'] ? 'job_attach_rvrc_download' : 'job_attach_rvrc');
}
}
}
if (isset($credit) && $credit->setUser) {
$credit->runsql();
}
$pw_attachs->increaseField($aid, 'hits');
if ($db_attachhide && $attach['size'] > $db_attachhide && $attach['type'] == 'zip' && !defined('FX')) {
ObHeader($fgeturl[0]);
} elseif ($fgeturl[1] == 'Local') {
$filename = "{$attachdir}/" . $attach['attachurl'];
$filesize = filesize($filename);
}
$ctype = '';
switch ($fileext) {
case "pdf":
$ctype = "application/pdf";
break;
case "rar":
case "zip":
$ctype = "application/zip";
break;
case "doc":
$ctype = "application/msword";
<?php
!function_exists('adminmsg') && exit('Forbidden');
$basename = "{$admin_file}?adminjob=adminrecord";
$bbscrecordfile = D_P . "data/bbscache/adminrecord.php";
$db_adminrecord == 0 && adminmsg('adminrecord_open');
if ($admintype == 'add') {
InitGP(array('content', 'jumpurl'));
if ($content) {
!file_exists($bbscrecordfile) && writeover($bbscrecordfile, "<?php die;?>\n");
$new_crecord = '|' . str_replace('|', '|', Char_cv($admin_name)) . '|' . "|{$onlineip}|{$timestamp}|" . '|' . str_replace('|', '|', $content) . "\n";
writeover($bbscrecordfile, $new_crecord, "ab");
}
ObHeader($jumpurl);
} elseif ($admintype == 'del') {
PostCheck($verify);
if ($admin_gid == 3) {
$recorddb = readlog($bbscrecordfile);
$recorddb = array_reverse($recorddb);
$count = count($recorddb);
if ($count > 100) {
$output = array_slice($recorddb, 0, 100);
$output = array_reverse($output);
$output = "<?php die;?>\r\n" . implode("", $output);
writeover($bbscrecordfile, $output);
adminmsg('adminrecord_del');
} else {
adminmsg('adminrecord_min');
}
} else {
adminmsg('record_aminonly');
refreshto('profile.php?action=weibobind', '创建密码成功!', 2, true);
} elseif ($t == 'bindsuccess') {
extract(L::style('', $skinco));
$msg_info = '绑定帐号成功(窗口将自动关闭)';
require_once uTemplate::printEot('profile_privacy_bindsuccess');
pwOutPut();
} elseif ($t == 'callback') {
$userBindService = L::loadClass('WeiboUserBindService', 'sns/weibotoplatform/service');
/* @var $userBindService PW_WeiboUserBindService */
$params = array_merge($_GET, $_POST);
unset($params['action'], $params['t']);
$isSuccess = $userBindService->callback($winduid, $params);
if (true !== $isSuccess) {
Showmsg($isSuccess ? $isSuccess : '绑定失败,请重试');
}
ObHeader('profile.php?action=weibobind&t=bindsuccess');
}
function ifchecked($out, $var)
{
$GLOBALS[$out] = $var ? ' checked' : '';
}
function weiboResetUserPassword($userId, $password, $repeatPassword)
{
global $db_ckpath, $db_ckdomain;
if ('' == $password || '' == $repeatPassword) {
Showmsg('创建密码不能为空');
}
$rg_config = L::reg();
list($rg_regminpwd, $rg_regmaxpwd) = explode("\t", $rg_config['rg_pwdlen']);
$register = L::loadClass('Register', 'user');
$register->checkPwd($password, $repeatPassword);
}
$joblists = $jobService->getQuitJobs($winduid);
$jobs = $jobService->buildLists($joblists, $action, $winduid, $groupid);
$current[3] = "current";
include PrintEot('jobcenter');
footer();
} elseif ($action == "start") {
//获取任务开始链接
list($bool, $message, $link) = $jobService->jobStartController($winduid, $id);
if (!$bool) {
refreshto("jobcenter.php?action=applied", $message);
}
if ($link == "") {
refreshto("jobcenter.php?action=applied", "任务开始");
} else {
ObHeader($link);
}
} elseif ($action == "gain") {
if ($step == 2) {
$id = intval($id);
list($bool, $message) = $jobService->jobGainController($winduid, $id);
if ($bool) {
$jobService->jobAutoController($winduid, $groupid);
/*自动申请*/
$appliedHTML = $jobService->buildApplieds($winduid, $groupid);
ajaxResponse($message, true, $appliedHTML);
} else {
ajaxResponse($message, false);
}
}
} else {
<?php
!function_exists('readover') && exit('Forbidden');
//* include_once pwCache::getPath(D_P.'data/bbscache/bg_config.php');
pwCache::getData(D_P . 'data/bbscache/bg_config.php');
$groupid == 'guest' && Showmsg('not_login');
!$bg_ifopen && Showmsg('blog_close');
if (!$action) {
include PrintHack('index');
footer();
} elseif ($action == 'activation') {
ObHeader("{$bg_blogurl}/login.php");
}
$db->update("UPDATE pw_trade SET salenum=salenum+" . $order['quantity'] . " WHERE tid=" . S::sqlEscape($order['tid']));
//$db->update("UPDATE pw_trade SET salenum=salenum+1 WHERE tid=".S::sqlEscape($order['tid']));
refreshto("apps.php?q=article&a=goods", 'operate_success');
} elseif ($action == 'pcalipay') {
S::gp(array('tid', 'pcmid', 'pcid'), GP, 2);
$pcvaluetable = GetPcatetable($pcid);
$order = $db->get_one("SELECT pv.price,pv.deposit,pm.username,pm.nums,pm.phone,pm.mobile,pm.address,pm.ifpay,pm.totalcash,t.author,t.authorid,t.subject FROM pw_pcmember pm LEFT JOIN {$pcvaluetable} pv ON pm.tid=pv.tid LEFT JOIN pw_threads t ON pv.tid=t.tid WHERE pm.tid=" . S::sqlEscape($tid) . " AND pm.pcmid=" . S::sqlEscape($pcmid) . " AND pm.uid=" . S::sqlEscape($winduid));
$order['zip'] = '100000';
$order['tradeinfo'] = $db->get_value("SELECT tradeinfo FROM pw_memberinfo WHERE uid=" . S::sqlEscape($order['authorid']));
if (empty($order)) {
Showmsg('data_error');
}
if (!is_array($trade = unserialize($order['tradeinfo']))) {
$trade = array();
}
if ($order['ifpay'] > 0) {
Showmsg('pcalipay_haspay');
}
if (empty($trade['alipay'])) {
Showmsg('onlinepay_alipay');
}
//* include_once pwCache::getPath(D_P.'data/bbscache/ol_config.php');
pwCache::getData(D_P . 'data/bbscache/ol_config.php');
require_once R_P . 'require/onlinepay.php';
$olpay = new OnlinePay($trade['alipay']);
$price = !ceil($order['deposit']) ? $order['price'] : $order['deposit'];
$price = number_format($price, 2, '.', '');
$order_no = $pcmid . '_' . str_pad($winduid, 10, "0", STR_PAD_LEFT) . get_date($timestamp, 'YmdHis') . num_rand(5);
$param = array('notify_url' => "{$db_bbsurl}/alipay.php?action=pcalipay", 'return_url' => "{$db_bbsurl}/alipay.php?action=pcalipay", 'subject' => $order['subject'], 'out_trade_no' => $order_no, 'price' => $price, 'quantity' => $order['nums'], 'payment_type' => 1, 'logistics_type' => 'EXPRESS', 'logistics_fee' => '0.00', 'logistics_payment' => 'SELLER_PAY', 'receive_name' => $order['username'], 'receive_address' => $order['address'], 'receive_zip' => $order['zip'], 'receive_phone' => $order['mobile']);
ObHeader($olpay->alipay2url($param));
}
$userInfo = $weiboUserBindService->getBindInfo($winduid, $type);
if (empty($userInfo)) {
// 绑定引导
$userBindList = $weiboUserBindService->getBindList($winduid);
$bindUrl = $userBindList[$type]['bindUrl'];
$action = 'bind';
} else {
$weiboName = $userInfo['info']['name'];
if ($action == 'share' && !empty($shareContent)) {
// 分享
$weiboSyncerService = L::loadClass('WeiboSyncer', 'sns/weibotoplatform');
$result = $weiboSyncerService->shareContent($winduid, $shareContent, $photo);
// 跳到关注官方帐号
if ($result) {
if (!$weiboUserBindService->isFollow($type, $winduid)) {
ObHeader($db_bbsurl . "connexion/share.php?type={$type}&action=isfollow");
}
$action = 'sharesuccess';
} else {
$action = 'sharefail';
}
} elseif ($action == 'isfollow') {
// 有官方微博帐号则引导关注 没有则提示分享成功
$weiboSiteBindInfoService = L::loadClass('WeiboSiteBindInfoService', 'sns/weibotoplatform/service');
$weiboAccount = $weiboSiteBindInfoService->getOfficalAccount($type);
if (!$weiboAccount) {
$action = 'sharesuccess';
}
} elseif ($action == 'follow') {
// 关注
$weiboSiteBindInfoService = L::loadClass('WeiboSiteBindInfoService', 'sns/weibotoplatform/service');
$right[$key] = $value;
}
}
}
$rightdb = addslashes(serialize($right));
} else {
adminmsg('rightset_empty', $basename . '&action=edit&gid=' . $gid);
}
$ckid = $db->get_value('SELECT gid FROM pw_adminset WHERE gid=' . pwEscape($gid));
if ($ckid) {
$db->update('UPDATE pw_adminset SET value=' . pwEscape($rightdb) . ' WHERE gid=' . pwEscape($gid));
} else {
$db->update('INSERT INTO pw_adminset SET ' . pwSqlSingle(array('gid' => $gid, 'value' => $rightdb)));
}
$db->update("REPLACE INTO pw_permission SET uid='0',fid='0',gid=" . pwEscape($gid) . ",rkey='allowadmincp',type='system',rvalue='1'");
updatecache_g($gid);
adminmsg('operate_success');
}
} elseif ($action == 'delete') {
if ($_POST['step'] != 2) {
$inputmsg = '<input name="step" type="hidden" value="2" /><input name="action" type="hidden" value="delete" /><input name="gid" type="hidden" value="' . $gid . '" />';
pwConfirm('rightset_delgroup', $inputmsg);
} else {
!$gid && adminmsg('rightset_setgroup');
$db->update("REPLACE INTO pw_permission SET uid='0',fid='0',gid=" . pwEscape($gid) . ",rkey='allowadmincp',type='system',rvalue='0'");
updatecache_g($gid);
adminmsg('operate_success');
}
} else {
ObHeader($basename);
}
<?php
require_once R_P . 'lib/cloudwind/cloudwind.class.php';
$_service = CloudWind::getPlatformCheckServerService();
if ($_service->checkCloudWind() < 9) {
ObHeader($admin_file . '?adminjob=yunbasic');
}
CLOUDWIND_SECURITY_SERVICE::gp(array('action'));
if (empty($action)) {
if ($_POST['step'] == 2) {
CLOUDWIND_SECURITY_SERVICE::gp(array('db_yundefend_shield', 'db_yundefend_shieldpost', 'db_yundefend_shielduser'), 'P', 2);
setConfig('db_yundefend_shield', $db_yundefend_shield);
setConfig('db_yundefend_shieldpost', $db_yundefend_shieldpost);
setConfig('db_yundefend_shielduser', $db_yundefend_shielduser);
updatecache_c();
Showmsg('云盾设置成功 ');
}
ifcheck($db_yundefend_shield, 'yundefend_shield');
ifcheck($db_yundefend_shieldpost, 'yundefend_shieldpost');
${'yundefend_shielduser_' . intval($db_yundefend_shielduser)} = 'checked="checked"';
$dundescribe = $_service->getDunDescribe();
$current['config'] = 'current';
} elseif ($action == 'verify') {
CLOUDWIND_SECURITY_SERVICE::gp(array('page'));
$page = $page > 1 ? intval($page) : 1;
$postVerifyService = CloudWind::getDefendPostVerifyService();
if ($_POST['step'] == 2) {
CLOUDWIND_SECURITY_SERVICE::gp(array('ids'));
foreach ($ids as $key => $operate) {
list($tid, $pid) = explode("_", $key);
$postVerifyService->verify($operate, $tid, $pid);
if ($m == 'bbs') {
ObHeader($_mainUrl);
}
/*APP 应用跳转*/
if ($m == 'o' && $q) {
if ($q == 'user') {
S::gp(array('u'));
ObHeader(USER_URL . "={$u}");
} elseif ($q == 'app') {
S::gp(array('id'), 'G', 2);
ObHeader("apps.php?id={$id}");
} elseif ($q == 'friend') {
ObHeader("u.php?a=friend");
} elseif (!in_array($q, array('user', 'friend', 'browse', 'invite', 'board', 'myapp', 'home'))) {
$QUERY_STRING = substr($pwServer['QUERY_STRING'], 4);
ObHeader("apps.php?" . $QUERY_STRING);
}
}
if ($m == 'o') {
$pwModeImg = "{$imgpath}/apps";
$q = 'browse';
}
if (strpos($q, '..') !== false) {
Showmsg('undefined_action');
}
if ($m && $pwServer['HTTP_HOST'] == $db_modedomain[$m]) {
$baseUrl = "mode.php";
$basename = "mode.php?";
} else {
$baseUrl = "mode.php?m={$m}";
$basename = "mode.php?m={$m}&";
<?php
define('SCR', 'search');
require_once 'global.php';
ObHeader('searcher.php');
<?php
require_once './include/config.inc.php';
require_once("./cache/list.php");$lists_db = unserialize(stripslashes($lists_db));
if($listename){
$attrd=$attrd?str_replace("\"",".",json_encode($attrd)):"";$shops=$shops?$shops:array();
$path="/list/".$listename."-1-".$attrd."-".implode(".",$shops).".html";
ObHeader($path);
}else{
if($key){
$queryall = $db->query("SELECT * FROM odiy_product where goodsname like '%$key%' and level=1");
$count = $db->num_rows($queryall);$db->free_result($queryall);
!$page && $page=1;
$page_set=$view?$view:30;$start_limit =($page-1)*$page_set;
$numofpage = $count%$page_set==0?$count/$page_set:floor($count/$page_set)+1;
//$strat $end
if($numofpage<11){$strat=1;$end=$numofpage+1;}else{
if($page<5){$strat=1;$end=$page+5;}elseif($page>4 && $page>$numofpage-4){$strat=$page-4;$end=$numofpage+1;}else{$strat=$page-4;$end=$page+4;}}
for($i=$strat;$i<$end;$i++){if($i == $page){
$pages .=" <span class='red'>[".$i."]</span> ";}else{
$pages .=" <a href='./search?key=".$key."&page=".$i."'>[".$i."]</a> ";}}
$list['pages'] = $pages; $list['count'] = $count; $list['page_set'] = $page_set; $list['page'] = $page; $list['numofpage'] = $numofpage;
$query = $db->query("select id,goodsname,mprice,sprice,cprice,stime,etime,img,unit from odiy_product where goodsname like '%$key%' and level=1 order by id desc LIMIT $start_limit,$page_set");
while($read=$db->fetch_array($query)){
$read['img'] = $read['img'] ? $read['img'] : "noimg.gif";
$read['goodsname'] = substrs($read['goodsname'],60);
$goods[] = $read;
}
unset($read);$db->free_result($query);
//print_r($goods);
}
}
$fid = $db->insert_id();
if ($creditset || $forumset) {
$db->update("INSERT INTO pw_forumsextra SET " . pwSqlSingle(array('fid' => $fid, 'creditset' => $creditset, 'forumset' => $forumset)));
}
} else {
$f_type = $forum[$fup]['f_type'] == 'hidden' ? 'hidden' : 'forum';
$db->update("INSERT INTO pw_forums SET " . pwSqlSingle(array('fup' => $fup, 'type' => $forumtype, 'logo' => $logo[$key], 'name' => $value, 'descrip' => $descrip[$key], 'keywords' => $keywords[$key], 'vieworder' => $vieworder[$key], 'forumadmin' => $str_admin, 'style' => $style[$key], 'f_type' => $f_type, 'cms' => 0, 'ifhide' => 1, 'allowtype' => 3)));
$fid = $db->insert_id();
}
$db->update("INSERT INTO pw_forumdata SET fid=" . pwEscape($fid));
}
P_unlink(D_P . 'data/bbscache/c_cache.php');
updatecache_f();
$forumtype != 'category' && updatetop();
if ($addtype == 1) {
ObHeader("{$basename}&action=edit&fid={$fid}");
} else {
adminmsg('operate_success');
}
}
} elseif ($_POST['action'] == 'editforum') {
InitGP(array('forumadmin'), 'P', 0);
InitGP(array('order'), 'P', 2);
$errorname = array();
$forumdb = $db->query("SELECT fid,forumadmin,vieworder FROM pw_forums WHERE cms!='1'");
while ($foruminfo = $db->fetch_array($forumdb)) {
$pwSQL = $admin_a = $admin_n = $admin_d = array();
if ($foruminfo['forumadmin'] != $forumadmin[$foruminfo['fid']] && $foruminfo['forumadmin'] != ',' . $forumadmin[$foruminfo['fid']] . ',') {
$admin_a = explode(',', $forumadmin[$foruminfo['fid']]);
if ($admin_a) {
$query = $db->query("SELECT username FROM pw_members WHERE username IN (" . pwImplode($admin_a) . ")");
<?php
!function_exists('readover') && exit('Forbidden');
$wind_in = 'toolcenter';
ObHeader("profile.php?action=toolcenter");
//跳转到个人中心道具
if (!$db_pptifopen || $db_ppttype != 'server') {
Showmsg('passport_close');
}
$jumpurl = str_replace('=', '=', $jumpurl);
$userdb = array();
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
$rt = $userService->get($winduid, true, true);
$userdb['uid'] = $rt['uid'];
$userdb['username'] = $rt['username'];
$userdb['password'] = $rt['password'];
$userdb['email'] = $rt['email'];
$userdb['rvrc'] = $rt['rvrc'];
$userdb['money'] = $rt['money'];
$userdb['credit'] = $rt['credit'];
$userdb['currency'] = $rt['currency'];
$userdb['time'] = $timestamp;
$userdb['cktime'] = $cktime ? $cktime : 'F';
$userdb_encode = '';
foreach ($userdb as $key => $val) {
$userdb_encode .= $userdb_encode ? "&{$key}={$val}" : "{$key}={$val}";
}
$db_hash = $db_pptkey;
$userdb_encode = str_replace('=', '', StrCode($userdb_encode));
if ($action == 'login') {
$verify = md5("login{$userdb_encode}{$forward}{$db_pptkey}");
ObHeader("{$jumpurl}/passport_client.php?action=login&userdb=" . rawurlencode($userdb_encode) . "&forward=" . rawurlencode($forward) . "&verify=" . rawurlencode($verify) . "&ajax={$ajax}");
} elseif ($action == 'quit') {
$verify = md5("quit{$userdb_encode}{$forward}{$db_pptkey}");
ObHeader("{$jumpurl}/passport_client.php?action=quit&userdb=" . rawurlencode($userdb_encode) . "&forward=" . rawurlencode($forward) . "&verify=" . rawurlencode($verify));
}
Cookie('AdminUser', '', 0);
include PrintEot('adminlogin');
afooter(true);
} elseif ($_POST['admin_name']) {
$uid = $db->get_value("SELECT uid FROM pw_members WHERE username="******"SELECT slog FROM pw_administrators WHERE uid=" . pwEscape($uid, false));
$slog = explode(";", $slog);
!$slog && ($slog = array());
if (count($slog) >= 8) {
unset($slog[0]);
}
array_push($slog, $timestamp . ',' . $onlineip);
$slog = implode(";", $slog);
$db->update("UPDATE pw_administrators SET slog=" . pwEscape($slog, false) . "WHERE uid=" . pwEscape($uid, false));
$REQUEST_URI = trim($REQUEST_URI, '?#');
ObHeader($REQUEST_URI);
}
$admin_gid = $rightset['gid'];
if ($db_ifsafecv && strpos($db_safegroup, ",{$admin_gid},") !== false && !$CK[3]) {
Cookie('AdminUser', '', 0);
adminmsg('safecv_prompt');
}
include_once D_P . 'data/bbscache/level.php';
!defined('If_manager') && define('If_manager', 0);
if (!If_manager) {
Iplimit();
$temp_a = array_merge($_POST, $_GET);
foreach ($temp_a as $key => $value) {
if ($key != 'module') {
CheckVar($value);
}
<?php
!defined('P_W') && exit('Forbidden');
S::gp(array('jobact'));
if ("delete" == $jobact) {
S::gp(array('stopic_ids'));
if (!is_array($stopic_ids) || !count($stopic_ids)) {
Showmsg('没选择要删除的专题,请您重试', $stopic_admin_url . "&job={$job}");
}
if (!$stopic_service->deleteSTopics($stopic_ids)) {
Showmsg('所有信息均未修改,请您重试', $stopic_admin_url . "&job={$job}");
}
ObHeader($stopic_admin_url . "&job={$job}");
} else {
S::gp(array('page', 'search_title', 'search_cid'));
$page = intval($page);
$sum = $stopic_service->countSTopic($search_title, $search_cid);
$total = ceil($sum / $db_perpage);
if ($page <= 0) {
$page = 1;
}
if ($page > $total) {
$page = $total;
}
$pages = numofpage($sum, $page, $total, $stopic_admin_url . "&job={$job}&search_title={$search_title}&search_cid={$search_cid}&");
$stopic_list = $stopic_service->findSTopicInPage($page, $db_perpage, $search_title, $search_cid);
$category_list = $stopic_service->getCategorys();
}
include stopic_use_layout('admin');
Showmsg('该群组话题内容仅对成员开放!');
}
//是否图酷、是否允许浏览
$isTucool = $forumset['iftucool'] && getstatus($read['tpcstatus'], 5);
$ptable = $read['ptable'];
$ifhide = $read['ifhide'] && !ifpost($tid) ? 1 : 0;
$isAllowViewPic = $admincheck || $read['authorid'] == $winduid || !$ifhide && ($winduid || !$forumset['viewpic']);
(!$isTucool || !$isAllowViewPic) && ObHeader("read.php?tid={$tid}&ds=1");
//禁言、屏蔽
$userService = L::loadClass('UserService', 'user');
$userInfo = $userService->get($read['authorid'], true, false, false);
$ifshieldThread = ($read['ifshield'] || $userInfo['groupid'] == 6 && $db_shield) && !$isGM ? 0 : 1;
!$ifshieldThread && ObHeader("read.php?tid={$tid}&ds=1");
$attachsService = L::loadClass('Attachs', 'forum');
$tucoolAttachs = $attachsService->getByTidAndUid($tid, $read['authorid']);
!$tucoolAttachs && ObHeader("read.php?tid={$tid}&ds=1");
if ($read['aid']) {
$attachShow = new attachShow($isGM || $pwSystem['delattach'] || $read['authorid'] == $winduid, $forumset['uploadset'], $forumset['viewpic']);
$attachShow->setData($tucoolAttachs);
$tucoolAttachs = buildTucoolAttachs($tucoolAttachs);
$contentAids = $attachShow->findPicAids($read['content']);
$read['content'] = convert($read['content'], $db_windpost);
if (strrpos($read['content'], 'attachment') !== false) {
$haveAids = $attachShow->findPicAids($read['content']);
}
}
$tmpKeyArray = array_diff(array_keys($tucoolAttachs), (array) $contentAids);
$tmpArray = array();
foreach ((array) $tmpKeyArray as $v) {
$tmpArray[$v] = $tucoolAttachs[$v];
}
//* include_once pwCache::getPath(D_P.'data/bbscache/ol_config.php');
pwCache::getData(D_P . 'data/bbscache/ol_config.php');
if (!$ol_onlinepay) {
procUnLock('tool_buy', $winduid);
Showmsg($ol_whycolse);
}
$order_no = '1' . str_pad($winduid, 10, "0", STR_PAD_LEFT) . get_date($timestamp, 'YmdHis') . num_rand(5);
$db->update("INSERT INTO pw_clientorder SET " . S::sqlSingle(array('order_no' => $order_no, 'type' => 1, 'uid' => $winduid, 'paycredit' => $id, 'price' => $toolinfo['rmb'], 'number' => $nums, 'date' => $timestamp, 'state' => 0)));
if (!$ol_payto) {
procUnLock('tool_buy', $winduid);
Showmsg('olpay_alipayerror');
}
require_once R_P . 'require/onlinepay.php';
$olpay = new OnlinePay($ol_payto);
procUnLock('tool_buy', $winduid);
ObHeader($olpay->alipayurl($order_no, $toolinfo['rmb'] * $nums, 1));
}
if ($toolinfo['price'] < 0) {
procUnLock('tool_buy', $winduid);
Showmsg('undefined_action');
}
$price = $toolinfo['price'] * $nums;
!$toolinfo['creditype'] && ($toolinfo['creditype'] = 'currency');
if ($credit->get($winduid, $toolinfo['creditype']) < $price) {
$creditname = $credit->cType[$toolinfo['creditype']];
if (array_key_exists($toolinfo['creditype'], $db_creditpay)) {
procUnLock('tool_buy', $winduid);
Showmsg('unenough_currency');
} else {
procUnLock('tool_buy', $winduid);
Showmsg('unenough_money');
function redirectULink($action, $uid, $username)
{
global $winduid, $windid;
$addurl = $uid ? 'u=' . $uid : 'username='******'mode.php?m=o&' . $addurl;
$uid != $winduid && $username != $windid && ($ifspace = '&space=1');
switch ($action) {
case 'topic':
$baseurl .= $ifspace . '&q=article';
break;
case 'post':
$baseurl .= $ifspace . '&q=article&see=post';
break;
case 'favor':
$baseurl .= $ifspace . '&q=share&a=my&see=postfavor';
break;
case 'friend':
$baseurl .= $ifspace . '&q=friend';
break;
case 'trade':
$baseurl .= $ifspace . '&q=article&see=trade';
break;
default:
$baseurl = 'mode.php?m=o&q=user&' . $addurl;
break;
}
ObHeader($baseurl);
}
if (getstatus($winddb['userstatus'], PW_USERSTATUS_NEWRP)) {
$userService->setUserStatus($winduid, PW_USERSTATUS_NEWRP, false);
}
$rt['replyinfo'] = '';
}
$userService->update($winduid, array(), array(), array('replyinfo' => $rt['replyinfo']));
//$db->update("UPDATE pw_threads SET ifmail='2' WHERE tid=".S::sqlEscape($tid));
pwQuery::update('pw_threads', 'tid=:tid', array($tid), array('ifmail' => '2'));
}
if ($page == 1) {
$read['pid'] = 'tpc';
if ($foruminfo['allowhtm'] == 1) {
#纯静态页面生成
$htmurl = $db_readdir . '/' . $fid . '/' . date('ym', $read['postdate']) . '/' . $read['tid'] . '.html';
if (!$foruminfo['cms'] && !$toread && file_exists(R_P . $htmurl)) {
ObHeader("{$R_url}/{$htmurl}");
}
}
$readdb[] = $read;
}
$toread && ($urladd .= "&toread={$toread}");
$fpage > 1 && ($urladd .= "&fpage={$fpage}");
$pages = numofpage($count + $topped_count, $page, $numofpage, "read.php?tid={$tid}{$urladd}{$viewbbs}&");
$tpc_locked = $read['locked'] % 3 != 0 ? 1 : 0;
//更新帖子点击
if ($db_hits_store == 0) {
pwQuery::update('pw_threads', 'tid=:tid', array($tid), null, array(PW_EXPR => array('hits=hits+1')));
} elseif ($db_hits_store == 1) {
$db->update('UPDATE pw_hits_threads SET hits=hits+1 WHERE tid=' . S::sqlEscape($tid));
} elseif ($db_hits_store == 2) {
pwCache::writeover(D_P . 'data/bbscache/hits.txt', $tid . "\t", 'ab');
<?php
define('COL', 1);
require_once 'global.php';
$url = $pwServer['HTTP_REFERER'] && strpos($pwServer['HTTP_REFERER'], $db_adminfile) === false && strpos($pwServer['HTTP_REFERER'], $db_bbsurl) !== false ? $pwServer['HTTP_REFERER'] : $db_bfn;
if ($_GET['m'] == 'bbs') {
$url = $db_bbsurl . '/index.php?m=bbs';
}
bbsSeoSettings('index');
if ($db_columns) {
if ($_GET['action'] == 'columns') {
extract(L::style());
Cookie('columns', 2);
require_once PrintEot('columns');
exit;
} else {
Cookie('columns', '1');
echo "<script type=\"text/javascript\">top.location.href=\"" . $url . "\"</script>";
exit;
}
} else {
ObHeader('index.php');
}
