function DoPostInfoTypeVar($add){ if(empty($add['ttype'])) { $add['ttype']='.html'; } $add['tname']=eaddslashes(ehtmlspecialchars($add['tname'])); $add['mid']=(int)$add['mid']; $add['myorder']=(int)$add['myorder']; $add['yhid']=(int)$add['yhid']; $add['tnum']=(int)$add['tnum']; $add['listtempid']=(int)$add['listtempid']; $add['maxnum']=(int)$add['maxnum']; $add['reorder']=RepPostVar2($add['reorder']); $add['intro']=eaddslashes(RepPhpAspJspcode($add['intro'])); $add['pagekey']=eaddslashes(RepPhpAspJspcode($add['pagekey'])); $add['newline']=(int)$add['newline']; $add['hotline']=(int)$add['hotline']; $add['goodline']=(int)$add['goodline']; $add['hotplline']=(int)$add['hotplline']; $add['firstline']=(int)$add['firstline']; $add['jstempid']=(int)$add['jstempid']; $add['nrejs']=(int)$add['nrejs']; $add['listdt']=(int)$add['listdt']; $add['repagenum']=(int)$add['repagenum']; //目录 $add['tpath']=trim($add['tpath']); $add['tpath']=$add['pripath'].$add['tpath']; $add['tpath']=eaddslashes($add['tpath']); return $add; }
function UserSearchDoKeyboard($f, $hh, $keyboard) { $keyboard = RepPostVar2($keyboard); if (empty($keyboard)) { return ''; } if ($hh == 'EQ') { $where = $f . "='" . $keyboard . "'"; } else { $where = $f . " LIKE '%" . $keyboard . "%'"; } return $where; }
function DoPostZtTypeVar($add) { if (empty($add['ttype'])) { $add['ttype'] = '.html'; } $add['cname'] = eaddslashes(ehtmlspecialchars($add['cname'])); $add['myorder'] = (int) $add['myorder']; $add['islist'] = (int) $add['islist']; $add['listtempid'] = (int) $add['listtempid']; $add['maxnum'] = (int) $add['maxnum']; $add['tnum'] = (int) $add['tnum']; $add['reorder'] = RepPostVar2($add['reorder']); $add['classtext'] = RepPhpAspJspcode($add['classtext']); return $add; }
} include "../../class/user.php"; include "../" . LoadLang("pub/fun.php"); $page = (int) $_GET['page']; $start = 0; $line = 25; //每页显示条数 $page_line = 12; //每页显示链接数 $offset = $page * $line; //总偏移量 //搜索 $search = ''; $and = ''; if ($_GET['sear']) { $keyboard = RepPostVar2($_GET['keyboard']); if ($keyboard) { $show = $_GET['show']; if ($show == 1) { $and .= " where title like '%{$keyboard}%'"; } elseif ($show == 2) { $and .= " where ftext like '%{$keyboard}%'"; } elseif ($show == 3) { $and .= " where userid='{$keyboard}'"; } elseif ($show == 4) { $and .= " where ip like '%{$keyboard}%'"; } $search .= "&sear=1&keyboard={$keyboard}&show={$show}"; } } $query = "select fid,title,uid,uname,addtime,userid from {$dbtbpre}enewsmemberfeedback" . $and;
//搜索 $sear = $_POST['sear']; if (empty($sear)) { $sear = $_GET['sear']; } $sear = RepPostStr($sear, 1); if ($sear) { $groupid = $_POST['groupid']; if (empty($groupid)) { $groupid = $_GET['groupid']; } $keyboard = $_POST['keyboard']; if (empty($keyboard)) { $keyboard = $_GET['keyboard']; } $keyboard = RepPostVar2($keyboard); $show = (int) $_GET['show']; if ($keyboard) { if ($show == 2) { $add = " where " . egetmf('email') . " like '%{$keyboard}%'"; } else { $add = " where " . egetmf('username') . " like '%{$keyboard}%'"; } } $groupid = (int) $groupid; if ($groupid) { if (empty($keyboard)) { $add .= " where " . egetmf('groupid') . "='{$groupid}'"; } else { $add .= " and " . egetmf('groupid') . "='{$groupid}'"; }
function ReturnSearchAllSql($add) { global $public_r, $class_r; //关闭 if (empty($public_r['openschall'])) { printerror("SchallClose", '', 1); } //关键字 $keyboard = RepPostVar2($add['keyboard']); if (!trim($keyboard)) { printerror('EmptySchallKeyboard', '', 1); } $strlen = strlen($keyboard); if ($strlen < $public_r['schallminlen'] || $strlen > $public_r['schallmaxlen']) { printerror('SchallMinKeyboard', '', 1); } $returnr['keyboard'] = ehtmlspecialchars($keyboard); $returnr['search'] = "&keyboard=" . $keyboard; //字段 $field = (int) $add['field']; if ($field) { $returnr['search'] .= "&field=" . $field; } if ($field == 1) { if ($public_r['schallfield'] != 1) { printerror('SchallNotOpenTitleText', '', 1); } $sf = "title,infotext"; } elseif ($field == 2) { if ($public_r['schallfield'] == 3) { printerror('SchallNotOpenTitle', '', 1); } $sf = "title"; } elseif ($field == 3) { if ($public_r['schallfield'] == 2) { printerror('SchallNotOpenText', '', 1); } $sf = "infotext"; } else { $sf = ReturnSearchAllField(0); } $where = ''; //栏目 $classid = RepPostVar($add['classid']); if ($classid) { $returnr['search'] .= "&classid=" . $classid; if (strstr($classid, ",")) { $son_r = sys_ReturnMoreClass($classid, 1); $where .= '(' . $son_r[1] . ') and '; } else { $classid = (int) $classid; $where .= $class_r[$classid][islast] ? "classid='{$classid}' and " : ReturnClass($class_r[$classid][sonclass]) . ' and '; } } //关键字 if (strstr($keyboard, ' ')) { $andkey = ''; $keyr = explode(' ', $keyboard); $kcount = count($keyr); for ($i = 0; $i < $kcount; $i++) { if (strlen($keyr[$i]) < $public_r['schallminlen']) { continue; } $kb = SearchAllChangeChar($keyr[$i]); //转码 $kb = SearchReturnSaveStr($kb); $kb = RepPostVar2($kb); if (!trim($kb)) { continue; } $where .= $andkey . "MATCH(" . $sf . ") AGAINST('" . $kb . "' IN BOOLEAN MODE)"; $andkey = ' and '; } if (empty($where)) { printerror('SchallMinKeyboard', '', 1); } } else { $keyboard = SearchAllChangeChar($keyboard); //转码 $keyboard = SearchReturnSaveStr($keyboard); $keyboard = RepPostVar2($keyboard); if (!trim($keyboard)) { printerror('EmptySchallKeyboard', '', 1); } $where .= "MATCH(" . $sf . ") AGAINST('" . $keyboard . "' IN BOOLEAN MODE)"; } $returnr['where'] = $where; return $returnr; }
function SearchDoKeyboardVar($keyboard) { $keyboard = RepPostVar2(trim($keyboard)); $keyboard = str_replace(' ', '', $keyboard); return $keyboard; }
function DoPostClassVar($add) { if (empty($add[classtype])) { $add[classtype] = ".html"; } $add[classname] = addslashes(htmlspecialchars($add[classname])); $add[intro] = addslashes(RepPhpAspJspcode($add[intro])); $add[classpagekey] = addslashes(RepPhpAspJspcode($add[classpagekey])); //过滤字符 $add[listorder] = RepPostVar2($add[listorder]); $add[reorder] = RepPostVar2($add[reorder]); //处理变量 $add[jstempid] = (int) $add['jstempid']; $add[bclassid] = (int) $add[bclassid]; $add[link_num] = (int) $add[link_num]; $add[newstempid] = (int) $add[newstempid]; $add[islast] = (int) $add[islast]; $add[filename] = (int) $add[filename]; $add[openpl] = (int) $add[openpl]; $add[openadd] = (int) $add[openadd]; $add[newline] = (int) $add[newline]; $add[hotline] = (int) $add[hotline]; $add[goodline] = (int) $add[goodline]; $add[groupid] = (int) $add[groupid]; $add[hotplline] = (int) $add[hotplline]; $add[modid] = (int) $add[modid]; $add[checked] = (int) $add[checked]; $add[firstline] = (int) $add[firstline]; $add[islist] = (int) $add[islist]; $add[searchtempid] = (int) $add[searchtempid]; $add[checkpl] = (int) $add[checkpl]; $add[down_num] = (int) $add[down_num]; if (empty($add[down_num])) { $add[down_num] = 1; } $add[online_num] = (int) $add[online_num]; if (empty($add[online_num])) { $add[online_num] = 1; } $add[addinfofen] = (int) $add[addinfofen]; $add[listdt] = (int) $add[listdt]; $add[showdt] = (int) $add[showdt]; $add[maxnum] = (int) $add[maxnum]; $add[showclass] = (int) $add[showclass]; $add[checkqadd] = (int) $add[checkqadd]; $add[qaddlist] = (int) $add[qaddlist]; $add[qaddgroupid] = DoPostClassQAddGroupid($add[qaddgroupidck]); $add[qaddshowkey] = (int) $add[qaddshowkey]; $add[adminqinfo] = (int) $add[adminqinfo]; $add[doctime] = (int) $add[doctime]; $add[nreclass] = (int) $add[nreclass]; $add[nreinfo] = (int) $add[nreinfo]; $add[nrejs] = (int) $add[nrejs]; $add[nottobq] = (int) $add[nottobq]; $add[lencord] = (int) $add[lencord]; $add[listtempid] = (int) $add[listtempid]; $add[dtlisttempid] = (int) $add[dtlisttempid]; $add[classtempid] = (int) $add[classtempid]; if (empty($add[bname])) { $add[bname] = $add[classname]; } $add[myorder] = (int) $add[myorder]; if ($add[infopath] == 0) { $add[ipath] = ''; } $add[addreinfo] = (int) $add[addreinfo]; $add[haddlist] = (int) $add[haddlist]; $add[sametitle] = (int) $add[sametitle]; $add[definfovoteid] = (int) $add[definfovoteid]; $add[qeditchecked] = (int) $add[qeditchecked]; $add[wapstyleid] = (int) $add[wapstyleid]; $add[repreinfo] = (int) $add[repreinfo]; $add[pltempid] = (int) $add[pltempid]; $add[classtext] = RepPhpAspJspcode($add[classtext]); $add[yhid] = (int) $add[yhid]; $add[wfid] = (int) $add[wfid]; if ($add['islist'] == 3) { $add['bdinfoid'] = RepPostVar($add['bdinfoid']); } else { $add['bdinfoid'] = ''; } //设置访问权限 $add[cgroupid] = DoPostClassQAddGroupid($add[cgroupidck]); $add[cgtoinfo] = (int) $add[cgtoinfo]; if ($add[cgroupid]) { $add[classtype] = '.php'; if ($add[cgtoinfo]) { $add[filetype] = '.php'; } } else { $add[cgtoinfo] = 0; } return $add; }
require "../../data/dbcache/class.php"; $link = db_connect(); $empire = new mysqlquery(); $editor = 1; //验证用户 $lur = is_login(); $logininid = $lur['userid']; $loginin = $lur['username']; $loginrnd = $lur['rnd']; $loginlevel = $lur['groupid']; $loginadminstyleid = $lur['adminstyleid']; //ehash $ecms_hashur = hReturnEcmsHashStrAll(); $enews = ehtmlspecialchars($_POST['enews']); $changeinfoid = RepPostVar($_POST['changeinfoid']); $keyboard = RepPostVar2($_POST['keyboard']); $show = (int) $_POST['show']; $sear = (int) $_POST['sear']; $tbname = RepPostVar($_POST['tbname']); $classid = (int) $_POST['classid']; if (!$tbname || !trim($keyboard)) { exit; } //表名 $tbr = $empire->fetch1("select tbname from {$dbtbpre}enewstable where tbname='{$tbname}' limit 1"); if (!$tbr['tbname']) { exit; } $changeinfonum = 0; if ($changeinfoid) { $changeinfonumr = explode(',', $changeinfoid);
} $search .= '&line=' . $line . '&tempid=' . $tempid; if (empty($mid)) { $mid = $tempr['modid']; } //结合项 if (!empty($emod_r[$mid]['listandf']) && $_GET['ph'] == 1) { $andor = $_GET['andor'] == 'or' ? 'or' : 'and'; $search .= '&ph=1&andor=' . $andor; $listandf = ''; $andr = explode(',', $emod_r[$mid]['listandf']); $count = count($andr) - 1; for ($i = 1; $i < $count; $i++) { $andval = $_GET[$andr[$i]]; if (!empty($andval)) { $andval = RepPostVar2($andval); $doandor = empty($listandf) ? '' : ' ' . $andor . ' '; if (strstr($andval, '__')) { $andbtr = explode('__', $andval); $andbtr[0] = (double) $andbtr[0]; $andbtr[1] = (double) $andbtr[1]; if ($andbtr[0] && $andbtr[1]) { $listandf .= $doandor . $andr[$i] . " BETWEEN '" . $andbtr[0] . "' and '" . $andbtr[1] . "'"; } } elseif (empty($emod_r[$mid]['setandf'])) { $listandf .= $doandor . $andr[$i] . "='" . $andval . "'"; } else { $listandf .= $doandor . $andr[$i] . " like '%" . $andval . "%'"; } $search .= "&" . $andr[$i] . "={$andval}"; }
function DelMoreMsg($add, $userid, $username) { global $empire, $dbtbpre; $starttime = RepPostVar($add['starttime']); $endtime = RepPostVar($add['endtime']); if (!$starttime || !$endtime) { printerror("EmptyDelMoreMsg", "history.go(-1)"); } //信箱类型 $msgtype = (int) $add['msgtype']; if ($msgtype == 1) { $a = " and outbox=0"; } elseif ($msgtype == 2) { $a = " and outbox=1"; } elseif ($msgtype == 3) { $a = " and issys=1"; } else { $a = ""; } //发件人 $from_username = RepPostVar($add['from_username']); if ($from_username) { if ($add['fromlike'] == 1) { $a .= " and from_username like '%{$from_username}%'"; } else { $a .= " and from_username='******'"; } } $to_username = RepPostVar($add['to_username']); if ($to_username) { if ($add['tolike'] == 1) { $a .= " and to_username like '%{$to_username}%'"; } else { $a .= " and to_username='******'"; } } //关键字 $keyboard = RepPostVar2($add['keyboard']); if (trim($keyboard)) { //检索字段 $keyfield = (int) $add['keyfield']; if ($keyfield == 1) { $likef = "title like '%[!--key--]%'"; } elseif ($keyfield == 2) { $likef = "msgtext like '%[!--key--]%'"; } else { $likef = "title like '%[!--key--]%' or msgtext like '%[!--key--]%'"; } $r = explode(",", $keyboard); $likekey = ""; $count = count($r); for ($i = 0; $i < $count; $i++) { if ($i == 0) { $or = ""; } else { $or = " or "; } $likekey .= $or . str_replace("[!--key--]", $r[$i], $likef); } $a .= " and (" . $likekey . ")"; } $sql = $empire->query("delete from {$dbtbpre}enewsqmsg where msgtime>'{$starttime}' and msgtime<'{$endtime}'" . $a); if ($sql) { //操作日志 insert_dolog("starttime={$starttime}&endtime={$endtime}"); printerror("DelMoreMsgSuccess", "DelMoreMsg.php"); } else { printerror("DbError", "history.go(-1)"); } }