Пример #1
0
function check_all($mail, $cn, $homephone, $mobile)
{
    $error = 0;
    if ($cn == '') {
        $error = 1;
        echo "Debe ingrear nombre y/o apellido como mínimo para el contacto con teléfono (si tiene) {$homephone} o correo (si tiene) {$mail} <br />";
    } else {
        if ($mail != '' && !check_email_address($mail)) {
            $error = 1;
            echo "El correo electrónico ({$mail}) no es válido<br />";
        } else {
            if (!check_name($cn)) {
                $error = 1;
                echo "El nombre ({$cn}) no es válido<br />";
            } else {
                if ($homephone != '' && !check_phone($homephone)) {
                    $error = 1;
                    echo "El primer teléfono ({$homephone}) no es válido<br />";
                } else {
                    if ($mobile != '' && !check_phone($mobile)) {
                        $error = 1;
                        echo "El segundo teléfono ({$mobile}) no es válido<br />";
                    } else {
                        if ($mail == '' && $homephone == '') {
                            $error = 1;
                            echo "El contacto {$cn} debe tener teléfono o correo electrónico<br />";
                        }
                    }
                }
            }
        }
    }
    return $error == 0;
}
Пример #2
0
function im_ali($id, $style = 0)
{
    if ($id) {
        if (!check_name($id) && strtoupper(DT_CHARSET) != 'UTF-8') {
            $id = convert($id, 'GBK', 'UTF-8');
        }
        $id = urlencode($id);
        return '<a href="http://amos.alicdn.com/msg.aw?v=2&uid=' . $id . '&site=cnalichn&s=6&charset=UTF-8" target="_blank" rel="nofollow"><img src="http://amos.alicdn.com/online.aw?v=2&uid=' . $id . '&site=cnalichn&s=6&charset=UTF-8" title="点击旺旺交谈/留言" alt="" align="absmiddle" onerror="this.src=DTPath+\'file/image/ali-off.gif\';" onload="if(this.width>20)this.src=SKPath+\'image/ali-off.gif\';"/></a>';
    }
    return '';
}
Пример #3
0
function get_chat_id($f, $t)
{
    global $DT_TIME;
    if (!check_name($f)) {
        $chat_browerid = get_cookie('chat_browerid');
        if (!preg_match("/^[a-z0-9]{6}\$/i", $chat_browerid)) {
            $chat_browerid = random(6);
            set_cookie('chat_browerid', $chat_browerid, $DT_TIME + 365 * 86400);
        }
        $f = md5($f . '|' . $chat_browerid . $_SERVER['HTTP_USER_AGENT']);
    }
    return md5(strcmp($f, $t) > 0 ? $f . '|' . $t : $t . '|' . $f);
}
Пример #4
0
function do_attrib($post, $pseudo)
{
    $retour = "";
    $start = "<tr class='mh_tdtitre' align='center'><td class='mh_tdpage'>";
    $end = "</td></tr>";
    if (array_key_exists('attrib', $post)) {
        $nom_attrib = htmlspecialchars(trim($post['attrib']), ENT_QUOTES);
        $pseudo = htmlspecialchars(trim($pseudo), ENT_QUOTES);
        // vérifie les saisies
        if (empty($nom_attrib)) {
            $retour .= $start . "<h3>Veuillez saisir un nom d'attribution !</h3>" . $end;
        }
        if (!empty($nom_attrib) && !empty($pseudo)) {
            $retour .= $start . "<h2>Nom de l'attribution : " . $nom_attrib . "</h3>" . $end;
            // ajoute l'attribution au fichier xml si le nom n'existe pas
            if (check_name($nom_attrib)) {
                create_attrib($nom_attrib, $pseudo);
                $retour .= $start . create_troll_form($nom_attrib) . $end;
            } else {
                $retour .= $start . "<h3>Le nom d'attribution existe déja !</h3>" . $end;
            }
        }
    }
    if (array_key_exists('chance', $post) && array_key_exists('pseudo', $post)) {
        $nom_attrib = $post['hidden'];
        $chance = intval(trim($post['chance']));
        $pseudo = htmlspecialchars(trim($post['pseudo']), ENT_QUOTES, "UTF-8");
        $retour .= $start . "<h2>Nom de l'attribution : " . $nom_attrib . "</h2>" . $end;
        // vérifie les saisies
        if (empty($pseudo)) {
            $retour .= $start . "<h3>Veuillez saisir un nom de Troll !</h3>" . $end;
        }
        if (empty($chance) || !is_int($chance) || $chance <= 0) {
            $retour .= $start . "<h3>Le nombre de chance est incorrecte ! ( Seulement un chiffre strictement supérieur à  0 )</h3>" . $end;
        }
        // ajoute le participant au fichier xml
        if (!empty($pseudo) && !empty($chance) && is_int($chance) && $chance > 0) {
            create_participant($pseudo, $chance);
        }
        $attrib = get_last_attribution(get_dom());
        // affiche les deux formulaires ainsi que les participants
        $retour .= $start . create_troll_form($nom_attrib) . $end;
        if (check_participants($attrib)) {
            $retour .= $start . get_participants($attrib) . $end;
        }
        $retour .= "<br/>";
        $retour .= $start . create_validation_form($nom_attrib) . $end;
    }
    return $retour;
}
Пример #5
0
function im_ali($id, $style = 0)
{
    if ($id) {
        $tb = 0;
        if (substr($id, 0, 3) == 'TB:') {
            $tb = 1;
            $id = substr($id, 3);
        }
        if (!check_name($id) && DT_CHARSET != 'UTF-8') {
            $id = convert($id, 'GBK', 'UTF-8');
        }
        $id = urlencode($id);
        return ($tb ? '<a href="http://www.taobao.com/webww/ww.php?ver=3&touid=' . $id . '&siteid=cntaobao&status=2&charset=UTF-8" target="_blank" rel="nofollow"><img src="http://amos.alicdn.com/realonline.aw?v=2&uid=' . $id . '&site=cntaobao&s=2&charset=UTF-8"' : '<a href="http://amos.alicdn.com/msg.aw?v=2&uid=' . $id . '&site=cnalichn&s=6&charset=UTF-8" target="_blank" rel="nofollow"><img src="http://amos.alicdn.com/online.aw?v=2&uid=' . $id . '&site=cnalichn&s=6&charset=UTF-8"') . ' title="点击旺旺交谈/留言" alt="" align="absmiddle" onerror="this.src=DTPath+\'file/image/ali-off.gif\';" onload="if(this.width>20)this.src=SKPath+\'image/ali-off.gif\';"/></a>';
    }
    return '';
}
Пример #6
0
 function pass($post)
 {
     global $L;
     if (!is_array($post)) {
         return false;
     }
     if (!check_name($post['username'])) {
         return $this->_($L['expert_pass_username']);
     }
     if (!$post['title']) {
         return $this->_($L['expert_pass_truename']);
     }
     if (strlen($post['major']) < 4) {
         return $this->_($L['expert_pass_major']);
     }
     return true;
 }
Пример #7
0
function _moduleContent(&$smarty, $module_name)
{
    global $arrConf;
    //folder path for custom templates
    $local_templates_dir = getWebDirModule($module_name);
    //conexion resource
    $pDB = new paloDB($arrConf['elastix_dsn']["elastix"]);
    //user credentials
    global $arrCredentials;
    $dsn_agi_manager = getDNSAGIManager();
    $action = getAction();
    $content = "";
    switch ($action) {
        case "add":
            $content = form_Recordings($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $arrCredentials);
            break;
        case "record":
            $content = record($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $dsn_agi_manager, $arrCredentials);
            break;
        case "hangup":
            $content = hangup($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $dsn_agi_manager, $arrCredentials);
            break;
        case "save":
            $content = save_recording($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $arrCredentials);
            break;
        case "remove":
            $content = remove_recording($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $arrCredentials);
            break;
        case "check_call_status":
            $content = checkCallStatus("call_status", $smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $dsn_agi_manager, $arrCredentials);
            break;
        case "checkName":
            $content = check_name($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $dsn_agi_manager, $arrCredentials);
            break;
        case "download":
            $content = downloadFile($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $dsn_agi_manager, $arrCredentials);
            break;
        default:
            $content = reportRecording($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $arrCredentials);
            break;
    }
    return $content;
}
Пример #8
0
function register_user()
{
    global $db;
    try {
        $user = $_POST['user'];
        $name = $_POST['name'];
        $email = $_POST['email'];
        $hashPass = $_POST['pass'];
        $confirmationPass = $_POST['confPass'];
        if ($confirmationPass != $hashPass) {
            $msg = "Passwords don't match";
            return $msg;
        } else {
            if (!check_user_name($user)) {
                $msg = "Only letters and numbers allowed for UserName";
                return $msg;
            } else {
                if (!check_name($name)) {
                    $msg = "Only letters and white space allowed for Name";
                    return $msg;
                } else {
                    if (!check_email_exists($email)) {
                        $msg = "E-mail already used";
                        return $msg;
                    } else {
                        if (!check_user($user)) {
                            $msg = "Username already taken, please choose another";
                            return $msg;
                        } else {
                            $pass = md5($hashPass);
                            $ins = $db->prepare('INSERT INTO User (user,name,email,password) Values (?, ?, ?, ?)');
                            $ins->execute(array($user, $name, $email, $pass));
                            return send_email($email, $name);
                        }
                    }
                }
            }
        }
    } catch (PDOException $e) {
        echo $e->getMessage();
    }
}
Пример #9
0
 function pass($post)
 {
     global $L;
     if (!is_array($post)) {
         return false;
     }
     if (!$post['catid']) {
         return $this->_(lang('message->pass_catid'));
     }
     if (!$post['title']) {
         return $this->_($L['group_pass_title']);
     }
     if (!is_url($post['thumb'])) {
         return $this->_($L['group_pass_thumb']);
     }
     if (!check_name($post['username'])) {
         return $this->_($L['group_pass_username']);
     }
     return true;
 }
Пример #10
0
function update_company_setting($userid, $setting)
{
    global $db;
    $S = get_company_setting($userid);
    foreach ($setting as $k => $v) {
        if (!check_name($k)) {
            continue;
        }
        if (is_array($v)) {
            foreach ($v as $i => $j) {
                $v[$i] = str_replace(',', '', $j);
            }
            $v = implode(',', $v);
        }
        if (isset($S[$k])) {
            $db->query("UPDATE {$db->pre}company_setting SET item_value='{$v}' WHERE userid={$userid} AND item_key='{$k}'");
        } else {
            $db->query("INSERT INTO {$db->pre}company_setting (userid,item_key,item_value) VALUES ('{$userid}','{$k}','{$v}')");
        }
    }
    return true;
}
Пример #11
0
 function set($post)
 {
     global $MOD, $DT_TIME, $_username, $_userid;
     $post['addtime'] = isset($post['addtime']) && $post['addtime'] ? strtotime($post['addtime']) : $DT_TIME;
     $post['edittime'] = $DT_TIME;
     check_name($post['ask']) or $post['ask'] = '';
     $post['title'] = trim($post['title']);
     $post['content'] = addslashes(save_remote(save_local(stripslashes($post['content']))));
     $post['introduce'] = addslashes(get_intro($post['content'], 120));
     clear_upload($post['content']);
     if ($this->itemid) {
         $post['editor'] = $_username;
         $new = $post['content'];
         $r = $this->get_one();
         $old = $r['content'];
         delete_diff($new, $old);
     }
     $content = $post['content'];
     unset($post['content']);
     $post = dhtmlspecialchars($post);
     $post['content'] = dsafe($content);
     $post['content'] = addslashes(save_remote(save_local(stripslashes($post['content']))));
     return array_map("trim", $post);
 }
     if ($dontshowtableagain != 1) {
         if (!empty($delete_errors)) {
             $main_content .= '<div class="SmallBox" >  <div class="MessageContainer" >    <div class="BoxFrameHorizontal" style="background-image:url(' . $layout_name . '/images/content/box-frame-horizontal.gif);" /></div>    <div class="BoxFrameEdgeLeftTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></div>    <div class="BoxFrameEdgeRightTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></div>    <div class="ErrorMessage" >      <div class="BoxFrameVerticalLeft" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></div>      <div class="BoxFrameVerticalRight" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></div>      <div class="AttentionSign" style="background-image:url(' . $layout_name . '/images/content/attentionsign.gif);" /></div><b>The Following Errors Have Occurred:</b><br/>';
             foreach ($delete_errors as $delete_error) {
                 $main_content .= '<li>' . $delete_error;
             }
             $main_content .= '</div>    <div class="BoxFrameHorizontal" style="background-image:url(' . $layout_name . '/images/content/box-frame-horizontal.gif);" /></div>    <div class="BoxFrameEdgeRightBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></div>    <div class="BoxFrameEdgeLeftBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></div>  </div></div><br/>';
         }
         $main_content .= 'To delete a character enter the name of the character and your password.<br/><br/><form action="?subtopic=accountmanagement&action=deletecharacter" method="post" ><input type="hidden" name="deletecharactersave" value="1"><div class="TableContainer" >  <table class="Table1" cellpadding="0" cellspacing="0" >    <div class="CaptionContainer" >      <div class="CaptionInnerContainer" >        <span class="CaptionEdgeLeftTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span>        <span class="CaptionEdgeRightTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span>        <span class="CaptionBorderTop" style="background-image:url(' . $layout_name . '/images/content/table-headline-border.gif);" ></span>        <span class="CaptionVerticalLeft" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></span>        <div class="Text" >Delete Character</div>        <span class="CaptionVerticalRight" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></span>        <span class="CaptionBorderBottom" style="background-image:url(' . $layout_name . '/images/content/table-headline-border.gif);" ></span>        <span class="CaptionEdgeLeftBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span>        <span class="CaptionEdgeRightBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span>      </div>    </div>    <tr>      <td>        <div class="InnerTableContainer" >          <table style="width:100%;" ><tr><td class="LabelV" ><span >Character Name:</td><td style="width:90%;" ><input name="delete_name" value="" size="30" maxlength="29" ></td></tr><tr><td class="LabelV" ><span >Password:</td><td><input type="password" name="delete_password" size="30" maxlength="29" ></td></tr>          </table>        </div>  </table></div></td></tr><br/><table style="width:100%" ><tr align="center" ><td><table border="0" cellspacing="0" cellpadding="0" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url(' . $layout_name . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $layout_name . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Submit" alt="Submit" src="' . $layout_name . '/images/buttons/_sbutton_submit.gif" ></div></div></td><tr></form></table></td><td><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url(' . $layout_name . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $layout_name . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $layout_name . '/images/buttons/_sbutton_back.gif" ></div></div></td></tr></form></table></td></tr></table>';
     }
 }
 //### UNDELETE character from account ###
 if ($action == "undelete") {
     $player_name = trim($_GET['name']);
     if (!empty($player_name)) {
         if (check_name($player_name)) {
             $player = new Player();
             $player->find($player_name);
             if ($player->isLoaded()) {
                 $player_account = $player->getAccount();
                 if ($account_logged->getId() == $player_account->getId()) {
                     if (!$player->isOnline()) {
                         $player->set('deleted', 0);
                         $player->save();
                         $main_content .= '<div class="TableContainer" >  <table class="Table1" cellpadding="0" cellspacing="0" >    <div class="CaptionContainer" >      <div class="CaptionInnerContainer" >        <span class="CaptionEdgeLeftTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span>        <span class="CaptionEdgeRightTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span>        <span class="CaptionBorderTop" style="background-image:url(' . $layout_name . '/images/content/table-headline-border.gif);" ></span>        <span class="CaptionVerticalLeft" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></span>        <div class="Text" >Character Undeleted</div>        <span class="CaptionVerticalRight" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></span>        <span class="CaptionBorderBottom" style="background-image:url(' . $layout_name . '/images/content/table-headline-border.gif);" ></span>        <span class="CaptionEdgeLeftBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span>        <span class="CaptionEdgeRightBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span>      </div>    </div>    <tr>      <td>        <div class="InnerTableContainer" >          <table style="width:100%;" ><tr><td>The character <b>' . htmlspecialchars($player_name) . '</b> has been undeleted.</td></tr>          </table>        </div>  </table></div></td></tr><br><center><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url(' . $layout_name . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $layout_name . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $layout_name . '/images/buttons/_sbutton_back.gif" ></div></div></td></tr></form></table></center>';
                     } else {
                         $delete_errors[] = 'This character is online.';
                     }
                 } else {
                     $delete_errors[] = 'Character <b>' . htmlspecialchars($player_name) . '</b> is not on your account.';
                 }
Пример #13
0
//-----------------------------------------------------------------------------//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------//-----------------------------------------------------------------------------
if ($action == 'passleadership') {
    $guild_id = (int) $_REQUEST['guild'];
    $pass_to = trim($_REQUEST['player']);
    if (empty($guild_errors)) {
        $guild = new Guild();
        $guild->load($guild_id);
        if (!$guild->isLoaded()) {
            $guild_errors[] = 'Guild with ID <b>' . $guild_id . '</b> doesn\'t exist.';
        }
    }
    if (empty($guild_errors)) {
        if ($_POST['todo'] == 'save') {
            if (!check_name($pass_to)) {
                $guild_errors2[] = 'Invalid player name format.';
            }
            if (empty($guild_errors2)) {
                $to_player = new Player();
                $to_player->find($pass_to);
                if (!$to_player->isLoaded()) {
                    $guild_errors2[] = 'Player with name <b>' . htmlspecialchars($pass_to) . '</b> doesn\'t exist.';
                }
                if (empty($guild_errors2)) {
                    $to_player_rank = $to_player->getRank();
                    if (!empty($to_player_rank)) {
                        $to_player_guild = $to_player_rank->getGuild();
                        if ($to_player_guild->getId() != $guild->getId()) {
                            $guild_errors2[] = 'Player with name <b>' . htmlspecialchars($to_player->getName()) . '</b> isn\'t from your guild.';
                        }
Пример #14
0
                }
            } else {
                $main_content .= 'Player or account of player <b>' . htmlspecialchars($nick) . '</b> doesn\'t exist.';
            }
        } else {
            $main_content .= 'Invalid player name format. If you have other characters on account try with other name.';
        }
        $main_content .= '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><center>
					<a href="?subtopic=lostaccount&action=step1&action_type=reckey&nick=' . urlencode($nick) . '" border="0"><IMG SRC="' . $layout_name . '/images/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></center>
					</TD></TR></FORM></TABLE></TABLE>';
    } elseif ($action == 'step3') {
        $rec_key = trim($_REQUEST['key']);
        $nick = $_REQUEST['nick'];
        $new_pass = trim($_REQUEST['passor']);
        $new_email = trim($_REQUEST['email']);
        if (check_name($nick)) {
            $player = new Player();
            $account = new Account();
            $player->find($nick);
            if ($player->isLoaded()) {
                $account = $player->getAccount();
            }
            if ($account->isLoaded()) {
                $account_key = $account->getCustomField('key');
                if (!empty($account_key)) {
                    if ($account_key == $rec_key) {
                        if (check_password($new_pass)) {
                            if (check_mail($new_email)) {
                                $account->setEMail($new_email);
                                $account->setPassword($new_pass);
                                $account->save();
Пример #15
0
<?php

/*
	[Destoon B2B System] Copyright (c) 2008-2015 www.destoon.com
	This is NOT a freeware, use is subject to license.txt
*/
$moduleid = 10;
require 'common.inc.php';
require DT_ROOT . '/module/club/common.inc.php';
$head_title = $MOD['name'] . $DT['seo_delimiter'] . $head_title;
switch ($action) {
    case 'user':
        isset($username) && check_name($username) or $username = '';
        $username or mobile_msg($L['msg_not_user']);
        $_userid or dheader('login.php?forward=' . urlencode('know.php?action=' . $action . '&username='******'msg_not_user']);
        $typeid = isset($typeid) && $typeid == 1 ? 1 : 0;
        if ($typeid == 1) {
            $condition = "status=3 AND username='******'";
            $r = $db->get_one("SELECT COUNT(*) AS num FROM {$table}_answer WHERE {$condition}", 'CACHE');
            $items = $r['num'];
            $pages = mobile_pages($items, $page, $pagesize);
            $lists = array();
            if ($items) {
                $result = $db->query("SELECT * FROM {$table}_answer WHERE {$condition} ORDER BY addtime DESC LIMIT {$offset},{$pagesize}");
                while ($r = $db->fetch_array($result)) {
                    $r['title'] = get_intro($r['content'], 50);
                    $r['date'] = timetodate($r['addtime'], 'Y/m/d H:i');
                    $lists[] = $r;
                }
//query
$link;
$str_query;
$str_update;
$result;
//query result
$row;
//1 data array
$return_string;
//1.get information from client
if (($cmd = check_command($_GET["cmd"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR_CMD;
    return;
}
if (($searchTraineesNameSpeaker = check_name($_GET["searchTraineesNameSpeaker"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR;
    return;
}
//link
$link = @mysqli_connect(DB_HOST, ADMIN_ACCOUNT, ADMIN_PASSWORD, CONNECT_DB);
if (!$link) {
    sleep(DELAY_SEC);
    echo DB_ERROR;
    return;
}
//----- query -----
//***Step16 页面搜索SQl语句 起始
$str_query1 = "select te.TrainingId, te.UserId, te.RegisterDate, te.Status, ti.TrainingName, ti.ApproreLevel, u.UserName, u.EmployeeId, ti.SpeakerName \nfrom trainees as te left join trainings as ti on te.TrainingId = ti.TrainingId\nleft join wutian.users as u on te.UserId = u.UserId where te.Status >=0 and ExamineUser like '%,{$user_id},%'";
//TODO: trim space
//query
$link;
$str_query;
$str_update;
$result;
//query result
$row;
//1 data array
$return_string;
//1.get information from client
if (($cmd = check_command($_GET["cmd"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR_CMD;
    return;
}
if (($searchCoursewaresNameDesc = check_name($_GET["searchCoursewaresNameDesc"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR;
    return;
}
if (($statusCheckbox = check_number($_GET["statusCheckbox"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR;
    return;
}
//link
$link = @mysqli_connect(DB_HOST, ADMIN_ACCOUNT, ADMIN_PASSWORD, CONNECT_DB);
if (!$link) {
    sleep(DELAY_SEC);
    echo DB_ERROR;
    return;
Пример #18
0
//query
$link;
$str_query;
$str_update;
$result;
//query result
$row;
//1 data array
$return_string;
//1.get information from client
if (($cmd = check_command($_GET["cmd"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR_CMD;
    return;
}
if (($searchFilesNameCode = check_name($_GET["searchFilesNameCode"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR;
    return;
}
if (($statusCheckbox = check_number($_GET["statusCheckbox"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR;
    return;
}
if (($searchFilesfrom1 = check_range_begin($_GET["searchFilesfrom1"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR;
    return;
}
if (($searchFilesto1 = check_range_end($_GET["searchFilesto1"])) == SYMBOL_ERROR) {
Пример #19
0
<?php

/*
	[Destoon B2B System] Copyright (c) 2008-2015 www.destoon.com
	This is NOT a freeware, use is subject to license.txt
*/
$_COOKIE = array();
require '../common.inc.php';
if ($DT_BOT) {
    dhttp(403);
}
$username = isset($username) ? trim($username) : '';
$userid = isset($userid) ? intval($userid) : 0;
$style = isset($style) ? intval($style) : 0;
$online = 0;
if (check_name($username)) {
    $o = $db->get_one("SELECT online FROM {$DT_PRE}online WHERE username='******'");
    if ($o && $o['online']) {
        $online = 1;
    }
} else {
    if ($userid) {
        $o = $db->get_one("SELECT online FROM {$DT_PRE}online WHERE userid={$userid}");
        if ($o && $o['online']) {
            $online = 1;
        }
    }
}
$ico = DT_STATIC . 'file/image/web' . ($style ? $style : '') . ($online ? '' : '-off') . '.gif';
dheader($ico);
Пример #20
0
</tr>
<?php 
foreach ($lists as $k => $v) {
    ?>
<tr onmouseover="this.className='on';" onmouseout="this.className='';" align="center">
<td><input type="checkbox" name="chatid[]" value="<?php 
    echo $v['chatid'];
    ?>
"/></td>
<td><img src="<?php 
    echo useravatar($v['fromuser']);
    ?>
" style="padding:5px;"/></td>
<td>
<?php 
    if (check_name($v['fromuser'])) {
        ?>
<a href="javascript:_user('<?php 
        echo $v['fromuser'];
        ?>
')"><?php 
        echo $v['fromuser'];
        ?>
</a>
<?php 
    } else {
        ?>
<a href="javascript:_ip('<?php 
        echo $v['fromuser'];
        ?>
')" title="IP:<?php 
Пример #21
0
            $buy_id = (int) $_POST['buy_id'];
            $buy_name = trim($_POST['buy_name']);
            $buy_from = trim($_POST['buy_from']);
            if (empty($buy_from)) {
                $buy_from = 'Anonymous';
            }
            if (empty($buy_id)) {
                $errormessage .= 'Please <a href="?subtopic=shopsystem">select item</a> first.';
            } else {
                if (!check_name($buy_from)) {
                    $errormessage .= 'Invalid nick ("from player") format. Please <a href="?subtopic=shopsystem&action=select_player&buy_id=' . $buy_id . '">select other name</a> or contact with administrator.';
                } else {
                    $buy_offer = getItemByID($buy_id);
                    if (isset($buy_offer['id'])) {
                        if ($user_premium_points >= $buy_offer['points']) {
                            if (check_name($buy_name)) {
                                $buy_player = new Player();
                                $buy_player->find($buy_name);
                                if ($buy_player->isLoaded()) {
                                    $buy_player_account = $buy_player->getAccount();
                                    if ($_SESSION['viewed_confirmation_page'] == 'yes' && $_POST['buy_confirmed'] == 'yes') {
                                        if ($buy_offer['type'] == 'item') {
                                            $sql = 'INSERT INTO ' . $SQL->tableName('z_ots_comunication') . ' (' . $SQL->fieldName('id') . ',' . $SQL->fieldName('name') . ',' . $SQL->fieldName('type') . ',' . $SQL->fieldName('action') . ',' . $SQL->fieldName('param1') . ',' . $SQL->fieldName('param2') . ',' . $SQL->fieldName('param3') . ',' . $SQL->fieldName('param4') . ',' . $SQL->fieldName('param5') . ',' . $SQL->fieldName('param6') . ',' . $SQL->fieldName('param7') . ',' . $SQL->fieldName('delete_it') . ') VALUES (NULL, ' . $SQL->quote($buy_player->getName()) . ', ' . $SQL->quote('login') . ', ' . $SQL->quote('give_item') . ', ' . $SQL->quote($buy_offer['item_id']) . ', ' . $SQL->quote($buy_offer['item_count']) . ', ' . $SQL->quote('') . ', ' . $SQL->quote('') . ', ' . $SQL->quote('item') . ', ' . $SQL->quote($buy_offer['name']) . ', ' . $SQL->quote($buy_offer['id']) . ', ' . $SQL->quote(1) . ');';
                                            $SQL->query($sql);
                                            $save_transaction = 'INSERT INTO ' . $SQL->tableName('z_shop_history_item') . ' (' . $SQL->fieldName('id') . ',' . $SQL->fieldName('to_name') . ',' . $SQL->fieldName('to_account') . ',' . $SQL->fieldName('from_nick') . ',' . $SQL->fieldName('from_account') . ',' . $SQL->fieldName('price') . ',' . $SQL->fieldName('offer_id') . ',' . $SQL->fieldName('trans_state') . ',' . $SQL->fieldName('trans_start') . ',' . $SQL->fieldName('trans_real') . ') VALUES (' . $SQL->lastInsertId() . ', ' . $SQL->quote($buy_player->getName()) . ', ' . $SQL->quote($buy_player_account->getId()) . ', ' . $SQL->quote($buy_from) . ',  ' . $SQL->quote($account_logged->getId()) . ', ' . $SQL->quote($buy_offer['points']) . ', ' . $SQL->quote($buy_offer['name']) . ', ' . $SQL->quote('wait') . ', ' . $SQL->quote(time()) . ', ' . $SQL->quote(0) . ');';
                                            $SQL->query($save_transaction);
                                            $account_logged->setCustomField('premium_points', $user_premium_points - $buy_offer['points']);
                                            $user_premium_points = $user_premium_points - $buy_offer['points'];
                                            $main_content .= '<TABLE WIDTH=100% BORDER=0 CELLSPACING=1 CELLPADDING=4>
<TR><TD BGCOLOR="' . $config['site']['vdarkborder'] . '" ALIGN=left CLASS=white><B>Item added!</B></TD></TR>
<TR><TD BGCOLOR="' . $config['site']['lightborder'] . '" ALIGN=left><b>' . htmlspecialchars($buy_offer['name']) . '</b> added to player <b>' . htmlspecialchars($buy_player->getName()) . '</b> items (he will get this items after relog) for <b>' . $buy_offer['points'] . ' premium points</b> from your account.<br />Now you have <b>' . $user_premium_points . ' premium points</b>.<br /><a href="?subtopic=shopsystem">GO TO MAIN SHOP SITE</a></TD></TR>
Пример #22
0
<?php

defined('IN_DESTOON') or exit('Access Denied');
require DT_ROOT . '/module/' . $module . '/common.inc.php';
$reason = $L['invite_title'];
$userurl = '';
if (isset($user) && check_name($user)) {
    $c = $db->get_one("SELECT linkurl,username FROM {$DT_PRE}company WHERE username='******'");
    if ($c) {
        $userurl = $c['linkurl'];
        $user = $username = $c['username'];
        $could_credit = true;
        if ($MOD['credit_ip'] <= 0) {
            $could_credit = false;
        }
        if ($could_credit) {
            $r = $db->get_one("SELECT itemid FROM {$DT_PRE}finance_credit WHERE note='{$DT_IP}' AND addtime>{$DT_TIME}-86400");
            if ($r) {
                $could_credit = false;
            }
        }
        if ($could_credit && $MOD['credit_maxip'] > 0) {
            $r = $db->get_one("SELECT SUM(amount) AS total FROM {$DT_PRE}finance_credit WHERE username='******' AND addtime>{$DT_TIME}-86400 AND reason='{$reason}'");
            if ($r['total'] > $MOD['credit_maxip']) {
                $could_credit = false;
            }
        }
        if ($could_credit) {
            credit_add($username, $MOD['credit_ip']);
            credit_record($username, $MOD['credit_ip'], 'system', $reason, $DT_IP);
            set_cookie('inviter', encrypt($username, DT_KEY . 'INVITER'), $DT_TIME + 30 * 86400);
Пример #23
0
$username = $domain = '';
if (isset($homepage) && check_name($homepage)) {
    $username = $homepage;
} else {
    if (!$cityid) {
        $host = get_env('host');
        if (substr($host, 0, 4) == 'www.') {
            $whost = $host;
            $host = substr($host, 4);
        } else {
            $whost = $host;
        }
        if ($host && strpos(DT_PATH, $host) === false) {
            if (substr($host, -strlen($CFG['com_domain'])) == $CFG['com_domain']) {
                $www = substr($host, 0, -strlen($CFG['com_domain']));
                if (check_name($www)) {
                    $username = $homepage = $www;
                } else {
                    include load('company.lang');
                    $head_title = $L['not_company'];
                    dhttp(404, $DT_BOT);
                    include template('com-notfound', 'message');
                    exit;
                }
            } else {
                if ($whost == $host) {
                    //301 xxx.com to www.xxx.com
                    $w3 = 'www.' . $host;
                    $c = $db->get_one("SELECT userid FROM {$DT_PRE}company WHERE domain='{$w3}'");
                    if ($c) {
                        d301('http://' . $w3);
Пример #24
0
function admin_notice()
{
    global $DT, $MODULE, $db, $moduleid, $file, $itemid, $action, $reason, $msg, $eml, $sms, $wec;
    if (!is_array($itemid)) {
        return;
    }
    if (count($itemid) == 0) {
        return;
    }
    $S = array('delete' => '已经被删除', 'check' => '已经通过审核', 'reject' => '没有通过审核', 'onsale' => '已经上架', 'unsale' => '已经下架');
    $N = array('honor' => '荣誉资质', 'news' => '公司新闻', 'page' => '公司单页', 'link' => '友情链接');
    if (!isset($S[$action])) {
        return;
    }
    if ($moduleid > 4) {
        $table = get_table($moduleid);
        $name = $MODULE[$moduleid]['name'];
        if ($moduleid == 9) {
            if ($file == 'resume') {
                $table = $db->pre . $file;
                $name = '简历';
            } else {
                $name = '招聘';
            }
        } else {
            if ($moduleid == 16) {
                $name = '商品';
            }
        }
    } else {
        if (isset($N[$file])) {
            $table = $db->pre . $file;
            $name = $N[$file];
        } else {
            return;
        }
    }
    if ($reason == '操作原因') {
        $reason = '';
    }
    $msg = isset($msg) ? 1 : 0;
    if (strlen($reason) > 2) {
        $msg = 1;
    }
    $eml = isset($eml) ? 1 : 0;
    if ($msg == 0 && $eml == 0) {
        return;
    }
    $sms = isset($sms) ? 1 : 0;
    $wec = isset($wec) ? 1 : 0;
    if ($msg == 0) {
        $sms = $wec = 0;
    }
    $result = $db->query("SELECT itemid,title,username,linkurl FROM {$table} WHERE itemid IN (" . implode(',', $itemid) . ")");
    while ($r = $db->fetch_array($result)) {
        $username = $r['username'];
        if (!check_name($username)) {
            continue;
        }
        $title = $r['title'];
        $linkurl = strpos($r['linkurl'], '://') === false ? $MODULE[$moduleid]['linkurl'] . $r['linkurl'] : $r['linkurl'];
        $subject = '您发布的[' . $name . ']' . $title . '(ID:' . $r['itemid'] . ')' . $S[$action];
        $body = '尊敬的会员:<br/>您发布的[' . $name . ']<a href="' . $linkurl . '" target="_blank">' . $title . '</a>(ID:' . $r['itemid'] . ')' . $S[$action] . '!<br/>';
        if ($reason) {
            $body .= '操作原因:<br/>' . $reason . '<br/>';
        }
        $body .= '如果您对此操作有异议,请及时与网站联系。';
        if ($msg) {
            send_message($username, $subject, $body);
        }
        if ($wec) {
            send_weixin($username, $subject);
        }
        if ($eml || $sms) {
            $user = userinfo($username);
            if ($eml) {
                send_mail($user['email'], $subject, $body);
            }
            if ($sms) {
                send_sms($user['mobile'], $subject . $DT['sms_sign']);
            }
        }
    }
}
Пример #25
0
         $items = $sum;
     } else {
         $r = $db->get_one("SELECT COUNT(*) AS num FROM {$DT_PRE}member_check WHERE {$condition}");
         $items = $r['num'];
     }
     $pages = pages($items, $page, $pagesize);
     $lists = array();
     $result = $db->query("SELECT * FROM {$DT_PRE}member_check WHERE {$condition} ORDER BY addtime DESC LIMIT {$offset},{$pagesize}");
     while ($r = $db->fetch_array($result)) {
         $r['addtime'] = timetodate($r['addtime'], 6);
         $lists[] = $r;
     }
     include tpl('validate_member', $module);
     break;
 case 'show':
     check_name($username) or msg();
     $t = $db->get_one("SELECT * FROM {$DT_PRE}member_check WHERE username='******'");
     $t or msg('记录不存在');
     $U = userinfo($username);
     $U or msg('会员不存在');
     $E = dstripslashes(unserialize($t['content']));
     $userid = $U['userid'];
     $content_table = content_table(4, $userid, is_file(DT_CACHE . '/4.part'), $DT_PRE . 'company_data');
     $t = $db->get_one("SELECT * FROM {$content_table} WHERE userid={$userid}");
     $U['content'] = $t['content'];
     if (isset($E['regunit']) && !isset($E['capital'])) {
         $E['capital'] = $U['capital'];
     }
     if ($submit) {
         $sql1 = $sql2 = $sql3 = '';
         if (in_array('thumb', $pass) && isset($E['thumb'])) {
Пример #26
0
<?php

$name = stripslashes(ucwords(strtolower(trim($_REQUEST['name']))));
if (empty($name)) {
    $main_content .= 'Here you can get detailed information about a certain player on ' . $config['server']['serverName'] . '.<BR>  <FORM ACTION="?subtopic=characters" METHOD=post><TABLE WIDTH=100% BORDER=0 CELLSPACING=1 CELLPADDING=4><TR><TD BGCOLOR="' . $config['site']['vdarkborder'] . '" CLASS=white><B>Search Character</B></TD></TR><TR><TD BGCOLOR="' . $config['site']['darkborder'] . '"><TABLE BORDER=0 CELLPADDING=1><TR><TD>Name:</TD><TD><INPUT NAME="name" VALUE=""SIZE=29 MAXLENGTH=29></TD><TD><INPUT TYPE=image NAME="Submit" SRC="' . $layout_name . '/images/buttons/sbutton_submit.gif" BORDER=0 WIDTH=120 HEIGHT=18></TD></TR></TABLE></TD></TR></TABLE></FORM>';
} else {
    if (check_name($name)) {
        $player = $ots->createObject('Player');
        $player->find($name);
        if ($player->isLoaded()) {
            $account = $player->getAccount();
            $main_content .= '<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%><TR><TD><IMG SRC="' . $layout_name . '/images/general/blank.gif" WIDTH=10 HEIGHT=1 BORDER=0></TD><TD><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR=' . $config['site']['vdarkborder'] . '><TD COLSPAN=2 CLASS=white><B>Character Information</B></TD></TR>';
            if (is_int($number_of_rows / 2)) {
                $bgcolor = $config['site']['darkborder'];
            } else {
                $bgcolor = $config['site']['lightborder'];
            }
            $number_of_rows++;
            $main_content .= '<TR BGCOLOR="' . $bgcolor . '"><TD WIDTH=20%>Name:</TD><TD><font color="';
            $main_content .= $player->isOnline() ? 'green' : 'red';
            $main_content .= '"><b>' . $player->getName() . '</b></font>';
            if ($player->isDeleted()) {
                $main_content .= '<font color="red"> [DELETED]</font>';
            }
            if ($player->isNameLocked()) {
                $main_content .= '<font color="red"> [NAMELOCK]</font>';
            }
            $main_content .= '</TD></TR>';
            if ($player->getOldName()) {
                if (is_int($number_of_rows / 2)) {
                    $bgcolor = $config['site']['darkborder'];
Пример #27
0
function userinfo($username, $cache = 1)
{
    global $db, $dc, $CFG;
    if (!check_name($username)) {
        return array();
    }
    $user = array();
    if ($cache && $CFG['db_expires']) {
        $user = $dc->get('user-' . $username);
        if ($user) {
            return $user;
        }
    }
    $user = $db->get_one("SELECT * FROM {$db->pre}member m, {$db->pre}company c WHERE m.userid=c.userid AND m.username='******'");
    if ($cache && $CFG['db_expires'] && $user) {
        $dc->set('user-' . $username, $user, $CFG['db_expires']);
    }
    return $user;
}
Пример #28
0
         $db->query("INSERT INTO {$DT_PRE}validate (type,username,ip,addtime,status,title,editor,edittime) VALUES ('email','{$username}','{$DT_IP}','{$DT_TIME}','3','{$email}','system','{$DT_TIME}')");
     }
     require MD_ROOT . '/member.class.php';
     $do = new member();
     $do->login($username, '', 0, true);
     message($L['send_check_success'], $MOD['linkurl']);
 } else {
     if ($DT['mail_type'] == 'close') {
         message($L['send_mail_close']);
     }
     if ($MOD['checkuser'] != 2) {
         dheader(DT_PATH);
     }
     if ($submit) {
         captcha($captcha);
         check_name($username) or message($L['send_check_username_bad']);
         $user = userinfo($username);
         if ($user) {
             if ($user['groupid'] != 4) {
                 dalert($L['send_check_deny'], DT_PATH);
             }
             if ($user['password'] != dpassword($password, $user['passsalt'])) {
                 message($L['send_check_password_bad']);
             }
             $email = trim($email);
             if ($email && $email != $user['email']) {
                 is_email($email) or message($L['send_check_email_bad']);
                 $r = $db->get_one("SELECT userid FROM {$DT_PRE}member WHERE email='{$email}'");
                 if ($r) {
                     message($L['send_check_email_repeat']);
                 }
//query
$link;
$str_query;
$str_update;
$result;
//query result
$row;
//1 data array
$return_string;
//1.get information from client
if (($cmd = check_command($_GET["cmd"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR_CMD;
    return;
}
if (($searchpptsNameDesc = check_name($_GET["searchpptsNameDesc"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR;
    return;
}
if (($statusCheckbox = check_number($_GET["statusCheckbox"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR;
    return;
}
if (($searchpptsfrom1 = check_range_begin($_GET["searchpptsfrom1"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR;
    return;
}
if (($searchpptsto1 = check_range_end($_GET["searchpptsto1"])) == SYMBOL_ERROR) {
Пример #30
0
//query
$link;
$str_query;
$str_update;
$result;
//query result
$row;
//1 data array
$return_string;
//1.get information from client
if (($cmd = check_command($_GET["cmd"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR_CMD;
    return;
}
if (($searchRollCallsName = check_name($_GET["searchRollCallsName"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR;
    return;
}
if (($statusCheckbox = check_number($_GET["statusCheckbox"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR;
    return;
}
if (($searchRollCallsfrom12 = check_range_begin($_GET["searchRollCallsfrom12"])) == SYMBOL_ERROR) {
    sleep(DELAY_SEC);
    echo SYMBOL_ERROR;
    return;
}
if (($searchRollCallsto12 = check_range_end($_GET["searchRollCallsto12"])) == SYMBOL_ERROR) {