function AddGbook($add) { global $empire, $dbtbpre, $level_r, $public_r; //验证IP eCheckAccessDoIp('gbook'); CheckCanPostUrl(); //验证来源 $bid = (int) getcvar('gbookbid'); if (empty($bid)) { $bid = intval($add[bid]); } $name = RepPostStr(trim($add[name])); $email = RepPostStr($add[email]); $call = RepPostStr($add[call]); $lytext = RepPostStr($add[lytext]); if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) { printerror("EmptyGbookname", "history.go(-1)", 1); } if (!chemail($email)) { printerror("EmailFail", "history.go(-1)", 1); } //验证码 $keyvname = 'checkgbookkey'; if ($public_r['gbkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } $lasttime = getcvar('lastgbooktime'); if ($lasttime) { if (time() - $lasttime < $public_r['regbooktime']) { printerror("GbOutTime", "", 1); } } //版面是否存在 $br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';"); if (empty($br[bid])) { printerror("EmptyGbook", "history.go(-1)", 1); } //权限 if ($br['groupid']) { $user = islogin(); if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) { printerror("HaveNotEnLevel", "history.go(-1)", 1); } } $lytime = date("Y-m-d H:i:s"); $ip = egetip(); $userid = (int) getcvar('mluserid'); $username = RepPostVar(getcvar('mlusername')); $sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('{$name}','{$email}','{$call}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}');"); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { esetcookie("lastgbooktime", time(), time() + 3600 * 24); //设置最后发表时间 $reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']); printerror("AddGbookSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function register($username, $password, $repassword, $email) { global $empire, $user_tablename, $public_r, $user_groupid, $user_username, $user_userid, $user_email, $user_password, $user_dopass, $user_rnd, $user_registertime, $user_register, $user_group, $user_saltnum, $user_salt, $user_seting, $forumgroupid, $registerurl, $dbtbpre, $user_regcookietime, $user_userfen, $user_checked, $level_r; if ($public_r['register_ok']) { printerror("CloseRegister", "history.go(-1)", 1); } //验证IP eCheckAccessDoIp('register'); if (!empty($registerurl)) { Header("Location:{$registerurl}"); exit; } //已经登陆不能注册 if (getcvar('mluserid')) { printerror("LoginToRegister", "history.go(-1)", 1); } CheckCanPostUrl(); //验证来源 $add = $_POST; $username = trim($username); $password = trim($password); $username = RepPostVar($username); $password = RepPostVar($password); if (!$username || !$password || !$email) { printerror("EmptyMember", "history.go(-1)", 1); } //验证码 $keyvname = 'checkregkey'; if ($public_r['regkey_ok']) { ecmsCheckShowKey($keyvname, $_POST['key'], 1); } $user_groupid = (int) $user_groupid; $groupid = (int) $add[groupid]; $groupid = empty($groupid) ? $user_groupid : $groupid; CheckMemberGroupCanReg($groupid); //IP $regip = egetip(); //用户字数 $pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1"); $userlen = strlen($username); if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) { printerror("FaiUserlen", "history.go(-1)", 1); } //密码字数 $passlen = strlen($password); if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) { printerror("FailPasslen", "history.go(-1)", 1); } if ($repassword !== $password) { printerror("NotRepassword", "history.go(-1)", 1); } if (!chemail($email)) { printerror("EmailFail", "history.go(-1)", 1); } if (strstr($username, "|") || strstr($username, "*")) { printerror("NotSpeWord", "history.go(-1)", 1); } //同一IP注册 eCheckIpRegTime($regip, $pr['regretime']); //保留用户 toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword'); $username = RepPostStr($username); //重复用户 $num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_username . "='{$username}' limit 1"); if ($num) { printerror("ReUsername", "history.go(-1)", 1); } //重复邮箱 $email = RepPostStr($email); if ($pr['regemailonly']) { $num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_email . "='{$email}' limit 1"); if ($num) { printerror("ReEmailFail", "history.go(-1)", 1); } } //注册时间 if ($user_register) { $registertime = time(); } else { $registertime = date("Y-m-d H:i:s"); } $birthday = $y . $m . $d; $rnd = make_password(12); //产生随机密码 //密码 if (empty($user_dopass)) { $password = md5($password); } elseif ($user_dopass == 2) { $salt = make_password($user_saltnum); $password = md5(md5($password) . $salt); } elseif ($user_dopass == 3) { $password = substr(md5($password), 8, 16); } //审核 $checked = ReturnGroupChecked($groupid); if ($checked && $public_r['regacttype'] == 1) { $checked = 0; } //验证附加表必填项 $fid = GetMemberFormId($groupid); $member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username); $sql = $empire->query("insert into " . $user_tablename . "(" . $user_username . "," . $user_password . "," . $user_email . "," . $user_registertime . "," . $user_group . "," . $user_rnd . "," . $user_userfen . "," . $user_checked . ") values('{$username}','{$password}','{$email}','{$registertime}','{$groupid}','{$rnd}','{$public_r['reggetfen']}','{$checked}');"); //取得userid $userid = $empire->lastid(); //附加表 $addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'"); if (!$addr[userid]) { $spacestyleid = ReturnGroupSpaceStyleid($groupid); $sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}'" . $member_r[1] . ");"); } ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { //邮箱激活 if ($checked == 0 && $public_r['regacttype'] == 1) { include '../class/qmemberfun.php'; SendActUserEmail($userid, $username, $email); } //审核 if ($checked == 0) { $location = DoingReturnUrl("../../", $_POST['ecmsfrom']); printerror("RegisterSuccessCheck", $location, 1); } $logincookie = 0; if ($user_regcookietime) { $logincookie = time() + $user_regcookietime; } $set1 = esetcookie("mlusername", $username, $logincookie); $set2 = esetcookie("mluserid", $userid, $logincookie); $set3 = esetcookie("mlgroupid", $groupid, $logincookie); $set4 = esetcookie("mlrnd", $rnd, $logincookie); $location = "../member/cp/"; $returnurl = getcvar('returnurl'); if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) { $location = $returnurl; } $set5 = esetcookie("returnurl", ""); $location = DoingReturnUrl($location, $_POST['ecmsfrom']); printerror("RegisterSuccess", $location, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
require "../../class/connect.php"; require "../../class/db_sql.php"; require "../../class/q_functions.php"; require "../../member/class/user.php"; require "../../data/dbcache/class.php"; require "../../data/dbcache/MemberLevel.php"; require "../class/DownSysFun.php"; eCheckCloseMods('down'); //关闭模块 $link = db_connect(); $empire = new mysqlquery(); $editor = 1; $ecmsreurl = 2; //验证IP eCheckAccessDoIp('downinfo'); $id = (int) $_GET['id']; $pathid = (int) $_GET['pathid']; $classid = (int) $_GET['classid']; if (!$classid || empty($class_r[$classid][tbname]) || !$id) { echo "<script>alert('此信息不存在');window.close();</script>"; exit; } $mid = $class_r[$classid][modid]; $tbname = $class_r[$classid][tbname]; $query = "select * from {$dbtbpre}ecms_" . $tbname . " where id='{$id}' limit 1"; $r = $empire->fetch1($query); if (!$r['id'] || $r['classid'] != $classid) { echo "<script>alert('此信息不存在');window.close();</script>"; exit; }
require '../class/db_sql.php'; require '../class/functions.php'; require '../class/t_functions.php'; require LoadLang('pub/fun.php'); require '../data/dbcache/class.php'; require '../data/dbcache/MemberLevel.php'; $link = db_connect(); $empire = new mysqlquery(); $classid = (int) $_GET['classid']; $id = (int) $_GET['id']; $page = (int) $_GET['page']; $page = RepPIntvar($page); $mid = $class_r[$classid]['modid']; $tbname = $class_r[$classid]['tbname']; //验证IP eCheckAccessDoIp('showinfo'); if (!$classid || !$id || !$mid || !$tbname || InfoIsInTable($tbname)) { printerror('此信息不存在', '', 1, 0, 1); } $r = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id='{$id}' limit 1"); if (!$r['id'] || $classid != $r['classid']) { printerror('此信息不存在', '', 1, 0, 1); } //外部链接 if ($r['isurl']) { $titleurl = $r['titleurl']; Header("Location:{$titleurl}"); exit; } //moreport if (Moreport_ReturnMustDt()) {
<?php require "../class/connect.php"; require "../class/db_sql.php"; $link = db_connect(); $empire = new mysqlquery(); //关闭投稿 if ($public_r['addnews_ok']) { printerror("CloseQAdd", "", 1); } //验证IP eCheckAccessDoIp('postinfo'); $mid = (int) $_GET['mid']; if (empty($mid)) { printerror("ErrorUrl", "", 1); } $mr = $empire->fetch1("select mid,qenter,qmname from {$dbtbpre}enewsmod where mid='{$mid}'"); if (!$mr['mid'] || !$mr['qenter']) { printerror("ErrorUrl", "", 1); } $muserid = (int) getcvar('mluserid'); $musername = RepPostVar(getcvar('mlusername')); if (empty($musername)) { $musername = "******"; } $classjs = $public_r['newsurl'] . "d/js/js/addinfo" . $mid . ".js"; //导入模板 require ECMS_PATH . 'e/template/DoInfo/ChangeClass.php'; db_close(); $empire = null;
function register($add) { global $empire, $dbtbpre, $public_r, $ecms_config; //关闭注册 if ($public_r['register_ok']) { printerror('CloseRegister', '', 1); } //验证时间段允许操作 eCheckTimeCloseDo('reg'); //验证IP eCheckAccessDoIp('register'); if (!empty($ecms_config['member']['registerurl'])) { Header("Location:" . $ecms_config['member']['registerurl']); exit; } //已经登陆不能注册 if (getcvar('mluserid')) { printerror('LoginToRegister', '', 1); } CheckCanPostUrl(); //验证来源 $username = trim($add['username']); $password = trim($add['password']); $username = RepPostVar($username); $password = RepPostVar($password); $email = RepPostStr($add['email']); if (!$username || !$password || !$email) { printerror("EmptyMember", "history.go(-1)", 1); } $tobind = (int) $add['tobind']; //验证码 $keyvname = 'checkregkey'; if ($public_r['regkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } $user_groupid = eReturnMemberDefGroupid(); $groupid = (int) $add['groupid']; $groupid = empty($groupid) ? $user_groupid : $groupid; CheckMemberGroupCanReg($groupid); //IP $regip = egetip(); $regipport = egetipport(); //用户字数 $pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1"); $userlen = strlen($username); if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) { printerror('FaiUserlen', '', 1); } //密码字数 $passlen = strlen($password); if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) { printerror('FailPasslen', '', 1); } if ($add['repassword'] !== $password) { printerror('NotRepassword', '', 1); } if (!chemail($email)) { printerror('EmailFail', '', 1); } if (strstr($username, '|') || strstr($username, '*')) { printerror('NotSpeWord', '', 1); } //同一IP注册 eCheckIpRegTime($regip, $pr['regretime']); //保留用户 toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword'); $username = RepPostStr($username); //重复用户 $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); if ($num) { printerror('ReUsername', '', 1); } //重复邮箱 if ($pr['regemailonly']) { $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' limit 1"); if ($num) { printerror('ReEmailFail', '', 1); } } //注册时间 $lasttime = time(); $registertime = eReturnAddMemberRegtime(); $rnd = make_password(20); //产生随机密码 $userkey = eReturnMemberUserKey(); //密码 $truepassword = $password; $salt = eReturnMemberSalt(); $password = eDoMemberPw($password, $salt); //审核 $checked = ReturnGroupChecked($groupid); if ($checked && $public_r['regacttype'] == 1) { $checked = 0; } //验证附加表必填项 $mr['add_filepass'] = ReturnTranFilepass(); $fid = GetMemberFormId($groupid); $member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username); $sql = $empire->query("insert into " . eReturnMemberTable() . "(" . eReturnInsertMemberF('username,password,rnd,email,registertime,groupid,userfen,userdate,money,zgroupid,havemsg,checked,salt,userkey') . ") values('{$username}','{$password}','{$rnd}','{$email}','{$registertime}','{$groupid}','{$public_r['reggetfen']}','0','0','0','0','{$checked}','{$salt}','{$userkey}');"); //取得userid $userid = $empire->lastid(); //附加表 $addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'"); if (!$addr[userid]) { $spacestyleid = ReturnGroupSpaceStyleid($groupid); $sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}','{$lasttime}','{$regip}','1','{$regipport}','{$regipport}'" . $member_r[1] . ");"); } //更新附件 UpdateTheFileOther(6, $userid, $mr['add_filepass'], 'member'); ecmsEmptyShowKey($keyvname); //清空验证码 //绑定帐号 if ($tobind) { MemberConnect_BindUser($userid); } if ($sql) { //邮箱激活 if ($checked == 0 && $public_r['regacttype'] == 1) { include 'class/member_actfun.php'; SendActUserEmail($userid, $username, $email); } //审核 if ($checked == 0) { $location = DoingReturnUrl("../../", $_POST['ecmsfrom']); printerror("RegisterSuccessCheck", $location, 1); } $logincookie = 0; if ($ecms_config['member']['regcookietime']) { $logincookie = time() + $ecms_config['member']['regcookietime']; } $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1"); $set1 = esetcookie("mlusername", $username, $logincookie); $set2 = esetcookie("mluserid", $userid, $logincookie); $set3 = esetcookie("mlgroupid", $groupid, $logincookie); $set4 = esetcookie("mlrnd", $rnd, $logincookie); //验证符 qGetLoginAuthstr($userid, $username, $rnd, $groupid, $logincookie); //登录附加cookie AddLoginCookie($r); $location = "../member/cp/"; $returnurl = getcvar('returnurl'); if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) { $location = $returnurl; } $set5 = esetcookie("returnurl", ""); //易通行系统 DoEpassport('reg', $userid, $username, $truepassword, $salt, $email, $groupid, $registertime); $location = DoingReturnUrl($location, $_POST['ecmsfrom']); printerror("RegisterSuccess", $location, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
<?php require "../../class/connect.php"; require "../../class/user.php"; require "../../class/db_sql.php"; $link = db_connect(); $empire = new mysqlquery(); $editor = 1; //关闭 if ($public_r[register_ok]) { printerror("CloseRegister", "history.go(-1)", 1); } //验证IP eCheckAccessDoIp('register'); //转向注册 if (!empty($registerurl)) { Header("Location:{$registerurl}"); exit; } //已经登陆不能注册 if (getcvar('mluserid')) { printerror("LoginToRegister", "history.go(-1)", 1); } if (!empty($changeregisterurl) && !$_GET['groupid']) { Header("Location:{$changeregisterurl}"); exit; } $groupid = (int) $_GET['groupid']; $groupid = $groupid ? $groupid : $user_groupid; CheckMemberGroupCanReg($groupid); $formid = GetMemberFormId($groupid);
function GetSofturl($classid, $id, $pathid, $p, $pass, $onlinetime, $onlinepass) { global $empire, $dbtbpre, $public_r, $class_r, $emod_r, $level_r, $ecms_config; //验证IP eCheckAccessDoIp('onlineinfo'); $classid = (int) $classid; $id = (int) $id; $pathid = (int) $pathid; $onlinetime = (int) $onlinetime; $p = RepPostVar($p); if (!$classid || empty($id) || empty($p)) { exit; } $p_r = explode(":::", $p); $userid = $p_r[0]; $rnd = $p_r[1]; //验证码 $cpass = md5(ReturnDownSysCheckIp() . "wm_chief" . $public_r[downpass] . $userid); if ($cpass != $pass) { exit; } //验证验证码 CheckOnlinePass($onlinetime, $onlinepass); //表不存在 if (empty($class_r[$classid][tbname])) { exit; } $mid = $class_r[$classid][modid]; $tbname = $class_r[$classid][tbname]; $r = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id='{$id}' limit 1"); if (empty($r['id']) || $r['classid'] != $classid) { exit; } //副表 $finfor = $empire->fetch1("select " . ReturnSqlFtextF($mid) . " from {$dbtbpre}ecms_" . $tbname . "_data_" . $r[stb] . " where id='{$r['id']}' limit 1"); $r = array_merge($r, $finfor); //区分下载地址 $path_r = explode("\r\n", $r[onlinepath]); if (!$path_r[$pathid]) { exit; } $showdown_r = explode("::::::", $path_r[$pathid]); $downgroup = $showdown_r[2]; //下载权限 if ($downgroup) { $userid = (int) $userid; $rnd = RepPostVar($rnd); //取得会员资料 $u = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' and " . egetmf('rnd') . "='{$rnd}' limit 1"); if (empty($u['userid'])) { exit; } //下载次数限制 $setuserday = ""; if ($level_r[$u['groupid']]['daydown']) { $setuserday = DoCheckMDownNum($userid, $u['groupid'], 1); } if ($level_r[$downgroup][level] > $level_r[$u[groupid]][level]) { exit; } //点数是否足够 $showdown_r[3] = intval($showdown_r[3]); if ($showdown_r[3]) { //---------是否有历史记录 $bakr = $empire->fetch1("select id,truetime from {$dbtbpre}enewsdownrecord where id='{$id}' and classid='{$classid}' and userid='{$userid}' and pathid='{$pathid}' and online=1 order by truetime desc limit 1"); if ($bakr[id] && time() - $bakr[truetime] <= $public_r[redodown] * 3600) { } else { //包月卡 if ($u['userdate'] - time() > 0) { } else { if ($showdown_r[3] > $u['userfen']) { exit; } //去除点数 $usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('userfen') . "=" . egetmf('userfen') . "-" . $showdown_r[3] . " where " . egetmf('userid') . "='{$userid}'"); } //备份下载记录 $utfusername = $u['username']; BakDown($classid, $id, $pathid, $userid, $utfusername, $r[title], $showdown_r[3], 1); } } //更新用户下载次数 if ($setuserday) { $usql = $empire->query($setuserday); } } //总下载数据增一 $usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set totaldown=totaldown+1 where id='{$id}'"); //选择播放器 $ftype = GetFiletype($showdown_r[1]); if (strstr($ecms_config['sets']['realplayertype'], ',' . $ftype . ',')) { Header("Content-Type: audio/x-pn-realaudio"); } else { Header("Content-Type: video/x-ms-asf"); } $downurl = stripSlashes($showdown_r[1]); $downurlr = ReturnDownQzPath($downurl, $showdown_r[4]); $downurl = $downurlr['repath']; //防盗链 @(include ECMS_PATH . DASHBOARD . "/DownSys/class/enpath.php"); $downurl = DoEnOnlinepath($downurl); db_close(); $empire = null; echo $downurl; exit; }
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add) { global $empire, $dbtbpre, $public_r, $class_r, $level_r; //验证本时间允许操作 eCheckTimeCloseDo('pl'); //验证IP eCheckAccessDoIp('pl'); $id = (int) $id; $repid = (int) $repid; $classid = (int) $classid; //验证码 $keyvname = 'checkplkey'; if ($public_r['plkey_ok']) { ecmsCheckShowKey($keyvname, $key, 1); } $username = RepPostVar($username); $password = RepPostVar($password); $muserid = (int) getcvar('mluserid'); $musername = RepPostVar(getcvar('mlusername')); $mgroupid = (int) getcvar('mlgroupid'); if ($muserid) { $cklgr = qCheckLoginAuthstr(); if ($cklgr['islogin']) { $username = $musername; } else { $muserid = 0; } } else { if (empty($nomember)) { if (!$username || !$password) { printerror("FailPassword", "history.go(-1)", 1); } $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password,checked,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); if (empty($ur['userid'])) { printerror("FailPassword", "history.go(-1)", 1); } if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) { printerror("FailPassword", "history.go(-1)", 1); } if ($ur['checked'] == 0) { printerror("NotCheckedUser", '', 1); } $muserid = $ur['userid']; $mgroupid = $ur['groupid']; } else { $muserid = 0; } } if ($public_r['plgroupid']) { if (!$muserid) { printerror("GuestNotToPl", "history.go(-1)", 1); } if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) { printerror("NotLevelToPl", "history.go(-1)", 1); } } //专题 $doaction = $add['doaction']; if ($doaction == 'dozt') { if (!trim($saytext) || !$classid) { printerror("EmptyPl", "history.go(-1)", 1); } //是否关闭评论 $r = $empire->fetch1("select ztid,closepl,checkpl,restb from {$dbtbpre}enewszt where ztid='{$classid}'"); if (!$r['ztid']) { printerror("ErrorUrl", "history.go(-1)", 1); } if ($r['closepl']) { printerror("CloseClassPl", "history.go(-1)", 1); } //审核 if ($r['checkpl']) { $checked = 1; } else { $checked = 0; } $restb = $r['restb']; $pubid = '-' . $classid; $id = 0; $pagefunr = eReturnRewritePlUrl($classid, $id, 'dozt', 0, 0, 1); $returl = $pagefunr['pageurl']; } else { if (!trim($saytext) || !$id || !$classid) { printerror("EmptyPl", "history.go(-1)", 1); } //表存在 if (empty($class_r[$classid][tbname])) { printerror("ErrorUrl", "history.go(-1)", 1); } //是否关闭评论 $r = $empire->fetch1("select classid,stb,restb from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' limit 1"); if (!$r['classid'] || $r['classid'] != $classid) { printerror("ErrorUrl", "history.go(-1)", 1); } if ($class_r[$r[classid]][openpl]) { printerror("CloseClassPl", "history.go(-1)", 1); } //单信息关闭评论 $pubid = ReturnInfoPubid($classid, $id); $finfor = $empire->fetch1("select closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . "_data_" . $r['stb'] . " where id='{$id}' limit 1"); if ($finfor['closepl']) { printerror("CloseInfoPl", "history.go(-1)", 1); } //审核 if ($class_r[$classid][checkpl]) { $checked = 1; } else { $checked = 0; } $restb = $r['restb']; $pagefunr = eReturnRewritePlUrl($classid, $id, 'doinfo', 0, 0, 1); $returl = $pagefunr['pageurl']; } //设置参数 $plsetr = $empire->fetch1("select pltime,plsize,plincludesize,plclosewords,plmustf,plf,plmaxfloor,plquotetemp from {$dbtbpre}enewspl_set limit 1"); if (strlen($saytext) > $plsetr['plsize']) { $GLOBALS['setplsize'] = $plsetr['plsize']; printerror("PlSizeTobig", "history.go(-1)", 1); } $time = time(); $saytime = $time; $pltime = getcvar('lastpltime'); if ($pltime) { if ($time - $pltime < $plsetr['pltime']) { $GLOBALS['setpltime'] = $plsetr['pltime']; printerror("PlOutTime", "history.go(-1)", 1); } } $sayip = egetip(); $eipport = egetipport(); $username = str_replace("\r\n", "", $username); $username = RepPostStr($username); $saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext))); if ($repid) { $saytext = RepPlTextQuote($repid, $saytext, $plsetr, $restb); CkPlQuoteFloor($plsetr['plmaxfloor'], $saytext); //验证楼层 } //过滤字符 $saytext = ReplacePlWord($plsetr['plclosewords'], $saytext); if ($level_r[$mgroupid]['plchecked']) { $checked = 0; } $ret_r = ReturnPlAddF($add, $plsetr, 0); //主表 $sql = $empire->query("insert into {$dbtbpre}enewspl_" . $restb . "(pubid,username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,saytext,eipport" . $ret_r['fields'] . ") values('{$pubid}','" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'" . addslashes($saytext) . "','{$eipport}'" . $ret_r['values'] . ");"); $plid = $empire->lastid(); if ($doaction != 'dozt') { //信息表加1 $usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}' limit 1"); } //更新新评论数 DoUpdateAddDataNum('pl', $restb, 1); //设置最后发表时间 $set1 = esetcookie("lastpltime", time(), time() + 3600 * 24); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { $reurl = DoingReturnUrl($returl, $_POST['ecmsfrom']); printerror("AddPlSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
require "../../class/connect.php"; require "../../class/db_sql.php"; require "../../class/q_functions.php"; require "../../class/user.php"; require "../../data/dbcache/class.php"; require "../../data/dbcache/MemberLevel.php"; require "../../class/DownSysFun.php"; eCheckCloseMods('movie'); //关闭模块 $link = db_connect(); $empire = new mysqlquery(); $editor = 1; $ecmsreurl = 2; //验证IP eCheckAccessDoIp('onlineinfo'); $id = (int) $_GET['id']; $pathid = (int) $_GET['pathid']; $classid = (int) $_GET['classid']; //扣点函数 function ViewOnlineKFen($showdown_r, $u, $userid, $classid, $id, $pathid, $r) { global $user_tablename, $level_r, $user_group, $user_userid, $class_r, $dbtbpre, $public_r, $user_userdate, $user_userfen, $user_username, $empire, $have_bak, $have_fen; if ($showdown_r[2]) { //下载次数限制 $setuserday = ""; if ($level_r[$u[$user_group]][daydown]) { $setuserday = DoCheckMDownNum($userid, $u[$user_group], 1); } //点数是否足够 $showdown_r[3] = intval($showdown_r[3]);
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add) { global $empire, $public_r, $class_r, $user_userid, $user_username, $user_password, $user_dopass, $user_tablename, $user_salt, $user_checked, $user_group, $dbtbpre, $level_r; //验证IP eCheckAccessDoIp('pl'); $id = (int) $id; $repid = (int) $repid; $classid = (int) $classid; //验证码 $keyvname = 'checkplkey'; if ($public_r['plkey_ok']) { ecmsCheckShowKey($keyvname, $key, 1); } $username = RepPostVar($username); $password = RepPostVar($password); $muserid = (int) getcvar('mluserid'); $musername = RepPostVar(getcvar('mlusername')); $mgroupid = (int) getcvar('mlgroupid'); if ($muserid) { $username = $musername; } else { if (empty($nomember)) { //编码转换 $utfusername = doUtfAndGbk($username, 0); $password = doUtfAndGbk($password, 0); //密码 if (empty($user_dopass)) { $password = md5($password); } if ($user_dopass == 3) { $password = substr(md5($password), 8, 16); } //双重md5 if ($user_dopass == 2) { $ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . "," . $user_checked . "," . $user_group . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1"); $password = md5(md5($password) . $ur[$user_salt]); $cuser = 0; if ($password == $ur[$user_password]) { $cuser = 1; } if (empty($ur[$user_userid])) { $cuser = 0; } } else { $ur = $empire->fetch1("select " . $user_userid . "," . $user_checked . "," . $user_group . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='{$password}' limit 1"); $cuser = 0; if ($ur[$user_userid]) { $cuser = 1; } } if (empty($cuser)) { printerror("FailPassword", "history.go(-1)", 1); } if ($ur[$user_checked] == 0) { printerror("NotCheckedUser", '', 1); } $muserid = $ur[$user_userid]; $mgroupid = $ur[$user_group]; } else { $muserid = 0; } } if ($public_r['plgroupid']) { if (!$muserid) { printerror("GuestNotToPl", "history.go(-1)", 1); } if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) { printerror("NotLevelToPl", "history.go(-1)", 1); } } if (!trim($saytext) || !$id || !$classid) { printerror("EmptyPl", "history.go(-1)", 1); } //表存在 if (empty($class_r[$classid][tbname])) { printerror("ErrorUrl", "history.go(-1)", 1); } if (strlen($saytext) > $public_r[plsize]) { printerror("PlSizeTobig", "history.go(-1)", 1); } $saytime = date("Y-m-d H:i:s"); $time = time(); $pltime = getcvar('lastpltime'); if ($pltime) { if ($time - $pltime < $public_r[pltime]) { printerror("PlOutTime", "history.go(-1)", 1); } } //是否关闭评论 $r = $empire->fetch1("select classid,closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' and classid='{$classid}'"); if (empty($r[classid])) { printerror("ErrorUrl", "history.go(-1)", 1); } if ($class_r[$r[classid]][openpl]) { printerror("CloseClassPl", "history.go(-1)", 1); } //单信息关闭评论 if ($r['closepl']) { printerror("CloseInfoPl", "history.go(-1)", 1); } $sayip = egetip(); $username = RepPostStr($username); $username = str_replace("\r\n", "", $username); $saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext))); $pr = $empire->fetch1("select plclosewords,plf,plmustf,pldeftb from {$dbtbpre}enewspublic limit 1"); if ($repid) { if (trim($saytext) == "[quote]" . $repid . "[/quote]") { printerror("EmptyPl", "history.go(-1)", 1); } $saytext = RepPlTextQuote($repid, $saytext, $pr); } //过滤字符 $saytext = ReplacePlWord($pr['plclosewords'], $saytext); //审核 if ($class_r[$classid][checkpl]) { $checked = 1; } else { $checked = 0; } $ret_r = ReturnPlAddF($add, $pr, 0); //主表 $sql = $empire->query("insert into {$dbtbpre}enewspl(username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,stb) values('" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'{$pr['pldeftb']}');"); $plid = $empire->lastid(); //副表 $fsql = $empire->query("insert into {$dbtbpre}enewspl_data_" . $pr['pldeftb'] . "(plid,classid,id,saytext" . $ret_r['fields'] . ") values('{$plid}','{$classid}','{$id}','" . addslashes($saytext) . "'" . $ret_r['values'] . ");"); //信息表加1 $usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}'"); //设置最后发表时间 $set1 = esetcookie("lastpltime", time(), time() + 3600 * 24); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { $reurl = DoingReturnUrl("../pl/?classid={$classid}&id={$id}", $_POST['ecmsfrom']); printerror("AddPlSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }