function AddGbook($add)
{
global $empire, $dbtbpre, $level_r, $public_r;
//验证IP
eCheckAccessDoIp('gbook');
CheckCanPostUrl();
//验证来源
$bid = (int) getcvar('gbookbid');
if (empty($bid)) {
$bid = intval($add[bid]);
}
$name = RepPostStr(trim($add[name]));
$email = RepPostStr($add[email]);
$call = RepPostStr($add[call]);
$lytext = RepPostStr($add[lytext]);
if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) {
printerror("EmptyGbookname", "history.go(-1)", 1);
}
if (!chemail($email)) {
printerror("EmailFail", "history.go(-1)", 1);
}
//验证码
$keyvname = 'checkgbookkey';
if ($public_r['gbkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
$lasttime = getcvar('lastgbooktime');
if ($lasttime) {
if (time() - $lasttime < $public_r['regbooktime']) {
printerror("GbOutTime", "", 1);
}
}
//版面是否存在
$br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';");
if (empty($br[bid])) {
printerror("EmptyGbook", "history.go(-1)", 1);
}
//权限
if ($br['groupid']) {
$user = islogin();
if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
printerror("HaveNotEnLevel", "history.go(-1)", 1);
}
}
$lytime = date("Y-m-d H:i:s");
$ip = egetip();
$userid = (int) getcvar('mluserid');
$username = RepPostVar(getcvar('mlusername'));
$sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('{$name}','{$email}','{$call}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
esetcookie("lastgbooktime", time(), time() + 3600 * 24);
//设置最后发表时间
$reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']);
printerror("AddGbookSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function AddMemberFeedback($add)
{
global $empire, $dbtbpre;
//验证码
$keyvname = 'checkspacefbkey';
ecmsCheckShowKey($keyvname, $add['key'], 1);
//用户
$userid = intval($add['userid']);
$ur = $empire->fetch1("select " . egetmf('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
if (empty($ur['userid'])) {
printerror("NotUsername", "", 1);
}
//发表者
$uid = (int) getcvar('mluserid');
if ($uid) {
$uname = RepPostVar(getcvar('mlusername'));
} else {
$uid = 0;
$uname = '';
}
$uname = RepPostStr($uname);
$name = RepPostStr($add['name']);
$company = RepPostStr($add['company']);
$phone = RepPostStr($add['phone']);
$fax = RepPostStr($add['fax']);
$email = RepPostStr($add['email']);
$address = RepPostStr($add['address']);
$zip = RepPostStr($add['zip']);
$title = RepPostStr($add['title']);
$ftext = RepPostStr($add['ftext']);
if (!trim($name) || !trim($title) || !trim($ftext)) {
printerror("EmptyMemberFeedback", "history.go(-1)", 1);
}
$addtime = date("Y-m-d H:i:s");
$ip = egetip();
$eipport = egetipport();
$sql = $empire->query("insert into {$dbtbpre}enewsmemberfeedback(name,company,phone,fax,email,address,zip,title,ftext,userid,ip,uid,uname,addtime,eipport) values('{$name}','{$company}','{$phone}','{$fax}','{$email}','{$address}','{$zip}','{$title}','{$ftext}',{$userid},'{$ip}',{$uid},'{$uname}','{$addtime}','{$eipport}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
printerror("AddMemberFeedbackSuccess", $_SERVER['HTTP_REFERER'], 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function AddMemberGbook($add)
{
global $empire, $dbtbpre;
//验证码
$keyvname = 'checkspacegbkey';
ecmsCheckShowKey($keyvname, $add['key'], 1);
//用户
$userid = intval($add['userid']);
$ur = $empire->fetch1("select " . eReturnSelectMemberF('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
if (empty($ur['userid'])) {
printerror("NotUsername", "", 1);
}
//发表者
$uid = (int) getcvar('mluserid');
if ($uid) {
$uname = RepPostVar(getcvar('mlusername'));
} else {
$uid = 0;
$uname = trim($add['uname']);
}
$uname = RepPostStr($uname);
$gbtext = RepPostStr($add['gbtext']);
if (empty($uname) || !trim($gbtext)) {
printerror("EmptyMemberGbook", "history.go(-1)", 1);
}
$isprivate = intval($add['isprivate']);
$addtime = date("Y-m-d H:i:s");
$ip = egetip();
$eipport = egetipport();
$sql = $empire->query("insert into {$dbtbpre}enewsmembergbook(userid,isprivate,uid,uname,ip,addtime,gbtext,retext,eipport) values({$userid},{$isprivate},{$uid},'{$uname}','{$ip}','{$addtime}','{$gbtext}','','{$eipport}');");
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
printerror("AddMemberGbookSuccess", $_SERVER['HTTP_REFERER'], 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function AddFeedback($add)
{
global $empire, $dbtbpre, $level_r, $public_r;
CheckCanPostUrl();
//验证来源
if ($add['bid']) {
$bid = (int) $add['bid'];
} else {
$bid = (int) getcvar('feedbackbid');
}
if (empty($bid)) {
printerror("EmptyFeedbackname", "history.go(-1)", 1);
}
//验证码
$keyvname = 'checkfeedbackkey';
if ($public_r['fbkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
//版面是否存在
$br = $empire->fetch1("select bid,enter,mustenter,filef,groupid,checkboxf from {$dbtbpre}enewsfeedbackclass where bid='{$bid}';");
if (empty($br['bid'])) {
printerror("EmptyFeedback", "history.go(-1)", 1);
}
//权限
if ($br['groupid']) {
$user = islogin();
if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
printerror("HaveNotEnLevel", "history.go(-1)", 1);
}
}
$pr = $empire->fetch1("select feedbacktfile,feedbackfilesize,feedbackfiletype from {$dbtbpre}enewspublic limit 1");
//必填项
$mustr = explode(",", $br['mustenter']);
$count = count($mustr);
for ($i = 1; $i < $count - 1; $i++) {
$mf = $mustr[$i];
if (strstr($br['filef'], "," . $mf . ",")) {
if (!$pr['feedbacktfile']) {
printerror("NotOpenFBFile", "", 1);
}
if (!$_FILES[$mf]['name']) {
printerror("EmptyFeedbackname", "", 1);
}
} else {
$chmustval = ReturnFBCheckboxAddF($add[$mf], $mf, $br['checkboxf']);
if (!trim($chmustval)) {
printerror("EmptyFeedbackname", "", 1);
}
}
}
$saytime = date("Y-m-d H:i:s");
//字段处理
$dh = "";
$tranf = "";
$record = "<!--record-->";
$field = "<!--field--->";
$er = explode($record, $br['enter']);
$count = count($er);
for ($i = 0; $i < $count - 1; $i++) {
$er1 = explode($field, $er[$i]);
$f = $er1[1];
//附件
$add[$f] = str_replace('[!#@-', 'ecms', $add[$f]);
if (strstr($br['filef'], "," . $f . ",")) {
if ($_FILES[$f]['name']) {
if (!$pr['feedbacktfile']) {
printerror("NotOpenFBFile", "", 1);
}
$filetype = GetFiletype($_FILES[$f]['name']);
//取得文件类型
if (CheckSaveTranFiletype($filetype)) {
printerror("NotQTranFiletype", "", 1);
}
if (!strstr($pr['feedbackfiletype'], "|" . $filetype . "|")) {
printerror("NotQTranFiletype", "", 1);
}
if ($_FILES[$f]['size'] > $pr['feedbackfilesize'] * 1024) {
printerror("TooBigQTranFile", "", 1);
}
$tranf .= $dh . $f;
$dh = ",";
$fval = "[!#@-" . $f . "-@!]";
} else {
$fval = "";
}
} else {
$add[$f] = ReturnFBCheckboxAddF($add[$f], $f, $br['checkboxf']);
$fval = $add[$f];
}
$addf .= ",`" . $f . "`";
$addval .= ",'" . addslashes(RepPostStr($fval)) . "'";
}
$type = 0;
$classid = 0;
$filename = '';
$filepath = '';
$userid = (int) getcvar('mluserid');
$username = RepPostVar(getcvar('mlusername'));
$filepass = ReturnTranFilepass();
//上传附件
if ($tranf) {
$dh = "";
$tranr = explode(",", $tranf);
$count = count($tranr);
for ($i = 0; $i < $count; $i++) {
$tf = $tranr[$i];
$tfr = DoTranFile($_FILES[$tf]['tmp_name'], $_FILES[$tf]['name'], $_FILES[$tf]['type'], $_FILES[$tf]['size'], $classid);
if ($tfr['tran']) {
$filepath = $tfr[filepath];
//写入数据库
$filetime = $saytime;
$filesize = (int) $_FILES[$tf]['size'];
eInsertFileTable($tfr[filename], $filesize, $tfr[filepath], '[Member]' . $username, $classid, '[FB]' . addslashes(RepPostStr($add[title])), $type, $filepass, $filepass, $public_r[fpath], 0, 4, 0);
$repfval = ($tfr[filepath] ? $tfr[filepath] . '/' : '') . $tfr[filename];
$filename .= $dh . $tfr[filename];
$dh = ",";
} else {
$repfval = "";
}
$addval = str_replace("[!#@-" . $tf . "-@!]", $repfval, $addval);
}
}
$ip = egetip();
$eipport = egetipport();
$sql = $empire->query("insert into {$dbtbpre}enewsfeedback(bid,saytime,ip,filepath,filename,userid,username,haveread,eipport" . $addf . ") values('{$bid}','{$saytime}','{$ip}','{$filepath}','{$filename}','{$userid}','{$username}',0,'{$eipport}'" . $addval . ");");
$fid = $empire->lastid();
//更新附件
UpdateTheFileOther(4, $fid, $filepass, 'other');
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
$reurl = DoingReturnUrl("../tool/feedback/?bid={$bid}", $add['ecmsfrom']);
printerror("AddFeedbackSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function login1($username, $password, $lifetime, $key, $location)
{
global $empire, $user_tablename, $user_userid, $user_username, $user_password, $user_dopass, $user_group, $user_groupid, $user_rnd, $public_r, $user_salt, $user_saltnum, $dbtbpre, $eloginurl, $user_checked;
if ($eloginurl) {
Header("Location:{$eloginurl}");
exit;
}
$dopr = 1;
if ($_POST['prtype']) {
$dopr = 9;
}
if (!trim($username) || !trim($password)) {
printerror("EmptyLogin", "history.go(-1)", $dopr);
}
//验证码
$keyvname = 'checkloginkey';
if ($public_r['loginkey_ok']) {
ecmsCheckShowKey($keyvname, $key, $dopr);
}
$username = RepPostVar($username);
$password = RepPostVar($password);
//编码转换
$utfusername = doUtfAndGbk($username, 0);
$password = doUtfAndGbk($password, 0);
//密码
if (empty($user_dopass)) {
$password = md5($password);
}
if ($user_dopass == 3) {
$password = substr(md5($password), 8, 16);
}
//双重md5
$num = 0;
if ($user_dopass == 2) {
$ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
$password = md5(md5($password) . $ur[$user_salt]);
$num = 0;
if ($password == $ur[$user_password]) {
$num = 1;
}
if (empty($ur[$user_userid])) {
$num = 0;
}
} else {
$num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='" . $password . "' limit 1");
}
if (!$num) {
printerror("FailPassword", "history.go(-1)", $dopr);
}
$r = $empire->fetch1("select * from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
if ($r[$user_checked] == 0) {
if ($public_r['regacttype'] == 1) {
printerror('NotCheckedUser', '../member/register/regsend.php', 1);
} else {
printerror('NotCheckedUser', '', 1);
}
}
$time = date("Y-m-d H:i:s");
$rnd = make_password(12);
//取得随机密码
//默认会员组
if (empty($r[$user_group])) {
$r[$user_group] = $user_groupid;
}
$r[$user_group] = (int) $r[$user_group];
$usql = $empire->query("update " . $user_tablename . " set " . $user_rnd . "='{$rnd}'," . $user_group . "=" . $r[$user_group] . " where " . $user_userid . "='{$r[$user_userid]}'");
//设置cookie
$logincookie = 0;
if ($lifetime) {
$logincookie = time() + $lifetime;
}
$set1 = esetcookie("mlusername", $username, $logincookie);
$set2 = esetcookie("mluserid", $r[$user_userid], $logincookie);
$set3 = esetcookie("mlgroupid", $r[$user_group], $logincookie);
$set4 = esetcookie("mlrnd", $rnd, $logincookie);
//登录附加cookie
AddLoginCookie($r);
$location = "../member/cp/";
$returnurl = getcvar('returnurl');
if ($returnurl) {
$location = $returnurl;
}
if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) {
$location = "../member/iframe/";
}
if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) {
$location = "../member/cp/";
$_POST['ecmsfrom'] = '';
}
ecmsEmptyShowKey($keyvname);
//清空验证码
$set6 = esetcookie("returnurl", "");
if ($set1 && $set2) {
$location = DoingReturnUrl($location, $_POST['ecmsfrom']);
printerror("LoginSuccess", $location, $dopr);
} else {
printerror("NotCookie", "history.go(-1)", $dopr);
}
}
function register($add)
{
global $empire, $dbtbpre, $public_r, $ecms_config;
//关闭注册
if ($public_r['register_ok']) {
printerror('CloseRegister', '', 1);
}
//验证时间段允许操作
eCheckTimeCloseDo('reg');
//验证IP
eCheckAccessDoIp('register');
if (!empty($ecms_config['member']['registerurl'])) {
Header("Location:" . $ecms_config['member']['registerurl']);
exit;
}
//已经登陆不能注册
if (getcvar('mluserid')) {
printerror('LoginToRegister', '', 1);
}
CheckCanPostUrl();
//验证来源
$username = trim($add['username']);
$password = trim($add['password']);
$username = RepPostVar($username);
$password = RepPostVar($password);
$email = RepPostStr($add['email']);
if (!$username || !$password || !$email) {
printerror("EmptyMember", "history.go(-1)", 1);
}
$tobind = (int) $add['tobind'];
//验证码
$keyvname = 'checkregkey';
if ($public_r['regkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
$user_groupid = eReturnMemberDefGroupid();
$groupid = (int) $add['groupid'];
$groupid = empty($groupid) ? $user_groupid : $groupid;
CheckMemberGroupCanReg($groupid);
//IP
$regip = egetip();
$regipport = egetipport();
//用户字数
$pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1");
$userlen = strlen($username);
if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) {
printerror('FaiUserlen', '', 1);
}
//密码字数
$passlen = strlen($password);
if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) {
printerror('FailPasslen', '', 1);
}
if ($add['repassword'] !== $password) {
printerror('NotRepassword', '', 1);
}
if (!chemail($email)) {
printerror('EmailFail', '', 1);
}
if (strstr($username, '|') || strstr($username, '*')) {
printerror('NotSpeWord', '', 1);
}
//同一IP注册
eCheckIpRegTime($regip, $pr['regretime']);
//保留用户
toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword');
$username = RepPostStr($username);
//重复用户
$num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if ($num) {
printerror('ReUsername', '', 1);
}
//重复邮箱
if ($pr['regemailonly']) {
$num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' limit 1");
if ($num) {
printerror('ReEmailFail', '', 1);
}
}
//注册时间
$lasttime = time();
$registertime = eReturnAddMemberRegtime();
$rnd = make_password(20);
//产生随机密码
$userkey = eReturnMemberUserKey();
//密码
$truepassword = $password;
$salt = eReturnMemberSalt();
$password = eDoMemberPw($password, $salt);
//审核
$checked = ReturnGroupChecked($groupid);
if ($checked && $public_r['regacttype'] == 1) {
$checked = 0;
}
//验证附加表必填项
$mr['add_filepass'] = ReturnTranFilepass();
$fid = GetMemberFormId($groupid);
$member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username);
$sql = $empire->query("insert into " . eReturnMemberTable() . "(" . eReturnInsertMemberF('username,password,rnd,email,registertime,groupid,userfen,userdate,money,zgroupid,havemsg,checked,salt,userkey') . ") values('{$username}','{$password}','{$rnd}','{$email}','{$registertime}','{$groupid}','{$public_r['reggetfen']}','0','0','0','0','{$checked}','{$salt}','{$userkey}');");
//取得userid
$userid = $empire->lastid();
//附加表
$addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'");
if (!$addr[userid]) {
$spacestyleid = ReturnGroupSpaceStyleid($groupid);
$sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}','{$lasttime}','{$regip}','1','{$regipport}','{$regipport}'" . $member_r[1] . ");");
}
//更新附件
UpdateTheFileOther(6, $userid, $mr['add_filepass'], 'member');
ecmsEmptyShowKey($keyvname);
//清空验证码
//绑定帐号
if ($tobind) {
MemberConnect_BindUser($userid);
}
if ($sql) {
//邮箱激活
if ($checked == 0 && $public_r['regacttype'] == 1) {
include 'class/member_actfun.php';
SendActUserEmail($userid, $username, $email);
}
//审核
if ($checked == 0) {
$location = DoingReturnUrl("../../", $_POST['ecmsfrom']);
printerror("RegisterSuccessCheck", $location, 1);
}
$logincookie = 0;
if ($ecms_config['member']['regcookietime']) {
$logincookie = time() + $ecms_config['member']['regcookietime'];
}
$r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
$set1 = esetcookie("mlusername", $username, $logincookie);
$set2 = esetcookie("mluserid", $userid, $logincookie);
$set3 = esetcookie("mlgroupid", $groupid, $logincookie);
$set4 = esetcookie("mlrnd", $rnd, $logincookie);
//验证符
qGetLoginAuthstr($userid, $username, $rnd, $groupid, $logincookie);
//登录附加cookie
AddLoginCookie($r);
$location = "../member/cp/";
$returnurl = getcvar('returnurl');
if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) {
$location = $returnurl;
}
$set5 = esetcookie("returnurl", "");
//易通行系统
DoEpassport('reg', $userid, $username, $truepassword, $salt, $email, $groupid, $registertime);
$location = DoingReturnUrl($location, $_POST['ecmsfrom']);
printerror("RegisterSuccess", $location, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function qlogin($add)
{
global $empire, $dbtbpre, $public_r, $ecms_config;
if ($ecms_config['member']['loginurl']) {
Header("Location:" . $ecms_config['member']['loginurl']);
exit;
}
$dopr = 1;
if ($_POST['prtype']) {
$dopr = 9;
}
$username = trim($add['username']);
$password = trim($add['password']);
if (!$username || !$password) {
printerror("EmptyLogin", "history.go(-1)", $dopr);
}
$tobind = (int) $add['tobind'];
//验证码
$keyvname = 'checkloginkey';
if ($public_r['loginkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], $dopr);
}
$username = RepPostVar($username);
$password = RepPostVar($password);
$num = 0;
$r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if (!$r['userid']) {
printerror("FailPassword", "history.go(-1)", $dopr);
}
if (!eDoCkMemberPw($password, $r['password'], $r['salt'])) {
printerror("FailPassword", "history.go(-1)", $dopr);
}
if ($r['checked'] == 0) {
if ($public_r['regacttype'] == 1) {
printerror('NotCheckedUser', '../member/register/regsend.php', 1);
} else {
printerror('NotCheckedUser', '', 1);
}
}
//绑定帐号
if ($tobind) {
MemberConnect_BindUser($r['userid']);
}
$rnd = make_password(20);
//取得随机密码
//默认会员组
if (empty($r['groupid'])) {
$r['groupid'] = eReturnMemberDefGroupid();
}
$r['groupid'] = (int) $r['groupid'];
$lasttime = time();
//IP
$lastip = egetip();
$lastipport = egetipport();
$usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('rnd') . "='{$rnd}'," . egetmf('groupid') . "='{$r['groupid']}' where " . egetmf('userid') . "='{$r['userid']}'");
$empire->query("update {$dbtbpre}enewsmemberadd set lasttime='{$lasttime}',lastip='{$lastip}',loginnum=loginnum+1,lastipport='{$lastipport}' where userid='{$r['userid']}'");
//设置cookie
$lifetime = (int) $add['lifetime'];
$logincookie = 0;
if ($lifetime) {
$logincookie = time() + $lifetime;
}
$set1 = esetcookie("mlusername", $username, $logincookie);
$set2 = esetcookie("mluserid", $r['userid'], $logincookie);
$set3 = esetcookie("mlgroupid", $r['groupid'], $logincookie);
$set4 = esetcookie("mlrnd", $rnd, $logincookie);
//验证符
qGetLoginAuthstr($r['userid'], $username, $rnd, $r['groupid'], $logincookie);
//登录附加cookie
AddLoginCookie($r);
$location = "../member/cp/";
$returnurl = getcvar('returnurl');
if ($returnurl) {
$location = $returnurl;
}
if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) {
$location = "../member/iframe/";
}
if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) {
$location = "../member/cp/";
$_POST['ecmsfrom'] = '';
}
ecmsEmptyShowKey($keyvname);
//清空验证码
$set6 = esetcookie("returnurl", "");
if ($set1 && $set2) {
//易通行系统
DoEpassport('login', $r['userid'], $username, $password, $r['salt'], $r['email'], $r['groupid'], $r['registertime']);
$location = DoingReturnUrl($location, $_POST['ecmsfrom']);
printerror("LoginSuccess", $location, $dopr);
} else {
printerror("NotCookie", "history.go(-1)", $dopr);
}
}
function login($username, $password, $key, $post)
{
global $empire, $public_r, $dbtbpre, $do_loginauth, $do_ckhloginfile;
$username = RepPostVar($username);
$password = RepPostVar($password);
if (!$username || !$password) {
printerror("EmptyKey", "index.php");
}
//验证码
$keyvname = 'checkkey';
if (!$public_r['adminloginkey']) {
ecmsCheckShowKey($keyvname, $key, 0, 0);
}
if (strlen($username) > 30 || strlen($password) > 30) {
printerror("EmptyKey", "index.php");
}
$loginip = egetip();
$logintime = time();
CheckLoginNum($loginip, $logintime);
//认证码
if ($do_loginauth && $do_loginauth != $post['loginauth']) {
InsertErrorLoginNum($username, $password, 1, $loginip, $logintime);
printerror("ErrorLoginAuth", "index.php");
}
$user_r = $empire->fetch1("select userid,password,salt,lasttime,lastip from {$dbtbpre}enewsuser where username='******' and checked=0 limit 1");
if (!$user_r['userid']) {
InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
printerror("LoginFail", "index.php");
}
$ch_password = md5(md5($password) . $user_r['salt']);
if ($user_r['password'] != $ch_password) {
InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
printerror("LoginFail", "index.php");
}
//安全问答
$user_addr = $empire->fetch1("select userid,equestion,eanswer from {$dbtbpre}enewsuseradd where userid='{$user_r['userid']}'");
if (!$user_addr['userid']) {
InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
printerror("LoginFail", "index.php");
}
if ($user_addr['equestion']) {
$equestion = (int) $post['equestion'];
$eanswer = $post['eanswer'];
if ($user_addr['equestion'] != $equestion) {
InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
printerror("LoginFail", "index.php");
}
$ckeanswer = ReturnHLoginQuestionStr($user_r['userid'], $username, $user_addr['equestion'], $eanswer);
if ($ckeanswer != $user_addr['eanswer']) {
InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
printerror("LoginFail", "index.php");
}
}
//取得随机密码
$rnd = make_password(20);
$sql = $empire->query("update {$dbtbpre}enewsuser set rnd='{$rnd}',loginnum=loginnum+1,lastip='{$loginip}',lasttime='{$logintime}',pretime='{$user_r['lasttime']}',preip='" . RepPostVar($user_r[lastip]) . "' where username='******' limit 1");
$r = $empire->fetch1("select groupid,userid,styleid from {$dbtbpre}enewsuser where username='******' limit 1");
//样式
if (empty($r[styleid])) {
$stylepath = $public_r['defadminstyle'] ? $public_r['defadminstyle'] : 1;
} else {
$styler = $empire->fetch1("select path,styleid from {$dbtbpre}enewsadminstyle where styleid='{$r['styleid']}'");
if (empty($styler[styleid])) {
$stylepath = $public_r['defadminstyle'] ? $public_r['defadminstyle'] : 1;
} else {
$stylepath = $styler['path'];
}
}
//设置备份
$cdbdata = 0;
$bnum = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsgroup where groupid='{$r['groupid']}' and dodbdata=1");
if ($bnum) {
$cdbdata = 1;
$set5 = esetcookie("ecmsdodbdata", "empirecms", 0, 1);
} else {
$set5 = esetcookie("ecmsdodbdata", "", 0, 1);
}
ecmsEmptyShowKey($keyvname, 0);
//清空验证码
$set4 = esetcookie("loginuserid", $r[userid], 0, 1);
$set1 = esetcookie("loginusername", $username, 0, 1);
$set2 = esetcookie("loginrnd", $rnd, 0, 1);
$set3 = esetcookie("loginlevel", $r[groupid], 0, 1);
$set5 = esetcookie("eloginlic", "empirecmslic", 0, 1);
$set6 = esetcookie("loginadminstyleid", $stylepath, 0, 1);
//COOKIE加密验证
if (empty($do_ckhloginfile)) {
DoEDelFileRnd($r[userid]);
}
DoECookieRnd($r[userid], $username, $rnd, $cdbdata, $r[groupid], intval($stylepath), $logintime);
//最后登陆时间
$set4 = esetcookie("logintime", $logintime, 0, 1);
$set5 = esetcookie("truelogintime", $logintime, 0, 1);
//写入日志
insert_log($username, '', 1, $loginip, 0);
//FireWall
FWSetPassword();
if ($set1 && $set2 && $set3) {
//操作日志
insert_dolog("");
if ($post['adminwindow']) {
?>
<script>
AdminWin=window.open("admin.php","EmpireCMS","scrollbars");
AdminWin.moveTo(0,0);
AdminWin.resizeTo(screen.width,screen.height-30);
self.location.href="blank.php";
</script>
<?php
exit;
} else {
printerror("LoginSuccess", "admin.php");
}
} else {
printerror("NotCookie", "index.php");
}
}
function login($username,$password,$key,$post){
global $empire,$public_r,$dbtbpre,$ecms_config;
$username=RepPostVar($username);
$password=RepPostVar($password);
if(!$username||!$password)
{
printerror("EmptyKey","index.php");
}
//验证码
$keyvname='checkkey';
if(!$public_r['adminloginkey'])
{
ecmsCheckShowKey($keyvname,$key,0,0);
}
if(strlen($username)>30||strlen($password)>30)
{
printerror("EmptyKey","index.php");
}
$loginip=egetip();
$logintime=time();
CheckLoginNum($loginip,$logintime);
//认证码
if($ecms_config['esafe']['loginauth']&&$ecms_config['esafe']['loginauth']!=$post['loginauth'])
{
InsertErrorLoginNum($username,$password,1,$loginip,$logintime);
printerror("ErrorLoginAuth","index.php");
}
$user_r=$empire->fetch1("select userid,password,salt,salt2,lasttime,lastip,addtime,addip,userprikey,lastipport,addipport from {$dbtbpre}enewsuser where username='******' and checked=0 limit 1");
if(!$user_r['userid'])
{
InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
printerror("LoginFail","index.php");
}
$ch_password=DoEmpireCMSAdminPassword($password,$user_r['salt'],$user_r['salt2']);
if($user_r['password']!=$ch_password)
{
InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
printerror("LoginFail","index.php");
}
//安全问答
$user_addr=$empire->fetch1("select userid,equestion,eanswer,openip,certkey from {$dbtbpre}enewsuseradd where userid='$user_r[userid]'");
if(!$user_addr['userid'])
{
InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
printerror("LoginFail","index.php");
}
if($user_addr['equestion'])
{
$equestion=(int)$post['equestion'];
$eanswer=$post['eanswer'];
if($user_addr['equestion']!=$equestion)
{
InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
printerror("LoginFail","index.php");
}
$ckeanswer=ReturnHLoginQuestionStr($user_r['userid'],$username,$user_addr['equestion'],$eanswer);
if($ckeanswer!=$user_addr['eanswer'])
{
InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
printerror("LoginFail","index.php");
}
}
//IP限制
if($user_addr['openip'])
{
eCheckAccessAdminLoginIp($user_addr['openip']);
}
//取得随机密码
$rnd=make_password(20);
$loginipport=egetipport();
$sql=$empire->query("update {$dbtbpre}enewsuser set rnd='$rnd',loginnum=loginnum+1,lastip='$loginip',lasttime='$logintime',pretime='$user_r[lasttime]',preip='".RepPostVar($user_r[lastip])."',lastipport='$loginipport',preipport='".RepPostVar($user_r[lastipport])."' where username='******' limit 1");
$r=$empire->fetch1("select groupid,userid,styleid,userprikey from {$dbtbpre}enewsuser where username='******' limit 1");
//样式
if(empty($r[styleid]))
{
$stylepath=$public_r['defadminstyle']?$public_r['defadminstyle']:1;
}
else
{
$styler=$empire->fetch1("select path,styleid from {$dbtbpre}enewsadminstyle where styleid='$r[styleid]'");
if(empty($styler[styleid]))
{
$stylepath=$public_r['defadminstyle']?$public_r['defadminstyle']:1;
}
else
{
$stylepath=$styler['path'];
}
}
//设置备份
$cdbdata=0;
$bnum=$empire->gettotal("select count(*) as total from {$dbtbpre}enewsgroup where groupid='$r[groupid]' and dodbdata=1");
if($bnum)
{
$cdbdata=1;
$set5=esetcookie("ecmsdodbdata","empirecms",0,1);
}
else
{
$set5=esetcookie("ecmsdodbdata","",0,1);
}
ecmsEmptyShowKey($keyvname,0);//清空验证码
$set4=esetcookie("loginuserid",$r[userid],0,1);
$set1=esetcookie("loginusername",$username,0,1);
$set2=esetcookie("loginrnd",$rnd,0,1);
$set3=esetcookie("loginlevel",$r[groupid],0,1);
$set5=esetcookie("eloginlic","empirecmslic",0,1);
$set6=esetcookie("loginadminstyleid",$stylepath,0,1);
//COOKIE加密验证
DoEDelFileRnd($r[userid]);
DoECookieRnd($r[userid],$username,$rnd,$r['userprikey'],$cdbdata,$r[groupid],intval($stylepath),$logintime);
//最后登陆时间
$set4=esetcookie("logintime",$logintime,0,1);
$set5=esetcookie("truelogintime",$logintime,0,1);
esetcookie('ecertkeyrnds','',0);
//写入日志
insert_log($username,'',1,$loginip,0);
//FireWall
FWSetPassword();
if($set1&&$set2&&$set3)
{
$cache_enews='doclass,doinfo,douserinfo';
$cache_ecmstourl='admin.php'.urlencode(hReturnEcmsHashStrDef(1,'ehref'));
$cache_mess='LoginSuccess';
$cache_url="CreateCache.php?enews=$cache_enews&ecmstourl=$cache_ecmstourl&mess=$cache_mess".hReturnEcmsHashStrDef(0,'ehref');
//操作日志
insert_dolog("");
if($post['adminwindow'])
{
?>
<script>
AdminWin=window.open("<?=$cache_url?>","EmpireCMS","scrollbars");
AdminWin.moveTo(0,0);
AdminWin.resizeTo(screen.width,screen.height-30);
self.location.href="blank.php";
</script>
<?
exit();
}
else
{
//printerror("LoginSuccess",$cache_url);
echo'<meta http-equiv="refresh" content="0;url='.$cache_url.'">';
db_close();
$empire=null;
exit();
}
}
else
{
printerror("NotCookie","index.php");
}
}
function DoRegSend($add)
{
global $empire, $dbtbpre, $public_r;
if ($public_r['regacttype'] != 1) {
printerror('CloseRegAct', '', 1);
}
$username = trim($add[username]);
$password = trim($add[password]);
$email = trim($add[email]);
$newemail = trim($add[newemail]);
if (!$username || !$password || !$email) {
printerror("EmptyRegAct", "history.go(-1)", 1);
}
//验证码
$key = $add['key'];
$keyvname = 'checkregsendkey';
ecmsCheckShowKey($keyvname, $key, 1);
$username = RepPostVar($username);
$password = RepPostVar($password);
$username = RepPostStr($username);
$email = RepPostStr($email);
$newemail = RepPostStr($newemail);
if (!chemail($email)) {
printerror("EmailFail", "history.go(-1)", 1);
}
if ($newemail) {
if (!chemail($newemail)) {
printerror("EmailFail", "history.go(-1)", 1);
}
$sendemail = $newemail;
} else {
$sendemail = $email;
}
//密码
$ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if (!$ur['userid']) {
printerror("ErrorRegActUser", "history.go(-1)", 1);
}
if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) {
printerror("ErrorRegActUser", "history.go(-1)", 1);
}
$r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
$useremail = $r['email'];
if (!$r['userid'] || $useremail != $email) {
printerror("ErrorRegActUser", "history.go(-1)", 1);
}
if ($r['checked']) {
printerror("HaveRegActUser", '', 1);
}
$addr = $empire->fetch1("select userid,authstr from {$dbtbpre}enewsmemberpub where userid='" . $r['userid'] . "' limit 1");
$ar = explode('||', $addr['authstr']);
if (!$addr['userid'] || !$addr['authstr'] || $ar[1] != 2) {
printerror("HaveRegActUser", '', 1);
}
ecmsEmptyShowKey($keyvname);
//清空验证码
SendActUserEmail($r['userid'], $username, $sendemail);
}
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add)
{
global $empire, $dbtbpre, $public_r, $class_r, $level_r;
//验证本时间允许操作
eCheckTimeCloseDo('pl');
//验证IP
eCheckAccessDoIp('pl');
$id = (int) $id;
$repid = (int) $repid;
$classid = (int) $classid;
//验证码
$keyvname = 'checkplkey';
if ($public_r['plkey_ok']) {
ecmsCheckShowKey($keyvname, $key, 1);
}
$username = RepPostVar($username);
$password = RepPostVar($password);
$muserid = (int) getcvar('mluserid');
$musername = RepPostVar(getcvar('mlusername'));
$mgroupid = (int) getcvar('mlgroupid');
if ($muserid) {
$cklgr = qCheckLoginAuthstr();
if ($cklgr['islogin']) {
$username = $musername;
} else {
$muserid = 0;
}
} else {
if (empty($nomember)) {
if (!$username || !$password) {
printerror("FailPassword", "history.go(-1)", 1);
}
$ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password,checked,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if (empty($ur['userid'])) {
printerror("FailPassword", "history.go(-1)", 1);
}
if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) {
printerror("FailPassword", "history.go(-1)", 1);
}
if ($ur['checked'] == 0) {
printerror("NotCheckedUser", '', 1);
}
$muserid = $ur['userid'];
$mgroupid = $ur['groupid'];
} else {
$muserid = 0;
}
}
if ($public_r['plgroupid']) {
if (!$muserid) {
printerror("GuestNotToPl", "history.go(-1)", 1);
}
if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) {
printerror("NotLevelToPl", "history.go(-1)", 1);
}
}
//专题
$doaction = $add['doaction'];
if ($doaction == 'dozt') {
if (!trim($saytext) || !$classid) {
printerror("EmptyPl", "history.go(-1)", 1);
}
//是否关闭评论
$r = $empire->fetch1("select ztid,closepl,checkpl,restb from {$dbtbpre}enewszt where ztid='{$classid}'");
if (!$r['ztid']) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
if ($r['closepl']) {
printerror("CloseClassPl", "history.go(-1)", 1);
}
//审核
if ($r['checkpl']) {
$checked = 1;
} else {
$checked = 0;
}
$restb = $r['restb'];
$pubid = '-' . $classid;
$id = 0;
$pagefunr = eReturnRewritePlUrl($classid, $id, 'dozt', 0, 0, 1);
$returl = $pagefunr['pageurl'];
} else {
if (!trim($saytext) || !$id || !$classid) {
printerror("EmptyPl", "history.go(-1)", 1);
}
//表存在
if (empty($class_r[$classid][tbname])) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
//是否关闭评论
$r = $empire->fetch1("select classid,stb,restb from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' limit 1");
if (!$r['classid'] || $r['classid'] != $classid) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
if ($class_r[$r[classid]][openpl]) {
printerror("CloseClassPl", "history.go(-1)", 1);
}
//单信息关闭评论
$pubid = ReturnInfoPubid($classid, $id);
$finfor = $empire->fetch1("select closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . "_data_" . $r['stb'] . " where id='{$id}' limit 1");
if ($finfor['closepl']) {
printerror("CloseInfoPl", "history.go(-1)", 1);
}
//审核
if ($class_r[$classid][checkpl]) {
$checked = 1;
} else {
$checked = 0;
}
$restb = $r['restb'];
$pagefunr = eReturnRewritePlUrl($classid, $id, 'doinfo', 0, 0, 1);
$returl = $pagefunr['pageurl'];
}
//设置参数
$plsetr = $empire->fetch1("select pltime,plsize,plincludesize,plclosewords,plmustf,plf,plmaxfloor,plquotetemp from {$dbtbpre}enewspl_set limit 1");
if (strlen($saytext) > $plsetr['plsize']) {
$GLOBALS['setplsize'] = $plsetr['plsize'];
printerror("PlSizeTobig", "history.go(-1)", 1);
}
$time = time();
$saytime = $time;
$pltime = getcvar('lastpltime');
if ($pltime) {
if ($time - $pltime < $plsetr['pltime']) {
$GLOBALS['setpltime'] = $plsetr['pltime'];
printerror("PlOutTime", "history.go(-1)", 1);
}
}
$sayip = egetip();
$eipport = egetipport();
$username = str_replace("\r\n", "", $username);
$username = RepPostStr($username);
$saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext)));
if ($repid) {
$saytext = RepPlTextQuote($repid, $saytext, $plsetr, $restb);
CkPlQuoteFloor($plsetr['plmaxfloor'], $saytext);
//验证楼层
}
//过滤字符
$saytext = ReplacePlWord($plsetr['plclosewords'], $saytext);
if ($level_r[$mgroupid]['plchecked']) {
$checked = 0;
}
$ret_r = ReturnPlAddF($add, $plsetr, 0);
//主表
$sql = $empire->query("insert into {$dbtbpre}enewspl_" . $restb . "(pubid,username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,saytext,eipport" . $ret_r['fields'] . ") values('{$pubid}','" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'" . addslashes($saytext) . "','{$eipport}'" . $ret_r['values'] . ");");
$plid = $empire->lastid();
if ($doaction != 'dozt') {
//信息表加1
$usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}' limit 1");
}
//更新新评论数
DoUpdateAddDataNum('pl', $restb, 1);
//设置最后发表时间
$set1 = esetcookie("lastpltime", time(), time() + 3600 * 24);
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
$reurl = DoingReturnUrl($returl, $_POST['ecmsfrom']);
printerror("AddPlSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
function DoRegSend($add)
{
global $empire, $dbtbpre, $public_r, $user_tablename, $user_username, $user_userid, $user_email, $user_password, $user_dopass, $user_salt, $user_checked;
if ($public_r['regacttype'] != 1) {
printerror('CloseRegAct', '', 1);
}
$username = trim($add[username]);
$password = trim($add[password]);
$email = trim($add[email]);
$newemail = trim($add[newemail]);
if (!$username || !$password || !$email) {
printerror("EmptyRegAct", "history.go(-1)", 1);
}
//ÑéÖ¤Âë
$key = $add['key'];
$keyvname = 'checkregsendkey';
ecmsCheckShowKey($keyvname, $key, 1);
$username = RepPostVar($username);
$password = RepPostVar($password);
$username = RepPostStr($username);
$email = RepPostStr($email);
$newemail = RepPostStr($newemail);
if (!chemail($email)) {
printerror("EmailFail", "history.go(-1)", 1);
}
if ($newemail) {
if (!chemail($newemail)) {
printerror("EmailFail", "history.go(-1)", 1);
}
$sendemail = $newemail;
} else {
$sendemail = $email;
}
//±àÂëת»»
$utfusername = doUtfAndGbk($username, 0);
$password = doUtfAndGbk($password, 0);
//ÃÜÂë
if (empty($user_dopass)) {
$password = md5($password);
}
if ($user_dopass == 3) {
$password = substr(md5($password), 8, 16);
}
//Ë«ÖØmd5
$num = 0;
if ($user_dopass == 2) {
$ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
$password = md5(md5($password) . $ur[$user_salt]);
$num = 0;
if ($password == $ur[$user_password]) {
$num = 1;
}
if (empty($ur[$user_userid])) {
$num = 0;
}
} else {
$num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='" . $password . "' limit 1");
}
if (!$num) {
printerror("ErrorRegActUser", "history.go(-1)", 1);
}
$r = $empire->fetch1("select * from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
$utfemail = doUtfAndGbk($r[$user_email], 1);
if (!$r[$user_userid] || $utfemail != $email) {
printerror("ErrorRegActUser", "history.go(-1)", 1);
}
if ($r[$user_checked]) {
printerror("HaveRegActUser", '', 1);
}
$addr = $empire->fetch1("select userid,authstr from {$dbtbpre}enewsmemberadd where userid='" . $r[$user_userid] . "' limit 1");
$ar = explode('||', $addr['authstr']);
if (!$addr['userid'] || !$addr['authstr'] || $ar[1] != 2) {
printerror("HaveRegActUser", '', 1);
}
ecmsEmptyShowKey($keyvname);
//Çå¿ÕÑéÖ¤Âë
SendActUserEmail($r[$user_userid], $username, $sendemail);
}
function DodoInfo($add, $ecms = 0)
{
global $empire, $public_r, $emod_r, $level_r, $class_r, $dbtbpre, $fun_r;
//验证来源
if ($ecms == 0 || $ecms == 1) {
CheckCanPostUrl();
}
//开启投稿
if ($public_r['addnews_ok']) {
printerror("CloseQAdd", "", 1);
}
//验证本时间允许操作
eCheckTimeCloseDo('info');
$classid = (int) $add['classid'];
$mid = (int) $class_r[$classid]['modid'];
if (!$mid || !$classid) {
printerror("EmptyQinfoCid", "", 1);
}
$tbname = $emod_r[$mid]['tbname'];
$qenter = $emod_r[$mid]['qenter'];
if (!$tbname || !$qenter || $qenter == ',') {
printerror("ErrorUrl", "history.go(-1)", 1);
}
$muserid = (int) getcvar('mluserid');
$musername = RepPostVar(getcvar('mlusername'));
$mrnd = RepPostVar(getcvar('mlrnd'));
//取得栏目信息
$isadd = 0;
if ($ecms == 0) {
$isadd = 1;
}
$setuserday = '';
$cr = DoQCheckAddLevel($classid, $muserid, $musername, $mrnd, $ecms, $isadd);
$setuserday = $cr['checkaddnumquery'];
$filepass = (int) $add['filepass'];
$id = (int) $add['id'];
$infor = array();
//组合标题属性
$titlecolor = RepPostStr(RepPhpAspJspcodeText($add[titlecolor]));
$titlefont = TitleFont($add[titlefont], $titlecolor);
$titlecolor = "";
$titlefont = "";
$ttid = (int) $add['ttid'];
$keyboard = addslashes(RepPostStr(trim(DoReplaceQjDh($add[keyboard]))));
$keyid = '';
//返回关键字组合
if ($keyboard && strstr($qenter, ',special.field,')) {
$keyboard = str_replace('[!--f--!]', 'ecms', $keyboard);
$keyid = GetKeyid($keyboard, $classid, $id, $class_r[$classid][link_num]);
}
//验证码
$keyvname = 'checkinfokey';
//moreport
if (Moreport_ReturnMustDt()) {
define('ECMS_SELFPATH', eReturnEcmsMainPortPath());
Moreport_ResetMainTempGid();
}
//-----------------增加
if ($ecms == 0) {
//时间
$lasttime = getcvar('lastaddinfotime');
if ($lasttime) {
if (time() - $lasttime < $public_r['readdinfotime']) {
printerror("QAddInfoOutTime", "", 1);
}
}
//验证码
if ($cr['qaddshowkey']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
//IP发布数限制
$check_ip = egetip();
$check_checked = $cr['wfid'] ? 0 : $cr['checkqadd'];
eCheckIpAddInfoNum($check_ip, $tbname, $mid, $check_checked);
//返回字段
$ret_r = ReturnQAddinfoF($mid, $add, $infor, $classid, $filepass, $muserid, $musername, 0);
$checked = $cr['checkqadd'];
$havehtml = 0;
$newspath = date($cr['newspath']);
$truetime = time();
$newstime = $truetime;
$newstempid = $cr['newstempid'];
$haveaddfen = 0;
//强制签发
$isqf = 0;
if ($cr['wfid']) {
$checked = 0;
$isqf = 1;
}
//增扣点
if ($checked && $muserid) {
AddInfoFen($cr['addinfofen'], $muserid);
$haveaddfen = 1;
}
if (empty($muserid)) {
$musername = $fun_r['guest'];
}
//会员投稿数更新
if ($setuserday) {
$empire->query($setuserday);
}
//发布时间
if (!strstr($qenter, ',newstime,')) {
$ret_r[0] = ",newstime" . $ret_r[0];
$ret_r[1] = ",'{$newstime}'" . $ret_r[1];
} else {
if ($add['newstime']) {
$newstime = to_time($add['newstime']);
$newstime = intval($newstime);
}
}
//附加链接参数
$addecmscheck = empty($checked) ? '&ecmscheck=1' : '';
//索引表
$indexsql = $empire->query("insert into {$dbtbpre}ecms_" . $tbname . "_index(classid,checked,newstime,truetime,lastdotime,havehtml) values('{$classid}','{$checked}','{$newstime}','{$truetime}','{$truetime}','{$havehtml}');");
$id = $empire->lastid();
//返回表信息
$infotbr = ReturnInfoTbname($tbname, $checked, $ret_r[4]);
//主表
$sql = $empire->query("insert into " . $infotbr['tbname'] . "(id,classid,ttid,onclick,plnum,totaldown,newspath,filename,userid,username,firsttitle,isgood,istop,isqf,ismember,isurl,truetime,lastdotime,havehtml,groupid,userfen,titlefont,titleurl,stb,fstb,restb,keyboard" . $ret_r[0] . ") values('{$id}','{$classid}','{$ttid}',0,0,0,'{$newspath}','','" . $muserid . "','" . addslashes($musername) . "',0,0,0,'{$isqf}',1,0,'{$truetime}','{$truetime}','{$havehtml}',0,0,'{$titlefont}','','{$ret_r['4']}','{$public_r['filedeftb']}','{$public_r['pldeftb']}','{$keyboard}'" . $ret_r[1] . ");");
//副表
$fsql = $empire->query("insert into " . $infotbr['datatbname'] . "(id,classid,keyid,dokey,newstempid,closepl,haveaddfen,infotags" . $ret_r[2] . ") values('{$id}','{$classid}','{$keyid}',1,'{$newstempid}',0,'{$haveaddfen}',''" . $ret_r[3] . ");");
//扣点记录
if ($haveaddfen) {
if ($cr['addinfofen'] < 0) {
BakDown($classid, $id, 0, $muserid, $musername, RepPostStr($add[title]), abs($cr['addinfofen']), 3);
}
}
//签发
if ($isqf == 1) {
InfoInsertToWorkflow($id, $classid, $cr['wfid'], $muserid, addslashes($musername));
}
//文件命名
$filename = ReturnInfoFilename($classid, $id, '');
//信息地址
$infourl = GotoGetTitleUrl($classid, $id, $newspath, $filename, 0, 0, '');
$usql = $empire->query("update " . $infotbr['tbname'] . " set filename='{$filename}',titleurl='{$infourl}' where id='{$id}'");
//修改ispic
UpdateTheIspic($classid, $id, $checked);
//修改附件
if ($filepass) {
UpdateTheFile($id, $filepass, $classid, $public_r['filedeftb']);
}
//更新栏目信息数
AddClassInfos($classid, '+1', '+1', $checked);
//更新新信息数
DoUpdateAddDataNum('info', $class_r[$classid]['tid'], 1);
//清除验证码
ecmsEmptyShowKey($keyvname);
esetcookie("qeditinfo", "", 0);
//生成页面
if ($checked && !$cr['showdt']) {
$titleurl = qAddGetHtml($classid, $id);
}
//生成列表
if ($checked) {
qAddListHtml($classid, $mid, $cr['qaddlist'], $cr['listdt']);
//生成上一篇
if ($cr['repreinfo']) {
$prer = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id<{$id} and classid='{$classid}' order by id desc limit 1");
GetHtml($prer['classid'], $prer['id'], $prer, 1);
}
}
if ($sql) {
$reurl = DoingReturnUrl("AddInfo.php?classid={$classid}&mid={$mid}" . $addecmscheck, $add['ecmsfrom']);
if ($add['gotoinfourl'] && $checked) {
if ($cr['showdt'] == 1) {
$reurl = $public_r[newsurl] . "e/action/ShowInfo/?classid={$classid}&id={$id}";
} elseif ($cr['showdt'] == 2) {
$rewriter = eReturnRewriteInfoUrl($classid, $id, 1);
$reurl = $rewriter['pageurl'];
} else {
$reurl = $titleurl;
}
}
esetcookie("lastaddinfotime", time(), time() + 3600 * 24);
//设置最后发表时间
printerror("AddQinfoSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
} elseif ($ecms == 1) {
if (!$id) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
//检测权限
$infor = CheckQdoinfo($classid, $id, $muserid, $tbname, $cr['adminqinfo'], 1);
//检测时间
if ($public_r['qeditinfotime']) {
if (time() - $infor['truetime'] > $public_r['qeditinfotime'] * 60) {
printerror("QEditInfoOutTime", "history.go(-1)", 1);
}
}
$iaddfield = '';
$addfield = '';
$faddfield = '';
//返回字段
$ret_r = ReturnQAddinfoF($mid, $add, $infor, $classid, $filepass, $muserid, $musername, 1);
if ($keyboard) {
$addfield = ",keyboard='{$keyboard}'";
$faddfield = ",keyid='{$keyid}'";
}
//时间
if (strstr($qenter, ',newstime,')) {
if ($add['newstime']) {
$newstime = to_time($add['newstime']);
$newstime = intval($newstime);
$iaddfield .= ",newstime='{$newstime}'";
}
}
//修改是否需要审核
$ychecked = $infor['checked'];
if ($cr['qeditchecked']) {
$infor['checked'] = 0;
$iaddfield .= ",checked=0";
$relist = 1;
//删除原页面
DelNewsFile($infor[filename], $infor[newspath], $infor[classid], $infor[newstext], $infor[groupid]);
}
//会员投稿数更新
if ($setuserday) {
//$empire->query($setuserday);
}
$lastdotime = time();
//附加链接参数
$addecmscheck = empty($infor['checked']) ? '&ecmscheck=1' : '';
//索引表
$indexsql = $empire->query("update {$dbtbpre}ecms_" . $tbname . "_index set lastdotime={$lastdotime},havehtml=0" . $iaddfield . " where id='{$id}'");
//返回表信息
$infotbr = ReturnInfoTbname($tbname, $ychecked, $infor['stb']);
//主表
$sql = $empire->query("update " . $infotbr['tbname'] . " set lastdotime={$lastdotime},havehtml=0,ttid='{$ttid}'" . $addfield . $ret_r[0] . " where id={$id} and classid={$classid} and userid='{$muserid}' and ismember=1");
//副表
$fsql = $empire->query("update " . $infotbr['datatbname'] . " set classid='{$classid}'" . $faddfield . $ret_r[3] . " where id='{$id}'");
//修改ispic
UpdateTheIspic($classid, $id, $ychecked);
//更新附件
UpdateTheFileEdit($classid, $id, $infor['fstb']);
//未审核信息互转
if ($ychecked != $infor['checked']) {
MoveCheckInfoData($tbname, $ychecked, $infor['stb'], "id='{$id}'");
//更新栏目信息数
if ($infor['checked']) {
AddClassInfos($classid, '', '+1');
} else {
AddClassInfos($classid, '', '-1');
}
}
esetcookie("qeditinfo", "", 0);
//生成页面
if ($infor['checked'] && !$cr['showdt']) {
$titleurl = qAddGetHtml($classid, $id);
}
//生成列表
if ($infor['checked'] || $relist == 1) {
qAddListHtml($classid, $mid, $cr['qaddlist'], $cr['listdt']);
}
//生成上一篇
if ($cr['repreinfo'] && $infor['checked']) {
$prer = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id<{$id} and classid='{$classid}' order by id desc limit 1");
GetHtml($prer['classid'], $prer['id'], $prer, 1);
}
if ($sql) {
$reurl = DoingReturnUrl("ListInfo.php?mid={$mid}" . $addecmscheck, $add['ecmsfrom']);
if ($add['editgotoinfourl'] && $infor['checked']) {
if ($cr['showdt'] == 1) {
$reurl = $public_r[newsurl] . "e/action/ShowInfo/?classid={$classid}&id={$id}";
} elseif ($cr['showdt'] == 2) {
$rewriter = eReturnRewriteInfoUrl($classid, $id, 1);
$reurl = $rewriter['pageurl'];
} else {
$reurl = $titleurl;
}
}
printerror("EditQinfoSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
} elseif ($ecms == 2) {
if (!$id) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
//检测权限
$r = CheckQdoinfo($classid, $id, $muserid, $tbname, $cr['adminqinfo'], 2);
//附加链接参数
$addecmscheck = empty($r['checked']) ? '&ecmscheck=1' : '';
//返回表信息
$infotbr = ReturnInfoTbname($tbname, $r['checked'], $r['stb']);
$stf = $emod_r[$mid]['savetxtf'];
$pf = $emod_r[$mid]['pagef'];
//分页字段
if ($pf) {
if (strstr($emod_r[$mid]['tbdataf'], ',' . $pf . ',')) {
$finfor = $empire->fetch1("select " . $pf . " from " . $infotbr['datatbname'] . " where id='{$id}' limit 1");
$r[$pf] = $finfor[$pf];
}
}
//存文本
if ($stf) {
$newstextfile = $r[$stf];
$r[$stf] = GetTxtFieldText($r[$stf]);
//删除文件
DelTxtFieldText($newstextfile);
}
//删除信息文件
DelNewsFile($r[filename], $r[newspath], $classid, $r[$pf], $r[groupid]);
$indexsql = $empire->query("delete from {$dbtbpre}ecms_" . $tbname . "_index where id='{$id}'");
$sql = $empire->query("delete from " . $infotbr['tbname'] . " where id={$id} and classid={$classid} and userid='{$muserid}' and ismember=1");
$fsql = $empire->query("delete from " . $infotbr['datatbname'] . " where id={$id}");
esetcookie("qdelinfo", "", 0);
//更新栏目信息数
AddClassInfos($classid, '-1', '-1', $r['checked']);
//删除其它表记录和附件
DelSingleInfoOtherData($classid, $id, $r, 0, 0);
//生成列表
if ($r['checked']) {
qAddListHtml($classid, $mid, $cr['qaddlist'], $cr['listdt']);
//生成上一篇
if ($cr['repreinfo']) {
$prer = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id<{$id} and classid='{$classid}' order by id desc limit 1");
GetHtml($prer['classid'], $prer['id'], $prer, 1);
//下一篇
$nextr = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id>{$id} and classid='{$classid}' order by id limit 1");
if ($nextr['id']) {
GetHtml($nextr['classid'], $nextr['id'], $nextr, 1);
}
}
}
if ($sql) {
$reurl = DoingReturnUrl("ListInfo.php?mid={$mid}", $add['ecmsfrom']);
printerror("DelQinfoSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
} else {
printerror("ErrorUrl", "", 1);
}
}
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add)
{
global $empire, $public_r, $class_r, $user_userid, $user_username, $user_password, $user_dopass, $user_tablename, $user_salt, $user_checked, $user_group, $dbtbpre, $level_r;
//验证IP
eCheckAccessDoIp('pl');
$id = (int) $id;
$repid = (int) $repid;
$classid = (int) $classid;
//验证码
$keyvname = 'checkplkey';
if ($public_r['plkey_ok']) {
ecmsCheckShowKey($keyvname, $key, 1);
}
$username = RepPostVar($username);
$password = RepPostVar($password);
$muserid = (int) getcvar('mluserid');
$musername = RepPostVar(getcvar('mlusername'));
$mgroupid = (int) getcvar('mlgroupid');
if ($muserid) {
$username = $musername;
} else {
if (empty($nomember)) {
//编码转换
$utfusername = doUtfAndGbk($username, 0);
$password = doUtfAndGbk($password, 0);
//密码
if (empty($user_dopass)) {
$password = md5($password);
}
if ($user_dopass == 3) {
$password = substr(md5($password), 8, 16);
}
//双重md5
if ($user_dopass == 2) {
$ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . "," . $user_checked . "," . $user_group . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
$password = md5(md5($password) . $ur[$user_salt]);
$cuser = 0;
if ($password == $ur[$user_password]) {
$cuser = 1;
}
if (empty($ur[$user_userid])) {
$cuser = 0;
}
} else {
$ur = $empire->fetch1("select " . $user_userid . "," . $user_checked . "," . $user_group . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='{$password}' limit 1");
$cuser = 0;
if ($ur[$user_userid]) {
$cuser = 1;
}
}
if (empty($cuser)) {
printerror("FailPassword", "history.go(-1)", 1);
}
if ($ur[$user_checked] == 0) {
printerror("NotCheckedUser", '', 1);
}
$muserid = $ur[$user_userid];
$mgroupid = $ur[$user_group];
} else {
$muserid = 0;
}
}
if ($public_r['plgroupid']) {
if (!$muserid) {
printerror("GuestNotToPl", "history.go(-1)", 1);
}
if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) {
printerror("NotLevelToPl", "history.go(-1)", 1);
}
}
if (!trim($saytext) || !$id || !$classid) {
printerror("EmptyPl", "history.go(-1)", 1);
}
//表存在
if (empty($class_r[$classid][tbname])) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
if (strlen($saytext) > $public_r[plsize]) {
printerror("PlSizeTobig", "history.go(-1)", 1);
}
$saytime = date("Y-m-d H:i:s");
$time = time();
$pltime = getcvar('lastpltime');
if ($pltime) {
if ($time - $pltime < $public_r[pltime]) {
printerror("PlOutTime", "history.go(-1)", 1);
}
}
//是否关闭评论
$r = $empire->fetch1("select classid,closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' and classid='{$classid}'");
if (empty($r[classid])) {
printerror("ErrorUrl", "history.go(-1)", 1);
}
if ($class_r[$r[classid]][openpl]) {
printerror("CloseClassPl", "history.go(-1)", 1);
}
//单信息关闭评论
if ($r['closepl']) {
printerror("CloseInfoPl", "history.go(-1)", 1);
}
$sayip = egetip();
$username = RepPostStr($username);
$username = str_replace("\r\n", "", $username);
$saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext)));
$pr = $empire->fetch1("select plclosewords,plf,plmustf,pldeftb from {$dbtbpre}enewspublic limit 1");
if ($repid) {
if (trim($saytext) == "[quote]" . $repid . "[/quote]") {
printerror("EmptyPl", "history.go(-1)", 1);
}
$saytext = RepPlTextQuote($repid, $saytext, $pr);
}
//过滤字符
$saytext = ReplacePlWord($pr['plclosewords'], $saytext);
//审核
if ($class_r[$classid][checkpl]) {
$checked = 1;
} else {
$checked = 0;
}
$ret_r = ReturnPlAddF($add, $pr, 0);
//主表
$sql = $empire->query("insert into {$dbtbpre}enewspl(username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,stb) values('" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'{$pr['pldeftb']}');");
$plid = $empire->lastid();
//副表
$fsql = $empire->query("insert into {$dbtbpre}enewspl_data_" . $pr['pldeftb'] . "(plid,classid,id,saytext" . $ret_r['fields'] . ") values('{$plid}','{$classid}','{$id}','" . addslashes($saytext) . "'" . $ret_r['values'] . ");");
//信息表加1
$usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}'");
//设置最后发表时间
$set1 = esetcookie("lastpltime", time(), time() + 3600 * 24);
ecmsEmptyShowKey($keyvname);
//清空验证码
if ($sql) {
$reurl = DoingReturnUrl("../pl/?classid={$classid}&id={$id}", $_POST['ecmsfrom']);
printerror("AddPlSuccess", $reurl, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}