function get_url_path() { $port = gpc('SERVER_PORT', 'S'); $portadd = $port == 80 ? '' : ':80'; $host = gpc('HTTP_HOST', 'S'); //$schme = self::gpc('SERVER_PROTOCOL', 'S'); $path = substr(gpc('PHP_SELF', 'S'), 0, strrpos(gpc('PHP_SELF', 'S'), '/')); return "http://{$host}{$portadd}{$path}/"; }
public static function init_lang_tpl() { global $C, $settings, $auth; $dir = PHPDISK_ROOT . 'system/global/'; make_dir($dir); $file = $dir . 'lang_settings.inc.php'; file_exists($file) ? require_once $file : lang_cache(); $file = $dir . 'tpl_settings.inc.php'; file_exists($file) ? require_once $file : tpl_cache(); if (count($tpl_settings)) { foreach ($tpl_settings as $v) { if ($v[actived] && $v[tpl_type] == 'user') { $user_tpl_dir = $v[tpl_name]; } if ($v[actived] && $v[tpl_type] == 'admin') { $admin_tpl_dir = $v[tpl_name]; } } } if (count($lang_settings)) { foreach ($lang_settings as $v) { if ($v[actived]) { $lang_name = $v[lang_name]; } } } if ($settings[open_switch_tpls]) { $ptpl = gpc('ptpl', 'C', ''); $user_tpl_dir = $C[tpl_name] = $ptpl ? check_template($ptpl) ? $ptpl : $user_tpl_dir : $user_tpl_dir; //$C[tpl_name] = $user_tpl_dir; } $arr = get_template_info($user_tpl_dir); $is_fms = $arr['template_core'] == 'fms' && $auth[open_fms] ? 1 : 0; $user_tpl_dir = $user_tpl_dir ? "templates/{$user_tpl_dir}/" : 'templates/default/'; $admin_tpl_dir = $admin_tpl_dir ? "templates/{$admin_tpl_dir}/" : 'templates/admin/'; $lang_name = $lang_name ? $lang_name : 'zh_cn'; return array('user_tpl_dir' => $user_tpl_dir, 'admin_tpl_dir' => $admin_tpl_dir, 'lang_name' => $lang_name, 'fms' => $is_fms); }
$post = fetch_all('house_post', " WHERE post_id='{$post_id}'", "*", 0); } $post['post_map'] = !empty($post['post_map']) ? $post['post_map'] : $house_config['google_map']; if (submitcheck('button_post_submit') || submitcheck('button_edit_submit')) { if (empty($_GET['post_text']) || empty($_GET['post_title']) || empty($_GET['post_begin_time']) || empty($_GET['post_end_time'])) { showmessage($house_lang['must_post']); } if ($ac == 'post' && $house_config['postcredit'] > 0) { $new_credit = $my_credit - $house_config['postcredit']; if ($new_credit < 0) { showmessage($house_lang['post'] . $house_config['credit_unit'] . $house_lang['not_credit']); } else { updatemembercount($_G['uid'], array($house_config['extcredits'] => -$house_config['postcredit']), 1, '', '', '', $house_lang['fabu_koufei'], $house_config['name'] . ": <a href='{$house_config['root']}?mod=member' target='_blank'>{$house_lang['about_info']}</a>"); } } $post_array = gpc('post_'); if (!empty($_GET['province'])) { $post_array['province'] = addslashes($_GET['province']); $post_array['city'] = addslashes($_GET['city']); $post_array['dist'] = addslashes($_GET['dist']); $post_array['community'] = addslashes($_GET['community']); } if (!empty($_GET['loupan'])) { $loupan = addslashes($_GET['loupan']); if (strstr($loupan, "@@")) { list($post_array['loupan_id'], $post_array['loupan_title']) = explode("@@", $loupan); } elseif (!empty($_GET['loupan_id']) && !empty($_GET['loupan_title'])) { list($post_array['loupan_id'], $post_array['loupan_title']) = array(intval($_GET['loupan_id']), addslashes($_GET['loupan_title'])); } else { $post_array['loupan_id'] = ''; $post_array['loupan_title'] = $loupan;
$file_id = (int) gpc('file_id', 'GP', 0); $rs = $db->fetch_one_array("select * from {$tpf}files where file_id='{$file_id}' and userid='{$uid}'"); $tmp_ext = $rs[file_extension] ? '.' . $rs[file_extension] : ''; if ($rs[server_oid]) { $host = @$db->result_first("select server_host from {$tpf}servers where server_oid='{$rs[server_oid]}'"); } else { $host = $settings[phpdisk_url]; } //$filter_arr = explode(',',$settings['filter_extension']); //$tmp_ext = in_array($rs[file_extension],$filter_arr) ? '.txt'.$tmp_ext : $tmp_ext; header("Location: " . $host . $settings[file_path] . '/' . $rs[file_store_path] . $rs[file_real_name] . get_real_ext($rs[file_extension])); //echo "select * from {$tpf}files where file_id='$file_id' and userid='$uid'"; exit; break; case 'search': $word = convert_str('gbk', 'utf-8', trim(gpc('word', 'P', ''))); if ($word) { $q = $db->query("select * from {$tpf}files where userid='{$uid}' and is_del=0 and (file_name like '%{$word}%' or file_extension like '%{$word}%') order by file_id desc"); $num = $db->num_rows($q); if ($num) { echo 't' . LF; while ($rs = $db->fetch_array($q)) { $tmp_ext = $rs[file_extension] ? '.' . $rs[file_extension] : ''; $tmp_ext2 = $rs[file_extension] ? $rs[file_extension] : ' '; $str = $rs[file_name] . $tmp_ext . '|' . $rs[file_size] . '|' . $tmp_ext2 . '|0|' . $rs[file_id] . '|' . date('Y-m-d', $rs[file_time]) . '|' . $rs[file_views] . '|' . $rs[file_downs]; $str = is_utf8() ? convert_str('utf-8', 'gbk', $str) : $str; echo $str ? $str . LF : ''; } $db->free($q); unset($rs); } else {
$post = array(); $post = gpc('cat_'); DB::insert('house_cat', $post); } if (isset($_GET['del'])) { $del['cat_id'] = intval($_GET['del']); DB::delete('house_cat', $del); } if (isset($_GET['edit'])) { $edit = intval($_GET['edit']); $edit_array = array(); $edit_array = fetch_all('house_cat', ' WHERE cat_id=' . $edit . ' ORDER BY cat_pid DESC,cat_sort ASC', '*', 0); } if (isset($_GET['edit_submit'])) { $edit_array = array(); $edit_array = gpc('cat_'); DB::update('house_cat', $edit_array, array('cat_id' => $edit_array['cat_id'])); } $cat_array = array(); $cat_array = fetch_all('house_cat', ' ORDER BY cat_pid ASC,cat_sort ASC'); foreach ($cat_array as $k => $v) { if ($v['cat_pid'] == '0') { $sum = fetch_all('house_cat', " WHERE cat_pid='{$v['cat_id']}' ", ' count(cat_id) as sum ', 0); $cat_array[$k] = array_merge($cat_array[$k], $sum); } } $cat_array_field .= "\$cat_array = " . arrayeval($cat_array) . ";\n"; writetocache('house_cat_array', $cat_array_field); if (!cloudaddons_getmd5("house.plugin")) { cpmsg(lang('admincp_msg', 'cloudaddons_genuine_message'), '', 'error', array('addonid' => "house.plugin")); }
write_file($tmp_file, read_file($tmp_dir . $file[name])); } } @unlink($tmp_dir . $file[name]); } else { $str = '文件 ' . $file_name . ' 上传失败,服务器权限不足'; $str = is_utf8() ? convert_str('utf-8', 'gbk', $str) : $str; echo $str; } @unlink($file['tmp_name']); break; case 'upload_ok': //write_file(PHPDISK_ROOT.'system/1.txt',var_export($_POST,true)); $file_name = trim(gpc('file_name', 'P', '')); $file_do_name = trim(gpc('file_do_name', 'P', '')); $file_size = (int) gpc('file_size', 'P', 0); $file_name = is_utf8() ? convert_str('gbk', 'utf-8', $file_name) : $file_name; $file_do_name = is_utf8() ? convert_str('gbk', 'utf-8', $file_do_name) : $file_do_name; $file_extension = get_extension($file_do_name); $esp = strlen($file_extension) + 1; $file_real_name = $file_extension ? substr($file_do_name, 0, strlen($file_do_name) - $esp) : $file_do_name; $file_name = $file_extension ? substr($file_name, 0, strlen($file_name) - $esp) : $file_name; $rs = $db->fetch_one_array("select * from {$tpf}uploadx_files where userid='{$uid}' and file_real_name='{$file_real_name}' and file_name='{$file_name}' limit 1"); if ($rs) { $tmp_ext = $rs[file_extension] ? '.' . $rs[file_extension] : ''; $dir1 = PHPDISK_ROOT . 'system/cache/'; $dir2 = PHPDISK_ROOT . $settings[file_path] . '/' . $rs[file_store_path]; make_dir($dir2); $file = $dir1 . $rs[file_real_name] . $tmp_ext . '.phpdisk'; $file_real_name = md5(uniqid(mt_rand(), true) . microtime() . $uid); $file_dest = $dir2 . $file_real_name . get_real_ext($rs[file_extension]);
if ($ids_arr[0]) { $error = true; $sysmsg[] = $ids_arr[1]; } else { $plugin_ids = $ids_arr[1]; } if (!$error) { $db->query_unbuffered("update {$tpf}plugins set actived=1 where plugin_name in({$plugin_ids})"); $sysmsg[] = __('plugins_actived_success'); redirect($_SERVER['HTTP_REFERER'], $sysmsg); } else { redirect('back', $sysmsg); } } elseif ($task == 'inactive') { form_auth(gpc('formhash', 'P', ''), formhash()); $plugin_ids = gpc('plugin_ids', 'P', array()); $ids_arr = get_ids_arr($plugin_ids, __('please_select_plugins')); if ($ids_arr[0]) { $error = true; $sysmsg[] = $ids_arr[1]; } else { $plugin_ids = $ids_arr[1]; } if (!$error) { $db->query_unbuffered("update {$tpf}plugins set actived=0 where plugin_name in({$plugin_ids})"); $sysmsg[] = __('plugins_inactived_success'); redirect($_SERVER['HTTP_REFERER'], $sysmsg); } else { redirect('back', $sysmsg); } } else {
break; case 'course_view': if ($task) { switch ($task) { case 'course_view': $file_id = gpc('file_ids', 'GP', 0); $review_status = gpc('review_status', 'GP', 0); $cs_id = gpc('cs_id', 'GP', 0); $course_id = gpc('course_id', 'GP', 0); foreach ($file_id as $k => $v) { $sql = "UPDATE {$tpf}file_cs_relation\n\t\t\t\t\t\t\t\tSET (cs_id, course_id, status)\n\t\t\t\t\t\t\t\tVALUE ({$cs_id}, {$course_id}, {$review_status})\n\t\t\t\t\t\t\t\tWHERE cs_id = {$cs_id} AND course_id={$course_id}"; $db->query_unbuffered($sql); } break; } } else { $course_id = gpc('course_id', 'GP', ''); $chapter_section_array = get_chapter_section_list($course_id); require_once template_echo($item, $admin_tpl_dir, '', 1); } break; case 'search': $status = (int) gpc('status', 'GP', 0); $status = 3; $course_array = !empty($status) ? get_course_form_status($status) : array(); $course_array = $course_array['data']; $page_nav = multi($total_num, $perpage, $pg, urr(ADMINCP, "item={$item}&menu=file&action={$action}&view={$view}&uid={$uid}")); $dd = date('Y-m-d'); require_once template_echo($item, $admin_tpl_dir, '', 1); break; }
/** # Project: PHPDISK File Storage Solution # This is NOT a freeware, use is subject to license terms. # # Site: http://www.phpdisk.com # # $Id: index.php 14 2013-03-18 03:02:57Z along $ # # Copyright (C) 2008-2013 PHPDisk Team. All Rights Reserved. # */ include "includes/commons.inc.php"; $in_front = true; $code = trim(gpc('code', 'G', '')); $action = gpc('action', 'G', ''); /*if(!$code){ exit('[PHPDisk] Access Deny!'); }else{ if(pd_encode($code,'DECODE') != $configs['server_key']){ exit('[PHPDisk] Access Deny!'); } } */ $str = $_SERVER['QUERY_STRING']; if (!$str) { exit('[PHPDisk] Access Denied'); } $title = $settings['site_title']; //include PHPDISK_ROOT."./includes/header.inc.php"; if ($action == 'upload') {
$v_ob = in_array($v_ob, array('asc', 'desc')) ? $v_ob : ''; $d_ob = in_array($d_ob, array('asc', 'desc')) ? $d_ob : ''; $v_order_by = $v_ob ? " views {$v_ob}" : ''; $d_order_by = $d_ob ? " downs {$d_ob}" : ''; $perpage = $pp ? (int) $pp : 50; if ($v_order_by) { $order_by = ' order by ' . $v_order_by; } elseif ($d_order_by) { $order_by = ' order by ' . $d_order_by; } else { $order_by = 'order by id desc'; } if ($task == 'search') { $user = gpc('user', 'G', ''); $s_time = gpc('s_time', 'G', ''); $e_time = gpc('e_time', 'G', ''); if (!$s_time || !$e_time) { exit('<script>alert("起始时间、结束时间不能为空");window.history.back();</script>'); } $u_sql = ''; if ($action == 'stat_user') { if ($user) { $userid = @$db->result_first("select userid from {$tpf}users where username='******' "); if (!$userid) { exit('<script>alert("用户名不存在");window.history.back();</script>'); } $u_sql = $userid ? " and s.userid='{$userid}'" : ''; } $sql_do = " {$tpf}{$action} s,{$tpf}users u where u.userid=s.userid {$u_sql} and (dd>='{$s_time}' and dd<='{$e_time}')"; } elseif ($action == 'stat_hour') { $sql_do = " {$tpf}{$action} where (dh>='{$s_time}' and dh<='{$e_time}')";
<?php ## # Project: PHPDisk # This is NOT a freeware, use is subject to license terms. # # Site: http://www.google.com # # $Id: passport.php 123 2014-03-04 12:40:37Z along $ # # Copyright (C) 2008-2009 PHPDisk Team. All Rights Reserved. # ## include '../../includes/commons.inc.php'; //print_r($_POST); $param = trim(gpc('param', 'G', '')); if ($param) { parse_str(pd_encode(base64_decode($param), 'DECODE')); } else { exit('Error Param'); } $username = is_utf8() ? $username : convert_str('utf-8', 'gbk', $username); $password = is_utf8() ? $password : convert_str('utf-8', 'gbk', $password); $username = $db->escape($username); $password = $db->escape($password); if ($action == 'passportlogin') { $rs = $db->fetch_one_array("select userid,gid,username,password,email from {$tpf}users where username='******' and password='******' limit 1"); if ($rs) { pd_setcookie('phpdisk_info', pd_encode("{$rs[userid]}\t{$rs[gid]}\t{$rs[username]}\t{$rs[password]}\t{$rs[email]}")); header("Location: " . $settings[phpdisk_url] . urr("mydisk", "")); } else {
$max_user_file_size = get_size($max_file_size_byte, 'B', 0); $uid = (int) gpc('uid', 'G', 0); $folder_id = (int) gpc('folder_id', 'G', 0); $plugin_type = trim(gpc('plugin_type', 'G', '')); $hash = trim(gpc('hash', 'G', '')); $md5_sign = md5($uid . $folder_id . $plugin_type . $settings[phpdisk_url]); if ($md5_sign != $hash) { exit('[PHPDisk] Error Params!'); } $action = $action ? $action : 'doupload'; switch ($action) { default: $upload_url = urr("plugin_upload", "uid={$uid}&folder_id={$folder_id}&plugin_type={$plugin_type}&hash={$hash}"); if ($task == 'doupload') { $file = $_FILES['upload_file']; $sign = gpc('sign', 'P', ''); if (!is_utf8()) { $file['name'] = convert_str('utf-8', 'gbk', $file['name']); } $file['name'] = filter_name($file['name']); $file_extension = $db->escape(get_extension($file['name'])); $esp = strlen($file_extension) + 1; if ($file_extension) { $file_name = $db->escape(substr($file['name'], 0, strlen($file['name']) - $esp)); } else { $file_name = $db->escape($file['name']); } /*$file_name = str_replace(' ','_',$file_name); $username = $db->result_first("select username from {$tpf}users where userid='$uid'"); $tmp_username = is_utf8() ? convert_str('utf-8','gbk',$username) : $username;*/
} if ($ac == 'del') { $loupan_id = intval($_GET['lid']); DB::delete("house_loupan", "loupan_id='{$loupan_id}'"); showmessage($house_lang['delete_ok'], $house_config['root'] . "?mod=loupan", 'sussce'); } } else { showmessage($house_lang['no_quanxian']); } if (submitcheck('submit_loupan_post')) { if (empty($_GET['province']) && $ac == 'post') { showmessage($house_lang['admin_1']); } elseif ($ac == 'edit') { $loupan_id = intval($_GET['loupan_id']); } $post_array = gpc('loupan_'); if (!empty($_GET['province'])) { $post_array['province'] = addslashes($_GET['province']); $post_array['city'] = addslashes($_GET['city']); $post_array['dist'] = addslashes($_GET['dist']); $post_array['community'] = addslashes($_GET['community']); } require_once DISCUZ_ROOT . './source/plugin/house/include/update_class.func.php'; $post_upload_file_array = array('loupan_img'); foreach ($post_upload_file_array as $file_name) { if ($_FILES[$file_name]['size']) { @($post_array[$file_name] = upload_file($file_name, 'house', '320', '240')); } } if ($ac == 'post') { $loupan_id = DB::insert('house_loupan', $post_array, $loupan_id = true);
$post = array(); $post = gpc('area_', 1); DB::insert('info_area', $post); } if (isset($_GET['del'])) { $del['area_id'] = intval($_GET['del']); DB::delete('info_area', $del); } if (isset($_GET['edit'])) { $edit = intval($_GET['edit']); $edit_array = array(); $edit_array = fetch_all('info_area', ' WHERE area_id=' . $edit . ' ORDER BY area_pid DESC,area_sort ASC', '*', 0); } if (isset($_GET['edit_submit'])) { $edit_array = array(); $edit_array = gpc('area_'); DB::update('info_area', $edit_array, array('area_id' => $edit_array['area_id'])); } $area_array = array(); $area_array = fetch_all('info_area', ' ORDER BY area_pid ASC,area_sort ASC', '*', '1', 'area_id'); foreach ($area_array as $k => $v) { if ($v['area_pid'] == '0') { $sum = fetch_all('info_area', " WHERE area_pid='{$v['area_id']}' ", ' count(area_id) as sum ', 0); $area_array[$k] = array_merge($area_array[$k], $sum); } } if (!cloudaddons_getmd5("info.plugin")) { cpmsg(lang('admincp_msg', 'cloudaddons_genuine_message'), '', 'error', array('addonid' => "info.plugin")); } $area_array_field .= "\$area_array = " . arrayeval($area_array) . ";\n"; writetocache('info_area_array', $area_array_field);
function views_stat($file_id) { global $db, $tpf, $file, $settings, $auth; $view_stat = gpc('view_stat', 'C', ''); if (!$view_stat) { pd_setcookie('view_stat', 1, 3600 * 3); $db->query_unbuffered("update {$tpf}files set file_views=file_views+1 where file_id='{$file_id}'"); if ($auth[view_credit] && $settings[how_view_credit_views] && $settings[how_view_credit_credit]) { $add_credit = @round((int) $settings[how_view_credit_credit] / (int) $settings[how_view_credit_views], 4); add_credit_log($file_id, $add_credit, 'view', $file[userid]); $db->query_unbuffered("update {$tpf}users set credit=credit+{$add_credit} where userid='{$file[userid]}'"); } } }
redirect('back', $sysmsg); } } else { $rs = $db->fetch_one_array("select * from {$tpf}navigations where navid='{$navid}'"); if ($rs) { $nav_text = $rs['text']; $nav_title = $rs['title']; $nav_href = $rs['href']; $nav_target = $rs['target']; $nav_position = $rs['position']; } unset($rs); require_once template_echo($item, $admin_tpl_dir, '', 1); } break; case 'delete_nav': if ($settings['online_demo']) { $error = true; $sysmsg[] = __('online_demo_deny'); } if (!$error) { $navid = (int) gpc('navid', 'G', 0); $db->query_unbuffered("delete from {$tpf}navigations where navid='{$navid}' limit 1"); redirect(urr(ADMINCP, "item={$item}&menu=extend&action=index"), '', 0); } else { redirect('back', $sysmsg); } break; default: redirect(urr(ADMINCP, "item={$item}&menu=extend&action=index"), '', 0); }
$prepre = $info['pre']; $info['a_delete'] = urr(ADMINCP, "item=database&action=delete&pre={$info['pre']}"); $info['a_restore'] = urr(ADMINCP, "item=database&action=restore&task=restore&pre={$info['pre']}"); $infos[] = $info; } } require_once template_echo($item, $admin_tpl_dir, '', 1); } break; case 'delete': if ($settings['online_demo']) { $error = true; $sysmsg[] = __('online_demo_deny'); } if (!$error) { $pre = gpc('pre', 'G', ''); $sqlfiles = glob(PHPDISK_ROOT . 'system/data/*.sql'); if (is_array($sqlfiles)) { foreach ($sqlfiles as $k => $sqlfile) { if (preg_match("/({$pre})([0-9]+)\\.sql/i", basename($sqlfile))) { $sysmsg[] = __('delete') . ' ' . $sqlfile . ' ...... ' . __('success'); @unlink($sqlfile); } } } redirect(urr(ADMINCP, "item=database&action=restore"), $sysmsg); } else { redirect('back', $sysmsg); } break; default:
/** # Project: PHPDISK File Storage Solution # This is NOT a freeware, use is subject to license terms. # # Site: http://www.google.com # # $Id: tag.php 121 2014-03-04 12:38:05Z along $ # # Copyright (C) 2008-2014 PHPDisk Team. All Rights Reserved. # */ include "includes/commons.inc.php"; !$auth[is_fms] && exit(msg::umsg('Not_FMS', __('zcore_no_power'))); $in_front = true; $tag = trim(gpc('tag', 'G', '')); if ($tag) { $title = __('tag') . ': ' . $tag . ' - ' . $settings['site_title']; $tag_title = __('tag') . ': ' . $tag; } else { $title = __('tag_view') . ' - ' . $settings['site_title']; $tag_title = __('tag_view'); } include PHPDISK_ROOT . "./includes/header.inc.php"; if (!$tag) { $hot_tags = get_hot_tag(50); $last_tags = get_last_tag(50); } else { function get_file_ids($tag) { global $db, $tpf;
<?php /** # Project: PHPDISK File Storage Solution # This is NOT a freeware, use is subject to license terms. # # Site: http://www.google.com # # $Id: announce.php 121 2014-03-04 12:38:05Z along $ # # Copyright (C) 2008-2014 PHPDisk Team. All Rights Reserved. # */ include "includes/commons.inc.php"; $inner_box = true; $aid = (int) gpc('aid', 'G', 0); include PHPDISK_ROOT . 'includes/header.inc.php'; $content = $db->result_first("select content from {$tpf}announces where annid='{$aid}'"); $str = '<div class="in_announce">' . $content . '</div>'; $str .= "<br><div align=\"center\"><input type=\"button\" class=\"btn\" value=\"" . __('btn_close') . "\" onclick=\"top.\$.jBox.close(true);\"/></div>"; $str .= '</body></html>'; echo $str; include PHPDISK_ROOT . 'includes/footer.inc.php';
$tmp = $log_day * 86400; $db->query_unbuffered("delete from " . get_table_credit_log() . " where in_time<{$timestamp}-{$tmp}"); exit('true|' . __('adm_del_log_success')); break; case 'dostat': $act = gpc('act', 'P', ''); $dd = gpc('dd', 'P', ''); if ($act && $dd) { if (in_array($act, array('views', 'downs', 'money'))) { //$all = (float)@$db->result_first("select sum($act) from {$tpf}stat_user where dd='$dd'"); $all = 0; $q = $db->query("select views,downs,money,userid from {$tpf}stat_user where dd='{$dd}'"); while ($rs = $db->fetch_array($q)) { $all += get_discount($rs[userid], $rs[$act]); } $db->free($q); unset($rs); echo 'true|' . round($all, 4); } else { echo 'Error Act'; } } else { echo 'Error action!'; } break; case 'vip_count': $vip_id = (int) gpc('vip_id', 'P', 0); $num = (int) @$db->result_first("select count(*) from {$tpf}users where vip_id='{$vip_id}'"); echo 'true|' . $num; break; }
$u = trim(gpc('u', 'G', '')); $s = trim(gpc('s', 'G', '')); $t = trim(gpc('t', 'G', '')); $o_arr = array('asc', 'desc'); if ($n) { $sql_order = in_array($n, $o_arr) ? " file_name {$n}" : " file_name asc"; } elseif ($u) { $sql_order = in_array($u, $o_arr) ? " username {$u}" : " username asc"; } elseif ($s) { $sql_order = in_array($s, $o_arr) ? " file_size {$s}" : " file_size asc"; } elseif ($t) { $sql_order = in_array($t, $o_arr) ? " file_time {$t}" : " file_time asc"; } else { $sql_order = " file_id desc"; } $scope = trim(gpc('scope', 'G', '')); $word_str = $word = str_replace(' ', ' ', replace_inject_str($word)); if (strpos($word_str, '.') === true) { $arr = explode('.', $word_str); } else { $arr = explode(' ', $word_str); } $str = ''; if (count($arr) > 1) { for ($i = 0; $i < count($arr); $i++) { if (trim($arr[$i]) != '') { $str .= " (file_name like '%{$arr[$i]}%' or file_extension like '%{$arr[$i]}%') and"; } } $str = substr($str, 0, -3); $sql_keyword = " (" . $str . ")";
} if (empty($_GET['member_phone'])) { showmessage($_lang['must_member_phone']); } /* begin:发布积分消费 */ if ($op == 'post') { $new_credit = $my_credit - $gongqiu_config['postcredit']; if ($new_credit < 0) { showmessage($_lang['post'] . $gongqiu_config['credit_unit'] . $_lang['not_credit']); } else { DB::query("UPDATE " . DB::table('common_member_count') . " SET extcredits{$gongqiu_config['extcredits']}='{$new_credit}' WHERE uid='{$_G['uid']}'"); } } /* end:发布积分消费 */ $goods = gpc('goods_'); $_member = gpc('member_'); if ($op == 'post') { $_member['member_uid'] = $_G['uid']; } if ($goods['goods_settime'] != 0) { if ($goods['goods_settime'] == 7) { $goods['goods_settime'] = strtotime("+7 days"); } elseif ($goods['goods_settime'] == 30) { $goods['goods_settime'] = strtotime("+30 days"); } elseif ($goods['goods_settime'] == 90) { $goods['goods_settime'] = strtotime("+90 days"); } elseif ($goods['goods_settime'] == 180) { $goods['goods_settime'] = strtotime("+180 days"); } } else { $goods['goods_settime'] = 0;
$reqHandler->setParameter("spbill_create_ip", $_SERVER['REMOTE_ADDR']); $reqUrl = $reqHandler->getRequestURL(); header("Location: {$reqUrl}"); } else { redirect('back', $sysmsg); } } elseif ($task == 'chinabank') { form_auth(gpc('formhash', 'P', ''), formhash()); if (!$error) { $go_url = "plugins/payment/chinabank/Send.php?v_amount={$money}&vip_id={$vip_id}"; echo "<script>window.location =\"{$go_url}\";</script>"; } else { redirect('back', $sysmsg); } } elseif ($task == 'yeepay') { form_auth(gpc('formhash', 'P', ''), formhash()); if (!$error) { $go_url = "plugins/payment/yeepay/req.php?p3_Amt={$money}&vip_id={$vip_id}"; echo "<script>window.location =\"{$go_url}\";</script>"; } else { redirect('back', $sysmsg); } } break; default: $q = $db->query("select * from {$tpf}vips where is_hidden=0 order by show_order asc,vip_id asc"); $vips = array(); while ($rs = $db->fetch_array($q)) { $rs['status_text'] = $rs['is_hidden'] ? '<span class="txtred">' . __('hidden') . '</span>' : '<span class="txtblue">' . __('display') . '</span>'; $rs[img] = $rs[img] ? '<img src="{$rs[img]}" border="0" />' : ' '; $rs[pop_ads] = $rs[pop_ads] ? __('yes') : __('no');
case 'credit_log': if ($task == 'update') { form_auth(gpc('formhash', 'P', ''), formhash()); $setting = array('show_credit_log' => 0, 'close_credit_log' => 0); $settings = gpc('setting', 'P', $setting); if (!$error) { settings_cache($settings); $sysmsg[] = '积分配置管理更新成功'; redirect(urr(ADMINCP, "item={$item}&menu={$menu}&action={$action}"), $sysmsg); } else { redirect('back', $sysmsg); } } else { $log_count = @$db->result_first("select count(*) from " . get_table_credit_log() . ""); $perpage = 50; $userid = (int) gpc('userid', 'G', 0); $task_sql = in_array($task, array('download', 'ref')) ? " p.action='{$task}' and" : ''; $uid_sql = $userid ? " p.userid='{$userid}' and" : ''; $sql_do = get_table_credit_log() . " p,{$tpf}files f,{$tpf}users u where {$task_sql} {$uid_sql} p.userid=u.userid and p.file_id=f.file_id"; $rs = $db->fetch_one_array("select count(*) as total_num from {$sql_do}"); $total_num = $rs['total_num']; $start_num = ($pg - 1) * $perpage; $q = $db->query("select p.*,f.file_name,f.file_extension,u.username from {$sql_do} order by p.in_time desc limit {$start_num},{$perpage}"); $orders = array(); while ($rs = $db->fetch_array($q)) { $rs[a_view] = urr(ADMINCP, "item={$item}&menu={$menu}&action={$action}&userid={$rs[userid]}"); $rs[action] = $ca_arr[$rs[action]]; $tmp_ext = $rs[file_extension] ? '.' . $rs[file_extension] : ''; $rs[file_name] = $rs[file_name] . $tmp_ext; $rs['in_time'] = date('Y-m-d H:i:s', $rs['in_time']); $orders[] = $rs;
private function on_chmod() { $path = $this->path; $deep = gpc('fs-deep'); $chmod = gpc('fs-chmod', 'g', 'octdec'); $this->code = $this->FileFS->chmod($path, $chmod, $deep, $this->data) ? 200 : 300; $this->mess = $this->FileFS->error(); $this->show(); }
$perpage = $gongqiu_config['perpage']; $urlnow = $gongqiu_config['root'] . "?mod={$mod}&op={$op}"; $multipage = multi($pagenum, $perpage, $page, $urlnow, 0, 10); $stat_limit = ($page - 1) * $perpage; $where .= " LIMIT {$stat_limit},{$perpage}"; $goods_list = fetch_all('gongqiu_goods', $where); } elseif ($op == 'memberinfo') { $uid = $_G['uid']; $member = fetch_all('gongqiu_member', " WHERE member_uid='{$uid}'"); $member = $member[0]; if (submitcheck('submit_member')) { if (!empty($member['member_uid'])) { DB::update('gongqiu_member', gpc('member_'), " member_uid='{$member['member_uid']}'"); showmessage($_lang['edit_ok']); } else { DB::insert('gongqiu_member', gpc('member_')); showmessage($_lang['edit_ok']); } } } elseif ($op == 'mycredit') { if (empty($gongqiu_config['extcredits'])) { showmessage($_lang['no_extcredits']); } else { $credit = DB::result_first("SELECT extcredits{$gongqiu_config['extcredits']} FROM " . DB::table('common_member_count') . " WHERE uid='{$_G['uid']}'"); $credit_log = fetch_all('gongqiu_up', " as su LEFT JOIN " . DB::table('gongqiu_goods') . " as sg ON su.goods_id = sg.goods_id WHERE sg.member_uid='{$_G['uid']}'"); } } elseif ($op == 'quiteup') { $goods_id = intval($_GET['goods_id']); DB::update('gongqiu_goods', array('goods_up' => ''), " goods_id='{$goods_id}'"); showmessage($_lang['edit_ok'], $gongqiu_config['root'] . "?mod=member&op=mypost"); } elseif ($op == 'setpostup') {
/** # Project: PHPDISK File Storage Solution # This is NOT a freeware, use is subject to license terms. # # Site: http://www.phpdisk.com # # $Id: mydisk.php 25 2011-03-04 07:36:51Z along $ # # Copyright (C) 2008-2013 PHPDisk Team. All Rights Reserved. # */ include "includes/commons.inc.php"; $uid = (int) gpc('uid', 'G', 0); $folder_id = (int) gpc('folder_id', 'G', 0); $plugin_type = trim(gpc('plugin_type', 'G', '')); $hash = trim(gpc('hash', 'G', '')); $md5_sign = md5($uid . $folder_id . $plugin_type . $settings[phpdisk_url]); if ($md5_sign != $hash) { //exit('[PHPDisk] Error Params [main]!'); } $sign = md5($_SERVER['HTTP_USER_AGENT'] . $onlineip); write_file(PHPDISK_ROOT . 'system/b.txt', $sign . LF, 'ab'); $q = $db->query("select file_id from {$tpf}plugin_upload where hash='{$sign}'"); $file_ids = ''; while ($rs = $db->fetch_array($q)) { $file_ids .= $rs[file_id] . ','; } $db->free($q); unset($rs); $file_ids = $file_ids ? substr($file_ids, 0, -1) : ''; if ($file_ids) {
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>PHPDisk Remote Server</title> <style type="text/css">body{font-size:12px}</style> </head> <body> <div id="tips" style="padding:10px"><img src="images/ajax_load_bar.gif" align="absmiddle" border="0"><Br><?php echo __('sub_server_config_processing'); ?> </div> <script type="text/javascript"> <? $code = gpc('code','G',''); $up_size = gpc('up_size','G',''); $dir = PHPDISK_ROOT.'system/global/'; make_dir($dir); $upload_max = get_byte_value(ini_get('upload_max_filesize')); $post_max = get_byte_value(ini_get('post_max_size')); $max_php_file_size = min($upload_max, $post_max); $up_size = $max_php_file_size; if($up_size==$max_php_file_size){ $str = '您的网盘支持单个文件上传最大 <u style=\"font-size:14px;\">'.str_replace(' ','',get_size($max_php_file_size,'B',0)).'B</u>'; }else{ $str = '您的网盘支持单个文件上传信息:<br>网盘主站, <u>'.str_replace(' ','',get_size($max_php_file_size,'B',0)).'B</u> ; 子服, <u>'.str_replace(' ','',get_size($up_size,'B',0)).'B</u><br><span <span style=\"color:red\">两个服务配置不一致!请重新配置,否则文件上传将可能会出现异常。</span>'; } if($code && ($code==$configs['server_key'])){ settings_cache(); lang_cache();
$meta_keywords2 = trim(gpc('meta_keywords2', 'P', '')); $meta_description2 = trim(gpc('meta_description2', 'P', '')); $meta_title3 = trim(gpc('meta_title3', 'P', '')); $meta_keywords3 = trim(gpc('meta_keywords3', 'P', '')); $meta_description3 = trim(gpc('meta_description3', 'P', '')); $meta_title_s = trim(gpc('meta_title_s', 'P', '')); $meta_keywords_s = trim(gpc('meta_keywords_s', 'P', '')); $meta_description_s = trim(gpc('meta_description_s', 'P', '')); $meta_title_v = trim(gpc('meta_title_v', 'P', '')); $meta_keywords_v = trim(gpc('meta_keywords_v', 'P', '')); $meta_description_v = trim(gpc('meta_description_v', 'P', '')); $meta_title_d = trim(gpc('meta_title_d', 'P', '')); $meta_keywords_d = trim(gpc('meta_keywords_d', 'P', '')); $meta_description_d = trim(gpc('meta_description_d', 'P', '')); $setting = array('open_rewrite' => 0); $settings = gpc('setting', 'P', $setting); if (!$error) { update_seo('index', 0, $meta_title, $meta_keywords, $meta_description); if ($auth[pd_a]) { update_seo('public', 0, $meta_title2, $meta_keywords2, $meta_description2); update_seo('hotfile', 0, $meta_title3, $meta_keywords3, $meta_description3); update_seo('space', 0, $meta_title_s, $meta_keywords_s, $meta_description_s); update_seo('viewfile', 0, $meta_title_v, $meta_keywords_v, $meta_description_v); update_seo('download', 0, $meta_title_d, $meta_keywords_d, $meta_description_d); } settings_cache($settings); $sysmsg[] = __('seo_update_success'); redirect(urr(ADMINCP, "item={$item}&menu={$menu}"), $sysmsg); } else { redirect('back', $sysmsg); }
/** # Project: PHPDISK File Storage Solution # This is NOT a freeware, use is subject to license terms. # # Site: http://www.google.com # # $Id: public.php 121 2014-03-04 12:38:05Z along $ # # Copyright (C) 2008-2014 PHPDisk Team. All Rights Reserved. # */ include "includes/commons.inc.php"; !$auth[is_fms] && exit(msg::umsg('Not_FMS', __('zcore_no_power'))); $in_front = true; $cate_id = (int) gpc('cate_id', 'G', 0); if ($cate_id) { $cate_name = $db->result_first("select cate_name from {$tpf}categories where cate_id='{$cate_id}'"); } $nav_title = $cate_name ? $cate_name . '' : ''; $nav_title = $nav_title; $title = $nav_title . ' - ' . $settings['site_title']; $file_keywords = $nav_title . ','; $C[cate_hot_file] = get_cate_file($cate_id, 'file_downs'); if ($auth[pd_a]) { $seo = get_seo('public', $cate_id); if ($seo[title]) { eval("\$title = \"{$seo['title']}\";"); } eval("\$keywords = \"{$seo['keywords']}\";"); eval("\$description = \"{$seo['description']}\";");