Пример #1
0
 public function vxFriend()
 {
     if (isset($_GET['user_nick'])) {
         $user_nick = make_single_safe($_GET['user_nick']);
         if (get_magic_quotes_gpc()) {
             $user_nick = stripslashes($user_nick);
         }
         $user_id = $this->Validator->vxExistUserNick($user_nick);
         if ($user_id) {
             $_u = $this->User->vxGetUserInfo($user_id);
         } else {
             $_u = false;
         }
     } else {
         $_u = false;
     }
     if ($_u) {
         $this->vxHeader(make_plaintext($_u->usr_nick) . ' 的朋友');
     } else {
         $this->vxHeader('用户不存在');
     }
     $this->vxBodyStart();
     $this->vxH1();
     echo '<div class="content"><small>';
     if ($this->User->vxIsLogin()) {
         echo '<a href="/u/' . urlencode($this->User->usr_nick) . '">' . $this->User->usr_nick . '</a> - ';
         echo '<a href="/babel_mobile.php?m=logout">登出</a>';
     } else {
         echo '<a href="/babel_mobile.php?m=login">登录</a>';
     }
     echo '</small></div>';
     if ($_u) {
         $sql = "SELECT COUNT(frd_id) FROM babel_friend WHERE frd_uid = {$_u->usr_id}";
         $rs = mysql_query($sql);
         $_total = mysql_result($rs, 0, 0);
         mysql_free_result($rs);
         $_per = 10;
         if ($_total % $_per == 0) {
             $_pages = $_total / $_per;
         } else {
             $_pages = floor($_total / $_per) + 1;
         }
         if (isset($_GET['p'])) {
             $_p = intval($_GET['p']);
             if ($_p < 1) {
                 $_p = 1;
             }
             if ($_p > $_pages) {
                 $_p = $_pages;
             }
         } else {
             $_p = 1;
         }
         if ($_p == 1) {
             $_p_first = true;
         } else {
             $_p_first = false;
         }
         if ($_p == $_pages) {
             $_p_last = true;
         } else {
             $_p_last = false;
         }
         $_SESSION['babel_page_user_friend_mobile'] = $_p;
         $_p_start = ($_p - 1) * $_per;
         echo '<div class="content"><small><a href="/">V2EX</a> &gt; <a href="/u/' . urlencode($_u->usr_nick) . '">' . $_u->usr_nick . '</a> &gt; ' . $_total . ' 个朋友</small></div>';
         echo '<div class="content"><small><a href="/u/' . $_u->usr_nick . '" target="_blank">' . $_u->usr_nick . '</a> 共有 ' . $_total . ' 个朋友</small></div>';
         if ($o = $this->cl->get('babel_user_friend_mobile_' . $_u->usr_id . '_' . $_p)) {
             echo $o;
         } else {
             $_o = '';
             $sql = "SELECT usr_id, usr_gender, usr_nick, usr_portrait, usr_hits, frd_created FROM babel_user, babel_friend WHERE usr_id = frd_fid AND frd_uid = {$_u->usr_id} ORDER BY frd_created ASC LIMIT {$_p_start}, {$_per}";
             $rs = mysql_query($sql, $this->db);
             while ($Friend = mysql_fetch_array($rs)) {
                 if ($Friend['usr_portrait'] == '') {
                     $Friend['usr_portrait_img'] = '/img/p_' . $Friend['usr_gender'] . '_n.gif';
                 } else {
                     $Friend['usr_portrait_img'] = '/img/p/' . $Friend['usr_portrait'] . '_n.' . BABEL_PORTRAIT_EXT;
                 }
                 $_o .= '<div class="content"><small>';
                 $sql = "SELECT tpc_id, tpc_title, tpc_lasttouched FROM babel_topic WHERE tpc_uid = {$Friend['usr_id']} ORDER BY tpc_created DESC LIMIT 1";
                 $rs_topic = mysql_query($sql, $this->db);
                 if ($Topic = mysql_fetch_object($rs_topic)) {
                     $_o .= '<img src="' . $Friend['usr_portrait_img'] . '" align="absmiddle" class="p" /> <a href="/u/' . $Friend['usr_nick'] . '">' . $Friend['usr_nick'] . '</a> - <a href="/t/' . $Topic->tpc_id . '">' . make_plaintext($Topic->tpc_title) . '</a> - ' . make_desc_time($Topic->tpc_lasttouched) . ' ago</small>';
                 } else {
                     $_o .= '<img src="' . $Friend['usr_portrait_img'] . '" align="absmiddle" class="p" /> <a href="/u/' . $Friend['usr_nick'] . '">' . $Friend['usr_nick'] . '</a></small>';
                 }
                 unset($Topic);
                 mysql_free_result($rs_topic);
                 $_o .= '</div>';
             }
             mysql_free_result($rs);
             echo $_o;
             $this->cl->save($_o, 'babel_user_friend_mobile_' . $_u->usr_id . '_' . $_p);
         }
         if ($_pages > 1) {
             echo '<div class="content"><small>';
             if (!$_p_last) {
                 echo '&nbsp;&nbsp;<a href="/f/' . urlencode($_u->usr_nick) . '/' . ($_p + 1) . '">下一页</a>';
             }
             if (!$_p_first) {
                 echo '&nbsp;&nbsp;<a href="/f/' . urlencode($_u->usr_nick) . '/' . ($_p - 1) . '">上一页</a>';
             }
             echo '&nbsp;-&nbsp;' . $_p . '/' . $_pages;
             echo '</small></div>';
         }
     } else {
         echo '<div class="content">用户不存在</div>';
     }
     $this->vxBottom();
     $this->vxBodyEnd();
     $this->vxHTMLEnd();
 }
Пример #2
0
         $p->vxContainer('ing_public');
     } else {
         $p->vxContainer('ing_friends', $User);
     }
     break;
 case 'ojs_ing_personal':
     $global_has_bottom = false;
     $p->vxHeadMini('JavaScript 输出我的 ING 中的最新活动');
     $p->vxBodyStart();
     $p->vxOutputJavaScriptIngPersonal();
     break;
 case 'dry':
     $options = array();
     $options['mode'] = false;
     if (isset($_GET['user_nick'])) {
         $user_nick = mysql_real_escape_string(make_single_safe($_GET['user_nick']), $p->db);
         if (strlen($user_nick) > 0) {
             $sql = "SELECT usr_id, usr_nick, usr_brief, usr_gender, usr_portrait, usr_hits, usr_created FROM babel_user WHERE usr_nick = '{$user_nick}'";
             $rs = mysql_query($sql, $p->db);
             if ($O = mysql_fetch_object($rs)) {
                 $options['mode'] = 'fixed';
                 $O->usr_nick_plain = make_plaintext($O->usr_nick);
                 $O->usr_nick_url = urlencode($O->usr_nick);
                 $options['target'] = $O;
                 $O = null;
             } else {
                 if ($p->User->vxIsLogin()) {
                     $options['mode'] = 'self';
                 }
             }
             mysql_free_result($rs);
Пример #3
0
<?php

define('V2EX_BABEL', 1);
require 'core/Settings.php';
require 'core/Utilities.php';
if (isset($_SERVER['HTTP_REFERER'])) {
    $_prev = $_SERVER['HTTP_REFERER'];
} else {
    $_prev = 'http://' . BABEL_DNS_NAME . '/';
}
header('Content-type: text/html;charset=UTF-8');
$to = false;
if (isset($_GET['go'])) {
    $go = make_single_safe($_GET['go']);
    if ($go != '') {
        if ($go == '/' | $go == '..') {
            $to = '/';
            header('Location: ' . $to);
            die;
        }
        if ($go == './' | $go == '.') {
            $to = $_prev;
            header('Location: ' . $to);
            die;
        }
        if ($go == 'profile' | $go == 'settings') {
            $to = '/user/modify.vx';
            header('Location: ' . $to);
            die;
        }
        if ($go == 'zen' | $go == 'z') {
Пример #4
0
function vx_check_login()
{
    $rt = array();
    $rt['mode'] = 'ok';
    $rt['return'] = '';
    $rt['errors'] = 0;
    $rt['usr_value'] = '';
    $rt['usr_email_value'] = '';
    /* usr_error:
    	0 => no error
    	1 => empty
    	999 => unspecific */
    $rt['usr_error'] = 0;
    switch (BABEL_LANG) {
        case 'zh_cn':
            $rt['usr_error_msg'] = array(1 => '你忘记填写用户名了');
            break;
        default:
        case 'en_us':
            $rt['usr_error_msg'] = array(1 => 'Please type your user ID');
            break;
        case 'pl_pl':
            $rt['usr_error_msg'] = array(1 => 'Proszę wpisać nazwę (ID) użytkownika');
            break;
        case 'ko_kr':
            $rt['usr_error_msg'] = array(1 => '이름을 적어주세요');
            break;
        case 'ja_jp':
            $rt['usr_error_msg'] = array(1 => 'ID を入カしてください');
            break;
    }
    $rt['usr_password_value'] = '';
    /* usr_password_error:
    	0 => no error
    	1 => empty
    	2 => mismatch
    	999 => unspecific */
    $rt['usr_password_error'] = 0;
    switch (BABEL_LANG) {
        case 'zh_cn':
            $rt['usr_password_error_msg'] = array(1 => '你忘记填写密码了', 2 => '名字或者密码有错误');
            break;
        default:
        case 'en_us':
            $rt['usr_password_error_msg'] = array(1 => 'Please type your password', 2 => 'User ID or password is wrong');
            break;
        case 'pl_pl':
            $rt['usr_password_error_msg'] = array(1 => 'Proszę wpisać hasło', 2 => 'Podana nazwa użytkownika lub hasło jest nieprawidłowe.');
            break;
        case 'ko_kr':
            $rt['usr_password_error_msg'] = array(1 => '페스워드가 정확하지않습니다', 2 => '이름 또는 페스워드가 정확하지않습니다');
            break;
        case 'ja_jp':
            $rt['usr_password_error_msg'] = array(1 => 'パスワードを入カしてください', 2 => '入力されたIDか、パスワードが間違っています');
            break;
    }
    if (isset($_POST['return'])) {
        if (function_exists('get_magic_quotes_gpc')) {
            if (get_magic_quotes_gpc()) {
                $rt['return'] = trim(stripslashes($_POST['return']));
            } else {
                $rt['return'] = trim($_POST['return']);
            }
        } else {
            $rt['return'] = trim($_POST['return']);
        }
    }
    if (isset($_POST['usr'])) {
        if (function_exists('get_magic_quotes_gpc')) {
            if (get_magic_quotes_gpc()) {
                $rt['usr_value'] = strtolower(make_single_safe(stripslashes($_POST['usr'])));
            } else {
                $rt['usr_value'] = strtolower(make_single_safe($_POST['usr']));
            }
        } else {
            $rt['usr_value'] = strtolower(make_single_safe($_POST['usr']));
        }
        if (mb_strlen($rt['usr_value'], 'UTF-8') == 0) {
            $rt['usr_error'] = 1;
            $rt['errors']++;
        }
    } else {
        $rt['usr_error'] = 1;
        $rt['errors']++;
    }
    if ($rt['errors'] > 0) {
        return $rt;
    }
    if (isset($_POST['usr_password'])) {
        if (function_exists('get_magic_quotes_gpc')) {
            if (get_magic_quotes_gpc()) {
                $rt['usr_password_value'] = make_single_safe(stripslashes($_POST['usr_password']));
            } else {
                $rt['usr_password_value'] = make_single_safe($_POST['usr_password']);
            }
        } else {
            $rt['usr_password_value'] = make_single_safe($_POST['usr_password']);
        }
        if (strlen($rt['usr_password_value']) == 0) {
            $rt['usr_password_error'] = 1;
            $rt['errors']++;
        }
    } else {
        $rt['usr_password_error'] = 1;
        $rt['errors']++;
    }
    if ($rt['errors'] > 0) {
        return $rt;
    }
    $sql = "SELECT usr_id FROM babel_user WHERE usr_email = '" . mysql_real_escape_string($rt['usr_value']) . "' AND usr_password = '******'usr_password_value'])) . "'";
    $rs = mysql_query($sql);
    if (mysql_num_rows($rs) == 1) {
        mysql_free_result($rs);
        $rt['usr_email_value'] = $rt['usr_value'];
    } else {
        mysql_free_result($rs);
        $sql = "SELECT usr_id, usr_email FROM babel_user WHERE usr_nick = '" . mysql_real_escape_string($rt['usr_value']) . "' AND usr_password = '******'usr_password_value']) . "'";
        $rs = mysql_query($sql);
        if ($user_array = mysql_fetch_array($rs)) {
            $rt['usr_email_value'] = $user_array['usr_email'];
        } else {
            $rt['usr_password_error'] = 2;
            $rt['errors']++;
        }
        mysql_free_result($rs);
    }
    return $rt;
}
<?php

define('V2EX_BABEL', 1);
require_once 'core/Settings.php';
require_once 'core/Utilities.php';
ini_set('include_path', BABEL_PREFIX . '/libs/zf/' . ZEND_FRAMEWORK_VERSION . PATH_SEPARATOR . ini_get('include_path'));
require_once 'Zend/Cache.php';
header('Cache-Control: max-age=86400');
header('Expires: ' . date('r', time() + 86400));
if (isset($_GET['fn'])) {
    $fn = make_single_safe($_GET['fn']);
    if (ZEND_CACHE_MEMCACHED_ENABLED == 'yes') {
        $cache = Zend_Cache::factory('Core', 'Memcached', $ZEND_CACHE_OPTIONS_LONG_FRONTEND, $ZEND_CACHE_OPTIONS_MEMCACHED);
    } else {
        $cache = Zend_Cache::factory('Core', ZEND_CACHE_TYPE_LONG, $ZEND_CACHE_OPTIONS_LONG_FRONTEND, $ZEND_CACHE_OPTIONS_LONG_BACKEND[ZEND_CACHE_TYPE_LONG]);
    }
    if ($o = $cache->load('weblog_portrait_' . $fn)) {
        header("Content-type: image/jpeg");
        header("X-Babel: Cache Hit!");
        echo $o;
    } else {
        if (@($db = mysql_connect(BABEL_DB_HOSTNAME . ':' . BABEL_DB_PORT, BABEL_DB_USERNAME, BABEL_DB_PASSWORD))) {
            mysql_select_db(BABEL_DB_SCHEMATA);
            mysql_query("SET NAMES utf8");
            mysql_query("SET CHARACTER SET utf8");
            mysql_query("SET COLLATION_CONNECTION='utf8_general_ci'");
            $fn = mysql_real_escape_string($fn);
            $sql = "SELECT bgp_content FROM babel_weblog_portrait WHERE bgp_filename = '{$fn}'";
            $rs = mysql_query($sql);
            if ($o = mysql_fetch_array($rs)) {
                header("Content-type: image/jpeg");
Пример #6
0
 public function vxUserSettle()
 {
     if ($this->User->vxIsLogin()) {
         if (isset($_GET['geo'])) {
             $geo = strtolower(make_single_safe($_GET['geo']));
             $this->Geo = new Geo($geo);
             if ($this->Geo->geo->geo) {
                 $sql = "UPDATE babel_user SET usr_geo = '{$geo}' WHERE usr_id = {$this->User->usr_id}";
                 mysql_query($sql, $this->db);
                 $this->URL->vxToRedirect($this->URL->vxGetUserMove());
             } else {
                 $this->URL->vxToRedirect($this->URL->vxGetUserMove());
             }
         } else {
             $this->URL->vxToRedirect($this->URL->vxGetUserMove());
         }
     } else {
         $this->URL->vxToRedirect($this->URL->vxGetLogin($this->URL->vxGetUserMove()));
     }
 }
Пример #7
0
 public function vxAddAdd()
 {
     _v_m_s();
     _v_b_l_s();
     _v_ico_map();
     echo ' <a href="/">' . Vocabulary::site_name . '</a> &gt; ' . $this->User->usr_nick_plain . ' &gt; ADD &gt; 添加新收藏 <span class="tip_i"><small>alpha</small></span>';
     _v_d_e();
     _v_b_l_s();
     echo '<div style="float: right; padding: 3px 10px 3px 10px; font-size: 12px; background-color: #F0F0F0; -moz-border-radius: 5px; color: #999;">';
     echo '<a href="/add">热门收藏</a> | <a href="/buttons/add">安装浏览器按钮</a>';
     echo ' | <a href="/add/own">我的收藏</a> | 添加新收藏';
     if (BABEL_FEATURE_ADD_SYNC) {
         echo ' | <a href="/sync/add">同步</a>';
     }
     echo '&nbsp;&nbsp;<a href="/feed/add">' . _vo_ico_silk('feed') . '</a>';
     echo '</div>';
     echo '<span class="text_large">';
     _v_ico_silk('add');
     echo ' ADD/New</span>';
     echo ' <span class="tip_i">';
     echo ' 添加新的收藏 ...';
     echo '</span>';
     _v_hr();
     $query = substr($_SERVER['QUERY_STRING'], 10, mb_strlen($_SERVER['QUERY_STRING']) - 10);
     $parameters = Bookmark::vxParse($query);
     echo '添加一个新的网址,粗体带有 * 号的部分是必填的。';
     echo '<div style="padding: 20px 0px 10px 40px; font-family: Courier;">';
     echo '<form style="padding: 0px; margin: 0px; display: inline;" id="add_add" action="/babel" method="get">';
     echo '<input type="hidden" value="add_save" name="m" />';
     echo '<table width="550" cellpadding="0" cellspacing="0" border="0">';
     if (array_key_exists('url', $parameters)) {
         $value_url = make_single_safe($parameters['url']);
     } else {
         $value_url = '';
     }
     echo '<tr>';
     echo '<td align="right" width="80" height="30"><strong>URL*</strong>&nbsp;</td>';
     echo '<td align="left" height="30"><input type="text" class="slll" name="url" value="' . $value_url . '" /></td>';
     echo '</tr>';
     if (array_key_exists('title', $parameters)) {
         $value_title = make_single_safe($parameters['title']);
     } else {
         $value_title = '';
     }
     echo '<tr>';
     echo '<td align="right" width="80" height="30"><strong>标题*</strong>&nbsp;</td>';
     echo '<td align="left" height="30"><input type="text" class="slll" name="title" value="' . $value_title . '" /></td>';
     echo '</tr>';
     if (array_key_exists('notes', $parameters)) {
         $value_notes = make_single_safe($parameters['notes']);
     } else {
         $value_notes = '';
     }
     echo '<tr>';
     echo '<td align="right" width="80" height="30">备注&nbsp;</td>';
     echo '<td align="left" height="30"><input type="text" class="slll" name="notes" value="' . $value_notes . '" /></td>';
     echo '</tr>';
     echo '<tr>';
     echo '<td align="right" width="80" height="30"></td>';
     echo '<td align="left" height="30">';
     _v_btn_f('保存', 'add_add');
     echo '</td>';
     echo '</tr>';
     echo '</table>';
     echo '</form>';
     echo '</div>';
     _v_hr();
     echo '<span class="tip_i">';
     _v_ico_silk('information');
     echo ' 每个加入收藏的书签将消耗 10 个铜币。';
     echo '</span>';
     _v_d_e();
     Widget::vxAddAbout();
     _v_d_e();
 }
Пример #8
0
.gif" alt="<?php 
        echo $lang->login();
        ?>
" /></td>
			</tr>
<?php 
        if (isset($rt['return'])) {
            if (trim($rt['return']) != '') {
                echo '<input type="hidden" value="' . make_single_return($rt['return'], 0) . '" name="return" />';
            }
        } else {
            if (isset($_GET['r'])) {
                if (get_magic_quotes_gpc()) {
                    $return = make_single_safe(stripslashes($_GET['r']));
                } else {
                    $return = make_single_safe($_GET['r']);
                }
                if ($return != '') {
                    echo '<input type="hidden" value="' . make_single_return($return) . '" name="return" />';
                }
            }
        }
        ?>
			</form>
		</table>
	</div>
	
	<div id="bottom" align="center">
	&copy; 2006-2007 <a href="http://<?php 
        echo BABEL_DNS_NAME;
        ?>
Пример #9
0
 public function vxTopicCreate()
 {
     if (isset($_POST['xml'])) {
         $xml = trim($_POST['xml']);
         $x = simplexml_load_string($xml);
         $usr_email = make_single_safe($x->user->email);
         $usr_password = make_single_safe($x->user->pass);
         $tpc_title = make_single_safe($x->topic->title);
         $tpc_description = make_multi_safe($x->topic->description);
         $tpc_content = make_multi_safe($x->topic->content);
         $nod_name = make_single_safe($x->topic->target);
         if (strlen($usr_email) == 0 | strlen($usr_password) == 0 | strlen($tpc_title) == 0 | strlen($tpc_content) == 0 | strlen($nod_name) == 0) {
             return $this->vxMessage(999);
         }
         $sql = "SELECT usr_id FROM babel_user WHERE usr_email = '{$usr_email}' AND usr_password = '******' AND usr_api = 1";
         $rs = mysql_query($sql);
         if (mysql_num_rows($rs) == 1) {
             mysql_free_result($rs);
             $this->User = new User($usr_email, $usr_password, $this->db);
             $this->Validator = new Validator($this->db, $this->User);
             $sql = "SELECT nod_id FROM babel_node WHERE nod_name = '{$nod_name}' AND nod_level > 1";
             $rs = mysql_query($sql);
             if (mysql_num_rows($rs) == 1) {
                 $O = mysql_fetch_object($rs);
                 $Node = new Node($O->nod_id, $this->db);
                 $O = null;
                 mysql_free_result($rs);
                 $rt = $this->Validator->vxAPITopicCreateCheck($tpc_title, $tpc_content, $tpc_description);
                 if ($rt['errors'] > 0) {
                     return $this->vxMessage(998);
                 } else {
                     if ($this->User->usr_money > BABEL_API_TOPIC_PRICE) {
                         $this->Validator->vxTopicCreateInsert($Node->nod_id, $this->User->usr_id, $rt['tpc_title_value'], $rt['tpc_description_value'], $rt['tpc_content_value'], -BABEL_API_TOPIC_PRICE);
                         $Node->vxUpdateTopics();
                         $sql = "SELECT tpc_id FROM babel_topic WHERE tpc_pid = {$Node->nod_id} AND tpc_uid = {$this->User->usr_id} ORDER BY tpc_created DESC LIMIT 1";
                         $rs = mysql_query($sql);
                         $O = mysql_fetch_object($rs);
                         return $this->vxMessage(1, $O);
                     } else {
                         return $this->vxMessage(600);
                     }
                 }
             } else {
                 return $this->vxMessage(996);
             }
         } else {
             mysql_free_result($rs);
             return $this->vxMessage(997);
         }
         return $this->vxMessage(100);
     } else {
         return $this->vxMessage(999);
     }
 }
Пример #10
0
 public function vxPostUpdateCheck($Post, $User)
 {
     $rt = array();
     $rt['post_id'] = $Post->pst_id;
     $rt['errors'] = 0;
     $rt['permit'] = false;
     $rt['flag_last'] = false;
     $rt['rank'] = 0;
     if ($Post->pst_uid == $User->usr_id) {
         $rt['permit'] = true;
     } else {
         if ($User->usr_id != 1) {
             $rt['errors']++;
         } else {
             $rt['permit'] = true;
         }
     }
     $rt['pst_title_value'] = '';
     /* pst_title_error:
     		0 => no error
     		1 => empty
     		2 => overflow
     		999 => unspecific */
     $rt['pst_title_error'] = 0;
     $rt['pst_title_error_msg'] = array(1 => '你忘记写标题了', 2 => '你写的标题太长了');
     $rt['pst_content_value'] = '';
     /* pst_content_error:
     		0 => no error
     		1 => empty
     		2 => overflow
     		999 => unspecific */
     $rt['pst_content_error'] = 0;
     $rt['pst_content_error_msg'] = array(1 => '你忘记写内容了', 2 => '你写的内容太长了');
     if (isset($_POST['pst_title'])) {
         $rt['pst_title_value'] = make_single_safe($_POST['pst_title']);
         if (strlen($rt['pst_title_value']) > 0) {
             if (mb_strlen($rt['pst_title_value'], 'UTF-8') > 80) {
                 $rt['pst_title_error'] = 2;
                 $rt['errors']++;
             }
         } else {
             $rt['pst_title_error'] = 1;
             $rt['errors']++;
         }
     } else {
         $rt['pst_title_error'] = 1;
         $rt['errors']++;
     }
     if (isset($_POST['pst_content'])) {
         $rt['pst_content_value'] = make_multi_safe($_POST['pst_content']);
         if (strlen($rt['pst_content_value']) > 0) {
             if (mb_strlen($rt['pst_content_value'], 'utf-8') > 10240) {
                 $rt['pst_content_error'] = 2;
                 $rt['errors']++;
             }
         } else {
             $rt['pst_content_error'] = 1;
             $rt['errors']++;
         }
     } else {
         $rt['pst_content_error'] = 1;
         $rt['errors']++;
     }
     if ($rt['errors'] == 0) {
         $sql = "SELECT pst_id FROM babel_post WHERE pst_tid = {$Post->pst_tid} ORDER BY pst_id ASC";
         $rs = mysql_query($sql);
         $i = 0;
         $count = mysql_num_rows($rs);
         while ($_p = mysql_fetch_array($rs)) {
             $i++;
             if ($_p['pst_id'] == $Post->pst_id && $i == $count) {
                 $rt['permit'] = true;
                 $rt['flag_last'] = true;
             }
             if ($_p['pst_id'] == $Post->pst_id) {
                 $rt['rank'] = $i;
             }
             unset($_p);
         }
         mysql_free_result($rs);
         if (!$rt['flag_last']) {
             if ($this->User->usr_id != 1) {
                 $rt['permit'] = false;
                 $rt['errors']++;
             }
         }
     }
     return $rt;
 }
Пример #11
0
require_once 'Cache/Lite.php';
require_once 'Crypt/Blowfish.php';
if (isset($_SERVER['HTTP_REFERER'])) {
    $_prev = $_SERVER['HTTP_REFERER'];
} else {
    $_prev = 'http://' . BABEL_DNS_NAME . '/';
}
header('Content-type: text/html;charset=UTF-8');
$to = false;
if (isset($_GET['usr']) && isset($_GET['password'])) {
    if (get_magic_quotes_gpc()) {
        $_usr = make_single_safe(stripslashes($_GET['usr']));
        $_password = make_single_safe(stripslashes($_GET['password']));
    } else {
        $_usr = make_single_safe($_GET['usr']);
        $_password = make_single_safe($_GET['password']);
    }
    if ($_usr != '' && $_password != '') {
        $db = mysql_connect(BABEL_DB_HOSTNAME . ':' . BABEL_DB_PORT, BABEL_DB_USERNAME, BABEL_DB_PASSWORD);
        mysql_select_db(BABEL_DB_SCHEMATA);
        mysql_query("SET NAMES utf8");
        mysql_query("SET CHARACTER SET utf8");
        mysql_query("SET COLLATION_CONNECTION='utf8_general_ci'");
        $__usr = mysql_real_escape_string($_usr, $db);
        $__password = sha1($_password);
        if (preg_match('/@/', $usr)) {
            $sql = "SELECT usr_id, usr_nick, usr_email, usr_password FROM babel_user WHERE usr_email = '{$__usr}' AND usr_password = '******'";
        } else {
            $sql = "SELECT usr_id, usr_nick, usr_email, usr_password FROM babel_user WHERE usr_nick = '{$__usr}' AND usr_password = '******'";
        }
        $rs = mysql_query($sql);