function save_profile()
{
need_login('ajax');
$current_id = $this->user->get_field('id');
$arr['user_nicename'] = safe_convert($this->getPost('user_nicename'));
$new_pass = $this->getPost('new_pass');
$old_pass = $this->getPost('old_pass');
$new_pass_again = $this->getPost('new_pass_again');
$extra_arr = $this->getPost('extra');
if ($extra_arr['email'] && !check_email($extra_arr['email'])) {
form_ajax_failed('text', lang('error_email'));
}
if ($new_pass) {
if (!$this->user->check_pass($current_id, md5($old_pass))) {
form_ajax_failed('text', lang('old_pass_error'));
}
if ($new_pass != $new_pass_again) {
form_ajax_failed('text', lang('pass_twice_error'));
}
$arr['user_pass'] = md5($new_pass);
}
if ($this->user->update($current_id, $arr)) {
$this->user->save_extra($current_id, $extra_arr);
form_ajax_success('box', lang('modify_success') . ($new_pass ? lang('pass_edit_ok') : ''), null, 0.5, $_SERVER['HTTP_REFERER']);
} else {
form_ajax_failed('text', lang('modify_failed'));
}
}
function save()
{
need_login('ajax');
$from = $this->getPost('from');
$data['name'] = safe_convert($this->getPost('cate_name'));
$data['par_id'] = $this->getPost('par_id');
$data['sort'] = intval($this->getPost('sort'));
if ($data['name'] == '') {
form_ajax_failed('text', lang('category_name_empty'));
}
if (($id = $this->mdl_cate->save($data)) == true) {
if ($this->getPost('add_nav')) {
$nav_data['type'] = 1;
$nav_data['name'] = $data['name'];
$nav_data['url'] = site_link('albums', 'index', array('cate' => $id));
$nav_data['sort'] = 100;
$nav_data['enable'] = 1;
$mdl_nav =& loader::model('nav');
$mdl_nav->save($nav_data);
//清除菜单缓存
$mdl_nav->clear_nav_cache();
}
if ($from) {
form_ajax_success('box', lang('create_category_succ') . '<script>setTimeout(function(){ Mui.box.show("' . $from . '",true); },1000)</script>');
} else {
form_ajax_success('box', lang('create_category_succ'), null, 0.5, $_SERVER['HTTP_REFERER']);
}
} else {
form_ajax_failed('text', lang('create_category_fail'));
}
}
function save_reply()
{
if (!$this->setting->get_conf('system.enable_comment')) {
form_ajax_failed('text', lang('album_comment_closed'));
}
$comment['email'] = safe_convert($this->getPost('email'));
$comment['author'] = safe_convert($this->getPost('author'));
$comment['content'] = safe_convert($this->getPost('content'));
$comment['ref_id'] = intval($this->getPost('ref_id'));
$comment['type'] = intval($this->getPost('type'));
$comment['reply_author'] = safe_convert($this->getPost('reply_author'));
$comment['pid'] = intval($this->getPost('pid'));
$this->plugin->trigger('before_post_comment');
if ($this->setting->get_conf('system.enable_comment_captcha') && !$this->user->loggedin()) {
$captcha =& loader::lib('captcha');
if (!$captcha->check($this->getPost('captcha'))) {
form_ajax_failed('text', lang('invalid_captcha_code'));
}
}
if ($comment['email'] && !check_email($comment['email'])) {
form_ajax_failed('text', lang('error_email'));
}
if (!$comment['author']) {
form_ajax_failed('text', lang('error_comment_author'));
}
if (!$comment['content']) {
form_ajax_failed('text', lang('empty_content'));
}
if (!$comment['ref_id'] || !$comment['type'] || !$comment['pid'] || !$comment['reply_author']) {
form_ajax_failed('text', lang('miss_argument'));
}
$comment['post_time'] = time();
$comment['author_ip'] = get_real_ip();
if ($this->setting->get_conf('system.comment_audit') == 1 && !$this->user->loggedin()) {
$comment['status'] = 0;
} else {
$comment['status'] = 1;
}
if ($reply_id = $this->mdl_comment->save($comment)) {
$comment['id'] = $reply_id;
$this->output->set('info', $comment);
$this->plugin->trigger('reply_comment', $reply_id);
form_ajax_success('text', loader::view('comments/view', false));
} else {
form_ajax_failed('text', lang('reply_failed'));
}
}
function save_priv()
{
need_login('ajax');
$album['priv_type'] = $this->getPost('priv_type', '0');
$album['priv_pass'] = $this->getPost('priv_pass');
$album['priv_question'] = safe_convert($this->getPost('priv_question'));
$album['priv_answer'] = safe_convert($this->getPost('priv_answer'));
$id = intval($this->getGet('id'));
if ($album['priv_type'] == '1') {
if ($album['priv_pass'] == '') {
form_ajax_failed('text', lang('album_password_empty'));
}
}
if ($album['priv_type'] == '2') {
if ($album['priv_question'] == '') {
form_ajax_failed('text', lang('album_question_empty'));
}
if ($album['priv_answer'] == '') {
form_ajax_failed('text', lang('album_answer_empty'));
}
}
if ($this->mdl_album->update($id, $album)) {
$this->plugin->trigger('modified_album_priv', $id);
form_ajax_success('box', lang('modify_album_priv_success'), null, 0.5, $_SERVER['HTTP_REFERER']);
} else {
form_ajax_failed('text', lang('modify_album_priv_failed'));
}
}
$content = safe_convert($content, 0, 1);
} else {
$content = preg_replace("/\\[code\\](.+?)\\[\\/code\\]/ise", "phpcode('\\1')", $content);
$content = safe_convert($content, 1, 1);
}
if ($comefrom && $originsrc) {
$comefrom = safe_convert($comefrom);
$originsrc = safe_convert($originsrc);
} else {
$comefrom = $originsrc = '';
}
if ($tags) {
$tags_array = @explode(' ', mystrtolower(trim($tags)));
$tags_array_all = array_unique($tags_array);
$tags = @implode(' ', $tags_array_all);
$tags = safe_convert($tags);
$tags = str_replace(' ', '', $tags);
$tags_array = @explode(' ', $tags);
$tags = '>' . str_replace(' ', '>', $tags) . '>';
} else {
$tags = '';
}
$currentuserid = $userdetail['userid'];
if ($changemytime == 1) {
acceptrequest('newyear,newmonth,newday,newhour,newmin,newsec');
$finaltime = gmmktime($newhour, $newmin, $newsec, $newmonth, $newday, $newyear) - $config['timezone'] * 3600;
} else {
$finaltime = time();
}
$records = array();
$records[0] = array('blogid' => $blogid, 'title' => $title, 'pubtime' => $finaltime, 'authorid' => $currentuserid, 'replies' => 0, 'tbs' => 0, 'views' => 0, 'property' => $property, 'category' => $category, 'tags' => $tags, 'sticky' => $sticky, 'htmlstat' => $htmlstat, 'ubbstat' => $ubbstat, 'emotstat' => $emotstat, 'content' => $content, 'editorid' => 0, 'edittime' => 0, 'weather' => $sweather, 'mobile' => 0, 'pinged' => $pinged, 'permitgp' => '', 'starred' => $starred, 'blogpsw' => $blogpsw, 'frontpage' => $frontpage, 'entrysummary' => $entrysummary, 'comefrom' => $comefrom, 'originsrc' => $originsrc, 'blogalias' => $blogalias);
}
if ($job == 'ajaxverify') {
acceptrequest('savecookie,securitycode');
$savecookie = floor($savecookie);
if ($config['loginvalidation'] == 1) {
if ($db_defaultsessdir != 1) {
session_save_path("./{$db_tmpdir}");
}
session_cache_limiter("private, must-revalidate");
session_start();
if ($securitycode == '' || strtolower($securitycode) != strtolower($_SESSION['code'])) {
catcherror($lnc[165]);
}
}
$password = md5($_POST['password']);
$username = safe_convert(mystrtolower($_POST['username']));
$try = $blog->getbyquery("SELECT * FROM `{$db_prefix}user` WHERE LOWER(username)='{$username}' AND `userpsw`='{$password}'");
if (!is_array($try)) {
catcherror($lnc[166]);
} else {
$userid = $try['userid'];
catchsuccess("{$userid}-{$password}-{$savecookie}");
}
}
if ($job == 'ajaxloginsuccess') {
if ($permission['CP'] == 1) {
$destine = array("{$lnc[163]}|index.php", "{$lnc[107]}|admin.php");
} else {
$destine = "{$lnc[163]}|index.php";
}
catchsuccess("{$lnc[167]} " . $userdetail['username'], $destine);
$mtitle = $strAttachment;
//保存参数
$action = $_GET['action'];
$mark_id = intval($_GET['mark_id']);
$seekname = encode($_REQUEST['seekname']);
$seekcate = isset($_REQUEST['seekcate']) ? encode($_REQUEST['seekcate']) : "";
$seektype = isset($_REQUEST['seektype']) ? $_REQUEST['seektype'] : "";
$editorcode = isset($_GET['editorcode']) ? $_GET['editorcode'] : "";
$basedir = isset($_GET['basedir']) ? $_GET['basedir'] : "../attachments/";
if (!preg_match("/^(..\\/attachments\\/)/i", $basedir)) {
$basedir = "../attachments/";
}
if (strrpos($basedir, "/") != strlen($basedir) - 1) {
$basedir .= "/";
}
$basedir = safe_convert($basedir);
//操作目录或数据库
if (empty($_GET['job'])) {
$job = "folder";
} else {
$job = $_GET['job'];
}
//保存数据
if ($action == "save") {
$check_info = 1;
$Error_Message = "";
$OK_Message = "";
//检测输入内容
if (empty($_FILES['myfile']) && empty($_POST['remotepath'])) {
$ActionMessage = $strErrNull;
$check_info = 0;
$func_code = stripslashes($func_code);
$func_code = str_replace("\"", "\\\"", $func_code);
$func_code = str_replace("\r", '', $func_code);
$func_code = str_replace("\n", '\\n', $func_code);
$value .= "'type'=>'extraheader', 'code'=>\"{$func_code}\"";
break;
}
}
$value = trim($value);
if (substr($value, -1, 1) == ',') {
$value = substr($value, 0, strlen($value) - 1);
}
//Remove last ','
$workout = "\$blogitem['" . safe_convert($newitemname) . "']=array({$value});\n";
if ($job == 'modulenew') {
$newitemname = safe_convert($newitemname);
$newitemname = str_replace('_', '', $newitemname);
$newitemnameforcheck = urlencode($newitemname);
if (strstr($newitemnameforcheck, '%')) {
catcherror($lna[931]);
}
$maxmodid = $blog->countbyquery("SELECT MAX(`modorder`) FROM `{$db_prefix}mods`");
$maxmodid += 1;
$blog->query("INSERT INTO `{$db_prefix}mods` VALUES ('{$newitemposition}', '{$newitemname}', '{$newitemdesc}', '{$newitemactive}', '{$maxmodid}', 'custom')");
if ($newitemactive == 1) {
recache_mods();
}
mod_append($workout);
} else {
$blog->query("UPDATE `{$db_prefix}mods` SET `desc`='{$newitemdesc}', `active`='{$newitemactive}' WHERE `name`='{$newitemname}'");
mod_replace($newitemname, $workout, true);
catcherror($lna[1168]);
}
$newurlcatename = urlencode($newcateurlname);
if (strstr($newcateurlname, '%')) {
catcherror($lna[1168]);
}
$newcateurlname = addslashes($newcateurlname);
if ($job == 'save') {
$queryplus = " AND `cateid`<>'{$itemid}'";
}
$tmpresult = $blog->getbyquery("SELECT * FROM `{$db_prefix}categories` WHERE `cateurlname`='{$newcateurlname}' {$queryplus} LIMIT 1");
if ($tmpresult['catename']) {
catcherror($lna[1169]);
}
}
$newcatedesc = addslashes(safe_convert(stripslashes($newcatedesc), 1));
$newcatedesc = str_replace('<|>', '<|>', $newcatedesc);
if ($job == 'new' || $job == 'newinedit') {
$new_cate_id = $maxrecord['maxcateid'] + 1;
$targetcate = floor($targetcate);
if ($targetcate != -2) {
if ($targetcate == -1) {
$tmpresult = $blog->getbyquery("SELECT * FROM `{$db_prefix}categories` ORDER BY `cateorder` ASC LIMIT 1");
} else {
$tmpresult = $blog->getbyquery("SELECT * FROM `{$db_prefix}categories` WHERE `cateid`='{$targetcate}' LIMIT 1");
$insertcateorder = $tmpresult['cateorder'];
$tmpresult = $blog->getbyquery("SELECT * FROM `{$db_prefix}categories` WHERE `cateorder`>'{$insertcateorder}' ORDER BY `cateorder` ASC LIMIT 1");
}
if (trim($tmpresult['cateorder']) != '') {
$insertcateorder = $tmpresult['cateorder'];
$result = $blog->query("UPDATE `{$db_prefix}categories` SET `cateorder`=`cateorder`+1 WHERE `cateorder`>={$insertcateorder}");
function save_display()
{
$site = $this->getPost('site');
$display = $this->getPost('display');
$this->setting->set_conf('site.footer', safe_convert($site['footer'], true, true));
$this->setting->set_conf('site.logo', $site['logo']);
$this->setting->set_conf('display.album_pageset', $display['album_pageset']);
$this->setting->set_conf('display.photo_pageset', $display['photo_pageset']);
$this->setting->set_conf('display.album_sort_default', $display['album_sort_default']);
$this->setting->set_conf('display.photo_sort_default', $display['photo_sort_default']);
if ($this->getPost('show_process_info')) {
$this->setting->set_conf('system.show_process_info', true);
} else {
$this->setting->set_conf('system.show_process_info', false);
}
form_ajax_success('box', lang('save_setting_success'), null, 0.5, $_SERVER['HTTP_REFERER']);
}
禁止使用Windows记事本修改文件,由此造成的一切使用不正常恕不解答!
PHP+MySQL blog system.
Code: Bob Shen
Offical site: http://www.bo-blog.com
Copyright (c) Bob Shen 中国-上海
In memory of my university life
------------------------------------------------------- */
if (!defined('VALIDREQUEST')) {
die('Access Denied.');
}
if (!$job) {
$job = 'default';
} else {
$job = basename($job);
}
$itemid = safe_convert($itemid);
acceptrequest('tag');
if ($tag !== '') {
$job = 'show';
}
$tag = addslashes(urldecode($tag));
if ($job == 'default') {
$sequence = $mbcon['tagorder'] == '1' ? 'tagcounter' : 'tagid';
$tagperpage = floor($mbcon['tagperpage']);
$start_id = ($page - 1) * $tagperpage;
$alltags = $blog->getarraybyquery("SELECT tagid,tagname,tagcounter FROM `{$db_prefix}tags` ORDER BY {$sequence} DESC LIMIT {$start_id}, {$tagperpage}");
$maxtagcounter = $blog->countbyquery("SELECT MAX(tagcounter) FROM `{$db_prefix}tags`");
$alltagcounter = $blog->countbyquery("SELECT COUNT(tagcounter) FROM `{$db_prefix}tags`");
for ($i = 0; $i < count($alltags['tagid']); $i++) {
$bit_tag_size = get_tag_size($alltags['tagcounter'][$i], $maxtagcounter);
if ($mbcon['tagunderlinetospace'] == 1) {
function changesingleconfig($configname, $value, $configtype = 'mbcon', $configfile = 'data/mod_config.php')
{
// Change a single value for config
global ${$configtype}, $lnc;
$rar = ${$configtype};
$rar[$configname] = $value;
$savetext = "<?PHP\n";
while (@(list($key, $val) = @each($rar))) {
$savetext .= "\${$configtype}['{$key}']='" . safe_convert(stripslashes($val)) . "';\n";
}
if (writetofile($configfile, $savetext)) {
return true;
} else {
catcherror($lnc[7] . $configfile);
}
}
}
-->
</script>
<?php
if (!empty($_GET['action']) && $_GET['action'] == "save") {
$check_info = 1;
if (empty($_POST['subject']) || empty($_POST['fromaddress']) || empty($_POST['toaddress'])) {
$ActionMessage = $strGuestBookBlankError;
$check_info = 0;
} else {
$_POST['validate'] = safe_convert($_POST['validate']);
$_POST['subject'] = safe_convert($_POST['subject']);
$_POST['fromaddress'] = safe_convert($_POST['fromaddress']);
$_POST['toaddress'] = safe_convert($_POST['toaddress']);
$_POST['body'] = safe_convert($_POST['body']);
}
if ($check_info == 1) {
$toemail = explode(";", $_POST['toaddress']);
foreach ($toemail as $value) {
if (check_email($value) == 0) {
$ActionMessage = $strErrEmail;
$check_info = 0;
break;
}
}
}
if ($check_info == 1 && check_email($_POST['fromaddress']) == 0) {
$ActionMessage = $strErrEmail;
$check_info = 0;
}
if ($p['newpsw'] != $p['confirmpsw']) {
catcherror($lna[496]);
}
$password = "******" . md5($p['newpsw']) . "', ";
} else {
$password = "";
}
}
$email = strtolower(trimplus(safe_convert($p['email'])));
$homepage = trimplus(safe_convert($p['homepage']));
$gender = floor($p['gender']);
$qq = floor($p['qq']);
$msn = trimplus(safe_convert($p['msn']));
$skype = trimplus(safe_convert($p['skype']));
$from = trimplus(safe_convert($p['from']));
$intro = trimplus(safe_convert($p['intro']));
$musergroup = floor($p['usergroup']);
if ($job == 'savenewuser') {
$currentuserid = $maxrecord['maxuserid'] + 1;
$imajikan = time();
$blog->query("INSERT INTO `{$db_prefix}user` VALUES ('{$currentuserid}', '{$username}', '{$password}', '{$imajikan}', '{$musergroup}', '{$email}', '{$homepage}', '{$qq}', '{$msn}', '{$intro}', '{$gender}', '{$skype}', '{$from}', '0', '{$userdetail['ip']}', '')");
$blog->query("UPDATE `{$db_prefix}maxrec` SET `maxuserid`=`maxuserid`+1");
$blog->query("UPDATE `{$db_prefix}counter` SET `users`=`users`+1");
} else {
$blog->query("UPDATE `{$db_prefix}user` SET {$password} `usergroup`='{$musergroup}', `email`='{$email}', homepage='{$homepage}', qq='{$qq}', msn='{$msn}', intro='{$intro}', gender='{$gender}', skype='{$skype}', `fromplace`='{$from}' WHERE `userid`='{$p['userid']}'");
recache_adminlist();
}
catchsuccess($finishok2, array($backtouseradmin, $backtoaddnew));
}
if ($job == 'deluser') {
if ($itemid === '') {
function checkuser($username, $password)
{
global $defualtcategoryid, $DMC, $DBPrefix;
$username = safe_convert(trim($username));
$password = md5(safe_convert($password));
$sql = "SELECT * FROM " . $DBPrefix . "members WHERE username='******' and password='******' and role='admin'";
$userInfo = $DMC->fetchArray($DMC->query($sql));
if (count($userInfo) > 0) {
return $userInfo;
} else {
return false;
}
}
?>
" border="0"> </a>
</td>
<td nowrap class="subcontent-td" style="padding-top:3px;padding-bottom:3px"><?php
echo $blogLogo;
?>
</td>
<td nowrap class="subcontent-td"><?php
echo safe_convert($fa['name']);
?>
</td>
<td nowrap class="subcontent-td"><a href="<?php
echo $fa['blogUrl'];
?>
" target="_blank"><?php
echo safe_convert($fa['blogUrl']);
?>
</a></td>
</tr>
<?php
}
//end while
?>
</table>
</div>
<br>
<div class="bottombar-onebtn"></div>
<div class="searchtool">
<input type="radio" name="operation" value="delete" onclick="Javascript:this.form.opmethod.value=1">
<?php
echo $strRefuse;
/* -----------------------------------------------------
Bo-Blog 2 : The Blog Reloaded.
<<A Bluview Technology Product>>
禁止使用Windows记事本修改文件,由此造成的一切使用不正常恕不解答!
PHP+MySQL blog system.
Code: Bob Shen
Offical site: http://www.bo-blog.com
Copyright (c) Bob Shen 中国-上海
In memory of my university life
------------------------------------------------------- */
if (!defined('VALIDREQUEST')) {
die('Access Denied.');
}
acceptrequest('pageid,pagealias');
$itemid = $pagealias ? safe_convert($pagealias) : floor($pageid);
$m_b = new getblogs();
$records = $pagealias ? $m_b->getgroupbyquery("SELECT * FROM `{$db_prefix}pages` WHERE `pagealias`='{$itemid}'") : $m_b->getgroupbyquery("SELECT * FROM `{$db_prefix}pages` WHERE `pageid`='{$itemid}'");
if (is_array($records)) {
$section_body_main = $m_b->output_page($records[0]);
} else {
catcherror($lnc[186]);
}
//Load plugins
$section_body_main[0] = plugin_get('custompagebegin') . $section_body_main[0];
$section_body_main[] = plugin_get('custompageend');
$plugin_closesidebar = $records[0]['closesidebar'] == 1 ? 0 : 1;
if ($plugin_closesidebar == 1) {
$elements['mainpage'] = str_replace("class=\"content\"", "class=\"content-wide\"", $elements['mainpage']);
}
$ifannouncement = "none";
$repid = $itemid;
}
if (empty($job)) {
$job = 'default';
}
if ($job == 'addadminreply' || $job == 'editadminreply') {
if ($permission['ReplyReply'] != 1) {
$cancel = $lna[345];
}
catcherror($cancel);
acceptrequest('adminreplycontent');
$adminreplycontent = trimplus($adminreplycontent);
if ($adminreplycontent == '') {
catcherror($lna[346]);
}
$adminreplycontent = safe_convert($adminreplycontent);
$currenttime = time();
if ($logstat == 0) {
$userdetail['username'] = $lna[901];
}
if ($job == 'editadminreply') {
$queryplus = "`adminrepeditorid`='{$userdetail['userid']}', `adminrepeditor`='{$userdetail['username']}', `adminrepedittime`='{$currenttime}'";
} else {
$queryplus = "`adminreplier`='{$userdetail['username']}', `adminrepid`='{$userdetail['userid']}',`adminreptime`='{$currenttime}'";
}
$blog->query("UPDATE `{$db_prefix}replies` SET `adminrepcontent`='{$adminreplycontent}' , {$queryplus} WHERE `repid`='{$repid}'");
if ($ajax != 'on') {
catchsuccess($finishok2, array($backtoprevious, $backtoindex, $backtodefault));
} else {
// For ajax
if ($mbcon['avatar'] == 1 || $mbcon['usergravatar'] == 1 || $mbcon['visitorgravatar'] == 1) {
$deletealias = false;
}
if ($tags) {
$tags_array = @explode(' ', mystrtolower(trim($tags)));
$tags_array_all = array_unique($tags_array);
$tags = @implode(' ', $tags_array_all);
$tags = safe_convert($tags);
$tags = str_replace(' ', '', $tags);
$tags_array = @explode(' ', $tags);
$tags = '>' . str_replace(' ', '>', $tags) . '>';
} else {
$tags = '';
}
}
if ($pinged) {
$pinged = safe_convert($pinged);
}
if (is_array($permitgp)) {
$permitgp = array_diff(array_keys($usergp), $permitgp);
$permitgp = array_values($permitgp);
$permitgp = @implode('|', $permitgp);
}
$currenttime = time();
$currentuserid = $userdetail['userid'];
if ($changemytime == 1) {
acceptrequest('newyear,newmonth,newday,newhour,newmin,newsec');
$finaltime = gmmktime($newhour, $newmin, $newsec, $newmonth, $newday, $newyear) - $config['timezone'] * 3600;
} elseif ($job == 'store') {
$finaltime = $currenttime;
} elseif ($ajax != 'on') {
$finaltime = $records['pubtime'];
$_POST['addpassword'] = safe_convert($_POST['addpassword']);
}
if (!empty($_POST['password_con'])) {
$_POST['password_con'] = safe_convert($_POST['password_con']);
}
if (!empty($_POST['email'])) {
$_POST['email'] = safe_convert(strip_tags($_POST['email']));
}
if (!empty($_POST['nickname'])) {
$_POST['nickname'] = safe_convert(strip_tags($_POST['nickname']));
}
if (!empty($_POST['oldpassword'])) {
$_POST['oldpassword'] = safe_convert($_POST['oldpassword']);
}
if (!empty($_POST['homePage'])) {
$_POST['homePage'] = safe_convert(strip_tags($_POST['homePage']));
}
if (!empty($_SESSION['username'])) {
//编辑
$rsexits = getFieldValue($DBPrefix . "members", "username='******'username']}' and password=md5('" . $_POST['oldpassword'] . "')", "id");
if ($rsexits == "") {
$ActionMessage = "{$strOldPasswordDesc1}";
} else {
//检测昵称
if ($_POST['nickname'] != "") {
$nickrsexits = getFieldValue($DBPrefix . "members", "username='******'nickname']}' or nickname='{$_POST['nickname']}'", "username");
$check_info = $nickrsexits != "" && $nickrsexits != $_SESSION['username'] ? 0 : 1;
}
if ($check_info == 0) {
$ActionMessage = "{$strCurUserExists}";
} else {
}
//检测验证码
if (!empty($_POST['validate'])) {
$_POST['validate'] = safe_convert($_POST['validate']);
}
if ($check_info == 1 && (empty($_POST['validate']) || $_POST['validate'] != $_SESSION['backValidate']) && $settingInfo['isValidateCode'] == 1) {
$ActionMessage = $strGuestBookValidError;
$check_info = 0;
} else {
$_SESSION['backValidate'] = "";
//把验证码清除
}
if ($check_info == 1) {
$blogName = safe_convert(strip_tags($_POST['blogName']));
$blogUrl = safe_convert(strip_tags($_POST['blogUrl']));
$blogLogo = safe_convert(strip_tags($_POST['blogLogo']));
$rsexits = getFieldValue($DBPrefix . "links", "name='{$blogName}' or blogUrl='{$blogUrl}'", "id");
if ($rsexits != "") {
$ActionMessage = $strDataExists;
} else {
$sql = "INSERT INTO " . $DBPrefix . "links(name,blogUrl,blogLogo) VALUES ('{$blogName}','{$blogUrl}','{$blogLogo}')";
$DMC->query($sql);
$ActionMessage = "{$strApplyWaitApprove}";
$blogName = $blogUrl = $blogLogo = "";
}
}
}
if (preg_match("/http:\\/\\//is", $settingInfo['linklogo'])) {
$logopath = $settingInfo['linklogo'];
} else {
$logopath = $settingInfo['blogUrl'] . $settingInfo['linklogo'];
function save_desc()
{
need_login('ajax');
$id = intval($this->getGet('id'));
$desc = safe_convert($this->getPost('desc'));
if ($desc == '') {
form_ajax_failed('text', lang('empty_photo_desc'));
}
if ($this->mdl_photo->update($id, array('desc' => $desc))) {
$this->plugin->trigger('modified_photo_desc', $id);
form_ajax_success('text', $desc);
} else {
form_ajax_failed('text', lang('modify_photo_desc_failed'));
}
return;
}
if (!empty($_SESSION['replytime']) && $_SESSION['replytime'] > time() - $settingInfo['commTimerout']) {
$ActionMessage = $strUserCommentTime;
$check_info = false;
}
}
if ($check_info && $_POST['message'] == "") {
$ActionMessage = "{$strGuestBookBlankError}";
$check_info = false;
}
//檢查用戶在此處登錄
if ($check_info && $_POST['username'] != "") {
if (!empty($_POST['username'])) {
$_POST['username'] = safe_convert($_POST['username']);
}
if (!empty($_POST['replypassword'])) {
$_POST['replypassword'] = safe_convert($_POST['replypassword']);
}
$sql = "SELECT username,role,password FROM {$DBPrefix}members WHERE username='******'username']}' or nickname='{$_POST['username']}'";
$userInfo = $DMC->fetchArray($DMC->query($sql));
if ($userInfo || $settingInfo['master'] == $_POST['username']) {
if (md5($_POST['replypassword']) != $userInfo['password']) {
$ActionMessage = $strLoginErrUserPWD;
$check_info = false;
} else {
if ($settingInfo['loginStatus'] == 0) {
$_SESSION['username'] = $userInfo['username'];
$_SESSION['password'] = md5($_POST['replypassword']);
$_SESSION['rights'] = $userInfo['role'];
}
$_POST['username'] = $userInfo['username'];
}
function metaWeblog_editPost($values)
{
global $config, $defualtcategoryid, $db_prefix, $mbconfig;
$struct = $values['struct'];
$userdetail = check_user($values['username'], $values['password']);
$blog = new boblog();
$values['postid'] = floor($values['postid']);
$records = $blog->getgroupbyquery("SELECT * FROM `{$db_prefix}blogs` WHERE `blogid`='{$values['postid']}'");
if ($records[0]['blogid'] == '') {
xml_error("Entry does not exist.");
}
if (!$struct['title']) {
$title = "Untitled MetaWeblogAPI Entry";
} else {
$title = safe_convert($struct['title']);
}
if (!$struct['description']) {
xml_error("You MUST provide a decription element in your post.");
} else {
$content = reduce_entities($struct['description']);
}
$nowtime = time();
if ($struct['pubDate']) {
$struct['dateCreated'] = $struct['pubDate'];
}
if ($struct['dateCreated']) {
$time = get_time_unix($struct['dateCreated']) + 3600 * $config['timezone'];
} else {
$time = $records[0]['pubtime'];
}
$newcym = date("Ym", $time);
$newcd = date("d", $time);
$blog->query("UPDATE `{$db_prefix}calendar` SET cyearmonth='{$newcym}', cday='{$newcd}' WHERE `cid`='{$values['postid']}'");
//writetofile ('text5.php', $struct['categories']); //For debug only
if ($struct['categories'] != '') {
$c_tmp = $blog->getgroupbyquery("SELECT cateid FROM `{$db_prefix}categories` WHERE `catename`='{$struct['categories']}'");
$category = $c_tmp[0]['cateid'];
if ($category == '') {
$category = $defualtcategoryid;
}
} else {
$category = $records[0]['category'];
}
if ($values['publish'] == 1 && $struct['flNotOnHomePage'] != 1) {
$property = 0;
} else {
$property = 3;
}
$query = "UPDATE `{$db_prefix}blogs` SET `title`='{$title}', `pubtime`='{$time}', `property`='{$property}', `category`='{$category}', `content`='{$content}', `editorid`='{$userdetail['userid']}', `edittime`='{$nowtime}' WHERE `blogid`='{$values['postid']}'";
recache_latestentries();
recache_currentmonthentries();
recache_categories();
//Update Category counter
$blog->query($query);
$xml_content = make_xml_piece("boolean", '1');
$body_xml = xml_generate($xml_content);
send_response($body_xml);
}
$_SESSION['rights'] = "";
unset($_SESSION);
session_destroy();
header("Location: index.php");
exit;
}
if ($_GET['action'] == "login") {
$check_info = 1;
if (!empty($_POST['username'])) {
$_POST['username'] = safe_convert(strip_tags($_POST['username']));
}
if (!empty($_POST['password'])) {
$_POST['password'] = safe_convert($_POST['password']);
}
if (!empty($_POST['validate'])) {
$_POST['validate'] = safe_convert($_POST['validate']);
}
if (check_user($_POST['username']) == 0) {
$ActionMessage = $strUserLengMax;
$check_info = 0;
}
if ($check_info == 1 && check_password($_POST['password']) == 0) {
$ActionMessage = $strPasswordAlert;
$check_info = 0;
}
if ($check_info == 1 && (empty($_POST['validate']) || $_POST['validate'] != $_SESSION['backValidate']) && $settingInfo['uservalid'] == 1) {
$ActionMessage = $strLoginValidateError;
$check_info = 0;
} else {
$_SESSION['backValidate'] = "";
//把验证码清除
if (!in_array($destination, $items)) {
catcherror($lna[411]);
}
$importfile = $_FILES['importfile'];
$upload_file = $importfile['tmp_name'];
$upload_filename = urlencode($importfile['name']);
$ext = strtolower(strrchr($upload_filename, '.'));
if ($ext != '.txt') {
catcherror($lna[412]);
}
if (!move_uploaded_file($upload_file, "{$db_tmpdir}/{$upload_filename}")) {
catcherror($lna[130] . 'temp/');
}
$filecontent = @file("{$db_tmpdir}/{$upload_filename}");
$item = trim(@implode(",", $filecontent));
$item = safe_convert($item);
$item = str_replace("<br/>", '', $item);
extract_forbidden();
$old = @implode(",", $forbidden[$destination]);
$item .= ',' . $old;
$item = str_replace(",,", ',', $item);
$blog->query("UPDATE `{$db_prefix}forbidden` SET `{$destination}`='{$item}'");
@unlink("{$db_tmpdir}/{$upload_filename}");
catchsuccess($finishok, array($backtoforbidden, $backtoemot, $backtoweather, $backtoava));
}
if ($job == 'sessiondir') {
$checked = $db_defaultsessdir == '1' ? 'checked' : '';
$display_overall .= highlightadminitems('sessiondir', 'misc');
$display_overall_plus = <<<eot
<form action="admin.php?go=misc_changesessiondir" method="post" id="ajaxForm1">
<table class='tablewidth' align=center cellpadding=4 cellspacing=0>
$content = str_replace("\r", '', $content);
//Disable auto linebreak in WYSIWYG editors
}
if ($callaftersubmit) {
$content = call_user_func($callaftersubmit, $content);
}
$content = preg_replace("/\\[php\\](.+?)\\[\\/php\\]/ise", "phpcode3('\\1')", $content);
if ($htmlstat != 1 || $permission['Html'] != 1) {
$content = preg_replace("/\\[code\\](.+?)\\[\\/code\\]/ise", "phpcode2('\\1')", $content);
$content = safe_convert($content, 0, 1);
} else {
$content = preg_replace("/\\[code\\](.+?)\\[\\/code\\]/ise", "phpcode('\\1')", $content);
$content = safe_convert($content, 1, 1);
}
$pagetitle = safe_convert(stripslashes($pagetitle));
$shortcutname = !$shortcutname ? $pagetitle : safe_convert(stripslashes($shortcutname));
$pagealias = blogalias_convert($pagealias);
if ($pagealias == '') {
$deletealias = true;
} else {
if ($job == 'restore') {
$findalias_plus = "AND `pageid`<>'{$records['pageid']}'";
}
$findalias = $blog->getgroupbyquery("SELECT * FROM `{$db_prefix}pages` WHERE `pagealias`='{$pagealias}' {$findalias_plus} LIMIT 1");
if ($findalias[0]['pagealias'] == $pagealias) {
$pagealias .= '_' . rand(1000, 9999);
}
$deletealias = false;
}
$currentuserid = $userdetail['userid'];
$finaltime = time();
</form>
eot;
}
if ($job == 'save') {
acceptrequest('newlinkname,newlinkurl,newlinklogo,newlinkdesc,newlinkgptoid,newisdisplay,linkid,tomodify,alsodel');
if ($newlinkname == '' || $newlinkurl == '' || $newlinkgptoid == '') {
$cancel = $lna[241];
}
if ($tomodify == '1' && $linkid == '') {
$cancel = $lna[241];
}
catcherror($cancel);
$newlinkname = safe_convert(stripslashes($newlinkname));
$newlinkurl = safe_convert(stripslashes($newlinkurl));
$newlinklogo = safe_convert(stripslashes($newlinklogo));
$newlinkdesc = safe_convert(stripslashes($newlinkdesc));
if ($mbcon['anticorrupturl'] == 1) {
$newlinkurl = urlconvert($newlinkurl);
$newlinklogo = urlconvert($newlinklogo);
}
if ($tomodify) {
$blog->query("UPDATE `{$db_prefix}links` SET `linkname`='{$newlinkname}', `linkurl`='{$newlinkurl}', `linklogo`='{$newlinklogo}', `linkdesc`='{$newlinkdesc}', `linkgptoid`='{$newlinkgptoid}', `isdisplay`='{$newisdisplay}' WHERE `linkid`='{$linkid}'");
$return_display = 'detail';
} else {
$new_link_id = $maxrecord['maxlinkid'] + 1;
$blog->query("INSERT INTO `{$db_prefix}links` VALUES ({$new_link_id}, '{$newlinkname}', '{$newlinkurl}', '{$newlinklogo}', '{$newlinkdesc}', '{$newlinkgptoid}', {$new_link_id}, '{$newisdisplay}', '', '')");
$blog->query("UPDATE `{$db_prefix}maxrec` SET `maxlinkid`='{$new_link_id}'");
$return_display = 'add';
}
if (!empty($alsodel)) {
$filename = "data/cache_applylinks.php";
header("Location: admin.php?go=edit");
exit;
}
checkpermission('CP');
confirmpsw();
//Re-check password
//Define some senteces
$finishok = $lna[323];
$backtodefault = "{$lna[324]}|admin.php?go=entry_default";
$backtodraft = "{$lna[325]}|admin.php?go=entry_draft";
$backtoaddnew = "{$lna[326]}|admin.php?go=entry_write";
include_once "data/cache_adminlist.php";
if ($job == '' || $job == "default") {
acceptrequest('category,property,frontpage,keyword,timeperiod');
$timeperiod = floor($timeperiod);
$keyword = safe_convert($keyword);
if ($keyword == $lna[1129]) {
$keyword = '';
}
$adminselection = "<select name='chnadm'>";
foreach ($adminlist as $adk => $adn) {
$adminselection .= "<option value='{$adk}'>{$adn}</option>";
}
$adminselection .= "</select>";
$propertysel = $timeperiodsel = $frontpagesel = array();
$propertysel[$property] = "selected";
$adminselection2 = "<select name=\"property\"><option value='10' {$propertysel[10]}>{$lna[1130]}</option><option value=0 {$propertysel[0]}>{$lna[269]}</option><option value=1 {$propertysel[1]}>{$lna[270]}</option><option value=2 {$propertysel[2]}>{$lna[271]}</option></select>";
$frontpagesel[$frontpage] = "selected";
$adminselection5 = "<select name=\"frontpage\"><option value='10' {$frontpagesel[10]}>所有日志</option><option value='0' {$frontpagesel[0]}> </option><option value=1 {$frontpagesel[1]}>不显示在首页</option><option value=2 {$frontpagesel[2]}> </option></select>";
$timeperiodsel[$timeperiod] = "selected";
$adminselection4 = "<select name=\"timeperiod\"><option value='0' {$timeperiodsel[0]}>{$lna[1131]}</option><option value=7 {$timeperiodsel[7]}>{$lna[1132]}</option><option value=30 {$timeperiodsel[30]}>{$lna[1133]}</option><option value=90 {$timeperiodsel[90]}>{$lna[1134]}</option><option value=180 {$timeperiodsel[180]}>{$lna[1135]}</option><option value=365 {$timeperiodsel[365]}>{$lna[1136]}</option></select>";
if ($_REQUEST['tem']) {
$customtemplate = basename($_REQUEST['tem']);
setcookie('blogtemplate', $customtemplate);
} else {
$customtemplate = basename($_COOKIE['blogtemplate']);
}
if (!empty($customtemplate) && file_exists("template/{$customtemplate}/info.php")) {
require "template/{$customtemplate}/info.php";
} else {
require "data/mod_template.php";
}
define('elementfile', $template['structure']);
//2006-7-2 Seurity Fix, 2006-7-5 modified
acceptcookie("userid,userpsw");
$userid = safe_convert($userid);
$userpsw = safe_convert($userpsw);
$blog = new boblog();
//Initialize Time Info
$nowtime['timestamp'] = time();
$nowtime += array('year' => gmdate('Y', $nowtime['timestamp'] + 3600 * $config['timezone']), 'month' => gmdate('n', $nowtime['timestamp'] + 3600 * $config['timezone']), 'day' => gmdate('j', $nowtime['timestamp'] + 3600 * $config['timezone']), 'Ymd' => gmdate('Ymd', $nowtime['timestamp'] + 3600 * $config['timezone']), 'Ym' => gmdate('Ym', $nowtime['timestamp'] + 3600 * $config['timezone']));
//Sessions and Cookies
$userdetail = array();
if (empty($userid) || empty($userpsw)) {
$userdetail['usergroup'] = 0;
$userdetail['userid'] = -1;
$logstat = 0;
} else {
$userdetail = $blog->getbyquery("SELECT * FROM `{$db_prefix}user` WHERE `userid`='{$userid}' AND `userpsw`='{$userpsw}'");
if (!$userdetail) {
$userdetail['usergroup'] = 0;
$userdetail['userid'] = -1;
