function init_request() { require TIPASK_ROOT . '/config.php'; header('Content-type: text/html; charset=' . TIPASK_CHARSET); //给浏览器识别,sbie6 $querystring = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; $pos = strpos($querystring, '.'); if ($pos !== false) { $querystring = substr($querystring, 0, $pos); } $andpos = strpos($querystring, "&"); $andpos && ($querystring = substr($querystring, 0, $andpos)); $this->get = explode('/', $querystring); if (empty($this->get[0])) { $curPageURL = curPageURL(); $curPageURL = strtr($curPageURL, array('http://' => '', '/' => '')); if ($curPageURL == config::ADMIN_DOMAIN) { $this->get[0] = 'admin_main'; } else { $this->get[0] = 'index'; } } if (empty($this->get[1])) { $this->get[1] = 'default'; } if (count($this->get) < 2) { exit(' Access Denied !'); } unset($GLOBALS, $_ENV, $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_ENV_VARS); $this->get = taddslashes($this->get, 1); $this->post = taddslashes(array_merge($_GET, $_POST)); unset($_POST); }
function init_user() { @($auth = tcookie('auth')); $user = array('uid' => 0); @(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", strcode($auth, AUTH_KEY, 'DECODE')), 1)); if ($uid && $password) { $finduser = $this('user')->findById($uid); $finduser && $password == $finduser['password'] && ($user = $finduser); } $user['ip'] = $this->ip; $this->user = $user; }
function taddslashes($string, $force = 0) { if (!MAGIC_QUOTES_GPC || $force) { if (is_array($string)) { foreach ($string as $key => $val) { $string[$key] = taddslashes($val, $force); } } else { $string = addslashes($string); } } return $string; }
function do_datago($mysql,$tableno,$do,$start,$limit){ global $whereis, $dbhost, $dbuser, $dbpw, $tablepre,$fromdbname, $todbcharset, $dbcfg,$dbcharset; $allowcharset = array('latin1' => 'gbk','gbk' => 'utf8','utf8' => 'latin1'); $tablename = 'Tables_in_'.strtolower($fromdbname).' ('.$tablepre.'%)'; $mysql = mysql_connect($dbhost, $dbuser, $dbpw); mysql_select_db($fromdbname); mysql_query("SET sql_mode=''"); $query = mysql_query('SHOW TABLES LIKE \''.$tablepre.'%\''); while($t = mysql_fetch_array($query,MYSQL_ASSOC)) { $tablearray[] = $t[$tablename]; } $table = $tablearray["$tableno"]; $query = mysql_query('SHOW TABLE STATUS LIKE '.'\''.$table.'\''); $tableinfo = array(); while($t = mysql_fetch_array($query,MYSQL_ASSOC)) { $charset = explode('_',$t['Collation']); $t['Collation'] = $charset[0]; $tableinfo = $t; } if($allowcharset[$tableinfo['Collation']] != $todbcharset && $allowcharset[$todbcharset] != $tableinfo['Collation']){ if(strpos($tableinfo['Name'],$todbcharset) == 0) { $table = ''; } else { echo "<h4>$title</h4><br><br><table><tr><th>提示信息</th></tr><tr><td>$tableinfo[Name] 表数据库编码出错</td></tr></table>"; exit; } } mysql_query("SET NAMES '$tableinfo[Collation]'"); if($do == 'create') { $tablecreate=array(); foreach ($tablearray as $key => $value){ $query=mysql_query("SHOW CREATE TABLE $value"); while($t = mysql_fetch_array($query,MYSQL_ASSOC)){ $t['Create Table'] = str_replace($tablepre,$whereis.'_',$t['Create Table']); $t['Create Table'] = str_replace("$tableinfo[Collation]","$todbcharset",$t['Create Table']); $t['Create Table'] = str_replace($whereis.'_',$todbcharset.$whereis.'_',$t['Create Table']); $t['Table'] = str_replace($tablepre,$todbcharset.$whereis.'_',$t['Table']); $tablecreate[]=$t; } } mysql_query('SET NAMES \''.$todbcharset.'\''); if(mysql_get_server_info() > '5.0'){ mysql_query("SET sql_mode=''"); } foreach ($tablecreate as $key => $value){ mysql_query("DROP TABLE IF EXISTS `$value[Table]`"); mysql_query($value['Create Table']); $count++; } $toolstip .= '所有的表创建完成,数据库共有 '.$count.' 个表!<br>'; show_tools_message($toolstip,"tools.php?action=datago&do=data&fromdbname=$fromdbname&todbcharset=$todbcharset&submit=%D7%AA%BB%BB"); } elseif($do == 'data') { $count = 0; $data = array(); $newtable = str_replace($tablepre,$todbcharset.$whereis.'_',$table); if($table) { mysql_query("SET NAMES '$tableinfo[Collation]'"); $query = mysql_query("SELECT * FROM $table LIMIT $start,$limit"); while($t = mysql_fetch_array($query,MYSQL_ASSOC)) { $data[] = $t; } unset($t); $todbcharset2 = $todbcharset; if($tableinfo['Collation'] == 'utf8' || $todbcharset=='utf8'){ $todbcharset2 = $tableinfo['Collation']; } mysql_query('SET NAMES \''.$todbcharset2.'\''); if(mysql_get_server_info() > '5.0'){ mysql_query("SET sql_mode=''"); } if($start == 0){ mysql_query("TRUNCATE TABLE $newtable"); } foreach($data as $key => $value){ $sql=''; foreach($value as $tokey => $tovalue){ $tovalue = addslashes($tovalue); $sql = $sql ? $sql.",'".$tovalue."'" : "'".$tovalue."'"; } mysql_query("INSERT INTO $newtable VALUES($sql)") or mysql_errno(); $count++; } if($count == $limit) { $start += $count; show_tools_message("正在转移 $table 表的从 $start 条记录开始的后 $limit 条记录","tools.php?action=datago&do=data&fromdbname=$fromdbname&todbcharset=$todbcharset&tableno=$tableno&start=$start&submit=%D7%AA%BB%BB"); } else { $tableno ++; show_tools_message("正在转移 $table 表的从 $start 条记录开始的后 $limit 条记录","tools.php?action=datago&do=data&fromdbname=$fromdbname&todbcharset=$todbcharset&tableno=$tableno&submit=%D7%AA%BB%BB",$time='1000'); } } elseif($dbcharset == 'latin1' || $todbcharset == 'latin1') { echo "<div class=\"specialdiv2\" id=\"serialize\">转换提示:<ul> </ul></div>"; echo '<script>$("serialize").innerHTML+="<li>转换完成!转换后的数据库前缀为:<font color=red>'.$todbcharset.$whereis.'_ </font></li>"; $("serialize").scrollTop=$("serialize").scrollHeight;</script>'; } else { $toolstip = '数据编码转换完毕,修复序列化数据。'; show_tools_message($toolstip,"tools.php?action=datago&do=serialize&fromdbname=$fromdbname&todbcharset=$todbcharset&submit=%D7%AA%BB%BB"); } } elseif($do == 'serialize' && $dbcharset!='latin1' && $todbcharset!='latin1') { if($whereis == 'is_ss') { $a = array('0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'); foreach($a as $num) { mysql_query("TRUNCATE TABLE ".$todbcharset.$whereis.'_'."cache_".$num); } } $arr = getlistarray($whereis,'datago'); $limit = '3000'; echo "<div class=\"specialdiv2\" id=\"serialize\">转换提示:<ul> </ul></div>"; foreach($arr as $field) { $stable = $todbcharset.$whereis.'_'.$field[0]; $sfield = $field[1]; $sid = $field[2]; $query = mysql_query("SELECT $sid,$sfield FROM $stable ORDER BY $sid DESC LIMIT $limit"); while($values = mysql_fetch_array($query,MYSQL_ASSOC)) { $data = $values[$sfield]; $id = $values[$sid]; $data = preg_replace_callback('/s:([0-9]+?):"([\s\S]*?)";/','_serialize',$data); $data = taddslashes($data); if(mysql_query("update `$stable` set `$sfield`='$data' where `$sid`='$id'")) { $toolstip = $stable.' 表的 '.$sid.' 为 '.$id.' 的 '.$sfield.' 字段,修复成功<br/>'; } else { $toolstip = $stable.' 表的 '.$sid.' 为 '.$id.' 的 '.$sfield.' 字段,<font color=red>修复失败</font><br/>'; } echo '<script>$("serialize").innerHTML+="'.$toolstip.'"; $("serialize").scrollTop=$("serialize").scrollHeight;</script>'; } } mysql_close($mysql); echo '<script>$("serialize").innerHTML+="<li>转换完成!请检查修复记录。转换后的数据库前缀为:<font color=red>'.$todbcharset.$whereis.'_ </font></li>"; $("serialize").scrollTop=$("serialize").scrollHeight;</script>'; } }
function onfollow() { $qid = intval($this->get[2]); $question = taddslashes($_ENV['question']->get($qid), 1); if (!$question) { $this->message("问题不存在!"); exit; } $page = max(1, intval($this->get[3])); $pagesize = $this->setting['list_default']; $startindex = ($page - 1) * $pagesize; $followerlist = $_ENV['question']->get_follower($qid, $startindex, $pagesize); $rownum = $this->db->fetch_total('question_attention', " qid={$qid} "); $departstr = page($rownum, $pagesize, $page, "question/follow/{$qid}"); include template("question_follower"); }
function taddslashes($string, $force = 1) { if (is_array($string)) { foreach ($string as $key => $val) { $string[$key] = taddslashes($val, $force); } } else { $string = addslashes($string); } return $string; }
function onad() { if (isset($this->post['submit'])) { $this->setting['ads'] = taddslashes(serialize($this->post['ad']), 1); $_ENV['setting']->update($this->setting); $type = 'correctmsg'; $message = '广告修改成功!'; $this->setting = $this->cache->load('setting'); } $adlist = tstripslashes(unserialize($this->setting['ads'])); include template('setting_ad', 'admin'); }
require_once "../../lib/cache.class.php"; require_once "../../lib/db.class.php"; require_once "./API/qqConnectAPI.php"; define('TIPASK_ROOT', substr(dirname(__FILE__), 0, -15)); define(SITE_URL, 'http://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, -27)); $db = new db(DB_HOST, DB_USER, DB_PW, DB_NAME, DB_CHARSET, DB_CONNECT); $cache = new cache($db); $setting = $cache->load('setting'); $qc = new QC(); $token = $qc->qq_callback(); $openid = $qc->get_openid(); $qc = new QC($token, $openid); $sid = tcookie('sid'); $auth = tcookie('auth'); $user = array(); list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", authcode($auth, 'DECODE')), 1); $user = array(); if ($uid && $password) { $user = get_user($uid); if ($password != $user['password']) { $user = array(); } } if (!$user) { $user = get_by_openid($openid); } else { remove_auth($openid); add_auth($token, $openid, $uid); header("Location:" . SITE_URL . "index.php?user/mycategory"); exit; }
$return = array('msg' => '失败', 'return' => 2); } } else { $return = array('msg' => 'qid不存在', 'return' => 3); } } echo json_encode($return); } else { if ($post['act'] == 'user_confirm') { $qid = intval($post['qid']); if ($qid <= 0) { $return = array('msg' => '非法参数qid', 'return' => 4); } else { $complainInfo = $_ENV['complain']->Get($qid); if (isset($complainInfo['id'])) { $dataArr = array('order_id' => taddslashes($post['order_id']), 'good_id' => taddslashes($post['good_id']), 'author' => taddslashes($post['author']), 'author_id' => taddslashes($post['author_id'])); $result = $_ENV['complain']->Update($qid, $dataArr); if ($result) { $_ENV['question']->rebuildQuestionDetail($post['qid'], "complain"); $return = array('msg' => '成功', 'return' => 1); } else { $return = array('msg' => '失败', 'return' => 2); } } else { $return = array('msg' => 'qid不存在', 'return' => 3); } } echo json_encode($return); } else { if ($post['act'] == 'evaluate_count') { $count = intval($post['count']);
function init_user() { @($sid = tcookie('sid')); @($auth = tcookie('auth')); $user = array(); @(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", authcode($auth, 'DECODE')), 1)); if (!$sid) { $sid = substr(md5(time() . $this->ip . random(6)), 16, 16); tcookie('sid', $sid, 31536000); } $this->load('user'); if ($uid && $password) { $user = $_ENV['user']->get_by_uid($uid, 0); $password != $user['password'] && ($user = array()); } if (!$user) { $user['uid'] = 0; $user['groupid'] = 6; } $_ENV['user']->refresh_session_time($sid, $user['uid']); $user['sid'] = $sid; $user['ip'] = $this->ip; $user['uid'] && ($user['loginuser'] = $user['username']); $user['uid'] && ($user['avatar'] = get_avatar_dir($user['uid'])); $this->user = array_merge($user, $this->usergroup[$user['groupid']]); }
function complainQuestionTransform($post) { $qid = intval($post['qid']); //投诉id $loginId = taddslashes(trim($post['loginId'])); // 操作人 $to_type = trim($post['to_type']); // 转换类型 suggest or ask $LogName = TIPASK_ROOT . "/data/logs/transformLog.txt"; if ($this->base->setting['complainTransAskSuggest'] == 0) { return 3; // sc投诉转咨询、建议开关没打开 } $complainInfo = $this->Get($qid, "*", '0,1,2'); if (!isset($complainInfo['id'])) { return 4; // 问题不存在 } $comment = unserialize($complainInfo['comment']); //$comment['convert']['to_id'] = 0; if (intval($comment['convert']['to_id']) == 0) { $categaryInfo = $_ENV['category']->getByQuestionType($to_type); // 获取问题分类信息 if (isset($categaryInfo['id'])) { $complainInfo['cid'] = $categaryInfo['id']; } else { $complainInfo['cid'] = $_ENV['question']->getType(1); } if (isset($complainInfo['qtype']) && $complainInfo['qtype'] > 0) { $qtypeInfo = $_ENV['qtype']->GetQType($complainInfo['qtype']); // 获取问题qtype信息 if (isset($qtypeInfo['id'])) { $date = date("Y-m-d", $complainInfo['time']); $_ENV['question']->modifyUserQtypeNum($date, $qtypeInfo['id'], $to_type, 1); $_ENV['question']->modifyUserQtypeNum($date, $qtypeInfo['id'], 'complain', -1); } } $comment = unserialize($complainInfo['comment']); $new_comment = serialize(array('reason' => $post['reason'])); if (isset($comment['convert']['from_id']) && $comment['convert']['from_id'] > 0) { $from_id = $comment['convert']['from_id']; } else { $from_id = 0; } $contact = unserialize($complainInfo['contact']); $new_comment = $contact; $new_comment['convert'] = array('from_type' => 'complain', 'from_id' => $complainInfo['id'], 'reason' => $post['reason']); $new_comment['OS'] = $comment['OS']; $new_comment['Browser'] = $comment['Browser']; $new_comment['order_id'] = $complainInfo['order_id']; $hidden = $complainInfo['public'] == 2 ? 2 : 1; $questionInfo = array('author' => $complainInfo['author'], 'author_id' => $complainInfo['author_id'], 'title' => $complainInfo['title'], 'description' => $complainInfo['description'], 'comment' => serialize($new_comment), 'qtype' => $complainInfo['qtype'], 'attach' => $complainInfo['photo'], 'time' => $complainInfo['time'], 'ip' => $complainInfo['ip'], 'cid' => $complainInfo['cid'], 'qtype' => $complainInfo['qtype'], 'hidden' => $hidden); $this->pdo->begin(); $insertId = $_ENV['question']->insert($questionInfo); if (intval($insertId) > 0) { $transform = array('from_id' => $qid, 'from_type' => 'complain', 'to_type' => $to_type, 'to_id' => $insertId, 'ApplyOperator' => $loginId, 'AcceptOperator' => "system", 'comment' => serialize($new_comment), 'acceptTime' => $_SERVER['REQUEST_TIME'], 'applyTime' => $_SERVER['REQUEST_TIME'], 'transform_status' => 1, 'AuthorName' => $complainInfo['author']); $comment['convert'] = array('to_type' => $to_type, 'to_id' => $insertId, 'transformTime' => $_SERVER['REQUEST_TIME'], 'loginId' => $loginId, 'reason' => $post['reason']); $dataArr = array('comment' => serialize($comment), 'public' => 1, 'sync' => 1); // 更新关联投诉ID到投诉表,隐藏该投诉问题 $updateNum = $this->Update($complainInfo['id'], $dataArr); $transformLogId = $_ENV['question']->insertTransformLog($transform); if ($updateNum > 0 && $transformLogId > 0) { $this->pdo->commit(); $this->base->sys_admin_log($insertId, $complainInfo['author'], "投诉单转换,理由:" . $post['reason'], 18); if ($from_id > 0) { $QuestionInfo = $_ENV['question']->Get($from_id); $_ENV['question']->ApplyToOperator($insertId, $QuestionInfo['js_kf'], 18); } return $insertId; // success } else { $this->pdo->rollBack(); return 2; // failure rollback } } else { $this->pdo->rollBack(); return 2; // failure rollback } } else { return $comment['convert']['to_id']; // 问题已经转过成功 } }