Пример #1
function setloginstatus($member, $cookietime)
    global $_G;
    $_G['uid'] = intval($member['uid']);
    $_G['username'] = $member['username'];
    $_G['adminid'] = $member['adminid'];
    $_G['groupid'] = $member['groupid'];
    $_G['formhash'] = formhash();
    $_G['session']['invisible'] = getuserprofile('invisible');
    $_G['member'] = $member;
    loadcache('usergroup_' . $_G['groupid']);
    C::app()->session->isnew = true;
    dsetcookie('auth', authcode("{$member['password']}\t{$member['uid']}", 'ENCODE'), $cookietime, 1, true);
    include_once libfile('function/stat');
    updatestat('login', 1);
    if (defined('IN_MOBILE')) {
        updatestat('mobilelogin', 1);
    if ($_G['setting']['connect']['allow'] && $_G['member']['conisbind']) {
        updatestat('connectlogin', 1);
    $rule = updatecreditbyaction('daylogin', $_G['uid']);
    if (!$rule['updatecredit']) {
function xwb_setSiteUserLogin($uid)
    global $_G;
    if (empty($uid)) {
        return false;
    $member = DB::fetch_first("SELECT * FROM " . DB::table('common_member') . " WHERE uid='" . $uid . "'");
    if (!$member) {
        return false;
    setloginstatus($member, time() + 60 * 60 * 24 ? 2592000 : 0);
    DB::query("UPDATE " . DB::table('common_member_status') . " SET lastip='" . $_G['clientip'] . "', lastvisit='" . time() . "' WHERE uid='{$uid}'");
    include_once libfile('function/stat');
    updatecreditbyaction('daylogin', $uid);
    return true;
Пример #3
        $setarr = array('uid' => $uid, 'fromuid' => $_G['uid'], 'fromusername' => $_G['username'], 'note' => getstr($_POST['note'], 150, 1, 1), 'dateline' => $_G['timestamp'], 'iconid' => intval($_POST['iconid']));
        DB::insert('home_poke', $setarr, 0, true);
        if (!$oldpoke) {
            DB::query("UPDATE " . DB::table('common_member_status') . " SET pokes=pokes+1 WHERE uid='{$uid}'");
            DB::query("UPDATE " . DB::table('common_member') . " SET newprompt=newprompt+1 WHERE uid='{$uid}'");
        require_once libfile('function/friend');
        if ($op == 'reply') {
            DB::query("DELETE FROM " . DB::table('home_poke') . " WHERE uid='{$_G['uid']}' AND fromuid='{$uid}'");
            DB::query("UPDATE " . DB::table('common_member_status') . " SET pokes=pokes-'1' WHERE uid='{$_G['uid']}'");
            DB::query("UPDATE " . DB::table('common_member') . " SET newprompt=newprompt-'1' WHERE uid='{$_G['uid']}'");
        updatecreditbyaction('poke', 0, array(), $uid);
        include_once libfile('function/stat');
        showmessage('poke_success', dreferer(), array('username' => $tospace['username'], 'uid' => $uid, 'from' => $_G['gp_from']), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true));
} elseif ($op == 'ignore') {
    if (submitcheck('ignoresubmit')) {
        $where = empty($uid) ? '' : "AND fromuid='{$uid}'";
        DB::query("DELETE FROM " . DB::table('home_poke') . " WHERE uid='{$_G['uid']}' {$where}");
        $pokenum = getcount('home_poke', array('uid' => $_G['uid']));
        space_merge($space, 'status');
        if ($pokenum != $space['pokes']) {
            $changenum = $pokenum - $space['pokes'];
            member_status_update($space['uid'], array('pokes' => $changenum));
        showmessage('has_been_hailed_overlooked', '', array('uid' => $uid, 'from' => $_G['gp_from']), array('showdialog' => 1, 'showmsg' => true, 'closetime' => 0));
} elseif ($op == 'view') {
Пример #4
 public function newthread($parameters)
     require_once libfile('function/post');
     $this->tid = $this->pid = 0;
     if (trim($this->param['subject']) == '') {
         return $this->showmessage('post_sm_isnull');
     if (!$this->param['sortid'] && !$this->param['special'] && trim($this->param['message']) == '') {
         return $this->showmessage('post_sm_isnull');
     list($this->param['modnewthreads'], $this->param['modnewreplies']) = threadmodstatus($this->param['subject'] . "\t" . $this->param['message'] . $this->param['extramessage']);
     if ($post_invalid = checkpost($this->param['subject'], $this->param['message'], $this->param['special'] || $this->param['sortid'])) {
         return $this->showmessage($post_invalid, '', array('minpostsize' => $this->setting['minpostsize'], 'maxpostsize' => $this->setting['maxpostsize']));
     if (checkflood()) {
         return $this->showmessage('post_flood_ctrl', '', array('floodctrl' => $this->setting['floodctrl']));
     } elseif (checkmaxperhour('tid')) {
         return $this->showmessage('thread_flood_ctrl_threads_per_hour', '', array('threads_per_hour' => $this->group['maxthreadsperhour']));
     $this->param['save'] = $this->member['uid'] ? $this->param['save'] : 0;
     $this->param['typeid'] = isset($this->param['typeid']) && isset($this->forum['threadtypes']['types'][$this->param['typeid']]) && (!$this->forum['threadtypes']['moderators'][$this->param['typeid']] || $this->forum['ismoderator']) ? $this->param['typeid'] : 0;
     $this->param['displayorder'] = $this->param['modnewthreads'] ? -2 : ($this->forum['ismoderator'] && $this->group['allowstickthread'] && !empty($this->param['sticktopic']) ? 1 : (empty($this->param['save']) ? 0 : -4));
     if ($this->param['displayorder'] == -2) {
         C::t('forum_forum')->update($this->forum['fid'], array('modworks' => '1'));
     $this->param['digest'] = $this->forum['ismoderator'] && $this->group['allowdigestthread'] && !empty($this->param['digest']) ? 1 : 0;
     $this->param['readperm'] = $this->group['allowsetreadperm'] ? $this->param['readperm'] : 0;
     $this->param['isanonymous'] = $this->group['allowanonymous'] && $this->param['isanonymous'] ? 1 : 0;
     $this->param['price'] = intval($this->param['price']);
     if (!$this->param['special']) {
         $this->param['price'] = $this->group['maxprice'] ? $this->param['price'] <= $this->group['maxprice'] ? $this->param['price'] : $this->group['maxprice'] : 0;
     if (!$this->param['typeid'] && $this->forum['threadtypes']['required'] && !$this->param['special']) {
         return $this->showmessage('post_type_isnull');
     if (!$this->param['sortid'] && $this->forum['threadsorts']['required'] && !$this->param['special']) {
         return $this->showmessage('post_sort_isnull');
     if (!$this->param['special'] && $this->param['price'] > 0 && floor($this->param['price'] * (1 - $this->setting['creditstax'])) == 0) {
         return $this->showmessage('post_net_price_iszero');
     $this->param['sortid'] = $this->param['special'] && $this->forum['threadsorts']['types'][$this->param['sortid']] ? 0 : $this->param['sortid'];
     $this->param['typeexpiration'] = intval($this->param['typeexpiration']);
     if ($this->forum['threadsorts']['expiration'][$this->param['typeid']] && !$this->param['typeexpiration']) {
         return $this->showmessage('threadtype_expiration_invalid');
     $author = !$this->param['isanonymous'] ? $this->member['username'] : '';
     $this->param['moderated'] = $this->param['digest'] || $this->param['displayorder'] > 0 ? 1 : 0;
     $this->param['ordertype'] && ($this->param['tstatus'] = setstatus(4, 1, $this->param['tstatus']));
     $this->param['imgcontent'] && ($this->param['tstatus'] = setstatus(15, $this->param['imgcontent'], $this->param['tstatus']));
     $this->param['hiddenreplies'] && ($this->param['tstatus'] = setstatus(2, 1, $this->param['tstatus']));
     $this->param['allownoticeauthor'] && ($this->param['tstatus'] = setstatus(6, 1, $this->param['tstatus']));
     $this->param['isgroup'] = $this->forum['status'] == 3 ? 1 : 0;
     $this->param['publishdate'] = !$this->param['modnewthreads'] ? $this->param['publishdate'] : TIMESTAMP;
     $newthread = array('fid' => $this->forum['fid'], 'posttableid' => 0, 'readperm' => $this->param['readperm'], 'price' => $this->param['price'], 'typeid' => $this->param['typeid'], 'sortid' => $this->param['sortid'], 'author' => $author, 'authorid' => $this->member['uid'], 'subject' => $this->param['subject'], 'dateline' => $this->param['publishdate'], 'lastpost' => $this->param['publishdate'], 'lastposter' => $author, 'displayorder' => $this->param['displayorder'], 'digest' => $this->param['digest'], 'special' => $this->param['special'], 'attachment' => 0, 'moderated' => $this->param['moderated'], 'status' => $this->param['tstatus'], 'isgroup' => $this->param['isgroup'], 'replycredit' => $this->param['replycredit'], 'closed' => $this->param['closed'] ? 1 : 0);
     $this->tid = C::t('forum_thread')->insert($newthread, true);
     C::t('forum_newthread')->insert(array('tid' => $this->tid, 'fid' => $this->forum['fid'], 'dateline' => $this->param['publishdate']));
     useractionlog($this->member['uid'], 'tid');
     if (!getuserprofile('threads') && $this->setting['newbie']) {
         C::t('forum_thread')->update($this->tid, array('icon' => $this->setting['newbie']));
     if ($this->param['publishdate'] != TIMESTAMP) {
         $cron_publish_ids = dunserialize($this->cache('cronpublish'));
         $cron_publish_ids[$this->tid] = $this->tid;
         $cron_publish_ids = serialize($cron_publish_ids);
         savecache('cronpublish', $cron_publish_ids);
     if (!$this->param['isanonymous']) {
         C::t('common_member_field_home')->update($this->member['uid'], array('recentnote' => $this->param['subject']));
     if ($this->param['moderated']) {
         updatemodlog($this->tid, $this->param['displayorder'] > 0 ? 'STK' : 'DIG');
         updatemodworks($this->param['displayorder'] > 0 ? 'STK' : 'DIG', 1);
     $this->param['bbcodeoff'] = checkbbcodes($this->param['message'], !empty($this->param['bbcodeoff']));
     $this->param['smileyoff'] = checksmilies($this->param['message'], !empty($this->param['smileyoff']));
     $this->param['parseurloff'] = !empty($this->param['parseurloff']);
     $this->param['htmlon'] = $this->group['allowhtml'] && !empty($this->param['htmlon']) ? 1 : 0;
     $this->param['usesig'] = !empty($this->param['usesig']) && $this->group['maxsigsize'] ? 1 : 0;
     $class_tag = new tag();
     $this->param['tagstr'] = $class_tag->add_tag($this->param['tags'], $this->tid, 'tid');
     $this->param['pinvisible'] = $this->param['modnewthreads'] ? -2 : (empty($this->param['save']) ? 0 : -3);
     $this->param['message'] = preg_replace('/\\[attachimg\\](\\d+)\\[\\/attachimg\\]/is', '[attach]\\1[/attach]', $this->param['message']);
     $this->param['pstatus'] = intval($this->param['pstatus']);
     defined('IN_MOBILE') && ($this->param['pstatus'] = setstatus(4, 1, $this->param['pstatus']));
     if ($this->param['imgcontent']) {
         stringtopic($this->param['message'], $this->tid, true, $this->param['imgcontentwidth']);
     $this->pid = insertpost(array('fid' => $this->forum['fid'], 'tid' => $this->tid, 'first' => '1', 'author' => $this->member['username'], 'authorid' => $this->member['uid'], 'subject' => $this->param['subject'], 'dateline' => $this->param['publishdate'], 'message' => $this->param['message'], 'useip' => $this->param['clientip'] ? $this->param['clientip'] : getglobal('clientip'), 'port' => $this->param['remoteport'] ? $this->param['remoteport'] : getglobal('remoteport'), 'invisible' => $this->param['pinvisible'], 'anonymous' => $this->param['isanonymous'], 'usesig' => $this->param['usesig'], 'htmlon' => $this->param['htmlon'], 'bbcodeoff' => $this->param['bbcodeoff'], 'smileyoff' => $this->param['smileyoff'], 'parseurloff' => $this->param['parseurloff'], 'attachment' => '0', 'tags' => $this->param['tagstr'], 'replycredit' => 0, 'status' => $this->param['pstatus']));
     $statarr = array(0 => 'thread', 1 => 'poll', 2 => 'trade', 3 => 'reward', 4 => 'activity', 5 => 'debate', 127 => 'thread');
     include_once libfile('function/stat');
     updatestat($this->param['isgroup'] ? 'groupthread' : $statarr[$this->param['special']]);
     if ($this->param['geoloc'] && IN_MOBILE == 2) {
         list($mapx, $mapy, $location) = explode('|', $this->param['geoloc']);
         if ($mapx && $mapy && $location) {
             C::t('forum_post_location')->insert(array('pid' => $this->pid, 'tid' => $this->tid, 'uid' => $this->member['uid'], 'mapx' => $mapx, 'mapy' => $mapy, 'location' => $location));
     if ($this->param['modnewthreads']) {
         updatemoderate('tid', $this->tid);
         C::t('forum_forum')->update_forum_counter($this->forum['fid'], 0, 0, 1);
         return 'post_newthread_mod_succeed';
     } else {
         if ($this->param['displayorder'] != -4) {
             if ($this->param['digest']) {
                 updatepostcredits('+', $this->member['uid'], 'digest', $this->forum['fid']);
             updatepostcredits('+', $this->member['uid'], 'post', $this->forum['fid']);
             if ($this->param['isgroup']) {
                 C::t('forum_groupuser')->update_counter_for_user($this->member['uid'], $this->forum['fid'], 1);
             $subject = str_replace("\t", ' ', $this->param['subject']);
             $lastpost = "{$this->tid}\t" . $subject . "\t" . TIMESTAMP . "\t{$author}";
             C::t('forum_forum')->update($this->forum['fid'], array('lastpost' => $lastpost));
             C::t('forum_forum')->update_forum_counter($this->forum['fid'], 1, 1, 1);
             if ($this->forum['type'] == 'sub') {
                 C::t('forum_forum')->update($this->forum['fup'], array('lastpost' => $lastpost));
         if ($this->param['isgroup']) {
             C::t('forum_forumfield')->update($this->forum['fid'], array('lastupdate' => TIMESTAMP));
             require_once libfile('function/grouplog');
             updategroupcreditlog($this->forum['fid'], $this->member['uid']);
         C::t('forum_sofa')->insert(array('tid' => $this->tid, 'fid' => $this->forum['fid']));
         return 'post_newthread_succeed';
Пример #5
function stream_save($strdata, $albumid = 0, $fileext = 'jpg', $name='', $title='', $delsize=0, $from = false) {
	global $_SGLOBAL, $space, $_SCONFIG, $_SC;

	if($albumid<0) $albumid = 0;
	$setarr = array();
	$filepath = getfilepath($fileext, true);
	$newfilename = $_SC['attachdir'].'./'.$filepath;

	if($handle = fopen($newfilename, 'wb')) {
		if(fwrite($handle, $strdata) !== FALSE) {
			$size = filesize($newfilename);

			if(empty($space)) {
				$space = getspace($_SGLOBAL['supe_uid']);
				$query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('space')." WHERE uid='$_SGLOBAL[supe_uid]'");
				$space = $_SGLOBAL['db']->fetch_array($query);
				$_SGLOBAL['supe_username'] = addslashes($space['username']);
			$_SGLOBAL['member'] = $space;

			$maxattachsize = checkperm('maxattachsize');//单位MB
			if($maxattachsize) {//0为不限制
				if($space['attachsize'] + $size - $delsize > $maxattachsize + $space['addsize']) {
					return -1;
			if(function_exists('getimagesize')) {	
				$tmp_imagesize = @getimagesize($newfilename);
				list($tmp_width, $tmp_height, $tmp_type) = (array)$tmp_imagesize;
				$tmp_size = $tmp_width * $tmp_height;
				if($tmp_size > 16777216 || $tmp_size < 4 || empty($tmp_type) || strpos($tmp_imagesize['mime'], 'flash') > 0) {
					return -2;

			$thumbpath = makethumb($newfilename);
			$thumb = empty($thumbpath)?0:1;

			if($_SCONFIG['allowwatermark']) {

			$filename = addslashes(($name ? $name : substr(strrchr($filepath, '/'), 1)));
			$title = getstr($title, 200, 1, 1, 1);
			if($albumid) {
				preg_match("/^new\:(.+)$/i", $albumid, $matchs);
				if(!empty($matchs[1])) {
					$albumname = shtmlspecialchars(trim($matchs[1]));
					if(empty($albumname)) $albumname = sgmdate('Ymd');
					$albumid = album_creat(array('albumname' => $albumname));
				} else {
					$albumid = intval($albumid);
					if($albumid) {
						$query = $_SGLOBAL['db']->query("SELECT albumname,friend FROM ".tname('album')." WHERE albumid='$albumid' AND uid='$_SGLOBAL[supe_uid]'");
						if($value = $_SGLOBAL['db']->fetch_array($query)) {
							$albumname = addslashes($value['albumname']);
							$albumfriend = $value['friend'];
						} else {
							$albumname = sgmdate('Ymd');
							$albumid = album_creat(array('albumname' => $albumname));
			} else {
				$albumid = 0;

			$setarr = array(
				'albumid' => $albumid,
				'uid' => $_SGLOBAL['supe_uid'],
				'username' => $_SGLOBAL['supe_username'],
				'dateline' => $_SGLOBAL['timestamp'],
				'filename' => $filename,
				'postip' => getonlineip(),
				'title' => $title,
				'type' => $fileext,
				'size' => $size,
				'filepath' => $filepath,
				'thumb' => $thumb
			$setarr['picid'] = inserttable('pic', $setarr, 1);

			$setsql = '';
			if($from) {
				$reward = getreward($from, 0);
				if($reward['credit']) {
					$setsql = ",credit=credit+$reward[credit]";
				if($reward['experience']) {
					$setsql .= ",experience=experience+$reward[experience]";
			$_SGLOBAL['db']->query("UPDATE ".tname('space')." SET attachsize=attachsize+'$size', updatetime='$_SGLOBAL[timestamp]' $setsql WHERE uid='$_SGLOBAL[supe_uid]'");

			if($albumid) {
				$file = $filepath.($thumb?'.thumb.jpg':'');
				$_SGLOBAL['db']->query("UPDATE ".tname('album')."
					SET picnum=picnum+1, updatetime='$_SGLOBAL[timestamp]', pic='$file', picflag='1'
					WHERE albumid='$albumid'");

			if($_SCONFIG['allowftp']) {
				if(ftpupload($newfilename, $filepath)) {
					$setarr['remote'] = 1;
					updatetable('pic', array('remote'=>$setarr['remote']), array('picid'=>$setarr['picid']));
					if($albumid) updatetable('album', array('picflag'=>2), array('albumid'=>$albumid));
				} else {
					return -4;

			return $setarr;
    	} else {
	return -3;
Пример #6
         updatemembercount($uid, array($_G['setting']['inviteconfig']['inviterewardcredit'] => $_G['setting']['inviteconfig']['inviteaddcredit']));
     if ($_G['setting']['inviteconfig']['invitedaddcredit']) {
         updatemembercount($invite['uid'], array($_G['setting']['inviteconfig']['inviterewardcredit'] => $_G['setting']['inviteconfig']['invitedaddcredit']));
     require_once libfile('function/friend');
     friend_make($invite['uid'], $invite['username'], false);
     notification_add($invite['uid'], 'friend', 'invite_friend', array('actor' => '<a href="home.php?mod=space&uid=' . $invite['uid'] . '" target="_blank">' . $invite['username'] . '</a>'), 1);
     space_merge($invite, 'field_home');
     if (!empty($invite['privacy']['feed']['invite'])) {
         require_once libfile('function/feed');
         $tite_data = array('username' => '<a href="home.php?mod=space&uid=' . $_G['uid'] . '">' . $_G['username'] . '</a>');
         feed_add('friend', 'feed_invite', $tite_data, '', array(), '', array(), array(), '', '', '', 0, 0, '', $invite['uid'], $invite['username']);
     if ($invite['appid']) {
 if ($welcomemsg && !empty($welcomemsgtxt)) {
     $welcomtitle = !empty($_G['setting']['welcomemsgtitle']) ? $_G['setting']['welcomemsgtitle'] : "Welcome to " . $_G['setting']['bbname'] . "!";
     $welcomtitle = addslashes(replacesitevar($welcomtitle));
     $welcomemsgtxt = addslashes(replacesitevar($welcomemsgtxt));
     if ($welcomemsg == 1) {
         sendpm($uid, $welcomtitle, $welcomemsgtxt, 0);
     } elseif ($welcomemsg == 2) {
         sendmail_cron($email, $welcomtitle, $welcomemsgtxt);
 if ($fromuid) {
     updatecreditbyaction('promotion_register', $fromuid);
     dsetcookie('promotion', '');
        $touid =& $_G['collection']['uid'];
        $coef = 1;
        if ($touid) {
            $subject = $message = lang('message', 'collection_recommend_message', array('fromuser' => $_G['username'], 'collectioname' => $_G['collection']['name'], 'url' => $_GET['threadurl']));
            if (C::t('home_blacklist')->count_by_uid_buid($touid, $_G['uid'])) {
                showmessage('is_blacklist', '', array(), array('return' => true));
            if ($value = getuserbyuid($touid)) {
                require_once libfile('function/friend');
                $value['onlyacceptfriendpm'] = $value['onlyacceptfriendpm'] ? $value['onlyacceptfriendpm'] : ($_G['setting']['onlyacceptfriendpm'] ? 1 : 2);
                if ($_G['group']['allowsendallpm'] || $value['onlyacceptfriendpm'] == 2 || $value['onlyacceptfriendpm'] == 1 && friend_check($touid)) {
                    $return = sendpm($touid, $subject, $message, '', 0, 0);
                } else {
                    showmessage('message_can_not_send_onlyfriend', '', array(), array('return' => true));
            } else {
                showmessage('message_bad_touid', '', array(), array('return' => true));
        } else {
            $return = sendpm(0, $subject, $message, '', $pmid, 0);
        if ($return > 0) {
            include_once libfile('function/stat');
            updatestat('sendpm', 0, $coef);
            C::t('common_member_status')->update($_G['uid'], array('lastpost' => TIMESTAMP), 'UNBUFFERED');
            !($_G['group']['exempt'] & 1) && updatecreditbyaction('sendpm', 0, array(), '', $coef);
            showmessage('collection_recommend_succ', '', array(), array('alert' => 'right', 'closetime' => true, 'showdialog' => 1));
Пример #8
function blog_post($POST, $olds=array()) {
	global $_G, $space;

	$isself = 1;
	if(!empty($olds['uid']) && $olds['uid'] != $_G['uid']) {
		$isself = 0;
		$__G = $_G;
		$_G['uid'] = $olds['uid'];
		$_G['username'] = addslashes($olds['username']);

	$POST['subject'] = getstr(trim($POST['subject']), 80);
	$POST['subject'] = censor($POST['subject']);
	if(strlen($POST['subject'])<1) $POST['subject'] = dgmdate($_G['timestamp'], 'Y-m-d');
	$POST['friend'] = intval($POST['friend']);

	$POST['target_ids'] = '';
	if($POST['friend'] == 2) {
		$uids = array();
		$names = empty($_POST['target_names'])?array():explode(',', preg_replace("/(\s+)/s", ',', $_POST['target_names']));
		if($names) {
			$uids = C::t('common_member')->fetch_all_uid_by_username($names);
		if(empty($uids)) {
			$POST['friend'] = 3;
		} else {
			$POST['target_ids'] = implode(',', $uids);
	} elseif($POST['friend'] == 4) {
		$POST['password'] = trim($POST['password']);
		if($POST['password'] == '') $POST['friend'] = 0;
	if($POST['friend'] !== 2) {
		$POST['target_ids'] = '';
	if($POST['friend'] !== 4) {
		$POST['password'] == '';

	$POST['tag'] = dhtmlspecialchars(trim($POST['tag']));
	$POST['tag'] = getstr($POST['tag'], 500);
	$POST['tag'] = censor($POST['tag']);

	$POST['message'] = checkhtml($POST['message']);
	if($_G['mobile']) {
		$POST['message'] = getstr($POST['message'], 0, 0, 0, 1);
		$POST['message'] = censor($POST['message']);
	} else {
		$POST['message'] = getstr($POST['message'], 0, 0, 0, 0, 1);
		$POST['message'] = censor($POST['message']);
		$POST['message'] = preg_replace(array(
		), array(
			'<a href="\\1" target="_blank">'
		), $POST['message']);
	$message = $POST['message'];
	if(censormod($message) || censormod($POST['subject']) || $_G['group']['allowblogmod']) {
		$blog_status = 1;
	} else {
		$blog_status = 0;

	if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) {
		if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') {
			$classname = dhtmlspecialchars(trim(substr($POST['classid'], 4)));
			$classname = getstr($classname);
			$classname = censor($classname);
			if(empty($classname)) {
				$classid = 0;
			} else {
				$classid = C::t('home_class')->fetch_classid_by_uid_classname($_G['uid'], $classname);
				if(empty($classid)) {
					$setarr = array(
						'classname' => $classname,
						'uid' => $_G['uid'],
						'dateline' => $_G['timestamp']
					$classid = C::t('home_class')->insert($setarr, true);
		} else {
			$classid = intval($POST['classid']);

	} else {
		$classid = $olds['classid'];
	if($classid && empty($classname)) {
		$query = C::t('home_class')->fetch($classid);
		$classname = ($query['uid'] == $_G['uid']) ? $query['classname'] : '';
		if(empty($classname)) $classid = 0;

	$blogarr = array(
		'subject' => $POST['subject'],
		'classid' => $classid,
		'friend' => $POST['friend'],
		'password' => $POST['password'],
		'noreply' => empty($POST['noreply'])?0:1,
		'catid' => intval($POST['catid']),
		'status' => $blog_status,

	$titlepic = '';

	$uploads = array();
	if(!empty($POST['picids'])) {
		$picids = array_keys($POST['picids']);
		$query = C::t('home_pic')->fetch_all_by_uid($_G['uid'], 0, 0, $picids);
		foreach($query as $value) {
			if(empty($titlepic) && $value['thumb']) {
				$titlepic = getimgthumbname($value['filepath']);
				$blogarr['picflag'] = $value['remote']?2:1;
			$picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0);
			$uploads[md5($picurl)] = $value;
		if(empty($titlepic) && $value) {
			$titlepic = $value['filepath'];
			$blogarr['picflag'] = $value['remote']?2:1;

	if($uploads) {
		$albumid = 0;
		if($POST['savealbumid'] < 0 && !empty($POST['newalbum'])) {
			$albumname = addslashes(dhtmlspecialchars(trim($POST['newalbum'])));
			if(empty($albumname)) $albumname = dgmdate($_G['timestamp'],'Ymd');
			$albumarr = array('albumname' => $albumname);
			$albumid = album_creat($albumarr);
		} else {
			$albumid = $POST['savealbumid'] < 0 ? 0 : intval($POST['savealbumid']);
		if($albumid) {
			C::t('home_pic')->update_for_uid($_G['uid'], $picids, array('albumid' => $albumid));
		preg_match_all("/\s*\<img src=\"(.+?)\".*?\>\s*/is", $message, $mathes);
		if(!empty($mathes[1])) {
			foreach ($mathes[1] as $key => $value) {
				$urlmd5 = md5($value);
				if(!empty($uploads[$urlmd5])) {
		foreach ($uploads as $value) {
			$picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0);
			$message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>";

	$ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\&nbsp\;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message);
	if(empty($ckmessage)) {
		return false;

	if(checkperm('manageblog')) {
		$blogarr['hot'] = intval($POST['hot']);

	if($olds['blogid']) {

		if($blogarr['catid'] != $olds['catid']) {
			if($olds['catid']) {
				C::t('home_blog_category')->update_num_by_catid(-1, $olds['catid'], true, true);
			if($blogarr['catid']) {
				C::t('home_blog_category')->update_num_by_catid(1, $blogarr['catid']);

		$blogid = $olds['blogid'];
		C::t('home_blog')->update($blogid, $blogarr);

		$fuids = array();

		$blogarr['uid'] = $olds['uid'];
		$blogarr['username'] = $olds['username'];
	} else {

		if($blogarr['catid']) {
			C::t('home_blog_category')->update_num_by_catid(1, $blogarr['catid']);

		$blogarr['uid'] = $_G['uid'];
		$blogarr['username'] = $_G['username'];
		$blogarr['dateline'] = empty($POST['dateline'])?$_G['timestamp']:$POST['dateline'];
		$blogid = C::t('home_blog')->insert($blogarr, true);

		C::t('common_member_status')->update($_G['uid'], array('lastpost' => $_G['timestamp']));
		C::t('common_member_field_home')->update($_G['uid'], array('recentnote'=>$POST['subject']));

	$blogarr['blogid'] = $blogid;
	$class_tag = new tag();
	$POST['tag'] = $olds ? $class_tag->update_field($POST['tag'], $blogid, 'blogid') : $class_tag->add_tag($POST['tag'], $blogid, 'blogid');
	$fieldarr = array(
		'message' => $message,
		'postip' => $_G['clientip'],
		'target_ids' => $POST['target_ids'],
		'tag' => $POST['tag']

	if(!empty($titlepic)) {
		$fieldarr['pic'] = $titlepic;

	if($olds) {
		C::t('home_blogfield')->update($blogid, $fieldarr);
	} else {
		$fieldarr['blogid'] = $blogid;
		$fieldarr['uid'] = $blogarr['uid'];

	if($isself && !$olds && $blog_status == 0) {
		updatecreditbyaction('publishblog', 0, array('blogs' => 1));

		include_once libfile('function/stat');

	if($olds['blogid'] && $blog_status == 1) {
		updatecreditbyaction('publishblog', 0, array('blogs' => -1), '', -1);
		include_once libfile('function/stat');

	if($POST['makefeed'] && $blog_status == 0) {
		include_once libfile('function/feed');
		feed_publish($blogid, 'blogid', $olds?0:1);

	if(!empty($__G)) $_G = $__G;
	if($blog_status == 1) {
		updatemoderate('blogid', $blogid);
	return $blogarr;
Пример #9
                if (cknote_uid(array("type" => "eventmember", "authorid" => $_SGLOBAL['supe_uid']), $filter)) {
                    $note_ids[] = $value['uid'];
                    $note_inserts[] = "('{$value['uid']}', 'eventmember', '1', '{$_SGLOBAL['supe_uid']}', '{$_SGLOBAL['supe_username']}', '" . addslashes($note_msg) . "', '{$_SGLOBAL['timestamp']}')";
            if ($note_inserts) {
                $_SGLOBAL['db']->query("INSERT INTO " . tname('notification') . " (`uid`, `type`, `new`, `authorid`, `author`, `note`, `dateline`) VALUES " . implode(',', $note_inserts));
                $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET notenum=notenum+1 WHERE uid IN (" . simplode($note_ids) . ")");
            //E-mail notice
            smail($event['uid'], '', $note_msg, 'event');
        // Bonus Points
        getreward('joinevent', 1, 0, $eventid);
        //Process Event Invites
        if ($eventinvite) {
            $_SGLOBAL['db']->query("DELETE FROM " . tname("eventinvite") . " WHERE eventid='{$eventid}' AND touid='{$_SGLOBAL['supe_uid']}'");
            $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET eventinvitenum=eventinvitenum-1 WHERE uid = '{$_SGLOBAL['supe_uid']}' AND eventinvitenum>0");
        showmessage("do_success", "space.php?do=event&id={$eventid}", 0);
        // Join the event successfully
} elseif ($op == "quit") {
    // Quit Event
    if (!$eventid) {
        // Event does not exist or has been deleted
    if (submitcheck("quitsubmit")) {
Пример #10
    if ($res = $_SGLOBAL['db']->fetch_array($query)) {
        $school = $res['school'];
        $query1 = $_SGLOBAL['db']->query("SELECT * FROM " . tname("mtag") . " WHERE tagname='{$school}'");
        if ($r = $_SGLOBAL['db']->fetch_array($query1)) {
            $tagid = $r['tagid'];
    $setarr = array('tagid' => $tagid, 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'subject' => $msg, 'lastpost' => $_SGLOBAL['timestamp'], 'lastauthor' => $_SGLOBAL['supe_username'], 'lastauthorid' => $_SGLOBAL['supe_uid']);
    $tid = inserttable('thread', $setarr, 1);
    $psetarr = array('tagid' => $tagid, 'tid' => $tid, 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'ip' => getonlineip(), 'dateline' => $_SGLOBAL['timestamp'], 'message' => $msg, 'isthread' => 1);
    inserttable('post', $psetarr);
    $_SGLOBAL['db']->query("UPDATE " . tname("mtag") . " SET threadnum=threadnum+1 WHERE tagid='{$tagid}'");
    if (empty($space['threadnum'])) {
        $space['threadnum'] = getcount('thread', array('uid' => $space['uid']));
        $threadnumsql = "threadnum=" . $space['threadnum'];
    } else {
        $threadnumsql = 'threadnum=threadnum+1';
    $reward = getreward('publishthread', 0);
    $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$threadnumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'");
    $returnarr = array("tagid" => $tagid, "tid" => $tid);
    echo json_encode($returnarr);
if ($_GET['sync'] == 'false') {
Пример #11
        if ($_G['gp_tradeaid']) {
            $attachment = DB::fetch_first("SELECT * FROM " . DB::table('forum_attachment') . " WHERE aid='{$_G['gp_tradeaid']}'");
            if (in_array($attachment['filetype'], array('image/gif', 'image/jpeg', 'image/png'))) {
                $_G['setting']['attachurl'] = preg_match("/^((https?|ftps?):\\/\\/|www\\.)/i", $_G['setting']['attachurl']) ? $_G['setting']['attachurl'] : $_G['siteurl'] . $_G['setting']['attachurl'];
                $imgurl = $_G['setting']['attachurl'] . '/forum/' . $attachment['attachment'] . ($attachment['thumb'] && $attachment['filetype'] != 'image/gif' ? '.thumb.jpg' : '');
                $feed['images'][] = $attachment['attachment'] ? $imgurl : '';
                $feed['image_links'][] = $attachment['attachment'] ? "{$_G['siteurl']}forum.php?mod=viewthread&tid={$tid}" : '';
        $feed['title_data']['hash_data'] = "tid{$tid}";
        $feed['id'] = $tid;
        $feed['idtype'] = 'tid';
    if ($digest) {
        foreach ($digestcredits as $id => $addcredits) {
            $postcredits[$id] = (isset($postcredits[$id]) ? $postcredits[$id] : 0) + $addcredits;
    updatepostcredits('+', $_G['uid'], 'post', $_G['fid']);
    DB::query("UPDATE " . DB::table('common_member_count') . " SET threads=threads+1 WHERE uid='{$_G['uid']}'");
    $lastpost = "{$tid}\t{$subject}\t{$_G['timestamp']}\t{$author}";
    DB::query("UPDATE " . DB::table('forum_forum') . " SET lastpost='{$lastpost}', threads=threads+1, posts=posts+2, todayposts=todayposts+1 WHERE fid='{$_G['fid']}'", 'UNBUFFERED');
    if ($_G['forum']['type'] == 'sub') {
        DB::query("UPDATE " . DB::table('forum_forum') . " SET lastpost='{$lastpost}' WHERE fid='" . $_G['forum']['fup'] . "'", 'UNBUFFERED');
    include_once libfile('function/stat');
    showmessage('post_newthread_succeed', "forum.php?mod=viewthread&tid={$tid}&extra={$extra}", $param);
Пример #12
     if ($_G['forum']['picstyle']) {
         setthreadcover($pid, 0, $threadimageaid);
 if ($threadimageaid) {
     if (!$threadimage) {
         $threadimage = DB::fetch_first("SELECT attachment, remote FROM " . DB::table(getattachtablebytid($tid)) . " WHERE aid='{$threadimageaid}'");
     $threadimage = daddslashes($threadimage);
     DB::insert('forum_threadimage', array('tid' => $tid, 'attachment' => $threadimage['attachment'], 'remote' => $threadimage['remote']));
 $param = array('fid' => $_G['fid'], 'tid' => $tid, 'pid' => $pid);
 $statarr = array(0 => 'thread', 1 => 'poll', 2 => 'trade', 3 => 'reward', 4 => 'activity', 5 => 'debate', 127 => 'thread');
 include_once libfile('function/stat');
 updatestat($isgroup ? 'groupthread' : $statarr[$special]);
 dsetcookie('clearUserdata', 'forum');
 if ($specialextra) {
     $classname = 'threadplugin_' . $specialextra;
     if (class_exists($classname) && method_exists($threadpluginclass = new $classname(), 'newthread_submit_end')) {
         $threadpluginclass->newthread_submit_end($_G['fid'], $tid);
 if ($modnewthreads) {
     updatemoderate('tid', $tid);
     DB::query("UPDATE " . DB::table('forum_forum') . " SET todayposts=todayposts+1 WHERE fid='{$_G['fid']}'", 'UNBUFFERED');
     showmessage('post_newthread_mod_succeed', "forum.php?mod=viewthread&tid={$tid}&extra={$extra}", $param);
 } else {
     $feed = array('icon' => '', 'title_template' => '', 'title_data' => array(), 'body_template' => '', 'body_data' => array(), 'title_data' => array(), 'images' => array());
     if (!empty($_G['gp_addfeed']) && $_G['forum']['allowfeed'] && !$isanonymous) {
Пример #13
        if ($comment['authorid'] != $_SGLOBAL['supe_uid']) {
            smail($comment['authorid'], '', cplang($q_msgtype, array($_SN[$userid], shtmlspecialchars(getsiteurl() . $n_url))), '', $q_msgtype);
            notification_add($comment['authorid'], $note_type, $q_note);
        if ($UserIds) {
            $note = cplang('note_comment_at', array($n_url));
            foreach ($UserIds as $UserId) {
                notification_add($UserId, 'atyou', $note);
    if ($stattype) {
    if ($cid) {
        $arrs = array('flag' => 'success');
    } else {
        $arrs = array('flag' => 'failed');
function returnflag($flag)
    $result = json_encode($flag);
    $result = preg_replace("#\\\\u([0-9a-f]{4})#ie", "iconv('UCS-2BE', 'UTF-8', pack('H4', '\\1'))", $result);
    echo $result;
Пример #14
                } elseif ($stand == 2) {
                    $feed['title_template'] = 'feed_thread_debatevote_title_2';
                } else {
                    $feed['title_template'] = 'feed_thread_debatevote_title_3';
                $feed['title_data'] = array('subject' => "<a href=\"{$_G['siteurl']}forum.php?mod=viewthread&tid={$_G['tid']}\">{$thread['subject']}</a>", 'author' => "<a href=\"home.php?mod=space&uid={$thread['authorid']}\">{$thread['author']}</a>");
            } elseif ($thread['authorid'] != $_G['uid']) {
                $post_url = "forum.php?mod=redirect&goto=findpost&pid={$pid}&ptid={$_G['tid']}";
                $feed['icon'] = 'post';
                $feed['title_template'] = !empty($thread['author']) ? 'feed_reply_title' : 'feed_reply_title_anonymous';
                $feed['title_data'] = array('subject' => "<a href=\"{$post_url}\">{$thread['subject']}</a>", 'author' => "<a href=\"home.php?mod=space&uid={$thread['authorid']}\">{$thread['author']}</a>");
                if (!empty($_G['forum_attachexist'])) {
                    $firstaid = DB::result_first("SELECT aid FROM " . DB::table('forum_attachment') . " WHERE pid='{$pid}' AND dateline>'0' AND isimage='1' ORDER BY dateline LIMIT 1");
                    if ($firstaid) {
                        $feed['images'] = array(getforumimg($firstaid));
                        $feed['image_links'] = array($post_url);
            $feed['title_data']['hash_data'] = "tid{$_G[tid]}";
            $feed['id'] = $tid;
            $feed['idtype'] = 'tid';
        include_once libfile('function/stat');
        updatestat($thread['isgroup'] ? 'grouppost' : 'post');
        $page = getstatus($thread['status'], 4) ? 1 : @ceil(($thread['special'] ? $thread['replies'] + 1 : $thread['replies'] + 2) / $_G['ppp']);
        $url = empty($_POST['portal_referer']) ? "forum.php?mod=viewthread&tid={$thread[tid]}&pid={$pid}&page={$page}&extra={$extra}#pid{$pid}" : $_POST['portal_referer'];
        showmessage($replymessage, $url, $param);
Пример #15
function blog_post($POST, $olds=array()) {
	global $_SGLOBAL, $_SC, $space;
	$isself = 1;
	if(!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) {
		$isself = 0;
		$_SGLOBAL['supe_uid'] = $olds['uid'];
		$_SGLOBAL['supe_username'] = addslashes($olds['username']);

	$POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1);
	if(strlen($POST['subject'])<1) $POST['subject'] = sgmdate('Y-m-d');
	$POST['friend'] = intval($POST['friend']);
	$POST['target_ids'] = '';
	if($POST['friend'] == 2) {
		$uids = array();
		$names = empty($_POST['target_names'])?array():explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names']));
		if($names) {
			$query = $_SGLOBAL['db']->query("SELECT uid FROM ".tname('space')." WHERE username IN (".simplode($names).")");
			while ($value = $_SGLOBAL['db']->fetch_array($query)) {
				$uids[] = $value['uid'];
		if(empty($uids)) {
			$POST['friend'] = 3;//仅自己可见
		} else {
			$POST['target_ids'] = implode(',', $uids);
	} elseif($POST['friend'] == 4) {
		$POST['password'] = trim($POST['password']);
		if($POST['password'] == '') $POST['friend'] = 0;//公开
	if($POST['friend'] !== 2) {
		$POST['target_ids'] = '';
	if($POST['friend'] !== 4) {
		$POST['password'] == '';

	$POST['tag'] = shtmlspecialchars(trim($POST['tag']));
	$POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1);	//语词屏蔽

	if($_SGLOBAL['mobile']) {
		$POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1);
	} else {
		$POST['message'] = checkhtml($POST['message']);
		$POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1);
		$POST['message'] = preg_replace(array(
			), array(
				'<a href="\\1" target="_blank">'
			), $POST['message']);
	$message = $POST['message'];

	if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) {
		if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') {
			$classname = shtmlspecialchars(trim(substr($POST['classid'], 4)));
			$classname = getstr($classname, 0, 1, 1, 1);
			if(empty($classname)) {
				$classid = 0;
			} else {
				$classid = getcount('class', array('classname'=>$classname, 'uid'=>$_SGLOBAL['supe_uid']), 'classid');
				if(empty($classid)) {
					$setarr = array(
						'classname' => $classname,
						'uid' => $_SGLOBAL['supe_uid'],
						'dateline' => $_SGLOBAL['timestamp']
					$classid = inserttable('class', $setarr, 1);
		} else {
			$classid = intval($POST['classid']);

	} else {
		$classid = $olds['classid'];
	if($classid && empty($classname)) {
		$classname = getcount('class', array('classid'=>$classid, 'uid'=>$_SGLOBAL['supe_uid']), 'classname');
		if(empty($classname)) $classid = 0;
	$blogarr = array(
		'subject' => $POST['subject'],
		'classid' => $classid,
		'friend' => $POST['friend'],
		'password' => $POST['password'],
		'noreply' => empty($_POST['noreply'])?0:1

	$titlepic = '';
	$uploads = array();
	if(!empty($POST['picids'])) {
		$picids = array_keys($POST['picids']);
		$query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('pic')." WHERE picid IN (".simplode($picids).") AND uid='$_SGLOBAL[supe_uid]'");
		while ($value = $_SGLOBAL['db']->fetch_array($query)) {
			if(empty($titlepic) && $value['thumb']) {
				$titlepic = $value['filepath'].'.thumb.jpg';
				$blogarr['picflag'] = $value['remote']?2:1;
			$uploads[$POST['picids'][$value['picid']]] = $value;
		if(empty($titlepic) && $value) {
			$titlepic = $value['filepath'];
			$blogarr['picflag'] = $value['remote']?2:1;
	if($uploads) {
		preg_match_all("/\<img\s.*?\_uchome\_localimg\_([0-9]+).+?src\=\"(.+?)\"/i", $message, $mathes);
		if(!empty($mathes[1])) {
			$searchs = $idsearchs = array();
			$replaces = array();
			foreach ($mathes[1] as $key => $value) {
				if(!empty($mathes[2][$key]) && !empty($uploads[$value])) {
					$searchs[] = $mathes[2][$key];
					$idsearchs[] = "_uchome_localimg_$value";
					$replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0);
			if($searchs) {
				$message = str_replace($searchs, $replaces, $message);
				$message = str_replace($idsearchs, 'uchomelocalimg[]', $message);
		foreach ($uploads as $value) {
			$picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0);
			$message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>";
	$ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\&nbsp\;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message);
	if(empty($ckmessage)) {
		return false;
	$message = addslashes($message);
	if(empty($titlepic)) {
		$titlepic = getmessagepic($message);
		$blogarr['picflag'] = 0;
	$blogarr['pic'] = $titlepic;
	if(checkperm('manageblog')) {
		$blogarr['hot'] = intval($POST['hot']);
	if($olds['blogid']) {
		$blogid = $olds['blogid'];
		updatetable('blog', $blogarr, array('blogid'=>$blogid));
		$fuids = array();
		$blogarr['uid'] = $olds['uid'];
		$blogarr['username'] = $olds['username'];
	} else {
		$blogarr['topicid'] = topic_check($POST['topicid'], 'blog');

		$blogarr['uid'] = $_SGLOBAL['supe_uid'];
		$blogarr['username'] = $_SGLOBAL['supe_username'];
		$blogarr['dateline'] = empty($POST['dateline'])?$_SGLOBAL['timestamp']:$POST['dateline'];
		$blogid = inserttable('blog', $blogarr, 1);
	$blogarr['blogid'] = $blogid;
	$fieldarr = array(
		'message' => $message,
		'postip' => getonlineip(),
		'target_ids' => $POST['target_ids']
	$oldtagstr = addslashes(empty($olds['tag'])?'':implode(' ', unserialize($olds['tag'])));

	$tagarr = array();
	if($POST['tag'] != $oldtagstr) {
		if(!empty($olds['tag'])) {
			$oldtags = array();
			$query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM ".tname('tagblog')." WHERE blogid='$blogid'");
			while ($value = $_SGLOBAL['db']->fetch_array($query)) {
				$oldtags[] = $value['tagid'];
			if($oldtags) {
				$_SGLOBAL['db']->query("UPDATE ".tname('tag')." SET blognum=blognum-1 WHERE tagid IN (".simplode($oldtags).")");
				$_SGLOBAL['db']->query("DELETE FROM ".tname('tagblog')." WHERE blogid='$blogid'");
		$tagarr = tag_batch($blogid, $POST['tag']);
		$fieldarr['tag'] = empty($tagarr)?'':addslashes(serialize($tagarr));

	if($olds) {
		updatetable('blogfield', $fieldarr, array('blogid'=>$blogid));
	} else {
		$fieldarr['blogid'] = $blogid;
		$fieldarr['uid'] = $blogarr['uid'];
		inserttable('blogfield', $fieldarr);

	if($isself) {
		if($olds) {
			$_SGLOBAL['db']->query("UPDATE ".tname('space')." SET updatetime='$_SGLOBAL[timestamp]' WHERE uid='$_SGLOBAL[supe_uid]'");
		} else {
			if(empty($space['blognum'])) {
				$space['blognum'] = getcount('blog', array('uid'=>$space['uid']));
				$blognumsql = "blognum=".$space['blognum'];
			} else {
				$blognumsql = 'blognum=blognum+1';
			$reward = getreward('publishblog', 0);
			$_SGLOBAL['db']->query("UPDATE ".tname('space')." SET {$blognumsql}, lastpost='$_SGLOBAL[timestamp]', updatetime='$_SGLOBAL[timestamp]', credit=credit+$reward[credit], experience=experience+$reward[experience] WHERE uid='$_SGLOBAL[supe_uid]'");
	if($POST['makefeed']) {
		feed_publish($blogid, 'blogid', $olds?0:1);
	if(empty($olds) && $blogarr['topicid']) {
		topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']);

	if(!empty($__SGLOBAL)) $_SGLOBAL = $__SGLOBAL;

	return $blogarr;
Пример #16
         if ($_G['setting']['heatthread']['type'] == 2) {
             require_once libfile('function/forum');
     case 'article':
         DB::query("UPDATE " . DB::table('portal_article_count') . " SET sharetimes=sharetimes+1 WHERE aid='{$id}'");
 if ($arr['status'] == 1) {
     updatemoderate('sid', $sid);
 if ($type == 'link' || !DB::result_first("SELECT COUNT(*) FROM " . DB::table('home_share') . " WHERE uid='{$_G['uid']}' AND itemid='{$id}' AND type='{$type}'")) {
     include_once libfile('function/stat');
 if ($note_uid && $note_uid != $_G['uid']) {
     notification_add($note_uid, 'sharenotice', $note_message, $note_values);
 $needle = $id ? $type . $id : '';
 updatecreditbyaction('createshare', $_G['uid'], array('sharings' => 1), $needle);
 $referer = "home.php?mod=space&uid={$_G['uid']}&do=share&view={$_GET['view']}&from={$_GET['from']}";
 $magvalues['sid'] = $sid;
 if (!$redirecturl) {
     $redirecturl = dreferer();
 if (!$showmessagecontent) {
     $showmessagecontent = 'do_success';
 showmessage($showmessagecontent, $redirecturl, $magvalues, $_G['inajax'] && $_GET['view'] != 'me' ? array('showdialog' => 1, 'showmsg' => true, 'closetime' => true) : array());
Пример #17
        $levelid = DB::result_first("SELECT levelid FROM " . DB::table('forum_grouplevel') . " WHERE creditshigher<='0' AND '0'<creditslower LIMIT 1");
        DB::query("INSERT INTO " . DB::table('forum_forum') . "(fup, type, name, status, level) VALUES ('{$_G['gp_fup']}', 'sub', '{$_G['gp_name']}', '3', '{$levelid}')");
        $newfid = DB::insert_id();
        if ($newfid) {
            $jointype = intval($_G['gp_jointype']);
            $gviewperm = intval($_G['gp_gviewperm']);
            $descriptionnew = dhtmlspecialchars(censor(trim($_G['gp_descriptionnew'])));
            DB::query("INSERT INTO " . DB::table('forum_forumfield') . "(fid, description, jointype, gviewperm, dateline, founderuid, foundername, membernum) VALUES ('{$newfid}', '{$descriptionnew}', '{$jointype}', '{$gviewperm}', '" . TIMESTAMP . "', '{$_G['uid']}', '{$_G['username']}', '1')");
            DB::query("UPDATE " . DB::table('forum_forumfield') . " SET groupnum=groupnum+1 WHERE fid='{$_G['gp_fup']}'");
            DB::query("INSERT INTO " . DB::table('forum_groupuser') . "(fid, uid, username, level, joindateline) VALUES ('{$newfid}', '{$_G['uid']}', '{$_G['username']}', '1', '" . TIMESTAMP . "')");
            require_once libfile('function/cache');
        include_once libfile('function/stat');
        showmessage('group_create_succeed', "forum.php?mod=group&action=manage&fid={$newfid}", array(), array('showdialog' => 1, 'showmsg' => true, 'locationtime' => true));
    include template('diy:group/group:' . $_G['fid']);
} elseif ($action == 'manage') {
    if (!$_G['forum']['ismoderator']) {
    $specialswitch = $_G['current_grouplevel']['specialswitch'];
    $oparray = array('group', 'checkuser', 'manageuser', 'threadtype', 'demise');
    $_G['gp_op'] = getgpc('op') && in_array($_G['gp_op'], $oparray) ? $_G['gp_op'] : 'group';
    if (empty($groupmanagers[$_G[uid]]) && !in_array($_G['gp_op'], array('group', 'threadtype', 'demise')) && $_G['adminid'] != 1) {
    $page = intval(getgpc('page')) ? intval($_G['gp_page']) : 1;
    $perpage = 54;
Пример #18
        } else {
            $poll['percredit'] = 0;
        $_SGLOBAL['db']->query("UPDATE " . tname('poll') . " SET voternum=voternum+1, lastvote='{$_SGLOBAL['timestamp']}', credit=credit-{$poll['percredit']} {$sql} WHERE pid='{$pid}'");
        // real name
        if ($poll['uid'] != $_SGLOBAL['supe_uid']) {
            //Reward points
            getreward('joinpoll', 1, 0, $pid);
        // hot value
        if ($poll['uid'] != $_SGLOBAL['supe_uid']) {
            hot_update('pid', $poll['pid'], $poll['hotuser']);
        // event feed
        if (!isset($_POST['anonymous']) && $_SGLOBAL['supe_uid'] != $poll['uid'] && ckprivacy('joinpoll', 1)) {
            $fs = array();
            $fs['icon'] = 'poll';
            $fs['images'] = $fs['image_links'] = array();
            $fs['title_template'] = cplang('take_part_in_the_voting');
            $fs['title_data'] = array('touser' => "<a href=\"space.php?uid={$poll['uid']}\">" . $_SN[$poll['uid']] . "</a>", 'url' => "space.php?uid={$poll['uid']}&do=poll&pid={$pid}", 'subject' => $poll['subject'], 'reward' => $poll['percredit'] ? cplang('reward') : '');
            $fs['body_template'] = '';
            $fs['body_data'] = array();
            include_once S_ROOT . './source/function_cp.php';
            feed_add($fs['icon'], $fs['title_template'], $fs['title_data'], $fs['body_template'], $fs['body_data']);
        showmessage('do_success', 'space.php?uid=' . $poll['uid'] . '&do=poll&pid=' . $pid . ($poll['percredit'] ? '&reward=' . $poll['percredit'] : ''), 0);
} elseif ($op == 'endreward') {
Пример #19
function friend_make($touid, $tousername, $checkrequest = true)
    global $_G;
    if ($touid == $_G['uid']) {
        return false;
    if ($checkrequest) {
        $to_freind_request = DB::fetch_first("SELECT * FROM " . DB::table('home_friend_request') . " WHERE uid='{$touid}' AND fuid='{$_G['uid']}'");
        if ($to_freind_request) {
            DB::query("DELETE FROM " . DB::table('home_friend_request') . " WHERE uid='{$touid}' AND fuid='{$_G['uid']}'");
        $to_freind_request = DB::fetch_first("SELECT * FROM " . DB::table('home_friend_request') . " WHERE uid='{$_G['uid']}' AND fuid='{$touid}'");
        if ($to_freind_request) {
            DB::query("DELETE FROM " . DB::table('home_friend_request') . " WHERE uid='{$_G['uid']}' AND fuid='{$touid}'");
    DB::query("REPLACE INTO " . DB::table('home_friend') . " (uid,fuid,fusername,dateline)\r\n\t\tVALUES ('{$touid}', '{$_G['uid']}', '{$_G['username']}', '{$_G['timestamp']}'),\r\n\t\t\t('{$_G['uid']}', '{$touid}', '{$tousername}', '{$_G['timestamp']}')");
    addfriendlog($_G['uid'], $touid);
    include_once libfile('function/stat');
Пример #20
 function _init_misc()
     if (!$this->init_misc) {
         return false;
     if ($this->init_setting && $this->init_user) {
         if (!isset($this->var['member']['timeoffset']) || $this->var['member']['timeoffset'] == 9999 || $this->var['member']['timeoffset'] === '') {
             $this->var['member']['timeoffset'] = $this->var['setting']['timeoffset'];
     $timeoffset = $this->init_setting ? $this->var['member']['timeoffset'] : $this->var['setting']['timeoffset'];
     $this->var['timenow'] = array('time' => dgmdate(TIMESTAMP), 'offset' => $timeoffset >= 0 ? $timeoffset == 0 ? '' : '+' . $timeoffset : $timeoffset);
     $this->var['formhash'] = formhash();
     define('FORMHASH', $this->var['formhash']);
     if ($this->init_user) {
         if ($this->var['group'] && isset($this->var['group']['allowvisit']) && !$this->var['group']['allowvisit']) {
             if ($this->var['uid']) {
                 sysmessage('user_banned', null);
             } elseif ((!defined('ALLOWGUEST') || !ALLOWGUEST) && !in_array(CURSCRIPT, array('member', 'api')) && !$this->var['inajax']) {
                 dheader('location: member.php?mod=logging&action=login&referer=' . rawurlencode($_SERVER['REQUEST_URI']));
         if ($this->var['member']['status'] == -1) {
             sysmessage('user_banned', null);
     if ($this->var['setting']['ipaccess'] && !ipaccess($this->var['clientip'], $this->var['setting']['ipaccess'])) {
         sysmessage('user_banned', null);
     if ($this->var['setting']['bbclosed']) {
         if ($this->var['uid'] && ($this->var['group']['allowvisit'] == 2 || $this->var['groupid'] == 1)) {
         } elseif (in_array(CURSCRIPT, array('admin', 'member', 'api')) || defined('ALLOWGUEST') && ALLOWGUEST) {
         } else {
             $closedreason = DB::result_first("SELECT svalue FROM " . DB::table('common_setting') . " WHERE skey='closedreason'");
             $closedreason = str_replace(':', '&#58;', $closedreason);
             showmessage($closedreason ? $closedreason : 'board_closed', NULL, array('adminemail' => $this->var['setting']['adminemail']), array('login' => 1));
     if (CURSCRIPT != 'admin' && !in_array($this->var['mod'], array('logging', 'seccode'))) {
     if (defined('IN_MOBILE')) {
         $this->var['tpp'] = $this->var['setting']['mobile']['mobiletopicperpage'] ? intval($this->var['setting']['mobile']['mobiletopicperpage']) : 20;
         $this->var['ppp'] = $this->var['setting']['mobile']['mobilepostperpage'] ? intval($this->var['setting']['mobile']['mobilepostperpage']) : 5;
     } else {
         $this->var['tpp'] = $this->var['setting']['topicperpage'] ? intval($this->var['setting']['topicperpage']) : 20;
         $this->var['ppp'] = $this->var['setting']['postperpage'] ? intval($this->var['setting']['postperpage']) : 10;
     if ($this->var['setting']['nocacheheaders']) {
         @header("Expires: -1");
         @header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
         @header("Pragma: no-cache");
     if ($this->session->isnew && $this->var['uid']) {
         updatecreditbyaction('daylogin', $this->var['uid']);
         include_once libfile('function/stat');
         updatestat('login', 1);
         if (defined('IN_MOBILE')) {
             updatestat('mobilelogin', 1);
         if ($this->var['setting']['connect']['allow'] && $this->var['member']['conisbind']) {
             updatestat('connectlogin', 1);
     if ($this->var['member']['conisbind'] && $this->var['setting']['connect']['newbiespan'] !== '') {
         $this->var['setting']['newbiespan'] = $this->var['setting']['connect']['newbiespan'];
     $lastact = TIMESTAMP . "\t" . htmlspecialchars(basename($this->var['PHP_SELF'])) . "\t" . htmlspecialchars($this->var['mod']);
     dsetcookie('lastact', $lastact, 86400);
     setglobal('currenturl_encode', base64_encode('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']));
     if ((!empty($this->var['gp_fromuid']) || !empty($this->var['gp_fromuser'])) && ($this->var['setting']['creditspolicy']['promotion_visit'] || $this->var['setting']['creditspolicy']['promotion_register'])) {
         require_once libfile('misc/promotion', 'include');
     $this->var['seokeywords'] = !empty($this->var['setting']['seokeywords'][CURSCRIPT]) ? $this->var['setting']['seokeywords'][CURSCRIPT] : '';
     $this->var['seodescription'] = !empty($this->var['setting']['seodescription'][CURSCRIPT]) ? $this->var['setting']['seodescription'][CURSCRIPT] : '';
Пример #21
 public static function register($username, $return = 0, $groupid = 0)
     global $_G;
     if (!$username) {
     if (!$_G['wechat']['setting']) {
         $_G['wechat']['setting'] = unserialize($_G['setting']['mobilewechat']);
     $groupid = !$groupid ? $_G['wechat']['setting']['wechat_newusergroupid'] ? $_G['wechat']['setting']['wechat_newusergroupid'] : $_G['setting']['newusergroupid'] : $groupid;
     $password = md5(random(10));
     $email = 'wechat_' . strtolower(random(10)) . '@null.null';
     $usernamelen = dstrlen($username);
     if ($usernamelen < 3) {
         $username = $username . '_' . random(5);
     if ($usernamelen > 15) {
         if (!$return) {
         } else {
     $censorexp = '/^(' . str_replace(array('\\*', "\r\n", ' '), array('.*', '|', ''), preg_quote($_G['setting']['censoruser'] = trim($_G['setting']['censoruser']), '/')) . ')$/i';
     if ($_G['setting']['censoruser'] && @preg_match($censorexp, $username)) {
         if (!$return) {
         } else {
     if (!$_G['wechat']['setting']['wechat_disableregrule']) {
         if ($_G['cache']['ipctrl']['ipregctrl']) {
             foreach (explode("\n", $_G['cache']['ipctrl']['ipregctrl']) as $ctrlip) {
                 if (preg_match("/^(" . preg_quote($ctrlip = trim($ctrlip), '/') . ")/", $_G['clientip'])) {
                     $ctrlip = $ctrlip . '%';
                     $_G['setting']['regctrl'] = $_G['setting']['ipregctrltime'];
                 } else {
                     $ctrlip = $_G['clientip'];
         } else {
             $ctrlip = $_G['clientip'];
         if ($_G['setting']['regctrl']) {
             if (C::t('common_regip')->count_by_ip_dateline($ctrlip, $_G['timestamp'] - $_G['setting']['regctrl'] * 3600)) {
                 if (!$return) {
                     showmessage('register_ctrl', NULL, array('regctrl' => $_G['setting']['regctrl']));
                 } else {
         $setregip = null;
         if ($_G['setting']['regfloodctrl']) {
             $regip = C::t('common_regip')->fetch_by_ip_dateline($_G['clientip'], $_G['timestamp'] - 86400);
             if ($regip) {
                 if ($regip['count'] >= $_G['setting']['regfloodctrl']) {
                     if (!$return) {
                         showmessage('register_flood_ctrl', NULL, array('regfloodctrl' => $_G['setting']['regfloodctrl']));
                     } else {
                 } else {
                     $setregip = 1;
             } else {
                 $setregip = 2;
         if ($setregip !== null) {
             if ($setregip == 1) {
             } else {
                 C::t('common_regip')->insert(array('ip' => $_G['clientip'], 'count' => 1, 'dateline' => $_G['timestamp']));
     $uid = uc_user_register(addslashes($username), $password, $email, '', '', $_G['clientip']);
     if ($uid <= 0) {
         if (!$return) {
             if ($uid == -1) {
             } elseif ($uid == -2) {
             } elseif ($uid == -3) {
             } elseif ($uid == -4) {
             } elseif ($uid == -5) {
             } elseif ($uid == -6) {
             } else {
         } else {
     $init_arr = array('credits' => explode(',', $_G['setting']['initcredits']));
     C::t('common_member')->insert($uid, $username, $password, $email, $_G['clientip'], $groupid, $init_arr);
     if ($_G['setting']['regctrl'] || $_G['setting']['regfloodctrl']) {
         C::t('common_regip')->delete_by_dateline($_G['timestamp'] - ($_G['setting']['regctrl'] > 72 ? $_G['setting']['regctrl'] : 72) * 3600);
         if ($_G['setting']['regctrl']) {
             C::t('common_regip')->insert(array('ip' => $_G['clientip'], 'count' => -1, 'dateline' => $_G['timestamp']));
     if ($_G['setting']['regverify'] == 2) {
         C::t('common_member_validate')->insert(array('uid' => $uid, 'submitdate' => $_G['timestamp'], 'moddate' => 0, 'admin' => '', 'submittimes' => 1, 'status' => 0, 'message' => '', 'remark' => ''), false, true);
     setloginstatus(array('uid' => $uid, 'username' => $username, 'password' => $password, 'groupid' => $groupid), 0);
     include_once libfile('function/stat');
     return $uid;
Пример #22
function blog_post($POST, $olds = array())
    global $_SGLOBAL, $_SC, $space;
    $isself = 1;
    if (!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) {
        $isself = 0;
        $__SGLOBAL = $_SGLOBAL;
        $_SGLOBAL['supe_uid'] = $olds['uid'];
        $_SGLOBAL['supe_username'] = addslashes($olds['username']);
    $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1);
    if (strlen($POST['subject']) < 1) {
        $POST['subject'] = sgmdate('Y-m-d');
    $POST['friend'] = intval($POST['friend']);
    $POST['target_ids'] = '';
    if ($POST['friend'] == 2) {
        $uids = array();
        $names = empty($_POST['target_names']) ? array() : explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names']));
        if ($names) {
            $query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE username IN (" . simplode($names) . ")");
            while ($value = $_SGLOBAL['db']->fetch_array($query)) {
                $uids[] = $value['uid'];
        if (empty($uids)) {
            $POST['friend'] = 3;
        } else {
            $POST['target_ids'] = implode(',', $uids);
    } elseif ($POST['friend'] == 4) {
        $POST['password'] = trim($POST['password']);
        if ($POST['password'] == '') {
            $POST['friend'] = 0;
    if ($POST['friend'] !== 2) {
        $POST['target_ids'] = '';
    if ($POST['friend'] !== 4) {
        $POST['password'] == '';
    $POST['tag'] = shtmlspecialchars(trim($POST['tag']));
    $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1);
    if ($_SGLOBAL['mobile']) {
        $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1);
    } else {
        $POST['message'] = checkhtml($POST['message']);
        $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1);
        $POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']);
    $message = $POST['message'];
    if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) {
        if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') {
            $classname = shtmlspecialchars(trim(substr($POST['classid'], 4)));
            $classname = getstr($classname, 0, 1, 1, 1);
            if (empty($classname)) {
                $classid = 0;
            } else {
                $classid = getcount('class', array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid']), 'classid');
                if (empty($classid)) {
                    $setarr = array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']);
                    $classid = inserttable('class', $setarr, 1);
        } else {
            $classid = intval($POST['classid']);
    } else {
        $classid = $olds['classid'];
    if ($classid && empty($classname)) {
        $classname = getcount('class', array('classid' => $classid, 'uid' => $_SGLOBAL['supe_uid']), 'classname');
        if (empty($classname)) {
            $classid = 0;
    $blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply']) ? 0 : 1);
    $titlepic = '';
    $uploads = array();
    if (!empty($POST['picids'])) {
        $picids = array_keys($POST['picids']);
        $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE picid IN (" . simplode($picids) . ") AND uid='{$_SGLOBAL['supe_uid']}'");
        while ($value = $_SGLOBAL['db']->fetch_array($query)) {
            if (empty($titlepic) && $value['thumb']) {
                $titlepic = $value['filepath'] . '.thumb.jpg';
                $blogarr['picflag'] = $value['remote'] ? 2 : 1;
            $uploads[$POST['picids'][$value['picid']]] = $value;
        if (empty($titlepic) && $value) {
            $titlepic = $value['filepath'];
            $blogarr['picflag'] = $value['remote'] ? 2 : 1;
    if ($uploads) {
        preg_match_all("/\\<img\\s.*?\\_uchome\\_localimg\\_([0-9]+).+?src\\=\"(.+?)\"/i", $message, $mathes);
        if (!empty($mathes[1])) {
            $searchs = $idsearchs = array();
            $replaces = array();
            foreach ($mathes[1] as $key => $value) {
                if (!empty($mathes[2][$key]) && !empty($uploads[$value])) {
                    $searchs[] = $mathes[2][$key];
                    $idsearchs[] = "_uchome_localimg_{$value}";
                    $replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0);
            if ($searchs) {
                $message = str_replace($searchs, $replaces, $message);
                $message = str_replace($idsearchs, 'uchomelocalimg[]', $message);
        foreach ($uploads as $value) {
            $picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0);
            $message .= "<div class=\"uchome-message-pic\"><img src=\"{$picurl}\"><p>{$value['title']}</p></div>";
    $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\&nbsp\\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message);
    if (empty($ckmessage)) {
        return false;
    $message = addslashes($message);
    if (empty($titlepic)) {
        $titlepic = getmessagepic($message);
        $blogarr['picflag'] = 0;
    $blogarr['pic'] = $titlepic;
    if (checkperm('manageblog')) {
        $blogarr['hot'] = intval($POST['hot']);
    if ($_POST['attachid'] && $_POST['attachpath'] && $_POST['attachname'] && $_POST['attachsize']) {
        $blogarr['attachid'] = $_POST['attachid'];
        $blogarr['attachpath'] = $_POST['attachpath'];
        $blogarr['attachname'] = $_POST['attachname'];
        $blogarr['attachsize'] = $_POST['attachsize'];
    if ($olds['blogid']) {
        $blogid = $olds['blogid'];
        updatetable('blog', $blogarr, array('blogid' => $blogid));
        $fuids = array();
        $blogarr['uid'] = $olds['uid'];
        $blogarr['username'] = $olds['username'];
    } else {
        $blogarr['topicid'] = topic_check($POST['topicid'], 'blog');
        $blogarr['uid'] = $_SGLOBAL['supe_uid'];
        $blogarr['username'] = $_SGLOBAL['supe_username'];
        $blogarr['dateline'] = empty($POST['dateline']) ? $_SGLOBAL['timestamp'] : $POST['dateline'];
        $blogid = inserttable('blog', $blogarr, 1);
    $blogarr['blogid'] = $blogid;
    $fieldarr = array('message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids']);
    $oldtagstr = addslashes(empty($olds['tag']) ? '' : implode(' ', unserialize($olds['tag'])));
    $tagarr = array();
    if ($POST['tag'] != $oldtagstr) {
        if (!empty($olds['tag'])) {
            $oldtags = array();
            $query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'");
            while ($value = $_SGLOBAL['db']->fetch_array($query)) {
                $oldtags[] = $value['tagid'];
            if ($oldtags) {
                $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET blognum=blognum-1 WHERE tagid IN (" . simplode($oldtags) . ")");
                $_SGLOBAL['db']->query("DELETE FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'");
        $tagarr = tag_batch($blogid, $POST['tag']);
        $fieldarr['tag'] = empty($tagarr) ? '' : addslashes(serialize($tagarr));
    if ($olds) {
        updatetable('blogfield', $fieldarr, array('blogid' => $blogid));
    } else {
        $fieldarr['blogid'] = $blogid;
        $fieldarr['uid'] = $blogarr['uid'];
        inserttable('blogfield', $fieldarr);
    if ($isself) {
        if ($olds) {
            $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET updatetime='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'");
        } else {
            if (empty($space['blognum'])) {
                $space['blognum'] = getcount('blog', array('uid' => $space['uid']));
                $blognumsql = "blognum=" . $space['blognum'];
            } else {
                $blognumsql = 'blognum=blognum+1';
            $reward = getreward('publishblog', 0);
            $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$blognumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'");
    if ($POST['makefeed']) {
        include_once S_ROOT . './source/function_feed.php';
        feed_publish($blogid, 'blogid', $olds ? 0 : 1);
    if (empty($olds) && $blogarr['topicid']) {
        topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']);
    if (!empty($__SGLOBAL)) {
        $_SGLOBAL = $__SGLOBAL;
    return $blogarr;
Пример #23
function stream_save($strdata, $albumid = 0, $fileext = 'jpg', $name = '', $title = '', $delsize = 0, $from = false)
    global $_G, $space;
    if ($albumid < 0) {
        $albumid = 0;
    $setarr = array();
    require_once libfile('class/upload');
    $upload = new discuz_upload();
    $filepath = $upload->get_target_dir('album') . $upload->get_target_filename('album') . '.' . $fileext;
    $newfilename = $_G['setting']['attachdir'] . './album/' . $filepath;
    if ($handle = fopen($newfilename, 'wb')) {
        if (fwrite($handle, $strdata) !== FALSE) {
            $size = filesize($newfilename);
            if (empty($space)) {
                $_G['member'] = $space = getspace($_G['uid']);
                $_G['username'] = addslashes($space['username']);
            $_G['member'] = $space;
            $maxspacesize = checkperm('maxspacesize');
            $maxspacesize = $maxspacesize * 1024 * 1024;
            if ($maxspacesize) {
                space_merge($space, 'common_member_count');
                space_merge($space, 'common_member_field_home');
                if ($space['attachsize'] + $size - $delsize > $maxspacesize + $space['addsize']) {
                    return -1;
            if (!$upload->get_image_info($newfilename)) {
                return -2;
            require_once libfile('class/image');
            $image = new image();
            $result = $image->Thumb($newfilename, NULL, 140, 140, 1);
            $thumb = empty($result) ? 0 : 1;
            $pic_remote = 0;
            $album_picflag = 1;
            if (getglobal('setting/ftp/on')) {
                $ftpresult_thumb = 0;
                $ftpresult = ftpupload('album/' . $filepath);
                if ($ftpresult) {
                    if ($thumb) {
                        ftpupload('album/' . $filepath . '.thumb.jpg');
                    $pic_remote = 1;
                    $album_picflag = 2;
                } else {
                    if (getglobal('setting/ftp/mirror')) {
                        @unlink($newfilename . '.thumb.jpg');
                        return -3;
            $filename = addslashes($name ? $name : substr(strrchr($filepath, '/'), 1));
            $title = getstr($title, 200, 1, 1, 1);
            if ($albumid) {
                $albumid = album_creat_by_id($albumid);
            } else {
                $albumid = 0;
            $setarr = array('albumid' => $albumid, 'uid' => $_G['uid'], 'username' => $_G['username'], 'dateline' => $_G['timestamp'], 'filename' => $filename, 'postip' => $_G['clientip'], 'title' => $title, 'type' => $fileext, 'size' => $size, 'filepath' => $filepath, 'thumb' => $thumb, 'remote' => $pic_remote);
            $setarr['picid'] = DB::insert('home_pic', $setarr, 1);
            DB::query("UPDATE " . DB::table('common_member_count') . " SET attachsize=attachsize+{$size} WHERE uid='{$_G['uid']}'");
            include_once libfile('function/stat');
            return $setarr;
        } else {
    return -3;
Пример #24
            $fs['title_data'] = array('touser' => "<a href=\"space.php?uid={$item['uid']}\">{$_SN[$item['uid']]}</a>", 'click' => $click['name']);
            $fs['images'] = array(pic_get($item['filepath'], $item['thumb'], $item['remote']));
            $fs['image_links'] = array("space.php?uid={$item['uid']}&do=album&picid={$item['picid']}");
            $fs['body_general'] = $item['title'];
            $note_type = 'clickpic';
            $q_note = cplang('note_click_pic', array("space.php?uid={$item['uid']}&do=album&picid={$item['picid']}"));
    //Event Publishing
    if (empty($item['friend']) && ckprivacy('click', 1)) {
        feed_add('click', $fs['title_template'], $fs['title_data'], '', array(), $fs['body_general'], $fs['images'], $fs['image_links']);
    //Reward visitors
    getreward('click', 1, 0, $idtype . $id);
    notification_add($item['uid'], $note_type, $q_note);
    showmessage('click_success', $_SGLOBAL['refer']);
} elseif ($_GET['op'] == 'show') {
    foreach ($clicks as $key => $value) {
        $value['clicknum'] = $item["click_{$key}"];
        $value['classid'] = mt_rand(1, 4);
        if ($value['clicknum'] > $maxclicknum) {
            $maxclicknum = $value['clicknum'];
        $clicks[$key] = $value;
    $start = intval($_GET['start']);
    if ($start < 0) {
        $start = 0;
Пример #25
 ssetcookie('loginuser', $username, 31536000);
 ssetcookie('_refer', '');
 if ($invitearr) {
     include_once S_ROOT . './source/function_cp.php';
     invite_update($invitearr['id'], $setarr['uid'], $setarr['username'], $invitearr['uid'], $invitearr['username'], $app);
     if ($invitearr['email'] == $email) {
         updatetable('spacefield', array('emailcheck' => 1), array('uid' => $newuid));
     include_once S_ROOT . './source/function_cp.php';
     if ($app) {
     } else {
 inserttable('spacefield', array('uid' => $newuid), 0, true);
 $activate = array('isactive' => 1);
 updatetable('baseprofile', $activate, array('userid' => $bp[userid]));
 if ($bp['sex'] == '男') {
     $sexc = 1;
 } elseif ($bp['sex'] == '女') {
     $sexc = 2;
 } else {
     $sexc = 0;
 $insertinfo = array('realname' => $bp['realname'], 'sex' => $sexc, 'email' => $email);
 updatetable('spacefield', $insertinfo, array('uid' => $newuid));
Пример #26
     $Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message);
 $Message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $Message);
 $Message = preg_replace("/\\<br.*?\\>/is", ' ', $Message);
 $arr = array("username" => getstr($username, 15, 1, 1, 1), "message" => $Message, "uid" => intval($userid), "replynum" => 0, "mood" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'ip' => getonlineip());
 $newdoid = inserttable('doing', $arr, 1);
 $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $userid, 'username' => $username, 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $Message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid');
 $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']);
 $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']);
 inserttable('feed', $feedarr, 1);
 $setarr = array('note' => $Message);
 if (!empty($_POST['spacenote'])) {
     $reward = getreward('updatemood', 0);
     $setarr['spacenote'] = $Message;
 } else {
     $reward = getreward('doing', 0);
 updatetable('spacefield', $setarr, array('uid' => $userid));
 $setarr = array('updatetime' => "updatetime='{$_SGLOBAL['timestamp']}'", 'lastpost' => "lastpost='{$_SGLOBAL['timestamp']}'");
 $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET " . implode(',', $setarr) . " WHERE uid='{$userid}'");
 if ($newdoid) {
     $arrs = array('flag' => 'success');
 } else {
Пример #27
function IHomeServiceCreateComplain($params = NULL)
    global $_SGLOBAL;
    if ($params['uid']) {
        if ($params['uid'] <= 0) {
            $errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct. the id must be a positive interger.");
            return json_encode($errorMsg);
        } else {
            $sql = "select name,username from " . tname('space') . " where uid = " . $params['uid'];
            $query = $_SGLOBAL['db']->query($sql);
            if ($row = $_SGLOBAL['db']->fetch_array($query)) {
                if ($row['name']) {
                    $params['uname'] = $row['name'];
                } else {
                    $params['uname'] = $row['username'];
            } else {
                $errorMsg = array("errorNo" => "500", "content" => "the uid is not exist");
                return json_encode($errorMsg);
    } else {
        $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter uid.the uid is not exist or the uid is not a positive interger.");
        return json_encode($errorMsg);
    // 忽略department_id_list
    if (!$params['content']) {
        $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter message.the message is not exist or the message is empty.");
        return json_encode($errorMsg);
    if ($params['device'] && !in_array($params['device'], array('web', 'wechat', 'mobile'))) {
        $errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct. the parameter device is out of range.");
        return json_encode($errorMsg);
    $UserIds = array();
    $mood = 0;
    $params['status'] = 'init';
    $params['reply_count'] = 0;
    $params['timestamp'] = time();
    $params['department_list'] = array();
    $params['operation_list'] = array();
    $params['reply_list'] = array();
    preg_match("/\\[em\\:(\\d+)\\:\\]/s", $params['content'], $ms);
    $mood = empty($ms[1]) ? 0 : intval($ms[1]);
    $message = rawurldecode(getstr($params['content'], 1000, 1, 1, 1, 2));
    preg_match_all("/[@](.*)[(]([\\d]+)[)]\\s*/U", $message, $matches, PREG_SET_ORDER);
    # 加上链接
    foreach ($matches as $value) {
        $TmpString = $value[0];
        $TmpName = $value[1];
        $UserId = $value[2];
        $result = $_SGLOBAL['db']->query("select uid,username,name from " . tname('space') . " where uid={$UserId}");
        if ($rs = $_SGLOBAL['db']->fetch_array($result)) {
            $realname = $rs['name'];
            if (empty($realname)) {
                $realname = $rs['username'];
            $params['department_list'][intval($UserId)] = $realname;
            $ValidValue = getAtName($TmpString, $TmpName, $realname);
            $ValidValue = trim($ValidValue);
            $at_friend = "space.php?uid=" . $UserId;
            if ($ValidValue != false) {
                $message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $message);
                if (!in_array($UserId, $UserIds)) {
                    $UserIds[] = $UserId;
    $message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $message);
    $message = preg_replace("/\\<br.*?\\>/is", ' ', $message);
    $params['content'] = $message;
    $setarr = array('uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'from' => $params['uid'], 'message' => $message, 'mood' => $mood, 'ip' => getonlineip(), 'fromdevice' => 'web');
    if ($params['device']) {
        $setarr['fromdevice'] = $params['device'];
    if ($params['ip']) {
        $setarr['ip'] = $params['ip'];
    $newdoid = inserttable('doing', $setarr, 1);
    @(include_once S_ROOT . './data/data_creditrule.php');
    $isComplain = TRUE;
    /*if($isComplain && ($_SGLOBAL['member']['credit'] < $_SGLOBAL['creditrule']['complain']['credit'])){ # 如果积分不够
          $isComplain = FALSE;
          $note = cplang('note_complain_credit_failed', array("space.php?do=doing&doid=$newdoid"));
          notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note);
          $complain_msg = 'note_complain_credit_failed';
    # 这部分可能会出错
    foreach ($UserIds as $UserId) {
        if ($isComplain) {
            $UserDept = isDepartment($UserId, 1);
            if ($UserDept) {
                $nowtime = time();
                $complain = array('doid' => $newdoid, 'uid' => $params['uid'], 'uname' => $params['uname'], 'atdepartment' => $UserDept['department'], 'atdeptuid' => $UserId, 'from' => $params['uid'], 'atuid' => $UserId, 'atuname' => $UserDept['department'], 'isreply' => 0, 'addtime' => $nowtime, 'dateline' => $nowtime, 'expire' => 0, 'times' => 1, 'issendmsg' => 0, 'message' => $message, 'datatime' => date("Ymd", $nowtime));
                inserttable('complain', $complain, 0);
                $note = cplang('note_complain_buchu', array("space.php?do=complain_item&doid={$newdoid}", date('Y-m-d H:i', $nowtime + 3600 * 24)));
                notification_complain_add($UserId, 'complain', $note);
                $complainOK = TRUE;
            } else {
                $note = cplang('note_doing_at', array("space.php?do=doing&doid={$newdoid}"));
                notification_add($UserId, 'atyou', $note);
    if ($complainOK) {
        $note = cplang('note_complain_user_success', array("space.php?do=complain_item&doid={$newdoid}"));
        notification_complain_add($params['uid'], 'complain', $note);
        $complain_msg = 'note_complain_user_success';
        getreward('complain', 1, $params['uid']);
    if (!$complainOK && $isComplain) {
        if ($UserId == '0000') {
            //系统管理员 虽然并没有什么用
            $note = cplang("您好,您的诉求已发送成功。谢谢您对ihome社区的大力支持!", array("space.php?do=doing&doid={$newdoid}"));
            notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note);
        } else {
            $note = cplang('note_complain_user_failed', array("space.php?do=doing&doid={$newdoid}"));
            notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note);
            $complain_msg = 'note_complain_user_failed';
    $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid', 'fromdevice' => 'web', 'ip' => getonlineip());
    if ($params['device']) {
        $feedarr['fromdevice'] = $params['device'];
    if ($params['ip']) {
        $feedarr['ip'] = $params['ip'];
    $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']);
    $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']);
    $feedid = inserttable('feed', $feedarr, 1);
    $setarr = array('note' => $message);
    $reward = getreward('doing', 0);
    updatetable('spacefield', $setarr, array('uid' => $params['uid']));
    return json_encode($params);
Пример #28
        $updo['id'] = intval($updo['id']);
        $updo['grade'] = intval($updo['grade']);
        $setarr = array('doid' => $updo['doid'], 'upid' => $updo['id'], 'uid' => $_G['uid'], 'username' => $_G['username'], 'dateline' => $_G['timestamp'], 'message' => $message, 'ip' => $_G['clientip'], 'grade' => $updo['grade'] + 1);
        if ($updo['grade'] >= 3) {
            $setarr['upid'] = $updo['upid'];
        $newid = C::t('home_docomment')->insert($setarr, true);
        C::t('home_doing')->update_replynum_by_doid(1, $updo['doid']);
        if ($updo['uid'] != $_G['uid']) {
            notification_add($updo['uid'], 'comment', 'doing_reply', array('url' => "home.php?mod=space&uid={$updo['uid']}&do=doing&view=me&doid={$updo['doid']}&highlight={$newid}", 'from_id' => $updo['doid'], 'from_idtype' => 'doid'));
            updatecreditbyaction('comment', 0, array(), 'doing' . $updo['doid']);
        include_once libfile('function/stat');
        C::t('common_member_status')->update($_G['uid'], array('lastpost' => TIMESTAMP), 'UNBUFFERED');
        showmessage('do_success', dreferer(), array('doid' => $updo['doid']));
if ($_GET['op'] == 'delete') {
    if (submitcheck('deletesubmit')) {
        if ($id) {
            $allowmanage = checkperm('managedoing');
            if ($value = C::t('home_docomment')->fetch($id)) {
                $home_doing = C::t('home_doing')->fetch($value['doid']);
                $value['duid'] = $home_doing['uid'];
                if ($allowmanage || $value['uid'] == $_G['uid'] || $value['duid'] == $_G['uid']) {
                    C::t('home_docomment')->update($id, array('uid' => 0, 'username' => '', 'message' => ''));
                    if ($value['uid'] != $_G['uid'] && $value['duid'] != $_G['uid']) {
                        batchupdatecredit('comment', $value['uid'], array(), -1);
Пример #29
                $ValidValue = getAtName($TmpString, $TmpName, $realname);
                $ValidValue = trim($ValidValue);
                $at_friend = "space.php?uid=" . $UserId;
                if ($ValidValue != false) {
                    $Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message);
                    $UserIds[] = $UserId;
        //Add by Add by am 2013-12-07  end
        $arr = array('tid' => intval($Commentid), "tagid" => intval($TagId), "uid" => intval($userid), "username" => getstr($username, 15, 1, 1, 1), "message" => getstr($Message, 5000, 1, 1, 1), "ip" => getonlineip(), 'dateline' => $_SGLOBAL['timestamp'], "isthread" => 0);
        $pid = inserttable('post', $arr, 1);
        $_SGLOBAL['db']->query("UPDATE " . tname('thread') . "\r\n\tSET replynum=replynum+1, lastpost='{$_SGLOBAL['timestamp']}', lastauthor='{$username}', lastauthorid='{$userid}'\r\n\tWHERE tid='{$Commentid}'");
        $note = cplang('note_thread_reply') . " <a href=\"space.php?uid={$userid}&do=thread&id={$Commentid}&pid={$pid}\" target=\"_blank\">{$thread['subject']}</a>";
        notification_add($userid, 'post', $note);
        if ($pid) {
            $arrs = array('flag' => 'success');
        } else {
            $arrs = array('flag' => 'fail');
$result = json_encode($arrs);
$result = preg_replace("#\\\\u([0-9a-f]+)#ie", "iconv('UCS-2BE', 'UTF-8', pack('H4', '\\1'))", $result);
echo $result;
Пример #30
        notification_add($uid, 'friend', 'invite_friend', array('actor' => '<a href="home.php?mod=space&uid=' . $_G['uid'] . '" target="_blank">' . $_G['username'] . '</a>'), 1);
    space_merge($space, 'field_home');
    if (!empty($space['privacy']['feed']['invite'])) {
        require_once libfile('function/feed');
        $tite_data = array('username' => '<a href="home.php?mod=space&uid=' . $_G['uid'] . '">' . $_G['username'] . '</a>');
        feed_add('friend', 'feed_invite', $tite_data, '', array(), '', array(), array(), '', '', '', 0, 0, '', $space['uid'], $space['username']);
    if ($_G['setting']['inviteconfig']['inviteaddcredit']) {
        updatemembercount($_G['uid'], array($_G['setting']['inviteconfig']['inviterewardcredit'] => $_G['setting']['inviteconfig']['inviteaddcredit']));
    if ($_G['setting']['inviteconfig']['invitedaddcredit']) {
        updatemembercount($uid, array($_G['setting']['inviteconfig']['inviterewardcredit'] => $_G['setting']['inviteconfig']['invitedaddcredit']));
    include_once libfile('function/stat');
    updatestat($appid ? 'appinvite' : 'invite');
    showmessage('invite_friend_ok', $jumpurl);
} else {
    dsetcookie('invite_auth', $cookievar, 604800);
space_merge($space, 'count');
space_merge($space, 'field_home');
space_merge($space, 'profile');
$flist = array();
$query = C::t('home_friend')->fetch_all_by_uid($uid, 0, 12, true);
foreach ($query as $value) {
    $value['uid'] = $value['fuid'];
    $value['username'] = $value['fusername'];
    $flist[] = $value;
$jumpurl = urlencode($jumpurl);