/**
* 清空session
*
*/
function clearsession()
{
global $_MooClass, $dbTablePre;
$user = userinfo();
$uid = $user['uid'];
//$_MooClass['MooMySQL']->query("DELETE FROM `{$dbTablePre}membersession` WHERE `uid` = '$uid'");
}
function chatlist()
{
//Set The number of posts you want to see here in the variable $viewableposts
$msg = "";
$viewableposts = 5;
$postsearch = 'SELECT * FROM `chat_list` ORDER BY id ASC';
$postresults = mysql_query($postsearch);
$numposts = mysql_num_rows($postresults);
$startingpost = $numposts - $viewableposts;
$x = 0;
while ($row = mysql_fetch_array($postresults)) {
if ($startingpost > 0 && $x < $startingpost) {
} else {
$userinfo = userinfo($row['user_id']);
$msg .= "<div class='post'><table width=99%>\n";
$msg .= "<tr><td width=450><div class='postusericon'><img src='" . $userinfo['icon'] . "'></div></td>\n";
$msg .= "<td><div class='postuserinfo'>\n";
$msg .= "<div class='postuser'>" . $userinfo['username'] . "</div>";
$msg .= "<div class='postdate'>(" . $row['date_posted'] . ")</div><br>\n";
$msg .= "<div class='postmessage'>" . $row['message'] . "</div>\n";
$msg .= "<div class='postsignature'>" . $userinfo['signature'] . "</div>\n";
$msg .= "</div>\n</td></tr></table></div><br><hr><br>\n";
//$msg.=$message;
}
$x++;
}
$msg .= "<p id='bottom'></p>";
return $msg;
}
function logaction($message,$rawobj=null,$syncobj=null){
$user=userinfo();
$userid=$user['userid']+0;
$logname=$user['login'];
$logname=str_replace("'",'',$logname);
global $db;
$wssid=$_GET['wssid_']+0;
if (!isset($rawobj)) $rawobj=array();
$message=noapos($message);
$cobj=array();
foreach ($rawobj as $k=>$v){
if (is_array($v)) continue;
$v=noapos($v);
$v=str_replace('"','"',$v);
$cobj[$k]=$v;
}
$obj=json_encode($cobj);
$obj=str_replace("\\'","'",$obj);
$now=time();
$query="insert into ".TABLENAME_ACTIONLOG."(userid,logname,logdate,logmessage,rawobj) values ($userid,'$logname','$now','$message','$obj')";
if ($syncobj!=''){
$sid=$wssid;
$rectype=$syncobj['rectype'];
$recid=$syncobj['recid']+0;
$query="insert into ".TABLENAME_ACTIONLOG."(userid,logname,logdate,logmessage,rawobj,sid,rectype,recid) values ($userid,'$logname','$now','$message','$obj',$sid,'$rectype',$recid)";
}
sql_query($query,$db);
}
public function sign()
{
$data = I('post.');
if (!$this->check_verify($data['verify'])) {
$this->error("验证码错误!");
}
$data['password'] = md5($data['password']);
$user = M('user');
if (!$user->create($data)) {
exit($user->getError());
}
if (!($info = $user->where($data)->find())) {
$this->error("邮箱或密码错误!");
}
$data['id'] = $info['id'];
$userinfo = D('Userinfo');
$userinfo->create($data);
$userinfo->save();
$userinfo = $userinfo->where("id='%s'", $data['id'])->find();
if ($data['remember'] == 'on') {
cookie('auth', $userinfo['authcode'], 1296000);
} else {
cookie('auth', $userinfo['authcode']);
}
//缓存用户信息
userinfo($userinfo['authcode'], $data['remember']);
$this->success("登录成功,正在进入首页:)", U('Index/index'));
}
function edit($post)
{
global $DT_PRE, $_username, $DT_TIME, $GROUP, $L;
$item = $this->get_one();
$user = $item['username'] ? userinfo($item['username']) : array();
$gsql = $msql = $csql = '';
$gsql = "edittime={$DT_TIME},editor='{$_username}',status={$post['status']},note='{$post['note']}'";
if ($post['status'] == 1) {
//reject
if ($user) {
if ($post['message'] && $post['content']) {
send_message($user['username'], lang($L['grade_fail'], array($GROUP[$item['groupid']]['groupname'])), nl2br($post['content']));
$gsql .= ",message=1";
}
if ($item['amount']) {
money_add($item['username'], $item['amount']);
money_record($item['username'], $item['amount'], $L['in_site'], 'system', $L['grade_title'], $L['grade_return']);
}
}
} else {
if ($post['status'] == 2) {
//
} else {
if ($post['status'] == 3) {
if ($user) {
if (isset($post['pay']) && $post['pay']) {
if ($user['money'] < $post['pay']) {
return $this->_($L['grade_pass_balance']);
} else {
money_add($item['username'], -$post['pay']);
money_record($item['username'], -$post['pay'], $L['in_site'], 'system', $L['grade_title'], $L['grade_upto'] . $GROUP[$item['groupid']]['groupname']);
}
}
$msql = $csql = "groupid={$item['groupid']},company='{$item['company']}'";
$vip = $GROUP[$item['groupid']]['vip'];
$csql .= ",vip={$vip},vipt={$vip}";
if (isset($post['pay'])) {
$csql .= ",fromtime=" . strtotime($post['fromtime']) . ",totime=" . strtotime($post['totime']) . ",validtime=" . strtotime($post['validtime']) . ",validator='{$post['validator']}',validated={$post['validated']}";
}
if ($post['message'] && $post['content']) {
send_message($user['username'], lang($L['grade_success'], array($GROUP[$item['groupid']]['groupname'])), nl2br($post['content']));
$gsql .= ",message=1";
}
}
}
}
}
$this->db->query("UPDATE {$this->table} SET {$gsql} WHERE itemid={$this->itemid}");
if ($msql) {
$this->db->query("UPDATE {$DT_PRE}member SET {$msql} WHERE userid={$item['userid']}");
}
if ($csql) {
$this->db->query("UPDATE {$DT_PRE}company SET {$csql} WHERE userid={$item['userid']}");
}
return true;
}
function better($content)
{
foreach ($content as $test) {
if (strpos($test, "email") !== FALSE) {
emailinfo($test);
} else {
if (strpos($test, "POST") !== FALSE) {
echo "<br>" . $test;
} else {
userinfo($test);
}
}
}
}
function send_notice($username, $subject, $body)
{
global $DT, $msg, $eml, $sms, $wec;
if (!$username || !$subject || !$body) {
return;
}
if (isset($msg)) {
send_message($username, $subject, $body);
}
if (isset($wec)) {
send_weixin($username, $subject);
}
if (isset($eml) || isset($sms)) {
$user = userinfo($username);
if (isset($eml)) {
send_mail($user['email'], $subject, $body);
}
if (isset($sms)) {
send_sms($user['mobile'], $subject . $DT['sms_sign']);
}
}
}
function update($itemid)
{
global $TYPE;
$item = $this->db->get_one("SELECT * FROM {$this->table} WHERE itemid={$itemid}");
$update = '';
$keyword = $item['title'] . ',' . $TYPE[$item['typeid']] . ',' . strip_tags(cat_pos(get_cat($item['catid']), ','));
if ($keyword != $item['keyword']) {
$keyword = str_replace("//", '', addslashes($keyword));
$update .= ",keyword='{$keyword}'";
} else {
$keyword = str_replace("//", '', addslashes($keyword));
}
$item['itemid'] = $itemid;
$linkurl = itemurl($item);
if ($linkurl != $item['linkurl']) {
$update .= ",linkurl='{$linkurl}'";
}
$member = $item['username'] ? userinfo($item['username']) : array();
if ($member) {
$update .= update_user($member, $item);
}
if ($update) {
$this->db->query("UPDATE {$this->table} SET " . substr($update, 1) . " WHERE itemid={$itemid}");
}
$sorttime = $this->get_sorttime($item['edittime'], $item['vip']);
$this->db->query("REPLACE INTO {$this->table_search} (itemid,catid,areaid,status,content,sorttime) VALUES ({$itemid},'{$item['catid']}','{$item['areaid']}','{$item['status']}','{$keyword}','{$sorttime}')");
}
// All correct?
if ($error != "1") {
// Check 5 min after last submit
if (!isset($_SESSION['ip-sperre_ticket']) || $_SESSION['ip-sperre_ticket'] < time() - 0 * 60) {
// Set time in session
$_SESSION["ip-sperre_ticket"] = time();
$mysqli = getConnected("account");
// SQL Injection Prevention
$f_subject_todb1 = htmlentities($f_subject);
$f_subject_todb = mysqli_real_escape_string($mysqli, $f_subject_todb1);
$f_message_todb1 = htmlentities($f_message);
$f_message_todb = mysqli_real_escape_string($mysqli, $f_message_todb1);
$f_cat_todb = mysqli_real_escape_string($mysqli, $f_cat);
$f_pri_todb = mysqli_real_escape_string($mysqli, $f_pri);
$username = userinfo(id);
$usermail = userinfo(email);
// Generate Ticket ID
$genticketid = genticketid();
// Insert to database
$sql = mysqli_query($mysqli, "INSERT INTO cms_tickets (ticketid, subject, message, priority, ufrom, usermail, status, categorie, time) VALUES ('{$genticketid}','{$f_subject_todb}','{$f_message_todb}','{$f_pri_todb}','{$username}','{$usermail}','1','{$f_cat_todb}',now())");
if ($sql) {
echo "<div class=\"success\"><b>" . lang('TICKETID') . ": " . $genticketid . "</b><br><br>" . lang('TICKET_OK') . "</div>";
} else {
echo "<div class=\"error\">" . lang('TICKET_ERR') . "</div>";
}
mysqli_close($mysqli);
// Set hideform to 1
$hideform = 1;
} else {
echo "<div class=\"error\">" . lang('TICKET_TIME') . "</div>";
}
function update($itemid)
{
global $TYPE;
$item = $this->db->get_one("SELECT * FROM {$this->table} WHERE itemid={$itemid}");
$update = '';
$keyword = $item['title'] . ',' . ($item['tag'] ? $item['tag'] . ',' : '') . $TYPE[$item['typeid']] . ',' . strip_tags(cat_pos(get_cat($item['catid']), ','));
if ($keyword != $item['keyword']) {
$keyword = str_replace("//", '', addslashes($keyword));
$update .= ",keyword='{$keyword}'";
}
$item['itemid'] = $itemid;
$linkurl = itemurl($item);
if ($linkurl != $item['linkurl']) {
$update .= ",linkurl='{$linkurl}'";
}
$member = $item['username'] ? userinfo($item['username']) : array();
if ($member) {
$update .= update_user($member, $item);
}
if ($update) {
$this->db->query("UPDATE {$this->table} SET " . substr($update, 1) . " WHERE itemid={$itemid}");
}
}
$user_status = 3;
} else {
$mid = $moduleid;
if ($_userid) {
if (check_pay($mid, $itemid)) {
$user_status = 3;
} else {
$user_status = 2;
}
} else {
$user_status = 0;
}
}
} else {
$user_status = 3;
}
} else {
$user_status = $_userid ? 1 : 0;
}
if ($_username && $_username == $item['username']) {
$user_status = 3;
}
if ($user_status == 3) {
$member = $item['username'] ? userinfo($item['username']) : array();
}
if ($moduleid == 9 && $item['username']) {
foreach (array('truename', 'telephone', 'mobile', 'address', 'msn', 'qq') as $v) {
$member[$v] = $item[$v];
}
$member['mail'] = $item['email'];
}
}
?>
</ul>
</div>
<div id="charEscribir" style="
margin-top: 20px;
">
<h3 class="widget-title">
<a class="circle-picture mn-ls-user-profile" style="width: 50px;
margin-right: 8px;
vertical-align: middle;" href="#"><img src="<?php
echo userinfo(avatar);
?>
" style="width: 50px; height: 50px" alt=""></a>
<input type="hidden" id="userId" value="<?php
echo $id;
?>
">
<script>
$('#enviarChat').keypress(function(event){
var keycode = (event.keyCode ? event.keyCode : event.which);
if(keycode == '13'){
var id = $("#userId").val();
var contenido = $("#enviarChat").val();
d = 'post/enviarChat.php';
$.post(d, { id: id, contenido: contenido}, function(h){
$items = $r['num'];
}
$pages = pages($items, $page, $pagesize);
$lists = array();
$result = $db->query("SELECT * FROM {$DT_PRE}member_check WHERE {$condition} ORDER BY addtime DESC LIMIT {$offset},{$pagesize}");
while ($r = $db->fetch_array($result)) {
$r['addtime'] = timetodate($r['addtime'], 6);
$lists[] = $r;
}
include tpl('validate_member', $module);
break;
case 'show':
check_name($username) or msg();
$t = $db->get_one("SELECT * FROM {$DT_PRE}member_check WHERE username='******'");
$t or msg('记录不存在');
$U = userinfo($username);
$U or msg('会员不存在');
$E = dstripslashes(unserialize($t['content']));
$userid = $U['userid'];
$content_table = content_table(4, $userid, is_file(DT_CACHE . '/4.part'), $DT_PRE . 'company_data');
$t = $db->get_one("SELECT * FROM {$content_table} WHERE userid={$userid}");
$U['content'] = $t['content'];
if (isset($E['regunit']) && !isset($E['capital'])) {
$E['capital'] = $U['capital'];
}
if ($submit) {
$sql1 = $sql2 = $sql3 = '';
if (in_array('thumb', $pass) && isset($E['thumb'])) {
if ($U['thumb']) {
delete_upload($U['thumb'], $userid);
}
$data_arr = $this->vars['data'];
foreach ($data_arr as $key => $var) {
$this->vars['data_key'] = $key;
$this->vars['data_var'] = $this->vars['data'] = $var;
?>
<tr>
<td><?php
echo $this->vars['data']['id'];
?>
</td>
<td><?php
echo $this->vars['data']['titre'];
?>
</td>
<td><?php
echo userinfo($this->vars['data']['idchef']);
?>
</td>
<td><?php
echo $this->vars['data']['entreprise'];
?>
</td>
<td>Entre <?php
echo $this->vars['data']['datedebut'];
?>
et <?php
echo $this->vars['data']['datefin'];
?>
</td>
<td>
<?php
if (logged_in()) {
if ($userlevel > 0) {
// Administration Naviagtion
echo "<div id=\"admin_box\">";
echo "<div class=\"navleft\">";
echo lang('ADMIN_CENTER');
echo "</div>";
echo "<div class=\"navright\">";
echo "<a class=\"yellow\" href=\"../index.php?page=admin_ticket\">" . lang('ADMIN_NAV_TICEKT_01') . "</a> ";
echo "<a class=\"yellow\" href=\"../index.php?page=admin_ticket&action=search\">" . lang('ADMIN_NAV_TICEKT_02') . "</a> ";
echo "</div>";
echo "</div>";
}
}
// Get username
$username_form = userinfo(id);
// Only access when admin
if (!logged_in()) {
echo "<div class=\"error\">" . lang('ERR_ADMINACCESS1') . "</div>";
} elseif ($userlevel !== "9") {
echo "<div class=\"error\">" . lang('ERR_ADMINACCESS2') . "</div>";
} else {
// Set variables from get parameter
// General variables
$id = $_GET['id'];
$action = $_GET['action'];
$status = $_GET['status'];
$answerIt = $_GET['answerIt'];
$deleteIt = $_GET['deleteIt'];
$updateIt = $_GET['updateIt'];
// Vairables from answer
<?php
include_once "../global.php";
session_start();
$usuario_recibe = $_POST["id"];
$usuario_envia = userinfo(usuario_id);
$contenido = $_POST["contenido"];
if (status() == 1) {
mysql_query("INSERT INTO mensajes (usuario_envia, usuario_recibe, contenido) VALUES ('{$usuario_envia}','{$usuario_recibe}','{$contenido}')") or die(mysql_error());
}
function update($itemid)
{
$item = $this->db->get_one("SELECT * FROM {$this->table} WHERE itemid={$itemid}");
$update = '';
$keyword = $item['title'] . ',' . $item['company'] . ',' . strip_tags(cat_pos(get_cat($item['catid']), ','));
if ($keyword != $item['keyword']) {
$keyword = str_replace("//", '', addslashes($keyword));
$update .= ",keyword='{$keyword}'";
}
$item['itemid'] = $itemid;
$linkurl = itemurl($item);
if ($linkurl != $item['linkurl']) {
$update .= ",linkurl='{$linkurl}'";
}
$member = $item['username'] ? userinfo($item['username']) : array();
if ($member) {
foreach (array('groupid', 'vip', 'validated', 'company', 'areaid', 'truename', 'telephone', 'mobile', 'address', 'qq', 'msn', 'ali', 'skype') as $v) {
if ($item[$v] != $member[$v]) {
$update .= ",{$v}='" . addslashes($member[$v]) . "'";
}
}
if ($item['email'] != $member['mail']) {
$update .= ",email='" . addslashes($member['mail']) . "'";
}
}
if ($update) {
$this->db->query("UPDATE {$this->table} SET " . substr($update, 1) . " WHERE itemid={$itemid}");
}
}
<?php
include_once "../global.php";
session_start();
$id_user = userinfo(usuario_id);
$query = mysql_query("UPDATE notificaciones SET estado = 0 WHERE usuario_recibe = '{$id_user}' ");
function main($user)
{
global $stop, $smilies;
if (!isset($user)) {
include "header.php";
echo '<h2>' . translate("User") . '</h2>';
if ($stop == 99) {
echo '<p class="lead text-danger text-xs-center"><i class="fa fa-exclamation"></i> ' . translate("User not yet allowed by Administrator") . '</p>';
} elseif ($stop) {
echo '<p class="lead text-danger text-xs-center"><i class="fa fa-exclamation"></i> ' . translate("Incorrect Login!") . '</p>';
}
if (!$user) {
echo '
<h3><a href="user.php?op=only_newuser" role="button" title="' . translate("New User") . '"><i class="fa fa-user-plus"></i> ' . translate("New User") . '</a></h3>
<h3><i class="fa fa-sign-in fa-lg"></i> ' . translate("Connection") . '</h3>
<form class="" role="form" action="user.php" method="post" name="userlogin">
<div class="form-group row">
<div class="col-sm-4">
<label for="inputuser" class="form-control-label">' . translate("Nickname") . '</label>
</div>
<div class="col-sm-7">
<input type="text" class="form-control" name="uname" id="inputuser" placeholder="' . translate("Nickname") . '">
</div>
</div>
<div class="form-group row">
<div class="col-sm-4">
<label for="inputPassuser" class="form-control-label">' . translate("Password") . '</label>
</div>
<div class="col-sm-7">
<input type="password" class="form-control" name="pass" id="inputPassuser" placeholder="' . translate("Password") . '">
<span class="help-block small"><a href="user.php?op=forgetpassword" role="button" title="' . translate("Lost your Password?") . '">' . translate("Lost your Password?") . '</a></span>
</div>
</div>
<input type="hidden" name="op" value="login" />
<div class="form-group row">
<div class="col-sm-offset-4 col-sm-7">
<button class="btn btn-primary" type="submit" title="' . translate("Submit") . '"><i class="fa fa-lg fa-check"></i> ' . translate("Submit") . '</button>
</div>
</div>
</form>';
echo "<script type=\"text/javascript\">\n//<![CDATA[\ndocument.userlogin.uname.focus();\n//]]>\n</script>";
// include externe file from modules/include for functions, codes ...
/* if (file_exists("modules/include/user.inc")) {
include ("modules/include/user.inc");
}*/
}
include "footer.php";
} elseif (isset($user)) {
$cookie = cookiedecode($user);
userinfo($cookie[1]);
}
}
case 'print':
//订单打印
if ($td['seller'] != $_username || !$td['logistic']) {
message($L['group_msg_deny']);
}
$td['total'] = $td['amount'];
include template('group_print', $module);
exit;
break;
case 'pay':
//买家付款
if ($td['status'] != 6 || $td['buyer'] != $_username) {
message($L['group_msg_deny']);
}
$money = $td['amount'];
$seller = userinfo($td['seller']);
if ($submit) {
is_payword($_username, $password) or message($L['error_payword']);
money_add($_username, -$money);
money_record($_username, -$money, $L['in_site'], 'system', $L['group_order_credit'], $L['trade_order_id'] . $itemid);
$password = $td['logistic'] ? '' : random(6, '0123456789');
$db->query("UPDATE {$table} SET status=0,password='******',updatetime={$DT_TIME} WHERE itemid={$itemid}");
if ($password) {
//send sms
if ($DT['sms']) {
$message = lang('sms->ord_group', array($td['title'], $itemid, $password));
$message = strip_sms($message);
send_sms($td['buyer_mobile'], $message);
}
//send sms
}
function pass_lost()
{
global $user, $module_name;
if (!is_user($user)) {
include "header.php";
OpenTable();
echo "<center><font class=\"title\"><b>" . _USERREGLOGIN . "</b></font></center>\n";
CloseTable();
echo "<br>\n";
OpenTable();
echo "<b>" . _PASSWORDLOST . "</b><br><br>\n" . "" . _NOPROBLEM . "<br><br>\n" . "<form action=\"modules.php?name={$module_name}\" method=\"post\">\n" . "<table border=\"0\"><tr><td>\n" . "" . _NICKNAME . ":</td><td><input type=\"text\" name=\"username\" size=\"15\" maxlength=\"25\"></td></tr>\n" . "<tr><td>" . _CONFIRMATIONCODE . ":</td><td><input type=\"text\" name=\"code\" size=\"11\" maxlength=\"10\"></td></tr></table><br>\n" . "<input type=\"hidden\" name=\"op\" value=\"mailpasswd\">\n" . "<input type=\"submit\" value=\"" . _SENDPASSWORD . "\"></form><br>\n" . "<center><font class=\"content\">[ <a href=\"modules.php?name={$module_name}\">" . _USERLOGIN . "</a> | <a href=\"modules.php?name={$module_name}&op=new_user\">" . _REGNEWUSER . "</a> ]</font></center>\n";
CloseTable();
include "footer.php";
} elseif (is_user($user)) {
global $cookie;
cookiedecode($user);
userinfo($cookie[1]);
}
}
if (!is_mobile($mobile)) {
message($L['msg_type_mobile']);
}
$areaid = intval($areaid);
$address = dhtmlspecialchars($address);
preg_match("/^[0-9]{6}\$/", $postcode) or $postcode = '';
is_email($email) or $email = '';
is_qq($qq) or $qq = '';
$content = dhtmlspecialchars($content);
$user = $item['username'];
$title = addslashes($item['title']);
$db->query("INSERT INTO {$table_order} (id,user,title,amount,company,truename,mobile,areaid,address,postcode,email,qq,content,addtime,username,ip) VALUES ('{$itemid}','{$user}','{$title}','{$amount}','{$company}','{$truename}','{$mobile}','{$areaid}','{$address}','{$postcode}','{$email}','{$qq}','{$content}','{$DT_TIME}','{$_username}','{$DT_IP}')");
$db->query("UPDATE {$table} SET orders=orders+1 WHERE itemid={$itemid}");
message($L['msg_sign_success'], $linkurl, 3);
} else {
if ($_userid) {
$user = userinfo($_username);
$company = $user['company'];
$truename = $user['truename'];
$mobile = $user['mobile'];
$areaid = $user['areaid'];
$address = $user['address'];
$postcode = $user['postcode'];
$email = $user['mail'] ? $user['mail'] : $user['email'];
$qq = $user['qq'];
} else {
$company = $truename = $mobile = $areaid = $address = $postcode = $email = $qq = '';
}
$head_title = $L['sign_title'];
include template('sign', $module);
}
}
if ($member) {
foreach (array('groupid', 'vip', 'validated', 'company', 'areaid', 'truename', 'telephone', 'mobile', 'address', 'qq', 'msn', 'ali', 'skype') as $v) {
if ($item[$v] != $member[$v]) {
$update .= ",{$v}='" . addslashes($member[$v]) . "'";
}
}
if ($item['email'] != $member['mail']) {
$update .= ",email='{$member['mail']}'";
}
}
}
} else {
$user_status = $_userid ? 1 : 0;
if ($_username && $item['username'] == $_username) {
$member = userinfo($item['username']);
$user_status = 3;
}
}
include DT_ROOT . '/include/update.inc.php';
$seo_file = 'show';
include DT_ROOT . '/include/seo.inc.php';
if ($EXT['wap_enable']) {
$head_mobile = $EXT['wap_url'] . 'index.php?moduleid=' . $moduleid . '&itemid=' . $itemid . ($page > 1 ? '&page=' . $page : '');
}
$template = 'show';
if ($MOD['template_show']) {
$template = $MOD['template_show'];
}
if ($CAT['show_template']) {
$template = $CAT['show_template'];
$chat = $db->get_one("SELECT * FROM {$table} WHERE chatid='{$chatid}'");
if ($chat) {
$db->query("UPDATE {$table} SET forward='{$forward}' WHERE chatid='{$chatid}'");
} else {
$db->query("INSERT INTO {$table} (chatid,fromuser,touser,tgettime,forward) VALUES ('{$chat_id}','{$_username}','{$touser}','0','{$forward}')");
}
$type = 1;
} else {
if (isset($chatid) && is_md5($chatid)) {
$chat = $db->get_one("SELECT * FROM {$table} WHERE chatid='{$chatid}'");
if ($chat && ($chat['touser'] == $_username || $chat['fromuser'] == $_username)) {
if ($chat['touser'] == $_username) {
$user = userinfo($chat['fromuser']);
} else {
if ($chat['fromuser'] == $_username) {
$user = userinfo($chat['touser']);
}
}
$online = online($user['userid']);
$chat_id = $chatid;
$head_name = lang($L['chat_with'], array($user['username']));
$head_title = $head_name . $DT['seo_delimiter'] . $head_title;
} else {
dheader('?action=index');
}
$type = 2;
} else {
$head_name = $L['chat_title'];
$head_title = $head_name . $DT['seo_delimiter'] . $head_title;
$type = 3;
}
pageheader($title);
starttable(-1, $title, 2);
$chset = _CHARSET;
echo '<form method="post" action="' . URL::index("") . '" enctype="multipart/form-data" accept-charset="$chset">';
make_form($edit_profile_form_param, $form_data);
echo <<<EOT
</form>
EOT;
endtable();
if (defined('CPG_NUKE')) {
get_lang("Your_Account");
require_once 'modules/Your_Account/functions.php';
require "modules/Your_Account/userinfo.php";
userinfo(USER_ID);
} else {
pagefooter();
}
/* break;
default :
$sql = "SELECT username, user_email, user_regdate as user_regdate_cp, group_name, " . "user_from, user_interests, user_website, user_occ " . "FROM {$CONFIG['TABLE_USERS']} AS u " . "INNER JOIN {$CONFIG['TABLE_USERGROUPS']} AS g ON user_group_cp = group_id " . "WHERE user_id ='$uid'";
$result = $db->sql_query($sql);
if (!$db->sql_numrows($result)) cpg_die(_ERROR, $lang_register_php['err_unk_user'], __FILE__, __LINE__);
$user_data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$form_data = array('username' => $user_data['username'],
// ### Admin Overview
// ################################
if (!$action) {
echo '<h2>Search User</h2>';
echo '<div id="box">';
echo '<input type="text" id="search_user" placeholder="Enter a min length of 2 characters" maxlength="30" autocomplete="off"> ';
echo '<br>';
echo '<div class="infosearch">';
echo '<div class="info">Showing results for: <b id="search-string"></b></div>';
echo '<ul id="results"></ul>';
echo '</div>';
echo '</div>';
//get the path
$path = "index.php?page=admin_user";
// Get userid
$username = userinfo(id);
// start with pagination
$mysqli = getConnected("account");
$query = mysqli_query($mysqli, "SELECT * FROM account ORDER BY login ASC");
$data_per_page = settinginfo(page_entries);
// Number of entrys to be displayed per page
$p = settinginfo(pagination_entries);
// Number of links in the pagination
// start with pagination
$total = $query->num_rows;
$pages = ceil($total / $data_per_page);
if (empty($_GET['go'])) {
$go = 1;
} elseif ($_GET['go'] <= 0 || $_GET['go'] > $pages) {
$go = 1;
} else {
function admin_notice()
{
global $DT, $MODULE, $db, $moduleid, $file, $itemid, $action, $reason, $msg, $eml, $sms, $wec;
if (!is_array($itemid)) {
return;
}
if (count($itemid) == 0) {
return;
}
$S = array('delete' => '已经被删除', 'check' => '已经通过审核', 'reject' => '没有通过审核', 'onsale' => '已经上架', 'unsale' => '已经下架');
$N = array('honor' => '荣誉资质', 'news' => '公司新闻', 'page' => '公司单页', 'link' => '友情链接');
if (!isset($S[$action])) {
return;
}
if ($moduleid > 4) {
$table = get_table($moduleid);
$name = $MODULE[$moduleid]['name'];
if ($moduleid == 9) {
if ($file == 'resume') {
$table = $db->pre . $file;
$name = '简历';
} else {
$name = '招聘';
}
} else {
if ($moduleid == 16) {
$name = '商品';
}
}
} else {
if (isset($N[$file])) {
$table = $db->pre . $file;
$name = $N[$file];
} else {
return;
}
}
if ($reason == '操作原因') {
$reason = '';
}
$msg = isset($msg) ? 1 : 0;
if (strlen($reason) > 2) {
$msg = 1;
}
$eml = isset($eml) ? 1 : 0;
if ($msg == 0 && $eml == 0) {
return;
}
$sms = isset($sms) ? 1 : 0;
$wec = isset($wec) ? 1 : 0;
if ($msg == 0) {
$sms = $wec = 0;
}
$result = $db->query("SELECT itemid,title,username,linkurl FROM {$table} WHERE itemid IN (" . implode(',', $itemid) . ")");
while ($r = $db->fetch_array($result)) {
$username = $r['username'];
if (!check_name($username)) {
continue;
}
$title = $r['title'];
$linkurl = strpos($r['linkurl'], '://') === false ? $MODULE[$moduleid]['linkurl'] . $r['linkurl'] : $r['linkurl'];
$subject = '您发布的[' . $name . ']' . $title . '(ID:' . $r['itemid'] . ')' . $S[$action];
$body = '尊敬的会员:<br/>您发布的[' . $name . ']<a href="' . $linkurl . '" target="_blank">' . $title . '</a>(ID:' . $r['itemid'] . ')' . $S[$action] . '!<br/>';
if ($reason) {
$body .= '操作原因:<br/>' . $reason . '<br/>';
}
$body .= '如果您对此操作有异议,请及时与网站联系。';
if ($msg) {
send_message($username, $subject, $body);
}
if ($wec) {
send_weixin($username, $subject);
}
if ($eml || $sms) {
$user = userinfo($username);
if ($eml) {
send_mail($user['email'], $subject, $body);
}
if ($sms) {
send_sms($user['mobile'], $subject . $DT['sms_sign']);
}
}
}
}
if ($ali) {
$content .= '<br/>' . $L['content_ali'] . ' ' . im_ali($ali) . ' ' . $ali;
}
if (is_email($msn)) {
$content .= '<br/>' . $L['content_msn'] . ' ' . im_msn($msn) . ' ' . $msn;
}
if ($skype) {
$content .= '<br/>' . $L['content_skype'] . ' ' . im_skype($skype) . ' ' . $skype;
}
if (is_date($date)) {
$content .= '<hr size="1"/>' . lang($L['content_date'], array($date));
}
$message = $L['content_product'] . '<a href="' . $linkurl . '"><strong>' . $item['title'] . '</strong></a><br/>' . $content;
//send sms
if ($DT['sms'] && $_sms && $item['username'] && isset($sendsms)) {
$touser = userinfo($item['username']);
if ($touser['mobile']) {
$message = lang('sms->sms_price', array($item['tag'], $itemid, $truename, $telephone));
$message = strip_sms($message);
$word = word_count($message);
$sms_num = ceil($word / $DT['sms_len']);
if ($sms_num <= $_sms) {
$sms_code = send_sms($touser['mobile'], $message, $word);
if (strpos($sms_code, $DT['sms_ok']) !== false) {
$tmp = explode('/', $sms_code);
if (is_numeric($tmp[1])) {
$sms_num = $tmp[1];
}
if ($sms_num) {
sms_add($_username, -$sms_num);
}
}
}
$menuon = array('4', '2', '1', '0');
switch ($action) {
case 'edit':
$itemid or msg();
$do->itemid = $itemid;
if ($submit) {
if ($do->edit($post)) {
dmsg('操作成功', $forward);
} else {
msg($do->errmsg);
}
} else {
extract($do->get_one());
$user = $username ? userinfo($username) : array();
$addtime = timetodate($addtime);
$edittime = timetodate($edittime);
$fromtime = timetodate($DT_TIME, 3);
$days = $promo_amount && $promo_type == 1 ? $promo_amount : 365;
$totime = timetodate($DT_TIME + 86400 * $days);
$UG = cache_read('group-' . $groupid . '.php');
$fee = $UG['fee'];
$pay = $fee - $amount;
if ($promo_amount) {
$pay = $promo_type == 1 ? 0 : $pay - $promo_amount;
}
include tpl('grade_edit', $module);
}
break;
case 'delete':
<?php
defined('IN_DESTOON') or exit('Access Denied');
isset($file) or $file = 'homepage';
if (isset($update) || isset($preview)) {
$db->cids = 1;
userclean($username);
}
$COM = userinfo($username);
if (!$COM || $COM['groupid'] < 5 && $COM['groupid'] > 1) {
userclean($username);
$head_title = $L['not_company'];
dhttp(404, $DT_BOT);
include template('com-notfound', 'message');
exit;
}
if (!$COM['edittime'] && !$MOD['openall']) {
dhttp(404, $DT_BOT);
$head_title = $COM['company'];
include template('com-opening', 'message');
exit;
}
$domain = $COM['domain'];
if ($domain) {
if (!isset($preview) && !isset($update) && !isset($key)) {
if ($CFG['com_domain']) {
if (strpos($DT_URL, $domain) === false) {
$subdomain = userurl($username);
if (strpos($DT_URL, $subdomain) === false) {
dheader('http://' . $domain . '/');
} else {
