Пример #1
0
if (empty($bbcodeoff) && !$allowhidecode && preg_match("/\\[hide=?\\d*\\].+?\\[\\/hide\\]/is", preg_replace("/(\\[code\\].*\\[\\/code\\])/is", '', $message))) {
    wapmsg('post_hide_nopermission');
}
if (!$adminid && $newbiespan && (!$lastpost || $timestamp - $lastpost < $newbiespan * 3600)) {
    $regdate = $db->result_first("SELECT regdate FROM {$tablepre}members WHERE uid='{$discuz_uid}'");
    if ($timestamp - $regdate < $newbiespan * 3600) {
        showmessage('post_newbie_span');
    }
}
$postcredits = $forum['postcredits'] ? $forum['postcredits'] : $creditspolicy['post'];
$replycredits = $forum['replycredits'] ? $forum['replycredits'] : $creditspolicy['reply'];
$modnewthreads = (!$allowdirectpost || $allowdirectpost == 1) && ($forum['modnewposts'] || !empty($censormod)) ? 1 : 0;
$modnewreplies = (!$allowdirectpost || $allowdirectpost == 2) && ($forum['modnewposts'] == 2 || !empty($censormod)) ? 1 : 0;
$subject = wapconvert($subject);
$subject = $subject != '' ? dhtmlspecialchars(censor(trim($subject))) : '';
$message = wapconvert($message);
$message = $message != '' ? censor(trim($message)) : '';
if ($do == 'newthread') {
    $discuz_action = 195;
    if (empty($forum['allowpost']) && (!$forum['postperm'] && !$allowpost || $forum['postperm'] && !forumperm($forum['postperm']))) {
        wapmsg('post_newthread_nopermission');
    }
    if (empty($subject) || empty($message)) {
        $typeselect = isset($forum['threadtypes']['required']) ? typeselect() : '';
        echo "<p>" . ($typeselect ? "{$lang['type']}{$typeselect}<br />\n" : '') . "{$lang['subject']}<input type=\"text\" name=\"subject\" value=\"\" maxlength=\"80\" format=\"M*m\" /><br />\n" . "{$lang['message']}<input type=\"text\" name=\"message\" value=\"\" format=\"M*m\" /><br />\n" . "<anchor title=\"{$lang['submit']}\">{$lang['submit']}" . "<go method=\"post\" href=\"index.php?action=post&amp;do=newthread&amp;fid={$fid}&amp;sid={$sid}\">\n" . "<postfield name=\"subject\" value=\"\$(subject)\" />\n" . "<postfield name=\"message\" value=\"\$(message)\" />\n" . "<postfield name=\"formhash\" value=\"" . formhash() . "\" />\n" . ($typeselect ? "<postfield name=\"typeid\" value=\"\$(typeid)\" />\n" : '') . "</go></anchor>\n<br /><br />" . "<a href=\"index.php?action=forum&amp;fid={$fid}\">{$lang['return_forum']}</a></p>\n";
    } else {
        if ($post_invalid = checkpost()) {
            wapmsg($post_invalid);
        }
        if ($formhash != formhash()) {
            wapmsg('wap_submit_invalid');
Пример #2
0
function wapconvert($str)
{
    static $chs;
    if ($str != '' && !is_numeric($str) && $GLOBALS['charset'] != 'utf-8') {
        $chs = empty($chs) ? new Chinese('UTF-8', $GLOBALS['charset']) : $chs;
        if (is_array($str)) {
            foreach ($str as $key => $val) {
                $str[$key] = wapconvert($val);
            }
        } else {
            $str = addslashes($chs->Convert(stripslashes($str)));
        }
    }
    return $str;
}
Пример #3
0
			"<postfield name=\"questionid\" value=\"$(questionid)\" />\n".
			"<postfield name=\"answer\" value=\"$(answer)\" />\n".
			"<postfield name=\"username\" value=\"$(username)\" />\n".
			"<postfield name=\"password\" value=\"$(password)\" />\n".
			"<postfield name=\"loginfield\" value=\"$(loginfield)\" />\n".
			"</go></anchor></p>\n";

	} else {
		$loginperm = logincheck();

		if(!$loginperm) {
			wapmsg('login_strike');
		}

		$answer = wapconvert($answer);
		$username = wapconvert($username);

		require_once DISCUZ_ROOT.'./uc_client/client.php';
		$ucresult = uc_user_login($username, $password, $loginfield, 1, $questionid, $answer);
		list($tmp['uid'], $tmp['username'], $tmp['password'], $tmp['email']) = daddslashes($ucresult, 1);
		$ucresult = $tmp;

		if($ucresult['uid'] > 0) {
			$member = $db->fetch_first("SELECT uid AS discuz_uid, username AS discuz_user, password AS discuz_pw, secques AS discuz_secques, groupid, invisible
				FROM {$tablepre}members WHERE uid='$ucresult[uid]'");

			if(!$member) {
				if(!$wapregister) {
					wapmsg('activation_disable');
				}
				$groupinfo = $db->fetch_first("SELECT groupid FROM {$tablepre}usergroups WHERE ".($regverify ? "groupid='8'" : "creditshigher<=".intval($initcredits)." AND ".intval($initcredits)."<creditslower LIMIT 1"));
Пример #4
0
    exit('Access Denied');
}
if ($discuz_uid) {
    wapmsg('login_succeed');
}
if (!$wapregister) {
    wapmsg('register_disable');
}
$groupinfo = $db->fetch_first("SELECT groupid FROM {$tablepre}usergroups WHERE " . ($regverify ? "groupid='8'" : "creditshigher<=" . intval($initcredits) . " AND " . intval($initcredits) . "<creditslower LIMIT 1"));
if (empty($username)) {
    echo "<p>{$lang['register_username']}:<input type=\"text\" name=\"username\" value=\"\" maxlength=\"15\" /><br />\n" . "{$lang['password']}: <input type=\"password\" name=\"password\" value=\"\" /><br />\n" . "{$lang['email']}: <input type=\"text\" name=\"email\" value=\"\" /><br />\n" . ($regverify == 2 ? "{$lang['register_reason']}: <input type=\"text\" name=\"regmessage\" value=\"\" />\n" : '') . "<anchor title=\"{$lang['submit']}\">{$lang['submit']}" . "<go method=\"post\" href=\"index.php?action=register&amp;sid={$sid}\">\n" . "<postfield name=\"username\" value=\"\$(username)\" />\n" . "<postfield name=\"password\" value=\"\$(password)\" />\n" . "<postfield name=\"email\" value=\"\$(email)\" />\n" . "</go></anchor></p>\n";
} else {
    require_once DISCUZ_ROOT . './uc_client/client.php';
    $email = trim(wapconvert($email));
    $username = trim(wapconvert($username));
    $regmessage = dhtmlspecialchars(wapconvert($regmessage));
    if (uc_get_user($username) && !$db->result_first("SELECT uid FROM {$tablepre}members WHERE username='******'")) {
        wapmsg('register_activation_message');
    }
    if ($regstatus == 2) {
        wapmsg('register_invite');
    }
    if ($ipregctrl) {
        foreach (explode("\n", $ipregctrl) as $ctrlip) {
            if (preg_match("/^(" . preg_quote($ctrlip = trim($ctrlip), '/') . ")/", $onlineip)) {
                $ctrlip = $ctrlip . '%';
                $regctrl = 72;
                break;
            }
        }
    } else {
Пример #5
0
     $index['searchtype'] = preg_replace("/^([a-z]+)\\|.*/", "\\1", $index['searchstring']);
     $searchnum = $db->result_first("SELECT COUNT(*) FROM  {$tablepre}threads WHERE tid IN ({$index['tids']}) AND displayorder>='0'");
     if ($searchnum) {
         echo "<p>{$lang['search_result']}<br />";
         $query = $db->query("SELECT * FROM {$tablepre}threads WHERE tid IN ({$index['tids']}) AND displayorder>='0' ORDER BY dateline DESC LIMIT {$start_limit}, {$waptpp}");
         while ($thread = $db->fetch_array($query)) {
             echo "<a href=\"index.php?action=thread&amp;tid={$thread['tid']}\">#" . ++$number . " " . cutstr($thread['subject'], 24) . "</a>({$thread['views']}/{$thread['replies']})<br />\n";
         }
         echo wapmulti($searchnum, $waptpp, $page, "index.php?action=search&amp;searchid={$searchid}&amp;do=submit&amp;sid={$sid}");
         echo '</p>';
     } else {
         wapmsg('search_invalid');
     }
 } else {
     $srchtxt = trim(wapconvert($srchtxt));
     $srchuname = trim(wapconvert($srchuname));
     $srchuid = intval($srchuid);
     $searchstring = 'title|' . addslashes($srchtxt) . '|' . $srchuid . '|' . $srchuname;
     $searchindex = array('id' => 0, 'dateline' => '0');
     $query = $db->query("SELECT searchid, dateline,\r\n\t\t\t('{$searchctrl}'<>'0' AND " . (empty($discuz_uid) ? "useip='{$onlineip}'" : "uid='{$discuz_uid}'") . " AND {$timestamp}-dateline<{$searchctrl}) AS flood,\r\n\t\t\t(searchstring='{$searchstring}' AND expiration>'{$timestamp}') AS indexvalid\r\n\t\t\tFROM {$tablepre}searchindex\r\n\t\t\tWHERE ('{$searchctrl}'<>'0' AND " . (empty($discuz_uid) ? "useip='{$onlineip}'" : "uid='{$discuz_uid}'") . " AND {$timestamp}-dateline<{$searchctrl}) OR (searchstring='{$searchstring}' AND expiration>'{$timestamp}')\r\n\t\t\tORDER BY flood");
     while ($index = $db->fetch_array($query)) {
         if ($index['indexvalid'] && $index['dateline'] > $searchindex['dateline']) {
             $searchindex = array('id' => $index['searchid'], 'dateline' => $index['dateline']);
             break;
         } elseif ($index['flood']) {
             wapmsg('search_ctrl');
         }
     }
     if ($searchindex['id']) {
         $searchid = $searchindex['id'];
     } else {