示例#1
0
function AddGbook($add)
{
    global $empire, $dbtbpre, $level_r, $public_r;
    //验证IP
    eCheckAccessDoIp('gbook');
    CheckCanPostUrl();
    //验证来源
    $bid = (int) getcvar('gbookbid');
    if (empty($bid)) {
        $bid = intval($add[bid]);
    }
    $name = RepPostStr(trim($add[name]));
    $email = RepPostStr($add[email]);
    $call = RepPostStr($add[call]);
    $lytext = RepPostStr($add[lytext]);
    if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) {
        printerror("EmptyGbookname", "history.go(-1)", 1);
    }
    if (!chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    //验证码
    $keyvname = 'checkgbookkey';
    if ($public_r['gbkey_ok']) {
        ecmsCheckShowKey($keyvname, $add['key'], 1);
    }
    $lasttime = getcvar('lastgbooktime');
    if ($lasttime) {
        if (time() - $lasttime < $public_r['regbooktime']) {
            printerror("GbOutTime", "", 1);
        }
    }
    //版面是否存在
    $br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';");
    if (empty($br[bid])) {
        printerror("EmptyGbook", "history.go(-1)", 1);
    }
    //权限
    if ($br['groupid']) {
        $user = islogin();
        if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
            printerror("HaveNotEnLevel", "history.go(-1)", 1);
        }
    }
    $lytime = date("Y-m-d H:i:s");
    $ip = egetip();
    $userid = (int) getcvar('mluserid');
    $username = RepPostVar(getcvar('mlusername'));
    $sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('{$name}','{$email}','{$call}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}');");
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        esetcookie("lastgbooktime", time(), time() + 3600 * 24);
        //设置最后发表时间
        $reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']);
        printerror("AddGbookSuccess", $reurl, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
示例#2
0
function EditSpaceStyle($add,$userid,$username){
	global $empire,$dbtbpre;
	$styleid=intval($add[styleid]);
	if(empty($add[stylename])||empty($add[stylepath])||!$styleid)
	{
		printerror('EmptySpaceStyle','history.go(-1)');
	}
	$add[stylepath]=RepPathStr($add[stylepath]);
	$add['stylepath']=RepPostStr($add['stylepath'],1);
	//目录是否存在
	if(!file_exists("../../space/template/".$add[stylepath]))
	{
		printerror("EmptySpaceStylePath","history.go(-1)");
	}
	$mg=ReturnSpaceStyleMemberGroup($add['membergroup']);
	$sql=$empire->query("update {$dbtbpre}enewsspacestyle set stylename='$add[stylename]',stylepic='$add[stylepic]',stylesay='$add[stylesay]',stylepath='$add[stylepath]',membergroup='$mg' where styleid='$styleid'");
	if($sql)
	{
		insert_dolog("styleid=$styleid&stylename=$add[stylename]");//操作日志
		printerror("EditSpaceStyleSuccess","ListSpaceStyle.php".hReturnEcmsHashStrHref2(1));
	}
	else
	{
		printerror("DbError","history.go(-1)");
	}
}
示例#3
0
function EditMoreport($add, $userid, $username)
{
    global $empire, $dbtbpre;
    $add[pid] = (int) $add[pid];
    if (!$add[pid] || !$add[pname] || !$add[ppath] || !$add[purl] || !$add[postpass] || !$add[tempgid]) {
        printerror("EmptyMoreport", "history.go(-1)");
    }
    //验证权限
    CheckLevel($userid, $username, $classid, "moreport");
    $add['pname'] = hRepPostStr($add['pname'], 1);
    $add['purl'] = RepPostStr($add['purl'], 1);
    $add['ppath'] = RepPostStr($add['ppath'], 1);
    $add['postpass'] = RepPostStr($add['postpass'], 1);
    $add['postfile'] = RepPostStr($add['postfile'], 1);
    $add['tempgid'] = (int) $add['tempgid'];
    $add['mustdt'] = (int) $add['mustdt'];
    $add['isclose'] = (int) $add['isclose'];
    $add['closeadd'] = (int) $add['closeadd'];
    if (!file_exists($add['ppath'] . 'e/config/config.php')) {
        printerror("ErrorMoreportPath", "history.go(-1)");
    }
    $sql = $empire->query("update {$dbtbpre}enewsmoreport set pname='{$add['pname']}',purl='{$add['purl']}',ppath='{$add['ppath']}',postpass='******'postpass']}',postfile='{$add['postfile']}',tempgid='{$add['tempgid']}',mustdt='{$add['mustdt']}',isclose='{$add['isclose']}',closeadd='{$add['closeadd']}' where pid='{$add['pid']}'");
    //更新缓存
    Moreport_UpdateIsclose();
    GetConfig();
    if ($sql) {
        //操作日志
        insert_dolog("pid={$add['pid']}&pname={$add['pname']}");
        printerror("EditMoreportSuccess", "ListMoreport.php" . hReturnEcmsHashStrHref2(1));
    } else {
        printerror("DbError", "history.go(-1)");
    }
}
示例#4
0
function EditSafeInfo($add)
{
    global $empire, $dbtbpre, $public_r;
    $user_r = islogin();
    //是否登陆
    $userid = $user_r[userid];
    $username = $user_r[username];
    $rnd = $user_r[rnd];
    //邮箱
    $email = trim($add['email']);
    if (!$email || !chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    $email = RepPostStr($email);
    //验证原密码
    $oldpassword = RepPostVar($add[oldpassword]);
    if (!$oldpassword) {
        printerror('FailOldPassword', '', 1);
    }
    $add[password] = RepPostVar($add[password]);
    $num = 0;
    $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,password,salt') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}'");
    if (empty($ur['userid'])) {
        printerror('FailOldPassword', '', 1);
    }
    if (!eDoCkMemberPw($oldpassword, $ur['password'], $ur['salt'])) {
        printerror('FailOldPassword', '', 1);
    }
    //邮箱
    $pr = $empire->fetch1("select regemailonly from {$dbtbpre}enewspublic limit 1");
    if ($pr['regemailonly']) {
        $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' and " . egetmf('userid') . "<>'{$userid}' limit 1");
        if ($num) {
            printerror("ReEmailFail", "history.go(-1)", 1);
        }
    }
    //密码
    $a = '';
    $salt = '';
    $truepassword = '';
    if ($add[password]) {
        if ($add[password] !== $add[repassword]) {
            printerror('NotRepassword', 'history.go(-1)', 1);
        }
        $salt = eReturnMemberSalt();
        $password = eDoMemberPw($add[password], $salt);
        $a = "," . egetmf('password') . "='{$password}'," . egetmf('salt') . "='{$salt}'";
        $truepassword = $add[password];
    }
    $sql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('email') . "='{$email}'" . $a . " where " . egetmf('userid') . "='{$userid}'");
    if ($sql) {
        //易通行系统
        DoEpassport('editpassword', $userid, $username, $truepassword, $salt, $email, $user_r['groupid'], '');
        printerror("EditInfoSuccess", "../member/EditInfo/EditSafeInfo.php", 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
示例#5
0
function DoSetSpace($add)
{
    global $empire, $dbtbpre;
    $user_r = islogin();
    //是否登陆
    $spacename = RepPostStr($add['spacename']);
    $spacegg = RepPostStr($add['spacegg']);
    $sql = $empire->query("update {$dbtbpre}enewsmemberadd set spacename='{$spacename}',spacegg='{$spacegg}' where userid='{$user_r['userid']}' limit 1");
    if ($sql) {
        printerror('SetSpaceSuccess', 'SetSpace.php', 1);
    } else {
        printerror('DbError', '', 1);
    }
}
示例#6
0
function ReMemberGbook($add)
{
    global $empire, $dbtbpre;
    $user_r = islogin();
    //ÊÇ·ñµÇ½
    $gid = intval($add['gid']);
    if (!$gid) {
        printerror("EmptyReMemberGbook", "history.go(-1)", 1);
    }
    $retext = RepPostStr($add['retext']);
    $sql = $empire->query("update {$dbtbpre}enewsmembergbook set retext='{$retext}' where gid='{$gid}' and userid='{$user_r['userid']}'");
    if ($sql) {
        printerror("ReMemberGbookSuccess", $_SERVER['HTTP_REFERER'], 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
示例#7
0
function AddMemberFeedback($add)
{
    global $empire, $dbtbpre;
    //验证码
    $keyvname = 'checkspacefbkey';
    ecmsCheckShowKey($keyvname, $add['key'], 1);
    //用户
    $userid = intval($add['userid']);
    $ur = $empire->fetch1("select " . egetmf('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
    if (empty($ur['userid'])) {
        printerror("NotUsername", "", 1);
    }
    //发表者
    $uid = (int) getcvar('mluserid');
    if ($uid) {
        $uname = RepPostVar(getcvar('mlusername'));
    } else {
        $uid = 0;
        $uname = '';
    }
    $uname = RepPostStr($uname);
    $name = RepPostStr($add['name']);
    $company = RepPostStr($add['company']);
    $phone = RepPostStr($add['phone']);
    $fax = RepPostStr($add['fax']);
    $email = RepPostStr($add['email']);
    $address = RepPostStr($add['address']);
    $zip = RepPostStr($add['zip']);
    $title = RepPostStr($add['title']);
    $ftext = RepPostStr($add['ftext']);
    if (!trim($name) || !trim($title) || !trim($ftext)) {
        printerror("EmptyMemberFeedback", "history.go(-1)", 1);
    }
    $addtime = date("Y-m-d H:i:s");
    $ip = egetip();
    $eipport = egetipport();
    $sql = $empire->query("insert into {$dbtbpre}enewsmemberfeedback(name,company,phone,fax,email,address,zip,title,ftext,userid,ip,uid,uname,addtime,eipport) values('{$name}','{$company}','{$phone}','{$fax}','{$email}','{$address}','{$zip}','{$title}','{$ftext}',{$userid},'{$ip}',{$uid},'{$uname}','{$addtime}','{$eipport}');");
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        printerror("AddMemberFeedbackSuccess", $_SERVER['HTTP_REFERER'], 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
示例#8
0
文件: msgfun.php 项目: novnan/meiju
function AddMsg($add)
{
    global $empire, $level_r, $dbtbpre;
    $user = islogin();
    $title = RepPostStr(trim($add['title']));
    $to_username = RepPostVar(trim($add['to_username']));
    $msgtext = RepPostStr($add['msgtext']);
    if (empty($title) || !trim($msgtext) || empty($to_username)) {
        printerror("EmptyMsg", "", 1);
    }
    if ($user['username'] == $to_username) {
        printerror("MsgToself", "", 1);
    }
    //字数
    $len = strlen($msgtext);
    if ($len > $level_r[$user[groupid]][msglen]) {
        printerror("MoreMsglen", "", 1);
    }
    //接收方是否存在
    $r = $empire->fetch1("select " . eReturnSelectMemberF('userid,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$to_username}' limit 1");
    if (!$r['userid']) {
        printerror("MsgNotToUsername", "", 1);
    }
    //对方短消息是否满
    $mnum = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsqmsg where to_username='******'");
    if ($mnum + 1 > $level_r[$r[groupid]][msgnum]) {
        printerror("UserMoreMsgnum", "", 1);
    }
    $msgtime = date("Y-m-d H:i:s");
    $sql = $empire->query("insert into {$dbtbpre}enewsqmsg(title,msgtext,haveread,msgtime,to_username,from_userid,from_username,isadmin,issys) values('" . addslashes($title) . "','" . addslashes($msgtext) . "',0,'{$msgtime}','{$to_username}','{$user['userid']}','{$user['username']}',0,0);");
    $newhavemsg = eReturnSetHavemsg($user['havemsg'], 0);
    $usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('havemsg') . "='{$newhavemsg}' where " . egetmf('username') . "='{$to_username}' limit 1");
    if ($sql) {
        printerror("AddMsgSuccess", "../member/msg/", 1);
    } else {
        printerror("DbError", "", 1);
    }
}
示例#9
0
function PayApiShopPay($ddid, $money, $paybz, $orderid, $userid, $username, $ecms_paytype)
{
    global $empire, $dbtbpre;
    //验证是否重复提交
    $orderid = RepPostVar($orderid);
    $num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewspayrecord where orderid='{$orderid}' limit 1");
    if ($num) {
        printerror('您已成功购买此订单', '../../ShopSys/buycar/', 1, 0, 1);
    }
    $ddr = PayApiShopDdMoney($ddid);
    if ($money == $ddr['tmoney']) {
        $money = (double) $money;
        $sql = $empire->query("update {$dbtbpre}enewsshopdd set haveprice=1 where ddid='{$ddid}'");
        $posttime = date("Y-m-d H:i:s");
        $payip = egetip();
        $userid = (int) $ddr[userid];
        $username = $ddr[username] ? $ddr[username] : $ddr[truename];
        $username = RepPostStr($username);
        $paybz = str_replace('[!--ddno--]', $ddr[ddno], $paybz);
        $empire->query("insert into {$dbtbpre}enewspayrecord(id,userid,username,orderid,money,posttime,paybz,type,payip) values(NULL,'{$userid}','{$username}','{$orderid}','{$money}','{$posttime}','{$paybz}','{$ecms_paytype}','{$payip}');");
    }
    printerror('您已成功购买此订单', '../../ShopSys/buycar/', 1, 0, 1);
}
示例#10
0
文件: wapfun.php 项目: novnan/meiju
function DoWapListPage($num, $line, $page, $search)
{
    if (empty($num)) {
        return '';
    }
    $str = '';
    $pagenum = ceil($num / $line);
    $search = RepPostStr($search, 1);
    $phpself = eReturnSelfPage(0);
    if ($page) {
        $str .= "<a href=\"" . $phpself . "?page=0" . $search . "\">首页</a>&nbsp;";
    }
    if ($page) {
        $str .= "<a href=\"" . $phpself . "?page=" . ($page - 1) . $search . "\">上一页</a>&nbsp;";
    }
    if ($page != $pagenum - 1) {
        $str .= "<a href=\"" . $phpself . "?page=" . ($page + 1) . $search . "\">下一页</a>&nbsp;";
    }
    if ($page != $pagenum - 1) {
        $str .= "<a href=\"" . $phpself . "?page=" . ($pagenum - 1) . $search . "\">尾页</a>&nbsp;";
    }
    return $str;
}
示例#11
0
function EditSafeInfo($add)
{
    global $empire, $user_tablename, $public_r, $user_userid, $user_username, $user_password, $user_dopass, $user_email, $user_salt, $user_saltnum, $dbtbpre, $user_group;
    $user_r = islogin();
    //是否登陆
    $userid = $user_r[userid];
    $username = $user_r[username];
    $rnd = $user_r[rnd];
    //邮箱
    $email = trim($add['email']);
    if (!$email || !chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    $email = RepPostStr($email);
    $email = doUtfAndGbk($email, 0);
    //验证原密码
    $oldpassword = RepPostVar($add[oldpassword]);
    if (!$oldpassword) {
        printerror('FailOldPassword', '', 1);
    }
    $a = '';
    $sa = '';
    $add[password] = RepPostVar($add[password]);
    $password = doUtfAndGbk($add[password], 0);
    $oldpassword = doUtfAndGbk($oldpassword, 0);
    if (empty($user_dopass)) {
        $password = md5($password);
        $oldpassword = md5($oldpassword);
    } elseif ($user_dopass == 2) {
        $salt = make_password($user_saltnum);
        $password = md5(md5($password) . $salt);
        $sa = "," . $user_salt . "='{$salt}'";
    } elseif ($user_dopass == 3) {
        $password = substr(md5($password), 8, 16);
        $oldpassword = substr(md5($oldpassword), 8, 16);
    }
    $num = 0;
    //双重md5
    if ($user_dopass == 2) {
        $ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . " from " . $user_tablename . " where " . $user_userid . "='{$userid}'");
        $oldpassword = md5(md5($oldpassword) . $ur[$user_salt]);
        $num = 0;
        if ($oldpassword == $ur[$user_password]) {
            $num = 1;
        }
        if (empty($ur[$user_userid])) {
            $num = 0;
        }
    } else {
        $num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_userid . "='{$userid}' and " . $user_password . "='" . $oldpassword . "'");
    }
    if (!$num) {
        printerror('FailOldPassword', '', 1);
    }
    //邮箱
    $pr = $empire->fetch1("select regemailonly from {$dbtbpre}enewspublic limit 1");
    if ($pr['regemailonly']) {
        $num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_email . "='{$email}' and " . $user_userid . "<>'{$userid}' limit 1");
        if ($num) {
            printerror("ReEmailFail", "history.go(-1)", 1);
        }
    }
    //密码
    if ($add[password]) {
        if ($add[password] !== $add[repassword]) {
            printerror('NotRepassword', 'history.go(-1)', 1);
        }
        $a = "," . $user_password . "='" . $password . "'" . $sa;
    }
    $sql = $empire->query("update " . $user_tablename . " set " . $user_email . "='{$email}'" . $a . " where " . $user_userid . "='{$userid}'");
    if ($sql) {
        printerror("EditInfoSuccess", "../member/EditInfo/EditSafeInfo.php", 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
示例#12
0
$page = RepPIntvar($page);
$start = 0;
$line = 12;
//每页显示条数
$page_line = 12;
//每页显示链接数
$offset = $page * $line;
//总偏移量
//搜索
$search = '';
$search .= $ecms_hashur['ehref'];
$and = '';
if ($_GET['sear']) {
    $keyboard = RepPostVar2($_GET['keyboard']);
    if ($keyboard) {
        $show = RepPostStr($_GET['show'], 1);
        if ($show == 1) {
            $and .= " where gbtext like '%{$keyboard}%'";
        } elseif ($show == 2) {
            $and .= " where retext like '%{$keyboard}%'";
        } elseif ($show == 3) {
            $and .= " where uname like '%{$keyboard}%'";
        } elseif ($show == 4) {
            $and .= " where userid='{$keyboard}'";
        } elseif ($show == 5) {
            $and .= " where ip like '%{$keyboard}%'";
        }
        $search .= "&sear=1&keyboard={$keyboard}&show={$show}";
    }
}
$query = "select gid,isprivate,uid,uname,ip,addtime,gbtext,retext,userid,eipport from {$dbtbpre}enewsmembergbook" . $and;
示例#13
0
function DelMoreGbook($add, $logininid, $loginin)
{
    global $empire, $dbtbpre;
    CheckLevel($logininid, $loginin, $classid, "gbook");
    //验证权限
    //变量处理
    $name = RepPostStr($add['name']);
    $ip = RepPostVar($add['ip']);
    $email = RepPostStr($add['email']);
    $mycall = RepPostStr($add['mycall']);
    $lytext = RepPostStr($add['lytext']);
    $startlyid = (int) $add['startlyid'];
    $endlyid = (int) $add['endlyid'];
    $startlytime = RepPostVar($add['startlytime']);
    $endlytime = RepPostVar($add['endlytime']);
    $checked = (int) $add['checked'];
    $ismember = (int) $add['ismember'];
    $bid = (int) $add['bid'];
    $havere = (int) $add['havere'];
    $where = '';
    //留言分类
    if ($bid) {
        $where .= " and bid='{$bid}'";
    }
    //是否会员
    if ($ismember) {
        if ($ismember == 1) {
            $where .= " and userid=0";
        } else {
            $where .= " and userid>0";
        }
    }
    //留言ID
    if ($endlyid) {
        $where .= ' and lyid BETWEEN ' . $startlyid . ' and ' . $endlyid;
    }
    //发布时间
    if ($startlytime && $endlytime) {
        $where .= " and lytime>='{$startlytime}' and lytime<='{$endlytime}'";
    }
    //是否审核
    if ($checked) {
        $checkval = $checked == 1 ? 0 : 1;
        $where .= " and checked='{$checkval}'";
    }
    //是否回复
    if ($havere) {
        if ($havere == 1) {
            $where .= " and retext<>''";
        } else {
            $where .= " and retext=''";
        }
    }
    //姓名
    if ($name) {
        $where .= " and name like '%{$name}%'";
    }
    //发布IP
    if ($ip) {
        $where .= " and ip like '%{$ip}%'";
    }
    //邮箱
    if ($email) {
        $where .= " and email like '%{$email}%'";
    }
    //电话
    if ($mycall) {
        $where .= " and `mycall` like '%{$mycall}%'";
    }
    //留言内容
    if ($lytext) {
        $where .= " and lytext like '%{$lytext}%'";
    }
    if (!$where) {
        printerror("EmptyDelMoreGbook", "history.go(-1)");
    }
    $where = substr($where, 5);
    $sql = $empire->query("delete from {$dbtbpre}enewsgbook where " . $where);
    insert_dolog("");
    //操作日志
    printerror("DelGbookSuccess", "DelMoreGbook.php" . hReturnEcmsHashStrHref2(1));
}
示例#14
0
文件: ListDd.php 项目: novnan/meiju
$search = $ecms_hashur['ehref'];
$page = (int) $_GET['page'];
$page = RepPIntvar($page);
$start = 0;
$line = 25;
//每页显示条数
$page_line = 18;
//每页显示链接数
$offset = $page * $line;
//总偏移量
$totalquery = "select count(*) as total from {$dbtbpre}enewsshopdd";
$query = "select ddid,ddno,ddtime,userid,username,outproduct,haveprice,checked,truename,psid,psname,pstotal,alltotal,payfsid,payfsname,payby,alltotalfen,fp,fptotal,pretotal from {$dbtbpre}enewsshopdd";
$add = '';
$and = ' where ';
//搜索
$sear = RepPostStr($_GET['sear'], 1);
if ($sear) {
    $keyboard = $_GET['keyboard'];
    $keyboard = RepPostVar2($keyboard);
    if ($keyboard) {
        $show = (int) $_GET['show'];
        if ($show == 1) {
            $add = $and . "ddno like '%{$keyboard}%'";
        } elseif ($show == 2) {
            $add = $and . "username like '%{$keyboard}%'";
        } elseif ($show == 3) {
            $add = $and . "truename like '%{$keyboard}%'";
        } elseif ($show == 4) {
            $add = $and . "email like '%{$keyboard}%'";
        } else {
            $add = $and . "address like '%{$keyboard}%'";
示例#15
0
function AddDd($add)
{
    global $empire, $user_tablename, $user_money, $user_userid, $user_userfen, $user_rnd, $public_r, $dbtbpre;
    //验证权限
    ShopCheckAddDdGroup();
    //购物车无内容
    if (!getcvar('mybuycar')) {
        printerror("EmptyBuycar", "history.go(-1)", 1);
    }
    $add[ddno] = RepPostVar($add[ddno]);
    $add[truename] = RepPostStr($add[truename]);
    $add[oicq] = RepPostStr($add[oicq]);
    $add[msn] = RepPostStr($add[msn]);
    $add[call] = RepPostStr($add[call]);
    $add[phone] = RepPostStr($add[phone]);
    $add[email] = RepPostStr($add[email]);
    $add[address] = RepPostStr($add[address]);
    $add[zip] = RepPostStr($add[zip]);
    $add[bz] = RepPostStr($add[bz]);
    $add[g_truename] = RepPostStr($add[g_truename]);
    $add[g_oicq] = RepPostStr($add[g_oicq]);
    $add[g_msn] = RepPostStr($add[g_msn]);
    $add[g_call] = RepPostStr($add[g_call]);
    $add[g_phone] = RepPostStr($add[g_phone]);
    $add[g_email] = RepPostStr($add[g_email]);
    $add[g_address] = RepPostStr($add[g_address]);
    $add[g_zip] = RepPostStr($add[g_zip]);
    $add[fptt] = RepPostStr($add[fptt]);
    $add[fp] = (int) $add[fp];
    $add[psid] = (int) $add[psid];
    $add[payfsid] = (int) $add[payfsid];
    if (!$add[truename] || !$add[call] || !$add[email] || !$add[address] || !$add[g_truename] || !$add[g_call] || !$add[g_address] || !$add[g_email] || !$add[psid] || !$add[payfsid]) {
        printerror("MustEnterSelect", "history.go(-1)", 1);
    }
    $mess = "AddDdSuccess";
    $haveprice = 0;
    $payby = 0;
    //返回购物车存放格式
    $buyr = ReturnBuycardd();
    $alltotal = $buyr[2];
    $alltotalfen = $buyr[1];
    $buycar = $buyr[3];
    //发票
    $fptotal = 0;
    if ($add[fp]) {
        $fptotal = $alltotal * ($public_r[fpnum] / 100);
    }
    //配送方式
    $pr = $empire->fetch1("select pid,pname,price from {$dbtbpre}enewsshopps where pid='{$add['psid']}'");
    if (empty($pr[pid])) {
        printerror("NotPsid", "history.go(-1)", 1);
    }
    //支付方式
    $payr = $empire->fetch1("select payid,payname,payurl,userpay,userfen from {$dbtbpre}enewsshoppayfs where payid='{$add['payfsid']}'");
    if (empty($payr[payid])) {
        printerror("NotPayfsid", "history.go(-1)", 1);
    }
    //取得用户信息
    $userid = (int) getcvar('mluserid');
    $username = RepPostVar(getcvar('mlusername'));
    if ($userid) {
        $rnd = RepPostVar(getcvar('mlrnd'));
        $user = $empire->fetch1("select " . $user_userid . "," . $user_money . "," . $user_userfen . " from " . $user_tablename . " where " . $user_userid . "='{$userid}' and " . $user_rnd . "='{$rnd}' limit 1");
        if (!$user[$user_userid]) {
            printerror("MustSingleUser", "history.go(-1)", 1);
        }
    }
    $location = "../ShopSys/buycar/";
    //直接扣点
    if ($payr[userfen]) {
        if ($buyr[0]) {
            printerror("NotProductForBuyfen", "history.go(-1)", 1);
        } else {
            if ($userid) {
                $buyallfen = $alltotalfen + $pr[price];
                if ($buyallfen > $user[$user_userfen]) {
                    printerror("NotEnoughFenBuy", "history.go(-1)", 1);
                }
                //扣除点数
                $usql = $empire->query("update " . $user_tablename . " set " . $user_userfen . "=" . $user_userfen . "-" . $buyallfen . " where " . $user_userid . "='{$userid}'");
                if ($usql) {
                    $mess = "AddDdSuccessa";
                    $payby = 1;
                    $haveprice = 1;
                }
            } else {
                printerror("NotLoginTobuy", "history.go(-1)", 1);
            }
        }
    } elseif ($payr[userpay]) {
        if ($userid) {
            $buyallmoney = $alltotal + $pr[price] + $fptotal;
            if ($buyallmoney > $user[$user_money]) {
                printerror("NotEnoughMoneyBuy", "history.go(-1)", 1);
            }
            //扣除金额
            $usql = $empire->query("update " . $user_tablename . " set " . $user_money . "=" . $user_money . "-" . $buyallmoney . " where " . $user_userid . "='{$userid}'");
            if ($usql) {
                $mess = "AddDdSuccessa";
                $payby = 2;
                $haveprice = 1;
            }
        } else {
            printerror("NotLoginTobuy", "history.go(-1)", 1);
        }
    } elseif ($payr[payurl]) {
        $mess = "AddDdAndToPaySuccess";
        $location = $payr[payurl];
    } else {
    }
    $ddtime = date("Y-m-d H:i:s");
    $pr[price] = (double) $pr[price];
    $alltotal = (double) $alltotal;
    $alltotalfen = (double) $alltotalfen;
    $fptotal = (double) $fptotal;
    $sql = $empire->query("insert into {$dbtbpre}enewsshopdd(ddno,ddtime,userid,username,outproduct,haveprice,checked,truename,oicq,msn,email,`call`,phone,address,zip,bz,g_truename,g_oicq,g_msn,g_email,g_call,g_phone,g_address,g_zip,buycar,psid,psname,pstotal,alltotal,payfsid,payfsname,payby,alltotalfen,fp,fptt,fptotal) values('{$add['ddno']}','{$ddtime}',{$userid},'{$username}',0,'{$haveprice}',0,'{$add['truename']}','{$add['oicq']}','{$add['msn']}','{$add['email']}','{$add['call']}','{$add['phone']}','{$add['address']}','{$add['zip']}','{$add['bz']}','{$add['g_truename']}','{$add['g_oicq']}','{$add['g_msn']}','{$add['g_email']}','{$add['g_call']}','{$add['g_phone']}','{$add['g_address']}','{$add['g_zip']}','" . addslashes($buycar) . "','{$add['psid']}','{$pr['pname']}',{$pr['price']},{$alltotal},'{$add['payfsid']}','{$payr['payname']}','{$payby}',{$alltotalfen},{$add['fp']},'{$add['fptt']}',{$fptotal});");
    if ($sql) {
        $ddid = $empire->lastid();
        $set = esetcookie("paymoneyddid", $ddid, 0);
        SetBuycar("");
        printerror($mess, $location, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
示例#16
0
文件: PushToSp.php 项目: novnan/meiju
$add = '';
//分类
$cid = (int) $_GET['cid'];
if ($cid) {
    $add .= " and cid='{$cid}'";
}
//栏目
$classid = (int) $_GET['classid'];
if ($classid) {
    $classwhere = ReturnClass($class_r[$classid][featherclass]);
    $add .= " and (classid=0 or classid='{$classid}' or (" . $classwhere . "))";
}
//表ID
$tid = (int) $_GET['tid'];
//ID
$ids = RepPostStr($_GET['id'], 1);
if (!$ids) {
    echo "<script>alert('请选择信息');window.close();</script>";
    exit;
}
$query = "select spid,spname,varname,sppic,spsay from {$dbtbpre}enewssp where sptype=2 and isclose=0 and (cladd=0 or (cladd=1 and (groupid like '%," . $lur[groupid] . ",%' or userclass like '%," . $lur[classid] . ",%' or username like '%," . $lur[username] . ",%')))" . $add . " order by spid desc";
$sql = $empire->query($query);
//分类
$scstr = "";
$scsql = $empire->query("select classid,classname from {$dbtbpre}enewsspclass order by classid");
while ($scr = $empire->fetch($scsql)) {
    $select = "";
    if ($scr[classid] == $cid) {
        $select = " selected";
    }
    $scstr .= "<option value='" . $scr[classid] . "'" . $select . ">" . $scr[classname] . "</option>";
示例#17
0
<?php

require "../../class/connect.php";
require "../../class/q_functions.php";
require "../../class/db_sql.php";
require "../../member/class/user.php";
require "../class/ShopSysFun.php";
$link = db_connect();
$empire = new mysqlquery();
$editor = 1;
eCheckCloseMods('shop');
//关闭模块
$user = islogin();
$enews = RepPostStr($_GET['enews'], 1);
if (empty($enews)) {
    $enews = "AddAddress";
}
$r = array();
$addressid = (int) $_GET['addressid'];
if ($enews == 'EditAddress') {
    $r = $empire->fetch1("select * from {$dbtbpre}enewsshop_address where addressid='{$addressid}' and userid='{$user['userid']}' limit 1");
}
//导入模板
require ECMS_PATH . DASHBOARD . '/template/ShopSys/AddAddress.php';
db_close();
$empire = null;
示例#18
0
function EditFriendClass($add)
{
    global $empire, $dbtbpre;
    $add[cid] = (int) $add[cid];
    if (!trim($add[cname]) || !$add[cid]) {
        printerror('EmptyFavaClassname', 'history.go(-1)', 1);
    }
    //是否登陆
    $user_r = islogin();
    $add[cname] = RepPostStr($add[cname]);
    $sql = $empire->query("update {$dbtbpre}enewshyclass set cname='{$add['cname']}' where cid='{$add['cid']}' and userid='{$user_r['userid']}'");
    if ($sql) {
        printerror('EditFavaClassSuccess', '../member/friend/FriendClass/', 1);
    } else {
        printerror('DbError', 'history.go(-1)', 1);
    }
}
示例#19
0
文件: DoRehtml.php 项目: novnan/meiju
//验证用户
$lur = is_login();
$logininid = $lur['userid'];
$loginin = $lur['username'];
$loginrnd = $lur['rnd'];
$loginlevel = $lur['groupid'];
$loginadminstyleid = $lur['adminstyleid'];
//ehash
$ecms_hashur = hReturnEcmsHashStrAll();
$add = $_GET;
$havehtml = (int) $add['havehtml'];
$add[classid] = RepPostVar($add[classid]);
$add[from] = RepPostStrUrl($add[from]);
$add[retype] = RepPostStr($add[retype], 1);
$add[startday] = RepPostStr($add[startday], 1);
$add[endday] = RepPostStr($add[endday], 1);
$add[startid] = RepPostVar($add[startid]);
$add[endid] = RepPostVar($add[endid]);
$tbname = $add['tbname'];
$count = count($tbname);
//刷新所有表
if (!$count) {
    $j = 0;
    $tsql = $empire->query("select tbname from {$dbtbpre}enewstable where intb=0 order by tid");
    while ($tr = $empire->fetch($tsql)) {
        $tbname[$j] = $tr[tbname];
        $j++;
    }
    $count = count($tbname);
}
esetcookie("retablenum", $count, 0, 1);
示例#20
0
function AddError($add)
{
    global $empire, $class_r, $dbtbpre;
    CheckCanPostUrl();
    //验证来源
    $id = (int) $add['id'];
    $classid = (int) $add['classid'];
    if (!$classid || !$id || !trim($add[errortext])) {
        printerror("EmptyErrortext", "history.go(-1)", 1);
    }
    //返回标题链接
    if (empty($class_r[$classid][tbname])) {
        printerror("ErrorUrl", "history.go(-1)", 1);
    }
    $r = $empire->fetch1("select isurl,titleurl,classid,id from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' limit 1");
    if (empty($r[id]) || $r['classid'] != $classid) {
        printerror("ErrorUrl", "history.go(-1)", 1);
    }
    $cid = (int) $add[cid];
    $titleurl = sys_ReturnBqTitleLink($r);
    $email = RepPostStr($add[email]);
    $ip = egetip();
    $errortext = RepPostStr($add[errortext]);
    $errortime = date("Y-m-d H:i:s");
    $sql = $empire->query("insert into {$dbtbpre}enewsdownerror(id,errortext,errorip,errortime,email,classid,cid) values({$id},'" . addslashes($errortext) . "','{$ip}','{$errortime}','" . addslashes($email) . "',{$classid},'{$cid}');");
    if ($sql) {
        printerror("AddErrorSuccess", $titleurl, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
示例#21
0
}
$search = $ecms_hashur['ehref'];
$line = 25;
$page_line = 12;
$page = (int) $_GET['page'];
$page = RepPIntvar($page);
$start = 0;
$offset = $page * $line;
$url = "<a href=ListMember.php" . $ecms_hashur['whehref'] . ">管理会员</a>";
$add = "";
//搜索
$sear = $_POST['sear'];
if (empty($sear)) {
    $sear = $_GET['sear'];
}
$sear = RepPostStr($sear, 1);
if ($sear) {
    $groupid = $_POST['groupid'];
    if (empty($groupid)) {
        $groupid = $_GET['groupid'];
    }
    $keyboard = $_POST['keyboard'];
    if (empty($keyboard)) {
        $keyboard = $_GET['keyboard'];
    }
    $keyboard = RepPostVar2($keyboard);
    $show = (int) $_GET['show'];
    if ($keyboard) {
        if ($show == 2) {
            $add = " where " . egetmf('email') . " like '%{$keyboard}%'";
        } else {
示例#22
0
文件: task.php 项目: novnan/meiju
    if ($r['dohour']) {
        $re['chdate'] .= '-' . $dr[2];
        $re['date'] .= '-G';
    }
    if ($r['dominute']) {
        $re['chdate'] .= '-' . $dr[3];
        $re['date'] .= '-i';
    }
    if (date($re['date'], $r['lastdo']) == $re['chdate']) {
        return false;
    }
    return true;
}
$retasktime = 20;
$tasksql = "select id,filename,lastdo,doweek,doday,dohour,dominute,userid,taskname from {$dbtbpre}enewstask where isopen=1 and (userid=0 or (userid<>0 and userid='{$logininid}'))";
$ecms = RepPostStr($_GET['ecms'], 1);
echo "<title>执行计划任务</title><link href='adminstyle/" . $loginadminstyleid . "/adminstyle.css' rel='stylesheet' type='text/css'>";
//执行
if ($ecms == 'dotask') {
    $id = (int) $_GET['id'];
    if (empty($id)) {
        exit;
    }
    $r = $empire->fetch1("select id,filename,lastdo,doweek,doday,dohour,dominute,userid,taskname from {$dbtbpre}enewstask where id={$id} and isopen=1 limit 1");
    $file = '../tasks/' . $r['filename'];
    if (empty($r['id']) || empty($r['filename']) || !file_exists($file)) {
        exit;
    }
    $lasttime = CheckDoTask($r);
    if ($lasttime) {
        echo "<script>parent.WriteTaskLog('任务 <" . $r['taskname'] . "> 开始执行......');</script>";
示例#23
0
    $type = (int) $type;
    $filepass = (int) $filepass;
    if ($action == "catchimage") {
        for ($i = 0; $i < count($file_r['list']); $i++) {
            if ($file_r['list'][$i]['state'] == "SUCCESS") {
                $title = RepPostStr(trim($file_r['list'][$i]['title']));
                $filesize = RepPostStr(trim($file_r['list'][$i]['size']));
                $original = RepPostStr(trim($file_r['list'][$i]['original']));
                eInsertFileTable($title, $filesize, $filepath, $username, $classid, $original, $type, $filepass, $filepass, $public_r[fpath], 0, 0, 0);
            }
        }
    } else {
        if ($file_r['state'] == "SUCCESS") {
            $title = RepPostStr(trim($file_r[title]));
            $filesize = RepPostStr(trim($file_r[size]));
            $original = RepPostStr(trim($file_r[original]));
            eInsertFileTable($title, $filesize, $filepath, $username, $classid, $original, $type, $filepass, $filepass, $public_r[fpath], 0, 0, 0);
        }
    }
    // 反馈附件入库
    //eInsertFileTable($tfr[filename],$filesize,$filepath,'[Member]'.$username,$classid,'[FB]'.addslashes(RepPostStr($add[title])),$type,$filepass,$filepass,$public_r[fpath],0,4,0);
}
/* 输出结果 */
if (isset($_GET["callback"])) {
    if (preg_match("/^[\\w_]+\$/", $_GET["callback"])) {
        echo htmlspecialchars($_GET["callback"]) . '(' . $result . ')';
    } else {
        echo json_encode(array('state' => 'callback参数不合法'));
    }
} else {
    echo $result;
示例#24
0
文件: file.php 项目: novnan/meiju
echo $tranname;
?>
附件</td>
          </tr>
          <tr bgcolor="#FFFFFF"> 
            <td width="16%">远程保存</td>
            <td width="84%"><input name="tranurl" type="text" id="tranurl" value="http://" size="36"></td>
          </tr>
          <tr bgcolor="#FFFFFF"> 
            <td>本地上传</td>
            <td><input name="file" type="file" size="32"> </td>
          </tr>
          <tr bgcolor="#FFFFFF"> 
            <td>文件别名</td>
            <td><input name="no" type="text" id="no" value="<?php 
echo RepPostStr($_GET['fileno'], 1);
?>
" size="36"> 
            </td>
          </tr>
          <tr bgcolor="#FFFFFF"> 
            <td>图片选项</td>
            <td> <input name="getmark" type="checkbox" id="getmark" value="1"> 
              <a href="../SetEnews.php<?php 
echo $ecms_hashur['whehref'];
?>
" target="_blank">加水印</a> <input name="getsmall" type="checkbox" id="getsmall" value="1">
              生成缩略图:宽度 <input name="width" type="text" id="width" value="<?php 
echo $public_r['spicwidth'];
?>
" size="6">
示例#25
0
require "../class/connect.php";
include "../class/db_sql.php";
include "../class/functions.php";
$link = db_connect();
$empire = new mysqlquery();
//验证用户
$lur = is_login();
$logininid = $lur['userid'];
$loginin = $lur['username'];
$loginrnd = $lur['rnd'];
$loginlevel = $lur['groupid'];
$loginadminstyleid = $lur['adminstyleid'];
//ehash
$ecms_hashur = hReturnEcmsHashStrAll();
$ecms = RepPostStr($_GET['ecms'], 1);
$classid = RepPostStr($_GET['classid'], 1);
$fcjsfile = '../data/fc/cmsclass.js';
$do_class = GetFcfiletext($fcjsfile);
$do_class = str_replace("<option value='{$classid}'", "<option value='{$classid}' selected", $do_class);
//增加信息页导航
if ($ecms == 1) {
    //$show="增加信息:<select name=\\\"select\\\" onchange=\\\"if(this.options[this.selectedIndex].value!=0){self.location.href='AddNews.php?".$ecms_hashur['ehref']."&bclassid=&classid='+this.options[this.selectedIndex].value+'&enews=AddNews';}\\\"><option value='0'>选择增加信息的栏目</option>".$do_class."</select>";
    //echo"<script>parent.document.getElementById(\"showclassnav\").innerHTML=\"".$show."\";</script>";
    $show = "<select name='copyclassid[]' id='copyclassid[]' size='12' style='width:320' multiple>" . $do_class . "</select>";
    echo "<script>parent.document.getElementById(\"copyinfoshowclassnav\").innerHTML=\"" . $show . "\";</script>";
} elseif ($ecms == 2) {
    $show = "<select name='addclassid' id='addclassid'><option value='0'>选择增加信息的栏目</option>" . $do_class . "</select>";
    echo "<script>parent.document.getElementById(\"showaddclassnav\").innerHTML=\"" . $show . "\";";
    $show = "<select name='classid' id='classid'><option value='0'>所有栏目</option>" . $do_class . "</select>";
    echo "parent.document.getElementById(\"searchclassnav\").innerHTML=\"" . $show . "\";";
    $show = "<select name='to_classid' id='to_classid'><option value='0'>选择要移动/复制的目标栏目</option>" . $do_class . "</select>";
示例#26
0
$loginrnd = $lur['rnd'];
$loginlevel = $lur['groupid'];
$loginadminstyleid = $lur['adminstyleid'];
//ehash
$ecms_hashur = hReturnEcmsHashStrAll();
//验证权限
CheckLevel($logininid, $loginin, $classid, "votemod");
$enews = ehtmlspecialchars($_GET['enews']);
$r[width] = 500;
$r[height] = 300;
$voteclass0 = " checked";
$doip0 = " checked";
$editnum = 8;
$url = "<a href=ListVoteMod.php" . $ecms_hashur['whehref'] . ">管理预设投票</a>&nbsp;>&nbsp;增加预设投票";
//复制
$docopy = RepPostStr($_GET['docopy'], 1);
if ($docopy && $enews == "AddVoteMod") {
    $copyvote = 1;
}
//修改
if ($enews == "EditVoteMod" || $copyvote) {
    if ($copyvote) {
        $thisdo = "复制";
    } else {
        $thisdo = "修改";
    }
    $voteid = (int) $_GET['voteid'];
    $r = $empire->fetch1("select * from {$dbtbpre}enewsvotemod where voteid='{$voteid}'");
    $url = "<a href=ListVoteMod.php" . $ecms_hashur['whehref'] . ">管理预设投票</a>&nbsp;>&nbsp;" . $thisdo . "预设投票:<b>" . $r[title] . "</b>";
    $str = "dotime" . $r[dotime];
    ${$str} = " selected";
示例#27
0
function DelMorePlByText($add, $logininid, $loginin)
{
    global $empire, $dbtbpre, $class_r;
    CheckLevel($logininid, $loginin, $classid, "pl");
    //验证权限
    //变量处理
    $saytext = RepPostStr($add['saytext']);
    if (!$saytext) {
        printerror("EmptyDelMorePl", "history.go(-1)");
    }
    $classid = (int) $add['classid'];
    $where = '';
    //栏目
    if ($classid) {
        if (empty($class_r[$classid][islast])) {
            $cwhere = ReturnClass($class_r[$classid][sonclass]);
        } else {
            $cwhere = "classid='{$classid}'";
        }
        $where .= $cwhere . ' and ';
    }
    //发布内容
    $twhere = '';
    $or = '';
    $tr = explode('|', $saytext);
    $count = count($tr);
    for ($i = 0; $i < $count; $i++) {
        $twhere .= $or . "saytext like '%" . $tr[$i] . "%'";
        $or = ' or ';
    }
    $where .= '(' . $twhere . ')';
    $tbr = $empire->fetch1("select pldatatbs from {$dbtbpre}enewspublic limit 1");
    if ($tbr['pldatatbs']) {
        $dtbr = explode(',', $tbr['pldatatbs']);
        $tcount = count($dtbr) - 1;
        for ($ti = 1; $ti < $tcount; $ti++) {
            $sql = $empire->query("select plid,id,classid from {$dbtbpre}enewspl_data_" . $dtbr[$ti] . " where " . $where);
            while ($r = $empire->fetch($sql)) {
                if ($class_r[$r[classid]][tbname]) {
                    $empire->query("update {$dbtbpre}ecms_" . $class_r[$r[classid]][tbname] . " set plnum=plnum-1 where id='{$r['id']}'");
                }
                $empire->query("delete from {$dbtbpre}enewspl where plid='{$r['plid']}'");
                $empire->query("delete from {$dbtbpre}enewspl_data_" . $dtbr[$ti] . " where plid='{$r['plid']}'");
            }
        }
    }
    insert_dolog("");
    //操作日志
    printerror("DelPlSuccess", "DelMorePl.php");
}
示例#28
0
文件: ListTags.php 项目: novnan/meiju
    $add .= " and cid='{$cid}'";
    $search .= "&cid={$cid}";
}
//关键字
if ($_GET['keyboard']) {
    $keyboard = RepPostVar($_GET['keyboard']);
    $show = (int) $_GET['show'];
    if ($show == 1) {
        $add .= " and tagid='{$keyboard}'";
    } else {
        $add .= " and tagname like '%{$keyboard}%'";
    }
    $search .= "&show={$show}&keyboard={$keyboard}";
}
//排序
$orderby = RepPostStr($_GET['orderby'], 1);
if ($orderby == 1) {
    $doorder = 'tagid asc';
} elseif ($orderby == 2) {
    $doorder = 'num desc';
} elseif ($orderby == 3) {
    $doorder = 'num asc';
} else {
    $doorder = 'tagid desc';
}
$search .= "&orderby={$orderby}";
$add = $add ? ' where ' . substr($add, 5) : '';
$query = "select tagid,tagname,num,isgood,cid from {$dbtbpre}enewstags" . $add;
$totalquery = "select count(*) as total from {$dbtbpre}enewstags" . $add;
$num = $empire->gettotal($totalquery);
//取得总条数
示例#29
0
function register($add)
{
    global $empire, $dbtbpre, $public_r, $ecms_config;
    //关闭注册
    if ($public_r['register_ok']) {
        printerror('CloseRegister', '', 1);
    }
    //验证时间段允许操作
    eCheckTimeCloseDo('reg');
    //验证IP
    eCheckAccessDoIp('register');
    if (!empty($ecms_config['member']['registerurl'])) {
        Header("Location:" . $ecms_config['member']['registerurl']);
        exit;
    }
    //已经登陆不能注册
    if (getcvar('mluserid')) {
        printerror('LoginToRegister', '', 1);
    }
    CheckCanPostUrl();
    //验证来源
    $username = trim($add['username']);
    $password = trim($add['password']);
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    $email = RepPostStr($add['email']);
    if (!$username || !$password || !$email) {
        printerror("EmptyMember", "history.go(-1)", 1);
    }
    $tobind = (int) $add['tobind'];
    //验证码
    $keyvname = 'checkregkey';
    if ($public_r['regkey_ok']) {
        ecmsCheckShowKey($keyvname, $add['key'], 1);
    }
    $user_groupid = eReturnMemberDefGroupid();
    $groupid = (int) $add['groupid'];
    $groupid = empty($groupid) ? $user_groupid : $groupid;
    CheckMemberGroupCanReg($groupid);
    //IP
    $regip = egetip();
    $regipport = egetipport();
    //用户字数
    $pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1");
    $userlen = strlen($username);
    if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) {
        printerror('FaiUserlen', '', 1);
    }
    //密码字数
    $passlen = strlen($password);
    if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) {
        printerror('FailPasslen', '', 1);
    }
    if ($add['repassword'] !== $password) {
        printerror('NotRepassword', '', 1);
    }
    if (!chemail($email)) {
        printerror('EmailFail', '', 1);
    }
    if (strstr($username, '|') || strstr($username, '*')) {
        printerror('NotSpeWord', '', 1);
    }
    //同一IP注册
    eCheckIpRegTime($regip, $pr['regretime']);
    //保留用户
    toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword');
    $username = RepPostStr($username);
    //重复用户
    $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
    if ($num) {
        printerror('ReUsername', '', 1);
    }
    //重复邮箱
    if ($pr['regemailonly']) {
        $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' limit 1");
        if ($num) {
            printerror('ReEmailFail', '', 1);
        }
    }
    //注册时间
    $lasttime = time();
    $registertime = eReturnAddMemberRegtime();
    $rnd = make_password(20);
    //产生随机密码
    $userkey = eReturnMemberUserKey();
    //密码
    $truepassword = $password;
    $salt = eReturnMemberSalt();
    $password = eDoMemberPw($password, $salt);
    //审核
    $checked = ReturnGroupChecked($groupid);
    if ($checked && $public_r['regacttype'] == 1) {
        $checked = 0;
    }
    //验证附加表必填项
    $mr['add_filepass'] = ReturnTranFilepass();
    $fid = GetMemberFormId($groupid);
    $member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username);
    $sql = $empire->query("insert into " . eReturnMemberTable() . "(" . eReturnInsertMemberF('username,password,rnd,email,registertime,groupid,userfen,userdate,money,zgroupid,havemsg,checked,salt,userkey') . ") values('{$username}','{$password}','{$rnd}','{$email}','{$registertime}','{$groupid}','{$public_r['reggetfen']}','0','0','0','0','{$checked}','{$salt}','{$userkey}');");
    //取得userid
    $userid = $empire->lastid();
    //附加表
    $addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'");
    if (!$addr[userid]) {
        $spacestyleid = ReturnGroupSpaceStyleid($groupid);
        $sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}','{$lasttime}','{$regip}','1','{$regipport}','{$regipport}'" . $member_r[1] . ");");
    }
    //更新附件
    UpdateTheFileOther(6, $userid, $mr['add_filepass'], 'member');
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    //绑定帐号
    if ($tobind) {
        MemberConnect_BindUser($userid);
    }
    if ($sql) {
        //邮箱激活
        if ($checked == 0 && $public_r['regacttype'] == 1) {
            include 'class/member_actfun.php';
            SendActUserEmail($userid, $username, $email);
        }
        //审核
        if ($checked == 0) {
            $location = DoingReturnUrl("../../", $_POST['ecmsfrom']);
            printerror("RegisterSuccessCheck", $location, 1);
        }
        $logincookie = 0;
        if ($ecms_config['member']['regcookietime']) {
            $logincookie = time() + $ecms_config['member']['regcookietime'];
        }
        $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
        $set1 = esetcookie("mlusername", $username, $logincookie);
        $set2 = esetcookie("mluserid", $userid, $logincookie);
        $set3 = esetcookie("mlgroupid", $groupid, $logincookie);
        $set4 = esetcookie("mlrnd", $rnd, $logincookie);
        //验证符
        qGetLoginAuthstr($userid, $username, $rnd, $groupid, $logincookie);
        //登录附加cookie
        AddLoginCookie($r);
        $location = "../member/cp/";
        $returnurl = getcvar('returnurl');
        if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) {
            $location = $returnurl;
        }
        $set5 = esetcookie("returnurl", "");
        //易通行系统
        DoEpassport('reg', $userid, $username, $truepassword, $salt, $email, $groupid, $registertime);
        $location = DoingReturnUrl($location, $_POST['ecmsfrom']);
        printerror("RegisterSuccess", $location, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
示例#30
0
if ($infomod_r[sonclass] == '|' . $classid . '|' && $singletable == 1) {
    $ewhere = $add ? ' where ' . substr($add, 5) : '';
} else {
    $ewhere = " where classid='{$classid}'" . $add;
}
//统计
$totalquery = "select count(*) as total from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . "_doc" . $ewhere;
$totalnum = (int) $_GET['totalnum'];
if ($totalnum < 1) {
    $num = $empire->gettotal($totalquery);
    //取得总条数
} else {
    $num = $totalnum;
}
//排序
$myorder = RepPostStr($_GET['myorder'], 1);
if ($myorder == 1) {
    $doorder = "newstime desc";
} elseif ($myorder == 2) {
    $doorder = "plnum desc";
} elseif ($myorder == 3) {
    $doorder = "onclick desc";
} elseif ($myorder == 4) {
    $doorder = "id desc";
} else {
    $thisclassr = $empire->fetch1("select listorder from {$dbtbpre}enewsclass where classid='{$classid}'");
    if (empty($thisclassr[listorder])) {
        $doorder = "id desc";
    } else {
        $doorder = $thisclassr[listorder];
    }