function process_data($type, $references, $indicators, $validate_only, $data, $logfh) { $rt = array('error' => ''); // first 3 columns of any type are required. $name = $data[0]; if (in_array(strtolower($name), $indicators)) { $rt['error'] .= "Name already exist. "; } $question = $data[1]; if ($question == '') { $rt['error'] .= "Missing required [Question] field. "; } $patterns = array('/^\\s+|\\s+$/', '/\\s+/'); $replace = array('', ' '); $reference = preg_replace($patterns, $replace, strtolower($data[2])); $reference_id = array_search($reference, $references); if (!isset($reference_id) || $reference_id == 0 || $reference_id == FALSE) { $rt['error'] .= "Reference [" . $reference . "]" . " is not defined in the database." . " Reference1: [" . $references[0] . "]"; $rt['status'] = 1; } $tip = $data[3]; switch ($type) { case 'integer': $min = SQLString($data[4], 'int'); $max = SQLString($data[5], 'int'); $criteria = $data[6]; $default = SQLString($data[7], 'int'); // check min and max, should be integer $rt['error'] .= is_integer($min) ? '' : " Min value is required and must be integer [" . $min . "]."; $rt['error'] .= is_integer($max) ? '' : " Max value is required and must be integer [" . $max . "]."; $rt['error'] .= $min <= $max ? '' : " Min value [" . $min . "] must be less than or equal to Max value [" . $max . "]."; // check criteria // $rt['error'] .= ! empty($criteria) ? '' : " Criteria is required."; // check default value $rt['error'] .= isset($default) && $default != "NULL" && (!is_integer($default) || ($default < $min || $default > $max)) ? " Default value [" . $default . "] must be integer and must be between Min value [" . $min . "] and Max value [" . $max . "]." : ''; if (!empty($rt['error']) || $validate_only) { return $rt; } // finished check. compose sql $criteria = SQLString($criteria, 'text'); $sql = sprintf("INSERT INTO answer_type_integer (min_value, max_value, default_value, criteria)\n\t\t\t\t\t\t\t\tVALUES ( %d, %d, %s, %s)", $min, $max, $default, $criteria); $st = mysql_query($sql); if (!$st) { $rt['error'] .= " Error insert into answer_type_integer: " . mysql_error() . "\n"; $rt['error'] .= "\tSQL:: [" . $sql . "]\n"; } else { $answer_type_id = mysql_insert_id(); $sql = sprintf("INSERT INTO survey_indicator ( name, question, answer_type, answer_type_id, reference_id, tip,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tcreate_user_id, create_time)\n\t\t\t\t\t\t\t\t\tVALUES (%s, %s, %d, %d, %d, %s, %d, now())", SQLString($name, 'text'), SQLString($question, 'text'), INTEGER, $answer_type_id, $reference_id, SQLString($tip, 'text'), $_SESSION['user_id']); $st = mysql_query($sql); if (!$st) { $rt['error'] .= " Error inserting into survey_indicator: " . mysql_error() . "\n"; $rt['error'] .= "\tSQL:: [" . $sql . "]\n"; } } return $rt; break; case 'float': $min = $data[4]; $max = $data[5]; $criteria = $data[6]; $default = $data[7]; // check min and max, should be float $rt['error'] .= is_numeric($min) ? '' : " Min value is required and must be float [" . $min . "]."; $rt['error'] .= is_numeric($max) ? '' : " Max value is required and must be float [" . $max . "]."; $rt['error'] .= $min <= $max ? '' : " Min value [" . $min . "] must be less than or equal to Max value [" . $max . "]."; // check criteria // $rt['error'] .= ! empty($criteria) ? '' : " Criteria is required."; // check default value $rt['error'] .= isset($default) && $default != '' && (!is_numeric($default) || ($default < $min || $default > $max)) ? " Default value [" . $default . "] must be float and must be between Min value [" . $min . "] and Max value [" . $max . "]." : ''; if (!empty($rt['error']) || $validate_only) { return $rt; } // finished check. compose sql $criteria = SQLString($criteria, 'text'); $default = SQLString($default, 'double'); $sql = sprintf("INSERT INTO answer_type_float (min_value, max_value, default_value, criteria)\n\t\t\t\t\t\t\t\tVALUES ( %f, %f, %s, %s)", $min, $max, $default, $criteria); $st = mysql_query($sql); if (!$st) { $rt['error'] .= " Error insert into answer_type_float: " . mysql_error() . "\n"; $rt['error'] .= "\tSQL:: [" . $sql . "]\n"; } else { $answer_type_id = mysql_insert_id(); $sql = sprintf("INSERT INTO survey_indicator ( name, question, answer_type, answer_type_id, reference_id, tip,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tcreate_user_id, create_time)\n\t\t\t\t\t\t\t\t\tVALUES (%s, %s, %d, %d, %d, %s, %d, now())", SQLString($name, 'text'), SQLString($question, 'text'), FLOAT, $answer_type_id, $reference_id, SQLString($tip, 'text'), $_SESSION['user_id']); $st = mysql_query($sql); if (!$st) { $rt['error'] .= " Error inserting into survey_indicator: " . mysql_error() . "\n"; $rt['error'] .= "\tSQL:: [" . $sql . "]\n"; } } return $rt; break; case 'text': $min = SQLString($data[4], 'int'); $max = SQLString($data[5], 'int'); $criteria = $data[6]; // check min and max, should be integer $rt['error'] .= is_integer($min) ? '' : " Min length is required and must be integer [" . $min . "]."; $rt['error'] .= is_integer($max) ? '' : " Max length is required and must be integer [" . $max . "]."; $rt['error'] .= $min <= $max ? '' : " Min length [" . $min . "] must be less than or equal to Max length [" . $max . "]."; // check criteria // $rt['error'] .= ! empty($criteria) ? '' : " Criteria is required."; if (!empty($rt['error']) || $validate_only) { return $rt; } // finished check. compose sql $criteria = SQLString($criteria, 'text'); $sql = sprintf("INSERT INTO answer_type_text (min_chars, max_chars, criteria)\n\t\t\t\t\t\t\t\tVALUES ( %d, %d, %s)", $min, $max, $criteria); $st = mysql_query($sql); if (!$st) { $rt['error'] .= " Error insert into answer_type_text: " . mysql_error() . "\n"; $rt['error'] .= "\tSQL:: [" . $sql . "]\n"; } else { $answer_type_id = mysql_insert_id(); $sql = sprintf("INSERT INTO survey_indicator ( name, question, answer_type, answer_type_id, reference_id, tip,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tcreate_user_id, create_time)\n\t\t\t\t\t\t\t\t\tVALUES (%s, %s, %d, %d, %d, %s, %d, now())", SQLString($name, 'text'), SQLString($question, 'text'), TEXT, $answer_type_id, $reference_id, SQLString($tip, 'text'), $_SESSION['user_id']); $st = mysql_query($sql); if (!$st) { $rt['error'] .= " Error inserting into survey_indicator: " . mysql_error() . "\n"; $rt['error'] .= "\tSQL:: [" . $sql . "]\n"; } } return $rt; break; case $type == 'single' || $type == 'multiple': // fields 4-11 are required since at least 2 sets are needed // only one set can be default $have_default = 0; $set = 0; $base = 4; $size = 4; while (1) { if (!isset($data[$base]) || $data[$base] == '') { break; } $label[$set] = $data[$base]; $score[$set] = $data[$base + 1]; $criteria[$set] = $data[$base + 2]; $default[$set] = strtolower($data[$base + 3]); if (!isset($score[$set])) { $rt['error'] .= " Score for choice set " . ($set + 1) . " is required. " . " Base label: " . $data[$base] . ", Score: " . $score[$set]; } elseif (!is_numeric($score[$set])) { $rt['error'] .= " Score for choice set " . ($set + 1) . " must be a number. "; } // $rt['error'] .= ( ! empty($data[$base + 2]) ) ? // '' : " Criteria for choice set " . ($set + 1) . " is required. "; $rt['error'] .= $default[$set] == 'yes' || $default[$set] == 'no' ? '' : " Is_Default for choice set " . ($set + 1) . " is required and must be a value of 'YES' or 'NO' "; if ($default[$set] == 'yes') { if ($have_default == 1 && $type == 'single') { $rt['error'] .= " More than one default answer is specified for single choice type."; } else { $have_default = 1; $default[$set] = 1; } } $base = $base + $size; // move on to next set $set++; } if ($set < 2) { $rt['error'] .= " At least 2 sets of choices are required."; } if (!empty($rt['error']) || $validate_only == 1) { // have a problem or just want to validate. break; } // run sql // get an id from answer_type_choice first $atc_sql = "INSERT INTO answer_type_choice VALUES () "; $st = mysql_query($atc_sql); if (!$st) { $rt['error'] .= "Error inserting into answer_type_choice: " . mysql_error(); return $rt; } $atc_id = mysql_insert_id(); $weight = 1; $mask = 1; foreach ($label as $ind => $value) { //LABEL=>$value SCORE=> $score[$ind] CRITERIA=>$criteria[$ind] DEFAULT=> $default[$ind] $atc_sql = sprintf("INSERT INTO atc_choice (answer_type_choice_id, label, score, criteria, weight, mask, default_selected)\n\t\t\t\t\t\t\t\t\t\tVALUES ( %d, %s, %d, %s, %d, %d, %d)", $atc_id, SQLString($value, 'text'), $score[$ind] * 10000, SQLString($criteria[$ind], 'text'), $weight, $mask, $default[$ind]); $st = mysql_query($atc_sql); if (!$st) { $rt['error'] .= "Error inserting into atc_choice: " . mysql_error() . "\n"; $rt['error'] .= "\tSQL:: [" . $atc_sql . "]\n"; return $rt; } $weight++; $mask = $mask * 2; } // ready to insert survey_indicator $si_sql = sprintf("INSERT INTO survey_indicator (name, question, answer_type, answer_type_id, reference_id, tip, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tcreate_user_id, create_time)\n\t\t\t\t\t\t\t\t\tVALUES (%s, %s, %d, %d, %d, %s, %d, now())", SQLString($name, 'text'), SQLString($question, 'text'), SINGLE, $atc_id, $reference_id, SQLString($tip, 'text'), $_SESSION['user_id']); $st = mysql_query($si_sql); if (!$st) { $rt['error'] .= "Error inserting into survey_indicator: " . mysql_error() . "\n"; $rt['error'] .= "\tSQL:: [" . $si_sql . "]\n"; return $rt; } break; default: $rt['status'] = 1; $rt['error'] = 'Unknown type.'; break; } return $rt; }
/** * 迷你同学录 (http://mini_class.piscdong.com/) * (c)PiscDong studio (http://www.piscdong.com/) * * 程序完全免费,请保留这段代码。 * 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。 */ if ($c_log && $pa == 9) { $title .= '特殊功能'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['g_open'])) { $g_open = $_POST['g_open'] != 1 ? 0 : 1; $g_name = htmlspecialchars(trim($_POST['g_name']), ENT_QUOTES); $g_pwd = htmlspecialchars(trim($_POST['g_pwd']), ENT_QUOTES); $u_db = sprintf('update %s set g_open=%s, g_name=%s, g_pwd=%s', $dbprefix . 'main', SQLString($g_open, 'int'), SQLString($g_name, 'text'), SQLString($g_pwd, 'text')); $result = mysql_query($u_db) or die(''); $e = 1; } elseif (isset($_POST['mgc']) && trim($_POST['mgc']) != '') { if (isset($a_mgc) && count($a_mgc) > 0) { foreach ($a_mgc as $v) { if (trim($v) != '') { $at_mgc[trim($v)] = trim($v); } } } $nmgc = $g_name = htmlspecialchars(trim($_POST['mgc']), ENT_QUOTES); $at_mgc[trim($nmgc)] = trim($nmgc); $mgc_c = "<?php"; foreach ($at_mgc as $v) { $mgc_c .= "\r\n\$a_mgc[]='" . $v . "';";
} } else { header('Location:./'); exit; } mysql_free_result($q_dbc); } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($c_log) { $title = htmlspecialchars(trim($_POST['title']), ENT_QUOTES); $cont = htmlspecialchars(trim($_POST['rinfo']), ENT_QUOTES); $cdate = htmlspecialchars(trim($_POST['cdate']), ENT_QUOTES); $cloc = htmlspecialchars(trim($_POST['cloc']), ENT_QUOTES); $cpay = htmlspecialchars(trim($_POST['cpay']), ENT_QUOTES); if ($title != '') { $i_db = sprintf('insert into %s (title, content, cdate, cloc, cpay, aid, datetime) values (%s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'camp', SQLString($title, 'text'), SQLString($cont, 'text'), SQLString($cdate, 'text'), SQLString($cloc, 'text'), SQLString($cpay, 'text'), $_SESSION[$config['u_hash']], time()); $result = mysql_query($i_db) or die(''); $nid = mysql_insert_id(); setsinfo($pn . ' 发起新活动', $_SESSION[$config['u_hash']], $nid, 3); } } header('Location:./?m=camp'); exit; } else { $title .= '班级活动'; $s_a_dbc = sprintf('select a.*, b.name from %s as a, %s as b where a.aid=b.id and a.disp=0 order by a.closed, a.sticky desc, a.datetime desc', $dbprefix . 'camp', $dbprefix . 'member'); $q_a_dbc = mysql_query($s_a_dbc) or die(''); $c_dbc = mysql_num_rows($q_a_dbc); if ($c_dbc > 0) { $p_dbc = ceil($c_dbc / $config['pagesize']); if ($page > $p_dbc) {
* (c)PiscDong studio (http://www.piscdong.com/) * * 程序完全免费,请保留这段代码。 * 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。 */ if ($c_log) { $title .= '短消息'; $page = isset($_GET['page']) && intval($_GET['page']) > 0 ? intval($_GET['page']) : 1; if (isset($_GET['id']) && intval($_GET['id']) > 0 && intval($_GET['id']) != $_SESSION[$config['u_hash']] && getainfo(intval($_GET['id']), 'id')) { $tid = intval($_GET['id']); $tn = getainfo($tid, 'name'); $title .= ' - ' . $tn['name']; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $cont = htmlspecialchars(trim($_POST['rinfo']), ENT_QUOTES); if ($cont != '') { $i_db = sprintf('insert into %s (content, aid, tid, datetime, readed) values (%s, %s, %s, %s, 1)', $dbprefix . 'message', SQLString($cont, 'text'), $_SESSION[$config['u_hash']], $tid, time()); $result = mysql_query($i_db) or die(''); } header('Location:./?m=message&id=' . $tid); exit; } else { $content .= '<div class="title" id="send">发消息 - 收件人:' . $tn['name'] . '</div><div class="lcontent"><form method="post" action="" class="btform" id="lyform"><textarea name="rinfo" id="forminfor0" rows="4" style="width: 95%" class="bt_input" rel="内容"></textarea><br/><input type="submit" value="发消息" /></form></div>'; $s_a_dbg = sprintf('select * from %s where (aid=%s and tid=%s) or (tid=%s and aid=%s) order by datetime desc', $dbprefix . 'message', $tid, $_SESSION[$config['u_hash']], $tid, $_SESSION[$config['u_hash']]); $q_a_dbg = mysql_query($s_a_dbg) or die(''); $c_dbg = mysql_num_rows($q_a_dbg); if ($c_dbg > 0) { $content .= '<div class="title">聊天记录</div>'; $p_dbg = ceil($c_dbg / $config['pagesize']); if ($page > $p_dbg) { $page = $p_dbg; }
$q_dbo = mysql_query($s_dbo) or die(''); $r_dbo = mysql_fetch_assoc($q_dbo); if (mysql_num_rows($q_dbo) > 0) { if (time() - $r_dbo['datetime'] > 600) { $u_db = sprintf('update %s set visit=visit+1, visitdate=%s where id=%s', $dbprefix . 'member', time(), $_SESSION[$config['u_hash']]); $result = mysql_query($u_db) or die(''); } $u_db = sprintf('update %s set datetime=%s, online=1, ip_i=inet_aton(%s) where aid=%s', $dbprefix . 'online', time(), SQLString(getIP(), 'text'), $_SESSION[$config['u_hash']]); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, datetime, ip_i) values (%s, %s, inet_aton(%s))', $dbprefix . 'online', $_SESSION[$config['u_hash']], time(), SQLString(getIP(), 'text')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dbo); } elseif (isset($_COOKIE[$config['u_hash'] . '_u']) && $_COOKIE[$config['u_hash'] . '_u'] != '' && isset($_COOKIE[$config['u_hash'] . '_p']) && $_COOKIE[$config['u_hash'] . '_p'] != '') { $s_dbu = sprintf('select id, name, status, power from %s where username=%s and password=%s limit 1', $dbprefix . 'member', SQLString($_COOKIE[$config['u_hash'] . '_u'], 'text'), SQLString($_COOKIE[$config['u_hash'] . '_p'], 'text')); $q_dbu = mysql_query($s_dbu) or die(''); $r_dbu = mysql_fetch_assoc($q_dbu); if (mysql_num_rows($q_dbu) > 0) { if ($r_dbu['status'] == 0 || $config['veri'] > 0) { $u_db = sprintf('update %s set visit=visit+1, visitdate=%s where id=%s', $dbprefix . 'member', time(), $r_dbu['id']); $result = mysql_query($u_db) or die(''); session_unset(); session_start(); $_SESSION[$config['u_hash']] = $r_dbu['id']; $pa = $r_dbu['power']; $pn = $r_dbu['name']; $c_log = true; } } mysql_free_result($q_dbu);
$cont = htmlspecialchars(trim($_POST['rinfo']), ENT_QUOTES); if ($cont != '') { $time = time(); $rid = isset($_POST['rid']) && intval($_POST['rid']) > 0 ? intval($_POST['rid']) : 0; $i_db = sprintf('insert into %s (content, aid, datetime, lasttime, rid) values (%s, %s, %s, %s, %s)', $dbprefix . 'topic', SQLString($cont, 'text'), $_SESSION[$config['u_hash']], $time, $time, $rid); $result = mysql_query($i_db) or die(''); if ($rid > 0) { $u_db = sprintf('update %s set lasttime=%s where id=%s', $dbprefix . 'topic', $time, $rid); $result = mysql_query($u_db) or die(''); $jid = $rid; } else { $jid = mysql_insert_id(); } } } elseif (isset($_POST['vote']) && intval($_POST['vote']) > 0) { $s_dbt = sprintf('select id, content, datetime from %s where id=%s and tid=0 and mid=1 limit 1', $dbprefix . 'topic', SQLString($_POST['vote'], 'int')); $q_dbt = mysql_query($s_dbt) or die(''); $r_dbt = mysql_fetch_assoc($q_dbt); if (mysql_num_rows($q_dbt) > 0) { $cont = explode('[/]', $r_dbt['content']); if ($cont[1] == 0 || time() < $r_dbt['datetime'] + 86400 * $cont[1]) { if ($cont[2] > 0 && count($_POST['vote' . $r_dbt['id']]) > 0 || $_POST['vote' . $r_dbt['id']] != '') { $s_dbv = sprintf('select id from %s where tid=%s and aid=%s limit 1', $dbprefix . 'vote', $r_dbt['id'], $_SESSION[$config['u_hash']]); $q_dbv = mysql_query($s_dbv) or die(''); if (mysql_num_rows($q_dbv) == 0) { $time = time(); if ($cont[2] > 0) { foreach ($_POST['vote' . $r_dbt['id']] as $v) { $i_db = sprintf('insert into %s (aid, tid, vid, datetime) values (%s, %s, %s, %s)', $dbprefix . 'vote', $_SESSION[$config['u_hash']], $r_dbt['id'], $v, $time); $result = mysql_query($i_db) or die(''); }
$title .= '设置头像 - ' . $r_dbu['name']; $content .= '<div class="title">设置头像 - ' . $r_dbu['name'] . '</div><div class="lcontent">'; if (trim($r_dbu['photo']) != '') { $a_pho = explode('|', trim($r_dbu['photo'])); $js_c .= ' $("img[name=\'del_img\']").click(function(){ if(confirm(\'确认要删除?\'))location.href=\'?m=edituser&id=' . $id . '&t=avator&did=\'+$(this).data(\'id\'); });'; foreach ($a_pho as $k => $v) { if (isset($_GET['did']) && $_GET['did'] == $k) { if (!strstr($a_pho[$k], '://') && file_exists($a_pho[$k])) { unlink($a_pho[$k]); } unset($a_pho[$k]); $u_pho = join('|', $a_pho); $u_db = sprintf('update %s set photo=%s where id=%s', $dbprefix . 'member', SQLString($u_pho, 'text'), $r_dbu['id']); $result = mysql_query($u_db) or die(''); header('Location:./?m=edituser&id=' . $id . '&t=avator'); exit; } $content .= '<div class="photo_list"><img src="' . $v . '" class="photo" alt="" width="55" height="55"/> <img src="images/o_2.gif" alt="" title="删除" name="del_img" data-id="' . $k . '" class="f_link"/></div>'; } } else { $content .= '<img src="images/dphoto.jpg" class="photo" alt="" width="55" height="55"/>'; } $content .= '<div class="extr"></div></div>'; } else { $title .= '修改个人资料 - ' . $r_dbu['name']; $content .= '<div class="title">修改个人资料 - ' . $r_dbu['name'] . '</div><div class="lcontent"><form method="post" action="" class="btform" id="epform"><table><tr><td>姓名:</td><td><input name="name" size="32" value="' . $r_dbu['name'] . '" class="bt_input" rel="姓名" /></td></tr>'; if (isset($g_c) && isset($g_a) && count($g_a) > 1) { $content .= '<tr><td>身份:</td><td><select name="gid">';
$bir_m = $_POST['bir_m']; $bir_d = $_POST['bir_d']; $isnl = isset($_POST['isnl']) && $_POST['isnl'] == 1 ? 1 : 0; $url = htmlspecialchars(trim($_POST['url']), ENT_QUOTES); $email = htmlspecialchars(trim($_POST['email']), ENT_QUOTES); $phone = htmlspecialchars(trim($_POST['phone']), ENT_QUOTES); $work = htmlspecialchars(trim($_POST['work']), ENT_QUOTES); $tel = htmlspecialchars(trim($_POST['tel']), ENT_QUOTES); $qq = htmlspecialchars(trim($_POST['qq']), ENT_QUOTES); $msn = htmlspecialchars(trim($_POST['msn']), ENT_QUOTES); $gtalk = htmlspecialchars(trim($_POST['gtalk']), ENT_QUOTES); $address = htmlspecialchars(trim($_POST['address']), ENT_QUOTES); $location = htmlspecialchars(trim($_POST['location']), ENT_QUOTES); $rela = htmlspecialchars(trim($_POST['rela']), ENT_QUOTES); $sylorm = isset($_POST['sylorm']) && $_POST['sylorm'] == 1 ? 1 : 0; $u_db = sprintf('update %s set username=%s, name=%s, gender=%s, bir_y=%s, bir_m=%s, bir_d=%s, isnl=%s, url=%s, email=%s, phone=%s, work=%s, tel=%s, qq=%s, msn=%s, gtalk=%s, address=%s, location=%s, rela=%s, sylorm=%s where id=%s', $dbprefix . 'member', SQLString($username, 'text'), SQLString($name, 'text'), SQLString($gender, 'int'), SQLString($bir_y, 'int'), SQLString($bir_m, 'int'), SQLString($bir_d, 'int'), $isnl, SQLString($url, 'text'), SQLString($email, 'text'), SQLString($phone, 'text'), SQLString($work, 'text'), SQLString($tel, 'text'), SQLString($qq, 'text'), SQLString($msn, 'text'), SQLString($gtalk, 'text'), SQLString($address, 'text'), SQLString($location, 'text'), SQLString($rela, 'text'), $sylorm, $r_dbu['id']); $result = mysql_query($u_db) or die(''); setsinfo($name . ' 更新了个人资料', $r_dbu['id']); } header('Location:./?m=profile' . (isset($e) ? '&e=' . $e : '')); exit; } else { $a_msg = array(1 => '个人资料已修改。', '请使用其他的用户名!'); $content .= '<script type="text/javascript" src="http://api.map.baidu.com/api?v=1.3"></script>' . (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">个人资料</div><div class="lcontent"><form method="post" action="" class="btform" id="pfform"><table><tr><td>用户名:</td><td><input name="username" size="32" value="' . htmlspecialchars($r_dbu['username'], ENT_QUOTES) . '" class="bt_input" rel="用户名" /></td></tr><tr><td>姓名:</td><td><input name="name" size="32" value="' . $r_dbu['name'] . '" class="bt_input" rel="姓名" /></td></tr><tr><td>介绍:</td><td><input name="rela" size="32" value="' . $r_dbu['rela'] . '" /></td></tr><tr><td>性别:</td><td><input type="radio" name="gender" value="0"' . ($r_dbu['gender'] == 0 ? ' checked="checked"' : '') . ' />保密 <input type="radio" name="gender" value="1"' . ($r_dbu['gender'] == 1 ? ' checked="checked"' : '') . ' />男 <input type="radio" name="gender" value="2"' . ($r_dbu['gender'] == 2 ? ' checked="checked"' : '') . ' />女</td></tr><tr><td>生日:</td><td><input name="bir_y" size="5" maxsize="4" value="' . ($r_dbu['bir_y'] > 0 ? $r_dbu['bir_y'] : '') . '" />-<select name="bir_m">'; for ($i = 0; $i < 13; $i++) { $content .= '<option value="' . $i . '"' . ($r_dbu['bir_m'] == $i ? ' selected="selected"' : '') . '>' . ($i > 0 ? $i : '-') . '</option>'; } $content .= '</select>-<select name="bir_d">'; for ($i = 0; $i < 32; $i++) { $content .= '<option value="' . $i . '"' . ($r_dbu['bir_d'] == $i ? ' selected="selected"' : '') . '>' . ($i > 0 ? $i : '-') . '</option>'; }
case 'google': if ($config['is_google'] > 0 && $config['google_key'] != '' && $config['google_se'] != '') { require_once 'lib/google.php'; $o = new googlePHP($config['google_key'], $config['google_se']); $result = $o->access_token_refresh($r_dby['s_r']); if (isset($result['access_token']) && $result['access_token'] != '') { $r_dby['s_t'] = $result['access_token']; $r_dby['edate'] = time() + $result['expires_in']; } } break; case 'live': if ($config['is_live'] > 0 && $config['live_key'] != '' && $config['live_se'] != '') { require_once 'lib/live.php'; $o = new livePHP($config['live_key'], $config['live_se']); $result = $o->access_token_refresh($r_dby['s_r']); if (isset($result['access_token']) && $result['access_token'] != '') { $r_dby['s_t'] = $result['access_token']; $r_dby['s_r'] = $result['refresh_token']; $r_dby['edate'] = time() + $result['expires_in']; } } break; default: break; } $u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s, mdate=%s where id=%s', $dbprefix . 'm_sync', SQLString($r_dby['s_t'], 'text'), SQLString($r_dby['s_r'], 'text'), SQLString($r_dby['edate'], 'int'), time(), $r_dby['id']); $result = mysql_query($u_db) or die(''); echo '<script type="text/javascript">location.href=\'' . $f . '\';</script>'; } mysql_free_result($q_dby);
// show the text_item if (isset($_GET['action']) && $_GET['action'] == 'showTextItem') { $sql = sprintf("SELECT * FROM text_item WHERE text_resource_id = %d AND language_id = %d", $_GET['text_resource_id'], $_GET['language_id']); $st = mysql_query($sql); $rt = mysql_fetch_assoc($st); $rt['text_item_id'] = isset($rt['id']) ? $rt['id'] : -1; $rt['text'] = isset($rt['text']) ? $rt['text'] : ''; $rt['sql'] = $sql; $rt['query_status'] = mysql_error(); echo json_encode($rt); exit; } // update/save text_item if (isset($_GET['action']) && $_GET['action'] == 'saveTextItem') { $text = isset($_GET['text']) ? urldecode($_GET['text']) : ""; $text = SQLString($text, "text"); if (isset($_GET['text_item_id']) && $_GET['text_item_id'] > 0) { // update $sql = sprintf("UPDATE text_item SET text = %s WHERE id = %d", $text, $_GET['text_item_id']); } else { // insert $sql = sprintf("INSERT INTO text_item (text_resource_id, language_id, text) VALUES(%d, %d, %s) ", $_GET['text_resource_id'], $_GET['language_id'], $text); } $st = mysql_query($sql); $rt['text_item_id'] = mysql_insert_id() > 0 ? mysql_insert_id() : $_GET['text_item_id']; if ($st) { $rt['status_msg'] = "Text item saved successfully"; } else { $rt['status_msg'] = mysql_error(); } echo json_encode($rt);
function save_goal($sequence_id, $goal_id, $name, $description, $duration, $entrance_rule_desc, $inflight_rule_desc, $exit_rule_desc, $entrance_rule_file_name, $inflight_rule_file_name, $exit_rule_file_name) { $entrance_rule_desc = SQLString($entrance_rule_desc, "text"); $inflight_rule_desc = SQLString($inflight_rule_desc, "text"); $exit_rule_desc = SQLString($exit_rule_desc, "text"); $entrance_rule_file_name = SQLString($entrance_rule_file_name, "text"); $inflight_rule_file_name = SQLString($inflight_rule_file_name, "text"); $exit_rule_file_name = SQLString($exit_rule_file_name, "text"); if (is_numeric($goal_id) && $goal_id > 0) { // update $sql = sprintf("UPDATE goal \n\t\t\t\t\t\t\tSET \n\t\t\t\t\t\t\t\tname = %s, description = %s, duration = %d, \n\t\t\t\t\t\t\t\taccess_matrix_id = 0, entrance_rule_desc = %s, inflight_rule_desc = %s, exit_rule_desc = %s,\n\t\t\t\t\t\t\t\tentrance_rule_file_name = %s, inflight_rule_file_name = %s, exit_rule_file_name = %s\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tid = %d", $name, $description, $duration, $entrance_rule_desc, $inflight_rule_desc, $exit_rule_desc, $entrance_rule_file_name, $inflight_rule_file_name, $exit_rule_file_name, $goal_id); } else { // insert $sql = sprintf("INSERT INTO goal \n\t\t\t\t\t\t\t\t(workflow_sequence_id, name, description, duration, access_matrix_id, entrance_rule_desc, inflight_rule_desc, exit_rule_desc, entrance_rule_file_name, inflight_rule_file_name, exit_rule_file_name)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t(%d, %s, %s, %d, %d, %s, %s, %s, %s, %s, %s)", $sequence_id, $name, $description, $duration, 0, $entrance_rule_desc, $inflight_rule_desc, $exit_rule_desc, $entrance_rule_file_name, $inflight_rule_file_name, $exit_rule_file_name); } $st = @mysql_query($sql); if ($st) { $last_id = mysql_insert_id(); $goal_id = $last_id == 0 ? $goal_id : $last_id; $goal_opt = show_goal_opt($sequence_id, $goal_id); $return = array('sequence_id' => $sequence_id, 'goal_id' => $goal_id, 'goal_opt' => $goal_opt, 'sql' => $sql, 'status' => 0, 'msg' => 'Goal ' . $name . ' saved successfully.'); } else { $return = array('sequence_id' => $sequence_id, 'goal_id' => $goal_id, 'msg' => 'Error saving goal: ' . mysql_error(), 'sql' => $sql); } return $return; }
require_once 'lib/SohuOAuth.php'; $oauth = new SohuOAuth($config['tsohu_key'], $config['tsohu_se'], $r_dby['s_t'], $r_dby['s_s']); $url = 'http://api.t.sohu.com/statuses/update.json'; $oauth->post($url, array('status' => urlencode($a[0][0]))); } mysql_free_result($q_dby); } if ($config['is_tw'] > 0 && $config['tw_key'] != '' && $config['tw_se'] != '' && in_array('twitter', $am)) { $s_dby = sprintf('select s_t, s_s from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $aid, SQLString('twitter', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { require_once 'lib/twitterOAuth.php'; $twitter = new TwitterOAuth($config['tw_key'], $config['tw_se'], $r_dby['s_t'], $r_dby['s_s']); $t_c = $twitter->OAuthRequest('https://twitter.com/statuses/update.xml', array('status' => $a[0][0]), 'POST'); } mysql_free_result($q_dby); } if ($config['is_fb'] > 0 && $config['fb_se'] != '' && $config['fb_app_id'] != '' && in_array('facebook', $am)) { $s_dby = sprintf('select s_id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $aid, SQLString('facebook', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { require_once 'lib/facebook.php'; $fb = new facebookPHP($config['fb_app_id'], $config['fb_se'], $r_dby['s_t']); $fb->update($a[0][0]); } mysql_free_result($q_dby); } } }
$result = mysql_query($d_db) or die(''); if ($config['skin'] == $r_dbk['id']) { $u_db = sprintf('update %s set skin=0', $dbprefix . 'main'); $result = mysql_query($u_db) or die(''); } header('Location:./?m=setting&t=skin'); exit; } } else { $lp[0] = '<li><img src="images/skin_b.jpg" width="120" height="90" rel="' . $k . '|' . $v[0] . '" class="skin_img"/><br/>青青校园</li>'; } } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['path']) && file_exists('skin/' . $_POST['path'] . '/info.php') && !isset($lp[$_POST['path']])) { $path = $_POST['path']; require_once 'skin/' . $_POST['path'] . '/info.php'; $stitle = isset($s_title) ? htmlspecialchars($s_title, ENT_QUOTES) : ''; $sfile = isset($s_file) ? htmlspecialchars($s_file, ENT_QUOTES) : 'styles.css'; $i_db = sprintf('insert into %s (path, title, sfile) values (%s, %s, %s)', $dbprefix . 'skin', SQLString($path, 'text'), SQLString($stitle, 'text'), SQLString($sfile, 'text')); $result = mysql_query($i_db) or die(''); $e = 2; } else { $e = 1; } header('Location:./?m=setting&t=skin' . (isset($e) ? '&e=' . $e : '')); exit; } else { $a_msg = array(1 => '文件不存在或者样式已经安装过!', '新样式已添加。'); $content .= '<div class="msg_v" id="skin_msg"' . (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '>' . $a_msg[$_GET['e']] : ' style="display: none;">') . '</div>' . (isset($lp) ? '<div class="title">样式管理</div><div class="scontent"><ul id="skinlist">' . join('', $lp) . '</ul><div class="extr"></div></div><br/>' : '') . '<div class="title">添加样式</div><div class="lcontent"><form method="post" action="" class="btform" id="skinform"><div class="formline">skin/<input name="path" size="32" class="bt_input" rel="样式路径" />/info.php</div><div class="formline"><input type="submit" value="添加" class="button" /> <input type="reset" value="取消" class="button" /> <a href="http://www.piscdong.com/mini_class/?m=skin" rel="external">下载更多样式</a></div></form></div>'; } }
function getsync_c($ar) { global $config, $dbprefix; if ($config['is_sina'] > 0 && $config['sina_key'] != '' && $config['sina_se'] != '') { $s_dby = sprintf('select s_n from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('sina', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $a_sync_c[] = '<input type="checkbox" name="u_sina" value="1"/><a href="' . $r_dby['s_n'] . '" rel="external"><img src="images/i-sina.gif" alt="" title="新浪微博"/></a>'; } else { $a_sync_c[] = '<input type="checkbox" disabled="disabled" title="您还没有绑定新浪微博账号,点击图标设置"/><a href="?m=profile&t=sync&n=sina"><img src="images/i-sina.gif" alt="" title="新浪微博" title="您还没有绑定新浪微博账号,点击设置"/></a>'; } mysql_free_result($q_dby); } if ($config['is_tqq'] > 0 && ($config['is_utqq'] > 0 || $config['tqq_key'] != '' && $config['tqq_se'] != '')) { $s_dby = sprintf('select s_n from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('tqq', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $a_sync_c[] = '<input type="checkbox" name="u_tqq" value="1"/><a href="' . $r_dby['s_n'] . '" rel="external"><img src="images/i-tqq.gif" alt="" title="腾讯微博"/></a>'; } else { $a_sync_c[] = '<input type="checkbox" disabled="disabled" title="您还没有绑定腾讯微博账号,点击图标设置"/><a href="?m=profile&t=sync&n=tqq"><img src="images/i-tqq.gif" alt="" title="腾讯微博" title="您还没有绑定腾讯微博账号,点击设置"/></a>'; } mysql_free_result($q_dby); } if ($config['is_renren'] > 0 && $config['renren_key'] != '' && $config['renren_se'] != '') { $s_dby = sprintf('select s_n from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('renren', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $a_sync_c[] = '<input type="checkbox" name="u_renren" value="1"/><a href="' . $r_dby['s_n'] . '" rel="external"><img src="images/i-renren.gif" alt="" title="人人网"/></a>'; } else { $a_sync_c[] = '<input type="checkbox" disabled="disabled" title="您还没有绑定人人网账号,点击图标设置"/><a href="?m=profile&t=sync&n=renren"><img src="images/i-renren.gif" alt="" title="人人网" title="您还没有绑定人人网账号,点击设置"/></a>'; } mysql_free_result($q_dby); } if ($config['is_kx001'] > 0 && $config['kx001_key'] != '' && $config['kx001_se'] != '') { $s_dby = sprintf('select s_n from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('kx001', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $a_sync_c[] = '<input type="checkbox" name="u_kx001" value="1"/><a href="' . $r_dby['s_n'] . '" rel="external"><img src="images/i-kx001.gif" alt="" title="开心网"/></a>'; } else { $a_sync_c[] = '<input type="checkbox" disabled="disabled" title="您还没有绑定开心网账号,点击图标设置"/><a href="?m=profile&t=sync&n=kx001"><img src="images/i-kx001.gif" alt="" title="开心网" title="您还没有绑定开心网账号,点击设置"/></a>'; } mysql_free_result($q_dby); } if ($config['is_tsohu'] > 0 && ($config['is_utsohu'] > 0 || $config['tsohu_key'] != '' && $config['tsohu_se'] != '')) { $s_dby = sprintf('select s_n from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('tsohu', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $a_sync_c[] = '<input type="checkbox" name="u_tsohu" value="1"/><a href="' . $r_dby['s_n'] . '" rel="external"><img src="images/i-tsohu.gif" alt="" title="搜狐微博"/></a>'; } else { $a_sync_c[] = '<input type="checkbox" disabled="disabled" title="您还没有绑定搜狐微博账号,点击图标设置"/><a href="?m=profile&t=sync&n=tsohu"><img src="images/i-tsohu.gif" alt="" title="搜狐微博" title="您还没有绑定搜狐微博账号,点击设置"/></a>'; } mysql_free_result($q_dby); } if ($config['is_t163'] > 0 && $config['t163_key'] != '' && $config['t163_se'] != '') { $s_dby = sprintf('select s_n from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('t163', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $a_sync_c[] = '<input type="checkbox" name="u_t163" value="1"/><a href="' . $r_dby['s_n'] . '" rel="external"><img src="images/i-t163.gif" alt="" title="网易微博"/></a>'; } else { $a_sync_c[] = '<input type="checkbox" disabled="disabled" title="您还没有绑定网易微博账号,点击图标设置"/><a href="?m=profile&t=sync&n=t163"><img src="images/i-t163.gif" alt="" title="网易微博" title="您还没有绑定网易微博账号,点击设置"/></a>'; } mysql_free_result($q_dby); } if ($config['is_tw'] > 0 && $config['tw_key'] != '' && $config['tw_se'] != '') { $s_dby = sprintf('select s_n from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('twitter', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $a_sync_c[] = '<input type="checkbox" name="u_twitter" value="1"/><a href="http://twitter.com/' . $r_dby['s_n'] . '" rel="external"><img src="images/i-twitter.gif" alt="" title="Twitter"/></a>'; } else { $a_sync_c[] = '<input type="checkbox" disabled="disabled" title="您还没有绑定Twitter账号,点击图标设置"/><a href="?m=profile&t=sync&n=twitter"><img src="images/i-twitter.gif" alt="" title="Twitter" title="您还没有绑定Twitter账号,点击设置"/></a>'; } mysql_free_result($q_dby); } if ($config['is_fb'] > 0 && $config['fb_se'] != '' && $config['fb_app_id'] != '') { $s_dby = sprintf('select s_id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('facebook', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $a_sync_c[] = '<input type="checkbox" name="u_facebook" value="1"/><a href="http://www.facebook.com/profile.php?id=' . $r_dby['s_id'] . '" rel="external"><img src="images/i-facebook.gif" alt="" title="Facebook"/></a>'; } else { $a_sync_c[] = '<input type="checkbox" disabled="disabled" title="您还没有绑定Facebook账号,点击图标设置"/><a href="?m=profile&t=sync&n=facebook"><img src="images/i-facebook.gif" alt="" title="Facebook" title="您还没有绑定Facebook账号,点击设置"/></a>'; } mysql_free_result($q_dby); } if (isset($a_sync_c)) { return '<br/>发布到:' . join(' ', $a_sync_c); } }
$q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $io = new instagramPHP($config['instagram_key'], $config['instagram_se'], $r_dby['s_t']); $ia = $io->user($r_dby['s_id']); if (!isset($ia['meta']['error_type']) && isset($ia['data']['id']) && $ia['data']['id'] != '') { $is_sync = 1; $me_url = 'http://instagram.com/' . $ia['data']['username'] . '/'; if ($r_dby['s_n'] != $me_url || $r_dby['s_id'] != $ia['data']['id']) { $u_db = sprintf('update %s set s_n=%s, s_id=%s where id=%s', $dbprefix . 'm_sync', SQLString($me_url, 'text'), SQLString($ia['data']['id'], 'text'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } $content .= '当前已绑定Instagram账号<table width="200"><tr><td align="center"><img src="' . $ia['data']['profile_picture'] . '" alt=""/><br/><a href="' . $me_url . '" target="_blank">' . $ia['data']['username'] . '</a>(<a href="?m=profile&t=sync&n=' . $nct . '&lt=1">取消绑定</a>)</td></tr></table>'; $content .= '<br/><br/><form method="post" action=""><input type="checkbox" name="is_show" value="1"' . ($r_dby['is_show'] > 0 ? ' checked="checked"' : '') . '/>隐藏已绑定Instagram账号相关信息<br/><input type="submit" value="更新" class="button"/><input type="hidden" name="isl_instagram_h" value="' . $r_dby['id'] . '"/></form>'; } else { $d_db = sprintf('delete from %s where aid=%s and name=%s', $dbprefix . 'm_sync', $r_dbu['id'], SQLString($nct, 'text')); $result = mysql_query($d_db) or die(''); } } mysql_free_result($q_dby); if ($is_sync == 0) { $io = new instagramPHP($config['instagram_key'], $config['instagram_se']); $aurl = $io->login_url($config['site_url'] . 'instagram_callback.php'); $content .= '<a href="' . $aurl . '">点击此处和您的Instagram账号建立连接</a>'; } $content .= '<br/><br/>绑定Instagram账号后将实现以下功能:<ol><li>可以选取Instagram图片添加到照片视频</li><li>在<a href="?m=user&id=' . $r_dbu['id'] . '">用户信息</a>页面显示最新的Instagram图片</li</ol>'; break; } $content .= '</div>'; } else { $content .= '<div class="formline">管理员还没有' . ($pa == 9 ? '<a href="?m=setting&t=sync">' : '') . '开启绑定功能' . ($pa == 9 ? '</a>' : '') . '。</div>';
$u_db = sprintf('update %s set sticky=%s where id=%s', $dbprefix . 'topic', SQLString($sticky, 'int'), $r_dbl['id']); $result = mysql_query($u_db) or die(''); if ($r_dbl['mid'] > 0) { $coa = explode('[/]', $r_dbl['content']); $msg = $coa[0]; } else { $msg = $r_dbl['content']; } $ac = $pn . ' ' . ($sticky > 0 ? '' : '取消') . "置顶留言\r\r" . $r_dbl['name'] . ':' . $msg; setoinfo($ac, $r_dbl['id']); header('Location:?page=' . $page); exit; } if (isset($_GET['lid']) && $_GET['lid'] == $r_dbl['id']) { $lock = $r_dbl['is_lock'] > 0 ? 0 : 1; $u_db = sprintf('update %s set is_lock=%s where id=%s', $dbprefix . 'topic', SQLString($lock, 'int'), $r_dbl['id']); $result = mysql_query($u_db) or die(''); if ($r_dbl['mid'] > 0) { $coa = explode('[/]', $r_dbl['content']); $msg = $coa[0]; } else { $msg = $r_dbl['content']; } $ac = $pn . ' ' . ($lock > 0 ? '' : '取消') . "锁定留言\r\r" . $r_dbl['name'] . ':' . $msg; setoinfo($ac, $r_dbl['id']); header('Location:?page=' . $page); exit; } } if ($pa == 9 && $r_dbl['disp'] > 0) { $cm[] = ' <span class="del_n">已删除</span> <a href="?page=' . $page . '&pid=' . $r_dbl['id'] . '"><img src="images/o_4.gif" alt="" title="恢复"/></a>';
<p>Username: <input id="username" name="username" type="text" class="input" /></p> <p>Password: <input id="password" name="password" type="password" value="" class="input" /></p> <p><input id="submit" name="submit" type="submit" value="Log In" class="btn" /> <p><input id="authreq" name="authreq" type="hidden" value="false" /> </p> </form> </div> </body> </html> <!-- end of login screen --> <?php } else { // trying to authenticate user require_once "./include/config.inc"; $query = sprintf("SELECT * FROM user WHERE username = '******' and password = %s and status = 1 and site_admin = 1 ", mysql_real_escape_string($_POST['username']), SQLString($_POST['password'], "text")); $rt = @mysql_query($query, $indaba_dbh); if (mysql_num_rows($rt) == 1) { $user = mysql_fetch_assoc($rt); $_SESSION['authuser'] = $_POST['username']; $_SESSION['user_id'] = $user['id']; if (isset($_SESSION['ref'])) { header('Location: ' . $_SESSION['ref']); } else { header('Location: index.php'); } } else { header('Location: login.php'); } }
unset($result); $title = htmlspecialchars(trim($_POST['title']), ENT_QUOTES); $query = sprintf('insert into %s (title) values (%s)', $dbprefix . 'main', SQLString($title, 'text')); $result = mysql_query($query); echo '<li>写入新数据 ' . $dbprefix . 'main:<span style="font-weight:bold;color:#' . ($result == true ? '036;">成功' : 'f00;">失败') . '</span></li>'; unset($query); unset($result); $username = trim($_POST['username']); $password = enc_p(trim($_POST['password'])); $name = htmlspecialchars(trim($_POST['name']), ENT_QUOTES); $query = sprintf('insert into %s (username, password, name, power, regdate) values (%s, %s, %s, 9, %s)', $dbprefix . 'member', SQLString($username, 'text'), SQLString($password, 'text'), SQLString($name, 'text'), time()); $result = mysql_query($query); echo '<li>写入新数据 ' . $dbprefix . 'member:<span style="font-weight:bold;color:#' . ($result == true ? '036;">成功' : 'f00;">失败') . '</span></li>'; unset($query); unset($result); $query = sprintf('insert into %s (path, title, sfile) values (%s, %s, %s)', $dbprefix . 'skin', SQLString('blue', 'text'), SQLString('蓝色梦想', 'text'), SQLString('styles.css', 'text')); $result = mysql_query($query); echo '<li>写入新数据 ' . $dbprefix . 'skin:<span style="font-weight:bold;color:#' . ($result == true ? '036;">成功' : 'f00;">失败') . '</span></li>'; unset($query); unset($result); echo '</ul><input type="button" value="完成" class="button" onclick="location.href=\'../\';"/></div>'; writeText($l_file, time()); } else { ?> <div class="title">第2步:配置信息</div> <div class="lcontent"> <form method="post" onsubmit="if(document.form1.title.value=='' || document.form1.username.value=='' || document.form1.password.value=='' || document.form1.name.value==''){alert('请输入配置信息。');return false;}else if(document.form1.password.value!='' && document.form1.password.value!=document.form1.password2.value){alert('请确认密码。');return false;}" name="form1"> <table> <tr><td>标题:</td><td><input name="title" size="32"/></td></tr> <tr><td colspan="2">管理员信息</td></tr> <tr><td>用户名:</td><td><input name="username" size="32"/></td></tr>
if (isset($_GET['code']) && trim($_GET['code']) != '') { require_once 'lib/kaixin.php'; $db_o = new kaixinPHP($config['kx001_key'], $config['kx001_se']); $result = $db_o->access_token($config['site_url'] . 'kx001_callback.php', $_GET['code']); } if (isset($result['access_token']) && $result['access_token'] != '') { $s_t = $result['access_token']; $s_r = $result['refresh_token']; $edate = time() + $result['expires_in']; if ($c_log) { $ar = getainfo($_SESSION[$config['u_hash']], 'id, name'); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('kx001', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_t=%s, s_r=%s, edate=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_t, s_r, edate) values (%s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('kx001', 'text'), SQLString($s_t, 'text'), SQLString($s_r, 'text'), SQLString($edate, 'int')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($ar['name'] . ' 绑定了开心网', $ar['id']); } else { $_SESSION['kx001_login_u_t'] = $s_t; $_SESSION['kx001_login_u_r'] = $s_r; $_SESSION['kx001_login_u_edate'] = $edate; } } } header('Location:' . $u);
$jaid = isset($idb) ? $idb['aid'] : 0; $rela = isset($_POST['rela']) ? htmlspecialchars(trim($_POST['rela']), ENT_QUOTES) : ''; $email = htmlspecialchars(trim($_POST['email']), ENT_QUOTES); $s_dbu = sprintf('select id from %s where username=%s limit 1', $dbprefix . 'member', SQLString($username, 'text')); $q_dbu = mysql_query($s_dbu) or die(''); if (mysql_num_rows($q_dbu) > 0) { $e = 1; } else { $i_db = sprintf('insert into %s (username, password, name, status, regdate, gid, jaid, rela, email) values (%s, %s, %s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'member', SQLString($username, 'text'), SQLString($password, 'text'), SQLString($name, 'text'), SQLString($status, 'int'), time(), SQLString($gid, 'int'), SQLString($jaid, 'int'), SQLString($rela, 'text'), SQLString($email, 'text')); $result = mysql_query($i_db) or die(''); $nid = mysql_insert_id(); $i_db = sprintf('insert into %s (aid, datetime, ip_i, online) values (%s, %s, inet_aton(%s), 0)', $dbprefix . 'online', $nid, time(), SQLString(getIP(), 'text')); $result = mysql_query($i_db) or die(''); setsinfo($name . ' 新用户注册' . (isset($g_a[$gid]) ? ',身份:' . $g_a[$gid] : '') . (isset($idb) ? ',邀请人:<a href="?m=user&id=' . $idb['aid'] . '">' . $idb['name'] . '</a>' : '') . ($config['veri'] > 0 ? '' : ',等待审核') . ($rela != '' ? "\r\r" . $rela : ''), $nid); if (isset($_SESSION['login_sync_tn']) && $_SESSION['login_sync_tn'] != '' && isset($a_sync[$_SESSION['login_sync_tn']])) { $i_db = sprintf('insert into %s (aid, name, s_id, s_t, s_r, s_s, edate) values (%s, %s, %s, %s, %s, %s, %s)', $dbprefix . 'm_sync', $nid, SQLString($_SESSION['login_sync_tn'], 'text'), SQLString($_SESSION['login_sync_id'], 'text'), SQLString($_SESSION['login_sync_t'], 'text'), SQLString($_SESSION['login_sync_r'], 'text'), SQLString($_SESSION['login_sync_s'], 'text'), SQLString($_SESSION['login_sync_edate'], 'int')); $result = mysql_query($i_db) or die(''); $_SESSION['login_sync_tn'] = ''; $_SESSION['login_sync_id'] = ''; $_SESSION['login_sync_t'] = ''; $_SESSION['login_sync_r'] = ''; $_SESSION['login_sync_s'] = ''; $_SESSION['login_sync_u'] = ''; $_SESSION['login_sync_edate'] = 0; } if (isset($idb)) { $u_db = sprintf('update %s set jid=%s where id=%s', $dbprefix . 'invite', $nid, $idb['id']); $result = mysql_query($u_db) or die(''); } header('Location:./?m=login&e=3'); exit;
$rr_c = new renrenPHP($config['renren_key'], $config['renren_se'], $r_dby['s_t']); $st = $rr_c->getStatus($r_dby['s_id'], 5); if (is_array($st) && count($st) > 0) { foreach ($st as $v) { if (htmlspecialchars(trim($v['message']), ENT_QUOTES) != '') { echo '<div class="sync_list" style="background-image: url(images/i-renren.gif);">' . htmlspecialchars(trim($v['message']), ENT_QUOTES) . '</div>'; } } } } mysql_free_result($q_dby); } break; case 'instagram': if ($config['is_instagram'] > 0 && $config['instagram_key'] != '' && $config['instagram_se'] != '') { $s_dby = sprintf('select s_id, s_t, is_show from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $id, SQLString('instagram', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $max_id = isset($_GET['max_id']) && trim($_GET['max_id']) != '' ? trim($_GET['max_id']) : ''; $page = isset($_GET['page']) && intval($_GET['page']) > 0 ? intval($_GET['page']) : 1; $isp = isset($_GET['m']) && $_GET['m'] == '1' || $id != $_SESSION[$config['u_hash']] ? 1 : 0; $p_page = $isp > 0 ? '5' : '10'; if ($isp > 0) { $max_id = ''; $page = 1; } if ($r_dby['is_show'] == 0 || $isp == 0) { require_once 'lib/instagram.php'; $io = new instagramPHP($config['instagram_key'], $config['instagram_se'], $r_dby['s_t']); $ia = $io->user_media($r_dby['s_id'], $p_page, $max_id);
} $project = mysql_fetch_assoc($st); $project['logo_path'] = empty($project['logo_path']) ? '' : $project['logo_path']; $rt = array('project_owner' => $project['last_name'] . ", " . $project['first_name'], 'code_name' => $project['code_name'], 'description' => $project['description'], 'admin_user_id' => $project['admin_user_id'], 'organization_id' => $project['organization_id'], 'access_matrix_id' => $project['access_matrix_id'], 'view_matrix_id' => $project['view_matrix_id'], 'start_time' => $project['start_time'], 'close_time' => $project['close_time'], 'ready_to_start' => $project['ready_to_start'], 'study_period_id' => $project['study_period_id'], 'logo_path' => $project['logo_path'], 'is_active' => $project['is_active'], 'visibility' => $project['visibility'], 'sql' => $sql, 'query_status' => 0, 'query_msg' => ''); echo json_encode($rt); $_SESSION['current_project_id'] = $id; exit; } if (isset($_GET['action']) && $_GET['action'] == 'save_project') { $code_name = SQLString($_GET['code_name'], 'text'); $description = SQLString($_GET['description'], 'text'); $access_matrix_id = $_GET['access_matrix_id']; $view_matrix_id = $_GET['view_matrix_id']; $study_period_id = $_GET['study_period_id']; $start_time = SQLString($_GET['start_time'], 'text'); $close_time = SQLString($_GET['close_time'], 'text'); $admin_user_id = $_GET['admin_user_id']; $organization_id = $_GET['organization_id']; $is_active = $_GET['is_active']; $visibility = $_GET['visibility']; $id = $_GET['project_id']; if ($id == 0) { // INSERT $sql = sprintf("INSERT INTO project ( code_name, description, owner_user_id, creation_time, access_matrix_id, view_matrix_id, \n\t\t\t\t\t\t\t\t\t\t\t\tstart_time, close_time, study_period_id, status, admin_user_id, is_active, organization_id, visibility)\n\t\t\t\t\t\t\tVALUES (%s, %s, %d, now(), %d, %d, %s, %s, %d, 0, %d, %d, %d, %d)", $code_name, $description, $_SESSION['user_id'], $access_matrix_id, $view_matrix_id, $start_time, $close_time, $study_period_id, $admin_user_id, $is_active, $organization_id, $visibility); } else { // UPDATE $sql = sprintf("UPDATE project\n\t\t\t\t\t\t\tSET code_name = %s, description = %s, access_matrix_id = %d,\n\t\t\t\t\t\t\t\tview_matrix_id = %d, start_time = %s, close_time = %s, study_period_id = %d, \n\t\t\t\t\t\t\t\tadmin_user_id = %d, is_active = %d, organization_id = %d, visibility = %d\n\t\t\t\t\t\t\tWHERE id = %d", $code_name, $description, $access_matrix_id, $view_matrix_id, $start_time, $close_time, $study_period_id, $admin_user_id, $is_active, $organization_id, $visibility, $id); } $st = mysql_query($sql); if (!$st) { $rt['sql'] = $sql;
<?php /** * 迷你同学录 (http://mini_class.piscdong.com/) * (c)PiscDong studio (http://www.piscdong.com/) * * 程序完全免费,请保留这段代码。 * 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。 */ if ($c_log && isset($r_dbu) && $config['invnreg'] == 0) { $title .= '邀请朋友'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['invite_link']) && $_POST['invite_link'] == 1) { $code = md5(time() . $r_dbu['id'] . '|' . rand(1, 1000)); $i_db = sprintf('insert into %s (aid, datetime, code) values (%s, %s, %s)', $dbprefix . 'invite', $r_dbu['id'], time(), SQLString($code, 'text')); $result = mysql_query($i_db) or die(''); } header('Location:./?m=profile&t=invite'); exit; } else { $content .= '<div class="title">邀请朋友</div><div class="lcontent">'; $s_dbi = sprintf('select id, code from %s where aid=%s and jid=0 order by datetime desc', $dbprefix . 'invite', $r_dbu['id']); $q_dbi = mysql_query($s_dbi) or die(''); $r_dbi = mysql_fetch_assoc($q_dbi); if (mysql_num_rows($q_dbi) > 0) { $js_c .= ' $("img[name=\'del_img\']").click(function(){ if(confirm(\'确认要删除?\'))location.href=\'?m=profile&t=invite&did=\'+$(this).data(\'id\'); }); $(".invcode").mouseover(function(){ $(this).select();
<?php /** * 迷你同学录 (http://mini_class.piscdong.com/) * (c)PiscDong studio (http://www.piscdong.com/) * * 程序完全免费,请保留这段代码。 * 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。 */ if ($c_log && isset($r_dbu)) { $title .= '安全设置'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['question'])) { if (enc_p($_POST['password0']) == $r_dbu['password']) { $question = htmlspecialchars($_POST['question'], ENT_QUOTES); $answer = htmlspecialchars($_POST['answer'], ENT_QUOTES); $u_db = sprintf('update %s set question=%s, answer=%s where id=%s', $dbprefix . 'member', SQLString($question, 'text'), SQLString($answer, 'text'), $r_dbu['id']); $result = mysql_query($u_db) or die(''); $e = 1; } else { $e = 2; } } header('Location:./?m=profile&t=security' . (isset($e) ? '&e=' . $e : '')); exit; } else { $a_msg = array(1 => '个人资料已修改。', '当前密码错误!'); $content .= (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">安全设置</div><div class="lcontent"><form method="post" action="" class="btform" id="seform"><table><tr><td>当前密码:</td><td><input type="password" name="password0" size="32" class="bt_input" rel="当前密码" /></td></tr><tr><td>安全问题:</td><td><input name="question" size="32" value="' . $r_dbu['question'] . '" /></td></tr><tr><td>答案:</td><td><input name="answer" size="32" /></td></tr><tr><td colspan="2"><input type="submit" value="修改" class="button" /></td></tr></table></form></div>'; } }
$a_synl[] = array('instagram', 'Instagram'); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('instagram', 'text')); $q_dby = mysql_query($s_dby) or die(''); $is_syn['instagram'] = mysql_num_rows($q_dby) > 0 ? 1 : 0; mysql_free_result($q_dby); } if ($config['is_babab'] > 0 && ($config['is_ubabab'] > 0 || $config['babab_key'] != '')) { $a_synl[] = array('babab', '巴巴变'); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('babab', 'text')); $q_dby = mysql_query($s_dby) or die(''); $is_syn['babab'] = mysql_num_rows($q_dby) > 0 ? 1 : 0; mysql_free_result($q_dby); } if ($config['is_flickr'] > 0 && ($config['is_uflickr'] > 0 || $config['flickr_key'] != '')) { $a_synl[] = array('flickr', 'Flickr'); $s_dby = sprintf('select s_id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('flickr', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); $is_syn['flickr'] = mysql_num_rows($q_dby) > 0 ? 1 : 0; if ($is_syn['flickr'] > 0) { $content .= '<input type="hidden" id="flickr_key" value="' . $config['flickr_key'] . '"/><input type="hidden" id="flickr_id" value="' . $r_dby['s_id'] . '"/>'; } mysql_free_result($q_dby); } if (isset($a_synl)) { foreach ($a_synl as $v) { $js_c .= ' $("#getimg_' . $v[0] . '").click(function(){'; foreach ($a_synl as $vv) { $js_c .= ' $("#' . $vv[0] . '_sdiv").' . ($vv[0] == $v[0] ? 'show' : 'hide') . '();';
$thum = $_POST['thum'] != 1 ? 0 : 1; $maxsize = intval($_POST['maxsize']) > 0 ? intval($_POST['maxsize']) : 0; $filetype = htmlspecialchars(trim($_POST['filetype']), ENT_QUOTES); if ($_POST['avator_r'] > 0) { $avator = intval($_POST['avator_i']) > 1 ? intval($_POST['avator_i']) : 2; } else { $avator = 0; } $slink = $_POST['slink'] != 1 ? 0 : 1; $veri = $_POST['veri'] != 1 ? 0 : 1; $icp = htmlspecialchars(trim($_POST['icp']), ENT_QUOTES); $pagesize = intval($_POST['pagesize']) > 0 ? intval($_POST['pagesize']) : 20; $gid = isset($_POST['group']) && count($_POST['group']) ? join('|', $_POST['group']) : ''; $timefix = intval($_POST['timefix']); $ip = trim($_POST['ip']); $u_db = sprintf('update %s set title=%s, school=%s, classname=%s, open=%s, openreg=%s, invreg=%s, email=%s, smtp_server=%s, smtp_port=%s, smtp_email=%s, smtp_isa=%s, smtp_user=%s, smtp_pwd=%s, upload=%s, thum=%s, maxsize=%s, filetype=%s, avator=%s, slink=%s, veri=%s, icp=%s, pagesize=%s, gid=%s, timefix=\'%s\', ip=%s', $dbprefix . 'main', SQLString($title, 'text'), SQLString($school, 'text'), SQLString($classname, 'text'), $open, $openreg, $invreg, SQLString($email, 'int'), SQLString($smtp_server, 'text'), SQLString($smtp_port, 'text'), SQLString($smtp_email, 'text'), $smtp_isa, SQLString($smtp_user, 'text'), SQLString($smtp_pwd, 'text'), $upload, $thum, $maxsize, SQLString($filetype, 'text'), $avator, $slink, $veri, SQLString($icp, 'text'), $pagesize, SQLString($gid, 'text'), $timefix, SQLString($ip, 'text')); $result = mysql_query($u_db) or die(''); $e = 1; } header('Location:./?m=setting' . (isset($e) ? '&e=1' : '')); exit; } else { $a_msg = array(1 => '设置已修改。'); $content .= (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">班级设置</div><div class="lcontent"><form method="post" action="" class="btform" id="stform"><table><tr><td>标题:</td><td><input name="title" size="32" value="' . $config['title'] . '" class="bt_input" rel="标题" /></td></tr><tr><td>学校:</td><td><input name="school" size="32" value="' . $config['school'] . '" /></td></tr><tr><td>班级:</td><td><input name="classname" size="32" value="' . $config['classname'] . '" /></td></tr><tr><td>开放访问:</td><td><input name="open" type="radio" value="0"' . ($config['open'] == 0 ? ' checked="checked"' : '') . ' />是 <input name="open" type="radio" value="1"' . ($config['open'] == 1 ? ' checked="checked"' : '') . ' />否</td></tr><tr><td>开放注册:</td><td><input name="openreg" type="radio" value="0"' . ($config['openreg'] == 0 ? ' checked="checked"' : '') . ' />是 <input name="openreg" type="radio" value="1"' . ($config['openreg'] == 1 ? ' checked="checked"' : '') . ' />否</td></tr><tr><td>邀请注册:</td><td><input name="invreg" type="radio" value="0"' . ($config['invreg'] == 0 ? ' checked="checked"' : '') . ' />是 <input name="invreg" type="radio" value="1"' . ($config['invreg'] == 1 ? ' checked="checked"' : '') . ' />否</td></tr>'; if (isset($g_a) && count($g_a) > 0) { if ($config['gid'] != '') { $g_c = explode('|', $config['gid']); } $content .= '<tr><td>用户组:</td><td>'; foreach ($g_a as $k => $v) { $content .= '<input type="checkbox" name="group[]" value="' . $k . '"' . (isset($g_c) && in_array($k, $g_c) || $k == 0 ? ' checked="checked"' : '') . ($k == 0 ? ' disabled="disabled"' : '') . '/>' . $v . ' ';
<?php /** * 迷你同学录 (http://mini_class.piscdong.com/) * (c)PiscDong studio (http://www.piscdong.com/) * * 程序完全免费,请保留这段代码。 * 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。 */ if ($c_log && isset($r_dbu)) { $title .= '修改密码'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['password']) && $_POST['password'] != '') { if (enc_p($_POST['password0']) == $r_dbu['password']) { $u_db = sprintf('update %s set password=%s where id=%s', $dbprefix . 'member', SQLString(enc_p($_POST['password']), 'text'), $r_dbu['id']); $result = mysql_query($u_db) or die(''); $e = 1; } else { $e = 2; } } header('Location:./?m=profile&t=password' . (isset($e) ? '&e=' . $e : '')); exit; } else { $a_msg = array(1 => '密码已修改。', '当前密码错误!'); $content .= (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">修改密码</div><div class="lcontent"><form method="post" action="" class="btform_p" id="seform"><table><tr><td>当前密码:</td><td><input type="password" name="password0" size="32" class="bt_input" rel="当前密码" /></td></tr><tr><td>新密码:</td><td><input type="password" name="password" id="formpw" size="32" class="bt_input" rel="新密码" /></td></tr><tr><td>确认:</td><td><input type="password" name="password1" id="formpw1" size="32" /></td></tr><tr><td colspan="2"><input type="submit" value="修改" class="button" /></td></tr></table></form></div>'; } }
$s_dbu = sprintf('select id from %s where id=%s limit 1', $dbprefix . 'member', SQLString($_POST['id'], 'int')); $q_dbu = mysql_query($s_dbu) or die(''); $r_dbu = mysql_fetch_assoc($q_dbu); if (mysql_num_rows($q_dbu) > 0 && $r_dbu['answer'] == $answer) { $u_db = sprintf('update %s set password=%s where id=%s', $dbprefix . 'member', SQLString($password, 'text'), $r_dbu['id']); $result = mysql_query($u_db) or die(''); $e = 1; } else { $e = 2; } mysql_free_result($q_dbu); header('Location:./?m=lostpwd&e=' . $e); exit; } elseif (isset($_POST['username']) && trim($_POST['username']) != '') { $username = trim($_POST['username']); $s_dbu = sprintf('select id, question, answer from %s where username=%s limit 1', $dbprefix . 'member', SQLString($username, 'text')); $q_dbu = mysql_query($s_dbu) or die(''); $r_dbu = mysql_fetch_assoc($q_dbu); if (mysql_num_rows($q_dbu) > 0) { if ($r_dbu['answer'] != '') { $content .= '2步</div><div class="lcontent"><form method="post" action="" class="btform_p" id="lwform"><table><tr><td>安全问题:</td><td>' . $r_dbu['question'] . '</td></tr><tr><td>答案:</td><td><input name="answer" size="32" maxlength="20" class="bt_input" rel="答案" /></td></tr><tr><td>新密码:</td><td><input name="password" id="formpw" size="32" maxlength="20" type="password" class="bt_input" rel="新密码" /></td></tr><tr><td>确认:</td><td><input name="password1" id="formpw1" size="32" maxlength="20" type="password" /><input type="hidden" name="id" value="' . $r_dbu['id'] . '"/></td></tr>'; } else { header('Location:./?m=lostpw&e=3'); exit; } } else { header('Location:./?m=lostpw&e=4'); exit; } mysql_free_result($q_dbu); } else {
if (isset($_GET['code']) && trim($_GET['code']) != '') { require_once 'lib/instagram.php'; $io = new instagramPHP($config['instagram_key'], $config['instagram_se']); $result = $io->access_token($config['site_url'] . 'instagram_callback.php', $_GET['code']); } if (isset($result['access_token']) && $result['access_token'] != '') { $s_t = $result['access_token']; $s_id = $ia['user']['id']; if ($c_log) { $ar = getainfo($_SESSION[$config['u_hash']], 'id, name'); $d_db = sprintf('delete from %s where s_id=%s and aid<>%s and name=%s', $dbprefix . 'm_sync', SQLString($s_id, 'text'), $ar['id'], SQLString('instagram', 'text')); $result = mysql_query($d_db) or die(''); $s_dby = sprintf('select id from %s where aid=%s and name=%s limit 1', $dbprefix . 'm_sync', $ar['id'], SQLString('instagram', 'text')); $q_dby = mysql_query($s_dby) or die(''); $r_dby = mysql_fetch_assoc($q_dby); if (mysql_num_rows($q_dby) > 0) { $u_db = sprintf('update %s set s_id=%s, s_t=%s where id=%s', $dbprefix . 'm_sync', SQLString($s_id, 'text'), SQLString($s_t, 'text'), $r_dby['id']); $result = mysql_query($u_db) or die(''); } else { $i_db = sprintf('insert into %s (aid, name, s_id, s_t) values (%s, %s, %s, %s)', $dbprefix . 'm_sync', $ar['id'], SQLString('instagram', 'text'), SQLString($s_id, 'text'), SQLString($s_t, 'text')); $result = mysql_query($i_db) or die(''); } mysql_free_result($q_dby); setsinfo($ar['name'] . ' 绑定了Instagram', $ar['id']); } else { $_SESSION['instagram_login_u_id'] = $s_id; $_SESSION['instagram_login_u_t'] = $s_t; } } } header('Location:' . $u);
$is_douban = !isset($_POST['is_douban']) || $_POST['is_douban'] == 0 ? 0 : 1; $douban_key = htmlspecialchars($_POST['douban_key'], ENT_QUOTES); $douban_se = htmlspecialchars($_POST['douban_se'], ENT_QUOTES); $is_baidu = !isset($_POST['is_baidu']) || $_POST['is_baidu'] == 0 ? 0 : 1; $baidu_key = htmlspecialchars($_POST['baidu_key'], ENT_QUOTES); $baidu_se = htmlspecialchars($_POST['baidu_se'], ENT_QUOTES); $is_instagram = !isset($_POST['is_instagram']) || $_POST['is_instagram'] == 0 ? 0 : 1; $instagram_key = htmlspecialchars($_POST['instagram_key'], ENT_QUOTES); $instagram_se = htmlspecialchars($_POST['instagram_se'], ENT_QUOTES); $is_google = !isset($_POST['is_google']) || $_POST['is_google'] == 0 ? 0 : 1; $google_key = htmlspecialchars($_POST['google_key'], ENT_QUOTES); $google_se = htmlspecialchars($_POST['google_se'], ENT_QUOTES); $is_live = !isset($_POST['is_live']) || $_POST['is_live'] == 0 ? 0 : 1; $live_key = htmlspecialchars($_POST['live_key'], ENT_QUOTES); $live_se = htmlspecialchars($_POST['live_se'], ENT_QUOTES); $u_db = sprintf('update %s set is_qq=%s, qq_app_id=%s, qq_app_key=%s, is_tw=%s, tw_key=%s, tw_se=%s, is_fb=%s, fb_se=%s, fb_app_id=%s, is_flickr=%s, is_uflickr=%s, flickr_key=%s, is_sina=%s, sina_key=%s, sina_se=%s, is_tqq=%s, is_utqq=%s, tqq_key=%s, tqq_se=%s, is_t163=%s, t163_key=%s, t163_se=%s, is_tsohu=%s, is_utsohu=%s, tsohu_key=%s, tsohu_se=%s, is_babab=%s, is_ubabab=%s, babab_key=%s, is_kx001=%s, kx001_key=%s, kx001_se=%s, is_renren=%s, renren_key=%s, renren_se=%s, is_douban=%s, douban_key=%s, douban_se=%s, is_baidu=%s, baidu_key=%s, baidu_se=%s, is_instagram=%s, instagram_key=%s, instagram_se=%s, is_google=%s, google_key=%s, google_se=%s, is_live=%s, live_key=%s, live_se=%s', $dbprefix . 'main', $is_qq, SQLString($qq_app_id, 'text'), SQLString($qq_app_key, 'text'), $is_tw, SQLString($tw_key, 'text'), SQLString($tw_se, 'text'), $is_fb, SQLString($fb_se, 'text'), SQLString($fb_app_id, 'text'), $is_flickr, $is_uflickr, SQLString($flickr_key, 'text'), $is_sina, SQLString($sina_key, 'text'), SQLString($sina_se, 'text'), $is_tqq, $is_utqq, SQLString($tqq_key, 'text'), SQLString($tqq_se, 'text'), $is_t163, SQLString($t163_key, 'text'), SQLString($t163_se, 'text'), $is_tsohu, $is_utsohu, SQLString($tsohu_key, 'text'), SQLString($tsohu_se, 'text'), $is_babab, $is_ubabab, SQLString($babab_key, 'text'), $is_kx001, SQLString($kx001_key, 'text'), SQLString($kx001_se, 'text'), $is_renren, SQLString($renren_key, 'text'), SQLString($renren_se, 'text'), $is_douban, SQLString($douban_key, 'text'), SQLString($douban_se, 'text'), $is_baidu, SQLString($baidu_key, 'text'), SQLString($baidu_se, 'text'), $is_instagram, SQLString($instagram_key, 'text'), SQLString($instagram_se, 'text'), $is_google, SQLString($google_key, 'text'), SQLString($google_se, 'text'), $is_live, SQLString($live_key, 'text'), SQLString($live_se, 'text')); $result = mysql_query($u_db) or die(''); $e = 1; header('Location:./?m=setting&t=sync' . (isset($e) ? '&e=1' : '')); exit; } else { $phpv = phpversion(); $is_curl = function_exists('curl_init') ? 1 : 0; $is_json = function_exists('json_decode') ? 1 : 0; $a_msg = array(1 => '设置已修改。'); $content .= (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">绑定设置</div><div class="lcontent"><form method="post" action="">'; $content .= '<div class="sync_list" style="font-weight: bold;background-image: url(images/i-qq.gif);">绑定QQ</div> <div class="formline"> <span name="hs_cbt" data-id="qq_h|qq_s" class="mlink f_link">功能说明</span> <span name="hs_cbt" data-id="qq_s|qq_h" class="mlink f_link">环境要求</span> </div> <div class="formline" id="qq_s" style="display: none;">