$data .= $r['ali'] . ','; $data .= $r['msn'] . ','; $data .= $r['skype'] . ','; $data .= $r['address'] . ','; $data .= $r['postcode'] . ','; $data .= timetodate($r['regtime']) . ','; $data .= timetodate($r['logintime']) . ','; $data .= $r['logintimes'] . ','; $data .= $r['money'] . ','; $data .= $r['credit'] . ','; $data .= $r['sms'] . ','; $data .= $r['vip'] . ','; $data .= "\n"; } $data = convert($data, DT_CHARSET, 'GBK'); file_down('', 'contact.csv', $data); } if ($page > 1 && $sum) { $items = $sum; } else { $r = $db->get_one("SELECT COUNT(*) AS num FROM {$DT_PRE}member m,{$DT_PRE}company c WHERE {$condition}"); $items = $r['num']; } $pages = pages($items, $page, $pagesize); $members = array(); $result = $db->query("SELECT * FROM {$DT_PRE}member m,{$DT_PRE}company c WHERE {$condition} ORDER BY {$order} LIMIT {$offset},{$pagesize}"); while ($r = $db->fetch_array($result)) { $r['logindate'] = timetodate($r['logintime'], 5); $r['regdate'] = timetodate($r['regtime'], 5); $members[] = $r; }
<?php defined('IN_DESTOON') or exit('Access Denied'); if ($DT_BOT) { dhttp(403); } require DT_ROOT . '/module/' . $module . '/common.inc.php'; $data = "[InternetShortcut]\r\n"; $data .= "URL=" . DT_PATH . "?from=desktop\r\n"; $data .= "IconFile=" . DT_PATH . "favicon.ico\r\n"; $data .= "IconIndex=1"; $file = file_vname($DT['sitename'] . '.url'); $file = convert($file, DT_CHARSET, 'GBK'); file_down('', $file, $data);
function down_url($url) { if (islocal($url)) { file_down(local_file($url)); } else { header("location:{$url}"); } mexit(); }
file_put(DT_ROOT . '/file/mobile/' . $filename, trim($mail)); $page++; msg('文件' . $filename . '获取成功。<br/>请稍候,程序将自动继续...', '?moduleid=' . $moduleid . '&file=' . $file . '&action=' . $action . '&tb=' . urlencode($tb) . '&field=' . urlencode($field) . '&sql=' . urlencode(base64_encode($sql)) . '&num=' . $num . '&page=' . $page . '&random=' . urlencode($random) . '&make=1'); } else { msg('列表获取成功', '?moduleid=' . $moduleid . '&file=' . $file . '&action=list'); } } else { include tpl('sendsms_make', $module); } break; case 'download': $file_ext = file_ext($filename); if ($file_ext != 'txt') { msg('只能下载TxT文件'); } file_down(DT_ROOT . '/file/mobile/' . $filename); break; case 'upload': require DT_ROOT . '/include/upload.class.php'; $do = new upload($_FILES, 'file/mobile/', $uploadfile_name, 'txt'); $do->adduserid = false; if ($do->save()) { msg('上传成功', '?moduleid=' . $moduleid . '&file=' . $file . '&action=list'); } msg($do->errmsg); break; case 'delete': if (is_array($filenames)) { foreach ($filenames as $filename) { if (file_ext($filename) == 'txt') { @unlink(DT_ROOT . '/file/mobile/' . $filename);
if ($mail) { $filename = timetodate($DT_TIME, 'Ymd') . '_' . $random . '_' . $page . '.txt'; file_put(DT_ROOT . '/file/email/' . $filename, trim($mail)); $page++; msg('文件' . $filename . '获取成功。<br/>请稍候,程序将自动继续...', '?moduleid=' . $moduleid . '&file=' . $file . '&action=' . $action . '&tb=' . urlencode($tb) . '&field=' . urlencode($field) . '&sql=' . urlencode(base64_encode($sql)) . '&num=' . $num . '&page=' . $page . '&random=' . urlencode($random) . '&make=1'); } else { msg('列表获取成功', '?moduleid=' . $moduleid . '&file=' . $file . '&action=list'); } } else { include tpl('sendmail_make', $module); } break; case 'download': $file_ext = file_ext($filename); $file_ext == 'txt' or msg('只能下载TxT文件'); file_down(DT_ROOT . '/file/email/' . $filename); break; case 'upload': require DT_ROOT . '/include/upload.class.php'; $do = new upload($_FILES, 'file/email/', $uploadfile_name, 'txt'); $do->adduserid = false; if ($do->save()) { msg('上传成功', '?moduleid=' . $moduleid . '&file=' . $file . '&action=list'); } msg($do->errmsg); break; case 'delete': if (is_array($filenames)) { foreach ($filenames as $filename) { if (file_ext($filename) == 'txt') { @unlink(DT_ROOT . '/file/email/' . $filename);
if (is_array($filenames)) { foreach ($filenames as $filename) { if (fileext($filename) == 'sql') { @unlink('./data/' . $filename); } } } else { if (fileext($filenames) == 'sql') { @unlink('./data/' . $filenames); } } echo "<script>alert('Data deleted successfully!');location.href='save_data.php?action=import';</script>"; break; case 'down': $filename or message('文件名不能为空'); file_down('./data/' . $filename); break; case 'phpinfo': phpinfo(); exit; break; } function message($msg, $url_forward = './', $ms = 1250) { global $charset; include template("message"); exit; } function daddslashes($string, $force = 0) { global $magic_quotes_gpc;
break; case 'export': if (!$table) { msg(); } //$memory_limit = trim(@ini_get('memory_limit')); $sizelimit = 1024 * 1024; //Max 1G file_down('', $table . '.sql', sql_dumptable($table)); break; case 'download': $file_ext = file_ext($filename); if ($file_ext != 'sql') { msg('只能下载SQL文件'); } file_down($dir ? $D . $dir . '/' . $filename : $D . $filename); break; case 'delete': if (!is_array($filenames)) { $tmp = $filenames; $filenames = array(); $filenames[0] = $tmp; } foreach ($filenames as $filename) { if (file_ext($filename) == 'sql') { file_del($dir ? $D . $dir . '/' . $filename : $D . $filename); } else { if (is_dir($D . $filename)) { dir_delete($D . $filename); } }
adminlog(lang('db_tb_' . submitcheck('bdboptimize') ? 'optimize' : 'repair')); amessage('tableoperatefinish', '?entry=database&action=dboptimize'); } } elseif ($action == 'dbsql') { if (!submitcheck('bdbsql')) { url_nav(lang('dboperate'), $urlsarr, 'dbsql'); tabheader(lang('run_sql_code'), 'dbsql', '?entry=database&action=dbsql'); echo "<tr class=\"txt\"><td class=\"txtL w25B\">" . lang('im_sql_code_content') . "</td><td class=\"txtL\"><textarea rows=\"15\" name=\"sqlcode\" cols=\"100\"></textarea></td></tr>"; tabfooter('bdbsql'); a_guide('dbsql'); } else { empty($sqlcode) && amessage('inputsqlcode', '?entry=database&action=dbsql'); $sqlquery = splitsql(str_replace(array(' cms_', ' {tblprefix}', ' `cms_'), array(' ' . $tblprefix, ' ' . $tblprefix, ' `' . $tblprefix), $sqlcode)); $affected_rows = 0; foreach ($sqlquery as $sql) { if (trim($sql) != '') { $db->query(stripslashes($sql), 'SILENT'); if ($sqlerror = $db->error()) { break; } else { $affected_rows += intval($db->affected_rows()); } } } adminlog(lang('run_sql_code')); amessage('sqlresult', '?entry=database&action=dbsql', $affected_rows); } } elseif ($action == 'download' && $filename) { adminlog(lang('dl_db_backup_file')); file_down(M_ROOT . './dynamic/' . $backupdir . '/' . $filename); }
$names = parse_dict($tb); } } } $result = $db->query("SHOW COLUMNS FROM `{$sc_table}`"); while ($r = $db->fetch_array($result)) { $k = $r['Field']; $fields[$k]['name'] = $edit ? $_fields[$k]['name'] : ''; $fields[$k]['value'] = $edit ? $_fields[$k]['value'] : ''; } include tpl('data_config'); } break; case 'download': if ($name) { file_down(DT_ROOT . '/file/data/' . $name . '.php'); } msg(); break; case 'delete': if ($name) { file_del(DT_ROOT . '/file/data/' . $name . '.php'); file_del(DT_ROOT . '/file/data/' . $name . '.inc.php'); } dmsg('删除成功', '?file=' . $file); break; case 'view': $data = array(); @(include DT_ROOT . '/file/data/' . $name . '.php'); $data = dstripslashes($data); extract($data);
$sql = str_replace(' {$tblprefix}', " {$tblprefix}", $sql); $db->query($sql, 'SILENT'); if (($sqlerror = $db->error()) && $db->errno() != 1062) { $db->halt('MySQL Query Error', $sql); } } } } $db->query("REPLACE INTO {$tblprefix}mconfigs (varname, value, cftype) VALUES ('templatedir','{$tpltarget}','view')"); $db->query("INSERT INTO {$tblprefix}members (mid, mname, isfounder, password, email, checked) VALUES ('{$memberid}', '" . $curuser->info['mname'] . "', '1', '" . $curuser->info['password'] . "', '" . $curuser->info['email'] . "', '1');"); adminlog(lang('instwebscon')); rebuild_cache(-1); } } elseif ($action == 'download' && $filename) { adminlog(lang('downsyscondatfi')); file_down(M_ROOT . './dynamic/export/' . $filename); } function dircopy($source, $destination, $child = 1) { if (!is_dir($source)) { return false; } mmkdir($destination); $handle = dir($source); while ($entry = $handle->read()) { if ($entry != "." && $entry != "..") { if (is_dir($source . "/" . $entry)) { dircopy($source . "/" . $entry, $destination . "/" . $entry, $child); } else { copy($source . "/" . $entry, $destination . "/" . $entry); }
if (strpos($data, $post['title'] . '|' . $post['url']) === false) { $post = daddslashes($post); if ($do->add($post)) { $i++; } } } } } if ($i) { cache_keylink($item); } dmsg('添加成功' . $i . '条', '?file=' . $file . '&item=' . $item); break; case 'export': file_down('', 'keylink-' . $item . '.txt', $do->merge($item)); break; default: if ($submit) { if ($do->update($post)) { dmsg('更新成功', '?file=' . $file . '&item=' . $item); } else { msg($do->errmsg); } } else { $condition = ''; if ($kw) { $condition .= " AND (title LIKE '%{$keyword}%' OR url LIKE '%{$keyword}%')"; } $lists = $do->get_list($condition); $fid = isset($fid) ? intval($fid) : 0;
if (file_copy($template_root . '/' . $fileid . '.' . $bakid . '.bak', $template_root . '/' . $fileid . '.htm')) { dmsg('恢复成功', $this_forward); } msg('备份文件恢复失败'); break; case 'template_name': $fileid or exit('0'); $name or exit('0'); $name = convert($name, 'UTF-8', DT_CHARSET); template_name($fileid, $name); exit('1'); break; case 'download': $fileid or msg(); $file_ext = $bakid ? '.' . $bakid . '.bak' : '.htm'; file_down($template_root . '/' . $fileid . $file_ext); break; case 'delete': $fileid or msg(); $file_ext = $bakid ? '.' . $bakid . '.bak' : '.htm'; file_del($template_root . '/' . $fileid . $file_ext); if (!$bakid) { template_name(); } dmsg('删除成功', $this_forward); break; case 'cache': cache_clear('php', 'dir', 'tpl'); dmsg('更新成功', $this_forward); break; default:
msg('文件名不能为空'); } if (!$bakid) { msg('Invalid Request'); } if (file_copy($skin_root . $fileid . '.' . $bakid . '.bak', $skin_root . $fileid . '.css')) { dmsg('备份文件恢复成功', $this_forward); } dmsg('备份文件恢复失败'); break; case 'download': if (!$fileid) { msg('文件名不能为空'); } $file_ext = $bakid ? '.' . $bakid . '.bak' : '.css'; file_down($skin_root . $fileid . $file_ext); break; case 'delete': if (!$fileid) { msg('文件名不能为空'); } $file_ext = $bakid ? '.' . $bakid . '.bak' : '.css'; file_del($skin_root . $fileid . $file_ext); dmsg('文件删除成功', $this_forward); break; default: $files = $skins = $baks = array(); $files = glob($skin_root . '*.*'); if (!$files) { msg('风格文件不存在,请先创建', "?file={$file}&action=add"); }
} else { $black = $username; } $db->query("UPDATE {$DT_PRE}member SET black='{$black}' WHERE userid={$_userid}"); $chatid = get_chat_id($_username, $username); $db->query("DELETE FROM {$table} WHERE chatid='{$chatid}'"); dmsg('屏蔽成功', 'message.php?action=setting'); break; case 'down': if ($data) { $data = stripslashes(dsafe($data)); $css = file_get('image/chat.css'); $css = str_replace('#chat{width:auto;height:286px;overflow:auto;', '#chat{width:700px;margin:auto;', $css); $css = str_replace("url('", "url('" . $MOD['linkurl'] . "image/", $css); $data = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html;charset=' . DT_CHARSET . '"/><title>聊天记录</title><style type="text/css">' . $css . '</style><base href="' . $MOD['linkurl'] . '"/></head><body><div id="chat">' . $data . '</div></body></html>'; file_down('', 'chat_' . timetodate($DT_TIME, 'Y-m-d-H-i') . '.html', $data); } exit; break; case 'contact': check_name($touser) or dalert('不能与自己对话', 'goback'); $go = '?touser='******'&mid=' . $mid . '&itemid=' . $itemid . '&forward=' . $forward; if ($_username) { dheader($go); } $filename = get_chat_file(get_chat_id($chatuser, $touser)); if (is_file($filename)) { dheader($go); } require DT_ROOT . '/include/post.func.php'; strlen($truename) > 2 or dalert('请填写联系人', 'goback');
} else { dalert($L['not_mirror'], $linkurl); } } else { if ($local) { if ($MOD['upload'] && filesize($localfile) < $MOD['readsize'] * 1024 * 1024) { $ext = file_ext($localfile); if (!in_array($ext, explode('|', $MOD['upload'])) || in_array($ext, array('php', 'sql')) || strpos($localfile, './') !== false) { dheader($fileurl); } //Safe $title = file_vname($title); $title or dheader($fileurl); if (strpos($_SERVER['HTTP_USER_AGENT'], 'Chrome') !== false) { $title = convert($title, DT_CHARSET, 'UTF-8'); } if (strpos($_SERVER['HTTP_USER_AGENT'], 'Firefox') !== false) { $title = str_replace(' ', '_', $title); } if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false) { $title = convert($title, DT_CHARSET, 'GBK'); } $title or dheader($fileurl); file_down($localfile, $title . '.' . $ext); } else { dheader($fileurl); } } else { dheader($fileurl); } }
public function download() { $a_k = trim($_GET['a_k']); $pc_auth_key = md5(pc_base::load_config('system', 'auth_key') . $_SERVER['HTTP_USER_AGENT']); $a_k = sys_auth($a_k, 'DECODE', $pc_auth_key); if (empty($a_k)) { showmessage(L('illegal_parameters')); } unset($i, $m, $f, $t, $ip); parse_str($a_k); if (isset($i)) { $downid = intval($i); } if (!isset($m)) { showmessage(L('illegal_parameters')); } if (!isset($modelid)) { showmessage(L('illegal_parameters')); } if (empty($f)) { showmessage(L('url_invalid')); } if (!$i || $m < 0) { showmessage(L('illegal_parameters')); } if (!isset($t)) { showmessage(L('illegal_parameters')); } if (!isset($ip)) { showmessage(L('illegal_parameters')); } $starttime = intval($t); if (preg_match('/(php|phtml|php3|php4|jsp|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\\.|$)/i', $f) || strpos($f, ":\\") !== FALSE || strpos($f, '..') !== FALSE) { showmessage(L('url_error')); } $fileurl = trim($f); if (!$downid || empty($fileurl) || !preg_match("/[0-9]{10}/", $starttime) || !preg_match("/[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/", $ip) || $ip != ip()) { showmessage(L('illegal_parameters')); } $endtime = SYS_TIME - $starttime; if ($endtime > 3600) { showmessage(L('url_invalid')); } if ($m) { $fileurl = trim($s) . trim($fileurl); } //远程文件 if (strpos($fileurl, ':/') && strpos($fileurl, pc_base::load_config('system', 'upload_url')) === false) { header("Location: {$fileurl}"); } else { if ($d == 0) { header("Location: " . $fileurl); } else { $fileurl = str_replace(array(pc_base::load_config('system', 'upload_url'), '/'), array(pc_base::load_config('system', 'upload_path'), DIRECTORY_SEPARATOR), $fileurl); $filename = basename($fileurl); //处理中文文件 if (preg_match("/^([\\s\\S]*?)([�-�][@-�])([\\s\\S]*?)/", $fileurl)) { $filename = str_replace(array("%5C", "%2F", "%3A"), array("\\", "/", ":"), urlencode($fileurl)); $filename = urldecode(basename($filename)); } $ext = fileext($filename); $filename = date('Ymd_his') . random(3) . '.' . $ext; file_down($fileurl, $filename); } } }
/** * 备份文件下载 */ public function public_down() { $admin_founders = explode(',', pc_base::load_config('system', 'admin_founders')); if (!in_array($this->userid, $admin_founders)) { showmessage(L('only_fonder_operation')); } $datadir = $_GET['pdoname']; $filename = $_GET['filename']; $fileext = fileext($filename); if ($fileext != 'sql') { showmessage(L('only_sql_down')); } file_down(CACHE_PATH . 'bakup' . DIRECTORY_SEPARATOR . $datadir . DIRECTORY_SEPARATOR . $filename); }
break; case 'down': if ($data && check_name($username) && is_md5($chatid)) { $chat = $db->get_one("SELECT * FROM {$table} WHERE chatid='{$chatid}'"); if ($chat['fromuser'] == $_username) { $chat['touser'] == $username or exit; } else { $chat['fromuser'] == $username or exit; } $data = stripslashes(dsafe($data)); $css = file_get('image/chat.css'); $css = str_replace('#chat{width:auto;height:266px;overflow:auto;', '#chat{width:600px;margin:auto;', $css); $css = str_replace("url('", "url('" . $MOD['linkurl'] . "image/", $css); $data = str_replace('o<em></em>n', 'on', $data); $data = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html;charset=' . DT_CHARSET . '"/><title>' . lang($L['chat_record'], array($username)) . '</title><style type="text/css">' . $css . '</style><base href="' . $MOD['linkurl'] . '"/></head><body><div id="chat">' . $data . '</div></body></html>'; file_down('', 'chat-' . $username . '-' . timetodate($DT_TIME, 'Y-m-d-H-i') . '.html', $data); } exit; break; case 'list': $data = ''; $new = 0; $result = $db->query("SELECT * FROM {$table} WHERE fromuser='******' OR touser='******' ORDER BY lasttime DESC LIMIT 100"); while ($r = $db->fetch_array($result)) { if ($r['fromuser'] == $_username) { $r['user'] = $r['touser']; $r['new'] = $r['fnew']; } else { $r['user'] = $r['fromuser']; $r['new'] = $r['tnew']; }