public static function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0)
{
if (!getgpc($var)) {
return FALSE;
} else {
global $_G;
if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && $_GET['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
if (empty($_GET['phone_reg'])) {
if (checkperm('seccode')) {
if ($secqaacheck && !check_secqaa($_GET['secanswer'], $_GET['sechash'])) {
showmessage('submit_secqaa_invalid');
}
if ($seccodecheck && !check_seccode($_GET['seccodeverify'], $_GET['sechash'])) {
showmessage('submit_seccode_invalid');
}
}
}
return TRUE;
// For ios reg modify by heavenK
} elseif ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && !empty($_GET['phone_reg']) && empty($_SERVER['HTTP_X_FLASH_VERSION']) && empty($_SERVER['HTTP_REFERER'])) {
return TRUE;
} else {
//add by zh
if ($_GET['mod'] == 'sms' && $_GET['flag'] == 1) {
exit(lang('message', 'submit_invalid'));
} else {
showmessage('submit_invalid');
}
}
}
}
function index()
{
global $viewhelper;
$viewhelper->setPosition(L("apply_friendlink", "tpl"));
formhash();
render("friendlink");
}
function _init_env()
{
error_reporting(E_ERROR);
if (phpversion() < '5.3.0') {
set_magic_quotes_runtime(0);
}
define('MAGIC_QUOTES_GPC', function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc());
define('ICONV_ENABLE', function_exists('iconv'));
define('MB_ENABLE', function_exists('mb_convert_encoding'));
define('FORMHASH', formhash());
define('TIMESTAMP', time());
$_SERVER['HTTP_USER_AGENT'] = empty($_SERVER['HTTP_USER_AGENT']) ? '' : $_SERVER['HTTP_USER_AGENT'];
foreach ($GLOBALS as $key => $value) {
if (!isset($this->superglobal[$key])) {
$GLOBALS[$key] = null;
unset($GLOBALS[$key]);
}
}
global $_G;
$_G = array('uid' => 0, 'username' => 'Guest', 'formhash' => '', 'timestamp' => TIMESTAMP, 'starttime' => array_sum(explode(' ', microtime())), 'clientip' => $this->_get_client_ip(), 'referer' => '', 'charset' => '', 'timenow' => array(), 'cookiepre' => '', 'PHP_SELF' => '', 'siteurl' => '', 'siteroot' => '', 'authkey' => '', 'config' => array(), 'setting' => array('sitetheme' => 'default'), 'member' => array(), 'cookie' => array(), 'style' => array(), 'cache' => array());
$_G['PHP_SELF'] = htmlspecialchars($_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['PHP_SELF']);
$_G['basescript'] = CURSCRIPT;
$_G['basefilename'] = basename($_G['PHP_SELF']);
$_G['siteurl'] = htmlspecialchars('http://' . $_SERVER['HTTP_HOST'] . preg_replace("/\\/+(api)?\\/*\$/i", '', substr($_G['PHP_SELF'], 0, strrpos($_G['PHP_SELF'], '/'))) . '/');
$_G['siteroot'] = substr($_G['PHP_SELF'], 0, -strlen($_G['basefilename']));
}
public function uploadfile()
{
if ($_GET['from'] == 'swfupload') {
$uid = intval($_GET['uid']);
$username = trim($_GET['username']);
$token = sha1($uid . $username . formhash());
if (!$uid || !$username || $token != $_GET['token']) {
echo json_encode(array('state' => 0, 'info' => 'nologin'));
exit;
}
} else {
$this->_checkuser();
$uid = $this->uid;
}
$config = $GLOBALS['G']['config']['output'];
$upload = new Upload();
$attachment = 'attach/' . date('Y') . '/' . date('m') . '/' . $upload->setfilename();
if ($upload->save(ROOT_PATH . '/' . $config['attachdir'] . '/' . $attachment)) {
$attachdata = array('uid' => $uid, 'attachname' => $upload->oriname(), 'attachment' => $attachment, 'attachsize' => $upload->size(), 'attachtype' => $upload->type(), 'attachtime' => time());
$attachdata['attachid'] = $this->t('attachment')->insert($attachdata, true);
echo json_encode(array('state' => 1, 'data' => $attachdata));
exit;
} else {
echo json_encode(array('state' => 0, 'info' => 'Upload Failed(' . $upload->error . ')'));
exit;
}
}
public function global_footer()
{
global $_G, $_GET;
if (self::$securityStatus != TRUE) {
return false;
}
$formhash = formhash();
if ($_G['adminid']) {
$processName = 'securityOperate';
if (self::$isAdminGroup && !discuz_process::islocked($processName, 30)) {
$ajaxReportScript = <<<EOF
\t\t\t\t\t<script type='text/javascript'>
\t\t\t\t\tvar url = SITEURL + '/plugin.php?id=security:sitemaster';
\t\t\t\t\tvar x = new Ajax();
\t\t\t\t\tx.post(url, 'formhash={$formhash}', function(s){});
\t\t\t\t\t</script>
EOF;
}
}
$processName = 'securityRetry';
$time = 10;
if (!discuz_process::islocked($processName, $time)) {
if (C::t('#security#security_failedlog')->count()) {
$ajaxRetryScript = <<<EOF
\t\t\t\t\t<script type='text/javascript'>
\t\t\t\t\tvar urlRetry = SITEURL + '/plugin.php?id=security:job';
\t\t\t\t\tvar ajaxRetry = new Ajax();
\t\t\t\t\tajaxRetry.post(urlRetry, 'formhash={$formhash}', function(s){});
\t\t\t\t\t</script>
EOF;
}
}
return $ajaxReportScript . $ajaxRetryScript;
}
function setloginstatus($member, $cookietime)
{
global $_G;
$_G['uid'] = intval($member['uid']);
$_G['username'] = $member['username'];
$_G['adminid'] = $member['adminid'];
$_G['groupid'] = $member['groupid'];
$_G['formhash'] = formhash();
$_G['session']['invisible'] = getuserprofile('invisible');
$_G['member'] = $member;
loadcache('usergroup_' . $_G['groupid']);
C::app()->session->isnew = true;
C::app()->session->updatesession();
dsetcookie('auth', authcode("{$member['password']}\t{$member['uid']}", 'ENCODE'), $cookietime, 1, true);
dsetcookie('loginuser');
dsetcookie('activationauth');
dsetcookie('pmnum');
include_once libfile('function/stat');
updatestat('login', 1);
if (defined('IN_MOBILE')) {
updatestat('mobilelogin', 1);
}
if ($_G['setting']['connect']['allow'] && $_G['member']['conisbind']) {
updatestat('connectlogin', 1);
}
$rule = updatecreditbyaction('daylogin', $_G['uid']);
if (!$rule['updatecredit']) {
checkusergroup($_G['uid']);
}
}
function global_footer()
{
global $_G;
if (!$this->_secStatus) {
return false;
}
$formhash = formhash();
$ajaxReportScript = '';
$processName = 'securitOperate';
if ($this->isAdminGroup && !discuz_process::islocked($processName, 10)) {
$ajaxReportScript = <<<EOF
\t\t\t<script type='text/javascript'>
\t\t\tvar url = SITEURL + '/plugin.php?id=security:sitemaster';
\t\t\tvar x = new Ajax();
\t\t\tx.post(url, 'formhash={$formhash}', function(s){});
\t\t\t</script>
EOF;
}
$processName = 'securitRetry';
$time = 5;
if ($_G['gp_d']) {
$time = 1;
}
if (!discuz_process::islocked($processName, $time)) {
$ajaxRetryScript = <<<EOF
\t\t\t<script type='text/javascript'>
\t\t\tvar urlRetry = SITEURL + '/plugin.php?id=security:job';
\t\t\tvar ajaxRetry = new Ajax();
\t\t\tajaxRetry.post(urlRetry, 'formhash={$formhash}', function(s){});
\t\t\t</script>
EOF;
}
return $ajaxReportScript . $ajaxRetryScript;
}
public function onUsersGetFormHash($uId, $userAgent)
{
global $_G;
$uId = intval($uId);
if (!$uId) {
return false;
}
$member = getuserbyuid($uId, 1);
$_G['username'] = $member['username'];
$_G['uid'] = $member['uid'];
$_G['authkey'] = md5($_G['config']['security']['authkey'] . $userAgent);
return formhash();
}
function submitcheck($var)
{
$CI =& get_instance();
if ($CI->input->post($var) && $_SERVER['REQUEST_METHOD'] == 'POST') {
if ((empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])) && $CI->input->userdata('formhash') == formhash()) {
return true;
} else {
showmessage('submit_invalid');
}
} else {
return false;
}
}
function common_base()
{
global $_G;
if (!isset($_G['connect'])) {
$_G['connect']['url'] = 'http://connect.discuz.qq.com';
$_G['connect']['api_url'] = 'http://api.discuz.qq.com';
$_G['connect']['avatar_url'] = 'http://avatar.connect.discuz.qq.com';
// QZone公共分享页面URL
$_G['connect']['qzone_public_share_url'] = 'http://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey';
$_G['connect']['referer'] = !$_G['inajax'] && CURSCRIPT != 'member' ? $_G['basefilename'] . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : '') : dreferer();
// 微薄公共分享Appkey
$_G['connect']['weibo_public_appkey'] = 'ce7fb946290e4109bdc9175108b6db3a';
// 新版Connect登录本地代理页
$_G['connect']['login_url'] = $_G['siteurl'] . 'connect.php?mod=login&op=init&referer=' . urlencode($_G['connect']['referer'] ? $_G['connect']['referer'] : 'index.php');
// 新版Connect本地Callback代理页
$_G['connect']['callback_url'] = $_G['siteurl'] . 'connect.php?mod=login&op=callback';
// 发feed js通知本地代理页
$_G['connect']['discuz_new_feed_url'] = $_G['siteurl'] . 'connect.php?mod=feed&op=new&formhash=' . formhash();
$_G['connect']['discuz_new_post_feed_url'] = $_G['siteurl'] . 'connect.php?mod=feed&op=new&action=post&formhash=' . formhash();
// 发分享js通知本地代理页
//$_G['connect']['discuz_new_share_url'] = $_G['siteurl'].'connect.php?mod=share&op=new';
$_G['connect']['discuz_new_share_url'] = $_G['siteurl'] . 'home.php?mod=spacecp&ac=plugin&id=qqconnect:spacecp&pluginop=new';
// 分享到微博后的回流处理地址
$_G['connect']['discuz_sync_tthread_url'] = $_G['siteurl'] . 'home.php?mod=spacecp&ac=plugin&id=qqconnect:spacecp&pluginop=sync_tthread&formhash=' . formhash();
// 更换QQ号登录本地代理页
$_G['connect']['discuz_change_qq_url'] = $_G['siteurl'] . 'connect.php?mod=login&op=change';
// QC授权项对应关系
$_G['connect']['auth_fields'] = array('is_user_info' => 1, 'is_feed' => 2);
if ($_G['uid']) {
dsetcookie('connect_is_bind', $_G['member']['conisbind'], 31536000);
if (!$_G['member']['conisbind'] && $_G['cookie']['connect_login']) {
$_G['cookie']['connect_login'] = 0;
dsetcookie('connect_login');
}
}
// QQ互联游客更换用户名为QQ昵称
if (!$_G['uid'] && $_G['connectguest']) {
if ($_G['cookie']['connect_qq_nick']) {
$_G['member']['username'] = $_G['cookie']['connect_qq_nick'];
} else {
$connectGuest = C::t('#qqconnect#common_connect_guest')->fetch($conopenid);
if ($connectGuest['conqqnick']) {
$_G['member']['username'] = $connectGuest['conqqnick'];
}
}
}
if ($this->allow && !$_G['uid'] && !defined('IN_MOBILE')) {
$_G['setting']['pluginhooks']['global_login_text'] = tpl_login_bar();
}
}
}
function setloginstatus($member, $cookietime)
{
global $_G;
$_G['uid'] = $member['uid'];
$_G['username'] = $member['username'];
$_G['adminid'] = $member['adminid'];
$_G['groupid'] = $member['groupid'];
$_G['formhash'] = formhash();
$_G['session']['invisible'] = getuserprofile('invisible');
$_G['member'] = $member;
$_G['core']->session->isnew = 1;
dsetcookie('auth', authcode("{$member['password']}\t{$member['uid']}", 'ENCODE'), $cookietime, 1, true);
dsetcookie('loginuser');
dsetcookie('activationauth');
dsetcookie('pmnum');
}
function setloginstatus($member, $cookietime)
{
global $_G;
foreach ($_G['cookie'] as $k => $v) {
dsetcookie($k);
}
$_G['uid'] = $member['uid'];
$_G['username'] = addslashes($member['username']);
$_G['adminid'] = $member['adminid'];
$_G['groupid'] = $member['groupid'];
$_G['formhash'] = formhash();
$_G['session']['invisible'] = getuserprofile('invisible');
$_G['member'] = $member;
$discuz =& discuz_core::instance();
$discuz->session->isnew = true;
dsetcookie('auth', authcode("{$member['password']}\t{$member['uid']}", 'ENCODE'), $cookietime, 1, true);
dsetcookie('loginuser');
dsetcookie('activationauth');
dsetcookie('pmnum');
}
public static function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0)
{
if (!getgpc($var)) {
return FALSE;
} else {
global $_G;
if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && $_GET['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || strncmp($_SERVER['HTTP_REFERER'], 'http://wsq.discuz.qq.com', 24) === 0 || strncmp($_SERVER['HTTP_REFERER'], 'http://m.wsq.qq.com', 19) === 0 || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
if (checkperm('seccode')) {
if ($secqaacheck && !check_secqaa($_GET['secanswer'], $_GET['secqaahash'])) {
showmessage('submit_secqaa_invalid');
}
if ($seccodecheck && !check_seccode($_GET['seccodeverify'], $_GET['seccodehash'], 0, $_GET['seccodemodid'])) {
showmessage('submit_seccode_invalid');
}
}
return TRUE;
} else {
showmessage('submit_invalid');
}
}
}
function output()
{
global $_G;
parse_str($_G['messageparam'][1], $p);
$variable = array('auth' => $p['auth']);
if ($_G['uid']) {
require_once DISCUZ_ROOT . './source/plugin/wechat/wsq.class.php';
if (method_exists('wsq', 'userloginUrl')) {
$_source = isset($_GET['_source']) ? $_GET['_source'] : '';
if (!$_source && !empty($_GET['openid']) && !empty($_GET['openidsign'])) {
$variable['loginUrl'] = wsq::userloginUrl($_G['uid'], $_GET['openid'], $_GET['openidsign']);
if (!C::t('#wechat#common_member_wechatmp')->fetch($_G['uid'])) {
C::t('#wechat#common_member_wechatmp')->insert(array('uid' => $_G['uid'], 'openid' => $_GET['openid'], 'status' => 1), false, true);
}
} else {
$variable['loginUrl'] = wsq::userloginUrl2($_G['uid']);
}
}
}
$variable['formhash'] = formhash();
mobile_core::result(mobile_core::variable($variable));
}
">友情链接</a> |
<a href="<?php
echo S_URL;
?>
/html/49/n-17649.html">版权声明</a> |
<a href="<?php
echo S_URL;
?>
/html/48/n-17648.html">联系我们</a>
</p>
<form action="<?php
echo S_URL;
?>
/batch.search.php" method="post">
<input type="hidden" name="formhash" value="<?php
echo formhash();
?>
" />
<input type="hidden" name="searchname" id="searchname" value="subject" />
<p class="footer_search">
<select name="searchtxt" id="searchtxt" onchange="changetype();">
<option value="标题">标题</option>
<option value="内容">内容</option>
<option value="作者">作者</option>
</select>
<input class="input_tx" type="text" value="" name="searchkey" size="30"/>
<input class="input_search" type="submit" value="搜索" name="searchbtn"/>
</p>
</form>
</div>
<div class="copyright">
showmessage('forum_usertag_set_continue', '', array('limit' => $limit, 'next' => min($limit + $per, $count), 'count' => $count), array('alert' => 'right'));
}
showmessage('forum_usertag_succeed', '', array(), array('alert' => 'right'));
} else {
showmessage('parameters_error', '', array('haserror' => 1));
}
}
} else {
showmessage('parameters_error', '', array('haserror' => 1));
}
include_once template("forum/usertag");
} elseif ($_GET['action'] == 'postreview') {
if (!$_G['setting']['repliesrank'] || empty($_G['uid'])) {
showmessage('to_login', null, array(), array('showmsg' => true, 'login' => 1));
}
if (empty($_GET['hash']) || $_GET['hash'] != formhash()) {
showmessage('submit_invalid');
}
$doArray = array('support', 'against');
$post = C::t('forum_post')->fetch('tid:' . $_GET['tid'], $_GET['pid'], false);
if (!in_array($_GET['do'], $doArray) || empty($post) || $post['first'] == 1 || $_G['setting']['threadfilternum'] && $_G['setting']['filterednovote'] && getstatus($post['status'], 11)) {
showmessage('undefined_action', NULL);
}
$hotreply = C::t('forum_hotreply_number')->fetch_by_pid($post['pid']);
if ($_G['uid'] == $post['authorid']) {
showmessage('noreply_yourself_error', '', array(), array('msgtype' => 3));
}
if (empty($hotreply)) {
$hotreply['pid'] = C::t('forum_hotreply_number')->insert(array('pid' => $post['pid'], 'tid' => $post['tid'], 'support' => 0, 'against' => 0, 'total' => 0), true);
} else {
if (C::t('forum_hotreply_member')->fetch($post['pid'], $_G['uid'])) {
echo ' <a href="/">返回首页</a>';
exit;
}
*/
if ($cur_user) {
header('location: /');
exit;
} else {
if ($options['close_register']) {
header('location: /login');
exit;
}
}
$errors = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (empty($_SERVER['HTTP_REFERER']) || $_POST['formhash'] != formhash() || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) !== preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])) {
exit('403: unknown referer.');
}
$name = addslashes(strtolower(trim($_POST["name"])));
$pw = addslashes(trim($_POST["pw"]));
$pw2 = addslashes(trim($_POST["pw2"]));
$seccode = intval(trim($_POST["seccode"]));
if ($name && $pw && $pw2 && $seccode) {
if ($pw === $pw2) {
if (strlen($name) < 21 && strlen($pw) < 32) {
//检测字符
if (preg_match('/^[a-zA-Z0-9\\x80-\\xff]{4,20}$/i', $name)) {
if (preg_match('/^[0-9]{4,20}$/', $name)) {
$errors[] = '名字不能全为数字';
} else {
error_reporting(0);
<?php
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: evilnotice.inc.php 33944 2013-09-04 07:33:32Z nemohou $
*/
if (!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if ($_G['adminid'] <= 0) {
exit('Access Denied');
}
if ($_GET['formhash'] != formhash()) {
exit('Access Denied');
}
$count = empty($_G['cookie']['evilnotice']) ? C::t('#security#security_eviluser')->count_by_day() : 0;
include template('common/header_ajax');
if ($count) {
echo '<div class="bm"><div class="bm_h cl"><a href="javascript:;" onclick="$(\'evil_notice\').style.display=\'none\';setcookie(\'evilnotice\', 1, 86400)" class="y" title="' . lang('plugin/security', 'notice_close') . '">' . lang('plugin/security', 'notice_close') . '</a>';
echo '<h2 class="i">' . lang('plugin/security', 'notice_title') . '</h2></div><div class="bm_c">';
echo '<div class="cl bbda pbm">' . lang('plugin/security', 'notice_memo', array('count' => $count)) . '</div>';
echo '<div class="ptn cl"><a href="admin.php?action=cloud&operation=security&anchor=member" class="xi2 y">' . lang('plugin/security', 'notice_link') . ' »</a></div>';
echo '</div></div>';
}
include template('common/footer_ajax');
function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0)
{
if (empty($GLOBALS[$var])) {
return FALSE;
} else {
global $_SERVER, $seclevel, $seccode, $seccodedata, $seccodeverify, $secanswer, $_DCACHE, $_DCOOKIE, $timestamp, $discuz_uid;
if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && $GLOBALS['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
if ($seccodecheck) {
if (!$seclevel) {
$key = $seccodedata['type'] != 3 ? '' : $_DCACHE['settings']['authkey'] . date('Ymd');
list($seccode, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secc'], 'DECODE', $key));
if ($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) {
showmessage('submit_seccode_invalid');
}
dsetcookie('secc', '');
} else {
$tmp = substr($seccode, 0, 1);
}
seccodeconvert($seccode);
if (strtoupper($seccodeverify) != $seccode) {
showmessage('submit_seccode_invalid');
}
$seclevel && ($seccode = random(6, 1) + $tmp * 1000000);
}
if ($secqaacheck) {
if (!$seclevel) {
list($seccode, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secq'], 'DECODE'));
if ($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) {
showmessage('submit_secqaa_invalid');
}
dsetcookie('secq', '');
}
require_once DISCUZ_ROOT . './forumdata/cache/cache_secqaa.php';
if (md5($secanswer) != $_DCACHE['secqaa'][substr($seccode, 0, 1)]['answer']) {
showmessage('submit_secqaa_invalid');
}
$seclevel && ($seccode = random(1, 1) * 1000000 + substr($seccode, -6));
}
return TRUE;
} else {
showmessage('submit_invalid');
}
}
}
<?php
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: misc_initsys.php 27433 2012-01-31 08:16:01Z monkey $
*/
if (!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!($_G['adminid'] == 1 && $_GET['formhash'] == formhash()) && $_G['setting']) {
exit('Access Denied');
}
require_once libfile('function/cache');
updatecache();
require_once libfile('function/block');
blockclass_cache();
if ($_G['config']['output']['tplrefresh']) {
cleartemplatecache();
}
$plugins = array('qqconnect', 'cloudstat', 'soso_smilies', 'cloudsearch', 'qqgroup', 'security', 'xf_storage', 'mobile');
$opens = array('mobile');
require_once libfile('function/plugin');
require_once libfile('function/admincp');
foreach ($plugins as $pluginid) {
$importfile = DISCUZ_ROOT . './source/plugin/' . $pluginid . '/discuz_plugin_' . $pluginid . '.xml';
if (!file_exists($importfile)) {
continue;
}
$importtxt = @implode('', file($importfile));
//点评
$clickuserlist = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('clickuser') . "\n\t\tWHERE id='{$id}' AND idtype='{$idtype}'\n\t\tORDER BY dateline DESC\n\t\tLIMIT 0,18");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
realname_set($value['uid'], $value['username']);
//实名
$value['clickname'] = $clicks[$value['clickid']]['name'];
$clickuserlist[] = $value;
}
//热点
$topic = topic_get($bwzt['topicid']);
//实名
realname_get();
$_TPL['css'] = 'bwzt';
//include_once template("space_bwzt_view");
$commenttip = array("commentsubmit" => true, "formhash" => formhash(), "id" => $bwzt[bwztid], "idtype" => "bwztid", "message" => "", "refer" => "");
$bwzt["replylist"] = $list;
$bwzt["comment"] = $commenttip;
//增加发布者头像地址
$bwzt['avatar_url'] = avatar($bwzt['uid'], 'middle', TRUE);
$bwzt['message'] = strip_tags($bwzt['message']);
//剥去字符串中的 HTML 标签
capi_showmessage_by_data("do_success", 0, array('bwzt' => $bwzt));
} else {
//分页
$perpage = 10;
$perpage = mob_perpage($perpage);
$start = ($page - 1) * $perpage;
//检查开始数
ckstart($start, $perpage);
//摘要截取
function submitcheck($var)
{
if (!empty($_POST[$var]) && $_SERVER['REQUEST_METHOD'] == 'POST') {
if ((empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])) && $_POST['formhash'] == formhash()) {
return true;
} else {
showmessage('submit_invalid');
}
} else {
return false;
}
}
#
# Site: http://www.google.com
#
# $Id: seo.inc.php 121 2014-03-04 12:38:05Z along $
#
# Copyright (C) 2008-2014 PHPDisk Team. All Rights Reserved.
#
*/
if (!defined('IN_PHPDISK') || !defined('IN_ADMINCP')) {
exit('[PHPDisk] Access Denied');
}
admin_no_power($task, 31, $pd_uid);
switch ($action) {
default:
if ($task == 'update_setting') {
form_auth(gpc('formhash', 'P', ''), formhash());
$meta_title = trim(gpc('meta_title', 'P', ''));
$meta_keywords = trim(gpc('meta_keywords', 'P', ''));
$meta_description = trim(gpc('meta_description', 'P', ''));
$meta_title2 = trim(gpc('meta_title2', 'P', ''));
$meta_keywords2 = trim(gpc('meta_keywords2', 'P', ''));
$meta_description2 = trim(gpc('meta_description2', 'P', ''));
$meta_title3 = trim(gpc('meta_title3', 'P', ''));
$meta_keywords3 = trim(gpc('meta_keywords3', 'P', ''));
$meta_description3 = trim(gpc('meta_description3', 'P', ''));
$meta_title_s = trim(gpc('meta_title_s', 'P', ''));
$meta_keywords_s = trim(gpc('meta_keywords_s', 'P', ''));
$meta_description_s = trim(gpc('meta_description_s', 'P', ''));
$meta_title_v = trim(gpc('meta_title_v', 'P', ''));
$meta_keywords_v = trim(gpc('meta_keywords_v', 'P', ''));
$meta_description_v = trim(gpc('meta_description_v', 'P', ''));
<?php
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: connect_feed.php 32449 2013-01-17 09:11:53Z liulanbo $
*/
if (!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (trim($_GET['formhash']) != formhash()) {
exit('Access Denied');
}
$params = $_GET;
$op = !empty($_GET['op']) ? $_GET['op'] : '';
$action = !empty($_GET['action']) ? $_GET['action'] : 'thread';
if (!in_array($op, array('new'))) {
$connectService->connectJsOutputMessage('', 'undefined_action', 1);
}
if ($op == 'new') {
if ($action == 'thread') {
$tid = trim(intval($_GET['thread_id']));
if (empty($tid)) {
$connectService->connectJsOutputMessage('', 'connect_thread_id_miss', 1);
}
$connectService->connectMergeMember();
$post = C::t('forum_post')->fetch_threadpost_by_tid_invisible($tid, 0);
$thread = C::t('forum_thread')->fetch_by_tid_displayorder($tid, 0);
$feedlog = C::t('#qqconnect#connect_feedlog')->fetch_by_tid($thread['tid']);
if ($_G['uid'] != $thread['authorid']) {
if (!get_magic_quotes_gpc()) {
$_GET = saddslashes($_GET);
$_POST = saddslashes($_POST);
}
ob_start();
$theurl = 'index.php';
$sqlfile = S_ROOT . './data/install.sql';
if (!file_exists($sqlfile)) {
show_msg('请上传最新的 install.sql 数据库结构文件到程序的 ./data 目录下面,再重新运行本程序', 999);
}
$configfile = S_ROOT . './config.php';
//变量
$step = empty($_GET['step']) ? 0 : intval($_GET['step']);
$action = empty($_GET['action']) ? '' : trim($_GET['action']);
$nowarr = array('', '', '', '', '', '', '');
$formhash = formhash();
$lockfile = S_ROOT . './data/install.lock';
if (file_exists($lockfile)) {
show_msg('警告!您已经安装过SupeSite<br>
为了保证数据安全,请立即手动删除 install/index.php 文件<br>
如果您想重新安装SupeSite,请删除 data/install.lock 文件,再次运行安装文件');
}
//检查config是否可写
if (!@($fp = fopen($configfile, 'a'))) {
show_msg("文件 {$configfile} 读写权限设置错误,请设置为可写,再执行安装程序");
} else {
@fclose($fp);
}
//提交处理
if (submitcheck('ucsubmit')) {
//安装UC配置
public function global_footer()
{
global $_G, $_GET;
if (self::$securityStatus != TRUE) {
return false;
}
$formhash = formhash();
if ($_G['adminid']) {
$processName = 'securityOperate';
if (self::$isAdminGroup && !discuz_process::islocked($processName, 30)) {
$ajaxReportScript = <<<EOF
\t\t\t\t\t<script type='text/javascript'>
\t\t\t\t\tvar url = SITEURL + '/plugin.php?id=security:sitemaster';
\t\t\t\t\tvar x = new Ajax();
\t\t\t\t\tx.post(url, 'formhash={$formhash}', function(s){});
\t\t\t\t\t</script>
EOF;
}
}
$processName = 'securityRetry';
$time = 10;
if (!discuz_process::islocked($processName, $time)) {
if (C::t('#security#security_failedlog')->count()) {
$ajaxRetryScript = <<<EOF
\t\t\t\t\t<script type='text/javascript'>
\t\t\t\t\tvar urlRetry = SITEURL + '/plugin.php?id=security:job';
\t\t\t\t\tvar ajaxRetry = new Ajax();
\t\t\t\t\tajaxRetry.post(urlRetry, 'formhash={$formhash}', function(s){});
\t\t\t\t\t</script>
EOF;
}
}
if ($_G['setting']['connect']['allow'] && !$_G['uid'] && $_G['setting']['security_qqlogin_alone']) {
$loginboxdisappear = <<<EOF
\t\t\t\t<script type="text/javascript">
\t\t\t\tif(\$('lsform')) {
\t\t\t\t\tvar divs = \$('lsform').getElementsByTagName('div');
\t\t\t\t\tfor(i in divs) {
\t\t\t\t\t\tif(divs[i] && divs[i].className == 'y pns') {
\t\t\t\t\t\t\tdivs[i].style.display = 'none';
\t\t\t\t\t\t}
\t\t\t\t\t\tif(divs[i] && divs[i].className == 'fastlg_fm y') {
\t\t\t\t\t\t\tdivs[i].style.borderWidth = '0px';
\t\t\t\t\t\t}
\t\t\t\t\t}
\t\t\t\t}
\t\t\t\t</script>
EOF;
if (!(CURMODULE == 'connect' && $_G['connectguest'])) {
$_G['connect']['referer'] = !$_G['inajax'] && CURSCRIPT != 'member' ? $_G['basefilename'] . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : '') : dreferer();
$_G['connect']['login_url'] = $_G['siteurl'] . 'connect.php?mod=login&op=init&referer=' . urlencode($_G['connect']['referer'] ? $_G['connect']['referer'] : 'index.php');
$loginstr = '<div class="rfm bw0"><table><tr><th>' . lang('plugin/security', 'quicklogin') . ': </th><td><a href="' . $_G['connect']['login_url'] . '&statfrom=login" target="_top" rel="nofollow"><img src="' . IMGDIR . '/qq_login.gif" class="vm" /></a></td></tr></table></div>';
$loginboxdisappear .= <<<EOF
\t\t\t\t<script type="text/javascript">
\t\t\t\tvar loginform = document.getElementsByTagName('form');
\t\t\t\tif(loginform) {
\t\t\t\t\tfor(i in loginform) {
\t\t\t\t\t\tif(loginform[i].id && loginform[i].id.substr(0, 11) == 'loginform_L') {
\t\t\t\t\t\t\tloginform[i].innerHTML = '{$loginstr}';
\t\t\t\t\t\t}
\t\t\t\t\t}
\t\t\t\t}
\t\t\t\t</script>
EOF;
}
}
if ($_G['setting']['connect']['allow'] && $_G['uid'] && $_G['setting']['security_safelogin'] && !$_G['member']['conisbind'] && CURMODULE != 'post' && getcookie('safelogintips')) {
$msg = '<p>' . lang('plugin/security', 'safelogintips') . '</p><p class="mtm"><a href="connect.php?mod=config" target="_blank"><img src="' . IMGDIR . '/qq_bind_small.gif" class="qq_bind" align="absmiddle" /></a></p>';
$safelogintips = <<<EOF
\t\t\t\t<script type="text/javascript">
\t\t\t\thideWindow('safelogintips');
\t\t\t\tshowDialog('{$msg}', 'notice', null, '(function() { window.location.href="connect.php?mod=config"; })();', 0, null, null, null, null, null, null);
\t\t\t\t</script>
EOF;
dsetcookie('safelogintips');
}
return $ajaxReportScript . $ajaxRetryScript . $loginboxdisappear . $safelogintips;
}
if ($thread['closed'] && !$forum['ismoderator']) {
wapmsg('post_thread_closed');
}
if ($post_autoclose = checkautoclose()) {
wapmsg($post_autoclose);
}
if (empty($message)) {
echo "<p>{$lang['message']}<input type=\"text\" name=\"message\" value=\"\" format=\"M*m\" /><br />\n" . "<anchor title=\"{$lang['submit']}\">{$lang['submit']}" . "<go method=\"post\" href=\"index.php?action=post&do=reply&fid={$fid}&tid={$tid}&sid={$sid}\">\n" . "<postfield name=\"subject\" value=\"\$(subject)\" />\n" . "<postfield name=\"message\" value=\"\$(message)\" />\n" . "<postfield name=\"formhash\" value=\"" . formhash() . "\" />\n" . "</go></anchor><br /><br />\n" . "<a href=\"index.php?action=thread&tid={$tid}\">{$lang['return_thread']}</a><br />\n" . "<a href=\"index.php?action=forum&fid={$fid}\">{$lang['return_forum']}</a></p>\n";
} else {
if ($message == '') {
wapmsg('post_sm_isnull');
}
if ($post_invalid = checkpost()) {
wapmsg($post_invalid);
}
if ($formhash != formhash()) {
wapmsg('wap_submit_invalid');
}
if (checkflood()) {
wapmsg('post_flood_ctrl');
}
$pinvisible = $modnewreplies ? -2 : 0;
$db->query("INSERT INTO {$tablepre}posts (fid, tid, first, author, authorid, dateline, message, useip, invisible, usesig, htmlon, bbcodeoff, smileyoff, parseurloff, attachment)\r\n\t\t\t\tVALUES ('{$fid}', '{$tid}', '0', '{$discuz_user}', '{$discuz_uid}', '{$timestamp}', '{$message}', '{$onlineip}', '{$pinvisible}', '1', '0', '0', '0', '0', '0')");
$pid = $db->insert_id();
$db->query("REPLACE INTO {$tablepre}myposts (uid, tid, pid, position, dateline) VALUES ('{$discuz_uid}', '{$tid}', '{$pid}', '" . ($thread['replies'] + 1) . "', '{$timestamp}')", 'UNBUFFERED');
if ($modnewreplies) {
wapmsg('post_mod_succeed', array('title' => 'post_mod_forward', 'link' => "index.php?action=forum&fid={$fid}"));
} else {
$db->query("UPDATE {$tablepre}threads SET lastposter='{$discuz_user}', lastpost='{$timestamp}', replies=replies+1 WHERE tid='{$tid}' AND fid='{$fid}'", 'UNBUFFERED');
updatepostcredits('+', $discuz_uid, $replycredits);
$lastpost = "{$thread['tid']}\t" . addslashes($thread['subject']) . "\t{$timestamp}\t{$discuz_user}";
echo '<td>' . $value['lastitemid'] . '</td>';
echo '<td align="center"><a href="' . $theurl . '&op=edit&slogid=' . $value['slogid'] . '">' . $alang['robot_robot_op_edit'] . '</a>|<a href="' . $theurl . '&op=update&slogid=' . $value['slogid'] . '">' . $alang['generation_sitemap_clicking_here'] . '</a></td></tr>';
}
echo '</table>';
echo '<table cellspacing="0" cellpadding="0" width="100%" class="btmtable">';
echo '<tr><th><input type="checkbox" name="chkall" onclick="checkall(this.form, \'slogid\')">' . $alang['space_select_all'] . '</th></tr>';
echo '</table>';
echo '<div class="buttons">';
echo '<input type="submit" name="listsubmit" value="' . $alang['common_submit'] . '" class="submit"> ';
echo '<input type="reset" value="' . $alang['common_reset'] . '">';
echo '</div>';
echo '</form>';
}
if (!empty($thevalue)) {
echo '<form method="post" action="' . $theurl . '" name="thevalueform" enctype="multipart/form-data">';
echo '<input type="hidden" name="formhash" value="' . formhash() . '">';
echo '<table cellspacing="0" cellpadding="0" width="100%" class="maintable">';
echo '<tr id="tr_subject"><th>' . $alang['sitemap_name'] . '</th><td><input type="text" name="mapname" size="30" value="' . $thevalue['mapname'] . '"></td></tr>';
echo '<tr id="tr_subject"><th>' . $alang['sitemap_type'] . '</th><td><input type="radio" name="maptype" size="30" value="baidu" ' . ($thevalue['maptype'] == 'baidu' ? 'checked' : '') . ' onclick="changemaptype(this)">Baidu <input type="radio" name="maptype" size="30" value="google" ' . ($thevalue['maptype'] == 'google' ? 'checked' : '') . ' onclick="changemaptype(this)">Google</td></tr>';
echo '<tbody id="typehtml_baidu" style="display:' . $baidu_style . '">';
echo '<tr id="tr_subject"><th>' . $alang['sitemap_changefreq'] . '</th><td><input type="text" name="changefreq_baidu" value="' . (is_numeric($thevalue['changefreq']) ? $thevalue['changefreq'] : 15) . '" id="changefreq_baidu"></td></tr>';
echo '<tr id="tr_subject"><th>' . $alang['sitemap_num'] . '</th><td><input type="text" name="mapnum_baidu" size="30" value="' . (empty($thevalue['mapnum']) ? 100 : $thevalue['mapnum']) . '"></td>';
echo '</tbody>';
echo '<tbody id="typehtml_google" style="display:' . $google_style . '">';
echo label(array('type' => 'select', 'name' => 'changefreq_google', 'options' => $options, 'value' => $thevalue['changefreq'], 'alang' => $alang['sitemap_changefreq']));
echo '<tr id="tr_subject"><th>' . $alang['sitemap_num'] . '</th><td><input type="text" name="mapnum_google" size="30" value="' . (empty($thevalue['mapnum']) ? 5000 : $thevalue['mapnum']) . '"></td>';
echo '</tbody>';
echo '<tr id="tr_subject"><th>' . $alang['sitemap_createtype'] . '</th><td><input id="createtype_baidu" type="radio" name="createtype" size="30" value="0" ' . ($thevalue['createtype'] == 0 ? 'checked' : '') . ' ' . $disabled . '>' . $alang['sitemap_createtype_0'] . ' <input id="createtype_google" type="radio" name="createtype" size="30" value="1" ' . ($thevalue['createtype'] == 1 ? 'checked' : '') . ' ' . $disabled . '>' . $alang['sitemap_createtype_1'] . '</td></tr>';
echo '</table>';
echo '<div class="buttons">';
if ($_GET['op'] == 'edit') {
<?php
/*
[Discuz!] (C)2001-2009 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: member.php 16790 2008-11-20 06:45:21Z zhaoxiongfei $
*/
define('CURSCRIPT', 'member');
define('NOROBOT', TRUE);
require_once './include/common.inc.php';
if ($action == 'clearcookies') {
if (is_array($_COOKIE) && (empty($discuz_uid) || $discuz_uid && $formhash == formhash())) {
foreach ($_COOKIE as $key => $val) {
dsetcookie($key, '', -86400 * 365, 0);
}
}
dheader("Location: {$boardurl}" . $indexname);
} elseif ($action == 'online') {
$discuz_action = 31;
@(include language('actions'));
$page = max(1, intval($page));
$start_limit = ($page - 1) * $memberperpage;
$num = $db->result_first("SELECT COUNT(*) FROM {$tablepre}sessions");
$multipage = multi($num, $memberperpage, $page, 'member.php?action=online');
$onlinelist = array();
$query = $db->query("SELECT s.*, f.name, t.subject FROM {$tablepre}sessions s\r\n\t\tLEFT JOIN {$tablepre}forums f ON s.fid=f.fid\r\n\t\tLEFT JOIN {$tablepre}threads t ON s.tid=t.tid\r\n\t\tWHERE s.invisible='0'\r\n\t\tORDER BY s.lastactivity DESC LIMIT {$start_limit}, {$memberperpage}");
while ($online = $db->fetch_array($query)) {
$online['lastactivity'] = gmdate($timeformat, $online['lastactivity'] + $timeoffset * 3600);
$online['action'] = $actioncode[$online['action']];
$online['subject'] = $online['subject'] ? cutstr($online['subject'], 35) : NULL;
/**
* [PHPB2B] Copyright (C) 2007-2099, Ualink Inc. All Rights Reserved.
* The contents of this file are subject to the License; you may not use this file except in compliance with the License.
*
* @version $Revision: 2075 $
*/
function smarty_function_formhash($params, &$smarty)
{
$output = '<input type="hidden" name="formhash" value="' . formhash() . '" id="FormHash">';
return $output;
}