$DB->unbuffered_query("UPDATE {$db_prefix}statistics SET comment_count=comment_count-1"); } $DB->unbuffered_query("DELETE FROM {$db_prefix}comments WHERE commentid='{$commentid}'"); newcomments_recache(); statistics_recache(); $location = getlink('comment', 'list', array('message' => 2)); } header("Location: {$location}"); exit; } // 修改评论 if ($action == 'domod') { $author = trim($_POST['author']); $url = trim($_POST['url']); $email = trim($_POST['email']); if (!$author || getstrlen($author) > 30) { $location = getlink('comment', 'mod', array('message' => 3, 'commentid' => $commentid)); } $name_key = array("\\", '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#', '$', '(', ')', '%', '@', '+', '?', ';', '^'); foreach ($name_key as $value) { if (strpos($author, $value) !== false) { $location = getlink('comment', 'mod', array('message' => 4, 'commentid' => $commentid)); break; } } $author = char_cv($author); if (!isemail($email)) { $location = getlink('comment', 'mod', array('message' => 5, 'commentid' => $commentid)); } if ($url) { if (!preg_match("#^(http|news|https|ftp|ed2k|rtsp|mms)://#", $url)) {
if (substr($keywords, -1) == ',') { $keywords = substr($keywords, 0, getstrlen($keywords) - 1); } $v = explode(',', $keywords); $v_num = count($v); if ($v_num > 10) { wap_message('关键字不能超过10个', array('title' => '重新发表', 'link' => 'index.php?action=addarticle')); } else { for ($i = 0; $i < $v_num; $i++) { if (getstrlen($v[$i]) > 30) { wap_message('每个关键字不能超过30个字符', array('title' => '重新发表', 'link' => 'index.php?action=addarticle')); } } } } if ($title == '' || getstrlen($title) > 120) { wap_message('标题不能为空并且不能多于120个字节', array('title' => '重新发表', 'link' => 'index.php?action=addarticle')); } if (!$mids) { wap_message('你还没有选择分类', array('title' => '重新发表', 'link' => 'index.php?action=addarticle')); } if (!$content) { wap_message('内容不能为空', array('title' => '重新发表', 'link' => 'index.php?action=addarticle')); } $title = char_cv($title); $r = $DB->result($DB->query("SELECT COUNT(articleid) FROM {$db_prefix}articles WHERE title='{$title}'"), 0); if ($r) { wap_message('数据库中已存在一样的标题了,建议您换一个', array('title' => '重新发表', 'link' => 'index.php?action=addarticle')); } // 插入数据部分 $DB->query("INSERT INTO {$db_prefix}articles (uid, title, content, dateline) VALUES ('{$sax_uid}', '{$title}', '{$content} <br /><br /><span style=\"font-weight:bold;color:#4685C4;background-color:#E9F1F8;\">自 WAP 发表</span>', '{$timestamp}')");
$adminitem = array('main' => array('name' => '首页', 'start' => 1), 'article' => array('name' => '文章', 'submenu' => array(array('name' => '文章管理', 'action' => 'list', 'default' => 1), array('name' => '添加文章', 'action' => 'add'))), 'user' => array('name' => '资料', 'end' => 1)); !$job && ($job = 'article'); if ($job == 'user') { $action = in_array($action, array('profile', 'modprofile')) ? $action : 'profile'; } // 撰写组菜单 } else { $adminitem = array(); $job = 'user'; $action = in_array($action, array('profile', 'modprofile')) ? $action : 'profile'; // 注册组菜单 } $groupdb = array(1 => '管理者', 2 => '撰写者', 3 => '普通用户', 4 => '游客'); if (!$job) { $job = 'main'; } else { if (getstrlen($job) > 20) { $job = 'main'; } $job = str_replace(array('.', '/', '\\', "'", ':', '%'), '', $job); $job = basename($job); $job = in_array($job, array('main', 'misc', 'article', 'comment', 'attachment', 'category', 'user', 'link', 'template', 'tools', 'configurate', 'upload')) ? $job : 'main'; } $articleid = intval($_POST['articleid'] ? $_POST['articleid'] : $_GET['articleid']); $subnav = ''; if (file_exists(SABLOG_ROOT . 'admin/' . $job . '.php')) { include SABLOG_ROOT . 'admin/' . $job . '.php'; } else { include SABLOG_ROOT . 'admin/main.php'; } cpfooter();
if (is_array($logfile)) { foreach ($logfile as $log) { $logs[] = $log; } } $logs = @array_reverse($logs); $total = count($logs); if ($total > 100) { $output = @array_slice($logs, 0, 100); $output = @array_reverse($output); $output = @implode("", $output); @touch($logfilename); @($fp = fopen($logfilename, 'rb+')); @flock($fp, LOCK_EX); @fwrite($fp, $output); @ftruncate($fp, getstrlen($output)); @fclose($fp); @chmod($filename, 0777); $location = getlink('tools', $logsfile, array('message' => 26, 'opname' => $opname)); } else { $location = getlink('tools', $logsfile, array('message' => 27)); } header("Location: {$location}"); exit; } //removelog //管理日志页面 if (in_array($action, array('adminlog', 'loginlog', 'dberrorlog'))) { @($logfile = file(SABLOG_ROOT . 'data/log/' . $logsfile . '.php')); $logs = $logdb = array(); if (is_array($logfile)) {
} if (!$r) { message('记录不存在.', './'); } $aids = get_cids($r['mid']); $query_sql .= " AND a.articleid IN ({$aids})"; $navtext = $r['name']; $total = $r['count']; $pageurl = getcatelink($cid, $r['slug']); $options['title'] = settitle($r['name']); $indexpage = 0; } //不用再计算记录数量直接从缓存读取 $getnum = false; // 检查是否设置$setdate参数 if ($setdate && getstrlen($setdate) == 6) { $extra = 'page/'; $navtext = $setyear . '年' . $setmonth . '月的文章'; $pageurl = getdatelink($setdate); if ($archivesdb[$setdate]) { $total = (int) $archivesdb[$setdate]; } else { $getnum = true; } // 检查是否设置$setday参数 $setday = (int) $_GET['setday']; if ($setday && is_numeric($setday)) { $getnum = true; if ($setday > 31 || $setday < 1) { $setday = sadate('d'); }
function htmlSubString($content, $maxlen = 300, $offset = 0) { //把字符按HTML标签变成数组。 $content = preg_split("/(<[^>]+?>)/si", $content, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE); $wordrows = 0; //中英字数 $outstr = ""; //生成的字串 $wordend = false; //是否符合最大的长度 $beginTags = 0; //除<img><br><hr>这些短标签外,其它计算开始标签,如<div*> $endTags = 0; //计算结尾标签,如</div>,如果$beginTags==$endTags表示标签数目相对称,可以退出循环。 //print_r($content); foreach ($content as $value) { if (trim($value) == "") { continue; } //如果该值为空,则继续下一个值 if (strpos(";{$value}", "<") > 0) { //如果与要载取的标签相同,则到处结束截取。 if (trim($value) == $maxlen) { $wordend = true; continue; } if ($wordend == false) { $outstr .= $value; if (!preg_match("/<img([^>]+?)>/is", $value) && !preg_match("/<param([^>]+?)>/is", $value) && !preg_match("/<!([^>]+?)>/is", $value) && !preg_match("/<br([^>]+?)>/is", $value) && !preg_match("/<hr([^>]+?)>/is", $value)) { $beginTags++; //除img,br,hr外的标签都加1 } } else { if (preg_match("/<\\/([^>]+?)>/is", $value, $matches)) { $endTags++; $outstr .= $value; if ($beginTags == $endTags && $wordend == true) { break; } //字已载完了,并且标签数相称,就可以退出循环。 } else { if (!preg_match("/<img([^>]+?)>/is", $value) && !preg_match("/<param([^>]+?)>/is", $value) && !preg_match("/<!([^>]+?)>/is", $value) && !preg_match("/<br([^>]+?)>/is", $value) && !preg_match("/<hr([^>]+?)>/is", $value)) { $beginTags++; //除img,br,hr外的标签都加1 $outstr .= $value; } } } } else { if (is_numeric($maxlen)) { //截取字数 $curLength = getstrlen($value); $maxLength = $curLength + $wordrows; if ($wordend == false) { if ($maxLength > $maxlen) { //总字数大于要截取的字数,要在该行要截取 $outstr .= trimmed_title($value, $maxlen - $wordrows, $offset); $wordend = true; } else { $wordrows = $maxLength; $outstr .= $value; } } } else { if ($wordend == false) { $outstr .= $value; } } } } //循环替换掉多余的标签,如<p></p>这一类 while (preg_match("/<([^\\/][^>]*?)><\\/([^>]+?)>/is", $outstr)) { $outstr = preg_replace_callback("/<([^\\/][^>]*?)><\\/([^>]+?)>/is", "strip_empty_html", $outstr); } //把误换的标签换回来 if (strpos(";" . $outstr, "[html_") > 0) { $outstr = str_replace("[html_<]", "<", $outstr); $outstr = str_replace("[html_>]", ">", $outstr); } //echo htmlspecialchars($outstr); return $outstr; }
$location = getlink('user', 'profile', array('message' => 3, 'userid' => $sax_uid)); } if (!isurl($url)) { $location = getlink('user', 'profile', array('message' => 4, 'userid' => $sax_uid)); } //修改资料 $password_sql = ''; if ($newpassword) { $user = $DB->fetch_one_array("SELECT password FROM {$db_prefix}users WHERE userid='{$sax_uid}'"); if (!$user) { $location = getlink('user', 'profile', array('message' => 15, 'userid' => $sax_uid)); } if ($old_password != $user['password']) { $location = getlink('user', 'profile', array('message' => 16, 'userid' => $sax_uid)); } if (getstrlen($newpassword) < 8) { $location = getlink('user', 'profile', array('message' => 11, 'userid' => $sax_uid)); } if ($newpassword != $comfirpassword) { $location = getlink('user', 'profile', array('message' => 6, 'userid' => $sax_uid)); } if (strpos($newpassword, "\n") !== false || strpos($newpassword, "\r") !== false || strpos($newpassword, "\t") !== false) { $location = getlink('user', 'profile', array('message' => 7, 'userid' => $sax_uid)); } $password_sql = ", password='******'"; } if (!$location) { $email = char_cv($email); $url = char_cv($url); $DB->unbuffered_query("UPDATE {$db_prefix}users SET url='{$url}', email='{$email}' {$password_sql} WHERE userid='{$sax_uid}'"); if ($newpassword) {
$location = getlink('article', 'mod', array('message' => 1, 'articleid' => $articleid)); } if (!$mids) { $location = getlink('article', 'mod', array('message' => 2, 'articleid' => $articleid)); } if (!$content || getstrlen($content) < 4) { $location = getlink('article', 'mod', array('message' => 3, 'articleid' => $articleid)); } if ($keywords) { $v = explode(',', $keywords); $v_num = count($v); if ($v_num > 10) { $location = getlink('article', 'mod', array('message' => 4, 'articleid' => $articleid)); } else { for ($i = 0; $i < $v_num; $i++) { if (getstrlen($v[$i]) > 30) { $location = getlink('article', 'mod', array('message' => 5, 'articleid' => $articleid)); break; } } } } if ($alias) { if (!checkalias($alias)) { $location = getlink('article', 'mod', array('message' => 6, 'articleid' => $articleid)); } $alias = char_cv($alias); $r = $DB->fetch_one_array("SELECT articleid FROM {$db_prefix}articles WHERE alias='{$alias}' AND articleid!='{$articleid}' LIMIT 1"); if ($r) { $location = getlink('article', 'mod', array('message' => 7, 'articleid' => $articleid)); }
function checkcontent($content) { global $options; if (empty($content)) { $result .= '内容不能为空.<br />'; return $result; } if (getstrlen($content) < $options['comment_min_len'] || getstrlen($content) > $options['comment_max_len']) { $result .= '内容不能少于' . $options['comment_min_len'] . '字节,并且不能超过' . $options['comment_max_len'] . '字节.<br />'; return $result; } }
function isemail($email) { return getstrlen($email) > 6 && preg_match("/^[\\w\\-\\.]+@[\\w\\-\\.]+(\\.\\w+)+\$/", $email); }
!$action && ($action = 'catelist'); $location = ''; if ($type == 'category') { $goaction = 'catelist'; } else { $goaction = 'taglist'; } //添加/修改分类 if ($action == 'add' || $action == 'mod') { $new_name = trim($_POST['new_name']); $new_url = trim($_POST['new_url']); $type = trim($_POST['type']); if (!in_array($type, array('category', 'tag'))) { $location = getlink('category', null, array('message' => 1)); } if (!$new_name || getstrlen($new_name) > 30) { $location = getlink('category', $goaction, array('message' => 2)); } $new_name = char_cv($new_name); if ($action == 'add') { $r = $DB->fetch_one_array("SELECT mid FROM {$db_prefix}metas WHERE type='{$type}' AND name='{$new_name}' LIMIT 1"); } else { $r = $DB->fetch_one_array("SELECT mid FROM {$db_prefix}metas WHERE type='{$type}' AND mid!='{$mid}' AND name='{$new_name}' LIMIT 1"); } if ($r) { $location = getlink('category', $goaction, array('message' => 3)); } if ($new_url) { if (!checkalias($new_url)) { $location = getlink('category', $goaction, array('message' => 4)); } else {
function sqldumptable($table, $startfrom = 0, $currsize = 0) { global $DB, $sizelimit, $startrow, $sqlcompat; $offset = 300; $tabledump = ''; if (!$startfrom) { $tabledump = "DROP TABLE IF EXISTS {$table};\n"; $createtable = $DB->query("SHOW CREATE TABLE {$table}"); $create = $DB->fetch_row($createtable); $tabledump .= $create[1]; if ($sqlcompat == 'MYSQL41' && $DB->version() < '4.1') { $tabledump = preg_replace("/TYPE\\=(.+)/", "ENGINE=\\1 DEFAULT CHARSET=utf8", $tabledump); } if ($DB->version() > '4.1') { $tabledump = preg_replace("/(DEFAULT)*\\s*CHARSET=.+/", "DEFAULT CHARSET=utf8", $tabledump); } $query = $DB->query("SHOW TABLE STATUS LIKE '{$table}'"); $tablestatus = $DB->fetch_array($query); $tabledump .= ($tablestatus['Auto_increment'] ? " AUTO_INCREMENT={$tablestatus['Auto_increment']}" : '') . ";\n\n"; if ($sqlcompat == 'MYSQL40' && $DB->version() >= '4.1') { if ($tablestatus['Auto_increment'] != '') { $temppos = strpos($tabledump, ','); $tabledump = substr($tabledump, 0, $temppos) . ' auto_increment' . substr($tabledump, $temppos); } } } $tabledumped = 0; $numrows = $offset; while ($currsize + getstrlen($tabledump) < $sizelimit * 1000 && $numrows == $offset) { $tabledumped = 1; $rows = $DB->query("SELECT * FROM {$table} LIMIT {$startfrom}, {$offset}"); $numfields = $DB->num_fields($rows); $numrows = $DB->num_rows($rows); while ($row = $DB->fetch_row($rows)) { $comma = ''; $tabledump .= "INSERT INTO {$table} VALUES ("; for ($i = 0; $i < $numfields; $i++) { $tabledump .= $comma . '\'' . mysql_escape_string($row[$i]) . '\''; $comma = ','; } $tabledump .= ");\n"; } $startfrom += $offset; } $startrow = $startfrom; $tabledump .= "\n"; return $tabledump; }