// 清除所有的回复。喜欢。还有相关资源 thread_delete($tid); } else { post_delete($pid); post_list_cache_delete($tid); } message(0, '删除成功'); // 接受 base64 文件上传 } elseif ($action == 'upload') { // 允许的文件后缀名 $types = (include './conf/attach.conf.php'); $allowtypes = $types['all']; empty($uid) and message(-1, '游客不允许上传文件'); empty($group['allowattach']) and $gid != 1 and message(-1, '您无权上传'); $conf['ipaccess_on'] and !ipaccess_check($longip, 'attachs') and message(-1, '您的 IP 今日上传附件数达到上限,请明天再来。'); $conf['ipaccess_on'] and !ipaccess_check($longip, 'attachsizes') and message(-1, '您的 IP 今日上传附件尺寸达到上限,请明天再来。'); $isimage = param(2, 0); $tid = 0; $fid = 0; $upfile = param('upfile', '', FALSE); empty($upfile) and message(-1, 'upfile 数据为空'); $json = xn_json_decode($upfile); empty($json) and message(-1, '数据有问题: json 为空'); $name = $json['name']; $width = $json['width']; $height = $json['height']; $data = base64_decode($json['data']); $size = strlen($data); $type = attach_type($name, $types); empty($data) and message(-1, '数据有问题, data 为空'); if ($isimage && $conf['tietuku_on']) {
message(2, '请稍后重试,每个小时只能尝试5次。'); } if ($verifycode2 != $verifycode) { $verifytimes++; online_set('verifytimes', $verifytimes); online_set('verifylastdate', $time); message(2, '验证码不正确'); } message(0, '检测通过,进入下一步'); } } // 找回密码第2步 // 发送激活邮件/手机短信 } elseif ($action == 'sendreset') { !$conf['user_find_pw_on'] and message(-1, '当前未开启找回密码功能。'); $conf['ipaccess_on'] and $conf['user_find_pw_on'] and !ipaccess_check($longip, 'mails') and message(-1, '您的 IP 今日发送邮件数达到上限,请明天再来。'); $conf['ipaccess_on'] and !ipaccess_check_freq($longip) and message(0, '发送邮件比较耗费资源,请您休息一会再来。'); $smtplist = (include './conf/smtp.conf.php'); $n = array_rand($smtplist); $smtp = $smtplist[$n]; $email = param('email'); !is_email($email, $err) and message(1, $err); $r = user_read_by_email($email); !$r and message(1, 'Email 未被注册。'); $rand = rand(100000, 999999); online_set('reset_email', $email); online_set('reset_verifycode', $rand); $subject = "重设密码验证码:{$rand} - 【{$conf['sitename']}】"; $message = $subject; $r = xn_send_mail($smtp, $conf['sitename'], $email, $subject, $message); if ($r === TRUE) {
<?php !defined('DEBUG') and exit('Access Denied.'); include './xiunophp/xn_html_safe.func.php'; $action = param(1); $uid and $user = user_read($uid); empty($user) and $user = user_guest(); // 发表主题帖 if ($action == 'create') { $conf['ipaccess_on'] and !ipaccess_check($longip, 'threads') and message(-1, '您的 IP 今日发表主题数达到上限,请明天再来。'); if ($method == 'GET') { check_standard_browser(); $fid = param(2, 0); $forumlist_allowthread = forum_list_access_filter($forumlist, $gid, 'allowthread'); $forumarr = xn_json_encode(arrlist_key_values($forumlist_allowthread, 'fid', 'name')); if (empty($forumlist_allowthread)) { message(-1, '您所在的用户组没有权限发主题'); // header("Location:user-login.htm"); exit; } $header['title'] = '发帖' . ($uid == 0 ? ' [匿名模式]' : ''); include './pc/view/thread_create.htm'; } else { $fid = param('fid', 0); $forum = forum_read($fid); empty($forum) and message(3, '板块不存在' . $fid); $r = forum_access_user($fid, $gid, 'allowthread'); if (!$r) { if ($gid == 0) { $r = forum_access_user($fid, 101, 'allowthread'); $r and user_login_check($user);
$header['title'] = '用户登录'; include './mobile/view/user_login.htm'; } } elseif ($action == 'create') { $conf['ipaccess_on'] and $conf['user_create_email_on'] and !ipaccess_check($longip, 'mails') and message(-1, '您的 IP 今日发送邮件数达到上限,请明天再来。'); $conf['ipaccess_on'] and !ipaccess_check($longip, 'users') and message(-1, '您的 IP 今日注册用户数达到上限,请明天再来。'); user_check_flood($longip) and message(3, '您当前 IP 注册太频繁,请稍后再注册。'); if ($method == 'GET') { $referer = user_http_referer(); $header['title'] = '创建用户'; include './mobile/view/user_create.htm'; } // 设置密码,创建用户 } elseif ($action == 'setpw') { $conf['ipaccess_on'] and $conf['user_create_email_on'] and !ipaccess_check($longip, 'mails') and message(-1, '您的 IP 今日发送邮件数达到上限,请明天再来。'); $conf['ipaccess_on'] and !ipaccess_check($longip, 'users') and message(-1, '您的 IP 今日注册用户数达到上限,请明天再来。'); $email = online_get('create_email'); $verifycode = online_get('create_verifycode'); empty($email) || $conf['user_create_email_on'] && empty($verifycode) and message(-1, '请返回填写数据'); $user = user_read_by_email($email); $user and message(1, 'EMAIL 已经注册。'); if ($method == 'GET') { include './mobile/view/user_setpw.htm'; } } elseif ($action == 'logout') { $user = user_guest(); user_token_clean('/', '', 'bbs'); $uid = 0; $gid = 0; // 更新在线 online_save(TRUE);