<?php
$member_account = get_member_account();
$openid = $member['openid'];
$order = mysqld_select("SELECT * FROM " . table('shop_order') . " WHERE id=:id limit 1", array(':id' => $orderid));
$getmember = member_get($openid);
if ($getmember['gold'] >= $order['price']) {
$usegold = member_gold($openid, $order['price'], 'usegold', "消费金额:" . $order['price'] . ",订单编号:" . $order['ordersn']);
if ($usegold) {
mysqld_update('shop_order', array('status' => '1', 'paytype' => '1'), array('id' => $orderid));
message('订单提交成功,收货后请验货!', WEBSITE_ROOT . mobile_url('myorder'), 'success');
} else {
message('付款失败!', WEBSITE_ROOT . mobile_url('myorder'), 'error');
}
} else {
message('余额不足,无法完成付款!', WEBSITE_ROOT . mobile_url('myorder'), 'error');
}
<?php
$member = get_member_account(false);
$member = member_get($member['openid']);
if (empty($member['openid'])) {
$member = get_member_account(false);
$member['createtime'] = time();
}
$is_login = is_login_account();
$cfg = globaSetting();
$weixinfans = get_weixin_fans_byopenid($member['openid'], $member['openid']);
if (!empty($weixinfans) && !empty($weixinfans['avatar'])) {
$avatar = $weixinfans['avatar'];
}
include themePage('fansindex');
}
echo '</form>';
echo '<script type="text/javascript">function d(){var a=document.getElementById("del_btn"); var ck=document.getElementsByName("comm_delete[]"); var i=0; var en="visibility:hidden;"; var dl=document.getElementById("btn_delete"); var cheked=0; ' . 'for(i=0;i<ck.length;i++){ if(ck[i].checked){ cheked++; en="visibility:visible;"; }} a.setAttribute("style", en); ' . 'var btn_name="Delete comment"; if(cheked>1){btn_name=btn_name+"s";} dl.setAttribute("value",btn_name);}';
echo 'var ss=document.getElementsByName("comm_delete[]"); var i=0; for (i=0; i<ss.length; i++){ ss[i].onclick=d; }</script>';
}
// ---------------------------------------------------------------------------------------------------------------------
/* Available placeholders:
- {input_username}
- {input_email}
- {input_commentbox}
- {smiles}
- [captcha] ... {captcha} ... [/captcha] - if captcha enabled only
- [submit]..[/submit] - make submit box
*/
$member = member_get();
if ($member && test('Mac') || !$member) {
$comment_url = getoption('rw_engine') ? $_SERVER['REQUEST_URI'] : PHP_SELF;
echo '<form name="comment_frm" action="' . $comment_url . '" method="POST"/>';
echo '<input type="hidden" name="id" value="' . $id . '" />';
echo '<input type="hidden" name="subaction" value="addcomment" />';
echo '<input type="hidden" name="popup" value="' . cn_htmlspecialchars(REQ('popup')) . '" />';
echo '<input type="hidden" name="referer" value="' . cn_htmlspecialchars($_SERVER['REQUEST_URI']) . '" />';
$edit_id = intval(REQ('edit_id'));
if ($edit_id) {
echo '<input id="edt_comm_mode" type="hidden" name="edit_id" value="' . intval($edit_id) . '" />';
}
if ($is_encode) {
$comments = $entry['co'];
foreach ($comments as $item) {
$ni = iconv('UTF-8', $user_encoding . '//TRANSLIT', $item['c']);
die('Access restricted');
}
global $PHP_SELF;
list($id, $action, $is_forgetme) = GET('id, action, isforgetme', 'GPG');
// Prevent false as 'false'
if ($is_forgetme === 'false') {
$is_forgetme = false;
}
// Logout user if clicked on "Forget me"
if ($is_forgetme) {
cn_logout($_REQUEST['referer']);
return FALSE;
}
$id = cn_id_alias($id);
// ------------------------------------
$user = member_get();
if ($user) {
$logged_as_member = TRUE;
$name = $user['name'];
$mail = $user['email'];
} else {
$logged_as_member = FALSE;
$name = trim(REQ('name', 'POST'));
$mail = trim(REQ('mail', 'POST'));
}
$comment = trim(REQ('comments', 'POST'));
$refer = cn_htmlspecialchars(REQ('referer'));
$regex_site = '/(ftps?|n?ntp|pop3|https?):\\/\\/[^\\s]+/is';
// Can't add comment
if ($user && !test('Mac')) {
echo '<div class="cn_error_comment">' . i18n("You can't add comment") . '. <a href="' . $refer . '">Go back</a></div>';
public function do_gifts()
{
$reply = mysqld_select("SELECT * FROM " . table("bigwheel_reply") . " ORDER BY `id` DESC");
$member = get_member_account(true, intval($reply['needreg']) == 1);
$openid = $member['openid'];
$from_user = $openid;
$member = member_get($openid);
$gifts = mysqld_selectall("SELECT * FROM " . table('bigwheel_award') . " WHERE from_user='******' ");
include addons_page('gifts');
}
function member_gold($openid, $fee, $type, $remark)
{
$member = member_get($openid);
if (!empty($member['openid'])) {
if (!is_numeric($fee) || $fee < 0) {
message("输入数字非法,请重新输入");
}
if ($type == 'addgold') {
$data = array('remark' => $remark, 'type' => $type, 'fee' => $fee, 'account_fee' => $member['gold'] + $fee, 'createtime' => TIMESTAMP, 'openid' => $openid);
mysqld_insert('member_paylog', $data);
mysqld_update('member', array('gold' => $member['gold'] + $fee), array('openid' => $openid));
return true;
}
if ($type == 'usegold') {
if ($member['gold'] >= $fee) {
$data = array('remark' => $remark, 'type' => $type, 'fee' => $fee, 'account_fee' => $member['gold'] - $fee, 'createtime' => TIMESTAMP, 'openid' => $openid);
mysqld_insert('member_paylog', $data);
mysqld_update('member', array('gold' => $member['gold'] - $fee), array('openid' => $openid));
return true;
}
}
}
return false;
}
<?php
if (!defined('EXEC_TIME')) {
die('Access restricted');
}
// Loading filters
require_once SERVDIR . '/core/modules/hooks/common.php';
// Require module -----
$_module = REQ('mod', 'GPG');
// Loading all modules (internal + external)
$_init_modules = hook('modules/init_modules', array('main' => array('path' => 'dashboard', 'acl' => 'Cd'), 'addnews' => array('path' => 'add_news', 'acl' => 'Can'), 'editnews' => array('path' => 'edit_news', 'acl' => 'Cvn'), 'media' => array('path' => 'media', 'acl' => 'Cmm'), 'maint' => array('path' => 'maint', 'acl' => 'Cmt'), 'help' => array('path' => 'help', 'acl' => ''), 'logout' => array('path' => 'logout', 'acl' => '')));
// Required module not exist
if (!isset($_init_modules[$_module])) {
// external module chk
$_module = hook('modules/init', 'main', $_module);
}
// Check restrictions, if user is authorized
if (($user = member_get()) && defined('AREA') && AREA == 'ADMIN') {
if (test($_init_modules[$_module]['acl'])) {
// Request module
$_mod_cfg = $_init_modules[$_module];
include MODULE_DIR . '/' . $_mod_cfg['path'] . '.php';
} else {
//check user for ban group
if ($user['acl'] == ACL_LEVEL_BANNED) {
global $_SESS;
$_SESSION = array();
}
msg_info('Section [' . cn_htmlspecialchars($_module) . '] disabled for you', PHP_SELF);
}
}
<?php
$member = get_member_account(true, true);
$openid = $member['openid'];
$memberinfo = member_get($openid);
if (empty($memberinfo['pwd'])) {
$hiddenoldpwd = true;
}
if (checksubmit("submit")) {
if (!empty($memberinfo['pwd'])) {
if (empty($_GP['pwd'])) {
message("请输入密码!");
}
if ($memberinfo['pwd'] != md5($_GP['oldpwd'])) {
message("原始密码错误!");
}
}
$data = array('pwd' => md5($_GP['pwd']));
mysqld_update('member', $data, array('openid' => $openid));
message('密码修改成功!', mobile_url('fansindex'), 'success');
}
include themePage('member_pwd');
public function do_getaward()
{
$xc_zjp = mysqld_select("SELECT * FROM " . table('xc_zjp_reply'));
$member = get_member_account(true, intval($xc_zjp['needreg']) == 1);
$openid = $member['openid'];
if (empty($openid)) {
message('非法访问,请重新发送消息进入抽奖页面!');
}
$member = member_get($openid);
if (empty($xc_zjp)) {
message('非法访问,请重新发送消息进入抽奖页面!');
}
$result = array('status' => -1, 'message' => '');
$total = mysqld_selectcolumn("SELECT COUNT(*) FROM " . table('xc_zjp_winner') . " WHERE open_id = '{$openid}' and TO_DAYS(NOW())-TO_DAYS(FROM_UNIXTIME(createtime))<= " . $xc_zjp["periodlottery"]);
$myuser = mysqld_select("SELECT * FROM " . table('xc_zjp_user') . " WHERE open_id = '{$openid}' ");
$friendcount = 0;
$arr_times = $this->get_today_times($total, $xc_zjp['maxlottery'], $friendcount);
$result['useCount'] = false;
$useCredit = false;
if ($arr_times['today_has'] <= 0) {
if (!empty($xc_zjp['basenum']) && $xc_zjp['basenum'] < $member['credit']) {
$useCredit = true;
}
}
if ($arr_times['today_has'] <= 0) {
if (empty($xc_zjp['basenum']) || !empty($xc_zjp['basenum']) && $xc_zjp['basenum'] > $member['credit']) {
$result['nochance'] = $arr_times['today_has'];
$result['message'] = '抽奖机会已用完!';
$vars = array();
$vars['message'] = $result;
$vars['redirect'] = refresh();
$vars['type'] = 'ajax';
exit(json_encode($vars));
}
}
$result['surplusCount'] = $arr_times['today_has'] - 1 < 0 ? -1 : $arr_times['today_has'] - 1;
if (!empty($xc_zjp['basenum'])) {
$result['useCredit1'] = $xc_zjp['basenum'];
$result['surplusCredit1'] = $member['credit'] - $xc_zjp['basenum'] < 0 ? 0 : $member['credit'] - $xc_zjp['basenum'];
} else {
$result['useCredit1'] = 0;
$result['surplusCredit1'] = 0;
}
$result['useCount'] = true;
$gifts = mysqld_selectall("SELECT * FROM " . table('xc_zjp_award') . " WHERE total>0 ORDER BY probalilty ASC");
//计算每个礼物的概率
$probability = 0;
$rate = 1;
$award = array();
foreach ($gifts as $name => $gift) {
if (empty($gift['probalilty'])) {
continue;
}
if ($gift['probalilty'] < 1) {
$temp = explode('.', $gift['probalilty']);
$temp = pow(10, strlen($temp[1]));
$rate = $temp < $rate ? $rate : $temp;
}
$probability = $probability + $gift['probalilty'] * $rate;
$award[] = array('id' => $gift['id'], 'probalilty' => $probability);
}
$all = 100 * $rate;
if ($probability < $all) {
$award[] = array('title' => '', 'probalilty' => $all);
}
mt_srand((double) microtime() * 1000000);
$rand = mt_rand(1, $all);
foreach ($award as $key => $gift) {
if (isset($award[$key - 1])) {
if ($rand > $award[$key - 1]['probalilty'] && $rand <= $gift['probalilty']) {
$awardid = $gift['id'];
break;
}
} else {
if ($rand > 0 && $rand <= $gift['probalilty']) {
$awardid = $gift['id'];
break;
}
}
}
$title = '';
$result['hasPrize'] = false;
$result['message'] = '很遗憾,您没能中奖!';
$data = array('open_id' => $openid, 'status' => 0, 'createtime' => TIMESTAMP);
$credit = array('award' => (empty($awardid) ? '未' : '') . '中奖', 'open_id' => $openid, 'status' => 3, 'description' => empty($awardid) ? $xc_zjp['misscredit'] : $xc_zjp['hitcredit'], 'createtime' => TIMESTAMP);
if (!empty($awardid)) {
$gift = mysqld_select("SELECT * FROM " . table('xc_zjp_award') . " WHERE id = '{$awardid}'");
if ($gift['total'] > 0) {
$data['award'] = $gift['title'];
$result['gift'] = $gift['title'];
$result['giftimg'] = $gift['description'];
$result['hasPrize'] = true;
mysqld_query("UPDATE " . table('xc_zjp_award') . " SET total = total - 1 WHERE id = '{$awardid}'");
$data['description'] = '';
$result['message'] = '恭喜您,得到“' . $data['award'] . '”!' . $desss;
$result['status'] = 0;
} else {
$credit['description'] = $xc_zjp['misscredit'];
}
$data['gifturl'] = $gift['description'];
$data['description'] = $gift['title'];
}
if ($useCredit) {
member_credit($openid, intval($xc_zjp['basenum']), 'usecredit', '抓奖品消费积分');
}
if (empty($_SESSION['cachetime']) || $_SESSION['cachetime'] < time()) {
$_SESSION['cachetime'] = time() + 3;
mysqld_insert('xc_zjp_winner', $data);
}
$result['myaward'] = mysqld_selectall("SELECT * FROM " . table('xc_zjp_winner') . " WHERE open_id = '{$openid}' AND award <> '' ORDER BY createtime DESC");
$mycredit = mysqld_selectcolumn("SELECT SUM(description) FROM " . table('xc_zjp_winner') . " WHERE open_id = '{$openid}' AND award <> '' ");
$result['credit'] = $mycredit;
$result['credit'] = !empty($result['credit']) ? $result['credit'] : '0';
$vars = array();
$vars['message'] = $result;
$vars['redirect'] = refresh();
$vars['type'] = 'ajax';
exit(json_encode($vars));
}
function cn_modify_bb_comm_delete($e, $t)
{
$user = member_get();
if (test('Mda') || test('Mds') && $user['name'] == $e['u']) {
return str_replace('%cbox', '<input type="checkbox" name="comm_delete[]" value="' . intval($e['id']) . '" />', $t);
}
return '';
}
function dashboard_personal()
{
$member = member_get();
// Additional fields for user
$personal_more = array('site' => array('name' => 'Personal site', 'type' => 'text'), 'about' => array('name' => 'About me', 'type' => 'textarea'));
if (request_type('POST')) {
cn_dsi_check();
$clause = '';
$any_changes = FALSE;
list($editpassword, $confirmpassword, $editnickname, $edithidemail, $more) = GET('editpassword, confirmpassword, editnickname, edithidemail, more', 'POST');
$avatar_file = isset($_FILES['avatar_file']) ? $_FILES['avatar_file'] : null;
if (!isset($member['nick']) && !empty($editnickname) || isset($member['nick']) && $member['nick'] !== $editnickname) {
$any_changes = TRUE;
}
if (!isset($member['e-hide']) && !empty($edithidemail) || isset($member['e-hide']) && $member['e-hide'] !== $edithidemail) {
$any_changes = TRUE;
}
if ($editpassword) {
if ($editpassword === $confirmpassword) {
$any_changes = TRUE;
db_user_update($member['name'], "pass="******"Check your email.";
cn_send_mail($member['email'], i18n("Password was changed"), $notification);
} else {
cn_throw_message('Password and confirm do not match', 'e');
}
}
// Update additional fields for personal data
$o_more = base64_encode(serialize($member['more']));
$n_more = base64_encode(serialize($more));
if ($o_more !== $n_more) {
$any_changes = TRUE;
db_user_update($member['name'], "more=" . $n_more);
}
// Set an avatar
if (!empty($avatar_file) && $avatar_file['error'] == 0) {
$uploads_dir = getoption('uploads_dir');
if ($uploads_dir) {
$file_name = 'avatar_' . $member['name'] . '_' . $avatar_file['name'];
if (isset($member['avatar']) && $member['avatar'] != $file_name) {
// remove old avatar
unlink($uploads_dir . $member['avatar']);
}
move_uploaded_file($avatar_file['tmp_name'], $uploads_dir . $file_name);
db_user_update($member['name'], "avatar=" . $file_name);
$any_changes = TRUE;
}
}
// Has changes?
if ($any_changes) {
db_user_update($member['name'], "nick={$editnickname}", "e-hide={$edithidemail}");
// Update & Get member from DB
mcache_set('#member', NULL);
$member = member_get();
cn_throw_message("User info updated! {$clause}");
} else {
cn_throw_message("No changes", 'w');
}
}
$grp = getoption('#grp');
$acl_desc = $grp[$member['acl']]['N'];
// Get info from personal data
foreach ($personal_more as $name => $pdata) {
if (isset($member['more'][$name])) {
$personal_more[$name]['value'] = $member['more'][$name];
}
}
cn_assign('member, acl_write_news, acl_desc, personal_more', $member, test('Can'), $acl_desc, $personal_more);
echoheader('-@dashboard/style.css', "Personal options");
echo exec_tpl('dashboard/personal');
echofooter();
}
function login_guest($keep_data = NULL, $username = NULL)
{
global $_SESS;
cn_extrn_init();
// Logout
if (isset($_GET['widget_personal_logout'])) {
$_SESSION = array();
}
// Send new data
$_SESSION['.CSRF'] = md5(mt_rand());
if (!member_get()) {
// Widget's login form
echo proc_tpl('widgets/personal_login_form', "CSRF=" . $_SESSION['.CSRF'], 'KEEP=' . base64_encode(serialize($keep_data)), 'MSG=' . cn_front_msg_show('login', 'widget_personal_msg'), 'username='******'rememberme=' . (isset($_POST['cn_remember_me']) && !empty($_POST['cn_remember_me']) ? 'checked' : ''));
}
}
function add_news_invoke()
{
$FlatDB = new FlatDB();
// loadall
list($article_type, $preview) = GET('postpone_draft, preview', 'GETPOST');
list($from_date_hour, $from_date_minutes, $from_date_seconds, $from_date_month, $from_date_day, $from_date_year) = GET('from_date_hour, from_date_minutes, from_date_seconds, from_date_month, from_date_day, from_date_year', 'GETPOST');
list($title, $page, $category, $short_story, $full_story, $if_use_html, $vConcat, $vTags, $faddm) = GET('title, page, category, short_story, full_story, if_use_html, concat, tags, faddm', 'GETPOST');
$categories = cn_get_categories(false);
list($morefields) = cn_get_more_fields($faddm);
$is_active_html = test('Csr');
// Prepare data to add new item
if (request_type('POST')) {
cn_dsi_check();
if (!preg_match("~^[0-9]{1,}\$~", $from_date_hour) or !preg_match("~^[0-9]{1,}\$~", $from_date_minutes) or !preg_match("~^[0-9]{1,}\$~", $from_date_seconds)) {
cn_throw_message("You want to add article, but the hour format is invalid.", 'e');
}
// create publish time
$c_time = mktime($from_date_hour, $from_date_minutes, $from_date_seconds, $from_date_month, $from_date_day, $from_date_year);
// flat category to array
if ($category == '') {
$category = array();
} elseif (!is_array($category)) {
$category = array($category);
}
// article is draft?
if ($article_type == 'draft') {
$draft = 1;
} else {
$draft = 0;
}
$if_use_html = $if_use_html ? TRUE : (getoption('use_wysiwyg') ? TRUE : FALSE);
// draft, if Behavior Draft is set
if (test('Bd')) {
$draft = 1;
}
// sanitize page name
$page = preg_replace('/[^a-z0-9_\\.]/i', '-', $page);
if (empty($page) && getoption('auto_news_alias')) {
$page = strtolower(preg_replace('/[^a-z0-9_\\.]/i', '-', cn_transliterate($title)));
}
// basic news
$member = member_get();
$entry = array();
$entry['id'] = $c_time;
$entry['t'] = cn_htmlclear($title);
$entry['u'] = $member['name'];
$entry['c'] = news_make_category($category);
$entry['s'] = cn_htmlclear($short_story);
$entry['f'] = cn_htmlclear($full_story);
$entry['ht'] = $if_use_html;
$entry['st'] = $draft ? 'd' : '';
$entry['co'] = array();
// 0 comments
$entry['cc'] = $vConcat ? TRUE : FALSE;
$entry['tg'] = strip_tags($vTags);
$entry['pg'] = $page;
// Check page alias for exists
if ($page && bt_get_id($page, 'pg_ts') && !$preview) {
cn_throw_message('Page alias already exists', 'e');
} else {
// Get latest id for news
$latest_id = intval(bt_get_id('latest_id', 'conf'));
$latest_id++;
bt_set_id($latest_id, $c_time, 'nid_ts');
bt_set_id($c_time, $latest_id, 'nts_id');
bt_set_id('latest_id', $latest_id, 'conf');
// apply more field
list($entry, $disallow_message) = cn_more_fields_apply($entry, $faddm);
// has message from function
if ($disallow_message) {
cn_throw_message($disallow_message, 'e');
}
}
// ----
if (!$preview) {
if (!getoption('disable_title') && empty($title)) {
cn_throw_message('The title cannot be blank', 'e');
}
if (getoption('news_title_max_long') && strlen($title) > getoption('news_title_max_long')) {
cn_throw_message('The title cannon be greater then ' . getoption('news_title_max_long') . ' charecters', 'e');
}
if (!getoption('disable_short') && empty($short_story)) {
cn_throw_message('The story cannot be blank', 'e');
}
// no errors in a[rticle] area
if (cn_get_message('e', 'c') == 0) {
// Add page alias
bt_set_id($page, $c_time, 'pg_ts');
bt_set_id($c_time, $page, 'ts_pg');
$sc = $draft ? 'draft' : '';
$es = db_news_load(db_get_nloc($entry['id']));
// make unique id
while (isset($es[$c_time])) {
$c_time++;
}
// override ts
$entry['id'] = $c_time;
// add default group permission
$member = member_get();
// add to database
$es[$c_time] = $entry;
// do save item
db_save_news($es, db_get_nloc($c_time));
// add news to index
db_index_add($c_time, $entry['c'], $member['id'], $sc);
// ------------------------
$FlatDB->cn_update_date($c_time, 0);
$FlatDB->cn_source_update($c_time, $draft ? 'D' : '');
$FlatDB->cn_add_categories($entry['c'], $c_time);
$FlatDB->cn_add_tags($entry['tg'], $c_time);
$FlatDB->cn_user_sync($entry['u'], $c_time);
// ------------------------
// increase user count written news
$cnt = intval($member['cnt']) + 1;
db_user_update($member['name'], "cnt={$cnt}");
// do update meta-index
db_index_update_overall($sc);
// Notify for unapproved
if (getoption('notify_unapproved') && test('Bd')) {
cn_send_mail(getoption('notify_email'), i18n('CuteNews unapproved article was added'), "CuteNews - Unapproved article was added CuUnArWaAd", cn_replace_text(cn_get_template('notify_unapproved', 'mail'), '%username%, %article_title%', $member['name'], $title));
}
$FlatDB->cache_clean();
// view in editor
cn_relocation(PHP_SELF . '?mod=editnews&action=editnews&id=' . $c_time . '&m=added');
}
} else {
//correct preview links
$preview_html = preg_replace('/href="(.*?)"/', 'href="#"', entry_make($entry, 'active'));
$preview_html_full = preg_replace('/href="(.*?)"/', 'href="#"', entry_make($entry, 'full'));
cn_assign('preview_html, preview_html_full, gstamp', $preview_html, $preview_html_full, $c_time);
}
}
if (empty($category)) {
$category = array();
}
// -----------------------------------------------------------------------------------------------------------------
cn_assign('categories, vCategory, vTitle, vShort, vFull, is_active_html, vUseHtml, vConcat, vTags, morefields,vPage', $categories, $category, $title, $short_story, $full_story, $is_active_html, $if_use_html, $vConcat, $vTags, $morefields, $page);
// ---
echoheader("addedit@addedit/main.css", i18n("Add News"));
echo exec_tpl('addedit/main');
echofooter();
}
