<?php $member_account = get_member_account(); $openid = $member['openid']; $order = mysqld_select("SELECT * FROM " . table('shop_order') . " WHERE id=:id limit 1", array(':id' => $orderid)); $getmember = member_get($openid); if ($getmember['gold'] >= $order['price']) { $usegold = member_gold($openid, $order['price'], 'usegold', "消费金额:" . $order['price'] . ",订单编号:" . $order['ordersn']); if ($usegold) { mysqld_update('shop_order', array('status' => '1', 'paytype' => '1'), array('id' => $orderid)); message('订单提交成功,收货后请验货!', WEBSITE_ROOT . mobile_url('myorder'), 'success'); } else { message('付款失败!', WEBSITE_ROOT . mobile_url('myorder'), 'error'); } } else { message('余额不足,无法完成付款!', WEBSITE_ROOT . mobile_url('myorder'), 'error'); }
<?php $member = get_member_account(false); $member = member_get($member['openid']); if (empty($member['openid'])) { $member = get_member_account(false); $member['createtime'] = time(); } $is_login = is_login_account(); $cfg = globaSetting(); $weixinfans = get_weixin_fans_byopenid($member['openid'], $member['openid']); if (!empty($weixinfans) && !empty($weixinfans['avatar'])) { $avatar = $weixinfans['avatar']; } include themePage('fansindex');
} echo '</form>'; echo '<script type="text/javascript">function d(){var a=document.getElementById("del_btn"); var ck=document.getElementsByName("comm_delete[]"); var i=0; var en="visibility:hidden;"; var dl=document.getElementById("btn_delete"); var cheked=0; ' . 'for(i=0;i<ck.length;i++){ if(ck[i].checked){ cheked++; en="visibility:visible;"; }} a.setAttribute("style", en); ' . 'var btn_name="Delete comment"; if(cheked>1){btn_name=btn_name+"s";} dl.setAttribute("value",btn_name);}'; echo 'var ss=document.getElementsByName("comm_delete[]"); var i=0; for (i=0; i<ss.length; i++){ ss[i].onclick=d; }</script>'; } // --------------------------------------------------------------------------------------------------------------------- /* Available placeholders: - {input_username} - {input_email} - {input_commentbox} - {smiles} - [captcha] ... {captcha} ... [/captcha] - if captcha enabled only - [submit]..[/submit] - make submit box */ $member = member_get(); if ($member && test('Mac') || !$member) { $comment_url = getoption('rw_engine') ? $_SERVER['REQUEST_URI'] : PHP_SELF; echo '<form name="comment_frm" action="' . $comment_url . '" method="POST"/>'; echo '<input type="hidden" name="id" value="' . $id . '" />'; echo '<input type="hidden" name="subaction" value="addcomment" />'; echo '<input type="hidden" name="popup" value="' . cn_htmlspecialchars(REQ('popup')) . '" />'; echo '<input type="hidden" name="referer" value="' . cn_htmlspecialchars($_SERVER['REQUEST_URI']) . '" />'; $edit_id = intval(REQ('edit_id')); if ($edit_id) { echo '<input id="edt_comm_mode" type="hidden" name="edit_id" value="' . intval($edit_id) . '" />'; } if ($is_encode) { $comments = $entry['co']; foreach ($comments as $item) { $ni = iconv('UTF-8', $user_encoding . '//TRANSLIT', $item['c']);
die('Access restricted'); } global $PHP_SELF; list($id, $action, $is_forgetme) = GET('id, action, isforgetme', 'GPG'); // Prevent false as 'false' if ($is_forgetme === 'false') { $is_forgetme = false; } // Logout user if clicked on "Forget me" if ($is_forgetme) { cn_logout($_REQUEST['referer']); return FALSE; } $id = cn_id_alias($id); // ------------------------------------ $user = member_get(); if ($user) { $logged_as_member = TRUE; $name = $user['name']; $mail = $user['email']; } else { $logged_as_member = FALSE; $name = trim(REQ('name', 'POST')); $mail = trim(REQ('mail', 'POST')); } $comment = trim(REQ('comments', 'POST')); $refer = cn_htmlspecialchars(REQ('referer')); $regex_site = '/(ftps?|n?ntp|pop3|https?):\\/\\/[^\\s]+/is'; // Can't add comment if ($user && !test('Mac')) { echo '<div class="cn_error_comment">' . i18n("You can't add comment") . '. <a href="' . $refer . '">Go back</a></div>';
public function do_gifts() { $reply = mysqld_select("SELECT * FROM " . table("bigwheel_reply") . " ORDER BY `id` DESC"); $member = get_member_account(true, intval($reply['needreg']) == 1); $openid = $member['openid']; $from_user = $openid; $member = member_get($openid); $gifts = mysqld_selectall("SELECT * FROM " . table('bigwheel_award') . " WHERE from_user='******' "); include addons_page('gifts'); }
function member_gold($openid, $fee, $type, $remark) { $member = member_get($openid); if (!empty($member['openid'])) { if (!is_numeric($fee) || $fee < 0) { message("输入数字非法,请重新输入"); } if ($type == 'addgold') { $data = array('remark' => $remark, 'type' => $type, 'fee' => $fee, 'account_fee' => $member['gold'] + $fee, 'createtime' => TIMESTAMP, 'openid' => $openid); mysqld_insert('member_paylog', $data); mysqld_update('member', array('gold' => $member['gold'] + $fee), array('openid' => $openid)); return true; } if ($type == 'usegold') { if ($member['gold'] >= $fee) { $data = array('remark' => $remark, 'type' => $type, 'fee' => $fee, 'account_fee' => $member['gold'] - $fee, 'createtime' => TIMESTAMP, 'openid' => $openid); mysqld_insert('member_paylog', $data); mysqld_update('member', array('gold' => $member['gold'] - $fee), array('openid' => $openid)); return true; } } } return false; }
<?php if (!defined('EXEC_TIME')) { die('Access restricted'); } // Loading filters require_once SERVDIR . '/core/modules/hooks/common.php'; // Require module ----- $_module = REQ('mod', 'GPG'); // Loading all modules (internal + external) $_init_modules = hook('modules/init_modules', array('main' => array('path' => 'dashboard', 'acl' => 'Cd'), 'addnews' => array('path' => 'add_news', 'acl' => 'Can'), 'editnews' => array('path' => 'edit_news', 'acl' => 'Cvn'), 'media' => array('path' => 'media', 'acl' => 'Cmm'), 'maint' => array('path' => 'maint', 'acl' => 'Cmt'), 'help' => array('path' => 'help', 'acl' => ''), 'logout' => array('path' => 'logout', 'acl' => ''))); // Required module not exist if (!isset($_init_modules[$_module])) { // external module chk $_module = hook('modules/init', 'main', $_module); } // Check restrictions, if user is authorized if (($user = member_get()) && defined('AREA') && AREA == 'ADMIN') { if (test($_init_modules[$_module]['acl'])) { // Request module $_mod_cfg = $_init_modules[$_module]; include MODULE_DIR . '/' . $_mod_cfg['path'] . '.php'; } else { //check user for ban group if ($user['acl'] == ACL_LEVEL_BANNED) { global $_SESS; $_SESSION = array(); } msg_info('Section [' . cn_htmlspecialchars($_module) . '] disabled for you', PHP_SELF); } }
<?php $member = get_member_account(true, true); $openid = $member['openid']; $memberinfo = member_get($openid); if (empty($memberinfo['pwd'])) { $hiddenoldpwd = true; } if (checksubmit("submit")) { if (!empty($memberinfo['pwd'])) { if (empty($_GP['pwd'])) { message("请输入密码!"); } if ($memberinfo['pwd'] != md5($_GP['oldpwd'])) { message("原始密码错误!"); } } $data = array('pwd' => md5($_GP['pwd'])); mysqld_update('member', $data, array('openid' => $openid)); message('密码修改成功!', mobile_url('fansindex'), 'success'); } include themePage('member_pwd');
public function do_getaward() { $xc_zjp = mysqld_select("SELECT * FROM " . table('xc_zjp_reply')); $member = get_member_account(true, intval($xc_zjp['needreg']) == 1); $openid = $member['openid']; if (empty($openid)) { message('非法访问,请重新发送消息进入抽奖页面!'); } $member = member_get($openid); if (empty($xc_zjp)) { message('非法访问,请重新发送消息进入抽奖页面!'); } $result = array('status' => -1, 'message' => ''); $total = mysqld_selectcolumn("SELECT COUNT(*) FROM " . table('xc_zjp_winner') . " WHERE open_id = '{$openid}' and TO_DAYS(NOW())-TO_DAYS(FROM_UNIXTIME(createtime))<= " . $xc_zjp["periodlottery"]); $myuser = mysqld_select("SELECT * FROM " . table('xc_zjp_user') . " WHERE open_id = '{$openid}' "); $friendcount = 0; $arr_times = $this->get_today_times($total, $xc_zjp['maxlottery'], $friendcount); $result['useCount'] = false; $useCredit = false; if ($arr_times['today_has'] <= 0) { if (!empty($xc_zjp['basenum']) && $xc_zjp['basenum'] < $member['credit']) { $useCredit = true; } } if ($arr_times['today_has'] <= 0) { if (empty($xc_zjp['basenum']) || !empty($xc_zjp['basenum']) && $xc_zjp['basenum'] > $member['credit']) { $result['nochance'] = $arr_times['today_has']; $result['message'] = '抽奖机会已用完!'; $vars = array(); $vars['message'] = $result; $vars['redirect'] = refresh(); $vars['type'] = 'ajax'; exit(json_encode($vars)); } } $result['surplusCount'] = $arr_times['today_has'] - 1 < 0 ? -1 : $arr_times['today_has'] - 1; if (!empty($xc_zjp['basenum'])) { $result['useCredit1'] = $xc_zjp['basenum']; $result['surplusCredit1'] = $member['credit'] - $xc_zjp['basenum'] < 0 ? 0 : $member['credit'] - $xc_zjp['basenum']; } else { $result['useCredit1'] = 0; $result['surplusCredit1'] = 0; } $result['useCount'] = true; $gifts = mysqld_selectall("SELECT * FROM " . table('xc_zjp_award') . " WHERE total>0 ORDER BY probalilty ASC"); //计算每个礼物的概率 $probability = 0; $rate = 1; $award = array(); foreach ($gifts as $name => $gift) { if (empty($gift['probalilty'])) { continue; } if ($gift['probalilty'] < 1) { $temp = explode('.', $gift['probalilty']); $temp = pow(10, strlen($temp[1])); $rate = $temp < $rate ? $rate : $temp; } $probability = $probability + $gift['probalilty'] * $rate; $award[] = array('id' => $gift['id'], 'probalilty' => $probability); } $all = 100 * $rate; if ($probability < $all) { $award[] = array('title' => '', 'probalilty' => $all); } mt_srand((double) microtime() * 1000000); $rand = mt_rand(1, $all); foreach ($award as $key => $gift) { if (isset($award[$key - 1])) { if ($rand > $award[$key - 1]['probalilty'] && $rand <= $gift['probalilty']) { $awardid = $gift['id']; break; } } else { if ($rand > 0 && $rand <= $gift['probalilty']) { $awardid = $gift['id']; break; } } } $title = ''; $result['hasPrize'] = false; $result['message'] = '很遗憾,您没能中奖!'; $data = array('open_id' => $openid, 'status' => 0, 'createtime' => TIMESTAMP); $credit = array('award' => (empty($awardid) ? '未' : '') . '中奖', 'open_id' => $openid, 'status' => 3, 'description' => empty($awardid) ? $xc_zjp['misscredit'] : $xc_zjp['hitcredit'], 'createtime' => TIMESTAMP); if (!empty($awardid)) { $gift = mysqld_select("SELECT * FROM " . table('xc_zjp_award') . " WHERE id = '{$awardid}'"); if ($gift['total'] > 0) { $data['award'] = $gift['title']; $result['gift'] = $gift['title']; $result['giftimg'] = $gift['description']; $result['hasPrize'] = true; mysqld_query("UPDATE " . table('xc_zjp_award') . " SET total = total - 1 WHERE id = '{$awardid}'"); $data['description'] = ''; $result['message'] = '恭喜您,得到“' . $data['award'] . '”!' . $desss; $result['status'] = 0; } else { $credit['description'] = $xc_zjp['misscredit']; } $data['gifturl'] = $gift['description']; $data['description'] = $gift['title']; } if ($useCredit) { member_credit($openid, intval($xc_zjp['basenum']), 'usecredit', '抓奖品消费积分'); } if (empty($_SESSION['cachetime']) || $_SESSION['cachetime'] < time()) { $_SESSION['cachetime'] = time() + 3; mysqld_insert('xc_zjp_winner', $data); } $result['myaward'] = mysqld_selectall("SELECT * FROM " . table('xc_zjp_winner') . " WHERE open_id = '{$openid}' AND award <> '' ORDER BY createtime DESC"); $mycredit = mysqld_selectcolumn("SELECT SUM(description) FROM " . table('xc_zjp_winner') . " WHERE open_id = '{$openid}' AND award <> '' "); $result['credit'] = $mycredit; $result['credit'] = !empty($result['credit']) ? $result['credit'] : '0'; $vars = array(); $vars['message'] = $result; $vars['redirect'] = refresh(); $vars['type'] = 'ajax'; exit(json_encode($vars)); }
function cn_modify_bb_comm_delete($e, $t) { $user = member_get(); if (test('Mda') || test('Mds') && $user['name'] == $e['u']) { return str_replace('%cbox', '<input type="checkbox" name="comm_delete[]" value="' . intval($e['id']) . '" />', $t); } return ''; }
function dashboard_personal() { $member = member_get(); // Additional fields for user $personal_more = array('site' => array('name' => 'Personal site', 'type' => 'text'), 'about' => array('name' => 'About me', 'type' => 'textarea')); if (request_type('POST')) { cn_dsi_check(); $clause = ''; $any_changes = FALSE; list($editpassword, $confirmpassword, $editnickname, $edithidemail, $more) = GET('editpassword, confirmpassword, editnickname, edithidemail, more', 'POST'); $avatar_file = isset($_FILES['avatar_file']) ? $_FILES['avatar_file'] : null; if (!isset($member['nick']) && !empty($editnickname) || isset($member['nick']) && $member['nick'] !== $editnickname) { $any_changes = TRUE; } if (!isset($member['e-hide']) && !empty($edithidemail) || isset($member['e-hide']) && $member['e-hide'] !== $edithidemail) { $any_changes = TRUE; } if ($editpassword) { if ($editpassword === $confirmpassword) { $any_changes = TRUE; db_user_update($member['name'], "pass="******"Check your email."; cn_send_mail($member['email'], i18n("Password was changed"), $notification); } else { cn_throw_message('Password and confirm do not match', 'e'); } } // Update additional fields for personal data $o_more = base64_encode(serialize($member['more'])); $n_more = base64_encode(serialize($more)); if ($o_more !== $n_more) { $any_changes = TRUE; db_user_update($member['name'], "more=" . $n_more); } // Set an avatar if (!empty($avatar_file) && $avatar_file['error'] == 0) { $uploads_dir = getoption('uploads_dir'); if ($uploads_dir) { $file_name = 'avatar_' . $member['name'] . '_' . $avatar_file['name']; if (isset($member['avatar']) && $member['avatar'] != $file_name) { // remove old avatar unlink($uploads_dir . $member['avatar']); } move_uploaded_file($avatar_file['tmp_name'], $uploads_dir . $file_name); db_user_update($member['name'], "avatar=" . $file_name); $any_changes = TRUE; } } // Has changes? if ($any_changes) { db_user_update($member['name'], "nick={$editnickname}", "e-hide={$edithidemail}"); // Update & Get member from DB mcache_set('#member', NULL); $member = member_get(); cn_throw_message("User info updated! {$clause}"); } else { cn_throw_message("No changes", 'w'); } } $grp = getoption('#grp'); $acl_desc = $grp[$member['acl']]['N']; // Get info from personal data foreach ($personal_more as $name => $pdata) { if (isset($member['more'][$name])) { $personal_more[$name]['value'] = $member['more'][$name]; } } cn_assign('member, acl_write_news, acl_desc, personal_more', $member, test('Can'), $acl_desc, $personal_more); echoheader('-@dashboard/style.css', "Personal options"); echo exec_tpl('dashboard/personal'); echofooter(); }
function login_guest($keep_data = NULL, $username = NULL) { global $_SESS; cn_extrn_init(); // Logout if (isset($_GET['widget_personal_logout'])) { $_SESSION = array(); } // Send new data $_SESSION['.CSRF'] = md5(mt_rand()); if (!member_get()) { // Widget's login form echo proc_tpl('widgets/personal_login_form', "CSRF=" . $_SESSION['.CSRF'], 'KEEP=' . base64_encode(serialize($keep_data)), 'MSG=' . cn_front_msg_show('login', 'widget_personal_msg'), 'username='******'rememberme=' . (isset($_POST['cn_remember_me']) && !empty($_POST['cn_remember_me']) ? 'checked' : '')); } }
function add_news_invoke() { $FlatDB = new FlatDB(); // loadall list($article_type, $preview) = GET('postpone_draft, preview', 'GETPOST'); list($from_date_hour, $from_date_minutes, $from_date_seconds, $from_date_month, $from_date_day, $from_date_year) = GET('from_date_hour, from_date_minutes, from_date_seconds, from_date_month, from_date_day, from_date_year', 'GETPOST'); list($title, $page, $category, $short_story, $full_story, $if_use_html, $vConcat, $vTags, $faddm) = GET('title, page, category, short_story, full_story, if_use_html, concat, tags, faddm', 'GETPOST'); $categories = cn_get_categories(false); list($morefields) = cn_get_more_fields($faddm); $is_active_html = test('Csr'); // Prepare data to add new item if (request_type('POST')) { cn_dsi_check(); if (!preg_match("~^[0-9]{1,}\$~", $from_date_hour) or !preg_match("~^[0-9]{1,}\$~", $from_date_minutes) or !preg_match("~^[0-9]{1,}\$~", $from_date_seconds)) { cn_throw_message("You want to add article, but the hour format is invalid.", 'e'); } // create publish time $c_time = mktime($from_date_hour, $from_date_minutes, $from_date_seconds, $from_date_month, $from_date_day, $from_date_year); // flat category to array if ($category == '') { $category = array(); } elseif (!is_array($category)) { $category = array($category); } // article is draft? if ($article_type == 'draft') { $draft = 1; } else { $draft = 0; } $if_use_html = $if_use_html ? TRUE : (getoption('use_wysiwyg') ? TRUE : FALSE); // draft, if Behavior Draft is set if (test('Bd')) { $draft = 1; } // sanitize page name $page = preg_replace('/[^a-z0-9_\\.]/i', '-', $page); if (empty($page) && getoption('auto_news_alias')) { $page = strtolower(preg_replace('/[^a-z0-9_\\.]/i', '-', cn_transliterate($title))); } // basic news $member = member_get(); $entry = array(); $entry['id'] = $c_time; $entry['t'] = cn_htmlclear($title); $entry['u'] = $member['name']; $entry['c'] = news_make_category($category); $entry['s'] = cn_htmlclear($short_story); $entry['f'] = cn_htmlclear($full_story); $entry['ht'] = $if_use_html; $entry['st'] = $draft ? 'd' : ''; $entry['co'] = array(); // 0 comments $entry['cc'] = $vConcat ? TRUE : FALSE; $entry['tg'] = strip_tags($vTags); $entry['pg'] = $page; // Check page alias for exists if ($page && bt_get_id($page, 'pg_ts') && !$preview) { cn_throw_message('Page alias already exists', 'e'); } else { // Get latest id for news $latest_id = intval(bt_get_id('latest_id', 'conf')); $latest_id++; bt_set_id($latest_id, $c_time, 'nid_ts'); bt_set_id($c_time, $latest_id, 'nts_id'); bt_set_id('latest_id', $latest_id, 'conf'); // apply more field list($entry, $disallow_message) = cn_more_fields_apply($entry, $faddm); // has message from function if ($disallow_message) { cn_throw_message($disallow_message, 'e'); } } // ---- if (!$preview) { if (!getoption('disable_title') && empty($title)) { cn_throw_message('The title cannot be blank', 'e'); } if (getoption('news_title_max_long') && strlen($title) > getoption('news_title_max_long')) { cn_throw_message('The title cannon be greater then ' . getoption('news_title_max_long') . ' charecters', 'e'); } if (!getoption('disable_short') && empty($short_story)) { cn_throw_message('The story cannot be blank', 'e'); } // no errors in a[rticle] area if (cn_get_message('e', 'c') == 0) { // Add page alias bt_set_id($page, $c_time, 'pg_ts'); bt_set_id($c_time, $page, 'ts_pg'); $sc = $draft ? 'draft' : ''; $es = db_news_load(db_get_nloc($entry['id'])); // make unique id while (isset($es[$c_time])) { $c_time++; } // override ts $entry['id'] = $c_time; // add default group permission $member = member_get(); // add to database $es[$c_time] = $entry; // do save item db_save_news($es, db_get_nloc($c_time)); // add news to index db_index_add($c_time, $entry['c'], $member['id'], $sc); // ------------------------ $FlatDB->cn_update_date($c_time, 0); $FlatDB->cn_source_update($c_time, $draft ? 'D' : ''); $FlatDB->cn_add_categories($entry['c'], $c_time); $FlatDB->cn_add_tags($entry['tg'], $c_time); $FlatDB->cn_user_sync($entry['u'], $c_time); // ------------------------ // increase user count written news $cnt = intval($member['cnt']) + 1; db_user_update($member['name'], "cnt={$cnt}"); // do update meta-index db_index_update_overall($sc); // Notify for unapproved if (getoption('notify_unapproved') && test('Bd')) { cn_send_mail(getoption('notify_email'), i18n('CuteNews unapproved article was added'), "CuteNews - Unapproved article was added CuUnArWaAd", cn_replace_text(cn_get_template('notify_unapproved', 'mail'), '%username%, %article_title%', $member['name'], $title)); } $FlatDB->cache_clean(); // view in editor cn_relocation(PHP_SELF . '?mod=editnews&action=editnews&id=' . $c_time . '&m=added'); } } else { //correct preview links $preview_html = preg_replace('/href="(.*?)"/', 'href="#"', entry_make($entry, 'active')); $preview_html_full = preg_replace('/href="(.*?)"/', 'href="#"', entry_make($entry, 'full')); cn_assign('preview_html, preview_html_full, gstamp', $preview_html, $preview_html_full, $c_time); } } if (empty($category)) { $category = array(); } // ----------------------------------------------------------------------------------------------------------------- cn_assign('categories, vCategory, vTitle, vShort, vFull, is_active_html, vUseHtml, vConcat, vTags, morefields,vPage', $categories, $category, $title, $short_story, $full_story, $is_active_html, $if_use_html, $vConcat, $vTags, $morefields, $page); // --- echoheader("addedit@addedit/main.css", i18n("Add News")); echo exec_tpl('addedit/main'); echofooter(); }