public function actionUpdate() { is_admin(); @($ip_update_array = $_POST['select_ip']); if (!$ip_update_array) { header("Location:index.php?action=control_panel&subtab=ban_ip"); exit; } foreach ($ip_update_array as $_ip) { $this->_model->query(sprintf(parse_tbprefix("DELETE FROM <badip> WHERE ip = '%s'"), $_ip)); } header("Location:index.php?action=control_panel&subtab=ban_ip"); }
/** * Get specified config value * @param $name config name * @return mixed config value or NULL */ function getConfigVar($name) { global $db_url; $db = YDB::factory($db_url); $result = $db->queryAll(sprintf(parse_tbprefix("SELECT * FROM <sysvar> WHERE varname='%s'"), $db->escape_string($name))); $result = @$result[0]['varvalue']; if ($result) { return $result; } else { return null; } }
public function actionControl_panel() { global $gd_exist, $zip_support; is_admin(); $current_tab = 'overview'; $tabs_array = array('overview', 'siteset', 'message', 'ban_ip'); $tabs_name_array = array(t('ACP_OVERVIEW'), t('ACP_CONFSET'), t('ACP_MANAGE_POST'), t('ACP_MANAGE_IP')); if (isset($_GET['subtab'])) { if (in_array($_GET['subtab'], $tabs_array)) { $current_tab = $_GET['subtab']; } } $themes = get_all_themes(); $data = get_all_data(TRUE, false, TRUE, TRUE, false); $reply_data = $this->_model->queryAll(parse_tbprefix("SELECT * FROM <reply>")); $ban_ip_info = $this->_model->queryAll(parse_tbprefix("SELECT * FROM <badip>")); $nums = count($data); $reply_num = count($reply_data); if ($gd_exist) { $gd_info = gd_version(); $gd_version = $gd_info ? $gd_info : '<font color="red">' . t('UNKNOWN') . '</font>'; } else { $gd_version = '<font color="red">GD' . t('NOT_SUPPORT') . '</font>'; } $register_globals = ini_get("register_globals") ? 'On' : 'Off'; $magic_quotes_gpc = ini_get("magic_quotes_gpc") ? 'On' : 'Off'; $languages = get_all_langs(); $timezone_array = get_all_timezone(); $this->render('admin', array('tabs_array' => $tabs_array, 'current_tab' => $current_tab, 'tabs_name_array' => $tabs_name_array, 'nums' => $nums, 'reply_num' => $reply_num, 'gd_version' => $gd_version, 'register_globals' => $register_globals, 'magic_quotes_gpc' => $magic_quotes_gpc, 'zip_support' => $zip_support, 'themes' => $themes, 'timezone_array' => $timezone_array, 'languages' => $languages, 'data' => $data, 'ban_ip_info' => $ban_ip_info)); }
public function actionLogin() { global $API_CODE; $session_name = session_name(); if (isset($_SESSION['admin'])) { //若管理员已经登录 if (defined('API_MODE')) { $json_array = array('admin' => $_SESSION['admin'], 'session_name' => $session_name, 'session_value' => session_id()); die(function_exists('json_encode') ? json_encode($json_array) : CJSON::encode($json_array)); } header("Location:index.php?action=control_panel"); exit; } if (isset($_SESSION['user'])) { //若普通用户已经登录 if (defined('API_MODE')) { $json_array = array('user' => $_SESSION['user'], 'uid' => $_SESSION['uid'], 'session_name' => $session_name, 'session_value' => session_id()); die(function_exists('json_encode') ? json_encode($json_array) : CJSON::encode($json_array)); } header("Location:index.php"); exit; } //exit; if (isset($_REQUEST['user']) && isset($_REQUEST['password'])) { //若用户提交了登录表单 $user = $this->_model->escape_string($_REQUEST['user']); $password = $this->_model->escape_string($_REQUEST['password']); if ($user == ZFramework::app()->admin && $password == ZFramework::app()->password) { //若使用管理员帐户成功登录 $_SESSION['admin'] = $_REQUEST['user']; if (defined('API_MODE')) { $json_array = array('admin' => $_SESSION['admin'], 'session_name' => $session_name, 'session_value' => session_id()); die(function_exists('json_encode') ? json_encode($json_array) : CJSON::encode($json_array)); } header("Location:index.php?action=control_panel"); exit; } else { //使用普通用户登录 $user_result = $this->_model->queryAll(sprintf(parse_tbprefix("SELECT * FROM <user> WHERE username='******' AND password='******'"), $user, $password)); $user_result = @$user_result[0]; if ($user_result) { $_SESSION['user'] = $_REQUEST['user']; $_SESSION['uid'] = $user_result['uid']; if (defined('API_MODE')) { $json_array = array('user' => $_REQUEST['user'], 'uid' => $user_result['uid'], 'session_name' => $session_name, 'session_value' => session_id()); die(function_exists('json_encode') ? json_encode($json_array) : CJSON::encode($json_array)); } header("Location:index.php"); exit; } else { $errormsg = t('LOGIN_ERROR'); } } } if (defined('API_MODE')) { if (isset($errormsg)) { $error_array = array('error_code' => '403', 'error' => $API_CODE['403'], 'error_detail' => $errormsg); die(function_exists('json_encode') ? json_encode($error_array) : CJSON::encode($error_array)); } else { $error_array = array('error_code' => '401', 'error' => $API_CODE['401'], 'error_detail' => t('LOGIN_REQUIRED')); die(function_exists('json_encode') ? json_encode($error_array) : CJSON::encode($error_array)); } } include 'themes/' . ZFramework::app()->theme . '/templates/' . "login.php"; }
private function set_allowed_tags() { $this->_model->query(sprintf(parse_tbprefix("UPDATE <sysvar> SET varvalue='%s' WHERE varname='allowed_tags'"), $this->_model->escape_string($_POST['allowed_tags']))); }
public function actionDeleteAll() { is_admin(); $this->_model->query(parse_tbprefix("DELETE FROM <reply>")); header("location:index.php?action=control_panel&subtab=message"); }