<?php
/**
* 检查是否正确提交了表单
* @param $var 需要检查的变量
* @param $allowget 是否允许GET方式
* @param $seccodecheck 验证码检测是否开启
* @return 返回是否正确提交了表单
*/
function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0) {
if(empty($GLOBALS[$var])) {
return FALSE;
} else {
global $_SERVER, $seclevel, $seccode, $seccodedata, $seccodeverify, $secanswer, $_DCACHE, $_DCOOKIE, $timestamp, $discuz_uid;
if($allowget || ($_SERVER['REQUEST_METHOD'] == 'POST' && $GLOBALS['formhash'] == formhash() && (empty($_SERVER['HTTP_REFERER']) ||
preg_replace("/https?:\/\/([^\:\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])))) {
if($seccodecheck) {
if(!$seclevel) {
$key = $seccodedata['type'] != 3 ? '' : $_DCACHE['settings']['authkey'].date('Ymd');
list($seccode, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secc'], 'DECODE', $key));
if($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) {
showmessage('submit_seccode_invalid');
}
dsetcookie('secc', '', -86400 * 365);
} else {
$tmp = substr($seccode, 0, 1);
}
seccodeconvert($seccode);
if(strtoupper($seccodeverify) != $seccode) {
showmessage('submit_seccode_invalid');
}
$seclevel && $seccode = random(6, 1) + $tmp * 1000000;
}
if($secqaacheck) {
if(!$seclevel) {
list($seccode, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secq'], 'DECODE'));
if($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) {
showmessage('submit_secqaa_invalid');
}
dsetcookie('secq', '', -86400 * 365);
}
require_once DISCUZ_ROOT.'./forumdata/cache/cache_secqaa.php';
if(md5($secanswer) != $_DCACHE['secqaa'][substr($seccode, 0, 1)]['answer']) {
showmessage('submit_secqaa_invalid');
}
$seclevel && $seccode = random(1, 1) * 1000000 + substr($seccode, -6);
}
return TRUE;
} else {
showmessage('submit_invalid');
}
}
}
/**
* 解析模板
* @return 返回域名
*/
function template($file, $templateid = 0, $tpldir = '') {
global $inajax;
$file .= $inajax && ($file == 'header' || $file == 'footer') ? '_ajax' : '';
$tpldir = $tpldir ? $tpldir : TPLDIR;
$templateid = $templateid ? $templateid : TEMPLATEID;
$tplfile = DISCUZ_ROOT.'./'.$tpldir.'/'.$file.'.htm';
$objfile = DISCUZ_ROOT.'./forumdata/templates/'.$templateid.'_'.$file.'.tpl.php';
if($templateid != 1 && !file_exists($tplfile)) {
$tplfile = DISCUZ_ROOT.'./templates/default/'.$file.'.htm';
}
@checktplrefresh($tplfile, $tplfile, filemtime($objfile), $templateid, $tpldir);
return $objfile;
}
/**
* 如果cookie关闭使用GET方式传递sid
* @param $url - 地址
* @param $tag - 标记
* @param $wml - 取得sid的input
* @return 返回url
*/
function transsid($url, $tag = '', $wml = 0) {
global $sid;
$tag = stripslashes($tag);
if(!$tag || (!preg_match("/^(http:\/\/|mailto:|#|javascript)/i", $url) && !strpos($url, 'sid='))) {
if($pos = strpos($url, '#')) {
$urlret = substr($url, $pos);
$url = substr($url, 0, $pos);
} else {
$urlret = '';
}
$url .= (strpos($url, '?') ? ($wml ? '&' : '&') : '?').'sid='.$sid.$urlret;
}
return $tag.$url;
}
/**
* 显示主题分类
* @param $curtypeid - 当前被选择的类型id
* @return 返回的HTML数据
*/
function typeselect($curtypeid = 0, $special = '', $onchange = '', $modelid = 0) {
global $fid, $sid, $extra;
$onchange = $onchange ? $onchange : "οnchange=\"ajaxget('post.php?action=threadtypes&typeid='+this.options[this.selectedIndex].value+'&fid=$fid&sid=$sid', 'threadtypes', 'threadtypeswait')\"";
if($threadtypes = $GLOBALS['forum']['threadtypes']) {
$selecthtml = '';
foreach($threadtypes['types'] as $typeid => $name) {
if(!$special || $special == 'disabled' || !$threadtypes['special'][$typeid]) {
$typehtml = '<option value="'.$typeid.'" '.($curtypeid == $typeid ? 'selected="selected"' : '').' '.($threadtypes['special'][$typeid] ? 'class="special"' : '').'>'.strip_tags($name).'</option>';
$selecthtml .= $modelid ? ($threadtypes['modelid'][$typeid] == $modelid ? $typehtml : '') : $typehtml;
}
}
$html = $selecthtml ? '<select name="typeid" '.(!$special ? $onchange : '').'><option value="0"> </option>'.$selecthtml.'</select><span id="threadtypeswait"></span>'.($special === 'disabled' ? '<input type="hidden" name="typeid" value="'.$curtypeid.'" />' : '') : '';
return $html;
} else {
return '';
}
}
/**
* 更新积分
* @param $uids - 用户id数组
* @param $creditsarray - 积分数组
* @param $coef - 积分
* @param $extrasql - 扩展SQL
*/
function updatecredits($uids, $creditsarray, $coef = 1, $extrasql = '') {
if($uids && ((!empty($creditsarray) && is_array($creditsarray)) || $extrasql)) {
global $db, $tablepre;
$creditsadd = $comma = '';
foreach($creditsarray as $id => $addcredits) {
$creditsadd .= $comma.'extcredits'.$id.'=extcredits'.$id.'+('.intval($addcredits).')*('.$coef.')';
$comma = ', ';
}
if($creditsadd || $extrasql) {
$db->query("UPDATE {$tablepre}members SET $creditsadd ".($creditsadd && $extrasql ? ', ' : '')." $extrasql WHERE uid IN ('$uids')", 'UNBUFFERED');
}
}
}
/**
* 更新session
*/
function updatesession() {
if(!empty($GLOBALS['sessionupdated'])) {
return TRUE;
}
global $db, $tablepre, $sessionexists, $sessionupdated, $sid, $onlineip, $discuz_uid, $discuz_user, $timestamp, $lastactivity, $seccode,
$pvfrequence, $spageviews, $lastolupdate, $oltimespan, $onlinehold, $groupid, $styleid, $invisible, $discuz_action, $fid, $tid;
$fid = intval($fid);
$tid = intval($tid);
if($oltimespan && $discuz_uid && $lastactivity && $timestamp - ($lastolupdate ? $lastolupdate : $lastactivity) > $oltimespan * 60) {
$lastolupdate = $timestamp;
$db->query("UPDATE {$tablepre}onlinetime SET total=total+'$oltimespan', thismonth=thismonth+'$oltimespan', lastupdate='$timestamp' WHERE uid='$discuz_uid' AND lastupdate<='".($timestamp - $oltimespan * 60)."'");
if(!$db->affected_rows()) {
$db->query("INSERT INTO {$tablepre}onlinetime (uid, thismonth, total, lastupdate)
VALUES ('$discuz_uid', '$oltimespan', '$oltimespan', '$timestamp')", 'SILENT');
}
} else {
$lastolupdate = intval($lastolupdate);
}
if($sessionexists == 1) {
if($pvfrequence && $discuz_uid) {
if($spageviews >= $pvfrequence) {
$pageviewsadd = ', pageviews=\'0\'';
$db->query("UPDATE {$tablepre}members SET pageviews=pageviews+'$spageviews' WHERE uid='$discuz_uid'", 'UNBUFFERED');
} else {
$pageviewsadd = ', pageviews=pageviews+1';
}
} else {
$pageviewsadd = '';
}
$db->query("UPDATE {$tablepre}sessions SET uid='$discuz_uid', username='$discuz_user', groupid='$groupid', styleid='$styleid', invisible='$invisible', action='$discuz_action', lastactivity='$timestamp', lastolupdate='$lastolupdate', seccode='$seccode', fid='$fid', tid='$tid' $pageviewsadd WHERE sid='$sid'");
} else {
$ips = explode('.', $onlineip);
$db->query("DELETE FROM {$tablepre}sessions WHERE sid='$sid' OR lastactivity<($timestamp-$onlinehold) OR ('$discuz_uid'<>'0' AND uid='$discuz_uid') OR (uid='0' AND ip1='$ips[0]' AND ip2='$ips[1]' AND ip3='$ips[2]' AND ip4='$ips[3]' AND lastactivity>$timestamp-60)");
$db->query("INSERT INTO {$tablepre}sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, action, lastactivity, lastolupdate, seccode, fid, tid)
VALUES ('$sid', '$ips[0]', '$ips[1]', '$ips[2]', '$ips[3]', '$discuz_uid', '$discuz_user', '$groupid', '$styleid', '$invisible', '$discuz_action', '$timestamp', '$lastolupdate', '$seccode', '$fid', '$tid')", 'SILENT');
if($discuz_uid && $timestamp - $lastactivity > 21600) {
if($oltimespan && $timestamp - $lastactivity > 86400) {
$query = $db->query("SELECT total FROM {$tablepre}onlinetime WHERE uid='$discuz_uid'");
$oltimeadd = ', oltime='.round(intval($db->result($query, 0)) / 60);
} else {
$oltimeadd = '';
}
$db->query("UPDATE {$tablepre}members SET lastip='$onlineip', lastvisit=lastactivity, lastactivity='$timestamp' $oltimeadd WHERE uid='$discuz_uid'", 'UNBUFFERED');
}
}
$sessionupdated = 1;
}
/**
* 更新管理者状态
* @param $modacton - 动作
* @param $smcols - 执行次数
*/
function updatemodworks($modaction, $posts = 1) {
global $modworkstatus, $db, $tablepre, $discuz_uid, $timestamp, $_DCACHE;
$today = gmdate('Y-m-d', $timestamp + $_DCACHE['settings']['timeoffset'] * 3600);
if($modworkstatus && $modaction && $posts) {
$db->query("UPDATE {$tablepre}modworks SET count=count+1, posts=posts+'$posts' WHERE uid='$discuz_uid' AND modaction='$modaction' AND dateline='$today'");
if(!$db->affected_rows()) {
$db->query("INSERT INTO {$tablepre}modworks (uid, modaction, dateline, count, posts) VALUES ('$discuz_uid', '$modaction', '$today', 1, '$posts')");
}
}
}
/**
* 写日志
* @param $path 日志名称
* @param $log 日志
*/
function writelog($file, $log) {
global $timestamp, $_DCACHE;
$yearmonth = gmdate('Ym', $timestamp + $_DCACHE['settings']['timeoffset'] * 3600);
$logdir = DISCUZ_ROOT.'./forumdata/logs/';
$logfile = $logdir.$yearmonth.'_'.$file.'.php';
if(@filesize($logfile) > 2048000) {
$dir = opendir($logdir);
$length = strlen($file);
$maxid = $id = 0;
while($entry = readdir($dir)) {
if(strexists($entry, $yearmonth.'_'.$file)) {
$id = intval(substr($entry, $length + 8, -4));
$id > $maxid && $maxid = $id;
}
}
closedir($dir);
$logfilebak = $logdir.$yearmonth.'_'.$file.'_'.($maxid + 1).'.php';
@rename($logfile, $logfilebak);
}
if($fp = @fopen($logfile, 'a')) {
@flock($fp, 2);
$log = is_array($log) ? $log : array($log);
foreach($log as $tmp) {
fwrite($fp, "<?PHP exit;?>\t".str_replace(array('<?', '?>'), '', $tmp)."\n");
}
fclose($fp);
}
}
function wipespecial($str) {
return str_replace(array( "\n", "\r", '..'), array('', '', ''), $str);
}
function discuz_uc_avatar($uid, $size = '') {
return UC_API.'/avatar.php?uid='.$uid.'&size='.$size;
}
?>
扫一扫
367
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
