memcp.php

速度很快的PHP论坛源程序

<?php

/*
	[DISCUZ!] memcp.php - members' control panel
	This is NOT a freeware, use is subject to license terms

	Version: 4.0.0
	Web: http://www.comsenz.com
	Copyright: 2001-2005 Comsenz Technology Ltd.
	Last Modified: 2004/12/19 09:26
*/

require_once './include/common.inc.php';

$discuz_action = 7;
$avatarextarray = array('gif', 'jpg', 'png');

if(!$discuz_uid) {
	showmessage('not_loggedin', NULL, 'HALTED');
}

if(!isset($action)) {

	$validating = array();
	if($regverify == 2 && $groupid == 8) {
		$query = $db->query("SELECT * FROM {$tablepre}validating WHERE uid='$discuz_uid'");
		if($validating = $db->fetch_array($query)) {
			$validating['moddate'] = $validating['moddate'] ? gmdate("$dateformat $timeformat", $validating['moddate'] + $timeoffset * 3600) : 0;
			$validating['adminenc'] = rawurlencode($validating['admin']);
		}
	}

	$query = $db->query("SELECT avatar, avatarwidth, avatarheight FROM {$tablepre}memberfields WHERE uid='$discuz_uid'");
	$avatar = $db->fetch_array($query);

	$buddyonline = $buddyoffline = array();
	$query = $db->query("SELECT b.buddyid AS uid, m.username, s.username AS onlineuser FROM {$tablepre}buddys b
				LEFT JOIN {$tablepre}members m ON m.uid=b.buddyid
				LEFT JOIN {$tablepre}sessions s ON s.uid=m.uid
				WHERE b.uid='$discuz_uid'");
	while($buddy = $db->fetch_array($query)) {
		$buddyuser = array('uid' => $buddy['uid'], 'username' => ($buddy['username'] ? $buddy['username'] : 'User was Deleted'));
		if($buddy['onlineuser']) {
			$buddyonline[] = $buddyuser;
		} else {
			$buddyoffline[] = $buddyuser;
		}
	}

	$avatar = $avatar ? "<img src=\"$avatar[avatar]\" width=\"$avatar[avatarwidth]\" height=\"$avatar[avatarheight]\" border=\"0\">" : '&nbsp;';

	$msgexists = 0;
	$msglist = array();
	$query = $db->query("SELECT * FROM {$tablepre}pms WHERE msgtoid='$discuz_uid' AND folder='inbox' ORDER BY dateline DESC LIMIT 0, 5");
	while($message = $db->fetch_array($query)) {
		$msgexists = 1;
		$message['dateline'] = gmdate("$dateformat $timeformat", $message['dateline'] + $timeoffset * 3600);
		$message['subject'] = $message['new'] ? "<b>$message[subject]</b>" : $message['subject'];

		$msglist[] = $message;
	}

	$subsexists = 0;
	$subslist = array();
	$query = $db->query("SELECT t.tid, t.fid, t.subject, t.replies, t.lastpost, t.lastposter, f.name
		FROM {$tablepre}subscriptions s, {$tablepre}threads t, {$tablepre}forums f
		WHERE t.tid=s.tid AND t.displayorder>='0' AND f.fid=t.fid AND s.uid='$discuz_uid' ORDER BY t.lastpost DESC LIMIT 5");

	while($subs = $db->fetch_array($query)) {
		$subsexists = 1;
		$subs['lastposterenc'] = rawurlencode($subs['lastposter']);
		$subs['lastpost'] = gmdate("$dateformat $timeformat", $subs['lastpost'] + $timeoffset * 3600);

		$subslist[] = $subs;
	}

	include template('memcp_home');

} elseif($action == 'profile') {

	require_once DISCUZ_ROOT.'./forumdata/cache/cache_profilefields.php';

	if(!submitcheck('editsubmit')) {

		$query = $db->query("SELECT * FROM {$tablepre}members m
			LEFT JOIN {$tablepre}memberfields mf ON mf.uid=m.uid
			WHERE m.uid='$discuz_uid'");

		$member = $db->fetch_array($query);

		$enctype = $allowavatar == 3 ? 'enctype="multipart/form-data"' : NULL;
		$invisiblechecked = $member['invisible'] ? 'checked' : '';
		$emailchecked = $member['showemail'] ? 'checked' : '';
		$newschecked = $member['newsletter'] ? 'checked' : '';
		$tppchecked = array($member['tpp'] => 'selected="selected"');
		$pppchecked = array($member['ppp'] => 'selected="selected"');
		$toselect = array(strval((float)$member['timeoffset']) => 'selected="selected"');
		$pscheck = array(intval($member['pmsound']) => 'checked');

		if($member['gender'] == 1) {
			$checkmale = 'checked';
		} elseif($member['gender'] == 2) {
			$checkfemale = 'checked';
		} else {
			$checkunknown = 'checked';
		}

		$styleselect = '';
		$query = $db->query("SELECT styleid, name FROM {$tablepre}styles WHERE available='1'");
		while($style = $db->fetch_array($query)) {
			$styleselect .= "<option value=\"$style[styleid]\" ".
				($style['styleid'] == $member['styleid'] ? 'selected="selected"' : NULL).
				">$style[name]</option>\n";
		}

		$bday = explode('-', $member['bday']);
		$bday[0] = $bday[0] == '0000' ? '' : $bday[0];
		$month = array(intval($bday[1]) => "selected=\"selected\"");

		for($num = 1; $num <= 31; $num++) {
			$dayselect .= "<option value=\"$num\" ".($bday[2] == $num ? 'selected="selected"' : NULL).">$num</option>\n";
		}

		if(substr(trim($member['avatar']), 0, 14) == 'customavatars/' && !file_exists(DISCUZ_ROOT.'./'.$member['avatar'])) {
			$db->query("UPDATE {$tablepre}memberfields SET avatar='', avatarwidth='0', avatarheight='0' WHERE uid='$discuz_uid'");
			$member['avatar'] = '';
		}

		$member['dateformat'] = str_replace('n', 'mm', $member['dateformat']);
		$member['dateformat'] = str_replace('j', 'dd', $member['dateformat']);
		$member['dateformat'] = str_replace('y', 'yy', $member['dateformat']);
		$member['dateformat'] = str_replace('Y', 'yyyy', $member['dateformat']);

		$tfcheck = array($member['timeformat'] => 'checked');
		$dfcheck = $member['dateformat'] ? array(1 => 'checked') : array(0 => 'checked');

		include template('memcp_profile');

	} else {

		require_once DISCUZ_ROOT.'./include/discuzcode.func.php';
		include_once DISCUZ_ROOT.'./forumdata/cache/cache_bbcodes.php';

		if($newpassword) {
			if(md5($oldpassword) != $discuz_pw) {
				showmessage('profile_passwd_wrong', NULL, 'HALTED');
			} elseif(!$newpassword || $newpassword != addslashes($newpassword)) {
				showmessage('profile_passwd_illegal');
			}
			$newpassword = md5($newpassword);
			$newpasswdadd = ", password='$newpassword'";
		} else {
			$newpasswdadd = '';
		}

		$secquesnew = $questionidnew == -1 ? $discuz_secques : quescrypt($questionidnew, $answernew);
		if(($adminid == 1 || $adminid == 2 || $adminid == 3) && !$secquesnew) {
			showmessage('profile_admin_security_invalid');
		}

		$fieldadd = '';
		foreach(array_merge($_DCACHE['fields_required'], $_DCACHE['fields_optional']) as $field) {
			$field_key = 'field_'.$field['fieldid'];
			$field_val = trim(${'field_'.$field['fieldid'].'new'});
			if($field['required'] && $field_val == '') {
				showmessage('profile_required_info_invalid');
			} elseif($field['selective'] && $field_val != '' && !isset($field['choices'][$field_val])) {
				showmessage('undefined_action', NULL, 'HALTED');
			} else {
				$fieldadd .= ", $field_key='".dhtmlspecialchars($field_val)."'";
			}
		}

		if(!isemail($emailnew)) {
			showmessage('profile_email_illegal');
		}

		if($maxsigsize && strlen($signaturenew) > $maxsigsize) {
			showmessage('profile_sig_toolang');
		}

		if($allowavatar == 2 || $allowavatar == 3) {
			if($allowavatar == 3) {
				if(disuploadedfile($HTTP_POST_FILES['customavatar']['tmp_name']) && $HTTP_POST_FILES['customavatar']['tmp_name'] != 'none' && $HTTP_POST_FILES['customavatar']['tmp_name'] && trim($HTTP_POST_FILES['customavatar']['name'])) {
					$HTTP_POST_FILES['customavatar']['name'] = daddslashes($HTTP_POST_FILES['customavatar']['name']);
					$avatarext = strtolower(fileext($HTTP_POST_FILES['customavatar']['name']));
					if(!in_array($avatarext, $avatarextarray)) {
						showmessage('profile_avatar_invalid');
					}
					$avatarnew = 'customavatars/'.$discuz_uid.'.'.$avatarext;
					$avatartarget = DISCUZ_ROOT.'./'.$avatarnew;
					if(!@copy($HTTP_POST_FILES['customavatar']['tmp_name'], $avatartarget)) {
						@move_uploaded_file($HTTP_POST_FILES['customavatar']['tmp_name'], $avatartarget);
					}
					$avatarimagesize = @getimagesize($avatartarget);

					if(!$avatarimagesize || ($maxavatarsize && @filesize($avatartarget) > $maxavatarsize)) {
						@unlink($avatartarget);
						showmessage($avatarimagesize ? 'profile_avatar_toobig' : 'profile_avatar_invalid');
					}
					foreach($avatarextarray as $ext) {
						if($ext != $avatarext) {
							@unlink(DISCUZ_ROOT.'./customavatars/'.$discuz_uid.'.'.$ext);
						}
					}
				}
			}
			$avatarnew = dhtmlspecialchars(trim($avatarnew));
			$avatarext = strtolower(fileext($avatarnew));

			if($avatarnew) {
				if(!preg_match("/^((customavatars\/\d+\.[a-z]+)|(images\/avatars\/.+?)|(http:\/\/.+?))$/i", $avatarnew)
					|| !in_array($avatarext, $avatarextarray)) {
					showmessage('profile_avatar_invalid');
				}
				if($avatarwidthnew == '*' || $avatarheightnew == '*') {
					$avatarwidthnew = $avatarheightnew = round(2 * $maxavatarpixel / 3);
					@list($avatarwidthnew, $avatarheightnew) = $avatarimagesize ? $avatarimagesize : getimagesize($avatarnew);
				}
				$maxsize = max($avatarwidthnew, $avatarheightnew);
				if($maxsize > $maxavatarpixel) {
					$avatarwidthnew = $avatarwidthnew * $maxavatarpixel / $maxsize;
					$avatarheightnew = $avatarheightnew * $maxavatarpixel / $maxsize;
				}
			}
			$avataradd = ", avatar='$avatarnew', avatarwidth='$avatarwidthnew', avatarheight='$avatarheightnew'";
		} else {
			$avataradd = '';
		}

		if(!is_numeric($icqnew) || strlen($icqnew) < 5 || strlen($icqnew) > 15) {
			$icqnew = '';
		}

		$yahoonew = dhtmlspecialchars($yahoonew);
		$qqnew = dhtmlspecialchars($qqnew);
		$emailnew = dhtmlspecialchars($emailnew);
		$bdaynew = dhtmlspecialchars($bdaynew);

		$sitenew = trim(str_replace('http://', '', $sitenew));
		$sitenew = $sitenew ? dhtmlspecialchars('http://'.$sitenew) : '';

		$signaturenew = censor($signaturenew);
		$sigstatusnew = $signaturenew ? 1 : 0;

		$bionew = censor(dhtmlspecialchars($bionew));

		$bdaynew = ($month && $day && $year) ? "$year-$month-$day" : '';

		if($dateformatnew) {
			$dateformatnew = str_replace('mm', 'n', $cdateformatnew);
			$dateformatnew = str_replace('dd', 'j', $dateformatnew);
			$dateformatnew = str_replace('yyyy', 'Y', $dateformatnew);
			$dateformatnew = str_replace('yy', 'y', $dateformatnew);