📄 misc.php
字号:
<?php
/*
[Discuz!] (C)2001-2009 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: misc.php 17261 2008-12-11 07:21:49Z liuqiang $
*/
define('NOROBOT', TRUE);
define('CURSCRIPT', 'misc');
require_once './include/common.inc.php';
require_once './include/post.func.php';
$feed = array();
if($action == 'maxpages') {
$pages = intval($pages);
if(empty($pages)) {
showmessage('undefined_action', NULL, 'HALTED');
} else {
showmessage('max_pages');
}
} elseif($action == 'nav') {
require_once DISCUZ_ROOT.'./include/forumselect.inc.php';
exit;
} elseif($action == 'customtopics') {
if(!submitcheck('keywordsubmit', 1)) {
if($_DCOOKIE['customkw']) {
$customkwlist = array();
foreach(@explode("\t", trim($_DCOOKIE['customkw'])) as $key => $keyword) {
$keyword = dhtmlspecialchars(trim(stripslashes($keyword)));
$customkwlist[$key]['keyword'] = $keyword;
$customkwlist[$key]['url'] = '<a href="topic.php?keyword='.rawurlencode($keyword).'" target="_blank">'.$keyword.'</a> ';
}
}
include template('customtopics');
} else {
if(!empty($delete) && is_array($delete)) {
$keywords = implode("\t", array_diff(explode("\t", $_DCOOKIE['customkw']), $delete));
} else {
$keywords = $_DCOOKIE['customkw'];
}
if($newkeyword = cutstr(dhtmlspecialchars(preg_replace("/[\s\|\t\,\'\<\>]/", '', $newkeyword)), 20)) {
if($_DCOOKIE['customkw']) {
if(!preg_match("/(^|\t)".preg_quote($newkeyword, '/')."($|\t)/i", $keywords)) {
if(count(explode("\t", $keywords)) >= $qihoo['maxtopics']) {
$keywords = substr($keywords, (strpos($keywords, "\t") + 1))."\t".$newkeyword;
} else {
$keywords .= "\t".$newkeyword;
}
}
} else {
$keywords = $newkeyword;
}
}
dsetcookie('customkw', stripslashes($keywords), 315360000);
showmessage('customtopics_updated', $indexname);
}
} elseif($action == 'attachcredit') {
if($formhash != FORMHASH) {
showmessage('undefined_action', NULL, 'HALTED');
}
$aid = intval($aid);
$attach = $db->fetch_first("SELECT tid FROM {$tablepre}attachments WHERE aid='$aid'");
$thread = $db->fetch_first("SELECT fid FROM {$tablepre}threads WHERE tid='$attach[tid]' AND displayorder>='0'");
$forum = $db->fetch_first("SELECT getattachcredits FROM {$tablepre}forumfields WHERE fid='$thread[fid]'");
$getattachcredits = $forum['getattachcredits'] ? unserialize($forum['getattachcredits']) : $creditspolicy['getattach'];
checklowerlimit($getattachcredits, -1);
updatecredits($discuz_uid, $getattachcredits, -1);
$ck = substr(md5($aid.$timestamp.md5($authkey)), 0, 8);
$key = md5($aid.md5($authkey).$timestamp);
$policymsgs = $p = '';
foreach($getattachcredits as $id => $policy) {
$policymsg .= $p.($extcredits[$id]['img'] ? $extcredits[$id]['img'].' ' : '').$extcredits[$id]['title'].' '.$policy.' '.$extcredits[$id]['unit'];
$p = ', ';
}
showmessage('attachment_credit', "attachment.php?aid=$aid&k=$key&t=$timestamp&ck=$ck");
} elseif($action == 'attachpay') {
$aid = intval($aid);
if(!$aid) {
showmessage('undefined_action', NULL, 'HALTED');
} elseif(!isset($extcredits[$creditstransextra[1]])) {
showmessage('credits_transaction_disabled');
} elseif(!$discuz_uid) {
showmessage('group_nopermission', NULL, 'NOPERM');
} else {
$attach = $db->fetch_first("SELECT a.tid, a.pid, a.uid, a.price, a.filename, a.description, a.readperm, m.username AS author FROM {$tablepre}attachments a LEFT JOIN {$tablepre}members m ON a.uid=m.uid WHERE a.aid='$aid'");
if($attach['price'] <= 0) {
showmessage('undefined_action', NULL, 'HALTED');
}
}
if($attach['readperm'] && $attach['readperm'] > $readaccess) {
showmessage('attachment_forum_nopermission', NULL, 'NOPERM');
}
if(($balance = ${'extcredits'.$creditstransextra[1]} - $attach['price']) < ($minbalance = 0)) {
showmessage('credits_balance_insufficient');
}
if($db->result_first("SELECT COUNT(*) FROM {$tablepre}attachpaymentlog WHERE aid='$aid' AND uid='$discuz_uid'")) {
showmessage('attachment_yetpay', "attachment.php?aid=$aid&k=".md5($aid.md5($authkey).$timestamp)."&t=$timestamp");
}
$discuz_action = 81;
$attach['netprice'] = round($attach['price'] * (1 - $creditstax));
if(!submitcheck('paysubmit')) {
include template('attachpay');
} else {
$updateauthor = 1;
if($maxincperthread > 0) {
if(($db->result_first("SELECT SUM(netamount) FROM {$tablepre}attachpaymentlog WHERE aid='$aid'")) > $maxincperthread) {
$updateauthor = 0;
}
}
if($updateauthor) {
$db->query("UPDATE {$tablepre}members SET extcredits$creditstransextra[1]=extcredits$creditstransextra[1]+$attach[netprice] WHERE uid='$attach[uid]'");
}
$db->query("UPDATE {$tablepre}members SET extcredits$creditstransextra[1]=extcredits$creditstransextra[1]-$attach[price] WHERE uid='$discuz_uid'");
$db->query("INSERT INTO {$tablepre}attachpaymentlog (uid, aid, authorid, dateline, amount, netamount)
VALUES ('$discuz_uid', '$aid', '$attach[uid]', '$timestamp', '$attach[price]', '$attach[netprice]')");
showmessage('attachment_buy', "attachment.php?aid=$aid&k=".md5($aid.md5($authkey).$timestamp)."&t=$timestamp");
}
} elseif($action == 'viewattachpayments') {
$discuz_action = 82;
$loglist = array();
$query = $db->query("SELECT a.*, m.username FROM {$tablepre}attachpaymentlog a
LEFT JOIN {$tablepre}members m USING (uid)
WHERE aid='$aid' ORDER BY dateline");
while($log = $db->fetch_array($query)) {
$log['dateline'] = dgmdate("$dateformat $timeformat", $log['dateline'] + $timeoffset * 3600);
$loglist[] = $log;
}
include template('attachpay_view');
} elseif($action == 'getonlines') {
$num = $db->result_first("SELECT COUNT(*) FROM {$tablepre}sessions", 0);
showmessage($num);
} elseif($action == 'swfupload') {
if($operation == 'config' && $discuz_uid) {
$swfhash = md5(substr(md5($_DCACHE['settings']['authkey']), 8).$discuz_uid);
include_once language('swfupload');
if($attachextensions !== '') {
$exts = explode(',', $attachextensions);
$attachextensions = str_replace(' ', '', '*.'.implode(',*.', $exts));
} else {
$attachextensions = '*.*';
}
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><parameter><allowsExtend><extend depict=\"All Support Formats \">$attachextensions</extend></allowsExtend><language>$xmllang</language><config><userid>$discuz_uid</userid><hash>$swfhash</hash><maxupload>$maxattachsize</maxupload></config></parameter>";
} elseif($operation == 'upload') {
$uid = $_POST['uid'];
$swfhash = md5(substr(md5($_DCACHE['settings']['authkey']), 8).$uid);
if(!$_FILES['Filedata']['error'] && $_POST['hash'] == $swfhash) {
require_once './include/post.func.php';
$attachments = attach_upload('Filedata', 1);
if($attachments) {
require_once DISCUZ_ROOT.'include/chinese.class.php';
$c = new Chinese('utf8', $charset);
$attach = $attachments[0];
$attach['name'] = htmlspecialchars(addslashes($c->Convert(urldecode($attach['name']))), ENT_QUOTES);
$db->query("INSERT INTO {$tablepre}attachments (tid, pid, dateline, readperm, price, filename, description, filetype, filesize, attachment, downloads, isimage, uid, thumb, remote, width)
VALUES ('0', '0', '$timestamp', '0', '0', '$attach[name]', '', '$attach[type]', '$attach[size]', '$attach[attachment]', '0', '$attach[isimage]', '$uid', '$attach[thumb]', '$attach[remote]', '$attach[width]')");
}
}
}
exit;
} elseif($action == 'imme_binding' && $discuz_uid) {
if(isemail($id)) {
$msn = $db->result_first("SELECT msn FROM {$tablepre}memberfields WHERE uid='$discuz_uid'");
$msn = explode("\t", $msn);
$id = dhtmlspecialchars(substr($id, 0, strpos($id, '@')));
$msn = "$msn[0]\t$id";
$db->query("UPDATE {$tablepre}memberfields SET msn='$msn' WHERE uid='$discuz_uid'");
showmessage('msn_binding_succeed', 'memcp.php');
} else {
if($result == 'Declined') {
dheader("Location: memcp.php");
} else {
showmessage($response['result']);
}
}
} elseif($action == 'imme_cancelbinding' && $discuz_uid) {
$msn = $db->result_first("SELECT msn FROM {$tablepre}memberfields WHERE uid='$discuz_uid'");
$msn = explode("\t", $msn);
$db->query("UPDATE {$tablepre}memberfields SET msn='$msn[0]' WHERE uid='$discuz_uid'");
dheader("Location: http://settings.messenger.live.com/applications/websettings.aspx");
} else {
if(empty($forum['allowview'])) {
if(!$forum['viewperm'] && !$readaccess) {
showmessage('group_nopermission', NULL, 'NOPERM');
} elseif($forum['viewperm'] && !forumperm($forum['viewperm'])) {
showmessage('forum_nopermission', NULL, 'NOPERM');
}
}
if($thread['readperm'] && $thread['readperm'] > $readaccess && !$forum['ismoderator'] && $thread['authorid'] != $discuz_uid) {
showmessage('thread_nopermission', NULL, 'NOPERM');
}
if($forum['password'] && $forum['password'] != $_DCOOKIE['fidpw'.$fid]) {
showmessage('forum_passwd', "forumdisplay.php?fid=$fid");
}
$thread = $db->fetch_first("SELECT * FROM {$tablepre}threads WHERE tid='$tid' AND displayorder>='0'");
if(!$thread) {
showmessage('thread_nonexistence');
}
if($forum['type'] == 'forum') {
$navigation = "» <a href=\"forumdisplay.php?fid=$fid\">$forum[name]</a> » <a href=\"viewthread.php?tid=$tid\">$thread[subject]</a> ";
$navtitle = strip_tags($forum['name']).' - '.$thread['subject'];
} elseif($forum['type'] == 'sub') {
$fup = $db->fetch_first("SELECT name, fid FROM {$tablepre}forums WHERE fid='$forum[fup]'");
$navigation = "» <a href=\"forumdisplay.php?fid=$fup[fid]\">$fup[name]</a> » <a href=\"forumdisplay.php?fid=$fid\">$forum[name]</a> » <a href=\"viewthread.php?tid=$tid\">$thread[subject]</a> ";
$navtitle = strip_tags($fup['name']).' - '.strip_tags($forum['name']).' - '.$thread['subject'];
}
}
if($action == 'votepoll' && submitcheck('pollsubmit', 1)) {
if(!$allowvote) {
showmessage('group_nopermission', NULL, 'NOPERM');
} elseif(!empty($thread['closed'])) {
showmessage('thread_poll_closed');
} elseif(empty($pollanswers)) {
showmessage('thread_poll_invalid');
}
$pollarray = $db->fetch_first("SELECT maxchoices, expiration FROM {$tablepre}polls WHERE tid='$tid'");
if(!$pollarray) {
showmessage('undefined_action', NULL, 'HALTED');
} elseif($pollarray['expiration'] && $pollarray['expiration'] < $timestamp) {
showmessage('poll_overdue');
} elseif($pollarray['maxchoices'] && $pollarray['maxchoices'] < count($pollanswers)) {
showmessage('poll_choose_most');
}
$voterids = $discuz_uid ? $discuz_uid : $onlineip;
$polloptionid = array();
$query = $db->query("SELECT polloptionid, voterids FROM {$tablepre}polloptions WHERE tid='$tid'");
while($pollarray = $db->fetch_array($query)) {
if(strexists("\t".$pollarray['voterids']."\t", "\t".$voterids."\t")) {
showmessage('thread_poll_voted');
}
$polloptionid[] = $pollarray['polloptionid'];
}
$polloptionids = '';
foreach($pollanswers as $key => $id) {
if(!in_array($id, $polloptionid)) {
showmessage('undefined_action', NULL, 'HALTED');
}
unset($polloptionid[$key]);
$polloptionids[] = $id;
}
$pollanswers = implode('\',\'', $polloptionids);
$db->query("UPDATE {$tablepre}polloptions SET votes=votes+1, voterids=CONCAT(voterids,'$voterids\t') WHERE polloptionid IN ('$pollanswers')", 'UNBUFFERED');
$db->query("UPDATE {$tablepre}threads SET lastpost='$timestamp' WHERE tid='$tid'", 'UNBUFFERED');
$db->query("REPLACE INTO {$tablepre}myposts (uid, tid, pid, position, dateline, special) VALUES ('$discuz_uid', '$tid', '', '', '$timestamp', '1')", 'UNBUFFERED');
updatecredits($discuz_uid, $creditspolicy['votepoll']);
if($customaddfeed & 4) {
$feed['icon'] = 'poll';
$feed['title_template'] = 'feed_thread_votepoll_title';
$feed['title_data'] = array(
'subject' => "<a href=\"{$boardurl}viewthread.php?tid=$tid\">$thread[subject]</a>",
'author' => "<a href=\"space.php?uid=$thread[authorid]\">$thread[author]</a>"
);
postfeed($feed);
}
$pid = $db->result_first("SELECT pid FROM {$tablepre}posts WHERE tid='$tid' AND first='1'");
if(!empty($inajax)) {
showmessage('thread_poll_succeed', "viewthread.php?tid=$tid&viewpid=$pid");
} else {
showmessage('thread_poll_succeed', "viewthread.php?tid=$tid");
}
} elseif($action == 'viewvote') {
require_once DISCUZ_ROOT.'./include/post.func.php';
$polloptionid = is_numeric($polloptionid) ? $polloptionid : '';
$overt = $db->result_first("SELECT overt FROM {$tablepre}polls WHERE tid='$tid'");
$polloptions = array();
$query = $db->query("SELECT polloptionid, polloption FROM {$tablepre}polloptions WHERE tid='$tid'");
while($options = $db->fetch_array($query)) {
if(empty($polloptionid)) {
$polloptionid = $options['polloptionid'];
}
$options['polloption'] = preg_replace("/\[url=(https?|ftp|gopher|news|telnet|rtsp|mms|callto|bctp|ed2k|thunder|synacast){1}:\/\/([^\[\"']+?)\](.+?)\[\/url\]/i",
"<a href=\"\\1://\\2\" target=\"_blank\">\\3</a>", $options['polloption']);
$polloptions[] = $options;
}
$arrvoterids = array();
if($overt || $adminid == 1) {
$voterids = '';
$voterids = $db->result_first("SELECT voterids FROM {$tablepre}polloptions WHERE polloptionid='$polloptionid'");
$arrvoterids = explode("\t", trim($voterids));
}
if(!empty($arrvoterids)) {
$arrvoterids = array_slice($arrvoterids, -100);
}
$voterlist = $voter = array();
if($voterids = implodeids($arrvoterids)) {
$query = $db->query("SELECT uid, username FROM {$tablepre}members WHERE uid IN ($voterids)");
while($voter = $db->fetch_array($query)) {
$voterlist[] = $voter;
}
}
include template('viewthread_poll_voters');
} elseif($action == 'emailfriend') {
$discuz_action = 122;
if(!submitcheck('sendsubmit')) {
$fromuid = $creditspolicy['promotion_visit'] && $discuz_uid ? '&fromuid='.$discuz_uid : '';
$threadurl = "{$boardurl}viewthread.php?tid=$tid$fromuid";
$subject = $db->result_first("SELECT subject FROM {$tablepre}threads WHERE tid='$tid'");
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -