本文共 9411 字,大约阅读时间需要 31 分钟。
<?php
/** * 检查是否正确提交了表单 * @param $var 需要检查的变量 * @param $allowget 是否允许GET方式 * @param $seccodecheck 验证码检测是否开启 * @return 返回是否正确提交了表单 */ function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0) { if(empty($GLOBALS[$var])) { return FALSE; } else { global $_SERVER, $seclevel, $seccode, $seccodedata, $seccodeverify, $secanswer, $_DCACHE, $_DCOOKIE, $timestamp, $discuz_uid; if($allowget || ($_SERVER['REQUEST_METHOD'] == 'POST' && $GLOBALS['formhash'] == formhash() && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\/\/([^\:\/]+).*/i", "", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\:]+).*/", "", $_SERVER['HTTP_HOST'])))) { if($seccodecheck) { if(!$seclevel) { $key = $seccodedata['type'] != 3 ? '' : $_DCACHE['settings']['authkey'].date('Ymd'); list($seccode, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secc'], 'DECODE', $key)); if($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) { showmessage('submit_seccode_invalid'); } dsetcookie('secc', '', -86400 * 365); } else { $tmp = substr($seccode, 0, 1); } seccodeconvert($seccode); if(strtoupper($seccodeverify) != $seccode) { showmessage('submit_seccode_invalid'); } $seclevel && $seccode = random(6, 1) + $tmp * 1000000; } if($secqaacheck) { if(!$seclevel) { list($seccode, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secq'], 'DECODE')); if($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) { showmessage('submit_secqaa_invalid'); } dsetcookie('secq', '', -86400 * 365); } require_once DISCUZ_ROOT.'./forumdata/cache/cache_secqaa.php'; if(md5($secanswer) != $_DCACHE['secqaa'][substr($seccode, 0, 1)]['answer']) { showmessage('submit_secqaa_invalid'); } $seclevel && $seccode = random(1, 1) * 1000000 + substr($seccode, -6); } return TRUE; } else { showmessage('submit_invalid'); } } }/**
* 解析模板 * @return 返回域名 */ function template($file, $templateid = 0, $tpldir = '') { global $inajax; $file .= $inajax && ($file == 'header' || $file == 'footer') ? '_ajax' : ''; $tpldir = $tpldir ? $tpldir : TPLDIR; $templateid = $templateid ? $templateid : TEMPLATEID;$tplfile = DISCUZ_ROOT.'./'.$tpldir.'/'.$file.'.htm';
$objfile = DISCUZ_ROOT.'./forumdata/templates/'.$templateid.'_'.$file.'.tpl.php'; if($templateid != 1 && !file_exists($tplfile)) { $tplfile = DISCUZ_ROOT.'./templates/default/'.$file.'.htm'; } @checktplrefresh($tplfile, $tplfile, filemtime($objfile), $templateid, $tpldir);return $objfile;
}/**
* 如果cookie关闭使用GET方式传递sid * @param $url - 地址 * @param $tag - 标记 * @param $wml - 取得sid的input * @return 返回url */ function transsid($url, $tag = '', $wml = 0) { global $sid; $tag = stripslashes($tag); if(!$tag || (!preg_match("/^(http:\/\/|mailto:|#|javascript)/i", $url) && !strpos($url, 'sid='))) { if($pos = strpos($url, '#')) { $urlret = substr($url, $pos); $url = substr($url, 0, $pos); } else { $urlret = ''; } $url .= (strpos($url, '?') ? ($wml ? '&' : '&') : '?').'sid='.$sid.$urlret; } return $tag.$url; }/**
* 显示主题分类 * @param $curtypeid - 当前被选择的类型id * @return 返回的HTML数据 */ function typeselect($curtypeid = 0, $special = '', $onchange = '', $modelid = 0) { global $fid, $sid, $extra; $onchange = $onchange ? $onchange : "οnchange=\"ajaxget('post.php?action=threadtypes&typeid='+this.options[this.selectedIndex].value+'&fid=$fid&sid=$sid', 'threadtypes', 'threadtypeswait')\""; if($threadtypes = $GLOBALS['forum']['threadtypes']) { $selecthtml = ''; foreach($threadtypes['types'] as $typeid => $name) { if(!$special || $special == 'disabled' || !$threadtypes['special'][$typeid]) { $typehtml = '<option value="'.$typeid.'" '.($curtypeid == $typeid ? 'selected="selected"' : '').' '.($threadtypes['special'][$typeid] ? 'class="special"' : '').'>'.strip_tags($name).'</option>'; $selecthtml .= $modelid ? ($threadtypes['modelid'][$typeid] == $modelid ? $typehtml : '') : $typehtml; } } $html = $selecthtml ? '<select name="typeid" '.(!$special ? $onchange : '').'><option value="0"> </option>'.$selecthtml.'</select><span id="threadtypeswait"></span>'.($special === 'disabled' ? '<input type="hidden" name="typeid" value="'.$curtypeid.'" />' : '') : ''; return $html; } else { return ''; } }/**
* 更新积分 * @param $uids - 用户id数组 * @param $creditsarray - 积分数组 * @param $coef - 积分 * @param $extrasql - 扩展SQL */ function updatecredits($uids, $creditsarray, $coef = 1, $extrasql = '') { if($uids && ((!empty($creditsarray) && is_array($creditsarray)) || $extrasql)) { global $db, $tablepre; $creditsadd = $comma = ''; foreach($creditsarray as $id => $addcredits) { $creditsadd .= $comma.'extcredits'.$id.'=extcredits'.$id.'+('.intval($addcredits).')*('.$coef.')'; $comma = ', '; }if($creditsadd || $extrasql) {
$db->query("UPDATE {$tablepre}members SET $creditsadd ".($creditsadd && $extrasql ? ', ' : '')." $extrasql WHERE uid IN ('$uids')", 'UNBUFFERED'); } } }/**
* 更新session */ function updatesession() { if(!empty($GLOBALS['sessionupdated'])) { return TRUE; }global $db, $tablepre, $sessionexists, $sessionupdated, $sid, $onlineip, $discuz_uid, $discuz_user, $timestamp, $lastactivity, $seccode,
$pvfrequence, $spageviews, $lastolupdate, $oltimespan, $onlinehold, $groupid, $styleid, $invisible, $discuz_action, $fid, $tid;$fid = intval($fid);
$tid = intval($tid);if($oltimespan && $discuz_uid && $lastactivity && $timestamp - ($lastolupdate ? $lastolupdate : $lastactivity) > $oltimespan * 60) {
$lastolupdate = $timestamp; $db->query("UPDATE {$tablepre}onlinetime SET total=total+'$oltimespan', thismonth=thismonth+'$oltimespan', lastupdate='$timestamp' WHERE uid='$discuz_uid' AND lastupdate<='".($timestamp - $oltimespan * 60)."'"); if(!$db->affected_rows()) { $db->query("INSERT INTO {$tablepre}onlinetime (uid, thismonth, total, lastupdate) VALUES ('$discuz_uid', '$oltimespan', '$oltimespan', '$timestamp')", 'SILENT'); } } else { $lastolupdate = intval($lastolupdate); }if($sessionexists == 1) {
if($pvfrequence && $discuz_uid) { if($spageviews >= $pvfrequence) { $pageviewsadd = ', pageviews=\'0\''; $db->query("UPDATE {$tablepre}members SET pageviews=pageviews+'$spageviews' WHERE uid='$discuz_uid'", 'UNBUFFERED'); } else { $pageviewsadd = ', pageviews=pageviews+1'; } } else { $pageviewsadd = ''; } $db->query("UPDATE {$tablepre}sessions SET uid='$discuz_uid', username='$discuz_user', groupid='$groupid', styleid='$styleid', invisible='$invisible', action='$discuz_action', lastactivity='$timestamp', lastolupdate='$lastolupdate', seccode='$seccode', fid='$fid', tid='$tid' $pageviewsadd WHERE sid='$sid'"); } else { $ips = explode('.', $onlineip);$db->query("DELETE FROM {$tablepre}sessions WHERE sid='$sid' OR lastactivity<($timestamp-$onlinehold) OR ('$discuz_uid'<>'0' AND uid='$discuz_uid') OR (uid='0' AND ip1='$ips[0]' AND ip2='$ips[1]' AND ip3='$ips[2]' AND ip4='$ips[3]' AND lastactivity>$timestamp-60)");
$db->query("INSERT INTO {$tablepre}sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, action, lastactivity, lastolupdate, seccode, fid, tid) VALUES ('$sid', '$ips[0]', '$ips[1]', '$ips[2]', '$ips[3]', '$discuz_uid', '$discuz_user', '$groupid', '$styleid', '$invisible', '$discuz_action', '$timestamp', '$lastolupdate', '$seccode', '$fid', '$tid')", 'SILENT'); if($discuz_uid && $timestamp - $lastactivity > 21600) { if($oltimespan && $timestamp - $lastactivity > 86400) { $query = $db->query("SELECT total FROM {$tablepre}onlinetime WHERE uid='$discuz_uid'"); $oltimeadd = ', oltime='.round(intval($db->result($query, 0)) / 60); } else { $oltimeadd = ''; } $db->query("UPDATE {$tablepre}members SET lastip='$onlineip', lastvisit=lastactivity, lastactivity='$timestamp' $oltimeadd WHERE uid='$discuz_uid'", 'UNBUFFERED'); } }$sessionupdated = 1;
} /** * 更新管理者状态 * @param $modacton - 动作 * @param $smcols - 执行次数 */ function updatemodworks($modaction, $posts = 1) { global $modworkstatus, $db, $tablepre, $discuz_uid, $timestamp, $_DCACHE; $today = gmdate('Y-m-d', $timestamp + $_DCACHE['settings']['timeoffset'] * 3600); if($modworkstatus && $modaction && $posts) { $db->query("UPDATE {$tablepre}modworks SET count=count+1, posts=posts+'$posts' WHERE uid='$discuz_uid' AND modaction='$modaction' AND dateline='$today'"); if(!$db->affected_rows()) { $db->query("INSERT INTO {$tablepre}modworks (uid, modaction, dateline, count, posts) VALUES ('$discuz_uid', '$modaction', '$today', 1, '$posts')"); } } }/**
* 写日志 * @param $path 日志名称 * @param $log 日志 */ function writelog($file, $log) { global $timestamp, $_DCACHE; $yearmonth = gmdate('Ym', $timestamp + $_DCACHE['settings']['timeoffset'] * 3600); $logdir = DISCUZ_ROOT.'./forumdata/logs/'; $logfile = $logdir.$yearmonth.'_'.$file.'.php'; if(@filesize($logfile) > 2048000) { $dir = opendir($logdir); $length = strlen($file); $maxid = $id = 0; while($entry = readdir($dir)) { if(strexists($entry, $yearmonth.'_'.$file)) { $id = intval(substr($entry, $length + 8, -4)); $id > $maxid && $maxid = $id; } } closedir($dir);$logfilebak = $logdir.$yearmonth.'_'.$file.'_'.($maxid + 1).'.php';
@rename($logfile, $logfilebak); } if($fp = @fopen($logfile, 'a')) { @flock($fp, 2); $log = is_array($log) ? $log : array($log); foreach($log as $tmp) { fwrite($fp, "<?PHP exit;?>\t".str_replace(array('<?', '?>'), '', $tmp)."\n"); } fclose($fp); } }function wipespecial($str) {
return str_replace(array( "\n", "\r", '..'), array('', '', ''), $str); }function discuz_uc_avatar($uid, $size = '') {
return UC_API.'/avatar.php?uid='.$uid.'&size='.$size; }?>
转载地址:http://nuzli.baihongyu.com/