DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
Browse Source

修复安全问题,调整目录

tags/6.0.2
tianya 3 years ago
parent
cfadff8c52
commit
2446934d31
47 changed files with 153 additions and 1174 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +75
    -138
      src/dede/catalog_do.php
  2. +68
    -107
      src/dede/file_class.php
  3. +0
    -5
      src/include/taglib/help/memberinfos.txt
  4. +0
    -62
      src/include/taglib/memberinfos.lib.php
  5. +10
    -21
      src/member/ajax_loginsta.php
  6. +0
    -98
      src/plus/guestbook.php
  7. +0
    -73
      src/plus/guestbook/edit.inc.php
  8. +0
    -38
      src/plus/guestbook/guestbook.inc.php
  9. BIN
      src/plus/guestbook/images/01.gif
  10. BIN
      src/plus/guestbook/images/02.gif
  11. BIN
      src/plus/guestbook/images/03.gif
  12. BIN
      src/plus/guestbook/images/04.gif
  13. BIN
      src/plus/guestbook/images/05.gif
  14. BIN
      src/plus/guestbook/images/06.gif
  15. BIN
      src/plus/guestbook/images/07.gif
  16. BIN
      src/plus/guestbook/images/08.gif
  17. BIN
      src/plus/guestbook/images/09.gif
  18. BIN
      src/plus/guestbook/images/10.gif
  19. BIN
      src/plus/guestbook/images/11.gif
  20. BIN
      src/plus/guestbook/images/12.gif
  21. BIN
      src/plus/guestbook/images/13.gif
  22. BIN
      src/plus/guestbook/images/14.gif
  23. BIN
      src/plus/guestbook/images/15.gif
  24. BIN
      src/plus/guestbook/images/16.gif
  25. BIN
      src/plus/guestbook/images/17.gif
  26. BIN
      src/plus/guestbook/images/18.gif
  27. BIN
      src/plus/guestbook/images/19.gif
  28. BIN
      src/plus/guestbook/images/20.gif
  29. BIN
      src/plus/guestbook/images/21.gif
  30. BIN
      src/plus/guestbook/images/22.gif
  31. BIN
      src/plus/guestbook/images/23.gif
  32. BIN
      src/plus/guestbook/images/24.gif
  33. BIN
      src/plus/guestbook/images/botright.gif
  34. BIN
      src/plus/guestbook/images/bottop.gif
  35. +0
    -69
      src/plus/guestbook/images/css.css
  36. BIN
      src/plus/guestbook/images/dedebanner.gif
  37. BIN
      src/plus/guestbook/images/del.gif
  38. BIN
      src/plus/guestbook/images/home.gif
  39. BIN
      src/plus/guestbook/images/ip.gif
  40. BIN
      src/plus/guestbook/images/mail.gif
  41. BIN
      src/plus/guestbook/images/quote.gif
  42. BIN
      src/plus/guestbook/images/time.gif
  43. +0
    -137
      src/templets/plus/guestbook-admin.htm
  44. +0
    -170
      src/templets/plus/guestbook-user.htm
  45. +0
    -226
      src/templets/plus/guestbook.htm
  46. +0
    -28
      src/templets/system/memberinfos.htm
  47. +0
    -2
      src/templets/templet-pluslist.inc

+ 75
- 138
src/dede/catalog_do.php View File

@@ -1,4 +1,5 @@
<?php
/**
* 栏目操作
*
@@ -8,10 +9,9 @@
* @license https://www.dedebiz.com/license
* @link https://www.dedebiz.com
*/
require_once(dirname(__FILE__).'/config.php');
if(empty($dopost))
{
ShowMsg("对不起,请指定栏目参数!","catalog_main.php");
require_once(dirname(__FILE__) . '/config.php');
if (empty($dopost)) {
ShowMsg("对不起,请指定栏目参数!", "catalog_main.php");
exit();
}
$cid = empty($cid) ? 0 : intval($cid);
@@ -22,28 +22,22 @@ $channelid = empty($channelid) ? 0 : intval($channelid);
//增加文档
function addArchives();
---------------------------*/
if($dopost=="addArchives")
{
if ($dopost == "addArchives") {
//默认文章调用发布表单
if(empty($cid) && empty($channelid))
{
if (empty($cid) && empty($channelid)) {
header("location:article_add.php");
exit();
}
if(!empty($channelid))
{
if (!empty($channelid)) {
//根据模型调用发布表单
$row = $dsql->GetOne("SELECT addcon FROM #@__channeltype WHERE id='$channelid'");
}
else
{
} else {
//根据栏目调用发布表单
$row = $dsql->GetOne("SELECT ch.addcon FROM `#@__arctype` tp LEFT JOIN `#@__channeltype` ch ON ch.id=tp.channeltype WHERE tp.id='$cid' ");
}
$gurl = $row["addcon"];
if($gurl=="")
{
ShowMsg("对不起,你指的栏目可能有误!","catalog_main.php");
if ($gurl == "") {
ShowMsg("对不起,你指的栏目可能有误!", "catalog_main.php");
exit();
}
@@ -54,188 +48,146 @@ if($dopost=="addArchives")
/*--------------------------
//管理文档
function listArchives();
---------------------------*/
else if($dopost=="listArchives")
{
if(!empty($gurl))
{
if(empty($arcrank))
{
---------------------------*/ else if ($dopost == "listArchives") {
if (!empty($gurl)) {
if (empty($arcrank)) {
$arcrank = '';
}
$gurl = str_replace('..','',$gurl);
$gurl = str_replace('..', '', $gurl);
header("location:{$gurl}?arcrank={$arcrank}&cid={$cid}");
exit();
}
if($cid>0)
{
if ($cid > 0) {
$row = $dsql->GetOne("SELECT #@__arctype.typename,#@__channeltype.typename AS channelname,#@__channeltype.id,#@__channeltype.mancon FROM #@__arctype LEFT JOIN #@__channeltype on #@__channeltype.id=#@__arctype.channeltype WHERE #@__arctype.id='$cid'");
$gurl = $row["mancon"];
$channelid = $row["id"];
$typename = $row["typename"];
$channelname = $row["channelname"];
if($gurl=="")
{
ShowMsg("对不起,你指的栏目可能有误!","catalog_main.php");
if ($gurl == "") {
ShowMsg("对不起,你指的栏目可能有误!", "catalog_main.php");
exit();
}
}
else if($channelid>0)
{
} else if ($channelid > 0) {
$row = $dsql->GetOne("SELECT typename,id,mancon FROM #@__channeltype WHERE id='$channelid'");
$gurl = $row["mancon"];
$channelid = $row["id"];
$typename = "";
$channelname = $row["typename"];
}
if(empty($gurl)) $gurl = 'content_list.php';
if (empty($gurl)) $gurl = 'content_list.php';
header("location:{$gurl}?channelid={$channelid}&cid={$cid}");
exit();
}
/*--------------------------
//浏览通用模板目录
function viewTempletDir();
---------------------------*/
else if($dopost=="viewTemplet")
{
header("location:tpl.php?path=/".$cfg_df_style);
exit();
}
/*--------------------------
//留言簿管理
function GoGuestBook();
---------------------------*/
else if($dopost=="guestbook")
{
ShowMsg("正在跳转到留言本&gt;&gt;", "{$cfg_phpurl}/guestbook.php?gotopagerank=admin");
---------------------------*/ else if ($dopost == "viewTemplet") {
header("location:tpl.php?path=/" . $cfg_df_style);
exit();
}
/*------------------------
浏览单个页面的栏目
function ViewSgPage()
------------------------*/
else if($dopost=="viewSgPage")
{
require_once(DEDEINC."/arc.listview.class.php");
------------------------*/ else if ($dopost == "viewSgPage") {
require_once(DEDEINC . "/arc.listview.class.php");
$lv = new ListView($cid);
$pageurl = $lv->MakeHtml();
ShowMsg("更新缓冲,请稍后...",$pageurl);
ShowMsg("更新缓冲,请稍后...", $pageurl);
exit();
}
/*------------------------
更改栏目排列顺序
function upRank()
------------------------*/
else if($dopost=="upRank")
{
------------------------*/ else if ($dopost == "upRank") {
//检查权限许可
CheckPurview('t_Edit,t_AccEdit');
//检查栏目操作许可
CheckCatalog($cid,"你无权更改本栏目!");
CheckCatalog($cid, "你无权更改本栏目!");
$row = $dsql->GetOne("SELECT reid,sortrank FROM #@__arctype WHERE id='$cid'");
$reid = $row['reid'];
$sortrank = $row['sortrank'];
$row = $dsql->GetOne("SELECT sortrank FROM #@__arctype WHERE sortrank<=$sortrank AND reid=$reid ORDER BY sortrank DESC ");
if(is_array($row))
{
$sortrank = $row['sortrank']-1;
if (is_array($row)) {
$sortrank = $row['sortrank'] - 1;
$dsql->ExecuteNoneQuery("UPDATE #@__arctype SET sortrank='$sortrank' WHERE id='$cid'");
}
UpDateCatCache();
ShowMsg("操作成功,返回目录...","catalog_main.php");
ShowMsg("操作成功,返回目录...", "catalog_main.php");
exit();
}
else if($dopost=="upRankAll")
{
} else if ($dopost == "upRankAll") {
//检查权限许可
CheckPurview('t_Edit');
$row = $dsql->GetOne("SELECT id FROM #@__arctype ORDER BY id DESC");
if(is_array($row))
{
if (is_array($row)) {
$maxID = $row['id'];
for($i=1;$i<=$maxID;$i++)
{
if(isset(${'sortrank'.$i}))
{
$dsql->ExecuteNoneQuery("UPDATE #@__arctype SET sortrank='".(${'sortrank'.$i})."' WHERE id='{$i}';");
for ($i = 1; $i <= $maxID; $i++) {
if (isset(${'sortrank' . $i})) {
$dsql->ExecuteNoneQuery("UPDATE #@__arctype SET sortrank='" . (${'sortrank' . $i}) . "' WHERE id='{$i}';");
}
}
}
UpDateCatCache();
ShowMsg("操作成功,正在返回...","catalog_main.php");
ShowMsg("操作成功,正在返回...", "catalog_main.php");
exit();
}
/*--------------------------
//更新栏目缓存
function UpCatlogCache();
---------------------------*/
else if($dopost=="upcatcache")
{
---------------------------*/ else if ($dopost == "upcatcache") {
UpDateCatCache();
$sql = " TRUNCATE TABLE `#@__arctiny`";
$dsql->ExecuteNoneQuery($sql);
//导入普通模型微数据
$sql = "INSERT INTO `#@__arctiny`(id, typeid, typeid2, arcrank, channel, senddate, sortrank, mid)
SELECT id, typeid, typeid2, arcrank, channel, senddate, sortrank, mid FROM `#@__archives` ";
$dsql->ExecuteNoneQuery($sql);
//导入单表模型微数据
$dsql->SetQuery("SELECT id,addtable FROM `#@__channeltype` WHERE id < -1 ");
$dsql->Execute();
$doarray = array();
while($row = $dsql->GetArray())
{
while ($row = $dsql->GetArray()) {
$tb = str_replace('#@__', $cfg_dbprefix, $row['addtable']);
if(empty($tb) || isset($doarray[$tb]) )
{
if (empty($tb) || isset($doarray[$tb])) {
continue;
}
else
{
} else {
$sql = "INSERT INTO `#@__arctiny`(id, typeid, typeid2, arcrank, channel, senddate, sortrank, mid)
SELECT aid, typeid, 0, arcrank, channel, senddate, 0, mid FROM `$tb` ";
$rs = $dsql->executenonequery($sql);
$rs = $dsql->executenonequery($sql);
$doarray[$tb] = 1;
}
}
ShowMsg("操作成功,正在返回...","catalog_main.php");
ShowMsg("操作成功,正在返回...", "catalog_main.php");
exit();
}
/*---------------------
获取JS文件
function GetJs
----------------------*/
else if($dopost=="GetJs")
{
----------------------*/ else if ($dopost == "GetJs") {
header("location:makehtml_js.php");
exit();
}
/*-----------
获得子类的内容
function GetSunListsMenu();
-----------*/
else if($dopost=="GetSunListsMenu")
{
-----------*/ else if ($dopost == "GetSunListsMenu") {
$userChannel = $cuserLogin->getUserChannel();
require_once(DEDEINC."/typeunit.class.menu.php");
require_once(DEDEINC . "/typeunit.class.menu.php");
AjaxHead();
PutCookie('lastCidMenu',$cid,3600*24,"/");
PutCookie('lastCidMenu', $cid, 3600 * 24, "/");
$tu = new TypeUnit($userChannel);
$tu->LogicListAllSunType($cid," ");
$tu->LogicListAllSunType($cid, " ");
}
/*-----------
获得子类的内容
function GetSunLists();
-----------*/
else if($dopost=="GetSunLists")
{
require_once(DEDEINC."/typeunit.class.admin.php");
-----------*/ else if ($dopost == "GetSunLists") {
require_once(DEDEINC . "/typeunit.class.admin.php");
AjaxHead();
PutCookie('lastCid', $cid, 3600*24, "/");
PutCookie('lastCid', $cid, 3600 * 24, "/");
$tu = new TypeUnit();
$tu->dsql = $dsql;
echo " <table width='100%' border='0' cellspacing='0' cellpadding='0'>\r\n";
@@ -246,23 +198,19 @@ else if($dopost=="GetSunLists")
/*----------------
合并栏目
function unitCatalog() { }
-----------------*/
else if($dopost == 'unitCatalog')
{
-----------------*/ else if ($dopost == 'unitCatalog') {
CheckPurview('t_Move');
require_once(DEDEINC.'/oxwindow.class.php');
require_once(DEDEINC.'/typelink.class.php');
require_once(DEDEINC.'/channelunit.func.php');
if(empty($nextjob))
{
require_once(DEDEINC . '/oxwindow.class.php');
require_once(DEDEINC . '/typelink.class.php');
require_once(DEDEINC . '/channelunit.func.php');
if (empty($nextjob)) {
$typeid = isset($typeid) ? intval($typeid) : 0;
$row = $dsql->GetOne("SELECT COUNT(*) AS dd FROM `#@__arctype` WHERE reid='$typeid' ");
$tl = new TypeLink($typeid);
$typename = $tl->TypeInfos['typename'];
$reid = $tl->TypeInfos['reid'];
$channelid = $tl->TypeInfos['channeltype'];
if(!empty($row['dd']))
{
if (!empty($row['dd'])) {
ShowMsg("栏目: $typename($typeid) 有子栏目,不能进行合并操作!", '-1');
exit();
}
@@ -282,21 +230,17 @@ else if($dopost == 'unitCatalog')
$winform = $win->GetWindow('ok');
$win->Display();
exit();
}
else
{
if($typeid==$unittype)
{
} else {
if ($typeid == $unittype) {
ShowMsg("同一栏目无法合并,请后退重试!", '-1');
exit();
}
if(IsParent($unittype, $typeid))
{
if (IsParent($unittype, $typeid)) {
ShowMsg('不能从父类合并到子类!', 'catalog_main.php');
exit();
}
$row = $dsql->GetOne("SELECT addtable FROM `#@__channeltype` WHERE id='$channelid' ");
$addtable = (empty($row['addtable']) ? '#@__addonarticle' : $row['addtable'] );
$addtable = (empty($row['addtable']) ? '#@__addonarticle' : $row['addtable']);
$dsql->ExecuteNoneQuery("UPDATE `#@__arctiny` SET typeid='$unittype' WHERE typeid='$typeid' ");
$dsql->ExecuteNoneQuery("UPDATE `#@__feedback` SET typeid='$unittype' WHERE typeid='$typeid' ");
$dsql->ExecuteNoneQuery("UPDATE `#@__archives` SET typeid='$unittype' WHERE typeid='$typeid' ");
@@ -312,20 +256,17 @@ else if($dopost == 'unitCatalog')
/*----------------
移动栏目
function moveCatalog() { }
-----------------*/
else if($dopost == 'moveCatalog')
{
-----------------*/ else if ($dopost == 'moveCatalog') {
CheckPurview('t_Move');
require_once(DEDEINC.'/oxwindow.class.php');
require_once(DEDEINC.'/typelink.class.php');
require_once(DEDEINC.'/channelunit.func.php');
if(empty($nextjob))
{
require_once(DEDEINC . '/oxwindow.class.php');
require_once(DEDEINC . '/typelink.class.php');
require_once(DEDEINC . '/channelunit.func.php');
if (empty($nextjob)) {
$tl = new TypeLink($typeid);
$typename = $tl->TypeInfos['typename'];
$reid = $tl->TypeInfos['reid'];
$channelid = $tl->TypeInfos['channeltype'];
$typeOptions = $tl->GetOptionArray(0,0,$channelid);
$typeOptions = $tl->GetOptionArray(0, 0, $channelid);
$wintitle = "移动栏目";
$wecome_info = "<a href='catalog_main.php'>栏目管理</a> &gt;&gt; 移动栏目";
$win = new OxWindow();
@@ -335,22 +276,18 @@ else if($dopost == 'moveCatalog')
$win->AddHidden('channelid', $channelid);
$win->AddHidden('nextjob', 'unitok');
$win->AddTitle("移动目录时不会删除原来已创建的列表,移动后需重新对栏目创建HTML。");
$win->AddItem('你选择的栏目是:',"$typename($typeid)");
$win->AddItem('你希望移动到那个栏目?',"<select name='movetype'>\r\n<option value='0'>移动为顶级栏目</option>\r\n$typeOptions\r\n</select>");
$win->AddItem('注意事项:','不允许从父级移动到子级目录,只允许子级到更高级或同级或不同父级的情况。');
$win->AddItem('你选择的栏目是:', "$typename($typeid)");
$win->AddItem('你希望移动到那个栏目?', "<select name='movetype'>\r\n<option value='0'>移动为顶级栏目</option>\r\n$typeOptions\r\n</select>");
$win->AddItem('注意事项:', '不允许从父级移动到子级目录,只允许子级到更高级或同级或不同父级的情况。');
$winform = $win->GetWindow('ok');
$win->Display();
exit();
}
else
{
if($typeid==$movetype)
{
} else {
if ($typeid == $movetype) {
ShowMsg('移对对象和目标位置相同!', 'catalog_main.php');
exit();
}
if(IsParent($movetype, $typeid))
{
if (IsParent($movetype, $typeid)) {
ShowMsg('不能从父类移动到子类!', 'catalog_main.php');
exit();
}
@@ -359,4 +296,4 @@ else if($dopost == 'moveCatalog')
ShowMsg('成功移动目录!', 'catalog_main.php');
exit();
}
}
}

+ 68
- 107
src/dede/file_class.php View File

@@ -1,4 +1,4 @@
<?php if(!defined('DEDEINC')) exit('dedecms');
<?php if (!defined('DEDEINC')) exit('dedecms');
/**
* 文件管理逻辑类
*
@@ -10,12 +10,12 @@
*/
class FileManagement
{
var $baseDir="";
var $activeDir="";
var $baseDir = "";
var $activeDir = "";
//是否允许文件管理器删除目录;
//默认为不允许 0 ,如果希望可能管理整个目录,请把值设为 1 ;
var $allowDeleteDir=0;
var $allowDeleteDir = 0;
//初始化系统
function Init()
@@ -26,15 +26,14 @@ class FileManagement
}
//更改文件名
function RenameFile($oldname,$newname)
function RenameFile($oldname, $newname)
{
$oldname = $this->baseDir.$this->activeDir."/".$oldname;
$newname = $this->baseDir.$this->activeDir."/".$newname;
if(($newname!=$oldname) && is_writable($oldname))
{
rename($oldname,$newname);
$oldname = $this->baseDir . $this->activeDir . "/" . $oldname;
$newname = $this->baseDir . $this->activeDir . "/" . $newname;
if (($newname != $oldname) && is_writable($oldname)) {
rename($oldname, $newname);
}
ShowMsg("成功更改一个文件名!","file_manage_main.php?activepath=".$this->activeDir);
ShowMsg("成功更改一个文件名!", "file_manage_main.php?activepath=" . $this->activeDir);
return 0;
}
@@ -42,17 +41,14 @@ class FileManagement
function NewDir($dirname)
{
$newdir = $dirname;
$dirname = $this->baseDir.$this->activeDir."/".$dirname;
if(is_writable($this->baseDir.$this->activeDir))
{
MkdirAll($dirname,$GLOBALS['cfg_dir_purview']);
$dirname = $this->baseDir . $this->activeDir . "/" . $dirname;
if (is_writable($this->baseDir . $this->activeDir)) {
MkdirAll($dirname, $GLOBALS['cfg_dir_purview']);
CloseFtp();
ShowMsg("成功创建一个新目录!","file_manage_main.php?activepath=".$this->activeDir."/".$newdir);
ShowMsg("成功创建一个新目录!", "file_manage_main.php?activepath=" . $this->activeDir . "/" . $newdir);
return 1;
}
else
{
ShowMsg("创建新目录失败,因为这个位置不允许写入!","file_manage_main.php?activepath=".$this->activeDir);
} else {
ShowMsg("创建新目录失败,因为这个位置不允许写入!", "file_manage_main.php?activepath=" . $this->activeDir);
return 0;
}
}
@@ -67,41 +63,31 @@ class FileManagement
*/
function MoveFile($mfile, $mpath)
{
if($mpath!="" && !preg_match("#\.\.#", $mpath))
{
$oldfile = $this->baseDir.$this->activeDir."/$mfile";
$mpath = str_replace("\\","/",$mpath);
if ($mpath != "" && !preg_match("#\.\.#", $mpath)) {
$oldfile = $this->baseDir . $this->activeDir . "/$mfile";
$mpath = str_replace("\\", "/", $mpath);
$mpath = preg_replace("#\/{1,}#", "/", $mpath);
if(!preg_match("#^/#", $mpath))
{
$mpath = $this->activeDir."/".$mpath;
if (!preg_match("#^/#", $mpath)) {
$mpath = $this->activeDir . "/" . $mpath;
}
$truepath = $this->baseDir.$mpath;
if(is_readable($oldfile) && is_readable($truepath) && is_writable($truepath))
{
if(is_dir($truepath))
{
copy($oldfile, $truepath."/$mfile");
}
else
{
$truepath = $this->baseDir . $mpath;
if (is_readable($oldfile) && is_readable($truepath) && is_writable($truepath)) {
if (is_dir($truepath)) {
copy($oldfile, $truepath . "/$mfile");
} else {
MkdirAll($truepath, $GLOBALS['cfg_dir_purview']);
CloseFtp();
copy($oldfile,$truepath."/$mfile");
copy($oldfile, $truepath . "/$mfile");
}
unlink($oldfile);
ShowMsg("成功移动文件!","file_manage_main.php?activepath=$mpath",0,1000);
ShowMsg("成功移动文件!", "file_manage_main.php?activepath=$mpath", 0, 1000);
return 1;
}
else
{
ShowMsg("移动文件 $oldfile -&gt; $truepath/$mfile 失败,可能是某个位置权限不足!","file_manage_main.php?activepath=$mpath",0,1000);
} else {
ShowMsg("移动文件 $oldfile -&gt; $truepath/$mfile 失败,可能是某个位置权限不足!", "file_manage_main.php?activepath=$mpath", 0, 1000);
return 0;
}
}
else
{
ShowMsg("对不起,你移动的路径不合法!","-1",0,5000);
} else {
ShowMsg("对不起,你移动的路径不合法!", "-1", 0, 5000);
return 0;
}
}
@@ -113,23 +99,16 @@ class FileManagement
*/
function RmDirFiles($indir)
{
if(!is_dir($indir))
{
return ;
if (!is_dir($indir)) {
return;
}
$dh = dir($indir);
while($filename = $dh->read())
{
if($filename == "." || $filename == "..")
{
while ($filename = $dh->read()) {
if ($filename == "." || $filename == "..") {
continue;
}
else if(is_file("$indir/$filename"))
{
} else if (is_file("$indir/$filename")) {
@unlink("$indir/$filename");
}
else
{
} else {
$this->RmDirFiles("$indir/$filename");
}
}
@@ -147,19 +126,13 @@ class FileManagement
function GetMatchFiles($indir, $fileexp, &$filearr)
{
$dh = dir($indir);
while($filename = $dh->read())
{
$truefile = $indir.'/'.$filename;
if($filename == "." || $filename == "..")
{
while ($filename = $dh->read()) {
$truefile = $indir . '/' . $filename;
if ($filename == "." || $filename == "..") {
continue;
}
else if(is_dir($truefile))
{
} else if (is_dir($truefile)) {
$this->GetMatchFiles($truefile, $fileexp, $filearr);
}
else if(preg_match("/\.(".$fileexp.")/i",$filename))
{
} else if (substr($filename, -strlen($fileexp)) === $fileexp) {
$filearr[] = $truefile;
}
}
@@ -174,26 +147,21 @@ class FileManagement
*/
function DeleteFile($filename)
{
$filename = $this->baseDir.$this->activeDir."/$filename";
if(is_file($filename))
{
@unlink($filename); $t="文件";
}
else
{
$filename = $this->baseDir . $this->activeDir . "/$filename";
if (is_file($filename)) {
@unlink($filename);
$t = "文件";
} else {
$t = "目录";
if($this->allowDeleteDir==1)
{
if ($this->allowDeleteDir == 1) {
$this->RmDirFiles($filename);
} else
{
} else {
// 完善用户体验,by:sumic
ShowMsg("系统禁止删除".$t."!","file_manage_main.php?activepath=".$this->activeDir);
ShowMsg("系统禁止删除" . $t . "!", "file_manage_main.php?activepath=" . $this->activeDir);
exit;
}
}
ShowMsg("成功删除一个".$t."!","file_manage_main.php?activepath=".$this->activeDir);
ShowMsg("成功删除一个" . $t . "!", "file_manage_main.php?activepath=" . $this->activeDir);
return 0;
}
}
@@ -201,22 +169,17 @@ class FileManagement
//目录文件大小检测类
class SpaceUse
{
var $totalsize=0;
var $totalsize = 0;
function checksize($indir)
{
$dh=dir($indir);
while($filename=$dh->read())
{
if(!preg_match("#^\.#", $filename))
{
if(is_dir("$indir/$filename"))
{
$dh = dir($indir);
while ($filename = $dh->read()) {
if (!preg_match("#^\.#", $filename)) {
if (is_dir("$indir/$filename")) {
$this->checksize("$indir/$filename");
}
else
{
$this->totalsize=$this->totalsize + filesize("$indir/$filename");
} else {
$this->totalsize = $this->totalsize + filesize("$indir/$filename");
}
}
}
@@ -224,24 +187,22 @@ class SpaceUse
function setkb($size)
{
$size=$size/1024;
$size = $size / 1024;
if($size>0)
{
list($t1,$t2)=explode(".",$size);
$size=$t1.".".substr($t2,0,1);
if ($size > 0) {
list($t1, $t2) = explode(".", $size);
$size = $t1 . "." . substr($t2, 0, 1);
}
return $size;
}
function setmb($size)
{
$size=$size/1024/1024;
if($size>0)
{
list($t1,$t2)=explode(".",$size);
$size=$t1.".".substr($t2,0,2);
$size = $size / 1024 / 1024;
if ($size > 0) {
list($t1, $t2) = explode(".", $size);
$size = $t1 . "." . substr($t2, 0, 2);
}
return $size;
}
}
}

+ 0
- 5
src/include/taglib/help/memberinfos.txt View File

@@ -1,5 +0,0 @@
文档关连的用户信息
>>dede>>
{dede:memberinfos /}
>>dede>>
无属性,支持 innertext

+ 0
- 62
src/include/taglib/memberinfos.lib.php View File

@@ -1,62 +0,0 @@
<?php
if(!defined('DEDEINC'))
{
exit("Request Error!");
}
/**
* 文档关连的用户信息
*
* @version $Id: memberinfos.lib.php 1 9:29 2010年7月6日Z tianya $
* @package DedeCMS.Taglib
* @copyright Copyright (c) 2020, DedeBIZ.COM
* @license https://www.dedebiz.com/license
* @link https://www.dedebiz.com
*/
function lib_memberinfos(&$ctag,&$refObj)
{
global $dsql,$sqlCt;
$attlist="mid|0";
FillAttsDefault($ctag->CAttribute->Items,$attlist);
extract($ctag->CAttribute->Items, EXTR_SKIP);
if(empty($mid))
{
if(!empty($refObj->Fields['mid'])) $mid = $refObj->Fields['mid'];
else $mid = 1;
}
else
{
$mid = intval($mid);
}
$revalue = '';
$innerText = trim($ctag->GetInnerText());
if(empty($innerText)) $innerText = GetSysTemplets('memberinfos.htm');
$sql = "SELECT mb.*,ms.spacename,ms.sign,ar.membername as rankname FROM `#@__member` mb
LEFT JOIN `#@__member_space` ms ON ms.mid = mb.mid
LEFT JOIN `#@__arcrank` ar ON ar.rank = mb.rank
WHERE mb.mid='{$mid}' LIMIT 0,1 ";
$ctp = new DedeTagParse();
$ctp->SetNameSpace('field','[',']');
$ctp->LoadSource($innerText);
$dsql->Execute('mb',$sql);
while($row = $dsql->GetArray('mb'))
{
if($row['matt']==10) return '';
$row['spaceurl'] = $GLOBALS['cfg_basehost'].'/member/index.php?uid='.$row['userid'];
if(empty($row['face'])) {
$row['face']=($row['sex']=='女')? $GLOBALS['cfg_memberurl'].'/templets/images/dfgirl.png' : $GLOBALS['cfg_memberurl'].'/templets/images/dfboy.png';
}
foreach($ctp->CTags as $tagid=>$ctag)
{
if(isset($row[$ctag->GetName()])){ $ctp->Assign($tagid,$row[$ctag->GetName()]); }
}
$revalue .= $ctp->GetResult();
}
return $revalue;
}

+ 10
- 21
src/member/ajax_loginsta.php View File

@@ -1,4 +1,5 @@
<?php
/**
* @version $Id: ajax_loginsta.php 1 8:38 2010年7月9日Z tianya $
* @package DedeCMS.Member
@@ -8,14 +9,13 @@
*/
define('AJAXLOGIN', TRUE);
require_once(dirname(__FILE__)."/config.php");
require_once(dirname(__FILE__) . "/config.php");
AjaxHead();
$format = isset($format)? "json" : "";
$format = isset($format) ? "json" : "";
if(!$cfg_ml->IsLogin())
{
if (!$cfg_ml->IsLogin()) {
if ($format === 'json') {
echo json_encode(array(
"code" => -1,
@@ -30,8 +30,8 @@ if(!$cfg_ml->IsLogin())
$uid = $cfg_ml->M_LoginID;
!$cfg_ml->fields['face'] && $face = ($cfg_ml->fields['sex'] == '女')? 'dfgirl' : 'dfboy';
$facepic = empty($face)? $cfg_ml->fields['face'] : $GLOBALS['cfg_memberurl'].'/templets/images/'.$face.'.png';
!$cfg_ml->fields['face'] && $face = ($cfg_ml->fields['sex'] == '女') ? 'dfgirl' : 'dfboy';
$facepic = empty($face) ? $cfg_ml->fields['face'] : $GLOBALS['cfg_memberurl'] . '/templets/images/' . $face . '.png';
if ($format === 'json') {
echo json_encode(array(
@@ -50,22 +50,11 @@ if ($format === 'json') {
<div class="userinfo">
<div class="welcome">你好:<strong><?php echo $cfg_ml->M_UserName; ?></strong>,欢迎登录 </div>
<div class="userface">
<a href="<?php echo $cfg_memberurl; ?>/index.php"><img src="<?php echo $facepic;?>" width="52" height="52" /></a>
</div>
<div class="mylink">
<ul>
<li><a href="<?php echo $cfg_memberurl; ?>/guestbook_admin.php">我的留言</a></li>
<li><a href="<?php echo $cfg_memberurl; ?>/mystow.php">我的收藏</a></li>
<li><a href="<?php echo $cfg_memberurl; ?>/article_add.php">发表文章</a></li>
<li><a href="<?php echo $cfg_memberurl; ?>/myfriend.php">好友管理</a></li>
<li><a href="<?php echo $cfg_memberurl; ?>/visit-history.php">访客记录</a></li>
<li><a href="<?php echo $cfg_memberurl; ?>/search.php">查找好友</a></li>
</ul>
<a href="<?php echo $cfg_memberurl; ?>/index.php"><img src="<?php echo $facepic; ?>" width="52" height="52" /></a>
</div>
<div class="uclink">
<a href="<?php echo $cfg_memberurl; ?>/index.php">会员中心</a> |
<a href="<?php echo $cfg_memberurl; ?>/edit_fullinfo.php">资料</a> |
<a href="<?php echo $myurl;?>">空间</a> |
<a href="<?php echo $cfg_memberurl; ?>/index_do.php?fmdo=login&dopost=exit">退出登录</a>
<a href="<?php echo $cfg_memberurl; ?>/index.php">会员中心</a> |
<a href="<?php echo $cfg_memberurl; ?>/edit_fullinfo.php">资料</a> |
<a href="<?php echo $cfg_memberurl; ?>/index_do.php?fmdo=login&dopost=exit">退出登录</a>
</div>
</div><!-- /userinfo -->

+ 0
- 98
src/plus/guestbook.php View File

@@ -1,98 +0,0 @@
<?php
/**
*
* 留言板
*
* @version $Id: guestbook.php$
* @package DedeCMS.Site
* @copyright Copyright (c) 2020, DedeBIZ.COM
* @license https://www.dedebiz.com/license
* @link https://www.dedebiz.com
*/
require_once(dirname(__FILE__).'/guestbook/guestbook.inc.php');
require_once(DEDEINC.'/datalistcp.class.php');
if(empty($action)) $action = '';
//修改留言
if($action=='admin')
{
include_once(dirname(__FILE__).'/guestbook/edit.inc.php');
exit();
}
//保存留言
else if($action=='save')
{
if(!empty($_COOKIE['GUEST_BOOK_POS'])) $GUEST_BOOK_POS = $_COOKIE['GUEST_BOOK_POS'];
else $GUEST_BOOK_POS = 'guestbook.php';
if(empty($validate)) $validate=='';
else $validate = strtolower($validate);
$svali = GetCkVdValue();
if($validate=='' || $validate!=$svali)
{
ShowMsg("验证码不正确!","");
exit();
}
$ip = GetIP();
$dtime = time();
$uname = trimMsg($uname);
$email = trimMsg($email);
$homepage = trimMsg($homepage);
$homepage = preg_replace("#http:\/\/#", '', $homepage);
$qq = trimMsg($qq);
$msg = trimMsg(cn_substrR($msg, 1024), 1);
$tid = empty($tid) ? 0 : intval($tid);
$reid = empty($reid) ? 0 : intval($reid);
$img = HtmlReplace($img);
$needCheck=intval($needCheck);
if($msg=='' || $uname=='') {
showMsg('你的姓名和留言内容不能为空!','-1');
exit();
}
$title = HtmlReplace( cn_substrR($title,60), 1 );
if($title=='') $title = '无标题';
if($reid != 0)
{
$row = $dsql->GetOne("SELECT msg FROM `#@__guestbook` WHERE id='$reid' ");
$msg = "<div class=\\'rebox\\'>".addslashes($row['msg'])."</div>\n".$msg;
}
$msg = addslashes($msg);
$query = "INSERT INTO `#@__guestbook`(title,tid,mid,uname,email,homepage,qq,face,msg,ip,dtime,ischeck)
VALUES ('$title','$tid','{$g_mid}','$uname','$email','$homepage','$qq','$img','$msg','$ip','$dtime','$needCheck'); ";
$dsql->ExecuteNoneQuery($query);
$gid = $dsql->GetLastID();
if($needCheck==1)
{
require_once(DEDEINC."/oxwindow.class.php");
$msg = "
<font color='red'><b>成功发送或回复留言!</b></font> &nbsp; <a href='guestbook.php' style='font-size:14px;font-weight:bold'><u>我已经知道了,点击此返回&gt;&gt;</u></a>";
$wintitle = "留言发布成功提示";
$wecome_info = "留言发布成功:";
$win = new OxWindow();
$win->Init("","js/blank.js","post");
$win->AddTitle("提示:");
$win->AddMsgItem("<div style='padding:20px;line-height:300%;font-size:14px'>$msg</div>");
$winform = $win->GetWindow("hand");
$win->Display();
}
else {
ShowMsg('成功发送一则留言,但需审核后才能显示!','guestbook.php',0,3000);
}
exit();
}
//显示所有留言
else
{
setcookie('GUEST_BOOK_POS',GetCurUrl(),time()+3600,'/');
if($g_isadmin) $sql = 'SELECT * FROM `#@__guestbook` ORDER BY id DESC';
else $sql = 'SELECT * FROM `#@__guestbook` WHERE ischeck=1 ORDER BY id DESC';
$dlist = new DataListCP();
$dlist->pageSize = 10;
$dlist->SetParameter('gotopagerank',$gotopagerank);
$dlist->SetTemplate(DEDETEMPLATE.'/plus/guestbook.htm');
$dlist->SetSource($sql);
$dlist->Display();
}

+ 0
- 73
src/plus/guestbook/edit.inc.php View File

@@ -1,73 +0,0 @@
<?php
/**
* @version $Id: edit.inc.php 1 10:06 2010-11-10 tianya $
* @package DedeCMS.Site
* @copyright Copyright (c) 2020, DedeBIZ.COM
* @license https://www.dedebiz.com/license
* @link https://www.dedebiz.com
*/
if(!defined('DEDEINC')) exit('Request Error!');
if(!empty($_COOKIE['GUEST_BOOK_POS'])) $GUEST_BOOK_POS = $_COOKIE['GUEST_BOOK_POS'];
else $GUEST_BOOK_POS = "guestbook.php";
$id = intval($id);
if(empty($job)) $job='view';
if($job=='del' && $g_isadmin)
{
$dsql->ExecuteNoneQuery(" DELETE FROM `#@__guestbook` WHERE id='$id' ");
ShowMsg("成功删除一条留言!", $GUEST_BOOK_POS);
exit();
}
else if($job=='check' && $g_isadmin)
{
$dsql->ExecuteNoneQuery(" UPDATE `#@__guestbook` SET ischeck=1 WHERE id='$id' ");
ShowMsg("成功审核一条留言!", $GUEST_BOOK_POS);
exit();
}
else if($job=='editok')
{
$remsg = trim($remsg);
if($remsg!='')
{
//管理员回复不过滤HTML
if($g_isadmin)
{
$msg = "<div class=\\'rebox\\'>".$msg."</div>\n".$remsg;
//$remsg <br><font color=red>管理员回复:</font>
}
else
{
$row = $dsql->GetOne("SELECT msg From `#@__guestbook` WHERE id='$id' ");
$oldmsg = "<div class=\\'rebox\\'>".addslashes($row['msg'])."</div>\n";
$remsg = trimMsg(cn_substrR($remsg, 1024), 1);
$msg = $oldmsg.$remsg;
}
} else {
if(!$g_isadmin)
{
ShowMsg("无权提交修改当前留言!", $GUEST_BOOK_POS);
exit();
}
}
$msg = HtmlReplace($msg, -1);
/*
漏洞描述:dedecms留言板注入漏洞。
*/
$msg = addslashes($msg);
$dsql->ExecuteNoneQuery("UPDATE `#@__guestbook` SET `msg`='$msg', `posttime`='".time()."' WHERE id='$id' ");
ShowMsg("成功更改或回复一条留言!", $GUEST_BOOK_POS);
exit();
}
if($g_isadmin)
{
$row = $dsql->GetOne("SELECT * FROM `#@__guestbook` WHERE id='$id'");
require_once(DEDETEMPLATE.'/plus/guestbook-admin.htm');
}
else
{
$row = $dsql->GetOne("SELECT id,title FROM `#@__guestbook` WHERE id='$id'");
require_once(DEDETEMPLATE.'/plus/guestbook-user.htm');
}

+ 0
- 38
src/plus/guestbook/guestbook.inc.php View File

@@ -1,38 +0,0 @@
<?php
/**
* @version $Id: guestbook.inc.php 1 10:06 2010-11-10 tianya $
* @package DedeCMS.Site
* @copyright Copyright (c) 2020, DedeBIZ.COM
* @license https://www.dedebiz.com/license
* @link https://www.dedebiz.com
*/
require(dirname(__FILE__).'/../../include/common.inc.php');
require_once(DEDEINC."/filter.inc.php");
if(empty($gotopagerank)) $gotopagerank='';
require_once(DEDEINC."/memberlogin.class.php");
$cfg_ml = new MemberLogin(-1);
//设置为 0,表示留言需要审核
//如果设置为 1 ,则留言不需要审核就能显示
if($cfg_feedbackcheck=='Y') $needCheck = 0;
else $needCheck = 1;
//是否是会员或管理员
if($cfg_ml->IsLogin())
{
$g_isadmin = ($cfg_ml->fields['matt'] >= 10);
$g_mid = $cfg_ml->M_ID;
$g_name = $cfg_ml->M_UserName;
}
else
{
$g_isadmin = FALSE;
$g_mid = 0;
$g_name = '';
}
function GetIsCheck($ischeck,$id)
{
if($ischeck==0) return "<br><a href='guestbook.php?action=admin&job=check&id=$id' style='color:red'>[审核]</a>";
else return '';
}

BIN
src/plus/guestbook/images/01.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.2KB

BIN
src/plus/guestbook/images/02.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.6KB

BIN
src/plus/guestbook/images/03.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.8KB

BIN
src/plus/guestbook/images/04.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 4.2KB

BIN
src/plus/guestbook/images/05.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.0KB

BIN
src/plus/guestbook/images/06.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.6KB

BIN
src/plus/guestbook/images/07.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.9KB

BIN
src/plus/guestbook/images/08.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.4KB

BIN
src/plus/guestbook/images/09.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.3KB

BIN
src/plus/guestbook/images/10.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 2.3KB

BIN
src/plus/guestbook/images/11.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 2.7KB

BIN
src/plus/guestbook/images/12.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.8KB

BIN
src/plus/guestbook/images/13.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 2.8KB

BIN
src/plus/guestbook/images/14.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.3KB

BIN
src/plus/guestbook/images/15.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.2KB

BIN
src/plus/guestbook/images/16.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.8KB

BIN
src/plus/guestbook/images/17.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.4KB

BIN
src/plus/guestbook/images/18.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 2.7KB

BIN
src/plus/guestbook/images/19.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 2.9KB

BIN
src/plus/guestbook/images/20.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.4KB

BIN
src/plus/guestbook/images/21.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.1KB

BIN
src/plus/guestbook/images/22.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 4.1KB

BIN
src/plus/guestbook/images/23.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 2.3KB

BIN
src/plus/guestbook/images/24.gif View File

Before After
Width: 72  |  Height: 72  |  Size: 3.7KB

BIN
src/plus/guestbook/images/botright.gif View File

Before After
Width: 8  |  Height: 20  |  Size: 139B

BIN
src/plus/guestbook/images/bottop.gif View File

Before After
Width: 300  |  Height: 30  |  Size: 771B

+ 0
- 69
src/plus/guestbook/images/css.css View File

@@ -1,69 +0,0 @@
td,a,a:link,a:visited {
color:#000000;text-decoration:none;font-size:9pt
}
a:hover{
color:#000000;
font-size:9pt;
text-decoration:underline;
}
input,select {
font-size:9pt;
color:#000000;
}
body {
color:#000000;
font-size:9pt;
scrollbar-track-color:#eeeeee;
scrollbar-shadow-color:buttonface;
scrollbar-highlight-color:buttonface;
scrollbar-3dlight-color:buttonhighlight;
scrollbar-darkshadow-color:buttonshadow
}
.input {
font-size:9pt;
border-top:#cdcdcd 1px solid;
border-left:#cdcdcd 1px solid;
border-right:#eeeeee 1px solid;
border-bottom:#eeeeee 1px solid;
height:18px;color:#000000;
padding-top:1px;
letter-spacing:0px;
padding-right:0px;
padding-left:0px;
width:90%;
}
.admintb td{ padding-right:6px; }
.btn {
font-size:9pt;
border-top:#cdcdcd 1px solid;
border-left:#cdcdcd 1px solid;
border-right:#737373 1px solid;
border-bottom:#737373 1px solid;
height:18px;
color:#000000;
padding-top:1px;
letter-spacing:0px;
padding-right:0px;
padding-left:0px;
}
.textarea {
font-size:9pt;
border-top:#cdcdcd 1px solid;
border-left:#cdcdcd 1px solid;
border-right:#eeeeee 1px solid;
border-bottom:#eeeeee 1px solid;
color:#000000;
padding-top:1px;
letter-spacing:0px;
padding-right:0px;
padding-left:0px;
width:90%;
}

BIN
src/plus/guestbook/images/dedebanner.gif View File

Before After
Width: 760  |  Height: 70  |  Size: 5.0KB

BIN
src/plus/guestbook/images/del.gif View File

Before After
Width: 16  |  Height: 16  |  Size: 282B

BIN
src/plus/guestbook/images/home.gif View File

Before After
Width: 16  |  Height: 16  |  Size: 441B

BIN
src/plus/guestbook/images/ip.gif View File

Before After
Width: 16  |  Height: 15  |  Size: 422B

BIN
src/plus/guestbook/images/mail.gif View File

Before After
Width: 16  |  Height: 16  |  Size: 452B

BIN
src/plus/guestbook/images/quote.gif View File

Before After
Width: 16  |  Height: 16  |  Size: 501B

BIN
src/plus/guestbook/images/time.gif View File

Before After
Width: 16  |  Height: 16  |  Size: 458B

+ 0
- 137
src/templets/plus/guestbook-admin.htm View File

@@ -1,137 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title><?php echo $cfg_webname; ?>_留言本</title>
<link href="<?php echo $cfg_templeturl; ?>/default/style/dedecms.css" rel="stylesheet" type="text/css" media="screen" />
<style>
.lefttd {
border-left:1px solid #dedede;
border-right:1px solid #dedede;
}
.ltd {
border-left:1px solid #dedede;
border-right:1px solid #dedede;
border-top:1px solid #dedede;
border-bottom:1px dashed #dedede;
}
.msgtd {
line-height:180%;
border-right:1px solid #dedede;
padding-left:5px;
}
.timetd {
border-right:1px solid #dedede;
border-top:1px solid #dedede;
border-bottom:1px dashed #dedede;
padding-left:5px;
}
.bottomtd {
border-right:1px solid #dedede;
border-top:1px dashed #dedede;
padding-left:5px;
}
.writetable td {
padding: 5px;
}
.writetd {
background:url(img/wbg.gif);
}
.pagetable {
border:1px solid #dedede;
margin-bottom:8px;
background:#FBFEED;
}
.pagelistbox {
}
.pagelistbox span{
border:1px solid #dedede;
padding:2px;
margin-right:3px;
background:#E8F9BF;
}
.pagelistbox a {
border:1px solid #dedede;
padding:2px;
margin-right:3px;
background:#E8F9BF;
}
.rebox {
width:98%;
padding:3px;
border:1px solid #dedede;
}
</style>
</head>
<body class="mapspage">
<div class="header">
<div class="top w960 center">
<div class="title">
<h1>
<h1><a href="<?php echo $cfg_basehost;?>/"><?php echo $cfg_webname;?></a></h1>
</h1>
</div><!-- /title -->
</div><!-- /top -->
</div><!-- /header -->
<div class="w960 clear center mt1">
<div class="sp-title">
<a href='guestbook.php'><h2>留言板</h2></a>
<span class="more"><a href="#write">回复留言</a> <a href="<?php echo $cfg_basehost;?>/">返回首页</a> </span> </div>
<table width="100%" border="0" cellspacing="1" cellpadding="4" align="center" bgcolor="#dedede" class='writetable'>
<form method="post" action="guestbook.php">
<input type="hidden" name="action" value="admin">
<input type="hidden" name="id" value="<?php echo $id; ?>">
<input type="hidden" name="job" value="editok">
<tr>
<td colspan='4' class='writetd'><b>回复留言:</b><a name='write'></a></td>
</tr>
<tr bgcolor="#ffffff">
<td width="15%" height="30" align="center"><font color="#FF0000">*</font>留言者:</td>
<td width="35%"><?php echo $row['uname']; ?></td>
<td width="15%" align="center" nowrap>OICQ号码:</td>
<td width="35%"><?php echo $row['qq']; ?></td>
</tr>
<tr bgcolor="#ffffff">
<td height="30" align="center" nowrap>&nbsp;电子邮件:</td>
<td><?php echo $row['email']; ?></td>
<td align="center" nowrap height="12">个人主页:</td>
<td height="12"><?php echo $row['homepage']; ?></td>
</tr>
<tr bgcolor="#ffffff">
<td align="center" nowrap width="10%">
<font color="#FF0000">*</font>留言内容:
</td>
<td height="2" colspan="3" align="left">
<textarea name="msg" cols="80" rows="6" class="ipt-txt" style="width:90%;"><?php echo $row['msg']; ?></textarea>
</td>
</tr>
<tr bgcolor="#ffffff">
<td align="center" nowrap>
回复留言:
</td>
<td colspan="3" nowrap>
<div style='width:92%'><?php GetEditor('remsg', "<font color=red>管理员回复:</font>", 250, "MemberLit"); ?></div>
</td>
</tr>
<tr bgcolor="#ffffff">
<td height="30" colspan="4" align="center" nowrap>
<input maxlength="1000" type="submit" name="Submit" value=" 保 存 " class="btn-2">
&nbsp;&nbsp;
<input type="reset" name="Submit2" value="取 消" class="btn-2">
</td>
</tr>
</form>
</table>
<div class="footer">
<p class="powered">
<?php echo $cfg_powerby; ?>
</p><!-- /powered -->
</div>
</div>
</body>
</html>

+ 0
- 170
src/templets/plus/guestbook-user.htm View File

@@ -1,170 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title><?php echo $cfg_webname; ?> - 留言本</title>
<link href="<?php echo $cfg_templeturl; ?>/default/style/dedecms.css" rel="stylesheet" type="text/css" media="screen" />
<style>
.lefttd {
border-left:1px solid #dedede;
border-right:1px solid #dedede;
}
.ltd {
border-left:1px solid #dedede;
border-right:1px solid #dedede;
border-top:1px solid #dedede;
border-bottom:1px dashed #dedede;
}
.msgtd {
line-height:180%;
border-right:1px solid #dedede;
padding-left:5px;
}
.timetd {
border-right:1px solid #dedede;
border-top:1px solid #dedede;
border-bottom:1px dashed #dedede;
padding-left:5px;
}
.bottomtd {
border-right:1px solid #dedede;
border-top:1px dashed #dedede;
padding-left:5px;
}
.writetable td {
padding: 5px;
}
.writetd {
background:url(img/wbg.gif);
}
.pagetable {
border:1px solid #dedede;
margin-bottom:8px;
background:#FBFEED;
}
.pagelistbox {
}
.pagelistbox span{
border:1px solid #dedede;
padding:2px;
margin-right:3px;
background:#E8F9BF;
}
.pagelistbox a {
border:1px solid #dedede;
padding:2px;
margin-right:3px;
background:#E8F9BF;
}
.rebox {
width:98%;
padding:3px;
border:1px solid #dedede;
}
</style>
</head>
<body class="mapspage">
<div class="header">
<div class="top w960 center">
<div class="title">
<h1>
<h1><a href="<?php echo $cfg_basehost;?>/"><?php echo $cfg_webname;?></a></h1>
</h1>
</div><!-- /title -->
</div><!-- /top -->
</div><!-- /header -->
<div class="w960 clear center mt1">
<div class="sp-title">
<a href='guestbook.php'><h2>留言本</h2></a>
<span class="more"><a href="<?php echo $cfg_basehost;?>/">返回首页</a> </span> </div>
<table width="100%" border="0" cellspacing="1" cellpadding="4" align="center" bgcolor="#dedede" class='writetable'>
<form method="post" action="guestbook.php">
<input type="hidden" name="action" value="save">
<input type="hidden" name="reid" value="<?php echo $row['id']; ?>">
<tr>
<td colspan='4' class='writetd'><b>回复主题:</b><?php echo $row['title']; ?><a name='write'></a></td>
</tr>
<tr bgcolor="#ffffff">
<td width="10%" align="center" nowrap><font color="#FF0000">*</font>论文标题:</td>
<td width="40%"><input type="text" maxlength="50" name="title" size="30" value="回复:<?php echo $row['title']; ?>" class="ipt-txt"/></td>
<td width="10%" align="center" nowrap>验 证 码:</td>
<td>
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="70"><input name="validate" type="text" id="vdcode2" class="ipt-txt" style="width:60px;text-transform: uppercase;" /></td>
<td><img src='../plus/vdimgck.php'/></td>
</tr>
</table>
</td>
</tr>
<tr bgcolor="#ffffff">
<td width="10%" align="center" nowrap><font color="#FF0000">*</font>你的姓名:</td>
<td width="40%"><input type="text" maxlength="10" name="uname" size="30" value="<?php echo $g_name; ?>" class="ipt-txt"/></td>
<td width="10%" align="center" nowrap>OICQ号码:</td>
<td width="40%"><input maxlength="20" type="text" name="qq" size="20" class="ipt-txt" /></td>
</tr>
<tr bgcolor="#ffffff">
<td align="center" nowrap>&nbsp;电子邮件:</td>
<td><input maxlength="80" type="text" name="email" size="30" class="ipt-txt"/></td>
<td align="center" nowrap height="12">个人主页:</td>
<td height="12"><input maxlength="80" type="text" name="homepage" size="20" class="ipt-txt" /></td>
</tr>
<tr bgcolor="#ffffff">
<td align="center" nowrap width="10%"><font color="#FF0000">*</font>留言内容:<br />
(1000字内) </td>
<td align="left" width="40%">
<textarea name="msg" cols="38" rows="5" class="textarea ipt-txt"></textarea>
</td>
<td align="center" nowrap height="2" width="10%">选择头像:</td>
<td nowrap height="2" width="40%">
<input type="radio" name="img" value="01" checked />
<img src="guestbook/images/01.gif" width="25" height="25" />
<input type="radio" name="img" value="02" />
<img src="guestbook/images/02.gif" width="25" height="25" />
<input type="radio" name="img" value="03" />
<img src="guestbook/images/03.gif" width="25" height="25" />
<input type="radio" name="img" value="04" />
<img src="guestbook/images/04.gif" width="25" height="25" />
<input type="radio" name="img" value="05" />
<img src="guestbook/images/05.gif" width="25" height="25" />
<input type="radio" name="img" value="06" />
<img src="guestbook/images/06.gif" width="25" height="25" />
<input type="radio" name="img" value="08" />
<img src="guestbook/images/08.gif" width="25" height="25" />
<br /><br />
<input type="radio" name="img" value="13" />
<img src="guestbook/images/13.gif" width="25" height="25" />
<input type="radio" name="img" value="14" />
<img src="guestbook/images/14.gif" width="25" height="25" />
<input type="radio" name="img" value="15" />
<img src="guestbook/images/15.gif" width="25" height="25" />
<input type="radio" name="img" value="16" />
<img src="guestbook/images/16.gif" width="25" height="25" />
<input type="radio" name="img" value="17" />
<img src="guestbook/images/17.gif" width="25" height="25" />
<input type="radio" name="img" value="18" />
<img src="guestbook/images/18.gif" width="25" height="25" />
<input type="radio" name="img" value="20" />
<img src="guestbook/images/20.gif" width="25" height="25" />
</td>
</tr>
<tr bgcolor="#ffffff">
<td colspan="4" align="center" nowrap><input maxlength="1000" type="submit" name="Submit" value="提 交" class="btn-2" />
&nbsp;&nbsp;
<input type="reset" name="Submit2" value="取 消" class="btn-2" /></td>
</tr>
</form>
</table>
<div class="footer">
<p class="powered">
<?php echo $cfg_powerby; ?>
</p><!-- /powered -->
</div>
</div>
</body>
</html>

+ 0
- 226
src/templets/plus/guestbook.htm View File

@@ -1,226 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title><?php echo $cfg_webname; ?> - 留言本</title>
<link href="<?php echo $cfg_templeturl; ?>/default/style/dedecms.css" rel="stylesheet" type="text/css" media="screen" />
<style>
.lefttd {
border-left:1px solid #dedede;
border-right:1px solid #dedede;
}
.ltd {
border-left:1px solid #dedede;
border-right:1px solid #dedede;
border-top:1px solid #dedede;
border-bottom:1px dashed #dedede;
}
.msgtd {
line-height:180%;
border-right:1px solid #dedede;
padding:5px;
height:80px;
}
.timetd {
border-right:1px solid #dedede;
border-top:1px solid #dedede;
border-bottom:1px dashed #dedede;
padding-left:5px;
}
.bottomtd {
border-right:1px solid #dedede;
border-top:1px dashed #dedede;
padding-left:5px;
}
.writetable td {
padding: 5px;
}
.writetd {
background:url(img/wbg.gif);
}
.pagetable {
border:1px solid #dedede;
margin-bottom:8px;
background:#FBFEED;
}
.pagelistbox {
}
.pagelistbox span{
border:1px solid #dedede;
padding:2px;
margin-right:3px;
background:#E8F9BF;
}
.pagelistbox a {
border:1px solid #dedede;
padding:2px;
margin-right:3px;
background:#E8F9BF;
padding-left:5px;
padding-right:5px;
}
.rebox {
width:98%;
padding:3px;
border:1px solid #dedede;
}
</style>
</head>
<body class="mapspage">
<div class="header">
<div class="top w960 center">
<div class="title">
<h1>
<h1><a href="<?php echo $cfg_basehost;?>/"><?php echo $cfg_webname;?></a></h1>
</h1>
</div><!-- /title -->
</div><!-- /top -->
</div><!-- /header -->
<div class="w960 clear center mt1">
<div class="sp-title">
<h2>留言本</h2>
<span class="more">
<a href="#write">[发布留言]</a> &nbsp;
<a href="<?php echo $cfg_basehost;?>/">[返回主页]</a>
</span>
</div>
<?php
$ntt=0;
$bgcc = '#FBFEED';
?>
{dede:datalist}
<table width='100%' border='0' align="center" cellpadding='0' cellspacing='0' style="<?php echo (($ntt==0) ? "background:{$bgcc}" : 'background:#ffffff'); ?>">
<tr>
<td width='160' align="center" class='ltd'>
<b><?php echo $fields['uname']; ?></b>
</td>
<td height="26" class='timetd'>
<img height='16' src='guestbook/images/time.gif' width='16' /> 时间: <?php echo MyDate('m-d H:i',$fields['dtime']); ?>
&nbsp;
主题:<?php echo $fields['title']; ?>
</td>
</tr>
<tr>
<td width='160' rowspan='2' align="center" class='lefttd'>
<table width='160' border='0' align="center" cellpadding='1' cellspacing='2'>
<tr>
<td height="80" align="center">
<img src='guestbook/images/<?php echo $fields['face']?>.gif' border=0 /> <?php echo GetIsCheck($fields['ischeck'],$fields['id'])?>
</td>
</tr>
<tr>
<td height="20">&nbsp;来自:<?php echo preg_replace("#[^\.]*\.[^\.]*$#","*.*",$fields['ip']); ?></td>
</tr>
<tr>
<td height="20">&nbsp;QQ:<?php echo $fields['qq']?></td>
</tr>
</table>
</td>
<td class='msgtd'><?php echo $fields['msg']; ?></td>
</tr>
<tr>
<td height="26" class="bottomtd">
<a href='mailto:<?php echo $fields["email"]?>'><img src='guestbook/images/mail.gif' border=0 width='16' height='16' />[邮件]</a> &nbsp;
<a href='http://<?php echo $fields['homepage']?>' target='_blank'><img src='guestbook/images/home.gif' border=0 width='16' height='16' />[主页]</a> &nbsp;
<a href='guestbook.php?action=admin&id=<?php echo $fields['id']; ?>'><img src='guestbook/images/quote.gif' border=0 height=16 width=16 />[回复/编辑]</a> &nbsp;
<?php if($g_isadmin) { ?>
<a href='guestbook.php?action=admin&id=<?php echo $fields['id']; ?>&job=del'><img src='guestbook/images/del.gif' border=0 height=16 width=16 />[删除]</a>
<?php } ?>
</td>
</tr>
</table>
<?php if($ntt==0){$ntt=1;}else{ $ntt=0; } ?>
{/dede:datalist}
<table border='0' cellpadding='0' cellspacing='0' width='100%' align='center' class='pagetable'>
<tr>
<td align="center" height='28'> {dede:pagelist listsize='5'/} </td>
</tr>
</table>
<table width="100%" border="0" cellspacing="1" cellpadding="4" align="center" bgcolor="#dedede" class='writetable'>
<form method="post" action="guestbook.php" name="form1">
<input type='hidden' name='action' value='save' />
<tr>
<td colspan='4' class='writetd'><b>发布留言:</b><a name='write'></a></td>
</tr>
<tr bgcolor="#ffffff">
<td width="10%" align="center" nowrap><font color="#FF0000">*</font>标题:</td>
<td width="40%"><input type="text" maxlength="50" name="title" size="30" class="ipt-txt"/></td>
<td width="10%" align="center" nowrap>验 证 码:</td>
<td>
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="70"><input name="validate" type="text" id="vdcode2" class="ipt-txt" style="width:60px;text-transform: uppercase;" /></td>
<td><img src='../plus/vdimgck.php'/></td>
</tr>
</table>
</td>
</tr>
<tr bgcolor="#ffffff">
<td width="10%" align="center" nowrap><font color="#FF0000">*</font>你的姓名:</td>
<td width="40%"><input type="text" maxlength="10" name="uname" size="30" value="<?php echo $g_name; ?>" class="ipt-txt"/></td>
<td width="10%" align="center" nowrap>OICQ号码:</td>
<td width="40%"><input maxlength="20" type="text" name="qq" size="20" class="ipt-txt" /></td>
</tr>
<tr bgcolor="#ffffff">
<td align="center" nowrap>&nbsp;电子邮件:</td>
<td><input maxlength="80" type="text" name="email" size="30" class="ipt-txt"/></td>
<td align="center" nowrap height="12">个人主页:</td>
<td height="12"><input maxlength="80" type="text" name="homepage" size="20" class="ipt-txt" /></td>
</tr>
<tr bgcolor="#ffffff">
<td align="center" nowrap width="10%"><font color="#FF0000">*</font>留言内容:<br />
(1000字内) </td>
<td align="left" width="40%">
<textarea name="msg" cols="38" rows="5" class="textarea ipt-txt"></textarea>
</td>
<td align="center" nowrap height="2" width="10%">选择头像:</td>
<td nowrap height="2" width="40%">
<input type="radio" name="img" value="01" checked />
<img src="guestbook/images/01.gif" width="25" height="25" />
<input type="radio" name="img" value="02" />
<img src="guestbook/images/02.gif" width="25" height="25" />
<input type="radio" name="img" value="03" />
<img src="guestbook/images/03.gif" width="25" height="25" />
<input type="radio" name="img" value="04" />
<img src="guestbook/images/04.gif" width="25" height="25" />
<input type="radio" name="img" value="05" />
<img src="guestbook/images/05.gif" width="25" height="25" />
<input type="radio" name="img" value="06" />
<img src="guestbook/images/06.gif" width="25" height="25" />
<input type="radio" name="img" value="08" />
<img src="guestbook/images/08.gif" width="25" height="25" />
<br /><br />
<input type="radio" name="img" value="13" />
<img src="guestbook/images/13.gif" width="25" height="25" />
<input type="radio" name="img" value="14" />
<img src="guestbook/images/14.gif" width="25" height="25" />
<input type="radio" name="img" value="15" />
<img src="guestbook/images/15.gif" width="25" height="25" />
<input type="radio" name="img" value="16" />
<img src="guestbook/images/16.gif" width="25" height="25" />
<input type="radio" name="img" value="17" />
<img src="guestbook/images/17.gif" width="25" height="25" />
<input type="radio" name="img" value="18" />
<img src="guestbook/images/18.gif" width="25" height="25" />
<input type="radio" name="img" value="20" />
<img src="guestbook/images/20.gif" width="25" height="25" />
</td>
</tr>
<tr bgcolor="#ffffff">
<td colspan="4" align="center" nowrap><input maxlength="1000" type="submit" name="Submit" value="提 交" class="btn-2" />
&nbsp;&nbsp;
<input type="reset" name="Submit2" value="取 消" class="btn-2" /></td>
</tr>
</form>
</table>
<br />
</div>
{dede:include filename='plus_foot.htm' /}
</div>
</body>
</html>

+ 0
- 28
src/templets/system/memberinfos.htm View File

@@ -1,28 +0,0 @@
<table width="100%" border="0" cellpadding="3">
<tr>
<td colspan='2'>
<a href='[field:spaceurl /]'><b>[field:uname/]</b></a>
&nbsp;
<a href='[field:spaceurl /]&action=archives&channelid=-8'>查看此用户所有信息</a>
</td>
</tr>
<tr>
<td colspan='2'>
<a href='[field:spaceurl /]&action=guestbook'>[发送留言]</a>
&nbsp;
<a href='[field:spaceurl /]&action=newfriend'>[加为好友]</a>
</td>
</tr>
<tr width="30%">
<td>用户等级</td>
<td>[field:rankname /]</td>
</tr>
<tr>
<td>注册时间</td>
<td>[field:jointime function="MyDate('Y-m-d H:m',@me)"/]</td>
</tr>
<tr>
<td>最后登录</td>
<td>[field:logintime function="MyDate('Y-m-d H:m',@me)"/]</td>
</tr>
</table>

+ 0
- 2
src/templets/templet-pluslist.inc View File

@@ -8,8 +8,6 @@ feedback_templet.htm,评论页
feedback_templet_js.htm,评论JS调用模板
flink-add.htm,增加友情链接
flink-list.htm,友情链接列表
guestbook-admin.htm,管理留言本
guestbook.htm,留言本
heightsearch.htm,高级搜索
js.htm,JS调用默认模板
list_diyform.htm,自定义表单默认内容列表


Write Preview
Loading…
Cancel
Save