DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
Browse Source

会员中心CSRF安全优化

tags/6.0.0
tianya 3 years ago
parent
5c74102bfe
commit
f7662f416c
35 changed files with 826 additions and 1298 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      src/dede/templets/member_view.htm
  2. +1
    -1
      src/member/archives_add.php
  3. +0
    -48
      src/member/archives_do.php
  4. +1
    -1
      src/member/archives_edit.php
  5. +4
    -11
      src/member/archives_sg_add.php
  6. +4
    -12
      src/member/archives_sg_edit.php
  7. +1
    -13
      src/member/article_add.php
  8. +0
    -10
      src/member/article_edit.php
  9. +33
    -0
      src/member/config.php
  10. +47
    -72
      src/member/edit_baseinfo.php
  11. +4
    -49
      src/member/edit_face.php
  12. +68
    -87
      src/member/edit_fullinfo.php
  13. +2
    -28
      src/member/edit_space_info.php
  14. +31
    -45
      src/member/inc/archives_check.php
  15. +32
    -41
      src/member/inc/archives_check_edit.php
  16. +3
    -121
      src/member/inc/inc_archives_functions.php
  17. +15
    -15
      src/member/mystow.php
  18. +0
    -4
      src/member/templets/album_add.htm
  19. +2
    -12
      src/member/templets/album_edit.htm
  20. +88
    -85
      src/member/templets/archives_add.htm
  21. +1
    -14
      src/member/templets/archives_edit.htm
  22. +0
    -4
      src/member/templets/archives_sg_add.htm
  23. +1
    -5
      src/member/templets/archives_sg_edit.htm
  24. +0
    -4
      src/member/templets/article_add.htm
  25. +1
    -13
      src/member/templets/article_edit.htm
  26. +135
    -131
      src/member/templets/edit_baseinfo.htm
  27. +53
    -60
      src/member/templets/edit_face.htm
  28. +46
    -42
      src/member/templets/edit_fullinfo.htm
  29. +65
    -60
      src/member/templets/edit_space_info.htm
  30. +2
    -2
      src/member/templets/js/album.js
  31. +1
    -1
      src/member/templets/js/load_index.js
  32. +55
    -146
      src/member/templets/js/main.js
  33. +126
    -139
      src/member/templets/menu.php
  34. +2
    -8
      src/member/templets/soft_add.htm
  35. +1
    -13
      src/member/templets/soft_edit.htm

+ 1
- 1
src/dede/templets/member_view.htm View File

@@ -112,7 +112,7 @@ function checkSubmit()
<tr>
<td align="right" class='bline'>等级:</td>
<td class='bline' style="text-align:left;"><?php
$MemberTypes = '';
$MemberTypes = array();
$dsql->SetQuery("Select rank,membername From `#@__arcrank` where rank>0");
$dsql->Execute('n');
$MemberTypes[0] = "限制会员";


+ 1
- 1
src/member/archives_add.php View File

@@ -92,7 +92,7 @@ else if($dopost=='save')
}
}
if (empty($dede_fieldshash) || $dede_fieldshash != md5($dede_addonfields.$cfg_cookie_encode))
if (empty($dede_fieldshash) || $dede_fieldshash !== md5($dede_addonfields . 'anythingelse' . $cfg_cookie_encode))
{
showMsg('数据校验不对,程序返回', '-1');
exit();


+ 0
- 48
src/member/archives_do.php View File

@@ -201,52 +201,4 @@ else if($dopost=="viewArchives")
}else{
header("location:/book/book.php?bid=".$aid);
}
}
/*--------------
function DelUploads()
删除上传的附件
----------------*/
else if($dopost=="delUploads")
{
CheckRank(0,0);
if(empty($ids))
{
$ids = '';
}
$tj = 0;
if($ids=='')
{
$arow = $dsql->GetOne("SELECT url,mid FROM `#@__uploads` WHERE aid='$aid'; ");
if(is_array($arow) && $arow['mid']==$cfg_ml->M_ID)
{
$dsql->ExecuteNoneQuery("DELETE FROM `#@__uploads` WHERE aid='$aid'; ");
if(file_exists($cfg_basedir.$arow['url']))
{
@unlink($cfg_basedir.$arow['url']);
}
}
$tj++;
}
else
{
$ids = explode(',',$ids);
foreach($ids as $aid)
{
$aid = preg_replace("#[^0-9]#", "", $aid);
$arow = $dsql->GetOne("SELECT url,mid From #@__uploads WHERE aid='$aid'; ");
if(is_array($arow) && $arow['mid']==$cfg_ml->M_ID)
{
$dsql->ExecuteNoneQuery("DELETE FROM `#@__uploads` WHERE aid='$aid'; ");
$tj++;
if(file_exists($cfg_basedir.$arow['url']))
{
@unlink($cfg_basedir.$arow['url']);
}
}
}
}
ShowMsg("成功删除 $tj 个附件!",$ENV_GOBACK_URL);
exit();
}

+ 1
- 1
src/member/archives_edit.php View File

@@ -88,7 +88,7 @@ else if($dopost=='save')
}
}
if (empty($idhash) || $idhash != md5($aid.$cfg_cookie_encode))
if (empty($idhash) || $idhash != hash("sha256", $aid.$cfg_cookie_encode))
{
showMsg('数据校验不对,程序返回', '-1');
exit();


+ 4
- 11
src/member/archives_sg_add.php View File

@@ -80,6 +80,9 @@ else if($dopost=='save')
}
}
// 校验CSRF
CheckCSRF();
$flag = '';
$autokey = $remote = $dellink = $autolitpic = 0;
$userip = GetIP();
@@ -135,10 +138,6 @@ else if($dopost=='save')
$mid = $cfg_ml->M_ID;
$description=empty($description)? "" : $description;
//处理上传的缩略图
$litpic = MemberUploads('litpic','',$cfg_ml->M_ID,'image','',$cfg_ddimg_width,$cfg_ddimg_height,false);
if($litpic!='') SaveUploadInfo($title,$litpic,1);
//分析处理附加表数据
$inadd_f = $inadd_v = '';
if(!empty($dede_addonfields))
@@ -173,12 +172,6 @@ else if($dopost=='save')
}
}
if (empty($dede_fieldshash) || $dede_fieldshash != md5($dede_addonfields.$cfg_cookie_encode))
{
showMsg('数据校验不对,程序返回', '-1');
exit();
}
// 这里对前台提交的附加数据进行一次校验
$fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'],'autofield', FALSE);
if ($fontiterm != str_replace('`', '', $inadd_f))
@@ -206,7 +199,7 @@ else if($dopost=='save')
}
else
{
$inquery = "INSERT INTO `{$addtable}`(aid,typeid,arcrank,mid,channel,title,senddate,litpic,userip{$inadd_f}) Values('$arcID','$typeid','$arcrank','$mid','$channelid','$title','$senddate','$litpic','$userip'{$inadd_v})";
$inquery = "INSERT INTO `{$addtable}`(aid,typeid,arcrank,mid,channel,title,senddate,litpic,userip{$inadd_f}) Values('$arcID','$typeid','$arcrank','$mid','$channelid','$title','$senddate','','$userip'{$inadd_v})";
if(!$dsql->ExecuteNoneQuery($inquery))
{
$gerr = $dsql->GetError();


+ 4
- 12
src/member/archives_sg_edit.php View File

@@ -49,7 +49,6 @@ function _SaveArticle(){ }
------------------------------*/
else if($dopost=='save')
{
require_once(DEDEINC."/image.func.php");
require_once(DEDEINC."/oxwindow.class.php");
$flag = '';
@@ -83,6 +82,9 @@ else if($dopost=='save')
exit();
}
// 校验CSRF
CheckCSRF();
//文档的默认状态
if($cInfos['arcsta']==0)
{
@@ -101,11 +103,6 @@ else if($dopost=='save')
$title = cn_substrR(HtmlReplace($title, 1), $cfg_title_maxlen);
$mid = $cfg_ml->M_ID;
//处理上传的缩略图
$litpic = MemberUploads('litpic', $oldlitpic, $mid, 'image', '', $cfg_ddimg_width, $cfg_ddimg_height, FALSE);
if($litpic!='') SaveUploadInfo($title, $litpic, 1);
else $litpic =$oldlitpic;
//分析处理附加表数据
$inadd_f = $inadd_m = '';
if(!empty($dede_addonfields))
@@ -137,11 +134,6 @@ else if($dopost=='save')
$inadd_m .= ','.$vs[0];
}
}
if (empty($idhash) || $idhash != md5($aid.$cfg_cookie_encode))
{
showMsg('数据校验不对,程序返回', '-1');
exit();
}
// 这里对前台提交的附加数据进行一次校验
$fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'],'autofield', FALSE);
@@ -154,7 +146,7 @@ else if($dopost=='save')
if($addtable!='')
{
$upQuery = "UPDATE `$addtable` SET `title`='$title',`typeid`='$typeid',`arcrank`='$arcrank',litpic='$litpic',userip='$userip'{$inadd_f} WHERE aid='$aid' ";
$upQuery = "UPDATE `$addtable` SET `title`='$title',`typeid`='$typeid',`arcrank`='$arcrank',userip='$userip'{$inadd_f} WHERE aid='$aid' ";
if(!$dsql->ExecuteNoneQuery($upQuery))
{
ShowMsg("更新附加表 `$addtable` 时出错,请联系管理员!","javascript:;");


+ 1
- 13
src/member/article_add.php View File

@@ -79,13 +79,6 @@ else if($dopost=='save')
}
}
}
if (empty($dede_fieldshash) || ( $dede_fieldshash != md5($dede_addonfields . $cfg_cookie_encode) && $dede_fieldshash != md5($dede_addonfields . 'anythingelse' . $cfg_cookie_encode)) )
{
showMsg('数据校验不对,程序返回', '-1');
exit();
}
// 这里对前台提交的附加数据进行一次校验
$fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'],'autofield', FALSE);
@@ -95,11 +88,6 @@ else if($dopost=='save')
exit();
}
//处理图片文档的自定义属性
if($litpic!='')
{
$flag = 'p';
}
$body = AnalyseHtmlBody($body, $description);
$body = HtmlReplace($body, -1);
@@ -115,7 +103,7 @@ else if($dopost=='save')
$inQuery = "INSERT INTO `#@__archives`(id,typeid,sortrank,flag,ismake,channel,arcrank,click,money,title,shorttitle,
color,writer,source,litpic,pubdate,senddate,mid,description,keywords,mtype)
VALUES ('$arcID','$typeid','$sortrank','$flag','$ismake','$channelid','$arcrank','0','$money','$title','$shorttitle',
'$color','$writer','$source','$litpic','$pubdate','$senddate','$mid','$description','$keywords','$mtypesid'); ";
'$color','$writer','$source','','$pubdate','$senddate','$mid','$description','$keywords','$mtypesid'); ";
if(!$dsql->ExecuteNoneQuery($inQuery))
{
$gerr = $dsql->GetError();


+ 0
- 10
src/member/article_edit.php View File

@@ -79,12 +79,6 @@ else if($dopost=='save')
}
}
if (empty($dede_fieldshash) || $dede_fieldshash != md5($dede_addonfields.$cfg_cookie_encode))
{
showMsg('数据校验不对,程序返回', '-1');
exit();
}
// 这里对前台提交的附加数据进行一次校验
$fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'],'autofield', FALSE);
if ($fontiterm != $inadd_f)
@@ -97,16 +91,12 @@ else if($dopost=='save')
$body = AnalyseHtmlBody($body,$description);
$body = HtmlReplace($body,-1);
//处理图片文档的自定义属性
if($litpic!='') $flag = 'p';
//更新数据库的SQL语句
$upQuery = "UPDATE `#@__archives` SET
ismake='$ismake',
arcrank='$arcrank',
typeid='$typeid',
title='$title',
litpic='$litpic',
description='$description',
mtype = '$mtypesid',
keywords='$keywords',


+ 33
- 0
src/member/config.php View File

@@ -78,6 +78,39 @@ require_once(DEDEINC.'/filter.inc.php');
require_once(DEDEINC.'/memberlogin.class.php');
require_once(DEDEINC.'/dedetemplate.class.php');

// 检查CSRF
function CheckCSRF()
{
$cc_csrf_token_check = GetCookie("dede_csrf_token");
if (
!(isset($_POST['_csrf_token'], $cc_csrf_token_check)
&& is_string($_POST['_csrf_token']) && is_string($cc_csrf_token_check)
&& hash_equals($_POST['_csrf_token'], $cc_csrf_token_check))
) {
ShowMsg('CSRF校验失败,请刷新页面重新提交', '-1');
exit();
}
DropCookie("dede_csrf_token");
}

// 生成CSRF校验token,在比较重要的表单中应该要加上这个token校验
$cc_csrf_token = GetCookie("dede_csrf_token");
if (!isset($GLOBALS['csrf_token']) || $GLOBALS['csrf_token'] === null) {
if (isset($cc_csrf_token) && is_string($cc_csrf_token)
&& preg_match('#^[0-9a-f]{32}$#iS',$cc_csrf_token) === 1
) {
$GLOBALS['csrf_token'] = $cc_csrf_token;
} else {
$GLOBALS['csrf_token'] = md5(uniqid(mt_rand(), TRUE));
}
}

if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') {
PutCookie('dede_csrf_token', $GLOBALS['csrf_token'], 7200, '/');
}


//获得当前脚本名称,如果你的系统被禁用了$_SERVER变量,请自行更改这个选项
$dedeNowurl = $s_scriptName = '';
$dedeNowurl = GetCurUrl();


+ 47
- 72
src/member/edit_baseinfo.php View File

@@ -1,4 +1,5 @@
<?php
/**
* @version $Id: edit_baseinfo.php 1 8:38 2010年7月9日Z tianya $
* @package DedeCMS.Member
@@ -6,124 +7,98 @@
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
require_once(dirname(__FILE__)."/config.php");
CheckRank(0,0);
require_once(dirname(__FILE__) . "/config.php");
CheckRank(0, 0);
$menutype = 'config';
if(!isset($dopost)) $dopost = '';
if (!isset($dopost)) $dopost = '';
$pwd2=(empty($pwd2))? "" : $pwd2;
$row=$dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='".$cfg_ml->M_ID."'");
$pwd2 = (empty($pwd2)) ? "" : $pwd2;
$row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='" . $cfg_ml->M_ID . "'");
$face = $row['face'];
if($dopost=='save')
{
if ($dopost == 'save') {
$svali = GetCkVdValue();
if(strtolower($vdcode) != $svali || $svali=='')
{
// 校验CSRF
CheckCSRF();
if (strtolower($vdcode) != $svali || $svali == '') {
ReSETVdValue();
ShowMsg('验证码错误!','-1');
ShowMsg('验证码错误!', '-1');
exit();
}
if(!is_array($row) || $row['pwd'] != md5($oldpwd))
{
ShowMsg('你输入的旧密码错误或没填写,不允许修改资料!','-1');
if (!is_array($row) || $row['pwd'] != md5($oldpwd)) {
ShowMsg('你输入的旧密码错误或没填写,不允许修改资料!', '-1');
exit();
}
if($userpwd != $userpwdok)
{
ShowMsg('你两次输入的新密码不一致!','-1');
if ($userpwd != $userpwdok) {
ShowMsg('你两次输入的新密码不一致!', '-1');
exit();
}
if($userpwd=='')
{
if ($userpwd == '') {
$pwd = $row['pwd'];
}
else
{
} else {
$pwd = md5($userpwd);
$pwd2 = substr(md5($userpwd),5,20);
$pwd2 = substr(md5($userpwd), 5, 20);
}
$addupquery = '';
#api{{
if(defined('UC_API') && @include_once DEDEROOT.'/uc_client/client.php')
{
$emailnew = $email != $row['email'] ? $email : '';
$ucresult = uc_user_edit($cfg_ml->M_LoginID, $oldpwd, $userpwd, $emailnew);
}
#/aip}}
//修改安全问题或Email
if($email != $row['email'] || ($newsafequestion != 0 && $newsafeanswer != ''))
{
if($row['safequestion']!=0 && ($row['safequestion'] != $safequestion || $row['safeanswer'] != $safeanswer))
{
ShowMsg('你的旧安全问题及答案不正确,不能修改Email或安全问题!','-1');
if ($email != $row['email'] || ($newsafequestion != 0 && $newsafeanswer != '')) {
if ($row['safequestion'] != 0 && ($row['safequestion'] != $safequestion || $row['safeanswer'] != $safeanswer)) {
ShowMsg('你的旧安全问题及答案不正确,不能修改Email或安全问题!', '-1');
exit();
}
//修改Email
if($email != $row['email'])
{
if(!CheckEmail($email))
{
ShowMsg('Email格式不正确!','-1');
if ($email != $row['email']) {
if (!CheckEmail($email)) {
ShowMsg('Email格式不正确!', '-1');
exit();
}
else
{
} else {
$addupquery .= ",email='$email'";
}
}
//修改安全问题
if($newsafequestion != 0 && $newsafeanswer != '')
{
if(strlen($newsafeanswer) > 30)
{
ShowMsg('你的新安全问题的答案太长了,请保持在30字节以内!','-1');
if ($newsafequestion != 0 && $newsafeanswer != '') {
if (strlen($newsafeanswer) > 30) {
ShowMsg('你的新安全问题的答案太长了,请保持在30字节以内!', '-1');
exit();
}
else
{
$newsafequestion = HtmlReplace($newsafequestion,1);
$newsafeanswer = HtmlReplace($newsafeanswer,1);
} else {
$newsafequestion = HtmlReplace($newsafequestion, 1);
$newsafeanswer = HtmlReplace($newsafeanswer, 1);
$addupquery .= ",safequestion='$newsafequestion',safeanswer='$newsafeanswer'";
}
}
}
//修改uname
if($uname != $row['uname'])
{
$rs = CheckUserID($uname,'昵称或公司名称',FALSE);
if($rs!='ok')
{
ShowMsg($rs,'-1');
if ($uname != $row['uname']) {
$rs = CheckUserID($uname, '昵称或公司名称', FALSE);
if ($rs != 'ok') {
ShowMsg($rs, '-1');
exit();
}
$addupquery .= ",uname='$uname'";
}
//性别
if( !in_array($sex, array('男','女','保密')) )
{
ShowMsg('请选择正常的性别!','-1');
exit();
if (!in_array($sex, array('男', '女', '保密'))) {
ShowMsg('请选择正常的性别!', '-1');
exit();
}
$query1 = "UPDATE `#@__member` SET pwd='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' ";
$query1 = "UPDATE `#@__member` SET pwd='$pwd',sex='$sex'{$addupquery} where mid='" . $cfg_ml->M_ID . "' ";
$dsql->ExecuteNoneQuery($query1);
//如果是管理员,修改其后台密码
if($cfg_ml->fields['matt']==10 && $pwd2!="")
{
$query2 = "UPDATE `#@__admin` SET pwd='$pwd2' where id='".$cfg_ml->M_ID."' ";
if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") {
$query2 = "UPDATE `#@__admin` SET pwd='$pwd2' where id='" . $cfg_ml->M_ID . "' ";
$dsql->ExecuteNoneQuery($query2);
}
// 清除会员缓存
$cfg_ml->DelCache($cfg_ml->M_ID);
ShowMsg('成功更新你的基本资料!','edit_baseinfo.php',0,5000);
ShowMsg('成功更新你的基本资料!', 'edit_baseinfo.php', 0, 5000);
exit();
}
include(DEDEMEMBER."/templets/edit_baseinfo.htm");
include(DEDEMEMBER . "/templets/edit_baseinfo.htm");

+ 4
- 49
src/member/edit_face.php View File

@@ -19,31 +19,10 @@ if(!isset($backurl))
}
if($dopost=='save')
{
$maxlength = $cfg_max_face * 1024;
$userdir = $cfg_user_dir.'/'.$cfg_ml->M_ID;
if(!preg_match("#^".$userdir."#", $oldface))
{
$oldface = '';
}
if(is_uploaded_file($face))
{
if(@filesize($_FILES['face']['tmp_name']) > $maxlength)
{
ShowMsg("你上传的头像文件超过了系统限制大小:{$cfg_max_face} K!", '-1');
exit();
}
//删除旧图片(防止文件扩展名不同,如:原来的是gif,后来的是jpg)
if(preg_match("#\.(jpg|gif|png)$#i", $oldface) && file_exists($cfg_basedir.$oldface))
{
@unlink($cfg_basedir.$oldface);
}
//上传新工图片
$face = MemberUploads('face', $oldface, $cfg_ml->M_ID, 'image', 'myface', 180, 180);
}
else
{
$face = $oldface;
}
// 校验CSRF
CheckCSRF();
$face = HtmlReplace($faceurl,-1);
$query = "UPDATE `#@__member` SET `face` = '$face' WHERE mid='{$cfg_ml->M_ID}' ";
$dsql->ExecuteNoneQuery($query);
// 清除缓存
@@ -51,30 +30,6 @@ if($dopost=='save')
ShowMsg('成功更新头像信息!', $backurl);
exit();
}
else if($dopost=='delold')
{
if(empty($oldface))
{
ShowMsg("没有可删除的头像!", "-1");
exit();
}
$userdir = $cfg_user_dir.'/'.$cfg_ml->M_ID;
if(!preg_match("#^".$userdir."#", $oldface) || preg_match('#\.\.#', $oldface))
{
$oldface = '';
}
if(preg_match("#\.(jpg|gif|png)$#i", $oldface) && file_exists($cfg_basedir.$oldface))
{
@unlink($cfg_basedir.$oldface);
}
$query = "UPDATE `#@__member` SET `face` = '' WHERE mid='{$cfg_ml->M_ID}' ";
$dsql->ExecuteNoneQuery($query);
// 清除缓存
$cfg_ml->DelCache($cfg_ml->M_ID);
ShowMsg('成功删除原来的头像!', $backurl);
exit();
}
$face = $cfg_ml->fields['face'];
include(DEDEMEMBER."/templets/edit_face.htm");
exit();
?>

+ 68
- 87
src/member/edit_fullinfo.php View File

@@ -1,4 +1,5 @@
<?php
/**
* @version $Id: edit_fullinfo.php 1 8:38 2010年7月9日Z tianya $
* @package DedeCMS.Member
@@ -6,112 +7,92 @@
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
require_once(dirname(__FILE__).'/config.php');
require_once DEDEINC.'/membermodel.cls.php';
require_once(DEDEINC."/userlogin.class.php");
CheckRank(0,0);
require_once(DEDEINC.'/enums.func.php');
require_once(dirname(__FILE__) . '/config.php');
require_once DEDEINC . '/membermodel.cls.php';
require_once(DEDEINC . "/userlogin.class.php");
CheckRank(0, 0);
require_once(DEDEINC . '/enums.func.php');
$menutype = 'config';
if(!isset($dopost)) $dopost = '';
if (!isset($dopost)) $dopost = '';
if ($dopost == '') {
if($dopost=='')
{
$dede_fields = empty($dede_fields) ? '' : trim($dede_fields);
if(!empty($dede_fields))
{
if($dede_fieldshash != md5($dede_fields.$cfg_cookie_encode))
{
showMsg('数据校验不对,程序返回', '-1');
exit();
}
}
$dede_fieldshash = empty($dede_fieldshash) ? '' : trim($dede_fieldshash);
$membermodel = new membermodel($cfg_ml->M_MbType);
$modelform = $dsql->GetOne("SELECT * FROM #@__member_model WHERE id='$membermodel->modid' ");
if(!is_array($modelform))
{
if (!is_array($modelform)) {
showmsg('模型表单不存在', '-1');
exit();
}
$row = $dsql->GetOne("SELECT * FROM ".$modelform['table']." WHERE mid=$cfg_ml->M_ID");
if(!is_array($row))
{
$row = $dsql->GetOne("SELECT * FROM " . $modelform['table'] . " WHERE mid=$cfg_ml->M_ID");
if (!is_array($row)) {
showmsg("你访问的记录不存在或未经审核", '-1');
exit();
}
$postform = $membermodel->getForm('edit', $row, 'membermodel');
include(DEDEMEMBER."/templets/edit_fullinfo.htm");
include(DEDEMEMBER . "/templets/edit_fullinfo.htm");
exit();
}
/*------------------------
function __Save()
------------------------*/
if($dopost=='save'){
$membermodel = new membermodel($cfg_ml->M_MbType);
$postform = $membermodel->getForm(true);
if ($dopost == 'save') {
// 校验CSRF
CheckCSRF();
//这里完成详细内容填写
$dede_fields = empty($dede_fields) ? '' : trim($dede_fields);
$dede_fieldshash = empty($dede_fieldshash) ? '' : trim($dede_fieldshash);
$modid = empty($modid)? 0 : intval(preg_replace("/[^\d]/",'', $modid));
if(!empty($dede_fields))
{
if($dede_fieldshash != md5($dede_fields.$cfg_cookie_encode))
{
showMsg('数据校验不对,程序返回', '-1');
exit();
}
}
$modelform = $dsql->GetOne("SELECT * FROM #@__member_model WHERE id='$modid' ");
if(!is_array($modelform))
{
showmsg('模型表单不存在', '-1');
$membermodel = new membermodel($cfg_ml->M_MbType);
$postform = $membermodel->getForm(true);
//这里完成详细内容填写
$dede_fields = empty($dede_fields) ? '' : trim($dede_fields);
$dede_fieldshash = empty($dede_fieldshash) ? '' : trim($dede_fieldshash);
$modid = empty($modid) ? 0 : intval(preg_replace("/[^\d]/", '', $modid));
if (!empty($dede_fields)) {
if ($dede_fieldshash != md5($dede_fields . $cfg_cookie_encode)) {
showMsg('数据校验不对,程序返回', '-1');
exit();
}
$inadd_f = '';
if(!empty($dede_fields))
{
$fieldarr = explode(';', $dede_fields);
if(is_array($fieldarr))
{
foreach($fieldarr as $field)
{
if($field == '') continue;
$fieldinfo = explode(',', $field);
if($fieldinfo[1] == 'textdata')
{
${$fieldinfo[0]} = FilterSearch(stripslashes(${$fieldinfo[0]}));
${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});
} else if ($fieldinfo[1] == 'img')
{
${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});
}
else
{
if(empty(${$fieldinfo[0]})) ${$fieldinfo[0]} = '';
${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','diy', $fieldinfo[0]);
}
if($fieldinfo[0]=="birthday") ${$fieldinfo[0]}=GetDateMk(${$fieldinfo[0]});
$inadd_f .= ','.$fieldinfo[0]." ='".${$fieldinfo[0]}."'";
}
$modelform = $dsql->GetOne("SELECT * FROM #@__member_model WHERE id='$modid' ");
if (!is_array($modelform)) {
showmsg('模型表单不存在', '-1');
exit();
}
$inadd_f = '';
if (!empty($dede_fields)) {
$fieldarr = explode(';', $dede_fields);
if (is_array($fieldarr)) {
foreach ($fieldarr as $field) {
if ($field == '') continue;
$fieldinfo = explode(',', $field);
if ($fieldinfo[1] == 'textdata') {
${$fieldinfo[0]} = FilterSearch(stripslashes(${$fieldinfo[0]}));
${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});
} else if ($fieldinfo[1] == 'img') {
${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});
} else {
if (empty(${$fieldinfo[0]})) ${$fieldinfo[0]} = '';
${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1], 0, 'add', '', 'diy', $fieldinfo[0]);
}
if ($fieldinfo[0] == "birthday") ${$fieldinfo[0]} = GetDateMk(${$fieldinfo[0]});
${$fieldinfo[0]} = HtmlReplace(${$fieldinfo[0]}, -1);
$inadd_f .= ',' . $fieldinfo[0] . " ='" . ${$fieldinfo[0]} . "'";
}
}
$inadd_f=preg_replace('/,/','',$inadd_f,1);
$query = "UPDATE `{$membermodel->table}`set {$inadd_f} WHERE mid='{$cfg_ml->M_ID}'";
// 清除缓存
$cfg_ml->DelCache($cfg_ml->M_ID);
if(!$dsql->ExecuteNoneQuery($query))
{
ShowMsg("更新附加表 `{$membermodel->table}` 时出错,请联系管理员!","javascript:;");
exit();
}else{
ShowMsg('成功更新你的详细资料!','edit_fullinfo.php',0,5000);
exit();
}
}
}
$inadd_f = preg_replace('/,/', '', $inadd_f, 1);
$query = "UPDATE `{$membermodel->table}` set {$inadd_f} WHERE mid='{$cfg_ml->M_ID}'";
// 清除缓存
$cfg_ml->DelCache($cfg_ml->M_ID);
if (!$dsql->ExecuteNoneQuery($query)) {
ShowMsg("更新附加表 `{$membermodel->table}` 时出错,请联系管理员!", "javascript:;");
exit();
} else {
ShowMsg('成功更新你的详细资料!', 'edit_fullinfo.php', 0, 5000);
exit();
}
}

+ 2
- 28
src/member/edit_space_info.php View File

@@ -21,34 +21,8 @@ if($dopost=='save')
$spacename =(empty($spacename))? "" : $spacename;
$maxlength = $cfg_max_face * 1024;
$userdir = $cfg_user_dir.'/'.$cfg_ml->M_ID;
if (strpos($oldspacelogo,"..") > 0)
{
die("not support!");
}
if(!preg_match('#^'.$userdir."#", $oldspacelogo))
{
$oldspacelogo = '';
}
if(is_uploaded_file($spacelogo))
{
if(@filesize($_FILES['spacelogo']['tmp_name']) > $maxlength)
{
ShowMsg("你上传的Logo文件超过了系统限制大小:{$cfg_max_face} K!", '-1');
exit();
}
//删除旧图片(防止文件扩展名不同,如:原来的是gif,后来的是jpg)
if(preg_match("#\.(jpg|gif|png)$#i", $oldspacelogo) && file_exists($cfg_basedir.$oldspacelogo))
{
@unlink($cfg_basedir.$oldspacelogo);
}
//上传新工图片
$spacelogo = MemberUploads('spacelogo','',$cfg_ml->M_ID,'image','mylogo', 200, 50);
} else {
$spacelogo = $oldspacelogo;
}
$spacelogo = HtmlReplace($spacelogo, -1) ;
$pagesize = intval($pagesize);
if($pagesize<=0)
{


+ 31
- 45
src/member/inc/archives_check.php View File

@@ -1,4 +1,5 @@
<?php
/**
* 文档验证
*
@@ -8,27 +9,27 @@
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
if(!defined('DEDEMEMBER')) exit('dedecms');
if (!defined('DEDEMEMBER')) exit('dedecms');
include_once(DEDEINC.'/image.func.php');
include_once(DEDEINC.'/oxwindow.class.php');
include_once(DEDEINC . '/image.func.php');
include_once(DEDEINC . '/oxwindow.class.php');
$svali = GetCkVdValue();
if(preg_match("/3/",$safe_gdopen)){
if(strtolower($vdcode)!=$svali || $svali=='')
{
if (preg_match("/3/", $safe_gdopen)) {
if (strtolower($vdcode) != $svali || $svali == '') {
ResetVdValue();
ShowMsg('验证码错误!', '-1');
exit();
}
}
// 校验CSRF
CheckCSRF();
$faqkey = isset($faqkey) && is_numeric($faqkey) ? $faqkey : 0;
$safe_faq_send = isset($safe_faq_send) && is_numeric($safe_faq_send) ? $safe_faq_send : 0;
if($safe_faq_send == '1')
{
if($safefaqs[$faqkey]['answer'] != $safeanswer || $safeanswer=='')
{
if ($safe_faq_send == '1') {
if ($safefaqs[$faqkey]['answer'] != $safeanswer || $safeanswer == '') {
ShowMsg('验证问题答案错误', '-1');
exit();
}
@@ -38,8 +39,7 @@ $flag = '';
$autokey = $remote = $dellink = $autolitpic = 0;
$userip = GetIP();
if($typeid==0)
{
if ($typeid == 0) {
ShowMsg('请指定文档隶属的栏目!', '-1');
exit();
}
@@ -49,39 +49,31 @@ $query = "Select tp.ispart,tp.channeltype,tp.issend,ch.issend as cissend,ch.send
$cInfos = $dsql->GetOne($query);
//检测栏目是否有投稿权限
if($cInfos['issend']!=1 || $cInfos['ispart']!=0 || $cInfos['channeltype']!=$channelid || $cInfos['cissend']!=1)
{
ShowMsg("你所选择的栏目不支持投稿!","-1");
if ($cInfos['issend'] != 1 || $cInfos['ispart'] != 0 || $cInfos['channeltype'] != $channelid || $cInfos['cissend'] != 1) {
ShowMsg("你所选择的栏目不支持投稿!", "-1");
exit();
}
//检查频道设定的投稿许可权限
if($cInfos['sendrank'] > $cfg_ml->M_Rank )
{
$row = $dsql->GetOne("Select membername From #@__arcrank where rank='".$cInfos['sendrank']."' ");
ShowMsg("对不起,需要[".$row['membername']."]才能在这个频道发布文档!","-1","0",5000);
if ($cInfos['sendrank'] > $cfg_ml->M_Rank) {
$row = $dsql->GetOne("Select membername From #@__arcrank where rank='" . $cInfos['sendrank'] . "' ");
ShowMsg("对不起,需要[" . $row['membername'] . "]才能在这个频道发布文档!", "-1", "0", 5000);
exit();
}
if($cInfos['usertype'] !='' && $cInfos['usertype'] != $cfg_ml->M_MbType)
{
ShowMsg("对不起,需要[".$cInfos['usertype']."]才能在这个频道发布文档!","-1","0",5000);
if ($cInfos['usertype'] != '' && $cInfos['usertype'] != $cfg_ml->M_MbType) {
ShowMsg("对不起,需要[" . $cInfos['usertype'] . "]才能在这个频道发布文档!", "-1", "0", 5000);
exit();
}
//文档的默认状态
if($cInfos['arcsta']==0)
{
if ($cInfos['arcsta'] == 0) {
$ismake = 0;
$arcrank = 0;
}
else if($cInfos['arcsta']==1)
{
} else if ($cInfos['arcsta'] == 1) {
$ismake = -1;
$arcrank = 0;
}
else
{
} else {
$ismake = 0;
$arcrank = -1;
}
@@ -90,24 +82,18 @@ else
$money = 0;
$flag = $shorttitle = $color = $source = '';
$sortrank = $senddate = $pubdate = time();
$title = cn_substrR(HtmlReplace($title,1),$cfg_title_maxlen);
$writer = cn_substrR(HtmlReplace($writer,1),20);
if(empty($description)) $description = '';
$description = cn_substrR(HtmlReplace($description,1),250);
$keywords = cn_substrR(HtmlReplace($tags,1),30);
$title = cn_substrR(HtmlReplace($title, 1), $cfg_title_maxlen);
$writer = cn_substrR(HtmlReplace($writer, 1), 20);
if (empty($description)) $description = '';
$description = cn_substrR(HtmlReplace($description, 1), 250);
$keywords = cn_substrR(HtmlReplace($tags, 1), 30);
$mid = $cfg_ml->M_ID;
//处理上传的缩略图
$litpic = MemberUploads('litpic', '', $cfg_ml->M_ID, 'image', '', $cfg_ddimg_width, $cfg_ddimg_height, FALSE);
if($litpic!='') SaveUploadInfo($title,$litpic,1);
//检测文档是否重复
if($cfg_mb_cktitle=='Y')
{
if ($cfg_mb_cktitle == 'Y') {
$row = $dsql->GetOne("SELECT * FROM `#@__archives` WHERE title LIKE '$title' ");
if(is_array($row))
{
ShowMsg("对不起,请不要发布重复文档!","-1","0",5000);
if (is_array($row)) {
ShowMsg("对不起,请不要发布重复文档!", "-1", "0", 5000);
exit();
}
}
}

+ 32
- 41
src/member/inc/archives_check_edit.php View File

@@ -1,4 +1,5 @@
<?php
/**
* 文档编辑验证
*
@@ -8,86 +9,76 @@
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
if(!defined('DEDEMEMBER')) exit('dedecms');
if (!defined('DEDEMEMBER')) exit('dedecms');
require_once(DEDEINC."/image.func.php");
require_once(DEDEINC."/oxwindow.class.php");
require_once(DEDEINC . "/image.func.php");
require_once(DEDEINC . "/oxwindow.class.php");
$flag = '';
$typeid = isset($typeid) && is_numeric($typeid) ? $typeid : 0;
$userip = GetIP();
$svali = GetCkVdValue();
if(preg_match("/3/",$safe_gdopen)){
if(strtolower($vdcode)!=$svali || $svali=='')
{
if (preg_match("/3/", $safe_gdopen)) {
if (strtolower($vdcode) != $svali || $svali == '') {
ResetVdValue();
ShowMsg('验证码错误!', '-1');
exit();
}
}
if($typeid==0)
if ($typeid == 0) {
ShowMsg('请指定文档隶属的栏目!', '-1');
exit();
}
if (empty($idhash) || $idhash != hash("sha256", $aid.$cfg_cookie_encode))
{
ShowMsg('请指定文档隶属的栏目!','-1');
showMsg('数据校验不对,程序返回', '-1');
exit();
}
// 校验CSRF
CheckCSRF();
$query = "SELECT tp.ispart,tp.channeltype,tp.issend,ch.issend as cissend,ch.sendrank,ch.arcsta,ch.addtable,ch.fieldset,ch.usertype
FROM `#@__arctype` tp LEFT JOIN `#@__channeltype` ch ON ch.id=tp.channeltype WHERE tp.id='$typeid' ";
$cInfos = $dsql->GetOne($query);
$addtable = $cInfos['addtable'];
//检测栏目是否有投稿权限
if($cInfos['issend']!=1 || $cInfos['ispart']!=0|| $cInfos['channeltype']!=$channelid || $cInfos['cissend']!=1)
{
ShowMsg("你所选择的栏目不支持投稿!","-1");
if ($cInfos['issend'] != 1 || $cInfos['ispart'] != 0 || $cInfos['channeltype'] != $channelid || $cInfos['cissend'] != 1) {
ShowMsg("你所选择的栏目不支持投稿!", "-1");
exit();
}
//文档的默认状态
if($cInfos['arcsta']==0)
{
if ($cInfos['arcsta'] == 0) {
$ismake = 0;
$arcrank = 0;
}
else if($cInfos['arcsta']==1)
{
} else if ($cInfos['arcsta'] == 1) {
$ismake = -1;
$arcrank = 0;
}
else
{
} else {
$ismake = 0;
$arcrank = -1;
}
//对保存的内容进行处理
$title = cn_substrR(HtmlReplace($title,1),$cfg_title_maxlen);
$writer = cn_substrR(HtmlReplace($writer,1),20);
if(empty($description)) $description = '';
$description = cn_substrR(HtmlReplace($description,1),250);
$keywords = cn_substrR(HtmlReplace($tags,1),30);
$title = cn_substrR(HtmlReplace($title, 1), $cfg_title_maxlen);
$writer = cn_substrR(HtmlReplace($writer, 1), 20);
if (empty($description)) $description = '';
$description = cn_substrR(HtmlReplace($description, 1), 250);
$keywords = cn_substrR(HtmlReplace($tags, 1), 30);
$mid = $cfg_ml->M_ID;
$midQuery = "SELECT mid FROM `#@__arctiny` WHERE id='$aid'";
$midRow = $dsql->GetOne($midQuery);
if($midRow['mid'] != $mid)
{
ShowMsg('您暂无权限在这里进行修改文档!','javascript:;');
if ($midRow['mid'] != $mid) {
ShowMsg('您暂无权限在这里进行修改文档!', 'javascript:;');
exit;
}
$isadmin = ($cfg_ml->fields['matt']==10 ? true : false);
if (empty($oldlitpic))
{
$isadmin = ($cfg_ml->fields['matt'] == 10 ? true : false);
if (empty($oldlitpic)) {
$oldlitpic = '';
}
//处理上传的缩略图
if($litpic != '')
{
$litpic = MemberUploads('litpic', $oldlitpic, $mid, 'image', '', $cfg_ddimg_width, $cfg_ddimg_height, false, $isadmin);
SaveUploadInfo($title, $litpic, 1);
}
else
{
$litpic =$oldlitpic; if (strpos( $litpic, '..') !== false || strpos( $litpic, $cfg_user_dir."/{$userid}/" ) === false) exit('not allowed path!');
}

+ 3
- 121
src/member/inc/inc_archives_functions.php View File

@@ -217,7 +217,6 @@ function GetFormItemValueA($ctag,$fvalue)
*/
function PrintAutoFieldsAdd(&$fieldset, $loadtype='all', $isprint=TRUE)
{
global $cfg_cookie_encode;
$dtp = new DedeTagParse();
$dtp->SetNameSpace('field','<','>');
$dtp->LoadSource($fieldset);
@@ -235,8 +234,8 @@ function PrintAutoFieldsAdd(&$fieldset, $loadtype='all', $isprint=TRUE)
}
}
}
if ($isprint) echo "<input type='hidden' name='dede_addonfields' value=\"".$dede_addonfields."\">\r\n";
echo "<input type=\"hidden\" name=\"dede_fieldshash\" value=\"".md5($dede_addonfields . 'anythingelse' .$cfg_cookie_encode) ."\" />";
echo "<input type=\"hidden\" name=\"_csrf_token\" value=\"".$GLOBALS['csrf_token']."\" />";
// 增加一个返回
return $addonfieldsname;
}
@@ -267,7 +266,7 @@ function PrintAutoFieldsEdit(&$fieldset, &$fieldValues, $loadtype='all')
}
}
}
echo "<input type='hidden' name='dede_addonfields' value=\"".$dede_addonfields."\">\r\n";
echo "<input type=\"hidden\" name=\"_csrf_token\" value=\"".$GLOBALS['csrf_token']."\" />";
}
/**
@@ -279,7 +278,6 @@ function PrintAutoFieldsEdit(&$fieldset, &$fieldValues, $loadtype='all')
*/
function MakeArt($aid, $ismakesign=FALSE)
{
global $cfg_makeindex,$cfg_basedir,$cfg_templets_dir,$cfg_df_style;
include_once(DEDEINC.'/arc.archives.class.php');
if($ismakesign)
{
@@ -410,119 +408,3 @@ function GetCurContent(&$body)
$htd->Close();
return $body;
}
/**
* 上传一个未经处理的图片
*
* 参数一 upname 上传框名称
* 参数二 handurl 手工填写的网址
* 参数三 ddisremote 是否下载远程图片 0 不下, 1 下载
* 参数四 ntitle 注解文字 如果表单有 title 字段可不管
*
* @access public
* @param string $upname 上传名称
* @param string $handurl 操作地址
* @param int $isremote 是否远程
* @param string $ntitle 注释文字
* @return string
*/
function UploadOneImage($upname,$handurl='',$isremote=1,$ntitle='')
{
global $cfg_ml,$cfg_basedir,$cfg_image_dir,$dsql,$title, $dsql;
if($ntitle!='')
{
$title = $ntitle;
}
$ntime = time();
$filename = '';
$isrm_up = false;
$handurl = trim($handurl);
//如果用户自行上传了图片
if(!empty($_FILES[$upname]['tmp_name']) && is_uploaded_file($_FILES[$upname]['tmp_name']))
{
$istype = 0;
$sparr = Array("image/pjpeg","image/jpeg","image/gif","image/png");
$_FILES[$upname]['type'] = strtolower(trim($_FILES[$upname]['type']));
if(!in_array($_FILES[$upname]['type'],$sparr))
{
ShowMsg("上传的图片格式错误,请使用JPEG、GIF、PNG格式的其中一种!","-1");
exit();
}
if(!empty($handurl) && !preg_match("#^http:\/\/#", $handurl) && file_exists($cfg_basedir.$handurl) )
{
$dsql->ExecuteNoneQuery("Delete From #@__uploads where url like '$handurl' ");
$fullUrl = preg_replace("#\.([a-z]*)$#i", "", $handurl);
}
else
{
$savepath = $cfg_image_dir."/".strftime("%Y-%m",$ntime);
CreateDir($savepath);
$fullUrl = $savepath."/".strftime("%d",$ntime).dd2char(strftime("%H%M%S",$ntime).'0'.$cfg_ml->M_ID.'0'.mt_rand(1000,9999));
}
if(strtolower($_FILES[$upname]['type'])=="image/gif")
{
$fullUrl = $fullUrl.".gif";
}
else if(strtolower($_FILES[$upname]['type'])=="image/png")
{
$fullUrl = $fullUrl.".png";
}
else
{
$fullUrl = $fullUrl.".jpg";
}
//保存
@move_uploaded_file($_FILES[$upname]['tmp_name'],$cfg_basedir.$fullUrl);
$filename = $fullUrl;
//水印
@WaterImg($imgfile,'up');
$isrm_up = TRUE;
}
//远程或选择本地图片
else{
if($handurl=='')
{
return '';
}
//远程图片并要求本地化
if($isremote==1 && preg_match("#^http:\/\/#", $handurl))
{
$ddinfos = GetRemoteImage($handurl,$cuserLogin->getUserID());
if(!is_array($ddinfos))
{
$litpic = "";
}
else
{
$filename = $ddinfos[0];
}
$isrm_up = TRUE;
//本地图片或远程不要求本地化
}
else
{
$filename = $handurl;
}
}
$imgfile = $cfg_basedir.$filename;
if(is_file($imgfile) && $isrm_up && $filename!='')
{
$info = "";
$imginfos = GetImageSize($imgfile,$info);
//把新上传的图片信息保存到媒体文档管理档案中
$inquery = "
INSERT INTO #@__uploads(title,url,mediatype,width,height,playtime,filesize,uptime,mid)
VALUES ('$title','$filename','1','".$imginfos[0]."','".$imginfos[1]."','0','".filesize($imgfile)."','".time()."','".$cfg_ml->M_ID."');
";
$dsql->ExecuteNoneQuery($inquery);
}
$fid = $dsql->GetLastID();
AddMyAddon($fid, $filename);
return $filename;
}

+ 15
- 15
src/member/mystow.php View File

@@ -1,4 +1,5 @@
<?php

/**
* 我的收藏夹
*
@@ -8,30 +9,29 @@
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
require_once(dirname(__FILE__)."/config.php");
CheckRank(0,0);
require_once(DEDEINC."/datalistcp.class.php");
setcookie("ENV_GOBACK_URL",GetCurUrl(),time()+3600,"/");
$type = empty($type)? "sys" : trim($type);
require_once(dirname(__FILE__) . "/config.php");
CheckRank(0, 0);
require_once(DEDEINC . "/datalistcp.class.php");
setcookie("ENV_GOBACK_URL", GetCurUrl(), time() + 3600, "/");
$type = empty($type) ? "sys" : trim($type);
$tpl = '';
$menutype = 'mydede';
$rank = empty($rank)? "" : $rank;
if($rank == 'top'){
$rank = empty($rank) ? "" : $rank;
if ($rank == 'top') {
$sql = "SELECT s.*,COUNT(s.aid) AS num,t.* from #@__member_stow AS s LEFT JOIN `#@__member_stowtype` AS t on t.stowname=s.type group by s.aid order by num desc";
$tpl = 'stowtop';
}else{
$sql = "SELECT s.*,t.* FROM `#@__member_stow` AS s left join `#@__member_stowtype` AS t on t.stowname=s.type where s.mid='".$cfg_ml->M_ID."' order by s.id desc";
} else {
$sql = "SELECT s.*,t.* FROM `#@__member_stow` AS s left join `#@__member_stowtype` AS t on t.stowname=s.type where s.mid='" . $cfg_ml->M_ID . "' order by s.id desc";
$tpl = 'mystow';
}

$dsql->Execute('nn','SELECT indexname,stowname FROM `#@__member_stowtype`');
while($row = $dsql->GetArray('nn'))
{
$rows[]=$row;
$dsql->Execute('nn', 'SELECT indexname,stowname FROM `#@__member_stowtype`');
while ($row = $dsql->GetArray('nn')) {
$rows[] = $row;
}

$dlist = new DataListCP();
$dlist->pageSize = 20;
$dlist->SetTemplate(DEDEMEMBER."/templets/$tpl.htm");
$dlist->SetTemplate(DEDEMEMBER . "/templets/$tpl.htm");
$dlist->SetSource($sql);
$dlist->Display();
$dlist->Display();

+ 0
- 4
src/member/templets/album_add.htm View File

@@ -67,10 +67,6 @@
<label>图集简介:</label>
<textarea name="description" id="description"></textarea>(内容的简要说明)
</p>
<p class="cellBg">
<label>缩略图:</label>
<input name="litpic" type="file" id="litpic" onchange="SeePicNew('divpicview',this);" maxlength="100" class="intxt"/>
</p>
</div>
<input name="maxwidth" type="hidden" id="maxwidth" value="<?php echo $cfg_album_width; ?>" />
<input name="prow" type="hidden" value="<?php echo $cfg_album_row; ?>" />


+ 2
- 12
src/member/templets/album_edit.htm View File

@@ -25,7 +25,7 @@
<form name="addcontent" action="album_edit.php" method="post" enctype="multipart/form-data" onsubmit="return checkSubmit();">
<input type="hidden" name="dopost" value="save" />
<input type="hidden" name="aid" value="<?php echo $row['id']; ?>" />
<input type="hidden" name="idhash" value="<?php echo md5($row['id'].$cfg_cookie_encode); ?>" />
<input type="hidden" name="idhash" value="<?php echo hash('sha256', $row['id'].$cfg_cookie_encode); ?>" />
<input type="hidden" name="channelid" value="<?php echo $row['channel']; ?>" />
<input type="hidden" name="oldlitpic" value="<?php echo $row['litpic']; ?>" />
<input type="hidden" name="sortrank" value="<?php echo $row['sortrank']; ?>" />
@@ -69,17 +69,7 @@
<label>图集简介:</label>
<textarea name="description" id="description"><?php echo $row["description"]; ?></textarea>(内容的简要说明)
</p>
<p class="cellBg">
<label>缩略图:</label>
<input name="litpic" type="file" id="litpic" onchange="SeePicNew('divpicview',this);" maxlength="100" class="intxt"/>
</p>
<?php if($row['litpic']!=''){ ?>
<p>
<label style="width: 85px;">原来的缩略图:</label>
<img name="nlitpic" id="nlitpic" src='<?php echo $row['litpic']; ?>' style="width: 200px; height:150px"/>
</p>
<?php
}
//自定义字段
PrintAutoFieldsEdit($row['fieldset'],$addRow,'autofield');
?>
@@ -126,7 +116,7 @@
</tr>
<tr>
<td width="310" height="25"> 本地上传:
<input type="file" name='imgfile<?php echo $j; ?>' style="width:200px;" maxlength="100" class="intxt" onchange="SeePicNew('divpicview<?php echo $j; ?>',this);" />
<input type="text" name='imgfile<?php echo $j; ?>' style="width:200px;" maxlength="100" class="intxt"/>
</td>
<td width="322" rowspan="3" align="center"><div id='divpicview<?php echo $j; ?>' class='divpre' style="height:5px"></div>
<img src="<?php echo trim($ctag->GetInnerText()); ?>" id="picview<?php echo $j; ?>" name="picview<?php echo $j; ?>" style="width: 128px; height: 128px;"/></td>


+ 88
- 85
src/member/templets/archives_add.htm View File

@@ -1,55 +1,60 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title>发表<?php echo $cInfos['typename']; ?> - 会员中心 - <?php echo $cfg_webname; ?></title>
<link href="templets/style/base.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../static/js/jquery.js"></script>
<script language='javascript' src="templets/js/main.js"></script>
<script type="text/javascript" src="templets/js/inputAutoClear.js"></script>
<script type="text/javascript" src="templets/js/load.js"></script>
<script type="text/javascript" src="templets/js/leftmenu.js"></script>
<script type="text/javascript" src="templets/js/checkSubmit.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title>发表<?php echo $cInfos['typename']; ?> - 会员中心 - <?php echo $cfg_webname; ?></title>
<link href="templets/style/base.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../static/js/jquery.js"></script>
<script language='javascript' src="templets/js/main.js"></script>
<script type="text/javascript" src="templets/js/inputAutoClear.js"></script>
<script type="text/javascript" src="templets/js/load.js"></script>
<script type="text/javascript" src="templets/js/leftmenu.js"></script>
<script type="text/javascript" src="templets/js/checkSubmit.js"></script>
</head>
<body>
<div id="main">
<?php include(DEDEMEMBER."/templets/head.htm"); ?>
<div id="content" class="w960 clearfix">
<?php include(DEDEMEMBER."/templets/menu.php"); ?>
<div id="mcpmain">
<div id="appTab">
<div id="appTab2">
<ul>
<li class="thisTab"><a href="#"><span>发表<?php echo $cInfos['typename']; ?></span></a></li>
</ul>
<div id="main">
<?php include(DEDEMEMBER."/templets/head.htm"); ?>
<div id="content" class="w960 clearfix">
<?php include(DEDEMEMBER."/templets/menu.php"); ?>
<div id="mcpmain">
<div id="appTab">
<div id="appTab2">
<ul>
<li class="thisTab"><a href="#"><span>发表<?php echo $cInfos['typename']; ?></span></a></li>
</ul>
</div>
</div>
</div>
<form name="addcontent" action="archives_add.php" method="post" enctype="multipart/form-data" onsubmit="return checkSubmit();">
<form name="addcontent" action="archives_add.php" method="post" enctype="multipart/form-data"
onsubmit="return checkSubmit();">
<input type="hidden" name="dopost" value="save" />
<input type="hidden" name="channelid" value="<?php echo $channelid; ?>" />
<div id="mainCp">
<h3 class="meTitle"><strong>发表<?php echo $cInfos['typename']; ?></strong></h3>
<div class="postForm">
<p class="cellBg">
<label><?php echo $cInfos['titlename']; ?>:</label>
<input name="title" type="text" id="title" value="请输入内容主题" maxlength="100" class="intxt" onfocus="inputAutoClear(this)"/>
</p>
<p>
<label>标签TAG:</label>
<input name="tags" type="text" id="tags" size="30" class="intxt" style="width:400px;"/> (用逗号分开)
</p>
<p class="cellBg">
<label>作者:</label>
<input type="text" name="writer" id="writer" value="<?php echo $cfg_ml->M_UserName?>" class="intxt" />
</p>
<?php
<div id="mainCp">
<h3 class="meTitle"><strong>发表<?php echo $cInfos['typename']; ?></strong></h3>
<div class="postForm">
<p class="cellBg">
<label><?php echo $cInfos['titlename']; ?>:</label>
<input name="title" type="text" id="title" value="请输入内容主题" maxlength="100" class="intxt"
onfocus="inputAutoClear(this)" />
</p>
<p>
<label>标签TAG:</label>
<input name="tags" type="text" id="tags" size="30" class="intxt" style="width:400px;" /> (用逗号分开)
</p>
<p class="cellBg">
<label>作者:</label>
<input type="text" name="writer" id="writer" value="<?php echo $cfg_ml->M_UserName?>" class="intxt" />
</p>
<?php
if($cInfos['dfcid']>0) {
echo "<input type='hidden' name='typeid' value='{$cInfos['dfcid']}' />";
}else{
?>
<p>
<label>隶属栏目:</label>
<?php
<p>
<label>隶属栏目:</label>
<?php
$typeOptions = GetOptionList(0,$channelid);
echo "<select name='typeid' size='1'>\r\n";
echo "<option value='0' selected>请选择栏目...</option>\r\n";
@@ -57,70 +62,68 @@
echo "</select>";
?>
<span style="color:#F00">*</span>(不能选择带颜色的分类)
</p>
<?php
</p>
<?php
}
?>
<p class="cellBg">
<label>我的分类:</label>
<?php
<p class="cellBg">
<label>我的分类:</label>
<?php
$classlist = classification($cfg_ml->M_ID, 0, $channelid);
echo "<select name='mtypesid' size='1'>\r\n";
echo "<option value='0' selected>请选择分类...</option>\r\n";
echo $classlist;
echo "</select>";
?>
</p>
<?php
</p>
<?php
if($cInfos['needdes']==1) {
?>
<p>
<label>信息摘要:</label>
<textarea name="description" id="description" style="height:50px"></textarea> (内容的简要说明)
</p>
<?php
?>
<p>
<label>信息摘要:</label>
<textarea name="description" id="description" style="height:50px"></textarea> (内容的简要说明)
</p>
<?php
}
if($cInfos['needpic']==1) {
?>
<p class="cellBg">
<label>缩略图:</label>
<input class="file" name="litpic" type="file" id="litpic" onchange="SeePicNew('divpicview',this);" />
</p>
<?php
}
?>
<?php
//自定义字段
PrintAutoFieldsAdd($cInfos['fieldset'],'autofield');
if($safe_faq_send == 1){
$faqkey = array_rand($safefaqs);
?>
<p class="cellBg">
<label>验证问题:</label>
<?php echo $safefaqs[$faqkey]['question'];?> (答案:<?php echo $safefaqs[$faqkey]['answer'];?>)<input class="intxt" name="safeanswer" type="text" id="safeanswer" size="25" style='width:200px;'/>
<p class="cellBg">
<label>验证问题:</label>
<?php echo $safefaqs[$faqkey]['question'];?> (答案:<?php echo $safefaqs[$faqkey]['answer'];?>)<input
class="intxt" name="safeanswer" type="text" id="safeanswer" size="25" style='width:200px;' />
<input type="hidden" name="faqkey" value="<?php echo $faqkey;?>" />
</p>
<?php
</p>
<?php
}
if(preg_match("/3/",$safe_gdopen)){
?>
<p class="cellBg">
<label>验证码:</label>
<input class="text" name="vdcode" type="text" id="vdcode" size="10" style='width:50px;text-transform:uppercase;' />
<img src="../plus/vdimgck.php" width="70" height="25" align="absmiddle" alt="看不清?点击更换" style="cursor:pointer" onclick="this.src=this.src+'?'" />
</p>
<?php }?>
<p>
<button class="button2" type="submit">提交</button>
<button class="button2 ml10" type="reset" onclick="location.reload();">重置</button>
</p>
</div>
<p class="cellBg">
<label>验证码:</label>
<input class="text" name="vdcode" type="text" id="vdcode" size="10"
style='width:50px;text-transform:uppercase;' />
<img src="../plus/vdimgck.php" width="70" height="25" align="absmiddle" alt="看不清?点击更换"
style="cursor:pointer" onclick="this.src=this.src+'?'" />
</p>
<?php }?>
<p>
<button class="button2" type="submit">提交</button>
<button class="button2 ml10" type="reset" onclick="location.reload();">重置</button>
</p>
</div>
</div>
</form>
<!--主操作区域 -->
</div>
</form>
<!--主操作区域 -->
</div>
</div>
<?php include(DEDEMEMBER."/templets/foot.htm"); ?>
</div>
<?php include(DEDEMEMBER."/templets/foot.htm"); ?>
</div>
</body>
</html>
</html>

+ 1
- 14
src/member/templets/archives_edit.htm View File

@@ -26,7 +26,7 @@
<form name="addcontent" action="archives_edit.php?aid=<?php echo $aid;?>" method="post" enctype="multipart/form-data" onsubmit="return checkSubmit();">
<input type="hidden" name="dopost" value="save" />
<input type="hidden" name="channelid" value="<?php echo $channelid; ?>" />
<input type="hidden" name="idhash" value="<?php echo md5($aid.$cfg_cookie_encode); ?>" />
<input type="hidden" name="idhash" value="<?php echo hash('sha256', $aid.$cfg_cookie_encode); ?>" />
<div id="mainCp">
<h3 class="meTitle"><strong>修改<?php echo $cInfos['typename']; ?></strong></h3>
<div class="postForm">
@@ -79,21 +79,8 @@
</p>
<?php
}
if($cInfos['needpic']==1) {
?>
<p class="cellBg">
<label>缩略图:</label>
<input class="file" name="litpic" type="file" id="litpic" onchange="SeePicNew('divpicview',this);" />
</p>
<?php
if($row['litpic']!=''){
?>
<p class="cellBg">
<label style="width:90px">原来的缩略图:</label>
<div id='divpicview' class='divpre mTB10 litPic'> <img name="nlitpic" id="nlitpic" src='<?php echo $row['litpic']; ?>' />
</p>
<?php
}}
//自定义字段
PrintAutoFieldsEdit($cInfos['fieldset'],$addRow,'autofield');
//游客强制加验证码,会员则判断后台开关


+ 0
- 4
src/member/templets/archives_sg_add.htm View File

@@ -51,10 +51,6 @@
?>
(只允许并且必须选择白色背景的项目<span style="color:#F00">*</span>)
</p>
<p class="cellBg" style='<?php if($cInfos['needpic']==0) echo 'display:none'; ?>'>
<label>缩略图:</label>
<input name="litpic" type="file" id="litpic" onchange="SeePicNew('divpicview',this);" maxlength="100" class="intxt"/>
</p>
<?php
if($safe_faq_send == '1'){
$faqkey = array_rand($safefaqs);


+ 1
- 5
src/member/templets/archives_sg_edit.htm View File

@@ -27,7 +27,7 @@
<form name="addcontent" action="archives_sg_edit.php" method="post" enctype="multipart/form-data" onsubmit="return checkSubmit();">
<input type="hidden" name="dopost" value="save" />
<input type="hidden" name="aid" value="<?php echo $addRow['aid']; ?>" />
<input type="hidden" name="idhash" value="<?php echo md5($addRow['aid'].$cfg_cookie_encode); ?>" />
<input type="hidden" name="idhash" value="<?php echo hash('sha256', $addRow['aid'].$cfg_cookie_encode); ?>" />
<input type="hidden" name="channelid" value="<?php echo $addRow['channel']; ?>" />
<input type="hidden" name="sortrank" value="<?php echo $addRow['senddate']; ?>" />
<input type="hidden" name="oldlitpic" value="<?php echo (isset($row['litpic']) ? $row['litpic'] : ''); ?>" />
@@ -53,10 +53,6 @@
?>
(只允许并且必须选择白色背景的项目<span style="color:#F00">*</span>)
</p>
<p class="cellBg" style='<?php if($cInfos['needpic']==0) echo 'display:none'; ?>'>
<label>缩略图:</label>
<input name="litpic" type="file" id="litpic" onchange="SeePicNew('divpicview',this);" maxlength="100" class="intxt"/>
</p>
<?php
}
//自定义字段


+ 0
- 4
src/member/templets/article_add.htm View File

@@ -65,10 +65,6 @@
<label>信息摘要:</label>
<textarea name="description" id="description"></textarea>(内容的简要说明)
</p>
<p class="cellBg">
<label>缩略图:</label>
<input name="litpic" type="file" id="litpic" onchange="SeePicNew('divpicview',this);" maxlength="100" class="intxt"/>
</p>
<?php
//自定义字段
PrintAutoFieldsAdd($cInfos['fieldset'],'autofield');


+ 1
- 13
src/member/templets/article_edit.htm View File

@@ -24,7 +24,7 @@
<form class="mTB10 mL10 mR10" name="addcontent" id="addcontent" action="article_edit.php" method="post" enctype="multipart/form-data" onsubmit="return checkSubmit();">
<input type="hidden" name="dopost" value="save" />
<input type="hidden" name="aid" value="<?php echo $row['id']; ?>" />
<input type="hidden" name="idhash" value="<?php echo md5($row['id'].$cfg_cookie_encode); ?>" />
<input type="hidden" name="idhash" value="<?php echo hash('sha256', $row['id'].$cfg_cookie_encode); ?>" />
<input type="hidden" name="channelid" value="<?php echo $row['channel']; ?>" />
<input type="hidden" name="oldlitpic" value="<?php echo $row['litpic']; ?>" />
<input type="hidden" name="sortrank" value="<?php echo $row['sortrank']; ?>" />
@@ -67,19 +67,7 @@
<label>信息摘要:</label>
<textarea name="description" id="description"><?php echo $row["description"]; ?></textarea>
(内容的简要说明) </p>
<p class="cellBg">
<label>缩略图:</label>
<input name="litpic" type="file" id="litpic" onchange="SeePicNew('divpicview',this);" maxlength="100" class="intxt"/>
</p>
<?php if($row['litpic']!='')
{
?>
<p>
<label style="width: 85px;">原来的缩略图:</label>
<img name="nlitpic" id="nlitpic" src='<?php echo $row['litpic']; ?>' style="width: 200px; height:150px" />
</p>
<?php
}
//自定义字段
PrintAutoFieldsEdit($row['fieldset'],$addRow,'autofield');
?>


+ 135
- 131
src/member/templets/edit_baseinfo.htm View File

@@ -1,147 +1,151 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title>更改帐号基本资料 - 会员中心 - <?php echo $cfg_webname; ?></title>
<link href="templets/style/base.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../static/js/jquery.js"></script>
<script type="text/javascript" language='javascript'src='templets/js/main.js'></script>
<script type="text/javascript" src="templets/js/load.js"></script>
<script type="text/javascript" src="templets/js/leftmenu.js"></script>
<script type="text/javascript">
function checkSubmit()
{
if(document.form2.oldpwd.value=='')
{
document.form2.oldpwd.focus();
alert("旧密码必须填写!");
return false;
}
if(document.form2.userpwdok.value!=document.form2.userpwd.value)
{
document.form2.userpwdok.focus();
alert("两次密码不一致!");
return false;
}
if(document.form2.email.value=="")
{
document.form2.email.focus();
alert("Email不能为空!");
return false;
}
if(document.form2.uname.value=="")
{
document.form2.uname.focus();
alert("用户昵称不能为空!");
return false;
}
if(document.form2.vdcode.value=="")
{
document.form2.vdcode.focus();
alert("验证码不能为空!");
return false;
}
}
</script>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title>更改帐号基本资料 - 会员中心 - <?php echo $cfg_webname; ?></title>
<link href="templets/style/base.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../static/js/jquery.js"></script>
<script type="text/javascript" language='javascript' src='templets/js/main.js'></script>
<script type="text/javascript" src="templets/js/load.js"></script>
<script type="text/javascript" src="templets/js/leftmenu.js"></script>
<script type="text/javascript">
function checkSubmit() {
if (document.form2.oldpwd.value == '') {
document.form2.oldpwd.focus();
alert("旧密码必须填写!");
return false;
}
if (document.form2.userpwdok.value != document.form2.userpwd.value) {
document.form2.userpwdok.focus();
alert("两次密码不一致!");
return false;
}
if (document.form2.email.value == "") {
document.form2.email.focus();
alert("Email不能为空!");
return false;
}
if (document.form2.uname.value == "") {
document.form2.uname.focus();
alert("用户昵称不能为空!");
return false;
}
if (document.form2.vdcode.value == "") {
document.form2.vdcode.focus();
alert("验证码不能为空!");
return false;
}
}
</script>
</head>
<body>
<div id="main">
<?php include(DEDEMEMBER."/templets/head.htm"); ?>
<div id="content" class="w960 clearfix">
<?php include(DEDEMEMBER."/templets/menu.php"); ?>
<div id="mcpmain">
<div id="appTab">
<ul>
<li class="thisTab"><a href="edit_baseinfo.php">基本资料</a></li>
<li><a href="edit_fullinfo.php">详细资料</a></li>
<li><a href="edit_face.php">头像设置</a></li>
</ul>
</div>
<form action="edit_baseinfo.php" method="post" enctype="multipart/form-data" name="form2" onsubmit="return checkSubmit();">
<input type="hidden" name="dopost" value="save" />
<div id="mainCp">
<h3 class="meTitle"><strong>基本资料</strong></h3>
<div class="postForm">
<p class="cellBg">
<label>帐号类型:</label>
<?php echo $row['mtype']; ?></p>
<p>
<label>用户名:</label>
<?php echo $cfg_ml->M_LoginID; ?>
</p>
<p class="cellBg">
<label style="width:90px">昵称/公司名称:</label>
<input name="uname" type="text" id="uname" value="<?php echo $row['uname']; ?>" class="intxt" style="width:100px"/>
* <span id="_uname">(个人会员该项为昵称,企业会员填写公司名称)</span>
</p>
<p>
<label>原登陆密码:</label>
<input name="oldpwd" type="password" id="oldpwd" class="intxt" /> <span style="color:red;">*</span>
</p>
<p class="cellBg">
<label>新密码:</label>
<input name="userpwd" type="password" id="userpwd" class="intxt" />
<span id="_userpwdok">(不修改密码请保留此项为空)</span>
</p>
<p>
<label>确认新密码:</label>
<input name="userpwdok" type="password" id="userpwdok" value="" class="intxt" />
<span id="_userpwdok2">(不修改密码请保留此项为空)</span> </span>
</p>
<p class="cellBg">
<label>原安全问题:</label>
<?php
<div id="main">
<?php include(DEDEMEMBER."/templets/head.htm"); ?>
<div id="content" class="w960 clearfix">
<?php include(DEDEMEMBER."/templets/menu.php"); ?>
<div id="mcpmain">
<div id="appTab">
<ul>
<li class="thisTab"><a href="edit_baseinfo.php">基本资料</a></li>
<li><a href="edit_fullinfo.php">详细资料</a></li>
<li><a href="edit_face.php">头像设置</a></li>
</ul>
</div>
<form action="edit_baseinfo.php" method="post" enctype="multipart/form-data" name="form2"
onsubmit="return checkSubmit();">
<input type="hidden" name="_csrf_token" value="<?php echo $GLOBALS['csrf_token'];?>" />
<input type="hidden" name="dopost" value="save" />
<div id="mainCp">
<h3 class="meTitle"><strong>基本资料</strong></h3>
<div class="postForm">
<p class="cellBg">
<label>帐号类型:</label>
<?php echo $row['mtype']; ?></p>
<p>
<label>用户名:</label>
<?php echo $cfg_ml->M_LoginID; ?>
</p>
<p class="cellBg">
<label style="width:90px">昵称/公司名称:</label>
<input name="uname" type="text" id="uname" value="<?php echo $row['uname']; ?>" class="intxt"
style="width:100px" />
* <span id="_uname">(个人会员该项为昵称,企业会员填写公司名称)</span>
</p>
<p>
<label>原登陆密码:</label>
<input name="oldpwd" type="password" id="oldpwd" class="intxt" /> <span style="color:red;">*</span>
</p>
<p class="cellBg">
<label>新密码:</label>
<input name="userpwd" type="password" id="userpwd" class="intxt" />
<span id="_userpwdok">(不修改密码请保留此项为空)</span>
</p>
<p>
<label>确认新密码:</label>
<input name="userpwdok" type="password" id="userpwdok" value="" class="intxt" />
<span id="_userpwdok2">(不修改密码请保留此项为空)</span> </span>
</p>
<p class="cellBg">
<label>原安全问题:</label>
<?php
require(DEDEDATA.'/safequestions.php');
echo GetSafequestion($row['safequestion'],'safequestion');
?>
<span id="_safequestion">(忘记密码时重设密码用)</span>
</p>
<p>
<label>原问题答案:</label>
<input name="safeanswer" type="text" id="safeanswer" value="" class="intxt" />
</p>
</p>
<p>
<label>原问题答案:</label>
<input name="safeanswer" type="text" id="safeanswer" value="" class="intxt" />
</p>
<p class="cellBg">
<label>新安全问题:</label>
<?php
<p class="cellBg">
<label>新安全问题:</label>
<?php
echo GetSafequestion(0,'newsafequestion');
?>
<span id="_safequestionnew">(不修改不用填写)</span>
</p>
<p>
<label>新问题答案:</label>
<input name="newsafeanswer" type="text" id="newsafeanswer" class="intxt"/>
</p>
<p class="cellBg">
<label><span class="tdl">电子邮箱</span>:</label>
<input name="email" type="text" id="email" value="<?php echo $row['email']; ?>" class="intxt"/><br>
<span id="_email" style="margin-left:80px"> <span style="color:red;">*</span> (每个电子邮邮箱只能注册一个帐号,要修改电子邮箱必须填写正确安全问题的答案)</span>
</p>
<p>
<label>性别:</label>
<input type="radio" name="sex" value="男" <?php if($row['sex']=='男') echo " checked='checked' "; ?>/>
男 &nbsp;
<input type="radio" name="sex" value="女" <?php if($row['sex']=='女') echo " checked='checked' "; ?>/>
女 &nbsp;
<input type="radio" name="sex" value="保密'" <?php if($row['sex']=='保密') echo " checked='checked' "; ?>/>
保密
</p>
<p class="cellBg">
<label>验证码:</label>
<input name="vdcode" type="text" id="vdcode" style='width:50px;text-transform:uppercase;' class="intxt" />
<img src="../plus/vdimgck.php" align="absmiddle" alt="看不清?点击更换" style="cursor:pointer" onclick="this.src=this.src+'?'" />
</p>
<p>
<button class="button2" type="submit">更新</button>
<button class="button2 ml10" type="reset">重设</button>
</p>
</div>
<span id="_safequestionnew">(不修改不用填写)</span>
</p>
<p>
<label>新问题答案:</label>
<input name="newsafeanswer" type="text" id="newsafeanswer" class="intxt" />
</p>
<p class="cellBg">
<label><span class="tdl">电子邮箱</span>:</label>
<input name="email" type="text" id="email" value="<?php echo $row['email']; ?>" class="intxt" /><br>
<span id="_email" style="margin-left:80px"> <span style="color:red;">*</span>
(每个电子邮邮箱只能注册一个帐号,要修改电子邮箱必须填写正确安全问题的答案)</span>
</p>
<p>
<label>性别:</label>
<input type="radio" name="sex" value="男" <?php if($row['sex']=='男') echo " checked='checked' "; ?> />
男 &nbsp;
<input type="radio" name="sex" value="女" <?php if($row['sex']=='女') echo " checked='checked' "; ?> />
女 &nbsp;
<input type="radio" name="sex" value="保密'" <?php if($row['sex']=='保密') echo " checked='checked' "; ?> />
保密
</p>
<p class="cellBg">
<label>验证码:</label>
<input name="vdcode" type="text" id="vdcode" style='width:50px;text-transform:uppercase;'
class="intxt" />
<img src="../plus/vdimgck.php" align="absmiddle" alt="看不清?点击更换" style="cursor:pointer"
onclick="this.src=this.src+'?'" />
</p>
<p>
<button class="button2" type="submit">更新</button>
<button class="button2 ml10" type="reset">重设</button>
</p>
</div>
</div>
</form>
<!--主操作区域 -->
</div>
</form>
<!--主操作区域 -->
</div>
<?php include(DEDEMEMBER."/templets/foot.htm"); ?>
</div>
<?php include(DEDEMEMBER."/templets/foot.htm"); ?>
</div>
</body>
</html>

+ 53
- 60
src/member/templets/edit_face.htm View File

@@ -1,70 +1,63 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title>更改头像 - 会员中心 - <?php echo $cfg_webname; ?></title>
<link href="templets/style/base.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../static/js/jquery.js"></script>
<script type="text/javascript" language='javascript'src='templets/js/main.js'></script>
<script type="text/javascript" src="templets/js/load.js"></script>
<script type="text/javascript" src="templets/js/leftmenu.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title>更改头像 - 会员中心 - <?php echo $cfg_webname; ?></title>
<link href="templets/style/base.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../static/js/jquery.js"></script>
<script type="text/javascript" language='javascript' src='templets/js/main.js'></script>
<script type="text/javascript" src="templets/js/load.js"></script>
<script type="text/javascript" src="templets/js/leftmenu.js"></script>
</head>
<body>
<div id="main">
<?php include(DEDEMEMBER."/templets/head.htm"); ?>
<div id="content" class="w960 clearfix">
<?php include(DEDEMEMBER."/templets/menu.php"); ?>
<div id="mcpmain">
<div id="appTab">
<ul>
<li><a href="edit_baseinfo.php">基本资料</a></li>
<li><a href="edit_fullinfo.php">详细资料</a></li>
<li class="thisTab"><a href="edit_face.php">头像设置</a></li>
</ul>
</div>
<form action="edit_face.php" method="post" enctype="multipart/form-data" name="form1">
<input type="hidden" name="dopost" value="save" />
<div id="mainCp">
<h3 class="meTitle"><strong>用户头像</strong></h3>
<?php
if(defined('UC_API') && @include_once DEDEROOT.'/uc_client/client.php')
{
$data = uc_get_user($cfg_ml->M_LoginID);
echo uc_avatar($data[0]);
}
else
{
?>
<div class="postForm">
<p class="cellBg">
<label style="width:90px">手工填写网址:</label>
<input name='oldface' type='hidden' id='oldface' value='<?php echo $face; ?>' />
<input name='faceurl' type='text' id='faceurl' size='35' class='intxt' style='width:250px' value='<?php echo $face; ?>' />
<p>
<label style="width:100px">选择上传的文件:</label>
<input name="face" type="file" id="face" size="45" /> 大小180x180像
</p>
<p class="cellBg">
<label style="width:90px"><b>原来的头像:</b><br />
<a href="edit_face.php?dopost=delold&oldface=<?php echo urlencode($face); ?>">[删除旧头像]</a></label>
<div id='faceview' class='overflow mTB10 litPic' style="width:180px;height:180px;text-align:center;vertical-align:middle;line-height:180px;display:table-cell;">
<?php
<div id="main">
<?php include(DEDEMEMBER."/templets/head.htm"); ?>
<div id="content" class="w960 clearfix">
<?php include(DEDEMEMBER."/templets/menu.php"); ?>
<div id="mcpmain">
<div id="appTab">
<ul>
<li><a href="edit_baseinfo.php">基本资料</a></li>
<li><a href="edit_fullinfo.php">详细资料</a></li>
<li class="thisTab"><a href="edit_face.php">头像设置</a></li>
</ul>
</div>
<form action="edit_face.php" method="post" enctype="multipart/form-data" name="form1">
<input type="hidden" name="_csrf_token" value="<?php echo $GLOBALS['csrf_token'];?>" />
<input type="hidden" name="dopost" value="save" />
<div id="mainCp">
<h3 class="meTitle"><strong>用户头像</strong></h3>
<div class="postForm">
<p class="cellBg">
<label style="width:90px">手工填写网址:</label>
<input name='oldface' type='hidden' id='oldface' value='<?php echo $face; ?>' />
<input name='faceurl' type='text' id='faceurl' size='35' class='intxt' style='width:250px'
value='<?php echo $face; ?>' />
<p class="cellBg">
<label style="width:90px"><b>原来的头像:</b><br />
</label>
<div id='faceview' class='overflow mTB10 litPic'
style="width:180px;height:180px;text-align:center;vertical-align:middle;line-height:180px;display:table-cell;">
<?php
if($face!='') echo " <img class='' src='$face' style='_margin-top:expression(( 180 - this.height ) / 2);' />\r\n";
?>
</div>
</p>
<p>
<button class="button2" type="submit">更新</button>
<button class="button2 ml10" type="reset">重设</button>
</p>
</div>
<?php } ?>
</div>
</form>
<!--主操作区域 -->
</p>
<p>
<button class="button2" type="submit">更新</button>
<button class="button2 ml10" type="reset">重设</button>
</p>
</div>
</div>
</form>
<!--主操作区域 -->
</div>
</div>
<?php include(DEDEMEMBER."/templets/foot.htm"); ?>
</div>
<?php include(DEDEMEMBER."/templets/foot.htm"); ?>
</div>
</body>
</html>
</html>

+ 46
- 42
src/member/templets/edit_fullinfo.htm View File

@@ -1,50 +1,54 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title>更改详细资料 - 会员中心 -<?php echo $cfg_webname; ?></title>
<link href="templets/style/base.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../static/js/jquery.js"></script>
<script type="text/javascript" language='javascript'src='templets/js/main.js'></script>
<script type="text/javascript" src="templets/js/load.js"></script>
<script type="text/javascript" src="templets/js/calendar/calendar.js"></script>
<script type="text/javascript" src="templets/js/leftmenu.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title>更改详细资料 - 会员中心 -<?php echo $cfg_webname; ?></title>
<link href="templets/style/base.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../static/js/jquery.js"></script>
<script type="text/javascript" language='javascript' src='templets/js/main.js'></script>
<script type="text/javascript" src="templets/js/load.js"></script>
<script type="text/javascript" src="templets/js/calendar/calendar.js"></script>
<script type="text/javascript" src="templets/js/leftmenu.js"></script>
</head>
<body>
<div id="main">
<?php include(DEDEMEMBER."/templets/head.htm"); ?>
<div id="content" class="w960 clearfix">
<?php include(DEDEMEMBER."/templets/menu.php"); ?>
<div id="mcpmain">
<div id="appTab">
<ul>
<li><a href="edit_baseinfo.php">基本资料</a></li>
<li class="thisTab"><a href="edit_fullinfo.php">详细资料</a></li>
<li><a href="edit_face.php">头像设置</a></li>
</ul>
<div id="main">
<?php include(DEDEMEMBER."/templets/head.htm"); ?>
<div id="content" class="w960 clearfix">
<?php include(DEDEMEMBER."/templets/menu.php"); ?>
<div id="mcpmain">
<div id="appTab">
<ul>
<li><a href="edit_baseinfo.php">基本资料</a></li>
<li class="thisTab"><a href="edit_fullinfo.php">详细资料</a></li>
<li><a href="edit_face.php">头像设置</a></li>
</ul>
</div>
<form method="post" action="edit_fullinfo.php" name="form1">
<input type="hidden" value="save" name="dopost" />
<input type="hidden" name="_csrf_token" value="<?php echo $GLOBALS['csrf_token'];?>" />
<input type="hidden" value="<?php echo $membermodel->modid;?>" name="modid" />
<div id="mainCp">
<h3 class="meTitle"><strong>详细资料</strong></h3>
<div class="postForm">
<?php
echo $postform;
?>
<p>
<label>&nbsp;</label>
<button type="submit" id="btnSignCheck" class="buttonGreen142">完 成 </button>
</p>
</div>
</div>
</form>
<!--主操作区域 -->
</div>
<form method="post" action="edit_fullinfo.php" name="form1">
<input type="hidden" value="save" name="dopost"/>
<input type="hidden" value="<?php echo $membermodel->modid;?>" name="modid"/>
<div id="mainCp">
<h3 class="meTitle"><strong>详细资料</strong></h3>
<div class="postForm">
<?php
echo $postform;
?>
<p>
<label>&nbsp;</label>
<button type="submit" id="btnSignCheck" class="buttonGreen142">完 成 </button>
</p>
</div>
</div>
</form>
<!--主操作区域 -->
</div>
<?php include(DEDEMEMBER."/templets/foot.htm"); ?>
</div>
<?php include(DEDEMEMBER."/templets/foot.htm"); ?>
</div>
</body>
</html>
</html>

+ 65
- 60
src/member/templets/edit_space_info.htm View File

@@ -1,73 +1,78 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title>空间设置 - 会员中心 - <?php echo $cfg_webname; ?></title>
<link href="templets/style/base.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../static/js/jquery.js"></script>
<script type="text/javascript" src='templets/js/main.js'></script>
<script type="text/javascript" src="templets/js/load.js"></script>
<script type="text/javascript" src="templets/js/leftmenu.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>" />
<title>空间设置 - 会员中心 - <?php echo $cfg_webname; ?></title>
<link href="templets/style/base.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../static/js/jquery.js"></script>
<script type="text/javascript" src='templets/js/main.js'></script>
<script type="text/javascript" src="templets/js/load.js"></script>
<script type="text/javascript" src="templets/js/leftmenu.js"></script>
</head>
<body>
<div id="main">
<?php include(DEDEMEMBER."/templets/head.htm"); ?>
<div id="content" class="w960 clearfix">
<?php include(DEDEMEMBER."/templets/menu.php"); ?>
<div id="mcpmain">
<div id="appTab">
<ul>
<li><a href="mtypes.php">分类管理</a></li>
<li><a href="flink_main.php">书签管理</a></li>
<li class="thisTab"><a href="edit_space_info.php"><span>空间设置</span></a></li>
<li><a href="spaceskin.php">风格选择</a></li>
</ul>
</div>
<form action="edit_space_info.php" method="post" enctype="multipart/form-data" name="form1">
<div id="main">
<?php include(DEDEMEMBER."/templets/head.htm"); ?>
<div id="content" class="w960 clearfix">
<?php include(DEDEMEMBER."/templets/menu.php"); ?>
<div id="mcpmain">
<div id="appTab">
<ul>
<li><a href="mtypes.php">分类管理</a></li>
<li><a href="flink_main.php">书签管理</a></li>
<li class="thisTab"><a href="edit_space_info.php"><span>空间设置</span></a></li>
<li><a href="spaceskin.php">风格选择</a></li>
</ul>
</div>
<form action="edit_space_info.php" method="post" enctype="multipart/form-data" name="form1">
<input type="hidden" name="dopost" value="save" />
<div id="mainCp">
<h3 class="meTitle"><strong>空间设置</strong></h3>
<div class="postForm">
<p class="cellBg">
<label>空间名称:</label>
<input name="spacename" type="text" id="spacename" value="<?php echo $spacename; ?>" maxlength="100" class="intxt"/>
</p>
<p>
<label>每页文档数:</label>
<input name="pagesize" type="text" id="pagesize" value="<?php echo $pagesize; ?>" maxlength="100" class="intxt"/>
</p>
<p class="cellBg">
<label>个人签名:</label>
<textarea name="sign" cols="50" id="sign"><?php echo $sign; ?></textarea> 少于50中文字
</p>
<p>
<label style="width:90px">空间Logo上传:</label>
<input name="oldspacelogo" type="hidden" value="<?php echo $spacelogo; ?>" />
<input name="spacelogo" type="file" id="spacelogo" maxlength="100" class="intxt" />
</p>
<p class="cellBg" style="height:60px; margin-top:5px">
<label>原有Logo:</label>
<?php
<div id="mainCp">
<h3 class="meTitle"><strong>空间设置</strong></h3>
<div class="postForm">
<p class="cellBg">
<label>空间名称:</label>
<input name="spacename" type="text" id="spacename" value="<?php echo $spacename; ?>" maxlength="100"
class="intxt" />
</p>
<p>
<label>每页文档数:</label>
<input name="pagesize" type="text" id="pagesize" value="<?php echo $pagesize; ?>" maxlength="100"
class="intxt" />
</p>
<p class="cellBg">
<label>个人签名:</label>
<textarea name="sign" cols="50" id="sign"><?php echo $sign; ?></textarea> 少于50中文字
</p>
<p>
<label style="width:90px">远程Logo地址:</label>
<input name="spacelogo" type="text" id="spacelogo" maxlength="100" class="intxt" />
</p>
<p class="cellBg" style="height:60px; margin-top:5px">
<label>原有Logo:</label>
<?php
if($spacelogo!='') $logo = $spacelogo;
else $logo = 'templets/images/mylogo.jpg';
echo "<img src='$logo' style='margin-top:5px;width:200px;height: 50px;'/> (规格为:200x50像素)\r\n";
?>
</p>
<p>
<label>空间公告:</label>
<?php GetEditor("spacenews",$spacenews,250,"MemberLit"); ?>
</p>
<p class="cellBg">
<button class="button2" type="submit">更新</button>
<button class="button2 ml10" type="reset">重设</button>
</p>
</div>
</p>
<p>
<label>空间公告:</label>
<?php GetEditor("spacenews",$spacenews,250,"MemberLit"); ?>
</p>
<p class="cellBg">
<button class="button2" type="submit">更新</button>
<button class="button2 ml10" type="reset">重设</button>
</p>
</div>
</div>
</form>
<!--主操作区域 -->
</div>
</form>
<!--主操作区域 -->
</div>
<?php include(DEDEMEMBER."/templets/foot.htm"); ?>
</div>
<?php include(DEDEMEMBER."/templets/foot.htm"); ?>
</div>
</body>
</html>
</html>

+ 2
- 2
src/member/templets/js/album.js View File

@@ -66,8 +66,8 @@ function MakeUpload(mnum)
fhtml += "<td height=\"25\" colspan=\"2\"> <strong>图片"+startNum+":</strong></td>";
fhtml += "</tr>";
fhtml += "<tr bgcolor=\"#FFFFFF\"> ";
fhtml += "<td width=\"510\" height=\"25\">  本地上传: ";
fhtml += "<input type=\"file\" name='imgfile"+startNum+"' style=\"width:200px\" class=\"intxt\" onChange=\"SeePicNew('divpicview"+startNum+"',this);\" /> <nobr>可填远程网址</nobr></td>";
fhtml += "<td width=\"510\" height=\"25\">  图片地址: ";
fhtml += "<input type=\"text\" name='imgfile"+startNum+"' style=\"width:330px\" class=\"intxt\"/> <nobr>填写远程网址</nobr></td>";
fhtml += "<td width=\"100\" rowspan=\"2\" align=\"center\"><div id='divpicview"+startNum+"' class='divpre'></div></td>";
fhtml += "</tr>";
fhtml += "<tr bgcolor=\"#FFFFFF\"> ";


+ 1
- 1
src/member/templets/js/load_index.js View File

@@ -7,7 +7,7 @@ $(document).ready(function(){
$(".submit tbody tr:odd").addClass("row1");//奇行
//修正IE6下hover Bug
if ( $.browser.msie ){
if ( typeof $.browser !== "undefined" ){
if($.browser.version == '6.0'){
$("#menuBody li").hover(
function(){


+ 55
- 146
src/member/templets/js/main.js View File

@@ -1,221 +1,130 @@
<!--
function $Nav(){
if(window.navigator.userAgent.indexOf("MSIE")>=1) return 'IE';
else if(window.navigator.userAgent.indexOf("Firefox")>=1) return 'FF';
function $Nav() {
if (window.navigator.userAgent.indexOf("MSIE") >= 1) return 'IE';
else if (window.navigator.userAgent.indexOf("Firefox") >= 1) return 'FF';
else return "OT";
}
function $Obj(objname){
function $Obj(objname) {
return document.getElementById(objname);
}
function ShowColor(){
if(document.all){
var posLeft = window.event.clientY-100;
var posTop = window.event.clientX-400;
}
else{
var posLeft = 100;
var posTop = 100;
}
var fcolor=showModalDialog("img/color.htm?ok",false,"dialogWidth:106px;dialogHeight:110px;status:0;dialogTop:"+posTop+";dialogLeft:"+posLeft);
if(fcolor!=null && fcolor!="undefined") document.form1.color.value = fcolor;
function ShowColor() {
if (document.all) {
var posLeft = window.event.clientY - 100;
var posTop = window.event.clientX - 400;
}
else {
var posLeft = 100;
var posTop = 100;
}
var fcolor = showModalDialog("img/color.htm?ok", false, "dialogWidth:106px;dialogHeight:110px;status:0;dialogTop:" + posTop + ";dialogLeft:" + posLeft);
if (fcolor != null && fcolor != "undefined") document.form1.color.value = fcolor;
}
function ShowHide(objname){
function ShowHide(objname) {
var obj = $Obj(objname);
if(obj.style.display == "block" || obj.style.display == ""){ obj.style.display = "none"; }
else{ obj.style.display = "block"; }
if (obj.style.display == "block" || obj.style.display == "") { obj.style.display = "none"; }
else { obj.style.display = "block"; }
}
function ShowObj(objname){
function ShowObj(objname) {
var obj = $Obj(objname);
obj.style.display = "block";
}
function HideObj(objname){
function HideObj(objname) {
var obj = $Obj(objname);
obj.style.display = "none";
}
function ShowItem1(){
function ShowItem1() {
ShowObj('head1'); ShowObj('needset'); HideObj('head2'); HideObj('adset');
}
function ShowItem2(){
function ShowItem2() {
ShowObj('head2'); ShowObj('adset'); HideObj('head1'); HideObj('needset');
}
function SeePic(img,f){
if ( f.value != "" ) { img.src = f.value; }
}
function SeePicNew(imgdid,f) {
if(f.value=='') return ;
var newPreview = document.getElementById(imgdid);
var filepath = 'file:///'+f.value.replace(/\\/g,"/").replace(/\:/,"|");
var image = new Image(); var ImgD = new Image();
ImgD.src = filepath;
image.src = ImgD.src; FitWidth = 150; FitHeight = 100;
if(image.width>0 && image.height>0)
{
if(image.width/image.height>= FitWidth/FitHeight)
{
if(image.width>FitWidth)
{
ImgD.width=FitWidth;
ImgD.height=(image.height*FitWidth)/image.width;
}
else
{
ImgD.width=image.width;
ImgD.height=image.height;
}
}
else
{
if(image.height>FitHeight)
{
ImgD.height=FitHeight;
ImgD.width=(image.width*FitHeight)/image.height;
}
else
{
ImgD.width=image.width;
ImgD.height=image.height;
}
}
}
newPreview.style.width = ImgD.width+"px";
newPreview.style.height = ImgD.height+"px";
if(window.navigator.userAgent.indexOf("MSIE") < 1)
{
newPreview.style.background = "url('"+ImgD.src+"') no-repeat";
}
else
{
newPreview.style.filter = "progid:DXImageTransform.Microsoft.AlphaImageLoader(src='"+ImgD.src+"',sizingMethod='scale')";
}
ImgD = image = null;
//newPreview.filters.item('DXImageTransform.Microsoft.AlphaImageLoader').src = f.value;
}
function SelectFlash(){
if($Nav()=='IE'){ var posLeft = window.event.clientX-300; var posTop = window.event.clientY; }
else{ var posLeft = 100; var posTop = 100; }
window.open("uploads_select.php?mediatype=2&f=form1.flashurl", "popUpFlashWin", "scrollbars=yes,resizable=yes,statebar=no,width=500,height=350,left="+posLeft+", top="+posTop);
function SeePic(img, f) {
if (f.value != "") { img.src = f.value; }
}
function SelectMedia(fname){
if($Nav()=='IE'){ var posLeft = window.event.clientX-200; var posTop = window.event.clientY; }
else{ var posLeft = 100;var posTop = 100; }
window.open("uploads_select.php?mediatype=3&f="+fname, "popUpFlashWin", "scrollbars=yes,resizable=yes,statebar=no,width=500,height=350,left="+posLeft+", top="+posTop);
function SelectKeywords(f) {
if ($Nav() == 'IE') { var posLeft = window.event.clientX - 350; var posTop = window.event.clientY - 200; }
else { var posLeft = 100; var posTop = 100; }
window.open("article_keywords_select.php?f=" + f, "popUpkwWin", "scrollbars=yes,resizable=yes,statebar=no,width=600,height=450,left=" + posLeft + ", top=" + posTop);
}
function SelectSoft(fname){
if($Nav()=='IE'){ var posLeft = window.event.clientX-200; var posTop = window.event.clientY-50; }
else{ var posLeft = 100; var posTop = 100; }
window.open("uploads_select.php?mediatype=4&f="+fname, "popUpImagesWin", "scrollbars=yes,resizable=yes,statebar=no,width=600,height=400,left="+posLeft+", top="+posTop);
}
function SelectImage(fname,stype){
if($Nav()=='IE'){ var posLeft = window.event.clientX-100; var posTop = window.event.clientY; }
else{ var posLeft = 100; var posTop = 100; }
if(!fname) fname = 'form1.picname';
if(!stype) stype = '';
window.open("uploads_select.php?mediatype=1&f="+fname+"&imgstick="+stype, "popUpImagesWin", "scrollbars=yes,resizable=yes,statebar=no,width=600,height=400,left="+posLeft+", top="+posTop);
}
function SelectImageN(fname,stype,vname){
if($Nav()=='IE'){ var posLeft = window.event.clientX-100; var posTop = window.event.clientY; }
else{ var posLeft = 100; var posTop = 100; }
if(!fname) fname = 'form1.picname';
if(!stype) stype = '';
window.open("uploads_select.php?mediatype=1&f="+fname+"&imgstick="+stype+"&v="+vname, "popUpImagesWin", "scrollbars=yes,resizable=yes,statebar=no,width=600,height=400,left="+posLeft+", top="+posTop);
}
function SelectKeywords(f){
if($Nav()=='IE'){ var posLeft = window.event.clientX-350; var posTop = window.event.clientY-200; }
else{ var posLeft = 100; var posTop = 100; }
window.open("article_keywords_select.php?f="+f, "popUpkwWin", "scrollbars=yes,resizable=yes,statebar=no,width=600,height=450,left="+posLeft+", top="+posTop);
}
function InitPage(){
function InitPage() {
var selsource = $Obj('selsource');
var selwriter = $Obj('selwriter');
if(selsource){ selsource.onmousedown=function(e){ SelectSource(e); } }
if(selwriter){ selwriter.onmousedown=function(e){ SelectWriter(e); } }
if (selsource) { selsource.onmousedown = function (e) { SelectSource(e); } }
if (selwriter) { selwriter.onmousedown = function (e) { SelectWriter(e); } }
}
function OpenMyWin(surl){
function OpenMyWin(surl) {
window.open(surl, "popUpMyWin", "scrollbars=yes,resizable=yes,statebar=no,width=500,height=350,left=200, top=100");
}
function PutSource(str){
function PutSource(str) {
var osource = $Obj('source');
if(osource) osource.value = str;
if (osource) osource.value = str;
}
function PutWriter(str){
function PutWriter(str) {
var owriter = $Obj('writer');
if(owriter) owriter.value = str;
if (owriter) owriter.value = str;
}
function SelectSource(e){
LoadNewDiv(e,'article_select_sw.php?t=source&k=8','_mysource');
function SelectSource(e) {
LoadNewDiv(e, 'article_select_sw.php?t=source&k=8', '_mysource');
}
function SelectWriter(e){
LoadNewDiv(e,'article_select_sw.php?t=writer&k=8','_mywriter');
function SelectWriter(e) {
LoadNewDiv(e, 'article_select_sw.php?t=writer&k=8', '_mywriter');
}
function LoadNewDiv(e,surl,oname){
if($Nav()=='IE'){ var posLeft = window.event.clientX-20; var posTop = window.event.clientY-20; }
else{ var posLeft = e.pageX-20; var posTop = e.pageY-20; }
function LoadNewDiv(e, surl, oname) {
if ($Nav() == 'IE') { var posLeft = window.event.clientX - 20; var posTop = window.event.clientY - 20; }
else { var posLeft = e.pageX - 20; var posTop = e.pageY - 20; }
var newobj = $Obj(oname);
if(!newobj){
if (!newobj) {
newobj = document.createElement("DIV");
newobj.id = oname;
newobj.style.position='absolute';
newobj.style.position = 'absolute';
newobj.className = "dlg";
newobj.style.top = posTop;
newobj.style.left = posLeft;
document.body.appendChild(newobj);
}
else{
else {
newobj.style.display = "block";
}
if(newobj.innerHTML.length<10){
if (newobj.innerHTML.length < 10) {
var myajax = new DedeAjax(newobj); myajax.SendGet(surl);
}
}
function ShowUrlTr(){
function ShowUrlTr() {
var jumpTest = $Obj('isjump');
var jtr = $Obj('redirecturltr');
if(jumpTest.checked) jtr.style.display = "block";
if (jumpTest.checked) jtr.style.display = "block";
else jtr.style.display = "none";
}
function ShowUrlTrEdit(){
function ShowUrlTrEdit() {
ShowUrlTr();
var jumpTest = $Obj('isjump');
var rurl = $Obj('redirecturl');
if(!jumpTest.checked) rurl.value="";
if (!jumpTest.checked) rurl.value = "";
}
function CkRemote(ckname,fname){
function CkRemote(ckname, fname) {
var ckBox = $Obj(ckname);
var fileBox = $Obj(fname);
if(ckBox.checked){
if (ckBox.checked) {
fileBox.style.display = 'none';
}else{
} else {
fileBox.style.display = 'block';
}
}
-->
}

+ 126
- 139
src/member/templets/menu.php View File

@@ -1,147 +1,134 @@
<?php
$add_channel_menu = array();
//如果为游客访问,不启用左侧菜单
if(!empty($cfg_ml->M_ID))
{
$channelInfos = array();
$dsql->Execute('addmod',"SELECT id,nid,typename,useraddcon,usermancon,issend,issystem,usertype,isshow FROM `#@__channeltype` ");
while($menurow = $dsql->GetArray('addmod'))
{
$channelInfos[$menurow['nid']] = $menurow;
//禁用的模型
if($menurow['isshow']==0)
{
continue;
}
//其它情况
if($menurow['issend']!=1 || $menurow['issystem']==1
|| ( !preg_match("#".$cfg_ml->M_MbType."#", $menurow['usertype']) && trim($menurow['usertype'])!='' ) )
{
continue;
}
$menurow['ddcon'] = empty($menurow['useraddcon']) ? 'archives_add.php' : $menurow['useraddcon'];
$menurow['list'] = empty($menurow['usermancon']) ? 'content_list.php' : $menurow['usermancon'];
$add_channel_menu[] = $menurow;
}
unset($menurow);
?>
<div id="mcpsub">
<div class="topGr"></div>
<div id="menuBody">
<!-- 内容中心菜单-->
<?php
if($menutype == 'content')
{
?>
<h2 class="menuTitle" onclick="menuShow('menuFirst')" id="menuFirst_t"><b></b>系统模型内容</h2>
<ul id="menuFirst">
<?php
//是否启用文章投稿
if($channelInfos['article']['issend']==1 && $channelInfos['article']['isshow']==1)
{
?>
<li class="articles"><a href="../member/content_list.php?channelid=1" title="已发布的文章"><b></b>文章</a><a href="../member/article_add.php" class="act" title="发表新文章">发表</a></li>
<?php
}
//是否启用图集投稿
if($channelInfos['image']['issend']==1 && $cfg_mb_album=='Y' && $channelInfos['image']['isshow']==1
&& ($channelInfos['image']['usertype']=='' || preg_match("#".$cfg_ml->fields['mtype']."#", $channelInfos['image']['usertype'])) )
{
?>
<li class="photo"><a href="../member/content_list.php?channelid=2" title="管理图集"><b></b>图集</a><a href="../member/album_add.php" class="act" title="新建图集">新建</a></li>
<?php
}
//是否启用软件投稿
if($channelInfos['soft']['issend']==1 && $channelInfos['soft']['isshow']==1
&& ($channelInfos['image']['usertype']=='' || preg_match("#".$cfg_ml->fields['mtype']."#", $channelInfos['image']['usertype']))
)
{
?>
<li class="soft"><a href="../member/content_list.php?channelid=3" title="已发布的软件"><b></b>软件</a><a href="../member/soft_add.php" title="上传软件"class="act">上传</a></li>
<?php
}
?>
</ul>
<?php
//是否允许对自定义模型投稿
if($cfg_mb_sendall=='Y')
{
?>
<h2 class="menuTitle" onclick="menuShow('menuSec')" id="menuSec_t"><b></b>自定义内容</h2>
<ul id="menuSec">
<?php
foreach($add_channel_menu as $nnarr) {
?>
<li class="<?php echo $nnarr['nid'];?>"><a href="../member/<?php echo $nnarr['list'];?>?channelid=<?php echo $nnarr['id'];?>" title="已发布的<?php echo $nnarr['typename'];?>"><b></b><?php echo $nnarr['typename'];?></a><a href='archives_do.php?dopost=addArc&channelid=<?php echo $nnarr['id'];?>' class="act" title="发表新文章">发表</a></li>
<?php
}
}
?>
</ul>
<h2 class="menuTitle" onclick="menuShow('menuThird')" id="menuThird_t"><b></b>其他管理</h2>
<ul id="menuThird">
<li class="icon attachment"><a href="../member/uploads.php"><b></b>附件管理</a></li>
</ul>
<?php
}
?>
<!-- 我的织梦菜单-->
<?php
if($menutype == 'mydede')
{
?>
<h2 class="menuTitle" onclick="menuShow('menuFirst')" id="menuFirst_t"><b></b>会员互动</h2>
<ul id="menuFirst">
<li class="icon mystow"><a href="../member/mystow.php"><b></b>我的收藏夹</a></li>
<?php
if($cfg_feedback_forbid=='N')
{
//<li class="icon feedback"><a href='../member/myfeedback.php'>我的评论</a></li>
$add_channel_menu = array();
//如果为游客访问,不启用左侧菜单
if (!empty($cfg_ml->M_ID)) {
$channelInfos = array();
$dsql->Execute('addmod', "SELECT id,nid,typename,useraddcon,usermancon,issend,issystem,usertype,isshow FROM `#@__channeltype` ");
while ($menurow = $dsql->GetArray('addmod')) {
$channelInfos[$menurow['nid']] = $menurow;
//禁用的模型
if ($menurow['isshow'] == 0) {
continue;
}
$dsql->Execute('nn','Select indexname,indexurl From `#@__sys_module` where ismember=1 ');
while($nnarr = $dsql->GetArray('nn'))
{
@preg_match("/\/(.+?)\//is", $nnarr['indexurl'],$matches);
$nnarr['class'] = isset($matches[1]) ? $matches[1] : 'channel';
$nnarr['indexurl'] = str_replace("**","=",$nnarr['indexurl']);
?>
<li class="<?php echo $nnarr['class'];?>"><a href="<?php echo $nnarr['indexurl']; ?>"><b></b><?php echo $nnarr['indexname']; ?>模块</a></li>
<?php
//其它情况
if (
$menurow['issend'] != 1 || $menurow['issystem'] == 1
|| (!preg_match("#" . $cfg_ml->M_MbType . "#", $menurow['usertype']) && trim($menurow['usertype']) != '')
) {
continue;
}
?>
</ul>
<?php
}
?>
<!-- 系统设置菜单-->
<?php
if($menutype == 'config')
{
?>
<h2 class="menuTitle" onclick="menuShow('menuFirst')" id="menuFirst_t"><b></b><?php echo $cfg_ml->M_MbType; ?>资料</a></h2>
<ul id="menuFirst">
<li class="icon baseinfo"><a href="../member/edit_baseinfo.php"><b></b>基本资料</a></li>
<li class="icon myinfo"><a href="../member/edit_fullinfo.php"><b></b><?php echo $cfg_ml->M_MbType; ?>资料</a></li>
<li class="icon face"><a href="../member/edit_face.php"><b></b>头像设置</a></li>
</ul>
<h2 class="menuTitle" onclick="menuShow('menuSec')" id="menuSec_t"><b></b>空间管理</h2>
<ul id="menuSec">
<li class="icon mtypes"><a href="../member/mtypes.php"><b></b>分类管理</a></li>
<li class="icon flink"><a href="../member/flink_main.php"><b></b>书签管理</a></li>
<li class="icon info"><a href="../member/edit_space_info.php"><b></b>空间设置</a></li>
<li class="icon spaceskin"><a href="../member/spaceskin.php"><b></b>风格选择</a></li>
</ul>
<?php
$menurow['ddcon'] = empty($menurow['useraddcon']) ? 'archives_add.php' : $menurow['useraddcon'];
$menurow['list'] = empty($menurow['usermancon']) ? 'content_list.php' : $menurow['usermancon'];
$add_channel_menu[] = $menurow;
}
?>
<!--<h2 class="menuTitle"><b class="showMenu"></b>操作主菜单项</h2> -->
unset($menurow);
?>
<div id="mcpsub">
<div class="topGr"></div>
<div id="menuBody">
<!-- 内容中心菜单-->
<?php
if ($menutype == 'content') {
?>
<h2 class="menuTitle" onclick="menuShow('menuFirst')" id="menuFirst_t"><b></b>系统模型内容</h2>
<ul id="menuFirst">
<?php
//是否启用文章投稿
if ($channelInfos['article']['issend'] == 1 && $channelInfos['article']['isshow'] == 1) {
?>
<li class="articles"><a href="../member/content_list.php?channelid=1" title="已发布的文章"><b></b>文章</a><a href="../member/article_add.php" class="act" title="发表新文章">发表</a></li>
<?php
}
//是否启用图集投稿
if (
$channelInfos['image']['issend'] == 1 && $cfg_mb_album == 'Y' && $channelInfos['image']['isshow'] == 1
&& ($channelInfos['image']['usertype'] == '' || preg_match("#" . $cfg_ml->fields['mtype'] . "#", $channelInfos['image']['usertype']))
) {
?>
<li class="photo"><a href="../member/content_list.php?channelid=2" title="管理图集"><b></b>图集</a><a href="../member/album_add.php" class="act" title="新建图集">新建</a></li>
<?php
}
//是否启用软件投稿
if (
$channelInfos['soft']['issend'] == 1 && $channelInfos['soft']['isshow'] == 1
&& ($channelInfos['image']['usertype'] == '' || preg_match("#" . $cfg_ml->fields['mtype'] . "#", $channelInfos['image']['usertype']))
) {
?>
<li class="soft"><a href="../member/content_list.php?channelid=3" title="已发布的软件"><b></b>软件</a><a href="../member/soft_add.php" title="上传软件" class="act">上传</a></li>
<?php
}
?>
</ul>
<?php
//是否允许对自定义模型投稿
if ($cfg_mb_sendall == 'Y') {
?>
<h2 class="menuTitle" onclick="menuShow('menuSec')" id="menuSec_t"><b></b>自定义内容</h2>
<ul id="menuSec">
<?php
foreach ($add_channel_menu as $nnarr) {
?>
<li class="<?php echo $nnarr['nid']; ?>"><a href="../member/<?php echo $nnarr['list']; ?>?channelid=<?php echo $nnarr['id']; ?>" title="已发布的<?php echo $nnarr['typename']; ?>"><b></b><?php echo $nnarr['typename']; ?></a><a href='archives_do.php?dopost=addArc&channelid=<?php echo $nnarr['id']; ?>' class="act" title="发表新文章">发表</a></li>
<?php
}
}
?>
</ul>
<?php
}
?>
<!-- 我的织梦菜单-->
<?php
if ($menutype == 'mydede') {
?>
<h2 class="menuTitle" onclick="menuShow('menuFirst')" id="menuFirst_t"><b></b>会员互动</h2>
<ul id="menuFirst">
<li class="icon mystow"><a href="../member/mystow.php"><b></b>我的收藏夹</a></li>
<?php
if ($cfg_feedback_forbid == 'N') {
//<li class="icon feedback"><a href='../member/myfeedback.php'>我的评论</a></li>
}
$dsql->Execute('nn', 'Select indexname,indexurl From `#@__sys_module` where ismember=1 ');
while ($nnarr = $dsql->GetArray('nn')) {
@preg_match("/\/(.+?)\//is", $nnarr['indexurl'], $matches);
$nnarr['class'] = isset($matches[1]) ? $matches[1] : 'channel';
$nnarr['indexurl'] = str_replace("**", "=", $nnarr['indexurl']);
?>
<li class="<?php echo $nnarr['class']; ?>"><a href="<?php echo $nnarr['indexurl']; ?>"><b></b><?php echo $nnarr['indexname']; ?>模块</a></li>
<?php
}
?>
</ul>
<?php
}
?>
<!-- 系统设置菜单-->
<?php
if ($menutype == 'config') {
?>
<h2 class="menuTitle" onclick="menuShow('menuFirst')" id="menuFirst_t"><b></b><?php echo $cfg_ml->M_MbType; ?>资料</a></h2>
<ul id="menuFirst">
<li class="icon baseinfo"><a href="../member/edit_baseinfo.php"><b></b>基本资料</a></li>
<li class="icon myinfo"><a href="../member/edit_fullinfo.php"><b></b><?php echo $cfg_ml->M_MbType; ?>资料</a></li>
<li class="icon face"><a href="../member/edit_face.php"><b></b>头像设置</a></li>
</ul>
<h2 class="menuTitle" onclick="menuShow('menuSec')" id="menuSec_t"><b></b>空间管理</h2>
<ul id="menuSec">
<li class="icon mtypes"><a href="../member/mtypes.php"><b></b>分类管理</a></li>
<li class="icon flink"><a href="../member/flink_main.php"><b></b>书签管理</a></li>
<li class="icon info"><a href="../member/edit_space_info.php"><b></b>空间设置</a></li>
<li class="icon spaceskin"><a href="../member/spaceskin.php"><b></b>风格选择</a></li>
</ul>
<?php
}
?>
<!--<h2 class="menuTitle"><b class="showMenu"></b>操作主菜单项</h2> -->
</div>
<div class="buttomGr"></div>
</div>
<div class="buttomGr"></div>
</div>
<?php
}
?>

+ 2
- 8
src/member/templets/soft_add.htm View File

@@ -170,10 +170,6 @@ function ShowHideAddr()
<input name="needmoney" type="text" value="0" id="needmoney" maxlength="100" class="intxt" style="width:80px" />(最大允许100个)
</span>
</p>
<p>
<label>缩略图:</label>
<input name="litpic" type="file" id="litpic" onchange="SeePicNew('divpicview',this);" maxlength="100" class="intxt"/>
</p>
<?php
//自定义字段
PrintAutoFieldsAdd($cInfos['fieldset'],'autofield');
@@ -185,11 +181,10 @@ function ShowHideAddr()
<label>文字介绍:</label><?php GetEditor("body","",200,"Member"); ?>
</p>
<p class="cellBg">
<label>本地地址:</label>
<label>下载地址:</label>
<input name="softurl1" type="text" id="softurl1" class="intxt" style="width:230px" />
<button name="sel1" type="button" id="sel1" onclick="SelectSoft('addcontent.softurl1')" class="bt3">选取</button>
服务器名称:
<input name="servermsg1" type="text" id="servermsg1" value="本地下载" class="intxt" style="width:150px" />
<input name="servermsg1" type="text" id="servermsg1" value="下载" class="intxt" style="width:150px" />
</p>
<p>
<label>其它地址:</label>
@@ -198,7 +193,6 @@ function ShowHideAddr()
<button type="button" name="Submit3" id="btsh3" onclick="ShowHideAddr();" class="bt2">隐藏地址</button>
(最多为12个链接)</p>
<div id="morelink" style="display:none"><p><?php echo "<span id='uploadfield' style='line-height: 32px;'></span>"; ?></p></div>
<?php
if($safe_faq_send == '1'){
$faqkey = array_rand($safefaqs);


+ 1
- 13
src/member/templets/soft_edit.htm View File

@@ -50,7 +50,7 @@ function ShowHideAddr()
<form class="mTB10 mR10 mL10" name="form1" action="soft_edit.php" method="post" enctype="multipart/form-data" onsubmit="return checkSubmit();">
<input type="hidden" name="dopost" value="save" />
<input type="hidden" name="aid" value="<?php echo $row['id']; ?>" />
<input type="hidden" name="idhash" value="<?php echo md5($row['id'].$cfg_cookie_encode); ?>" />
<input type="hidden" name="idhash" value="<?php echo hash('sha256', $row['id'].$cfg_cookie_encode); ?>" />
<input type="hidden" name="channelid" value="<?php echo $row['channel']; ?>" />
<input type="hidden" name="oldlitpic" value="<?php echo $row['litpic']; ?>" />
<input type="hidden" name="sortrank" value="<?php echo $row['sortrank']; ?>" />
@@ -178,17 +178,6 @@ function ShowHideAddr()
<label>需要金币:</label>
<input name="needmoney" type="text" value="<?php echo isset($addRow["needmoney"])? $addRow["needmoney"] : ''; ?>" id="needmoney" maxlength="100" class="intxt" style="width:80px" />(最大允许100个)
</span>
</p>
<p>
<label>缩略图:</label>
<input name="litpic" type="file" id="litpic" onchange="SeePicNew('divpicview',this);" maxlength="100" class="intxt"/>
</p>
<p class="cellBg">
<label style="width: 85px;">原来的缩略图:</label>
<img name="nlitpic" id="nlitpic" src='
<?php
echo !empty($row['litpic'])? $row['litpic'] : 'templets/images/dfpic.gif';
?>' style="width: 200px; height:150px"/>
</p>
<?php
//自定义字段
@@ -206,7 +195,6 @@ function ShowHideAddr()
<p class="cellBg">
<label>本地地址:</label>
<input name="softurl1" type="text" id="softurl1" class="intxt" style="width:230px" />
<button name="sel1" type="button" id="sel1" onclick="SelectSoft('form1.softurl1')" class="bt3">选取</button>
服务器名称:
<input name="servermsg1" type="text" id="servermsg1" value="本地下载" class="intxt" style="width:150px" />
</p>


Write Preview
Loading…
Cancel
Save