преди 2 години · 2adb8c851c
--- a/src/install/config.cache.inc.php
+++ b/src/install/config.cache.inc.php
@@ -109,12 +109,10 @@ $cfg_task_pwd = '';
 $cfg_addon_domainbind = 'N';
 $cfg_addon_domain = '';
 $cfg_df_dutyadmin = '网站管理员';
 $cfg_mb_allowncarc = 'Y';
 $cfg_mb_allowreg = 'Y';
 $cfg_mb_adminlock = 'N';
 $cfg_sendarc_scores = 10;
 $cfg_sendfb_scores = 3;
 $cfg_mb_spaceallarc = 0;
 $cfg_face_adds = 10;
 $cfg_moreinfo_adds = 20;
 $cfg_money_scores = 50;
--- a/src/install/sql-dfdata.txt
+++ b/src/install/sql-dfdata.txt
@@ -4036,8 +4036,6 @@ INSERT INTO `#@__sysconfig` VALUES ('1','cfg_basehost','站点网址','1','strin
 ('112','cfg_addon_domainbind','是否绑定附件目录为指定的二级域名','7','bool','N'),
 ('113','cfg_addon_domain','附件目录的二级域名','7','string',''),
 ('114','cfg_df_dutyadmin','默认作者名称','7','string','网站管理员'),
 ('115','cfg_mb_allowncarc','是否允许会员空间显示未审核文档','4','bool','Y'),
 ('116','cfg_mb_spaceallarc','会员空间中所有文档的栏目ID（不限为0）','4','number','0'),
 ('117','cfg_face_adds','上传头像增加积分','5','number','10'),
 ('118','cfg_moreinfo_adds','填写详细资料增加积分','5','number','20'),
 ('119','cfg_money_scores','多少积分可以兑换一个金币','5','number','50'),
--- a/src/install/sql-dftables.txt
+++ b/src/install/sql-dftables.txt
@@ -812,7 +812,7 @@ CREATE TABLE `#@__search_sync`  (
  `add_at` int NULL DEFAULT NULL,
  `update_at` int NULL DEFAULT NULL,
  PRIMARY KEY (`id`)
 ) TYPE = MyISAM;
 ) TYPE=MyISAM;

 DROP TABLE IF EXISTS `#@__sgpage`;
 CREATE TABLE `#@__sgpage` (
--- a/src/system/taglib/help/userinfo.txt
+++ b/src/system/taglib/help/userinfo.txt
@@ -0,0 +1,12 @@
 用户信息标签
 >>dede>>
 {dede:userinfo mid=''}
 <p>
 	<span>用户名：[field:uname/]</span>
 	<span>用户等级：[field:rankname /]</span>
 	<span>注册时间：[field:jointime function="MyDate('Y-m-d H:m',@me)"/]</span>
 	<span>登录时间：[field:logintime function="MyDate('Y-m-d H:m',@me)"/]</span>
 </p>
 {/dede:userinfo}
 >>dede>>
 mid='' 数字，用户ID，如果是管理员则不显示，如果为空，在文档详情页面则显示当前文档关联的会员信息
--- a/src/system/taglib/userinfo.lib.php
+++ b/src/system/taglib/userinfo.lib.php
@@ -0,0 +1,48 @@
 <?php
 if (!defined('DEDEINC')) exit ('dedebiz');
 /**
 * 会员信息标签
 *
 * @version        $id:userinfo.lib.php tianya $
 * @package        DedeBIZ.Taglib
 * @copyright      Copyright (c) 2023 DedeBIZ.COM
 * @license        GNU GPL v2 (https://www.dedebiz.com/license)
 * @link           https://www.dedebiz.com
 */
 function lib_userinfo(&$ctag, &$refObj)
 {
    global $dsql;
    $attlist="mid|0";
    FillAttsDefault($ctag->CAttribute->Items,$attlist);
    extract($ctag->CAttribute->Items, EXTR_SKIP);
    $rmid = !empty($refObj->Fields['mid'])? intval($refObj->Fields['mid']) : 0;
    $mid = $mid > 0 ? $mid : $rmid;
    if ($mid == 0) return "";
    $revalue = '';
    $innerText = trim($ctag->GetInnerText());
    if(empty($innerText)) $innerText = GetSysTemplets('userinfo.htm');

    $sql = "SELECT U.*,US.spacename,US.sign,AR.membername as rankname FROM `#@__member` U
        LEFT JOIN `#@__member_space` US ON US.mid = U.mid 
        LEFT JOIN `#@__arcrank` AR ON AR.`rank` = U.`rank`
        WHERE U.mid='{$mid}' LIMIT 0,1 ";

    $ctp = new DedeTagParse();
    $ctp->SetNameSpace('field','[',']');
    $ctp->LoadSource($innerText);

    $dsql->Execute('user',$sql);
    while($row = $dsql->GetArray('user'))
    {
        if($row['matt']==10) return ''; //不显示管理员信息
        $row['userurl'] = $GLOBALS['cfg_memberurl'].'/index.php?uid='.$row['userid'];
        $row['face'] = empty($row['face'])? $GLOBALS['cfg_mainsite'].'/static/web/img/admin.png' : $row['face'];
        foreach($ctp->CTags as $tagid=>$ctag)
        {
            if(isset($row[$ctag->GetName()])){ $ctp->Assign($tagid,$row[$ctag->GetName()]); }
        }
        $revalue .= $ctp->GetResult();
    }
    return $revalue;
 }
 ?>
--- a/src/theme/system/userinfo.htm
+++ b/src/theme/system/userinfo.htm
@@ -0,0 +1,6 @@
 <p>
 	<span>用户名：[field:uname/]</span>
 	<span>用户等级：[field:rankname /]</span>
 	<span>注册时间：[field:jointime function="MyDate('Y-m-d H:m',@me)"/]</span>
 	<span>登录时间：[field:logintime function="MyDate('Y-m-d H:m',@me)"/]</span>
 </p>
--- a/src/user/index.php
+++ b/src/user/index.php
@@ -48,6 +48,10 @@ if ($uid == '') {
    $userid = preg_replace("#[\r\n\t \*%]#", '', $uid);
    $query = "SELECT MB.mid,MB.mtype,MB.userid,MB.uname,MB.sex,MB.rank,MB.email,MB.scores,MB.spacesta,MB.face,MB.logintime,MS.*,MT.*,MB.matt,MR.membername FROM `#@__member` MB LEFT JOIN `#@__member_space` MS on MS.mid=MB.mid LEFT JOIN `#@__member_tj` MT on MT.mid=MB.mid LEFT JOIN `#@__arcrank` MR on MR.rank=MB.rank WHERE MB.userid like '$uid' ";
    $_vars = $dsql->GetOne($query);
    if ($cfg_mb_adminlock == "Y" && $_vars['rank']==10) {
        ShowMsg("无法浏览管理员用户的空间","javascript:;");
        exit();
    }
    if (!is_array($_vars)) {
        ShowMsg("你访问的用户可能已经被删除","javascript:;");
        exit();