| 等级: |
SetQuery("Select rank,membername From `#@__arcrank` where rank>0");
$dsql->Execute('n');
$MemberTypes[0] = "限制会员";
diff --git a/src/member/archives_add.php b/src/member/archives_add.php
index 483f5647..0f639e7e 100755
--- a/src/member/archives_add.php
+++ b/src/member/archives_add.php
@@ -92,7 +92,7 @@ else if($dopost=='save')
}
}
- if (empty($dede_fieldshash) || $dede_fieldshash != md5($dede_addonfields.$cfg_cookie_encode))
+ if (empty($dede_fieldshash) || $dede_fieldshash !== md5($dede_addonfields . 'anythingelse' . $cfg_cookie_encode))
{
showMsg('数据校验不对,程序返回', '-1');
exit();
diff --git a/src/member/archives_do.php b/src/member/archives_do.php
index dc2c0214..0b7c7a6e 100755
--- a/src/member/archives_do.php
+++ b/src/member/archives_do.php
@@ -201,52 +201,4 @@ else if($dopost=="viewArchives")
}else{
header("location:/book/book.php?bid=".$aid);
}
-}
-
-/*--------------
-function DelUploads()
-删除上传的附件
-----------------*/
-else if($dopost=="delUploads")
-{
- CheckRank(0,0);
- if(empty($ids))
- {
- $ids = '';
- }
-
- $tj = 0;
- if($ids=='')
- {
- $arow = $dsql->GetOne("SELECT url,mid FROM `#@__uploads` WHERE aid='$aid'; ");
- if(is_array($arow) && $arow['mid']==$cfg_ml->M_ID)
- {
- $dsql->ExecuteNoneQuery("DELETE FROM `#@__uploads` WHERE aid='$aid'; ");
- if(file_exists($cfg_basedir.$arow['url']))
- {
- @unlink($cfg_basedir.$arow['url']);
- }
- }
- $tj++;
- }
- else
- {
- $ids = explode(',',$ids);
- foreach($ids as $aid)
- {
- $aid = preg_replace("#[^0-9]#", "", $aid);
- $arow = $dsql->GetOne("SELECT url,mid From #@__uploads WHERE aid='$aid'; ");
- if(is_array($arow) && $arow['mid']==$cfg_ml->M_ID)
- {
- $dsql->ExecuteNoneQuery("DELETE FROM `#@__uploads` WHERE aid='$aid'; ");
- $tj++;
- if(file_exists($cfg_basedir.$arow['url']))
- {
- @unlink($cfg_basedir.$arow['url']);
- }
- }
- }
- }
- ShowMsg("成功删除 $tj 个附件!",$ENV_GOBACK_URL);
- exit();
}
\ No newline at end of file
diff --git a/src/member/archives_edit.php b/src/member/archives_edit.php
index fee982df..8d5c9439 100755
--- a/src/member/archives_edit.php
+++ b/src/member/archives_edit.php
@@ -88,7 +88,7 @@ else if($dopost=='save')
}
}
- if (empty($idhash) || $idhash != md5($aid.$cfg_cookie_encode))
+ if (empty($idhash) || $idhash != hash("sha256", $aid.$cfg_cookie_encode))
{
showMsg('数据校验不对,程序返回', '-1');
exit();
diff --git a/src/member/archives_sg_add.php b/src/member/archives_sg_add.php
index 6ee9be47..37bb30f4 100755
--- a/src/member/archives_sg_add.php
+++ b/src/member/archives_sg_add.php
@@ -80,6 +80,9 @@ else if($dopost=='save')
}
}
+ // 校验CSRF
+ CheckCSRF();
+
$flag = '';
$autokey = $remote = $dellink = $autolitpic = 0;
$userip = GetIP();
@@ -135,10 +138,6 @@ else if($dopost=='save')
$mid = $cfg_ml->M_ID;
$description=empty($description)? "" : $description;
- //处理上传的缩略图
- $litpic = MemberUploads('litpic','',$cfg_ml->M_ID,'image','',$cfg_ddimg_width,$cfg_ddimg_height,false);
- if($litpic!='') SaveUploadInfo($title,$litpic,1);
-
//分析处理附加表数据
$inadd_f = $inadd_v = '';
if(!empty($dede_addonfields))
@@ -173,12 +172,6 @@ else if($dopost=='save')
}
}
- if (empty($dede_fieldshash) || $dede_fieldshash != md5($dede_addonfields.$cfg_cookie_encode))
- {
- showMsg('数据校验不对,程序返回', '-1');
- exit();
- }
-
// 这里对前台提交的附加数据进行一次校验
$fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'],'autofield', FALSE);
if ($fontiterm != str_replace('`', '', $inadd_f))
@@ -206,7 +199,7 @@ else if($dopost=='save')
}
else
{
- $inquery = "INSERT INTO `{$addtable}`(aid,typeid,arcrank,mid,channel,title,senddate,litpic,userip{$inadd_f}) Values('$arcID','$typeid','$arcrank','$mid','$channelid','$title','$senddate','$litpic','$userip'{$inadd_v})";
+ $inquery = "INSERT INTO `{$addtable}`(aid,typeid,arcrank,mid,channel,title,senddate,litpic,userip{$inadd_f}) Values('$arcID','$typeid','$arcrank','$mid','$channelid','$title','$senddate','','$userip'{$inadd_v})";
if(!$dsql->ExecuteNoneQuery($inquery))
{
$gerr = $dsql->GetError();
diff --git a/src/member/archives_sg_edit.php b/src/member/archives_sg_edit.php
index 5aa8b86a..a28b76ec 100755
--- a/src/member/archives_sg_edit.php
+++ b/src/member/archives_sg_edit.php
@@ -49,7 +49,6 @@ function _SaveArticle(){ }
------------------------------*/
else if($dopost=='save')
{
-
require_once(DEDEINC."/image.func.php");
require_once(DEDEINC."/oxwindow.class.php");
$flag = '';
@@ -83,6 +82,9 @@ else if($dopost=='save')
exit();
}
+ // 校验CSRF
+ CheckCSRF();
+
//文档的默认状态
if($cInfos['arcsta']==0)
{
@@ -101,11 +103,6 @@ else if($dopost=='save')
$title = cn_substrR(HtmlReplace($title, 1), $cfg_title_maxlen);
$mid = $cfg_ml->M_ID;
- //处理上传的缩略图
- $litpic = MemberUploads('litpic', $oldlitpic, $mid, 'image', '', $cfg_ddimg_width, $cfg_ddimg_height, FALSE);
- if($litpic!='') SaveUploadInfo($title, $litpic, 1);
- else $litpic =$oldlitpic;
-
//分析处理附加表数据
$inadd_f = $inadd_m = '';
if(!empty($dede_addonfields))
@@ -137,11 +134,6 @@ else if($dopost=='save')
$inadd_m .= ','.$vs[0];
}
}
- if (empty($idhash) || $idhash != md5($aid.$cfg_cookie_encode))
- {
- showMsg('数据校验不对,程序返回', '-1');
- exit();
- }
// 这里对前台提交的附加数据进行一次校验
$fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'],'autofield', FALSE);
@@ -154,7 +146,7 @@ else if($dopost=='save')
if($addtable!='')
{
- $upQuery = "UPDATE `$addtable` SET `title`='$title',`typeid`='$typeid',`arcrank`='$arcrank',litpic='$litpic',userip='$userip'{$inadd_f} WHERE aid='$aid' ";
+ $upQuery = "UPDATE `$addtable` SET `title`='$title',`typeid`='$typeid',`arcrank`='$arcrank',userip='$userip'{$inadd_f} WHERE aid='$aid' ";
if(!$dsql->ExecuteNoneQuery($upQuery))
{
ShowMsg("更新附加表 `$addtable` 时出错,请联系管理员!","javascript:;");
diff --git a/src/member/article_add.php b/src/member/article_add.php
index 56311a05..a31ed6db 100755
--- a/src/member/article_add.php
+++ b/src/member/article_add.php
@@ -79,13 +79,6 @@ else if($dopost=='save')
}
}
}
-
- if (empty($dede_fieldshash) || ( $dede_fieldshash != md5($dede_addonfields . $cfg_cookie_encode) && $dede_fieldshash != md5($dede_addonfields . 'anythingelse' . $cfg_cookie_encode)) )
- {
- showMsg('数据校验不对,程序返回', '-1');
- exit();
- }
-
// 这里对前台提交的附加数据进行一次校验
$fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'],'autofield', FALSE);
@@ -95,11 +88,6 @@ else if($dopost=='save')
exit();
}
- //处理图片文档的自定义属性
- if($litpic!='')
- {
- $flag = 'p';
- }
$body = AnalyseHtmlBody($body, $description);
$body = HtmlReplace($body, -1);
@@ -115,7 +103,7 @@ else if($dopost=='save')
$inQuery = "INSERT INTO `#@__archives`(id,typeid,sortrank,flag,ismake,channel,arcrank,click,money,title,shorttitle,
color,writer,source,litpic,pubdate,senddate,mid,description,keywords,mtype)
VALUES ('$arcID','$typeid','$sortrank','$flag','$ismake','$channelid','$arcrank','0','$money','$title','$shorttitle',
-'$color','$writer','$source','$litpic','$pubdate','$senddate','$mid','$description','$keywords','$mtypesid'); ";
+'$color','$writer','$source','','$pubdate','$senddate','$mid','$description','$keywords','$mtypesid'); ";
if(!$dsql->ExecuteNoneQuery($inQuery))
{
$gerr = $dsql->GetError();
diff --git a/src/member/article_edit.php b/src/member/article_edit.php
index bd0df88f..f3690f49 100755
--- a/src/member/article_edit.php
+++ b/src/member/article_edit.php
@@ -79,12 +79,6 @@ else if($dopost=='save')
}
}
- if (empty($dede_fieldshash) || $dede_fieldshash != md5($dede_addonfields.$cfg_cookie_encode))
- {
- showMsg('数据校验不对,程序返回', '-1');
- exit();
- }
-
// 这里对前台提交的附加数据进行一次校验
$fontiterm = PrintAutoFieldsAdd($cInfos['fieldset'],'autofield', FALSE);
if ($fontiterm != $inadd_f)
@@ -97,16 +91,12 @@ else if($dopost=='save')
$body = AnalyseHtmlBody($body,$description);
$body = HtmlReplace($body,-1);
- //处理图片文档的自定义属性
- if($litpic!='') $flag = 'p';
-
//更新数据库的SQL语句
$upQuery = "UPDATE `#@__archives` SET
ismake='$ismake',
arcrank='$arcrank',
typeid='$typeid',
title='$title',
- litpic='$litpic',
description='$description',
mtype = '$mtypesid',
keywords='$keywords',
diff --git a/src/member/config.php b/src/member/config.php
index 9919c776..81c5198a 100755
--- a/src/member/config.php
+++ b/src/member/config.php
@@ -78,6 +78,39 @@ require_once(DEDEINC.'/filter.inc.php');
require_once(DEDEINC.'/memberlogin.class.php');
require_once(DEDEINC.'/dedetemplate.class.php');
+// 检查CSRF
+function CheckCSRF()
+{
+ $cc_csrf_token_check = GetCookie("dede_csrf_token");
+ if (
+ !(isset($_POST['_csrf_token'], $cc_csrf_token_check)
+ && is_string($_POST['_csrf_token']) && is_string($cc_csrf_token_check)
+ && hash_equals($_POST['_csrf_token'], $cc_csrf_token_check))
+ ) {
+ ShowMsg('CSRF校验失败,请刷新页面重新提交', '-1');
+ exit();
+ }
+
+ DropCookie("dede_csrf_token");
+}
+
+// 生成CSRF校验token,在比较重要的表单中应该要加上这个token校验
+$cc_csrf_token = GetCookie("dede_csrf_token");
+if (!isset($GLOBALS['csrf_token']) || $GLOBALS['csrf_token'] === null) {
+ if (isset($cc_csrf_token) && is_string($cc_csrf_token)
+ && preg_match('#^[0-9a-f]{32}$#iS',$cc_csrf_token) === 1
+ ) {
+ $GLOBALS['csrf_token'] = $cc_csrf_token;
+ } else {
+ $GLOBALS['csrf_token'] = md5(uniqid(mt_rand(), TRUE));
+ }
+}
+
+if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') {
+ PutCookie('dede_csrf_token', $GLOBALS['csrf_token'], 7200, '/');
+}
+
+
//获得当前脚本名称,如果你的系统被禁用了$_SERVER变量,请自行更改这个选项
$dedeNowurl = $s_scriptName = '';
$dedeNowurl = GetCurUrl();
diff --git a/src/member/edit_baseinfo.php b/src/member/edit_baseinfo.php
index 905e7828..59c607db 100755
--- a/src/member/edit_baseinfo.php
+++ b/src/member/edit_baseinfo.php
@@ -1,4 +1,5 @@
GetOne("SELECT * FROM `#@__member` WHERE mid='".$cfg_ml->M_ID."'");
+$pwd2 = (empty($pwd2)) ? "" : $pwd2;
+$row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='" . $cfg_ml->M_ID . "'");
$face = $row['face'];
-if($dopost=='save')
-{
+if ($dopost == 'save') {
$svali = GetCkVdValue();
- if(strtolower($vdcode) != $svali || $svali=='')
- {
+ // 校验CSRF
+ CheckCSRF();
+
+ if (strtolower($vdcode) != $svali || $svali == '') {
ReSETVdValue();
- ShowMsg('验证码错误!','-1');
+ ShowMsg('验证码错误!', '-1');
exit();
}
- if(!is_array($row) || $row['pwd'] != md5($oldpwd))
- {
- ShowMsg('你输入的旧密码错误或没填写,不允许修改资料!','-1');
+ if (!is_array($row) || $row['pwd'] != md5($oldpwd)) {
+ ShowMsg('你输入的旧密码错误或没填写,不允许修改资料!', '-1');
exit();
}
- if($userpwd != $userpwdok)
- {
- ShowMsg('你两次输入的新密码不一致!','-1');
+ if ($userpwd != $userpwdok) {
+ ShowMsg('你两次输入的新密码不一致!', '-1');
exit();
}
- if($userpwd=='')
- {
+ if ($userpwd == '') {
$pwd = $row['pwd'];
- }
- else
- {
+ } else {
$pwd = md5($userpwd);
- $pwd2 = substr(md5($userpwd),5,20);
+ $pwd2 = substr(md5($userpwd), 5, 20);
}
$addupquery = '';
-
- #api{{
- if(defined('UC_API') && @include_once DEDEROOT.'/uc_client/client.php')
- {
- $emailnew = $email != $row['email'] ? $email : '';
- $ucresult = uc_user_edit($cfg_ml->M_LoginID, $oldpwd, $userpwd, $emailnew);
- }
- #/aip}}
-
+
//修改安全问题或Email
- if($email != $row['email'] || ($newsafequestion != 0 && $newsafeanswer != ''))
- {
- if($row['safequestion']!=0 && ($row['safequestion'] != $safequestion || $row['safeanswer'] != $safeanswer))
- {
- ShowMsg('你的旧安全问题及答案不正确,不能修改Email或安全问题!','-1');
+ if ($email != $row['email'] || ($newsafequestion != 0 && $newsafeanswer != '')) {
+ if ($row['safequestion'] != 0 && ($row['safequestion'] != $safequestion || $row['safeanswer'] != $safeanswer)) {
+ ShowMsg('你的旧安全问题及答案不正确,不能修改Email或安全问题!', '-1');
exit();
}
//修改Email
- if($email != $row['email'])
- {
- if(!CheckEmail($email))
- {
- ShowMsg('Email格式不正确!','-1');
+ if ($email != $row['email']) {
+ if (!CheckEmail($email)) {
+ ShowMsg('Email格式不正确!', '-1');
exit();
- }
- else
- {
+ } else {
$addupquery .= ",email='$email'";
}
}
//修改安全问题
- if($newsafequestion != 0 && $newsafeanswer != '')
- {
- if(strlen($newsafeanswer) > 30)
- {
- ShowMsg('你的新安全问题的答案太长了,请保持在30字节以内!','-1');
+ if ($newsafequestion != 0 && $newsafeanswer != '') {
+ if (strlen($newsafeanswer) > 30) {
+ ShowMsg('你的新安全问题的答案太长了,请保持在30字节以内!', '-1');
exit();
- }
- else
- {
- $newsafequestion = HtmlReplace($newsafequestion,1);
- $newsafeanswer = HtmlReplace($newsafeanswer,1);
+ } else {
+ $newsafequestion = HtmlReplace($newsafequestion, 1);
+ $newsafeanswer = HtmlReplace($newsafeanswer, 1);
$addupquery .= ",safequestion='$newsafequestion',safeanswer='$newsafeanswer'";
}
}
}
//修改uname
- if($uname != $row['uname'])
- {
- $rs = CheckUserID($uname,'昵称或公司名称',FALSE);
- if($rs!='ok')
- {
- ShowMsg($rs,'-1');
+ if ($uname != $row['uname']) {
+ $rs = CheckUserID($uname, '昵称或公司名称', FALSE);
+ if ($rs != 'ok') {
+ ShowMsg($rs, '-1');
exit();
}
$addupquery .= ",uname='$uname'";
}
-
+
//性别
- if( !in_array($sex, array('男','女','保密')) )
- {
- ShowMsg('请选择正常的性别!','-1');
- exit();
+ if (!in_array($sex, array('男', '女', '保密'))) {
+ ShowMsg('请选择正常的性别!', '-1');
+ exit();
}
-
- $query1 = "UPDATE `#@__member` SET pwd='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' ";
+
+ $query1 = "UPDATE `#@__member` SET pwd='$pwd',sex='$sex'{$addupquery} where mid='" . $cfg_ml->M_ID . "' ";
$dsql->ExecuteNoneQuery($query1);
//如果是管理员,修改其后台密码
- if($cfg_ml->fields['matt']==10 && $pwd2!="")
- {
- $query2 = "UPDATE `#@__admin` SET pwd='$pwd2' where id='".$cfg_ml->M_ID."' ";
+ if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") {
+ $query2 = "UPDATE `#@__admin` SET pwd='$pwd2' where id='" . $cfg_ml->M_ID . "' ";
$dsql->ExecuteNoneQuery($query2);
}
// 清除会员缓存
$cfg_ml->DelCache($cfg_ml->M_ID);
- ShowMsg('成功更新你的基本资料!','edit_baseinfo.php',0,5000);
+ ShowMsg('成功更新你的基本资料!', 'edit_baseinfo.php', 0, 5000);
exit();
}
-include(DEDEMEMBER."/templets/edit_baseinfo.htm");
\ No newline at end of file
+include(DEDEMEMBER . "/templets/edit_baseinfo.htm");
diff --git a/src/member/edit_face.php b/src/member/edit_face.php
index 5f595344..ddd87f36 100755
--- a/src/member/edit_face.php
+++ b/src/member/edit_face.php
@@ -19,31 +19,10 @@ if(!isset($backurl))
}
if($dopost=='save')
{
- $maxlength = $cfg_max_face * 1024;
- $userdir = $cfg_user_dir.'/'.$cfg_ml->M_ID;
- if(!preg_match("#^".$userdir."#", $oldface))
- {
- $oldface = '';
- }
- if(is_uploaded_file($face))
- {
- if(@filesize($_FILES['face']['tmp_name']) > $maxlength)
- {
- ShowMsg("你上传的头像文件超过了系统限制大小:{$cfg_max_face} K!", '-1');
- exit();
- }
- //删除旧图片(防止文件扩展名不同,如:原来的是gif,后来的是jpg)
- if(preg_match("#\.(jpg|gif|png)$#i", $oldface) && file_exists($cfg_basedir.$oldface))
- {
- @unlink($cfg_basedir.$oldface);
- }
- //上传新工图片
- $face = MemberUploads('face', $oldface, $cfg_ml->M_ID, 'image', 'myface', 180, 180);
- }
- else
- {
- $face = $oldface;
- }
+ // 校验CSRF
+ CheckCSRF();
+ $face = HtmlReplace($faceurl,-1);
+
$query = "UPDATE `#@__member` SET `face` = '$face' WHERE mid='{$cfg_ml->M_ID}' ";
$dsql->ExecuteNoneQuery($query);
// 清除缓存
@@ -51,30 +30,6 @@ if($dopost=='save')
ShowMsg('成功更新头像信息!', $backurl);
exit();
}
-else if($dopost=='delold')
-{
- if(empty($oldface))
- {
- ShowMsg("没有可删除的头像!", "-1");
- exit();
- }
- $userdir = $cfg_user_dir.'/'.$cfg_ml->M_ID;
- if(!preg_match("#^".$userdir."#", $oldface) || preg_match('#\.\.#', $oldface))
- {
- $oldface = '';
- }
- if(preg_match("#\.(jpg|gif|png)$#i", $oldface) && file_exists($cfg_basedir.$oldface))
- {
- @unlink($cfg_basedir.$oldface);
- }
- $query = "UPDATE `#@__member` SET `face` = '' WHERE mid='{$cfg_ml->M_ID}' ";
- $dsql->ExecuteNoneQuery($query);
- // 清除缓存
- $cfg_ml->DelCache($cfg_ml->M_ID);
- ShowMsg('成功删除原来的头像!', $backurl);
- exit();
-}
$face = $cfg_ml->fields['face'];
include(DEDEMEMBER."/templets/edit_face.htm");
exit();
-?>
\ No newline at end of file
diff --git a/src/member/edit_fullinfo.php b/src/member/edit_fullinfo.php
index fa2ced7a..4bcc4cfc 100755
--- a/src/member/edit_fullinfo.php
+++ b/src/member/edit_fullinfo.php
@@ -1,4 +1,5 @@
M_MbType);
$modelform = $dsql->GetOne("SELECT * FROM #@__member_model WHERE id='$membermodel->modid' ");
- if(!is_array($modelform))
- {
+ if (!is_array($modelform)) {
showmsg('模型表单不存在', '-1');
exit();
}
- $row = $dsql->GetOne("SELECT * FROM ".$modelform['table']." WHERE mid=$cfg_ml->M_ID");
- if(!is_array($row))
- {
+ $row = $dsql->GetOne("SELECT * FROM " . $modelform['table'] . " WHERE mid=$cfg_ml->M_ID");
+ if (!is_array($row)) {
showmsg("你访问的记录不存在或未经审核", '-1');
exit();
}
$postform = $membermodel->getForm('edit', $row, 'membermodel');
- include(DEDEMEMBER."/templets/edit_fullinfo.htm");
+ include(DEDEMEMBER . "/templets/edit_fullinfo.htm");
exit();
}
/*------------------------
function __Save()
------------------------*/
-if($dopost=='save'){
-
- $membermodel = new membermodel($cfg_ml->M_MbType);
- $postform = $membermodel->getForm(true);
+if ($dopost == 'save') {
+ // 校验CSRF
+ CheckCSRF();
- //这里完成详细内容填写
- $dede_fields = empty($dede_fields) ? '' : trim($dede_fields);
- $dede_fieldshash = empty($dede_fieldshash) ? '' : trim($dede_fieldshash);
- $modid = empty($modid)? 0 : intval(preg_replace("/[^\d]/",'', $modid));
-
- if(!empty($dede_fields))
- {
- if($dede_fieldshash != md5($dede_fields.$cfg_cookie_encode))
- {
- showMsg('数据校验不对,程序返回', '-1');
- exit();
- }
- }
- $modelform = $dsql->GetOne("SELECT * FROM #@__member_model WHERE id='$modid' ");
- if(!is_array($modelform))
- {
- showmsg('模型表单不存在', '-1');
+ $membermodel = new membermodel($cfg_ml->M_MbType);
+ $postform = $membermodel->getForm(true);
+
+ //这里完成详细内容填写
+ $dede_fields = empty($dede_fields) ? '' : trim($dede_fields);
+ $dede_fieldshash = empty($dede_fieldshash) ? '' : trim($dede_fieldshash);
+ $modid = empty($modid) ? 0 : intval(preg_replace("/[^\d]/", '', $modid));
+
+ if (!empty($dede_fields)) {
+ if ($dede_fieldshash != md5($dede_fields . $cfg_cookie_encode)) {
+ showMsg('数据校验不对,程序返回', '-1');
exit();
}
-
- $inadd_f = '';
- if(!empty($dede_fields))
- {
- $fieldarr = explode(';', $dede_fields);
- if(is_array($fieldarr))
- {
- foreach($fieldarr as $field)
- {
- if($field == '') continue;
- $fieldinfo = explode(',', $field);
- if($fieldinfo[1] == 'textdata')
- {
- ${$fieldinfo[0]} = FilterSearch(stripslashes(${$fieldinfo[0]}));
- ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});
- } else if ($fieldinfo[1] == 'img')
- {
- ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});
- }
- else
- {
- if(empty(${$fieldinfo[0]})) ${$fieldinfo[0]} = '';
- ${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','diy', $fieldinfo[0]);
- }
- if($fieldinfo[0]=="birthday") ${$fieldinfo[0]}=GetDateMk(${$fieldinfo[0]});
- $inadd_f .= ','.$fieldinfo[0]." ='".${$fieldinfo[0]}."'";
+ }
+ $modelform = $dsql->GetOne("SELECT * FROM #@__member_model WHERE id='$modid' ");
+ if (!is_array($modelform)) {
+ showmsg('模型表单不存在', '-1');
+ exit();
+ }
+
+ $inadd_f = '';
+ if (!empty($dede_fields)) {
+ $fieldarr = explode(';', $dede_fields);
+ if (is_array($fieldarr)) {
+ foreach ($fieldarr as $field) {
+ if ($field == '') continue;
+ $fieldinfo = explode(',', $field);
+ if ($fieldinfo[1] == 'textdata') {
+ ${$fieldinfo[0]} = FilterSearch(stripslashes(${$fieldinfo[0]}));
+ ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});
+ } else if ($fieldinfo[1] == 'img') {
+ ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});
+ } else {
+ if (empty(${$fieldinfo[0]})) ${$fieldinfo[0]} = '';
+ ${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1], 0, 'add', '', 'diy', $fieldinfo[0]);
}
+ if ($fieldinfo[0] == "birthday") ${$fieldinfo[0]} = GetDateMk(${$fieldinfo[0]});
+ ${$fieldinfo[0]} = HtmlReplace(${$fieldinfo[0]}, -1);
+ $inadd_f .= ',' . $fieldinfo[0] . " ='" . ${$fieldinfo[0]} . "'";
}
-
- }
- $inadd_f=preg_replace('/,/','',$inadd_f,1);
- $query = "UPDATE `{$membermodel->table}`set {$inadd_f} WHERE mid='{$cfg_ml->M_ID}'";
- // 清除缓存
- $cfg_ml->DelCache($cfg_ml->M_ID);
-
- if(!$dsql->ExecuteNoneQuery($query))
- {
- ShowMsg("更新附加表 `{$membermodel->table}` 时出错,请联系管理员!","javascript:;");
- exit();
- }else{
- ShowMsg('成功更新你的详细资料!','edit_fullinfo.php',0,5000);
- exit();
}
-}
\ No newline at end of file
+ }
+ $inadd_f = preg_replace('/,/', '', $inadd_f, 1);
+ $query = "UPDATE `{$membermodel->table}` set {$inadd_f} WHERE mid='{$cfg_ml->M_ID}'";
+
+ // 清除缓存
+ $cfg_ml->DelCache($cfg_ml->M_ID);
+
+ if (!$dsql->ExecuteNoneQuery($query)) {
+ ShowMsg("更新附加表 `{$membermodel->table}` 时出错,请联系管理员!", "javascript:;");
+ exit();
+ } else {
+ ShowMsg('成功更新你的详细资料!', 'edit_fullinfo.php', 0, 5000);
+ exit();
+ }
+}
diff --git a/src/member/edit_space_info.php b/src/member/edit_space_info.php
index 0bf572d0..377ba6b3 100755
--- a/src/member/edit_space_info.php
+++ b/src/member/edit_space_info.php
@@ -21,34 +21,8 @@ if($dopost=='save')
$spacename =(empty($spacename))? "" : $spacename;
$maxlength = $cfg_max_face * 1024;
$userdir = $cfg_user_dir.'/'.$cfg_ml->M_ID;
-
- if (strpos($oldspacelogo,"..") > 0)
- {
- die("not support!");
- }
-
- if(!preg_match('#^'.$userdir."#", $oldspacelogo))
- {
- $oldspacelogo = '';
- }
-
- if(is_uploaded_file($spacelogo))
- {
- if(@filesize($_FILES['spacelogo']['tmp_name']) > $maxlength)
- {
- ShowMsg("你上传的Logo文件超过了系统限制大小:{$cfg_max_face} K!", '-1');
- exit();
- }
- //删除旧图片(防止文件扩展名不同,如:原来的是gif,后来的是jpg)
- if(preg_match("#\.(jpg|gif|png)$#i", $oldspacelogo) && file_exists($cfg_basedir.$oldspacelogo))
- {
- @unlink($cfg_basedir.$oldspacelogo);
- }
- //上传新工图片
- $spacelogo = MemberUploads('spacelogo','',$cfg_ml->M_ID,'image','mylogo', 200, 50);
- } else {
- $spacelogo = $oldspacelogo;
- }
+
+ $spacelogo = HtmlReplace($spacelogo, -1) ;
$pagesize = intval($pagesize);
if($pagesize<=0)
{
diff --git a/src/member/inc/archives_check.php b/src/member/inc/archives_check.php
index 79d60e00..664acaf9 100755
--- a/src/member/inc/archives_check.php
+++ b/src/member/inc/archives_check.php
@@ -1,4 +1,5 @@
GetOne($query);
//检测栏目是否有投稿权限
-if($cInfos['issend']!=1 || $cInfos['ispart']!=0 || $cInfos['channeltype']!=$channelid || $cInfos['cissend']!=1)
-{
- ShowMsg("你所选择的栏目不支持投稿!","-1");
+if ($cInfos['issend'] != 1 || $cInfos['ispart'] != 0 || $cInfos['channeltype'] != $channelid || $cInfos['cissend'] != 1) {
+ ShowMsg("你所选择的栏目不支持投稿!", "-1");
exit();
}
//检查频道设定的投稿许可权限
-if($cInfos['sendrank'] > $cfg_ml->M_Rank )
-{
- $row = $dsql->GetOne("Select membername From #@__arcrank where rank='".$cInfos['sendrank']."' ");
- ShowMsg("对不起,需要[".$row['membername']."]才能在这个频道发布文档!","-1","0",5000);
+if ($cInfos['sendrank'] > $cfg_ml->M_Rank) {
+ $row = $dsql->GetOne("Select membername From #@__arcrank where rank='" . $cInfos['sendrank'] . "' ");
+ ShowMsg("对不起,需要[" . $row['membername'] . "]才能在这个频道发布文档!", "-1", "0", 5000);
exit();
}
-if($cInfos['usertype'] !='' && $cInfos['usertype'] != $cfg_ml->M_MbType)
-{
- ShowMsg("对不起,需要[".$cInfos['usertype']."]才能在这个频道发布文档!","-1","0",5000);
+if ($cInfos['usertype'] != '' && $cInfos['usertype'] != $cfg_ml->M_MbType) {
+ ShowMsg("对不起,需要[" . $cInfos['usertype'] . "]才能在这个频道发布文档!", "-1", "0", 5000);
exit();
}
//文档的默认状态
-if($cInfos['arcsta']==0)
-{
+if ($cInfos['arcsta'] == 0) {
$ismake = 0;
$arcrank = 0;
-}
-else if($cInfos['arcsta']==1)
-{
+} else if ($cInfos['arcsta'] == 1) {
$ismake = -1;
$arcrank = 0;
-}
-else
-{
+} else {
$ismake = 0;
$arcrank = -1;
}
@@ -90,24 +82,18 @@ else
$money = 0;
$flag = $shorttitle = $color = $source = '';
$sortrank = $senddate = $pubdate = time();
-$title = cn_substrR(HtmlReplace($title,1),$cfg_title_maxlen);
-$writer = cn_substrR(HtmlReplace($writer,1),20);
-if(empty($description)) $description = '';
-$description = cn_substrR(HtmlReplace($description,1),250);
-$keywords = cn_substrR(HtmlReplace($tags,1),30);
+$title = cn_substrR(HtmlReplace($title, 1), $cfg_title_maxlen);
+$writer = cn_substrR(HtmlReplace($writer, 1), 20);
+if (empty($description)) $description = '';
+$description = cn_substrR(HtmlReplace($description, 1), 250);
+$keywords = cn_substrR(HtmlReplace($tags, 1), 30);
$mid = $cfg_ml->M_ID;
-//处理上传的缩略图
-$litpic = MemberUploads('litpic', '', $cfg_ml->M_ID, 'image', '', $cfg_ddimg_width, $cfg_ddimg_height, FALSE);
-if($litpic!='') SaveUploadInfo($title,$litpic,1);
-
//检测文档是否重复
-if($cfg_mb_cktitle=='Y')
-{
+if ($cfg_mb_cktitle == 'Y') {
$row = $dsql->GetOne("SELECT * FROM `#@__archives` WHERE title LIKE '$title' ");
- if(is_array($row))
- {
- ShowMsg("对不起,请不要发布重复文档!","-1","0",5000);
+ if (is_array($row)) {
+ ShowMsg("对不起,请不要发布重复文档!", "-1", "0", 5000);
exit();
}
-}
\ No newline at end of file
+}
diff --git a/src/member/inc/archives_check_edit.php b/src/member/inc/archives_check_edit.php
index 95ae9e6d..88fa736b 100755
--- a/src/member/inc/archives_check_edit.php
+++ b/src/member/inc/archives_check_edit.php
@@ -1,4 +1,5 @@
GetOne($query);
$addtable = $cInfos['addtable'];
//检测栏目是否有投稿权限
-if($cInfos['issend']!=1 || $cInfos['ispart']!=0|| $cInfos['channeltype']!=$channelid || $cInfos['cissend']!=1)
-{
- ShowMsg("你所选择的栏目不支持投稿!","-1");
+if ($cInfos['issend'] != 1 || $cInfos['ispart'] != 0 || $cInfos['channeltype'] != $channelid || $cInfos['cissend'] != 1) {
+ ShowMsg("你所选择的栏目不支持投稿!", "-1");
exit();
}
+
//文档的默认状态
-if($cInfos['arcsta']==0)
-{
+if ($cInfos['arcsta'] == 0) {
$ismake = 0;
$arcrank = 0;
-}
-else if($cInfos['arcsta']==1)
-{
+} else if ($cInfos['arcsta'] == 1) {
$ismake = -1;
$arcrank = 0;
-}
-else
-{
+} else {
$ismake = 0;
$arcrank = -1;
}
//对保存的内容进行处理
-$title = cn_substrR(HtmlReplace($title,1),$cfg_title_maxlen);
-$writer = cn_substrR(HtmlReplace($writer,1),20);
-if(empty($description)) $description = '';
-$description = cn_substrR(HtmlReplace($description,1),250);
-$keywords = cn_substrR(HtmlReplace($tags,1),30);
+$title = cn_substrR(HtmlReplace($title, 1), $cfg_title_maxlen);
+$writer = cn_substrR(HtmlReplace($writer, 1), 20);
+if (empty($description)) $description = '';
+$description = cn_substrR(HtmlReplace($description, 1), 250);
+$keywords = cn_substrR(HtmlReplace($tags, 1), 30);
$mid = $cfg_ml->M_ID;
$midQuery = "SELECT mid FROM `#@__arctiny` WHERE id='$aid'";
$midRow = $dsql->GetOne($midQuery);
-if($midRow['mid'] != $mid)
-{
- ShowMsg('您暂无权限在这里进行修改文档!','javascript:;');
+if ($midRow['mid'] != $mid) {
+ ShowMsg('您暂无权限在这里进行修改文档!', 'javascript:;');
exit;
}
-$isadmin = ($cfg_ml->fields['matt']==10 ? true : false);
-if (empty($oldlitpic))
-{
+$isadmin = ($cfg_ml->fields['matt'] == 10 ? true : false);
+if (empty($oldlitpic)) {
$oldlitpic = '';
}
-
-//处理上传的缩略图
-if($litpic != '')
-{
- $litpic = MemberUploads('litpic', $oldlitpic, $mid, 'image', '', $cfg_ddimg_width, $cfg_ddimg_height, false, $isadmin);
- SaveUploadInfo($title, $litpic, 1);
-}
-else
-{
- $litpic =$oldlitpic; if (strpos( $litpic, '..') !== false || strpos( $litpic, $cfg_user_dir."/{$userid}/" ) === false) exit('not allowed path!');
-}
\ No newline at end of file
diff --git a/src/member/inc/inc_archives_functions.php b/src/member/inc/inc_archives_functions.php
index 70175e74..34112708 100755
--- a/src/member/inc/inc_archives_functions.php
+++ b/src/member/inc/inc_archives_functions.php
@@ -217,7 +217,6 @@ function GetFormItemValueA($ctag,$fvalue)
*/
function PrintAutoFieldsAdd(&$fieldset, $loadtype='all', $isprint=TRUE)
{
- global $cfg_cookie_encode;
$dtp = new DedeTagParse();
$dtp->SetNameSpace('field','<','>');
$dtp->LoadSource($fieldset);
@@ -235,8 +234,8 @@ function PrintAutoFieldsAdd(&$fieldset, $loadtype='all', $isprint=TRUE)
}
}
}
- if ($isprint) echo "\r\n";
- echo "";
+
+ echo "";
// 增加一个返回
return $addonfieldsname;
}
@@ -267,7 +266,7 @@ function PrintAutoFieldsEdit(&$fieldset, &$fieldValues, $loadtype='all')
}
}
}
- echo "\r\n";
+ echo "";
}
/**
@@ -279,7 +278,6 @@ function PrintAutoFieldsEdit(&$fieldset, &$fieldValues, $loadtype='all')
*/
function MakeArt($aid, $ismakesign=FALSE)
{
- global $cfg_makeindex,$cfg_basedir,$cfg_templets_dir,$cfg_df_style;
include_once(DEDEINC.'/arc.archives.class.php');
if($ismakesign)
{
@@ -410,119 +408,3 @@ function GetCurContent(&$body)
$htd->Close();
return $body;
}
-
-/**
- * 上传一个未经处理的图片
- *
- * 参数一 upname 上传框名称
- * 参数二 handurl 手工填写的网址
- * 参数三 ddisremote 是否下载远程图片 0 不下, 1 下载
- * 参数四 ntitle 注解文字 如果表单有 title 字段可不管
- *
- * @access public
- * @param string $upname 上传名称
- * @param string $handurl 操作地址
- * @param int $isremote 是否远程
- * @param string $ntitle 注释文字
- * @return string
- */
-function UploadOneImage($upname,$handurl='',$isremote=1,$ntitle='')
-{
- global $cfg_ml,$cfg_basedir,$cfg_image_dir,$dsql,$title, $dsql;
- if($ntitle!='')
- {
- $title = $ntitle;
- }
- $ntime = time();
- $filename = '';
- $isrm_up = false;
- $handurl = trim($handurl);
- //如果用户自行上传了图片
- if(!empty($_FILES[$upname]['tmp_name']) && is_uploaded_file($_FILES[$upname]['tmp_name']))
- {
- $istype = 0;
- $sparr = Array("image/pjpeg","image/jpeg","image/gif","image/png");
- $_FILES[$upname]['type'] = strtolower(trim($_FILES[$upname]['type']));
- if(!in_array($_FILES[$upname]['type'],$sparr))
- {
- ShowMsg("上传的图片格式错误,请使用JPEG、GIF、PNG格式的其中一种!","-1");
- exit();
- }
- if(!empty($handurl) && !preg_match("#^http:\/\/#", $handurl) && file_exists($cfg_basedir.$handurl) )
- {
- $dsql->ExecuteNoneQuery("Delete From #@__uploads where url like '$handurl' ");
- $fullUrl = preg_replace("#\.([a-z]*)$#i", "", $handurl);
- }
- else
- {
- $savepath = $cfg_image_dir."/".strftime("%Y-%m",$ntime);
- CreateDir($savepath);
- $fullUrl = $savepath."/".strftime("%d",$ntime).dd2char(strftime("%H%M%S",$ntime).'0'.$cfg_ml->M_ID.'0'.mt_rand(1000,9999));
- }
- if(strtolower($_FILES[$upname]['type'])=="image/gif")
- {
- $fullUrl = $fullUrl.".gif";
- }
- else if(strtolower($_FILES[$upname]['type'])=="image/png")
- {
- $fullUrl = $fullUrl.".png";
- }
- else
- {
- $fullUrl = $fullUrl.".jpg";
- }
-
- //保存
- @move_uploaded_file($_FILES[$upname]['tmp_name'],$cfg_basedir.$fullUrl);
- $filename = $fullUrl;
-
- //水印
- @WaterImg($imgfile,'up');
- $isrm_up = TRUE;
- }
-
- //远程或选择本地图片
- else{
- if($handurl=='')
- {
- return '';
- }
-
- //远程图片并要求本地化
- if($isremote==1 && preg_match("#^http:\/\/#", $handurl))
- {
- $ddinfos = GetRemoteImage($handurl,$cuserLogin->getUserID());
- if(!is_array($ddinfos))
- {
- $litpic = "";
- }
- else
- {
- $filename = $ddinfos[0];
- }
- $isrm_up = TRUE;
-
- //本地图片或远程不要求本地化
- }
- else
- {
- $filename = $handurl;
- }
- }
- $imgfile = $cfg_basedir.$filename;
- if(is_file($imgfile) && $isrm_up && $filename!='')
- {
- $info = "";
- $imginfos = GetImageSize($imgfile,$info);
-
- //把新上传的图片信息保存到媒体文档管理档案中
- $inquery = "
- INSERT INTO #@__uploads(title,url,mediatype,width,height,playtime,filesize,uptime,mid)
- VALUES ('$title','$filename','1','".$imginfos[0]."','".$imginfos[1]."','0','".filesize($imgfile)."','".time()."','".$cfg_ml->M_ID."');
- ";
- $dsql->ExecuteNoneQuery($inquery);
- }
- $fid = $dsql->GetLastID();
- AddMyAddon($fid, $filename);
- return $filename;
-}
\ No newline at end of file
diff --git a/src/member/mystow.php b/src/member/mystow.php
index 2e16c23c..16eaf207 100755
--- a/src/member/mystow.php
+++ b/src/member/mystow.php
@@ -1,4 +1,5 @@
M_ID."' order by s.id desc";
+} else {
+ $sql = "SELECT s.*,t.* FROM `#@__member_stow` AS s left join `#@__member_stowtype` AS t on t.stowname=s.type where s.mid='" . $cfg_ml->M_ID . "' order by s.id desc";
$tpl = 'mystow';
}
-$dsql->Execute('nn','SELECT indexname,stowname FROM `#@__member_stowtype`');
-while($row = $dsql->GetArray('nn'))
-{
- $rows[]=$row;
+$dsql->Execute('nn', 'SELECT indexname,stowname FROM `#@__member_stowtype`');
+while ($row = $dsql->GetArray('nn')) {
+ $rows[] = $row;
}
$dlist = new DataListCP();
$dlist->pageSize = 20;
-$dlist->SetTemplate(DEDEMEMBER."/templets/$tpl.htm");
+$dlist->SetTemplate(DEDEMEMBER . "/templets/$tpl.htm");
$dlist->SetSource($sql);
-$dlist->Display();
\ No newline at end of file
+$dlist->Display();
diff --git a/src/member/templets/album_add.htm b/src/member/templets/album_add.htm
index 4cdfda53..7390af97 100755
--- a/src/member/templets/album_add.htm
+++ b/src/member/templets/album_add.htm
@@ -67,10 +67,6 @@
(内容的简要说明)
-
-
-
-
diff --git a/src/member/templets/album_edit.htm b/src/member/templets/album_edit.htm
index 11d5f4c0..097586d1 100755
--- a/src/member/templets/album_edit.htm
+++ b/src/member/templets/album_edit.htm
@@ -25,7 +25,7 @@
|