diff --git a/README.md b/README.md index 5f6230c1..43f37a92 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,2 @@ ## Doc -Visit [here](http://doc.nexusphp.cn/) +Visit [here](http://doc.nexusphp.org/) diff --git a/include/functions.php b/include/functions.php index 4dc75011..8cae2981 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1432,7 +1432,7 @@ function sent_mail($to,$fromname,$fromemail,$subject,$body,$type = "confirmation $message = (new Swift_Message($subject)) ->setFrom($fromemail, $fromname) ->setTo([$to]) - ->setBody($body) + ->setBody($body, 'text/html') ; // Send the message @@ -2016,14 +2016,23 @@ function mkglobal($vars) { return 1; } -function tr($x,$y,$noesc=0,$relation='') { +function tr($x,$y,$noesc=0,$relation='', $return = false) { if ($noesc) $a = $y; else { $a = htmlspecialchars($y); $a = str_replace("\n", "
\n", $a); } - print("$x".$a."\n"); +// $result = ("$x".$a."\n"); + $result = sprintf( + '%s%s', + $relation ? sprintf(' relation="%s"', $relation) : '', + $x, $a + ); + if ($return) { + return $result; + } + print $result; } function tr_small($x,$y,$noesc=0,$relation='') { diff --git a/public/cheaterbox.php b/public/cheaterbox.php index 24d294ef..3824137a 100644 --- a/public/cheaterbox.php +++ b/public/cheaterbox.php @@ -10,15 +10,15 @@ if (get_user_class() < $staffmem_class) if (!empty($_POST['setdealt'])) { - $res = sql_query ("SELECT id FROM cheaters WHERE dealtwith=0 AND id IN (" . implode(", ", $_POST[delcheater]) . ")"); + $res = sql_query ("SELECT id FROM cheaters WHERE dealtwith=0 AND id IN (" . implode(", ", $_POST['delcheater']) . ")"); while ($arr = mysql_fetch_assoc($res)) - sql_query ("UPDATE cheaters SET dealtwith=1, dealtby = $CURUSER[id] WHERE id = $arr[id]") or sqlerr(); + sql_query ("UPDATE cheaters SET dealtwith=1, dealtby = {$CURUSER['id']} WHERE id = {$arr['id']}") or sqlerr(); $Cache->delete_value('staff_new_cheater_count'); } elseif (!empty($_POST['delete'])) { - $res = sql_query ("SELECT id FROM cheaters WHERE id IN (" . implode(", ", $_POST[delcheater]) . ")"); + $res = sql_query ("SELECT id FROM cheaters WHERE id IN (" . implode(", ", $_POST['delcheater']) . ")"); while ($arr = mysql_fetch_assoc($res)) - sql_query ("DELETE from cheaters WHERE id = $arr[id]") or sqlerr(); + sql_query ("DELETE from cheaters WHERE id = {$arr['id']}") or sqlerr(); $Cache->delete_value('staff_new_cheater_count'); } diff --git a/public/cheaters.php b/public/cheaters.php index 07a3c4f6..cc3d963f 100644 --- a/public/cheaters.php +++ b/public/cheaters.php @@ -24,7 +24,7 @@ if (!is_valid_user_class($class-2)) $class = ''; $ratio = @$_GET['r']; if (!is_valid_id($ratio) && $ratio>=1 && $ratio<=7) $ratio = ''; -echo '
'; +echo '
'; begin_table(); echo 'Important'; diff --git a/public/confirm_resend.php b/public/confirm_resend.php index 2f0a7155..b2fc94a5 100644 --- a/public/confirm_resend.php +++ b/public/confirm_resend.php @@ -82,7 +82,7 @@ http://$BASEURL/confirm_resend.php {$lang_confirm_resend['mail_five']} EOD; - sent_mail($email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"signup",false,false,'',get_email_encode(get_langfolder_cookie())); + sent_mail($email,$SITENAME,$SITEEMAIL,$title,$body,"signup",false,false,''); header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=signup&email=" . rawurlencode($email)); } else diff --git a/public/forummanage.php b/public/forummanage.php index 4b559437..98bedb0c 100644 --- a/public/forummanage.php +++ b/public/forummanage.php @@ -49,7 +49,7 @@ elseif (isset($_POST['action']) && $_POST['action'] == "editforum") { else{ sql_query("DELETE FROM forummods WHERE forumid=".sqlesc($id)) or sqlerr(__FILE__, __LINE__); } - sql_query("UPDATE forums SET sort = '" . $_POST['sort'] . "', name = " . sqlesc($_POST['name']). ", description = " . sqlesc($_POST['desc']). ", forid = ".sqlesc(($_POST['overforums'])).", minclassread = '" . $_POST['readclass'] . "', minclasswrite = '" . $_POST['writeclass'] . "', minclasscreate = '" . $_POST['createclass'] . "' where id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__); + sql_query("UPDATE forums SET sort = " . sqlesc($_POST['sort']) . ", name = " . sqlesc($_POST['name']). ", description = " . sqlesc($_POST['desc']). ", forid = ".sqlesc(($_POST['overforums'])).", minclassread = " . sqlesc($_POST['readclass']) . ", minclasswrite = " . sqlesc($_POST['writeclass']) . ", minclasscreate = " . sqlesc($_POST['createclass']) . " where id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__); $Cache->delete_value('forums_list'); $Cache->delete_value('forum_moderator_array'); header("Location: forummanage.php"); @@ -64,7 +64,7 @@ elseif (isset($_POST['action']) && $_POST['action'] == "addforum") { header("Location: " . get_protocol_prefix() . "$BASEURL/forummanage.php"); die(); } - sql_query("INSERT INTO forums (sort, name, description, minclassread, minclasswrite, minclasscreate, forid) VALUES(" . $_POST['sort'] . ", " . sqlesc($_POST['name']). ", " . sqlesc($_POST['desc']). ", " . $_POST['readclass'] . ", " . $_POST['writeclass'] . ", " . $_POST['createclass'] . ", ".sqlesc(($_POST['overforums'])).")") or sqlerr(__FILE__, __LINE__); + sql_query("INSERT INTO forums (sort, name, description, minclassread, minclasswrite, minclasscreate, forid) VALUES(" . sqlesc($_POST['sort']) . ", " . sqlesc($_POST['name']). ", " . sqlesc($_POST['desc']). ", " . sqlesc($_POST['readclass']) . ", " . sqlesc($_POST['writeclass']) . ", " . sqlesc($_POST['createclass']) . ", ".sqlesc(($_POST['overforums'])).")") or sqlerr(__FILE__, __LINE__); $Cache->delete_value('forums_list'); if ($_POST["moderator"]){ $id = mysql_insert_id(); diff --git a/public/ipsearch.php b/public/ipsearch.php index ba55cfa4..3b753c0d 100644 --- a/public/ipsearch.php +++ b/public/ipsearch.php @@ -54,7 +54,7 @@ else begin_main_frame(); print("

".$lang_ipsearch['text_search_ip_history']."

\n"); - print(""); + print(""); print("\n"); tr($lang_ipsearch['row_ip']."*", "", 1); tr("".$lang_ipsearch['row_subnet_mask']."", "", 1); @@ -85,7 +85,7 @@ GROUP BY u.id $page = intval($_GET["page"] ?? 0); $perpage = 20; - list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "$_SERVER[PHP_SELF]?ip=$ip&mask=$mask&order=$order&"); + list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "{$_SERVER['PHP_SELF']}?ip=$ip&mask=$mask&order=$order&"); if ($order == "added") $orderby = "added DESC"; diff --git a/public/linksmanage.php b/public/linksmanage.php index 91ccfa9a..9ad2dcfb 100644 --- a/public/linksmanage.php +++ b/public/linksmanage.php @@ -4,7 +4,7 @@ dbconn(); require_once(get_langfile_path()); loggedinorreturn(); //start apply for links -if ($_GET['action'] == "apply") +if (isset($_GET['action']) && $_GET['action'] == "apply") { if (get_user_class() >= $applylink_class){ stdhead($lang_linksmanage['head_apply_for_links']); @@ -38,7 +38,7 @@ begin_frame($lang_linksmanage['text_apply_for_links'], true,10,"100%","center"); } else permissiondenied(); } -elseif ($_POST['action'] == "newapply") +elseif (isset($_POST['action']) && $_POST['action'] == "newapply") { if (get_user_class() >= $applylink_class){ $sitename = unesc($_POST["linkname"]); @@ -80,7 +80,7 @@ else permissiondenied(); elseif (get_user_class() < $linkmanage_class) permissiondenied(); else{ -if ($_GET['action'] == "del") { +if (isset($_GET['action']) && $_GET['action'] == "del") { $id = intval($_GET['id'] ?? 0); if (!$id) { header("Location: linksmanage.php"); die();} $result = sql_query ("SELECT * FROM links where id = '".$id."'"); @@ -93,18 +93,18 @@ header("Location: linksmanage.php"); die(); } -if ($_POST['action'] == "editlink") { +if (isset($_POST['action']) && $_POST['action'] == "editlink") { $name = ($_POST['linkname']); $url = ($_POST['url']); $title = ($_POST['title']); if (!$name && !$url && !$title) { header("Location: linksmanage.php"); die();} - sql_query("UPDATE links SET name = ".sqlesc($_POST['linkname']).", url = ".sqlesc($_POST['url']).", title = ".sqlesc($_POST['title'])." WHERE id = '".$_POST['id']."'") or sqlerr(__FILE__, __LINE__); + sql_query("UPDATE links SET name = ".sqlesc($_POST['linkname']).", url = ".sqlesc($_POST['url']).", title = ".sqlesc($_POST['title'])." WHERE id = ".sqlesc($_POST['id'])) or sqlerr(__FILE__, __LINE__); $Cache->delete_value('links'); header("Location: linksmanage.php"); die(); } -if ($_POST['action'] == "add") +if (isset($_POST['action']) && $_POST['action'] == "add") { if ($_POST["linkname"] == "" || $_POST["url"] == "" || $_POST["title"] == "") stderr($lang_linksmanage['std_error'], $lang_linksmanage['std_missing_form_data']); @@ -142,12 +142,12 @@ echo ""; +echo ""; } while($row = mysql_fetch_array($result)); } else {print "";} echo "
".$lang_linksmanage['text_site_name']."".$row["name"]."".$row["url"]."".$row["title"]. "".$lang_linksmanage['text_edit']." | ".$lang_linksmanage['text_delete']."
".$row["name"]."".$row["url"]."".$row["title"]. "".$lang_linksmanage['text_edit']." | ".$lang_linksmanage['text_delete']."
".$lang_linksmanage['text_no_links_found']."
"; ?> -here to go back."); + echo("Location successfuly removed, click here to go back."); end_frame(); stdfoot(); die(); } $delid = intval($_GET['delid'] ?? 0); if($delid > 0) { - echo("Are you sure you would like to delete this Location?( Yes! / No )"); + echo("Are you sure you would like to delete this Location?( Yes! / No )"); end_frame(); stdfoot(); die(); @@ -52,7 +52,7 @@ if($edited == 1) { $sql = sql_query($query) or sqlerr(__FILE__, __LINE__); if($sql) { - stdmsg("Success!","Location has been edited, click here to go back"); + stdmsg("Success!","Location has been edited, click here to go back"); stdfoot(); die(); } @@ -83,7 +83,7 @@ if($editid > 0) { $theory_downspeed = $row['theory_downspeed']; $practical_downspeed = $row['practical_downspeed']; - echo(""); + echo(""); echo(""); echo(""); echo(""); @@ -137,7 +137,7 @@ if($add == 'true') { } -echo(""); +echo(""); echo("
Editing Locations
Name:
"); echo(""); echo(""); @@ -157,7 +157,7 @@ echo(""); $range_start_ip = $_GET['range_start_ip'] ?? ''; $range_end_ip = $_GET['range_end_ip'] ?? ''; -echo(""); +echo(""); echo("
Add New Locations
Name:
"); echo(""); echo(""); @@ -233,8 +233,8 @@ while ($row = mysql_fetch_array($sql)) { "" . "" . "" . - "". - "" . + "". + "" . ""); } print("
Check IP Range
Start IP:
$practical_upspeed$theory_downspeed$practical_downspeedEditRemoveEditRemove
"); diff --git a/public/log.php b/public/log.php index 646a415c..6a03aca7 100644 --- a/public/log.php +++ b/public/log.php @@ -32,7 +32,7 @@ function searchtable($title, $action, $opts = array()){ global $lang_log; print("\n"); print("\n"); - print("
".$title."
\n"); + print("
\n"); print("\n"); if ($opts) { print($lang_log['text_in']."\n"); print("\n"); - print("
".$title."
\n"); + print("
\n"); print("\n"); print(""); print(""); @@ -63,7 +63,7 @@ function edititem($title, $action, $id){ if ($row = mysql_fetch_array($result)) { print("\n"); print("\n"); - print("".(get_user_class() >= $chrmanage_class ? "" : "")."\n"); + print("".(get_user_class() >= $chrmanage_class ? "" : "")."\n"); } print("
".$title."
\n"); + print("
\n"); print("\n"); print(""); print(""); @@ -209,7 +209,7 @@ else { while ($arr = mysql_fetch_assoc($res)) { $date = gettime($arr['added'],true,false); - print("
$date".format_comment($arr["txt"],true,false,true)."".$lang_log['text_edit']." | ".$lang_log['text_delete']."
$date".format_comment($arr["txt"],true,false,true)."".$lang_log['text_edit']." | ".$lang_log['text_delete']."
"); echo $pagerbottom; diff --git a/public/massmail.php b/public/massmail.php index 5c3e8d65..f5d2437b 100644 --- a/public/massmail.php +++ b/public/massmail.php @@ -8,6 +8,9 @@ $class = intval($_POST["class"] ?? 0); if ($class) int_check($class,true); $or = $_POST["or"] ?? ''; +if (!in_array($or, ["<", ">", "=", "<=", ">="], true)) { + stderr("Error", "Invalid symbol!"); +} if ($_SERVER["REQUEST_METHOD"] == "POST") { diff --git a/public/messages.php b/public/messages.php index 3f622f84..93662bba 100644 --- a/public/messages.php +++ b/public/messages.php @@ -677,7 +677,7 @@ $res = sql_query('SELECT * FROM pmboxes WHERE userid=' . sqlesc($CURUSER['id']) $place = $_GET['place'] ?? ''; ?> -   +     ".$lang_settings['text_max_ips_note'], 1); tr($lang_settings['row_max_login_attemps']," ".$lang_settings['text_max_login_attemps_note'], 1); + $guestVisitRadios = [ + [ + 'label' => '正常', + 'value' => 'normal', + ], + [ + 'label' => '展示指定页面', + 'value' => 'static-page', + 'target' => [ + 'type' => 'select', + 'label' => '指定页面路径', + 'options' => glob(ROOT_PATH . 'resources/static-pages/*'), + ], + ], + [ + 'label' => '展示自定义内容', + 'value' => 'custom-content', + 'target' => [ + 'type' => 'textarea', + 'label' => '自定义内容', + ], + ], + [ + 'label' => '重定向到指定 URL', + 'value' => 'redirect', + 'target' => [ + 'type' => 'input', + 'label' => '指定 URL', + ], + ], + ]; + $guestVisitHtmlArr = []; + $guestVisitTargetHtmlArr = []; + foreach($guestVisitRadios as $value) { + $guestVisitHtmlArr[] = sprintf( + '', + $value['value'], $value['label'] + ); + if (!empty($value['target']['type'])) { + $targetType = $value['target']['type']; + if ($targetType == 'input') { + $input = sprintf('', $value['value']); + $guestVisitTargetHtmlArr[] = tr($value['target']['label'], $input, 1, '', true); + } elseif ($targetType == 'textarea') { + + } elseif ($targetType == 'select') { + $select = sprintf(''; + $guestVisitTargetHtmlArr[] = tr($value['target']['label'], $select, 1, '', true); + } + } + } + tr("游客访问", implode('
', $guestVisitHtmlArr), 1); + print implode('', $guestVisitTargetHtmlArr); + tr($lang_settings['row_save_settings'],"", 1); print (""); } diff --git a/public/shoutbox.php b/public/shoutbox.php index efebdbb7..cf0fed57 100644 --- a/public/shoutbox.php +++ b/public/shoutbox.php @@ -17,7 +17,7 @@ $refresh = ($CURUSER['sbrefresh'] ? $CURUSER['sbrefresh'] : 120) ?> - + " type="text/css"> diff --git a/public/staffbox.php b/public/staffbox.php index 99edda76..8e306710 100644 --- a/public/staffbox.php +++ b/public/staffbox.php @@ -130,13 +130,13 @@ if ($action == "answermessage") { int_check($receiver,true); - $res = sql_query("SELECT * FROM users WHERE id=$receiver") or die(mysql_error()); + $res = sql_query("SELECT * FROM users WHERE id=" . sqlesc($receiver)) or die(mysql_error()); $user = mysql_fetch_assoc($res); if (!$user) stderr($lang_staffbox['std_error'], $lang_staffbox['std_no_user_id']); - $res2 = sql_query("SELECT * FROM staffmessages WHERE id=$answeringto") or die(mysql_error()); + $res2 = sql_query("SELECT * FROM staffmessages WHERE id=" . sqlesc($answeringto)) or die(mysql_error()); $staffmsg = mysql_fetch_assoc($res2); stdhead($lang_staffbox['head_answer_to_staff_pm']); begin_main_frame(); diff --git a/public/takeconfirm.php b/public/takeconfirm.php index 3e0dd3b6..33081d99 100644 --- a/public/takeconfirm.php +++ b/public/takeconfirm.php @@ -5,11 +5,11 @@ require_once(get_langfile_path()); $id = isset($_POST['id']) ? intval($_POST['id']) : (isset($_GET['id']) ? intval($_GET['id']) : die()); int_check($id,true); $email = unesc(htmlspecialchars(trim($_POST["email"]))); -if(isset($_POST[conusr])) - sql_query("UPDATE users SET status = 'confirmed', editsecret = '' WHERE id IN (" . implode(", ", $_POST[conusr]) . ") AND status='pending'"); +if(isset($_POST['conusr'])) + sql_query("UPDATE users SET status = 'confirmed', editsecret = '' WHERE id IN (" . implode(", ", $_POST['conusr']) . ") AND status='pending'"); else stderr($lang_takeconfirm['std_sorry'],$lang_takeconfirm['std_no_buddy_to_confirm']. - "".$lang_takeconfirm['std_here_to_go_back'],false); + "".$lang_takeconfirm['std_here_to_go_back'],false); $title = $SITENAME.$lang_takeconfirm['mail_title']; $body = << diff --git a/public/takeinvite.php b/public/takeinvite.php index 6dcb8d71..cc80c51e 100644 --- a/public/takeinvite.php +++ b/public/takeinvite.php @@ -59,7 +59,7 @@ $body

{$lang_takeinvite['mail_six']} EOD; -sent_mail($email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$message),"invitesignup",false,false,'',get_email_encode(get_langfolder_cookie())); +sent_mail($email,$SITENAME,$SITEEMAIL,$title,$message,"invitesignup",false,false,''); //this email is sent only when someone give out an invitation header("Refresh: 0; url=invite.php?id=".htmlspecialchars($id)."&sent=1"); diff --git a/public/usersearch.php b/public/usersearch.php index d0792e04..50132353 100644 --- a/public/usersearch.php +++ b/public/usersearch.php @@ -37,20 +37,20 @@ if ($_GET['h']) } else { - echo "

(Instructions)"; - echo " - (Reset)

\n"; + echo "

(Instructions)"; + echo " - (Reset)

\n"; } $highlight = " bgcolor=#BBAF9B"; ?> -
> +> - > + > > - - + + > - > + > - > + > > - > + > - > + > > - + - + @@ -135,9 +135,9 @@ $highlight = " bgcolor=#BBAF9B"; ?> - + - + > - + - + > - + - + @@ -750,7 +750,7 @@ if (count($_GET) > 0 && !$_GET['h']) $perpage = 30; - list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"]."?".$q); + list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["REQUEST_URI"]."?".$q); $query .= $limit; diff --git a/resources/static-pages/beian-aliyun.html b/resources/static-pages/beian-aliyun.html new file mode 100644 index 00000000..a23ef687 --- /dev/null +++ b/resources/static-pages/beian-aliyun.html @@ -0,0 +1,94 @@ + + + + + + + + + 阿里云备案阻断页 + + + + + + + + + + + + + + + +
+ +
+ +
+
+
+
+ + +
+ + + + \ No newline at end of file
Name:Ratio: Member status:
Email:IP:Account status:
Comment:Mask:Class: Uploaded: Donor: Downloaded: Warned: