lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 20:17:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix email encode and format

Browse Source
This commit is contained in:
xiaomlove
2021-02-02 20:27:37 +08:00
parent 487d1a7948
commit dfaf0a9015
22 changed files with 235 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/cheaterbox.php
+4 -4
View File
@@ -10,15 +10,15 @@ if (get_user_class() < $staffmem_class)
if (!empty($_POST['setdealt'])) {
$res = sql_query ("SELECT id FROM cheaters WHERE dealtwith=0 AND id IN (" . implode(", ", $_POST[delcheater]) . ")");
$res = sql_query ("SELECT id FROM cheaters WHERE dealtwith=0 AND id IN (" . implode(", ", $_POST['delcheater']) . ")");
while ($arr = mysql_fetch_assoc($res))
sql_query ("UPDATE cheaters SET dealtwith=1, dealtby = $CURUSER[id] WHERE id = $arr[id]") or sqlerr();
sql_query ("UPDATE cheaters SET dealtwith=1, dealtby = {$CURUSER['id']} WHERE id = {$arr['id']}") or sqlerr();
$Cache->delete_value('staff_new_cheater_count');
}
elseif (!empty($_POST['delete'])) {
$res = sql_query ("SELECT id FROM cheaters WHERE id IN (" . implode(", ", $_POST[delcheater]) . ")");
$res = sql_query ("SELECT id FROM cheaters WHERE id IN (" . implode(", ", $_POST['delcheater']) . ")");
while ($arr = mysql_fetch_assoc($res))
sql_query ("DELETE from cheaters WHERE id = $arr[id]") or sqlerr();
sql_query ("DELETE from cheaters WHERE id = {$arr['id']}") or sqlerr();
$Cache->delete_value('staff_new_cheater_count');
}
public/cheaters.php
+1 -1
View File
@@ -24,7 +24,7 @@ if (!is_valid_user_class($class-2)) $class = '';
$ratio = @$_GET['r'];
if (!is_valid_id($ratio) && $ratio>=1 && $ratio<=7) $ratio = '';
echo '<center><form method="get" action="'.$_SERVER["PHP_SELF"].'">';
echo '<center><form method="get" action="'.$_SERVER["REQUEST_URI"].'">';
begin_table();
echo '<tr><th colspan="4">Important</th></tr><tr><td colspan="4" class="left">';
public/confirm_resend.php
+1 -1
View File
@@ -82,7 +82,7 @@ http://$BASEURL/confirm_resend.php
{$lang_confirm_resend['mail_five']}
EOD;
sent_mail($email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"signup",false,false,'',get_email_encode(get_langfolder_cookie()));
sent_mail($email,$SITENAME,$SITEEMAIL,$title,$body,"signup",false,false,'');
header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=signup&email=" . rawurlencode($email));
}
else
public/forummanage.php
+2 -2
View File
@@ -49,7 +49,7 @@ elseif (isset($_POST['action']) && $_POST['action'] == "editforum") {
else{
sql_query("DELETE FROM forummods WHERE forumid=".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
}
sql_query("UPDATE forums SET sort = '" . $_POST['sort'] . "', name = " . sqlesc($_POST['name']). ", description = " . sqlesc($_POST['desc']). ", forid = ".sqlesc(($_POST['overforums'])).", minclassread = '" . $_POST['readclass'] . "', minclasswrite = '" . $_POST['writeclass'] . "', minclasscreate = '" . $_POST['createclass'] . "' where id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
sql_query("UPDATE forums SET sort = " . sqlesc($_POST['sort']) . ", name = " . sqlesc($_POST['name']). ", description = " . sqlesc($_POST['desc']). ", forid = ".sqlesc(($_POST['overforums'])).", minclassread = " . sqlesc($_POST['readclass']) . ", minclasswrite = " . sqlesc($_POST['writeclass']) . ", minclasscreate = " . sqlesc($_POST['createclass']) . " where id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$Cache->delete_value('forums_list');
$Cache->delete_value('forum_moderator_array');
header("Location: forummanage.php");
@@ -64,7 +64,7 @@ elseif (isset($_POST['action']) && $_POST['action'] == "addforum") {
header("Location: " . get_protocol_prefix() . "$BASEURL/forummanage.php");
die();
}
sql_query("INSERT INTO forums (sort, name, description, minclassread, minclasswrite, minclasscreate, forid) VALUES(" . $_POST['sort'] . ", " . sqlesc($_POST['name']). ", " . sqlesc($_POST['desc']). ", " . $_POST['readclass'] . ", " . $_POST['writeclass'] . ", " . $_POST['createclass'] . ", ".sqlesc(($_POST['overforums'])).")") or sqlerr(__FILE__, __LINE__);
sql_query("INSERT INTO forums (sort, name, description, minclassread, minclasswrite, minclasscreate, forid) VALUES(" . sqlesc($_POST['sort']) . ", " . sqlesc($_POST['name']). ", " . sqlesc($_POST['desc']). ", " . sqlesc($_POST['readclass']) . ", " . sqlesc($_POST['writeclass']) . ", " . sqlesc($_POST['createclass']) . ", ".sqlesc(($_POST['overforums'])).")") or sqlerr(__FILE__, __LINE__);
$Cache->delete_value('forums_list');
if ($_POST["moderator"]){
$id = mysql_insert_id();
public/ipsearch.php
+2 -2
View File
@@ -54,7 +54,7 @@ else
begin_main_frame();
print("<h1 align=\"center\">".$lang_ipsearch['text_search_ip_history']."</h1>\n");
print("<form method=\"get\" action=\"".$_SERVER['PHP_SELF']."\">");
print("<form method=\"get\" action=\"\">");
print("<table align=center border=1 cellspacing=0 width=115 cellpadding=5>\n");
tr($lang_ipsearch['row_ip']."<font color=red>*</font>", "<input type=\"text\" name=\"ip\" size=\"40\" value=\"".htmlspecialchars($ip)."\" />", 1);
tr("<nobr>".$lang_ipsearch['row_subnet_mask']."</nobr>", "<input type=\"text\" name=\"mask\" size=\"40\" value=\"" . htmlspecialchars($mask) . "\" />", 1);
@@ -85,7 +85,7 @@ GROUP BY u.id
$page = intval($_GET["page"] ?? 0);
$perpage = 20;
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "$_SERVER[PHP_SELF]?ip=$ip&mask=$mask&order=$order&");
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "{$_SERVER['PHP_SELF']}?ip=$ip&mask=$mask&order=$order&");
if ($order == "added")
$orderby = "added DESC";
public/linksmanage.php
+8 -8
View File
@@ -4,7 +4,7 @@ dbconn();
require_once(get_langfile_path());
loggedinorreturn();
//start apply for links
if ($_GET['action'] == "apply")
if (isset($_GET['action']) && $_GET['action'] == "apply")
{
if (get_user_class() >= $applylink_class){
stdhead($lang_linksmanage['head_apply_for_links']);
@@ -38,7 +38,7 @@ begin_frame($lang_linksmanage['text_apply_for_links'], true,10,"100%","center");
}
else permissiondenied();
}
elseif ($_POST['action'] == "newapply")
elseif (isset($_POST['action']) && $_POST['action'] == "newapply")
{
if (get_user_class() >= $applylink_class){
$sitename = unesc($_POST["linkname"]);
@@ -80,7 +80,7 @@ else permissiondenied();
elseif (get_user_class() < $linkmanage_class)
permissiondenied();
else{
if ($_GET['action'] == "del") {
if (isset($_GET['action']) && $_GET['action'] == "del") {
$id = intval($_GET['id'] ?? 0);
if (!$id) { header("Location: linksmanage.php"); die();}
$result = sql_query ("SELECT * FROM links where id = '".$id."'");
@@ -93,18 +93,18 @@ header("Location: linksmanage.php");
die();
}
if ($_POST['action'] == "editlink") {
if (isset($_POST['action']) && $_POST['action'] == "editlink") {
$name = ($_POST['linkname']);
$url = ($_POST['url']);
$title = ($_POST['title']);
if (!$name && !$url && !$title) { header("Location: linksmanage.php"); die();}
sql_query("UPDATE links SET name = ".sqlesc($_POST['linkname']).", url = ".sqlesc($_POST['url']).", title = ".sqlesc($_POST['title'])." WHERE id = '".$_POST['id']."'") or sqlerr(__FILE__, __LINE__);
sql_query("UPDATE links SET name = ".sqlesc($_POST['linkname']).", url = ".sqlesc($_POST['url']).", title = ".sqlesc($_POST['title'])." WHERE id = ".sqlesc($_POST['id'])) or sqlerr(__FILE__, __LINE__);
$Cache->delete_value('links');
header("Location: linksmanage.php");
die();
}
if ($_POST['action'] == "add")
if (isset($_POST['action']) && $_POST['action'] == "add")
{
if ($_POST["linkname"] == "" || $_POST["url"] == "" || $_POST["title"] == "")
stderr($lang_linksmanage['std_error'], $lang_linksmanage['std_missing_form_data']);
@@ -142,12 +142,12 @@ echo "<tr><td class=colhead align=left>".$lang_linksmanage['text_site_name']."</
$result = sql_query ("SELECT * FROM links ORDER BY id ASC");
if ($row = mysql_fetch_array($result)) {
do {
echo "<tr><td>".$row["name"]."</td><td>".$row["url"]."</td><td>".$row["title"]. "</td><td align=center nowrap><b><a href=\"".$PHP_SELF."?action=edit&id=".$row["id"]."\">".$lang_linksmanage['text_edit']."</a>&nbsp;|&nbsp;<a href=\"javascript:confirm_delete('".$row["id"]."', '".$lang_linksmanage['js_sure_to_delete_link']."', '');\"><font color=red>".$lang_linksmanage['text_delete']."</font></a></b></td></tr>";
echo "<tr><td>".$row["name"]."</td><td>".$row["url"]."</td><td>".$row["title"]. "</td><td align=center nowrap><b><a href=\"?action=edit&id=".$row["id"]."\">".$lang_linksmanage['text_edit']."</a>&nbsp;|&nbsp;<a href=\"javascript:confirm_delete('".$row["id"]."', '".$lang_linksmanage['js_sure_to_delete_link']."', '');\"><font color=red>".$lang_linksmanage['text_delete']."</font></a></b></td></tr>";
} while($row = mysql_fetch_array($result));
} else {print "<tr><td colspan=4>".$lang_linksmanage['text_no_links_found']."</td></tr>";}
echo "</table>";
?>
<?php if ($_GET['action'] == "edit") {
<?php if (isset($_GET['action']) && $_GET['action'] == "edit") {
$id = intval($_GET["id"] ?? 0);
$result = sql_query ("SELECT * FROM links where id = ".sqlesc($id));
if ($row = mysql_fetch_array($result)) {
public/location.php
+8 -8
View File
@@ -17,14 +17,14 @@ if($sure == "yes") {
$delid = $_GET['delid'];
$query = "DELETE FROM locations WHERE id=" .sqlesc($delid) . " LIMIT 1";
$sql = sql_query($query);
echo("Location successfuly removed, click <a class=altlink href=" . $_SERVER['PHP_SELF'] .">here</a> to go back.");
echo("Location successfuly removed, click <a class=altlink href=" . $_SERVER['REQUEST_URI'] .">here</a> to go back.");
end_frame();
stdfoot();
die();
}
$delid = intval($_GET['delid'] ?? 0);
if($delid > 0) {
echo("Are you sure you would like to delete this Location?( <strong><a href='". $_SERVER['PHP_SELF'] . "?delid=$delid&sure=yes'>Yes!</a></strong> / <strong><a href='". $_SERVER['PHP_SELF'] . "'>No</a></strong> )");
echo("Are you sure you would like to delete this Location?( <strong><a href='". $_SERVER['REQUEST_URI'] . "?delid=$delid&sure=yes'>Yes!</a></strong> / <strong><a href='". $_SERVER['REQUEST_URI'] . "'>No</a></strong> )");
end_frame();
stdfoot();
die();
@@ -52,7 +52,7 @@ if($edited == 1) {
$sql = sql_query($query) or sqlerr(__FILE__, __LINE__);
if($sql)
{
stdmsg("Success!","Location has been edited, click <a class=altlink href=" . $_SERVER['PHP_SELF'] .">here</a> to go back");
stdmsg("Success!","Location has been edited, click <a class=altlink href=" . $_SERVER['REQUEST_URI'] .">here</a> to go back");
stdfoot();
die();
}
@@ -83,7 +83,7 @@ if($editid > 0) {
$theory_downspeed = $row['theory_downspeed'];
$practical_downspeed = $row['practical_downspeed'];
echo("<form name='form1' method='get' action='" . $_SERVER['PHP_SELF'] . "'>");
echo("<form name='form1' method='get' action='" . $_SERVER['REQUEST_URI'] . "'>");
echo("<input type='hidden' name='id' value='$editid'><table class=main cellspacing=0 cellpadding=5 width=50%>");
echo("<tr><td class=colhead align=center colspan=2>Editing Locations</td><input type='hidden' name='edited' value='1'></tr>");
echo("<tr><td class=rowhead>Name:</td><td class=rowfollow align=left><input type='text' size=10 name='name' value='$name'></td></tr>");
@@ -137,7 +137,7 @@ if($add == 'true') {
}
echo("<form name='form1' method='get' action='" . $_SERVER['PHP_SELF'] . "'>");
echo("<form name='form1' method='get' action='" . $_SERVER['REQUEST_URI'] . "'>");
echo("<table class=main cellspacing=0 cellpadding=5 width=48% align= left>");
echo("<tr><td class=colhead align=center colspan=2>Add New Locations</td></tr>");
echo("<tr><td class=rowhead>Name:</td><td class=rowfollow align=left><input type='text' size=10 name='name'></td></tr>");
@@ -157,7 +157,7 @@ echo("</form>");
$range_start_ip = $_GET['range_start_ip'] ?? '';
$range_end_ip = $_GET['range_end_ip'] ?? '';
echo("<form name='form2' method='get' action='" . $_SERVER['PHP_SELF'] . "'>");
echo("<form name='form2' method='get' action='" . $_SERVER['REQUEST_URI'] . "'>");
echo("<table class=main cellspacing=0 cellpadding=5 width=48% align=right>");
echo("<tr><td class=colhead align=center colspan=2>Check IP Range</td></tr>");
echo("<tr><td class=rowhead><nobr>Start IP:</nobr></td><td class=rowfollow align=left><input type='text' size=30 name='range_start_ip' value='" . $range_start_ip . "'></td></tr>");
@@ -233,8 +233,8 @@ while ($row = mysql_fetch_array($sql)) {
"<td class=rowfollow align=left>$practical_upspeed</td>" .
"<td class=rowfollow align=left>$theory_downspeed</td>" .
"<td class=rowfollow align=left>$practical_downspeed</td>" .
"<td class=rowfollow align=center><a href='" . $_SERVER['PHP_SELF'] . "?editid=$id'>Edit</a></td>".
"<td class=rowfollow align=center><a href='" . $_SERVER['PHP_SELF'] . "?delid=$id'>Remove</a></td>" .
"<td class=rowfollow align=center><a href='" . $_SERVER['REQUEST_URI'] . "?editid=$id'>Edit</a></td>".
"<td class=rowfollow align=center><a href='" . $_SERVER['REQUEST_URI'] . "?delid=$id'>Remove</a></td>" .
"</tr>");
}
print("</table>");
public/log.php
+4 -4
View File
@@ -32,7 +32,7 @@ function searchtable($title, $action, $opts = array()){
global $lang_log;
print("<table border=1 cellspacing=0 width=940 cellpadding=5>\n");
print("<tr><td class=colhead align=left>".$title."</td></tr>\n");
print("<tr><td class=toolbox align=left><form method=\"get\" action='" . $_SERVER['PHP_SELF'] . "'>\n");
print("<tr><td class=toolbox align=left><form method=\"get\" action='" . $_SERVER['REQUEST_URI'] . "'>\n");
print("<input type=\"text\" name=\"query\" style=\"width:500px\" value=\"".($_GET['query'] ?? '')."\">\n");
if ($opts) {
print($lang_log['text_in']."<select name=search>");
@@ -49,7 +49,7 @@ function additem($title, $action){
global $lang_log;
print("<table border=1 cellspacing=0 width=940 cellpadding=5>\n");
print("<tr><td class=colhead align=left>".$title."</td></tr>\n");
print("<tr><td class=toolbox align=left><form method=\"post\" action='" . $_SERVER['PHP_SELF'] . "'>\n");
print("<tr><td class=toolbox align=left><form method=\"post\" action='" . $_SERVER['REQUEST_URI'] . "'>\n");
print("<textarea name=\"txt\" style=\"width:500px\" rows=\"3\" >".$title."</textarea>\n");
print("<input type=\"hidden\" name=\"action\" value=".$action.">");
print("<input type=\"hidden\" name=\"do\" value=\"add\">");
@@ -63,7 +63,7 @@ function edititem($title, $action, $id){
if ($row = mysql_fetch_array($result)) {
print("<table border=1 cellspacing=0 width=940 cellpadding=5>\n");
print("<tr><td class=colhead align=left>".$title."</td></tr>\n");
print("<tr><td class=toolbox align=left><form method=\"post\" action='" . $_SERVER['PHP_SELF'] . "'>\n");
print("<tr><td class=toolbox align=left><form method=\"post\" action='" . $_SERVER['REQUEST_URI'] . "'>\n");
print("<textarea name=\"txt\" style=\"width:500px\" rows=\"3\" >".$row["txt"]."</textarea>\n");
print("<input type=\"hidden\" name=\"action\" value=".$action.">");
print("<input type=\"hidden\" name=\"do\" value=\"update\">");
@@ -209,7 +209,7 @@ else {
while ($arr = mysql_fetch_assoc($res))
{
$date = gettime($arr['added'],true,false);
print("<tr><td class=rowfollow align=center><nobr>$date</nobr></td><td class=rowfollow align=left>".format_comment($arr["txt"],true,false,true)."</td>".(get_user_class() >= $chrmanage_class ? "<td align=center nowrap><b><a href=\"".$_SERVER['PHP_SELF']."?action=chronicle&do=edit&id=".$arr["id"]."\">".$lang_log['text_edit']."</a>&nbsp;|&nbsp;<a href=\"".$_SERVER['PHP_SELF']."?action=chronicle&do=del&id=".$arr["id"]."\"><font color=red>".$lang_log['text_delete']."</font></a></b></td>" : "")."</tr>\n");
print("<tr><td class=rowfollow align=center><nobr>$date</nobr></td><td class=rowfollow align=left>".format_comment($arr["txt"],true,false,true)."</td>".(get_user_class() >= $chrmanage_class ? "<td align=center nowrap><b><a href=\"".$_SERVER['REQUEST_URI']."?action=chronicle&do=edit&id=".$arr["id"]."\">".$lang_log['text_edit']."</a>&nbsp;|&nbsp;<a href=\"".$_SERVER['REQUEST_URI']."?action=chronicle&do=del&id=".$arr["id"]."\"><font color=red>".$lang_log['text_delete']."</font></a></b></td>" : "")."</tr>\n");
}
print("</table>");
echo $pagerbottom;
public/massmail.php
+3
View File
@@ -8,6 +8,9 @@ $class = intval($_POST["class"] ?? 0);
if ($class)
int_check($class,true);
$or = $_POST["or"] ?? '';
if (!in_array($or, ["<", ">", "=", "<=", ">="], true)) {
stderr("Error", "Invalid symbol!");
}
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
public/messages.php
+1 -1
View File
@@ -677,7 +677,7 @@ $res = sql_query('SELECT * FROM pmboxes WHERE userid=' . sqlesc($CURUSER['id'])
$place = $_GET['place'] ?? '';
?>
<form action="messages.php" method="get">
<input type="hidden" name="action" value="viewmailbox"><?php echo $lang_messages['text_search'] ?>&nbsp;&nbsp;<input id="searchinput" name="keyword" type="text" value="<?php echo $_GET['keyword'] ?? ''?>" style="width: 200px"/>
<input type="hidden" name="action" value="viewmailbox"><?php echo $lang_messages['text_search'] ?>&nbsp;&nbsp;<input id="searchinput" name="keyword" type="text" value="<?php echo htmlspecialchars($_GET['keyword'] ?? '')?>" style="width: 200px"/>
<?php echo $lang_messages['text_in'] ?>&nbsp;<select name="place">
<option value="both" <?php echo ($place == 'both' ? " selected" : "")?>><?php echo $lang_messages['select_both'] ?></option>
<option value="title" <?php echo ($place == 'title' ? " selected" : "")?>><?php echo $lang_messages['select_title'] ?></option>
public/nowarn.php
+4 -4
View File
@@ -21,16 +21,16 @@ if (!empty($_POST["usernw"]))
{
$msg = sqlesc("Your Warning Has Been Removed By: " . $CURUSER['username'] . ".");
$added = sqlesc(date("Y-m-d H:i:s"));
$userid = implode(", ", $_POST[usernw]);
$userid = implode(", ", $_POST['usernw']);
//sql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
$r = sql_query("SELECT modcomment FROM users WHERE id IN (" . implode(", ", $_POST[usernw]) . ")")or sqlerr(__FILE__, __LINE__);
$r = sql_query("SELECT modcomment FROM users WHERE id IN (" . implode(", ", $_POST['usernw']) . ")")or sqlerr(__FILE__, __LINE__);
$user = mysql_fetch_array($r);
$exmodcomment = $user["modcomment"];
$modcomment = date("Y-m-d") . " - Warning Removed By " . $CURUSER['username'] . ".\n". $modcomment . $exmodcomment;
sql_query("UPDATE users SET modcomment=" . sqlesc($modcomment) . " WHERE id IN (" . implode(", ", $_POST[usernw]) . ")") or sqlerr(__FILE__, __LINE__);
sql_query("UPDATE users SET modcomment=" . sqlesc($modcomment) . " WHERE id IN (" . implode(", ", $_POST['usernw']) . ")") or sqlerr(__FILE__, __LINE__);
$do="UPDATE users SET warned='no', warneduntil=null WHERE id IN (" . implode(", ", $_POST[usernw]) . ")";
$do="UPDATE users SET warned='no', warneduntil=null WHERE id IN (" . implode(", ", $_POST['usernw']) . ")";
$res=sql_query($do);}
if (!empty($_POST["desact"])){
public/recover.php
+3 -3
View File
@@ -54,7 +54,8 @@ http://$BASEURL/recover.php?id={$arr["id"]}&secret=$hash
{$lang_recover['mail_four']}
EOD;
sent_mail($arr["email"],$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"confirmation",true,false,'',get_email_encode(get_langfolder_cookie()));
// sent_mail($arr["email"],$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"confirmation",true,false,'',get_email_encode(get_langfolder_cookie()));
sent_mail($arr["email"],$SITENAME,$SITEEMAIL,$title,$body,"confirmation",true,false,'');
}
elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]) && isset($_GET["secret"]))
@@ -97,12 +98,11 @@ elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]
<b><a href="javascript:void(null)" onclick="window.open('http://$BASEURL/login.php')">{$lang_recover['mail_here']}</a></b>
{$lang_recover['mail_three_1']}
<b><a href="http://www.google.com/support/bin/answer.py?answer=23852" target='_blank'>{$lang_confirm_resend['mail_google_answer']}</a></b>
{$lang_recover['mail_three_2']}
{$lang_recover['mail_two_four']}
EOD;
sent_mail($email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"details",true,false,'',get_email_encode(get_langfolder_cookie()));
sent_mail($email,$SITENAME,$SITEEMAIL,$title,$body,"details",true,false,'');
}
else
public/searchsuggest.php
+1 -1
View File
@@ -6,7 +6,7 @@ if (isset($_GET['q']) && $_GET['q'] != '')
$searchstr = trim($_GET['q']);
$suggest_query = sql_query("SELECT keywords AS suggest, COUNT(*) AS count FROM suggest WHERE keywords LIKE " . sqlesc($searchstr . "%")." GROUP BY keywords ORDER BY count DESC, keywords DESC LIMIT 10");
$result = array($searchstr, array(), array());
$result = array(htmlspecialchars($searchstr), array(), array());
while($suggest = mysql_fetch_array($suggest_query)){
if (strlen($suggest['suggest']) > 25) continue;
$result[1][] = $suggest['suggest'];
public/settings.php
+58
View File
@@ -294,6 +294,64 @@ elseif ($action == 'securitysettings') //security settings
tr($lang_settings['row_max_ips'],"<input type='text' style=\"width: 300px\" name=maxip value='" . ($SECURITY["maxip"] ? $SECURITY["maxip"] : "1")."'> ".$lang_settings['text_max_ips_note'], 1);
tr($lang_settings['row_max_login_attemps'],"<input type='text' style=\"width: 300px\" name=maxloginattempts value='" . ($SECURITY["maxloginattempts"] ? $SECURITY["maxloginattempts"] : "7")."'> ".$lang_settings['text_max_login_attemps_note'], 1);
$guestVisitRadios = [
[
'label' => '正常',
'value' => 'normal',
],
[
'label' => '展示指定页面',
'value' => 'static-page',
'target' => [
'type' => 'select',
'label' => '指定页面路径',
'options' => glob(ROOT_PATH . 'resources/static-pages/*'),
],
],
[
'label' => '展示自定义内容',
'value' => 'custom-content',
'target' => [
'type' => 'textarea',
'label' => '自定义内容',
],
],
[
'label' => '重定向到指定 URL',
'value' => 'redirect',
'target' => [
'type' => 'input',
'label' => '指定 URL',
],
],
];
$guestVisitHtmlArr = [];
$guestVisitTargetHtmlArr = [];
foreach($guestVisitRadios as $value) {
$guestVisitHtmlArr[] = sprintf(
'<label><input type="radio" name="guest_visit_type" value="%s" onclick="">%s</label>',
$value['value'], $value['label']
);
if (!empty($value['target']['type'])) {
$targetType = $value['target']['type'];
if ($targetType == 'input') {
$input = sprintf('<input type="text" name="guest_visit_value_%s" value="" style="width: 300px" />', $value['value']);
$guestVisitTargetHtmlArr[] = tr($value['target']['label'], $input, 1, '', true);
} elseif ($targetType == 'textarea') {
} elseif ($targetType == 'select') {
$select = sprintf('<select name="guest_visit_value_%s">', $value['value']);
foreach ($value['target']['options'] as $option) {
$select .= sprintf('<option value="%s">%s</option>', basename($option), basename($option));
}
$select .= '</select>';
$guestVisitTargetHtmlArr[] = tr($value['target']['label'], $select, 1, '', true);
}
}
}
tr("游客访问", implode('<br/>', $guestVisitHtmlArr), 1);
print implode('', $guestVisitTargetHtmlArr);
tr($lang_settings['row_save_settings'],"<input type='submit' name='save' value='".$lang_settings['submit_save_settings']."'>", 1);
print ("</form>");
}
public/shoutbox.php
+1 -1
View File
@@ -17,7 +17,7 @@ $refresh = ($CURUSER['sbrefresh'] ? $CURUSER['sbrefresh'] : 120)
?>
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="Refresh" content="<?php echo $refresh?>; url=<?php echo get_protocol_prefix() . $BASEURL?>/shoutbox.php?type=<?php echo $where?>">
<meta http-equiv="Refresh" content="<?php echo $refresh?>; url=<?php echo get_protocol_prefix() . $BASEURL?>/shoutbox.php?type=<?php echo htmlspecialchars($where)?>">
<link rel="stylesheet" href="<?php echo get_font_css_uri()?>" type="text/css">
<link rel="stylesheet" href="<?php echo get_css_uri()."theme.css"?>" type="text/css">
<link rel="stylesheet" href="styles/curtain_imageresizer.css" type="text/css">
public/staffbox.php
+2 -2
View File
@@ -130,13 +130,13 @@ if ($action == "answermessage") {
int_check($receiver,true);
$res = sql_query("SELECT * FROM users WHERE id=$receiver") or die(mysql_error());
$res = sql_query("SELECT * FROM users WHERE id=" . sqlesc($receiver)) or die(mysql_error());
$user = mysql_fetch_assoc($res);
if (!$user)
stderr($lang_staffbox['std_error'], $lang_staffbox['std_no_user_id']);
$res2 = sql_query("SELECT * FROM staffmessages WHERE id=$answeringto") or die(mysql_error());
$res2 = sql_query("SELECT * FROM staffmessages WHERE id=" . sqlesc($answeringto)) or die(mysql_error());
$staffmsg = mysql_fetch_assoc($res2);
stdhead($lang_staffbox['head_answer_to_staff_pm']);
begin_main_frame();
public/takeconfirm.php
+5 -5
View File
@@ -5,11 +5,11 @@ require_once(get_langfile_path());
$id = isset($_POST['id']) ? intval($_POST['id']) : (isset($_GET['id']) ? intval($_GET['id']) : die());
int_check($id,true);
$email = unesc(htmlspecialchars(trim($_POST["email"])));
if(isset($_POST[conusr]))
sql_query("UPDATE users SET status = 'confirmed', editsecret = '' WHERE id IN (" . implode(", ", $_POST[conusr]) . ") AND status='pending'");
if(isset($_POST['conusr']))
sql_query("UPDATE users SET status = 'confirmed', editsecret = '' WHERE id IN (" . implode(", ", $_POST['conusr']) . ") AND status='pending'");
else
stderr($lang_takeconfirm['std_sorry'],$lang_takeconfirm['std_no_buddy_to_confirm'].
"<a class=altlink href=invite.php?id=$CURUSER[id]>".$lang_takeconfirm['std_here_to_go_back'],false);
"<a class=altlink href=invite.php?id={$CURUSER['id']}>".$lang_takeconfirm['std_here_to_go_back'],false);
$title = $SITENAME.$lang_takeconfirm['mail_title'];
$body = <<<EOD
@@ -20,7 +20,7 @@ http://$BASEURL/login.php
EOD;
//this mail is sent when the site is using admin(open/closed)/inviter(closed) confirmation and the admin/inviter confirmed the pending user
sent_mail($email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"invite confirm",false,false,'',get_email_encode(get_langfolder_cookie()));
sent_mail($email,$SITENAME,$SITEEMAIL,$title,$body,"invite confirm",false,false,'');
header("Refresh: 0; url=invite.php?id=".htmlspecialchars($CURUSER[id]));
header("Refresh: 0; url=invite.php?id=".htmlspecialchars($CURUSER['id']));
?>
public/takeinvite.php
+1 -1
View File
@@ -59,7 +59,7 @@ $body
<br /><br />{$lang_takeinvite['mail_six']}
EOD;
sent_mail($email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$message),"invitesignup",false,false,'',get_email_encode(get_langfolder_cookie()));
sent_mail($email,$SITENAME,$SITEEMAIL,$title,$message,"invitesignup",false,false,'');
//this email is sent only when someone give out an invitation
header("Refresh: 0; url=invite.php?id=".htmlspecialchars($id)."&sent=1");
public/usersearch.php
+19 -19
View File
@@ -37,20 +37,20 @@ if ($_GET['h'])
}
else
{
echo "<p align=center>(<a href='".$_SERVER["PHP_SELF"]."?h=1'>Instructions</a>)";
echo "&nbsp;-&nbsp;(<a href='".$_SERVER["PHP_SELF"]."'>Reset</a>)</p>\n";
echo "<p align=center>(<a href='".$_SERVER["REQUEST_URI"]."?h=1'>Instructions</a>)";
echo "&nbsp;-&nbsp;(<a href='".$_SERVER["REQUEST_URI"]."'>Reset</a>)</p>\n";
}
$highlight = " bgcolor=#BBAF9B";
?>
<form method=get action=<?php echo $_SERVER["PHP_SELF"]?>>
<form method=get action=<?php echo $_SERVER["REQUEST_URI"]?>>
<table border="1" cellspacing="0" cellpadding="5">
<tr>
<td valign="middle" class=rowhead>Name:</td>
<td<?php echo $_GET['n']?$highlight:""?>><input name="n" type="text" value="<?php echo $_GET['n']?>" size=35></td>
<td<?php echo $_GET['n']?$highlight:""?>><input name="n" type="text" value="<?php echo htmlspecialchars($_GET['n'])?>" size=35></td>
<td valign="middle" class=rowhead>Ratio:</td>
<td<?php echo $_GET['r']?$highlight:""?>><select name="rt">
@@ -61,8 +61,8 @@ $highlight = " bgcolor=#BBAF9B";
}
?>
</select>
<input name="r" type="text" value="<?php echo $_GET['r']?>" size="5" maxlength="4">
<input name="r2" type="text" value="<?php echo $_GET['r2']?>" size="5" maxlength="4"></td>
<input name="r" type="text" value="<?php echo htmlspecialchars($_GET['r'])?>" size="5" maxlength="4">
<input name="r2" type="text" value="<?php echo htmlspecialchars($_GET['r2'])?>" size="5" maxlength="4"></td>
<td valign="middle" class=rowhead>Member status:</td>
<td<?php echo $_GET['st']?$highlight:""?>><select name="st">
@@ -74,9 +74,9 @@ $highlight = " bgcolor=#BBAF9B";
?>
</select></td></tr>
<tr><td valign="middle" class=rowhead>Email:</td>
<td<?php echo $_GET['em']?$highlight:""?>><input name="em" type="text" value="<?php echo $_GET['em']?>" size="35"></td>
<td<?php echo $_GET['em']?$highlight:""?>><input name="em" type="text" value="<?php echo htmlspecialchars($_GET['em'])?>" size="35"></td>
<td valign="middle" class=rowhead>IP:</td>
<td<?php echo $_GET['ip']?$highlight:""?>><input name="ip" type="text" value="<?php echo $_GET['ip']?>" maxlength="17"></td>
<td<?php echo $_GET['ip']?$highlight:""?>><input name="ip" type="text" value="<?php echo htmlspecialchars($_GET['ip'])?>" maxlength="17"></td>
<td valign="middle" class=rowhead>Account status:</td>
<td<?php echo $_GET['as']?$highlight:""?>><select name="as">
@@ -89,9 +89,9 @@ $highlight = " bgcolor=#BBAF9B";
</select></td></tr>
<tr>
<td valign="middle" class=rowhead>Comment:</td>
<td<?php echo $_GET['co']?$highlight:""?>><input name="co" type="text" value="<?php echo $_GET['co']?>" size="35"></td>
<td<?php echo $_GET['co']?$highlight:""?>><input name="co" type="text" value="<?php echo htmlspecialchars($_GET['co'])?>" size="35"></td>
<td valign="middle" class=rowhead>Mask:</td>
<td<?php echo $_GET['ma']?$highlight:""?>><input name="ma" type="text" value="<?php echo $_GET['ma']?>" maxlength="17"></td>
<td<?php echo $_GET['ma']?$highlight:""?>><input name="ma" type="text" value="<?php echo htmlspecialchars($_GET['ma'])?>" maxlength="17"></td>
<td valign="middle" class=rowhead>Class:</td>
<td<?php echo ($_GET['c'] && $_GET['c'] != 1)?$highlight:""?>><select name="c"><option value='1'>(any)</option>
<?php
@@ -119,9 +119,9 @@ $highlight = " bgcolor=#BBAF9B";
?>
</select>
<input name="d" type="text" value="<?php echo $_GET['d']?>" size="12" maxlength="10">
<input name="d" type="text" value="<?php echo htmlspecialchars($_GET['d'])?>" size="12" maxlength="10">
<input name="d2" type="text" value="<?php echo $_GET['d2']?>" size="12" maxlength="10"></td>
<input name="d2" type="text" value="<?php echo htmlspecialchars($_GET['d2'])?>" size="12" maxlength="10"></td>
<td valign="middle" class=rowhead>Uploaded:</td>
@@ -135,9 +135,9 @@ $highlight = " bgcolor=#BBAF9B";
?>
</select>
<input name="ul" type="text" id="ul" size="8" maxlength="7" value="<?php echo $_GET['ul']?>">
<input name="ul" type="text" id="ul" size="8" maxlength="7" value="<?php echo htmlspecialchars($_GET['ul'])?>">
<input name="ul2" type="text" id="ul2" size="8" maxlength="7" value="<?php echo $_GET['ul2']?>"></td>
<input name="ul2" type="text" id="ul2" size="8" maxlength="7" value="<?php echo htmlspecialchars($_GET['ul2'])?>"></td>
<td valign="middle" class="rowhead">Donor:</td>
<td<?php echo $_GET['do']?$highlight:""?>><select name="do">
@@ -161,9 +161,9 @@ $highlight = " bgcolor=#BBAF9B";
?>
</select>
<input name="ls" type="text" value="<?php echo $_GET['ls']?>" size="12" maxlength="10">
<input name="ls" type="text" value="<?php echo htmlspecialchars($_GET['ls'])?>" size="12" maxlength="10">
<input name="ls2" type="text" value="<?php echo $_GET['ls2']?>" size="12" maxlength="10"></td>
<input name="ls2" type="text" value="<?php echo htmlspecialchars($_GET['ls2'])?>" size="12" maxlength="10"></td>
<td valign="middle" class=rowhead>Downloaded:</td>
<td<?php echo $_GET['dl']?$highlight:""?>><select name="dlt" id="dlt">
@@ -175,9 +175,9 @@ $highlight = " bgcolor=#BBAF9B";
?>
</select>
<input name="dl" type="text" id="dl" size="8" maxlength="7" value="<?php echo $_GET['dl']?>">
<input name="dl" type="text" id="dl" size="8" maxlength="7" value="<?php echo htmlspecialchars($_GET['dl'])?>">
<input name="dl2" type="text" id="dl2" size="8" maxlength="7" value="<?php echo $_GET['dl2']?>"></td>
<input name="dl2" type="text" id="dl2" size="8" maxlength="7" value="<?php echo htmlspecialchars($_GET['dl2'])?>"></td>
<td valign="middle" class=rowhead>Warned:</td>
@@ -750,7 +750,7 @@ if (count($_GET) > 0 && !$_GET['h'])
$perpage = 30;
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"]."?".$q);
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["REQUEST_URI"]."?".$q);
$query .= $limit;