|
|
楼主 |
发表于 2007 年 4 月 4 日 10:30:09
|
显示全部楼层
// register_globals = Off
// --------------------------------------------------------------//
// magic_quotes_gpc = On
// --------------------------------------------------------------//
// safe_mode = On
// --------------------------------------------------------------//
// Windows server 2003 & Linux & FreeBSD
// --------------------------------------------------------------//
// Apache/1.3.33 & PHP/4.3.2 & MySQL/4.0.17
// --------------------------------------------------------------//
// Apache/1.3.34 & PHP/4.4.1 & MySQL/5.0.16
// --------------------------------------------------------------//
// Apache/2.0.55 & PHP/5.1.1 & MySQL/5.0.15
// --------------------------------------------------------------//
// Copyright (C) Security Angel Team All Rights Reserved.
// ==============================================================//
require_once('global.php');
$action = (!isset($_GET['action'])) ? $_POST['action'] : $_GET['action'];
if (!isset($action) || empty($action)) {
$action = 'index';
}
if ($action == 'index' || $action == 'finduser' || $action == 'search' || $action == 'tags') {
session_start();
// 检查浏览模式
$nolist = FALSE; //该变量是检查调用搜索结果还是搜索表单
if ($viewmode == 'normal') {
$pagefile = 'normal';
$pagenum = $options['normal_shownum'];
$timeformat = $options['normaltime'];
//显示标题旁边的头像
//$query_sql = "SELECT art.articleid,art.cid,art.cname,art.author,art.authorid,art.stick,art.dateline,art.title,art.description,art.content,art.keywords,art.views,art.comments,art.attachments,art.trackbacks,adm.face FROM ".$db_prefix."articles art LEFT JOIN ".$db_prefix."admin adm ON art.authorid=adm.adminid WHERE art.visible='1'";
$query_sql = "SELECT articleid,cid,cname,author,authorid,stick,dateline,title,description,content,keywords,views,comments,attachments,trackbacks,readpassword FROM ".$db_prefix."articles WHERE visible='1'";
} else {
$pagefile = 'list';
$pagenum = $options['list_shownum'];
$timeformat = $options['listtime'];
$query_sql = "SELECT articleid,stick,dateline,title,views FROM ".$db_prefix."articles WHERE visible='1'";
}
$page = intval($_GET['page']);
if(!empty($page)) {
$start_limit = ($page - 1) * $pagenum;
} else {
$start_limit = 0;
$page = 1;
}
// 查看用户发表的文章
if ($action == 'finduser') {
$userid = intval($_GET['userid']);
$name = htmlspecialchars($_GET['name']);
//*******************************//
$query = $DB->query("SELECT COUNT(*) FROM ".$db_prefix."articles WHERE visible='1' AND authorid='".$userid."'");
$tatol = $DB->result($query, 0);
//*******************************//
$query_sql .= " AND authorid='".$userid."' ORDER BY ".$article_order." DESC LIMIT ".$start_limit.", ".$pagenum;
$pageurl = './?action=finduser&userid='.$userid.'&user='.$user;
$navtext = '查看'.$name.'的文章';
// 查看tags的相关文章
} elseif ($action == 'tags') {
$item = $_GET['item'];
if (!empty($item)) {
$item = addslashes($item);
$tag = $DB->fetch_one_array("SELECT usenum,aids FROM ".$db_prefix."tags WHERE tag='".$item."'");
if (empty($tag)) {
message('记录不存在.', './');
}
$tatol = $tag['usenum'];
$query_sql .= " AND articleid IN (".$tag['aids'].") ORDER BY ".$article_order." DESC LIMIT ".$start_limit.", ".$pagenum;
$pageurl = './?action=tags&item='.urlencode($item);
$navtext = 'Tag:'.htmlspecialchars($item);
} else {
message('缺少参数.', './');
}
// 查看搜索结果的文章
} elseif ($action == 'search') {
$searchid = intval($_GET['searchid']);
if (!isset($searchid) || empty($searchid)){
$nolist = TRUE;
$query = $DB->query("SELECT COUNT(*) FROM ".$db_prefix."searchstats");
$keywordtatol = $DB->result($query, 0);
if ($keywordtatol > 0) {
$searchdb=array();
$query = $DB->query("SELECT * FROM ".$db_prefix."searchstats ORDER BY count DESC LIMIT 5");
while ($search = $DB->fetch_array($query)) {
$search['keyword'] = htmlspecialchars(stripslashes($search['keyword']));
$search['url'] = urlencode(htmlspecialchars($search['keyword']));
$searchdb[]=$search;
}
unset($search);
$DB->free_result($query);
}
} else {
$search = $DB->fetch_one_array("SELECT * FROM ".$db_prefix."searchindex WHERE searchid='".$searchid."'");
if (empty($search)) {
message('您指定的搜索不存在或已过期,请返回.', './');
} elseif ($search['searchfrom'] !== 'article') {
message('您指定的搜索不存在或已过期,请返回.', './');
}
$tatol = $search['tatols'];
$query_sql .= " AND articleid IN (".$search['ids'].") ORDER BY ".$search['sortby']." ".$search['orderby']." LIMIT ".$start_limit.", ".$pagenum;
$pageurl = './?action=search&searchid='.$searchid;
$navtext = '搜索:'.htmlspecialchars($search['keywords']);
}
// 查看首页文章
} else {
$navtext = '全部文章';
// 检查是否设置$cid参数
$cateadd = '';
if (!empty($_GET['cid'])) {
$cid = intval($_GET['cid']);
$name = $_GET['cname'];
$cateadd = " AND cid='".$cid."' ";
$query_sql .= " AND cid='".$cid."' ";
$navtext = '分类:'.htmlspecialchars($name);
}
// 检查是否设置$setdate参数
if ($setdate && strlen($setdate) == 6) {
$navtext = $setyear.'年'.$setmonth.'月的文章';
// 检查是否设置$setday参数
if (!empty($_GET['setday']) && strlen($_GET['setday']) < 3) {
$setday = intval($_GET['setday']);
if ($setday > 31 || $setday < 1) {
$setday = sadate('d');
}
$navtext = $setyear.'年'.$setmonth.'月'.$setday.'日的文章';
$start = strtotime($setyear.'-'.$setmonth.'-'.$setday);
$end = $start + 86400;
}
}
//*******************************//
$startadd = $start ? " AND dateline >= '".$start."' " : '';
$endadd = $end ? " AND dateline < '".$end."' " : '';
//*******************************//
if(empty($cid) && empty($setdate) && empty($setday)) {
$tatol = $stats['article_count'];
} else {
$query = $DB->query("SELECT COUNT(*) FROM ".$db_prefix."articles art WHERE art.visible='1' ".$cateadd.$startadd.$endadd);
$tatol = $DB->result($query, 0);
}
//*******************************//
$query_sql .= $startadd.$endadd." ORDER BY stick DESC, ".$article_order." DESC LIMIT ".$start_limit.", ".$pagenum;
$pageurl = './?cid='.$cid.'&cname='.urlencode($name).'&setdate='.$setdate.'&setday='.$setday;
}
// 执行查询
if ($tatol > 0) {
$query = $DB->query($query_sql);
$multipage = multi($tatol, $pagenum, $page, $pageurl);
$articledb=array();
while ($article = $DB->fetch_array($query)) {
$article['dateline'] = sadate($timeformat, $article['dateline']);
$article['title'] = trimmed_title(htmlspecialchars($article['title']), $options['title_limit']);
$article['author'] = htmlspecialchars($article['author']);
$article['cname'] = htmlspecialchars($article['cname']);
if ($viewmode == 'normal') {
if ($article['readpassword'] && ($_SESSION['readpassword_'.$article['articleid']] !== $article['readpassword'])) {
$article['allowread'] = false;
} else {
$article['allowread'] = true;
if (empty($article['description'])) {
//附件
if (!empty($article['attachments'])) {
require_once(SABLOG_ROOT.'./include/func_attachment.php');
$attachs= unserialize(stripslashes($article['attachments']));
if (is_array($attachs)) {
foreach ($attachs AS $attach) {
$a_path = "./".$options['attachments_dir']."/".$attach['filepath'];
if (file_exists($a_path)) {
$a_ext = strtolower(getextension($attach['filename']));
if ($a_ext == 'gif' || $a_ext == 'jpg' || $a_ext == 'jpeg' || $a_ext == 'png') {
$imagesize = @getimagesize($a_path);
$a_size = sizecount($attach['filesize']);
$a_thumb_path = "./".$options['attachments_dir'].$attach['thumb_filepath'];
if ($attach['thumb_filepath'] && $options['attachments_thumbs'] && file_exists($a_thumb_path)) {
$article['image'][$attach['attachmentid']]=array($attach['attachmentid'],$a_thumb_path,$a_size,$attach['thumb_width'],$attach['thumb_height'],$attach['downloads'],1);
} else {
// 如果缩略图不存在
$size = explode("x", strtolower($options['attachments_thumbs_size']));
$im = scale_image( array(
"max_width" => $size[0],
"max_height" => $size[1],
"cur_width" => $imagesize[0],
"cur_height" => $imagesize[1]
)); $article['image'][$attach['attachmentid']]=array($attach['attachmentid'],$a_path,$a_size,$im['img_width'],$im['img_height'],$attach['downloads'],0);
}
} else {
没有啊,连template都检查了
还说自己是高手,不知那儿中的马 |
|
IP卡
狗仔卡
发表于 2007 年 4 月 4 日 08:48:22
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
