www.gusucode.com > ShopEx481 & PHPWind 整合版码程序 > bbs/hack/medal/index.php
<?php !function_exists('readover') && exit('Forbidden'); $wind_in='medal'; include_once(D_P.'data/bbscache/md_config.php'); include_once(D_P.'data/bbscache/medaldb.php'); include_once(R_P.'require/showimg.php'); !$md_ifopen && Showmsg('medal_close'); $userdb = $db->get_one("SELECT medals,icon FROM pw_members WHERE uid='$winduid'"); if($userdb['medals']){ $userdb['medals'] = explode(',',$userdb['medals']); } else{ $userdb['medals'] = ''; } $userface = showfacedesign($userdb['icon']); InitGP(array('action')); if(!$action){ if($userdb['medals']){ $ifunset = 0; foreach($userdb['medals'] as $key=>$val){ if(!array_key_exists($val,$_MEDALDB)){ unset($userdb['medals'][$key]); $ifunset = 1; } } if($ifunset){ $newmedals = implode(',',$userdb['medals']); $db->update("UPDATE pw_members SET medals='$newmedals' WHERE uid='$winduid'"); !$newmedals && updatemedal_list(); } } require_once PrintHack('index');footer(); } elseif($action=='list'){ $groupid == 'guest' && Showmsg('not_login'); if(!file_exists(D_P.'data/bbscache/medals_list.php')){ updatemedal_list(); } $uids = substr(readover(D_P.'data/bbscache/medals_list.php'),12); if($uids){ InitGP(array('page')); require_once(R_P.'require/forum.php'); (!is_numeric($page) || $page < 1) && $page = 1; $limit = "LIMIT ".($page-1)*$db_perpage.",$db_perpage"; $rt = $db->get_one("SELECT COUNT(*) AS sum FROM pw_members WHERE uid IN($uids)"); $pages = numofpage($rt['sum'],$page,ceil($rt['sum']/$db_perpage),"$basename&action=list&"); $listdb=array(); $query = $db->query("SELECT uid,username,medals FROM pw_members WHERE uid IN($uids) ORDER BY uid $limit"); while($rt = $db->fetch_array($query)){ $medals=''; $md_a = explode(',',$rt['medals']); foreach($md_a as $key=>$value){ if($value){ if(strpos($md_groups,",$groupid,")!==false){ $medals.="<a href=\"$basename&action=award&type=2&pwuser=$rt[username]&medal=$value\" target=\"_blank\"><img src=\"$hkimg/{$_MEDALDB[$value][picurl]}\" title=\"{$_MEDALDB[$value][name]}\"></a> "; }else{ $medals.="<img src=\"$hkimg/{$_MEDALDB[$value][picurl]}\" title=\"{$_MEDALDB[$value][name]}\"> "; } } } $rt['medals'] = $medals; $listdb[] = $rt; } } require_once PrintHack('index');footer(); } elseif($action=='award'){ if(strpos($md_groups,",$groupid,")===false){ Showmsg('medal_groupright'); } if(!$_POST['step']){ InitGP(array('type','pwuser','medal')); if($type==2){ $type_2="checked"; $type_1=""; }else{ $type_1="checked"; $type_2=""; } require_once PrintHack('index');footer(); } elseif($_POST['step']=="2"){ InitGP(array('pwuser','reason','medal','type','timelimit'),null,'1'); strpos($pwuser,',') && $pwuser = explode(',',$pwuser); $medal = (int)$medal; !$medal && Showmsg('medal_nomedal'); $reason = Char_cv($reason); !$reason && Showmsg('medal_noreason'); $timelimit = (int)$timelimit; require_once(R_P.'require/msg.php'); if(is_array($pwuser)){ foreach($pwuser as $key=>$val){ if(!$val){ unset($pwuser[$key]); }else{ $pwuser[$key] = "'".$val."'"; } } $pwuser = implode(',',$pwuser); }else{ $pwuser = "'".$pwuser."'"; } !$pwuser && Showmsg('username_empty'); $rs = $db->query("SELECT uid,username,medals FROM pw_members WHERE username IN($pwuser)"); $awardusers = array(); while ($rt = $db->fetch_array($rs)){ Add_S($rt); if($type==1){ if($rt['medals'] && strpos(",$rt[medals],",",$medal,")!==false){ $erroruser = $rt['username']; Showmsg('medal_alreadyhave'); } elseif($rt['medals']){ $rt['medals']="$rt[medals],$medal"; } else{ $rt['medals']=$medal; } }elseif($type==2){ if(!$rt['medals'] || strpos(",$rt[medals],",",$medal,")===false){ $erroruser = $rt['username']; Showmsg('medal_none'); } else{ $rt['medals']=substr(str_replace(",$medal,",',',",$rt[medals],"),1,-1); } }else{ Showmsg('illegal_request'); } $awardusers[] = $rt; } !count($awardusers) && Showmsg('medal_nouser'); $insertlogs = array(); foreach($awardusers as $rt){ if($type==1){ if($md_ifmsg){ $message=array( $rt['username'], $winduid, 'metal_add', $timestamp, "metal_add_content", '', $windid ); writenewmsg($message,1); } }elseif($type==2){ if($md_ifmsg){ $message=array( $rt['username'], $winduid, 'metal_cancel', $timestamp, "metal_cancel_content", '', $windid ); writenewmsg($message,1); } $timelimit=0; $db->update("UPDATE pw_medalslogs SET state='1' WHERE awardee='$rt[username]' AND level='$medal'"); }else{ Showmsg('illegal_request'); } $rt['medals']==',' && $rt['medals']=''; $db->update("UPDATE pw_members SET medals='$rt[medals]' WHERE uid='$rt[uid]'"); $insertlogs[] = "('$rt[username]','$windid','$timestamp','$timelimit','$medal','$type','$reason')"; } if(count($insertlogs)){ $sql = "INSERT INTO pw_medalslogs(awardee,awarder,awardtime,timelimit,level,action,why) VALUES".implode(',',$insertlogs); $db->update($sql); } updatemedal_list(); refreshto("$basename&action=list",'operate_success'); } } elseif($action=='log'){ $groupid == 'guest' && Showmsg('not_login'); if(!$_GET['job']){ InitGP(array('page')); require_once(R_P.'require/forum.php'); (!is_numeric($page) || $page < 1) && $page = 1; $limit = "LIMIT ".($page-1)*$db_perpage.",$db_perpage"; $rt = $db->get_one("SELECT COUNT(*) AS sum FROM pw_medalslogs WHERE action<>3"); $pages = numofpage($rt['sum'],$page,ceil($rt['sum']/$db_perpage),"$basename&action=log&"); $logdb = array(); $query = $db->query("SELECT * FROM pw_medalslogs WHERE action<>3 ORDER BY id DESC $limit"); while($rt = $db->fetch_array($query)){ $rt['awardtime'] = get_date($rt['awardtime'],'y-m-d h:i'); $logdb[] = $rt; } require_once PrintHack('index');footer(); } elseif($_GET['job']=='del'){ $groupid != '3' && Showmsg('medal_dellog'); $id = (int)GetGP('id'); $rt = $db->get_one("SELECT id,state,action,timelimit FROM pw_medalslogs WHERE id='$id'"); if($rt['action']==1 && $rt['state']==0 && $rt['timelimit']>0){ Showmsg('medallog_del_error'); } $db->update("DELETE FROM pw_medalslogs WHERE id='$id'"); refreshto("$basename&action=log",'operate_success'); }else{ Showmsg('illegal_request'); } } elseif($action=='apply'){ !$md_ifapply && Showmsg('medal_appclose'); if(strpos($md_appgroups,",$groupid,")===false){ Showmsg('medal_appgroupright'); } $appcheck = $db->get_one("SELECT id FROM pw_medalslogs WHERE awardee='$windid' AND action=3"); $appcheck && Showmsg('medal_haveapp'); if(!$_POST['step']){ $id = (int)GetGP('id'); require_once PrintHack('index');footer(); } elseif($_POST['step']==2){ InitGP(array('reason','medal','timelimit')); !$reason && Showmsg('medal_noreason'); $medal = (int)$medal; !$medal && Showmsg('medal_nomedal'); $reason = Char_cv($reason); $timelimit = (int)$timelimit; $userdb['medals'] && in_array($medal,$userdb['medals']) && Showmsg('medal_alreadyhaveself'); $db->update("INSERT INTO pw_medalslogs(awardee,awardtime,timelimit,level,action,why) VALUES('$windid','$timestamp','$timelimit','$medal','3','$reason')"); refreshto($basename,'operate_success'); }else{ Showmsg('illegal_request'); } } elseif($action=='approve'){ !$md_ifapply && Showmsg('medal_appclose'); if(strpos($md_groups,",$groupid,")===false){ Showmsg('medal_groupright'); } $job = Char_cv(GetGP('job')); if(!$job){ InitGP(array('page')); require_once(R_P.'require/forum.php'); (!is_numeric($page) || $page < 1) && $page = 1; $limit = "LIMIT ".($page-1)*$db_perpage.",$db_perpage"; $rt = $db->get_one("SELECT COUNT(*) AS sum FROM pw_medalslogs WHERE action=3"); $pages = numofpage($rt['sum'],$page,ceil($rt['sum']/$db_perpage),"$basename&action=approve&"); $appdb = array(); $query = $db->query("SELECT * FROM pw_medalslogs WHERE action=3 ORDER BY id ASC $limit"); while($rt = $db->fetch_array($query)){ $rt['awardtime'] = get_date($rt['awardtime'],'y-m-d h:i'); $appdb[] = $rt; } require_once PrintHack('index');footer(); } elseif($job=='pass'){ $id = GetGP('id'); if(is_array($id)){ foreach($id as $key=>$val){ $val = (int)$val; if($val){ $id[$key] = $val; }else{ unset($id[$key]); } } if(count($id)){ $id = implode(',',$id); }else{ Showmsg('medal_iderror'); } } else{ $id = (int)$id; !$id && Showmsg('medal_iderror'); } require_once(R_P.'require/msg.php'); $rs = $db->query("SELECT l.level,l.why,m.uid,m.username,m.medals FROM pw_medalslogs l LEFT JOIN pw_members m ON l.awardee=m.username WHERE l.id IN($id)"); while ($rt = $db->fetch_array($rs)){ Add_S($rt); $medal = $rt['level']; $reason = $rt['why']; if($rt['medals'] && strpos(",$rt[medals],",",$medal,")!==false){ continue; } elseif($rt['medals']){ $medals="$rt[medals],$medal"; } else{ $medals=$medal; } if($md_ifmsg){ $message=array( $rt['username'], $winduid, 'metal_add', $timestamp, "metal_add_content", '', $windid ); writenewmsg($message,1); } $medals==',' && $medals=''; $db->update("UPDATE pw_members SET medals='$medals' WHERE uid='$rt[uid]'"); } $db->free_result(); unset($medal,$medals,$reason); $db->update("UPDATE pw_medalslogs SET awarder='$windid',awardtime='$timestamp',action='1' WHERE id IN($id)"); updatemedal_list(); refreshto("$basename&action=approve",'operate_success'); } elseif($job=='del'){ $id = GetGP('id'); require_once(R_P.'require/msg.php'); if(is_array($id)){ foreach($id as $key=>$val){ $val = (int)$val; if($val){ $id[$key] = $val; }else{ unset($id[$key]); } } if(count($id)){ $id = implode(',',$id); if($md_ifmsg){ $query = $db->query("SELECT awardee,level,why FROM pw_medalslogs WHERE id IN($id)"); while($rt = $db->fetch_array($query)){ $medal = $rt['level']; $reason = $rt['why']; $message=array( $rt['awardee'], $winduid, 'metal_refuse', $timestamp, "metal_refuse_content", '', $windid ); writenewmsg($message,1); } } $db->update("DELETE FROM pw_medalslogs WHERE id IN($id)"); }else{ Showmsg('medal_iderror'); } } else{ $id = (int)$id; !$id && Showmsg('medal_iderror'); if($md_ifmsg){ $rt = $db->get_one("SELECT awardee,level,why FROM pw_medalslogs WHERE id='$id'"); !$rt && Showmsg('medal_iderror'); $medal = $rt['level']; $reason = $rt['why']; $message=array( $rt['awardee'], $winduid, 'metal_refuse', $timestamp, "metal_refuse_content", '', $windid ); writenewmsg($message,1); } $db->update("DELETE FROM pw_medalslogs WHERE id='$id'"); } refreshto("$basename&action=approve",'operate_success'); }else{ Showmsg('illegal_request'); } }else{ Showmsg('illegal_request'); } function updatemedal_list(){ global $db; $query = $db->query("SELECT uid,medals FROM pw_members WHERE medals!=''"); $medaldb = '<?php die;?>0'; while($rt=$db->fetch_array($query)){ if(str_replace(',','',$rt['medals'])){ $medaldb .= ','.$rt['uid']; } } writeover(D_P.'data/bbscache/medals_list.php',$medaldb); } ?>