10 місяці тому · b5ac572088
--- a/src/admin/templets/stepselect_showajax.htm
+++ b/src/admin/templets/stepselect_showajax.htm
@@ -66,7 +66,7 @@ if ($action=='edit') {
 <?php
 } else if ($action=='view') {
 		$arr = $dsql->GetOne("SELECT * FROM `#@__stepselect` WHERE id='$id' ");
 		$dsql->Execute('out',"SELECT * FROM `#@__sys_enum` where egroup like '{$arr['egroup']}' order by disorder asc, evalue asc");
 		$dsql->Execute('out',"SELECT * FROM `#@__sys_enum` where egroup like '{$arr['egroup']}' ORDER BY disorder asc, evalue ASC");
 		$options = '';
 	while($row1 = $dsql->GetArray('out')) 
 	{
--- a/src/admin/templets/sys_admin_user_add.htm
+++ b/src/admin/templets/sys_admin_user_add.htm
@@ -45,7 +45,7 @@
 					<td>
 						<select name="usertype" class="admin-input-sm">
 							<?php
 							$dsql->SetQuery("SELECT * FROM `#@__admintype` order by `rank` asc");
 							$dsql->SetQuery("SELECT * FROM `#@__admintype` ORDER BY `rank` ASC");
 							$dsql->Execute("ut");
 							while($myrow = $dsql->GetObject("ut"))
 							{
--- a/src/admin/vote_edit.php
+++ b/src/admin/vote_edit.php
@@ -28,17 +28,7 @@ if ($dopost == "delete") {
    CheckCSRF();
    $starttime = GetMkTime($starttime);
    $endtime = GetMkTime($endtime);
    $query = "UPDATE `#@__vote` SET votename='$votename',
        starttime='$starttime',
        endtime='$endtime',
        totalcount='$totalcount',
        ismore='$ismore',
        votenote='$votenote',
        isallow='$isallow',
        view='$view',
        spec='$spec',
        isenable='$isenable'
      WHERE aid='$aid'";
    $query = "UPDATE `#@__vote` SET votename='$votename',starttime='$starttime',endtime='$endtime',totalcount='$totalcount',ismore='$ismore',votenote='$votenote',isallow='$isallow',view='$view',spec='$spec',isenable='$isenable' WHERE aid='$aid'";
    if ($dsql->ExecuteNoneQuery($query)) {
        $vt = new DedeVote($aid);
        $vote_file = DEDEDATA."/vote/vote_".$aid.".js";
--- a/src/apps/list.php
+++ b/src/apps/list.php
@@ -17,7 +17,7 @@ if ($tid == 0 && $channelid == 0) die("dedebiz");
 if (isset($TotalResult)) $TotalResult = intval(preg_replace("/[^\d]/", '', $TotalResult));
 //如果指定了文档模型id但没有指定栏目id，那么自动获得为这个文档模型的第一个顶级栏目作为栏目默认栏目
 if (!empty($channelid) && empty($tid)) {
    $tinfos = $dsql->GetOne("SELECT tp.id,ch.issystem FROM `#@__arctype` tp LEFT JOIN `#@__channeltype` ch ON ch.id=tp.channeltype WHERE tp.channeltype='$channelid' And tp.reid=0 order by sortrank asc");
    $tinfos = $dsql->GetOne("SELECT tp.id,ch.issystem FROM `#@__arctype` tp LEFT JOIN `#@__channeltype` ch ON ch.id=tp.channeltype WHERE tp.channeltype='$channelid' And tp.reid=0 ORDER BY sortrank ASC");
    if (!is_array($tinfos)) die(" No catalogs in the channel! ");
    $tid = $tinfos['id'];
 } else {
--- a/src/system/taglib/userinfo.lib.php
+++ b/src/system/taglib/userinfo.lib.php
@@ -21,7 +21,7 @@ function lib_userinfo(&$ctag, &$refObj)
    $revalue = '';
    $innerText = trim($ctag->GetInnerText());
    if (empty($innerText)) $innerText = GetSysTemplets('userinfo.htm');
    $sql = "SELECT U.*,US.spacename,US.sign,AR.membername as rankname FROM `#@__member` U LEFT JOIN `#@__member_space` US ON US.mid = U.mid  LEFT JOIN `#@__arcrank` AR ON AR.`rank` = U.`rank`  WHERE U.mid='{$mid}' LIMIT 0,1 ";
    $sql = "SELECT U.*,US.spacename,US.sign,AR.membername as rankname FROM `#@__member` U LEFT JOIN `#@__member_space` US ON US.mid = U.mid  LEFT JOIN `#@__arcrank` AR ON AR.`rank` = U.`rank` WHERE U.mid='{$mid}' LIMIT 0,1 ";
    $ctp = new DedeTagParse();
    $ctp->SetNameSpace('field','[',']');
    $ctp->LoadSource($innerText);
--- a/src/system/tpllib/plus_userarclist.php
+++ b/src/system/tpllib/plus_userarclist.php
@@ -16,15 +16,7 @@ function plus_userarclist(&$atts, &$refObj, &$fields)
    FillAtts($atts,$attlist);
    FillFields($atts,$fields,$refObj);
    extract($atts, EXTR_OVERWRITE);
    $sql = "SELECT arc.*,mt.mtypename,tp.typedir,tp.typename,tp.isdefault,tp.defaultname,tp.namerule,
        tp.namerule2,tp.ispart,tp.moresite,tp.siteurl,tp.sitepath
        FROM `#@__archives` arc
        LEFT JOIN `#@__arctype` tp ON arc.typeid=tp.id
        LEFT JOIN `#@__mtypes` mt ON mt.mtypeid=arc.mtype
        WHERE arc.mid='{$_vars['mid']}' AND arc.channel=$channel AND arc.arcrank=0
        ORDER BY id DESC LIMIT 0,$row";
    $sql = "SELECT arc.*,mt.mtypename,tp.typedir,tp.typename,tp.isdefault,tp.defaultname,tp.namerule,tp.namerule2,tp.ispart,tp.moresite,tp.siteurl,tp.sitepath FROM `#@__archives` arc LEFT JOIN `#@__arctype` tp ON arc.typeid=tp.id LEFT JOIN `#@__mtypes` mt ON mt.mtypeid=arc.mtype WHERE arc.mid='{$_vars['mid']}' AND arc.channel=$channel AND arc.arcrank=0 ORDER BY id DESC LIMIT 0,$row";
    $dsql->SetQuery($sql);
    $dsql->Execute("ul");
    $rearr = array();
@@ -36,9 +28,8 @@ function plus_userarclist(&$atts, &$refObj, &$fields)
        $row['arcrank'],$row['namerule'],$row['typedir'],$row['money'],$row['filename'],$row['moresite'],$row['siteurl'],$row['sitepath']);
        $row['typeurl'] = GetTypeUrl($row['typeid'],$row['typedir'],$row['isdefault'],$row['defaultname'],$row['ispart'],
        $row['namerule2'],$row['moresite'],$row['siteurl'],$row['sitepath']);
        if($row['litpic']=='') $row['litpic'] = '/images/defaultpic.gif';
        if(!preg_match("#^(http|https):\/\/#i", $row['litpic']))
        {
        if ($row['litpic']=='') $row['litpic'] = '/static/web/img/thumbnail.jpg';
        if (!preg_match("#^(http|https):\/\/#i", $row['litpic'])) {
            $row['picname'] = $row['litpic'] = $GLOBALS['cfg_cmsurl'].$row['litpic'];
        } else {
            $row['picname'] = $row['litpic'];
@@ -49,18 +40,16 @@ function plus_userarclist(&$atts, &$refObj, &$fields)
        $row['imglink'] = "<a href='".$row['filename']."'>".$row['image']."</a>";
        $row['fulltitle'] = $row['title'];
        $row['title'] = cn_substr($row['title'],$titlelen);
        if($row['color']!='') {
            $row['title'] = "<font color='".$row['color']."'>".$row['title']."</font>";
        if ($row['color']!='') {
            $row['title'] = "<span color='".$row['color']."'>".$row['title']."</span>";
        }
        if(preg_match('#b#', $row['flag']))
        {
        if (preg_match('#b#', $row['flag'])) {
            $row['title'] = "<strong>".$row['title']."</strong>";
        }
        $row['textlink'] = "<a href='".$row['filename']."'>".$row['title']."</a>";
        $row['plusurl'] = $row['phpurl'] = $GLOBALS['cfg_phpurl'];
        $row['memberurl'] = $GLOBALS['cfg_memberurl'];
        $row['templeturl'] = $GLOBALS['cfg_templeturl'];
        $rearr[] = $row;
    }
    $dsql->FreeResult("ul");
--- a/src/system/userlogin.class.php
+++ b/src/system/userlogin.class.php
@@ -214,7 +214,7 @@ class userLogin
        $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);
        $this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd);
        $pwd = substr(md5($this->userPwd), 5, 20);
        $dsql->SetQuery("SELECT admin.*,atype.purviews,member.face FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.`rank`=admin.usertype LEFT JOIN `#@__member` member ON member.mid = admin.id  WHERE admin.userid LIKE '".$this->userName."' LIMIT 0,1");
        $dsql->SetQuery("SELECT admin.*,atype.purviews,member.face FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.`rank`=admin.usertype LEFT JOIN `#@__member` member ON member.mid = admin.id WHERE admin.userid LIKE '".$this->userName."' LIMIT 0,1");
        $dsql->Execute();
        $row = $dsql->GetObject();
        if (!isset($row->pwd)) {