//public proxy() protected override void OnInit(System.EventArgs e) { if (ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost())) { return; } string url = DNTRequest.GetQueryString("url"); if (url == null || url == string.Empty) { return; } url = HttpUtility.UrlDecode(url); string enc = "utf-8"; if (DNTRequest.GetQueryString("enc") != "") { enc = DNTRequest.GetQueryString("enc"); } string err = ""; if (enc == "gb2312") { url = Globals.EncodeStringAsGB2312(url); } HttpWebResponse response = Globals.GetPageResponse(url, out err); if (response == null) { HttpContext.Current.Response.Write(err); HttpContext.Current.Response.End(); return; } // WebHeaderCollection headers = response.Headers; // foreach (string key in headers.Keys) // { // HttpContext.Current.Response.AppendHeader(key, headers[key]); // } Encoding encoding = Encoding.GetEncoding(enc); HttpContext.Current.Response.ContentType = response.ContentType; Stream instream = response.GetResponseStream(); StreamReader sr = new StreamReader(instream, encoding); //返回结果网页(html)代码 string content = sr.ReadToEnd(); HttpContext.Current.Response.ContentEncoding = encoding; HttpContext.Current.Response.Write(content); HttpContext.Current.Response.End(); }
protected override void ShowPage() { pagetitle = "用户管理"; if (userid == -1) { AddErrLine("请先登录"); return; } if (ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost()) || Utils.StrIsNullOrEmpty(action)) { AddErrLine("非法提交"); return; } if (action == "") { AddErrLine("操作类型参数为空"); return; } // 如果拥有管理组身份 admininfo = AdminGroups.GetAdminGroupInfo(usergroupid); // 如果所属管理组不存在 if (admininfo == null) { AddErrLine("你没有管理权限"); return; } if (operateduid == -1) { AddErrLine("没有选择要操作的用户"); return; } operateduser = Users.GetShortUserInfo(operateduid); if (operateduser == null) { AddErrLine("选择的用户不存在"); return; } if (operateduser.Adminid > 0) { AddErrLine("无法对拥有管理权限的用户进行操作, 请管理员登录后台进行操作"); return; } operatedusername = operateduser.Username; if (!ispost) { Utils.WriteCookie("reurl", DNTRequest.GetUrlReferrer()); if (action == "banuser") { operationtitle = "禁止用户"; switch (operateduser.Groupid) { case 4: bantype = 1; groupexpiry = "(" + Utils.FormatDate(operateduser.Groupexpiry) + ")"; break; case 5: bantype = 2; groupexpiry = "(" + Utils.FormatDate(operateduser.Groupexpiry) + ")"; break; case 6: bantype = 3; groupexpiry = "(" + Utils.FormatDate(operateduser.Groupexpiry) + ")"; break; default: bantype = 0; break; } if (admininfo.Allowbanuser != 1) { AddErrLine("您没有禁止用户的权限"); return; } } } else if (action == "banuser") { operationtitle = "禁止用户"; DoBanUserOperation(); } }
public AjaxPage() { config = GeneralConfigs.GetConfig(); //如果是Flash提交 if (Utils.StrIsNullOrEmpty(DNTRequest.GetUrlReferrer())) { string[] input = DecodeUid(DNTRequest.GetString("input")).Split(','); //下标0为Uid,1为Olid UserInfo userInfo = Users.GetUserInfo(TypeConverter.StrToInt((input[0]))); if (userInfo == null || DNTRequest.GetString("appid") != Utils.MD5(userInfo.Username + userInfo.Password + userInfo.Uid + input[1])) { return; } } else if (ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost())) //如果是跨站提交... { return; } string type = DNTRequest.GetString("t"); if (Utils.InArray(type, "deleteattach,getattachlist,deletepostsbyuidanddays,deletepost,ignorepost,passpost,deletetopic,ignoretopic,passtopic,getimagelist,getblocklist,getpagelist,forumtree,topictree,quickreply,report,getdebatepostpage,confirmbuyattach,getnewpms,getnewnotifications,getajaxforums,checkuserextcredit,diggdebates,imagelist,debatevote")) { //如果需要验证用户身份,跳转至继承了PageBase的页面 try { HttpContext.Current.Server.Transfer("sessionajax.aspx?t=" + type + "&reason=" + DNTRequest.GetString("reason")); } catch //子页面请求错误,期待更好方案 { } return; } switch (type) { case "checkusername": CheckUserName(); //检查用户名是否存在 break; case "album": //相册 GetAlbum(); break; case "checkrewritename": CheckRewriteName(); break; case "ratelist": GetRateLogList(); //帖子评分记录 break; case "smilies": GetSmilies(); break; case "relatekw": GetRelateKeyword(); break; case "gettopictags": GetTopicTags(); break; case "topicswithsametag": GetTopicsWithSameTag(); break; case "getforumhottags": GetForumHotTags(); break; case "getspaceposttags": GetSpacePostTags(); break; case "getspacehottags": GetSpaceHotTags(); break; case "getphototags": GetPhotoTags(); break; case "getphotohottags": GetPhotoHotTags(); break; case "getgoodstradelog": GetGoodsTradeLog(DNTRequest.GetInt("goodsid", 0), DNTRequest.GetInt("pagesize", 0), DNTRequest.GetInt("pageindex", 0), DNTRequest.GetString("orderby", true), DNTRequest.GetInt("ascdesc", 1)); break; case "getgoodsleavewordbyid": GetGoodsLeaveWordById(DNTRequest.GetInt("leavewordid", 0)); break; case "getgoodsleaveword": GetGoodsLeaveWord(DNTRequest.GetInt("goodsid", 0), DNTRequest.GetInt("pagesize", 0), DNTRequest.GetInt("pageindex", 0)); break; case "ajaxgetgoodsratelist": GetGoodsRatesList(DNTRequest.GetInt("uid", 0), DNTRequest.GetInt("uidtype", 0), DNTRequest.GetInt("ratetype", 0), DNTRequest.GetString("filter", true)); break; case "getmallhottags": GetMallHotTags(); break; case "gethotgoods": GetHotGoods(DNTRequest.GetInt("days", 0), DNTRequest.GetInt("categoryid", 0), DNTRequest.GetInt("count", 0)); break; case "getshopinfo": //获取热门或新开的店铺信息 GetShopInfoJson(DNTRequest.GetInt("shoptype", 0)); break; case "getgoodslist": GetGoodsList(DNTRequest.GetInt("categoryid", 0), DNTRequest.GetInt("order", 0), DNTRequest.GetInt("topnumber", 0)); break; case "gethotdebatetopic": Getdebatesjsonlist("gethotdebatetopic", DNTRequest.GetString("tidlist", true)); break; case "recommenddebates": Getdebatesjsonlist("recommenddebates", DNTRequest.GetString("tidlist", true)); break; case "addcommentdebates": ResponseXML(Debates.CommentDabetas(DNTRequest.GetInt("tid", 0), DNTRequest.GetString("commentdebates", true), DNTRequest.IsPost())); break; case "getpostinfo": GetPostInfo(); break; case "getattachpaymentlog": //获取指定符件id的附件交易日志 GetAttachPaymentLogByAid(DNTRequest.GetInt("aid", 0)); break; case "getiplist": GetIpList(); break; case "getforumtopictypelist": GetForumTopicTypeList(); break; case "image": GetImage(); break; case "resetemail": ResetEmail(); break; } if (DNTRequest.GetString("Filename") != "" && DNTRequest.GetString("Upload") != "") { string uid = DecodeUid(DNTRequest.GetString("input")).Split(',')[0]; ResponseText(UploadTempAvatar(uid)); return; } if (DNTRequest.GetString("avatar1") != "" && DNTRequest.GetString("avatar2") != "" && DNTRequest.GetString("avatar3") != "") { string uid = DecodeUid(DNTRequest.GetString("input")).Split(',')[0]; CreateDir(uid); if (!(SaveAvatar("avatar1", uid) && SaveAvatar("avatar2", uid) && SaveAvatar("avatar3", uid))) { File.Delete(Utils.GetMapPath(BaseConfigs.GetForumPath + "upload\\temp\\avatar_" + uid + ".jpg")); ResponseText("<?xml version=\"1.0\" ?><root><face success=\"0\"/></root>"); return; } File.Delete(Utils.GetMapPath(BaseConfigs.GetForumPath + "upload\\temp\\avatar_" + uid + ".jpg")); ResponseText("<?xml version=\"1.0\" ?><root><face success=\"1\"/></root>"); return; } }
public AttachUploadPage() { if (!DNTRequest.GetRawUrl().Contains("action=swfupload") && ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost())) //如果是跨站提交... { return; } //处理flash批量上传无法获取userid的问题 bool canpostattach = true; if (DNTRequest.GetString("operation") == "upload") { string uploadUserid = DNTRequest.GetString("uid"); int olid = Discuz.Forum.OnlineUsers.GetOlidByUid(TypeConverter.StrToInt(uploadUserid)); if (olid > 0) { OnlineUserInfo oluserinfo = Discuz.Forum.OnlineUsers.GetOnlineUser(olid); string hash = Discuz.Common.DES.Encode(oluserinfo.Olid.ToString() + "," + oluserinfo.Username.ToString(), oluserinfo.Password.Substring(0, 10)).Replace("+", "["); if (DNTRequest.GetString("hash") == hash) { userid = oluserinfo.Userid; usergroupinfo = UserGroups.GetUserGroupInfo(oluserinfo.Groupid); } else { canpostattach = false; } } else { canpostattach = false; } } UserInfo userinfo = Users.GetUserInfo(userid); ForumInfo forum = Forums.GetForumInfo(forumid); int MaxTodaySize = (userid > 0 ? Attachments.GetUploadFileSizeByuserid(userid) : 0); //今天可上传得大小 int attachsize = usergroupinfo.Maxsizeperday - MaxTodaySize; //得到用户可以上传的文件类型 string attachmentTypeSelect = Attachments.GetAllowAttachmentType(usergroupinfo, forum); string attachextensions = Attachments.GetAttachmentTypeArray(attachmentTypeSelect); string attachextensionsnosize = Attachments.GetAttachmentTypeString(attachmentTypeSelect); if (DNTRequest.GetString("action") == "swfupload" && DNTRequest.GetString("operation") == "config") { GetConfig(userid, attachextensionsnosize, attachsize, DNTRequest.GetString("type").Trim() == "image"); } else { //处理附件 string msg = ""; StringBuilder sb = new StringBuilder(); canpostattach &= UserAuthority.PostAttachAuthority(forum, usergroupinfo, userid, ref msg); if (!canpostattach) { ResponseXML(sb.Append("DISCUZUPLOAD|11|0|-1").ToString());//11,上传权限 return; } if (attachsize <= 0) { ResponseXML(sb.Append("DISCUZUPLOAD|3|0|-1").ToString());//3,附件大小超限 return; } //得到今天允许用户上传的附件总大小(字节) AttachmentInfo[] attachmentinfoarray = ForumUtils.SaveRequestFiles(forumid, config.Maxattachments, usergroupinfo.Maxsizeperday, usergroupinfo.Maxattachsize, MaxTodaySize, attachextensions, forum.Disablewatermark == 1 ? 0 : config.Watermarkstatus, config, "Filedata", DNTRequest.GetString("type") == "image"); if (attachmentinfoarray.Length > 0)//已有上传文件 { int aId = DNTRequest.GetInt("aid", 0); string noUpload = ""; foreach (AttachmentInfo attachmentinfo in attachmentinfoarray) { noUpload = string.IsNullOrEmpty(attachmentinfo.Sys_noupload) ? noUpload : attachmentinfo.Sys_noupload; attachmentinfo.Uid = userid; } if (aId <= 0) { Attachments.CreateAttachments(attachmentinfoarray); } else if (string.IsNullOrEmpty(noUpload)) { AttachmentInfo attchmentInfo = Attachments.GetAttachmentInfo(aId); //判断当前用户是否为附件所有者 if (attchmentInfo == null || (userinfo.Adminid <= 0 && attchmentInfo.Uid != userid)) { return; } attchmentInfo.Postdatetime = attachmentinfoarray[0].Postdatetime; attchmentInfo.Filename = attachmentinfoarray[0].Filename; attchmentInfo.Description = attachmentinfoarray[0].Description; attchmentInfo.Filetype = attachmentinfoarray[0].Filetype; attchmentInfo.Filesize = attachmentinfoarray[0].Filesize; attchmentInfo.Attachment = attachmentinfoarray[0].Attachment; attchmentInfo.Width = attachmentinfoarray[0].Width; attchmentInfo.Height = attachmentinfoarray[0].Height; attchmentInfo.Isimage = attachmentinfoarray[0].Isimage; Attachments.UpdateAttachment(attchmentInfo); } StringBuilder text = new StringBuilder(); int type = attachmentinfoarray[0].Filetype.StartsWith("image") ? 0 : -1; int resultCode = GetNoUploadCode(noUpload); if (aId <= 0) { if (DNTRequest.GetString("action") != "swfupload") { text.AppendFormat("DISCUZUPLOAD|{0}|{1}|{2}", resultCode, attachmentinfoarray[0].Aid, type); } else { text.AppendFormat(resultCode != 0 ? "error" : attachmentinfoarray[0].Aid.ToString()); } } else { text.AppendFormat("DISCUZUPDATE|{0}|{1}|{2}|{3}", resultCode, attachmentinfoarray[0].Attachment, aId, type); } ResponseXML(text.ToString()); } } }
protected override void ShowPage() { if (config.Enablemall == 0) //未启用交易服务 { AddErrLine("系统未开启交易服务, 当前页面暂时无法访问!"); return; } if (userid == -1) { AddErrLine("请先登录"); return; } if (ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost()) || action == "") { AddErrLine("非法提交"); return; } goodscategoryinfo = GoodsCategories.GetGoodsCategoryInfoById(categoryid); forumid = goodscategoryinfo.Fid; // 检查是否具有版主的身份 ismoder = Moderators.IsModer(useradminid, userid, forumid); // 如果拥有管理组身份 AdminGroupInfo admininfo = AdminGroups.GetAdminGroupInfo(usergroupid); operationtitle = "操作提示"; SetUrl(base.ShowGoodsListAspxRewrite(categoryid, 0)); if (action == "") { AddErrLine("操作类型参数为空"); return; } if (forumid == -1) { AddErrLine("无效的商品分类ID"); return; } if (DNTRequest.GetFormString("goodsid") != "" && !Goods.InSameCategory(goodslist, categoryid)) { AddErrLine("无法对非本分类商品进行管理操作"); return; } forum = Forums.GetForumInfo(forumid); forumname = forum.Name; if (!Forums.AllowViewByUserId(forum.Permuserlist, userid)) //判断当前用户在当前版块浏览权限 { if (forum.Viewperm == null || forum.Viewperm == string.Empty) //当板块权限为空时,按照用户组权限 { if (useradminid != 1 && (usergroupinfo.Allowvisit != 1 || usergroupinfo.Allowtrade != 1)) { AddErrLine("您当前的身份 \"" + usergroupinfo.Grouptitle + "\" 没有浏览该商品的权限"); return; } } else //当板块权限不为空,按照板块权限 { if (!Forums.AllowView(forum.Viewperm, usergroupid)) { AddErrLine("您没有浏览该商品的权限"); return; } } } pagetitle = Utils.RemoveHtml(forumname); forumnav = ForumUtils.UpdatePathListExtname(forum.Pathlist.Trim(), config.Extname); if (goodslist.CompareTo("") == 0) { AddErrLine("您没有选择商品或相应的管理操作,请返回修改"); return; } if (operation.CompareTo("") != 0) { // DoOperations执行管理操作 if (!DoOperations(forum, admininfo, config.Reasonpm)) { return; } } if (action.CompareTo("moderate") != 0) { if ("delete,highlight,close".IndexOf(operation) == -1) { AddErrLine("你无权操作此功能"); return; } operation = action; } else { if (operation.CompareTo("") == 0) { operation = DNTRequest.GetString("operat"); } if (operation.CompareTo("") == 0) { AddErrLine("您没有选择商品或相应的管理操作,请返回修改"); return; } } if (!BindTitle()) { return; } }
public feedproxy() { if (ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost())) { return; } // if (ForumUtils.IsCrossSitePost()) // return; XmlDocument doc = new XmlDocument(); string url = DNTRequest.GetQueryString("url"); if (url == null || url == string.Empty) { return; } url = HttpUtility.UrlDecode(url); string enc = "utf-8"; if (DNTRequest.GetQueryString("enc") != "") { enc = DNTRequest.GetQueryString("enc"); } string err = ""; HttpWebResponse response = Globals.GetPageResponse(url, out err); if (response == null) { HttpContext.Current.Response.Write(err); HttpContext.Current.Response.End(); return; } Encoding encoding = Encoding.GetEncoding(enc); HttpContext.Current.Response.ContentType = "text/html"; //response.ContentType; HttpContext.Current.Response.ContentEncoding = Encoding.UTF8; Stream instream = response.GetResponseStream(); doc.Load(instream); XmlNode rootnode = doc.SelectSingleNode("/rss/channel"); StringBuilder json = new StringBuilder("{"); foreach (XmlNode node in rootnode.ChildNodes) { switch (node.Name.ToLower()) { case "image": break; case "item": break; default: json.AppendFormat("\"{0}\":\"{1}\",", node.Name.ToLower(), node.InnerText.Replace("\"", "\\\"")); break; } } json.Remove(json.Length - 1, 1); json.Append(",\"items\":["); XmlNodeList items = doc.SelectNodes("/rss/channel/item"); foreach (XmlNode node in items) { json.Append("{"); foreach (XmlNode newnode in node) { json.AppendFormat(@"""{0}"":""{1}"",", newnode.Name.ToLower(), newnode.InnerText.Replace("\"", "\\\"").Replace("\n", "\\n").Replace("\r", "")); } json.Remove(json.Length - 1, 1); json.Append("},"); } json.Remove(json.Length - 1, 1); json.Append("]}"); HttpContext.Current.Response.Clear(); HttpContext.Current.Response.Write(json.ToString()); HttpContext.Current.Response.End(); }
protected override void ShowPage() { pagetitle = "用户管理"; operationtitle = "操作提示"; if (userid == -1) { AddErrLine("请先登录"); return; } action = DNTRequest.GetQueryString("action"); if (ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost()) || action == "") { AddErrLine("非法提交"); return; } if (action == "") { AddErrLine("操作类型参数为空"); return; } // 如果拥有管理组身份 admininfo = AdminGroups.GetAdminGroupInfo(useradminid); // 如果所属管理组不存在 if (admininfo == null) { AddErrLine("你没有管理权限"); return; } operateduid = DNTRequest.GetInt("uid", -1); if (operateduid == -1) { AddErrLine("没有选择要操作的用户"); return; } operateduser = Discuz.Forum.Users.GetShortUserInfo(operateduid); if (operateduser == null) { AddErrLine("选择的用户不存在"); return; } if (operateduser.Adminid > 0) { AddErrLine("无法对拥有管理权限的用户进行操作, 请管理员登录后台进行操作"); return; } operatedusername = operateduser.Username; if (!ispost) { Utils.WriteCookie("reurl", DNTRequest.GetUrlReferrer()); switch (action) { case "banuser": operationtitle = "禁止用户"; switch (operateduser.Groupid) { case 4: bantype = 1; break; case 5: bantype = 2; break; case 6: bantype = 3; break; default: bantype = 0; break; } if (!ValidateBanUser()) { AddErrLine("您没有禁止用户的权限"); return; } break; default: break; } } else { switch (action) { case "banuser": operationtitle = "禁止用户"; DoBanUserOperation(); break; default: break; } } }