* 产生随机码
* @param $length - 要多长
* @param $numberic - 数字还是字符串
* @return 返回字符串
function random($length, $numeric = 0) {
PHP_VERSION < '4.2.0' && mt_srand((double)microtime() * 1000000);
if($numeric) {
$hash = sprintf('%0'.$length.'d', mt_rand(0, pow(10, $length) - 1));
} else {
$hash = '';
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz';
$max = strlen($chars) - 1;
for($i = 0; $i < $length; $i++) {
$hash .= $chars[mt_rand(0, $max)];
return $hash;
* 删除非空目录
* @param $path 目录
function removedir($dirname, $keepdir = FALSE) {
$dirname = wipespecial($dirname);
if(!is_dir($dirname)) {
return FALSE;
$handle = opendir($dirname);
while(($file = readdir($handle)) !== FALSE) {
if($file != '.' && $file != '..') {
$dir = $dirname . DIRECTORY_SEPARATOR . $file;
is_dir($dir) ? removedir($dir) : unlink($dir);
return !$keepdir ? (@rmdir($dirname) ? TRUE : FALSE) : TRUE;
function request($cachekey, $fid = 0, $type = 0, $return = 0) {
global $timestamp, $_DCACHE;
$datalist = '';
if($fid && in_array(CURSCRIPT, array('forumdisplay', 'viewthread'))) {
$specialfid = $GLOBALS['forum']['fid'];
$cachekey = !isset($GLOBALS['infosidestatus']['f'.$specialfid][$type]) ? $GLOBALS['infosidestatus'][$type] : $GLOBALS['infosidestatus']['f'.$specialfid][$type];
$key = $cachekey;
$cachekey .= '_fid'.$specialfid;
} else {
$specialfid = 0;
$key = $cachekey;
$cachefile = DISCUZ_ROOT.'./forumdata/cache/request_'.$cachekey.'.php';
if((@!include($cachefile)) || $expiration < $timestamp) {
require_once DISCUZ_ROOT.'./forumdata/cache/cache_request.php';
require_once DISCUZ_ROOT.'./include/request.func.php';
parse_str($_DCACHE['request'][$key]['url'], $requestdata);
$datalist = parse_request($requestdata, $cachefile, 0, $specialfid, $key);
if(!$return) {
echo $datalist;
} else {
return $datalist;
* 发送邮件
* @param $email_to - 接受者
* @param $email_subject - 标题
* @param $email_messge - 内容
* @param $email_from - 发送者
function sendmail($email_to, $email_subject, $email_message, $email_from = '') {
require DISCUZ_ROOT.'./include/sendmail.inc.php';
* 发送短消息
* @param $toid - 接收方id
* @param $subject - 标题
* @param $message - 内容
* @param $fromid - 发送方id
* @param $from - 发送方名字
function sendpm($toid, $subject, $message, $fromid = '') {
include language('pms');
require_once DISCUZ_ROOT.'./uc_client/client.php';
if(isset($language[$subject])) {
eval("\$subject = addslashes(\"".$language[$subject]."\");");
if(isset($language[$message])) {
eval("\$message = addslashes(\"".$language[$message]."\");");
if($fromid === '') {
$fromid = $discuz_uid;
uc_pm_send($fromid, $toid, $subject, $message);
* 显示标准提示信息
* @param $toid - 信息
* @param $subject - 跳转到的url
* @param $message - 扩展
function showmessage($message, $url_forward = '', $extra = '') {
global $extrahead, $discuz_action, $debuginfo, $seccode, $fid, $tid, $charset, $show_message, $inajax, $_DCACHE, $advlist;
$show_message = $message;
$msgforward = unserialize($_DCACHE['settings']['msgforward']);
$msgforward['refreshtime'] = intval($msgforward['refreshtime']) * 1000;
$url_forward = empty($url_forward) ? '' : (empty($_DCOOKIE['sid']) && $transsidstatus ? transsid($url_forward) : $url_forward);
if($url_forward && empty($inajax) && $msgforward['quick'] && $msgforward['messages'] && @in_array($message, $msgforward['messages'])) {
dheader("location: ".str_replace('&', '&', $url_forward));
if(in_array($extra, array('HALTED', 'NOPERM'))) {
$fid = $tid = 0;
$discuz_action = 254;
} else {
$discuz_action = 255;
include language('messages');
if(isset($language[$message])) {
$pre = $inajax ? 'ajax_' : '';
eval("\$show_message = \"".(isset($language[$pre.$message]) ? $language[$pre.$message] : $language[$message])."\";");
$show_message .= $url_forward && empty($inajax) ? '<script>setTimeout("window.location.href =\''.$url_forward.'\';", '.$msgforward['refreshtime'].');</script>' : '';
if($advlist = array_merge($globaladvs ? $globaladvs['type'] : array(), $redirectadvs ? $redirectadvs['type'] : array())) {
$advitems = ($globaladvs ? $globaladvs['items'] : array()) + ($redirectadvs ? $redirectadvs['items'] : array());
foreach($advlist AS $type => $redirectadvs) {
$advlist[$type] = $advitems[$redirectadvs[array_rand($redirectadvs)]];
if($extra == 'NOPERM') {
//get secure code checking status (pos. -2)
if($seccodecheck = substr(sprintf('%05b', $seccodestatus), -2, 1)) {
$seccode = random(6, 1) + $seccode{0} * 1000000;
include template('nopermission');
} else {
include template('showmessage');
* 显示等级
* @param $num - 等级
function showstars($num) {
global $starthreshold;
$alt = 'alt="Rank: '.$num.'"';
if(empty($starthreshold)) {
for($i = 0; $i < $num; $i++) {
echo '<img src="'.IMGDIR.'/star_level1.gif" '.$alt.' />';
} else {
for($i = 3; $i > 0; $i--) {
$numlevel = intval($num / pow($starthreshold, ($i - 1)));
$num = ($num % pow($starthreshold, ($i - 1)));
for($j = 0; $j < $numlevel; $j++) {
echo '<img src="'.IMGDIR.'/star_level'.$i.'.gif" '.$alt.' />';
* 返回当前链接的域名
* @return 返回域名
function site() {
return $_SERVER['HTTP_HOST'];
* 判断一个字符串是否在另一个字符串中存在
* @param haystack 待查找的字符串
* @param $needls 被查找的字符串
* @return 是否存在
function strexists($haystack, $needle) {
return !(strpos($haystack, $needle) === FALSE);
* 验证码数字转字母
* @param seccode 带转换的验证码数字变量
function seccodeconvert(&$seccode) {
global $seccodedata, $charset;
$seccode = substr($seccode, -6);
if($seccodedata['type'] == 1) {
include_once language('seccode');
$len = strtoupper($charset) == 'GBK' ? 2 : 3;
$code = array(substr($seccode, 0, 3), substr($seccode, 3, 3));
$seccode = '';
for($i = 0; $i < 2; $i++) {
$seccode .= substr($lang['chn'], $code[$i] * $len, $len);
} elseif($seccodedata['type'] == 3) {
$s = sprintf('%04s', base_convert($seccode, 10, 20));
} else {
$s = sprintf('%04s', base_convert($seccode, 10, 24));
$seccodeunits = 'BCEFGHJKMPQRTVWXY2346789';
$seccode = '';
for($i = 0; $i < 4; $i++) {
$unit = ord($s{$i});
$seccode .= ($unit >= 0x30 && $unit <= 0x39) ? $seccodeunits[$unit - 0x30] : $seccodeunits[$unit - 0x57];
* 检查是否正确提交了表单
* @param $var 需要检查的变量
* @param $allowget 是否允许GET方式
* @param $seccodecheck 验证码检测是否开启
* @return 返回是否正确提交了表单
function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0) {
if(empty($GLOBALS[$var])) {
return FALSE;
} else {
global $_SERVER, $seclevel, $seccode, $seccodedata, $seccodeverify, $secanswer, $_DCACHE, $_DCOOKIE, $timestamp, $discuz_uid;
if($allowget || ($_SERVER['REQUEST_METHOD'] == 'POST' && $GLOBALS['formhash'] == formhash() && (empty($_SERVER['HTTP_REFERER']) ||
preg_replace("/https?:\/\/([^\:\/]+).*/i", " \\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\:]+).*/", " \\1", $_SERVER['HTTP_HOST'])))) {
if($seccodecheck) {
if(!$seclevel) {
$key = $seccodedata['type'] != 3 ? '' : $_DCACHE['settings']['authkey'].date('Ymd');
list($seccode, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secc'], 'DECODE', $key));
if($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) {
dsetcookie('secc', '', -86400 * 365);
} else {
$tmp = substr($seccode, 0, 1);
if(strtoupper($seccodeverify) != $seccode) {
$seclevel && $seccode = random(6, 1) + $tmp * 1000000;
if($secqaacheck) {
if(!$seclevel) {
list($seccode, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secq'], 'DECODE'));
if($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) {
dsetcookie('secq', '', -86400 * 365);
require_once DISCUZ_ROOT.'./forumdata/cache/cache_secqaa.php';
if(md5($secanswer) != $_DCACHE['secqaa'][substr($seccode, 0, 1)]['answer']) {
$seclevel && $seccode = random(1, 1) * 1000000 + substr($seccode, -6);
return TRUE;
} else {
* 解析模板
* @return 返回域名
function template($file, $templateid = 0, $tpldir = '') {
global $inajax;
$file .= $inajax && ($file == 'header' || $file == 'footer') ? '_ajax' : '';
$tpldir = $tpldir ? $tpldir : TPLDIR;
$templateid = $templateid ? $templateid : TEMPLATEID;
$tplfile = DISCUZ_ROOT.'./'.$tpldir.'/'.$file.'.htm';
$objfile = DISCUZ_ROOT.'./forumdata/templates/'.$templateid.'_'.$file.'.tpl.php';
if($templateid != 1 && !file_exists($tplfile)) {
$tplfile = DISCUZ_ROOT.'./templates/default/'.$file.'.htm';
@checktplrefresh($tplfile, $tplfile, filemtime($objfile), $templateid, $tpldir);
return $objfile;
* 如果cookie关闭使用GET方式传递sid
* @param $url - 地址
* @param $tag - 标记
* @param $wml - 取得sid的input
* @return 返回url
function transsid($url, $tag = '', $wml = 0) {
global $sid;
$tag = stripslashes($tag);
if(!$tag || (!preg_match("/^(http:\/\/|mailto:|#|javascript)/i", $url) && !strpos($url, 'sid='))) {
if($pos = strpos($url, '#')) {
$urlret = substr($url, $pos);
$url = substr($url, 0, $pos);
} else {
$urlret = '';
$url .= (strpos($url, '?') ? ($wml ? '&' : '&') : '?').'sid='.$sid.$urlret;
return $tag.$url;
* 显示主题分类
* @param $curtypeid - 当前被选择的类型id
* @return 返回的HTML数据
function typeselect($curtypeid = 0, $special = '', $onchange = '', $modelid = 0) {
global $fid, $sid, $extra;
$onchange = $onchange ? $onchange : "onchange=\"ajaxget('post.php?action=threadtypes&typeid='+this.options[this.selectedIndex].value+'&fid=$fid&sid=$sid', 'threadtypes', 'threadtypeswait')\"";
if($threadtypes = $GLOBALS['forum']['threadtypes']) {
$selecthtml = '';
foreach($threadtypes['types'] as $typeid => $name) {
if(!$special || $special == 'disabled' || !$threadtypes['special'][$typeid]) {
$typehtml = '<option value="'.$typeid.'" '.($curtypeid == $typeid ? 'selected="selected"' : '').' '.($threadtypes['special'][$typeid] ? 'class="special"' : '').'>'.strip_tags($name).'</option>';
$selecthtml .= $modelid ? ($threadtypes['modelid'][$typeid] == $modelid ? $typehtml : '') : $typehtml;
$html = $selecthtml ? '<select name="typeid" '.(!$special ? $onchange : '').'><option value="0"> </option>'.$selecthtml.'</select><span id="threadtypeswait"></span>'.($special === 'disabled' ? '<input type="hidden" name="typeid" value="'.$curtypeid.'" />' : '') : '';
return $html;
} else {
return '';
* 更新积分
* @param $uids - 用户id数组
* @param $creditsarray - 积分数组
* @param $coef - 积分
* @param $extrasql - 扩展SQL
function updatecredits($uids, $creditsarray, $coef = 1, $extrasql = '') {
if($uids && ((!empty($creditsarray) && is_array($creditsarray)) || $extrasql)) {
global $db, $tablepre;
$creditsadd = $comma = '';
foreach($creditsarray as $id => $addcredits) {
$creditsadd .= $comma.'extcredits'.$id.'=extcredits'.$id.'+('.intval($addcredits).')*('.$coef.')';
$comma = ', ';
if($creditsadd || $extrasql) {
$db->query("UPDATE {$tablepre}members SET $creditsadd ".($creditsadd && $extrasql ? ', ' : '')." $extrasql WHERE uid IN ('$uids')", 'UNBUFFERED');
* 更新session
function updatesession() {
if(!empty($GLOBALS['sessionupdated'])) {
return TRUE;
global $db, $tablepre, $sessionexists, $sessionupdated, $sid, $onlineip, $discuz_uid, $discuz_user, $timestamp, $lastactivity, $seccode,
$pvfrequence, $spageviews, $lastolupdate, $oltimespan, $onlinehold, $groupid, $styleid, $invisible, $discuz_action, $fid, $tid;
$fid = intval($fid);
$tid = intval($tid);
if($oltimespan && $discuz_uid && $lastactivity && $timestamp - ($lastolupdate ? $lastolupdate : $lastactivity) > $oltimespan * 60) {
$lastolupdate = $timestamp;
$db->query("UPDATE {$tablepre}onlinetime SET total=total+'$oltimespan', thismonth=thismonth+'$oltimespan', lastupdate='$timestamp' WHERE uid='$discuz_uid' AND lastupdate<='".($timestamp - $oltimespan * 60)."'");
if(!$db->affected_rows()) {
$db->query("INSERT INTO {$tablepre}onlinetime (uid, thismonth, total, lastupdate)
VALUES ('$discuz_uid', '$oltimespan', '$oltimespan', '$timestamp')", 'SILENT');
} else {
$lastolupdate = intval($lastolupdate);
if($sessionexists == 1) {
if($pvfrequence && $discuz_uid) {
if($spageviews >= $pvfrequence) {
$pageviewsadd = ', pageviews=\'0\'';
$db->query("UPDATE {$tablepre}members SET pageviews=pageviews+'$spageviews' WHERE uid='$discuz_uid'", 'UNBUFFERED');
} else {
$pageviewsadd = ', pageviews=pageviews+1';
} else {
$pageviewsadd = '';
$db->query("UPDATE {$tablepre}sessions SET uid='$discuz_uid', username='$discuz_user', groupid='$groupid', styleid='$styleid', invisible='$invisible', action='$discuz_action', lastactivity='$timestamp', lastolupdate='$lastolupdate', seccode='$seccode', fid='$fid', tid='$tid' $pageviewsadd WHERE sid='$sid'");
} else {
$ips = explode('.', $onlineip);
$db->query("DELETE FROM {$tablepre}sessions WHERE sid='$sid' OR lastactivity<($timestamp-$onlinehold) OR ('$discuz_uid'<>'0' AND uid='$discuz_uid') OR (uid='0' AND ip1='$ips[0]' AND ip2='$ips[1]' AND ip3='$ips[2]' AND ip4='$ips[3]' AND lastactivity>$timestamp-60)");
$db->query("INSERT INTO {$tablepre}sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, action, lastactivity, lastolupdate, seccode, fid, tid)
VALUES ('$sid', '$ips[0]', '$ips[1]', '$ips[2]', '$ips[3]', '$discuz_uid', '$discuz_user', '$groupid', '$styleid', '$invisible', '$discuz_action', '$timestamp', '$lastolupdate', '$seccode', '$fid', '$tid')", 'SILENT');
if($discuz_uid && $timestamp - $lastactivity > 21600) {
if($oltimespan && $timestamp - $lastactivity > 86400) {
$query = $db->query("SELECT total FROM {$tablepre}onlinetime WHERE uid='$discuz_uid'");
$oltimeadd = ', oltime='.round(intval($db->result($query, 0)) / 60);
} else {
$oltimeadd = '';
$db->query("UPDATE {$tablepre}members SET lastip='$onlineip', lastvisit=lastactivity, lastactivity='$timestamp' $oltimeadd WHERE uid='$discuz_uid'", 'UNBUFFERED');
$sessionupdated = 1;
* 更新管理者状态
* @param $modacton - 动作
* @param $smcols - 执行次数
function updatemodworks($modaction, $posts = 1) {
global $modworkstatus, $db, $tablepre, $discuz_uid, $timestamp, $_DCACHE;
$today = gmdate('Y-m-d', $timestamp + $_DCACHE['settings']['timeoffset'] * 3600);
if($modworkstatus && $modaction && $posts) {
$db->query("UPDATE {$tablepre}modworks SET count=count+1, posts=posts+'$posts' WHERE uid='$discuz_uid' AND modaction='$modaction' AND dateline='$today'");
if(!$db->affected_rows()) {
$db->query("INSERT INTO {$tablepre}modworks (uid, modaction, dateline, count, posts) VALUES ('$discuz_uid', '$modaction', '$today', 1, '$posts')");
* 写日志
* @param $path 日志名称
* @param $log 日志
function writelog($file, $log) {
global $timestamp, $_DCACHE;
$yearmonth = gmdate('Ym', $timestamp + $_DCACHE['settings']['timeoffset'] * 3600);
$logdir = DISCUZ_ROOT.'./forumdata/logs/';
$logfile = $logdir.$yearmonth.'_'.$file.'.php';
if(@filesize($logfile) > 2048000) {
$dir = opendir($logdir);
$length = strlen($file);
$maxid = $id = 0;
while($entry = readdir($dir)) {
if(strexists($entry, $yearmonth.'_'.$file)) {
$id = intval(substr($entry, $length + 8, -4));
$id > $maxid && $maxid = $id;
$logfilebak = $logdir.$yearmonth.'_'.$file.'_'.($maxid + 1).'.php';
@rename($logfile, $logfilebak);
if($fp = @fopen($logfile, 'a')) {
@flock($fp, 2);
$log = is_array($log) ? $log : array($log);
foreach($log as $tmp) {
fwrite($fp, "<?PHP exit;?>\t".str_replace(array('<?', '?>'), '', $tmp)."\n");
function wipespecial($str) {
return str_replace(array( "\n", "\r", '..'), array('', '', ''), $str);
function discuz_uc_avatar($uid, $size = '') {
return UC_API.'/avatar.php?uid='.$uid.'&size='.$size;