Beispiel #1
0
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add)
{
    global $empire, $dbtbpre, $public_r, $class_r, $level_r;
    //验证本时间允许操作
    eCheckTimeCloseDo('pl');
    //验证IP
    eCheckAccessDoIp('pl');
    $id = (int) $id;
    $repid = (int) $repid;
    $classid = (int) $classid;
    //验证码
    $keyvname = 'checkplkey';
    if ($public_r['plkey_ok']) {
        ecmsCheckShowKey($keyvname, $key, 1);
    }
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    $muserid = (int) getcvar('mluserid');
    $musername = RepPostVar(getcvar('mlusername'));
    $mgroupid = (int) getcvar('mlgroupid');
    if ($muserid) {
        $cklgr = qCheckLoginAuthstr();
        if ($cklgr['islogin']) {
            $username = $musername;
        } else {
            $muserid = 0;
        }
    } else {
        if (empty($nomember)) {
            if (!$username || !$password) {
                printerror("FailPassword", "history.go(-1)", 1);
            }
            $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password,checked,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
            if (empty($ur['userid'])) {
                printerror("FailPassword", "history.go(-1)", 1);
            }
            if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) {
                printerror("FailPassword", "history.go(-1)", 1);
            }
            if ($ur['checked'] == 0) {
                printerror("NotCheckedUser", '', 1);
            }
            $muserid = $ur['userid'];
            $mgroupid = $ur['groupid'];
        } else {
            $muserid = 0;
        }
    }
    if ($public_r['plgroupid']) {
        if (!$muserid) {
            printerror("GuestNotToPl", "history.go(-1)", 1);
        }
        if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) {
            printerror("NotLevelToPl", "history.go(-1)", 1);
        }
    }
    //专题
    $doaction = $add['doaction'];
    if ($doaction == 'dozt') {
        if (!trim($saytext) || !$classid) {
            printerror("EmptyPl", "history.go(-1)", 1);
        }
        //是否关闭评论
        $r = $empire->fetch1("select ztid,closepl,checkpl,restb from {$dbtbpre}enewszt where ztid='{$classid}'");
        if (!$r['ztid']) {
            printerror("ErrorUrl", "history.go(-1)", 1);
        }
        if ($r['closepl']) {
            printerror("CloseClassPl", "history.go(-1)", 1);
        }
        //审核
        if ($r['checkpl']) {
            $checked = 1;
        } else {
            $checked = 0;
        }
        $restb = $r['restb'];
        $pubid = '-' . $classid;
        $id = 0;
        $pagefunr = eReturnRewritePlUrl($classid, $id, 'dozt', 0, 0, 1);
        $returl = $pagefunr['pageurl'];
    } else {
        if (!trim($saytext) || !$id || !$classid) {
            printerror("EmptyPl", "history.go(-1)", 1);
        }
        //表存在
        if (empty($class_r[$classid][tbname])) {
            printerror("ErrorUrl", "history.go(-1)", 1);
        }
        //是否关闭评论
        $r = $empire->fetch1("select classid,stb,restb from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' limit 1");
        if (!$r['classid'] || $r['classid'] != $classid) {
            printerror("ErrorUrl", "history.go(-1)", 1);
        }
        if ($class_r[$r[classid]][openpl]) {
            printerror("CloseClassPl", "history.go(-1)", 1);
        }
        //单信息关闭评论
        $pubid = ReturnInfoPubid($classid, $id);
        $finfor = $empire->fetch1("select closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . "_data_" . $r['stb'] . " where id='{$id}' limit 1");
        if ($finfor['closepl']) {
            printerror("CloseInfoPl", "history.go(-1)", 1);
        }
        //审核
        if ($class_r[$classid][checkpl]) {
            $checked = 1;
        } else {
            $checked = 0;
        }
        $restb = $r['restb'];
        $pagefunr = eReturnRewritePlUrl($classid, $id, 'doinfo', 0, 0, 1);
        $returl = $pagefunr['pageurl'];
    }
    //设置参数
    $plsetr = $empire->fetch1("select pltime,plsize,plincludesize,plclosewords,plmustf,plf,plmaxfloor,plquotetemp from {$dbtbpre}enewspl_set limit 1");
    if (strlen($saytext) > $plsetr['plsize']) {
        $GLOBALS['setplsize'] = $plsetr['plsize'];
        printerror("PlSizeTobig", "history.go(-1)", 1);
    }
    $time = time();
    $saytime = $time;
    $pltime = getcvar('lastpltime');
    if ($pltime) {
        if ($time - $pltime < $plsetr['pltime']) {
            $GLOBALS['setpltime'] = $plsetr['pltime'];
            printerror("PlOutTime", "history.go(-1)", 1);
        }
    }
    $sayip = egetip();
    $eipport = egetipport();
    $username = str_replace("\r\n", "", $username);
    $username = RepPostStr($username);
    $saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext)));
    if ($repid) {
        $saytext = RepPlTextQuote($repid, $saytext, $plsetr, $restb);
        CkPlQuoteFloor($plsetr['plmaxfloor'], $saytext);
        //验证楼层
    }
    //过滤字符
    $saytext = ReplacePlWord($plsetr['plclosewords'], $saytext);
    if ($level_r[$mgroupid]['plchecked']) {
        $checked = 0;
    }
    $ret_r = ReturnPlAddF($add, $plsetr, 0);
    //主表
    $sql = $empire->query("insert into {$dbtbpre}enewspl_" . $restb . "(pubid,username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,saytext,eipport" . $ret_r['fields'] . ") values('{$pubid}','" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'" . addslashes($saytext) . "','{$eipport}'" . $ret_r['values'] . ");");
    $plid = $empire->lastid();
    if ($doaction != 'dozt') {
        //信息表加1
        $usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}' limit 1");
    }
    //更新新评论数
    DoUpdateAddDataNum('pl', $restb, 1);
    //设置最后发表时间
    $set1 = esetcookie("lastpltime", time(), time() + 3600 * 24);
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        $reurl = DoingReturnUrl($returl, $_POST['ecmsfrom']);
        printerror("AddPlSuccess", $reurl, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Beispiel #2
0
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add)
{
    global $empire, $public_r, $class_r, $user_userid, $user_username, $user_password, $user_dopass, $user_tablename, $user_salt, $user_checked, $user_group, $dbtbpre, $level_r;
    //验证IP
    eCheckAccessDoIp('pl');
    $id = (int) $id;
    $repid = (int) $repid;
    $classid = (int) $classid;
    //验证码
    $keyvname = 'checkplkey';
    if ($public_r['plkey_ok']) {
        ecmsCheckShowKey($keyvname, $key, 1);
    }
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    $muserid = (int) getcvar('mluserid');
    $musername = RepPostVar(getcvar('mlusername'));
    $mgroupid = (int) getcvar('mlgroupid');
    if ($muserid) {
        $username = $musername;
    } else {
        if (empty($nomember)) {
            //编码转换
            $utfusername = doUtfAndGbk($username, 0);
            $password = doUtfAndGbk($password, 0);
            //密码
            if (empty($user_dopass)) {
                $password = md5($password);
            }
            if ($user_dopass == 3) {
                $password = substr(md5($password), 8, 16);
            }
            //双重md5
            if ($user_dopass == 2) {
                $ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . "," . $user_checked . "," . $user_group . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
                $password = md5(md5($password) . $ur[$user_salt]);
                $cuser = 0;
                if ($password == $ur[$user_password]) {
                    $cuser = 1;
                }
                if (empty($ur[$user_userid])) {
                    $cuser = 0;
                }
            } else {
                $ur = $empire->fetch1("select " . $user_userid . "," . $user_checked . "," . $user_group . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='{$password}' limit 1");
                $cuser = 0;
                if ($ur[$user_userid]) {
                    $cuser = 1;
                }
            }
            if (empty($cuser)) {
                printerror("FailPassword", "history.go(-1)", 1);
            }
            if ($ur[$user_checked] == 0) {
                printerror("NotCheckedUser", '', 1);
            }
            $muserid = $ur[$user_userid];
            $mgroupid = $ur[$user_group];
        } else {
            $muserid = 0;
        }
    }
    if ($public_r['plgroupid']) {
        if (!$muserid) {
            printerror("GuestNotToPl", "history.go(-1)", 1);
        }
        if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) {
            printerror("NotLevelToPl", "history.go(-1)", 1);
        }
    }
    if (!trim($saytext) || !$id || !$classid) {
        printerror("EmptyPl", "history.go(-1)", 1);
    }
    //表存在
    if (empty($class_r[$classid][tbname])) {
        printerror("ErrorUrl", "history.go(-1)", 1);
    }
    if (strlen($saytext) > $public_r[plsize]) {
        printerror("PlSizeTobig", "history.go(-1)", 1);
    }
    $saytime = date("Y-m-d H:i:s");
    $time = time();
    $pltime = getcvar('lastpltime');
    if ($pltime) {
        if ($time - $pltime < $public_r[pltime]) {
            printerror("PlOutTime", "history.go(-1)", 1);
        }
    }
    //是否关闭评论
    $r = $empire->fetch1("select classid,closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' and classid='{$classid}'");
    if (empty($r[classid])) {
        printerror("ErrorUrl", "history.go(-1)", 1);
    }
    if ($class_r[$r[classid]][openpl]) {
        printerror("CloseClassPl", "history.go(-1)", 1);
    }
    //单信息关闭评论
    if ($r['closepl']) {
        printerror("CloseInfoPl", "history.go(-1)", 1);
    }
    $sayip = egetip();
    $username = RepPostStr($username);
    $username = str_replace("\r\n", "", $username);
    $saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext)));
    $pr = $empire->fetch1("select plclosewords,plf,plmustf,pldeftb from {$dbtbpre}enewspublic limit 1");
    if ($repid) {
        if (trim($saytext) == "[quote]" . $repid . "[/quote]") {
            printerror("EmptyPl", "history.go(-1)", 1);
        }
        $saytext = RepPlTextQuote($repid, $saytext, $pr);
    }
    //过滤字符
    $saytext = ReplacePlWord($pr['plclosewords'], $saytext);
    //审核
    if ($class_r[$classid][checkpl]) {
        $checked = 1;
    } else {
        $checked = 0;
    }
    $ret_r = ReturnPlAddF($add, $pr, 0);
    //主表
    $sql = $empire->query("insert into {$dbtbpre}enewspl(username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,stb) values('" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'{$pr['pldeftb']}');");
    $plid = $empire->lastid();
    //副表
    $fsql = $empire->query("insert into {$dbtbpre}enewspl_data_" . $pr['pldeftb'] . "(plid,classid,id,saytext" . $ret_r['fields'] . ") values('{$plid}','{$classid}','{$id}','" . addslashes($saytext) . "'" . $ret_r['values'] . ");");
    //信息表加1
    $usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}'");
    //设置最后发表时间
    $set1 = esetcookie("lastpltime", time(), time() + 3600 * 24);
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        $reurl = DoingReturnUrl("../pl/?classid={$classid}&id={$id}", $_POST['ecmsfrom']);
        printerror("AddPlSuccess", $reurl, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}