Beispiel #1
0
/**
 * 模型在线投稿提交处理函数
 */
function modelpost($cacheinfo, $cp = 1)
{
    global $_SGLOBAL, $theurl, $_SCONFIG;
    include_once S_ROOT . './function/upload.func.php';
    $_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0;
    $itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0;
    $hash = '';
    $op = 'add';
    $resultitems = $resultmessage = array();
    $modelsinfoarr = $cacheinfo['models'];
    $columnsinfoarr = $cacheinfo['columns'];
    //获取等级信息
    if ($cacheinfo['models']['modelname'] == 'defect') {
        switch ($_POST['grade']) {
            case 1:
                $_POST['grade'] = '64';
                break;
            case 2:
                $_POST['grade'] = '32';
                break;
            case 3:
                $_POST['grade'] = '16';
                break;
            case 4:
                $_POST['grade'] = '9';
                break;
            case 5:
                $_POST['grade'] = '4';
                break;
            case 6:
                $_POST['grade'] = '1';
                break;
            case 7:
                $_POST['grade'] = '-1';
                break;
            case 8:
                $_POST['grade'] = '-2';
                break;
            case 9:
                $_POST['grade'] = '-3';
                break;
        }
        $gradearr = array('0' => $alang['general_state'], '64' => $alang['check_grade_1'], '32' => $alang['check_grade_2'], '16' => $alang['check_grade_3_1'], '9' => $alang['check_grade_3_2'], '4' => $alang['check_grade_3_3'], '1' => $alang['check_grade_4'], '-1' => $alang['check_grade_5'], '-2' => $alang['check_grade_6'], '-3' => $alang['check_grade_7']);
        if (!empty($_SCONFIG['checkgrade'])) {
            $newgradearr = explode("\t", $_SCONFIG['checkgrade']);
            $gradearr['64'] = $newgradearr[0];
            $gradearr['32'] = $newgradearr[1];
            $gradearr['16'] = $newgradearr[2];
            $gradearr['9'] = $newgradearr[3];
            $gradearr['4'] = $newgradearr[4];
            $gradearr['1'] = $newgradearr[5];
            $gradearr['-1'] = $newgradearr[6];
            $gradearr['-2'] = $newgradearr[7];
            $gradearr['-3'] = $newgradearr[8];
        }
    } else {
        $gradearr = array('0' => $alang['general_state'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5'], '6' => $alang['check_grade_6'], '7' => $alang['check_grade_7']);
        if (!empty($_SCONFIG['checkgrade'])) {
            $newgradearr = explode("\t", $_SCONFIG['checkgrade']);
            for ($i = 0; $i < count($newgradearr); $i++) {
                if (!empty($newgradearr[$i])) {
                    $gradearr[$i + 1] = $newgradearr[$i];
                }
            }
        }
    }
    if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) {
        showmessage('parameter_error');
    }
    $feedcolum = array();
    foreach ($columnsinfoarr as $result) {
        if ($result['isfixed'] == 1) {
            $resultitems[] = $result;
        } else {
            $resultmessage[] = $result;
        }
        if ($result['formtype'] == 'linkage') {
            if (!empty($_POST[$result['fieldname']])) {
                $_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]];
            }
        } elseif ($result['formtype'] == 'timestamp') {
            if (empty($_POST[$result['fieldname']])) {
                $_POST[$result['fieldname']] = $_SGLOBAL['timestamp'];
            } else {
                $_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]);
            }
        }
    }
    //更新用户最新更新时间
    if (empty($itemid) && $_SGLOBAL['supe_uid']) {
        updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid']));
    }
    //输入检查
    $_POST['catid'] = intval($_POST['catid']);
    $_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0;
    $_POST['subject'] = shtmlspecialchars(trim($_POST['subject']));
    //检查输入
    if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) {
        showmessage('space_suject_length_error');
    }
    if (empty($_POST['catid'])) {
        showmessage('admin_func_catid_error');
    }
    if (!empty($_FILES['subjectimage']['name'])) {
        $fileext = fileext($_FILES['subjectimage']['name']);
        if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) {
            showmessage('document_types_can_only_upload_pictures');
        }
    }
    //数据检查
    checkvalues(array_merge($resultitems, $resultmessage), 0, 1);
    //修改时检验标题图片是否修改
    $defaultmessage = array();
    if (!empty($itemid)) {
        if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) {
            //当file删除时,或修改时执行删除操作
            $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\'');
            $defaultmessage = $_SGLOBAL['db']->fetch_array($query);
            $hash = getmodelhash($_GET['mid'], $itemid);
            deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage'));
            //删除附件表
            updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid));
            $ext = fileext($defaultmessage['subjectimage']);
            if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
                @unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg');
            }
            @unlink(A_DIR . '/' . $defaultmessage['subjectimage']);
        }
    }
    //构建数据
    $setsqlarr = $setitemsqlarr = array();
    $setsqlarr = getsetsqlarr($resultitems);
    $setsqlarr['catid'] = $_POST['catid'];
    $setsqlarr['subject'] = $_POST['subject'];
    $setsqlarr['allowreply'] = $_POST['allowreply'];
    $setsqlarr['grade'] = intval($_POST['grade']);
    //modify by jyf,没权限的用户不能改审核等级
    if ($setsqlarr['grade'] > 0) {
        if (!checkperm('manageeditpost')) {
            showmessage('no_permission');
        }
    }
    //end
    $setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
    $setsqlarr['uid'] = $_SGLOBAL['supe_uid'];
    $setsqlarr['username'] = $_SGLOBAL['supe_username'];
    $setsqlarr['lastpost'] = $setsqlarr['dateline'];
    $modelsinfoarr['subjectimagewidth'] = 400;
    $modelsinfoarr['subjectimageheight'] = 300;
    if (!empty($modelsinfoarr['thumbsize'])) {
        $modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize']));
        $modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0];
        $modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1];
    }
    $uploadfilearr = $ids = array();
    $subjectimageid = '';
    $uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']);
    if (!empty($uploadfilearr)) {
        $feedsubjectimg = $uploadfilearr;
        foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
            if (empty($tmpvalue['error'])) {
                $setsqlarr[$tmpkey] = $tmpvalue['filepath'];
            }
            if (!empty($tmpvalue['aid'])) {
                $ids[] = $tmpvalue['aid'];
            }
        }
    }
    //词语过滤
    if (!empty($modelsinfoarr['allowfilter'])) {
        $setsqlarr = scensor($setsqlarr, 1);
    }
    //发布时间
    if (empty($_POST['dateline'])) {
        $setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
    } else {
        $setsqlarr['dateline'] = sstrtotime($_POST['dateline']);
        if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) {
            //不能早于2年
            $setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
        }
    }
    //附件处理-by jyf
    if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
        $setsqlarr['attaches'] = implode(',', $_POST['divupload']);
    }
    //创新园地新增两个字段-------89184
    if ($cacheinfo['models']['modelname'] == 'creative') {
        if (empty($_POST['creative_value'])) {
            showmessage('请输入创新价值说明');
        }
        if (empty($_POST['creative_days'])) {
            showmessage('本创新所耗的工作量');
        }
        $setsqlarr['value'] = $_POST['creative_value'];
        $setsqlarr['days'] = $_POST['creative_days'];
    }
    if (!checkperm('allowdirectpost') || checkperm('managemodpost')) {
        //不需要审核时入item表
        if (empty($itemid)) {
            //插入数据
            $itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1);
            //取消邮件通知                    --89184
            $email = get_cate_mail($_POST['catid']);
            $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
            if ($_POST['modelname'] == 'creative') {
                if ($_POST['creative_type'] == '流程建议') {
                    $email = $email . ',' . get_cate_process_mail($setsqlarr['catid']);
                }
            }
            $emails = explode(',', $email);
            if (count($emails) > 0) {
                include S_ROOT . './function/sendmail.fun.php';
                $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
                if ($cacheinfo['models']['modelname'] == 'creative') {
                    $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的创新:<br />' . $url1;
                    sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的创新《' . $_POST['subject'] . "》", $msg1);
                } else {
                    if ($cacheinfo['models']['modelname'] == 'defect') {
                        $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例:<br />' . $url1;
                        sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例《' . $_POST['subject'] . "》", $msg1);
                    }
                }
            }
        } else {
            //更新
            $op = 'update';
            unset($setsqlarr['uid']);
            unset($setsqlarr['username']);
            unset($setsqlarr['lastpost']);
            if ($setsqlarr['grade'] > 0) {
                $setsqlarr['shenhezhe'] = $_SGLOBAL['supe_username'];
                if ($_POST['modelname'] == 'creative') {
                    if ($_POST['creative_type'] == '主管月度创新') {
                        if (!check_cate_director($setsqlarr['catid'])) {
                            showmessage('no_permission');
                        }
                    }
                }
            }
            updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid));
            $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\'');
            $defaultmessage = $_SGLOBAL['db']->fetch_array($query);
            //邮件通知--等级审核
            if ($setsqlarr['grade'] > 0) {
                $sqlstr = 'SELECT u.*, s.* FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' s LEFT JOIN ' . tname('members') . ' u ON u.uid=s.uid WHERE s.itemid=\'' . $itemid . '\'';
                $query = $_SGLOBAL['db']->query($sqlstr);
                $value = $_SGLOBAL['db']->fetch_array($query);
                $email = $value['email'];
                if (!empty($email)) {
                    include S_ROOT . './function/sendmail.fun.php';
                    $url = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
                    $emails = explode(',', $email);
                    if ($_POST['modelname'] == 'creative') {
                        $msg = '你的创新已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
                    } else {
                        $msg = '你的缺陷预防案例已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
                    }
                    sendmail($emails, $setsqlarr['subject'], $msg);
                }
            }
        }
        if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
            $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=1, type=\'' . $modelsinfoarr['modelname'] . '\', itemid=' . $itemid . ', catid=\'' . $_POST['catid'] . '\' WHERE hash=\'' . $_POST['hash'] . '\'');
        }
        $hash = getmodelhash($_POST['mid'], $itemid);
        if (!empty($ids)) {
            $ids = simplode($ids);
            $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
        }
        $do = 'pass';
    } else {
        if (!empty($uploadfilearr['subjectimage']['aid'])) {
            $subjectimageid = $uploadfilearr['subjectimage']['aid'];
        }
        $setitemsqlarr = $setsqlarr;
        $do = 'me';
    }
    if ($op == 'update') {
        if (!empty($resultmessage)) {
            foreach ($resultmessage as $value) {
                if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) {
                    if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) {
                        //当file删除时,或修改时执行删除操作
                        deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname']));
                        //删除附件表
                        updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid']));
                        $ext = fileext($defaultmessage[$value['fieldname']]);
                        if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
                            @unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg');
                        }
                        @unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]);
                    }
                }
            }
        }
    }
    //内容
    $setsqlarr = $uploadfilearr = $ids = array();
    $setsqlarr = getsetsqlarr($resultmessage);
    $uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0);
    $setsqlarr['message'] = trim($_POST['message']);
    $setsqlarr['postip'] = $_SGLOBAL['onlineip'];
    if (!empty($uploadfilearr)) {
        foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
            if (empty($tmpvalue['error'])) {
                $setsqlarr[$tmpkey] = $tmpvalue['filepath'];
            }
            if (!empty($tmpvalue['aid'])) {
                $ids[] = $tmpvalue['aid'];
            }
        }
    }
    //添加内容
    if (!empty($modelsinfoarr['allowfilter'])) {
        $setsqlarr = scensor($setsqlarr, 1);
    }
    if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') {
        //不需要审核时入message表
        if ($op == 'add') {
            $setsqlarr['itemid'] = $itemid;
            //添加内容
            inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr);
            getreward('postinfo');
            if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) {
                $feed['icon'] = 'comment';
                $feed['title_template'] = 'feed_model_title';
                $murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
                $aurl = A_URL;
                if (empty($_SCONFIG['siteurl'])) {
                    $siteurl = getsiteurl();
                    $murl = $siteurl . $murl;
                    $aurl = $siteurl . $aurl;
                } else {
                    $siteurl = S_URL_ALL;
                }
                $feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>');
                $feed['body_template'] = 'feed_model_message';
                $feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150));
                if (!empty($feedsubjectimg)) {
                    $feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl);
                } else {
                    foreach ($feedcolum as $feedimgvalue) {
                        if ($feedimgvalue['filepath']) {
                            $feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl);
                            break;
                        }
                    }
                    if (empty($feed['images'])) {
                        $picurl = getmessagepic(stripslashes($_POST['message']));
                        if ($picurl && strpos($picurl, '://') === false) {
                            $picurl = $siteurl . '/' . $picurl;
                        }
                        if (!empty($picurl)) {
                            $feed['images'][] = array('url' => $picurl, 'link' => $murl);
                        }
                    }
                }
                postfeed($feed);
            }
        } else {
            //更新内容
            updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid));
        }
        updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash));
        if (checkperm('allowdirectpost') && $op == 'update') {
            deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1);
        }
        if (checkperm('allowdirectpost') && $op == 'update') {
            $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
            showmessage('writing_success_online_please_wait_for_audit', $jpurl);
        } else {
            $jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
            showmessage('online_contributions_success', $jpurl);
        }
    } else {
        $setsqlarr = array_merge($setitemsqlarr, $setsqlarr);
        $setsqlarr['addfeed'] = $_POST['addfeed'];
        $setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1);
        if (!empty($_POST['itemid'])) {
            $itemid = intval($_POST['itemid']);
            updatetable('modelfolders', $setsqlarr, array('itemid' => $itemid));
        } else {
            $itemid = inserttable('modelfolders', $setsqlarr, 1);
        }
        if (!empty($subjectimageid)) {
            $ids[] = $subjectimageid;
        }
        if (!empty($ids)) {
            $ids = simplode($ids);
            $hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT);
            $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
        }
        $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
        showmessage('writing_success_online_please_wait_for_audit', $jpurl);
    }
}
Beispiel #2
0
        showmessage('no_modify_checked_item');
    }
    if (!(check_cate_perm($catid) || check_cate_director($catid) || $_SGLOBAL['supe_uid'] == $thevalue['uid'])) {
        showmessage('no_permission');
    }
    $theurl = "?action-model-name-" . $modelsinfoarr['modelname'] . "-mid-" . $modelsinfoarr['mid'] . "-catid-" . $catid . "-itemid-" . $itemid;
    modelpost($cacheinfo2);
} else {
    if (submitcheck('shenhesubmit')) {
        $itemid = intval($_POST['itemid']);
        $query = $_SGLOBAL['db']->query('SELECT * FROM ' . $tablename . ' WHERE itemid=\'' . $itemid . '\'');
        $thevalue = $_SGLOBAL['db']->fetch_array($query);
        if (intval($thevalue['grade']) > 0 && $_SGLOBAL['member']['groupname']['rdm'] < 1) {
            showmessage('no_modify_checked_item');
        }
        if (!(check_cate_perm($catid) || check_cate_director($catid) || $_SGLOBAL['supe_uid'] == $thevalue['uid'])) {
            showmessage('no_permission');
        }
        $theurl = "?action-model-name-" . $modelsinfoarr['modelname'] . "-mid-" . $modelsinfoarr['mid'] . "-catid-" . $catid . "-itemid-" . $itemid;
        if ($modelsinfoarr['modelname'] == 'defect') {
            $sqlstr = "UPDATE " . tname($modelsinfoarr['modelname'] . 'message') . " SET checkmessage='" . $_POST['checkmessage'] . "' WHERE itemid='" . $itemid . "'";
        } else {
            $sqlstr = "UPDATE " . tname($modelsinfoarr['modelname'] . 'message') . " SET shenhe_description='" . $_POST['shenhe_description'] . "' WHERE itemid='" . $itemid . "'";
        }
        $_SGLOBAL['db']->query($sqlstr);
        $sqlstr = "UPDATE " . tname($modelsinfoarr['modelname'] . 'items') . " SET grade='" . $_POST['grade'] . "' ,shenhezhe='" . $_SGLOBAL['supe_username'] . "' WHERE itemid='" . $itemid . "'";
        $_SGLOBAL['db']->query($sqlstr);
        showmessage('do_success', $theurl);
    } else {
        if (submitcheck('donesubmit')) {
            $grade = $_POST['grade'];