/** * 保存新回复 * @param: NULL * @return: NULL * @access: public */ public function run() { //取得主题的id $topic_id = $this->getParameterFromPOST('id'); //验证帖子的是否存在 if (!TopicUtil::isExists($this->db, $topic_id)) { $this->AlertAndBack(TOPIC_IS_NOT_EXISTS); return; } //验证帖子的状态 $status = TopicUtil::getTopicStatus($this->db, $topic_id); //注意状态为3,则为帖子被锁定,不能回复了。 if ($status == 2) { $this->AlertAndBack(TOPIC_HAD_BE_CLOSED); return; } else { if ($status == 3) { $this->AlertAndBack(TOPIC_HAD_BE_LOCK); return; } } //取得版块的id $bbs_id = TopicUtil::getLayoutId($this->db, $topic_id); if (!$bbs_id) { $this->forward('index.php'); } //验证论坛是否存在 if (!LayoutUtil::isExists($this->db, $bbs_id)) { //论坛不存在,则转向首页 $this->forward('index.php'); } //更新用户在本版的信息 LayoutUtil::updateOnlineUser($this->db, $bbs_id); $bbs_status = LayoutUtil::getLayoutStatus($this->db, $bbs_id); if ($bbs_status == 1 && !isset($_SESSION['user'])) { $this->AlertAndForward(SNT_NEED_LOGIN, 'index.php?module=user&action=showlogin'); return; } else { if ($bbs_status == 2) { $this->AlertAndForward(SNT_LAYOUT_WAS_CLOSED, 'index.php'); return; } else { if ($bbs_status == 3) { //等于三不允许发帖 $this->AlertAndBack(SNT_NOW_ALLOW_NEW_TOPIC); return; } else { if (LayoutUtil::isClosedByParent($this->db, $bbs_id)) { $this->AlertAndForward(SNT_LAYOUT_WAS_CLOSED, 'index.php'); return; } } } } //取得各种参数 //帖子的表情 $express = $this->getParameterFromPost('express'); //上传的帖子标题 $title = $this->getParameterFromPost('title'); //上传的内容 $content = $this->getParameterFromPost('content'); //记录在Session里 $_SESSION['temp_title'] = $title; $_SESSION['temp_content'] = $content; $_SESSION['temp_express'] = $express; //看文件是否有文件上传 if ($_FILES['attach']['tmp_name']) { //用户有上传文件 if ($_FILES['attach']['type'] != 'image/gif' && $_FILES['attach']['type'] != 'image/jpeg' && $_FILES['attach']['type'] != 'image/jpg' && $_FILES['attach']['type'] != 'image/pjpeg' && $_FILES['attach']['type'] != 'image/png') { $this->AlertandBack(ST_PHONE_FILE_LIMIT); } //判断上传的文件大小是否合乎要求 if ($_FILES['attach']['size'] > 1048576) { $this->AlertAndBack(ST_PHONE_FILE_SIZE_LIMIT); return; } } //回复标题可以为空 //如果标题为空,则自动生成一个标题 if (!$title || strlen($title) <= 0) { $sql = 'select title from bbs_subject where id=?'; $sth = $this->db->Prepare($sql); $res = $this->db->Execute($sth, array($topic_id)); $rows = $res->FetchRow(); $title = "Re:" . $rows['title']; } /* if ( strlen($title) > 143 ) { $this->AlertAndBack(ST_TITLE_TOO_LONG); return; }*/ if (!$content || strlen($content) <= 0) { $this->AlertAndBack(ST_CONTENT_IS_EMPTY); return; } //插入新回复 $ip_temp = getIp(); $ip = $ip_temp['ip']; $user_name = $_SESSION['user']['name']; $now = time(); $sql = 'insert into bbs_reply ( layout_id, title, author, content, post_ip, ' . 'post_date, express, subject_id ) values (?, ?, ?, ?, ?, ?, ?, ?) '; $sth = $this->{'db'}->Prepare($sql); $this->{'db'}->Execute($sth, array($bbs_id, $title, $user_name, $content, $ip, $now, $express, $topic_id)); if ($this->{'db'}->ErrorNo()) { $this->AlertAndBack($this->{'db'}->ErrorMsg()); return; } //得到最后的id $insert_id = $this->{'db'}->Insert_id(); if ($_FILES['attach']['tmp_name']) { //取得文件的大小 list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['attach']['tmp_name']); //判断文件的类型 switch ($image_type) { case 1: $image_left_type = '.gif'; break; case 2: $image_left_type = '.jpg'; break; case 3: $image_left_type = '.png'; break; } //存储的文件名 $file_name = ROOT_PATH . 'upload/attach/reply/' . $insert_id . $image_left_type; if (!move_uploaded_file($_FILES['attach']['tmp_name'], $file_name)) { $sql = 'delete from bbs_reply where id=?'; $sth = $this->{'db'}->Prepare($sql); $this->{'db'}->Execute($sth, array($insert_id)); $this->AlertAndBack(ST_UPLOAD_ERROR); return; } else { $sql = 'insert into bbs_reply_attach (reply_id, file_type) ' . ' values (?, ?)'; $sth = $this->{'db'}->Prepare($sql); $this->{'db'}->Execute($sth, array($insert_id, $image_left_type)); } } unset($_SESSION['temp_title']); unset($_SESSION['temp_content']); unset($_SESSION['temp_express']); //发送短信,通知各个用户有回复了你的帖子 //发送邮件,通知各个用户有回复了你的帖子 $mail_user = array(); $message_user = array(); $sql = 'select a.author, b.user_email, b.id from bbs_subject a join ' . ' base_user_info b on a.author = b.user_name ' . ' join user_setting c on b.id=c.user_id where a.id=? and c.user_whether_receive_email=1'; $sth = $this->db->Prepare($sql); $res = $this->db->Execute($sth, array($topic_id)); $rows = $res->FetchRow(); if ($rows['id']) { $mail_user[] = $rows['user_email']; } $sql = 'select distinct a.author, b.user_email, b.id from bbs_reply a join base_user_info b ' . ' on a.author = b.user_name join user_setting c on b.id=c.user_id ' . ' where a.subject_id=? and c.user_whether_receive_email=1'; $sth = $this->db->Prepare($sql); $res = $this->db->Execute($sth, array($topic_id)); while ($rows = $res->FetchRow()) { if ($rows['id']) { $mail_user[] = $rows['user_email']; } } $mail_user = array_unique($mail_user); //计算发送短信的用户数组 $sql = 'select a.author, b.id from bbs_subject a join ' . ' base_user_info b on a.author = b.user_name ' . ' join user_setting c on b.id=c.user_id where a.id=? and c.receive_system_message=1'; $sth = $this->db->Prepare($sql); $res = $this->db->Execute($sth, array($topic_id)); $rows = $res->FetchRow(); if ($rows['id']) { $message_user[] = $rows['id']; } $sql = 'select distinct a.author, b.id from bbs_reply a join base_user_info b ' . ' on a.author = b.user_name join user_setting c on b.id=c.user_id ' . ' where a.subject_id=? and c.receive_system_message=1'; $sth = $this->db->Prepare($sql); $res = $this->db->Execute($sth, array($topic_id)); while ($rows = $res->FetchRow()) { if ($rows['id']) { $message_user[] = $rows['id']; } } $message_user = array_unique($message_user); //开始发送邮件 $to_address = implode(',', $mail_user); $mail_content = ST_MAIL_CONTENT . "\n\n"; $mail_content .= ROOT_URL . 'index.php?module=bbs&action=viewtopic&id=' . $topic_id . "\n\n"; $headers = "To:" . $to_address . "\r\n"; $headers .= "From:" . WEBSITE_EMAIL . "\r\n"; //发送邮件: @mail($to_address, ST_MAIL_SUBJECT, $mail_content, $headers); //发送短消息 //发件人 $sender = '0'; $message_content = ST_MESSAGE_CONTENT . "\n"; $now = getNoFormateCurrentDate(); $message_content .= "[url=" . 'index.php?module=bbs&action=viewtopic&id=' . $topic_id . "][color=red]" . ST_CLICK_HERE . "[/color]" . "[/url]"; $sql = 'insert into message_inbox ( user_id, send_user_id, title, receive_time, content ) ' . ' values ( ?, ?, ?, ?, ?) '; $sth = $this->db->Prepare($sql); foreach ($message_user as $user) { $this->db->Execute($sth, array($user, $sender, ST_MAIL_SUBJECT, $now, $message_content)); } $now = time(); //更新主题的最后更新时间 $update_sql = 'update bbs_subject set last_access_date=?,reply_number=reply_number+1 where id=?'; $sth = $this->db->Prepare($update_sql); $this->db->Execute($sth, array($now, $topic_id)); //求这个回帖的位置所在的位置 $sort_number = TopicUtil::getSortNumber($this->db, $topic_id, $insert_id); $page = ceil($sort_number / $this->pre_page); //这里还有很多的工作需要做 $this->TipsAndForward(ST_SAVE_REPLY_SUCCESS, 'index.php?module=bbs&action=viewtopic&id=' . $topic_id . '&page=' . $page . '#topic' . $sort_number); }
/** * user's access log * @param: $module access module * @param: $actoin access action * @return: NULL * @access; private */ private function recordUserAction($module = 'bbs', $action = 'default') { $ip = getenv('REMOTE_ADDR'); if (!$ip) { $ip = 'not get'; } $username = $_SESSION['user']['name']; if (!$username) { $username = $ip; } $now = time(); $db = DB::getConnection(); if (!$db) { header("Content-type:text/html;charset=UTF-8"); die("Can't not connection the database"); } // update online user status // after 45 minitues, if user have not any action, we must // beleive this guys had gnone aways. //记录访问计数器 $sql = 'select count(*) as num from online_user where session_id=?'; $sth = $db->prepare($sql); $res = $db->Execute($sth, array(session_id())); $rows = $res->FetchRow(); if (!$rows['num']) { //如果没有记录则我们需要记录该用户的反问计数器 $count = $rows['num']; $sql = 'update total_count set total_count=total_count + 1 where id=1'; $db->execute($sql); //记录当天的访问数 $sql = 'select count(*) as num from web_count where count_date=?'; $date_array = getdate(); $now_date = $date_array['year'] . '-' . $date_array['mon'] . '-' . $date_array['mday']; $sth = $db->prepare($sql); $res = $db->Execute($sth, array($now_date)); $rows = $res->FetchRow(); if (!$rows['num']) { $sql = 'insert into web_count (count_date, access_number ) values (?, ? ) '; $sth = $db->prepare($sql); $db->execute($sth, array($now_date, 1)); } else { $sql = 'update web_count set access_number = access_number + 1 where ' . ' count_date=? '; $sth = $db->prepare($sql); $db->execute($sth, array($now_date)); } } $session_id = session_id(); $sql = 'select count(*) as num from online_user where lower(user_name)=?'; $stmt = $db->prepare($sql); $res = $db->Execute($stmt, array(isset($_SESSION['user']) ? strtolower($_SESSION['user']['name']) : strtolower($session_id))); $rows = $res->FetchRow(); if ($rows['num']) { $update_sql = 'update online_user set access_time=? where session_id=?'; $update_stmt = $db->prepare($update_sql); $db->Execute($update_stmt, array(time(), $session_id)); } else { $user_name = $session_id; if (isset($_SESSION['user'])) { $user_name = $_SESSION['user']['name']; } $ip = getenv('REMOTE_ADDR'); $insert_sql = 'insert into online_user (user_name, user_ip, connect_time, access_time, session_id) values (?, ?, ?, ?, ? )'; $insert_stmt = $db->prepare($insert_sql); $db->Execute($insert_sql, array($user_name, $ip, time(), time(), $session_id)); } // recored these user for logout $now = time(); $sql = 'select user_name from online_user where access_time + 2700 < ? '; $sth = $db->Prepare($sql); $res = $db->Execute($sth, array($now)); while ($rows = $res->FetchRow()) { $user_id = UserUtil::getUserId($db, $rows['user_name']); $temp_sql = 'select count(*) as num from user_last_time_logout where user_id=?'; $temp_sth = $db->Prepare($temp_sql); $temp_res = $db->Execute($temp_sth, array($user_id)); $temp_rows = $temp_res->FetchRow(); if ($temp_rows['num']) { $update_sql = 'update user_last_time_logout set last_time=? where user_id=?'; $update_sth = $db->Prepare($update_sql); $db->Execute($update_sth, array($now, $user_id)); } else { $insert_sql = 'insert into user_last_time_logout (user_id, ' . ' last_time) values (?, ?)'; $insert_sth = $db->Prepare($insert_sql); $db->Execute($insert_sth, array($user_id, $now)); } } // delte all user that had gnone away. $sql = 'delete from online_user where access_time + 2700 < ? '; $stmt = $db->prepare($sql); $db->Execute($stmt, array($now)); //记录最大同时在线的人数 $sql = 'select count(*) as num from online_user '; $res = $db->Execute($sql); $rows = $res->FetchRow(); $online_user_number = $rows['num']; //看看目前最大的用户同时在线数 $sql = 'select online from max_online_user where id=1'; $res = $db->Execute($sql); $rows = $res->FetchRow(); if (!$rows['online']) { $sql = 'insert into max_online_user (id, online, online_date ) values (?, ?, ?)'; $sth = $db->prepare($sql); $db->Execute($sth, array(1, $online_user_number, getNoFormateCurrentDate())); } else { if ($rows['online'] < $online_user_number) { $sql = 'update max_online_user set online=?, online_date=? where id=?'; $sth = $db->prepare($sql); $db->Execute($sth, array($online_user_number, getNoFormateCurrentDate(), 1)); } } return; }
/** * 保存编辑后的帖子 * @param: NULL * @return: NULL * @access: public */ public function run() { //收集变量 $topic = $this->getParameterFromPOST('topic'); $id = $this->getParameterFromPOST('id'); $title = $this->getParameterFromPOST('title'); $content = $this->getParameterFromPOST('content'); $express = $this->getParameterFromPOST('express'); $delattach = $this->getParameterFromPOST('delattach'); if (!$title || strlen($title) <= 0) { $this->AlertAndBack(SE_TITLE_IS_EMPTY); return; } /* if ( strlen($title) > 140 ) { $this->AlertAndBack(SE_TITLE_TOO_LONG); return; }*/ if (!$content || strlen($content) <= 0) { $this->AlertAndBack(SE_CONTENT_IS_EMPTY); return; } //做出基本的判断/*{{{*/ if (!$id) { $this->AlertandBack(SE_NO_TOPIC_ID); return; } //找出这个帖子所在的版块的id, 作者。 $layout_id = 0; $author = ''; if ($topic) { //如果是主题 $sql = 'select layout_id, author from bbs_subject where id=?'; $sth = $this->db->prepare($sql); $res = $this->db->execute($sth, array($id)); $rows = $res->FetchRow(); $layout_id = $rows['layout_id']; $author = $rows['author']; } else { $sql = 'select layout_id, author from bbs_reply where id=?'; $sth = $this->db->prepare($sql); $res = $this->db->execute($sth, array($id)); $rows = $res->FetchRow(); $layout_id = $rows['layout_id']; $author = $rows['author']; } if (!$layout_id) { //保存的帖子根本不存在。 $this->AlertAndBlack(SE_TOPIC_IS_NOT_EXISTS); return; } //判断用户是否可以编辑 if ($topic) { //如果等于1,则为主题 //如果存在,则判断用户是否有权利修改 $sql = 'select author, layout_id from bbs_subject where id=?'; $sth = $this->db->Prepare($sql); $res = $this->db->Execute($sth, array($id)); $rows = $res->FetchRow(); $user_name = $rows['author']; $bbs_id = $rows['layout_id']; $user_can_be_edit = 0; if (strtolower($_SESSION['user']['name']) == strtolower($user_name)) { $user_can_be_edit = 1; } else { if (strtolower($_SESSION['user']['name']) != strtolower($user_name)) { //判断用户是否是这个版块的版主。 $dep = UserUtil::getUserDep($db, $_SESSION['user']['name']); if ($dep == 1 || $dep == 2) { $user_can_be_edit = 1; } else { if ($dep == 3) { $user_can_be_edit = UserUtil::isThisLayoutAdmin($db, $id, $_SESSION['user']['name']); } } } } if (!$user_can_be_edit) { $this->AlertAndBack(SE_YOU_HAVE_NO_PRIVIATE); return; } } else { //$topic 为其他值,那么就是回帖,而不是主题 $sql = 'select author, subject_id, layout_id from bbs_reply where id=?'; $sth = $this->db->Prepare($sql); $res = $this->db->Execute($sth, array($id)); $rows = $res->FetchRow(); if (!$rows['author']) { $this->AlertAndBack(SE_TOPIC_ID_IS_NOT_EXISTS); return; } //如果存在, //则判断用户是否有权限 $user_name = $rows['author']; $subject_id = $rows['subject_id']; $bbs_id = $rows['layout_id']; $user_can_be_edit = 0; if (strtolower($_SESSION['user']['name']) == strtolower($user_name)) { $user_can_be_edit = 1; } else { if (strtolower($_SESSION['user']['name']) != strtolower($user_name)) { //判断用户是否是这个版块的版主。 $dep = UserUtil::getUserDep($db, $_SESSION['user']['name']); if ($dep == 1 || $dep == 2) { $user_can_be_edit = 1; } else { if ($dep == 3) { $user_can_be_edit = UserUtil::isThisLayoutAdmin($db, $subject_id, $_SESSION['user']['name']); } } } } if (!$user_can_be_edit) { $this->AlertAndBack(SE_YOU_HAVE_NO_PRIVIATE); return; } } /*}}}*/ //判断做完了,则可以开始进行更新了。 //求现在的时间 $now = getNoFormateCurrentDate(); if ($topic) { $user_name = $_SESSION['user']['name']; $sql = 'update bbs_subject set title=?, content=?, express=?, is_edit=1, ' . ' edit_user=?, edit_time=? where id=?'; $sth = $this->db->prepare($sql); $this->db->execute($sth, array($title, $content, $express, $user_name, $now, $id)); if ($this->db->ErrorNo()) { $this->AlertAndBack($this->db->ErrorMsg()); return; } if ($delattach) { //删除这个附件 $sql = 'select file_type from bbs_subject_attach where subject_id=?'; $sth = $this->db->prepare($sql); $res = $this->db->execute($sth, array($id)); $rows = $res->FetchRow(); $file_type = $rows['file_type']; $del_sql = 'delete from bbs_subject_attach where subject_id=?'; $sth = $this->db->prepare($del_sql); $this->db->execute($sth, array($id)); //删除文件。 $filename = ROOT_PATH . 'upload/attach/' . $id . $file_type; unlink($filename); } } else { $user_name = $_SESSION['user']['name']; $sql = 'update bbs_reply set title=?, content=?, express=?, is_edit=1, ' . ' edit_user=?, edit_time=? where id=?'; $sth = $this->db->prepare($sql); $this->db->execute($sth, array($title, $content, $express, $user_name, $now, $id)); if ($this->db->ErrorNo()) { $this->AlertAndBack($this->db->ErrorMsg()); return; } if ($delattach) { //删除这个附件 $sql = 'select file_type from bbs_reply_attach where reply_id=?'; $sth = $this->db->prepare($sql); $res = $this->db->execute($sth, array($id)); $rows = $res->FetchRow(); $file_type = $rows['file_type']; $del_sql = 'delete from bbs_reply_attach where reply_id=?'; $sth = $this->db->prepare($del_sql); $this->db->execute($sth, array($id)); //删除文件。 $filename = ROOT_PATH . 'upload/attach/reply/' . $id . $file_type; unlink($filename); } } //编辑成功后,返回当时的页面 if ($topic) { //如果是主页 //则返回第一页 $this->TipsAndForward(SE_SAVE_EDIT_SUCCESS, 'index.php?module=bbs&action=viewtopic&id=' . $id); return; } else { //不是主题 //则是回复 //求这个回帖的位置所在的位置 $sql = 'select subject_id from bbs_reply where id=?'; $sth = $this->db->prepare($sql); $res = $this->db->Execute($sth, array($id)); $rows = $res->FetchRow(); $sort_number = TopicUtil::getSortNumber($this->db, $rows['subject_id'], $id); $page = ceil($sort_number / 10); //这里还有很多的工作需要做 $this->TipsAndForward(SE_SAVE_EDIT_SUCCESS, 'index.php?module=bbs&action=viewtopic&id=' . $rows['subject_id'] . '&page=' . $page . '#topic' . $sort_number); } }
/** * 保存用户发送的短消息 * @param: NULL * @return: NULL * @access: public */ public function run() { //求得用户的id $user_id = UserUtil::getUserId($this->db, $_SESSION['user']['name']); //收集变量,并对每个变量进行一定的判断 //接收用户 $receive_user = $this->getParameterFromPOST('username'); if (!$receive_user) { $this->AlertAndBack(RECEIVE_USER_IS_NULL); return; } //短消息标题 $title = $this->getParameterFromPOST('title'); if (!$title) { $this->AlertAndBack(TITLE_IS_NULL); return; } if (strlen($title) > 150) { $this->AlertAndBack(TITLE_LENGTH_IS_TO_LONGER); return; } //短消息的内容 $content = $this->getParameterFromPOST('content'); if (!$content) { $this->AlertAndBack(CONTENT_IS_NULL); return; } $user_array = preg_split('/,/', $receive_user); $faild_array = array(); foreach ($user_array as $user_item) { $sql = 'select count(*) as num from base_user_info where user_name=?'; $sth = $this->db->Prepare($sql); $res = $this->db->Execute($sth, array(strtolower($user_item))); $rows = $res->FetchRow(); if ($rows['num']) { $receive_user_id = UserUtil::getUserId($this->db, $user_item); $now_time = getNoFormateCurrentDate(); //开始发送短消息 $sql = 'insert into message_inbox (user_id, send_user_id, title, receive_time, ' . 'content) values (?, ?, ?, ?, ?)'; $sth = $this->db->Prepare($sql); $this->db->Execute($sth, array($receive_user_id, $user_id, $title, $now_time, $content)); //开始向用户自己的发件箱插入一条记录。 $sql = 'insert into message_outbox ( user_id, receive_user_id, title, send_time, ' . ' content ) values ( ?, ?, ?, ?, ?)'; $sth = $this->db->Prepare($sql); $this->db->Execute($sth, array($user_id, $receive_user_id, $title, $now_time, $content)); } else { $faild_array[] = $user_item; } } //接收回转的URL $back_url = $this->getParameterFromPOST('backurl'); $user_failed_string = ''; $show_message = SE_SEND_SUCCESS; if (!empty($faild_array)) { $user_failed_string = implode(',', $faild_array); $show_message .= "<br><br>" . HAVE_THOSE_FAILED . ":<br>" . $user_failed_string . "<br>"; } if (!$back_url) { $this->TipsAndForward($show_message, 'index.php?module=message&action=send'); } else { $back_url = base64_decode($back_url); $this->TipsAndForward($show_message, $back_url); } return; }
/** * 显示用户发送短信的界面 */ public function run() { $id = $this->getParameterFromPOST('id'); $type = $this->getParameterFromPOST('type'); if ($type != 'topic') { $type = 'topic'; } // //拿到userid $user_id = UserUtil::getUserId($this->db, $_SESSION['user']['name']); $favor_dir = $this->getParameterFromPOST('favor_dir'); $add_new_favor_dir = $this->getParameterFromPOST('add_new_favor_dir'); if ($add_new_favor_dir) { //我们将添加一个收藏目录 $sql = 'insert into favor_dir ( user_id, dir_name ) values (?, ?)'; $stmt = $this->db->prepare($sql); $this->db->Execute($stmt, array($user_id, $add_new_favor_dir)); $favor_dir = $this->db->Insert_ID(); } else { //检查用户选择的收藏目录ID $sql = 'select count(*) as num from favor_dir where user_id=? and id=?'; $stmt = $this->db->Prepare($sql); $res = $this->db->Execute($stmt, array($user_id, $favor_dir)); $rows = $res->FetchRow(); if (!$rows['num']) { $this->AlertAndBack(SF_FAVOR_DIR_NOT_BE_CHOICE); return; } } //检查用户传入的topic是否存在 $sql = 'select count(*) as num from bbs_subject where id=?'; $stmt = $this->db->prepare($sql); $res = $this->db->Execute($stmt, array($id)); $rows = $res->FetchRow(); if (!$rows['num']) { $this->AlertAndForward(SF_TOPIC_IS_NOT_EXISTS); return; } $back_url = $this->getParameterFromPOST('backurl'); //检查是否已经添加了该收藏到指定的目录中了 $sql = 'select count(*) as num from favor where user_id=? and dir_id=? and ' . ' type=? and favor_id=? '; $stmt = $this->db->prepare($sql); $res = $this->db->execute($stmt, array($user_id, $favor_dir, $type, $id)); $rows = $res->FetchRow(); if ($rows['num']) { $this->AlertAndForward(SF_FAVOR_HAD_BEEN_ADD, base64_decode($back_url)); return; } //加入收藏 $sql = 'insert into favor (user_id, dir_id, type, favor_id, add_date ) ' . ' values (?, ?, ?, ?, ?) '; $stmt = $this->db->prepare($sql); $this->db->Execute($stmt, array($user_id, $favor_dir, $type, $id, getNoFormateCurrentDate())); if ($this->db->ErrorNo()) { $this->AlertAndForward($this->db->ErrorMsg()); return; } else { $this->TipsAndForward(SF_ADD_SUCCESS, base64_decode($back_url)); return; } }
/** * 处理用户的注册请求 * @param: NULL * @return: NULL * @access; public */ public function run() { /** * 现判断用户是否已经登录, * 如果已经登录,则不能再次注册 */ if (isset($_SESSION['user'])) { $this->AlertAndForward(RE_USER_HAD_LOGIN); return; } /** * 收集变量 */ $username = $this->getParameterFromPost('username'); //用户名 $useremail = $this->getParameterFromPost('useremail'); //用户邮件 $userpass = $this->getParameterFromPost('userpass'); //用户密码 $userpasscheck = $this->getParameterFromPost('userpasscheck'); //校验密码 $check_code = strtolower($this->getParameterFromPost('checkcode')); //注册校验密码 $userhead = $this->getParameterFromPost('persionimage'); //用户选择的头像 $public_email = $this->getParameterFromPost('public_email'); //是否公开用户的邮件 if ($public_email != 1) { $public_email = 0; } $username = strtolower($username); //校验用户名 if (!$username || strlen($username) <= 0) { /*{{{*/ $this->AlertAndForward(RE_USER_NAME_NOT_EMPTY, 'index.php?module=user&action=register'); return; } if (strlen($username) > 30) { $this->AlertAndForward(RE_USER_NAME_TOO_LONG, 'index.php?module=user&action=register'); return; } /*}}}*/ //注意保留用户名 if (strtolower($username) == 'system') { /*{{{*/ $this->AlertAndForward(RE_USER_NAME_IS_KEEP, 'index.php?module=user&action=register'); return; } /*}}}*/ //验证用户名是否已经存在 $db = $this->getDB(); /*{{{*/ $sql = 'select count(*) as num from base_user_info where lower(user_name)='; $sql .= $db->qstr(strtolower($username), get_magic_quotes_gpc()); $res = $db->Execute($sql); $rows = $res->FetchRow(); $num = $rows['num']; if ($num) { $this->AlertAndForward(RE_USER_NAME_EXISTS, 'index.php?module=user&action=register'); return; } /*}}}*/ //校验用户的邮件的合法性 if (!$useremail || strlen($useremail) <= 0) { /*{{{*/ $this->AlertAndForward(RE_USER_EMAIL_NOT_EMPTY, 'index.php?module=user&action=register'); return; } /*}}}*/ //校验用户邮件格式的合法性 if (!preg_match("/^([a-zA-Z0-9_-])+@([a-zA-Z0-9_-])+(\\.[a-zA-Z0-9_-])+/i", $useremail)) { /*{{{*/ $this->AlertAndForward(RE_USER_EMAIL_FORMAT_ERROR, 'index.php?module=user&action=register'); return; } /*}}}*/ //验证用户邮件是否存在 $sql = 'select count(*) as num from base_user_info where lower(user_email)='; /*{{{*/ $sql .= $db->qstr(strtolower($useremail), get_magic_quotes_gpc()); $res = $db->Execute($sql); $rows = $res->FetchRow(); $num = $rows['num']; if ($num) { $this->AlertAndForward(RE_USER_EMAIL_EXISTS, 'index.php?module=user&action=register'); return; } /*}}}*/ //校验密码和验证密码 if (strlen($userpass) <= 0 || strlen($userpasscheck) <= 0) { /*{{{*/ $this->AlertAndForward(RE_USER_PASS_NOT_EMPTY, 'index.php?module=user&action=register'); return; } if ($userpass != $userpasscheck) { $this->AlertAndForward(RE_PASS_NOT_CHECK, 'index.php?module=user&action=register'); return; } /*}}}*/ //校验用户的头像 if (!$userhead) { /*{{{*/ $userhead = 1; } if (!$userhead) { $userhead = 1; } if ($userhead > 37) { $userhead = 37; } /*}}}*/ //从session得到已经存储的校验密码 $register_check_code = strtolower($_SESSION['register_check_code']); //校验如果是验证码不对,则提示。 if ($check_code != $register_check_code) { /*{{{*/ $this->AlertAndForward(RE_CHECK_CODE_NOT_VALIDATE, 'index.php?module=user&action=register'); return; } /*}}}*/ //注册性别 $register_gender = $this->getParameterFromPost('register_gender'); if ($register_gender != 'keep' && $register_gender != 'male' && $register_gender != 'female') { $register_gender = 'keep'; } //来自哪里 $user_hometown = $this->getParameterFromPost('user_hometown'); if (empty($user_hometown)) { $user_hometown = ''; } //生日 $birthday_year = $this->getParameterFromPost('birthday_year'); $birthday_month = $this->getParameterFromPost('birthday_month'); $birthday_day = $this->getParameterFromPost('birthday_day'); //检查日期的合法性 $check_time = mktime(0, 0, 0, $birthday_month, $birthday_day, $birthday_year); if (!$check_time || $check_time == -1) { $this->AlertAndForward(RE_CHECK_BIRTHDAY_NOT_VALIDATE, 'index.php?module=user&action=register'); return; } $birthday_date = $birthday_year . '-' . $birthday_month . '-' . $birthday_day; //个人网站 $user_website = $this->getParameterFromPost('user_website'); if (empty($user_website)) { $user_website = ''; } //默认语言 //目前只支持一种语言。所以写死在这儿了 $user_lang = $this->getParameterFromPost('user_lang'); if ($user_lang != 'zh') { $user_lang = 'zh'; } //界面风格 $user_theme = $this->getParameterFromPost('user_theme'); if ($user_theme != 'new' || $user_theme != 'newll') { $user_theme = 'new'; } //是否接收新邮件 // $receive_system_email = $this->getParameterFromPost('receive_system_email'); if ($receive_system_email != 1 || $receive_system_email != 0) { $receive_system_email = 1; } //是否接收系统消息 $receive_system_message = $this->getParameterFromPost('receive_system_message'); if ($receive_system_message != 1 || $receive_system_message != 0) { $receive_system_message = 1; } //个性化签名 $user_sign = $this->getParameterFromPost('user_sign'); if (empty($user_sign)) { $user_sign = ''; } if (!get_magic_quotes_gpc()) { } //通过所有的验证,开始进行真正的注册动作 //查询新用户默认所属于的组 /* $sql = 'select user_grp from new_user_group'; $res = $db->SelectLimit($sql, 1, 0); $rows = $res->FetchRow(); $user_grp = $rows['user_grp']; */ if (!$user_grp) { $user_grp = 4; } $sql = 'insert into base_user_info ( user_name, user_password, user_email, user_header, public_user_email, group_dep, register_date, user_gender, user_hometown, user_birthday, user_website, user_sign ) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,?) '; $now = getNoFormateCurrentDate(); $stmt = $db->prepare($sql); //插入数据库 $db->Execute($stmt, array($username, md5($userpass), $useremail, $userhead, $public_email, $user_grp, $now, $register_gender, $user_hometown, $birthday_date, $user_website, $user_sign)); if ($db->ErrorNo()) { $this->AlertAndForward($db->ErrorMsg(), 'index.php?module=user&action=register'); return; } $temp_user_id = $db->Insert_ID(); $sql = 'insert into user_setting (user_lang, user_theme, user_whether_receive_email, ' . 'receive_system_message, user_id ) values (?, ?, ?, ?, ? ) '; $sth = $db->Prepare($sql); $db->Execute($sth, array($user_lang, $user_theme, $receive_system_email, $receive_system_message, $temp_user_id)); unset($_SESSION['register_check_code']); //注册成功 $this->TipsAndForward(RE_REGISTER_SUCCESS, 'index.php?module=user&action=showlogin'); return; }