function wz_record($get) { global $_SGLOBAL, $_SC; reset($get); foreach ($get as $k => $v) { if ($k == 'wxid') { $wxid = getstr($get[$k]); } if ($k == 'token') { $token = getstr($get[$k]); } if ($k == 'mid') { $mid = intval($get[$k]) ? intval($get[$k]) : 0; } if ($k == 'wxid' || $k == 'token' || $k == 'mid') { unset($get[$k]); continue; } else { $get[$k] = getstr($get[$k]); } $get[$k] = getstr($get[$k]); } $query = json_encode($get); $arr = array('token_id' => $_SGLOBAL['supe_token_id'], 'query' => $query, 'ip' => getonlineip(), 'user_agent' => $_SERVER["HTTP_USER_AGENT"], 'wxid' => $wxid, 'token' => $token, 'mid' => $mid, 'addtime' => $_SGLOBAL['timestamp']); $record_id = inserttable(tname('wz_record'), $arr, 1); return $record_id; }
function insertsession($setarr) { global $_SGLOBAL, $_SCONFIG; $_SCONFIG['onlinehold'] = intval($_SCONFIG['onlinehold']); if ($_SCONFIG['onlinehold'] < 300) { $_SCONFIG['onlinehold'] = 300; } $_SGLOBAL['db']->query("DELETE FROM " . tname('session') . " WHERE uid='{$setarr['uid']}' OR lastactivity<'" . ($_SGLOBAL['timestamp'] - $_SCONFIG['onlinehold']) . "'"); //添加在线 $ip = getonlineip(1); $setarr['lastactivity'] = $_SGLOBAL['timestamp']; $setarr['ip'] = $ip; //检查是否使用了道具隐身草 if ($_SGLOBAL['magic']['invisible']) { $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('magicuselog') . " WHERE uid='{$setarr['uid']}' AND mid='invisible'"); $value = $_SGLOBAL['db']->fetch_array($query); if ($value && $value['expire'] > $_SGLOBAL['timestamp']) { $setarr['magichidden'] = '1'; } } //查询实名 $uid = $setarr[uid]; $query = $_SGLOBAL['db']->query("SELECT uid, name, namestatus FROM " . tname('space') . " WHERE uid='{$uid}'"); if ($value = $_SGLOBAL['db']->fetch_array($query)) { $setarr['name'] = addslashes($value['name']); } inserttable('session', $setarr, 0, true, 1); $spacearr = array('lastlogin' => "lastlogin='******'timestamp']}'", 'ip' => "ip='{$ip}'"); $_SGLOBAL['supe_uid'] = $setarr['uid']; $experience = $credit = 0; //每天登陆奖励 $reward = getreward('daylogin', 0, $setarr['uid']); $credit = $reward['credit']; $experience = $reward['experience']; if ($credit) { $spacearr['credit'] = "credit=credit+{$credit}"; } if ($experience) { $spacearr['experience'] = "experience=experience+{$experience}"; } //更新用户 $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET " . implode(',', $spacearr) . " WHERE uid='{$setarr['uid']}'"); //验证用户组是否过期 $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('spacelog') . " WHERE uid='{$setarr['uid']}'"); if ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($value['expiration'] <= $_SGLOBAL['timestamp']) { //到期 //清除用户组 updatetable('space', array('groupid' => 0), array('uid' => $setarr['uid'])); //删除记录 $_SGLOBAL['db']->query("DELETE FROM " . tname('spacelog') . " WHERE uid='{$setarr['uid']}'"); } } //统计更新 include_once S_ROOT . './source/function_cp.php'; updatestat('login', 1); }
function email_reg($email, $backurl = '') { global $_SGLOBAL, $_SC; $email_reg['email'] = $email; $email_reg['ip'] = getonlineip(1); $email_reg['salt'] = random(6); $email_reg['hash'] = substr(md5(md5($email) . $email_reg['salt']), 8, 7); $email_reg['addtime'] = $_SGLOBAL['timestamp']; $email_reg['used'] = 0; $email_reg['backurl'] = $backurl; $id = inserttable(tname("open_email_reg"), $email_reg, 1, 1); $h = $email_reg['hash']; return $_SC['site_host'] . "/?r=" . $h; }
function insertsession($setarr) { global $_SGLOBAL, $_SCONFIG; $_SCONFIG['onlinehold'] = intval($_SCONFIG['onlinehold']); if ($_SCONFIG['onlinehold'] < 300) { $_SCONFIG['onlinehold'] = 300; } $_SGLOBAL['db']->query("DELETE FROM " . tname('session') . " WHERE uid='{$setarr['uid']}' OR lastactivity<'" . ($_SGLOBAL['timestamp'] - $_SCONFIG['onlinehold']) . "'"); //添加在线 $ip = getonlineip(1); $setarr['lastactivity'] = $_SGLOBAL['timestamp']; $setarr['ip'] = $ip; inserttable('session', $setarr, 0, true, 1); //更新用户 updatetable('space', array('lastlogin' => $_SGLOBAL['timestamp'], 'ip' => $ip), array('uid' => $setarr['uid']), 1); }
$configs = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('config')); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $configs[$value['var']] = shtmlspecialchars($value['datavalue']); } if (empty($configs['feedfilternum']) || $configs['feedfilternum'] < 1) { $configs['feedfilternum'] = 1; } $datasets = $datas = $mails = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('data')); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($value['var'] == 'setting' || $value['var'] == 'mail') { $datasets[$value['var']] = empty($value['datavalue']) ? array() : unserialize($value['datavalue']); } else { $datasets[$value['var']] = shtmlspecialchars($value['datavalue']); } } $datas = $datasets['setting']; $mails = $datasets['mail']; // templates directory $templatearr = array('default' => 'default'); $tpl_dir = sreaddir(S_ROOT . './template'); foreach ($tpl_dir as $dir) { if (file_exists(S_ROOT . './template/' . $dir . '/style.css')) { $templatearr[$dir] = $dir; } } $templateselect = array($configs['template'] => ' selected'); $toselect = array($configs['timeoffset'] => ' selected'); $onlineip = getonlineip();
$TmpName = $value[1]; $UserId = $value[2]; $result = $_SGLOBAL['db']->query("select uid,username,name from " . tname('space') . " where uid={$UserId}"); $rs = $_SGLOBAL['db']->fetch_array($result); $realname = $rs['name']; //调用检查函数将@后的内容进行验证,为UID对应的姓名相同则返回@与姓名,不相同则继续判断下一个@,没有找到匹配的最终将返回false $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; $Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message); } //替换表情 $Message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $Message); $Message = preg_replace("/\\<br.*?\\>/is", ' ', $Message); //print_r($Message); $arr = array("username" => getstr($username, 15, 1, 1, 1), "message" => $Message, "uid" => intval($userid), "replynum" => 0, "mood" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'ip' => getonlineip()); $newdoid = inserttable('doing', $arr, 1); //事件feed $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $userid, 'username' => $username, 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $Message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid'); $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); //喜好hash $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); //合并hash inserttable('feed', $feedarr, 1); updatestat('doing'); //更新空间note $setarr = array('note' => $Message); if (!empty($_POST['spacenote'])) { $reward = getreward('updatemood', 0); $setarr['spacenote'] = $Message; } else {
$list = $ols = $fuids = array(); $count = 0; $page = empty($_GET['page']) ? 0 : intval($_GET['page']); if ($page < 1) { $page = 1; } $start = ($page - 1) * $perpage; //检查开始数 ckstart($start, $perpage); if ($_GET['view'] == 'online') { $theurl = "space.php?uid={$space['uid']}&do=friend&view=online"; $actives = array('me' => ' class="active"'); $wheresql = ''; if ($_GET['type'] == 'near') { $theurl = "space.php?uid={$space['uid']}&do=friend&view=online&type=near"; $wheresql = " WHERE main.ip='" . getonlineip(1) . "'"; } elseif ($_GET['type'] == 'friend' && $space['feedfriend']) { $theurl = "space.php?uid={$space['uid']}&do=friend&view=online&type=friend"; $wheresql = " WHERE main.uid IN ({$space['feedfriend']})"; } $count = $_SGLOBAL['db']->result($_SGLOBAL['db']->query("SELECT COUNT(*) FROM " . tname('session') . " main {$wheresql}"), 0); if ($count) { $query = $_SGLOBAL['db']->query("SELECT f.resideprovince, f.residecity, f.note, f.sex, f.note, f.spacenote, main.uid, main.username, main.lastactivity \r\n\t\t\tFROM " . tname('session') . " main\r\n\t\t\tLEFT JOIN " . tname('spacefield') . " f ON f.uid=main.uid\r\n\t\t\t{$wheresql}\r\n\t\t\tLIMIT {$start},{$perpage}"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($_GET['type'] == 'near') { if ($value['uid'] = $space['uid']) { $count = $count - 1; continue; } } realname_set($value['uid'], $value['username']);
function stream_save($strdata, $albumid = 0, $fileext = 'jpg', $name='', $title='', $delsize=0, $from = false) { global $_SGLOBAL, $space, $_SCONFIG, $_SC; if($albumid<0) $albumid = 0; $setarr = array(); $filepath = getfilepath($fileext, true); $newfilename = $_SC['attachdir'].'./'.$filepath; if($handle = fopen($newfilename, 'wb')) { if(fwrite($handle, $strdata) !== FALSE) { fclose($handle); $size = filesize($newfilename); //检查空间大小 if(empty($space)) { $space = getspace($_SGLOBAL['supe_uid']); $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('space')." WHERE uid='$_SGLOBAL[supe_uid]'"); $space = $_SGLOBAL['db']->fetch_array($query); $_SGLOBAL['supe_username'] = addslashes($space['username']); } $_SGLOBAL['member'] = $space; $maxattachsize = checkperm('maxattachsize');//单位MB if($maxattachsize) {//0为不限制 if($space['attachsize'] + $size - $delsize > $maxattachsize + $space['addsize']) { @unlink($newfilename); return -1; } } //检查是否图片 if(function_exists('getimagesize')) { $tmp_imagesize = @getimagesize($newfilename); list($tmp_width, $tmp_height, $tmp_type) = (array)$tmp_imagesize; $tmp_size = $tmp_width * $tmp_height; if($tmp_size > 16777216 || $tmp_size < 4 || empty($tmp_type) || strpos($tmp_imagesize['mime'], 'flash') > 0) { @unlink($newfilename); return -2; } } //缩略图 include_once(S_ROOT.'./source/function_image.php'); $thumbpath = makethumb($newfilename); $thumb = empty($thumbpath)?0:1; //大头帖不添加水印 if($_SCONFIG['allowwatermark']) { makewatermark($newfilename); } //入库 $filename = addslashes(($name ? $name : substr(strrchr($filepath, '/'), 1))); $title = getstr($title, 200, 1, 1, 1); if($albumid) { preg_match("/^new\:(.+)$/i", $albumid, $matchs); if(!empty($matchs[1])) { $albumname = shtmlspecialchars(trim($matchs[1])); if(empty($albumname)) $albumname = sgmdate('Ymd'); $albumid = album_creat(array('albumname' => $albumname)); } else { $albumid = intval($albumid); if($albumid) { $query = $_SGLOBAL['db']->query("SELECT albumname,friend FROM ".tname('album')." WHERE albumid='$albumid' AND uid='$_SGLOBAL[supe_uid]'"); if($value = $_SGLOBAL['db']->fetch_array($query)) { $albumname = addslashes($value['albumname']); $albumfriend = $value['friend']; } else { $albumname = sgmdate('Ymd'); $albumid = album_creat(array('albumname' => $albumname)); } } } } else { $albumid = 0; } $setarr = array( 'albumid' => $albumid, 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'filename' => $filename, 'postip' => getonlineip(), 'title' => $title, 'type' => $fileext, 'size' => $size, 'filepath' => $filepath, 'thumb' => $thumb ); $setarr['picid'] = inserttable('pic', $setarr, 1); //更新附件大小 //积分 $setsql = ''; if($from) { $reward = getreward($from, 0); if($reward['credit']) { $setsql = ",credit=credit+$reward[credit]"; } if($reward['experience']) { $setsql .= ",experience=experience+$reward[experience]"; } } $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET attachsize=attachsize+'$size', updatetime='$_SGLOBAL[timestamp]' $setsql WHERE uid='$_SGLOBAL[supe_uid]'"); //相册更新 if($albumid) { $file = $filepath.($thumb?'.thumb.jpg':''); $_SGLOBAL['db']->query("UPDATE ".tname('album')." SET picnum=picnum+1, updatetime='$_SGLOBAL[timestamp]', pic='$file', picflag='1' WHERE albumid='$albumid'"); } //最后进行ftp上传,防止垃圾产生 if($_SCONFIG['allowftp']) { include_once(S_ROOT.'./source/function_ftp.php'); if(ftpupload($newfilename, $filepath)) { $setarr['remote'] = 1; updatetable('pic', array('remote'=>$setarr['remote']), array('picid'=>$setarr['picid'])); if($albumid) updatetable('album', array('picflag'=>2), array('albumid'=>$albumid)); } else { return -4; } } //统计 updatestat('pic'); return $setarr; } else { fclose($handle); } } return -3; }
if (empty($realname)) { $realname = $rs['username']; } //调用检查函数将@后的内容进行验证,为UID对应的姓名相同则返回@与姓名,不相同则继续判断下一个@,没有找到匹配的最终将返回false $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; if ($ValidValue != false) { $Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message); $UserIds[] = $UserId; } } } //Add by Add by am 2013-12-07 end $arr = array("topicid" => 0, "uid" => intval($userid), "username" => getstr($username, 15, 1, 1, 1), "subject" => getstr($Subject, 80, 1, 1, 1), "classid" => 0, "viewnum" => 0, "replynum" => 0, "hot" => 0, "picflag" => 0, "noreply" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'friend' => 1, 'click_1' => 0, 'click_2' => 0, 'click_3' => 0, 'click_4' => 0, 'click_5' => 0, 'fromdevice' => $FromDevice); $blogid = inserttable('blog', $arr, 1); $arr1 = array("blogid" => intval($blogid), "uid" => intval($userid), "message" => getstr($Message, 5000, 1, 1, 1), "postip" => getonlineip(), "relatedtime" => 0, "magiccolor" => 0, "magicpaper" => 0, "magiccall" => 0); $blogfield = inserttable('blogfield', $arr1, 1); include_once S_ROOT . './source/function_feed.php'; feed_publish($blogid, 'blogid', 0, $FromDevice); if ($blogid) { $arrs = array('flag' => 'success'); } else { $arrs = array('flag' => 'fail'); } } } $result = json_encode($arrs); $result = preg_replace("#\\\\u([0-9a-f]+)#ie", "iconv('UCS-2BE', 'UTF-8', pack('H4', '\\1'))", $result); echo $result; exit;
$_POST["country"] = $res['country']; $_POST["school"] = $res['school']; $_SGLOBAL["inviteactive_showemail"] = true; $_SGLOBAL["no_inviteactive"] = true; $inviteactive_showmsg = true; $country = $_POST['country']; $school = $_POST['school']; $_SCONFIG['overseas'] = true; include_once 'do_quickmarkregister.php'; $lng = ''; $lat = ''; try { $res = getIpDetails(); $lng = $res['longitude']; $lat = $res['latitude']; $forg = array("uid" => $newuid, "ip" => getonlineip(), "country" => $country, "school" => $school, "lng" => $lng, "lat" => $lat); inserttable("spaceforeign", $forg); //设置隐私 $_SGLOBAL['db']->query("INSERT INTO " . tname('spaceinfo') . " (type,subtype,uid,friend) VALUES ('contact','mobile'," . $newuid . ",1)"); $query = $_SGLOBAL['db']->query("UPDATE " . tname("spaceforeign") . " SET dataline='" . time() . "' WHERE uid={$newuid}"); //给外事处发消息进行认证 $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("space") . " WHERE consul=1"); if ($res = $_SGLOBAL['db']->fetch_array($query)) { $recver = $res['uid']; } $setarr = array('uid' => $recver, 'type' => "friend", 'new' => 1, 'authorid' => $newuid, 'author' => $name, 'note' => "({$birthday},{$academy}," . $startyear . "级)" . '向您发起了' . $country . $school . '学校的认证请求<br/><a href="space.php?do=friend&view=confirmoverseas&uid=%27' . $newuid . '%27&type=overseas">通过请求</a><span class="pipe">|</span><a href="space.php?do=friend&view=refuseoverseas&uid=%27' . $newuid . '%27&type=overseas">忽略</a>', 'dateline' => $_SGLOBAL['timestamp']); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET notenum=notenum+1 WHERE uid='{$recver}'"); inserttable('notification', $setarr); //变更记录 if ($_SCONFIG['my_status']) { inserttable('userlog', array('uid' => $newuid, 'action' => 'add', 'dateline' => $_SGLOBAL['timestamp']), 0, true);
} if (empty($updo) && $doid) { $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('doing') . " WHERE doid='{$doid}'"); $updo = $_SGLOBAL['db']->fetch_array($query); } if (empty($updo)) { showmessage('docomment_error'); } else { //黑名单 if (isblacklist($updo['uid'])) { showmessage('is_blacklist'); } } $updo['id'] = intval($updo['id']); $updo['grade'] = intval($updo['grade']); $setarr = array('doid' => $updo['doid'], 'upid' => $updo['id'], 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'message' => $message, 'ip' => getonlineip(), 'grade' => $updo['grade'] + 1); //最多层级 if ($updo['grade'] >= 3) { $setarr['upid'] = $updo['upid']; //更母一个级别 } $newid = inserttable('docomment', $setarr, 1); //更新回复数 $_SGLOBAL['db']->query("UPDATE " . tname('doing') . " SET replynum=replynum+1 WHERE doid='{$updo['doid']}'"); //通知 if ($updo['uid'] != $_SGLOBAL['supe_uid']) { $note = cplang('note_doing_reply', array("space.php?do=doing&doid={$updo['doid']}&highlight={$newid}")); notification_add($updo['uid'], 'doing', $note); } $_POST['refer'] = preg_replace("/((\\#|\\&highlight|\\-highlight|\\.html).*?)\$/", '', $_POST['refer']); if (strexists($_POST['refer'], '?')) {
//以下摘取addnews部分代码,私下觉得@功能不完整! preg_match_all("/[@](.*)[(]([\\d]+)[)]\\s/U", $Message, $Matches, PREG_SET_ORDER); foreach ($Matches as $value) { $TmpString = $value[0]; $TmpName = $value[1]; $UserId = $value[2]; $result = $_SGLOBAL['db']->query("select uid,username,name from " . tname('space') . " where uid={$UserId}"); $rs = $_SGLOBAL['db']->fetch_array($result); $realname = $rs['name']; $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; $Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message); } $Message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $Message); $Message = preg_replace("/\\<br.*?\\>/is", ' ', $Message); chdir("../../"); include_once 'source/function_cp.php'; $MobileFile = pic_save($File, $_POST['albumid'], $Message, $_POST['topicid']); if ($MobileFile && is_array($MobileFile)) { $arr = array("username" => getstr($username, 30, 1, 1, 1), "message" => $Message, "uid" => intval($userid), "replynum" => 0, "mood" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'ip' => getonlineip(), 'fromdevice' => $FromDevice, 'image_1' => pic_get($MobileFile['filepath'], $MobileFile['thumb'], $MobileFile['remote']), 'image_1_link' => "space.php?uid={$MobileFile['uid']}&do=album&picid={$MobileFile['picid']}"); $newdoid = inserttable('doing', $arr, 1); $Feedarray = array('appid' => 'UC_APPID', 'icon' => 'doing', 'id' => $newdoid, 'idtype' => 'doid', 'uid' => $MobileFile['uid'], 'username' => $MobileFile['username'], 'dateline' => $MobileFile['dateline'], 'fromdevice' => $FromDevice, 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $Message)))), 'body_template' => '', 'body_data' => '', 'image_1' => pic_get($MobileFile['filepath'], $MobileFile['thumb'], $MobileFile['remote']), 'image_1_link' => "space.php?uid={$MobileFile['uid']}&do=album&picid={$MobileFile['picid']}"); $Feedarray['hash_template'] = md5($Feedarray['title_template'] . "\t" . $Feedarray['body_template']); $Feedarray['hash_data'] = md5($Feedarray['title_template'] . "\t" . $Feedarray['title_data'] . "\t" . $Feedarray['body_template'] . "\t" . $Feedarray['body_data']); $Feedid = inserttable('feed', $Feedarray, 1); updatestat('doing'); $Result = array('flag' => 'success'); } else { $Result = array('flag' => 'fail_file&msg'); }
$value = saddslashes($value); $dateline = intval(sstrtotime($value['dateCreated'])); $subject = getstr($value['title'], 80, 1, 1, 1); $message = isset($value['description']) ? $value['description'] : $value['content']; $message = getstr($message, 0, 1, 1, 1, 0, 1); $message = checkhtml($message); if (empty($subject) || empty($message)) { $results[$key]['status'] = '--'; $results[$key]['blogid'] = 0; continue; } //开始导入 $blogarr = array('uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'subject' => $subject, 'pic' => getmessagepic($message), 'dateline' => $dateline ? $dateline : $_SGLOBAL['timestamp']); $blogid = inserttable('blog', $blogarr, 1); //插入内容 $fieldarr = array('blogid' => $blogid, 'message' => $message, 'postip' => getonlineip()); inserttable('blogfield', $fieldarr); //统计 $incount = $incount + 1; $results[$key]['status'] = 'OK'; $results[$key]['blogid'] = $blogid; } else { $results[$key]['status'] = '--'; $results[$key]['blogid'] = 0; } } if ($incount) { //扣除积分 updatespacestatus('pay', 'xmlrpc'); @unlink($userfile); }
//黑名单 if (isblacklist($post['uid'])) { showmessage('is_blacklist'); } //实名 realname_set($post['uid'], $post['username']); realname_get(); $post['message'] = preg_replace("/\\<div class=\"quote\"\\>\\<span class=\"q\"\\>.*?\\<\\/span\\>\\<\\/div\\>/is", '', $post['message']); //移除编辑记录 $post['message'] = preg_replace("/<ins class=\"modify\".+?<\\/ins>/is", '', $post['message']); $post['message'] = html2bbcode($post['message']); //显示用 $message = addslashes("<div class=\"quote\"><span class=\"q\"><b>" . $_SN[$post['uid']] . "</b>: " . getstr($post['message'], 150, 0, 0, 0, 2, 1) . '</span></div>') . $message; } $anonymous = empty($_POST['anonymous']) ? 0 : intval($_POST['anonymous']); $setarr = array('tagid' => intval($thread['tagid']), 'anonymous' => $anonymous, 'tid' => $tid, 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'ip' => getonlineip(), 'dateline' => $_SGLOBAL['timestamp'], 'message' => $message); $pid = inserttable('post', $setarr, 1); //邮件通知 smail($thread['uid'], '', cplang('mtag_reply', array($_SN[$space['uid']], shtmlspecialchars(getsiteurl() . "space.php?uid={$thread['uid']}&do=thread&id={$thread['tid']}"))), '', 'mtag_reply'); //更新统计数据 $last_author_name = $anonymous ? 'null' : $_SGLOBAL[supe_username]; $_SGLOBAL['db']->query("UPDATE " . tname('thread') . "\r\n\t\tSET replynum=replynum+1, lastpost='{$_SGLOBAL['timestamp']}', lastauthor='{$last_author_name}', lastauthorid='{$_SGLOBAL['supe_uid']}'\r\n\t\tWHERE tid='{$tid}'"); //更新群组统计 $_SGLOBAL['db']->query("UPDATE " . tname("mtag") . " SET postnum=postnum+1 WHERE tagid='{$thread['tagid']}'"); //普通回复 if (empty($post) && $thread['uid'] != $_SGLOBAL['supe_uid']) { //积分 getreward('replythread', 1, 0, $thread['tid']); realname_set($thread['uid'], $thread['username']); realname_get(); if (empty($mtag['viewperm'])) {
function blog_post($POST, $olds = array()) { global $_SGLOBAL, $_SC; //操作者角色切换 if (!empty($olds['uid'])) { $__SGLOBAL = $_SGLOBAL; $_SGLOBAL['supe_uid'] = $olds['uid']; $_SGLOBAL['supe_username'] = addslashes($olds['username']); } //标题 $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); if (strlen($POST['subject']) < 1) { $POST['subject'] = sgmdate('Y-m-d'); } $POST['friend'] = intval($POST['friend']); //隐私 $POST['target_ids'] = ''; if ($POST['friend'] == 2) { //特定好友 $uids = array(); $names = empty($_POST['target_names']) ? array() : explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names'])); if ($names) { $query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE username IN (" . simplode($names) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $uids[] = $value['uid']; } } if (empty($uids)) { $POST['friend'] = 3; //仅自己可见 } else { $POST['target_ids'] = implode(',', $uids); } } elseif ($POST['friend'] == 4) { //加密 $POST['password'] = trim($POST['password']); if ($POST['password'] == '') { $POST['friend'] = 0; } //公开 } if ($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if ($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = shtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //语词屏蔽 //内容 $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1); $POST['message'] = preg_replace("/\\<div\\>\\<\\/div\\>/i", '', $POST['message']); $message = $POST['message']; //个人分类 if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { //分类名 $classname = shtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1, 1); if (empty($classname)) { $classid = 0; } else { $classid = getcount('class', array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid']), 'classid'); if (empty($classid)) { $setarr = array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']); $classid = inserttable('class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if ($classid && empty($classname)) { //是否是自己的 $classname = getcount('class', array('classid' => $classid, 'uid' => $_SGLOBAL['supe_uid']), 'classname'); if (empty($classname)) { $classid = 0; } } //主表 $blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply']) ? 0 : 1); //标题图片 $titlepic = ''; //获取上传的图片 $uploads = array(); if (!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE picid IN (" . simplode($picids) . ") AND uid='{$_SGLOBAL['supe_uid']}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if (empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'] . '.thumb.jpg'; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if (empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } } //插入文章 if ($uploads) { preg_match_all("/\\<img\\s.*?\\_uchome\\_localimg\\_([0-9]+).+?src\\=\"(.+?)\"/i", $message, $mathes); if (!empty($mathes[1])) { $searchs = $idsearchs = array(); $replaces = array(); foreach ($mathes[1] as $key => $value) { if (!empty($mathes[2][$key]) && !empty($uploads[$value])) { $searchs[] = $mathes[2][$key]; $idsearchs[] = "_uchome_localimg_{$value}"; $replaces[] = mkpicurl($uploads[$value], 0); unset($uploads[$value]); } } if ($searchs) { $message = str_replace($searchs, $replaces, $message); $message = str_replace($idsearchs, 'uchomelocalimg[]', $message); } } //未插入文章 foreach ($uploads as $value) { $picurl = mkpicurl($value, 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"{$picurl}\"><p>{$value['title']}</p></div>"; } } //没有填写任何东西 $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message); if (empty($ckmessage)) { return false; } //添加slashes $message = addslashes($message); //从内容中读取图片 if (empty($titlepic)) { $titlepic = getmessagepic($message); $blogarr['picflag'] = 0; } $blogarr['pic'] = $titlepic; if ($olds['blogid']) { //更新 $blogid = $olds['blogid']; updatetable('blog', $blogarr, array('blogid' => $blogid)); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { $blogarr['uid'] = $_SGLOBAL['supe_uid']; $blogarr['username'] = $_SGLOBAL['supe_username']; $blogarr['dateline'] = empty($POST['dateline']) ? $_SGLOBAL['timestamp'] : $POST['dateline']; $blogid = inserttable('blog', $blogarr, 1); } $blogarr['blogid'] = $blogid; //附表 $fieldarr = array('message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids']); //TAG $oldtagstr = addslashes(empty($olds['tag']) ? '' : implode(' ', unserialize($olds['tag']))); $tagarr = array(); if ($POST['tag'] != $oldtagstr) { if (!empty($olds['tag'])) { //先把以前的给清理掉 $oldtags = array(); $query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $oldtags[] = $value['tagid']; } if ($oldtags) { $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET blognum=blognum-1 WHERE tagid IN (" . simplode($oldtags) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'"); } } $tagarr = tag_batch($blogid, $POST['tag']); //更新附表中的tag $fieldarr['tag'] = empty($tagarr) ? '' : addslashes(serialize($tagarr)); } if ($olds) { //更新 updatetable('blogfield', $fieldarr, array('blogid' => $blogid)); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; inserttable('blogfield', $fieldarr); } //空间更新 if ($olds) { //空间更新 $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET updatetime='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'"); } else { //积分 updatespacestatus('get', 'blog'); } //feed if (empty($olds) && $blogarr['friend'] != 3) { //事件feed $fs = array(); $fs['icon'] = 'blog'; $fs['title_data'] = array(); $fs['images'] = $fs['image_links'] = array(); if ($blogarr['friend'] == 4) { //加密日志feed $fs['title_template'] = cplang('feed_blog_password'); $fs['title_data'] = array('subject' => "<a href=\"space.php?uid={$_SGLOBAL['supe_uid']}&do=blog&id={$blogid}\">{$blogarr['subject']}</a>"); $fs['body_template'] = ''; $fs['body_data'] = array(); } else { if ($blogarr['pic']) { $fs['images'] = array(mkpicurl($blogarr)); $fs['image_links'] = array("space.php?uid={$_SGLOBAL['supe_uid']}&do=blog&id={$blogid}"); } $fs['title_template'] = cplang('feed_blog'); $fs['body_template'] = '<b>{subject}</b><br>{summary}'; $fs['body_data'] = array('subject' => "<a href=\"space.php?uid={$_SGLOBAL['supe_uid']}&do=blog&id={$blogid}\">{$blogarr['subject']}</a>", 'summary' => getstr($message, 150, 1, 1, 0, 0, -1)); } $fs['body_general'] = ''; $fs['target_ids'] = $fieldarr['target_ids']; $fs['friend'] = $blogarr['friend']; if (ckprivacy('blog', 1)) { include_once S_ROOT . './source/function_cp.php'; feed_add($fs['icon'], $fs['title_template'], $fs['title_data'], $fs['body_template'], $fs['body_data'], $fs['body_general'], $fs['images'], $fs['image_links'], $fs['target_ids'], $fs['friend']); } } //角色切换 if (!empty($__SGLOBAL)) { $_SGLOBAL = $__SGLOBAL; } return $blogarr; }
$fs['body_data'] = array(); $fs['body_general'] = ''; break; case 'pid': // 投票 //更新评论统计 $_SGLOBAL['db']->query("UPDATE " . tname('poll') . " SET replynum=replynum+1 WHERE pid='{$id}'"); $fs['title_template'] = cplang('feed_comment_poll'); $fs['title_data'] = array('touser' => "<a href=\"space.php?uid={$tospace['uid']}\">" . $_SN[$tospace['uid']] . "</a>", 'poll' => "<a href=\"space.php?uid={$tospace['uid']}&do=poll&pid={$id}\">{$poll['subject']}</a>"); $fs['body_template'] = ''; $fs['body_data'] = array(); $fs['body_general'] = ''; $fs['friend'] = ''; break; } $setarr = array('refercid' => $cid, 'uid' => $tospace['uid'], 'id' => $id, 'idtype' => $_POST['idtype'], 'authorid' => $_SGLOBAL['supe_uid'], 'author' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'message' => $message, 'ip' => getonlineip()); //入库 $cid = inserttable('comment', $setarr, 1); $action = 'comment'; $becomment = 'getcomment'; switch ($_POST['idtype']) { case 'uid': $n_url = "space.php?uid={$tospace['uid']}&do=wall&cid={$cid}"; $note_type = 'wall'; $note = cplang('note_wall', array($n_url)); $q_note = cplang('note_wall_reply', array($n_url)); if ($comment) { $msg = 'note_wall_reply_success'; $magvalues = array($_SN[$tospace['uid']]); $becomment = ''; } else {
$Message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $Message); $Message = preg_replace("/\\<br.*?\\>/is", ' ', $Message); preg_match_all("/[@](.*)[(]([\\d]+)[)]\\s/U", $Message, $Matches, PREG_SET_ORDER); foreach ($Matches as $value) { $TmpString = $value[0]; $TmpName = $value[1]; $UserId = $value[2]; $result = $_SGLOBAL['db']->query("select uid,username,name from " . tname('space') . " where uid={$UserId}"); $rs = $_SGLOBAL['db']->fetch_array($result); $realname = $rs['name']; $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; $Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message); } $arr = array("username" => getstr($username, 30, 1, 1, 1), "message" => getstr($Message, 480, 1, 1, 1), "uid" => intval($userid), "replynum" => 0, "mood" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'ip' => getonlineip(), 'fromdevice' => $FromDevice); $newdoid = inserttable('doing', $arr, 1); $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $userid, 'username' => $username, 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $Message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid', 'fromdevice' => $FromDevice); $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); inserttable('feed', $feedarr, 1); updatestat('doing'); $setarr = array('note' => $Message); if (!empty($_POST['spacenote'])) { $reward = getreward('updatemood', 0); $setarr['spacenote'] = $Message; } else { $reward = getreward('doing', 0); } updatetable('spacefield', $setarr, array('uid' => $userid)); $Result = array('flag' => 'success');
function blog_post($POST, $olds=array()) { global $_SGLOBAL, $_SC, $space; //操作者角色切换 $isself = 1; if(!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) { $isself = 0; $__SGLOBAL = $_SGLOBAL; $_SGLOBAL['supe_uid'] = $olds['uid']; $_SGLOBAL['supe_username'] = addslashes($olds['username']); } //标题 $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); if(strlen($POST['subject'])<1) $POST['subject'] = sgmdate('Y-m-d'); $POST['friend'] = intval($POST['friend']); //隐私 $POST['target_ids'] = ''; if($POST['friend'] == 2) { //特定好友 $uids = array(); $names = empty($_POST['target_names'])?array():explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names'])); if($names) { $query = $_SGLOBAL['db']->query("SELECT uid FROM ".tname('space')." WHERE username IN (".simplode($names).")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $uids[] = $value['uid']; } } if(empty($uids)) { $POST['friend'] = 3;//仅自己可见 } else { $POST['target_ids'] = implode(',', $uids); } } elseif($POST['friend'] == 4) { //加密 $POST['password'] = trim($POST['password']); if($POST['password'] == '') $POST['friend'] = 0;//公开 } if($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = shtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //语词屏蔽 //内容 if($_SGLOBAL['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1); $POST['message'] = preg_replace(array( "/\<div\>\<\/div\>/i", "/\<a\s+href\=\"([^\>]+?)\"\>/i" ), array( '', '<a href="\\1" target="_blank">' ), $POST['message']); } $message = $POST['message']; //个人分类 if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { //分类名 $classname = shtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1, 1); if(empty($classname)) { $classid = 0; } else { $classid = getcount('class', array('classname'=>$classname, 'uid'=>$_SGLOBAL['supe_uid']), 'classid'); if(empty($classid)) { $setarr = array( 'classname' => $classname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp'] ); $classid = inserttable('class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if($classid && empty($classname)) { //是否是自己的 $classname = getcount('class', array('classid'=>$classid, 'uid'=>$_SGLOBAL['supe_uid']), 'classname'); if(empty($classname)) $classid = 0; } //主表 $blogarr = array( 'subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply'])?0:1 ); //标题图片 $titlepic = ''; //获取上传的图片 $uploads = array(); if(!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('pic')." WHERE picid IN (".simplode($picids).") AND uid='$_SGLOBAL[supe_uid]'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if(empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'].'.thumb.jpg'; $blogarr['picflag'] = $value['remote']?2:1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if(empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote']?2:1; } } //插入文章 if($uploads) { preg_match_all("/\<img\s.*?\_uchome\_localimg\_([0-9]+).+?src\=\"(.+?)\"/i", $message, $mathes); if(!empty($mathes[1])) { $searchs = $idsearchs = array(); $replaces = array(); foreach ($mathes[1] as $key => $value) { if(!empty($mathes[2][$key]) && !empty($uploads[$value])) { $searchs[] = $mathes[2][$key]; $idsearchs[] = "_uchome_localimg_$value"; $replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0); unset($uploads[$value]); } } if($searchs) { $message = str_replace($searchs, $replaces, $message); $message = str_replace($idsearchs, 'uchomelocalimg[]', $message); } } //未插入文章 foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>"; } } //没有填写任何东西 $ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\ \;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message); if(empty($ckmessage)) { return false; } //添加slashes $message = addslashes($message); //从内容中读取图片 if(empty($titlepic)) { $titlepic = getmessagepic($message); $blogarr['picflag'] = 0; } $blogarr['pic'] = $titlepic; //热度 if(checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } if($olds['blogid']) { //更新 $blogid = $olds['blogid']; updatetable('blog', $blogarr, array('blogid'=>$blogid)); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { //参与热闹 $blogarr['topicid'] = topic_check($POST['topicid'], 'blog'); $blogarr['uid'] = $_SGLOBAL['supe_uid']; $blogarr['username'] = $_SGLOBAL['supe_username']; $blogarr['dateline'] = empty($POST['dateline'])?$_SGLOBAL['timestamp']:$POST['dateline']; $blogid = inserttable('blog', $blogarr, 1); } $blogarr['blogid'] = $blogid; //附表 $fieldarr = array( 'message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids'] ); //TAG $oldtagstr = addslashes(empty($olds['tag'])?'':implode(' ', unserialize($olds['tag']))); $tagarr = array(); if($POST['tag'] != $oldtagstr) { if(!empty($olds['tag'])) { //先把以前的给清理掉 $oldtags = array(); $query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM ".tname('tagblog')." WHERE blogid='$blogid'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $oldtags[] = $value['tagid']; } if($oldtags) { $_SGLOBAL['db']->query("UPDATE ".tname('tag')." SET blognum=blognum-1 WHERE tagid IN (".simplode($oldtags).")"); $_SGLOBAL['db']->query("DELETE FROM ".tname('tagblog')." WHERE blogid='$blogid'"); } } $tagarr = tag_batch($blogid, $POST['tag']); //更新附表中的tag $fieldarr['tag'] = empty($tagarr)?'':addslashes(serialize($tagarr)); } if($olds) { //更新 updatetable('blogfield', $fieldarr, array('blogid'=>$blogid)); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; inserttable('blogfield', $fieldarr); } //空间更新 if($isself) { if($olds) { //空间更新 $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET updatetime='$_SGLOBAL[timestamp]' WHERE uid='$_SGLOBAL[supe_uid]'"); } else { if(empty($space['blognum'])) { $space['blognum'] = getcount('blog', array('uid'=>$space['uid'])); $blognumsql = "blognum=".$space['blognum']; } else { $blognumsql = 'blognum=blognum+1'; } //积分 $reward = getreward('publishblog', 0); $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET {$blognumsql}, lastpost='$_SGLOBAL[timestamp]', updatetime='$_SGLOBAL[timestamp]', credit=credit+$reward[credit], experience=experience+$reward[experience] WHERE uid='$_SGLOBAL[supe_uid]'"); //统计 updatestat('blog'); } } //产生feed if($POST['makefeed']) { include_once(S_ROOT.'./source/function_feed.php'); feed_publish($blogid, 'blogid', $olds?0:1); } //热闹 if(empty($olds) && $blogarr['topicid']) { topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']); } //角色切换 if(!empty($__SGLOBAL)) $_SGLOBAL = $__SGLOBAL; return $blogarr; }
function ipbanned($ipbanned) { return empty($ipbanned) ? false : preg_match("/^(" . str_replace(array("\r\n", ' '), array('|', ''), preg_quote($ipbanned, '/')) . ")/", getonlineip()); }
/** * 修改用户状态 * @param $userId * @param $status * 返回 001 成功,002失败 */ public function updateUserStatus($userId, $status) { $ip = new IPFilter(getonlineip()); if ($ip->isAllowable() != 1) { return lang('ip_denied'); } $account = new Account($userId); $res = $account->updateStatus($status); return $res; }
} if ($addnum) { $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET addfriendnum=addfriendnum+{$addnum} WHERE uid='{$_SGLOBAL['supe_uid']}'"); } ssetcookie('synfriend', 1, 1800); //30分钟检查一次 exit; } elseif ($op == 'find') { //自动找好友 $maxnum = 18; $nouids = $space['friends']; $nouids[] = $space['uid']; //就在您附近的 $nearlist = array(); $i = 0; $myip = getonlineip(1); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('session') . "\n\t\tWHERE ip='{$myip}' LIMIT 0,200"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if (!in_array($value['uid'], $nouids)) { realname_set($value['uid'], $value['username']); $nearlist[] = $value; $i++; if ($i >= $maxnum) { break; } } } //好友的好友 $i = 0; $friendlist = array(); if ($space['feedfriend']) {
$starttime = $_POST['starttime'] ? strtotime($_POST['starttime']) : strtotime('2036-12-31'); $endtime = $_POST['endtime'] ? strtotime($_POST['endtime']) : strtotime('2036-12-31'); //使用对象 $undergraduate = isset($_POST['undergraduate']) ? intval($_POST['undergraduate']) : 0; $postgraduate = isset($_POST['postgraduate']) ? intval($_POST['postgraduate']) : 0; $teacher = isset($_POST['teacher']) ? intval($_POST['teacher']) : 0; $alumnus = isset($_POST['alumnus']) ? intval($_POST['alumnus']) : 0; //二进制形式 $usertype = $undergraduate . $postgraduate . $teacher . $alumnus; //转换为十进制形式 $usertype = bindec($usertype); //以下信息是自动完成 $applypass = 0; $applyuid = $_SGLOBAL['supe_uid']; $applytime = time(); $applyip = getonlineip(); $email = $_SGLOBAL['member']['email']; $name = getstr($name, 30, 1, 1, 1); //接收图片流:在这之前要验明$name的正身 if ($_FILES['logo']['tmp_name']) { $pic = pic_save($_FILES['logo'], -1, $name); if (is_array($pic) && $pic['filepath']) { $logo = $pic['filepath']; } } if ($category == 3) { $useapi = substr($_POST['api'], 4); $iauth_type = $_POST['iauthtype']; } else { $useapi = ''; $iauth_type = '';
} $needlogin = false; //二次登录确认(半个小时) if ($needlogin) { $cpaccess = 0; $query = $_SGLOBAL['db']->query("SELECT errorcount FROM " . tname('adminsession') . " WHERE uid='{$_SGLOBAL['supe_uid']}' AND dateline+1800>='{$_SGLOBAL['timestamp']}'"); if ($session = $_SGLOBAL['db']->fetch_array($query)) { if ($session['errorcount'] == -1) { $_SGLOBAL['db']->query("UPDATE " . tname('adminsession') . " SET dateline='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'"); $cpaccess = 2; } elseif ($session['errorcount'] <= 3) { $cpaccess = 1; } } else { $_SGLOBAL['db']->query("DELETE FROM " . tname('adminsession') . " WHERE uid='{$_SGLOBAL['supe_uid']}' OR dateline+1800<'{$timestamp}'"); $_SGLOBAL['db']->query("INSERT INTO " . tname('adminsession') . " (uid, ip, dateline, errorcount)\r\n\t\t\tVALUES ('{$_SGLOBAL['supe_uid']}', '" . getonlineip() . "', '{$_SGLOBAL['timestamp']}', '0')"); $cpaccess = 1; } } else { $cpaccess = 2; } switch ($cpaccess) { case '1': //可以登录 if (submitcheck('loginsubmit')) { if (!($passport = getpassport($_SGLOBAL['supe_username'], $_POST['password']))) { $_SGLOBAL['db']->query("UPDATE " . tname('adminsession') . " SET errorcount=errorcount+1 WHERE uid='{$_SGLOBAL['supe_uid']}'"); cpmessage('enter_the_password_is_incorrect', 'admincp.php'); } else { $_SGLOBAL['db']->query("UPDATE " . tname('adminsession') . " SET errorcount='-1' WHERE uid='{$_SGLOBAL['supe_uid']}'"); $refer = empty($_SCOOKIE['_refer']) ? $_SGLOBAL['refer'] : rawurldecode($_SCOOKIE['_refer']);
$remember = $_POST['remember']; if ($remember == 'true') { $_SGLOBAL['db']->query("UPDATE " . tname("spaceforeign") . " SET sync='yes' WHERE uid=" . $_POST['uid']); $_SGLOBAL['db']->query("UPDATE " . tname("space") . " SET overseas_tip='never' WHERE uid=" . $_SGLOBAL['supe_uid']); } $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("spaceforeign") . " WHERE uid='{$uid}'"); if ($res = $_SGLOBAL['db']->fetch_array($query)) { $school = $res['school']; $query1 = $_SGLOBAL['db']->query("SELECT * FROM " . tname("mtag") . " WHERE tagname='{$school}'"); if ($r = $_SGLOBAL['db']->fetch_array($query1)) { $tagid = $r['tagid']; } } $setarr = array('tagid' => $tagid, 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'subject' => $msg, 'lastpost' => $_SGLOBAL['timestamp'], 'lastauthor' => $_SGLOBAL['supe_username'], 'lastauthorid' => $_SGLOBAL['supe_uid']); $tid = inserttable('thread', $setarr, 1); $psetarr = array('tagid' => $tagid, 'tid' => $tid, 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'ip' => getonlineip(), 'dateline' => $_SGLOBAL['timestamp'], 'message' => $msg, 'isthread' => 1); //添加 inserttable('post', $psetarr); //更新群组统计 $_SGLOBAL['db']->query("UPDATE " . tname("mtag") . " SET threadnum=threadnum+1 WHERE tagid='{$tagid}'"); //统计 updatestat('thread'); //更新用户统计 if (empty($space['threadnum'])) { $space['threadnum'] = getcount('thread', array('uid' => $space['uid'])); $threadnumsql = "threadnum=" . $space['threadnum']; } else { $threadnumsql = 'threadnum=threadnum+1'; } //积分 $reward = getreward('publishthread', 0);
$yesterday = $_SGLOBAL['timestamp'] - 86400; $sql = $_SGLOBAL['db']->query("SELECT mobile FROM " . tname('mobilereg') . " WHERE mobile = '" . $mobile . "' AND dateline > '" . $yesterday . "' "); $count = $_SGLOBAL['db']->num_rows($sql); if ($count >= 3) { showmessage('已经存在手机号:' . $mobile . '发出的' . $count . '条验证码还未完成注册。'); } $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('mobilereg') . " WHERE mobile = '" . $mobile . "' and status=0 ORDER BY dateline DESC LIMIT 1"); if ($value = $_SGLOBAL['db']->fetch_array($query) && $_SGLOBAL['timestamp'] - $value['dateline'] <= 60) { showmessage('对不起,您的操作过快,请等待30秒再接收验证码', 'index.php', 2); } else { $mquery = $_SGLOBAL['db']->query("SELECT mobile FROM " . tname('spacefield') . " WHERE mobile = '" . $mobile . "'"); if ($bind = $_SGLOBAL['db']->fetch_array($mquery)) { showmessage('此手机号已经绑定,如果忘记密码,请用手机找回。'); } else { if (sendsms($mobile, '验证码', $content)) { $setarr = array('mobile' => $mobile, 'verifycode' => $verifycode, 'dateline' => $_SGLOBAL['timestamp'], 'ip' => getonlineip()); inserttable('mobilereg', $setarr, 1); showmessage('successfully'); } else { showmessage('注册验证码发送失败...'); } } } } elseif ($op == "checkinputverifycode") { $query = $_SGLOBAL['db']->query("SELECT mobile FROM " . tname('mobilereg') . " WHERE mobile = '" . trim($_GET['mobile']) . "' and verifycode = '" . trim($_GET['verifycode']) . "'"); if ($value = $_SGLOBAL['db']->fetch_array($query)) { showmessage('succeed'); } else { showmessage('手机验证码输入不正确!'); } } elseif ($op == "checkinvitecode") {
function IHomeServiceCreateComplainReply($params = NULL) { global $_SGLOBAL; $cpid = 0; # complain 表中的 id $relay_times = 0; if ($params['uid']) { if ($params['uid'] <= 0) { $errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct.the parameter uid must be a positive integer."); return json_encode($errorMsg); } else { $query = $_SGLOBAL['db']->query("select name,username from " . tname('space') . " where uid = " . $params['uid']); if ($row = $_SGLOBAL['db']->fetch_array($query)) { if ($row['name']) { $params['uname'] = $row['name']; } else { $params['uname'] = $row['username']; } } else { $errorMsg = array("errorNo" => "500", "content" => "the uid is not exist"); return json_encode($errorMsg); } } } else { $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter.the parameter uid is not exist or is not a positive integer."); return json_encode($errorMsg); } $complain = array(); if ($params['complainId']) { if ($params['complainId'] <= 0) { $errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct.the parameter complainId must be a positive integer."); return json_encode($errorMsg); } else { $query = $_SGLOBAL['db']->query("select * from " . tname('complain') . " where doid = " . $params['complainId']); if ($complain = $_SGLOBAL['db']->fetch_array($query)) { if (isblacklist($complain['uid'])) { $errorMsg = array("errorNo" => "500", "content" => "the user of complain is in blacklist."); return json_encode($errorMsg); } } else { $errorMsg = array("errorNo" => "500", "content" => "the complain id is not exist"); return json_encode($errorMsg); } } } else { $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter.the parameter complainId is not exist or is not a positive integer."); return json_encode($errorMsg); } if (!$params['message']) { $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter message."); return json_encode($errorMsg); } $params['timestamp'] = time(); $doid = $params['complainId']; $message = getstr($params['message'], 480, 1, 1, 1); preg_match_all("/[@](.*)[(]([\\d]+)[)]\\s*/U", $params['message'], $matches, PREG_SET_ORDER); preg_match_all("/回复[@](.*)[(]([\\d]+)[)]\\s*/U", $params['message'], $reply_matches, PREG_SET_ORDER); if ($reply_matches) { $exclude_relay = 1; } # 如果带有回复字眼,则默认不为relay $newid = 0; $addtype = 0; $query = $_SGLOBAL['db']->query("select * from " . tname('complain') . " where doid=" . $params['complainId'] . ' and atuid=' . $params['uid']); if ($row = $_SGLOBAL['db']->fetch_array($query)) { $complain = $row; $addtype = 2; $cpid = $complain['id']; $relay_times = $complain['relay_times']; } $isrelay = 0; if ($addtype && $matches && !$exclude_relay) { $isrelay = 1; } if ($isrelay && $relay_times >= 3) { $errorMsg = array("errorNo" => "500", "content" => "relay times reach the ceiling'."); return json_encode($errorMsg); } $UserIds = array(); $relay_depid = 0; foreach ($matches as $value) { $TmpString = $value[0]; $TmpName = $value[1]; $UserId = $value[2]; $result = $_SGLOBAL['db']->query("select uid,username,name from " . tname('space') . " where uid=" . $UserId); if ($rs = $_SGLOBAL['db']->fetch_array($result)) { $realname = $rs['name']; if (empty($realname)) { $realname = $rs['username']; } $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; if ($ValidValue != false) { $message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $message); if (!in_array($UserId, $UserIds)) { $UserIds[] = $UserId; } } } if ($isrelay) { $q = $_SGLOBAL['db']->query("select * from " . tname('powerlevel') . " where dept_uid = " . $UserId); if ($r = $_SGLOBAL['db']->fetch_array($q)) { $relay_depid = $UserId; } } } $message = preg_replace("/\\[am:(\\d+):]/is", "<img src=\"image/face_new/face_1/\\1.gif\" class=\"face\">", $message); $message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $message); $message = preg_replace("/\\[bm:(\\d+):]/is", "<img src=\"image/face_new/face_2/\\1.gif\" class=\"face\">", $message); $message = preg_replace("/\\<br.*?\\>/is", ' ', $message); $params['message'] = $message; if (strlen($message) < 1) { $errorMsg = array("errorNo" => "4002", "content" => "the parameter message is too short'."); return json_encode($errorMsg); } if (!$addtype) { if ($UserIds) { $temp = implode(',', $UserIds); $_SGLOBAL['db']->query("UPDATE " . tname('complain') . " SET locked=0 WHERE doid= " . $params['complainId'] . " AND uid=" . $params['uid'] . " AND locked AND atuid in ({$temp})"); } $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('doing') . " WHERE doid=" . $params['complainId']); $updo = $_SGLOBAL['db']->fetch_array($query); $updo['id'] = intval($updo['id']); $updo['grade'] = intval($updo['grade']); $setarr = array('doid' => $updo['doid'], 'upid' => $updo['id'], 'uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'message' => $message, 'ip' => getonlineip(), 'grade' => $updo['grade'] + 1); if ($params['ip']) { $setarr['ip'] = $params['ip']; } else { $params['ip'] = $setarr['ip']; } if ($updo['grade'] >= 3) { $setarr['upid'] = $updo['upid']; } $newid = inserttable('docomment', $setarr, 1); $params['id'] = $newid; $params['operation'] = 0; $_SGLOBAL['db']->query("UPDATE " . tname('doing') . " SET replynum=replynum+1 WHERE doid='{$updo['doid']}'"); $note = cplang('note_complain_reply', array("space.php?do=complain_item&doid={$setarr['doid']}")); notification_add($userId, 'complain', $note); if (empty($UserIds)) { // not @ $query = $_SGLOBAL['db']->query("SELECT * FROM ihome_complain where doid=" . $updo[doid]); $value = $_SGLOBAL['db']->fetch_array($query); if ($value['from'] == $params['uid']) { //发起方 notification_add($value['atuid'], 'complain', $note); } else { notification_add($value['from'], 'complain', $note); } } unset($params['complainId']); return json_encode($params); } $optype = 2; if ($isrelay) { $optype = 3; $addtype = 0; } $oparr = array('doid' => $params['complainId'], 'message' => $params['message'], 'uid' => $params['uid'], 'username' => $params['uname'], 'optype' => $optype, 'dateline' => time(), 'opvalue' => $relay_depid, 'finish' => $addtype == 2 ? 1 : 0); $params['operation'] = $opid = inserttable('complain_op', $oparr, true); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('doing') . " WHERE doid=" . $params['complainId']); $updo = $_SGLOBAL['db']->fetch_array($query); $updo['id'] = intval($updo['id']); $updo['grade'] = intval($updo['grade']); $setarr = array('doid' => $updo['doid'], 'upid' => $updo['id'], 'uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'message' => $message, 'ip' => getonlineip(), 'grade' => $updo['grade'] + 1, 'complainBorn' => 1, 'complainopid' => $opid); if ($params['ip']) { $setarr['ip'] = $params['ip']; } else { $params['ip'] = $setarr['ip']; } if ($updo['grade'] >= 3) { $setarr['upid'] = $updo['upid']; } $params['id'] = $newid = inserttable('docomment', $setarr, 1); $_SGLOBAL['db']->query("UPDATE " . tname('doing') . " SET replynum=replynum+1 WHERE doid='{$updo['doid']}'"); if ($optype == 3) { $query = $_SGLOBAL['db']->query("select * from " . tname("space") . " where uid = {$relay_depid}"); $relay_dep = $_SGLOBAL['db']->fetch_array($query); if (empty($relay_dep)) { $errorMsg = array("errorNo" => 500, "content" => "the at user is not exist "); return json_encode($errorMsg); } updatetable('complain', array("status" => 3, 'lastopid' => $opid), array('id' => $cpid)); #status = 3 relayed $query = $_SGLOBAL['db']->query("select * from " . tname("complain") . " where doid= " . $params['complainId'] . " and atuid={$relay_depid} and status != 3"); $already = $_SGLOBAL['db']->fetch_array($query); if (!$already) { if ($complain['relayed_by']) { $relayed_by = $complain['relayed_by'] . $params['uid'] . ','; } else { $relayed_by = ',' . $params['uid'] . ','; } $newComplain = $complain; unset($newComplain['id']); $newComplain['atdeptuid'] = $relay_depid; $newComplain['atuid'] = $relay_depid; $newComplain['atuname'] = $relay_dep['name']; $newComplain['atdepartment'] = $relay_dep['name']; $newComplain['dateline'] = $_SGLOBAL['timestamp']; $newComplain['times'] = 1; $newComplain['issendmsg'] = 0; $newComplain['relay_times'] = $complain['relay_times'] + 1; $newComplain['relayed_by'] = $relayed_by; $newComplainId = inserttable('complain', $newComplain, 1); if ($complain['lastopid'] == 0) { $result = $_SGLOBAL['db']->query("select * from " . tname('complain_dep') . " where uid = " . $params['uid']); $dep = $_SGLOBAL['db']->fetch_array($result); if (empty($dep)) { $arr = array(); $arr['uid'] = $params['uid']; $arr['username'] = $params['uname']; $arr['upnum'] = 0; $arr['downnum'] = 0; $arr['allreplynum'] = 1; $arr['allreplysecs'] = $_SGLOBAL['timestamp'] - $complain['dateline']; $arr['score'] = 0; $arr['aversecs'] = 0; $arr['lastupdate'] = 0; inserttable('complain_dep', $arr); } else { $arr['allreplynum'] = $dep['allreplynum'] + 1; $arr['allreplysecs'] = $dep['allreplysecs'] + $_SGLOBAL['timestamp'] - $complain['dateline']; updatetable("complain_dep", $arr, array('uid' => $params['uid'])); } } $note = cplang('complain_relay', array($complain['atuname'], "space.php?do=complain_item&doid={$complain['doid']}")); notification_complain_add($relay_depid, 'complain', $note); } inserttable('complain_resp', array('uid' => $params['uid'], 'doid' => $doid, 'opid' => $opid, 'replysecs' => $_SGLOBAL['timestamp'] - $complain['dateline'], 'dateline' => $_SGLOBAL['timestamp'])); } else { if ($optype == 2) { if ($addtype == 2) { updatetable('complain', array('status' => 1, 'lastopid' => $opid, 'replytime' => $_SGLOBAL['timestamp'], 'dateline' => $_SGLOBAL['timestamp']), array('id' => $cpid)); } else { updatetable('complain', array('locked' => 1, 'replytime' => $_SGLOBAL['timestamp'], 'dateline' => $_SGLOBAL['timestamp']), array('id' => $cpid)); } if ($complain['lastopid'] == 0) { $result = $_SGLOBAL['db']->query("select * from " . tname('complain_dep') . " where uid =" . $params['uid']); $dep = $_SGLOBAL['db']->fetch_array($result); if (empty($dep)) { $arr = array(); $arr['uid'] = $params['uid']; $arr['username'] = $params['uname']; $arr['upnum'] = 0; $arr['downnum'] = 0; $arr['allreplynum'] = 1; $arr['allreplysecs'] = $_SGLOBAL['timestamp'] - $complain['dateline']; $arr['score'] = 0; $arr['aversecs'] = 0; $arr['lastupdate'] = 0; inserttable('complain_dep', $arr); } else { $arr['allreplynum'] = $dep['allreplynum'] + 1; $arr['allreplysecs'] = $dep['allreplysecs'] + $_SGLOBAL['timestamp'] - $complain['dateline']; updatetable("complain_dep", $arr, array('uid' => $params['uid'])); } } inserttable('complain_resp', array('uid' => $params['uid'], 'doid' => $doid, 'opid' => $opid, 'replysecs' => $_SGLOBAL['timestamp'] - $complain['dateline'], 'dateline' => $_SGLOBAL['timestamp'])); $note = cplang('note_doingcomplain_reply', array("space.php?do=complain_item&doid={$complain['doid']}")); notification_complain_add($complain['uid'], 'complain', $note, $params['uid'], $params['uname']); } } unset($params['complainId']); return json_encode($params); }
<?php /* addsharereply.php评论某个分享 Add by am@ihome.2012-10-17 10:34 */ include_once '../iauth_verify_forward.php'; $userid = intval(iauth_verify()); include_once '../../../common.php'; include_once S_ROOT . './uc_client/client.php'; @(include_once S_ROOT . './data/data_profield.php'); //$userid =96; //$username = '******'; $Message = empty($_POST['message']) ? '' : getstr($_POST['message']); $ShareId = empty($_POST['shareid']) ? 0 : intval($_POST['shareid']); $arr = array("id" => intval($ShareId), "uid" => intval($userid), "idtype" => 'sid', "message" => getstr($Message, 5000, 1, 1, 1), "authorid" => intval($userid), "author" => getstr($username, 15, 1, 1, 1), "ip" => getonlineip(), 'dateline' => $_SGLOBAL['timestamp'], 'magicflicker' => 0); $shareid = inserttable('comment', $arr, 1); if ($shareid) { $arrs = array('flag' => 'success'); } else { $arrs = array('flag' => 'fail'); } $result = json_encode($arrs); $result = preg_replace("#\\\\u([0-9a-f]{4})#ie", "iconv('UCS-2BE', 'UTF-8', pack('H4', '\\1'))", $result); echo $result; exit;
$TmpString = $value[0]; $TmpName = $value[1]; $UserId = $value[2]; $result = $_SGLOBAL['db']->query("select uid,username,name from " . tname('space') . " where uid={$UserId}"); $rs = $_SGLOBAL['db']->fetch_array($result); $realname = $rs['name']; //调用检查函数将@后的内容进行验证,为UID对应的姓名相同则返回@与姓名,不相同则继续判断下一个@,没有找到匹配的最终将返回false $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; $Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message); } //替换表情 $Message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $Message); $Message = preg_replace("/\\<br.*?\\>/is", ' ', $Message); $arr = array('upid' => intval($Id), "username" => getstr($username, 15, 1, 1, 1), "message" => getstr($Message, 280, 1, 1, 1), "doid" => intval($Doid), "uid" => intval($userid), "grade" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'ip' => getonlineip()); $replyid = inserttable('docomment', $arr, 1); //更新回复数 $_SGLOBAL['db']->query("UPDATE " . tname('doing') . " SET replynum=replynum+1 WHERE doid='{$Doid}'"); //统计 updatestat('docomment'); if ($replyid) { $arrs = array('flag' => 'success'); } else { $arrs = array('flag' => 'fail'); } } } $result = json_encode($arrs); $result = preg_replace("#\\\\u([0-9a-f]+)#ie", "iconv('UCS-2BE', 'UTF-8', pack('H4', '\\1'))", $result); echo $result;
$realname = $rs['name']; if (empty($realname)) { $realname = $rs['username']; } //调用检查函数将@后的内容进行验证,为UID对应的姓名相同则返回@与姓名,不相同则继续判断下一个@,没有找到匹配的最终将返回false $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; if ($ValidValue != false) { $Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message); $UserIds[] = $UserId; } } } //Add by Add by am 2013-12-07 end $arr = array('tid' => intval($Commentid), "tagid" => intval($TagId), "uid" => intval($userid), "username" => getstr($username, 15, 1, 1, 1), "message" => getstr($Message, 5000, 1, 1, 1), "ip" => getonlineip(), 'dateline' => $_SGLOBAL['timestamp'], "isthread" => 0); $pid = inserttable('post', $arr, 1); //更新统计数据 $_SGLOBAL['db']->query("UPDATE " . tname('thread') . "\r\n\tSET replynum=replynum+1, lastpost='{$_SGLOBAL['timestamp']}', lastauthor='{$username}', lastauthorid='{$userid}'\r\n\tWHERE tid='{$Commentid}'"); //通知 $note = cplang('note_thread_reply') . " <a href=\"space.php?uid={$userid}&do=thread&id={$Commentid}&pid={$pid}\" target=\"_blank\">{$thread['subject']}</a>"; notification_add($userid, 'post', $note); //统计 updatestat('post'); if ($pid) { $arrs = array('flag' => 'success'); } else { $arrs = array('flag' => 'fail'); } } }
function blog_post($POST, $olds = array()) { global $_SGLOBAL, $_SC, $space; //�����߽�ɫ�л� $isself = 1; if (!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) { $isself = 0; $__SGLOBAL = $_SGLOBAL; $_SGLOBAL['supe_uid'] = $olds['uid']; $_SGLOBAL['supe_username'] = addslashes($olds['username']); } //���� $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); if (strlen($POST['subject']) < 1) { $POST['subject'] = sgmdate('Y-m-d'); } $POST['friend'] = intval($POST['friend']); //��˽ $POST['target_ids'] = ''; if ($POST['friend'] == 2) { //�ض����� $uids = array(); $names = empty($_POST['target_names']) ? array() : explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names'])); if ($names) { $query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE username IN (" . simplode($names) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $uids[] = $value['uid']; } } if (empty($uids)) { $POST['friend'] = 3; //���Լ��ɼ� } else { $POST['target_ids'] = implode(',', $uids); } } elseif ($POST['friend'] == 4) { //���� $POST['password'] = trim($POST['password']); if ($POST['password'] == '') { $POST['friend'] = 0; } //���� } if ($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if ($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = shtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //������� //���� if ($_SGLOBAL['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1); $POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']); } $message = $POST['message']; //���˷��� if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { //������ $classname = shtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1, 1); if (empty($classname)) { $classid = 0; } else { $classid = getcount('class', array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid']), 'classid'); if (empty($classid)) { $setarr = array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']); $classid = inserttable('class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if ($classid && empty($classname)) { //�Ƿ����Լ��� $classname = getcount('class', array('classid' => $classid, 'uid' => $_SGLOBAL['supe_uid']), 'classname'); if (empty($classname)) { $classid = 0; } } //���� $blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply']) ? 0 : 1); //����ͼƬ $titlepic = ''; //��ȡ�ϴ���ͼƬ $uploads = array(); if (!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE picid IN (" . simplode($picids) . ") AND uid='{$_SGLOBAL['supe_uid']}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if (empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'] . '.thumb.jpg'; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if (empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } } //�������� if ($uploads) { preg_match_all("/\\<img\\s.*?\\_uchome\\_localimg\\_([0-9]+).+?src\\=\"(.+?)\"/i", $message, $mathes); if (!empty($mathes[1])) { $searchs = $idsearchs = array(); $replaces = array(); foreach ($mathes[1] as $key => $value) { if (!empty($mathes[2][$key]) && !empty($uploads[$value])) { $searchs[] = $mathes[2][$key]; $idsearchs[] = "_uchome_localimg_{$value}"; $replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0); unset($uploads[$value]); } } if ($searchs) { $message = str_replace($searchs, $replaces, $message); $message = str_replace($idsearchs, 'uchomelocalimg[]', $message); } } //δ�������� foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"{$picurl}\"><p>{$value['title']}</p></div>"; } } //û����д�κζ��� $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message); if (empty($ckmessage)) { return false; } //���slashes $message = addslashes($message); //�������ж�ȡͼƬ if (empty($titlepic)) { $titlepic = getmessagepic($message); $blogarr['picflag'] = 0; } $blogarr['pic'] = $titlepic; //�ȶ� if (checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } //���� if ($_POST['attachid'] && $_POST['attachpath'] && $_POST['attachname'] && $_POST['attachsize']) { $blogarr['attachid'] = $_POST['attachid']; $blogarr['attachpath'] = $_POST['attachpath']; $blogarr['attachname'] = $_POST['attachname']; $blogarr['attachsize'] = $_POST['attachsize']; } if ($olds['blogid']) { //���� $blogid = $olds['blogid']; updatetable('blog', $blogarr, array('blogid' => $blogid)); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { //�������� $blogarr['topicid'] = topic_check($POST['topicid'], 'blog'); $blogarr['uid'] = $_SGLOBAL['supe_uid']; $blogarr['username'] = $_SGLOBAL['supe_username']; $blogarr['dateline'] = empty($POST['dateline']) ? $_SGLOBAL['timestamp'] : $POST['dateline']; $blogid = inserttable('blog', $blogarr, 1); } $blogarr['blogid'] = $blogid; //���� $fieldarr = array('message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids']); //TAG $oldtagstr = addslashes(empty($olds['tag']) ? '' : implode(' ', unserialize($olds['tag']))); $tagarr = array(); if ($POST['tag'] != $oldtagstr) { if (!empty($olds['tag'])) { //�Ȱ���ǰ�ĸ������ $oldtags = array(); $query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $oldtags[] = $value['tagid']; } if ($oldtags) { $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET blognum=blognum-1 WHERE tagid IN (" . simplode($oldtags) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'"); } } $tagarr = tag_batch($blogid, $POST['tag']); //���¸����е�tag $fieldarr['tag'] = empty($tagarr) ? '' : addslashes(serialize($tagarr)); } if ($olds) { //���� updatetable('blogfield', $fieldarr, array('blogid' => $blogid)); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; inserttable('blogfield', $fieldarr); } //�ռ���� if ($isself) { if ($olds) { //�ռ���� $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET updatetime='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'"); } else { if (empty($space['blognum'])) { $space['blognum'] = getcount('blog', array('uid' => $space['uid'])); $blognumsql = "blognum=" . $space['blognum']; } else { $blognumsql = 'blognum=blognum+1'; } //��� $reward = getreward('publishblog', 0); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$blognumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'"); //ͳ�� updatestat('blog'); } } //����feed if ($POST['makefeed']) { include_once S_ROOT . './source/function_feed.php'; feed_publish($blogid, 'blogid', $olds ? 0 : 1); } //���� if (empty($olds) && $blogarr['topicid']) { topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']); } //��ɫ�л� if (!empty($__SGLOBAL)) { $_SGLOBAL = $__SGLOBAL; } return $blogarr; }