$q = $db->query($sql); $user_select_file = array(); while ($rs = $db->fetch_array($q)) { $user_select_file[] = $rs['file_id']; } unset($rs); $ref = $_SERVER['HTTP_REFERER']; require_once template_echo($item, $user_tpl_dir); } else { $sysmsg[] = "缺失courseid或csid,非法操作"; tb_redirect('reload', $sysmsg); } } break; case 'file_cs_relation_delete': $course_id = (int) gpc('course_id', 'GP', 0); $cs_id = (int) gpc('cs_id', 'GP', 0); $file_id = (int) gpc('file_id', 'GP', 0); if ($task == 'file_cs_relation_delete') { form_auth(gpc('formhash', 'P', ''), formhash()); $ref = gpc('ref', 'P', ''); $db->query_unbuffered("delete from {$tpf}file_cs_relation where cs_id='{$cs_id}' AND file_id = '{$file_id}'"); $sysmsg[] = "删除文件成功"; tb_redirect('reload', $sysmsg); } else { $ref = $_SERVER['HTTP_REFERER']; $file_name = @$db->result_first("select file_name from {$tpf}files where file_id='{$file_id}' "); require_once template_echo($item, $user_tpl_dir); } break; }
@make_thumb($file['tmp_name'], $file_real_path . $file_store_path . $file_real_name_store . '_thumb.' . $file_extension, $settings['thumb_width'], $settings['thumb_height']); } else { $is_image = 0; } } else { $is_image = 0; } $rs = $db->fetch_one_array("select file_name,file_extension,file_store_path,file_real_name from {$tpf}files where file_id='{$file_id}' and userid='{$pd_uid}' limit 1"); if ($rs) { $file_ext = $rs[file_extension] ? '.' . $rs[file_extension] : ''; @unlink(PHPDISK_ROOT . $settings[file_path] . '/' . $rs[file_store_path] . '/' . $rs[file_real_name] . $file_ext); @unlink(PHPDISK_ROOT . $settings[file_path] . '/' . $rs[file_store_path] . '/' . $rs[file_real_name] . '_thumb' . $file_ext); } unset($rs); $server_oid = @$db->result_first("select server_oid from {$tpf}servers where server_id>1 order by is_default desc limit 1"); if (!$error && upload_file($file['tmp_name'], $dest_file)) { $ins = array('file_name' => $file_name, 'file_key' => $file_key, 'file_extension' => $file_extension, 'is_image' => $is_image, 'file_mime' => $file_mime, 'file_store_path' => $file_store_path, 'file_real_name' => $file_real_name, 'file_size' => $file['size'], 'file_time' => $timestamp, 'server_oid' => (int) $server_oid, 'is_checked' => 1, 'in_share' => 1, 'userid' => $pd_uid, 'ip' => $onlineip, 'folder_id' => $folder_id); $db->query_unbuffered("update {$tpf}files set " . $db->sql_array($ins) . " where file_id='{$file_id}' and userid='{$pd_uid}' limit 1"); $sysmsg[] = '替换文件上传成功'; tb_redirect($settings[phpdisk_url] . urr("space", "username="******"select folder_id from {$tpf}files where file_id='{$file_id}' limit 1"); $ref = $_SERVER['HTTP_REFERER']; require_once template_echo($item, $user_tpl_dir); } break; }
function auth_task_guest() { global $db, $tpf, $pd_uid, $pd_gid; form_auth(gpc('formhash', 'P', ''), formhash()); $username = trim(gpc('username', 'P', '')); $password = trim(gpc('password', 'P', '')); $confirm_password = trim(gpc('confirm_password', 'P', '')); $email = trim(gpc('email', 'P', '')); $ref = trim(gpc('ref', 'P', '')); if (checklength($username, 2, 60)) { $error = true; $sysmsg[] = __('invalid_username'); } elseif (is_bad_chars($username)) { $error = true; $sysmsg[] = __('username_has_bad_chars'); } else { $rs = $db->fetch_one_array("select username from {$tpf}users where username='******' and userid<>'{$pd_uid}' limit 1"); if ($rs) { if (strcasecmp($username, $rs['username']) == 0) { $error = true; $sysmsg[] = __('username_already_exists'); } } unset($rs); } if (checklength($password, 6, 20)) { $error = true; $sysmsg[] = __('invalid_password'); } else { if ($password == $confirm_password) { $md5_pwd = md5($password); } else { $error = true; $sysmsg[] = __('confirm_password_invalid'); } } if (!checkemail($email)) { $error = true; $sysmsg[] = __('invalid_email'); } else { $rs = $db->fetch_one_array("select email from {$tpf}users where email='{$email}' and userid<>'{$pd_uid}' limit 1"); if ($rs) { if (strcasecmp($email, $rs['email']) == 0) { $error = true; $sysmsg[] = __('email_already_exists'); } unset($rs); } } if (!$error) { $ins = array('username' => $username, 'password' => $md5_pwd, 'email' => $email, 'space_name' => $username . __('file'), 'can_edit' => 0); $db->query_unbuffered("update {$tpf}users set " . $db->sql_array($ins) . " where userid='{$pd_uid}'"); pd_setcookie('phpdisk_zcore_info', pd_encode("{$pd_uid}\t{$pd_gid}\t{$username}\t{$md5_pwd}\t{$email}"), 86400 * 3); $sysmsg[] = __('guest_set_account_success'); tb_redirect($ref, $sysmsg); } else { tb_redirect('back', $sysmsg); } }