forked from zicongxie/zhaotaoci.cc
/
ask.inc.php
142 lines (142 loc) · 5.18 KB
/
ask.inc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<?php
defined('IN_DESTOON') or exit('Access Denied');
login();
require DT_ROOT.'/module/'.$module.'/common.inc.php';
$MG['ask'] or dalert(lang('message->without_permission_and_upgrade'), 'goback');
require DT_ROOT.'/include/post.func.php';
$TYPE = get_type('ask', 1);
$TYPE or message($L['feature_close']);
$forward or $forward = '?action=index';
$dstatus = $L['ask_status'];
$r = $db->get_one("SELECT support FROM {$DT_PRE}member WHERE userid=$_userid");
$support = $r['support'] ? $r['support'] : '';
switch($action) {
case 'add':
$a = array();
if($itemid) {
$r = $db->get_one("SELECT * FROM {$DT_PRE}ask WHERE itemid=$itemid");
if($r['username'] == $_username && $r['status'] > 1) $a = $r;
}
if($submit) {
$typeid = intval($typeid);
if(!$typeid || !isset($TYPE[$typeid])) message($L['pass_typeid']);
if(empty($title)) message($L['pass_title']);
if(empty($content)) message($L['pass_content']);
$fields = array(
'typeid' => $typeid,
'title' => $title,
);
$fields = dhtmlspecialchars($fields);
clear_upload($content);
$content = dsafe(addslashes(save_remote(save_local(stripslashes($content)))));
$fields['content'] = $content;
$fields['qid'] = $a ? $a['itemid'] : 0;
$fields['username'] = $_username;
$fields['addtime'] = $DT_TIME;
$sqlk = $sqlv = '';
foreach($fields as $k=>$v) {
$sqlk .= ','.$k; $sqlv .= ",'$v'";
}
$sqlk = substr($sqlk, 1); $sqlv = substr($sqlv, 1);
$db->query("INSERT INTO {$DT_PRE}ask ($sqlk) VALUES ($sqlv)");
dmsg($L['ask_add_success'], '?action=index');
} else {
$typeid = isset($typeid) ? intval($typeid) : 0;
$title = '';
$content = '';
if($a) {
$typeid = $a['typeid'];
$title = $a['title'];
$content = $a['content'];
}
$type_select = type_select($TYPE, 1, 'typeid', $L['choose_type'], $typeid, 'id="typeid"');
$head_title = $L['ask_title_add'];
}
break;
case 'edit':
$itemid or message();
$r = $db->get_one("SELECT * FROM {$DT_PRE}ask WHERE itemid=$itemid");
$r or message();
$r['username'] == $_username or message();
if($r['status'] > 0) message($L['ask_msg_edit']);
if($submit) {
$typeid = intval($typeid);
if(!$typeid || !isset($TYPE[$typeid])) message($L['pass_typeid']);
if(empty($title)) message($L['pass_title']);
if(empty($content)) message($L['pass_content']);
clear_upload($content);
$content = dsafe(addslashes(save_remote(save_local(stripslashes($content)))));
$fields = array(
'typeid' => $typeid,
'title' => $title,
);
$fields = dhtmlspecialchars($fields);
$fields['content'] = $content;
$sql = '';
foreach($fields as $k=>$v) {
$sql .= ",$k='$v'";
}
$sql = substr($sql, 1);
$db->query("UPDATE {$DT_PRE}ask SET $sql WHERE itemid=$itemid");
dmsg($L['op_edit_success'], $forward);
} else {
extract($r);
$type_select = type_select($TYPE, 1, 'typeid', $L['choose_type'], $typeid, 'id="typeid"');
$head_title = $L['ask_title_edit'];
}
break;
case 'show':
$itemid or message();
$r = $db->get_one("SELECT * FROM {$DT_PRE}ask WHERE itemid=$itemid");
$r or message();
$r['username'] == $_username or message();
extract($r);
$addtime = timetodate($addtime, 5);
$edittime = $edittime ? timetodate($edittime, 5) : '';
$stars = $L['ask_star_type'];
$head_title = $L['ask_title_show'];
break;
case 'star':
$itemid or message();
$r = $db->get_one("SELECT * FROM {$DT_PRE}ask WHERE itemid=$itemid");
$r or message();
$r['username'] == $_username or message();
$r['star'] == 0 or message();
$star = isset($star) ? intval($star) : 3;
in_array($star, array(1, 2, 3)) or $star = 3;
$db->query("UPDATE {$DT_PRE}ask SET star=$star WHERE itemid=$itemid");
dmsg($L['ask_star_success'], '?action=show&itemid='.$itemid);
break;
case 'delete':
$itemid or message();
$r = $db->get_one("SELECT * FROM {$DT_PRE}ask WHERE itemid=$itemid");
$r or message();
$r['username'] == $_username or message();
$r['status'] == 0 or message();
$db->query("DELETE FROM {$DT_PRE}ask WHERE itemid=$itemid");
dmsg($L['op_del_success'], $forward);
break;
default:
isset($fields) && isset($dfields[$fields]) or $fields = 0;
$typeid = isset($typeid) ? ($typeid === '' ? -1 : intval($typeid)) : -1;
$type_select = type_select($TYPE, 1, 'typeid', $L['default_type'], $typeid, '', $L['all_type']);
$condition = "username='$_username'";
if($keyword) $condition .= " AND title LIKE '%$keyword%'";
if($typeid > -1) $condition .= " AND typeid=$typeid";
$r = $db->get_one("SELECT COUNT(*) AS num FROM {$DT_PRE}ask WHERE $condition");
$pages = pages($r['num'], $page, $pagesize);
$asks = array();
$result = $db->query("SELECT * FROM {$DT_PRE}ask WHERE $condition ORDER BY itemid DESC LIMIT $offset,$pagesize");
while($r = $db->fetch_array($result)) {
$r['adddate'] = timetodate($r['addtime'], 5);
$r['editdate'] = $r['edittime'] ? timetodate($r['edittime'], 5) : 'N/A';
$r['dstatus'] = $dstatus[$r['status']];
$r['dstar'] = $L['ask_star_type'][$r['star']];
$r['type'] = $r['typeid'] && isset($TYPE[$r['typeid']]) ? set_style($TYPE[$r['typeid']]['typename'], $TYPE[$r['typeid']]['style']) : $L['default_type'];
$asks[] = $r;
}
$head_title = $L['ask_title'];
break;
}
include template('ask', $module);
?>