function blog_post($POST, $olds=array()) { global $_G, $space; $isself = 1; if(!empty($olds['uid']) && $olds['uid'] != $_G['uid']) { $isself = 0; $__G = $_G; $_G['uid'] = $olds['uid']; $_G['username'] = addslashes($olds['username']); } $POST['subject'] = getstr(trim($POST['subject']), 80); $POST['subject'] = censor($POST['subject']); if(strlen($POST['subject'])<1) $POST['subject'] = dgmdate($_G['timestamp'], 'Y-m-d'); $POST['friend'] = intval($POST['friend']); $POST['target_ids'] = ''; if($POST['friend'] == 2) { $uids = array(); $names = empty($_POST['target_names'])?array():explode(',', preg_replace("/(\s+)/s", ',', $_POST['target_names'])); if($names) { $uids = C::t('common_member')->fetch_all_uid_by_username($names); } if(empty($uids)) { $POST['friend'] = 3; } else { $POST['target_ids'] = implode(',', $uids); } } elseif($POST['friend'] == 4) { $POST['password'] = trim($POST['password']); if($POST['password'] == '') $POST['friend'] = 0; } if($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = dhtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500); $POST['tag'] = censor($POST['tag']); $POST['message'] = checkhtml($POST['message']); if($_G['mobile']) { $POST['message'] = getstr($POST['message'], 0, 0, 0, 1); $POST['message'] = censor($POST['message']); } else { $POST['message'] = getstr($POST['message'], 0, 0, 0, 0, 1); $POST['message'] = censor($POST['message']); $POST['message'] = preg_replace(array( "/\<div\>\<\/div\>/i", "/\<a\s+href\=\"([^\>]+?)\"\>/i" ), array( '', '<a href="\\1" target="_blank">' ), $POST['message']); } $message = $POST['message']; if(censormod($message) || censormod($POST['subject']) || $_G['group']['allowblogmod']) { $blog_status = 1; } else { $blog_status = 0; } if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { $classname = dhtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname); $classname = censor($classname); if(empty($classname)) { $classid = 0; } else { $classid = C::t('home_class')->fetch_classid_by_uid_classname($_G['uid'], $classname); if(empty($classid)) { $setarr = array( 'classname' => $classname, 'uid' => $_G['uid'], 'dateline' => $_G['timestamp'] ); $classid = C::t('home_class')->insert($setarr, true); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if($classid && empty($classname)) { $query = C::t('home_class')->fetch($classid); $classname = ($query['uid'] == $_G['uid']) ? $query['classname'] : ''; if(empty($classname)) $classid = 0; } $blogarr = array( 'subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($POST['noreply'])?0:1, 'catid' => intval($POST['catid']), 'status' => $blog_status, ); $titlepic = ''; $uploads = array(); if(!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = C::t('home_pic')->fetch_all_by_uid($_G['uid'], 0, 0, $picids); foreach($query as $value) { if(empty($titlepic) && $value['thumb']) { $titlepic = getimgthumbname($value['filepath']); $blogarr['picflag'] = $value['remote']?2:1; } $picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0); $uploads[md5($picurl)] = $value; } if(empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote']?2:1; } } if($uploads) { $albumid = 0; if($POST['savealbumid'] < 0 && !empty($POST['newalbum'])) { $albumname = addslashes(dhtmlspecialchars(trim($POST['newalbum']))); if(empty($albumname)) $albumname = dgmdate($_G['timestamp'],'Ymd'); $albumarr = array('albumname' => $albumname); $albumid = album_creat($albumarr); } else { $albumid = $POST['savealbumid'] < 0 ? 0 : intval($POST['savealbumid']); } if($albumid) { C::t('home_pic')->update_for_uid($_G['uid'], $picids, array('albumid' => $albumid)); album_update_pic($albumid); } preg_match_all("/\s*\<img src=\"(.+?)\".*?\>\s*/is", $message, $mathes); if(!empty($mathes[1])) { foreach ($mathes[1] as $key => $value) { $urlmd5 = md5($value); if(!empty($uploads[$urlmd5])) { unset($uploads[$urlmd5]); } } } foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>"; } } $ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\ \;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message); if(empty($ckmessage)) { return false; } if(checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } if($olds['blogid']) { if($blogarr['catid'] != $olds['catid']) { if($olds['catid']) { C::t('home_blog_category')->update_num_by_catid(-1, $olds['catid'], true, true); } if($blogarr['catid']) { C::t('home_blog_category')->update_num_by_catid(1, $blogarr['catid']); } } $blogid = $olds['blogid']; C::t('home_blog')->update($blogid, $blogarr); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { if($blogarr['catid']) { C::t('home_blog_category')->update_num_by_catid(1, $blogarr['catid']); } $blogarr['uid'] = $_G['uid']; $blogarr['username'] = $_G['username']; $blogarr['dateline'] = empty($POST['dateline'])?$_G['timestamp']:$POST['dateline']; $blogid = C::t('home_blog')->insert($blogarr, true); C::t('common_member_status')->update($_G['uid'], array('lastpost' => $_G['timestamp'])); C::t('common_member_field_home')->update($_G['uid'], array('recentnote'=>$POST['subject'])); } $blogarr['blogid'] = $blogid; $class_tag = new tag(); $POST['tag'] = $olds ? $class_tag->update_field($POST['tag'], $blogid, 'blogid') : $class_tag->add_tag($POST['tag'], $blogid, 'blogid'); $fieldarr = array( 'message' => $message, 'postip' => $_G['clientip'], 'target_ids' => $POST['target_ids'], 'tag' => $POST['tag'] ); if(!empty($titlepic)) { $fieldarr['pic'] = $titlepic; } if($olds) { C::t('home_blogfield')->update($blogid, $fieldarr); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; C::t('home_blogfield')->insert($fieldarr); } if($isself && !$olds && $blog_status == 0) { updatecreditbyaction('publishblog', 0, array('blogs' => 1)); include_once libfile('function/stat'); updatestat('blog'); } if($olds['blogid'] && $blog_status == 1) { updatecreditbyaction('publishblog', 0, array('blogs' => -1), '', -1); include_once libfile('function/stat'); updatestat('blog'); } if($POST['makefeed'] && $blog_status == 0) { include_once libfile('function/feed'); feed_publish($blogid, 'blogid', $olds?0:1); } if(!empty($__G)) $_G = $__G; if($blog_status == 1) { updatemoderate('blogid', $blogid); manage_addnotify('verifyblog'); } return $blogarr; }
function blog_post($POST, $olds = array()) { global $_SGLOBAL, $_SC, $space; //�����߽�ɫ�л� $isself = 1; if (!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) { $isself = 0; $__SGLOBAL = $_SGLOBAL; $_SGLOBAL['supe_uid'] = $olds['uid']; $_SGLOBAL['supe_username'] = addslashes($olds['username']); } //���� $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); if (strlen($POST['subject']) < 1) { $POST['subject'] = sgmdate('Y-m-d'); } $POST['friend'] = intval($POST['friend']); //��˽ $POST['target_ids'] = ''; if ($POST['friend'] == 2) { //�ض����� $uids = array(); $names = empty($_POST['target_names']) ? array() : explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names'])); if ($names) { $query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE username IN (" . simplode($names) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $uids[] = $value['uid']; } } if (empty($uids)) { $POST['friend'] = 3; //���Լ��ɼ� } else { $POST['target_ids'] = implode(',', $uids); } } elseif ($POST['friend'] == 4) { //���� $POST['password'] = trim($POST['password']); if ($POST['password'] == '') { $POST['friend'] = 0; } //���� } if ($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if ($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = shtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //������� //���� if ($_SGLOBAL['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1); $POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']); } $message = $POST['message']; //���˷��� if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { //������ $classname = shtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1, 1); if (empty($classname)) { $classid = 0; } else { $classid = getcount('class', array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid']), 'classid'); if (empty($classid)) { $setarr = array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']); $classid = inserttable('class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if ($classid && empty($classname)) { //�Ƿ����Լ��� $classname = getcount('class', array('classid' => $classid, 'uid' => $_SGLOBAL['supe_uid']), 'classname'); if (empty($classname)) { $classid = 0; } } //���� $blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply']) ? 0 : 1); //����ͼƬ $titlepic = ''; //��ȡ�ϴ���ͼƬ $uploads = array(); if (!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE picid IN (" . simplode($picids) . ") AND uid='{$_SGLOBAL['supe_uid']}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if (empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'] . '.thumb.jpg'; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if (empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } } //�������� if ($uploads) { preg_match_all("/\\<img\\s.*?\\_uchome\\_localimg\\_([0-9]+).+?src\\=\"(.+?)\"/i", $message, $mathes); if (!empty($mathes[1])) { $searchs = $idsearchs = array(); $replaces = array(); foreach ($mathes[1] as $key => $value) { if (!empty($mathes[2][$key]) && !empty($uploads[$value])) { $searchs[] = $mathes[2][$key]; $idsearchs[] = "_uchome_localimg_{$value}"; $replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0); unset($uploads[$value]); } } if ($searchs) { $message = str_replace($searchs, $replaces, $message); $message = str_replace($idsearchs, 'uchomelocalimg[]', $message); } } //δ�������� foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"{$picurl}\"><p>{$value['title']}</p></div>"; } } //û����д�κζ��� $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message); if (empty($ckmessage)) { return false; } //���slashes $message = addslashes($message); //�������ж�ȡͼƬ if (empty($titlepic)) { $titlepic = getmessagepic($message); $blogarr['picflag'] = 0; } $blogarr['pic'] = $titlepic; //�ȶ� if (checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } //���� if ($_POST['attachid'] && $_POST['attachpath'] && $_POST['attachname'] && $_POST['attachsize']) { $blogarr['attachid'] = $_POST['attachid']; $blogarr['attachpath'] = $_POST['attachpath']; $blogarr['attachname'] = $_POST['attachname']; $blogarr['attachsize'] = $_POST['attachsize']; } if ($olds['blogid']) { //���� $blogid = $olds['blogid']; updatetable('blog', $blogarr, array('blogid' => $blogid)); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { //�������� $blogarr['topicid'] = topic_check($POST['topicid'], 'blog'); $blogarr['uid'] = $_SGLOBAL['supe_uid']; $blogarr['username'] = $_SGLOBAL['supe_username']; $blogarr['dateline'] = empty($POST['dateline']) ? $_SGLOBAL['timestamp'] : $POST['dateline']; $blogid = inserttable('blog', $blogarr, 1); } $blogarr['blogid'] = $blogid; //���� $fieldarr = array('message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids']); //TAG $oldtagstr = addslashes(empty($olds['tag']) ? '' : implode(' ', unserialize($olds['tag']))); $tagarr = array(); if ($POST['tag'] != $oldtagstr) { if (!empty($olds['tag'])) { //�Ȱ���ǰ�ĸ������ $oldtags = array(); $query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $oldtags[] = $value['tagid']; } if ($oldtags) { $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET blognum=blognum-1 WHERE tagid IN (" . simplode($oldtags) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'"); } } $tagarr = tag_batch($blogid, $POST['tag']); //���¸����е�tag $fieldarr['tag'] = empty($tagarr) ? '' : addslashes(serialize($tagarr)); } if ($olds) { //���� updatetable('blogfield', $fieldarr, array('blogid' => $blogid)); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; inserttable('blogfield', $fieldarr); } //�ռ���� if ($isself) { if ($olds) { //�ռ���� $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET updatetime='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'"); } else { if (empty($space['blognum'])) { $space['blognum'] = getcount('blog', array('uid' => $space['uid'])); $blognumsql = "blognum=" . $space['blognum']; } else { $blognumsql = 'blognum=blognum+1'; } //��� $reward = getreward('publishblog', 0); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$blognumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'"); //ͳ�� updatestat('blog'); } } //����feed if ($POST['makefeed']) { include_once S_ROOT . './source/function_feed.php'; feed_publish($blogid, 'blogid', $olds ? 0 : 1); } //���� if (empty($olds) && $blogarr['topicid']) { topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']); } //��ɫ�л� if (!empty($__SGLOBAL)) { $_SGLOBAL = $__SGLOBAL; } return $blogarr; }
function blog_post($POST, $olds=array()) { global $_SGLOBAL, $_SC, $space; //操作者角色切换 $isself = 1; if(!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) { $isself = 0; $__SGLOBAL = $_SGLOBAL; $_SGLOBAL['supe_uid'] = $olds['uid']; $_SGLOBAL['supe_username'] = addslashes($olds['username']); } //标题 $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); if(strlen($POST['subject'])<1) $POST['subject'] = sgmdate('Y-m-d'); $POST['friend'] = intval($POST['friend']); //隐私 $POST['target_ids'] = ''; if($POST['friend'] == 2) { //特定好友 $uids = array(); $names = empty($_POST['target_names'])?array():explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names'])); if($names) { $query = $_SGLOBAL['db']->query("SELECT uid FROM ".tname('space')." WHERE username IN (".simplode($names).")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $uids[] = $value['uid']; } } if(empty($uids)) { $POST['friend'] = 3;//仅自己可见 } else { $POST['target_ids'] = implode(',', $uids); } } elseif($POST['friend'] == 4) { //加密 $POST['password'] = trim($POST['password']); if($POST['password'] == '') $POST['friend'] = 0;//公开 } if($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = shtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //语词屏蔽 //内容 if($_SGLOBAL['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1); $POST['message'] = preg_replace(array( "/\<div\>\<\/div\>/i", "/\<a\s+href\=\"([^\>]+?)\"\>/i" ), array( '', '<a href="\\1" target="_blank">' ), $POST['message']); } $message = $POST['message']; //个人分类 if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { //分类名 $classname = shtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1, 1); if(empty($classname)) { $classid = 0; } else { $classid = getcount('class', array('classname'=>$classname, 'uid'=>$_SGLOBAL['supe_uid']), 'classid'); if(empty($classid)) { $setarr = array( 'classname' => $classname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp'] ); $classid = inserttable('class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if($classid && empty($classname)) { //是否是自己的 $classname = getcount('class', array('classid'=>$classid, 'uid'=>$_SGLOBAL['supe_uid']), 'classname'); if(empty($classname)) $classid = 0; } //主表 $blogarr = array( 'subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply'])?0:1 ); //标题图片 $titlepic = ''; //获取上传的图片 $uploads = array(); if(!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('pic')." WHERE picid IN (".simplode($picids).") AND uid='$_SGLOBAL[supe_uid]'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if(empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'].'.thumb.jpg'; $blogarr['picflag'] = $value['remote']?2:1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if(empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote']?2:1; } } //插入文章 if($uploads) { preg_match_all("/\<img\s.*?\_uchome\_localimg\_([0-9]+).+?src\=\"(.+?)\"/i", $message, $mathes); if(!empty($mathes[1])) { $searchs = $idsearchs = array(); $replaces = array(); foreach ($mathes[1] as $key => $value) { if(!empty($mathes[2][$key]) && !empty($uploads[$value])) { $searchs[] = $mathes[2][$key]; $idsearchs[] = "_uchome_localimg_$value"; $replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0); unset($uploads[$value]); } } if($searchs) { $message = str_replace($searchs, $replaces, $message); $message = str_replace($idsearchs, 'uchomelocalimg[]', $message); } } //未插入文章 foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>"; } } //没有填写任何东西 $ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\ \;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message); if(empty($ckmessage)) { return false; } //添加slashes $message = addslashes($message); //从内容中读取图片 if(empty($titlepic)) { $titlepic = getmessagepic($message); $blogarr['picflag'] = 0; } $blogarr['pic'] = $titlepic; //热度 if(checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } if($olds['blogid']) { //更新 $blogid = $olds['blogid']; updatetable('blog', $blogarr, array('blogid'=>$blogid)); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { //参与热闹 $blogarr['topicid'] = topic_check($POST['topicid'], 'blog'); $blogarr['uid'] = $_SGLOBAL['supe_uid']; $blogarr['username'] = $_SGLOBAL['supe_username']; $blogarr['dateline'] = empty($POST['dateline'])?$_SGLOBAL['timestamp']:$POST['dateline']; $blogid = inserttable('blog', $blogarr, 1); } $blogarr['blogid'] = $blogid; //附表 $fieldarr = array( 'message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids'] ); //TAG $oldtagstr = addslashes(empty($olds['tag'])?'':implode(' ', unserialize($olds['tag']))); $tagarr = array(); if($POST['tag'] != $oldtagstr) { if(!empty($olds['tag'])) { //先把以前的给清理掉 $oldtags = array(); $query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM ".tname('tagblog')." WHERE blogid='$blogid'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $oldtags[] = $value['tagid']; } if($oldtags) { $_SGLOBAL['db']->query("UPDATE ".tname('tag')." SET blognum=blognum-1 WHERE tagid IN (".simplode($oldtags).")"); $_SGLOBAL['db']->query("DELETE FROM ".tname('tagblog')." WHERE blogid='$blogid'"); } } $tagarr = tag_batch($blogid, $POST['tag']); //更新附表中的tag $fieldarr['tag'] = empty($tagarr)?'':addslashes(serialize($tagarr)); } if($olds) { //更新 updatetable('blogfield', $fieldarr, array('blogid'=>$blogid)); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; inserttable('blogfield', $fieldarr); } //空间更新 if($isself) { if($olds) { //空间更新 $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET updatetime='$_SGLOBAL[timestamp]' WHERE uid='$_SGLOBAL[supe_uid]'"); } else { if(empty($space['blognum'])) { $space['blognum'] = getcount('blog', array('uid'=>$space['uid'])); $blognumsql = "blognum=".$space['blognum']; } else { $blognumsql = 'blognum=blognum+1'; } //积分 $reward = getreward('publishblog', 0); $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET {$blognumsql}, lastpost='$_SGLOBAL[timestamp]', updatetime='$_SGLOBAL[timestamp]', credit=credit+$reward[credit], experience=experience+$reward[experience] WHERE uid='$_SGLOBAL[supe_uid]'"); //统计 updatestat('blog'); } } //产生feed if($POST['makefeed']) { include_once(S_ROOT.'./source/function_feed.php'); feed_publish($blogid, 'blogid', $olds?0:1); } //热闹 if(empty($olds) && $blogarr['topicid']) { topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']); } //角色切换 if(!empty($__SGLOBAL)) $_SGLOBAL = $__SGLOBAL; return $blogarr; }
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('thread') . " WHERE tid='{$tid}'"); if (!($thread = $_SGLOBAL['db']->fetch_array($query))) { showmessage('no_privilege'); } //检查权限 $tagid = $thread['tagid']; $mtag = ckmtagspace($thread['tagid']); if ($mtag['grade'] < 8 && $thread['uid'] != $_SGLOBAL['supe_uid'] && $userevent['status'] < 3) { showmessage('no_privilege'); } } $subject = getstr($_POST['subject'], 80, 1, 1, 1); if (strlen($subject) < 2) { showmessage('title_not_too_little'); } $_POST['message'] = checkhtml($_POST['message']); $_POST['message'] = getstr($_POST['message'], 0, 1, 0, 1, 0, 1); $_POST['message'] = preg_replace("/\\<div\\>\\<\\/div\\>/i", '', $_POST['message']); $message = $_POST['message']; //标题图片 $titlepic = ''; //获取上传的图片 $uploads = array(); if (!empty($_POST['picids'])) { $picids = array_keys($_POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE picid IN (" . simplode($picids) . ") AND uid='{$_SGLOBAL['supe_uid']}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if (empty($titlepic) && $value['thumb']) { $titlepic = pic_get($value['filepath'], $value['thumb'], $value['remote']); } $uploads[$_POST['picids'][$value['picid']]] = $value;
include_once S_ROOT . './source/function_blog.php'; if (empty($results) || empty($_POST['ids'])) { showmessage('choose_at_least_one_log', 'cp.php?ac=import'); } $allcount = $incount = 0; krsort($results); //倒序 foreach ($results as $key => $value) { $allcount = $allcount + 1; if (in_array($key, $_POST['ids'])) { $value = saddslashes($value); $dateline = intval(sstrtotime($value['dateCreated'])); $subject = getstr($value['title'], 80, 1, 1, 1); $message = isset($value['description']) ? $value['description'] : $value['content']; $message = getstr($message, 0, 1, 1, 1, 0, 1); $message = checkhtml($message); if (empty($subject) || empty($message)) { $results[$key]['status'] = '--'; $results[$key]['blogid'] = 0; continue; } //开始导入 $blogarr = array('uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'subject' => $subject, 'pic' => getmessagepic($message), 'dateline' => $dateline ? $dateline : $_SGLOBAL['timestamp']); $blogid = inserttable('blog', $blogarr, 1); //插入内容 $fieldarr = array('blogid' => $blogid, 'message' => $message, 'postip' => getonlineip()); inserttable('blogfield', $fieldarr); //统计 $incount = $incount + 1; $results[$key]['status'] = 'OK'; $results[$key]['blogid'] = $blogid;
function blog_post($POST, $olds = array()) { global $_G, $space; $isself = 1; if (!empty($olds['uid']) && $olds['uid'] != $_G['uid']) { $isself = 0; $__G = $_G; $_G['uid'] = $olds['uid']; $_G['username'] = addslashes($olds['username']); } $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1); $POST['subject'] = censor($POST['subject']); if (strlen($POST['subject']) < 1) { $POST['subject'] = dgmdate($_G['timestamp'], 'Y-m-d'); } $POST['friend'] = intval($POST['friend']); $POST['target_ids'] = ''; if ($POST['friend'] == 2) { $uids = array(); $names = empty($_POST['target_names']) ? array() : explode(',', preg_replace("/(\\s+)/s", ',', $_POST['target_names'])); if ($names) { $query = DB::query("SELECT uid FROM " . DB::table('common_member') . " WHERE username IN (" . dimplode($names) . ")"); while ($value = DB::fetch($query)) { $uids[] = $value['uid']; } } if (empty($uids)) { $POST['friend'] = 3; } else { $POST['target_ids'] = implode(',', $uids); } } elseif ($POST['friend'] == 4) { $POST['password'] = trim($POST['password']); if ($POST['password'] == '') { $POST['friend'] = 0; } } if ($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if ($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = dhtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1); $POST['tag'] = censor($POST['tag']); if ($_G['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1); $POST['message'] = censor($POST['message']); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 0, 1); $POST['message'] = censor($POST['message']); $POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']); } $message = $POST['message']; if (censormod($message) || censormod($POST['subject']) || $_G['group']['allowblogmod']) { $blog_status = 1; } else { $blog_status = 0; } if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { $classname = dhtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1); $classname = censor($classname); if (empty($classname)) { $classid = 0; } else { $classid = DB::result(DB::query("SELECT classid FROM " . DB::table('home_class') . " WHERE uid='{$_G['uid']}' AND classname='{$classname}'")); if (empty($classid)) { $setarr = array('classname' => $classname, 'uid' => $_G['uid'], 'dateline' => $_G['timestamp']); $classid = DB::insert('home_class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if ($classid && empty($classname)) { $classname = DB::result(DB::query("SELECT classname FROM " . DB::table('home_class') . " WHERE classid='{$classid}' AND uid='{$_G['uid']}'")); if (empty($classname)) { $classid = 0; } } $blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($POST['noreply']) ? 0 : 1, 'catid' => intval($POST['catid']), 'status' => $blog_status); $titlepic = ''; $uploads = array(); if (!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = DB::query("SELECT * FROM " . DB::table('home_pic') . " WHERE picid IN (" . dimplode($picids) . ") AND uid='{$_G['uid']}'"); while ($value = DB::fetch($query)) { if (empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'] . '.thumb.jpg'; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if (empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } } if ($uploads) { preg_match_all("/\\[imgid\\=(\\d+)\\]/i", $message, $mathes); if (!empty($mathes[1])) { $searchs = $replaces = array(); foreach ($mathes[1] as $key => $value) { if (!empty($uploads[$value])) { $picurl = pic_get($uploads[$value]['filepath'], 'album', $uploads[$value]['thumb'], $uploads[$value]['remote'], 0); $searchs[] = "[imgid={$value}]"; $replaces[] = "<img src=\"{$picurl}\">"; unset($uploads[$value]); } } if ($searchs) { $message = str_replace($searchs, $replaces, $message); } } foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"{$picurl}\"><p>{$value['title']}</p></div>"; } } $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message); if (empty($ckmessage)) { return false; } $message = addslashes($message); if (empty($titlepic) && empty($olds)) { $titlepic = getmessagepic($message); $blogarr['picflag'] = 0; } if (checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } if ($olds['blogid']) { if ($blogarr['catid'] != $olds['catid']) { if ($olds['catid']) { DB::query("UPDATE " . DB::table('home_blog_category') . " SET num=num-1 WHERE catid='{$olds['catid']}' AND num>0"); } if ($blogarr['catid']) { DB::query("UPDATE " . DB::table('home_blog_category') . " SET num=num+1 WHERE catid='{$blogarr['catid']}'"); } } $blogid = $olds['blogid']; DB::update('home_blog', $blogarr, array('blogid' => $blogid)); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { if ($blogarr['catid']) { DB::query("UPDATE " . DB::table('home_blog_category') . " SET num=num+1 WHERE catid='{$blogarr['catid']}'"); } $blogarr['uid'] = $_G['uid']; $blogarr['username'] = $_G['username']; $blogarr['dateline'] = empty($POST['dateline']) ? $_G['timestamp'] : $POST['dateline']; $blogid = DB::insert('home_blog', $blogarr, 1); DB::update('common_member_status', array('lastpost' => $_G['timestamp']), array('uid' => $_G['uid'])); DB::update('common_member_field_home', array('recentnote' => $POST['subject']), array('uid' => $_G['uid'])); } $blogarr['blogid'] = $blogid; $fieldarr = array('message' => $message, 'postip' => $_G['clientip'], 'target_ids' => $POST['target_ids'], 'tag' => $POST['tag']); if (!empty($titlepic)) { $fieldarr['pic'] = $titlepic; } if ($olds) { DB::update('home_blogfield', $fieldarr, array('blogid' => $blogid)); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; DB::insert('home_blogfield', $fieldarr); } if ($isself && !$olds && $blog_status == 0) { updatecreditbyaction('publishblog', 0, array('blogs' => 1)); include_once libfile('function/stat'); updatestat('blog'); } if ($POST['makefeed'] && $blog_status == 0) { include_once libfile('function/feed'); feed_publish($blogid, 'blogid', $olds ? 0 : 1); } if (!empty($__G)) { $_G = $__G; } return $blogarr; }
function blog_post($POST, $olds = array()) { global $_SGLOBAL, $_SC; //操作者角色切换 if (!empty($olds['uid'])) { $__SGLOBAL = $_SGLOBAL; $_SGLOBAL['supe_uid'] = $olds['uid']; $_SGLOBAL['supe_username'] = addslashes($olds['username']); } //标题 $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); if (strlen($POST['subject']) < 1) { $POST['subject'] = sgmdate('Y-m-d'); } $POST['friend'] = intval($POST['friend']); //隐私 $POST['target_ids'] = ''; if ($POST['friend'] == 2) { //特定好友 $uids = array(); $names = empty($_POST['target_names']) ? array() : explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names'])); if ($names) { $query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE username IN (" . simplode($names) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $uids[] = $value['uid']; } } if (empty($uids)) { $POST['friend'] = 3; //仅自己可见 } else { $POST['target_ids'] = implode(',', $uids); } } elseif ($POST['friend'] == 4) { //加密 $POST['password'] = trim($POST['password']); if ($POST['password'] == '') { $POST['friend'] = 0; } //公开 } if ($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if ($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = shtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //语词屏蔽 //内容 $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1); $POST['message'] = preg_replace("/\\<div\\>\\<\\/div\\>/i", '', $POST['message']); $message = $POST['message']; //个人分类 if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { //分类名 $classname = shtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1, 1); if (empty($classname)) { $classid = 0; } else { $classid = getcount('class', array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid']), 'classid'); if (empty($classid)) { $setarr = array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']); $classid = inserttable('class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if ($classid && empty($classname)) { //是否是自己的 $classname = getcount('class', array('classid' => $classid, 'uid' => $_SGLOBAL['supe_uid']), 'classname'); if (empty($classname)) { $classid = 0; } } //主表 $blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply']) ? 0 : 1); //标题图片 $titlepic = ''; //获取上传的图片 $uploads = array(); if (!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE picid IN (" . simplode($picids) . ") AND uid='{$_SGLOBAL['supe_uid']}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if (empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'] . '.thumb.jpg'; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if (empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } } //插入文章 if ($uploads) { preg_match_all("/\\<img\\s.*?\\_uchome\\_localimg\\_([0-9]+).+?src\\=\"(.+?)\"/i", $message, $mathes); if (!empty($mathes[1])) { $searchs = $idsearchs = array(); $replaces = array(); foreach ($mathes[1] as $key => $value) { if (!empty($mathes[2][$key]) && !empty($uploads[$value])) { $searchs[] = $mathes[2][$key]; $idsearchs[] = "_uchome_localimg_{$value}"; $replaces[] = mkpicurl($uploads[$value], 0); unset($uploads[$value]); } } if ($searchs) { $message = str_replace($searchs, $replaces, $message); $message = str_replace($idsearchs, 'uchomelocalimg[]', $message); } } //未插入文章 foreach ($uploads as $value) { $picurl = mkpicurl($value, 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"{$picurl}\"><p>{$value['title']}</p></div>"; } } //没有填写任何东西 $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message); if (empty($ckmessage)) { return false; } //添加slashes $message = addslashes($message); //从内容中读取图片 if (empty($titlepic)) { $titlepic = getmessagepic($message); $blogarr['picflag'] = 0; } $blogarr['pic'] = $titlepic; if ($olds['blogid']) { //更新 $blogid = $olds['blogid']; updatetable('blog', $blogarr, array('blogid' => $blogid)); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { $blogarr['uid'] = $_SGLOBAL['supe_uid']; $blogarr['username'] = $_SGLOBAL['supe_username']; $blogarr['dateline'] = empty($POST['dateline']) ? $_SGLOBAL['timestamp'] : $POST['dateline']; $blogid = inserttable('blog', $blogarr, 1); } $blogarr['blogid'] = $blogid; //附表 $fieldarr = array('message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids']); //TAG $oldtagstr = addslashes(empty($olds['tag']) ? '' : implode(' ', unserialize($olds['tag']))); $tagarr = array(); if ($POST['tag'] != $oldtagstr) { if (!empty($olds['tag'])) { //先把以前的给清理掉 $oldtags = array(); $query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $oldtags[] = $value['tagid']; } if ($oldtags) { $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET blognum=blognum-1 WHERE tagid IN (" . simplode($oldtags) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'"); } } $tagarr = tag_batch($blogid, $POST['tag']); //更新附表中的tag $fieldarr['tag'] = empty($tagarr) ? '' : addslashes(serialize($tagarr)); } if ($olds) { //更新 updatetable('blogfield', $fieldarr, array('blogid' => $blogid)); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; inserttable('blogfield', $fieldarr); } //空间更新 if ($olds) { //空间更新 $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET updatetime='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'"); } else { //积分 updatespacestatus('get', 'blog'); } //feed if (empty($olds) && $blogarr['friend'] != 3) { //事件feed $fs = array(); $fs['icon'] = 'blog'; $fs['title_data'] = array(); $fs['images'] = $fs['image_links'] = array(); if ($blogarr['friend'] == 4) { //加密日志feed $fs['title_template'] = cplang('feed_blog_password'); $fs['title_data'] = array('subject' => "<a href=\"space.php?uid={$_SGLOBAL['supe_uid']}&do=blog&id={$blogid}\">{$blogarr['subject']}</a>"); $fs['body_template'] = ''; $fs['body_data'] = array(); } else { if ($blogarr['pic']) { $fs['images'] = array(mkpicurl($blogarr)); $fs['image_links'] = array("space.php?uid={$_SGLOBAL['supe_uid']}&do=blog&id={$blogid}"); } $fs['title_template'] = cplang('feed_blog'); $fs['body_template'] = '<b>{subject}</b><br>{summary}'; $fs['body_data'] = array('subject' => "<a href=\"space.php?uid={$_SGLOBAL['supe_uid']}&do=blog&id={$blogid}\">{$blogarr['subject']}</a>", 'summary' => getstr($message, 150, 1, 1, 0, 0, -1)); } $fs['body_general'] = ''; $fs['target_ids'] = $fieldarr['target_ids']; $fs['friend'] = $blogarr['friend']; if (ckprivacy('blog', 1)) { include_once S_ROOT . './source/function_cp.php'; feed_add($fs['icon'], $fs['title_template'], $fs['title_data'], $fs['body_template'], $fs['body_data'], $fs['body_general'], $fs['images'], $fs['image_links'], $fs['target_ids'], $fs['friend']); } } //角色切换 if (!empty($__SGLOBAL)) { $_SGLOBAL = $__SGLOBAL; } return $blogarr; }
function save_news() { $site = $this->config->item('site'); $this->config->load('uploader_settings', TRUE); $this->load->helper("getstr"); $this->load->helper("checkhtml"); $this->load->helper(array('form', 'url')); $this->load->library('form_validation'); $this->form_validation->set_rules('title', 'News Title', 'required|max_length[255]'); $this->form_validation->set_rules('content', 'News Detail', 'required'); //$this->form_validation->set_rules('catid', 'Category', 'required|numeric'); //$this->form_validation->set_rules('path', 'Photo', 'required'); $this->form_validation->set_rules('tag', 'Tag', 'required|max_length[100]'); if ($this->form_validation->run() == FALSE) { $message = validation_errors(); $json = array("code" => 0, "message" => $message); echo json_encode($json); die; } else { $title = $this->input->post("title", TRUE); $title = getstr($title, 255, 0, 0, -1); $content = $this->input->post("content"); //Sexy过滤 $sexword = array("Vibrator", "Pink Leopard", "Stimulator", "G-Spot", "california exotics", "sexual", "sexy", "Circumcision", "Stimulation", "Penis", "Clitoral", "Penis Enlarger", "Vaginal", "Adult Toys", "Personal Massager", "Pink Lady", "cook ring", "v****a", "Cigarette", "condom", "vibrator", "personal Lubricant", "Toy-G", "urethral", "Vibrating Ring", "masturbation", "masturbators", "Virgin", "vibrators", "G spot", "Vibrating Wand", "cigar", "anal", "vibrating ball", "Fat Ring", "bullet", "wet towel", "Love Lounger", "Nandrolone phenylpropionate", "Climax", "d***o", "Women massaging", "Artificial Pussy", "Silicone Finger Ring", "Fresh pussy", "Gynecological Hydrogel", "delay spray", "Delay wet tissue", "Male Enhancement", "Exercise Balls", "Classic Double Balls", "Geisha", "Pussy", "Premature E*********n", "Double Dong", "OTO tablets", "Princess doll", "Fleshlight", "Massaging Wand", "Roman emperor", "NITERIDER", "love doll", "contraceptive", "spermicide", "sperm", "Black Ant", "beads Pulse", "Rabbits Rings", "Rabbits Ring", "Love Making", "Make Love", "love ball", "Power Love", "Pornography", "marijuana", "drug", "breast", "masturbator", "Original", "inflatable doll", "Kinekt", "nipple cover", "nipple tape"); foreach ($sexword as $sex) { if (preg_match("/\\b{$sex}\\b/i", $title)) { $json = array("code" => 0, "message" => "Title Contains Sensitive Words!"); echo json_encode($json); die; } elseif (preg_match("/\\b{$sex}\\b/i", $content)) { $json = array("code" => 0, "message" => "Content Contains Sensitive Words!"); echo json_encode($json); die; } } $timestamp = time(); $img_rootpath = $this->config->item('img_rootpath', 'uploader_settings'); $img_path = $this->config->item('img_path', 'uploader_settings'); $username = $this->username; $itemid = $this->input->post("itemid"); $itemid = intval($itemid); $linkurl = preg_replace("/[^a-zA-z0-9]+/", "-", $title); $introduce = $this->input->post("introduce") ? $this->input->post("introduce") : getstr($content, 255, 0, 0, -1); $content = checkhtml($content); $catid = $this->input->post("catid"); $catid = intval($catid); $thumb = $this->input->post("path", TRUE); $thumb = getstr($thumb, 255, 0, 0, -1); $tag = $this->input->post("tag", TRUE); $tag = getstr($tag, 255, 0, 0, -1); $author = $this->input->post("author") ? $this->input->post("author") : $username; $author = getstr($author, 50, 0, 0, -1); $editor = $this->input->post("editor") ? $this->input->post("editor") : $username; $editor = getstr($editor, 30, 0, 0, -1); $source = $this->input->post("source") ? $this->input->post("source") : $site['site_name']; $source = getstr($source, 30, 0, 0, -1); $fromurl = $this->input->post("fromurl") ? $this->input->post("fromurl") : $site['main_domain']; $fromurl = getstr($fromurl, 255, 0, 0, -1); $ip = $this->input->ip_address(); $areaid = intval($areaid); if ($fromurl && stripos($fromurl, $site['site_url']) === false) { $islink = 1; } $totime = strtotime("30 years"); if ($itemid) { $findnews = $this->comm->find("news", array("itemid" => $itemid, "username" => $username)); if (!$findnews) { $json = array("code" => 0, "message" => 'Update error : You don\'t have operation permissions or the news is not exsit'); echo json_encode($json); die; } if ($catid) { $findcate = $this->comm->find("category", array("catid" => $catid, "parentid" => 0)); if (!$findcate) { $json = array("code" => 0, "message" => 'Please choose the Category'); echo json_encode($json); die; } else { $catid = 0; } } $updaterecord = array('title' => $title, 'catid' => $catid, 'tag' => $tag, 'areaid' => $areaid, 'author' => $author, 'editor' => $editor, 'source' => $source, 'fromurl' => $fromurl, 'username' => $username, 'edittime' => $timestamp, 'introduce' => $introduce, 'totime' => $totime, 'linkurl' => $linkurl, 'ip' => $ip, 'news_data' => array('content' => $content)); $this->comm->linker()->update("news", array("itemid" => $itemid), $updaterecord); $newthumb = $this->move_image($thumb, $linkurl); if ($newthumb !== false) { $this->db->update("news", array("thumb" => $newthumb), array("itemid" => $itemid)); } $json = array("code" => 1, 'message' => "update success", 'href' => site_url("user/news/manage_news")); echo json_encode($json); die; } else { $companyinfo = $this->comm->linker()->find("member", array("username" => $username)); $newrecord = array('title' => $title, 'catid' => $catid, 'tag' => $tag, 'areaid' => $areaid, 'author' => $author, 'editor' => $editor, 'source' => $source, 'fromurl' => $fromurl, 'addtime' => $timestamp, 'username' => $username, "edittime" => $timestamp, 'introduce' => $introduce, 'totime' => $totime, 'linkurl' => $linkurl, 'status' => 2, 'ip' => $ip, 'news_data' => array('content' => $content)); $cmd5 = md5($title . $companyinfo['company']); $findnews = $this->comm->find("check_news", array("cmd5" => $cmd5)); if (!$findnews) { $itemid = $this->comm->linker()->create("news", $newrecord); if ($itemid) { $newthumb = $this->move_image($thumb, $linkurl); if ($newthumb) { $this->db->update("news", array("thumb" => $newthumb), array("itemid" => $itemid)); } $this->db->insert("check_news", array("cmd5" => $cmd5, "nid" => $itemid)); $json = array("code" => 1, 'message' => "post successfully", 'href' => site_url("user/news/manage_news")); echo json_encode($json); } else { $json = array("code" => 0, 'message' => 'post error,please retry'); echo json_encode($json); } } else { $json = array("code" => 0, 'message' => 'The News has exsit'); echo json_encode($json); } } } }
function comment_post() { $this->check_token(); $id = I('get.id', 0, 'intval'); $comment = $this->get_request_data(); if ($id > 0 && $this->check_body_fields($comment, array("content"))) { if (!M('information')->where(array('id' => $id, 'status' => 1))->count()) { $this->error(1405); } $_POST['member_id'] = $this->uid; $rules = array(array('content', 'require', '内容不能为空!', 1, '')); $_POST['content'] = checkhtml($comment['content']); $_POST['table'] = 'information'; $_POST['table_id'] = $id; $result = update_data('comment', $rules); if (is_numeric($result)) { $this->success(array("comment_id" => $result)); } else { $this->error($result); } } $this->error(1001); }
function member_edit2() { $userid = intval($this->uri->rsegment(3, 0)); $result = $this->comm->linker()->find('member', array('userid' => $userid), 'edittime DESC', ''); $user = array(); $company = array(); $data['user'] = $user[] = $result; $data['company'] = $company[] = $result['mcompany']; $data['area'] = $area = $this->comm->findAll('area', '', 'listorder DESC', 'areaid,areaname', ''); $data['areaid'] = $result['areaid']; $phone = $result['mobile']; $phone = explode("-", $phone); if (count($phone) == 2) { $data['phone_1'] = isset($phone[0]) ? $phone[0] : "086"; $data['phone_2'] = $phone[1]; } else { $data['phone_1'] = ''; $data['phone_2'] = ''; } $data['groupid'] = $result['groupid']; $data['ctype'] = $result['mcompany']['ctype']; $data['thumb'] = $result['mcompany']['thumb']; $data['mode'] = $mode = $result['mcompany']['mode']; $data['size'] = $result['mcompany']['size']; $data['regunit'] = $result['mcompany']['regunit']; $telephone = $result['mcompany']['telephone']; $telephone = explode("-", $telephone); if ($telephone[0]) { $data['telephone_1'] = isset($telephone[0]) ? $telephone[0] : "086"; $data['telephone_2'] = $telephone[1]; $data['telephone_3'] = $telephone[2]; } else { $data['telephone_1'] = ''; $data['telephone_2'] = ''; $data['telephone_3'] = ''; } $content = $result['company_data']['content']; $data['content'] = checkhtml($content); $this->load->view('member/member/member_edit', $data); }
function save_sell() { $this->config->load('uploader_settings', TRUE); $this->load->helper("getstr"); $this->load->helper("checkhtml"); $this->load->helper(array('form', 'url')); $this->load->library('form_validation'); $this->form_validation->set_rules('title', 'Product Name', 'required|max_length[255]'); $this->form_validation->set_rules('content', 'product Detail', 'required'); $this->form_validation->set_rules('catid', 'Category', 'required|numeric'); $this->form_validation->set_rules('path', 'Photo', 'required'); $this->form_validation->set_rules('minamount', 'Minimum Order', 'required|numeric'); $this->form_validation->set_rules('unit', 'Unit Type', 'required'); $this->form_validation->set_rules('minprice', 'Price', 'required|numeric'); $this->form_validation->set_rules('currency', 'Currency', 'required'); if ($this->form_validation->run() == FALSE) { $message = validation_errors(); $json = array("code" => 0, "message" => $message); echo json_encode($json); die; } else { $title = $this->input->post("title", TRUE); $title = getstr($title, 255, 0, 0, -1); $content = $this->input->post("content"); //Sexy过滤 $sexword = array("Vibrator", "Pink Leopard", "Stimulator", "G-Spot", "california exotics", "sexual", "sexy", "Circumcision", "Stimulation", "Penis", "Clitoral", "Penis Enlarger", "Vaginal", "Adult Toys", "Personal Massager", "Pink Lady", "cook ring", "v****a", "Cigarette", "condom", "vibrator", "personal Lubricant", "Toy-G", "urethral", "Vibrating Ring", "masturbation", "masturbators", "Virgin", "vibrators", "G spot", "Vibrating Wand", "cigar", "anal", "vibrating ball", "Fat Ring", "bullet", "wet towel", "Love Lounger", "Nandrolone phenylpropionate", "Climax", "d***o", "Women massaging", "Artificial Pussy", "Silicone Finger Ring", "Fresh pussy", "Gynecological Hydrogel", "delay spray", "Delay wet tissue", "Male Enhancement", "Exercise Balls", "Classic Double Balls", "Geisha", "Pussy", "Premature E*********n", "Double Dong", "OTO tablets", "Princess doll", "Fleshlight", "Massaging Wand", "Roman emperor", "NITERIDER", "love doll", "contraceptive", "spermicide", "sperm", "Black Ant", "beads Pulse", "Rabbits Rings", "Rabbits Ring", "Love Making", "Make Love", "love ball", "Power Love", "Pornography", "marijuana", "drug", "breast", "masturbator", "Original", "inflatable doll", "Kinekt", "nipple cover", "nipple tape"); foreach ($sexword as $sex) { if (preg_match("/\\b{$sex}\\b/i", $title)) { $json = array("code" => 0, "message" => "Title Contains Sensitive Words!"); echo json_encode($json); die; } elseif (preg_match("/\\b{$sex}\\b/i", $content)) { $json = array("code" => 0, "message" => "Content Contains Sensitive Words!"); echo json_encode($json); die; } } $timestamp = time(); $img_rootpath = $this->config->item('img_rootpath', 'uploader_settings'); $img_path = $this->config->item('img_path', 'uploader_settings'); $username = $this->username; $itemid = $this->input->post("itemid"); $itemid = intval($itemid); $linkurl = preg_replace("/[^a-zA-z0-9]+/", "-", $title); $introduce = getstr($content, 255, 0, 0, -1); $content = checkhtml($content); $catid = $this->input->post("catid"); $catid = intval($catid); $thumb = $this->input->post("path", TRUE); $thumb = getstr($thumb, 255, 0, 0, -1); $thumb1 = $this->input->post("path_1", TRUE); $thumb1 = getstr($thumb1, 255, 0, 0, -1); $thumb2 = $this->input->post("path_2", TRUE); $thumb2 = getstr($thumb2, 255, 0, 0, -1); $option = $this->input->post("option", TRUE); foreach ($option as $k => $v) { $tmp[$k] = getstr($v, 255, 0, 0, -1); } $option = $tmp; $minamount = $this->input->post("minamount"); $minamount = floatval($minamount); $unit = $this->input->post("unit", TRUE); $unit = getstr($unit, 30, 0, 0, -1); $minprice = $this->input->post("minprice"); $minprice = floatval($minprice); $currency = $this->input->post("currency", TRUE); $currency = getstr($currency, 15, 0, 0, -1); $mycatid = $this->input->post("mycatid"); $mycatid = intval($mycatid); $ip = $this->input->ip_address(); $i = 0; foreach ($option as $k => $v) { if ($i == 0) { if (!is_numeric($v)) { $areaid = 1; break; } $areaid = $v; $area = $this->comm->find("area", array("areaid" => $areaid)); $araeid = $area['areaid']; $option[$k] = $area['areaname']; break; } } $areaid = intval($areaid); if ($itemid) { $findsell = $this->comm->find("sell", array("itemid" => $itemid, "username" => $username)); if (!$findsell) { $json = array("code" => 0, "message" => 'Update error : You don\'t have operation permissions or the product is not exsit'); echo json_encode($json); die; } $findcate = $this->comm->find("category", array("catid" => $catid)); if ($findcate && $findcate['child'] == 1) { $json = array("code" => 0, "message" => 'Please choose the last Category'); echo json_encode($json); die; } $updaterecord = array('title' => $title, 'catid' => $catid, 'mycatid' => $mycatid, 'areaid' => $areaid, 'unit' => $unit, 'minprice' => $minprice, 'maxprice' => $minprice, 'currency' => $currency, 'minamount' => $minamount, 'groupid' => 6, "edittime" => $timestamp, "editdate" => date("Y-m-d", $timestamp), 'introduce' => $introduce, "linkurl" => $linkurl, 'sell_data' => array('content' => $content)); $this->comm->linker()->update("sell", array("itemid" => $itemid), $updaterecord); foreach ($option as $k => $o) { $oid = $k; $value = $o; $this->db->update("category_value", array("value" => $value), array("itemid" => $itemid, "oid" => $oid)); } $newthumb = $this->move_image($thumb, $linkurl); if ($newthumb !== false) { $this->db->update("sell", array("thumb" => $newthumb), array("itemid" => $itemid)); } if ($thumb1) { $newthumb1 = $this->move_image($thumb1, $linkurl); if ($newthumb !== false) { $this->db->update("sell", array("thumb1" => $newthumb1), array("itemid" => $itemid)); } } if ($thumb2) { $newthumb2 = $this->move_image($thumb2, $linkurl); if ($newthumb !== false) { $this->db->update("sell", array("thumb2" => $newthumb2), array("itemid" => $itemid)); } } $json = array("code" => 1, 'message' => "update success", 'href' => site_url("user/sell/manage_sell")); echo json_encode($json); die; } else { $companyinfo = $this->comm->linker()->find("member", array("username" => $username)); $newrecord = array('title' => $title, 'catid' => $catid, 'mycatid' => $mycatid, 'areaid' => $areaid, 'unit' => $unit, 'minprice' => $minprice, 'maxprice' => $minprice, 'currency' => $currency, 'minamount' => $minamount, 'thumb' => $thumb, 'thumb1' => $thumb1, 'thumb2' => $thumb2, 'groupid' => 6, 'pptword' => '', 'company' => $companyinfo['company'], 'truename' => $companyinfo['truename'], 'username' => $username, "telephone" => $companyinfo['mcompany']['telephone'], "mobile" => $companyinfo['mobile'], "address" => $companyinfo['mcompany']['address'], "email" => $companyinfo['mcompany']['mail'], "addtime" => $timestamp, "edittime" => $timestamp, "adddate" => date("Y-m-d", $timestamp), "editdate" => date("Y-m-d", $timestamp), "status" => 1, 'ip' => $ip, 'introduce' => $introduce, "linkurl" => $linkurl, 'sell_data' => array('content' => $content)); $cmd5 = md5($title . $companyinfo['company']); $findsell = $this->comm->find("check_sell", array("cmd5" => $cmd5)); if (!$findsell) { $itemid = $this->comm->linker()->create("sell", $newrecord); if ($itemid) { $parentids = $this->comm->find("category", array("catid" => $catid)); $parentids = $parentids['arrparentid'] . "," . $catid; $parentids = explode(",", $parentids); foreach ($parentids as $catid) { $this->db->set("item", "item+1", FALSE); $this->db->where("catid", $catid); $this->db->update("category"); } foreach ($option as $k => $o) { $oid = $k; $value = $o; if (!empty($value)) { $this->db->insert("category_value", array("itemid" => $itemid, "oid" => $oid, "value" => $value)); $this->db->set("item", "item+1", FALSE); $this->db->where("oid", $oid); $this->db->update("category_option"); } } $option_values = $this->comm->findAll("category_value", array("itemid" => $itemid), "oid asc"); $tmp_op = array(); foreach ($option_values as $v) { $tmp_op[] = $v['oid']; } $option_values = implode(",", $tmp_op); $newthumb = $this->move_image($thumb, $linkurl); if ($newthumb) { $this->db->update("sell", array("pptword" => $option_values, "thumb" => $newthumb), array("itemid" => $itemid)); } else { $this->db->update("sell", array("pptword" => $option_values), array("itemid" => $itemid)); } if ($thumb1) { $newthumb1 = $this->move_image($thumb1, $linkurl); if ($newthumb1) { $this->db->update("sell", array("thumb1" => $newthumb1), array("itemid" => $itemid)); } } if ($thumb2) { $newthumb2 = $this->move_image($thumb2, $linkurl); if ($newthumb2) { $this->db->update("sell", array("thumb2" => $newthumb2), array("itemid" => $itemid)); } } $this->db->insert("check_sell", array("cmd5" => $cmd5, "sid" => $itemid)); $json = array("code" => 1, 'message' => "post successfully", 'href' => site_url("user/sell/manage_sell")); echo json_encode($json); } else { $json = array("code" => 0, 'message' => 'post error,please retry'); echo json_encode($json); } } else { $json = array("code" => 0, 'message' => 'The product has exsit'); echo json_encode($json); } } } }
function hclean($string) { $string = strip_tags($string, '<p><a><b><i><blockquote><h1><h2><ol><ul><li><img><div><br><pre><strike>'); $string = checkhtml($string); $string = tidytag($string); return $string; }
function pick_blog_post($POST, $olds = array()) { global $_G, $space; $__G = $_G; $_G['uid'] = $POST['uid']; $_G['username'] = addslashes($POST['username']); $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1); //$POST['subject'] = addslashes($POST['subject']); if (strlen($POST['subject']) < 1) { $POST['subject'] = dgmdate($POST['public_time'], 'Y-m-d'); } $POST['friend'] = intval($POST['friend']); $POST['target_ids'] = ''; if ($POST['friend'] == 2) { $uids = array(); $names = empty($_GET['target_names']) ? array() : explode(',', preg_replace("/(\\s+)/s", ',', $_GET['target_names'])); if ($names) { $query = DB::query("SELECT uid FROM " . DB::table('common_member') . " WHERE username IN (" . dimplode($names) . ")"); while ($value = DB::fetch($query)) { $uids[] = $value['uid']; } } if (empty($uids)) { $POST['friend'] = 3; } else { $POST['target_ids'] = implode(',', $uids); } } elseif ($POST['friend'] == 4) { $POST['password'] = trim($POST['password']); if ($POST['password'] == '') { $POST['friend'] = 0; } } if ($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if ($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = dhtmlspecialchars(trim($POST['article_tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1); $POST['tag'] = censor($POST['tag']); if ($_G['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1); $POST['message'] = censor($POST['message']); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 0, 1); //$POST['message'] = addslashes($POST['message']); $POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']); } $message = $POST['message']; $blog_status = 0; if ($olds['blog_id']) { $info = DB::fetch_first("SELECT blogid FROM " . DB::table('home_blog') . " WHERE blogid='" . $olds['blog_id'] . "'"); } if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { $classname = dhtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1); $classname = censor($classname); if (empty($classname)) { $classid = 0; } else { $classid = DB::result(DB::query("SELECT classid FROM " . DB::table('home_class') . " WHERE uid='{$_G['uid']}' AND classname='{$classname}'")); if (empty($classid)) { $setarr = array('classname' => $classname, 'uid' => $_G['uid'], 'dateline' => $_G['timestamp']); $classid = DB::insert('home_class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if ($classid && empty($classname)) { $classname = DB::result(DB::query("SELECT classname FROM " . DB::table('home_class') . " WHERE classid='{$classid}' AND uid='{$_G['uid']}'")); if (empty($classname)) { $classid = 0; } } $blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'viewnum' => $POST['view_num'], 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($POST['noreply']) ? 0 : 1, 'catid' => intval($POST['catid']), 'status' => $blog_status); $titlepic = ''; $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message); if (empty($ckmessage)) { return false; } $message = addslashes($message); if (checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } if ($blogarr['catid']) { DB::query("UPDATE " . DB::table('home_blog_category') . " SET num=num+1 WHERE catid='{$blogarr['catid']}'"); } $blogarr['uid'] = $_G['uid']; $blogarr['username'] = $_G['username']; $blogarr['dateline'] = empty($POST['public_time']) ? $_G['timestamp'] : $POST['public_time']; if ($info['blogid']) { DB::update('home_blog', $blogarr, array('blogid' => $info['blogid'])); $blogid = $info['blogid']; } else { $blogid = DB::insert('home_blog', $blogarr, 1); } DB::update('common_member_status', array('lastpost' => $POST['public_time']), array('uid' => $_G['uid'])); DB::update('common_member_field_home', array('recentnote' => $POST['subject']), array('uid' => $_G['uid'])); $blogarr['blogid'] = $blogid; if (function_exists('modblogtag')) { $POST['tag'] = $olds ? modblogtag($POST['tag'], $blogid) : addblogtag($POST['tag'], $blogid); } else { $class_tag = new tag(); $POST['tag'] = $olds ? $class_tag->update_field($POST['tag'], $blogid, 'blogid') : $class_tag->add_tag($POST['tag'], $blogid, 'blogid'); } $fieldarr = array('message' => $message, 'postip' => $_G['clientip'], 'target_ids' => $POST['target_ids'], 'tag' => $POST['tag']); if (!empty($titlepic)) { $fieldarr['pic'] = $titlepic; } $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; if ($info['blogid']) { DB::update('home_blogfield', $fieldarr, array('blogid' => $info['blogid'])); } else { DB::query("UPDATE " . DB::table('common_member_count') . " SET blogs=blogs+1 WHERE uid='{$fieldarr['uid']}'"); //更新数 DB::insert('home_blogfield', $fieldarr); } if ($isself && !$olds && $blog_status == 0) { updatecreditbyaction('publishblog', 0, array('blogs' => 1)); include_once libfile('function/stat'); updatestat('blog'); } if ($POST['makefeed'] && $blog_status == 0) { include_once libfile('function/feed'); feed_publish($blogid, 'blogid', $olds ? 0 : 1); } if (!empty($__G)) { $_G = $__G; } if ($blog_status == 1) { updatemoderate('blogid', $blogid); manage_addnotify('verifyblog'); } return $blogarr; }
function bwzt_post($POST, $olds = array()) { global $_SGLOBAL, $_SC, $space; //操作者角色切换 $isself = 1; if (!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) { $isself = 0; $__SGLOBAL = $_SGLOBAL; $_SGLOBAL['supe_uid'] = $olds['uid']; $_SGLOBAL['supe_username'] = addslashes($olds['username']); } //标题 $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); if (strlen($POST['subject']) < 1) { $POST['subject'] = sgmdate('Y-m-d'); } $POST['friend'] = intval($POST['friend']); //性别 $POST['sex'] = getstr(trim($POST['sex']), 80, 1, 1, 1); if (strlen($POST['sex']) < 1) { $POST['sex'] = "女"; } //年龄 $POST['age'] = intval($POST['age']); if ($POST['age'] < 0) { $POST['age'] = 0; } //隐私 $POST['target_ids'] = ''; if ($POST['friend'] == 2) { //特定好友 $uids = array(); $names = empty($_POST['target_names']) ? array() : explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names'])); if ($names) { $query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE username IN (" . simplode($names) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $uids[] = $value['uid']; } } if (empty($uids)) { $POST['friend'] = 3; //仅自己可见 } else { $POST['target_ids'] = implode(',', $uids); } } elseif ($POST['friend'] == 4) { //加密 $POST['password'] = trim($POST['password']); if ($POST['password'] == '') { $POST['friend'] = 0; } //公开 } if ($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if ($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = shtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //语词屏蔽 //内容 if ($_SGLOBAL['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1); $POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']); } $message = $POST['message']; //个人分类 if (empty($olds['bwztclassid']) || $POST['bwztclassid'] != $olds['bwztclassid']) { if (!empty($POST['bwztclassid']) && substr($POST['bwztclassid'], 0, 4) == 'new:') { //分类名 $bwztclassname = shtmlspecialchars(trim(substr($POST['bwztclassid'], 4))); $bwztclassname = getstr($bwztclassname, 0, 1, 1, 1); if (empty($bwztclassname)) { $bwztclassid = 0; } else { $bwztclassid = getcount('bwztclass', array('bwztclassname' => $bwztclassname, 'uid' => $_SGLOBAL['supe_uid']), 'bwztclassid'); if (empty($bwztclassid)) { $setarr = array('bwztclassname' => $bwztclassname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']); $bwztclassid = inserttable('bwztclass', $setarr, 1); } } } else { $bwztclassid = intval($POST['bwztclassid']); } } else { $bwztclassid = $olds['bwztclassid']; } //new //科室分类 // if (empty($olds['bwztdivisionid']) || $POST['bwztdivisionid'] != $olds['bwztdivisionid']) { if (!empty($POST['bwztdivisionid']) && substr($POST['bwztdivisionid'], 0, 4) == 'new:') { //分类名 $bwztdivisionname = shtmlspecialchars(trim(substr($POST['bwztdivisionid'], 4))); $bwztdivisionname = getstr($bwztdivisionname, 0, 1, 1, 1); if (empty($bwztdivisionname)) { $bwztdivisionid = 0; } else { $bwztdivisionid = getcount('bwztdivision', array('bwztdivisionname' => $bwztdivisionname, 'uid' => $_SGLOBAL['supe_uid']), 'bwztdivisionid'); if (empty($bwztdivisionid)) { $setarr = array('bwztdivisionname' => $bwztdivisionname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']); $bwztdivisionid = inserttable('bwztdivision', $setarr, 1); } } } else { $bwztdivisionid = intval($POST['bwztdivisionid']); } } else { $bwztdivisionid = $olds['bwztdivisionid']; } //主表 $bwztarr = array('subject' => $POST['subject'], 'bwztclassid' => $bwztclassid, 'bwztdivisionid' => $bwztdivisionid, 'sex' => $POST['sex'], 'age' => $POST['age'], 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply']) ? 0 : 1); //标题图片 $titlepic = ''; //获取上传的图片 $uploads = array(); if (!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE picid IN (" . simplode($picids) . ") AND uid='{$_SGLOBAL['supe_uid']}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if (empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'] . '.thumb.jpg'; $bwztarr['picflag'] = $value['remote'] ? 2 : 1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if (empty($titlepic) && $value) { $titlepic = $value['filepath']; $bwztarr['picflag'] = $value['remote'] ? 2 : 1; } } //记录图片数组 if ($uploads) { $pics = array(); foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0); $pics[] = array('picurl' => $picurl, 'title' => $value['title']); } $bwztarr['pics'] = json_encode($pics); } //没有填写任何东西 $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message); if (empty($ckmessage)) { return false; } //添加slashes $message = addslashes($message); //从内容中读取图片 if (empty($titlepic)) { $titlepic = getmessagepic($message); $bwztarr['picflag'] = 0; } $bwztarr['pic'] = $titlepic; //热度 if (checkperm('managebwzt')) { $bwztarr['hot'] = intval($POST['hot']); } if ($olds['bwztid']) { //更新 $bwztid = $olds['bwztid']; updatetable('bwzt', $bwztarr, array('bwztid' => $bwztid)); $fuids = array(); $bwztarr['uid'] = $olds['uid']; $bwztarr['username'] = $olds['username']; } else { //参与热闹 $bwztarr['topicid'] = topic_check($POST['topicid'], 'bwzt'); $bwztarr['uid'] = $_SGLOBAL['supe_uid']; $bwztarr['username'] = $_SGLOBAL['supe_username']; $bwztarr['dateline'] = empty($POST['dateline']) ? $_SGLOBAL['timestamp'] : $POST['dateline']; $bwztid = inserttable('bwzt', $bwztarr, 1); } $bwztarr['bwztid'] = $bwztid; //附表 $fieldarr = array('message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids']); //TAG $oldtagstr = addslashes(empty($olds['tag']) ? '' : implode(' ', unserialize($olds['tag']))); $tagarr = array(); if ($POST['tag'] != $oldtagstr) { if (!empty($olds['tag'])) { //先把以前的给清理掉 $oldtags = array(); $query = $_SGLOBAL['db']->query("SELECT tagid, bwztid FROM " . tname('tagbwzt') . " WHERE bwztid='{$bwztid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $oldtags[] = $value['tagid']; } if ($oldtags) { $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET bwztnum=bwztnum-1 WHERE tagid IN (" . simplode($oldtags) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('tagbwzt') . " WHERE bwztid='{$bwztid}'"); } } $tagarr = tag_batch($bwztid, $POST['tag']); //更新附表中的tag $fieldarr['tag'] = empty($tagarr) ? '' : addslashes(serialize($tagarr)); } if ($olds) { //更新 updatetable('bwztfield', $fieldarr, array('bwztid' => $bwztid)); } else { $fieldarr['bwztid'] = $bwztid; $fieldarr['uid'] = $bwztarr['uid']; inserttable('bwztfield', $fieldarr); } //空间更新 if ($isself) { if ($olds) { //空间更新 $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET updatetime='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'"); } else { if (empty($space['bwztnum'])) { $space['bwztnum'] = getcount('bwzt', array('uid' => $space['uid'])); $bwztnumsql = "bwztnum=" . $space['bwztnum']; } else { $bwztnumsql = 'bwztnum=bwztnum+1'; } //积分 $reward = getreward('publishbwzt', 0); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$bwztnumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'"); //统计 updatestat('bwzt'); } } //产生feed if ($POST['makefeed']) { include_once S_ROOT . './source/function_feed.php'; feed_publish($bwztid, 'bwztid', $olds ? 0 : 1); } //热闹 if (empty($olds) && $bwztarr['topicid']) { topic_join($bwztarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']); } //角色切换 if (!empty($__SGLOBAL)) { $_SGLOBAL = $__SGLOBAL; } return $bwztarr; }