$op = empty($_GET['op']) ? '' : $_GET['op'];
$poll = array();
$_SCONFIG['maxreward'] = $_SCONFIG['maxreward'] < 2 ? 10 : $_SCONFIG['maxreward'];
if ($pid) {
$query = $_SGLOBAL['db']->query("SELECT pf.*, p.* FROM " . tname('poll') . " p \n\t\tLEFT JOIN " . tname('pollfield') . " pf ON pf.pid=p.pid \n\t\tWHERE p.pid='{$pid}'");
$poll = $_SGLOBAL['db']->fetch_array($query);
realname_set($poll['uid'], $poll['username']);
}
//Check permission
if (empty($poll)) {
if (!checkperm('allowpoll')) {
ckspacelog();
showmessage('no_authority_to_add_poll');
}
// Real-name authentication
ckrealname('poll');
// Video Authentication
ckvideophoto('poll');
//New User
cknewuser();
//Determine whether published too fast
$waittime = interval_check('post');
if ($waittime > 0) {
showmessage('operating_too_fast', '', 1, array($waittime));
}
} else {
if (!in_array($op, array('vote', 'get', 'invite')) && $_SGLOBAL['supe_uid'] != $poll['uid'] && !checkperm('managepoll')) {
showmessage('no_authority_operation_of_the_poll');
}
}
include_once S_ROOT . './source/function_bbcode.php';
ckspacelog();
showmessage('you_do_not_have_permission_to_visit');
}
if (empty($_SCONFIG['my_status'])) {
showmessage('no_privilege_my_status');
}
if ($appid == '1036584') {
//视频认证
} else {
//验证是否有权限玩应用
if (!checkperm('allowmyop')) {
showmessage('no_privilege');
}
//实名认证
include_once S_ROOT . './source/function_cp.php';
ckrealname('userapp');
//视频认证
ckvideophoto('userapp');
//更新状态
updatetable('session', array('lastactivity' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid']));
}
$app = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('myapp') . " WHERE appid='{$appid}' LIMIT 1");
if ($app = $_SGLOBAL['db']->fetch_array($query)) {
if ($app['flag'] < 0) {
showmessage('no_privilege_myapp');
}
}
//漫游
$my_appId = $appid;
$my_suffix = base64_decode(urldecode($_GET['my_suffix']));
function video_save($FILE, $title, $desc, $tovideoid = 0, $albumid)
{
global $_SGLOBAL, $_SCONFIG, $space, $_SC;
//允许上传类型
$allowpictype = array('flv');
//检查
$FILE['size'] = intval($FILE['size']);
if (empty($FILE['size']) || empty($FILE['tmp_name']) || !empty($FILE['error'])) {
return cplang('lack_of_access_to_upload_file_size');
}
//判断后缀
$fileext = fileext($FILE['name']);
if (!in_array($fileext, $allowpictype)) {
return cplang('only_allows_upload_file_types');
}
//获取目录
if (!($filepath = getfilepath($fileext, true))) {
return cplang('unable_to_create_upload_directory_server');
}
//检查空间大小
if (empty($space)) {
$space = getspace($_SGLOBAL['supe_uid']);
}
//用户组
if (!checkperm('allowupload')) {
ckspacelog();
return cplang('inadequate_capacity_space');
}
//实名认证
if (!ckrealname('album', 1)) {
return cplang('inadequate_capacity_space');
}
//视频认证
if (!ckvideophoto('album', array(), 1)) {
return cplang('inadequate_capacity_space');
}
//新用户见习
if (!cknewuser(1)) {
return cplang('inadequate_capacity_space');
}
$maxattachsize = checkperm('maxattachsize');
//单位MB
if ($maxattachsize) {
//0为不限制
if ($space['attachsize'] + $FILE['size'] > $maxattachsize + $space['addsize']) {
return cplang('inadequate_capacity_space');
}
}
if ($albumid < 0) {
$albumid = 0;
}
$showtip = true;
$albumfriend = 0;
if ($albumid) {
preg_match("/^new\\:(.+)\$/i", $albumid, $matchs);
if (!empty($matchs[1])) {
$albumname = shtmlspecialchars(trim($matchs[1]));
if (empty($albumname)) {
$albumname = sgmdate('Ymd');
}
$albumid = album_creat(array('albumname' => $albumname));
} else {
$albumid = intval($albumid);
if ($albumid) {
$query = $_SGLOBAL['db']->query("SELECT albumname,friend FROM " . tname('album') . " WHERE albumid='{$albumid}' AND uid='{$_SGLOBAL['supe_uid']}'");
if ($value = $_SGLOBAL['db']->fetch_array($query)) {
$albumname = addslashes($value['albumname']);
$albumfriend = $value['friend'];
} else {
$albumname = sgmdate('Ymd');
$albumid = album_creat(array('albumname' => $albumname));
}
}
}
} else {
$albumid = 0;
$showtip = false;
}
//本地上传
$new_name = $_SC['attachdir'] . './' . $filepath;
$tmp_name = $FILE['tmp_name'];
if (@copy($tmp_name, $new_name)) {
@unlink($tmp_name);
} elseif (function_exists('move_uploaded_file') && @move_uploaded_file($tmp_name, $new_name)) {
} elseif (@rename($tmp_name, $new_name)) {
} else {
return cplang('mobile_picture_temporary_failure');
}
//入库
$setarr = array('albumid' => $albumid, 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'postip' => getonlineip(), 'filename' => addslashes($FILE['name']), 'title' => $title, 'desc' => $desc, 'size' => $FILE['size'], 'filepath' => $filepath);
$setarr['id'] = inserttable('video', $setarr, 1);
$setsql = '';
if ($showtip) {
$reward = getreward('uploadimage', 0);
if ($reward['credit']) {
$setsql = ",credit=credit+{$reward['credit']}";
}
if ($reward['experience']) {
$setsql .= ",experience=experience+{$reward['experience']}";
}
}
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET attachsize=attachsize+'{$FILE['size']}', updatetime='{$_SGLOBAL['timestamp']}' {$setsql} WHERE uid='{$_SGLOBAL['supe_uid']}'");
updatestat('video');
return $setarr;
}
$query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE groupid IN (" . simplode($groups) . ") LIMIT 0 , 5");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$notearr[] = array('uid' => $value['uid'], 'type' => 'mtag', 'new' => 1, 'authorid' => $_SGLOBAL['supe_uid'], 'author' => $_SGLOBAL['supe_username'], 'note' => addslashes(sstripslashes($message)), 'dateline' => $_SGLOBAL['timestamp']);
}
}
}
note_apply($notearr);
showmessage('do_success');
}
} else {
//创建新群组
if (!checkperm('allowmtag')) {
showmessage('no_privilege');
}
//实名认证
ckrealname('share');
//新用户见习
cknewuser();
if (submitcheck('mtagsubmit')) {
$fieldid = intval($_POST['fieldid']);
$profield = $_SGLOBAL['profield'][$fieldid];
if (empty($fieldid) || empty($profield)) {
showmessage('mtag_fieldid_does_not_exist');
}
$_POST['tagname'] = $_POST['tagname'][$fieldid];
if ($profield['formtype'] == 'multi') {
$mtags = array();
foreach ($_POST['tagname'] as $value) {
$s = stripslashes($value);
if (in_array($s, $profield['choice'])) {
if ($mtag = mtag_join('tagname', $s, $fieldid)) {
******************************/
if (!defined('iBUAA')) {
exit('Access Denied');
}
$query = $_SGLOBAL['db']->query('SELECT groupid,pptype from ' . tname('space') . ' WHERE uid=' . $_SGLOBAL['supe_uid']);
if ($res = $_SGLOBAL['db']->fetch_array($query)) {
$_SGLOBAL['mygroupid'] = $res['groupid'];
$_SGLOBAL['pptype'] = $res['pptype'];
}
$pptype_res = array("1" => "学院", "2" => "部处", "3" => "名人", "4" => "学生组织", "5" => "兴趣社团", "6" => "学生党组织", "7" => "活动主页", "8" => "品牌主页", "20" => "班级主页", "100" => "航路研语", "200" => "名师工作坊");
//ᅧ새ᅬᅱᄂ
if ($space['namestatus']) {
include_once S_ROOT . './source/function_cp.php';
if (!ckrealname('viewspace', 1)) {
$_SGLOBAL['realname_privacy'] = 1;
include template('space_privacy');
exit;
}
}
//ᄋᄌ
$_SGLOBAL['space_theme'] = $space['theme'];
$_SGLOBAL['space_css'] = $space['css'];
$_SGLOBAL['index_bg'] = $space['index_bg'];
//ᅧᅦᄋ채ᅮ
$space['isfriend'] = $space['self'];
if ($space['friends'] && in_array($_SGLOBAL['supe_uid'], $space['friends'])) {
$space['isfriend'] = 1;
//ᅧᅦ채ᅮ
}
//检查信息
$blogid = empty($_GET['blogid']) ? 0 : intval($_GET['blogid']);
$op = empty($_GET['op']) ? '' : $_GET['op'];
$blog = array();
if ($blogid) {
$query = $_SGLOBAL['db']->query("SELECT bf.*, b.* FROM " . tname('blog') . " b \n\t\tLEFT JOIN " . tname('blogfield') . " bf ON bf.blogid=b.blogid \n\t\tWHERE b.blogid='{$blogid}'");
$blog = $_SGLOBAL['db']->fetch_array($query);
}
//权限检查
if (empty($blog)) {
if (!checkperm('allowblog')) {
ckspacelog();
showmessage('no_authority_to_add_log');
}
//实名认证
ckrealname('blog');
//视频认证
ckvideophoto('blog');
//新用户见习
cknewuser();
//判断是否发布太快
$waittime = interval_check('post');
if ($waittime > 0) {
showmessage('operating_too_fast', '', 1, array($waittime));
}
//接收外部标题
$blog['subject'] = empty($_GET['subject']) ? '' : getstr($_GET['subject'], 80, 1, 0);
$blog['message'] = empty($_GET['message']) ? '' : getstr($_GET['message'], 5000, 1, 0);
} else {
if ($_SGLOBAL['supe_uid'] != $blog['uid'] && !checkperm('manageblog')) {
showmessage('no_authority_operation_of_the_log');
function getblockhtml($blockname, $parameters = array())
{
global $_G, $space;
$parameters = empty($parameters) ? array() : $parameters;
$list = array();
$sql = $title = $html = $wheresql = $ordersql = $titlemore = $do = $contentclassname = '';
$view = $from = false;
$contenttagname = 'div';
$shownum = 6;
$uid = intval($space['uid']);
$shownum = empty($parameters['shownum']) ? $shownum : intval($parameters['shownum']);
switch ($blockname) {
case 'personalinfo':
$do = 'profile';
space_merge($space, 'profile');
require_once libfile('function/friend');
$isfriend = friend_check($space['uid']);
require_once libfile('function/spacecp');
loadcache('profilesetting');
include_once libfile('function/profile');
$profiles = array();
$privacy = $space['privacy']['profile'] ? $space['privacy']['profile'] : array();
foreach ($_G['cache']['profilesetting'] as $fieldid => $field) {
if (!$field['available'] || in_array($fieldid, array('birthprovince', 'birthdist', 'birthcommunity', 'resideprovince', 'residedist', 'residecommunity'))) {
continue;
}
if ($field['available'] && $field['invisible'] != '1' && strlen($space[$fieldid]) > 0 && ($field['showinthread'] || $field['showincard'] || ($space['self'] || empty($privacy[$fieldid]) || $isfriend && $privacy[$fieldid] == 1))) {
$val = profile_show($fieldid, $space);
if ($val !== false) {
if ($fieldid == 'realname' && $_G['uid'] != $space['uid'] && !ckrealname(1)) {
continue;
}
if ($field['formtype'] == 'file' && $val) {
$imgurl = getglobal('setting/attachurl') . './profile/' . $val;
$val = '<span><a href="' . $imgurl . '" target="_blank"><img src="' . $imgurl . '" style="max-width: 300px;" /></a></span>';
}
if ($val == '') {
$val = '';
}
$html .= '<li><em>' . $field['title'] . '</em>' . $val . '</li>';
}
}
}
$html = $html ? $html : '<li>' . lang('space', 'block_view_profileinfo_noperm') . '</li>';
$html = '<ul id="pprl" class="mbm pbm bbda cl">' . $html . $more . '</ul>';
$more = lang('space', 'block_profile_all', array('uid' => $uid));
$html = $html . $more;
$titlemore = $space['self'] ? lang('space', 'block_profile_edit') : '';
break;
case 'profile':
$do = $blockname;
$managehtml = '';
$avatar = empty($parameters['banavatar']) ? 'middle' : $parameters['banavatar'];
$html .= "<div class=\"hm\"><p><a href=\"home.php?mod=space&uid={$uid}\" target=\"_blank\">" . avatar($uid, $avatar) . '</a></p>';
$space['medals'] = DB::result_first("SELECT medals FROM " . DB::table('common_member_field_forum') . " WHERE uid='{$space['uid']}'");
$usermedals = $medal_detial = '';
if ($space['medals']) {
loadcache('medals');
foreach ($space['medals'] = explode("\t", $space['medals']) as $key => $medalid) {
list($medalid, $medalexpiration) = explode("|", $medalid);
if (isset($_G['cache']['medals'][$medalid]) && (!$medalexpiration || $medalexpiration > TIMESTAMP)) {
$usermedals .= '<img src="' . STATICURL . 'image/common/' . $_G['cache']['medals'][$medalid]['image'] . '" id="md_' . $medalid . '" alt="' . $_G['cache']['medals'][$medalid]['name'] . '\'" onmouseover="showTip(this)" tip="<h4>' . $_G['cache']['medals'][$medalid]['name'] . '</h4><p>' . $_G['cache']['medals'][$medalid]['description'] . '</p>" /> ';
}
}
if ($usermedals) {
$usermedals = '<p class="md_ctrl"><a href="home.php?mod=medal">' . $usermedals . '</a></p>';
}
}
$html .= "<h2 class=\"mbn\"><a href=\"home.php?mod=space&uid={$uid}\" target=\"_blank\">" . $space['username'] . "</a></h2>{$usermedals}";
$html .= '</div><ul class="xl xl2 cl ul_list">';
$magicinfo = $showmagicgift = false;
if ($_G['setting']['magicstatus'] && $_G['setting']['magics']['gift']) {
$showmagicgift = true;
$magicinfo = !empty($space['magicgift']) ? unserialize($space['magicgift']) : array();
}
if ($space['self']) {
$html .= '<li class="ul_diy"><a href="home.php?mod=space&diy=yes">' . lang('space', 'block_profile_diy') . '</a></li>';
$html .= '<li class="ul_msg"><a href="home.php?mod=space&uid=' . $uid . '&do=wall">' . lang('space', 'block_profile_wall') . '</a></li>';
$html .= '<li class="ul_avt"><a href="home.php?mod=spacecp&ac=avatar">' . lang('space', 'block_profile_avatar') . '</a></li>';
$html .= '<li class="ul_profile"><a href="home.php?mod=spacecp&ac=profile">' . lang('space', 'block_profile_update') . '</a></li>';
if ($showmagicgift) {
$html .= '<li class="ul_magicgift"><div style="' . 'background: url(' . STATICURL . 'image/magic/gift.small.gif) no-repeat 0 50%;' . '">';
if ($magicinfo) {
$html .= '<a onclick="showWindow(\'magicgift\', this.href, \'get\', 0)" href="home.php?mod=spacecp&ac=magic&op=retiregift">' . lang('magic/gift', 'gift_gc') . '</a>';
} else {
$html .= '<a onclick="showWindow(\'magicgift\', this.href, \'get\', 0)" href="home.php?mod=magic&mid=gift">' . lang('magic/gift', 'gift_use') . '</a>';
}
$html .= '</div></li>';
}
} else {
require_once libfile('function/friend');
$isfriend = friend_check($uid);
if (!$isfriend) {
$html .= "<li class='ul_add'><a href=\"home.php?mod=spacecp&ac=friend&op=add&uid={$space['uid']}&handlekey=addfriendhk_{$space[uid]}\" id=\"a_friend_li_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">" . lang('space', 'block_profile_friend_add') . "</a></li>";
} else {
$html .= "<li class='ul_ignore'><a href=\"home.php?mod=spacecp&ac=friend&op=ignore&uid={$space['uid']}&handlekey=ignorefriendhk_{$space[uid]}\" id=\"a_ignore_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">" . lang('space', 'block_profile_friend_ignore') . "</a></li>";
}
$html .= "<li class='ul_msg'><a href=\"home.php?mod=space&uid={$space['uid']}&do=wall\">" . lang('space', 'block_profile_wall_to_me') . "</a></li>";
$html .= "<li class='ul_poke'><a href=\"home.php?mod=spacecp&ac=poke&op=send&uid={$space['uid']}&handlekey=propokehk_{$space[uid]}\" id=\"a_poke_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">" . lang('space', 'block_profile_poke') . "</a></li>";
$html .= "<li class='ul_pm'><a href=\"home.php?mod=spacecp&ac=pm&op=showmsg&handlekey=showmsg_{$space['uid']}&touid={$space['uid']}&pmid=0&daterange=2\" id=\"a_sendpm_{$space['uid']}\" onclick=\"showWindow('showMsgBox', this.href, 'get', 0)\">" . lang('space', 'block_profile_sendmessage') . "</a></li>";
}
$html .= '</ul>';
$encodeusername = rawurlencode($space['username']);
if (checkperm('allowbanuser')) {
$managehtml .= '<li><a href="' . ($_G['adminid'] == 1 ? "admin.php?action=members&operation=ban&username={$encodeusername}&frames=yes" : "forum.php?mod=modcp&action=member&op=ban&uid={$space['uid']}") . '" id="usermanageli" onmouseover="showMenu(this.id)" class="showmenu" target="_blank">' . lang('home/template', 'member_manage') . '</a></li>';
} elseif (checkperm('allowedituser')) {
$managehtml .= '<li><a href="' . ($_G['adminid'] == 1 ? "admin.php?action=members&operation=search&username={$encodeusername}&submit=yes&frames=yes" : "forum.php?mod=modcp&action=member&op=edit&uid={$space['uid']}") . '" id="usermanageli" onmouseover="showMenu(this.id)" class="showmenu" target="_blank">' . lang('home/template', 'member_manage') . '</a></li>';
}
if ($_G['adminid'] == 1) {
$managehtml .= "<li><a href=\"forum.php?mod=modcp&action=thread&op=post&do=search&searchsubmit=1&users={$encodeusername}\" id=\"umanageli\" onmouseover=\"showMenu(this.id)\" class=\"showmenu\">" . lang('home/template', 'content_manage') . "</a></li>";
}
if (!empty($managehtml)) {
/*vot*/
$html .= '<hr class="da mtn m0" /><ul class="ptn xl xl2 cl">' . $managehtml . '</ul><ul id="usermanageli_menu" class="p_pop" style="display:none;">';
if (checkperm('allowbanuser')) {
$html .= '<li><a href="' . ($_G['adminid'] == 1 ? "admin.php?action=members&operation=ban&username={$encodeusername}&frames=yes" : "forum.php?mod=modcp&action=member&op=ban&uid={$space['uid']}") . '" target="_blank">' . lang('home/template', 'user_ban') . '</a></li>';
}
if (checkperm('allowedituser')) {
$html .= '<li><a href="' . ($_G['adminid'] == 1 ? "admin.php?action=members&operation=search&username={$encodeusername}&submit=yes&frames=yes" : "forum.php?mod=modcp&action=member&op=edit&uid={$space['uid']}") . '" target="_blank">' . lang('home/template', 'user_edit') . '</a></li>';
}
$html .= '</ul>';
if ($_G['adminid'] == 1) {
/*vot*/
$html .= '<ul id="umanageli_menu" class="p_pop" style="display:none;">';
$html .= '<li><a href="forum.php?mod=modcp&action=thread&op=post&searchsubmit=1&do=search&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_post') . '</a></li>';
$html .= '<li><a href="admin.php?action=doing&searchsubmit=1&search=true&fromumanage=1&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_doing') . '</a></li>';
$html .= '<li><a href="admin.php?action=blog&searchsubmit=1&search=true&fromumanage=1&uid=' . $uid . '" target="_blank">' . lang('space', 'manage_blog') . '</a></li>';
$html .= '<li><a href="admin.php?action=feed&searchsubmit=1&fromumanage=1&uid=' . $uid . '" target="_blank">' . lang('space', 'manage_feed') . '</a></li>';
$html .= '<li><a href="admin.php?action=album&searchsubmit=1&search=true&fromumanage=1&uid=' . $uid . '" target="_blank">' . lang('space', 'manage_album') . '</a></li>';
$html .= '<li><a href="admin.php?action=pic&searchsubmit=1&detail=1&search=true&fromumanage=1&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_pic') . '</a></li>';
$html .= '<li><a href="admin.php?action=comment&searchsubmit=1&fromumanage=1&authorid=' . $uid . '" target="_blank">' . lang('space', 'manage_comment') . '</a></li>';
$html .= '<li><a href="admin.php?action=share&searchsubmit=1&search=true&fromumanage=1&uid=' . $uid . '" target="_blank">' . lang('space', 'manage_share') . '</a></li>';
$html .= '<li><a href="admin.php?action=threads&operation=group&searchsubmit=1&detail=1&search=true&fromumanage=1&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_group_threads') . '</a></li>';
$html .= '<li><a href="admin.php?action=prune&searchsubmit=1&detail=1&operation=group&fromumanage=1&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_group_prune') . '</a></li>';
$html .= '</ul>';
}
}
if ($_G['setting']['magicstatus'] && $_G['setting']['magics']['gift']) {
$info = !empty($space['magicgift']) ? unserialize($space['magicgift']) : array();
if ($space['self']) {
} elseif ($info) {
if ($info['left'] && !in_array($_G['uid'], (array) $info['receiver'])) {
$percredit = min($info['percredit'], $info['left']);
if ($info['credittype'] == 'credits') {
$credittype = lang('core', 'title_credit');
} else {
$extcredits = str_replace('extcredits', '', $info['credittype']);
$credittype = $_G['setting']['extcredits'][$extcredits]['title'];
}
$html .= '<div id="magicreceivegift">';
$html .= '<a onclick="showWindow(\'magicgift\', this.href, \'get\', 0)" href="home.php?mod=spacecp&ac=magic&op=receivegift&uid=' . $uid . '" title="' . lang('magic/gift', 'gift_receive_gift', array('percredit' => $percredit, 'credittype' => $credittype)) . '">';
$html .= '<img src="' . STATICURL . 'image/magic/gift.gif" alt="gift" />';
$html .= '</a>';
$html .= '</div>';
}
}
}
$html = '<div>' . $html . '</div>';
break;
case 'statistic':
space_merge($space, 'count');
$html .= '<p class="mbm xw1">';
if (empty($parameters['banviews'])) {
$html .= lang('space', 'space_views', array('views' => $space['views'] ? $space['views'] : '--'));
}
$html .= '</p><ul class="xl xl2 cl">';
if (empty($parameters['bancredits'])) {
$html .= "<li>" . lang('space', 'credits') . ': <a href="home.php?mod=spacecp&ac=credit">' . ($space['credits'] ? $space['credits'] : '--') . "</a></li>";
foreach ($_G['setting']['extcredits'] as $extcreditid => $extcredit) {
$html .= "<li>" . ($extcredit['img'] ? $extcredit['img'] . ' ' : '') . $extcredit['title'] . ': <a href="home.php?mod=spacecp&ac=credit">' . ($space['extcredits' . $extcreditid] ? $space['extcredits' . $extcreditid] : '--') . '</a>';
}
}
if (empty($parameters['banfriends'])) {
$html .= "<li>" . lang('space', 'friends') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=friend&view=me&from=space">' . ($space['friends'] ? $space['friends'] : '--') . "</a></li>";
}
if (empty($parameters['banthreads']) && $_G['setting']['allowviewuserthread'] !== false || $_G['adminid'] == 1) {
$html .= "<li>" . lang('space', 'threads') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=thread&view=me&from=space">' . ($space['threads'] ? $space['threads'] : '--') . "</a></li>";
}
if (empty($parameters['banblogs'])) {
$html .= "<li>" . lang('space', 'blogs') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=blog&view=me&from=space">' . ($space['blogs'] ? $space['blogs'] : '--') . "</a></li>";
}
if (empty($parameters['banalbums'])) {
$html .= "<li>" . lang('space', 'albums') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=album&view=me&from=space">' . ($space['albums'] ? $space['albums'] : '--') . "</a></li>";
}
if (empty($parameters['bansharings'])) {
$html .= "<li>" . lang('space', 'sharings') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=share&view=me&from=space">' . ($space['sharings'] ? $space['sharings'] : '--') . "</a></li>";
}
$html .= '</ul>';
$html = '<div>' . $html . '</div>';
break;
case 'doing':
$do = $blockname;
$view = 'me';
$from = 'space';
if (ckprivacy('doing', 'view')) {
$dolist = array();
$sql = "SELECT * FROM " . DB::table('home_doing') . " WHERE uid='{$uid}' ORDER BY dateline DESC LIMIT 0,{$shownum}";
$query = DB::query($sql);
while ($value = DB::fetch($query)) {
if ($value['status'] == 0 || $value['uid'] == $_G['uid']) {
$dolist[] = $value;
}
}
if ($dolist) {
foreach ($dolist as $dv) {
$doid = $dv['doid'];
$_G[gp_key] = $key = random(8);
$html .= "<li class=\"pbn bbda\">";
$html .= $dv['message'];
$html .= " <a href=\"home.php?mod=space&uid={$dv['uid']}&do=doing&view=me&from=space&doid={$dv['doid']}\" target=\"_blank\" class=\"xg1\">" . lang('space', 'block_doing_reply') . "</a>";
$html .= "</li>";
}
} else {
$html .= "<p class=\"emp\">" . lang('space', 'block_doing_no_content') . ($space['self'] ? lang('space', 'block_doing_no_content_publish', $space) : '') . "</p>";
}
} else {
$html .= "<p class=\"emp\">" . lang('space', 'block_view_noperm') . "</p>";
}
$html = '<ul class="xl">' . $html . '</ul>';
break;
case 'stickblog':
space_merge($space, 'profile');
$stickblogs = explode(',', $space['stickblogs']);
if (!empty($stickblogs)) {
$bids = array_slice($stickblogs, 0, $shownum);
$bids = dimplode($bids);
if (!empty($bids)) {
if (!isset($parameters['showmessage'])) {
$parameters['showmessage'] = 150;
}
$sql = $parameters['showmessage'] > 0 ? "SELECT bf.*, b.* FROM " . DB::table('home_blog') . " b\r\n\t\t\t\t\t\tLEFT JOIN " . DB::table('home_blogfield') . " bf ON bf.blogid=b.blogid\r\n\t\t\t\t\t\tWHERE b.blogid IN ({$bids})" : "SELECT * FROM " . DB::table('home_blog') . "WHERE blogid IN ({$bids})";
$query = DB::query($sql);
while ($value = DB::fetch($query)) {
if (ckfriend($value['uid'], $value['friend'], $value['target_ids'])) {
if ($value['pic']) {
$value['pic'] = pic_cover_get($value['pic'], $value['picflag']);
}
$value['message'] = $value['friend'] == 4 ? '' : getstr($value['message'], $parameters['showmessage'], 0, 0, 0, -1);
$html .= lang('space', 'blog_li', array('uid' => $value['uid'], 'blogid' => $value['blogid'], 'subject' => $value['subject'], 'date' => dgmdate($value['dateline'], 'Y-m-d')));
if (!empty($parameters['showmessage'])) {
if ($value['pic']) {
$html .= lang('space', 'blog_li_img', array('uid' => $value['uid'], 'blogid' => $value['blogid'], 'src' => $value['pic']));
}
$html .= "<dd>{$value['message']}</dd>";
}
$html .= lang('space', 'blog_li_ext', array('uid' => $value['uid'], 'blogid' => $value['blogid'], 'viewnum' => $value['viewnum'], 'replynum' => $value['replynum']));
$html .= "</dl>";
} else {
$html .= '<p>' . lang('space', 'block_view_noperm') . '</p>';
}
}
}
}
$more = $html ? '<p class="ptm" style="text-align: right;"><a href="home.php?mod=space&uid=' . $uid . '&do=blog&view=me&from=space">' . lang('space', 'viewmore') . '</a></p>' : '';
$contentclassname = ' xld';
$html = $html . $more;
break;
case 'blog':
$do = $blockname;
$view = 'me';
$from = 'space';
if (!isset($parameters['showmessage'])) {
$parameters['showmessage'] = 150;
}
$query = DB::query("SELECT bf.*, b.* FROM " . DB::table('home_blog') . " b\r\n\t\t\t\tLEFT JOIN " . DB::table('home_blogfield') . " bf ON bf.blogid=b.blogid\r\n\t\t\t\tWHERE b.uid='{$uid}'\r\n\t\t\t\tORDER BY b.dateline DESC LIMIT 0,{$shownum}");
while ($value = DB::fetch($query)) {
if (ckfriend($value['uid'], $value['friend'], $value['target_ids'])) {
if ($value['pic']) {
$value['pic'] = pic_cover_get($value['pic'], $value['picflag']);
}
$value['message'] = $value['friend'] == 4 ? '' : getstr($value['message'], $parameters['showmessage'], 0, 0, 0, -1);
$html .= lang('space', 'blog_li', array('uid' => $value['uid'], 'blogid' => $value['blogid'], 'subject' => $value['subject'], 'date' => dgmdate($value['dateline'], 'Y-m-d')));
if (!empty($parameters['showmessage'])) {
if ($value['pic']) {
$html .= lang('space', 'blog_li_img', array('uid' => $value['uid'], 'blogid' => $value['blogid'], 'src' => $value['pic']));
}
$html .= "<dd>{$value['message']}</dd>";
}
$html .= lang('space', 'blog_li_ext', array('uid' => $value['uid'], 'blogid' => $value['blogid'], 'viewnum' => $value['viewnum'], 'replynum' => $value['replynum']));
$html .= "</dl>";
} else {
$html .= '<p>' . lang('space', 'block_view_noperm') . '</p>';
}
}
if ($html) {
$more = '<p class="ptm" style="text-align: right;"><a href="home.php?mod=space&uid=' . $uid . '&do=blog&view=me&from=space">' . lang('space', 'viewmore') . '</a></p>';
} else {
$html = '<p class="emp">' . lang('space', 'block_blog_no_content') . ($space['self'] ? lang('space', 'block_blog_no_content_publish', $space) : '') . '</p>';
$more = '';
}
$contentclassname = ' xld';
$html = $html . $more;
break;
case 'album':
$do = $blockname;
$view = 'me';
$from = 'space';
if (ckprivacy('album', 'view')) {
$query = DB::query("SELECT * FROM " . DB::table('home_album') . " WHERE uid='{$uid}' ORDER BY updatetime DESC LIMIT 0,{$shownum}");
while ($value = DB::fetch($query)) {
if (ckfriend($value['uid'], $value['friend'], $value['target_ids'])) {
$value['pic'] = pic_cover_get($value['pic'], $value['picflag']);
$html .= lang('space', 'album_li', array('albumid' => $value['albumid'], 'src' => $value['pic'], 'albumname' => $value['albumname'], 'uid' => $value['uid'], 'picnum' => $value['picnum'], 'date' => dgmdate($value['updatetime'], 'n-j')));
}
}
if (!$html) {
$html = '<p class="emp">' . lang('space', 'block_album_no_content') . ($space['self'] ? lang('space', 'block_album_no_content_publish', $space) : '') . '</p>';
}
} else {
$html .= '<li>' . lang('space', 'block_view_noperm') . '</li>';
}
$html = '<ul class="ml cl">' . $html . '</ul>';
break;
case 'feed':
$do = 'home';
$view = 'me';
$from = 'space';
if (!IS_ROBOT && ckprivacy('feed', 'view')) {
require_once libfile('function/feed');
$query = DB::query("SELECT * FROM " . DB::table('home_feed') . " WHERE uid='{$uid}' ORDER BY dateline DESC LIMIT 0,{$shownum}");
while ($value = DB::fetch($query)) {
if (ckfriend($value['uid'], $value['friend'], $value['target_ids'])) {
$html .= mkfeedhtml(mkfeed($value));
}
}
}
$contenttagname = 'ul';
$contentclassname = ' el';
$html = !$html ? '<p class="emp">' . lang('space', 'block_feed_no_content') . '</p>' : $html;
break;
case 'thread':
$do = $blockname;
$view = 'me';
$from = 'space';
if ($_G['setting']['allowviewuserthread'] !== false) {
$fidsql = empty($_G['setting']['allowviewuserthread']) ? '' : " AND fid IN({$_G[setting][allowviewuserthread]}) ";
$query = DB::query("SELECT * FROM " . DB::table('forum_thread') . " WHERE authorid='{$uid}' {$fidsql} AND displayorder>='0' ORDER BY tid DESC LIMIT 0,{$shownum}");
while ($thread = DB::fetch($query)) {
if ($thread['author']) {
$html .= "<li><a href=\"forum.php?mod=viewthread&tid={$thread['tid']}\" target=\"_blank\">{$thread['subject']}</a></li>";
}
}
}
$html = !$html ? '<p class="emp">' . lang('space', 'block_thread_no_content') . ($space['self'] ? lang('space', 'block_thread_no_content_publish', $space) : '') . '</p>' : '<ul class="xl">' . $html . '</ul>';
break;
case 'friend':
$do = $blockname;
$view = 'me';
$from = 'space';
require_once libfile('function/friend');
$friendlist = array();
$friendlist = friend_list($uid, $shownum);
$fuids = array_keys($friendlist);
getonlinemember($fuids);
foreach ($friendlist as $key => $value) {
$classname = $_G['ols'][$value['fuid']] ? 'gol' : '';
$html .= '<li><a href="home.php?mod=space&uid=' . $value['fuid'] . '" target="_blank" class="avt"><em class="' . $classname . '"></em>' . avatar($value['fuid'], 'small') . '</a><p><a href="home.php?mod=space&uid=' . $value[fuid] . '" target="_blank">' . $value['fusername'] . '</a></p></li>';
}
$html = !$html ? '<p class="emp">' . lang('space', 'block_friend_no_content') . ($space['self'] ? lang('space', 'block_friend_no_content_publish', $space) : '') . '</p>' : '<ul class="ml mls cl">' . $html . '</ul>';
break;
case 'visitor':
if ($space['self']) {
$do = 'friend';
$view = 'visitor';
}
$query = DB::query("SELECT * FROM " . DB::table('home_visitor') . " WHERE uid='{$uid}' ORDER BY dateline DESC LIMIT 0,{$shownum}");
$list = $fuids = array();
while ($value = DB::fetch($query)) {
$list[] = $value;
$fuids[] = $value['vuid'];
}
getonlinemember($fuids);
foreach ($list as $value) {
$html .= "<li>";
if ($value['vusername'] == '') {
$html .= lang('space', 'visitor_anonymity');
} else {
$html .= lang('space', 'visitor_list', array('uid' => $value['vuid'], 'username' => $value['vusername'], 'class' => $_G['ols'][$value['vuid']] ? 'gol' : '', 'avatar' => avatar($value['vuid'], 'small')));
}
$html .= "<span class=\"xg2\">" . dgmdate($value['dateline'], 'u', '9999', 'Y-m-d') . "</span>";
$html .= "</li>";
}
$html = !$html ? '<p class="emp">' . lang('space', 'block_visitor_no_content') . ($space['self'] ? lang('space', 'block_visitor_no_content_publish', $space) : '') . '</p>' : '<ul class="ml mls cl">' . $html . '</ul>';
break;
case 'share':
$do = $blockname;
$view = 'me';
$from = 'space';
if (!IS_ROBOT && ckprivacy('share', 'view')) {
require_once libfile('function/share');
$query = DB::query("SELECT * FROM " . DB::table('home_share') . " WHERE uid='{$uid}' ORDER BY dateline DESC LIMIT 0,{$shownum}");
while ($value = DB::fetch($query)) {
$value = mkshare($value);
$html .= '<li><em><a href="home.php?mod=space&uid=' . $value['uid'] . '&do=share&id=' . $value['sid'] . '">' . $value['title_template'] . '</a>(' . dgmdate($value['dateline'], 'u') . ')</em><div class="ec cl">';
if ($value['image']) {
$html .= '<a href="' . $value['image_link'] . '" target="_blank"><img src="' . $value['image'] . '" class="tn" alt="" /></a>';
}
$html .= '<div class="d">' . $value['body_template'] . '</div>';
if ($value['type'] == 'video') {
if (!empty($value['body_data']['imgurl'])) {
$html .= '<table class="mtm" title="' . lang('space', 'click_play') . '" onclick="javascript:showFlash(\'' . $value['body_data']['host'] . '\', \'' . $value['body_data']['flashvar'] . '\', this, \'' . $value['sid'] . '\');"><tr><td class="vdtn hm" style="background: url(' . $value['body_data']['imgurl'] . ') no-repeat"><img src="' . STATICURL . '/image/common/vds.png" alt="' . lang('space', 'click_play') . '" /></td></tr></table>';
} else {
$html .= "<img src=\"" . STATICURL . "/image/common/vd.gif\" alt=\"" . lang('space', 'click_play') . "\" onclick=\"javascript:showFlash('{$value['body_data']['host']}', '{$value['body_data']['flashvar']}', this, '{$value['sid']}');\" class=\"tn\" />";
}
} elseif ($value['type'] == 'music') {
$html .= "<img src=\"" . STATICURL . "/image/common/music.gif\" alt=\"" . lang('space', 'click_play') . "\" onclick=\"javascript:showFlash('music', '{$value['body_data']['musicvar']}', this, '{$value['sid']}');\" class=\"tn\" />";
} elseif ($value['type'] == 'flash') {
$html .= "<img src=\"" . STATICURL . "/image/common/flash.gif\" alt=\"" . lang('space', 'click_view') . "\" onclick=\"javascript:showFlash('flash', '{$value['body_data']['flashaddr']}', this, '{$value['sid']}');\" class=\"tn\" />";
}
if ($value['body_general']) {
$html .= '<div class="quote' . ($value['image'] ? 'z' : '') . "\"><blockquote>{$value['body_general']}</blockquote></div>";
}
$html .= '</div></li>';
}
$html = !$html ? '<p class="emp">' . lang('space', 'block_share_no_content') . '</p>' : '<ul class="el">' . $html . '</ul>';
}
break;
case 'wall':
$do = $blockname;
$walllist = array();
if (ckprivacy('wall', 'view')) {
$query = DB::query("SELECT * FROM " . DB::table('home_comment') . " WHERE id='{$uid}' AND idtype='uid' ORDER BY dateline DESC LIMIT 0,{$shownum}");
while ($value = DB::fetch($query)) {
$value['message'] = strlen($value['message']) > 500 ? getstr($value['message'], 500, 0, 0, 0, -1) . ' ...' : $value['message'];
if ($value['status'] == 0 || $value['authorid'] == $_G['uid']) {
$walllist[] = $value;
}
}
}
foreach ($walllist as $key => $value) {
$op = '';
if ($value['author']) {
$author_avatar = '<a href="home.php?mod=space&uid=' . $value['authorid'] . '" target="_blank">' . avatar($value['authorid'], 'small') . '</a>';
$author = '<a href="home.php?mod=space&uid=' . $value['authorid'] . '" id="author_' . $value['cid'] . '" target="_blank">' . $value['author'] . '</a>';
} else {
$author_avatar = '<img src="static/image/magic/hidden.gif" alt="hidden" />';
$author = $_G['setting']['anonymoustext'];
}
if ($value['authorid'] == $_G['uid']) {
$op .= lang('space', 'wall_edit', array('cid' => $value['cid']));
}
if ($value['authorid'] == $_G['uid'] || $space['self'] || checkperm('managecomment')) {
$op .= lang('space', 'wall_del', array('cid' => $value['cid']));
}
if ($value['authorid'] != $_G['uid'] && ($value['idtype'] != 'uid' || $space['self'])) {
$op .= lang('space', 'wall_reply', array('cid' => $value['cid']));
}
$moderate_need = $value['status'] == 1 ? lang('template', 'moderate_need') : '';
$date = dgmdate($value['dateline'], 'u');
$replacearr = array('author' => $author, 'author_avatar' => $author_avatar, 'moderated' => $moderate_need, 'cid' => $value['cid'], 'message' => $value['message'], 'date' => $date, 'op' => $op);
$html .= lang('space', 'wall_li', $replacearr);
}
$html = !empty($walllist) ? $html . lang('space', 'wall_more', array('uid' => $uid)) : '<p class="emp">' . lang('space', 'block_wall_no_content') . '</p>';
$html = '<div class="xld xlda el" id="comment_ul">' . $html . '</div>';
$html = lang('space', 'wall_form', array('uid' => $uid, 'FORMHASH' => FORMHASH)) . '<hr class="da mtm m0">' . $html;
$titlemore = '<span class="y xw0"><a href="home.php?mod=space&uid=' . $uid . '&do=wall">' . lang('space', 'all') . '</a></span>';
break;
case 'group':
require_once libfile('function/group');
$grouplist = mygrouplist($uid, 'lastupdate', array('f.name', 'ff.icon'), $shownum);
if (empty($grouplist)) {
$grouplist = array();
}
foreach ($grouplist as $groupid => $group) {
$group['groupid'] = $groupid;
$html .= lang('space', 'group_li', $group);
}
$html = !$html ? '<p class="emp">' . lang('space', 'block_group_no_content') . ($space['self'] ? lang('space', $_G['group']['allowbuildgroup'] ? 'block_group_no_content_publish' : 'block_group_no_content_join', $space) : '') . '</p>' : '<ul class="ml mls cl">' . $html . '</ul>';
break;
case 'music':
if (!empty($parameters['mp3list'])) {
$authcode = substr(md5($_G['authkey'] . $uid), 6, 16);
$view = $_G['adminid'] == 1 && $_G['setting']['allowquickviewprofile'] ? '&view=admin' : '';
$querystring = urlencode("home.php?mod=space&uid={$uid}&do=index&op=getmusiclist&hash={$authcode}{$view}&t=" . TIMESTAMP);
$swfurl = STATICURL . 'image/common/mp3player.swf?config=' . $querystring;
if (empty($parameters['config']['height']) && $parameters['config']['height'] !== 0) {
$parameters['config']['height'] = '200px';
} else {
$parameters['config']['height'] .= 'px';
}
$html = "<script language=\"javascript\" type=\"text/javascript\">document.write(AC_FL_RunContent('id', 'mp3player', 'name', 'mp3player', 'devicefont', 'false', 'width', '100%', 'height', '" . $parameters['config']['height'] . "', 'src', '{$swfurl}', 'menu', 'false', 'allowScriptAccess', 'sameDomain', 'swLiveConnect', 'true', 'wmode', 'transparent'));</script>";
} else {
$html = lang('space', 'music_no_content');
}
$html = '<div class="ml mls cl">' . $html . '</div>';
break;
case 'myapp':
$html = '';
$listclass = 'ptm ml mls cl';
$query = DB::query("SELECT ua.appid, ua.appname, my.iconstatus, my.userpanelarea FROM " . DB::table('home_userapp') . " ua LEFT JOIN " . DB::table('common_myapp') . " my USING(appid) WHERE ua.uid='{$uid}' ORDER BY ua.menuorder DESC LIMIT 0,{$shownum}");
while ($value = DB::fetch($query)) {
if (!empty($value['appname'])) {
$replace = array('appid' => $value['appid'], 'appname' => $value['appname']);
$parameters['logotype'] = !empty($parameters['logotype']) && in_array($parameters['logotype'], array('icon', 'logo')) ? $parameters['logotype'] : 'logo';
if ($parameters['logotype'] == 'icon') {
$listclass = 'xl xl1 cl';
$replace['icon'] = getmyappiconpath($value['appid'], $value['iconstatus']);
}
$html .= lang('space', 'myapp_li_' . $parameters['logotype'], $replace);
}
}
$html = !$html ? '<p class="emp">' . lang('space', 'block_myapp_no_content') . ($space['self'] ? lang('space', 'block_myapp_no_content_publish', $space) : '') . '</p>' : '<ul class="' . $listclass . '">' . $html . '</ul>';
break;
case 'block1':
case 'block2':
case 'block3':
case 'block4':
case 'block5':
if ($space['self']) {
$_G['space_group'] = $_G['group'];
} elseif (empty($_G['space_group'])) {
$_G['space_group'] = DB::fetch_first("SELECT * FROM " . DB::table('common_usergroup_field') . " WHERE groupid='{$space['groupid']}'");
}
require_once libfile('function/discuzcode');
if ($_G['space_group']['allowspacediyimgcode']) {
if (empty($_G['cache']['smilies']['loaded'])) {
loadcache(array('smilies', 'smileytypes'));
foreach ($_G['cache']['smilies']['replacearray'] as $skey => $smiley) {
$_G['cache']['smilies']['replacearray'][$skey] = '[img]' . $_G['siteurl'] . 'static/image/smiley/' . $_G['cache']['smileytypes'][$_G['cache']['smilies']['typearray'][$skey]]['directory'] . '/' . $smiley . '[/img]';
}
$_G['cache']['smilies']['loaded'] = 1;
}
$parameters['content'] = preg_replace($_G['cache']['smilies']['searcharray'], $_G['cache']['smilies']['replacearray'], trim($parameters['content']));
}
if ($_G['space_group']['allowspacediybbcode'] || $_G['space_group']['allowspacediyimgcode'] || $_G['space_group']['allowspacediyhtml']) {
$parameters['content'] = discuzcode($parameters['content'], 1, 0, 1, 0, $_G['space_group']['allowspacediybbcode'], $_G['space_group']['allowspacediyimgcode'], $_G['space_group']['allowspacediyhtml']);
} else {
$parameters['content'] = dhtmlspecialchars($parameters['content']);
}
$parameters['content'] = nl2br($parameters['content']);
if (empty($parameters['content'])) {
$parameters['content'] = lang('space', $blockname);
}
$html .= $parameters['content'];
break;
default:
return false;
}
if (isset($parameters['title'])) {
if (empty($parameters['title'])) {
$title = '';
} else {
$view = $view === false ? '' : '&view=' . $view;
$from = $from === false ? '' : '&from=' . $from;
$bnamelink = $do ? '<a href="home.php?mod=space&uid=' . $uid . '&do=' . $do . $view . $from . '">' . stripslashes($parameters['title']) . '</a>' : stripslashes($parameters['title']);
$title = lang('space', 'block_title', array('bname' => $bnamelink, 'more' => $titlemore));
}
} else {
$view = $view === false ? '' : '&view=' . $view;
$from = $from === false ? '' : '&from=' . $from;
$bnamelink = $do ? '<a href="home.php?mod=space&uid=' . $uid . '&do=' . $do . $view . $from . '">' . getblockdata($blockname) . '</a>' : getblockdata($blockname);
$title = lang('space', 'block_title', array('bname' => $bnamelink, 'more' => $titlemore));
}
$html = $title . '<' . $contenttagname . ' id="' . $blockname . '_content" class="dxb_bc' . $contentclassname . '">' . $html . '</' . $contenttagname . '>';
return $html;
}
$space['key'] = space_key($space);
$actives = array($op => ' class="active"');
if ($op == 'add') {
if (!checkperm('allowfriend')) {
ckspacelog();
showmessage('no_privilege');
}
//检测用户
if ($uid == $_SGLOBAL['supe_uid']) {
showmessage('friend_self_error');
}
if ($space['friends'] && in_array($uid, $space['friends'])) {
showmessage('you_have_friends');
}
//实名认证
ckrealname('friend');
$tospace = getspace($uid);
if (empty($tospace)) {
showmessage('space_does_not_exist');
}
//黑名单
if (isblacklist($tospace['uid'])) {
showmessage('is_blacklist');
}
//用户组
$groups = getfriendgroup();
//检测现在状态
$status = getfriendstatus($_SGLOBAL['supe_uid'], $uid);
if ($status == 1) {
showmessage('you_have_friends');
} else {
$seccodecheck = $_G['group']['seccode'] ? $_G['setting']['seccodestatus'] & 4 : 0;
$secqaacheck = $_G['group']['seccode'] ? $_G['setting']['secqaa']['status'] & 2 : 0;
if (submitcheck('commentsubmit', 0, $seccodecheck, $secqaacheck)) {
if (!checkperm('allowcommentarticle')) {
showmessage('group_nopermission', NULL, array('grouptitle' => $_G['group']['grouptitle']), array('login' => 1));
}
$aid = intval($_POST['aid']);
$article = DB::fetch_first("SELECT * FROM " . DB::table('portal_article_title') . " WHERE aid='{$aid}'");
if (empty($article)) {
showmessage("comment_comment_noexist");
}
if ($article['allowcomment'] != 1) {
showmessage("comment_comment_notallowed");
}
require_once libfile('function/spacecp');
ckrealname('comment');
cknewuser();
$waittime = interval_check('post');
if ($waittime > 0) {
showmessage('operating_too_fast', '', array('waittime' => $waittime), array('return' => true));
}
$message = getstr($_POST['message'], $_G['group']['allowcommentarticle'], 1, 1, 1, 0);
if (strlen($message) < 2) {
showmessage('content_is_too_short');
}
$message = censor($message);
if (censormod($message)) {
$comment_status = 1;
} else {
$comment_status = 0;
}
private function _getPersonalDataInfo($puid, $space)
{
global $_G;
$res['body']['PersonalData'] = array();
require_once libfile('function/spacecp');
space_merge($space, 'count');
space_merge($space, 'field_home');
space_merge($space, 'field_forum');
space_merge($space, 'profile');
space_merge($space, 'status');
$space['buyerrank'] = 0;
if ($space['buyercredit']) {
foreach ($_G['setting']['ec_credit']['rank'] as $level => $credit) {
if ($space['buyercredit'] <= $credit) {
$space['buyerrank'] = $level;
break;
}
}
}
$space['sellerrank'] = 0;
if ($space['sellercredit']) {
foreach ($_G['setting']['ec_credit']['rank'] as $level => $credit) {
if ($space['sellercredit'] <= $credit) {
$space['sellerrank'] = $level;
break;
}
}
}
require_once libfile('function/friend');
$isfriend = friend_check($space['uid'], 1);
loadcache('profilesetting');
include_once libfile('function/profile');
$profiles = array();
$privacy = $space['privacy']['profile'] ? $space['privacy']['profile'] : array();
if ($_G['setting']['verify']['enabled']) {
space_merge($space, 'verify');
}
if ($_G['uid'] == $space['uid'] || $_G['group']['allowviewip']) {
foreach ($_G['cache']['profilesetting'] as $fieldid => $field) {
if (!$field['available'] || $field['invisible'] || in_array($fieldid, array('birthmonth', 'birthyear'))) {
continue;
}
$val = profile_show($fieldid, $space);
$profiles[] = array('type' => $fieldid, 'title' => $field['title'], 'data' => WebUtils::emptyHtml($val));
}
} else {
foreach ($_G['cache']['profilesetting'] as $fieldid => $field) {
if (!$field['available'] || in_array($fieldid, array('birthprovince', 'birthdist', 'birthcommunity', 'resideprovince', 'residedist', 'residecommunity'))) {
continue;
}
if ($field['available'] && (strlen($space[$fieldid]) > 0 || ($fieldid == 'birthcity' && strlen($space['birthprovince']) || $fieldid == 'residecity' && strlen($space['resideprovince']))) && ($space['self'] || empty($privacy[$fieldid]) || $isfriend && $privacy[$fieldid] == 1) && (!$_G['inajax'] && !$field['invisible'] || $_G['inajax'] && $field['showincard'])) {
$val = profile_show($fieldid, $space);
if ($val !== false) {
if ($fieldid == 'realname' && $_G['uid'] != $space['uid'] && !ckrealname(1)) {
continue;
}
if ($field['formtype'] == 'file' && $val) {
$imgurl = getglobal('setting/attachurl') . './profile/' . $val;
$val = '<span><a href="' . $imgurl . '" target="_blank"><img src="' . $imgurl . '" style="max-width: 500px;" /></a></span>';
}
$profiles[] = array('type' => $fieldid, 'title' => $field['title'], 'data' => WebUtils::emptyHtml($val));
}
}
}
}
return $profiles;
}
*/
if (!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if ($_GET['op'] == 'delete') {
$favid = intval($_GET['favid']);
$thevalue = DB::fetch_first('SELECT * FROM ' . DB::table('home_favorite') . " WHERE favid='{$favid}'");
if (empty($thevalue) || $thevalue['uid'] != $_G['uid']) {
showmessage('favorite_does_not_exist');
}
if (submitcheck('deletesubmit')) {
DB::query('DELETE FROM ' . DB::table('home_favorite') . " WHERE favid='{$favid}'");
showmessage('do_success', 'home.php?mod=space&do=favorite&view=me&type=' . $_GET['type'] . '&quickforward=1', array('favid' => $favid), array('showdialog' => 1, 'showmsg' => true, 'closetime' => 1));
}
} else {
ckrealname('favorite');
ckvideophoto('favorite');
cknewuser();
$type = empty($_GET['type']) ? '' : $_GET['type'];
$id = empty($_GET['id']) ? 0 : intval($_GET['id']);
$spaceuid = empty($_GET['spaceuid']) ? 0 : intval($_GET['spaceuid']);
$idtype = $title = $icon = '';
switch ($type) {
case 'thread':
$idtype = 'tid';
$title = DB::result_first('SELECT subject FROM ' . DB::table('forum_thread') . " WHERE tid='{$id}'");
$icon = '<img src="static/image/feed/thread.gif" alt="thread" class="vm" /> ';
break;
case 'forum':
$idtype = 'fid';
$title = DB::result_first('SELECT `name` FROM ' . DB::table('forum_forum') . " WHERE fid='{$id}' AND status !='3'");
$comment['message'] = getstr($comment['message'], 150, 0, 0, 2, -1);
}
$seccodecheck = $_G['group']['seccode'] ? $_G['setting']['seccodestatus'] & 4 : 0;
$secqaacheck = $_G['group']['seccode'] ? $_G['setting']['secqaa']['status'] & 2 : 0;
if (submitcheck("commentsubmit", 0, $seccodecheck, $secqaacheck)) {
if ($_G['group']['pdnovelcomment'] != 1) {
showmessage("group_nopermission", NULL, array("grouptitle" => $_G['group']['grouptitle']), array("login" => 1));
}
checkperm("allownewcomment");
$novelid = intval($_POST['novelid']);
$novel = DB::fetch_first("SELECT * FROM " . DB::table("pdnovel_view") . (" WHERE novelid='" . $novelid . "'"));
if (empty($novel)) {
showmessage("comment_comment_noexist");
}
require_once libfile("function/spacecp");
ckrealname("comment");
cknewuser();
$waittime = interval_check("post");
if (0 < $waittime) {
showmessage("operating_too_fast", "", array("waittime" => $waittime), array("return" => TRUE));
}
$message = getstr($_POST['message'], 0, 1, 1, 1, 0);
if (strlen($message) < 2) {
showmessage("content_is_too_short");
}
pdupdatecredit('pdnovelcomment', $lang['common_no_credit']);
$message = censor($message);
if (censormod($message)) {
$comment_status = 1;
} else {
$comment_status = 0;
echo 'incorrect_code';
exit;
}
$query = $_SGLOBAL['db']->query("SELECT timeline FROM " . tname('wallfield') . " WHERE uid='{$_SGLOBAL['supe_uid']}' AND wallid='{$wallid}' order by timeline desc limit 1 ");
$lasttime = $_SGLOBAL['db']->result($query);
$waittime = 15 - ($_SGLOBAL['timestamp'] - $lasttime);
if ($waittime > 0) {
echo 'operating_too_fast';
exit;
}
} else {
if (!checkperm('allowdoing')) {
$add_tracking = 0;
}
//实名
if (!ckrealname('doing', 1)) {
$add_tracking = 0;
}
//视频
if (!ckvideophoto('doing', array(), 1)) {
$add_tracking = 0;
}
//新用户
if (!cknewuser(1)) {
$add_tracking = 0;
}
$waittime = interval_check('post');
if ($waittime > 0) {
$add_tracking = 0;
}
}
$isfriend = friend_check($space['uid'], 1);
loadcache('profilesetting');
include_once libfile('function/profile');
$profiles = array();
$privacy = $space['privacy']['profile'] ? $space['privacy']['profile'] : array();
if ($_G['setting']['verify']['enabled']) {
space_merge($space, 'verify');
}
foreach ($_G['cache']['profilesetting'] as $fieldid => $field) {
if (!$field['available'] || in_array($fieldid, array('birthprovince', 'birthdist', 'birthcommunity', 'resideprovince', 'residedist', 'residecommunity'))) {
continue;
}
if ($field['available'] && strlen($space[$fieldid]) > 0 && ($field['showinthread'] || $field['showincard'] || ($space['self'] || empty($privacy[$fieldid]) || $isfriend && $privacy[$fieldid] == 1)) && (!$_G['inajax'] && $field['invisible'] != '1' || $_G['inajax'] && $field['showincard'])) {
$val = profile_show($fieldid, $space);
if ($val !== false) {
if ($fieldid == 'realname' && $_G['uid'] != $space['uid'] && !ckrealname(1)) {
continue;
}
if ($field['formtype'] == 'file' && $val) {
$imgurl = getglobal('setting/attachurl') . './profile/' . $val;
$val = '<span><a href="' . $imgurl . '" target="_blank"><img src="' . $imgurl . '" style="max-width: 500px;" /></a></span>';
}
if ($val == '') {
$val = '-';
}
$profiles[$fieldid] = array('title' => $field['title'], 'value' => $val);
}
}
}
$count = DB::result(DB::query("SELECT COUNT(*) FROM " . DB::table('forum_moderator') . " WHERE uid = '{$space['uid']}'"), 0);
if ($count) {
//单个图片feed
if ($_POST['topicid']) {
topic_join($_POST['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']);
$url = "space.php?do=topic&topicid={$_POST['topicid']}&view=pic";
} else {
$url = "space.php?uid={$_SGLOBAL['supe_uid']}&do=album&id=" . (empty($_POST['opalbumid']) ? -1 : $_POST['opalbumid']);
}
capi_showmessage_by_data('upload_images_completed', $url, 0);
}
} else {
if (!checkperm('allowupload')) {
ckspacelog();
capi_showmessage_by_data('no_privilege');
}
//实名认证
ckrealname('album');
//视频认证
ckvideophoto('album');
//新用户见习
cknewuser();
$siteurl = getsiteurl();
//获取相册
$albums = getalbums($_SGLOBAL['supe_uid']);
//激活
$actives = $_GET['op'] == 'flash' || $_GET['op'] == 'cam' ? array($_GET['op'] => ' class="active"') : array('js' => ' class="active"');
//空间大小
$maxattachsize = checkperm('maxattachsize');
if (!empty($maxattachsize)) {
$maxattachsize = $maxattachsize + $space['addsize'];
//额外空间
$haveattachsize = formatsize($maxattachsize - $space['attachsize']);
$fs['icon'] = 'doing';
$fs['title_template'] = cplang('feed_doing_title');
$fs['title_data'] = array('message' => $message);
$fs['body_template'] = '';
$fs['body_data'] = array('doid' => $newdoid);
$fs['body_general'] = '';
if ($add_doing && ckprivacy('doing', 1)) {
feed_add($fs['icon'], $fs['title_template'], $fs['title_data'], $fs['body_template'], $fs['body_data'], $fs['body_general']);
}
showmessage('do_success', 'space.php?do=doing&view=me', 0);
} elseif (submitcheck('commentsubmit')) {
if (!checkperm('allowdoing')) {
showmessage('no_privilege');
}
//实名认证
ckrealname('doing');
//新用户见习
cknewuser();
//判断是否操作太快
$waittime = interval_check('post');
if ($waittime > 0) {
showmessage('operating_too_fast', '', 1, array($waittime));
}
$message = getstr($_POST['message'], 200, 1, 1, 1);
//替换表情
$message = preg_replace("/\\[em:(.+?):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $message);
$message = preg_replace("/\\<br.*?\\>/is", ' ', $message);
if (strlen($message) < 1) {
showmessage('should_write_that');
}
$updo = array();
* This is NOT a freeware, use is subject to license terms
*
* $Id: spacecp_poke.php 16279 2010-09-02 09:33:15Z zhengqingpeng $
*/
if (!defined('IN_DISCUZ')) {
exit('Access Denied');
}
$uid = empty($_GET['uid']) ? 0 : intval($_GET['uid']);
if ($uid == $_G['uid']) {
showmessage('not_to_their_own_greeted');
}
if ($op == 'send' || $op == 'reply') {
if (!checkperm('allowpoke')) {
showmessage('no_privilege');
}
ckrealname('poke');
cknewuser();
$tospace = array();
if ($uid) {
$tospace = getspace($uid);
} elseif ($_POST['username']) {
$tospace = DB::fetch_first("SELECT uid FROM " . DB::table('common_member') . " WHERE username='******'username']}' LIMIT 1");
}
if ($tospace['videophotostatus']) {
ckvideophoto('poke', $tospace);
}
if ($tospace && isblacklist($tospace['uid'])) {
showmessage('is_blacklist');
}
if (submitcheck('pokesubmit')) {
if (empty($tospace)) {
}
}
}
note_apply($notearr);
showmessage('do_success');
}
} else {
//创建新群组
if(!checkperm('allowmtag')) {
ckspacelog();
showmessage('no_privilege');
}
//实名认证
ckrealname('thread');
//视频认证
ckvideophoto('thread');
//新用户见习
cknewuser();
//提交
if(submitcheck('textsubmit')) {
//自由输入
$_POST['tagname'] = $tagname = getstr($_POST['tagname'], 40, 1, 1, 1);
$_POST['fieldid'] = $fieldid = intval($_POST['fieldid']);
$profield = $_SGLOBAL['profield'][$fieldid];
<?php
/*
[UCenter Home] (C) 2007-2008 Comsenz Inc.
$Id: space_index.php 12256 2009-05-27 03:57:32Z liguode $
*/
if (!defined('IN_UCHOME')) {
exit('Access Denied');
}
//实名认证
if ($space['namestatus']) {
include_once S_ROOT . './source/function_cp.php';
ckrealname('viewspace');
}
//个人资料
//性别
$space['sex_org'] = $space['sex'];
$space['sex'] = $space['sex'] == '1' ? '<a href="cp.php?ac=friend&op=search&sex=1&searchmode=1">' . lang('man') . '</a>' : ($space['sex'] == '2' ? '<a href="cp.php?ac=friend&op=search&sex=2&searchmode=1">' . lang('woman') . '</a>' : '');
$space['birth'] = ($space['birthyear'] ? "{$space['birthyear']}" . lang('year') : '') . ($space['birthmonth'] ? "{$space['birthmonth']}" . lang('month') : '') . ($space['birthday'] ? "{$space['birthday']}" . lang('day') : '');
$space['marry'] = $space['marry'] == '1' ? '<a href="cp.php?ac=friend&op=search&marry=1&searchmode=1">' . lang('unmarried') . '</a>' : ($space['marry'] == '2' ? '<a href="cp.php?ac=friend&op=search&marry=2&searchmode=1">' . lang('married') . '</a>' : '');
$space['birthcity'] = trim(($space['birthprovince'] ? "<a href=\"cp.php?ac=friend&op=search&birthprovince=" . rawurlencode($space['birthprovince']) . "&searchmode=1\">{$space['birthprovince']}</a>" : '') . ($space['birthcity'] ? " <a href=\"cp.php?ac=friend&op=search&birthcity=" . rawurlencode($space['birthcity']) . "&searchmode=1\">{$space['birthcity']}</a>" : ''));
$space['residecity'] = trim(($space['resideprovince'] ? "<a href=\"cp.php?ac=friend&op=search&resideprovince=" . rawurlencode($space['resideprovince']) . "&searchmode=1\">{$space['resideprovince']}</a>" : '') . ($space['residecity'] ? " <a href=\"cp.php?ac=friend&op=search&residecity=" . rawurlencode($space['residecity']) . "&searchmode=1\">{$space['residecity']}</a>" : ''));
$space['qq'] = empty($space['qq']) ? '' : "<a target=\"_blank\" href=\"http://wpa.qq.com/msgrd?V=1&Uin={$space['qq']}&Site={$space['username']}&Menu=yes\">{$space['qq']}</a>";
@(include_once S_ROOT . './data/data_usergroup.php');
//自定义
@(include_once S_ROOT . './data/data_profilefield.php');
$fields = empty($_SGLOBAL['profilefield']) ? array() : $_SGLOBAL['profilefield'];
//更多资料
$base_farr = $contact_farr = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('spaceinfo') . " WHERE uid='{$space['uid']}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
function pic_save($FILE, $albumid, $title, $iswatermark = true)
{
global $_G, $space;
if ($albumid < 0) {
$albumid = 0;
}
$allowpictype = array('jpg', 'jpeg', 'gif', 'png');
require_once libfile('class/upload');
$upload = new discuz_upload();
$upload->init($FILE, 'album');
if ($upload->error()) {
return lang('spacecp', 'lack_of_access_to_upload_file_size');
}
if (!$upload->attach['isimage']) {
return lang('spacecp', 'only_allows_upload_file_types');
}
if (empty($space)) {
$_G['member'] = $space = getspace($_G['uid']);
$_G['username'] = addslashes($space['username']);
}
if (!checkperm('allowupload')) {
return lang('spacecp', 'not_allow_upload');
}
if (!ckrealname('album', 1)) {
return lang('spacecp', 'not_allow_upload');
}
if (!ckvideophoto('album', array(), 1)) {
return lang('spacecp', 'not_allow_upload');
}
if (!cknewuser(1)) {
return lang('spacecp', 'not_allow_upload');
}
$maxspacesize = checkperm('maxspacesize');
$maxspacesize = $maxspacesize * 1024 * 1024;
if ($maxspacesize) {
space_merge($space, 'count');
space_merge($space, 'field_home');
if ($space['attachsize'] + $upload->attach['size'] > $maxspacesize + $space['addsize']) {
return lang('spacecp', 'inadequate_capacity_space');
}
}
$showtip = true;
$albumfriend = 0;
if ($albumid) {
$albumid = album_creat_by_id($albumid);
} else {
$albumid = 0;
$showtip = false;
}
$upload->save();
if ($upload->error()) {
return lang('spacecp', 'mobile_picture_temporary_failure');
}
$new_name = $upload->attach['target'];
require_once libfile('class/image');
$image = new image();
$result = $image->Thumb($new_name, '', 140, 140, 1);
$thumb = empty($result) ? 0 : 1;
if ($_G['setting']['maxthumbwidth'] && $_G['setting']['maxthumbheight']) {
if ($_G['setting']['maxthumbwidth'] < 300) {
$_G['setting']['maxthumbwidth'] = 300;
}
if ($_G['setting']['maxthumbheight'] < 300) {
$_G['setting']['maxthumbheight'] = 300;
}
$image->Thumb($new_name, '', $_G['setting']['maxthumbwidth'], $_G['setting']['maxthumbheight'], 1, 1);
}
if ($iswatermark) {
$image->Watermark($new_name);
}
$pic_remote = 0;
$album_picflag = 1;
if (getglobal('setting/ftp/on')) {
$ftpresult_thumb = 0;
$ftpresult = ftpcmd('upload', 'album/' . $upload->attach['attachment']);
if ($ftpresult) {
if ($thumb) {
ftpcmd('upload', 'album/' . $upload->attach['attachment'] . '.thumb.jpg');
}
$pic_remote = 1;
$album_picflag = 2;
} else {
if (getglobal('setting/ftp/mirror')) {
@unlink($upload->attach['target']);
@unlink($upload->attach['target'] . '.thumb.jpg');
return lang('spacecp', 'ftp_upload_file_size');
}
}
}
$title = getstr($title, 200, 1, 1, 1);
$setarr = array('albumid' => $albumid, 'uid' => $_G['uid'], 'username' => $_G['username'], 'dateline' => $_G['timestamp'], 'filename' => addslashes($upload->attach['name']), 'postip' => $_G['clientip'], 'title' => $title, 'type' => addslashes($upload->attach['ext']), 'size' => $upload->attach['size'], 'filepath' => $upload->attach['attachment'], 'thumb' => $thumb, 'remote' => $pic_remote);
$setarr['picid'] = DB::insert('home_pic', $setarr, 1);
DB::query("UPDATE " . DB::table('common_member_count') . " SET attachsize=attachsize+{$upload->attach['size']} WHERE uid='{$_G['uid']}'");
include_once libfile('function/stat');
updatestat('pic');
return $setarr;
}
showmessage('do_success', "space.php?uid={$event['uid']}&do=event&id={$eventid}", 0);
}
} elseif ($op == 'edit') {
// edit or Create a new activity
if ($eventid) {
// Check permissions
if (!$allowmanage) {
showmessage("no_privilege_edit_event");
}
} else {
//Check user group Permissions for add events
if (!checkperm("allowevent")) {
showmessage('no_privilege_add_event');
}
// Real-name authentication
ckrealname('event');
// Video Authentication
ckvideophoto('event');
//New user probationary
cknewuser();
// Default entry new event [to do: Owner can set the Event default entry, priority: low]
$event = array();
$event['eventid'] = '';
$event['starttime'] = ceil($_SGLOBAL['timestamp'] / 3600) * 3600 + 7200;
// Event Start Time: Two hours after
$event['endtime'] = $event['starttime'] + 14400;
// Event Finish Time: four hours after the start time
$event['deadline'] = $event['starttime'];
// Deadline: Start time
$event['allowinvite'] = 1;
// Is allowed to Invite Friends
function pic_save($FILE, $albumid, $title, $topicid=0) {
global $_SGLOBAL, $_SCONFIG, $space, $_SC;
if($albumid<0) $albumid = 0;
//允许上传类型
$allowpictype = array('jpg','jpeg','gif','png');
//检查
$FILE['size'] = intval($FILE['size']);
if(empty($FILE['size']) || empty($FILE['tmp_name']) || !empty($FILE['error'])) {
return cplang('lack_of_access_to_upload_file_size');
}
//判断后缀
$fileext = fileext($FILE['name']);
if(!in_array($fileext, $allowpictype)) {
return cplang('only_allows_upload_file_types');
}
//获取目录
if(!$filepath = getfilepath($fileext, true)) {
return cplang('unable_to_create_upload_directory_server');
}
//检查空间大小
if(empty($space)) {
$space = getspace($_SGLOBAL['supe_uid']);
}
//用户组
if(!checkperm('allowupload')) {
ckspacelog();
return cplang('inadequate_capacity_space');
}
//实名认证
if(!ckrealname('album', 1)) {
return cplang('inadequate_capacity_space');
}
//视频认证
if(!ckvideophoto('album', array(), 1)) {
return cplang('inadequate_capacity_space');
}
//新用户见习
if(!cknewuser(1)) {
return cplang('inadequate_capacity_space');
}
$maxattachsize = checkperm('maxattachsize');//单位MB
if($maxattachsize) {//0为不限制
if($space['attachsize'] + $FILE['size'] > $maxattachsize + $space['addsize']) {
return cplang('inadequate_capacity_space');
}
}
//相册选择
$showtip = true;
$albumfriend = 0;
if($albumid) {
preg_match("/^new\:(.+)$/i", $albumid, $matchs);
if(!empty($matchs[1])) {
$albumname = shtmlspecialchars(trim($matchs[1]));
if(empty($albumname)) $albumname = sgmdate('Ymd');
$albumid = album_creat(array('albumname' => $albumname));
} else {
$albumid = intval($albumid);
if($albumid) {
$query = $_SGLOBAL['db']->query("SELECT albumname,friend FROM ".tname('album')." WHERE albumid='$albumid' AND uid='$_SGLOBAL[supe_uid]'");
if($value = $_SGLOBAL['db']->fetch_array($query)) {
$albumname = addslashes($value['albumname']);
$albumfriend = $value['friend'];
} else {
$albumname = sgmdate('Ymd');
$albumid = album_creat(array('albumname' => $albumname));
}
}
}
} else {
$albumid = 0;
$showtip = false;
}
//本地上传
$new_name = $_SC['attachdir'].'./'.$filepath;
$tmp_name = $FILE['tmp_name'];
if(@copy($tmp_name, $new_name)) {
@unlink($tmp_name);
} elseif((function_exists('move_uploaded_file') && @move_uploaded_file($tmp_name, $new_name))) {
} elseif(@rename($tmp_name, $new_name)) {
} else {
return cplang('mobile_picture_temporary_failure');
}
//检查是否图片
if(function_exists('getimagesize')) {
$tmp_imagesize = @getimagesize($new_name);
list($tmp_width, $tmp_height, $tmp_type) = (array)$tmp_imagesize;
$tmp_size = $tmp_width * $tmp_height;
if($tmp_size > 16777216 || $tmp_size < 4 || empty($tmp_type) || strpos($tmp_imagesize['mime'], 'flash') > 0) {
@unlink($new_name);
return cplang('only_allows_upload_file_types');
}
}
//缩略图
include_once(S_ROOT.'./source/function_image.php');
$thumbpath = makethumb($new_name);
$thumb = empty($thumbpath)?0:1;
//是否压缩
//获取上传后图片大小
if(@$newfilesize = filesize($new_name)) {
$FILE['size'] = $newfilesize;
}
//水印
if($_SCONFIG['allowwatermark']) {
makewatermark($new_name);
}
//进行ftp上传
if($_SCONFIG['allowftp']) {
include_once(S_ROOT.'./source/function_ftp.php');
if(ftpupload($new_name, $filepath)) {
$pic_remote = 1;
$album_picflag = 2;
} else {
@unlink($new_name);
@unlink($new_name.'.thumb.jpg');
runlog('ftp', 'Ftp Upload '.$new_name.' failed.');
return cplang('ftp_upload_file_size');
}
} else {
$pic_remote = 0;
$album_picflag = 1;
}
//入库
$title = getstr($title, 200, 1, 1, 1);
//入库
$setarr = array(
'albumid' => $albumid,
'uid' => $_SGLOBAL['supe_uid'],
'username' => $_SGLOBAL['supe_username'],
'dateline' => $_SGLOBAL['timestamp'],
'filename' => addslashes($FILE['name']),
'postip' => getonlineip(),
'title' => $title,
'type' => addslashes($FILE['type']),
'size' => $FILE['size'],
'filepath' => $filepath,
'thumb' => $thumb,
'remote' => $pic_remote,
'topicid' => $topicid
);
$setarr['picid'] = inserttable('pic', $setarr, 1);
//更新附件大小
//积分
$setsql = '';
if($showtip) {
$reward = getreward('uploadimage', 0);
if($reward['credit']) {
$setsql = ",credit=credit+$reward[credit]";
}
if($reward['experience']) {
$setsql .= ",experience=experience+$reward[experience]";
}
}
$_SGLOBAL['db']->query("UPDATE ".tname('space')." SET attachsize=attachsize+'$FILE[size]', updatetime='$_SGLOBAL[timestamp]' $setsql WHERE uid='$_SGLOBAL[supe_uid]'");
//相册更新
if($albumid) {
$file = $filepath.($thumb?'.thumb.jpg':'');
$_SGLOBAL['db']->query("UPDATE ".tname('album')."
SET picnum=picnum+1, updatetime='$_SGLOBAL[timestamp]', pic='$file', picflag='$album_picflag'
WHERE albumid='$albumid'");
}
//统计
updatestat('pic');
return $setarr;
}
//检查信息
$bwztid = empty($_GET['bwztid']) ? 0 : intval($_GET['bwztid']);
$op = empty($_GET['op']) ? '' : $_GET['op'];
$bwzt = array();
if ($bwztid) {
$query = $_SGLOBAL['db']->query("SELECT bf.*, b.* FROM " . tname('bwzt') . " b \n\t\tLEFT JOIN " . tname('bwztfield') . " bf ON bf.bwztid=b.bwztid \n\t\tWHERE b.bwztid='{$bwztid}'");
$bwzt = $_SGLOBAL['db']->fetch_array($query);
}
//权限检查
if (empty($bwzt)) {
if (!checkperm('allowbwzt')) {
ckspacelog();
showmessage('no_authority_to_add_log');
}
//实名认证
ckrealname('bwzt');
//视频认证
ckvideophoto('bwzt');
//新用户见习
cknewuser();
//判断是否发布太快
$waittime = interval_check('post');
if ($waittime > 0) {
showmessage('operating_too_fast', '', 1, array($waittime));
}
//接收外部标题
$bwzt['subject'] = empty($_GET['subject']) ? '' : getstr($_GET['subject'], 80, 1, 0);
$bwzt['message'] = empty($_GET['message']) ? '' : getstr($_GET['message'], 5000, 1, 0);
} else {
if ($_SGLOBAL['supe_uid'] != $bwzt['uid'] && !checkperm('managebwzt')) {
showmessage('no_authority_operation_of_the_log');
