function blog_post($POST, $olds=array()) { global $_SGLOBAL, $_SC, $space; //操作者角色切换 $isself = 1; if(!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) { $isself = 0; $__SGLOBAL = $_SGLOBAL; $_SGLOBAL['supe_uid'] = $olds['uid']; $_SGLOBAL['supe_username'] = addslashes($olds['username']); } //标题 $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); if(strlen($POST['subject'])<1) $POST['subject'] = sgmdate('Y-m-d'); $POST['friend'] = intval($POST['friend']); //隐私 $POST['target_ids'] = ''; if($POST['friend'] == 2) { //特定好友 $uids = array(); $names = empty($_POST['target_names'])?array():explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names'])); if($names) { $query = $_SGLOBAL['db']->query("SELECT uid FROM ".tname('space')." WHERE username IN (".simplode($names).")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $uids[] = $value['uid']; } } if(empty($uids)) { $POST['friend'] = 3;//仅自己可见 } else { $POST['target_ids'] = implode(',', $uids); } } elseif($POST['friend'] == 4) { //加密 $POST['password'] = trim($POST['password']); if($POST['password'] == '') $POST['friend'] = 0;//公开 } if($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = shtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //语词屏蔽 //内容 if($_SGLOBAL['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1); $POST['message'] = preg_replace(array( "/\<div\>\<\/div\>/i", "/\<a\s+href\=\"([^\>]+?)\"\>/i" ), array( '', '<a href="\\1" target="_blank">' ), $POST['message']); } $message = $POST['message']; //个人分类 if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { //分类名 $classname = shtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1, 1); if(empty($classname)) { $classid = 0; } else { $classid = getcount('class', array('classname'=>$classname, 'uid'=>$_SGLOBAL['supe_uid']), 'classid'); if(empty($classid)) { $setarr = array( 'classname' => $classname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp'] ); $classid = inserttable('class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if($classid && empty($classname)) { //是否是自己的 $classname = getcount('class', array('classid'=>$classid, 'uid'=>$_SGLOBAL['supe_uid']), 'classname'); if(empty($classname)) $classid = 0; } //主表 $blogarr = array( 'subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply'])?0:1 ); //标题图片 $titlepic = ''; //获取上传的图片 $uploads = array(); if(!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('pic')." WHERE picid IN (".simplode($picids).") AND uid='$_SGLOBAL[supe_uid]'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if(empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'].'.thumb.jpg'; $blogarr['picflag'] = $value['remote']?2:1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if(empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote']?2:1; } } //插入文章 if($uploads) { preg_match_all("/\<img\s.*?\_uchome\_localimg\_([0-9]+).+?src\=\"(.+?)\"/i", $message, $mathes); if(!empty($mathes[1])) { $searchs = $idsearchs = array(); $replaces = array(); foreach ($mathes[1] as $key => $value) { if(!empty($mathes[2][$key]) && !empty($uploads[$value])) { $searchs[] = $mathes[2][$key]; $idsearchs[] = "_uchome_localimg_$value"; $replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0); unset($uploads[$value]); } } if($searchs) { $message = str_replace($searchs, $replaces, $message); $message = str_replace($idsearchs, 'uchomelocalimg[]', $message); } } //未插入文章 foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>"; } } //没有填写任何东西 $ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\ \;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message); if(empty($ckmessage)) { return false; } //添加slashes $message = addslashes($message); //从内容中读取图片 if(empty($titlepic)) { $titlepic = getmessagepic($message); $blogarr['picflag'] = 0; } $blogarr['pic'] = $titlepic; //热度 if(checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } if($olds['blogid']) { //更新 $blogid = $olds['blogid']; updatetable('blog', $blogarr, array('blogid'=>$blogid)); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { //参与热闹 $blogarr['topicid'] = topic_check($POST['topicid'], 'blog'); $blogarr['uid'] = $_SGLOBAL['supe_uid']; $blogarr['username'] = $_SGLOBAL['supe_username']; $blogarr['dateline'] = empty($POST['dateline'])?$_SGLOBAL['timestamp']:$POST['dateline']; $blogid = inserttable('blog', $blogarr, 1); } $blogarr['blogid'] = $blogid; //附表 $fieldarr = array( 'message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids'] ); //TAG $oldtagstr = addslashes(empty($olds['tag'])?'':implode(' ', unserialize($olds['tag']))); $tagarr = array(); if($POST['tag'] != $oldtagstr) { if(!empty($olds['tag'])) { //先把以前的给清理掉 $oldtags = array(); $query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM ".tname('tagblog')." WHERE blogid='$blogid'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $oldtags[] = $value['tagid']; } if($oldtags) { $_SGLOBAL['db']->query("UPDATE ".tname('tag')." SET blognum=blognum-1 WHERE tagid IN (".simplode($oldtags).")"); $_SGLOBAL['db']->query("DELETE FROM ".tname('tagblog')." WHERE blogid='$blogid'"); } } $tagarr = tag_batch($blogid, $POST['tag']); //更新附表中的tag $fieldarr['tag'] = empty($tagarr)?'':addslashes(serialize($tagarr)); } if($olds) { //更新 updatetable('blogfield', $fieldarr, array('blogid'=>$blogid)); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; inserttable('blogfield', $fieldarr); } //空间更新 if($isself) { if($olds) { //空间更新 $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET updatetime='$_SGLOBAL[timestamp]' WHERE uid='$_SGLOBAL[supe_uid]'"); } else { if(empty($space['blognum'])) { $space['blognum'] = getcount('blog', array('uid'=>$space['uid'])); $blognumsql = "blognum=".$space['blognum']; } else { $blognumsql = 'blognum=blognum+1'; } //积分 $reward = getreward('publishblog', 0); $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET {$blognumsql}, lastpost='$_SGLOBAL[timestamp]', updatetime='$_SGLOBAL[timestamp]', credit=credit+$reward[credit], experience=experience+$reward[experience] WHERE uid='$_SGLOBAL[supe_uid]'"); //统计 updatestat('blog'); } } //产生feed if($POST['makefeed']) { include_once(S_ROOT.'./source/function_feed.php'); feed_publish($blogid, 'blogid', $olds?0:1); } //热闹 if(empty($olds) && $blogarr['topicid']) { topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']); } //角色切换 if(!empty($__SGLOBAL)) $_SGLOBAL = $__SGLOBAL; return $blogarr; }
ckvideophoto('poll'); //New User cknewuser(); //Determine whether published too fast $waittime = interval_check('post'); if ($waittime > 0) { showmessage('operating_too_fast', '', 1, array($waittime)); } } else { if (!in_array($op, array('vote', 'get', 'invite')) && $_SGLOBAL['supe_uid'] != $poll['uid'] && !checkperm('managepoll')) { showmessage('no_authority_operation_of_the_poll'); } } include_once S_ROOT . './source/function_bbcode.php'; if (submitcheck('pollsubmit')) { $_POST['topicid'] = topic_check($_POST['topicid'], 'poll'); //Verification code if (checkperm('seccode') && !ckseccode($_POST['seccode'])) { showmessage('incorrect_code'); } //Limit up to 20 options $maxoption = 20; $newoption = $preview = $optionarr = $setarr = array(); $_POST['subject'] = getstr(trim($_POST['subject']), 80, 1, 1, 1); if (strlen($_POST['subject']) < 2) { showmessage('title_not_too_little'); } //Organize poll options $_POST['option'] = array_unique($_POST['option']); foreach ($_POST['option'] as $key => $val) { $option = getstr(trim($val), 80, 1, 1, 1);
function blog_post($POST, $olds = array()) { global $_SGLOBAL, $_SC, $space; //�����߽�ɫ�л� $isself = 1; if (!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) { $isself = 0; $__SGLOBAL = $_SGLOBAL; $_SGLOBAL['supe_uid'] = $olds['uid']; $_SGLOBAL['supe_username'] = addslashes($olds['username']); } //���� $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); if (strlen($POST['subject']) < 1) { $POST['subject'] = sgmdate('Y-m-d'); } $POST['friend'] = intval($POST['friend']); //��˽ $POST['target_ids'] = ''; if ($POST['friend'] == 2) { //�ض����� $uids = array(); $names = empty($_POST['target_names']) ? array() : explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names'])); if ($names) { $query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE username IN (" . simplode($names) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $uids[] = $value['uid']; } } if (empty($uids)) { $POST['friend'] = 3; //���Լ��ɼ� } else { $POST['target_ids'] = implode(',', $uids); } } elseif ($POST['friend'] == 4) { //���� $POST['password'] = trim($POST['password']); if ($POST['password'] == '') { $POST['friend'] = 0; } //���� } if ($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if ($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = shtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //������� //���� if ($_SGLOBAL['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1); $POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']); } $message = $POST['message']; //���˷��� if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { //������ $classname = shtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1, 1); if (empty($classname)) { $classid = 0; } else { $classid = getcount('class', array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid']), 'classid'); if (empty($classid)) { $setarr = array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']); $classid = inserttable('class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if ($classid && empty($classname)) { //�Ƿ����Լ��� $classname = getcount('class', array('classid' => $classid, 'uid' => $_SGLOBAL['supe_uid']), 'classname'); if (empty($classname)) { $classid = 0; } } //���� $blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply']) ? 0 : 1); //����ͼƬ $titlepic = ''; //��ȡ�ϴ���ͼƬ $uploads = array(); if (!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE picid IN (" . simplode($picids) . ") AND uid='{$_SGLOBAL['supe_uid']}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if (empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'] . '.thumb.jpg'; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if (empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } } //�������� if ($uploads) { preg_match_all("/\\<img\\s.*?\\_uchome\\_localimg\\_([0-9]+).+?src\\=\"(.+?)\"/i", $message, $mathes); if (!empty($mathes[1])) { $searchs = $idsearchs = array(); $replaces = array(); foreach ($mathes[1] as $key => $value) { if (!empty($mathes[2][$key]) && !empty($uploads[$value])) { $searchs[] = $mathes[2][$key]; $idsearchs[] = "_uchome_localimg_{$value}"; $replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0); unset($uploads[$value]); } } if ($searchs) { $message = str_replace($searchs, $replaces, $message); $message = str_replace($idsearchs, 'uchomelocalimg[]', $message); } } //δ�������� foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"{$picurl}\"><p>{$value['title']}</p></div>"; } } //û����д�κζ��� $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message); if (empty($ckmessage)) { return false; } //���slashes $message = addslashes($message); //�������ж�ȡͼƬ if (empty($titlepic)) { $titlepic = getmessagepic($message); $blogarr['picflag'] = 0; } $blogarr['pic'] = $titlepic; //�ȶ� if (checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } //���� if ($_POST['attachid'] && $_POST['attachpath'] && $_POST['attachname'] && $_POST['attachsize']) { $blogarr['attachid'] = $_POST['attachid']; $blogarr['attachpath'] = $_POST['attachpath']; $blogarr['attachname'] = $_POST['attachname']; $blogarr['attachsize'] = $_POST['attachsize']; } if ($olds['blogid']) { //���� $blogid = $olds['blogid']; updatetable('blog', $blogarr, array('blogid' => $blogid)); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { //�������� $blogarr['topicid'] = topic_check($POST['topicid'], 'blog'); $blogarr['uid'] = $_SGLOBAL['supe_uid']; $blogarr['username'] = $_SGLOBAL['supe_username']; $blogarr['dateline'] = empty($POST['dateline']) ? $_SGLOBAL['timestamp'] : $POST['dateline']; $blogid = inserttable('blog', $blogarr, 1); } $blogarr['blogid'] = $blogid; //���� $fieldarr = array('message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids']); //TAG $oldtagstr = addslashes(empty($olds['tag']) ? '' : implode(' ', unserialize($olds['tag']))); $tagarr = array(); if ($POST['tag'] != $oldtagstr) { if (!empty($olds['tag'])) { //�Ȱ���ǰ�ĸ������ $oldtags = array(); $query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $oldtags[] = $value['tagid']; } if ($oldtags) { $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET blognum=blognum-1 WHERE tagid IN (" . simplode($oldtags) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'"); } } $tagarr = tag_batch($blogid, $POST['tag']); //���¸����е�tag $fieldarr['tag'] = empty($tagarr) ? '' : addslashes(serialize($tagarr)); } if ($olds) { //���� updatetable('blogfield', $fieldarr, array('blogid' => $blogid)); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; inserttable('blogfield', $fieldarr); } //�ռ���� if ($isself) { if ($olds) { //�ռ���� $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET updatetime='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'"); } else { if (empty($space['blognum'])) { $space['blognum'] = getcount('blog', array('uid' => $space['uid'])); $blognumsql = "blognum=" . $space['blognum']; } else { $blognumsql = 'blognum=blognum+1'; } //��� $reward = getreward('publishblog', 0); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$blognumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'"); //ͳ�� updatestat('blog'); } } //����feed if ($POST['makefeed']) { include_once S_ROOT . './source/function_feed.php'; feed_publish($blogid, 'blogid', $olds ? 0 : 1); } //���� if (empty($olds) && $blogarr['topicid']) { topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']); } //��ɫ�л� if (!empty($__SGLOBAL)) { $_SGLOBAL = $__SGLOBAL; } return $blogarr; }
$topic = array(); $topicid = $_GET['topicid'] = intval($_GET['topicid']); if ($topicid) { $topic = topic_get($topicid); } if ($topic) { $actives = array('share' => ' class="active"'); } $_SGLOBAL['refer'] = 'space.php?do=share&view=me'; $type = 'link'; $_GET['op'] = 'link'; break; } // add share if (submitcheck('sharesubmit')) { $_POST['topicid'] = topic_check($_POST['topicid'], 'share'); //Verification code if ($type == 'link' && checkperm('seccode') && !ckseccode($_POST['seccode'])) { showmessage('incorrect_code'); } if (empty($_POST['refer'])) { $_POST['refer'] = "space.php?do=share&view=me"; } if ($type == 'link') { $link = shtmlspecialchars(trim($_POST['link'])); if ($link) { if (!preg_match("/^(http|ftp|https|mms)\\:\\/\\/.{4,300}\$/i", $link)) { $link = ''; } } if (empty($link)) {
$arr = array("eventid" => $eventid, "picid" => $pic['picid'], "uid" => $_SGLOBAL['supe_uid'], "username" => $_SGLOBAL['supe_username'], "dateline" => $_SGLOBAL['timestamp']); inserttable("eventpic", $arr); } showmessage('do_success', 'space.php?do=event&id=' . $eventid, 0); } else { showmessage('no_privilege_edit_event'); } } else { // Generate new event // Real-name authentication ckrealname('event'); // Video Authentication ckvideophoto('event'); //New user probationary cknewuser(); $_POST['topicid'] = topic_check($_POST['topicid'], 'event'); $arr1['topicid'] = $_POST['topicid']; // Is a Founder $arr1['uid'] = $_SGLOBAL['supe_uid']; $arr1['username'] = $_SGLOBAL['supe_username']; // Create time $arr1['dateline'] = $_SGLOBAL['timestamp']; $arr1['updatetime'] = $_SGLOBAL['timestamp']; //Number of people $arr1['membernum'] = 1; // Need to auditing $arr1['grade'] = checkperm("verifyevent") ? 0 : 1; // Insert to event table $eventid = inserttable("event", $arr1, 1); if (!$eventid) { showmessage("event_create_failed");
exit; } elseif (capi_submitcheck('uploadsubmit2')) { //上传图片 $albumid = $picid = 0; if (!checkperm('allowupload')) { if ($_SGLOBAL['mobile']) { capi_showmessage_by_data(cplang('not_allow_upload')); } else { echo "<script>"; echo "alert(\"" . cplang('not_allow_upload') . "\")"; echo "</script>"; exit; } } //上传 $_REQUEST['topicid'] = topic_check($_REQUEST['topicid'], 'pic'); $uploadfiles = pic_save($_FILES['attach'], $_REQUEST['albumid'], $_REQUEST['pic_title'], $_REQUEST['topicid']); if ($uploadfiles && is_array($uploadfiles)) { $albumid = $uploadfiles['albumid']; $picid = $uploadfiles['picid']; $uploadStat = 1; if ($eventid) { $arr = array("eventid" => $eventid, "picid" => $picid, "uid" => $_SGLOBAL['supe_uid'], "username" => $_SGLOBAL['supe_username'], "dateline" => $_SGLOBAL['timestamp']); inserttable("eventpic", $arr); } } else { $uploadStat = $uploadfiles; } if ($_SGLOBAL['mobile']) { if ($picid) { $uploadfiles['pic'] = pic_get($uploadfiles['filepath'], $uploadfiles['thumb'], $uploadfiles['remote']);
//未插入文章 foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"{$picurl}\"><p>{$value['title']}</p></div>"; } } //没有填写任何东西 $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s)+/is", '', $message); if (strlen($message) < 2) { showmessage('content_is_not_less_than_four_characters'); } //添加slashes $message = addslashes($message); $anonymous = empty($_POST['anonymous']) ? 0 : intval($_POST['anonymous']); if (empty($_POST['tid'])) { $_POST['topicid'] = topic_check($_POST['topicid'], 'thread'); //从内容中读取图片 if (empty($titlepic)) { $titlepic = getmessagepic($message); } $setarr = array('tagid' => $tagid, 'anonymous' => $anonymous, 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'subject' => $subject, 'lastpost' => $_SGLOBAL['timestamp'], 'lastauthor' => $anonymous ? NULL : $_SGLOBAL['supe_username'], 'lastauthorid' => $_SGLOBAL['supe_uid'], 'topicid' => $_POST['topicid']); if ($eventid) { $setarr['eventid'] = $eventid; } $tid = inserttable('thread', $setarr, 1); if ($eventid) { //更新话题数目和时间 $_SGLOBAL['db']->query("UPDATE " . tname("event") . " SET threadnum=threadnum+1, updatetime='{$_SGLOBAL['timestamp']}' WHERE eventid='{$eventid}'"); } $psetarr = array('tagid' => $tagid, 'anonymous' => $anonymous, 'tid' => $tid, 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'ip' => getonlineip(), 'dateline' => $_SGLOBAL['timestamp'], 'message' => $message, 'isthread' => 1); //添加
exit; } elseif (submitcheck('uploadsubmit')) { //ÉÏ´«Í¼Æ¬ $albumid = $picid = 0; if (!checkperm('allowupload')) { if ($_SGLOBAL['mobile']) { showmessage(cplang('not_allow_upload')); } else { echo "<script>"; echo "alert(\"" . cplang('not_allow_upload') . "\")"; echo "</script>"; exit; } } //ÉÏ´« $_POST['topicid'] = topic_check($_POST['topicid'], 'pic'); $uploadfiles = pic_save($_FILES['attach'], $_POST['albumid'], $_POST['pic_title'], $_POST['topicid']); if ($uploadfiles && is_array($uploadfiles)) { $albumid = $uploadfiles['albumid']; $picid = $uploadfiles['picid']; $uploadStat = 1; if ($eventid) { $arr = array("eventid" => $eventid, "picid" => $picid, "uid" => $_SGLOBAL['supe_uid'], "username" => $_SGLOBAL['supe_username'], "dateline" => $_SGLOBAL['timestamp']); inserttable("eventpic", $arr); } } else { $uploadStat = $uploadfiles; } if ($_SGLOBAL['mobile']) { if ($picid) { showmessage('do_success', "space.php?do=album&picid={$picid}");
function get_content() { ?> <div id="content"> <!--------------------------------------- TARTALOM ----------------------------------------> <div id="content_menu"> <?php get_menu(isset($_SESSION["nev"])); //megjeleniti a menut ?> </div> <!-- content_menu --> <div id="content_content" style="overflow: auto"> <?php if (!isset($_SESSION["nev"])) { //ha nincs bejelentkezve--------------------------------------------- if (!isset($_POST["menu"])) { //ha nem kattintott egyetlen gombra sem ?> <p /> <p /> <p />A <a href="http://www.ubbcluj.ro/" target="_blank">BBTE</a> és <a href="http://www.kmei.ro/" target="_blank">KMEI</a> által szervezett 2009/2010-es tanévi<br /> <i>"Adatbázisok és webes alkalmazások fejlesztése"</i><br />továbbképző weboldala <p />Ha te is részt vettél a képzésen,<br />kérlek regisztrálj ezen az oldalon! <!-- <p /> <p /> <p /> <p /> <p /> <p /> <p /> <p /> <p />Ha te is részt vettél a képzésen,<br />kérlek regisztrálj ezen az oldalon!--> <?php } else { //ha rakattintott valamelyik gombra switch ($_POST["menu"]) { case "be": //Bejelentkezést/kijelentkezést megvalósító függvények include "loginout_db.php"; include "loginout.php"; $hiba = 0; $userneve = ""; if (isset($_POST["nev"]) || isset($_POST["jelszo"])) { $hiba = db_login_check($_POST["nev"], $_POST["jelszo"], $userneve); } get_login($hiba, $userneve); break; case "reg": //Regisztrálást megvalósító függvények include "register_db.php"; include "register.php"; $hiba = 0; if (isset($_POST["nev"]) || isset($_POST["jelszo"]) || isset($_POST["jelszo2"]) || isset($_POST["email"]) || isset($_POST["email2"]) || isset($_POST["vnev"]) || isset($_POST["knev"])) { $hiba = db_register_check($_POST); } get_register($hiba, $_POST); break; case "weboldalrol": get_page_info(); break; } } } else { //ha be van jelentkezve---------------------------------------------------------------------- if (!isset($_POST["menu"])) { //ha nem kattintott egyetlen gombra sem ?> <p /> <p /> <p /> <p />A <a href="http://www.ubbcluj.ro/" target="_blank">BBTE</a> és <a href="http://www.kmei.ro/" target="_blank">KMEI</a> által szervezett 2009/2010-es tanévi<br /> <i>"Adatbázisok és webes alkalmazások fejlesztése"</i><br />továbbképző weboldala <?php } else { //ha rakattintott valamelyik gombra switch ($_POST["menu"]) { case "menu0": //az admin menu megjelenitese //Adminsztracio fuggvenyek include "admin_db.php"; include "admin.php"; get_admin_menu(); break; case "menu01": //admin szamara listazodnak a felhasznalok //Adminsztracio fuggvenyek include "admin_db.php"; include "admin.php"; get_admin_menu(); get_admin_users(); break; case "menu011": //admin modositja egy user adatait //Adminsztracio fuggvenyek include "admin_db.php"; include "admin.php"; get_admin_menu(); $hiba = 0; if (isset($_POST["user"])) { $hiba = db_admin_user_modify($_POST); } get_admin_user_modify($hiba, $_POST["nev"]); break; case "menu012": //admin veglegesen torli az adatbazisbol a usert //Adminsztracio fuggvenyek include "admin_db.php"; include "admin.php"; get_admin_menu(); $hiba = 0; if (isset($_POST["user"])) { $hiba = db_admin_user_delete($_POST); } get_admin_user_delete($hiba, $_POST["nev"]); break; case "menu013": //admin aktivalja a usert //Adminsztracio fuggvenyek include "admin_db.php"; include "admin.php"; get_admin_menu(); $hiba = 0; if (isset($_POST["user"])) { $hiba = db_admin_user_activate($_POST); } get_admin_user_activate($hiba, $_POST["nev"]); break; case "menu02": //admin modositja a linkgyujtemenyt //Linkgyüjteményre vonatkozó függvények include "links_db.php"; include "links.php"; //Adminsztracio fuggvenyek include "admin_db.php"; include "admin.php"; get_admin_menu(); $hiba = 0; if (isset($_POST["katid"])) { //mar ki van valasztva a modositando linkkategoria if (isset($_POST["nev"])) { //kesz a modositas $hiba = db_admin_modify_cathegory($_POST); } get_admin_modify_cathegory($hiba, $_POST["katid"]); } else { if (isset($_POST["linkid"])) { //mar ki van valasztva a modositando link if (isset($_POST["ref"])) { //kesz a modositas $hiba = db_admin_modify_link($_POST); } get_admin_modify_link($hiba, $_POST["linkid"]); } else { get_admin_links(); } } break; case "menu03": //admin modositja a forum tartalmat //A forumra vonatkozó függvények include "forum_db.php"; include "forum.php"; //Adminsztracio fuggvenyek include "admin_db.php"; include "admin.php"; get_admin_menu(); $hiba = 0; if (isset($_POST["id"])) { //ki van valasztva egy topik, az abba tartozo uzeneteket listazni $id = $_POST["id"]; } else { //nincs kivalasztva topik, a topikokat kell listazni $id = 0; } if (isset($_POST["oldal"])) { $oldal = $_POST["oldal"]; } else { $oldal = 1; } if (isset($_POST["messageid"])) { //mar ki van valasztva a modositando hozzaszolas if (isset($_POST["operation"])) { //kesz a modositas $hiba = db_admin_modify_message($_POST); } get_admin_modify_message($hiba, $_POST["messageid"], $_POST["topicid"], $_POST["oldal"]); } else { if (isset($_POST["topicid"])) { //mar ki van valasztva a modositando topik if (isset($_POST["operation"])) { //kesz a modositas $hiba = db_admin_modify_topic($_POST); } get_admin_modify_topic($hiba, $_POST["topicid"]); } else { get_admin_forum($id, $oldal); } } //h id=0, akkor a topikokat listazza, kulonben egy topikon belul az uzenetekt break; case "ki": //kijelentkezesre kattintottak //Bejelentkezést/kijelentkezést megvalósító függvények include "loginout_db.php"; include "loginout.php"; logout(); break; case "beallitasok": //beallitasokra kattintott a felhasznalo //Beállítások, opciók módosításához szükséges függvények include "settings_db.php"; include "settings.php"; $hiba = 0; if (isset($_POST["nev"]) || isset($_POST["jelszo"]) || isset($_POST["jelszo2"]) || isset($_POST["email"]) || isset($_POST["email2"]) || isset($_POST["vnev"]) || isset($_POST["knev"]) || isset($_POST["tel"]) || isset($_POST["cim"])) { $hiba = db_settings_check($_POST); } get_settings($hiba, $_POST); break; case "felhasznalok": //a felhasznalokat akarja megtekinteni get_all_users(); break; case "kepek": //a "Kepek" menupont ill. a kepgaleriak eseten mindig ugyanaz tortenik //a "Kepek" menupont ill. a kepgaleriak eseten mindig ugyanaz tortenik case "kepek1": case "kepek2": case "kepek3": //Képgalériák megjelenítéséhez a függvények include "pixgals.php"; get_picture_galerys(); break; case "linkek": //linkek megtekintese //Linkgyüjteményre vonatkozó függvények include "links_db.php"; include "links.php"; get_links(); break; case "ujkategoria": //uj linkkategoriat akar valaki letrehozni vagy modositani //Linkgyüjteményre vonatkozó függvények include "links_db.php"; include "links.php"; $hiba = 0; if (isset($_POST["katnev"])) { //ha mar be voltak irva az uj linkkategoria adatai $hiba = db_add_new_cathegory($_POST["katnev"]); if ($hiba) { get_new_cathegory($hiba); } } else { if (isset($_POST["id"])) { //ha mar beirta a modositasokat $hiba = db_modify_cathegory($_POST); if ($hiba) { get_modify_cathegory($hiba, $_POST["id"]); } } else { if (isset($_POST["linkkat"])) { //ha modositani akarja a linkkategoriat, jon a form get_modify_cathegory($hiba, $_POST["linkkat"]); } else { //kulonben jelenjen meg az uj linkkategoria adatai szamara a form get_new_cathegory($hiba); } } } break; case "ujlink": //uj linket akar valaki ajanlani vagy modositani //Linkgyüjteményre vonatkozó függvények include "links_db.php"; include "links.php"; $hiba = 0; if (isset($_POST["kat"])) { //ha mar be voltak irva az uj link adatai $hiba = db_add_new_link($_POST); if ($hiba) { get_new_link($hiba, $_POST["kat"]); } } else { if (isset($_POST["linkid"])) { //ha mar beirta a modositasokat db_modify_link($_POST); } else { if (isset($_POST["id"])) { //ha modositani akarja a linket, jon a form get_modify_link($_POST["id"]); } else { //kulonben jelenjen meg az uj link adatai szamara a form get_new_link($hiba, $_POST["linkkat"]); } } } break; case "forum": //forum topikjainak megtekinteses es szrkesztese //A forumra vonatkozó függvények include "forum_db.php"; include "forum.php"; if (isset($_POST["topikid"])) { $id = $_POST["topikid"]; } else { $id = 0; } //ekkor a topikok jelennek meg if (isset($_POST["oldal"])) { $oldal = $_POST["oldal"]; } else { $oldal = 1; } get_forum($id, $oldal); break; case "ujtopik": //A forumra vonatkozó függvények include "forum_db.php"; include "forum.php"; $hiba = 0; if (isset($_POST["nev"])) { //uj topik neve mar beirva $hiba = topic_check($_POST["nev"]); } else { if (isset($_POST["id"]) && isset($_POST["ujnev"])) { //mar beirta a modositasokat $hiba = db_modify_topic($_POST["id"], $_POST["ujnev"], $_POST["oldal"]); } } if (!isset($_POST["id"])) { get_new_topic($hiba); } else { get_modify_topic($hiba, $_POST["id"], $_POST["oldal"]); } break; case "ujuzenet": //A forumra vonatkozó függvények include "forum_db.php"; include "forum.php"; $hiba = 0; if (isset($_POST["uzenet"])) { $hiba = message_check($_POST["uzenet"], $_POST["idezet"]); } if (isset($_POST["id"]) && isset($_POST["ujuzenet"])) { $hiba = db_modify_message($_POST["topicid"], $_POST["id"], $_POST["ujuzenet"], $_POST["oldal"]); } if (!isset($_POST["id"])) { get_new_message($hiba, $_POST["oldal"]); } else { get_modify_message($hiba, $_POST["topicid"], $_POST["id"], $_POST["mesg"], $_POST["oldal"]); } break; case "weboldalrol": get_page_info(); break; } } } ?> </div> <!-- content_content --> </div> <!-- content --> <?php }
function bwzt_post($POST, $olds = array()) { global $_SGLOBAL, $_SC, $space; //操作者角色切换 $isself = 1; if (!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) { $isself = 0; $__SGLOBAL = $_SGLOBAL; $_SGLOBAL['supe_uid'] = $olds['uid']; $_SGLOBAL['supe_username'] = addslashes($olds['username']); } //标题 $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); if (strlen($POST['subject']) < 1) { $POST['subject'] = sgmdate('Y-m-d'); } $POST['friend'] = intval($POST['friend']); //性别 $POST['sex'] = getstr(trim($POST['sex']), 80, 1, 1, 1); if (strlen($POST['sex']) < 1) { $POST['sex'] = "女"; } //年龄 $POST['age'] = intval($POST['age']); if ($POST['age'] < 0) { $POST['age'] = 0; } //隐私 $POST['target_ids'] = ''; if ($POST['friend'] == 2) { //特定好友 $uids = array(); $names = empty($_POST['target_names']) ? array() : explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names'])); if ($names) { $query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE username IN (" . simplode($names) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $uids[] = $value['uid']; } } if (empty($uids)) { $POST['friend'] = 3; //仅自己可见 } else { $POST['target_ids'] = implode(',', $uids); } } elseif ($POST['friend'] == 4) { //加密 $POST['password'] = trim($POST['password']); if ($POST['password'] == '') { $POST['friend'] = 0; } //公开 } if ($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if ($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = shtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //语词屏蔽 //内容 if ($_SGLOBAL['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1); $POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']); } $message = $POST['message']; //个人分类 if (empty($olds['bwztclassid']) || $POST['bwztclassid'] != $olds['bwztclassid']) { if (!empty($POST['bwztclassid']) && substr($POST['bwztclassid'], 0, 4) == 'new:') { //分类名 $bwztclassname = shtmlspecialchars(trim(substr($POST['bwztclassid'], 4))); $bwztclassname = getstr($bwztclassname, 0, 1, 1, 1); if (empty($bwztclassname)) { $bwztclassid = 0; } else { $bwztclassid = getcount('bwztclass', array('bwztclassname' => $bwztclassname, 'uid' => $_SGLOBAL['supe_uid']), 'bwztclassid'); if (empty($bwztclassid)) { $setarr = array('bwztclassname' => $bwztclassname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']); $bwztclassid = inserttable('bwztclass', $setarr, 1); } } } else { $bwztclassid = intval($POST['bwztclassid']); } } else { $bwztclassid = $olds['bwztclassid']; } //new //科室分类 // if (empty($olds['bwztdivisionid']) || $POST['bwztdivisionid'] != $olds['bwztdivisionid']) { if (!empty($POST['bwztdivisionid']) && substr($POST['bwztdivisionid'], 0, 4) == 'new:') { //分类名 $bwztdivisionname = shtmlspecialchars(trim(substr($POST['bwztdivisionid'], 4))); $bwztdivisionname = getstr($bwztdivisionname, 0, 1, 1, 1); if (empty($bwztdivisionname)) { $bwztdivisionid = 0; } else { $bwztdivisionid = getcount('bwztdivision', array('bwztdivisionname' => $bwztdivisionname, 'uid' => $_SGLOBAL['supe_uid']), 'bwztdivisionid'); if (empty($bwztdivisionid)) { $setarr = array('bwztdivisionname' => $bwztdivisionname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']); $bwztdivisionid = inserttable('bwztdivision', $setarr, 1); } } } else { $bwztdivisionid = intval($POST['bwztdivisionid']); } } else { $bwztdivisionid = $olds['bwztdivisionid']; } //主表 $bwztarr = array('subject' => $POST['subject'], 'bwztclassid' => $bwztclassid, 'bwztdivisionid' => $bwztdivisionid, 'sex' => $POST['sex'], 'age' => $POST['age'], 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply']) ? 0 : 1); //标题图片 $titlepic = ''; //获取上传的图片 $uploads = array(); if (!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE picid IN (" . simplode($picids) . ") AND uid='{$_SGLOBAL['supe_uid']}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if (empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'] . '.thumb.jpg'; $bwztarr['picflag'] = $value['remote'] ? 2 : 1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if (empty($titlepic) && $value) { $titlepic = $value['filepath']; $bwztarr['picflag'] = $value['remote'] ? 2 : 1; } } //记录图片数组 if ($uploads) { $pics = array(); foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0); $pics[] = array('picurl' => $picurl, 'title' => $value['title']); } $bwztarr['pics'] = json_encode($pics); } //没有填写任何东西 $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message); if (empty($ckmessage)) { return false; } //添加slashes $message = addslashes($message); //从内容中读取图片 if (empty($titlepic)) { $titlepic = getmessagepic($message); $bwztarr['picflag'] = 0; } $bwztarr['pic'] = $titlepic; //热度 if (checkperm('managebwzt')) { $bwztarr['hot'] = intval($POST['hot']); } if ($olds['bwztid']) { //更新 $bwztid = $olds['bwztid']; updatetable('bwzt', $bwztarr, array('bwztid' => $bwztid)); $fuids = array(); $bwztarr['uid'] = $olds['uid']; $bwztarr['username'] = $olds['username']; } else { //参与热闹 $bwztarr['topicid'] = topic_check($POST['topicid'], 'bwzt'); $bwztarr['uid'] = $_SGLOBAL['supe_uid']; $bwztarr['username'] = $_SGLOBAL['supe_username']; $bwztarr['dateline'] = empty($POST['dateline']) ? $_SGLOBAL['timestamp'] : $POST['dateline']; $bwztid = inserttable('bwzt', $bwztarr, 1); } $bwztarr['bwztid'] = $bwztid; //附表 $fieldarr = array('message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids']); //TAG $oldtagstr = addslashes(empty($olds['tag']) ? '' : implode(' ', unserialize($olds['tag']))); $tagarr = array(); if ($POST['tag'] != $oldtagstr) { if (!empty($olds['tag'])) { //先把以前的给清理掉 $oldtags = array(); $query = $_SGLOBAL['db']->query("SELECT tagid, bwztid FROM " . tname('tagbwzt') . " WHERE bwztid='{$bwztid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $oldtags[] = $value['tagid']; } if ($oldtags) { $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET bwztnum=bwztnum-1 WHERE tagid IN (" . simplode($oldtags) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('tagbwzt') . " WHERE bwztid='{$bwztid}'"); } } $tagarr = tag_batch($bwztid, $POST['tag']); //更新附表中的tag $fieldarr['tag'] = empty($tagarr) ? '' : addslashes(serialize($tagarr)); } if ($olds) { //更新 updatetable('bwztfield', $fieldarr, array('bwztid' => $bwztid)); } else { $fieldarr['bwztid'] = $bwztid; $fieldarr['uid'] = $bwztarr['uid']; inserttable('bwztfield', $fieldarr); } //空间更新 if ($isself) { if ($olds) { //空间更新 $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET updatetime='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'"); } else { if (empty($space['bwztnum'])) { $space['bwztnum'] = getcount('bwzt', array('uid' => $space['uid'])); $bwztnumsql = "bwztnum=" . $space['bwztnum']; } else { $bwztnumsql = 'bwztnum=bwztnum+1'; } //积分 $reward = getreward('publishbwzt', 0); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$bwztnumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'"); //统计 updatestat('bwzt'); } } //产生feed if ($POST['makefeed']) { include_once S_ROOT . './source/function_feed.php'; feed_publish($bwztid, 'bwztid', $olds ? 0 : 1); } //热闹 if (empty($olds) && $bwztarr['topicid']) { topic_join($bwztarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']); } //角色切换 if (!empty($__SGLOBAL)) { $_SGLOBAL = $__SGLOBAL; } return $bwztarr; }