function regist()
{
global $BAD_STRING, $BAD_FILEMD5, $BAD_IPADDR, $LIMIT_SENSOR, $THUMB_SETTING;
$PIO = PMCLibrary::getPIOInstance();
$FileIO = PMCLibrary::getFileIOInstance();
$PMS = PMCLibrary::getPMSInstance();
$dest = '';
$mes = '';
$up_incomplete = 0;
$is_admin = false;
$delta_totalsize = 0;
// 總檔案大小的更動值
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
error(_T('regist_notpost'));
}
// 非正規POST方式
// 欄位陷阱
$FTname = isset($_POST['name']) ? $_POST['name'] : '';
$FTemail = isset($_POST['email']) ? $_POST['email'] : '';
$FTsub = isset($_POST['sub']) ? $_POST['sub'] : '';
$FTcom = isset($_POST['com']) ? $_POST['com'] : '';
$FTreply = isset($_POST['reply']) ? $_POST['reply'] : '';
if ($FTname != 'spammer' || $FTemail != '*****@*****.**' || $FTsub != 'DO NOT FIX THIS' || $FTcom != 'EID OG SMAPS' || $FTreply != '') {
error(_T('regist_nospam'));
}
$name = isset($_POST[FT_NAME]) ? CleanStr($_POST[FT_NAME]) : '';
$email = isset($_POST[FT_EMAIL]) ? CleanStr($_POST[FT_EMAIL]) : '';
$sub = isset($_POST[FT_SUBJECT]) ? CleanStr($_POST[FT_SUBJECT]) : '';
$com = isset($_POST[FT_COMMENT]) ? $_POST[FT_COMMENT] : '';
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : '';
$category = isset($_POST['category']) ? CleanStr($_POST['category']) : '';
$resto = isset($_POST['resto']) ? intval($_POST['resto']) : 0;
$upfile = isset($_FILES['upfile']['tmp_name']) ? $_FILES['upfile']['tmp_name'] : '';
$upfile_path = isset($_POST['upfile_path']) ? $_POST['upfile_path'] : '';
$upfile_name = isset($_FILES['upfile']['name']) ? $_FILES['upfile']['name'] : false;
$upfile_status = isset($_FILES['upfile']['error']) ? $_FILES['upfile']['error'] : 4;
$pwdc = isset($_COOKIE['pwdc']) ? $_COOKIE['pwdc'] : '';
$ip = getREMOTE_ADDR();
$host = gethostbyaddr($ip);
$PMS->useModuleMethods('RegistBegin', array(&$name, &$email, &$sub, &$com, array('file' => &$upfile, 'path' => &$upfile_path, 'name' => &$upfile_name, 'status' => &$upfile_status), array('ip' => $ip, 'host' => $host), $resto));
// "RegistBegin" Hook Point
// 封鎖:IP/Hostname/DNSBL 檢查機能
$baninfo = '';
if (BanIPHostDNSBLCheck($ip, $host, $baninfo)) {
error(_T('regist_ipfiltered', $baninfo));
}
// 封鎖:限制出現之文字
foreach ($BAD_STRING as $value) {
if (strpos($com, $value) !== false || strpos($sub, $value) !== false || strpos($name, $value) !== false || strpos($email, $value) !== false) {
error(_T('regist_wordfiltered'));
}
}
// 檢查是否輸入櫻花日文假名
foreach (array($name, $email, $sub, $com) as $anti) {
if (anti_sakura($anti)) {
error(_T('regist_sakuradetected'));
}
}
// 時間
$time = time();
$tim = $time . substr(microtime(), 2, 3);
// 判斷上傳狀態
switch ($upfile_status) {
case 1:
error(_T('regist_upload_exceedphp'));
break;
case 2:
error(_T('regist_upload_exceedcustom'));
break;
case 3:
error(_T('regist_upload_incompelete'));
break;
case 6:
error(_T('regist_upload_direrror'));
break;
case 4:
// 無上傳
if (!$resto && !isset($_POST['noimg'])) {
error(_T('regist_upload_noimg'));
}
break;
case 0:
// 上傳正常
// 上傳正常
default:
}
// 如果有上傳檔案則處理附加圖檔
if ($upfile && (@is_uploaded_file($upfile) || @is_file($upfile))) {
// 一‧先儲存檔案
$dest = STORAGE_PATH . $tim . '.tmp';
@move_uploaded_file($upfile, $dest) or @copy($upfile, $dest);
@chmod($dest, 0666);
if (!is_file($dest)) {
error(_T('regist_upload_filenotfound'), $dest);
}
// 二‧判斷上傳附加圖檔途中是否有中斷
$upsizeTTL = $_SERVER['CONTENT_LENGTH'];
if (isset($_FILES['upfile'])) {
// 有傳輸資料才需要計算,避免作白工
$upsizeHDR = 0;
// 檔案路徑:IE附完整路徑,故得從隱藏表單取得
$tmp_upfile_path = $upfile_name;
if ($upfile_path) {
$tmp_upfile_path = get_magic_quotes_gpc() ? stripslashes($upfile_path) : $upfile_path;
}
list(, $boundary) = explode('=', $_SERVER['CONTENT_TYPE']);
foreach ($_POST as $header => $value) {
// 表單欄位傳送資料
$upsizeHDR += strlen('--' . $boundary . "\r\n");
$upsizeHDR += strlen('Content-Disposition: form-data; name="' . $header . '"' . "\r\n\r\n" . (get_magic_quotes_gpc() ? stripslashes($value) : $value) . "\r\n");
}
// 附加圖檔欄位傳送資料
$upsizeHDR += strlen('--' . $boundary . "\r\n");
$upsizeHDR += strlen('Content-Disposition: form-data; name="upfile"; filename="' . $tmp_upfile_path . "\"\r\n" . 'Content-Type: ' . $_FILES['upfile']['type'] . "\r\n\r\n");
$upsizeHDR += strlen("\r\n--" . $boundary . "--\r\n");
$upsizeHDR += $_FILES['upfile']['size'];
// 傳送附加圖檔資料量
// 上傳位元組差值超過 HTTP_UPLOAD_DIFF:上傳附加圖檔不完全
if ($upsizeTTL - $upsizeHDR > HTTP_UPLOAD_DIFF) {
if (KILL_INCOMPLETE_UPLOAD) {
unlink($dest);
die(_T('regist_upload_killincomp'));
// 給瀏覽器的提示,假如使用者還看的到的話才不會納悶
} else {
$up_incomplete = 1;
}
}
}
// 三‧檢查是否為可接受的檔案
$size = @getimagesize($dest);
if (!is_array($size)) {
error(_T('regist_upload_notimage'), $dest);
}
// $size不為陣列就不是圖檔
$imgsize = @filesize($dest);
// 檔案大小
$imgsize = $imgsize >= 1024 ? (int) ($imgsize / 1024) . ' KB' : $imgsize . ' B';
// KB和B的判別
switch ($size[2]) {
// 判斷上傳附加圖檔之格式
case 1:
$ext = ".gif";
break;
case 2:
$ext = ".jpg";
break;
case 3:
$ext = ".png";
break;
case 4:
$ext = ".swf";
break;
case 5:
$ext = ".psd";
break;
case 6:
$ext = ".bmp";
break;
case 13:
$ext = ".swf";
break;
default:
$ext = ".xxx";
error(_T('regist_upload_notsupport'), $dest);
}
$allow_exts = explode('|', strtolower(ALLOW_UPLOAD_EXT));
// 接受之附加圖檔副檔名
if (array_search(substr($ext, 1), $allow_exts) === false) {
error(_T('regist_upload_notsupport'), $dest);
}
// 並無在接受副檔名之列
// 封鎖設定:限制上傳附加圖檔之MD5檢查碼
$md5chksum = md5_file($dest);
// 檔案MD5
if (array_search($md5chksum, $BAD_FILEMD5) !== FALSE) {
error(_T('regist_upload_blocked'), $dest);
}
// 在封鎖設定內則阻擋
// 四‧計算附加圖檔圖檔縮圖顯示尺寸
$W = $imgW = $size[0];
$H = $imgH = $size[1];
$MAXW = $resto ? MAX_RW : MAX_W;
$MAXH = $resto ? MAX_RH : MAX_H;
if ($W > $MAXW || $H > $MAXH) {
$W2 = $MAXW / $W;
$H2 = $MAXH / $H;
$key = $W2 < $H2 ? $W2 : $H2;
$W = ceil($W * $key);
$H = ceil($H * $key);
}
$mes = _T('regist_uploaded', CleanStr($upfile_name));
}
// 檢查表單欄位內容並修整
if (strlenUnicode($name) > INPUT_MAX) {
error(_T('regist_nametoolong'), $dest);
}
if (strlenUnicode($email) > INPUT_MAX) {
error(_T('regist_emailtoolong'), $dest);
}
if (strlenUnicode($sub) > INPUT_MAX) {
error(_T('regist_topictoolong'), $dest);
}
if (strlenUnicode($resto) > INPUT_MAX) {
error(_T('regist_longthreadnum'), $dest);
}
// E-mail / 標題修整
$email = str_replace("\r\n", '', $email);
$sub = str_replace("\r\n", '', $sub);
// 名稱修整
$name = str_replace(_T('trip_pre'), _T('trip_pre_fake'), $name);
// 防止トリップ偽造
$name = str_replace(CAP_SUFFIX, _T('cap_char_fake'), $name);
// 防止管理員キャップ偽造
$name = str_replace("\r\n", '', $name);
$nameOri = $name;
// 名稱
if (preg_match('/(.*?)[##](.*)/u', $name, $regs)) {
// トリップ(Trip)機能
$name = $nameOri = $regs[1];
$cap = strtr($regs[2], array('&' => '&'));
$salt = preg_replace('/[^\\.-z]/', '.', substr($cap . 'H.', 1, 2));
$salt = strtr($salt, ':;<=>?@[\\]^_`', 'ABCDEFGabcdef');
$name = $name . _T('trip_pre') . substr(crypt($cap, $salt), -10);
}
if (CAP_ENABLE && preg_match('/(.*?)[##](.*)/', $email, $aregs)) {
// 管理員キャップ(Cap)機能
$acap_name = $nameOri;
$acap_pwd = strtr($aregs[2], array('&' => '&'));
if ($acap_name == CAP_NAME && $acap_pwd == CAP_PASS) {
$name = '<span class="admin_cap">' . $name . CAP_SUFFIX . '</span>';
$is_admin = true;
$email = $aregs[1];
// 去除 #xx 密碼
}
}
if (!$is_admin) {
// 非管理員
$name = str_replace(_T('admin'), '"' . _T('admin') . '"', $name);
$name = str_replace(_T('deletor'), '"' . _T('deletor') . '"', $name);
}
$name = str_replace('&' . _T('trip_pre'), '&' . _T('trip_pre'), $name);
// 避免 &#xxxx; 後面被視為 Trip 留下 & 造成解析錯誤
// 內文修整
if (strlenUnicode($com) > COMM_MAX && !$is_admin) {
error(_T('regist_commenttoolong'), $dest);
}
$com = CleanStr($com, $is_admin);
// 引入$is_admin參數是因為當管理員キャップ啟動時,允許管理員依config設定是否使用HTML
if (!$com && $upfile_status == 4) {
error(_T('regist_withoutcomment'));
}
$com = str_replace(array("\r\n", "\r"), "\n", $com);
$com = preg_replace("/\n(( | )*\n){3,}/", "\n", $com);
if (!BR_CHECK || substr_count($com, "\n") < BR_CHECK) {
$com = nl2br($com);
}
// 換行字元用<br />代替
$com = str_replace("\n", '', $com);
// 若還有\n換行字元則取消換行
// 預設的內容
if (!$name || preg_match("/^[ | |]*\$/", $name)) {
if (ALLOW_NONAME) {
$name = DEFAULT_NONAME;
} else {
error(_T('regist_withoutname'), $dest);
}
}
if (!$sub || preg_match("/^[ | |]*\$/", $sub)) {
$sub = DEFAULT_NOTITLE;
}
if (!$com || preg_match("/^[ | |\t]*\$/", $com)) {
$com = DEFAULT_NOCOMMENT;
}
// 修整標籤樣式
if ($category && USE_CATEGORY) {
$category = explode(',', $category);
// 把標籤拆成陣列
$category = ',' . implode(',', array_map('trim', $category)) . ',';
// 去空白再合併為單一字串 (左右含,便可以直接以,XX,形式搜尋)
} else {
$category = '';
}
if ($up_incomplete) {
$com .= '<br /><br /><span class="warn_txt">' . _T('notice_incompletefile') . '</span>';
}
// 上傳附加圖檔不完全的提示
// 密碼和時間的樣式
if ($pwd == '') {
$pwd = $pwdc == '' ? substr(rand(), 0, 8) : $pwdc;
}
$pass = $pwd ? substr(md5($pwd), 2, 8) : '*';
// 生成真正儲存判斷用的密碼
$youbi = array(_T('sun'), _T('mon'), _T('tue'), _T('wed'), _T('thu'), _T('fri'), _T('sat'));
$yd = $youbi[gmdate('w', $time + TIME_ZONE * 60 * 60)];
$now = gmdate('y/m/d', $time + TIME_ZONE * 60 * 60) . '(' . (string) $yd . ')' . gmdate('H:i', $time + TIME_ZONE * 60 * 60);
if (DISP_ID) {
// 顯示ID
if ($email && DISP_ID == 1) {
$now .= ' ID:???';
} else {
$now .= ' ID:' . substr(crypt(md5(getREMOTE_ADDR() . IDSEED . gmdate('Ymd', $time + TIME_ZONE * 60 * 60)), 'id'), -8);
}
}
// 連續投稿 / 相同附加圖檔檢查
$checkcount = 50;
// 預設檢查50筆資料
$pwdc = substr(md5($pwdc), 2, 8);
// Cookies密碼
if ($PIO->isSuccessivePost($checkcount, $com, $time, $pass, $pwdc, $host, $upfile_name)) {
error(_T('regist_successivepost'), $dest);
}
// 連續投稿檢查
if ($dest) {
if ($PIO->isDuplicateAttachment($checkcount, $md5chksum)) {
error(_T('regist_duplicatefile'), $dest);
}
}
// 相同附加圖檔檢查
if ($resto) {
$ThreadExistsBefore = $PIO->isThread($resto);
}
// 舊文章刪除處理
if (PIOSensor::check('delete', $LIMIT_SENSOR)) {
$delarr = PIOSensor::listee('delete', $LIMIT_SENSOR);
if (count($delarr)) {
deleteCache($delarr);
$PMS->useModuleMethods('PostOnDeletion', array($delarr, 'recycle'));
// "PostOnDeletion" Hook Point
$files = $PIO->removePosts($delarr);
if (count($files)) {
$delta_totalsize -= $FileIO->deleteImage($files);
}
// 更新 delta 值
}
}
// 附加圖檔容量限制功能啟動:刪除過大檔
if (STORAGE_LIMIT && STORAGE_MAX > 0) {
$tmp_total_size = $FileIO->getCurrentStorageSize();
// 取得目前附加圖檔使用量
if ($tmp_total_size > STORAGE_MAX) {
$files = $PIO->delOldAttachments($tmp_total_size, STORAGE_MAX, false);
$delta_totalsize -= $FileIO->deleteImage($files);
}
}
// 判斷欲回應的文章是不是剛剛被刪掉了
if ($resto) {
if ($ThreadExistsBefore) {
// 欲回應的討論串是否存在
if (!$PIO->isThread($resto)) {
// 被回應的討論串存在但已被刪
// 提前更新資料來源,此筆新增亦不紀錄
$PIO->dbCommit();
updatelog();
error(_T('regist_threaddeleted'), $dest);
} else {
// 檢查是否討論串被設為禁止回應 (順便取出原討論串的貼文時間)
$post = $PIO->fetchPosts($resto);
// [特殊] 取單篇文章內容,但是回傳的$post同樣靠[$i]切換文章!
list($chkstatus, $chktime) = array($post[0]['status'], $post[0]['tim']);
$chktime = substr($chktime, 0, -3);
// 拿掉微秒 (後面三個字元)
$flgh = $PIO->getPostStatus($chkstatus);
if ($flgh->exists('TS')) {
error(_T('regist_threadlocked'), $dest);
}
}
} else {
error(_T('thread_not_found'), $dest);
}
// 不存在
}
// 計算某些欄位值
$no = $PIO->getLastPostNo('beforeCommit') + 1;
isset($ext) ? 0 : ($ext = '');
isset($imgW) ? 0 : ($imgW = 0);
isset($imgH) ? 0 : ($imgH = 0);
isset($imgsize) ? 0 : ($imgsize = '');
isset($W) ? 0 : ($W = 0);
isset($H) ? 0 : ($H = 0);
isset($md5chksum) ? 0 : ($md5chksum = '');
$age = false;
$status = '';
if ($resto) {
if (!stristr($email, 'sage') && ($PIO->postCount($resto) <= MAX_RES || MAX_RES == 0)) {
if (!MAX_AGE_TIME || $time - $chktime < MAX_AGE_TIME * 60 * 60) {
$age = true;
}
// 討論串並無過期,推文
}
}
$PMS->useModuleMethods('RegistBeforeCommit', array(&$name, &$email, &$sub, &$com, &$category, &$age, $dest, $resto, array($W, $H, $imgW, $imgH), &$status));
// "RegistBeforeCommit" Hook Point
// 正式寫入儲存
$PIO->addPost($no, $resto, $md5chksum, $category, $tim, $ext, $imgW, $imgH, $imgsize, $W, $H, $pass, $now, $name, $email, $sub, $com, $host, $age, $status);
$PIO->dbCommit();
$lastno = $PIO->getLastPostNo('afterCommit');
// 取得此新文章編號
$PMS->useModuleMethods('RegistAfterCommit', array($lastno, $resto, $name, $email, $sub, $com));
// "RegistAfterCommit" Hook Point
// Cookies儲存:密碼與E-mail部分,期限是一週
setcookie('pwdc', $pwd, time() + 7 * 24 * 3600);
setcookie('emailc', $email, time() + 7 * 24 * 3600);
if ($dest && is_file($dest)) {
$destFile = IMG_DIR . $tim . $ext;
// 圖檔儲存位置
$thumbFile = THUMB_DIR . $tim . 's.' . $THUMB_SETTING['Format'];
// 預覽圖儲存位置
if (USE_THUMB !== 0) {
// 生成預覽圖
$thumbType = USE_THUMB;
if (USE_THUMB == 1) {
$thumbType = 'gd';
}
// 與舊設定相容
require ROOTPATH . 'lib/thumb/thumb.' . $thumbType . '.php';
$thObj = new ThumbWrapper($dest, $imgW, $imgH);
$thObj->setThumbnailConfig($W, $H, $THUMB_SETTING);
$thObj->makeThumbnailtoFile($thumbFile);
@chmod($thumbFile, 0666);
unset($thObj);
}
rename($dest, $destFile);
if (file_exists($destFile)) {
$FileIO->uploadImage($tim . $ext, $destFile, filesize($destFile));
$delta_totalsize += filesize($destFile);
}
if (file_exists($thumbFile)) {
$FileIO->uploadImage($tim . 's.' . $THUMB_SETTING['Format'], $thumbFile, filesize($thumbFile));
$delta_totalsize += filesize($thumbFile);
}
}
// delta != 0 表示總檔案大小有更動,須更新快取
if ($delta_totalsize != 0) {
$FileIO->updateStorageSize($delta_totalsize);
}
updatelog();
// 引導使用者至新頁面
$RedirURL = PHP_SELF2 . '?' . $tim;
// 定義儲存資料後轉址目標
if (isset($_POST['up_series'])) {
// 勾選連貼機能
if ($resto) {
$RedirURL = PHP_SELF . '?res=' . $resto . '&upseries=1';
} else {
$RedirURL = PHP_SELF . '?res=' . $lastno . '&upseries=1';
// 新增主題後繼續轉到此主題下
}
}
$RedirforJS = strtr($RedirURL, array("&" => "&"));
// JavaScript用轉址目標
echo <<<_REDIR_
<!DOCTYPE html>
<html lang="zh-TW">
<head>
<meta charset="utf-8">
<title></title>
<meta http-equiv="Refresh" content="1;URL={$RedirURL}" />
<script type="text/javascript">
// Redirection (use JS)
// <![CDATA[
function redir(){
\tlocation.href = "{$RedirforJS}";
}
setTimeout("redir()", 1000);
// ]]>
</script>
</head>
<body>
<div>
_REDIR_;
echo _T('regist_redirect', $mes, $RedirURL) . '</div>
</body>
</html>';
}
function ModulePage()
{
global $PIO, $FileIO, $PMS, $language, $BAD_STRING, $BAD_FILEMD5, $BAD_IPADDR, $LIMIT_SENSOR;
if (!isset($_GET['no'])) {
die('[Error] not enough parameter.');
}
if (!isset($_POST['mode'])) {
// 顯示表單
if (!$this->shown_in_page && !adminAuthenticate('check')) {
die('[Error] Access Denied.');
}
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
extract($post[0]);
$PMS->loadModules('mod_bbcode');
//嘗試載入mod_bbcode
if ($bbcode = $PMS->getModuleInstance('mod_bbcode')) {
$bbcode->_html2bb($com);
}
$name = preg_replace('|<span.*?>(.*?)</span>|', '\\1', $name);
$dat = '';
head($dat);
$PMS->hookModuleMethod('PostInfo', array($this, '_EditPostInfo'));
form($dat, $resto, false, $this->mypage . '&no=' . $_GET['no'], $name, $email, $sub, str_replace('<br />', "\n", $com), substr(str_replace(',', ',', $category), 1, -1), 'edit');
foot($dat);
echo $dat;
} else {
// 儲存
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
error(_T('regist_notpost'));
}
// 非正規POST方式
$post = $PIO->fetchPosts($_GET['no']);
$newValues = array();
if (!count($post)) {
die('[Error] Post does not exist.');
}
$name = isset($_POST[FT_NAME]) ? $_POST[FT_NAME] : '';
$email = isset($_POST[FT_EMAIL]) ? $_POST[FT_EMAIL] : '';
$sub = isset($_POST[FT_SUBJECT]) ? $_POST[FT_SUBJECT] : '';
$com = isset($_POST[FT_COMMENT]) ? $_POST[FT_COMMENT] : '';
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : '';
$category = isset($_POST['category']) ? $_POST['category'] : '';
$resto = isset($_POST['resto']) ? $_POST['resto'] : 0;
$upfile = '';
$upfile_path = '';
$upfile_name = false;
$upfile_status = 4;
$pwdc = isset($_COOKIE['pwdc']) ? $_COOKIE['pwdc'] : '';
if ($resto && !$PIO->isThread($resto)) {
die('[Error] Thread was deleted.');
}
$is_admin = $haveperm = $pwd == ADMIN_PASS || adminAuthenticate('check');
$PMS->useModuleMethods('Authenticate', array($pwd, 'useredit', &$haveperm));
if ($pwd == '' && $pwdc != '') {
$pwd = $pwdc;
}
$pwd_md5 = substr(md5($pwd), 2, 8);
$host = gethostbyaddr(getREMOTE_ADDR());
if (!($pwd_md5 == $post[0]['pwd'] || $host == $post[0]['host'] || $haveperm)) {
die('[Error] Access denied.');
}
// 欄位陷阱
$FTname = isset($_POST['name']) ? $_POST['name'] : '';
$FTemail = isset($_POST['email']) ? $_POST['email'] : '';
$FTsub = isset($_POST['sub']) ? $_POST['sub'] : '';
$FTcom = isset($_POST['com']) ? $_POST['com'] : '';
$FTreply = isset($_POST['reply']) ? $_POST['reply'] : '';
if ($FTname != 'spammer' || $FTemail != '*****@*****.**' || $FTsub != 'DO NOT FIX THIS' || $FTcom != 'EID OG SMAPS' || $FTreply != '') {
error(_T('regist_nospam'));
}
// 封鎖:IP/Hostname/DNSBL 檢查機能
$ip = getREMOTE_ADDR();
$host = gethostbyaddr($ip);
$baninfo = '';
if (BanIPHostDNSBLCheck($ip, $host, $baninfo)) {
error(_T('regist_ipfiltered', $baninfo));
}
// 封鎖:限制出現之文字
foreach ($BAD_STRING as $value) {
if (strpos($com, $value) !== false || strpos($sub, $value) !== false || strpos($name, $value) !== false || strpos($email, $value) !== false) {
error(_T('regist_wordfiltered'));
}
}
$PMS->useModuleMethods('RegistBegin', array(&$name, &$email, &$sub, &$com, array('file' => &$upfile, 'path' => &$upfile_path, 'name' => &$upfile_name, 'status' => &$upfile_status), array('ip' => $ip, 'host' => $host)));
// "RegistBegin" Hook Point
// 檢查是否輸入櫻花日文假名
$chkanti = array($name, $email, $sub, $com);
foreach ($chkanti as $anti) {
if (anti_sakura($anti)) {
error(_T('regist_sakuradetected'));
}
}
// 檢查表單欄位內容並修整
if (strlen($name) > 100) {
error(_T('regist_nametoolong'));
}
if (strlen($email) > 100) {
error(_T('regist_emailtoolong'));
}
if (strlen($sub) > 100) {
error(_T('regist_topictoolong'));
}
if (strlen($resto) > 10) {
error(_T('regist_longthreadnum'));
}
$email = CleanStr($email);
$email = str_replace("\r\n", '', $email);
$sub = CleanStr($sub);
$sub = str_replace("\r\n", '', $sub);
$resto = CleanStr($resto);
$resto = str_replace("\r\n", '', $resto);
// 名稱修整
$name = CleanStr($name);
$name = str_replace(_T('trip_pre'), _T('trip_pre_fake'), $name);
// 防止トリップ偽造
$name = str_replace(CAP_SUFFIX, _T('cap_char_fake'), $name);
// 防止管理員キャップ偽造
$name = str_replace("\r\n", '', $name);
$nameOri = $name;
// 名稱
if (preg_match('/(.*?)[##](.*)/u', $name, $regs)) {
// トリップ(Trip)機能
$name = $nameOri = $regs[1];
$cap = strtr($regs[2], array('&' => '&'));
$salt = preg_replace('/[^\\.-z]/', '.', substr($cap . 'H.', 1, 2));
$salt = strtr($salt, ':;<=>?@[\\]^_`', 'ABCDEFGabcdef');
$name = $name . _T('trip_pre') . substr(crypt($cap, $salt), -10);
}
if (CAP_ENABLE && preg_match('/(.*?)[##](.*)/', $email, $aregs)) {
// 管理員キャップ(Cap)機能
$acap_name = $nameOri;
$acap_pwd = strtr($aregs[2], array('&' => '&'));
if ($acap_name == CAP_NAME && $acap_pwd == CAP_PASS) {
$name = '<span class="admin_cap">' . $name . CAP_SUFFIX . '</span>';
$is_admin = true;
$email = $aregs[1];
// 去除 #xx 密碼
}
}
if (!$is_admin) {
// 非管理員
$name = str_replace(_T('admin'), '"' . _T('admin') . '"', $name);
$name = str_replace(_T('deletor'), '"' . _T('deletor') . '"', $name);
}
$name = str_replace('&◆', '&◆', $name);
// 避免 &#xxxx; 後面被視為 Trip 留下 & 造成解析錯誤
// 內文修整
if (strlen($com) > COMM_MAX && !$is_admin) {
error(_T('regist_commenttoolong'));
}
$com = CleanStr($com, $is_admin);
// 引入$is_admin參數是因為當管理員キャップ啟動時,允許管理員依config設定是否使用HTML
$com = str_replace("\r\n", "\n", $com);
$com = str_replace("\r", "\n", $com);
$com = ereg_replace("\n(( | )*\n){3,}", "\n", $com);
if (!BR_CHECK || substr_count($com, "\n") < BR_CHECK) {
$com = nl2br($com);
}
// 換行字元用<br />代替
$com = str_replace("\n", '', $com);
// 若還有\n換行字元則取消換行
if ($category && USE_CATEGORY) {
// 修整標籤樣式
$category = explode(',', $category);
// 把標籤拆成陣列
$category = ',' . implode(',', array_map('trim', $category)) . ',';
// 去空白再合併為單一字串 (左右含,便可以直接以,XX,形式搜尋)
} else {
$category = '';
}
$age = false;
$dest = '';
$W = $post[0]['tw'];
$H = $post[0]['th'];
$imgW = $post[0]['imgw'];
$imgH = $post[0]['imgh'];
$status = $post[0]['status'];
$PMS->useModuleMethods('RegistBeforeCommit', array(&$name, &$email, &$sub, &$com, &$category, &$age, $dest, $resto, array($W, $H, $imgW, $imgH), &$status));
// "RegistBeforeCommit" Hook Point
if ($name != $post[0]['name'] && $_POST[FT_NAME]) {
$newValues['name'] = $name;
}
if ($email != $post[0]['email'] && $_POST[FT_EMAIL]) {
$newValues['email'] = $email;
}
if ($sub != $post[0]['sub'] && $_POST[FT_SUBJECT]) {
$newValues['sub'] = $sub;
}
if ($com != $post[0]['com'] && $_POST[FT_COMMENT]) {
$newValues['com'] = $com;
}
if ($category != $post[0]['category'] && $_POST['category']) {
$newValues['category'] = $category;
}
$PIO->updatePost($_GET['no'], $newValues);
$PIO->dbCommit();
$parentNo = $post[0]['resto'] ? $post[0]['resto'] : $post[0]['no'];
$threads = array_flip($PIO->fetchThreadList());
$threadPage = floor($threads[$parentNo] / PAGE_DEF);
if (STATIC_HTML_UNTIL == -1 || $threadPage <= STATIC_HTML_UNTIL) {
updatelog(0, $threadPage, true);
}
// 僅更新討論串出現那頁
deleteCache(array($parentNo));
// 刪除討論串舊快取
header('HTTP/1.1 302 Moved Temporarily');
header('Location: ' . fullURL() . PHP_SELF2 . '?' . time());
}
}
