$_GET['url'] = str_replace('&', '&', dhtmlspecialchars($_GET['url'])); $_GET['from'] = dhtmlspecialchars($_GET['from']); $_GET['fromurl'] = str_replace('&', '&', dhtmlspecialchars($_GET['fromurl'])); $_GET['dateline'] = !empty($_GET['dateline']) ? strtotime($_GET['dateline']) : TIMESTAMP; if (substr($_GET['url'], 0, 7) !== 'http://') { $_GET['url'] = ''; } if (substr($_GET['fromurl'], 0, 7) !== 'http://') { $_GET['fromurl'] = ''; } if (censormod($_POST['title']) || $_G['group']['allowpostarticlemod']) { $article_status = 1; } else { $article_status = 0; } $setarr = array('title' => $_POST['title'], 'author' => $_GET['author'], 'from' => $_GET['from'], 'fromurl' => $_GET['fromurl'], 'dateline' => intval($_GET['dateline']), 'url' => $_GET['url'], 'allowcomment' => !empty($_POST['forbidcomment']) ? '0' : '1', 'summary' => $summary, 'catid' => intval($_POST['catid']), 'tag' => article_make_tag($_POST['tag']), 'status' => $article_status, 'highlight' => $style, 'showinnernav' => empty($_POST['showinnernav']) ? '0' : '1'); if (empty($setarr['catid'])) { showmessage('article_choose_system_category'); } if ($_GET['conver']) { $converfiles = dunserialize($_GET['conver']); $setarr['pic'] = $converfiles['pic']; $setarr['thumb'] = intval($converfiles['thumb']); $setarr['remote'] = intval($converfiles['remote']); } $id = 0; $idtype = ''; if (empty($article)) { $setarr['uid'] = $_G['uid']; $setarr['username'] = $_G['username']; $setarr['id'] = intval($_POST['id']);
function getdata($style, $parameter) { global $_G; $parameter = $this->cookparameter($parameter); $aids = !empty($parameter['aids']) ? explode(',', $parameter['aids']) : array(); $uids = !empty($parameter['uids']) ? explode(',', $parameter['uids']) : array(); $keyword = !empty($parameter['keyword']) ? $parameter['keyword'] : ''; $tag = !empty($parameter['tag']) ? $parameter['tag'] : array(); $starttime = !empty($parameter['starttime']) ? strtotime($parameter['starttime']) : 0; $endtime = !empty($parameter['endtime']) ? strtotime($parameter['endtime']) : 0; $publishdateline = isset($parameter['publishdateline']) ? intval($parameter['publishdateline']) : 0; $startrow = isset($parameter['startrow']) ? intval($parameter['startrow']) : 0; $items = isset($parameter['items']) ? intval($parameter['items']) : 10; $titlelength = isset($parameter['titlelength']) ? intval($parameter['titlelength']) : 40; $summarylength = isset($parameter['summarylength']) ? intval($parameter['summarylength']) : 80; $clickarr = array('click1', 'click2', 'click3', 'click4', 'click5', 'click6', 'click7', 'click8'); $orderby = in_array($parameter['orderby'], array_merge(array('dateline', 'viewnum', 'commentnum'), $clickarr)) ? $parameter['orderby'] : 'dateline'; $catid = array(); if (!empty($parameter['catid'])) { if ($parameter['catid'][0] == '0') { unset($parameter['catid'][0]); } $catid = $parameter['catid']; } $picrequired = !empty($parameter['picrequired']) ? 1 : 0; $bannedids = !empty($parameter['bannedids']) ? explode(',', $parameter['bannedids']) : array(); loadcache('portalcategory'); $list = array(); $wheres = array(); if ($aids) { $wheres[] = 'at.aid IN (' . dimplode($aids) . ')'; } if ($uids) { $wheres[] = 'at.uid IN (' . dimplode($uids) . ')'; } if ($catid) { include_once libfile('function/portalcp'); $childids = array(); foreach ($catid as $id) { if ($_G['cache']['portalcategory'][$id]['disallowpublish']) { $childids = array_merge($childids, category_get_childids('portal', $id)); } } $catid = array_merge($catid, $childids); $catid = array_unique($catid); $wheres[] = 'at.catid IN (' . dimplode($catid) . ')'; } if (!$aids && !$catid && $_G['setting']['blockmaxaggregationitem']) { if (($maxid = $this->getmaxid() - $_G['setting']['blockmaxaggregationitem']) > 0) { $wheres[] = 'at.aid > ' . $maxid; } } if (empty($aids) && $picrequired) { $wheres[] = "at.pic != ''"; } if ($publishdateline) { $time = TIMESTAMP - $publishdateline; $wheres[] = "at.dateline >= '{$time}'"; } if ($starttime) { $wheres[] = "at.dateline >= '{$starttime}'"; } if ($endtime) { $wheres[] = "at.dateline <= '{$endtime}'"; } if ($bannedids) { $wheres[] = 'at.aid NOT IN (' . dimplode($bannedids) . ')'; } $wheres[] = "at.status='0'"; if (is_array($tag)) { $article_tags = array(); foreach ($tag as $k) { $article_tags[$k] = 1; } include_once libfile('function/portalcp'); $v = article_make_tag($article_tags); if ($v > 0) { $wheres[] = "(at.tag & {$v}) = {$v}"; } } if ($keyword) { require_once libfile('function/search'); $keyword = searchkey($keyword, "at.title LIKE '%{text}%'"); } $wheresql = $wheres ? implode(' AND ', $wheres) : '1'; if (in_array($orderby, $clickarr)) { $orderby = "at.{$orderby} DESC,at.dateline DESC"; } else { $orderby = $orderby == 'dateline' ? 'at.dateline DESC ' : "ac.{$orderby} DESC"; } $query = DB::query("SELECT at.*, ac.viewnum, ac.commentnum FROM " . DB::table('portal_article_title') . " at LEFT JOIN " . DB::table('portal_article_count') . " ac ON at.aid=ac.aid WHERE {$wheresql}{$keyword} ORDER BY {$orderby} LIMIT {$startrow}, {$items}"); while ($data = DB::fetch($query)) { if (empty($data['pic'])) { $data['pic'] = STATICURL . 'image/common/nophoto.gif'; $data['picflag'] = '0'; } else { $data['pic'] = $data['pic']; $data['picflag'] = $data['remote'] == '1' ? '2' : '1'; } $list[] = array('id' => $data['aid'], 'idtype' => 'aid', 'title' => cutstr($data['title'], $titlelength, ''), 'url' => 'portal.php?mod=view&aid=' . $data['aid'], 'pic' => $data['pic'], 'picflag' => $data['picflag'], 'summary' => cutstr(strip_tags($data['summary']), $summarylength, ''), 'fields' => array('uid' => $data['uid'], 'username' => $data['username'], 'avatar' => avatar($data['uid'], 'small', true, false, false, $_G['setting']['ucenterurl']), 'avatar_middle' => avatar($data['uid'], 'middle', true, false, false, $_G['setting']['ucenterurl']), 'avatar_big' => avatar($data['uid'], 'big', true, false, false, $_G['setting']['ucenterurl']), 'fulltitle' => $data['title'], 'dateline' => $data['dateline'], 'caturl' => $_G['cache']['portalcategory'][$data['catid']]['caturl'], 'catname' => $_G['cache']['portalcategory'][$data['catid']]['catname'], 'articles' => $_G['cache']['portalcategory'][$data['catid']]['articles'], 'viewnum' => intval($data['viewnum']), 'commentnum' => intval($data['commentnum']))); } return array('html' => '', 'data' => $list); }
$likekeys = array('title', 'username'); $results = getwheres($intkeys, $strkeys, $randkeys, $likekeys); foreach ($likekeys as $k) { $_GET[$k] = dhtmlspecialchars($_GET[$k]); } $wherearr = $results['wherearr']; $mpurl .= '&' . implode('&', $results['urls']); if (!empty($_GET['catid'])) { $catid = intval($_GET['catid']); $mpurl .= '&catid=' . $catid; $catids = category_get_childids('portal', $_GET['catid']); $catids[] = $_GET['catid']; $wherearr[] = 'catid IN (' . dimplode($catids) . ')'; } if (!empty($_GET['tag'])) { $tag = article_make_tag($_GET['tag']); $wherearr[] = "(tag & '{$tag}' = '{$tag}')"; foreach ($_GET['tag'] as $k => $v) { $mpurl .= "&tag[{$k}]={$v}"; } } $wheresql = empty($wherearr) ? '1' : implode(' AND ', $wherearr); $orders = getorders(array('dateline'), 'aid'); $ordersql = $orders['sql']; if ($orders['urls']) { $mpurl .= '&' . implode('&', $orders['urls']); } $orderby = array($_GET['orderby'] => ' selected'); $ordersc = array($_GET['ordersc'] => ' selected'); $perpage = empty($_GET['perpage']) ? 0 : intval($_GET['perpage']); if (!in_array($perpage, array(10, 20, 50, 100))) {
$summary = censor($summary); $prename = getstr(dhtmlspecialchars($_POST['prename']), 255, 1, 1); $prename = censor($prename); $_G['gp_author'] = dhtmlspecialchars($_G['gp_author']); $_G['gp_url'] = str_replace('&', '&', dhtmlspecialchars($_G['gp_url'])); $_G['gp_from'] = dhtmlspecialchars($_G['gp_from']); $_G['gp_fromurl'] = str_replace('&', '&', dhtmlspecialchars($_G['gp_fromurl'])); $_G['gp_dateline'] = !empty($_G['gp_dateline']) ? strtotime($_G['gp_dateline']) : TIMESTAMP; $_G['gp_shorttitle'] = getstr(trim(dhtmlspecialchars($_G['gp_shorttitle'])), 80, 1, 1); $_G['gp_shorttitle'] = censor($_G['gp_shorttitle']); if (censormod($prename) || censormod($_G['gp_shorttitle']) || censormod($_POST['title']) || $_G['group']['allowpostarticlemod']) { $article_status = 1; } else { $article_status = 0; } $setarr = array('title' => $_POST['title'], 'shorttitle' => $_G['gp_shorttitle'], 'author' => $_G['gp_author'], 'from' => $_G['gp_from'], 'fromurl' => $_G['gp_fromurl'], 'dateline' => intval($_G['gp_dateline']), 'url' => $_G['gp_url'], 'allowcomment' => !empty($_POST['forbidcomment']) ? '0' : '1', 'summary' => addslashes($summary), 'prename' => $prename, 'preurl' => $_POST['preurl'], 'catid' => intval($_POST['catid']), 'tag' => article_make_tag($_POST['tag']), 'status' => $article_status); if (empty($setarr['catid'])) { showmessage('article_choose_system_category'); } if ($_G['gp_conver']) { $converfiles = unserialize(stripcslashes($_G['gp_conver'])); $setarr['pic'] = addslashes($converfiles['pic']); $setarr['thumb'] = intval($converfiles['thumb']); $setarr['remote'] = intval($converfiles['remote']); } $id = 0; $idtype = ''; if (empty($article)) { $setarr['uid'] = $_G['uid']; $setarr['username'] = $_G['username']; $setarr['id'] = intval($_POST['id']);
$article_status = 1; } else { $article_status = 0; } $setarr = array( 'title' => $_POST['title'], 'author' => $_GET['author'], 'from' => $_GET['from'], 'fromurl' => $_GET['fromurl'], 'dateline' => intval($_GET['dateline']), 'url' => $_GET['url'], 'allowcomment' => !empty($_POST['forbidcomment']) ? '0' : '1', 'summary' => $summary, 'catid' => intval($_POST['catid']), 'tag' => article_make_tag($_POST['tag']), 'status' => $article_status, 'highlight' => $style, 'showinnernav' => empty($_POST['showinnernav']) ? '0' : '1', ); if(empty($setarr['catid'])) { showmessage('article_choose_system_category'); } if($_GET['conver']) { $converfiles = dunserialize($_GET['conver']); $setarr['pic'] = $converfiles['pic']; $setarr['thumb'] = intval($converfiles['thumb']); $setarr['remote'] = intval($converfiles['remote']); }
function article_edit() { global $_G; include_once libfile('function/portalcp'); include_once libfile('function/spacecp'); include_once libfile('function/home'); require_once libfile('function/forumlist'); pload('F:spider'); if ($_GET['submit']) { $setarr = $_GET['set']; if (check_uid($setarr['uid']) == 'no') { cpmsg_error(milu_lang('user_no_exists')); } $pick_common_set = get_pick_set(); $pid = intval($_GET['pid']); $p_arr = get_pick_info($pid); $setarr['portal_cid'] = $_GET['portal']; $setarr['forum_fid'] = $_GET['forums']; $setarr['forum_typeid'] = $_GET['threadtypeid']; $setarr['blog_big_cid'] = $_GET['blog']; $setarr['blog_small_cid'] = $_GET['classid']; $setarr['title'] = getstr(trim($setarr['title']), 80, 1, 1); if (strlen($setarr['title']) < 1) { cpmsg_error(milu_lang('title_no_empty')); } if (empty($setarr['summary'])) { $setarr['summary'] = portalcp_get_summary(stripslashes($_GET['message'])); } $set_arr['summary'] = addslashes($setarr['summary']); $setarr['public_time'] = strtotime($setarr['public_time']); $setarr['from'] = dhtmlspecialchars($setarr['from']); $setarr['article_tag'] = dhtmlspecialchars($setarr['article_tag']); $setarr['fromurl'] = str_replace('&', '&', dhtmlspecialchars($setarr['fromurl'])); $aid = intval($_GET['aid']); $pid = intval($_GET['pid']); $status = intval($_GET['status']); $relatedarr = array(); if ($_GET['raids']) { $relatedarr = array_map('intval', $_GET['raids']); $relatedarr = array_unique($relatedarr); $relatedarr = array_filter($relatedarr); $setarr['raids'] = serialize($relatedarr); } $setarr['tag'] = article_make_tag($_GET['tag']); $setarr['last_modify'] = $_G['timestamp']; $user_info = get_user_info($setarr['uid']); $setarr['username'] = $user_info['username']; $article_arr = $setarr; DB::update('strayer_article_title', paddslashes($setarr), array('aid' => $aid)); $article_arr['is_download_img'] = $setarr['is_download_img']; $article_arr['is_water_img'] = $setarr['is_water_img']; $setarr = array(); $content = $_GET['message']; if (!$_GET['is_bbs']) { $regexp = '/(###NextPage(\\[title=(.*?)\\])?###)+/'; preg_match_all($regexp, $content, $arr); $contents = preg_split($regexp, $content); DB::delete('strayer_article_content', "aid='{$aid}'"); foreach ($contents as $k => $v) { $v = dstripslashes($v); $setarr['content'] = trim($v); $setarr['pageorder'] = $k + 1; $setarr['aid'] = $aid; $setarr['dateline'] = $_G['timestamp']; $article_arr['content_arr'][$k] = $setarr; DB::insert("strayer_article_content", paddslashes($setarr), true); } } else { //如果是带回复的 $setarr['content'] = trim($content); $setarr = dstripslashes($setarr); DB::update("strayer_article_content", paddslashes($setarr), array('aid' => $aid, 'pageorder' => 1)); } //var_dump($aid);exit(); $setarr = array(); $article_view_url = ''; if ($_GET['public_flag']) { $select = $_GET['select']; $article_arr['is_bbs'] = $_GET['is_bbs']; $article_arr['contents'] = $article_arr['is_bbs'] ? 1 : count($contents); $article_arr['content'] = dstripslashes(clear_ad_html($_GET['message'])); $article_arr['public_reply_seq'] = $p_arr['public_reply_seq']; $article_arr['is_public_reply'] = $p_arr['is_public_reply']; $article_arr['reply_uid'] = $p_arr['reply_uid']; $article_arr['is_page_public'] = $p_arr['is_page_public']; if ($p_arr['is_word_replace'] == 1) { //同义词替换 if ($article_arr['is_bbs'] != 1 && $article_arr['contents'] > 0) { //有几页的文章 $article_arr['content_arr'] = article_words_replace($article_arr['content_arr']); } $article_arr['content'] = article_words_replace($article_arr['content']); $article_arr['title'] = article_words_replace($article_arr['title']); if ($article_arr['reply']) { $article_arr['reply'] = article_words_replace($article_arr['reply']); } } $article_arr['content'] = str_replace("###NextPage###", "<\\br>", $article_arr['content']); $arr['content'] = htmlspecialchars_decode($arr['content'], ENT_QUOTES); $arr['content'] = format_html($arr['content']); $data_article_arr = article_info($aid); $is_timing = $pick_common_set['is_timing']; //if(!VIP) $is_timing = 0; //发布时间大于当前时间,放入定时发布中 if ($article_arr['public_time'] > $_G['timestamp'] && $is_timing == 1 && $aid) { if ($select == 1) { //门户 $timing_public_arr['portal'] = $article_arr['portal_cid']; } else { if ($select == 2) { //论坛 $timing_public_arr['forums'] = $article_arr['forum_fid']; $timing_public_arr['threadtypeid'] = $article_arr['forum_typeid']; } else { $timing_public_arr['blog'] = $article_arr['blog_big_cid']; $timing_public_arr['classid'] = $article_arr['blog_small_cid']; } } $timing_setarr = array('public_type' => $select, 'data_id' => $aid, 'content_type' => 1, 'public_dateline' => $article_arr['public_time'], 'pid' => $pid, 'public_info' => serialize($timing_public_arr)); article_timing_add($timing_setarr); cpmsg(milu_lang('article_public_timming', array('d' => dgmdate($article_arr['public_time'], 'u'))), PICK_GO . 'picker_manage&myfunc=article_edit&aid=' . $aid . '&pid=' . $pid, 'succeed'); return; } if ($select == 1) { //门户 $old_arr['portal_id'] = intval($_GET['old_portal_id']); $article_arr['relatedarr'] = $relatedarr; $setarr['portal_id'] = $article_arr['aid'] = article_move_portal($article_arr, $old_arr); //var_dump($setarr['portal_id']);exit(); $article_arr['cookie'] = $p_arr['login_cookie']; $article_arr['page_url'] = $data_article_arr['url']; $article_arr['is_download_file'] = $p_arr['is_download_file']; $article_arr['content_filter_html'] = unserialize(dstripslashes($p_arr['content_filter_html'])); downremotefile($article_arr, 'portal', $old_arr); article_thumb($setarr['portal_id']); $article_view_url = 'portal.php?mod=view&aid=' . $setarr['portal_id']; } else { if ($select == 2) { //论坛 if ($article_arr['contents'] > 1 && $article_arr['is_bbs'] == 0 && $p_arr['is_page_public'] == 1) { $article_arr['is_public_reply'] = 1; $article_arr['public_reply_seq'] = 0; $article_arr['is_content_reply'] = 1; $article_arr['is_bbs'] = 1; $article_arr['content'] = $article_arr['content_arr'][0]['content']; } else { if ($article_arr['is_bbs'] != 1) { $article_arr['reply'] = array(); } } if ($article_arr['is_bbs']) { $article_arr['reply'] = $data_article_arr['reply']; } $article_arr['cookie'] = $p_arr['login_cookie']; $article_arr['page_url'] = $data_article_arr['url']; $old_arr['forum_id'] = intval($_GET['old_forum_id']); $forum_arr = article_move_forums($article_arr, $old_arr); if ($forum_arr['is_download_img'] == 1) { //下载图片 $forum_arr['cookie'] = $p_arr['login_cookie']; $forum_arr['is_download_img'] = $article_arr['is_download_img']; $forum_arr['is_download_file'] = $p_arr['is_download_file']; $forum_arr['is_water_img'] = $article_arr['is_water_img']; forum_downremotefile($forum_arr, $old_arr); } $setarr['forum_id'] = $article_arr['tid'] = $forum_arr['tid']; $article_view_url = 'forum.php?mod=viewthread&tid=' . $setarr['forum_id']; } else { //博客 $old_arr['catid'] = intval($_GET['old_blog_big_cid']); $old_arr['classid'] = intval($_GET['old_blog_small_cid']); $old_arr['uid'] = intval($_GET['old_uid']); $old_arr['username'] = $_GET['old_username']; $old_arr['blog_id'] = $_GET['old_blog_id']; $setarr['blog_id'] = $article_arr['aid'] = article_move_blog($article_arr, $old_arr); $article_arr['cookie'] = $p_arr['login_cookie']; $article_arr['page_url'] = $data_article_arr['url']; $arr['is_download_file'] = $p_arr['is_download_file']; $arr['content_filter_html'] = unserialize(dstripslashes($p_arr['content_filter_html'])); downremotefile($article_arr, 'album', $old_arr); $article_view_url = 'home.php?mod=space&do=blog&uid=' . $article_arr['uid'] . '&id=' . $setarr['blog_id']; } } $setarr['status'] = 2; DB::update('strayer_article_title', $setarr, array('aid' => $aid)); } $msg = $_GET['public_flag'] ? milu_lang('public') : milu_lang('save'); $return_url = '?' . PICK_GO . 'picker_manage&myac=article_manage&p=1&pid=' . $pid . $_GET['url_args']; $return_list_html = '<a href="' . $return_url . '">' . milu_lang('return_list') . '</a>'; if ($article_view_url) { $article_view_output = ' <span class="pipe">|</span> <a target="_blank" href="' . $article_view_url . '">' . milu_lang('view_article') . '</a>'; } cpmsg(milu_lang('save_success', array('msg' => $msg)) . '<br><br><a href="?' . PICK_GO . 'picker_manage&myfunc=article_edit&aid=' . $aid . '&pid=' . $pid . '">' . milu_lang('continue_edit') . '</a> <span class="pipe">|</span> ' . $return_list_html . $article_view_output, PICK_GO . 'picker_manage&myfunc=article_edit&aid=' . $aid . '&pid=' . $pid, 'succeed'); } else { $pid = intval($_GET['pid']); $p_arr = get_pick_info($pid); $p_arr['public_class'] = unserialize($p_arr['public_class']); $aid = intval($_GET['aid']); $data = article_info($aid); $data['p_arr'] = $p_arr; $data['status'] = intval($_GET['status']); if (!$data['view_num']) { $view_arr = format_wrap($p_arr['view_num'], ','); if ($view_arr) { $data['view_num'] = rand($view_arr[0], $view_arr[1]); } } if ($data['contents'] > 1) { if ($data['content_arr']) { $data['content'] = content_merge($data['content_arr'], 1); } } $time_arr = create_public_time($data, 1); $data['public_time'] = array_pop($time_arr); $data['public_time'] = dgmdate($data['public_time'], 'Y-m-d H:i'); if (!$data['uid']) { $rand_arr = get_rand_uid($p_arr); $data['uid'] = $rand_arr[0]['uid']; } $data['raids'] = unserialize($data['raids']); if ($data['raids']) { $query = DB::query("SELECT title,aid FROM " . DB::table('portal_article_title') . " WHERE aid IN (" . dimplode($data['raids']) . ")"); $list = array(); while ($value = DB::fetch($query)) { $list[$value['aid']] = $value; $data['raids_html'] .= '<li id="raid_li_' . $value['aid'] . '"><input type="hidden" name="raids[]" value="' . $value['aid'] . '" size="5"><a href="portal.php?mod=view&aid=' . $value['aid'] . '" target="_blank">' . $value['title'] . '</a>(' . milu_lang('article') . ' ID: ' . $value['aid'] . ')<a href="javascript:;" onclick="raid_delete(' . $value['aid'] . ');" class="xg1">' . milu_lang('del') . '</a></li>'; } } if (!$data['forum_typeid']) { $data['forum_typeid'] = $p_arr['public_class'][1]; } $data['threadtypes'] = getthreadtypes(array('typeid' => $p_arr['public_class'][1], 'fid' => $p_arr['public_class'][0])); $data['forumselect'] = '<select id="forums" name="forums" onchange="getthreadtypes(this.value, 0)">' . forumselect(FALSE, 0, $p_arr['public_class'][0], TRUE) . '</select> <span id="threadtypes">' . $data['threadtypes'] . '</span>'; $data['portalselect'] = category_showselect('portal', 'portal', $p_arr['public_class'][0]); $data['blogselect'] = category_showselect('blog', 'blog', $p_arr['public_class'][0]); $data['article_tags'] = article_parse_tags($data['tag']); $data['tag_names'] = article_tagnames(); $data['show_blog_class'] = get_person_blog_class($data['uid'], $data['blog_small_cid']); $data['pid'] = $pid; $data['public_type'] = $p_arr['public_type']; $data['content'] = dhtmlspecialchars($data['content']); $data['url_args'] = $_GET['url_args']; return $data; } }