$Message = empty($_POST['message']) ? '' : getstr($_POST['message']);
$TagId = empty($_POST['tagid']) ? 0 : intval($_POST['tagid']);
$FromDevice = trim($_POST['fromdevice']);
if (trim($Message) == null || trim($Subject) == null) {
$arrs = array('flag' => 'null');
} else {
if (strlen($Message) < 2 || strlen($Subject) < 2) {
$arrs = array('flag' => 'content_is_too_short');
} else {
$setarr = array("topicid" => 0, "tagid" => intval($TagId), "eventid" => 0, "uid" => intval($userid), "username" => getstr($username, 15, 1, 1, 1), "subject" => getstr($Subject, 80, 1, 1, 1), "magiccolor" => 0, "magicegg" => 0, "lastpost" => 0, "viewnum" => 0, "replynum" => 0, "lastauthor" => getstr($username, 15, 1, 1, 1), "lastauthorid" => 0, "displayorder" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'digest' => 0, "click_11" => 0, "hot" => 0, "click_12" => 0, "click_13" => 0, "click_14" => 0, "click_15" => 0, 'fromdevice' => $FromDevice);
$tid = inserttable('thread', $setarr, 1);
$psetarr = array('tid' => intval($tid), "tagid" => intval($TagId), "uid" => intval($userid), "username" => getstr($username, 15, 1, 1, 1), "message" => getstr($Message, 5000, 1, 1, 1), "ip" => getonlineip(), 'dateline' => $_SGLOBAL['timestamp'], "isthread" => 1);
//更新群组统计
$_SGLOBAL['db']->query("UPDATE " . tname("mtag") . " SET threadnum=threadnum+1 WHERE tagid='{$Tagid}'");
//统计
updatestat('thread');
updatestat('post');
$pid = inserttable('post', $psetarr, 1);
include_once S_ROOT . './source/function_feed.php';
feed_publish($tid, 'tid', empty($_POST['tid']) ? 1 : 0, $FromDevice);
if ($tid && $pid) {
$arrs = array('flag' => 'success');
} else {
$arrs = array('flag' => 'fail');
}
}
}
$result = json_encode($arrs);
$result = preg_replace("#\\\\u([0-9a-f]+)#ie", "iconv('UCS-2BE', 'UTF-8', pack('H4', '\\1'))", $result);
echo $result;
exit;
if (empty($realname)) {
$realname = $rs['username'];
}
//调用检查函数将@后的内容进行验证,为UID对应的姓名相同则返回@与姓名,不相同则继续判断下一个@,没有找到匹配的最终将返回false
$ValidValue = getAtName($TmpString, $TmpName, $realname);
$ValidValue = trim($ValidValue);
$at_friend = "space.php?uid=" . $UserId;
if ($ValidValue != false) {
$Message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $Message);
$UserIds[] = $UserId;
}
}
}
//Add by Add by am 2013-12-07 end
$arr = array("topicid" => 0, "uid" => intval($userid), "username" => getstr($username, 15, 1, 1, 1), "subject" => getstr($Subject, 80, 1, 1, 1), "classid" => 0, "viewnum" => 0, "replynum" => 0, "hot" => 0, "picflag" => 0, "noreply" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'friend' => 1, 'click_1' => 0, 'click_2' => 0, 'click_3' => 0, 'click_4' => 0, 'click_5' => 0, 'fromdevice' => $FromDevice);
$blogid = inserttable('blog', $arr, 1);
$arr1 = array("blogid" => intval($blogid), "uid" => intval($userid), "message" => getstr($Message, 5000, 1, 1, 1), "postip" => getonlineip(), "relatedtime" => 0, "magiccolor" => 0, "magicpaper" => 0, "magiccall" => 0);
$blogfield = inserttable('blogfield', $arr1, 1);
include_once S_ROOT . './source/function_feed.php';
feed_publish($blogid, 'blogid', 0, $FromDevice);
if ($blogid) {
$arrs = array('flag' => 'success');
} else {
$arrs = array('flag' => 'fail');
}
}
}
$result = json_encode($arrs);
$result = preg_replace("#\\\\u([0-9a-f]+)#ie", "iconv('UCS-2BE', 'UTF-8', pack('H4', '\\1'))", $result);
echo $result;
exit;
function bwzt_post($POST, $olds = array())
{
global $_SGLOBAL, $_SC, $space;
//操作者角色切换
$isself = 1;
if (!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) {
$isself = 0;
$__SGLOBAL = $_SGLOBAL;
$_SGLOBAL['supe_uid'] = $olds['uid'];
$_SGLOBAL['supe_username'] = addslashes($olds['username']);
}
//标题
$POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1);
if (strlen($POST['subject']) < 1) {
$POST['subject'] = sgmdate('Y-m-d');
}
$POST['friend'] = intval($POST['friend']);
//性别
$POST['sex'] = getstr(trim($POST['sex']), 80, 1, 1, 1);
if (strlen($POST['sex']) < 1) {
$POST['sex'] = "女";
}
//年龄
$POST['age'] = intval($POST['age']);
if ($POST['age'] < 0) {
$POST['age'] = 0;
}
//隐私
$POST['target_ids'] = '';
if ($POST['friend'] == 2) {
//特定好友
$uids = array();
$names = empty($_POST['target_names']) ? array() : explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names']));
if ($names) {
$query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE username IN (" . simplode($names) . ")");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$uids[] = $value['uid'];
}
}
if (empty($uids)) {
$POST['friend'] = 3;
//仅自己可见
} else {
$POST['target_ids'] = implode(',', $uids);
}
} elseif ($POST['friend'] == 4) {
//加密
$POST['password'] = trim($POST['password']);
if ($POST['password'] == '') {
$POST['friend'] = 0;
}
//公开
}
if ($POST['friend'] !== 2) {
$POST['target_ids'] = '';
}
if ($POST['friend'] !== 4) {
$POST['password'] == '';
}
$POST['tag'] = shtmlspecialchars(trim($POST['tag']));
$POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1);
//语词屏蔽
//内容
if ($_SGLOBAL['mobile']) {
$POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1);
} else {
$POST['message'] = checkhtml($POST['message']);
$POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1);
$POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']);
}
$message = $POST['message'];
//个人分类
if (empty($olds['bwztclassid']) || $POST['bwztclassid'] != $olds['bwztclassid']) {
if (!empty($POST['bwztclassid']) && substr($POST['bwztclassid'], 0, 4) == 'new:') {
//分类名
$bwztclassname = shtmlspecialchars(trim(substr($POST['bwztclassid'], 4)));
$bwztclassname = getstr($bwztclassname, 0, 1, 1, 1);
if (empty($bwztclassname)) {
$bwztclassid = 0;
} else {
$bwztclassid = getcount('bwztclass', array('bwztclassname' => $bwztclassname, 'uid' => $_SGLOBAL['supe_uid']), 'bwztclassid');
if (empty($bwztclassid)) {
$setarr = array('bwztclassname' => $bwztclassname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']);
$bwztclassid = inserttable('bwztclass', $setarr, 1);
}
}
} else {
$bwztclassid = intval($POST['bwztclassid']);
}
} else {
$bwztclassid = $olds['bwztclassid'];
}
//new
//科室分类
//
if (empty($olds['bwztdivisionid']) || $POST['bwztdivisionid'] != $olds['bwztdivisionid']) {
if (!empty($POST['bwztdivisionid']) && substr($POST['bwztdivisionid'], 0, 4) == 'new:') {
//分类名
$bwztdivisionname = shtmlspecialchars(trim(substr($POST['bwztdivisionid'], 4)));
$bwztdivisionname = getstr($bwztdivisionname, 0, 1, 1, 1);
if (empty($bwztdivisionname)) {
$bwztdivisionid = 0;
} else {
$bwztdivisionid = getcount('bwztdivision', array('bwztdivisionname' => $bwztdivisionname, 'uid' => $_SGLOBAL['supe_uid']), 'bwztdivisionid');
if (empty($bwztdivisionid)) {
$setarr = array('bwztdivisionname' => $bwztdivisionname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']);
$bwztdivisionid = inserttable('bwztdivision', $setarr, 1);
}
}
} else {
$bwztdivisionid = intval($POST['bwztdivisionid']);
}
} else {
$bwztdivisionid = $olds['bwztdivisionid'];
}
//主表
$bwztarr = array('subject' => $POST['subject'], 'bwztclassid' => $bwztclassid, 'bwztdivisionid' => $bwztdivisionid, 'sex' => $POST['sex'], 'age' => $POST['age'], 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply']) ? 0 : 1);
//标题图片
$titlepic = '';
//获取上传的图片
$uploads = array();
if (!empty($POST['picids'])) {
$picids = array_keys($POST['picids']);
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE picid IN (" . simplode($picids) . ") AND uid='{$_SGLOBAL['supe_uid']}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
if (empty($titlepic) && $value['thumb']) {
$titlepic = $value['filepath'] . '.thumb.jpg';
$bwztarr['picflag'] = $value['remote'] ? 2 : 1;
}
$uploads[$POST['picids'][$value['picid']]] = $value;
}
if (empty($titlepic) && $value) {
$titlepic = $value['filepath'];
$bwztarr['picflag'] = $value['remote'] ? 2 : 1;
}
}
//记录图片数组
if ($uploads) {
$pics = array();
foreach ($uploads as $value) {
$picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0);
$pics[] = array('picurl' => $picurl, 'title' => $value['title']);
}
$bwztarr['pics'] = json_encode($pics);
}
//没有填写任何东西
$ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message);
if (empty($ckmessage)) {
return false;
}
//添加slashes
$message = addslashes($message);
//从内容中读取图片
if (empty($titlepic)) {
$titlepic = getmessagepic($message);
$bwztarr['picflag'] = 0;
}
$bwztarr['pic'] = $titlepic;
//热度
if (checkperm('managebwzt')) {
$bwztarr['hot'] = intval($POST['hot']);
}
if ($olds['bwztid']) {
//更新
$bwztid = $olds['bwztid'];
updatetable('bwzt', $bwztarr, array('bwztid' => $bwztid));
$fuids = array();
$bwztarr['uid'] = $olds['uid'];
$bwztarr['username'] = $olds['username'];
} else {
//参与热闹
$bwztarr['topicid'] = topic_check($POST['topicid'], 'bwzt');
$bwztarr['uid'] = $_SGLOBAL['supe_uid'];
$bwztarr['username'] = $_SGLOBAL['supe_username'];
$bwztarr['dateline'] = empty($POST['dateline']) ? $_SGLOBAL['timestamp'] : $POST['dateline'];
$bwztid = inserttable('bwzt', $bwztarr, 1);
}
$bwztarr['bwztid'] = $bwztid;
//附表
$fieldarr = array('message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids']);
//TAG
$oldtagstr = addslashes(empty($olds['tag']) ? '' : implode(' ', unserialize($olds['tag'])));
$tagarr = array();
if ($POST['tag'] != $oldtagstr) {
if (!empty($olds['tag'])) {
//先把以前的给清理掉
$oldtags = array();
$query = $_SGLOBAL['db']->query("SELECT tagid, bwztid FROM " . tname('tagbwzt') . " WHERE bwztid='{$bwztid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$oldtags[] = $value['tagid'];
}
if ($oldtags) {
$_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET bwztnum=bwztnum-1 WHERE tagid IN (" . simplode($oldtags) . ")");
$_SGLOBAL['db']->query("DELETE FROM " . tname('tagbwzt') . " WHERE bwztid='{$bwztid}'");
}
}
$tagarr = tag_batch($bwztid, $POST['tag']);
//更新附表中的tag
$fieldarr['tag'] = empty($tagarr) ? '' : addslashes(serialize($tagarr));
}
if ($olds) {
//更新
updatetable('bwztfield', $fieldarr, array('bwztid' => $bwztid));
} else {
$fieldarr['bwztid'] = $bwztid;
$fieldarr['uid'] = $bwztarr['uid'];
inserttable('bwztfield', $fieldarr);
}
//空间更新
if ($isself) {
if ($olds) {
//空间更新
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET updatetime='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'");
} else {
if (empty($space['bwztnum'])) {
$space['bwztnum'] = getcount('bwzt', array('uid' => $space['uid']));
$bwztnumsql = "bwztnum=" . $space['bwztnum'];
} else {
$bwztnumsql = 'bwztnum=bwztnum+1';
}
//积分
$reward = getreward('publishbwzt', 0);
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$bwztnumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'");
//统计
updatestat('bwzt');
}
}
//产生feed
if ($POST['makefeed']) {
include_once S_ROOT . './source/function_feed.php';
feed_publish($bwztid, 'bwztid', $olds ? 0 : 1);
}
//热闹
if (empty($olds) && $bwztarr['topicid']) {
topic_join($bwztarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']);
}
//角色切换
if (!empty($__SGLOBAL)) {
$_SGLOBAL = $__SGLOBAL;
}
return $bwztarr;
}
function blog_post($POST, $olds=array()) {
global $_G, $space;
$isself = 1;
if(!empty($olds['uid']) && $olds['uid'] != $_G['uid']) {
$isself = 0;
$__G = $_G;
$_G['uid'] = $olds['uid'];
$_G['username'] = addslashes($olds['username']);
}
$POST['subject'] = getstr(trim($POST['subject']), 80);
$POST['subject'] = censor($POST['subject']);
if(strlen($POST['subject'])<1) $POST['subject'] = dgmdate($_G['timestamp'], 'Y-m-d');
$POST['friend'] = intval($POST['friend']);
$POST['target_ids'] = '';
if($POST['friend'] == 2) {
$uids = array();
$names = empty($_POST['target_names'])?array():explode(',', preg_replace("/(\s+)/s", ',', $_POST['target_names']));
if($names) {
$uids = C::t('common_member')->fetch_all_uid_by_username($names);
}
if(empty($uids)) {
$POST['friend'] = 3;
} else {
$POST['target_ids'] = implode(',', $uids);
}
} elseif($POST['friend'] == 4) {
$POST['password'] = trim($POST['password']);
if($POST['password'] == '') $POST['friend'] = 0;
}
if($POST['friend'] !== 2) {
$POST['target_ids'] = '';
}
if($POST['friend'] !== 4) {
$POST['password'] == '';
}
$POST['tag'] = dhtmlspecialchars(trim($POST['tag']));
$POST['tag'] = getstr($POST['tag'], 500);
$POST['tag'] = censor($POST['tag']);
$POST['message'] = checkhtml($POST['message']);
if($_G['mobile']) {
$POST['message'] = getstr($POST['message'], 0, 0, 0, 1);
$POST['message'] = censor($POST['message']);
} else {
$POST['message'] = getstr($POST['message'], 0, 0, 0, 0, 1);
$POST['message'] = censor($POST['message']);
$POST['message'] = preg_replace(array(
"/\<div\>\<\/div\>/i",
"/\<a\s+href\=\"([^\>]+?)\"\>/i"
), array(
'',
'<a href="\\1" target="_blank">'
), $POST['message']);
}
$message = $POST['message'];
if(censormod($message) || censormod($POST['subject']) || $_G['group']['allowblogmod']) {
$blog_status = 1;
} else {
$blog_status = 0;
}
if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) {
if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') {
$classname = dhtmlspecialchars(trim(substr($POST['classid'], 4)));
$classname = getstr($classname);
$classname = censor($classname);
if(empty($classname)) {
$classid = 0;
} else {
$classid = C::t('home_class')->fetch_classid_by_uid_classname($_G['uid'], $classname);
if(empty($classid)) {
$setarr = array(
'classname' => $classname,
'uid' => $_G['uid'],
'dateline' => $_G['timestamp']
);
$classid = C::t('home_class')->insert($setarr, true);
}
}
} else {
$classid = intval($POST['classid']);
}
} else {
$classid = $olds['classid'];
}
if($classid && empty($classname)) {
$query = C::t('home_class')->fetch($classid);
$classname = ($query['uid'] == $_G['uid']) ? $query['classname'] : '';
if(empty($classname)) $classid = 0;
}
$blogarr = array(
'subject' => $POST['subject'],
'classid' => $classid,
'friend' => $POST['friend'],
'password' => $POST['password'],
'noreply' => empty($POST['noreply'])?0:1,
'catid' => intval($POST['catid']),
'status' => $blog_status,
);
$titlepic = '';
$uploads = array();
if(!empty($POST['picids'])) {
$picids = array_keys($POST['picids']);
$query = C::t('home_pic')->fetch_all_by_uid($_G['uid'], 0, 0, $picids);
foreach($query as $value) {
if(empty($titlepic) && $value['thumb']) {
$titlepic = getimgthumbname($value['filepath']);
$blogarr['picflag'] = $value['remote']?2:1;
}
$picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0);
$uploads[md5($picurl)] = $value;
}
if(empty($titlepic) && $value) {
$titlepic = $value['filepath'];
$blogarr['picflag'] = $value['remote']?2:1;
}
}
if($uploads) {
$albumid = 0;
if($POST['savealbumid'] < 0 && !empty($POST['newalbum'])) {
$albumname = addslashes(dhtmlspecialchars(trim($POST['newalbum'])));
if(empty($albumname)) $albumname = dgmdate($_G['timestamp'],'Ymd');
$albumarr = array('albumname' => $albumname);
$albumid = album_creat($albumarr);
} else {
$albumid = $POST['savealbumid'] < 0 ? 0 : intval($POST['savealbumid']);
}
if($albumid) {
C::t('home_pic')->update_for_uid($_G['uid'], $picids, array('albumid' => $albumid));
album_update_pic($albumid);
}
preg_match_all("/\s*\<img src=\"(.+?)\".*?\>\s*/is", $message, $mathes);
if(!empty($mathes[1])) {
foreach ($mathes[1] as $key => $value) {
$urlmd5 = md5($value);
if(!empty($uploads[$urlmd5])) {
unset($uploads[$urlmd5]);
}
}
}
foreach ($uploads as $value) {
$picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0);
$message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>";
}
}
$ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\ \;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message);
if(empty($ckmessage)) {
return false;
}
if(checkperm('manageblog')) {
$blogarr['hot'] = intval($POST['hot']);
}
if($olds['blogid']) {
if($blogarr['catid'] != $olds['catid']) {
if($olds['catid']) {
C::t('home_blog_category')->update_num_by_catid(-1, $olds['catid'], true, true);
}
if($blogarr['catid']) {
C::t('home_blog_category')->update_num_by_catid(1, $blogarr['catid']);
}
}
$blogid = $olds['blogid'];
C::t('home_blog')->update($blogid, $blogarr);
$fuids = array();
$blogarr['uid'] = $olds['uid'];
$blogarr['username'] = $olds['username'];
} else {
if($blogarr['catid']) {
C::t('home_blog_category')->update_num_by_catid(1, $blogarr['catid']);
}
$blogarr['uid'] = $_G['uid'];
$blogarr['username'] = $_G['username'];
$blogarr['dateline'] = empty($POST['dateline'])?$_G['timestamp']:$POST['dateline'];
$blogid = C::t('home_blog')->insert($blogarr, true);
C::t('common_member_status')->update($_G['uid'], array('lastpost' => $_G['timestamp']));
C::t('common_member_field_home')->update($_G['uid'], array('recentnote'=>$POST['subject']));
}
$blogarr['blogid'] = $blogid;
$class_tag = new tag();
$POST['tag'] = $olds ? $class_tag->update_field($POST['tag'], $blogid, 'blogid') : $class_tag->add_tag($POST['tag'], $blogid, 'blogid');
$fieldarr = array(
'message' => $message,
'postip' => $_G['clientip'],
'target_ids' => $POST['target_ids'],
'tag' => $POST['tag']
);
if(!empty($titlepic)) {
$fieldarr['pic'] = $titlepic;
}
if($olds) {
C::t('home_blogfield')->update($blogid, $fieldarr);
} else {
$fieldarr['blogid'] = $blogid;
$fieldarr['uid'] = $blogarr['uid'];
C::t('home_blogfield')->insert($fieldarr);
}
if($isself && !$olds && $blog_status == 0) {
updatecreditbyaction('publishblog', 0, array('blogs' => 1));
include_once libfile('function/stat');
updatestat('blog');
}
if($olds['blogid'] && $blog_status == 1) {
updatecreditbyaction('publishblog', 0, array('blogs' => -1), '', -1);
include_once libfile('function/stat');
updatestat('blog');
}
if($POST['makefeed'] && $blog_status == 0) {
include_once libfile('function/feed');
feed_publish($blogid, 'blogid', $olds?0:1);
}
if(!empty($__G)) $_G = $__G;
if($blog_status == 1) {
updatemoderate('blogid', $blogid);
manage_addnotify('verifyblog');
}
return $blogarr;
}
function hot_update($idtype, $id, $hotuser)
{
global $_G;
$hotusers = empty($hotuser) ? array() : explode(',', $hotuser);
if ($hotusers && in_array($_G['uid'], $hotusers)) {
return false;
} else {
$hotusers[] = $_G['uid'];
$hotuser = implode(',', $hotusers);
}
$newhot = count($hotusers) + 1;
if ($newhot == $_G['setting']['feedhotmin']) {
$tablename = gettablebyidtype($idtype);
$query = DB::query("SELECT uid FROM " . DB::table($tablename) . " WHERE {$idtype}='{$id}'");
$item = DB::fetch($query);
updatecreditbyaction('hotinfo', $item['uid']);
}
switch ($idtype) {
case 'blogid':
DB::query("UPDATE " . DB::table('home_blogfield') . " SET hotuser='******' WHERE blogid='{$id}'");
DB::query("UPDATE " . DB::table('home_blog') . " SET hot=hot+1 WHERE blogid='{$id}'");
break;
case 'picid':
DB::query("REPLACE INTO " . DB::table('home_picfield') . " (picid, hotuser) VALUES ('{$id}', '{$hotuser}')");
DB::query("UPDATE " . DB::table('home_pic') . " SET hot=hot+1 WHERE picid='{$id}'");
break;
case 'sid':
DB::query("UPDATE " . DB::table('home_share') . " SET hot=hot+1, hotuser='******' WHERE sid='{$id}'");
break;
default:
return false;
}
$query = DB::query("SELECT feedid, friend FROM " . DB::table('home_feed') . " WHERE id='{$id}' AND idtype='{$idtype}'");
if ($feed = DB::fetch($query)) {
if (empty($feed['friend'])) {
DB::query("UPDATE " . DB::table('home_feed') . " SET hot=hot+1 WHERE feedid='{$feed['feedid']}'");
}
} elseif ($idtype == 'picid') {
require_once libfile('function/feed');
feed_publish($id, $idtype);
}
return true;
}
}
// update user Statistics
if (empty($space['sharenum'])) {
$space['sharenum'] = getcount('share', array('uid' => $space['uid']));
$sharenumsql = "sharenum=" . $space['sharenum'];
} else {
$sharenumsql = 'sharenum=sharenum+1';
}
// points
$needle = $id ? $type . $id : '';
$reward = getreward('createshare', 0, 0, $needle);
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$sharenumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'");
//̬
if (ckprivacy('share', 1)) {
include_once S_ROOT . './source/function_feed.php';
feed_publish($sid, 'sid', 1);
}
if ($_POST['topicid']) {
topic_join($_POST['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']);
$url = 'space.php?do=topic&topicid=' . $_POST['topicid'] . '&view=share';
} else {
$url = $_POST['refer'];
}
showmessage('do_success', $url, 0);
}
//ʾ
$arr['body_data'] = serialize($arr['body_data']);
// groups ת
$arr = mkshare($arr);
realname_get();
}
function blog_post($POST, $olds = array())
{
global $_SGLOBAL, $_SC, $space;
//�����߽�ɫ�л�
$isself = 1;
if (!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) {
$isself = 0;
$__SGLOBAL = $_SGLOBAL;
$_SGLOBAL['supe_uid'] = $olds['uid'];
$_SGLOBAL['supe_username'] = addslashes($olds['username']);
}
//����
$POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1);
if (strlen($POST['subject']) < 1) {
$POST['subject'] = sgmdate('Y-m-d');
}
$POST['friend'] = intval($POST['friend']);
//��˽
$POST['target_ids'] = '';
if ($POST['friend'] == 2) {
//�ض�����
$uids = array();
$names = empty($_POST['target_names']) ? array() : explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names']));
if ($names) {
$query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE username IN (" . simplode($names) . ")");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$uids[] = $value['uid'];
}
}
if (empty($uids)) {
$POST['friend'] = 3;
//���Լ��ɼ�
} else {
$POST['target_ids'] = implode(',', $uids);
}
} elseif ($POST['friend'] == 4) {
//����
$POST['password'] = trim($POST['password']);
if ($POST['password'] == '') {
$POST['friend'] = 0;
}
//����
}
if ($POST['friend'] !== 2) {
$POST['target_ids'] = '';
}
if ($POST['friend'] !== 4) {
$POST['password'] == '';
}
$POST['tag'] = shtmlspecialchars(trim($POST['tag']));
$POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1);
//�������
//����
if ($_SGLOBAL['mobile']) {
$POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1);
} else {
$POST['message'] = checkhtml($POST['message']);
$POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1);
$POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']);
}
$message = $POST['message'];
//���˷���
if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) {
if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') {
//������
$classname = shtmlspecialchars(trim(substr($POST['classid'], 4)));
$classname = getstr($classname, 0, 1, 1, 1);
if (empty($classname)) {
$classid = 0;
} else {
$classid = getcount('class', array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid']), 'classid');
if (empty($classid)) {
$setarr = array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']);
$classid = inserttable('class', $setarr, 1);
}
}
} else {
$classid = intval($POST['classid']);
}
} else {
$classid = $olds['classid'];
}
if ($classid && empty($classname)) {
//�Ƿ����Լ���
$classname = getcount('class', array('classid' => $classid, 'uid' => $_SGLOBAL['supe_uid']), 'classname');
if (empty($classname)) {
$classid = 0;
}
}
//����
$blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply']) ? 0 : 1);
//����ͼƬ
$titlepic = '';
//��ȡ�ϴ���ͼƬ
$uploads = array();
if (!empty($POST['picids'])) {
$picids = array_keys($POST['picids']);
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE picid IN (" . simplode($picids) . ") AND uid='{$_SGLOBAL['supe_uid']}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
if (empty($titlepic) && $value['thumb']) {
$titlepic = $value['filepath'] . '.thumb.jpg';
$blogarr['picflag'] = $value['remote'] ? 2 : 1;
}
$uploads[$POST['picids'][$value['picid']]] = $value;
}
if (empty($titlepic) && $value) {
$titlepic = $value['filepath'];
$blogarr['picflag'] = $value['remote'] ? 2 : 1;
}
}
//��������
if ($uploads) {
preg_match_all("/\\<img\\s.*?\\_uchome\\_localimg\\_([0-9]+).+?src\\=\"(.+?)\"/i", $message, $mathes);
if (!empty($mathes[1])) {
$searchs = $idsearchs = array();
$replaces = array();
foreach ($mathes[1] as $key => $value) {
if (!empty($mathes[2][$key]) && !empty($uploads[$value])) {
$searchs[] = $mathes[2][$key];
$idsearchs[] = "_uchome_localimg_{$value}";
$replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0);
unset($uploads[$value]);
}
}
if ($searchs) {
$message = str_replace($searchs, $replaces, $message);
$message = str_replace($idsearchs, 'uchomelocalimg[]', $message);
}
}
//�������
foreach ($uploads as $value) {
$picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0);
$message .= "<div class=\"uchome-message-pic\"><img src=\"{$picurl}\"><p>{$value['title']}</p></div>";
}
}
//û����д�κζ���
$ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message);
if (empty($ckmessage)) {
return false;
}
//���slashes
$message = addslashes($message);
//�������ж�ȡͼƬ
if (empty($titlepic)) {
$titlepic = getmessagepic($message);
$blogarr['picflag'] = 0;
}
$blogarr['pic'] = $titlepic;
//�ȶ�
if (checkperm('manageblog')) {
$blogarr['hot'] = intval($POST['hot']);
}
//����
if ($_POST['attachid'] && $_POST['attachpath'] && $_POST['attachname'] && $_POST['attachsize']) {
$blogarr['attachid'] = $_POST['attachid'];
$blogarr['attachpath'] = $_POST['attachpath'];
$blogarr['attachname'] = $_POST['attachname'];
$blogarr['attachsize'] = $_POST['attachsize'];
}
if ($olds['blogid']) {
//����
$blogid = $olds['blogid'];
updatetable('blog', $blogarr, array('blogid' => $blogid));
$fuids = array();
$blogarr['uid'] = $olds['uid'];
$blogarr['username'] = $olds['username'];
} else {
//��������
$blogarr['topicid'] = topic_check($POST['topicid'], 'blog');
$blogarr['uid'] = $_SGLOBAL['supe_uid'];
$blogarr['username'] = $_SGLOBAL['supe_username'];
$blogarr['dateline'] = empty($POST['dateline']) ? $_SGLOBAL['timestamp'] : $POST['dateline'];
$blogid = inserttable('blog', $blogarr, 1);
}
$blogarr['blogid'] = $blogid;
//����
$fieldarr = array('message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids']);
//TAG
$oldtagstr = addslashes(empty($olds['tag']) ? '' : implode(' ', unserialize($olds['tag'])));
$tagarr = array();
if ($POST['tag'] != $oldtagstr) {
if (!empty($olds['tag'])) {
//�Ȱ���ǰ�ĸ������
$oldtags = array();
$query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$oldtags[] = $value['tagid'];
}
if ($oldtags) {
$_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET blognum=blognum-1 WHERE tagid IN (" . simplode($oldtags) . ")");
$_SGLOBAL['db']->query("DELETE FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'");
}
}
$tagarr = tag_batch($blogid, $POST['tag']);
//���¸����е�tag
$fieldarr['tag'] = empty($tagarr) ? '' : addslashes(serialize($tagarr));
}
if ($olds) {
//����
updatetable('blogfield', $fieldarr, array('blogid' => $blogid));
} else {
$fieldarr['blogid'] = $blogid;
$fieldarr['uid'] = $blogarr['uid'];
inserttable('blogfield', $fieldarr);
}
//�ռ����
if ($isself) {
if ($olds) {
//�ռ����
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET updatetime='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'");
} else {
if (empty($space['blognum'])) {
$space['blognum'] = getcount('blog', array('uid' => $space['uid']));
$blognumsql = "blognum=" . $space['blognum'];
} else {
$blognumsql = 'blognum=blognum+1';
}
//���
$reward = getreward('publishblog', 0);
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$blognumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'");
//ͳ��
updatestat('blog');
}
}
//����feed
if ($POST['makefeed']) {
include_once S_ROOT . './source/function_feed.php';
feed_publish($blogid, 'blogid', $olds ? 0 : 1);
}
//����
if (empty($olds) && $blogarr['topicid']) {
topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']);
}
//��ɫ�л�
if (!empty($__SGLOBAL)) {
$_SGLOBAL = $__SGLOBAL;
}
return $blogarr;
}
}
//添加授权记录
$apps_users_arr = array('uid' => $uid, 'appsid' => $appsid, 'clicktime' => 1);
inserttable('apps_users', $apps_users_arr, 0);
//更新应用使用人数
$app_arr['usernumber'] = $app['usernumber'] + 1;
$app_arr['clicktime'] = $app['clicktime'] + 1;
updatetable('apps', $app_arr, array('id' => $appsid));
//默认评分
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('apps_detail') . " WHERE uid={$uid} AND appsid={$appsid}");
if (!$_SGLOBAL['db']->fetch_array($query)) {
$detailarr = array('appsid' => $appsid, 'uid' => $uid, 'anonymous' => 1, 'score' => 5, 'score_easy' => 5, 'score_service' => 5, 'score_speed' => 5, 'content' => '', 'ip' => getonlineip(), 'time' => $nowtime, 'vision' => 1, 'issystem' => 1);
gradeForApp($detailarr, $app, $appsid, 0);
}
if (@(include_once S_ROOT . './source/function_feed.php')) {
feed_publish($appsid, 'appsid');
}
if ($app['category'] == 1) {
//校内应用
echo $app['url'];
exit;
} elseif ($app['category'] == 3) {
//第三方应用
if ($app['iauth_type'] == 'WSC') {
//Web Site Client 授权
$rightStr = implode(':', $_POST['api']);
$state = $_POST['state'];
$iauth_url = 'plugin.php?pluginid=apps';
try {
$iauth_url = IAUTH_auth($app['iauth_id'], $uid, $rightStr, $state);
} catch (IAuthException $e) {
$type = 'link';
$_GET['op'] = 'link';
break;
}
$arr['body_general'] = $Body;
$arr['type'] = $type;
$arr['id'] = $id;
$arr['uid'] = $userid;
$arr['username'] = $username;
$arr['dateline'] = $_SGLOBAL['timestamp'];
$arr['topicid'] = 0;
$arr['body_data'] = serialize($arr['body_data']);
//数组转化
$arr['fromdevice'] = $FromDevice;
//入库
$setarr = saddslashes($arr);
//增加转义
$sid = inserttable('share', $setarr, 1);
//统计
updatestat('share');
include_once S_ROOT . './source/function_feed.php';
feed_publish($sid, 'sid', 1, $FromDevice);
if ($sid) {
$arrs = array('flag' => 'success');
} else {
$arrs = array('flag' => 'fail');
}
$result = json_encode($arrs);
$result = preg_replace("#\\\\u([0-9a-f]{4})#ie", "iconv('UCS-2BE', 'UTF-8', pack('H4', '\\1'))", $result);
echo $result;
exit;
$q = "insert into articles (title,class,type,shortdesc,test,date,linkover,link,sourceurl,source,publish," . "enteredby,updatedby,datecreated,contact) values('" . $title . "','" . $class . "','" . $type . "','','" . $text . "','" . $d->Fields("dcdate") . "','" . $linkover . "','" . addslashes($d->Fields("link")) . "','','1','0','" . $ID . "','" . $ID . "',now(),'" . $contact . "')";
} else {
$q = "insert into articles (title,class,type,shortdesc,test,date,linkover,link,source,sourceurl,publish," . "uselink,enteredby,updatedby,datecreated) values('" . $title . "','" . $class . "','" . $type . "','" . $shortdesc . "','" . $text . "','" . $d->Fields("dcdate") . "','" . $linkover . "','" . addslashes($d->Fields("link")) . "','" . addslashes($d->Fields("ftitle")) . "','" . addslashes($d->Fields("link")) . "','1','1','" . $ID . "','" . $ID . "',now())";
}
$dbcon->execute($q) or die($dbcon->errorMsg());
feed_read($id);
}
if ($_POST[act]) {
foreach ($_POST[read] as $k => $v) {
if ($v == 1) {
feed_read($k);
}
}
foreach ($_POST[publish] as $k => $v) {
if ($v == 1) {
feed_publish($k, $_POST[type][$k], $_POST[fclass][$k]);
}
}
}
if ($_GET[feed]) {
$feedsql = " and p.feed_id = " . $_GET[feed] . " ";
}
if ($_GET[offset]) {
$offset = $_GET[offset];
} else {
$offset = 0;
}
if ($_GET[limit]) {
$limit = $_GET[limit];
} else {
$limit = 30;
$desc = $_POST['desc'];
$file = $_FILES['uploadvideo'];
if ($file) {
if (strlen($title) > 40) {
showmessage("标题过长了,请控制在20汉字以内!");
}
if (strlen($title) < 4) {
showmessage("标题过短!请在2个汉字以上20汉字以下!");
}
if (strlen($desc) > 400) {
showmessage("内容过长了,请控制在200汉字以内!");
}
if (strlen($desc) > 20) {
showmessage("内容过短,请在10个汉字以上!");
}
$title = getstr($title, 40, 1, 1, 1);
//标题为20个字
$desc = getstr($desc, 400, 1, 1, 1);
//描述为200个字
} else {
showmessage('no_file');
}
if (submitcheck('uploadflv')) {
$videosave = video_save($file, $title, $desc);
//写个上传视频的函数--上传视频
if ($videosave && is_array($videosave)) {
//--上传视频成功之后,增加feed就算大功告成了
feed_publish($videosave['id'], 'videoid');
//--发布feed
}
}
}
} elseif ($_GET['op'] == 'goto') {
$id = intval($_GET['id']);
$uid = $id ? getcount('bwzt', array('bwztid' => $id), 'uid') : 0;
showmessage('do_success', "space.php?uid={$uid}&do=bwzt&id={$id}", 0);
} elseif ($_GET['op'] == 'edithot') {
//权限
if (!checkperm('managebwzt')) {
showmessage('no_privilege');
}
if (submitcheck('hotsubmit')) {
$_POST['hot'] = intval($_POST['hot']);
updatetable('bwzt', array('hot' => $_POST['hot']), array('bwztid' => $bwzt['bwztid']));
if ($_POST['hot'] > 0) {
include_once S_ROOT . './source/function_feed.php';
feed_publish($bwzt['bwztid'], 'bwztid');
} else {
updatetable('feed', array('hot' => $_POST['hot']), array('id' => $bwzt['bwztid'], 'idtype' => 'bwztid'));
}
showmessage('do_success', "space.php?uid={$bwzt['uid']}&do=bwzt&id={$bwzt['bwztid']}", 0);
}
} else {
//添加编辑
//获取个人分类
$bwztclassarr = $bwzt['uid'] ? getbwztclassarr($bwzt['uid']) : getbwztclassarr($_SGLOBAL['supe_uid']);
//获取科室分类
$bwztdivisionarr = $bwzt['uid'] ? getbwztdivisionarr($bwzt['uid']) : getbwztdivisionarr($_SGLOBAL['supe_uid']);
//获取相册
$albums = getalbums($_SGLOBAL['supe_uid']);
$tags = empty($bwzt['tag']) ? array() : unserialize($bwzt['tag']);
$bwzt['tag'] = implode(' ', $tags);
function pick_blog_post($POST, $olds = array())
{
global $_G, $space;
$__G = $_G;
$_G['uid'] = $POST['uid'];
$_G['username'] = addslashes($POST['username']);
$POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1);
//$POST['subject'] = addslashes($POST['subject']);
if (strlen($POST['subject']) < 1) {
$POST['subject'] = dgmdate($POST['public_time'], 'Y-m-d');
}
$POST['friend'] = intval($POST['friend']);
$POST['target_ids'] = '';
if ($POST['friend'] == 2) {
$uids = array();
$names = empty($_GET['target_names']) ? array() : explode(',', preg_replace("/(\\s+)/s", ',', $_GET['target_names']));
if ($names) {
$query = DB::query("SELECT uid FROM " . DB::table('common_member') . " WHERE username IN (" . dimplode($names) . ")");
while ($value = DB::fetch($query)) {
$uids[] = $value['uid'];
}
}
if (empty($uids)) {
$POST['friend'] = 3;
} else {
$POST['target_ids'] = implode(',', $uids);
}
} elseif ($POST['friend'] == 4) {
$POST['password'] = trim($POST['password']);
if ($POST['password'] == '') {
$POST['friend'] = 0;
}
}
if ($POST['friend'] !== 2) {
$POST['target_ids'] = '';
}
if ($POST['friend'] !== 4) {
$POST['password'] == '';
}
$POST['tag'] = dhtmlspecialchars(trim($POST['article_tag']));
$POST['tag'] = getstr($POST['tag'], 500, 1, 1);
$POST['tag'] = censor($POST['tag']);
if ($_G['mobile']) {
$POST['message'] = getstr($POST['message'], 0, 1, 0, 1);
$POST['message'] = censor($POST['message']);
} else {
$POST['message'] = checkhtml($POST['message']);
$POST['message'] = getstr($POST['message'], 0, 1, 0, 0, 1);
//$POST['message'] = addslashes($POST['message']);
$POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']);
}
$message = $POST['message'];
$blog_status = 0;
if ($olds['blog_id']) {
$info = DB::fetch_first("SELECT blogid FROM " . DB::table('home_blog') . " WHERE blogid='" . $olds['blog_id'] . "'");
}
if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) {
if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') {
$classname = dhtmlspecialchars(trim(substr($POST['classid'], 4)));
$classname = getstr($classname, 0, 1, 1);
$classname = censor($classname);
if (empty($classname)) {
$classid = 0;
} else {
$classid = DB::result(DB::query("SELECT classid FROM " . DB::table('home_class') . " WHERE uid='{$_G['uid']}' AND classname='{$classname}'"));
if (empty($classid)) {
$setarr = array('classname' => $classname, 'uid' => $_G['uid'], 'dateline' => $_G['timestamp']);
$classid = DB::insert('home_class', $setarr, 1);
}
}
} else {
$classid = intval($POST['classid']);
}
} else {
$classid = $olds['classid'];
}
if ($classid && empty($classname)) {
$classname = DB::result(DB::query("SELECT classname FROM " . DB::table('home_class') . " WHERE classid='{$classid}' AND uid='{$_G['uid']}'"));
if (empty($classname)) {
$classid = 0;
}
}
$blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'viewnum' => $POST['view_num'], 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($POST['noreply']) ? 0 : 1, 'catid' => intval($POST['catid']), 'status' => $blog_status);
$titlepic = '';
$ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message);
if (empty($ckmessage)) {
return false;
}
$message = addslashes($message);
if (checkperm('manageblog')) {
$blogarr['hot'] = intval($POST['hot']);
}
if ($blogarr['catid']) {
DB::query("UPDATE " . DB::table('home_blog_category') . " SET num=num+1 WHERE catid='{$blogarr['catid']}'");
}
$blogarr['uid'] = $_G['uid'];
$blogarr['username'] = $_G['username'];
$blogarr['dateline'] = empty($POST['public_time']) ? $_G['timestamp'] : $POST['public_time'];
if ($info['blogid']) {
DB::update('home_blog', $blogarr, array('blogid' => $info['blogid']));
$blogid = $info['blogid'];
} else {
$blogid = DB::insert('home_blog', $blogarr, 1);
}
DB::update('common_member_status', array('lastpost' => $POST['public_time']), array('uid' => $_G['uid']));
DB::update('common_member_field_home', array('recentnote' => $POST['subject']), array('uid' => $_G['uid']));
$blogarr['blogid'] = $blogid;
if (function_exists('modblogtag')) {
$POST['tag'] = $olds ? modblogtag($POST['tag'], $blogid) : addblogtag($POST['tag'], $blogid);
} else {
$class_tag = new tag();
$POST['tag'] = $olds ? $class_tag->update_field($POST['tag'], $blogid, 'blogid') : $class_tag->add_tag($POST['tag'], $blogid, 'blogid');
}
$fieldarr = array('message' => $message, 'postip' => $_G['clientip'], 'target_ids' => $POST['target_ids'], 'tag' => $POST['tag']);
if (!empty($titlepic)) {
$fieldarr['pic'] = $titlepic;
}
$fieldarr['blogid'] = $blogid;
$fieldarr['uid'] = $blogarr['uid'];
if ($info['blogid']) {
DB::update('home_blogfield', $fieldarr, array('blogid' => $info['blogid']));
} else {
DB::query("UPDATE " . DB::table('common_member_count') . " SET blogs=blogs+1 WHERE uid='{$fieldarr['uid']}'");
//更新数
DB::insert('home_blogfield', $fieldarr);
}
if ($isself && !$olds && $blog_status == 0) {
updatecreditbyaction('publishblog', 0, array('blogs' => 1));
include_once libfile('function/stat');
updatestat('blog');
}
if ($POST['makefeed'] && $blog_status == 0) {
include_once libfile('function/feed');
feed_publish($blogid, 'blogid', $olds ? 0 : 1);
}
if (!empty($__G)) {
$_G = $__G;
}
if ($blog_status == 1) {
updatemoderate('blogid', $blogid);
manage_addnotify('verifyblog');
}
return $blogarr;
}
*/
include_once '../iauth_verify_forward.php';
$userid = intval(iauth_verify());
include_once '../../../common.php';
include_once S_ROOT . './uc_client/client.php';
@(include_once S_ROOT . './data/data_profield.php');
//$username = '******';
//$userid = 96 ;
$Subject = empty($_POST['subject']) ? '' : getstr($_POST['subject']);
$Message = empty($_POST['message']) ? '' : getstr($_POST['message']);
$TagId = empty($_POST['tagid']) ? 0 : intval($_POST['tagid']);
$setarr = array("topicid" => 0, "tagid" => intval($TagId), "eventid" => 0, "uid" => intval($userid), "username" => getstr($username, 15, 1, 1, 1), "subject" => getstr($Subject, 80, 1, 1, 1), "magiccolor" => 0, "magicegg" => 0, "lastpost" => 0, "viewnum" => 0, "replynum" => 0, "lastauthor" => getstr($username, 15, 1, 1, 1), "lastauthorid" => 0, "displayorder" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'digest' => 0, "click_11" => 0, "hot" => 0, "click_12" => 0, "click_13" => 0, "click_14" => 0, "click_15" => 0);
$tid = inserttable('thread', $setarr, 1);
$psetarr = array('tid' => intval($tid), "tagid" => intval($TagId), "uid" => intval($userid), "username" => getstr($username, 15, 1, 1, 1), "message" => getstr($Message, 5000, 1, 1, 1), "ip" => getonlineip(), 'dateline' => $_SGLOBAL['timestamp'], "isthread" => 1);
//更新群组统计
$_SGLOBAL['db']->query("UPDATE " . tname("mtag") . " SET threadnum=threadnum+1 WHERE tagid='{$Tagid}'");
//统计
updatestat('thread');
updatestat('post');
$pid = inserttable('post', $psetarr, 1);
include_once S_ROOT . './source/function_feed.php';
feed_publish($tid, 'tid', empty($_POST['tid']) ? 1 : 0);
if ($tid && $pid) {
$arrs = array('flag' => 'success');
} else {
$arrs = array('flag' => 'fail');
}
$result = json_encode($arrs);
$result = preg_replace("#\\\\u([0-9a-f]+)#ie", "iconv('UCS-2BE', 'UTF-8', pack('H4', '\\1'))", $result);
echo $result;
exit;
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$imgs[] = pic_get($value['filepath'], $value['thumb'], $value['remote']);
$imglinks[] = "space.php?do=event&id={$eventid}&view=pic&picid=" . $value['picid'];
}
$picnum = 0;
if ($imgs) {
$picnum = $_SGLOBAL['db']->result($_SGLOBAL['db']->query("SELECT COUNT(*) FROM " . tname("eventpic") . " WHERE eventid='{$eventid}'"), 0);
feed_add('event', cplang('event_feed_share_pic_title'), '', cplang('event_feed_share_pic_info'), array("eventid" => $eventid, "title" => $event['title'], "picnum" => $picnum), '', $imgs, $imglinks);
}
$_SGLOBAL['db']->query("UPDATE " . tname("event") . " SET picnum='{$picnum}', updatetime='{$_SGLOBAL['timestamp']}' WHERE eventid='{$eventid}'");
showmessage('do_success', 'space.php?do=event&view=pic&id=' . $eventid, 0);
} else {
//相册feed
if (ckprivacy('upload', 1)) {
include_once S_ROOT . './source/function_feed.php';
feed_publish($_POST['opalbumid'], 'albumid');
}
//单个图片feed
if ($_POST['topicid']) {
topic_join($_POST['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']);
$url = "space.php?do=topic&topicid={$_POST['topicid']}&view=pic";
} else {
$url = "space.php?uid={$_SGLOBAL['supe_uid']}&do=album&id=" . (empty($_POST['opalbumid']) ? -1 : $_POST['opalbumid']);
}
capi_showmessage_by_data('upload_images_completed', $url, 0);
}
} else {
if (!checkperm('allowupload')) {
ckspacelog();
capi_showmessage_by_data('no_privilege');
}
$isdoodle = isset($_GET['doodle']) ? true : false;
$fileurl = '';
if (!empty($_POST['uid'])) {
$_SGLOBAL['supe_uid'] = intval($_POST['uid']);
if (empty($_SGLOBAL['supe_uid']) || $_POST['hash'] != md5($_SGLOBAL['supe_uid'] . UC_KEY)) {
exit;
}
} elseif (empty($_SGLOBAL['supe_uid'])) {
showmessage('to_login', 'do.php?ac=' . $_SCONFIG['login_action']);
}
if ($op == "finish") {
$albumid = intval($_GET['albumid']);
$space = getspace($_SGLOBAL['supe_uid']);
if (ckprivacy('upload', 1)) {
include_once S_ROOT . './source/function_feed.php';
feed_publish($albumid, 'albumid');
}
exit;
} elseif ($op == 'config') {
$hash = md5($_SGLOBAL['supe_uid'] . UC_KEY);
if ($isupload && !checkperm('allowupload')) {
$hash = '';
} else {
$filearr = $dirstr = array();
//大头贴背景图
if ($iscamera) {
$directory = sreaddir(S_ROOT . './image/foreground');
foreach ($directory as $key => $value) {
$dirstr = S_ROOT . './image/foreground/' . $value;
if (is_dir($dirstr)) {
$filearr = sreaddir($dirstr, array('jpg', 'jpeg', 'gif', 'png'));
showmessage("请填写视频描述", "plugin.php?pluginid=video&ac=upload");
}
if (!$title) {
showmessage("请填写视频标题", "plugin.php?pluginid=video&ac=upload");
}
$video_detail = video_save($video, $title, $desc, $abstract);
pic_save($image, 0, $title);
$sql = "SELECT * FROM " . tname("pic") . " WHERE title='" . $title . "' order by dateline desc limit 1";
$picid = 0;
$query = $_SGLOBAL['db']->query($sql);
while ($row = $_SGLOBAL['db']->fetch_array($query)) {
$picid = $row['picid'];
}
if ($video_detail && is_array($video_detail)) {
include_once S_ROOT . './source/function_feed.php';
feed_publish($video_detail['id'], 'videoid');
}
$sql = "UPDATE " . tname("video") . " SET picid = " . $picid . " WHERE id = " . $video_detail['id'];
$_SGLOBAL['db']->query($sql);
showmessage("视频已经成功上传", "plugin.php?pluginid=video");
exit;
} elseif ($ac == 'add_view') {
$query = $_SGLOBAL['db']->query("UPDATE " . tname(video) . " SET view=view+1 WHERE id=" . $_GET['vid']);
echo "correct";
exit;
} elseif ($ac == 'view') {
$vid = $_GET['vid'];
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname(video) . " WHERE id = {$vid} ");
if ($value = $_SGLOBAL['db']->fetch_array($query)) {
$video[] = $value;
$url = $_SC['attachurl'] . $value['filepath'];
$sql = "DELETE FROM " . tname("language_user") . " WHERE uid=" . $_SGLOBAL['supe_uid'];
$_SGLOBAL['db']->query($sql);
$sql = "DELETE FROM " . tname("notification") . " WHERE uid=" . $_SGLOBAL['supe_uid'] . " and type='language_help'";
$_SGLOBAL['db']->query($sql);
$sql = "UPDATE " . tname("language_user") . " SET fuid=NULL WHERE fuid= " . $_SGLOBAL['supe_uid'];
$_SGLOBAL['db']->query($sql);
showmessage("您已取消中外语言互助", "plugin.php?pluginid=language_help&ac=request_list");
} elseif ($ac == 'cancel') {
$sql = "SELECT * FROM " . tname("language_user") . " WHERE uid=" . $_SGLOBAL['supe_uid'];
$query = $_SGLOBAL['db']->query($sql);
while ($row = $_SGLOBAL['db']->fetch_array($query)) {
$sql = "UPDATE " . tname("language_user") . " SET fuid=NULL WHERE uid=" . $row['fuid'];
$_SGLOBAL['db']->query($sql);
$sql = "UPDATE " . tname("language_user") . " SET fuid=NULL WHERE uid=" . $_SGLOBAL['supe_uid'];
$_SGLOBAL['db']->query($sql);
notification_add($row['fuid'], 'note', $_SN[$_SGLOBAL['supe_uid']] . "取消了与您的语言互助");
showmessage("取消配对成功", "plugin.php?pluginid=language_help&ac=finding");
}
} elseif ($ac == 'share') {
$sql = "SELECT * FROM " . tname("language_user") . " WHERE uid=" . $_SGLOBAL['supe_uid'];
$query = $_SGLOBAL['db']->query($sql);
while ($row = $_SGLOBAL['db']->fetch_array($query)) {
$s = '<div class="part-container"><div class="pull-left clearfix"><div class="part-avatar-container">' . avatar($_SGLOBAL['supe_uid'], 'middle') . '</div><div class="part-name"><a href="space.php?uid=' . $_SGLOBAL['supe_uid'] . '">' . getUsername($_SGLOBAL['supe_uid'], $_SGLOBAL['db']) . '</a></div></div><div class="pull-right clearfix"><div class="part-avatar-container">' . avatar($row['fuid'], 'middle') . '</div><div class="part-name"><a href="space.php?uid=' . $row['fuid'] . '">' . getUsername($row['fuid'], $_SGLOBAL['db']) . '</a></div></div></div>';
$arr = array("type" => "doing", "uid" => $row['uid'], "username" => $_SGLOBAL['supe_username'], "dateline" => time(), "id" => 0, "title_template" => getUsername($row['uid'], $_SGLOBAL['db']) . "与" . getUsername($row['fuid'], $_SGLOBAL['db']) . "达成语言互助关系", "body_template" => $s, "body_data" => "", "body_general" => "", "image" => "", "image_link" => "", "hot" => 0, "hotuser" => "", "fromdevice" => "");
$setarr = saddslashes($arr);
$sid = inserttable("share", $setarr, 1);
require_once 'source/function_feed.php';
feed_publish($sid, 'sid', 0, '');
}
showmessage("动态已成功分享", 'index.php');
}
$days[$d]['class'] = "on_select";
}
}
//URL
$url = $_GET['url'] ? preg_replace("/date=[\\d\\-]+/", '', $_GET['url']) : "space.php?do=event";
} elseif ($_GET['op'] == 'edithot') {
// Permissions
if (!checkperm('manageevent')) {
showmessage('no_privilege');
}
if (submitcheck('hotsubmit')) {
$_POST['hot'] = intval($_POST['hot']);
updatetable('event', array('hot' => $_POST['hot']), array('eventid' => $eventid));
if ($_POST['hot'] > 0) {
include_once S_ROOT . './source/function_feed.php';
feed_publish($eventid, 'eventid');
} else {
updatetable('feed', array('hot' => $_POST['hot']), array('id' => $eventid, 'idtype' => 'eventid'));
}
showmessage('do_success', "space.php?uid={$event['uid']}&do=event&id={$eventid}", 0);
}
} elseif ($op == 'edit') {
// edit or Create a new activity
if ($eventid) {
// Check permissions
if (!$allowmanage) {
showmessage("no_privilege_edit_event");
}
} else {
//Check user group Permissions for add events
if (!checkperm("allowevent")) {
function blog_post($POST, $olds = array())
{
global $_G, $space;
$isself = 1;
if (!empty($olds['uid']) && $olds['uid'] != $_G['uid']) {
$isself = 0;
$__G = $_G;
$_G['uid'] = $olds['uid'];
$_G['username'] = addslashes($olds['username']);
}
$POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1);
$POST['subject'] = censor($POST['subject']);
if (strlen($POST['subject']) < 1) {
$POST['subject'] = dgmdate($_G['timestamp'], 'Y-m-d');
}
$POST['friend'] = intval($POST['friend']);
$POST['target_ids'] = '';
if ($POST['friend'] == 2) {
$uids = array();
$names = empty($_POST['target_names']) ? array() : explode(',', preg_replace("/(\\s+)/s", ',', $_POST['target_names']));
if ($names) {
$query = DB::query("SELECT uid FROM " . DB::table('common_member') . " WHERE username IN (" . dimplode($names) . ")");
while ($value = DB::fetch($query)) {
$uids[] = $value['uid'];
}
}
if (empty($uids)) {
$POST['friend'] = 3;
} else {
$POST['target_ids'] = implode(',', $uids);
}
} elseif ($POST['friend'] == 4) {
$POST['password'] = trim($POST['password']);
if ($POST['password'] == '') {
$POST['friend'] = 0;
}
}
if ($POST['friend'] !== 2) {
$POST['target_ids'] = '';
}
if ($POST['friend'] !== 4) {
$POST['password'] == '';
}
$POST['tag'] = dhtmlspecialchars(trim($POST['tag']));
$POST['tag'] = getstr($POST['tag'], 500, 1, 1);
$POST['tag'] = censor($POST['tag']);
if ($_G['mobile']) {
$POST['message'] = getstr($POST['message'], 0, 1, 0, 1);
$POST['message'] = censor($POST['message']);
} else {
$POST['message'] = checkhtml($POST['message']);
$POST['message'] = getstr($POST['message'], 0, 1, 0, 0, 1);
$POST['message'] = censor($POST['message']);
$POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']);
}
$message = $POST['message'];
if (censormod($message) || censormod($POST['subject']) || $_G['group']['allowblogmod']) {
$blog_status = 1;
} else {
$blog_status = 0;
}
if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) {
if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') {
$classname = dhtmlspecialchars(trim(substr($POST['classid'], 4)));
$classname = getstr($classname, 0, 1, 1);
$classname = censor($classname);
if (empty($classname)) {
$classid = 0;
} else {
$classid = DB::result(DB::query("SELECT classid FROM " . DB::table('home_class') . " WHERE uid='{$_G['uid']}' AND classname='{$classname}'"));
if (empty($classid)) {
$setarr = array('classname' => $classname, 'uid' => $_G['uid'], 'dateline' => $_G['timestamp']);
$classid = DB::insert('home_class', $setarr, 1);
}
}
} else {
$classid = intval($POST['classid']);
}
} else {
$classid = $olds['classid'];
}
if ($classid && empty($classname)) {
$classname = DB::result(DB::query("SELECT classname FROM " . DB::table('home_class') . " WHERE classid='{$classid}' AND uid='{$_G['uid']}'"));
if (empty($classname)) {
$classid = 0;
}
}
$blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($POST['noreply']) ? 0 : 1, 'catid' => intval($POST['catid']), 'status' => $blog_status);
$titlepic = '';
$uploads = array();
if (!empty($POST['picids'])) {
$picids = array_keys($POST['picids']);
$query = DB::query("SELECT * FROM " . DB::table('home_pic') . " WHERE picid IN (" . dimplode($picids) . ") AND uid='{$_G['uid']}'");
while ($value = DB::fetch($query)) {
if (empty($titlepic) && $value['thumb']) {
$titlepic = $value['filepath'] . '.thumb.jpg';
$blogarr['picflag'] = $value['remote'] ? 2 : 1;
}
$uploads[$POST['picids'][$value['picid']]] = $value;
}
if (empty($titlepic) && $value) {
$titlepic = $value['filepath'];
$blogarr['picflag'] = $value['remote'] ? 2 : 1;
}
}
if ($uploads) {
preg_match_all("/\\[imgid\\=(\\d+)\\]/i", $message, $mathes);
if (!empty($mathes[1])) {
$searchs = $replaces = array();
foreach ($mathes[1] as $key => $value) {
if (!empty($uploads[$value])) {
$picurl = pic_get($uploads[$value]['filepath'], 'album', $uploads[$value]['thumb'], $uploads[$value]['remote'], 0);
$searchs[] = "[imgid={$value}]";
$replaces[] = "<img src=\"{$picurl}\">";
unset($uploads[$value]);
}
}
if ($searchs) {
$message = str_replace($searchs, $replaces, $message);
}
}
foreach ($uploads as $value) {
$picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0);
$message .= "<div class=\"uchome-message-pic\"><img src=\"{$picurl}\"><p>{$value['title']}</p></div>";
}
}
$ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message);
if (empty($ckmessage)) {
return false;
}
$message = addslashes($message);
if (empty($titlepic) && empty($olds)) {
$titlepic = getmessagepic($message);
$blogarr['picflag'] = 0;
}
if (checkperm('manageblog')) {
$blogarr['hot'] = intval($POST['hot']);
}
if ($olds['blogid']) {
if ($blogarr['catid'] != $olds['catid']) {
if ($olds['catid']) {
DB::query("UPDATE " . DB::table('home_blog_category') . " SET num=num-1 WHERE catid='{$olds['catid']}' AND num>0");
}
if ($blogarr['catid']) {
DB::query("UPDATE " . DB::table('home_blog_category') . " SET num=num+1 WHERE catid='{$blogarr['catid']}'");
}
}
$blogid = $olds['blogid'];
DB::update('home_blog', $blogarr, array('blogid' => $blogid));
$fuids = array();
$blogarr['uid'] = $olds['uid'];
$blogarr['username'] = $olds['username'];
} else {
if ($blogarr['catid']) {
DB::query("UPDATE " . DB::table('home_blog_category') . " SET num=num+1 WHERE catid='{$blogarr['catid']}'");
}
$blogarr['uid'] = $_G['uid'];
$blogarr['username'] = $_G['username'];
$blogarr['dateline'] = empty($POST['dateline']) ? $_G['timestamp'] : $POST['dateline'];
$blogid = DB::insert('home_blog', $blogarr, 1);
DB::update('common_member_status', array('lastpost' => $_G['timestamp']), array('uid' => $_G['uid']));
DB::update('common_member_field_home', array('recentnote' => $POST['subject']), array('uid' => $_G['uid']));
}
$blogarr['blogid'] = $blogid;
$fieldarr = array('message' => $message, 'postip' => $_G['clientip'], 'target_ids' => $POST['target_ids'], 'tag' => $POST['tag']);
if (!empty($titlepic)) {
$fieldarr['pic'] = $titlepic;
}
if ($olds) {
DB::update('home_blogfield', $fieldarr, array('blogid' => $blogid));
} else {
$fieldarr['blogid'] = $blogid;
$fieldarr['uid'] = $blogarr['uid'];
DB::insert('home_blogfield', $fieldarr);
}
if ($isself && !$olds && $blog_status == 0) {
updatecreditbyaction('publishblog', 0, array('blogs' => 1));
include_once libfile('function/stat');
updatestat('blog');
}
if ($POST['makefeed'] && $blog_status == 0) {
include_once libfile('function/feed');
feed_publish($blogid, 'blogid', $olds ? 0 : 1);
}
if (!empty($__G)) {
$_G = $__G;
}
return $blogarr;
}
function blog_post($POST, $olds=array()) {
global $_SGLOBAL, $_SC, $space;
//操作者角色切换
$isself = 1;
if(!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) {
$isself = 0;
$__SGLOBAL = $_SGLOBAL;
$_SGLOBAL['supe_uid'] = $olds['uid'];
$_SGLOBAL['supe_username'] = addslashes($olds['username']);
}
//标题
$POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1);
if(strlen($POST['subject'])<1) $POST['subject'] = sgmdate('Y-m-d');
$POST['friend'] = intval($POST['friend']);
//隐私
$POST['target_ids'] = '';
if($POST['friend'] == 2) {
//特定好友
$uids = array();
$names = empty($_POST['target_names'])?array():explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names']));
if($names) {
$query = $_SGLOBAL['db']->query("SELECT uid FROM ".tname('space')." WHERE username IN (".simplode($names).")");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$uids[] = $value['uid'];
}
}
if(empty($uids)) {
$POST['friend'] = 3;//仅自己可见
} else {
$POST['target_ids'] = implode(',', $uids);
}
} elseif($POST['friend'] == 4) {
//加密
$POST['password'] = trim($POST['password']);
if($POST['password'] == '') $POST['friend'] = 0;//公开
}
if($POST['friend'] !== 2) {
$POST['target_ids'] = '';
}
if($POST['friend'] !== 4) {
$POST['password'] == '';
}
$POST['tag'] = shtmlspecialchars(trim($POST['tag']));
$POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //语词屏蔽
//内容
if($_SGLOBAL['mobile']) {
$POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1);
} else {
$POST['message'] = checkhtml($POST['message']);
$POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1);
$POST['message'] = preg_replace(array(
"/\<div\>\<\/div\>/i",
"/\<a\s+href\=\"([^\>]+?)\"\>/i"
), array(
'',
'<a href="\\1" target="_blank">'
), $POST['message']);
}
$message = $POST['message'];
//个人分类
if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) {
if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') {
//分类名
$classname = shtmlspecialchars(trim(substr($POST['classid'], 4)));
$classname = getstr($classname, 0, 1, 1, 1);
if(empty($classname)) {
$classid = 0;
} else {
$classid = getcount('class', array('classname'=>$classname, 'uid'=>$_SGLOBAL['supe_uid']), 'classid');
if(empty($classid)) {
$setarr = array(
'classname' => $classname,
'uid' => $_SGLOBAL['supe_uid'],
'dateline' => $_SGLOBAL['timestamp']
);
$classid = inserttable('class', $setarr, 1);
}
}
} else {
$classid = intval($POST['classid']);
}
} else {
$classid = $olds['classid'];
}
if($classid && empty($classname)) {
//是否是自己的
$classname = getcount('class', array('classid'=>$classid, 'uid'=>$_SGLOBAL['supe_uid']), 'classname');
if(empty($classname)) $classid = 0;
}
//主表
$blogarr = array(
'subject' => $POST['subject'],
'classid' => $classid,
'friend' => $POST['friend'],
'password' => $POST['password'],
'noreply' => empty($_POST['noreply'])?0:1
);
//标题图片
$titlepic = '';
//获取上传的图片
$uploads = array();
if(!empty($POST['picids'])) {
$picids = array_keys($POST['picids']);
$query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('pic')." WHERE picid IN (".simplode($picids).") AND uid='$_SGLOBAL[supe_uid]'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
if(empty($titlepic) && $value['thumb']) {
$titlepic = $value['filepath'].'.thumb.jpg';
$blogarr['picflag'] = $value['remote']?2:1;
}
$uploads[$POST['picids'][$value['picid']]] = $value;
}
if(empty($titlepic) && $value) {
$titlepic = $value['filepath'];
$blogarr['picflag'] = $value['remote']?2:1;
}
}
//插入文章
if($uploads) {
preg_match_all("/\<img\s.*?\_uchome\_localimg\_([0-9]+).+?src\=\"(.+?)\"/i", $message, $mathes);
if(!empty($mathes[1])) {
$searchs = $idsearchs = array();
$replaces = array();
foreach ($mathes[1] as $key => $value) {
if(!empty($mathes[2][$key]) && !empty($uploads[$value])) {
$searchs[] = $mathes[2][$key];
$idsearchs[] = "_uchome_localimg_$value";
$replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0);
unset($uploads[$value]);
}
}
if($searchs) {
$message = str_replace($searchs, $replaces, $message);
$message = str_replace($idsearchs, 'uchomelocalimg[]', $message);
}
}
//未插入文章
foreach ($uploads as $value) {
$picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0);
$message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>";
}
}
//没有填写任何东西
$ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\ \;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message);
if(empty($ckmessage)) {
return false;
}
//添加slashes
$message = addslashes($message);
//从内容中读取图片
if(empty($titlepic)) {
$titlepic = getmessagepic($message);
$blogarr['picflag'] = 0;
}
$blogarr['pic'] = $titlepic;
//热度
if(checkperm('manageblog')) {
$blogarr['hot'] = intval($POST['hot']);
}
if($olds['blogid']) {
//更新
$blogid = $olds['blogid'];
updatetable('blog', $blogarr, array('blogid'=>$blogid));
$fuids = array();
$blogarr['uid'] = $olds['uid'];
$blogarr['username'] = $olds['username'];
} else {
//参与热闹
$blogarr['topicid'] = topic_check($POST['topicid'], 'blog');
$blogarr['uid'] = $_SGLOBAL['supe_uid'];
$blogarr['username'] = $_SGLOBAL['supe_username'];
$blogarr['dateline'] = empty($POST['dateline'])?$_SGLOBAL['timestamp']:$POST['dateline'];
$blogid = inserttable('blog', $blogarr, 1);
}
$blogarr['blogid'] = $blogid;
//附表
$fieldarr = array(
'message' => $message,
'postip' => getonlineip(),
'target_ids' => $POST['target_ids']
);
//TAG
$oldtagstr = addslashes(empty($olds['tag'])?'':implode(' ', unserialize($olds['tag'])));
$tagarr = array();
if($POST['tag'] != $oldtagstr) {
if(!empty($olds['tag'])) {
//先把以前的给清理掉
$oldtags = array();
$query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM ".tname('tagblog')." WHERE blogid='$blogid'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$oldtags[] = $value['tagid'];
}
if($oldtags) {
$_SGLOBAL['db']->query("UPDATE ".tname('tag')." SET blognum=blognum-1 WHERE tagid IN (".simplode($oldtags).")");
$_SGLOBAL['db']->query("DELETE FROM ".tname('tagblog')." WHERE blogid='$blogid'");
}
}
$tagarr = tag_batch($blogid, $POST['tag']);
//更新附表中的tag
$fieldarr['tag'] = empty($tagarr)?'':addslashes(serialize($tagarr));
}
if($olds) {
//更新
updatetable('blogfield', $fieldarr, array('blogid'=>$blogid));
} else {
$fieldarr['blogid'] = $blogid;
$fieldarr['uid'] = $blogarr['uid'];
inserttable('blogfield', $fieldarr);
}
//空间更新
if($isself) {
if($olds) {
//空间更新
$_SGLOBAL['db']->query("UPDATE ".tname('space')." SET updatetime='$_SGLOBAL[timestamp]' WHERE uid='$_SGLOBAL[supe_uid]'");
} else {
if(empty($space['blognum'])) {
$space['blognum'] = getcount('blog', array('uid'=>$space['uid']));
$blognumsql = "blognum=".$space['blognum'];
} else {
$blognumsql = 'blognum=blognum+1';
}
//积分
$reward = getreward('publishblog', 0);
$_SGLOBAL['db']->query("UPDATE ".tname('space')." SET {$blognumsql}, lastpost='$_SGLOBAL[timestamp]', updatetime='$_SGLOBAL[timestamp]', credit=credit+$reward[credit], experience=experience+$reward[experience] WHERE uid='$_SGLOBAL[supe_uid]'");
//统计
updatestat('blog');
}
}
//产生feed
if($POST['makefeed']) {
include_once(S_ROOT.'./source/function_feed.php');
feed_publish($blogid, 'blogid', $olds?0:1);
}
//热闹
if(empty($olds) && $blogarr['topicid']) {
topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']);
}
//角色切换
if(!empty($__SGLOBAL)) $_SGLOBAL = $__SGLOBAL;
return $blogarr;
}
<?php
/*
do_addblog.php发布日志
Add by am@ihome.2012-10-17 10:34
*/
include_once '../iauth_verify_forward.php';
$userid = intval(iauth_verify());
include_once '../../../common.php';
include_once S_ROOT . './uc_client/client.php';
include_once S_ROOT . './data/data_profield.php';
$Subject = getstr($_POST['subject']);
$Message = substr($_POST['message'], 0, 20000);
//$userid = 96 ;
//$username = '******';
$arr = array("topicid" => 0, "uid" => intval($userid), "username" => getstr($username, 15, 1, 1, 1), "subject" => getstr($Subject, 80, 1, 1, 1), "classid" => 0, "viewnum" => 0, "replynum" => 0, "hot" => 0, "picflag" => 0, "noreply" => 0, 'dateline' => $_SGLOBAL['timestamp'], 'friend' => 0, 'click_1' => 0, 'click_2' => 0, 'click_3' => 0, 'click_4' => 0, 'click_5' => 0);
$blogid = inserttable('blog', $arr, 1);
$arr1 = array("blogid" => intval($blogid), "uid" => intval($userid), "message" => $Message, "postip" => getonlineip(), "relatedtime" => 0, "magiccolor" => 0, "magicpaper" => 0, "magiccall" => 0);
$blogfield = inserttable('blogfield', $arr1, 1);
include_once S_ROOT . './source/function_feed.php';
feed_publish($blogid, 'blogid');
if ($blogid) {
$arrs = array('flag' => 'success', 'blogid' => $blogid);
} else {
$arrs = array('flag' => 'fail');
}
$result = json_encode($arrs);
$result = preg_replace("#\\\\u([0-9a-f]+)#ie", "iconv('UCS-2BE', 'UTF-8', pack('H4', '\\1'))", $result);
echo $result;
exit;
if (!checkperm('managealbum') && $pic['uid'] != $_G['uid']) {
$pic = array();
}
} elseif ($_GET['op'] == 'edithot') {
if (!checkperm('managealbum')) {
showmessage('no_privilege_edithot_album');
}
if (!($pic = C::t('home_pic')->fetch($picid))) {
showmessage('image_does_not_exist');
}
if (submitcheck('hotsubmit')) {
$_POST['hot'] = intval($_POST['hot']);
C::t('home_pic')->update($picid, array('hot' => $_POST['hot']));
if ($_POST['hot'] > 0) {
require_once libfile('function/feed');
feed_publish($picid, 'picid');
} else {
C::t('home_feed')->update($picid, array('hot' => $_POST['hot']), 'picid');
}
showmessage('do_success', dreferer());
}
} elseif ($_GET['op'] == 'saveforumphoto') {
if (submitcheck('savephotosubmit')) {
$aid = intval($_GET['aid']);
$albumid = intval($_POST['albumid']);
if (!$aid) {
showmessage('parameters_error');
}
$attach = C::t('forum_attachment_n')->fetch('aid:' . $aid, $aid);
if (empty($attach) || $attach['uid'] != $_G['uid'] || !$attach['isimage']) {
showmessage('parameters_error');
} elseif ($_GET['op'] == 'edithot') {
//权限
if (!checkperm('managethread')) {
showmessage('no_privilege');
}
$tid = intval($_GET['tid']);
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('thread') . " WHERE tid='{$tid}'");
if (!($thread = $_SGLOBAL['db']->fetch_array($query))) {
showmessage('no_privilege');
}
if (submitcheck('hotsubmit')) {
$_POST['hot'] = intval($_POST['hot']);
updatetable('thread', array('hot' => $_POST['hot']), array('tid' => $tid));
if ($_POST['hot'] > 0) {
include_once S_ROOT . './source/function_feed.php';
feed_publish($tid, 'tid');
} else {
updatetable('feed', array('hot' => $_POST['hot']), array('id' => $tid, 'idtype' => 'tid'));
}
showmessage('do_success', "space.php?uid={$thread['uid']}&do=thread&id={$tid}", 0);
}
} elseif ($_GET['op'] == 'toggle') {
// 切换反馈的处理状态
if ($_SGLOBAL[supe_uid] != 3 && $_SGLOBAL[supe_uid] != 665) {
showmessage('no_privilege');
} else {
$query = $_SGLOBAL['db']->query("UPDATE " . tname('thread') . " SET solved=1-solved WHERE tid='{$tid}'");
$uid = $_GET['uid'];
$tid = $_GET['tid'];
$url = "space.php?uid={$uid}&do=thread&id={$tid}";
showmessage('do_success', $url, 1);
}
} elseif ($_GET['op'] == 'goto') {
$id = intval($_GET['id']);
$uid = $id ? getcount('blog', array('blogid' => $id), 'uid') : 0;
showmessage('do_success', "space.php?uid={$uid}&do=blog&id={$id}", 0);
} elseif ($_GET['op'] == 'edithot') {
//权限
if (!checkperm('manageblog')) {
showmessage('no_privilege');
}
if (submitcheck('hotsubmit')) {
$_POST['hot'] = intval($_POST['hot']);
updatetable('blog', array('hot' => $_POST['hot']), array('blogid' => $blog['blogid']));
if ($_POST['hot'] > 0) {
include_once S_ROOT . './source/function_feed.php';
feed_publish($blog['blogid'], 'blogid');
} else {
updatetable('feed', array('hot' => $_POST['hot']), array('id' => $blog['blogid'], 'idtype' => 'blogid'));
}
showmessage('do_success', "space.php?uid={$blog['uid']}&do=blog&id={$blog['blogid']}", 0);
}
} else {
//添加编辑
//获取个人分类
$classarr = $blog['uid'] ? getclassarr($blog['uid']) : getclassarr($_SGLOBAL['supe_uid']);
//获取相册
$albums = getalbums($_SGLOBAL['supe_uid']);
$tags = empty($blog['tag']) ? array() : unserialize($blog['tag']);
$blog['tag'] = implode(' ', $tags);
$blog['target_names'] = '';
$friendarr = array($blog['friend'] => ' selected');
function hot_update($idtype, $id, $hotuser)
{
global $_G;
$hotusers = empty($hotuser) ? array() : explode(',', $hotuser);
if ($hotusers && in_array($_G['uid'], $hotusers)) {
return false;
} else {
$hotusers[] = $_G['uid'];
$hotuser = implode(',', $hotusers);
}
$hotuser = daddslashes($hotuser);
$newhot = count($hotusers) + 1;
if ($newhot == $_G['setting']['feedhotmin']) {
$tablename = gettablebyidtype($idtype);
if ($tablename) {
$item = C::t($tablename)->fetch_by_id_idtype($id);
$itemuid = $item['uid'];
updatecreditbyaction('hotinfo', $itemuid);
}
}
switch ($idtype) {
case 'blogid':
C::t('home_blogfield')->update($id, array('hotuser' => $hotuser));
C::t('home_blog')->increase($id, 0, array('hot' => 1));
break;
case 'picid':
C::t('home_picfield')->insert(array('picid' => $id, 'hotuser' => $hotuser), 0, 1);
C::t('home_pic')->update_hot($id);
break;
case 'sid':
C::t('home_share')->update_hot_by_sid($id, $hotuser);
break;
default:
return false;
}
if ($feed = C::t('home_feed')->fetch($id, $idtype)) {
if (empty($feed['friend'])) {
C::t('home_feed')->update_hot_by_feedid($feed['feedid'], 1);
}
} elseif ($idtype == 'picid') {
require_once libfile('function/feed');
feed_publish($id, $idtype);
}
return true;
}
function hot_update($idtype, $id, $hotuser) {
global $_SGLOBAL, $_SCONFIG;
$hotusers = empty($hotuser)?array():explode(',', $hotuser);
if($hotusers && in_array($_SGLOBAL['supe_uid'], $hotusers)) {
return false;//已经参与
} else {
$hotusers[] = $_SGLOBAL['supe_uid'];
$hotuser = implode(',', $hotusers);
}
$newhot = count($hotusers)+1;
if($newhot == $_SCONFIG['feedhotmin']) {
//奖励
$tablename = gettablebyidtype($idtype);
$query = $_SGLOBAL['db']->query("SELECT uid FROM ".tname($tablename)." WHERE $idtype='$id'");
$item = $_SGLOBAL['db']->fetch_array($query);
getreward('hotinfo', 1, $item['uid'], '', 0);
}
switch ($idtype) {
case 'blogid':
$_SGLOBAL['db']->query("UPDATE ".tname('blogfield')." SET hotuser='******' WHERE blogid='$id'");
$_SGLOBAL['db']->query("UPDATE ".tname('blog')." SET hot=hot+1 WHERE blogid='$id'");
break;
case 'tid':
$_SGLOBAL['db']->query("UPDATE ".tname('post')." SET hotuser='******' WHERE tid='$id' AND isthread='1'");
$_SGLOBAL['db']->query("UPDATE ".tname('thread')." SET hot=hot+1 WHERE tid='$id'");
break;
case 'picid':
$_SGLOBAL['db']->query("REPLACE INTO ".tname('picfield')." (picid, hotuser) VALUES ('$id', '$hotuser')");
$_SGLOBAL['db']->query("UPDATE ".tname('pic')." SET hot=hot+1 WHERE picid='$id'");
break;
case 'eventid':
$_SGLOBAL['db']->query("UPDATE ".tname('eventfield')." SET hotuser='******' WHERE eventid='$id'");
$_SGLOBAL['db']->query("UPDATE ".tname('event')." SET hot=hot+1 WHERE eventid='$id'");
break;
case 'sid':
$_SGLOBAL['db']->query("UPDATE ".tname('share')." SET hot=hot+1, hotuser='******' WHERE sid='$id'");
break;
case 'pid':
$_SGLOBAL['db']->query("UPDATE ".tname('pollfield')." SET hotuser='******' WHERE pid='$id'");
$_SGLOBAL['db']->query("UPDATE ".tname('poll')." SET hot=hot+1 WHERE pid='$id'");
break;
default:
return false;//其他类型不支持
}
//feed热度
$query = $_SGLOBAL['db']->query("SELECT feedid, friend FROM ".tname('feed')." WHERE id='$id' AND idtype='$idtype'");
if($feed = $_SGLOBAL['db']->fetch_array($query)) {
if(empty($feed['friend'])) {//隐私
$_SGLOBAL['db']->query("UPDATE ".tname('feed')." SET hot=hot+1 WHERE feedid='$feed[feedid]'");
}
} elseif($idtype == 'picid') {
//图片
include_once(S_ROOT.'./source/function_feed.php');
feed_publish($id, $idtype);
}
return true;
}
$arrangement = $_SGLOBAL['db']->fetch_array($query);
if (empty($arrangement)) {
$query = $_SGLOBAL['db']->query("SELECT * from " . tname('unCheckArrangement') . " WHERE arrangementid='{$arrangementid}'");
$arrangement = $_SGLOBAL['db']->fetch_array($query);
}
}
if ($op == 'allow') {
$arrangementid = $_GET['arrangementid'];
$query = $_SGLOBAL['db']->query("SELECT * FROM ihome_unCheckArrangement where arrangementid='{$arrangementid}'");
$value = $_SGLOBAL['db']->fetch_array($query);
// unset($value['arrangemntid']);
$_SGLOBAL['db']->query("DELETE FROM ihome_unCheckArrangement where arrangementid='{$arrangementid}'");
include_once S_ROOT . './source/function_blog.php';
if ($newarrangementid = inserttable('arrangement', $value, 1)) {
include_once S_ROOT . './source/function_feed.php';
feed_publish($newarrangementid, 'arrangementid', 1);
$note = cplang('note_allow_arrangement', array('space.php?uid=' . $value['uid'] . '&do=arrangement&id=' . $newarrangementid, $value['subject']));
notification_add($value['uid'], 'systemnote', $note);
header("newid:" . $arrangementid);
exit;
}
}
if ($op == 'deny') {
$arrangementid = $_GET['arrangementid'];
$query = $_SGLOBAL['db']->query("SELECT * FROM ihome_arrangement where arrangementid='{$arrangementid}'");
$value = $_SGLOBAL['db']->fetch_array($query);
// $arrangement['subject'] = empty($_value['subject'])?'':getstr($_value['subject'], 80, 1, 0);
// $arrangement['message'] = empty($_value['message'])?'':getstr($_value['message'], 5000, 1, 0);
// unset($value['arrangemntid']);
$_SGLOBAL['db']->query("DELETE FROM ihome_arrangement where arrangementid='{$arrangementid}'");
$_SGLOBAL['db']->query("DELETE FROM ihome_feed where id='{$arrangementid}' and idtype='arrangementid'");
