$DB->unbuffered_query("UPDATE {$db_prefix}statistics SET comment_count=comment_count-1");
}
$DB->unbuffered_query("DELETE FROM {$db_prefix}comments WHERE commentid='{$commentid}'");
newcomments_recache();
statistics_recache();
$location = getlink('comment', 'list', array('message' => 2));
}
header("Location: {$location}");
exit;
}
// 修改评论
if ($action == 'domod') {
$author = trim($_POST['author']);
$url = trim($_POST['url']);
$email = trim($_POST['email']);
if (!$author || getstrlen($author) > 30) {
$location = getlink('comment', 'mod', array('message' => 3, 'commentid' => $commentid));
}
$name_key = array("\\", '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#', '$', '(', ')', '%', '@', '+', '?', ';', '^');
foreach ($name_key as $value) {
if (strpos($author, $value) !== false) {
$location = getlink('comment', 'mod', array('message' => 4, 'commentid' => $commentid));
break;
}
}
$author = char_cv($author);
if (!isemail($email)) {
$location = getlink('comment', 'mod', array('message' => 5, 'commentid' => $commentid));
}
if ($url) {
if (!preg_match("#^(http|news|https|ftp|ed2k|rtsp|mms)://#", $url)) {
if (substr($keywords, -1) == ',') {
$keywords = substr($keywords, 0, getstrlen($keywords) - 1);
}
$v = explode(',', $keywords);
$v_num = count($v);
if ($v_num > 10) {
wap_message('关键字不能超过10个', array('title' => '重新发表', 'link' => 'index.php?action=addarticle'));
} else {
for ($i = 0; $i < $v_num; $i++) {
if (getstrlen($v[$i]) > 30) {
wap_message('每个关键字不能超过30个字符', array('title' => '重新发表', 'link' => 'index.php?action=addarticle'));
}
}
}
}
if ($title == '' || getstrlen($title) > 120) {
wap_message('标题不能为空并且不能多于120个字节', array('title' => '重新发表', 'link' => 'index.php?action=addarticle'));
}
if (!$mids) {
wap_message('你还没有选择分类', array('title' => '重新发表', 'link' => 'index.php?action=addarticle'));
}
if (!$content) {
wap_message('内容不能为空', array('title' => '重新发表', 'link' => 'index.php?action=addarticle'));
}
$title = char_cv($title);
$r = $DB->result($DB->query("SELECT COUNT(articleid) FROM {$db_prefix}articles WHERE title='{$title}'"), 0);
if ($r) {
wap_message('数据库中已存在一样的标题了,建议您换一个', array('title' => '重新发表', 'link' => 'index.php?action=addarticle'));
}
// 插入数据部分
$DB->query("INSERT INTO {$db_prefix}articles (uid, title, content, dateline) VALUES ('{$sax_uid}', '{$title}', '{$content} <br /><br /><span style=\"font-weight:bold;color:#4685C4;background-color:#E9F1F8;\">自 WAP 发表</span>', '{$timestamp}')");
$adminitem = array('main' => array('name' => '首页', 'start' => 1), 'article' => array('name' => '文章', 'submenu' => array(array('name' => '文章管理', 'action' => 'list', 'default' => 1), array('name' => '添加文章', 'action' => 'add'))), 'user' => array('name' => '资料', 'end' => 1));
!$job && ($job = 'article');
if ($job == 'user') {
$action = in_array($action, array('profile', 'modprofile')) ? $action : 'profile';
}
// 撰写组菜单
} else {
$adminitem = array();
$job = 'user';
$action = in_array($action, array('profile', 'modprofile')) ? $action : 'profile';
// 注册组菜单
}
$groupdb = array(1 => '管理者', 2 => '撰写者', 3 => '普通用户', 4 => '游客');
if (!$job) {
$job = 'main';
} else {
if (getstrlen($job) > 20) {
$job = 'main';
}
$job = str_replace(array('.', '/', '\\', "'", ':', '%'), '', $job);
$job = basename($job);
$job = in_array($job, array('main', 'misc', 'article', 'comment', 'attachment', 'category', 'user', 'link', 'template', 'tools', 'configurate', 'upload')) ? $job : 'main';
}
$articleid = intval($_POST['articleid'] ? $_POST['articleid'] : $_GET['articleid']);
$subnav = '';
if (file_exists(SABLOG_ROOT . 'admin/' . $job . '.php')) {
include SABLOG_ROOT . 'admin/' . $job . '.php';
} else {
include SABLOG_ROOT . 'admin/main.php';
}
cpfooter();
if (is_array($logfile)) {
foreach ($logfile as $log) {
$logs[] = $log;
}
}
$logs = @array_reverse($logs);
$total = count($logs);
if ($total > 100) {
$output = @array_slice($logs, 0, 100);
$output = @array_reverse($output);
$output = @implode("", $output);
@touch($logfilename);
@($fp = fopen($logfilename, 'rb+'));
@flock($fp, LOCK_EX);
@fwrite($fp, $output);
@ftruncate($fp, getstrlen($output));
@fclose($fp);
@chmod($filename, 0777);
$location = getlink('tools', $logsfile, array('message' => 26, 'opname' => $opname));
} else {
$location = getlink('tools', $logsfile, array('message' => 27));
}
header("Location: {$location}");
exit;
}
//removelog
//管理日志页面
if (in_array($action, array('adminlog', 'loginlog', 'dberrorlog'))) {
@($logfile = file(SABLOG_ROOT . 'data/log/' . $logsfile . '.php'));
$logs = $logdb = array();
if (is_array($logfile)) {
}
if (!$r) {
message('记录不存在.', './');
}
$aids = get_cids($r['mid']);
$query_sql .= " AND a.articleid IN ({$aids})";
$navtext = $r['name'];
$total = $r['count'];
$pageurl = getcatelink($cid, $r['slug']);
$options['title'] = settitle($r['name']);
$indexpage = 0;
}
//不用再计算记录数量直接从缓存读取
$getnum = false;
// 检查是否设置$setdate参数
if ($setdate && getstrlen($setdate) == 6) {
$extra = 'page/';
$navtext = $setyear . '年' . $setmonth . '月的文章';
$pageurl = getdatelink($setdate);
if ($archivesdb[$setdate]) {
$total = (int) $archivesdb[$setdate];
} else {
$getnum = true;
}
// 检查是否设置$setday参数
$setday = (int) $_GET['setday'];
if ($setday && is_numeric($setday)) {
$getnum = true;
if ($setday > 31 || $setday < 1) {
$setday = sadate('d');
}
function htmlSubString($content, $maxlen = 300, $offset = 0)
{
//把字符按HTML标签变成数组。
$content = preg_split("/(<[^>]+?>)/si", $content, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
$wordrows = 0;
//中英字数
$outstr = "";
//生成的字串
$wordend = false;
//是否符合最大的长度
$beginTags = 0;
//除<img><br><hr>这些短标签外,其它计算开始标签,如<div*>
$endTags = 0;
//计算结尾标签,如</div>,如果$beginTags==$endTags表示标签数目相对称,可以退出循环。
//print_r($content);
foreach ($content as $value) {
if (trim($value) == "") {
continue;
}
//如果该值为空,则继续下一个值
if (strpos(";{$value}", "<") > 0) {
//如果与要载取的标签相同,则到处结束截取。
if (trim($value) == $maxlen) {
$wordend = true;
continue;
}
if ($wordend == false) {
$outstr .= $value;
if (!preg_match("/<img([^>]+?)>/is", $value) && !preg_match("/<param([^>]+?)>/is", $value) && !preg_match("/<!([^>]+?)>/is", $value) && !preg_match("/<br([^>]+?)>/is", $value) && !preg_match("/<hr([^>]+?)>/is", $value)) {
$beginTags++;
//除img,br,hr外的标签都加1
}
} else {
if (preg_match("/<\\/([^>]+?)>/is", $value, $matches)) {
$endTags++;
$outstr .= $value;
if ($beginTags == $endTags && $wordend == true) {
break;
}
//字已载完了,并且标签数相称,就可以退出循环。
} else {
if (!preg_match("/<img([^>]+?)>/is", $value) && !preg_match("/<param([^>]+?)>/is", $value) && !preg_match("/<!([^>]+?)>/is", $value) && !preg_match("/<br([^>]+?)>/is", $value) && !preg_match("/<hr([^>]+?)>/is", $value)) {
$beginTags++;
//除img,br,hr外的标签都加1
$outstr .= $value;
}
}
}
} else {
if (is_numeric($maxlen)) {
//截取字数
$curLength = getstrlen($value);
$maxLength = $curLength + $wordrows;
if ($wordend == false) {
if ($maxLength > $maxlen) {
//总字数大于要截取的字数,要在该行要截取
$outstr .= trimmed_title($value, $maxlen - $wordrows, $offset);
$wordend = true;
} else {
$wordrows = $maxLength;
$outstr .= $value;
}
}
} else {
if ($wordend == false) {
$outstr .= $value;
}
}
}
}
//循环替换掉多余的标签,如<p></p>这一类
while (preg_match("/<([^\\/][^>]*?)><\\/([^>]+?)>/is", $outstr)) {
$outstr = preg_replace_callback("/<([^\\/][^>]*?)><\\/([^>]+?)>/is", "strip_empty_html", $outstr);
}
//把误换的标签换回来
if (strpos(";" . $outstr, "[html_") > 0) {
$outstr = str_replace("[html_<]", "<", $outstr);
$outstr = str_replace("[html_>]", ">", $outstr);
}
//echo htmlspecialchars($outstr);
return $outstr;
}
$location = getlink('user', 'profile', array('message' => 3, 'userid' => $sax_uid));
}
if (!isurl($url)) {
$location = getlink('user', 'profile', array('message' => 4, 'userid' => $sax_uid));
}
//修改资料
$password_sql = '';
if ($newpassword) {
$user = $DB->fetch_one_array("SELECT password FROM {$db_prefix}users WHERE userid='{$sax_uid}'");
if (!$user) {
$location = getlink('user', 'profile', array('message' => 15, 'userid' => $sax_uid));
}
if ($old_password != $user['password']) {
$location = getlink('user', 'profile', array('message' => 16, 'userid' => $sax_uid));
}
if (getstrlen($newpassword) < 8) {
$location = getlink('user', 'profile', array('message' => 11, 'userid' => $sax_uid));
}
if ($newpassword != $comfirpassword) {
$location = getlink('user', 'profile', array('message' => 6, 'userid' => $sax_uid));
}
if (strpos($newpassword, "\n") !== false || strpos($newpassword, "\r") !== false || strpos($newpassword, "\t") !== false) {
$location = getlink('user', 'profile', array('message' => 7, 'userid' => $sax_uid));
}
$password_sql = ", password='******'";
}
if (!$location) {
$email = char_cv($email);
$url = char_cv($url);
$DB->unbuffered_query("UPDATE {$db_prefix}users SET url='{$url}', email='{$email}' {$password_sql} WHERE userid='{$sax_uid}'");
if ($newpassword) {
$location = getlink('article', 'mod', array('message' => 1, 'articleid' => $articleid));
}
if (!$mids) {
$location = getlink('article', 'mod', array('message' => 2, 'articleid' => $articleid));
}
if (!$content || getstrlen($content) < 4) {
$location = getlink('article', 'mod', array('message' => 3, 'articleid' => $articleid));
}
if ($keywords) {
$v = explode(',', $keywords);
$v_num = count($v);
if ($v_num > 10) {
$location = getlink('article', 'mod', array('message' => 4, 'articleid' => $articleid));
} else {
for ($i = 0; $i < $v_num; $i++) {
if (getstrlen($v[$i]) > 30) {
$location = getlink('article', 'mod', array('message' => 5, 'articleid' => $articleid));
break;
}
}
}
}
if ($alias) {
if (!checkalias($alias)) {
$location = getlink('article', 'mod', array('message' => 6, 'articleid' => $articleid));
}
$alias = char_cv($alias);
$r = $DB->fetch_one_array("SELECT articleid FROM {$db_prefix}articles WHERE alias='{$alias}' AND articleid!='{$articleid}' LIMIT 1");
if ($r) {
$location = getlink('article', 'mod', array('message' => 7, 'articleid' => $articleid));
}
function checkcontent($content)
{
global $options;
if (empty($content)) {
$result .= '内容不能为空.<br />';
return $result;
}
if (getstrlen($content) < $options['comment_min_len'] || getstrlen($content) > $options['comment_max_len']) {
$result .= '内容不能少于' . $options['comment_min_len'] . '字节,并且不能超过' . $options['comment_max_len'] . '字节.<br />';
return $result;
}
}
function isemail($email)
{
return getstrlen($email) > 6 && preg_match("/^[\\w\\-\\.]+@[\\w\\-\\.]+(\\.\\w+)+\$/", $email);
}
!$action && ($action = 'catelist');
$location = '';
if ($type == 'category') {
$goaction = 'catelist';
} else {
$goaction = 'taglist';
}
//添加/修改分类
if ($action == 'add' || $action == 'mod') {
$new_name = trim($_POST['new_name']);
$new_url = trim($_POST['new_url']);
$type = trim($_POST['type']);
if (!in_array($type, array('category', 'tag'))) {
$location = getlink('category', null, array('message' => 1));
}
if (!$new_name || getstrlen($new_name) > 30) {
$location = getlink('category', $goaction, array('message' => 2));
}
$new_name = char_cv($new_name);
if ($action == 'add') {
$r = $DB->fetch_one_array("SELECT mid FROM {$db_prefix}metas WHERE type='{$type}' AND name='{$new_name}' LIMIT 1");
} else {
$r = $DB->fetch_one_array("SELECT mid FROM {$db_prefix}metas WHERE type='{$type}' AND mid!='{$mid}' AND name='{$new_name}' LIMIT 1");
}
if ($r) {
$location = getlink('category', $goaction, array('message' => 3));
}
if ($new_url) {
if (!checkalias($new_url)) {
$location = getlink('category', $goaction, array('message' => 4));
} else {
function sqldumptable($table, $startfrom = 0, $currsize = 0)
{
global $DB, $sizelimit, $startrow, $sqlcompat;
$offset = 300;
$tabledump = '';
if (!$startfrom) {
$tabledump = "DROP TABLE IF EXISTS {$table};\n";
$createtable = $DB->query("SHOW CREATE TABLE {$table}");
$create = $DB->fetch_row($createtable);
$tabledump .= $create[1];
if ($sqlcompat == 'MYSQL41' && $DB->version() < '4.1') {
$tabledump = preg_replace("/TYPE\\=(.+)/", "ENGINE=\\1 DEFAULT CHARSET=utf8", $tabledump);
}
if ($DB->version() > '4.1') {
$tabledump = preg_replace("/(DEFAULT)*\\s*CHARSET=.+/", "DEFAULT CHARSET=utf8", $tabledump);
}
$query = $DB->query("SHOW TABLE STATUS LIKE '{$table}'");
$tablestatus = $DB->fetch_array($query);
$tabledump .= ($tablestatus['Auto_increment'] ? " AUTO_INCREMENT={$tablestatus['Auto_increment']}" : '') . ";\n\n";
if ($sqlcompat == 'MYSQL40' && $DB->version() >= '4.1') {
if ($tablestatus['Auto_increment'] != '') {
$temppos = strpos($tabledump, ',');
$tabledump = substr($tabledump, 0, $temppos) . ' auto_increment' . substr($tabledump, $temppos);
}
}
}
$tabledumped = 0;
$numrows = $offset;
while ($currsize + getstrlen($tabledump) < $sizelimit * 1000 && $numrows == $offset) {
$tabledumped = 1;
$rows = $DB->query("SELECT * FROM {$table} LIMIT {$startfrom}, {$offset}");
$numfields = $DB->num_fields($rows);
$numrows = $DB->num_rows($rows);
while ($row = $DB->fetch_row($rows)) {
$comma = '';
$tabledump .= "INSERT INTO {$table} VALUES (";
for ($i = 0; $i < $numfields; $i++) {
$tabledump .= $comma . '\'' . mysql_escape_string($row[$i]) . '\'';
$comma = ',';
}
$tabledump .= ");\n";
}
$startfrom += $offset;
}
$startrow = $startfrom;
$tabledump .= "\n";
return $tabledump;
}
