$q = $db->query($sql);
$user_select_file = array();
while ($rs = $db->fetch_array($q)) {
$user_select_file[] = $rs['file_id'];
}
unset($rs);
$ref = $_SERVER['HTTP_REFERER'];
require_once template_echo($item, $user_tpl_dir);
} else {
$sysmsg[] = "缺失courseid或csid,非法操作";
tb_redirect('reload', $sysmsg);
}
}
break;
case 'file_cs_relation_delete':
$course_id = (int) gpc('course_id', 'GP', 0);
$cs_id = (int) gpc('cs_id', 'GP', 0);
$file_id = (int) gpc('file_id', 'GP', 0);
if ($task == 'file_cs_relation_delete') {
form_auth(gpc('formhash', 'P', ''), formhash());
$ref = gpc('ref', 'P', '');
$db->query_unbuffered("delete from {$tpf}file_cs_relation where cs_id='{$cs_id}' AND file_id = '{$file_id}'");
$sysmsg[] = "删除文件成功";
tb_redirect('reload', $sysmsg);
} else {
$ref = $_SERVER['HTTP_REFERER'];
$file_name = @$db->result_first("select file_name from {$tpf}files where file_id='{$file_id}' ");
require_once template_echo($item, $user_tpl_dir);
}
break;
}
@make_thumb($file['tmp_name'], $file_real_path . $file_store_path . $file_real_name_store . '_thumb.' . $file_extension, $settings['thumb_width'], $settings['thumb_height']);
} else {
$is_image = 0;
}
} else {
$is_image = 0;
}
$rs = $db->fetch_one_array("select file_name,file_extension,file_store_path,file_real_name from {$tpf}files where file_id='{$file_id}' and userid='{$pd_uid}' limit 1");
if ($rs) {
$file_ext = $rs[file_extension] ? '.' . $rs[file_extension] : '';
@unlink(PHPDISK_ROOT . $settings[file_path] . '/' . $rs[file_store_path] . '/' . $rs[file_real_name] . $file_ext);
@unlink(PHPDISK_ROOT . $settings[file_path] . '/' . $rs[file_store_path] . '/' . $rs[file_real_name] . '_thumb' . $file_ext);
}
unset($rs);
$server_oid = @$db->result_first("select server_oid from {$tpf}servers where server_id>1 order by is_default desc limit 1");
if (!$error && upload_file($file['tmp_name'], $dest_file)) {
$ins = array('file_name' => $file_name, 'file_key' => $file_key, 'file_extension' => $file_extension, 'is_image' => $is_image, 'file_mime' => $file_mime, 'file_store_path' => $file_store_path, 'file_real_name' => $file_real_name, 'file_size' => $file['size'], 'file_time' => $timestamp, 'server_oid' => (int) $server_oid, 'is_checked' => 1, 'in_share' => 1, 'userid' => $pd_uid, 'ip' => $onlineip, 'folder_id' => $folder_id);
$db->query_unbuffered("update {$tpf}files set " . $db->sql_array($ins) . " where file_id='{$file_id}' and userid='{$pd_uid}' limit 1");
$sysmsg[] = '替换文件上传成功';
tb_redirect($settings[phpdisk_url] . urr("space", "username="******"select folder_id from {$tpf}files where file_id='{$file_id}' limit 1");
$ref = $_SERVER['HTTP_REFERER'];
require_once template_echo($item, $user_tpl_dir);
}
break;
}
function auth_task_guest()
{
global $db, $tpf, $pd_uid, $pd_gid;
form_auth(gpc('formhash', 'P', ''), formhash());
$username = trim(gpc('username', 'P', ''));
$password = trim(gpc('password', 'P', ''));
$confirm_password = trim(gpc('confirm_password', 'P', ''));
$email = trim(gpc('email', 'P', ''));
$ref = trim(gpc('ref', 'P', ''));
if (checklength($username, 2, 60)) {
$error = true;
$sysmsg[] = __('invalid_username');
} elseif (is_bad_chars($username)) {
$error = true;
$sysmsg[] = __('username_has_bad_chars');
} else {
$rs = $db->fetch_one_array("select username from {$tpf}users where username='******' and userid<>'{$pd_uid}' limit 1");
if ($rs) {
if (strcasecmp($username, $rs['username']) == 0) {
$error = true;
$sysmsg[] = __('username_already_exists');
}
}
unset($rs);
}
if (checklength($password, 6, 20)) {
$error = true;
$sysmsg[] = __('invalid_password');
} else {
if ($password == $confirm_password) {
$md5_pwd = md5($password);
} else {
$error = true;
$sysmsg[] = __('confirm_password_invalid');
}
}
if (!checkemail($email)) {
$error = true;
$sysmsg[] = __('invalid_email');
} else {
$rs = $db->fetch_one_array("select email from {$tpf}users where email='{$email}' and userid<>'{$pd_uid}' limit 1");
if ($rs) {
if (strcasecmp($email, $rs['email']) == 0) {
$error = true;
$sysmsg[] = __('email_already_exists');
}
unset($rs);
}
}
if (!$error) {
$ins = array('username' => $username, 'password' => $md5_pwd, 'email' => $email, 'space_name' => $username . __('file'), 'can_edit' => 0);
$db->query_unbuffered("update {$tpf}users set " . $db->sql_array($ins) . " where userid='{$pd_uid}'");
pd_setcookie('phpdisk_zcore_info', pd_encode("{$pd_uid}\t{$pd_gid}\t{$username}\t{$md5_pwd}\t{$email}"), 86400 * 3);
$sysmsg[] = __('guest_set_account_success');
tb_redirect($ref, $sysmsg);
} else {
tb_redirect('back', $sysmsg);
}
}
