Esempio n. 1
0
function check_data($type = "new")
{
    global $db_titlemax, $db_postmin, $db_postmax, $foruminfo, $atc_usesign, $article, $db_sellset, $db_enhideset, $isGM, $winddb, $db_posturlnum;
    $atc_title = trim($_POST['atc_title']);
    $atc_content = $_POST['atc_content'];
    if (empty($article) && !$atc_title || strlen($atc_title) > $db_titlemax) {
        Showmsg('postfunc_subject_limit');
    }
    $check_content = $atc_content;
    for ($i = 10; $i < 14; $i++) {
        $check_content = str_replace(Chr($i), '', $check_content);
    }
    if (strlen(trim($check_content)) >= $db_postmax || strlen(trim($check_content)) < $db_postmin) {
        Showmsg('postfunc_content_limit');
    }
    $atc_title = S::escapeChar($atc_title);
    $wordsfb = L::loadClass('FilterUtil', 'filter');
    $ifwordsfb = $wordsfb->ifwordsfb(stripslashes($atc_content));
    $ifconvert = 1;
    unset($_POST['atc_content']);
    if ($_POST['atc_convert'] == "1") {
        $_POST['atc_autourl'] && ($atc_content = autourl($atc_content));
        if ($_G['posturlnum'] > 0 && $winddb['postnum'] < $_G['posturlnum'] && !$isGM && postUrlCheck($atc_content)) {
            Showmsg('postfunc_urlnum_limit');
        }
        $atc_content = html_check($atc_content);
        /*
         * 权限控制是否能发布自动展开的多媒体
         */
        foreach (array('wmv', 'rm', 'flash') as $key => $value) {
            if (strpos(",{$GLOBALS[_G][media]},", ",{$value},") === false) {
                $atc_content = preg_replace("/(\\[{$value}=([0-9]{1,3}\\,[0-9]{1,3}\\,)?)1(\\].+?\\[\\/{$value}\\])/is", "\${1}0\\3", $atc_content);
            }
        }
        /*
         * [post]、[hide、[sell=位置不能换
         */
        if (!$isGM && (!$foruminfo['allowhide'] || !$GLOBALS['_G']['allowhidden'])) {
            $atc_content = str_replace("[post]", "[\tpost]", $atc_content);
        } elseif ($_POST['atc_hide'] == '1') {
            $atc_content = "[post]" . str_replace(array('[post]', '[/post]'), "", $atc_content) . "[/post]";
            $ifconvert = 2;
        }
        if (!$isGM && (!$GLOBALS['forumset']['allowencode'] || !$GLOBALS['_G']['allowencode'])) {
            $atc_content = str_replace("[hide=", "[\thide=", $atc_content);
        } elseif ($_POST['atc_requireenhide'] == '1') {
            $atc_enhidetype = in_array($_POST['atc_enhidetype'], $db_enhideset['type']) ? $_POST['atc_enhidetype'] : 'rvrc';
            $atc_content = preg_replace("/\\[hide=(.+?)\\]/is", "", $atc_content);
            $atc_content = "[hide=" . (int) $_POST['atc_rvrc'] . ",{$atc_enhidetype}]" . str_replace("[/hide]", "", $atc_content) . "[/hide]";
            $ifconvert = 2;
        }
        if (!$isGM && (!$foruminfo['allowsell'] || !$GLOBALS['_G']['allowsell'])) {
            $atc_content = str_replace("[sell=", "[\tsell=", $atc_content);
        } elseif ($_POST['atc_requiresell'] == '1') {
            $atc_credittype = in_array($_POST['atc_credittype'], $db_sellset['type']) ? $_POST['atc_credittype'] : 'money';
            $atc_content = str_replace("[/sell]", "", preg_replace("/\\[sell=(.+?)\\]/is", "", $atc_content));
            $atc_content = "[sell=" . (int) $_POST['atc_money'] . ",{$atc_credittype}]{$atc_content}[/sell]";
            $ifconvert = 2;
        }
        /*if ($ifconvert == 1) {
        			$atc_content != convert($atc_content,'') && $ifconvert = 2;
        		}*/
        $ifconvert = 2;
    }
    if ($atc_usesign < 2) {
        $atc_content = S::escapeChar($atc_content);
    } else {
        $atc_content = preg_replace(array("/<script.*>.*<\\/script>/is", "/<(([^\"']|\"[^\"]*\"|'[^']*')*?)>/eis", "/javascript/i"), array("", "jscv('\\1')", "java script"), str_replace('.', '&#46;', $atc_content));
    }
    return array($atc_title, $atc_content, $ifconvert, $ifwordsfb);
}
Esempio n. 2
0
 $pwuser = array_unique(array_diff($pwuser, array('')));
 if ($pwuser) {
     $query = $db->query("SELECT uid FROM pw_members WHERE username IN (" . pwImplode($pwuser) . ")");
     while ($rt = $db->fetch_array($query)) {
         $uids[] = $rt['uid'];
     }
 }
 if (!$uids) {
     $errorname = $pwuser;
     $errorname = implode($pwuser, ',');
     Showmsg('user_not_exists');
 } elseif ($w_num = count($uids) > 9) {
     Showmsg('msg_send_limit');
 }
 $s_num = 0;
 $atc_content = autourl($atc_content);
 $uids = pwImplode($uids);
 $ifuids = $sqladd = $msglog = array();
 if ($uids) {
     $query = $db->query("SELECT uid,username,newpm,banpm,msggroups FROM pw_members WHERE uid IN({$uids})");
     while ($rt = $db->fetch_array($query)) {
         if ($rt['msggroups'] && strpos($rt['msggroups'], ",{$groupid},") !== false || strpos(",{$rt['banpm']},", ",{$windid},") !== false) {
             $errorname = $rt['username'];
             Showmsg('msg_refuse');
         }
         if ($edmid && in_array($rt['username'], $pwuser)) {
             $pwSQL = pwSqlSingle(array('m.mdate' => $timestamp, 'mc.title' => $msg_title, 'mc.content' => $atc_content));
             $db->update("UPDATE pw_msg m LEFT JOIN pw_msgc mc USING(mid) SET {$pwSQL} WHERE m.mid=" . pwEscape($edmid) . " AND m.fromuid=" . pwEscape($winduid) . " AND m.ifnew='1'");
             continue;
         }
         $sqladd[] = array($rt['uid'], $winduid, $windid, 'rebox', '1', $timestamp);