function pkpost($cacheinfo, $cp = 1)
{
global $_G, $_SGLOBAL, $theurl, $mname, $checkresults;
$itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0;
$hash = '';
$op = 'add';
$mustverify = false;
$resultitems = $resultmessage = $updateitem = array();
$modelsinfoarr = $cacheinfo['models'];
$columnsinfoarr = $cacheinfo['columns'];
$feedcolum = array();
foreach ($columnsinfoarr as $result) {
if ($mname == "groupbuy" && preg_match('/^user_|^ext_/', $result['fieldname'])) {
continue;
}
if ($result['isfixed'] == 1) {
$resultitems[] = $result;
} else {
$resultmessage[] = $result;
}
if ($result['formtype'] == 'linkage') {
if (!empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]];
}
} elseif ($result['formtype'] == 'timestamp') {
if (empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $_G['timestamp'];
} else {
$_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]);
}
}
}
//輸入檢查
$_POST['subject'] = trim(strip_tags($_POST['subject']));
$itemid = $_POST['itemid'];
$checkresults = array();
if (bstrlen($_POST['subject']) < 1 || bstrlen($_POST['subject']) > 80) {
array_push($checkresults, array('subject' => lang('space_suject_length_error')));
}
//數據檢查
checkvalues(array_merge($resultitems, $resultmessage), 1, 1);
//商品價格處理 Start
if ($modelsinfoarr['modelname'] == 'good') {
if ($_POST['minprice'] > 0 && $_POST['maxprice'] > 0 && $_POST['maxprice'] < $_POST['minprice']) {
array_push($checkresults, array('maxprice' => lang('maxprice_must_big_then_minprice')));
}
}
//商品價格處理 End
//修改時檢驗標題圖片是否修改
$defaultmessage = array();
if (!empty($itemid)) {
if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) {
//當file刪除時,或修改時執行刪除操作
$query = DB::query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\'');
$defaultmessage = DB::fetch($query);
$hash = getmodelhash($modelsinfoarr['mid'], $itemid);
deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage'));
//刪除附件表
updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid));
$ext = fileext($defaultmessage['subjectimage']);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage['subjectimage']);
}
}
//構建數據
$setsqlarr = $setitemsqlarr = array();
$setsqlarr = getsetsqlarr($resultitems);
$itemgrade = DB::result_first("SELECT grade FROM " . tname($mname . "items") . " WHERE itemid = '{$itemid}'");
if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
$setsqlarr['subjectimage'] = $_POST['subjectimage_value'];
}
if (empty($_POST['catid']) || $_POST['catid'] < 0) {
array_push($checkresults, array('catid' => lang('cat_not_selected')));
}
$setsqlarr['catid'] = $_POST['catid'];
if ($modelsinfoarr['modelname'] != 'shop') {
//限制必填信息所屬店舖
if (pkperm('isadmin')) {
if (empty($_POST['shopid'])) {
array_push($checkresults, array('shopid' => lang('please_select_shopid')));
}
$setsqlarr['shopid'] = intval($_POST['shopid']);
} else {
$setsqlarr['shopid'] = $_G['myshopid'];
}
} else {
$setsqlarr['letter'] = !empty($_POST['letter']) ? trim($_POST['letter']) : getletter(trim($_POST['subject']));
$setsqlarr['keywords'] = trim(strip_tags($_POST['keywords']));
$setsqlarr['description'] = trim(strip_tags($_POST['description']));
if (!empty($_POST['syncfid'])) {
require_once B_ROOT . './api/bbs_syncpost.php';
if (checkbbsfid($_POST['syncfid'])) {
$setsqlarr['syncfid'] = intval($_POST['syncfid']);
} else {
array_push($checkresults, array('syncfid' => lang('syncfid_noexists')));
}
}
}
$setsqlarr['subject'] = $_POST['subject'];
$setsqlarr['allowreply'] = 1;
if (!empty($checkresults)) {
cpmsg('addobject_error', '', '', '', true, true, $checkresults);
}
if (pkperm('isadmin')) {
$setsqlarr['grade'] = isset($_POST['grade']) ? $_POST['grade'] : 3;
} elseif ($_G['myshopstatus'] == 'verified') {
if (in_array($modelsinfoarr['modelname'], array('good', 'notice', 'consume', 'album', 'groupbuy')) && $itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
$setsqlarr['grade'] = !empty($itemid) ? 5 : 0;
if (!empty($itemid)) {
if (in_array($_POST['grade'], array(2, 3))) {
$setsqlarr['grade'] = $_POST['grade'];
}
}
$mustverify = true;
} else {
if (in_array($_POST['grade'], array(2, 3))) {
$setsqlarr['grade'] = $_POST['grade'];
} else {
$setsqlarr['grade'] = $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']] ? 0 : 3;
}
}
} elseif ($_G['myshopstatus'] == 'unverified') {
$setsqlarr['grade'] = 0;
}
$setsqlarr['dateline'] = $_G['timestamp'];
$setsqlarr['uid'] = $_G['uid'];
$setsqlarr['username'] = $_G['username'];
$setsqlarr['lastpost'] = $setsqlarr['dateline'];
// 標題圖片處理 Start
if (!empty($modelsinfoarr['thumbsize'])) {
$modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize']));
$modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0];
$modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1];
}
if ($_POST['imagetype'] == 0 && $modelsinfoarr['modelname'] == 'consume' && $_G['setting']['allowcreateimg']) {
if ($_GET['action'] == 'add') {
$hotline = $_SGLOBAL['panelinfo']['tel'];
$address = $_SGLOBAL['panelinfo']['address'];
} else {
$shopinfo = DB::fetch(DB::query("SELECT tel, address FROM " . tname('shopitems') . " WHERE itemid='{$setsqlarr['shopid']}'"));
$hotline = $shopinfo['tel'];
$address = $shopinfo['address'];
}
$dealer_name = DB::result_first("SELECT subject FROM " . tname('shopitems') . " WHERE itemid='{$setsqlarr['shopid']}'");
$createimgarr = array('id' => intval($_POST['imgtplid']), 'mid' => intval($modelsinfoarr['mid']), 'itemid' => intval($itemid), 'coupon_title' => $setsqlarr['subject'], 'dealer_id' => $setsqlarr['uid'], 'dealer_name' => $dealer_name, 'begin_date' => date('Y-m-d', $setsqlarr['validity_start']), 'end_date' => date('Y-m-d', $setsqlarr['validity_end']), 'brief' => trim($_POST['message']), 'exception' => trim($_POST['exception']), 'address' => $address, 'hotline' => $hotline, 'subjectimagewidth' => $modelsinfoarr['subjectimagewidth'], 'subjectimageheight' => $modelsinfoarr['subjectimageheight']);
require_once B_ROOT . './source/adminfunc/tool.func.php';
if ($consumeimgpath = image_text($createimgarr)) {
$setsqlarr['subjectimage'] = $consumeimgpath;
$setsqlarr['imagetype'] = 0;
$setsqlarr['imgtplid'] = intval($_POST['imgtplid']);
}
} else {
$uploadfilearr = $ids = array();
$subjectimageid = '';
$uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => '圖片標題', 'formtype' => 'img')), $modelsinfoarr['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']);
if (!empty($uploadfilearr)) {
$feedsubjectimg = $uploadfilearr;
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
if ($modelsinfoarr['modelname'] == 'consume') {
$setsqlarr['imagetype'] = 1;
}
}
/* --------- 標題圖片處理 End --------------*/
//詞語過濾
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
//發佈時間
$setsqlarr['dateline'] = $_G['timestamp'];
// 商品添加簡介
if ($mname == "good") {
$setsqlarr['intro'] = trim(strip_tags($_POST['intro']));
}
if (empty($itemid)) {
//插入數據
$itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1);
if (in_array($modelsinfoarr['modelname'], array('good', 'notice', 'consume', 'album', 'groupbuy'))) {
itemnumreset($modelsinfoarr['modelname'], $setsqlarr['shopid']);
}
} else {
$_SGLOBAL['itemupdate'] = 1;
//更新
$op = 'update';
unset($setsqlarr['uid']);
unset($setsqlarr['username']);
unset($setsqlarr['lastpost']);
if ($itemgrade == 1 && !pkperm('isadmin')) {
$setsqlarr['grade'] = 0;
} elseif ($itemgrade == 1 && pkperm('isadmin')) {
$setsqlarr['grade'] = 1;
} elseif ($itemgrade == 0 && !pkperm('isadmin')) {
$setsqlarr['grade'] = 0;
} elseif ($itemgrade == 0 && pkperm('isadmin')) {
$setsqlarr['grade'] = 0;
}
if (pkperm('isadmin')) {
//站長可以post任何數據
updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid));
//權限限制
} else {
// 店長不允許更改店舖組
unset($setsqlarr['groupid']);
if ($modelsinfoarr['modelname'] == 'shop') {
unset($setsqlarr['validity_start']);
unset($setsqlarr['validity_end']);
if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
$updatesqlarr = $setsqlarr;
} else {
//店長提交店舖權限檢查
updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $_G['myshopid']));
}
} else {
if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
$updatesqlarr = $setsqlarr;
} else {
//店長只能更改管理的店舖的信息
updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid, 'shopid' => $_G['myshopid']));
}
}
}
$query = DB::query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE itemid = \'' . $itemid . '\'');
$defaultmessage = DB::fetch($query);
}
$hash = getmodelhash($modelsinfoarr['mid'], $itemid);
if (!empty($ids)) {
$ids = simplode($ids);
DB::query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$do = 'pass';
if ($op == 'update' && !$_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
if (!empty($resultmessage)) {
foreach ($resultmessage as $value) {
if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) {
if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) {
//當file刪除時,或修改時執行刪除操作
deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname']));
//刪除附件表
updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('itemid' => $itemid));
@unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg');
@unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']] . '.thumb.jpg');
@unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]);
}
}
}
}
}
//內容
$setsqlarr = $uploadfilearr = $ids = array();
$setsqlarr = getsetsqlarr($resultmessage);
$uploadfilearr = $feedcolum = uploadfile($resultmessage, $modelsinfoarr['modelname'], $itemid, 0);
$setsqlarr['message'] = trim($_POST['message']);
$setsqlarr['message'] = saddslashes(html2bbcode(stripslashes($setsqlarr['message'])));
if ($modelsinfoarr['modelname'] == 'consume') {
$setsqlarr['exception'] = trim($_POST['exception']);
}
if ($_POST['imagetype'] == 0 && $modelsinfoarr['modelname'] == 'consume' && $_G['setting']['allowcreateimg']) {
$setsqlarr['address'] = trim($_POST['address']);
$setsqlarr['hotline'] = trim($_POST['hotline']);
}
$setsqlarr['postip'] = $_G['clientip'];
if ($modelsinfoarr['modelname'] == 'shop' && $itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
$setsqlarr['banner'] = $_POST['banner_value'];
$setsqlarr['windowsimg'] = $_POST['windowsimg_value'];
}
if (!empty($uploadfilearr)) {
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//添加內容
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
if ($op == 'add') {
$setsqlarr['itemid'] = $itemid;
//添加內容
inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr);
} else {
if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']] && !pkperm('isadmin')) {
$_SGLOBAL['updatesqlarr'] = array_merge($updatesqlarr, $setsqlarr);
} else {
//更新內容
updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid));
}
}
updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash));
return $itemid;
}
} else {
cpmsg('no_item', 'admin.php?action=commentmodel');
}
}
if (($_GET['op'] == 'edit' || $_GET['op'] == 'add') && !empty($_POST['valuesubmit'])) {
$scorename = '';
$scorearr = array();
$_POST['modelname'] = trim($_POST['modelname']);
if (empty($_POST['modelname']) || bstrlen($_POST['modelname']) > 10) {
array_push($checkresults, array('modelname' => lang('commentmodel_modelname_length_error')));
}
$notfillednum = $fillednum = 0;
for ($i = 1; $i <= 8; $i++) {
$_POST['score' . $i] = trim($_POST['score' . $i]);
if (!empty($_POST['score' . $i])) {
if (bstrlen($_POST['score' . $i]) > 10) {
array_push($checkresults, array('score' . $i => lang('commentmodel_modelname_length_error')));
}
$scorearr[$i] = $_POST['score' . $i];
$fillednum++;
} else {
$notfillednum++;
}
}
if ($notfillednum == 8) {
cpmsg('commentmodel_score_notwrite');
}
if (!empty($checkresults)) {
cpmsg('add_error', '', 'error', '', true, true, $checkresults);
}
$scorename = serialize($scorearr);
array_push($checkresults, array('message' => $lang['no_login']));
}
}
$table_name = ($ismodle ? $type : 'space') . 'items';
$query = DB::query('SELECT * FROM ' . tname($table_name) . ' WHERE itemid=\'' . $itemid . '\' AND allowreply=\'1\'');
if (!($item = DB::fetch($query))) {
array_push($checkresults, array('message' => $lang['no_permission']));
}
$_POST['commentmessage'] = shtmlspecialchars(trim($_POST['commentmessage']));
if ($_POST['commentmessage'] == $_G['setting']['commdefault'] || bstrlen($_POST['commentmessage']) < 1 || bstrlen($_POST['commentmessage']) > 250) {
array_push($checkresults, array('commentmessage' => $lang['wordlimited']));
}
if (!empty($commentscorestr)) {
$rootcatid = getrootcatid($item['catid']);
$scorenum = DB::result_first("SELECT cm.scorenum FROM " . tname('categories') . " c\n\t\t\t\t\t\t\t\t\t\tLEFT JOIN " . tname('commentmodels') . " cm ON cm.cmid=c.cmid\n\t\t\t\t\t\t\t\t\t\tWHERE c.catid = '{$rootcatid}'");
if (bstrlen($commentscorestr) < $scorenum * 5) {
array_push($checkresults, array('score' => $lang['scorelimited']));
}
}
if (!empty($_G['setting']['commenttime']) && !ckfounder($_G['uid'])) {
if ($_G['timestamp'] - $_G['member']['lastcommenttime'] < $_G['setting']['commenttime']) {
array_push($checkresults, array('message' => $lang['comment_too_much']));
}
}
if (!empty($checkresults)) {
showmessage('comment_submit_error', '', '', '', $checkresults);
}
//更新用戶最新更新時間
if ($_G['uid']) {
updatetable('members', array('updatetime' => $_G['timestamp'], 'lastcommenttime' => $_G['timestamp']), array('uid' => $_G['uid']));
}
* This is NOT a freeware, use is subject to license terms
*
* $Id: brandlinks.inc.php 4337 2010-09-06 04:48:05Z fanshengshuai $
*/
if (!defined('IN_STORE')) {
exit('Acess Denied');
}
if ($_SGLOBAL['panelinfo']['enablebrandlinks'] < 1) {
cpmsg('no_perm');
}
$op = trim($_GET['op']);
$linkid = empty($_REQUEST['linkid']) ? '' : intval($_REQUEST['linkid']);
$checkresults = array();
if (submitcheck('valuesubmit')) {
$displayorder = !empty($_POST['displayorder']) ? intval($_POST['displayorder']) : 100;
if (empty($_POST['name']) || bstrlen(trim($_POST['name'])) > 30) {
array_push($checkresults, array('name' => lang('addbrandlinks_name_error')));
}
if (empty($_POST['url'])) {
array_push($checkresults, array('url' => lang('addbrandlinks_url_error')));
}
if (!empty($checkresults)) {
cpmsg('add_error', '', 'error', '', true, true, $checkresults);
}
$setsqlarr = array('linkid' => $linkid, 'displayorder' => $displayorder, 'name' => trim($_POST['name']), 'url' => trim($_POST['url']), 'shopid' => $_SGLOBAL['panelinfo']['itemid']);
inserttable('brandlinks', $setsqlarr, '', 1);
if (empty($linkid)) {
itemnumreset('brandlinks', $setsqlarr['shopid']);
}
$_BCACHE->deltype('storelist', 'brandlinks', $_G['myshopid']);
cpmsg('addbrandlinks_success', $BASESCRIPT . '?action=brandlinks', 'succeed');
function brandinformation()
{
global $_G, $_SGLOBAL, $_SERVER;
if (empty($_G['setting']['siteuniqueid']) || bstrlen($_G['setting']['siteuniqueid']) < 8 || strpos($_G['setting']['siteuniqueid'], 'PK') !== 0) {
$_G['setting']['siteuniqueid'] = DB::result_first('SELECT value FROM ' . tname('settings') . " WHERE variable='siteuniqueid'");
if (empty($_G['setting']['siteuniqueid']) || bstrlen($_G['setting']['siteuniqueid']) < 8 || strpos($_G['setting']['siteuniqueid'], 'PK') !== 0) {
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz';
$_G['setting']['siteuniqueid'] = 'PK' . $chars[date('y') % 60] . $chars[date('n')] . $chars[date('j')] . $chars[date('G')] . $chars[date('i')] . $chars[date('s')] . substr(md5($_G['clientip'] . $_G['username'] . $_G['timestamp']), 0, 4) . random(4);
DB::query('REPLACE INTO ' . tname('settings') . " (variable, value) VALUES ('siteuniqueid', '{$_G['setting']}[siteuniqueid]')");
require_once B_ROOT . './source/function/cache.func.php';
updatesettingcache();
}
}
$update = array('id' => $_G['setting']['siteuniqueid'], 'version' => B_VER, 'release' => B_RELEASE, 'php' => PHP_VERSION, 'mysql' => DB::version(), 'charset' => $_G['charset'], 'siteurl' => $_G['setting']['siteurl'], 'sitename' => $_G['setting']['wwwname'] . '->' . $_G['setting']['sitename'], 'email' => $_G['member']['email']);
$updatetime = @filemtime(B_ROOT . './data/updatetime.lock');
if (empty($updatetime) || $_G['timestamp'] - $updatetime > 3600 * 4) {
@touch(B_ROOT . './data/updatetime.lock');
$update['members'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('members'));
$update['shops'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('shopitems'));
$update['discounts'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('shopitems') . " WHERE isdiscount='1'");
$update['goods'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('gooditems'));
$update['notices'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('noticeitems'));
$update['consumes'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('consumeitems'));
$update['albums'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('albumitems'));
$update['albumsbbs'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('albumitems') . " WHERE frombbs='1'");
$update['photos'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('photoitems'));
$update['comments'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('spacecomments'));
$update['commentscores'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('commentscores'));
$update['links'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('brandlinks'));
$update['reportlog'] = DB::result_first('SELECT COUNT(*) FROM ' . tname('reportlog'));
foreach (array('shop', 'good', 'notice', 'consume', 'album') as $value) {
$update[$value . 'cates'] = count($_SGLOBAL[$value . 'cates']);
}
}
$data = '';
foreach ($update as $key => $value) {
$data .= $key . '=' . rawurlencode($value) . '&';
}
return 'os=pk&update=' . rawurlencode(base64_encode($data)) . '&md5hash=' . substr(md5($_SERVER['HTTP_USER_AGENT'] . implode('', $update) . $_G['timestamp']), 8, 8) . '×tamp=' . $_G['timestamp'];
}
cpmsg('message_success', 'admin.php?action=block');
} else {
cpmsg('notselect_item', 'admin.php?action=block');
}
}
if (($_GET['op'] == 'edit' || $_GET['op'] == 'add') && !empty($_POST['valuesubmit'])) {
$blockname = '';
$blocksqlarr = array();
$_POST['blocktype'] = 'sql';
$_POST['blockname'] = trim($_POST['blockname']);
$postarr = array();
foreach ($_POST as $pkey => $pvalue) {
$postarr[$pkey] = shtmlspecialchars($pvalue);
}
$blocktext = addslashes(serialize($postarr));
if (empty($_POST['blockname']) || bstrlen($_POST['blockname']) > 10) {
array_push($checkresults, array('blockname' => lang('block_blockname_length_error')));
}
$_POST['blocksql'] = getblocksql($_POST['blocksql']);
$blockcodearr[] = 'sql/' . rawurlencode($_POST['blocksql']);
$_POST['blockstart'] = intval($_POST['blockstart']);
$_POST['blocklimit'] = intval($_POST['blocklimit']);
if ($_POST['blocklimit'] < 1) {
array_push($checkresults, array('blocklimit' => lang('block_thread_code_limit')));
} else {
$blockcodearr[] = 'limit/' . $_POST['blockstart'] . ',' . $_POST['blocklimit'];
}
if (!empty($_POST['tplname']) && !file_exists(B_ROOT . 'static/blockstyle/' . $_POST['tplname'] . '.html.php')) {
array_push($checkresults, array('tplnameerror' => lang('block_tplname_error')));
}
if (!empty($checkresults)) {
if (submitcheck('attendsubmit')) {
$checkunits = array(array('subject', '2', '30', $lang['attend_subject_error']), array('address', '5', '30', $lang['attend_address_error']));
if (!empty($cacheinfo['columns'])) {
foreach ($cacheinfo['columns'] as $column) {
if ($column['allowpost'] == 1 && $column['allowshow'] == 1 && $column['formtype'] != 'img' && $column['isrequired'] == 1 && preg_match('/(^ext_)|(^applicant)/', $column['fieldname'])) {
$errormessage = !empty($lang['attend_' . $column['fieldname'] . '_error']) ? $lang['attend_' . $column['fieldname'] . '_error'] : ($column['fieldminlength'] < $column['fieldlength'] ? $column['fieldtitle'] . $lang['is'] . $column['fieldminlength'] . '-' . $column['fieldlength'] . $lang['word'] : $column['fieldlength'] . $lang['word']);
array_push($checkunits, array($column['fieldname'], $column['fieldminlength'], $column['fieldlength'], $errormessage));
}
}
}
$checkresults = array();
foreach ($checkunits as $unit) {
$intoarray = 0;
if (empty($_POST[$unit[0]])) {
$intoarray = 1;
} elseif (bstrlen($_POST[$unit[0]]) < $unit[1] || bstrlen($_POST[$unit[0]]) > $unit[2]) {
$intoarray = 1;
} elseif (in_array($unit[0], array('applicantmobi', 'applicantpost')) && !is_numeric($_POST[$unit[0]])) {
$intoarray = 1;
}
if ($intoarray == 1) {
$checkresults[] = array($unit[0] => $unit[3]);
}
}
if ($_POST['catid'] < 1) {
array_push($checkresults, array('catid' => $lang['attend_cat_must_select']));
}
if ($_POST['region'] == -1) {
array_push($checkresults, array('region' => $lang['attend_region']));
}
if (empty($_G['uid'])) {
* [品牌空間] (C)2001-2010 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: report.php 4372 2010-09-08 08:13:42Z yumiao $
*/
require_once './common.php';
$result = '';
$id = intval($_REQUEST['id']);
$type = trim($_REQUEST['type']);
$reasonid = intval($_REQUEST['reasonid']);
if (empty($_G['uid'])) {
$result = 'notlogin';
}
if (submitcheck('reportsubmit')) {
$reason = shtmlspecialchars(trim($_POST['reason']));
if (bstrlen($reason) < 1 || bstrlen($reason) > 250) {
$result = 'message_length';
} elseif (empty($reasonid) || $reasonid < 0) {
$result = 'notselect_reasonid';
} else {
if (!$_G['myshopid']) {
if (!empty($id) && !empty($type)) {
if (DB::result_first("SELECT rid FROM " . tname('reportlog') . " WHERE type='{$type}' AND itemid='{$id}' AND uid='{$_G['uid']}'")) {
$result = 'only_allowto_report_once';
} else {
$shopid = $type == 'shop' ? $id : DB::result_first("SELECT shopid FROM " . tname($type . 'items') . " WHERE itemid='{$id}'");
if ($shopid) {
$setsqlarr = array('type' => $type, 'itemid' => $id, 'uid' => $_G['uid'], 'username' => $_G['username'], 'status' => 1, 'reasonid' => $reasonid, 'reason' => $reason, 'shopid' => $shopid, 'dateline' => $_G['timestamp']);
$rid = inserttable('reportlog', $setsqlarr, 1);
if ($rid) {
DB::query("UPDATE " . tname($type . 'items') . " SET displayorder=displayorder+1, reportnum=reportnum+1 WHERE itemid='{$id}'");
function change_row(&$im, $size, $angle, $x, $y, $str, $color, $font, $row_charnum)
{
$searcharray = array("<br/>", "<BR/>", "<br>", "<BR>", "<p>", "</p>", "\\r", "\\n", "\r", "\n");
$str = str_replace($searcharray, "!)@(", $str);
$ex_arr = array();
$ex_arr = explode("!)@(", $str);
foreach ($ex_arr as $key => $value) {
$arr = array();
$count = bstrlen($value, 'utf8');
$i = 0;
while ($i < $count - 1) {
if (function_exists('mb_substr')) {
$arr[] = mb_substr($value, $i, $row_charnum, "utf-8");
} else {
$strcut = cutstr($value, $row_charnum, 0, 'utf8');
$arr[] = $strcut;
$value = str_replace($strcut, '', $value);
}
$i += $row_charnum;
}
if (is_array($arr)) {
foreach ($arr as $key => $vl) {
imagettftext($im, $size, $angle, $x, $y, $color, $font, $vl);
$y += 18;
}
}
}
}
function attach_upload($varname = 'Filedata', $multi = 0)
{
global $_G, $_FILES, $_POST, $_SGLOBAL, $_SC;
$attachdir = A_DIR;
$attacharray = $path_parts = array();
$imageexists = 0;
//static $imgext = array('jpg', 'jpeg');
$attach = $_FILES[$varname];
if (empty($attach)) {
return 0;
}
$attach_saved = false;
$attach['uid'] = $_G['uid'];
$filename = saddslashes($attach['name']);
$attach['title'] = saddslashes(trim(strip_tags(rawurldecode($_POST['title']))));
$path_parts = pathinfo($filename);
$attach['ext'] = strtolower($path_parts['extension']);
//if(!($attach['ext'] == 'jpg' && ($attach['type']=='image/jpeg' || $attach['type']=='application/octet-stream'))) {
// return false;
//}
// 文件大小檢測
if (!$this->check_attach_size($attach['size'])) {
@unlink($attach['tmp_name']);
return -1;
}
$attach['isimage'] = 1;
$attach['thumb'] = 0;
$attach['name'] = htmlspecialchars($attach['name'], ENT_QUOTES);
$attach['name'] = biconv($attach['name'], 'UTF-8', $_G['charset']);
$attach['title'] = biconv($attach['title'], 'UTF-8', $_G['charset']);
if (bstrlen($attach['name']) > 45) {
$attach['name'] = 'abbr_' . md5($attach['name']) . '.' . $attach['ext'];
}
if (!is_dir($attachdir . '/photo')) {
@mkdir($attachdir . '/photo', 0777);
@fclose(fopen($attachdir . '/photo/index.htm', 'w'));
}
$attach_subdir = 'photo/month_' . date('ym');
$attach_dir = $attachdir . '/' . $attach_subdir;
if (!is_dir($attach_dir)) {
@mkdir($attach_dir, 0777);
@fclose(fopen($attach_dir . '/index.htm', 'w'));
}
$attach['attachment'] = $attach_subdir . '/';
$attach['attachment'] .= date('ymdHi') . substr(md5($filename . microtime() . random(6)), 8, 16) . '.' . $attach['ext'];
$target = $attachdir . '/' . $attach['attachment'];
if (@copy($attach['tmp_name'], $target) || function_exists('move_uploaded_file') && @move_uploaded_file($attach['tmp_name'], $target)) {
@unlink($attach['tmp_name']);
$attach_saved = true;
}
if (!$attach_saved && @is_readable($attach['tmp_name'])) {
@($fp = fopen($attach['tmp_name'], 'rb'));
@flock($fp, 2);
@($attachedfile = fread($fp, $attach['size']));
@fclose($fp);
@($fp = fopen($target, 'wb'));
@flock($fp, 2);
if (@fwrite($fp, $attachedfile)) {
@unlink($attach['tmp_name']);
$attach_saved = true;
}
@fclose($fp);
}
if ($attach_saved) {
@chmod($target, 0644);
$width = $height = $type = 0;
$attach['thumb'] = $attach['attachment'];
//$attach['thumb'] = loadClass('image')->makethumb($target, array(320, 240), substr($target, 0, -4).'.thumb.jpg');
} else {
return 8;
}
$attacharray = $attach;
return !empty($attacharray) ? $attacharray : false;
}