function auth($uId, $picData, $picExt = 'jpg', $isReward = false) { global $_SGLOBAL; $pic = base64_decode($picData); if (!$pic || strlen($pic) == strlen($picData)) { $errCode = '200'; $errMessage = 'Error argument'; return new APIErrorResponse($errCode, $errMessage); } $secret = md5($_SGLOBAL['timestamp'] . "\t" . $_SGLOBAL['supe_uid']); $picDir = S_ROOT . './data/avatar/' . substr($secret, 0, 1); if (!is_dir($picDir)) { if (!mkdir($picDir, 0777)) { $errCode = '300'; $errMessage = 'Cannot create directory'; return new APIErrorResponse($errCode, $errMessage); } } $picDir .= '/' . substr($secret, 1, 1); if (!is_dir($picDir)) { if (!@mkdir($picDir, 0777)) { $errCode = '300'; $errMessage = 'Cannot create directory'; return new APIErrorResponse($errCode, $errMessage); } } $picPath = $picDir . '/' . $secret . '.' . $picExt; $fp = @fopen($picPath, 'wb'); if ($fp) { if (fwrite($fp, $pic) !== FALSE) { fclose($fp); //The main table updatetable('space', array('videostatus' => 1), array('uid' => $uId)); //Attached table $fields = array('videopic' => $secret); updatetable('spacefield', $fields, array('uid' => $uId)); $result = $_SGLOBAL['db']->affected_rows(); if ($isReward) { // Bonus Points getreward('videophoto', 1, $uId, '', 0); } return new APIResponse($result); } } $errCode = '300'; $errMessage = 'Video Auth Error'; return new APIErrorResponse($errCode, $errMessage); }
function add($uId, $appId, $appName, $privacy, $allowSideNav, $allowFeed, $allowProfileLink, $defaultBoxType, $defaultMYML, $defaultProfileLink, $version, $displayMethod, $displayOrder = null) { global $_SGLOBAL; $sql = sprintf('SELECT appid FROM %s WHERE uid = %d AND appid = %d', tname('userapp'), $uId, $appId); $query = $_SGLOBAL['db']->query($sql); $row = $_SGLOBAL['db']->fetch_array($query); if ($row['appid']) { $errCode = '170'; $errMessage = 'Application has been already added'; return new APIErrorResponse($errCode, $errMessage); } switch ($privacy) { case 'public': $privacy = 0; break; case 'friends': $privacy = 1; break; case 'me': $privacy = 3; break; case 'none': $privacy = 5; break; default: $privacy = 0; } $narrow = $defaultBoxType == 'narrow' ? 1 : 0; $setarr = array('uid' => $uId, 'appid' => $appId, 'appname' => $appName, 'privacy' => $privacy, 'allowsidenav' => $allowSideNav, 'allowfeed' => $allowFeed, 'allowprofilelink' => $allowProfileLink, 'narrow' => $narrow); if ($displayOrder !== null) { $setarr['displayorder'] = $displayOrder; } inserttable('userapp', $setarr); $fields = array('uid' => $uId, 'appid' => $appId, 'profilelink' => $defaultProfileLink, 'myml' => $defaultMYML); $result = inserttable('userappfield', $fields, 1); $reward = getreward('installapp', 0, $uId, $appId, 0); // update user $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$uId}'"); $displayMethod = $displayMethod == 'iframe' ? 1 : 0; $this->refreshApplication($appId, $appName, $version, $displayMethod, $narrow, null, null); return new APIResponse($result); }
//更新状态 updatetable('session', array('lastactivity' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid'])); } $app = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('myapp') . " WHERE appid='{$appid}' LIMIT 1"); if ($app = $_SGLOBAL['db']->fetch_array($query)) { if ($app['flag'] < 0) { showmessage('no_privilege_myapp'); } } //漫游 $my_appId = $appid; $my_suffix = base64_decode(urldecode($_GET['my_suffix'])); $my_prefix = getsiteurl(); //奖励积分 getreward('useapp', 1, 0, $appid); if (!$my_suffix) { header('Location: userapp.php?id=' . $my_appId . '&my_suffix=' . urlencode(base64_encode('/'))); exit; } if (preg_match('/^\\//', $my_suffix)) { $url = 'http://apps.manyou.com/' . $my_appId . $my_suffix; } else { if ($my_suffix) { $url = 'http://apps.manyou.com/' . $my_appId . '/' . $my_suffix; } else { $url = 'http://apps.manyou.com/' . $my_appId; } } if (strpos($my_suffix, '?')) { $url = $url . '&my_uchId=' . $_SGLOBAL['supe_uid'] . '&my_sId=' . $_SCONFIG['my_siteid'];
inserttable('poke', $setarr, 0, true); //更新统计 if (!$oldpoke) { $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET pokenum=pokenum+1 WHERE uid='{$uid}'"); } //更新我的好友关系热度 addfriendnum($tospace['uid'], $tospace['username']); //发送邮件通知 smail($uid, '', cplang('poke_subject', array($_SN[$space['uid']], getsiteurl() . 'cp.php?ac=poke')), '', 'poke'); if ($op == 'reply') { //删除招呼 $_SGLOBAL['db']->query("DELETE FROM " . tname('poke') . " WHERE uid='{$_SGLOBAL['supe_uid']}' AND fromuid='{$uid}'"); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET pokenum=pokenum-1 WHERE uid='{$_SGLOBAL['supe_uid']}' AND pokenum>0"); } //奖励 getreward('poke', 1, 0, $uid); //统计 updatestat('poke'); showmessage('poke_success', $_POST['refer'], 1, array($_SN[$tospace['uid']])); } } elseif ($op == 'ignore') { $where = empty($uid) ? '' : "AND fromuid='{$uid}'"; $_SGLOBAL['db']->query("DELETE FROM " . tname('poke') . " WHERE uid='{$_SGLOBAL['supe_uid']}' {$where}"); //统计更新 $pokenum = getcount('poke', array('uid' => $space['uid'])); if ($pokenum != $space['pokenum']) { updatetable('space', array('pokenum' => $pokenum), array('uid' => $space['uid'])); } showmessage('has_been_hailed_overlooked'); } else { $perpage = 20;
case 'picid': $fs['title_template'] = cplang('feed_click_pic'); $fs['title_data'] = array('touser' => "<a href=\"space.php?uid={$item['uid']}\">{$_SN[$item['uid']]}</a>", 'click' => $click['name']); $fs['images'] = array(pic_get($item['filepath'], $item['thumb'], $item['remote'])); $fs['image_links'] = array("space.php?uid={$item['uid']}&do=album&picid={$item['picid']}"); $fs['body_general'] = $item['title']; $note_type = 'clickpic'; $q_note = cplang('note_click_pic', array("space.php?uid={$item['uid']}&do=album&picid={$item['picid']}")); break; } //Event Publishing if (empty($item['friend']) && ckprivacy('click', 1)) { feed_add('click', $fs['title_template'], $fs['title_data'], '', array(), $fs['body_general'], $fs['images'], $fs['image_links']); } //Reward visitors getreward('click', 1, 0, $idtype . $id); //Statistics updatestat('click'); //Notice notification_add($item['uid'], $note_type, $q_note); showmessage('click_success', $_SGLOBAL['refer']); } elseif ($_GET['op'] == 'show') { foreach ($clicks as $key => $value) { $value['clicknum'] = $item["click_{$key}"]; $value['classid'] = mt_rand(1, 4); if ($value['clicknum'] > $maxclicknum) { $maxclicknum = $value['clicknum']; } $clicks[$key] = $value; } $start = intval($_GET['start']);
/* [UCenter Home] (C) 2007-2008 Comsenz Inc. $Id: do_login.php 8543 2008-08-21 05:51:48Z liguode $ */ if (!defined('IN_UCHOME')) { exit('Access Denied'); } $uid = 0; $email = ''; $_GET['hash'] = empty($_GET['hash']) ? '' : trim($_GET['hash']); if ($_GET['hash']) { list($uid, $email) = explode("\t", authcode($_GET['hash'], 'DECODE')); $uid = intval($uid); } if ($uid && isemail($email)) { //检查邮箱唯一性 if ($_SCONFIG['uniqueemail']) { if (getcount('spacefield', array('email' => $email, 'emailcheck' => 1))) { showmessage('uniqueemail_recheck'); } } // Bonus Points getreward('realemail', 1, $uid); //修改资料 updatetable('spacefield', array('email' => addslashes($email), 'emailcheck' => '1', 'newemail' => ''), array('uid' => $uid)); //跳转页面 showmessage('email_check_sucess', '', 1, array($email)); } else { showmessage('email_check_error'); }
} else { if (!empty($_SGET['op']) && $_SGET['op'] == 'digest') { $cid = empty($_SGET['cid']) ? 0 : intval($_SGET['cid']); if (empty($cid)) { showmessage('not_found', S_URL); } $itemid = empty($_SGET['itemid']) ? 0 : intval($_SGET['itemid']); if (empty($itemid)) { showmessage('not_found', S_URL); } if ($cid && $itemid && $_SGLOBAL['supe_uid']) { $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('spacecomments') . ' WHERE cid=\'' . $cid . '\''); if ($comment = $_SGLOBAL['db']->fetch_array($query)) { if (intval($comment['digest']) == 0) { //积分经验,奖励精华评论者 getreward('comment_digest', 1, $comment['authorid']); $msg = addslashes($comment['message']) . "<br/><div class=\"old\">" . $lang['digest'] . "</div>"; $_SGLOBAL['db']->query("UPDATE " . tname('spacecomments') . " SET message='" . $msg . "' WHERE cid='" . $cid . "'"); } $_SGLOBAL['db']->query('UPDATE ' . tname('spacecomments') . ' SET digest=1 WHERE cid=\'' . $cid . '\''); } } } } $perpage = empty($_SCONFIG['commviewnum']) ? 50 : intval($_SCONFIG['commviewnum']); //显示条数 $page = empty($_SGET['page']) ? 0 : intval($_SGET['page']); $order = !empty($_SGET['order']) && in_array($_SGET['order'], array('1', '2', '3', '4')) ? intval($_SGET['order']) : 0; $page = $page < 1 ? 1 : $page; $start = ($page - 1) * $perpage; $itemid = empty($_SGET['itemid']) ? 0 : intval($_SGET['itemid']);
/** * 模型在线投稿提交处理函数 */ function modelpost($cacheinfo, $cp = 1) { global $_SGLOBAL, $theurl, $_SCONFIG; include_once S_ROOT . './function/upload.func.php'; $_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0; $itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0; $hash = ''; $op = 'add'; $resultitems = $resultmessage = array(); $modelsinfoarr = $cacheinfo['models']; $columnsinfoarr = $cacheinfo['columns']; //获取等级信息 if ($cacheinfo['models']['modelname'] == 'defect') { switch ($_POST['grade']) { case 1: $_POST['grade'] = '64'; break; case 2: $_POST['grade'] = '32'; break; case 3: $_POST['grade'] = '16'; break; case 4: $_POST['grade'] = '9'; break; case 5: $_POST['grade'] = '4'; break; case 6: $_POST['grade'] = '1'; break; case 7: $_POST['grade'] = '-1'; break; case 8: $_POST['grade'] = '-2'; break; case 9: $_POST['grade'] = '-3'; break; } $gradearr = array('0' => $alang['general_state'], '64' => $alang['check_grade_1'], '32' => $alang['check_grade_2'], '16' => $alang['check_grade_3_1'], '9' => $alang['check_grade_3_2'], '4' => $alang['check_grade_3_3'], '1' => $alang['check_grade_4'], '-1' => $alang['check_grade_5'], '-2' => $alang['check_grade_6'], '-3' => $alang['check_grade_7']); if (!empty($_SCONFIG['checkgrade'])) { $newgradearr = explode("\t", $_SCONFIG['checkgrade']); $gradearr['64'] = $newgradearr[0]; $gradearr['32'] = $newgradearr[1]; $gradearr['16'] = $newgradearr[2]; $gradearr['9'] = $newgradearr[3]; $gradearr['4'] = $newgradearr[4]; $gradearr['1'] = $newgradearr[5]; $gradearr['-1'] = $newgradearr[6]; $gradearr['-2'] = $newgradearr[7]; $gradearr['-3'] = $newgradearr[8]; } } else { $gradearr = array('0' => $alang['general_state'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5'], '6' => $alang['check_grade_6'], '7' => $alang['check_grade_7']); if (!empty($_SCONFIG['checkgrade'])) { $newgradearr = explode("\t", $_SCONFIG['checkgrade']); for ($i = 0; $i < count($newgradearr); $i++) { if (!empty($newgradearr[$i])) { $gradearr[$i + 1] = $newgradearr[$i]; } } } } if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) { showmessage('parameter_error'); } $feedcolum = array(); foreach ($columnsinfoarr as $result) { if ($result['isfixed'] == 1) { $resultitems[] = $result; } else { $resultmessage[] = $result; } if ($result['formtype'] == 'linkage') { if (!empty($_POST[$result['fieldname']])) { $_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]]; } } elseif ($result['formtype'] == 'timestamp') { if (empty($_POST[$result['fieldname']])) { $_POST[$result['fieldname']] = $_SGLOBAL['timestamp']; } else { $_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]); } } } //更新用户最新更新时间 if (empty($itemid) && $_SGLOBAL['supe_uid']) { updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid'])); } //输入检查 $_POST['catid'] = intval($_POST['catid']); $_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0; $_POST['subject'] = shtmlspecialchars(trim($_POST['subject'])); //检查输入 if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) { showmessage('space_suject_length_error'); } if (empty($_POST['catid'])) { showmessage('admin_func_catid_error'); } if (!empty($_FILES['subjectimage']['name'])) { $fileext = fileext($_FILES['subjectimage']['name']); if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) { showmessage('document_types_can_only_upload_pictures'); } } //数据检查 checkvalues(array_merge($resultitems, $resultmessage), 0, 1); //修改时检验标题图片是否修改 $defaultmessage = array(); if (!empty($itemid)) { if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) { //当file删除时,或修改时执行删除操作 $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\''); $defaultmessage = $_SGLOBAL['db']->fetch_array($query); $hash = getmodelhash($_GET['mid'], $itemid); deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage')); //删除附件表 updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid)); $ext = fileext($defaultmessage['subjectimage']); if (in_array($ext, array('jpg', 'jpeg', 'png'))) { @unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg'); } @unlink(A_DIR . '/' . $defaultmessage['subjectimage']); } } //构建数据 $setsqlarr = $setitemsqlarr = array(); $setsqlarr = getsetsqlarr($resultitems); $setsqlarr['catid'] = $_POST['catid']; $setsqlarr['subject'] = $_POST['subject']; $setsqlarr['allowreply'] = $_POST['allowreply']; $setsqlarr['grade'] = intval($_POST['grade']); //modify by jyf,没权限的用户不能改审核等级 if ($setsqlarr['grade'] > 0) { if (!checkperm('manageeditpost')) { showmessage('no_permission'); } } //end $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; $setsqlarr['uid'] = $_SGLOBAL['supe_uid']; $setsqlarr['username'] = $_SGLOBAL['supe_username']; $setsqlarr['lastpost'] = $setsqlarr['dateline']; $modelsinfoarr['subjectimagewidth'] = 400; $modelsinfoarr['subjectimageheight'] = 300; if (!empty($modelsinfoarr['thumbsize'])) { $modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize'])); $modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0]; $modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1]; } $uploadfilearr = $ids = array(); $subjectimageid = ''; $uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']); if (!empty($uploadfilearr)) { $feedsubjectimg = $uploadfilearr; foreach ($uploadfilearr as $tmpkey => $tmpvalue) { if (empty($tmpvalue['error'])) { $setsqlarr[$tmpkey] = $tmpvalue['filepath']; } if (!empty($tmpvalue['aid'])) { $ids[] = $tmpvalue['aid']; } } } //词语过滤 if (!empty($modelsinfoarr['allowfilter'])) { $setsqlarr = scensor($setsqlarr, 1); } //发布时间 if (empty($_POST['dateline'])) { $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; } else { $setsqlarr['dateline'] = sstrtotime($_POST['dateline']); if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) { //不能早于2年 $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; } } //附件处理-by jyf if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) { $setsqlarr['attaches'] = implode(',', $_POST['divupload']); } //创新园地新增两个字段-------89184 if ($cacheinfo['models']['modelname'] == 'creative') { if (empty($_POST['creative_value'])) { showmessage('请输入创新价值说明'); } if (empty($_POST['creative_days'])) { showmessage('本创新所耗的工作量'); } $setsqlarr['value'] = $_POST['creative_value']; $setsqlarr['days'] = $_POST['creative_days']; } if (!checkperm('allowdirectpost') || checkperm('managemodpost')) { //不需要审核时入item表 if (empty($itemid)) { //插入数据 $itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1); //取消邮件通知 --89184 $email = get_cate_mail($_POST['catid']); $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); if ($_POST['modelname'] == 'creative') { if ($_POST['creative_type'] == '流程建议') { $email = $email . ',' . get_cate_process_mail($setsqlarr['catid']); } } $emails = explode(',', $email); if (count($emails) > 0) { include S_ROOT . './function/sendmail.fun.php'; $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); if ($cacheinfo['models']['modelname'] == 'creative') { $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的创新:<br />' . $url1; sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的创新《' . $_POST['subject'] . "》", $msg1); } else { if ($cacheinfo['models']['modelname'] == 'defect') { $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例:<br />' . $url1; sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例《' . $_POST['subject'] . "》", $msg1); } } } } else { //更新 $op = 'update'; unset($setsqlarr['uid']); unset($setsqlarr['username']); unset($setsqlarr['lastpost']); if ($setsqlarr['grade'] > 0) { $setsqlarr['shenhezhe'] = $_SGLOBAL['supe_username']; if ($_POST['modelname'] == 'creative') { if ($_POST['creative_type'] == '主管月度创新') { if (!check_cate_director($setsqlarr['catid'])) { showmessage('no_permission'); } } } } updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid)); $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\''); $defaultmessage = $_SGLOBAL['db']->fetch_array($query); //邮件通知--等级审核 if ($setsqlarr['grade'] > 0) { $sqlstr = 'SELECT u.*, s.* FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' s LEFT JOIN ' . tname('members') . ' u ON u.uid=s.uid WHERE s.itemid=\'' . $itemid . '\''; $query = $_SGLOBAL['db']->query($sqlstr); $value = $_SGLOBAL['db']->fetch_array($query); $email = $value['email']; if (!empty($email)) { include S_ROOT . './function/sendmail.fun.php'; $url = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); $emails = explode(',', $email); if ($_POST['modelname'] == 'creative') { $msg = '你的创新已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url; } else { $msg = '你的缺陷预防案例已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url; } sendmail($emails, $setsqlarr['subject'], $msg); } } } if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) { $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=1, type=\'' . $modelsinfoarr['modelname'] . '\', itemid=' . $itemid . ', catid=\'' . $_POST['catid'] . '\' WHERE hash=\'' . $_POST['hash'] . '\''); } $hash = getmodelhash($_POST['mid'], $itemid); if (!empty($ids)) { $ids = simplode($ids); $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')'); } $do = 'pass'; } else { if (!empty($uploadfilearr['subjectimage']['aid'])) { $subjectimageid = $uploadfilearr['subjectimage']['aid']; } $setitemsqlarr = $setsqlarr; $do = 'me'; } if ($op == 'update') { if (!empty($resultmessage)) { foreach ($resultmessage as $value) { if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) { if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) { //当file删除时,或修改时执行删除操作 deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname'])); //删除附件表 updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid'])); $ext = fileext($defaultmessage[$value['fieldname']]); if (in_array($ext, array('jpg', 'jpeg', 'png'))) { @unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg'); } @unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]); } } } } } //内容 $setsqlarr = $uploadfilearr = $ids = array(); $setsqlarr = getsetsqlarr($resultmessage); $uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0); $setsqlarr['message'] = trim($_POST['message']); $setsqlarr['postip'] = $_SGLOBAL['onlineip']; if (!empty($uploadfilearr)) { foreach ($uploadfilearr as $tmpkey => $tmpvalue) { if (empty($tmpvalue['error'])) { $setsqlarr[$tmpkey] = $tmpvalue['filepath']; } if (!empty($tmpvalue['aid'])) { $ids[] = $tmpvalue['aid']; } } } //添加内容 if (!empty($modelsinfoarr['allowfilter'])) { $setsqlarr = scensor($setsqlarr, 1); } if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') { //不需要审核时入message表 if ($op == 'add') { $setsqlarr['itemid'] = $itemid; //添加内容 inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr); getreward('postinfo'); if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) { $feed['icon'] = 'comment'; $feed['title_template'] = 'feed_model_title'; $murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); $aurl = A_URL; if (empty($_SCONFIG['siteurl'])) { $siteurl = getsiteurl(); $murl = $siteurl . $murl; $aurl = $siteurl . $aurl; } else { $siteurl = S_URL_ALL; } $feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>'); $feed['body_template'] = 'feed_model_message'; $feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150)); if (!empty($feedsubjectimg)) { $feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl); } else { foreach ($feedcolum as $feedimgvalue) { if ($feedimgvalue['filepath']) { $feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl); break; } } if (empty($feed['images'])) { $picurl = getmessagepic(stripslashes($_POST['message'])); if ($picurl && strpos($picurl, '://') === false) { $picurl = $siteurl . '/' . $picurl; } if (!empty($picurl)) { $feed['images'][] = array('url' => $picurl, 'link' => $murl); } } } postfeed($feed); } } else { //更新内容 updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid)); } updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash)); if (checkperm('allowdirectpost') && $op == 'update') { deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1); } if (checkperm('allowdirectpost') && $op == 'update') { $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('writing_success_online_please_wait_for_audit', $jpurl); } else { $jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('online_contributions_success', $jpurl); } } else { $setsqlarr = array_merge($setitemsqlarr, $setsqlarr); $setsqlarr['addfeed'] = $_POST['addfeed']; $setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1); if (!empty($_POST['itemid'])) { $itemid = intval($_POST['itemid']); updatetable('modelfolders', $setsqlarr, array('itemid' => $itemid)); } else { $itemid = inserttable('modelfolders', $setsqlarr, 1); } if (!empty($subjectimageid)) { $ids[] = $subjectimageid; } if (!empty($ids)) { $ids = simplode($ids); $hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT); $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')'); } $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('writing_success_online_please_wait_for_audit', $jpurl); } }
function cksearch($theurl) { global $_SGLOBAL, $_SCONFIG, $space; $theurl = stripslashes($theurl) . "&page=" . $_GET['page']; if ($searchinterval = checkperm('searchinterval')) { $waittime = $searchinterval - ($_SGLOBAL['timestamp'] - $space['lastsearch']); if ($waittime > 0) { showmessage('search_short_interval', '', 1, array($waittime, $theurl)); } } if (!checkperm('searchignore')) { $reward = getreward('search', 0); if ($reward['credit'] || $reward['experience']) { if (empty($_GET['confirm'])) { $theurl .= '&confirm=yes'; showmessage('points_deducted_yes_or_no', '', 1, array($reward['credit'], $reward['experience'], $theurl)); } else { if ($space['credit'] < $reward['credit'] || $space['experience'] < $reward['experience']) { showmessage('points_search_error'); } else { //扣分 $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET lastsearch='{$_SGLOBAL['timestamp']}', credit=credit-{$reward['credit']}, experience=experience-{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'"); } } } } }
} $pollnum = 0; foreach ($votekeys as $votekey) { if (isset($options[$votekey]['num'])) { $options[$votekey]['num']++; $pollnum++; } else { showmessage('no_votekey'); } } $options = addslashes(serialize($options)); $voters[] = $ip; $voters = addslashes(serialize($voters)); $_SGLOBAL['db']->query('UPDATE ' . tname('polls') . ' SET pollnum=pollnum+' . $pollnum . ', updatetime=' . $_SGLOBAL['timestamp'] . ', options=\'' . $options . '\', voters=\'' . $voters . '\' WHERE pollid=\'' . $pollid . '\''); //积分 和 经验 getreward('postvote'); showmessage('do_success', geturl('action/poll/pollid/' . $pollid)); } $poll['options'] = unserialize($poll['options']); if (empty($poll['voters'])) { $poll['voters'] = array(); } else { $poll['voters'] = unserialize($poll['voters']); } //投票人数 $poll['votersnum'] = count($poll['voters']); $poll['dateline'] = sgmdate($poll['dateline'], 'Y-m-d H:i:s'); $poll['updatetime'] = sgmdate($poll['updatetime'], 'Y-m-d H:i:s'); foreach ($poll['options'] as $key => $options) { $options['percent'] = @sprintf("%01.2f", $options['num'] * 100 / $poll['pollnum']); $poll['options'][$key] = $options;
$psetarr = array('tagid' => $tagid, 'tid' => $tid, 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'ip' => getonlineip(), 'dateline' => $_SGLOBAL['timestamp'], 'message' => $msg, 'isthread' => 1); //添加 inserttable('post', $psetarr); //更新群组统计 $_SGLOBAL['db']->query("UPDATE " . tname("mtag") . " SET threadnum=threadnum+1 WHERE tagid='{$tagid}'"); //统计 updatestat('thread'); //更新用户统计 if (empty($space['threadnum'])) { $space['threadnum'] = getcount('thread', array('uid' => $space['uid'])); $threadnumsql = "threadnum=" . $space['threadnum']; } else { $threadnumsql = 'threadnum=threadnum+1'; } //积分 $reward = getreward('publishthread', 0); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$threadnumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'"); $returnarr = array("tagid" => $tagid, "tid" => $tid); echo json_encode($returnarr); return; } if ($_GET['sync'] == 'false') { if ($_POST['remember'] == "true") { $_SGLOBAL['db']->query("UPDATE " . tname("space") . " SET overseas_tip='never' WHERE uid='" . $_SGLOBAL['supe_uid'] . "'"); $_SGLOBAL['db']->query("UPDATE " . tname("spaceforeign") . " SET sync='no' WHERE uid='" . $_SGLOBAL['supe_uid'] . "'"); } return; } include template('cp_doing'); //ɸѡ function ckicon_uid($feed)
<?php /* [UCenter Home] (C) 2007-2008 Comsenz Inc. $Id: cp_invite.php 12971 2009-07-31 07:04:02Z liguode $ */ if (!defined('IN_UCHOME')) { exit('Access Denied'); } $siteurl = getsiteurl(); $maxcount = 50; //最多好友邀请 $reward = getreward('invitecode', 0); $appid = empty($_GET['app']) ? 0 : intval($_GET['app']); $inviteapp = $invite_code = ''; if (empty($reward['credit']) || $appid) { $reward['credit'] = 0; $invite_code = space_key($space, $appid); } $siteurl = getsiteurl(); $spaceurl = $siteurl . 'space.php?uid=' . $_SGLOBAL['supe_uid']; $mailvar = array("<a href=\"{$spaceurl}\">" . avatar($space['uid'], 'middle') . "</a><br>" . $_SN[$space['uid']], $_SN[$space['uid']], $_SCONFIG['sitename'], '', '', $spaceurl, ''); //取出相应的应用 $appinfo = array(); if ($appid) { $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('myapp') . " WHERE appid='{$appid}'"); $appinfo = $_SGLOBAL['db']->fetch_array($query); if ($appinfo) { $inviteapp = "&app={$appid}"; $mailvar[6] = $appinfo['appname']; } else {
//不能小于4个字符 showmessage('realname_too_short'); } if ($setarr['name'] != $space['name'] || $setarr['namestatus']) { //第一次填写实名 if ($_SCONFIG['realname'] && empty($space['name']) && $setarr['name'] != $space['name'] && $setarr['namestatus']) { $reward = getreward('realname', 0); if ($reward['credit']) { $setarr['credit'] = $space['credit'] + $reward['credit']; } if ($reward['experience']) { $setarr['experience'] = $space['experience'] + $reward['experience']; } } elseif ($_SCONFIG['realname'] && $space['namestatus'] && !checkperm('managename')) { //扣减积分 $reward = getreward('editrealname', 0); //积分 if ($space['name'] && $setarr['name'] != $space['name'] && ($reward['credit'] || $reward['experience'])) { //验证经验值 if ($space['experience'] >= $reward['experience']) { $setarr['experience'] = $space['experience'] - $reward['experience']; } else { showmessage('experience_inadequate', '', 1, array($space['experience'], $reward['experience'])); } if ($space['credit'] >= $reward['credit']) { $setarr['credit'] = $space['credit'] - $reward['credit']; } else { showmessage('integral_inadequate', '', 1, array($space['credit'], $reward['credit'])); } } }
$Id: batch.download.php 13342 2009-09-16 05:43:20Z zhaofei $ */ include_once './common.php'; $aid = empty($_GET['aid']) ? 0 : intval($_GET['aid']); if (empty($aid)) { exit('Access Denied'); } $query = $_SGLOBAL['db']->query('SELECT a.*, i.* FROM ' . tname('attachments') . ' a LEFT JOIN ' . tname('spaceitems') . ' i ON i.itemid=a.itemid WHERE a.aid=\'' . $aid . '\''); if ($item = $_SGLOBAL['db']->fetch_array($query)) { //权限 $channel = $item['type']; if (!checkperm('allowgetattach')) { showmessage('no_permission'); } //积分、经验 if (!getreward('download')) { showmessage('credit_not_enough'); } } else { showmessage('not_found'); } $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET downloads=downloads+1 WHERE aid=\'' . $aid . '\''); $filename = A_DIR . '/' . $item['filepath']; if (is_readable($filename)) { if (!empty($item['isimage'])) { echo '<img src="' . A_URL . '/' . $item['filepath'] . '" />'; } else { header('Cache-control: max-age=31536000'); header('Expires: ' . gmdate('D, d M Y H:i:s', $_SGLOBAL['timestamp'] + 31536000) . ' GMT'); header('Content-Encoding: none'); $item['filename'] = strtolower($_SCONFIG['charset']) == 'utf-8' && strexists($_SERVER['HTTP_USER_AGENT'], 'MSIE') ? urlencode($item['filename']) : $item['filename'];
$message = addslashes("<div class=\"quote\"><span class=\"q\"><b>" . $_SN[$post['uid']] . "</b>: " . getstr($post['message'], 150, 0, 0, 0, 2, 1) . '</span></div>') . $message; } $anonymous = empty($_POST['anonymous']) ? 0 : intval($_POST['anonymous']); $setarr = array('tagid' => intval($thread['tagid']), 'anonymous' => $anonymous, 'tid' => $tid, 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'ip' => getonlineip(), 'dateline' => $_SGLOBAL['timestamp'], 'message' => $message); $pid = inserttable('post', $setarr, 1); //邮件通知 smail($thread['uid'], '', cplang('mtag_reply', array($_SN[$space['uid']], shtmlspecialchars(getsiteurl() . "space.php?uid={$thread['uid']}&do=thread&id={$thread['tid']}"))), '', 'mtag_reply'); //更新统计数据 $last_author_name = $anonymous ? 'null' : $_SGLOBAL[supe_username]; $_SGLOBAL['db']->query("UPDATE " . tname('thread') . "\r\n\t\tSET replynum=replynum+1, lastpost='{$_SGLOBAL['timestamp']}', lastauthor='{$last_author_name}', lastauthorid='{$_SGLOBAL['supe_uid']}'\r\n\t\tWHERE tid='{$tid}'"); //更新群组统计 $_SGLOBAL['db']->query("UPDATE " . tname("mtag") . " SET postnum=postnum+1 WHERE tagid='{$thread['tagid']}'"); //普通回复 if (empty($post) && $thread['uid'] != $_SGLOBAL['supe_uid']) { //积分 getreward('replythread', 1, 0, $thread['tid']); realname_set($thread['uid'], $thread['username']); realname_get(); if (empty($mtag['viewperm'])) { $fs = array(); $fs['icon'] = 'post'; $fs['body_template'] = ''; $fs['body_data'] = array(); $fs['body_general'] = ''; $fs['title_template'] = cplang('feed_thread_reply'); $fs['title_data'] = array('touser' => "<a href=\"space.php?uid={$thread['uid']}\">" . $_SN[$thread['uid']] . "</a>", 'thread' => "<a href=\"space.php?uid={$thread['uid']}&do=thread&id={$thread['tid']}\">{$thread['subject']}</a>"); if (ckprivacy('post', 1)) { feed_add($fs['icon'], $fs['title_template'], $fs['title_data'], $fs['body_template'], $fs['body_data'], $fs['body_general']); } } //通知
function verifyevents($eventids, $grade) { global $_SGLOBAL; $allowmanage = checkperm('manageevent'); $managebatch = checkperm('managebatch'); $opnum = 0; $eventarr = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("event") . " WHERE eventid IN (" . simplode($eventids) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($allowmanage && !$managebatch) { $opnum++; } } if (!$allowmanage || !$managebatch && $opnum > 1) { return array(); } $grade = intval($grade); if (!in_array($grade, array(-2, -1, 1, 2))) { cpmessage('bad_event_grade'); // 错误的活动状态 } $newids = $events = $actions = array(); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('event') . " WHERE eventid IN (" . simplode($eventids) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($grade == $value['grade']) { continue; } $newids[] = $value['eventid']; $events[$value['eventid']] = $value; if ($grade == -1) { $actions[$value['eventid']] = "unverify"; //未通过审核 } elseif ($grade == 1) { if ($value['grade'] == -2) { $actions[$value['eventid']] = "open"; // 开启 } elseif ($value['grade'] < 1) { $actions[$value['eventid']] = "verify"; // 通过审核 } elseif ($value['grade'] == 2) { $actions[$value['eventid']] = "unrecommend"; // 取消推荐 } } elseif ($grade == 2) { //推荐奖励积分 getreward('recommendevent', 1, $value['uid'], '', 0); $actions[$value['eventid']] = "recommend"; //推荐 } elseif ($grade == -2) { $actions[$value['eventid']] = "close"; //关闭 } } if (empty($newids)) { return array(); } @(include_once S_ROOT . './data/data_eventclass.php'); $noteids = $note_inserts = array(); $feed_inserts = array(); foreach ($newids as $id) { $event = $events[$id]; if ($grade >= 1 && $events[$id]['grade'] < 1 && $events[$id]['grade'] >= -1) { // feed:发布活动 $poster = ""; if (empty($event['poster'])) { $poster = $_SGLOBAL['eventclass'][$event['classid']]['poster']; } else { $poster = pic_get($event['poster'], $event['thumb'], $event['remote']); } $feedarr = array('appid' => UC_APPID, 'icon' => 'event', 'uid' => $event['uid'], 'username' => $event['username'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('event_add'), 'title_data' => array('eventid' => $id, 'title' => $event['title']), 'body_template' => cplang('event_feed_info'), 'body_data' => array("eventid" => $id, "title" => $event['title'], "username" => $event['username'], 'starttime' => sgmdate('m-d H:i', $event['starttime']), 'endtime' => sgmdate('m-d H:i', $event['endtime']), 'province' => $event['province'], 'city' => $event['city'], 'location' => $event['location']), 'body_general' => '', 'image_1' => $poster, 'image_1_link' => 'space.php?do=event&id=' . $id, 'image_2' => '', 'image_2_link' => '', 'image_3' => '', 'image_3_link' => '', 'image_4' => '', 'image_4_link' => '', 'target_ids' => '', 'friend' => ''); $feedarr = sstripslashes($feedarr); //去掉转义 $feedarr['title_data'] = serialize(sstripslashes($feedarr['title_data'])); //数组转化 $feedarr['body_data'] = serialize(sstripslashes($feedarr['body_data'])); //数组转化 $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); //喜好hash $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); //合并hash $feedarr = saddslashes($feedarr); //增加转义 $feed_inserts[] = "('{$feedarr['appid']}', 'event', '{$feedarr['uid']}', '{$feedarr['username']}', '{$feedarr['dateline']}', '0', '{$feedarr['hash_template']}', '{$feedarr['hash_data']}', '{$feedarr['title_template']}', '{$feedarr['title_data']}', '{$feedarr['body_template']}', '{$feedarr['body_data']}', '{$feedarr['body_general']}', '{$feedarr['image_1']}', '{$feedarr['image_1_link']}', '{$feedarr['image_2']}', '{$feedarr['image_2_link']}', '{$feedarr['image_3']}', '{$feedarr['image_3_link']}', '{$feedarr['image_4']}', '{$feedarr['image_4_link']}', '', '{$id}', 'eventid')"; } if ($event['uid'] != $_SGLOBAL['supe_uid']) { // 自己的不发送通知 $noteids[] = $event[uid]; $note_msg = cplang('event_set_' . $actions[$id], array("space.php?do=event&id=" . $event['eventid'], $event['title'])); $note_inserts[] = "('{$event['uid']}', 'system', '1', '0', '', '" . addslashes($note_msg) . "', '{$_SGLOBAL['timestamp']}')"; } } unset($events); //修改状态 if ($grade == 2) { // 需要同时修改推荐时间 $_SGLOBAL['db']->query("UPDATE " . tname("event") . " SET grade='{$grade}', recommendtime='{$_SGLOBAL['timestamp']}' WHERE eventid IN (" . simplode($newids) . ")"); } else { $_SGLOBAL['db']->query("UPDATE " . tname("event") . " SET grade='{$grade}' WHERE eventid IN (" . simplode($newids) . ")"); } //通知 if ($note_inserts) { $_SGLOBAL['db']->query("INSERT INTO " . tname('notification') . " (`uid`, `type`, `new`, `authorid`, `author`, `note`, `dateline`) VALUES " . implode(',', $note_inserts)); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET notenum=notenum+1 WHERE uid IN (" . simplode($noteids) . ")"); } //Feed if ($feed_inserts) { $_SGLOBAL['db']->query("INSERT INTO " . tname('feed') . " (`appid` ,`icon` ,`uid` ,`username` ,`dateline` ,`friend` ,`hash_template` ,`hash_data` ,`title_template` ,`title_data` ,`body_template` ,`body_data` ,`body_general` ,`image_1` ,`image_1_link` ,`image_2` ,`image_2_link` ,`image_3` ,`image_3_link` ,`image_4` ,`image_4_link` ,`target_ids` ,`id` ,`idtype`) VALUES " . implode(',', $feed_inserts)); } return $newids; }
$newdoid = inserttable('doing', $arr, 1); //事件feed $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $userid, 'username' => $username, 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $Message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid'); $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); //喜好hash $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); //合并hash inserttable('feed', $feedarr, 1); updatestat('doing'); //更新空间note $setarr = array('note' => $Message); if (!empty($_POST['spacenote'])) { $reward = getreward('updatemood', 0); $setarr['spacenote'] = $Message; } else { $reward = getreward('doing', 0); } updatetable('spacefield', $setarr, array('uid' => $userid)); $setarr = array('updatetime' => "updatetime='{$_SGLOBAL['timestamp']}'", 'lastpost' => "lastpost='{$_SGLOBAL['timestamp']}'"); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET " . implode(',', $setarr) . " WHERE uid='{$userid}'"); //返回flag if ($newdoid) { $arrs = array('flag' => 'success'); } else { $arrs = array('flag' => 'fail'); } } } $result = json_encode($arrs); $result = preg_replace("#\\\\u([0-9a-f]+)#ie", "iconv('UCS-2BE', 'UTF-8', pack('H4', '\\1'))", $result); echo $result;
//Statistics updatestat('share'); // share notice if ($note_uid && $note_uid != $_SGLOBAL['supe_uid']) { notification_add($note_uid, 'sharenotice', $note_message); } // update user Statistics if (empty($space['sharenum'])) { $space['sharenum'] = getcount('share', array('uid' => $space['uid'])); $sharenumsql = "sharenum=" . $space['sharenum']; } else { $sharenumsql = 'sharenum=sharenum+1'; } // points $needle = $id ? $type . $id : ''; $reward = getreward('createshare', 0, 0, $needle); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$sharenumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'"); //̬ if (ckprivacy('share', 1)) { include_once S_ROOT . './source/function_feed.php'; feed_publish($sid, 'sid', 1); } if ($_POST['topicid']) { topic_join($_POST['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']); $url = 'space.php?do=topic&topicid=' . $_POST['topicid'] . '&view=share'; } else { $url = $_POST['refer']; } showmessage('do_success', $url, 0); } //ʾ
function deleteevents($eventids) { global $_SGLOBAL; $allowmanage = checkperm('manageevent'); $managebatch = checkperm('managebatch'); $delnum = 0; $eventarr = $neweventids = $note_ids = $note_inserts = array(); //获取积分 $reward = getreward('delevent', 0); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname("event") . " WHERE eventid IN (" . simplode($eventids) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($allowmanage || $value['uid'] == $_SGLOBAL['supe_uid']) { $eventarr[] = $value; if (!$managebatch && $value['uid'] != $_SGLOBAL['supe_uid']) { $delnum++; } } } if (empty($eventarr) || !$managebatch && $delnum > 1) { return array(); } foreach ($eventarr as $key => $value) { $neweventids[] = $value['eventid']; // [to do: 给活动参加者发通知。操作量太大,所以优先级:低] if ($value['uid'] != $_SGLOBAL['supe_uid']) { if ($allowmanage) { //扣除积分 $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET credit=credit-{$reward['credit']}, experience=experience-{$reward['experience']} WHERE uid='{$value['uid']}'"); } $note_ids[] = $value['uid']; $note_msg = cplang('event_set_delete', array($value['title'])); $note_inserts[] = "('{$value['uid']}', 'event', '1', '{$_SGLOBAL['supe_uid']}', '{$_SGLOBAL['supe_username']}', '" . addslashes($note_msg) . "', '{$_SGLOBAL['timestamp']}')"; } } //数据删除 $_SGLOBAL['db']->query("DELETE FROM " . tname('event') . " WHERE eventid IN (" . simplode($neweventids) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('eventpic') . " WHERE eventid IN (" . simplode($neweventids) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('eventinvite') . " WHERE eventid IN (" . simplode($neweventids) . ")"); //活动用户 $_SGLOBAL['db']->query("DELETE FROM " . tname('userevent') . " WHERE eventid IN (" . simplode($neweventids) . ")"); //评论 $_SGLOBAL['db']->query("DELETE FROM " . tname('comment') . " WHERE id IN (" . simplode($neweventids) . ") AND idtype='eventid'"); $_SGLOBAL['db']->query("DELETE FROM " . tname('feed') . " WHERE id IN (" . simplode($neweventids) . ") AND idtype='eventid'"); //删除举报 $_SGLOBAL['db']->query("DELETE FROM " . tname('report') . " WHERE id IN (" . simplode($neweventids) . ") AND idtype='eventid'"); //发送通知 if ($note_inserts) { $_SGLOBAL['db']->query("INSERT INTO " . tname('notification') . " (`uid`, `type`, `new`, `authorid`, `author`, `note`, `dateline`) VALUES " . implode(',', $note_inserts)); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET notenum=notenum+1 WHERE uid IN (" . simplode($note_ids) . ")"); } return $eventarr; }
$value['privacy'] = empty($value['privacy']) ? array() : unserialize($value['privacy']); $filter = empty($value['privacy']['filter_note']) ? array() : array_keys($value['privacy']['filter_note']); if (cknote_uid(array("type" => "eventmember", "authorid" => $_SGLOBAL['supe_uid']), $filter)) { $note_ids[] = $value['uid']; $note_inserts[] = "('{$value['uid']}', 'eventmember', '1', '{$_SGLOBAL['supe_uid']}', '{$_SGLOBAL['supe_username']}', '" . addslashes($note_msg) . "', '{$_SGLOBAL['timestamp']}')"; } } if ($note_inserts) { $_SGLOBAL['db']->query("INSERT INTO " . tname('notification') . " (`uid`, `type`, `new`, `authorid`, `author`, `note`, `dateline`) VALUES " . implode(',', $note_inserts)); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET notenum=notenum+1 WHERE uid IN (" . simplode($note_ids) . ")"); } //E-mail notice smail($event['uid'], '', $note_msg, 'event'); } // Bonus Points getreward('joinevent', 1, 0, $eventid); //Statistics updatestat('eventjoin'); //Process Event Invites if ($eventinvite) { $_SGLOBAL['db']->query("DELETE FROM " . tname("eventinvite") . " WHERE eventid='{$eventid}' AND touid='{$_SGLOBAL['supe_uid']}'"); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET eventinvitenum=eventinvitenum-1 WHERE uid = '{$_SGLOBAL['supe_uid']}' AND eventinvitenum>0"); } showmessage("do_success", "space.php?do=event&id={$eventid}", 0); // Join the event successfully } } elseif ($op == "quit") { // Quit Event if (!$eventid) { showmessage("event_does_not_exist"); // Event does not exist or has been deleted
function blog_post($POST, $olds=array()) { global $_SGLOBAL, $_SC, $space; //操作者角色切换 $isself = 1; if(!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) { $isself = 0; $__SGLOBAL = $_SGLOBAL; $_SGLOBAL['supe_uid'] = $olds['uid']; $_SGLOBAL['supe_username'] = addslashes($olds['username']); } //标题 $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); if(strlen($POST['subject'])<1) $POST['subject'] = sgmdate('Y-m-d'); $POST['friend'] = intval($POST['friend']); //隐私 $POST['target_ids'] = ''; if($POST['friend'] == 2) { //特定好友 $uids = array(); $names = empty($_POST['target_names'])?array():explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names'])); if($names) { $query = $_SGLOBAL['db']->query("SELECT uid FROM ".tname('space')." WHERE username IN (".simplode($names).")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $uids[] = $value['uid']; } } if(empty($uids)) { $POST['friend'] = 3;//仅自己可见 } else { $POST['target_ids'] = implode(',', $uids); } } elseif($POST['friend'] == 4) { //加密 $POST['password'] = trim($POST['password']); if($POST['password'] == '') $POST['friend'] = 0;//公开 } if($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = shtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //语词屏蔽 //内容 if($_SGLOBAL['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1); $POST['message'] = preg_replace(array( "/\<div\>\<\/div\>/i", "/\<a\s+href\=\"([^\>]+?)\"\>/i" ), array( '', '<a href="\\1" target="_blank">' ), $POST['message']); } $message = $POST['message']; //个人分类 if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { //分类名 $classname = shtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1, 1); if(empty($classname)) { $classid = 0; } else { $classid = getcount('class', array('classname'=>$classname, 'uid'=>$_SGLOBAL['supe_uid']), 'classid'); if(empty($classid)) { $setarr = array( 'classname' => $classname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp'] ); $classid = inserttable('class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if($classid && empty($classname)) { //是否是自己的 $classname = getcount('class', array('classid'=>$classid, 'uid'=>$_SGLOBAL['supe_uid']), 'classname'); if(empty($classname)) $classid = 0; } //主表 $blogarr = array( 'subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply'])?0:1 ); //标题图片 $titlepic = ''; //获取上传的图片 $uploads = array(); if(!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('pic')." WHERE picid IN (".simplode($picids).") AND uid='$_SGLOBAL[supe_uid]'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if(empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'].'.thumb.jpg'; $blogarr['picflag'] = $value['remote']?2:1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if(empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote']?2:1; } } //插入文章 if($uploads) { preg_match_all("/\<img\s.*?\_uchome\_localimg\_([0-9]+).+?src\=\"(.+?)\"/i", $message, $mathes); if(!empty($mathes[1])) { $searchs = $idsearchs = array(); $replaces = array(); foreach ($mathes[1] as $key => $value) { if(!empty($mathes[2][$key]) && !empty($uploads[$value])) { $searchs[] = $mathes[2][$key]; $idsearchs[] = "_uchome_localimg_$value"; $replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0); unset($uploads[$value]); } } if($searchs) { $message = str_replace($searchs, $replaces, $message); $message = str_replace($idsearchs, 'uchomelocalimg[]', $message); } } //未插入文章 foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>"; } } //没有填写任何东西 $ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\ \;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message); if(empty($ckmessage)) { return false; } //添加slashes $message = addslashes($message); //从内容中读取图片 if(empty($titlepic)) { $titlepic = getmessagepic($message); $blogarr['picflag'] = 0; } $blogarr['pic'] = $titlepic; //热度 if(checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } if($olds['blogid']) { //更新 $blogid = $olds['blogid']; updatetable('blog', $blogarr, array('blogid'=>$blogid)); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { //参与热闹 $blogarr['topicid'] = topic_check($POST['topicid'], 'blog'); $blogarr['uid'] = $_SGLOBAL['supe_uid']; $blogarr['username'] = $_SGLOBAL['supe_username']; $blogarr['dateline'] = empty($POST['dateline'])?$_SGLOBAL['timestamp']:$POST['dateline']; $blogid = inserttable('blog', $blogarr, 1); } $blogarr['blogid'] = $blogid; //附表 $fieldarr = array( 'message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids'] ); //TAG $oldtagstr = addslashes(empty($olds['tag'])?'':implode(' ', unserialize($olds['tag']))); $tagarr = array(); if($POST['tag'] != $oldtagstr) { if(!empty($olds['tag'])) { //先把以前的给清理掉 $oldtags = array(); $query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM ".tname('tagblog')." WHERE blogid='$blogid'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $oldtags[] = $value['tagid']; } if($oldtags) { $_SGLOBAL['db']->query("UPDATE ".tname('tag')." SET blognum=blognum-1 WHERE tagid IN (".simplode($oldtags).")"); $_SGLOBAL['db']->query("DELETE FROM ".tname('tagblog')." WHERE blogid='$blogid'"); } } $tagarr = tag_batch($blogid, $POST['tag']); //更新附表中的tag $fieldarr['tag'] = empty($tagarr)?'':addslashes(serialize($tagarr)); } if($olds) { //更新 updatetable('blogfield', $fieldarr, array('blogid'=>$blogid)); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; inserttable('blogfield', $fieldarr); } //空间更新 if($isself) { if($olds) { //空间更新 $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET updatetime='$_SGLOBAL[timestamp]' WHERE uid='$_SGLOBAL[supe_uid]'"); } else { if(empty($space['blognum'])) { $space['blognum'] = getcount('blog', array('uid'=>$space['uid'])); $blognumsql = "blognum=".$space['blognum']; } else { $blognumsql = 'blognum=blognum+1'; } //积分 $reward = getreward('publishblog', 0); $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET {$blognumsql}, lastpost='$_SGLOBAL[timestamp]', updatetime='$_SGLOBAL[timestamp]', credit=credit+$reward[credit], experience=experience+$reward[experience] WHERE uid='$_SGLOBAL[supe_uid]'"); //统计 updatestat('blog'); } } //产生feed if($POST['makefeed']) { include_once(S_ROOT.'./source/function_feed.php'); feed_publish($blogid, 'blogid', $olds?0:1); } //热闹 if(empty($olds) && $blogarr['topicid']) { topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']); } //角色切换 if(!empty($__SGLOBAL)) $_SGLOBAL = $__SGLOBAL; return $blogarr; }
if (empty($visitor['dateline'])) { $setarr = array('uid' => $space['uid'], 'vuid' => $_SGLOBAL['supe_uid'], 'vusername' => $is_anonymous ? '' : $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp']); inserttable('visitor', $setarr, 0, true); show_credit(); //ᄒᄎ틔ᅤᅤᅢ } else { if ($_SGLOBAL['timestamp'] - $visitor['dateline'] >= 300) { updatetable('visitor', array('dateline' => $_SGLOBAL['timestamp'], 'vusername' => $is_anonymous ? '' : $_SGLOBAL['supe_username']), array('uid' => $space['uid'], 'vuid' => $_SGLOBAL['supe_uid'])); } if ($_SGLOBAL['timestamp'] - $visitor['dateline'] >= 3600) { show_credit(); //1겨ᄆᄎᄒᄎ틔ᅤᅤᅢ } } //ᄑᄆ애ᅪ getreward('visit', 1, 0, $space['uid']); } //ᄎ↓ᄚᄉᄒ $space['magiccredit'] = 0; if ($_SGLOBAL['magic']['gift'] && $_SGLOBAL['supe_uid']) { $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('magicuselog') . " WHERE uid='{$space['uid']}' AND mid='gift' LIMIT 1"); if ($value = $_SGLOBAL['db']->fetch_array($query)) { $data = empty($value['data']) ? array() : unserialize($value['data']); if ($data['left'] <= 0) { $_SGLOBAL['db']->query('DELETE FROM ' . tname('magicuselog') . " WHERE uid = '{$space['uid']}' AND mid = 'gift'"); } if (!$data['receiver'] || !in_array($_SGLOBAL['supe_uid'], $data['receiver'])) { $space['magiccredit'] = $data['left'] >= $data['chunk'] ? $data['chunk'] : $data['left']; } } }
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname('spaceitems') . ' i, ' . tname('spacenews') . ' t WHERE ' . $wheresql . ' LIMIT ' . $start . ',' . $perpage); while ($item = $_SGLOBAL['db']->fetch_array($query)) { $item['url'] = geturl('action/viewnews/itemid/' . $item['itemid']); $iarr[] = $item; } $multipage = multi($listcount, $perpage, $page, S_URL . '/batch.search.php?' . $urlplus); } else { showmessage('not_find_relevant_data'); } } } if ($iarr) { //更新搜索时间 $_SGLOBAL['db']->query('UPDATE ' . tname('members') . ' SET lastsearchtime=\'' . $_SGLOBAL['timestamp'] . '\' WHERE uid=\'' . $_SGLOBAL['supe_uid'] . '\''); //积分、经验 if (!getreward('seach')) { showmessage('credit_not_enough'); } } //搜索界面显示 $title = $blang['search'] . ' - ' . $_SCONFIG['sitename']; //频道 $channels = getchannels(); include_once template('site_search'); function checkkey($str, $ischeck = 0) { $str = stripsearchkey(postget($str)); if ($ischeck) { if (empty($str)) { showmessage('keyword_import_inquiry'); } elseif (strlen($str) < 2) {
function IHomeServiceCreateComplain($params = NULL) { global $_SGLOBAL; if ($params['uid']) { if ($params['uid'] <= 0) { $errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct. the id must be a positive interger."); return json_encode($errorMsg); } else { $sql = "select name,username from " . tname('space') . " where uid = " . $params['uid']; $query = $_SGLOBAL['db']->query($sql); if ($row = $_SGLOBAL['db']->fetch_array($query)) { if ($row['name']) { $params['uname'] = $row['name']; } else { $params['uname'] = $row['username']; } } else { $errorMsg = array("errorNo" => "500", "content" => "the uid is not exist"); return json_encode($errorMsg); } } } else { $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter uid.the uid is not exist or the uid is not a positive interger."); return json_encode($errorMsg); } // 忽略department_id_list if (!$params['content']) { $errorMsg = array("errorNo" => "4001", "content" => "lack the neccessary parameter message.the message is not exist or the message is empty."); return json_encode($errorMsg); } if ($params['device'] && !in_array($params['device'], array('web', 'wechat', 'mobile'))) { $errorMsg = array("errorNo" => "4002", "content" => "the format of parameter is not correct. the parameter device is out of range."); return json_encode($errorMsg); } $UserIds = array(); $mood = 0; $params['status'] = 'init'; $params['reply_count'] = 0; $params['timestamp'] = time(); $params['department_list'] = array(); $params['operation_list'] = array(); $params['reply_list'] = array(); preg_match("/\\[em\\:(\\d+)\\:\\]/s", $params['content'], $ms); $mood = empty($ms[1]) ? 0 : intval($ms[1]); $message = rawurldecode(getstr($params['content'], 1000, 1, 1, 1, 2)); preg_match_all("/[@](.*)[(]([\\d]+)[)]\\s*/U", $message, $matches, PREG_SET_ORDER); # 加上链接 foreach ($matches as $value) { $TmpString = $value[0]; $TmpName = $value[1]; $UserId = $value[2]; $result = $_SGLOBAL['db']->query("select uid,username,name from " . tname('space') . " where uid={$UserId}"); if ($rs = $_SGLOBAL['db']->fetch_array($result)) { $realname = $rs['name']; if (empty($realname)) { $realname = $rs['username']; } $params['department_list'][intval($UserId)] = $realname; $ValidValue = getAtName($TmpString, $TmpName, $realname); $ValidValue = trim($ValidValue); $at_friend = "space.php?uid=" . $UserId; if ($ValidValue != false) { $message = str_replace($ValidValue, "<a href={$at_friend}>@" . $realname . "</a> ", $message); if (!in_array($UserId, $UserIds)) { $UserIds[] = $UserId; } } } } $message = preg_replace("/\\[em:(\\d+):]/is", "<img src=\"image/face/\\1.gif\" class=\"face\">", $message); $message = preg_replace("/\\<br.*?\\>/is", ' ', $message); $params['content'] = $message; $setarr = array('uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'from' => $params['uid'], 'message' => $message, 'mood' => $mood, 'ip' => getonlineip(), 'fromdevice' => 'web'); if ($params['device']) { $setarr['fromdevice'] = $params['device']; } if ($params['ip']) { $setarr['ip'] = $params['ip']; } $newdoid = inserttable('doing', $setarr, 1); @(include_once S_ROOT . './data/data_creditrule.php'); $isComplain = TRUE; /*if($isComplain && ($_SGLOBAL['member']['credit'] < $_SGLOBAL['creditrule']['complain']['credit'])){ # 如果积分不够 $isComplain = FALSE; $note = cplang('note_complain_credit_failed', array("space.php?do=doing&doid=$newdoid")); notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note); $complain_msg = 'note_complain_credit_failed'; }*/ # 这部分可能会出错 foreach ($UserIds as $UserId) { if ($isComplain) { $UserDept = isDepartment($UserId, 1); if ($UserDept) { $nowtime = time(); $complain = array('doid' => $newdoid, 'uid' => $params['uid'], 'uname' => $params['uname'], 'atdepartment' => $UserDept['department'], 'atdeptuid' => $UserId, 'from' => $params['uid'], 'atuid' => $UserId, 'atuname' => $UserDept['department'], 'isreply' => 0, 'addtime' => $nowtime, 'dateline' => $nowtime, 'expire' => 0, 'times' => 1, 'issendmsg' => 0, 'message' => $message, 'datatime' => date("Ymd", $nowtime)); inserttable('complain', $complain, 0); $note = cplang('note_complain_buchu', array("space.php?do=complain_item&doid={$newdoid}", date('Y-m-d H:i', $nowtime + 3600 * 24))); notification_complain_add($UserId, 'complain', $note); $complainOK = TRUE; } else { $note = cplang('note_doing_at', array("space.php?do=doing&doid={$newdoid}")); notification_add($UserId, 'atyou', $note); } } } if ($complainOK) { $note = cplang('note_complain_user_success', array("space.php?do=complain_item&doid={$newdoid}")); notification_complain_add($params['uid'], 'complain', $note); $complain_msg = 'note_complain_user_success'; getreward('complain', 1, $params['uid']); } if (!$complainOK && $isComplain) { if ($UserId == '0000') { //系统管理员 虽然并没有什么用 $note = cplang("您好,您的诉求已发送成功。谢谢您对ihome社区的大力支持!", array("space.php?do=doing&doid={$newdoid}")); notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note); } else { $note = cplang('note_complain_user_failed', array("space.php?do=doing&doid={$newdoid}")); notification_complain_add($_SGLOBAL['supe_uid'], 'complain', $note); $complain_msg = 'note_complain_user_failed'; } } $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $params['uid'], 'username' => $params['uname'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $message)))), 'body_template' => '', 'body_data' => '', 'id' => $newdoid, 'idtype' => 'doid', 'fromdevice' => 'web', 'ip' => getonlineip()); if ($params['device']) { $feedarr['fromdevice'] = $params['device']; } if ($params['ip']) { $feedarr['ip'] = $params['ip']; } $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); //ϲºÃhash $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); //ºÏ²¢hash $feedid = inserttable('feed', $feedarr, 1); updatestat('doing'); $setarr = array('note' => $message); $reward = getreward('doing', 0); updatetable('spacefield', $setarr, array('uid' => $params['uid'])); return json_encode($params); }
//Determine whether operating too fast if ($poll['credit'] && $poll['percredit'] && $poll['uid'] != $_SGLOBAL['supe_uid']) { if ($poll['credit'] <= $poll['percredit']) { $poll['percredit'] = $poll['credit']; $sql = ',percredit=0'; } $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET credit=credit+{$poll['percredit']} WHERE uid='{$_SGLOBAL['supe_uid']}'"); } else { $poll['percredit'] = 0; } $_SGLOBAL['db']->query("UPDATE " . tname('poll') . " SET voternum=voternum+1, lastvote='{$_SGLOBAL['timestamp']}', credit=credit-{$poll['percredit']} {$sql} WHERE pid='{$pid}'"); // real name realname_get(); if ($poll['uid'] != $_SGLOBAL['supe_uid']) { //Reward points getreward('joinpoll', 1, 0, $pid); } // hot value if ($poll['uid'] != $_SGLOBAL['supe_uid']) { hot_update('pid', $poll['pid'], $poll['hotuser']); } //Statistics updatestat('pollvote'); // event feed if (!isset($_POST['anonymous']) && $_SGLOBAL['supe_uid'] != $poll['uid'] && ckprivacy('joinpoll', 1)) { $fs = array(); $fs['icon'] = 'poll'; $fs['images'] = $fs['image_links'] = array(); $fs['title_template'] = cplang('take_part_in_the_voting'); $fs['title_data'] = array('touser' => "<a href=\"space.php?uid={$poll['uid']}\">" . $_SN[$poll['uid']] . "</a>", 'url' => "space.php?uid={$poll['uid']}&do=poll&pid={$pid}", 'subject' => $poll['subject'], 'reward' => $poll['percredit'] ? cplang('reward') : ''); $fs['body_template'] = '';
//积分 if ($tospace['uid'] != $_SGLOBAL['supe_uid']) { $needle = $id; if ($_POST['idtype'] != 'uid') { $needle = $_POST['idtype'] . $id; } else { $needle = $tospace['uid']; } //奖励评论发起者 getreward($action, 1, 0, $needle); //奖励被评论者 if ($becomment) { if ($_POST['idtype'] == 'uid') { $needle = $_SGLOBAL['supe_uid']; } getreward($becomment, 1, $tospace['uid'], $needle, 0); } } if ($bwzt) { $query = $_SGLOBAL['db']->query("SELECT distinct authorid FROM " . tname('comment') . " WHERE id='{$bwzt['bwztid']}' AND idtype='bwztid' ORDER BY dateline "); $uidarr = array(); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if ($value['authorid'] != $space['uid']) { $uidarr[] = strval($value['authorid']); } } if (!in_array($tospace['uid'], $uidarr)) { $uidarr[] = strval($tospace['uid']); } $tospace['name'] = empty($tospace['name']) ? $tospace['username'] : $tospace['name']; $space['name'] = empty($space['name']) ? $space['username'] : $space['name'];
function invite_update($inviteid, $uid, $username, $m_uid, $m_username, $appid=0) { global $_SGLOBAL, $_SN; if($uid && $uid != $m_uid) { $friendstatus = getfriendstatus($uid, $m_uid); if($friendstatus < 1) { friend_update($uid, $username, $m_uid, $m_username, 'invite'); //查找邀请记录 $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('invite')." WHERE uid='$m_uid' AND fuid='$uid'"); if($oldinvite = $_SGLOBAL['db']->fetch_array($query)) { //已经邀请过 return false; } //奖励积分 getreward('invitefriend', 1, $m_uid, '', 0); //feed $_SGLOBAL['supe_uid'] = $m_uid; $_SGLOBAL['supe_username'] = $m_username; //实名 realname_set($uid, $username); realname_get(); if(ckprivacy('invite', 1)) { $title_template = cplang('feed_invite'); $tite_data = array('username'=>'<a href="space.php?uid='.$uid.'">'.stripslashes($_SN[$uid]).'</a>'); feed_add('friend', $title_template, $tite_data); } //通知 $_SGLOBAL['supe_uid'] = $uid; $_SGLOBAL['supe_username'] = $username; notification_add($m_uid, 'friend', cplang('note_invite')); //更新邀请 $setarr = array('fuid'=>$uid, 'fusername'=>$username, 'appid'=>$appid); if($inviteid) { updatetable('invite', $setarr, array('id'=>$inviteid)); } else { $setarr['uid'] = $m_uid; inserttable('invite', $setarr, 0, true);//插入邀请记录 } } } }
if (!defined('IN_UCHOME')) { exit('Access Denied'); } $op = $_REQUEST['op'] ? trim($_REQUEST['op']) : ''; if ($_SGLOBAL['supe_uid']) { capi_showmessage_by_data('do_success', 0); } //没有登录表单 $_SGLOBAL['nologinform'] = 1; //好友邀请 $uid = empty($_REQUEST['uid']) ? 0 : intval($_REQUEST['uid']); $code = empty($_REQUEST['code']) ? '' : $_REQUEST['code']; $app = empty($_REQUEST['app']) ? '' : intval($_REQUEST['app']); $invite = empty($_REQUEST['invite']) ? '' : $_REQUEST['invite']; $invitearr = array(); $invitepay = getreward('invitecode', 0); $pay = $app ? 0 : $invitepay['credit']; if ($uid && $code && !$pay) { $m_space = getspace($uid); if ($code == space_key($m_space, $app)) { //验证通过 $invitearr['uid'] = $uid; $invitearr['username'] = $m_space['username']; } $url_plus = "uid={$uid}&app={$app}&code={$code}"; } elseif ($uid && $invite) { include_once S_ROOT . './source/function_cp.php'; $invitearr = invite_get($uid, $invite); $url_plus = "uid={$uid}&invite={$invite}"; } $jumpurl = $app ? "userapp.php?id={$app}&my_extra=invitedby_bi_{$uid}_{$code}&my_suffix=Lw%3D%3D" : 'space.php?do=home';
capi_showmessage_by_data('do_success', 0, array('avatar_url' => avatar($space['uid'], 'middle', TRUE))); } } } capi_showmessage_by_data('non_normal_operation'); } //头像 include_once S_ROOT . './uc_client/client.php'; $uc_avatar = capi_uc_avatar($_SGLOBAL['supe_uid'], empty($_SCONFIG['avatarreal']) ? 'virtual' : 'real'); //判断用户是否设置了头像 $setarr = array(); $avatar_exists = ckavatar($space['uid']); if ($avatar_exists) { if (!$space['avatar']) { //奖励积分 $reward = getreward('setavatar', 0); if ($reward['credit']) { $setarr['credit'] = "credit=credit+{$reward['credit']}"; } if ($reward['experience']) { $setarr['experience'] = "experience=experience+{$reward['experience']}"; } $setarr['avatar'] = 'avatar=1'; $setarr['updatetime'] = "updatetime={$_SGLOBAL['timestamp']}"; } } else { if ($space['avatar']) { $setarr['avatar'] = 'avatar=0'; } } if ($setarr) {
function blog_post($POST, $olds = array()) { global $_SGLOBAL, $_SC, $space; //�����߽�ɫ�л� $isself = 1; if (!empty($olds['uid']) && $olds['uid'] != $_SGLOBAL['supe_uid']) { $isself = 0; $__SGLOBAL = $_SGLOBAL; $_SGLOBAL['supe_uid'] = $olds['uid']; $_SGLOBAL['supe_username'] = addslashes($olds['username']); } //���� $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); if (strlen($POST['subject']) < 1) { $POST['subject'] = sgmdate('Y-m-d'); } $POST['friend'] = intval($POST['friend']); //��˽ $POST['target_ids'] = ''; if ($POST['friend'] == 2) { //�ض����� $uids = array(); $names = empty($_POST['target_names']) ? array() : explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names'])); if ($names) { $query = $_SGLOBAL['db']->query("SELECT uid FROM " . tname('space') . " WHERE username IN (" . simplode($names) . ")"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $uids[] = $value['uid']; } } if (empty($uids)) { $POST['friend'] = 3; //���Լ��ɼ� } else { $POST['target_ids'] = implode(',', $uids); } } elseif ($POST['friend'] == 4) { //���� $POST['password'] = trim($POST['password']); if ($POST['password'] == '') { $POST['friend'] = 0; } //���� } if ($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if ($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = shtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //������� //���� if ($_SGLOBAL['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1); $POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']); } $message = $POST['message']; //���˷��� if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { //������ $classname = shtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1, 1); if (empty($classname)) { $classid = 0; } else { $classid = getcount('class', array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid']), 'classid'); if (empty($classid)) { $setarr = array('classname' => $classname, 'uid' => $_SGLOBAL['supe_uid'], 'dateline' => $_SGLOBAL['timestamp']); $classid = inserttable('class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if ($classid && empty($classname)) { //�Ƿ����Լ��� $classname = getcount('class', array('classid' => $classid, 'uid' => $_SGLOBAL['supe_uid']), 'classname'); if (empty($classname)) { $classid = 0; } } //���� $blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($_POST['noreply']) ? 0 : 1); //����ͼƬ $titlepic = ''; //��ȡ�ϴ���ͼƬ $uploads = array(); if (!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('pic') . " WHERE picid IN (" . simplode($picids) . ") AND uid='{$_SGLOBAL['supe_uid']}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { if (empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'] . '.thumb.jpg'; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if (empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } } //�������� if ($uploads) { preg_match_all("/\\<img\\s.*?\\_uchome\\_localimg\\_([0-9]+).+?src\\=\"(.+?)\"/i", $message, $mathes); if (!empty($mathes[1])) { $searchs = $idsearchs = array(); $replaces = array(); foreach ($mathes[1] as $key => $value) { if (!empty($mathes[2][$key]) && !empty($uploads[$value])) { $searchs[] = $mathes[2][$key]; $idsearchs[] = "_uchome_localimg_{$value}"; $replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0); unset($uploads[$value]); } } if ($searchs) { $message = str_replace($searchs, $replaces, $message); $message = str_replace($idsearchs, 'uchomelocalimg[]', $message); } } //δ�������� foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"{$picurl}\"><p>{$value['title']}</p></div>"; } } //û����д�κζ��� $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message); if (empty($ckmessage)) { return false; } //���slashes $message = addslashes($message); //�������ж�ȡͼƬ if (empty($titlepic)) { $titlepic = getmessagepic($message); $blogarr['picflag'] = 0; } $blogarr['pic'] = $titlepic; //�ȶ� if (checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } //���� if ($_POST['attachid'] && $_POST['attachpath'] && $_POST['attachname'] && $_POST['attachsize']) { $blogarr['attachid'] = $_POST['attachid']; $blogarr['attachpath'] = $_POST['attachpath']; $blogarr['attachname'] = $_POST['attachname']; $blogarr['attachsize'] = $_POST['attachsize']; } if ($olds['blogid']) { //���� $blogid = $olds['blogid']; updatetable('blog', $blogarr, array('blogid' => $blogid)); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { //�������� $blogarr['topicid'] = topic_check($POST['topicid'], 'blog'); $blogarr['uid'] = $_SGLOBAL['supe_uid']; $blogarr['username'] = $_SGLOBAL['supe_username']; $blogarr['dateline'] = empty($POST['dateline']) ? $_SGLOBAL['timestamp'] : $POST['dateline']; $blogid = inserttable('blog', $blogarr, 1); } $blogarr['blogid'] = $blogid; //���� $fieldarr = array('message' => $message, 'postip' => getonlineip(), 'target_ids' => $POST['target_ids']); //TAG $oldtagstr = addslashes(empty($olds['tag']) ? '' : implode(' ', unserialize($olds['tag']))); $tagarr = array(); if ($POST['tag'] != $oldtagstr) { if (!empty($olds['tag'])) { //�Ȱ���ǰ�ĸ������ $oldtags = array(); $query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'"); while ($value = $_SGLOBAL['db']->fetch_array($query)) { $oldtags[] = $value['tagid']; } if ($oldtags) { $_SGLOBAL['db']->query("UPDATE " . tname('tag') . " SET blognum=blognum-1 WHERE tagid IN (" . simplode($oldtags) . ")"); $_SGLOBAL['db']->query("DELETE FROM " . tname('tagblog') . " WHERE blogid='{$blogid}'"); } } $tagarr = tag_batch($blogid, $POST['tag']); //���¸����е�tag $fieldarr['tag'] = empty($tagarr) ? '' : addslashes(serialize($tagarr)); } if ($olds) { //���� updatetable('blogfield', $fieldarr, array('blogid' => $blogid)); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; inserttable('blogfield', $fieldarr); } //�ռ���� if ($isself) { if ($olds) { //�ռ���� $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET updatetime='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'"); } else { if (empty($space['blognum'])) { $space['blognum'] = getcount('blog', array('uid' => $space['uid'])); $blognumsql = "blognum=" . $space['blognum']; } else { $blognumsql = 'blognum=blognum+1'; } //��� $reward = getreward('publishblog', 0); $_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET {$blognumsql}, lastpost='{$_SGLOBAL['timestamp']}', updatetime='{$_SGLOBAL['timestamp']}', credit=credit+{$reward['credit']}, experience=experience+{$reward['experience']} WHERE uid='{$_SGLOBAL['supe_uid']}'"); //ͳ�� updatestat('blog'); } } //����feed if ($POST['makefeed']) { include_once S_ROOT . './source/function_feed.php'; feed_publish($blogid, 'blogid', $olds ? 0 : 1); } //���� if (empty($olds) && $blogarr['topicid']) { topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']); } //��ɫ�л� if (!empty($__SGLOBAL)) { $_SGLOBAL = $__SGLOBAL; } return $blogarr; }