function js_mkurl($tag, $url)
{
if (!preg_match("/^(http\\:\\/\\/|ftp\\:\\/\\/|https\\:\\/\\/|\\/)/i", $url)) {
$url = getsiteurl() . $url;
}
return " {$tag}=\"{$url}\"";
}
function usesubmit()
{
global $_G;
$config = urlencode(getsiteurl() . 'home.php?mod=misc&ac=swfupload&op=config&doodle=1');
$src = IMGDIR . "/doodle.swf?fid={$_G[gp_handlekey]}&oid={$_G[gp_mtarget]}&from={$_G[gp_from]}&config={$config}";
include template('home/magic_doodle');
}
function space_open($uid, $username, $gid = 0, $email = '')
{
global $_SGLOBAL, $_SCONFIG;
if (empty($uid) || empty($username)) {
return array();
}
//验证空间是否被管理员删除
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('spacelog') . " WHERE uid='{$uid}' AND flag='-1'");
if ($value = $_SGLOBAL['db']->fetch_array($query)) {
showmessage('the_space_has_been_closed');
}
$space = array('uid' => $uid, 'username' => $username, 'dateline' => $_SGLOBAL['timestamp'], 'groupid' => $gid);
inserttable('space', $space, 0, true);
inserttable('spacefield', array('uid' => $uid, 'email' => $email), 0, true);
//发送PM
if ($_SGLOBAL['supe_uid'] && $_SGLOBAL['supe_uid'] != $uid) {
include_once S_ROOT . './uc_client/client.php';
uc_pm_send($_SGLOBAL['supe_uid'], $uid, cplang('space_open_subject'), cplang('space_open_message', array(getsiteurl())), 1, 0, 0);
}
//产生feed
include_once S_ROOT . './source/function_cp.php';
$_uid = $_SGLOBAL['supe_uid'];
$_username = $_SGLOBAL['supe_username'];
$_SGLOBAL['supe_uid'] = $uid;
$_SGLOBAL['supe_username'] = addslashes($username);
feed_add('profile', cplang('feed_space_open'));
$_SGLOBAL['supe_uid'] = $_uid;
$_SGLOBAL['supe_username'] = $_username;
return $space;
}
function _my_get_app_url($appid, $suffix)
{
global $_G;
if (!isset($_G['prefix_url'])) {
$_G['prefix_url'] = getsiteurl();
}
return $_G['prefix_url'] . "userapp.php?mod=app&id={$appid}";
}
function __construct()
{
global $_SGLOBAL, $_SC;
$this->callback = $this->xmlrpcApi();
$this->xmlmessage = new stdClass();
$this->siteUrl = getsiteurl();
$this->db = $_SGLOBAL['db'];
$this->charset = $_SC['charset'];
$this->timestamp = $_SGLOBAL['timestamp'];
}
public function index()
{
$uid = intval($_GET['uid']);
$size = trim($_GET['size']);
$size = in_array($size, array('middel', 'small')) ? $size : 'big';
$avatar = $uid . '/' . $uid . '_avatar_' . $size . '.jpg';
if (is_file(C('AVATARDIR') . $avatar)) {
$avatar = C('AVATARURL') . $avatar;
} else {
$avatar = getsiteurl() . '/static/images/common/avatar_default.png';
}
@header('location:' . $avatar);
exit;
}
}
include_once S_ROOT . './source/function_common.php';
include_once S_ROOT . '../vendor/autoload.php';
//时间
$mtime = explode(' ', microtime());
$_SGLOBAL['timestamp'] = $mtime[1];
$_SGLOBAL['supe_starttime'] = $_SGLOBAL['timestamp'] + $mtime[0];
//GPC过滤
$magic_quote = get_magic_quotes_gpc();
if (empty($magic_quote)) {
$_GET = saddslashes($_GET);
$_POST = saddslashes($_POST);
}
//本站URL
if (empty($_SC['siteurl'])) {
$_SC['siteurl'] = getsiteurl();
}
//链接数据库
dbconnect();
//缓存文件
if (!@(include_once S_ROOT . './data/data_config.php')) {
include_once S_ROOT . './source/function_cache.php';
config_cache();
include_once S_ROOT . './data/data_config.php';
}
foreach (array('app', 'userapp', 'ad', 'magic') as $value) {
@(include_once S_ROOT . './data/data_' . $value . '.php');
}
//COOKIE
$prelength = strlen($_SC['cookiepre']);
foreach ($_COOKIE as $key => $val) {
$siteurl = getsiteurl();
$list = array();
$count = C::t('home_comment')->count_by_id_idtype($pic['picid'], 'picid', $cid);
if ($count) {
$query = C::t('home_comment')->fetch_all_by_id_idtype($pic['picid'], 'picid', $start, $perpage, $cid);
foreach ($query as $value) {
$list[] = $value;
}
}
$multi = multi($count, $perpage, $page, $theurl);
if (empty($album['albumname'])) {
$album['albumname'] = lang('space', 'default_albumname');
}
$pic_url = $pic['pic'];
if (!preg_match("/^(http|https)\\:\\/\\/.+?/i", $pic['pic'])) {
$pic_url = getsiteurl() . $pic['pic'];
}
$pic_url2 = rawurlencode($pic['pic']);
$hash = md5($pic['uid'] . "\t" . $pic['dateline']);
$id = $pic['picid'];
$idtype = 'picid';
$maxclicknum = 0;
loadcache('click');
$clicks = empty($_G['cache']['click']['picid']) ? array() : $_G['cache']['click']['picid'];
foreach ($clicks as $key => $value) {
$value['clicknum'] = $pic["click{$key}"];
$value['classid'] = mt_rand(1, 4);
if ($value['clicknum'] > $maxclicknum) {
$maxclicknum = $value['clicknum'];
}
$clicks[$key] = $value;
function usesubmit()
{
global $_G;
$config = urlencode(getsiteurl() . 'home.php?mod=misc&ac=swfupload&op=config&doodle=1');
include template('home/magic_doodle');
}
continue;
}
if ($subvalue['isimage']) {
//图片
$value['message'] .= "<div><img src=\"{$_SC[attachurl]}{$subvalue['filepath']}\"></div>";
} else {
$value['message'] .= "<div><strong>文件</strong>: <a href=\"{$_SC[attachurl]}{$subvalue['filepath']}\">{$subvalue['filename']}</a></div>";
}
}
}
if ($value['videosize']) {
$value['videosize'] = formatsize($value['videosize']);
$value['message'] .= "<div><strong>影音大小</strong>: {$value['videosize']}</div>";
}
if ($value['file']) {
$flvurl = getsiteurl() . rawurlencode($value['file']);
$value['message'] .= '<div>
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" id="photo" align="middle" height="315" width="420">
<param name="movie" value="image/flv.swf?flvurl=' . $flvurl . '">
<param name="quality" value="high">
<param name="allowFullScreen" value="true">
<embed src="image/flv.swf?flvurl=' . $flvurl . '" quality="high" name="photo" type="application/x-shockwave-flash" allowfullscreen="true" pluginspage="http://www.macromedia.com/go/getflashplayer" align="middle" height="315" width="420">
</object>
<br>' . $value['videoname'] . '</a></div>';
}
if ($value['remoteurl']) {
$remoteurl = unserialize($value['remoteurl']);
if ($value['subtype'] == 'media') {
foreach ($remoteurl as $rs) {
$value['message'] .= '<div>
<object id="PlayerEx2" classid="clsid:6BF52A52-394A-11d3-B153-00C04F79FAA6" width="420" height="315">
}
}
} else {
$graph[$type] .= "<value xid='{$count}'>" . $value[$type] . "</value>";
}
$count++;
}
$xml = '';
$xml .= '<' . "?xml version=\"1.0\" encoding=\"utf-8\"?>";
$xml .= '<chart><xaxis>';
$xml .= $xaxis;
$xml .= "</xaxis><graphs>";
$count = 0;
foreach ($graph as $key => $value) {
$xml .= "<graph gid='{$count}' title='" . siconv(cplang("do_stat_{$key}"), 'utf8') . "'>";
$xml .= $value;
$xml .= '</graph>';
$count++;
}
$xml .= '</graphs></chart>';
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
@header("Content-type: application/xml; charset=utf-8");
echo $xml;
exit;
}
$siteurl = getsiteurl();
$statuspara = "path=&settings_file=data/stat_setting.xml&data_file=" . urlencode("do.php?ac=stat&xml=1&type={$type}");
$actives = array($type => ' style="font-weight:bold;"');
include template('do_stat');
<?php
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: userapp_manage.php 34075 2013-10-08 03:59:47Z andyzheng $
*/
if (!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if (!checkperm('allowmyop')) {
showmessage('no_privilege_myop', '', array(), array('return' => true));
}
$uchUrl = getsiteurl() . 'userapp.php?mod=manage';
if (submitcheck('ordersubmit')) {
if (empty($_POST['order'])) {
$_POST['order'] = array();
}
$displayorder = count($_POST['order']);
foreach ($_POST['order'] as $key => $appid) {
$appid = intval($appid);
if ($_G['my_userapp'][$appid]['menuorder'] != $displayorder) {
C::t('home_userapp')->update_by_uid_appid($_G['uid'], $appid, array('menuorder' => $displayorder));
}
$displayorder--;
}
$_POST['menunum'] = abs(intval($_POST['menunum']));
if ($_POST['menunum']) {
C::t('common_member_field_home')->update($_G['uid'], array('menunum' => $_POST['menunum']));
}
function space_domain($space)
{
global $_SCONFIG;
if ($space['domain'] && $_SCONFIG['allowdomain'] && $_SCONFIG['domainroot']) {
$space['domainurl'] = 'http://' . $space['domain'] . '.' . $_SCONFIG['domainroot'];
} else {
if ($_SCONFIG['allowrewrite']) {
$space['domainurl'] = getsiteurl() . $space[uid];
} else {
$space['domainurl'] = getsiteurl() . "?{$space['uid']}";
}
}
return $space['domainurl'];
}
/**
* 模型在线投稿提交处理函数
*/
function modelpost($cacheinfo, $cp = 1)
{
global $_SGLOBAL, $theurl, $_SCONFIG;
include_once S_ROOT . './function/upload.func.php';
$_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0;
$itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0;
$hash = '';
$op = 'add';
$resultitems = $resultmessage = array();
$modelsinfoarr = $cacheinfo['models'];
$columnsinfoarr = $cacheinfo['columns'];
if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) {
showmessage('parameter_error');
}
$feedcolum = array();
foreach ($columnsinfoarr as $result) {
if ($result['isfixed'] == 1) {
$resultitems[] = $result;
} else {
$resultmessage[] = $result;
}
if ($result['formtype'] == 'linkage') {
if (!empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]];
}
} elseif ($result['formtype'] == 'timestamp') {
if (empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $_SGLOBAL['timestamp'];
} else {
$_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]);
}
}
}
//更新用户最新更新时间
if (empty($itemid) && $_SGLOBAL['supe_uid']) {
updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid']));
}
//输入检查
$_POST['catid'] = intval($_POST['catid']);
$_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0;
$_POST['subject'] = shtmlspecialchars(trim($_POST['subject']));
//检查输入
if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) {
showmessage('space_suject_length_error');
}
if (empty($_POST['catid'])) {
showmessage('admin_func_catid_error');
}
if (!empty($_FILES['subjectimage']['name'])) {
$fileext = fileext($_FILES['subjectimage']['name']);
if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) {
showmessage('document_types_can_only_upload_pictures');
}
}
//数据检查
checkvalues(array_merge($resultitems, $resultmessage), 0, 1);
//修改时检验标题图片是否修改
$defaultmessage = array();
if (!empty($itemid)) {
if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) {
//当file删除时,或修改时执行删除操作
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\'');
$defaultmessage = $_SGLOBAL['db']->fetch_array($query);
$hash = getmodelhash($_GET['mid'], $itemid);
deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage'));
//删除附件表
updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid));
$ext = fileext($defaultmessage['subjectimage']);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage['subjectimage']);
}
}
//构建数据
$setsqlarr = $setitemsqlarr = array();
$setsqlarr = getsetsqlarr($resultitems);
$setsqlarr['catid'] = $_POST['catid'];
$setsqlarr['subject'] = $_POST['subject'];
$setsqlarr['allowreply'] = $_POST['allowreply'];
if (checkperm('managefolder') || checkperm('managemodpost')) {
$setsqlarr['grade'] = intval($_POST['grade']);
} else {
$setsqlarr['grade'] = 0;
}
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
$setsqlarr['uid'] = $_SGLOBAL['supe_uid'];
$setsqlarr['username'] = $_SGLOBAL['supe_username'];
$setsqlarr['lastpost'] = $setsqlarr['dateline'];
$modelsinfoarr['subjectimagewidth'] = 400;
$modelsinfoarr['subjectimageheight'] = 300;
if (!empty($modelsinfoarr['thumbsize'])) {
$modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize']));
$modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0];
$modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1];
}
$uploadfilearr = $ids = array();
$subjectimageid = '';
$uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']);
if (!empty($uploadfilearr)) {
$feedsubjectimg = $uploadfilearr;
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//词语过滤
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
//发布时间
if (empty($_POST['dateline'])) {
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
} else {
$setsqlarr['dateline'] = sstrtotime($_POST['dateline']);
if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) {
//不能早于2年
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
}
}
if (!checkperm('allowdirectpost') || checkperm('managemodpost')) {
//不需要审核时入item表
if (empty($itemid)) {
//插入数据
$itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1);
} else {
//更新
$op = 'update';
unset($setsqlarr['uid']);
unset($setsqlarr['username']);
unset($setsqlarr['lastpost']);
updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid));
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\'');
$defaultmessage = $_SGLOBAL['db']->fetch_array($query);
}
$hash = getmodelhash($_POST['mid'], $itemid);
if (!empty($ids)) {
$ids = simplode($ids);
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$do = 'pass';
} else {
if (!empty($uploadfilearr['subjectimage']['aid'])) {
$subjectimageid = $uploadfilearr['subjectimage']['aid'];
}
$setitemsqlarr = $setsqlarr;
$do = 'me';
}
if ($op == 'update') {
if (!empty($resultmessage)) {
foreach ($resultmessage as $value) {
if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) {
if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) {
//当file删除时,或修改时执行删除操作
deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname']));
//删除附件表
updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid']));
$ext = fileext($defaultmessage[$value['fieldname']]);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]);
}
}
}
}
}
//内容
$setsqlarr = $uploadfilearr = $ids = array();
$setsqlarr = getsetsqlarr($resultmessage);
$uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0);
$setsqlarr['message'] = trim($_POST['message']);
$setsqlarr['postip'] = $_SGLOBAL['onlineip'];
if (!empty($uploadfilearr)) {
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//添加内容
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') {
//不需要审核时入message表
if ($op == 'add') {
$setsqlarr['itemid'] = $itemid;
//添加内容
inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr);
if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) {
$feed['icon'] = 'comment';
$feed['title_template'] = 'feed_model_title';
$murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
$aurl = A_URL;
if (empty($_SCONFIG['siteurl'])) {
$siteurl = getsiteurl();
$murl = $siteurl . $murl;
$aurl = $siteurl . $aurl;
} else {
$siteurl = S_URL_ALL;
}
$feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>');
$feed['body_template'] = 'feed_model_message';
$feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150));
if (!empty($feedsubjectimg)) {
$feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl);
} else {
foreach ($feedcolum as $feedimgvalue) {
if ($feedimgvalue['filepath']) {
$feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl);
break;
}
}
if (empty($feed['images'])) {
$picurl = getmessagepic(stripslashes($_POST['message']));
if ($picurl && strpos($picurl, '://') === false) {
$picurl = $siteurl . '/' . $picurl;
}
if (!empty($picurl)) {
$feed['images'][] = array('url' => $picurl, 'link' => $murl);
}
}
}
postfeed($feed);
}
} else {
//更新内容
updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid));
}
updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash));
if (checkperm('allowdirectpost') && $op == 'update') {
deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1);
}
if (checkperm('allowdirectpost') && $op == 'update') {
$jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('writing_success_online_please_wait_for_audit', $jpurl);
} else {
$jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('online_contributions_success', $jpurl);
}
} else {
$setsqlarr = array_merge($setitemsqlarr, $setsqlarr);
$setsqlarr['addfeed'] = $_POST['addfeed'];
$setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1);
$itemid = inserttable('modelfolders', $setsqlarr, 1);
if (!empty($subjectimageid)) {
$ids[] = $subjectimageid;
}
if (!empty($ids)) {
$ids = simplode($ids);
$hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT);
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('writing_success_online_please_wait_for_audit', $jpurl);
}
}
if (empty($defaultemail) || !isemail($defaultemail)) {
showmessage('have_no_email', '', 10);
}
if ($isactive > 0) {
showmessage('collegeid_is_active', '', 3);
} elseif (empty($isactive)) {
$nowtime = explode(' ', microtime());
$tmptime = $nowtime[1];
//记录邮件发送时间,存入数据库
$tmptime = $tmptime + $nowtime[0];
if ($tmptime - intval($row['emaildateline']) <= 1800) {
showmessage('sendtime_limit');
}
//激活成功
$hash = authcode("{$collegeid}\t{$defaultemail}", 'ENCODE');
$url = getsiteurl() . 'do.php?ac=' . $_SCONFIG['buaaregister_action'] . '&hash=' . urlencode($hash);
$mailsubject = cplang('active_email_subject');
$mailmessage = cplang('active_email_msg', array($url));
$cid = inserttable('mailcron', array('email' => $defaultemail), 1);
//存储学号信息
$_SGLOBAL['collegeid'] = $collegeid;
$setarr = array('cid' => $cid, 'subject' => addslashes(stripslashes($mailsubject)), 'message' => addslashes(stripslashes($mailmessage)), 'dateline' => $_GLOBAL['timestamp']);
//放入邮件队列
inserttable('mailqueue', $setarr);
$sendtime = array('emaildateline' => $tmptime);
updatetable('baseprofile', $sendtime, array('collegeid' => $collegeid));
showmessage('collegeid_not_active');
} else {
showmessage('system_error', 'index.php', 3);
}
}
function _my_get_app_url($appid, $suffix)
{
global $_SGLOBAL, $space, $_SCONFIG;
if (!isset($_SGLOBAL['prefix_url'])) {
$_SGLOBAL['prefix_url'] = getsiteurl();
}
return $_SGLOBAL['prefix_url'] . "userapp.php?appid={$appid}";
}
$comment_status = 1;
} else {
$comment_status = 0;
}
DB::update('home_comment', array('message' => $message, 'status' => $comment_status), array('cid' => $comment['cid']));
showmessage('do_success', dreferer(), array('cid' => $comment['cid']), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true));
}
$comment['message'] = $bbcode->html2bbcode($comment['message']);
} elseif ($_GET['op'] == 'delete') {
if (submitcheck('deletesubmit')) {
require_once libfile('function/delete');
if (deletecomments(array($cid))) {
showmessage('do_success', dreferer(), array('cid' => $cid), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true));
} else {
showmessage('no_privilege');
}
}
} elseif ($_GET['op'] == 'reply') {
$query = DB::query("SELECT * FROM " . DB::table('home_comment') . " WHERE cid='{$cid}'");
if (!($comment = DB::fetch($query))) {
showmessage('comments_do_not_exist');
}
if ($comment['idtype'] == 'uid' && ($seccodecheck || $secqaacheck)) {
$seccodecheck = 0;
$secqaacheck = 0;
}
$config = urlencode(getsiteurl() . 'home.php?mod=misc&ac=swfupload&op=config&doodle=1');
} else {
showmessage('no_privilege');
}
include template('home/spacecp_comment');
//打招呼
if (submitcheck('pokesubmit')) {
if (empty($tospace)) {
showmessage('space_does_not_exist');
}
$oldpoke = getcount('poke', array('uid' => $uid, 'fromuid' => $_SGLOBAL['supe_uid']));
$setarr = array('uid' => $uid, 'fromuid' => $_SGLOBAL['supe_uid'], 'fromusername' => $_SGLOBAL['supe_username'], 'note' => getstr($_POST['note'], 50, 1, 1), 'dateline' => $_SGLOBAL['timestamp'], 'iconid' => intval($_POST['iconid']));
inserttable('poke', $setarr, 0, true);
//更新统计
if (!$oldpoke) {
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET pokenum=pokenum+1 WHERE uid='{$uid}'");
}
//更新我的好友关系热度
addfriendnum($tospace['uid'], $tospace['username']);
//发送邮件通知
smail($uid, '', cplang('poke_subject', array($_SN[$space['uid']], getsiteurl() . 'cp.php?ac=poke')), '', 'poke');
if ($op == 'reply') {
//删除招呼
$_SGLOBAL['db']->query("DELETE FROM " . tname('poke') . " WHERE uid='{$_SGLOBAL['supe_uid']}' AND fromuid='{$uid}'");
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET pokenum=pokenum-1 WHERE uid='{$_SGLOBAL['supe_uid']}' AND pokenum>0");
}
//奖励
getreward('poke', 1, 0, $uid);
//统计
updatestat('poke');
showmessage('poke_success', $_POST['refer'], 1, array($_SN[$tospace['uid']]));
}
} elseif ($op == 'ignore') {
$where = empty($uid) ? '' : "AND fromuid='{$uid}'";
$_SGLOBAL['db']->query("DELETE FROM " . tname('poke') . " WHERE uid='{$_SGLOBAL['supe_uid']}' {$where}");
//统计更新
}
if (preg_match('/^\\//', $my_suffix)) {
$url = 'http://apps.manyou.com/' . $my_appId . $my_suffix;
} else {
if ($my_suffix) {
$url = 'http://apps.manyou.com/' . $my_appId . '/' . $my_suffix;
} else {
$url = 'http://apps.manyou.com/' . $my_appId;
}
}
if (strpos($my_suffix, '?')) {
$url = $url . '&my_uchId=' . $_SGLOBAL['supe_uid'] . '&my_sId=' . $_SCONFIG['my_siteid'];
} else {
$url = $url . '?my_uchId=' . $_SGLOBAL['supe_uid'] . '&my_sId=' . $_SCONFIG['my_siteid'];
}
$url .= '&my_prefix=' . urlencode($my_prefix) . '&my_suffix=' . urlencode($my_suffix);
$current_url = getsiteurl() . 'userapp.php';
if ($_SERVER['QUERY_STRING']) {
$current_url = $current_url . '?' . $_SERVER['QUERY_STRING'];
}
$extra = $_GET['my_extra'];
$timestamp = $_SGLOBAL['timestamp'];
$url .= '&my_current=' . urlencode($current_url);
$url .= '&my_extra=' . urlencode($extra);
$url .= '&my_ts=' . $timestamp;
$url .= '&my_appVersion=' . $app['version'];
$hash = $_SCONFIG['my_siteid'] . '|' . $_SGLOBAL['supe_uid'] . '|' . $appid . '|' . $current_url . '|' . $extra . '|' . $timestamp . '|' . $_SCONFIG['my_sitekey'];
$hash = md5($hash);
$url .= '&my_sig=' . $hash;
$my_suffix = urlencode($my_suffix);
include_once template("userapp");
}
//实名
realname_set($post['uid'], $post['username']);
realname_get();
$post['message'] = preg_replace("/\\<div class=\"quote\"\\>\\<span class=\"q\"\\>.*?\\<\\/span\\>\\<\\/div\\>/is", '', $post['message']);
//移除编辑记录
$post['message'] = preg_replace("/<ins class=\"modify\".+?<\\/ins>/is", '', $post['message']);
$post['message'] = html2bbcode($post['message']);
//显示用
$message = addslashes("<div class=\"quote\"><span class=\"q\"><b>" . $_SN[$post['uid']] . "</b>: " . getstr($post['message'], 150, 0, 0, 0, 2, 1) . '</span></div>') . $message;
}
$anonymous = empty($_POST['anonymous']) ? 0 : intval($_POST['anonymous']);
$setarr = array('tagid' => intval($thread['tagid']), 'anonymous' => $anonymous, 'tid' => $tid, 'uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'ip' => getonlineip(), 'dateline' => $_SGLOBAL['timestamp'], 'message' => $message);
$pid = inserttable('post', $setarr, 1);
//邮件通知
smail($thread['uid'], '', cplang('mtag_reply', array($_SN[$space['uid']], shtmlspecialchars(getsiteurl() . "space.php?uid={$thread['uid']}&do=thread&id={$thread['tid']}"))), '', 'mtag_reply');
//更新统计数据
$last_author_name = $anonymous ? 'null' : $_SGLOBAL[supe_username];
$_SGLOBAL['db']->query("UPDATE " . tname('thread') . "\r\n\t\tSET replynum=replynum+1, lastpost='{$_SGLOBAL['timestamp']}', lastauthor='{$last_author_name}', lastauthorid='{$_SGLOBAL['supe_uid']}'\r\n\t\tWHERE tid='{$tid}'");
//更新群组统计
$_SGLOBAL['db']->query("UPDATE " . tname("mtag") . " SET postnum=postnum+1 WHERE tagid='{$thread['tagid']}'");
//普通回复
if (empty($post) && $thread['uid'] != $_SGLOBAL['supe_uid']) {
//积分
getreward('replythread', 1, 0, $thread['tid']);
realname_set($thread['uid'], $thread['username']);
realname_get();
if (empty($mtag['viewperm'])) {
$fs = array();
$fs['icon'] = 'post';
$fs['body_template'] = '';
/**
* 模型在线投稿提交处理函数
*/
function modelpost($cacheinfo, $cp = 1)
{
global $_SGLOBAL, $theurl, $_SCONFIG;
include_once S_ROOT . './function/upload.func.php';
$_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0;
$itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0;
$hash = '';
$op = 'add';
$resultitems = $resultmessage = array();
$modelsinfoarr = $cacheinfo['models'];
$columnsinfoarr = $cacheinfo['columns'];
//获取等级信息
if ($cacheinfo['models']['modelname'] == 'defect') {
switch ($_POST['grade']) {
case 1:
$_POST['grade'] = '64';
break;
case 2:
$_POST['grade'] = '32';
break;
case 3:
$_POST['grade'] = '16';
break;
case 4:
$_POST['grade'] = '9';
break;
case 5:
$_POST['grade'] = '4';
break;
case 6:
$_POST['grade'] = '1';
break;
case 7:
$_POST['grade'] = '-1';
break;
case 8:
$_POST['grade'] = '-2';
break;
case 9:
$_POST['grade'] = '-3';
break;
}
$gradearr = array('0' => $alang['general_state'], '64' => $alang['check_grade_1'], '32' => $alang['check_grade_2'], '16' => $alang['check_grade_3_1'], '9' => $alang['check_grade_3_2'], '4' => $alang['check_grade_3_3'], '1' => $alang['check_grade_4'], '-1' => $alang['check_grade_5'], '-2' => $alang['check_grade_6'], '-3' => $alang['check_grade_7']);
if (!empty($_SCONFIG['checkgrade'])) {
$newgradearr = explode("\t", $_SCONFIG['checkgrade']);
$gradearr['64'] = $newgradearr[0];
$gradearr['32'] = $newgradearr[1];
$gradearr['16'] = $newgradearr[2];
$gradearr['9'] = $newgradearr[3];
$gradearr['4'] = $newgradearr[4];
$gradearr['1'] = $newgradearr[5];
$gradearr['-1'] = $newgradearr[6];
$gradearr['-2'] = $newgradearr[7];
$gradearr['-3'] = $newgradearr[8];
}
} else {
$gradearr = array('0' => $alang['general_state'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5'], '6' => $alang['check_grade_6'], '7' => $alang['check_grade_7']);
if (!empty($_SCONFIG['checkgrade'])) {
$newgradearr = explode("\t", $_SCONFIG['checkgrade']);
for ($i = 0; $i < count($newgradearr); $i++) {
if (!empty($newgradearr[$i])) {
$gradearr[$i + 1] = $newgradearr[$i];
}
}
}
}
if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) {
showmessage('parameter_error');
}
$feedcolum = array();
foreach ($columnsinfoarr as $result) {
if ($result['isfixed'] == 1) {
$resultitems[] = $result;
} else {
$resultmessage[] = $result;
}
if ($result['formtype'] == 'linkage') {
if (!empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]];
}
} elseif ($result['formtype'] == 'timestamp') {
if (empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $_SGLOBAL['timestamp'];
} else {
$_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]);
}
}
}
//更新用户最新更新时间
if (empty($itemid) && $_SGLOBAL['supe_uid']) {
updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid']));
}
//输入检查
$_POST['catid'] = intval($_POST['catid']);
$_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0;
$_POST['subject'] = shtmlspecialchars(trim($_POST['subject']));
//检查输入
if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) {
showmessage('space_suject_length_error');
}
if (empty($_POST['catid'])) {
showmessage('admin_func_catid_error');
}
if (!empty($_FILES['subjectimage']['name'])) {
$fileext = fileext($_FILES['subjectimage']['name']);
if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) {
showmessage('document_types_can_only_upload_pictures');
}
}
//数据检查
checkvalues(array_merge($resultitems, $resultmessage), 0, 1);
//修改时检验标题图片是否修改
$defaultmessage = array();
if (!empty($itemid)) {
if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) {
//当file删除时,或修改时执行删除操作
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\'');
$defaultmessage = $_SGLOBAL['db']->fetch_array($query);
$hash = getmodelhash($_GET['mid'], $itemid);
deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage'));
//删除附件表
updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid));
$ext = fileext($defaultmessage['subjectimage']);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage['subjectimage']);
}
}
//构建数据
$setsqlarr = $setitemsqlarr = array();
$setsqlarr = getsetsqlarr($resultitems);
$setsqlarr['catid'] = $_POST['catid'];
$setsqlarr['subject'] = $_POST['subject'];
$setsqlarr['allowreply'] = $_POST['allowreply'];
$setsqlarr['grade'] = intval($_POST['grade']);
//modify by jyf,没权限的用户不能改审核等级
if ($setsqlarr['grade'] > 0) {
if (!checkperm('manageeditpost')) {
showmessage('no_permission');
}
}
//end
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
$setsqlarr['uid'] = $_SGLOBAL['supe_uid'];
$setsqlarr['username'] = $_SGLOBAL['supe_username'];
$setsqlarr['lastpost'] = $setsqlarr['dateline'];
$modelsinfoarr['subjectimagewidth'] = 400;
$modelsinfoarr['subjectimageheight'] = 300;
if (!empty($modelsinfoarr['thumbsize'])) {
$modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize']));
$modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0];
$modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1];
}
$uploadfilearr = $ids = array();
$subjectimageid = '';
$uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']);
if (!empty($uploadfilearr)) {
$feedsubjectimg = $uploadfilearr;
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//词语过滤
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
//发布时间
if (empty($_POST['dateline'])) {
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
} else {
$setsqlarr['dateline'] = sstrtotime($_POST['dateline']);
if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) {
//不能早于2年
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
}
}
//附件处理-by jyf
if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
$setsqlarr['attaches'] = implode(',', $_POST['divupload']);
}
//创新园地新增两个字段-------89184
if ($cacheinfo['models']['modelname'] == 'creative') {
if (empty($_POST['creative_value'])) {
showmessage('请输入创新价值说明');
}
if (empty($_POST['creative_days'])) {
showmessage('本创新所耗的工作量');
}
$setsqlarr['value'] = $_POST['creative_value'];
$setsqlarr['days'] = $_POST['creative_days'];
}
if (!checkperm('allowdirectpost') || checkperm('managemodpost')) {
//不需要审核时入item表
if (empty($itemid)) {
//插入数据
$itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1);
//取消邮件通知 --89184
$email = get_cate_mail($_POST['catid']);
$url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
if ($_POST['modelname'] == 'creative') {
if ($_POST['creative_type'] == '流程建议') {
$email = $email . ',' . get_cate_process_mail($setsqlarr['catid']);
}
}
$emails = explode(',', $email);
if (count($emails) > 0) {
include S_ROOT . './function/sendmail.fun.php';
$url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
if ($cacheinfo['models']['modelname'] == 'creative') {
$msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的创新:<br />' . $url1;
sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的创新《' . $_POST['subject'] . "》", $msg1);
} else {
if ($cacheinfo['models']['modelname'] == 'defect') {
$msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例:<br />' . $url1;
sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例《' . $_POST['subject'] . "》", $msg1);
}
}
}
} else {
//更新
$op = 'update';
unset($setsqlarr['uid']);
unset($setsqlarr['username']);
unset($setsqlarr['lastpost']);
if ($setsqlarr['grade'] > 0) {
$setsqlarr['shenhezhe'] = $_SGLOBAL['supe_username'];
if ($_POST['modelname'] == 'creative') {
if ($_POST['creative_type'] == '主管月度创新') {
if (!check_cate_director($setsqlarr['catid'])) {
showmessage('no_permission');
}
}
}
}
updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid));
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\'');
$defaultmessage = $_SGLOBAL['db']->fetch_array($query);
//邮件通知--等级审核
if ($setsqlarr['grade'] > 0) {
$sqlstr = 'SELECT u.*, s.* FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' s LEFT JOIN ' . tname('members') . ' u ON u.uid=s.uid WHERE s.itemid=\'' . $itemid . '\'';
$query = $_SGLOBAL['db']->query($sqlstr);
$value = $_SGLOBAL['db']->fetch_array($query);
$email = $value['email'];
if (!empty($email)) {
include S_ROOT . './function/sendmail.fun.php';
$url = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
$emails = explode(',', $email);
if ($_POST['modelname'] == 'creative') {
$msg = '你的创新已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
} else {
$msg = '你的缺陷预防案例已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
}
sendmail($emails, $setsqlarr['subject'], $msg);
}
}
}
if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=1, type=\'' . $modelsinfoarr['modelname'] . '\', itemid=' . $itemid . ', catid=\'' . $_POST['catid'] . '\' WHERE hash=\'' . $_POST['hash'] . '\'');
}
$hash = getmodelhash($_POST['mid'], $itemid);
if (!empty($ids)) {
$ids = simplode($ids);
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$do = 'pass';
} else {
if (!empty($uploadfilearr['subjectimage']['aid'])) {
$subjectimageid = $uploadfilearr['subjectimage']['aid'];
}
$setitemsqlarr = $setsqlarr;
$do = 'me';
}
if ($op == 'update') {
if (!empty($resultmessage)) {
foreach ($resultmessage as $value) {
if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) {
if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) {
//当file删除时,或修改时执行删除操作
deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname']));
//删除附件表
updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid']));
$ext = fileext($defaultmessage[$value['fieldname']]);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]);
}
}
}
}
}
//内容
$setsqlarr = $uploadfilearr = $ids = array();
$setsqlarr = getsetsqlarr($resultmessage);
$uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0);
$setsqlarr['message'] = trim($_POST['message']);
$setsqlarr['postip'] = $_SGLOBAL['onlineip'];
if (!empty($uploadfilearr)) {
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//添加内容
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') {
//不需要审核时入message表
if ($op == 'add') {
$setsqlarr['itemid'] = $itemid;
//添加内容
inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr);
getreward('postinfo');
if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) {
$feed['icon'] = 'comment';
$feed['title_template'] = 'feed_model_title';
$murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
$aurl = A_URL;
if (empty($_SCONFIG['siteurl'])) {
$siteurl = getsiteurl();
$murl = $siteurl . $murl;
$aurl = $siteurl . $aurl;
} else {
$siteurl = S_URL_ALL;
}
$feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>');
$feed['body_template'] = 'feed_model_message';
$feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150));
if (!empty($feedsubjectimg)) {
$feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl);
} else {
foreach ($feedcolum as $feedimgvalue) {
if ($feedimgvalue['filepath']) {
$feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl);
break;
}
}
if (empty($feed['images'])) {
$picurl = getmessagepic(stripslashes($_POST['message']));
if ($picurl && strpos($picurl, '://') === false) {
$picurl = $siteurl . '/' . $picurl;
}
if (!empty($picurl)) {
$feed['images'][] = array('url' => $picurl, 'link' => $murl);
}
}
}
postfeed($feed);
}
} else {
//更新内容
updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid));
}
updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash));
if (checkperm('allowdirectpost') && $op == 'update') {
deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1);
}
if (checkperm('allowdirectpost') && $op == 'update') {
$jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('writing_success_online_please_wait_for_audit', $jpurl);
} else {
$jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('online_contributions_success', $jpurl);
}
} else {
$setsqlarr = array_merge($setitemsqlarr, $setsqlarr);
$setsqlarr['addfeed'] = $_POST['addfeed'];
$setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1);
if (!empty($_POST['itemid'])) {
$itemid = intval($_POST['itemid']);
updatetable('modelfolders', $setsqlarr, array('itemid' => $itemid));
} else {
$itemid = inserttable('modelfolders', $setsqlarr, 1);
}
if (!empty($subjectimageid)) {
$ids[] = $subjectimageid;
}
if (!empty($ids)) {
$ids = simplode($ids);
$hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT);
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('writing_success_online_please_wait_for_audit', $jpurl);
}
}
include template('home/spacecp_friend');
exit;
} else {
if (getcount('home_friend_request', array('uid' => $uid, 'fuid' => $_G['uid']))) {
showmessage('waiting_for_the_other_test');
}
if ($tospace['videophotostatus']) {
ckvideophoto('friend', $tospace);
}
ckrealname('friend');
if (submitcheck('addsubmit')) {
$_POST['gid'] = intval($_POST['gid']);
$_POST['note'] = censor($_POST['note']);
friend_add($uid, $_POST['gid'], $_POST['note']);
require_once libfile('function/mail');
$values = array('username' => $tospace['username'], 'url' => getsiteurl() . 'home.php?mod=spacecp&ac=friend&op=request');
sendmail_touser($uid, lang('spacecp', 'friend_subject', $values), '', 'friend_add');
showmessage('request_has_been_sent', dreferer(), array(), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true));
} else {
include_once template('home/spacecp_friend');
exit;
}
}
} elseif ($op == 'ignore') {
if ($uid) {
if (submitcheck('friendsubmit')) {
if (friend_check($uid)) {
friend_delete($uid);
} else {
friend_request_delete($uid);
}
private function _userFriendSetting($res, $uid, $gid, $note)
{
global $_G;
require_once libfile('function/friend');
require_once libfile('function/spacecp');
require_once libfile('function/home');
if (!checkperm('allowfriend')) {
return $this->makeErrorInfo($res, 'no_privilege_addfriend');
}
if ($uid == $_G['uid']) {
return $this->makeErrorInfo($res, 'friend_self_error');
}
if (friend_check($uid)) {
return $this->makeErrorInfo($res, 'you_have_friends');
}
$tospace = getuserbyuid($uid);
if (empty($tospace)) {
return $this->makeErrorInfo($res, 'space_does_not_exist');
}
if (isblacklist($tospace['uid'])) {
return $this->makeErrorInfo($res, 'is_blacklist');
}
// $res['body']['gidInfo'] = $this->_getFriendGroupList();
space_merge($space, 'count');
space_merge($space, 'field_home');
$maxfriendnum = checkperm('maxfriendnum');
if ($maxfriendnum && $space['friends'] >= $maxfriendnum + $space['addfriend']) {
if ($_G['magic']['friendnum']) {
return $this->makeErrorInfo($res, 'enough_of_the_number_of_friends_with_magic');
} else {
return $this->makeErrorInfo($res, 'enough_of_the_number_of_friends');
}
}
if (friend_request_check($uid)) {
// if(submitcheck('add2submit')) {
$_POST['gid'] = intval($gid);
friend_add($uid, $uid);
if (ckprivacy('friend', 'feed')) {
require_once libfile('function/feed');
feed_add('friend', 'feed_friend_title', array('touser' => "<a href=\"home.php?mod=space&uid={$tospace['uid']}\">{$tospace['username']}</a>"));
}
notification_add($uid, 'friend', 'friend_add');
// showmessage('friends_add', dreferer(), array('username' => $tospace['username'], 'uid'=>$uid, 'from' => $_GET['from']), array('showdialog'=>1, 'showmsg' => true, 'closetime' => true));
return $this->makeErrorInfo($res, 'friends_add', array('{username}' => $tospace['username']));
// }
// $op = 'add2';
// $groupselect = empty($space['privacy']['groupname']) ? array(1 => ' checked') : array();
// $navtitle = lang('core', 'title_friend_add');
// include template('home/spacecp_friend');
// exit();
} else {
if (C::t('home_friend_request')->count_by_uid_fuid($uid, $_G['uid'])) {
return $this->makeErrorInfo($res, 'waiting_for_the_other_test');
}
$_POST['gid'] = $gid;
$_POST['note'] = censor(htmlspecialchars(cutstr($note, strtolower(CHARSET) == 'utf-8' ? 30 : 20, '')));
friend_add($uid, $_POST['gid'], $_POST['note']);
$note = array('uid' => $_G['uid'], 'url' => 'home.php?mod=spacecp&ac=friend&op=add&uid=' . $_G['uid'] . '&from=notice', 'from_id' => $_G['uid'], 'from_idtype' => 'friendrequest', 'note' => !empty($_POST['note']) ? lang('spacecp', 'friend_request_note', array('note' => $_POST['note'])) : '');
notification_add($uid, 'friend', 'friend_request', $note);
require_once libfile('function/mail');
$values = array('username' => $tospace['username'], 'url' => getsiteurl() . 'home.php?mod=spacecp&ac=friend&op=request');
sendmail_touser($uid, lang('spacecp', 'friend_subject', $values), '', 'friend_add');
return $this->makeErrorInfo($res, 'request_has_been_sent');
}
return $res;
}
}
data_set('mail', $mails);
//更新缓存
include_once S_ROOT . './source/function_cache.php';
config_cache();
//用户栏目缓存
data_set('spacebarusername', '', 1);
cpmessage('do_success', 'admincp.php?ac=config');
}
$configs = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('config'));
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$configs[$value['var']] = shtmlspecialchars($value['datavalue']);
}
if (empty($configs['siteallurl'])) {
$configs['siteallurl'] = getsiteurl();
}
if (empty($configs['feedfilternum']) || $configs['feedfilternum'] < 1) {
$configs['feedfilternum'] = 1;
}
$datasets = $datas = $mails = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('data'));
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
if ($value['var'] == 'setting' || $value['var'] == 'mail') {
$datasets[$value['var']] = empty($value['datavalue']) ? array() : unserialize($value['datavalue']);
} else {
$datasets[$value['var']] = shtmlspecialchars($value['datavalue']);
}
}
$datas = $datasets['setting'];
$mails = $datasets['mail'];
}
//对方是否把自己加为了好友
$fstatus = getfriendstatus($uid, $_SGLOBAL['supe_uid']);
if ($fstatus == -1) {
//对方没有加好友,我加别人
if ($status == -1) {
//视频认证
if ($tospace['videostatus']) {
ckvideophoto('friend', $tospace);
}
//添加单向好友
if (submitcheck('addsubmit')) {
$setarr = array('uid' => $_SGLOBAL['supe_uid'], 'fuid' => $uid, 'fusername' => addslashes($tospace['username']), 'gid' => intval($_POST['gid']), 'note' => getstr($_POST['note'], 50, 1, 1), 'dateline' => $_SGLOBAL['timestamp']);
inserttable('friend', $setarr);
//发送邮件通知
smail($uid, '', cplang('friend_subject', array($_SN[$space['uid']], getsiteurl() . 'cp.php?ac=friend&op=request')), '', 'friend_add');
//增加对方好友申请数
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET addfriendnum=addfriendnum+1 WHERE uid='{$uid}'");
showmessage('request_has_been_sent');
} else {
include_once template('cp_friend');
exit;
}
} else {
showmessage('waiting_for_the_other_test');
}
} else {
//对方加了我为好友,我审核通过
if (submitcheck('add2submit')) {
//成为好友
$gid = intval($_POST['gid']);
if ($value) {
$newusers[] = $value;
}
}
if ($newusers) {
$return = uc_pm_send($_SGLOBAL['supe_uid'], implode(',', $newusers), $subject, $message, 1, $pmid, 1);
}
//发送邮件通知
$touid = 0;
if ($return > 0) {
$query = $_SGLOBAL['db']->query('SELECT uid FROM ' . tname('space') . ' WHERE username IN (' . simplode($users) . ')');
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
if (empty($touid)) {
$touid = $value['uid'];
}
smail($value['uid'], '', cplang('friend_pm', array($_SN[$space['uid']], getsiteurl() . 'space.php?do=pm')), '', 'friend_pm');
}
}
}
if ($return > 0) {
//更新最后发布时间
$_SGLOBAL['db']->query("UPDATE " . tname('space') . " SET lastpost='{$_SGLOBAL['timestamp']}' WHERE uid='{$_SGLOBAL['supe_uid']}'");
showmessage('do_success', "space.php?do=pm&filter=privatepm");
} else {
if (in_array($return, array(-1, -2, -3, -4))) {
showmessage('message_can_not_send' . abs($return));
} else {
showmessage('message_can_not_send');
}
}
}
function emailcheck_send($uid, $email) {
global $_SGLOBAL, $_SCONFIG;
if($uid && $email) {
$hash = authcode("$uid\t$email", 'ENCODE');
$url = getsiteurl().'do.php?ac=emailcheck&hash='.urlencode($hash);
$mailsubject = cplang('active_email_subject');
$mailmessage = cplang('active_email_msg', array($url));
smail(0, $email, $mailsubject, $mailmessage);
}
}
if (empty($_POST['email'])) {
showmessage('邮箱不能为空');
}
$spaceinfo = array();
$query = $_SGLOBAL['db']->query('SELECT s.uid, s.groupid, s.username, s.flag, sf.email, sf.emailcheck FROM ' . tname('space') . ' s LEFT JOIN ' . tname('spacefield') . " sf ON sf.uid=s.uid WHERE sf.email='{$_POST['email']}'");
$spaceinfo = $_SGLOBAL['db']->fetch_array($query);
if (empty($spaceinfo)) {
showmessage('该邮箱账号没有在本站注册!');
}
//创始人、管理员不允许找回密码
$founderarr = explode(',', $_SC['founder']);
if ($spaceinfo['flag'] || in_array($spaceinfo['uid'], $founderarr) || checkperm('admin')) {
showmessage('getpasswd_account_invalid');
}
$idstring = random(6);
$reseturl = getsiteurl() . 'do.php?ac=lostpasswd&op=reset&uid=' . $spaceinfo['uid'] . '&id=' . $idstring;
updatetable('spacefield', array('authstr' => $_SGLOBAL['timestamp'] . "\t1\t" . $idstring), array('uid' => $spaceinfo['uid']));
$mail_subject = cplang('get_passwd_subject');
$mail_message = cplang('get_passwd_message', array($reseturl));
include_once S_ROOT . './source/function_cp.php';
smail(0, $spaceinfo['email'], $mail_subject, $mail_message);
showmessage('getpasswd_send_succeed', 'do.php?ac=' . $_SCONFIG['login_action'], 3);
//showmessage($reseturl, 'do.php?ac='.$_SCONFIG['login_action'], 3);
} elseif (submitcheck('resetsubmit')) {
$uid = empty($_POST['uid']) ? 0 : intval($_POST['uid']);
$id = empty($_POST['id']) ? 0 : trim($_POST['id']);
if ($_POST['newpasswd1'] != $_POST['newpasswd2']) {
showmessage('password_inconsistency');
}
if ($_POST['newpasswd1'] != addslashes($_POST['newpasswd1'])) {
showmessage('profile_passwd_illegal');
$n_url = "space.php?uid={$tospace['uid']}&do=poll&pid={$id}&cid={$cid}";
$note_type = 'pollcomment';
$q_note = cplang('note_poll_comment_reply', array($n_url));
$q_msgtype = 'poll_comment_reply';
break;
case 'eventid':
// 活动
$n_url = "space.php?do=event&id={$id}&view=comment&cid={$cid}";
$note_type = 'eventcomment';
$q_note = cplang('note_event_comment_reply', array($n_url));
$q_msgtype = 'event_comment_reply';
break;
}
if ($comment['authorid'] != $_SGLOBAL['supe_uid']) {
//发送邮件通知
smail($comment['authorid'], '', cplang($q_msgtype, array($_SN[$userid], shtmlspecialchars(getsiteurl() . $n_url))), '', $q_msgtype);
notification_add($comment['authorid'], $note_type, $q_note);
}
//通知被@的用户
if ($UserIds) {
$note = cplang('note_comment_at', array($n_url));
foreach ($UserIds as $UserId) {
notification_add($UserId, 'atyou', $note);
}
}
}
//统计
if ($stattype) {
updatestat($stattype);
}
if ($cid) {
function space_open($uid, $username, $gid = 0, $email = '')
{
global $_SGLOBAL, $_SCONFIG;
if (empty($uid) || empty($username)) {
return array();
}
//验证 space 是否被管理员 delete
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('spacelog') . " WHERE uid='{$uid}' AND flag='-1'");
if ($value = $_SGLOBAL['db']->fetch_array($query)) {
showmessage('the_space_has_been_closed');
}
$space = array('uid' => $uid, 'username' => $username, 'dateline' => $_SGLOBAL['timestamp'], 'groupid' => $gid, 'regip' => getonlineip());
// Bonus Points
$reward = getreward('register', 0, $uid);
if ($reward['credit']) {
$space['credit'] = $reward['credit'];
}
if ($reward['experience']) {
$space['experience'] = $reward['experience'];
}
inserttable('space', $space, 0, true);
inserttable('spacefield', array('uid' => $uid, 'email' => $email), 0, true);
//发送PM
if ($_SGLOBAL['supe_uid'] && $_SGLOBAL['supe_uid'] != $uid) {
include_once S_ROOT . './uc_client/client.php';
uc_pm_send($_SGLOBAL['supe_uid'], $uid, cplang('space_open_subject'), cplang('space_open_message', array(getsiteurl())), 1, 0, 0);
}
//发送邮箱验证邮件
include_once S_ROOT . './source/function_cp.php';
emailcheck_send($uid, $email);
//产生feed
$_uid = $_SGLOBAL['supe_uid'];
$_username = $_SGLOBAL['supe_username'];
$_SGLOBAL['supe_uid'] = $uid;
$_SGLOBAL['supe_username'] = addslashes($username);
if (ckprivacy('spaceopen', 1)) {
feed_add('profile', cplang('feed_space_open'));
}
// update 最新会员
if ($_SCONFIG['newspacenum'] > 0) {
$newspacelist = array();
$wherearr = array('1');
if ($_SCONFIG['newspaceavatar']) {
$wherearr[] = "avatar='1'";
}
if ($_SCONFIG['newspacerealname']) {
$wherearr[] = "namestatus='1'";
}
if ($_SCONFIG['newspacevideophoto']) {
$wherearr[] = "videostatus='1'";
}
$query = $_SGLOBAL['db']->query("SELECT uid,username,name,namestatus,videostatus,dateline FROM " . tname('space') . " WHERE " . implode(' AND ', $wherearr) . " ORDER BY uid DESC LIMIT 0,{$_SCONFIG['newspacenum']}");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$newspacelist[] = $value;
}
data_set('newspacelist', $newspacelist);
}
//Statistics update
include_once S_ROOT . './source/function_cp.php';
updatestat('register');
$_SGLOBAL['supe_uid'] = $_uid;
$_SGLOBAL['supe_username'] = $_username;
return $space;
}