예제 #1
0
function DBSaveComment($cid, $parentPost, $parentComment, $content, $user_id, $deleted)
{
    $date = getTime();
    global $db;
    $stmt = $db->stmt_init();
    if ($stmt->prepare('CALL Check_Comment_Owner(?, ?)')) {
        $stmt->bind_param('ii', $cid, $user_id);
        $stmt->execute();
        $stmt->bind_result($result);
        $stmt->fetch();
        $stmt->close();
        if ($result == 0 || $cid == -1) {
            $db->next_result();
            $stmt = $db->stmt_init();
            if ($stmt->prepare('CALL Save_User_Comment(?, ?, ?, ?, ?, ?,?,?)')) {
                $stmt->bind_param('iiissiii', $cid, $parentPost, $parentComment, $user_id, $content, $deleted, $date, $date);
                $stmt->execute();
                $stmt->bind_result($comment['parentComment'], $comment['comment_no'], $comment['user_id'], $comment['user_name'], $comment['content'], $comment['date'], $comment['deleted']);
                $stmt->fetch();
                $stmt->close();
                $commentId = $comment['comment_no'];
                if ($commentId > 0) {
                    $encoded_comment_id = str_replace("/", "SLASH", fnEncrypt("c" . $commentId));
                    $user_dir = "../tmp/" . $user_id . "/";
                    $target_dir = "../upload/" . $encoded_comment_id . "/";
                    $files = directory_to_array($user_dir);
                    // if there are more than 0 files in the ../tmp/[UserID] directory
                    if (sizeof($files) > 0) {
                        // if ../upload/[UserID] direcoty does not exists, create the directory
                        if (!(file_exists($target_dir) && is_dir($target_dir))) {
                            @mkdir($target_dir, 0777, true);
                        } else {
                            //delete all files
                        }
                        $index = 0;
                        while ($file = $files[$index++]) {
                            $filesize = filesize($file);
                            $filealias = end(explode("/", $file));
                            $fileextension = end(explode(".", $filealias));
                            $filename = substr($filealias, 14);
                            $fileDirectory = $target_dir . $filename;
                            $fileAddress = publicUrl . "/upload/" . $encoded_comment_id . "/" . $filename;
                            //DB Save
                            $result = DBSaveUploadFile($fileextension, -1, $commentId, $filesize, $fileDirectory, $fileAddress);
                            //Check Image is in the DOM
                            $doc = new DOMDocument();
                            @$doc->loadHTML(mb_convert_encoding($content, 'HTML-ENTITIES', 'UTF-8'));
                            $tags = $doc->getElementsByTagName('img');
                            foreach ($tags as $tag) {
                                $source = $tag->getAttribute('src');
                                if ($source == $user_dir . $filealias) {
                                    $tag->removeAttribute('src');
                                    $tag->setAttribute('src', $fileDirectory);
                                }
                            }
                            $newContent = @$doc->saveHTML('body');
                            $newContent = str_replace('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">', '', $newContent);
                            $db->next_result();
                            $stmt = $db->stmt_init();
                            //htmlspecialchars($title, ENT_HTML401, 'UTF-8', false)
                            if ($stmt->prepare('CALL Save_User_Comment(?, ?, ?, ?, ?, ?,?,?)')) {
                                $stmt->bind_param('iiissiii', $commentId, $parentPost, $parentComment, $user_id, $content, $deleted, $date, $date);
                                $stmt->execute();
                                $stmt->bind_result($comment['parentComment'], $comment['comment_no'], $comment['user_id'], $comment['user_name'], $comment['content'], $comment['date'], $comment['deleted']);
                                $stmt->fetch();
                                $stmt->close();
                            }
                            //Move file from /tmp/ to /upload/
                            rename($file, $user_dir . $filename);
                            copy($user_dir . $filename, $target_dir . $filename);
                            unlink($user_dir . $filename);
                        }
                    }
                }
                $returnArray = array();
                $dateFormatted = format_date($comment['date']);
                $returnArray['commentId'] = $comment['comment_no'];
                $returnArray['deleted'] = false;
                $returnArray['parentCommentId'] = $comment['parentComment'];
                $returnArray['canEdit'] = true;
                $returnArray['canComment'] = true;
                $returnArray['authorUserId'] = $comment['user_id'];
                $returnArray['author'] = $comment['user_name'];
                $returnArray['authorEmail'] = $comment['author_email'];
                $returnArray['content'] = $comment['content'];
                $returnArray['date'] = $comment['date'];
                $returnArray['date'] = $dateFormatted[1];
                $returnArray['children'] = array();
            }
        }
    }
    return json_encode_unescaped($returnArray);
}
예제 #2
0
function DBSavePost($post_id, $pinned, $boardName, $title, $content, $user_id, $added_tags, $deleted_tags, $addedFiles, $deletedFiles)
{
    //echo json_encode_unescaped($addedFiles);
    $date = getTime();
    global $db;
    $stmt = $db->stmt_init();
    if ($pinned && $_SESSION['UserLevel'] > exec_level) {
        $pinned = false;
    }
    if ($stmt->prepare('CALL Check_Post_Owner(?,?)')) {
        $stmt->bind_param('ii', $post_id, $user_id);
        $stmt->execute();
        $stmt->bind_result($result);
        $stmt->fetch();
        $stmt->close();
        if ($result == 0 || $post_id == -1) {
            $db->next_result();
            $stmt = $db->stmt_init();
            //htmlspecialchars($title, ENT_HTML401, 'UTF-8', false)
            if ($stmt->prepare('CALL Save_Post(?,?,?,?,?,?,?,?)')) {
                $stmt->bind_param('isiissii', $post_id, $boardName, $user_id, $pinned, $title, $content, $date, $date);
                $stmt->execute();
                $post_id_out = NULL;
                $stmt->bind_result($post_id_out);
                $stmt->fetch();
                $stmt->close();
                if ($added_tags != null) {
                    for ($t = 0; $t < sizeof($added_tags); $t++) {
                        DBSavePostTag($post_id_out, $added_tags[$t], "Save");
                    }
                }
                if ($deleted_tags != null) {
                    for ($t = 0; $t < sizeof($deleted_tags); $t++) {
                        DBSavePostTag($post_id_out, $deleted_tags[$t], "Delete");
                    }
                }
                if ($post_id_out > 0) {
                    $encoded_post_id = str_replace("/", "SLASH", fnEncrypt("p" . $post_id_out));
                    $user_dir = "../tmp/" . $user_id . "/";
                    $target_dir = "../upload/" . $encoded_post_id . "/";
                    // if there are more than 0 files in the ../tmp/[UserID] directory
                    if (sizeof($addedFiles) > 0) {
                        $currentfiles = directory_to_array($user_dir);
                        $index = 0;
                        while ($existingFile = $currentfiles[$index++]) {
                            $alias = end(split("/", $existingFile));
                            $array = split("-", $alias);
                            $fileTime = $array[0] / 1000;
                            $time = getTime();
                            if ($time - $fileTime > 86400) {
                                unlink($existingFile);
                            }
                        }
                        // if ../upload/[UserID] direcoty does not exists, create the directory
                        if (!(file_exists($target_dir) && is_dir($target_dir))) {
                            @mkdir($target_dir, 0777, true);
                        }
                        $index = 0;
                        while ($file = $addedFiles[$index++]['file']) {
                            $filesize = filesize($user_dir . $file['alias']);
                            $filealias = $file['alias'];
                            $fileextension = end(explode(".", $filealias));
                            $filename = $file['name'];
                            //echo "{filealias:" . $filealias . "\n filename:" . $filename ."}";
                            $filename_no_ext = substr($filename, 0, strlen($filename) - strlen($fileextension) - 1);
                            $oldfilename = $filename;
                            $fileSufix = '';
                            $fileCounter = 1;
                            while (file_exists($target_dir . $filename)) {
                                $filename = $filename_no_ext . '(' . $fileCounter . ').' . $fileextension;
                                $fileCounter++;
                            }
                            $fileDirectory = $target_dir . $filename;
                            $fileAddress = publicUrl . "/upload/" . $encoded_post_id . "/" . $filename;
                            //DB Save
                            $result = DBSaveUploadFile($fileextension, $post_id_out, -1, $filesize, $fileDirectory, $fileAddress, $filename);
                            //Check Image is in the DOM
                            $doc = new DOMDocument();
                            @$doc->loadHTML(mb_convert_encoding(str_replace("&", "&amp;", $content), 'HTML-ENTITIES', 'UTF-8'));
                            $tags = $doc->getElementsByTagName('img');
                            foreach ($tags as $tag) {
                                $source = $tag->getAttribute('src');
                                //echo "\r\noriginal source: " . $source;
                                // BYUNGHOON: !==false, ===false is the proper+safe way to check strpos
                                if (strpos($source, $filealias) !== false && strpos($source, "\\/upload\\/") === false) {
                                    $tag->removeAttribute('src');
                                    $tag->setAttribute('src', $fileAddress);
                                    //echo "fileaddress: " . $fileAddress . " \t";
                                }
                            }
                            $newContent = @$doc->saveHTML();
                            $newContent = str_replace('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">', '', $newContent);
                            $newContent = str_replace("&amp;", "&", $newContent);
                            $content = $newContent;
                            $db->next_result();
                            $stmt = $db->stmt_init();
                            //htmlspecialchars($title, ENT_HTML401, 'UTF-8', false)
                            if ($stmt->prepare('CALL Save_Post(?,?,?,?,?,?,?,?)')) {
                                $stmt->bind_param('isiissii', $post_id_out, $boardName, $user_id, $pinned, $title, $content, $date, $date);
                                $stmt->execute();
                                $post_id_out = NULL;
                                $stmt->bind_result($post_id_out);
                                $stmt->fetch();
                                $stmt->close();
                            }
                            //Move file from /tmp/ to /upload/
                            rename($user_dir . $filealias, $user_dir . $filename);
                            copy($user_dir . $filename, $target_dir . $filename);
                            unlink($user_dir . $filename);
                        }
                    }
                }
                if ($deletedFiles != null) {
                    foreach ($deletedFiles as $filename) {
                        $encoded_post_id = str_replace("/", "SLASH", fnEncrypt("p" . $post_id_out));
                        $target_dir = "../upload/" . $encoded_post_id . "/" . $filename;
                        if (file_exists($target_dir)) {
                            unlink($target_dir);
                        }
                        $db->next_result();
                        $stmt = $db->stmt_init();
                        if ($stmt->prepare('CALL Delete_Post_File(?, ?)')) {
                            $stmt->bind_param('is', $post_id, $filename);
                            $stmt->execute();
                            $stmt->close();
                        }
                    }
                }
                return $post_id_out;
            }
        }
    }
    return -1;
}