$board = $_GET["board"]; $brdarr = array(); $bid = bbs_getboard($board, $brdarr); if ($bid == 0) { html_error_quit("错误的讨论区"); } $board = $brdarr["NAME"]; $board_desc = $brdarr["DESC"]; $brd_encode = urlencode($board); //$isnormalboard = bbs_normalboard($board); $lookupuser = array(); $guestUID = bbs_getuser("guest", $lookupuser); $isnormalboard = bbs_checkreadperm($guestUID, $bid); //bbs_set_onboard($bid,1); $usernum = $currentuser["index"]; if (!$isnormalboard && bbs_checkreadperm($usernum, $bid) == 0) { html_error_quit("错误的讨论区"); } $haveprev = 0; $num = bbs_get_threads_from_gid($bid, $gid, $start, $articles, $haveprev); if ($num == 0) { html_error_quit("错误的参数"); } $pagesize = 20; $totalpage = ($num - 1) / $pagesize + 1; $totalpage = intval($totalpage); if ($pno < 1 || $pno > $totalpage) { $pno = 1; } $startnum = ($pno - 1) * $pagesize; $endnum = $startnum + $pagesize;
<?php include "funcs.php"; $bid = $_GET["bid"]; if (isset($_GET["page"])) { $page = $_GET["page"]; } else { $page = 0; } $bname = bbs_getbname($bid); if ($bname == "") { ie("board not found."); } if (!bbs_checkreadperm($uid, $bid)) { ie("permission denied."); } bbs_checkorigin($bname); $total = bbs_countarticles($bid, $dir_modes["ORIGIN"]); $pagecount = ceil($total / PAGE_SIZE); if ($page < 0) { $page = 0; } if ($page > $pagecount) { $page = $pagecount; } if ($page == 0) { $page = $pagecount; } $start = ($page - 1) * PAGE_SIZE + 1; $count = PAGE_SIZE; if ($page == $pagecount) {
html_error_quit('错误的讨论区'); } $brdarr = array(); $bid = bbs_getboard($board, $brdarr); if (!$bid) { html_error_quit('错误的讨论区'); } $board = $brdarr['NAME']; $brd_encode = urlencode($board); if (isset($_GET['id'])) { $id = intval($_GET['id']); } else { html_error_quit('错误的文章ID'); } if (!bbs_normalboard($board)) { if (bbs_checkreadperm($currentuser["index"], $bid) == 0) { html_error_quit("错误的讨论区"); } } $ftype = $dir_modes["NORMAL"]; $articles = array(); $num = bbs_get_records_from_id($board, $id, $ftype, $articles); if ($num == 0) { html_error_quit("错误的文章号,原文可能已经被删除"); } $id = $articles[1]["ID"]; bbs_board_nav_header($brdarr, "文章推荐"); $confirmed = isset($_GET['do']) ? 1 : 0; switch (bbs_docommend($board, $id, $confirmed)) { case 0: if ($confirmed) {
assert_login(); if (!isset($_GET["board"]) && !isset($_POST["board"])) { html_error_quit("错误的讨论区"); } if (isset($_GET["board"])) { $board = $_GET["board"]; } else { $board = $_POST["board"]; } $brdarr = array(); $brdnum = bbs_getboard($board, $brdarr); if ($brdnum == 0) { html_error_quit("错误的讨论区"); } $usernum = $currentuser["index"]; if (bbs_checkreadperm($usernum, $brdnum) == 0) { html_error_quit("错误的讨论区"); } if (!isset($_GET["id"]) && !isset($_POST["id"])) { html_error_quit("错误的文章号"); } if (isset($_GET["id"])) { $id = $_GET["id"]; } else { $id = $_POST["id"]; } $articles = array(); $num = bbs_get_records_from_id($brdarr["NAME"], $id, $dir_modes["NORMAL"], $articles); if ($num == 0) { html_error_quit("错误的文章号"); }
case -9: html_error_quit('系统错误'); break; default: } $path = $path_tmp; $isBoard = false; $up_cnt = bbs_ann_updirs($path, $board, $up_dirs); $title = bbs_ann_get_title($path); if ($board) { $brdarr = array(); $bid = bbs_getboard($board, $brdarr); if ($bid) { $board = $brdarr['NAME']; $usernum = $currentuser['index']; if (bbs_checkreadperm($usernum, $bid) == 0) { html_error_quit('不存在该目录'); } bbs_set_onboard($bid, 1); if (bbs_normalboard($board)) { $dotnames = BBS_HOME . '/' . $path . '/.Names'; if (cache_header('public', filemtime($dotnames), 300)) { return; } } //bbs_board_header($brdarr,-1,0); bbs_ann_header($board); print "<h1 class=\"bt\">{$title}</h1>"; $isBoard = true; ?> <script>
function atomic_ann() { global $currentuser; $file = false; $path = @trim($_GET['path']); if (isset($_GET['file'])) { $path = trim($_GET['file']); if ($path[0] == '/') { $path = "0Announce" . $path; } else { $path = "0Announce/" . $path; } $file = $path; $modfile = $file; } else { if ($path[0] == '/') { $path1 = "0Announce" . $path; } else { $path1 = "0Announce/" . $path; } $modfile = $path1 . "/.Names"; } if (strstr($path, '.Names') || strstr($path, '..') || strstr($path, 'SYSHome')) { atomic_error('不存在该目录'); } $boardName = ''; $articles = array(); $path_tmp = ''; if ($file === false) { $ret = bbs_read_ann_dir($path, $boardName, $path_tmp, $articles); switch ($ret) { case -1: atomic_error('精华区目录不存在'); case -2: atomic_error('无法加载目录文件'); case -3: break; case -9: atomic_error('系统错误'); default: } $path = $path_tmp; } else { if (bbs_ann_traverse_check($path, $currentuser["userid"]) < 0) { atomic_error("错误的目录"); } } $parent = ''; $up_dirs = array(); $up_cnt = bbs_ann_updirs($path, $boardName, $up_dirs); $cacheit = true; if ($up_cnt >= 2) { $parent = $up_dirs[$up_cnt - 2]; } if ($boardName) { $brdArr = array(); $boardID = bbs_getboard($boardName, $brdArr); $boardArr = $brdArr; if ($boardID) { $boardName = $boardArr['NAME']; $usernum = $currentuser['index']; if (bbs_checkreadperm($usernum, $boardID) == 0) { foundErr('不存在该目录'); } bbs_set_onboard($boardID, 1); if (!bbs_normalboard($boardName)) { $cacheit = false; } } else { $boardName = ''; } } else { $boardID = 0; } if ($cacheit) { if (cache_header('public', @filemtime($modfile), 300)) { return; } } atomic_header(); $html = "<p>"; if ($boardID) { $html .= "<a href='?act=board&board=" . $boardName . "'>回 " . $boardName . " 版面</a> "; } if ($parent) { $html .= "<a href='?act=ann&path=" . $parent . "'>回上级目录</a> "; } $html .= "<a href='?'>回首页</a></p>"; if ($file !== false) { echo $html; echo bbs2_readfile_text($file, MAXCHAR, 2); } else { $html .= "<pre> 编号 [类别] 标 题 整 理 编辑日期\n"; if (count($articles) >= 0) { $i = 1; foreach ($articles as $article) { switch ($article['FLAG']) { case 0: continue 2; case 1: $alt = '目录'; $url = '?act=ann&path=' . urlencode($article['PATH']); break; case 2: case 3: default: $alt = '文件'; $url = '?act=ann&file=' . urlencode($article['PATH']); } $html .= sprintf("%5d ", $i) . "[" . $alt . "]"; $html .= $article['FLAG'] == 3 ? "@" : " "; $title = sprintf("%-37.37s", trim($article['TITLE'])); $html .= '<a href="' . $url . '">' . htmlspecialchars($title) . ' </a>'; $bm = explode(' ', trim($article['BM'])); $html .= sprintf(" %-12.12s ", $bm[0]); $html .= date('Y-m-d', $article['TIME']) . "\n"; $i++; } } $html .= "</pre>"; echo $html; } atomic_footer(); }
if ($userid == "" || bbs_getuser($userid, $uarr) == 0) { print "用户 {$userid} 不存在。"; exit; } $uid = $uarr["index"]; // check board exists $bname = $_POST["board"]; $barr = array(); $bid = bbs_getboard($bname, $barr); if ($bid == 0) { print "版面 {$bname} 不存在。"; exit; } $bname = $barr["NAME"]; // check if can post if (bbs_checkreadperm($uid, $bid) == 0) { print "没有阅读权限。"; exit; } if (bbs_is_readonly_board($barr)) { print "版面为只读状态。"; exit; } if (bbs_checkpostperm($uid, $bid) == 0) { print "没有发表权限。"; exit; } if (bbs_deny_me($userid, $bname)) { print "您被取消了发表权限。"; exit; }
/** * function hasReadPerm whether board can read * it also check the current mode can be read * * @param User $user * @return boolean true|false * @access public */ public function hasReadPerm($user) { if ($this->_mode === Board::$DELETED && !$user->isBM($this) && !$user->isAdmin()) { return false; } if ($this->_mode === Board::$JUNK && !$user->isAdmin()) { return false; } if (bbs_checkreadperm($user->uid, $this->BID) == 0) { return false; } return true; }
require "www2-funcs.php"; require "www2-board.php"; login_init(); assert_login(); if (!isset($_GET["board"])) { html_error_quit("未指定发文版面!"); } $boardName = $_GET["board"]; $brdArr = array(); $boardID = bbs_getboard($boardName, $brdArr); if ($boardID == 0) { html_error_quit("指定的版面不存在!"); } $boardName = $brdArr["NAME"]; $usernum = $currentuser["index"]; if (bbs_checkreadperm($usernum, $boardID) == 0) { html_error_quit("您无权阅读该版!"); } if (bbs_is_readonly_board($brdArr)) { html_error_quit("本版为只读讨论区!"); } if (bbs_checkpostperm($usernum, $boardID) == 0) { html_error_quit("您无权在该版面发文!"); } if ($currentuser['score_user'] < 2000) { $code = @$_POST['code']; if (!$code) { html_error_quit('请输入验证码'); } if (!@$_SESSION['num_auth'] || strcasecmp($_SESSION['num_auth'], $code)) { html_error_quit('验证码错误,请重新输入');