function blog_post($POST, $olds=array()) { global $_G, $space; $isself = 1; if(!empty($olds['uid']) && $olds['uid'] != $_G['uid']) { $isself = 0; $__G = $_G; $_G['uid'] = $olds['uid']; $_G['username'] = addslashes($olds['username']); } $POST['subject'] = getstr(trim($POST['subject']), 80); $POST['subject'] = censor($POST['subject']); if(strlen($POST['subject'])<1) $POST['subject'] = dgmdate($_G['timestamp'], 'Y-m-d'); $POST['friend'] = intval($POST['friend']); $POST['target_ids'] = ''; if($POST['friend'] == 2) { $uids = array(); $names = empty($_POST['target_names'])?array():explode(',', preg_replace("/(\s+)/s", ',', $_POST['target_names'])); if($names) { $uids = C::t('common_member')->fetch_all_uid_by_username($names); } if(empty($uids)) { $POST['friend'] = 3; } else { $POST['target_ids'] = implode(',', $uids); } } elseif($POST['friend'] == 4) { $POST['password'] = trim($POST['password']); if($POST['password'] == '') $POST['friend'] = 0; } if($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = dhtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500); $POST['tag'] = censor($POST['tag']); $POST['message'] = checkhtml($POST['message']); if($_G['mobile']) { $POST['message'] = getstr($POST['message'], 0, 0, 0, 1); $POST['message'] = censor($POST['message']); } else { $POST['message'] = getstr($POST['message'], 0, 0, 0, 0, 1); $POST['message'] = censor($POST['message']); $POST['message'] = preg_replace(array( "/\<div\>\<\/div\>/i", "/\<a\s+href\=\"([^\>]+?)\"\>/i" ), array( '', '<a href="\\1" target="_blank">' ), $POST['message']); } $message = $POST['message']; if(censormod($message) || censormod($POST['subject']) || $_G['group']['allowblogmod']) { $blog_status = 1; } else { $blog_status = 0; } if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { $classname = dhtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname); $classname = censor($classname); if(empty($classname)) { $classid = 0; } else { $classid = C::t('home_class')->fetch_classid_by_uid_classname($_G['uid'], $classname); if(empty($classid)) { $setarr = array( 'classname' => $classname, 'uid' => $_G['uid'], 'dateline' => $_G['timestamp'] ); $classid = C::t('home_class')->insert($setarr, true); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if($classid && empty($classname)) { $query = C::t('home_class')->fetch($classid); $classname = ($query['uid'] == $_G['uid']) ? $query['classname'] : ''; if(empty($classname)) $classid = 0; } $blogarr = array( 'subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($POST['noreply'])?0:1, 'catid' => intval($POST['catid']), 'status' => $blog_status, ); $titlepic = ''; $uploads = array(); if(!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = C::t('home_pic')->fetch_all_by_uid($_G['uid'], 0, 0, $picids); foreach($query as $value) { if(empty($titlepic) && $value['thumb']) { $titlepic = getimgthumbname($value['filepath']); $blogarr['picflag'] = $value['remote']?2:1; } $picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0); $uploads[md5($picurl)] = $value; } if(empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote']?2:1; } } if($uploads) { $albumid = 0; if($POST['savealbumid'] < 0 && !empty($POST['newalbum'])) { $albumname = addslashes(dhtmlspecialchars(trim($POST['newalbum']))); if(empty($albumname)) $albumname = dgmdate($_G['timestamp'],'Ymd'); $albumarr = array('albumname' => $albumname); $albumid = album_creat($albumarr); } else { $albumid = $POST['savealbumid'] < 0 ? 0 : intval($POST['savealbumid']); } if($albumid) { C::t('home_pic')->update_for_uid($_G['uid'], $picids, array('albumid' => $albumid)); album_update_pic($albumid); } preg_match_all("/\s*\<img src=\"(.+?)\".*?\>\s*/is", $message, $mathes); if(!empty($mathes[1])) { foreach ($mathes[1] as $key => $value) { $urlmd5 = md5($value); if(!empty($uploads[$urlmd5])) { unset($uploads[$urlmd5]); } } } foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>"; } } $ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\ \;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message); if(empty($ckmessage)) { return false; } if(checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } if($olds['blogid']) { if($blogarr['catid'] != $olds['catid']) { if($olds['catid']) { C::t('home_blog_category')->update_num_by_catid(-1, $olds['catid'], true, true); } if($blogarr['catid']) { C::t('home_blog_category')->update_num_by_catid(1, $blogarr['catid']); } } $blogid = $olds['blogid']; C::t('home_blog')->update($blogid, $blogarr); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { if($blogarr['catid']) { C::t('home_blog_category')->update_num_by_catid(1, $blogarr['catid']); } $blogarr['uid'] = $_G['uid']; $blogarr['username'] = $_G['username']; $blogarr['dateline'] = empty($POST['dateline'])?$_G['timestamp']:$POST['dateline']; $blogid = C::t('home_blog')->insert($blogarr, true); C::t('common_member_status')->update($_G['uid'], array('lastpost' => $_G['timestamp'])); C::t('common_member_field_home')->update($_G['uid'], array('recentnote'=>$POST['subject'])); } $blogarr['blogid'] = $blogid; $class_tag = new tag(); $POST['tag'] = $olds ? $class_tag->update_field($POST['tag'], $blogid, 'blogid') : $class_tag->add_tag($POST['tag'], $blogid, 'blogid'); $fieldarr = array( 'message' => $message, 'postip' => $_G['clientip'], 'target_ids' => $POST['target_ids'], 'tag' => $POST['tag'] ); if(!empty($titlepic)) { $fieldarr['pic'] = $titlepic; } if($olds) { C::t('home_blogfield')->update($blogid, $fieldarr); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; C::t('home_blogfield')->insert($fieldarr); } if($isself && !$olds && $blog_status == 0) { updatecreditbyaction('publishblog', 0, array('blogs' => 1)); include_once libfile('function/stat'); updatestat('blog'); } if($olds['blogid'] && $blog_status == 1) { updatecreditbyaction('publishblog', 0, array('blogs' => -1), '', -1); include_once libfile('function/stat'); updatestat('blog'); } if($POST['makefeed'] && $blog_status == 0) { include_once libfile('function/feed'); feed_publish($blogid, 'blogid', $olds?0:1); } if(!empty($__G)) $_G = $__G; if($blog_status == 1) { updatemoderate('blogid', $blogid); manage_addnotify('verifyblog'); } return $blogarr; }
function addportalarticlecomment($id, $message, $idtype = 'aid') { global $_G; $id = intval($id); if (empty($id)) { return 'comment_comment_noexist'; } $message = getstr($message, $_G['group']['allowcommentarticle'], 0, 0, 1, 0); if (strlen($message) < 2) { return 'content_is_too_short'; } $idtype = in_array($idtype, array('aid', 'topicid')) ? $idtype : 'aid'; $tablename = $idtype == 'aid' ? 'portal_article_title' : 'portal_topic'; $data = C::t($tablename)->fetch($id); if (empty($data)) { return 'comment_comment_noexist'; } if ($data['allowcomment'] != 1) { return 'comment_comment_notallowed'; } $message = censor($message); if (censormod($message)) { $comment_status = 1; } else { $comment_status = 0; } $setarr = array('uid' => $_G['uid'], 'username' => $_G['username'], 'id' => $id, 'idtype' => $idtype, 'postip' => $_G['clientip'], 'dateline' => $_G['timestamp'], 'status' => $comment_status, 'message' => $message); $pcid = C::t('portal_comment')->insert($setarr, true); if ($comment_status == 1) { updatemoderate($idtype . '_cid', $pcid); $notifykey = $idtype == 'aid' ? 'verifyacommont' : 'verifytopiccommont'; manage_addnotify($notifykey); } $tablename = $idtype == 'aid' ? 'portal_article_count' : 'portal_topic'; C::t($tablename)->increase($id, array('commentnum' => 1)); C::t('common_member_status')->update($_G['uid'], array('lastpost' => $_G['timestamp']), 'UNBUFFERED'); if ($data['uid'] != $_G['uid']) { updatecreditbyaction('portalcomment', 0, array(), $idtype . $id); } return 'do_success'; }
function threadmodstatus($string) { global $_G; $postmodperiods = periodscheck('postmodperiods', 0); if ($postmodperiods) { $modnewthreads = $modnewreplies = 1; } else { $censormod = censormod($string); $modnewthreads = (!$_G['group']['allowdirectpost'] || $_G['group']['allowdirectpost'] == 1) && $_G['forum']['modnewposts'] || $censormod ? 1 : 0; $modnewreplies = (!$_G['group']['allowdirectpost'] || $_G['group']['allowdirectpost'] == 2) && $_G['forum']['modnewposts'] == 2 || $censormod ? 1 : 0; if ($_G['forum']['status'] == 3) { $modnewthreads = !$_G['group']['allowgroupdirectpost'] || $_G['group']['allowgroupdirectpost'] == 1 || $censormod ? 1 : 0; $modnewreplies = !$_G['group']['allowgroupdirectpost'] || $_G['group']['allowgroupdirectpost'] == 2 || $censormod ? 1 : 0; } } $_G['group']['allowposturl'] = $_G['forum']['status'] != 3 ? $_G['group']['allowposturl'] : $_G['group']['allowgroupposturl']; if ($_G['group']['allowposturl'] == 1) { if (!$postmodperiods) { $censormod = censormod($string); } if ($censormod) { $modnewthreads = $modnewreplies = 1; } } return array($modnewthreads, $modnewreplies); }
} cknewuser(); $waittime = interval_check('post'); if ($waittime > 0) { showmessage('operating_too_fast', '', array('waittime' => $waittime)); } $message = getstr($_POST['message'], 200, 0, 0, 1); $message = preg_replace("/\\<br.*?\\>/i", ' ', $message); if (strlen($message) < 1) { showmessage('should_write_that'); } $message = censor($message, NULL, TRUE); if (is_array($message) && $message['message']) { showmessage('do_success', dreferer(), array('message' => $message['message'])); } if (censormod($message) || $_G['group']['allowdoingmod']) { $doing_status = 1; } else { $doing_status = 0; } $setarr = array('uid' => $_G['uid'], 'username' => $_G['username'], 'dateline' => $_G['timestamp'], 'message' => $message, 'ip' => $_G['clientip'], 'port' => $_G['remoteport'], 'status' => $doing_status); $newdoid = C::t('home_doing')->insert($setarr, 1); $setarr = array('recentnote' => $message, 'spacenote' => $message); $credit = $experience = 0; $extrasql = array('doings' => 1); updatecreditbyaction('doing', 0, $extrasql); C::t('common_member_field_home')->update($_G['uid'], $setarr); if ($_POST['to_signhtml'] && $_G['group']['maxsigsize']) { if ($_G['group']['maxsigsize'] < 200) { $signhtml = getstr($_POST['message'], $_G['group']['maxsigsize'], 0, 0, 1); $signhtml = preg_replace("/\\<br.*?\\>/i", ' ', $signhtml);
function addportalarticlecomment($id, $message, $idtype = 'aid') { global $_G; $id = intval($id); if (empty($id)) { return 'comment_comment_noexist'; } $message = getstr($message, $_G['group']['allowcommentarticle'], 1, 1, 1, 0); if (strlen($message) < 2) { return 'content_is_too_short'; } $idtype = in_array($idtype, array('aid', 'topicid')) ? $idtype : 'aid'; $tablename = $idtype == 'aid' ? 'portal_article_title' : 'portal_topic'; $data = DB::fetch_first("SELECT uid,allowcomment FROM " . DB::table($tablename) . " WHERE {$idtype}='{$id}'"); if (empty($data)) { return 'comment_comment_noexist'; } if ($data['allowcomment'] != 1) { return 'comment_comment_notallowed'; } $message = censor($message); if (censormod($message)) { $comment_status = 1; } else { $comment_status = 0; } $setarr = array('uid' => $_G['uid'], 'username' => $_G['username'], 'id' => $id, 'idtype' => $idtype, 'postip' => $_G['onlineip'], 'dateline' => $_G['timestamp'], 'status' => $comment_status, 'message' => $message); $pcid = DB::insert('portal_comment', $setarr, true); if ($comment_status == 1) { updatemoderate($idtype . '_cid', $pcid); $notifykey = $idtype == 'aid' ? 'verifyacommont' : 'verifytopiccommont'; manage_addnotify($notifykey); } $tablename = $idtype == 'aid' ? 'portal_article_count' : 'portal_topic'; DB::query("UPDATE " . DB::table($tablename) . " SET commentnum=commentnum+1 WHERE {$idtype}='{$id}'"); DB::update('common_member_status', array('lastpost' => $_G['timestamp']), array('uid' => $_G['uid'])); if ($data['uid'] != $_G['uid']) { updatecreditbyaction('portalcomment', 0, array(), $idtype . $id); } return 'do_success'; }
C::t('portal_category')->update($setarr['catid'], array('lastpublish' => TIMESTAMP)); C::t('portal_article_count')->insert(array('aid' => $aid, 'catid' => $setarr['catid'], 'viewnum' => 1)); } else { if ($htmlname && $article['htmlname'] !== $htmlname) { $setarr['htmlname'] = $htmlname; $oldarticlename = $article['htmldir'] . $article['htmlname']; unlink($oldarticlename . '.' . $_G['setting']['makehtml']['extendname']); for ($i = 1; $i < $article['contents']; $i++) { unlink($oldarticlename . $i . '.' . $_G['setting']['makehtml']['extendname']); } } C::t('portal_article_title')->update($aid, $setarr); } $content = getstr($_POST['content'], 0, 0, 0, 0, 1); $content = censor($content); if (censormod($content) || $_G['group']['allowpostarticlemod']) { $article_status = 1; } else { $article_status = 0; } $regexp = '/(\\<strong\\>##########NextPage(\\[title=(.*?)\\])?##########\\<\\/strong\\>)+/is'; preg_match_all($regexp, $content, $arr); $pagetitle = !empty($arr[3]) ? $arr[3] : array(); $pagetitle = array_map('trim', $pagetitle); array_unshift($pagetitle, $_POST['pagetitle']); $contents = preg_split($regexp, $content); $cpostcount = count($contents); $dbcontents = C::t('portal_article_content')->fetch_all($aid); $pagecount = $cdbcount = count($dbcontents); if ($cdbcount > $cpostcount) { $cdelete = array();
/** * * 在 DISCUZ_ROOT/source/function_spacecp.php 基础上做了改动 * * @author HanPengyu * @copyright 2012-2014 Appbyme */ function mobcent_pic_save($FILE, $albumid, $title, $iswatermark = true, $catid = 0) { global $_G, $space; if ($albumid < 0) { $albumid = 0; } $allowpictype = array('jpg', 'jpeg', 'gif', 'png'); $upload = new discuz_upload(); $upload->init($FILE, 'album'); if ($upload->error()) { return lang('spacecp', 'lack_of_access_to_upload_file_size'); } if (!$upload->attach['isimage']) { return lang('spacecp', 'only_allows_upload_file_types'); } $oldgid = $_G['groupid']; if (empty($space)) { $_G['member'] = $space = getuserbyuid($_G['uid']); $_G['username'] = $space['username']; $_G['groupid'] = $space['groupid']; } $_G['member'] = $space; loadcache('usergroup_' . $space['groupid'], $oldgid != $_G['groupid'] ? true : false); $_G['group'] = $_G['cache']['usergroup_' . $space['groupid']]; if (!checkperm('allowupload')) { return lang('spacecp', 'not_allow_upload'); } if (!cknewuser(1)) { if ($_G['setting']['newbiespan'] && $_G['timestamp'] - $_G['member']['regdate'] < $_G['setting']['newbiespan'] * 60) { return lang('message', 'no_privilege_newbiespan', array('newbiespan' => $_G['setting']['newbiespan'])); } if ($_G['setting']['need_avatar'] && empty($_G['member']['avatarstatus'])) { return lang('message', 'no_privilege_avatar'); } if ($_G['setting']['need_email'] && empty($_G['member']['emailstatus'])) { return lang('message', 'no_privilege_email'); } if ($_G['setting']['need_friendnum']) { space_merge($_G['member'], 'count'); if ($_G['member']['friends'] < $_G['setting']['need_friendnum']) { return lang('message', 'no_privilege_friendnum', array('friendnum' => $_G['setting']['need_friendnum'])); } } } if ($_G['group']['maximagesize'] && $upload->attach['size'] > $_G['group']['maximagesize']) { return lang('spacecp', 'files_can_not_exceed_size', array('extend' => $upload->attach['ext'], 'size' => sizecount($_G['group']['maximagesize']))); } $maxspacesize = checkperm('maxspacesize'); if ($maxspacesize) { space_merge($space, 'count'); space_merge($space, 'field_home'); if ($space['attachsize'] + $upload->attach['size'] > $maxspacesize + $space['addsize'] * 1024 * 1024) { return lang('spacecp', 'inadequate_capacity_space'); } } $showtip = true; $albumfriend = 0; if ($albumid) { $catid = intval($catid); $albumid = album_creat_by_id($albumid, $catid); } else { $albumid = 0; $showtip = false; } $upload->save(); if ($upload->error()) { return lang('spacecp', 'mobile_picture_temporary_failure'); } if (!$upload->attach['imageinfo'] || !in_array($upload->attach['imageinfo']['2'], array(1, 2, 3, 6))) { @unlink($upload->attach['target']); return lang('spacecp', 'only_allows_upload_file_types'); } $new_name = $upload->attach['target']; require_once libfile('class/image'); $image = new image(); $result = $image->Thumb($new_name, '', 140, 140, 1); $thumb = empty($result) ? 0 : 1; if ($_G['setting']['maxthumbwidth'] && $_G['setting']['maxthumbheight']) { if ($_G['setting']['maxthumbwidth'] < 300) { $_G['setting']['maxthumbwidth'] = 300; } if ($_G['setting']['maxthumbheight'] < 300) { $_G['setting']['maxthumbheight'] = 300; } $image->Thumb($new_name, '', $_G['setting']['maxthumbwidth'], $_G['setting']['maxthumbheight'], 1, 1); } // 支持客户端上传相册水印 Author:HanPengyu Data:2014/12/04 Yii::import('application.components.discuz.source.class.class_image', true); $image = new Mobcent_Image(); $image->makeWatermark($new_name, '', 'album'); // if ($iswatermark) { // $image->Watermark($new_name, '', 'album'); // } $pic_remote = 0; $album_picflag = 1; if (getglobal('setting/ftp/on')) { $ftpresult_thumb = 0; $ftpresult = ftpcmd('upload', 'album/' . $upload->attach['attachment']); if ($ftpresult) { @unlink($_G['setting']['attachdir'] . 'album/' . $upload->attach['attachment']); if ($thumb) { $thumbpath = getimgthumbname($upload->attach['attachment']); ftpcmd('upload', 'album/' . $thumbpath); @unlink($_G['setting']['attachdir'] . 'album/' . $thumbpath); } $pic_remote = 1; $album_picflag = 2; } else { if (getglobal('setting/ftp/mirror')) { @unlink($upload->attach['target']); @unlink(getimgthumbname($upload->attach['target'])); return lang('spacecp', 'ftp_upload_file_size'); } } } $title = getstr($title, 200); $title = censor($title); if (censormod($title) || $_G['group']['allowuploadmod']) { $pic_status = 1; } else { $pic_status = 0; } $setarr = array('albumid' => $albumid, 'uid' => $_G['uid'], 'username' => $_G['username'], 'dateline' => $_G['timestamp'], 'filename' => addslashes($upload->attach['name']), 'postip' => $_G['clientip'], 'title' => $title, 'type' => addslashes($upload->attach['ext']), 'size' => $upload->attach['size'], 'filepath' => $upload->attach['attachment'], 'thumb' => $thumb, 'remote' => $pic_remote, 'status' => $pic_status); $setarr['picid'] = C::t('home_pic')->insert($setarr, 1); C::t('common_member_count')->increase($_G['uid'], array('attachsize' => $upload->attach['size'])); include_once libfile('function/stat'); if ($pic_status) { updatemoderate('picid', $setarr['picid']); } updatestat('pic'); return $setarr; }
$group_recommend = unserialize($_G['setting']['group_recommend']); if ($group_recommend[$_G['fid']]) { $group_recommend[$_G['fid']]['icon'] = get_groupimg($iconnew); DB::query("UPDATE " . DB::table('common_setting') . " SET svalue = '" . serialize($group_recommend) . "' WHERE skey = 'group_recommend' LIMIT 1"); include libfile('function/cache'); updatecache('setting'); } } if ($bannernew && empty($deletebanner)) { $iconsql .= ", banner='{$bannernew}'"; } elseif ($deletebanner) { $iconsql .= ", banner=''"; @unlink($_G['forum']['banner']); } $_G['gp_descriptionnew'] = nl2br(dhtmlspecialchars(censor(trim($_G['gp_descriptionnew'])))); $censormod = censormod($_G['gp_descriptionnew']); if ($censormod) { showmessage('group_description_failed'); } $_G['gp_jointypenew'] = intval($_G['gp_jointypenew']); if ($_G['gp_jointypenew'] == '-1' && $_G['uid'] != $_G['forum']['founderuid']) { showmessage('group_close_only_founder'); } $_G['gp_gviewpermnew'] = intval($_G['gp_gviewpermnew']); DB::query("UPDATE " . DB::table('forum_forumfield') . " SET description='{$_G['gp_descriptionnew']}', jointype='{$_G['gp_jointypenew']}', gviewperm='{$_G['gp_gviewpermnew']}'{$iconsql} WHERE fid='{$_G['fid']}'"); showmessage('group_setup_succeed', $url); } else { $firstgid = $_G['cache']['grouptype']['second'][$_G['forum']['fup']]['fup']; $groupselect = get_groupselect($firstgid, $_G['forum']['fup']); $gviewpermselect = $jointypeselect = array('', '', ''); $_G['forum']['descriptionnew'] = str_replace("<br />", '', $_G['forum']['description']);
showmessage('content_is_too_short', '', array(), array('return' => true)); } include_once libfile('class/bbcode'); $bbcode =& bbcode::instance(); require_once libfile('function/comment'); $cidarr = add_comment($message, $currentid, $currenttype, 0); if ($cidarr['cid']) { $magvalues['cid'] = $cidarr['cid']; $magvalues['id'] = $currentid; } } $magvalues['type'] = $commentcable[$type]; } $arr['body_general'] = getstr($_POST['general'], 150, 1, 1, 1); $arr['body_general'] = censor($arr['body_general']); if (censormod($arr['body_general']) || $_G['group']['allowsharemod']) { $arr['status'] = 1; } else { $arr['status'] = 0; } $arr['type'] = $type; $arr['uid'] = $_G['uid']; $arr['username'] = $_G['username']; $arr['dateline'] = $_G['timestamp']; if ($arr['status'] == 0 && ckprivacy('share', 'feed')) { require_once libfile('function/feed'); feed_add('share', '{actor} ' . $arr['title_template'], array('hash_data' => $feed_hash_data), $arr['body_template'], $arr['body_data'], $arr['body_general'], array($arr['image']), array($arr['image_link'])); } $arr['body_data'] = serialize($arr['body_data']); $setarr = daddslashes($arr); $sid = DB::insert('home_share', $setarr, 1);
function add_comment($message, $id, $idtype, $cid = 0) { global $_G, $bbcode; $allowcomment = false; switch ($idtype) { case 'uid': $allowcomment = helper_access::check_module('wall'); break; case 'picid': $allowcomment = helper_access::check_module('album'); break; case 'blogid': $allowcomment = helper_access::check_module('blog'); break; case 'sid': $allowcomment = helper_access::check_module('share'); break; } if (!$allowcomment) { showmessage('quickclear_noperm'); } $summay = getstr($message, 150, 0, 0, 0, -1); $comment = array(); if ($cid) { $comment = C::t('home_comment')->fetch_by_id_idtype($id, $idtype, $cid); if ($comment && $comment['authorid'] != $_G['uid']) { $comment['message'] = preg_replace("/\\<div class=\"quote\"\\>\\<blockquote\\>.*?\\<\\/blockquote\\>\\<\\/div\\>/is", '', $comment['message']); $comment['message'] = $bbcode->html2bbcode($comment['message']); $message = "<div class=\"quote\"><blockquote><b>" . $comment['author'] . "</b>: " . getstr($comment['message'], 150, 0, 0, 2, 1) . '</blockquote></div>' . $message; if ($comment['idtype'] == 'uid') { $id = $comment['authorid']; } } else { $comment = array(); } } $hotarr = array(); $stattype = ''; $tospace = $pic = $blog = $album = $share = $poll = array(); switch ($idtype) { case 'uid': $tospace = getuserbyuid($id); $stattype = 'wall'; break; case 'picid': $pic = C::t('home_pic')->fetch($id); if (empty($pic)) { showmessage('view_images_do_not_exist'); } $picfield = C::t('home_picfield')->fetch($id); $pic['hotuser'] = $picfield['hotuser']; $tospace = getuserbyuid($pic['uid']); $album = array(); if ($pic['albumid']) { $query = C::t('home_album')->fetch($pic['albumid']); if (!$query['albumid']) { C::t('home_pic')->update_for_albumid($albumid, array('albumid' => 0)); } } if (!ckfriend($album['uid'], $album['friend'], $album['target_ids'])) { showmessage('no_privilege_ckfriend_pic'); } elseif (!$tospace['self'] && $album['friend'] == 4) { $cookiename = "view_pwd_album_{$album['albumid']}"; $cookievalue = empty($_G['cookie'][$cookiename]) ? '' : $_G['cookie'][$cookiename]; if ($cookievalue != md5(md5($album['password']))) { showmessage('no_privilege_ckpassword_pic'); } } $hotarr = array('picid', $pic['picid'], $pic['hotuser']); $stattype = 'piccomment'; break; case 'blogid': $blog = array_merge(C::t('home_blog')->fetch($id), C::t('home_blogfield')->fetch_targetids_by_blogid($id)); if (empty($blog)) { showmessage('view_to_info_did_not_exist'); } $tospace = getuserbyuid($blog['uid']); if (!ckfriend($blog['uid'], $blog['friend'], $blog['target_ids'])) { showmessage('no_privilege_ckfriend_blog'); } elseif (!$tospace['self'] && $blog['friend'] == 4) { $cookiename = "view_pwd_blog_{$blog['blogid']}"; $cookievalue = empty($_G['cookie'][$cookiename]) ? '' : $_G['cookie'][$cookiename]; if ($cookievalue != md5(md5($blog['password']))) { showmessage('no_privilege_ckpassword_blog'); } } if (!empty($blog['noreply'])) { showmessage('do_not_accept_comments'); } if ($blog['target_ids']) { $blog['target_ids'] .= ",{$blog['uid']}"; } $hotarr = array('blogid', $blog['blogid'], $blog['hotuser']); $stattype = 'blogcomment'; break; case 'sid': $share = C::t('home_share')->fetch($id); if (empty($share)) { showmessage('sharing_does_not_exist'); } $tospace = getuserbyuid($share['uid']); $hotarr = array('sid', $share['sid'], $share['hotuser']); $stattype = 'sharecomment'; break; default: showmessage('non_normal_operation'); break; } if (empty($tospace)) { showmessage('space_does_not_exist', '', array(), array('return' => true)); } if (isblacklist($tospace['uid'])) { showmessage('is_blacklist'); } if ($hotarr && $tospace['uid'] != $_G['uid']) { hot_update($hotarr[0], $hotarr[1], $hotarr[2]); } $fs = array(); $fs['icon'] = 'comment'; $fs['target_ids'] = ''; $fs['friend'] = ''; $fs['body_template'] = ''; $fs['body_data'] = array(); $fs['body_general'] = ''; $fs['images'] = array(); $fs['image_links'] = array(); switch ($idtype) { case 'uid': $fs['icon'] = 'wall'; $fs['title_template'] = 'feed_comment_space'; $fs['title_data'] = array('touser' => "<a href=\"home.php?mod=space&uid={$tospace['uid']}\">{$tospace['username']}</a>"); break; case 'picid': $fs['title_template'] = 'feed_comment_image'; $fs['title_data'] = array('touser' => "<a href=\"home.php?mod=space&uid={$tospace['uid']}\">" . $tospace['username'] . "</a>"); $fs['body_template'] = '{pic_title}'; $fs['body_data'] = array('pic_title' => $pic['title']); $fs['body_general'] = $summay; $fs['images'] = array(pic_get($pic['filepath'], 'album', $pic['thumb'], $pic['remote'])); $fs['image_links'] = array("home.php?mod=space&uid={$tospace['uid']}&do=album&picid={$pic['picid']}"); $fs['target_ids'] = $album['target_ids']; $fs['friend'] = $album['friend']; break; case 'blogid': C::t('home_blog')->increase($id, 0, array('replynum' => 1)); $fs['title_template'] = 'feed_comment_blog'; $fs['title_data'] = array('touser' => "<a href=\"home.php?mod=space&uid={$tospace['uid']}\">" . $tospace['username'] . "</a>", 'blog' => "<a href=\"home.php?mod=space&uid={$tospace['uid']}&do=blog&id={$id}\">{$blog['subject']}</a>"); $fs['target_ids'] = $blog['target_ids']; $fs['friend'] = $blog['friend']; break; case 'sid': $fs['title_template'] = 'feed_comment_share'; $fs['title_data'] = array('touser' => "<a href=\"home.php?mod=space&uid={$tospace['uid']}\">" . $tospace['username'] . "</a>", 'share' => "<a href=\"home.php?mod=space&uid={$tospace['uid']}&do=share&id={$id}\">" . str_replace(lang('spacecp', 'share_action'), '', $share['title_template']) . "</a>"); break; } $message = censor($message); if (censormod($message)) { $comment_status = 1; } else { $comment_status = 0; } $setarr = array('uid' => $tospace['uid'], 'id' => $id, 'idtype' => $idtype, 'authorid' => $_G['uid'], 'author' => $_G['username'], 'dateline' => $_G['timestamp'], 'message' => $message, 'ip' => $_G['clientip'], 'port' => $_G['remoteport'], 'status' => $comment_status); $cid = C::t('home_comment')->insert($setarr, true); $action = 'comment'; $becomment = 'getcomment'; $note = $q_note = ''; $note_values = $q_values = array(); switch ($idtype) { case 'uid': $n_url = "home.php?mod=space&uid={$tospace['uid']}&do=wall&cid={$cid}"; $note_type = 'wall'; $note = 'wall'; $note_values = array('url' => $n_url); $q_note = 'wall_reply'; $q_values = array('url' => $n_url); if ($comment) { $msg = 'note_wall_reply_success'; $magvalues = array('username' => $tospace['username']); $becomment = ''; } else { $msg = 'do_success'; $magvalues = array(); $becomment = 'getguestbook'; } $action = 'guestbook'; break; case 'picid': $n_url = "home.php?mod=space&uid={$tospace['uid']}&do=album&picid={$id}&cid={$cid}"; $note_type = 'comment'; $note = 'pic_comment'; $note_values = array('url' => $n_url); $q_note = 'pic_comment_reply'; $q_values = array('url' => $n_url); $msg = 'do_success'; $magvalues = array(); break; case 'blogid': $n_url = "home.php?mod=space&uid={$tospace['uid']}&do=blog&id={$id}&cid={$cid}"; $note_type = 'comment'; $note = 'blog_comment'; $note_values = array('url' => $n_url, 'subject' => $blog['subject']); $q_note = 'blog_comment_reply'; $q_values = array('url' => $n_url); $msg = 'do_success'; $magvalues = array(); break; case 'sid': $n_url = "home.php?mod=space&uid={$tospace['uid']}&do=share&id={$id}&cid={$cid}"; $note_type = 'comment'; $note = 'share_comment'; $note_values = array('url' => $n_url); $q_note = 'share_comment_reply'; $q_values = array('url' => $n_url); $msg = 'do_success'; $magvalues = array(); break; } if (empty($comment)) { if ($tospace['uid'] != $_G['uid']) { if (ckprivacy('comment', 'feed')) { require_once libfile('function/feed'); $fs['title_data']['hash_data'] = "{$idtype}{$id}"; feed_add($fs['icon'], $fs['title_template'], $fs['title_data'], $fs['body_template'], $fs['body_data'], $fs['body_general'], $fs['images'], $fs['image_links'], $fs['target_ids'], $fs['friend']); } $note_values['from_id'] = $id; $note_values['from_idtype'] = $idtype; $note_values['url'] .= "&goto=new#comment_{$cid}_li"; notification_add($tospace['uid'], $note_type, $note, $note_values); } } elseif ($comment['authorid'] != $_G['uid']) { notification_add($comment['authorid'], $note_type, $q_note, $q_values); } if ($comment_status == 1) { updatemoderate($idtype . '_cid', $cid); manage_addnotify('verifycommontes'); } if ($stattype) { include_once libfile('function/stat'); updatestat($stattype); } if ($tospace['uid'] != $_G['uid']) { $needle = $id; if ($idtype != 'uid') { $needle = $idtype . $id; } else { $needle = $tospace['uid']; } updatecreditbyaction($action, 0, array(), $needle); if ($becomment) { if ($idtype == 'uid') { $needle = $_G['uid']; } updatecreditbyaction($becomment, $tospace['uid'], array(), $needle); } } C::t('common_member_status')->update($_G['uid'], array('lastpost' => $_G['timestamp']), 'UNBUFFERED'); $magvalues['cid'] = $cid; return array('cid' => $cid, 'msg' => $msg, 'magvalues' => $magvalues); }
function stream_save($strdata, $albumid = 0, $fileext = 'jpg', $name = '', $title = '', $delsize = 0, $from = false) { global $_G, $space; if ($albumid < 0) { $albumid = 0; } $allowPicType = array('jpg', 'jpeg', 'gif', 'png'); if (!in_array($fileext, $allowPicType)) { return -3; } $setarr = array(); $upload = new discuz_upload(); $filepath = $upload->get_target_dir('album') . $upload->get_target_filename('album') . '.' . $fileext; $newfilename = $_G['setting']['attachdir'] . './album/' . $filepath; if ($handle = fopen($newfilename, 'wb')) { if (fwrite($handle, $strdata) !== FALSE) { fclose($handle); $size = filesize($newfilename); if (empty($space)) { $_G['member'] = $space = getuserbyuid($_G['uid']); $_G['username'] = $space['username']; } $_G['member'] = $space; loadcache('usergroup_' . $space['groupid']); $_G['group'] = $_G['cache']['usergroup_' . $space['groupid']]; $maxspacesize = checkperm('maxspacesize'); if ($maxspacesize) { space_merge($space, 'count'); space_merge($space, 'field_home'); if ($space['attachsize'] + $size - $delsize > $maxspacesize + $space['addsize'] * 1024 * 1024) { @unlink($newfilename); return -1; } } if (!$upload->get_image_info($newfilename)) { @unlink($newfilename); return -2; } require_once libfile('class/image'); $image = new image(); $result = $image->Thumb($newfilename, NULL, 140, 140, 1); $thumb = empty($result) ? 0 : 1; $image->Watermark($newfilename); $pic_remote = 0; $album_picflag = 1; if (getglobal('setting/ftp/on')) { $ftpresult_thumb = 0; $ftpresult = ftpcmd('upload', 'album/' . $filepath); if ($ftpresult) { @unlink($_G['setting']['attachdir'] . 'album/' . $filepath); if ($thumb) { $thumbpath = getimgthumbname($filepath); ftpcmd('upload', 'album/' . $thumbpath); @unlink($_G['setting']['attachdir'] . 'album/' . $thumbpath); } $pic_remote = 1; $album_picflag = 2; } else { if (getglobal('setting/ftp/mirror')) { @unlink($newfilename); @unlink(getimgthumbname($newfilename)); return -3; } } } $filename = $name ? $name : substr(strrchr($filepath, '/'), 1); $title = getstr($title, 200); $title = censor($title); if (censormod($title) || $_G['group']['allowuploadmod']) { $pic_status = 1; } else { $pic_status = 0; } if ($albumid) { $albumid = album_creat_by_id($albumid); } else { $albumid = 0; } $setarr = array('albumid' => $albumid, 'uid' => $_G['uid'], 'username' => $_G['username'], 'dateline' => $_G['timestamp'], 'filename' => $filename, 'postip' => $_G['clientip'], 'title' => $title, 'type' => $fileext, 'size' => $size, 'filepath' => $filepath, 'thumb' => $thumb, 'remote' => $pic_remote, 'status' => $pic_status); $setarr['picid'] = C::t('home_pic')->insert($setarr, 1); C::t('common_member_count')->increase($_G['uid'], array('attachsize' => $size)); include_once libfile('function/stat'); updatestat('pic'); return $setarr; } else { fclose($handle); } } return -3; }
function blog_post($POST, $olds = array()) { global $_G, $space; $isself = 1; if (!empty($olds['uid']) && $olds['uid'] != $_G['uid']) { $isself = 0; $__G = $_G; $_G['uid'] = $olds['uid']; $_G['username'] = addslashes($olds['username']); } $POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1); $POST['subject'] = censor($POST['subject']); if (strlen($POST['subject']) < 1) { $POST['subject'] = dgmdate($_G['timestamp'], 'Y-m-d'); } $POST['friend'] = intval($POST['friend']); $POST['target_ids'] = ''; if ($POST['friend'] == 2) { $uids = array(); $names = empty($_POST['target_names']) ? array() : explode(',', preg_replace("/(\\s+)/s", ',', $_POST['target_names'])); if ($names) { $query = DB::query("SELECT uid FROM " . DB::table('common_member') . " WHERE username IN (" . dimplode($names) . ")"); while ($value = DB::fetch($query)) { $uids[] = $value['uid']; } } if (empty($uids)) { $POST['friend'] = 3; } else { $POST['target_ids'] = implode(',', $uids); } } elseif ($POST['friend'] == 4) { $POST['password'] = trim($POST['password']); if ($POST['password'] == '') { $POST['friend'] = 0; } } if ($POST['friend'] !== 2) { $POST['target_ids'] = ''; } if ($POST['friend'] !== 4) { $POST['password'] == ''; } $POST['tag'] = dhtmlspecialchars(trim($POST['tag'])); $POST['tag'] = getstr($POST['tag'], 500, 1, 1); $POST['tag'] = censor($POST['tag']); if ($_G['mobile']) { $POST['message'] = getstr($POST['message'], 0, 1, 0, 1); $POST['message'] = censor($POST['message']); } else { $POST['message'] = checkhtml($POST['message']); $POST['message'] = getstr($POST['message'], 0, 1, 0, 0, 1); $POST['message'] = censor($POST['message']); $POST['message'] = preg_replace(array("/\\<div\\>\\<\\/div\\>/i", "/\\<a\\s+href\\=\"([^\\>]+?)\"\\>/i"), array('', '<a href="\\1" target="_blank">'), $POST['message']); } $message = $POST['message']; if (censormod($message) || censormod($POST['subject']) || $_G['group']['allowblogmod']) { $blog_status = 1; } else { $blog_status = 0; } if (empty($olds['classid']) || $POST['classid'] != $olds['classid']) { if (!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') { $classname = dhtmlspecialchars(trim(substr($POST['classid'], 4))); $classname = getstr($classname, 0, 1, 1); $classname = censor($classname); if (empty($classname)) { $classid = 0; } else { $classid = DB::result(DB::query("SELECT classid FROM " . DB::table('home_class') . " WHERE uid='{$_G['uid']}' AND classname='{$classname}'")); if (empty($classid)) { $setarr = array('classname' => $classname, 'uid' => $_G['uid'], 'dateline' => $_G['timestamp']); $classid = DB::insert('home_class', $setarr, 1); } } } else { $classid = intval($POST['classid']); } } else { $classid = $olds['classid']; } if ($classid && empty($classname)) { $classname = DB::result(DB::query("SELECT classname FROM " . DB::table('home_class') . " WHERE classid='{$classid}' AND uid='{$_G['uid']}'")); if (empty($classname)) { $classid = 0; } } $blogarr = array('subject' => $POST['subject'], 'classid' => $classid, 'friend' => $POST['friend'], 'password' => $POST['password'], 'noreply' => empty($POST['noreply']) ? 0 : 1, 'catid' => intval($POST['catid']), 'status' => $blog_status); $titlepic = ''; $uploads = array(); if (!empty($POST['picids'])) { $picids = array_keys($POST['picids']); $query = DB::query("SELECT * FROM " . DB::table('home_pic') . " WHERE picid IN (" . dimplode($picids) . ") AND uid='{$_G['uid']}'"); while ($value = DB::fetch($query)) { if (empty($titlepic) && $value['thumb']) { $titlepic = $value['filepath'] . '.thumb.jpg'; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } $uploads[$POST['picids'][$value['picid']]] = $value; } if (empty($titlepic) && $value) { $titlepic = $value['filepath']; $blogarr['picflag'] = $value['remote'] ? 2 : 1; } } if ($uploads) { preg_match_all("/\\[imgid\\=(\\d+)\\]/i", $message, $mathes); if (!empty($mathes[1])) { $searchs = $replaces = array(); foreach ($mathes[1] as $key => $value) { if (!empty($uploads[$value])) { $picurl = pic_get($uploads[$value]['filepath'], 'album', $uploads[$value]['thumb'], $uploads[$value]['remote'], 0); $searchs[] = "[imgid={$value}]"; $replaces[] = "<img src=\"{$picurl}\">"; unset($uploads[$value]); } } if ($searchs) { $message = str_replace($searchs, $replaces, $message); } } foreach ($uploads as $value) { $picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0); $message .= "<div class=\"uchome-message-pic\"><img src=\"{$picurl}\"><p>{$value['title']}</p></div>"; } } $ckmessage = preg_replace("/(\\<div\\>|\\<\\/div\\>|\\s|\\ \\;|\\<br\\>|\\<p\\>|\\<\\/p\\>)+/is", '', $message); if (empty($ckmessage)) { return false; } $message = addslashes($message); if (empty($titlepic) && empty($olds)) { $titlepic = getmessagepic($message); $blogarr['picflag'] = 0; } if (checkperm('manageblog')) { $blogarr['hot'] = intval($POST['hot']); } if ($olds['blogid']) { if ($blogarr['catid'] != $olds['catid']) { if ($olds['catid']) { DB::query("UPDATE " . DB::table('home_blog_category') . " SET num=num-1 WHERE catid='{$olds['catid']}' AND num>0"); } if ($blogarr['catid']) { DB::query("UPDATE " . DB::table('home_blog_category') . " SET num=num+1 WHERE catid='{$blogarr['catid']}'"); } } $blogid = $olds['blogid']; DB::update('home_blog', $blogarr, array('blogid' => $blogid)); $fuids = array(); $blogarr['uid'] = $olds['uid']; $blogarr['username'] = $olds['username']; } else { if ($blogarr['catid']) { DB::query("UPDATE " . DB::table('home_blog_category') . " SET num=num+1 WHERE catid='{$blogarr['catid']}'"); } $blogarr['uid'] = $_G['uid']; $blogarr['username'] = $_G['username']; $blogarr['dateline'] = empty($POST['dateline']) ? $_G['timestamp'] : $POST['dateline']; $blogid = DB::insert('home_blog', $blogarr, 1); DB::update('common_member_status', array('lastpost' => $_G['timestamp']), array('uid' => $_G['uid'])); DB::update('common_member_field_home', array('recentnote' => $POST['subject']), array('uid' => $_G['uid'])); } $blogarr['blogid'] = $blogid; $fieldarr = array('message' => $message, 'postip' => $_G['clientip'], 'target_ids' => $POST['target_ids'], 'tag' => $POST['tag']); if (!empty($titlepic)) { $fieldarr['pic'] = $titlepic; } if ($olds) { DB::update('home_blogfield', $fieldarr, array('blogid' => $blogid)); } else { $fieldarr['blogid'] = $blogid; $fieldarr['uid'] = $blogarr['uid']; DB::insert('home_blogfield', $fieldarr); } if ($isself && !$olds && $blog_status == 0) { updatecreditbyaction('publishblog', 0, array('blogs' => 1)); include_once libfile('function/stat'); updatestat('blog'); } if ($POST['makefeed'] && $blog_status == 0) { include_once libfile('function/feed'); feed_publish($blogid, 'blogid', $olds ? 0 : 1); } if (!empty($__G)) { $_G = $__G; } return $blogarr; }
$startorder = $pageorder - 1; $pageorder = DB::result(DB::query("SELECT pageorder FROM " . DB::table('portal_article_content') . " WHERE aid='{$aid}' ORDER BY pageorder LIMIT {$startorder}, 1"), 0); if ($article_content && $article_content['pageorder'] == $pageorder) { $content_count = $content_count - 1; } if ($content_count > 0) { DB::query('UPDATE ' . DB::table('portal_article_content') . " SET pageorder = pageorder+{$content_count} WHERE aid='{$aid}' AND pageorder>='{$pageorder}'"); } } else { $pageorder = DB::result(DB::query("SELECT MAX(pageorder) FROM " . DB::table('portal_article_content') . " WHERE aid='{$aid}'"), 0); $pageorder = $pageorder + 1; } if ($article_content) { $setarr = array('content' => trim($contents[0]), 'pageorder' => $pageorder, 'dateline' => $_G['timestamp']); DB::update('portal_article_content', $setarr, array('cid' => $cid)); if (censormod($contents[0])) { DB::update('portal_article_title', array('status' => 1), array('aid' => $aid)); } unset($contents[0]); } if ($contents) { $inserts = array(); foreach ($contents as $key => $value) { $value = trim($value); $inserts[] = "('{$aid}', '{$value}', '" . ($pageorder + $key) . "', '{$_G['timestamp']}', '{$id}', '{$idtype}')"; } DB::query("INSERT INTO " . DB::table('portal_article_content') . "\r\n\t\t\t(aid, content, pageorder, dateline, id, idtype)\r\n\t\t\tVALUES " . implode(',', $inserts)); DB::query('UPDATE ' . DB::table('portal_article_title') . " SET status = '{$article_status}', contents = contents+" . count($inserts) . " WHERE aid='{$aid}'"); } $newaids = array(); $_POST['attach_ids'] = explode(',', $_POST['attach_ids']);
if (censormod($title)) { $pic_status = 1; } else { $pic_status = 0; } $wherearr = array('picid' => $picid); if (!$managealbum) { $wherearr['uid'] = $_G['uid']; } DB::update('home_pic', array('title' => $title, 'status' => $pic_status), $wherearr); } } elseif ($_GET['subop'] == 'move') { foreach ($_POST['title'] as $picid => $value) { $title = getstr($value, 150, 1, 1); $title = censor($title); if (censormod($title)) { $pic_status = 1; } else { $pic_status = 0; } $wherearr = array('picid' => $picid); if (!$managealbum) { $wherearr['uid'] = $_G['uid']; } DB::update('home_pic', array('title' => $title, 'status' => $pic_status), $wherearr); } if ($_POST['ids']) { $plussql = $managealbum ? '' : "AND uid='{$_G['uid']}'"; $_POST['newalbumid'] = intval($_POST['newalbumid']); if ($_POST['newalbumid']) { $query = DB::query("SELECT albumid FROM " . DB::table('home_album') . " WHERE albumid='{$_POST['newalbumid']}' {$plussql}");
} if ($album['uid'] != $_G['uid'] && !$managealbum) { showmessage('no_privilege_pic_edit', 'home.php?mod=space&uid=' . $_G['uid'] . '&do=album&view=me', array(), array('return' => true)); } } else { $album['uid'] = $_G['uid']; } if (submitcheck('editpicsubmit')) { $return = true; foreach ($_POST['title'] as $picid => $value) { if ($value == $_GET['oldtitle'][$picid]) { continue; } $title = getstr($value, 150); $title = censor($title); if (censormod($title) || $_G['group']['allowuploadmod']) { $pic_status = 1; manage_addnotify('verifypic'); } else { $pic_status = 0; } $wherearr = array('picid' => $picid); if (!$managealbum) { $wherearr['uid'] = $_G['uid']; } C::t('home_pic')->update($picid, array('title' => $title, 'status' => $pic_status)); } if ($_GET['subop'] == 'delete') { if ($_POST['ids']) { require_once libfile('function/delete'); deletepics($_POST['ids']);
if ($group_recommend[$_G['fid']]) { $group_recommend[$_G['fid']]['icon'] = get_groupimg($iconnew); C::t('common_setting')->update('group_recommend', $group_recommend); include libfile('function/cache'); updatecache('setting'); } } if ($bannernew && empty($deletebanner)) { $setarr['banner'] = $bannernew; } elseif ($deletebanner) { $setarr['banner'] = ''; @unlink($_G['forum']['banner']); } require_once libfile('function/discuzcode'); $_GET['descriptionnew'] = discuzcode(censor(trim($_GET['descriptionnew'])), 0, 0, 0, 0, 1, 1, 0, 0, 1); $censormod = censormod($_GET['descriptionnew']); if ($censormod) { showmessage('group_description_failed'); } $_GET['jointypenew'] = intval($_GET['jointypenew']); if ($_GET['jointypenew'] == '-1' && $_G['uid'] != $_G['forum']['founderuid']) { showmessage('group_close_only_founder'); } $_GET['gviewpermnew'] = intval($_GET['gviewpermnew']); $setarr['description'] = $_GET['descriptionnew']; $setarr['jointype'] = $_GET['jointypenew']; $setarr['gviewperm'] = $_GET['gviewpermnew']; C::t('forum_forumfield')->update($_G['fid'], $setarr); showmessage('group_setup_succeed', $url); } else { $firstgid = $_G['cache']['grouptype']['second'][$_G['forum']['fup']]['fup'];
if (!$var['sayclose']) { if ($_G['gp_qdmode'] == '1') { $todaysay = dhtmlspecialchars($_G['gp_todaysay']); if ($todaysay == '') { sign_msg($lang['ts_nots']); } if (strlen($todaysay) > 100) { sign_msg($lang['ts_ovts']); } if (strlen($todaysay) < 6) { sign_msg($lang['ts_syts']); } if (!preg_match("/[^A-Za-z0-9.,]/", $todaysay)) { sign_msg($lang['ts_saywater']); } $illegaltest = censormod($todaysay); if ($illegaltest) { sign_msg($lang['ts_illegaltext']); } } elseif ($_G['gp_qdmode'] == '2') { switch ($_G['gp_fastreply']) { case 1: $todaysay = "{$var['fastreply1']}"; break; case 2: $todaysay = "{$var['fastreply2']}"; break; case 3: $todaysay = "{$var['fastreply3']}"; break; case 4:
if (!$novel) { showmessage("undefined_action", NULL); } else { if ($novel['posterid'] == $_G['uid']) { showmessage("thread_rate_member_invalid", NULL); } } DB::query("INSERT INTO " . DB::table("pdnovel_rate") . (" (novelid, uid, username, credits, dateline) VALUES (" . $novelid . ", {$_G['uid']}, '{$_G['username']}', {$credits}, {$_G['timestamp']})"), "UNBUFFERED"); DB::query("UPDATE LOW_PRIORITY " . DB::table("pdnovel_view") . (" SET rate=rate+" . $credits . " WHERE novelid={$novelid}"), "UNBUFFERED"); updatemembercount($_G['uid'], array($_G['setting']['creditstransextra'][1] => 0 - $credits), 1, "BAC", $novelid); updatemembercount($novel['posterid'], array($_G['setting']['creditstransextra'][1] => $credits), 1, "BAC", $novelid); if ($_POST['message']) { $message = getstr($_POST['message'], 600, 1, 1, 1, 0); $message = "<font color=red>" . $message . "</font>"; $message = censor($message); if (censormod($message)) { $comment_status = 1; } else { $comment_status = 0; } $setarr = array("uid" => $_G['uid'], "username" => $_G['username'], "novelid" => $novelid, "postip" => $_G['onlineip'], "dateline" => $_G['timestamp'], "status" => $comment_status, "message" => $message); DB::insert("pdnovel_comment", $setarr); DB::query("UPDATE " . DB::table("pdnovel_view") . (" SET comments=comments+1 WHERE novelid=" . $novelid)); DB::update("common_member_status", array("lastpost" => $_G['timestamp']), array("uid" => $_G['uid'])); } showmessage("do_success", "pdnovel.php?mod=view&novelid=" . $novelid); } } else { if ($_G['gp_ac'] == "star") { $novelid = $_G['gp_novelid']; $novel = DB::fetch_first("SELECT * FROM " . DB::table("pdnovel_view") . (" WHERE novelid=" . $novelid . " AND display=0 LIMIT 1"));
$stickcheck = empty($sticktopic) ? '' : 'checked="checked"'; $digestcheck = empty($addtodigest) ? '' : 'checked="checked"'; $subject = isset($_G['gp_subject']) ? dhtmlspecialchars(censor(trim($_G['gp_subject']))) : ''; $subject = !empty($subject) ? str_replace("\t", ' ', $subject) : $subject; $message = isset($_G['gp_message']) ? censor($_G['gp_message']) : ''; $polloptions = isset($polloptions) ? censor(trim($polloptions)) : ''; $readperm = isset($_G['gp_readperm']) ? intval($_G['gp_readperm']) : 0; $price = isset($_G['gp_price']) ? intval($_G['gp_price']) : 0; $_G['setting']['tagstatus'] = $_G['setting']['tagstatus'] && $_G['forum']['allowtag'] ? $_G['setting']['tagstatus'] == 2 ? 2 : $_G['forum']['allowtag'] : 0; if (empty($bbcodeoff) && !$_G['group']['allowhidecode'] && !empty($message) && preg_match("/\\[hide=?\\d*\\].+?\\[\\/hide\\]/is", preg_replace("/(\\[code\\](.+?)\\[\\/code\\])/is", ' ', $message))) { showmessage('post_hide_nopermission'); } if (periodscheck('postmodperiods', 0)) { $modnewthreads = $modnewreplies = 1; } else { $censormod = censormod($subject . "\t" . $message); $modnewthreads = (!$_G['group']['allowdirectpost'] || $_G['group']['allowdirectpost'] == 1) && $_G['forum']['modnewposts'] || $censormod ? 1 : 0; $modnewreplies = (!$_G['group']['allowdirectpost'] || $_G['group']['allowdirectpost'] == 2) && $_G['forum']['modnewposts'] == 2 || $censormod ? 1 : 0; } if ($_G['group']['allowposturl'] < 3 && $message) { $urllist = get_url_list($message); if (is_array($urllist[1])) { foreach ($urllist[1] as $key => $val) { if (!($val = trim($val))) { continue; } if (!iswhitelist($val)) { if ($_G['group']['allowposturl'] == 0) { showmessage('post_url_nopermission'); } elseif ($_G['group']['allowposturl'] == 1) { $modnewthreads = $modnewreplies = 1;
function srcreategroup($lastdata) { global $_G; $parentid = intval($lastdata['parentid']); $fup = intval($lastdata['fup']); $name = censor(dhtmlspecialchars(cutstr(trim($lastdata['name']), 255, ''))); $censormod = censormod($name); if (empty($name)) { return; } elseif ($censormod) { return; } elseif (empty($parentid) && empty($fup)) { return; } if (empty($_G['cache']['grouptype']['first'][$parentid]) && empty($_G['cache']['grouptype']['second'][$fup]) || $_G['cache']['grouptype']['first'][$parentid]['secondlist'] && !in_array($_G['cache']['grouptype']['second'][$fup]['fid'], $_G['cache']['grouptype']['first'][$parentid]['secondlist'])) { ///return; } if (empty($fup)) { $fup = $parentid; } if (C::t('#sanree_brand#forum_forum')->fetch_fid_by_name($name)) { return; } require_once libfile('function/discuzcode'); $descriptionnew = discuzcode(dhtmlspecialchars(censor(trim($lastdata['descriptionnew']))), 0, 0, 0, 0, 1, 1, 0, 0, 1); $censormod = censormod($descriptionnew); if ($censormod) { return; } if (empty($_G['setting']['groupmod']) || $_G['adminid'] == 1) { $levelinfo = C::t('#sanree_brand#forum_grouplevel')->fetch_by_credits(); $levelid = $levelinfo['levelid']; } else { $levelid = -1; } $newfid = C::t('#sanree_brand#forum_forum')->insert_group($fup, 'sub', $name, '3', $levelid); if ($newfid) { $jointype = intval($lastdata['jointype']); $gviewperm = intval($lastdata['gviewperm']); $fieldarray = array('fid' => $newfid, 'description' => $descriptionnew, 'jointype' => $jointype, 'gviewperm' => $gviewperm, 'dateline' => TIMESTAMP, 'founderuid' => $lastdata['uid'], 'foundername' => $lastdata['username'], 'membernum' => 1); C::t('#sanree_brand#forum_forumfield')->insert($fieldarray); C::t('#sanree_brand#forum_forumfield')->update_groupnum($fup, 1); C::t('#sanree_brand#forum_groupuser')->insert($newfid, $lastdata['uid'], $lastdata['username'], 1, TIMESTAMP); require_once libfile('function/cache'); updatecache('grouptype'); } C::t('#sanree_brand#sanree_brand_businesses')->update($lastdata['bid'], array('syngrouptid' => $newfid)); include_once libfile('function/stat'); updatestat('group'); if ($levelid == -1) { return true; } return true; }