function check_data($type = "new") { global $db_titlemax, $db_postmin, $db_postmax, $foruminfo, $atc_usesign, $article, $db_sellset, $db_enhideset, $isGM, $winddb, $db_posturlnum; $atc_title = trim($_POST['atc_title']); $atc_content = $_POST['atc_content']; if (empty($article) && !$atc_title || strlen($atc_title) > $db_titlemax) { Showmsg('postfunc_subject_limit'); } $check_content = $atc_content; for ($i = 10; $i < 14; $i++) { $check_content = str_replace(Chr($i), '', $check_content); } if (strlen(trim($check_content)) >= $db_postmax || strlen(trim($check_content)) < $db_postmin) { Showmsg('postfunc_content_limit'); } $atc_title = S::escapeChar($atc_title); $wordsfb = L::loadClass('FilterUtil', 'filter'); $ifwordsfb = $wordsfb->ifwordsfb(stripslashes($atc_content)); $ifconvert = 1; unset($_POST['atc_content']); if ($_POST['atc_convert'] == "1") { $_POST['atc_autourl'] && ($atc_content = autourl($atc_content)); if ($_G['posturlnum'] > 0 && $winddb['postnum'] < $_G['posturlnum'] && !$isGM && postUrlCheck($atc_content)) { Showmsg('postfunc_urlnum_limit'); } $atc_content = html_check($atc_content); /* * 权限控制是否能发布自动展开的多媒体 */ foreach (array('wmv', 'rm', 'flash') as $key => $value) { if (strpos(",{$GLOBALS[_G][media]},", ",{$value},") === false) { $atc_content = preg_replace("/(\\[{$value}=([0-9]{1,3}\\,[0-9]{1,3}\\,)?)1(\\].+?\\[\\/{$value}\\])/is", "\${1}0\\3", $atc_content); } } /* * [post]、[hide、[sell=位置不能换 */ if (!$isGM && (!$foruminfo['allowhide'] || !$GLOBALS['_G']['allowhidden'])) { $atc_content = str_replace("[post]", "[\tpost]", $atc_content); } elseif ($_POST['atc_hide'] == '1') { $atc_content = "[post]" . str_replace(array('[post]', '[/post]'), "", $atc_content) . "[/post]"; $ifconvert = 2; } if (!$isGM && (!$GLOBALS['forumset']['allowencode'] || !$GLOBALS['_G']['allowencode'])) { $atc_content = str_replace("[hide=", "[\thide=", $atc_content); } elseif ($_POST['atc_requireenhide'] == '1') { $atc_enhidetype = in_array($_POST['atc_enhidetype'], $db_enhideset['type']) ? $_POST['atc_enhidetype'] : 'rvrc'; $atc_content = preg_replace("/\\[hide=(.+?)\\]/is", "", $atc_content); $atc_content = "[hide=" . (int) $_POST['atc_rvrc'] . ",{$atc_enhidetype}]" . str_replace("[/hide]", "", $atc_content) . "[/hide]"; $ifconvert = 2; } if (!$isGM && (!$foruminfo['allowsell'] || !$GLOBALS['_G']['allowsell'])) { $atc_content = str_replace("[sell=", "[\tsell=", $atc_content); } elseif ($_POST['atc_requiresell'] == '1') { $atc_credittype = in_array($_POST['atc_credittype'], $db_sellset['type']) ? $_POST['atc_credittype'] : 'money'; $atc_content = str_replace("[/sell]", "", preg_replace("/\\[sell=(.+?)\\]/is", "", $atc_content)); $atc_content = "[sell=" . (int) $_POST['atc_money'] . ",{$atc_credittype}]{$atc_content}[/sell]"; $ifconvert = 2; } /*if ($ifconvert == 1) { $atc_content != convert($atc_content,'') && $ifconvert = 2; }*/ $ifconvert = 2; } if ($atc_usesign < 2) { $atc_content = S::escapeChar($atc_content); } else { $atc_content = preg_replace(array("/<script.*>.*<\\/script>/is", "/<(([^\"']|\"[^\"]*\"|'[^']*')*?)>/eis", "/javascript/i"), array("", "jscv('\\1')", "java script"), str_replace('.', '.', $atc_content)); } return array($atc_title, $atc_content, $ifconvert, $ifwordsfb); }
$pwuser = array_unique(array_diff($pwuser, array(''))); if ($pwuser) { $query = $db->query("SELECT uid FROM pw_members WHERE username IN (" . pwImplode($pwuser) . ")"); while ($rt = $db->fetch_array($query)) { $uids[] = $rt['uid']; } } if (!$uids) { $errorname = $pwuser; $errorname = implode($pwuser, ','); Showmsg('user_not_exists'); } elseif ($w_num = count($uids) > 9) { Showmsg('msg_send_limit'); } $s_num = 0; $atc_content = autourl($atc_content); $uids = pwImplode($uids); $ifuids = $sqladd = $msglog = array(); if ($uids) { $query = $db->query("SELECT uid,username,newpm,banpm,msggroups FROM pw_members WHERE uid IN({$uids})"); while ($rt = $db->fetch_array($query)) { if ($rt['msggroups'] && strpos($rt['msggroups'], ",{$groupid},") !== false || strpos(",{$rt['banpm']},", ",{$windid},") !== false) { $errorname = $rt['username']; Showmsg('msg_refuse'); } if ($edmid && in_array($rt['username'], $pwuser)) { $pwSQL = pwSqlSingle(array('m.mdate' => $timestamp, 'mc.title' => $msg_title, 'mc.content' => $atc_content)); $db->update("UPDATE pw_msg m LEFT JOIN pw_msgc mc USING(mid) SET {$pwSQL} WHERE m.mid=" . pwEscape($edmid) . " AND m.fromuid=" . pwEscape($winduid) . " AND m.ifnew='1'"); continue; } $sqladd[] = array($rt['uid'], $winduid, $windid, 'rebox', '1', $timestamp);