function get_IPTC($filename)
{
$IPTC_data = array();
$size = GetImageSize($filename, $info);
if (isset($info["APP13"])) {
$iptc = iptcparse($info["APP13"]);
if (is_array($iptc)) {
$IPTC_data = array("Title" => $iptc["2#005"][0], "Urgency" => $iptc["2#010"][0], "Category" => $iptc["2#015"][0], "SubCategories" => $iptc["2#020"], "Keywords" => $iptc["2#025"], "Instructions" => $iptc["2#040"][0], "CreationDate" => $iptc["2#055"][0], "CreationTime" => $iptc["2#060"][0], "ProgramUsed" => $iptc["2#065"][0], "Author" => $iptc["2#080"][0], "Position" => $iptc["2#085"][0], "City" => $iptc["2#090"][0], "State" => $iptc["2#095"][0], "Country" => $iptc["2#101"][0], "TransmissionReference" => $iptc["2#103"][0], "Headline" => $iptc["2#105"][0], "Credit" => $iptc["2#110"][0], "Source" => $iptc["2#115"][0], "Copyright" => $iptc["2#116"][0], "Caption" => $iptc["2#120"][0], "CaptionWriter" => $iptc["2#122"][0]);
$IPTC_data = strip_IPTC($IPTC_data);
//sanitize data against sql/html injection; trim any nongraphical non-ASCII character:
$IPTC_data = filter_content($IPTC_data);
//run the data against the bad word list
}
}
return $IPTC_data;
}
/**
* 发布活动
* @param int $id
* @param int $cover_id
* @param string $title
* @param string $explain
* @param string $sTime
* @param string $eTime
* @param string $address
* @param int $limitCount
* @param string $deadline
* autor:xjw129xjt
*/
public function doPost($id = 0, $cover_id = 0, $title = '', $explain = '', $sTime = '', $eTime = '', $address = '', $limitCount = 0, $deadline = '', $type_id = 0)
{
if (!is_login()) {
$this->error('请登陆后再投稿。');
}
if (!$cover_id) {
$this->error('请上传封面。');
}
if (trim(op_t($title)) == '') {
$this->error('请输入标题。');
}
if ($type_id == 0) {
$this->error('请选择分类。');
}
if (trim(op_h($explain)) == '') {
$this->error('请输入内容。');
}
if (trim(op_h($address)) == '') {
$this->error('请输入地点。');
}
if ($eTime < $deadline) {
$this->error('报名截止不能大于活动结束时间');
}
if ($deadline == '') {
$this->error('请输入截止日期');
}
if ($sTime > $eTime) {
$this->error('活动开始时间不能大于活动结束时间');
}
$content = $this->eventModel->create();
$content['explain'] = filter_content($content['explain']);
$content['title'] = op_t($content['title']);
$content['sTime'] = strtotime($content['sTime']);
$content['eTime'] = strtotime($content['eTime']);
$content['deadline'] = strtotime($content['deadline']);
$content['type_id'] = intval($type_id);
if ($id) {
$content_temp = $this->eventModel->find($id);
$this->checkAuth('Event/Index/edit', $content_temp['uid'], '您无该活动编辑权限。');
$this->checkActionLimit('add_event', 'event', $id, is_login(), true);
$content['uid'] = $content_temp['uid'];
//权限矫正,防止被改为管理员
$rs = $this->eventModel->save($content);
if (D('Common/Module')->isInstalled('Weibo')) {
//安装了微博模块
$postUrl = "http://{$_SERVER['HTTP_HOST']}" . U('detail', array('id' => $id));
D('Weibo')->addWeibo(is_login(), "我修改了活动【" . $title . "】:" . $postUrl);
}
if ($rs) {
action_log('add_event', 'event', $id, is_login());
$this->success('编辑成功。', U('detail', array('id' => $content['id'])));
} else {
$this->success('编辑失败。', '');
}
} else {
$this->checkAuth('Event/Index/add', -1, '您无活动发布权限。');
$this->checkActionLimit('add_event', 'event', 0, is_login(), true);
if (modC('NEED_VERIFY', 0) && !is_administrator()) {
$content['status'] = 0;
$tip = '但需管理员审核通过后才会显示在列表中,请耐心等待。';
$user = query_user(array('username', 'nickname'), is_login());
D('Common/Message')->sendMessage(C('USER_ADMINISTRATOR'), $title = '活动发布提醒', "{$user['nickname']}发布了一个活动,请到后台审核。", 'Admin/Event/verify', array(), is_login(), 2);
}
$aIsAttend = I('post.isAttend', 0, 'intval');
if ($aIsAttend) {
$content['attentionCount'] = 1;
$content['signCount'] = 1;
}
$rs = $this->eventModel->add($content);
if ($aIsAttend) {
$data['uid'] = is_login();
$data['event_id'] = $rs;
$data['name'] = '活动发布者';
$data['create_time'] = time();
$data['status'] = 1;
$this->eventAttendModel->add($data);
}
if (D('Common/Module')->isInstalled('Weibo')) {
//安装了微博模块
//同步到微博
$postUrl = "http://{$_SERVER['HTTP_HOST']}" . U('Event/Index/detail', array('id' => $rs));
D('Weibo')->addWeibo(is_login(), "我发布了一个新的活动【" . $title . "】:" . $postUrl);
}
if ($rs) {
action_log('add_event', 'event', $rs, is_login());
$this->success('发布成功。' . $tip, U('index'));
} else {
$this->success('发布失败。', '');
}
}
}
function wototo_get_manifest()
{
global $wpdb;
$id = intval(array_key_exists('id', $_POST) ? $_POST['id'] : (array_key_exists('id', $_GET) ? $_GET['id'] : ''));
if (!$id) {
echo '# Invalid request: id not specified';
wp_die();
}
$post = get_post($id);
if ($post === null) {
echo '# Not found: post ' . $id . ' not found';
wp_die();
}
if ($post->post_status != 'publish') {
echo '# Not permitted: post ' . $id . ' is not published/public (' . $post->post_status . ')';
wp_die();
}
if ($post->post_type != 'wototo_app') {
echo '# Invalid request: post ' . $id . ' is not an app (' . $post->post_type . ')';
wp_die();
}
$lastModified = mysql2date('U', $post->post_modified_gmt);
// plugiN change => check the rest
$pluginLastModified = filemtime(__FILE__);
if ($lastModified && $pluginLastModified && $pluginLastModified > $lastModified) {
$lastModified = $pluginLastModified;
}
// check last modified and cache things
$thing_ids = wototo_get_thing_ids($post->ID);
$items = array();
foreach ($thing_ids as $thing_id) {
$ix = strpos($thing_id, ':');
$idprefix = '';
if ($ix !== FALSE) {
$item_id = substr($thing_id, $ix + 1);
$idprefix = substr($thing_id, 0, $ix);
}
if ($idprefix) {
$item = get_post($item_id);
if ($item) {
$items[(string) $thing_id] = $item;
$itemLastModified = mysql2date('U', $item->post_modified_gmt);
if ($lastModified && $itemLastModified && $itemLastModified > $lastModified) {
$lastModified = $itemLastModified;
}
}
}
}
handle_if_modified_since($lastModified);
header("Content-Type: text/cache-manifest");
?>
CACHE MANIFEST
<?php
echo '# wototo version ' . WOTOTO_VERSION . "\n";
output_plugin_files(array('stylesheets/offline.css', 'vendor/leaflet/leaflet.css'), "cache files");
output_plugin_files(array('icons/loading.gif', 'icons/place.png', 'icons/booklet.png', 'icons/list.png', 'icons/file.png', 'icons/form.png', 'icons/html.png', 'icons/arrow-l-black.png', 'icons/arrow-r-black.png', 'icons/back-black.png', 'icons/bars-black.png', 'icons/locked.png'), "default icons");
output_plugin_files(array('vendor/leaflet/images/marker-icon-2x.png', 'vendor/leaflet/images/marker-icon.png', 'vendor/leaflet/images/marker-shadow.png', 'vendor/leaflet/images/my-icon-2x.png', 'vendor/leaflet/images/my-icon.png'), "leaflet icons");
output_plugin_files(array('icons/upload.png', 'icons/uploading.png', 'icons/upload-success.png', 'icons/upload-error.png'), "upload icons");
output_plugin_files(array('icons/location-ok.png', 'icons/location-searching.png', 'icons/location-off.png', 'icons/navigation-black.png'), "location icons");
output_plugin_files(array('icons/like-undefined.png', 'icons/like-0.png', 'icons/like-1.png', 'icons/like-2.png'), "like icons");
output_plugin_files(array('vendor/modernizr/modernizr.js', 'vendor/jquery/dist/jquery.min.js', 'vendor/foundation/js/foundation.min.js', 'vendor/foundation/js/foundation/foundation.reveal.js', 'vendor/foundation/js/foundation/foundation.offcanvas.js', 'vendor/foundation/js/foundation/foundation.topbar.js', 'vendor/underscore/underscore.js', 'vendor/IndexedDBShim/IndexedDBShim.min.js', 'vendor/backbone/backbone.js', 'vendor/pouchdb/dist/pouchdb-3.0.2.min.js', 'vendor/backbone-pouchdb/dist/backbone-pouch.js', 'vendor/backbone-indexeddb/backbone-indexeddb.js', 'vendor/filesaver/FileSaver.js', 'vendor/node-uuid/uuid.js', 'vendor/js-base64/base64.js', 'js/offlineapp.js', 'clientid.js', 'vendor/leaflet/leaflet.js'), "javascript from index");
$wototo = array_key_exists('wototo', $_POST) ? $_POST['wototo'] : (array_key_exists('wototo', $_GET) ? $_GET['wototo'] : 0);
if ($wototo) {
output_plugin_files(array('vendor/cordova/cordova.js', 'vendor/cordova/cordova_plugins.js', 'vendor/cordova/plugins/org.opensharingtoolkit.cordova.aestheticodes/www/aestheticodes.js', 'vendor/cordova/plugins/com.phonegap.plugins.barcodescanner/www/barcodescanner.js'), "Apache Cordova");
}
?>
# app json
<?php
echo "# last modified {$post->post_modified_gmt}\n";
echo admin_url('admin-ajax.php') . '?action=wototo_get_json&id=' . rawurlencode('app:' . $post->ID) . "\n";
$mediafiles = array();
add_mediafiles($mediafiles, filter_content($post->post_content));
foreach ($thing_ids as $thing_id) {
echo "# item {$thing_id}\n";
$item = $items[(string) $thing_id];
if ($item) {
if ($idprefix == 'html' || $idprefix == 'place') {
echo "# last modified {$item->post_modified_gmt}\n";
echo admin_url('admin-ajax.php') . '?action=wototo_get_json&id=' . rawurlencode($thing_id) . "\n";
add_mediafiles($mediafiles, filter_content($item->post_content));
$thumbid = get_post_thumbnail_id($item->ID);
if ($thumbid) {
$url = wototo_get_iconurl($thumbid);
if (!in_array($url, $mediafiles)) {
$mediafiles[] = $url;
}
}
}
if ($idprefix == 'place') {
$geojson = json_decode(get_post_meta($item->ID, 'geojson', true), true);
if ($geojson && is_array($geojson)) {
$lat = geojson_get_lat($geojson);
$lon = geojson_get_lon($geojson);
$zoom = geojson_get_zoom($geojson);
if ($lat !== null && $lon !== null && $zoom !== null) {
add_maptiles($mediafiles, $lat, $lon, $zoom);
} else {
echo "# invalid map post geojson " . json_encode($geojson) . "\n";
}
}
}
}
}
?>
# media files
<?php
foreach ($mediafiles as $mediafile) {
echo $mediafile . "\n";
}
?>
# artcode experience hook
<?php
echo '#' . admin_url('admin-ajax.php') . '?action=wototo_get_artcode&id=' . rawurlencode($id) . "\n";
?>
# general network access
NETWORK:
#*
<?php
echo '# Manifest...';
wp_die();
}
/**
* filter_content()
*
* Replace strings that match badwords with tokens indicating it has been filtered.
*
* @param string or array $str
* @return string or array
**/
function filter_content($str)
{
global $lang_bad_words, $CONFIG, $ercp;
if ($CONFIG['filter_bad_words']) {
static $ercp = array();
if (!count($ercp)) {
foreach ($lang_bad_words as $word) {
$ercp[] = '/' . ($word[0] == '*' ? '' : '\\b') . str_replace('*', '', $word) . ($word[strlen($word) - 1] == '*' ? '' : '\\b') . '/i';
}
}
if (is_array($str)) {
$new_str = array();
foreach ($str as $key => $element) {
$new_str[$key] = filter_content($element);
}
$str = $new_str;
} else {
$stripped_str = strip_tags($str);
$str = preg_replace($ercp, '(...)', $stripped_str);
}
}
return $str;
}
public function editReply($id = null, $content = '', $create_time = 0, $update_time = 0, $status = 1)
{
if (IS_POST) {
//判断是否为编辑模式
$isEdit = $id ? true : false;
//写入数据库
$data = array('content' => filter_content($content), 'create_time' => $create_time, 'update_time' => $update_time, 'status' => $status);
$model = M('ForumPostReply');
if ($isEdit) {
$result = $model->where(array('id' => $id))->save($data);
} else {
$result = $model->add($data);
}
//如果写入出错,则显示错误消息
if ($result === false) {
$this->error($isEdit ? '编辑失败' : '创建失败');
}
//返回成功消息
$this->success($isEdit ? '编辑成功' : '创建成功', U('reply'));
} else {
//判断是否为编辑模式
$isEdit = $id ? true : false;
//读取回复内容
if ($isEdit) {
$model = M('ForumPostReply');
$reply = $model->where(array('id' => $id))->find();
} else {
$reply = array('status' => 1);
}
//显示页面
$builder = new AdminConfigBuilder();
$builder->title($isEdit ? '编辑回复' : '创建回复')->keyId()->keyEditor('content', '内容')->keyCreateTime()->keyUpdateTime()->keyStatus()->data($reply)->buttonSubmit(U('editReply'))->buttonBack()->display();
}
}
public function doPost($id = 0, $cover_id = 0, $title = '', $content = '', $issue_id = 0, $url = '')
{
if (!check_auth('addIssueContent')) {
$this->error('抱歉,您不具备投稿权限。');
}
$issue_id = intval($issue_id);
if (!is_login()) {
$this->error('请登陆后再投稿。');
}
if (!$cover_id) {
$this->error('请上传封面。');
}
if (trim(op_t($title)) == '') {
$this->error('请输入标题。');
}
if (trim(op_h($content)) == '') {
$this->error('请输入内容。');
}
if ($issue_id == 0) {
$this->error('请选择分类。');
}
if (trim(op_h($url)) == '') {
$this->error('请输入网址。');
}
$content = D('IssueContent')->create();
$content['content'] = filter_content($content['content']);
$content['title'] = op_t($content['title']);
$content['url'] = op_t($content['url']);
//新增链接框
$content['issue_id'] = $issue_id;
if ($id) {
$content_temp = D('IssueContent')->find($id);
if (!check_auth('editIssueContent')) {
//不是管理员则进行检测
if ($content_temp['uid'] != is_login()) {
$this->error('不可操作他人的内容。');
}
}
$content['uid'] = $content_temp['uid'];
//权限矫正,防止被改为管理员
$rs = D('IssueContent')->save($content);
if ($rs) {
$this->success('编辑成功。', U('issueContentDetail', array('id' => $content['id'])));
} else {
$this->success('编辑失败。', '');
}
} else {
if (modC('NEED_VERIFY', 0) && !is_administrator()) {
$content['status'] = 0;
$tip = '但需管理员审核通过后才会显示在列表中,请耐心等待。';
$user = query_user(array('nickname'), is_login());
$admin_uids = explode(',', C('USER_ADMINISTRATOR'));
foreach ($admin_uids as $admin_uid) {
D('Common/Message')->sendMessage($admin_uid, $title = '专辑投稿提醒', "{$user['nickname']}向专辑投了一份稿件,请到后台审核。", 'Admin/Issue/verify', array(), is_login(), 2);
}
}
$rs = D('IssueContent')->add($content);
if ($rs) {
$this->success('投稿成功。' . $tip, 'refresh');
} else {
$this->success('投稿失败。', '');
}
}
}
</div>
</div>
<script>
$(function(){
$('.tooltip-options').tooltip({html:true});
});
</script>
<div id="romanOrigin" class="panel panel-default instrument-body">
<div class="panel-heading">
<h4 class="panel-title">拉曼光谱原理介绍</h4>
</div>
<div class="panel-body">
<p>
<?php
$content = file_get_contents('content/romanOrigin.txt');
filter_content($content);
?>
</p>
</div>
</div>
<div id="blank" class="panel panel-default instrument-body">
<div class="panel-heading">
<h4 class="panel-title">提示</h4>
</div>
<div class="panel-body">
<p>
该栏目还没有相关内容。
</p>
</div>
</div>
function postselector_get_posts()
{
global $wpdb;
check_ajax_referer('postselector-ajax', 'security');
$id = intval($_POST['id'] ? $_POST['id'] : $_GET['id']);
if (!$id) {
echo '# Invalid request: id not specified';
wp_die();
}
$post = get_post($id);
if ($post === null) {
echo '# Not found: post ' . $id . ' not found';
wp_die();
}
if (!current_user_can('read_post', $post->ID)) {
echo '# Not permitted: post ' . $id . ' is not readable for this user';
wp_die();
}
if ($post->post_type != 'postselector') {
echo '# Invalid request: post ' . $id . ' is not an app (' . $post->post_type . ')';
wp_die();
}
$postselector_output_app = get_post_meta($post->ID, '_postselector_output_app', true);
$selected_ids = array();
$rejected_ids = array();
if ($postselector_output_app) {
$app = get_post(intval($postselector_output_app));
if (!$app) {
echo '# Invalid request: output app ' . ${$postselector_output_app} . ' not found';
wp_die();
}
$ids = get_post_meta($app->ID, '_postselector_selected_ids', true);
if ($ids) {
$ids = json_decode($ids, true);
if (is_array($ids)) {
$selected_ids = $ids;
}
// else error... not sure how to signal it, though!
}
$ids = get_post_meta($app->ID, '_postselector_rejected_ids', true);
if ($ids) {
$ids = json_decode($ids, true);
if (is_array($ids)) {
$rejected_ids = $ids;
}
// else error... not sure how to signal it, though!
}
}
$postselector_input_category = get_post_meta($post->ID, '_postselector_input_category', true);
$posts = array();
if ($postselector_input_category) {
$args = array('category' => $postselector_input_category, 'post_type' => array('post', 'page', 'anywhere_map_post'));
$ps = get_posts($args);
foreach ($ps as $p) {
if (current_user_can('read_post', $p->ID)) {
$thumbid = get_post_thumbnail_id($p->ID);
$selected = null;
$rank = array_search($p->ID, $selected_ids);
if ($rank !== FALSE) {
$selected = TRUE;
} else {
$rank = array_search($p->ID, $rejected_ids);
if ($rank !== FALSE) {
$selected = FALSE;
}
}
if ($rank === FALSE) {
$rank = null;
}
$selected = in_array($p->ID, $selected_ids) ? true : (in_array($p->ID, $rejected_ids) ? false : null);
$post = array("title" => $p->post_title, "id" => $p->ID, "content" => filter_content($p->post_content), "status" => $p->post_status, "type" => $p->post_type, "iconurl" => $thumbid ? wp_get_attachment_url($thumbid) : null, "selected" => $selected, "rank" => $rank);
$posts[] = $post;
}
}
}
header("Content-Type: application/json");
echo json_encode($posts);
wp_die();
}
public function doAddInfo()
{
unset($_POST['__hash__']);
$entity_id = I('post.entity_id', 0, 'intval');
$info_id = I('post.info_id', 0, 'intval');
$aOverTime = I('post.over_time', '', 'op_t');
$entity = D('cat_entity')->find($entity_id);
/**权限认证**/
$can_post = CheckCanPostEntity(is_login(), $entity_id);
if (!$can_post) {
$this->error('对不起,您无权发布。');
}
/**权限认证end*/
$info['title'] = I('post.title', '', 'op_t');
if ($info['title'] == '') {
$this->error('必须输入标题');
}
if (mb_strlen($info['title'], 'utf-8') > 40) {
$this->error('标题过长。');
}
$info['create_time'] = time();
if ($info_id != 0) {
//保存逻辑
$info = D('cat_info')->find($info_id);
$this->checkAuth('Cat/Index/editInfo', $info['uid'], '你没有编辑该条信息的权限!');
$this->checkActionLimit('cat_edit_info', 'cat_info', $info['id']);
if ($aOverTime != '') {
$info['over_time'] = strtotime($aOverTime);
}
$info['id'] = $info_id;
$res = D('cat_info')->save($info);
$rs_info = $info['id'];
if ($res) {
action_log('cat_edit_info', 'cat_info', $info['id']);
}
} else {
$this->checkAuth('Cat/Index/addInfo', -1, '你没有发布信息的权限!');
$this->checkActionLimit('cat_add_info', 'cat_info');
//新增逻辑
$info['entity_id'] = $entity_id;
$info['uid'] = is_login();
if ($entity['need_active'] && !is_administrator()) {
$info['status'] = 2;
} else {
$info['status'] = 1;
}
if (isset($_POST['over_time'])) {
$info['over_time'] = strtotime($_POST['over_time']);
}
$rs_info = D('cat_info')->add($info);
if ($rs_info) {
action_log('cat_add_info', 'cat_info');
}
}
$rs_data = 1;
if ($rs_info != 0) {
if ($info_id != 0) {
$map_data['info_id'] = $info_id;
D('Data')->where($map_data)->delete();
}
$dataModel = D('Data');
//处理房屋的图片
if ($entity_id == 2) {
$listl = array('zhaopian1' => "", 'zhaopian2' => "", 'zhaopian3' => "", 'zhaopian4' => "", 'zhaopian5' => "");
$list = $_POST;
foreach ($list as $key => &$v) {
$array = explode(",", $list['zhaopian']);
foreach ($array as $k => $val) {
$list['zhaopian' . ($k + 1)] = $val;
}
unset($k, $val);
}
unset($list['zhaopian']);
$list = array_merge($listl, $list);
} else {
if ($entity_id == 3) {
$list = $_POST;
if ($list['zhaopian']) {
$img_ids = explode(',', $list['zhaopian']);
//把图片和内容结合
foreach ($img_ids as &$v) {
$v = M('Picture')->where(array('status' => 1))->getById($v);
if (!is_bool(strpos($v['path'], 'http://'))) {
$v = $v['path'];
} else {
$v = getRootUrl() . substr($v['path'], 1);
}
$v = '<p><img src="' . $v . '" style=""/></p><br>';
}
$img_ids = implode('', $img_ids);
$list['jieshao'] = $img_ids . $list['jieshao'];
$contentHandler = new ContentHandlerModel();
$list['jieshao'] = $data['content'] = $contentHandler->filterHtmlContent($list['jieshao']);
//把图片和内容结合END
}
unset($list['zhaopian']);
} else {
$list = $_POST;
if ($list['zhaopian']) {
$img_ids = explode(',', $list['zhaopian']);
//把图片和内容结合
foreach ($img_ids as &$v) {
$v = M('Picture')->where(array('status' => 1))->getById($v);
if (!is_bool(strpos($v['path'], 'http://'))) {
$v = $v['path'];
} else {
$v = getRootUrl() . substr($v['path'], 1);
}
$v = '<p><img src="' . $v . '" style=""/></p><br>';
}
$img_ids = implode('', $img_ids);
$list['des'] = $img_ids . $list['des'];
$contentHandler = new ContentHandlerModel();
$list['des'] = $data['content'] = $contentHandler->filterHtmlContent($list['des']);
//把图片和内容结合END
}
unset($list['zhaopian']);
}
}
// dump($list);exit;
foreach ($list as $key => $v) {
if ($key != 'entity_id' && $key != 'over_time' && $key != 'ignore' && $key != 'info_id' && $key != 'title' && $key != '__hash__' && $key != 'file') {
if (is_array($v)) {
$rs_data = $rs_data && $dataModel->addData($key, implode(',', $v), $rs_info, $entity_id);
} else {
$v = filter_content($v);
$rs_data = $rs_data && $dataModel->addData($key, $v, $rs_info, $entity_id);
}
}
if ($rs_data == 0) {
$this->error($dataModel->getError());
}
}
if ($rs_info && $rs_data) {
$this->assign('jumpUrl', U('Cat/Index/info', array('info_id' => $rs_info)));
if ($entity['need_active']) {
$this->success('发布成功。' . cookie('score_tip') . ' 请耐心等待管理员审核。通过审核后该信息将出现在前台页面中。');
} else {
if ($entity['show_nav']) {
if (D('Common/Module')->isInstalled('Weibo')) {
//安装了微博模块
$postUrl = U('detail', array('info_id' => $rs_info), null, true);
$weiboModel = D('Weibo');
$weiboModel->addWeibo(is_login(), "我发布了一个新的 " . $entity['alias'] . "信息 【" . $info['title'] . "】:" . $postUrl);
}
}
$this->success('发布成功。' . cookie('score_tip'));
}
}
} else {
$this->error('发布失败。');
}
}
public function doReply($post_id, $content)
{
$post_id = intval($post_id);
$content = $this->filterPostContent($content);
$content = filter_content($content);
//确认有权限评论
$post_id = intval($post_id);
$post = D('ForumPost')->where(array('id' => $post_id))->find();
if (!$post) {
$this->error('帖子不存在');
}
$this->requireLogin();
$this->checkAuth('Forum/Index/doReply', $post['uid'], '你没有评论贴子权限!');
//确认有权限评论 end
$this->checkActionLimit('forum_post_reply', 'Forum', null, get_uid());
//添加到数据库
$model = D('ForumPostReply');
$before = getMyScore();
$result = $model->addReply($post_id, $content);
$after = getMyScore();
if (!$result) {
$this->error('评论失败:' . $model->getError());
}
//显示成功消息
action_log('forum_post_reply', 'Forum', $result, get_uid());
$this->success('回复成功。' . getScoreTip($before, $after), 'refresh');
}
/**
* 帖子回复
*/
public function AddForumComment($is_edit = 0)
{
$attach_ids = I('post.attach_ids', '', 'text');
if ($attach_ids) {
$aContent = I('post.forumcontent', 0, 'op_t');
$img_ids = explode(',', $attach_ids);
//把图片和内容结合
// dump($img_ids);
foreach ($img_ids as &$v) {
$v = D('Picture')->where(array('status' => 1))->getById($v);
if (!is_bool(strpos($v['path'], 'http://'))) {
$v = $v['path'];
} else {
$v = getRootUrl() . substr($v['path'], 1);
}
$v = '<p><img src="' . $v . '" style=""/></p><br>';
}
$img_ids = implode('', $img_ids);
// dump($img_ids);
$aContent = $img_ids . $aContent;
$contentHandler = new ContentHandlerModel();
$aContent = $contentHandler->filterHtmlContent($aContent);
//把图片和内容结合END
} else {
$aContent = I('post.forumcontent', 0, 'op_t');
}
$aPostId = I('post.forumId', 0, 'intval');
$post_id = $aPostId;
$content = $aContent;
if ($is_edit == 0) {
$content = $this->filterPostContent($content);
//确认有权限回复
$this->requireAllowReply($post_id);
//检测回复时间限制
$uid = is_login();
$near = M('ForumPostReply')->where(array('uid' => $uid))->order('create_time desc')->find();
$cha = time() - $near['create_time'];
if ($cha > 10) {
//添加到数据库
$model = M('Mob/ForumPostReply');
$result = $model->addReply($post_id, $content);
if (!$result) {
$this->error('回复失败:' . $model->getError());
}
//显示成功消息
$this->success('回复成功。', 'refresh');
} else {
$this->error('请10秒之后再回复');
}
} else {
$reply_id = intval($post_id);
//对帖子内容进行安全过滤
$content = $this->filterPostContent($content);
$content = filter_content($content);
$this->checkAuth('Forum/Index/doReplyEdit', $this->get_expect_ids(0, $reply_id, 0, 0, 1), '你没有编辑该评论权限!');
if (!$content) {
$this->error("评论内容不能为空!");
}
$data['content'] = $content;
$data['update_time'] = time();
$post_id = M('forum_post_reply')->where(array('id' => intval($reply_id), 'status' => 1))->getField('post_id');
$reply = M('forum_post_reply')->where(array('id' => intval($reply_id)))->save($data);
if ($reply) {
S('post_replylist_' . $post_id, null);
$this->success('编辑评论成功', U('Forum/Index/detail', array('id' => $post_id)));
} else {
$this->error("编辑评论失败");
}
}
}
<?php
// Make sure user is logged in
require_login();
// Normalize the URL
$href = normalize_url(@$_POST['href']);
// Strip tags, normalize whitespace, shorten if necessary
$summary = summarize($_POST['summary']);
// Filter content to prevent against XSS attacks
$content = filter_content($_POST['content']);
// Escape content for the database to prevent SQL injection
$href = $db->escape($href);
$summary = $db->escape($summary);
$space = $db->escape($_POST['space']);
$content = $db->escape($content);
$version = $db->escape($_POST['version']);
if (isset($_POST['status']) && is_numeric($_POST['status'])) {
$status = $db->escape($_POST['status']);
} else {
$status = 1;
}
// Check to make sure we have everything
if (empty($href)) {
respond(0, "Please specify an 'href' argument.");
} else {
if (empty($space)) {
respond(0, "Please specify a 'space' argument.");
} else {
if (empty($content)) {
respond(0, "Please specify a 'content' argument.");
} else {