public function vxTopicCreate() { if (isset($_POST['xml'])) { $xml = trim($_POST['xml']); $x = simplexml_load_string($xml); $usr_email = make_single_safe($x->user->email); $usr_password = make_single_safe($x->user->pass); $tpc_title = make_single_safe($x->topic->title); $tpc_description = make_multi_safe($x->topic->description); $tpc_content = make_multi_safe($x->topic->content); $nod_name = make_single_safe($x->topic->target); if (strlen($usr_email) == 0 | strlen($usr_password) == 0 | strlen($tpc_title) == 0 | strlen($tpc_content) == 0 | strlen($nod_name) == 0) { return $this->vxMessage(999); } $sql = "SELECT usr_id FROM babel_user WHERE usr_email = '{$usr_email}' AND usr_password = '******' AND usr_api = 1"; $rs = mysql_query($sql); if (mysql_num_rows($rs) == 1) { mysql_free_result($rs); $this->User = new User($usr_email, $usr_password, $this->db); $this->Validator = new Validator($this->db, $this->User); $sql = "SELECT nod_id FROM babel_node WHERE nod_name = '{$nod_name}' AND nod_level > 1"; $rs = mysql_query($sql); if (mysql_num_rows($rs) == 1) { $O = mysql_fetch_object($rs); $Node = new Node($O->nod_id, $this->db); $O = null; mysql_free_result($rs); $rt = $this->Validator->vxAPITopicCreateCheck($tpc_title, $tpc_content, $tpc_description); if ($rt['errors'] > 0) { return $this->vxMessage(998); } else { if ($this->User->usr_money > BABEL_API_TOPIC_PRICE) { $this->Validator->vxTopicCreateInsert($Node->nod_id, $this->User->usr_id, $rt['tpc_title_value'], $rt['tpc_description_value'], $rt['tpc_content_value'], -BABEL_API_TOPIC_PRICE); $Node->vxUpdateTopics(); $sql = "SELECT tpc_id FROM babel_topic WHERE tpc_pid = {$Node->nod_id} AND tpc_uid = {$this->User->usr_id} ORDER BY tpc_created DESC LIMIT 1"; $rs = mysql_query($sql); $O = mysql_fetch_object($rs); return $this->vxMessage(1, $O); } else { return $this->vxMessage(600); } } } else { return $this->vxMessage(996); } } else { mysql_free_result($rs); return $this->vxMessage(997); } return $this->vxMessage(100); } else { return $this->vxMessage(999); } }
public function vxPostUpdateCheck($Post, $User) { $rt = array(); $rt['post_id'] = $Post->pst_id; $rt['errors'] = 0; $rt['permit'] = false; $rt['flag_last'] = false; $rt['rank'] = 0; if ($Post->pst_uid == $User->usr_id) { $rt['permit'] = true; } else { if ($User->usr_id != 1) { $rt['errors']++; } else { $rt['permit'] = true; } } $rt['pst_title_value'] = ''; /* pst_title_error: 0 => no error 1 => empty 2 => overflow 999 => unspecific */ $rt['pst_title_error'] = 0; $rt['pst_title_error_msg'] = array(1 => '你忘记写标题了', 2 => '你写的标题太长了'); $rt['pst_content_value'] = ''; /* pst_content_error: 0 => no error 1 => empty 2 => overflow 999 => unspecific */ $rt['pst_content_error'] = 0; $rt['pst_content_error_msg'] = array(1 => '你忘记写内容了', 2 => '你写的内容太长了'); if (isset($_POST['pst_title'])) { $rt['pst_title_value'] = make_single_safe($_POST['pst_title']); if (strlen($rt['pst_title_value']) > 0) { if (mb_strlen($rt['pst_title_value'], 'UTF-8') > 80) { $rt['pst_title_error'] = 2; $rt['errors']++; } } else { $rt['pst_title_error'] = 1; $rt['errors']++; } } else { $rt['pst_title_error'] = 1; $rt['errors']++; } if (isset($_POST['pst_content'])) { $rt['pst_content_value'] = make_multi_safe($_POST['pst_content']); if (strlen($rt['pst_content_value']) > 0) { if (mb_strlen($rt['pst_content_value'], 'utf-8') > 10240) { $rt['pst_content_error'] = 2; $rt['errors']++; } } else { $rt['pst_content_error'] = 1; $rt['errors']++; } } else { $rt['pst_content_error'] = 1; $rt['errors']++; } if ($rt['errors'] == 0) { $sql = "SELECT pst_id FROM babel_post WHERE pst_tid = {$Post->pst_tid} ORDER BY pst_id ASC"; $rs = mysql_query($sql); $i = 0; $count = mysql_num_rows($rs); while ($_p = mysql_fetch_array($rs)) { $i++; if ($_p['pst_id'] == $Post->pst_id && $i == $count) { $rt['permit'] = true; $rt['flag_last'] = true; } if ($_p['pst_id'] == $Post->pst_id) { $rt['rank'] = $i; } unset($_p); } mysql_free_result($rs); if (!$rt['flag_last']) { if ($this->User->usr_id != 1) { $rt['permit'] = false; $rt['errors']++; } } } return $rt; }