public function vxTopicCreate()
{
if (isset($_POST['xml'])) {
$xml = trim($_POST['xml']);
$x = simplexml_load_string($xml);
$usr_email = make_single_safe($x->user->email);
$usr_password = make_single_safe($x->user->pass);
$tpc_title = make_single_safe($x->topic->title);
$tpc_description = make_multi_safe($x->topic->description);
$tpc_content = make_multi_safe($x->topic->content);
$nod_name = make_single_safe($x->topic->target);
if (strlen($usr_email) == 0 | strlen($usr_password) == 0 | strlen($tpc_title) == 0 | strlen($tpc_content) == 0 | strlen($nod_name) == 0) {
return $this->vxMessage(999);
}
$sql = "SELECT usr_id FROM babel_user WHERE usr_email = '{$usr_email}' AND usr_password = '******' AND usr_api = 1";
$rs = mysql_query($sql);
if (mysql_num_rows($rs) == 1) {
mysql_free_result($rs);
$this->User = new User($usr_email, $usr_password, $this->db);
$this->Validator = new Validator($this->db, $this->User);
$sql = "SELECT nod_id FROM babel_node WHERE nod_name = '{$nod_name}' AND nod_level > 1";
$rs = mysql_query($sql);
if (mysql_num_rows($rs) == 1) {
$O = mysql_fetch_object($rs);
$Node = new Node($O->nod_id, $this->db);
$O = null;
mysql_free_result($rs);
$rt = $this->Validator->vxAPITopicCreateCheck($tpc_title, $tpc_content, $tpc_description);
if ($rt['errors'] > 0) {
return $this->vxMessage(998);
} else {
if ($this->User->usr_money > BABEL_API_TOPIC_PRICE) {
$this->Validator->vxTopicCreateInsert($Node->nod_id, $this->User->usr_id, $rt['tpc_title_value'], $rt['tpc_description_value'], $rt['tpc_content_value'], -BABEL_API_TOPIC_PRICE);
$Node->vxUpdateTopics();
$sql = "SELECT tpc_id FROM babel_topic WHERE tpc_pid = {$Node->nod_id} AND tpc_uid = {$this->User->usr_id} ORDER BY tpc_created DESC LIMIT 1";
$rs = mysql_query($sql);
$O = mysql_fetch_object($rs);
return $this->vxMessage(1, $O);
} else {
return $this->vxMessage(600);
}
}
} else {
return $this->vxMessage(996);
}
} else {
mysql_free_result($rs);
return $this->vxMessage(997);
}
return $this->vxMessage(100);
} else {
return $this->vxMessage(999);
}
}
public function vxPostUpdateCheck($Post, $User)
{
$rt = array();
$rt['post_id'] = $Post->pst_id;
$rt['errors'] = 0;
$rt['permit'] = false;
$rt['flag_last'] = false;
$rt['rank'] = 0;
if ($Post->pst_uid == $User->usr_id) {
$rt['permit'] = true;
} else {
if ($User->usr_id != 1) {
$rt['errors']++;
} else {
$rt['permit'] = true;
}
}
$rt['pst_title_value'] = '';
/* pst_title_error:
0 => no error
1 => empty
2 => overflow
999 => unspecific */
$rt['pst_title_error'] = 0;
$rt['pst_title_error_msg'] = array(1 => '你忘记写标题了', 2 => '你写的标题太长了');
$rt['pst_content_value'] = '';
/* pst_content_error:
0 => no error
1 => empty
2 => overflow
999 => unspecific */
$rt['pst_content_error'] = 0;
$rt['pst_content_error_msg'] = array(1 => '你忘记写内容了', 2 => '你写的内容太长了');
if (isset($_POST['pst_title'])) {
$rt['pst_title_value'] = make_single_safe($_POST['pst_title']);
if (strlen($rt['pst_title_value']) > 0) {
if (mb_strlen($rt['pst_title_value'], 'UTF-8') > 80) {
$rt['pst_title_error'] = 2;
$rt['errors']++;
}
} else {
$rt['pst_title_error'] = 1;
$rt['errors']++;
}
} else {
$rt['pst_title_error'] = 1;
$rt['errors']++;
}
if (isset($_POST['pst_content'])) {
$rt['pst_content_value'] = make_multi_safe($_POST['pst_content']);
if (strlen($rt['pst_content_value']) > 0) {
if (mb_strlen($rt['pst_content_value'], 'utf-8') > 10240) {
$rt['pst_content_error'] = 2;
$rt['errors']++;
}
} else {
$rt['pst_content_error'] = 1;
$rt['errors']++;
}
} else {
$rt['pst_content_error'] = 1;
$rt['errors']++;
}
if ($rt['errors'] == 0) {
$sql = "SELECT pst_id FROM babel_post WHERE pst_tid = {$Post->pst_tid} ORDER BY pst_id ASC";
$rs = mysql_query($sql);
$i = 0;
$count = mysql_num_rows($rs);
while ($_p = mysql_fetch_array($rs)) {
$i++;
if ($_p['pst_id'] == $Post->pst_id && $i == $count) {
$rt['permit'] = true;
$rt['flag_last'] = true;
}
if ($_p['pst_id'] == $Post->pst_id) {
$rt['rank'] = $i;
}
unset($_p);
}
mysql_free_result($rs);
if (!$rt['flag_last']) {
if ($this->User->usr_id != 1) {
$rt['permit'] = false;
$rt['errors']++;
}
}
}
return $rt;
}
