function getReadRight($user)
{
global $isGM, $isBM, $admincheck, $pwPostHide, $pwSellHide, $pwEncodeHide, $manager, $groupid, $windid;
$pwSystem = array();
if ($user->groupid != 'guest') {
$isGM = S::inArray($windid, $manager);
if (!$isGM) {
$pwSystem = pwRights();
$pwPostHide = $pwSystem['posthide'];
$pwSellHide = $pwSystem['sellhide'];
$pwEncodeHide = $pwSystem['encodehide'];
} else {
$pwPostHide = $pwSellHide = $pwEncodeHide = 1;
}
}
}
function check()
{
global $db_allowupload, $winddb, $groupid, $_G, $windid, $winduid, $manager;
if (empty($this->attach)) {
return 'job_attach_error';
}
if (!$db_allowupload) {
return 'upload_close';
} elseif (!$this->forum->allowupload($winddb, $groupid)) {
return 'upload_forum_right';
} elseif (!$this->forum->foruminfo['allowupload'] && $_G['allowupload'] == 0) {
return 'upload_group_right';
}
if (!($winduid == $this->attach['uid'] || S::inArray($windid, $manager) || pwRights($this->forum->isBM($windid), 'deltpcs', $this->forum->fid))) {
return 'modify_noper';
}
return true;
}
function wap_check($fid, $action)
{
global $db, $groupid, $_G, $_time, $db_titlemax, $db_postmin, $db_postmax, $subject, $content;
$subject = trim($subject);
$content = trim($content);
if ($action == 'new' && (!$subject || strlen($subject) > $db_titlemax)) {
wap_msg('subject_limit');
}
if (strlen($content) >= $db_postmax || strlen($content) < $db_postmin) {
wap_msg('content_limit');
}
$fm = $db->get_one("SELECT f.forumadmin,f.fupadmin,f.password,f.allowvisit,f.f_type,f.f_check,f.allowpost,f.allowrp,fe.forumset FROM pw_forums f LEFT JOIN pw_forumsextra fe USING(fid) WHERE f.fid=" . pwEscape($fid));
$forumset = unserialize($fm['forumset']);
if (!$fm || $fm['password'] != '' || $fm['f_type'] == 'hidden' || $fm['allowvisit'] && @strpos($fm['allowvisit'], ",{$groupid},") === false) {
wap_msg('post_right');
}
if ($action == 'new') {
$isGM = CkInArray($GLOBALS['windid'], $GLOBALS['manager']);
$isBM = admincheck($fm['forumadmin'], $fm['fupadmin'], $GLOBALS['windid']);
if ($fm['f_check'] == '1' || $fm['f_check'] == '3') {
wap_msg('post_right');
}
if ($fm['allowpost'] && strpos($fm['allowpost'], ",{$groupid},") === false) {
wap_msg('post_right');
}
if (!$fm['allowpost'] && $_G['allowpost'] == 0) {
wap_msg('post_group');
}
if ($forumset['allowtime'] && !$isGM && !allowcheck($forumset['allowtime'], "{$_time['hours']}", '') && !pwRights($isBM, 'allowtime')) {
wap_msg('post_right');
}
} elseif ($action == 'reply') {
if ($fm['f_check'] == '2' || $fm['f_check'] == '3') {
wap_msg('reply_right');
}
if ($fm['allowrp'] && strpos($fm['allowrp'], ",{$groupid},") === false) {
wap_msg('reply_right');
}
if (!$fm['allowrp'] && $_G['allowrp'] == 0) {
wap_msg('reply_group');
}
}
}
extract(L::style());
$leaveword = $atcdb['leaveword'] ? leaveword($atcdb['leaveword']) : '';
$content = convert($atc_content . $leaveword, $db_windpost);
if (strpos($content, '[p:') !== false || strpos($content, '[s:') !== false) {
$content = showface($content);
}
if ($atcdb['ifsign'] < 2) {
$content = str_replace("\n", '<br />', $content);
}
if ($postdata->data['ifwordsfb'] == 0) {
$wordsfb = L::loadClass('FilterUtil', 'filter');
$content = addslashes($wordsfb->convert(stripslashes($content)));
}
$creditnames = pwCreditNames();
if ($atcdb['attachs']) {
$attachShow = new attachShow($pwpost->isGM || pwRights($pwpost->isBM, 'delattach'), $pwforum->forumset['uploadset']);
$attachShow->setData($atcdb['attachs']);
$attachShow->parseAttachs($pid, $content, $winduid == $atcdb['authorid']);
}
$alterinfo && ($content .= "<div id=\"alert_{$pid}\" style=\"color:gray;margin-top:30px\">[ {$alterinfo} ]</div>");
$atcdb['icon'] = $atcdb['icon'] ? "<img src=\"{$imgpath}/post/emotion/{$atcdb['icon']}.gif\" align=\"left\" border=\"0\" />" : '';
echo "success\t" . stripslashes($atc_title) . "\t" . str_replace(array("\r", "\t"), array("", ""), stripslashes($content));
ajax_footer();
}
} elseif ($a == 'join') {
define('F_M', true);
$groupid == 'guest' && Showmsg('not_login');
if (($return = $newColony->checkJoinStatus($winduid)) !== true) {
Showmsg($return);
}
S::gp(array('frombbs'));
$S_sql = $J_sql = '';
}
$tpcarray = $db->get_one("SELECT t.tid,t.fid,t.locked,t.ifcheck,t.author,t.authorid,t.postdate,t.lastpost,t.ifmail,t.special,t.subject,t.type,t.ifshield,t.anonymous,t.ptable,t.replies,t.tpcstatus {$S_sql} FROM pw_threads t {$J_sql} WHERE t.tid=" . pwEscape($tid));
$pw_posts = GetPtable($tpcarray['ptable']);
$tpcarray['openIndex'] = getstatus($tpcarray['tpcstatus'], 2);
if ($tpcarray['fid'] != $fid) {
wap_msg('illegal_tid', $rurl);
}
if ($pwforum->forumset['lock'] && !$pwpost->isGM && $timestamp - $tpcarray['postdate'] > $pwforum->forumset['lock'] * 86400 && !pwRights($pwpost->isBM, 'replylock')) {
$forumset['lock'] = $pwforum->forumset['lock'];
wap_msg('forum_locked', $rurl);
}
if (!$pwpost->isGM && !$tpcarray['ifcheck'] && !pwRights($pwpost->isBM, 'viewcheck')) {
wap_msg('reply_ifcheck', $rurl);
}
if (!$pwpost->isGM && $tpcarray['locked'] % 3 != 0 && !pwRights($pwpost->isBM, 'replylock')) {
wap_msg('reply_lockatc', $rurl);
}
InitGP(array('subject', 'content'), 'P', 0);
checkWapPost(0);
require_once R_P . 'lib/forum/replypost.class.php';
$replypost = new replyPost($pwpost);
$replypost->setTpc($tpcarray);
$replypost->check();
!empty($pwpost->errMsg) && wap_msg($pwpost->errMsg);
require_once R_P . 'require/bbscode.php';
$replypost->setTpc($tpcarray);
$content = $content . "\r\n\r\n[size=2][color=#a5a5a5]内容来自[/color][color=#4f81bd][url=" . $db_bbsurl . "/m/index.php][手机版][/url][/color] [/size]";
$postdata = new replyPostData($pwpost);
$postdata->setTitle(wap_cv($subject, false));
$postdata->setContent(wap_cv($content, false));
<?php
!defined('P_W') && exit('Forbidden');
InitGP(array('id'), null, 2);
InitGP(array('record'));
$rt = $db->get_one("SELECT tid,fid FROM pw_pinglog WHERE ifhide=0 AND id=" . S::sqlEscape($id));
if (empty($rt) || !$rt['fid']) {
Showmsg('data_error');
}
L::loadClass('forum', 'forum', false);
$pwforum = new PwForum($rt['fid']);
$isGM = CkInArray($windid, $manager);
if (!$isGM && !pwRights($pwforum->isBM($windid), 'pingcp', $rt['fid'])) {
Showmsg('mawhole_right');
}
//$db->update("UPDATE pw_pinglog SET record=" . S::sqlEscape($record) . " WHERE id=" . S::sqlEscape($id));
pwQuery::update('pw_pinglog', 'id=:id', array($id), array('record' => $record));
echo "success";
# memcache reflesh
if ($db_memcache) {
//* $threads = L::loadClass('Threads', 'forum');
//* $threads->delThreads($rt['tid']);
Perf::gatherInfo('changeThreadWithThreadIds', array('tid' => $rt['tid']));
}
ajax_footer();
$showfield[] = $key;
}
}
!empty($showfield) && ($fieldinfo .= ',mi.customdata');
$fieldinfo && ($tableinfo = 'LEFT JOIN pw_memberinfo mi ON mi.uid=m.uid');
/**************************************/
//帖子浏览及管理权限
$isGM = $isBM = $admincheck = $managecheck = $pwPostHide = $pwSellHide = $pwEncodeHide = 0;
$pwSystem = array();
if ($groupid != 'guest') {
$isGM = S::inArray($windid, $manager);
$isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid);
$admincheck = $isGM || $isBM ? 1 : 0;
if (!$isGM) {
#非创始人权限获取
$pwSystem = pwRights($isBM);
if ($pwSystem && ($pwSystem['tpccheck'] || $pwSystem['digestadmin'] || $pwSystem['lockadmin'] || $pwSystem['pushadmin'] || $pwSystem['coloradmin'] || $pwSystem['downadmin'] || $pwSystem['delatc'] || $pwSystem['moveatc'] || $pwSystem['copyatc'] || $pwSystem['topped'] || $pwSystem['unite'] || $pwSystem['pingcp'] || $pwSystem['areapush'])) {
$managecheck = 1;
}
$pwPostHide = $pwSystem['posthide'];
$pwSellHide = $pwSystem['sellhide'];
$pwEncodeHide = $pwSystem['encodehide'];
} else {
$managecheck = $pwPostHide = $pwSellHide = $pwEncodeHide = 1;
}
}
//版块查看权限
if ($foruminfo['allowread'] && !$admincheck && !allowcheck($foruminfo['allowread'], $groupid, $winddb['groups'])) {
Showmsg('forum_read_right');
}
if (!$admincheck) {
$credit->addLog("topic_{$creditOpKey}", $creditset[$creditOpKey], array('uid' => $tpcData['authorid'], 'username' => $tpcData['author'], 'ip' => $onlineip, 'fname' => strip_tags($foruminfo['name']), 'operator' => $windid));
$credit->sets($tpcData['authorid'], $creditset[$creditOpKey], false);
}
$credit->runsql();
require_once R_P . 'require/msg.php';
foreach ($msgdb as $key => $val) {
pwSendMsg($val);
}
$delarticle->delTopic($readdb);
# memcache refresh
$threadList = L::loadClass("threadlist");
$threadList->refreshThreadIdsByForumId($fid);
refreshto("forumcp.php?action=edit&type={$type}&fid={$fid}", 'operate_success');
}
} elseif ($type == 'pcheck') {
if (!$isGM && !pwRights($isBM, 'viewcheck')) {
Showmsg('not_forumadmin');
}
if (empty($_POST['step'])) {
InitGP(array('starttime', 'endtime', 'username', 'ptable'));
InitGP(array('page'), 'GP', 2);
$page < 1 && ($page = 1);
$limit = pwLimit(($page - 1) * $db_perpage, $db_perpage);
$sql = $url_a = '';
$_POST['starttime'] && ($starttime = PwStrtoTime($starttime));
$_POST['endtime'] && ($endtime = PwStrtoTime($endtime));
if ($username) {
$sql .= ' AND author=' . pwEscape($username);
$url_a .= "username="******"&";
}
if ($starttime) {
//$db->update("UPDATE pw_threads SET locked='$s' WHERE tid=".S::sqlEscape($rt['tid']));
pwQuery::update('pw_threads', "tid=:tid", array($rt['tid']), array("locked" => $s));
if ($ifmsg) {
$msgdb[] = array('toUser' => $rt['author'], 'title' => getLangInfo('writemsg', 'unlock_title'), 'content' => getLangInfo('writemsg', 'unlock_content', array('manager' => $windid, 'fid' => $fid, 'tid' => $rt['tid'], 'subject' => $rt['subject'], 'postdate' => get_date($rt['postdate']), 'forum' => strip_tags($forum[$fid]['name']), 'admindate' => get_date($timestamp), 'reason' => stripslashes($atc_content))));
}
$logdb[] = array('type' => 'locked', 'username1' => $rt['author'], 'username2' => $windid, 'field1' => $fid, 'field2' => $rt['tid'], 'field3' => '', 'descrip' => 'unlock_descrip', 'timestamp' => $timestamp, 'ip' => $onlineip, 'tid' => $rt['tid'], 'subject' => substrs($rt['subject'], 28), 'forum' => $forum[$fid]['name'], 'reason' => stripslashes($atc_content));
}
}
sendMawholeMessages($msgdb);
foreach ($logdb as $key => $val) {
writelog($val);
}
refreshto("apps.php?q=group&a=thread&cyid={$cyid}", 'lock_success');
}
} elseif ($action == 'pushtopic') {
$pushtime_top = (int) pwRights(false, 'pushtime');
if (empty($_POST['step'])) {
require_once PrintEot('m_topicadmin');
footer();
} else {
PostCheck();
S::gp(array('ifmsg', 'nextto', 'pushtime'));
if (!is_numeric($pushtime)) {
Showmsg('mawhole_erropushtime');
}
if ($pushtime_top && $pushtime > $pushtime_top) {
Showmsg('mawhole_beyondpushtime');
}
$msgdb = $logdb = array();
$query = $db->query("SELECT tid,fid,postdate,author,authorid,subject FROM pw_threads WHERE tid IN(" . S::sqlImplode($selids) . ")");
while ($rt = $db->fetch_array($query)) {
function editlog()
{
if ($this->post->uid != $this->atcdb['authorid'] && ($this->post->isGM || pwRights($this->post->isBM, 'deltpcs'))) {
/**
* 管理员编辑帖子的安全日记
*/
global $timestamp, $onlineip;
require_once R_P . 'require/writelog.php';
$log = array('type' => 'edit', 'username1' => $this->atcdb['author'], 'username2' => $this->post->username, 'field1' => $this->forum->fid, 'field2' => '', 'field3' => '', 'descrip' => 'edit_descrip', 'timestamp' => $timestamp, 'ip' => $onlineip, 'tid' => $this->tid, 'forum' => $this->forum->name, 'subject' => substrs($this->data['title'], 28), 'reason' => 'edit article');
writelog($log);
}
}
if ($bandb['type'] == 3) {
Showmsg('ban_info3');
} else {
Cookie('force', '', 0);
}
}
$userlastptime = $groupid != 'guest' ? $winddb['lastpost'] : GetCookie('userlastptime');
/**
* 灌水预防
*/
$tdtime >= $winddb['lastpost'] && ($winddb['todaypost'] = 0);
$montime >= $winddb['lastpost'] && ($winddb['monthpost'] = 0);
if ($_G['postlimit'] && $winddb['todaypost'] >= $_G['postlimit']) {
Showmsg('post_gp_limit');
}
if (!empty($_POST['step']) && !$pwpost->isGM && $_G['postpertime'] && $timestamp >= $userlastptime && $timestamp - $userlastptime <= $_G['postpertime'] && !pwRights($pwpost->isBM, 'postpers')) {
Showmsg('post_limit');
}
list($postq, $showq) = explode("\t", $db_qcheck);
$_G['uploadtype'] && ($db_uploadfiletype = $_G['uploadtype']);
$db_uploadfiletype = !empty($db_uploadfiletype) ? is_array($db_uploadfiletype) ? $db_uploadfiletype : unserialize($db_uploadfiletype) : array();
empty($db_sellset['type']) && ($db_sellset['type'] = array('money'));
empty($db_enhideset['type']) && ($db_enhideset['type'] = array('rvrc'));
if (empty($_POST['step'])) {
require_once R_P . 'require/credit.php';
$editor = getstatus($winddb['userstatus'], PW_USERSTATUS_EDITOR) ? 'wysiwyg' : 'textmode';
!is_numeric($db_attachnum) && ($db_attachnum = 1);
$htmlsell = $pwforum->foruminfo['allowsell'] && $_G['allowsell'] ? '' : 'disabled';
$htmlhide = $pwforum->forumset['allowencode'] && $_G['allowencode'] ? '' : 'disabled';
$htmlpost = $attachHide = $pwforum->foruminfo['allowhide'] && $_G['allowhidden'] ? '' : 'disabled';
$ifanonymous = $pwpost->isGM || $pwforum->forumset['anonymous'] && $_G['anonymous'] ? '' : 'disabled';
$lastpost = $rt['subject'] . "\t" . $rt['author'] . "\t" . $rt['postdate'] . "\t" . "read.php?tid={$rt['tid']}&ds=1&page=e#a";
//* $db->update("UPDATE pw_forumdata SET topic=topic+'1',article=article+'1',tpost=tpost+'1',lastpost=".S::sqlEscape($lastpost,false)." WHERE fid='$fid'");
$db->update(pwQuery::buildClause("UPDATE :pw_table SET topic=topic+'1',article=article+'1',tpost=tpost+'1',lastpost=:lastpost WHERE fid=:fid", array('pw_forumdata', $lastpost, $fid)));
//更新审核日志
$db->update(pwQuery::buildClause("UPDATE :pw_table SET state=1,assessor=:assessor WHERE tid=:tid", array('pw_filter', $windid, $rt[tid])));
}
Showmsg('operate_success');
} elseif ($action == 'inspect') {
$forumset = $foruminfo['forumset'];
if (empty($forumset['inspect'])) {
Showmsg('undefined_action');
}
S::gp(array('pid', 'page', 'p', 'nextto'));
$pid = (int) $pid;
$page = (int) $page;
if (!empty($foruminfo['t_type']) && ($isGM || pwRights($isBM, 'tpctype'))) {
$iftypeavailable = 1;
}
$rt = $db->get_one('SELECT inspect FROM pw_threads WHERE tid=' . S::sqlEscape($tid) . " AND fid=" . S::sqlEscape($fid));
empty($rt) && Showmsg('undefined_action');
list($lou) = explode("\t", $rt['inspect']);
$pid >= intval($lou) && ($lou = $pid);
$inspect = $lou . "\t" . addslashes($windid);
//$db->update('UPDATE pw_threads SET inspect='.S::sqlEscape($inspect).' WHERE tid='.S::sqlEscape($tid));
pwQuery::update('pw_threads', 'tid=:tid', array($tid), array('inspect' => $inspect));
delfcache($fid, $db_fcachenum);
if (!empty($nextto)) {
if (!defined('AJAX')) {
refreshto("mawhole.php?action={$nextto}&fid={$fid}&seltid={$tid}", 'operate_success');
} else {
$selids = $tid;
//title
list($guidename, $forumtitle) = $pwforum->getTitle();
if (!$replytitle) {
$atc_title = "Re:{$read['subject']}";
//$forumtitle = "$atc_title|$forumtitle";
} else {
$atc_title = "Re:{$replytitle}";
//$forumtitle = "$atc_title|$tpcarray[subject]|$forumtitle";
}
//time
list($postTime) = getLastDate($atcarray['postdate']);
$atc_title = substrs(str_replace(' ', ' ', $atc_title), $db_titlemax - 3);
//quote
if ((!$tpc_locked || $SYSTEM['replylock']) && ($admincheck || $pwforum->allowreply($winddb, $groupid))) {
if (!$admincheck && !$foruminfo['allowrp'] && !$_G['allowrp']) {
quickPostMessage('reply_group_right');
}
require_once PrintEot('quickpost');
ajax_footer();
}
if (!$isGM && $tpc_locked && !pwRights($isBM, 'replylock')) {
//locked
quickPostMessage('reply_lockatc');
}
quickPostMessage('reply_group_right');
function quickPostMessage($message)
{
$message = getLangInfo('msg', $message);
echo $message;
ajax_footer();
}
/**
* 返回报名列表管理/浏览权限
* @param int $authorid 发起人id
* @return bool
* @access private
*/
function getAdminRight($authorid)
{
global $groupid, $manager, $foruminfo, $windid;
$isGM = S::inArray($windid, $manager);
//是否是创始人
$isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid);
//是否有管理权限
if (!$isGM) {
#非创始人权限获取
$pwSystem = pwRights($isBM);
if ($pwSystem && $pwSystem['activitylist']) {
$isBM = 1;
} else {
$isBM = 0;
}
}
if ($groupid == 3 || $isGM || $isBM || $authorid == $this->winduid) {
return true;
}
return false;
}
if (!$replytitle) {
$atc_title = "Re:{$tpcarray['subject']}";
$forumtitle = "{$atc_title}|{$forumtitle}";
} else {
$atc_title = "Re:{$replytitle}";
$forumtitle = "{$atc_title}|{$tpcarray['subject']}|{$forumtitle}";
}
$atc_title = substrs(str_replace(' ', ' ', $atc_title), $db_titlemax - 3);
$db_metakeyword = str_replace(array('|', ' - '), ',', $forumtitle) . 'phpwind';
require_once R_P . 'require/header.php';
$msg_guide = $pwforum->headguide($guidename);
$post_reply = '';
$review_reply = '';
if ($db_showreplynum > 0) {
$wordsfb = L::loadClass('FilterUtil', 'filter');
$pwAnonyHide = $pwpost->isGM || pwRights($pwpost->isBM, 'anonyhide');
$query = $db->query("SELECT p.pid,p.author,p.authorid,p.subject,p.postdate,p.content,p.anonymous,p.ifconvert,p.ifwordsfb,p.ifshield,m.uid,m.groupid,m.userstatus FROM {$pw_posts} p LEFT JOIN pw_members m ON p.authorid=m.uid WHERE tid=" . S::sqlEscape($tid) . "AND ifcheck='1' ORDER BY postdate DESC LIMIT 0,{$db_showreplynum}");
while ($rt = $db->fetch_array($query)) {
$tpc_author = $rt['anonymous'] && !$pwAnonyHide && $windid != $rt['author'] ? $db_anonymousname : $rt['author'];
$tpc_pid = $rt['pid'];
if ($rt['ifshield']) {
$groupid != '3' && ($rt['content'] = shield($rt['ifshield'] == '1' ? 'shield_article' : 'shield_del_article'));
} elseif ($groupid != 3 && $db_shield && $pwforum->forumBan($rt)) {
$rt['content'] = shield('ban_article');
} else {
if (!$wordsfb->equal($rt['ifwordsfb'])) {
$rt['content'] = $wordsfb->convert($rt['content']);
}
$rt['ifconvert'] == 2 && ($rt['content'] = convert($rt['content'], $db_windpost));
if (strpos($rt['content'], '[p:') !== false || strpos($rt['content'], '[s:') !== false) {
$rt['content'] = showface($rt['content']);
function getThreadLevel($type, $fid)
{
if (!in_array($type, array('thread', 'special'))) {
return array('', '', '');
}
global $windid, $manager, $SYSTEM;
/* thread level */
$isGM = S::inArray($windid, $manager);
$isGM ? $admincheck = 1 : 0;
if (!$admincheck && $fid) {
$_forumsService = L::loadClass('forums', 'forum');
$foruminfo = $_forumsService->getForum($fid);
$isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid);
$pwSystem = pwRights($isBM, false, $fid);
if ($pwSystem && ($pwSystem['tpccheck'] || $pwSystem['digestadmin'] || $pwSystem['lockadmin'] || $pwSystem['pushadmin'] || $pwSystem['coloradmin'] || $pwSystem['downadmin'] || $pwSystem['delatc'] || $pwSystem['moveatc'] || $pwSystem['copyatc'] || $pwSystem['topped'])) {
$admincheck = 1;
}
}
$superdelete = $SYSTEM['superright'] && $SYSTEM['delatc'] ? true : false;
$superedit = $SYSTEM['superright'] && $SYSTEM['deltpcs'] ? true : false;
return array($admincheck, $superdelete, $superedit);
}
} else {
$admincheck = 0;
}
if ($foruminfo['allowread'] && !$admincheck && !allowcheck($foruminfo['allowread'], $groupid, $winddb['groups'])) {
Showmsg('forum_read_right');
}
if (!$admincheck && !$foruminfo['allowvisit']) {
forum_creditcheck();
}
if (!$admincheck && $foruminfo['forumsell']) {
forum_sell($fid);
}
if ($read['ifcheck'] == 0 && !$isGM && $windid != $read['author'] && !pwRights($isBM, 'viewcheck')) {
Showmsg('read_check');
}
if ($read['locked'] % 3 == 2 && !$isGM && !pwRights($isBM, 'viewclose')) {
Showmsg('read_locked');
}
$db_metakeyword = substr($read['tags'], 0, strpos($read['tags'], "\t"));
$db_metakeyword = (empty($db_metakeyword) ? $subject : $db_metakeyword) . ',' . $forumtitle;
$db_metakeyword = trim(str_replace(array('|', ' - ', "\t", ' ', ',,,', ',,'), ',', $db_metakeyword), ',');
if ($groupid == 'guest' && !$read['ifshield'] && !isban($read, $fid)) {
if ($read['ifconvert'] == 2) {
$metadescrip = stripWindCode($read['content']);
$metadescrip = strip_tags($metadescrip);
} else {
$metadescrip = strip_tags($read['content']);
}
$metadescrip = str_replace(array('"', "\n", "\r", ' ', '&', '<', '', ' '), '', $metadescrip);
$metadescrip = substrs($metadescrip, 255, false);
if ($read['ifwordsfb'] != $db_wordsfb) {
$schedid = '';
InitGP(array('sid', 'seekfid', 'page', 'ptable'));
$f_fid = (int) $f_fid;
!$seekfid && ($seekfid = empty($f_fid) || $f_fid == 'all' ? 'all' : $f_fid);
if ($seekfid != 'all') {
$seekfid = (int) $seekfid;
}
$admincheck = $total = 0;
$isGM = CkInArray($windid, $manager);
if ($seekfid != 'all') {
if ($isGM) {
$admincheck = 1;
} else {
$foruminfo = $db->get_one("SELECT forumadmin,fupadmin FROM pw_forums WHERE fid=" . pwEscape($seekfid));
$isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid);
$pwSystem = pwRights($isBM, false, $seekfid);
if ($pwSystem && ($pwSystem['tpccheck'] || $pwSystem['digestadmin'] || $pwSystem['lockadmin'] || $pwSystem['pushadmin'] || $pwSystem['coloradmin'] || $pwSystem['downadmin'] || $pwSystem['delatc'] || $pwSystem['moveatc'] || $pwSystem['copyatc'] || $pwSystem['topped'])) {
$admincheck = 1;
}
}
}
$superRight = $SYSTEM['superright'] && $SYSTEM['delatc'] ? true : false;
/*超级删除权限*/
$superEdit = $SYSTEM['superright'] && $SYSTEM['deltpcs'] ? true : false;
/*超级编辑权限*/
unset($f_fid);
if ($db_sphinx['isopen'] == 1 && $keyword) {
require_once R_P . 'require/sphinxsearch.php';
} else {
require_once R_P . 'require/normalsearch.php';
}
/**
*
* @param $tid
*/
function checkReply($tid)
{
global $timestamp, $groupid, $winddb, $winduid, $_time;
$this->hours =& $_time['hours'];
$tpcarray = $this->db->get_one("SELECT tid,fid,locked,ifcheck,postdate,ptable,tpcstatus FROM pw_threads WHERE tid=" . S::sqlEscape($tid));
if (empty($tpcarray)) {
return false;
}
L::loadClass('forum', 'forum', false);
L::loadClass('post', 'forum', false);
$pwforum = new PwForum($tpcarray['fid']);
$pwpost = new PwPost($pwforum);
if (getstatus($tpcarray['tpcstatus'], 7)) {
$robbuildService = L::loadClass('RobBuild', 'forum');
/* @var $robbuildService PW_RobBuild */
$robbuild = $robbuildService->getByTid($tid);
if ($robbuild['starttime'] > $timestamp) {
return false;
}
}
if (!$pwforum->foruminfo['allowrp'] && !$pwpost->admincheck && $GLOBALS['_G']['allowrp'] == 0) {
return 'reply_group_right';
} elseif ($pwforum->forumset['lock'] && !$pwpost->isGM && $timestamp - $tpcarray['postdate'] > $pwforum->forumset['lock'] * 86400 && !pwRights($pwpost->isBM, 'replylock')) {
return 'forum_locked';
} elseif (!$pwpost->isGM && !$tpcarray['ifcheck'] && !pwRights($pwpost->isBM, 'viewcheck')) {
return 'reply_ifcheck';
} elseif (!$pwpost->isGM && $tpcarray['locked'] % 3 != 0 && !pwRights($pwpost->isBM, 'replylock')) {
return 'reply_lockatc';
} elseif (!$pwpost->isGM && !$pwpost->forum->allowtime($this->hours) && !pwRights($pwpost->isBM, 'allowtime')) {
return 'forum_allowtime';
} else {
if ($groupid == 6 || getstatus($winddb['userstatus'], PW_USERSTATUS_BANUSER)) {
$bandb = array();
$query = $this->db->query("SELECT * FROM pw_banuser WHERE uid=" . S::sqlEscape($winduid));
while ($rt = $this->db->fetch_array($query)) {
if ($rt['fid'] == 0 || $rt['fid'] == $tpcarray['fid']) {
$bandb[$rt['fid']] = $rt;
}
}
if ($bandb) {
return 'ban_info3';
}
}
L::loadClass('replypost', 'forum', false);
$replypost = new replyPost($pwpost);
$replypost->setTpc($tpcarray);
$pwpost->errMode = true;
$replypost->check();
if ($pwpost->errMsg && ($msg = reset($pwpost->errMsg))) {
return $msg;
}
return true;
}
}
/**
* 判断用户所在用户组对版块的管理权限
*
* @param string $name 用户名
* @param bool $isBM 是否为版主
* @param string $type 例如:$pwSystem权限,deltpcs编辑权限
* @return bool
*/
function userSystemRight($name, $isBM, $type)
{
$isGM = isGM($name);
$pwSystem = pwRights($isBM);
if ($isGM || $pwSystem[$type]) {
return true;
}
return false;
}
function sendPost($tid, $uid, $title, $content)
{
global $winddb, $winduid, $windid, $groupid, $fid, $timestamp, $pwforum, $pwpost, $_G, $db_uploadfiletype, $uploadcredit, $uploadmoney, $manager, $isBM, $_time;
$timestamp = time();
$_time = array('hours' => get_date($timestamp, 'G'), 'day' => get_date($timestamp, 'j'), 'week' => get_date($timestamp, 'w'));
list($uid, $tid, $title, $content) = array(intval($uid), intval($tid), trim($title), trim($content));
if ($uid < 1 || $tid < 1 || !$content) {
return $this->buildResponse(THREAD_INVALID_PARAMS);
}
ACloud_Sys_Core_Common::setGlobal('customized_current_uid', $uid);
$user = $this->getCurrentUser();
if (!$user->isLogin()) {
return $this->buildResponse(USER_NOT_LOGIN);
}
if ($user->groupid == 6 || getstatus($user->info['userstatus'], PW_USERSTATUS_BANUSER)) {
return $this->buildResponse(THREAD_USER_NOT_RIGHT);
}
$user->initRight();
$winduid = $user->uid;
$groupid = $user->groupid;
$windid = $user->username;
$winddb = $user->info;
$_G = $user->_G;
if ($_G['postlimit'] && $winddb['todaypost'] >= $_G['postlimit']) {
return $this->buildResponse(POST_GP_LIMIT);
}
$tpcarray = $GLOBALS['db']->get_one("SELECT t.tid,t.fid,t.locked,t.ifcheck,t.author,t.authorid,t.postdate,t.lastpost,t.ifmail,t.special,t.subject,t.type,t.ifshield,t.anonymous,t.ptable,t.replies,t.tpcstatus FROM pw_threads t WHERE t.tid=" . pwEscape($tid));
L::loadClass('forum', 'forum', false);
$pwforum = new PwForum($tpcarray['fid']);
if (!$pwforum->isForum()) {
return $this->buildResponse(THREAD_FORUM_NOT_EXIST);
}
$fid = $tpcarray['fid'];
$isBM = $pwforum->isBM($windid);
$isGM = S::inArray($windid, $manager);
if (!$isGM && $tpcarray['locked'] % 3 != 0 && !pwRights($isBM, 'replylock')) {
return $this->buildResponse(THREAD_LOCKED);
}
L::loadClass('post', 'forum', false);
require_once ACLOUD_VERSION_PATH . '/customized/ver.customized.bbscode.php';
$pwpost = new PwPost($pwforum);
$pwpost->errMode = true;
$pwpost->forumcheck();
$pwpost->postcheck();
L::loadClass('replypost', 'forum', false);
$replypost = new replyPost($pwpost);
$replypost->setTpc($tpcarray);
$replypost->check();
$pw_posts = GetPtable($replypost->tpcArr['ptable']);
$postdata = new replyPostData($pwpost);
$postdata->setTitle($title);
$postdata->setContent($content);
$postdata->conentCheck();
if ($pwpost->errMsg && ($msg = reset($pwpost->errMsg))) {
return $this->buildResponse(THREAD_SYSTEM_ERROR, $msg);
}
require_once ACLOUD_VERSION_PATH . '/customized/ver.customized.attupload.php';
if (PwUpload::getUploadNum()) {
$_G['uploadtype'] && ($db_uploadfiletype = $_G['uploadtype']);
$db_uploadfiletype = !empty($db_uploadfiletype) ? is_array($db_uploadfiletype) ? $db_uploadfiletype : unserialize($db_uploadfiletype) : array();
$postdata->att = new AttUpload($user->uid);
$return = $postdata->att->check();
if ($return) {
$msginfo = getLangInfo('msg', $return);
return $this->errMessage(THREAD_USER_NOT_RIGHT, $msginfo);
}
list($windVersion) = explode(',', WIND_VERSION);
if ($windVersion && $windVersion < '8.5') {
$postdata->att->transfer();
PwUpload::upload($postdata->att);
}
}
$replypost->execute($postdata);
$pid = $replypost->getNewId();
return $this->buildResponse(0, array('pid' => $pid));
}
!defined('W_P') && exit('Forbidden');
!$winduid && wap_msg('not_login');
InitGP(array('action', 'fid', 'seltid', 'selpid'), 'GP');
$template = 'read';
if (!($foruminfo = L::forum($fid))) {
wap_msg('data_error', 'index.php?a=mawhole&fid=' . $fid . '&seltid=' . $seltid);
}
//validate
if (!$seltid || !$fid) {
wap_msg('data_error');
}
//权限检查
$isGM = CkInArray($windid, $manager);
if (!$isGM) {
$isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid);
$admincheck = pwRights($isBM, 'delatc');
!$admincheck && wap_msg('mawhole_right');
}
if ($action == 'del') {
require_once R_P . 'require/msg.php';
require_once R_P . 'require/writelog.php';
InitGP(array('ifdel', 'ifmsg', 'atc_content'));
if (empty($atc_content) && $db_enterreason) {
wap_msg('enterreason', 'index.php?a=mawhole&fid=' . $fid . '&seltid=' . $seltid);
}
require_once R_P . 'require/credit.php';
$creditset = $credit->creditset($foruminfo['creditset'], $db_creditset);
$msg_delrvrc = $ifdel ? abs($creditset['Delete']['rvrc']) : 0;
$msg_delmoney = $ifdel ? abs($creditset['Delete']['money']) : 0;
$delarticle = L::loadClass('DelArticle', 'forum');
$readdb = array();
$old_content = preg_replace("/\\[quote\\](.*)\\[\\/quote\\]/is", "", $old_content);
$bit_content = explode("\n", $old_content);
if (count($bit_content) > 5) {
$old_content = "{$bit_content['0']}\n{$bit_content['1']}\n{$bit_content['2']}\n{$bit_content['3']}\n{$bit_content['4']}\n.......";
}
if (strpos($old_content, $db_bbsurl) !== false) {
$old_content = str_replace('p_w_picpath', $db_picpath, $old_content);
$old_content = str_replace('p_w_upload', $db_attachname, $old_content);
}
$old_content = preg_replace("/\\<(.+?)\\>/is", "", $old_content);
$atc_content = "[quote]" . ($article == 0 ? getLangInfo('post', 'info_post_1') : getLangInfo('post', 'info_post_2')) . "\n{$old_content} [url={$db_bbsurl}/job.php?action=topost&tid={$tid}&pid={$pid}][img]{$imgpath}/back.gif[/img][/url]\n[/quote]\n";
$replytitle == '' ? $atc_title = 'Re:' . $tpcarray['subject'] : ($atc_title = 'Re:' . $replytitle);
require_once PrintEot('ajax');
ajax_footer();
} elseif ($action == 'subject') {
!$pwpost->isGM && !pwRights($pwpost->isBM, 'deltpcs') && Showmsg('undefined_action');
$atcdb = $db->get_one('SELECT authorid,subject FROM pw_threads WHERE tid=' . pwEscape($tid) . ' AND fid=' . pwEscape($fid));
empty($atcdb) && Showmsg('illegal_tid');
if ($winduid != $atcdb['authorid'] && $groupid != 3 && $groupid != 4) {
$authordb = $db->get_one('SELECT groupid FROM pw_members WHERE uid=' . pwEscape($atcdb['authorid']));
if ($authordb['groupid'] == 3 || $authordb['groupid'] == 4) {
Showmsg('modify_admin');
}
}
if (empty($_POST['step'])) {
$atcdb['subject'] = str_replace(array("<", ">", "\t"), array('<', '>', ''), $atcdb['subject']);
echo "success\t" . $atcdb['subject'];
ajax_footer();
} else {
PostCheck();
InitGP(array('atc_content'), 'P');
/**
* 获取系统在帖子列表对帖子的管理权限
* @author zhudong
* @return array $rights 权限数组 admincheck:管理员或版主
*/
function getSystemRight()
{
global $windid, $groupid, $isGM;
$isBM = $admincheck = $ajaxcheck = $managecheck = $pwAnonyHide = $pwPostHide = $pwSellHide = $pwEncodeHide = 0;
$isBM = $this->isBM($windid);
$admincheck = $isGM || $isBM ? 1 : 0;
if (!$isGM) {
$pwSystem = pwRights($isBM);
if ($pwSystem && ($pwSystem['tpccheck'] || $pwSystem['digestadmin'] || $pwSystem['lockadmin'] || $pwSystem['pushadmin'] || $pwSystem['coloradmin'] || $pwSystem['downadmin'] || $pwSystem['delatc'] || $pwSystem['moveatc'] || $pwSystem['copyatc'] || $pwSystem['topped'] || $pwSystem['unite'] || $pwSystem['tpctype'])) {
//system rights
$managecheck = 1;
}
if (($groupid == 3 || $isBM) && $pwSystem['deltpcs']) {
$ajaxcheck = 1;
}
$pwPostHide = $pwSystem['posthide'];
$pwSellHide = $pwSystem['sellhide'];
$pwEncodeHide = $pwSystem['encodehide'];
$pwAnonyHide = $pwSystem['anonyhide'];
} else {
$managecheck = $ajaxcheck = $pwAnonyHide = $pwPostHide = $pwSellHide = $pwEncodeHide = 1;
}
return array($isBM, $admincheck, $ajaxcheck, $managecheck, $pwAnonyHide, $pwPostHide, $pwSellHide, $pwEncodeHide, $pwSystem);
}
function setTopped($topped)
{
if ($topped && !$this->post->isGM && pwRights($this->post->isBM, 'topped') < $topped) {
$topped = 0;
}
$this->data['topped'] = $topped;
}
$prer = nextReply($tid, $pid, $rt['ptable'], -1);
} else {
wap_msg('illegal_tid');
}
} elseif ($action == 'modify') {
InitGP(array('step'), 'GP', 2);
$pw_tmsgs = GetTtable($tid);
$rt = $db->get_one("SELECT t.fid,t.tid,t.subject,t.author,t.authorid,t.replies,t.locked,t.postdate,t.anonymous,t.ptable,tm.content FROM pw_threads t LEFT JOIN {$pw_tmsgs} tm ON tm.tid=t.tid WHERE t.tid=" . pwEscape($tid) . " AND ifcheck=1");
//读取板块信息
if (!($foruminfo = L::forum($rt[fid]))) {
wap_msg('data_error');
}
$isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid);
//获得管理权限
$pw_posts = GetPtable($rt['ptable']);
$reply = $db->get_one("SELECT * FROM {$pw_posts} WHERE pid = " . pwEscape($pid));
$editright = $isGM || pwRights($isBM, 'deltpcs') || $reply['authorid'] == $winduid;
!$editright && wap_msg('您没有权限编辑此回复', 'index.php?a=reply&tid=' . $tid . '&pid=' . $pid);
if (empty($step)) {
$reply['content'] = str_replace(array('<', '>', ' '), array('<', '>', ' '), $reply['content']);
} elseif ($step == 2) {
InitGP(array('content'), 'GP');
$pw_posts = GetPtable('N', $tid);
$db->update("UPDATE {$pw_posts} SET content = " . pwEscape(wap_cv($content)) . " WHERE pid = " . pwEscape($pid));
wap_msg('operate_success', 'index.php?a=reply&tid=' . $tid . '&pid=' . $pid);
}
}
Cookie("wap_scr", serialize(array("page" => "reply", "extra" => array("tid" => $tid, "pid" => $pid))));
wap_header();
require_once PrintWAP('reply');
wap_footer();
Showmsg('job_attach_error');
}
$fid = $attach['fid'];
$aid = $attach['aid'];
$tid = $attach['tid'];
$pid = $attach['pid'];
if (!($foruminfo = L::forum($fid))) {
Showmsg('data_error');
}
require_once R_P . 'require/forum.php';
require_once R_P . 'require/updateforum.php';
wind_forumcheck($foruminfo);
$isGM = S::inArray($windid, $manager);
//获取管理权限
$isBM = admincheck($foruminfo['forumadmin'], $foruminfo['fupadmin'], $windid);
if ($isGM || pwRights($isBM, 'delattach')) {
$admincheck = 1;
} else {
$admincheck = 0;
}
if ($groupid != 'guest' && ($admincheck || $attach['uid'] == $winduid)) {
pwDelatt($attach['attachurl'], $db_ifftp);
pwFtpClose($ftp);
$pw_attachs->delete($aid);
$ifupload = getattachtype($tid);
$ifaid = $ifupload === false ? 0 : 1;
if ($pid) {
$pw_posts = GetPtable('N', $tid);
//$db->update("UPDATE $pw_posts SET aid=" . S::sqlEscape($ifaid, false) . "WHERE tid=" . S::sqlEscape($tid, false) . "AND pid=" . S::sqlEscape($pid, false));
pwQuery::update($pw_posts, 'tid=:tid AND pid=:pid', array($tid, $pid), array('aid' => $ifaid));
} else {
function _checkForum($fid)
{
L::loadClass('forum', 'forum', false);
$pwforum = new PwForum($fid);
if (!$pwforum->isForum()) {
return 'data_error';
}
$pwforum->forumcheck($this->user, $this->groupid);
$this->foruminfo =& $pwforum->foruminfo;
$isBM = $pwforum->isBM($this->username);
$this->admincheck = $this->isGM || pwRights($isBM, 'delattach', $fid) ? 1 : 0;
return true;
}
$atc_content = str_replace('p_w_picpath', $db_picpath, $atc_content);
$atc_content = str_replace('p_w_upload', $db_attachname, $atc_content);
}
list($guidename, $forumtitle) = $pwforum->getTitle();
if (trim($subject)) {
$guidename .= " » <a href=\"read.php?tid={$tid}\">{$subject}</a>";
}
$db_metakeyword = str_replace(array('|', ' - '), ',', $forumtitle) . 'phpwind';
$db_metadescrip = substrs(strip_tags(str_replace('"', '"', $atc_content)), 50);
require_once R_P . 'require/header.php';
$msg_guide = $pwforum->headguide($guidename);
require_once PrintEot('post');
footer();
} elseif ($_POST['step'] == 1) {
if (!$pwpost->isGM) {
if ($winduid != $atcdb['authorid'] && !pwRights($pwpost->isBM, 'modother')) {
Showmsg('modify_del_right');
} elseif ($_G['allowdelatc'] == 0) {
Showmsg('modify_group_right');
}
}
$pw_posts = GetPtable('N', $tid);
$rt = $db->get_one("SELECT COUNT(*) AS count FROM {$pw_posts} WHERE tid=" . pwEscape($tid) . " AND ifcheck='1'");
$count = $rt['count'] + 1;
if ($article == 0 && !$admincheck && $count > 1) {
Showmsg('modify_replied');
}
$rs = $db->get_one("SELECT replies,topped,tpcstatus FROM pw_threads WHERE tid=" . pwEscape($tid));
$thread_tpcstatus = $rs['tpcstatus'];
if ($rs['replies'] != $rt['count']) {
$db->update("UPDATE pw_threads SET replies=" . pwEscape($rt['count']) . "WHERE tid=" . pwEscape($tid));
}
$leaveword = $atcdb['leaveword'] ? leaveword($atcdb['leaveword']) : '';
$content = convert($atc_content . $leaveword, $db_windpost);
if (strpos($content, '[p:') !== false || strpos($content, '[s:') !== false) {
$content = showface($content);
}
if ($atcdb['ifsign'] < 2) {
$content = str_replace("\n", '<br />', $content);
}
if ($postdata->data['ifwordsfb'] == 0) {
$wordsfb = L::loadClass('FilterUtil');
$content = addslashes($wordsfb->convert(stripslashes($content)));
}
$creditnames = pwCreditNames();
if ($aids) {
if ($winduid == $atcdb['authorid'] || $pwpost->isGM || pwRights($pwpost->isBM, 'delattach')) {
$dfadmin = 1;
} else {
$dfadmin = 0;
}
foreach ($atcdb['attachs'] as $at) {
if (!in_array($at['aid'], $aids)) {
continue;
}
$atype = '';
$rat = array();
if ($at['type'] == 'img' && $at['needrvrc'] == 0 && (!$downloadimg || !$downloadmoney || $_G['allowdownload'] == 2)) {
$a_url = geturl($at['attachurl'], 'show');
if (is_array($a_url)) {
$atype = 'pic';
$dfurl = '<br>' . cvpic($a_url[0], 1, $db_windpost['picwidth'], $db_windpost['picheight'], $at['ifthumb']);
