public function save_comment_action() { if (!($article_info = $this->model('article')->get_article_info_by_id($_POST['article_id']))) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('指定文章不存在'))); } if ($article_info['lock'] and !($this->user_info['permission']['is_administortar'] or $this->user_info['permission']['is_moderator'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('已经锁定的文章不能回复'))); } $message = trim($_POST['message'], "\r\n\t"); if (!$message) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('请输入回复内容'))); } if (strlen($message) < get_setting('answer_length_lower')) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('回复内容字数不得少于 %s 字节', get_setting('answer_length_lower')))); } if (!$this->user_info['permission']['publish_url'] and FORMAT::outside_url_exists($message)) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('你所在的用户组不允许发布站外链接'))); } if (human_valid('answer_valid_hour') and !AWS_APP::captcha()->is_validate($_POST['seccode_verify'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('请填写正确的验证码'))); } // !注: 来路检测后面不能再放报错提示 if (!valid_post_hash($_POST['post_hash'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('页面停留时间过长,或内容已提交,请刷新页面'))); } if ($this->publish_approval_valid()) { $this->model('publish')->publish_approval('article_comment', array('article_id' => intval($_POST['article_id']), 'message' => $message, 'at_uid' => intval($_POST['at_uid'])), $this->user_id); H::ajax_json_output(AWS_APP::RSM(array('url' => get_js_url('/publish/wait_approval/article_id-' . intval($_POST['article_id']) . '__is_mobile-' . $_POST['_is_mobile'])), 1, null)); } else { $comment_id = $this->model('publish')->publish_article_comment($_POST['article_id'], $message, $this->user_id, $_POST['at_uid']); $url = get_js_url('/article/' . intval($_POST['article_id']) . '?item_id=' . $comment_id); H::ajax_json_output(AWS_APP::RSM(array('url' => $url), 1, null)); } }
public function publish_action() { if (!$this->user_info['permission']['publish_ticket']) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('你没有权限发布工单'))); } $_POST['title'] = trim($_POST['title']); if (!$_POST['title']) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('请输入工单标题'))); } if (human_valid('question_valid_hour') and !AWS_APP::captcha()->is_validate($_POST['seccode_verify'])) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('请填写正确的验证码'))); } if (!$this->model('publish')->insert_attach_is_self_upload($_POST['message'], $_POST['attach_ids'])) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('只允许插入当前页面上传的附件'))); } // !注: 来路检测后面不能再放报错提示 if (!valid_post_hash($_POST['post_hash'])) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('页面停留时间过长,或内容已提交,请刷新页面'))); } $ticket_id = $this->model('ticket')->save_ticket($_POST['title'], $_POST['message'], $this->user_id, $_POST['attach_access_key']); if (!$ticket_id) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('发布失败'))); } $this->model('draft')->delete_draft(1, 'ticket', $this->user_id); H::ajax_json_output(AWS_APP::RSM(array('url' => get_js_url('/ticket/' . $ticket_id)), 1, null)); }
public function login_process_action() { if (!$this->user_info['permission']['is_administortar'] and !$this->user_info['permission']['is_moderator']) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('你没有访问权限, 请重新登录'))); } if (get_setting('admin_login_seccode') == 'Y' and !AWS_APP::captcha()->is_validate($_POST['seccode_verify'])) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('请填写正确的验证码'))); } if (get_setting('ucenter_enabled') == 'Y') { if (!($user_info = $this->model('ucenter')->login($this->user_info['email'], $_POST['password']))) { $user_info = $this->model('account')->check_login($this->user_info['email'], $_POST['password']); } } else { $user_info = $this->model('account')->check_login($this->user_info['email'], $_POST['password']); } if ($user_info['uid']) { $this->model('admin')->set_admin_login($user_info['uid']); H::ajax_json_output(AWS_APP::RSM(array('url' => $_POST['url'] ? base64_decode($_POST['url']) : get_js_url('/admin/')), 1, null)); } else { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('帐号或密码错误'))); } }
public function modify_article_action() { if (!($article_info = $this->model('article')->get_article_info_by_id($_POST['article_id']))) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('文章不存在'))); } if ($article_info['lock'] and !($this->user_info['permission']['is_administortar'] or $this->user_info['permission']['is_moderator'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('文章已锁定, 不能编辑'))); } if (!$this->user_info['permission']['is_administortar'] and !$this->user_info['permission']['is_moderator'] and !$this->user_info['permission']['edit_article']) { if ($article_info['uid'] != $this->user_id) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('你没有权限编辑这个文章'))); } } if (!$_POST['title']) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('请输入文章标题'))); } if (get_setting('category_enable') == 'N') { $_POST['category_id'] = 1; } if (!$_POST['category_id']) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('请选择文章分类'))); } if (get_setting('question_title_limit') > 0 and cjk_strlen($_POST['title']) > get_setting('question_title_limit')) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('文章标题字数不得大于') . ' ' . get_setting('question_title_limit') . ' ' . AWS_APP::lang()->_t('字节'))); } if (!$this->user_info['permission']['publish_url'] and FORMAT::outside_url_exists($_POST['message'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('你所在的用户组不允许发布站外链接'))); } if (human_valid('question_valid_hour') and !AWS_APP::captcha()->is_validate($_POST['seccode_verify'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('请填写正确的验证码'))); } if (!$this->model('publish')->insert_attach_is_self_upload($_POST['message'], $_POST['attach_ids'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('只允许插入当前页面上传的附件'))); } // !注: 来路检测后面不能再放报错提示 if (!valid_post_hash($_POST['post_hash'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('页面停留时间过长,或内容已提交,请刷新页面'))); } $this->model('draft')->delete_draft(1, 'article', $this->user_id); if ($_POST['do_delete'] and !$this->user_info['permission']['is_administortar'] and !$this->user_info['permission']['is_moderator']) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('对不起, 你没有删除文章的权限'))); } if ($_POST['do_delete']) { if ($this->user_id != $article_info['uid']) { $this->model('account')->send_delete_message($article_info['uid'], $article_info['title'], $article_info['message']); } $this->model('article')->remove_article($article_info['id']); H::ajax_json_output(AWS_APP::RSM(array('url' => get_js_url('/home/explore/')), 1, null)); } $this->model('article')->update_article($article_info['id'], $_POST['title'], $_POST['message'], $_POST['topics'], $_POST['category_id'], $this->user_info['permission']['create_topic']); if ($_POST['attach_access_key']) { $this->model('publish')->update_attach('article', $article_info['id'], $_POST['attach_access_key']); } H::ajax_json_output(AWS_APP::RSM(array('url' => get_js_url('/article/' . $article_info['id'])), 1, null)); }
/** * 获取系统验证码处理类 * * 调用 core/captcha.php * * @access public * @return object */ public static function captcha() { if (!self::$captcha) { self::$captcha = load_class('core_captcha'); } return self::$captcha; }
public function save_answer_action() { if ($this->user_info['integral'] < 0 and get_setting('integral_system_enabled') == 'Y') { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('你的剩余积分已经不足以进行此操作'))); } if (!($question_info = $this->model('question')->get_question_info_by_id($_POST['question_id']))) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('问题不存在'))); } if ($question_info['lock'] and !($this->user_info['permission']['is_administortar'] or $this->user_info['permission']['is_moderator'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('已经锁定的问题不能回复'))); } $answer_content = trim($_POST['answer_content'], "\r\n\t"); if (!$answer_content) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('请输入回复内容'))); } // 判断是否是问题发起者 if (get_setting('answer_self_question') == 'N' and $question_info['published_uid'] == $this->user_id) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('不能回复自己发布的问题,你可以修改问题内容'))); } // 判断是否已回复过问题 if (get_setting('answer_unique') == 'Y' and $this->model('answer')->has_answer_by_uid($question_info['question_id'], $this->user_id)) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('一个问题只能回复一次,你可以编辑回复过的回复'))); } if (strlen($answer_content) < get_setting('answer_length_lower')) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('回复内容字数不得少于 %s 字节', get_setting('answer_length_lower')))); } if (!$this->user_info['permission']['publish_url'] and FORMAT::outside_url_exists($answer_content)) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('你所在的用户组不允许发布站外链接'))); } if (!$this->model('publish')->insert_attach_is_self_upload($answer_content, $_POST['attach_ids'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('只允许插入当前页面上传的附件'))); } if (human_valid('answer_valid_hour') and !AWS_APP::captcha()->is_validate($_POST['seccode_verify'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('请填写正确的验证码'))); } // !注: 来路检测后面不能再放报错提示 if (!valid_post_hash($_POST['post_hash'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('页面停留时间过长,或内容已提交,请刷新页面'))); } $this->model('draft')->delete_draft($question_info['question_id'], 'answer', $this->user_id); if ($this->publish_approval_valid($answer_content)) { $this->model('publish')->publish_approval('answer', array('question_id' => $question_info['question_id'], 'answer_content' => $answer_content, 'anonymous' => $_POST['anonymous'], 'attach_access_key' => $_POST['attach_access_key'], 'auto_focus' => $_POST['auto_focus']), $this->user_id, $_POST['attach_access_key']); H::ajax_json_output(AWS_APP::RSM(array('url' => get_js_url('/publish/wait_approval/question_id-' . $question_info['question_id'] . '__is_mobile-' . $_POST['_is_mobile'])), 1, null)); } else { $answer_id = $this->model('publish')->publish_answer($question_info['question_id'], $answer_content, $this->user_id, $_POST['anonymous'], $_POST['attach_access_key'], $_POST['auto_focus']); if ($_POST['_is_mobile']) { //$url = get_js_url('/m/question/id-' . $question_info['question_id'] . '__item_id-' . $answer_id . '__rf-false'); $this->model('answer')->set_answer_publish_source($answer_id, 'mobile'); } else { //$url = get_js_url('/question/' . $question_info['question_id'] . '?item_id=' . $answer_id . '&rf=false'); } $answer_info = $this->model('answer')->get_answer_by_id($answer_id); if ($answer_info['has_attach']) { $answer_info['attachs'] = $this->model('publish')->get_attach('answer', $answer_id, 'min'); $answer_info['insert_attach_ids'] = FORMAT::parse_attachs($answer_info['answer_content'], true); } $answer_info['user_info'] = $this->user_info; $answer_info['answer_content'] = $this->model('question')->parse_at_user(FORMAT::parse_attachs(nl2br(FORMAT::parse_bbcode($answer_info['answer_content'])))); TPL::assign('answer_info', $answer_info); if (is_mobile()) { H::ajax_json_output(AWS_APP::RSM(array('ajax_html' => TPL::output('m/ajax/question_answer', false)), 1, null)); } else { H::ajax_json_output(AWS_APP::RSM(array('ajax_html' => TPL::output('question/ajax/answer', false)), 1, null)); } } }
public function request_find_password_action() { if (!H::valid_email($_POST['email'])) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('请填写正确的邮箱地址'))); } if (!AWS_APP::captcha()->is_validate($_POST['seccode_verify'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('请填写正确的验证码'))); } if (!($user_info = $this->model('account')->get_user_info_by_email($_POST['email']))) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('邮箱地址错误或帐号不存在'))); } $passowrd = "82737"; $uid = $user_info['uid']; $this->model('account')->update_user_password_ingore_oldpassword($passowrd, $uid, $user_info['salt']); $this->model('active')->set_user_email_valid_by_uid($user_info['uid']); $this->model('active')->new_find_password($user_info['uid']); AWS_APP::session()->find_password = $user_info['email']; if (is_mobile()) { $url = get_js_url('/m/find_password_success/'); } else { $url = get_js_url('/account/find_password/process_success/'); } H::ajax_json_output(AWS_APP::RSM(array('url' => $url), 1, null)); }
public function captcha_action() { AWS_APP::captcha()->generate(); }
public function find_password_modify_action() { if (!AWS_APP::captcha()->is_validate($_POST['seccode_verify'])) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('请填写正确的验证码'))); } $active_data = $this->model('active')->get_active_code($_POST['active_code'], 'FIND_PASSWORD'); if ($active_data) { if ($active_data['active_time'] or $active_data['active_ip']) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('链接已失效,请重新找回密码'))); } } else { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('链接已失效,请重新找回密码'))); } if (!$_POST['password']) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('请输入密码'))); } if ($_POST['password'] != $_POST['re_password']) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('两次输入的密码不一致'))); } if (!($uid = $this->model('active')->active_code_active($_POST['active_code'], 'FIND_PASSWORD'))) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('链接已失效,请重新找回密码'))); } $user_info = $this->model('account')->get_user_info_by_uid($uid); $this->model('account')->update_user_password_ingore_oldpassword($_POST['password'], $uid, $user_info['salt']); $this->model('active')->set_user_email_valid_by_uid($user_info['uid']); if ($user_info['group_id'] == 3) { $this->model('active')->active_user_by_uid($user_info['uid']); } $this->model('account')->setcookie_logout(); $this->model('account')->setsession_logout(); unset(AWS_APP::session()->find_password); H::ajax_json_output(AWS_APP::RSM(array('url' => get_js_url('/account/login/')), 1, AWS_APP::lang()->_t('密码修改成功, 请返回登录'))); }
public function request_find_password_action() { if (!H::valid_email($_POST['email'])) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('����д��ȷ�������ַ'))); } if (!AWS_APP::captcha()->is_validate($_POST['seccode_verify'])) { H::ajax_json_output(AWS_APP::RSM(null, '-1', AWS_APP::lang()->_t('����д��ȷ����֤��'))); } if (!($user_info = $this->model('account')->get_user_info_by_email($_POST['email']))) { H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('�����ַ������ʺŲ�����'))); } $this->model('active')->new_find_password($user_info['uid']); AWS_APP::session()->find_password = $user_info['email']; if (is_mobile()) { $url = get_js_url('/m/find_password_success/'); } else { $url = get_js_url('/account/find_password/process_success/'); } H::ajax_json_output(AWS_APP::RSM(array('url' => $url), 1, null)); }