public function result() { $show['type'] = $typeID = I('get.typeID'); $searchTxt = I('get.searchTxt'); fliter_script($searchTxt); $show['searchTxt'] = $searchTxt; $this->assign('show', $show); switch ($typeID) { case '分类信息': $this->searchClass($searchTxt); break; case '社区资讯': $this->searchSqData($searchTxt); break; } $model = M('sq_data'); //热评信息 $order = 'a.visits desc, a.editTime desc'; //热评的信息 $where['a.verify'] = 1; $where['a.editTime'] = ['gt', time() - 3 * 24 * 3600]; $where['a.gid'] = $_SESSION['gid']; $hotList = $model->alias('a')->field('a.comments,a.id,a.title,a.editTime as postTime,m.userName,m.avatar,m.uid')->join(['left join ybirds_member m on m.uid=a.userID'])->where($where)->order($order)->limit(20)->select(); $this->assign('hotList', $hotList); if (!empty($_SESSION)) { $replyCountInfo = M('member')->field('ctgs,sqs,follows,fans,comments,replys')->where("uid={$_SESSION['userID']}")->find(); $this->assign('replyCountInfo', $replyCountInfo); } $this->theme("bootstrap")->display(); }
/** * 智能匹配计算. * @access private * @param array * @return void * @author liuxiaolin <*****@*****.**> */ public function matchAction() { //传入数据 //contry,所在国家,1表示中国,2表示英国 //school,当前就读学校名 //esid 希望就读的学科ID //csid 自已所学专业的学科ID //score 自已的成绩 //lang 语言成绩 //year 希望入学年份:2016年 $data = I('post.data'); trim_all($data); fliter_script($data); $errormsg = ''; if (!preg_match('/^[0-9]{1,2}$/', $data['score'])) { $errormsg .= L('CONTROLLER_MSG1') . '<br/>'; } if (!empty($data['lscore']) && !preg_match('/^(?:(?:[1-8]\\.(?:0|5))|(?:9\\.0)|(?:[1-9]))$/', $data['lscore'])) { //if (!empty($data['lscore']) && !preg_match('/^[0-9]\.[05]|[1-9]$/', $data['lscore'])) { $errormsg .= L('CONTROLLER_MSG2') . '<br/>'; } if (!empty($errormsg)) { $this->error($errormsg); } $uid = session('uid'); //如果已登录 if (!empty($uid)) { $data['uid'] = $uid; $model = M('apply_info'); //查询以前是否已录入过 $info = $model->where(['uid' => $uid])->find(); if ($info) { $res = $model->where([['uid' => $uid]])->save($data); } else { $res = $model->add($data); } //未登录,存入到cookie中 } else { $applyInfo = authcode(serialize($data), 'ENCODE', C('AUTH_KEY')); cookie('applyInfo', $applyInfo); } $this->redirect('result'); }
/** * 订单确认处理 * * @author liuxiaolin <*****@*****.**> * @access protected * * @return array */ public function orderConfirm() { $carts = I('post.data'); $check = I('post.check'); trim_all($carts); trim_all($check); fliter_script($carts); foreach ($check as $key => $val) { $Arr['aid'][$key] = $val; $Arr['num'][$key] = $carts[$val]; if ($carts[$val] < 4) { $this->error('请至少购买4周'); } } $uid = session('userID'); $model = M('ad_all'); //先判断所选的广告位,有没有被购买或被锁定 $map['id'] = array('in', $Arr['aid']); $map['_string'] = 'isLock=1 OR isSall=1'; $res = $model->where($map)->select(); if ($res) { $this->error('你所选购的广告位已经被购买,请重新选择', U('Ucenter/Adv/listMyCarts')); } //把选购的广告位锁定, 以防止其它人再次购买 $saveDate = array('isLock' => 1, 'lockTime' => time(), 'uid' => $uid); $saveMap = array('id' => array('in', $Arr['aid'])); //开启事务 $model->startTrans(); $saveRes = $model->where($saveMap)->setField($saveDate); //成功后提交,失败后回滚 if ($saveRes !== false) { $model->commit(); $field = 'a.id, a.place, a.page, a.gid, a.price, b.type, b.title, c.name, b.width, b.height, b.srcUrl'; $join = array('LEFT JOIN __AD_POSITION__ AS b on a.pid = b.id', 'LEFT JOIN __AD_COUNTRY__ AS c ON a.gid = c.gid'); $where['a.id'] = array('in', $Arr['aid']); $data = $model->alias('a')->field($field)->where($where)->join($join)->select(); //处理数据 foreach ($data as $k => $v) { if ($Arr['num'][$v['id']] >= 52) { $discount = 0.7; } else { if ($Arr['num'][$v['id']] >= 26) { $discount = 0.8; } else { $discount = 1; } } //存在订单表中的数组 $saveData['data'][] = array('uid' => $uid, 'aid' => $v['id'], 'adType' => $v['type'], 'price' => $v['price'], 'num' => $Arr['num'][$v['id']], 'total' => $Arr['num'][$v['id']] * $v['price'] * $discount, 'discount' => $discount, 'payMoney' => $Arr['num'][$v['id']] * $v['price']); //用于用户确认的数据 $showData[] = array('aid' => $v['id'], 'page' => $v['page'], 'name' => $v['name'], 'type' => $v['type'], 'title' => $v['title'], 'width' => $v['width'], 'height' => $v['height'], 'srcUrl' => $v['srcUrl'], 'price' => $v['price'], 'num' => $Arr['num'][$v['id']], 'total' => $Arr['num'][$v['id']] * $v['price'] * $discount, 'discount' => $Arr['num'][$v['id']] . ' * ' . $v['price'] . ' * ' . $discount, 'payMoney' => $Arr['num'][$v['id']] * $v['price']); } //获得总价 $totalMoney = 0; foreach ($showData as $value) { $totalMoney += $value['total']; } //存入session,以被插入订单表中使用 $saveData['aid'] = $Arr['aid']; session('orderData', null); session('orderData', $saveData); session('totalMoney', $totalMoney); //生成令牌, 防止重复提交 $auth = array('name' => session('userName'), 'key' => md5(time() . 'confirmOrder')); $token = data_auth_sign($auth); session('token', null); session('token', $token); //p($totalMoney, false); //p($saveData, false); //p($showData); $this->assign('token', $token); $this->assign('totalNum', count($data)); $this->assign('totalMoney', $totalMoney); $this->assign('showData', $showData); $this->display(); } else { $model->rollback(); $this->error('结算失败,请重新选择', U('Ucenter/Adv/listMyCarts')); } }
/** * 处理搜索请求 * @author liuxiaolin <*****@*****.**> * @param maxied $userName 用户名 * @access protected * @return array */ public function search() { $userName = I('get.userName'); $uid = session('userID'); $info['msg'] = ''; if (empty($userName)) { $info['msg'] = '请输入查询的用户'; } if ($userName == session('userName')) { $info['msg'] = '你输入的是你自己的用户名'; } if (!empty($info['msg'])) { $info['status'] = FALSE; return $this->ajaxReturn($info, 'json'); } fliter_script($userName); $model = M('member'); $map['userName'] = $userName; //$join = array('LEFT JOIN __FRIEND__ AS b ON a.uid = b.uid'); $data = $model->field('uid, userName, avatar')->where($map)->select(); //$sql = $model->getLastSql(); //如果没有数据,则返回false if (!$data) { $info['status'] = FALSE; $info['msg'] = '查无此人……'; return $this->ajaxReturn($info, 'json'); } else { $info['status'] = TRUE; } //获取我的好友数据 $arr = $this->getFriend($uid, False); // 判断查询的人与自己是否有好友关系,type: 1表示已为好友,2表示自己处于申请加好友状态,3表示没有好友关系 $this->getFriendType($data, $arr); return $this->ajaxReturn($data, 'json'); }
/** * 增加社区信息 */ public function addSqInfo() { //判断用户是否需要检查 $uid = $_SESSION['userID']; //检测是否是黑名单用户 $groupID = M('user')->where(array('userID' => $uid))->getField('groupID'); if ($groupID == 4) { $result['status'] = FALSE; $result['massage'] = '你已被加入黑名单,不允许发布~'; $this->ajaxReturn($result, 'json'); } //新用户审核 if (!checkNewUserPost($uid, 1)) { $result['status'] = FALSE; $result['massage'] = '新注册用户请在注册' . C('NEW_USER_POST_TIME') . '分钟后发帖'; $this->ajaxReturn($result, 'json'); } $idList = array(9, 10, 11, 12); $userInfo = M('user')->field('groupID')->where("userID={$uid}")->find(); if (!in_array($userInfo['groupID'], $idList)) { //检测每天只能发送的数量 if (!checkTimes($uid, 1)) { $result['status'] = FALSE; $result['massage'] = '每个帐号每天只能发送' . C('POST_NUM') . '条社区资讯!'; $this->ajaxReturn($result, 'json'); } //检测发帖时间间隔 if (!checkTimesInterval($uid, 1)) { $result['status'] = FALSE; $result['massage'] = '每次发帖间隔时间为' . C('INTERVAL_TIME') . '分钟'; $this->ajaxReturn($result, 'json'); } } fliter_script($_POST); $dataModel = M('SqData'); $data['userID'] = $_SESSION['userID']; $data['userName'] = $_SESSION['userName']; $data['editor'] = $_SESSION['userName']; $data['editTime'] = time(); $data['postTime'] = time(); $data['gid'] = $_POST['gid']; $data['ip'] = $_SERVER['REMOTE_ADDR']; $data['cityID'] = $_POST['cityID']; $data['title'] = $_POST['title']; $data['sid'] = $_POST['classId']; $data['from_author'] = $_POST['from_author']; $data['from_url'] = $_POST['from_url']; $map['content'] = $_POST['content']; $thumb = array(); foreach ($_POST['picUrl'] as $v) { $thumbList = explode('.', $v); $thumbList['1'] = $thumbList['1'] . '_thumb'; $thumbList = implode('.', $thumbList); $thumb[] = $thumbList; } if ($_POST['picUrl']) { $data['thumb'] = implode('|', $thumb); $data['picUrl'] = implode('|', $_POST['picUrl']); } $dataModel->startTrans(); $res1 = $dataModel->data($data)->add(); $map['dataID'] = $res1; $res2 = M('SqFdata')->data($map)->add(); if ($res1 == true && $res2 == true) { M('member')->where("uid={$_SESSION['userID']}")->setInc('sqs'); M('postlog')->data(['days' => date('Ymd'), 'uid' => $data['userID'], 'type' => 1])->add(); $dataModel->commit(); $res['status'] = true; $res['massage'] = "发布成功"; } else { $dataModel->rollback(); $res['status'] = false; $res['massage'] = "发布失败"; } $this->ajaxReturn($res, 'json'); }
/** * 编辑全局分类处理 * * @author liuxiaolin <*****@*****.**> * @access public * @param $ejyClassID 分类栏目ID * * @return void */ public function editPosAction() { //存入ybirds_ad_position表的原始数据 $post = $_POST['post']; //传入进来的数据处理,安全过滤 trim_all($post); fliter_script($post); //错误提示信息 $errorMsg = ''; //传入的数据验证处理 if (empty($post['title'])) { $errorMsg .= '广告位的文字说明(如 首页侧面广告)必须填写<br/>'; } if (empty($post['width'])) { $errorMsg .= '广告位的宽度必须填写<br/>'; } if (empty($post['height'])) { $errorMsg .= '广告位的高度必须填写<br/>'; } if (!preg_match('/^\\d{1,4}$/', $post['width'])) { $errorMsg .= '广告位的宽度只能是数字</br>'; } if (!preg_match('/^\\d{1,4}$/', $post['height'])) { $errorMsg .= '广告位的高度只能是数字</br>'; } //有错误则显示消息 if (!empty($errorMsg)) { $this->error($errorMsg); } //处理广告位上传示意图 if ($_FILES['srcUrl']['name']) { $info1 = $this->upload($_FILES['srcUrl']); $post['srcUrl'] = C('PIC_UPLOAD.rootPath') . $info1['savepath'] . $info1['savename']; } //处理默认广告 if ($post['type'] == 2) { if ($_FILES['default']['name']) { $info2 = $this->upload($_FILES['default']); $post['default'] = C('PIC_UPLOAD.rootPath') . $info2['savepath'] . $info2['savename']; } } elseif ($post['type'] == 1) { if (!empty($_POST['default'])) { $post['default'] = $_POST['default']; } } $model = M('ad_position'); $allModel = M('ad_all'); //开户事务 $model->startTrans(); $adAll = $allModel->field('id')->where(array('pid' => $post['id']))->select(); $res[0] = $model->data($post)->save(); foreach ($adAll as $k => $v) { $res[] = $allModel->data(array('id' => $v['id'], 'page' => $post['page']))->save(); } $url = session('advPosUrl'); session('advPosUrl', null); //成功就提交,失败回滚 if (!in_array(false, $res, true)) { $model->commit(); operateLog('编辑广告位' . $post['id'], 4); $this->success('编辑广告位成功', $url); } else { $model->rollback(); $this->error('编辑广告位失败', $url); } }
public static function process() { theme_features::check_referer(); $type = isset($_REQUEST['type']) && is_string($_REQUEST['type']) ? $_REQUEST['type'] : false; $current_user_id = theme_cache::get_current_user_id(); switch ($type) { /** * backend create db table */ case 'create-db': if (!theme_cache::current_user_can('manage_options')) { die(___('Sorry, your permission is not enough to create database table.')); } //die(theme_features::json_format([ // 'status' => 'error', // 'code' => 'invaild_permission', // 'msg' => ___('Sorry, your permission is not enough to create database table.'), //])); if (self::has_table()) { die(___('Sorry, the database table already exists.')); } //die(theme_features::json_format([ // 'status' => 'error', // 'code' => 'exists_table', // 'msg' => ___('Sorry, the database table already exists.'), //])); self::create_db_table(); theme_options::set_options(__CLASS__, ['db-version' => self::$db_version]); header('location: ' . theme_options::get_url() . '&' . __CLASS__); die; //die(theme_features::json_format([ // 'status' => 'success', // 'msg' => ___('Database table has been created.'), //])); /** * get-userdata */ //die(theme_features::json_format([ // 'status' => 'success', // 'msg' => ___('Database table has been created.'), //])); /** * get-userdata */ case 'get-userdata': /** nonce */ theme_features::check_nonce(); /** * uid */ $uid = isset($_REQUEST['uid']) && is_numeric($_REQUEST['uid']) ? $_REQUEST['uid'] : false; /** * get userdata */ $user = self::check_uid($uid); /** add user to lists */ self::add_list($current_user_id, $user->ID); die(theme_features::json_format(['status' => 'success', 'name' => esc_html($user->display_name), 'avatar' => get_avatar_url($user->ID), 'msg' => ___('User data loaded, you can send P.M. now.'), 'url' => theme_cache::get_author_posts_url($user->ID)])); /** * remove user lists */ /** * remove user lists */ case 'remove-dialog': $receiver_uid = isset($_REQUEST['uid']) && is_numeric($_REQUEST['uid']) ? (int) $_REQUEST['uid'] : false; $receiver = self::check_uid($receiver_uid); $status = self::remove_list($current_user_id, $receiver->ID); if ($status) { die(theme_features::json_format(['status' => 'success', 'code' => 'removed'])); } die(theme_features::json_format(['status' => 'error', 'code' => 'remove_fail'])); /** * send */ /** * send */ case 'send': /** nonce */ theme_features::check_nonce(); $receiver_uid = isset($_REQUEST['uid']) && is_numeric($_REQUEST['uid']) ? $_REQUEST['uid'] : false; $receiver = self::check_uid($receiver_uid); /** check content */ $content = isset($_REQUEST['content']) && is_string($_REQUEST['content']) ? trim($_REQUEST['content']) : false; if ($content != '') { $content = fliter_script(strip_tags($content, '<a><b><strong><em><i><del>')); } if (trim($content) == '') { die(theme_features::json_format(['status' => 'error', 'code' => 'empty_content', 'msg' => ___('Sorry, message content is null, please try again.')])); } /** pass */ $pm_id = self::insert_pm(['pm_author' => $current_user_id, 'pm_receiver' => $receiver->ID, 'pm_content' => $content]); if (!$pm_id) { die(theme_features::json_format(['status' => 'error', 'code' => 'can_not_create_pm', 'msg' => ___('Sorry, system can not create the private message, please try again later.')])); } /** get pm */ $pm = self::get_pm($pm_id); /** add list for author */ self::add_list($current_user_id, $pm->pm_receiver); /** add list for receiver */ self::add_list($pm->pm_receiver, $current_user_id); die(theme_features::json_format(['status' => 'success', 'pm' => ['pm_receiver' => self::get_niceid($pm->pm_receiver), 'pm_author' => self::get_niceid($pm->pm_author), 'pm_date' => current_time('Y/m/d H:i:s'), 'pm_content' => $pm->pm_content, 'url' => theme_cache::get_author_posts_url($pm->pm_receiver)], 'msg' => ___('Message sent.')])); /** * latest pm id */ /** * latest pm id */ case 'comet': /** nonce */ theme_features::check_nonce(); $receiver_id = $current_user_id; $client_timestamp = isset($_REQUEST['timestamp']) && is_numeric($_REQUEST['timestamp']) ? $_REQUEST['timestamp'] : false; /** if not client timestamp, return error */ if (!$client_timestamp) { die(theme_features::json_format(['status' => 'error', 'code' => 'invaild_timestamp', 'msg' => ___('Sorry, your session is timeout, please refresh page.')])); } /** set timeout */ set_time_limit(60); /** check new pm for receiver */ for ($i = 0; $i < self::$comet_timeout; ++$i) { /** have new pm */ $timestamp = self::get_timestamp($receiver_id); if ($timestamp <= $client_timestamp) { sleep(1); continue; } /** have new pm, output latest pm */ $latest_pm = self::get_pm(self::get_latest_pm_id($receiver_id)); /** clear unreads for me */ self::clear_unreads($current_user_id); die(theme_features::json_format(['status' => 'success', 'pm' => ['pm_receiver' => self::get_niceid($latest_pm->pm_receiver), 'pm_author' => self::get_niceid($latest_pm->pm_author), 'pm_author_name' => theme_cache::get_the_author_meta('display_name', $latest_pm->pm_author), 'pm_author_avatar' => get_avatar_url($latest_pm->pm_author), 'pm_date' => current_time('Y/m/d H:i:s'), 'pm_content' => $latest_pm->pm_content, 'url' => theme_cache::get_author_posts_url($pm->pm_author)], 'timestamp' => $timestamp])); } /** timeout msg */ die(theme_features::json_format(['status' => 'error', 'code' => 'timeout', 'msg' => ___('Timeout')])); default: die(theme_features::json_format(['status' => 'error', 'code' => 'invaild_type', 'msg' => ___('Sorry, type param is invaild.')])); } }
private static function process_post() { $output = []; $ctb = isset($_POST['ctb']) && is_array($_POST['ctb']) ? array_filter($_POST['ctb']) : null; /** check ctb object */ if (empty($ctb)) { $output['status'] = 'error'; $output['code'] = 'invaild_ctb_param'; $output['msg'] = ___('Invaild contribution param.'); die(theme_features::json_format($output)); } $edit_post_id = isset($_POST['post-id']) && is_numeric($_POST['post-id']) ? (int) $_POST['post-id'] : 0; $edit_again = false; /** * check edit */ if ($edit_post_id != 0) { /** set edit again */ $edit_again = true; //self::set_once_published($edit_post_id); /** * check post exists */ $old_post = theme_cache::get_post($edit_post_id); if (!$old_post || $old_post->post_type !== 'post' || !self::in_edit_post_status($old_post->post_status)) { die(theme_features::json_format(['status' => 'error', 'code' => 'post_not_exist', 'msg' => ___('Sorry, the post does not exist.')])); } /** * check post author is myself */ if ($old_post->post_author != theme_cache::get_current_user_id()) { die(theme_features::json_format(['status' => 'error', 'code' => 'post_not_exist', 'msg' => ___('Sorry, you are not the post author, can not edit it.')])); } /** * check post edit lock status */ $lock_user_id = self::wp_check_post_lock($edit_post_id); if ($lock_user_id) { die(theme_features::json_format(['status' => 'error', 'code' => 'post_not_exist', 'msg' => ___('Sorry, the post does not exist.')])); } } /** * post title */ $post_title = isset($ctb['post-title']) && is_string($ctb['post-title']) ? trim($ctb['post-title']) : null; if (!$post_title) { $output['status'] = 'error'; $output['code'] = 'invaild_post_title'; $output['msg'] = ___('Please write the post title.'); die(theme_features::json_format($output)); } /** * post excerpt */ $post_excerpt = isset($ctb['post-excerpt']) && is_string($ctb['post-excerpt']) ? trim($ctb['post-excerpt']) : null; /** * post content */ $post_content = isset($ctb['post-content']) && is_string($ctb['post-content']) ? trim($ctb['post-content']) : null; if (!$post_content) { $output['status'] = 'error'; $output['code'] = 'invaild_post_content'; $output['msg'] = ___('Please write the post content.'); die(theme_features::json_format($output)); } /** * check thumbnail cover */ $thumbnail_id = isset($ctb['thumbnail-id']) && is_numeric($ctb['thumbnail-id']) ? (int) $ctb['thumbnail-id'] : null; if (!$thumbnail_id) { $output['status'] = 'error'; $output['code'] = 'invaild_thumbnail_id'; $output['msg'] = ___('Please set an image as post thumbnail'); die(theme_features::json_format($output)); } /** * cats */ if ($edit_post_id == 0) { /** new post */ $cat_ids = isset($ctb['cats']) && is_array($ctb['cats']) ? $ctb['cats'] : null; if (is_null_array($cat_ids)) { $output['status'] = 'error'; $output['code'] = 'invaild_cat_id'; $output['msg'] = ___('Please select a category.'); die(theme_features::json_format($output)); } /** edit post */ } else { /** * get all cats */ $cat_id = isset($ctb['cat']) && is_numeric($ctb['cat']) ? (int) $ctb['cat'] : null; if (empty($cat_id)) { $output['status'] = 'error'; $output['code'] = 'invaild_cat_id'; $output['msg'] = ___('Please select a category.'); die(theme_features::json_format($output)); } $cat_ids = []; theme_features::get_all_cats_by_child($cat_id, $cat_ids); } /** * tags */ $tags = isset($ctb['tags']) && is_array($ctb['tags']) ? array_filter($ctb['tags']) : []; if (!empty($tags)) { $tags = array_map(function ($tag) { if (!is_string($tag)) { return null; } return $tag; }, $tags); } /** * post status */ if (theme_cache::current_user_can('publish_posts')) { $post_status = 'publish'; } else { $post_status = 'pending'; } /***************************** * PASS ALL, WRITE TO DB *****************************/ /** edit post */ if ($edit_post_id != 0) { $post_status = self::get_update_post_status($old_post->post_status); $post_id = wp_update_post(['ID' => $edit_post_id, 'post_title' => $post_title, 'post_status' => $post_status, 'post_type' => $old_post->post_type, 'post_excerpt' => fliter_script($post_excerpt), 'post_content' => fliter_script($post_content), 'post_category' => $cat_ids, 'tags_input' => $tags], true); /** * insert post */ } else { $post_id = wp_insert_post(['post_title' => $post_title, 'post_excerpt' => fliter_script($post_excerpt), 'post_content' => fliter_script($post_content), 'post_status' => $post_status, 'post_author' => theme_cache::get_current_user_id(), 'post_category' => $cat_ids, 'tags_input' => $tags], true); } /** * check error */ if (is_wp_error($post_id)) { $output['status'] = 'error'; $output['code'] = $post_id->get_error_code(); $output['msg'] = $post_id->get_error_message(); die(theme_features::json_format($output)); } /** end post error */ /** set post thumbnail */ set_post_thumbnail($post_id, $thumbnail_id); /** * set attachment parent */ $attach_ids = isset($ctb['attach-ids']) && is_array($ctb['attach-ids']) ? array_map('intval', array_filter($ctb['attach-ids'])) : null; if ($attach_ids) { /** set attachment post parent */ foreach ($attach_ids as $attach_id) { $post = theme_cache::get_post($attach_id); if (!$post || $post->post_type !== 'attachment') { continue; } wp_update_post(['ID' => $attach_id, 'post_parent' => $post_id]); } } /** end set post thumbnail */ /** * if new post */ if ($edit_post_id == 0) { /** * pending status */ if ($post_status === 'pending') { $output['status'] = 'success'; $output['msg'] = ___('Your post submitted successful, it will be published after approve in a while.'); die(theme_features::json_format($output)); } else { $output['status'] = 'success'; $output['msg'] = sprintf(___('Congratulation! Your post has been published. You can %s or %s.'), '<a href="' . theme_cache::get_permalink($post_id) . '" title="' . theme_cache::get_the_title($post_id) . '">' . ___('View it now') . '</a>', '<a href="javascript:location.href=location.href;">' . ___('countinue to write a new post') . '</a>'); /** * add point */ if ($edit_again && class_exists('theme_custom_point')) { $post_publish_point = theme_custom_point::get_point_value('post-publish'); $output['point'] = array('value' => $post_publish_point, 'detail' => ___('Post published')); } /** end point */ } /** end post status */ } else { $output['status'] = 'success'; if ($old_post->post_status == 'publish') { $output['msg'] = ___('Your post has updated successful.') . ' <a href="' . theme_cache::get_permalink($post_id) . '" target="_blank">' . ___('Views it now') . '</a>'; } else { $output['msg'] = ___('Your post has updated successful.'); } die(theme_features::json_format($output)); } /** end post edit */ die(theme_features::json_format($output)); }
public static function process() { $output = []; theme_features::check_referer(); theme_features::check_nonce(); $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null; switch ($type) { /** * case upload */ case 'add-cover': /** * if not image */ $filename = isset($_FILES['img']['name']) ? $_FILES['img']['name'] : null; $file_ext = $filename ? array_slice(explode('.', $filename), -1, 1)[0] : null; $file_ext = strtolower($file_ext); if (!in_array($file_ext, self::$file_exts)) { $output['status'] = 'error'; $output['code'] = 'invaild_file_type'; $output['msg'] = ___('Invaild file type.'); die(theme_features::json_format($output)); } /** rename file name */ $_FILES['img']['name'] = theme_cache::get_current_user_id() . '-' . current_time('YmdHis') . '-' . rand(100, 999) . '.' . $file_ext; /** * pass */ require_once ABSPATH . 'wp-admin/includes/image.php'; require_once ABSPATH . 'wp-admin/includes/file.php'; require_once ABSPATH . 'wp-admin/includes/media.php'; $attach_id = media_handle_upload('img', 0); if (is_wp_error($attach_id)) { $output['status'] = 'error'; $output['code'] = $attach_id->get_error_code(); $output['msg'] = $attach_id->get_error_message(); die(theme_features::json_format($output)); } else { $output['status'] = 'success'; $output['thumbnail'] = ['url' => esc_url(self::wp_get_attachment_image_src($attach_id, 'thumbnail')[0])]; $output['attach-id'] = $attach_id; $output['msg'] = ___('Upload success.'); die(theme_features::json_format($output)); } break; /** * post */ /** * post */ case 'post': $clt = isset($_POST['clt']) && is_array($_POST['clt']) ? $_POST['clt'] : null; if (is_null_array($clt)) { $output['status'] = 'error'; $output['code'] = 'invaild_ctb_param'; $output['msg'] = ___('Invaild collection param.'); die(theme_features::json_format($output)); } /** * get posts */ $posts = isset($clt['posts']) && is_array($clt['posts']) ? $clt['posts'] : null; if (empty($posts)) { $output['status'] = 'error'; $output['code'] = 'invaild_posts'; $output['msg'] = ___('Sorry, posts can not be empty.'); die(theme_features::json_format($output)); } /** * post title */ $post_title = isset($clt['post-title']) && is_string($clt['post-title']) ? esc_html(trim($clt['post-title'])) : null; if (empty($post_title)) { $output['status'] = 'error'; $output['code'] = 'invaild_post_title'; $output['msg'] = ___('Please write the post title.'); die(theme_features::json_format($output)); } /** * check thumbnail cover */ $thumbnail_id = isset($clt['thumbnail-id']) && is_numeric($clt['thumbnail-id']) ? (int) $clt['thumbnail-id'] : null; if (empty($thumbnail_id)) { $output['status'] = 'error'; $output['code'] = 'invaild_thumbnail_id'; $output['msg'] = ___('Please set an image as post thumbnail'); die(theme_features::json_format($output)); } /** * post content */ $post_content = isset($clt['post-content']) && is_string($clt['post-content']) ? strip_tags(trim($clt['post-content']), '<del><a><b><strong><em><i>') : null; if (empty($post_content)) { $output['status'] = 'error'; $output['code'] = 'invaild_post_content'; $output['msg'] = ___('Please explain why you recommend this collection.'); die(theme_features::json_format($output)); } /** * get posts template */ $post_content = '<p>' . $post_content . '</p>' . self::get_preview($posts); /** * tags */ $tags = isset($clt['tags']) && is_array($clt['tags']) ? $clt['tags'] : []; if (!empty($tags)) { $tags = array_map(function ($tag) { if (!is_string($tag)) { return null; } return $tag; }, $tags); } /** * post status */ if (theme_cache::current_user_can('moderate_comments')) { $post_status = 'publish'; } else { $post_status = 'pending'; } /** * insert */ $post_id = wp_insert_post(array('post_title' => $post_title, 'post_content' => fliter_script($post_content), 'post_status' => $post_status, 'post_author' => theme_cache::get_current_user_id(), 'post_category' => (array) self::get_options('cats'), 'tags_input' => $tags), true); if (is_wp_error($post_id)) { $output['status'] = 'error'; $output['code'] = $post_id->get_error_code(); $output['msg'] = $post_id->get_error_message(); } else { /** set post thumbnail */ set_post_thumbnail($post_id, $thumbnail_id); /** * pending status */ if ($post_status === 'pending') { $output['status'] = 'success'; $output['msg'] = sprintf(___('Your collection submitted successful, it will be published after approve in a while. Thank you very much! How about %s again?'), '<a href="' . self::get_tabs('collection')['url'] . '">' . ___('write a new collection') . '</a>'); die(theme_features::json_format($output)); } else { $output['status'] = 'success'; $output['msg'] = sprintf(___('Congratulation! Your post has been published. You can %s or %s.'), '<a href="' . theme_cache::get_permalink($post_id) . '" title="' . theme_cache::get_the_title($post_id) . '">' . ___('View it now') . '</a>', '<a href="' . self::get_tabs('collection')['url'] . '">' . ___('countinue to write a new collection') . '</a>'); /** * add point */ if (class_exists('theme_custom_point')) { $post_publish_point = theme_custom_point::get_point_value('post-publish'); $output['point'] = array('value' => $post_publish_point, 'detail' => ___('Post published')); } die(theme_features::json_format($output)); } } break; /** * get post */ /** * get post */ case 'get-post': $post_id = isset($_REQUEST['post-id']) && is_numeric($_REQUEST['post-id']) ? $_REQUEST['post-id'] : null; if (!$post_id) { $output['status'] = 'error'; $output['code'] = 'invaild_post_id'; $output['msg'] = ___('Sorry, the post id is invaild.'); die(theme_features::json_format($output)); } global $post; $post = theme_cache::get_post($post_id); if (!$post || $post->post_type !== 'post') { $output['status'] = 'error'; $output['code'] = 'post_not_exist'; $output['msg'] = ___('Sorry, the post do not exist, please type another post ID.'); //echo(json_encode($output)); die(theme_features::json_format($output)); } setup_postdata($post); $output = ['status' => 'success', 'msg' => ___('Finished get the post data.'), 'thumbnail' => ['url' => theme_functions::get_thumbnail_src($post_id), 'size' => [theme_functions::$thumbnail_size[1], theme_functions::$thumbnail_size[2]]], 'title' => theme_cache::get_the_title($post_id), 'excerpt' => html_minify(str_sub(strip_tags(trim($post->post_content)), 120, '...'))]; wp_reset_postdata(); die(theme_features::json_format($output)); } die(theme_features::json_format($output)); }
/** * 安全过滤函数-过滤javascript,iframes等不安全参数 * @author liuxiaolinl <*****@*****.**> * @param maxied $input 需要过滤的值,可是是数组,字符 * @return string */ function fliter_script(&$input) { if (is_array($input)) { foreach ($input as &$v) { if (is_array($v)) { fliter_script($v); } else { $v = preg_replace("/(javascript:)?on(click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/i", "&111n\\2", $v); $v = preg_replace("/<script(.*?)<\\/script>/si", "", $v); $v = preg_replace("/<iframe(.*?)<\\/iframe>/si", "", $v); } } } else { $input = preg_replace("/(javascript:)?on(click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/i", "&111n\\2", $input); $input = preg_replace("/<script(.*?)<\\/script>/si", "", $input); $input = preg_replace("/<iframe(.*?)<\\/iframe>/si", "", $input); } }