<?php
include __DIR__ . '/common.php';
require __DIR__ . '/language/' . ForumLanguage . '/new.php';
Auth(1, 0, true);
$Error = '';
$Title = '';
$Content = '';
$TagsArray = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
SetStyle('api', 'API');
if (!ReferCheck($_POST['FormHash'])) {
AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
}
if ($TimeStamp - $CurUserInfo['LastPostTime'] <= 5) {
//发帖至少要间隔5秒
AlertMsg($Lang['Posting_Too_Often'], $Lang['Posting_Too_Often']);
}
$Title = Request('Post', 'Title');
$Content = Request('Post', 'Content');
$TagsArray = $_POST['Tag'];
if ($Title) {
if (strlen($Title) <= $Config['MaxTitleChars'] || strlen($Content) <= $Config['MaxPostChars']) {
if (!empty($TagsArray) && !in_array('', $TagsArray) && count($TagsArray) <= $Config["MaxTagsNum"]) {
//获取已存在的标签
$TagsExistArray = $DB->query("SELECT ID,Name FROM `" . $Prefix . "tags` WHERE `Name` in (?)", $TagsArray);
$TagsExist = ArrayColumn($TagsExistArray, 'Name');
$TagsID = ArrayColumn($TagsExistArray, 'ID');
//var_dump($TagsExist);
$NewTags = TagsDiff($TagsArray, $TagsExist);
//新建不存在的标签
$Error = '';
$ErrorCode = 101000;
$UserName = '';
$ReturnUrl = isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER["HTTP_REFERER"]) : '';
if (isset($_GET['logout']) && $_GET['logout'] == $CurUserCode) {
LogOut();
if ($ReturnUrl) {
header('location: ' . $ReturnUrl);
exit('logout');
} else {
header('location: ' . $Config['WebsitePath'] . '/');
exit('logout');
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' || $IsApp) {
if (!ReferCheck(Request('Post', 'FormHash'))) {
AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
}
$ReturnUrl = htmlspecialchars(Request('Post', 'ReturnUrl'));
$UserName = strtolower(Request('Post', 'UserName'));
$Password = Request('Post', 'Password');
$Expires = min(intval(Request('Post', 'Expires', 30)), 30);
//最多保持登陆30天
$VerifyCode = intval(Request('Post', 'VerifyCode'));
do {
if (!$UserName || !$Password || !$VerifyCode) {
$Error = $Lang['Forms_Can_Not_Be_Empty'];
$ErrorCode = 101001;
break;
}
session_start();
if (!$OauthObject->GetAccessToken($CurProtocol . $_SERVER['HTTP_HOST'] . $Config['WebsitePath'], $AppID, $AppInfo['AppSecret'], $Code)) {
AlertMsg('400 Bad Request', '400 Bad Request', 400);
}
if (!$OauthObject->GetOpenID()) {
AlertMsg('400 Bad Request', '400 Bad Request', 400);
}
// 非Post页,储存AccessToken
$_SESSION[$Prefix . 'OauthAccessToken'] = $OauthObject->AccessToken;
// 释放session防止阻塞
session_write_close();
$OauthUserID = $DB->single("SELECT UserID FROM " . $Prefix . "app_users \n\t\tWHERE AppID=:AppID AND OpenID = :OpenID", array('AppID' => $AppID, 'OpenID' => $OauthObject->OpenID));
$OauthObject->GetUserInfo();
CheckOpenID();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!ReferCheck(Request('Post', 'FormHash')) || empty($_SESSION[$Prefix . 'OauthAccessToken']) || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) {
AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
}
// 读入Access Token
$OauthObject->AccessToken = $_SESSION[$Prefix . 'OauthAccessToken'];
// 释放session防止阻塞
session_write_close();
if (!$OauthObject->GetOpenID()) {
AlertMsg('400 Bad Request', '400 Bad Request', 400);
}
$OauthUserInfo = $OauthObject->GetUserInfo();
CheckOpenID();
$UserName = strtolower(Request('Post', 'UserName'));
if ($UserName && IsName($UserName)) {
$UserExist = $DB->single("SELECT ID FROM " . $Prefix . "users WHERE UserName = :UserName", array('UserName' => $UserName));
if (!$UserExist) {