private function _userReportType($res, $rtype, $rid, $message)
{
global $_G;
if ($rtype == 'post') {
$tid = UserReport::getTidByPid($rid);
}
$fid = intval($_GET['fid']);
$uid = intval($_GET['uid']);
$message = WebUtils::t(rawurldecode($message));
$default_url = array('user' => 'home.php?mod=space&uid=', 'post' => 'forum.php?mod=redirect&goto=findpost&ptid=' . $tid . '&pid=', 'thread' => 'forum.php?mod=viewthread&tid=', 'group' => 'forum.php?mod=group&fid=', 'album' => 'home.php?mod=space&do=album&uid=' . $uid . '&id=', 'blog' => 'home.php?mod=space&do=blog&uid=' . $uid . '&id=', 'pic' => 'home.php?mod=space&do=album&uid=' . $uid . '&picid=');
$url = '';
if ($rid && !empty($default_url[$rtype])) {
$url = $default_url[$rtype] . intval($rid);
} else {
$url = addslashes(dhtmlspecialchars(base64_decode($_GET['url'])));
$url = preg_match("/^http[s]?:\\/\\/[^\\[\"']+\$/i", trim($url)) ? trim($url) : '';
}
if (empty($url)) {
$res = $this->makeErrorInfo($res, 'report_parameters_invalid');
} else {
$urlkey = md5($url);
$message = censor(cutstr(dhtmlspecialchars(trim($message)), 200, ''));
$message = $_G['username'] . ' : ' . rtrim($message, "\\");
if ($reportid = C::t('common_report')->fetch_by_urlkey($urlkey)) {
C::t('common_report')->update_num($reportid, $message);
} else {
$data = array('url' => $url, 'urlkey' => $urlkey, 'uid' => $_G['uid'], 'username' => $_G['username'], 'message' => $message, 'dateline' => TIMESTAMP);
if ($fid) {
$data['fid'] = $fid;
}
C::t('common_report')->insert($data);
$report_receive = unserialize($_G['setting']['report_receive']);
$moderators = array();
if ($report_receive['adminuser']) {
foreach ($report_receive['adminuser'] as $touid) {
notification_add($touid, 'report', 'new_report', array('from_id' => 1, 'from_idtype' => 'newreport'), 1);
}
}
if ($fid && $rtype == 'post') {
foreach (C::t('forum_moderator')->fetch_all_by_fid($fid, false) as $row) {
$moderators[] = $row['uid'];
}
if ($report_receive['supmoderator']) {
$moderators = array_unique(array_merge($moderators, $report_receive['supmoderator']));
}
foreach ($moderators as $touid) {
$touid != $_G['uid'] && !in_array($touid, $report_receive) && notification_add($touid, 'report', 'new_post_report', array('fid' => $fid, 'from_id' => 1, 'from_idtype' => 'newreport'), 1);
}
}
}
$params['noError'] = 1;
$res = $this->makeErrorInfo($res, 'report_succeed', $params);
}
return $res;
}
function music_upload($file_name, &$space_left)
{
global $database, $url, $user;
// SET KEY VARIABLES
$file_maxsize = $user->level_info['level_music_maxsize'];
$file_exts = explode(",", str_replace(" ", "", strtolower($user->level_info['level_music_exts'])));
$file_types = explode(",", str_replace(" ", "", strtolower($user->level_info['level_music_mimes'])));
$new_music = new se_upload();
$new_music->new_upload($file_name, $file_maxsize, $file_exts, $file_types);
// CHECK SPACE LEFT
if ($new_music->file_size > $space_left) {
$new_music->is_error = 4000087;
} else {
$space_left = $space_left - $file_filesize;
}
if (!$new_music->is_error) {
// GENERATE TITLE
$myId3 = new ID3($file_dest);
if ($myId3->getInfo()) {
$id3_artist = trim($myId3->getArtist());
$id3_title = trim($myId3->getTitle());
if ($id3_artist && $id3_title) {
$music_title = $id3_artist . ' - ' . $id3_title;
}
}
if (!trim($music_title)) {
$music_title = $new_music->file_name;
}
$music_title = security(censor($music_title));
// INSERT ROW INTO MUSIC TABLE
$time = time();
$track_num = $database->database_fetch_array($database->database_query("SELECT music_track_num as track FROM se_music WHERE music_user_id = '{$this->user_id}' ORDER BY music_track_num DESC LIMIT 1"));
$track_num = $track_num['track'] + 1;
$database->database_query("\r\n INSERT INTO se_music\r\n (\r\n music_user_id,\r\n music_track_num,\r\n music_date,\r\n music_title,\r\n music_ext,\r\n music_filesize\r\n )\r\n VALUES\r\n (\r\n '{$this->user_id}',\r\n '{$track_num}',\r\n '{$time}',\r\n '{$music_title}',\r\n '{$new_music->file_ext}',\r\n '{$new_music->file_size}'\r\n )\r\n ");
$music_id = $database->database_insert_id();
// MOVE UPLOADED FILE
$file_dest = $url->url_userdir($user->user_info[user_id]) . $music_id . "." . $new_music->file_ext;
$new_music->upload_file($file_dest);
}
// RETURN AND DELETE FROM DATABASE IF ERROR
if ($new_music->is_error) {
if ($music_id) {
$database->database_query("DELETE FROM se_music WHERE music_id='{$music_id}' && music_user_id='{$this->user_id}'");
}
if ($file_dest) {
@unlink($file_dest);
}
return array('is_error' => $new_music->is_error);
}
// RETURN FILE STATS
return array('music_id' => $music_id, 'music_ext' => $new_music->file_ext, 'music_filesize' => $new_music->file_size, 'music_title' => $music_title);
}
function mobcent_threadsort_validator($sortoption, $pid)
{
global $_G, $var;
$postaction = $_G['tid'] && $pid ? "edit&tid={$_G['tid']}&pid={$pid}" : 'newthread';
$_G['forum_optiondata'] = array();
foreach ($_G['forum_checkoption'] as $var => $option) {
if ($_G['forum_checkoption'][$var]['required'] && ($sortoption[$var] === '' && $_G['forum_checkoption'][$var]['type'] != 'number')) {
return array('message' => 'threadtype_required_invalid', 'params' => array('{typetitle}' => $_G['forum_checkoption'][$var]['title']));
//showmessage('threadtype_required_invalid', "forum.php?mod=post&action=$postaction&fid=$_G[fid]&sortid=".$_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
} elseif ($sortoption[$var] && ($_G['forum_checkoption'][$var]['type'] == 'number' && !is_numeric($sortoption[$var]) || $_G['forum_checkoption'][$var]['type'] == 'email' && !isemail($sortoption[$var]))) {
return array('message' => 'threadtype_required_invalid', 'params' => array('{typetitle}' => $_G['forum_checkoption'][$var]['title']));
//showmessage('threadtype_format_invalid', "forum.php?mod=post&action=$postaction&fid=$_G[fid]&sortid=".$_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
} elseif ($sortoption[$var] && $_G['forum_checkoption'][$var]['maxlength'] && strlen($sortoption[$var]) > $_G['forum_checkoption'][$var]['maxlength']) {
return array('message' => 'threadtype_toolong_invalid', 'params' => array('{typetitle}' => $_G['forum_checkoption'][$var]['title']));
// showmessage('threadtype_toolong_invalid', "forum.php?mod=post&action=$postaction&fid=$_G[fid]&sortid=".$_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
} elseif ($sortoption[$var] && ($_G['forum_checkoption'][$var]['maxnum'] && $sortoption[$var] > $_G['forum_checkoption'][$var]['maxnum'] || $_G['forum_checkoption'][$var]['minnum'] && $sortoption[$var] < $_G['forum_checkoption'][$var]['minnum'])) {
return array('message' => 'threadtype_num_invalid', 'params' => array('{typetitle}' => $_G['forum_checkoption'][$var]['title']));
// showmessage('threadtype_num_invalid', "forum.php?mod=post&action=$postaction&fid=$_G[fid]&sortid=".$_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
} elseif ($sortoption[$var] && $_G['forum_checkoption'][$var]['unchangeable'] && !($_G['tid'] && $pid)) {
return array('message' => 'threadtype_unchangeable_invalid', 'params' => array('{typetitle}' => $_G['forum_checkoption'][$var]['title']));
//showmessage('threadtype_unchangeable_invalid', "forum.php?mod=post&action=$postaction&fid=$_G[fid]&sortid=".$_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
} elseif ($sortoption[$var] && $_G['forum_checkoption'][$var]['type'] == 'select') {
if ($_G['forum_optionlist'][$_G['forum_checkoption'][$var]['optionid']]['choices'][$sortoption[$var]]['level'] != 1) {
//判断下拉选择项的必填项是否填写,如果为多级连动选择客户端会发不出去帖子,注释此行
//return array('message'=>'threadtype_select_invalid','params'=>array('{typetitle}' => $_G['forum_checkoption'][$var]['title']));
// showmessage('threadtype_select_invalid', "forum.php?mod=post&action=$postaction&fid=$_G[fid]&sortid=".$_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
}
}
if ($_G['forum_checkoption'][$var]['type'] == 'checkbox') {
$sortoption[$var] = $sortoption[$var] ? implode("\t", $sortoption[$var]) : '';
} elseif ($_G['forum_checkoption'][$var]['type'] == 'url') {
$sortoption[$var] = $sortoption[$var] ? substr(strtolower($sortoption[$var]), 0, 4) == 'www.' ? 'http://' . $sortoption[$var] : $sortoption[$var] : '';
}
if ($_G['forum_checkoption'][$var]['type'] == 'image') {
if ($sortoption[$var]['aid']) {
$_GET['attachnew'][$sortoption[$var]['aid']] = $sortoption[$var];
}
$sortoption[$var] = serialize($sortoption[$var]);
} elseif ($_G['forum_checkoption'][$var]['type'] == 'select') {
$sortoption[$var] = censor(trim($sortoption[$var]));
} else {
$sortoption[$var] = dhtmlspecialchars(censor(trim($sortoption[$var])));
}
$_G['forum_optiondata'][$_G['forum_checkoption'][$var]['optionid']] = $sortoption[$var];
}
return $_G['forum_optiondata'];
}
public function add_tag($tags, $itemid, $idtype = 'tid', $returnarray = 0)
{
if ($tags == '' || !in_array($idtype, array('', 'tid', 'blogid', 'uid'))) {
return;
}
$tags = str_replace(array(chr(0xa3) . chr(0xac), chr(0xa1) . chr(0x41), chr(0xef) . chr(0xbc) . chr(0x8c)), ',', censor($tags));
if (strexists($tags, ',')) {
$tagarray = array_unique(explode(',', $tags));
} else {
$langcore = lang('core');
$tags = str_replace($langcore['fullblankspace'], ' ', $tags);
$tagarray = array_unique(explode(' ', $tags));
}
$tagcount = 0;
foreach ($tagarray as $tagname) {
$tagname = trim($tagname);
if (preg_match('/^([\\x7f-\\xff_-]|\\w|\\s){3,20}$/', $tagname)) {
$status = $idtype != 'uid' ? 0 : 3;
$result = C::t('common_tag')->get_bytagname($tagname, $idtype);
if ($result['tagid']) {
if ($result['status'] == $status) {
$tagid = $result['tagid'];
}
} else {
$tagid = C::t('common_tag')->insert($tagname, $status);
}
if ($tagid) {
if ($itemid) {
C::t('common_tagitem')->replace($tagid, $itemid, $idtype);
}
$tagcount++;
if (!$returnarray) {
$return .= $tagid . ',' . $tagname . "\t";
} else {
$return[$tagid] = $tagname;
}
}
if ($tagcount > 4) {
unset($tagarray);
break;
}
}
}
return $return;
}
$database->database_query("DELETE FROM se_notifys WHERE notify_user_id='{$user->user_info['user_id']}' AND notify_notifytype_id='1' AND notify_object_id='{$owner->user_info['user_id']}'");
$status = "remove";
$result = 914;
} elseif ($task == "cancel_do") {
$user->user_friend_remove($owner->user_info['user_id']);
$database->database_query("DELETE FROM se_notifys WHERE notify_user_id='{$owner->user_info['user_id']}' AND notify_notifytype_id='1' AND notify_object_id='{$user->user_info['user_id']}'");
$status = "remove";
$result = 920;
} elseif ($task == "remove_do") {
$user->user_friend_remove($owner->user_info['user_id']);
$status = "add";
$result = 890;
} elseif ($task == "add_do") {
$friend_type = $_POST['friend_type'];
$friend_type_other = censor($_POST['friend_type_other']);
$friend_explain = censor($_POST['friend_explain']);
if (count($connection_types) == 0) {
$friend_type = "";
}
if ($setting['setting_connection_other'] == 0) {
$friend_type_other = "";
}
if ($setting['setting_connection_explain'] == 0) {
$friend_explain = "";
}
if ($friend_type == "other_friendtype") {
$friend_type = "";
}
if (trim($friend_type_other) != "") {
$friend_type = $friend_type_other;
}
require_once libfile('function/spacecp');
if (!$_G['collection']['ctid']) {
showmessage('collection_permission_deny');
}
$waittime = interval_check('post');
if ($waittime > 0) {
showmessage('operating_too_fast', '', array('waittime' => $waittime), array('return' => true));
}
$memberrate = C::t('forum_collectioncomment')->fetch_rate_by_ctid_uid($_G['collection']['ctid'], $_G['uid']);
if (!trim($_GET['message']) && (!$memberrate && !$_GET['ratescore'] || $memberrate)) {
showmessage('collection_edit_checkentire');
}
if ($_G['setting']['maxpostsize'] && strlen($_GET['message']) > $_G['setting']['maxpostsize']) {
showmessage('post_message_toolong', '', array('maxpostsize' => $_G['setting']['maxpostsize']));
}
$newcomment = array('ctid' => $_G['collection']['ctid'], 'uid' => $_G['uid'], 'username' => $_G['username'], 'message' => censor($_GET['message']), 'dateline' => $_G['timestamp'], 'useip' => $_G['clientip']);
if (!$memberrate) {
$newcomment['rate'] = $_GET['ratescore'];
} else {
$_GET['ratescore'] = 0;
}
C::t('forum_collectioncomment')->insert($newcomment);
C::t('forum_collection')->update_by_ctid($_G['collection']['ctid'], 0, 0, 1, 0, $_GET['ratescore'], $_G['collection']['ratenum']);
if ($_G['collection']['uid'] != $_G['uid']) {
notification_add($_G['collection']['uid'], "system", 'collection_becommented', array('from_id' => $_G['collection']['ctid'], 'from_idtype' => 'collectioncomment', 'ctid' => $_G['collection']['ctid'], 'collectionname' => $_G['collection']['name']), 1);
}
C::t('common_member_status')->update($_G['uid'], array('lastpost' => TIMESTAMP), 'UNBUFFERED');
showmessage('collection_comment_succ', $tid ? 'forum.php?mod=viewthread&tid=' . $tid : dreferer());
} elseif ($op == 'del') {
if (!submitcheck('formhash')) {
showmessage('undefined_action', NULL);
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
**************************************************************************/
if (!defined('SCOUT_NUKE')) {
die("You have accessed this page illegally, please go use the main menu");
}
$level = $check['level'];
$frontsql = $data->select_query("frontpage", "ORDER BY pos ASC");
$content = "";
while ($item = $data->fetch_array($frontsql)) {
if ($item['type'] == 0) {
if (get_auth($item['item'], 1) == 1) {
$pagesql = $data->select_query("static_content", "WHERE id = '{$item['item']}' AND trash=0");
$stuff = $data->fetch_array($pagesql);
$content .= "<div class=\"frontpage\">" . censor($stuff['content']) . "</div>";
}
} elseif ($item['type'] == 1) {
$funsql = $data->select_query("functions", "where id = '{$item['item']}'");
$stuff = $data->fetch_array($funsql);
if (get_auth($stuff['code'], 0) == 1) {
if (file_exists($stuff['code'] . $phpex)) {
include $stuff['code'] . $phpex;
}
if ($dbpage == true && isset($pagename) && $pagename != "" && $pagename != "frontpage") {
$content .= "<div class=\"frontpage\">" . get_temp($pagename, $pagenum) . "</div>";
}
}
}
$content .= "<br />";
}
showmessage('operating_too_fast', '', 1, array($waittime));
}
cknewuser();
if ($touid) {
if (isblacklist($touid)) {
showmessage('is_blacklist');
}
}
if (submitcheck('pmsubmit')) {
checklowerlimit('sendpm');
$username = empty($_POST['username']) ? '' : $_POST['username'];
$message = (!empty($_POST['messageappend']) ? $_POST['messageappend'] . "\n" : '') . trim($_POST['message']);
if (empty($message)) {
showmessage('unable_to_send_air_news');
}
$message = censor($message);
loadcache(array('smilies', 'smileytypes'));
foreach ($_G['cache']['smilies']['replacearray'] as $key => $smiley) {
$_G['cache']['smilies']['replacearray'][$key] = '[img]' . $_G['siteurl'] . 'static/image/smiley/' . $_G['cache']['smileytypes'][$_G['cache']['smilies']['typearray'][$key]]['directory'] . '/' . $smiley . '[/img]';
}
$message = preg_replace($_G['cache']['smilies']['searcharray'], $_G['cache']['smilies']['replacearray'], $message);
$subject = '';
$return = 0;
if ($touid) {
$return = uc_pm_send($_G['uid'], $touid, $subject, $message, 1, $pmid, 0);
} elseif ($username) {
$newusers = array();
$users = daddslashes(explode(',', dstripslashes($username)));
if ($users) {
$query = DB::query('SELECT uid, username FROM ' . DB::table('common_member') . " WHERE username IN (" . dimplode($users) . ')');
while ($value = DB::fetch($query)) {
cpmsg('members_email_illegal', '', 'error');
} elseif ($ucresult == -5) {
cpmsg('members_email_domain_illegal', '', 'error');
} elseif ($ucresult == -6) {
cpmsg('members_email_duplicate', '', 'error');
}
}
if ($_GET['clearavatar']) {
C::t('common_member' . $tableext)->update($_GET['uid'], array('avatarstatus' => 0));
uc_user_deleteavatar($uid);
}
$creditsnew = intval($creditsnew);
$regdatenew = strtotime($_GET['regdatenew']);
$lastvisitnew = strtotime($_GET['lastvisitnew']);
$secquesadd = $_GET['clearquestion'] ? ", secques=''" : '';
$signaturenew = censor($_GET['signaturenew']);
$sigstatusnew = $signaturenew ? 1 : 0;
$sightmlnew = discuzcode($signaturenew, 1, 0, 0, 0, $member['allowsigbbcode'] ? $member['allowcusbbcode'] ? 2 : 1 : 0, $member['allowsigimgcode'], 0);
$oltimenew = round($_GET['totalnew'] / 60);
$fieldadd = '';
$fieldarr = array();
include_once libfile('function/profile');
foreach ($_POST as $field_key => $field_val) {
if (isset($fields[$field_key]) && (profile_check($field_key, $field_val) || $_G['adminid'] == 1)) {
$fieldarr[$field_key] = $field_val;
}
}
if ($_GET['deletefile'] && is_array($_GET['deletefile'])) {
foreach ($_GET['deletefile'] as $key => $value) {
if (isset($fields[$key]) && $_G['cache']['profilesetting'][$key]['formtype'] == 'file') {
@unlink(getglobal('setting/attachdir') . './profile/' . $member[$key]);
$taobaonew = dhtmlspecialchars($taobaonew);
$alipaynew = dhtmlspecialchars($alipaynew);
$nicknamenew = $allownickname ? cutstr(censor(dhtmlspecialchars($nicknamenew)), 30) : '';
$cstatusadd = $allowcstatus ? ', customstatus=\'' . cutstr(censor(dhtmlspecialchars($cstatusnew)), 30) . '\'' : '';
$gendernew = empty($gendernew) ? 0 : intval($gendernew);
$locationnew = cutstr(censor(dhtmlspecialchars($locationnew)), 30);
if ($maxsigsize) {
if (strlen($signaturenew) > $maxsigsize) {
showmessage('profile_sig_toolong');
}
} else {
$signaturenew = '';
}
$signaturenew = censor($signaturenew);
$sigstatusnew = $signaturenew ? 1 : 0;
$bionew = censor(dhtmlspecialchars($bionew));
$sightmlnew = discuzcode(stripslashes($signaturenew), 1, 0, 0, 0, $allowsigbbcode, $allowsigimgcode, 0, 0, 1);
$biohtmlnew = discuzcode(stripslashes($bionew), 1, 0, 0, 0, $allowbiobbcode, $allowbioimgcode, 0, 0, 1);
if ($member['msn'][1]) {
if (strpos(strtolower($sightmlnew), '[imme]') !== FALSE) {
$sightmlnew = str_replace('[imme]', "<imme><a target='_blank' href='http://settings.messenger.live.com/Conversation/IMMe.aspx?invitee=" . $member['msn'][1] . "@apps.messenger.live.com&mkt=zh-cn' title='MSN'><img style='vertical-align:middle' src='http://messenger.services.live.com/users/" . $member['msn'][1] . "@apps.messenger.live.com/presenceimage?mkt=zh-cn' width='16' height='16' /></a></imme>", $sightmlnew);
}
if (strpos(strtolower($biohtmlnew), '[imme]') !== FALSE) {
$biohtmlnew = str_replace('[imme]', "<imme><a target='_blank' href='http://settings.messenger.live.com/Conversation/IMMe.aspx?invitee=" . $member['msn'][1] . "@apps.messenger.live.com&mkt=zh-cn' title='MSN'><img style='vertical-align:middle' src='http://messenger.services.live.com/users/" . $member['msn'][1] . "@apps.messenger.live.com/presenceimage?mkt=zh-cn' width='16' height='16' /></a></imme>", $biohtmlnew);
}
}
$sightmlnew = addslashes($sightmlnew);
$biohtmlnew = addslashes($biohtmlnew);
$membersql = "gender='{$gendernew}', bday='{$bdaynew}', sigstatus='{$sigstatusnew}'";
$memberfieldsql = "nickname='{$nicknamenew}', site='{$sitenew}', location='{$locationnew}', icq='{$icqnew}', qq='{$qqnew}', yahoo='{$yahoonew}', msn='{$msnnew}', taobao='{$taobaonew}', alipay='{$alipaynew}', bio='{$biohtmlnew}', sightml='{$sightmlnew}' {$cstatusadd}";
if ($_DCACHE['fields_required'] || $_DCACHE['fields_optional']) {
C::t('forum_post')->increase_rate_by_pid('tid:' . $_G['tid'], $_GET['pid'], $rate, $ratetimes);
if ($post['first']) {
$threadrate = intval(@($post['rate'] + $rate) / abs($post['rate'] + $rate));
C::t('forum_thread')->update($_G['tid'], array('rate' => $threadrate));
}
require_once libfile('function/discuzcode');
$sqlvalues = $comma = '';
$sqlreason = censor(trim($_GET['reason']));
$sqlreason = cutstr(dhtmlspecialchars($sqlreason), 40, '.');
foreach ($creditsarray as $id => $addcredits) {
$insertarr = array('pid' => $_GET['pid'], 'uid' => $_G['uid'], 'username' => $_G['username'], 'extcredits' => $id, 'dateline' => $_G['timestamp'], 'score' => $addcredits, 'reason' => $sqlreason);
C::t('forum_ratelog')->insert($insertarr);
}
include_once libfile('function/post');
$_G['forum']['threadcaches'] && @deletethreadcaches($_G['tid']);
$reason = dhtmlspecialchars(censor(trim($reason)));
if ($sendreasonpm) {
$ratescore = $slash = '';
foreach ($creditsarray as $id => $addcredits) {
$ratescore .= $slash . $_G['setting']['extcredits'][$id]['title'] . ' ' . ($addcredits > 0 ? '+' . $addcredits : $addcredits) . ' ' . $_G['setting']['extcredits'][$id]['unit'];
$slash = ' / ';
}
sendreasonpm($post, 'rate_reason', array('tid' => $thread['tid'], 'pid' => $_GET['pid'], 'subject' => $thread['subject'], 'ratescore' => $ratescore, 'reason' => $reason, 'from_id' => 0, 'from_idtype' => 'rate'));
}
$logs = array();
foreach ($creditsarray as $id => $addcredits) {
$logs[] = dhtmlspecialchars("{$_G['timestamp']}\t{$_G[member][username]}\t{$_G['adminid']}\t{$post['author']}\t{$id}\t{$addcredits}\t{$_G['tid']}\t{$thread['subject']}\t{$reason}");
}
update_threadpartake($post['tid']);
C::t('forum_postcache')->delete($_GET['pid']);
writelog('ratelog', $logs);
public function before_editpost($parameters)
{
global $_G;
$sortid = $parameters['sortid'];
$isfirstpost = $this->post['first'] ? 1 : 0;
if ($isfirstpost) {
$parameters['typeid'] = isset($this->forum['threadtypes']['types'][$parameters['typeid']]) ? $parameters['typeid'] : 0;
if (!$this->forum['ismoderator'] && !empty($this->forum['threadtypes']['moderators'][$this->thread['typeid']])) {
$parameters['typeid'] = $this->thread['typeid'];
}
$parameters['sortid'] = isset($this->forum['threadsorts']['types'][$parameters['sortid']]) ? $parameters['sortid'] : 0;
$typeexpiration = intval($_GET['typeexpiration']);
if (!$parameters['typeid'] && $this->forum['threadtypes']['required'] && !$this->thread['special']) {
showmessage('post_type_isnull');
}
if ($this->forum['threadsorts']['types'][$sortid] && $_G['forum_checkoption']) {
$_G['forum_optiondata'] = threadsort_validator($_GET['typeoption'], $this->post['pid']);
}
$this->param['threadimageaid'] = 0;
$this->param['threadimage'] = array();
if ($this->forum['threadsorts']['types'][$parameters['sortid']] && $_G['forum_optiondata'] && is_array($_G['forum_optiondata'])) {
$sql = $separator = $filedname = $valuelist = '';
foreach ($_G['forum_optiondata'] as $optionid => $value) {
$value = censor(daddslashes($value));
if ($_G['forum_optionlist'][$optionid]['type'] == 'image') {
$identifier = $_G['forum_optionlist'][$optionid]['identifier'];
$newsortaid = intval($_GET['typeoption'][$identifier]['aid']);
if ($newsortaid && $_GET['oldsortaid'][$identifier] && $newsortaid != $_GET['oldsortaid'][$identifier]) {
$attach = C::t('forum_attachment_n')->fetch('tid:' . $this->thread['tid'], $_GET['oldsortaid'][$identifier]);
C::t('forum_attachment')->delete($_GET['oldsortaid'][$identifier]);
C::t('forum_attachment_n')->delete('tid:' . $this->thread['tid'], $_GET['oldsortaid'][$identifier]);
dunlink($attach);
$this->param['threadimageaid'] = $newsortaid;
convertunusedattach($newsortaid, $this->thread['tid'], $this->post['pid']);
}
} else {
if ($_G['forum_optionlist'][$optionid]['type'] == 'face') {
$identifier = $_G['forum_optionlist'][$optionid]['identifier'];
$newsortaid = intval($_GET['typeoption'][$identifier]['aid']);
if ($newsortaid && $_GET['oldsortaid'][$identifier] && $newsortaid != $_GET['oldsortaid'][$identifier]) {
$attach = C::t('forum_attachment_n')->fetch('tid:' . $this->thread['tid'], $_GET['oldsortaid'][$identifier]);
C::t('forum_attachment')->delete($_GET['oldsortaid'][$identifier]);
C::t('forum_attachment_n')->delete('tid:' . $this->thread['tid'], $_GET['oldsortaid'][$identifier]);
dunlink($attach);
$this->param['threadimageaid'] = $newsortaid;
convertunusedattach($newsortaid, $this->thread['tid'], $this->post['pid']);
}
}
}
if ($_G['forum_optionlist'][$optionid]['unchangeable']) {
continue;
}
if (($_G['forum_optionlist'][$optionid]['search'] || in_array($_G['forum_optionlist'][$optionid]['type'], array('radio', 'select', 'number'))) && $value) {
$filedname .= $separator . $_G['forum_optionlist'][$optionid]['identifier'];
$valuelist .= $separator . "'{$value}'";
$sql .= $separator . $_G['forum_optionlist'][$optionid]['identifier'] . "='{$value}'";
$separator = ' ,';
}
C::t('forum_typeoptionvar')->update_by_tid($this->thread['tid'], array('value' => $value, 'sortid' => $parameters['sortid']), false, false, $optionid);
}
if ($typeexpiration) {
C::t('forum_typeoptionvar')->update_by_tid($this->thread['tid'], array('expiration' => TIMESTAMP + $typeexpiration), false, false, null, $parameters['sortid']);
}
if ($sql || $filedname && $valuelist) {
if (C::t('forum_optionvalue')->fetch_all_tid($parameters['sortid'], "WHERE tid='" . $this->thread['tid'] . "'")) {
if ($sql) {
C::t('forum_optionvalue')->update($parameters['sortid'], $this->thread['tid'], $this->forum['fid'], $sql);
}
} elseif ($filedname && $valuelist) {
C::t('forum_optionvalue')->insert($parameters['sortid'], "({$filedname}, tid, fid) VALUES ({$valuelist}, '" . $this->thread['tid'] . "', '" . $this->forum['fid'] . "')");
}
}
}
}
}
}
if ($groupbanner) {
$groupbanner = '<input type="checkbox" class="checkbox" name="deletebanner" value="yes" /> ' . $lang['delete'] . '<br /><img src="' . $groupbanner . '?' . random(6) . '" />';
}
showsetting('groups_editgroup_icon', 'iconnew', '', 'file', '', 0, $groupicon);
showsetting('groups_editgroup_banner', 'bannernew', '', 'file', '', 0, $groupbanner);
showsubmit('editsubmit');
showtablefooter();
showformfooter();
} else {
$_GET['jointypenew'] = intval($_GET['jointypenew']);
$_GET['fupnew'] = intval($_GET['fupnew']);
$_GET['gviewpermnew'] = intval($_GET['gviewpermnew']);
require_once libfile('function/discuzcode');
$_GET['descriptionnew'] = discuzcode(dhtmlspecialchars(censor(trim($_GET['descriptionnew']))), 0, 0, 0, 0, 1, 1, 0, 0, 1);
$_GET['namenew'] = dhtmlspecialchars(censor(trim($_GET['namenew'])));
$icondata = array();
$iconnew = upload_icon_banner($group, $_FILES['iconnew'], 'icon');
$bannernew = upload_icon_banner($group, $_FILES['bannernew'], 'banner');
if ($iconnew) {
$icondata['icon'] = $iconnew;
}
if ($bannernew) {
$icondata['banner'] = $bannernew;
}
if ($_GET['deleteicon']) {
@unlink($_G['setting']['attachurl'] . 'group/' . $group['icon']);
$icondata['icon'] = '';
}
if ($_GET['deletebanner']) {
@unlink($_G['setting']['attachurl'] . 'group/' . $group['banner']);
C::t('home_feed')->update($picid, array('hot' => $_POST['hot']), 'picid');
}
showmessage('do_success', dreferer());
}
} elseif ($_GET['op'] == 'saveforumphoto') {
if (submitcheck('savephotosubmit')) {
$aid = intval($_GET['aid']);
$albumid = intval($_POST['albumid']);
if (!$aid) {
showmessage('parameters_error');
}
$attach = C::t('forum_attachment_n')->fetch('aid:' . $aid, $aid);
if (empty($attach) || $attach['uid'] != $_G['uid'] || !$attach['isimage']) {
showmessage('parameters_error');
}
if ($albumid) {
$album = C::t('home_album')->fetch($albumid, $_G['uid']);
if (empty($album)) {
showmessage('album_does_not_exist');
}
} else {
$album = array('albumid' => 0);
}
$picdata = array('albumid' => $album['albumid'], 'uid' => $_G['uid'], 'username' => $_G['username'], 'dateline' => $attach['dateline'], 'postip' => $_G['clientip'], 'port' => $_G['remoteport'], 'filename' => censor($attach['filename']), 'title' => censor(cutstr(dhtmlspecialchars($attach['description']), 100)), 'type' => fileext($attach['attachment']), 'size' => $attach['filesize'], 'filepath' => $attach['attachment'], 'thumb' => $attach['thumb'], 'remote' => $attach['remote'] + 2);
$picid = C::t('home_pic')->insert($picdata, 1);
showmessage('do_success', dreferer(), array('picid' => $picid), array('showdialog' => true, 'showmsg' => true, 'closetime' => true));
} else {
$albumlist = C::t('home_album')->fetch_all_by_uid($_G['uid'], 'updatetime');
}
}
include_once template("home/spacecp_album");
function getblockhtml($blockname, $parameters = array())
{
global $_G, $space;
$parameters = empty($parameters) ? array() : $parameters;
$list = array();
$sql = $title = $html = $wheresql = $ordersql = $titlemore = $do = $view = $contentclassname = '';
$contenttagname = 'div';
$shownum = 6;
$uid = intval($space['uid']);
$shownum = empty($parameters['shownum']) ? $shownum : intval($parameters['shownum']);
switch ($blockname) {
case 'profile':
$do = $blockname;
$managehtml = '';
$avatar = empty($parameters['banavatar']) ? 'middle' : $parameters['banavatar'];
$html .= "<div class=\"hm\"><p><a href=\"home.php?mod=space&uid={$uid}\" target=\"__blank\">" . avatar($uid, $avatar) . '</a></p>';
$html .= "<h2><a href=\"home.php?mod=space&uid={$uid}\" target=\"__blank\">" . $space['username'] . "</a></h2>";
$html .= '</div><ul class="xl xl2 cl ul_list">';
$magicinfo = $showmagicgift = false;
if ($_G['setting']['magicstatus'] && $_G['setting']['magics']['gift']) {
$showmagicgift = true;
$magicinfo = !empty($space['magicgift']) ? unserialize($space['magicgift']) : array();
}
if ($space['self']) {
$html .= '<li class="ul_diy"><a href="home.php?mod=space&diy=yes">' . lang('space', 'block_profile_diy') . '</a></li>';
$html .= '<li class="ul_msg"><a href="home.php?mod=space&uid=' . $uid . '&do=wall">' . lang('space', 'block_profile_wall') . '</a></li>';
$html .= '<li class="ul_avt"><a href="home.php?mod=spacecp&ac=avatar">' . lang('space', 'block_profile_avatar') . '</a></li>';
$html .= '<li class="ul_profile"><a href="home.php?mod=spacecp&ac=profile">' . lang('space', 'block_profile_update') . '</a></li>';
if ($showmagicgift) {
$html .= '<li class="ul_magicgift"><div style="' . 'background: url(' . STATICURL . 'image/magic/gift.small.gif) no-repeat 0 50%;' . '">';
if ($magicinfo) {
$html .= '<a onclick="showWindow(\'magicgift\', this.href, \'get\', 0)" href="home.php?mod=spacecp&ac=magic&op=retiregift">' . lang('magic/gift', 'gift_gc') . '</a>';
} else {
$html .= '<a onclick="showWindow(\'magicgift\', this.href, \'get\', 0)" href="home.php?mod=magic&mid=gift">' . lang('magic/gift', 'gift_use') . '</a>';
}
$html .= '</div></li>';
}
} else {
require_once libfile('function/friend');
$isfriend = friend_check($uid);
if (!$isfriend) {
$html .= "<li class='ul_add'><a href=\"home.php?mod=spacecp&ac=friend&op=add&uid={$space['uid']}&handlekey=addfriendhk_{$space[uid]}\" id=\"a_friend_li_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">" . lang('space', 'block_profile_friend_add') . "</a></li>";
} else {
$html .= "<li class='ul_ignore'><a href=\"home.php?mod=spacecp&ac=friend&op=ignore&uid={$space['uid']}&handlekey=ignorefriendhk_{$space[uid]}\" id=\"a_ignore_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">" . lang('space', 'block_profile_friend_ignore') . "</a></li>";
}
$html .= "<li class='ul_msg'><a href=\"home.php?mod=space&uid={$space['uid']}&do=wall\">" . lang('space', 'block_profile_wall_to_me') . "</a></li>";
$html .= "<li class='ul_poke'><a href=\"home.php?mod=spacecp&ac=poke&op=send&uid={$space['uid']}&handlekey=propokehk_{$space[uid]}\" id=\"a_poke_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">" . lang('space', 'block_profile_poke') . "</a></li>";
$html .= "<li class='ul_pm'><a href=\"home.php?mod=spacecp&ac=pm&op=showmsg&handlekey=showmsg_{$space['uid']}&touid={$space['uid']}&pmid=0&daterange=2\" id=\"a_sendpm_{$space['uid']}\" onclick=\"showWindow('showMsgBox', this.href, 'get', 0)\">" . lang('space', 'block_profile_sendmessage') . "</a></li>";
}
$html .= '</ul>';
$encodeusername = rawurlencode($space['username']);
if (checkperm('allowbanuser')) {
$managehtml .= '<li><a href="' . ($_G['adminid'] == 1 ? "admin.php?action=members&operation=ban&username={$encodeusername}&frames=yes" : "forum.php?mod=modcp&action=member&op=ban&uid={$space['uid']}") . '" id="usermanageli" onmouseover="showMenu(this.id)" class="showmenu" target="_blank">' . lang('home/template', 'member_manage') . '</a></li>';
} elseif (checkperm('allowedituser')) {
$managehtml .= '<li><a href="' . ($_G['adminid'] == 1 ? "admin.php?action=members&operation=search&username={$encodeusername}&submit=yes&frames=yes" : "forum.php?mod=modcp&action=member&op=edit&uid={$space['uid']}") . '" id="usermanageli" onmouseover="showMenu(this.id)" class="showmenu" target="_blank">' . lang('home/template', 'member_manage') . '</a></li>';
}
if ($_G['adminid'] == 1) {
$managehtml .= "<li><a href=\"forum.php?mod=modcp&action=thread&op=post&do=search&searchsubmit=1&users={$encodeusername}\" id=\"umanageli\" onmouseover=\"showMenu(this.id)\" class=\"showmenu\">" . lang('home/template', 'content_manage') . "</a></li>";
}
if (!empty($managehtml)) {
$html .= '<hr class="da mtn m0" /><ul class="ptn xl xl2 cl">' . $managehtml . '</ul><ul id="usermanageli_menu" class="p_pop" style="width: 80px; display:none;">';
if (checkperm('allowbanuser')) {
$html .= '<li><a href="' . ($_G['adminid'] == 1 ? "admin.php?action=members&operation=ban&username={$encodeusername}&frames=yes" : "forum.php?mod=modcp&action=member&op=ban&uid={$space['uid']}") . '" target="_blank">' . lang('home/template', 'user_ban') . '</a></li>';
}
if (checkperm('allowedituser')) {
$html .= '<li><a href="' . ($_G['adminid'] == 1 ? "admin.php?action=members&operation=search&username={$encodeusername}&submit=yes&frames=yes" : "forum.php?mod=modcp&action=member&op=edit&uid={$space['uid']}") . '" target="_blank">' . lang('home/template', 'user_edit') . '</a></li>';
}
$html .= '</ul>';
if ($_G['adminid'] == 1) {
$html .= '<ul id="umanageli_menu" class="p_pop" style="width: 80px; display:none;">';
$html .= '<li><a href="admin.php?action=threads&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_post') . '</a></li>';
$html .= '<li><a href="admin.php?action=doing&searchsubmit=1&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_doing') . '</a></li>';
$html .= '<li><a href="admin.php?action=blog&searchsubmit=1&uid=' . $uid . '" target="_blank">' . lang('space', 'manage_blog') . '</a></li>';
$html .= '<li><a href="admin.php?action=feed&searchsubmit=1&uid=' . $uid . '" target="_blank">' . lang('space', 'manage_feed') . '</a></li>';
$html .= '<li><a href="admin.php?action=album&searchsubmit=1&uid=' . $uid . '" target="_blank">' . lang('space', 'manage_album') . '</a></li>';
$html .= '<li><a href="admin.php?action=pic&searchsubmit=1&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_pic') . '</a></li>';
$html .= '<li><a href="admin.php?action=comment&searchsubmit=1&authorid=' . $uid . '" target="_blank">' . lang('space', 'manage_comment') . '</a></li>';
$html .= '<li><a href="admin.php?action=share&searchsubmit=1&uid=' . $uid . '" target="_blank">' . lang('space', 'manage_share') . '</a></li>';
$html .= '<li><a href="admin.php?action=threads&operation=group&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_group_threads') . '</a></li>';
$html .= '<li><a href="admin.php?action=prune&searchsubmit=1&operation=group&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_group_prune') . '</a></li>';
$html .= '</ul>';
}
}
if ($_G['setting']['magicstatus'] && $_G['setting']['magics']['gift']) {
$info = !empty($space['magicgift']) ? unserialize($space['magicgift']) : array();
if ($space['self']) {
} elseif ($info) {
if ($info['left'] && !in_array($_G['uid'], (array) $info['receiver'])) {
$percredit = min($info['percredit'], $info['left']);
if ($info['credittype'] == 'credits') {
$credittype = lang('core', 'title_credit');
} else {
$extcredits = str_replace('extcredits', '', $info['credittype']);
$credittype = $_G['setting']['extcredits'][$extcredits]['title'];
}
$html .= '<div id="magicreceivegift">';
$html .= '<a onclick="showWindow(\'magicgift\', this.href, \'get\', 0)" href="home.php?mod=spacecp&ac=magic&op=receivegift&uid=' . $uid . '" title="' . lang('magic/gift', 'gift_receive_gift', array('percredit' => $percredit, 'credittype' => $credittype)) . '">';
$html .= '<img src="' . STATICURL . 'image/magic/gift.gif" alt="gift" />';
$html .= '</a>';
$html .= '</div>';
}
}
}
$html = '<div id="pcd">' . $html . '</div>';
break;
case 'statistic':
space_merge($space, 'count');
$html .= '<p class="mbm xw1">';
if (empty($parameters['banviews'])) {
$html .= lang('space', 'space_views', array('views' => $space['views'] ? $space['views'] : '--'));
}
$html .= '</p><ul class="xl xl2 cl">';
if (empty($parameters['bancredits'])) {
$html .= "<li>" . lang('space', 'credits') . ': <a href="home.php?mod=spacecp&ac=credit">' . ($space['credits'] ? $space['credits'] : '--') . "</a></li>";
foreach ($_G['setting']['extcredits'] as $extcreditid => $extcredit) {
$html .= "<li>" . $extcredit['img'] . $extcredit['title'] . ': <a href="home.php?mod=spacecp&ac=credit">' . ($space['extcredits' . $extcreditid] ? $space['extcredits' . $extcreditid] : '--') . '</a>';
}
}
if (empty($parameters['banfriends'])) {
$html .= "<li>" . lang('space', 'friends') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=friend&view=me&from=space">' . ($space['friends'] ? $space['friends'] : '--') . "</a></li>";
}
if (empty($parameters['banthreads']) && $_G['setting']['allowviewuserthread'] !== false || $_G['adminid'] == 1) {
$html .= "<li>" . lang('space', 'threads') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=thread&view=me&from=space">' . ($space['threads'] ? $space['threads'] : '--') . "</a></li>";
}
if (empty($parameters['banblogs'])) {
$html .= "<li>" . lang('space', 'blogs') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=blog&view=me&from=space">' . ($space['blogs'] ? $space['blogs'] : '--') . "</a></li>";
}
if (empty($parameters['banalbums'])) {
$html .= "<li>" . lang('space', 'albums') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=album&view=me&from=space">' . ($space['albums'] ? $space['albums'] : '--') . "</a></li>";
}
if (empty($parameters['bansharings'])) {
$html .= "<li>" . lang('space', 'sharings') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=share&view=me&from=space">' . ($space['sharings'] ? $space['sharings'] : '--') . "</a></li>";
}
$html .= '</ul>';
$html = '<div id="pcd">' . $html . '</div>';
break;
case 'doing':
$do = $blockname;
if (ckprivacy('doing', 'view')) {
$dolist = array();
$sql = "SELECT * FROM " . DB::table('home_doing') . " WHERE uid='{$uid}' ORDER BY dateline DESC LIMIT 0,{$shownum}";
$query = DB::query($sql);
while ($value = DB::fetch($query)) {
if ($value['status'] == 0 || $value['uid'] == $_G['uid']) {
$dolist[] = $value;
}
}
if ($dolist) {
foreach ($dolist as $dv) {
$doid = $dv['doid'];
$_G[gp_key] = $key = random(8);
$html .= "<li class=\"pbn bbda\">";
$html .= $dv['message'];
$html .= " <a href=\"home.php?mod=space&uid={$dv['uid']}&do=doing&view=me&from=space&doid={$dv['doid']}\" target=\"_blank\" class=\"xg1\">" . lang('space', 'block_doing_reply') . "</a>";
$html .= "</li>";
}
} else {
$html .= "<p class=\"emp\">" . lang('space', 'block_doing_no_content') . "</p>";
}
} else {
$html .= "<p class=\"emp\">" . lang('space', 'block_view_noperm') . "</p>";
}
$html = '<ul class="xl">' . $html . '</ul>';
break;
case 'blog':
$do = $blockname;
$query = DB::query("SELECT bf.*, b.* FROM " . DB::table('home_blog') . " b\r\n\t\t\t\tLEFT JOIN " . DB::table('home_blogfield') . " bf ON bf.blogid=b.blogid\r\n\t\t\t\tWHERE b.uid='{$uid}'\r\n\t\t\t\tORDER BY b.dateline DESC LIMIT 0,{$shownum}");
while ($value = DB::fetch($query)) {
if (ckfriend($value['uid'], $value['friend'], $value['target_ids'])) {
if ($value['pic']) {
$value['pic'] = pic_cover_get($value['pic'], $value['picflag']);
}
$value['message'] = $value['friend'] == 4 ? '' : getstr($value['message'], 150, 0, 0, 0, -1);
$html .= lang('space', 'blog_li', array('uid' => $value['uid'], 'blogid' => $value['blogid'], 'subject' => $value['subject'], 'date' => dgmdate($value['dateline'], 'Y-m-d')));
if (!isset($parameters['showmessage'])) {
$parameters['showmessage'] = true;
}
if ($parameters['showmessage']) {
if ($value['pic']) {
$html .= lang('space', 'blog_li_img', array('uid' => $value['uid'], 'blogid' => $value['blogid'], 'src' => $value['pic']));
}
$html .= "<dd>{$value['message']}</dd>";
}
$html .= lang('space', 'blog_li_ext', array('uid' => $value['uid'], 'blogid' => $value['blogid'], 'viewnum' => $value['viewnum'], 'replynum' => $value['replynum']));
$html .= "</dl>";
} else {
$html .= '<p>' . lang('space', 'block_view_noperm') . '</p>';
}
}
$more = $html ? '<p class="ptm" style="text-align: right;"><a href="home.php?mod=space&uid=' . $uid . '&do=blog&view=me&from=space">' . lang('space', 'viewmore') . '</a></p>' : '';
$contentclassname = ' xld';
$html = $html . $more;
break;
case 'album':
$do = $blockname;
if (ckprivacy('album', 'view')) {
$query = DB::query("SELECT * FROM " . DB::table('home_album') . " WHERE uid='{$uid}' ORDER BY updatetime DESC LIMIT 0,{$shownum}");
while ($value = DB::fetch($query)) {
if (ckfriend($value['uid'], $value['friend'], $value['target_ids'])) {
$value['pic'] = pic_cover_get($value['pic'], $value['picflag']);
$html .= lang('space', 'album_li', array('albumid' => $value['albumid'], 'src' => $value['pic'], 'albumname' => $value['albumname'], 'uid' => $value['uid'], 'picnum' => $value['picnum'], 'date' => dgmdate($value['updatetime'], 'n-j')));
}
}
} else {
$html .= '<li>' . lang('space', 'block_view_noperm') . '</li>';
}
$html = '<ul class="ml mla cl">' . $html . '</ul>';
break;
case 'feed':
$do = $blockname;
if (!IS_ROBOT && ckprivacy('feed', 'view')) {
require_once libfile('function/feed');
$query = DB::query("SELECT * FROM " . DB::table('home_feed') . " WHERE uid='{$uid}' ORDER BY dateline DESC LIMIT 0,{$shownum}");
while ($value = DB::fetch($query)) {
if (ckfriend($value['uid'], $value['friend'], $value['target_ids'])) {
$html .= mkfeedhtml(mkfeed($value));
}
}
}
$contenttagname = 'ul';
$contentclassname = ' el';
$html = empty($html) ? '' : $html;
break;
case 'thread':
$do = $blockname;
if ($_G['setting']['allowviewuserthread'] !== false) {
$fidsql = empty($_G['setting']['allowviewuserthread']) ? '' : " AND fid IN({$_G[setting][allowviewuserthread]}) ";
$query = DB::query("SELECT * FROM " . DB::table('forum_thread') . " WHERE authorid='{$uid}' {$fidsql} AND displayorder>='0' ORDER BY tid DESC LIMIT 0,{$shownum}");
while ($thread = DB::fetch($query)) {
if ($thread['author']) {
$html .= "<li><a href=\"forum.php?mod=viewthread&tid={$thread['tid']}\" target=\"_blank\">{$thread['subject']}</a></li>";
}
}
}
$html = empty($html) ? '' : '<ul class="xl">' . $html . '</ul>';
break;
case 'friend':
$do = $blockname;
require_once libfile('function/friend');
$friendlist = array();
$friendlist = friend_list($uid, $shownum);
$fuids = array_keys($friendlist);
getonlinemember($fuids);
foreach ($friendlist as $key => $value) {
$classname = $_G['ols'][$value['fuid']] ? 'gol' : '';
$html .= '<li><a href="home.php?mod=space&uid=' . $value['fuid'] . '" target="_blank"><em class="' . $classname . '"></em>' . avatar($value['fuid'], 'small') . '</a><p><a href="home.php?mod=space&uid=' . $value[fuid] . '" target="_blank">' . $value['fusername'] . '</a></p></li>';
}
$html = '<ul class="ml mls cl">' . $html . '</ul>';
break;
case 'visitor':
$do = 'friend';
$view = 'visitor';
$query = DB::query("SELECT * FROM " . DB::table('home_visitor') . " WHERE uid='{$uid}' ORDER BY dateline DESC LIMIT 0,{$shownum}");
$list = $fuids = array();
while ($value = DB::fetch($query)) {
$list[] = $value;
$fuids[] = $value['vuid'];
}
getonlinemember($fuids);
foreach ($list as $value) {
$html .= "<li>";
if ($value['vusername'] == '') {
$html .= lang('space', 'visitor_anonymity');
} else {
$html .= lang('space', 'visitor_list', array('uid' => $value['vuid'], 'username' => $value['vusername'], 'class' => $_G['ols'][$value['vuid']] ? 'gol' : '', 'avatar' => avatar($value['vuid'], 'small')));
}
$html .= "<span class=\"xg2\">" . dgmdate($value['dateline'], 'u', '9999', 'Y-m-d') . "</span>";
$html .= "</li>";
}
$html = '<ul class="ml mls cl">' . $html . '</ul>';
break;
case 'share':
$do = $blockname;
if (!IS_ROBOT && ckprivacy('share', 'view')) {
require_once libfile('function/share');
$query = DB::query("SELECT * FROM " . DB::table('home_share') . " WHERE uid='{$uid}' ORDER BY dateline DESC LIMIT 0,{$shownum}");
while ($value = DB::fetch($query)) {
$value = mkshare($value);
$html .= '<li><em><a href="home.php?mod=space&uid=' . $value['uid'] . '&do=share&id=' . $value['sid'] . '">' . $value['title_template'] . '</a>(' . dgmdate($value['dateline'], 'u') . ')</em><div class="ec cl">';
if ($value['image']) {
$html .= '<a href="' . $value['image_link'] . '" target="_blank"><img src="' . $value['image'] . '" class="tn" alt="" /></a>';
}
$html .= '<div class="d">' . $value['body_template'] . '</div>';
if ($value['type'] == 'video') {
if (!empty($value['body_data']['imgurl'])) {
$html .= '<table class="mtm" title="' . lang('space', 'click_play') . '" onclick="javascript:showFlash(\'' . $value['body_data']['host'] . '\', \'' . $value['body_data']['flashvar'] . '\', this, \'' . $value['sid'] . '\');"><tr><td class="vdtn hm" style="background: url(' . $value['body_data']['imgurl'] . ') no-repeat"><img src="' . STATICURL . '/image/common/vds.png" alt="' . lang('space', 'click_play') . '" /></td></tr></table>';
} else {
$html .= "<img src=\"" . STATICURL . "/image/common/vd.gif\" alt=\"" . lang('space', 'click_play') . "\" onclick=\"javascript:showFlash('{$value['body_data']['host']}', '{$value['body_data']['flashvar']}', this, '{$value['sid']}');\" class=\"tn\" />";
}
} elseif ($value['type'] == 'music') {
$html .= "<img src=\"" . STATICURL . "/image/common/music.gif\" alt=\"" . lang('space', 'click_play') . "\" onclick=\"javascript:showFlash('music', '{$value['body_data']['musicvar']}', this, '{$value['sid']}');\" class=\"tn\" />";
} elseif ($value['type'] == 'flash') {
$html .= "<img src=\"" . STATICURL . "/image/common/flash.gif\" alt=\"" . lang('space', 'click_view') . "\" onclick=\"javascript:showFlash('flash', '{$value['body_data']['flashaddr']}', this, '{$value['sid']}');\" class=\"tn\" />";
}
if ($value['body_general']) {
$html .= '<div class="quote' . ($value['image'] ? 'z' : '') . "\"><blockquote>{$value['body_general']}</blockquote></div>";
}
$html .= '</div></li>';
}
$html = '<ul class="el">' . $html . '</ul>';
}
break;
case 'wall':
$do = $blockname;
$walllist = array();
if (ckprivacy('wall', 'view')) {
$query = DB::query("SELECT * FROM " . DB::table('home_comment') . " WHERE id='{$uid}' AND idtype='uid' ORDER BY dateline DESC LIMIT 0,{$shownum}");
while ($value = DB::fetch($query)) {
$value['message'] = strlen($value['message']) > 500 ? getstr($value['message'], 500, 0, 0, 0, -1) . ' ...' : $value['message'];
if ($value['status'] == 0 || $value['authorid'] == $_G['uid']) {
$walllist[] = $value;
}
}
}
$html = '<div class="xld xlda el" id="comment_ul">';
foreach ($walllist as $key => $value) {
$op = '';
if ($value['author']) {
$author_avatar = '<a href="home.php?mod=space&uid=' . $value['authorid'] . '" target="_blank">' . avatar($value['authorid'], 'small') . '</a>';
$author = '<a href="home.php?mod=space&uid=' . $value['authorid'] . '" id="author_' . $value['cid'] . '" target="_blank">' . $value['author'] . '</a>';
} else {
$author_avatar = '<img src="static/image/magic/hidden.gif" alt="hidden" />';
$author = lang('space', 'hidden_username');
}
if ($value['authorid'] == $_G['uid']) {
$op .= lang('space', 'wall_edit', array('cid' => $value['cid']));
}
if ($value['authorid'] == $_G['uid'] || $space['self'] || checkperm('managecomment')) {
$op .= lang('space', 'wall_del', array('cid' => $value['cid']));
}
if ($value['authorid'] != $_G['uid'] && ($value['idtype'] != 'uid' || $space['self'])) {
$op .= lang('space', 'wall_reply', array('cid' => $value['cid']));
}
$moderate_need = $value['status'] == 1 ? lang('template', 'moderate_need') : '';
$date = dgmdate($value['dateline'], 'u');
$replacearr = array('author' => $author, 'author_avatar' => $author_avatar, 'moderated' => $moderate_need, 'cid' => $value['cid'], 'message' => $value['message'], 'date' => $date, 'op' => $op);
$html .= lang('space', 'wall_li', $replacearr);
}
if (!empty($walllist)) {
$html .= lang('space', 'wall_more', array('uid' => $uid));
}
$html .= '</div>';
$html = lang('space', 'wall_form', array('uid' => $uid, 'FORMHASH' => FORMHASH)) . '<hr class="da mtm m0">' . $html;
$titlemore = '<span class="y xw0"><a href="home.php?mod=space&uid=' . $uid . '&do=wall">' . lang('space', 'all') . '</a></span>';
break;
case 'group':
$do = $blockname;
$view = 'groupthread';
require_once libfile('function/group');
$grouplist = mygrouplist($uid, 'lastupdate', array('f.name', 'ff.icon'), $shownum);
if (empty($grouplist)) {
$grouplist = array();
}
foreach ($grouplist as $groupid => $group) {
$group['groupid'] = $groupid;
$html .= lang('space', 'group_li', $group);
}
$html = '<ul class="ml mls cl">' . $html . '</ul>';
break;
case 'music':
if (!empty($parameters['mp3list'])) {
$authcode = substr(md5($_G['authkey'] . $uid), 6, 16);
$view = $_G['adminid'] == 1 && $_G['setting']['allowquickviewprofile'] ? '&view=admin' : '';
$querystring = urlencode("home.php?mod=space&uid={$uid}&do=index&op=getmusiclist&hash={$authcode}{$view}&t=" . TIMESTAMP);
$swfurl = STATICURL . 'image/common/mp3player.swf?config=' . $querystring;
if (empty($parameters['config']['height']) && $parameters['config']['height'] !== 0) {
$parameters['config']['height'] = '200px';
} else {
$parameters['config']['height'] .= 'px';
}
$html = "<script language=\"javascript\" type=\"text/javascript\">document.write(AC_FL_RunContent('id', 'mp3player', 'name', 'mp3player', 'devicefont', 'false', 'width', '100%', 'height', '" . $parameters['config']['height'] . "', 'src', '{$swfurl}', 'menu', 'false', 'allowScriptAccess', 'sameDomain', 'swLiveConnect', 'true', 'wmode', 'transparent'));</script>";
} else {
$html = lang('space', 'music_no_content');
}
$html = '<div class="ml mls cl">' . $html . '</div>';
break;
default:
if ($space['self']) {
$_G['space_group'] = $_G['group'];
} elseif (empty($_G['space_group'])) {
$_G['space_group'] = DB::fetch_first("SELECT * FROM " . DB::table('common_usergroup_field') . " WHERE groupid='{$space['groupid']}'");
}
require_once libfile('function/discuzcode');
if ($_G['space_group']['allowspacediyimgcode']) {
if (empty($_G['cache']['smilies']['loaded'])) {
loadcache(array('smilies', 'smileytypes'));
foreach ($_G['cache']['smilies']['replacearray'] as $skey => $smiley) {
$_G['cache']['smilies']['replacearray'][$skey] = '[img]' . $_G['siteurl'] . 'static/image/smiley/' . $_G['cache']['smileytypes'][$_G['cache']['smilies']['typearray'][$skey]]['directory'] . '/' . $smiley . '[/img]';
}
$_G['cache']['smilies']['loaded'] = 1;
}
$parameters['content'] = preg_replace($_G['cache']['smilies']['searcharray'], $_G['cache']['smilies']['replacearray'], censor(trim($parameters['content'])));
}
if ($_G['space_group']['allowspacediybbcode'] || $_G['space_group']['allowspacediyimgcode'] || $_G['space_group']['allowspacediyhtml']) {
$parameters['content'] = discuzcode($parameters['content'], 1, 0, 1, 0, $_G['space_group']['allowspacediybbcode'], $_G['space_group']['allowspacediyimgcode'], $_G['space_group']['allowspacediyhtml']);
} else {
$parameters['content'] = dhtmlspecialchars($parameters['content']);
}
$parameters['content'] = nl2br($parameters['content']);
if (empty($parameters['content'])) {
$parameters['content'] = lang('space', $blockname);
}
$html .= $parameters['content'];
break;
}
if ($_G['setting']['allowviewuserthread'] === false && $blockname == 'thread') {
$html = '';
} else {
if (isset($parameters['title'])) {
if (empty($parameters['title'])) {
$title = '';
} else {
$view = $view === false ? '' : ($view == '' ? '&view=me' : '&view=' . $view);
$bnamelink = $do ? '<a href="home.php?mod=space&uid=' . $uid . '&do=' . $do . $view . '">' . stripslashes($parameters['title']) . '</a>' : stripslashes($parameters['title']);
$title = lang('space', 'block_title', array('bname' => $bnamelink, 'more' => $titlemore));
}
} else {
$view = $view === false ? '' : ($view == '' ? '&view=me' : '&view=' . $view);
$bnamelink = $do ? '<a href="home.php?mod=space&uid=' . $uid . '&do=' . $do . $view . '">' . getblockdata($blockname) . '</a>' : getblockdata($blockname);
$title = lang('space', 'block_title', array('bname' => $bnamelink, 'more' => $titlemore));
}
$html = $title . '<' . $contenttagname . ' id="' . $blockname . '_content" class="content' . $contentclassname . '">' . $html . '</' . $contenttagname . '>';
}
return $html;
}
function updateattach($modnewthreads, $tid, $pid, $attachnew, $attachupdate = array(), $uid = 0)
{
global $_G;
$thread = C::t('forum_thread')->fetch($tid);
$uid = $uid ? $uid : $_G['uid'];
if ($attachnew) {
$newaids = array_keys($attachnew);
$newattach = $newattachfile = $albumattach = array();
foreach (C::t('forum_attachment_unused')->fetch_all($newaids) as $attach) {
if ($attach['uid'] != $uid && !$_G['forum']['ismoderator']) {
continue;
}
$attach['uid'] = $uid;
$newattach[$attach['aid']] = daddslashes($attach);
if ($attach['isimage']) {
$newattachfile[$attach['aid']] = $attach['attachment'];
}
}
if ($_G['setting']['watermarkstatus'] && empty($_G['forum']['disablewatermark']) || !$_G['setting']['thumbdisabledmobile']) {
require_once libfile('class/image');
$image = new image();
}
if (!empty($_GET['albumaid'])) {
array_unshift($_GET['albumaid'], '');
$_GET['albumaid'] = array_unique($_GET['albumaid']);
unset($_GET['albumaid'][0]);
foreach ($_GET['albumaid'] as $aid) {
if (isset($newattach[$aid])) {
$albumattach[$aid] = $newattach[$aid];
}
}
}
foreach ($attachnew as $aid => $attach) {
$update = array();
$update['readperm'] = $_G['group']['allowsetattachperm'] ? $attach['readperm'] : 0;
$update['price'] = $_G['group']['maxprice'] ? intval($attach['price']) <= $_G['group']['maxprice'] ? intval($attach['price']) : $_G['group']['maxprice'] : 0;
$update['tid'] = $tid;
$update['pid'] = $pid;
$update['uid'] = $uid;
$update['description'] = censor(cutstr(dhtmlspecialchars($attach['description']), 100));
C::t('forum_attachment_n')->update('tid:' . $tid, $aid, $update);
if (!$newattach[$aid]) {
continue;
}
$update = array_merge($update, $newattach[$aid]);
if (!empty($newattachfile[$aid])) {
if ($_G['setting']['thumbstatus'] && $_G['forum']['disablethumb']) {
$update['thumb'] = 0;
@unlink($_G['setting']['attachdir'] . '/forum/' . getimgthumbname($newattachfile[$aid]));
if (!empty($albumattach[$aid])) {
$albumattach[$aid]['thumb'] = 0;
}
} elseif (!$_G['setting']['thumbdisabledmobile']) {
$_daid = sprintf("%09d", $aid);
$dir1 = substr($_daid, 0, 3);
$dir2 = substr($_daid, 3, 2);
$dir3 = substr($_daid, 5, 2);
$dw = 320;
$dh = 320;
$thumbfile = 'image/' . $dir1 . '/' . $dir2 . '/' . $dir3 . '/' . substr($_daid, -2) . '_' . $dw . '_' . $dh . '.jpg';
$image->Thumb($_G['setting']['attachdir'] . '/forum/' . $newattachfile[$aid], $thumbfile, $dw, $dh, 'fixwr');
$dw = 720;
$dh = 720;
$thumbfile = 'image/' . $dir1 . '/' . $dir2 . '/' . $dir3 . '/' . substr($_daid, -2) . '_' . $dw . '_' . $dh . '.jpg';
$image->Thumb($_G['setting']['attachdir'] . '/forum/' . $newattachfile[$aid], $thumbfile, $dw, $dh, 'fixwr');
}
if ($_G['setting']['watermarkstatus'] && empty($_G['forum']['disablewatermark'])) {
$image->Watermark($_G['setting']['attachdir'] . '/forum/' . $newattachfile[$aid], '', 'forum');
$update['filesize'] = $image->imginfo['size'];
}
}
if (!empty($_GET['albumaid']) && isset($albumattach[$aid])) {
$newalbum = 0;
if (!$_GET['uploadalbum']) {
require_once libfile('function/spacecp');
$_GET['uploadalbum'] = album_creat(array('albumname' => $_GET['newalbum']));
$newalbum = 1;
}
$picdata = array('albumid' => $_GET['uploadalbum'], 'uid' => $uid, 'username' => $_G['username'], 'dateline' => $albumattach[$aid]['dateline'], 'postip' => $_G['clientip'], 'filename' => censor($albumattach[$aid]['filename']), 'title' => censor(cutstr(dhtmlspecialchars($attach['description']), 100)), 'type' => fileext($albumattach[$aid]['attachment']), 'size' => $albumattach[$aid]['filesize'], 'filepath' => $albumattach[$aid]['attachment'], 'thumb' => $albumattach[$aid]['thumb'], 'remote' => $albumattach[$aid]['remote'] + 2);
$update['picid'] = C::t('home_pic')->insert($picdata, 1);
if ($newalbum) {
require_once libfile('function/home');
require_once libfile('function/spacecp');
album_update_pic($_GET['uploadalbum']);
}
}
C::t('forum_attachment_n')->insert('tid:' . $tid, $update, false, true);
C::t('forum_attachment')->update($aid, array('tid' => $tid, 'pid' => $pid, 'tableid' => getattachtableid($tid)));
C::t('forum_attachment_unused')->delete($aid);
}
if (!empty($_GET['albumaid'])) {
$albumdata = array('picnum' => C::t('home_pic')->check_albumpic($_GET['uploadalbum']), 'updatetime' => $_G['timestamp']);
C::t('home_album')->update($_GET['uploadalbum'], $albumdata);
require_once libfile('function/home');
require_once libfile('function/spacecp');
album_update_pic($_GET['uploadalbum']);
}
if ($newattach) {
ftpupload($newaids, $uid);
}
}
if (!$modnewthreads && $newattach && $uid == $_G['uid']) {
updatecreditbyaction('postattach', $uid, array(), '', count($newattach), 1, $_G['fid']);
}
if ($attachupdate) {
$attachs = C::t('forum_attachment_n')->fetch_all_by_id('tid:' . $tid, 'aid', array_keys($attachupdate));
foreach ($attachs as $attach) {
if (array_key_exists($attach['aid'], $attachupdate) && $attachupdate[$attach['aid']]) {
dunlink($attach);
}
}
$unusedattachs = C::t('forum_attachment_unused')->fetch_all($attachupdate);
$attachupdate = array_flip($attachupdate);
$unusedaids = array();
foreach ($unusedattachs as $attach) {
if ($attach['uid'] != $uid && !$_G['forum']['ismoderator']) {
continue;
}
$unusedaids[] = $attach['aid'];
$update = $attach;
$update['dateline'] = TIMESTAMP;
$update['remote'] = 0;
unset($update['aid']);
if ($attach['isimage'] && $_G['setting']['watermarkstatus'] && empty($_G['forum']['disablewatermark'])) {
$image->Watermark($_G['setting']['attachdir'] . '/forum/' . $attach['attachment'], '', 'forum');
$update['filesize'] = $image->imginfo['size'];
}
C::t('forum_attachment_n')->update('tid:' . $tid, $attachupdate[$attach['aid']], $update);
@unlink($_G['setting']['attachdir'] . 'image/' . $attach['aid'] . '_100_100.jpg');
C::t('forum_attachment_exif')->delete($attachupdate[$attach['aid']]);
C::t('forum_attachment_exif')->update($attach['aid'], array('aid' => $attachupdate[$attach['aid']]));
ftpupload(array($attachupdate[$attach['aid']]), $uid);
}
if ($unusedaids) {
C::t('forum_attachment_unused')->delete($unusedaids);
}
}
$attachcount = C::t('forum_attachment_n')->count_by_id('tid:' . $tid, $pid ? 'pid' : 'tid', $pid ? $pid : $tid);
$attachment = 0;
if ($attachcount) {
if (C::t('forum_attachment_n')->count_image_by_id('tid:' . $tid, $pid ? 'pid' : 'tid', $pid ? $pid : $tid)) {
$attachment = 2;
} else {
$attachment = 1;
}
} else {
$attachment = 0;
}
C::t('forum_thread')->update($tid, array('attachment' => $attachment));
C::t('forum_post')->update('tid:' . $tid, $pid, array('attachment' => $attachment), true);
if (!$attachment) {
C::t('forum_threadimage')->delete_by_tid($tid);
}
$_G['forum_attachexist'] = $attachment;
}
function blog_post($POST, $olds=array()) {
global $_G, $space;
$isself = 1;
if(!empty($olds['uid']) && $olds['uid'] != $_G['uid']) {
$isself = 0;
$__G = $_G;
$_G['uid'] = $olds['uid'];
$_G['username'] = addslashes($olds['username']);
}
$POST['subject'] = getstr(trim($POST['subject']), 80);
$POST['subject'] = censor($POST['subject']);
if(strlen($POST['subject'])<1) $POST['subject'] = dgmdate($_G['timestamp'], 'Y-m-d');
$POST['friend'] = intval($POST['friend']);
$POST['target_ids'] = '';
if($POST['friend'] == 2) {
$uids = array();
$names = empty($_POST['target_names'])?array():explode(',', preg_replace("/(\s+)/s", ',', $_POST['target_names']));
if($names) {
$uids = C::t('common_member')->fetch_all_uid_by_username($names);
}
if(empty($uids)) {
$POST['friend'] = 3;
} else {
$POST['target_ids'] = implode(',', $uids);
}
} elseif($POST['friend'] == 4) {
$POST['password'] = trim($POST['password']);
if($POST['password'] == '') $POST['friend'] = 0;
}
if($POST['friend'] !== 2) {
$POST['target_ids'] = '';
}
if($POST['friend'] !== 4) {
$POST['password'] == '';
}
$POST['tag'] = dhtmlspecialchars(trim($POST['tag']));
$POST['tag'] = getstr($POST['tag'], 500);
$POST['tag'] = censor($POST['tag']);
$POST['message'] = checkhtml($POST['message']);
if($_G['mobile']) {
$POST['message'] = getstr($POST['message'], 0, 0, 0, 1);
$POST['message'] = censor($POST['message']);
} else {
$POST['message'] = getstr($POST['message'], 0, 0, 0, 0, 1);
$POST['message'] = censor($POST['message']);
$POST['message'] = preg_replace(array(
"/\<div\>\<\/div\>/i",
"/\<a\s+href\=\"([^\>]+?)\"\>/i"
), array(
'',
'<a href="\\1" target="_blank">'
), $POST['message']);
}
$message = $POST['message'];
if(censormod($message) || censormod($POST['subject']) || $_G['group']['allowblogmod']) {
$blog_status = 1;
} else {
$blog_status = 0;
}
if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) {
if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') {
$classname = dhtmlspecialchars(trim(substr($POST['classid'], 4)));
$classname = getstr($classname);
$classname = censor($classname);
if(empty($classname)) {
$classid = 0;
} else {
$classid = C::t('home_class')->fetch_classid_by_uid_classname($_G['uid'], $classname);
if(empty($classid)) {
$setarr = array(
'classname' => $classname,
'uid' => $_G['uid'],
'dateline' => $_G['timestamp']
);
$classid = C::t('home_class')->insert($setarr, true);
}
}
} else {
$classid = intval($POST['classid']);
}
} else {
$classid = $olds['classid'];
}
if($classid && empty($classname)) {
$query = C::t('home_class')->fetch($classid);
$classname = ($query['uid'] == $_G['uid']) ? $query['classname'] : '';
if(empty($classname)) $classid = 0;
}
$blogarr = array(
'subject' => $POST['subject'],
'classid' => $classid,
'friend' => $POST['friend'],
'password' => $POST['password'],
'noreply' => empty($POST['noreply'])?0:1,
'catid' => intval($POST['catid']),
'status' => $blog_status,
);
$titlepic = '';
$uploads = array();
if(!empty($POST['picids'])) {
$picids = array_keys($POST['picids']);
$query = C::t('home_pic')->fetch_all_by_uid($_G['uid'], 0, 0, $picids);
foreach($query as $value) {
if(empty($titlepic) && $value['thumb']) {
$titlepic = getimgthumbname($value['filepath']);
$blogarr['picflag'] = $value['remote']?2:1;
}
$picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0);
$uploads[md5($picurl)] = $value;
}
if(empty($titlepic) && $value) {
$titlepic = $value['filepath'];
$blogarr['picflag'] = $value['remote']?2:1;
}
}
if($uploads) {
$albumid = 0;
if($POST['savealbumid'] < 0 && !empty($POST['newalbum'])) {
$albumname = addslashes(dhtmlspecialchars(trim($POST['newalbum'])));
if(empty($albumname)) $albumname = dgmdate($_G['timestamp'],'Ymd');
$albumarr = array('albumname' => $albumname);
$albumid = album_creat($albumarr);
} else {
$albumid = $POST['savealbumid'] < 0 ? 0 : intval($POST['savealbumid']);
}
if($albumid) {
C::t('home_pic')->update_for_uid($_G['uid'], $picids, array('albumid' => $albumid));
album_update_pic($albumid);
}
preg_match_all("/\s*\<img src=\"(.+?)\".*?\>\s*/is", $message, $mathes);
if(!empty($mathes[1])) {
foreach ($mathes[1] as $key => $value) {
$urlmd5 = md5($value);
if(!empty($uploads[$urlmd5])) {
unset($uploads[$urlmd5]);
}
}
}
foreach ($uploads as $value) {
$picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0);
$message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>";
}
}
$ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\ \;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message);
if(empty($ckmessage)) {
return false;
}
if(checkperm('manageblog')) {
$blogarr['hot'] = intval($POST['hot']);
}
if($olds['blogid']) {
if($blogarr['catid'] != $olds['catid']) {
if($olds['catid']) {
C::t('home_blog_category')->update_num_by_catid(-1, $olds['catid'], true, true);
}
if($blogarr['catid']) {
C::t('home_blog_category')->update_num_by_catid(1, $blogarr['catid']);
}
}
$blogid = $olds['blogid'];
C::t('home_blog')->update($blogid, $blogarr);
$fuids = array();
$blogarr['uid'] = $olds['uid'];
$blogarr['username'] = $olds['username'];
} else {
if($blogarr['catid']) {
C::t('home_blog_category')->update_num_by_catid(1, $blogarr['catid']);
}
$blogarr['uid'] = $_G['uid'];
$blogarr['username'] = $_G['username'];
$blogarr['dateline'] = empty($POST['dateline'])?$_G['timestamp']:$POST['dateline'];
$blogid = C::t('home_blog')->insert($blogarr, true);
C::t('common_member_status')->update($_G['uid'], array('lastpost' => $_G['timestamp']));
C::t('common_member_field_home')->update($_G['uid'], array('recentnote'=>$POST['subject']));
}
$blogarr['blogid'] = $blogid;
$class_tag = new tag();
$POST['tag'] = $olds ? $class_tag->update_field($POST['tag'], $blogid, 'blogid') : $class_tag->add_tag($POST['tag'], $blogid, 'blogid');
$fieldarr = array(
'message' => $message,
'postip' => $_G['clientip'],
'target_ids' => $POST['target_ids'],
'tag' => $POST['tag']
);
if(!empty($titlepic)) {
$fieldarr['pic'] = $titlepic;
}
if($olds) {
C::t('home_blogfield')->update($blogid, $fieldarr);
} else {
$fieldarr['blogid'] = $blogid;
$fieldarr['uid'] = $blogarr['uid'];
C::t('home_blogfield')->insert($fieldarr);
}
if($isself && !$olds && $blog_status == 0) {
updatecreditbyaction('publishblog', 0, array('blogs' => 1));
include_once libfile('function/stat');
updatestat('blog');
}
if($olds['blogid'] && $blog_status == 1) {
updatecreditbyaction('publishblog', 0, array('blogs' => -1), '', -1);
include_once libfile('function/stat');
updatestat('blog');
}
if($POST['makefeed'] && $blog_status == 0) {
include_once libfile('function/feed');
feed_publish($blogid, 'blogid', $olds?0:1);
}
if(!empty($__G)) $_G = $__G;
if($blog_status == 1) {
updatemoderate('blogid', $blogid);
manage_addnotify('verifyblog');
}
return $blogarr;
}
function parse_keyword($keywords, $string = false, $filter = true)
{
if ($keywords == '') {
return $string === true ? '' : array();
}
$return = array();
if ($filter === true) {
$keywords = str_replace(array(chr(0xa3) . chr(0xac), chr(0xa1) . chr(0x41), chr(0xef) . chr(0xbc) . chr(0x8c)), ',', censor($keywords));
}
if (strexists($keywords, ',')) {
$tagarray = array_unique(explode(',', $keywords));
} else {
$langcore = lang('core');
$keywords = str_replace($langcore['fullblankspace'], ' ', $keywords);
$tagarray = array_unique(explode(' ', $keywords));
}
$tagcount = 0;
foreach ($tagarray as $tagname) {
$tagname = trim($tagname);
if (preg_match('/^([\\x7f-\\xff_-]|\\w|\\s){3,20}$/', $tagname)) {
$tagcount++;
$return[] = $tagname;
if ($tagcount > 4) {
unset($tagarray);
break;
}
}
}
if ($string === true) {
$return = implode(',', $return);
}
return $return;
}
showmessage('forum_nopermission', NULL, 'NOPERM');
}
}
if (!$forum['ismoderator'] || !$alloweditpost || in_array($orig['adminid'], array(1, 2, 3)) && $adminid > $orig['adminid']) {
showmessage('post_edit_nopermission', NULL, 'HALTED');
}
if (!submitcheck('editmessagesubmit', 1)) {
include template('modcp_editpost');
exit;
} else {
require_once DISCUZ_ROOT . './include/discuzcode.func.php';
if ($do == 'notupdate') {
$message = $orig['message'];
$message = discuzcode($message, 0, 0, 0, $forum['allowsmilies'], $forum['allowbbcode'], $forum['allowimgcode'] && $showimages ? 1 : 0, $forum['allowhtml'], 0, 0, $orig['authorid']);
showmessage(stripslashes($message));
} else {
$message = censor(trim($message));
if (!$disablepostctrl) {
if ($maxpostsize && strlen($message) > $maxpostsize) {
showmessage('post_message_toolong');
} elseif ($minpostsize && strlen(preg_replace("/\\[quote\\].+?\\[\\/quote\\]/is", '', $message)) < $minpostsize) {
showmessage('post_message_tooshort');
}
}
$query = $db->query("UPDATE {$tablepre}posts SET message='{$message}' WHERE pid='{$pid}'");
$message = discuzcode($message, 0, 0, 0, $forum['allowsmilies'], $forum['allowbbcode'], $forum['allowimgcode'] && $showimages ? 1 : 0, $forum['allowhtml'], 0, 0, $orig['authorid']);
showmessage(stripslashes($message));
}
}
}
include template('modcp_editpost');
$fid = intval($_GET['fid']);
$uid = intval($_GET['uid']);
$default_url = array('user' => 'home.php?mod=space&uid=', 'post' => 'forum.php?mod=redirect&goto=findpost&ptid=' . $tid . '&pid=', 'thread' => 'forum.php?mod=viewthread&tid=', 'group' => 'forum.php?mod=group&fid=', 'album' => 'home.php?mod=space&do=album&uid=' . $uid . '&id=', 'blog' => 'home.php?mod=space&do=blog&uid=' . $uid . '&id=', 'pic' => 'home.php?mod=space&do=album&uid=' . $uid . '&picid=');
$url = '';
if ($rid && !empty($default_url[$rtype])) {
$url = $default_url[$rtype] . intval($rid);
} else {
$url = addslashes(dhtmlspecialchars(base64_decode($_GET['url'])));
$url = preg_match("/^http[s]?:\\/\\/[^\\[\"']+\$/i", trim($url)) ? trim($url) : '';
}
if (empty($url) || empty($_G['inajax'])) {
showmessage('report_parameters_invalid');
}
$urlkey = md5($url);
if (submitcheck('reportsubmit')) {
$message = censor(cutstr(dhtmlspecialchars(trim($_GET['message'])), 200, ''));
$message = $_G['username'] . ' : ' . rtrim($message, "\\");
if ($reportid = C::t('common_report')->fetch_by_urlkey($urlkey)) {
C::t('common_report')->update_num($reportid, $message);
} else {
$data = array('url' => $url, 'urlkey' => $urlkey, 'uid' => $_G['uid'], 'username' => $_G['username'], 'message' => $message, 'dateline' => TIMESTAMP);
if ($fid) {
$data['fid'] = $fid;
}
C::t('common_report')->insert($data);
$report_receive = unserialize($_G['setting']['report_receive']);
$moderators = array();
if ($report_receive['adminuser']) {
foreach ($report_receive['adminuser'] as $touid) {
notification_add($touid, 'report', 'new_report', array('from_id' => 1, 'from_idtype' => 'newreport'), 1);
}
C::t('portal_category')->increase($setarr['catid'], array('articles' => 1));
C::t('portal_category')->update($setarr['catid'], array('lastpublish' => TIMESTAMP));
C::t('portal_article_count')->insert(array('aid' => $aid, 'catid' => $setarr['catid'], 'viewnum' => 1));
} else {
if ($htmlname && $article['htmlname'] !== $htmlname) {
$setarr['htmlname'] = $htmlname;
$oldarticlename = $article['htmldir'] . $article['htmlname'];
unlink($oldarticlename . '.' . $_G['setting']['makehtml']['extendname']);
for ($i = 1; $i < $article['contents']; $i++) {
unlink($oldarticlename . $i . '.' . $_G['setting']['makehtml']['extendname']);
}
}
C::t('portal_article_title')->update($aid, $setarr);
}
$content = getstr($_POST['content'], 0, 0, 0, 0, 1);
$content = censor($content);
if (censormod($content) || $_G['group']['allowpostarticlemod']) {
$article_status = 1;
} else {
$article_status = 0;
}
$regexp = '/(\\<strong\\>##########NextPage(\\[title=(.*?)\\])?##########\\<\\/strong\\>)+/is';
preg_match_all($regexp, $content, $arr);
$pagetitle = !empty($arr[3]) ? $arr[3] : array();
$pagetitle = array_map('trim', $pagetitle);
array_unshift($pagetitle, $_POST['pagetitle']);
$contents = preg_split($regexp, $content);
$cpostcount = count($contents);
$dbcontents = C::t('portal_article_content')->fetch_all($aid);
$pagecount = $cdbcount = count($dbcontents);
if ($cdbcount > $cpostcount) {
$data->insert_query("comments", "'', {$id}, '{$check['id']}', 1, {$timestamp}, {$comment}, {$allowed}", "", "", false);
if (confirm('comment')) {
$page = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$page .= "?" . $_SERVER['QUERY_STRING'];
}
$comment = $data->select_fetch_one_row("comments", "WHERE uid='{$check['id']}' AND item_id={$id} AND date={$timestamp}");
confirmMail("comment", $comment);
show_message("The comment first needs to be reviewed before it will be visible", $page);
}
}
$sql = $data->select_query("comments", "WHERE item_id={$id} AND type=1 AND allowed = 1");
$numcom = $data->num_rows($sql);
$comments = array();
while ($temp = $data->fetch_array($sql)) {
$temp['comment'] = censor($temp['comment']);
$temp2 = $data->select_fetch_one_row("users", "WHERE id={$temp['uid']}", "uname");
$temp['uname'] = $temp2['uname'];
$comments[] = $temp;
}
$tpl->assign("numcom", $numcom);
$tpl->assign("com", $comments);
$tpl->assign("comviewallowed", get_auth('comviewallowed', 2));
$tpl->assign("compostallowed", get_auth('compostallowed', 2));
$scriptList['slimbox'] = 1;
$location = $view_album_name . " Photo Album";
}
} else {
if (!$inarticle) {
$add = get_auth('addphotoalbum') == 1 ? true : false;
$addlink = "index.php?page=addphotoalbum&menuid={$menuid}";
$allowpostimg = $_G['group']['allowpostimage'] && $imgexts;
$enctype = $_G['group']['allowpostattach'] || $_G['group']['allowpostimage'] ? 'enctype="multipart/form-data"' : '';
$maxattachsize_mb = $_G['group']['maxattachsize'] / 1048576 >= 1 ? round($_G['group']['maxattachsize'] / 1048576, 1) . 'MB' : round($_G['group']['maxattachsize'] / 1024) . 'KB';
$postcredits = $_G['forum']['postcredits'] ? $_G['forum']['postcredits'] : $_G['setting']['creditspolicy']['post'];
$replycredits = $_G['forum']['replycredits'] ? $_G['forum']['replycredits'] : $_G['setting']['creditspolicy']['reply'];
$digestcredits = $_G['forum']['digestcredits'] ? $_G['forum']['digestcredits'] : $_G['setting']['creditspolicy']['digest'];
$postattachcredits = $_G['forum']['postattachcredits'] ? $_G['forum']['postattachcredits'] : $_G['setting']['creditspolicy']['postattach'];
$_G['group']['maxprice'] = isset($_G['setting']['extcredits'][$_G['setting']['creditstrans']]) ? $_G['group']['maxprice'] : 0;
$extra = (!empty($_G['gp_extra']) ? rawurlencode($_G['gp_extra']) : '') . (!empty($_G['gp_from']) ? '&from=' . rawurlencode($_G['gp_from']) : '');
$notifycheck = empty($emailnotify) ? '' : 'checked="checked"';
$stickcheck = empty($sticktopic) ? '' : 'checked="checked"';
$digestcheck = empty($addtodigest) ? '' : 'checked="checked"';
$subject = isset($_G['gp_subject']) ? dhtmlspecialchars(censor(trim($_G['gp_subject']))) : '';
$subject = !empty($subject) ? str_replace("\t", ' ', $subject) : $subject;
$message = isset($_G['gp_message']) ? censor($_G['gp_message']) : '';
$polloptions = isset($polloptions) ? censor(trim($polloptions)) : '';
$readperm = isset($_G['gp_readperm']) ? intval($_G['gp_readperm']) : 0;
$price = isset($_G['gp_price']) ? intval($_G['gp_price']) : 0;
$_G['setting']['tagstatus'] = $_G['setting']['tagstatus'] && $_G['forum']['allowtag'] ? $_G['setting']['tagstatus'] == 2 ? 2 : $_G['forum']['allowtag'] : 0;
if (empty($bbcodeoff) && !$_G['group']['allowhidecode'] && !empty($message) && preg_match("/\\[hide=?\\d*\\].+?\\[\\/hide\\]/is", preg_replace("/(\\[code\\](.+?)\\[\\/code\\])/is", ' ', $message))) {
showmessage('post_hide_nopermission');
}
if (periodscheck('postmodperiods', 0)) {
$modnewthreads = $modnewreplies = 1;
} else {
$censormod = censormod($subject . "\t" . $message);
$modnewthreads = (!$_G['group']['allowdirectpost'] || $_G['group']['allowdirectpost'] == 1) && $_G['forum']['modnewposts'] || $censormod ? 1 : 0;
$modnewreplies = (!$_G['group']['allowdirectpost'] || $_G['group']['allowdirectpost'] == 2) && $_G['forum']['modnewposts'] == 2 || $censormod ? 1 : 0;
}
if ($_G['group']['allowposturl'] < 3 && $message) {
$urllist = get_url_list($message);
function threadsort_validator($sortoption)
{
global $checkoption, $var, $selectsortid, $fid, $tid, $pid;
$postaction = $tid && $pid ? "edit&tid={$tid}&pid={$pid}" : 'newthread';
$optiondata = array();
foreach ($checkoption as $var => $option) {
if ($checkoption[$var]['required'] && !$sortoption[$var]) {
showmessage('threadtype_required_invalid', "post.php?action={$postaction}&fid={$fid}&sortid={$selectsortid}");
} elseif ($sortoption[$var] && ($checkoption[$var]['type'] == 'number' && !is_numeric($sortoption[$var]) || $checkoption[$var]['type'] == 'email' && !isemail($sortoption[$var]))) {
showmessage('threadtype_format_invalid', "post.php?action={$postaction}&fid={$fid}&sortid={$selectsortid}");
} elseif ($sortoption[$var] && $checkoption[$var]['maxlength'] && strlen($typeoption[$var]) > $checkoption[$var]['maxlength']) {
showmessage('threadtype_toolong_invalid', "post.php?action={$postaction}&fid={$fid}&sortid={$selectsortid}");
} elseif ($sortoption[$var] && ($checkoption[$var]['maxnum'] && $sortoption[$var] >= $checkoption[$var]['maxnum'] || $checkoption[$var]['minnum'] && $sortoption[$var] < $checkoption[$var]['minnum'])) {
showmessage('threadtype_num_invalid', "post.php?action={$postaction}&fid={$fid}&sortid={$selectsortid}");
} elseif ($sortoption[$var] && $checkoption[$var]['unchangeable'] && !($tid && $pid)) {
showmessage('threadtype_unchangeable_invalid', "post.php?action={$postaction}&fid={$fid}&sortid={$selectsortid}");
}
if ($checkoption[$var]['type'] == 'checkbox') {
$sortoption[$var] = $sortoption[$var] ? implode("\t", $sortoption[$var]) : '';
} elseif ($checkoption[$var]['type'] == 'url') {
$sortoption[$var] = $sortoption[$var] ? substr(strtolower($sortoption[$var]), 0, 4) == 'www.' ? 'http://' . $sortoption[$var] : $sortoption[$var] : '';
}
$sortoption[$var] = dhtmlspecialchars(censor(trim($sortoption[$var])));
$optiondata[$checkoption[$var]['optionid']] = $sortoption[$var];
}
return $optiondata;
}
space_merge($space, 'field_home');
getuserdiydata($space);
$personalnv = isset($_G['blockposition']['nv']) ? $_G['blockposition']['nv'] : '';
if ($personalnv && !empty($_GET['show'])) {
$personalnv['nvhidden'] = 0;
}
}
if (submitcheck('blocksubmit')) {
$blockname = getstr($_GET['blockname'], 15, 0, 1);
if (check_ban_block($blockname, $space)) {
space_merge($space, 'field_home');
$blockdata = unserialize($space['blockposition']);
$title = getstr($_POST['blocktitle'], 50, 1, 1);
$blockdata['parameters'][$blockname]['title'] = $title;
if (in_array($blockname, array('block1', 'block2', 'block3', 'block4', 'block5'))) {
$content = censor(getstr($_POST['content'], 1000, 1, 0, 0, 1));
$blockdata['parameters'][$blockname]['content'] = stripslashes($content);
} elseif ($blockname == 'profile') {
$blockdata['parameters'][$blockname]['banavatar'] = in_array($_G['gp_avatar'], array('big', 'middle', 'small')) ? $_G['gp_avatar'] : 'middle';
} elseif ($blockname == 'statistic') {
$blockdata['parameters'][$blockname]['bancredits'] = $_G['gp_credits'] ? 0 : 1;
$blockdata['parameters'][$blockname]['banfriends'] = $_G['gp_friends'] ? 0 : 1;
$blockdata['parameters'][$blockname]['banthreads'] = $_G['gp_threads'] ? 0 : 1;
$blockdata['parameters'][$blockname]['banblogs'] = $_G['gp_blogs'] ? 0 : 1;
$blockdata['parameters'][$blockname]['banalbums'] = $_G['gp_albums'] ? 0 : 1;
$blockdata['parameters'][$blockname]['bansharings'] = $_G['gp_sharings'] ? 0 : 1;
$blockdata['parameters'][$blockname]['banviews'] = $_G['gp_views'] ? 0 : 1;
} elseif (in_array($blockname, array('personalinfo'))) {
} else {
$shownum = max(1, intval($_POST['shownum']));
if ($shownum <= 20) {
function addportalarticlecomment($id, $message, $idtype = 'aid')
{
global $_G;
$id = intval($id);
if (empty($id)) {
return 'comment_comment_noexist';
}
$message = getstr($message, $_G['group']['allowcommentarticle'], 0, 0, 1, 0);
if (strlen($message) < 2) {
return 'content_is_too_short';
}
$idtype = in_array($idtype, array('aid', 'topicid')) ? $idtype : 'aid';
$tablename = $idtype == 'aid' ? 'portal_article_title' : 'portal_topic';
$data = C::t($tablename)->fetch($id);
if (empty($data)) {
return 'comment_comment_noexist';
}
if ($data['allowcomment'] != 1) {
return 'comment_comment_notallowed';
}
$message = censor($message);
if (censormod($message)) {
$comment_status = 1;
} else {
$comment_status = 0;
}
$setarr = array('uid' => $_G['uid'], 'username' => $_G['username'], 'id' => $id, 'idtype' => $idtype, 'postip' => $_G['clientip'], 'dateline' => $_G['timestamp'], 'status' => $comment_status, 'message' => $message);
$pcid = C::t('portal_comment')->insert($setarr, true);
if ($comment_status == 1) {
updatemoderate($idtype . '_cid', $pcid);
$notifykey = $idtype == 'aid' ? 'verifyacommont' : 'verifytopiccommont';
manage_addnotify($notifykey);
}
$tablename = $idtype == 'aid' ? 'portal_article_count' : 'portal_topic';
C::t($tablename)->increase($id, array('commentnum' => 1));
C::t('common_member_status')->update($_G['uid'], array('lastpost' => $_G['timestamp']), 'UNBUFFERED');
if ($data['uid'] != $_G['uid']) {
updatecreditbyaction('portalcomment', 0, array(), $idtype . $id);
}
return 'do_success';
}
wapmsg('post_hide_nopermission');
}
if (!$adminid && $newbiespan && (!$lastpost || $timestamp - $lastpost < $newbiespan * 3600)) {
$regdate = $db->result_first("SELECT regdate FROM {$tablepre}members WHERE uid='{$discuz_uid}'");
if ($timestamp - $regdate < $newbiespan * 3600) {
showmessage('post_newbie_span');
}
}
$postcredits = $forum['postcredits'] ? $forum['postcredits'] : $creditspolicy['post'];
$replycredits = $forum['replycredits'] ? $forum['replycredits'] : $creditspolicy['reply'];
$modnewthreads = (!$allowdirectpost || $allowdirectpost == 1) && ($forum['modnewposts'] || !empty($censormod)) ? 1 : 0;
$modnewreplies = (!$allowdirectpost || $allowdirectpost == 2) && ($forum['modnewposts'] == 2 || !empty($censormod)) ? 1 : 0;
$subject = wapconvert($subject);
$subject = $subject != '' ? dhtmlspecialchars(censor(trim($subject))) : '';
$message = wapconvert($message);
$message = $message != '' ? censor(trim($message)) : '';
if ($do == 'newthread') {
$discuz_action = 195;
if (empty($forum['allowpost']) && (!$forum['postperm'] && !$allowpost || $forum['postperm'] && !forumperm($forum['postperm']))) {
wapmsg('post_newthread_nopermission');
}
if (empty($subject) || empty($message)) {
$typeselect = isset($forum['threadtypes']['required']) ? typeselect() : '';
echo "<p>" . ($typeselect ? "{$lang['type']}{$typeselect}<br />\n" : '') . "{$lang['subject']}<input type=\"text\" name=\"subject\" value=\"\" maxlength=\"80\" format=\"M*m\" /><br />\n" . "{$lang['message']}<input type=\"text\" name=\"message\" value=\"\" format=\"M*m\" /><br />\n" . "<anchor title=\"{$lang['submit']}\">{$lang['submit']}" . "<go method=\"post\" href=\"index.php?action=post&do=newthread&fid={$fid}&sid={$sid}\">\n" . "<postfield name=\"subject\" value=\"\$(subject)\" />\n" . "<postfield name=\"message\" value=\"\$(message)\" />\n" . "<postfield name=\"formhash\" value=\"" . formhash() . "\" />\n" . ($typeselect ? "<postfield name=\"typeid\" value=\"\$(typeid)\" />\n" : '') . "</go></anchor>\n<br /><br />" . "<a href=\"index.php?action=forum&fid={$fid}\">{$lang['return_forum']}</a></p>\n";
} else {
if ($post_invalid = checkpost()) {
wapmsg($post_invalid);
}
if ($formhash != formhash()) {
wapmsg('wap_submit_invalid');
}
} elseif (!$thread['isgroup'] && ($post_autoclose = checkautoclose($thread))) {
showmessage($post_autoclose, '', array('autoclose' => $_G['forum']['autoclose']));
} elseif (checkflood()) {
showmessage('post_flood_ctrl', '', array('floodctrl' => $_G['setting']['floodctrl']));
} elseif (checkmaxperhour('pid')) {
showmessage('post_flood_ctrl_posts_per_hour', '', array('posts_per_hour' => $_G['group']['maxpostsperhour']));
}
$commentscore = '';
if (!empty($_GET['commentitem']) && !empty($_G['uid']) && $post['authorid'] != $_G['uid']) {
foreach ($_GET['commentitem'] as $itemk => $itemv) {
if ($itemv !== '') {
$commentscore .= strip_tags(trim($itemk)) . ': <i>' . intval($itemv) . '</i> ';
}
}
}
$comment = cutstr(($commentscore ? $commentscore . '<br />' : '') . censor(trim(dhtmlspecialchars($_GET['message'])), '***'), 200, ' ');
if (!$comment) {
showmessage('post_sm_isnull');
}
$pcid = C::t('forum_postcomment')->insert(array('tid' => $post['tid'], 'pid' => $post['pid'], 'author' => $_G['username'], 'authorid' => $_G['uid'], 'dateline' => TIMESTAMP, 'comment' => $comment, 'score' => $commentscore ? 1 : 0, 'useip' => $_G['clientip'], 'port' => $_G['remoteport']), true);
C::t('forum_post')->update('tid:' . $_G['tid'], $_GET['pid'], array('comment' => 1));
$comments = $thread['comments'] ? $thread['comments'] + 1 : C::t('forum_postcomment')->count_by_tid($_G['tid']);
C::t('forum_thread')->update($_G['tid'], array('comments' => $comments));
!empty($_G['uid']) && updatepostcredits('+', $_G['uid'], 'reply', $_G['fid']);
if (!empty($_G['uid']) && $_G['uid'] != $post['authorid']) {
notification_add($post['authorid'], 'pcomment', 'comment_add', array('tid' => $_G['tid'], 'pid' => $_GET['pid'], 'subject' => $thread['subject'], 'from_id' => $_G['tid'], 'from_idtype' => 'pcomment', 'commentmsg' => cutstr(str_replace(array('[b]', '[/b]', '[/color]'), '', preg_replace("/\\[color=([#\\w]+?)\\]/i", "", $comment)), 200)));
}
update_threadpartake($post['tid']);
$pcid = C::t('forum_postcomment')->fetch_standpoint_by_pid($_GET['pid']);
$pcid = $pcid['id'];
if (!empty($_G['uid']) && $_GET['commentitem']) {
function threadsort_validator($sortoption, $pid)
{
global $_G, $var;
$postaction = $_G['tid'] && $pid ? "edit&tid={$_G['tid']}&pid={$pid}" : 'newthread';
$_G['forum_optiondata'] = array();
foreach ($_G['forum_checkoption'] as $var => $option) {
if ($_G['forum_checkoption'][$var]['required'] && !$sortoption[$var]) {
showmessage('threadtype_required_invalid', "forum.php?mod=post&action={$postaction}&fid={$_G['fid']}&sortid=" . $_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
} elseif ($sortoption[$var] && ($_G['forum_checkoption'][$var]['type'] == 'number' && !is_numeric($sortoption[$var]) || $_G['forum_checkoption'][$var]['type'] == 'email' && !isemail($sortoption[$var]))) {
showmessage('threadtype_format_invalid', "forum.php?mod=post&action={$postaction}&fid={$_G['fid']}&sortid=" . $_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
} elseif ($sortoption[$var] && $_G['forum_checkoption'][$var]['maxlength'] && strlen($typeoption[$var]) > $_G['forum_checkoption'][$var]['maxlength']) {
showmessage('threadtype_toolong_invalid', "forum.php?mod=post&action={$postaction}&fid={$_G['fid']}&sortid=" . $_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
} elseif ($sortoption[$var] && ($_G['forum_checkoption'][$var]['maxnum'] && $sortoption[$var] > $_G['forum_checkoption'][$var]['maxnum'] || $_G['forum_checkoption'][$var]['minnum'] && $sortoption[$var] < $_G['forum_checkoption'][$var]['minnum'])) {
showmessage('threadtype_num_invalid', "forum.php?mod=post&action={$postaction}&fid={$_G['fid']}&sortid=" . $_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
} elseif ($sortoption[$var] && $_G['forum_checkoption'][$var]['unchangeable'] && !($_G['tid'] && $pid)) {
showmessage('threadtype_unchangeable_invalid', "forum.php?mod=post&action={$postaction}&fid={$_G['fid']}&sortid=" . $_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
}
if ($_G['forum_checkoption'][$var]['type'] == 'checkbox') {
$sortoption[$var] = $sortoption[$var] ? implode("\t", $sortoption[$var]) : '';
} elseif ($_G['forum_checkoption'][$var]['type'] == 'url') {
$sortoption[$var] = $sortoption[$var] ? substr(strtolower($sortoption[$var]), 0, 4) == 'www.' ? 'http://' . $sortoption[$var] : $sortoption[$var] : '';
}
$sortoption[$var] = $_G['forum_checkoption'][$var]['type'] != 'image' ? dhtmlspecialchars(censor(trim($sortoption[$var]))) : addslashes(serialize($sortoption[$var]));
$_G['forum_optiondata'][$_G['forum_checkoption'][$var]['optionid']] = $sortoption[$var];
}
return $_G['forum_optiondata'];
}
if($timestamp - $regdate < $newbiespan * 3600) {
showmessage('post_newbie_span');
}
}
$postcredits = $forum['postcredits'] ? $forum['postcredits'] : $creditspolicy['post'];
$replycredits = $forum['replycredits'] ? $forum['replycredits'] : $creditspolicy['reply'];
$modnewthreads = (!$allowdirectpost || $allowdirectpost == 1) && ($forum['modnewposts'] || !empty($censormod)) ? 1 : 0;
$modnewreplies = (!$allowdirectpost || $allowdirectpost == 2) && ($forum['modnewposts'] == 2 || !empty($censormod)) ? 1 : 0;
$subject = wapconvert($subject);
$subject = ($subject != '') ? dhtmlspecialchars(censor(trim($subject))) : '';
$message = wapconvert($message);
$message = ($message != '') ? censor(trim($message)) : '';
if($do == 'newthread') {
$discuz_action = 195;
if(!$discuz_uid && !((!$forum['postperm'] && $allowpost) || ($forum['postperm'] && forumperm($forum['postperm'])))) {
wapmsg('post_newthread_nopermission');
} elseif(empty($forum['allowpost'])) {
if(!$forum['postperm'] && !$allowpost) {
wapmsg('post_newthread_nopermission');
} elseif($forum['postperm'] && !forumperm($forum['postperm'])) {
wapmsg('post_newthread_nopermission');
}
} elseif($forum['allowpost'] == -1) {
wapmsg('post_newthread_nopermission');