示例#1
0
 private function _userReportType($res, $rtype, $rid, $message)
 {
     global $_G;
     if ($rtype == 'post') {
         $tid = UserReport::getTidByPid($rid);
     }
     $fid = intval($_GET['fid']);
     $uid = intval($_GET['uid']);
     $message = WebUtils::t(rawurldecode($message));
     $default_url = array('user' => 'home.php?mod=space&uid=', 'post' => 'forum.php?mod=redirect&goto=findpost&ptid=' . $tid . '&pid=', 'thread' => 'forum.php?mod=viewthread&tid=', 'group' => 'forum.php?mod=group&fid=', 'album' => 'home.php?mod=space&do=album&uid=' . $uid . '&id=', 'blog' => 'home.php?mod=space&do=blog&uid=' . $uid . '&id=', 'pic' => 'home.php?mod=space&do=album&uid=' . $uid . '&picid=');
     $url = '';
     if ($rid && !empty($default_url[$rtype])) {
         $url = $default_url[$rtype] . intval($rid);
     } else {
         $url = addslashes(dhtmlspecialchars(base64_decode($_GET['url'])));
         $url = preg_match("/^http[s]?:\\/\\/[^\\[\"']+\$/i", trim($url)) ? trim($url) : '';
     }
     if (empty($url)) {
         $res = $this->makeErrorInfo($res, 'report_parameters_invalid');
     } else {
         $urlkey = md5($url);
         $message = censor(cutstr(dhtmlspecialchars(trim($message)), 200, ''));
         $message = $_G['username'] . ' : ' . rtrim($message, "\\");
         if ($reportid = C::t('common_report')->fetch_by_urlkey($urlkey)) {
             C::t('common_report')->update_num($reportid, $message);
         } else {
             $data = array('url' => $url, 'urlkey' => $urlkey, 'uid' => $_G['uid'], 'username' => $_G['username'], 'message' => $message, 'dateline' => TIMESTAMP);
             if ($fid) {
                 $data['fid'] = $fid;
             }
             C::t('common_report')->insert($data);
             $report_receive = unserialize($_G['setting']['report_receive']);
             $moderators = array();
             if ($report_receive['adminuser']) {
                 foreach ($report_receive['adminuser'] as $touid) {
                     notification_add($touid, 'report', 'new_report', array('from_id' => 1, 'from_idtype' => 'newreport'), 1);
                 }
             }
             if ($fid && $rtype == 'post') {
                 foreach (C::t('forum_moderator')->fetch_all_by_fid($fid, false) as $row) {
                     $moderators[] = $row['uid'];
                 }
                 if ($report_receive['supmoderator']) {
                     $moderators = array_unique(array_merge($moderators, $report_receive['supmoderator']));
                 }
                 foreach ($moderators as $touid) {
                     $touid != $_G['uid'] && !in_array($touid, $report_receive) && notification_add($touid, 'report', 'new_post_report', array('fid' => $fid, 'from_id' => 1, 'from_idtype' => 'newreport'), 1);
                 }
             }
         }
         $params['noError'] = 1;
         $res = $this->makeErrorInfo($res, 'report_succeed', $params);
     }
     return $res;
 }
示例#2
0
 function music_upload($file_name, &$space_left)
 {
     global $database, $url, $user;
     // SET KEY VARIABLES
     $file_maxsize = $user->level_info['level_music_maxsize'];
     $file_exts = explode(",", str_replace(" ", "", strtolower($user->level_info['level_music_exts'])));
     $file_types = explode(",", str_replace(" ", "", strtolower($user->level_info['level_music_mimes'])));
     $new_music = new se_upload();
     $new_music->new_upload($file_name, $file_maxsize, $file_exts, $file_types);
     // CHECK SPACE LEFT
     if ($new_music->file_size > $space_left) {
         $new_music->is_error = 4000087;
     } else {
         $space_left = $space_left - $file_filesize;
     }
     if (!$new_music->is_error) {
         // GENERATE TITLE
         $myId3 = new ID3($file_dest);
         if ($myId3->getInfo()) {
             $id3_artist = trim($myId3->getArtist());
             $id3_title = trim($myId3->getTitle());
             if ($id3_artist && $id3_title) {
                 $music_title = $id3_artist . ' - ' . $id3_title;
             }
         }
         if (!trim($music_title)) {
             $music_title = $new_music->file_name;
         }
         $music_title = security(censor($music_title));
         // INSERT ROW INTO MUSIC TABLE
         $time = time();
         $track_num = $database->database_fetch_array($database->database_query("SELECT music_track_num as track FROM se_music WHERE music_user_id = '{$this->user_id}' ORDER BY music_track_num DESC LIMIT 1"));
         $track_num = $track_num['track'] + 1;
         $database->database_query("\r\n        INSERT INTO se_music\r\n        (\r\n          music_user_id,\r\n          music_track_num,\r\n          music_date,\r\n          music_title,\r\n          music_ext,\r\n          music_filesize\r\n        )\r\n        VALUES\r\n        (\r\n          '{$this->user_id}',\r\n          '{$track_num}',\r\n          '{$time}',\r\n          '{$music_title}',\r\n          '{$new_music->file_ext}',\r\n          '{$new_music->file_size}'\r\n        )\r\n      ");
         $music_id = $database->database_insert_id();
         // MOVE UPLOADED FILE
         $file_dest = $url->url_userdir($user->user_info[user_id]) . $music_id . "." . $new_music->file_ext;
         $new_music->upload_file($file_dest);
     }
     // RETURN AND DELETE FROM DATABASE IF ERROR
     if ($new_music->is_error) {
         if ($music_id) {
             $database->database_query("DELETE FROM se_music WHERE music_id='{$music_id}' && music_user_id='{$this->user_id}'");
         }
         if ($file_dest) {
             @unlink($file_dest);
         }
         return array('is_error' => $new_music->is_error);
     }
     // RETURN FILE STATS
     return array('music_id' => $music_id, 'music_ext' => $new_music->file_ext, 'music_filesize' => $new_music->file_size, 'music_title' => $music_title);
 }
示例#3
0
function mobcent_threadsort_validator($sortoption, $pid)
{
    global $_G, $var;
    $postaction = $_G['tid'] && $pid ? "edit&tid={$_G['tid']}&pid={$pid}" : 'newthread';
    $_G['forum_optiondata'] = array();
    foreach ($_G['forum_checkoption'] as $var => $option) {
        if ($_G['forum_checkoption'][$var]['required'] && ($sortoption[$var] === '' && $_G['forum_checkoption'][$var]['type'] != 'number')) {
            return array('message' => 'threadtype_required_invalid', 'params' => array('{typetitle}' => $_G['forum_checkoption'][$var]['title']));
            //showmessage('threadtype_required_invalid', "forum.php?mod=post&action=$postaction&fid=$_G[fid]&sortid=".$_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
        } elseif ($sortoption[$var] && ($_G['forum_checkoption'][$var]['type'] == 'number' && !is_numeric($sortoption[$var]) || $_G['forum_checkoption'][$var]['type'] == 'email' && !isemail($sortoption[$var]))) {
            return array('message' => 'threadtype_required_invalid', 'params' => array('{typetitle}' => $_G['forum_checkoption'][$var]['title']));
            //showmessage('threadtype_format_invalid', "forum.php?mod=post&action=$postaction&fid=$_G[fid]&sortid=".$_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
        } elseif ($sortoption[$var] && $_G['forum_checkoption'][$var]['maxlength'] && strlen($sortoption[$var]) > $_G['forum_checkoption'][$var]['maxlength']) {
            return array('message' => 'threadtype_toolong_invalid', 'params' => array('{typetitle}' => $_G['forum_checkoption'][$var]['title']));
            // showmessage('threadtype_toolong_invalid', "forum.php?mod=post&action=$postaction&fid=$_G[fid]&sortid=".$_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
        } elseif ($sortoption[$var] && ($_G['forum_checkoption'][$var]['maxnum'] && $sortoption[$var] > $_G['forum_checkoption'][$var]['maxnum'] || $_G['forum_checkoption'][$var]['minnum'] && $sortoption[$var] < $_G['forum_checkoption'][$var]['minnum'])) {
            return array('message' => 'threadtype_num_invalid', 'params' => array('{typetitle}' => $_G['forum_checkoption'][$var]['title']));
            // showmessage('threadtype_num_invalid', "forum.php?mod=post&action=$postaction&fid=$_G[fid]&sortid=".$_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
        } elseif ($sortoption[$var] && $_G['forum_checkoption'][$var]['unchangeable'] && !($_G['tid'] && $pid)) {
            return array('message' => 'threadtype_unchangeable_invalid', 'params' => array('{typetitle}' => $_G['forum_checkoption'][$var]['title']));
            //showmessage('threadtype_unchangeable_invalid', "forum.php?mod=post&action=$postaction&fid=$_G[fid]&sortid=".$_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
        } elseif ($sortoption[$var] && $_G['forum_checkoption'][$var]['type'] == 'select') {
            if ($_G['forum_optionlist'][$_G['forum_checkoption'][$var]['optionid']]['choices'][$sortoption[$var]]['level'] != 1) {
                //判断下拉选择项的必填项是否填写,如果为多级连动选择客户端会发不出去帖子,注释此行
                //return array('message'=>'threadtype_select_invalid','params'=>array('{typetitle}' => $_G['forum_checkoption'][$var]['title']));
                // showmessage('threadtype_select_invalid', "forum.php?mod=post&action=$postaction&fid=$_G[fid]&sortid=".$_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
            }
        }
        if ($_G['forum_checkoption'][$var]['type'] == 'checkbox') {
            $sortoption[$var] = $sortoption[$var] ? implode("\t", $sortoption[$var]) : '';
        } elseif ($_G['forum_checkoption'][$var]['type'] == 'url') {
            $sortoption[$var] = $sortoption[$var] ? substr(strtolower($sortoption[$var]), 0, 4) == 'www.' ? 'http://' . $sortoption[$var] : $sortoption[$var] : '';
        }
        if ($_G['forum_checkoption'][$var]['type'] == 'image') {
            if ($sortoption[$var]['aid']) {
                $_GET['attachnew'][$sortoption[$var]['aid']] = $sortoption[$var];
            }
            $sortoption[$var] = serialize($sortoption[$var]);
        } elseif ($_G['forum_checkoption'][$var]['type'] == 'select') {
            $sortoption[$var] = censor(trim($sortoption[$var]));
        } else {
            $sortoption[$var] = dhtmlspecialchars(censor(trim($sortoption[$var])));
        }
        $_G['forum_optiondata'][$_G['forum_checkoption'][$var]['optionid']] = $sortoption[$var];
    }
    return $_G['forum_optiondata'];
}
示例#4
0
 public function add_tag($tags, $itemid, $idtype = 'tid', $returnarray = 0)
 {
     if ($tags == '' || !in_array($idtype, array('', 'tid', 'blogid', 'uid'))) {
         return;
     }
     $tags = str_replace(array(chr(0xa3) . chr(0xac), chr(0xa1) . chr(0x41), chr(0xef) . chr(0xbc) . chr(0x8c)), ',', censor($tags));
     if (strexists($tags, ',')) {
         $tagarray = array_unique(explode(',', $tags));
     } else {
         $langcore = lang('core');
         $tags = str_replace($langcore['fullblankspace'], ' ', $tags);
         $tagarray = array_unique(explode(' ', $tags));
     }
     $tagcount = 0;
     foreach ($tagarray as $tagname) {
         $tagname = trim($tagname);
         if (preg_match('/^([\\x7f-\\xff_-]|\\w|\\s){3,20}$/', $tagname)) {
             $status = $idtype != 'uid' ? 0 : 3;
             $result = C::t('common_tag')->get_bytagname($tagname, $idtype);
             if ($result['tagid']) {
                 if ($result['status'] == $status) {
                     $tagid = $result['tagid'];
                 }
             } else {
                 $tagid = C::t('common_tag')->insert($tagname, $status);
             }
             if ($tagid) {
                 if ($itemid) {
                     C::t('common_tagitem')->replace($tagid, $itemid, $idtype);
                 }
                 $tagcount++;
                 if (!$returnarray) {
                     $return .= $tagid . ',' . $tagname . "\t";
                 } else {
                     $return[$tagid] = $tagname;
                 }
             }
             if ($tagcount > 4) {
                 unset($tagarray);
                 break;
             }
         }
     }
     return $return;
 }
    $database->database_query("DELETE FROM se_notifys WHERE notify_user_id='{$user->user_info['user_id']}' AND notify_notifytype_id='1' AND notify_object_id='{$owner->user_info['user_id']}'");
    $status = "remove";
    $result = 914;
} elseif ($task == "cancel_do") {
    $user->user_friend_remove($owner->user_info['user_id']);
    $database->database_query("DELETE FROM se_notifys WHERE notify_user_id='{$owner->user_info['user_id']}' AND notify_notifytype_id='1' AND notify_object_id='{$user->user_info['user_id']}'");
    $status = "remove";
    $result = 920;
} elseif ($task == "remove_do") {
    $user->user_friend_remove($owner->user_info['user_id']);
    $status = "add";
    $result = 890;
} elseif ($task == "add_do") {
    $friend_type = $_POST['friend_type'];
    $friend_type_other = censor($_POST['friend_type_other']);
    $friend_explain = censor($_POST['friend_explain']);
    if (count($connection_types) == 0) {
        $friend_type = "";
    }
    if ($setting['setting_connection_other'] == 0) {
        $friend_type_other = "";
    }
    if ($setting['setting_connection_explain'] == 0) {
        $friend_explain = "";
    }
    if ($friend_type == "other_friendtype") {
        $friend_type = "";
    }
    if (trim($friend_type_other) != "") {
        $friend_type = $friend_type_other;
    }
    require_once libfile('function/spacecp');
    if (!$_G['collection']['ctid']) {
        showmessage('collection_permission_deny');
    }
    $waittime = interval_check('post');
    if ($waittime > 0) {
        showmessage('operating_too_fast', '', array('waittime' => $waittime), array('return' => true));
    }
    $memberrate = C::t('forum_collectioncomment')->fetch_rate_by_ctid_uid($_G['collection']['ctid'], $_G['uid']);
    if (!trim($_GET['message']) && (!$memberrate && !$_GET['ratescore'] || $memberrate)) {
        showmessage('collection_edit_checkentire');
    }
    if ($_G['setting']['maxpostsize'] && strlen($_GET['message']) > $_G['setting']['maxpostsize']) {
        showmessage('post_message_toolong', '', array('maxpostsize' => $_G['setting']['maxpostsize']));
    }
    $newcomment = array('ctid' => $_G['collection']['ctid'], 'uid' => $_G['uid'], 'username' => $_G['username'], 'message' => censor($_GET['message']), 'dateline' => $_G['timestamp'], 'useip' => $_G['clientip']);
    if (!$memberrate) {
        $newcomment['rate'] = $_GET['ratescore'];
    } else {
        $_GET['ratescore'] = 0;
    }
    C::t('forum_collectioncomment')->insert($newcomment);
    C::t('forum_collection')->update_by_ctid($_G['collection']['ctid'], 0, 0, 1, 0, $_GET['ratescore'], $_G['collection']['ratenum']);
    if ($_G['collection']['uid'] != $_G['uid']) {
        notification_add($_G['collection']['uid'], "system", 'collection_becommented', array('from_id' => $_G['collection']['ctid'], 'from_idtype' => 'collectioncomment', 'ctid' => $_G['collection']['ctid'], 'collectionname' => $_G['collection']['name']), 1);
    }
    C::t('common_member_status')->update($_G['uid'], array('lastpost' => TIMESTAMP), 'UNBUFFERED');
    showmessage('collection_comment_succ', $tid ? 'forum.php?mod=viewthread&tid=' . $tid : dreferer());
} elseif ($op == 'del') {
    if (!submitcheck('formhash')) {
        showmessage('undefined_action', NULL);
示例#7
0
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
**************************************************************************/
if (!defined('SCOUT_NUKE')) {
    die("You have accessed this page illegally, please go use the main menu");
}
$level = $check['level'];
$frontsql = $data->select_query("frontpage", "ORDER BY pos ASC");
$content = "";
while ($item = $data->fetch_array($frontsql)) {
    if ($item['type'] == 0) {
        if (get_auth($item['item'], 1) == 1) {
            $pagesql = $data->select_query("static_content", "WHERE id = '{$item['item']}' AND trash=0");
            $stuff = $data->fetch_array($pagesql);
            $content .= "<div class=\"frontpage\">" . censor($stuff['content']) . "</div>";
        }
    } elseif ($item['type'] == 1) {
        $funsql = $data->select_query("functions", "where id = '{$item['item']}'");
        $stuff = $data->fetch_array($funsql);
        if (get_auth($stuff['code'], 0) == 1) {
            if (file_exists($stuff['code'] . $phpex)) {
                include $stuff['code'] . $phpex;
            }
            if ($dbpage == true && isset($pagename) && $pagename != "" && $pagename != "frontpage") {
                $content .= "<div class=\"frontpage\">" . get_temp($pagename, $pagenum) . "</div>";
            }
        }
    }
    $content .= "<br />";
}
示例#8
0
     showmessage('operating_too_fast', '', 1, array($waittime));
 }
 cknewuser();
 if ($touid) {
     if (isblacklist($touid)) {
         showmessage('is_blacklist');
     }
 }
 if (submitcheck('pmsubmit')) {
     checklowerlimit('sendpm');
     $username = empty($_POST['username']) ? '' : $_POST['username'];
     $message = (!empty($_POST['messageappend']) ? $_POST['messageappend'] . "\n" : '') . trim($_POST['message']);
     if (empty($message)) {
         showmessage('unable_to_send_air_news');
     }
     $message = censor($message);
     loadcache(array('smilies', 'smileytypes'));
     foreach ($_G['cache']['smilies']['replacearray'] as $key => $smiley) {
         $_G['cache']['smilies']['replacearray'][$key] = '[img]' . $_G['siteurl'] . 'static/image/smiley/' . $_G['cache']['smileytypes'][$_G['cache']['smilies']['typearray'][$key]]['directory'] . '/' . $smiley . '[/img]';
     }
     $message = preg_replace($_G['cache']['smilies']['searcharray'], $_G['cache']['smilies']['replacearray'], $message);
     $subject = '';
     $return = 0;
     if ($touid) {
         $return = uc_pm_send($_G['uid'], $touid, $subject, $message, 1, $pmid, 0);
     } elseif ($username) {
         $newusers = array();
         $users = daddslashes(explode(',', dstripslashes($username)));
         if ($users) {
             $query = DB::query('SELECT uid, username FROM ' . DB::table('common_member') . " WHERE username IN (" . dimplode($users) . ')');
             while ($value = DB::fetch($query)) {
         cpmsg('members_email_illegal', '', 'error');
     } elseif ($ucresult == -5) {
         cpmsg('members_email_domain_illegal', '', 'error');
     } elseif ($ucresult == -6) {
         cpmsg('members_email_duplicate', '', 'error');
     }
 }
 if ($_GET['clearavatar']) {
     C::t('common_member' . $tableext)->update($_GET['uid'], array('avatarstatus' => 0));
     uc_user_deleteavatar($uid);
 }
 $creditsnew = intval($creditsnew);
 $regdatenew = strtotime($_GET['regdatenew']);
 $lastvisitnew = strtotime($_GET['lastvisitnew']);
 $secquesadd = $_GET['clearquestion'] ? ", secques=''" : '';
 $signaturenew = censor($_GET['signaturenew']);
 $sigstatusnew = $signaturenew ? 1 : 0;
 $sightmlnew = discuzcode($signaturenew, 1, 0, 0, 0, $member['allowsigbbcode'] ? $member['allowcusbbcode'] ? 2 : 1 : 0, $member['allowsigimgcode'], 0);
 $oltimenew = round($_GET['totalnew'] / 60);
 $fieldadd = '';
 $fieldarr = array();
 include_once libfile('function/profile');
 foreach ($_POST as $field_key => $field_val) {
     if (isset($fields[$field_key]) && (profile_check($field_key, $field_val) || $_G['adminid'] == 1)) {
         $fieldarr[$field_key] = $field_val;
     }
 }
 if ($_GET['deletefile'] && is_array($_GET['deletefile'])) {
     foreach ($_GET['deletefile'] as $key => $value) {
         if (isset($fields[$key]) && $_G['cache']['profilesetting'][$key]['formtype'] == 'file') {
             @unlink(getglobal('setting/attachdir') . './profile/' . $member[$key]);
示例#10
0
 $taobaonew = dhtmlspecialchars($taobaonew);
 $alipaynew = dhtmlspecialchars($alipaynew);
 $nicknamenew = $allownickname ? cutstr(censor(dhtmlspecialchars($nicknamenew)), 30) : '';
 $cstatusadd = $allowcstatus ? ', customstatus=\'' . cutstr(censor(dhtmlspecialchars($cstatusnew)), 30) . '\'' : '';
 $gendernew = empty($gendernew) ? 0 : intval($gendernew);
 $locationnew = cutstr(censor(dhtmlspecialchars($locationnew)), 30);
 if ($maxsigsize) {
     if (strlen($signaturenew) > $maxsigsize) {
         showmessage('profile_sig_toolong');
     }
 } else {
     $signaturenew = '';
 }
 $signaturenew = censor($signaturenew);
 $sigstatusnew = $signaturenew ? 1 : 0;
 $bionew = censor(dhtmlspecialchars($bionew));
 $sightmlnew = discuzcode(stripslashes($signaturenew), 1, 0, 0, 0, $allowsigbbcode, $allowsigimgcode, 0, 0, 1);
 $biohtmlnew = discuzcode(stripslashes($bionew), 1, 0, 0, 0, $allowbiobbcode, $allowbioimgcode, 0, 0, 1);
 if ($member['msn'][1]) {
     if (strpos(strtolower($sightmlnew), '[imme]') !== FALSE) {
         $sightmlnew = str_replace('[imme]', "<imme><a target='_blank' href='http://settings.messenger.live.com/Conversation/IMMe.aspx?invitee=" . $member['msn'][1] . "@apps.messenger.live.com&mkt=zh-cn' title='MSN'><img style='vertical-align:middle' src='http://messenger.services.live.com/users/" . $member['msn'][1] . "@apps.messenger.live.com/presenceimage?mkt=zh-cn' width='16' height='16' /></a></imme>", $sightmlnew);
     }
     if (strpos(strtolower($biohtmlnew), '[imme]') !== FALSE) {
         $biohtmlnew = str_replace('[imme]', "<imme><a target='_blank' href='http://settings.messenger.live.com/Conversation/IMMe.aspx?invitee=" . $member['msn'][1] . "@apps.messenger.live.com&mkt=zh-cn' title='MSN'><img style='vertical-align:middle' src='http://messenger.services.live.com/users/" . $member['msn'][1] . "@apps.messenger.live.com/presenceimage?mkt=zh-cn' width='16' height='16' /></a></imme>", $biohtmlnew);
     }
 }
 $sightmlnew = addslashes($sightmlnew);
 $biohtmlnew = addslashes($biohtmlnew);
 $membersql = "gender='{$gendernew}', bday='{$bdaynew}', sigstatus='{$sigstatusnew}'";
 $memberfieldsql = "nickname='{$nicknamenew}', site='{$sitenew}', location='{$locationnew}', icq='{$icqnew}', qq='{$qqnew}', yahoo='{$yahoonew}', msn='{$msnnew}', taobao='{$taobaonew}', alipay='{$alipaynew}', bio='{$biohtmlnew}', sightml='{$sightmlnew}' {$cstatusadd}";
 if ($_DCACHE['fields_required'] || $_DCACHE['fields_optional']) {
示例#11
0
 C::t('forum_post')->increase_rate_by_pid('tid:' . $_G['tid'], $_GET['pid'], $rate, $ratetimes);
 if ($post['first']) {
     $threadrate = intval(@($post['rate'] + $rate) / abs($post['rate'] + $rate));
     C::t('forum_thread')->update($_G['tid'], array('rate' => $threadrate));
 }
 require_once libfile('function/discuzcode');
 $sqlvalues = $comma = '';
 $sqlreason = censor(trim($_GET['reason']));
 $sqlreason = cutstr(dhtmlspecialchars($sqlreason), 40, '.');
 foreach ($creditsarray as $id => $addcredits) {
     $insertarr = array('pid' => $_GET['pid'], 'uid' => $_G['uid'], 'username' => $_G['username'], 'extcredits' => $id, 'dateline' => $_G['timestamp'], 'score' => $addcredits, 'reason' => $sqlreason);
     C::t('forum_ratelog')->insert($insertarr);
 }
 include_once libfile('function/post');
 $_G['forum']['threadcaches'] && @deletethreadcaches($_G['tid']);
 $reason = dhtmlspecialchars(censor(trim($reason)));
 if ($sendreasonpm) {
     $ratescore = $slash = '';
     foreach ($creditsarray as $id => $addcredits) {
         $ratescore .= $slash . $_G['setting']['extcredits'][$id]['title'] . ' ' . ($addcredits > 0 ? '+' . $addcredits : $addcredits) . ' ' . $_G['setting']['extcredits'][$id]['unit'];
         $slash = ' / ';
     }
     sendreasonpm($post, 'rate_reason', array('tid' => $thread['tid'], 'pid' => $_GET['pid'], 'subject' => $thread['subject'], 'ratescore' => $ratescore, 'reason' => $reason, 'from_id' => 0, 'from_idtype' => 'rate'));
 }
 $logs = array();
 foreach ($creditsarray as $id => $addcredits) {
     $logs[] = dhtmlspecialchars("{$_G['timestamp']}\t{$_G[member][username]}\t{$_G['adminid']}\t{$post['author']}\t{$id}\t{$addcredits}\t{$_G['tid']}\t{$thread['subject']}\t{$reason}");
 }
 update_threadpartake($post['tid']);
 C::t('forum_postcache')->delete($_GET['pid']);
 writelog('ratelog', $logs);
示例#12
0
 public function before_editpost($parameters)
 {
     global $_G;
     $sortid = $parameters['sortid'];
     $isfirstpost = $this->post['first'] ? 1 : 0;
     if ($isfirstpost) {
         $parameters['typeid'] = isset($this->forum['threadtypes']['types'][$parameters['typeid']]) ? $parameters['typeid'] : 0;
         if (!$this->forum['ismoderator'] && !empty($this->forum['threadtypes']['moderators'][$this->thread['typeid']])) {
             $parameters['typeid'] = $this->thread['typeid'];
         }
         $parameters['sortid'] = isset($this->forum['threadsorts']['types'][$parameters['sortid']]) ? $parameters['sortid'] : 0;
         $typeexpiration = intval($_GET['typeexpiration']);
         if (!$parameters['typeid'] && $this->forum['threadtypes']['required'] && !$this->thread['special']) {
             showmessage('post_type_isnull');
         }
         if ($this->forum['threadsorts']['types'][$sortid] && $_G['forum_checkoption']) {
             $_G['forum_optiondata'] = threadsort_validator($_GET['typeoption'], $this->post['pid']);
         }
         $this->param['threadimageaid'] = 0;
         $this->param['threadimage'] = array();
         if ($this->forum['threadsorts']['types'][$parameters['sortid']] && $_G['forum_optiondata'] && is_array($_G['forum_optiondata'])) {
             $sql = $separator = $filedname = $valuelist = '';
             foreach ($_G['forum_optiondata'] as $optionid => $value) {
                 $value = censor(daddslashes($value));
                 if ($_G['forum_optionlist'][$optionid]['type'] == 'image') {
                     $identifier = $_G['forum_optionlist'][$optionid]['identifier'];
                     $newsortaid = intval($_GET['typeoption'][$identifier]['aid']);
                     if ($newsortaid && $_GET['oldsortaid'][$identifier] && $newsortaid != $_GET['oldsortaid'][$identifier]) {
                         $attach = C::t('forum_attachment_n')->fetch('tid:' . $this->thread['tid'], $_GET['oldsortaid'][$identifier]);
                         C::t('forum_attachment')->delete($_GET['oldsortaid'][$identifier]);
                         C::t('forum_attachment_n')->delete('tid:' . $this->thread['tid'], $_GET['oldsortaid'][$identifier]);
                         dunlink($attach);
                         $this->param['threadimageaid'] = $newsortaid;
                         convertunusedattach($newsortaid, $this->thread['tid'], $this->post['pid']);
                     }
                 } else {
                     if ($_G['forum_optionlist'][$optionid]['type'] == 'face') {
                         $identifier = $_G['forum_optionlist'][$optionid]['identifier'];
                         $newsortaid = intval($_GET['typeoption'][$identifier]['aid']);
                         if ($newsortaid && $_GET['oldsortaid'][$identifier] && $newsortaid != $_GET['oldsortaid'][$identifier]) {
                             $attach = C::t('forum_attachment_n')->fetch('tid:' . $this->thread['tid'], $_GET['oldsortaid'][$identifier]);
                             C::t('forum_attachment')->delete($_GET['oldsortaid'][$identifier]);
                             C::t('forum_attachment_n')->delete('tid:' . $this->thread['tid'], $_GET['oldsortaid'][$identifier]);
                             dunlink($attach);
                             $this->param['threadimageaid'] = $newsortaid;
                             convertunusedattach($newsortaid, $this->thread['tid'], $this->post['pid']);
                         }
                     }
                 }
                 if ($_G['forum_optionlist'][$optionid]['unchangeable']) {
                     continue;
                 }
                 if (($_G['forum_optionlist'][$optionid]['search'] || in_array($_G['forum_optionlist'][$optionid]['type'], array('radio', 'select', 'number'))) && $value) {
                     $filedname .= $separator . $_G['forum_optionlist'][$optionid]['identifier'];
                     $valuelist .= $separator . "'{$value}'";
                     $sql .= $separator . $_G['forum_optionlist'][$optionid]['identifier'] . "='{$value}'";
                     $separator = ' ,';
                 }
                 C::t('forum_typeoptionvar')->update_by_tid($this->thread['tid'], array('value' => $value, 'sortid' => $parameters['sortid']), false, false, $optionid);
             }
             if ($typeexpiration) {
                 C::t('forum_typeoptionvar')->update_by_tid($this->thread['tid'], array('expiration' => TIMESTAMP + $typeexpiration), false, false, null, $parameters['sortid']);
             }
             if ($sql || $filedname && $valuelist) {
                 if (C::t('forum_optionvalue')->fetch_all_tid($parameters['sortid'], "WHERE tid='" . $this->thread['tid'] . "'")) {
                     if ($sql) {
                         C::t('forum_optionvalue')->update($parameters['sortid'], $this->thread['tid'], $this->forum['fid'], $sql);
                     }
                 } elseif ($filedname && $valuelist) {
                     C::t('forum_optionvalue')->insert($parameters['sortid'], "({$filedname}, tid, fid) VALUES ({$valuelist}, '" . $this->thread['tid'] . "', '" . $this->forum['fid'] . "')");
                 }
             }
         }
     }
 }
示例#13
0
     }
     if ($groupbanner) {
         $groupbanner = '<input type="checkbox" class="checkbox" name="deletebanner" value="yes" /> ' . $lang['delete'] . '<br /><img src="' . $groupbanner . '?' . random(6) . '" />';
     }
     showsetting('groups_editgroup_icon', 'iconnew', '', 'file', '', 0, $groupicon);
     showsetting('groups_editgroup_banner', 'bannernew', '', 'file', '', 0, $groupbanner);
     showsubmit('editsubmit');
     showtablefooter();
     showformfooter();
 } else {
     $_GET['jointypenew'] = intval($_GET['jointypenew']);
     $_GET['fupnew'] = intval($_GET['fupnew']);
     $_GET['gviewpermnew'] = intval($_GET['gviewpermnew']);
     require_once libfile('function/discuzcode');
     $_GET['descriptionnew'] = discuzcode(dhtmlspecialchars(censor(trim($_GET['descriptionnew']))), 0, 0, 0, 0, 1, 1, 0, 0, 1);
     $_GET['namenew'] = dhtmlspecialchars(censor(trim($_GET['namenew'])));
     $icondata = array();
     $iconnew = upload_icon_banner($group, $_FILES['iconnew'], 'icon');
     $bannernew = upload_icon_banner($group, $_FILES['bannernew'], 'banner');
     if ($iconnew) {
         $icondata['icon'] = $iconnew;
     }
     if ($bannernew) {
         $icondata['banner'] = $bannernew;
     }
     if ($_GET['deleteicon']) {
         @unlink($_G['setting']['attachurl'] . 'group/' . $group['icon']);
         $icondata['icon'] = '';
     }
     if ($_GET['deletebanner']) {
         @unlink($_G['setting']['attachurl'] . 'group/' . $group['banner']);
示例#14
0
            C::t('home_feed')->update($picid, array('hot' => $_POST['hot']), 'picid');
        }
        showmessage('do_success', dreferer());
    }
} elseif ($_GET['op'] == 'saveforumphoto') {
    if (submitcheck('savephotosubmit')) {
        $aid = intval($_GET['aid']);
        $albumid = intval($_POST['albumid']);
        if (!$aid) {
            showmessage('parameters_error');
        }
        $attach = C::t('forum_attachment_n')->fetch('aid:' . $aid, $aid);
        if (empty($attach) || $attach['uid'] != $_G['uid'] || !$attach['isimage']) {
            showmessage('parameters_error');
        }
        if ($albumid) {
            $album = C::t('home_album')->fetch($albumid, $_G['uid']);
            if (empty($album)) {
                showmessage('album_does_not_exist');
            }
        } else {
            $album = array('albumid' => 0);
        }
        $picdata = array('albumid' => $album['albumid'], 'uid' => $_G['uid'], 'username' => $_G['username'], 'dateline' => $attach['dateline'], 'postip' => $_G['clientip'], 'port' => $_G['remoteport'], 'filename' => censor($attach['filename']), 'title' => censor(cutstr(dhtmlspecialchars($attach['description']), 100)), 'type' => fileext($attach['attachment']), 'size' => $attach['filesize'], 'filepath' => $attach['attachment'], 'thumb' => $attach['thumb'], 'remote' => $attach['remote'] + 2);
        $picid = C::t('home_pic')->insert($picdata, 1);
        showmessage('do_success', dreferer(), array('picid' => $picid), array('showdialog' => true, 'showmsg' => true, 'closetime' => true));
    } else {
        $albumlist = C::t('home_album')->fetch_all_by_uid($_G['uid'], 'updatetime');
    }
}
include_once template("home/spacecp_album");
示例#15
0
function getblockhtml($blockname, $parameters = array())
{
    global $_G, $space;
    $parameters = empty($parameters) ? array() : $parameters;
    $list = array();
    $sql = $title = $html = $wheresql = $ordersql = $titlemore = $do = $view = $contentclassname = '';
    $contenttagname = 'div';
    $shownum = 6;
    $uid = intval($space['uid']);
    $shownum = empty($parameters['shownum']) ? $shownum : intval($parameters['shownum']);
    switch ($blockname) {
        case 'profile':
            $do = $blockname;
            $managehtml = '';
            $avatar = empty($parameters['banavatar']) ? 'middle' : $parameters['banavatar'];
            $html .= "<div class=\"hm\"><p><a href=\"home.php?mod=space&uid={$uid}\" target=\"__blank\">" . avatar($uid, $avatar) . '</a></p>';
            $html .= "<h2><a href=\"home.php?mod=space&uid={$uid}\" target=\"__blank\">" . $space['username'] . "</a></h2>";
            $html .= '</div><ul class="xl xl2 cl ul_list">';
            $magicinfo = $showmagicgift = false;
            if ($_G['setting']['magicstatus'] && $_G['setting']['magics']['gift']) {
                $showmagicgift = true;
                $magicinfo = !empty($space['magicgift']) ? unserialize($space['magicgift']) : array();
            }
            if ($space['self']) {
                $html .= '<li class="ul_diy"><a href="home.php?mod=space&diy=yes">' . lang('space', 'block_profile_diy') . '</a></li>';
                $html .= '<li class="ul_msg"><a href="home.php?mod=space&uid=' . $uid . '&do=wall">' . lang('space', 'block_profile_wall') . '</a></li>';
                $html .= '<li class="ul_avt"><a href="home.php?mod=spacecp&ac=avatar">' . lang('space', 'block_profile_avatar') . '</a></li>';
                $html .= '<li class="ul_profile"><a href="home.php?mod=spacecp&ac=profile">' . lang('space', 'block_profile_update') . '</a></li>';
                if ($showmagicgift) {
                    $html .= '<li class="ul_magicgift"><div style="' . 'background: url(' . STATICURL . 'image/magic/gift.small.gif) no-repeat 0 50%;' . '">';
                    if ($magicinfo) {
                        $html .= '<a onclick="showWindow(\'magicgift\', this.href, \'get\', 0)" href="home.php?mod=spacecp&ac=magic&op=retiregift">' . lang('magic/gift', 'gift_gc') . '</a>';
                    } else {
                        $html .= '<a onclick="showWindow(\'magicgift\', this.href, \'get\', 0)" href="home.php?mod=magic&mid=gift">' . lang('magic/gift', 'gift_use') . '</a>';
                    }
                    $html .= '</div></li>';
                }
            } else {
                require_once libfile('function/friend');
                $isfriend = friend_check($uid);
                if (!$isfriend) {
                    $html .= "<li class='ul_add'><a href=\"home.php?mod=spacecp&ac=friend&op=add&uid={$space['uid']}&handlekey=addfriendhk_{$space[uid]}\" id=\"a_friend_li_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">" . lang('space', 'block_profile_friend_add') . "</a></li>";
                } else {
                    $html .= "<li class='ul_ignore'><a href=\"home.php?mod=spacecp&ac=friend&op=ignore&uid={$space['uid']}&handlekey=ignorefriendhk_{$space[uid]}\" id=\"a_ignore_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">" . lang('space', 'block_profile_friend_ignore') . "</a></li>";
                }
                $html .= "<li class='ul_msg'><a href=\"home.php?mod=space&uid={$space['uid']}&do=wall\">" . lang('space', 'block_profile_wall_to_me') . "</a></li>";
                $html .= "<li class='ul_poke'><a href=\"home.php?mod=spacecp&ac=poke&op=send&uid={$space['uid']}&handlekey=propokehk_{$space[uid]}\" id=\"a_poke_{$space[uid]}\" onclick=\"showWindow(this.id, this.href, 'get', 0);\">" . lang('space', 'block_profile_poke') . "</a></li>";
                $html .= "<li class='ul_pm'><a href=\"home.php?mod=spacecp&ac=pm&op=showmsg&handlekey=showmsg_{$space['uid']}&touid={$space['uid']}&pmid=0&daterange=2\" id=\"a_sendpm_{$space['uid']}\" onclick=\"showWindow('showMsgBox', this.href, 'get', 0)\">" . lang('space', 'block_profile_sendmessage') . "</a></li>";
            }
            $html .= '</ul>';
            $encodeusername = rawurlencode($space['username']);
            if (checkperm('allowbanuser')) {
                $managehtml .= '<li><a href="' . ($_G['adminid'] == 1 ? "admin.php?action=members&operation=ban&username={$encodeusername}&frames=yes" : "forum.php?mod=modcp&action=member&op=ban&uid={$space['uid']}") . '" id="usermanageli" onmouseover="showMenu(this.id)" class="showmenu" target="_blank">' . lang('home/template', 'member_manage') . '</a></li>';
            } elseif (checkperm('allowedituser')) {
                $managehtml .= '<li><a href="' . ($_G['adminid'] == 1 ? "admin.php?action=members&operation=search&username={$encodeusername}&submit=yes&frames=yes" : "forum.php?mod=modcp&action=member&op=edit&uid={$space['uid']}") . '" id="usermanageli" onmouseover="showMenu(this.id)" class="showmenu" target="_blank">' . lang('home/template', 'member_manage') . '</a></li>';
            }
            if ($_G['adminid'] == 1) {
                $managehtml .= "<li><a href=\"forum.php?mod=modcp&action=thread&op=post&do=search&searchsubmit=1&users={$encodeusername}\" id=\"umanageli\" onmouseover=\"showMenu(this.id)\" class=\"showmenu\">" . lang('home/template', 'content_manage') . "</a></li>";
            }
            if (!empty($managehtml)) {
                $html .= '<hr class="da mtn m0" /><ul class="ptn xl xl2 cl">' . $managehtml . '</ul><ul id="usermanageli_menu" class="p_pop" style="width: 80px; display:none;">';
                if (checkperm('allowbanuser')) {
                    $html .= '<li><a href="' . ($_G['adminid'] == 1 ? "admin.php?action=members&operation=ban&username={$encodeusername}&frames=yes" : "forum.php?mod=modcp&action=member&op=ban&uid={$space['uid']}") . '" target="_blank">' . lang('home/template', 'user_ban') . '</a></li>';
                }
                if (checkperm('allowedituser')) {
                    $html .= '<li><a href="' . ($_G['adminid'] == 1 ? "admin.php?action=members&operation=search&username={$encodeusername}&submit=yes&frames=yes" : "forum.php?mod=modcp&action=member&op=edit&uid={$space['uid']}") . '" target="_blank">' . lang('home/template', 'user_edit') . '</a></li>';
                }
                $html .= '</ul>';
                if ($_G['adminid'] == 1) {
                    $html .= '<ul id="umanageli_menu" class="p_pop" style="width: 80px; display:none;">';
                    $html .= '<li><a href="admin.php?action=threads&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_post') . '</a></li>';
                    $html .= '<li><a href="admin.php?action=doing&searchsubmit=1&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_doing') . '</a></li>';
                    $html .= '<li><a href="admin.php?action=blog&searchsubmit=1&uid=' . $uid . '" target="_blank">' . lang('space', 'manage_blog') . '</a></li>';
                    $html .= '<li><a href="admin.php?action=feed&searchsubmit=1&uid=' . $uid . '" target="_blank">' . lang('space', 'manage_feed') . '</a></li>';
                    $html .= '<li><a href="admin.php?action=album&searchsubmit=1&uid=' . $uid . '" target="_blank">' . lang('space', 'manage_album') . '</a></li>';
                    $html .= '<li><a href="admin.php?action=pic&searchsubmit=1&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_pic') . '</a></li>';
                    $html .= '<li><a href="admin.php?action=comment&searchsubmit=1&authorid=' . $uid . '" target="_blank">' . lang('space', 'manage_comment') . '</a></li>';
                    $html .= '<li><a href="admin.php?action=share&searchsubmit=1&uid=' . $uid . '" target="_blank">' . lang('space', 'manage_share') . '</a></li>';
                    $html .= '<li><a href="admin.php?action=threads&operation=group&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_group_threads') . '</a></li>';
                    $html .= '<li><a href="admin.php?action=prune&searchsubmit=1&operation=group&users=' . $encodeusername . '" target="_blank">' . lang('space', 'manage_group_prune') . '</a></li>';
                    $html .= '</ul>';
                }
            }
            if ($_G['setting']['magicstatus'] && $_G['setting']['magics']['gift']) {
                $info = !empty($space['magicgift']) ? unserialize($space['magicgift']) : array();
                if ($space['self']) {
                } elseif ($info) {
                    if ($info['left'] && !in_array($_G['uid'], (array) $info['receiver'])) {
                        $percredit = min($info['percredit'], $info['left']);
                        if ($info['credittype'] == 'credits') {
                            $credittype = lang('core', 'title_credit');
                        } else {
                            $extcredits = str_replace('extcredits', '', $info['credittype']);
                            $credittype = $_G['setting']['extcredits'][$extcredits]['title'];
                        }
                        $html .= '<div id="magicreceivegift">';
                        $html .= '<a onclick="showWindow(\'magicgift\', this.href, \'get\', 0)" href="home.php?mod=spacecp&ac=magic&op=receivegift&uid=' . $uid . '" title="' . lang('magic/gift', 'gift_receive_gift', array('percredit' => $percredit, 'credittype' => $credittype)) . '">';
                        $html .= '<img src="' . STATICURL . 'image/magic/gift.gif" alt="gift" />';
                        $html .= '</a>';
                        $html .= '</div>';
                    }
                }
            }
            $html = '<div id="pcd">' . $html . '</div>';
            break;
        case 'statistic':
            space_merge($space, 'count');
            $html .= '<p class="mbm xw1">';
            if (empty($parameters['banviews'])) {
                $html .= lang('space', 'space_views', array('views' => $space['views'] ? $space['views'] : '--'));
            }
            $html .= '</p><ul class="xl xl2 cl">';
            if (empty($parameters['bancredits'])) {
                $html .= "<li>" . lang('space', 'credits') . ': <a href="home.php?mod=spacecp&ac=credit">' . ($space['credits'] ? $space['credits'] : '--') . "</a></li>";
                foreach ($_G['setting']['extcredits'] as $extcreditid => $extcredit) {
                    $html .= "<li>" . $extcredit['img'] . $extcredit['title'] . ': <a href="home.php?mod=spacecp&ac=credit">' . ($space['extcredits' . $extcreditid] ? $space['extcredits' . $extcreditid] : '--') . '</a>';
                }
            }
            if (empty($parameters['banfriends'])) {
                $html .= "<li>" . lang('space', 'friends') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=friend&view=me&from=space">' . ($space['friends'] ? $space['friends'] : '--') . "</a></li>";
            }
            if (empty($parameters['banthreads']) && $_G['setting']['allowviewuserthread'] !== false || $_G['adminid'] == 1) {
                $html .= "<li>" . lang('space', 'threads') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=thread&view=me&from=space">' . ($space['threads'] ? $space['threads'] : '--') . "</a></li>";
            }
            if (empty($parameters['banblogs'])) {
                $html .= "<li>" . lang('space', 'blogs') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=blog&view=me&from=space">' . ($space['blogs'] ? $space['blogs'] : '--') . "</a></li>";
            }
            if (empty($parameters['banalbums'])) {
                $html .= "<li>" . lang('space', 'albums') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=album&view=me&from=space">' . ($space['albums'] ? $space['albums'] : '--') . "</a></li>";
            }
            if (empty($parameters['bansharings'])) {
                $html .= "<li>" . lang('space', 'sharings') . ': <a href="home.php?mod=space&uid=' . $uid . '&do=share&view=me&from=space">' . ($space['sharings'] ? $space['sharings'] : '--') . "</a></li>";
            }
            $html .= '</ul>';
            $html = '<div id="pcd">' . $html . '</div>';
            break;
        case 'doing':
            $do = $blockname;
            if (ckprivacy('doing', 'view')) {
                $dolist = array();
                $sql = "SELECT * FROM " . DB::table('home_doing') . " WHERE uid='{$uid}' ORDER BY dateline DESC LIMIT 0,{$shownum}";
                $query = DB::query($sql);
                while ($value = DB::fetch($query)) {
                    if ($value['status'] == 0 || $value['uid'] == $_G['uid']) {
                        $dolist[] = $value;
                    }
                }
                if ($dolist) {
                    foreach ($dolist as $dv) {
                        $doid = $dv['doid'];
                        $_G[gp_key] = $key = random(8);
                        $html .= "<li class=\"pbn bbda\">";
                        $html .= $dv['message'];
                        $html .= "&nbsp;<a href=\"home.php?mod=space&uid={$dv['uid']}&do=doing&view=me&from=space&doid={$dv['doid']}\" target=\"_blank\" class=\"xg1\">" . lang('space', 'block_doing_reply') . "</a>";
                        $html .= "</li>";
                    }
                } else {
                    $html .= "<p class=\"emp\">" . lang('space', 'block_doing_no_content') . "</p>";
                }
            } else {
                $html .= "<p class=\"emp\">" . lang('space', 'block_view_noperm') . "</p>";
            }
            $html = '<ul class="xl">' . $html . '</ul>';
            break;
        case 'blog':
            $do = $blockname;
            $query = DB::query("SELECT bf.*, b.* FROM " . DB::table('home_blog') . " b\r\n\t\t\t\tLEFT JOIN " . DB::table('home_blogfield') . " bf ON bf.blogid=b.blogid\r\n\t\t\t\tWHERE b.uid='{$uid}'\r\n\t\t\t\tORDER BY b.dateline DESC LIMIT 0,{$shownum}");
            while ($value = DB::fetch($query)) {
                if (ckfriend($value['uid'], $value['friend'], $value['target_ids'])) {
                    if ($value['pic']) {
                        $value['pic'] = pic_cover_get($value['pic'], $value['picflag']);
                    }
                    $value['message'] = $value['friend'] == 4 ? '' : getstr($value['message'], 150, 0, 0, 0, -1);
                    $html .= lang('space', 'blog_li', array('uid' => $value['uid'], 'blogid' => $value['blogid'], 'subject' => $value['subject'], 'date' => dgmdate($value['dateline'], 'Y-m-d')));
                    if (!isset($parameters['showmessage'])) {
                        $parameters['showmessage'] = true;
                    }
                    if ($parameters['showmessage']) {
                        if ($value['pic']) {
                            $html .= lang('space', 'blog_li_img', array('uid' => $value['uid'], 'blogid' => $value['blogid'], 'src' => $value['pic']));
                        }
                        $html .= "<dd>{$value['message']}</dd>";
                    }
                    $html .= lang('space', 'blog_li_ext', array('uid' => $value['uid'], 'blogid' => $value['blogid'], 'viewnum' => $value['viewnum'], 'replynum' => $value['replynum']));
                    $html .= "</dl>";
                } else {
                    $html .= '<p>' . lang('space', 'block_view_noperm') . '</p>';
                }
            }
            $more = $html ? '<p class="ptm" style="text-align: right;"><a href="home.php?mod=space&uid=' . $uid . '&do=blog&view=me&from=space">' . lang('space', 'viewmore') . '</a></p>' : '';
            $contentclassname = ' xld';
            $html = $html . $more;
            break;
        case 'album':
            $do = $blockname;
            if (ckprivacy('album', 'view')) {
                $query = DB::query("SELECT * FROM " . DB::table('home_album') . " WHERE uid='{$uid}' ORDER BY updatetime DESC LIMIT 0,{$shownum}");
                while ($value = DB::fetch($query)) {
                    if (ckfriend($value['uid'], $value['friend'], $value['target_ids'])) {
                        $value['pic'] = pic_cover_get($value['pic'], $value['picflag']);
                        $html .= lang('space', 'album_li', array('albumid' => $value['albumid'], 'src' => $value['pic'], 'albumname' => $value['albumname'], 'uid' => $value['uid'], 'picnum' => $value['picnum'], 'date' => dgmdate($value['updatetime'], 'n-j')));
                    }
                }
            } else {
                $html .= '<li>' . lang('space', 'block_view_noperm') . '</li>';
            }
            $html = '<ul class="ml mla cl">' . $html . '</ul>';
            break;
        case 'feed':
            $do = $blockname;
            if (!IS_ROBOT && ckprivacy('feed', 'view')) {
                require_once libfile('function/feed');
                $query = DB::query("SELECT * FROM " . DB::table('home_feed') . " WHERE uid='{$uid}' ORDER BY dateline DESC LIMIT 0,{$shownum}");
                while ($value = DB::fetch($query)) {
                    if (ckfriend($value['uid'], $value['friend'], $value['target_ids'])) {
                        $html .= mkfeedhtml(mkfeed($value));
                    }
                }
            }
            $contenttagname = 'ul';
            $contentclassname = ' el';
            $html = empty($html) ? '' : $html;
            break;
        case 'thread':
            $do = $blockname;
            if ($_G['setting']['allowviewuserthread'] !== false) {
                $fidsql = empty($_G['setting']['allowviewuserthread']) ? '' : " AND fid IN({$_G[setting][allowviewuserthread]}) ";
                $query = DB::query("SELECT * FROM " . DB::table('forum_thread') . " WHERE authorid='{$uid}' {$fidsql} AND displayorder>='0' ORDER BY tid DESC LIMIT 0,{$shownum}");
                while ($thread = DB::fetch($query)) {
                    if ($thread['author']) {
                        $html .= "<li><a href=\"forum.php?mod=viewthread&tid={$thread['tid']}\" target=\"_blank\">{$thread['subject']}</a></li>";
                    }
                }
            }
            $html = empty($html) ? '' : '<ul class="xl">' . $html . '</ul>';
            break;
        case 'friend':
            $do = $blockname;
            require_once libfile('function/friend');
            $friendlist = array();
            $friendlist = friend_list($uid, $shownum);
            $fuids = array_keys($friendlist);
            getonlinemember($fuids);
            foreach ($friendlist as $key => $value) {
                $classname = $_G['ols'][$value['fuid']] ? 'gol' : '';
                $html .= '<li><a href="home.php?mod=space&uid=' . $value['fuid'] . '" target="_blank"><em class="' . $classname . '"></em>' . avatar($value['fuid'], 'small') . '</a><p><a href="home.php?mod=space&uid=' . $value[fuid] . '" target="_blank">' . $value['fusername'] . '</a></p></li>';
            }
            $html = '<ul class="ml mls cl">' . $html . '</ul>';
            break;
        case 'visitor':
            $do = 'friend';
            $view = 'visitor';
            $query = DB::query("SELECT * FROM " . DB::table('home_visitor') . " WHERE uid='{$uid}' ORDER BY dateline DESC LIMIT 0,{$shownum}");
            $list = $fuids = array();
            while ($value = DB::fetch($query)) {
                $list[] = $value;
                $fuids[] = $value['vuid'];
            }
            getonlinemember($fuids);
            foreach ($list as $value) {
                $html .= "<li>";
                if ($value['vusername'] == '') {
                    $html .= lang('space', 'visitor_anonymity');
                } else {
                    $html .= lang('space', 'visitor_list', array('uid' => $value['vuid'], 'username' => $value['vusername'], 'class' => $_G['ols'][$value['vuid']] ? 'gol' : '', 'avatar' => avatar($value['vuid'], 'small')));
                }
                $html .= "<span class=\"xg2\">" . dgmdate($value['dateline'], 'u', '9999', 'Y-m-d') . "</span>";
                $html .= "</li>";
            }
            $html = '<ul class="ml mls cl">' . $html . '</ul>';
            break;
        case 'share':
            $do = $blockname;
            if (!IS_ROBOT && ckprivacy('share', 'view')) {
                require_once libfile('function/share');
                $query = DB::query("SELECT * FROM " . DB::table('home_share') . " WHERE uid='{$uid}' ORDER BY dateline DESC LIMIT 0,{$shownum}");
                while ($value = DB::fetch($query)) {
                    $value = mkshare($value);
                    $html .= '<li><em><a href="home.php?mod=space&uid=' . $value['uid'] . '&do=share&id=' . $value['sid'] . '">' . $value['title_template'] . '</a>(' . dgmdate($value['dateline'], 'u') . ')</em><div class="ec cl">';
                    if ($value['image']) {
                        $html .= '<a href="' . $value['image_link'] . '" target="_blank"><img src="' . $value['image'] . '" class="tn" alt="" /></a>';
                    }
                    $html .= '<div class="d">' . $value['body_template'] . '</div>';
                    if ($value['type'] == 'video') {
                        if (!empty($value['body_data']['imgurl'])) {
                            $html .= '<table class="mtm" title="' . lang('space', 'click_play') . '" onclick="javascript:showFlash(\'' . $value['body_data']['host'] . '\', \'' . $value['body_data']['flashvar'] . '\', this, \'' . $value['sid'] . '\');"><tr><td class="vdtn hm" style="background: url(' . $value['body_data']['imgurl'] . ') no-repeat"><img src="' . STATICURL . '/image/common/vds.png" alt="' . lang('space', 'click_play') . '" /></td></tr></table>';
                        } else {
                            $html .= "<img src=\"" . STATICURL . "/image/common/vd.gif\" alt=\"" . lang('space', 'click_play') . "\" onclick=\"javascript:showFlash('{$value['body_data']['host']}', '{$value['body_data']['flashvar']}', this, '{$value['sid']}');\" class=\"tn\" />";
                        }
                    } elseif ($value['type'] == 'music') {
                        $html .= "<img src=\"" . STATICURL . "/image/common/music.gif\" alt=\"" . lang('space', 'click_play') . "\" onclick=\"javascript:showFlash('music', '{$value['body_data']['musicvar']}', this, '{$value['sid']}');\" class=\"tn\" />";
                    } elseif ($value['type'] == 'flash') {
                        $html .= "<img src=\"" . STATICURL . "/image/common/flash.gif\" alt=\"" . lang('space', 'click_view') . "\" onclick=\"javascript:showFlash('flash', '{$value['body_data']['flashaddr']}', this, '{$value['sid']}');\" class=\"tn\" />";
                    }
                    if ($value['body_general']) {
                        $html .= '<div class="quote' . ($value['image'] ? 'z' : '') . "\"><blockquote>{$value['body_general']}</blockquote></div>";
                    }
                    $html .= '</div></li>';
                }
                $html = '<ul class="el">' . $html . '</ul>';
            }
            break;
        case 'wall':
            $do = $blockname;
            $walllist = array();
            if (ckprivacy('wall', 'view')) {
                $query = DB::query("SELECT * FROM " . DB::table('home_comment') . " WHERE id='{$uid}' AND idtype='uid' ORDER BY dateline DESC LIMIT 0,{$shownum}");
                while ($value = DB::fetch($query)) {
                    $value['message'] = strlen($value['message']) > 500 ? getstr($value['message'], 500, 0, 0, 0, -1) . ' ...' : $value['message'];
                    if ($value['status'] == 0 || $value['authorid'] == $_G['uid']) {
                        $walllist[] = $value;
                    }
                }
            }
            $html = '<div class="xld xlda el" id="comment_ul">';
            foreach ($walllist as $key => $value) {
                $op = '';
                if ($value['author']) {
                    $author_avatar = '<a href="home.php?mod=space&uid=' . $value['authorid'] . '" target="_blank">' . avatar($value['authorid'], 'small') . '</a>';
                    $author = '<a href="home.php?mod=space&uid=' . $value['authorid'] . '" id="author_' . $value['cid'] . '" target="_blank">' . $value['author'] . '</a>';
                } else {
                    $author_avatar = '<img src="static/image/magic/hidden.gif" alt="hidden" />';
                    $author = lang('space', 'hidden_username');
                }
                if ($value['authorid'] == $_G['uid']) {
                    $op .= lang('space', 'wall_edit', array('cid' => $value['cid']));
                }
                if ($value['authorid'] == $_G['uid'] || $space['self'] || checkperm('managecomment')) {
                    $op .= lang('space', 'wall_del', array('cid' => $value['cid']));
                }
                if ($value['authorid'] != $_G['uid'] && ($value['idtype'] != 'uid' || $space['self'])) {
                    $op .= lang('space', 'wall_reply', array('cid' => $value['cid']));
                }
                $moderate_need = $value['status'] == 1 ? lang('template', 'moderate_need') : '';
                $date = dgmdate($value['dateline'], 'u');
                $replacearr = array('author' => $author, 'author_avatar' => $author_avatar, 'moderated' => $moderate_need, 'cid' => $value['cid'], 'message' => $value['message'], 'date' => $date, 'op' => $op);
                $html .= lang('space', 'wall_li', $replacearr);
            }
            if (!empty($walllist)) {
                $html .= lang('space', 'wall_more', array('uid' => $uid));
            }
            $html .= '</div>';
            $html = lang('space', 'wall_form', array('uid' => $uid, 'FORMHASH' => FORMHASH)) . '<hr class="da mtm m0">' . $html;
            $titlemore = '<span class="y xw0"><a href="home.php?mod=space&uid=' . $uid . '&do=wall">' . lang('space', 'all') . '</a></span>';
            break;
        case 'group':
            $do = $blockname;
            $view = 'groupthread';
            require_once libfile('function/group');
            $grouplist = mygrouplist($uid, 'lastupdate', array('f.name', 'ff.icon'), $shownum);
            if (empty($grouplist)) {
                $grouplist = array();
            }
            foreach ($grouplist as $groupid => $group) {
                $group['groupid'] = $groupid;
                $html .= lang('space', 'group_li', $group);
            }
            $html = '<ul class="ml mls cl">' . $html . '</ul>';
            break;
        case 'music':
            if (!empty($parameters['mp3list'])) {
                $authcode = substr(md5($_G['authkey'] . $uid), 6, 16);
                $view = $_G['adminid'] == 1 && $_G['setting']['allowquickviewprofile'] ? '&view=admin' : '';
                $querystring = urlencode("home.php?mod=space&uid={$uid}&do=index&op=getmusiclist&hash={$authcode}{$view}&t=" . TIMESTAMP);
                $swfurl = STATICURL . 'image/common/mp3player.swf?config=' . $querystring;
                if (empty($parameters['config']['height']) && $parameters['config']['height'] !== 0) {
                    $parameters['config']['height'] = '200px';
                } else {
                    $parameters['config']['height'] .= 'px';
                }
                $html = "<script language=\"javascript\" type=\"text/javascript\">document.write(AC_FL_RunContent('id', 'mp3player', 'name', 'mp3player', 'devicefont', 'false', 'width', '100%', 'height', '" . $parameters['config']['height'] . "', 'src', '{$swfurl}', 'menu', 'false',  'allowScriptAccess', 'sameDomain', 'swLiveConnect', 'true', 'wmode', 'transparent'));</script>";
            } else {
                $html = lang('space', 'music_no_content');
            }
            $html = '<div class="ml mls cl">' . $html . '</div>';
            break;
        default:
            if ($space['self']) {
                $_G['space_group'] = $_G['group'];
            } elseif (empty($_G['space_group'])) {
                $_G['space_group'] = DB::fetch_first("SELECT * FROM " . DB::table('common_usergroup_field') . " WHERE groupid='{$space['groupid']}'");
            }
            require_once libfile('function/discuzcode');
            if ($_G['space_group']['allowspacediyimgcode']) {
                if (empty($_G['cache']['smilies']['loaded'])) {
                    loadcache(array('smilies', 'smileytypes'));
                    foreach ($_G['cache']['smilies']['replacearray'] as $skey => $smiley) {
                        $_G['cache']['smilies']['replacearray'][$skey] = '[img]' . $_G['siteurl'] . 'static/image/smiley/' . $_G['cache']['smileytypes'][$_G['cache']['smilies']['typearray'][$skey]]['directory'] . '/' . $smiley . '[/img]';
                    }
                    $_G['cache']['smilies']['loaded'] = 1;
                }
                $parameters['content'] = preg_replace($_G['cache']['smilies']['searcharray'], $_G['cache']['smilies']['replacearray'], censor(trim($parameters['content'])));
            }
            if ($_G['space_group']['allowspacediybbcode'] || $_G['space_group']['allowspacediyimgcode'] || $_G['space_group']['allowspacediyhtml']) {
                $parameters['content'] = discuzcode($parameters['content'], 1, 0, 1, 0, $_G['space_group']['allowspacediybbcode'], $_G['space_group']['allowspacediyimgcode'], $_G['space_group']['allowspacediyhtml']);
            } else {
                $parameters['content'] = dhtmlspecialchars($parameters['content']);
            }
            $parameters['content'] = nl2br($parameters['content']);
            if (empty($parameters['content'])) {
                $parameters['content'] = lang('space', $blockname);
            }
            $html .= $parameters['content'];
            break;
    }
    if ($_G['setting']['allowviewuserthread'] === false && $blockname == 'thread') {
        $html = '';
    } else {
        if (isset($parameters['title'])) {
            if (empty($parameters['title'])) {
                $title = '';
            } else {
                $view = $view === false ? '' : ($view == '' ? '&view=me' : '&view=' . $view);
                $bnamelink = $do ? '<a href="home.php?mod=space&uid=' . $uid . '&do=' . $do . $view . '">' . stripslashes($parameters['title']) . '</a>' : stripslashes($parameters['title']);
                $title = lang('space', 'block_title', array('bname' => $bnamelink, 'more' => $titlemore));
            }
        } else {
            $view = $view === false ? '' : ($view == '' ? '&view=me' : '&view=' . $view);
            $bnamelink = $do ? '<a href="home.php?mod=space&uid=' . $uid . '&do=' . $do . $view . '">' . getblockdata($blockname) . '</a>' : getblockdata($blockname);
            $title = lang('space', 'block_title', array('bname' => $bnamelink, 'more' => $titlemore));
        }
        $html = $title . '<' . $contenttagname . ' id="' . $blockname . '_content" class="content' . $contentclassname . '">' . $html . '</' . $contenttagname . '>';
    }
    return $html;
}
示例#16
0
function updateattach($modnewthreads, $tid, $pid, $attachnew, $attachupdate = array(), $uid = 0)
{
    global $_G;
    $thread = C::t('forum_thread')->fetch($tid);
    $uid = $uid ? $uid : $_G['uid'];
    if ($attachnew) {
        $newaids = array_keys($attachnew);
        $newattach = $newattachfile = $albumattach = array();
        foreach (C::t('forum_attachment_unused')->fetch_all($newaids) as $attach) {
            if ($attach['uid'] != $uid && !$_G['forum']['ismoderator']) {
                continue;
            }
            $attach['uid'] = $uid;
            $newattach[$attach['aid']] = daddslashes($attach);
            if ($attach['isimage']) {
                $newattachfile[$attach['aid']] = $attach['attachment'];
            }
        }
        if ($_G['setting']['watermarkstatus'] && empty($_G['forum']['disablewatermark']) || !$_G['setting']['thumbdisabledmobile']) {
            require_once libfile('class/image');
            $image = new image();
        }
        if (!empty($_GET['albumaid'])) {
            array_unshift($_GET['albumaid'], '');
            $_GET['albumaid'] = array_unique($_GET['albumaid']);
            unset($_GET['albumaid'][0]);
            foreach ($_GET['albumaid'] as $aid) {
                if (isset($newattach[$aid])) {
                    $albumattach[$aid] = $newattach[$aid];
                }
            }
        }
        foreach ($attachnew as $aid => $attach) {
            $update = array();
            $update['readperm'] = $_G['group']['allowsetattachperm'] ? $attach['readperm'] : 0;
            $update['price'] = $_G['group']['maxprice'] ? intval($attach['price']) <= $_G['group']['maxprice'] ? intval($attach['price']) : $_G['group']['maxprice'] : 0;
            $update['tid'] = $tid;
            $update['pid'] = $pid;
            $update['uid'] = $uid;
            $update['description'] = censor(cutstr(dhtmlspecialchars($attach['description']), 100));
            C::t('forum_attachment_n')->update('tid:' . $tid, $aid, $update);
            if (!$newattach[$aid]) {
                continue;
            }
            $update = array_merge($update, $newattach[$aid]);
            if (!empty($newattachfile[$aid])) {
                if ($_G['setting']['thumbstatus'] && $_G['forum']['disablethumb']) {
                    $update['thumb'] = 0;
                    @unlink($_G['setting']['attachdir'] . '/forum/' . getimgthumbname($newattachfile[$aid]));
                    if (!empty($albumattach[$aid])) {
                        $albumattach[$aid]['thumb'] = 0;
                    }
                } elseif (!$_G['setting']['thumbdisabledmobile']) {
                    $_daid = sprintf("%09d", $aid);
                    $dir1 = substr($_daid, 0, 3);
                    $dir2 = substr($_daid, 3, 2);
                    $dir3 = substr($_daid, 5, 2);
                    $dw = 320;
                    $dh = 320;
                    $thumbfile = 'image/' . $dir1 . '/' . $dir2 . '/' . $dir3 . '/' . substr($_daid, -2) . '_' . $dw . '_' . $dh . '.jpg';
                    $image->Thumb($_G['setting']['attachdir'] . '/forum/' . $newattachfile[$aid], $thumbfile, $dw, $dh, 'fixwr');
                    $dw = 720;
                    $dh = 720;
                    $thumbfile = 'image/' . $dir1 . '/' . $dir2 . '/' . $dir3 . '/' . substr($_daid, -2) . '_' . $dw . '_' . $dh . '.jpg';
                    $image->Thumb($_G['setting']['attachdir'] . '/forum/' . $newattachfile[$aid], $thumbfile, $dw, $dh, 'fixwr');
                }
                if ($_G['setting']['watermarkstatus'] && empty($_G['forum']['disablewatermark'])) {
                    $image->Watermark($_G['setting']['attachdir'] . '/forum/' . $newattachfile[$aid], '', 'forum');
                    $update['filesize'] = $image->imginfo['size'];
                }
            }
            if (!empty($_GET['albumaid']) && isset($albumattach[$aid])) {
                $newalbum = 0;
                if (!$_GET['uploadalbum']) {
                    require_once libfile('function/spacecp');
                    $_GET['uploadalbum'] = album_creat(array('albumname' => $_GET['newalbum']));
                    $newalbum = 1;
                }
                $picdata = array('albumid' => $_GET['uploadalbum'], 'uid' => $uid, 'username' => $_G['username'], 'dateline' => $albumattach[$aid]['dateline'], 'postip' => $_G['clientip'], 'filename' => censor($albumattach[$aid]['filename']), 'title' => censor(cutstr(dhtmlspecialchars($attach['description']), 100)), 'type' => fileext($albumattach[$aid]['attachment']), 'size' => $albumattach[$aid]['filesize'], 'filepath' => $albumattach[$aid]['attachment'], 'thumb' => $albumattach[$aid]['thumb'], 'remote' => $albumattach[$aid]['remote'] + 2);
                $update['picid'] = C::t('home_pic')->insert($picdata, 1);
                if ($newalbum) {
                    require_once libfile('function/home');
                    require_once libfile('function/spacecp');
                    album_update_pic($_GET['uploadalbum']);
                }
            }
            C::t('forum_attachment_n')->insert('tid:' . $tid, $update, false, true);
            C::t('forum_attachment')->update($aid, array('tid' => $tid, 'pid' => $pid, 'tableid' => getattachtableid($tid)));
            C::t('forum_attachment_unused')->delete($aid);
        }
        if (!empty($_GET['albumaid'])) {
            $albumdata = array('picnum' => C::t('home_pic')->check_albumpic($_GET['uploadalbum']), 'updatetime' => $_G['timestamp']);
            C::t('home_album')->update($_GET['uploadalbum'], $albumdata);
            require_once libfile('function/home');
            require_once libfile('function/spacecp');
            album_update_pic($_GET['uploadalbum']);
        }
        if ($newattach) {
            ftpupload($newaids, $uid);
        }
    }
    if (!$modnewthreads && $newattach && $uid == $_G['uid']) {
        updatecreditbyaction('postattach', $uid, array(), '', count($newattach), 1, $_G['fid']);
    }
    if ($attachupdate) {
        $attachs = C::t('forum_attachment_n')->fetch_all_by_id('tid:' . $tid, 'aid', array_keys($attachupdate));
        foreach ($attachs as $attach) {
            if (array_key_exists($attach['aid'], $attachupdate) && $attachupdate[$attach['aid']]) {
                dunlink($attach);
            }
        }
        $unusedattachs = C::t('forum_attachment_unused')->fetch_all($attachupdate);
        $attachupdate = array_flip($attachupdate);
        $unusedaids = array();
        foreach ($unusedattachs as $attach) {
            if ($attach['uid'] != $uid && !$_G['forum']['ismoderator']) {
                continue;
            }
            $unusedaids[] = $attach['aid'];
            $update = $attach;
            $update['dateline'] = TIMESTAMP;
            $update['remote'] = 0;
            unset($update['aid']);
            if ($attach['isimage'] && $_G['setting']['watermarkstatus'] && empty($_G['forum']['disablewatermark'])) {
                $image->Watermark($_G['setting']['attachdir'] . '/forum/' . $attach['attachment'], '', 'forum');
                $update['filesize'] = $image->imginfo['size'];
            }
            C::t('forum_attachment_n')->update('tid:' . $tid, $attachupdate[$attach['aid']], $update);
            @unlink($_G['setting']['attachdir'] . 'image/' . $attach['aid'] . '_100_100.jpg');
            C::t('forum_attachment_exif')->delete($attachupdate[$attach['aid']]);
            C::t('forum_attachment_exif')->update($attach['aid'], array('aid' => $attachupdate[$attach['aid']]));
            ftpupload(array($attachupdate[$attach['aid']]), $uid);
        }
        if ($unusedaids) {
            C::t('forum_attachment_unused')->delete($unusedaids);
        }
    }
    $attachcount = C::t('forum_attachment_n')->count_by_id('tid:' . $tid, $pid ? 'pid' : 'tid', $pid ? $pid : $tid);
    $attachment = 0;
    if ($attachcount) {
        if (C::t('forum_attachment_n')->count_image_by_id('tid:' . $tid, $pid ? 'pid' : 'tid', $pid ? $pid : $tid)) {
            $attachment = 2;
        } else {
            $attachment = 1;
        }
    } else {
        $attachment = 0;
    }
    C::t('forum_thread')->update($tid, array('attachment' => $attachment));
    C::t('forum_post')->update('tid:' . $tid, $pid, array('attachment' => $attachment), true);
    if (!$attachment) {
        C::t('forum_threadimage')->delete_by_tid($tid);
    }
    $_G['forum_attachexist'] = $attachment;
}
示例#17
0
function blog_post($POST, $olds=array()) {
	global $_G, $space;

	$isself = 1;
	if(!empty($olds['uid']) && $olds['uid'] != $_G['uid']) {
		$isself = 0;
		$__G = $_G;
		$_G['uid'] = $olds['uid'];
		$_G['username'] = addslashes($olds['username']);
	}

	$POST['subject'] = getstr(trim($POST['subject']), 80);
	$POST['subject'] = censor($POST['subject']);
	if(strlen($POST['subject'])<1) $POST['subject'] = dgmdate($_G['timestamp'], 'Y-m-d');
	$POST['friend'] = intval($POST['friend']);

	$POST['target_ids'] = '';
	if($POST['friend'] == 2) {
		$uids = array();
		$names = empty($_POST['target_names'])?array():explode(',', preg_replace("/(\s+)/s", ',', $_POST['target_names']));
		if($names) {
			$uids = C::t('common_member')->fetch_all_uid_by_username($names);
		}
		if(empty($uids)) {
			$POST['friend'] = 3;
		} else {
			$POST['target_ids'] = implode(',', $uids);
		}
	} elseif($POST['friend'] == 4) {
		$POST['password'] = trim($POST['password']);
		if($POST['password'] == '') $POST['friend'] = 0;
	}
	if($POST['friend'] !== 2) {
		$POST['target_ids'] = '';
	}
	if($POST['friend'] !== 4) {
		$POST['password'] == '';
	}

	$POST['tag'] = dhtmlspecialchars(trim($POST['tag']));
	$POST['tag'] = getstr($POST['tag'], 500);
	$POST['tag'] = censor($POST['tag']);

	$POST['message'] = checkhtml($POST['message']);
	if($_G['mobile']) {
		$POST['message'] = getstr($POST['message'], 0, 0, 0, 1);
		$POST['message'] = censor($POST['message']);
	} else {
		$POST['message'] = getstr($POST['message'], 0, 0, 0, 0, 1);
		$POST['message'] = censor($POST['message']);
		$POST['message'] = preg_replace(array(
			"/\<div\>\<\/div\>/i",
			"/\<a\s+href\=\"([^\>]+?)\"\>/i"
		), array(
			'',
			'<a href="\\1" target="_blank">'
		), $POST['message']);
	}
	$message = $POST['message'];
	if(censormod($message) || censormod($POST['subject']) || $_G['group']['allowblogmod']) {
		$blog_status = 1;
	} else {
		$blog_status = 0;
	}

	if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) {
		if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') {
			$classname = dhtmlspecialchars(trim(substr($POST['classid'], 4)));
			$classname = getstr($classname);
			$classname = censor($classname);
			if(empty($classname)) {
				$classid = 0;
			} else {
				$classid = C::t('home_class')->fetch_classid_by_uid_classname($_G['uid'], $classname);
				if(empty($classid)) {
					$setarr = array(
						'classname' => $classname,
						'uid' => $_G['uid'],
						'dateline' => $_G['timestamp']
					);
					$classid = C::t('home_class')->insert($setarr, true);
				}
			}
		} else {
			$classid = intval($POST['classid']);

		}
	} else {
		$classid = $olds['classid'];
	}
	if($classid && empty($classname)) {
		$query = C::t('home_class')->fetch($classid);
		$classname = ($query['uid'] == $_G['uid']) ? $query['classname'] : '';
		if(empty($classname)) $classid = 0;
	}

	$blogarr = array(
		'subject' => $POST['subject'],
		'classid' => $classid,
		'friend' => $POST['friend'],
		'password' => $POST['password'],
		'noreply' => empty($POST['noreply'])?0:1,
		'catid' => intval($POST['catid']),
		'status' => $blog_status,
	);

	$titlepic = '';

	$uploads = array();
	if(!empty($POST['picids'])) {
		$picids = array_keys($POST['picids']);
		$query = C::t('home_pic')->fetch_all_by_uid($_G['uid'], 0, 0, $picids);
		foreach($query as $value) {
			if(empty($titlepic) && $value['thumb']) {
				$titlepic = getimgthumbname($value['filepath']);
				$blogarr['picflag'] = $value['remote']?2:1;
			}
			$picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0);
			$uploads[md5($picurl)] = $value;
		}
		if(empty($titlepic) && $value) {
			$titlepic = $value['filepath'];
			$blogarr['picflag'] = $value['remote']?2:1;
		}
	}

	if($uploads) {
		$albumid = 0;
		if($POST['savealbumid'] < 0 && !empty($POST['newalbum'])) {
			$albumname = addslashes(dhtmlspecialchars(trim($POST['newalbum'])));
			if(empty($albumname)) $albumname = dgmdate($_G['timestamp'],'Ymd');
			$albumarr = array('albumname' => $albumname);
			$albumid = album_creat($albumarr);
		} else {
			$albumid = $POST['savealbumid'] < 0 ? 0 : intval($POST['savealbumid']);
		}
		if($albumid) {
			C::t('home_pic')->update_for_uid($_G['uid'], $picids, array('albumid' => $albumid));
			album_update_pic($albumid);
		}
		preg_match_all("/\s*\<img src=\"(.+?)\".*?\>\s*/is", $message, $mathes);
		if(!empty($mathes[1])) {
			foreach ($mathes[1] as $key => $value) {
				$urlmd5 = md5($value);
				if(!empty($uploads[$urlmd5])) {
					unset($uploads[$urlmd5]);
				}
			}
		}
		foreach ($uploads as $value) {
			$picurl = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote'], 0);
			$message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>";
		}
	}

	$ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\&nbsp\;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message);
	if(empty($ckmessage)) {
		return false;
	}


	if(checkperm('manageblog')) {
		$blogarr['hot'] = intval($POST['hot']);
	}

	if($olds['blogid']) {

		if($blogarr['catid'] != $olds['catid']) {
			if($olds['catid']) {
				C::t('home_blog_category')->update_num_by_catid(-1, $olds['catid'], true, true);
			}
			if($blogarr['catid']) {
				C::t('home_blog_category')->update_num_by_catid(1, $blogarr['catid']);
			}
		}

		$blogid = $olds['blogid'];
		C::t('home_blog')->update($blogid, $blogarr);

		$fuids = array();

		$blogarr['uid'] = $olds['uid'];
		$blogarr['username'] = $olds['username'];
	} else {

		if($blogarr['catid']) {
			C::t('home_blog_category')->update_num_by_catid(1, $blogarr['catid']);
		}

		$blogarr['uid'] = $_G['uid'];
		$blogarr['username'] = $_G['username'];
		$blogarr['dateline'] = empty($POST['dateline'])?$_G['timestamp']:$POST['dateline'];
		$blogid = C::t('home_blog')->insert($blogarr, true);

		C::t('common_member_status')->update($_G['uid'], array('lastpost' => $_G['timestamp']));
		C::t('common_member_field_home')->update($_G['uid'], array('recentnote'=>$POST['subject']));
	}

	$blogarr['blogid'] = $blogid;
	$class_tag = new tag();
	$POST['tag'] = $olds ? $class_tag->update_field($POST['tag'], $blogid, 'blogid') : $class_tag->add_tag($POST['tag'], $blogid, 'blogid');
	$fieldarr = array(
		'message' => $message,
		'postip' => $_G['clientip'],
		'target_ids' => $POST['target_ids'],
		'tag' => $POST['tag']
	);

	if(!empty($titlepic)) {
		$fieldarr['pic'] = $titlepic;
	}

	if($olds) {
		C::t('home_blogfield')->update($blogid, $fieldarr);
	} else {
		$fieldarr['blogid'] = $blogid;
		$fieldarr['uid'] = $blogarr['uid'];
		C::t('home_blogfield')->insert($fieldarr);
	}

	if($isself && !$olds && $blog_status == 0) {
		updatecreditbyaction('publishblog', 0, array('blogs' => 1));

		include_once libfile('function/stat');
		updatestat('blog');
	}

	if($olds['blogid'] && $blog_status == 1) {
		updatecreditbyaction('publishblog', 0, array('blogs' => -1), '', -1);
		include_once libfile('function/stat');
		updatestat('blog');
	}

	if($POST['makefeed'] && $blog_status == 0) {
		include_once libfile('function/feed');
		feed_publish($blogid, 'blogid', $olds?0:1);
	}

	if(!empty($__G)) $_G = $__G;
	if($blog_status == 1) {
		updatemoderate('blogid', $blogid);
		manage_addnotify('verifyblog');
	}
	return $blogarr;
}
function parse_keyword($keywords, $string = false, $filter = true)
{
    if ($keywords == '') {
        return $string === true ? '' : array();
    }
    $return = array();
    if ($filter === true) {
        $keywords = str_replace(array(chr(0xa3) . chr(0xac), chr(0xa1) . chr(0x41), chr(0xef) . chr(0xbc) . chr(0x8c)), ',', censor($keywords));
    }
    if (strexists($keywords, ',')) {
        $tagarray = array_unique(explode(',', $keywords));
    } else {
        $langcore = lang('core');
        $keywords = str_replace($langcore['fullblankspace'], ' ', $keywords);
        $tagarray = array_unique(explode(' ', $keywords));
    }
    $tagcount = 0;
    foreach ($tagarray as $tagname) {
        $tagname = trim($tagname);
        if (preg_match('/^([\\x7f-\\xff_-]|\\w|\\s){3,20}$/', $tagname)) {
            $tagcount++;
            $return[] = $tagname;
            if ($tagcount > 4) {
                unset($tagarray);
                break;
            }
        }
    }
    if ($string === true) {
        $return = implode(',', $return);
    }
    return $return;
}
示例#19
0
            showmessage('forum_nopermission', NULL, 'NOPERM');
        }
    }
    if (!$forum['ismoderator'] || !$alloweditpost || in_array($orig['adminid'], array(1, 2, 3)) && $adminid > $orig['adminid']) {
        showmessage('post_edit_nopermission', NULL, 'HALTED');
    }
    if (!submitcheck('editmessagesubmit', 1)) {
        include template('modcp_editpost');
        exit;
    } else {
        require_once DISCUZ_ROOT . './include/discuzcode.func.php';
        if ($do == 'notupdate') {
            $message = $orig['message'];
            $message = discuzcode($message, 0, 0, 0, $forum['allowsmilies'], $forum['allowbbcode'], $forum['allowimgcode'] && $showimages ? 1 : 0, $forum['allowhtml'], 0, 0, $orig['authorid']);
            showmessage(stripslashes($message));
        } else {
            $message = censor(trim($message));
            if (!$disablepostctrl) {
                if ($maxpostsize && strlen($message) > $maxpostsize) {
                    showmessage('post_message_toolong');
                } elseif ($minpostsize && strlen(preg_replace("/\\[quote\\].+?\\[\\/quote\\]/is", '', $message)) < $minpostsize) {
                    showmessage('post_message_tooshort');
                }
            }
            $query = $db->query("UPDATE {$tablepre}posts SET message='{$message}' WHERE pid='{$pid}'");
            $message = discuzcode($message, 0, 0, 0, $forum['allowsmilies'], $forum['allowbbcode'], $forum['allowimgcode'] && $showimages ? 1 : 0, $forum['allowhtml'], 0, 0, $orig['authorid']);
            showmessage(stripslashes($message));
        }
    }
}
include template('modcp_editpost');
示例#20
0
$fid = intval($_GET['fid']);
$uid = intval($_GET['uid']);
$default_url = array('user' => 'home.php?mod=space&uid=', 'post' => 'forum.php?mod=redirect&goto=findpost&ptid=' . $tid . '&pid=', 'thread' => 'forum.php?mod=viewthread&tid=', 'group' => 'forum.php?mod=group&fid=', 'album' => 'home.php?mod=space&do=album&uid=' . $uid . '&id=', 'blog' => 'home.php?mod=space&do=blog&uid=' . $uid . '&id=', 'pic' => 'home.php?mod=space&do=album&uid=' . $uid . '&picid=');
$url = '';
if ($rid && !empty($default_url[$rtype])) {
    $url = $default_url[$rtype] . intval($rid);
} else {
    $url = addslashes(dhtmlspecialchars(base64_decode($_GET['url'])));
    $url = preg_match("/^http[s]?:\\/\\/[^\\[\"']+\$/i", trim($url)) ? trim($url) : '';
}
if (empty($url) || empty($_G['inajax'])) {
    showmessage('report_parameters_invalid');
}
$urlkey = md5($url);
if (submitcheck('reportsubmit')) {
    $message = censor(cutstr(dhtmlspecialchars(trim($_GET['message'])), 200, ''));
    $message = $_G['username'] . '&nbsp;:&nbsp;' . rtrim($message, "\\");
    if ($reportid = C::t('common_report')->fetch_by_urlkey($urlkey)) {
        C::t('common_report')->update_num($reportid, $message);
    } else {
        $data = array('url' => $url, 'urlkey' => $urlkey, 'uid' => $_G['uid'], 'username' => $_G['username'], 'message' => $message, 'dateline' => TIMESTAMP);
        if ($fid) {
            $data['fid'] = $fid;
        }
        C::t('common_report')->insert($data);
        $report_receive = unserialize($_G['setting']['report_receive']);
        $moderators = array();
        if ($report_receive['adminuser']) {
            foreach ($report_receive['adminuser'] as $touid) {
                notification_add($touid, 'report', 'new_report', array('from_id' => 1, 'from_idtype' => 'newreport'), 1);
            }
示例#21
0
     C::t('portal_category')->increase($setarr['catid'], array('articles' => 1));
     C::t('portal_category')->update($setarr['catid'], array('lastpublish' => TIMESTAMP));
     C::t('portal_article_count')->insert(array('aid' => $aid, 'catid' => $setarr['catid'], 'viewnum' => 1));
 } else {
     if ($htmlname && $article['htmlname'] !== $htmlname) {
         $setarr['htmlname'] = $htmlname;
         $oldarticlename = $article['htmldir'] . $article['htmlname'];
         unlink($oldarticlename . '.' . $_G['setting']['makehtml']['extendname']);
         for ($i = 1; $i < $article['contents']; $i++) {
             unlink($oldarticlename . $i . '.' . $_G['setting']['makehtml']['extendname']);
         }
     }
     C::t('portal_article_title')->update($aid, $setarr);
 }
 $content = getstr($_POST['content'], 0, 0, 0, 0, 1);
 $content = censor($content);
 if (censormod($content) || $_G['group']['allowpostarticlemod']) {
     $article_status = 1;
 } else {
     $article_status = 0;
 }
 $regexp = '/(\\<strong\\>##########NextPage(\\[title=(.*?)\\])?##########\\<\\/strong\\>)+/is';
 preg_match_all($regexp, $content, $arr);
 $pagetitle = !empty($arr[3]) ? $arr[3] : array();
 $pagetitle = array_map('trim', $pagetitle);
 array_unshift($pagetitle, $_POST['pagetitle']);
 $contents = preg_split($regexp, $content);
 $cpostcount = count($contents);
 $dbcontents = C::t('portal_article_content')->fetch_all($aid);
 $pagecount = $cdbcount = count($dbcontents);
 if ($cdbcount > $cpostcount) {
示例#22
0
            $data->insert_query("comments", "'', {$id}, '{$check['id']}', 1, {$timestamp}, {$comment}, {$allowed}", "", "", false);
            if (confirm('comment')) {
                $page = $_SERVER['PHP_SELF'];
                if (isset($_SERVER['QUERY_STRING'])) {
                    $page .= "?" . $_SERVER['QUERY_STRING'];
                }
                $comment = $data->select_fetch_one_row("comments", "WHERE uid='{$check['id']}' AND item_id={$id} AND date={$timestamp}");
                confirmMail("comment", $comment);
                show_message("The comment first needs to be reviewed before it will be visible", $page);
            }
        }
        $sql = $data->select_query("comments", "WHERE item_id={$id} AND type=1 AND allowed = 1");
        $numcom = $data->num_rows($sql);
        $comments = array();
        while ($temp = $data->fetch_array($sql)) {
            $temp['comment'] = censor($temp['comment']);
            $temp2 = $data->select_fetch_one_row("users", "WHERE id={$temp['uid']}", "uname");
            $temp['uname'] = $temp2['uname'];
            $comments[] = $temp;
        }
        $tpl->assign("numcom", $numcom);
        $tpl->assign("com", $comments);
        $tpl->assign("comviewallowed", get_auth('comviewallowed', 2));
        $tpl->assign("compostallowed", get_auth('compostallowed', 2));
        $scriptList['slimbox'] = 1;
        $location = $view_album_name . " Photo Album";
    }
} else {
    if (!$inarticle) {
        $add = get_auth('addphotoalbum') == 1 ? true : false;
        $addlink = "index.php?page=addphotoalbum&amp;menuid={$menuid}";
示例#23
0
$allowpostimg = $_G['group']['allowpostimage'] && $imgexts;
$enctype = $_G['group']['allowpostattach'] || $_G['group']['allowpostimage'] ? 'enctype="multipart/form-data"' : '';
$maxattachsize_mb = $_G['group']['maxattachsize'] / 1048576 >= 1 ? round($_G['group']['maxattachsize'] / 1048576, 1) . 'MB' : round($_G['group']['maxattachsize'] / 1024) . 'KB';
$postcredits = $_G['forum']['postcredits'] ? $_G['forum']['postcredits'] : $_G['setting']['creditspolicy']['post'];
$replycredits = $_G['forum']['replycredits'] ? $_G['forum']['replycredits'] : $_G['setting']['creditspolicy']['reply'];
$digestcredits = $_G['forum']['digestcredits'] ? $_G['forum']['digestcredits'] : $_G['setting']['creditspolicy']['digest'];
$postattachcredits = $_G['forum']['postattachcredits'] ? $_G['forum']['postattachcredits'] : $_G['setting']['creditspolicy']['postattach'];
$_G['group']['maxprice'] = isset($_G['setting']['extcredits'][$_G['setting']['creditstrans']]) ? $_G['group']['maxprice'] : 0;
$extra = (!empty($_G['gp_extra']) ? rawurlencode($_G['gp_extra']) : '') . (!empty($_G['gp_from']) ? '&from=' . rawurlencode($_G['gp_from']) : '');
$notifycheck = empty($emailnotify) ? '' : 'checked="checked"';
$stickcheck = empty($sticktopic) ? '' : 'checked="checked"';
$digestcheck = empty($addtodigest) ? '' : 'checked="checked"';
$subject = isset($_G['gp_subject']) ? dhtmlspecialchars(censor(trim($_G['gp_subject']))) : '';
$subject = !empty($subject) ? str_replace("\t", ' ', $subject) : $subject;
$message = isset($_G['gp_message']) ? censor($_G['gp_message']) : '';
$polloptions = isset($polloptions) ? censor(trim($polloptions)) : '';
$readperm = isset($_G['gp_readperm']) ? intval($_G['gp_readperm']) : 0;
$price = isset($_G['gp_price']) ? intval($_G['gp_price']) : 0;
$_G['setting']['tagstatus'] = $_G['setting']['tagstatus'] && $_G['forum']['allowtag'] ? $_G['setting']['tagstatus'] == 2 ? 2 : $_G['forum']['allowtag'] : 0;
if (empty($bbcodeoff) && !$_G['group']['allowhidecode'] && !empty($message) && preg_match("/\\[hide=?\\d*\\].+?\\[\\/hide\\]/is", preg_replace("/(\\[code\\](.+?)\\[\\/code\\])/is", ' ', $message))) {
    showmessage('post_hide_nopermission');
}
if (periodscheck('postmodperiods', 0)) {
    $modnewthreads = $modnewreplies = 1;
} else {
    $censormod = censormod($subject . "\t" . $message);
    $modnewthreads = (!$_G['group']['allowdirectpost'] || $_G['group']['allowdirectpost'] == 1) && $_G['forum']['modnewposts'] || $censormod ? 1 : 0;
    $modnewreplies = (!$_G['group']['allowdirectpost'] || $_G['group']['allowdirectpost'] == 2) && $_G['forum']['modnewposts'] == 2 || $censormod ? 1 : 0;
}
if ($_G['group']['allowposturl'] < 3 && $message) {
    $urllist = get_url_list($message);
示例#24
0
function threadsort_validator($sortoption)
{
    global $checkoption, $var, $selectsortid, $fid, $tid, $pid;
    $postaction = $tid && $pid ? "edit&tid={$tid}&pid={$pid}" : 'newthread';
    $optiondata = array();
    foreach ($checkoption as $var => $option) {
        if ($checkoption[$var]['required'] && !$sortoption[$var]) {
            showmessage('threadtype_required_invalid', "post.php?action={$postaction}&fid={$fid}&sortid={$selectsortid}");
        } elseif ($sortoption[$var] && ($checkoption[$var]['type'] == 'number' && !is_numeric($sortoption[$var]) || $checkoption[$var]['type'] == 'email' && !isemail($sortoption[$var]))) {
            showmessage('threadtype_format_invalid', "post.php?action={$postaction}&fid={$fid}&sortid={$selectsortid}");
        } elseif ($sortoption[$var] && $checkoption[$var]['maxlength'] && strlen($typeoption[$var]) > $checkoption[$var]['maxlength']) {
            showmessage('threadtype_toolong_invalid', "post.php?action={$postaction}&fid={$fid}&sortid={$selectsortid}");
        } elseif ($sortoption[$var] && ($checkoption[$var]['maxnum'] && $sortoption[$var] >= $checkoption[$var]['maxnum'] || $checkoption[$var]['minnum'] && $sortoption[$var] < $checkoption[$var]['minnum'])) {
            showmessage('threadtype_num_invalid', "post.php?action={$postaction}&fid={$fid}&sortid={$selectsortid}");
        } elseif ($sortoption[$var] && $checkoption[$var]['unchangeable'] && !($tid && $pid)) {
            showmessage('threadtype_unchangeable_invalid', "post.php?action={$postaction}&fid={$fid}&sortid={$selectsortid}");
        }
        if ($checkoption[$var]['type'] == 'checkbox') {
            $sortoption[$var] = $sortoption[$var] ? implode("\t", $sortoption[$var]) : '';
        } elseif ($checkoption[$var]['type'] == 'url') {
            $sortoption[$var] = $sortoption[$var] ? substr(strtolower($sortoption[$var]), 0, 4) == 'www.' ? 'http://' . $sortoption[$var] : $sortoption[$var] : '';
        }
        $sortoption[$var] = dhtmlspecialchars(censor(trim($sortoption[$var])));
        $optiondata[$checkoption[$var]['optionid']] = $sortoption[$var];
    }
    return $optiondata;
}
示例#25
0
    space_merge($space, 'field_home');
    getuserdiydata($space);
    $personalnv = isset($_G['blockposition']['nv']) ? $_G['blockposition']['nv'] : '';
    if ($personalnv && !empty($_GET['show'])) {
        $personalnv['nvhidden'] = 0;
    }
}
if (submitcheck('blocksubmit')) {
    $blockname = getstr($_GET['blockname'], 15, 0, 1);
    if (check_ban_block($blockname, $space)) {
        space_merge($space, 'field_home');
        $blockdata = unserialize($space['blockposition']);
        $title = getstr($_POST['blocktitle'], 50, 1, 1);
        $blockdata['parameters'][$blockname]['title'] = $title;
        if (in_array($blockname, array('block1', 'block2', 'block3', 'block4', 'block5'))) {
            $content = censor(getstr($_POST['content'], 1000, 1, 0, 0, 1));
            $blockdata['parameters'][$blockname]['content'] = stripslashes($content);
        } elseif ($blockname == 'profile') {
            $blockdata['parameters'][$blockname]['banavatar'] = in_array($_G['gp_avatar'], array('big', 'middle', 'small')) ? $_G['gp_avatar'] : 'middle';
        } elseif ($blockname == 'statistic') {
            $blockdata['parameters'][$blockname]['bancredits'] = $_G['gp_credits'] ? 0 : 1;
            $blockdata['parameters'][$blockname]['banfriends'] = $_G['gp_friends'] ? 0 : 1;
            $blockdata['parameters'][$blockname]['banthreads'] = $_G['gp_threads'] ? 0 : 1;
            $blockdata['parameters'][$blockname]['banblogs'] = $_G['gp_blogs'] ? 0 : 1;
            $blockdata['parameters'][$blockname]['banalbums'] = $_G['gp_albums'] ? 0 : 1;
            $blockdata['parameters'][$blockname]['bansharings'] = $_G['gp_sharings'] ? 0 : 1;
            $blockdata['parameters'][$blockname]['banviews'] = $_G['gp_views'] ? 0 : 1;
        } elseif (in_array($blockname, array('personalinfo'))) {
        } else {
            $shownum = max(1, intval($_POST['shownum']));
            if ($shownum <= 20) {
示例#26
0
function addportalarticlecomment($id, $message, $idtype = 'aid')
{
    global $_G;
    $id = intval($id);
    if (empty($id)) {
        return 'comment_comment_noexist';
    }
    $message = getstr($message, $_G['group']['allowcommentarticle'], 0, 0, 1, 0);
    if (strlen($message) < 2) {
        return 'content_is_too_short';
    }
    $idtype = in_array($idtype, array('aid', 'topicid')) ? $idtype : 'aid';
    $tablename = $idtype == 'aid' ? 'portal_article_title' : 'portal_topic';
    $data = C::t($tablename)->fetch($id);
    if (empty($data)) {
        return 'comment_comment_noexist';
    }
    if ($data['allowcomment'] != 1) {
        return 'comment_comment_notallowed';
    }
    $message = censor($message);
    if (censormod($message)) {
        $comment_status = 1;
    } else {
        $comment_status = 0;
    }
    $setarr = array('uid' => $_G['uid'], 'username' => $_G['username'], 'id' => $id, 'idtype' => $idtype, 'postip' => $_G['clientip'], 'dateline' => $_G['timestamp'], 'status' => $comment_status, 'message' => $message);
    $pcid = C::t('portal_comment')->insert($setarr, true);
    if ($comment_status == 1) {
        updatemoderate($idtype . '_cid', $pcid);
        $notifykey = $idtype == 'aid' ? 'verifyacommont' : 'verifytopiccommont';
        manage_addnotify($notifykey);
    }
    $tablename = $idtype == 'aid' ? 'portal_article_count' : 'portal_topic';
    C::t($tablename)->increase($id, array('commentnum' => 1));
    C::t('common_member_status')->update($_G['uid'], array('lastpost' => $_G['timestamp']), 'UNBUFFERED');
    if ($data['uid'] != $_G['uid']) {
        updatecreditbyaction('portalcomment', 0, array(), $idtype . $id);
    }
    return 'do_success';
}
示例#27
0
    wapmsg('post_hide_nopermission');
}
if (!$adminid && $newbiespan && (!$lastpost || $timestamp - $lastpost < $newbiespan * 3600)) {
    $regdate = $db->result_first("SELECT regdate FROM {$tablepre}members WHERE uid='{$discuz_uid}'");
    if ($timestamp - $regdate < $newbiespan * 3600) {
        showmessage('post_newbie_span');
    }
}
$postcredits = $forum['postcredits'] ? $forum['postcredits'] : $creditspolicy['post'];
$replycredits = $forum['replycredits'] ? $forum['replycredits'] : $creditspolicy['reply'];
$modnewthreads = (!$allowdirectpost || $allowdirectpost == 1) && ($forum['modnewposts'] || !empty($censormod)) ? 1 : 0;
$modnewreplies = (!$allowdirectpost || $allowdirectpost == 2) && ($forum['modnewposts'] == 2 || !empty($censormod)) ? 1 : 0;
$subject = wapconvert($subject);
$subject = $subject != '' ? dhtmlspecialchars(censor(trim($subject))) : '';
$message = wapconvert($message);
$message = $message != '' ? censor(trim($message)) : '';
if ($do == 'newthread') {
    $discuz_action = 195;
    if (empty($forum['allowpost']) && (!$forum['postperm'] && !$allowpost || $forum['postperm'] && !forumperm($forum['postperm']))) {
        wapmsg('post_newthread_nopermission');
    }
    if (empty($subject) || empty($message)) {
        $typeselect = isset($forum['threadtypes']['required']) ? typeselect() : '';
        echo "<p>" . ($typeselect ? "{$lang['type']}{$typeselect}<br />\n" : '') . "{$lang['subject']}<input type=\"text\" name=\"subject\" value=\"\" maxlength=\"80\" format=\"M*m\" /><br />\n" . "{$lang['message']}<input type=\"text\" name=\"message\" value=\"\" format=\"M*m\" /><br />\n" . "<anchor title=\"{$lang['submit']}\">{$lang['submit']}" . "<go method=\"post\" href=\"index.php?action=post&amp;do=newthread&amp;fid={$fid}&amp;sid={$sid}\">\n" . "<postfield name=\"subject\" value=\"\$(subject)\" />\n" . "<postfield name=\"message\" value=\"\$(message)\" />\n" . "<postfield name=\"formhash\" value=\"" . formhash() . "\" />\n" . ($typeselect ? "<postfield name=\"typeid\" value=\"\$(typeid)\" />\n" : '') . "</go></anchor>\n<br /><br />" . "<a href=\"index.php?action=forum&amp;fid={$fid}\">{$lang['return_forum']}</a></p>\n";
    } else {
        if ($post_invalid = checkpost()) {
            wapmsg($post_invalid);
        }
        if ($formhash != formhash()) {
            wapmsg('wap_submit_invalid');
        }
示例#28
0
 } elseif (!$thread['isgroup'] && ($post_autoclose = checkautoclose($thread))) {
     showmessage($post_autoclose, '', array('autoclose' => $_G['forum']['autoclose']));
 } elseif (checkflood()) {
     showmessage('post_flood_ctrl', '', array('floodctrl' => $_G['setting']['floodctrl']));
 } elseif (checkmaxperhour('pid')) {
     showmessage('post_flood_ctrl_posts_per_hour', '', array('posts_per_hour' => $_G['group']['maxpostsperhour']));
 }
 $commentscore = '';
 if (!empty($_GET['commentitem']) && !empty($_G['uid']) && $post['authorid'] != $_G['uid']) {
     foreach ($_GET['commentitem'] as $itemk => $itemv) {
         if ($itemv !== '') {
             $commentscore .= strip_tags(trim($itemk)) . ': <i>' . intval($itemv) . '</i> ';
         }
     }
 }
 $comment = cutstr(($commentscore ? $commentscore . '<br />' : '') . censor(trim(dhtmlspecialchars($_GET['message'])), '***'), 200, ' ');
 if (!$comment) {
     showmessage('post_sm_isnull');
 }
 $pcid = C::t('forum_postcomment')->insert(array('tid' => $post['tid'], 'pid' => $post['pid'], 'author' => $_G['username'], 'authorid' => $_G['uid'], 'dateline' => TIMESTAMP, 'comment' => $comment, 'score' => $commentscore ? 1 : 0, 'useip' => $_G['clientip'], 'port' => $_G['remoteport']), true);
 C::t('forum_post')->update('tid:' . $_G['tid'], $_GET['pid'], array('comment' => 1));
 $comments = $thread['comments'] ? $thread['comments'] + 1 : C::t('forum_postcomment')->count_by_tid($_G['tid']);
 C::t('forum_thread')->update($_G['tid'], array('comments' => $comments));
 !empty($_G['uid']) && updatepostcredits('+', $_G['uid'], 'reply', $_G['fid']);
 if (!empty($_G['uid']) && $_G['uid'] != $post['authorid']) {
     notification_add($post['authorid'], 'pcomment', 'comment_add', array('tid' => $_G['tid'], 'pid' => $_GET['pid'], 'subject' => $thread['subject'], 'from_id' => $_G['tid'], 'from_idtype' => 'pcomment', 'commentmsg' => cutstr(str_replace(array('[b]', '[/b]', '[/color]'), '', preg_replace("/\\[color=([#\\w]+?)\\]/i", "", $comment)), 200)));
 }
 update_threadpartake($post['tid']);
 $pcid = C::t('forum_postcomment')->fetch_standpoint_by_pid($_GET['pid']);
 $pcid = $pcid['id'];
 if (!empty($_G['uid']) && $_GET['commentitem']) {
示例#29
0
function threadsort_validator($sortoption, $pid)
{
    global $_G, $var;
    $postaction = $_G['tid'] && $pid ? "edit&tid={$_G['tid']}&pid={$pid}" : 'newthread';
    $_G['forum_optiondata'] = array();
    foreach ($_G['forum_checkoption'] as $var => $option) {
        if ($_G['forum_checkoption'][$var]['required'] && !$sortoption[$var]) {
            showmessage('threadtype_required_invalid', "forum.php?mod=post&action={$postaction}&fid={$_G['fid']}&sortid=" . $_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
        } elseif ($sortoption[$var] && ($_G['forum_checkoption'][$var]['type'] == 'number' && !is_numeric($sortoption[$var]) || $_G['forum_checkoption'][$var]['type'] == 'email' && !isemail($sortoption[$var]))) {
            showmessage('threadtype_format_invalid', "forum.php?mod=post&action={$postaction}&fid={$_G['fid']}&sortid=" . $_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
        } elseif ($sortoption[$var] && $_G['forum_checkoption'][$var]['maxlength'] && strlen($typeoption[$var]) > $_G['forum_checkoption'][$var]['maxlength']) {
            showmessage('threadtype_toolong_invalid', "forum.php?mod=post&action={$postaction}&fid={$_G['fid']}&sortid=" . $_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
        } elseif ($sortoption[$var] && ($_G['forum_checkoption'][$var]['maxnum'] && $sortoption[$var] > $_G['forum_checkoption'][$var]['maxnum'] || $_G['forum_checkoption'][$var]['minnum'] && $sortoption[$var] < $_G['forum_checkoption'][$var]['minnum'])) {
            showmessage('threadtype_num_invalid', "forum.php?mod=post&action={$postaction}&fid={$_G['fid']}&sortid=" . $_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
        } elseif ($sortoption[$var] && $_G['forum_checkoption'][$var]['unchangeable'] && !($_G['tid'] && $pid)) {
            showmessage('threadtype_unchangeable_invalid', "forum.php?mod=post&action={$postaction}&fid={$_G['fid']}&sortid=" . $_G['forum_selectsortid'], array('typetitle' => $_G['forum_checkoption'][$var]['title']));
        }
        if ($_G['forum_checkoption'][$var]['type'] == 'checkbox') {
            $sortoption[$var] = $sortoption[$var] ? implode("\t", $sortoption[$var]) : '';
        } elseif ($_G['forum_checkoption'][$var]['type'] == 'url') {
            $sortoption[$var] = $sortoption[$var] ? substr(strtolower($sortoption[$var]), 0, 4) == 'www.' ? 'http://' . $sortoption[$var] : $sortoption[$var] : '';
        }
        $sortoption[$var] = $_G['forum_checkoption'][$var]['type'] != 'image' ? dhtmlspecialchars(censor(trim($sortoption[$var]))) : addslashes(serialize($sortoption[$var]));
        $_G['forum_optiondata'][$_G['forum_checkoption'][$var]['optionid']] = $sortoption[$var];
    }
    return $_G['forum_optiondata'];
}
示例#30
0
	if($timestamp - $regdate < $newbiespan * 3600) {
		showmessage('post_newbie_span');
	}
}

$postcredits = $forum['postcredits'] ? $forum['postcredits'] : $creditspolicy['post'];
$replycredits = $forum['replycredits'] ? $forum['replycredits'] : $creditspolicy['reply'];

$modnewthreads = (!$allowdirectpost || $allowdirectpost == 1) && ($forum['modnewposts'] || !empty($censormod)) ? 1 : 0;
$modnewreplies = (!$allowdirectpost || $allowdirectpost == 2) && ($forum['modnewposts'] == 2 || !empty($censormod)) ? 1 : 0;

$subject = wapconvert($subject);
$subject = ($subject != '') ? dhtmlspecialchars(censor(trim($subject))) : '';

$message = wapconvert($message);
$message = ($message != '') ? censor(trim($message)) : '';

if($do == 'newthread') {

	$discuz_action = 195;

	if(!$discuz_uid && !((!$forum['postperm'] && $allowpost) || ($forum['postperm'] && forumperm($forum['postperm'])))) {
		wapmsg('post_newthread_nopermission');
	} elseif(empty($forum['allowpost'])) {
		if(!$forum['postperm'] && !$allowpost) {
			wapmsg('post_newthread_nopermission');
		} elseif($forum['postperm'] && !forumperm($forum['postperm'])) {
			wapmsg('post_newthread_nopermission');
		}
	} elseif($forum['allowpost'] == -1) {
		wapmsg('post_newthread_nopermission');