www.gusucode.com > ShopEx481 & PHPWind 整合版码程序 > bbs/ajax.php
<?php define('AJAX','1'); require_once('global.php'); require_once(R_P.'require/forum.php'); $groupid == 'guest' && Showmsg('not_login'); $foruminfo = $db->get_one("SELECT f.*,fe.forumset FROM pw_forums f LEFT JOIN pw_forumsextra fe ON fe.fid=f.fid WHERE f.fid='$fid' AND f.type<>'category'"); !$foruminfo && Showmsg('data_error'); wind_forumcheck($foruminfo); $forumset = unserialize($foruminfo['forumset']); empty($fid) && Showmsg('undefined_action'); /* * 获取管理权限 */ if($groupid==3 || $groupid==4 || admincheck($foruminfo['forumadmin'],$foruminfo['fupadmin'],$windid)){ $admincheck=1; } else{ $admincheck=0; } if(!CkInArray($windid,$manager) && $groupid!=3 && !$foruminfo['allowvisit'] && !admincheck($foruminfo['forumadmin'],$foruminfo['fupadmin'],$windid)){ forum_creditcheck(); } if($forumset['allowtime'] && !$admincheck && !allowcheck($forumset['allowtime'],",$t[hours],",'')){ Showmsg('forum_allowtime'); } list($db_openpost,$db_poststart,$db_postend)=explode("\t",$db_openpost); if($db_openpost==1 && $groupid != 3 && $groupid != 4){ if($db_poststart < $db_postend && ($t['hours'] < $db_poststart || $t['hours'] >= $db_postend)){ Showmsg('post_openpost'); } elseif($db_poststart > $db_postend && ($t['hours'] < $db_poststart && $t['hours'] >= $db_postend)){ Showmsg('post_openpost'); } } if($groupid=='6'){ $bandb=$db->get_one("SELECT * FROM pw_banuser WHERE uid='$winduid'"); if(!$bandb){ $db->update("UPDATE pw_members SET groupid='-1' WHERE uid='$winduid'"); } elseif($bandb['type']==1 && $timestamp-$bandb['startdate']>$bandb['days']*86400){ $db->update("DELETE FROM pw_banuser WHERE uid='$winduid'"); $db->update("UPDATE pw_members SET groupid='-1' WHERE uid='$winduid'"); } else{ if($bandb['type']==1){ $s_date=get_date($bandb['startdate']); $e_date=$bandb['startdate']+$bandb['days']*86400; $e_date=get_date($e_date); Showmsg('ban_info1'); } else{ if($bandb['type']==3){ Cookie('force',$winduid); Showmsg('ban_info3'); } else{ Showmsg('ban_info2'); } } } } if(GetCookie('force') && $winduid != GetCookie('force')){ $force = GetCookie('force'); $bandb = $db->get_one("SELECT type FROM pw_banuser WHERE uid='$force'"); if($bandb['type']==3){ Showmsg('ban_info3'); } else{ Cookie('force','',0); } } if($groupid=='7'){ Showmsg('post_check'); } if($db_postallowtime && $timestamp-$winddb['regdate']<$db_postallowtime*60){ Showmsg('post_newrg_limit'); } $userlastptime = $groupid != 'guest' ? $winddb['lastpost'] : GetCookie('userlastptime'); $tdtime >= $winddb['lastpost'] && $winddb['todaypost'] = 0; $montime >= $winddb['lastpost'] && $winddb['monthpost'] = 0; if($_G['postlimit'] && $winddb['todaypost'] >= $_G['postlimit']){ Showmsg('post_gp_limit'); } list(,,$postq) = explode("\t",$db_qcheck); InitGP(array('action')); if($action=='modify'){ InitGP(array('pid','article')); if(is_numeric($pid)){ $pw_posts = GetPtable('N',$tid); $atcdb = $db->get_one("SELECT tid,aid,author,authorid,icon,postdate,subject,ifsign,leaveword,ifconvert,content,anonymous FROM $pw_posts WHERE pid='$pid' AND tid='$tid' AND fid='$fid'"); !$atcdb['tid'] && Showmsg('illegal_tid'); $ptable = substr($pw_posts,8); } else{ $pw_tmsgs = GetTtable($tid); $atcdb = $db->get_one("SELECT t.tid,t.icon,t.author,t.authorid,t.subject,t.postdate,t.locked,t.anonymous,t.ptable,tm.aid,tm.ifsign,tm.content FROM pw_threads t LEFT JOIN $pw_tmsgs tm USING(tid) WHERE t.tid='$tid' AND fid='$fid'"); !$atcdb['tid'] && Showmsg('illegal_tid'); $ptable = $atcdb['ptable']; } if(!$admincheck && (!$SYSTEM['deltpcs'] || $groupid == 5)){ if($groupid == 'guest' || $atcdb['authorid'] != $winduid){ Showmsg('modify_noper'); } elseif($atcdb['locked']%3 > 0){ Showmsg('modify_locked'); } } if($winduid != $atcdb['authorid'] && $groupid != 3 && $groupid != 4){ $authordb = $db->get_one("SELECT groupid FROM pw_members WHERE uid='$atcdb[authorid]'"); if(($authordb['groupid'] == 3 || $authordb['groupid'] == 4)){ Showmsg('modify_admin'); } } if($gp_edittime && ($timestamp - $atcdb['postdate']) > $gp_edittime * 60){ Showmsg('modify_timelimit'); } if(!$_POST['step']){ $verify = substr(md5($winduid.$db_hash.$fid),0,8); $atcdb['anonymous'] && $atcdb['author'] = $db_anonymousname; $atc_content = str_replace(array('<','>',' '),array('<','>',' '),$atcdb['content']); if(strpos($atc_content,$db_bbsurl) !== false){ $atc_content = str_replace('p_w_picpath',$db_picpath,$atc_content); $atc_content = str_replace('p_w_upload',$db_attachname,$atc_content); } $atc_title = $atcdb['subject']; require_once PrintEot('ajax');ajax_footer(); } else{ (($db_gdcheck & 4) && $winddb['postnum'] < $db_postgd) && GdConfirm($_POST['gdcode']); $postcheck = $_POST['verify']==substr(md5($winduid.$db_hash.$fid),0,8) ? 1 : 0; if($db_charset!='utf-8'){ $_POST['atc_title'] = ajax_convert($_POST['atc_title'],$db_charset); $_POST['atc_content'] = ajax_convert($_POST['atc_content'],$db_charset); $_POST['qanswer'] && $_POST['qanswer'] = ajax_convert($_POST['qanswer'],$db_charset); } $winddb['postnum'] < $postq && Qcheck($_POST['qanswer'],$_POST['qkey']); if(@include(D_P."data/bbscache/wordsfb.php")){ foreach($wordsfb as $key => $value){ $banword = (string) stripslashes($key); if(strpos($_POST['atc_title'],$banword)!==false){ Showmsg('title_wordsfb'); } elseif(strpos($_POST['atc_content'],$banword)!==false){ Showmsg('content_wordsfb'); } } foreach($replace as $key => $value){ $banword = (string) stripslashes($key); if(strpos($_POST['atc_title'],$banword)!==false){ Showmsg('post_wordsfb'); } } } list(,,$downloadmoney,$downloadimg) = explode("\t",$forumset['uploadset']); require_once('require/postfunc.php'); require_once(R_P.'require/bbscode.php'); $atc_usesign = $atcdb['ifsign']; list($atc_title,$atc_content,$ifconvert,$ifwordsfb) = check_data('modify'); if(file_exists(D_P."data/style/$skin.php") && strpos($skin,'..')===false){ @include(D_P."data/style/$skin.php"); } else{ @include(D_P."data/style/wind.php"); } if($groupid != 3 && $atcdb['postdate'] + 300 < $timestamp){ $altername = $atcdb['anonymous'] && $windid==$atcdb['author'] ? $db_anonymousname : $windid; $timeofedit= get_date($timestamp); require_once GetLang('post'); $alterinfo = $lang['edit_post']; } else{ $alterinfo = ''; } if($winduid != $authorid){ /** * 管理员编辑帖子的安全日记 */ require_once(R_P.'require/writelog.php'); $log = array( 'type' => 'edit', 'username1' => $atcdb['author'], 'username2' => $windid, 'field1' => $fid, 'field2' => '', 'field3' => '', 'descrip' => 'edit_descrip', 'timestamp' => $timestamp, 'ip' => $onlineip, 'tid' => $tid, 'forum' => $foruminfo['name'], 'subject' => substrs($subject,28), 'reason' => 'edit article' ); writelog($log); } $attachper = 1; $leaveword = $atcdb['leaveword'] ? leaveword($atcdb['leaveword']) : ''; $content = convert($atc_content.$leaveword,$db_windpost); $ifconvert = $content == $atc_content.$leaveword ? 1 : 2; if(is_numeric($pid)){ $db->update("UPDATE $pw_posts SET subject='$atc_title',alterinfo='$alterinfo',content='$atc_content',ifconvert='$ifconvert',ifwordsfb='$ifwordsfb' WHERE pid='$pid'"); } else{ $db->update("UPDATE pw_threads SET subject='$atc_title' WHERE tid='$tid'"); $db->update("UPDATE $pw_tmsgs SET alterinfo='$alterinfo',ifconvert='$ifconvert',ifwordsfb='$ifwordsfb',content='$atc_content' WHERE tid='$tid'"); } if(strpos($content,'[p:')!==false || strpos($content,'[s:')!==false){ $content = showface($content); } if($atcdb['ifsign'] < 2){ $content = str_replace("\n",'<br />',$content); } if($ifwordsfb==0){ $content = addslashes(wordsfb(stripslashes($content))); } if($attachper && $atcdb['aid']){ $attachments = array(); $attachs = unserialize(stripslashes($atcdb['aid'])); if(is_array($attachs)){ if($winduid==$read['authorid'] || $admincheck || ($groupid!=5 && $SYSTEM['delattach'])){ $dfadmin=1; } else{ $dfadmin=0; } foreach($attachs as $at){ if($at['type']=='img' && $at['needrvrc']==0 && (!$downloadimg || !$downloadmoney || $gp_allowdownload==2)){ $a_url = geturl($at['attachurl'],'show'); if($a_url=='imgurl'){ $attachments[$at['aid']]="<a href=\"job.php?action=showimg&tid={$tid}&pid={$read[pid]}&fid={$fid}&aid={$at[aid]}&verify=".md5("showimg{$tid}{$read[pid]}{$fid}{$at[aid]}{$GLOBALS[db_hash]}")."\" target=\"_blank\">$at[name]</a>"; } else{ $dfurl='<br>'.cvpic($a_url[0],1,$db_windpost['picwidth'],$db_windpost['picheight'],$at['ifthumb']); $read['pic'][$at['aid']]=array($at['aid'],$dfurl,$dfadmin,$at['desc']); $attachments[$at['aid']]="<b>$at[desc]</b>$dfurl"; } } } $aids = array(); $content = attachment($content); } } $alterinfo && $content.="<div id=\"alert_$pid\" style=\"color:gray;margin-top:30px\">[ $alterinfo ]</div>"; $atcdb['icon'] = $atcdb['icon'] ? "<img src=\"$imgpath/post/emotion/$atcdb[icon].gif\" align=\"left\" border=\"0\" />" : ''; echo "success\t".stripslashes($atcdb['icon']." ".$atc_title)."\t".str_replace(array("\r","\t"), array("",""), stripslashes($content)); ajax_footer(); } } elseif($action=='quote'){ if($foruminfo['allowrp'] && !allowcheck($foruminfo['allowrp'],$groupid,$winddb['groups'],$fid,$winddb['reply']) && !$admincheck){ Showmsg('reply_forum_right'); } if(!$foruminfo['allowrp'] && !$admincheck && $gp_allowrp==0){ Showmsg('reply_group_right'); } InitGP(array('pid','article')); if($article=='0'){ $pw_tmsgs = GetTtable($tid); $S_sql = ',tm.ifsign,tm.content,m.groupid'; $J_sql = "LEFT JOIN $pw_tmsgs tm ON tm.tid=t.tid LEFT JOIN pw_members m ON t.authorid=m.uid"; } else{ $S_sql = $J_sql = ''; } $tpcarray = $db->get_one("SELECT t.fid,t.locked,t.ifcheck,t.author,t.authorid,t.subject,t.postdate,t.ifshield,t.anonymous,t.ptable $S_sql FROM pw_threads t $J_sql WHERE t.tid='$tid'"); $pw_posts = GetPtable($tpcarray['ptable']); if($tpcarray['fid']!=$fid){ Showmsg('illegal_tid'); } if($forumset['lock']&& !$admincheck && $timestamp - $tpcarray['postdate'] > $forumset['lock'] * 86400){ Showmsg('forum_locked'); } if(!$admincheck && !$tpcarray['ifcheck']){ Showmsg('reply_ifcheck'); } if(!$admincheck && !$SYSTEM['replylock'] && $tpcarray['locked']%3<>0){ Showmsg('reply_lockatc'); } require_once(R_P.'require/bbscode.php'); $verify = substr(md5($winduid.$db_hash.$fid),0,8); if($article=='0'){ $atcarray = $tpcarray; } else{ !is_numeric($pid) && Showmsg('illegal_tid'); $atcarray = $db->get_one("SELECT p.author,p.subject,p.postdate,p.content,p.ifshield,p.anonymous,m.groupid FROM $pw_posts p LEFT JOIN pw_members m ON p.authorid=m.uid WHERE p.pid='$pid'"); } if($atcarray['ifshield']=='1'){ $atcarray['content'] = shield('shield_article'); } elseif($atcarray['ifshield']=='2'){ $atcarray['content'] = shield('shield_del_article'); } elseif($atcarray['groupid'] == '6'){ $atcarray['content'] = shield('ban_article'); } $old_author = $atcarray['anonymous'] ? $db_anonymousname : $atcarray['author']; $replytitle = $atcarray['subject']; $wtof_oldfile=get_date($atcarray['postdate']); require_once GetLang('post'); $old_content = stripslashes($atcarray['content']); $old_content = preg_replace("/\[hide=(.+?)\](.+?)\[\/hide\]/is",$lang['hide_post'],$old_content); $old_content = preg_replace("/\[post\](.+?)\[\/post\]/is",$lang['post_post'],$old_content); $old_content = preg_replace("/\[sell=(.+?)\](.+?)\[\/sell\]/is",$lang['sell_post'],$old_content); $old_content = preg_replace("/\[quote\](.*)\[\/quote\]/is","",$old_content); $bit_content = explode("\n",$old_content); if(count($bit_content) > 5){ $old_content = "$bit_content[0]\n$bit_content[1]\n$bit_content[2]\n$bit_content[3]\n$bit_content[4]\n......."; } if(strpos($old_content,$db_bbsurl)!==false){ $old_content = str_replace('p_w_picpath',$db_picpath,$old_content); $old_content = str_replace('p_w_upload',$db_attachname,$old_content); } $old_content = preg_replace("/\<(.+?)\>/is","",$old_content); $atc_content = "[quote]".($article==0 ? $lang['info_post_1'] : $lang['info_post_2'])."\n{$old_content}[/quote]\n"; $replytitle =='' ? $atc_title = 'Re:'.$tpcarray['subject'] : $atc_title = 'Re:'.$replytitle; require_once PrintEot('ajax');ajax_footer(); } elseif($action=='subject'){ !$admincheck && Showmsg('undefined_action'); $atcdb = $db->get_one("SELECT authorid,subject FROM pw_threads WHERE tid='$tid' AND fid='$fid'"); !$atcdb && Showmsg('illegal_tid'); if($winduid != $atcdb['authorid'] && $groupid != 3 && $groupid != 4){ $authordb = $db->get_one("SELECT groupid FROM pw_members WHERE uid='$atcdb[authorid]'"); if(($authordb['groupid'] == 3 || $authordb['groupid'] == 4)){ Showmsg('modify_admin'); } } if(!$_POST['step']){ $atcdb['subject'] = str_replace(array("<",">","\t"),array('<','>',''),$atcdb['subject']); echo "success\t".$atcdb['subject'];ajax_footer(); } else{ InitGP(array('atc_content'),'P',1); !$atc_content && Showmsg('content_empty'); if($db_charset!='utf-8'){ $atc_content = ajax_convert($atc_content,$db_charset); } $db->update("UPDATE pw_threads SET subject='$atc_content' WHERE tid='$tid'"); $rt = $db->get_one("SELECT titlefont FROM pw_threads WHERE tid='$tid'"); if($rt['titlefont']){ $detail=explode("~",$rt['titlefont']); $detail[0] && $atc_content="<font color=$detail[0]>$atc_content</font>"; $detail[1] && $atc_content="<b>$atc_content</b>"; $detail[2] && $atc_content="<i>$atc_content</i>"; $detail[3] && $atc_content="<u>$atc_content</u>"; } echo "success\t".str_replace("\t","",$atc_content);ajax_footer(); } } ?>