📄 view.php
字号:
<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: view.php,v $
// | $Date: 2004/02/10 01:34:26 $
// | $Revision: 1.51 $
// +-------------------------------------------------------------+
// | File Details:
// | - FAQ article viewer.
// +-------------------------------------------------------------+
error_reporting(E_ALL ^ E_NOTICE);
include "./../global.php";
// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
$_REQUEST['do'] = "view";
}
// globalise variables
$global = array (
array('articleid')
);
rg($global);
include ("./faq_include.php");
if ($_REQUEST['do'] == 'delcomment' AND $_REQUEST['comment']) {
if ($user['p_delete_c_k']) {
$db->query("DELETE FROM faq_comments WHERE id = '$_REQUEST[comment]'");
alert("Comment deleted.");
} else {
alert("You don't have permission to delete comments.");
}
$_REQUEST['do'] = 'view';
}
if (!$_REQUEST['articleid'] AND !$_REQUEST['do'] == 'add' AND !$_REQUEST['do'] == 'add2') {
mistake('An article ID was not specified.');
exit;
}
/******************************************************************************
// ADD ARTICLE
******************************************************************************/
if ($_REQUEST['do'] == "add2") { // validation (will lose data but can only get here by bypassing javascript)
max_limits('faq');
if (($_REQUEST['title'] == '') OR ($_REQUEST['question'] == '') OR ($_REQUEST['answer'] == '') OR ($_REQUEST['category'] == '')) {
jump('view.php?do=add', 'You left either the title, question, category or answer empty');
exit();
} elseif (!$user['p_add_k']) {
nopermission('add articles');
} else { // insert into article
$ref = make_ticket_ref('faq_articles');
$checks = xss_check(array(
$_REQUEST['title'],
$_REQUEST['answer'],
$_REQUEST['question'],
$_REQUEST['question_html'],
$_REQUEST['answer_html']), 'user');
$db->query("INSERT INTO faq_articles SET
title = '" . mysql_escape_string($checks[0]) . "',
category = '" . mysql_escape_string($_REQUEST['category']) . "',
answer = '" . mysql_escape_string($checks[1]) . "',
question = '" . mysql_escape_string($checks[2]) . "',
question_html = '" . mysql_escape_string($checks[3]) . "',
answer_html = '" . mysql_escape_string($checks[4]) . "',
keywords = '" . mysql_escape_string($_REQUEST['hidListVals']) . "',
show_order = '" . mysql_escape_string($_REQUEST['order']) . "',
date_made = '" . mktime() . "',
ref = '" . mysql_escape_string($ref) . "',
techid_made = $user[id]
");
$id = $db->last_id();
// update category dates
$result = $db->query_return("SELECT parentlist FROM faq_cats WHERE id = '$_REQUEST[category]'");
$parentlist = iff($result['parentlist'], $result['parentlist'] . ",$_REQUEST[category]", $_REQUEST['category']);
$db->query("UPDATE faq_cats SET
newdate = " . mktime() . ",
totalarticles = (totalarticles + 1)
WHERE id IN ($parentlist)
");
$db->query("UPDATE faq_cats SET
articles = (articles + 1)
WHERE id = '$_REQUEST[category]'
");
// sort out keywords
$_REQUEST['hidListVals'] = explode(',', $_REQUEST['hidListVals']);
// add article to this keyword if keyword exists
if (is_array($_REQUEST['hidListVals'])) {
$keyword_data = $db->query_return_array("SELECT word FROM faq_keywords WHERE word IN " . array2sql($_REQUEST['hidListVals']) . "");
if ($db->num_rows()) {
foreach ($keyword_data AS $result) {
$update_words[] = $result['word'];
$db->query("UPDATE faq_keywords SET articles = CONCAT(articles, ',$id') WHERE word = '$result[word]'");
}
}
}
if (is_array($_REQUEST['hidListVals'])) {
foreach ($_REQUEST['hidListVals'] AS $key => $var) {
if (!(@in_array($var, $update_words))) {
$keywords[$var] = $id;
}
}
// new keywords
if (is_array($keywords)) {
$db->query("INSERT INTO faq_keywords (word, articles) VALUES " . insertsql($keywords));
}
}
// sort out attachment
if (validate_attachment($error)) {
$attach = add_attachment();
$db->query("INSERT INTO faq_attachments SET
blobid = '$attach[blobid]',
filename = '" . mysql_escape_string($attach['name']) . "',
filesize = '" . mysql_escape_string($attach['size']) . "',
extension = '" . mysql_escape_string($attach['extension']) . "',
timestamp = '" . mktime() . "',
techid = '$user[id]',
articleid = '$id'
");
}
$tmp = split(';', $_REQUEST['selectBoxBString']);
if (is_array($tmp)) {
foreach ($tmp AS $key => $var) {
if ($var) {
$array[] = array($var, $id);
}
}
}
if (is_array($array)) {
$temp = insertsql($array);
$db->query(" INSERT INTO faq_articles_related
(related_article, show_article)
VALUES " . insertsql($array) . "
");
}
$subs = $db->query_return_array("SELECT * FROM faq_subscriptions WHERE catid = '$_REQUEST[category]' AND new");
if (is_array($subs)) {
// Do notifications
foreach ($subs AS $key => $val) {
$user_details = $db->query_return("SELECT * FROM user WHERE id = '$val[userid]'");
if ($db->num_rows()) {
$category = $db->query_return_array("SELECT * FROM faq_cats WHERE id = '$_REQUEST[category]'");
$article = $db->query_return("SELECT * FROM faq_articles WHERE id = '$id'");
$user_details = update_user_details($user_details);
eval(makeemaileval('message', 'BODY_category_updated', $subject));
dp_mail($user_details['email'], $subject, $message);
}
}
}
jump("view.php?do=view&articleid=$id", 'FAQ entry added');
}
}
/******************************************************************************
// EDIT ARTICLE
******************************************************************************/
// validation (will loose data but can only get here by bypassing javascript)
if ($_REQUEST['do'] == "update") {
if (($_REQUEST['title'] == '') OR ($_REQUEST['question'] == '') OR ($_REQUEST['answer'] == '') OR ($_REQUEST['category'] == '')) {
jump("view.php?do=view&articleid=$articleid", 'You left either the title, question or answer empty');
}
if (!$user['p_edit_k']) {
nopermission('edit articles');
}
$article = $db->query_return("
SELECT faq_articles.*, faq_cats.parentlist AS parentlist
FROM faq_articles
LEFT JOIN faq_cats ON (faq_cats.id = faq_articles.category)
WHERE faq_articles.id = '$_REQUEST[articleid]'
");
if ($db->num_rows() < 1) {
jump("index.php", 'The article you are trying to update does not exist');
}
//////////////// KEYWORDS ////////////////
if ((trim($_REQUEST['hidListVals']) != '') OR (trim($article['keywords']) != '')) {
$keywords_new = explode(',', $_REQUEST['hidListVals']);
$keywords_old = explode(',', $article['keywords']);
$keywords_all = array_unique(array_merge($keywords_new, $keywords_old));
if (is_array($keywords_all)) {
// get current data we are changing
$db->query("SELECT * FROM faq_keywords WHERE word IN " . array2sql($keywords_all) . "");
while ($result = $db->row_array()) {
// get array of articles for this word
$keyword_articles = split(',', $result['articles']);
// remove this article (we do this as standard because we just add it back in again anyway)
$var = array_search($_REQUEST['articleid'], $keyword_articles);
if ($var!==null && $var!==false) {
unset($keyword_articles[$var]);
}
$new_data[$result['word']] = $keyword_articles;
}
}
// now we add the $keywords_new entries
foreach ($keywords_new AS $key => $var) {
$new_data[$var][] = $_REQUEST['articleid'];
}
foreach ($new_data AS $key1 => $var1) {
// now rebuild back into standard format
foreach ($var1 AS $key2 => $var2) {
$thearticles .= $var2 . ',';
}
$thearticles = substr($thearticles, 0, -1);
$keyword_data[$key1] = $thearticles;
unset($thearticles);
}
}
if (is_array($keyword_data)) {
$db->query("REPLACE INTO faq_keywords (word,articles) VALUES " . insertsql($keyword_data) . "");
}
// if we have removed the article, and there is now no articles for that word we need to delete the word
$db->query("DELETE FROM faq_keywords WHERE articles = ''");
//////////////// ARTICLE FIELDS ////////////////
$checks = xss_check(array(
$_REQUEST['title'],
$_REQUEST['answer'],
$_REQUEST['question'],
$_REQUEST['question_html'],
$_REQUEST['answer_html']), 'tech');
$db->query("
UPDATE faq_articles SET
title = '" . mysql_escape_string($checks[0]) . "',
category = '" . mysql_escape_string($_REQUEST['category']) . "',
answer = '" . mysql_escape_string($checks[1]) . "',
question_html = '" . mysql_escape_string($checks[3]) . "',
answer_html = '" . mysql_escape_string($checks[4]) . "',
question = '" . mysql_escape_string($checks[2]) . "',
keywords = '" . mysql_escape_string($_REQUEST['hidListVals']) . "',
show_order = '" . mysql_escape_string($_REQUEST['order']) . "',
date_modified = '" . mktime() . "',
techid_modified = '$user[id]'
WHERE id = '$_REQUEST[articleid]'
");
//////////////// CATEGORY TOTALS ////////////////
if ($article['category'] != $_REQUEST['category']) { // reduce old parents by 1
if ($article['parentlist']) {
$db->query("UPDATE faq_cats SET
totalarticles = (totalarticles - 1)
WHERE id IN ($article[parentlist])
");
}
// increase new parents by 1
$result = $db->query_return("SELECT parentlist FROM faq_cats WHERE id = '$_REQUEST[category]'");
if ($result['parentlist']) {
$db->query("UPDATE faq_cats SET
newdate = " . mktime() . ",
totalarticles = (totalarticles + 1)
WHERE id IN ($result[parentlist])
");
}
// update new category
$db->query("UPDATE faq_cats SET
totalarticles = (totalarticles + 1),
articles = (articles + 1)
WHERE id = $_REQUEST[category]
");
// update old category
$db->query("UPDATE faq_cats SET
totalarticles = (totalarticles - 1),
articles = (articles - 1)
WHERE id = $article[category]
");
}
//////////////// RELATED ARTICLES ////////////////
$db->query("DELETE FROM faq_articles_related WHERE show_article = '$_REQUEST[articleid]'");
$tmp = split(';', $_REQUEST['selectBoxBString']);
if (is_array($tmp)) {
foreach ($tmp AS $key => $var) {
if ($var) {
$array[] = array($var, $_REQUEST['articleid']);
}
}
}
if (is_array($array)) {
$temp = insertsql($array);
$db->query(" INSERT INTO faq_articles_related
(related_article, show_article)
VALUES " . insertsql($array) . "
");
}
//////////////// CATEGORY DATES ////////////////
// update category dates
$result = $db->query_return("SELECT parentlist FROM faq_cats WHERE id = '$_REQUEST[category]'");
$parentlist = iff($result['parentlist'], $result['parentlist'] . ",$_REQUEST[category]", $_REQUEST['category']);
$db->query("UPDATE faq_cats SET editdate = '" . mktime() . "' WHERE id IN ($parentlist)");
// sort out attachment
if (validate_attachment($error)) {
// add attachment
$attach = add_attachment();
// add information to ticket table
$db->query("INSERT INTO faq_attachments SET
blobid = '$attach[blobid]',
filename = '" . mysql_escape_string($attach['name']) . "',
filesize = '" . mysql_escape_string($attach['size']) . "',
extension = '" . mysql_escape_string($attach['extension']) . "',
timestamp = '" . mktime() . "',
techid = '$user[id]',
articleid = '$articleid'
");
}
$subs = $db->query_return_array("SELECT * FROM faq_subscriptions WHERE (catid = '$_REQUEST[category]' AND new) OR (articleid = $_REQUEST[articleid] AND edit)");
if ($db->num_rows()) {
// Do notifications
foreach ($subs AS $key => $val) {
$user_details = $db->query_return("SELECT * FROM user WHERE id = '$val[userid]'");
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -