pw_ajax.php

强大的PHP内容管理系统尽量不要让站长把时间都花费在为您修正说明上。压缩包解压

<?php
define('AJAX','1');
require_once('global.php');

//Dedecms Api
require_once(D_P."pp_dederemote_interface.php");

InitGP(array('action'));
if(!$windid && !in_array($action,array('login','showface','showsmile'))){
	Showmsg('not_login');
}
if($action=='leaveword'){
	!$_G['leaveword'] && Showmsg('leaveword_right');
	if(!$_POST['step']){
		InitGP(array('pid'));
		$tpc = $db->get_one("SELECT authorid,ptable FROM pw_threads WHERE tid='$tid'");
		if($tpc['authorid']!=$winduid){
			Showmsg('leaveword_error');
		}
		$pw_posts = GetPtable($tpc['ptable']);
		$rt = $db->get_one("SELECT leaveword FROM $pw_posts WHERE pid='$pid' AND tid='$tid'");
		$reason_sel = '';
		$reason_a = explode("\n",$db_adminreason);
		foreach($reason_a as $k=>$v){
			if($v=trim($v)){
				$reason_sel .= "<option value=\"$v\">$v</option>";
			} else{
				$reason_sel .= "<option value=\"\">-------</option>";
			}
		}
		$rt['leaveword'] = str_replace('&nbsp;',' ',$rt['leaveword']);
		require_once PrintEot('ajax');ajax_footer();
	} else{
		InitGP(array('pid','atc_content','ifmsg'),'P',1);
		$tpc = $db->get_one("SELECT authorid,ptable FROM pw_threads WHERE tid='$tid'");
		if($tpc['authorid']!=$winduid){
			Showmsg('leaveword_error');
		}
		require_once(R_P.'require/bbscode.php');
		$atc_content = str_replace('&#61;','=',$atc_content);
		if($db_charset!='utf-8'){
			$atc_content = ajax_convert($atc_content,$db_charset);
		}
		$ptable   = $tpc['ptable'];
		$content  = convert($atc_content,$db_windpost);
		$sqladd   = $atc_content == $content ? '' : ",ifconvert='2'";
		$pw_posts = GetPtable($ptable);
		if($ifmsg){
			require_once(R_P.'require/msg.php');
			include_once(D_P.'data/bbscache/forum_cache.php');
			$atc = $db->get_one("SELECT author,fid,subject,content,postdate FROM $pw_posts WHERE pid='$pid' AND tid='$tid'");
			!$atc['subject'] && $atc['subject']=substrs($atc['content'],35);
			$msg = array(
				$atc['author'],
				$winduid,
				'leaveword_title',
				$timestamp,
				'leaveword_content',
				'N',
				$windid,
				'fid'		=> $atc['fid'],
				'tid'		=> $tid,
				'subject'	=> $atc['subject'],
				'postdate'	=> get_date($atc['postdate']),
				'forum'		=> $forum[$atc['fid']]['name'],
				'affect'    => "",
				'admindate'	=> get_date($timestamp),
				'reason'	=> $atc_content
			);
			writenewmsg($msg,1);
		}
		$db->update("UPDATE $pw_posts SET leaveword='$atc_content' $sqladd WHERE pid='$pid' AND tid='$tid'");
		echo "success\t".str_replace(array("\n","\t"),array('<br />',''),stripslashes($content));
		ajax_footer();
	}
} elseif($action=='favor'){
	$rs = $db->get_one("SELECT tids,type FROM pw_favors WHERE uid='$winduid'");
	if($rs){
		$count = 0;
		$tiddb = getfavor($rs['tids']);
		foreach($tiddb as $key=>$t){
			if(is_array($t))$count+=count($t);
		}
		if($count>$_G['maxfavor']){
			Showmsg('job_favor_full');
		}
		foreach($tiddb as $key=>$t){
			if(in_array($tid,$t)){
				Showmsg('job_favor_error');
			}
		}
		InitGP(array('type'));
		if($rs['type'] && !isset($type)){
			$typeid = explode(',',$rs['type']);
			require_once PrintEot('ajax');ajax_footer();
		}
		$read = $db->get_one("SELECT subject FROM pw_threads WHERE tid='$tid'");
		!$read && Showmsg('data_error');
		require_once(R_P.'require/posthost.php');
		PostHost("http://push.phpwind.com/push.php?type=collect&url=".rawurlencode("$db_bbsurl/read.php?tid=$tid")."&tocharset=$db_charset&title=".rawurlencode($read['subject'])."&bbsname=".rawurlencode($db_bbsname),"");
		$type = (int)$type;
		$tiddb[$type][] = $tid;
		$newtids = makefavor($tiddb);
		$db->update("UPDATE pw_favors SET tids='$newtids' WHERE uid='$winddb[uid]'");
	} else{
		$db->update("INSERT INTO pw_favors(uid,tids) VALUES('$winddb[uid]','$tid')");
	}
	Showmsg('job_favor_success');
} elseif($action=='tag'){
	$cachetime = @filemtime(D_P."data/bbscache/tagdb.php");
	if(!file_exists(D_P."data/bbscache/tagdb.php") || $timestamp-$cachetime>3600){
		require_once(R_P.'require/updateforum.php');
		$tagnum=max($db_tagindex,200);
		$tagdb = array();
		$query = $db->query("SELECT * FROM pw_tags WHERE ifhot='0' ORDER BY num DESC LIMIT $tagnum");
		while($rs = $db->fetch_array($query)){
			$tagdb[$rs['tagname']] = $rs['num'];
		}
		writeover(D_P."data/bbscache/tagdb.php","<?php\r\n\$tagdb=".vvar_export($tagdb).";\r\n?>");
	} else{
		include_once(D_P."data/bbscache/tagdb.php");
	}
	foreach($tagdb as $key=>$num){
		echo $key.','.$num."\t";
	}
	ajax_footer();
} elseif($action=='relatetag'){
	InitGP(array('tagname'));
	$rs = $db->get_one("SELECT tagid,num FROM pw_tags WHERE tagname='$tagname'");
	if(!$rs || $rs['num']<1){
		Showmsg('tag_limit');
	}
	$query = $db->query("SELECT tg.tid,t.subject FROM pw_tagdata tg LEFT JOIN pw_threads t USING(tid) WHERE tg.tagid='$rs[tagid]' LIMIT 5");
	$readdb = array();
	while($rt = $db->fetch_array($query)){
		$rt['subject'] = substrs($rt['subject'],65);
		$readdb[] = $rt;
	}
	require_once PrintEot('ajax');ajax_footer();
} elseif($action=='deldownfile'){
	InitGP(array('aid','pid','page'));
	(!$tid || !is_numeric($aid)) && Showmsg('job_attach_error');
	if(is_numeric($pid)){
		$table = $pw_posts = GetPtable('N',$tid);
		$where = "pid='$pid'";
		$post  = $db->get_one("SELECT fid,tid,aid AS oldaid,authorid FROM $pw_posts WHERE pid='$pid'");
	} else{
		$table = $pw_tmsgs = GetTtable($tid);
		$where = "tid='$tid'";
		$post  = $db->get_one("SELECT t.tid,t.fid,t.authorid,t.ptable,tm.aid AS oldaid FROM pw_threads t LEFT JOIN $pw_tmsgs tm USING(tid) WHERE t.tid='$tid'");
		$pw_posts = GetPtable($post['ptable']);
	}
	$tid    = $post['tid'];
	$fid    = $post['fid'];
	$attach = unserialize(stripslashes($post['oldaid']));
	$attachurl='';
	!$attach[$aid] && Showmsg('job_attach_error');
	@extract($attach[$aid]);
	if(!$attachurl || strpos($attachurl,'..')!==false){
		Showmsg('job_attach_error');
	}
	require_once(R_P.'require/forum.php');
	require_once(R_P.'require/updateforum.php');

	$foruminfo=$db->get_one("SELECT name,f_type,style,password,allowvisit,forumadmin,fupadmin,allowhtm,cms FROM pw_forums WHERE fid='$fid'");
	!$foruminfo && Showmsg('data_error');
	wind_forumcheck($foruminfo);
	/*
	*  获取管理权限
	*/
	if($windid==$manager || admincheck($foruminfo['forumadmin'],$foruminfo['fupadmin'],$windid)){
		$admincheck=1;
	} elseif($SYSTEM['delattach']){
		if(!$SYSTEM['rightwhere'] || strpos(",".$SYSTEM['rightwhere'].",",",".$fid.",")!==false){
			$admincheck=1;
		} else{
			$admincheck=0;
		}
	} else{
		$admincheck=0;
	}
	if($groupid!='guest' && ($admincheck || $post['authorid']==$winduid)){
		$a_url=geturl($attachurl);
		if($a_url[1]=='Local'){
			P_unlink("$attachdir/$attachurl");
		} elseif($db_ifftp && $a_url[1]=='Ftp'){
			require_once(R_P.'require/ftp.php');
			$ftp->delete($attachurl);
			$ftp->close();
			unset($ftp);
		}
		$attach=unserialize(stripslashes($post['oldaid']));
		unset($attach[$aid]);
		if($attach){
			$attach=addslashes(serialize($attach));
		} else{
			$attach='';
		}
		$db->update("UPDATE $table SET aid='$attach' WHERE $where");
		$db->update("DELETE FROM pw_attachs WHERE aid='$aid'");

		$ifupload=getattachtype($tid);
		$db->update("UPDATE pw_threads SET ifupload='$ifupload' WHERE tid='$tid'");
		if($foruminfo['allowhtm'] && $page==1){
			require_once(R_P.'require/template.php');
		}
		echo 'success';ajax_footer();
	} else{
		Showmsg('job_attach_right');
	}
} elseif($action=='draft'){
	!$_G['maxgraft'] && Showmsg('draft_right');

	if(!$_POST['step']){
		$db_showperpage = 5;
		$page = (int)GetGP('page');
		(!is_numeric($page) || $page<1) && $page = 1;
		$rt = $db->get_one("SELECT COUNT(*) AS sum FROM pw_draft WHERE uid='$winduid'");
		$maxpage = ceil($rt['sum']/$db_showperpage);
		$maxpage && $page > $maxpage && $page = $maxpage;
		$limit = "LIMIT ".($page-1)*$db_showperpage.",$db_showperpage";

		$query = $db->query("SELECT * FROM pw_draft WHERE uid='$winduid' $limit");
		if($db->num_rows($query)==0){
			Showmsg('draft_error');
		}
		$drdb = array();
		while($rt = $db->fetch_array($query)){
			$drdb[] = $rt;
		}
		require_once PrintEot('ajax');ajax_footer();
	} elseif($_POST['step']==2){
		InitGP(array('atc_content'),'P',1);
		!$atc_content && Showmsg('content_empty');
		if($db_charset!='utf-8'){
			$atc_content = ajax_convert($atc_content,$db_charset);
		}
		$rt = $db->get_one("SELECT COUNT(*) AS sum FROM pw_draft WHERE uid='$winduid'");
		if($rt['sum']>=$_G['maxgraft']){
			Showmsg('draft_full');
		}
		$db->update("INSERT INTO pw_draft(uid,content) VALUES('$winduid','$atc_content')");
		Showmsg('save_success');
	} elseif($_POST['step']==3){
		InitGP(array('atc_content','did'),'P',1);
		!$atc_content && Showmsg('content_empty');
		if($db_charset!='utf-8'){
			$atc_content = ajax_convert($atc_content,$db_charset);
		}
		$db->update("UPDATE pw_draft SET content='$atc_content' WHERE uid='$winduid' AND did='$did'");
		Showmsg('update_success');
	} else{
		InitGP(array('did'));
		$db->update("DELETE FROM pw_draft WHERE uid='$winduid' AND did='$did'");
		Showmsg('delete_success');
	}
} elseif($action=='login'){
	if(file_exists(D_P."data/style/$skin.php") && strpos($skin,'..')===false){
		@include Pcv(D_P."data/style/$skin.php");
	} elseif(file_exists(D_P."data/style/$db_defaultstyle.php") && strpos($db_defaultstyle,'..')===false){
		@include Pcv(D_P."data/style/$db_defaultstyle.php");
	} else{
		@include(D_P."data/style/wind.php");
	}
	$groupid!='guest' && Showmsg('login_have');
	list(,$logingd) = explode("\t",$db_gdcheck);
	list(,$loginq)	= explode("\t",$db_qcheck);

	$logingd && GdConfirm($_POST['gdcode']);
	require_once(R_P.'require/checkpass.php');
	include_once(D_P.'data/bbscache/dbreg.php');
	include_once(D_P.'data/bbscache/level.php');

	InitGP(array('pwuser','pwpwd','question','customquest','answer','cktime','hideid','jumpurl'),'P');
	if($db_charset!='utf-8'){
		$pwuser		= ajax_convert($pwuser,$db_charset);
		$pwpwd		= ajax_convert($pwpwd,$db_charset);
		$customquest= ajax_convert($customquest,$db_charset);
		$answer		= ajax_convert($answer,$db_charset);
		$_POST['qanswer'] && $_POST['qanswer'] = ajax_convert($_POST['qanswer'],$db_charset);
	}
	if($loginq && $db_question && $_POST['qanswer'] != $db_answer[$_POST['qkey']]){
		Showmsg('qcheck_error');
	}
	if($pwuser && $pwpwd){
		$md5_pwpwd=md5($pwpwd);
		$safecv=$db_ifsafecv ? questcode($question,$customquest,$answer) : '';
		list($winduid,$groupid,$pwpwd)=checkpass($pwuser,$md5_pwpwd,$safecv);
	} else{
		Showmsg('login_empty');
	}
	if(file_exists(D_P."data/groupdb/group_$groupid.php")){
		require_once Pcv(D_P."data/groupdb/group_$groupid.php");
	} else{
		require_once(D_P."data/groupdb/group_1.php");
	}
	$windpwd = $pwpwd;
	$cktime != 0 && $cktime += $timestamp;
	Cookie("winduser",StrCode($winduid."\t".$windpwd."\t".$safecv),$cktime);
	Cookie('lastvisit','',0);
	if($db_autoban){
		require_once(R_P.'require/autoban.php');
		autoban($winduid);
	}
	($gp_allowhide && $hideid) ? Cookie('hideid',"1",$cktime) : Loginipwrite($winduid);
	list($db_moneyname,$db_moneyunit,$db_rvrcname,$db_rvrcunit,$db_creditname,$db_creditunit)=explode("\t",$db_credits);
	$winddb = $db->get_one("SELECT * FROM pw_members m LEFT JOIN pw_memberdata md USING(uid) WHERE m.uid='$winduid'");
	list(,$faceurl,,)=showfacedesign($winddb['icon'],0);
	$lastlodate = get_date($winddb['lastvisit'],'Y-m-d');
	$userrvrc	= (int)($winddb['rvrc']/10);
	$level		= $ltitle[$groupid];
	
	//Dedecms Api
	$rcdata = SynchDedeCms($pwuser,"login",$cktime);
	
	require_once PrintEot('ajax');ajax_footer();
} elseif($action=='msg'){
	$gp_allowmessege == 0 && Showmsg('msg_group_right');
	if($gp_postpertime || $_G['maxsendmsg']){
		$rp = $db->get_one("SELECT COUNT(*) AS tdmsg,MAX(mdate) AS lastwrite FROM pw_msg WHERE fromuid='$winduid' AND mdate>'$tdtime'");
		if($gp_postpertime && $timestamp - $rp['lastwrite'] <= $gp_postpertime){
			Showmsg('msg_limit');
		} elseif($_G['maxsendmsg'] && $rp['tdmsg']>=$_G['maxsendmsg']){
			Showmsg('msg_num_limit');
		}
	}
	list(,,,$msggd) = explode("\t",$db_gdcheck);
	list(,,,$msgq)	= explode("\t",$db_qcheck);
	if(!$_POST['step']){
		InitGP(array('touid'));
		$reinfo = $db->get_one("SELECT username FROM pw_members WHERE uid='$touid'");
		require_once PrintEot('ajax');ajax_footer();
	} else{
		$msggd && GdConfirm($_POST['gdcode']);

		InitGP(array('msg_title','atc_content','pwuser'),'P');
		$msg_title   = Char_cv(trim($msg_title));
		$atc_content = Char_cv(trim($atc_content));
		if(!$atc_content || !$msg_title || !$pwuser){
			Showmsg('msg_empty');
		} elseif(strlen($msg_title)>75 || strlen($atc_content)>1500){
			Showmsg('msg_subject_limit');
		}
		if($db_charset!='utf-8'){
			$pwuser		 = ajax_convert($pwuser,$db_charset);
			$msg_title	 = ajax_convert($msg_title,$db_charset);
			$atc_content = ajax_convert($atc_content,$db_charset);
			$_POST['qanswer'] && $_POST['qanswer'] = ajax_convert($_POST['qanswer'],$db_charset);
		}
		if($msgq && $db_question && $_POST['qanswer'] != $db_answer[$_POST['qkey']]){
			Showmsg('qcheck_error');
		}
		$rt = $db->get_one("SELECT uid FROM pw_members WHERE username='$pwuser'");
		if(!$rt){
			$errorname = Char_cv($pwuser);
			Showmsg('user_not_exists');
		}
		require_once(R_P.'require/msg.php');
		$msg = array(
			$pwuser,
			$winduid,
			$msg_title,