pw_ajax.php

强大的PHP内容管理系统尽量不要让站长把时间都花费在为您修正说明上。压缩包解压

			$timestamp,
			$atc_content,
			'N',
			$windid
		);
		
		writenewmsg($msg);
		Showmsg('send_success');
	}
} elseif($action=='report'){
	!$gp_allowreport && Showmsg('report_right');
	$pid = (int)GetGP('pid');
	$rt  = $db->get_one("SELECT tid FROM pw_report WHERE uid='$winduid' AND tid='$tid' AND pid='$pid'");
	$rt && Showmsg('have_report');

	if(!$_POST['step']){
		require_once PrintEot('ajax');ajax_footer();
	} elseif($_POST['step']==2){
		InitGP(array('ifmsg','type','reason'),'P');
		if($db_charset!='utf-8'){
			$reason = ajax_convert($reason,$db_charset);
		}
		$reason = Char_cv($reason);
		$db->update("INSERT INTO pw_report(tid,pid,uid,type,reason) VALUES ('$tid','$pid','$winduid','$type','$reason')");

		if($ifmsg){
			if($pid>0){
				$pw_posts = GetPtable('N',$tid);
				$sqlsel = "t.content as subject,t.postdate,";
				$sqltab = "$pw_posts t";
				$sqladd = "WHERE t.pid='$pid'";
			} else{
				$sqlsel = "t.subject,t.postdate,";
				$sqltab = "pw_threads t";
				$sqladd = "WHERE t.tid='$tid'";
			}
			$rs = $db->get_one("SELECT $sqlsel t.fid,f.forumadmin FROM $sqltab LEFT JOIN pw_forums f USING(fid) $sqladd");
			if($rs['forumadmin']){
				include_once(D_P.'data/bbscache/forum_cache.php');
				require_once(R_P.'require/msg.php');
				$admin_a = explode(',',$rs['forumadmin']);
				$msg = array(
					'',
					$winduid,
					'report_title',
					$timestamp,
					'report_content_'.$type,
					'',
					$windid,
					'fid'		=> $rs['fid'],
					'tid'		=> $tid.'#'.$pid,
					'postdate'	=> get_date($rs['postdate']),
					'forum'		=> $forum[$rs['fid']]['name'],
					'subject'	=> $rs['subject'],
					'admindate'	=> get_date($timestamp),
					'reason'	=> $reason
				);
				foreach($admin_a as $key=>$forumadmin){
					if(!$forumadmin) continue;
					$msg['0']=$forumadmin;
					writenewmsg($msg,1);
				}
			}
		}
		Showmsg('report_success');
	}
} elseif($action=='recommend'){
	list(,,,,$othergd)=explode("\t",$db_gdcheck);
	if(!$_POST['step']){
		$atcinfo  = $db->get_one("SELECT subject,author,anonymous FROM pw_threads WHERE tid='$tid'");
		$atcinfo['anonymous'] && $atcinfo['author'] = $db_anonymousname;
		$atc_name = $atcinfo['subject'];
		require_once PrintEot('ajax');ajax_footer();
	} elseif($_POST['step']==1){
		$othergd && GdConfirm($_POST['gdcode']);
		InitGP(array('sendtoname'));
		InitGP(array('subject','atc_content'),'P',1);
		require_once(R_P.'require/msg.php');

		if($db_charset!='utf-8'){
			$sendtoname	 = ajax_convert($sendtoname,$db_charset);
			$subject	 = ajax_convert($subject,$db_charset);
			$atc_content = ajax_convert($atc_content,$db_charset);
		}
		$userdb = '';
		if($sendtoname){
			$userdb = $db->get_one("SELECT username FROM pw_members WHERE username='$sendtoname'");
		}
		if(!$userdb){
			$errorname = Char_cv($sendtoname);
			Showmsg('user_not_exists');
		}
		if(!$subject || !$atc_content){
			Showmsg('tofriend_msgerror');
		}
		$msgdb = array(
			$userdb['username'],
			$winduid,
			$subject,
			$timestamp,
			$atc_content,
			'N',
			$windid
		);
		writenewmsg($msgdb,1);
		Showmsg('operate_success');
	} elseif($_POST['step']==2){
		$othergd && GdConfirm($_POST['gdcode']);
		InitGP(array('subject','atc_content','sendtoemail','sendtoname'));
		if($db_charset!='utf-8'){
			$subject	 = ajax_convert($subject,$db_charset);
			$atc_content = ajax_convert($atc_content,$db_charset);
			$sendtoemail = ajax_convert($sendtoemail,$db_charset);
			$sendtoname	 = ajax_convert($sendtoname,$db_charset);
		}
		if(empty($subject)){
			Showmsg('sendeamil_subject_limit');
		}
		if(empty($atc_content) || strlen($atc_content)<=20){
			Showmsg('sendeamil_content_limit');
		} elseif(!ereg("^[-a-zA-Z0-9_\.]+\@([0-9A-Za-z][0-9A-Za-z-]+\.)+[A-Za-z]{2,5}$",$sendtoemail)){
			Showmsg('illegal_email');
		}
		if($timestamp-GetCookie('lastwrite')<=60){//$gp_postpertime
			Showmsg('sendeamil_limit');
		}
		Cookie('lastwrite',$timestamp);
		require_once(R_P.'require/sendemail.php');
		$fromemail = $winddb['email'];
		$fromname  = $windid;
		if(sendemail($sendtoemail,$subject,$atc_content,'email_additional')){
			Showmsg('operate_success');
		} else{
			Showmsg('mail_failed');
		}
	}
} elseif($action=='usetool'){
	$tooldb = array();
	$i = $j = 0;
	$query  = $db->query("SELECT t.id,t.name,t.filename,t.descrip,u.nums FROM pw_tools t LEFT JOIN pw_usertool u ON t.id=u.toolid  AND u.uid='$winduid' WHERE t.state='1' AND t.type='1' ORDER BY vieworder");
	while($rt = $db->fetch_array($query)){
		$rt['nums']=(int)$rt['nums'];
		$tooldb[$i][$j] = $rt;
		$j++;
		if($j>1){
			$i++;$j=0;
		}
	}
	require_once PrintEot('ajax');ajax_footer();
} elseif($action=='usertool'){
	//道具帖子类
	$uid = (int)GetGP('uid');
	!$uid && Showmsg('undefined_action');
	$i = $j = 0;
	$query  = $db->query("SELECT t.id,t.name,t.filename,t.descrip,u.nums FROM pw_tools t LEFT JOIN pw_usertool u ON t.id=u.toolid  AND u.uid='$winduid' WHERE state='1' AND type='2' ORDER BY vieworder");
	while($rt = $db->fetch_array($query)){
		$rt['nums']=(int)$rt['nums'];
		$tooldb[$i][$j] = $rt;
		$j++;
		if($j>1){
			$i++;$j=0;
		}
	}
	require_once PrintEot('ajax');ajax_footer();
} elseif($action=='showping'){
	require_once(R_P.'require/msg.php');
	require_once(R_P.'require/forum.php');
	require_once(R_P.'require/credit.php');
	InitGP(array('pid','page'));
	if(!is_numeric($pid)){
		$pw_tmsgs = GetTtable($tid);
		$atc = $db->get_one("SELECT fid,author,authorid,postdate,subject,anonymous,tm.ifmark,credit FROM pw_threads t LEFT JOIN $pw_tmsgs tm ON tm.tid=t.tid LEFT JOIN pw_memberinfo m ON m.uid='$winddb[uid]' WHERE t.tid='$tid'");
	} else{
		$pw_posts = GetPtable('N',$tid);
		$atc = $db->get_one("SELECT fid,author,authorid,postdate,subject,ifmark,anonymous,credit,content FROM $pw_posts p LEFT JOIN pw_memberinfo m ON m.uid='$winddb[uid]' WHERE pid='$pid'");
	}
	Add_S($atc);
	$fid = $atc['fid'];
	$foruminfo = $db->get_one("SELECT name,f_type,style,password,allowvisit,allowhtm,cms,forumadmin,fupadmin FROM pw_forums WHERE fid='$fid' AND type<>'category'");
	!$foruminfo && Showmsg('data_error');
	wind_forumcheck($foruminfo);

	list($maxcredit,$minper,$maxper,$credittype,$markdt) = explode("|",$_G['markdb']);
	!$minper && $minper=0;
	!$maxper && $maxper=0;
	if($winddb['groups']){
		$gids = '';
		foreach(explode(',',$winddb['groups']) as $key=>$gid){
			is_numeric($gid) && $gids .= ($gids ? ',' : '').$gid;
		}
		if($gids){
			require_once(R_P.'require/pw_func.php');
			$query = $db->query("SELECT mright FROM pw_usergroups WHERE gid IN($gids)");
			while(@extract($db->fetch_array($query))){
				$p = P_unserialize($mright);
				if(is_array($p) && $p['markdb'] && $p['markable']){
					$p['markable'] > $_G['markable'] && $_G['markable'] = $p['markable'];
					$s = explode('|',$p['markdb']);
					is_numeric($s[0]) && $s[0] > $maxcredit && $maxcredit = $s[0];
					is_numeric($s[1]) && $s[1] < $minper && $minper = $s[1];
					is_numeric($s[2]) && $s[2] > $maxper && $maxper = $s[2];
					$s[4]===0 && $markdt = 0;
				}
			}
		}
	}
	if(($windid != $manager && !admincheck($foruminfo['forumadmin'],$foruminfo['fupadmin'],$windid) && !$_G['markable']) || !$credittype || ($minper==0 && $maxper==0)){
		Showmsg('no_markright');
	}
	if($db_pingtime && $timestamp-$atc['postdate']>$db_pingtime*3600 && $gp_gptype!='system'){
		Showmsg('pingtime_over');
	}
	!$atc['author'] && Showmsg('data_error');

	if($winduid==$atc['authorid'] && $windid != $manager){
		Showmsg('masigle_manager');
	}
	$cType		= GetCreditType();
	$credittype = explode(',',$credittype);

	if(!$_POST['step']){
		$creditselect = '';
		foreach($credittype as $key=>$cid){
			if(isset($cType[$cid])){
				$creditselect .= '<option value="'.$cid.'">'.$cType[$cid].'</option>';
			}
		}
		if($maxcredit){
			$creditdb = explode("\t",$atc['credit']);
			if($creditdb[0]>=$tdtime){
				$leavepoint = abs($maxcredit-$creditdb[1]);
				$leavepoint==0 && Showmsg('masigle_nopoint');
			} else{
				$leavepoint = $maxcredit;
			}
		}
		$reason_sel = '';
		$reason_a = explode("\n",$db_adminreason);
		foreach($reason_a as $k=>$v){
			if($v=trim($v)){
				$reason_sel .= "<option value=\"$v\">$v</option>";
			} else{
				$reason_sel .= "<option value=\"\">-------</option>";
			}
		}
		if($atc['anonymous'] && $groupid!='3'){
			$check_Y = 'disabled';
			$check_N = 'checked';
		} else{
			$check_Y = 'checked';
			$check_N = '';
		}
		require_once PrintEot('ajax');ajax_footer();
	} elseif($_POST['step']==1){
		if($_G['markable']<2 && strpos($atc['ifmark'],'('.$windid.')')!==false){
			Showmsg('no_markagain');
		}
		InitGP(array('cid','addpoint','ifmsg','atc_content'),'P');
		!in_array($cid,$credittype) && Showmsg('masigle_credit_right');

		$cUnit = GetCreditUnit();
		if(isset($cType[$cid])){
			$name = $cType[$cid];
			$unit = $cUnit[$cid];
		} else{
			Showmsg('all_credit_error');
		}
		$addpoint = (int)$addpoint;
		$addpoint==0 && Showmsg('member_credit_error');
		if($addpoint>$maxper || $addpoint<$minper){
			Showmsg('masigle_creditlimit');
		}
		if($maxcredit){
			$creditdb = explode("\t",$atc['credit']);
			if($creditdb[0]<$tdtime){
				$creditdb[0] = $tdtime;
				$creditdb[1] = abs($addpoint);
				if($creditdb[1]>$maxcredit){
					$leavepoint = max(0,$maxcredit-$creditdb[1]);
					Showmsg('masigle_point');
				}
			} else{
				if($creditdb[1]+abs($addpoint)>$maxcredit){
					$leavepoint = max(0,$maxcredit-$creditdb[1]);
					Showmsg('masigle_point');
				} else{
					$creditdb[0] = $timestamp;
					$creditdb[1]+= abs($addpoint);
				}
			}
			$newcreditdb = $creditdb[0]."\t".$creditdb[1];
			$rt = $db->get_one("SELECT uid FROM pw_memberinfo WHERE uid='$winduid'");
			if($rt['uid']){
				$db->update("UPDATE pw_memberinfo SET credit='$newcreditdb' WHERE uid='$winduid'");
			} else{
				$db->update("INSERT INTO pw_memberinfo(uid,credit) VALUES('$winduid','$newcreditdb')");
			}
		}
		if($markdt && $addpoint>0){
			$credit = UserCredit($winduid,$cid);
			$credit < $addpoint && Showmsg('credit_enough');
			UserCredit($winduid,$cid,'set',-$addpoint);
		}
		UserCredit($atc['authorid'],$cid,'set',$addpoint);

		if($db_autoban && $addpoint<0){
			require_once(R_P.'require/autoban.php');
			autoban($atc['authorid']);
		}
		$atc_content = Char_cv($atc_content);
		if($db_charset!='utf-8'){
			$atc_content = ajax_convert($atc_content,$db_charset);
		}
		$newmark = $name.':'.($addpoint>0 ? '+' : '').$addpoint.'('.addslashes($windid).") ".substrs($atc_content,24);
		$ifmark  = $atc['ifmark'] ? $newmark."\t".$atc['ifmark'] : $newmark;
		if(strlen($ifmark)>240){
			$ifmark = substr($ifmark,0,240);
			$ifmark = substr($ifmark,0,strrpos($ifmark,"\t"));
		}
		if(!is_numeric($pid)){
			$db->update("UPDATE pw_threads SET ifmark=ifmark+'$addpoint' WHERE tid='$tid'");
			$db->update("UPDATE $pw_tmsgs SET ifmark='$ifmark' WHERE tid='$tid'");
		} else{
			$db->update("UPDATE $pw_posts SET ifmark='$ifmark' WHERE pid='$pid'");
		}
		!$atc['subject'] && $atc['subject'] = substrs($atc['content'],35);
		if($ifmsg){
			$msg=array(
				$atc['author'],
				$winduid,
				'ping_title',
				$timestamp,
				'ping_content',
				'',
				$windid,
				'fid'		=> $atc['fid'],
				'tid'		=> $tid,
				'subject'	=> $atc['subject'],
				'postdate'	=> get_date($atc['postdate']),
				'forum'		=> strip_tags($foruminfo['name']),
				'affect'    => "$name:$addpoint",
				'admindate'	=> get_date($timestamp),
				'reason'	=> $atc_content
			);
			writenewmsg($msg,1);
		}
		require_once(R_P.'require/writelog.php');
		$log = array(
			'type'      => 'credit',
			'username1' => $atc['author'],
			'username2' => $windid,
			'field1'    => $fid,
			'field2'    => '',
			'field3'    => '',
			'descrip'   => 'credit_descrip',
			'timestamp' => $timestamp,
			'ip'        => $onlineip,
			'tid'		=> $tid,
			'forum'		=> strip_tags($foruminfo['name']),
			'subject'	=> $atc['subject'],
			'affect'	=> "$name:$addpoint",
			'reason'	=> $atc_content