📄 savepage.php
字号:
<?phpdefined('WikyBlog') or die("Not an entry point...");function fileToDisk(&$saveObj,$newValues = NULL){ global $pageOwner, $page, $wbConfig, $wbTables,$lang,$wbNow; $gotLastRevision = false; if( !$saveObj->editable ){ message('PROTECTED_FILE'); return false; } ////////////////////////////////////////////////////////////////////////////////////////// // // I) Set $saveObj and check validity // if( $saveObj->exists ){ $oldKeywords = $saveObj->keywords; $oldSize = objectSave::getSize($saveObj); }else{ $oldKeywords = ''; $oldSize = 0; } $pageKey =& $saveObj->uniqStorage; //I would like to add the message('SYNTAX_FIXED'); // to pages if they aren't safe, then become safe.. // How do I differentiate between a file that is really unsafe vs one that just hasn't been tested yet // but I don't want to add an 'unsafe' flag... this will just have to be something for down the road // 1) Existing Values // So whats the criteria here?... that the user is continuing to make changes during a xmlHTTP session // --> this means that they haven't gone back to toolEditPage.PHP -> modified times will be different // --> the current username/id will be from the same user! //version conflict? if( isset($_SESSION['editPage'][$pageKey]) // Must be within users editing session && $_SESSION['editPage'][$pageKey] != $saveObj->modified // Session-time shouldn't match object-time && !isset($newValues) ){ // and it can't be an internal change $getLast = false; if( isset($_SESSION['username']) ){ if($_SESSION['username'] == $saveObj->username){ $getLast = true; } }elseif($_SERVER["REMOTE_ADDR"] == $saveObj->ip){ $getLast = true; } if( $getLast ){ includeFile( 'tool/History1.php' ); $gotLastRevision = getLastRevision(); } } //get existing values before setFromPost() so that we can make a comparison $oldValues = $saveObj->toUserValues(); //this need to be done after getLastRevsion() ////////////////////////////////////////////////////////////////////////////////////////// // // I) cont.. Set New Values // if( !isset($newValues) ){ // from post if( $_SERVER["REQUEST_METHOD"] != 'POST'){ trigger_error('Saves can only be made with "POST".'); return false; } $saveObj->setFromPost(); // Check existing vs $_SESSION // after setting new values so that the user doesn't lose the new values if there's an error //if( empty($_SESSION['editPage'][$pageKey]) ||($_SESSION['editPage'][$pageKey] != $saveObj->modified) ){ if( !is_array($_SESSION['editPage']) ){ message('VERSION_CONFLICT_2'); return false; } if( !array_key_exists($pageKey, $_SESSION['editPage']) && $saveObj->exists ){ message('VERSION_CONFLICT'); return false; } if( !array_key_exists($pageKey, $_SESSION['editPage'] ) || ($_SESSION['editPage'][$pageKey] != $saveObj->modified)){ message('VERSION_CONFLICT_2'); return false; } }else{ // Using $newValues, we override the check for consistency... // this should be used carefully // Note: $newValues could just be an array $saveObj->setVariables( $newValues, $saveObj->userValues); } $saveObj->checkData(); //could checkData if( !$saveObj->validData ){ return false; } ////////////////////////////////////////////////////////////////////////////////////////// // // I) cont.. flood check // Keeps users who are not logged in and not in the current workgroup from editing/saving files too quickly // Done here because a setFromPost needs to be before (in case we refuse the edit, we don't want to discard the changes) if( isset($_SESSION['lastSave']) ){ reset($_SESSION['lastSave']); //key() doesn't work right for all php versions if( isset($wbConfig['floodInterval']) && $wbConfig['floodInterval'] > 0 && $pageKey != key($_SESSION['lastSave']) && $_SESSION['userlevel'] < 2 ){ $timeDiff = time()-current($_SESSION['lastSave']); if( $timeDiff < $wbConfig['floodInterval'] ){ message('FLOOD_WARN',$wbConfig['floodInterval'],$wbConfig['floodInterval']-$timeDiff); return false; } } } ////////////////////////////////////////////////////////////////////////////////////////// // // I) cont... flag unchecked? // if( isset($pageOwner['fEdits']) && ((int)$pageOwner['fEdits'] >= (int)$_SESSION['userlevel']) && (strpos($saveObj->flags,'flag1') === false) ){ $saveObj->flags .= ',flag1'; $saveObj->flags = str_replace(',,',',',$saveObj->flags); } ////////////////////////////////////////////////////////////////////////////////////////// // // II) OLD PAGE SAVE :: UPDATE // if( $saveObj->exists ){ //////// A) HISTORY PREP $newValues = $saveObj->toUserValues(); // A-1) Get Instructions includeFile('tool/History2.php'); $comparison = new difference_main($newValues,$oldValues); // go from new to past version if( empty($comparison->instructions) ){ if(!$gotLastRevision){ message('NO_CHANGES','1'); return true; } //!! //message('undid changes and now back to original .. I would like to delete the history row and force the update'); } $history['file_id'] = $saveObj->file_id; $history['modified'] = $saveObj->modified; $history['instructions'] = $comparison->instructions; $history['username'] = $saveObj->username; $history['ip'] = $saveObj->ip; $history['summary'] = $saveObj->summary; //////// B) UPDATE // no more than inserting new data into table //NEW // UPDATE items,month SET items.price=month.price WHERE items.id=month.id; $updateA = array(); $updateA = $saveObj->toDB(); if($updateA === false){ message('UNABLE_TO_SAVE','1'); return false; } if( isset($_SESSION['username']) ){ $updateA['username'] = $_SESSION['username']; }else{ $updateA['username'] = ''; } $updateA['modified'] = $wbNow; $updateA['keywords'] = $saveObj->keywords; $updateA['ip'] = $_SERVER["REMOTE_ADDR"]; $updateA['summary'] = htmlspecialchars($_POST['summary']); if( strpos($saveObj->flags,'redirect') !== false ){ $saveObj->flags = str_replace(array('redirect',',,'),array('',','),$saveObj->flags); $updateA['info'] = ''; } $updateA['flags'] = $saveObj->flags; //explicitly set it here so that "safe" flags will be saved $query = 'UPDATE '.$wbTables['all_files'].', '.$saveObj->dbInfo['dbTable'].' SET '; $query .= wbDB::toSet($updateA); $query .= ' WHERE '; $query .= $saveObj->dbInfo['dbTable'].'.`file_id` = "'.$saveObj->file_id.'" '; $query .= ' AND '.$saveObj->dbInfo['dbTable'].'.`file_id` = '.$wbTables['all_files'].'.`file_id` '; wbDB::runQuery($query); $numA= mysql_affected_rows(); if($numA == 0){ message('NO_CHANGES','2'); return true; }elseif(($numA !== 2)&&($numA !== 1)){ trigger_error('<b>Update File Error:</b> An error occurred while updating this File. A'.$numA); //return false; } //////// C) HISTORY //update or insert $numB = 0; if( $gotLastRevision ){ $histWhere['file_id'] = $saveObj->file_id; $histWhere['revision'] = $saveObj->revision; $numB = wbDB::dbUpdate2($wbTables['all_history'], $history, $histWhere); // if($numB == 0){ // trigger_error('History was not saved.'); //this could be zero if $history is the same! them mysql won't make the change and just tell us nothing's happened // return true; // } if($numB < 0){ trigger_error('History was not saved.'); return true; } }else{ $numB = wbDB::dbInsert2($wbTables['all_history'],$history); if($numB == 0){ trigger_error('History was not saved.'); return true; } $revisionNum = mysql_insert_id(); // check HISTORY LIMIT and delete the oldest rows if there are more than $maxHistory for a page // - setting $historyTolerance > 1 will delay the deletions untill that many rows more than // the tolerance have been reached. global $maxHistory,$defaultUser; $historyTolerance = 10; //will delete excess rows when there are $maxHistory+(n*10) rows if( !empty($pageOwner['maxHistory']) ){ $maxHistory = $pageOwner['maxHistory']; }elseif( !empty($defaultUser['maxHistory']) && !empty($maxHistory) ){ $maxHistory = $defaultUser['maxHistory']; } if( isset($maxHistory) && ($revisionNum > $maxHistory) ){ if( ( ($revisionNum-$maxHistory) % $historyTolerance) === 0 ){ //Delete $historyTolerance rows $query = 'DELETE FROM '.$wbTables['all_history']; $query .= ' WHERE `file_id` = '.$saveObj->file_id; $query .= ' AND revision <= '.($revisionNum-$maxHistory); wbDB::runQuery($query); // this may delete more than $historyTolerance because of changes to $maxHistory. } } } ////////////////////////////////////////////////////////////////////////////////////////// // // III) NEW PAGE SAVE :: INSERT // }else{ // changes made? $insert = array(); $insert = $saveObj->toDB(); if($insert === false){ message('UNABLE_TO_SAVE','2'); return false; }elseif( empty($insert['owner']) ){ // "owner" must be a part of dbValues message('UNABLE_TO_SAVE','3'); return false; } // all files table $allInsert = array(); $allInsert['owner_id'] = $pageOwner['user_id']; $allInsert['modified'] = $wbNow; $allInsert['posted'] = $wbNow; $allInsert['created'] = $wbNow; $allInsert['keywords'] = $saveObj->keywords; $allInsert['flags'] = $saveObj->flags; //for defaults: see SPECdefaultOptions.php $allInsert['ip'] = $_SERVER["REMOTE_ADDR"]; if( isset($_SESSION['username']) ){ $allInsert['username'] = $_SESSION['username']; } wbDB::dbInsert2($wbTables['all_files'],$allInsert); $saveObj->file_id = mysql_insert_id(); // data type table $insert['file_id'] = $saveObj->file_id; $insert['summary'] = $_POST['summary']; $_SESSION['editPage'][$pageKey] = $wbNow; //$numc = wbDB::dbInsert2($saveObj->dbInfo['dbTable'],$insert); $query = 'REPLACE INTO '.$saveObj->dbInfo['dbTable'].' SET '.wbDB::toSet($insert,true); wbDB::runQuery($query); $numc = mysql_affected_rows(); ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -