DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
99 Commits
3 Branches
110MB
Tree: 4204cfe0a4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4204cfe0a4'
${ noResults }
DedeV6/src/member/inc/archives_check_edit.php

93 lines
2.6KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * 文档编辑验证

  4.  * 

  5.  * @version        $Id: archives_check_edit.php 1 13:52 2010年7月9日Z tianya $

  6.  * @package        DedeCMS.Member

  7.  * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.

  8.  * @license        http://help.dedecms.com/usersguide/license.html

  9.  * @link           http://www.dedecms.com

  10.  */

  11. if(!defined('DEDEMEMBER')) exit('dedecms');

  12. 

  13. require_once(DEDEINC."/image.func.php");

  14. require_once(DEDEINC."/oxwindow.class.php");

  15. 

  16. $flag = '';

  17. $typeid = isset($typeid) && is_numeric($typeid) ? $typeid : 0;

  18. $userip = GetIP();

  19. $svali = GetCkVdValue();

  20. if(preg_match("/3/",$safe_gdopen)){

  21.     if(strtolower($vdcode)!=$svali || $svali=='')

  22.     {

  23.         ResetVdValue();

  24.         ShowMsg('验证码错误!', '-1');

  25.         exit();

  26.     }

  27. }

  28. if($typeid==0)

  29. {

  30.     ShowMsg('请指定文档隶属的栏目!','-1');

  31.     exit();

  32. }

  33. $query = "SELECT tp.ispart,tp.channeltype,tp.issend,ch.issend as cissend,ch.sendrank,ch.arcsta,ch.addtable,ch.fieldset,ch.usertype

  34.          FROM `#@__arctype` tp LEFT JOIN `#@__channeltype` ch ON ch.id=tp.channeltype WHERE tp.id='$typeid' ";

  35. $cInfos = $dsql->GetOne($query);

  36. $addtable = $cInfos['addtable'];

  37. 

  38. //检测栏目是否有投稿权限

  39. if($cInfos['issend']!=1 || $cInfos['ispart']!=0|| $cInfos['channeltype']!=$channelid || $cInfos['cissend']!=1)

  40. {

  41.     ShowMsg("你所选择的栏目不支持投稿!","-1");

  42.     exit();

  43. }

  44. 

  45. //文档的默认状态

  46. if($cInfos['arcsta']==0)

  47. {

  48.     $ismake = 0;

  49.     $arcrank = 0;

  50. }

  51. else if($cInfos['arcsta']==1)

  52. {

  53.     $ismake = -1;

  54.     $arcrank = 0;

  55. }

  56. else

  57. {

  58.     $ismake = 0;

  59.     $arcrank = -1;

  60. }

  61. 

  62. //对保存的内容进行处理

  63. $title = cn_substrR(HtmlReplace($title,1),$cfg_title_maxlen);

  64. $writer =  cn_substrR(HtmlReplace($writer,1),20);

  65. if(empty($description)) $description = '';

  66. $description = cn_substrR(HtmlReplace($description,1),250);

  67. $keywords = cn_substrR(HtmlReplace($tags,1),30);

  68. $mid = $cfg_ml->M_ID;

  69. 

  70. $midQuery = "SELECT mid FROM `#@__arctiny` WHERE id='$aid'";

  71. $midRow = $dsql->GetOne($midQuery);

  72. if($midRow['mid'] != $mid)

  73. {

  74.     ShowMsg('您暂无权限在这里进行修改文档!','javascript:;');

  75.     exit;

  76. }

  77. 

  78. $isadmin = ($cfg_ml->fields['matt']==10 ? true : false);

  79. if (empty($oldlitpic))

  80. {

  81.     $oldlitpic = '';

  82. }

  83. 

  84. //处理上传的缩略图

  85. if($litpic != '')

  86. {

  87.     $litpic = MemberUploads('litpic', $oldlitpic, $mid, 'image', '', $cfg_ddimg_width, $cfg_ddimg_height, false, $isadmin);

  88.     SaveUploadInfo($title, $litpic, 1);

  89. }

  90. else

  91. {

  92.     $litpic =$oldlitpic; if (strpos( $litpic, '..') !== false || strpos( $litpic, $cfg_user_dir."/{$userid}/" ) === false) exit('not allowed path!');

  93. }