国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

171 řádky
8.2KB

  1. <?php
  2. /**
  3. * 图片发布
  4. *
  5. * @version $id:album_add.php 13:52 2010年7月9日 tianya $
  6. * @package DedeBIZ.User
  7. * @copyright Copyright (c) 2022 DedeBIZ.COM
  8. * @license https://www.dedebiz.com/license
  9. * @link https://www.dedebiz.com
  10. */
  11. require_once(dirname(__FILE__)."/config.php");
  12. //考虑安全原因不管是否开启游客投稿功能,都不允许用户对图片投稿
  13. CheckRank(0, 0);
  14. if ($cfg_mb_lit == 'Y') {
  15. ShowMsg("由于系统开启了会员空间精简版,您浏览的功能不可用", "-1");
  16. exit();
  17. }
  18. if ($cfg_mb_album == 'N') {
  19. ShowMsg("由于系统关闭了图片功能,您浏览的功能不可用", "-1");
  20. exit();
  21. }
  22. require_once(DEDEINC."/dedetag.class.php");
  23. require_once(DEDEINC."/userlogin.class.php");
  24. require_once(DEDEINC."/customfields.func.php");
  25. require_once(DEDEMEMBER."/inc/inc_catalog_options.php");
  26. require_once(DEDEMEMBER."/inc/inc_archives_functions.php");
  27. $channelid = isset($channelid) && is_numeric($channelid) ? $channelid : 2;
  28. $typeid = isset($typeid) && is_numeric($typeid) ? $typeid : 0;
  29. $menutype = 'content';
  30. if (empty($formhtml)) $formhtml = 0;
  31. if ($cfg_ml->IsSendLimited()) {
  32. ShowMsg("文档发布失败,投稿已经超出投稿限制次数:{$cfg_ml->M_SendMax}次", "-1", "0", 5000);
  33. exit();
  34. }
  35. /*-------------
  36. function _ShowForm(){ }
  37. --------------*/
  38. if (empty($dopost)) {
  39. $query = "SELECT * FROM `#@__channeltype` WHERE id='$channelid'; ";
  40. $cInfos = $dsql->GetOne($query);
  41. if (!is_array($cInfos)) {
  42. ShowMsg('模型参数不正确', '-1');
  43. exit();
  44. }
  45. //检查会员等级和类型限制
  46. if ($cInfos['sendrank'] > $cfg_ml->M_Rank) {
  47. $row = $dsql->GetOne("Select membername From `#@__arcrank` where `rank`='".$cInfos['sendrank']."' ");
  48. ShowMsg("需要<span class='text-primary'>".$row['membername']."</span>才能在这个栏目发布文档", "-1", "0", 5000);
  49. exit();
  50. }
  51. if ($cInfos['usertype'] != '' && $cInfos['usertype'] != $cfg_ml->M_MbType) {
  52. ShowMsg("需要<span class='text-primary'>".$cInfos['usertype']."</span>帐号才能在这个栏目发布文档", "-1", "0", 5000);
  53. exit();
  54. }
  55. include(DEDEMEMBER."/templets/album_add.htm");
  56. exit();
  57. }
  58. /*------------------------------
  59. function _SaveArticle(){ }
  60. ------------------------------*/
  61. else if ($dopost == 'save') {
  62. include(DEDEMEMBER.'/inc/archives_check.php');
  63. $cInfos = $dsql->GetOne("SELECT * FROM `#@__channeltype` WHERE id='$channelid'; ");
  64. $maxwidth = isset($maxwidth) && is_numeric($maxwidth) ? $maxwidth : 800;
  65. $pagepicnum = isset($pagepicnum) && is_numeric($pagepicnum) ? $pagepicnum : 12;
  66. $ddmaxwidth = isset($ddmaxwidth) && is_numeric($ddmaxwidth) ? $ddmaxwidth : 200;
  67. $prow = isset($prow) && is_numeric($prow) ? $prow : 3;
  68. $pcol = isset($pcol) && is_numeric($pcol) ? $pcol : 3;
  69. $pagestyle = in_array($pagestyle, array('1', '2', '3')) ? $pagestyle : 2;
  70. include(DEDEMEMBER.'/inc/archives_check.php');
  71. $imgurls = "{dede:pagestyle maxwidth='$maxwidth' pagepicnum='$pagepicnum' ddmaxwidth='$ddmaxwidth' row='$prow' col='$pcol' value='$pagestyle'/}\r\n";
  72. $hasone = false;
  73. $ddisfirst = 1;
  74. //只支持填写地址
  75. for ($i = 1; $i <= 120; $i++) {
  76. if (!isset(${'imgfile'.$i})) {
  77. continue;
  78. }
  79. $f = ${'imgfile'.$i};
  80. $msg = isset(${'imgmsg'.$i}) ? ${'imgmsg'.$i} : "";
  81. if (!empty($f) && filter_var($f, FILTER_VALIDATE_URL)) {
  82. $u = str_replace(array("\"", "'"), "`", $f);
  83. $info = str_replace(array("\"", "'"), "`", $msg);
  84. $imgurls .= "{dede:img ddimg='' text='$info'} $u {/dede:img}\r\n";
  85. }
  86. } //循环结束
  87. $imgurls = addslashes($imgurls);
  88. //分析处理附加表数据
  89. $isrm = 1;
  90. if (!isset($formhtml)) {
  91. $formhtml = 0;
  92. }
  93. $inadd_f = $inadd_v = '';
  94. if (!empty($dede_addonfields)) {
  95. $addonfields = explode(';', $dede_addonfields);
  96. $inadd_f = '';
  97. $inadd_v = '';
  98. if (is_array($addonfields)) {
  99. foreach ($addonfields as $v) {
  100. if ($v == '') {
  101. continue;
  102. }
  103. $vs = explode(',', $v);
  104. if (!isset(${$vs[0]})) {
  105. ${$vs[0]} = '';
  106. }
  107. ${$vs[0]} = GetFieldValueA(${$vs[0]}, $vs[1], 0);
  108. $inadd_f .= ','.$vs[0];
  109. $inadd_v .= " ,'".${$vs[0]}."' ";
  110. }
  111. }
  112. //这里对前台提交的附加数据进行一次校验
  113. $fontiterm = PrintAutoFieldsAdd(stripslashes($cInfos['fieldset']), 'autofield', FALSE);
  114. if ($fontiterm != $inadd_f) {
  115. ShowMsg("提交表单同系统配置不相符,请重新提交", "-1");
  116. exit();
  117. }
  118. }
  119. //生成文档id
  120. $arcID = GetIndexKey($arcrank, $typeid, $sortrank, $channelid, $senddate, $mid);
  121. if (empty($arcID)) {
  122. ShowMsg("无法获得主键,因此无法进行后续操作", "-1");
  123. exit();
  124. }
  125. $description = HtmlReplace($description, -1);
  126. $mtypesid = intval($mtypesid); //对输入参数mtypesid未进行int整型转义,导致SQL注入的发生
  127. //保存到主表
  128. $inQuery = "INSERT INTO `#@__archives` (id,typeid,sortrank,flag,ismake,channel,arcrank,click,money,title,shorttitle,color,writer,source,litpic,pubdate,senddate,mid,description,keywords,mtype) VALUES ('$arcID','$typeid','$sortrank','$flag','$ismake','$channelid','$arcrank','0','$money','$title','$shorttitle','$color','$writer','$source','','$pubdate','$senddate','$mid','$description','$keywords','$mtypesid'); ";
  129. if (!$dsql->ExecuteNoneQuery($inQuery)) {
  130. $gerr = $dsql->GetError();
  131. $dsql->ExecuteNoneQuery("DELETE FROM `#@__arctiny` WHERE id='$arcID' ");
  132. ShowMsg("数据保存到数据库主表`#@__archives`时出错,请联系管理员", "javascript:;");
  133. exit();
  134. }
  135. //保存到附加表
  136. $addtable = trim($cInfos['addtable']);
  137. if (empty($addtable)) {
  138. $dsql->ExecuteNoneQuery("DELETE FROM `#@__archives` WHERE id='$arcID'");
  139. $dsql->ExecuteNoneQuery("DELETE FROM `#@__arctiny` WHERE id='$arcID'");
  140. ShowMsg("没找到当前模型<span class='text-primary'>{$channelid}</span>主表信息,无法完成操作", "javascript:;");
  141. exit();
  142. } else {
  143. $query = "INSERT INTO `$addtable` (aid,typeid,userip,redirecturl,templet,pagestyle,maxwidth,imgurls,`row`,col,isrm,ddmaxwidth,pagepicnum{$inadd_f}) VALUES ('$arcID','$typeid','$userip','','','$pagestyle','$maxwidth','$imgurls','$prow','$pcol','$isrm','$ddmaxwidth','$pagepicnum'{$inadd_v}); ";
  144. if (!$dsql->ExecuteNoneQuery($query)) {
  145. $gerr = $dsql->GetError();
  146. $dsql->ExecuteNoneQuery("DELETE FROM `#@__archives` WHERE id='$arcID'");
  147. $dsql->ExecuteNoneQuery("DELETE FROM `#@__arctiny` WHERE id='$arcID'");
  148. ShowMsg("数据保存到数据库附加表时出错,请联系管理员".$gerr, "javascript:;");
  149. exit();
  150. }
  151. }
  152. //增加积分
  153. $dsql->ExecuteNoneQuery("UPDATE `#@__member` SET scores=scores+{$cfg_sendarc_scores} WHERE mid='".$cfg_ml->M_ID."' ; ");
  154. //更新统计
  155. countArchives($channelid);
  156. //生成网页
  157. InsertTags($tags, $arcID);
  158. $artUrl = MakeArt($arcID, true);
  159. if ($artUrl == '') $artUrl = $cfg_phpurl."/view.php?aid=$arcID";
  160. ClearMyAddon($arcID, $title);
  161. //返回成功信息
  162. $msg = "请选择您的后续操作:<a href='album_add.php?cid=$typeid' class='btn btn-success btn-sm>继续发布图片</a><a href='$artUrl' target='_blank' class='btn btn-success btn-sm'>查看图片</a><a href='album_edit.php?aid=".$arcID."&channelid=$channelid' class='btn btn-success btn-sm'>修改图片</a><a href='content_list.php?channelid={$channelid}' class='btn btn-success btn-sm'>已发布图片管理</a>";
  163. $wintitle = "成功发布图片";
  164. $wecome_info = "图片管理::发布图片";
  165. $win = new OxWindow();
  166. $win->AddTitle("成功发布图片");
  167. $win->AddMsgItem($msg);
  168. $winform = $win->GetWindow("hand", "&nbsp;", false);
  169. $win->Display(DEDEMEMBER."/templets/win_templet.htm");
  170. }
  171. ?>