DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
150 Commits
3 Branches
3.1GB
Tree: d911e48805
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd911e48805'
${ noResults }
DedeV6/src/member/inc/archives_check_edit.php

85 lines
2.5KB
Raw Blame History 

  1. <?php

  2. 

  3. /**

  4.  * 文档编辑验证

  5.  * 

  6.  * @version        $Id: archives_check_edit.php 1 13:52 2010年7月9日Z tianya $

  7.  * @package        DedeCMS.Member

  8.  * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.

  9.  * @license        http://help.dedecms.com/usersguide/license.html

  10.  * @link           http://www.dedecms.com

  11.  */

  12. if (!defined('DEDEMEMBER')) exit('dedecms');

  13. 

  14. require_once(DEDEINC . "/image.func.php");

  15. require_once(DEDEINC . "/oxwindow.class.php");

  16. 

  17. $flag = '';

  18. $typeid = isset($typeid) && is_numeric($typeid) ? $typeid : 0;

  19. $userip = GetIP();

  20. $svali = GetCkVdValue();

  21. if (preg_match("/3/", $safe_gdopen)) {

  22.     if (strtolower($vdcode) != $svali || $svali == '') {

  23.         ResetVdValue();

  24.         ShowMsg('验证码错误!', '-1');

  25.         exit();

  26.     }

  27. }

  28. if ($typeid == 0) {

  29.     ShowMsg('请指定文档隶属的栏目!', '-1');

  30.     exit();

  31. }

  32. 

  33. if (empty($idhash) || $idhash != hash("sha256", $aid.$cfg_cookie_encode))

  34. {

  35.     showMsg('数据校验不对,程序返回', '-1');

  36.     exit();

  37. }

  38. 

  39. // 校验CSRF

  40. CheckCSRF();

  41. 

  42. $query = "SELECT tp.ispart,tp.channeltype,tp.issend,ch.issend as cissend,ch.sendrank,ch.arcsta,ch.addtable,ch.fieldset,ch.usertype

  43.          FROM `#@__arctype` tp LEFT JOIN `#@__channeltype` ch ON ch.id=tp.channeltype WHERE tp.id='$typeid' ";

  44. $cInfos = $dsql->GetOne($query);

  45. $addtable = $cInfos['addtable'];

  46. 

  47. //检测栏目是否有投稿权限

  48. if ($cInfos['issend'] != 1 || $cInfos['ispart'] != 0 || $cInfos['channeltype'] != $channelid || $cInfos['cissend'] != 1) {

  49.     ShowMsg("你所选择的栏目不支持投稿!", "-1");

  50.     exit();

  51. }

  52. 

  53. 

  54. //文档的默认状态

  55. if ($cInfos['arcsta'] == 0) {

  56.     $ismake = 0;

  57.     $arcrank = 0;

  58. } else if ($cInfos['arcsta'] == 1) {

  59.     $ismake = -1;

  60.     $arcrank = 0;

  61. } else {

  62.     $ismake = 0;

  63.     $arcrank = -1;

  64. }

  65. 

  66. //对保存的内容进行处理

  67. $title = cn_substrR(HtmlReplace($title, 1), $cfg_title_maxlen);

  68. $writer =  cn_substrR(HtmlReplace($writer, 1), 20);

  69. if (empty($description)) $description = '';

  70. $description = cn_substrR(HtmlReplace($description, 1), 250);

  71. $keywords = cn_substrR(HtmlReplace($tags, 1), 30);

  72. $mid = $cfg_ml->M_ID;

  73. 

  74. $midQuery = "SELECT mid FROM `#@__arctiny` WHERE id='$aid'";

  75. $midRow = $dsql->GetOne($midQuery);

  76. if ($midRow['mid'] != $mid) {

  77.     ShowMsg('您暂无权限在这里进行修改文档!', 'javascript:;');

  78.     exit;

  79. }

  80. 

  81. $isadmin = ($cfg_ml->fields['matt'] == 10 ? true : false);

  82. if (empty($oldlitpic)) {

  83.     $oldlitpic = '';

  84. }