fenglin/bbs/post.php

<?
        require_once "../lib/common.inc.php";
        require_once "../lib/db_open.inc.php";
        require_once "./common_lib.inc.php";
        require_once "./session_init.inc.php";
        require_once "./check_sub.inc.php";
        require_once "../lib/lml.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "./theme.inc.php";
?>
<?
        force_login();

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        $id = (isset($_GET["id"]) ? intval($_GET["id"]) : 0);
        $reply_id = (isset($_GET["reply_id"]) ? intval($_GET["reply_id"]) : 0);
        $sid = (isset($_GET["sid"]) ? intval($_GET["sid"]) : $BBS_default_sid);
        $quote = (isset($_GET["quote"]) && $_GET["quote"] == "0" ? false : true);

        $uid = 0;
        $tid = 0;
        $title = "";
        $r_username = "";
        $r_nickname = "";
        $content = "";
        $emoji = 1;
        $reply_note = ($reply_id == 0 ? 1 : 0);
        $excerption = 0;
        $attachments = array();

        if($id == 0) // Post article
        {
                if ($reply_id == 0) // Post new thread
                {
                        $sql = "SELECT title FROM section_config WHERE SID = $sid AND enable";

                        $rs = mysqli_query($db_conn, $sql);
                        if ($rs == false)
                        {
                                $result_set["return"]["code"] = -2;
                                $result_set["return"]["message"] = "Query section error: " . mysqli_error($db_conn);
                
                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                
                        if ($row = mysqli_fetch_array($rs))
                        {
                                $section_title = $row["title"];
                        }
                        else
                        {
                                $result_set["return"]["code"] = -1;
                                $result_set["return"]["message"] = "版块不存在！";
                
                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                        mysqli_free_result($rs);

                        if (!$_SESSION["BBS_priv"]->checkpriv($sid, S_POST))
                        {
                                $result_set["return"]["code"] = -1;
                                $result_set["return"]["message"] = "您无权发表文章！";
                
                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }
                else // Reply article
                {
                        $sql = "SELECT TID, bbs.SID, bbs.title, `lock`, username, nickname, content,
                                        section_config.title AS s_title FROM bbs
                                        INNER JOIN bbs_content ON bbs.CID = bbs_content.CID
                                        INNER JOIN section_config ON bbs.SID = section_config.SID
                                        WHERE bbs.AID = $reply_id AND visible";

                        $rs = mysqli_query($db_conn, $sql);
                        if ($rs == false)
                        {
                                $result_set["return"]["code"] = -2;
                                $result_set["return"]["message"] = "Query article error: " . mysqli_error($db_conn);
                
                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }

                        if ($row = mysqli_fetch_array($rs))
                        {
                                $tid = $row["TID"];
                                $sid = $row["SID"];
                                $title = $row["title"];
                                $lock = $row["lock"];
                                $r_username = $row["username"];
                                $r_nickname = $row["nickname"];
                                $content = $row["content"];
                                $section_title = $row["s_title"];
                        }
                        else
                        {
                                $result_set["return"]["code"] = -1;
                                $result_set["return"]["message"] = "回复的文章不存在！";
                
                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                        mysqli_free_result($rs);

                        if ($tid != 0) // Article to be replied is not the head of topic thread
                        {
                                $sql = "SELECT SID, `lock` FROM bbs WHERE AID = $tid AND visible";

                                $rs = mysqli_query($db_conn, $sql);
                                if ($rs == false)
                                {
                                        $result_set["return"]["code"] = -2;
                                        $result_set["return"]["message"] = "Query article error: " . mysqli_error($db_conn);
                        
                                        mysqli_close($db_conn);
                                        exit(json_encode($result_set));
                                }
        
                                if ($row = mysqli_fetch_array($rs))
                                {
                                        $sid = $row["SID"]; // In case of inconsistent SID data
                                        $lock = $row["lock"];
                                }
                                else
                                {
                                        $result_set["return"]["code"] = -1;
                                        $result_set["return"]["message"] = "回复的主题不存在！";
                        
                                        mysqli_close($db_conn);
                                        exit(json_encode($result_set));
                                }
                                mysqli_free_result($rs);                                
                        }

                        if (!$_SESSION["BBS_priv"]->checkpriv($sid, S_POST))
                        {
                                $result_set["return"]["code"] = -1;
                                $result_set["return"]["message"] = "您无权发表文章！";
                
                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }

                        if ($lock)
                        {
                                $result_set["return"]["code"] = -1;
                                $result_set["return"]["message"] = "该主题谢绝回复！";
                
                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }
        }
        else // Modify article
        {
                $sql = "select UID, bbs.SID, TID, bbs.title, content, icon, reply_note, excerption,
                                section_config.title AS s_title FROM bbs
                                INNER JOIN bbs_content ON bbs.CID = bbs_content.CID
                                INNER JOIN section_config ON bbs.SID = section_config.SID
                                WHERE bbs.AID = $id AND visible";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Query article error: " . mysqli_error($db_conn);
        
                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                if ($row = mysqli_fetch_array($rs))
                {
                        $uid = $row["UID"];
                        $sid = $row["SID"];
                        $tid = $row["TID"];
                        $title = $row["title"];
                        $content = $row["content"];
                        $emoji = $row["icon"];
                        $reply_note = $row["reply_note"];
                        $excerption = $row["excerption"];
                        $section_title = $row["s_title"];
                }
                else
                {
                        $result_set["return"]["code"] = -1;
                        $result_set["return"]["message"] = "修改的文章不存在！";
        
                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }
                mysqli_free_result($rs);

                if (!($_SESSION["BBS_priv"]->checkpriv($sid, S_POST) && $_SESSION["BBS_uid"] == $uid && (!$excerption)))
                {
                        $result_set["return"]["code"] = -1;
                        $result_set["return"]["message"] = "您无权修改此文章！";
        
                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                $sql = "SELECT * FROM upload_file WHERE ref_AID = $id
                                AND deleted = 0 AND deny = 0
                                ORDER BY AID";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Read attachment error: " . mysqli_error($db_conn);
        
                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }
                
                while ($row = mysqli_fetch_array($rs))
                {
                        $attachments[$row["AID"]] = array(
                                "filename" => $row["filename"],
                                "size" => $row["size"],
                                "check" => $row["check"],
                        );
                }
                mysqli_free_result($rs);
        }

        mysqli_close($db_conn);

        // Fill up result data
        $result_set["data"] = array(
                "id" => $id,
                "reply_id" => $reply_id,
                "uid" => $uid,
                "sid" => $sid,
                "tid" => $tid,
                "title" => $title,
                "r_username" => $r_username,
                "r_nickname" => $r_nickname,
                "content" => $content,
                "quote" => $quote,
                "emoji" => $emoji,
                "reply_note" => $reply_note,
                "excerption" => $excerption,
                "section_title" => $section_title,
                "attachments" => $attachments,
        );

        // Cleanup
        unset($id);
        unset($reply_id);
        unset($uid);
        unset($sid);
        unset($tid);
        unset($title);
        unset($r_username);
        unset($r_nickname);
        unset($content);
        unset($emoji);
        unset($reply_note);
        unset($excerption);
        unset($section_title);
        unset($attachments);
        
        // Output with theme view
        $theme_view_file = get_theme_file("view/post", $_SESSION["BBS_theme_name"]);
        if ($theme_view_file == null)
        {
                exit(json_encode($result_set)); // Output data in Json
        }
        include $theme_view_file;
?>
1	sysadm	1.1	<?
2			require_once "../lib/common.inc.php";
3			require_once "../lib/db_open.inc.php";
4			require_once "./common_lib.inc.php";
5			require_once "./session_init.inc.php";
6			require_once "./check_sub.inc.php";
7			require_once "../lib/lml.inc.php";
8			require_once "../lib/str_process.inc.php";
9	sysadm	1.7	require_once "./theme.inc.php";
10	sysadm	1.1	?>
11			<?
12			force_login();
13
14	sysadm	1.7	$result_set = array(
15			"return" => array(
16			"code" => 0,
17			"message" => "",
18			"errorFields" => array(),
19			)
20			);
21
22	sysadm	1.1	$id = (isset($_GET["id"]) ? intval($_GET["id"]) : 0);
23			$reply_id = (isset($_GET["reply_id"]) ? intval($_GET["reply_id"]) : 0);
24			$sid = (isset($_GET["sid"]) ? intval($_GET["sid"]) : $BBS_default_sid);
25			$quote = (isset($_GET["quote"]) && $_GET["quote"] == "0" ? false : true);
26
27	sysadm	1.7	$uid = 0;
28			$tid = 0;
29	sysadm	1.1	$title = "";
30	sysadm	1.7	$r_username = "";
31			$r_nickname = "";
32	sysadm	1.1	$content = "";
33			$emoji = 1;
34			$reply_note = ($reply_id == 0 ? 1 : 0);
35	sysadm	1.7	$excerption = 0;
36			$attachments = array();
37	sysadm	1.1
38			if($id == 0) // Post article
39			{
40			if ($reply_id == 0) // Post new thread
41			{
42			$sql = "SELECT title FROM section_config WHERE SID = $sid AND enable";
43
44			$rs = mysqli_query($db_conn, $sql);
45			if ($rs == false)
46			{
47	sysadm	1.7	$result_set["return"]["code"] = -2;
48			$result_set["return"]["message"] = "Query section error: " . mysqli_error($db_conn);
49
50			mysqli_close($db_conn);
51			exit(json_encode($result_set));
52	sysadm	1.1	}
53
54			if ($row = mysqli_fetch_array($rs))
55			{
56			$section_title = $row["title"];
57			}
58			else
59			{
60	sysadm	1.7	$result_set["return"]["code"] = -1;
61			$result_set["return"]["message"] = "版块不存在！";
62
63			mysqli_close($db_conn);
64			exit(json_encode($result_set));
65	sysadm	1.1	}
66			mysqli_free_result($rs);
67
68			if (!$_SESSION["BBS_priv"]->checkpriv($sid, S_POST))
69			{
70	sysadm	1.7	$result_set["return"]["code"] = -1;
71			$result_set["return"]["message"] = "您无权发表文章！";
72
73			mysqli_close($db_conn);
74			exit(json_encode($result_set));
75	sysadm	1.1	}
76			}
77			else // Reply article
78			{
79			$sql = "SELECT TID, bbs.SID, bbs.title, `lock`, username, nickname, content,
80			section_config.title AS s_title FROM bbs
81			INNER JOIN bbs_content ON bbs.CID = bbs_content.CID
82			INNER JOIN section_config ON bbs.SID = section_config.SID
83			WHERE bbs.AID = $reply_id AND visible";
84
85			$rs = mysqli_query($db_conn, $sql);
86			if ($rs == false)
87			{
88	sysadm	1.7	$result_set["return"]["code"] = -2;
89			$result_set["return"]["message"] = "Query article error: " . mysqli_error($db_conn);
90
91			mysqli_close($db_conn);
92			exit(json_encode($result_set));
93	sysadm	1.1	}
94
95			if ($row = mysqli_fetch_array($rs))
96			{
97			$tid = $row["TID"];
98			$sid = $row["SID"];
99			$title = $row["title"];
100			$lock = $row["lock"];
101			$r_username = $row["username"];
102			$r_nickname = $row["nickname"];
103			$content = $row["content"];
104			$section_title = $row["s_title"];
105			}
106			else
107			{
108	sysadm	1.7	$result_set["return"]["code"] = -1;
109			$result_set["return"]["message"] = "回复的文章不存在！";
110
111			mysqli_close($db_conn);
112			exit(json_encode($result_set));
113	sysadm	1.1	}
114			mysqli_free_result($rs);
115
116			if ($tid != 0) // Article to be replied is not the head of topic thread
117			{
118			$sql = "SELECT SID, `lock` FROM bbs WHERE AID = $tid AND visible";
119
120			$rs = mysqli_query($db_conn, $sql);
121			if ($rs == false)
122			{
123	sysadm	1.7	$result_set["return"]["code"] = -2;
124			$result_set["return"]["message"] = "Query article error: " . mysqli_error($db_conn);
125
126			mysqli_close($db_conn);
127			exit(json_encode($result_set));
128	sysadm	1.1	}
129
130			if ($row = mysqli_fetch_array($rs))
131			{
132			$sid = $row["SID"]; // In case of inconsistent SID data
133			$lock = $row["lock"];
134			}
135			else
136			{
137	sysadm	1.7	$result_set["return"]["code"] = -1;
138			$result_set["return"]["message"] = "回复的主题不存在！";
139
140			mysqli_close($db_conn);
141			exit(json_encode($result_set));
142	sysadm	1.1	}
143			mysqli_free_result($rs);
144			}
145
146			if (!$_SESSION["BBS_priv"]->checkpriv($sid, S_POST))
147			{
148	sysadm	1.7	$result_set["return"]["code"] = -1;
149			$result_set["return"]["message"] = "您无权发表文章！";
150
151			mysqli_close($db_conn);
152			exit(json_encode($result_set));
153	sysadm	1.1	}
154
155			if ($lock)
156			{
157	sysadm	1.7	$result_set["return"]["code"] = -1;
158			$result_set["return"]["message"] = "该主题谢绝回复！";
159
160			mysqli_close($db_conn);
161			exit(json_encode($result_set));
162	sysadm	1.1	}
163			}
164			}
165			else // Modify article
166			{
167			$sql = "select UID, bbs.SID, TID, bbs.title, content, icon, reply_note, excerption,
168			section_config.title AS s_title FROM bbs
169			INNER JOIN bbs_content ON bbs.CID = bbs_content.CID
170			INNER JOIN section_config ON bbs.SID = section_config.SID
171			WHERE bbs.AID = $id AND visible";
172
173			$rs = mysqli_query($db_conn, $sql);
174			if ($rs == false)
175			{
176	sysadm	1.7	$result_set["return"]["code"] = -2;
177			$result_set["return"]["message"] = "Query article error: " . mysqli_error($db_conn);
178
179			mysqli_close($db_conn);
180			exit(json_encode($result_set));
181	sysadm	1.1	}
182
183			if ($row = mysqli_fetch_array($rs))
184			{
185			$uid = $row["UID"];
186			$sid = $row["SID"];
187			$tid = $row["TID"];
188			$title = $row["title"];
189			$content = $row["content"];
190			$emoji = $row["icon"];
191			$reply_note = $row["reply_note"];
192			$excerption = $row["excerption"];
193			$section_title = $row["s_title"];
194			}
195			else
196			{
197	sysadm	1.7	$result_set["return"]["code"] = -1;
198			$result_set["return"]["message"] = "修改的文章不存在！";
199
200			mysqli_close($db_conn);
201			exit(json_encode($result_set));
202	sysadm	1.1	}
203			mysqli_free_result($rs);
204
205			if (!($_SESSION["BBS_priv"]->checkpriv($sid, S_POST) && $_SESSION["BBS_uid"] == $uid && (!$excerption)))
206			{
207	sysadm	1.7	$result_set["return"]["code"] = -1;
208			$result_set["return"]["message"] = "您无权修改此文章！";
209
210			mysqli_close($db_conn);
211			exit(json_encode($result_set));
212	sysadm	1.1	}
213
214			$sql = "SELECT * FROM upload_file WHERE ref_AID = $id
215			AND deleted = 0 AND deny = 0
216			ORDER BY AID";
217
218			$rs = mysqli_query($db_conn, $sql);
219			if ($rs == false)
220			{
221	sysadm	1.7	$result_set["return"]["code"] = -2;
222			$result_set["return"]["message"] = "Read attachment error: " . mysqli_error($db_conn);
223
224			mysqli_close($db_conn);
225			exit(json_encode($result_set));
226	sysadm	1.1	}
227
228			while ($row = mysqli_fetch_array($rs))
229			{
230	sysadm	1.7	$attachments[$row["AID"]] = array(
231			"filename" => $row["filename"],
232			"size" => $row["size"],
233			"check" => $row["check"],
234			);
235	sysadm	1.1	}
236			mysqli_free_result($rs);
237			}
238	sysadm	1.7
239			mysqli_close($db_conn);
240
241			// Fill up result data
242			$result_set["data"] = array(
243			"id" => $id,
244			"reply_id" => $reply_id,
245			"uid" => $uid,
246			"sid" => $sid,
247			"tid" => $tid,
248			"title" => $title,
249			"r_username" => $r_username,
250			"r_nickname" => $r_nickname,
251			"content" => $content,
252			"quote" => $quote,
253			"emoji" => $emoji,
254			"reply_note" => $reply_note,
255			"excerption" => $excerption,
256			"section_title" => $section_title,
257			"attachments" => $attachments,
258			);
259
260			// Cleanup
261			unset($id);
262			unset($reply_id);
263			unset($uid);
264			unset($sid);
265			unset($tid);
266			unset($title);
267			unset($r_username);
268			unset($r_nickname);
269			unset($content);
270			unset($emoji);
271			unset($reply_note);
272			unset($excerption);
273			unset($section_title);
274			unset($attachments);
275
276			// Output with theme view
277	sysadm	1.8	$theme_view_file = get_theme_file("view/post", $_SESSION["BBS_theme_name"]);
278	sysadm	1.7	if ($theme_view_file == null)
279	sysadm	1.6	{
280	sysadm	1.7	exit(json_encode($result_set)); // Output data in Json
281	sysadm	1.6	}
282	sysadm	1.7	include $theme_view_file;
283	sysadm	1.1	?>
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1