--- fenglin/bbs/post_service.php 2025/04/04 08:03:04 1.3 +++ fenglin/bbs/post_service.php 2025/04/16 01:51:52 1.9 @@ -1,11 +1,11 @@ "title", + "errMsg" => "超长已截断", + "updateValue" => $r_title, + )); + } + + $r_title = check_badwords($title, "****"); + if ($title != $r_title) + { + $result_set["return"]["code"] = -1; + array_push($result_set["return"]["errorFields"], array( + "id" => "title", + "errMsg" => "已过滤", + "updateValue" => $r_title, + )); + } + + $r_content = check_badwords($content, "****"); + if ($content != $r_content) + { + $result_set["return"]["code"] = -1; + array_push($result_set["return"]["errorFields"], array( + "id" => "content", + "errMsg" => "已过滤", + "updateValue" => $r_content, + )); + } + if ($emoji <= 0 || $emoji > $BBS_emoji_count) { $result_set["return"]["code"] = -1; @@ -65,8 +98,8 @@ exit(json_encode($result_set)); } - // Append sign - if ($sign_id > 0) + // Append sign for new post + if ($id == 0 && $sign_id > 0) { $sql = "SELECT sign_" . $sign_id . " AS sign FROM user_pubinfo WHERE UID = " . $_SESSION["BBS_uid"]; $rs = mysqli_query($db_conn, $sql); @@ -92,9 +125,7 @@ $content .= ("\n--\n※作者已于 " . date("Y-m-d H:i:s") . " 修改本文※\n"); } - // Filter badwords and truncate - $title = check_badwords(split_line($title, "", 80, 1)); - $content = check_badwords($content); + // Calculate length of content $length = str_length(LML($content, false, false, 1024)); // Initial variables @@ -190,7 +221,7 @@ } else // Reply article { - $sql = "SELECT TID, SID, title, `lock` FROM bbs WHERE AID = $reply_id AND visible"; + $sql = "SELECT TID, SID, title, `lock` FROM bbs WHERE AID = $reply_id AND visible FOR UPDATE"; $rs = mysqli_query($db_conn, $sql); if ($rs == false) @@ -224,7 +255,7 @@ if ($tid != 0) // Article to be replied is not the head of topic thread { - $sql = "SELECT SID, title, `lock` FROM bbs WHERE AID = $tid AND visible"; + $sql = "SELECT SID, title, `lock` FROM bbs WHERE AID = $tid AND visible FOR UPDATE"; $rs = mysqli_query($db_conn, $sql); if ($rs == false) @@ -289,7 +320,7 @@ $result_set["return"]["code"] = -1; array_push($result_set["return"]["errorFields"], array( "id" => "prompt", - "errMsg" => "本版连续发表主题数量达到上限", + "errMsg" => "本版连续发表文章数量达到上限", )); mysqli_close($db_conn); @@ -317,7 +348,7 @@ } else // Modify article { - $sql = "SELECT TID, UID, SID, excerption FROM bbs WHERE AID = $id AND visible"; + $sql = "SELECT TID, UID, SID, excerption FROM bbs WHERE AID = $id AND visible FOR UPDATE"; $rs = mysqli_query($db_conn, $sql); if ($rs == false) @@ -591,7 +622,7 @@ if ($reply_id > 0) { $sql = "UPDATE bbs SET reply_count = reply_count + 1, - last_reply_dt = now(), last_reply_UID=" . $_SESSION["BBS_uid"] . + last_reply_dt = NOW(), last_reply_UID=" . $_SESSION["BBS_uid"] . ", last_reply_username = '" . $_SESSION["BBS_username"] . "', last_reply_nickname = '$nickname' WHERE Aid = $tid"; @@ -622,9 +653,8 @@ while ($row = mysqli_fetch_array($rs)) { //Send notification message - $msg_content = "[hide]SYS_Reply_Article[/hide]有人回复了您所发表/回复的主题文章,快来". - "[article " . $tid . "#" . $aid . "]看看[/article]《" . $r_title . "》吧!\n"; + "[article $aid]看看[/article]《" . $r_title . "》吧!\n"; $sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip) VALUES($BBS_sys_uid, " . $row["UID"] . ", '" . @@ -730,7 +760,6 @@ } // Set return path - $result_set["return"]["tid"] = $tid; $result_set["return"]["aid"] = $aid; $_SESSION["BBS_last_sub_tm"] = time();