/[LeafOK_CVS]/fenglin/bbs/section_service_setting.php
ViewVC logotype

Annotation of /fenglin/bbs/section_service_setting.php

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.1 - (hide annotations)
Wed Apr 23 07:14:47 2025 UTC (10 months, 3 weeks ago) by sysadm
Branch: MAIN 
Rename section_setting_service.php to section_service_setting.php
1 sysadm 1.1 <?php
2     require_once "../lib/db_open.inc.php";
3     require_once "../lib/str_process.inc.php";
4     require_once "./session_init.inc.php";
5     require_once "./check_sub.inc.php";
6    
7     $data = json_decode(file_get_contents("php://input"), true);
8    
9     $sid = (isset($data["sid"]) ? intval($data["sid"]) : 0);
10     $sname = (isset($data["sname"]) ? trim($data["sname"]) : "");
11     $title = (isset($data["title"]) ? trim($data["title"]) : "");
12     $exp_get = (isset($data["exp_get"]) && $data["exp_get"] == "1" ? 1 : 0);
13     $recommend = (isset($data["recommend"]) && $data["recommend"] == "1" ? 1 : 0);
14     $read_user_level = (isset($data["read_user_level"]) ? intval($data["read_user_level"]) : P_GUEST);
15     $write_user_level = (isset($data["write_user_level"]) ? intval($data["write_user_level"]) : P_USER);
16     $comment = (isset($data["comment"]) ? $data["comment"] : "");
17     $announcement = (isset($data["announcement"]) ? $data["announcement"] : "");
18     $sort_order = (isset($data["sort_order"]) ? intval($data["sort_order"]) : 0);
19     $ex_update = (isset($data["ex_update"]) && $data["ex_update"] == "1" ? 1 : 0);
20    
21     $result_set = array(
22     "return" => array(
23     "code" => 0,
24     "message" => "",
25     "errorFields" => array(),
26     )
27     );
28    
29     header("Content-Type:application/json; charset=utf-8");
30    
31     // Validate input data
32     if (!$_SESSION["BBS_priv"]->checkpriv($sid, S_POST | S_MAN_S))
33     {
34     $result_set["return"]["code"] = -1;
35     array_push($result_set["return"]["errorFields"], array(
36     "id" => "prompt",
37     "errMsg" => "没有权限",
38     ));
39    
40     mysqli_close($db_conn);
41     exit(json_encode($result_set));
42     }
43    
44     if (!preg_match("/^[A-Za-z][A-Za-z0-9_]{0,19}$/", $sname))
45     {
46     $result_set["return"]["code"] = -1;
47     array_push($result_set["return"]["errorFields"], array(
48     "id" => "sname",
49     "errMsg" => "不符合格式要求",
50     ));
51     }
52    
53     if ($title == "" || preg_match("/[[:space:]]/", $title) ||
54     htmlspecialchars(split_line($title, "", 20, 1), ENT_QUOTES | ENT_HTML401, 'UTF-8') != $title)
55     {
56     $result_set["return"]["code"] = -1;
57     array_push($result_set["return"]["errorFields"], array(
58     "id" => "title",
59     "errMsg" => "不符合格式要求",
60     ));
61     }
62    
63     $r_comment = check_badwords(split_line($comment, "", 80, 3), "****");
64     if ($comment != $r_comment)
65     {
66     $result_set["return"]["code"] = -1;
67     array_push($result_set["return"]["errorFields"], array(
68     "id" => "comment",
69     "errMsg" => "不符合要求",
70     "updateValue" => $r_comment,
71     ));
72     }
73    
74     $r_announcement = check_badwords(split_line($announcement, "", 150, 3), "****");
75     if ($announcement != $r_announcement)
76     {
77     $result_set["return"]["code"] = -1;
78     array_push($result_set["return"]["errorFields"], array(
79     "id" => "announcement",
80     "errMsg" => "不符合要求",
81     "updateValue" => $r_announcement,
82     ));
83     }
84    
85     if ($result_set["return"]["code"] != 0)
86     {
87     mysqli_close($db_conn);
88     exit(json_encode($result_set));
89     }
90    
91     // Secure SQL statement
92     $title = mysqli_real_escape_string($db_conn, $title);
93     $comment = mysqli_real_escape_string($db_conn, $comment);
94     $announcement = mysqli_real_escape_string($db_conn, $announcement);
95    
96     // Begin transaction
97     $rs = mysqli_query($db_conn, "SET autocommit=0");
98     if ($rs == false)
99     {
100     $result_set["return"]["code"] = -2;
101     $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
102    
103     mysqli_close($db_conn);
104     exit(json_encode($result_set));
105     }
106    
107     $rs = mysqli_query($db_conn, "BEGIN");
108     if ($rs == false)
109     {
110     $result_set["return"]["code"] = -2;
111     $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
112    
113     mysqli_close($db_conn);
114     exit(json_encode($result_set));
115     }
116    
117     // Query section
118     $sql = "SELECT CID FROM section_config WHERE SID = $sid FOR UPDATE";
119    
120     $rs = mysqli_query($db_conn, $sql);
121     if ($rs == false)
122     {
123     $result_set["return"]["code"] = -2;
124     $result_set["return"]["message"] = "Query section error: " . mysqli_error($db_conn);
125    
126     mysqli_close($db_conn);
127     exit(json_encode($result_set));
128     }
129    
130     if ($row = mysqli_fetch_array($rs))
131     {
132     $cid = $row["CID"];
133     }
134     else
135     {
136     $result_set["return"]["code"] = -1;
137     array_push($result_set["return"]["errorFields"], array(
138     "id" => "prompt",
139     "errMsg" => "版块不存在",
140     ));
141    
142     mysqli_close($db_conn);
143     exit(json_encode($result_set));
144     }
145     mysqli_free_result($rs);
146    
147     if ($_SESSION["BBS_priv"]->checklevel(P_ADMIN_M))
148     {
149     // Set sort order of sections in the same section class
150     $sql = "SELECT SID, enable, sort_order FROM section_config WHERE CID = $cid
151     ORDER BY sort_order FOR UPDATE";
152    
153     $rs = mysqli_query($db_conn, $sql);
154     if ($rs == false)
155     {
156     $result_set["return"]["code"] = -2;
157     $result_set["return"]["message"] = "Query section list error: " . mysqli_error($db_conn);
158    
159     mysqli_close($db_conn);
160     exit(json_encode($result_set));
161     }
162    
163     $i = 1;
164     $sid_disabled_list = "-1";
165     $real_sort_order = 0;
166     while ($row = mysqli_fetch_array($rs))
167     {
168     if ($sort_order == $i)
169     {
170     $real_sort_order = $i;
171     $i++;
172    
173     if ($row["SID"] == $sid)
174     {
175     if ($row["sort_order"] == $sort_order)
176     {
177     $real_sort_order = -1;
178     }
179     continue;
180     }
181     }
182    
183     if (!$row["enable"])
184     {
185     if ($row["sort_order"] != 0)
186     {
187     $sid_disabled_list .= (", " . $row["SID"]);
188     }
189     continue;
190     }
191    
192     if ($row["SID"] != $sid)
193     {
194     if ($row["sort_order"] != $i)
195     {
196     // Set sort_order for section with updated value
197     $sql = "UPDATE section_config SET sort_order = $i WHERE SID = " . $row["SID"];
198    
199     $ret = mysqli_query($db_conn, $sql);
200     if ($ret == false)
201     {
202     $result_set["return"]["code"] = -2;
203     $result_set["return"]["message"] = "Update section error: " . mysqli_error($db_conn);
204    
205     mysqli_close($db_conn);
206     exit(json_encode($result_set));
207     }
208     }
209     $i++;
210     }
211     }
212     mysqli_free_result($rs);
213    
214     if ($real_sort_order == 0)
215     {
216     $real_sort_order = $i;
217     }
218    
219     if ($real_sort_order > 0)
220     {
221     $sql = "UPDATE section_config SET sort_order = $real_sort_order WHERE SID = $sid";
222    
223     $rs = mysqli_query($db_conn, $sql);
224     if ($rs == false)
225     {
226     $result_set["return"]["code"] = -2;
227     $result_set["return"]["message"] = "Update section error: " . mysqli_error($db_conn);
228    
229     mysqli_close($db_conn);
230     exit(json_encode($result_set));
231     }
232     }
233    
234     // Enforce sort_order of disabled sections to 0
235     if ($sid_disabled_list != "-1")
236     {
237     $sql = "UPDATE section_config SET sort_order = 0 WHERE SID IN ($sid_disabled_list)";
238    
239     $rs = mysqli_query($db_conn, $sql);
240     if ($rs == false)
241     {
242     $result_set["return"]["code"] = -2;
243     $result_set["return"]["message"] = "Update section error: " . mysqli_error($db_conn);
244    
245     mysqli_close($db_conn);
246     exit(json_encode($result_set));
247     }
248     }
249     }
250    
251     if ($_SESSION["BBS_priv"]->checklevel(P_ADMIN_M))
252     {
253     $sql = "UPDATE section_config SET sname = '$sname', title = '$title',
254     exp_get = $exp_get, recommend = $recommend, read_user_level = $read_user_level,
255     write_user_level = $write_user_level, comment = '$comment',
256     announcement = '$announcement', ex_update = $ex_update,
257     set_UID = " . $_SESSION["BBS_uid"] . ", set_dt = NOW(), set_ip='" .
258     client_addr() ."' WHERE SID = $sid";
259     }
260     else
261     {
262     $sql = "UPDATE section_config SET comment = '$comment',
263     announcement = '$announcement', ex_update = $ex_update,
264     set_UID = " . $_SESSION["BBS_uid"] . ", set_dt = NOW(), set_ip='" .
265     client_addr() ."' WHERE SID = $sid";
266     }
267    
268     $rs = mysqli_query($db_conn, $sql);
269     if ($rs == false)
270     {
271     $result_set["return"]["code"] = -2;
272     $result_set["return"]["message"] = "Update section data error: " . mysqli_error($db_conn);
273    
274     mysqli_close($db_conn);
275     exit(json_encode($result_set));
276     }
277    
278     // Commit transaction
279     $rs = mysqli_query($db_conn, "COMMIT");
280     if ($rs == false)
281     {
282     $result_set["return"]["code"] = -2;
283     $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
284    
285     mysqli_close($db_conn);
286     exit(json_encode($result_set));
287     }
288    
289     mysqli_close($db_conn);
290     exit(json_encode($result_set));
291     ?>
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1