fenglin/bbs/section_setting_service.php

<?
        require_once "../lib/db_open.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "./session_init.inc.php";
        require_once "./check_sub.inc.php";

        $data = json_decode(file_get_contents("php://input"), true);

        $sid = (isset($data["sid"]) ? intval($data["sid"]) : 0);
        $comment = (isset($data["comment"]) ? $data["comment"] : "");
        $announcement = (isset($data["announcement"]) ? $data["announcement"] : "");
        $ex_update = (isset($data["ex_update"]) && $data["ex_update"] == "1");
        
        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if (!$_SESSION["BBS_priv"]->checkpriv($sid, S_POST | S_MAN_S))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "prompt",
                        "errMsg" => "没有权限",
                ));

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $r_comment = check_badwords(split_line($comment, "", 80, 3), "****");
        if ($comment != $r_comment)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "comment",
                        "errMsg" => "不符合要求",
                        "updateValue" => $r_comment,
                ));
        }

        $r_announcement = check_badwords(split_line($announcement, "", 80, 3), "****");
        if ($announcement != $r_announcement)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "announcement",
                        "errMsg" => "不符合要求",
                        "updateValue" => $r_announcement,
                ));
        }

        if ($result_set["return"]["code"] != 0)
        {
                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Secure SQL statement
        $comment = mysqli_real_escape_string($db_conn, $comment);
        $announcement = mysqli_real_escape_string($db_conn, $announcement);

        $sql = "UPDATE section_config SET comment = '$comment',
                        announcement = '$announcement', ex_update = $ex_update,
                        set_UID = " . $_SESSION["BBS_uid"] . ", set_dt = NOW(), set_ip='" .
                        client_addr() ."' WHERE SID = $sid AND enable";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Update section data error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
?>
1	sysadm	1.1	<?
2			require_once "../lib/db_open.inc.php";
3			require_once "../lib/str_process.inc.php";
4			require_once "./session_init.inc.php";
5			require_once "./check_sub.inc.php";
6
7			$data = json_decode(file_get_contents("php://input"), true);
8
9			$sid = (isset($data["sid"]) ? intval($data["sid"]) : 0);
10			$comment = (isset($data["comment"]) ? $data["comment"] : "");
11			$announcement = (isset($data["announcement"]) ? $data["announcement"] : "");
12			$ex_update = (isset($data["ex_update"]) && $data["ex_update"] == "1");
13
14			$result_set = array(
15			"return" => array(
16			"code" => 0,
17			"message" => "",
18			"errorFields" => array(),
19			)
20			);
21
22			header("Content-Type:application/json; charset=utf-8");
23
24			// Validate input data
25			if (!$_SESSION["BBS_priv"]->checkpriv($sid, S_POST \| S_MAN_S))
26			{
27			$result_set["return"]["code"] = -1;
28			array_push($result_set["return"]["errorFields"], array(
29			"id" => "prompt",
30			"errMsg" => "没有权限",
31			));
32
33			mysqli_close($db_conn);
34			exit(json_encode($result_set));
35			}
36
37			$r_comment = check_badwords(split_line($comment, "", 80, 3), "****");
38			if ($comment != $r_comment)
39			{
40			$result_set["return"]["code"] = -1;
41			array_push($result_set["return"]["errorFields"], array(
42			"id" => "comment",
43			"errMsg" => "不符合要求",
44			"updateValue" => $r_comment,
45			));
46			}
47
48			$r_announcement = check_badwords(split_line($announcement, "", 80, 3), "****");
49			if ($announcement != $r_announcement)
50			{
51			$result_set["return"]["code"] = -1;
52			array_push($result_set["return"]["errorFields"], array(
53			"id" => "announcement",
54			"errMsg" => "不符合要求",
55			"updateValue" => $r_announcement,
56			));
57			}
58
59			if ($result_set["return"]["code"] != 0)
60			{
61			mysqli_close($db_conn);
62			exit(json_encode($result_set));
63			}
64
65			// Secure SQL statement
66			$comment = mysqli_real_escape_string($db_conn, $comment);
67			$announcement = mysqli_real_escape_string($db_conn, $announcement);
68
69			$sql = "UPDATE section_config SET comment = '$comment',
70			announcement = '$announcement', ex_update = $ex_update,
71			set_UID = " . $_SESSION["BBS_uid"] . ", set_dt = NOW(), set_ip='" .
72			client_addr() ."' WHERE SID = $sid AND enable";
73
74			$rs = mysqli_query($db_conn, $sql);
75			if ($rs == false)
76			{
77			$result_set["return"]["code"] = -2;
78			$result_set["return"]["message"] = "Update section data error: " . mysqli_error($db_conn);
79
80			mysqli_close($db_conn);
81			exit(json_encode($result_set));
82			}
83
84			mysqli_close($db_conn);
85			exit(json_encode($result_set));
86			?>
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1