fenglin/bbs/section_setting_service.php

<?
        require_once "../lib/db_open.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "./session_init.inc.php";
        require_once "./check_sub.inc.php";

        $data = json_decode(file_get_contents("php://input"), true);

        $sid = (isset($data["sid"]) ? intval($data["sid"]) : 0);
        $comment = (isset($data["comment"]) ? $data["comment"] : "");
        $announcement = (isset($data["announcement"]) ? $data["announcement"] : "");
        $ex_update = (isset($data["ex_update"]) && $data["ex_update"] == "1" ? 1 : 0);
        
        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if (!$_SESSION["BBS_priv"]->checkpriv($sid, S_POST | S_MAN_S))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "prompt",
                        "errMsg" => "没有权限",
                ));

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $r_comment = check_badwords(split_line($comment, "", 80, 3), "****");
        if ($comment != $r_comment)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "comment",
                        "errMsg" => "不符合要求",
                        "updateValue" => $r_comment,
                ));
        }

        $r_announcement = check_badwords(split_line($announcement, "", 80, 3), "****");
        if ($announcement != $r_announcement)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "announcement",
                        "errMsg" => "不符合要求",
                        "updateValue" => $r_announcement,
                ));
        }

        if ($result_set["return"]["code"] != 0)
        {
                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Secure SQL statement
        $comment = mysqli_real_escape_string($db_conn, $comment);
        $announcement = mysqli_real_escape_string($db_conn, $announcement);

        $sql = "UPDATE section_config SET comment = '$comment',
                        announcement = '$announcement', ex_update = $ex_update,
                        set_UID = " . $_SESSION["BBS_uid"] . ", set_dt = NOW(), set_ip='" .
                        client_addr() ."' WHERE SID = $sid AND enable";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Update section data error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
?>
1	<?
2	require_once "../lib/db_open.inc.php";
3	require_once "../lib/str_process.inc.php";
4	require_once "./session_init.inc.php";
5	require_once "./check_sub.inc.php";
6
7	$data = json_decode(file_get_contents("php://input"), true);
8
9	$sid = (isset($data["sid"]) ? intval($data["sid"]) : 0);
10	$comment = (isset($data["comment"]) ? $data["comment"] : "");
11	$announcement = (isset($data["announcement"]) ? $data["announcement"] : "");
12	$ex_update = (isset($data["ex_update"]) && $data["ex_update"] == "1" ? 1 : 0);
13
14	$result_set = array(
15	"return" => array(
16	"code" => 0,
17	"message" => "",
18	"errorFields" => array(),
19	)
20	);
21
22	header("Content-Type:application/json; charset=utf-8");
23
24	// Validate input data
25	if (!$_SESSION["BBS_priv"]->checkpriv($sid, S_POST \| S_MAN_S))
26	{
27	$result_set["return"]["code"] = -1;
28	array_push($result_set["return"]["errorFields"], array(
29	"id" => "prompt",
30	"errMsg" => "没有权限",
31	));
32
33	mysqli_close($db_conn);
34	exit(json_encode($result_set));
35	}
36
37	$r_comment = check_badwords(split_line($comment, "", 80, 3), "****");
38	if ($comment != $r_comment)
39	{
40	$result_set["return"]["code"] = -1;
41	array_push($result_set["return"]["errorFields"], array(
42	"id" => "comment",
43	"errMsg" => "不符合要求",
44	"updateValue" => $r_comment,
45	));
46	}
47
48	$r_announcement = check_badwords(split_line($announcement, "", 80, 3), "****");
49	if ($announcement != $r_announcement)
50	{
51	$result_set["return"]["code"] = -1;
52	array_push($result_set["return"]["errorFields"], array(
53	"id" => "announcement",
54	"errMsg" => "不符合要求",
55	"updateValue" => $r_announcement,
56	));
57	}
58
59	if ($result_set["return"]["code"] != 0)
60	{
61	mysqli_close($db_conn);
62	exit(json_encode($result_set));
63	}
64
65	// Secure SQL statement
66	$comment = mysqli_real_escape_string($db_conn, $comment);
67	$announcement = mysqli_real_escape_string($db_conn, $announcement);
68
69	$sql = "UPDATE section_config SET comment = '$comment',
70	announcement = '$announcement', ex_update = $ex_update,
71	set_UID = " . $_SESSION["BBS_uid"] . ", set_dt = NOW(), set_ip='" .
72	client_addr() ."' WHERE SID = $sid AND enable";
73
74	$rs = mysqli_query($db_conn, $sql);
75	if ($rs == false)
76	{
77	$result_set["return"]["code"] = -2;
78	$result_set["return"]["message"] = "Update section data error: " . mysqli_error($db_conn);
79
80	mysqli_close($db_conn);
81	exit(json_encode($result_set));
82	}
83
84	mysqli_close($db_conn);
85	exit(json_encode($result_set));
86	?>
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1