fenglin/bbs/upload_service_del.php

<?php
        require_once "../lib/db_open.inc.php";
        require_once "./session_init.inc.php";

        $data = json_decode(file_get_contents("php://input"), true);

        $aid = (isset($data["aid"]) ? intval($data["aid"]) : 0);

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        if (!isset($_SESSION["BBS_uid"]) || $_SESSION["BBS_uid"] == 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有登录";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Begin transaction
        $rs = mysqli_query($db_conn, "SET autocommit=0");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }
        
        $rs = mysqli_query($db_conn, "BEGIN");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Check privilege
        $sql = "SELECT upload_file.UID, bbs.SID, bbs.excerption FROM upload_file
                        LEFT JOIN bbs ON upload_file.ref_AID = bbs.AID
                        WHERE upload_file.AID = $aid AND deleted = 0";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query upload_file error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if ($row = mysqli_fetch_array($rs))
        {
                $uid = $row["UID"];
                $sid = ($row["SID"] != null ? $row["SID"] : 0);
                $excerption = ($row["excerption"] != null ? $row["excerption"] : 0);
        }
        else
        {
                $result_set["return"]["code"] = 1;
                $result_set["return"]["message"] = "附件不存在";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }
        mysqli_free_result($rs);

        if (!($_SESSION["BBS_priv"]->checkpriv($sid, S_POST) && 
                ($_SESSION["BBS_priv"]->checkpriv($sid, S_MAN_S) || $_SESSION["BBS_uid"] == $uid)
                && (!$excerption)))
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有权限";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $sql = "UPDATE upload_file SET deleted = 1 WHERE AID = $aid";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Update data error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Commit transaction
        $rs = mysqli_query($db_conn, "COMMIT");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
?>
1	sysadm	1.1	<?php
2			require_once "../lib/db_open.inc.php";
3			require_once "./session_init.inc.php";
4
5			$data = json_decode(file_get_contents("php://input"), true);
6
7			$aid = (isset($data["aid"]) ? intval($data["aid"]) : 0);
8
9			$result_set = array(
10			"return" => array(
11			"code" => 0,
12			"message" => "",
13			"errorFields" => array(),
14			)
15			);
16
17			header("Content-Type:application/json; charset=utf-8");
18
19			if (!isset($_SESSION["BBS_uid"]) \|\| $_SESSION["BBS_uid"] == 0)
20			{
21			$result_set["return"]["code"] = -1;
22			$result_set["return"]["message"] = "没有登录";
23
24			mysqli_close($db_conn);
25			exit(json_encode($result_set));
26			}
27
28			// Begin transaction
29			$rs = mysqli_query($db_conn, "SET autocommit=0");
30			if ($rs == false)
31			{
32			$result_set["return"]["code"] = -2;
33			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
34
35			mysqli_close($db_conn);
36			exit(json_encode($result_set));
37			}
38
39			$rs = mysqli_query($db_conn, "BEGIN");
40			if ($rs == false)
41			{
42			$result_set["return"]["code"] = -2;
43			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
44
45			mysqli_close($db_conn);
46			exit(json_encode($result_set));
47			}
48
49			// Check privilege
50			$sql = "SELECT upload_file.UID, bbs.SID, bbs.excerption FROM upload_file
51			LEFT JOIN bbs ON upload_file.ref_AID = bbs.AID
52			WHERE upload_file.AID = $aid AND deleted = 0";
53
54			$rs = mysqli_query($db_conn, $sql);
55			if ($rs == false)
56			{
57			$result_set["return"]["code"] = -2;
58			$result_set["return"]["message"] = "Query upload_file error: " . mysqli_error($db_conn);
59
60			mysqli_close($db_conn);
61			exit(json_encode($result_set));
62			}
63
64			if ($row = mysqli_fetch_array($rs))
65			{
66			$uid = $row["UID"];
67			$sid = ($row["SID"] != null ? $row["SID"] : 0);
68			$excerption = ($row["excerption"] != null ? $row["excerption"] : 0);
69			}
70			else
71			{
72			$result_set["return"]["code"] = 1;
73			$result_set["return"]["message"] = "附件不存在";
74
75			mysqli_close($db_conn);
76			exit(json_encode($result_set));
77			}
78			mysqli_free_result($rs);
79
80			if (!($_SESSION["BBS_priv"]->checkpriv($sid, S_POST) &&
81			($_SESSION["BBS_priv"]->checkpriv($sid, S_MAN_S) \|\| $_SESSION["BBS_uid"] == $uid)
82			&& (!$excerption)))
83			{
84			$result_set["return"]["code"] = -1;
85			$result_set["return"]["message"] = "没有权限";
86
87			mysqli_close($db_conn);
88			exit(json_encode($result_set));
89			}
90
91			$sql = "UPDATE upload_file SET deleted = 1 WHERE AID = $aid";
92
93			$rs = mysqli_query($db_conn, $sql);
94			if ($rs == false)
95			{
96			$result_set["return"]["code"] = -2;
97			$result_set["return"]["message"] = "Update data error: " . mysqli_error($db_conn);
98
99			mysqli_close($db_conn);
100			exit(json_encode($result_set));
101			}
102
103			// Commit transaction
104			$rs = mysqli_query($db_conn, "COMMIT");
105			if ($rs == false)
106			{
107			$result_set["return"]["code"] = -2;
108			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
109
110			mysqli_close($db_conn);
111			exit(json_encode($result_set));
112			}
113
114			mysqli_close($db_conn);
115			exit(json_encode($result_set));
116			?>
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1