xiuno_plugin/z_ayou/overwrite/route/post.php

<?php

!defined('DEBUG') AND exit('Access Denied.');

include APP_PATH.'xiunophp/xn_html_safe.func.php';

$action = param(1);

user_login_check();

// hook post_start.php

if($action == 'create') {
	
	$tid = param(2);
	$quick = param(3);
	$quotepid = param(4);
		
	$thread = thread_read($tid);
	empty($thread) AND message(-1, lang('thread_not_exists'));
	
	$fid = $thread['fid'];
	
	$forum = forum_read($fid);
	empty($forum) AND message(-1, lang('forum_not_exists'));
	
	$r = forum_access_user($fid, $gid, 'allowpost');
	if(!$r) {
		message(-1, lang('user_group_insufficient_privilege'));
	}
	
	($thread['closed'] && ($gid == 0 || $gid > 5)) AND message(-1, lang('thread_has_already_closed'));
	
	// hook post_get_post.php
	
	if($method == 'GET') {
		
		// hook post_get_start.php
		
		$header['title'] = lang('post_create');
		$header['mobile_title'] = lang('post_create');
		$header['mobile_link'] = url("thread-$tid");

		include _include(APP_PATH.'view/htm/post.htm');
		
	} else {
		// hook post_post_start.php		
		$message = param('message', '', FALSE);
		empty($message) AND message('message', lang('please_input_message'));
		
		$doctype = param('doctype', 0);
		xn_strlen($message) > 2028000 AND message('message', lang('message_too_long'));
		
		$thread['top'] > 0 AND thread_top_cache_delete();
		
		$quotepid = param('quotepid', 0);
		$quotepost = post__read($quotepid);
		(!$quotepost || $quotepost['tid'] != $tid) AND $quotepid = 0;
		
		$post = array(
			'tid'=>$tid,
			'uid'=>$uid,
			'create_date'=>$time,
			'userip'=>$longip,
			'isfirst'=>0,
			'doctype'=>$doctype,
			'quotepid'=>$quotepid,
			'message'=>$message,
		);
		$pid = post_create($post, $fid, $gid);
		empty($pid) AND message(-1, lang('create_post_failed'));
		
		// thread_top_create($fid, $tid);

		$post = post_read($pid);
		$post['floor'] = $thread['posts'] + 1;
		$postlist = array($post);
		
		$allowpost = forum_access_user($fid, $gid, 'allowpost');
		$allowupdate = forum_access_mod($fid, $gid, 'allowupdate');
		$allowdelete = forum_access_mod($fid, $gid, 'allowdelete');
		
		// hook post_post_end.php
		
		// 直接返回帖子的 html
		// return the html string to browser.
		$return_html = param('return_html', 0);
		if($return_html) {
			$filelist = array();
			ob_start();
			include _include(APP_PATH.'view/htm/post_list.inc.htm');
			$s = ob_get_clean();
						
			message(0, $s);
		} else {
			message(0, lang('create_post_sucessfully'));
		}
	
	}
	
} elseif($action == 'update') {

	$pid = param(2);
	$post = post_read($pid);
	empty($post) AND message(-1, lang('post_not_exists:'));
	
	$tid = $post['tid'];
	$thread = thread_read($tid);
	empty($thread) AND message(-1, lang('thread_not_exists:'));
	
	$fid = $thread['fid'];
	$forum = forum_read($fid);
	empty($forum) AND message(-1, lang('forum_not_exists:'));
	
	$isfirst = $post['isfirst'];
	
	!forum_access_user($fid, $gid, 'allowpost') AND message(-1, lang('user_group_insufficient_privilege'));
	$allowupdate = forum_access_mod($fid, $gid, 'allowupdate');
	!$allowupdate AND !$post['allowupdate'] AND message(-1, lang('have_no_privilege_to_update'));
	!$allowupdate AND $thread['closed'] AND message(-1, lang('thread_has_already_closed'));
	
	// hook post_update_get_post.php
	
	if($method == 'GET') {
		
		// hook post_update_get_start.php
		
		$forumlist_allowthread = forum_list_access_filter($forumlist, $gid, 'allowthread');
		$forumarr = xn_json_encode(arrlist_key_values($forumlist_allowthread, 'fid', 'name'));
		
		// 如果为数据库减肥，则 message 可能会被设置为空。
		// if lost weight for the database, set the message field empty.
		$post['message'] = htmlspecialchars($post['message'] ? $post['message'] : $post['message_fmt']);
		
		$attachlist = $imagelist = $filelist = array();
		if($post['files']) {
			list($attachlist, $imagelist, $filelist) = attach_find_by_pid($pid);
		}
		
		// hook post_update_get_end.php
		
		include _include(APP_PATH.'view/htm/post.htm');
		
	} elseif($method == 'POST') {
		
		$subject = htmlspecialchars(param('subject', '', FALSE));
		$message = param('message', '', FALSE);
		$doctype = param('doctype', 0);
		// hook post_update_post_start.php
		
		empty($message) AND message('message', lang('please_input_message'));
		mb_strlen($message, 'UTF-8') > 2048000 AND message('message', lang('message_too_long'));
		
		$arr = array();
		if($isfirst) {
			$newfid = param('fid');
			$forum = forum_read($newfid);
			empty($forum) AND message('fid', lang('forum_not_exists:'));
			
			if($fid != $newfid) {
				!forum_access_user($fid, $gid, 'allowthread') AND message(-1, lang('user_group_insufficient_privilege'));
				$post['uid'] != $uid AND !forum_access_mod($fid, $gid, 'allowupdate') AND message(-1, lang('user_group_insufficient_privilege'));
				$arr['fid'] = $newfid;
			}
			if($subject != $thread['subject']) {
				mb_strlen($subject, 'UTF-8') > 80 AND message('subject', lang('subject_max_length', array('max'=>80)));
				$arr['subject'] = $subject;
			}
			$arr AND thread_update($tid, $arr) === FALSE AND message(-1, lang('update_thread_failed'));
		}
		//幻: 追加属性数组,似乎需要Re本页
		$r = post_update($pid, array('doctype'=>$doctype, 'message'=>$message, 'pa'=>$pa, 'pb'=>$pb, 'pc'=>$pc, 'pd'=>$pd, 'pe'=>$pe, 'pf'=>$pf, 'pg'=>$pg, 'ph'=>$ph, 'pi'=>$pi, 'pj'=>$pj));
		$r === FALSE AND message(-1, lang('update_post_failed'));
		// hook post_update_post_end.php
		
		message(0, lang('update_successfully'));
		//message(0, array('pid'=>$pid, 'subject'=>$subject, 'message'=>$message));
	}
	
} elseif($action == 'delete') {

	$pid = param(2, 0);
	
	// hook post_delete_start.php
	
	if($method != 'POST') message(-1, lang('method_error'));
	
	$post = post_read($pid);
	empty($post) AND message(-1, lang('post_not_exists'));
	
	$tid = $post['tid'];
	$thread = thread_read($tid);
	empty($thread) AND message(-1, lang('thread_not_exists'));
	
	$fid = $thread['fid'];
	$forum = forum_read($fid);
	empty($forum) AND message(-1, lang('forum_not_exists'));
	
	$isfirst = $post['isfirst'];
	
	!forum_access_user($fid, $gid, 'allowpost') AND message(-1, lang('user_group_insufficient_privilege'));
	$allowdelete = forum_access_mod($fid, $gid, 'allowdelete');
	!$allowdelete AND !$post['allowdelete'] AND message(-1, lang('insufficient_delete_privilege'));
	!$allowdelete AND $thread['closed'] AND message(-1, lang('thread_has_already_closed'));
	
	// hook post_delete_middle.php

	if($isfirst) {
		thread_delete($tid);
	} else {
		post_delete($pid);
		//post_list_cache_delete($tid);
	}
	
	// hook post_delete_end.php
	
	message(0, lang('delete_successfully'));

}

// hook post_end.php

?>
Add files via upload 2018-11-15 17:35:36 +08:00			`<?php`

			`!defined('DEBUG') AND exit('Access Denied.');`

			`include APP_PATH.'xiunophp/xn_html_safe.func.php';`

			`$action = param(1);`

			`user_login_check();`

			`// hook post_start.php`

			`if($action == 'create') {`

			`$tid = param(2);`
			`$quick = param(3);`
			`$quotepid = param(4);`

			`$thread = thread_read($tid);`
			`empty($thread) AND message(-1, lang('thread_not_exists'));`

			`$fid = $thread['fid'];`

			`$forum = forum_read($fid);`
			`empty($forum) AND message(-1, lang('forum_not_exists'));`

			`$r = forum_access_user($fid, $gid, 'allowpost');`
			`if(!$r) {`
			`message(-1, lang('user_group_insufficient_privilege'));`
			`}`

			`($thread['closed'] && ($gid == 0 \|\| $gid > 5)) AND message(-1, lang('thread_has_already_closed'));`

			`// hook post_get_post.php`

			`if($method == 'GET') {`

			`// hook post_get_start.php`

			`$header['title'] = lang('post_create');`
			`$header['mobile_title'] = lang('post_create');`
			`$header['mobile_link'] = url("thread-$tid");`

			`include _include(APP_PATH.'view/htm/post.htm');`

			`} else {`
			`// hook post_post_start.php`
			`$message = param('message', '', FALSE);`
			`empty($message) AND message('message', lang('please_input_message'));`

			`$doctype = param('doctype', 0);`
			`xn_strlen($message) > 2028000 AND message('message', lang('message_too_long'));`

			`$thread['top'] > 0 AND thread_top_cache_delete();`

			`$quotepid = param('quotepid', 0);`
			`$quotepost = post__read($quotepid);`
			`(!$quotepost \|\| $quotepost['tid'] != $tid) AND $quotepid = 0;`

			`$post = array(`
			`'tid'=>$tid,`
			`'uid'=>$uid,`
			`'create_date'=>$time,`
			`'userip'=>$longip,`
			`'isfirst'=>0,`
			`'doctype'=>$doctype,`
			`'quotepid'=>$quotepid,`
			`'message'=>$message,`
			`);`
			`$pid = post_create($post, $fid, $gid);`
			`empty($pid) AND message(-1, lang('create_post_failed'));`

			`// thread_top_create($fid, $tid);`

			`$post = post_read($pid);`
			`$post['floor'] = $thread['posts'] + 1;`
			`$postlist = array($post);`

			`$allowpost = forum_access_user($fid, $gid, 'allowpost');`
			`$allowupdate = forum_access_mod($fid, $gid, 'allowupdate');`
			`$allowdelete = forum_access_mod($fid, $gid, 'allowdelete');`

			`// hook post_post_end.php`

			`// 直接返回帖子的 html`
			`// return the html string to browser.`
			`$return_html = param('return_html', 0);`
			`if($return_html) {`
			`$filelist = array();`
			`ob_start();`
			`include _include(APP_PATH.'view/htm/post_list.inc.htm');`
			`$s = ob_get_clean();`

			`message(0, $s);`
			`} else {`
			`message(0, lang('create_post_sucessfully'));`
			`}`

			`}`

			`} elseif($action == 'update') {`

			`$pid = param(2);`
			`$post = post_read($pid);`
			`empty($post) AND message(-1, lang('post_not_exists:'));`

			`$tid = $post['tid'];`
			`$thread = thread_read($tid);`
			`empty($thread) AND message(-1, lang('thread_not_exists:'));`

			`$fid = $thread['fid'];`
			`$forum = forum_read($fid);`
			`empty($forum) AND message(-1, lang('forum_not_exists:'));`

			`$isfirst = $post['isfirst'];`

			`!forum_access_user($fid, $gid, 'allowpost') AND message(-1, lang('user_group_insufficient_privilege'));`
			`$allowupdate = forum_access_mod($fid, $gid, 'allowupdate');`
			`!$allowupdate AND !$post['allowupdate'] AND message(-1, lang('have_no_privilege_to_update'));`
			`!$allowupdate AND $thread['closed'] AND message(-1, lang('thread_has_already_closed'));`

			`// hook post_update_get_post.php`

			`if($method == 'GET') {`

			`// hook post_update_get_start.php`

			`$forumlist_allowthread = forum_list_access_filter($forumlist, $gid, 'allowthread');`
			`$forumarr = xn_json_encode(arrlist_key_values($forumlist_allowthread, 'fid', 'name'));`

			`// 如果为数据库减肥，则 message 可能会被设置为空。`
			`// if lost weight for the database, set the message field empty.`
			`$post['message'] = htmlspecialchars($post['message'] ? $post['message'] : $post['message_fmt']);`

			`$attachlist = $imagelist = $filelist = array();`
			`if($post['files']) {`
			`list($attachlist, $imagelist, $filelist) = attach_find_by_pid($pid);`
			`}`

			`// hook post_update_get_end.php`

			`include _include(APP_PATH.'view/htm/post.htm');`

			`} elseif($method == 'POST') {`

			`$subject = htmlspecialchars(param('subject', '', FALSE));`
			`$message = param('message', '', FALSE);`
			`$doctype = param('doctype', 0);`
			`// hook post_update_post_start.php`

			`empty($message) AND message('message', lang('please_input_message'));`
			`mb_strlen($message, 'UTF-8') > 2048000 AND message('message', lang('message_too_long'));`

			`$arr = array();`
			`if($isfirst) {`
			`$newfid = param('fid');`
			`$forum = forum_read($newfid);`
			`empty($forum) AND message('fid', lang('forum_not_exists:'));`

			`if($fid != $newfid) {`
			`!forum_access_user($fid, $gid, 'allowthread') AND message(-1, lang('user_group_insufficient_privilege'));`
			`$post['uid'] != $uid AND !forum_access_mod($fid, $gid, 'allowupdate') AND message(-1, lang('user_group_insufficient_privilege'));`
			`$arr['fid'] = $newfid;`
			`}`
			`if($subject != $thread['subject']) {`
			`mb_strlen($subject, 'UTF-8') > 80 AND message('subject', lang('subject_max_length', array('max'=>80)));`
			`$arr['subject'] = $subject;`
			`}`
			`$arr AND thread_update($tid, $arr) === FALSE AND message(-1, lang('update_thread_failed'));`
			`}`
			`//幻: 追加属性数组,似乎需要Re本页`
			`$r = post_update($pid, array('doctype'=>$doctype, 'message'=>$message, 'pa'=>$pa, 'pb'=>$pb, 'pc'=>$pc, 'pd'=>$pd, 'pe'=>$pe, 'pf'=>$pf, 'pg'=>$pg, 'ph'=>$ph, 'pi'=>$pi, 'pj'=>$pj));`
			`$r === FALSE AND message(-1, lang('update_post_failed'));`
			`// hook post_update_post_end.php`

			`message(0, lang('update_successfully'));`
			`//message(0, array('pid'=>$pid, 'subject'=>$subject, 'message'=>$message));`
			`}`

			`} elseif($action == 'delete') {`

			`$pid = param(2, 0);`

			`// hook post_delete_start.php`

			`if($method != 'POST') message(-1, lang('method_error'));`

			`$post = post_read($pid);`
			`empty($post) AND message(-1, lang('post_not_exists'));`

			`$tid = $post['tid'];`
			`$thread = thread_read($tid);`
			`empty($thread) AND message(-1, lang('thread_not_exists'));`

			`$fid = $thread['fid'];`
			`$forum = forum_read($fid);`
			`empty($forum) AND message(-1, lang('forum_not_exists'));`

			`$isfirst = $post['isfirst'];`

			`!forum_access_user($fid, $gid, 'allowpost') AND message(-1, lang('user_group_insufficient_privilege'));`
			`$allowdelete = forum_access_mod($fid, $gid, 'allowdelete');`
			`!$allowdelete AND !$post['allowdelete'] AND message(-1, lang('insufficient_delete_privilege'));`
			`!$allowdelete AND $thread['closed'] AND message(-1, lang('thread_has_already_closed'));`

			`// hook post_delete_middle.php`

			`if($isfirst) {`
			`thread_delete($tid);`
			`} else {`
			`post_delete($pid);`
			`//post_list_cache_delete($tid);`
			`}`

			`// hook post_delete_end.php`

			`message(0, lang('delete_successfully'));`

			`}`

			`// hook post_end.php`

			`?>`