登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 3 Fork 2

mojie126 / HDCN-PT

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
comment.php 15.17 KB
一键复制 编辑 原始数据 按行查看 历史
mojie126 提交于 2014-12-23 12:59 . 修复“等待”和“连接数”系统并在“答疑”中增加规则说明
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325
<?php



require_once("include/bittorrent.php");

dbconn();

require_once(get_langfile_path());

require(get_langfile_path("", true));



$action = htmlspecialchars($_GET["action"]);

$sub = htmlspecialchars($_GET["sub"]);

$type = htmlspecialchars($_GET["type"]);



loggedinorreturn();

parked();



function check_comment_type($type) {

	if ($type != "torrent" && $type != "request" && $type != "offer")

		stderr($lang_comment['std_error'], $lang_comment['std_error']);

}



check_comment_type($type);



if ($action == "add") {



	if ($_SERVER["REQUEST_METHOD"] == "POST") {

		// Anti Flood Code

		// This code ensures that a member can only send one comment per minute.

		if (get_user_class() < $commanage_class) {

			if (strtotime($CURUSER['last_comment']) > (TIMENOW - 10)) {

				$secs = 10 - (TIMENOW - strtotime($CURUSER['last_comment']));

				stderr($lang_comment['std_error'], $lang_comment['std_comment_flooding_denied'] . "$secs" . $lang_comment['std_before_posting_another']);

			}

		}



		$parent_id = 0 + $_POST["pid"];

		int_check($parent_id, true);



		if ($type == "torrent")

			$res = sql_query("SELECT name, owner FROM torrents WHERE id = $parent_id") or sqlerr(__FILE__, __LINE__);

		else if ($type == "offer")

			$res = sql_query("SELECT name, userid as owner FROM offers WHERE id = $parent_id") or sqlerr(__FILE__, __LINE__);

		else if ($type == "request")

			$res = sql_query("SELECT req.name as name, userid as owner FROM req WHERE id = $parent_id") or sqlerr(__FILE__, __LINE__);



		$arr = mysql_fetch_array($res);

		if (!$arr)

			stderr($lang_comment['std_error'], $lang_comment['std_no_torrent_id']);



		$text = trim($_POST["body"]);

		//引用多层处理

		if (isset($_POST["quotenum"]) && $_POST["quotenum"] != "")

			$text = quote_sub($text);

		if (!$text)

			stderr($lang_comment['std_error'], $lang_comment['std_comment_body_empty']);



		if ($type == "torrent") {

			sql_query("INSERT INTO comments (user, torrent, added, text, ori_text) VALUES (" . $CURUSER["id"] . ", $parent_id, '" . date("Y-m-d H:i:s") . "', " . sqlesc($text) . ", " . sqlesc($text) . ")");

			//引用回复提醒

			$postid = mysql_insert_id();

			$quotenum = 0 + $_POST['quotenum'];

			$respost = sql_query("SELECT owner, name FROM torrents WHERE id = $parent_id") or sqlerr(__FILE__, __LINE__);

			$arrpost = mysql_fetch_array($respost);

			if ($quotenum > 0 && $quotenum <= 10) {

				preg_match_all('/\[quote=(.*?)\](.*?)/', $text, $username);

				for ($i = 0; $i < $quotenum; $i++) {

					if ($username[1][$i] != "" && $username[1][$i] != $CURUSER['username']) {

						$postuserid = get_user_id_from_name($username[1][$i]);

						if ($postuserid != $arrpost[0]) {

							$postmsg = "有用户在种子[url=details.php?id=$parent_id&cmtpage=1#cid$postid]{$arrpost[1]}[/url]中引用了你的评论";

							sql_query("INSERT INTO messages (sender, receiver, added, subject, msg, unread, location, saved, goto) VALUES ('0', " . $postuserid . ", now(), '种子中有人引用您的回复', " . sqlesc($postmsg) . ", 'yes', '1', 'no', 1)") or sqlerr(__FILE__, __LINE__);

						}

					}

				}

			}

			//引用回复提醒结束,@提醒

			$titles = "[url=details.php?id=$parent_id&cmtpage=1#cid$postid]{$arrpost[1]} [/url]";

			at_user_message($text, $titles, '');

			//@jieshu

			$Cache->delete_value('torrent_' . $parent_id . '_last_comment_content');

		} elseif ($type == "offer") {

			sql_query("INSERT INTO comments (user, offer, added, text, ori_text) VALUES (" . $CURUSER["id"] . ",$parent_id, '" . date("Y-m-d H:i:s") . "', " . sqlesc($text) . "," . sqlesc($text) . ")");

			$Cache->delete_value('offer_' . $parent_id . '_last_comment_content');

		} elseif ($type == "request") {

			sql_query("INSERT INTO comments (user, request, added, text, ori_text) VALUES (" . $CURUSER["id"] . ",$parent_id, '" . date("Y-m-d H:i:s") . "', " . sqlesc($text) . "," . sqlesc($text) . ")");

			//引用回复提醒

			$postid = mysql_insert_id();

			$quotenum = 0 + $_POST['quotenum'];

			$respost = sql_query("SELECT userid,name FROM req WHERE id = $parent_id") or sqlerr(__FILE__, __LINE__);

			$arrpost = mysql_fetch_array($respost);

			if ($quotenum > 0 && $quotenum <= 10) {

				preg_match_all('/\[quote=(.*?)\](.*?)/', $text, $username);

				for ($i = 0; $i < $quotenum; $i++) {

					if ($username[1][$i] != "" && $username[1][$i] != $CURUSER['username']) {

						$postuserid = get_user_id_from_name($username[1][$i]);

						if ($postuserid != $arrpost[0]) {

							$postmsg = "有用户在求种[url=viewrequest.php?action=view&id=$parent_id&cmtpage=1#cid$postid]{$arrpost[1]}[/url]中引用了你的回复";

							sql_query("INSERT INTO messages (sender, receiver, added, subject, msg, unread, location, saved,goto) VALUES ('0', " . $postuserid . ", now(), '求种中有人引用您的回复','" . $postmsg . "','yes','1','no',1) ") or sqlerr(__FILE__, __LINE__);

						}

					}

				}

			}

			//引用回复提醒结束,@提醒

			$titles = "[url=viewrequest.php?action=view&id=$parent_id&cmtpage=1#cid$postid]" . sqlesc($arrpost[1]) . "[/url]";

			at_user_message($text, $titles, 'topic');

			//@jieshu

		}



		//$newid = mysql_insert_id();



		if ($type == "torrent")

			sql_query("UPDATE torrents SET comments = comments + 1 WHERE id = $parent_id");

		else if ($type == "offer")

			sql_query("UPDATE offers SET comments = comments + 1 WHERE id = $parent_id");

		else if ($type == "request")

			sql_query("UPDATE req SET comments = comments + 1 WHERE id = $parent_id");



		$ras = sql_query("SELECT commentpm FROM users WHERE id = $arr[owner]") or sqlerr(__FILE__, __LINE__);

		$arg = mysql_fetch_array($ras);



		if ($arg["commentpm"] == 'yes' && $CURUSER['id'] != $arr["owner"]) {

			$added = sqlesc(date("Y-m-d H:i:s"));

			$subject = sqlesc($lang_comment_target[get_user_lang($arr["owner"])]['msg_new_comment']);

			if ($type == "torrent")

				$notifs = sqlesc($lang_comment_target[get_user_lang($arr["owner"])]['msg_torrent_receive_comment'] . " [url=" . get_protocol_prefix() . "$BASEURL/details.php?id=$parent_id#startcomments] " . $arr['name'] . "[/url]");

			if ($type == "offer")

				$notifs = sqlesc($lang_comment_target[get_user_lang($arr["owner"])]['msg_torrent_receive_comment'] . " [url=" . get_protocol_prefix() . "$BASEURL/offers.php?id=$parent_id&off_details=1] " . $arr['name'] . "[/url]");

			if ($type == "request")

				$notifs = sqlesc("你的求种 [url=" . get_protocol_prefix() . "$BASEURL/viewrequest.php?action=view&id=$parent_id#cid$postid] 收到了新评论" . $arr['name'] . "[/url]");



			sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, " . $arr['owner'] . ", $subject, $notifs, $added)") or sqlerr(__FILE__, __LINE__);

			$Cache->delete_value('user_' . $arr['owner'] . '_unread_message_count');

			$Cache->delete_value('user_' . $arr['owner'] . '_inbox_count');

		}



		KPS("+", $addcomment_bonus, $CURUSER["id"]);



		// Update Last comment sent...

		sql_query("UPDATE users SET last_comment = NOW() WHERE id = " . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);



		if ($type == "torrent")

			header("Refresh: 0; url=details.php?id=$parent_id#cid$postid");

		else if ($type == "offer")

			header("Refresh: 0; url=offers.php?id=$parent_id&off_details=1#cid$postid");

		else if ($type == "request")

			header("Refresh: 0; url=viewrequest.php?action=view&id=$parent_id#cid$postid");

		die;

	}



	$parent_id = 0 + $_GET["pid"];

	int_check($parent_id, true);



	if ($sub == "quote") {

		$commentid = 0 + $_GET["cid"];

		int_check($commentid, true);



		$res2 = sql_query("SELECT comments.text, users.username FROM comments JOIN users ON comments.user = users.id WHERE comments.id=$commentid") or sqlerr(__FILE__, __LINE__);



		if (mysql_num_rows($res2) != 1)

			stderr($lang_forums['std_error'], $lang_forums['std_no_comment_id']);



		$arr2 = mysql_fetch_assoc($res2);

	}



	if ($type == "torrent") {

		$res = sql_query("SELECT name, owner FROM torrents WHERE id = $parent_id") or sqlerr(__FILE__, __LINE__);

		$url = "details.php?id=$parent_id";

	} elseif ($type == "offer") {

		$res = sql_query("SELECT name, userid as owner FROM offers WHERE id = $parent_id") or sqlerr(__FILE__, __LINE__);

		$url = "offers.php?id=$parent_id&off_details=1";

	} elseif ($type == "request") {

		$res = sql_query("SELECT req.name as name, userid as owner FROM req WHERE id = $parent_id") or sqlerr(__FILE__, __LINE__);

		$url = "viewrequest.php?id=$parent_id&req_details=1";

	}

	$arr = mysql_fetch_array($res);

	if (!$arr)

		stderr($lang_comment['std_error'], $lang_comment['std_no_torrent_id']);



	stdhead($lang_comment['head_add_comment_to'] . $arr["name"]);

	begin_main_frames();

	$title = $lang_comment['text_add_comment_to'] . "<a href=$url>" . htmlspecialchars($arr["name"]) . "</a>";

	print("<form id=compose method=post name=\"compose\" action=\"comment.php?action=add&type=$type\">\n");

	print("<input type=\"hidden\" name=\"pid\" value=\"$parent_id\"/>\n");

	begin_compose($title, ($sub == "quote" ? "quote" : "reply"), ($sub == "quote" ? htmlspecialchars("[quote=" . htmlspecialchars($arr2["username"]) . "]" . unesc($arr2["text"]) . "[/quote]") : ""), false);

	end_compose();

	print("</form>");

	end_main_frame();

	stdfoot();

	die;

}

elseif ($action == "edit") {

	$commentid = 0 + $_GET["cid"];

	int_check($commentid, true);



	if ($type == "torrent")

		$res = sql_query("SELECT c.*, t.name, t.id AS parent_id FROM comments AS c JOIN torrents AS t ON c.torrent = t.id WHERE c.id=$commentid") or sqlerr(__FILE__, __LINE__);

	else if ($type == "offer")

		$res = sql_query("SELECT c.*, o.name, o.id AS parent_id FROM comments AS c JOIN offers AS o ON c.offer = o.id WHERE c.id=$commentid") or sqlerr(__FILE__, __LINE__);

	else if ($type == "request")

		$res = sql_query("SELECT c.*, r.name as name, r.id AS parent_id FROM comments AS c JOIN req AS r ON c.request = r.id WHERE c.id=$commentid") or sqlerr(__FILE__, __LINE__);



	$arr = mysql_fetch_array($res);

	if (!$arr)

		stderr($lang_comment['std_error'], $lang_comment['std_invalid_id']);



	if ($arr["user"] != $CURUSER["id"] && get_user_class() < $commanage_class)

		stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']);



	if ($_SERVER["REQUEST_METHOD"] == "POST") {

		$text = $_POST["body"];

		$returnto = htmlspecialchars($_POST["returnto"]) ? $_POST["returnto"] : htmlspecialchars($_SERVER["HTTP_REFERER"]);



		if ($text == "")

			stderr($lang_comment['std_error'], $lang_comment['std_comment_body_empty']);

		$text = sqlesc($text);

		//引用多层处理

		$text = quote_sub($text);

		$editdate = sqlesc(date("Y-m-d H:i:s"));



		sql_query("UPDATE comments SET text=$text, editdate=$editdate, editedby=$CURUSER[id] WHERE id=" . sqlesc($commentid)) or sqlerr(__FILE__, __LINE__);

		if ($type == "torrent")

			$Cache->delete_value('torrent_' . $arr['parent_id'] . '_last_comment_content');

		elseif ($type == "offer")

			$Cache->delete_value('offer_' . $arr['parent_id'] . '_last_comment_content');

		header("Location: $returnto");



		die;

	}

	$parent_id = $arr["parent_id"];

	if ($type == "torrent")

		$url = "details.php?id=$parent_id";

	else if ($type == "offer")

		$url = "offers.php?id=$parent_id&off_details=1";

	else if ($type == "request")

		$url = "viewrequest.php?id=$parent_id&req_details=1";

	stdhead($lang_comment['head_edit_comment_to'] . "\"" . $arr["name"] . "\"");

	begin_main_frames();

	$title = $lang_comment['head_edit_comment_to'] . "<a href=$url>" . htmlspecialchars($arr["name"]) . "</a>";

	print("<form id=compose method=post name=\"compose\" action=\"comment.php?action=edit&cid=$commentid&type=$type\">\n");

	print("<input type=\"hidden\" name=\"returnto\" value=\"" . htmlspecialchars($_SERVER["HTTP_REFERER"]) . "\" />\n");

	begin_compose($title, "edit", htmlspecialchars(unesc($arr["text"])), false);

	end_compose();

	print("</form>");

	end_main_frame();

	stdfoot();

	die;

}

elseif ($action == "delete") {

	if (get_user_class() < $commanage_class)

		stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']);

	$commentid = 0 + $_GET["cid"];

	$sure = $_GET["sure"];

	int_check($commentid, true);

	if (!$sure) {

		$referer = $_SERVER["HTTP_REFERER"];

		stderr($lang_comment['std_delete_comment'], $lang_comment['std_delete_comment_note'] . "<a href=comment.php?action=delete&cid=$commentid&sure=1&type=$type" . ($referer ? "&returnto=" . rawurlencode($referer) : "") . $lang_comment['std_here_if_sure'], false);

	} else {

		int_check($sure, true);

	}



	if ($type == "torrent") {

		$res = sql_query("SELECT torrent as pid,user FROM comments WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);

	} elseif ($type == "offer") {

		$res = sql_query("SELECT offer as pid,user FROM comments WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);

	} elseif ($type == "request") {

		$res = sql_query("SELECT request as pid,user FROM comments WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);

	}

	$arr = mysql_fetch_array($res);

	if ($arr) {

		$parent_id = $arr["pid"];

		$userpostid = $arr["user"];

	} else {

		stderr($lang_comment['std_error'], $lang_comment['std_invalid_id']);

	}

	sql_query("DELETE FROM comments WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);

	if ($type == "torrent") {

		$Cache->delete_value('torrent_' . $arr['pid'] . '_last_comment_content');

	} elseif ($type == "offer") {

		$Cache->delete_value('offer_' . $arr['pid'] . '_last_comment_content');

	}

	if ($parent_id && mysql_affected_rows() > 0) {

		if ($type == "torrent") {

			sql_query("UPDATE torrents SET comments = comments - 1 WHERE id = $parent_id") or sqlerr(__FILE__, __LINE__);

		} elseif ($type == "offer") {

			sql_query("UPDATE offers SET comments = comments - 1 WHERE id = $parent_id") or sqlerr(__FILE__, __LINE__);

		} elseif ($type == "request") {

			sql_query("UPDATE req SET comments = comments - 1 WHERE id = $parent_id") or sqlerr(__FILE__, __LINE__);

		}

	}



	KPS("-", $addcomment_bonus, $userpostid);

	$returnto = $_GET["returnto"] ? $_GET["returnto"] : htmlspecialchars($_SERVER["HTTP_REFERER"]);

	header("Location: $returnto");

	die;

} elseif ($action == "vieworiginal") {

	if (get_user_class() < $commanage_class) {

		stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']);

	}

	$commentid = 0 + $_GET["cid"];

	int_check($commentid, true);

	if ($type == "torrent") {

		$res = sql_query("SELECT c.*, t.name FROM comments AS c JOIN torrents AS t ON c.torrent = t.id WHERE c.id=$commentid") or sqlerr(__FILE__, __LINE__);

	} elseif ($type == "offer") {

		$res = sql_query("SELECT c.*, o.name FROM comments AS c JOIN offers AS o ON c.offer = o.id WHERE c.id=$commentid") or sqlerr(__FILE__, __LINE__);

	} elseif ($type == "request") {

		$res = sql_query("SELECT c.*, r.name as name FROM comments AS c JOIN req AS r ON c.name = r.id WHERE c.id=$commentid") or sqlerr(__FILE__, __LINE__);

	}

	$arr = mysql_fetch_array($res);

	if (!$arr) {

		stderr($lang_comment['std_error'], $lang_comment['std_invalid_id']);

	}

	stdhead($lang_comment['head_original_comment']);

	print("<h1>" . $lang_comment['text_original_content_of_comment'] . "#cid$commentid</h1>");

	print("<table width=\"737\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\">");

	print("<tr><td class=\"text\">\n");

	echo format_comment($arr["ori_text"]);

	print("</td></tr></table>\n");

	$returnto = htmlspecialchars($_SERVER["HTTP_REFERER"]);

	if ($returnto) {

		print("<p><font size=\"small\">(<a href=\"" . $returnto . "\">" . $lang_comment['text_back'] . "</a>)</font></p>\n");

	}

	stdfoot();

	die;

} else {

	stderr($lang_comment['std_error'], $lang_comment['std_unknown_action']);

}

die;
PHP
1
https://gitee.com/mojie126/HDCN-PT.git
git@gitee.com:mojie126/HDCN-PT.git
mojie126
HDCN-PT
HDCN-PT
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部