/mode/ajax.class.php
PHP | 212 lines | 173 code | 9 blank | 30 comment | 45 complexity | 48b88252f264ad58c09e53ca72550f21 MD5 | raw file
Possible License(s): AGPL-1.0
- <?php
- !defined('IN_NOVA') && exit('Access Denied!');
- class Ajax {
- public function start() {
- global $theme,$cache,$request;
- // ????
- $action = $request->get( 'p' );
- @header("content-type: text/html; charset=utf-8");
- switch( $action )
- {
- case 'checkname':
- $this->check_name();
- break;
- case 'addcomment':
- $this->add_comment();
- break;
- default:
- echo '????!|$|False';
- }
- }
- private function check_name()
- {
- global $db,$request,$user;
- $user_name = php_unescape( $request->get( 'username' ) );
- if( !$user->check_username( $user_name ) ) {
- echo '??????????|$|False';
- return -1;
- }
- if( $db->result( "SELECT COUNT(u_id) FROM `" . DB_PREFIX . "user` WHERE u_username='$user_name'" )) {
- echo '??????????|$|False';
- return -2;
- } else {
- echo '????????|$|True';
- return 1;
- }
- }
-
- function add_comment(){
- global $db,$cache,$user,$theme,$request;
- // ????
- if( $cache->config['comment'] == 2 ){
- echo '??????????????|$|False';
- return -1;
- }
- if( $cache->config['comment'] == 1 && !user_is_login() ){
- echo '??????????????????????|$|False';
- return -2;
- }
- //If( CDate( DateDiff( "s", Session("PostDate"), Now() ) ) < CDate( Blogcomtimer ) ){
- // echo "??????????????|$|False";
- // return -3;
- //}
- // ?????
- //$vdcode = $request->get( 'vcode', 'P' );
- //if( ( $cache->config['verify'] == 0 || ( $cache->config['verify'] == 1 && !$user->is_login() ) ) && !check_verify( $vdcode ) ){
- // echo '?????????!|$|False';
- // return -4;
- //}
- // ????
- if( $user->is_login() ){
- $user_name = $user->username;
- $temp = array();
- $temp = $db->fetch_one_array( "SELECT `u_email`,`u_index` FROM `" . DB_PREFIX . "user` WHERE u_username='$user_name'" );
- if( $temp['u_email'] != NULL ){
- $email = $temp['u_email'];
- }else{
- $email = '';
- }
- if( $temp['u_index'] != NULL ){
- $index = $temp['u_index'];
- }else{
- $index = '';
- }
- unset( $temp );
- }else{
- $user_name = trim( php_unescape( $request->get( 'username', 'P' ) ) );
- $email = htmlspecialchars( php_unescape( $request->get( 'email', 'P' ) ) );
- $index = htmlspecialchars( php_unescape( $request->get( 'index', 'P' ) ) );
- $check_name = $user->check_username( $user_name );
- if ( $check_name == 0 ) {
- echo "????????3-20?????|$|False";
- return -5;
- } elseif ( $check_name == -1 ) {
- echo "???????????|$|False";
- return -6;
- } elseif ( $check_name == -2 ) {
- echo "??????????????|$|False";
- return -7;
- } elseif ( $db->result( "SELECT COUNT(u_id) FROM `" . DB_PREFIX . "user` WHERE u_username = '" . $user_name . "'" ) ) {
- // ????????????????????????
- echo "?????????|$|False";
- return -8;
- }
- if ( empty( $email ) ) {
- //echo '??????????|$|False';
- //return -9;
- } elseif ( !$user->check_email( $email ) ) {
- echo "?????????????|$|False";
- return -10;
- } elseif ( $db->result( "SELECT COUNT(u_id) FROM `" . DB_PREFIX . "user` WHERE u_email='$email|" . strtolower( md5( $email ) ) . "'" ) ) {
- echo "?????????????|$|False";
- return -11;
- }
- // ????
- if ( empty( $index ) ) {
- //echo '????????';
- //return -12;
- } elseif ( !$user->check_index( $index ) ) {
- echo "??????????????????????|$|False";
- return -13;
- }
- $remember = $request->get( 'remember', 'P' );
- $blog_path = str_replace( ' ','%20', APP_PATH );
- if( $remember == 'on' ){
- setcookie( APP_PREFIX . 'username', $user_name, PHP_TIME + 31536000,$blog_path );
- setcookie( APP_PREFIX . 'email', $email, PHP_TIME + 31536000, $blog_path );
- setcookie( APP_PREFIX . 'index', $index, PHP_TIME + 31536000, $blog_path );
- setcookie( APP_PREFIX . 'remember', '1', PHP_TIME + 31536000, $blog_path );
- } else {
- setcookie( APP_PREFIX . 'username', NULL, 0,$blog_path );
- setcookie( APP_PREFIX . 'email', NULL, 0, $blog_path );
- setcookie( APP_PREFIX . 'index', NULL, 0, $blog_path );
- setcookie( APP_PREFIX . 'remember', NULL, 0, $blog_path );
- }
- if( $email != '' ) $email = $email . '|' . strtolower( md5( $email ) );
- }
- // ????
- $comment = htmlspecialchars( $request->get( 'comment', 'P' ), ENT_QUOTES, 'UTF-8' );
- $comment = str_replace( array("\r\n", "\n", "\r"),'<br />',$comment);
- $article_id = $request->get( 'aid', 'P', 'int' );
- $hide = $request->get( 'hide', 'P' );
- // ????
- if( trim( $comment ) == '' ){
- echo '?????????|$|False';
- return -14;
- }
- if( strlen( $comment ) > $cache->config['commaxlength'] ){
- echo '??????????' . $cache->config['commaxlength'] . '??????|$|False';
- return -15;
- }
- // ?? @ ??
- $pattern = "/{@[1-9]\d*}/";
- $matches = $id_arr = array();
- if( preg_match_all ( $pattern, $comment, $matches ) ) {
- foreach( $matches[0] as $match ) {
- $id_arr[] = str_replace( array( '{@', '}' ), '', $match );
- }
- unset( $matches );
- include nova_lib( 'phpmailer' );
- $mail = new PHPMailer();
- foreach( $id_arr as $comment_id ) {
- // ????? @ ??
- $respond = $db->fetch_one_array( "SELECT author,email FROM `" . DB_PREFIX . "comment` WHERE cid=$comment_id" );
- // ?? cid ????????
- if( !$respond ) continue;
- // ?? {@**}
- $comment = str_replace( '{@' . $comment_id . '}', '<a href="#comment-' . $comment_id . '">@ ' . $respond['author'] . '</a>', $comment );
- // ???? @ ????
- if( !$respond['email'] || 0 /* ??????? */ ) continue;
-
- }
- unset( $respond, $mail );
- }
- // ?????????????
- $temp = true;
- $db->query( "INSERT INTO `" . DB_PREFIX . "comment` (`articleid`,`author`,`time`,`comment`,`email`,`index`,`isshow`) VALUES ($article_id,'$user_name','" . PHP_TIME . "','$comment','$email','$index',1)" );
- $cid = $db->insert_id();
- $filter_arr = split( "\|", $cache->config['filterwords'] );
- if ( count( $filter_arr ) ) {
- foreach( $filter_arr as $filter_word ){
- if ( empty( $filter_word ) ) continue;
- if( !( stripos($comment,$filter_word) === false ) ){
- $db->query( "UPDATE `" . DB_PREFIX . "comment` SET isshow = 0 WHERE `cid` = $cid" );
- $temp = false;
- break;
- }
- }
- }
- // ????????
- if( $hide == 'on' ) $db->query( "UPDATE `" . DB_PREFIX . "comment` SET isshow = 2 WHERE cid=$cid" );
- // ?? ajax ??
- $theme->comment = $db->fetch_one_array( "SELECT * FROM `" . DB_PREFIX . "comment` WHERE cid=$cid" );
- if( $db->result( "SELECT type FROM `" . DB_PREFIX . "article` WHERE id=$article_id" ) == '??' ){
- $theme->comment['comment'] .= '<br /><font color="red">[???????????????]</font>';
- $db->query( "UPDATE `" . DB_PREFIX . "article` SET `update`=1 WHERE id=$article_id" );
- }else{
- if( $temp != false ){
- $theme->comment['comment'] .= '<br /><font color="blue">[??????????]</font>';
- }
- }
- if( $article_id != 0 ){
- $db->query( "UPDATE `" . DB_PREFIX . "article` SET comment = comment + 1 WHERE id = $article_id" );
- }
- $theme->show_comment_de();
- echo '|$|True';
- // ????
- if( $article_id == 0 ) {
- $cache->refresh( 'guestbook_new', TRUE );
- }else{
- $cache->refresh( 'comment_new', TRUE );
- }
- $cache->refresh( 'count', TRUE );
- }
- }
- ?>