/source/include/spacecp/spacecp_index.php

https://github.com/sichen/hrmmdiscuz · PHP · 337 lines · 272 code · 59 blank · 6 comment · 70 complexity · be1c51c951767003de63940946287811 MD5 · raw file

  1. <?php
  2. /**
  3. * [Discuz!] (C)2001-2099 Comsenz Inc.
  4. * This is NOT a freeware, use is subject to license terms
  5. *
  6. * $Id: spacecp_index.php 22814 2011-05-24 05:42:54Z zhangguosheng $
  7. */
  8. if(!defined('IN_DISCUZ')) {
  9. exit('Access Denied');
  10. }
  11. $op = in_array($_GET['op'], array('start', 'layout', 'block', 'style', 'diy', 'image', 'getblock', 'edit', 'setmusic', 'getspaceinfo', 'savespaceinfo', 'editnv', 'getpersonalnv')) ? $_GET['op'] : 'start';
  12. require_once libfile('function/space');
  13. require_once libfile('function/portalcp');
  14. if ($op == 'start') {
  15. } elseif ($op == 'layout') {
  16. $layoutarr = getlayout();
  17. } elseif ($op == 'style') {
  18. $themes = gettheme('space');
  19. } elseif ($op == 'block') {
  20. $block = getblockdata();
  21. } elseif ($op == 'diy' || $op == 'image') {
  22. $albumid = empty($_GET['albumid'])?0:intval($_GET['albumid']);
  23. $page = empty($_GET['page'])?1:intval($_GET['page']);
  24. if($page<1) $page=1;
  25. $perpage = 6;
  26. $perpage = mob_perpage($perpage);
  27. $start = ($page-1)*$perpage;
  28. ckstart($start, $perpage);
  29. $albumlist = array();
  30. $query = DB::query("SELECT * FROM ".DB::table('home_album')." WHERE uid='$space[uid]' ORDER BY updatetime DESC");
  31. while ($value = DB::fetch($query)) {
  32. if (!isset($_GET['albumid']) && empty($albumid)) $albumid = $value['albumid'];
  33. $albumlist[$value['albumid']] = $value;
  34. }
  35. $count = getcount('home_pic', array('albumid'=>0, 'uid'=>$space['uid']));
  36. $albumlist[0] = array(
  37. 'uid' => $space['uid'],
  38. 'albumid' => 0,
  39. 'albumname' => lang('space', 'default_albumname'),
  40. 'picnum' => $count
  41. );
  42. if ($albumid > 0) {
  43. if (!isset($albumlist[$albumid])) {
  44. showmessage('to_view_the_photo_does_not_exist');
  45. }
  46. $wheresql = "albumid='$albumid'";
  47. $count = $albumlist[$albumid]['picnum'];
  48. } else {
  49. $wheresql = "albumid='0' AND uid='$space[uid]'";
  50. }
  51. $list = array();
  52. if($count) {
  53. $query = DB::query("SELECT * FROM ".DB::table('home_pic')." WHERE $wheresql ORDER BY dateline DESC LIMIT $start,$perpage");
  54. while ($value = DB::fetch($query)) {
  55. $value['pic'] = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote']);
  56. $list[] = $value;
  57. }
  58. }
  59. $_G['gp_ajaxtarget'] = empty($_G['gp_ajaxtarget']) ? 'diyimages' : $_G['gp_ajaxtarget'];
  60. $multi = multi($count, $perpage, $page, "home.php?mod=spacecp&ac=index&op=image&albumid=$albumid");
  61. } elseif ($op == 'getblock') {
  62. $blockname = getstr($_GET['blockname'],15);
  63. $blockhtml = '';
  64. if(check_ban_block($name, $space)) {
  65. space_merge($space,'field_home');
  66. $data = getuserdiydata($space);
  67. $blockhtml = getblockhtml($blockname, $data['parameters'][$blockname]);
  68. }
  69. } elseif ($op == 'edit') {
  70. $blockname = getstr($_GET['blockname'],15);
  71. $blockdata = lang('space','blockdata');
  72. if (!empty($blockdata[$blockname]) && check_ban_block($blockname, $space)) {
  73. space_merge($space,'field_home');
  74. $userdiy = getuserdiydata($space);
  75. $para = $userdiy['parameters'][$blockname];
  76. $para['title'] = !isset($para['title']) ? $blockdata[$blockname] : stripslashes($para['title']);
  77. } else {
  78. showmessage('the_block_is_not_available');
  79. }
  80. } elseif ($op == 'editnv') {
  81. space_merge($space,'field_home');
  82. $blockposition = unserialize($space['blockposition']);
  83. $personalnv = !empty($blockposition) && isset($blockposition['nv']) ? $blockposition['nv'] : '';
  84. } elseif ($op == 'savespaceinfo') {
  85. space_merge($space,'field_home');
  86. if (submitcheck('savespaceinfosubmit')) {
  87. $spacename = getstr($_POST['spacename'],30, 1, 1);
  88. $spacedescription = getstr($_POST['spacedescription'],135, 1, 1);
  89. $setarr = array();
  90. $setarr['spacename'] = $spacename;
  91. $setarr['spacedescription'] = $spacedescription;
  92. DB::update('common_member_field_home', $setarr, "uid = {$_G['uid']}");
  93. $space['spacename'] = $spacename;
  94. $space['spacedescription'] = $spacedescription;
  95. }
  96. } elseif ($op == 'getspaceinfo') {
  97. space_merge($space,'field_home');
  98. } elseif ($op == 'getpersonalnv') {
  99. space_merge($space,'field_home');
  100. getuserdiydata($space);
  101. $personalnv = isset($_G['blockposition']['nv']) ? $_G['blockposition']['nv'] : '';
  102. if($personalnv && !empty($_GET['show'])) {
  103. $personalnv['nvhidden'] = 0;
  104. }
  105. }
  106. if (submitcheck('blocksubmit')) {
  107. $blockname = getstr($_GET['blockname'],15,0,1);
  108. if(check_ban_block($blockname, $space)) {
  109. space_merge($space,'field_home');
  110. $blockdata = unserialize($space['blockposition']);
  111. $title = getstr($_POST['blocktitle'],50,1,1);
  112. $blockdata['parameters'][$blockname]['title'] = $title;
  113. if (in_array($blockname, array('block1', 'block2', 'block3', 'block4', 'block5'))) {
  114. $content = censor(getstr($_POST['content'],1000,1,0,0,1));
  115. $blockdata['parameters'][$blockname]['content'] = stripslashes($content);
  116. } elseif($blockname == 'profile') {
  117. $blockdata['parameters'][$blockname]['banavatar'] = in_array($_G['gp_avatar'], array('big', 'middle', 'small')) ? $_G['gp_avatar'] : 'middle';
  118. } elseif($blockname == 'statistic') {
  119. $blockdata['parameters'][$blockname]['bancredits'] = $_G['gp_credits'] ? 0 : 1;
  120. $blockdata['parameters'][$blockname]['banfriends'] = $_G['gp_friends'] ? 0 : 1;
  121. $blockdata['parameters'][$blockname]['banthreads'] = $_G['gp_threads'] ? 0 : 1;
  122. $blockdata['parameters'][$blockname]['banblogs'] = $_G['gp_blogs'] ? 0 : 1;
  123. $blockdata['parameters'][$blockname]['banalbums'] = $_G['gp_albums'] ? 0 : 1;
  124. $blockdata['parameters'][$blockname]['bansharings'] = $_G['gp_sharings'] ? 0 : 1;
  125. $blockdata['parameters'][$blockname]['banviews'] = $_G['gp_views'] ? 0 : 1;
  126. } elseif(in_array($blockname, array('personalinfo'))) {
  127. } else {
  128. $shownum = max(1,intval($_POST['shownum']));
  129. if ($shownum <= 20) {
  130. $blockdata['parameters'][$blockname]['shownum'] = $shownum;
  131. }
  132. }
  133. if($blockname == 'blog') {
  134. $blockdata['parameters'][$blockname]['showmessage'] = min(100000, abs(intval($_G['gp_showmessage'])));
  135. } elseif($blockname == 'myapp') {
  136. $blockdata['parameters'][$blockname]['logotype'] = in_array($_G['gp_logotype'], array('logo', 'icon')) ? $_G['gp_logotype'] : 'logo';
  137. }
  138. $setarr['blockposition'] = daddslashes(serialize($blockdata));
  139. DB::update('common_member_field_home', $setarr, "uid = {$space['uid']}");
  140. showmessage('do_success', 'portal.php?mod=spacecp&ac=index&op=getblock&blockname='.$blockname, array('blockname'=>$blockname));
  141. } else {
  142. showmessage('the_block_is_not_available');
  143. }
  144. }
  145. if (submitcheck('editnvsubmit')) {
  146. $hidden = intval($_POST['nvhidden']);
  147. $nv = array('index', 'feed', 'doing', 'blog', 'album', 'topic', 'share', 'friends', 'wall', 'profile');
  148. space_merge($space,'field_home');
  149. $blockdata = unserialize($space['blockposition']);
  150. $personalnv = array();
  151. $personalnv['nvhidden'] = $hidden;
  152. foreach($nv as $value) {
  153. $namevalue = trim($_POST[$value]);
  154. $personalnv['items'][$value] = getstr($namevalue,15,0,1);
  155. $personalnv['banitems'][$value] = empty($_POST['ban'.$value]) ? 0 : 1;
  156. }
  157. $blockdata['nv'] = $personalnv;
  158. $setarr['blockposition'] = daddslashes(serialize($blockdata));
  159. DB::update('common_member_field_home', $setarr, "uid = {$space['uid']}");
  160. showmessage('do_success', 'portal.php?mod=spacecp&ac=index&op=getnv');
  161. }
  162. if (submitcheck('musicsubmit')) {
  163. $blockname = getstr($_GET['blockname'],15,0,1);
  164. $_POST = dstripslashes($_POST);
  165. space_merge($space,'field_home');
  166. $blockdata = unserialize($space['blockposition']);
  167. if ($_POST['act'] == 'config') {
  168. $config = array (
  169. 'showmod' => $_POST['showmod'],
  170. 'autorun' => $_POST['autorun'],
  171. 'shuffle' => $_POST['shuffle'],
  172. 'crontabcolor' => $_POST['crontabcolor'],
  173. 'buttoncolor' => $_POST['buttoncolor'],
  174. 'fontcolor' => $_POST['fontcolor'],
  175. 'crontabbj' => $_POST['crontabbj'],
  176. 'height' => min(9999,abs(intval($_POST['height']))),
  177. );
  178. $blockdata['parameters']['music']['config'] = $config;
  179. $blockdata['parameters']['music']['title']= getstr($_POST['blocktitle'],50,1,1);
  180. } elseif ($_POST['act'] == 'addmusic') {
  181. $mp3url = $_POST['mp3url'];
  182. $mp3name = $_POST['mp3name'];
  183. $cdbj = $_POST['cdbj'];
  184. $mp3list = empty($blockdata['parameters']['music']['mp3list']) ? array() : $blockdata['parameters']['music']['mp3list'];
  185. foreach ($mp3url as $key => $value) {
  186. if (!empty($value)) {
  187. if(empty($mp3name[$key])) $mp3name[$key] = substr($value,strrpos($value,'/')+1,strlen($value));
  188. $mp3list[] = array('mp3url'=>$value, 'mp3name'=>$mp3name[$key], 'cdbj'=>$cdbj[$key]);
  189. }
  190. }
  191. $blockdata['parameters']['music']['mp3list'] = $mp3list;
  192. } elseif ($_POST['act'] == 'editlist') {
  193. $mp3url = $_POST['mp3url'];
  194. $mp3name = $_POST['mp3name'];
  195. $cdbj = $_POST['cdbj'];
  196. $mp3list = array();
  197. foreach ($mp3url as $key => $value) {
  198. if (!empty($value)) {
  199. if(empty($mp3name[$key])) $mp3name[$key] = substr($value,strrpos($value,'/')+1,strlen($value));
  200. $mp3list[] = array('mp3url'=>$value, 'mp3name'=>$mp3name[$key], 'cdbj'=>$cdbj[$key]);
  201. }
  202. }
  203. $blockdata['parameters']['music']['mp3list'] = $mp3list;
  204. }
  205. if (empty($blockdata['parameters']['music']['config'])) {
  206. $blockdata['parameters']['music']['config'] = array (
  207. 'showmod' => 'default',
  208. 'autorun' => 'true',
  209. 'shuffle' => 'true',
  210. 'crontabcolor' => '#D2FF8C',
  211. 'buttoncolor' => '#1F43FF',
  212. 'fontcolor' => '#1F43FF',
  213. );
  214. }
  215. $setarr['blockposition'] = daddslashes(serialize($blockdata));
  216. DB::update('common_member_field_home', $setarr, "uid = {$space['uid']}");
  217. showmessage('do_success', 'home.php?mod=spacecp&ac=index&op=getblock&blockname='.$blockname, array('blockname'=>$blockname));
  218. }
  219. if (submitcheck('diysubmit')) {
  220. $blockdata = array();
  221. checksecurity($_POST['spacecss']);
  222. $spacecss = dstripslashes($_POST['spacecss']);
  223. $spacecss = preg_replace("/(\<|\>)/is", '', $spacecss);
  224. $currentlayout = getstr($_POST['currentlayout'],5, 1, 1);
  225. $style = empty($_POST['style'])?'':preg_replace("/[^0-9a-z]/i", '', $_POST['style']);
  226. $layoutdata = dstripslashes(getgpc('layoutdata', 'P'));
  227. require_once libfile('class/xml');
  228. $layoutdata = xml2array($layoutdata);
  229. if (empty($layoutdata)) showmessage('space_data_format_invalid');
  230. $layoutdata = $layoutdata['diypage'];
  231. if($style && $style != 'uchomedefault') {
  232. $cssfile = DISCUZ_ROOT.'./static/space/'.$style.'/style.css';
  233. if(!file_exists($cssfile)) {
  234. showmessage('theme_does_not_exist');
  235. }
  236. }
  237. space_merge($space, 'field_home');
  238. $blockdata = unserialize($space['blockposition']);
  239. $blockdata['block'] = $layoutdata;
  240. $blockdata['currentlayout'] = $currentlayout;
  241. $setarr['spacecss'] = daddslashes($spacecss);
  242. $setarr['blockposition'] = daddslashes(serialize($blockdata));
  243. $setarr['theme'] = $style;
  244. DB::update('common_member_field_home', $setarr, "uid = {$_G['uid']}");
  245. showmessage('do_success','home.php?mod=space'.($_G['adminid'] == 1 && $_G['setting']['allowquickviewprofile'] ? '&view=admin' : ''));
  246. }
  247. if (submitcheck('uploadsubmit')) {
  248. $albumid = $picid = 0;
  249. if(!checkperm('allowupload')) {
  250. echo "<script>";
  251. echo "alert(\"".lang('spacecp', 'not_allow_upload')."\")";
  252. echo "</script>";
  253. exit();
  254. }
  255. $uploadfiles = pic_save($_FILES['attach'], $_POST['albumid'], $_POST['pic_title'], false);
  256. if($uploadfiles && is_array($uploadfiles)) {
  257. $albumid = $uploadfiles['albumid'];
  258. $picid = $uploadfiles['picid'];
  259. $uploadStat = 1;
  260. require_once libfile('function/spacecp');
  261. album_update_pic($albumid);
  262. } else {
  263. $uploadStat = $uploadfiles;
  264. }
  265. $picurl = pic_get($uploadfiles['filepath'], 'album', $uploadfiles['thumb'], $uploadfiles['remote']);
  266. echo "<script>";
  267. if($uploadStat == 1) {
  268. echo "parent.spaceDiy.getdiy('diy', 'albumid', '$albumid');";
  269. echo "parent.spaceDiy.setBgImage('$picurl');";
  270. echo "parent.Util.toggleEle('upload');";
  271. } else {
  272. echo "parent.showDialog('$uploadStat','notice');";
  273. }
  274. echo "</script>";
  275. exit();
  276. }
  277. include_once(template('home/spacecp_index'));
  278. ?>