/source/include/spacecp/spacecp_index.php

  1<?php
  2
  3/**
  4 *      [Discuz!] (C)2001-2099 Comsenz Inc.
  5 *      This is NOT a freeware, use is subject to license terms
  6 *
  7 *      $Id: spacecp_index.php 22814 2011-05-24 05:42:54Z zhangguosheng $
  8 */
  9
 10if(!defined('IN_DISCUZ')) {
 11	exit('Access Denied');
 12}
 13
 14$op = in_array($_GET['op'], array('start', 'layout', 'block', 'style', 'diy', 'image', 'getblock', 'edit', 'setmusic', 'getspaceinfo', 'savespaceinfo', 'editnv', 'getpersonalnv')) ? $_GET['op'] : 'start';
 15
 16require_once libfile('function/space');
 17require_once libfile('function/portalcp');
 18
 19if ($op == 'start') {
 20
 21
 22} elseif ($op == 'layout') {
 23	$layoutarr = getlayout();
 24
 25} elseif ($op == 'style') {
 26
 27	$themes = gettheme('space');
 28
 29} elseif ($op == 'block') {
 30	$block = getblockdata();
 31} elseif ($op == 'diy' || $op == 'image') {
 32
 33	$albumid = empty($_GET['albumid'])?0:intval($_GET['albumid']);
 34	$page = empty($_GET['page'])?1:intval($_GET['page']);
 35	if($page<1) $page=1;
 36
 37	$perpage = 6;
 38	$perpage = mob_perpage($perpage);
 39
 40	$start = ($page-1)*$perpage;
 41
 42	ckstart($start, $perpage);
 43
 44	$albumlist = array();
 45	$query = DB::query("SELECT * FROM ".DB::table('home_album')." WHERE uid='$space[uid]' ORDER BY updatetime DESC");
 46	while ($value = DB::fetch($query)) {
 47		if (!isset($_GET['albumid']) && empty($albumid)) $albumid = $value['albumid'];
 48
 49		$albumlist[$value['albumid']] = $value;
 50	}
 51
 52	$count = getcount('home_pic', array('albumid'=>0, 'uid'=>$space['uid']));
 53	$albumlist[0] = array(
 54		'uid' => $space['uid'],
 55		'albumid' => 0,
 56		'albumname' => lang('space', 'default_albumname'),
 57		'picnum' => $count
 58	);
 59
 60	if ($albumid > 0) {
 61		if (!isset($albumlist[$albumid])) {
 62			showmessage('to_view_the_photo_does_not_exist');
 63		}
 64
 65		$wheresql = "albumid='$albumid'";
 66		$count = $albumlist[$albumid]['picnum'];
 67	} else {
 68		$wheresql = "albumid='0' AND uid='$space[uid]'";
 69	}
 70
 71	$list = array();
 72	if($count) {
 73		$query = DB::query("SELECT * FROM ".DB::table('home_pic')." WHERE $wheresql ORDER BY dateline DESC LIMIT $start,$perpage");
 74		while ($value = DB::fetch($query)) {
 75			$value['pic'] = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote']);
 76			$list[] = $value;
 77		}
 78	}
 79
 80	$_G['gp_ajaxtarget'] = empty($_G['gp_ajaxtarget']) ? 'diyimages' : $_G['gp_ajaxtarget'];
 81	$multi = multi($count, $perpage, $page, "home.php?mod=spacecp&ac=index&op=image&albumid=$albumid");
 82
 83} elseif ($op == 'getblock') {
 84
 85	$blockname = getstr($_GET['blockname'],15);
 86	$blockhtml = '';
 87	if(check_ban_block($name, $space)) {
 88		space_merge($space,'field_home');
 89		$data = getuserdiydata($space);
 90		$blockhtml = getblockhtml($blockname, $data['parameters'][$blockname]);
 91	}
 92
 93} elseif ($op == 'edit') {
 94
 95	$blockname = getstr($_GET['blockname'],15);
 96	$blockdata = lang('space','blockdata');
 97	if (!empty($blockdata[$blockname]) && check_ban_block($blockname, $space)) {
 98		space_merge($space,'field_home');
 99		$userdiy = getuserdiydata($space);
100		$para = $userdiy['parameters'][$blockname];
101		$para['title'] = !isset($para['title']) ? $blockdata[$blockname] : stripslashes($para['title']);
102	} else {
103		showmessage('the_block_is_not_available');
104	}
105} elseif ($op == 'editnv') {
106	space_merge($space,'field_home');
107	$blockposition = unserialize($space['blockposition']);
108	$personalnv = !empty($blockposition) && isset($blockposition['nv']) ? $blockposition['nv'] : '';
109} elseif ($op == 'savespaceinfo') {
110	space_merge($space,'field_home');
111	if (submitcheck('savespaceinfosubmit')) {
112
113		$spacename = getstr($_POST['spacename'],30, 1, 1);
114		$spacedescription = getstr($_POST['spacedescription'],135, 1, 1);
115
116		$setarr = array();
117		$setarr['spacename'] = $spacename;
118		$setarr['spacedescription'] = $spacedescription;
119		DB::update('common_member_field_home', $setarr, "uid = {$_G['uid']}");
120
121		$space['spacename'] = $spacename;
122		$space['spacedescription'] = $spacedescription;
123	}
124} elseif ($op == 'getspaceinfo') {
125	space_merge($space,'field_home');
126} elseif ($op == 'getpersonalnv') {
127	space_merge($space,'field_home');
128	getuserdiydata($space);
129	$personalnv = isset($_G['blockposition']['nv']) ? $_G['blockposition']['nv'] : '';
130	if($personalnv && !empty($_GET['show'])) {
131		$personalnv['nvhidden'] = 0;
132	}
133}
134if (submitcheck('blocksubmit')) {
135
136	$blockname = getstr($_GET['blockname'],15,0,1);
137	if(check_ban_block($blockname, $space)) {
138		space_merge($space,'field_home');
139		$blockdata = unserialize($space['blockposition']);
140
141		$title = getstr($_POST['blocktitle'],50,1,1);
142		$blockdata['parameters'][$blockname]['title'] = $title;
143
144		if (in_array($blockname, array('block1', 'block2', 'block3', 'block4', 'block5'))) {
145			$content = censor(getstr($_POST['content'],1000,1,0,0,1));
146			$blockdata['parameters'][$blockname]['content'] = stripslashes($content);
147		} elseif($blockname == 'profile') {
148			$blockdata['parameters'][$blockname]['banavatar'] = in_array($_G['gp_avatar'], array('big', 'middle', 'small')) ? $_G['gp_avatar'] : 'middle';
149		} elseif($blockname == 'statistic') {
150			$blockdata['parameters'][$blockname]['bancredits'] = $_G['gp_credits'] ? 0 : 1;
151			$blockdata['parameters'][$blockname]['banfriends'] = $_G['gp_friends'] ? 0 : 1;
152			$blockdata['parameters'][$blockname]['banthreads'] = $_G['gp_threads'] ? 0 : 1;
153			$blockdata['parameters'][$blockname]['banblogs'] = $_G['gp_blogs'] ? 0 : 1;
154			$blockdata['parameters'][$blockname]['banalbums'] = $_G['gp_albums'] ? 0 : 1;
155			$blockdata['parameters'][$blockname]['bansharings'] = $_G['gp_sharings'] ? 0 : 1;
156			$blockdata['parameters'][$blockname]['banviews'] = $_G['gp_views'] ? 0 : 1;
157		} elseif(in_array($blockname, array('personalinfo'))) {
158
159		} else {
160			$shownum = max(1,intval($_POST['shownum']));
161			if ($shownum <= 20) {
162				$blockdata['parameters'][$blockname]['shownum'] = $shownum;
163			}
164		}
165
166		if($blockname == 'blog') {
167			$blockdata['parameters'][$blockname]['showmessage'] = min(100000, abs(intval($_G['gp_showmessage'])));
168		} elseif($blockname == 'myapp') {
169			$blockdata['parameters'][$blockname]['logotype'] = in_array($_G['gp_logotype'], array('logo', 'icon')) ? $_G['gp_logotype'] : 'logo';
170		}
171
172		$setarr['blockposition'] = daddslashes(serialize($blockdata));
173		DB::update('common_member_field_home', $setarr, "uid = {$space['uid']}");
174
175		showmessage('do_success', 'portal.php?mod=spacecp&ac=index&op=getblock&blockname='.$blockname, array('blockname'=>$blockname));
176	} else {
177		showmessage('the_block_is_not_available');
178	}
179}
180
181if (submitcheck('editnvsubmit')) {
182
183	$hidden = intval($_POST['nvhidden']);
184	$nv = array('index', 'feed', 'doing', 'blog', 'album', 'topic', 'share', 'friends', 'wall', 'profile');
185	space_merge($space,'field_home');
186	$blockdata = unserialize($space['blockposition']);
187
188	$personalnv = array();
189	$personalnv['nvhidden'] = $hidden;
190	foreach($nv as $value) {
191		$namevalue = trim($_POST[$value]);
192		$personalnv['items'][$value] = getstr($namevalue,15,0,1);
193		$personalnv['banitems'][$value] = empty($_POST['ban'.$value]) ? 0 : 1;
194	}
195	$blockdata['nv'] = $personalnv;
196	$setarr['blockposition'] = daddslashes(serialize($blockdata));
197	DB::update('common_member_field_home', $setarr, "uid = {$space['uid']}");
198
199	showmessage('do_success', 'portal.php?mod=spacecp&ac=index&op=getnv');
200
201}
202
203if (submitcheck('musicsubmit')) {
204
205	$blockname = getstr($_GET['blockname'],15,0,1);
206	$_POST = dstripslashes($_POST);
207	space_merge($space,'field_home');
208	$blockdata = unserialize($space['blockposition']);
209	if ($_POST['act'] == 'config') {
210		$config = array (
211				'showmod' => $_POST['showmod'],
212				'autorun' => $_POST['autorun'],
213				'shuffle' => $_POST['shuffle'],
214				'crontabcolor' => $_POST['crontabcolor'],
215				'buttoncolor' => $_POST['buttoncolor'],
216				'fontcolor' => $_POST['fontcolor'],
217				'crontabbj' => $_POST['crontabbj'],
218				'height' => min(9999,abs(intval($_POST['height']))),
219			  );
220		$blockdata['parameters']['music']['config'] = $config;
221
222		$blockdata['parameters']['music']['title']= getstr($_POST['blocktitle'],50,1,1);
223
224	} elseif ($_POST['act'] == 'addmusic') {
225		$mp3url = $_POST['mp3url'];
226		$mp3name = $_POST['mp3name'];
227		$cdbj = $_POST['cdbj'];
228		$mp3list = empty($blockdata['parameters']['music']['mp3list']) ? array() : $blockdata['parameters']['music']['mp3list'];
229		foreach ($mp3url as $key => $value) {
230			if (!empty($value)) {
231				if(empty($mp3name[$key])) $mp3name[$key] = substr($value,strrpos($value,'/')+1,strlen($value));
232				$mp3list[] = array('mp3url'=>$value, 'mp3name'=>$mp3name[$key], 'cdbj'=>$cdbj[$key]);
233			}
234		}
235		$blockdata['parameters']['music']['mp3list'] = $mp3list;
236
237	} elseif ($_POST['act'] == 'editlist') {
238		$mp3url = $_POST['mp3url'];
239		$mp3name = $_POST['mp3name'];
240		$cdbj = $_POST['cdbj'];
241		$mp3list = array();
242		foreach ($mp3url as $key => $value) {
243			if (!empty($value)) {
244				if(empty($mp3name[$key])) $mp3name[$key] = substr($value,strrpos($value,'/')+1,strlen($value));
245				$mp3list[] = array('mp3url'=>$value, 'mp3name'=>$mp3name[$key], 'cdbj'=>$cdbj[$key]);
246			}
247		}
248
249		$blockdata['parameters']['music']['mp3list'] = $mp3list;
250	}
251
252	if (empty($blockdata['parameters']['music']['config'])) {
253		$blockdata['parameters']['music']['config'] = array (
254			  'showmod' => 'default',
255			  'autorun' => 'true',
256			  'shuffle' => 'true',
257			  'crontabcolor' => '#D2FF8C',
258			  'buttoncolor' => '#1F43FF',
259			  'fontcolor' => '#1F43FF',
260			);
261	}
262	$setarr['blockposition'] = daddslashes(serialize($blockdata));
263	DB::update('common_member_field_home', $setarr, "uid = {$space['uid']}");
264	showmessage('do_success', 'home.php?mod=spacecp&ac=index&op=getblock&blockname='.$blockname, array('blockname'=>$blockname));
265}
266
267if (submitcheck('diysubmit')) {
268
269	$blockdata = array();
270
271	checksecurity($_POST['spacecss']);
272
273	$spacecss = dstripslashes($_POST['spacecss']);
274	$spacecss = preg_replace("/(\<|\>)/is", '', $spacecss);
275
276	$currentlayout = getstr($_POST['currentlayout'],5, 1, 1);
277	$style = empty($_POST['style'])?'':preg_replace("/[^0-9a-z]/i", '', $_POST['style']);
278
279	$layoutdata = dstripslashes(getgpc('layoutdata', 'P'));
280	require_once libfile('class/xml');
281	$layoutdata = xml2array($layoutdata);
282	if (empty($layoutdata)) showmessage('space_data_format_invalid');
283	$layoutdata = $layoutdata['diypage'];
284	if($style && $style != 'uchomedefault') {
285		$cssfile = DISCUZ_ROOT.'./static/space/'.$style.'/style.css';
286		if(!file_exists($cssfile)) {
287			showmessage('theme_does_not_exist');
288		}
289	}
290
291	space_merge($space, 'field_home');
292	$blockdata = unserialize($space['blockposition']);
293	$blockdata['block'] = $layoutdata;
294	$blockdata['currentlayout'] = $currentlayout;
295
296	$setarr['spacecss'] = daddslashes($spacecss);
297	$setarr['blockposition'] = daddslashes(serialize($blockdata));
298	$setarr['theme'] = $style;
299	DB::update('common_member_field_home', $setarr, "uid = {$_G['uid']}");
300	showmessage('do_success','home.php?mod=space'.($_G['adminid'] == 1 && $_G['setting']['allowquickviewprofile'] ? '&view=admin' : ''));
301}
302
303if (submitcheck('uploadsubmit')) {
304	$albumid = $picid = 0;
305
306	if(!checkperm('allowupload')) {
307		echo "<script>";
308		echo "alert(\"".lang('spacecp', 'not_allow_upload')."\")";
309		echo "</script>";
310		exit();
311	}
312	$uploadfiles = pic_save($_FILES['attach'], $_POST['albumid'], $_POST['pic_title'], false);
313	if($uploadfiles && is_array($uploadfiles)) {
314		$albumid = $uploadfiles['albumid'];
315		$picid = $uploadfiles['picid'];
316		$uploadStat = 1;
317		require_once libfile('function/spacecp');
318		album_update_pic($albumid);
319	} else {
320		$uploadStat = $uploadfiles;
321	}
322
323	$picurl = pic_get($uploadfiles['filepath'], 'album', $uploadfiles['thumb'], $uploadfiles['remote']);
324
325	echo "<script>";
326	if($uploadStat == 1) {
327		echo "parent.spaceDiy.getdiy('diy', 'albumid', '$albumid');";
328		echo "parent.spaceDiy.setBgImage('$picurl');";
329		echo "parent.Util.toggleEle('upload');";
330	} else {
331		echo "parent.showDialog('$uploadStat','notice');";
332	}
333	echo "</script>";
334	exit();
335}
336include_once(template('home/spacecp_index'));
337?>