sibtracker/system/ajax/editcomments.php

146 lines
5.1 KiB
PHP
Raw Normal View History

2019-05-18 13:46:03 +08:00
<?php
@session_start();
@error_reporting( 7 );
@ini_set( 'display_errors', true );
@ini_set( 'html_errors', false );
define( 'DATALIFEENGINE', true );
define( 'ROOT_DIR', substr( dirname( __FILE__ ), 0, -12 ) );
define( 'SYSTEM_DIR', ROOT_DIR . '/system' );
include SYSTEM_DIR . '/data/config.php';
require_once SYSTEM_DIR . '/classes/mysql.php';
require_once SYSTEM_DIR . '/data/dbconfig.php';
if( $_COOKIE['dle_skin'] ) {
if( @is_dir( ROOT_DIR . '/templates/' . $_COOKIE['dle_skin'] ) ) {
$config['skin'] = $_COOKIE['dle_skin'];
}
}
include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];
require_once SYSTEM_DIR . '/modules/functions.php';
require_once SYSTEM_DIR . '/classes/parse.class.php';
require_once SYSTEM_DIR . '/modules/sitelogin.php';
$area = totranslit($_REQUEST['area'], true, false);
if ( !$area) $area = "news";
$allowed_areas = array(
'news' => array (
'comments_table' => 'comments',
),
'ajax' => array (
'comments_table' => 'comments',
),
'lastcomments' => array (
'comments_table' => 'comments',
),
);
if (! is_array($allowed_areas[$area]) ) die( "error" );
$parse = new ParseFilter( );
$parse->safe_mode = true;
if( ! $is_logged ) die( "error" );
$id = intval( $_REQUEST['id'] );
if( ! $id ) die( "error" );
$user_group = $cache->get( "usergroup" );
if( ! $user_group ) {$user_group = array ();
$db->query( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" );
while ( $row = $db->get_row() ) {$user_group[$row['id']] = array ();
foreach ( $row as $key => $value ) {$user_group[$row['id']][$key] = stripslashes($value);}
}
$cache->set( "usergroup", $user_group );
$db->free();
}
$parse->allow_url = $user_group[$member_id['user_group']]['allow_url'];
$parse->allow_image = $user_group[$member_id['user_group']]['allow_image'];
if( $_REQUEST['action'] == "edit" ) {
$row = $db->super_query( "SELECT id, text, is_register, autor FROM " . PREFIX . "_{$allowed_areas[$area]['comments_table']} where id = '$id'" );
if( $id != $row['id'] ) die( "error" );
$have_perm = 0;
if( $is_logged and (($member_id['name'] == $row['autor'] and $row['is_register'] and $user_group[$member_id['user_group']]['allow_editc']) or $user_group[$member_id['user_group']]['edit_allc']) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
include_once SYSTEM_DIR . '/ajax/bbcode.php';
$comm_txt = $parse->decodeBBCodes( $row['text'], false );
$buffer = <<<HTML
<form name="ajaxcomments{$id}" id="ajaxcomments{$id}" metod="post" action="">
<div class="editor">
{$bb_code}
<textarea name="dleeditcomments{$id}" id="dleeditcomments{$id}" onclick="setNewField(this.name, document.ajaxcomments{$id})" style="width:99%; height:150px; border:1px solid #E0E0E0">{$comm_txt}</textarea><br>
<div align="right" style="width:99%;padding-top:5px;"><input class=bbcodes title="$lang[bb_t_apply]" type=button onclick="ajax_save_comm_edit('{$id}', '{$area}'); return false;" value="$lang[bb_b_apply]">
<input class=bbcodes title="$lang[bb_t_cancel]" type=button onclick="ajax_cancel_comm_edit('{$id}'); return false;" value="$lang[bb_b_cancel]">
</div></div>
</form>
HTML;
} elseif( $_REQUEST['action'] == "save" ) {
$row = $db->super_query( "SELECT id, post_id, text, is_register, autor FROM " . PREFIX . "_{$allowed_areas[$area]['comments_table']} where id = '$id'" );
if( $id != $row['id'] ) die( "error" );
$have_perm = 0;
if( $is_logged AND (($member_id['name'] == $row['autor'] AND $row['is_register'] AND $user_group[$member_id['user_group']]['allow_editc']) OR $user_group[$member_id['user_group']]['edit_allc']) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
$use_html = false;
$comm_txt = trim( $parse->BB_Parse( $parse->process( convert_unicode( $_POST['comm_txt'], $config['charset'] ) ), $use_html ) );
if( $parse->not_allowed_tags ) {die( "error" );}
if( $parse->not_allowed_text ) {die( "error" );}
if( strlen( $comm_txt ) > $config['comments_maxlen'] ) {die( "error" );}
if( $comm_txt == "" ) {die( "error" );}
//* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
if( intval( $config['auto_wrap'] ) ) {
$comm_txt = preg_split( '((>)|(<))', $comm_txt, - 1, PREG_SPLIT_DELIM_CAPTURE );
$n = count( $comm_txt );
for($i = 0; $i < $n; $i ++) {
if( $comm_txt[$i] == "<" ) {
$i ++;
continue;
}
$comm_txt[$i] = preg_replace( "#([^\s\n\r]{" . intval( $config['auto_wrap'] ) . "})#i", "\\1<br />", $comm_txt[$i] );
}
$comm_txt = join( "", $comm_txt );
}
$comm_update = $db->safesql( $comm_txt );
$db->query( "UPDATE " . PREFIX . "_{$allowed_areas[$area]['comments_table']} set text='$comm_update' where id = '$id'" );
$comm_txt = preg_replace( "'\[hide\](.*?)\[/hide\]'si", "\\1", $comm_txt );
$comm_txt = preg_replace ( "'\[hide=(.*?)\](.*?)\[/hide\]'sie",'comm_hide($1,"\\2")',$comm_txt);
$buffer = stripslashes( $comm_txt );
$cache->clear( 'comm_'.$row['post_id'] );
} else
die( "error" );
$db->close();
@header( "Content-type: text/html; charset=" . $config['charset'] );
echo $buffer;
?>