pixmicat

Subversion Repositories:
Compare Path: Rev
With Path: Rev
/PMC2Prototype/ @ 372  →  /PMC2Prototype/ @ 373
/PMC2Prototype/lib/lib_fileio.php
@@ -38,6 +38,11 @@
touch($sfile);
return (int)(file_get_contents($sfile) / 1024);
}
 
// 更新圖片大小快取
function updateImageTotalSize(){
return true;
}
}
 
$returnOBJECT = new FileIOWrapper(PMCCore_getConfig('LIB.FILEIO.PARAMETER')); // FileIO 物件
/PMC2Prototype/lib/lib_core.php
@@ -19,8 +19,12 @@
global $language;
if (!func_num_args()) return ''; // called with no arg
$arg_list = func_get_args();
$arg_list[0] = isset($language[$arg_list[0]]) ? $language[$arg_list[0]] : $arg_list[0];
return call_user_func_array('sprintf', $arg_list);
if(isset($language[$arg_list[0]])){
$arg_list[0] = $language[$arg_list[0]];
return call_user_func_array('sprintf', $arg_list);
}else{
return $arg_list[0];
}
}
 
/**
@@ -145,4 +149,63 @@
if(file_exists($load)){ require($load); return $returnOBJECT; }
else{ trigger_error(_T('core.cannot_find_library', $name), E_USER_ERROR); }
}
 
/**
* 以名單和 DNSBL 檢查
* @param string 欲檢查 IP Address
* @param string 欲檢查 Host Name
* @param string 被阻擋原因
*/
function PMCCore_BanIPHostDNSBLCheck($IP, $HOST, &$baninfo){
if(!PMCCore_getConfig('BAN_CHECK')) return false; // Disabled
 
// IP/Hostname Check
$HOST = strtolower($HOST);
$checkTwice = ($IP != $HOST); // 是否需檢查第二次
$IsBanned = false;
foreach(PMCCore_getConfig('BAN.PATTERN') as $pattern){
if(substr_count($pattern, '/')==2){ // RegExp
$pattern .= 'i';
}elseif(strpos($pattern, '*')!==false || strpos($pattern, '?')!==false){ // Wildcard
$pattern = '/^'.str_replace(array('.', '*', '?'), array('\.', '.*', '.?'), $pattern).'$/i';
}else{ // Full-text
if($IP==$pattern || ($checkTwice && $HOST==strtolower($pattern))){ $IsBanned = true; break; }
continue;
}
if(preg_match($pattern, $HOST) || ($checkTwice && preg_match($pattern, $IP))){ $IsBanned = true; break; }
}
if($IsBanned){ $baninfo = _T('ip_banned'); return true; }
 
// DNS-based Blackhole List(DNSBL) 黑名單
$DNSBLcount = PMCCore_getConfig('BAN.DNSBL.COUNT');
$DNSBLservers = PMCCore_getConfig('BAN.DNSBL.SERVER');
$DNSBLWHlist = PMCCore_getConfig('BAN.DNSBL.WHITELIST');
if(!$DNSBLcount) return false; // Skip check
if(array_search($IP, $DNSBLWHlist)!==false) return false; // IP位置在白名單內
$rev = implode('.', array_reverse(explode('.', $IP)));
$lastPoint = count($DNSBLservers) - 1; if($DNSBLcount < $lastPoint) $lastPoint = $DNSBLcount;
$isListed = false;
for($i = 1; $i <= $lastPoint; $i++){
$query = $rev.'.'.$DNSBLservers[$i].'.'; // FQDN
$result = gethostbyname($query);
if($result && ($result != $query)){ $isListed = $DNSBLservers[$i]; break; }
}
if($isListed){ $baninfo = _T('ip_dnsbl_banned', $isListed); return true; }
return false;
}
 
/**
* 將字串修整成適當格式
*/
function PMCCore_cleanString($str, $IsAdmin=false){
$str = trim($str);
if(get_magic_quotes_gpc()) $str = stripslashes($str);
// 非管理員或管理員自己取消HTML使用:HTML標籤禁用
if(!($IsAdmin && PMCCore_getConfig('CAP.ISHTML'))) $str = preg_replace('/&(#[0-9]+|[a-z]+);/i', "&$1;", htmlspecialchars($str));
else{ // 管理員開啟HTML
$str = str_replace('>', '&gt;', $str); // 先將每個 > 都轉碼
$str = preg_replace('/(<.*?)&gt;/', '$1>', $str); // 如果有<...&gt;則轉回<...>成為正常標籤
}
return $str;
}
?>
/PMC2Prototype/resource/xmlhttp.js
@@ -44,15 +44,37 @@
parseJSON : function(txt){
return (/^("(\\.|[^"\\\n\r])*?"|[,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t])+?$/.test(txt)) ? eval('(' + txt + ')') : null;
},
__show : function(tarName){
__show : function(){
var showDIVs = ','; // 顯示圖層
for(var p = 0; p < arguments.length; p++){ showDIVs += arguments[p] + ','; }
var Tdivs = document.getElementsByTagName('div');
for(var i = 0, TL = Tdivs.length; i < TL; i++){
var T = Tdivs[i];
if(T.id.substr(0, 7)=='Trender'){
T.style.display = (T.id==tarName) ? '' : 'none';
T.style.display = (showDIVs.indexOf(','+T.id+',')!=-1) ? '' : 'none';
}
}
},
PTE : function(){
},
PageNavi : function(pMax, pCurrent){
var TableTxt = '<ul>';
TableTxt += '<li>' + ((pCurrent==1) ? '第一頁' : '<a href="#page;'+(pCurrent-1)+'" onclick="Thistory.register(this)">上一頁</a>') + "</li>\n";
for(var i = 1; i <= pMax; i++){
TableTxt += '<li>[' + ((i==pCurrent) ? '<b>'+i+'</b>' : '<a href="#page;'+i+'" onclick="Thistory.register(this)">'+i+'</a>') + "]</li>\n";
}
TableTxt += '<li>' + ((pCurrent==pMax) ? '最後一頁' : '<a href="#page;'+(pCurrent+1)+'" onclick="Thistory.register(this)">下一頁</a>') + '</li></ul>';
$('TrenderPageNavi').innerHTML = TableTxt;
},
// 成像瀏覽頁面
show : function(txt){
var result = Trender.parseJSON(txt);
if(result.status!="OK"){ alert(result.status); return; }
$('TrenderShow').innerHTML = txt;
Trender.PageNavi(result.pageMax, result.pageCurrent);
Trender.__show('TrenderShow', 'TrenderPageNavi');
},
// 成像 [系統資訊] 頁面
status : function(txt){
var result = Trender.parseJSON(txt);
@@ -68,7 +90,9 @@
flag : {}, // 執行旗標
self : '', // PHP URL
main : function(hash){
switch(hash){
//var hash_ori = hash;
hash = hash.split(';');
switch(hash[0]){
case 'search':
Trender.__show('TrenderSearch');
break;
@@ -80,8 +104,11 @@
Trender.__show('TrenderStatus');
}
break;
case 'p':
case 'page':
case '':
Trender.__show('TrenderShow');
if(typeof hash[1]=='undefined' || hash[1]==''){ hash[1] = 1; }
Txmlhttp.get(Taction.self+'/show_ajax/'+hash[1], Trender.show);
break;
default:
alert(hash);
@@ -121,9 +148,9 @@
},
// IE 產生頁面歷史更動
register : function(nhash){
if(typeof nhash=='undefined'){ nhash = this; }
var hash = nhash.href.replace(/^.*#/, ''), iframe, i2;
if(window.ActiveXObject){ // IE
if(typeof nhash=='undefined'){ nhash = this; }
var hash = nhash.href.replace(/^.*#/, ''), iframe, i2;
iframe = document.getElementById('pIEHistory');
i2 = iframe.contentWindow.document || iframe.contentDocument;
i2.open(); i2.close();
@@ -147,4 +174,9 @@
 
function finish(){
alert('OK');
}
 
function failed(txt){
alert(txt);
$('postform_main').sendbtn.disabled = false;
}
/PMC2Prototype/resource/mainstyle.css
@@ -38,6 +38,9 @@
.bar_admin { background: #E08000; color: #FFF; font-weight: bold; text-align: center; } /* 管理模式樣式標題列 */
.ListRow1_bg { background: #D6D6F6; } /* 管理模式欄位背景顏色1(輪替出現) */
.ListRow2_bg { background: #F6F6F6; } /* 管理模式欄位背景顏色2(輪替出現) */
 
#TrenderPageNavi ul { clear: both; }
#TrenderPageNavi ul li { display: inline; }
}
 
@media screen{ /* 標準顯示(一般顯示器)模式附加規則 */
/PMC2Prototype/resource/pixmicat_ajax.tmpl
@@ -116,6 +116,18 @@
<hr />
</div>
 
<div id="TrenderPageNavi">
<ul>
<li>第一頁</li>
<li>[<b>1</b>]</li>
<li>[<a href="#page;2" rel="ajaxlink">2</a>]</li>
<li>[<a href="#page;3" rel="ajaxlink">3</a>]</li>
<li>[<a href="#page;4" rel="ajaxlink">4</a>]</li>
<li>[<a href="#page;5" rel="ajaxlink">5</a>]</li>
<li>下一頁</li>
</ul>
</div>
 
<div id="footer">
<!-- Pixmicat! -->
<small>- <a href="http://pixmicat.openfoundry.org/" rel="_blank">Pixmicat!</a> -</small>
/PMC2Prototype/action/show_ajax.php
@@ -7,10 +7,14 @@
* @date $Date$
*/
 
function show_ajax($args){
echo 'Hello, this is action controller "show_ajax"';
if($args) var_dump($args);
global $config;
print_r($config);
function show_ajax($page){
$baseFolder = PMCCore_getConfig('ENV.FOLDER.BOARD');
if(!$page){ echo '{"status":"Error"}'; return; }
else{ $page = intval($page); } // Only Page Number
 
if(file_exists($baseFolder.'/'.$page.'.json')){
header('Content-type: application/json; charset=utf-8');
readfile($baseFolder.'/'.$page.'.json');
}else{ echo '{"status":"Cannot find the cache file"}'; }
}
?>
/PMC2Prototype/action/posts_ajax.php
@@ -7,17 +7,24 @@
* @date $Date$
*/
 
// 回傳錯誤訊息 JSON
function error($errtext){
echo '{"status":"'.$errtext.'"}';
// 回傳錯誤訊息
function error($errtext, $tempfile=''){
if($tempfile){ unlink($tempfile); }
header('Content-type: text/html; charset=utf-8');
echo '<script type="text/javascript">parent.failed("'.$errtext.'");</script>';
}
 
// 更新頁面快取
function updateCache(){
 
}
 
function posts_ajax($args){
if($_SERVER['REQUEST_METHOD']=='POST'){ // POST Send
$name = isset($_POST[PMCCore_getConfig('FIELDTRAP.NAME')]) ? $_POST[PMCCore_getConfig('FIELDTRAP.NAME')] : '';
$email = isset($_POST[FT_EMAIL]) ? $_POST[FT_EMAIL] : '';
$sub = isset($_POST[FT_SUBJECT]) ? $_POST[FT_SUBJECT] : '';
$com = isset($_POST[FT_COMMENT]) ? $_POST[FT_COMMENT] : '';
$email = isset($_POST[PMCCore_getConfig('FIELDTRAP.EMAIL')]) ? $_POST[PMCCore_getConfig('FIELDTRAP.EMAIL')] : '';
$sub = isset($_POST[PMCCore_getConfig('FIELDTRAP.SUBJECT')]) ? $_POST[PMCCore_getConfig('FIELDTRAP.SUBJECT')] : '';
$com = isset($_POST[PMCCore_getConfig('FIELDTRAP.COMMENT')]) ? $_POST[PMCCore_getConfig('FIELDTRAP.COMMENT')] : '';
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : '';
$category = isset($_POST['category']) ? $_POST['category'] : '';
$resto = isset($_POST['resto']) ? $_POST['resto'] : 0;
@@ -27,46 +34,44 @@
$upfile_status = isset($_FILES['upfile']['error']) ? $_FILES['upfile']['error'] : 4;
$pwdc = isset($_COOKIE['pwdc']) ? $_COOKIE['pwdc'] : '';
 
$PIO = PMCCore_loadLibrary('pio');
 
// 欄位陷阱
$FTname = isset($_POST['name']) ? $_POST['name'] : '';
$FTemail = isset($_POST['email']) ? $_POST['email'] : '';
$FTsub = isset($_POST['sub']) ? $_POST['sub'] : '';
$FTcom = isset($_POST['com']) ? $_POST['com'] : '';
$FTreply = isset($_POST['reply']) ? $_POST['reply'] : '';
if($FTname != 'spammer' || $FTemail != '[email protected]' || $FTsub != 'DO NOT FIX THIS' || $FTcom != 'EID OG SMAPS' || $FTreply != '') error(_T('regist_nospam'));
if($FTname != 'spammer' || $FTemail != '[email protected]' || $FTsub != 'DO NOT FIX THIS' || $FTcom != 'EID OG SMAPS' || $FTreply != ''){ error(_T('regist_nospam')); return; }
 
// 封鎖:IP/Hostname/DNSBL 檢查機能
$ip = $_SERVER["REMOTE_ADDR"]; $host = gethostbyaddr($ip); $baninfo = '';
if(BanIPHostDNSBLCheck($ip, $host, $baninfo)) error(_T('regist_ipfiltered',$baninfo));
if(PMCCore_BanIPHostDNSBLCheck($ip, $host, $baninfo)){ error(_T('regist_ipfiltered', $baninfo)); return; }
// 封鎖:限制出現之文字
foreach($BAD_STRING as $value){
foreach(PMCCore_getConfig('BAN.BAD_STRING') as $value){
if(strpos($com, $value)!==false || strpos($sub, $value)!==false || strpos($name, $value)!==false || strpos($email, $value)!==false){
error(_T('regist_wordfiltered'));
error(_T('regist_wordfiltered')); return;
}
}
 
// 時間
$time = time();
$tim = $time.substr(microtime(),2,3);
$tim = $time.substr(microtime(), 2, 3);
 
// 判斷上傳狀態
switch($upfile_status){
case 1:
error(_T('regist_upload_exceedphp'));
error(_T('regist_upload_exceedphp')); return;
break;
case 2:
error(_T('regist_upload_exceedcustom'));
error(_T('regist_upload_exceedcustom')); return;
break;
case 3:
error(_T('regist_upload_incompelete'));
error(_T('regist_upload_incompelete')); return;
break;
case 6:
error(_T('regist_upload_direrror'));
error(_T('regist_upload_direrror')); return;
break;
case 4: // 無上傳
if(!$resto && !isset($_POST['noimg'])) error(_T('regist_upload_noimg'));
if(!$resto && !isset($_POST['noimg'])){ error(_T('regist_upload_noimg')); return; }
break;
case 0: // 上傳正常
default:
@@ -75,17 +80,15 @@
// 如果有上傳檔案則處理附加圖檔
if($upfile && is_file($upfile)){
// 一‧先儲存檔案
$dest = $path.$tim.'.tmp';
@move_uploaded_file($upfile, $dest);
@chmod($dest, 0666);
if(!is_file($dest)) error(_T('regist_upload_filenotfound'), $dest);
$dest = PMCCore_getConfig('ENV.FOLDER.TEMP').$tim.'.tmp';
@move_uploaded_file($upfile, $dest); @chmod($dest, 0666);
if(!is_file($dest)){ error(_T('regist_upload_filenotfound'), $dest); return; }
 
// 二‧判斷上傳附加圖檔途中是否有中斷
$upsizeTTL = $_SERVER['CONTENT_LENGTH'];
$upsizeHDR = 0;
$upsizeTTL = $_SERVER['CONTENT_LENGTH']; $upsizeHDR = 0;
// 檔案路徑:IE附完整路徑,故得從隱藏表單取得
$tmp_upfile_path = $upfile_name;
if($upfile_path) $tmp_upfile_path = get_magic_quotes_gpc() ? stripslashes($upfile_path) : $upfile_path;
if($upfile_path){ $tmp_upfile_path = get_magic_quotes_gpc() ? stripslashes($upfile_path) : $upfile_path; }
list(,$boundary) = explode('=', $_SERVER['CONTENT_TYPE']);
foreach($_POST as $header => $value){ // 表單欄位傳送資料
$upsizeHDR += strlen('--'.$boundary."\r\n");
@@ -97,141 +100,127 @@
$upsizeHDR += strlen("\r\n--".$boundary."--\r\n");
$upsizeHDR += $_FILES['upfile']['size']; // 傳送附加圖檔資料量
// 上傳位元組差值超過 HTTP_UPLOAD_DIFF:上傳附加圖檔不完全
if(($upsizeTTL - $upsizeHDR) > HTTP_UPLOAD_DIFF){
if(KILL_INCOMPLETE_UPLOAD){
unlink($dest);
die(_T('regist_upload_killincomp')); // 給瀏覽器的提示,假如使用者還看的到的話才不會納悶
}else $up_incomplete = 1;
if(($upsizeTTL - $upsizeHDR) > PMCCore_getConfig('HTTP_UPLOAD_DIFF')){
if(PMCCore_getConfig('KILL_INCOMPLETE_UPLOAD')){
unlink($dest); error(_T('regist_upload_killincomp')); return;
}else{ $up_incomplete = 1; }
}
 
// 三‧檢查是否為可接受的檔案
$size = @getimagesize($dest);
if(!is_array($size)) error(_T('regist_upload_notimage'), $dest); // $size不為陣列就不是圖檔
$imgsize = @filesize($dest); // 檔案大小
$imgsize = ($imgsize>=1024) ? (int)($imgsize/1024).' KB' : $imgsize.' B'; // KB和B的判別
if(!is_array($size)){ error(_T('regist_upload_notimage'), $dest); return; } // $size不為陣列就不是圖檔
$imgsize = @filesize($dest);
$imgsize = ($imgsize>=1024) ? (int)($imgsize/1024).' KB' : $imgsize.' B';
switch($size[2]){ // 判斷上傳附加圖檔之格式
case 1 : $ext = ".gif"; break;
case 2 : $ext = ".jpg"; break;
case 3 : $ext = ".png"; break;
case 4 : $ext = ".swf"; break;
case 5 : $ext = ".psd"; break;
case 6 : $ext = ".bmp"; break;
case 13 : $ext = ".swf"; break;
default : $ext = ".xxx"; error(_T('regist_upload_notsupport'), $dest);
case 1 : $ext = '.gif'; break;
case 2 : $ext = '.jpg'; break;
case 3 : $ext = '.png'; break;
case 4 : $ext = '.swf'; break;
case 5 : $ext = '.psd'; break;
case 6 : $ext = '.bmp'; break;
case 13 : $ext = '.swf'; break;
default : error(_T('regist_upload_notsupport'), $dest); return;
}
$allow_exts = explode('|', strtolower(ALLOW_UPLOAD_EXT)); // 接受之附加圖檔副檔名
if(array_search(substr($ext, 1), $allow_exts)===false) error(_T('regist_upload_notsupport'), $dest); // 並無在接受副檔名之列
$allow_exts = explode('|', strtolower(PMCCore_getConfig('ALLOW_UPLOAD_EXT')));
if(array_search(substr($ext, 1), $allow_exts)===false){ error(_T('regist_upload_notsupport'), $dest); return; } // 並無在接受副檔名之列
// 封鎖設定:限制上傳附加圖檔之MD5檢查碼
$md5chksum = md5_file($dest); // 檔案MD5
if(array_search($md5chksum, $BAD_FILEMD5)!==FALSE) error(_T('regist_upload_blocked'), $dest); // 在封鎖設定內則阻擋
$md5chksum = md5_file($dest);
if(array_search($md5chksum, PMCCore_getConfig('BAN.BAD_FILEMD5'))!==FALSE){ error(_T('regist_upload_blocked'), $dest); return; } // 在封鎖設定內則阻擋
 
// 四‧計算附加圖檔圖檔縮圖顯示尺寸
$W = $imgW = $size[0];
$H = $imgH = $size[1];
$MAXW = $resto ? MAX_RW : MAX_W;
$MAXH = $resto ? MAX_RH : MAX_H;
$MAXW = $resto ? PMCCore_getConfig('THUMB.REPLY.MAX_W') : PMCCore_getConfig('THUMB.POST.MAX_W');
$MAXH = $resto ? PMCCore_getConfig('THUMB.REPLY.MAX_H') : PMCCore_getConfig('THUMB.POST.MAX_H');
if($W > $MAXW || $H > $MAXH){
$W2 = $MAXW / $W;
$H2 = $MAXH / $H;
$key = ($W2 < $H2) ? $W2 : $H2;
$W = ceil($W * $key);
$H = ceil($H * $key);
$W2 = $MAXW / $W; $H2 = $MAXH / $H;
$scale = ($W2 < $H2) ? $W2 : $H2;
$W = ceil($W * $scale); $H = ceil($H * $scale);
}
$mes = _T('regist_uploaded',CleanStr($upfile_name));
}
 
// 檢查是否輸入櫻花日文假名
$chkanti = array($name, $email, $sub, $com);
foreach($chkanti as $anti) if(anti_sakura($anti)) error(_T('regist_sakuradetected'), $dest);
 
foreach(array($name, $email, $sub, $com) as $anti){
if(preg_match('/[\x{E000}-\x{F848}]/u', $anti)){ error(_T('regist_sakuradetected'), $dest); return; }
}
// 檢查表單欄位內容並修整
if(!$name || ereg("^[ | |]*$", $name)){
if(ALLOW_NONAME) $name = DEFAULT_NONAME;
else error(_T('regist_withoutname'), $dest);
if(!$name || preg_match('/^[\s ]*$/', $name)){
if(PMCCore_getConfig('ALLOW_NONAME')){ $name = PMCCore_getConfig('DEFAULT.NONAME'); }
else{ error(_T('regist_withoutname'), $dest); return; }
}
if(!$com && $upfile_status==4) error(_T('regist_withoutcomment'));
if(!$com || ereg("^[ | |\t]*$", $com)) $com = DEFAULT_NOCOMMENT;
if(!$sub || ereg("^[ | |]*$", $sub)) $sub = DEFAULT_NOTITLE;
if(strlen($name) > 100) error(_T('regist_nametoolong'), $dest);
if(strlen($email) > 100) error(_T('regist_emailtoolong'), $dest);
if(strlen($sub) > 100) error(_T('regist_topictoolong'), $dest);
if(strlen($resto) > 10) error(_T('regist_longthreadnum'), $dest);
if(!$com && $upfile_status==4){ error(_T('regist_withoutcomment')); return; }
if(!$com || preg_match('/^[\s ]*$/', $com)){ $com = PMCCore_getConfig('DEFAULT.NOCOMMENT'); }
if(!$sub || preg_match('/^[\s ]*$/', $sub)){ $sub = PMCCore_getConfig('DEFAULT.NOTITLE'); }
if(strlen($name) > 100){ error(_T('regist_nametoolong'), $dest); return; }
if(strlen($email) > 100){ error(_T('regist_emailtoolong'), $dest); return; }
if(strlen($sub) > 100){ error(_T('regist_topictoolong'), $dest); return; }
if(strlen($resto) > 10){ error(_T('regist_longthreadnum'), $dest); return; }
 
$email = CleanStr($email); $email = str_replace("\r\n", '', $email);
$sub = CleanStr($sub); $sub = str_replace("\r\n", '', $sub);
$resto = CleanStr($resto); $resto = str_replace("\r\n", '', $resto);
$email = PMCCore_cleanString($email); $email = str_replace("\r\n", '', $email);
$sub = PMCCore_cleanString($sub); $sub = str_replace("\r\n", '', $sub);
$resto = PMCCore_cleanString($resto); $resto = str_replace("\r\n", '', $resto);
// 名稱修整
$name = CleanStr($name);
$name = PMCCore_cleanString($name);
$name = str_replace(_T('admin'), '"'._T('admin').'"', $name);
$name = str_replace(_T('deletor'), '"'._T('deletor').'"', $name);
$name = str_replace(_T('trip_pre'),_T('trip_pre_fake'), $name); // 防止トリップ偽造
$name = str_replace(_T('cap_char'),_T('cap_char_fake'), $name); // 防止管理員キャップ偽造
$name = str_replace("\r\n", '', $name);
$is_tripped = false; // 名稱一欄是否經過Trip
if(ereg("(#|#)(.*)", $name, $regs)){ // 使用トリップ(Trip)機能 (ex:無名#abcd)
$cap = $regs[2];
$cap = strtr($cap, array("&amp;"=>"&","&#44;"=>","));
$name = ereg_replace("(#|#)(.*)",'', $name);
$salt = substr($cap.'H.',1,2);
$salt = ereg_replace("[^\.-z]",'.',$salt);
$salt = strtr($salt,":;<=>[email protected][\\]^_`","ABCDEFGabcdef");
$name = $name._T('trip_pre').substr(crypt($cap,$salt),-10);
$is_tripped = true; // 有Trip過。如果進入下面的Cap則要先去掉Trip留下主名稱
$nameOri = $name; // 名稱
if(preg_match('/(.*?)[##](.*)/u', $name, $regs)){ // トリップ(Trip)機能
$name = $nameOri = $regs[1]; $cap = strtr($regs[2], array('&amp;'=>'&'));
$salt = preg_replace('/[^\.-z]/', '.', substr($cap.'H.', 1, 2));
$salt = strtr($salt, ':;<=>[email protected][\\]^_`', 'ABCDEFGabcdef');
$name = $name._T('trip_pre').substr(crypt($cap, $salt), -10);
}
if(ereg("(.*)(#|#)(.*)",$email,$aregs) && CAP_ENABLE){ // 使用管理員キャップ(Cap)機能
$acap_name = $is_tripped ? preg_replace('/\\'._T('trip_pre').'.{10}/', '', $name) : $name; // 識別名稱 (如果有Trip則要先拿掉)
$acap_pwd = $aregs[3];
$acap_pwd = strtr($acap_pwd, array("&amp;"=>"&","&#44;"=>","));
if($acap_name==CAP_NAME && $acap_pwd==CAP_PASS){
$name = '<span class="admin_cap">'.$name.CAP_SUFFIX.'</span>';
$is_admin = true; // 判定為管理員
if(stristr($aregs[1], 'sage')) $email = $aregs[1]; // 保留sage機能
else $email = ''; // 清空E-mail一欄
$is_admin = false; // 是否為管理員
if(PMCCore_getConfig('CAP.ENABLE') && preg_match('/(.*?)[##](.*)/', $email, $aregs)){ // 管理員キャップ(Cap)機能
$acap_name = $nameOri; $acap_pwd = strtr($aregs[2], array('&amp;'=>'&'));
if($acap_name==PMCCore_getConfig('CAP.NAME') && $acap_pwd==PMCCore_getConfig('CAP.PASSWORD')){
$name = '<span class="admin_cap">'.$name.PMCCore_getConfig('CAP.SUFFIX').'</span>';
$is_admin = true;
$email = $aregs[1]; // 去除 #xx 密碼
}
}
// 內文修整
if((strlen($com) > COMM_MAX) && !$is_admin) error(_T('regist_commenttoolong'), $dest);
$com = CleanStr($com, $is_admin); // 引入$is_admin參數是因為當管理員キャップ啟動時,允許管理員依config設定是否使用HTML
$com = str_replace("\r\n","\n", $com);
$com = str_replace("\r","\n", $com);
$com = ereg_replace("\n(( | )*\n){3,}", "\n", $com);
if(!BR_CHECK || substr_count($com,"\n") < BR_CHECK) $com = nl2br($com); // 換行字元用<br />代替
$com = str_replace("\n",'', $com); // 若還有\n換行字元則取消換行
if($category){ // 修整標籤樣式
$category = explode(',', $category); // 把標籤拆成陣列
$category = ','.implode(',', array_map('trim', $category)).','; // 去空白再合併為單一字串 (左右含,便可以直接以,XX,形式搜尋)
}
if($up_incomplete) $com .= '<br /><br /><span class="warn_txt">'._T('notice_incompletefile').'</span>'; // 上傳附加圖檔不完全的提示
if((strlen($com) > PMCCore_getConfig('COMM_MAX')) && !$is_admin){ error(_T('regist_commenttoolong'), $dest); return; }
$com = PMCCore_cleanString($com, $is_admin); // 引入$is_admin參數是因為當管理員キャップ啟動時,允許管理員依config設定是否使用HTML
$com = str_replace("\r\n", "\n", $com); $com = str_replace("\r", "\n", $com);
if(!PMCCore_getConfig('BR_CHECK') || substr_count($com, "\n") < PMCCore_getConfig('BR_CHECK')) $com = nl2br($com); // 換行字元用<br />代替
$com = str_replace("\n", '', $com); // 若還有\n換行字元則取消換行
if($category){ $category = ','.implode(',', array_map('trim', explode(',', $category))).','; } // 去空白再合併為單一字串 (左右含,便可以直接以,XX,形式搜尋)
if($up_incomplete){ $com .= '<br /><br /><span class="warn_txt">'._T('notice_incompletefile').'</span>'; } // 上傳附加圖檔不完全的提示
 
// 密碼和時間的樣式
if($pwd=='') $pwd = ($pwdc=='') ? substr(rand(),0,8) : $pwdc;
if($pwd=='') $pwd = ($pwdc=='') ? substr(rand(), 0, 8) : $pwdc;
$pass = $pwd ? substr(md5($pwd), 2, 8) : '*'; // 生成真正儲存判斷用的密碼
$youbi = array(_T('sun'),_T('mon'),_T('tue'),_T('wed'),_T('thu'),_T('fru'),_T('sat'));
$yd = $youbi[gmdate('w', $time+TIME_ZONE*60*60)];
$now = gmdate('y/m/d', $time+TIME_ZONE*60*60).'('.(string)$yd.')'.gmdate('H:i', $time+TIME_ZONE*60*60);
if(DISP_ID){ // 顯示ID
if($email && DISP_ID==1) $now .= ' ID:???';
else $now .= ' ID:'.substr(crypt(md5($_SERVER['REMOTE_ADDR'].IDSEED.gmdate('Ymd', $time+TIME_ZONE*60*60)),'id'), -8);
$youbi = array(_T('sun'), _T('mon'), _T('tue'), _T('wed'), _T('thu'), _T('fru'), _T('sat'));
$thisTime = $time + PMCCore_getConfig('TIME_ZONE') * 3600; // 現時時間
$yd = $youbi[gmdate('w', $thisTime)];
$now = gmdate('y/m/d', $thisTime).'('.$yd.')'.gmdate('H:i', $thisTime);
if(PMCCore_getConfig('DISP_ID')){ // 顯示ID
if($email && PMCCore_getConfig('DISP_ID')==1) $now .= ' ID:???';
else $now .= ' ID:'.substr(crypt(md5($_SERVER['REMOTE_ADDR'].PMCCore_getConfig('IDSEED').gmdate('Ymd', $thisTime)), 'id'), -8);
}
 
// 連續投稿 / 相同附加圖檔檢查
$checkcount = 50; // 預設檢查50筆資料
$pwdc = substr(md5($pwdc), 2, 8); // Cookies密碼
if($PIO->isSuccessivePost($checkcount, $com, $time, $pass, $pwdc, $host, $upfile_name)) error(_T('regist_successivepost'), $dest); // 連續投稿檢查
if($dest){ if($PIO->isDuplicateAttechment($checkcount, $md5chksum)) error(_T('regist_duplicatefile'), $dest); } // 相同附加圖檔檢查
 
if($resto) $ThreadExistsBefore = $PIO->isThread($resto);
// 記錄檔行數已達上限:刪除過舊檔
if($PIO->postCount() >= LOG_MAX){
$PIO = PMCCore_loadLibrary('pio'); // PIO Class
$FileIO = PMCCore_loadLibrary('fileio'); // FileIO Class
if($PIO->isSuccessivePost($checkcount, $com, $time, $pass, $pwdc, $host, $upfile_name)){ error(_T('regist_successivepost'), $dest); return; } // 連續投稿檢查
if($dest){ if($PIO->isDuplicateAttechment($checkcount, $md5chksum)){ error(_T('regist_duplicatefile'), $dest); return; } } // 相同附加圖檔檢查
if($PIO->postCount() >= PMCCore_getConfig('LOG_MAX')){ // 記錄檔行數已達上限:刪除過舊檔
$files = $PIO->delOldPostes();
if(count($files)) $FileIO->deleteImage($files);
}
if($resto) $ThreadExistsBefore = $PIO->isThread($resto);
 
// 附加圖檔容量限制功能啟動:刪除過大檔
if(STORAGE_LIMIT){
$tmp_total_size = total_size(); // 取得目前附加圖檔使用量
if($tmp_total_size >= STORAGE_MAX){
$files = $PIO->delOldAttachments($tmp_total_size, STORAGE_MAX, false);
if(PMCCore_getConfig('STORAGE.LIMIT')){
$total_size = $FileIO->getImageTotalSize(); // 取得目前附加圖檔使用量
if($total_size >= PMCCore_getConfig('STORAGE.MAX')){
$files = $PIO->delOldAttachments($total_size, PMCCore_getConfig('STORAGE.MAX'), false);
$FileIO->deleteImage($files);
}
}
@@ -242,15 +231,15 @@
if(!$PIO->isThread($resto)){ // 被回應的討論串存在但已被刪
// 提前更新資料來源,此筆新增亦不紀錄
$PIO->dbCommit();
updatelog();
error(_T('regist_threaddeleted'), $dest);
updateCache();
error(_T('regist_threaddeleted'), $dest); return;
}else{ // 檢查是否討論串被設為禁止回應 (順便取出原討論串的貼文時間)
$post = $PIO->fetchPosts($resto); // [特殊] 取單篇文章內容,但是回傳的$post同樣靠[$i]切換文章!
list($chkstatus, $chktime) = array($post[0]['status'], $post[0]['tim']);
$chktime = substr($chktime, 0, -3); // 拿掉微秒 (後面三個字元)
if($PIO->getPostStatus($chkstatus, 'TS')) error(_T('regist_threadlocked'), $dest);
if($PIO->getPostStatus($chkstatus, 'TS')){ error(_T('regist_threadlocked'), $dest); return; }
}
}else error(_T('thread_not_found'), $dest); // 不存在
}else{ error(_T('thread_not_found'), $dest); return; } // 不存在
}
 
// 計算某些欄位值
@@ -262,11 +251,12 @@
isset($W) ? 0 : $W = 0;
isset($H) ? 0 : $H = 0;
isset($md5chksum) ? 0 : $md5chksum = '';
USE_CATEGORY ? 0 : $category = '';
isset($category) ? 0 : $category = '';
$age = false;
if($resto){
if(!stristr($email, 'sage') && ($PIO->postCount($resto) <= MAX_RES || MAX_RES==0)){
if(!MAX_AGE_TIME || (($time - $chktime) < (MAX_AGE_TIME * 60 * 60))) $age = true; // 討論串並無過期,推文
$maxRes = PMCCore_getConfig('MAX_RES'); $maxAgeTime = PMCCore_getConfig('MAX_AGE_TIME');
if(!stristr($email, 'sage') && ($PIO->postCount($resto) <= $maxRes || $maxRes==0)){
if(!$maxRes || (($time - $chktime) < ($maxRes * 3600))) $age = true; // 討論串並無過期,推文
}
}
 
@@ -275,23 +265,20 @@
$PIO->dbCommit();
 
// Cookies儲存:密碼與E-mail部分,期限是一週
setcookie('pwdc', $pwd, time()+7*24*3600);
setcookie('emailc', $email, time()+7*24*3600);
setcookie('pwdc', $pwd, time() + 7 * 86400);
setcookie('emailc', $email, time() + 7 * 86400);
 
$imgDir = PMCCore_getConfig('ENV.FOLDER.IMG'); $thumbDir = PMCCore_getConfig('ENV.FOLDER.THUMB');
if($dest && is_file($dest)){
rename($dest, $path.IMG_DIR.$tim.$ext);
if(USE_THUMB) thumb($path.IMG_DIR, $tim, $ext, $imgW, $imgH, $W, $H); // 使用GD製作縮圖
rename($dest, $imgDir.$tim.$ext);
thumb($imgDir, $tim, $ext, $imgW, $imgH, $W, $H); // 使用GD製作縮圖
if($FileIO->uploadImage()){ // 支援上傳圖片至其他伺服器
if(file_exists($imgDir.$tim.$ext)) $FileIO->uploadImage($tim.$ext, $imgDir.$tim.$ext, filesize($imgDir.$tim.$ext));
if(file_exists($thumbDir.$tim.'s.jpg')) $FileIO->uploadImage($tim.'s.jpg', $thumbDir.$tim.'s.jpg', filesize($thumbDir.$tim.'s.jpg'));
}
$FileIO->updateImageTotalSize(); // 更新舊容量快取
}
 
if($FileIO->uploadImage()){ // 支援上傳圖片至其他伺服器
if(file_exists($path.IMG_DIR.$tim.$ext)) $FileIO->uploadImage($tim.$ext, $path.IMG_DIR.$tim.$ext, filesize($path.IMG_DIR.$tim.$ext));
if(file_exists($path.THUMB_DIR.$tim.'s.jpg')) $FileIO->uploadImage($tim.'s.jpg', $path.THUMB_DIR.$tim.'s.jpg', filesize($path.THUMB_DIR.$tim.'s.jpg'));
}
 
// 刪除舊容量快取
total_size(true);
updatelog();
 
updateCache();
echo '<script type="text/javascript">parent.finish();</script>';
}else{
echo 'Hello, this is action controller "posts"';