spacecp_index.php
11.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
<?php
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: spacecp_index.php 26205 2011-12-05 10:09:32Z zhangguosheng $
*/
if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
$op = in_array($_GET['op'], array('start', 'layout', 'block', 'style', 'diy', 'image', 'getblock', 'edit', 'setmusic', 'getspaceinfo', 'savespaceinfo', 'editnv', 'getpersonalnv')) ? $_GET['op'] : 'start';
require_once libfile('function/space');
require_once libfile('function/portalcp');
if ($op == 'start') {
} elseif ($op == 'layout') {
$layoutarr = getlayout();
} elseif ($op == 'style') {
$themes = gettheme('space');
} elseif ($op == 'block') {
$block = getblockdata();
} elseif ($op == 'diy' || $op == 'image') {
$albumid = empty($_GET['albumid'])?0:intval($_GET['albumid']);
$page = empty($_GET['page'])?1:intval($_GET['page']);
if($page<1) $page=1;
$perpage = 6;
$perpage = mob_perpage($perpage);
$start = ($page-1)*$perpage;
ckstart($start, $perpage);
$albumlist = array();
$query = C::t('home_album')->fetch_all_by_uid($space['uid'], 'updatetime');
foreach($query as $value) {
if (!isset($_GET['albumid']) && empty($albumid)) $albumid = $value['albumid'];
$albumlist[$value['albumid']] = $value;
}
$count = C::t('home_pic')->check_albumpic(0, NULL, $space['uid']);
$albumlist[0] = array(
'uid' => $space['uid'],
'albumid' => 0,
'albumname' => lang('space', 'default_albumname'),
'picnum' => $count
);
if ($albumid > 0) {
if (!isset($albumlist[$albumid])) {
showmessage('to_view_the_photo_does_not_exist');
}
$count = $albumlist[$albumid]['picnum'];
} else {
$wheresql = "albumid='0' AND uid='$space[uid]'";
}
$list = array();
if($count) {
$query = C::t('home_pic')->fetch_all_by_albumid($albumid, $start, $perpage, 0, 0, 1, ($albumid > 0 ? 0 : $space['uid']));
foreach($query as $value) {
$value['pic'] = pic_get($value['filepath'], 'album', $value['thumb'], $value['remote']);
$list[] = $value;
}
}
$_GET['ajaxtarget'] = empty($_GET['ajaxtarget']) ? 'diyimages' : $_GET['ajaxtarget'];
$multi = multi($count, $perpage, $page, "home.php?mod=spacecp&ac=index&op=image&albumid=$albumid");
} elseif ($op == 'getblock') {
$blockname = getstr($_GET['blockname'],15);
$blockhtml = '';
if(check_ban_block($name, $space)) {
space_merge($space,'field_home');
$data = getuserdiydata($space);
$blockhtml = getblockhtml($blockname, $data['parameters'][$blockname]);
}
} elseif ($op == 'edit') {
$blockname = getstr($_GET['blockname'],15);
$blockdata = lang('space','blockdata');
if (!empty($blockdata[$blockname]) && check_ban_block($blockname, $space)) {
space_merge($space,'field_home');
$userdiy = getuserdiydata($space);
$para = $userdiy['parameters'][$blockname];
$para['title'] = !isset($para['title']) ? $blockdata[$blockname] : $para['title'];
} else {
showmessage('the_block_is_not_available');
}
} elseif ($op == 'editnv') {
space_merge($space,'field_home');
$blockposition = dunserialize($space['blockposition']);
$personalnv = !empty($blockposition) && isset($blockposition['nv']) ? $blockposition['nv'] : '';
} elseif ($op == 'savespaceinfo') {
space_merge($space,'field_home');
if (submitcheck('savespaceinfosubmit')) {
$spacename = getstr($_POST['spacename'], 30);
$spacedescription = getstr($_POST['spacedescription'], 135);
$setarr = array();
$setarr['spacename'] = $spacename;
$setarr['spacedescription'] = $spacedescription;
C::t('common_member_field_home')->update($_G['uid'], $setarr);
$space['spacename'] = $spacename;
$space['spacedescription'] = $spacedescription;
}
} elseif ($op == 'getspaceinfo') {
space_merge($space,'field_home');
} elseif ($op == 'getpersonalnv') {
space_merge($space,'field_home');
getuserdiydata($space);
$personalnv = isset($_G['blockposition']['nv']) ? $_G['blockposition']['nv'] : '';
if($personalnv && !empty($_GET['show'])) {
$personalnv['nvhidden'] = 0;
}
}
if (submitcheck('blocksubmit')) {
$blockname = getstr($_GET['blockname'],15);
if(check_ban_block($blockname, $space)) {
space_merge($space,'field_home');
$blockdata = dunserialize($space['blockposition']);
$title = getstr($_POST['blocktitle'],50);
$blockdata['parameters'][$blockname]['title'] = $title;
if (in_array($blockname, array('block1', 'block2', 'block3', 'block4', 'block5'))) {
$content = censor(getstr($_POST['content'],1000,0,0,0,1));
$blockdata['parameters'][$blockname]['content'] = $content;
} elseif($blockname == 'profile') {
$blockdata['parameters'][$blockname]['banavatar'] = in_array($_GET['avatar'], array('big', 'middle', 'small')) ? $_GET['avatar'] : 'middle';
} elseif($blockname == 'statistic') {
$blockdata['parameters'][$blockname]['bancredits'] = $_GET['credits'] ? 0 : 1;
$blockdata['parameters'][$blockname]['banfriends'] = $_GET['friends'] ? 0 : 1;
$blockdata['parameters'][$blockname]['banthreads'] = $_GET['threads'] ? 0 : 1;
$blockdata['parameters'][$blockname]['banblogs'] = $_GET['blogs'] ? 0 : 1;
$blockdata['parameters'][$blockname]['banalbums'] = $_GET['albums'] ? 0 : 1;
$blockdata['parameters'][$blockname]['bansharings'] = $_GET['sharings'] ? 0 : 1;
$blockdata['parameters'][$blockname]['banviews'] = $_GET['views'] ? 0 : 1;
} elseif(in_array($blockname, array('personalinfo'))) {
} else {
$shownum = max(1,intval($_POST['shownum']));
if ($shownum <= 20) {
$blockdata['parameters'][$blockname]['shownum'] = $shownum;
}
}
if($blockname == 'blog') {
$blockdata['parameters'][$blockname]['showmessage'] = min(100000, abs(intval($_GET['showmessage'])));
} elseif($blockname == 'myapp') {
$blockdata['parameters'][$blockname]['logotype'] = in_array($_GET['logotype'], array('logo', 'icon')) ? $_GET['logotype'] : 'logo';
}
$setarr = array();
$setarr['blockposition'] = serialize($blockdata);
C::t('common_member_field_home')->update($space['uid'], $setarr);
showmessage('do_success', 'portal.php?mod=spacecp&ac=index&op=getblock&blockname='.$blockname, array('blockname'=>$blockname));
} else {
showmessage('the_block_is_not_available');
}
}
if (submitcheck('editnvsubmit')) {
$hidden = intval($_POST['nvhidden']);
$nv = array('index', 'feed', 'doing', 'blog', 'album', 'topic', 'share', 'friends', 'wall', 'profile', 'follow');
space_merge($space,'field_home');
$blockdata = dunserialize($space['blockposition']);
$personalnv = array();
$personalnv['nvhidden'] = $hidden;
foreach($nv as $value) {
$namevalue = trim($_POST[$value]);
$personalnv['items'][$value] = getstr($namevalue,15);
$personalnv['banitems'][$value] = empty($_POST['ban'.$value]) ? 0 : 1;
}
$blockdata['nv'] = $personalnv;
$setarr = array();
$setarr['blockposition'] = serialize($blockdata);
C::t('common_member_field_home')->update($space['uid'], $setarr);
showmessage('do_success', 'portal.php?mod=spacecp&ac=index&op=getnv');
}
if (submitcheck('musicsubmit')) {
$blockname = getstr($_GET['blockname'],15);
space_merge($space,'field_home');
$blockdata = dunserialize($space['blockposition']);
if ($_POST['act'] == 'config') {
$config = array (
'showmod' => $_POST['showmod'],
'autorun' => $_POST['autorun'],
'shuffle' => $_POST['shuffle'],
'crontabcolor' => $_POST['crontabcolor'],
'buttoncolor' => $_POST['buttoncolor'],
'fontcolor' => $_POST['fontcolor'],
'crontabbj' => $_POST['crontabbj'],
'height' => min(9999,abs(intval($_POST['height']))),
);
$blockdata['parameters']['music']['config'] = $config;
$blockdata['parameters']['music']['title']= getstr($_POST['blocktitle'],50);
} elseif ($_POST['act'] == 'addmusic') {
$mp3url = $_POST['mp3url'];
$mp3name = $_POST['mp3name'];
$cdbj = $_POST['cdbj'];
$mp3list = empty($blockdata['parameters']['music']['mp3list']) ? array() : $blockdata['parameters']['music']['mp3list'];
foreach ($mp3url as $key => $value) {
if (!empty($value)) {
if(empty($mp3name[$key])) $mp3name[$key] = substr($value,strrpos($value,'/')+1,strlen($value));
$mp3list[] = array('mp3url'=>$value, 'mp3name'=>$mp3name[$key], 'cdbj'=>$cdbj[$key]);
}
}
$blockdata['parameters']['music']['mp3list'] = $mp3list;
} elseif ($_POST['act'] == 'editlist') {
$mp3url = $_POST['mp3url'];
$mp3name = $_POST['mp3name'];
$cdbj = $_POST['cdbj'];
$mp3list = array();
foreach ($mp3url as $key => $value) {
if (!empty($value)) {
if(empty($mp3name[$key])) $mp3name[$key] = substr($value,strrpos($value,'/')+1,strlen($value));
$mp3list[] = array('mp3url'=>$value, 'mp3name'=>$mp3name[$key], 'cdbj'=>$cdbj[$key]);
}
}
$blockdata['parameters']['music']['mp3list'] = $mp3list;
}
if (empty($blockdata['parameters']['music']['config'])) {
$blockdata['parameters']['music']['config'] = array (
'showmod' => 'default',
'autorun' => 'true',
'shuffle' => 'true',
'crontabcolor' => '#D2FF8C',
'buttoncolor' => '#1F43FF',
'fontcolor' => '#1F43FF',
);
}
$setarr = array();
$setarr['blockposition'] = serialize($blockdata);
C::t('common_member_field_home')->update($space['uid'], $setarr);
showmessage('do_success', 'home.php?mod=spacecp&ac=index&op=getblock&blockname='.$blockname, array('blockname'=>$blockname));
}
if (submitcheck('diysubmit')) {
$blockdata = array();
checksecurity($_POST['spacecss']);
$spacecss = $_POST['spacecss'];
$spacecss = preg_replace("/(\<|\>)/is", '', $spacecss);
$currentlayout = getstr($_POST['currentlayout'],5);
$style = empty($_POST['style'])?'':preg_replace("/[^0-9a-z]/i", '', $_POST['style']);
$layoutdata = $_POST['layoutdata'];
require_once libfile('class/xml');
$layoutdata = xml2array($layoutdata);
if (empty($layoutdata)) showmessage('space_data_format_invalid');
$layoutdata = $layoutdata['diypage'];
if($style && $style != 'uchomedefault') {
$cssfile = DISCUZ_ROOT.'./static/space/'.$style.'/style.css';
if(!file_exists($cssfile)) {
showmessage('theme_does_not_exist');
}
}
space_merge($space, 'field_home');
$blockdata = dunserialize($space['blockposition']);
$blockdata['block'] = $layoutdata;
$blockdata['currentlayout'] = $currentlayout;
$setarr = array();
$setarr['spacecss'] = $spacecss;
$setarr['blockposition'] = serialize($blockdata);
$setarr['theme'] = $style;
C::t('common_member_field_home')->update($space['uid'], $setarr);
showmessage('do_success','home.php?mod=space'.($_G['adminid'] == 1 && $_G['setting']['allowquickviewprofile'] ? '&view=admin' : ''));
}
if (submitcheck('uploadsubmit')) {
$albumid = $picid = 0;
if(!checkperm('allowupload')) {
echo "<script>";
echo "alert(\"".lang('spacecp', 'not_allow_upload')."\")";
echo "</script>";
exit();
}
$uploadfiles = pic_save($_FILES['attach'], $_POST['albumid'], $_POST['pic_title'], false);
if($uploadfiles && is_array($uploadfiles)) {
$albumid = $uploadfiles['albumid'];
$picid = $uploadfiles['picid'];
$uploadStat = 1;
require_once libfile('function/spacecp');
album_update_pic($albumid);
} else {
$uploadStat = $uploadfiles;
}
$picurl = pic_get($uploadfiles['filepath'], 'album', $uploadfiles['thumb'], $uploadfiles['remote']);
echo "<script>";
if($uploadStat == 1) {
echo "parent.spaceDiy.getdiy('diy', 'albumid', '$albumid');";
echo "parent.spaceDiy.setBgImage('$picurl');";
echo "parent.Util.toggleEle('upload');";
} else {
echo "parent.showDialog('$uploadStat','notice');";
}
echo "</script>";
exit();
}
include_once(template('home/spacecp_index'));
?>