001.//标题
002.$POST['subject'] = getstr(trim($POST['subject']), 80, 1, 1, 1); //以防文章的标题太长
003.if(strlen($POST['subject'])<1) $POST['subject'] = sgmdate('Y-m-d'); //如果没有提交标题,则将当前的时间做为文章的标题
004.$POST['friend'] = intval($POST['friend']); //访问权限设置
005.
006.//隐私
007.$POST['target_ids'] = ''; //设置指定的好友
008.if($POST['friend'] == 2) {//如果设置为指定好友访问
009.//特定好友
010.$uids = array();
011.//获取前指定的可以访问日志的好友用户名,如果存在,则将字符串以空格为分隔符,他字符串分开,存入数组
012.$names = empty($_POST['target_names'])?array():explode(' ', str_replace(cplang('tab_space'), ' ', $_POST['target_names']));
013.if($names) {//如果存在指定用户,则查找用户的uid
014.$query = $_SGLOBAL['db']->query("SELECT uid FROM ".tname('space')." WHERE username IN (".simplode($names).")");
015.while ($value = $_SGLOBAL['db']->fetch_array($query)) {
016.$uids[] = $value['uid'];
017.}
018.}
019.if(empty($uids)) { //如果没有查到uids则表示只有自己可以看到
020.$POST['friend'] = 3;//仅自己可见
021.} else {
022.$POST['target_ids'] = implode(',', $uids);//将$uids数组用","号分隔成字符串
023.}
024.} elseif($POST['friend'] == 4) { //如果是密码访问的
025.//加密
026.$POST['password'] = trim($POST['password']);
027.if($POST['password'] == '') $POST['friend'] = 0;//如果密码为空,则为公开的
028.}
029.if($POST['friend'] !== 2) {
030.$POST['target_ids'] = '';
031.}
032.if($POST['friend'] !== 4) {
033.$POST['password'] == '';
034.}
035.
036.$POST['tag'] = shtmlspecialchars(trim($POST['tag'])); //转义
037.$POST['tag'] = getstr($POST['tag'], 500, 1, 1, 1); //语词屏蔽
038.
039.//内容
040.if($_SGLOBAL['mobile']) {
041.$POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 1);
042.} else {
043.$POST['message'] = checkhtml($POST['message']); ////屏蔽html
044.$POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1);
045.$POST['message'] = preg_replace(array(
046."/\<div\>\<\/div\>/i",
047."/\<a\s+href\=\"([^\>]+?)\"\>/i"
048.), array(
049.'',
050.'<a href="\\1" target="_blank">'
051.), $POST['message']); //替换div代码
052.}
053.$message = $POST['message'];
054.
055.//个人分类
056.if(empty($olds['classid']) || $POST['classid'] != $olds['classid']) {
057.//分类名为空或是提交的分类与以前的分类不相同
058.if(!empty($POST['classid']) && substr($POST['classid'], 0, 4) == 'new:') {
059.//分类名
060.$classname = shtmlspecialchars(trim(substr($POST['classid'], 4)));
061.$classname = getstr($classname, 0, 1, 1, 1);
062.if(empty($classname)) {
063.$classid = 0;
064.} else {
065.$classid = getcount('class', array('classname'=>$classname, 'uid'=>$_SGLOBAL['supe_uid']), 'classid');
066.if(empty($classid)) {
067.$setarr = array(
068.'classname' => $classname,
069.'uid' => $_SGLOBAL['supe_uid'],
070.'dateline' => $_SGLOBAL['timestamp']
071.);
072.$classid = inserttable('class', $setarr, 1);
073.}
074.//如果分类存在,则更新分类表
075.}
076.} else {
077.$classid = intval($POST['classid']);
078.
079.}
080.} else {
081.$classid = $olds['classid'];
082.}
083.if($classid && empty($classname)) {
084.//是否是自己的
085.$classname = getcount('class', array('classid'=>$classid, 'uid'=>$_SGLOBAL['supe_uid']), 'classname');
086.if(empty($classname)) $classid = 0;
087.}
088.
089.//主表
090.$blogarr = array(
091.'subject' => $POST['subject'],
092.'classid' => $classid,
093.'friend' => $POST['friend'],
094.'password' => $POST['password'],
095.'noreply' => empty($_POST['noreply'])?0:1 //是否可以评论日志
096.);
097.
098.//标题图片
099.$titlepic = '';
100.
101.//获取上传的图片
102.$uploads = array();
103.if(!empty($POST['picids'])) {
104.$picids = array_keys($POST['picids']); //返回数组中所有的键名
105.$query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('pic')." WHERE picid IN (".simplode($picids).") AND uid='$_SGLOBAL[supe_uid]'");
106.//查看图片库中是否有选定的图片
107.while ($value = $_SGLOBAL['db']->fetch_array($query)) {
108.if(empty($titlepic) && $value['thumb']) {
109.//如果标题图片不存在而数据库中存在标题图片
110.$titlepic = $value['filepath'].'.thumb.jpg'; //设置标题图片
111.$blogarr['picflag'] = $value['remote']?2:1;
112.}
113.$uploads[$POST['picids'][$value['picid']]] = $value;
114.}
115.if(empty($titlepic) && $value) {
116.$titlepic = $value['filepath'];
117.$blogarr['picflag'] = $value['remote']?2:1;
118.}
119.}
120.
121.//插入文章
122.if($uploads) {
123.preg_match_all("/\<img\s.*?\_uchome\_localimg\_([0-9]+).+?src\=\"(.+?)\"/i", $message, $mathes);
124.if(!empty($mathes[1])) {
125.$searchs = $idsearchs = array();
126.$replaces = array();
127.foreach ($mathes[1] as $key => $value) {
128.if(!empty($mathes[2][$key]) && !empty($uploads[$value])) {
129.$searchs[] = $mathes[2][$key];
130.$idsearchs[] = "_uchome_localimg_$value";
131.$replaces[] = pic_get($uploads[$value]['filepath'], $uploads[$value]['thumb'], $uploads[$value]['remote'], 0);
132.unset($uploads[$value]);
133.}
134.}
135.if($searchs) {
136.$message = str_replace($searchs, $replaces, $message);
137.$message = str_replace($idsearchs, 'uchomelocalimg[]', $message);
138.}
139.}
140.//未插入文章
141.foreach ($uploads as $value) {
142.$picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0);
143.$message .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>";
144.}
145.}
146.
147.//没有填写任何东西
148.$ckmessage = preg_replace("/(\<div\>|\<\/div\>|\s|\&nbsp\;|\<br\>|\<p\>|\<\/p\>)+/is", '', $message);
149.if(empty($ckmessage)) {
150.return false;
151.}
152.
153.//添加slashes
154.$message = addslashes($message);
155.
156.//从内容中读取图片
157.if(empty($titlepic)) {
158.$titlepic = getmessagepic($message);
159.$blogarr['picflag'] = 0;
160.}
161.$blogarr['pic'] = $titlepic;
162.
163.//热度
164.if(checkperm('manageblog')) {
165.$blogarr['hot'] = intval($POST['hot']); //获取热度值
166.}
167.
168.if($olds['blogid']) {
169.//更新
170.$blogid = $olds['blogid'];
171.updatetable('blog', $blogarr, array('blogid'=>$blogid)); //如果是编辑是的话,则更新日志信息
172.
173.$fuids = array();
174.
175.$blogarr['uid'] = $olds['uid'];
176.$blogarr['username'] = $olds['username'];
177.} else {
178.//参与热闹
179.$blogarr['topicid'] = topic_check($POST['topicid'], 'blog');
180.
181.$blogarr['uid'] = $_SGLOBAL['supe_uid'];
182.$blogarr['username'] = $_SGLOBAL['supe_username'];
183.$blogarr['dateline'] = empty($POST['dateline'])?$_SGLOBAL['timestamp']:$POST['dateline'];
184.$blogid = inserttable('blog', $blogarr, 1); //插入日志表
185.}
186.
187.$blogarr['blogid'] = $blogid;
188.
189.//附表
190.$fieldarr = array(
191.'message' => $message,
192.'postip' => getonlineip(),
193.'target_ids' => $POST['target_ids']
194.);
195.
196.//TAG
197.$oldtagstr = addslashes(empty($olds['tag'])?'':implode(' ', unserialize($olds['tag'])));
198.
199.$tagarr = array();
200.if($POST['tag'] != $oldtagstr) {
201.if(!empty($olds['tag'])) {
202.//先把以前的给清理掉
203.$oldtags = array();
204.$query = $_SGLOBAL['db']->query("SELECT tagid, blogid FROM ".tname('tagblog')." WHERE blogid='$blogid'");
205.while ($value = $_SGLOBAL['db']->fetch_array($query)) {
206.$oldtags[] = $value['tagid'];
207.}
208.if($oldtags) {
209.$_SGLOBAL['db']->query("UPDATE ".tname('tag')." SET blognum=blognum-1 WHERE tagid IN (".simplode($oldtags).")");
210.$_SGLOBAL['db']->query("DELETE FROM ".tname('tagblog')." WHERE blogid='$blogid'");
211.}
212.}
213.$tagarr = tag_batch($blogid, $POST['tag']);
214.//更新附表中的tag
215.$fieldarr['tag'] = empty($tagarr)?'':addslashes(serialize($tagarr));
216.}
217.
218.if($olds) {
219.//更新
220.updatetable('blogfield', $fieldarr, array('blogid'=>$blogid));
221.} else {
222.$fieldarr['blogid'] = $blogid;
223.$fieldarr['uid'] = $blogarr['uid'];
224.inserttable('blogfield', $fieldarr);
225.}
226.
227.//空间更新
228.if($isself) {
229.if($olds) {
230.//空间更新
231.$_SGLOBAL['db']->query("UPDATE ".tname('space')." SET updatetime='$_SGLOBAL[timestamp]' WHERE uid='$_SGLOBAL[supe_uid]'");
232.} else {
233.if(empty($space['blognum'])) {
234.$space['blognum'] = getcount('blog', array('uid'=>$space['uid']));
235.$blognumsql = "blognum=".$space['blognum'];
236.} else {
237.$blognumsql = 'blognum=blognum+1';
238.}
239.//积分
240.$reward = getreward('publishblog', 0);
241.$_SGLOBAL['db']->query("UPDATE ".tname('space')." SET {$blognumsql}, lastpost='$_SGLOBAL[timestamp]', updatetime='$_SGLOBAL[timestamp]', credit=credit+$reward[credit], experience=experience+$reward[experience] WHERE uid='$_SGLOBAL[supe_uid]'");
242.
243.//统计
244.updatestat('blog');
245.}
246.}
247.
248.//产生feed
249.if($POST['makefeed']) {
250.include_once(S_ROOT.'./source/function_feed.php');
251.feed_publish($blogid, 'blogid', $olds?0:1);
252.}
253.
254.//热闹
255.if(empty($olds) && $blogarr['topicid']) {
256.topic_join($blogarr['topicid'], $_SGLOBAL['supe_uid'], $_SGLOBAL['supe_username']);
257.}
258.
259.//角色切换
260.if(!empty($__SGLOBAL)) $_SGLOBAL = $__SGLOBAL;
261.
262.return $blogarr;
263.}
264.
265.//处理tag
266.function tag_batch($blogid, $tags) {
267.global $_SGLOBAL;
268.
269.$tagarr = array();
270.$tagnames = empty($tags)?array():array_unique(explode(' ', $tags)); //array array_unique(array);返回没有重复值的新数组。
271.if(empty($tagnames)) return $tagarr; //如果数组不存在,则返回空数组
272.
273.$vtags = array();
274.//查询tag表
275.$query = $_SGLOBAL['db']->query("SELECT tagid, tagname, close FROM ".tname('tag')." WHERE tagname IN (".simplode($tagnames).")");
276.while ($value = $_SGLOBAL['db']->fetch_array($query)) {
277.$value['tagname'] = addslashes($value['tagname']); //对tagname先转义
278.$vkey = md5($value['tagname']);
279.$vtags[$vkey] = $value;
280.}
281.$updatetagids = array();
282.foreach ($tagnames as $tagname) {
283.if(!preg_match('/^([\x7f-\xff_-]|\w){3,20}$/', $tagname)) continue;
284.//128-255,\w:任一“字”的字符
285.$vkey = md5($tagname);
286.//如果tag表中没有现tag值,则插入数据库
287.if(empty($vtags[$vkey])) {
288.$setarr = array(
289.'tagname' => $tagname,
290.'uid' => $_SGLOBAL['supe_uid'],
291.'dateline' => $_SGLOBAL['timestamp'],
292.'blognum' => 1
293.);
294.$tagid = inserttable('tag', $setarr, 1);
295.$tagarr[$tagid] = $tagname;
296.} else {
297.if(empty($vtags[$vkey]['close'])) {//是否是锁定的tag
298.$tagid = $vtags[$vkey]['tagid']; //获取添加的tag在数据库中的id
299.$updatetagids[] = $tagid;
300.$tagarr[$tagid] = $tagname;
301.}
302.}
303.}
304.//更新tag日志信息
305.if($updatetagids) $_SGLOBAL['db']->query("UPDATE ".tname('tag')." SET blognum=blognum+1 WHERE tagid IN (".simplode($updatetagids).")");
306.$tagids = array_keys($tagarr); //返回键名,也就是tagid
307.$inserts = array();
308.foreach ($tagids as $tagid) {
309.$inserts[] = "('$tagid','$blogid')";
310.}
311.//更新tag的记tagblog表
312.if($inserts) $_SGLOBAL['db']->query("REPLACE INTO ".tname('tagblog')." (tagid,blogid) VALUES ".implode(',', $inserts));
313.
314.//返回tag数组
315.return $tagarr;
316.}
317.
318.//获取日志图片
319.function getmessagepic($message) {
320.$pic = '';
321.$message = stripslashes($message); //去除$message中的转义字符
322.//头像的路径一般为:<img src="image/face/4.gif">
323.$message = preg_replace("/\<img src=\".*?image\/face\/(.+?).gif\".*?\>\s*/is", '', $message); //移除表情符
324.preg_match("/src\=[\"\']*([^\>\s]{25,105})\.(jpg|gif|png)/i", $message, $mathes); //提取日志中的图片
325.if(!empty($mathes[1]) || !empty($mathes[2])) {
326.$pic = "{$mathes[1]}.{$mathes[2]}";
327.}
328.return addslashes($pic); //转义图片地址
329.}
330.
331.//屏蔽html
332.function checkhtml($html) {
333.$html = stripslashes($html);
334.if(!checkperm('allowhtml')) {
335.
336./*
337.sample:
338.$html='<h1 class="logo"><a href="index.php"><img src="template/default/image/logo.gif" alt="我的空间" /></a></h1>
339.';
340.
341.preg_match_all("/\<([^\<]+)\>/is", $html, $ms);
342.
343.print_r($ms);
344.
345.得到的结果为:
346.
347.Array
348.(
349.[0] => Array
350.(
351.[0] => <h1 class="logo">
352.[1] => <a href="index.php">
353.[2] => <img src="template/default/image/logo.gif" alt="我的空间" />
354.[3] => </a>
355.[4] => </h1>
356.)
357.
358.[1] => Array
359.(
360.[0] => h1 class="logo"
361.[1] => a href="index.php"
362.[2] => img src="template/default/image/logo.gif" alt="我的空间" /
363.[3] => /a
364.[4] => /h1
365.)
366.
367.)
368.*/
369.
370.preg_match_all("/\<([^\<]+)\>/is", $html, $ms);
371.
372.$searchs[] = '<';
373.$replaces[] = '<';
374.$searchs[] = '>';
375.$replaces[] = '>';
376.
377.if($ms[1]) {
378.$allowtags = 'img|a|font|div|table|tbody|caption|tr|td|th|br|p|b|strong|i|u|em|span|ol|ul|li|blockquote|object|param|embed';//允许的标签
379.$ms[1] = array_unique($ms[1]); //移除数组中重复值
380.foreach ($ms[1] as $value) {
381.$searchs[] = "<".$value.">";
382.$value = shtmlspecialchars($value);
383.$value = str_replace(array('\\','/*'), array('.','/.'), $value);
384.$value = preg_replace(array("/(javascript|script|eval|behaviour|expression)/i", "/(\s+|"|')on/i"), array('.', ' .'), $value);
385.if(!preg_match("/^[\/|\s]?($allowtags)(\s+|$)/is", $value)) {
386.$value = '';
387.}
388.$replaces[] = empty($value)?'':"<".str_replace('"', '"', $value).">";
389.}
390.}
391.$html = str_replace($searchs, $replaces, $html);
392.}
393.$html = addslashes($html);
394.
395.return $html;
396.}
397.
398.//视频标签处理
399.function blog_bbcode($message) {
400.$message = preg_replace("/\[flash\=?(media|real)*\](.+?)\[\/flash\]/ie", "blog_flash('\\2', '\\1')", $message);
401.return $message;
402.}
403.//视频
404.function blog_flash($swf_url, $type='') {
405.$width = '520';
406.$height = '390';
407.if ($type == 'media') {
408.$html = '<object classid="clsid:6bf52a52-394a-11d3-b153-00c04f79faa6" width="'.$width.'" height="'.$height.'">
409.<param name="autostart" value="0">
410.<param name="url" value="'.$swf_url.'">
411.<embed autostart="false" src="'.$swf_url.'" type="video/x-ms-wmv" width="'.$width.'" height="'.$height.'" controls="imagewindow" console="cons"></embed>
412.</object>';
413.} elseif ($type == 'real') {
414.$html = '<object classid="clsid:cfcdaa03-8be4-11cf-b84b-0020afbbccfa" width="'.$width.'" height="'.$height.'">
415.<param name="autostart" value="0">
416.<param name="src" value="'.$swf_url.'">
417.<param name="controls" value="Imagewindow,controlpanel">
418.<param name="console" value="cons">
419.<embed autostart="false" src="'.$swf_url.'" type="audio/x-pn-realaudio-plugin" width="'.$width.'" height="'.$height.'" controls="controlpanel" console="cons"></embed>
420.</object>';
421.} else {
422.$html = '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="'.$width.'" height="'.$height.'">
423.<param name="movie" value="'.$swf_url.'">
424.<param name="allowscriptaccess" value="always">
425.<embed src="'.$swf_url.'" type="application/x-shockwave-flash" width="'.$width.'" height="'.$height.'" allowfullscreen="true" allowscriptaccess="always"></embed>
426.</object>';
427.}
428.return $html;
429.}
430.
431.?>
