DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 29 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2839 Commits
3 Branches
130MB
Tree: 17af505ddd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '17af505ddd'
${ noResults }
DedeV6/src/apps/diy.php

158 lines
6.8KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * 自定义表单

  4.  *

  5.  * @version        $id:diy.php$

  6.  * @package        DedeBIZ.Site

  7.  * @copyright      Copyright (c) 2022 DedeBIZ.COM

  8.  * @license        GNU GPL v2 (https://www.dedebiz.com/license)

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. require_once(dirname(__FILE__)."/../system/common.inc.php");

  12. $diyid = isset($diyid) && is_numeric($diyid) ? $diyid : 0;

  13. $action = isset($action) && in_array($action, array('post', 'list', 'view')) ? $action : 'post';

  14. $id = isset($id) && is_numeric($id) ? $id : 0;

  15. if (empty($diyid)) {

  16.     showMsg('操作失败', '/');

  17.     exit();

  18. }

  19. require_once DEDEINC.'/diyform.class.php';

  20. $diy = new diyform($diyid);

  21. if ($action == 'post') {

  22.     if (empty($do)) {

  23.         $postform = $diy->getForm(true);

  24.         include DEDEROOT."/theme/apps/{$diy->postTemplate}";

  25.         exit();

  26.     } elseif ($do == 2) {

  27.         $dede_fields = empty($dede_fields) ? '' : trim($dede_fields);

  28.         $dede_fieldshash = empty($dede_fieldshash) ? '' : trim($dede_fieldshash);

  29.         if (!empty($dede_fields)) {

  30.             if ($dede_fieldshash != md5($dede_fields.$cfg_cookie_encode)) {

  31.                 showMsg('表单校验失败', '-1');

  32.                 exit();

  33.             }

  34.         }

  35.         $diyform = $dsql->GetOne("SELECT * FROM `#@__diyforms` WHERE diyid='$diyid' ");

  36.         if (!is_array($diyform)) {

  37.             showmsg('表单不存在', '-1');

  38.             exit();

  39.         }

  40.         $addvar = $addvalue = '';

  41.         //验证码校验

  42.         $validate = empty($validate) ? '' : strtolower(trim($validate));

  43.         $svali = strtolower(GetCkVdValue());

  44.         if ($validate=='' || $validate != $svali) {

  45.             ResetVdValue();

  46.             ShowMsg('验证码不正确', '-1');

  47.             exit();

  48.         }

  49.         if (!empty($dede_fields)) {

  50.             $link = $_SERVER['HTTP_REFERER'];

  51.             $date = GetDateTimeMk(time());

  52.             $ip = GetIP();

  53.             $fieldarr = explode(';', $dede_fields);

  54.             if (is_array($fieldarr)) {

  55.                 foreach ($fieldarr as $field) {

  56.                     if ($field == '') continue;

  57.                     $fieldinfo = explode(',', $field);

  58.                     if ($fieldinfo[1] == 'textdata') {

  59.                         ${$fieldinfo[0]} = FilterSearch(stripslashes(${$fieldinfo[0]}));

  60.                         ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});

  61.                     } else {

  62.                         ${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','diy', $fieldinfo[0]);

  63.                     }

  64.                     $addvar .= ', `'.$fieldinfo[0].'`';

  65.                     $addvalue .= ", '".${$fieldinfo[0]}."'";

  66.                 }

  67.             }

  68.         }

  69.         //判断$name是否输入违禁词,在后台-系统设置:禁用关键词添加,$name改成您表单字段标识,恢复注释代码使用

  70.         /*if ($name != '' && preg_match("#".$cfg_notallowstr."#i", $name)) {

  71.             ShowMsg("您输入的信息存在违禁,请重新填写", "-1");

  72.             exit();

  73.         }*/

  74.         //判断$message是否大于70字符则提交失败,$message改成您表单字段标识,恢复注释代码使用

  75.         /*if ($message != '' && strlen($message) > 70) {

  76.             showmsg('您输入的信息太多了,请重新填写', '-1');

  77.             exit();

  78.         }*/

  79.         //获取表单提交的链接、时间、ip,字段标识默认为link、date、ip,前台表单可以不用出现该输入框,但是biz_fields和biz_fieldshash的值要最新,下面是重复提交表单限制,恢复注释代码使用

  80.         /*$result = $dsql->getOne("SELECT count(*) AS dd FROM `{$diy->table}` WHERE ip='$ip' AND date_format(date,'Y-m-d') = date_format(now(),'Y-m-d')");

  81.         if ($result['dd'] >= 3) {

  82.             showmsg('您已重复提交太多次了,请等待平台联系', '-1');

  83.             exit();

  84.         }*/

  85.         $query = "INSERT INTO `{$diy->table}` (`id`, `ifcheck` $addvar) VALUES (NULL, 0 $addvalue); ";

  86.         if ($dsql->ExecuteNoneQuery($query)) {

  87.             $id = $dsql->GetLastID();

  88.             $mailtitle = "{$diy->name}通知";

  89.             $mailbody = '';

  90.             foreach($diy->getFieldList() as $field=>$fieldvalue)

  91.             {

  92.                 $mailbody .= "{$fieldvalue[0]}:{${$field}}\r\n";

  93.             }

  94.             $headers = "From: ".$cfg_adminemail."Reply-To: ".$cfg_adminemail;

  95.             $mailbody = mb_convert_encoding($mailbody, "GBK", "UTF-8");

  96.             if ($cfg_sendmail_bysmtp == 'Y' && !empty($cfg_smtp_server)) {

  97.                 $mailtype = 'TXT';

  98.                 require_once(DEDEINC.'/libraries/mail.class.php');

  99.                 $smtp = new smtp($cfg_smtp_server, $cfg_smtp_port, true, $cfg_smtp_usermail, $cfg_smtp_password);

  100.                 $smtp->debug = false;

  101.                 //除了cfg_adminemail接收邮件外,自定义发送其他指定邮件,恢复注释代码使用

  102.                 //$cfg_smtp_usermail2 = "admin@qq.com";

  103.                 $smtp->sendmail($cfg_adminemail, $cfg_webname, $cfg_smtp_usermail, $mailtitle, $mailbody, $mailtype);

  104.             } else {

  105.                 @mail($cfg_adminemail, $mailtitle, $mailbody, $headers);

  106.             }

  107.             if ($diy->public == 2) {

  108.                 $goto = "diy.php?action=list&diyid={$diy->diyid}";

  109.                 $bkmsg = '提交成功,正在前往表单列表';

  110.             } else {

  111.                 $goto = 'javascript:history.go(-1);';

  112.                 $bkmsg = '提交成功,请等待平台联系';

  113.             }

  114.             ShowMsg($bkmsg, $goto);

  115.         }

  116.     }

  117. } else if ($action == 'list') {

  118.     if (empty($diy->public)) {

  119.         ShowMsg('表单已关闭前台浏览', 'javascript:;');

  120.         exit();

  121.     }

  122.     include_once DEDEINC.'/datalistcp.class.php';

  123.     if ($diy->public == 2) {

  124.         $query = "SELECT * FROM `{$diy->table}` ORDER BY id DESC";

  125.     } else {

  126.         $query = "SELECT * FROM `{$diy->table}` WHERE ifcheck=1 ORDER BY id DESC";

  127.     }

  128.     $datalist = new DataListCP();

  129.     $datalist->pagesize = 10;

  130.     $datalist->SetParameter('action', 'list');

  131.     $datalist->SetParameter('diyid', $diyid);

  132.     $datalist->SetTemplate(DEDEINC."/../theme/apps/{$diy->listTemplate}");

  133.     $datalist->SetSource($query);

  134.     $fieldlist = $diy->getFieldList();

  135.     $datalist->Display();

  136. } else if ($action == 'view') {

  137.     if (empty($diy->public)) {

  138.         showMsg('表单已关闭前台浏览', '/');

  139.         exit();

  140.     }

  141.     if (empty($id)) {

  142.         showMsg('操作失败,未指定id', '/');

  143.         exit();

  144.     }

  145.     if ($diy->public == 2) {

  146.         $query = "SELECT * FROM `{$diy->table}` WHERE id='$id' ";

  147.     } else {

  148.         $query = "SELECT * FROM `{$diy->table}` WHERE id='$id' AND ifcheck=1";

  149.     }

  150.     $row = $dsql->GetOne($query);

  151.     if (!is_array($row)) {

  152.         showmsg('您浏览的记录不存在或未审核', '-1');

  153.         exit();

  154.     }

  155.     $fieldlist = $diy->getFieldList();

  156.     include DEDEROOT."/theme/apps/{$diy->viewTemplate}";

  157. }

  158. ?>