DedeBIZ
/
DedeV6
Tarkkaile 2
Äänestä 0
Fork 0
Koodi Pull-pyynnöt 0 Julkaisut 29 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2798 Commitit
3 Branchit
107MB
Puu: 8b008f3b4d
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '8b008f3b4d'
${ noResults }
DedeV6/src/apps/diy.php

148 lines
6.3KB
Raaka Blame Historia 

  1. <?php

  2. /**

  3.  * 自定义表单

  4.  *

  5.  * @version        $id:diy.php$

  6.  * @package        DedeBIZ.Site

  7.  * @copyright      Copyright (c) 2022 DedeBIZ.COM

  8.  * @license        GNU GPL v2 (https://www.dedebiz.com/license)

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. require_once(dirname(__FILE__)."/../system/common.inc.php");

  12. $diyid = isset($diyid) && is_numeric($diyid) ? $diyid : 0;

  13. $action = isset($action) && in_array($action, array('post', 'list', 'view')) ? $action : 'post';

  14. $id = isset($id) && is_numeric($id) ? $id : 0;

  15. if (empty($diyid)) {

  16.     showMsg('操作失败', '/');

  17.     exit();

  18. }

  19. require_once DEDEINC.'/diyform.class.php';

  20. $diy = new diyform($diyid);

  21. if ($action == 'post') {

  22.     if (empty($do)) {

  23.         $postform = $diy->getForm(true);

  24.         include DEDEROOT."/theme/apps/{$diy->postTemplate}";

  25.         exit();

  26.     } elseif ($do == 2) {

  27.         $dede_fields = empty($dede_fields) ? '' : trim($dede_fields);

  28.         $dede_fieldshash = empty($dede_fieldshash) ? '' : trim($dede_fieldshash);

  29.         if (!empty($dede_fields)) {

  30.             if ($dede_fieldshash != md5($dede_fields.$cfg_cookie_encode)) {

  31.                 showMsg('表单校验失败', '-1');

  32.                 exit();

  33.             }

  34.         }

  35.         $diyform = $dsql->GetOne("SELECT * FROM `#@__diyforms` WHERE diyid='$diyid' ");

  36.         if (!is_array($diyform)) {

  37.             showmsg('表单不存在', '-1');

  38.             exit();

  39.         }

  40.         $addvar = $addvalue = '';

  41.         if (!empty($dede_fields)) {

  42.             $link = $_SERVER['HTTP_REFERER'];

  43.             $date = GetDateTimeMk(time());

  44.             $ip = GetIP();

  45.             $fieldarr = explode(';', $dede_fields);

  46.             if (is_array($fieldarr)) {

  47.                 foreach ($fieldarr as $field) {

  48.                     if ($field == '') continue;

  49.                     $fieldinfo = explode(',', $field);

  50.                     if ($fieldinfo[1] == 'textdata') {

  51.                         ${$fieldinfo[0]} = FilterSearch(stripslashes(${$fieldinfo[0]}));

  52.                         ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});

  53.                     } else {

  54.                         ${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','diy', $fieldinfo[0]);

  55.                     }

  56.                     $addvar .= ', `'.$fieldinfo[0].'`';

  57.                     $addvalue .= ", '".${$fieldinfo[0]}."'";

  58.                 }

  59.             }

  60.         }

  61.         //判断$name是否输入中文包括繁体则提交失败,$name改成您表单字段标识,恢复注释代码使用

  62.         /*if (!preg_match('/^[\x{4e00}-\x{9fa5}]+$/u', $name)) {

  63.             showMsg('您输入信息不符合,请重新填写', '-1');

  64.             exit();

  65.         }*/

  66.         //判断$message是否大于70字符则提交失败,$message改成您表单字段标识,恢复注释代码使用

  67.         /*if (mb_strlen($message) > 70) {

  68.             showmsg('您输入文字太多了,请重新填写', '-1');

  69.             exit();

  70.         }*/

  71.         //获取表单提交的链接、时间、ip,字段标识默认为link、date、ip,前台表单可以不用出现该输入框,但是biz_fields和biz_fieldshash的值要最新,下面是重复提交表单限制,恢复注释代码使用

  72.         /*$result = $dsql->getOne("SELECT count(*) AS dd FROM `{$diy->table}` WHERE ip='$ip' AND date_format(date,'Y-m-d') = date_format(now(),'Y-m-d')");

  73.         if ($result['dd'] >= 3) {

  74.             showmsg('您重复提交太多了,请等待平台联系', '-1');

  75.             exit();

  76.         }*/

  77.         $query = "INSERT INTO `{$diy->table}` (`id`, `ifcheck` $addvar) VALUES (NULL, 0 $addvalue); ";

  78.         if ($dsql->ExecuteNoneQuery($query)) {

  79.             $id = $dsql->GetLastID();

  80.             $mailtitle = "{$diy->name}通知";

  81.             $mailbody = '';

  82.             foreach($diy->getFieldList() as $field=>$fieldvalue)

  83.             {

  84.                 $mailbody .= "{$fieldvalue[0]}:{${$field}}\r\n";

  85.             }

  86.             $headers = "From: ".$cfg_adminemail."Reply-To: ".$cfg_adminemail;

  87.             $mailbody = mb_convert_encoding($mailbody, "GBK", "UTF-8");

  88.             if ($cfg_sendmail_bysmtp == 'Y' && !empty($cfg_smtp_server)) {

  89.                 $mailtype = 'TXT';

  90.                 require_once(DEDEINC.'/libraries/mail.class.php');

  91.                 $smtp = new smtp($cfg_smtp_server, $cfg_smtp_port, true, $cfg_smtp_usermail, $cfg_smtp_password);

  92.                 $smtp->debug = false;

  93.                 $smtp->sendmail($cfg_adminemail, $cfg_webname, $cfg_smtp_usermail, $mailtitle, $mailbody, $mailtype);

  94.             } else {

  95.                 @mail($cfg_adminemail, $mailtitle, $mailbody, $headers);

  96.             }

  97.             if ($diy->public == 2) {

  98.                 $goto = "diy.php?action=list&diyid={$diy->diyid}";

  99.                 $bkmsg = '提交成功,正在前往表单列表';

  100.             } else {

  101.                 $goto = 'javascript:history.go(-1);';

  102.                 $bkmsg = '提交成功,请等待平台联系';

  103.             }

  104.             ShowMsg($bkmsg, $goto);

  105.         }

  106.     }

  107. } else if ($action == 'list') {

  108.     if (empty($diy->public)) {

  109.         ShowMsg('表单已关闭前台浏览', 'javascript:;');

  110.         exit();

  111.     }

  112.     include_once DEDEINC.'/datalistcp.class.php';

  113.     if ($diy->public == 2) {

  114.         $query = "SELECT * FROM `{$diy->table}` ORDER BY id DESC";

  115.     } else {

  116.         $query = "SELECT * FROM `{$diy->table}` WHERE ifcheck=1 ORDER BY id DESC";

  117.     }

  118.     $datalist = new DataListCP();

  119.     $datalist->pagesize = 10;

  120.     $datalist->SetParameter('action', 'list');

  121.     $datalist->SetParameter('diyid', $diyid);

  122.     $datalist->SetTemplate(DEDEINC."/../theme/apps/{$diy->listTemplate}");

  123.     $datalist->SetSource($query);

  124.     $fieldlist = $diy->getFieldList();

  125.     $datalist->Display();

  126. } else if ($action == 'view') {

  127.     if (empty($diy->public)) {

  128.         showMsg('表单已关闭前台浏览', '/');

  129.         exit();

  130.     }

  131.     if (empty($id)) {

  132.         showMsg('操作失败,未指定id', '/');

  133.         exit();

  134.     }

  135.     if ($diy->public == 2) {

  136.         $query = "SELECT * FROM `{$diy->table}` WHERE id='$id' ";

  137.     } else {

  138.         $query = "SELECT * FROM `{$diy->table}` WHERE id='$id' AND ifcheck=1";

  139.     }

  140.     $row = $dsql->GetOne($query);

  141.     if (!is_array($row)) {

  142.         showmsg('您浏览的记录不存在或未审核', '-1');

  143.         exit();

  144.     }

  145.     $fieldlist = $diy->getFieldList();

  146.     include DEDEROOT."/theme/apps/{$diy->viewTemplate}";

  147. }

  148. ?>