DedeBIZ
/
DedeV6
關註 2
收藏 0
複製 0
程式碼 合併請求 0 版本發佈 29 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2815 Commit
3 分支
130MB
目錄樹: c689d78113
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from 'c689d78113'
${ noResults }
DedeV6/src/apps/diy.php

156 line
6.6KB
原始文件 Blame 文件歷史 

  1. <?php

  2. /**

  3.  * 自定义表单

  4.  *

  5.  * @version        $id:diy.php$

  6.  * @package        DedeBIZ.Site

  7.  * @copyright      Copyright (c) 2022 DedeBIZ.COM

  8.  * @license        GNU GPL v2 (https://www.dedebiz.com/license)

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. require_once(dirname(__FILE__)."/../system/common.inc.php");

  12. $diyid = isset($diyid) && is_numeric($diyid) ? $diyid : 0;

  13. $action = isset($action) && in_array($action, array('post', 'list', 'view')) ? $action : 'post';

  14. $id = isset($id) && is_numeric($id) ? $id : 0;

  15. if (empty($diyid)) {

  16.     showMsg('操作失败', '/');

  17.     exit();

  18. }

  19. require_once DEDEINC.'/diyform.class.php';

  20. $diy = new diyform($diyid);

  21. if ($action == 'post') {

  22.     if (empty($do)) {

  23.         $postform = $diy->getForm(true);

  24.         include DEDEROOT."/theme/apps/{$diy->postTemplate}";

  25.         exit();

  26.     } elseif ($do == 2) {

  27.         $dede_fields = empty($dede_fields) ? '' : trim($dede_fields);

  28.         $dede_fieldshash = empty($dede_fieldshash) ? '' : trim($dede_fieldshash);

  29.         if (!empty($dede_fields)) {

  30.             if ($dede_fieldshash != md5($dede_fields.$cfg_cookie_encode)) {

  31.                 showMsg('表单校验失败', '-1');

  32.                 exit();

  33.             }

  34.         }

  35.         $diyform = $dsql->GetOne("SELECT * FROM `#@__diyforms` WHERE diyid='$diyid' ");

  36.         if (!is_array($diyform)) {

  37.             showmsg('表单不存在', '-1');

  38.             exit();

  39.         }

  40.         $addvar = $addvalue = '';

  41.         //验证码校验

  42.         $validate = empty($validate) ? '' : strtolower(trim($validate));

  43.         $svali = strtolower(GetCkVdValue());

  44.         if ($validate=='' || $validate != $svali) {

  45.             ResetVdValue();

  46.             ShowMsg('验证码不正确', '-1');

  47.             exit();

  48.         }

  49.         if (!empty($dede_fields)) {

  50.             $link = $_SERVER['HTTP_REFERER'];

  51.             $date = GetDateTimeMk(time());

  52.             $ip = GetIP();

  53.             $fieldarr = explode(';', $dede_fields);

  54.             if (is_array($fieldarr)) {

  55.                 foreach ($fieldarr as $field) {

  56.                     if ($field == '') continue;

  57.                     $fieldinfo = explode(',', $field);

  58.                     if ($fieldinfo[1] == 'textdata') {

  59.                         ${$fieldinfo[0]} = FilterSearch(stripslashes(${$fieldinfo[0]}));

  60.                         ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});

  61.                     } else {

  62.                         ${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','diy', $fieldinfo[0]);

  63.                     }

  64.                     $addvar .= ', `'.$fieldinfo[0].'`';

  65.                     $addvalue .= ", '".${$fieldinfo[0]}."'";

  66.                 }

  67.             }

  68.         }

  69.         //判断$name是否输入中文包括繁体则提交失败,$name改成您表单字段标识,恢复注释代码使用

  70.         /*if (!preg_match('/^[\x{4e00}-\x{9fa5}]+$/u', $name)) {

  71.             showMsg('您输入信息不符合,请重新填写', '-1');

  72.             exit();

  73.         }*/

  74.         //判断$message是否大于70字符则提交失败,$message改成您表单字段标识,恢复注释代码使用

  75.         /*if (mb_strlen($message) > 70) {

  76.             showmsg('您输入文字太多了,请重新填写', '-1');

  77.             exit();

  78.         }*/

  79.         //获取表单提交的链接、时间、ip,字段标识默认为link、date、ip,前台表单可以不用出现该输入框,但是biz_fields和biz_fieldshash的值要最新,下面是重复提交表单限制,恢复注释代码使用

  80.         /*$result = $dsql->getOne("SELECT count(*) AS dd FROM `{$diy->table}` WHERE ip='$ip' AND date_format(date,'Y-m-d') = date_format(now(),'Y-m-d')");

  81.         if ($result['dd'] >= 3) {

  82.             showmsg('您重复提交太多了,请等待平台联系', '-1');

  83.             exit();

  84.         }*/

  85.         $query = "INSERT INTO `{$diy->table}` (`id`, `ifcheck` $addvar) VALUES (NULL, 0 $addvalue); ";

  86.         if ($dsql->ExecuteNoneQuery($query)) {

  87.             $id = $dsql->GetLastID();

  88.             $mailtitle = "{$diy->name}通知";

  89.             $mailbody = '';

  90.             foreach($diy->getFieldList() as $field=>$fieldvalue)

  91.             {

  92.                 $mailbody .= "{$fieldvalue[0]}:{${$field}}\r\n";

  93.             }

  94.             $headers = "From: ".$cfg_adminemail."Reply-To: ".$cfg_adminemail;

  95.             $mailbody = mb_convert_encoding($mailbody, "GBK", "UTF-8");

  96.             if ($cfg_sendmail_bysmtp == 'Y' && !empty($cfg_smtp_server)) {

  97.                 $mailtype = 'TXT';

  98.                 require_once(DEDEINC.'/libraries/mail.class.php');

  99.                 $smtp = new smtp($cfg_smtp_server, $cfg_smtp_port, true, $cfg_smtp_usermail, $cfg_smtp_password);

  100.                 $smtp->debug = false;

  101.                 $smtp->sendmail($cfg_adminemail, $cfg_webname, $cfg_smtp_usermail, $mailtitle, $mailbody, $mailtype);

  102.             } else {

  103.                 @mail($cfg_adminemail, $mailtitle, $mailbody, $headers);

  104.             }

  105.             if ($diy->public == 2) {

  106.                 $goto = "diy.php?action=list&diyid={$diy->diyid}";

  107.                 $bkmsg = '提交成功,正在前往表单列表';

  108.             } else {

  109.                 $goto = 'javascript:history.go(-1);';

  110.                 $bkmsg = '提交成功,请等待平台联系';

  111.             }

  112.             ShowMsg($bkmsg, $goto);

  113.         }

  114.     }

  115. } else if ($action == 'list') {

  116.     if (empty($diy->public)) {

  117.         ShowMsg('表单已关闭前台浏览', 'javascript:;');

  118.         exit();

  119.     }

  120.     include_once DEDEINC.'/datalistcp.class.php';

  121.     if ($diy->public == 2) {

  122.         $query = "SELECT * FROM `{$diy->table}` ORDER BY id DESC";

  123.     } else {

  124.         $query = "SELECT * FROM `{$diy->table}` WHERE ifcheck=1 ORDER BY id DESC";

  125.     }

  126.     $datalist = new DataListCP();

  127.     $datalist->pagesize = 10;

  128.     $datalist->SetParameter('action', 'list');

  129.     $datalist->SetParameter('diyid', $diyid);

  130.     $datalist->SetTemplate(DEDEINC."/../theme/apps/{$diy->listTemplate}");

  131.     $datalist->SetSource($query);

  132.     $fieldlist = $diy->getFieldList();

  133.     $datalist->Display();

  134. } else if ($action == 'view') {

  135.     if (empty($diy->public)) {

  136.         showMsg('表单已关闭前台浏览', '/');

  137.         exit();

  138.     }

  139.     if (empty($id)) {

  140.         showMsg('操作失败,未指定id', '/');

  141.         exit();

  142.     }

  143.     if ($diy->public == 2) {

  144.         $query = "SELECT * FROM `{$diy->table}` WHERE id='$id' ";

  145.     } else {

  146.         $query = "SELECT * FROM `{$diy->table}` WHERE id='$id' AND ifcheck=1";

  147.     }

  148.     $row = $dsql->GetOne($query);

  149.     if (!is_array($row)) {

  150.         showmsg('您浏览的记录不存在或未审核', '-1');

  151.         exit();

  152.     }

  153.     $fieldlist = $diy->getFieldList();

  154.     include DEDEROOT."/theme/apps/{$diy->viewTemplate}";

  155. }

  156. ?>