lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-14 12:30:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

add attendance

Browse Source
This commit is contained in:
xiaomlove
2021-02-22 17:55:53 +08:00
parent d506a4ebfb
commit e30799e0f4
18 changed files with 468 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

210
public/viewrequests.php
View File

@@ -53,7 +53,7 @@ else {
break;
}
}
//if (!in_array($finished, $allowed_finished)){$limit = "finish = 'no'";(get_user_class() >= 13?$limitorder="Totalreq DESC ,":"");}
//if (!in_array($finished, $allowed_finished)){$limit = "finish = 'no'";(get_user_class() >= UC_UPLOADER?$limitorder="Totalreq DESC ,":"");}
//else $limit = ( $finished=="all" ? "1" : ( $finished=="all" ? "1" : "finish ='".$finished."'"));
@@ -111,46 +111,46 @@ else {
if (is_numeric($_GET["id"])) {
$id = $_GET["id"];
$res = sql_query("SELECT * FROM requests WHERE id ='" . $_GET["id"] . "'") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) stderr("错误", "ID不存在");
if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], $lang_functions['std_target_not_exists']);
else $arr = mysql_fetch_assoc($res);
stdhead("求种区");
print("<h1 align=center id=top>求种-" . htmlspecialchars($arr["request"]) . "</h1>\n");
stdhead($lang_viewrequests['page_title']);
print("<h1 align=center id=top>{$lang_viewrequests['request']}-" . htmlspecialchars($arr["request"]) . "</h1>\n");
print("<table width=940 cellspacing=0 cellpadding=5>\n");
$res = sql_query("SELECT * FROM resreq WHERE reqid ='" . $_GET["id"] . "'" . $limit) or sqlerr(__FILE__, __LINE__);
tr("基本信息", get_username($arr['userid']) . "发表于" . gettime($arr["added"], true, false) . "\n", 1);
tr("悬赏", "最新竞价为" . $arr['amount'] . " 原始竞价为" . $arr["ori_amount"] . "\n", 1);
tr("操作", "<a href='report.php?reportrequestid=" . $id . "' >举报</a>" .
(($arr['userid'] == $CURUSER['id'] || get_user_class() >= 13) && $arr["finish"] == "no" ? " | <a href='viewrequests.php?action=edit&id=" . $id . "' >编辑</a>" : "") . "\n" .
($arr['userid'] == $CURUSER['id'] || $arr["finish"] == "yes" ? "" : " | <a href='viewrequests.php?action=res&id=" . $id . "' >应求</a>\n") .
((get_user_class() >= 13 || $arr['userid'] == $CURUSER['id']) && $arr['finish'] == "no" ? " | <a href='viewrequests.php?action=delete&id=" . $id . "' " . (mysql_num_rows($res) ? ">删除" : "title='回收返还80%魔力值'>回收") . "</a>" : "") . "\n"
tr($lang_viewrequests['basic_info'], get_username($arr['userid']) . $lang_viewrequests['created_at'] . gettime($arr["added"], true, false) . "\n", 1);
tr($lang_viewrequests['reward'], $lang_viewrequests['newest_bidding'] . $arr['amount'] . " {$lang_viewrequests['original_bidding']}" . $arr["ori_amount"] . "\n", 1);
tr($lang_functions['std_action'], "<a href='report.php?reportrequestid=" . $id . "' >{$lang_functions['std_report']}</a>" .
(($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) && $arr["finish"] == "no" ? " | <a href='viewrequests.php?action=edit&id=" . $id . "' >{$lang_functions['title_edit']}</a>" : "") . "\n" .
($arr['userid'] == $CURUSER['id'] || $arr["finish"] == "yes" ? "" : " | <a href='viewrequests.php?action=res&id=" . $id . "' >{$lang_viewrequests['on_request']}</a>\n") .
((get_user_class() >= UC_UPLOADER || $arr['userid'] == $CURUSER['id']) && $arr['finish'] == "no" ? " | <a href='viewrequests.php?action=delete&id=" . $id . "' " . (mysql_num_rows($res) ? ">{$lang_functions['title_delete']}" : "title='{$lang_viewrequests['recycle_title']}'>{$lang_viewrequests['recycle']}") . "</a>" : "") . "\n"
, 1);
if ($arr["finish"] == "no") tr("追加悬赏", "<form action=viewrequests.php method=post> <input type=hidden name=action value=addamount><input type=hidden name=reqid value=" . $arr["id"] . "><input size=6 name=amount value=1000 ><input type=submit value=提交 > 追加悬赏每次将扣减25个魔力值作为手续费</form>", 1);
tr("介绍", format_comment(unesc($arr["descr"])), 1);
if ($arr["finish"] == "no") tr($lang_viewrequests['add_reward'], "<form action=viewrequests.php method=post> <input type=hidden name=action value=addamount><input type=hidden name=reqid value=" . $arr["id"] . "><input size=6 name=amount value=1000 ><input type=submit value={$lang_functions['submit_submit']} > {$lang_viewrequests['add_reward_desc']}</form>", 1);
tr($lang_functions['std_desc'], format_comment(unesc($arr["descr"])), 1);
$limit = ($arr['finish'] == "no" ? "" : " AND chosen = 'yes' ");
$ress = "";
if (mysql_num_rows($res) == 0) $ress = "还没有应求";
if (mysql_num_rows($res) == 0) $ress = $lang_viewrequests['no_request_yet'];
else {
if ($arr['userid'] == $CURUSER['id'] || get_user_class() >= 13)
if ($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER)
$ress .= "<form action=viewrequests.php method=post>\n<input type=hidden name=action value=confirm > <input type=hidden name=id value=" . $id . " >\n";
while ($row = mysql_fetch_array($res)) {
$each = mysql_fetch_assoc(sql_query("SELECT * FROM torrents WHERE id = '" . $row["torrentid"] . "'"));
if (mysql_num_rows(sql_query("SELECT * FROM torrents WHERE id = '" . $row["torrentid"] . "'")) == 1)
$ress .= (($arr['userid'] == $CURUSER['id'] || get_user_class() >= 13) && $arr['finish'] == "no" ? "<input type=checkbox name=torrentid[] value=" . $each["id"] . ">" : "") . "<a href='details.php?id=" . $each["id"] . "&hit=1' >" . $each["name"] . "</a> " . ($arr['finish'] == "no" ? "" : "by " . get_username($each[owner])) . "<br/>\n";
$ress .= (($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) && $arr['finish'] == "no" ? "<input type=checkbox name=torrentid[] value=" . $each["id"] . ">" : "") . "<a href='details.php?id=" . $each["id"] . "&hit=1' >" . $each["name"] . "</a> " . ($arr['finish'] == "no" ? "" : "by " . get_username($each[owner])) . "<br/>\n";
}
$ress .= "";
if (($arr['userid'] == $CURUSER['id'] || get_user_class() >= 13) && $arr['finish'] == "no")
$ress .= "<input type=submit value=使用勾选的资源作为所需资源>\n";
if (($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) && $arr['finish'] == "no")
$ress .= "<input type=submit value={$lang_viewrequests['btn_select_text']}>\n";
$ress .= "</form>\n";
}
tr("应求", $ress, 1);
tr($lang_viewrequests['request'], $ress, 1);
print("</table><br/><br/>\n");
$count = get_row_count("comments", "WHERE request=" . sqlesc($_GET["id"]));
if ($count) {
print("<br /><br />");
print("<h1 align=\"center\" id=\"startcomments\">评论</h1>\n");
print("<h1 align=\"center\" id=\"startcomments\">{$lang_functions['std_comment']}</h1>\n");
list($pagertop, $pagerbottom, $limit) = pager(10, $count, "viewrequests.php?action=view&id=" . $_GET["id"] . "&", array('lastpagedefault' => 1), "page");
$subres = sql_query("SELECT * FROM comments WHERE request=" . sqlesc($_GET["id"]) . " ORDER BY id $limit") or sqlerr(__FILE__, __LINE__);
@@ -170,70 +170,70 @@ else {
<tr><td class=\"text\" align=\"center\"><b>" . $lang_details['text_quick_comment'] . "</b><br /><br />
<form id=\"compose\" name=\"comment\" method=\"post\" action=\"" . htmlspecialchars("comment.php?action=add&type=request") . "\" onsubmit=\"return postvalid(this);\">
<input type=\"hidden\" name=\"pid\" value=\"" . $id . "\" /><br />");
quickreply('comment', 'body', "添加");
quickreply('comment', 'body', $lang_functions['std_quick_comment']);
print("</form></td></tr></table>");
print ("
<a class=\"index\" href='comment.php?action=add&pid=$id&type=request'>添加评论</a></td></tr></table>");
<a class=\"index\" href='comment.php?action=add&pid=$id&type=request'>{$lang_functions['title_add_comments']}</a></td></tr></table>");
stdfoot();
} else stderr("出错了!!!", "ID不存在");
} else stderr($lang_functions['std_error'], $lang_functions['std_target_not_exists']);
die;
break;
}
case "edit":
{
if (!is_numeric($_GET["id"])) stderr("出错了!!!", "求种ID必须为数字");
if (!is_numeric($_GET["id"])) stderr($lang_functions['std_error'], $lang_functions['std_target_not_exists']);
$res = sql_query("SELECT * FROM requests WHERE id ='" . $_GET["id"] . "'") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) stderr("出错了!", "该求种已被删除!");
if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], $lang_functions['std_target_not_exists']);
$arr = mysql_fetch_assoc($res);
if ($arr["finish"] == "yes") stderr("出错了!", "该求种已完成!");
if ($arr['userid'] == $CURUSER['id'] || get_user_class() >= 13) {
stdhead("编辑求种");
if ($arr["finish"] == "yes") stderr($lang_functions['std_error'], $lang_viewrequests['request_already_resolved']);
if ($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) {
stdhead($lang_functions['title_edit'] . $lang_viewrequests['request']);
print(
"<form id=edit method=post name=edit action=viewrequests.php >\n
<input type=hidden name=action value=takeedit >
<input type=hidden name=reqid value=" . $_GET["id"] . " >
");
print("<table width=940 cellspacing=0 cellpadding=3><tr><td class=colhead align=center colspan=2>编辑求种</td></tr>");
tr("标题", "<input name=request value=\"" . $arr["request"] . "\" size=134 ><br/>", 1);
print("<tr><td class=rowhead align=right valign=top><b>介绍</b></td><td class=rowfollow align=left>");
print("<table width=940 cellspacing=0 cellpadding=3><tr><td class=colhead align=center colspan=2>{$lang_functions['title_edit']}{$lang_viewrequests['request']}</td></tr>");
tr("{$lang_functions['col_name']}", "<input name=request value=\"" . $arr["request"] . "\" size=134 ><br/>", 1);
print("<tr><td class=rowhead align=right valign=top><b>{$lang_functions['std_desc']}</b></td><td class=rowfollow align=left>");
textbbcode("edit", "descr", $arr["descr"]);
print("</td></tr>");
print("</td></tr><tr><td class=toolbox align=center colspan=2><input id=qr type=submit class=btn value=编辑求种 ></td></tr></table></form><br />\n");
print("</td></tr><tr><td class=toolbox align=center colspan=2><input id=qr type=submit class=btn value={$lang_functions['text_edit']}{$lang_viewrequests['request']} ></td></tr></table></form><br />\n");
stdfoot();
die;
} else stderr("出错了!!!", "你没有该权限!!!<a href='viewrequests.php?action=view&id=" . $_GET["id"] . "'>点击这里返回</a>", 0);
} else stderr($lang_functions['std_error'], "{$lang_functioins['std_permission_denied']}<a href='viewrequests.php?action=view&id=" . $_GET["id"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
}
case "new":
{
if (get_user_class() >= 1) {
stdhead("新增求种");
stdhead($lang_viewrequests['add_request']);
print(
"<form id=edit method=post name=edit action=viewrequests.php >\n<input type=hidden name=action value=takeadded >\n");
print("<table width=940 cellspacing=0 cellpadding=3><tr><td class=colhead align=center colspan=2>新增求种</td></tr>\n");
tr("标题", "<input name=request size=134><br/>", 1);
tr("悬赏", "<input name=amount size=11 value=2000>赏金不得低于100魔力值每次求种将扣去100魔力值作为手续费。<br/>", 1);
print("<tr><td class=rowhead align=right valign=top><b>介绍</b></td><td class=rowfollow align=left>");
print("<table width=940 cellspacing=0 cellpadding=3><tr><td class=colhead align=center colspan=2>{$lang_viewrequests['add_request']}</td></tr>\n");
tr("{$lang_functions['col_name']}", "<input name=request size=134><br/>", 1);
tr("{$lang_viewrequests['reward']}", "<input name=amount size=11 value=2000>{$lang_viewrequests['add_request_desc']}<br/>", 1);
print("<tr><td class=rowhead align=right valign=top><b>{$lang_functions['std_desc']}</b></td><td class=rowfollow align=left>");
textbbcode("edit", "descr", $arr["descr"]);
print("</td></tr>");
print("<tr><td class=toolbox style=vertical-align: middle; padding-top: 10px; padding-bottom: 10px; align=center colspan=2><input id=qr type=submit value=新增求种 class=btn /></td></tr></table></form><br />\n");
print("<tr><td class=toolbox style=vertical-align: middle; padding-top: 10px; padding-bottom: 10px; align=center colspan=2><input id=qr type=submit value={$lang_viewrequests['add_request']} class=btn /></td></tr></table></form><br />\n");
stdfoot();
die;
} else stderr("出错了!!!", "你没有该权限!!!<a href='viewrequests.php'>点击这里返回</a>", 0);
} else stderr($lang_functions['std_error'], "{$lang_functions['std_permission_denied']}<a href='viewrequests.php'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
}
case "newmessage":
{
{
stdhead("回复");
stdhead($lang_functions['text_reply']);
//<input type=hidden name=id value=$id ><br />");
@@ -249,12 +249,12 @@ else {
print("<tr><td class=rowfollow align=left>");
if ($ruserid) {
textbbcode("reply", "message", "[b]回复:" . get_plain_username($ruserid) . "[/b]\n");
textbbcode("reply", "message", "[b]{$lang_functions['text_reply']}:" . get_plain_username($ruserid) . "[/b]\n");
print("<input id=ruserid type=hidden value=$ruserid />");
} else
textbbcode("reply", "message");
print("</td></tr>");
print("</table><input id=qr type=submit value=添加评论 class=btn /></form><br />\n");
print("</table><input id=qr type=submit value={$lang_functions['title_add_comments']} class=btn /></form><br />\n");
stdfoot();
die;
@@ -265,15 +265,15 @@ else {
{
{
stdhead("搜索");
stdhead($lang_functions['text_search']);
print("<table border=1 cellspacing=0 cellpadding=5>\n");
print("<tr><td class=colhead align=left>搜索</td></tr>\n");
print("<tr><td class=colhead align=left>{$lang_functions['text_search']}</td></tr>\n");
print("<tr><td class=toolbox align=left><form method=\"post\" action='viewrequests.php'>\n");
print("<input type=\"text\" name=\"query\" style=\"width:500px\" >\n");
print("<input type=\"hidden\" name=\"action\" value='list'>");
print("<input type=submit value='搜索'></form>\n");
print("<input type=submit value='{$lang_functions['text_search']}'></form>\n");
print("</td></tr></table><br />\n");
@@ -284,52 +284,52 @@ else {
}
case "takeadded":
{
if (!$_POST["descr"]) stderr("出错了!", "介绍未填!<a href='viewrequests.php?action=new'>点击这里返回</a>", 0);
if (!$_POST["request"]) stderr("出错了!", "名称未填!<a href='viewrequests.php?action=new'>点击这里返回</a>", 0);
if (!$_POST["amount"]) stderr("出错了!", "赏金未填!<a href='viewrequests.php?action=new'>点击这里返回</a>", 0);
if (!is_numeric($_POST["amount"])) stderr("出错了!!!", "赏金必须为数字!<a href=viewrequests.php?action=new>点击这里返回</a>", 0);
if (!$_POST["descr"]) stderr($lang_functions['std_error'], "{$lang_viewrequests['description_required']}<a href='viewrequests.php?action=new'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
if (!$_POST["request"]) stderr($lang_functions['std_error'], "{$lang_viewrequests['name_required']}<a href='viewrequests.php?action=new'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
if (!$_POST["amount"]) stderr($lang_functions['std_error'], "{$lang_viewrequests['amount_required']}<a href='viewrequests.php?action=new'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
if (!is_numeric($_POST["amount"])) stderr($lang_functions['std_error'], "{$lang_viewrequests['amount_must_be_numeric']}<a href=viewrequests.php?action=new>{$lang_functions['std_click_here_to_goback']}</a>", 0);
$amount = $_POST["amount"];
if ($amount < 100) stderr("出错了!", "发布求种赏金不得小于100个魔力值<a href='viewrequests.php?action=new'>点击这里返回</a>", 0);
if ($amount > 10000) stderr("出错了!", "发布求种赏金不得大于10000个魔力值<a href='viewrequests.php?action=new'>点击这里返回</a>", 0);
if ($amount < 100) stderr($lang_functions['std_error'], "{$lang_viewrequests['add_request_amount_minimum']}<a href='viewrequests.php?action=new'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
if ($amount > 10000) stderr($lang_functions['std_error'], "{$lang_viewrequests['add_request_amount_maximum']}<a href='viewrequests.php?action=new'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
$amount += 100;
if ($amount + 100 > $CURUSER['seedbonus']) stderr("出错了!", "你没有那么多魔力值!!!<a href='viewrequests.php?action=new'>点击这里返回</a>", 0);
if ($amount + 100 > $CURUSER['seedbonus']) stderr($lang_functions['std_error'], "{$lang_viewrequests['bouns_not_enough']}<a href='viewrequests.php?action=new'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
if (get_user_class() >= 1) {
sql_query("UPDATE users SET seedbonus = seedbonus - " . $amount . " WHERE id = " . $CURUSER['id']);
sql_query("UPDATE users SET seedbonus = seedbonus - " . $amount . " WHERE id = " . sqlesc($CURUSER['id']));
sql_query("INSERT requests ( request , descr, ori_descr ,amount , ori_amount , userid ,added ) VALUES ( " . sqlesc($_POST["request"]) . " , " . sqlesc($_POST["descr"]) . " , " . sqlesc($_POST["descr"]) . " , " . sqlesc($_POST["amount"]) . " , " . sqlesc($_POST["amount"]) . " , " . sqlesc($CURUSER['id']) . " , '" . date("Y-m-d H:i:s") . "' )") or sqlerr(__FILE__, __LINE__);
// shoutbox_into('[rid' . ($id = mysql_insert_id()) . ']');
$id = mysql_insert_id();
stderr("成功", "新增求种成功<a href='viewrequests.php?action=view&id=" . $id . "'>点击这里返回</a>", 0);
} else stderr("出错了!!!", "你没有该权限!!!<a href='viewrequests.php'>点击这里返回</a>", 0);
stderr($lang_functions['std_success'], "{$lang_viewrequests['add_request_success']}<a href='viewrequests.php?action=view&id=" . $id . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
} else stderr($lang_functions['std_error'], "{$lang_functions['std_permission_denied']}<a href='viewrequests.php'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
die;
break;
}
case "takeedit":
{
if (!is_numeric($_POST["reqid"])) stderr("出错了!!!", "求种ID必须为数字<a href='viewrequests.php?action=edit&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
$res = sql_query("SELECT * FROM requests WHERE id ='" . $_POST["reqid"] . "'") or sqlerr(__FILE__, __LINE__);
if (!$_POST["descr"]) stderr("出错了!!!", "介绍未填!<a href='viewrequests.php?action=edit&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
if (!$_POST["request"]) stderr("出错了!!!", "名称未填!<a href='viewrequests.php?action=edit&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
if (mysql_num_rows($res) == 0) stderr("出错了!", "该求种已被删除!<a href='viewrequests.php'>点击这里返回</a>", 0);
if (!is_numeric($_POST["reqid"])) stderr($lang_functions['std_error'], "{$lang_viewrequests['request_id_must_be_numeric']}<a href='viewrequests.php?action=edit&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
$res = sql_query("SELECT * FROM requests WHERE id ='" . sqlesc( $_POST["reqid"]) . "'") or sqlerr(__FILE__, __LINE__);
if (!$_POST["descr"]) stderr($lang_functions['std_error'], "{$lang_viewrequests['description_required']}<a href='viewrequests.php?action=edit&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
if (!$_POST["request"]) stderr($lang_functions['std_error'], "{$lang_viewrequests['name_required']}<a href='viewrequests.php?action=edit&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], "{$lang_viewrequests['request_deleted']}<a href='viewrequests.php'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
$arr = mysql_fetch_assoc($res);
if ($arr["finish"] == "yes") stderr("出错了!", "该求种已完成!<a href='viewrequests.php?action=view&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
if ($arr['userid'] == $CURUSER['id'] || get_user_class() >= 13) {
sql_query("UPDATE requests SET descr = " . sqlesc($_POST["descr"]) . " , request = " . sqlesc($_POST["request"]) . " WHERE id ='" . $_POST["reqid"] . "'") or sqlerr(__FILE__, __LINE__);
stderr("成功", "编辑成功<a href='viewrequests.php?action=view&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
} else stderr("出错了!!!", "你没有该权限!!!<a href='viewrequests.php?action=view&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
if ($arr["finish"] == "yes") stderr($lang_functions['std_error'], "{$lang_viewrequests['request_already_resolved']}<a href='viewrequests.php?action=view&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
if ($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) {
sql_query("UPDATE requests SET descr = " . sqlesc($_POST["descr"]) . " , request = " . sqlesc($_POST["request"]) . " WHERE id ='" . sqlesc($_POST["reqid"]) . "'") or sqlerr(__FILE__, __LINE__);
stderr($lang_functions['std_success'], "{$lang_viewrequests['edit_request_success']}<a href='viewrequests.php?action=view&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
} else stderr($lang_functions['std_error'], "{$lang_functions['std_permission_denied']}<a href='viewrequests.php?action=view&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
die;
break;
}
case "res":
{
stdhead("应求");
stdmsg("我要应求", "
stdhead($lang_viewrequests['request']);
stdmsg($lang_viewrequests['do_request'], "
<form action=viewrequests.php method=post>
<input type=hidden name=action value=takeres />
<input type=hidden name=reqid value=\"" . $_GET["id"] . "\" />
请输入种子的ID:http://$BASEURL/details.php?id=<input type=text name=torrentid size=11/>
<input type=submit value=提交></form><a href='viewrequests.php?action=view&id=" . $_GET["id"] . "'>点击这里返回</a>", 0);
{$lang_viewrequests['type_in_torrent_id']}:http://$BASEURL/details.php?id=<input type=text name=torrentid size=11/>
<input type=submit value={$lang_functions['submit_submit']}></form><a href='viewrequests.php?action=view&id=" . $_GET["id"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
stdfoot();
die;
break;
@@ -337,80 +337,80 @@ else {
case "takeres":
{
if (!is_numeric($_POST["reqid"])) stderr("出错了!!!", "不要试图入侵系统!");
if (!is_numeric($_POST["reqid"])) stderr($lang_functions['std_error'], $lang_viewrequests['request_id_must_be_numeric']);
$res = sql_query("SELECT * FROM requests WHERE id ='" . $_POST["reqid"] . "'") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) stderr("出错了!", "该求种已被删除!<a href='viewrequests.php'>点击这里返回</a>", 0);
if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], "{$lang_viewrequests['request_deleted']}<a href='viewrequests.php'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
$arr = mysql_fetch_assoc($res);
if ($arr["finish"] == "yes") stderr("出错了!", "该求种已完成!<a href='viewrequests.php?action=view&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
if (!is_numeric($_POST["torrentid"])) stderr("出错了!!!", "种子ID必须为数字<a href='viewrequests.php?action=res&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
if ($arr["finish"] == "yes") stderr($lang_functions['std_error'], "{$lang_viewrequests['request_already_resolved']}<a href='viewrequests.php?action=view&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
if (!is_numeric($_POST["torrentid"])) stderr($lang_functions['std_error'], "{$lang_viewrequests['request_id_must_be_numeric']}<a href='viewrequests.php?action=res&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
$res = sql_query("SELECT * FROM torrents WHERE id ='" . $_POST["torrentid"] . "'") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) stderr("出错了!", "该种子不存在!<a href='viewrequests.php?action=res&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], "{$lang_functions['std_target_not_exists']}<a href='viewrequests.php?action=res&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
$tor = mysql_fetch_assoc($res);
if ($tor[last_seed] == "0000-00-00 00:00:00") stderr("出错了!!!", "该种子尚未正式发布!<a href='viewrequests.php?action=res&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
if ($tor[last_seed] == "0000-00-00 00:00:00") stderr($lang_functions['std_error'], "{$lang_viewrequests['torrent_not_release_yet']}<a href='viewrequests.php?action=res&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
if (get_row_count('resreq', "where reqid ='" . $_POST["reqid"] . "' and torrentid='" . $_POST["torrentid"] . "'"))
stderr("出错了!!!", "该应求已经存在!<a href='viewrequests.php?action=res&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
stderr($lang_functions['std_error'], "{$lang_viewrequests['supply_already_exists']}<a href='viewrequests.php?action=res&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
sql_query("INSERT resreq (reqid , torrentid) VALUES ( '" . $_POST["reqid"] . "' , '" . $_POST["torrentid"] . "')");
$added = sqlesc(date("Y-m-d H:i:s"));
$subject = sqlesc("有人应求你的求种请求,请及时确认该应求");
$notifs = sqlesc("求种名称:[url=viewrequests.php?id=$arr[id]] " . $arr['request'] . "[/url],请及时确认该应求.");
$subject = sqlesc($lang_viewrequests['message_please_confirm_supply']);
$notifs = sqlesc("{$lang_viewrequests['request_name']}:[url=viewrequests.php?id=$arr[id]] " . $arr['request'] . "[/url],{$lang_viewrequests['please_confirm_supply']}.");
sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, " . $arr['userid'] . ", $subject, $notifs, $added)") or sqlerr(__FILE__, __LINE__);
stderr("成功", "应求成功<a href='viewrequests.php?action=view&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
stderr($lang_functions['std_success'], "{$lang_viewrequests['supply_success']}<a href='viewrequests.php?action=view&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
die;
break;
}
case "addamount":
{
if (!is_numeric($_POST["reqid"])) stderr("出错了!!!", "不要试图入侵系统");
if (!is_numeric($_POST["reqid"])) stderr($lang_functions['std_error'], $lang_viewrequests['request_id_must_be_numeric']);
$res = sql_query("SELECT * FROM requests WHERE id ='" . $_POST["reqid"] . "'") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) stderr("出错了!", "该求种已被删除!");
if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], $lang_viewrequests['request_deleted']);
$arr = mysql_fetch_assoc($res);
if ($arr["finish"] == "yes") stderr("出错了!", "该求种已完成!");
if (!is_numeric($_POST["amount"])) stderr("出错了!", "赏金必须为数字!");
if ($arr["finish"] == "yes") stderr($lang_functions['std_error'], $lang_viewrequests['request_already_resolved']);
if (!is_numeric($_POST["amount"])) stderr($lang_functions['std_error'], $lang_viewrequests['amount_must_be_numeric']);
$amount = $_POST["amount"];
if ($amount < 100) stderr("出错了!", "追加悬赏赏金不得小于100个魔力值");
if ($amount > 5000) stderr("出错了!", "追加悬赏赏金不得大于5000个魔力值");
if ($amount < 100) stderr($lang_functions['std_error'], $lang_viewrequests['add_reward_amount_minimum']);
if ($amount > 5000) stderr($lang_functions['std_error'], $lang_viewrequests['add_reward_amount_maximum']);
$amount += 25;
if ($amount > $CURUSER['seedbonus']) stderr("出错了!", "你没有那么多魔力值!");
if ($amount > $CURUSER['seedbonus']) stderr($lang_functions['std_error'], $lang_viewrequests['bouns_not_enough']);
sql_query("UPDATE users SET seedbonus = seedbonus - " . $amount . " WHERE id = " . $CURUSER['id']);
sql_query("UPDATE requests SET amount = amount + " . $_POST["amount"] . " WHERE id = " . $_POST["reqid"]);
stderr("成功", "追加悬赏成功<a href='viewrequests.php?action=view&id=" . $_POST["reqid"] . "'>点击这里返回</a>", 0);
stderr($lang_functions['std_success'], "{$lang_viewrequests['add_reward_success']}<a href='viewrequests.php?action=view&id=" . $_POST["reqid"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
die;
break;
}
case "delete":
{
if (!is_numeric($_GET["id"])) stderr("出错了!!!", "求种ID必须为数字");
if (!is_numeric($_GET["id"])) stderr($lang_functions['std_error'], $lang_viewrequests['request_id_must_be_numeric']);
$res = sql_query("SELECT * FROM requests WHERE id ='" . $_GET["id"] . "'") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) stderr("出错了!", "该求种已被删除!");
if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], $lang_viewrequests['request_deleted']);
$arr = mysql_fetch_assoc($res);
if (get_user_class() >= 13 || $arr['userid'] == $CURUSER["id"] && $arr['finish'] == 'no') {
if (get_user_class() >= UC_UPLOADER || $arr['userid'] == $CURUSER["id"] && $arr['finish'] == 'no') {
if (!get_row_count("resreq", "WHERE reqid=" . sqlesc($_GET["id"]))) {
KPS("+", $arr['amount'] * 8 / 10, $arr['userid']);
}
sql_query("DELETE FROM requests WHERE id ='" . $_GET["id"] . "'") or sqlerr(__FILE__, __LINE__);
sql_query("DELETE FROM resreq WHERE reqid ='" . $_GET["id"] . "'") or sqlerr(__FILE__, __LINE__);
sql_query("DELETE FROM comments WHERE request ='" . $_GET["id"] . "'") or sqlerr(__FILE__, __LINE__);
stderr("成功", "删除求种成功,<a href='viewrequests.php'>点击这里返回</a>", 0);
} else stderr("出错了!!!", "你没有该权限!!!");
stderr($lang_functions['std_success'], "{$lang_viewrequests['delete_request_success']}<a href='viewrequests.php'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
} else stderr($lang_functions['std_error'], "{$lang_functions['std_permission_denied']}");
die;
break;
}
case "confirm":
{
if (!is_numeric($_POST["id"])) stderr("出错了!!!", "不要试图入侵系统");
if (!is_numeric($_POST["id"])) stderr($lang_functions['std_error'], $lang_viewrequests['request_id_must_be_numeric']);
$res = sql_query("SELECT * FROM requests WHERE id ='" . $_POST["id"] . "'") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) stderr("出错了!", "该求种已被删除!");
if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], $lang_viewrequests['request_deleted']);
$arr = mysql_fetch_assoc($res);
if (empty($_POST["torrentid"])) stderr("出错了!", "你没有选择符合条件的应求!");
if (empty($_POST["torrentid"])) stderr($lang_functions['std_error'], $lang_functions['std_target_not_exists']);
else $torrentid = $_POST["torrentid"];
if ($arr['userid'] == $CURUSER['id'] || get_user_class() >= 13) {
if ($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) {
$amount = $arr["amount"] / count($torrentid);
sql_query("UPDATE requests SET finish = 'yes' WHERE id = " . $_POST["id"]);
sql_query("UPDATE resreq SET chosen = 'yes' WHERE reqid = " . $_POST["id"] . " AND ( torrentid = '" . join("' OR torrentid = '", $torrentid) . "' )") or sqlerr(__FILE__, __LINE__);
@@ -420,13 +420,13 @@ else {
$owner[] = $row[0];
$added = sqlesc(date("Y-m-d H:i:s"));
$subject = sqlesc("你的种子被人应求");
$notifs = sqlesc("求种名称:[url=viewrequests.php?id=$arr[id]] " . $arr['request'] . "[/url].你获得: $amount 魔力值");
$subject = sqlesc($lang_viewrequests['torrent_is_picked_for_request']);
$notifs = sqlesc("{$lang_viewrequests['request_name']}:[url=viewrequests.php?id=$arr[id]] " . $arr['request'] . "[/url].{$lang_functions['std_you_will_get']}: $amount {$lang_functions['text_bonus']}");
sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, " . $row[0] . ", $subject, $notifs, $added)") or sqlerr(__FILE__, __LINE__);
}
sql_query("UPDATE users SET seedbonus = seedbonus + $amount WHERE id = '" . join("' OR id = '", $owner) . "'") or sqlerr(__FILE__, __LINE__);
stderr("成功", "确认成功<a href='viewrequests.php?action=view&id=" . $_POST["id"] . "'>点击这里返回</a>", 0);
stderr($lang_functions['std_success'], "{$lang_viewrequests['confirm_request_success']}<a href='viewrequests.php?action=view&id=" . $_POST["id"] . "'>{$lang_functions['std_click_here_to_goback']}</a>", 0);
}
@@ -434,13 +434,13 @@ else {
case "message":
{
if (!is_numeric($_POST["id"])) stderr("出错了!!!", "不要试图入侵系统");
if (!is_numeric($_POST["id"])) stderr($lang_functions['std_error'], $lang_viewrequests['request_id_must_be_numeric']);
$res = sql_query("SELECT * FROM requests WHERE id ='" . $_POST["id"] . "'") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) stderr("出错了!", "该求种已被删除!");
if (!$_POST["message"]) stderr("出错了!", "留言不能为空!");
if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], $lang_viewrequests['request_deleted']);
if (!$_POST["message"]) stderr($lang_functions['std_error'], $lang_viewrequests['message_required']);
$arr = mysql_fetch_assoc($res);
$message = $arr["message"];
$message .= "<tr><td width=240>" . $CURUSER["username"] . "添加于" . date("Y-m-d H:i:s") . "</td><td>" . $_POST["message"] . "</td></tr>";
$message .= "<tr><td width=240>{$lang_functions['std_by']}" . $CURUSER["username"] . $lang_viewrequests['request_created_at']. date("Y-m-d H:i:s") . "</td><td>" . $_POST["message"] . "</td></tr>";
//sql_query("UPDATE requests SET message = '".$message."' WHERE id = ".$_POST["id"])or sqlerr(__FILE__, __LINE__);
@@ -448,10 +448,10 @@ else {
//sql_query("INSERT reqcommen (user , added ,text ,reqid) VALUES ( '".$CURUSER["id"]."' , ".sqlesc(date("Y-m-d H:i:s"))." , ".sqlesc($_POST["message"])." , '".$_POST["id"]."' )");
sql_query("INSERT INTO comments (user, request, added, text, ori_text) VALUES (" . $CURUSER["id"] . ",{$_POST['id']}, '" . date("Y-m-d H:i:s") . "', " . sqlesc($_POST["message"]) . "," . sqlesc($_POST["message"]) . ")");
if ($CURUSER["id"] <> $arr['userid']) sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, " . $arr['userid'] . ", '你的求种请求收到新回复', " . sqlesc(" [url=viewrequests.php?action=view&id={$_POST['id']}] " . $arr['request'] . "[/url].") . ", " . sqlesc(date("Y-m-d H:i:s")) . ")") or sqlerr(__FILE__, __LINE__);
if ($CURUSER["id"] <> $arr['userid']) sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, " . $arr['userid'] . ", '{$lang_viewrequests['request_get_new_reply']}', " . sqlesc(" [url=viewrequests.php?action=view&id={$_POST['id']}] " . $arr['request'] . "[/url].") . ", " . sqlesc(date("Y-m-d H:i:s")) . ")") or sqlerr(__FILE__, __LINE__);
$ruserid = 0 + $_POST["ruserid"];
if ($ruserid <> $CURUSER["id"] && $ruserid <> $arr['userid']) sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, " . $ruserid . ", '你的求种评论收到新回复', " . sqlesc(" [url=viewrequests.php?action=view&id={$_POST['id']}] " . $arr['request'] . "[/url].") . ", " . sqlesc(date("Y-m-d H:i:s")) . ")") or sqlerr(__FILE__, __LINE__);
if ($ruserid <> $CURUSER["id"] && $ruserid <> $arr['userid']) sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, " . $ruserid . ", '{$lang_viewrequests['request_comment_get_new_reply']}', " . sqlesc(" [url=viewrequests.php?action=view&id={$_POST['id']}] " . $arr['request'] . "[/url].") . ", " . sqlesc(date("Y-m-d H:i:s")) . ")") or sqlerr(__FILE__, __LINE__);
header("Location: viewrequests.php?action=view&id=" . $_POST['id']);
}