Accueil Explorer Aide
S'inscrire Connexion
roobe
/
zijia
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Branche: online
Branches Tags
zijia
/
source
/
plugin
/
security
/
table
/
table_security_evilpost.php

table_security_evilpost.php 8.0 KB
Lien permanent Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  *      [Discuz!] (C)2001-2099 Comsenz Inc.
    5. 

  5.  *      This is NOT a freeware, use is subject to license terms
    6. 

  6.  *
    7. 

  7.  *      $Id: table_security_evilpost.php 29265 2012-03-31 06:03:26Z yexinhao $
    8. 

  8.  */
    9. 

  9. 

  10. if(!defined('IN_DISCUZ')) {
    11. 

  11. 	exit('Access Denied');
    12. 

  12. }
    13. 

  13. 

  14. class table_security_evilpost extends discuz_table {
    15. 

  15. 

  16. 	public function __construct() {
    17. 

  17. 		$this->_table = 'security_evilpost';
    18. 

  18. 		$this->_pk = 'pid';
    19. 

  19. 

  20. 		parent::__construct();
    21. 

  21. 	}
    22. 

  22. 

  23. 	public function fetch_all_report($limit = 20) {
    24. 

  24. 		return DB::fetch_all("SELECT * FROM %t WHERE isreported = 0 AND operateresult > 0 LIMIT %d", array($this->_table, $limit));
    25. 

  25. 	}
    26. 

  26. 

  27. 	public function range_by_operateresult($operateresult, $start, $limit) {
    28. 

  28. 

  29. 		return DB::fetch_all('SELECT * FROM %t WHERE ' . DB::field('operateresult', $operateresult) . ' ' . DB::limit($start, $limit), array($this->_table), $this->_pk);
    30. 

  30. 	}
    31. 

  31. 

  32. 	public function count_by_type($type) {
    33. 

  33. 		$type = $type ? 1 : 0;
    34. 

  34. 		$count = (int) DB::result_first("SELECT count(*) FROM %t WHERE type = %d", array($this->_table, $type));
    35. 

  35. 		return $count;
    36. 

  36. 	}
    37. 

  37. 

  38. 	public function fetch_range_by_type($type, $start, $perPage = '20', $orderBy = 'createtime') {
    39. 

  39. 		$type = $type ? 1 : 0;
    40. 

  40. 		$orderSql = " ORDER BY $orderBy DESC ";
    41. 

  41. 		$limitSql = DB::limit($start, $perPage);
    42. 

  42. 		$return = DB::fetch_all("SELECT * FROM %t WHERE type = %d %i %i", array($this->_table, $type, $orderSql, $limitSql));
    43. 

  43. 		return $return;
    44. 

  44. 	}
    45. 

  45. 

  46. 	public function update_result($operateResult, $pids) {
    47. 

  47. 		$operateResult = $operateResult ? 1 : 0;
    48. 

  48. 		if (!isset($pids)) {
    49. 

  49. 			return false;
    50. 

  50. 		}
    51. 

  51. 

  52. 		$updateData = array('operateresult' => $operateResult);
    53. 

  53. 		$updateCondition = DB::field('pid', $pids);
    54. 

  54. 		return DB::update($this->_table, $updateData, $updateCondition);
    55. 

  55. 	}
    56. 

  56. 

  57. 	public function update_reported($isReported, $pids) {
    58. 

  58. 		$isReported = $isReported ? 1 : 0;
    59. 

  59. 		if (!isset($pids)) {
    60. 

  60. 			return false;
    61. 

  61. 		}
    62. 

  62. 

  63. 		$updateData = array('isreported' => $isReported);
    64. 

  64. 		$updateCondition = DB::field('pid', $pids);
    65. 

  65. 		return DB::update($this->_table, $updateData, $updateCondition);
    66. 

  66. 	}
    67. 

  67. 

  68. 	public function update_by_pid_type($data, $pid, $type) {
    69. 

  69. 		if(!empty($data) && is_array($data)) {
    70. 

  70. 			return DB::update($this->_table, $data, array(DB::field($this->_pk, $pid), DB::field('type', $type)));
    71. 

  71. 		}
    72. 

  72. 		return 0;
    73. 

  73. 	}
    74. 

  74. 

  75. 	public function update_by_tid($ids, $data) {
    76. 

  76. 		if(!empty($data) && is_array($data)) {
    77. 

  77. 			return DB::update($this->_table, $data, DB::field('tid', $ids));
    78. 

  78. 		}
    79. 

  79. 		return 0;
    80. 

  80. 	}
    81. 

  81. 

  82. 	public function count_by_recyclebine($fid = 0, $isgroup = 0, $author = array(), $username = array(), $pstarttime = 0, $pendtime = 0, $mstarttime = 0, $mendtime = 0, $keywords = '') {
    83. 

  83. 		$sql = $this->recyclebine_where($fid, $isgroup, $author, $username, $pstarttime, $pendtime, $mstarttime, $mendtime, $keywords);
    84. 

  84. 		return DB::result_first('SELECT COUNT(*) FROM '.DB::table('forum_thread').' t INNER JOIN '.DB::table('security_evilpost').' s ON s.tid = t.tid LEFT JOIN '.DB::table('forum_threadmod').' tm ON tm.tid=t.tid '.$sql[0], $sql[1]);
    85. 

  85. 	}
    86. 

  86. 

  87. 	private function recyclebine_where($fid = 0, $isgroup = 0, $authors = array(), $username = array(), $pstarttime = 0, $pendtime = 0, $mstarttime = 0, $mendtime = 0, $keywords = '') {
    88. 

  88. 		$parameter = array();
    89. 

  89. 		$wherearr = array('t.displayorder=-1', 'tm.action=\'DEL\'', 's.type=1');
    90. 

  90. 		if($fid) {
    91. 

  91. 			$parameter[] = $fid;
    92. 

  92. 			$wherearr[] = is_array($fid) ? 't.fid IN(%n)' : 't.fid=%d';
    93. 

  93. 		}
    94. 

  94. 		if($isgroup) {
    95. 

  95. 			$wherearr[] = 't.isgroup=1';
    96. 

  96. 		}
    97. 

  97. 		if(!empty($authors)) {
    98. 

  98. 			$parameter[] = $authors;
    99. 

  99. 			$wherearr[] = is_array($authors) ? 't.author IN(%n)' : 't.author=%s';
    100. 

  100. 		}
    101. 

  101. 		if(!empty($username)) {
    102. 

  102. 			$parameter[] = $username;
    103. 

  103. 			$wherearr[] = is_array($username) ? 'tm.username IN(%n)' : 'tm.username=%s';
    104. 

  104. 		}
    105. 

  105. 		if($pstarttime) {
    106. 

  106. 			$parameter[] = $pstarttime;
    107. 

  107. 			$wherearr[] = 't.dateline>=%d';
    108. 

  108. 		}
    109. 

  109. 		if($pendtime) {
    110. 

  110. 			$parameter[] = $pendtime;
    111. 

  111. 			$wherearr[] = 't.dateline<%d';
    112. 

  112. 		}
    113. 

  113. 		if($mstarttime) {
    114. 

  114. 			$parameter[] = $mstarttime;
    115. 

  115. 			$wherearr[] = 'tm.dateline>=%d';
    116. 

  116. 		}
    117. 

  117. 		if($mendtime) {
    118. 

  118. 			$parameter[] = $mendtime;
    119. 

  119. 			$wherearr[] = 'tm.dateline<%d';
    120. 

  120. 		}
    121. 

  121. 		if($keywords) {
    122. 

  122. 			$keysql = array();
    123. 

  123. 			foreach(explode(',', str_replace(' ', '', $keywords)) as $keyword) {
    124. 

  124. 				$parameter[] = '%'.$keywords.'%';
    125. 

  125. 				$keysql[] = "t.subject LIKE %s";
    126. 

  126. 			}
    127. 

  127. 			if($keysql) {
    128. 

  128. 				$wherearr[] = '('.implode(' OR ', $keysql).')';
    129. 

  129. 			}
    130. 

  130. 		}
    131. 

  131. 		$wheresql = !empty($wherearr) && is_array($wherearr) ? ' WHERE '.implode(' AND ', $wherearr) : '';
    132. 

  132. 		return array($wheresql, $parameter);
    133. 

  133. 	}
    134. 

  134. 

  135. 	public function fetch_all_by_recyclebine($fid = 0, $isgroup = 0, $author = array(), $username = array(), $pstarttime = 0, $pendtime = 0, $mstarttime = 0, $mendtime = 0, $keywords = '', $start = 0, $limit = 0) {
    136. 

  136. 		$sql = $this->recyclebine_where($fid, $isgroup, $author, $username, $pstarttime, $pendtime, $mstarttime, $mendtime, $keywords);
    137. 

  137. 		return DB::fetch_all('SELECT f.name AS forumname, f.allowsmilies, f.allowhtml, f.allowbbcode, f.allowimgcode,
    138. 

  138. 				t.tid, t.fid, t.authorid, t.author, t.subject, t.views, t.replies, t.dateline, t.posttableid,
    139. 

  139. 				tm.uid AS moduid, tm.username AS modusername, tm.dateline AS moddateline, tm.action AS modaction, tm.reason
    140. 

  140. 				FROM '.DB::table('forum_thread').' t INNER JOIN '.DB::table('security_evilpost').' s ON s.tid = t.tid LEFT JOIN '.DB::table('forum_threadmod').' tm ON tm.tid=t.tid
    141. 

  141. 				LEFT JOIN '.DB::table('forum_forum').' f ON f.fid=t.fid '.$sql[0].' ORDER BY t.dateline DESC '.DB::limit($start, $limit), $sql[1]);
    142. 

  142. 	}
    143. 

  143. 

  144. 	public function count_by_search($tableid, $tid = null, $keywords = null, $invisible =null, $fid = null, $authorid = null, $author = null, $starttime = null, $endtime = null, $useip = null, $first = null) {
    145. 

  145. 		$sql = '';
    146. 

  146. 		$sql .= $tid ? ' AND '.DB::field('tid', $invisible) : '';
    147. 

  147. 		$sql .= $invisible !== null ? ' AND '.DB::field('invisible', $invisible) : '';
    148. 

  148. 		$sql .= $first !== null ? ' AND '.DB::field('first', $first) : '';
    149. 

  149. 		$sql .= $fid ? ' AND '.DB::field('fid', $fid) : '';
    150. 

  150. 		$sql .= $authorid !== null ? ' AND '.DB::field('authorid', $authorid) : '';
    151. 

  151. 		$sql .= $author ? ' AND '.DB::field('author', $author) : '';
    152. 

  152. 		$sql .= $starttime ? ' AND '.DB::field('dateline', $starttime, '>=') : '';
    153. 

  153. 		$sql .= $endtime ? ' AND '.DB::field('dateline', $endtime, '<') : '';
    154. 

  154. 		$sql .= $useip ? ' AND '.DB::field('useip', $useip, 'like') : '';
    155. 

  155. 		$sql .= ' AND s.type = 0';
    156. 

  156. 		if(trim($keywords)) {
    157. 

  157. 			$sqlkeywords = $or = '';
    158. 

  158. 			foreach(explode(',', str_replace(' ', '', $keywords)) as $keyword) {
    159. 

  159. 				$sqlkeywords .= " $or message LIKE '%$keyword%'";
    160. 

  160. 				$or = 'OR';
    161. 

  161. 			}
    162. 

  162. 			$sql .= " AND ($sqlkeywords)";
    163. 

  163. 		}
    164. 

  164. 		if($sql) {
    165. 

  165. 			return DB::result_first('SELECT COUNT(*) FROM %t t INNER JOIN '.DB::table('security_evilpost').' s ON s.pid = t.pid WHERE 1 %i', array(C::t('forum_post')->get_tablename($tableid), $sql));
    166. 

  166. 		} else {
    167. 

  167. 			return 0;
    168. 

  168. 		}
    169. 

  169. 	}
    170. 

  170. 

  171. 	public function fetch_all_by_search($tableid, $tid = null, $keywords = null, $invisible = null, $fid = null, $authorid = null, $author = null, $starttime = null, $endtime = null, $useip = null, $first = null, $start = null, $limit = null) {
    172. 

  172. 		$sql = '';
    173. 

  173. 		$sql .= $tid ? ' AND '.DB::field('tid', $tid) : '';
    174. 

  174. 		$sql .= $invisible !== null ? ' AND '.DB::field('invisible', $invisible) : '';
    175. 

  175. 		$sql .= $first !== null ? ' AND '.DB::field('first', $first) : '';
    176. 

  176. 		$sql .= $fid ? ' AND '.DB::field('fid', $fid) : '';
    177. 

  177. 		$sql .= $authorid !== null ? ' AND '.DB::field('authorid', $authorid) : '';
    178. 

  178. 		$sql .= $author ? ' AND '.DB::field('author', $author) : '';
    179. 

  179. 		$sql .= $starttime ? ' AND '.DB::field('dateline', $starttime, '>=') : '';
    180. 

  180. 		$sql .= $endtime ? ' AND '.DB::field('dateline', $endtime, '<') : '';
    181. 

  181. 		$sql .= $useip ? ' AND '.DB::field('useip', $useip, 'like') : '';
    182. 

  182. 		$sql .= ' AND s.type = 0';
    183. 

  183. 		if(trim($keywords)) {
    184. 

  184. 			$sqlkeywords = $or = '';
    185. 

  185. 			foreach(explode(',', str_replace(' ', '', $keywords)) as $keyword) {
    186. 

  186. 				$sqlkeywords .= " $or message LIKE '%$keyword%'";
    187. 

  187. 				$or = 'OR';
    188. 

  188. 			}
    189. 

  189. 			$sql .= " AND ($sqlkeywords)";
    190. 

  190. 		}
    191. 

  191. 		if($sql) {
    192. 

  192. 			return DB::fetch_all('SELECT * FROM %t t INNER JOIN '.DB::table('security_evilpost').' s ON s.pid = t.pid WHERE 1 %i ORDER BY dateline DESC %i', array(C::t('forum_post')->get_tablename($tableid), $sql, DB::limit($start, $limit)));
    193. 

  193. 		} else {
    194. 

  194. 			return array();
    195. 

  195. 		}
    196. 

  196. 	}
    197. 

  197. }
    198.