-
Notifications
You must be signed in to change notification settings - Fork 8
/
delattachment.php
123 lines (104 loc) · 5.17 KB
/
delattachment.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php
require "include/bittorrent.php";
dbconn();
loggedinorreturn();
global $CURUSER, $prfmanage_class;
parked();
if ($_POST["id"]) {
$attachid = 0 + $_POST["id"];
int_check($attachid, true);
$query = sql_query("SELECT * FROM attachments WHERE id = '" . $attachid . "'");
if (mysql_num_rows($query) == 1)
$arr = mysql_fetch_assoc($query);
else stderr("出错了!", "附件不存在!<a href=javascript:history.go(-1)>点击这里返回</a>", 0);
$userid = $arr["userid"];
int_check($userid, true);
if ($CURUSER["id"] != $userid && get_user_class() < UC_MODERATOR)
permissiondenied();
$users = sql_query("SELECT * FROM users WHERE id = '" . $userid . "'") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($users) == 1)
$user = mysql_fetch_assoc($users);
if (($user["privacy"] == "strong") && (get_user_class() < $prfmanage_class) && $CURUSER['id'] != $user['id'])//隐私等级高
permissiondenied();
if ($_POST['sure']) {
$filepath = dirname(__FILE__) . "/attachments/";
if (file_exists($filepath . $arr["location"])) {
unlink($filepath . $arr["location"]);
}
if (file_exists($filepath . $arr["location"] . ".thumb.jpg")) {
unlink($filepath . $arr["location"] . ".thumb.jpg");
}
sql_query("DELETE FROM attachments WHERE id = '" . $attachid . "'") or sqlerr(__FILE__, __LINE__);
if (!empty($_POST["returnto"]))
header("Location: $_POST[returnto]");
else
header("Location: userhistory.php?action=viewattach&id=" . $userid);
}
$body = format_comment("[attach]" . $arr["dlkey"] . "[/attach]");
stderr("确认删除附件!", "<form action=delattachment.php method=post>你确信要删除以下附件?
<input type=hidden name=id value=" . $attachid . " />
<input type=hidden name=returnto value=" . $_POST["returnto"] . " />
<input type=submit name=sure value=\"删除\" />
<input type=button onclick=\"location.href='javascript:history.go(-1)'\" value=返回 />
</form><br>文件名:" . $arr["filename"] . "<br/>" . $body, 0);
} elseif ($_POST["deleteids"]) {
$ids = $_POST["deleteids"];
if (!is_array($ids))
stderr("出错了!", "附件列表不存在!<a href=javascript:history.go(-1)>点击这里返回</a>", 0);
foreach ($ids as $attachid) {
int_check($attachid, true);
$query = sql_query("SELECT * FROM attachments WHERE id = '" . $attachid . "'");
if (mysql_num_rows($query) == 1)
$arr = mysql_fetch_assoc($query);
else {
$print .= "附件 " . $attachid . " 不存在!<br/><br/>\n";
continue;
}
$userid = $arr["userid"];
int_check($userid, true);
if ($CURUSER["id"] != $userid && get_user_class() < UC_MODERATOR) {
$print .= "你没有删除附件 " . $attachid . " 的权限<br/><br/>\n";
continue;
}
$users = sql_query("SELECT * FROM users WHERE id = '" . $userid . "'") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($users) == 1)
$user = mysql_fetch_assoc($users);
if (($user["privacy"] == "strong") && (get_user_class() < $prfmanage_class) && $CURUSER['id'] != $user['id'])//隐私等级高
{
$print .= "你没有删除附件 " . $attachid . " 的权限<br/><br/>\n";
continue;
}
if ($_POST['sure']) {
$filepath = dirname(__FILE__) . "/attachments/";
if (file_exists($filepath . $arr["location"])) {
unlink($filepath . $arr["location"]);
}
if (file_exists($filepath . $arr["location"] . ".thumb.jpg")) {
unlink($filepath . $arr["location"] . ".thumb.jpg");
}
sql_query("DELETE FROM attachments WHERE id = '" . $attachid . "'") or sqlerr(__FILE__, __LINE__);
} else
$print .= "文件名:" . $arr["filename"] . "\n<input type=hidden name=deleteids[] value=\"" . $arr["id"] . "\" /><br/>\n" . format_comment("[attach]" . $arr["dlkey"] . "[/attach]") . "<br/><br/>\n";
}
if ($_POST['sure']) {
if (!empty($_POST["returnto"]))
header("Location: $_POST[returnto]");
else
header("Location: index.php");
} else
stderr(
"确认删除附件!", "<form action=delattachment.php method=post>你确信要删除以下附件?
<input type=hidden name=returnto value=" . $_POST["returnto"] . " /><br/><br/>\n" .
"<input type=submit name=sure value=\"删除\" />" .
" <input type=button onclick=\"location.href='javascript:history.go(-1)'\" value=返回 /><br/><br/>\n" .
$print .
"<input type=submit name=sure value=\"删除\" />" .
" <input type=button onclick=\"location.href='javascript:history.go(-1)'\" value=返回 /><br/>\n" .
"</form>"
, 0);
} else {
if (!empty($_POST["returnto"]))
header("Location: $_POST[returnto]");
else
header("Location: index.php");
}