forked from sicalpath/tjupt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
delattachment.php
131 lines (105 loc) · 4.33 KB
/
delattachment.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<?php
require "include/bittorrent.php";
dbconn();
loggedinorreturn();
parked();
if($_POST["id"]){
$attachid = 0+$_POST["id"];
int_check($attachid,true);
$query = sql_query("SELECT * FROM attachments WHERE id = '".$attachid."'");
if(mysql_num_rows($query) == 1)
$arr = mysql_fetch_assoc($query);
else stderr("出错了!","附件不存在!<a href=javascript:history.go(-1)>点击这里返回</a>",0);
$userid = $arr["userid"];
int_check($userid,true);
if ($CURUSER["id"] != $userid && get_user_class() < UC_MODERATOR )
permissiondenied();
$users=sql_query("SELECT * FROM users WHERE id = '".$userid."'") or sqlerr(__FILE__, __LINE__);
if(mysql_num_rows($users) == 1)
$user = mysql_fetch_assoc($users);
if (($user["privacy"] == "strong") && (get_user_class() < $prfmanage_class) && $CURUSER[id] != $user[id])//隐私等级高
permissiondenied();
if ($_POST['sure'])
{
$filepath = dirname(__FILE__)."/attachments/";
if(file_exists($filepath.$arr["location"])){
unlink($filepath.$arr["location"]);
}
if(file_exists($filepath.$arr["location"].".thumb.jpg")){
unlink($filepath.$arr["location"].".thumb.jpg");
}
sql_query("DELETE FROM attachments WHERE id = '".$attachid."'") or sqlerr(__FILE__, __LINE__);
if (!empty($_POST["returnto"]))
header("Location: $_POST[returnto]");
else
header("Location: userhistory.php?action=viewattach&id=".$userid);
}
$body = format_comment("[attach]".$arr["dlkey"]."[/attach]");
stderr("确认删除附件!","<form action=delattachment.php method=post>你确信要删除以下附件?
<input type=hidden name=id value=".$attachid." />
<input type=hidden name=returnto value=".$_POST["returnto"]." />
<input type=submit name=sure value=\"删除\" />
<input type=button onclick=\"location.href='javascript:history.go(-1)'\" value=返回 />
</form><br>文件名:".$arr["filename"]."<br/>".$body,0);
}
elseif($_POST["deleteids"]){
$ids = $_POST["deleteids"];
if(!is_array($ids))
stderr("出错了!","附件列表不存在!<a href=javascript:history.go(-1)>点击这里返回</a>",0);
foreach($ids as $attachid)
{
int_check($attachid,true);
$query = sql_query("SELECT * FROM attachments WHERE id = '".$attachid."'");
if(mysql_num_rows($query) == 1)
$arr = mysql_fetch_assoc($query);
else
{$print.="附件 ".$attachid." 不存在!<br/><br/>\n";continue;}
$userid = $arr["userid"];
int_check($userid,true);
if ($CURUSER["id"] != $userid && get_user_class() < UC_MODERATOR )
{$print.="你没有删除附件 ".$attachid." 的权限<br/><br/>\n";continue;}
$users=sql_query("SELECT * FROM users WHERE id = '".$userid."'") or sqlerr(__FILE__, __LINE__);
if(mysql_num_rows($users) == 1)
$user = mysql_fetch_assoc($users);
if (($user["privacy"] == "strong") && (get_user_class() < $prfmanage_class) && $CURUSER[id] != $user[id])//隐私等级高
{$print.="你没有删除附件 ".$attachid." 的权限<br/><br/>\n";continue;}
if ($_POST['sure'])
{
$filepath = dirname(__FILE__)."/attachments/";
if(file_exists($filepath.$arr["location"])){
unlink($filepath.$arr["location"]);
}
if(file_exists($filepath.$arr["location"].".thumb.jpg")){
unlink($filepath.$arr["location"].".thumb.jpg");
}
sql_query("DELETE FROM attachments WHERE id = '".$attachid."'") or sqlerr(__FILE__, __LINE__);
}
else
$print .= "文件名:".$arr["filename"]."\n<input type=hidden name=deleteids[] value=\"".$arr["id"]."\" /><br/>\n".format_comment("[attach]".$arr["dlkey"]."[/attach]")."<br/><br/>\n";
}
if ($_POST['sure'])
{
if (!empty($_POST["returnto"]))
header("Location: $_POST[returnto]");
else
header("Location: index.php");
}
else
stderr(
"确认删除附件!","<form action=delattachment.php method=post>你确信要删除以下附件?
<input type=hidden name=returnto value=".$_POST["returnto"]." /><br/><br/>\n".
"<input type=submit name=sure value=\"删除\" />".
" <input type=button onclick=\"location.href='javascript:history.go(-1)'\" value=返回 /><br/><br/>\n".
$print.
"<input type=submit name=sure value=\"删除\" />".
" <input type=button onclick=\"location.href='javascript:history.go(-1)'\" value=返回 /><br/>\n".
"</form>"
,0);
}
else {
if (!empty($_POST["returnto"]))
header("Location: $_POST[returnto]");
else
header("Location: index.php");
}
?>