Discuz! 5.0.0论坛程序中加入一段js代码,让会员点击下载附件前自动弹出提示窗口
程序员文章站
2022-10-25 23:43:35
你需要修改attachment.php文件 在根目录下 在$attachexists = $ispaid = ...
你需要修改attachment.php文件 在根目录下
在$attachexists = $ispaid = false;下面添加
if (!empty($checktwo)) {
在最末尾的?>前添加
} else {
echo "<script>alert('写上你要提示的内容')</script>";
echo "<meta http-equiv=\"refresh\" content=\"0;url=$php_self?checktwo=1&aid=$aid\">";
}
我在本机架设discuz! 5.0.1调试通过了
完整代码如下:
<?php
/*
[discuz!] (c)2001-2006 comsenz inc.
this is not a freeware, use is subject to license terms
$rcsfile: attachment.php,v $
$revision: 1.13 $
$date: 2006/08/11 06:51:07 $
*/
require_once './include/common.inc.php';
$discuz_action = 14;
if($attachrefcheck && $_server['http_referer'] && preg_replace("/https?:\/\/([^\/]+).*/i", "\\1", $_server['http_referer']) != $_server['http_host']) {
//header("location: {$boardurl}images/common/invalidreferer.gif");
showmessage('attachment_referer_invalid', null, 'halted');
}
/*
$query = $db->query("select a.*, t.fid, p.authorid from {$tablepre}attachments a, {$tablepre}threads t, {$tablepre}posts p
where a.aid='$aid' and t.tid=a.tid and p.pid=a.pid and t.displayorder>='0' and p.invisible='0'");
$attach = $db->fetch_array($query);
*/
periodscheck('attachbanperiods');
$attachexists = $ispaid = false;
if (!empty($checktwo)) {
if(!empty($aid)) {
$query = $db->query("select * from {$tablepre}attachments where aid='$aid'");
if($attach = $db->fetch_array($query)) {
$query = $db->query("select tid, fid, price, special from {$tablepre}threads where tid='$attach[tid]' and displayorder>='0'");
$thread = $db->fetch_array($query);
if($thread['fid']) {
$query = $db->query("select authorid from {$tablepre}posts where pid='$attach[pid]' and invisible='0'");
if($db->num_rows($query)) {
$attach['authorid'] = $db->result($query, 0);
$attachexists = true;
}
}
}
}
if($allowgetattach && ($attach['readperm'] && $attach['readperm'] > $readaccess) && $adminid <= 0 && !($discuz_uid && $discuz_uid == $attach['authorid'])) {
showmessage('attachment_forum_nopermission', null, 'noperm');
}
if(!$thread['special'] && $thread['price'] > 0 && (!$discuz_uid || ($discuz_uid && $discuz_uid != $attach['authorid'] && $adminid <=0))) {
$query = $db->query("select uid from {$tablepre}paymentlog where uid='$discuz_uid' and tid='$attach[tid]'");
if($db->result($query, 0)) {
$ispaid = true;
} else {
showmessage('attachment_payto', 'viewthread.php?tid='.$attach['tid']);
}
}
$filename = $attachdir.'/'.$attach['attachment'];
if(is_readable($filename) && $attachexists) {
$query = $db->query("select f.viewperm, f.getattachperm, f.getattachcredits, a.allowgetattach from {$tablepre}forumfields f
left join {$tablepre}access a on a.uid='$discuz_uid' and a.fid=f.fid
where f.fid='$thread[fid]'");
$forum = $db->fetch_array($query);
if(!$ispaid) {
if(!$forum['allowgetattach']) {
if(!$forum['getattachperm'] && !$allowgetattach) {
showmessage('group_nopermission', null, 'noperm');
} elseif(($forum['getattachperm'] && !forumperm($forum['getattachperm'])) || ($forum['viewperm'] && !forumperm($forum['viewperm']))) {
showmessage('attachment_forum_nopermission', null, 'noperm');
}
}
}
if(!($isimage = preg_match("/^image\/.+/", $attach['filetype']))) {
checklowerlimit($creditspolicy['getattach'], -1);
}
if(empty($noupdate)) {
if($delayviewcount == 2 || $delayviewcount == 3) {
$logfile = './forumdata/cache/cache_attachviews.log';
if(substr($timestamp, -1) == '0') {
require_once discuz_root.'./include/misc.func.php';
updateviews('attachments', 'aid', 'downloads', $logfile);
}
if(@$fp = fopen(discuz_root.$logfile, 'a')) {
fwrite($fp, "$aid\n");
fclose($fp);
} elseif($adminid == 1) {
showmessage('view_log_invalid');
}
} else {
$db->query("update {$tablepre}attachments set downloads=downloads+'1' where aid='$aid'", 'unbuffered');
}
}
if(!$isimage) {
$forum['getattachcredits'] = $forum['getattachcredits'] ? unserialize($forum['getattachcredits']) : array();
$getattachcredits = $forum['getattachcredits'] ? $forum['getattachcredits'] : $creditspolicy['getattach'];
updatecredits($discuz_uid, $getattachcredits, -1);
}
$filesize = filesize($filename);
ob_end_clean();
header('cache-control: max-age=31536000');
header('expires: '.gmdate('d, d m y h:i:s', $timestamp + 31536000).' gmt');
header('content-encoding: none');
$attach['filename'] = (strtolower($charset) == 'utf-8' && strexists($_server['http_user_agent'], 'msie')) ? urlencode($attach['filename']) : $attach['filename'];
if($isimage && !empty($noupdate)) {
header('content-disposition: inline; filename='.$attach['filename']);
} else {
header('content-disposition: attachment; filename='.$attach['filename']);
}
header('content-type: '.$attach['filetype']);
@$fp = fopen($filename, 'rb');
@flock($fp, 2);
$attachment = @fread($fp, $filesize);
@fclose($fp);
echo $attachment;
} else {
showmessage('attachment_nonexistence');
}
} else {
echo "<script>alert('$php_self')</script>";
echo "<meta http-equiv=\"refresh\" content=\"0;url=$php_self?checktwo=1&aid=$aid\">";
}
?>
在$attachexists = $ispaid = false;下面添加
if (!empty($checktwo)) {
在最末尾的?>前添加
} else {
echo "<script>alert('写上你要提示的内容')</script>";
echo "<meta http-equiv=\"refresh\" content=\"0;url=$php_self?checktwo=1&aid=$aid\">";
}
我在本机架设discuz! 5.0.1调试通过了
完整代码如下:
<?php
/*
[discuz!] (c)2001-2006 comsenz inc.
this is not a freeware, use is subject to license terms
$rcsfile: attachment.php,v $
$revision: 1.13 $
$date: 2006/08/11 06:51:07 $
*/
require_once './include/common.inc.php';
$discuz_action = 14;
if($attachrefcheck && $_server['http_referer'] && preg_replace("/https?:\/\/([^\/]+).*/i", "\\1", $_server['http_referer']) != $_server['http_host']) {
//header("location: {$boardurl}images/common/invalidreferer.gif");
showmessage('attachment_referer_invalid', null, 'halted');
}
/*
$query = $db->query("select a.*, t.fid, p.authorid from {$tablepre}attachments a, {$tablepre}threads t, {$tablepre}posts p
where a.aid='$aid' and t.tid=a.tid and p.pid=a.pid and t.displayorder>='0' and p.invisible='0'");
$attach = $db->fetch_array($query);
*/
periodscheck('attachbanperiods');
$attachexists = $ispaid = false;
if (!empty($checktwo)) {
if(!empty($aid)) {
$query = $db->query("select * from {$tablepre}attachments where aid='$aid'");
if($attach = $db->fetch_array($query)) {
$query = $db->query("select tid, fid, price, special from {$tablepre}threads where tid='$attach[tid]' and displayorder>='0'");
$thread = $db->fetch_array($query);
if($thread['fid']) {
$query = $db->query("select authorid from {$tablepre}posts where pid='$attach[pid]' and invisible='0'");
if($db->num_rows($query)) {
$attach['authorid'] = $db->result($query, 0);
$attachexists = true;
}
}
}
}
if($allowgetattach && ($attach['readperm'] && $attach['readperm'] > $readaccess) && $adminid <= 0 && !($discuz_uid && $discuz_uid == $attach['authorid'])) {
showmessage('attachment_forum_nopermission', null, 'noperm');
}
if(!$thread['special'] && $thread['price'] > 0 && (!$discuz_uid || ($discuz_uid && $discuz_uid != $attach['authorid'] && $adminid <=0))) {
$query = $db->query("select uid from {$tablepre}paymentlog where uid='$discuz_uid' and tid='$attach[tid]'");
if($db->result($query, 0)) {
$ispaid = true;
} else {
showmessage('attachment_payto', 'viewthread.php?tid='.$attach['tid']);
}
}
$filename = $attachdir.'/'.$attach['attachment'];
if(is_readable($filename) && $attachexists) {
$query = $db->query("select f.viewperm, f.getattachperm, f.getattachcredits, a.allowgetattach from {$tablepre}forumfields f
left join {$tablepre}access a on a.uid='$discuz_uid' and a.fid=f.fid
where f.fid='$thread[fid]'");
$forum = $db->fetch_array($query);
if(!$ispaid) {
if(!$forum['allowgetattach']) {
if(!$forum['getattachperm'] && !$allowgetattach) {
showmessage('group_nopermission', null, 'noperm');
} elseif(($forum['getattachperm'] && !forumperm($forum['getattachperm'])) || ($forum['viewperm'] && !forumperm($forum['viewperm']))) {
showmessage('attachment_forum_nopermission', null, 'noperm');
}
}
}
if(!($isimage = preg_match("/^image\/.+/", $attach['filetype']))) {
checklowerlimit($creditspolicy['getattach'], -1);
}
if(empty($noupdate)) {
if($delayviewcount == 2 || $delayviewcount == 3) {
$logfile = './forumdata/cache/cache_attachviews.log';
if(substr($timestamp, -1) == '0') {
require_once discuz_root.'./include/misc.func.php';
updateviews('attachments', 'aid', 'downloads', $logfile);
}
if(@$fp = fopen(discuz_root.$logfile, 'a')) {
fwrite($fp, "$aid\n");
fclose($fp);
} elseif($adminid == 1) {
showmessage('view_log_invalid');
}
} else {
$db->query("update {$tablepre}attachments set downloads=downloads+'1' where aid='$aid'", 'unbuffered');
}
}
if(!$isimage) {
$forum['getattachcredits'] = $forum['getattachcredits'] ? unserialize($forum['getattachcredits']) : array();
$getattachcredits = $forum['getattachcredits'] ? $forum['getattachcredits'] : $creditspolicy['getattach'];
updatecredits($discuz_uid, $getattachcredits, -1);
}
$filesize = filesize($filename);
ob_end_clean();
header('cache-control: max-age=31536000');
header('expires: '.gmdate('d, d m y h:i:s', $timestamp + 31536000).' gmt');
header('content-encoding: none');
$attach['filename'] = (strtolower($charset) == 'utf-8' && strexists($_server['http_user_agent'], 'msie')) ? urlencode($attach['filename']) : $attach['filename'];
if($isimage && !empty($noupdate)) {
header('content-disposition: inline; filename='.$attach['filename']);
} else {
header('content-disposition: attachment; filename='.$attach['filename']);
}
header('content-type: '.$attach['filetype']);
@$fp = fopen($filename, 'rb');
@flock($fp, 2);
$attachment = @fread($fp, $filesize);
@fclose($fp);
echo $attachment;
} else {
showmessage('attachment_nonexistence');
}
} else {
echo "<script>alert('$php_self')</script>";
echo "<meta http-equiv=\"refresh\" content=\"0;url=$php_self?checktwo=1&aid=$aid\">";
}
?>
上一篇: PHP与SQL注入攻击[三]
下一篇: php中的MVC模式运用技巧