gusucode.com > 4004网博士成品网站管理系统 PHP网站源码程序 > 4004/4004/down_backup_1242004034/admin/post.php
<?php define("ROOTPATH", "../../"); include(ROOTPATH."includes/admin.inc.php"); include("language/".$sLan.".php"); include("func/upload.inc.php"); NeedAuth(162); $act=$_POST["act"]; switch($act){ //显示属性列 case "proplist" : $catid=$_POST["catid"]; $nowid=$_POST["nowid"]; if($nowid!="" && $nowid!="0"){ $msql->query("select * from {P}_down_con where id='$nowid'"); if($msql->next_record()){ $prop1=$msql->f('prop1'); $prop2=$msql->f('prop2'); $prop3=$msql->f('prop3'); $prop4=$msql->f('prop4'); $prop5=$msql->f('prop5'); $prop6=$msql->f('prop6'); $prop7=$msql->f('prop7'); $prop8=$msql->f('prop8'); $prop9=$msql->f('prop9'); $prop10=$msql->f('prop10'); $prop11=$msql->f('prop11'); $prop12=$msql->f('prop12'); $prop13=$msql->f('prop13'); $prop14=$msql->f('prop14'); $prop15=$msql->f('prop15'); $prop16=$msql->f('prop16'); } } $str="<table width='100%' border='0' align='center' cellpadding='2' cellspacing='0' >"; $i=1; $msql->query("select * from {P}_down_prop where catid='$catid' order by xuhao"); while($msql->next_record()){ $propname=$msql->f('propname'); $pn="prop".$i; $str.="<tr>"; $str.="<td width='100' height='30' align='center' >".$propname."</td>"; $str.="<td height='30' >"; $str.="<input type='text' name='".$pn."' value='".$$pn."' class='input' style='width:499px;' />"; $str.="</td>"; $str.="</tr>"; $i++; } $str.="</table>"; echo $str; exit; break; //添加分页 case "addpage" : $nowid=$_POST["nowid"]; $xuhao=0; if($nowid!="" && $nowid!="0"){ $msql->query("select max(xuhao) from {P}_down_pages where downid='$nowid'"); if($msql->next_record()){ $xuhao=$msql->f('max(xuhao)'); } $xuhao=$xuhao+1; $msql->query("insert into {P}_down_pages set downid='$nowid',xuhao='$xuhao' "); } echo "OK"; exit; break; //显示分页 case "downpageslist" : $nowid=$_POST["nowid"]; $pageinit=$_POST["pageinit"]; $str="<ul>"; $str.="<li id='p_0' class='pages'>1</li>"; $i=2; $id=0; $msql->query("select id from {P}_down_pages where downid='$nowid' order by xuhao"); while($msql->next_record()){ $id=$msql->f('id'); $str.="<li id='p_".$id."' class='pages'>".$i."</li>"; $i++; } if($pageinit!="new"){ $id=$pageinit; } $str.="<li id='addpage' class='addbutton'>".$strDownPagesAdd."</li>"; if($pageinit!="0"){ $str.="<li id='pagedelete' class='addbutton'>".$strDownPagesDel."</li>"; $str.="<li id='backtomodi' class='addbutton'>".$strBack."</li>"; } $str.="<input type='submit' name='modi' onClick='KindSubmit();' value='".$strSave."' class='savebutton' />"; $str.="</ul><input id='downpagesid' name='downpagesid' type='hidden' value='".$id."'>"; echo $str; exit; break; //获取分页内容 case "getcontent" : $nowid=$_POST["nowid"]; $downpageid=$_POST["downpageid"]; if($downpageid=="-1"){ $body=""; }elseif($downpageid=="0"){ $msql->query("select body from {P}_down_con where id='$nowid'"); if($msql->next_record()){ $body=$msql->f('body'); } }else{ $msql->query("select body from {P}_down_pages where id='$downpageid'"); if($msql->next_record()){ $body=$msql->f('body'); }else{ $body=""; } } $body=Path2Url($body); echo $body; exit; break; //修改 case "downmodify" : $id=$_POST["id"]; $pid=$_POST["pid"]; $catid=$_POST["catid"]; $page=$_POST["page"]; $title=htmlspecialchars($_POST["title"]); $author=htmlspecialchars($_POST["author"]); $source=htmlspecialchars($_POST["source"]); $body=$_POST["body"]; $memo=$_POST["memo"]; $oldcatid=$_POST["oldcatid"]; $oldcatpath=$_POST["oldcatpath"]; $prop1=htmlspecialchars($_POST["prop1"]); $prop2=htmlspecialchars($_POST["prop2"]); $prop3=htmlspecialchars($_POST["prop3"]); $prop4=htmlspecialchars($_POST["prop4"]); $prop5=htmlspecialchars($_POST["prop5"]); $prop6=htmlspecialchars($_POST["prop6"]); $prop7=htmlspecialchars($_POST["prop7"]); $prop8=htmlspecialchars($_POST["prop8"]); $prop9=htmlspecialchars($_POST["prop9"]); $prop10=htmlspecialchars($_POST["prop10"]); $prop11=htmlspecialchars($_POST["prop11"]); $prop12=htmlspecialchars($_POST["prop12"]); $prop13=htmlspecialchars($_POST["prop13"]); $prop14=htmlspecialchars($_POST["prop14"]); $prop15=htmlspecialchars($_POST["prop15"]); $prop16=htmlspecialchars($_POST["prop16"]); $prop17=htmlspecialchars($_POST["prop17"]); $prop18=htmlspecialchars($_POST["prop18"]); $prop19=htmlspecialchars($_POST["prop19"]); $prop20=htmlspecialchars($_POST["prop20"]); $downcentid=htmlspecialchars($_POST["downcentid"]); $downcent=htmlspecialchars($_POST["downcent"]); $tags=$_POST["tags"]; $spe_selec=$_POST["spe_selec"]; $file=$_FILES["file"]; $fileurl=$_POST["fileurl"]; if($file["size"]>0){ $Meta="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>"; } //校验 $uptime=time(); if($title==""){ echo $Meta.$strDownNotice6; exit; } if(strlen($title)>200){ echo $Meta.$strDownNotice7; exit; } if(strlen($body)>65000){ echo $Meta.$strDownNotice5; exit; } //路径转换 $body=Url2Path($body); //标签过滤 $title=str_replace("{#","",$title); $title=str_replace("#}","",$title); $memo=str_replace("{#","",$memo); $memo=str_replace("#}","",$memo); $body=str_replace("{#","{ #",$body); $body=str_replace("#}","# }",$body); $msql->query("select catpath from {P}_down_cat where catid='$catid'"); if($msql->next_record()){ $catpath=$msql->f('catpath'); } $count_pro = count ($spe_selec); for ($i = 0; $i < $count_pro; $i ++) { $projid = $spe_selec[$i]; $projpath .= $projid.":"; } if($file["size"]>0){ $nowdate=date("Ymd",time()); $picpath="../upload/".$nowdate; @mkdir($picpath,0777); $uppath="down/upload/".$nowdate; $filearr=NewUploadFile($file["tmp_name"],$file["type"],$file["name"],$file["size"],$uppath); if($filearr[0]!="err"){ $fileurl=$filearr[3]; }else{ echo $Meta.$filearr[1]; exit; } $msql->query("select fileurl from {P}_down_con where id='$id'"); if($msql->next_record()){ $oldfileurl=$msql->f('fileurl'); } if(file_exists(ROOTPATH.$oldfileurl) && $oldfileurl!="" && !strstr($oldfileurl,"../")){ unlink(ROOTPATH.$oldfileurl); } } for($t=0;$t<sizeof($tags);$t++){ if($tags[$t]!=""){ $tagstr.=$tags[$t].","; } } $msql->query("update {P}_down_con set title='$title', memo='$memo', fileurl='$fileurl', catid='$catid', catpath='$catpath', uptime='$uptime', author='$author', source='$source', proj='$projpath', tags='$tagstr', prop1='$prop1', prop2='$prop2', prop3='$prop3', prop4='$prop4', prop5='$prop5', prop6='$prop6', prop7='$prop7', prop8='$prop8', prop9='$prop9', prop10='$prop10', prop11='$prop11', prop12='$prop12', prop13='$prop13', prop14='$prop14', prop15='$prop15', prop16='$prop16', prop17='$prop17', prop18='$prop18', prop19='$prop19', prop20='$prop20', downcentid='$downcentid', downcent='$downcent', body='$body' where id='$id' "); echo "OK"; exit; break; //翻页内容修改 case "contentmodify" : $downpagesid=$_POST["downpagesid"]; $body=$_POST["body"]; if(strlen($body)>65000){ echo $strDownNotice5; exit; } $body=Url2Path($body); $msql->query("update {P}_down_pages set body='$body' where id='$downpagesid'"); echo "OK"; exit; break; //下载发布 case "downadd" : $catid=$_POST["catid"]; $body=$_POST["body"]; $title=htmlspecialchars($_POST["title"]); $author=htmlspecialchars($_POST["author"]); $source=htmlspecialchars($_POST["source"]); $memo=$_POST["memo"]; $prop1=htmlspecialchars($_POST["prop1"]); $prop2=htmlspecialchars($_POST["prop2"]); $prop3=htmlspecialchars($_POST["prop3"]); $prop4=htmlspecialchars($_POST["prop4"]); $prop5=htmlspecialchars($_POST["prop5"]); $prop6=htmlspecialchars($_POST["prop6"]); $prop7=htmlspecialchars($_POST["prop7"]); $prop8=htmlspecialchars($_POST["prop8"]); $prop9=htmlspecialchars($_POST["prop9"]); $prop10=htmlspecialchars($_POST["prop10"]); $prop11=htmlspecialchars($_POST["prop11"]); $prop12=htmlspecialchars($_POST["prop12"]); $prop13=htmlspecialchars($_POST["prop13"]); $prop14=htmlspecialchars($_POST["prop14"]); $prop15=htmlspecialchars($_POST["prop15"]); $prop16=htmlspecialchars($_POST["prop16"]); $prop17=htmlspecialchars($_POST["prop17"]); $prop18=htmlspecialchars($_POST["prop18"]); $prop19=htmlspecialchars($_POST["prop19"]); $prop20=htmlspecialchars($_POST["prop20"]); $downcentid=htmlspecialchars($_POST["downcentid"]); $downcent=htmlspecialchars($_POST["downcent"]); $tags=$_POST["tags"]; $fileurl=$_POST["fileurl"]; $file=$_FILES["file"]; $spe_selec=$_POST["spe_selec"]; if($file["size"]>0){ $Meta="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>"; } //校验 $uptime=time(); if($title==""){ echo $Meta.$strDownNotice6; exit; } if(strlen($title)>200){ echo $Meta.$strDownNotice7; exit; } if(strlen($body)>65000){ echo $Meta.$strDownNotice5; exit; } $dtime=time(); $msql->query("select catpath from {P}_down_cat where catid='$catid'"); if($msql->next_record()){ $catpath=$msql->f('catpath'); } $body=Url2Path($body); //标签过滤 $title=str_replace("{#","",$title); $title=str_replace("#}","",$title); $memo=str_replace("{#","",$memo); $memo=str_replace("#}","",$memo); $body=str_replace("{#","{ #",$body); $body=str_replace("#}","# }",$body); //文件 if($file["size"]>0){ $nowdate=date("Ymd",time()); $picpath="../upload/".$nowdate; @mkdir($picpath,0777); $uppath="down/upload/".$nowdate; $filearr=NewUploadFile($file["tmp_name"],$file["type"],$file["name"],$file["size"],$uppath); if($filearr[0]!="err"){ $fileurl=$filearr[3]; }else{ echo $Meta.$filearr[1]; exit; } } //专题 $count_pro = count ($spe_selec); for ($i = 0; $i < $count_pro; $i ++) { $projid = $spe_selec[$i]; $projpath .= $projid.":"; } //标签 for($t=0;$t<sizeof($tags);$t++){ if($tags[$t]!=""){ $tagstr.=$tags[$t].","; } } $msql->query("insert into {P}_down_con set catid='$catid', catpath='$catpath', title='$title', body='$body', dtime='$dtime', xuhao='0', cl='0', tj='0', iffb='1', ifbold='0', ifred='0', type='gif', src='$src', uptime='$dtime', author='$author', source='$source', memberid='0', proj='$projpath', tags='$tagstr', secure='0', memo='$memo', prop1='$prop1', prop2='$prop2', prop3='$prop3', prop4='$prop4', prop5='$prop5', prop6='$prop6', prop7='$prop7', prop8='$prop8', prop9='$prop9', prop10='$prop10', prop11='$prop11', prop12='$prop12', prop13='$prop13', prop14='$prop14', prop15='$prop15', prop16='$prop16', prop17='$prop17', prop18='$prop18', prop19='$prop19', prop20='$prop20', downcentid='$downcentid', downcent='$downcent', fileurl='$fileurl' "); echo "OK"; exit; break; //删除分页 case "pagedelete" : $delpagesid=$_POST["delpagesid"]; $nowid=$_POST["nowid"]; $i=0; $msql->query("select id from {P}_down_pages where downid='$nowid' order by xuhao"); while($msql->next_record()){ $id[$i]=$msql->f('id'); if($id[$i]==$delpagesid){ if($i==0){ $lastid=0; }else{ $lastid=$id[$i-1]; } } $i++; } if($lastid==0 && $i>1){ $lastid=$id[1]; } $msql->query("delete from {P}_down_pages where id='$delpagesid'"); echo $lastid; exit; break; //添加专题 case "addproj" : $project=htmlspecialchars($_POST["project"]); $folder=htmlspecialchars($_POST["folder"]); if($project==""){ echo $strProjNTC1; exit; } if(strlen($folder)<2 || strlen($folder)>16){ echo $strProjNTC2; exit; } if (!eregi("^[0-9a-z]{1,16}$",$folder)) { echo $strProjNTC3; exit; } if(strstr($folder,"/") || strstr($folder,".")){ echo $strProjNTC3; exit; } //保护目录名 $arr = array('main','html','class','detail','query','index','admin','downgl','downfabu','downmodify','downcat','down'); if (in_array($folder, $arr)==true) { echo $strProjNTC4; exit; } if(file_exists("../project/".$folder)){ echo $strProjNTC4; exit; } $msql->query("select id from {P}_down_proj where folder='$folder'"); if($msql->next_record()){ echo $strProjNTC4; exit; } $pagename="proj_".$folder; //创建目录 @mkdir("../project/".$folder,0777); $fd=fopen("../project/temp.php","r"); $str=fread($fd,"2000"); $str=str_replace("TEMP",$pagename,$str); fclose($fd); $filename="../project/".$folder."/index.php"; $fp=fopen($filename,"w"); fwrite($fp,$str); fclose($fp); @chmod($filename,0755); //插入记录 $msql->query("insert into {P}_down_proj set `project`='$project', `folder`='$folder' "); //插入页面记录 $msql->query("insert into {P}_base_pageset set `name`='$project', `coltype`='down', `pagename`='$pagename', `pagetitle`='$project', `buildhtml`='index' "); echo "OK"; exit; break; //增加分类专栏 case "addzl" : $catid=htmlspecialchars($_POST["catid"]); if($catid==""){ echo $strZlNTC1; exit; } $msql->query("select cat from {P}_down_cat where catid='$catid'"); if($msql->next_record()){ $cat=$msql->f('cat'); $cat=str_replace("'","",$cat); }else{ echo $strZlNTC2; exit; } //页名定义 $pagename="class_".$catid; //创建目录 @mkdir("../class/".$catid,0777); $fd=fopen("../class/temp.php","r"); $str=fread($fd,"2000"); $str=str_replace("TEMP",$pagename,$str); fclose($fd); $filename="../class/".$catid."/index.php"; $fp=fopen($filename,"w"); fwrite($fp,$str); fclose($fp); @chmod($filename,0755); //更新分类表 $msql->query("update {P}_down_cat set `ifchannel`='1' where catid='$catid'"); //更新页面参数表 $msql->query("select id from {P}_base_pageset where coltype='down' and pagename='$pagename'"); if($msql->next_record()){ }else{ $fsql->query("insert into {P}_base_pageset set `name`='$cat', `coltype`='down', `pagename`='$pagename', `pagetitle`='$cat', `buildhtml`='index' "); } echo "OK"; exit; break; //删除专栏 case "delzl" : $catid=htmlspecialchars($_POST["catid"]); if($catid==""){ echo $strZlNTC1; exit; } $msql->query("select catid from {P}_down_cat where catid='$catid'"); if($msql->next_record()){ }else{ echo $strZlNTC2; exit; } //删除页面记录 $pagename="class_".$catid; $msql->query("delete from {P}_base_pageset where coltype='down' and pagename='$pagename'"); //删除插件记录 $msql->query("delete from {P}_base_plus where plustype='down' and pluslocat='$pagename'"); //更新分类表 $msql->query("update {P}_down_cat set `ifchannel`='0' where catid='$catid'"); //删除目录 if($catid!="" && strlen($catid)>=1 && !strstr($catid,".") && !strstr($catid,"/")){ DelFold("../class/".$catid); } echo "OK"; exit; break; } ?>