gusucode.com > 4004网博士成品网站管理系统 PHP网站源码程序 > 4004/4004/photo_backup_1242003953/admin/post.php
<?php define("ROOTPATH", "../../"); include(ROOTPATH."includes/admin.inc.php"); include("language/".$sLan.".php"); include("func/upload.inc.php"); NeedAuth(152); $act=$_POST["act"]; switch($act){ //????????? case "proplist" : $catid=$_POST["catid"]; $nowid=$_POST["nowid"]; if($nowid!="" && $nowid!="0"){ $msql->query("select * from {P}_photo_con where id='$nowid'"); if($msql->next_record()){ $prop1=$msql->f('prop1'); $prop2=$msql->f('prop2'); $prop3=$msql->f('prop3'); $prop4=$msql->f('prop4'); $prop5=$msql->f('prop5'); $prop6=$msql->f('prop6'); $prop7=$msql->f('prop7'); $prop8=$msql->f('prop8'); $prop9=$msql->f('prop9'); $prop10=$msql->f('prop10'); $prop11=$msql->f('prop11'); $prop12=$msql->f('prop12'); $prop13=$msql->f('prop13'); $prop14=$msql->f('prop14'); $prop15=$msql->f('prop15'); $prop16=$msql->f('prop16'); } } $str="<table width='100%' border='0' align='center' cellpadding='2' cellspacing='0' >"; $i=1; $msql->query("select * from {P}_photo_prop where catid='$catid' order by xuhao"); while($msql->next_record()){ $propname=$msql->f('propname'); $pn="prop".$i; $str.="<tr>"; $str.="<td width='100' height='30' align='center' >".$propname."</td>"; $str.="<td height='30' >"; $str.="<input type='text' name='".$pn."' value='".$$pn."' class='input' style='width:499px;' />"; $str.="</td>"; $str.="</tr>"; $i++; } $str.="</table>"; echo $str; exit; break; //?????????? case "addpage" : $nowid=$_POST["nowid"]; $xuhao=0; if($nowid!="" && $nowid!="0"){ $msql->query("select max(xuhao) from {P}_photo_pages where photoid='$nowid'"); if($msql->next_record()){ $xuhao=$msql->f('max(xuhao)'); } $xuhao=$xuhao+1; $msql->query("insert into {P}_photo_pages set photoid='$nowid',xuhao='$xuhao' "); } echo "OK"; exit; break; //????????? case "photopageslist" : $nowid=$_POST["nowid"]; $pageinit=$_POST["pageinit"]; $str="<ul>"; $str.="<li id='p_0' class='pages'>1</li>"; $i=2; $id=0; $msql->query("select id from {P}_photo_pages where photoid='$nowid' order by xuhao"); while($msql->next_record()){ $id=$msql->f('id'); $str.="<li id='p_".$id."' class='pages'>".$i."</li>"; $i++; } //?ж??????? if($pageinit!="new"){ $id=$pageinit; } $str.="<li id='addpage' class='addbutton'>".$strPhotoPagesAdd."</li>"; if($pageinit!="0"){ $str.="<li id='pagedelete' class='addbutton'>".$strPhotoPagesDel."</li>"; $str.="<li id='backtomodi' class='addbutton'>".$strBack."</li>"; } $str.="</ul><input id='photopagesid' name='photopagesid' type='hidden' value='".$id."'>"; echo $str; exit; break; //?????? case "getcontent" : $nowid=$_POST["nowid"]; $photopageid=$_POST["photopageid"]; if($photopageid=="-1"){ $src=""; }elseif($photopageid=="0"){ $msql->query("select src from {P}_photo_con where id='$nowid'"); if($msql->next_record()){ $src=$msql->f('src'); } }else{ $msql->query("select src from {P}_photo_pages where id='$photopageid'"); if($msql->next_record()){ $src=$msql->f('src'); }else{ $src=""; } } echo $src; exit; break; //????? case "photomodify" : $id=$_POST["id"]; $pid=$_POST["pid"]; $catid=$_POST["catid"]; $page=$_POST["page"]; $title=htmlspecialchars($_POST["title"]); $author=htmlspecialchars($_POST["author"]); $source=htmlspecialchars($_POST["source"]); $memo=htmlspecialchars($_POST["memo"]); $oldcatid=$_POST["oldcatid"]; $oldcatpath=$_POST["oldcatpath"]; $prop1=htmlspecialchars($_POST["prop1"]); $prop2=htmlspecialchars($_POST["prop2"]); $prop3=htmlspecialchars($_POST["prop3"]); $prop4=htmlspecialchars($_POST["prop4"]); $prop5=htmlspecialchars($_POST["prop5"]); $prop6=htmlspecialchars($_POST["prop6"]); $prop7=htmlspecialchars($_POST["prop7"]); $prop8=htmlspecialchars($_POST["prop8"]); $prop9=htmlspecialchars($_POST["prop9"]); $prop10=htmlspecialchars($_POST["prop10"]); $prop11=htmlspecialchars($_POST["prop11"]); $prop12=htmlspecialchars($_POST["prop12"]); $prop13=htmlspecialchars($_POST["prop13"]); $prop14=htmlspecialchars($_POST["prop14"]); $prop15=htmlspecialchars($_POST["prop15"]); $prop16=htmlspecialchars($_POST["prop16"]); $prop17=htmlspecialchars($_POST["prop17"]); $prop18=htmlspecialchars($_POST["prop18"]); $prop19=htmlspecialchars($_POST["prop19"]); $prop20=htmlspecialchars($_POST["prop20"]); $tags=$_POST["tags"]; $spe_selec=$_POST["spe_selec"]; $pic=$_FILES["jpg"]; //jform????iframe?????????????????????????? if($pic["size"]>0){ $Meta="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>"; } //У?鴦?? if($title==""){ echo $Meta.$strPhotoNotice6; exit; } if(strlen($title)>200){ echo $Meta.$strPhotoNotice7; exit; } if(strlen($memo)>65000){ echo $Meta.$strPhotoNotice5; exit; } $uptime=time(); //??????????? $msql->query("select catpath from {P}_photo_cat where catid='$catid'"); if($msql->next_record()){ $catpath=$msql->f('catpath'); } //?????????? $count_pro = count ($spe_selec); for ($i = 0; $i < $count_pro; $i ++) { $projid = $spe_selec[$i]; $projpath .= $projid.":"; } //?????? if($pic["size"]>0){ $nowdate=date("Ymd",time()); $picpath="../pics/".$nowdate; @mkdir($picpath,0777); $uppath="photo/pics/".$nowdate; $arr=NewUploadImage($pic["tmp_name"],$pic["type"],$pic["size"],$uppath); if($arr[0]!="err"){ $src=$arr[3]; }else{ echo $Meta.$arr[1]; exit; } $msql->query("select src from {P}_photo_con where id='$id'"); if($msql->next_record()){ $oldsrc=$msql->f('src'); } if(file_exists(ROOTPATH.$oldsrc) && $oldsrc!="" && !strstr($oldsrc,"../")){ unlink(ROOTPATH.$oldsrc); } $msql->query("update {P}_photo_con set src='$src' where id='$id'"); } //??????? for($t=0;$t<sizeof($tags);$t++){ if($tags[$t]!=""){ $tagstr.=$tags[$t].","; } } //???????? $msql->query("update {P}_photo_con set title='$title', memo='$memo', catid='$catid', catpath='$catpath', uptime='$uptime', author='$author', source='$source', proj='$projpath', tags='$tagstr', prop1='$prop1', prop2='$prop2', prop3='$prop3', prop4='$prop4', prop5='$prop5', prop6='$prop6', prop7='$prop7', prop8='$prop8', prop9='$prop9', prop10='$prop10', prop11='$prop11', prop12='$prop12', prop13='$prop13', prop14='$prop14', prop15='$prop15', prop16='$prop16', prop17='$prop17', prop18='$prop18', prop19='$prop19', prop20='$prop20' where id='$id' "); echo "OK"; exit; break; //?????? case "contentmodify" : $photopagesid=$_POST["photopagesid"]; $pic=$_FILES["jpg"]; $Meta="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>"; //У?鴦?? if($pic["size"]<=0){ echo $Meta.$strPhotoNotice3; exit; } //?????? if($pic["size"]>0){ $nowdate=date("Ymd",time()); $picpath="../pics/".$nowdate; @mkdir($picpath,0777); $uppath="photo/pics/".$nowdate; $arr=NewUploadImage($pic["tmp_name"],$pic["type"],$pic["size"],$uppath); if($arr[0]!="err"){ $src=$arr[3]; }else{ echo $Meta.$arr[1]; exit; } $msql->query("select src from {P}_photo_pages where id='$photopagesid'"); if($msql->next_record()){ $oldsrc=$msql->f('src'); } if(file_exists(ROOTPATH.$oldsrc) && $oldsrc!="" && !strstr($oldsrc,"../")){ unlink(ROOTPATH.$oldsrc); } $msql->query("update {P}_photo_pages set src='$src' where id='$photopagesid'"); } echo "OK"; exit; break; //?????? case "photoadd" : $catid=$_POST["catid"]; $title=htmlspecialchars($_POST["title"]); $author=htmlspecialchars($_POST["author"]); $source=htmlspecialchars($_POST["source"]); $memo=htmlspecialchars($_POST["memo"]); $prop1=htmlspecialchars($_POST["prop1"]); $prop2=htmlspecialchars($_POST["prop2"]); $prop3=htmlspecialchars($_POST["prop3"]); $prop4=htmlspecialchars($_POST["prop4"]); $prop5=htmlspecialchars($_POST["prop5"]); $prop6=htmlspecialchars($_POST["prop6"]); $prop7=htmlspecialchars($_POST["prop7"]); $prop8=htmlspecialchars($_POST["prop8"]); $prop9=htmlspecialchars($_POST["prop9"]); $prop10=htmlspecialchars($_POST["prop10"]); $prop11=htmlspecialchars($_POST["prop11"]); $prop12=htmlspecialchars($_POST["prop12"]); $prop13=htmlspecialchars($_POST["prop13"]); $prop14=htmlspecialchars($_POST["prop14"]); $prop15=htmlspecialchars($_POST["prop15"]); $prop16=htmlspecialchars($_POST["prop16"]); $prop17=htmlspecialchars($_POST["prop17"]); $prop18=htmlspecialchars($_POST["prop18"]); $prop19=htmlspecialchars($_POST["prop19"]); $prop20=htmlspecialchars($_POST["prop20"]); $tags=$_POST["tags"]; $pic=$_FILES["jpg"]; $spe_selec=$_POST["spe_selec"]; //jform????iframe?????????????????????????? $Meta="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>"; //У?鴦?? if($pic["size"]<=0){ echo $Meta.$strPhotoNotice3; exit; } if($title==""){ echo $Meta.$strPhotoNotice6; exit; } if(strlen($title)>200){ echo $Meta.$strPhotoNotice7; exit; } if(strlen($memo)>65000){ echo $Meta.$strPhotoNotice5; exit; } $uptime=time(); $dtime=time(); $msql->query("select catpath from {P}_photo_cat where catid='$catid'"); if($msql->next_record()){ $catpath=$msql->f('catpath'); } //????? if($pic["size"]>0){ $nowdate=date("Ymd",time()); $picpath="../pics/".$nowdate; @mkdir($picpath,0777); $uppath="photo/pics/".$nowdate; $arr=NewUploadImage($pic["tmp_name"],$pic["type"],$pic["size"],$uppath); if($arr[0]!="err"){ $src=$arr[3]; }else{ echo $Meta.$arr[1]; exit; } } //?????? $count_pro = count ($spe_selec); for ($i = 0; $i < $count_pro; $i ++) { $projid = $spe_selec[$i]; $projpath .= $projid.":"; } //??????? for($t=0;$t<sizeof($tags);$t++){ if($tags[$t]!=""){ $tagstr.=$tags[$t].","; } } //??? $msql->query("insert into {P}_photo_con set catid='$catid', catpath='$catpath', title='$title', body='$body', dtime='$dtime', xuhao='0', cl='0', tj='0', iffb='1', ifbold='0', ifred='0', type='gif', src='$src', uptime='$dtime', author='$author', source='$source', memberid='0', proj='$projpath', tags='$tagstr', secure='0', memo='$memo', prop1='$prop1', prop2='$prop2', prop3='$prop3', prop4='$prop4', prop5='$prop5', prop6='$prop6', prop7='$prop7', prop8='$prop8', prop9='$prop9', prop10='$prop10', prop11='$prop11', prop12='$prop12', prop13='$prop13', prop14='$prop14', prop15='$prop15', prop16='$prop16', prop17='$prop17', prop18='$prop18', prop19='$prop19', prop20='$prop20' "); echo "OK"; exit; break; //????????? case "pagedelete" : $delpagesid=$_POST["delpagesid"]; $nowid=$_POST["nowid"]; $i=0; $msql->query("select id from {P}_photo_pages where photoid='$nowid' order by xuhao"); while($msql->next_record()){ $id[$i]=$msql->f('id'); if($id[$i]==$delpagesid){ if($i==0){ $lastid=0; }else{ $lastid=$id[$i-1]; } } $i++; } if($lastid==0 && $i>1){ $lastid=$id[1]; } //????? $msql->query("select src from {P}_photo_pages where id='$delpagesid'"); if($msql->next_record()){ $oldsrc=$msql->f('src'); if(file_exists(ROOTPATH.$oldsrc) && $oldsrc!="" && !strstr($oldsrc,"../")){ unlink(ROOTPATH.$oldsrc); } } //???????? $msql->query("delete from {P}_photo_pages where id='$delpagesid'"); echo $lastid; exit; break; //??????? case "addproj" : $project=htmlspecialchars($_POST["project"]); $folder=htmlspecialchars($_POST["folder"]); //У?? if($project==""){ echo $strProjNTC1; exit; } if(strlen($folder)<2 || strlen($folder)>16){ echo $strProjNTC2; exit; } if (!eregi("^[0-9a-z]{1,16}$",$folder)) { echo $strProjNTC3; exit; } if(strstr($folder,"/") || strstr($folder,".")){ echo $strProjNTC3; exit; } //??????????????????????????? $arr = array('main','html','class','detail','query','index','admin','photogl','photofabu','photomodify','photocat','pics'); if (in_array($folder, $arr)==true) { echo $strProjNTC4; exit; } if(file_exists("../project/".$folder)){ echo $strProjNTC4; exit; } $msql->query("select id from {P}_photo_proj where folder='$folder'"); if($msql->next_record()){ echo $strProjNTC4; exit; } $pagename="proj_".$folder; //??????????? @mkdir("../project/".$folder,0777); $fd=fopen("../project/temp.php","r"); $str=fread($fd,"2000"); $str=str_replace("TEMP",$pagename,$str); fclose($fd); $filename="../project/".$folder."/index.php"; $fp=fopen($filename,"w"); fwrite($fp,$str); fclose($fp); @chmod($filename,0755); //??? $msql->query("insert into {P}_photo_proj set `project`='$project', `folder`='$folder' "); //???????? $msql->query("insert into {P}_base_pageset set `name`='$project', `coltype`='photo', `pagename`='$pagename', `pagetitle`='$project', `buildhtml`='index' "); echo "OK"; exit; break; //??????????? case "addzl" : $catid=htmlspecialchars($_POST["catid"]); if($catid==""){ echo $strZlNTC1; exit; } $msql->query("select cat from {P}_photo_cat where catid='$catid'"); if($msql->next_record()){ $cat=$msql->f('cat'); $cat=str_replace("'","",$cat); }else{ echo $strZlNTC2; exit; } //??????????? $pagename="class_".$catid; //??????????? @mkdir("../class/".$catid,0777); $fd=fopen("../class/temp.php","r"); $str=fread($fd,"2000"); $str=str_replace("TEMP",$pagename,$str); fclose($fd); $filename="../class/".$catid."/index.php"; $fp=fopen($filename,"w"); fwrite($fp,$str); fclose($fp); @chmod($filename,0755); //???? $msql->query("update {P}_photo_cat set `ifchannel`='1' where catid='$catid'"); //???????? $msql->query("select id from {P}_base_pageset where coltype='photo' and pagename='$pagename'"); if($msql->next_record()){ }else{ $fsql->query("insert into {P}_base_pageset set `name`='$cat', `coltype`='photo', `pagename`='$pagename', `pagetitle`='$cat', `buildhtml`='index' "); } echo "OK"; exit; break; //?????????? case "delzl" : $catid=htmlspecialchars($_POST["catid"]); if($catid==""){ echo $strZlNTC1; exit; } $msql->query("select catid from {P}_photo_cat where catid='$catid'"); if($msql->next_record()){ }else{ echo $strZlNTC2; exit; } //???????? $pagename="class_".$catid; $msql->query("delete from {P}_base_pageset where coltype='photo' and pagename='$pagename'"); //????????? $msql->query("delete from {P}_base_plus where plustype='photo' and pluslocat='$pagename'"); //???·????? $msql->query("update {P}_photo_cat set `ifchannel`='0' where catid='$catid'"); //?????????? if($catid!="" && strlen($catid)>=1 && !strstr($catid,".") && !strstr($catid,"/")){ DelFold("../class/".$catid); } echo "OK"; exit; break; } ?>