gusucode.com > 触摸屏公司网站(英文)网站源码程序 > 触摸屏公司网站(英文)网站源码程序/news/admin/post.php
<?php /**********************/ /* */ /* Version : 5.1.0 */ /* Author : RM */ /* Comment : ymjd.cn */ /* */ /**********************/ define( "ROOTPATH", "../../" ); include( ROOTPATH."includes/admin.inc.php" ); include( "language/".$sLan.".php" ); include( "func/upload.inc.php" ); needauth( 122 ); $act = $_POST['act']; switch ( $act ) { case "proplist" : $catid = $_POST['catid']; $nowid = $_POST['nowid']; if ( $nowid != "" && $nowid != "0" ) { $msql->query( "select * from {P}_news_con where id='{$nowid}'" ); if ( $msql->next_record( ) ) { $prop1 = $msql->f( "prop1" ); $prop2 = $msql->f( "prop2" ); $prop3 = $msql->f( "prop3" ); $prop4 = $msql->f( "prop4" ); $prop5 = $msql->f( "prop5" ); $prop6 = $msql->f( "prop6" ); $prop7 = $msql->f( "prop7" ); $prop8 = $msql->f( "prop8" ); $prop9 = $msql->f( "prop9" ); $prop10 = $msql->f( "prop10" ); $prop11 = $msql->f( "prop11" ); $prop12 = $msql->f( "prop12" ); $prop13 = $msql->f( "prop13" ); $prop14 = $msql->f( "prop14" ); $prop15 = $msql->f( "prop15" ); $prop16 = $msql->f( "prop16" ); } } $str = "<table width='100%' border='0' align='center' cellpadding='2' cellspacing='0' >"; $i = 1; $msql->query( "select * from {P}_news_prop where catid='{$catid}' order by xuhao" ); while ( $msql->next_record( ) ) { $propname = $msql->f( "propname" ); $pn = "prop".$i; $str .= "<tr>"; $str .= "<td width='100' height='30' align='center' >".$propname."</td>"; $str .= "<td height='30' >"; $str .= "<input type='text' name='".$pn."' value='".$$pn."' class='input' style='width:499px;' />"; $str .= "</td>"; $str .= "</tr>"; $i++; } $str .= "</table>"; echo $str; exit( ); break; case "addpage" : $nowid = $_POST['nowid']; $xuhao = 0; if ( $nowid != "" && $nowid != "0" ) { $msql->query( "select max(xuhao) from {P}_news_pages where newsid='{$nowid}'" ); if ( $msql->next_record( ) ) { $xuhao = $msql->f( "max(xuhao)" ); } $xuhao = $xuhao + 1; $msql->query( "insert into {P}_news_pages set newsid='{$nowid}',xuhao='{$xuhao}' " ); } echo "OK"; exit( ); break; case "newspageslist" : $nowid = $_POST['nowid']; $pageinit = $_POST['pageinit']; $str = "<ul>"; $str .= "<li id='p_0' class='pages'>1</li>"; $i = 2; $id = 0; $msql->query( "select id from {P}_news_pages where newsid='{$nowid}' order by xuhao" ); while ( $msql->next_record( ) ) { $id = $msql->f( "id" ); $str .= "<li id='p_".$id."' class='pages'>".$i."</li>"; $i++; } if ( $pageinit != "new" ) { $id = $pageinit; } $str .= "<li id='addpage' class='addbutton'>".$strNewsPagesAdd."</li>"; if ( $pageinit != "0" ) { $str .= "<li id='pagedelete' class='addbutton'>".$strNewsPagesDel."</li>"; $str .= "<li id='backtomodi' class='addbutton'>".$strBack."</li>"; } $str .= "<input type='submit' name='modi' onClick='KindSubmit();' value='".$strSave."' class='savebutton' />"; $str .= "</ul><input id='newspagesid' name='newspagesid' type='hidden' value='".$id."'>"; echo $str; exit( ); break; case "getcontent" : $nowid = $_POST['nowid']; $newspageid = $_POST['newspageid']; if ( $newspageid == "-1" ) { $body = ""; } else if ( $newspageid == "0" ) { $msql->query( "select body from {P}_news_con where id='{$nowid}'" ); if ( $msql->next_record( ) ) { $body = $msql->f( "body" ); } } else { $msql->query( "select body from {P}_news_pages where id='{$newspageid}'" ); if ( $msql->next_record( ) ) { $body = $msql->f( "body" ); } else { $body = ""; } } $body = path2url( $body ); echo $body; exit( ); break; case "newsmodify" : $id = $_POST['id']; $pid = $_POST['pid']; $catid = $_POST['catid']; $page = $_POST['page']; $title = htmlspecialchars( $_POST['title'] ); $author = htmlspecialchars( $_POST['author'] ); $source = htmlspecialchars( $_POST['source'] ); $body = $_POST['body']; $memo = $_POST['memo']; $oldcatid = $_POST['oldcatid']; $oldcatpath = $_POST['oldcatpath']; $prop1 = htmlspecialchars( $_POST['prop1'] ); $prop2 = htmlspecialchars( $_POST['prop2'] ); $prop3 = htmlspecialchars( $_POST['prop3'] ); $prop4 = htmlspecialchars( $_POST['prop4'] ); $prop5 = htmlspecialchars( $_POST['prop5'] ); $prop6 = htmlspecialchars( $_POST['prop6'] ); $prop7 = htmlspecialchars( $_POST['prop7'] ); $prop8 = htmlspecialchars( $_POST['prop8'] ); $prop9 = htmlspecialchars( $_POST['prop9'] ); $prop10 = htmlspecialchars( $_POST['prop10'] ); $prop11 = htmlspecialchars( $_POST['prop11'] ); $prop12 = htmlspecialchars( $_POST['prop12'] ); $prop13 = htmlspecialchars( $_POST['prop13'] ); $prop14 = htmlspecialchars( $_POST['prop14'] ); $prop15 = htmlspecialchars( $_POST['prop15'] ); $prop16 = htmlspecialchars( $_POST['prop16'] ); $prop17 = htmlspecialchars( $_POST['prop17'] ); $prop18 = htmlspecialchars( $_POST['prop18'] ); $prop19 = htmlspecialchars( $_POST['prop19'] ); $prop20 = htmlspecialchars( $_POST['prop20'] ); $downcentid = htmlspecialchars( $_POST['downcentid'] ); $downcent = htmlspecialchars( $_POST['downcent'] ); $tags = $_POST['tags']; $spe_selec = $_POST['spe_selec']; $pic = $_FILES['jpg']; $file = $_FILES['file']; $fileurl = $_POST['fileurl']; if ( 0 < $pic['size'] || 0 < $file['size'] ) { $Meta = "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>"; } $uptime = time( ); if ( $title == "" ) { echo $Meta.$strNewsNotice6; exit( ); } if ( 200 < strlen( $title ) ) { echo $Meta.$strNewsNotice7; exit( ); } if ( 65000 < strlen( $body ) ) { echo $Meta.$strNewsNotice5; exit( ); } $body = url2path( $body ); $title = str_replace( "{#", "", $title ); $title = str_replace( "#}", "", $title ); $memo = str_replace( "{#", "", $memo ); $memo = str_replace( "#}", "", $memo ); $body = str_replace( "{#", "{ #", $body ); $body = str_replace( "#}", "# }", $body ); $msql->query( "select catpath from {P}_news_cat where catid='{$catid}'" ); if ( $msql->next_record( ) ) { $catpath = $msql->f( "catpath" ); } $count_pro = count( $spe_selec ); for ( $i = 0; $i < $count_pro; $i++ ) { $projid = $spe_selec[$i]; $projpath .= $projid.":"; } if ( 0 < $file['size'] ) { $nowdate = date( "Ymd", time( ) ); $picpath = "../upload/".$nowdate; @mkdir( $picpath, 511 ); $uppath = "news/upload/".$nowdate; $filearr = newuploadfile( $file['tmp_name'], $file['type'], $file['name'], $file['size'], $uppath ); if ( $filearr[0] != "err" ) { $fileurl = $filearr[3]; } else { echo $Meta.$filearr[1]; exit( ); } $msql->query( "select fileurl from {P}_news_con where id='{$id}'" ); if ( $msql->next_record( ) ) { $oldfileurl = $msql->f( "fileurl" ); } if ( file_exists( ROOTPATH.$oldfileurl ) && $oldfileurl != "" && !strstr( $oldfileurl, "../" ) ) { unlink( ROOTPATH.$oldfileurl ); } } if ( 0 < $pic['size'] ) { $nowdate = date( "Ymd", time( ) ); $picpath = "../pics/".$nowdate; @mkdir( $picpath, 511 ); $uppath = "news/pics/".$nowdate; $arr = newuploadimage( $pic['tmp_name'], $pic['type'], $pic['size'], $uppath ); if ( $arr[0] != "err" ) { $src = $arr[3]; } else { echo $Meta.$arr[1]; exit( ); } $msql->query( "select src from {P}_news_con where id='{$id}'" ); if ( $msql->next_record( ) ) { $oldsrc = $msql->f( "src" ); } if ( file_exists( ROOTPATH.$oldsrc ) && $oldsrc != "" && !strstr( $oldsrc, "../" ) ) { unlink( ROOTPATH.$oldsrc ); } $msql->query( "update {P}_news_con set src='{$src}' where id='{$id}'" ); } for ( $t = 0; $t < sizeof( $tags ); $t++ ) { if ( $tags[$t] != "" ) { $tagstr .= $tags[$t].","; } } $msql->query( "update {P}_news_con set \r\n\t\t\ttitle='{$title}',\r\n\t\t\tmemo='{$memo}',\r\n\t\t\tfileurl='{$fileurl}',\r\n\t\t\tcatid='{$catid}',\r\n\t\t\tcatpath='{$catpath}',\r\n\t\t\tuptime='{$uptime}',\r\n\t\t\tauthor='{$author}',\r\n\t\t\tsource='{$source}',\r\n\t\t\tproj='{$projpath}',\r\n\t\t\ttags='{$tagstr}',\r\n\t\t\tprop1='{$prop1}',\r\n\t\t\tprop2='{$prop2}',\r\n\t\t\tprop3='{$prop3}',\r\n\t\t\tprop4='{$prop4}',\r\n\t\t\tprop5='{$prop5}',\r\n\t\t\tprop6='{$prop6}',\r\n\t\t\tprop7='{$prop7}',\r\n\t\t\tprop8='{$prop8}',\r\n\t\t\tprop9='{$prop9}',\r\n\t\t\tprop10='{$prop10}',\r\n\t\t\tprop11='{$prop11}',\r\n\t\t\tprop12='{$prop12}',\r\n\t\t\tprop13='{$prop13}',\r\n\t\t\tprop14='{$prop14}',\r\n\t\t\tprop15='{$prop15}',\r\n\t\t\tprop16='{$prop16}',\r\n\t\t\tprop17='{$prop17}',\r\n\t\t\tprop18='{$prop18}',\r\n\t\t\tprop19='{$prop19}',\r\n\t\t\tprop20='{$prop20}',\r\n\t\t\tdowncentid='{$downcentid}',\r\n\t\t\tdowncent='{$downcent}',\r\n\t\t\tbody='{$body}'\r\n\t\t\twhere id='{$id}'\r\n\t\t" ); echo "OK"; exit( ); break; case "contentmodify" : $newspagesid = $_POST['newspagesid']; $body = $_POST['body']; if ( 65000 < strlen( $body ) ) { echo $strNewsNotice5; exit( ); } $body = url2path( $body ); $msql->query( "update {P}_news_pages set body='{$body}' where id='{$newspagesid}'" ); echo "OK"; exit( ); break; case "newsadd" : $catid = $_POST['catid']; $body = $_POST['body']; $title = htmlspecialchars( $_POST['title'] ); $author = htmlspecialchars( $_POST['author'] ); $source = htmlspecialchars( $_POST['source'] ); $memo = $_POST['memo']; $prop1 = htmlspecialchars( $_POST['prop1'] ); $prop2 = htmlspecialchars( $_POST['prop2'] ); $prop3 = htmlspecialchars( $_POST['prop3'] ); $prop4 = htmlspecialchars( $_POST['prop4'] ); $prop5 = htmlspecialchars( $_POST['prop5'] ); $prop6 = htmlspecialchars( $_POST['prop6'] ); $prop7 = htmlspecialchars( $_POST['prop7'] ); $prop8 = htmlspecialchars( $_POST['prop8'] ); $prop9 = htmlspecialchars( $_POST['prop9'] ); $prop10 = htmlspecialchars( $_POST['prop10'] ); $prop11 = htmlspecialchars( $_POST['prop11'] ); $prop12 = htmlspecialchars( $_POST['prop12'] ); $prop13 = htmlspecialchars( $_POST['prop13'] ); $prop14 = htmlspecialchars( $_POST['prop14'] ); $prop15 = htmlspecialchars( $_POST['prop15'] ); $prop16 = htmlspecialchars( $_POST['prop16'] ); $prop17 = htmlspecialchars( $_POST['prop17'] ); $prop18 = htmlspecialchars( $_POST['prop18'] ); $prop19 = htmlspecialchars( $_POST['prop19'] ); $prop20 = htmlspecialchars( $_POST['prop20'] ); $downcentid = htmlspecialchars( $_POST['downcentid'] ); $downcent = htmlspecialchars( $_POST['downcent'] ); $tags = $_POST['tags']; trylimit( "_news_con", 100, "id" ); $fileurl = $_POST['fileurl']; $pic = $_FILES['jpg']; $file = $_FILES['file']; $spe_selec = $_POST['spe_selec']; if ( 0 < $pic['size'] || 0 < $file['size'] ) { $Meta = "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>"; } $uptime = time( ); if ( $title == "" ) { echo $Meta.$strNewsNotice6; exit( ); } if ( 200 < strlen( $title ) ) { echo $Meta.$strNewsNotice7; exit( ); } if ( 65000 < strlen( $body ) ) { echo $Meta.$strNewsNotice5; exit( ); } $dtime = time( ); $msql->query( "select catpath from {P}_news_cat where catid='{$catid}'" ); if ( $msql->next_record( ) ) { $catpath = $msql->f( "catpath" ); } $body = url2path( $body ); $title = str_replace( "{#", "", $title ); $title = str_replace( "#}", "", $title ); $memo = str_replace( "{#", "", $memo ); $memo = str_replace( "#}", "", $memo ); $body = str_replace( "{#", "{ #", $body ); $body = str_replace( "#}", "# }", $body ); if ( 0 < $pic['size'] ) { $nowdate = date( "Ymd", time( ) ); $picpath = "../pics/".$nowdate; @mkdir( $picpath, 511 ); $uppath = "news/pics/".$nowdate; $arr = newuploadimage( $pic['tmp_name'], $pic['type'], $pic['size'], $uppath ); if ( $arr[0] != "err" ) { $src = $arr[3]; } else { echo $Meta.$arr[1]; exit( ); } } if ( 0 < $file['size'] ) { $nowdate = date( "Ymd", time( ) ); $picpath = "../upload/".$nowdate; @mkdir( $picpath, 511 ); $uppath = "news/upload/".$nowdate; $filearr = newuploadfile( $file['tmp_name'], $file['type'], $file['name'], $file['size'], $uppath ); if ( $filearr[0] != "err" ) { $fileurl = $filearr[3]; } else { echo $Meta.$filearr[1]; exit( ); } } $count_pro = count( $spe_selec ); for ( $i = 0; $i < $count_pro; $i++ ) { $projid = $spe_selec[$i]; $projpath .= $projid.":"; } for ( $t = 0; $t < sizeof( $tags ); $t++ ) { if ( $tags[$t] != "" ) { $tagstr .= $tags[$t].","; } } $msql->query( "insert into {P}_news_con set\r\n\t\tcatid='{$catid}',\r\n\t\tcatpath='{$catpath}',\r\n\t\ttitle='{$title}',\r\n\t\tbody='{$body}',\r\n\t\tdtime='{$dtime}',\r\n\t\txuhao='0',\r\n\t\tcl='0',\r\n\t\ttj='0',\r\n\t\tiffb='1',\r\n\t\tifbold='0',\r\n\t\tifred='0',\r\n\t\ttype='gif',\r\n\t\tsrc='{$src}',\r\n\t\tuptime='{$dtime}',\r\n\t\tauthor='{$author}',\r\n\t\tsource='{$source}',\r\n\t\tmemberid='0',\r\n\t\tproj='{$projpath}',\r\n\t\ttags='{$tagstr}',\r\n\t\tsecure='0',\r\n\t\tmemo='{$memo}',\r\n\t\tprop1='{$prop1}',\r\n\t\tprop2='{$prop2}',\r\n\t\tprop3='{$prop3}',\r\n\t\tprop4='{$prop4}',\r\n\t\tprop5='{$prop5}',\r\n\t\tprop6='{$prop6}',\r\n\t\tprop7='{$prop7}',\r\n\t\tprop8='{$prop8}',\r\n\t\tprop9='{$prop9}',\r\n\t\tprop10='{$prop10}',\r\n\t\tprop11='{$prop11}',\r\n\t\tprop12='{$prop12}',\r\n\t\tprop13='{$prop13}',\r\n\t\tprop14='{$prop14}',\r\n\t\tprop15='{$prop15}',\r\n\t\tprop16='{$prop16}',\r\n\t\tprop17='{$prop17}',\r\n\t\tprop18='{$prop18}',\r\n\t\tprop19='{$prop19}',\r\n\t\tprop20='{$prop20}',\r\n\t\tdowncentid='{$downcentid}',\r\n\t\tdowncent='{$downcent}',\r\n\t\tfileurl='{$fileurl}'\r\n\t\t" ); echo "OK"; exit( ); break; case "pagedelete" : $delpagesid = $_POST['delpagesid']; $nowid = $_POST['nowid']; $i = 0; $msql->query( "select id from {P}_news_pages where newsid='{$nowid}' order by xuhao" ); while ( $msql->next_record( ) ) { $id[$i] = $msql->f( "id" ); if ( $id[$i] == $delpagesid ) { if ( $i == 0 ) { $lastid = 0; } else { $lastid = $id[$i - 1]; } } $i++; } if ( $lastid == 0 && 1 < $i ) { $lastid = $id[1]; } $msql->query( "delete from {P}_news_pages where id='{$delpagesid}'" ); echo $lastid; exit( ); break; case "addproj" : $project = htmlspecialchars( $_POST['project'] ); $folder = htmlspecialchars( $_POST['folder'] ); if ( $project == "" ) { echo $strProjNTC1; exit( ); } if ( strlen( $folder ) < 2 || 16 < strlen( $folder ) ) { echo $strProjNTC2; exit( ); } if ( !eregi( "^[0-9a-z]{1,16}\$", $folder ) ) { echo $strProjNTC3; exit( ); } if ( strstr( $folder, "/" ) || strstr( $folder, "." ) ) { echo $strProjNTC3; exit( ); } $arr = array( "main", "html", "class", "detail", "query", "index", "admin", "newsgl", "newsfabu", "newsmodify", "newscat", "news" ); if ( in_array( $folder, $arr ) == true ) { echo $strProjNTC4; exit( ); } if ( file_exists( "../project/".$folder ) ) { echo $strProjNTC4; exit( ); } $msql->query( "select id from {P}_news_proj where folder='{$folder}'" ); if ( $msql->next_record( ) ) { echo $strProjNTC4; exit( ); } $pagename = "proj_".$folder; @mkdir( "../project/".$folder, 511 ); $fd = fopen( "../project/temp.php", "r" ); $str = fread( $fd, "2000" ); $str = str_replace( "TEMP", $pagename, $str ); fclose( $fd ); $filename = "../project/".$folder."/index.php"; $fp = fopen( $filename, "w" ); fwrite( $fp, $str ); fclose( $fp ); @chmod( $filename, 493 ); $msql->query( "insert into {P}_news_proj set \r\n\t\t\t`project`='{$project}',\r\n\t\t\t`folder`='{$folder}'\r\n\t\t" ); $msql->query( "insert into {P}_base_pageset set \r\n\t\t\t`name`='{$project}',\r\n\t\t\t`coltype`='news',\r\n\t\t\t`pagename`='{$pagename}',\r\n\t\t\t`pagetitle`='{$project}',\r\n\t\t\t`buildhtml`='index'\r\n\t\t" ); echo "OK"; exit( ); break; case "addzl" : $catid = htmlspecialchars( $_POST['catid'] ); if ( $catid == "" ) { echo $strZlNTC1; exit( ); } $msql->query( "select cat from {P}_news_cat where catid='{$catid}'" ); if ( $msql->next_record( ) ) { $cat = $msql->f( "cat" ); $cat = str_replace( "'", "", $cat ); } else { echo $strZlNTC2; exit( ); } $pagename = "class_".$catid; @mkdir( "../class/".$catid, 511 ); $fd = fopen( "../class/temp.php", "r" ); $str = fread( $fd, "2000" ); $str = str_replace( "TEMP", $pagename, $str ); fclose( $fd ); $filename = "../class/".$catid."/index.php"; $fp = fopen( $filename, "w" ); fwrite( $fp, $str ); fclose( $fp ); @chmod( $filename, 493 ); $msql->query( "update {P}_news_cat set `ifchannel`='1' where catid='{$catid}'" ); $msql->query( "select id from {P}_base_pageset where coltype='news' and pagename='{$pagename}'" ); if ( $msql->next_record( ) ) { } else { $fsql->query( "insert into {P}_base_pageset set \r\n\t\t\t`name`='{$cat}',\r\n\t\t\t`coltype`='news',\r\n\t\t\t`pagename`='{$pagename}',\r\n\t\t\t`pagetitle`='{$cat}',\r\n\t\t\t`buildhtml`='index'\r\n\t\t\t" ); } echo "OK"; exit( ); break; case "delzl" : $catid = htmlspecialchars( $_POST['catid'] ); if ( $catid == "" ) { echo $strZlNTC1; exit( ); } $msql->query( "select catid from {P}_news_cat where catid='{$catid}'" ); if ( $msql->next_record( ) ) { } else { echo $strZlNTC2; exit( ); } $pagename = "class_".$catid; $msql->query( "delete from {P}_base_pageset where coltype='news' and pagename='{$pagename}'" ); $msql->query( "delete from {P}_base_plus where plustype='news' and pluslocat='{$pagename}'" ); $msql->query( "update {P}_news_cat set `ifchannel`='0' where catid='{$catid}'" ); if ( $catid != "" && 1 <= strlen( $catid ) && !strstr( $catid, "." ) && !strstr( $catid, "/" ) ) { delfold( "../class/".$catid ); } echo "OK"; exit( ); break; } ?>