www.gusucode.com > 3007网博士成品网站管理系统 PHP网站源码程序 > 3007/3007/view/admin/post.php
<?php define("ROOTPATH", "../../"); include(ROOTPATH."includes/admin.inc.php"); include("language/".$sLan.".php"); include("func/upload.inc.php"); NeedAuth(732); $act=$_POST["act"]; switch($act){ //读取参数列 case "proplist" : $catid=$_POST["catid"]; $nowid=$_POST["nowid"]; if($nowid!="" && $nowid!="0"){ $msql->query("select * from {P}_view_con where id='$nowid'"); if($msql->next_record()){ $prop1=$msql->f('prop1'); $prop2=$msql->f('prop2'); $prop3=$msql->f('prop3'); $prop4=$msql->f('prop4'); $prop5=$msql->f('prop5'); $prop6=$msql->f('prop6'); $prop7=$msql->f('prop7'); $prop8=$msql->f('prop8'); $prop9=$msql->f('prop9'); $prop10=$msql->f('prop10'); $prop11=$msql->f('prop11'); $prop12=$msql->f('prop12'); $prop13=$msql->f('prop13'); $prop14=$msql->f('prop14'); $prop15=$msql->f('prop15'); $prop16=$msql->f('prop16'); } } $str="<table width='100%' border='0' align='center' cellpadding='2' cellspacing='0'>"; $i=1; $msql->query("select * from {P}_view_prop where catid='$catid' order by xuhao"); while($msql->next_record()){ $propname=$msql->f('propname'); $pn="prop".$i; $str.="<tr>"; $str.="<td width='100' height='30' align='center' >".$propname."</td>"; $str.="<td height='30' >"; $str.="<input type='text' name='".$pn."' value='".$$pn."' class='input' style='width:499px;' />"; $str.="</td>"; $str.="</tr>"; $i++; } $str.="</table>"; echo $str; exit; break; //视频发布 case "viewadd" : $catid=$_POST["catid"]; $title=htmlspecialchars($_POST["title"]); $url=$_POST["url"]; $sitetype=$_POST["sitetype"]; $author=htmlspecialchars($_POST["author"]); $source=htmlspecialchars($_POST["source"]); $memo=htmlspecialchars($_POST["memo"]); $prop1=htmlspecialchars($_POST["prop1"]); $prop2=htmlspecialchars($_POST["prop2"]); $prop3=htmlspecialchars($_POST["prop3"]); $prop4=htmlspecialchars($_POST["prop4"]); $prop5=htmlspecialchars($_POST["prop5"]); $prop6=htmlspecialchars($_POST["prop6"]); $prop7=htmlspecialchars($_POST["prop7"]); $prop8=htmlspecialchars($_POST["prop8"]); $prop9=htmlspecialchars($_POST["prop9"]); $prop10=htmlspecialchars($_POST["prop10"]); $prop11=htmlspecialchars($_POST["prop11"]); $prop12=htmlspecialchars($_POST["prop12"]); $prop13=htmlspecialchars($_POST["prop13"]); $prop14=htmlspecialchars($_POST["prop14"]); $prop15=htmlspecialchars($_POST["prop15"]); $prop16=htmlspecialchars($_POST["prop16"]); $prop17=htmlspecialchars($_POST["prop17"]); $prop18=htmlspecialchars($_POST["prop18"]); $prop19=htmlspecialchars($_POST["prop19"]); $prop20=htmlspecialchars($_POST["prop20"]); $tags=$_POST["tags"]; $pic=$_FILES["jpg"]; $spe_selec=$_POST["spe_selec"]; $body=$_POST["body"]; $body=Url2Path($body); //谈出提示的编码控制 $Meta="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>"; //数据校验 if($pic["size"]<=0){ //echo $Meta.$strViewNotice3; //exit; } if($title==""){ echo $Meta.$strViewNotice6; exit; } if(strlen($title)>200){ echo $Meta.$strViewNotice7; exit; } if($url==""){ echo $Meta.$strViewNotice10; exit; } if(strlen($url)>65000){ echo $Meta.$strViewNotice11; exit; } if(strlen($memo)>65000){ echo $Meta.$strViewNotice4; exit; } if(strlen($body)>65000){ echo $Meta.$strViewNotice5; exit; } $uptime=time(); $dtime=time(); $msql->query("select catpath from {P}_view_cat where catid='$catid'"); if($msql->next_record()){ $catpath=$msql->f('catpath'); } //缩图处理 if($pic["size"]>0){ $nowdate=date("Ymd",time()); $picpath="../pics/".$nowdate; @mkdir($picpath,0777); $uppath="view/pics/".$nowdate; $arr=NewUploadImage($pic["tmp_name"],$pic["type"],$pic["size"],$uppath); if($arr[0]!="err"){ $src=$arr[3]; }else{ echo $Meta.$arr[1]; exit; } } //专题处理 $count_pro = count ($spe_selec); for ($i = 0; $i < $count_pro; $i ++) { $projid = $spe_selec[$i]; $projpath .= $projid.":"; } //标签处理 for($t=0;$t<sizeof($tags);$t++){ if($tags[$t]!=""){ $tagstr.=$tags[$t].","; } } //标签过滤 $title=str_replace("{#","",$title); $title=str_replace("#}","",$title); $memo=str_replace("{#","",$memo); $memo=str_replace("#}","",$memo); $body=str_replace("{#","{ #",$body); $body=str_replace("#}","# }",$body); //入库 $msql->query("insert into {P}_view_con set catid='$catid', catpath='$catpath', title='$title', url='$url', sitetype='$sitetype', body='$body', dtime='$dtime', xuhao='0', cl='0', tj='0', iffb='1', ifbold='0', ifred='0', type='gif', src='$src', uptime='$dtime', author='$author', source='$source', memberid='0', proj='$projpath', tags='$tagstr', secure='0', memo='$memo', prop1='$prop1', prop2='$prop2', prop3='$prop3', prop4='$prop4', prop5='$prop5', prop6='$prop6', prop7='$prop7', prop8='$prop8', prop9='$prop9', prop10='$prop10', prop11='$prop11', prop12='$prop12', prop13='$prop13', prop14='$prop14', prop15='$prop15', prop16='$prop16', prop17='$prop17', prop18='$prop18', prop19='$prop19', prop20='$prop20' "); echo "OK"; exit; break; //视频修改 case "viewmodify" : $id=$_POST["id"]; $pid=$_POST["pid"]; $catid=$_POST["catid"]; $page=$_POST["page"]; $url=$_POST["url"]; $sitetype=$_POST["sitetype"]; $title=htmlspecialchars($_POST["title"]); $author=htmlspecialchars($_POST["author"]); $source=htmlspecialchars($_POST["source"]); $memo=htmlspecialchars($_POST["memo"]); $oldcatid=$_POST["oldcatid"]; $oldcatpath=$_POST["oldcatpath"]; $prop1=htmlspecialchars($_POST["prop1"]); $prop2=htmlspecialchars($_POST["prop2"]); $prop3=htmlspecialchars($_POST["prop3"]); $prop4=htmlspecialchars($_POST["prop4"]); $prop5=htmlspecialchars($_POST["prop5"]); $prop6=htmlspecialchars($_POST["prop6"]); $prop7=htmlspecialchars($_POST["prop7"]); $prop8=htmlspecialchars($_POST["prop8"]); $prop9=htmlspecialchars($_POST["prop9"]); $prop10=htmlspecialchars($_POST["prop10"]); $prop11=htmlspecialchars($_POST["prop11"]); $prop12=htmlspecialchars($_POST["prop12"]); $prop13=htmlspecialchars($_POST["prop13"]); $prop14=htmlspecialchars($_POST["prop14"]); $prop15=htmlspecialchars($_POST["prop15"]); $prop16=htmlspecialchars($_POST["prop16"]); $prop17=htmlspecialchars($_POST["prop17"]); $prop18=htmlspecialchars($_POST["prop18"]); $prop19=htmlspecialchars($_POST["prop19"]); $prop20=htmlspecialchars($_POST["prop20"]); $tags=$_POST["tags"]; $spe_selec=$_POST["spe_selec"]; $pic=$_FILES["jpg"]; $body=$_POST["body"]; $body=Url2Path($body); //谈出提示的编码控制 $Meta="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>"; //数据校验 if($title==""){ echo $Meta.$strViewNotice6; exit; } if(strlen($title)>200){ echo $Meta.$strViewNotice7; exit; } if($url==""){ echo $Meta.$strViewNotice10; exit; } if(strlen($url)>65000){ echo $Meta.$strViewNotice11; exit; } if(strlen($memo)>65000){ echo $Meta.$strViewNotice5; exit; } if(strlen($body)>65000){ echo $Meta.$strViewNotice5; exit; } $uptime=time(); $msql->query("select catpath from {P}_view_cat where catid='$catid'"); if($msql->next_record()){ $catpath=$msql->f('catpath'); } //缩图处理 if($pic["size"]>0){ $nowdate=date("Ymd",time()); $picpath="../pics/".$nowdate; @mkdir($picpath,0777); $uppath="view/pics/".$nowdate; $arr=NewUploadImage($pic["tmp_name"],$pic["type"],$pic["size"],$uppath); if($arr[0]!="err"){ $src=$arr[3]; }else{ echo $Meta.$arr[1]; exit; } $msql->query("select src from {P}_view_con where id='$id'"); if($msql->next_record()){ $oldsrc=$msql->f('src'); } if(file_exists(ROOTPATH.$oldsrc) && $oldsrc!="" && !strstr($oldsrc,"../")){ unlink(ROOTPATH.$oldsrc); } $msql->query("update {P}_view_con set src='$src' where id='$id'"); } //专题处理 $count_pro = count ($spe_selec); for ($i = 0; $i < $count_pro; $i ++) { $projid = $spe_selec[$i]; $projpath .= $projid.":"; } //标签处理 for($t=0;$t<sizeof($tags);$t++){ if($tags[$t]!=""){ $tagstr.=$tags[$t].","; } } //标签过滤 $title=str_replace("{#","",$title); $title=str_replace("#}","",$title); $memo=str_replace("{#","",$memo); $memo=str_replace("#}","",$memo); $body=str_replace("{#","{ #",$body); $body=str_replace("#}","# }",$body); //入库 $msql->query("update {P}_view_con set title='$title', url='$url', sitetype='$sitetype', memo='$memo', body='$body', catid='$catid', catpath='$catpath', uptime='$uptime', author='$author', source='$source', proj='$projpath', tags='$tagstr', prop1='$prop1', prop2='$prop2', prop3='$prop3', prop4='$prop4', prop5='$prop5', prop6='$prop6', prop7='$prop7', prop8='$prop8', prop9='$prop9', prop10='$prop10', prop11='$prop11', prop12='$prop12', prop13='$prop13', prop14='$prop14', prop15='$prop15', prop16='$prop16', prop17='$prop17', prop18='$prop18', prop19='$prop19', prop20='$prop20' where id='$id' "); echo "OK"; exit; break; //添加专题 case "addproj" : $project=htmlspecialchars($_POST["project"]); $folder=htmlspecialchars($_POST["folder"]); //数据校验 if($project==""){ echo $strProjNTC1; exit; } if(strlen($folder)<2 || strlen($folder)>16){ echo $strProjNTC2; exit; } if (!eregi("^[0-9a-z]{1,16}$",$folder)) { echo $strProjNTC3; exit; } if(strstr($folder,"/") || strstr($folder,".")){ echo $strProjNTC3; exit; } //目录名校验 $arr = array('main','html','class','detail','query','index','admin','viewgl','viewfabu','viewmodify','viewcat','pics'); if (in_array($folder, $arr)==true) { echo $strProjNTC4; exit; } if(file_exists("../project/".$folder)){ echo $strProjNTC4; exit; } $msql->query("select id from {P}_view_proj where folder='$folder'"); if($msql->next_record()){ echo $strProjNTC4; exit; } $pagename="proj_".$folder; //创建专题 @mkdir("../project/".$folder,0777); $fd=fopen("../project/temp.php","r"); $str=fread($fd,"2000"); $str=str_replace("TEMP",$pagename,$str); fclose($fd); $filename="../project/".$folder."/index.php"; $fp=fopen($filename,"w"); fwrite($fp,$str); fclose($fp); @chmod($filename,0755); //专题入库 $msql->query("insert into {P}_view_proj set `project`='$project', `folder`='$folder' "); //插入页面记录 $msql->query("insert into {P}_base_pageset set `name`='$project', `coltype`='view', `pagename`='$pagename', `pagetitle`='$project', `buildhtml`='index' "); echo "OK"; exit; break; } ?>