www.gusucode.com > 3007网博士成品网站管理系统 PHP网站源码程序 > 3007/3007/view/admin/post.php
<?php
define("ROOTPATH", "../../");
include(ROOTPATH."includes/admin.inc.php");
include("language/".$sLan.".php");
include("func/upload.inc.php");
NeedAuth(732);
$act=$_POST["act"];
switch($act){
//读取参数列
case "proplist" :
$catid=$_POST["catid"];
$nowid=$_POST["nowid"];
if($nowid!="" && $nowid!="0"){
$msql->query("select * from {P}_view_con where id='$nowid'");
if($msql->next_record()){
$prop1=$msql->f('prop1');
$prop2=$msql->f('prop2');
$prop3=$msql->f('prop3');
$prop4=$msql->f('prop4');
$prop5=$msql->f('prop5');
$prop6=$msql->f('prop6');
$prop7=$msql->f('prop7');
$prop8=$msql->f('prop8');
$prop9=$msql->f('prop9');
$prop10=$msql->f('prop10');
$prop11=$msql->f('prop11');
$prop12=$msql->f('prop12');
$prop13=$msql->f('prop13');
$prop14=$msql->f('prop14');
$prop15=$msql->f('prop15');
$prop16=$msql->f('prop16');
}
}
$str="<table width='100%' border='0' align='center' cellpadding='2' cellspacing='0'>";
$i=1;
$msql->query("select * from {P}_view_prop where catid='$catid' order by xuhao");
while($msql->next_record()){
$propname=$msql->f('propname');
$pn="prop".$i;
$str.="<tr>";
$str.="<td width='100' height='30' align='center' >".$propname."</td>";
$str.="<td height='30' >";
$str.="<input type='text' name='".$pn."' value='".$$pn."' class='input' style='width:499px;' />";
$str.="</td>";
$str.="</tr>";
$i++;
}
$str.="</table>";
echo $str;
exit;
break;
//视频发布
case "viewadd" :
$catid=$_POST["catid"];
$title=htmlspecialchars($_POST["title"]);
$url=$_POST["url"];
$sitetype=$_POST["sitetype"];
$author=htmlspecialchars($_POST["author"]);
$source=htmlspecialchars($_POST["source"]);
$memo=htmlspecialchars($_POST["memo"]);
$prop1=htmlspecialchars($_POST["prop1"]);
$prop2=htmlspecialchars($_POST["prop2"]);
$prop3=htmlspecialchars($_POST["prop3"]);
$prop4=htmlspecialchars($_POST["prop4"]);
$prop5=htmlspecialchars($_POST["prop5"]);
$prop6=htmlspecialchars($_POST["prop6"]);
$prop7=htmlspecialchars($_POST["prop7"]);
$prop8=htmlspecialchars($_POST["prop8"]);
$prop9=htmlspecialchars($_POST["prop9"]);
$prop10=htmlspecialchars($_POST["prop10"]);
$prop11=htmlspecialchars($_POST["prop11"]);
$prop12=htmlspecialchars($_POST["prop12"]);
$prop13=htmlspecialchars($_POST["prop13"]);
$prop14=htmlspecialchars($_POST["prop14"]);
$prop15=htmlspecialchars($_POST["prop15"]);
$prop16=htmlspecialchars($_POST["prop16"]);
$prop17=htmlspecialchars($_POST["prop17"]);
$prop18=htmlspecialchars($_POST["prop18"]);
$prop19=htmlspecialchars($_POST["prop19"]);
$prop20=htmlspecialchars($_POST["prop20"]);
$tags=$_POST["tags"];
$pic=$_FILES["jpg"];
$spe_selec=$_POST["spe_selec"];
$body=$_POST["body"];
$body=Url2Path($body);
//谈出提示的编码控制
$Meta="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>";
//数据校验
if($pic["size"]<=0){
//echo $Meta.$strViewNotice3;
//exit;
}
if($title==""){
echo $Meta.$strViewNotice6;
exit;
}
if(strlen($title)>200){
echo $Meta.$strViewNotice7;
exit;
}
if($url==""){
echo $Meta.$strViewNotice10;
exit;
}
if(strlen($url)>65000){
echo $Meta.$strViewNotice11;
exit;
}
if(strlen($memo)>65000){
echo $Meta.$strViewNotice4;
exit;
}
if(strlen($body)>65000){
echo $Meta.$strViewNotice5;
exit;
}
$uptime=time();
$dtime=time();
$msql->query("select catpath from {P}_view_cat where catid='$catid'");
if($msql->next_record()){
$catpath=$msql->f('catpath');
}
//缩图处理
if($pic["size"]>0){
$nowdate=date("Ymd",time());
$picpath="../pics/".$nowdate;
@mkdir($picpath,0777);
$uppath="view/pics/".$nowdate;
$arr=NewUploadImage($pic["tmp_name"],$pic["type"],$pic["size"],$uppath);
if($arr[0]!="err"){
$src=$arr[3];
}else{
echo $Meta.$arr[1];
exit;
}
}
//专题处理
$count_pro = count ($spe_selec);
for ($i = 0; $i < $count_pro; $i ++) {
$projid = $spe_selec[$i];
$projpath .= $projid.":";
}
//标签处理
for($t=0;$t<sizeof($tags);$t++){
if($tags[$t]!=""){
$tagstr.=$tags[$t].",";
}
}
//标签过滤
$title=str_replace("{#","",$title);
$title=str_replace("#}","",$title);
$memo=str_replace("{#","",$memo);
$memo=str_replace("#}","",$memo);
$body=str_replace("{#","{ #",$body);
$body=str_replace("#}","# }",$body);
//入库
$msql->query("insert into {P}_view_con set
catid='$catid',
catpath='$catpath',
title='$title',
url='$url',
sitetype='$sitetype',
body='$body',
dtime='$dtime',
xuhao='0',
cl='0',
tj='0',
iffb='1',
ifbold='0',
ifred='0',
type='gif',
src='$src',
uptime='$dtime',
author='$author',
source='$source',
memberid='0',
proj='$projpath',
tags='$tagstr',
secure='0',
memo='$memo',
prop1='$prop1',
prop2='$prop2',
prop3='$prop3',
prop4='$prop4',
prop5='$prop5',
prop6='$prop6',
prop7='$prop7',
prop8='$prop8',
prop9='$prop9',
prop10='$prop10',
prop11='$prop11',
prop12='$prop12',
prop13='$prop13',
prop14='$prop14',
prop15='$prop15',
prop16='$prop16',
prop17='$prop17',
prop18='$prop18',
prop19='$prop19',
prop20='$prop20'
");
echo "OK";
exit;
break;
//视频修改
case "viewmodify" :
$id=$_POST["id"];
$pid=$_POST["pid"];
$catid=$_POST["catid"];
$page=$_POST["page"];
$url=$_POST["url"];
$sitetype=$_POST["sitetype"];
$title=htmlspecialchars($_POST["title"]);
$author=htmlspecialchars($_POST["author"]);
$source=htmlspecialchars($_POST["source"]);
$memo=htmlspecialchars($_POST["memo"]);
$oldcatid=$_POST["oldcatid"];
$oldcatpath=$_POST["oldcatpath"];
$prop1=htmlspecialchars($_POST["prop1"]);
$prop2=htmlspecialchars($_POST["prop2"]);
$prop3=htmlspecialchars($_POST["prop3"]);
$prop4=htmlspecialchars($_POST["prop4"]);
$prop5=htmlspecialchars($_POST["prop5"]);
$prop6=htmlspecialchars($_POST["prop6"]);
$prop7=htmlspecialchars($_POST["prop7"]);
$prop8=htmlspecialchars($_POST["prop8"]);
$prop9=htmlspecialchars($_POST["prop9"]);
$prop10=htmlspecialchars($_POST["prop10"]);
$prop11=htmlspecialchars($_POST["prop11"]);
$prop12=htmlspecialchars($_POST["prop12"]);
$prop13=htmlspecialchars($_POST["prop13"]);
$prop14=htmlspecialchars($_POST["prop14"]);
$prop15=htmlspecialchars($_POST["prop15"]);
$prop16=htmlspecialchars($_POST["prop16"]);
$prop17=htmlspecialchars($_POST["prop17"]);
$prop18=htmlspecialchars($_POST["prop18"]);
$prop19=htmlspecialchars($_POST["prop19"]);
$prop20=htmlspecialchars($_POST["prop20"]);
$tags=$_POST["tags"];
$spe_selec=$_POST["spe_selec"];
$pic=$_FILES["jpg"];
$body=$_POST["body"];
$body=Url2Path($body);
//谈出提示的编码控制
$Meta="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>";
//数据校验
if($title==""){
echo $Meta.$strViewNotice6;
exit;
}
if(strlen($title)>200){
echo $Meta.$strViewNotice7;
exit;
}
if($url==""){
echo $Meta.$strViewNotice10;
exit;
}
if(strlen($url)>65000){
echo $Meta.$strViewNotice11;
exit;
}
if(strlen($memo)>65000){
echo $Meta.$strViewNotice5;
exit;
}
if(strlen($body)>65000){
echo $Meta.$strViewNotice5;
exit;
}
$uptime=time();
$msql->query("select catpath from {P}_view_cat where catid='$catid'");
if($msql->next_record()){
$catpath=$msql->f('catpath');
}
//缩图处理
if($pic["size"]>0){
$nowdate=date("Ymd",time());
$picpath="../pics/".$nowdate;
@mkdir($picpath,0777);
$uppath="view/pics/".$nowdate;
$arr=NewUploadImage($pic["tmp_name"],$pic["type"],$pic["size"],$uppath);
if($arr[0]!="err"){
$src=$arr[3];
}else{
echo $Meta.$arr[1];
exit;
}
$msql->query("select src from {P}_view_con where id='$id'");
if($msql->next_record()){
$oldsrc=$msql->f('src');
}
if(file_exists(ROOTPATH.$oldsrc) && $oldsrc!="" && !strstr($oldsrc,"../")){
unlink(ROOTPATH.$oldsrc);
}
$msql->query("update {P}_view_con set src='$src' where id='$id'");
}
//专题处理
$count_pro = count ($spe_selec);
for ($i = 0; $i < $count_pro; $i ++) {
$projid = $spe_selec[$i];
$projpath .= $projid.":";
}
//标签处理
for($t=0;$t<sizeof($tags);$t++){
if($tags[$t]!=""){
$tagstr.=$tags[$t].",";
}
}
//标签过滤
$title=str_replace("{#","",$title);
$title=str_replace("#}","",$title);
$memo=str_replace("{#","",$memo);
$memo=str_replace("#}","",$memo);
$body=str_replace("{#","{ #",$body);
$body=str_replace("#}","# }",$body);
//入库
$msql->query("update {P}_view_con set
title='$title',
url='$url',
sitetype='$sitetype',
memo='$memo',
body='$body',
catid='$catid',
catpath='$catpath',
uptime='$uptime',
author='$author',
source='$source',
proj='$projpath',
tags='$tagstr',
prop1='$prop1',
prop2='$prop2',
prop3='$prop3',
prop4='$prop4',
prop5='$prop5',
prop6='$prop6',
prop7='$prop7',
prop8='$prop8',
prop9='$prop9',
prop10='$prop10',
prop11='$prop11',
prop12='$prop12',
prop13='$prop13',
prop14='$prop14',
prop15='$prop15',
prop16='$prop16',
prop17='$prop17',
prop18='$prop18',
prop19='$prop19',
prop20='$prop20'
where id='$id'
");
echo "OK";
exit;
break;
//添加专题
case "addproj" :
$project=htmlspecialchars($_POST["project"]);
$folder=htmlspecialchars($_POST["folder"]);
//数据校验
if($project==""){
echo $strProjNTC1;
exit;
}
if(strlen($folder)<2 || strlen($folder)>16){
echo $strProjNTC2;
exit;
}
if (!eregi("^[0-9a-z]{1,16}$",$folder)) {
echo $strProjNTC3;
exit;
}
if(strstr($folder,"/") || strstr($folder,".")){
echo $strProjNTC3;
exit;
}
//目录名校验
$arr = array('main','html','class','detail','query','index','admin','viewgl','viewfabu','viewmodify','viewcat','pics');
if (in_array($folder, $arr)==true) {
echo $strProjNTC4;
exit;
}
if(file_exists("../project/".$folder)){
echo $strProjNTC4;
exit;
}
$msql->query("select id from {P}_view_proj where folder='$folder'");
if($msql->next_record()){
echo $strProjNTC4;
exit;
}
$pagename="proj_".$folder;
//创建专题
@mkdir("../project/".$folder,0777);
$fd=fopen("../project/temp.php","r");
$str=fread($fd,"2000");
$str=str_replace("TEMP",$pagename,$str);
fclose($fd);
$filename="../project/".$folder."/index.php";
$fp=fopen($filename,"w");
fwrite($fp,$str);
fclose($fp);
@chmod($filename,0755);
//专题入库
$msql->query("insert into {P}_view_proj set
`project`='$project',
`folder`='$folder'
");
//插入页面记录
$msql->query("insert into {P}_base_pageset set
`name`='$project',
`coltype`='view',
`pagename`='$pagename',
`pagetitle`='$project',
`buildhtml`='index'
");
echo "OK";
exit;
break;
}
?>