www.gusucode.com > 网猫影视系统NetMao Movie 4.6.6 开源版源码程序 > upload/admin/part3.inc.php
<?php /* *###################################### * Netmao Movie 4.x - NetMao Movie System * Copyright (c) 2007-2008 NetMao.cn * For further information go to http://www.netmao.cn/ * This copyright notice must stay intact for use. *###################################### */ if(!defined('IN_NetMao') || !isset($PHP_SELF) || !preg_match("/[\/\\\\]nmadmin\.php$/", $PHP_SELF)) exit('Access Denied'); switch($action){ case 'config' : if(!$submit){ $styleselect = "<select name=\"styleidnew\" style=\"width:15em\"><option value=\"0\">-Use Default-</option>"; $query = $db->query("SELECT styleid, name FROM {$tablepre}styles"); while($style = $db->fetch_array($query)) { $styleselect .= "<option value=\"$style[styleid]\" ". ($style['styleid'] == $styleid ? 'selected="selected"' : NULL). ">$style[name]</option>\n"; } $styleselect .= '</select>'; $query=$db->query("select variable,value from {$tablepre}settings"); while($setting = $db->fetch_array($query)) { if(in_array($setting['variable'], array('sitename','sitekey','styleid','spiderfile','uploadsize','uploadext','m_areas','m_languages', 'm_actors', 'm_directors', 'm_keywords'))) { $settingvar[$setting['variable']] = $setting['value']; } } nmcptpl('home'); }else{ foreach($settingvar as $variable => $value) { $value = @htmlspecialchars($value); $db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('$variable', '$value')"); } $db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('styleid', '$styleidnew')"); updatecache('settings'); nmsg('operate_succeed','?action=config'); } break; case 'admin_manage' : if(!$submit){ $result=$db->query("SELECT * FROM {$tablepre}admins"); while($r=$db->fetch_array($result)){ $users[]=$r; } nmcptpl('admin'); }else{ $user=addslashes($user); $pwd=addslashes($pwd); $pwd=MD5($pwd); if($user=="" || $pwd==""){ nmsg('info_invalid','?action=admin_manage'); } $result=$db->query("select user from {$tablepre}admins where user='$user'"); if($db->num_rows($result)>0){ nmsg('admin_repeat_invalid','?action=admin_add'); } $db->query("insert into {$tablepre}admins(user,pwd,priv) values('$user','$pwd','3')"); nmsg('operate_succeed','?action=admin_manage'); } break; case 'admin_mod' : if(in_array($id,explode(',',$site_founders)) && $_SESSION[aid]!=$id){nmsg('admin_mod_invalid',"?action=admin_manage");} if(!$submit) { $result=$db->query("SELECT * FROM {$tablepre}admins WHERE id='$id'"); $user=$db->fetch_array($result); nmcptpl('admin'); }else{ if(!$pwd){ $passwordadd=''; }else{ $password = MD5(addslashes($pwd)); $passwordadd = "pwd='$password'"; } if($passwordadd){ $db->query("UPDATE {$tablepre}admins set $passwordadd WHERE id='$id'"); } nmsg('operate_succeed','?action=admin_manage'); } break; case 'admin_del' : if(in_array($id,explode(',',$site_founders))){nmsg('admin_del_invalid',"?action=admin_manage");} if(!$confirmed) { nmsg('operate_duplicate', "?action=admin_del&id=$id", 'form'); }else{ $db->query("DELETE FROM {$tablepre}admins WHERE id='$id'"); nmsg('operate_succeed',"?action=admin_manage"); } break; case 'friend' : if(!$friendlinksubmit) { $friendlinks = ''; $query = $db->query("SELECT * FROM {$tablepre}friendlinks ORDER BY displayorder"); while($friendlink = $db->fetch_array($query)) { $friendlinks[] = $friendlink; } nmcptpl('friend'); } else { if($ids = implodeids( $delete )) { $db->query("DELETE FROM {$tablepre}friendlinks WHERE id IN ($ids)"); } if(is_array($name)) { foreach($name as $id => $val) { $db->query("UPDATE {$tablepre}friendlinks SET displayorder='$displayorder[$id]', name='$name[$id]', url='$url[$id]', description='$description[$id]', logo='$logo[$id]' WHERE id='$id'"); } } if($newname != '') { $db->query("INSERT INTO {$tablepre}friendlinks (displayorder, name, url, description, logo) VALUES ('$newdisplayorder', '$newname', '$newurl', '$newdescription', '$newlogo')"); } updatecache('friendlinks'); nmsg('operate_succeed', '?action=friend'); } break; case 'cat_manage' : if(!$submit){ $perpage='20'; $page=$page ? $page : 1; $mpurl="?action=cat_manage"; $offset=$page ? ($page-1)*$perpage : 0; $query="SELECT count(*) AS num FROM {$tablepre}categorys"; $result=$db->query($query); $r=$db->fetch_array($result); $num=$r["num"]; $pages=phppage($num,$perpage,$page,$mpurl); $result=$db->query("SELECT * FROM {$tablepre}categorys order by displayorder asc LIMIT $offset,$perpage"); while($cat=$db->fetch_array($result)){ $cats[]=$cat; } nmcptpl('category'); }else{ if(!$namenew || !$contentnew){nmsg('info_invalid','','back');exit;} if($db->num_rows($db->query("SELECT cid FROM {$tablepre}categorys WHERE name='$namenew' OR content='$contentnew'")) > 0){ nmsg('cat_name_invalid','','back'); } $db->query("INSERT INTO {$tablepre}categorys(name,content,keyword,displayorder) VALUES('$namenew','$contentnew','$keywordnew','$displayordernew')"); updatecache('categorys'); nmsg('operate_succeed',"?action=cat_manage"); } break; case 'cat_mod' : if(!$submit) { $result=$db->query("SELECT * FROM {$tablepre}categorys WHERE cid='$cid'"); $cat=$db->fetch_array($result); nmcptpl('category'); }else{ if(!$namenew || !$contentnew){nmsg('info_invalid','','back');exit;} if($db->num_rows($db->query("SELECT cid FROM {$tablepre}categorys WHERE cid!='$cid' AND (name='$namenew' OR content='$contentnew')")) > 0){ nmsg('cat_name_invalid','','back'); } $db->query("UPDATE {$tablepre}categorys set name='$namenew',content='$contentnew',keyword='$keywordnew',displayorder='$displayordernew' where cid='$cid'"); updatecache('categorys'); nmsg('operate_succeed',"?action=cat_manage"); } break; case 'cat_del': if(!$confirmed) { $result=$db->query("select * from {$tablepre}movies where cid='$cid'"); if($db->num_rows($result)>0){ nmsg('cat_movie_invalid',"","back");exit; } nmsg('operate_duplicate',"?action=cat_del&cid=$cid", 'form'); }else{ $db->query("DELETE FROM {$tablepre}categorys WHERE cid='$cid'"); updatecache('categorys'); nmsg('operate_succeed',"?action=cat_manage"); } break; case 'cat_order': for($i = 0; $i < count($cids); $i++){ $db->query("UPDATE {$tablepre}categorys SET keyword='$keywords[$i]', displayorder='$displayorders[$i]' WHERE cid=$cids[$i]"); } updatecache('categorys'); nmsg('operate_succeed', "?action=cat_manage"); break; //*** case 'plugin_manage' : if(!$submit){ $perpage='20'; $page=$page ? $page : 1; $mpurl="?action=plugin_manage"; $offset=$page ? ($page-1)*$perpage : 0; $query="SELECT count(*) AS num FROM {$tablepre}plugins"; $result=$db->query($query); $r=$db->fetch_array($result); $num=$r["num"]; $pages=phppage($num,$perpage,$page,$mpurl); $result=$db->query("SELECT * FROM {$tablepre}plugins order by displayorder asc LIMIT $offset,$perpage"); while($plugin=$db->fetch_array($result)){ $plugins[]=$plugin; } nmcptpl('plugin'); }else{ if(!$namenew || !$contentnew){nmsg('info_invalid','','back');exit;} if(in_array($content,array('mlist','moive'))){ nmsg('plugin_sysfile_invalid','','back');} if($db->num_rows($db->query("SELECT pluginid FROM {$tablepre}plugins WHERE name='$namenew' OR content='$contentnew'")) > 0){ nmsg('plugin_name_invalid','','back'); } $db->query("INSERT INTO {$tablepre}plugins(name,content,keyword,displayorder) VALUES('$namenew','$contentnew','$keywordnew','$displayordernew')"); updatecache('plugins'); nmsg('operate_succeed',"?action=plugin_manage"); } break; case 'plugin_mod' : if(!$submit) { $result=$db->query("SELECT * FROM {$tablepre}plugins WHERE pluginid='$pluginid'"); $plugin=$db->fetch_array($result); nmcptpl('plugin'); }else{ if(!$namenew || !$contentnew){nmsg('info_invalid','','back');exit;} if($db->num_rows($db->query("SELECT pluginid FROM {$tablepre}plugins WHERE pluginid!='$pluginid' AND (name='$namenew' OR content='$contentnew')")) > 0){ nmsg('plugin_name_invalid','','back'); } $db->query("UPDATE {$tablepre}plugins set name='$namenew',content='$contentnew',keyword='$keywordnew',displayorder='$displayordernew' where pluginid='$pluginid'"); updatecache('plugins'); nmsg('operate_succeed',"?action=plugin_manage"); } break; case 'plugin_del': $result=$db->query("select * from {$tablepre}plugins where pluginid='$pluginid'"); $plugin=$db->fetch_array($result); if(!$confirmed) { nmsg('operate_duplicate',"?action=plugin_del&pluginid=$pluginid", 'form'); }else{ $db->query("DELETE FROM {$tablepre}plugins WHERE pluginid='$pluginid'"); updatecache('categorys'); nmsg('operate_succeed',"?action=plugin_manage"); } break; case 'plugin_order': for($i = 0; $i < count($pluginids); $i++){ $db->query("UPDATE {$tablepre}plugins SET keyword='$keywords[$i]', displayorder='$displayorders[$i]' WHERE pluginid=$pluginids[$i]"); } updatecache('plugins'); nmsg('operate_succeed', "?action=plugin_manage"); break; //*** case 'player_manage' : if(!$submit){ $perpage='20'; $page=$page ? $page : 1; $mpurl="?action=player_manage"; $offset=$page ? ($page-1)*$perpage : 0; $query="SELECT count(*) AS num FROM {$tablepre}players"; $result=$db->query($query); $r=$db->fetch_array($result); $num=$r["num"]; $pages=phppage($num,$perpage,$page,$mpurl); $result=$db->query("SELECT * FROM {$tablepre}players order by displayorder asc LIMIT $offset,$perpage"); while($player=$db->fetch_array($result)){ $players[]=$player; } nmcptpl('player'); }else{ if(!$namenew || !$identifiernew || !$contentnew){nmsg('info_invalid','','back');} if($db->num_rows($db->query("SELECT playid FROM {$tablepre}players WHERE identifier='$identifiernew' OR content='$contentnew'")) > 0){ nmsg('player_name_invalid','','back'); } $db->query("INSERT INTO {$tablepre}players(name,identifier,content,description,displayorder) VALUES('$namenew','$identifiernew','$contentnew','$descriptionnew','$displayordernew')"); updatecache('players'); nmsg('operate_succeed',"?action=player_manage"); } break; case 'player_mod' : if(!$submit) { $result=$db->query("SELECT * FROM {$tablepre}players WHERE playid='$playid'"); $player=$db->fetch_array($result); nmcptpl('player'); }else{ if(!$namenew || !$identifiernew || !$contentnew){nmsg('info_invalid','','back');} if($db->num_rows($db->query("SELECT playid FROM {$tablepre}players WHERE playid!='$playid' AND (identifier='$identifier' OR content='$content')")) > 0){ nmsg('player_name_invalid','','back'); } $db->query("UPDATE {$tablepre}players set name='$namenew',identifier='$identifiernew',content='$contentnew',description='$descriptionnew',displayorder='$displayordernew' where playid='$playid'"); updatecache('players'); nmsg('operate_succeed',"?action=player_manage"); } break; case 'player_del': if(!$confirmed) { nmsg('operate_duplicate',"?action=player_del&playid=$playid", 'form'); }else{ $db->query("DELETE FROM {$tablepre}players WHERE identifier='$playid'"); updatecache('players'); nmsg('operate_succeed',"?action=player_manage"); } break; case 'player_order': for($i = 0; $i < count($playids); $i++){ $db->query("UPDATE {$tablepre}players SET description='$descriptions[$i]', displayorder='$displayorders[$i]' WHERE playid=$playids[$i]"); } updatecache('players'); nmsg('operate_succeed', "?action=player_manage"); break; //*** case 'server_manage' : if(!$submit){ $perpage='10'; $page=$page ? $page : 1; $mpurl="?action=server_manage"; $offset=$page ? ($page-1)*$perpage : 0; $query="SELECT count(*) AS num FROM {$tablepre}servers"; $result=$db->query($query); $r=$db->fetch_array($result); $num=$r["num"]; $pages=phppage($num,$perpage,$page,$mpurl); $result=$db->query("SELECT * FROM {$tablepre}servers order by displayorder asc LIMIT $offset,$perpage"); while($server=$db->fetch_array($result)){ $servers[]=$server; } nmcptpl('server'); }else{ if(!$namenew || !$identifiernew){nmsg('info_invalid','','back');exit;} if($db->num_rows($db->query("SELECT servid FROM {$tablepre}servers WHERE identifier='$identifiernew'")) > 0){ nmsg('server_name_invalid','','back'); } $contentnew = trim($contentnew); $db->query("INSERT INTO {$tablepre}servers(name,identifier,content,description,displayorder) VALUES('$namenew','$identifiernew','$contentnew','$descriptionnew','$displayordernew')"); updatecache('servers'); nmsg('operate_succeed',"?action=server_manage"); } break; case 'server_mod' : if(!$submit) { $result=$db->query("SELECT * FROM {$tablepre}servers WHERE servid='$servid'"); $server=$db->fetch_array($result); nmcptpl('server'); }else{ if(!$namenew || !$identifiernew){nmsg('info_invalid','','back');} if($db->num_rows($db->query("SELECT servid FROM {$tablepre}servers WHERE servid!='$servid' AND identifier='$identifiernew'")) > 0){ nmsg('server_name_invalid','','back'); } $contentnew = trim($contentnew); $db->query("UPDATE {$tablepre}servers set name='$namenew',identifier='$identifiernew',content='$contentnew',description='$descriptionnew',displayorder='$displayordernew' where servid='$servid'"); updatecache('servers'); nmsg('operate_succeed',"?action=server_manage"); } break; case 'server_del': if(!$confirmed) { nmsg('operate_duplicate',"?action=server_del&servid=$servid", 'form'); }else{ $db->query("DELETE FROM {$tablepre}servers WHERE identifier='$servid'"); updatecache('servers'); nmsg('operate_succeed',"?action=server_manage"); } break; case 'server_order': for($i = 0; $i < count($servids); $i++){ $db->query("UPDATE {$tablepre}servers SET name='$names[$i]', description='$descriptions[$i]', content='$contents[$i]', displayorder='$displayorders[$i]' WHERE servid=$servids[$i]"); } updatecache('servers'); nmsg('operate_succeed', "?action=server_manage"); break; //*** case 'announce_manage' : if(!$submit){ $perpage='10'; $page=$page ? $page : 1; $mpurl="?action=announce_manage"; $offset=$page ? ($page-1)*$perpage : 0; $query="SELECT count(*) AS num FROM {$tablepre}announces"; $result=$db->query($query); $r=$db->fetch_array($result); $num=$r["num"]; $pages=phppage($num,$perpage,$page,$mpurl); $result=$db->query("SELECT * FROM {$tablepre}announces order by displayorder asc LIMIT $offset,$perpage"); while($announce=$db->fetch_array($result)){ $announces[]=$announce; } nmcptpl('announce'); }else{ if(!$name || !$content){ nmsg('info_invalid','','back'); } $db->query("INSERT INTO {$tablepre}announces(name,content,displayorder) VALUES('$name','$content','$displayorder')"); updatecache('announces'); nmsg('operate_succeed','?action=announce_manage'); } break; case 'announce_mod' : if(!$submit) { $result=$db->query("SELECT * FROM {$tablepre}announces WHERE id='$id'"); $announce=$db->fetch_array($result); nmcptpl('announce'); }else{ $db->query("UPDATE {$tablepre}announces set name='$name',content='$content',displayorder='$displayorder' where id='$id'"); updatecache('announces'); nmsg('operate_succeed',"?action=announce_manage"); } break; case 'announce_del': if(!$confirmed) { nmsg('operate_duplicate', "?action=announce_del&id=$id", 'form'); }else{ $db->query("DELETE FROM {$tablepre}announces WHERE id='$id'"); updatecache('announces'); nmsg('operate_succeed',"?action=announce_manage"); } break; case 'announce_order': for($i = 0; $i < count($ids); $i++){ $db->query("UPDATE {$tablepre}announces SET displayorder='$displayorders[$i]' WHERE id=$ids[$i]"); } updatecache('announces'); nmsg('operate_succeed', "?action=announce_manage"); break; } ?>