www.gusucode.com > 网猫影视系统NetMao Movie 4.6.6 开源版源码程序 > upload/admin/part3.inc.php
<?php
/*
*######################################
* Netmao Movie 4.x - NetMao Movie System
* Copyright (c) 2007-2008 NetMao.cn
* For further information go to http://www.netmao.cn/
* This copyright notice must stay intact for use.
*######################################
*/
if(!defined('IN_NetMao') || !isset($PHP_SELF) || !preg_match("/[\/\\\\]nmadmin\.php$/", $PHP_SELF)) exit('Access Denied');
switch($action){
case 'config' :
if(!$submit){
$styleselect = "<select name=\"styleidnew\" style=\"width:15em\"><option value=\"0\">-Use Default-</option>";
$query = $db->query("SELECT styleid, name FROM {$tablepre}styles");
while($style = $db->fetch_array($query)) {
$styleselect .= "<option value=\"$style[styleid]\" ".
($style['styleid'] == $styleid ? 'selected="selected"' : NULL).
">$style[name]</option>\n";
}
$styleselect .= '</select>';
$query=$db->query("select variable,value from {$tablepre}settings");
while($setting = $db->fetch_array($query)) {
if(in_array($setting['variable'], array('sitename','sitekey','styleid','spiderfile','uploadsize','uploadext','m_areas','m_languages', 'm_actors', 'm_directors', 'm_keywords'))) {
$settingvar[$setting['variable']] = $setting['value'];
}
}
nmcptpl('home');
}else{
foreach($settingvar as $variable => $value) {
$value = @htmlspecialchars($value);
$db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('$variable', '$value')");
}
$db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('styleid', '$styleidnew')");
updatecache('settings');
nmsg('operate_succeed','?action=config');
}
break;
case 'admin_manage' :
if(!$submit){
$result=$db->query("SELECT * FROM {$tablepre}admins");
while($r=$db->fetch_array($result)){
$users[]=$r;
}
nmcptpl('admin');
}else{
$user=addslashes($user);
$pwd=addslashes($pwd);
$pwd=MD5($pwd);
if($user=="" || $pwd==""){ nmsg('info_invalid','?action=admin_manage'); }
$result=$db->query("select user from {$tablepre}admins where user='$user'");
if($db->num_rows($result)>0){ nmsg('admin_repeat_invalid','?action=admin_add'); }
$db->query("insert into {$tablepre}admins(user,pwd,priv) values('$user','$pwd','3')");
nmsg('operate_succeed','?action=admin_manage');
}
break;
case 'admin_mod' :
if(in_array($id,explode(',',$site_founders)) && $_SESSION[aid]!=$id){nmsg('admin_mod_invalid',"?action=admin_manage");}
if(!$submit) {
$result=$db->query("SELECT * FROM {$tablepre}admins WHERE id='$id'");
$user=$db->fetch_array($result);
nmcptpl('admin');
}else{
if(!$pwd){ $passwordadd=''; }else{ $password = MD5(addslashes($pwd)); $passwordadd = "pwd='$password'"; }
if($passwordadd){
$db->query("UPDATE {$tablepre}admins set $passwordadd WHERE id='$id'");
}
nmsg('operate_succeed','?action=admin_manage');
}
break;
case 'admin_del' :
if(in_array($id,explode(',',$site_founders))){nmsg('admin_del_invalid',"?action=admin_manage");}
if(!$confirmed) {
nmsg('operate_duplicate', "?action=admin_del&id=$id", 'form');
}else{
$db->query("DELETE FROM {$tablepre}admins WHERE id='$id'");
nmsg('operate_succeed',"?action=admin_manage");
}
break;
case 'friend' :
if(!$friendlinksubmit) {
$friendlinks = '';
$query = $db->query("SELECT * FROM {$tablepre}friendlinks ORDER BY displayorder");
while($friendlink = $db->fetch_array($query)) {
$friendlinks[] = $friendlink;
}
nmcptpl('friend');
} else {
if($ids = implodeids( $delete )) {
$db->query("DELETE FROM {$tablepre}friendlinks WHERE id IN ($ids)");
}
if(is_array($name)) {
foreach($name as $id => $val) {
$db->query("UPDATE {$tablepre}friendlinks SET displayorder='$displayorder[$id]', name='$name[$id]', url='$url[$id]', description='$description[$id]', logo='$logo[$id]' WHERE id='$id'");
}
}
if($newname != '') {
$db->query("INSERT INTO {$tablepre}friendlinks (displayorder, name, url, description, logo) VALUES ('$newdisplayorder', '$newname', '$newurl', '$newdescription', '$newlogo')");
}
updatecache('friendlinks');
nmsg('operate_succeed', '?action=friend');
}
break;
case 'cat_manage' :
if(!$submit){
$perpage='20';
$page=$page ? $page : 1;
$mpurl="?action=cat_manage";
$offset=$page ? ($page-1)*$perpage : 0;
$query="SELECT count(*) AS num FROM {$tablepre}categorys";
$result=$db->query($query);
$r=$db->fetch_array($result);
$num=$r["num"];
$pages=phppage($num,$perpage,$page,$mpurl);
$result=$db->query("SELECT * FROM {$tablepre}categorys order by displayorder asc LIMIT $offset,$perpage");
while($cat=$db->fetch_array($result)){
$cats[]=$cat;
}
nmcptpl('category');
}else{
if(!$namenew || !$contentnew){nmsg('info_invalid','','back');exit;}
if($db->num_rows($db->query("SELECT cid FROM {$tablepre}categorys WHERE name='$namenew' OR content='$contentnew'")) > 0){
nmsg('cat_name_invalid','','back');
}
$db->query("INSERT INTO {$tablepre}categorys(name,content,keyword,displayorder) VALUES('$namenew','$contentnew','$keywordnew','$displayordernew')");
updatecache('categorys');
nmsg('operate_succeed',"?action=cat_manage");
}
break;
case 'cat_mod' :
if(!$submit) {
$result=$db->query("SELECT * FROM {$tablepre}categorys WHERE cid='$cid'");
$cat=$db->fetch_array($result);
nmcptpl('category');
}else{
if(!$namenew || !$contentnew){nmsg('info_invalid','','back');exit;}
if($db->num_rows($db->query("SELECT cid FROM {$tablepre}categorys WHERE cid!='$cid' AND (name='$namenew' OR content='$contentnew')")) > 0){
nmsg('cat_name_invalid','','back');
}
$db->query("UPDATE {$tablepre}categorys set name='$namenew',content='$contentnew',keyword='$keywordnew',displayorder='$displayordernew' where cid='$cid'");
updatecache('categorys');
nmsg('operate_succeed',"?action=cat_manage");
}
break;
case 'cat_del':
if(!$confirmed) {
$result=$db->query("select * from {$tablepre}movies where cid='$cid'");
if($db->num_rows($result)>0){
nmsg('cat_movie_invalid',"","back");exit;
}
nmsg('operate_duplicate',"?action=cat_del&cid=$cid", 'form');
}else{
$db->query("DELETE FROM {$tablepre}categorys WHERE cid='$cid'");
updatecache('categorys');
nmsg('operate_succeed',"?action=cat_manage");
}
break;
case 'cat_order':
for($i = 0; $i < count($cids); $i++){
$db->query("UPDATE {$tablepre}categorys SET keyword='$keywords[$i]', displayorder='$displayorders[$i]' WHERE cid=$cids[$i]");
}
updatecache('categorys');
nmsg('operate_succeed', "?action=cat_manage");
break;
//***
case 'plugin_manage' :
if(!$submit){
$perpage='20';
$page=$page ? $page : 1;
$mpurl="?action=plugin_manage";
$offset=$page ? ($page-1)*$perpage : 0;
$query="SELECT count(*) AS num FROM {$tablepre}plugins";
$result=$db->query($query);
$r=$db->fetch_array($result);
$num=$r["num"];
$pages=phppage($num,$perpage,$page,$mpurl);
$result=$db->query("SELECT * FROM {$tablepre}plugins order by displayorder asc LIMIT $offset,$perpage");
while($plugin=$db->fetch_array($result)){
$plugins[]=$plugin;
}
nmcptpl('plugin');
}else{
if(!$namenew || !$contentnew){nmsg('info_invalid','','back');exit;}
if(in_array($content,array('mlist','moive'))){ nmsg('plugin_sysfile_invalid','','back');}
if($db->num_rows($db->query("SELECT pluginid FROM {$tablepre}plugins WHERE name='$namenew' OR content='$contentnew'")) > 0){
nmsg('plugin_name_invalid','','back');
}
$db->query("INSERT INTO {$tablepre}plugins(name,content,keyword,displayorder) VALUES('$namenew','$contentnew','$keywordnew','$displayordernew')");
updatecache('plugins');
nmsg('operate_succeed',"?action=plugin_manage");
}
break;
case 'plugin_mod' :
if(!$submit) {
$result=$db->query("SELECT * FROM {$tablepre}plugins WHERE pluginid='$pluginid'");
$plugin=$db->fetch_array($result);
nmcptpl('plugin');
}else{
if(!$namenew || !$contentnew){nmsg('info_invalid','','back');exit;}
if($db->num_rows($db->query("SELECT pluginid FROM {$tablepre}plugins WHERE pluginid!='$pluginid' AND (name='$namenew' OR content='$contentnew')")) > 0){
nmsg('plugin_name_invalid','','back');
}
$db->query("UPDATE {$tablepre}plugins set name='$namenew',content='$contentnew',keyword='$keywordnew',displayorder='$displayordernew' where pluginid='$pluginid'");
updatecache('plugins');
nmsg('operate_succeed',"?action=plugin_manage");
}
break;
case 'plugin_del':
$result=$db->query("select * from {$tablepre}plugins where pluginid='$pluginid'");
$plugin=$db->fetch_array($result);
if(!$confirmed) {
nmsg('operate_duplicate',"?action=plugin_del&pluginid=$pluginid", 'form');
}else{
$db->query("DELETE FROM {$tablepre}plugins WHERE pluginid='$pluginid'");
updatecache('categorys');
nmsg('operate_succeed',"?action=plugin_manage");
}
break;
case 'plugin_order':
for($i = 0; $i < count($pluginids); $i++){
$db->query("UPDATE {$tablepre}plugins SET keyword='$keywords[$i]', displayorder='$displayorders[$i]' WHERE pluginid=$pluginids[$i]");
}
updatecache('plugins');
nmsg('operate_succeed', "?action=plugin_manage");
break;
//***
case 'player_manage' :
if(!$submit){
$perpage='20';
$page=$page ? $page : 1;
$mpurl="?action=player_manage";
$offset=$page ? ($page-1)*$perpage : 0;
$query="SELECT count(*) AS num FROM {$tablepre}players";
$result=$db->query($query);
$r=$db->fetch_array($result);
$num=$r["num"];
$pages=phppage($num,$perpage,$page,$mpurl);
$result=$db->query("SELECT * FROM {$tablepre}players order by displayorder asc LIMIT $offset,$perpage");
while($player=$db->fetch_array($result)){
$players[]=$player;
}
nmcptpl('player');
}else{
if(!$namenew || !$identifiernew || !$contentnew){nmsg('info_invalid','','back');}
if($db->num_rows($db->query("SELECT playid FROM {$tablepre}players WHERE identifier='$identifiernew' OR content='$contentnew'")) > 0){
nmsg('player_name_invalid','','back');
}
$db->query("INSERT INTO {$tablepre}players(name,identifier,content,description,displayorder) VALUES('$namenew','$identifiernew','$contentnew','$descriptionnew','$displayordernew')");
updatecache('players');
nmsg('operate_succeed',"?action=player_manage");
}
break;
case 'player_mod' :
if(!$submit) {
$result=$db->query("SELECT * FROM {$tablepre}players WHERE playid='$playid'");
$player=$db->fetch_array($result);
nmcptpl('player');
}else{
if(!$namenew || !$identifiernew || !$contentnew){nmsg('info_invalid','','back');}
if($db->num_rows($db->query("SELECT playid FROM {$tablepre}players WHERE playid!='$playid' AND (identifier='$identifier' OR content='$content')")) > 0){
nmsg('player_name_invalid','','back');
}
$db->query("UPDATE {$tablepre}players set name='$namenew',identifier='$identifiernew',content='$contentnew',description='$descriptionnew',displayorder='$displayordernew' where playid='$playid'");
updatecache('players');
nmsg('operate_succeed',"?action=player_manage");
}
break;
case 'player_del':
if(!$confirmed) {
nmsg('operate_duplicate',"?action=player_del&playid=$playid", 'form');
}else{
$db->query("DELETE FROM {$tablepre}players WHERE identifier='$playid'");
updatecache('players');
nmsg('operate_succeed',"?action=player_manage");
}
break;
case 'player_order':
for($i = 0; $i < count($playids); $i++){
$db->query("UPDATE {$tablepre}players SET description='$descriptions[$i]', displayorder='$displayorders[$i]' WHERE playid=$playids[$i]");
}
updatecache('players');
nmsg('operate_succeed', "?action=player_manage");
break;
//***
case 'server_manage' :
if(!$submit){
$perpage='10';
$page=$page ? $page : 1;
$mpurl="?action=server_manage";
$offset=$page ? ($page-1)*$perpage : 0;
$query="SELECT count(*) AS num FROM {$tablepre}servers";
$result=$db->query($query);
$r=$db->fetch_array($result);
$num=$r["num"];
$pages=phppage($num,$perpage,$page,$mpurl);
$result=$db->query("SELECT * FROM {$tablepre}servers order by displayorder asc LIMIT $offset,$perpage");
while($server=$db->fetch_array($result)){
$servers[]=$server;
}
nmcptpl('server');
}else{
if(!$namenew || !$identifiernew){nmsg('info_invalid','','back');exit;}
if($db->num_rows($db->query("SELECT servid FROM {$tablepre}servers WHERE identifier='$identifiernew'")) > 0){
nmsg('server_name_invalid','','back');
}
$contentnew = trim($contentnew);
$db->query("INSERT INTO {$tablepre}servers(name,identifier,content,description,displayorder) VALUES('$namenew','$identifiernew','$contentnew','$descriptionnew','$displayordernew')");
updatecache('servers');
nmsg('operate_succeed',"?action=server_manage");
}
break;
case 'server_mod' :
if(!$submit) {
$result=$db->query("SELECT * FROM {$tablepre}servers WHERE servid='$servid'");
$server=$db->fetch_array($result);
nmcptpl('server');
}else{
if(!$namenew || !$identifiernew){nmsg('info_invalid','','back');}
if($db->num_rows($db->query("SELECT servid FROM {$tablepre}servers WHERE servid!='$servid' AND identifier='$identifiernew'")) > 0){
nmsg('server_name_invalid','','back');
}
$contentnew = trim($contentnew);
$db->query("UPDATE {$tablepre}servers set name='$namenew',identifier='$identifiernew',content='$contentnew',description='$descriptionnew',displayorder='$displayordernew' where servid='$servid'");
updatecache('servers');
nmsg('operate_succeed',"?action=server_manage");
}
break;
case 'server_del':
if(!$confirmed) {
nmsg('operate_duplicate',"?action=server_del&servid=$servid", 'form');
}else{
$db->query("DELETE FROM {$tablepre}servers WHERE identifier='$servid'");
updatecache('servers');
nmsg('operate_succeed',"?action=server_manage");
}
break;
case 'server_order':
for($i = 0; $i < count($servids); $i++){
$db->query("UPDATE {$tablepre}servers SET name='$names[$i]', description='$descriptions[$i]', content='$contents[$i]', displayorder='$displayorders[$i]' WHERE servid=$servids[$i]");
}
updatecache('servers');
nmsg('operate_succeed', "?action=server_manage");
break;
//***
case 'announce_manage' :
if(!$submit){
$perpage='10';
$page=$page ? $page : 1;
$mpurl="?action=announce_manage";
$offset=$page ? ($page-1)*$perpage : 0;
$query="SELECT count(*) AS num FROM {$tablepre}announces";
$result=$db->query($query);
$r=$db->fetch_array($result);
$num=$r["num"];
$pages=phppage($num,$perpage,$page,$mpurl);
$result=$db->query("SELECT * FROM {$tablepre}announces order by displayorder asc LIMIT $offset,$perpage");
while($announce=$db->fetch_array($result)){
$announces[]=$announce;
}
nmcptpl('announce');
}else{
if(!$name || !$content){ nmsg('info_invalid','','back'); }
$db->query("INSERT INTO {$tablepre}announces(name,content,displayorder) VALUES('$name','$content','$displayorder')");
updatecache('announces');
nmsg('operate_succeed','?action=announce_manage');
}
break;
case 'announce_mod' :
if(!$submit) {
$result=$db->query("SELECT * FROM {$tablepre}announces WHERE id='$id'");
$announce=$db->fetch_array($result);
nmcptpl('announce');
}else{
$db->query("UPDATE {$tablepre}announces set name='$name',content='$content',displayorder='$displayorder' where id='$id'");
updatecache('announces');
nmsg('operate_succeed',"?action=announce_manage");
}
break;
case 'announce_del':
if(!$confirmed) {
nmsg('operate_duplicate', "?action=announce_del&id=$id", 'form');
}else{
$db->query("DELETE FROM {$tablepre}announces WHERE id='$id'");
updatecache('announces');
nmsg('operate_succeed',"?action=announce_manage");
}
break;
case 'announce_order':
for($i = 0; $i < count($ids); $i++){
$db->query("UPDATE {$tablepre}announces SET displayorder='$displayorders[$i]' WHERE id=$ids[$i]");
}
updatecache('announces');
nmsg('operate_succeed', "?action=announce_manage");
break;
}
?>