www.gusucode.com > ShopEx481 & PHPWind 整合版码程序 > bbs/admin/hackcenter.php
<?php
!function_exists('adminmsg') && exit('Forbidden');
$basename="$admin_file?adminjob=hackcenter";
if (!$action) {
$installdb = $uninstalldb = array();
foreach ($db_hackdb as $key => $value) {
$value[0] = htmlspecialchars($value[0]);
${$value[1].'_'.$value[2]} = 'SELECTED';
$value[4] = EncodeUrl("$basename&action=delete&id=$value[1]");
$installdb[$key] = $value;
}
if ($fp = opendir(R_P.'hack')) {
$infodb = array();
while (($hackdir = readdir($fp))) {
if (strpos($hackdir,'.')===false && empty($db_hackdb[$hackdir])) {
$hackname = $hackdir;
$hackopen = 0;
if (function_exists('file_get_contents')) {
$filedata = @file_get_contents(R_P."hack/$hackdir/info.xml");
} else {
$filedata = readover(R_P."hack/$hackdir/info.xml");
}
if (preg_match('/\<hackname\>(.+?)\<\/hackname\>\s+\<ifopen\>(.+?)\<\/ifopen\>/is',$filedata,$infodb)) {
$infodb[1] && $hackname = Char_cv(str_replace(array("\n"),'',$infodb[1]));
$hackopen = (int)$infodb[2];
}
$hackurl = EncodeUrl("$basename&action=add&hackdir=$hackdir&hackname=".rawurlencode($hackname)."&hackopen=$hackopen");
$uninstalldb[] = array($hackname,$hackdir,$hackopen,$hackurl);
}
}
closedir($fp);
}
unset($db_hackdb);
include PrintEot('hackcenter');exit;
} elseif ($action=='edit') {
InitGP(array('hackname','hackopen'));
foreach ((array)$hackname as $key => $value) {
$value = str_replace(array("\t","\n","\r",' '),array(' ','<br />','',' '),$value);
if ($value && $db_hackdb[$key][1]==$key && ($db_hackdb[$key][0] != $value || $db_hackdb[$key][2] != (int)$hackopen[$key])) {
$db_hackdb[$key] = array(stripslashes($value),$key,(int)$hackopen[$key]);
}
}
$db_hackdb = addslashes(serialize($db_hackdb));
$rt = $db->get_one("SELECT db_name FROM pw_config WHERE db_name='db_hackdb'");
if (!empty($rt)) {
$db->update("UPDATE pw_config SET db_value='$db_hackdb' WHERE db_name='db_hackdb'");
} else {
$db->update("INSERT INTO pw_config(db_name,db_value) VALUES ('db_hackdb','$db_hackdb')");
}
updatecache_c();
adminmsg('operate_success');
} elseif($action=='delete'){
InitGP(array('id'));
empty($db_hackdb[$id]) && adminmsg('hackcenter_del');
unset($db_hackdb[$id]);
$sqlarray = file_exists(R_P."hack/$id/sql.txt") ? FileArray($id) : array();
!empty($sqlarray) && SQLDrop($sqlarray);
$db_hackdb = addslashes(serialize($db_hackdb));
$rt = $db->get_one("SELECT db_name FROM pw_config WHERE db_name='db_hackdb'");
if (!empty($rt)) {
$db->update("UPDATE pw_config SET db_value='$db_hackdb' WHERE db_name='db_hackdb'");
} else {
$db->update("INSERT INTO pw_config(db_name,db_value) VALUES ('db_hackdb','$db_hackdb')");
}
updatecache_c();
adminmsg('operate_success');
} elseif ($action=='add') {
InitGP(array('hackdir','hackname','hackopen'),'G',1);
!empty($db_hackdb[$hackdir]) && adminmsg('hackcenter_sign_exists');
$sqlarray = file_exists(R_P."hack/$hackdir/sql.txt") ? FileArray($hackdir) : array();
!empty($sqlarray) && SQLCreate($sqlarray);
$db_hackdb[$hackdir] = array($hackname,$hackdir,$hackopen);
$db_hackdb = addslashes(serialize($db_hackdb));
$rt = $db->get_one("SELECT db_name FROM pw_config WHERE db_name='db_hackdb'");
if (!empty($rt)) {
$db->update("UPDATE pw_config SET db_value='$db_hackdb' WHERE db_name='db_hackdb'");
} else {
$db->update("INSERT INTO pw_config(db_name,db_value) VALUES ('db_hackdb','$db_hackdb')");
}
updatecache_c();
adminmsg('operate_success');
}
function SQLCreate($sqlarray) {
global $db,$charset;
$query = '';
foreach ($sqlarray as $value) {
if ($value[0]!='#') {
$query .= $value;
if (substr($value,-1)==';' && !in_array(strtolower(substr($query,0,5)),array('drop ','delet','updat'))) {
$lowquery = strtolower(substr($query,0,5));
if (in_array($lowquery,array('creat','alter','inser','repla'))) {
$next = CheckDrop($query);
if ($lowquery == 'creat') {
if (!$next) continue;
strpos($query,'IF NOT EXISTS')===false && $query = str_replace('TABLE','TABLE IF NOT EXISTS',$query);
$extra1 = trim(substr(strrchr($value,')'),1));
$tabtype = substr(strchr($extra1,'='),1);
$tabtype = substr($tabtype,0,strpos($tabtype,strpos($tabtype,' ') ? ' ' : ';'));
if ($db->server_info() >= '4.1') {
$extra2 = "ENGINE=$tabtype".($charset ? " DEFAULT CHARSET=$charset" : '');
} else {
$extra2 = "TYPE=$tabtype";
}
$query = str_replace($extra1,$extra2.';',$query);
} elseif (in_array($lowquery,array('inser','repla'))) {
if (!$next) continue;
$lowquery == 'inser' && $query = 'REPLACE '.substr($query,6);
} elseif ($lowquery == 'alter' && !$next && strpos(strtolower($query),'drop')!==false) {
continue;
}
$db->query($query);
$query = '';
}
}
}
}
}
function SQLDrop($sqlarray) {
global $db;
foreach ($sqlarray as $query) {
$lowquery = strtolower(substr($query,0,6));
$next = CheckDrop($query);
if ($next && $lowquery == 'create') {
$t_name = trim(substr($query,0,strpos($query,'(')));
$t_name = substr($t_name,strrpos($t_name,' ')+1);
$db->query("DROP TABLE IF EXISTS $t_name");
}
}
}
function FileArray($hackdir){
if (function_exists('file_get_contents')) {
$filedata = @file_get_contents(Pcv(R_P."hack/$hackdir/sql.txt"));
} else {
$filedata = readover(R_P."hack/$hackdir/sql.txt");
}
$filedata = trim(str_replace(array("\t","\r","\n\n",';'),array('','','',";\n"),$filedata));
$sqlarray = $filedata ? explode("\n",$filedata) : array();
return $sqlarray;
}
function CheckDrop($query){
global $db;
require_once(R_P.'admin/table.php');
list($pwdb) = N_getTabledb();
$next = true;
foreach ($pwdb as $value) {
if (strpos(strtolower($query),strtolower($value))!==false) {
$next = false;
break;
}
}
return $next;
}
?>