www.gusucode.com > 4004网博士成品网站管理系统 PHP网站源码程序 > 4004/4004/photo_backup_1242003953/admin/post.php
<?php
define("ROOTPATH", "../../");
include(ROOTPATH."includes/admin.inc.php");
include("language/".$sLan.".php");
include("func/upload.inc.php");
NeedAuth(152);
$act=$_POST["act"];
switch($act){
//?????????
case "proplist" :
$catid=$_POST["catid"];
$nowid=$_POST["nowid"];
if($nowid!="" && $nowid!="0"){
$msql->query("select * from {P}_photo_con where id='$nowid'");
if($msql->next_record()){
$prop1=$msql->f('prop1');
$prop2=$msql->f('prop2');
$prop3=$msql->f('prop3');
$prop4=$msql->f('prop4');
$prop5=$msql->f('prop5');
$prop6=$msql->f('prop6');
$prop7=$msql->f('prop7');
$prop8=$msql->f('prop8');
$prop9=$msql->f('prop9');
$prop10=$msql->f('prop10');
$prop11=$msql->f('prop11');
$prop12=$msql->f('prop12');
$prop13=$msql->f('prop13');
$prop14=$msql->f('prop14');
$prop15=$msql->f('prop15');
$prop16=$msql->f('prop16');
}
}
$str="<table width='100%' border='0' align='center' cellpadding='2' cellspacing='0' >";
$i=1;
$msql->query("select * from {P}_photo_prop where catid='$catid' order by xuhao");
while($msql->next_record()){
$propname=$msql->f('propname');
$pn="prop".$i;
$str.="<tr>";
$str.="<td width='100' height='30' align='center' >".$propname."</td>";
$str.="<td height='30' >";
$str.="<input type='text' name='".$pn."' value='".$$pn."' class='input' style='width:499px;' />";
$str.="</td>";
$str.="</tr>";
$i++;
}
$str.="</table>";
echo $str;
exit;
break;
//??????????
case "addpage" :
$nowid=$_POST["nowid"];
$xuhao=0;
if($nowid!="" && $nowid!="0"){
$msql->query("select max(xuhao) from {P}_photo_pages where photoid='$nowid'");
if($msql->next_record()){
$xuhao=$msql->f('max(xuhao)');
}
$xuhao=$xuhao+1;
$msql->query("insert into {P}_photo_pages set photoid='$nowid',xuhao='$xuhao' ");
}
echo "OK";
exit;
break;
//?????????
case "photopageslist" :
$nowid=$_POST["nowid"];
$pageinit=$_POST["pageinit"];
$str="<ul>";
$str.="<li id='p_0' class='pages'>1</li>";
$i=2;
$id=0;
$msql->query("select id from {P}_photo_pages where photoid='$nowid' order by xuhao");
while($msql->next_record()){
$id=$msql->f('id');
$str.="<li id='p_".$id."' class='pages'>".$i."</li>";
$i++;
}
//?ж???????
if($pageinit!="new"){
$id=$pageinit;
}
$str.="<li id='addpage' class='addbutton'>".$strPhotoPagesAdd."</li>";
if($pageinit!="0"){
$str.="<li id='pagedelete' class='addbutton'>".$strPhotoPagesDel."</li>";
$str.="<li id='backtomodi' class='addbutton'>".$strBack."</li>";
}
$str.="</ul><input id='photopagesid' name='photopagesid' type='hidden' value='".$id."'>";
echo $str;
exit;
break;
//??????
case "getcontent" :
$nowid=$_POST["nowid"];
$photopageid=$_POST["photopageid"];
if($photopageid=="-1"){
$src="";
}elseif($photopageid=="0"){
$msql->query("select src from {P}_photo_con where id='$nowid'");
if($msql->next_record()){
$src=$msql->f('src');
}
}else{
$msql->query("select src from {P}_photo_pages where id='$photopageid'");
if($msql->next_record()){
$src=$msql->f('src');
}else{
$src="";
}
}
echo $src;
exit;
break;
//?????
case "photomodify" :
$id=$_POST["id"];
$pid=$_POST["pid"];
$catid=$_POST["catid"];
$page=$_POST["page"];
$title=htmlspecialchars($_POST["title"]);
$author=htmlspecialchars($_POST["author"]);
$source=htmlspecialchars($_POST["source"]);
$memo=htmlspecialchars($_POST["memo"]);
$oldcatid=$_POST["oldcatid"];
$oldcatpath=$_POST["oldcatpath"];
$prop1=htmlspecialchars($_POST["prop1"]);
$prop2=htmlspecialchars($_POST["prop2"]);
$prop3=htmlspecialchars($_POST["prop3"]);
$prop4=htmlspecialchars($_POST["prop4"]);
$prop5=htmlspecialchars($_POST["prop5"]);
$prop6=htmlspecialchars($_POST["prop6"]);
$prop7=htmlspecialchars($_POST["prop7"]);
$prop8=htmlspecialchars($_POST["prop8"]);
$prop9=htmlspecialchars($_POST["prop9"]);
$prop10=htmlspecialchars($_POST["prop10"]);
$prop11=htmlspecialchars($_POST["prop11"]);
$prop12=htmlspecialchars($_POST["prop12"]);
$prop13=htmlspecialchars($_POST["prop13"]);
$prop14=htmlspecialchars($_POST["prop14"]);
$prop15=htmlspecialchars($_POST["prop15"]);
$prop16=htmlspecialchars($_POST["prop16"]);
$prop17=htmlspecialchars($_POST["prop17"]);
$prop18=htmlspecialchars($_POST["prop18"]);
$prop19=htmlspecialchars($_POST["prop19"]);
$prop20=htmlspecialchars($_POST["prop20"]);
$tags=$_POST["tags"];
$spe_selec=$_POST["spe_selec"];
$pic=$_FILES["jpg"];
//jform????iframe??????????????????????????
if($pic["size"]>0){
$Meta="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>";
}
//У?鴦??
if($title==""){
echo $Meta.$strPhotoNotice6;
exit;
}
if(strlen($title)>200){
echo $Meta.$strPhotoNotice7;
exit;
}
if(strlen($memo)>65000){
echo $Meta.$strPhotoNotice5;
exit;
}
$uptime=time();
//???????????
$msql->query("select catpath from {P}_photo_cat where catid='$catid'");
if($msql->next_record()){
$catpath=$msql->f('catpath');
}
//??????????
$count_pro = count ($spe_selec);
for ($i = 0; $i < $count_pro; $i ++) {
$projid = $spe_selec[$i];
$projpath .= $projid.":";
}
//??????
if($pic["size"]>0){
$nowdate=date("Ymd",time());
$picpath="../pics/".$nowdate;
@mkdir($picpath,0777);
$uppath="photo/pics/".$nowdate;
$arr=NewUploadImage($pic["tmp_name"],$pic["type"],$pic["size"],$uppath);
if($arr[0]!="err"){
$src=$arr[3];
}else{
echo $Meta.$arr[1];
exit;
}
$msql->query("select src from {P}_photo_con where id='$id'");
if($msql->next_record()){
$oldsrc=$msql->f('src');
}
if(file_exists(ROOTPATH.$oldsrc) && $oldsrc!="" && !strstr($oldsrc,"../")){
unlink(ROOTPATH.$oldsrc);
}
$msql->query("update {P}_photo_con set src='$src' where id='$id'");
}
//???????
for($t=0;$t<sizeof($tags);$t++){
if($tags[$t]!=""){
$tagstr.=$tags[$t].",";
}
}
//????????
$msql->query("update {P}_photo_con set
title='$title',
memo='$memo',
catid='$catid',
catpath='$catpath',
uptime='$uptime',
author='$author',
source='$source',
proj='$projpath',
tags='$tagstr',
prop1='$prop1',
prop2='$prop2',
prop3='$prop3',
prop4='$prop4',
prop5='$prop5',
prop6='$prop6',
prop7='$prop7',
prop8='$prop8',
prop9='$prop9',
prop10='$prop10',
prop11='$prop11',
prop12='$prop12',
prop13='$prop13',
prop14='$prop14',
prop15='$prop15',
prop16='$prop16',
prop17='$prop17',
prop18='$prop18',
prop19='$prop19',
prop20='$prop20'
where id='$id'
");
echo "OK";
exit;
break;
//??????
case "contentmodify" :
$photopagesid=$_POST["photopagesid"];
$pic=$_FILES["jpg"];
$Meta="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>";
//У?鴦??
if($pic["size"]<=0){
echo $Meta.$strPhotoNotice3;
exit;
}
//??????
if($pic["size"]>0){
$nowdate=date("Ymd",time());
$picpath="../pics/".$nowdate;
@mkdir($picpath,0777);
$uppath="photo/pics/".$nowdate;
$arr=NewUploadImage($pic["tmp_name"],$pic["type"],$pic["size"],$uppath);
if($arr[0]!="err"){
$src=$arr[3];
}else{
echo $Meta.$arr[1];
exit;
}
$msql->query("select src from {P}_photo_pages where id='$photopagesid'");
if($msql->next_record()){
$oldsrc=$msql->f('src');
}
if(file_exists(ROOTPATH.$oldsrc) && $oldsrc!="" && !strstr($oldsrc,"../")){
unlink(ROOTPATH.$oldsrc);
}
$msql->query("update {P}_photo_pages set src='$src' where id='$photopagesid'");
}
echo "OK";
exit;
break;
//??????
case "photoadd" :
$catid=$_POST["catid"];
$title=htmlspecialchars($_POST["title"]);
$author=htmlspecialchars($_POST["author"]);
$source=htmlspecialchars($_POST["source"]);
$memo=htmlspecialchars($_POST["memo"]);
$prop1=htmlspecialchars($_POST["prop1"]);
$prop2=htmlspecialchars($_POST["prop2"]);
$prop3=htmlspecialchars($_POST["prop3"]);
$prop4=htmlspecialchars($_POST["prop4"]);
$prop5=htmlspecialchars($_POST["prop5"]);
$prop6=htmlspecialchars($_POST["prop6"]);
$prop7=htmlspecialchars($_POST["prop7"]);
$prop8=htmlspecialchars($_POST["prop8"]);
$prop9=htmlspecialchars($_POST["prop9"]);
$prop10=htmlspecialchars($_POST["prop10"]);
$prop11=htmlspecialchars($_POST["prop11"]);
$prop12=htmlspecialchars($_POST["prop12"]);
$prop13=htmlspecialchars($_POST["prop13"]);
$prop14=htmlspecialchars($_POST["prop14"]);
$prop15=htmlspecialchars($_POST["prop15"]);
$prop16=htmlspecialchars($_POST["prop16"]);
$prop17=htmlspecialchars($_POST["prop17"]);
$prop18=htmlspecialchars($_POST["prop18"]);
$prop19=htmlspecialchars($_POST["prop19"]);
$prop20=htmlspecialchars($_POST["prop20"]);
$tags=$_POST["tags"];
$pic=$_FILES["jpg"];
$spe_selec=$_POST["spe_selec"];
//jform????iframe??????????????????????????
$Meta="<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>";
//У?鴦??
if($pic["size"]<=0){
echo $Meta.$strPhotoNotice3;
exit;
}
if($title==""){
echo $Meta.$strPhotoNotice6;
exit;
}
if(strlen($title)>200){
echo $Meta.$strPhotoNotice7;
exit;
}
if(strlen($memo)>65000){
echo $Meta.$strPhotoNotice5;
exit;
}
$uptime=time();
$dtime=time();
$msql->query("select catpath from {P}_photo_cat where catid='$catid'");
if($msql->next_record()){
$catpath=$msql->f('catpath');
}
//?????
if($pic["size"]>0){
$nowdate=date("Ymd",time());
$picpath="../pics/".$nowdate;
@mkdir($picpath,0777);
$uppath="photo/pics/".$nowdate;
$arr=NewUploadImage($pic["tmp_name"],$pic["type"],$pic["size"],$uppath);
if($arr[0]!="err"){
$src=$arr[3];
}else{
echo $Meta.$arr[1];
exit;
}
}
//??????
$count_pro = count ($spe_selec);
for ($i = 0; $i < $count_pro; $i ++) {
$projid = $spe_selec[$i];
$projpath .= $projid.":";
}
//???????
for($t=0;$t<sizeof($tags);$t++){
if($tags[$t]!=""){
$tagstr.=$tags[$t].",";
}
}
//???
$msql->query("insert into {P}_photo_con set
catid='$catid',
catpath='$catpath',
title='$title',
body='$body',
dtime='$dtime',
xuhao='0',
cl='0',
tj='0',
iffb='1',
ifbold='0',
ifred='0',
type='gif',
src='$src',
uptime='$dtime',
author='$author',
source='$source',
memberid='0',
proj='$projpath',
tags='$tagstr',
secure='0',
memo='$memo',
prop1='$prop1',
prop2='$prop2',
prop3='$prop3',
prop4='$prop4',
prop5='$prop5',
prop6='$prop6',
prop7='$prop7',
prop8='$prop8',
prop9='$prop9',
prop10='$prop10',
prop11='$prop11',
prop12='$prop12',
prop13='$prop13',
prop14='$prop14',
prop15='$prop15',
prop16='$prop16',
prop17='$prop17',
prop18='$prop18',
prop19='$prop19',
prop20='$prop20'
");
echo "OK";
exit;
break;
//?????????
case "pagedelete" :
$delpagesid=$_POST["delpagesid"];
$nowid=$_POST["nowid"];
$i=0;
$msql->query("select id from {P}_photo_pages where photoid='$nowid' order by xuhao");
while($msql->next_record()){
$id[$i]=$msql->f('id');
if($id[$i]==$delpagesid){
if($i==0){
$lastid=0;
}else{
$lastid=$id[$i-1];
}
}
$i++;
}
if($lastid==0 && $i>1){
$lastid=$id[1];
}
//?????
$msql->query("select src from {P}_photo_pages where id='$delpagesid'");
if($msql->next_record()){
$oldsrc=$msql->f('src');
if(file_exists(ROOTPATH.$oldsrc) && $oldsrc!="" && !strstr($oldsrc,"../")){
unlink(ROOTPATH.$oldsrc);
}
}
//????????
$msql->query("delete from {P}_photo_pages where id='$delpagesid'");
echo $lastid;
exit;
break;
//???????
case "addproj" :
$project=htmlspecialchars($_POST["project"]);
$folder=htmlspecialchars($_POST["folder"]);
//У??
if($project==""){
echo $strProjNTC1;
exit;
}
if(strlen($folder)<2 || strlen($folder)>16){
echo $strProjNTC2;
exit;
}
if (!eregi("^[0-9a-z]{1,16}$",$folder)) {
echo $strProjNTC3;
exit;
}
if(strstr($folder,"/") || strstr($folder,".")){
echo $strProjNTC3;
exit;
}
//???????????????????????????
$arr = array('main','html','class','detail','query','index','admin','photogl','photofabu','photomodify','photocat','pics');
if (in_array($folder, $arr)==true) {
echo $strProjNTC4;
exit;
}
if(file_exists("../project/".$folder)){
echo $strProjNTC4;
exit;
}
$msql->query("select id from {P}_photo_proj where folder='$folder'");
if($msql->next_record()){
echo $strProjNTC4;
exit;
}
$pagename="proj_".$folder;
//???????????
@mkdir("../project/".$folder,0777);
$fd=fopen("../project/temp.php","r");
$str=fread($fd,"2000");
$str=str_replace("TEMP",$pagename,$str);
fclose($fd);
$filename="../project/".$folder."/index.php";
$fp=fopen($filename,"w");
fwrite($fp,$str);
fclose($fp);
@chmod($filename,0755);
//???
$msql->query("insert into {P}_photo_proj set
`project`='$project',
`folder`='$folder'
");
//????????
$msql->query("insert into {P}_base_pageset set
`name`='$project',
`coltype`='photo',
`pagename`='$pagename',
`pagetitle`='$project',
`buildhtml`='index'
");
echo "OK";
exit;
break;
//???????????
case "addzl" :
$catid=htmlspecialchars($_POST["catid"]);
if($catid==""){
echo $strZlNTC1;
exit;
}
$msql->query("select cat from {P}_photo_cat where catid='$catid'");
if($msql->next_record()){
$cat=$msql->f('cat');
$cat=str_replace("'","",$cat);
}else{
echo $strZlNTC2;
exit;
}
//???????????
$pagename="class_".$catid;
//???????????
@mkdir("../class/".$catid,0777);
$fd=fopen("../class/temp.php","r");
$str=fread($fd,"2000");
$str=str_replace("TEMP",$pagename,$str);
fclose($fd);
$filename="../class/".$catid."/index.php";
$fp=fopen($filename,"w");
fwrite($fp,$str);
fclose($fp);
@chmod($filename,0755);
//????
$msql->query("update {P}_photo_cat set `ifchannel`='1' where catid='$catid'");
//????????
$msql->query("select id from {P}_base_pageset where coltype='photo' and pagename='$pagename'");
if($msql->next_record()){
}else{
$fsql->query("insert into {P}_base_pageset set
`name`='$cat',
`coltype`='photo',
`pagename`='$pagename',
`pagetitle`='$cat',
`buildhtml`='index'
");
}
echo "OK";
exit;
break;
//??????????
case "delzl" :
$catid=htmlspecialchars($_POST["catid"]);
if($catid==""){
echo $strZlNTC1;
exit;
}
$msql->query("select catid from {P}_photo_cat where catid='$catid'");
if($msql->next_record()){
}else{
echo $strZlNTC2;
exit;
}
//????????
$pagename="class_".$catid;
$msql->query("delete from {P}_base_pageset where coltype='photo' and pagename='$pagename'");
//?????????
$msql->query("delete from {P}_base_plus where plustype='photo' and pluslocat='$pagename'");
//???·?????
$msql->query("update {P}_photo_cat set `ifchannel`='0' where catid='$catid'");
//??????????
if($catid!="" && strlen($catid)>=1 && !strstr($catid,".") && !strstr($catid,"/")){
DelFold("../class/".$catid);
}
echo "OK";
exit;
break;
}
?>