www.gusucode.com > 电子科技公司网站(英文)网站源码程序 > 电子科技公司网站(英文)网站源码程序/photo/admin/post.php
<?php
/**********************/
/* */
/* Version : 5.1.0 */
/* Author : RM */
/* Comment : ymjd.cn */
/* */
/**********************/
define( "ROOTPATH", "../../" );
include( ROOTPATH."includes/admin.inc.php" );
include( "language/".$sLan.".php" );
include( "func/upload.inc.php" );
needauth( 152 );
$act = $_POST['act'];
switch ( $act )
{
case "proplist" :
$catid = $_POST['catid'];
$nowid = $_POST['nowid'];
if ( $nowid != "" && $nowid != "0" )
{
$msql->query( "select * from {P}_photo_con where id='{$nowid}'" );
if ( $msql->next_record( ) )
{
$prop1 = $msql->f( "prop1" );
$prop2 = $msql->f( "prop2" );
$prop3 = $msql->f( "prop3" );
$prop4 = $msql->f( "prop4" );
$prop5 = $msql->f( "prop5" );
$prop6 = $msql->f( "prop6" );
$prop7 = $msql->f( "prop7" );
$prop8 = $msql->f( "prop8" );
$prop9 = $msql->f( "prop9" );
$prop10 = $msql->f( "prop10" );
$prop11 = $msql->f( "prop11" );
$prop12 = $msql->f( "prop12" );
$prop13 = $msql->f( "prop13" );
$prop14 = $msql->f( "prop14" );
$prop15 = $msql->f( "prop15" );
$prop16 = $msql->f( "prop16" );
}
}
$str = "<table width='100%' border='0' align='center' cellpadding='2' cellspacing='0' >";
$i = 1;
$msql->query( "select * from {P}_photo_prop where catid='{$catid}' order by xuhao" );
while ( $msql->next_record( ) )
{
$propname = $msql->f( "propname" );
$pn = "prop".$i;
$str .= "<tr>";
$str .= "<td width='100' height='30' align='center' >".$propname."</td>";
$str .= "<td height='30' >";
$str .= "<input type='text' name='".$pn."' value='".$$pn."' class='input' style='width:499px;' />";
$str .= "</td>";
$str .= "</tr>";
$i++;
}
$str .= "</table>";
echo $str;
exit( );
break;
case "addpage" :
$nowid = $_POST['nowid'];
$xuhao = 0;
if ( $nowid != "" && $nowid != "0" )
{
$msql->query( "select max(xuhao) from {P}_photo_pages where photoid='{$nowid}'" );
if ( $msql->next_record( ) )
{
$xuhao = $msql->f( "max(xuhao)" );
}
$xuhao = $xuhao + 1;
$msql->query( "insert into {P}_photo_pages set photoid='{$nowid}',xuhao='{$xuhao}' " );
}
echo "OK";
exit( );
break;
case "photopageslist" :
$nowid = $_POST['nowid'];
$pageinit = $_POST['pageinit'];
$str = "<ul>";
$str .= "<li id='p_0' class='pages'>1</li>";
$i = 2;
$id = 0;
$msql->query( "select id from {P}_photo_pages where photoid='{$nowid}' order by xuhao" );
while ( $msql->next_record( ) )
{
$id = $msql->f( "id" );
$str .= "<li id='p_".$id."' class='pages'>".$i."</li>";
$i++;
}
if ( $pageinit != "new" )
{
$id = $pageinit;
}
$str .= "<li id='addpage' class='addbutton'>".$strPhotoPagesAdd."</li>";
if ( $pageinit != "0" )
{
$str .= "<li id='pagedelete' class='addbutton'>".$strPhotoPagesDel."</li>";
$str .= "<li id='backtomodi' class='addbutton'>".$strBack."</li>";
}
$str .= "</ul><input id='photopagesid' name='photopagesid' type='hidden' value='".$id."'>";
echo $str;
exit( );
break;
case "getcontent" :
$nowid = $_POST['nowid'];
$photopageid = $_POST['photopageid'];
if ( $photopageid == "-1" )
{
$src = "";
}
else if ( $photopageid == "0" )
{
$msql->query( "select src from {P}_photo_con where id='{$nowid}'" );
if ( $msql->next_record( ) )
{
$src = $msql->f( "src" );
}
}
else
{
$msql->query( "select src from {P}_photo_pages where id='{$photopageid}'" );
if ( $msql->next_record( ) )
{
$src = $msql->f( "src" );
}
else
{
$src = "";
}
}
echo $src;
exit( );
break;
case "photomodify" :
$id = $_POST['id'];
$pid = $_POST['pid'];
$catid = $_POST['catid'];
$page = $_POST['page'];
$title = htmlspecialchars( $_POST['title'] );
$author = htmlspecialchars( $_POST['author'] );
$source = htmlspecialchars( $_POST['source'] );
$memo = htmlspecialchars( $_POST['memo'] );
$oldcatid = $_POST['oldcatid'];
$oldcatpath = $_POST['oldcatpath'];
$prop1 = htmlspecialchars( $_POST['prop1'] );
$prop2 = htmlspecialchars( $_POST['prop2'] );
$prop3 = htmlspecialchars( $_POST['prop3'] );
$prop4 = htmlspecialchars( $_POST['prop4'] );
$prop5 = htmlspecialchars( $_POST['prop5'] );
$prop6 = htmlspecialchars( $_POST['prop6'] );
$prop7 = htmlspecialchars( $_POST['prop7'] );
$prop8 = htmlspecialchars( $_POST['prop8'] );
$prop9 = htmlspecialchars( $_POST['prop9'] );
$prop10 = htmlspecialchars( $_POST['prop10'] );
$prop11 = htmlspecialchars( $_POST['prop11'] );
$prop12 = htmlspecialchars( $_POST['prop12'] );
$prop13 = htmlspecialchars( $_POST['prop13'] );
$prop14 = htmlspecialchars( $_POST['prop14'] );
$prop15 = htmlspecialchars( $_POST['prop15'] );
$prop16 = htmlspecialchars( $_POST['prop16'] );
$prop17 = htmlspecialchars( $_POST['prop17'] );
$prop18 = htmlspecialchars( $_POST['prop18'] );
$prop19 = htmlspecialchars( $_POST['prop19'] );
$prop20 = htmlspecialchars( $_POST['prop20'] );
$tags = $_POST['tags'];
$spe_selec = $_POST['spe_selec'];
$pic = $_FILES['jpg'];
if ( 0 < $pic['size'] )
{
$Meta = "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>";
}
if ( $title == "" )
{
echo $Meta.$strPhotoNotice6;
exit( );
}
if ( 200 < strlen( $title ) )
{
echo $Meta.$strPhotoNotice7;
exit( );
}
if ( 65000 < strlen( $memo ) )
{
echo $Meta.$strPhotoNotice5;
exit( );
}
$uptime = time( );
$msql->query( "select catpath from {P}_photo_cat where catid='{$catid}'" );
if ( $msql->next_record( ) )
{
$catpath = $msql->f( "catpath" );
}
$count_pro = count( $spe_selec );
for ( $i = 0; $i < $count_pro; $i++ )
{
$projid = $spe_selec[$i];
$projpath .= $projid.":";
}
if ( 0 < $pic['size'] )
{
$nowdate = date( "Ymd", time( ) );
$picpath = "../pics/".$nowdate;
@mkdir( $picpath, 511 );
$uppath = "photo/pics/".$nowdate;
$arr = newuploadimage( $pic['tmp_name'], $pic['type'], $pic['size'], $uppath );
if ( $arr[0] != "err" )
{
$src = $arr[3];
}
else
{
echo $Meta.$arr[1];
exit( );
}
$msql->query( "select src from {P}_photo_con where id='{$id}'" );
if ( $msql->next_record( ) )
{
$oldsrc = $msql->f( "src" );
}
if ( file_exists( ROOTPATH.$oldsrc ) && $oldsrc != "" && !strstr( $oldsrc, "../" ) )
{
unlink( ROOTPATH.$oldsrc );
}
$msql->query( "update {P}_photo_con set src='{$src}' where id='{$id}'" );
}
for ( $t = 0; $t < sizeof( $tags ); $t++ )
{
if ( $tags[$t] != "" )
{
$tagstr .= $tags[$t].",";
}
}
$msql->query( "update {P}_photo_con set \r\n\t\t\ttitle='{$title}',\r\n\t\t\tmemo='{$memo}',\r\n\t\t\tcatid='{$catid}',\r\n\t\t\tcatpath='{$catpath}',\r\n\t\t\tuptime='{$uptime}',\r\n\t\t\tauthor='{$author}',\r\n\t\t\tsource='{$source}',\r\n\t\t\tproj='{$projpath}',\r\n\t\t\ttags='{$tagstr}',\r\n\t\t\tprop1='{$prop1}',\r\n\t\t\tprop2='{$prop2}',\r\n\t\t\tprop3='{$prop3}',\r\n\t\t\tprop4='{$prop4}',\r\n\t\t\tprop5='{$prop5}',\r\n\t\t\tprop6='{$prop6}',\r\n\t\t\tprop7='{$prop7}',\r\n\t\t\tprop8='{$prop8}',\r\n\t\t\tprop9='{$prop9}',\r\n\t\t\tprop10='{$prop10}',\r\n\t\t\tprop11='{$prop11}',\r\n\t\t\tprop12='{$prop12}',\r\n\t\t\tprop13='{$prop13}',\r\n\t\t\tprop14='{$prop14}',\r\n\t\t\tprop15='{$prop15}',\r\n\t\t\tprop16='{$prop16}',\r\n\t\t\tprop17='{$prop17}',\r\n\t\t\tprop18='{$prop18}',\r\n\t\t\tprop19='{$prop19}',\r\n\t\t\tprop20='{$prop20}'\r\n\t\t\twhere id='{$id}'\r\n\t\t" );
echo "OK";
exit( );
break;
case "contentmodify" :
$photopagesid = $_POST['photopagesid'];
$pic = $_FILES['jpg'];
$Meta = "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>";
if ( $pic['size'] <= 0 )
{
echo $Meta.$strPhotoNotice3;
exit( );
}
if ( 0 < $pic['size'] )
{
$nowdate = date( "Ymd", time( ) );
$picpath = "../pics/".$nowdate;
@mkdir( $picpath, 511 );
$uppath = "photo/pics/".$nowdate;
$arr = newuploadimage( $pic['tmp_name'], $pic['type'], $pic['size'], $uppath );
if ( $arr[0] != "err" )
{
$src = $arr[3];
}
else
{
echo $Meta.$arr[1];
exit( );
}
$msql->query( "select src from {P}_photo_pages where id='{$photopagesid}'" );
if ( $msql->next_record( ) )
{
$oldsrc = $msql->f( "src" );
}
if ( file_exists( ROOTPATH.$oldsrc ) && $oldsrc != "" && !strstr( $oldsrc, "../" ) )
{
unlink( ROOTPATH.$oldsrc );
}
$msql->query( "update {P}_photo_pages set src='{$src}' where id='{$photopagesid}'" );
}
echo "OK";
exit( );
break;
case "photoadd" :
$catid = $_POST['catid'];
$title = htmlspecialchars( $_POST['title'] );
$author = htmlspecialchars( $_POST['author'] );
$source = htmlspecialchars( $_POST['source'] );
$memo = htmlspecialchars( $_POST['memo'] );
$prop1 = htmlspecialchars( $_POST['prop1'] );
$prop2 = htmlspecialchars( $_POST['prop2'] );
$prop3 = htmlspecialchars( $_POST['prop3'] );
$prop4 = htmlspecialchars( $_POST['prop4'] );
$prop5 = htmlspecialchars( $_POST['prop5'] );
$prop6 = htmlspecialchars( $_POST['prop6'] );
$prop7 = htmlspecialchars( $_POST['prop7'] );
$prop8 = htmlspecialchars( $_POST['prop8'] );
$prop9 = htmlspecialchars( $_POST['prop9'] );
$prop10 = htmlspecialchars( $_POST['prop10'] );
$prop11 = htmlspecialchars( $_POST['prop11'] );
$prop12 = htmlspecialchars( $_POST['prop12'] );
$prop13 = htmlspecialchars( $_POST['prop13'] );
$prop14 = htmlspecialchars( $_POST['prop14'] );
$prop15 = htmlspecialchars( $_POST['prop15'] );
$prop16 = htmlspecialchars( $_POST['prop16'] );
$prop17 = htmlspecialchars( $_POST['prop17'] );
$prop18 = htmlspecialchars( $_POST['prop18'] );
$prop19 = htmlspecialchars( $_POST['prop19'] );
$prop20 = htmlspecialchars( $_POST['prop20'] );
$tags = $_POST['tags'];
$pic = $_FILES['jpg'];
$spe_selec = $_POST['spe_selec'];
trylimit( "_photo_con", 30, "id" );
$Meta = "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>";
if ( $pic['size'] <= 0 )
{
echo $Meta.$strPhotoNotice3;
exit( );
}
if ( $title == "" )
{
echo $Meta.$strPhotoNotice6;
exit( );
}
if ( 200 < strlen( $title ) )
{
echo $Meta.$strPhotoNotice7;
exit( );
}
if ( 65000 < strlen( $memo ) )
{
echo $Meta.$strPhotoNotice5;
exit( );
}
$uptime = time( );
$dtime = time( );
$msql->query( "select catpath from {P}_photo_cat where catid='{$catid}'" );
if ( $msql->next_record( ) )
{
$catpath = $msql->f( "catpath" );
}
if ( 0 < $pic['size'] )
{
$nowdate = date( "Ymd", time( ) );
$picpath = "../pics/".$nowdate;
@mkdir( $picpath, 511 );
$uppath = "photo/pics/".$nowdate;
$arr = newuploadimage( $pic['tmp_name'], $pic['type'], $pic['size'], $uppath );
if ( $arr[0] != "err" )
{
$src = $arr[3];
}
else
{
echo $Meta.$arr[1];
exit( );
}
}
$count_pro = count( $spe_selec );
for ( $i = 0; $i < $count_pro; $i++ )
{
$projid = $spe_selec[$i];
$projpath .= $projid.":";
}
for ( $t = 0; $t < sizeof( $tags ); $t++ )
{
if ( $tags[$t] != "" )
{
$tagstr .= $tags[$t].",";
}
}
$msql->query( "insert into {P}_photo_con set\r\n\t\tcatid='{$catid}',\r\n\t\tcatpath='{$catpath}',\r\n\t\ttitle='{$title}',\r\n\t\tbody='{$body}',\r\n\t\tdtime='{$dtime}',\r\n\t\txuhao='0',\r\n\t\tcl='0',\r\n\t\ttj='0',\r\n\t\tiffb='1',\r\n\t\tifbold='0',\r\n\t\tifred='0',\r\n\t\ttype='gif',\r\n\t\tsrc='{$src}',\r\n\t\tuptime='{$dtime}',\r\n\t\tauthor='{$author}',\r\n\t\tsource='{$source}',\r\n\t\tmemberid='0',\r\n\t\tproj='{$projpath}',\r\n\t\ttags='{$tagstr}',\r\n\t\tsecure='0',\r\n\t\tmemo='{$memo}',\r\n\t\tprop1='{$prop1}',\r\n\t\tprop2='{$prop2}',\r\n\t\tprop3='{$prop3}',\r\n\t\tprop4='{$prop4}',\r\n\t\tprop5='{$prop5}',\r\n\t\tprop6='{$prop6}',\r\n\t\tprop7='{$prop7}',\r\n\t\tprop8='{$prop8}',\r\n\t\tprop9='{$prop9}',\r\n\t\tprop10='{$prop10}',\r\n\t\tprop11='{$prop11}',\r\n\t\tprop12='{$prop12}',\r\n\t\tprop13='{$prop13}',\r\n\t\tprop14='{$prop14}',\r\n\t\tprop15='{$prop15}',\r\n\t\tprop16='{$prop16}',\r\n\t\tprop17='{$prop17}',\r\n\t\tprop18='{$prop18}',\r\n\t\tprop19='{$prop19}',\r\n\t\tprop20='{$prop20}'\r\n\t\t" );
echo "OK";
exit( );
break;
case "pagedelete" :
$delpagesid = $_POST['delpagesid'];
$nowid = $_POST['nowid'];
$i = 0;
$msql->query( "select id from {P}_photo_pages where photoid='{$nowid}' order by xuhao" );
while ( $msql->next_record( ) )
{
$id[$i] = $msql->f( "id" );
if ( $id[$i] == $delpagesid )
{
if ( $i == 0 )
{
$lastid = 0;
}
else
{
$lastid = $id[$i - 1];
}
}
$i++;
}
if ( $lastid == 0 && 1 < $i )
{
$lastid = $id[1];
}
$msql->query( "select src from {P}_photo_pages where id='{$delpagesid}'" );
if ( $msql->next_record( ) )
{
$oldsrc = $msql->f( "src" );
if ( file_exists( ROOTPATH.$oldsrc ) && $oldsrc != "" && !strstr( $oldsrc, "../" ) )
{
unlink( ROOTPATH.$oldsrc );
}
}
$msql->query( "delete from {P}_photo_pages where id='{$delpagesid}'" );
echo $lastid;
exit( );
break;
case "addproj" :
$project = htmlspecialchars( $_POST['project'] );
$folder = htmlspecialchars( $_POST['folder'] );
if ( $project == "" )
{
echo $strProjNTC1;
exit( );
}
if ( strlen( $folder ) < 2 || 16 < strlen( $folder ) )
{
echo $strProjNTC2;
exit( );
}
if ( !eregi( "^[0-9a-z]{1,16}\$", $folder ) )
{
echo $strProjNTC3;
exit( );
}
if ( strstr( $folder, "/" ) || strstr( $folder, "." ) )
{
echo $strProjNTC3;
exit( );
}
$arr = array( "main", "html", "class", "detail", "query", "index", "admin", "photogl", "photofabu", "photomodify", "photocat", "pics" );
if ( in_array( $folder, $arr ) == true )
{
echo $strProjNTC4;
exit( );
}
if ( file_exists( "../project/".$folder ) )
{
echo $strProjNTC4;
exit( );
}
$msql->query( "select id from {P}_photo_proj where folder='{$folder}'" );
if ( $msql->next_record( ) )
{
echo $strProjNTC4;
exit( );
}
$pagename = "proj_".$folder;
@mkdir( "../project/".$folder, 511 );
$fd = fopen( "../project/temp.php", "r" );
$str = fread( $fd, "2000" );
$str = str_replace( "TEMP", $pagename, $str );
fclose( $fd );
$filename = "../project/".$folder."/index.php";
$fp = fopen( $filename, "w" );
fwrite( $fp, $str );
fclose( $fp );
@chmod( $filename, 493 );
$msql->query( "insert into {P}_photo_proj set \r\n\t\t\t`project`='{$project}',\r\n\t\t\t`folder`='{$folder}'\r\n\t\t" );
$msql->query( "insert into {P}_base_pageset set \r\n\t\t\t`name`='{$project}',\r\n\t\t\t`coltype`='photo',\r\n\t\t\t`pagename`='{$pagename}',\r\n\t\t\t`pagetitle`='{$project}',\r\n\t\t\t`buildhtml`='index'\r\n\t\t" );
echo "OK";
exit( );
break;
case "addzl" :
$catid = htmlspecialchars( $_POST['catid'] );
if ( $catid == "" )
{
echo $strZlNTC1;
exit( );
}
$msql->query( "select cat from {P}_photo_cat where catid='{$catid}'" );
if ( $msql->next_record( ) )
{
$cat = $msql->f( "cat" );
$cat = str_replace( "'", "", $cat );
}
else
{
echo $strZlNTC2;
exit( );
}
$pagename = "class_".$catid;
@mkdir( "../class/".$catid, 511 );
$fd = fopen( "../class/temp.php", "r" );
$str = fread( $fd, "2000" );
$str = str_replace( "TEMP", $pagename, $str );
fclose( $fd );
$filename = "../class/".$catid."/index.php";
$fp = fopen( $filename, "w" );
fwrite( $fp, $str );
fclose( $fp );
@chmod( $filename, 493 );
$msql->query( "update {P}_photo_cat set `ifchannel`='1' where catid='{$catid}'" );
$msql->query( "select id from {P}_base_pageset where coltype='photo' and pagename='{$pagename}'" );
if ( $msql->next_record( ) )
{
}
else
{
$fsql->query( "insert into {P}_base_pageset set \r\n\t\t\t`name`='{$cat}',\r\n\t\t\t`coltype`='photo',\r\n\t\t\t`pagename`='{$pagename}',\r\n\t\t\t`pagetitle`='{$cat}',\r\n\t\t\t`buildhtml`='index'\r\n\t\t\t" );
}
echo "OK";
exit( );
break;
case "delzl" :
$catid = htmlspecialchars( $_POST['catid'] );
if ( $catid == "" )
{
echo $strZlNTC1;
exit( );
}
$msql->query( "select catid from {P}_photo_cat where catid='{$catid}'" );
if ( $msql->next_record( ) )
{
}
else
{
echo $strZlNTC2;
exit( );
}
$pagename = "class_".$catid;
$msql->query( "delete from {P}_base_pageset where coltype='photo' and pagename='{$pagename}'" );
$msql->query( "delete from {P}_base_plus where plustype='photo' and pluslocat='{$pagename}'" );
$msql->query( "update {P}_photo_cat set `ifchannel`='0' where catid='{$catid}'" );
if ( $catid != "" && 1 <= strlen( $catid ) && !strstr( $catid, "." ) && !strstr( $catid, "/" ) )
{
delfold( "../class/".$catid );
}
echo "OK";
exit( );
break;
}
?>