function update($id, $data = array()) { global $db; check_allowed(str_replace(LZ_MYSQL_PREFIX, '', $this->table), 'update', LZ_RESPONSE == 'text'); $sql = make_update_sql($this->table, $data, array($this->id => $id)); return $db->query($sql); }
<?php LZ_MODULE != 'admin' && die('Access Denied'); define('LZ_RESPONSE', 'text'); $m = $_GET['m']; include 'model/user.php'; $user = new LZ_User(); if ($m == 'edit') { check_allowed('account', 'update', 1); set_allowed('user', 'update'); $data = filter_array($_POST, 'email'); if ($_POST['password']) { $data['password'] = lz_encode($_POST['password']); } if ($data && $user->update($_SESSION['login_user']['user_id'], $data)) { remove_allowed('user', 'update'); $_SESSION['login_user'] = $user->get_one($_SESSION['login_user']['user_id']); echo lang('USER_UPDATE_SUCCESS'); die; } else { remove_allowed('user', 'update'); echo lang('USER_UPDATE_ERR'); die; } } else { if ($m == 'get_user') { $arr = $user->get_one($_SESSION['login_user']['user_id']); echo json_encode($arr); die; } }
/********************************** * EndCMS * www.endcms.com * ©2008-now * under Creative Commons License **********************************/ END_MODULE != 'admin' && die('Access Denied'); $admin_id = intval($_GET['admin_id']); $m = $_GET['m']; $action = $_GET['action']; $admin = model('admin'); $rights = model('rights'); $rights_id = isset($_GET['rights_id']) ? intval($_GET['rights_id']) : false; if ($m == 'new_admin') { check_allowed('admin', 'add'); $data = filter_array($_POST, 'name!,end_encode:password!,email'); if ($admin->exists(array('name' => $data['name']))) { end_exit(lang("ADMIN_EXISTS"), 'admin.php?p=admin', 1); } else { if ($admin->add($data)) { end_exit(lang('ADMIN_NEW_SUCCESS'), 'admin.php?p=admin', 1); } else { $err_msg = lang('ADMIN_NEW_ERROR'); $action = 'new_admin'; } } } else { define('END_LOG_INFO', LANG_TITLE); define('END_LOG_URL', 'admin.php?p=admin'); }
<?php /********************************** * EndCMS * www.endcms.com * ©2008-now * under Creative Commons License **********************************/ END_MODULE != 'admin' && die('Access Denied'); $m = $_GET['m']; $_config = model('config'); $config_id = intval($_GET['config_id']); if ($m == "new_config") { check_allowed('config', 'add'); $data = filter_array($_POST, 'name!,description!,type!'); if ($data) { if ($_config->add($data)) { end_exit(lang('CONFIG_NEW_SUCCESS'), 'admin.php?p=config', 1); } else { $action = 'new_category'; $err_msg = lang('CONFIG_NEW_ERROR'); } } else { $action = 'new_config'; $err_msg = lang('CONFIG_FILL_ALL'); $view_data['thisconfig'] = $_POST; } } $view_data['err_msg'] = $err_msg; $view_data['items'] = $_config->get_list(); $view_data['page_description'] = lang('TITLE');
} $message = UCSLAN_3; } else { $message = UCSLAN_4; } } if (isset($_POST['edit'])) { $class_id = intval($_POST['existing']); check_allowed($class_id); $sql->db_Select('userclass_classes', '*', "userclass_id=" . $class_id); $row = $sql->db_Fetch(); extract($row); } if (isset($_POST['updateclass'])) { $class_id = intval($_POST['userclass_id']); check_allowed($class_id); $_POST['userclass_name'] = $tp->toDB($_POST['userclass_name']); $_POST['userclass_description'] = $tp->toDB($_POST['userclass_description']); $_POST['userclass_editclass'] = intval($_POST['userclass_editclass']); $sql->db_Update('userclass_classes', "userclass_editclass={$_POST['userclass_editclass']}, userclass_name='" . $_POST['userclass_name'] . "', userclass_description='" . $_POST['userclass_description'] . "' WHERE userclass_id=" . $class_id); $message = UCSLAN_5; } if (isset($_POST['createclass'])) { if ($_POST['userclass_name']) { $_POST['userclass_name'] = $tp->toDB($_POST['userclass_name']); $_POST['userclass_description'] = $tp->toDB($_POST['userclass_description']); $editclass = intval(varset($_POST['userclass_editclass'], 0)); if ($editclass && (getperms('0') || check_class($editclass))) { $i = 1; while ($sql->db_Select('userclass_classes', '*', "userclass_id='" . $i . "' ") && $i < 255) { $i++;
$view_data['category_type'] = $end_models[$this_category['status']]['name']; $view_data['category'] = $this_category; } if ($item_type) { $item = model($item_type, $end_models[$item_type . '_list']['model_path']); $item_model = $end_models[$item_type . '_list']; $_fields = $item_model['fields']; define('ITEM_TYPE', $item_type); if ($m == 'edit_item') { check_allowed($item_type, 'update'); } else { if ($m == 'new_item') { check_allowed($item_type, 'add'); } else { if (!$m) { check_allowed($item_type, 'view'); } } } //添加或者修改,提交处理部分 if ($m == 'edit_item' || $m == 'new_item') { $data = array(); if ($item_id) { $data[$item->id] = $item_id; } $errors = array(); if (!$item_model['no_category']) { if (!intval($_POST['category_id'])) { $errors[] = "请选择分类"; } else { $data['category_id'] = intval($_POST['category_id']);
* www.endcms.com * ©2008-now * under Creative Commons License **********************************/ END_MODULE != 'admin' && die('Access Denied'); $m = $_GET['m']; $value = $_POST['value']; $id = intval($_GET['id']); $table = $_GET['table']; $column = $_GET['column']; $_allowed = ','; foreach ($_SESSION['login_user']['allowed_controllers'] as $_c => $_v) { $_allowed .= $_c . ','; } define('END_RESPONSE', 'text'); check_allowed($table, $m, 1); load_models(); if (!$id) { ajax_exit('id needed'); } if ($table) { if (strpos(",{$_allowed},", ",{$table},") !== false) { if ($end_models[$table . '_list']) { $obj = model($table, $end_models[$table . '_list']['model_path']); } else { $obj = model($table); } } } if (!$obj) { ajax_exit('table needed');
if ($data) { if ($new_id = $category->add($data)) { header('Location: admin.php?p=category&action=edit_category&category_id=' . $new_id); die; } else { $action = 'new_category'; $err_msg = lang('CATEGOTY_NEW_ERROR'); } } else { $action = 'new_category'; $err_msg = lang('CATEGOTY_FILL_ALL'); $view_data['category'] = $_POST; } } else { if ($m == 'edit_category') { check_allowed('category', 'update'); $_category = $category->get_one($category_id); $data = array('category_id' => $category_id); $errors = array(); $_fields = $end_models[$_category['status']]['category_fields']; if (intval($_POST['parent_id']) < 0) { $errors[] = lang('Please choose a parent category'); } else { $data['parent_id'] = intval($_POST['parent_id']); } if ($_fields) { //处理提交的数据 include 'edit_field.php'; } //提交数居后的处理 if ($_fields['__after_edit']) {
END_MODULE != 'admin' && die('Access Denied'); $rights = model('rights'); $m = $_GET['m']; $category = model('category'); load_models(); $rights_id = $_GET['rights_id']; if ($m == 'new_group') { check_allowed('rights', 'add'); $data = filter_array($_POST, 'name!'); if ($data && $rights->add($data)) { end_exit(lang('rights_add_success'), 'admin.php?p=rights'); } else { end_exit(lang('rights_add_failed'), 'admin.php?p=rights'); } } elseif ($m == 'config' && $rights_id) { check_allowed('rights', 'update'); $r = array(); foreach ($_POST as $key => $val) { if (strtolower($val) == 'on') { $r[] = $key; } } $data['rights'] = join(',', $r); if ($rights->update($rights_id, $data)) { end_exit(lang('rights_updated'), 'admin.php?p=rights'); } } else { define('END_LOG_INFO', LANG_TITLE); define('END_LOG_URL', 'admin.php?p=rights'); } if ($rights_id) {
$class_num = intval(varset($uc_qs[2], 0)); } $userclass_id = 0; // Set defaults for new class to start with $userclass_name = ''; $userclass_description = ''; $userclass_editclass = e_UC_ADMIN; $userclass_visibility = e_UC_ADMIN; $userclass_parent = e_UC_NOBODY; $userclass_icon = ''; $userclass_type = UC_TYPE_STD; $userclass_groupclass = ''; if ($params == 'edit' || $forwardVals) { if (!$forwardVals) { // Get the values from DB (else just recycle data uer was trying to store) check_allowed($class_num); $sql->db_Select('userclass_classes', '*', "userclass_id='" . intval($class_num) . "' "); $class_record = $sql->db_Fetch(); $userclass_id = $class_record['userclass_id']; // Update fields from DB if editing } $userclass_name = $class_record['userclass_name']; $userclass_description = $class_record['userclass_description']; $userclass_editclass = $class_record['userclass_editclass']; $userclass_visibility = $class_record['userclass_visibility']; $userclass_parent = $class_record['userclass_parent']; $userclass_icon = $class_record['userclass_icon']; $userclass_type = $class_record['userclass_type']; if ($userclass_type == UC_TYPE_GROUP) { $userclass_groupclass = $class_record['userclass_accum']; }