function add()
{
if ($_POST['dosubmit']) {
$siteid = intval($_POST['siteid']) ? intval($_POST['siteid']) : showmessage(L('parameter_error'), HTTP_REFERER);
if ($this->db->get_one(array('siteid' => $siteid))) {
showmessage(L('wap_add_samesite_error'), HTTP_REFERER);
}
$sitename = trim(new_addslashes($_POST['sitename']));
$logo = trim($_POST['logo']);
$domain = trim($_POST['domain']);
$setting = array2string($_POST['setting']);
$return_id = $this->db->insert(array('siteid' => $siteid, 'sitename' => $sitename, 'logo' => $logo, 'domain' => $domain, 'setting' => $setting), '1');
$this->wap_site_cache();
showmessage(L('operation_success'), '', '', 'add');
} else {
$sitelists = array();
$current_siteid = get_siteid();
$sitelists = $this->sites->get_list();
if ($_SESSION['roleid'] == '1') {
foreach ($sitelists as $key => $v) {
$sitelist[$key] = $v['name'];
}
} else {
$sitelist[$current_siteid] = $sitelists[$current_siteid]['name'];
}
$show_header = true;
include $this->admin_tpl('m_add');
}
}
public function __construct()
{
if (!get_magic_quotes_gpc()) {
$_POST = new_addslashes($_POST);
$_GET = new_addslashes($_GET);
$_REQUEST = new_addslashes($_REQUEST);
$_COOKIE = new_addslashes($_COOKIE);
}
$this->route_config = pc_base::load_config('route', SITE_URL) ? pc_base::load_config('route', SITE_URL) : pc_base::load_config('route', 'default');
if (isset($this->route_config['data']['POST']) && is_array($this->route_config['data']['POST'])) {
foreach ($this->route_config['data']['POST'] as $_key => $_value) {
if (!isset($_POST[$_key])) {
$_POST[$_key] = $_value;
}
}
}
if (isset($this->route_config['data']['GET']) && is_array($this->route_config['data']['GET'])) {
foreach ($this->route_config['data']['GET'] as $_key => $_value) {
if (!isset($_GET[$_key])) {
$_GET[$_key] = $_value;
}
}
}
if (isset($_GET['page'])) {
$_GET['page'] = max(intval($_GET['page']), 1);
}
return true;
}
function EditConfig($file = '', $name = '', $value = '', $daxiao = 'xiao')
{
static $content = array();
if (!isset($content[$file])) {
$content[$file] = file_get_contents(G_CONFIG . $file . '.inc.php');
if (!is_writable(G_CONFIG . $file . '.inc.php')) {
_message('Please chmod "' . $file . '" to 0777 !');
}
}
if (empty($name)) {
return false;
}
if ($daxiao == 'xiao') {
$value = strtolower(new_addslashes($value));
}
if ($daxiao == 'da') {
$value = strtoupper(new_addslashes($value));
}
if ($daxiao == 'no') {
$value = new_addslashes($value);
}
$pat = "/\\'{$name}\\'\\s*=>\\s*([']?)[^']*([']?)(\\s*),/is";
$content[$file] = preg_replace($pat, "'{$name}' => \${1}" . $value . "\${2}\${3},", $content[$file]);
file_put_contents(G_CONFIG . $file . '.inc.php', $content[$file]);
}
public function add()
{
if (isset($_POST['dosubmit'])) {
$_POST['link']['addtime'] = SYS_TIME;
$_POST['link']['siteid'] = $this->get_siteid();
if (empty($_POST['link']['name'])) {
showmessage(L('sitename_noempty'), HTTP_REFERER);
} else {
$_POST['link']['name'] = safe_replace($_POST['link']['name']);
}
if ($_POST['link']['logo']) {
$_POST['link']['logo'] = safe_replace($_POST['link']['logo']);
}
$data = new_addslashes($_POST['link']);
$linkid = $this->db->insert($data, true);
if (!$linkid) {
return FALSE;
}
$siteid = $this->get_siteid();
//更新附件状态
if (pc_base::load_config('system', 'attachment_stat') & $_POST['link']['logo']) {
$this->attachment_db = pc_base::load_model('attachment_model');
$this->attachment_db->api_update($_POST['link']['logo'], 'link-' . $linkid, 1);
}
showmessage(L('operation_success'), HTTP_REFERER, '', 'add');
} else {
$show_validator = $show_scroll = $show_header = true;
pc_base::load_sys_class('form', '', 0);
$siteid = $this->get_siteid();
$types = $this->db2->get_types($siteid);
//print_r($types);exit;
include $this->admin_tpl('link_add');
}
}
function _initialize()
{
//参数转义
new_addslashes($_POST);
new_addslashes($_GET);
//设置心情Action的数据处理层
$this->name = $this->my_name;
}
public function _initialize()
{
//参数转义
new_addslashes($_POST);
new_addslashes($_GET);
$_POST = $this->__filterLabel($_POST);
parent::_initialize();
}
/**
* __initialize
* 初始化
* @access public
* @return void
*/
public function _initialize()
{
//参数转义
new_addslashes($_POST);
new_addslashes($_GET);
//设置心情Action的数据处理层
$this->blog = D('Blog');
}
/**
* __initialize
* 初始化
* @access public
* @return void
*/
public function _initialize()
{
//参数转义
new_addslashes($_POST);
new_addslashes($_GET);
//设置心情Action的数据处理层
$this->event = D('Event');
$this->event->setApi($this->api);
}
/**
* 返回经addslashes处理过的字符串或数组
* @param $string 需要处理的字符串或数组
* @return mixed
*/
function new_addslashes($string)
{
if (!is_array($string)) {
return addslashes($string);
}
foreach ($string as $key => $val) {
$string[$key] = new_addslashes($val);
}
return $string;
}
function new_addslashes($str)
{
if (!is_array($str)) {
return addslashes($str);
}
foreach ($str as $key => $val) {
$str[$key] = new_addslashes($val);
}
return $str;
}
public function api_add($uploadedfile) {
$uploadfield = array();
$uploadfield = $uploadedfile;
unset($uploadfield['fn']);
$uploadfield = new_addslashes($uploadfield);
$this->insert($uploadfield);
$aid = $this->insert_id();
$uploadedfile['aid'] = $aid;
return $aid;
}
public function __construct()
{
if (!get_magic_quotes_gpc()) {
$_GET = new_addslashes($_GET);
$_POST = new_addslashes($_POST);
$_REQUEST = new_addslashes($_REQUEST);
$_COOKIE = new_addslashes($_COOKIE);
}
$this->route = loadConfig('route', 'default');
if (isset($_GET['page'])) {
$_GET['page'] = max(intval($_GET['page']), 1);
$_GET['page'] = min($_GET['page'], 1000000);
}
}
function new_addslashes($string)
{
if (!get_magic_quotes_gpc()) {
if (!is_array($string)) {
return addslashes(trim($string));
}
foreach ($string as $key => $val) {
$string[$key] = new_addslashes($val);
}
return $string;
} else {
return $string;
}
}
/**
* 构造函数
*/
public function __construct()
{
$this->db = pc_base::load_model('member_model');
pc_base::load_app_func('global');
/*获取系统配置*/
$this->settings = getcache('settings', 'admin');
$this->applist = getcache('applist', 'admin');
if (isset($_GET) && is_array($_GET) && count($_GET) > 0) {
foreach ($_GET as $k => $v) {
if (!in_array($k, array('m', 'c', 'a'))) {
$_POST[$k] = $v;
}
}
}
if (isset($_POST['appid'])) {
$this->appid = intval($_POST['appid']);
} else {
exit('0');
}
if (isset($_POST['data'])) {
parse_str(sys_auth($_POST['data'], 'DECODE', $this->applist[$this->appid]['authkey']), $this->data);
if (empty($this->data) || !is_array($this->data)) {
exit('0');
}
if (!get_magic_quotes_gpc()) {
$this->data = new_addslashes($this->data);
}
if (isset($this->data['username']) && $this->data['username'] != '' && is_username($this->data['username']) == false) {
exit('-5');
}
if (isset($this->data['email']) && $this->data['username'] != '' && is_email($this->data['email']) == false) {
exit('-5');
}
if (isset($this->data['password']) && $this->data['password'] != '' && (is_password($this->data['password']) == false || is_badword($this->data['password']))) {
exit('-5');
}
if (isset($this->data['newpassword']) && $this->data['newpassword'] != '' && (is_password($this->data['newpassword']) == false || is_badword($this->data['newpassword']))) {
exit('-5');
}
} else {
exit('0');
}
if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) {
$this->data['avatardata'] = $GLOBALS['HTTP_RAW_POST_DATA'];
//if($this->applist[$this->appid]['authkey'] != $this->data['ps_auth_key']) {
// exit('0');
//}
}
}
/**
* 初始化函数
*
*/
function _initialize()
{
//参数转义
new_addslashes($_POST);
new_addslashes($_GET);
//整个应用的赋值
$this->gift = D('Gift');
$this->gift_category = D('GiftCategory');
$this->user_gift = D('UserGift');
$this->user_gift->setApi($this->api);
$this->user_gift->setGift($this->gift);
$this->user_gift->setCategory($this->gift_category);
$this->gift_category->setGift($this->gift);
$mid = $this->mid;
$config = D('AppConfig')->getConfig();
$this->assign('config', $config);
}
/**
* 写入缓存
* @param string $name 缓存名称
* @param mixed $data 缓存数据
* @param array $setting 缓存配置
* @param string $type 缓存类型
* @param string $module 所属模型
* @return mixed 缓存路径/false
*/
public function set($name, $data, $setting = '', $type = 'data', $module = ROUTE_M)
{
$this->get_setting($setting);
if (empty($type)) {
$type = 'data';
}
if (empty($module)) {
$module = ROUTE_M;
}
$filepath = CACHE_PATH . 'caches_' . $module . '/caches_' . $type . '/';
$filename = $name . $this->_setting['suf'];
if (!is_dir($filepath)) {
mkdir($filepath, 0777, true);
}
if ($this->_setting['type'] == 'array') {
$data = "<?php\nreturn " . var_export($data, true) . ";\n?>";
} elseif ($this->_setting['type'] == 'serialize') {
$data = serialize($data);
}
if ($module == 'commons' || $module == 'commons' && substr($name, 0, 16) != 'category_content') {
$db = pc_base::load_model('cache_model');
$datas = new_addslashes($data);
if ($db->get_one(array('filename' => $filename, 'path' => 'caches_' . $module . '/caches_' . $type . '/'), '`filename`')) {
$db->update(array('data' => $datas), array('filename' => $filename, 'path' => 'caches_' . $module . '/caches_' . $type . '/'));
} else {
$db->insert(array('filename' => $filename, 'path' => 'caches_' . $module . '/caches_' . $type . '/', 'data' => $datas));
}
}
// print_r(pc_base::load_config('system', 'lock_ex'));
//exit();
//是否开启互斥锁
if (pc_base::load_config('system', 'lock_ex')) {
$file_size = file_put_contents($filepath . $filename, $data, LOCK_EX);
} else {
$file_size = file_put_contents($filepath . $filename, $data);
}
return $file_size ? $file_size : 'false';
}
/**
* 修改标签向导
*/
public function edit()
{
$id = isset($_GET['id']) && intval($_GET['id']) ? intval($_GET['id']) : showmessage(L('illegal_parameters'), HTTP_REFERER);
if (!($edit_data = $this->db->get_one(array('id' => $id)))) {
showmessage(L('notfound'));
}
pc_base::load_app_func('global', 'dbsource');
if (isset($_POST['dosubmit'])) {
$name = isset($_POST['name']) && trim($_POST['name']) ? trim($_POST['name']) : showmessage(L('name') . L('empty'));
$cache = isset($_POST['cache']) && intval($_POST['cache']) ? intval($_POST['cache']) : 0;
$num = isset($_POST['num']) && intval($_POST['num']) ? intval($_POST['num']) : 0;
$type = isset($_POST['type']) && intval($_POST['type']) ? intval($_POST['type']) : 0;
//检查名称是否已经存在
if ($edit_data['name'] != $name) {
if ($this->db->get_one(array('name' => $name), 'id')) {
showmessage(L('name') . L('exists'));
}
}
$siteid = $this->get_siteid();
if ($type == '1') {
//自定义SQL
$sql = isset($_POST['data']) && trim($_POST['data']) ? trim($_POST['data']) : showmessage(L('custom_sql') . L('empty'));
$data['sql'] = $sql;
$tag = '{pc:get sql="' . $sql . '" ';
if ($cache) {
$tag .= 'cache="' . $cache . '" ';
}
if ($_POST['page']) {
$tag .= 'page="' . $_POST['page'] . '" ';
}
if ($_POST['dbsource']) {
$data['dbsource'] = $_POST['dbsource'];
$tag .= 'dbsource= "' . $_POST['dbsource'] . '" ';
}
if ($_POST['return']) {
$tag .= 'return="' . $_POST['return'] . '"';
}
$tag .= '}';
} elseif ($type == 0) {
//模型配置
$module = isset($_POST['module']) && trim($_POST['module']) ? trim($_POST['module']) : showmessage(L('please_select_model'));
$action = isset($_POST['action']) && trim($_POST['action']) ? trim($_POST['action']) : showmessage(L('please_select_action'));
$html = pc_tag_class($module);
$data = array();
$tag = '{pc:' . $module . ' action="' . $action . '" ';
if (isset($html[$action]) && is_array($html[$action])) {
foreach ($html[$action] as $key => $val) {
$val['validator']['reg_msg'] = $val['validator']['reg_msg'] ? $val['validator']['reg_msg'] : $val['name'] . L('inputerror');
${$key} = isset($_POST[$key]) && trim($_POST[$key]) ? trim($_POST[$key]) : '';
if (!empty($val['validator'])) {
if (isset($val['validator']['min']) && strlen(${$key}) < $val['validator']['min']) {
showmessage($val['name'] . L('should') . L('is_greater_than') . $val['validator']['min'] . L('lambda'));
}
if (isset($val['validator']['max']) && strlen(${$key}) > $val['validator']['max']) {
showmessage($val['name'] . L('should') . L('less_than') . $val['validator']['max'] . L('lambda'));
}
if (!preg_match('/' . $val['validator']['reg'] . '/' . $val['validator']['reg_param'], ${$key})) {
showmessage($val['name'] . $val['validator']['reg_msg']);
}
}
$tag .= $key . '="' . ${$key} . '" ';
$data[$key] = ${$key};
}
}
if ($_POST['page']) {
$tag .= 'page="' . $_POST['page'] . '" ';
}
if ($num) {
$tag .= ' num="' . $num . '" ';
}
if ($_POST['return']) {
$tag .= ' return="' . $_POST['return'] . '" ';
}
if ($cache) {
$tag .= ' cache="' . $cache . '" ';
}
$tag .= '}';
} else {
//碎片
$data = isset($_POST['block']) && trim($_POST['block']) ? trim($_POST['block']) : showmessage(L('block_name_not_empty'));
$tag = '{pc:block pos="' . $data . '"}';
}
$tag .= "\n" . '{loop $data $n $r}' . "\n" . '<li><a href="{$r[\'url\']}" title="{$r[\'title\']}">{$r[\'title\']}</a></li>' . "\n" . '{/loop}' . "\n" . '{/pc}';
$tag = new_addslashes($tag);
$data = is_array($data) ? array2string($data) : $data;
$this->db->update(array('siteid' => $siteid, 'tag' => $tag, 'name' => $name, 'type' => $type, 'module' => $module, 'action' => $action, 'data' => $data, 'page' => $_POST['page'], 'return' => $_POST['return'], 'cache' => $cache, 'num' => $num), array('id' => $id));
showmessage('', '', '', 'edit');
} else {
pc_base::load_sys_class('form', '', 0);
$modules = array_merge(array('' => L('please_select')), pc_base::load_config('modules'));
$show_header = $show_validator = true;
$type = isset($_GET['type']) && intval($_GET['type']) ? intval($_GET['type']) : $edit_data['type'];
$siteid = $this->get_siteid();
$dbsource_data = $dbsource = array();
$dbsource[] = L('please_select');
$dbsource_data = $this->dbsource->select(array('siteid' => $siteid), 'name');
foreach ($dbsource_data as $dbs) {
$dbsource[$dbs['name']] = $dbs['name'];
}
$module = isset($_GET['module']) && trim($_GET['module']) ? trim($_GET['module']) : $edit_data['module'];
$action = isset($_GET['action']) && trim($_GET['action']) ? trim($_GET['action']) : $edit_data['action'];
if ($edit_data['type'] == 0 || $edit_data['type'] == 1) {
$form_data = string2array($edit_data['data']);
}
if ($module) {
$html = pc_tag_class($module);
}
pc_base::load_app_func('global', 'template');
include $this->admin_tpl('tag_edit');
}
}
</tr>
<?php
if(is_array($infos)){
foreach($infos as $info){
?>
<tr>
<td align="center" width="35"><input type="checkbox"
name="typeid[]" value="<?php echo $info['typeid']?>"></td>
<td align="center"><input name='listorders[<?php echo $info['typeid']?>]' type='text' size='3' value='<?php echo $info['listorder']?>' class="input_center"></td>
<td><?php echo $info['name']?></td>
<td align="center" width="12%"> <?php echo $info['typeid'];?></td>
<td align="center" width="20%"><a href="###"
onclick="edit(<?php echo $info['typeid']?>, '<?php echo new_addslashes($info['name'])?>')"
title="<?php echo L('edit')?>"><?php echo L('edit')?></a> | <a
href='?m=link&c=link&a=delete_type&typeid=<?php echo $info['typeid']?>'
onClick="return confirm('<?php echo L('confirm', array('message' => new_addslashes($info['name'])))?>')"><?php echo L('delete')?></a>
</td>
</tr>
<?php
}
}
?>
</tbody>
</table>
<div class="btn"><a href="#"
onClick="javascript:$('input[type=checkbox]').attr('checked', true)"><?php echo L('selected_all')?></a>/<a
href="#"
onClick="javascript:$('input[type=checkbox]').attr('checked', false)"><?php echo L('cancel')?></a>
<input name="submit" type="submit" class="button"
value="<?php echo L('remove_all_selected')?>"
onClick="return confirm('<?php echo L('confirm', array('message' => L('selected')))?>')"> </div>
?>
</td>
<td align="center"><a href="javascript:edit('<?php
echo $r['id'];
?>
','<?php
echo new_addslashes($r['sitename']);
?>
')"><?php
echo L('edit');
?>
</a> | <a href="javascript:;" onclick="data_delete(this,'<?php
echo $r['id'];
?>
','<?php
echo L('confirm', array('message' => new_addslashes($r['sitename'])));
?>
')"><?php
echo L('delete');
?>
</a> </td>
</tr>
<?php
}
?>
</tbody>
</table>
<div class="btn"><input type="submit" class="button" name="dosubmit" value="<?php
echo L('listorder');
?>
" /></div> </div>
/**
* 表单展示
*/
public function show()
{
if (!isset($_GET['formid']) || empty($_GET['formid'])) {
$_GET['action'] ? exit : showmessage(L('form_no_exist'), HTTP_REFERER);
}
$siteid = $_GET['siteid'] ? intval($_GET['siteid']) : 1;
$formid = intval($_GET['formid']);
$r = $this->db->get_one(array('modelid' => $formid, 'siteid' => $siteid, 'disabled' => 0), 'tablename, setting');
if (!$r) {
$_GET['action'] ? exit : showmessage(L('form_no_exist'), HTTP_REFERER);
}
$setting = string2array($r['setting']);
if ($setting['enabletime']) {
if ($setting['starttime'] > SYS_TIME || $setting['endtime'] + 3600 * 24 < SYS_TIME) {
$_GET['action'] ? exit : showmessage(L('form_expired'), APP_PATH . 'index.php?m=formguide&c=index&a=index');
}
}
$userid = param::get_cookie('_userid');
if ($setting['allowunreg'] == 0 && !$userid && $_GET['action'] != 'js') {
showmessage(L('please_login_in'), APP_PATH . 'index.php?m=member&c=index&a=login&forward=' . urlencode(HTTP_REFERER));
}
if (isset($_POST['dosubmit'])) {
$tablename = 'form_' . $r['tablename'];
$this->m_db->change_table($tablename);
$data = array();
require CACHE_MODEL_PATH . 'formguide_input.class.php';
$formguide_input = new formguide_input($formid);
$data = new_addslashes($_POST['info']);
$data = new_html_special_chars($data);
$data = $formguide_input->get($data);
$data['userid'] = $userid;
$data['username'] = param::get_cookie('_username');
$data['datetime'] = SYS_TIME;
$data['ip'] = ip();
$dataid = $this->m_db->insert($data, true);
if ($dataid) {
if ($setting['sendmail']) {
pc_base::load_sys_func('mail');
$mails = explode(',', $setting['mails']);
if (is_array($mails)) {
foreach ($mails as $m) {
sendmail($m, L('tips'), $this->M['mailmessage']);
}
}
}
$this->db->update(array('items' => '+=1'), array('modelid' => $formid, 'siteid' => $this->siteid));
}
showmessage(L('thanks'), APP_PATH);
} else {
if ($setting['allowunreg'] == 0 && !$userid && $_GET['action'] == 'js') {
$no_allowed = 1;
}
pc_base::load_sys_class('form', '', '');
$f_info = $this->db->get_one(array('modelid' => $formid, 'siteid' => $this->siteid));
extract($f_info);
$tablename = 'form_' . $r['tablename'];
$this->m_db->change_table($tablename);
$ip = ip();
$where = array();
if ($userid) {
$where = array('userid' => $userid);
} else {
$where = array('ip' => $ip);
}
$re = $this->m_db->get_one($where, 'datetime');
$setting = string2array($setting);
if ($setting['allowmultisubmit'] == 0 && $re['datetime'] || SYS_TIME - $re['datetime'] < $this->M['interval'] * 60) {
$_GET['action'] ? exit : showmessage(L('had_participate'), APP_PATH . 'index.php?m=formguide&c=index&a=index');
}
require CACHE_MODEL_PATH . 'formguide_form.class.php';
$formguide_form = new formguide_form($formid, $no_allowed);
$forminfos_data = $formguide_form->get();
$SEO = seo($this->siteid, L('formguide'), $name);
if (isset($_GET['action']) && $_GET['action'] == 'js') {
if (!function_exists('ob_gzhandler')) {
ob_clean();
}
ob_start();
}
$template = $_GET['action'] == 'js' ? $js_template : $show_template;
include template('formguide', $template, $default_style);
if (isset($_GET['action']) && $_GET['action'] == 'js') {
$data = ob_get_contents();
ob_clean();
exit(format_js($data));
}
}
}
<td width="8%" align="center"><?php
echo $modules[$info['module']]['name'];
?>
</td>
<td width="8%" align="center"><?php
echo $category[$info['catid']]['catname'];
?>
</td>
<td width="20%"><img src="<?php
echo file_icon($info['filename'], 'gif');
?>
" /> <?php
echo $info['filename'];
?>
<?php
echo $thumb ? '<img title="' . L('att_thumb_manage') . '" src="statics/images/admin_img/havthumb.png" onclick="showthumb(' . $info['aid'] . ', \'' . new_addslashes($info['filename']) . '\')"/>' : '';
?>
<?php
echo $info['status'] ? '<img src="statics/images/admin_img/link.png"' : '';
?>
</td>
<td width="10%" align="center"><?php
echo $this->attachment->size($info['filesize']);
?>
</td>
<td width="12%" align="center"><?php
echo date('Y-m-d H:i:s', $info['uploadtime']);
?>
</td>
<td align="center"><a href="javascript:preview(<?php
echo $info['aid'];
/**
* 附件上传方法
* @param $field 上传字段
* @param $alowexts 允许上传类型
* @param $maxsize 最大上传大小
* @param $overwrite 是否覆盖原有文件
* @param $thumb_setting 缩略图设置
* @param $watermark_enable 是否添加水印
*/
function upload($field, $alowexts = '', $maxsize = 0, $overwrite = 0, $thumb_setting = array(), $watermark_enable = 1)
{
if (!isset($_FILES[$field])) {
$this->error = UPLOAD_ERR_OK;
return false;
}
if (empty($alowexts) || $alowexts == '') {
$site_setting = $this->_get_site_setting($this->siteid);
$alowexts = $site_setting['upload_allowext'];
}
$fn = $_GET['CKEditorFuncNum'] ? $_GET['CKEditorFuncNum'] : '1';
$this->field = $field;
$this->savepath = $this->upload_root . $this->upload_dir . date('Y/md/');
$this->alowexts = $alowexts;
$this->maxsize = $maxsize;
$this->overwrite = $overwrite;
$uploadfiles = array();
$description = isset($GLOBALS[$field . '_description']) ? $GLOBALS[$field . '_description'] : array();
if (is_array($_FILES[$field]['error'])) {
$this->uploads = count($_FILES[$field]['error']);
foreach ($_FILES[$field]['error'] as $key => $error) {
if ($error === UPLOAD_ERR_NO_FILE) {
continue;
}
if ($error !== UPLOAD_ERR_OK) {
$this->error = $error;
return false;
}
$uploadfiles[$key] = array('tmp_name' => $_FILES[$field]['tmp_name'][$key], 'name' => $_FILES[$field]['name'][$key], 'type' => $_FILES[$field]['type'][$key], 'size' => $_FILES[$field]['size'][$key], 'error' => $_FILES[$field]['error'][$key], 'description' => $description[$key], 'fn' => $fn);
}
} else {
$this->uploads = 1;
if (!$description) {
$description = '';
}
$uploadfiles[0] = array('tmp_name' => $_FILES[$field]['tmp_name'], 'name' => $_FILES[$field]['name'], 'type' => $_FILES[$field]['type'], 'size' => $_FILES[$field]['size'], 'error' => $_FILES[$field]['error'], 'description' => $description, 'fn' => $fn);
}
if (!dir_create($this->savepath)) {
$this->error = '8';
return false;
}
if (!is_dir($this->savepath)) {
$this->error = '8';
return false;
}
@chmod($this->savepath, 0777);
if (!is_writeable($this->savepath)) {
$this->error = '9';
return false;
}
if (!$this->is_allow_upload()) {
$this->error = '13';
return false;
}
$aids = array();
foreach ($uploadfiles as $k => $file) {
$fileext = fileext($file['name']);
if ($file['error'] != 0) {
$this->error = $file['error'];
return false;
}
if (!preg_match("/^(" . $this->alowexts . ")\$/", $fileext)) {
$this->error = '10';
return false;
}
if ($this->maxsize && $file['size'] > $this->maxsize) {
$this->error = '11';
return false;
}
if (!$this->isuploadedfile($file['tmp_name'])) {
$this->error = '12';
return false;
}
$temp_filename = $this->getname($fileext);
$savefile = $this->savepath . $temp_filename;
$savefile = preg_replace("/(php|phtml|php3|php4|jsp|exe|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\\.|\$)/i", "_\\1\\2", $savefile);
$filepath = preg_replace(new_addslashes("|^" . $this->upload_root . "|"), "", $savefile);
if (!$this->overwrite && file_exists($savefile)) {
continue;
}
$upload_func = $this->upload_func;
if (@$upload_func($file['tmp_name'], $savefile)) {
$this->uploadeds++;
@chmod($savefile, 0644);
@unlink($file['tmp_name']);
$file['name'] = iconv("utf-8", CHARSET, $file['name']);
$file['name'] = safe_replace($file['name']);
$uploadedfile = array('filename' => $file['name'], 'filepath' => $filepath, 'filesize' => $file['size'], 'fileext' => $fileext, 'fn' => $file['fn']);
$thumb_enable = is_array($thumb_setting) && ($thumb_setting[0] > 0 || $thumb_setting[1] > 0) ? 1 : 0;
$image = new image($thumb_enable, $this->siteid);
if ($thumb_enable) {
$image->thumb($savefile, '', $thumb_setting[0], $thumb_setting[1]);
}
if ($watermark_enable) {
$image->watermark($savefile, $savefile);
}
$aids[] = $this->add($uploadedfile);
}
}
return $aids;
}
/**
* 生成模板临时文件
* @param $filepath 文件地址
* @param $style 风格
* @param $dir 目录名
*/
function creat_template_bak($filepath, $style, $dir) {
$filename = basename($filepath);
$template_bak_db = pc_base::load_model('template_bak_model');
$template_bak_db->insert(array('creat_at'=>SYS_TIME,'fileid'=>$style."_".$dir."_".$filename, 'userid'=>param::get_cookie('userid'), 'username'=>param::get_cookie('admin_username'), 'template'=>new_addslashes(file_get_contents($filepath))));
}
/**
* 添加评论
* @param string $commentid 评论ID
* @param integer $siteid 站点ID
* @param array $data 内容数组应该包括array('userid'=>用户ID,'username'=>用户名,'content'=>内容,'direction'=>方向(0:没有方向 ,1:正方,2:反方,3:中立))
* @param string $id 回复评论的内容
* @param string $title 文章标题
* @param string $url 文章URL地址
*/
public function add($commentid, $siteid, $data, $id = '', $title = '', $url = '')
{
//开始查询评论这条评论是否存在。
$title = new_addslashes($title);
if (!($comment = $this->comment_db->get_one(array('commentid' => $commentid, 'siteid' => $siteid), 'tableid, commentid'))) {
//评论不存在
//取得当前可以使用的内容数据表
$r = $this->comment_table_db->get_one('', 'tableid, total', 'tableid desc');
$tableid = $r['tableid'];
if ($r['total'] >= 1000000) {
//当上一张数据表存的数据已经达到1000000时,创建新的数据存储表,存储数据。
if (!($tableid = $this->comment_table_db->creat_table())) {
$this->msg_code = 4;
return false;
}
}
//新建评论到评论总表中。
$comment_data = array('commentid' => $commentid, 'siteid' => $siteid, 'tableid' => $tableid, 'display_type' => $data['direction'] > 0 ? 1 : 0);
if (!empty($title)) {
$comment_data['title'] = $title;
}
if (!empty($url)) {
$comment_data['url'] = $url;
}
if (!$this->comment_db->insert($comment_data)) {
$this->msg_code = 5;
return false;
}
} else {
//评论存在时
$tableid = $comment['tableid'];
}
if (empty($tableid)) {
$this->msg_code = 1;
return false;
}
//为数据存储数据模型设置 数据表名。
$this->comment_data_db->table_name($tableid);
//检查数据存储表。
if (!$this->comment_data_db->table_exists('comment_data_' . $tableid)) {
//当存储数据表不存时,尝试创建数据表。
if (!($tableid = $this->comment_table_db->creat_table($tableid))) {
$this->msg_code = 2;
return false;
}
}
//向数据存储表中写入数据。
$data['commentid'] = $commentid;
$data['siteid'] = $siteid;
$data['ip'] = ip();
$data['status'] = 1;
$data['creat_at'] = SYS_TIME;
//对评论的内容进行关键词过滤。
$data['content'] = strip_tags($data['content']);
$badword = pc_base::load_model('badword_model');
$data['content'] = $badword->replace_badword($data['content']);
if ($id) {
$r = $this->comment_data_db->get_one(array('id' => $id));
if ($r) {
pc_base::load_sys_class('format', '', 0);
if ($r['reply']) {
$data['content'] = '<div class="content">' . str_replace('<span></span>', '<span class="blue f12">' . $r['username'] . ' ' . L('chez') . ' ' . format::date($r['creat_at'], 1) . L('release') . '</span>', $r['content']) . '</div><span></span>' . $data['content'];
} else {
$data['content'] = '<div class="content"><span class="blue f12">' . $r['username'] . ' ' . L('chez') . ' ' . format::date($r['creat_at'], 1) . L('release') . '</span><pre>' . $r['content'] . '</pre></div><span></span>' . $data['content'];
}
$data['reply'] = 1;
}
}
//判断当前站点是否需要审核
$site = $this->comment_setting_db->site($siteid);
if ($site['check']) {
$data['status'] = 0;
}
if ($comment_data_id = $this->comment_data_db->insert($data, true)) {
//需要审核,插入到审核表
if ($data['status'] == 0) {
$this->comment_check_db->insert(array('comment_data_id' => $comment_data_id, 'siteid' => $siteid, 'tableid' => $tableid));
} elseif (!empty($data['userid']) && !empty($site['add_point']) && module_exists('pay')) {
//不需要审核直接给用户添加积分
pc_base::load_app_class('receipts', 'pay', 0);
receipts::point($site['add_point'], $data['userid'], $data['username'], '', 'selfincome', 'Comment');
}
//开始更新数据存储表数据总条数
$this->comment_table_db->edit_total($tableid, '+=1');
//开始更新评论总表数据总数
$sql['lastupdate'] = SYS_TIME;
//只有在评论通过的时候才更新评论主表的评论数
if ($data['status'] == 1) {
$sql['total'] = '+=1';
switch ($data['direction']) {
case 1:
//正方
$sql['square'] = '+=1';
break;
case 2:
//反方
$sql['anti'] = '+=1';
break;
case 3:
//中立方
$sql['neutral'] = '+=1';
break;
}
}
$this->comment_db->update($sql, array('commentid' => $commentid));
if ($site['check']) {
$this->msg_code = 7;
} else {
$this->msg_code = 0;
}
return true;
} else {
$this->msg_code = 3;
return false;
}
}
function new_addslashes($data)
{
if (!is_array($data)) {
return addslashes($data);
}
foreach ($data as $key => $val) {
$data[$key] = new_addslashes($val);
}
return $data;
}
if ($info['roleid'] > 1) {
?>
<a href="javascript:setting_role(<?php
echo $info['roleid'];
?>
, '<?php
echo new_addslashes($info['rolename']);
?>
')"><?php
echo L('role_setting');
?>
</a> | <a href="javascript:void(0)" onclick="setting_cat_priv(<?php
echo $info['roleid'];
?>
, '<?php
echo new_addslashes($info['rolename']);
?>
')"><?php
echo L('usersandmenus');
?>
</a> |
<?php
} else {
?>
<font color="#cccccc"><?php
echo L('role_setting');
?>
</font> | <font color="#cccccc"><?php
echo L('usersandmenus');
?>
</font> |
<div id="help" class="fav-help"></div>
</div>
</div>
</div>
</div>
</div>
<div class="tab-web-panel hidden" style="position:absolute; z-index:999; background:#fff">
<ul>
<?php
foreach ($sitelist as $key => $v) {
?>
<li style="margin:0"><a href="javascript:site_select(<?php
echo $v['siteid'];
?>
, '<?php
echo new_addslashes($v['name']);
?>
', '<?php
echo $v['domain'];
?>
', '<?php
echo $v['siteid'];
?>
')"><?php
echo $v['name'];
?>
</a></li>
<?php
}
?>
</ul>
<td width="20%" align="center">
<a href="?m=admin&c=position&a=public_item&posid=<?php
echo $info['posid'];
?>
&menuid=<?php
echo $_GET['menuid'];
?>
"><?php
echo L('posid_item_manage');
?>
</a> |
<a href="javascript:edit(<?php
echo $info['posid'];
?>
, '<?php
echo new_addslashes($info['name']);
?>
')"><?php
echo L('edit');
?>
</a> |
<?php
if ($info['siteid'] == '0' && $_SESSION['roleid'] != 1) {
?>
<font color="#ccc"><?php
echo L('delete');
?>
</font>
<?php
} else {
?>
echo new_addslashes($info['name']);
?>
')"
title="<?php
echo L('edit');
?>
"><?php
echo L('edit');
?>
</a> | <a
href='?m=link&c=link&a=delete_type&typeid=<?php
echo $info['typeid'];
?>
'
onClick="return confirm('<?php
echo L('confirm', array('message' => new_addslashes($info['name'])));
?>
')"><?php
echo L('delete');
?>
</a>
</td>
</tr>
<?php
}
}
?>
</tbody>
</table>
<div class="btn"><a href="#"
onClick="javascript:$('input[type=checkbox]').attr('checked', true)"><?php
/**
* 导入模型
*/
function import()
{
if (isset($_POST['dosubmit'])) {
$info = array();
$info['name'] = $_POST['info']['modelname'];
//主表表名
$basic_table = $info['tablename'] = $_POST['info']['tablename'];
//从表表名
$table_data = $basic_table . '_data';
$info['description'] = $_POST['info']['description'];
$info['type'] = 0;
$info['siteid'] = $this->siteid;
$info['default_style'] = $_POST['default_style'];
$info['category_template'] = $_POST['setting']['category_template'];
$info['list_template'] = $_POST['setting']['list_template'];
$info['show_template'] = $_POST['setting']['show_template'];
if (!empty($_FILES['model_import']['tmp_name'])) {
$model_import = @file_get_contents($_FILES['model_import']['tmp_name']);
if (!empty($model_import)) {
$model_import_data = string2array($model_import);
}
}
$is_exists = $this->db->table_exists($basic_table);
if ($is_exists) {
showmessage(L('operation_failure'), '?m=content&c=sitemodel&a=init');
}
$modelid = $this->db->insert($info, 1);
if ($modelid) {
$tablepre = $this->db->db_tablepre;
//建立数据表
$model_sql = file_get_contents(MODEL_PATH . 'model.sql');
$model_sql = str_replace('$basic_table', $tablepre . $basic_table, $model_sql);
$model_sql = str_replace('$table_data', $tablepre . $table_data, $model_sql);
$model_sql = str_replace('$table_model_field', $tablepre . 'model_field', $model_sql);
$model_sql = str_replace('$modelid', $modelid, $model_sql);
$model_sql = str_replace('$siteid', $this->siteid, $model_sql);
$this->db->sql_execute($model_sql);
if (!empty($model_import_data)) {
$this->sitemodel_field_db = pc_base::load_model('sitemodel_field_model');
$system_field = array('title', 'style', 'catid', 'url', 'listorder', 'status', 'userid', 'username', 'inputtime', 'updatetime', 'pages', 'readpoint', 'template', 'groupids_view', 'posids', 'content', 'keywords', 'description', 'thumb', 'typeid', 'relation', 'islink', 'allow_comment');
foreach ($model_import_data as $v) {
$field = $v['field'];
if (in_array($field, $system_field)) {
$v['siteid'] = $this->siteid;
unset($v['fieldid'], $v['modelid'], $v['field']);
$v = new_addslashes($v);
$v['setting'] = array2string($v['setting']);
$this->sitemodel_field_db->update($v, array('modelid' => $modelid, 'field' => $field));
} else {
$tablename = $v['issystem'] ? $tablepre . $basic_table : $tablepre . $table_data;
//重组模型表字段属性
$minlength = $v['minlength'] ? $v['minlength'] : 0;
$maxlength = $v['maxlength'] ? $v['maxlength'] : 0;
$field_type = $v['formtype'];
require MODEL_PATH . $field_type . DIRECTORY_SEPARATOR . 'config.inc.php';
if (isset($v['setting']['fieldtype'])) {
$field_type = $v['setting']['fieldtype'];
}
require MODEL_PATH . 'add.sql.php';
$v['tips'] = addslashes($v['tips']);
$v['setting'] = array2string($v['setting']);
$v['modelid'] = $modelid;
$v['siteid'] = $this->siteid;
unset($v['fieldid']);
$this->sitemodel_field_db->insert($v);
}
}
}
$this->public_cache();
showmessage(L('operation_success'), '?m=content&c=sitemodel&a=init');
}
} else {
pc_base::load_sys_class('form', '', 0);
$show_validator = '';
$style_list = template_list($this->siteid, 0);
foreach ($style_list as $k => $v) {
$style_list[$v['dirname']] = $v['name'] ? $v['name'] : $v['dirname'];
unset($style_list[$k]);
}
$big_menu = array('javascript:window.top.art.dialog({id:\'add\',iframe:\'?m=content&c=sitemodel&a=add\', title:\'' . L('add_model') . '\', width:\'580\', height:\'400\', lock:true}, function(){var d = window.top.art.dialog({id:\'add\'}).data.iframe;var form = d.document.getElementById(\'dosubmit\');form.click();return false;}, function(){window.top.art.dialog({id:\'add\'}).close()});void(0);', L('add_model'));
include $this->admin_tpl('sitemodel_import');
}
}