* $Date: 2011-02-01
* www.simple-log.com
*/
if ($action == 'setting') {
include_once PBBLOG_ROOT . 'home/data/config.php';
foreach ($config as $key => $val) {
$smarty->assign($key, $val);
}
if (empty($config['domain'])) {
$domain = str_replace(PBBLOG_WS_ADMIN, '', dirname($url));
$smarty->assign('domain', $domain);
}
$smarty->assign('type', 'act_setting');
$smarty->display('setting.html');
} elseif ($action == 'act_setting') {
if (empty($_POST)) {
sys_message('请填写数据', $referer_url);
} else {
//循环得到传递过来的数据并为写入配置做准备
foreach ($_POST as $key => $val) {
$update_arr .= ' `' . $key . "`\t= '" . $val . "' ,";
$sql = 'UPDATE ' . table('config') . " SET `key`='" . $key . "' , `value`='" . $val . "' WHERE `key`='" . $key . "'";
$db->query($sql);
}
$smarty->cache_dir = PBBLOG_ROOT . 'home/cache';
$smarty->compile_dir = PBBLOG_ROOT . '/home/compiled';
$smarty->clear_all_cache();
$smarty->clear_compiled_tpl();
sys_message('博客设置成功', 'admin.php?act=setting');
}
}
$tags_list = $db->getall($sql);
$tags_list_new = array();
foreach ($tags_list as $val) {
$tags_list_new[] = $val['tag_name'];
}
unset($tags_list);
$tags = explode(' ', $_POST['tags']);
$insert_tags = array_diff($tags, $tags_list_new);
foreach ($insert_tags as $val) {
if (!empty($val)) {
$sql = "INSERT INTO " . table('tags') . " (`tag_id` ,`tag_name` ,`blog_id`)VALUES (NULL , '{$val}', '" . $blog_id . "')";
$db->query($sql);
}
}
$del_tags = array_diff($tags_list_new, $tags);
foreach ($del_tags as $val) {
$sql = 'DELETE FROM ' . table('tags') . " WHERE blog_id='" . $blog_id . "' AND tag_name='{$val}'";
$db->query($sql);
}
} else {
$sql = 'DELETE FROM ' . table('tags') . " WHERE blog_id='" . $blog_id . "'";
$db->query($sql);
}
$sql = 'UPDATE ' . table('blog') . " SET `title` = '" . $blog_title . "',`description` = '" . $desc . "',`content` = '" . $content . "' , `edit_time`='" . $time . "', `cat_id`='" . $cat_id . "' , `password`='" . $password . "' , `open_type`='" . $open_type . "' , `view_group`='" . $group . "' , `url_type`='" . $url_type . "' WHERE blog_id='" . $blog_id . "'";
if ($db->query($sql)) {
$db->query('DELETE FROM ' . table('page') . " WHERE relate_id='" . $blog_id . "'" . " AND user_id='" . $user_id . "' AND type='-1'");
sys_message('修改日志成功', 'admin.php?act=edit_blog&id=' . $blog_id);
} else {
sys_message('修改日志失败,请重新返回添加', 'admin.php?act=edit_blog&id=' . $blog_id);
}
}
if (empty($comment_id)) {
sys_message('日志评论id不能为空', $referer_url);
}
$sql = 'SELECT o.* , u.title FROM ' . table('comment') . ' o LEFT JOIN ' . table('blog') . ' u on o.blog_id=u.blog_id' . " WHERE comment_id='" . $comment_id . "'";
if ($row = $db->getrow($sql)) {
$row['content'] = unprocess_text($row['content']);
$smarty->assign('comment', $row);
} else {
sys_message('读取日志评论数据失败,请返回重新修改', $referer_url);
}
$smarty->assign('type', 'act_edit_comment&id=' . $comment_id);
$smarty->assign('admin_title', '编辑评论');
$smarty->display('edit_comment.html');
} elseif ($action == 'act_edit_comment') {
$comment_id = intval($_GET['id']);
if (empty($comment_id)) {
sys_message('日志评论ID不能为空', $referer_url);
}
$status = !empty($_POST['status']) ? $_POST['status'] : 0;
$content = $_POST['content'];
if (empty($content)) {
sys_message('评论内容不能为空', $referer_url);
}
$content = process_text($content);
$sql = 'UPDATE ' . table('comment') . " SET `status` = '" . $status . "',`content` = '" . $content . "' WHERE comment_id='" . $comment_id . "'";
if ($db->query($sql)) {
sys_message('修改评论成功', 'admin.php?act=edit_comment&id=' . $comment_id);
} else {
sys_message('修改评论失败,请重新返回修改', 'admin.php?act=edit_comment&id=' . $comment_id);
}
}
}
unset($answer_arr);
// Get Template
$template = new \template();
$template->setFile('0_polls.tpl');
$template->load('BODY');
$template->tag('question', $poll_arr['poll_quest']);
$template->tag('answers', $antworten);
$template->tag('all_votes', $poll_arr['all_votes']);
$template->tag('participants', $poll_arr['poll_participants']);
$template->tag('type', $poll_arr['poll_type']);
$template->tag('start_date', $poll_arr['poll_start']);
$template->tag('end_date', $poll_arr['poll_end']);
$template = $template->display();
} else {
$template = sys_message($FD->text('frontend', 'error'), $FD->text('frontend', 'poll_not_found'));
}
} else {
$_GET['order'] = in_array(isset($_GET['order']) ? $_GET['order'] : '', array('1', 'asc', 'ASC', 'up', 'UP')) ? 'ASC' : 'DESC';
$_GET['sort'] = in_array(isset($_GET['sort']) ? $_GET['sort'] : '', array('question', 'all_votes', 'participants', 'type', 'start_date', 'end_date')) ? $_GET['sort'] : 'end_date';
switch ($_GET['sort']) {
case 'question':
$index = $FD->db()->conn()->query('SELECT * FROM `' . $FD->db()->getPrefix() . 'poll` ORDER BY `poll_quest` ' . $_GET['order']);
break;
case 'all_votes':
$index = $FD->db()->conn()->query("\n SELECT *, SUM(`A.answer_count`) AS 'all_votes'\n FROM `" . $FD->db()->getPrefix() . 'poll` P, `' . $FD->db()->getPrefix() . 'poll_answers` A
WHERE P.`poll_id` = A.`poll_id`
ORDER BY `all_votes` ' . $_GET['order'] . ', P.`poll_quest` ASC');
break;
case 'participants':
$index = $FD->db()->conn()->query('SELECT * FROM `' . $FD->db()->getPrefix() . 'poll` ORDER BY `poll_participants` ' . $_GET['order'] . ', `poll_quest` ASC');
while ($file = readdir($template_dir)) {
if ($file != '.' && $file != '..' && is_dir(PBBLOG_ROOT . 'themes/' . $file)) {
$available_templates[] = get_template_info($file);
}
}
@closedir($template_dir);
$smarty->assign('curr_template', $current_template_info);
$smarty->assign('available_templates', $available_templates);
$smarty->assign('admin_title', '模板列表');
$smarty->display('template_list.html');
} elseif ($action == 'select_template') {
//如果传递的为空,设置为默认模板
$template_name = !empty($_GET['template_name']) ? trim($_GET['template_name']) : 'default';
$sql = 'UPDATE ' . table('config') . " SET `value`='" . $template_name . "' WHERE `key`='template_name'";
$db->query($sql);
sys_message('模板设置成功', 'admin.php?act=templates_list');
}
//获取模板信息
function get_template_info($template_name)
{
$info = array();
$info['code'] = $template_name;
$info['screenshot'] = '';
$info['screenshot'] = '../themes/' . $template_name . "/theme.png";
if (file_exists('../themes/' . $template_name . '/info.txt') && !empty($template_name)) {
$arr = file('../themes/' . $template_name . '/info.txt');
$template_name = explode(': ', $arr[0]);
$template_desc = explode(': ', $arr[1]);
$template_uri = explode(': ', $arr[2]);
$template_version = explode(': ', $arr[3]);
$template_author = explode(': ', $arr[4]);
$smarty->display('add_member.html');
} elseif ($action == 'act_edit_member') {
require_once PBBLOG_ROOT . '/includes/base.function.php';
$member_id = intval($_GET['id']);
$user_name = $_POST['user_name'];
if (empty($user_name)) {
sys_message('会员名字不能为空', $referer_url);
} else {
if (isset_member($username)) {
$u_name = $db->getone('SELECT user_name FROM ' . table('user') . " WHERE user_id='" . $user_id . "'");
if ($u_name != $user_name) {
sys_message('会员名字已经存在', $referer_url);
}
}
}
$email = $_POST['email'];
if (empty($email)) {
sys_message('email不能为空', $referer_url);
}
$password = $_POST['password'];
if (!empty($password)) {
$password = "******" . md5($password);
}
$group_id = $_POST['group'];
$sql = 'UPDATE ' . table('user') . " SET `user_name` = '" . $user_name . "',`email` = '" . $email . "',`group_id` = '" . $group_id . $password . "' WHERE user_id='" . $member_id . "'";
if ($db->query($sql)) {
sys_message('修改会员成功', 'admin.php?act=edit_member&id=' . $member_id);
} else {
sys_message('修改会员失败,请重新返回添加', 'admin.php?act=edit_member&id=' . $member_id);
}
}
}
$smarty->assign('attachments_list', $attachments_list);
$smarty->assign('page_arr', $page_arr);
$smarty->assign('page_count', $page_count);
$smarty->assign('pg', $pg);
$smarty->assign('url', 'admin.php?act=attachments_list&pg=');
$smarty->display('attachments_list.html');
} elseif ($action == 'del_attachment') {
$attachment_id = intval($_GET['id']);
$sql = 'DELETE FROM ' . table('attachments') . " WHERE attachment_id='" . $attachment_id . "'";
if ($db->query($sql)) {
$db->query($sql);
unlink(PBBLOG_ROOT . '/' . $db->getone('SELECT file_name FROM ' . table('attachments') . " WHERE attachment_id='" . $attachment_id . "'"));
sys_message('删除附件成功', $referer_url);
} else {
sys_message('删除附件失败,请重新删除', $referer_url);
}
} elseif ($action == 'auto_save') {
require PBBLOG_ROOT . '/includes/json.class.php';
$json = new JSON();
$res = array('content' => '', 'error' => 'no');
$user_id = intval($_SESSION['user_id']);
$id = intval($_POST['id']);
$title = htmlspecialchars($_POST['title']);
$desc = htmlspecialchars($_POST['desc']);
$content = htmlspecialchars($_POST['content']);
$content = $_POST['content'];
if (empty($content) && empty($title)) {
$res['content'] = '于' . $date . '自动保存到草稿箱';
die($json->encode($res));
}
sys_message('页面id不能为空', $referer_url);
}
$sql = 'SELECT * FROM ' . table('page') . " WHERE page_id='" . $page_id . "'";
if ($row = $db->getrow($sql)) {
//$row['description']=unprocess_text($row['description']);
$smarty->assign('page', $row);
} else {
sys_message('读取页面数据失败,请返回重新修改', $referer_url);
}
$smarty->assign('type', 'act_edit_page&id=' . $page_id);
$smarty->assign('id', $page_id);
$smarty->display('add_page.html');
} elseif ($action == 'act_edit_page') {
require_once PBBLOG_ROOT . '/includes/base.function.php';
$page_id = intval($_GET['id']);
if (empty($page_id)) {
sys_message('页面id不能为空', $referer_url);
}
$page_title = $_POST['title'];
if (empty($page_title)) {
sys_message('页面标题不能为空', $referer_url);
}
$desc = htmlspecialchars($_POST['description']);
$content = htmlspecialchars($_POST['editor']);
$sql = 'UPDATE ' . table('page') . " SET `title` = '" . $page_title . "',`desc` = '" . $desc . "',`content` = '" . $content . "' , `add_time`='" . $time . "' WHERE page_id='" . $page_id . "'";
if ($db->query($sql)) {
sys_message('修改页面成功', 'admin.php?act=edit_page&id=' . $page_id);
} else {
sys_message('修改页面失败,请重新返回添加', 'admin.php?act=edit_page&id=' . $page_id);
}
}
$smarty->assign('post_type', 1);
$smarty->assign('t_list', $templates);
$smarty->display('set_page.html');
} elseif ($action == 'get_page_data') {
require PBBLOG_ROOT . '/includes/json.class.php';
$json = new JSON();
$file = $_POST['template_file'];
$res = array('type' => 'get_page_data', 'content' => '', 'error' => 'no');
$data = file_get_contents(PBBLOG_ROOT . '/themes/' . $config['template_name'] . '/' . $file);
$res['content'] = $data;
die($json->encode($res));
} elseif ($action == 'ajax_post_page_data') {
require PBBLOG_ROOT . '/includes/json.class.php';
$json = new JSON();
$file = $_POST['template_file'];
$res = array('type' => 'get_page_data', 'content' => '', 'error' => 'no');
$data = stripslashes($_POST['content']);
$fp = @fopen(PBBLOG_ROOT . '/themes/' . $config['template_name'] . '/' . $file, "w") or $res['error'] = '无法写入文件,请检查文件是否有权限';
flock($fp, LOCK_EX);
fwrite($fp, $data);
fclose($fp);
die($json->encode($res));
} elseif ($action == 'act_set_page') {
$data = htmlspecialchars_decode(stripslashes($_POST['data']));
$file = $_POST['template_file'];
$fp = @fopen(PBBLOG_ROOT . '/themes/' . $config['template_name'] . '/' . $file, "w") or die('can not open file');
flock($fp, LOCK_EX);
fwrite($fp, $data);
fclose($fp);
sys_message('页面修改成功', 'admin.php?act=set_footer&file=' . $file);
}
require_once PBBLOG_ROOT . '/includes/base.function.php';
$group_id = intval($_GET['id']);
if (empty($group_id)) {
sys_message('分组id不能为空', $referer_url);
}
$group_name = trim($_POST['group_name']);
if (empty($group_name)) {
sys_message('会员分组名字不能为空', $referer_url);
} else {
if (isset_group($group_name)) {
if ($db->getone('SELECT group_name FROM ' . table('user_group') . " WHERE group_id='" . $group_id . "'") != $group_name) {
sys_message('会员分组名字已经存在', $referer_url);
}
}
}
//如果传递过来的表单为空,那么将权限设置为全部,也就是为all,否则按照传递过来的权限用逗号隔开
if (empty($_POST['action_pri']) || $_POST['checkall'] == 'checkbox') {
$act_pri = 'all';
} else {
$act_pri = 'pbblog';
foreach ($_POST['action_pri'] as $val) {
$act_pri .= ',' . $val;
}
}
$sql = 'UPDATE ' . table('user_group') . " SET `group_name` = '" . $group_name . "',`admin_privilege` = '" . $act_pri . "' WHERE group_id='" . $group_id . "'";
if ($db->query($sql)) {
sys_message('修改会员分组成功', 'admin.php?act=edit_group&id=' . $group_id);
} else {
sys_message('修改会员分组失败,请重新返回添加', 'admin.php?act=edit_group&id=' . $group_id);
}
}
$plugin_uninstall = $plugin_id . '_uninstall';
$modules = $plugin_uninstall();
if ($modules['type'] == 1) {
$sql = 'DELETE FROM ' . table('modules') . " WHERE module_id='" . $plugin_id . "'";
if ($db->query($sql)) {
make_sidebar();
} else {
sys_message('删除插件边栏部分失败,请重新返回添加', $referer_url);
}
} elseif ($modules['type'] == 2) {
$db->query($modules['sql']);
}
}
}
}
sys_message('删除插件成功', $referer_url);
} elseif ($action == 'plugin_cp') {
$plugin_id = $_GET['id'];
include_once PBBLOG_ROOT . '/home/plugins/' . $plugin_id . '/admin_cp.php';
$smarty->assign('plugin_cp', $plugin_cp);
$smarty->assign('plugin_id', $plugin_id);
$smarty->display('plugin_cp.html');
}
//检查插件是否已经安装
function is_plugin($id)
{
$sql = 'SELECT * FROM ' . table('plugins') . " WHERE plugin_id='" . $id . "'";
if ($GLOBALS['db']->getOne($sql)) {
return true;
} else {
return false;
} elseif ($action == 'databak' || $action == 'act_backup' || $action == 're_data' || $action == 'act_re_data' || $action == 'del_sql_file') {
require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/database.php';
} elseif ($action == 'friend_link_list' || $action == 'act_edit_friend_link_sort' || $action == 'edit_friend_link' || $action == 'act_edit_friend_link' || $action == 'add_friend_link' || $action == 'act_add_friend_link' || $action == 'del_friend_link') {
require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/friendlink.php';
} elseif ($action == 'plugins_list' || $action == 'plugins_setup_list' || $action == 'setup_plugin' || $action == 'del_plugin' || $action == 'plugin_cp') {
require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/plugins.php';
} elseif ($action == 'attachments_list' || $action == 'tags_list' || $action == 'del_tag' || $action == 'del_attachment' || $action == 'auto_save' || $action == 'get_auto_save' || $action == 'check_auto_date') {
require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/other.php';
} elseif ($action == 'clear_cache') {
$smarty->cache_dir = PBBLOG_ROOT . 'home/cache';
$smarty->compile_dir = PBBLOG_ROOT . '/home/compiled';
$smarty->clear_all_cache();
$smarty->clear_compiled_tpl();
$smarty->compile_dir = PBBLOG_ROOT . '/home/admin_compiled';
$smarty->clear_compiled_tpl();
sys_message('清除缓存成功', 'admin.php?act=default');
} elseif ($action == 'upload') {
require ROOT . '/includes/upload.html5.class.php';
$file = new cls_upload();
$file_name = $file->upload($_FILES['filedata'], $_GET['type']);
$file_url = '';
if ($file->error() == '') {
$sql = "INSERT INTO " . table('attachments') . " (`attachment_id` ,`file_name` ,`type`,`add_time`)VALUES (NULL , '{$file_name}', '" . $_GET['type'] . "', '" . time() . "' )";
$db->query($sql);
$u = str_replace(PBBLOG_WS_ADMIN, '', dirname($url));
if ($_GET['type'] == 'img') {
$file_url = $u . $file_name;
} else {
$file_url = $u . 'attachment.php?fid=' . $db->insert_id();
}
}
sys_message('读取分类数据失败,请返回重新修改', $referer_url);
}
$smarty->assign('rewrite', $GLOBALS['config']['rewrite']);
$smarty->assign('url_type', $row['url_type']);
$smarty->assign('u', str_replace(PBBLOG_WS_ADMIN, '', dirname($url)));
$smarty->assign('type', 'act_edit_cat&id=' . $cat_id);
$smarty->display('add_cat.html');
} elseif ($action == 'act_edit_cat') {
$cat_id = intval($_GET['id']);
$parent_id = intval($_POST['parent_id']);
if (empty($cat_id)) {
sys_message('分类id不能为空', $referer_url);
}
$cat_name = $_POST['cat_name'];
if (empty($cat_name)) {
sys_message('分类名字不能为空', $referer_url);
}
$cat_desc = $_POST['cat_desc'];
$list_sort = $_POST['list_sort'];
//对自定义url处理
$url_type = intval($_POST['url_type']);
if ($url_type == 2) {
$url_type = $_POST['url'];
}
$sql = 'UPDATE ' . table('category') . " SET `cat_name` = '" . $cat_name . "',`cat_desc` = '" . $cat_desc . "',`parent_id` = '" . $parent_id . "',`listorder` = '" . $list_sort . "' , `url_type`='" . $url_type . "' WHERE cat_id='" . $cat_id . "'";
if ($db->query($sql)) {
sys_message('修改分类成功', 'admin.php?act=edit_cat&id=' . $cat_id);
} else {
sys_message('修改分类失败,请重新返回添加', 'admin.php?act=edit_cat&id=' . $cat_id);
}
}
/* $check_safe_url=substr(md5($referer_url.$_SESSION['admin_login_time'].$hash_secret),14,28);
if ($safe_url!=$check_safe_url) {
sys_message('来源错误,请在正确页面输入登录数据','admin.php?act=pre_login');
$_SESSION['admin_login_faild']++;
}*/
$sql = 'SELECT user_id,last_time,last_ip,group_id FROM ' . table('user') . " WHERE user_name='" . $user_name . "' AND password='******'";
if ($row = $db->getrow($sql)) {
//开始根据登陆ip进行检测
/* if ($check_ip)
{
require(PBBLOG_ROOT.'/includes/ip.function.php');
if(!check_ip($row['last_ip'],$ip))
{
sys_message('此次登陆ip不在上次登录ip的区域内','admin.php?act=pre_login');
}
}*/
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $user_name;
$_SESSION['last_time'] = $row['last_time'];
$_SESSION['last_ip'] = $row['last_ip'];
$_SESSION['group_id'] = $row['group_id'];
$db->query('UPDATE ' . table('user') . " SET last_time='" . time() . "', last_ip='" . $ip . "'" . ", visit_count=visit_count+1 " . " WHERE user_id='" . $row['user_id'] . "'");
sys_message('登录成功', 'admin.php?act=index');
} else {
sys_message('登录失败,请重新登录', 'admin.php?act=pre_login');
}
} elseif ($action == 'logout') {
$_SESSION = array();
session_destroy();
header('location: index.php');
}