<?php
define('ROOT_PATH', str_replace("\\", "/", realpath(dirname(__FILE__) . "/../")));
require ROOT_PATH . "/include/config.php";
require ROOT_PATH . "/include/parameter.php";
require ROOT_PATH . "/source/function/global.php";
require ROOT_PATH . "/source/function/web.php";
require ROOT_PATH . "/source/function/admin.php";
require ROOT_PATH . "/source/class/abstract.class.php";
require ROOT_PATH . "/source/class/mystep.class.php";
header("Expires: -1");
header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0", false);
header("Pragma: no-cache");
$mystep = new MyStep();
$mystep->getLanguage(dirname(__FILE__) . "/language/");
$mystep->pageStart();
$db->Reconnect(true, $setting['db']['name']);
$setting['gen']['minify'] = false;
$usergroup = $req->getSession("usergroup");
if ($usergroup === 0) {
$goto_url = "../";
$mystep->pageEnd(false);
}
$group = getParaInfo("user_group", "group_id", $usergroup);
if ($setting['info']['self'] == "login.php") {
$method = $req->getServer("QUERY_STRING");
if (!empty($group['power_func']) && $method != "logout") {
$goto_url = "./index.php";
$mystep->pageEnd(false);
}
} else {
<?php
define('ROOT_PATH', str_replace("\\", "/", realpath(dirname(__FILE__) . "/../../")));
require ROOT_PATH . "/include/config.php";
require ROOT_PATH . "/include/parameter.php";
include ROOT_PATH . "/source/function/etag.php";
require ROOT_PATH . "/source/function/global.php";
require ROOT_PATH . "/source/function/web.php";
require ROOT_PATH . "/source/function/admin.php";
require ROOT_PATH . "/source/class/abstract.class.php";
require ROOT_PATH . "/source/class/mystep.class.php";
$mystep = new MyStep();
$mystep->getLanguage(dirname(ROOT_PATH . $_SERVER['PHP_SELF']) . "/language/");
$mystep->pageStart(true);
$db->Reconnect(true, $setting['db']['name']);
$method = $req->getGet("method");
if (empty($method)) {
$method = "list";
}
$mid = $req->getReq("mid");
$id = $req->getReq("id");
$field = $req->getReq("f");
if (empty($field) || empty($id)) {
header("HTTP/1.0 404 Not Found");
$db->close();
unset($db, $req);
exit;
}
if ($data = $db->result($setting['db']['pre'] . "custom_form_" . $mid, $field, array("id", "n=", $id))) {
$data = explode("::", $data);
$the_file = dirname(__FILE__) . "/setting/" . $mid . "/" . $data[2];
exit;
}
$id = intval($id);
define('ROOT_PATH', str_replace("\\", "/", realpath(dirname(__FILE__) . "/../")));
include ROOT_PATH . "/include/config.php";
if ($setting['web']['close'] && !isset($_COOKIE['force'])) {
header("HTTP/1.0 404 Not Found");
exit;
}
include ROOT_PATH . "/include/parameter.php";
include ROOT_PATH . "/source/function/global.php";
include ROOT_PATH . "/source/function/web.php";
include ROOT_PATH . "/source/class/abstract.class.php";
include ROOT_PATH . "/source/class/mystep.class.php";
$mystep = new MyStep();
$mystep->pageStart(false);
ob_end_clean();
set_time_limit(1200);
$sql = $db->buildSel(array(array("name" => $setting['db']['pre'] . "attachment", "idx" => "a", "col" => "*", "condition" => array("id", "n=", $id)), array("name" => $setting['db']['pre'] . "news_show", "idx" => "b", "col" => "view_lvl", "join" => "web_id,news_id")));
if ($record = getData($sql, "record", 1800)) {
if ($record['view_lvl'] > $setting['info']['user']['type']['view_lvl']) {
$db->close();
header("location: " . getUrl("read", $record['news_id'], 1, $record['web_id']));
exit;
}
if (strpos($record['file_type'], "image") === 0) {
include ROOT_PATH . "/source/function/etag.php";
}
$the_ext = "." . GetFileExt($record['file_name']);
$the_path = ROOT_PATH . "/" . $setting['path']['upload'] . date("/Y/m/d", substr($record['file_time'], 0, 10));
$the_file = $record['file_time'] . substr(md5($record['file_size']), 0, 5);
