public function insertXueshu($arr)
{
$user = new User($this->arr);
if ($user->islogin()) {
$user_id = $user->getUserId();
$huida_id = isset($arr['huida_id']) ? (int) $arr['huida_id'] : 0;
$kinds = C::safe($arr['kinds'], $this->dbc);
$title = C::safe($arr['title'], $this->dbc);
$content = Safe::removeXSS($arr['content']);
$filename = sha1(uniqid() . $user_id) . '.txt';
// $table = $this->arr['xml']->xueshu['table'];
$table = $this->table;
$file_dir = $this->arr['xml']->xueshu['dir'];
$root_dir = $this->arr['root_dir'];
if (file_put_contents(dirname(dirname(__FILE__)) . '/' . $file_dir . $filename, $content)) {
$query = sprintf("INSERT INTO %s (user_id,kinds,title,filename,huida_id)\n\t\t\t\t\t\tVALUES(%d,'%s','%s','%s', %d)", $table, $user_id, $kinds, $title, $filename, $huida_id);
$result = C::query($query, $this->dbc);
if ($result) {
$arr = array('isok' => '1', 'info' => 'Ok', 'content' => $content);
} else {
$arr = array('isok' => '0', 'code' => 3, 'info' => mysql_error($this->dbc));
}
if ($huida_id !== 0) {
$query = sprintf("UPDATE %s SET huida = huida + 1 WHERE xueshu_id = %d", $table, $huida_id);
C::query($query, $this->dbc);
}
} else {
$arr = array('isok' => '0', 'code' => 2, 'info' => 'can not write into file!');
}
} else {
$arr = array('isok' => '0', 'code' => 1, 'info' => 'have not login!');
}
return $arr;
}
$rows['blog_desc'] = '';
$rows['types'] = '';
$rows['blog_stamp'] = '';
$rows['file_content'] = '';
if (isset($_GET['blog_id']) and !isset($_POST['title'])) {
$id = (int) $_GET['blog_id'];
$query = "SELECT blog_title, blog_desc, blog_file, types, blog_stamp FROM blog WHERE blog_id = " . $id;
$result = C::query($query, $dbc);
$rows = mysql_fetch_array($result);
$rows['file_content'] = file_get_contents('../' . $config['blog']['filename'][$side] . $rows['blog_file'] . '.txt');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' and isset($_POST['title'])) {
$title = C::safe($_POST['title'], $dbc);
$desc = mysql_real_escape_string($_POST['desc']);
$stamp = C::safe($_POST['stamp'], $dbc);
$kinds = C::safe($_POST['kinds'], $dbc);
$content = $_POST['content'];
if (isset($_GET['blog_id'])) {
$blog_id = (int) $_GET['blog_id'];
$query = sprintf("UPDATE blog SET blog_title = '%s', blog_desc = '%s',types='%s', blog_stamp='%s' \n\t\t\t\t\t\t\tWHERE blog_id = %d ", $title, $desc, $kinds, $stamp, $blog_id);
if (C::query($query, $dbc)) {
$query = "SELECT blog_file FROM blog WHERE blog_id = " . $blog_id;
$result = C::query($query, $dbc);
$rows = mysql_fetch_array($result);
if (file_put_contents('../' . $config['blog']['filename'][$side] . $rows['blog_file'] . '.txt', $content)) {
echo json_encode(array('isok' => '1', 'info' => ''));
}
}
} else {
$file = sha1(uniqid());
file_put_contents('../' . $config['blog']['filename'][$side] . $file . '.txt', $content);