Ejemplo n.º 1
0
 public function insertXueshu($arr)
 {
     $user = new User($this->arr);
     if ($user->islogin()) {
         $user_id = $user->getUserId();
         $huida_id = isset($arr['huida_id']) ? (int) $arr['huida_id'] : 0;
         $kinds = C::safe($arr['kinds'], $this->dbc);
         $title = C::safe($arr['title'], $this->dbc);
         $content = Safe::removeXSS($arr['content']);
         $filename = sha1(uniqid() . $user_id) . '.txt';
         //			$table = $this->arr['xml']->xueshu['table'];
         $table = $this->table;
         $file_dir = $this->arr['xml']->xueshu['dir'];
         $root_dir = $this->arr['root_dir'];
         if (file_put_contents(dirname(dirname(__FILE__)) . '/' . $file_dir . $filename, $content)) {
             $query = sprintf("INSERT INTO %s (user_id,kinds,title,filename,huida_id)\n\t\t\t\t\t\tVALUES(%d,'%s','%s','%s', %d)", $table, $user_id, $kinds, $title, $filename, $huida_id);
             $result = C::query($query, $this->dbc);
             if ($result) {
                 $arr = array('isok' => '1', 'info' => 'Ok', 'content' => $content);
             } else {
                 $arr = array('isok' => '0', 'code' => 3, 'info' => mysql_error($this->dbc));
             }
             if ($huida_id !== 0) {
                 $query = sprintf("UPDATE %s SET huida = huida + 1 WHERE xueshu_id = %d", $table, $huida_id);
                 C::query($query, $this->dbc);
             }
         } else {
             $arr = array('isok' => '0', 'code' => 2, 'info' => 'can not write into file!');
         }
     } else {
         $arr = array('isok' => '0', 'code' => 1, 'info' => 'have not login!');
     }
     return $arr;
 }
Ejemplo n.º 2
0
$rows['blog_desc'] = '';
$rows['types'] = '';
$rows['blog_stamp'] = '';
$rows['file_content'] = '';
if (isset($_GET['blog_id']) and !isset($_POST['title'])) {
    $id = (int) $_GET['blog_id'];
    $query = "SELECT blog_title, blog_desc, blog_file, types, blog_stamp FROM blog WHERE blog_id = " . $id;
    $result = C::query($query, $dbc);
    $rows = mysql_fetch_array($result);
    $rows['file_content'] = file_get_contents('../' . $config['blog']['filename'][$side] . $rows['blog_file'] . '.txt');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' and isset($_POST['title'])) {
    $title = C::safe($_POST['title'], $dbc);
    $desc = mysql_real_escape_string($_POST['desc']);
    $stamp = C::safe($_POST['stamp'], $dbc);
    $kinds = C::safe($_POST['kinds'], $dbc);
    $content = $_POST['content'];
    if (isset($_GET['blog_id'])) {
        $blog_id = (int) $_GET['blog_id'];
        $query = sprintf("UPDATE blog SET blog_title = '%s', blog_desc = '%s',types='%s', blog_stamp='%s' \n\t\t\t\t\t\t\tWHERE blog_id = %d ", $title, $desc, $kinds, $stamp, $blog_id);
        if (C::query($query, $dbc)) {
            $query = "SELECT blog_file FROM blog WHERE blog_id = " . $blog_id;
            $result = C::query($query, $dbc);
            $rows = mysql_fetch_array($result);
            if (file_put_contents('../' . $config['blog']['filename'][$side] . $rows['blog_file'] . '.txt', $content)) {
                echo json_encode(array('isok' => '1', 'info' => ''));
            }
        }
    } else {
        $file = sha1(uniqid());
        file_put_contents('../' . $config['blog']['filename'][$side] . $file . '.txt', $content);