// 赋值给模板
$smarty->assign('form_action', 'insert');
$smarty->assign('product_category', $dou->get_category_nolevel('product_category'));
$smarty->assign('product', $product);
$smarty->display('product.htm');
} elseif ($rec == 'insert') {
if (empty($_POST['product_name'])) {
$dou->dou_msg($_LANG['product_name'] . $_LANG['is_empty']);
}
if (!$check->is_price($_POST['price'] = trim($_POST['price']))) {
$dou->dou_msg($_LANG['price_wrong']);
}
$upfile = array();
// 判断是否有上传图片/上传图片生成
if ($_FILES['product_image']['name'] != '') {
$upfile[0] = $img->upload_image('product_image', $id);
// 上传的文件域
$file = $images_dir . $upfile[0];
$img->make_thumb($upfile[0], $_CFG['thumb_width'], $_CFG['thumb_height']);
}
for ($i = 1; $i <= 5; $i++) {
//添加附属图片input名为product_image_1样式的
if ($_FILES['product_image_' . $i]['name'] != '') {
$upfile[$i] = $img->upload_image('product_image_' . $i, $id);
$file = $file . "," . $images_dir . $upfile[$i];
$img->make_thumb($upfile[$i], $_CFG['thumb_width'], $_CFG['thumb_height']);
}
}
// CSRF防御令牌验证
$firewall->check_token($_POST['token'], 'product_add');
$add_time = time();
$smarty->assign('show_list', $dou->get_show_list('mobile'));
// 幻灯列表
if ($act == 'default') {
// CSRF防御令牌生成
$smarty->assign('token', $firewall->set_token('mobile_show_add'));
$smarty->display('mobile.htm');
} elseif ($act == 'insert') {
if (empty($_POST['show_name'])) {
$dou->dou_msg($_LANG['show_name'] . $_LANG['is_empty']);
}
// 上传图片生成
$name = date('Ymd');
for ($i = 0; $i < 6; $i++) {
$name .= chr(mt_rand(97, 122));
}
$upfile = $img->upload_image('show_img', $name);
// 上传的文件域
$file = $images_dir . $upfile;
$img->to_file = true;
$img->make_thumb($upfile, 100, 100);
// CSRF防御令牌验证
$firewall->check_token($_POST['token'], 'mobile_show_add');
$sql = "INSERT INTO " . $dou->table('show') . " (id, show_name, show_link, show_img, type, sort)" . " VALUES (NULL, '{$_POST['show_name']}', '{$_POST['show_link']}', '{$file}', 'mobile', '{$_POST['sort']}')";
$dou->query($sql);
$dou->create_admin_log($_LANG['mobile'] . ' - ' . $_LANG['show_add'] . ': ' . $_POST[show_name]);
$dou->dou_msg($_LANG['show_add_succes'], 'mobile.php?rec=show');
} elseif ($act == 'edit') {
// 验证并获取合法的ID
$id = $check->is_number($_REQUEST['id']) ? $_REQUEST['id'] : '';
$query = $dou->select($dou->table('show'), '*', '`id` = \'' . $id . '\'');
$show = $dou->fetch_array($query);
$smarty->assign('article_category', $dou->get_category_nolevel('article_category'));
$smarty->assign('article', $article);
$smarty->display('article.htm');
} elseif ($rec == 'insert') {
if (empty($_POST['title'])) {
$dou->dou_msg($_LANG['article_name'] . $_LANG['is_empty']);
}
// 判断是否有上传图片/上传图片生成
if ($_FILES['image']['name'] != "") {
// 生成图片文件名
$file_name = date('Ymd');
for ($i = 0; $i < 6; $i++) {
$file_name .= chr(mt_rand(97, 122));
}
// 其中image指的是上传的文本域名称,$file_name指的是生成的图片文件名
$upfile = $img->upload_image('image', $file_name);
$file = $images_dir . $upfile;
// $img->make_thumb($upfile, 100, 100); // 生成缩略图
}
$add_time = time();
// 格式化自定义参数
$_POST['defined'] = str_replace("\r\n", ',', $_POST['defined']);
// CSRF防御令牌验证
$firewall->check_token($_POST['token'], 'article_add');
$sql = "INSERT INTO " . $dou->table('article') . " (id, cat_id, title, defined, content, image ,keywords, add_time, description)" . " VALUES (NULL, '{$_POST['cat_id']}', '{$_POST['title']}', '{$_POST['defined']}', '{$_POST['content']}', '{$file}', '{$_POST['keywords']}', '{$add_time}', '{$_POST['description']}')";
$dou->query($sql);
$dou->create_admin_log($_LANG['article_add'] . ': ' . $_POST['title']);
$dou->dou_msg($_LANG['article_add_succes'], 'article.php');
} elseif ($rec == 'edit') {
$smarty->assign('ur_here', $_LANG['article_edit']);
$smarty->assign('action_link', array('text' => $_LANG['article'], 'href' => 'article.php'));
}
/**
* +----------------------------------------------------------
* 安装本地模块
* +----------------------------------------------------------
*/
if ($rec == 'install') {
// 判断是否有上传文件
if ($_FILES['zipfile']['name'] == '') {
$dou->dou_msg($_LANG['module_file_empty'], 'module.php?rec=local');
} else {
$zipfile_name = rtrim($_FILES['zipfile']['name'], '.zip');
}
// CSRF防御令牌验证
$firewall->check_token($_POST['token'], 'module_local');
if ($dou_upload->upload_image('zipfile', $zipfile_name)) {
$dou->dou_header('cloud.php?rec=handle&type=module&mode=local&cloud_id=' . $zipfile_name);
}
}
/**
* +----------------------------------------------------------
* 模板卸载页面
* +----------------------------------------------------------
*/
if ($rec == 'uninstall') {
$smarty->assign('ur_here', $_LANG['module']);
// 载入待删除模块
$zipfile_list = glob($cache_dir . '*.zip');
foreach ((array) $zipfile_list as $zipfile) {
$uninstall_list[] = rtrim(basename($zipfile), '.zip');
}
// CSRF防御令牌生成
$smarty->assign('token', $firewall->set_token('fragment_add'));
// 赋值给模板
$smarty->assign('form_action', 'insert');
$smarty->assign('fragment_list', get_fragment_list());
$smarty->display('fragment.htm');
} elseif ($rec == 'insert') {
if (empty($_POST['fragment_name'])) {
$dou->dou_msg($_LANG['fragment_name'] . $_LANG['is_empty']);
}
if (!preg_match("/^[a-z0-9_]+\$/", $_POST['mark'])) {
$dou->dou_msg($_LANG['fragment_mark_cue']);
}
// 判断是否有上传图片/上传图片生成
if ($_FILES['image']['name'] != "") {
$upfile = $img->upload_image('image', $_POST['mark']);
// 以唯一标记为图片名称
$image = $images_dir . $upfile;
}
// CSRF防御令牌验证
$firewall->check_token($_POST['token'], 'fragment_add');
$sql = "INSERT INTO " . $dou->table('fragment') . " (id, fragment_name, mark, parent_id, text ,image, link, sort)" . " VALUES (NULL, '{$_POST['fragment_name']}', '{$_POST['mark']}', '{$_POST['parent_id']}', '{$_POST['text']}', '{$image}', '{$_POST['link']}', '{$_POST['sort']}')";
$dou->query($sql);
$dou->create_admin_log($_LANG['fragment_add'] . ': ' . $_POST['fragment_name']);
$dou->dou_msg($_LANG['fragment_add_succes'], 'fragment.php');
} elseif ($rec == 'edit') {
$smarty->assign('ur_here', $_LANG['fragment_edit']);
$smarty->assign('action_link', array('text' => $_LANG['fragment_list'], 'href' => 'fragment.php'));
// 验证并获取合法的ID
$id = $check->is_number($_REQUEST['id']) ? $_REQUEST['id'] : '';
$query = $dou->select($dou->table('fragment'), '*', '`id` = \'' . $id . '\'');
$smarty->assign('page_list', $dou->get_page_nolevel());
$smarty->assign('page', $page);
//赋值用户输入的数据
$smarty->display('page.htm');
} elseif ($rec == 'insert') {
if (empty($_POST['page_name'])) {
$dou->dou_msg($_LANG['page_name'] . $_LANG['is_empty']);
}
// 上传banner生成
$name = date('Ymd');
for ($i = 0; $i < 6; $i++) {
$name .= chr(mt_rand(97, 122));
}
if (!empty($_FILES['banner']['name'])) {
//检查是否上传了banner,如果没有上传则为空
$upfile = $img->upload_image('banner', $name);
// 上传的文件域
$file = $banner_dir . $upfile;
$img->to_file = true;
$img->make_thumb($upfile, 140, 36);
} else {
$file = "";
}
// CSRF防御令牌验证
$firewall->check_token($_POST['token'], 'page_add');
$sql = "INSERT INTO " . $dou->table('page') . " (id, unique_id, parent_id, page_name, content ,keywords, description, banner, type)" . " VALUES (NULL, '{$_POST['unique_id']}', '{$_POST['parent_id']}', '{$_POST['page_name']}', '{$_POST['content']}', '{$_POST['keywords']}', '{$_POST['description']}', '{$file}', '{$_POST['page_type']}')";
$dou->query($sql);
$miid = mysql_insert_id();
$sql = "UPDATE " . $dou->table('page_images') . " SET page_id = '" . $miid . "' WHERE temp_num = '{$_POST['page_temp_num']}'";
//将新建页面时增加的图片链接上该页面生成的id号
$dou->query($sql);
* +----------------------------------------------------------
* 系统设置数据更新
* +----------------------------------------------------------
*/
if ($rec == 'update') {
// 验证系统语言选择
if (!preg_match("/^[a-z_]+\$/", $_POST['language'])) {
$dou->dou_msg($_LANG['language_wrong'], 'system.php');
}
// 上传图片生成
if ($_FILES['site_logo']['name'] != "") {
$logo_dir = ROOT_PATH . "theme/" . $_CFG['site_theme'] . "/images/";
// logo上传路径,结尾加斜杠
$logo = new Upload($logo_dir, '');
// 实例化类文件
$upfile = $logo->upload_image('site_logo', 'logo');
// 上传的文件域
$_POST['site_logo'] = $upfile;
}
// CSRF防御令牌验证
$firewall->check_token($_POST['token'], 'system');
foreach ($_POST as $name => $value) {
if (is_array($value)) {
$value = serialize($value);
}
$sql = "UPDATE " . $dou->table('config') . " SET value = '{$value}' WHERE name = '{$name}'";
$dou->query($sql);
}
$dou->create_admin_log($_LANG['system'] . ': ' . $_LANG['edit_succes']);
$dou->dou_msg($_LANG['edit_succes'], 'system.php');
}
$smarty->assign('token', $firewall->set_token('product_add'));
// 赋值给模板
$smarty->assign('form_action', 'insert');
$smarty->assign('product_category', $dou->get_category_nolevel('product_category'));
$smarty->assign('product', $product);
$smarty->display('product.htm');
} elseif ($rec == 'insert') {
if (empty($_POST['name'])) {
$dou->dou_msg($_LANG['name'] . $_LANG['is_empty']);
}
if (!$check->is_price($_POST['price'] = trim($_POST['price']))) {
$dou->dou_msg($_LANG['price_wrong']);
}
// 判断是否有上传图片/上传图片生成
if ($_FILES['image']['name'] != '') {
$upfile = $img->upload_image('image', $id);
// 上传的文件域
$file = $images_dir . $upfile;
$img->make_thumb($upfile, $_CFG['thumb_width'], $_CFG['thumb_height']);
}
$add_time = time();
// 格式化自定义参数
$_POST['defined'] = str_replace("\r\n", ',', $_POST['defined']);
// CSRF防御令牌验证
$firewall->check_token($_POST['token'], 'product_add');
$sql = "INSERT INTO " . $dou->table('product') . " (id, cat_id, name, price, defined, content, image ,keywords, add_time, description)" . " VALUES (NULL, '{$_POST['cat_id']}', '{$_POST['name']}', '{$_POST['price']}', '{$_POST['defined']}', '{$_POST['content']}', '{$file}', '{$_POST['keywords']}', '{$add_time}', '{$_POST['description']}')";
$dou->query($sql);
// 为了产品图片管理方便,重新以产品ID定义图片名称
if ($_FILES['image']['name'] != '') {
// 格式化图片名称
$good_id = mysql_insert_id();
$smarty->assign('token', $firewall->set_token('product_add'));
// 赋值给模板
$smarty->assign('form_action', 'insert');
$smarty->assign('product_category', $dou->get_category_nolevel('product_category'));
$smarty->assign('product', $product);
$smarty->display('product.htm');
} elseif ($rec == 'insert') {
if (empty($_POST['name'])) {
$dou->dou_msg($_LANG['name'] . $_LANG['is_empty']);
}
if (!$check->is_price($_POST['price'] = trim($_POST['price']))) {
$dou->dou_msg($_LANG['price_wrong']);
}
// 判断是否有上传图片/上传图片生成
if ($_FILES['image']['name'] != '') {
$upfile = $img->upload_image('image', $dou->auto_id('product'));
// 上传的文件域
$file = $images_dir . $upfile;
$img->make_thumb($upfile, $_CFG['thumb_width'], $_CFG['thumb_height']);
}
$add_time = time();
// 格式化自定义参数
$_POST['defined'] = str_replace("\r\n", ',', $_POST['defined']);
// CSRF防御令牌验证
$firewall->check_token($_POST['token'], 'product_add');
$sql = "INSERT INTO " . $dou->table('product') . " (id, cat_id, name, price, defined, content, image ,keywords, add_time, description)" . " VALUES (NULL, '{$_POST['cat_id']}', '{$_POST['name']}', '{$_POST['price']}', '{$_POST['defined']}', '{$_POST['content']}', '{$file}', '{$_POST['keywords']}', '{$add_time}', '{$_POST['description']}')";
$dou->query($sql);
$dou->create_admin_log($_LANG['product_add'] . ': ' . $_POST['name']);
$dou->dou_msg($_LANG['product_add_succes'], 'product.php');
} elseif ($rec == 'edit') {
$smarty->assign('ur_here', $_LANG['product_edit']);
