function EditUserjs($add, $userid, $username)
{
    global $empire, $dbtbpre;
    $jsid = (int) $add['jsid'];
    $jstempid = (int) $add['jstempid'];
    if (!$jsid || !$add[jsname] || !$jstempid || !$add[jssql] || !$add[jsfilename]) {
        printerror("EmptyUserJsname", "history.go(-1)");
    }
    $query_first = substr($add['jssql'], 0, 7);
    if (!($query_first == "select " || $query_first == "SELECT ")) {
        printerror("JsSqlError", "history.go(-1)");
    }
    //验证权限
    CheckLevel($userid, $username, $classid, "userjs");
    //删除旧js文件
    if ($add['oldjsfilename'] != $add['jsfilename']) {
        DelFiletext($add['oldjsfilename']);
    }
    $add[jssql] = ClearAddsData($add[jssql]);
    $sql = $empire->query("update {$dbtbpre}enewsuserjs set jsname='{$add['jsname']}',jssql='" . addslashes($add[jssql]) . "',jstempid={$jstempid},jsfilename='{$add['jsfilename']}' where jsid={$jsid}");
    //刷新js
    $add[jssql] = addslashes($add[jssql]);
    ReUserjs($add, "../");
    if ($sql) {
        //操作日志
        insert_dolog("jsid={$jsid}&jsname={$add['jsname']}");
        printerror("EditUserjsSuccess", "ListUserjs.php");
    } else {
        printerror("DbError", "history.go(-1)");
    }
}
function EditUserlist($add, $userid, $username)
{
    global $empire, $dbtbpre;
    $listid = (int) $add['listid'];
    $listtempid = (int) $add['listtempid'];
    $maxnum = (int) $add['maxnum'];
    $lencord = (int) $add['lencord'];
    if (!$listid || !$add[listname] || !$listtempid || !$add[listsql] || !$add[totalsql] || !$add[filepath] || !$add[filetype] || !$add[lencord]) {
        printerror("EmptyUserListname", "history.go(-1)");
    }
    $query_first = substr($add['totalsql'], 0, 7);
    $query_firstlist = substr($add['listsql'], 0, 7);
    if (!($query_first == "select " || $query_first == "SELECT " || $query_firstlist == "select " || $query_firstlist == "SELECT ")) {
        printerror("ListSqlError", "history.go(-1)");
    }
    //验证权限
    CheckLevel($userid, $username, $classid, "userlist");
    /*
    //删除旧文件
    if(!($add['oldfilepath']<>$add['filepath']||$add['oldfiletype']<>$add['filetype']))
    {
    	DelFiletext($add['oldjsfilename']);
    }
    */
    if (empty($add['pagetitle'])) {
        $add['pagetitle'] = $add['listname'];
    }
    $add[totalsql] = ClearAddsData($add[totalsql]);
    $add[listsql] = ClearAddsData($add[listsql]);
    $sql = $empire->query("update {$dbtbpre}enewsuserlist set listname='{$add['listname']}',pagetitle='{$add['pagetitle']}',filepath='{$add['filepath']}',filetype='{$add['filetype']}',totalsql='" . addslashes($add['totalsql']) . "',listsql='" . addslashes($add['listsql']) . "',maxnum={$maxnum},lencord={$lencord},listtempid={$listtempid} where listid={$listid}");
    //刷新列表
    $add[listsql] = addslashes($add[listsql]);
    $add[totalsql] = addslashes($add[totalsql]);
    ReUserlist($add, "../");
    if ($sql) {
        //操作日志
        insert_dolog("listid={$listid}&listname={$add['listname']}");
        printerror("EditUserlistSuccess", "ListUserlist.php");
    } else {
        printerror("DbError", "history.go(-1)");
    }
}
Example #3
0
function EditDtTempFiletext($add, $userid, $username)
{
    global $empire, $dbtbpre;
    //操作权限
    CheckLevel($userid, $username, $classid, 'dttemp');
    $tempid = (int) $add['tempid'];
    if (!$tempid) {
        printerror('ErrorUrl', '');
    }
    $tempr = $empire->fetch1("select tempid,tempname,tempvar,tempfile from {$dbtbpre}enewstempdt where tempid='{$tempid}'");
    if (!$tempr['tempid']) {
        printerror('ErrorUrl', '');
    }
    $file = ECMS_PATH . $tempr['tempfile'];
    if (!file_exists($file)) {
        printerror('FileNotExist', '');
    }
    $temptext = ClearAddsData($add['temptext']);
    WriteFiletext_n($file, $temptext);
    //操作日志
    insert_dolog("tempid=" . $tempid . "<br>tempname=" . $tempr['tempname']);
    printerror("EditDttempSuccess", "EditDttemp.php?tempid={$tempid}" . hReturnEcmsHashStrHref2(0));
}
Example #4
0
function TogZt($add, $userid, $username)
{
    global $empire, $class_r, $dbtbpre;
    $ztid = (int) $add['ztid'];
    if (empty($ztid)) {
        printerror("ErrorUrl", "history.go(-1)");
    }
    $r = $empire->fetch1("select ztid,ztname,tbname from {$dbtbpre}enewszt where ztid={$ztid}");
    if (empty($r['ztid']) || empty($r['tbname'])) {
        printerror("ErrorUrl", "history.go(-1)");
    }
    $wheresql = "";
    $formvar = "";
    //关键字
    $keyboard = RepPostVar2($add['keyboard']);
    if ($keyboard) {
        $formvar .= ReturnFormHidden('keyboard', $add['keyboard']);
        $searchfsql = '';
        if ($add['stitle']) {
            $searchfsql .= "title like '%{$keyboard}%'";
            $formvar .= ReturnFormHidden('stitle', $add['stitle']);
        }
        if ($add['susername']) {
            if ($searchfsql) {
                $or = " or ";
            }
            $searchfsql .= $or . "username like '%{$keyboard}%'";
            $formvar .= ReturnFormHidden('susername', $add['susername']);
        }
        if ($add['snewstext']) {
            $or = "";
            if ($searchfsql) {
                $or = " or ";
            }
            $searchfsql .= $or . "newstext like '%{$keyboard}%'";
            $formvar .= ReturnFormHidden('snewstext', $add['snewstext']);
        }
        if ($searchfsql) {
            $wheresql = " and (" . $searchfsql . ")";
        }
    }
    //是否推荐
    if ($add['isgood']) {
        $wheresql .= " and isgood>0";
        $formvar .= ReturnFormHidden('isgood', $add['isgood']);
    }
    //头条
    if ($add['firsttitle']) {
        $wheresql .= " and firsttitle>0";
        $formvar .= ReturnFormHidden('firsttitle', $add['firsttitle']);
    }
    //有标题图片
    if ($add['titlepic']) {
        $wheresql .= " and ispic=1";
        $formvar .= ReturnFormHidden('titlepic', $add['titlepic']);
    }
    //审核
    if ($add['checked']) {
        $wheresql .= " and checked=1";
        $formvar .= ReturnFormHidden('checked', $add['checked']);
    }
    //按栏目刷新
    $classid = (int) $add['classid'];
    if ($classid) {
        $formvar .= ReturnFormHidden('classid', $add['classid']);
        //大栏目
        if (empty($class_r[$classid][islast])) {
            $where = ReturnClass($class_r[$classid][sonclass]);
        } else {
            $where = "classid='{$classid}'";
        }
        $wheresql .= " and (" . $where . ")";
    }
    $startid = (int) $add[startid];
    $endid = (int) $add[endid];
    $startday = RepPostVar($add[startday]);
    $endday = RepPostVar($add[endday]);
    $formvar .= ReturnFormHidden('retype', $add['retype']);
    //按ID
    if ($add['retype']) {
        if ($endid) {
            $wheresql .= " and id>={$startid} and id<={$endid}";
            $formvar .= ReturnFormHidden('startid', $add[startid]) . ReturnFormHidden('endid', $add[endid]);
        }
    } else {
        if ($startday && $endday) {
            $wheresql .= " and truetime>=" . to_time($startday . " 00:00:00") . " and truetime<=" . to_time($endday . " 23:59:59");
            $formvar .= ReturnFormHidden('startday', $add[startday]) . ReturnFormHidden('endday', $add[endday]);
        }
    }
    //附件sql条件
    $query = $add['query'];
    if ($query) {
        $query = ClearAddsData($query);
        //去除adds
        $wheresql .= " and (" . $query . ")";
        $formvar .= ReturnFormHidden('query', $add['query']);
    }
    $wheresql = " where ztid not like '%|" . $ztid . "|%'" . $wheresql;
    $owheresql = $wheresql . " and ztid=''";
    if ($add['doecmszt']) {
        if ($add['inid']) {
            $add['inid'] = RepPostVar($add['inid']);
            $wheresql .= " and id not in (" . $add['inid'] . ")";
            $owheresql .= " and id not in (" . $add['inid'] . ")";
        }
        $repztid = "|" . $ztid . "|";
        $conztid = $ztid . "|";
        //将空格转换成|
        $usql = $empire->query("update {$dbtbpre}ecms_" . $r['tbname'] . " set ztid='|'" . $owheresql);
        //组成新专题
        $sql = $empire->query("update {$dbtbpre}ecms_" . $r['tbname'] . " set ztid=CONCAT(REPLACE(ztid,'" . $repztid . "','|'),'" . $conztid . "')" . $wheresql);
        if ($usql && $sql) {
            //操作日志
            insert_dolog("ztid={$ztid}&ztname={$r['ztname']}");
            printerror("TogZtSuccess", "TogZt.php?ztid={$ztid}");
        } else {
            printerror("DbError", "history.go(-1)");
        }
    }
    $re[0] = $wheresql;
    $re[1] = $formvar . ReturnFormHidden('ztid', $ztid) . ReturnFormHidden('pline', $add[pline]) . ReturnFormHidden('doecmszt', $add[doecmszt]) . ReturnFormHidden('enews', $add[enews]) . ReturnFormHidden('inid', $add[inid]);
    $re[2] = $r['tbname'];
    $re[3] = $r['ztname'];
    return $re;
}
Example #5
0
function ReturnFormHidden($vname, $value)
{
    $value = htmlspecialchars(ClearAddsData($value));
    return "<input type=hidden name=\"" . $vname . "\" value=\"" . $value . "\">";
}
Example #6
0
function EchoRepDownLevelForm($add,$newstart){
	global $fun_r;
	?>
	<?=$fun_r['RepOneDLeveSuccess']?>(ID:<font color=red><b><?=$newstart?></b></font>)
	<form name="RepDownLevelForm" method="post" action="ecmscom.php">
		<?=hReturnEcmsHashStrForm(0)?>
		<input type=hidden name="enews" value="RepDownLevel">
		<input type=hidden name="start" value="<?=$newstart?>">
		<input type=hidden name="tbname" value="<?=$add['tbname']?>">
		<input type=hidden name="classid" value="<?=$add['classid']?>">
		<input type=hidden name="downpath" value="<?=$add['downpath']?>">
		<input type=hidden name="onlinepath" value="<?=$add['onlinepath']?>">
		<input type=hidden name="dogroup" value="<?=$add['dogroup']?>">
		<input type=hidden name="oldgroupid" value="<?=$add['oldgroupid']?>">
		<input type=hidden name="newgroupid" value="<?=$add['newgroupid']?>">
		<input type=hidden name="dofen" value="<?=$add['dofen']?>">
		<input type=hidden name="oldfen" value="<?=$add['oldfen']?>">
		<input type=hidden name="newfen" value="<?=$add['newfen']?>">
		<input type=hidden name="doqz" value="<?=$add['doqz']?>">
		<input type=hidden name="oldqz" value="<?=$add['oldqz']?>">
		<input type=hidden name="newqz" value="<?=$add['newqz']?>">
		<input type=hidden name="dopath" value="<?=$add['dopath']?>">
		<input type=hidden name="oldpath" value="<?=ehtmlspecialchars(ClearAddsData($add['oldpath']))?>">
		<input type=hidden name="newpath" value="<?=ehtmlspecialchars(ClearAddsData($add['newpath']))?>">
		<input type=hidden name="doname" value="<?=$add['doname']?>">
		<input type=hidden name="oldname" value="<?=ehtmlspecialchars(ClearAddsData($add['oldname']))?>">
		<input type=hidden name="newname" value="<?=ehtmlspecialchars(ClearAddsData($add['newname']))?>">
		<input type=hidden name="query" value="<?=ehtmlspecialchars(ClearAddsData($add['query']))?>">
	</form>
	<script>
	document.RepDownLevelForm.submit();
	</script>
	<?
	exit();
}
Example #7
0
function TogZt($add, $userid, $username)
{
    global $empire, $class_r, $dbtbpre;
    $ztid = (int) $add['ztid'];
    if (empty($ztid)) {
        printerror("ErrorUrl", "history.go(-1)");
    }
    $r = $empire->fetch1("select ztid,ztname from {$dbtbpre}enewszt where ztid='{$ztid}'");
    if (empty($r['ztid'])) {
        printerror("ErrorUrl", "history.go(-1)");
    }
    $zcid = (int) $add['zcid'];
    $tbname = RepPostVar($add['tbname']);
    if (!$tbname) {
        printerror('EmptyTogZt', 'history.go(-1)');
    }
    $tbr = $empire->fetch1("select tid from {$dbtbpre}enewstable where tbname='{$tbname}' limit 1");
    if (!$tbr['tid']) {
        printerror('EmptyTogZt', 'history.go(-1)');
    }
    $wheresql = "";
    $formvar = "";
    //关键字
    $keyboard = RepPostVar2($add['keyboard']);
    if ($keyboard) {
        $formvar .= ReturnFormHidden('keyboard', $add['keyboard']);
        $searchfsql = '';
        if ($add['stitle']) {
            $searchfsql .= "title like '%{$keyboard}%'";
            $formvar .= ReturnFormHidden('stitle', $add['stitle']);
        }
        if ($add['susername']) {
            if ($searchfsql) {
                $or = " or ";
            }
            $searchfsql .= $or . "username like '%{$keyboard}%'";
            $formvar .= ReturnFormHidden('susername', $add['susername']);
        }
        if ($searchfsql) {
            $wheresql = " and (" . $searchfsql . ")";
        }
    }
    //是否推荐
    if ($add['isgood']) {
        $wheresql .= " and isgood>0";
        $formvar .= ReturnFormHidden('isgood', $add['isgood']);
    }
    //头条
    if ($add['firsttitle']) {
        $wheresql .= " and firsttitle>0";
        $formvar .= ReturnFormHidden('firsttitle', $add['firsttitle']);
    }
    //有标题图片
    if ($add['titlepic']) {
        $wheresql .= " and ispic=1";
        $formvar .= ReturnFormHidden('titlepic', $add['titlepic']);
    }
    //按栏目刷新
    $classid = (int) $add['classid'];
    if ($classid) {
        $formvar .= ReturnFormHidden('classid', $classid);
        if (empty($class_r[$classid][islast])) {
            $where = ReturnClass($class_r[$classid][sonclass]);
        } else {
            $where = "classid='{$classid}'";
        }
        $wheresql .= " and (" . $where . ")";
    }
    $startid = (int) $add[startid];
    $endid = (int) $add[endid];
    $startday = RepPostVar($add[startday]);
    $endday = RepPostVar($add[endday]);
    $formvar .= ReturnFormHidden('retype', $add['retype']);
    //按ID
    if ($add['retype']) {
        if ($endid) {
            $wheresql .= " and id>={$startid} and id<={$endid}";
            $formvar .= ReturnFormHidden('startid', $add[startid]) . ReturnFormHidden('endid', $add[endid]);
        }
    } else {
        if ($startday && $endday) {
            $wheresql .= " and truetime>=" . to_time($startday . " 00:00:00") . " and truetime<=" . to_time($endday . " 23:59:59");
            $formvar .= ReturnFormHidden('startday', $add[startday]) . ReturnFormHidden('endday', $add[endday]);
        }
    }
    //附件sql条件
    $query = $add['query'];
    if ($query) {
        $query = ClearAddsData($query);
        //去除adds
        $wheresql .= " and (" . $query . ")";
        $formvar .= ReturnFormHidden('query', $add['query']);
    }
    if (empty($wheresql)) {
        printerror('EmptyTogZt', 'history.go(-1)');
    }
    $wheresql = substr($wheresql, 5);
    if ($add['doecmszt']) {
        $togtype = (int) $add['togtype'];
        if ($togtype == 1) {
            $add['inid'] = eReturnInids($add['inid']);
            $wheresql = "id in (" . $add['inid'] . ")";
        } else {
            if ($add['inid']) {
                $add['inid'] = eReturnInids($add['inid']);
                $wheresql .= " and id not in (" . $add['inid'] . ")";
            }
        }
        AddMoreInfoToZt($ztid, $zcid, $tbname, $wheresql);
        //操作日志
        insert_dolog("ztid={$ztid}&ztname={$r['ztname']}");
        printerror("TogZtSuccess", "TogZt.php?ztid={$ztid}" . hReturnEcmsHashStrHref2(0));
    }
    $re[0] = $wheresql;
    $re[1] = $formvar . ReturnFormHidden('ztid', $ztid) . ReturnFormHidden('zcid', $zcid) . ReturnFormHidden('tbname', $tbname) . ReturnFormHidden('pline', $add[pline]) . ReturnFormHidden('doecmszt', $add[doecmszt]) . ReturnFormHidden('enews', $add[enews]) . ReturnFormHidden('inid', $add[inid]);
    $re[2] = $tbname;
    $re[3] = $r['ztname'];
    return $re;
}
Example #8
0
function LoadOutBq($add, $userid, $username)
{
    global $empire, $dbtbpre;
    $bqid = (int) $add['bqid'];
    if (!$bqid || !$add['funvalue']) {
        printerror("EmptyLoadBqid", "history.go(-1)");
    }
    //验证权限
    CheckLevel($userid, $username, $classid, "bq");
    $r = $empire->fetch1("select bqid,bqname,bqsay,funname,bq,bqgs from {$dbtbpre}enewsbq where bqid={$bqid}");
    if (!$r[bqid]) {
        printerror("NotThisBqid", "history.go(-1)");
    }
    $add['funvalue'] = ClearAddsData($add['funvalue']);
    $field = "<!--#empirecms.bq-phome.net#--!>";
    $str = $r['bqname'] . $field . stripSlashes($r['bqsay']) . $field . $r['funname'] . $field . $r['bq'] . $field . stripSlashes($r['bqgs']) . $field . $add['funvalue'];
    $filename = $r['bq'] . time() . ".bq";
    $filepath = ECMS_PATH . DASHBOARD . '/data/tmp/temp/' . $filename;
    WriteFiletext_n($filepath, $str);
    DownLoadFile($filename, $filepath, 1);
    //操作日志
    insert_dolog("bqid=" . $bqid . "<br>bqname=" . $r[bqname]);
    exit;
}
Example #9
0
function EditSql($add, $userid, $username)
{
    global $empire, $dbtbpre;
    $id = (int) $add[id];
    if (!$add['sqlname'] || !$add['sqltext'] || !$id) {
        printerror("EmptySqltext", "history.go(-1)");
    }
    $add[sqltext] = ClearAddsData($add[sqltext]);
    $sql = $empire->query("update {$dbtbpre}enewssql set sqlname='" . addslashes($add[sqlname]) . "',sqltext='" . addslashes($add[sqltext]) . "' where id='{$id}'");
    if ($sql) {
        //操作日志
        insert_dolog("id=" . $id . "<br>sqlname=" . $add[sqlname]);
        printerror("EditSqlSuccess", "ListSql.php");
    } else {
        printerror("DbError", "history.go(-1)");
    }
}
function EchoSendMsgForm($enews, $returnurl, $start, $line, $checkbox, $add)
{
    global $fun_r;
    ?>
	<?php 
    echo $fun_r['OneSendMsg'];
    ?>
(<b><font color=red><?php 
    echo $start;
    ?>
</font></b>)
	<form name="sendform" method="post" action="<?php 
    echo $returnurl;
    ?>
">
		<input type=hidden name="enews" value="<?php 
    echo $enews;
    ?>
">
		<input type=hidden name="start" value="<?php 
    echo $start;
    ?>
">
		<input type=hidden name="line" value="<?php 
    echo $line;
    ?>
">
		<?php 
    echo $checkbox;
    ?>
		<input type=hidden name="title" value="<?php 
    echo htmlspecialchars(ClearAddsData($add[title]));
    ?>
">
		<input type=hidden name="msgtext" value="<?php 
    echo htmlspecialchars(ClearAddsData($add[msgtext]));
    ?>
">
	</form>
	<script>
	document.sendform.submit();
	</script>
	<?php 
    exit;
}