function update($id, $data = array())
{
global $db;
check_allowed(str_replace(LZ_MYSQL_PREFIX, '', $this->table), 'update', LZ_RESPONSE == 'text');
$sql = make_update_sql($this->table, $data, array($this->id => $id));
return $db->query($sql);
}
<?php
LZ_MODULE != 'admin' && die('Access Denied');
define('LZ_RESPONSE', 'text');
$m = $_GET['m'];
include 'model/user.php';
$user = new LZ_User();
if ($m == 'edit') {
check_allowed('account', 'update', 1);
set_allowed('user', 'update');
$data = filter_array($_POST, 'email');
if ($_POST['password']) {
$data['password'] = lz_encode($_POST['password']);
}
if ($data && $user->update($_SESSION['login_user']['user_id'], $data)) {
remove_allowed('user', 'update');
$_SESSION['login_user'] = $user->get_one($_SESSION['login_user']['user_id']);
echo lang('USER_UPDATE_SUCCESS');
die;
} else {
remove_allowed('user', 'update');
echo lang('USER_UPDATE_ERR');
die;
}
} else {
if ($m == 'get_user') {
$arr = $user->get_one($_SESSION['login_user']['user_id']);
echo json_encode($arr);
die;
}
}
/**********************************
* EndCMS
* www.endcms.com
* ©2008-now
* under Creative Commons License
**********************************/
END_MODULE != 'admin' && die('Access Denied');
$admin_id = intval($_GET['admin_id']);
$m = $_GET['m'];
$action = $_GET['action'];
$admin = model('admin');
$rights = model('rights');
$rights_id = isset($_GET['rights_id']) ? intval($_GET['rights_id']) : false;
if ($m == 'new_admin') {
check_allowed('admin', 'add');
$data = filter_array($_POST, 'name!,end_encode:password!,email');
if ($admin->exists(array('name' => $data['name']))) {
end_exit(lang("ADMIN_EXISTS"), 'admin.php?p=admin', 1);
} else {
if ($admin->add($data)) {
end_exit(lang('ADMIN_NEW_SUCCESS'), 'admin.php?p=admin', 1);
} else {
$err_msg = lang('ADMIN_NEW_ERROR');
$action = 'new_admin';
}
}
} else {
define('END_LOG_INFO', LANG_TITLE);
define('END_LOG_URL', 'admin.php?p=admin');
}
<?php
/**********************************
* EndCMS
* www.endcms.com
* ©2008-now
* under Creative Commons License
**********************************/
END_MODULE != 'admin' && die('Access Denied');
$m = $_GET['m'];
$_config = model('config');
$config_id = intval($_GET['config_id']);
if ($m == "new_config") {
check_allowed('config', 'add');
$data = filter_array($_POST, 'name!,description!,type!');
if ($data) {
if ($_config->add($data)) {
end_exit(lang('CONFIG_NEW_SUCCESS'), 'admin.php?p=config', 1);
} else {
$action = 'new_category';
$err_msg = lang('CONFIG_NEW_ERROR');
}
} else {
$action = 'new_config';
$err_msg = lang('CONFIG_FILL_ALL');
$view_data['thisconfig'] = $_POST;
}
}
$view_data['err_msg'] = $err_msg;
$view_data['items'] = $_config->get_list();
$view_data['page_description'] = lang('TITLE');
}
$message = UCSLAN_3;
} else {
$message = UCSLAN_4;
}
}
if (isset($_POST['edit'])) {
$class_id = intval($_POST['existing']);
check_allowed($class_id);
$sql->db_Select('userclass_classes', '*', "userclass_id=" . $class_id);
$row = $sql->db_Fetch();
extract($row);
}
if (isset($_POST['updateclass'])) {
$class_id = intval($_POST['userclass_id']);
check_allowed($class_id);
$_POST['userclass_name'] = $tp->toDB($_POST['userclass_name']);
$_POST['userclass_description'] = $tp->toDB($_POST['userclass_description']);
$_POST['userclass_editclass'] = intval($_POST['userclass_editclass']);
$sql->db_Update('userclass_classes', "userclass_editclass={$_POST['userclass_editclass']}, userclass_name='" . $_POST['userclass_name'] . "', userclass_description='" . $_POST['userclass_description'] . "' WHERE userclass_id=" . $class_id);
$message = UCSLAN_5;
}
if (isset($_POST['createclass'])) {
if ($_POST['userclass_name']) {
$_POST['userclass_name'] = $tp->toDB($_POST['userclass_name']);
$_POST['userclass_description'] = $tp->toDB($_POST['userclass_description']);
$editclass = intval(varset($_POST['userclass_editclass'], 0));
if ($editclass && (getperms('0') || check_class($editclass))) {
$i = 1;
while ($sql->db_Select('userclass_classes', '*', "userclass_id='" . $i . "' ") && $i < 255) {
$i++;
$view_data['category_type'] = $end_models[$this_category['status']]['name'];
$view_data['category'] = $this_category;
}
if ($item_type) {
$item = model($item_type, $end_models[$item_type . '_list']['model_path']);
$item_model = $end_models[$item_type . '_list'];
$_fields = $item_model['fields'];
define('ITEM_TYPE', $item_type);
if ($m == 'edit_item') {
check_allowed($item_type, 'update');
} else {
if ($m == 'new_item') {
check_allowed($item_type, 'add');
} else {
if (!$m) {
check_allowed($item_type, 'view');
}
}
}
//添加或者修改,提交处理部分
if ($m == 'edit_item' || $m == 'new_item') {
$data = array();
if ($item_id) {
$data[$item->id] = $item_id;
}
$errors = array();
if (!$item_model['no_category']) {
if (!intval($_POST['category_id'])) {
$errors[] = "请选择分类";
} else {
$data['category_id'] = intval($_POST['category_id']);
* www.endcms.com
* ©2008-now
* under Creative Commons License
**********************************/
END_MODULE != 'admin' && die('Access Denied');
$m = $_GET['m'];
$value = $_POST['value'];
$id = intval($_GET['id']);
$table = $_GET['table'];
$column = $_GET['column'];
$_allowed = ',';
foreach ($_SESSION['login_user']['allowed_controllers'] as $_c => $_v) {
$_allowed .= $_c . ',';
}
define('END_RESPONSE', 'text');
check_allowed($table, $m, 1);
load_models();
if (!$id) {
ajax_exit('id needed');
}
if ($table) {
if (strpos(",{$_allowed},", ",{$table},") !== false) {
if ($end_models[$table . '_list']) {
$obj = model($table, $end_models[$table . '_list']['model_path']);
} else {
$obj = model($table);
}
}
}
if (!$obj) {
ajax_exit('table needed');
if ($data) {
if ($new_id = $category->add($data)) {
header('Location: admin.php?p=category&action=edit_category&category_id=' . $new_id);
die;
} else {
$action = 'new_category';
$err_msg = lang('CATEGOTY_NEW_ERROR');
}
} else {
$action = 'new_category';
$err_msg = lang('CATEGOTY_FILL_ALL');
$view_data['category'] = $_POST;
}
} else {
if ($m == 'edit_category') {
check_allowed('category', 'update');
$_category = $category->get_one($category_id);
$data = array('category_id' => $category_id);
$errors = array();
$_fields = $end_models[$_category['status']]['category_fields'];
if (intval($_POST['parent_id']) < 0) {
$errors[] = lang('Please choose a parent category');
} else {
$data['parent_id'] = intval($_POST['parent_id']);
}
if ($_fields) {
//处理提交的数据
include 'edit_field.php';
}
//提交数居后的处理
if ($_fields['__after_edit']) {
END_MODULE != 'admin' && die('Access Denied');
$rights = model('rights');
$m = $_GET['m'];
$category = model('category');
load_models();
$rights_id = $_GET['rights_id'];
if ($m == 'new_group') {
check_allowed('rights', 'add');
$data = filter_array($_POST, 'name!');
if ($data && $rights->add($data)) {
end_exit(lang('rights_add_success'), 'admin.php?p=rights');
} else {
end_exit(lang('rights_add_failed'), 'admin.php?p=rights');
}
} elseif ($m == 'config' && $rights_id) {
check_allowed('rights', 'update');
$r = array();
foreach ($_POST as $key => $val) {
if (strtolower($val) == 'on') {
$r[] = $key;
}
}
$data['rights'] = join(',', $r);
if ($rights->update($rights_id, $data)) {
end_exit(lang('rights_updated'), 'admin.php?p=rights');
}
} else {
define('END_LOG_INFO', LANG_TITLE);
define('END_LOG_URL', 'admin.php?p=rights');
}
if ($rights_id) {
$class_num = intval(varset($uc_qs[2], 0));
}
$userclass_id = 0;
// Set defaults for new class to start with
$userclass_name = '';
$userclass_description = '';
$userclass_editclass = e_UC_ADMIN;
$userclass_visibility = e_UC_ADMIN;
$userclass_parent = e_UC_NOBODY;
$userclass_icon = '';
$userclass_type = UC_TYPE_STD;
$userclass_groupclass = '';
if ($params == 'edit' || $forwardVals) {
if (!$forwardVals) {
// Get the values from DB (else just recycle data uer was trying to store)
check_allowed($class_num);
$sql->db_Select('userclass_classes', '*', "userclass_id='" . intval($class_num) . "' ");
$class_record = $sql->db_Fetch();
$userclass_id = $class_record['userclass_id'];
// Update fields from DB if editing
}
$userclass_name = $class_record['userclass_name'];
$userclass_description = $class_record['userclass_description'];
$userclass_editclass = $class_record['userclass_editclass'];
$userclass_visibility = $class_record['userclass_visibility'];
$userclass_parent = $class_record['userclass_parent'];
$userclass_icon = $class_record['userclass_icon'];
$userclass_type = $class_record['userclass_type'];
if ($userclass_type == UC_TYPE_GROUP) {
$userclass_groupclass = $class_record['userclass_accum'];
}