fwrite($handle, $str); //把刚才替换的内容写进生成的HTML文件 fclose($handle); } if (@$_GET['delete'] != '') { $query = "SELECT * FROM post WHERE uid = '{$_GET['delete']}'"; $query_result = mysql_query($query); $row = mysql_fetch_array($query_result); $query = "SELECT * FROM user WHERE name = '{$row['user']}'"; $query_result = mysql_query($query); $psw_row = mysql_fetch_array($query_result); $path = "{$_COOKIE['name']}/{$row['path']}.html"; unlink($path); if ($row['user'] == @$_COOKIE['name'] && $psw_row['password'] == @$_COOKIE['password']) { $query = "DELETE FROM post WHERE uid = '{$row['uid']}'"; mysql_query($query); $query = "SELECT * FROM post WHERE user = '******'name']}' ORDER BY `id` DESC"; $query_results = mysql_query($query); $lists = ''; while ($row = mysql_fetch_array($query_results)) { $time = substr($row['time'], 0, 10); $lists .= "<li><span style='color:gray'>{$time}</span> » <a href='{$row['path']}.html'>{$row['title']}</a></li>"; } $path = "{$_COOKIE['name']}/index.html"; makehtml($file = 'achieve.html', $title = '', $body = '', $path = $path, $user = $_COOKIE['name'], $time = '', $list = $lists); echo "<head><script>window.location = '{$_SERVER['HTTP_REFERER']}'</script></head>"; echo "已经删除了~马上返回!"; } else { echo "bad request!"; } }
/** * takes html, javascript, css and makes files - the folder structure will be : * --> md5(timestamp)/index.html * --> md5(timestamp)/js/local.js * --> md5(timestamp)/css/local.css * * @param array $options - to scale for the future needs this is made an array - individual items are explained below * @param sting $options['filepath'] path to where individual files are to be stored * @param sting $options['html'] this is the content that is inside <body></body> tag * @param sting $options['css'] css content * @param sting $options['javascript'] javascript content * @return all integrated html content */ function makefiles($options) { mkdir($options['filepath'],0777, true); if(!empty($options['javascript'])) { if(mkdir($options['filepath'].'/js/',0777, true)) { if(!file_put_contents($options['filepath'].'/js/local.js', $options['javascript'])) { return false; } } else { return false; } } if(!empty($options['css'])) { if(mkdir($options['filepath'].'/css/',0777, true)) { if(!file_put_contents($options['filepath'].'/css/local.css', $options['css'])) { return false; } } else { return false; } } if(!file_put_contents($options['filepath'].'/index_part.html',$options['html'])) { return false; } if(!file_put_contents($options['filepath'].'/README.txt',$options['text'])) { return false; } $html = makehtml(array('html'=>$options['html'], 'javascript'=>$options['filepath'].'/js/local.js', 'css'=>$options['filepath'].'/css/site.css', 'arefiles'=>true)); if(!file_put_contents($options['filepath'].'/index.html',$html)) { return false; } return true; }
//build the date string if (!isset($_POST['now'])) { $posted = $_POST['post1'] . "-" . $_POST['post2'] . "-" . $_POST['post3'] . " " . $_POST['post4'] . ":" . $_POST['post5'] . ":00"; } else { $posted = date("Y-m-d H:i:s"); } //make a valid temp-title and put textile onto the posted bodytext $temptitle = htmlentities($_POST['title'], ENT_QUOTES, "UTF-8"); $tempmess = htmlentities($_POST['message'], ENT_QUOTES, "UTF-8"); //extract duration- and size integer from input $pieces = explode(" ", $_POST['audio_length']); $lengthint = round($pieces[0], 1); $pieces2 = explode(" ", $_POST['audio_size']); $sizeint = round($pieces2[0], 1) * 1024 * 1024; //use preferred html-helper tool $temphtml = makehtml($_POST['message']); //get the data for comment-options if ($_POST['comment_on'] == "on") { $comments = "1"; } else { $comments = "0"; } //write things from post-data into database $dosql = "UPDATE " . $GLOBALS['prefix'] . "lb_postings SET\n \n title = '" . $temptitle . "',\n message_input = '" . $tempmess . "',\n message_html = '" . $temphtml . "',\n posted = '" . $posted . "',\n comment_on = '" . $comments . "',\n audio_length = '" . $lengthint . "', \n audio_size = '" . $sizeint . "', \n comment_size = '" . $_POST['comment_size'] . "',\n category1_id = '" . $_POST['cat1'] . "',\n category2_id = '" . $_POST['cat2'] . "',\n category3_id = '" . $_POST['cat3'] . "',\n category4_id = '" . $_POST['cat4'] . "',\n audio_type = '" . $_POST['audio_type'] . "',\n status = '" . $_POST['status'] . "'\n \n WHERE id = '" . $edit_id . "';"; $result = mysql_query($dosql) or die(mysql_error()); //deleting links from database $dosql = "DELETE FROM " . $GLOBALS['prefix'] . "lb_links \n WHERE posting_id=" . $edit_id . ";"; $result = mysql_query($dosql) or die(mysql_error()); //put posted links into database for ($i = 0; $i < $settings['showlinks']; $i++) { $temptit = "linktit" . $i;
function loop_comments($content) { //show a loop of all comments of a certain posting global $currentid; global $currentcomment; global $comments; global $tempfilename; global $allcomm; $att = getattributes($content); if (isset($att['global'])) { $allcomm = $att['global']; } else { $allcomm = "false"; } if (isset($att['number'])) { $number = $att['number']; } else { $number = 5; } $content = trim(stripcontainer($content)); $return = ""; //do we get the comments of the current posting? if ($allcomm == "false") { //getting some data from comments-table $dosql = "SELECT * FROM " . $GLOBALS['prefix'] . "lb_comments \n WHERE posting_id='" . $currentid . "' ORDER BY posted ASC;"; $result = mysql_query($dosql) or die(mysql_error()); $i = 0; $comments = ""; while ($temp = mysql_fetch_assoc($result)) { $i += 1; $comments[$i] = $temp; } //only here for previewing? if (isset($_POST['commentpreview'])) { if ($tempfilename != "") { $id3 = getid3data($GLOBALS['audiopath'] . $tempfilename, "front"); $tempfilesize = $id3['size']; $tempfilelength = getseconds($id3['duration']); } else { $tempfilesize = "0"; $tempfilelength = "0"; } $i += 1; $comments[$i]['id'] = 0; $comments[$i]['posting_id'] = $currentid; $comments[$i]['posted'] = date('Y-m-d H:i:s'); if ($_POST['commentname'] == "") { $comments[$i]['name'] = "Anonymus"; } else { $comments[$i]['name'] = htmlentities($_POST['commentname'], ENT_QUOTES, "UTF-8"); } $comments[$i]['name'] = $comments[$i]['name']; $comments[$i]['mail'] = strip_tags($_POST['commentmail']); $comments[$i]['web'] = strip_tags($_POST['commentweb']); $comments[$i]['ip'] = $_SERVER['REMOTE_ADDR']; $comments[$i]['message_input'] = htmlentities(strip_tags($_POST['commentmessage']), ENT_QUOTES, "UTF-8"); $comments[$i]['message_html'] = "<p>[PREVIEW]</p> " . makehtml(strip_tags($_POST['commentmessage'])); $comments[$i]['audio_file'] = $tempfilename; $comments[$i]['audio_size'] = $tempfilesize; $comments[$i]['audio_length'] = $tempfilelength; $comments[$i]['audio_type'] = type_suffix($tempfilename); } //okay, we show a list af ALL recent comments } else { $dosql = "SELECT * FROM " . $GLOBALS['prefix'] . "lb_comments \n ORDER BY posted DESC LIMIT 0," . $number . ";"; $result = mysql_query($dosql) or die(mysql_error()); $i = 0; $comments = ""; while ($temp = mysql_fetch_assoc($result)) { $i += 1; $comments[$i] = $temp; } } //is there one or more comments? if ($i > 0) { $i = 1; //show every comment, one by one foreach ($comments as $thiscomment) { $currentcomment = $i; if ($allcomm == "false") { $return .= "<span id=\"com" . $comments[$i]['id'] . "\"></span>"; } $return .= fullparse($content); $i += 1; } } return $return; }
function loop_comments($content) { //show a loop of all comments of a certain posting global $currentid; global $currentcomment; global $comments; global $tempfilename; global $allcomm; $att = getattributes($content); if (isset($att['global'])) { $allcomm = $att['global']; } else { $allcomm = "false"; } if (isset($att['number'])) { $number = $att['number']; } else { $number = 5; } $content = trim(stripcontainer($content)); $return = ""; //do we get the comments of the current posting? if ($allcomm == "false") { //getting some data from comments-table $dosql = "SELECT * FROM " . $GLOBALS['prefix'] . "lb_comments\n WHERE posting_id = " . $currentid . " ORDER BY posted ASC;"; $result = $GLOBALS['lbdata']->Execute($dosql); $comments = $result->GetArray(); if ($comments == false) { $numbcom = 0; } else { $numbcom = count($comments); } //only here for previewing? if (isset($_POST['commentpreview'])) { if ($tempfilename != "") { $id3 = getid3data($GLOBALS['audiopath'] . $tempfilename, "front"); $tempfilesize = $id3['size']; $tempfilelength = getseconds($id3['duration']); } else { $tempfilesize = "0"; $tempfilelength = "0"; } $comments[$numbcom]['id'] = 0; $comments[$numbcom]['posting_id'] = $currentid; $comments[$numbcom]['posted'] = date('Y-m-d H:i:s'); if ($_POST['commentname'] == "") { $comments[$numbcom]['name'] = "Anonymus"; } else { $comments[$numbcom]['name'] = htmlentities(strip_tags($_POST['commentname']), ENT_QUOTES, "UTF-8"); } $comments[$numbcom]['mail'] = strip_tags($_POST['commentmail']); $comments[$numbcom]['web'] = strip_tags($_POST['commentweb']); $comments[$numbcom]['ip'] = $_SERVER['REMOTE_ADDR']; $comments[$numbcom]['message_input'] = $_POST['commentmessage']; $comments[$numbcom]['message_html'] = "<p>[PREVIEW]</p> " . strip_tags(no_amp(makehtml(htmlentities($_POST['commentmessage'], ENT_QUOTES, "UTF-8")))); $comments[$numbcom]['audio_file'] = $tempfilename; $comments[$numbcom]['audio_size'] = $tempfilesize; $comments[$numbcom]['audio_length'] = $tempfilelength; $comments[$numbcom]['audio_type'] = type_suffix($tempfilename); } //okay, we show a list af ALL recent comments } else { $dosql = "SELECT * FROM " . $GLOBALS['prefix'] . "lb_comments ORDER BY posted DESC"; $result = $GLOBALS['lbdata']->SelectLimit($dosql, $number, 0); $comments = $result->GetArray(); if ($comments == false) { $comments = array(); } } //show every comment, one by one $i = 0; foreach ($comments as $thiscomment) { $currentcomment = $i; if ($allcomm == "false") { $return .= "<span id=\"com" . $thiscomment['id'] . "\"></span>"; } $return .= fullparse($content); $i += 1; } return $return; }
} $rowval = ""; if (isset($p['rowval'])) { $rowval = $p['rowval']; } //which column do we manipulate or read? $colpick = ""; if (isset($p['colpick'])) { $colpick = $p['colpick']; } $colval = ""; if (isset($p['colval'])) { $colval = $p['colval']; } if (isset($p['makehtml'])) { $colval = makehtml($p['colval']); } // do the request action!! if ($p['action'] == "singleread") { $dosql = "SELECT " . $colpick . " FROM " . $table . " WHERE " . $rowpick . " = '" . $rowval . "'"; $return = $GLOBALS['lbdata']->GetArray($dosql); echo $return[0][$colpick]; } if ($p['action'] == "singleupdate") { $dosql = "UPDATE " . $table . " SET " . $colpick . " = '" . $colval . "' WHERE " . $rowpick . " = '" . $rowval . "'"; $GLOBALS['lbdata']->Execute($dosql); echo $colval; } } else { echo "access denied!"; }
function verify() { $_SESSION['makemix_class'] = "class=\"active\""; menu(); echo "<div id=\"content\">\n\t<div align=\"center\"<h2>Make a Mix - Processing Upload...</h2></div>\n\t<div class=\"selections\">\n\tYour choices so far:\n\tThe title for your mix will be: " . $_SESSION['mw_mix_title'] . "<br />\n\tThe artist for your mix is: " . $_SESSION['mw_mix_artist'] . "<br />\n\tYour selected skin image is:<br />\n\t<img height=\"64\" width=\"100\" src= \"" . $_SESSION['mwbe_site_url'] . "/skins/" . $_SESSION['mw_skin_img'] . "\"><br />\n\t</div>"; $zip_ext_whitelist = array('zip'); $mp3_ext_whitelist = array('mp3'); $img_whitelist = array('jpg'); $mp3_type = array('audio/mpeg3', 'audio/x-mpeg-3', 'audio/x-mpg', 'audio/mpeg', 'audio/x-mpeg', 'audio/x-mp3', 'audio/x-mpeg3', 'audio/x-mpg', 'audio/x-mpegaudio'); $zip_type = array('application/x-compressed', 'application/x-zip-compressed', 'application/zip'); $zip_type_blacklist = 'multipart/x-zip'; $blacklist = array('php', 'php3', 'php4', 'phtml', 'exe'); $ver_tracks_dir = $_SESSION['mwbe_server_path'] . $_SESSION['mw_mix_tracks_dir']; $up_archive = $_SESSION['mwbe_server_path'] . $_SESSION['mw_mix_archive']; $up_name_only = basename($up_name); $up_archive_name_only = basename($up_archive); if ($_FILES['zipfile']['size'] > 0) { $up_name = $_SESSION['mwbe_server_path'] . $_SESSION['mwbe_writable_dirs']['archives'] . basename($_FILES['zipfile']['name']); $up_lc = strtolower($_FILES['zipfile']['name']); if (!move_uploaded_file($_FILES['zipfile']['tmp_name'], $up_name)) { echo "uploaded file: " . $_FILES['zipfile']['tmp_name'] . "<br />\n"; echo "f_name: {$f_name} <br />\n"; echo "up_name: {$up_name} <br />\n"; echo "<text class=\"bad\">There was an error uploading the file.</text><br />\n"; exit(0); } elseif (!in_array(end(explode('.', $up_lc)), $zip_ext_whitelist)) { echo "<text class=\"bad\">" . $_FILES['zipfile']['name'] . " is not a .zip file and has been removed.</text><br />\n"; exit(0); } } elseif (isset($_POST['localzipfile'])) { $local_zip_name = $_POST['localzipfile']; $up_name = $_SESSION['mwbe_server_path'] . $_SESSION['mwbe_writable_dirs']['archives'] . "/" . basename($_POST['localzipfile']); if (!copy($local_zip_name, $up_name)) { echo "<text class=\"bad\">The local file could not be copied for use with MixWidget backend. Please check the path and your file permissions and try again.</text><br />\n"; exit(0); } elseif (!in_array(explode('.', strtolower($_POST['localzipfile'])), $zip_ext_whitelist)) { } } $zip = new ZipArchive(); if ($zip->open("{$up_name}") === TRUE) { mkdir("{$ver_tracks_dir}", 0775); $zip->extractTo($ver_tracks_dir); $zip->close(); echo "Tracks for " . $_SESSION['mw_mix_title'] . "extracted from {$up_name_only} successfully!<br />\n"; if (rename("{$up_name}", "{$up_archive}")) { echo "Uploaded file: {$up_name_only} has been renamed to {$up_archive_name_only} to allow downloading of the track archive...<br /><br />\n"; } else { echo "There was a problem re-naming {$up_name_only} to {$up_archive_name_only}. No track archive will be available for download.<br />\n"; } } else { echo "There was a problem extracting the files from {$up_name_only} and it has been removed for security reasons.<br />\n"; unlink($up_name); exit(0); } $pl_playlist = $_SESSION['mwbe_server_path'] . $_SESSION['mw_mix_playlist']; $pl_head = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n\t<!-- generator=\"MixWidget Back End\" -->\n\t<playlist version=\"1\" xmlns=\"http://xspf.org/ns/0/\">\n\t\t<trackList>\n"; $f_pl_head = fopen("{$pl_playlist}", "w"); fwrite($f_pl_head, $pl_head); fclose($f_pl_head); echo "<h3>Processing MP3s now...</h3>\n\t<div class=\"process\">\n"; foreach (glob("{$ver_tracks_dir}*.mp3") as $pre_song) { $pre_song_name_only = basename($pre_song); echo "<text class=\"pr_head\">Processing {$pre_song_name_only}...<br /></text>\n"; $post_song = basename($pre_song, ".mp3"); $post_song = str_replace("/[^a-zA-Z0-9s]/", "", $post_song); // remove any non alpha-numeric characters $post_song = str_replace(" ", "", $post_song); //remove any spaces $post_song = strtolower($post_song); // make it lower case to avoid issues on case sensitive systems $post_song = $_SESSION['mwbe_server_path'] . $_SESSION['mw_mix_tracks_dir'] . $post_song . ".mp3"; $post_song_name_only = basename($post_song); if (!rename("{$pre_song}", "{$post_song}")) { echo "failed to rename {$pre_song_name_only} to {$post_song_name_only}<br />\n"; } else { if (!in_array(end(explode('.', $post_song)), $mp3_ext_whitelist)) { echo "{$post_song_name_only} is not an MP3 and has been removed for security reasons.<br />\n"; fclose($post_song); unlink($post_song); } else { echo "...attempting to process ID3 fields for {$post_song_name_only}<br />\n"; $getid3 = new getID3(); $getid3->analyze("{$post_song}"); echo "...{$post_song_name_only} is a valid MP3 and is being added to your playlist<br />\n"; if (@$getid3->info['tags']) { foreach ($getid3->info['tags'] as $tag => $tag_info) { if (@$getid3->info['tags'][$tag]['title']) { $pl_artist = @$getid3->info['tags'][$tag]['artist'][0]; $pl_title = @$getid3->info['tags'][$tag]['title'][0]; $pl_time = @$getids->info['playtime_seconds']; $pl_mp3 = basename($post_song); } else { $pl_title = basename($pre_song, ".mp3"); $pl_mp3 = basename($post_song); } } } else { $pl_title = basename($pre_song, ".mp3"); $pl_mp3 = basename($post_song); } } echo "<text class=\"pr_foot\">...{$pl_title} by {$pl_artist} has been added to your playlist!</text><br /><br />\n"; $pl_full_path = $_SESSION['mwbe_site_url'] . $_SESSION['mwbe_writable_dirs']['tracks'] . $_SESSION['mw_mix_title_short'] . "/" . htmlentities($pl_mp3, ENT_QUOTES); $tr_text = "\t\t<track>\n\t\t\t\t\t\t<location>{$pl_full_path}</location>\n\t\t\t\t\t\t<creator>{$pl_artist}</creator>\n\t\t\t\t\t\t<album>" . $_SESSION['mw_mix_title'] . "</album>\n\t\t\t\t\t\t<title>{$pl_title}</title>\n\t\t\t\t\t\t<duration>{$pl_time}</duration>\n\t\t\t\t\t</track>\n"; $f_pl_tr = fopen("{$pl_playlist}", "a"); fwrite($f_pl_tr, $tr_text); fclose($f_pl_tr); } } echo "</div>"; $pl_foot = "\t</trackList>\n\t</playlist>"; $f_pl_foot = fopen("{$pl_playlist}", "a"); fwrite($f_pl_foot, $pl_foot); fclose($f_pl_foot); echo "<text class=\"pr_foot\">Your playlist has been created...</text><br />\n<text class=\"pr_foot\">Creating the MixWidget configuration file now...</text><br />\n"; makeconf(); echo "<text class=\"pr_foot\">Configuration file complete making html file now...</text><br />\n"; makehtml(); echo "<text class=\"pr_foot\">Your mix has been successfully created!</text><br /><br />\n\tYou may:\n\t<ul>\n\t<li><a href=\"" . $_SESSION['mwbe_site_url'] . $_SESSION['mwbe_writable_dirs']['mixes'] . $_SESSION['mw_mix_title_short'] . ".html\">View the .html file</a></li>\n\t<li><a href=\"index.php\">Return to the Mix Widget Backend \"Main\" page.</li>\n\t<li><a href=\"" . $_SESSION['mwbe_site_url'] . $_SESSION['mwbe_mixes_index'] . "\">View your Mix Widget Backend site index</a></li>\n\t</ul>"; }