if (PHP_VERSION > '5.1') { @date_default_timezone_set('UTC'); } // 加载核心函数 require_once SABLOG_ROOT . 'include/func/global.func.php'; // 获得IP地址 if (getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) { $onlineip = getenv('HTTP_CLIENT_IP'); } elseif (getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) { $onlineip = getenv('HTTP_X_FORWARDED_FOR'); } elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) { $onlineip = getenv('REMOTE_ADDR'); } elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) { $onlineip = $_SERVER['REMOTE_ADDR']; } $onlineip = sax_addslashes($onlineip); @preg_match("/[\\d\\.]{7,15}/", $onlineip, $onlineipmatches); $onlineip = $onlineipmatches[0] ? $onlineipmatches[0] : 'unknown'; unset($onlineipmatches); // 允许程序在 register_globals = off 的环境下工作 $onoff = function_exists('ini_get') ? ini_get('register_globals') : get_cfg_var('register_globals'); if ($onoff != 1) { @extract($_POST, EXTR_SKIP); @extract($_GET, EXTR_SKIP); @extract($_COOKIE, EXTR_SKIP); } // 判断 magic_quotes_gpc 状态 if (@get_magic_quotes_gpc()) { $_GET = sax_stripslashes($_GET); $_POST = sax_stripslashes($_POST); $_COOKIE = sax_stripslashes($_COOKIE);
@extract($_POST, EXTR_SKIP); @extract($_GET, EXTR_SKIP); } // 判断 magic_quotes_gpc 状态 if (@get_magic_quotes_gpc()) { $_GET = sax_stripslashes($_GET); $_POST = sax_stripslashes($_POST); $_COOKIE = sax_stripslashes($_COOKIE); } if ($_POST['sax_cookie_auth']) { list($sax_uid, $sax_pw, $sax_logincount) = explode("\t", authcode($_POST['sax_cookie_auth'], 'DECODE')); } else { list($sax_uid, $sax_pw, $sax_logincount) = $_COOKIE['sax_auth'] ? explode("\t", authcode($_COOKIE['sax_auth'], 'DECODE')) : array('', '', 0); } $sax_uid = (int) $sax_uid; $sax_pw = sax_addslashes($sax_pw); $sax_logincount = (int) $sax_logincount; $sax_group = 4; $_EVO = array(); $seccode = 0; if ($sax_uid) { $query = $DB->query("SELECT userid AS sax_uid, username AS sax_user, password AS sax_pw, groupid AS sax_group, logincount AS sax_logincount, email as sax_email, url as sax_url, lastpost, lastip, lastvisit, lastactivity\r\n\t\tFROM {$db_prefix}users\r\n\t\tWHERE userid='{$sax_uid}' AND password='******' AND logincount='{$sax_logincount}'"); $_EVO = $DB->fetch_array($query); if (!$_EVO) { dcookies(); } } @extract($_EVO); $lastvisit = !$lastvisit ? $timestamp : $lastvisit; if (!$sax_uid || !$sax_user) { $sax_uid = $sax_logincount = 0;
} if ($url) { if (!preg_match("#^(http|news|https|ftp|ed2k|rtsp|mms)://#", $url)) { $location = getlink('comment', 'mod', array('message' => 6, 'commentid' => $commentid)); } $key = array("\\", ' ', "'", '"', '*', ',', '<', '>', "\r", "\t", "\n", '(', ')', '+', ';'); foreach ($key as $value) { if (strpos($url, $value) !== false) { $location = getlink('comment', 'mod', array('message' => 6, 'commentid' => $commentid)); break; } } $url = char_cv($url); } if (!$location) { $DB->unbuffered_query("UPDATE {$db_prefix}comments SET author='{$author}', email='{$email}', url='{$url}', content='" . sax_addslashes($_POST['content']) . "' WHERE commentid='{$commentid}'"); newcomments_recache(); $location = getlink('comment', 'list', array('message' => 7)); } header("Location: {$location}"); exit; } //批量处理评论状态 if ($action == 'domorelist') { $message = ''; if ($doit == 'display') { $visible = '1'; $location = getlink('comment', 'list', array('message' => 8)); $del = false; } elseif ($doit == 'hidden') { $visible = '0';
if ($options['trackback_life'] && $timestamp - intval($carr[1]) > 3600 * 24) { showxml('已经超过本文允许Trackback的时间'); } $article = $DB->fetch_one_array("SELECT dateline,closetrackback FROM {$db_prefix}articles WHERE articleid='{$articleid}'"); if (!$article) { showxml('文章不存在'); } elseif ($article['closetrackback']) { showxml('本文此时不允许引用'); } elseif ($article['dateline'] != intval($carr[1])) { showxml('文章时间验证失败'); } $url = sax_addslashes(trim($_POST['url'])); if ($url) { $title = sax_addslashes(html_excerpt($_POST['title'])); $excerpt = sax_addslashes(trimmed_title(html_excerpt($_POST['excerpt'])), 200); $blog_name = sax_addslashes(html_excerpt($_POST['blog_name'])); } if (!$title || !$excerpt || !$url || !$blog_name) { showxml('参数不正确'); } elseif (substr($url, 0, 7) != 'http://') { showxml('参数不正确'); } // 检查Spam // 定义发送来的此条Trackback初始分数 $point = 0; $options['tb_spam_level'] = in_array($options['tb_spam_level'], array('strong', 'weak', 'never')) ? $options['tb_spam_level'] : 'weak'; if ($options['audit_trackback']) { //如果人工审核 $visible = '0'; } elseif ($options['tb_spam_level'] != 'never') { $source_content = '';
//登陆状态检测 if (!$sax_uid || !$sax_pw || !$sax_logincount) { loginpage(); } else { $r = $DB->fetch_one_array("SELECT userid, password, logincount FROM {$db_prefix}users WHERE userid='{$sax_uid}'"); if (!$r) { loginpage(); } if ($sax_pw != $r['password']) { loginpage(); } if ($sax_logincount != $r['logincount']) { loginpage(); } } $job = sax_addslashes($_GET['job'] ? $_GET['job'] : $_POST['job']); // 记录管理的一切操作 getlog(); if ($sax_group == 1) { $adminitem = array('main' => array('name' => '首页', 'start' => 1), 'article' => array('name' => '文章', 'submenu' => array(array('name' => '文章管理', 'action' => 'list', 'default' => 1), array('name' => '添加文章', 'action' => 'add'))), 'comment' => array('name' => '评论', 'submenu' => array(array('name' => '评论管理', 'action' => 'list', 'default' => 1))), 'attachment' => array('name' => '附件', 'submenu' => array(array('name' => '附件管理', 'action' => 'list', 'default' => 1), array('name' => '附件修复', 'action' => 'repair'), array('name' => '附件清理', 'action' => 'clear'), array('name' => '附件统计', 'action' => 'stats'))), 'category' => array('name' => '分类', 'submenu' => array(array('name' => '分类管理', 'action' => 'catelist', 'default' => 1), array('name' => '标签管理', 'action' => 'taglist'))), 'user' => array('name' => '用户', 'submenu' => array(array('name' => '用户管理', 'action' => 'list', 'default' => 1), array('name' => '添加用户', 'action' => 'add'))), 'link' => array('name' => '链接', 'submenu' => array(array('name' => '链接管理', 'action' => 'list', 'default' => 1), array('name' => '添加连接', 'action' => 'add'))), 'template' => array('name' => '模板', 'submenu' => array(array('name' => '模板设置', 'action' => 'template', 'default' => 1), array('name' => '模板变量', 'action' => 'stylevar'), array('name' => '添加模板变量', 'action' => 'add'))), 'tools' => array('name' => '维护', 'submenu' => array(array('name' => '数据库信息', 'action' => 'mysqlinfo', 'default' => 1), array('name' => '备份数据库', 'action' => 'backup'), array('name' => '数据库维护', 'action' => 'tools'), array('name' => '数据文件管理', 'action' => 'filelist'), array('name' => '导入RSS数据', 'action' => 'rssimport'), array('name' => '缓存管理', 'action' => 'cache'), array('name' => '重建数据', 'action' => 'rebuild'), array('name' => '后台操作记录', 'action' => 'adminlog'), array('name' => '登陆记录', 'action' => 'loginlog'), array('name' => '数据库出错记录', 'action' => 'dberrorlog'))), 'configurate' => array('name' => '设置', 'end' => 1, 'submenu' => array(array('name' => '全部', 'action' => 'all'), array('name' => '基本设置', 'action' => 'basic', 'default' => 1), array('name' => '显示设置', 'action' => 'display'), array('name' => '评论设置', 'action' => 'comment'), array('name' => '附件设置', 'action' => 'attach'), array('name' => '时间设置', 'action' => 'dateline'), array('name' => 'SEO设置', 'action' => 'seo'), array('name' => 'WAP设置', 'action' => 'wap'), array('name' => '安全设置', 'action' => 'ban'), array('name' => 'RSS设置', 'action' => 'rss'), array('name' => '伪静态设置', 'action' => 'permalink')))); } elseif ($sax_group == 2) { $adminitem = array('main' => array('name' => '首页', 'start' => 1), 'article' => array('name' => '文章', 'submenu' => array(array('name' => '文章管理', 'action' => 'list', 'default' => 1), array('name' => '添加文章', 'action' => 'add'))), 'user' => array('name' => '资料', 'end' => 1)); !$job && ($job = 'article'); if ($job == 'user') { $action = in_array($action, array('profile', 'modprofile')) ? $action : 'profile'; } // 撰写组菜单 } else { $adminitem = array(); $job = 'user'; $action = in_array($action, array('profile', 'modprofile')) ? $action : 'profile';
<?php // ========================== 文件说明 ==========================// // 本文件说明:获取Trackback地址&标签操作 // --------------------------------------------------------------// // 本程序作者:angel // --------------------------------------------------------------// // 本程序版本:SaBlog-X Ver 2.0 // --------------------------------------------------------------// // 本程序主页:http://www.sablog.net // ==============================================================// require_once 'global.php'; if ($_GET['action'] == 'tag') { $tag = sax_addslashes($_GET['tag']); $html = '<h2><a href="javascript:;" onclick="document.getElementById(\'ajax-div\').style.display=\'none\';">关闭</a>相关文章</h2><div>'; if ($tag) { $r = $DB->fetch_one_array("SELECT mid, name, slug, count FROM {$db_prefix}metas WHERE type='tag' AND name='{$tag}' LIMIT 1"); if (!$r) { $html .= 'TAG记录不存在'; } else { $aids = get_cids($r['mid']); if ($aids) { $total = $r['count']; $query = $DB->query("SELECT articleid, title, alias FROM {$db_prefix}articles WHERE visible='1' AND articleid IN ({$aids}) ORDER BY dateline DESC LIMIT 10"); $html .= '<ul>'; while ($article = $DB->fetch_array($query)) { $html .= '<li><a href="' . getpermalink($article['articleid'], $article['alias']) . '">' . $article['title'] . '</a></li>'; } $html .= '</ul>'; if ($total > 10) { $html .= '<div style="padding-top:20px;text-align:right;"><a href="' . gettaglink($r['slug']) . '">更多相关文章</a></p>';
function autosave_recache($title = '', $description = '', $content = '') { global $sax_uid, $timestamp; $title = sax_addslashes($title); $description = sax_addslashes($description); $content = sax_addslashes($content); $autosavedb = array(); @(include_once SABLOG_ROOT . 'data/cache/cache_autosave.php'); $autosavedb[$sax_uid] = array('timestamp' => $timestamp, 'title' => $title, 'description' => $description, 'content' => $content); $contents = "\$autosavedb = unserialize('" . addcslashes(serialize($autosavedb), '\\\'') . "');"; writetocache('autosave', $contents); }
if ($uid) { $user = $DB->fetch_one_array("SELECT username FROM {$db_prefix}users WHERE userid='{$uid}'"); $subnav = $user['username'] . '发表的文章'; $addquery .= " AND a.uid='{$uid}'"; $pagelink .= '&uid=' . $uid; } if ($m) { $mdb = explode('-', $m); list($start, $end) = explode('-', gettimestamp($mdb[0], $mdb[1])); $pagelink .= '&m=' . $m; $subnav = '在' . $mdb[0] . '年' . $mdb[1] . '月里'; //*******************************// $addquery .= " AND a.dateline >= '" . correcttime($start) . "' AND a.dateline < '" . correcttime($end) . "' "; } // 搜索部分 $keywords = sax_addslashes(trim($keywords)); if ($keywords) { $keywords = str_replace("_", "\\_", $keywords); $keywords = str_replace("%", "\\%", $keywords); if (preg_match("(AND|\\+|&|\\s)", $keywords) && !preg_match("(OR|\\|)", $keywords)) { $andor = ' AND '; $sqltxtsrch = '1'; $keywords = preg_replace("/( AND |&| )/is", "+", $keywords); } else { $andor = ' OR '; $sqltxtsrch = '0'; $keywords = preg_replace("/( OR |\\|)/is", "+", $keywords); } $keywords = str_replace('*', '%', addcslashes($keywords, '%_')); foreach (explode("+", $keywords) as $text) { $text = trim($text);
$query_sql .= " AND a.articleid IN (" . $search['ids'] . ") ORDER BY a.dateline DESC LIMIT {$start_limit}, " . $pagenum; $pageurl = getsearchlink($searchid); $navtext = '搜索“<strong>' . $search['keywords'] . '</strong>”的结果'; $indexpage = 0; // 查看首页文章 } else { if ($options['permalink']) { $pageurl = $options['url'] . 'page/'; } else { $pageurl = $options['url'] . '?action=article'; } $navtext = ''; $total = $stats['article_count']; // 检查是否设置分类参数 $cid = (int) $_GET['cid']; $curl = sax_addslashes($_GET['curl']); if ($cid || $curl) { if ($cid) { $r = $DB->fetch_one_array("SELECT mid, name, slug, count FROM {$db_prefix}metas WHERE type='category' AND mid='{$cid}'"); } else { $r = $DB->fetch_one_array("SELECT mid, name, slug, count FROM {$db_prefix}metas WHERE type='category' AND slug='{$curl}' LIMIT 1"); } if (!$r) { message('记录不存在.', './'); } $aids = get_cids($r['mid']); $query_sql .= " AND a.articleid IN ({$aids})"; $navtext = $r['name']; $total = $r['count']; $pageurl = getcatelink($cid, $r['slug']); $options['title'] = settitle($r['name']);
if ($mids) { foreach ($mids as $mid) { if ($mid = intval(trim($mid))) { $catearray[] = $mid; } } } $cids = $comma = ''; foreach ($catecache as $data) { if (!$catearray || in_array($data['mid'], $catearray)) { $cids .= $comma . intval($data['mid']); $comma = ','; } } $searchin = $_POST['searchin'] == 'title' ? 'title' : 'content'; $searchstring = sax_addslashes($keywords) . '|' . sax_addslashes($searchin) . '|' . sax_addslashes($cids); $searchindex = array('id' => 0, 'dateline' => '0'); $query = $DB->query("SELECT searchid, dateline,\r\n\t\t\t(" . ($sax_uid ? "uid='{$sax_uid}'" : "ipaddress='{$onlineip}'") . " AND {$timestamp}-dateline<20) AS flood, (searchstring='{$searchstring}' AND expiration>'{$timestamp}') AS indexvalid\r\n\t\t\tFROM {$db_prefix}searchindex\r\n\t\t\tWHERE (" . ($sax_uid ? "uid='{$sax_uid}'" : "ipaddress='{$onlineip}'") . " AND {$timestamp}-dateline<20) OR (searchstring='{$searchstring}' AND expiration>'{$timestamp}') ORDER BY flood"); while ($index = $DB->fetch_array($query)) { if ($index['indexvalid'] && $index['dateline'] > $searchindex['dateline']) { $searchindex = array('id' => $index['searchid'], 'dateline' => $index['dateline']); break; } elseif ($index['flood'] && $sax_group != 1 && $sax_group != 2) { message('对不起,您在 20 秒内只能进行一次搜索.'); } } if ($searchindex['id']) { $searchid = $searchindex['id']; } else { $keywords = str_replace("_", "\\_", $keywords); $keywords = str_replace("%", "\\%", $keywords);
$visible = 0; $state = '禁用'; $location = getlink('template', 'stylevar', array('message' => 7, 'stylevarid' => $stylevarid)); } else { $visible = 1; $state = '启用'; $location = getlink('template', 'stylevar', array('message' => 8, 'stylevarid' => $stylevarid)); } $DB->unbuffered_query("UPDATE {$db_prefix}stylevars SET visible='{$visible}' WHERE stylevarid='{$stylevarid}'"); stylevars_recache(); header("Location: {$location}"); exit; } if ($action == 'addstylevar' || $action == 'modstylevar') { $new_title = strtolower(sax_addslashes($_POST['new_title'])); $new_value = sax_addslashes($_POST['new_value']); $new_description = char_cv($_POST['new_description']); $goaction = str_replace('stylevar', '', $action); if ($new_title) { if (!preg_match("/^[a-z]+[a-z0-9_]*\$/i", $new_title)) { $location = getlink('template', $goaction, array('message' => 9, 'stylevarid' => $stylevarid)); } if ($action == 'addstylevar') { $query = $DB->query("SELECT COUNT(stylevarid) FROM {$db_prefix}stylevars WHERE title='{$new_title}'"); } else { $query = $DB->query("SELECT COUNT(stylevarid) FROM {$db_prefix}stylevars WHERE title='{$new_title}' AND stylevarid!='{$stylevarid}'"); } if ($DB->result($query, 0)) { $location = getlink('template', $goaction, array('message' => 10, 'stylevarid' => $stylevarid)); } else { if ($action == 'addstylevar') {
function char_cv($string) { $string = htmlspecialchars(sax_addslashes($string)); return $string; }
$query = $DB->query("SELECT m.mid, m.name, m.slug, m.type, r.cid FROM {$db_prefix}metas m\r\n\tINNER JOIN {$db_prefix}relationships r ON r.mid = m.mid\r\n\tWHERE m.type IN ('category', 'tag') AND r.cid='" . $article['articleid'] . "'\r\n\tORDER BY m.displayorder ASC, m.mid DESC"); $article['keywords'] = $comma = ''; while ($meta = $DB->fetch_array($query)) { if ($meta['type'] == 'tag') { $meta['url'] = gettaglink($meta['slug']); $article['content'] = highlight_tag($article['content'], $meta['name']); } else { $meta['url'] = getcatelink($meta['mid'], $meta['slug']); } $article['keywords'] .= $comma . $meta['name']; $metadb[$article['articleid']][$meta['type']][] = $meta; $comma = ','; } $DB->free_result($query); if ($_POST['readpassword'] && $article['readpassword'] == sax_addslashes($_POST['readpassword'])) { scookie('readpassword_' . $article['articleid'], sax_addslashes($_POST['readpassword']), 2592000); //一个月 } //设置文章的分类名、作者、TAG、标题成为meta\title信息 if (!$article['keywords']) { $tmp = $comma = ''; if (is_array($catecache) && count($catecache)) { foreach ($catecache as $data) { $tmp .= $comma . $data['name']; $comma = ','; } $options['meta_keywords'] = $tmp; } else { $options['meta_keywords'] = ''; } } else {
function parserss($rssdata) { global $options, $timeoffset; if (preg_match("/<title>(.+?)<\\/title>/is", $rssdata, $match)) { $title = sax_addslashes($match[1]); } if (preg_match("/<pubDate>(.+?)<\\/pubDate>/is", $rssdata, $match)) { $dateline = strtotime($match[1]) - $timeoffset * 3600; } if (preg_match("/<content:encoded>(.+?)<\\/content:encoded>/is", $rssdata, $match)) { } else { preg_match("/<description>(.+?)<\\/description>/is", $rssdata, $match); } $content = sax_addslashes($match[1]); return array('title' => $title, 'dateline' => $dateline, 'content' => $content); }
} } echo '<div class="install_main">'; echo '<p class="p2">成功重建所有分类数据</p><p class="p2"><a href="' . $php_self . '?action=second">程序将自动跳转.如果没有自动跳转,请点击这里.</a></p>'; echo '<meta HTTP-EQUIV="REFRESH" content="2;URL=' . $php_self . '?action=second">'; echo '</div></body></html>'; exit; } elseif ($action == 'second') { $query = $DB->query("SELECT articleid, cid, keywords, visible FROM {$db_prefix}articles LIMIT {$start}, {$percount}"); while ($article = $DB->fetch_array($query)) { $goon = 1; //关联标签 if ($article['keywords']) { $tagdb = explode(',', $article['keywords']); foreach ($tagdb as $tag) { $tag = sax_addslashes(trim($tag)); if ($tag) { $r = $DB->fetch_one_array("SELECT mid FROM {$db_prefix}metas WHERE name='{$tag}' AND type='tag' LIMIT 1"); if (!$r) { $DB->query("INSERT INTO {$db_prefix}metas (name,slug,type) VALUES ('{$tag}', '{$tag}', 'tag')"); $mid = $DB->insert_id(); $DB->query("INSERT INTO {$db_prefix}relationships (cid,mid) VALUES ('" . $article['articleid'] . "', '{$mid}')"); } else { $mid = $r['mid']; $r2 = $DB->fetch_one_array("SELECT cid FROM {$db_prefix}relationships WHERE mid='{$mid}' LIMIT 1"); if (!$r2) { $DB->query("INSERT INTO {$db_prefix}relationships (cid,mid) VALUES ('" . $article['articleid'] . "', '{$mid}')"); } else { if ($article['articleid'] != $r2['cid']) { $DB->query("INSERT INTO {$db_prefix}relationships (cid,mid) VALUES ('" . $article['articleid'] . "', '{$mid}')"); }
wap_message('数据库中已存在一样的标题了,建议您换一个', array('title' => '重新发表', 'link' => 'index.php?action=addarticle')); } // 插入数据部分 $DB->query("INSERT INTO {$db_prefix}articles (uid, title, content, dateline) VALUES ('{$sax_uid}', '{$title}', '{$content} <br /><br /><span style=\"font-weight:bold;color:#4685C4;background-color:#E9F1F8;\">自 WAP 发表</span>', '{$timestamp}')"); $articleid = $DB->insert_id(); // 关联文章分类 foreach ($mids as $mid) { $DB->unbuffered_query("UPDATE {$db_prefix}metas SET count=count+1 WHERE mid='{$mid}' AND type='category'"); $DB->query("INSERT INTO {$db_prefix}relationships (cid, mid) VALUES ('{$articleid}', '{$mid}')"); } // 插入/更新Tags if ($keywords) { $tagdb = explode(',', $keywords); foreach ($tagdb as $tag) { if ($tag) { $tag = sax_addslashes($tag); $r = $DB->fetch_one_array("SELECT mid FROM {$db_prefix}metas WHERE name='{$tag}' AND type='tag' LIMIT 1"); if (!$r) { $new_mid = insert_meta($tag, $slug, 'tag', 1); $DB->query("INSERT INTO {$db_prefix}relationships (cid, mid) VALUES ('{$articleid}', '{$new_mid}')"); $DB->unbuffered_query("UPDATE {$db_prefix}statistics SET tag_count=tag_count+1"); } else { $DB->query("INSERT INTO {$db_prefix}relationships (cid, mid) VALUES ('{$articleid}', '" . $r['mid'] . "')"); $DB->unbuffered_query("UPDATE {$db_prefix}metas SET count=count+1 WHERE mid='" . $r['mid'] . "' AND type='tag'"); } } } } $DB->unbuffered_query("UPDATE {$db_prefix}users SET articles=articles+1 WHERE userid='{$sax_uid}'"); $DB->unbuffered_query("UPDATE {$db_prefix}statistics SET article_count=article_count+1"); archives_recache();
// ==============================================================// if (!defined('SABLOG_ROOT') || !isset($php_self) || !preg_match("/[\\/\\\\]cp\\.php\$/", $php_self)) { exit('Access Denied'); } //权限检查 permission(1); if ($message) { $messages = array(1 => '更新系统配置成功'); } $settingsmenu = array('all' => '全部', 'basic' => '基本设置', 'display' => '显示设置', 'comment' => '评论设置', 'attach' => '附件设置', 'dateline' => '时间设置', 'seo' => 'SEO设置', 'wap' => 'WAP设置', 'ban' => '安全设置', 'rss' => 'RSS设置', 'permalink' => '伪静态设置'); !$action && ($action = 'basic'); // 更新配置以及配置文件 if ($_POST['action'] == 'updatesetting') { //$DB->query("TRUNCATE TABLE {$db_prefix}settings"); foreach ($_POST['setting'] as $key => $val) { $DB->query("REPLACE INTO {$db_prefix}settings VALUES ('" . sax_addslashes($key) . "', '" . sax_addslashes($val) . "')"); } if ($oldaction == 'all' || $oldaction == 'display') { newarticles_recache(); archives_recache(); hottags_recache(); } if ($oldaction == 'all' || $oldaction == 'comment') { newcomments_recache(); } settings_recache(); $location = getlink('configurate', $oldaction, array('message' => 1)); header("Location: {$location}"); exit; } //end update
$thumb_data = generate_thumbnail($attach_thumb); $attach_data['thumbwidth'] = $thumb_data['thumbwidth']; $attach_data['thumbheight'] = $thumb_data['thumbheight']; $attach_data['thumbfilepath'] = $attachsubdir . $thumb_data['thumbfilepath']; } } //水印 $watermark_size = explode('x', strtolower($options['watermark_size'])); if ($isimage && $options['watermark'] && $imginfo[0] > $watermark_size[0] && $imginfo[1] > $watermark_size[1] && $attach['size'] < 2048000) { require_once SABLOG_ROOT . 'include/func/image.func.php'; create_watermark($path); $attach['size'] = filesize($path); } } // 把文件信息插入数据库 $DB->query("INSERT INTO {$db_prefix}attachments (filename,filesize,filetype,filepath,dateline,downloads,isimage,thumb_filepath,thumb_width,thumb_height) VALUES ('" . sax_addslashes($attach['name']) . "', '" . $attach['size'] . "', '" . sax_addslashes($attach['type']) . "', '" . sax_addslashes($filepath) . "', '{$timestamp}', '0', '{$isimage}', '" . $attach_data['thumbfilepath'] . "', '" . $attach_data['thumbwidth'] . "','" . $attach_data['thumbheight'] . "')"); $new_attachid = $DB->insert_id(); unset($isimage); unset($attach_data); } } /* else { if(isset($_FILES['attach']) && is_array($_FILES['attach'])) { foreach($_FILES['attach'] as $key => $var) { foreach($var as $id => $val) { $attachments[$id][$key] = $val; } } } $comma = '';