if (PHP_VERSION > '5.1') {
@date_default_timezone_set('UTC');
}
// 加载核心函数
require_once SABLOG_ROOT . 'include/func/global.func.php';
// 获得IP地址
if (getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
$onlineip = getenv('HTTP_CLIENT_IP');
} elseif (getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
$onlineip = getenv('HTTP_X_FORWARDED_FOR');
} elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
$onlineip = getenv('REMOTE_ADDR');
} elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
$onlineip = $_SERVER['REMOTE_ADDR'];
}
$onlineip = sax_addslashes($onlineip);
@preg_match("/[\\d\\.]{7,15}/", $onlineip, $onlineipmatches);
$onlineip = $onlineipmatches[0] ? $onlineipmatches[0] : 'unknown';
unset($onlineipmatches);
// 允许程序在 register_globals = off 的环境下工作
$onoff = function_exists('ini_get') ? ini_get('register_globals') : get_cfg_var('register_globals');
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
@extract($_COOKIE, EXTR_SKIP);
}
// 判断 magic_quotes_gpc 状态
if (@get_magic_quotes_gpc()) {
$_GET = sax_stripslashes($_GET);
$_POST = sax_stripslashes($_POST);
$_COOKIE = sax_stripslashes($_COOKIE);
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
// 判断 magic_quotes_gpc 状态
if (@get_magic_quotes_gpc()) {
$_GET = sax_stripslashes($_GET);
$_POST = sax_stripslashes($_POST);
$_COOKIE = sax_stripslashes($_COOKIE);
}
if ($_POST['sax_cookie_auth']) {
list($sax_uid, $sax_pw, $sax_logincount) = explode("\t", authcode($_POST['sax_cookie_auth'], 'DECODE'));
} else {
list($sax_uid, $sax_pw, $sax_logincount) = $_COOKIE['sax_auth'] ? explode("\t", authcode($_COOKIE['sax_auth'], 'DECODE')) : array('', '', 0);
}
$sax_uid = (int) $sax_uid;
$sax_pw = sax_addslashes($sax_pw);
$sax_logincount = (int) $sax_logincount;
$sax_group = 4;
$_EVO = array();
$seccode = 0;
if ($sax_uid) {
$query = $DB->query("SELECT userid AS sax_uid, username AS sax_user, password AS sax_pw, groupid AS sax_group, logincount AS sax_logincount, email as sax_email, url as sax_url, lastpost, lastip, lastvisit, lastactivity\r\n\t\tFROM {$db_prefix}users\r\n\t\tWHERE userid='{$sax_uid}' AND password='******' AND logincount='{$sax_logincount}'");
$_EVO = $DB->fetch_array($query);
if (!$_EVO) {
dcookies();
}
}
@extract($_EVO);
$lastvisit = !$lastvisit ? $timestamp : $lastvisit;
if (!$sax_uid || !$sax_user) {
$sax_uid = $sax_logincount = 0;
}
if ($url) {
if (!preg_match("#^(http|news|https|ftp|ed2k|rtsp|mms)://#", $url)) {
$location = getlink('comment', 'mod', array('message' => 6, 'commentid' => $commentid));
}
$key = array("\\", ' ', "'", '"', '*', ',', '<', '>', "\r", "\t", "\n", '(', ')', '+', ';');
foreach ($key as $value) {
if (strpos($url, $value) !== false) {
$location = getlink('comment', 'mod', array('message' => 6, 'commentid' => $commentid));
break;
}
}
$url = char_cv($url);
}
if (!$location) {
$DB->unbuffered_query("UPDATE {$db_prefix}comments SET author='{$author}', email='{$email}', url='{$url}', content='" . sax_addslashes($_POST['content']) . "' WHERE commentid='{$commentid}'");
newcomments_recache();
$location = getlink('comment', 'list', array('message' => 7));
}
header("Location: {$location}");
exit;
}
//批量处理评论状态
if ($action == 'domorelist') {
$message = '';
if ($doit == 'display') {
$visible = '1';
$location = getlink('comment', 'list', array('message' => 8));
$del = false;
} elseif ($doit == 'hidden') {
$visible = '0';
if ($options['trackback_life'] && $timestamp - intval($carr[1]) > 3600 * 24) {
showxml('已经超过本文允许Trackback的时间');
}
$article = $DB->fetch_one_array("SELECT dateline,closetrackback FROM {$db_prefix}articles WHERE articleid='{$articleid}'");
if (!$article) {
showxml('文章不存在');
} elseif ($article['closetrackback']) {
showxml('本文此时不允许引用');
} elseif ($article['dateline'] != intval($carr[1])) {
showxml('文章时间验证失败');
}
$url = sax_addslashes(trim($_POST['url']));
if ($url) {
$title = sax_addslashes(html_excerpt($_POST['title']));
$excerpt = sax_addslashes(trimmed_title(html_excerpt($_POST['excerpt'])), 200);
$blog_name = sax_addslashes(html_excerpt($_POST['blog_name']));
}
if (!$title || !$excerpt || !$url || !$blog_name) {
showxml('参数不正确');
} elseif (substr($url, 0, 7) != 'http://') {
showxml('参数不正确');
}
// 检查Spam
// 定义发送来的此条Trackback初始分数
$point = 0;
$options['tb_spam_level'] = in_array($options['tb_spam_level'], array('strong', 'weak', 'never')) ? $options['tb_spam_level'] : 'weak';
if ($options['audit_trackback']) {
//如果人工审核
$visible = '0';
} elseif ($options['tb_spam_level'] != 'never') {
$source_content = '';
//登陆状态检测
if (!$sax_uid || !$sax_pw || !$sax_logincount) {
loginpage();
} else {
$r = $DB->fetch_one_array("SELECT userid, password, logincount FROM {$db_prefix}users WHERE userid='{$sax_uid}'");
if (!$r) {
loginpage();
}
if ($sax_pw != $r['password']) {
loginpage();
}
if ($sax_logincount != $r['logincount']) {
loginpage();
}
}
$job = sax_addslashes($_GET['job'] ? $_GET['job'] : $_POST['job']);
// 记录管理的一切操作
getlog();
if ($sax_group == 1) {
$adminitem = array('main' => array('name' => '首页', 'start' => 1), 'article' => array('name' => '文章', 'submenu' => array(array('name' => '文章管理', 'action' => 'list', 'default' => 1), array('name' => '添加文章', 'action' => 'add'))), 'comment' => array('name' => '评论', 'submenu' => array(array('name' => '评论管理', 'action' => 'list', 'default' => 1))), 'attachment' => array('name' => '附件', 'submenu' => array(array('name' => '附件管理', 'action' => 'list', 'default' => 1), array('name' => '附件修复', 'action' => 'repair'), array('name' => '附件清理', 'action' => 'clear'), array('name' => '附件统计', 'action' => 'stats'))), 'category' => array('name' => '分类', 'submenu' => array(array('name' => '分类管理', 'action' => 'catelist', 'default' => 1), array('name' => '标签管理', 'action' => 'taglist'))), 'user' => array('name' => '用户', 'submenu' => array(array('name' => '用户管理', 'action' => 'list', 'default' => 1), array('name' => '添加用户', 'action' => 'add'))), 'link' => array('name' => '链接', 'submenu' => array(array('name' => '链接管理', 'action' => 'list', 'default' => 1), array('name' => '添加连接', 'action' => 'add'))), 'template' => array('name' => '模板', 'submenu' => array(array('name' => '模板设置', 'action' => 'template', 'default' => 1), array('name' => '模板变量', 'action' => 'stylevar'), array('name' => '添加模板变量', 'action' => 'add'))), 'tools' => array('name' => '维护', 'submenu' => array(array('name' => '数据库信息', 'action' => 'mysqlinfo', 'default' => 1), array('name' => '备份数据库', 'action' => 'backup'), array('name' => '数据库维护', 'action' => 'tools'), array('name' => '数据文件管理', 'action' => 'filelist'), array('name' => '导入RSS数据', 'action' => 'rssimport'), array('name' => '缓存管理', 'action' => 'cache'), array('name' => '重建数据', 'action' => 'rebuild'), array('name' => '后台操作记录', 'action' => 'adminlog'), array('name' => '登陆记录', 'action' => 'loginlog'), array('name' => '数据库出错记录', 'action' => 'dberrorlog'))), 'configurate' => array('name' => '设置', 'end' => 1, 'submenu' => array(array('name' => '全部', 'action' => 'all'), array('name' => '基本设置', 'action' => 'basic', 'default' => 1), array('name' => '显示设置', 'action' => 'display'), array('name' => '评论设置', 'action' => 'comment'), array('name' => '附件设置', 'action' => 'attach'), array('name' => '时间设置', 'action' => 'dateline'), array('name' => 'SEO设置', 'action' => 'seo'), array('name' => 'WAP设置', 'action' => 'wap'), array('name' => '安全设置', 'action' => 'ban'), array('name' => 'RSS设置', 'action' => 'rss'), array('name' => '伪静态设置', 'action' => 'permalink'))));
} elseif ($sax_group == 2) {
$adminitem = array('main' => array('name' => '首页', 'start' => 1), 'article' => array('name' => '文章', 'submenu' => array(array('name' => '文章管理', 'action' => 'list', 'default' => 1), array('name' => '添加文章', 'action' => 'add'))), 'user' => array('name' => '资料', 'end' => 1));
!$job && ($job = 'article');
if ($job == 'user') {
$action = in_array($action, array('profile', 'modprofile')) ? $action : 'profile';
}
// 撰写组菜单
} else {
$adminitem = array();
$job = 'user';
$action = in_array($action, array('profile', 'modprofile')) ? $action : 'profile';
<?php
// ========================== 文件说明 ==========================//
// 本文件说明:获取Trackback地址&标签操作
// --------------------------------------------------------------//
// 本程序作者:angel
// --------------------------------------------------------------//
// 本程序版本:SaBlog-X Ver 2.0
// --------------------------------------------------------------//
// 本程序主页:http://www.sablog.net
// ==============================================================//
require_once 'global.php';
if ($_GET['action'] == 'tag') {
$tag = sax_addslashes($_GET['tag']);
$html = '<h2><a href="javascript:;" onclick="document.getElementById(\'ajax-div\').style.display=\'none\';">关闭</a>相关文章</h2><div>';
if ($tag) {
$r = $DB->fetch_one_array("SELECT mid, name, slug, count FROM {$db_prefix}metas WHERE type='tag' AND name='{$tag}' LIMIT 1");
if (!$r) {
$html .= 'TAG记录不存在';
} else {
$aids = get_cids($r['mid']);
if ($aids) {
$total = $r['count'];
$query = $DB->query("SELECT articleid, title, alias FROM {$db_prefix}articles WHERE visible='1' AND articleid IN ({$aids}) ORDER BY dateline DESC LIMIT 10");
$html .= '<ul>';
while ($article = $DB->fetch_array($query)) {
$html .= '<li><a href="' . getpermalink($article['articleid'], $article['alias']) . '">' . $article['title'] . '</a></li>';
}
$html .= '</ul>';
if ($total > 10) {
$html .= '<div style="padding-top:20px;text-align:right;"><a href="' . gettaglink($r['slug']) . '">更多相关文章</a></p>';
function autosave_recache($title = '', $description = '', $content = '')
{
global $sax_uid, $timestamp;
$title = sax_addslashes($title);
$description = sax_addslashes($description);
$content = sax_addslashes($content);
$autosavedb = array();
@(include_once SABLOG_ROOT . 'data/cache/cache_autosave.php');
$autosavedb[$sax_uid] = array('timestamp' => $timestamp, 'title' => $title, 'description' => $description, 'content' => $content);
$contents = "\$autosavedb = unserialize('" . addcslashes(serialize($autosavedb), '\\\'') . "');";
writetocache('autosave', $contents);
}
if ($uid) {
$user = $DB->fetch_one_array("SELECT username FROM {$db_prefix}users WHERE userid='{$uid}'");
$subnav = $user['username'] . '发表的文章';
$addquery .= " AND a.uid='{$uid}'";
$pagelink .= '&uid=' . $uid;
}
if ($m) {
$mdb = explode('-', $m);
list($start, $end) = explode('-', gettimestamp($mdb[0], $mdb[1]));
$pagelink .= '&m=' . $m;
$subnav = '在' . $mdb[0] . '年' . $mdb[1] . '月里';
//*******************************//
$addquery .= " AND a.dateline >= '" . correcttime($start) . "' AND a.dateline < '" . correcttime($end) . "' ";
}
// 搜索部分
$keywords = sax_addslashes(trim($keywords));
if ($keywords) {
$keywords = str_replace("_", "\\_", $keywords);
$keywords = str_replace("%", "\\%", $keywords);
if (preg_match("(AND|\\+|&|\\s)", $keywords) && !preg_match("(OR|\\|)", $keywords)) {
$andor = ' AND ';
$sqltxtsrch = '1';
$keywords = preg_replace("/( AND |&| )/is", "+", $keywords);
} else {
$andor = ' OR ';
$sqltxtsrch = '0';
$keywords = preg_replace("/( OR |\\|)/is", "+", $keywords);
}
$keywords = str_replace('*', '%', addcslashes($keywords, '%_'));
foreach (explode("+", $keywords) as $text) {
$text = trim($text);
$query_sql .= " AND a.articleid IN (" . $search['ids'] . ") ORDER BY a.dateline DESC LIMIT {$start_limit}, " . $pagenum;
$pageurl = getsearchlink($searchid);
$navtext = '搜索“<strong>' . $search['keywords'] . '</strong>”的结果';
$indexpage = 0;
// 查看首页文章
} else {
if ($options['permalink']) {
$pageurl = $options['url'] . 'page/';
} else {
$pageurl = $options['url'] . '?action=article';
}
$navtext = '';
$total = $stats['article_count'];
// 检查是否设置分类参数
$cid = (int) $_GET['cid'];
$curl = sax_addslashes($_GET['curl']);
if ($cid || $curl) {
if ($cid) {
$r = $DB->fetch_one_array("SELECT mid, name, slug, count FROM {$db_prefix}metas WHERE type='category' AND mid='{$cid}'");
} else {
$r = $DB->fetch_one_array("SELECT mid, name, slug, count FROM {$db_prefix}metas WHERE type='category' AND slug='{$curl}' LIMIT 1");
}
if (!$r) {
message('记录不存在.', './');
}
$aids = get_cids($r['mid']);
$query_sql .= " AND a.articleid IN ({$aids})";
$navtext = $r['name'];
$total = $r['count'];
$pageurl = getcatelink($cid, $r['slug']);
$options['title'] = settitle($r['name']);
if ($mids) {
foreach ($mids as $mid) {
if ($mid = intval(trim($mid))) {
$catearray[] = $mid;
}
}
}
$cids = $comma = '';
foreach ($catecache as $data) {
if (!$catearray || in_array($data['mid'], $catearray)) {
$cids .= $comma . intval($data['mid']);
$comma = ',';
}
}
$searchin = $_POST['searchin'] == 'title' ? 'title' : 'content';
$searchstring = sax_addslashes($keywords) . '|' . sax_addslashes($searchin) . '|' . sax_addslashes($cids);
$searchindex = array('id' => 0, 'dateline' => '0');
$query = $DB->query("SELECT searchid, dateline,\r\n\t\t\t(" . ($sax_uid ? "uid='{$sax_uid}'" : "ipaddress='{$onlineip}'") . " AND {$timestamp}-dateline<20) AS flood, (searchstring='{$searchstring}' AND expiration>'{$timestamp}') AS indexvalid\r\n\t\t\tFROM {$db_prefix}searchindex\r\n\t\t\tWHERE (" . ($sax_uid ? "uid='{$sax_uid}'" : "ipaddress='{$onlineip}'") . " AND {$timestamp}-dateline<20) OR (searchstring='{$searchstring}' AND expiration>'{$timestamp}') ORDER BY flood");
while ($index = $DB->fetch_array($query)) {
if ($index['indexvalid'] && $index['dateline'] > $searchindex['dateline']) {
$searchindex = array('id' => $index['searchid'], 'dateline' => $index['dateline']);
break;
} elseif ($index['flood'] && $sax_group != 1 && $sax_group != 2) {
message('对不起,您在 20 秒内只能进行一次搜索.');
}
}
if ($searchindex['id']) {
$searchid = $searchindex['id'];
} else {
$keywords = str_replace("_", "\\_", $keywords);
$keywords = str_replace("%", "\\%", $keywords);
$visible = 0;
$state = '禁用';
$location = getlink('template', 'stylevar', array('message' => 7, 'stylevarid' => $stylevarid));
} else {
$visible = 1;
$state = '启用';
$location = getlink('template', 'stylevar', array('message' => 8, 'stylevarid' => $stylevarid));
}
$DB->unbuffered_query("UPDATE {$db_prefix}stylevars SET visible='{$visible}' WHERE stylevarid='{$stylevarid}'");
stylevars_recache();
header("Location: {$location}");
exit;
}
if ($action == 'addstylevar' || $action == 'modstylevar') {
$new_title = strtolower(sax_addslashes($_POST['new_title']));
$new_value = sax_addslashes($_POST['new_value']);
$new_description = char_cv($_POST['new_description']);
$goaction = str_replace('stylevar', '', $action);
if ($new_title) {
if (!preg_match("/^[a-z]+[a-z0-9_]*\$/i", $new_title)) {
$location = getlink('template', $goaction, array('message' => 9, 'stylevarid' => $stylevarid));
}
if ($action == 'addstylevar') {
$query = $DB->query("SELECT COUNT(stylevarid) FROM {$db_prefix}stylevars WHERE title='{$new_title}'");
} else {
$query = $DB->query("SELECT COUNT(stylevarid) FROM {$db_prefix}stylevars WHERE title='{$new_title}' AND stylevarid!='{$stylevarid}'");
}
if ($DB->result($query, 0)) {
$location = getlink('template', $goaction, array('message' => 10, 'stylevarid' => $stylevarid));
} else {
if ($action == 'addstylevar') {
function char_cv($string)
{
$string = htmlspecialchars(sax_addslashes($string));
return $string;
}
$query = $DB->query("SELECT m.mid, m.name, m.slug, m.type, r.cid FROM {$db_prefix}metas m\r\n\tINNER JOIN {$db_prefix}relationships r ON r.mid = m.mid\r\n\tWHERE m.type IN ('category', 'tag') AND r.cid='" . $article['articleid'] . "'\r\n\tORDER BY m.displayorder ASC, m.mid DESC");
$article['keywords'] = $comma = '';
while ($meta = $DB->fetch_array($query)) {
if ($meta['type'] == 'tag') {
$meta['url'] = gettaglink($meta['slug']);
$article['content'] = highlight_tag($article['content'], $meta['name']);
} else {
$meta['url'] = getcatelink($meta['mid'], $meta['slug']);
}
$article['keywords'] .= $comma . $meta['name'];
$metadb[$article['articleid']][$meta['type']][] = $meta;
$comma = ',';
}
$DB->free_result($query);
if ($_POST['readpassword'] && $article['readpassword'] == sax_addslashes($_POST['readpassword'])) {
scookie('readpassword_' . $article['articleid'], sax_addslashes($_POST['readpassword']), 2592000);
//一个月
}
//设置文章的分类名、作者、TAG、标题成为meta\title信息
if (!$article['keywords']) {
$tmp = $comma = '';
if (is_array($catecache) && count($catecache)) {
foreach ($catecache as $data) {
$tmp .= $comma . $data['name'];
$comma = ',';
}
$options['meta_keywords'] = $tmp;
} else {
$options['meta_keywords'] = '';
}
} else {
function parserss($rssdata)
{
global $options, $timeoffset;
if (preg_match("/<title>(.+?)<\\/title>/is", $rssdata, $match)) {
$title = sax_addslashes($match[1]);
}
if (preg_match("/<pubDate>(.+?)<\\/pubDate>/is", $rssdata, $match)) {
$dateline = strtotime($match[1]) - $timeoffset * 3600;
}
if (preg_match("/<content:encoded>(.+?)<\\/content:encoded>/is", $rssdata, $match)) {
} else {
preg_match("/<description>(.+?)<\\/description>/is", $rssdata, $match);
}
$content = sax_addslashes($match[1]);
return array('title' => $title, 'dateline' => $dateline, 'content' => $content);
}
}
}
echo '<div class="install_main">';
echo '<p class="p2">成功重建所有分类数据</p><p class="p2"><a href="' . $php_self . '?action=second">程序将自动跳转.如果没有自动跳转,请点击这里.</a></p>';
echo '<meta HTTP-EQUIV="REFRESH" content="2;URL=' . $php_self . '?action=second">';
echo '</div></body></html>';
exit;
} elseif ($action == 'second') {
$query = $DB->query("SELECT articleid, cid, keywords, visible FROM {$db_prefix}articles LIMIT {$start}, {$percount}");
while ($article = $DB->fetch_array($query)) {
$goon = 1;
//关联标签
if ($article['keywords']) {
$tagdb = explode(',', $article['keywords']);
foreach ($tagdb as $tag) {
$tag = sax_addslashes(trim($tag));
if ($tag) {
$r = $DB->fetch_one_array("SELECT mid FROM {$db_prefix}metas WHERE name='{$tag}' AND type='tag' LIMIT 1");
if (!$r) {
$DB->query("INSERT INTO {$db_prefix}metas (name,slug,type) VALUES ('{$tag}', '{$tag}', 'tag')");
$mid = $DB->insert_id();
$DB->query("INSERT INTO {$db_prefix}relationships (cid,mid) VALUES ('" . $article['articleid'] . "', '{$mid}')");
} else {
$mid = $r['mid'];
$r2 = $DB->fetch_one_array("SELECT cid FROM {$db_prefix}relationships WHERE mid='{$mid}' LIMIT 1");
if (!$r2) {
$DB->query("INSERT INTO {$db_prefix}relationships (cid,mid) VALUES ('" . $article['articleid'] . "', '{$mid}')");
} else {
if ($article['articleid'] != $r2['cid']) {
$DB->query("INSERT INTO {$db_prefix}relationships (cid,mid) VALUES ('" . $article['articleid'] . "', '{$mid}')");
}
wap_message('数据库中已存在一样的标题了,建议您换一个', array('title' => '重新发表', 'link' => 'index.php?action=addarticle'));
}
// 插入数据部分
$DB->query("INSERT INTO {$db_prefix}articles (uid, title, content, dateline) VALUES ('{$sax_uid}', '{$title}', '{$content} <br /><br /><span style=\"font-weight:bold;color:#4685C4;background-color:#E9F1F8;\">自 WAP 发表</span>', '{$timestamp}')");
$articleid = $DB->insert_id();
// 关联文章分类
foreach ($mids as $mid) {
$DB->unbuffered_query("UPDATE {$db_prefix}metas SET count=count+1 WHERE mid='{$mid}' AND type='category'");
$DB->query("INSERT INTO {$db_prefix}relationships (cid, mid) VALUES ('{$articleid}', '{$mid}')");
}
// 插入/更新Tags
if ($keywords) {
$tagdb = explode(',', $keywords);
foreach ($tagdb as $tag) {
if ($tag) {
$tag = sax_addslashes($tag);
$r = $DB->fetch_one_array("SELECT mid FROM {$db_prefix}metas WHERE name='{$tag}' AND type='tag' LIMIT 1");
if (!$r) {
$new_mid = insert_meta($tag, $slug, 'tag', 1);
$DB->query("INSERT INTO {$db_prefix}relationships (cid, mid) VALUES ('{$articleid}', '{$new_mid}')");
$DB->unbuffered_query("UPDATE {$db_prefix}statistics SET tag_count=tag_count+1");
} else {
$DB->query("INSERT INTO {$db_prefix}relationships (cid, mid) VALUES ('{$articleid}', '" . $r['mid'] . "')");
$DB->unbuffered_query("UPDATE {$db_prefix}metas SET count=count+1 WHERE mid='" . $r['mid'] . "' AND type='tag'");
}
}
}
}
$DB->unbuffered_query("UPDATE {$db_prefix}users SET articles=articles+1 WHERE userid='{$sax_uid}'");
$DB->unbuffered_query("UPDATE {$db_prefix}statistics SET article_count=article_count+1");
archives_recache();
// ==============================================================//
if (!defined('SABLOG_ROOT') || !isset($php_self) || !preg_match("/[\\/\\\\]cp\\.php\$/", $php_self)) {
exit('Access Denied');
}
//权限检查
permission(1);
if ($message) {
$messages = array(1 => '更新系统配置成功');
}
$settingsmenu = array('all' => '全部', 'basic' => '基本设置', 'display' => '显示设置', 'comment' => '评论设置', 'attach' => '附件设置', 'dateline' => '时间设置', 'seo' => 'SEO设置', 'wap' => 'WAP设置', 'ban' => '安全设置', 'rss' => 'RSS设置', 'permalink' => '伪静态设置');
!$action && ($action = 'basic');
// 更新配置以及配置文件
if ($_POST['action'] == 'updatesetting') {
//$DB->query("TRUNCATE TABLE {$db_prefix}settings");
foreach ($_POST['setting'] as $key => $val) {
$DB->query("REPLACE INTO {$db_prefix}settings VALUES ('" . sax_addslashes($key) . "', '" . sax_addslashes($val) . "')");
}
if ($oldaction == 'all' || $oldaction == 'display') {
newarticles_recache();
archives_recache();
hottags_recache();
}
if ($oldaction == 'all' || $oldaction == 'comment') {
newcomments_recache();
}
settings_recache();
$location = getlink('configurate', $oldaction, array('message' => 1));
header("Location: {$location}");
exit;
}
//end update
$thumb_data = generate_thumbnail($attach_thumb);
$attach_data['thumbwidth'] = $thumb_data['thumbwidth'];
$attach_data['thumbheight'] = $thumb_data['thumbheight'];
$attach_data['thumbfilepath'] = $attachsubdir . $thumb_data['thumbfilepath'];
}
}
//水印
$watermark_size = explode('x', strtolower($options['watermark_size']));
if ($isimage && $options['watermark'] && $imginfo[0] > $watermark_size[0] && $imginfo[1] > $watermark_size[1] && $attach['size'] < 2048000) {
require_once SABLOG_ROOT . 'include/func/image.func.php';
create_watermark($path);
$attach['size'] = filesize($path);
}
}
// 把文件信息插入数据库
$DB->query("INSERT INTO {$db_prefix}attachments (filename,filesize,filetype,filepath,dateline,downloads,isimage,thumb_filepath,thumb_width,thumb_height) VALUES ('" . sax_addslashes($attach['name']) . "', '" . $attach['size'] . "', '" . sax_addslashes($attach['type']) . "', '" . sax_addslashes($filepath) . "', '{$timestamp}', '0', '{$isimage}', '" . $attach_data['thumbfilepath'] . "', '" . $attach_data['thumbwidth'] . "','" . $attach_data['thumbheight'] . "')");
$new_attachid = $DB->insert_id();
unset($isimage);
unset($attach_data);
}
}
/*
else {
if(isset($_FILES['attach']) && is_array($_FILES['attach'])) {
foreach($_FILES['attach'] as $key => $var) {
foreach($var as $id => $val) {
$attachments[$id][$key] = $val;
}
}
}
$comma = '';
