} $target = $INI['system']['imgprefix']."/static/team/{$year}/{$day}/{$fname}"; if($immediate=='1')$target='!'.$target; if($msgtype==1)$msg=$target; else $msg=array('url'=>$target,'localname'=>$upfile['name'],'id'=>'1');//id参数固定不变,仅供演示,实际项目中可以是数据库ID } } else $err='上传文件扩展名必需为:'.$upext; if (is_resource($upfile['tmp_name'])) {fclose($upfile['tmp_name']);} else { @unlink($upfile['tmp_name']); } } return array('err'=>$err,'msg'=>$msg); } //HTML5 上传 if(isset($_SERVER['HTTP_CONTENT_DISPOSITION'])) { if(preg_match('/attachment;\s+name="(.+?)";\s+filename="(.+?)"/i',$_SERVER['HTTP_CONTENT_DISPOSITION'],$info)) { $temp_name = tmpfile(); $content = file_get_contents("php://input"); fwrite($temp_name, $content); fseek($temp_name, 0); $size = strlen($content); $_FILES[$info[1]]=array('name'=>$info[2],'tmp_name'=>$temp_name,'size'=>$size,'type'=> '','error'=>0); } } //End HTML5 $state=uploadfile('filedata'); echo json_encode($state);
} _Header(); } foreach ($_POST['name'] as $id => $value) { $DreamCMS->db->query("update `#DC@__links` set `name`='{$value}',`url`='" . $_POST['url'][$id] . "',`desc`='" . $_POST['description'][$id] . "',`orderid`='" . $_POST['displayorder'][$id] . "' where `id`='{$id}'"); } _Header(); } if ($action == 'add') { $id = intval($id); $name = $_POST['name'] ? save($_POST['name']) : ''; $url = $_POST['url'] ? save($_POST['url']) : ''; $desc = $_POST['description'] ? save($_POST['description']) : ''; //$logo = $_POST['logo']; $orderid = intval($_POST['displayorder']); empty($name) && alert('网站名称不能为空!'); empty($url) && alert('网站URL不能为空!'); strpos($url, 'http://') === false && ($url = 'http://' . $url); $artlogo = $_POST['artlogo'] ? save($_POST['artlogo']) : ''; $_logo = uploadfile("logo", $name); $logo = empty($_logo) ? $artlogo : $_logo['FilePath']; //$DreamCMS->db->query("INSERT INTO `#DC@__links` (`name`,`logo`,`desc`,`url`,`orderid`) VALUES ('$name','$logo','$desc','$url','$orderid')"); if ($id) { $DreamCMS->db->query("UPDATE `#DC@__links` SET `name`='{$name}',`logo`='{$logo}',`desc`='{$desc}',`url`='{$url}',`orderid`='{$orderid}' WHERE `id`='{$id}' LIMIT 1"); } else { $DreamCMS->db->query("INSERT INTO `#DC@__links` (`name`,`logo`,`desc`,`url`,`orderid`) VALUES ('{$name}','{$logo}','{$desc}','{$url}','{$orderid}')"); } _Header("admincp.php?do=link"); } break; }
register(); } else { if ($ask == "edituser") { edituser(); } else { if ($ask == "changepsd") { changepsd(); } else { if ($ask == "delete") { del(); } else { if ($ask == "image") { uploadimage(); } else { if ($ask == "file") { uploadfile(); } else { if ($ask == "lzl") { lzl(); } else { if ($ask == "search") { search(); } else { if ($ask == "action") { action(); } else { echo '<capu><info><code>14</code><msg>ask错误。</msg></info></capu>'; exit; } } }
function pkpost($cacheinfo, $cp = 1) { global $_G, $_SGLOBAL, $theurl, $mname, $checkresults; $itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0; $hash = ''; $op = 'add'; $mustverify = false; $resultitems = $resultmessage = $updateitem = array(); $modelsinfoarr = $cacheinfo['models']; $columnsinfoarr = $cacheinfo['columns']; $feedcolum = array(); foreach ($columnsinfoarr as $result) { if ($mname == "groupbuy" && preg_match('/^user_|^ext_/', $result['fieldname'])) { continue; } if ($result['isfixed'] == 1) { $resultitems[] = $result; } else { $resultmessage[] = $result; } if ($result['formtype'] == 'linkage') { if (!empty($_POST[$result['fieldname']])) { $_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]]; } } elseif ($result['formtype'] == 'timestamp') { if (empty($_POST[$result['fieldname']])) { $_POST[$result['fieldname']] = $_G['timestamp']; } else { $_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]); } } } //輸入檢查 $_POST['subject'] = trim(strip_tags($_POST['subject'])); $itemid = $_POST['itemid']; $checkresults = array(); if (bstrlen($_POST['subject']) < 1 || bstrlen($_POST['subject']) > 80) { array_push($checkresults, array('subject' => lang('space_suject_length_error'))); } //數據檢查 checkvalues(array_merge($resultitems, $resultmessage), 1, 1); //商品價格處理 Start if ($modelsinfoarr['modelname'] == 'good') { if ($_POST['minprice'] > 0 && $_POST['maxprice'] > 0 && $_POST['maxprice'] < $_POST['minprice']) { array_push($checkresults, array('maxprice' => lang('maxprice_must_big_then_minprice'))); } } //商品價格處理 End //修改時檢驗標題圖片是否修改 $defaultmessage = array(); if (!empty($itemid)) { if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) { //當file刪除時,或修改時執行刪除操作 $query = DB::query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\''); $defaultmessage = DB::fetch($query); $hash = getmodelhash($modelsinfoarr['mid'], $itemid); deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage')); //刪除附件表 updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid)); $ext = fileext($defaultmessage['subjectimage']); if (in_array($ext, array('jpg', 'jpeg', 'png'))) { @unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg'); } @unlink(A_DIR . '/' . $defaultmessage['subjectimage']); } } //構建數據 $setsqlarr = $setitemsqlarr = array(); $setsqlarr = getsetsqlarr($resultitems); $itemgrade = DB::result_first("SELECT grade FROM " . tname($mname . "items") . " WHERE itemid = '{$itemid}'"); if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) { $setsqlarr['subjectimage'] = $_POST['subjectimage_value']; } if (empty($_POST['catid']) || $_POST['catid'] < 0) { array_push($checkresults, array('catid' => lang('cat_not_selected'))); } $setsqlarr['catid'] = $_POST['catid']; if ($modelsinfoarr['modelname'] != 'shop') { //限制必填信息所屬店舖 if (pkperm('isadmin')) { if (empty($_POST['shopid'])) { array_push($checkresults, array('shopid' => lang('please_select_shopid'))); } $setsqlarr['shopid'] = intval($_POST['shopid']); } else { $setsqlarr['shopid'] = $_G['myshopid']; } } else { $setsqlarr['letter'] = !empty($_POST['letter']) ? trim($_POST['letter']) : getletter(trim($_POST['subject'])); $setsqlarr['keywords'] = trim(strip_tags($_POST['keywords'])); $setsqlarr['description'] = trim(strip_tags($_POST['description'])); if (!empty($_POST['syncfid'])) { require_once B_ROOT . './api/bbs_syncpost.php'; if (checkbbsfid($_POST['syncfid'])) { $setsqlarr['syncfid'] = intval($_POST['syncfid']); } else { array_push($checkresults, array('syncfid' => lang('syncfid_noexists'))); } } } $setsqlarr['subject'] = $_POST['subject']; $setsqlarr['allowreply'] = 1; if (!empty($checkresults)) { cpmsg('addobject_error', '', '', '', true, true, $checkresults); } if (pkperm('isadmin')) { $setsqlarr['grade'] = isset($_POST['grade']) ? $_POST['grade'] : 3; } elseif ($_G['myshopstatus'] == 'verified') { if (in_array($modelsinfoarr['modelname'], array('good', 'notice', 'consume', 'album', 'groupbuy')) && $itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) { $setsqlarr['grade'] = !empty($itemid) ? 5 : 0; if (!empty($itemid)) { if (in_array($_POST['grade'], array(2, 3))) { $setsqlarr['grade'] = $_POST['grade']; } } $mustverify = true; } else { if (in_array($_POST['grade'], array(2, 3))) { $setsqlarr['grade'] = $_POST['grade']; } else { $setsqlarr['grade'] = $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']] ? 0 : 3; } } } elseif ($_G['myshopstatus'] == 'unverified') { $setsqlarr['grade'] = 0; } $setsqlarr['dateline'] = $_G['timestamp']; $setsqlarr['uid'] = $_G['uid']; $setsqlarr['username'] = $_G['username']; $setsqlarr['lastpost'] = $setsqlarr['dateline']; // 標題圖片處理 Start if (!empty($modelsinfoarr['thumbsize'])) { $modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize'])); $modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0]; $modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1]; } if ($_POST['imagetype'] == 0 && $modelsinfoarr['modelname'] == 'consume' && $_G['setting']['allowcreateimg']) { if ($_GET['action'] == 'add') { $hotline = $_SGLOBAL['panelinfo']['tel']; $address = $_SGLOBAL['panelinfo']['address']; } else { $shopinfo = DB::fetch(DB::query("SELECT tel, address FROM " . tname('shopitems') . " WHERE itemid='{$setsqlarr['shopid']}'")); $hotline = $shopinfo['tel']; $address = $shopinfo['address']; } $dealer_name = DB::result_first("SELECT subject FROM " . tname('shopitems') . " WHERE itemid='{$setsqlarr['shopid']}'"); $createimgarr = array('id' => intval($_POST['imgtplid']), 'mid' => intval($modelsinfoarr['mid']), 'itemid' => intval($itemid), 'coupon_title' => $setsqlarr['subject'], 'dealer_id' => $setsqlarr['uid'], 'dealer_name' => $dealer_name, 'begin_date' => date('Y-m-d', $setsqlarr['validity_start']), 'end_date' => date('Y-m-d', $setsqlarr['validity_end']), 'brief' => trim($_POST['message']), 'exception' => trim($_POST['exception']), 'address' => $address, 'hotline' => $hotline, 'subjectimagewidth' => $modelsinfoarr['subjectimagewidth'], 'subjectimageheight' => $modelsinfoarr['subjectimageheight']); require_once B_ROOT . './source/adminfunc/tool.func.php'; if ($consumeimgpath = image_text($createimgarr)) { $setsqlarr['subjectimage'] = $consumeimgpath; $setsqlarr['imagetype'] = 0; $setsqlarr['imgtplid'] = intval($_POST['imgtplid']); } } else { $uploadfilearr = $ids = array(); $subjectimageid = ''; $uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => '圖片標題', 'formtype' => 'img')), $modelsinfoarr['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']); if (!empty($uploadfilearr)) { $feedsubjectimg = $uploadfilearr; foreach ($uploadfilearr as $tmpkey => $tmpvalue) { if (empty($tmpvalue['error'])) { $setsqlarr[$tmpkey] = $tmpvalue['filepath']; } if (!empty($tmpvalue['aid'])) { $ids[] = $tmpvalue['aid']; } } } if ($modelsinfoarr['modelname'] == 'consume') { $setsqlarr['imagetype'] = 1; } } /* --------- 標題圖片處理 End --------------*/ //詞語過濾 if (!empty($modelsinfoarr['allowfilter'])) { $setsqlarr = scensor($setsqlarr, 1); } //發佈時間 $setsqlarr['dateline'] = $_G['timestamp']; // 商品添加簡介 if ($mname == "good") { $setsqlarr['intro'] = trim(strip_tags($_POST['intro'])); } if (empty($itemid)) { //插入數據 $itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1); if (in_array($modelsinfoarr['modelname'], array('good', 'notice', 'consume', 'album', 'groupbuy'))) { itemnumreset($modelsinfoarr['modelname'], $setsqlarr['shopid']); } } else { $_SGLOBAL['itemupdate'] = 1; //更新 $op = 'update'; unset($setsqlarr['uid']); unset($setsqlarr['username']); unset($setsqlarr['lastpost']); if ($itemgrade == 1 && !pkperm('isadmin')) { $setsqlarr['grade'] = 0; } elseif ($itemgrade == 1 && pkperm('isadmin')) { $setsqlarr['grade'] = 1; } elseif ($itemgrade == 0 && !pkperm('isadmin')) { $setsqlarr['grade'] = 0; } elseif ($itemgrade == 0 && pkperm('isadmin')) { $setsqlarr['grade'] = 0; } if (pkperm('isadmin')) { //站長可以post任何數據 updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid)); //權限限制 } else { // 店長不允許更改店舖組 unset($setsqlarr['groupid']); if ($modelsinfoarr['modelname'] == 'shop') { unset($setsqlarr['validity_start']); unset($setsqlarr['validity_end']); if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) { $updatesqlarr = $setsqlarr; } else { //店長提交店舖權限檢查 updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $_G['myshopid'])); } } else { if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) { $updatesqlarr = $setsqlarr; } else { //店長只能更改管理的店舖的信息 updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid, 'shopid' => $_G['myshopid'])); } } } $query = DB::query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE itemid = \'' . $itemid . '\''); $defaultmessage = DB::fetch($query); } $hash = getmodelhash($modelsinfoarr['mid'], $itemid); if (!empty($ids)) { $ids = simplode($ids); DB::query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')'); } $do = 'pass'; if ($op == 'update' && !$_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) { if (!empty($resultmessage)) { foreach ($resultmessage as $value) { if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) { if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) { //當file刪除時,或修改時執行刪除操作 deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname'])); //刪除附件表 updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('itemid' => $itemid)); @unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg'); @unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']] . '.thumb.jpg'); @unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]); } } } } } //內容 $setsqlarr = $uploadfilearr = $ids = array(); $setsqlarr = getsetsqlarr($resultmessage); $uploadfilearr = $feedcolum = uploadfile($resultmessage, $modelsinfoarr['modelname'], $itemid, 0); $setsqlarr['message'] = trim($_POST['message']); $setsqlarr['message'] = saddslashes(html2bbcode(stripslashes($setsqlarr['message']))); if ($modelsinfoarr['modelname'] == 'consume') { $setsqlarr['exception'] = trim($_POST['exception']); } if ($_POST['imagetype'] == 0 && $modelsinfoarr['modelname'] == 'consume' && $_G['setting']['allowcreateimg']) { $setsqlarr['address'] = trim($_POST['address']); $setsqlarr['hotline'] = trim($_POST['hotline']); } $setsqlarr['postip'] = $_G['clientip']; if ($modelsinfoarr['modelname'] == 'shop' && $itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) { $setsqlarr['banner'] = $_POST['banner_value']; $setsqlarr['windowsimg'] = $_POST['windowsimg_value']; } if (!empty($uploadfilearr)) { foreach ($uploadfilearr as $tmpkey => $tmpvalue) { if (empty($tmpvalue['error'])) { $setsqlarr[$tmpkey] = $tmpvalue['filepath']; } if (!empty($tmpvalue['aid'])) { $ids[] = $tmpvalue['aid']; } } } //添加內容 if (!empty($modelsinfoarr['allowfilter'])) { $setsqlarr = scensor($setsqlarr, 1); } if ($op == 'add') { $setsqlarr['itemid'] = $itemid; //添加內容 inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr); } else { if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']] && !pkperm('isadmin')) { $_SGLOBAL['updatesqlarr'] = array_merge($updatesqlarr, $setsqlarr); } else { //更新內容 updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid)); } } updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash)); return $itemid; }
/** * 模型在线投稿提交处理函数 */ function modelpost($cacheinfo, $cp = 1) { global $_SGLOBAL, $theurl, $_SCONFIG; include_once S_ROOT . './function/upload.func.php'; $_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0; $itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0; $hash = ''; $op = 'add'; $resultitems = $resultmessage = array(); $modelsinfoarr = $cacheinfo['models']; $columnsinfoarr = $cacheinfo['columns']; if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) { showmessage('parameter_error'); } $feedcolum = array(); foreach ($columnsinfoarr as $result) { if ($result['isfixed'] == 1) { $resultitems[] = $result; } else { $resultmessage[] = $result; } if ($result['formtype'] == 'linkage') { if (!empty($_POST[$result['fieldname']])) { $_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]]; } } elseif ($result['formtype'] == 'timestamp') { if (empty($_POST[$result['fieldname']])) { $_POST[$result['fieldname']] = $_SGLOBAL['timestamp']; } else { $_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]); } } } //更新用户最新更新时间 if (empty($itemid) && $_SGLOBAL['supe_uid']) { updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid'])); } //输入检查 $_POST['catid'] = intval($_POST['catid']); $_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0; $_POST['subject'] = shtmlspecialchars(trim($_POST['subject'])); //检查输入 if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) { showmessage('space_suject_length_error'); } if (empty($_POST['catid'])) { showmessage('admin_func_catid_error'); } if (!empty($_FILES['subjectimage']['name'])) { $fileext = fileext($_FILES['subjectimage']['name']); if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) { showmessage('document_types_can_only_upload_pictures'); } } //数据检查 checkvalues(array_merge($resultitems, $resultmessage), 0, 1); //修改时检验标题图片是否修改 $defaultmessage = array(); if (!empty($itemid)) { if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) { //当file删除时,或修改时执行删除操作 $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\''); $defaultmessage = $_SGLOBAL['db']->fetch_array($query); $hash = getmodelhash($_GET['mid'], $itemid); deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage')); //删除附件表 updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid)); $ext = fileext($defaultmessage['subjectimage']); if (in_array($ext, array('jpg', 'jpeg', 'png'))) { @unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg'); } @unlink(A_DIR . '/' . $defaultmessage['subjectimage']); } } //构建数据 $setsqlarr = $setitemsqlarr = array(); $setsqlarr = getsetsqlarr($resultitems); $setsqlarr['catid'] = $_POST['catid']; $setsqlarr['subject'] = $_POST['subject']; $setsqlarr['allowreply'] = $_POST['allowreply']; if (checkperm('managefolder') || checkperm('managemodpost')) { $setsqlarr['grade'] = intval($_POST['grade']); } else { $setsqlarr['grade'] = 0; } $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; $setsqlarr['uid'] = $_SGLOBAL['supe_uid']; $setsqlarr['username'] = $_SGLOBAL['supe_username']; $setsqlarr['lastpost'] = $setsqlarr['dateline']; $modelsinfoarr['subjectimagewidth'] = 400; $modelsinfoarr['subjectimageheight'] = 300; if (!empty($modelsinfoarr['thumbsize'])) { $modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize'])); $modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0]; $modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1]; } $uploadfilearr = $ids = array(); $subjectimageid = ''; $uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']); if (!empty($uploadfilearr)) { $feedsubjectimg = $uploadfilearr; foreach ($uploadfilearr as $tmpkey => $tmpvalue) { if (empty($tmpvalue['error'])) { $setsqlarr[$tmpkey] = $tmpvalue['filepath']; } if (!empty($tmpvalue['aid'])) { $ids[] = $tmpvalue['aid']; } } } //词语过滤 if (!empty($modelsinfoarr['allowfilter'])) { $setsqlarr = scensor($setsqlarr, 1); } //发布时间 if (empty($_POST['dateline'])) { $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; } else { $setsqlarr['dateline'] = sstrtotime($_POST['dateline']); if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) { //不能早于2年 $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; } } if (!checkperm('allowdirectpost') || checkperm('managemodpost')) { //不需要审核时入item表 if (empty($itemid)) { //插入数据 $itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1); } else { //更新 $op = 'update'; unset($setsqlarr['uid']); unset($setsqlarr['username']); unset($setsqlarr['lastpost']); updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid)); $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\''); $defaultmessage = $_SGLOBAL['db']->fetch_array($query); } $hash = getmodelhash($_POST['mid'], $itemid); if (!empty($ids)) { $ids = simplode($ids); $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')'); } $do = 'pass'; } else { if (!empty($uploadfilearr['subjectimage']['aid'])) { $subjectimageid = $uploadfilearr['subjectimage']['aid']; } $setitemsqlarr = $setsqlarr; $do = 'me'; } if ($op == 'update') { if (!empty($resultmessage)) { foreach ($resultmessage as $value) { if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) { if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) { //当file删除时,或修改时执行删除操作 deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname'])); //删除附件表 updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid'])); $ext = fileext($defaultmessage[$value['fieldname']]); if (in_array($ext, array('jpg', 'jpeg', 'png'))) { @unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg'); } @unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]); } } } } } //内容 $setsqlarr = $uploadfilearr = $ids = array(); $setsqlarr = getsetsqlarr($resultmessage); $uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0); $setsqlarr['message'] = trim($_POST['message']); $setsqlarr['postip'] = $_SGLOBAL['onlineip']; if (!empty($uploadfilearr)) { foreach ($uploadfilearr as $tmpkey => $tmpvalue) { if (empty($tmpvalue['error'])) { $setsqlarr[$tmpkey] = $tmpvalue['filepath']; } if (!empty($tmpvalue['aid'])) { $ids[] = $tmpvalue['aid']; } } } //添加内容 if (!empty($modelsinfoarr['allowfilter'])) { $setsqlarr = scensor($setsqlarr, 1); } if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') { //不需要审核时入message表 if ($op == 'add') { $setsqlarr['itemid'] = $itemid; //添加内容 inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr); if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) { $feed['icon'] = 'comment'; $feed['title_template'] = 'feed_model_title'; $murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); $aurl = A_URL; if (empty($_SCONFIG['siteurl'])) { $siteurl = getsiteurl(); $murl = $siteurl . $murl; $aurl = $siteurl . $aurl; } else { $siteurl = S_URL_ALL; } $feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>'); $feed['body_template'] = 'feed_model_message'; $feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150)); if (!empty($feedsubjectimg)) { $feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl); } else { foreach ($feedcolum as $feedimgvalue) { if ($feedimgvalue['filepath']) { $feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl); break; } } if (empty($feed['images'])) { $picurl = getmessagepic(stripslashes($_POST['message'])); if ($picurl && strpos($picurl, '://') === false) { $picurl = $siteurl . '/' . $picurl; } if (!empty($picurl)) { $feed['images'][] = array('url' => $picurl, 'link' => $murl); } } } postfeed($feed); } } else { //更新内容 updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid)); } updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash)); if (checkperm('allowdirectpost') && $op == 'update') { deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1); } if (checkperm('allowdirectpost') && $op == 'update') { $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('writing_success_online_please_wait_for_audit', $jpurl); } else { $jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('online_contributions_success', $jpurl); } } else { $setsqlarr = array_merge($setitemsqlarr, $setsqlarr); $setsqlarr['addfeed'] = $_POST['addfeed']; $setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1); $itemid = inserttable('modelfolders', $setsqlarr, 1); if (!empty($subjectimageid)) { $ids[] = $subjectimageid; } if (!empty($ids)) { $ids = simplode($ids); $hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT); $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')'); } $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('writing_success_online_please_wait_for_audit', $jpurl); } }
// file or dir hash $requestid = optional_param('requestid', "", PARAM_TEXT); // file or dir hash $paramone = optional_param('paramone', "", PARAM_TEXT); // nature of value depends on datatype, maybe path $paramtwo = optional_param('paramtwo', "", PARAM_TEXT); // nature of value depends on datatype, maybe protocol $paramthree = optional_param('paramthree', "", PARAM_TEXT); // nature of value depends on datatype, maybe filearea switch ($datatype) { case "uploadfile": header("Content-type: text/xml"); echo "<?xml version=\"1.0\"?>\n"; //uploadfile filedata(base64), fileextension (needs to be cleaned), blah blah //paramone is the file data, paramtwo is the file extension, requestid is the actionid $returnxml = uploadfile($paramone, $paramtwo, $requestid, $contextid, $comp, $farea, $itemid); break; case "poodllpluginfile": //poodllpluginfile($contextid,$component,$filearea,$itemid,$filepath,$filename); //lets hard code this for now, very very mild security poodllpluginfile($contextid, "mod_assignment", "submission", $itemid, "/", $paramone); return; case "getlast20files": header("Content-type: text/html"); $returnxml = ""; echo "hi"; getLast20Files(); break; case "getrepodata": header("Content-type: text/xml"); echo "<?xml version=\"1.0\"?>\n";
$positions = intval($_POST['positions']); //赛制图标 start $articonpic = save($_POST['articonpic']); $_iconpic = uploadfile("iconpic", $sortname); $iconpic = empty($_iconpic) ? $articonpic : $_iconpic['FilePath']; //赛制图标 end $teamname1 = save($_POST['teamname1']); //队列1图标 start $artteampic1 = save($_POST['artteampic1']); $_teampic1 = uploadfile("teampic1", $sortname); $teampic1 = empty($_teampic1) ? $artteampic1 : $_teampic1['FilePath']; //队列1图标 end $teamname2 = save($_POST['teamname2']); //队列2图标 start $artteampic2 = save($_POST['artteampic2']); $_teampic2 = uploadfile("teampic2", $sortname); $teampic2 = empty($_teampic2) ? $artteampic2 : $_teampic2['FilePath']; //队列2图标 end $starttime = $_POST['starttime'] ? _strtotime($_POST['starttime']) : 0; $endtime = $_POST['endtime'] ? _strtotime($_POST['endtime']) : 0; $addtime = time(); $showstate = intval($_POST['showstate']); //播放来源 start $playsource = ''; if ($_POST['play_url'] && is_array($_POST['play_url'])) { foreach ($_POST['play_url'] as $key => $val) { $thisplay_url = save($val); if ($thisplay_url) { //排序 start $numkey = addKey($playsource, $_POST['play_orders'][$key]); //排序 end
function king_def() { $state = uploadfile('filedata'); echo json_encode($state); }
$font = @$_POST['font']; $userban = @$_POST['userban']; $size = @$_POST['size']; $theme = @$_POST['explorer-theme']; $ban = @$_FILES['ban']; $userfile = fopen(USER_CONF_FILE, 'x'); if ($userfile == FALSE) { header("Status: 301 Moved Permanently", false, 301); header("Location: http://{$host}"); exit; } else { fwrite($userfile, $id_code . "\r\n"); fwrite($userfile, $background . "\r\n"); fwrite($userfile, $font . "\r\n"); fwrite($userfile, $userban . "\r\n"); fwrite($userfile, $size . "\r\n"); fwrite($userfile, $theme); fclose($userfile); if ($userban == 'no') { header("Status: 301 Moved Permanently", false, 301); header("Location: http://{$host}/"); exit; } else { include 'inc/config/upload.php'; $userdir = 'css/img/user.jpg'; uploadfile($ban, $userdir); } header("Status: 301 Moved Permanently", false, 301); header("Location: http://{$host}/"); exit; }
* @author coolmoo <*****@*****.**> */ !defined('iPATH') && exit('What are you doing?'); switch ($action) { case 'editor': $F = uploadfile("upload"); echo json_encode(array('err' => '', 'msg' => uploadfile("upload")["FilePath"])); break; case 'Aupload': strpos($_POST['savedir'], '.') !== false && alert('目录不能带有.', 'javascript:void(0);'); $F = uploadfile("file"); alert($F["OriginalFileName"] . '上传成功!', 'javascript:insert("' . $F["FilePath"] . '","' . $_POST['in'] . '");'); break; case 'uploadfile': strpos($_POST['savedir'], '.') !== false && alert('目录不能带有.', 'javascript:void(0);'); $F = uploadfile("file", '', $_POST['savedir']); alert($F["OriginalFileName"] . '上传成功!', 'javascript:window.parent.location.reload();'); break; case 'createdir': $dirname = $_POST['dirname']; $savedir = $_POST['savedir']; strpos($savedir, '.') !== false && alert('目录不能带有.', 'javascript:void(0);'); strpos($dirname, '.') !== false && alert('目录不能带有.', 'javascript:void(0);'); createdir(iPATH . $iCMS->config['uploadfiledir'] . "/" . $savedir . $dirname); alert("目录[{$dirname}]创建成功!", 'javascript:window.parent.location.reload();'); break; case 'crop': //header('Content-type: image/jpeg'); $tMap = array(1 => 'gif', 2 => 'jpeg', 3 => 'png'); $pic = $_POST['pFile']; $iPic = getfilepath($pic, iPATH, '+');
function upload($usuario, $empresa, $conexion) { if (get('VUP')) { //VUP : Valida Upload $filedata = (string) $_GET['filedata']; $filedata = unserialize(base64_decode($filedata)); $return = array('filedata' => $filedata); return $return; } $path = (string) post("path"); $filedata = (string) post("filedata"); $formId = (string) post("formId"); $campo = (string) post("campo"); $return = array('success' => false, 'msg' => 'No se pudo subir el archivo.'); if ($_FILES['error'] == UPLOAD_ERR_OK) { $filedata = unserialize(base64_decode($filedata)); $filesize = $_FILES["file"]["size"]; $maxfile = $filedata["maxfile"] * 1024 * 1024; if ($filesize <= $maxfile) { $codigo = (int) numerador('archivoTemporal', 0, ''); $return = uploadfile($codigo, $_FILES, $path, $filedata["tipos"]); if ($return['success']) { //deleteFileTemporal($formId, $conexion); insertFileTemporal($codigo, $return, $formId, $campo, $usuario, $empresa, $conexion); } } else { $return['msg'] = "El archivo no puede superar los {$filedata["maxfile"]} Mb"; } } // return "daniel"; return $return; }
msgexiterror("notright", "", "disable"); exit; } } if (isset($_FILES["userfile"])) { if ($codekey == 7) { demo(); } if (!$path) { echo "Path потерян... конец операции..."; exit; } else { if ($pr[68]) { $redirecttoshare = 1; } $err = uploadfile($path, "original"); } if ($err == false) { echo "upload fail."; } if ($err == true) { echo "upload complete."; } exit; } //echo "OSTYPE==$OSTYPE"; if ($pr[41]) { $defaultpath = $pr[41]; } else { if ($OSTYPE == "LINUX") { $defaultpath = getcwd() . "/";
} if ($publicdemo) { $serial = "publicdemo"; } if ($test) { $serial = $testenable; } if (isset($_FILES["userfile"])) { //проверяем посланный ключ //йух посылается , а не ключ... мдя интересно с какой это // if ($go=="Send key") { //проверяем посланный ключ $uploaddir = "_conf"; if ($size > 700) { echo "Превышен hardcoded лимит в 300bytes"; exit; } if (uploadfile($uploaddir, "add.key")) { lprint("FS_FWR"); } else { lprint("FS_FWRFAIL"); } //echo "2userfile=$userfile go=$go path=$path (disabled) "; Header("Location: login.php"); //пофиксили баг с лишним обновлением. не пересылаем заново временно пока херня не пройдет } if ($prauth[$ADM][2] == false and $prauth[$ADM][11]) { lprint("A_LOG_BAN"); ?> <form action="login.php" method="post"> <?php submitkey("resetcookie", "LOGOUT"); echo "</form>"; exit;
if ($_POST["selectoption"] == "Новости") { news($mysqli, $tmpl['newsAdmin']); } else { if (isset($_POST["selectedNews"])) { if ($_POST["selectnews"] == "Новый вопрос") { addnews($mysqli, $tmpl["addnews"]); } else { insertOrDeleteNews($mysqli, $tmpl["updatenews"], $_POST["selectnews"], $tmpl["updatecoments"]); } } else { if (isset($_POST["addnew"])) { $title = $_POST["title1"]; $category = $_POST["categorynews"]; $text = $_POST["text"]; $isHot = $_POST["isHot"]; uploadfile($mysqli); addnewsDB($mysqli, $title, $category, $text, $isHot); $_SESSION["list"] = $tmpl['mainAdmin']; } else { if (isset($_POST["insertnew"])) { //получим id категории $sth = $mysqli->prepare("SELECT id2 FROM Category2 WHERE categ2 = ? "); $sth->bind_Param("s", $_POST["categorynews"]); $sth->execute(); $result = $sth->get_result(); $obj = $result->fetch_assoc(); $idcat = $obj["id2"]; $result->close(); $hot = 0; if ($_POST["isHot"] == "on") { $hot = 1;
} else { alert('您没有任何数据编辑'); } } if ($action == 'add') { $id = (int) $_POST['id']; $name = save($_POST['name']); $orders = intval($_POST['orders']); $types = intval($_POST['types']); !$types && alert('类型错误!'); !$name && alert('名称不能为空!'); if ($delpics) { $pics = ''; } else { $artpics = save($_POST['artpics']); $_pics = uploadfile("pics", $name); $pics = empty($_pics) ? $artpics : $_pics['FilePath']; } $returnurl = $_POST['returnurl'] ? rawurldecode($_POST['returnurl']) : 'admincp.php?do=events_playsource&operation=manage&types=' . $types; $set = " `orders`='{$orders}',`name`='{$name}',`pics`='{$pics}' "; if ($id) { $up = $DreamCMS->db->query("UPDATE `#DC@__events_playsource` SET " . $set . " WHERE `types`='{$types}' AND `id`='{$id}' LIMIT 1 "); if ($up !== false) { redirect("编辑完成!", $returnurl, '2'); } else { alert('编辑失败'); } } else { $set .= ",`types`='{$types}' "; $add = $DreamCMS->db->query("INSERT INTO `#DC@__events_playsource` SET " . $set); if ($add) {
alert('操作成功!', 'url:1'); } } else { //添加 $add = $DreamCMS->db->query("INSERT INTO `#DC@__installhelper` " . $sql); if ($add) { $itid = mysql_insert_id(); $field = 'picshows'; //添加文章图片集 start if ($_FILES[$field]['name'] && is_array($_FILES[$field]['name'])) { foreach ($_FILES[$field]['name'] as $key => $val) { $_FILES[$field . $key]['name'] = $val; $_FILES[$field . $key]['tmp_name'] = $_FILES[$field]['tmp_name'][$key]; $_FILES[$field . $key]['error'] = $_FILES[$field]['error'][$key]; $_FILES[$field . $key]['size'] = $_FILES[$field]['size'][$key]; $tupianji = uploadfile($field . $key, $title . "--图片" . $key + 1); $articlepic = $tupianji['FilePath']; //图片描述 start $picsdes = $field . "picdes"; $picdes = save($_POST[$picsdes][$key]); //图片描述 end //图片排序 start $picsorder = $field . "picorder"; $picorder = intval($_POST[$picsorder][$key]); //图片排序 end $DreamCMS->db->query("INSERT INTO `#DC@__installhelper_pics` SET `itid`='{$itid}',`articlepic`='{$articlepic}',`picdes`='{$picdes}',`picorder`='{$picorder}',`picfield`='{$field}'"); $tupianji = ''; } } //添加文章图片集 end alert('操作成功!', 'url:1');
$tupianji = ''; } } //------添加文章图片集 end //------更新文章图片集 start $picedit = $field . "_edit"; $artpicedit = "art_" . $field . "_edit"; $picids = $field . "picids"; if ($_FILES[$picedit]['name'] && is_array($_FILES[$picedit]['name'])) { foreach ($_FILES[$picedit]['name'] as $key => $val) { $_FILES[$picedit . $key]['name'] = $val; $_FILES[$picedit . $key]['tmp_name'] = $_FILES[$picedit]['tmp_name'][$key]; $_FILES[$picedit . $key]['error'] = $_FILES[$picedit]['error'][$key]; $_FILES[$picedit . $key]['size'] = $_FILES[$picedit]['size'][$key]; $picid = intval($_POST[$picids][$key]); $tupianji = uploadfile($picedit . $key, $title . "商品图片-商品" . $picid); $articlepic = empty($tupianji) ? save($_POST[$artpicedit][$key]) : $tupianji['FilePath']; //------图片描述 start $picsdes = $field . "picdes_edit"; $picdes = save($_POST[$picsdes][$key]); //------图片描述 end //------图片排序 start $picsorder = $field . "picorder_edit"; $picorder = intval($_POST[$picsorder][$key]); //------图片排序 end $picid && $DreamCMS->db->query("UPDATE `#DC@__article_pics` SET `aid`='{$aid}',`articlepic`='{$articlepic}',`picdes`='{$picdes}',`picorder`='{$picorder}' WHERE `picid`='{$picid}' LIMIT 1"); } } //------更新文章图片集 end } }
} else { SmartyValidate::connect($smarty); // validate after a POST if (SmartyValidate::is_valid($_POST)) { // no errors, done with SmartyValidate if (array_key_exists('submit', $_POST)) { //var_dump($_POST); exit; $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $mobile_number = $_POST['mobile_number']; $email = $_POST['email']; $password = md5($_POST['password']); $location = $_POST['area_element']; $medical = $_POST['medical']; $profile = $_POST['profile']; $pix = uploadfile('pix'); //exit(); $userID = $obj->newUser($lastname, $firstname, $email, $mobile_number, $password, $location, $pix, $profile); if (empty($medical)) { } else { if ($medical == 'specialist') { $specializationID = $_POST['specialist']; $hospital = $_POST['hospitals']; $obj->addNewSpecialist($userID, $specializationID, $hospital); } else { if ($medical == 'pharmacist') { $pharmacy = $_POST['pharmacy']; $certifiedNumber = $_POST['certify']; $obj->addPharmacist($pharmacy, $userID, $location, $certifiedNumber); } else { if ($medical == 'hospital') {
alert('删除成功', 'url:1'); } else { alert('删除失败'); } exit; break; case 'post': if ($action == 'edit') { foreach ($_POST['picdes'] as $picid => $value) { $thispicorder = intval($_POST['picorder'][$picid]); $picid && $DreamCMS->db->query("update `#DC@__otherpics` set `picdes`='{$value}',`picorder`='{$thispicorder}' where `picid`='{$picid}'"); } _Header(); } if ($action == 'add') { $picid = intval($picid); $picdes = $_POST['picdes'] ? save($_POST['picdes']) : ''; $picorder = intval($_POST['picorder']); $pictype = $_POST['pictype'] ? save($_POST['pictype']) : 'download'; $artpicurl = $_POST['artpicurl'] ? save($_POST['artpicurl']) : ''; $_picurl = uploadfile("picurl", $picdes); $picurl = empty($_picurl) ? $artpicurl : $_picurl['FilePath']; if ($picid) { $DreamCMS->db->query("UPDATE `#DC@__otherpics` SET `picdes`='{$picdes}',`picorder`='{$picorder}',`pictype`='{$pictype}',`picurl`='{$picurl}' WHERE `picid`='{$picid}' LIMIT 1"); } else { $DreamCMS->db->query("INSERT INTO `#DC@__otherpics` (`picdes`,`picorder`,`pictype`,`picurl`) VALUES ('{$picdes}','{$picorder}','{$pictype}','{$picurl}')"); } _Header("admincp.php?do=otherpics&pictype=" . $pictype); } break; }
if ($file == 1) { //файл есть , предпринимаем меры if (!$tempsize) { echo "Это не картинка ! Файл не был сохранен. <br>"; exit; } // тоже 0 при >64k if ($size > 900000) { echo "Превышен hardcoded лимит в 900Кб"; exit; } //CFG OPT FUTURE TODO: echo "Куда:" . $uploaddir . "/ File:" . $commmsg . $formatscr . "<br>"; echo "fullpathname={$scrfullpathname}<br>"; unlink($scrfullpathname); $error = uploadfile($uploaddir . "/", $commmsg . $formatscr); //почему !!!?? Залить не удалось die("Aaaaaaaaaaa"); if ($error) { ob_clean(); lprint("FS_FWR"); } else { ob_clean(); lprint("FS_FWRFAIL"); } echo $uploaddir . "/", $commmsg . ".jpg"; echo "Он был успешным юзернеймом на УПячке!<br>"; } } //end of upload//.... if($error==false) echo "Слив не засчитан"; //end comment write if ($delcom) {
} elseif ($do == "post") { checkverifycode(trim($_POST['verifycode']), $DreamCMS->language('post:verifycode'), "post"); $title = htmlspecialchars($_POST['title']); $cid = intval($_POST['catalog']); $source = htmlspecialchars($_POST['source']); $author = htmlspecialchars($_POST['author']); $description = htmlspecialchars($_POST['description']); $keywords = htmlspecialchars($_POST['keywords']); $tags = htmlspecialchars($_POST['tag']); $body = $_POST['content']; empty($title) && alert($DreamCMS->language('post:checktitlempty')); empty($cid) && alert($DreamCMS->language('post:checkcid')); empty($body) && alert($DreamCMS->language('post:checkbody')); isset($_POST['keywordToTag']) && ($tags = str_replace(',', ' ', $keywords)); empty($description) && ($description = csubstr(HtmToText($body), $DreamCMS->config['descLen'])); $_pic = uploadfile("pic", $title); $pic = $_pic['FilePath']; $customlink = GetPinyin($title); $visible = $_catalog[$cid]['isexamine'] == "1" ? "0" : "1"; $postype = "-1"; $pubdate = time(); $userid = $type = $hits = $digg = $comments = "0"; $filename = $url = ""; $data = compact('cid', 'title', 'customlink', 'url', 'filename', 'source', 'author', 'userid', 'postype', 'keywords', 'tags', 'description', 'filename', 'pic', 'pubdate', 'hits', 'digg', 'comments', 'type', 'visible'); $DreamCMS->db->get_var("SELECT `id` FROM `#DC@__article` where `title` = '{$title}'") && alert($DreamCMS->language('post:checktitle')); $DreamCMS->db->insert('article', $data); $aid = $DreamCMS->db->insert_id; $DreamCMS->db->insert('articledata', compact('aid', 'subtitle', 'body')); tag($tags); MakeArticleHtm($DreamCMS->db->insert_id); $DreamCMS->db->query("UPDATE `#DC@__catalog` SET `count` = count+1 WHERE `id` ='{$cid}' LIMIT 1 ");
$attach_subdir = 'day_' . date('ymd'); break; case 2: $attach_subdir = 'month_' . date('ym'); break; case 3: $attach_subdir = 'ext_' . $extension; break; } $attach_dir = $attachdir . '/' . $attach_subdir; if (!is_dir($attach_dir)) { @mkdir($attach_dir, 0777); @fclose(fopen($attach_dir . '/index.htm', 'w')); } PHP_VERSION < '4.2.0' && mt_srand((double) microtime() * 1000000); $filename = date("YmdHis") . mt_rand(1000, 9999) . '.' . $extension; $target = $attach_dir . '/' . $filename; move_uploaded_file($upfile['tmp_name'], $target); $msg = $target; } else { $err = '文件大小超过' . $maxattachsize . '字节'; } } else { $err = '上传文件扩展名必需为:' . $upext; } @unlink($temppath); } return array('err' => $err, 'msg' => $msg); } $state = uploadfile('upload'); echo json_encode($state);
function upload($usuario, $empresa, $conexion) { $path = (string) $_POST['path']; $filedata = (string) $_POST['filedata']; $formId = (string) $_POST['formId']; $campo = (string) $_POST['campo']; $return = array('success' => false, 'msg' => 'No se pudo subir el archivo.'); if ($_FILES['error'] == UPLOAD_ERR_OK) { $filedata = unserialize(base64_decode($filedata)); $filesize = $_FILES['file']['size']; $maxfile = $filedata['maxfile'] * 1048576; if ($filesize <= $maxfile) { $codigo = (int) numerador('archivoTemporal', 0, ''); $return = uploadfile($codigo, $_FILES, $path, $filedata['tipos']); if ($return['success']) { deleteFileTemporal($formId, $conexion); insertFileTemporal($codigo, $return, $formId, $campo, $usuario, $empresa, $conexion); } } else { $return['msg'] = 'El archivo no puede superar los ' . $filedata['maxfile'] . ' Mb'; } } return $return; }
$del = $DreamCMS->db->query("DELETE FROM `#DC@__wordcup_focusrecomment` WHERE `id`='{$id}' LIMIT 1"); if ($del) { alert('删除成功!', 'url:1'); } else { alert('删除失败!'); } break; case 'post': if ($action == 'add') { $id = (int) $_POST['id']; $title = save($_POST['title']); !$title && alert('视频名称不能为空!'); $positions = intval($_POST['positions']); //图标 start $artpics = save($_POST['artpics']); $_pics = uploadfile("pics", $title); $pics = empty($_pics) ? $artpics : $_pics['FilePath']; //图标 end $starttime = $_POST['starttime'] ? _strtotime($_POST['starttime']) : 0; $endtime = $_POST['endtime'] ? _strtotime($_POST['endtime']) : 0; $addtime = time(); $showstate = intval($_POST['showstate']); //播放来源 start $playsource = ''; if ($_POST['play_url'] && is_array($_POST['play_url'])) { foreach ($_POST['play_url'] as $key => $val) { $thisplay_url = save($val); if ($thisplay_url) { //排序 start $numkey = addKey($playsource, $_POST['play_orders'][$key]); //排序 end
// { // $newname=uploadfile($fileinfo,'../uploads',$allowext); // } if($fileinfo['name']==null){ $arr=array( "title"=>$_POST['title'], "classname"=>$_POST['classname'], "keywords"=>$_POST['keywords'], "ar_desc"=>$_POST['ar_desc'], "titlepic"=>$_POST['titlepic'], "subdate"=>date("Y/m/d"), "content"=>$_POST['content'] ); } else{ $newname=uploadfile($fileinfo,'../uploads',$allowext); $arr=array( "title"=>$_POST['title'], "classname"=>$_POST['classname'], "keywords"=>$_POST['keywords'], "ar_desc"=>$_POST['ar_desc'], "titlepic"=>$newname, "subdate"=>date("Y/m/d"), "content"=>$_POST['content'] ); } if(update("dw_article",$arr,"articleid=".$id)){ echo '<div class="alert alert-success" role="alert">修改成功,<a href="list_article.php">查看文章列表</a></div>'; } else
/** * 模型在线投稿提交处理函数 */ function modelpost($cacheinfo, $cp = 1) { global $_SGLOBAL, $theurl, $_SCONFIG; include_once S_ROOT . './function/upload.func.php'; $_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0; $itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0; $hash = ''; $op = 'add'; $resultitems = $resultmessage = array(); $modelsinfoarr = $cacheinfo['models']; $columnsinfoarr = $cacheinfo['columns']; //获取等级信息 if ($cacheinfo['models']['modelname'] == 'defect') { switch ($_POST['grade']) { case 1: $_POST['grade'] = '64'; break; case 2: $_POST['grade'] = '32'; break; case 3: $_POST['grade'] = '16'; break; case 4: $_POST['grade'] = '9'; break; case 5: $_POST['grade'] = '4'; break; case 6: $_POST['grade'] = '1'; break; case 7: $_POST['grade'] = '-1'; break; case 8: $_POST['grade'] = '-2'; break; case 9: $_POST['grade'] = '-3'; break; } $gradearr = array('0' => $alang['general_state'], '64' => $alang['check_grade_1'], '32' => $alang['check_grade_2'], '16' => $alang['check_grade_3_1'], '9' => $alang['check_grade_3_2'], '4' => $alang['check_grade_3_3'], '1' => $alang['check_grade_4'], '-1' => $alang['check_grade_5'], '-2' => $alang['check_grade_6'], '-3' => $alang['check_grade_7']); if (!empty($_SCONFIG['checkgrade'])) { $newgradearr = explode("\t", $_SCONFIG['checkgrade']); $gradearr['64'] = $newgradearr[0]; $gradearr['32'] = $newgradearr[1]; $gradearr['16'] = $newgradearr[2]; $gradearr['9'] = $newgradearr[3]; $gradearr['4'] = $newgradearr[4]; $gradearr['1'] = $newgradearr[5]; $gradearr['-1'] = $newgradearr[6]; $gradearr['-2'] = $newgradearr[7]; $gradearr['-3'] = $newgradearr[8]; } } else { $gradearr = array('0' => $alang['general_state'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5'], '6' => $alang['check_grade_6'], '7' => $alang['check_grade_7']); if (!empty($_SCONFIG['checkgrade'])) { $newgradearr = explode("\t", $_SCONFIG['checkgrade']); for ($i = 0; $i < count($newgradearr); $i++) { if (!empty($newgradearr[$i])) { $gradearr[$i + 1] = $newgradearr[$i]; } } } } if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) { showmessage('parameter_error'); } $feedcolum = array(); foreach ($columnsinfoarr as $result) { if ($result['isfixed'] == 1) { $resultitems[] = $result; } else { $resultmessage[] = $result; } if ($result['formtype'] == 'linkage') { if (!empty($_POST[$result['fieldname']])) { $_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]]; } } elseif ($result['formtype'] == 'timestamp') { if (empty($_POST[$result['fieldname']])) { $_POST[$result['fieldname']] = $_SGLOBAL['timestamp']; } else { $_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]); } } } //更新用户最新更新时间 if (empty($itemid) && $_SGLOBAL['supe_uid']) { updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid'])); } //输入检查 $_POST['catid'] = intval($_POST['catid']); $_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0; $_POST['subject'] = shtmlspecialchars(trim($_POST['subject'])); //检查输入 if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) { showmessage('space_suject_length_error'); } if (empty($_POST['catid'])) { showmessage('admin_func_catid_error'); } if (!empty($_FILES['subjectimage']['name'])) { $fileext = fileext($_FILES['subjectimage']['name']); if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) { showmessage('document_types_can_only_upload_pictures'); } } //数据检查 checkvalues(array_merge($resultitems, $resultmessage), 0, 1); //修改时检验标题图片是否修改 $defaultmessage = array(); if (!empty($itemid)) { if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) { //当file删除时,或修改时执行删除操作 $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\''); $defaultmessage = $_SGLOBAL['db']->fetch_array($query); $hash = getmodelhash($_GET['mid'], $itemid); deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage')); //删除附件表 updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid)); $ext = fileext($defaultmessage['subjectimage']); if (in_array($ext, array('jpg', 'jpeg', 'png'))) { @unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg'); } @unlink(A_DIR . '/' . $defaultmessage['subjectimage']); } } //构建数据 $setsqlarr = $setitemsqlarr = array(); $setsqlarr = getsetsqlarr($resultitems); $setsqlarr['catid'] = $_POST['catid']; $setsqlarr['subject'] = $_POST['subject']; $setsqlarr['allowreply'] = $_POST['allowreply']; $setsqlarr['grade'] = intval($_POST['grade']); //modify by jyf,没权限的用户不能改审核等级 if ($setsqlarr['grade'] > 0) { if (!checkperm('manageeditpost')) { showmessage('no_permission'); } } //end $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; $setsqlarr['uid'] = $_SGLOBAL['supe_uid']; $setsqlarr['username'] = $_SGLOBAL['supe_username']; $setsqlarr['lastpost'] = $setsqlarr['dateline']; $modelsinfoarr['subjectimagewidth'] = 400; $modelsinfoarr['subjectimageheight'] = 300; if (!empty($modelsinfoarr['thumbsize'])) { $modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize'])); $modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0]; $modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1]; } $uploadfilearr = $ids = array(); $subjectimageid = ''; $uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']); if (!empty($uploadfilearr)) { $feedsubjectimg = $uploadfilearr; foreach ($uploadfilearr as $tmpkey => $tmpvalue) { if (empty($tmpvalue['error'])) { $setsqlarr[$tmpkey] = $tmpvalue['filepath']; } if (!empty($tmpvalue['aid'])) { $ids[] = $tmpvalue['aid']; } } } //词语过滤 if (!empty($modelsinfoarr['allowfilter'])) { $setsqlarr = scensor($setsqlarr, 1); } //发布时间 if (empty($_POST['dateline'])) { $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; } else { $setsqlarr['dateline'] = sstrtotime($_POST['dateline']); if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) { //不能早于2年 $setsqlarr['dateline'] = $_SGLOBAL['timestamp']; } } //附件处理-by jyf if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) { $setsqlarr['attaches'] = implode(',', $_POST['divupload']); } //创新园地新增两个字段-------89184 if ($cacheinfo['models']['modelname'] == 'creative') { if (empty($_POST['creative_value'])) { showmessage('请输入创新价值说明'); } if (empty($_POST['creative_days'])) { showmessage('本创新所耗的工作量'); } $setsqlarr['value'] = $_POST['creative_value']; $setsqlarr['days'] = $_POST['creative_days']; } if (!checkperm('allowdirectpost') || checkperm('managemodpost')) { //不需要审核时入item表 if (empty($itemid)) { //插入数据 $itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1); //取消邮件通知 --89184 $email = get_cate_mail($_POST['catid']); $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); if ($_POST['modelname'] == 'creative') { if ($_POST['creative_type'] == '流程建议') { $email = $email . ',' . get_cate_process_mail($setsqlarr['catid']); } } $emails = explode(',', $email); if (count($emails) > 0) { include S_ROOT . './function/sendmail.fun.php'; $url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); if ($cacheinfo['models']['modelname'] == 'creative') { $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的创新:<br />' . $url1; sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的创新《' . $_POST['subject'] . "》", $msg1); } else { if ($cacheinfo['models']['modelname'] == 'defect') { $msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例:<br />' . $url1; sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例《' . $_POST['subject'] . "》", $msg1); } } } } else { //更新 $op = 'update'; unset($setsqlarr['uid']); unset($setsqlarr['username']); unset($setsqlarr['lastpost']); if ($setsqlarr['grade'] > 0) { $setsqlarr['shenhezhe'] = $_SGLOBAL['supe_username']; if ($_POST['modelname'] == 'creative') { if ($_POST['creative_type'] == '主管月度创新') { if (!check_cate_director($setsqlarr['catid'])) { showmessage('no_permission'); } } } } updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid)); $query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\''); $defaultmessage = $_SGLOBAL['db']->fetch_array($query); //邮件通知--等级审核 if ($setsqlarr['grade'] > 0) { $sqlstr = 'SELECT u.*, s.* FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' s LEFT JOIN ' . tname('members') . ' u ON u.uid=s.uid WHERE s.itemid=\'' . $itemid . '\''; $query = $_SGLOBAL['db']->query($sqlstr); $value = $_SGLOBAL['db']->fetch_array($query); $email = $value['email']; if (!empty($email)) { include S_ROOT . './function/sendmail.fun.php'; $url = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); $emails = explode(',', $email); if ($_POST['modelname'] == 'creative') { $msg = '你的创新已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url; } else { $msg = '你的缺陷预防案例已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url; } sendmail($emails, $setsqlarr['subject'], $msg); } } } if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) { $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=1, type=\'' . $modelsinfoarr['modelname'] . '\', itemid=' . $itemid . ', catid=\'' . $_POST['catid'] . '\' WHERE hash=\'' . $_POST['hash'] . '\''); } $hash = getmodelhash($_POST['mid'], $itemid); if (!empty($ids)) { $ids = simplode($ids); $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')'); } $do = 'pass'; } else { if (!empty($uploadfilearr['subjectimage']['aid'])) { $subjectimageid = $uploadfilearr['subjectimage']['aid']; } $setitemsqlarr = $setsqlarr; $do = 'me'; } if ($op == 'update') { if (!empty($resultmessage)) { foreach ($resultmessage as $value) { if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) { if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) { //当file删除时,或修改时执行删除操作 deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname'])); //删除附件表 updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid'])); $ext = fileext($defaultmessage[$value['fieldname']]); if (in_array($ext, array('jpg', 'jpeg', 'png'))) { @unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg'); } @unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]); } } } } } //内容 $setsqlarr = $uploadfilearr = $ids = array(); $setsqlarr = getsetsqlarr($resultmessage); $uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0); $setsqlarr['message'] = trim($_POST['message']); $setsqlarr['postip'] = $_SGLOBAL['onlineip']; if (!empty($uploadfilearr)) { foreach ($uploadfilearr as $tmpkey => $tmpvalue) { if (empty($tmpvalue['error'])) { $setsqlarr[$tmpkey] = $tmpvalue['filepath']; } if (!empty($tmpvalue['aid'])) { $ids[] = $tmpvalue['aid']; } } } //添加内容 if (!empty($modelsinfoarr['allowfilter'])) { $setsqlarr = scensor($setsqlarr, 1); } if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') { //不需要审核时入message表 if ($op == 'add') { $setsqlarr['itemid'] = $itemid; //添加内容 inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr); getreward('postinfo'); if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) { $feed['icon'] = 'comment'; $feed['title_template'] = 'feed_model_title'; $murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid); $aurl = A_URL; if (empty($_SCONFIG['siteurl'])) { $siteurl = getsiteurl(); $murl = $siteurl . $murl; $aurl = $siteurl . $aurl; } else { $siteurl = S_URL_ALL; } $feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>'); $feed['body_template'] = 'feed_model_message'; $feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150)); if (!empty($feedsubjectimg)) { $feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl); } else { foreach ($feedcolum as $feedimgvalue) { if ($feedimgvalue['filepath']) { $feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl); break; } } if (empty($feed['images'])) { $picurl = getmessagepic(stripslashes($_POST['message'])); if ($picurl && strpos($picurl, '://') === false) { $picurl = $siteurl . '/' . $picurl; } if (!empty($picurl)) { $feed['images'][] = array('url' => $picurl, 'link' => $murl); } } } postfeed($feed); } } else { //更新内容 updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid)); } updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash)); if (checkperm('allowdirectpost') && $op == 'update') { deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1); } if (checkperm('allowdirectpost') && $op == 'update') { $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('writing_success_online_please_wait_for_audit', $jpurl); } else { $jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('online_contributions_success', $jpurl); } } else { $setsqlarr = array_merge($setitemsqlarr, $setsqlarr); $setsqlarr['addfeed'] = $_POST['addfeed']; $setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1); if (!empty($_POST['itemid'])) { $itemid = intval($_POST['itemid']); updatetable('modelfolders', $setsqlarr, array('itemid' => $itemid)); } else { $itemid = inserttable('modelfolders', $setsqlarr, 1); } if (!empty($subjectimageid)) { $ids[] = $subjectimageid; } if (!empty($ids)) { $ids = simplode($ids); $hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT); $_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')'); } $jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}"; showmessage('writing_success_online_please_wait_for_audit', $jpurl); } }
$createtime = _strtotime($_POST['createtime']); $updatetime = time(); $data = compact('cid', 'title', 'keyword', 'description', 'body', 'creater', 'updater', 'createtime', 'updatetime'); if (empty($id)) { $DreamCMS->db->insert('page', $data); redirect($name . "页面添加完成!", "admincp.php?do=catalog"); } else { $DreamCMS->db->update('page', $data, compact('id')); redirect($name . "编辑完成!", "admincp.php?do=catalog"); } } if ($action == 'reupload') { $fid = (int) $_POST['fid']; $rs = $DreamCMS->db->get_row("SELECT * FROM `#DC@__file` WHERE `id`='{$fid}' LIMIT 1"); $path = str_replace(array($DreamCMS->config['uploadfiledir'] . '/', $rs->filename), '', $rs->path); uploadfile('file', '', $path, $rs->filename, 'reupload'); alert($rs->filename . '重新上传成功!', 'javascript:window.parent.location.reload();'); } if (isset($_POST['delete'])) { $i = 0; foreach ($_POST['delete'] as $fid) { deletefile($fid) && $i++; } alert("共删除{$i}个文件!", "url:1"); } else { _header(); } break; } function deletefile($fid) {
<?php echo "<hr>"; echo $_FILES["uploadedfile"]["type"]; echo "<br>"; echo $_FILES["uploadedfile"]["name"]; echo "<br>"; echo $_FILES["uploadedfile"]["error"]; echo "<br>"; echo "<hr>"; $info = pathinfo($_FILES['uploadedfile']['name']); if ($info["extension"] == "csv") { $mimes = array('text/csv', 'application/csv', 'text/comma-separated-values', 'application/excel', 'application/vnd.ms-excel', 'application/vnd.msexcel', 'application/octet-stream', 'application/txt', 'text/tsv'); if (in_array($_FILES['uploadedfile']['type'], $mimes)) { echo "<br> This is a CSV file<br>"; $filepath = uploadfile($_FILES); readmycsvfile($filepath); } else { echo "<br> Nai hUa<br>"; } } else { echo "Not a CSV Extension"; } function uploadfile($_FILES) { echo "---------------"; $target_path = "uploads/" . basename($_FILES['uploadedfile']['name']); if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file " . basename($_FILES['uploadedfile']['name']) . " has been uploaded"; return $target_path; } else {
<?php include 'mega.php'; if (isset($_GET['url'])) { $url = parse_url($_GET['url'], PHP_URL_PATH); $ext = pathinfo($url); $filename = "temp/" . uniqid() . "-" . $ext['basename']; copy($_GET['url'], $filename); login("login", "password"); uploadfile($filename); header("location:../index.php"); }