}
$target = $INI['system']['imgprefix']."/static/team/{$year}/{$day}/{$fname}";
if($immediate=='1')$target='!'.$target;
if($msgtype==1)$msg=$target;
else $msg=array('url'=>$target,'localname'=>$upfile['name'],'id'=>'1');//id参数固定不变,仅供演示,实际项目中可以是数据库ID
}
}
else $err='上传文件扩展名必需为:'.$upext;
if (is_resource($upfile['tmp_name'])) {fclose($upfile['tmp_name']);}
else { @unlink($upfile['tmp_name']); }
}
return array('err'=>$err,'msg'=>$msg);
}
//HTML5 上传
if(isset($_SERVER['HTTP_CONTENT_DISPOSITION'])) {
if(preg_match('/attachment;\s+name="(.+?)";\s+filename="(.+?)"/i',$_SERVER['HTTP_CONTENT_DISPOSITION'],$info)) {
$temp_name = tmpfile();
$content = file_get_contents("php://input");
fwrite($temp_name, $content);
fseek($temp_name, 0);
$size = strlen($content);
$_FILES[$info[1]]=array('name'=>$info[2],'tmp_name'=>$temp_name,'size'=>$size,'type'=> '','error'=>0);
}
}
//End HTML5
$state=uploadfile('filedata');
echo json_encode($state);
}
_Header();
}
foreach ($_POST['name'] as $id => $value) {
$DreamCMS->db->query("update `#DC@__links` set `name`='{$value}',`url`='" . $_POST['url'][$id] . "',`desc`='" . $_POST['description'][$id] . "',`orderid`='" . $_POST['displayorder'][$id] . "' where `id`='{$id}'");
}
_Header();
}
if ($action == 'add') {
$id = intval($id);
$name = $_POST['name'] ? save($_POST['name']) : '';
$url = $_POST['url'] ? save($_POST['url']) : '';
$desc = $_POST['description'] ? save($_POST['description']) : '';
//$logo = $_POST['logo'];
$orderid = intval($_POST['displayorder']);
empty($name) && alert('网站名称不能为空!');
empty($url) && alert('网站URL不能为空!');
strpos($url, 'http://') === false && ($url = 'http://' . $url);
$artlogo = $_POST['artlogo'] ? save($_POST['artlogo']) : '';
$_logo = uploadfile("logo", $name);
$logo = empty($_logo) ? $artlogo : $_logo['FilePath'];
//$DreamCMS->db->query("INSERT INTO `#DC@__links` (`name`,`logo`,`desc`,`url`,`orderid`) VALUES ('$name','$logo','$desc','$url','$orderid')");
if ($id) {
$DreamCMS->db->query("UPDATE `#DC@__links` SET `name`='{$name}',`logo`='{$logo}',`desc`='{$desc}',`url`='{$url}',`orderid`='{$orderid}' WHERE `id`='{$id}' LIMIT 1");
} else {
$DreamCMS->db->query("INSERT INTO `#DC@__links` (`name`,`logo`,`desc`,`url`,`orderid`) VALUES ('{$name}','{$logo}','{$desc}','{$url}','{$orderid}')");
}
_Header("admincp.php?do=link");
}
break;
}
register();
} else {
if ($ask == "edituser") {
edituser();
} else {
if ($ask == "changepsd") {
changepsd();
} else {
if ($ask == "delete") {
del();
} else {
if ($ask == "image") {
uploadimage();
} else {
if ($ask == "file") {
uploadfile();
} else {
if ($ask == "lzl") {
lzl();
} else {
if ($ask == "search") {
search();
} else {
if ($ask == "action") {
action();
} else {
echo '<capu><info><code>14</code><msg>ask错误。</msg></info></capu>';
exit;
}
}
}
function pkpost($cacheinfo, $cp = 1)
{
global $_G, $_SGLOBAL, $theurl, $mname, $checkresults;
$itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0;
$hash = '';
$op = 'add';
$mustverify = false;
$resultitems = $resultmessage = $updateitem = array();
$modelsinfoarr = $cacheinfo['models'];
$columnsinfoarr = $cacheinfo['columns'];
$feedcolum = array();
foreach ($columnsinfoarr as $result) {
if ($mname == "groupbuy" && preg_match('/^user_|^ext_/', $result['fieldname'])) {
continue;
}
if ($result['isfixed'] == 1) {
$resultitems[] = $result;
} else {
$resultmessage[] = $result;
}
if ($result['formtype'] == 'linkage') {
if (!empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]];
}
} elseif ($result['formtype'] == 'timestamp') {
if (empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $_G['timestamp'];
} else {
$_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]);
}
}
}
//輸入檢查
$_POST['subject'] = trim(strip_tags($_POST['subject']));
$itemid = $_POST['itemid'];
$checkresults = array();
if (bstrlen($_POST['subject']) < 1 || bstrlen($_POST['subject']) > 80) {
array_push($checkresults, array('subject' => lang('space_suject_length_error')));
}
//數據檢查
checkvalues(array_merge($resultitems, $resultmessage), 1, 1);
//商品價格處理 Start
if ($modelsinfoarr['modelname'] == 'good') {
if ($_POST['minprice'] > 0 && $_POST['maxprice'] > 0 && $_POST['maxprice'] < $_POST['minprice']) {
array_push($checkresults, array('maxprice' => lang('maxprice_must_big_then_minprice')));
}
}
//商品價格處理 End
//修改時檢驗標題圖片是否修改
$defaultmessage = array();
if (!empty($itemid)) {
if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) {
//當file刪除時,或修改時執行刪除操作
$query = DB::query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\'');
$defaultmessage = DB::fetch($query);
$hash = getmodelhash($modelsinfoarr['mid'], $itemid);
deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage'));
//刪除附件表
updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid));
$ext = fileext($defaultmessage['subjectimage']);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage['subjectimage']);
}
}
//構建數據
$setsqlarr = $setitemsqlarr = array();
$setsqlarr = getsetsqlarr($resultitems);
$itemgrade = DB::result_first("SELECT grade FROM " . tname($mname . "items") . " WHERE itemid = '{$itemid}'");
if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
$setsqlarr['subjectimage'] = $_POST['subjectimage_value'];
}
if (empty($_POST['catid']) || $_POST['catid'] < 0) {
array_push($checkresults, array('catid' => lang('cat_not_selected')));
}
$setsqlarr['catid'] = $_POST['catid'];
if ($modelsinfoarr['modelname'] != 'shop') {
//限制必填信息所屬店舖
if (pkperm('isadmin')) {
if (empty($_POST['shopid'])) {
array_push($checkresults, array('shopid' => lang('please_select_shopid')));
}
$setsqlarr['shopid'] = intval($_POST['shopid']);
} else {
$setsqlarr['shopid'] = $_G['myshopid'];
}
} else {
$setsqlarr['letter'] = !empty($_POST['letter']) ? trim($_POST['letter']) : getletter(trim($_POST['subject']));
$setsqlarr['keywords'] = trim(strip_tags($_POST['keywords']));
$setsqlarr['description'] = trim(strip_tags($_POST['description']));
if (!empty($_POST['syncfid'])) {
require_once B_ROOT . './api/bbs_syncpost.php';
if (checkbbsfid($_POST['syncfid'])) {
$setsqlarr['syncfid'] = intval($_POST['syncfid']);
} else {
array_push($checkresults, array('syncfid' => lang('syncfid_noexists')));
}
}
}
$setsqlarr['subject'] = $_POST['subject'];
$setsqlarr['allowreply'] = 1;
if (!empty($checkresults)) {
cpmsg('addobject_error', '', '', '', true, true, $checkresults);
}
if (pkperm('isadmin')) {
$setsqlarr['grade'] = isset($_POST['grade']) ? $_POST['grade'] : 3;
} elseif ($_G['myshopstatus'] == 'verified') {
if (in_array($modelsinfoarr['modelname'], array('good', 'notice', 'consume', 'album', 'groupbuy')) && $itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
$setsqlarr['grade'] = !empty($itemid) ? 5 : 0;
if (!empty($itemid)) {
if (in_array($_POST['grade'], array(2, 3))) {
$setsqlarr['grade'] = $_POST['grade'];
}
}
$mustverify = true;
} else {
if (in_array($_POST['grade'], array(2, 3))) {
$setsqlarr['grade'] = $_POST['grade'];
} else {
$setsqlarr['grade'] = $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']] ? 0 : 3;
}
}
} elseif ($_G['myshopstatus'] == 'unverified') {
$setsqlarr['grade'] = 0;
}
$setsqlarr['dateline'] = $_G['timestamp'];
$setsqlarr['uid'] = $_G['uid'];
$setsqlarr['username'] = $_G['username'];
$setsqlarr['lastpost'] = $setsqlarr['dateline'];
// 標題圖片處理 Start
if (!empty($modelsinfoarr['thumbsize'])) {
$modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize']));
$modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0];
$modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1];
}
if ($_POST['imagetype'] == 0 && $modelsinfoarr['modelname'] == 'consume' && $_G['setting']['allowcreateimg']) {
if ($_GET['action'] == 'add') {
$hotline = $_SGLOBAL['panelinfo']['tel'];
$address = $_SGLOBAL['panelinfo']['address'];
} else {
$shopinfo = DB::fetch(DB::query("SELECT tel, address FROM " . tname('shopitems') . " WHERE itemid='{$setsqlarr['shopid']}'"));
$hotline = $shopinfo['tel'];
$address = $shopinfo['address'];
}
$dealer_name = DB::result_first("SELECT subject FROM " . tname('shopitems') . " WHERE itemid='{$setsqlarr['shopid']}'");
$createimgarr = array('id' => intval($_POST['imgtplid']), 'mid' => intval($modelsinfoarr['mid']), 'itemid' => intval($itemid), 'coupon_title' => $setsqlarr['subject'], 'dealer_id' => $setsqlarr['uid'], 'dealer_name' => $dealer_name, 'begin_date' => date('Y-m-d', $setsqlarr['validity_start']), 'end_date' => date('Y-m-d', $setsqlarr['validity_end']), 'brief' => trim($_POST['message']), 'exception' => trim($_POST['exception']), 'address' => $address, 'hotline' => $hotline, 'subjectimagewidth' => $modelsinfoarr['subjectimagewidth'], 'subjectimageheight' => $modelsinfoarr['subjectimageheight']);
require_once B_ROOT . './source/adminfunc/tool.func.php';
if ($consumeimgpath = image_text($createimgarr)) {
$setsqlarr['subjectimage'] = $consumeimgpath;
$setsqlarr['imagetype'] = 0;
$setsqlarr['imgtplid'] = intval($_POST['imgtplid']);
}
} else {
$uploadfilearr = $ids = array();
$subjectimageid = '';
$uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => '圖片標題', 'formtype' => 'img')), $modelsinfoarr['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']);
if (!empty($uploadfilearr)) {
$feedsubjectimg = $uploadfilearr;
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
if ($modelsinfoarr['modelname'] == 'consume') {
$setsqlarr['imagetype'] = 1;
}
}
/* --------- 標題圖片處理 End --------------*/
//詞語過濾
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
//發佈時間
$setsqlarr['dateline'] = $_G['timestamp'];
// 商品添加簡介
if ($mname == "good") {
$setsqlarr['intro'] = trim(strip_tags($_POST['intro']));
}
if (empty($itemid)) {
//插入數據
$itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1);
if (in_array($modelsinfoarr['modelname'], array('good', 'notice', 'consume', 'album', 'groupbuy'))) {
itemnumreset($modelsinfoarr['modelname'], $setsqlarr['shopid']);
}
} else {
$_SGLOBAL['itemupdate'] = 1;
//更新
$op = 'update';
unset($setsqlarr['uid']);
unset($setsqlarr['username']);
unset($setsqlarr['lastpost']);
if ($itemgrade == 1 && !pkperm('isadmin')) {
$setsqlarr['grade'] = 0;
} elseif ($itemgrade == 1 && pkperm('isadmin')) {
$setsqlarr['grade'] = 1;
} elseif ($itemgrade == 0 && !pkperm('isadmin')) {
$setsqlarr['grade'] = 0;
} elseif ($itemgrade == 0 && pkperm('isadmin')) {
$setsqlarr['grade'] = 0;
}
if (pkperm('isadmin')) {
//站長可以post任何數據
updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid));
//權限限制
} else {
// 店長不允許更改店舖組
unset($setsqlarr['groupid']);
if ($modelsinfoarr['modelname'] == 'shop') {
unset($setsqlarr['validity_start']);
unset($setsqlarr['validity_end']);
if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
$updatesqlarr = $setsqlarr;
} else {
//店長提交店舖權限檢查
updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $_G['myshopid']));
}
} else {
if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
$updatesqlarr = $setsqlarr;
} else {
//店長只能更改管理的店舖的信息
updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid, 'shopid' => $_G['myshopid']));
}
}
}
$query = DB::query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE itemid = \'' . $itemid . '\'');
$defaultmessage = DB::fetch($query);
}
$hash = getmodelhash($modelsinfoarr['mid'], $itemid);
if (!empty($ids)) {
$ids = simplode($ids);
DB::query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$do = 'pass';
if ($op == 'update' && !$_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
if (!empty($resultmessage)) {
foreach ($resultmessage as $value) {
if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) {
if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) {
//當file刪除時,或修改時執行刪除操作
deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname']));
//刪除附件表
updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('itemid' => $itemid));
@unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg');
@unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']] . '.thumb.jpg');
@unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]);
}
}
}
}
}
//內容
$setsqlarr = $uploadfilearr = $ids = array();
$setsqlarr = getsetsqlarr($resultmessage);
$uploadfilearr = $feedcolum = uploadfile($resultmessage, $modelsinfoarr['modelname'], $itemid, 0);
$setsqlarr['message'] = trim($_POST['message']);
$setsqlarr['message'] = saddslashes(html2bbcode(stripslashes($setsqlarr['message'])));
if ($modelsinfoarr['modelname'] == 'consume') {
$setsqlarr['exception'] = trim($_POST['exception']);
}
if ($_POST['imagetype'] == 0 && $modelsinfoarr['modelname'] == 'consume' && $_G['setting']['allowcreateimg']) {
$setsqlarr['address'] = trim($_POST['address']);
$setsqlarr['hotline'] = trim($_POST['hotline']);
}
$setsqlarr['postip'] = $_G['clientip'];
if ($modelsinfoarr['modelname'] == 'shop' && $itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']]) {
$setsqlarr['banner'] = $_POST['banner_value'];
$setsqlarr['windowsimg'] = $_POST['windowsimg_value'];
}
if (!empty($uploadfilearr)) {
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//添加內容
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
if ($op == 'add') {
$setsqlarr['itemid'] = $itemid;
//添加內容
inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr);
} else {
if ($itemgrade > 1 && $_SGLOBAL['panelinfo']['group']['verify' . $modelsinfoarr['modelname']] && !pkperm('isadmin')) {
$_SGLOBAL['updatesqlarr'] = array_merge($updatesqlarr, $setsqlarr);
} else {
//更新內容
updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid));
}
}
updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash));
return $itemid;
}
/**
* 模型在线投稿提交处理函数
*/
function modelpost($cacheinfo, $cp = 1)
{
global $_SGLOBAL, $theurl, $_SCONFIG;
include_once S_ROOT . './function/upload.func.php';
$_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0;
$itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0;
$hash = '';
$op = 'add';
$resultitems = $resultmessage = array();
$modelsinfoarr = $cacheinfo['models'];
$columnsinfoarr = $cacheinfo['columns'];
if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) {
showmessage('parameter_error');
}
$feedcolum = array();
foreach ($columnsinfoarr as $result) {
if ($result['isfixed'] == 1) {
$resultitems[] = $result;
} else {
$resultmessage[] = $result;
}
if ($result['formtype'] == 'linkage') {
if (!empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]];
}
} elseif ($result['formtype'] == 'timestamp') {
if (empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $_SGLOBAL['timestamp'];
} else {
$_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]);
}
}
}
//更新用户最新更新时间
if (empty($itemid) && $_SGLOBAL['supe_uid']) {
updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid']));
}
//输入检查
$_POST['catid'] = intval($_POST['catid']);
$_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0;
$_POST['subject'] = shtmlspecialchars(trim($_POST['subject']));
//检查输入
if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) {
showmessage('space_suject_length_error');
}
if (empty($_POST['catid'])) {
showmessage('admin_func_catid_error');
}
if (!empty($_FILES['subjectimage']['name'])) {
$fileext = fileext($_FILES['subjectimage']['name']);
if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) {
showmessage('document_types_can_only_upload_pictures');
}
}
//数据检查
checkvalues(array_merge($resultitems, $resultmessage), 0, 1);
//修改时检验标题图片是否修改
$defaultmessage = array();
if (!empty($itemid)) {
if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) {
//当file删除时,或修改时执行删除操作
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\'');
$defaultmessage = $_SGLOBAL['db']->fetch_array($query);
$hash = getmodelhash($_GET['mid'], $itemid);
deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage'));
//删除附件表
updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid));
$ext = fileext($defaultmessage['subjectimage']);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage['subjectimage']);
}
}
//构建数据
$setsqlarr = $setitemsqlarr = array();
$setsqlarr = getsetsqlarr($resultitems);
$setsqlarr['catid'] = $_POST['catid'];
$setsqlarr['subject'] = $_POST['subject'];
$setsqlarr['allowreply'] = $_POST['allowreply'];
if (checkperm('managefolder') || checkperm('managemodpost')) {
$setsqlarr['grade'] = intval($_POST['grade']);
} else {
$setsqlarr['grade'] = 0;
}
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
$setsqlarr['uid'] = $_SGLOBAL['supe_uid'];
$setsqlarr['username'] = $_SGLOBAL['supe_username'];
$setsqlarr['lastpost'] = $setsqlarr['dateline'];
$modelsinfoarr['subjectimagewidth'] = 400;
$modelsinfoarr['subjectimageheight'] = 300;
if (!empty($modelsinfoarr['thumbsize'])) {
$modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize']));
$modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0];
$modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1];
}
$uploadfilearr = $ids = array();
$subjectimageid = '';
$uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']);
if (!empty($uploadfilearr)) {
$feedsubjectimg = $uploadfilearr;
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//词语过滤
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
//发布时间
if (empty($_POST['dateline'])) {
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
} else {
$setsqlarr['dateline'] = sstrtotime($_POST['dateline']);
if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) {
//不能早于2年
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
}
}
if (!checkperm('allowdirectpost') || checkperm('managemodpost')) {
//不需要审核时入item表
if (empty($itemid)) {
//插入数据
$itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1);
} else {
//更新
$op = 'update';
unset($setsqlarr['uid']);
unset($setsqlarr['username']);
unset($setsqlarr['lastpost']);
updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid));
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\'');
$defaultmessage = $_SGLOBAL['db']->fetch_array($query);
}
$hash = getmodelhash($_POST['mid'], $itemid);
if (!empty($ids)) {
$ids = simplode($ids);
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$do = 'pass';
} else {
if (!empty($uploadfilearr['subjectimage']['aid'])) {
$subjectimageid = $uploadfilearr['subjectimage']['aid'];
}
$setitemsqlarr = $setsqlarr;
$do = 'me';
}
if ($op == 'update') {
if (!empty($resultmessage)) {
foreach ($resultmessage as $value) {
if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) {
if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) {
//当file删除时,或修改时执行删除操作
deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname']));
//删除附件表
updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid']));
$ext = fileext($defaultmessage[$value['fieldname']]);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]);
}
}
}
}
}
//内容
$setsqlarr = $uploadfilearr = $ids = array();
$setsqlarr = getsetsqlarr($resultmessage);
$uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0);
$setsqlarr['message'] = trim($_POST['message']);
$setsqlarr['postip'] = $_SGLOBAL['onlineip'];
if (!empty($uploadfilearr)) {
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//添加内容
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') {
//不需要审核时入message表
if ($op == 'add') {
$setsqlarr['itemid'] = $itemid;
//添加内容
inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr);
if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) {
$feed['icon'] = 'comment';
$feed['title_template'] = 'feed_model_title';
$murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
$aurl = A_URL;
if (empty($_SCONFIG['siteurl'])) {
$siteurl = getsiteurl();
$murl = $siteurl . $murl;
$aurl = $siteurl . $aurl;
} else {
$siteurl = S_URL_ALL;
}
$feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>');
$feed['body_template'] = 'feed_model_message';
$feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150));
if (!empty($feedsubjectimg)) {
$feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl);
} else {
foreach ($feedcolum as $feedimgvalue) {
if ($feedimgvalue['filepath']) {
$feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl);
break;
}
}
if (empty($feed['images'])) {
$picurl = getmessagepic(stripslashes($_POST['message']));
if ($picurl && strpos($picurl, '://') === false) {
$picurl = $siteurl . '/' . $picurl;
}
if (!empty($picurl)) {
$feed['images'][] = array('url' => $picurl, 'link' => $murl);
}
}
}
postfeed($feed);
}
} else {
//更新内容
updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid));
}
updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash));
if (checkperm('allowdirectpost') && $op == 'update') {
deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1);
}
if (checkperm('allowdirectpost') && $op == 'update') {
$jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('writing_success_online_please_wait_for_audit', $jpurl);
} else {
$jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('online_contributions_success', $jpurl);
}
} else {
$setsqlarr = array_merge($setitemsqlarr, $setsqlarr);
$setsqlarr['addfeed'] = $_POST['addfeed'];
$setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1);
$itemid = inserttable('modelfolders', $setsqlarr, 1);
if (!empty($subjectimageid)) {
$ids[] = $subjectimageid;
}
if (!empty($ids)) {
$ids = simplode($ids);
$hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT);
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('writing_success_online_please_wait_for_audit', $jpurl);
}
}
// file or dir hash
$requestid = optional_param('requestid', "", PARAM_TEXT);
// file or dir hash
$paramone = optional_param('paramone', "", PARAM_TEXT);
// nature of value depends on datatype, maybe path
$paramtwo = optional_param('paramtwo', "", PARAM_TEXT);
// nature of value depends on datatype, maybe protocol
$paramthree = optional_param('paramthree', "", PARAM_TEXT);
// nature of value depends on datatype, maybe filearea
switch ($datatype) {
case "uploadfile":
header("Content-type: text/xml");
echo "<?xml version=\"1.0\"?>\n";
//uploadfile filedata(base64), fileextension (needs to be cleaned), blah blah
//paramone is the file data, paramtwo is the file extension, requestid is the actionid
$returnxml = uploadfile($paramone, $paramtwo, $requestid, $contextid, $comp, $farea, $itemid);
break;
case "poodllpluginfile":
//poodllpluginfile($contextid,$component,$filearea,$itemid,$filepath,$filename);
//lets hard code this for now, very very mild security
poodllpluginfile($contextid, "mod_assignment", "submission", $itemid, "/", $paramone);
return;
case "getlast20files":
header("Content-type: text/html");
$returnxml = "";
echo "hi";
getLast20Files();
break;
case "getrepodata":
header("Content-type: text/xml");
echo "<?xml version=\"1.0\"?>\n";
$positions = intval($_POST['positions']);
//赛制图标 start
$articonpic = save($_POST['articonpic']);
$_iconpic = uploadfile("iconpic", $sortname);
$iconpic = empty($_iconpic) ? $articonpic : $_iconpic['FilePath'];
//赛制图标 end
$teamname1 = save($_POST['teamname1']);
//队列1图标 start
$artteampic1 = save($_POST['artteampic1']);
$_teampic1 = uploadfile("teampic1", $sortname);
$teampic1 = empty($_teampic1) ? $artteampic1 : $_teampic1['FilePath'];
//队列1图标 end
$teamname2 = save($_POST['teamname2']);
//队列2图标 start
$artteampic2 = save($_POST['artteampic2']);
$_teampic2 = uploadfile("teampic2", $sortname);
$teampic2 = empty($_teampic2) ? $artteampic2 : $_teampic2['FilePath'];
//队列2图标 end
$starttime = $_POST['starttime'] ? _strtotime($_POST['starttime']) : 0;
$endtime = $_POST['endtime'] ? _strtotime($_POST['endtime']) : 0;
$addtime = time();
$showstate = intval($_POST['showstate']);
//播放来源 start
$playsource = '';
if ($_POST['play_url'] && is_array($_POST['play_url'])) {
foreach ($_POST['play_url'] as $key => $val) {
$thisplay_url = save($val);
if ($thisplay_url) {
//排序 start
$numkey = addKey($playsource, $_POST['play_orders'][$key]);
//排序 end
function king_def()
{
$state = uploadfile('filedata');
echo json_encode($state);
}
$font = @$_POST['font'];
$userban = @$_POST['userban'];
$size = @$_POST['size'];
$theme = @$_POST['explorer-theme'];
$ban = @$_FILES['ban'];
$userfile = fopen(USER_CONF_FILE, 'x');
if ($userfile == FALSE) {
header("Status: 301 Moved Permanently", false, 301);
header("Location: http://{$host}");
exit;
} else {
fwrite($userfile, $id_code . "\r\n");
fwrite($userfile, $background . "\r\n");
fwrite($userfile, $font . "\r\n");
fwrite($userfile, $userban . "\r\n");
fwrite($userfile, $size . "\r\n");
fwrite($userfile, $theme);
fclose($userfile);
if ($userban == 'no') {
header("Status: 301 Moved Permanently", false, 301);
header("Location: http://{$host}/");
exit;
} else {
include 'inc/config/upload.php';
$userdir = 'css/img/user.jpg';
uploadfile($ban, $userdir);
}
header("Status: 301 Moved Permanently", false, 301);
header("Location: http://{$host}/");
exit;
}
* @author coolmoo <*****@*****.**>
*/
!defined('iPATH') && exit('What are you doing?');
switch ($action) {
case 'editor':
$F = uploadfile("upload");
echo json_encode(array('err' => '', 'msg' => uploadfile("upload")["FilePath"]));
break;
case 'Aupload':
strpos($_POST['savedir'], '.') !== false && alert('目录不能带有.', 'javascript:void(0);');
$F = uploadfile("file");
alert($F["OriginalFileName"] . '上传成功!', 'javascript:insert("' . $F["FilePath"] . '","' . $_POST['in'] . '");');
break;
case 'uploadfile':
strpos($_POST['savedir'], '.') !== false && alert('目录不能带有.', 'javascript:void(0);');
$F = uploadfile("file", '', $_POST['savedir']);
alert($F["OriginalFileName"] . '上传成功!', 'javascript:window.parent.location.reload();');
break;
case 'createdir':
$dirname = $_POST['dirname'];
$savedir = $_POST['savedir'];
strpos($savedir, '.') !== false && alert('目录不能带有.', 'javascript:void(0);');
strpos($dirname, '.') !== false && alert('目录不能带有.', 'javascript:void(0);');
createdir(iPATH . $iCMS->config['uploadfiledir'] . "/" . $savedir . $dirname);
alert("目录[{$dirname}]创建成功!", 'javascript:window.parent.location.reload();');
break;
case 'crop':
//header('Content-type: image/jpeg');
$tMap = array(1 => 'gif', 2 => 'jpeg', 3 => 'png');
$pic = $_POST['pFile'];
$iPic = getfilepath($pic, iPATH, '+');
function upload($usuario, $empresa, $conexion)
{
if (get('VUP')) {
//VUP : Valida Upload
$filedata = (string) $_GET['filedata'];
$filedata = unserialize(base64_decode($filedata));
$return = array('filedata' => $filedata);
return $return;
}
$path = (string) post("path");
$filedata = (string) post("filedata");
$formId = (string) post("formId");
$campo = (string) post("campo");
$return = array('success' => false, 'msg' => 'No se pudo subir el archivo.');
if ($_FILES['error'] == UPLOAD_ERR_OK) {
$filedata = unserialize(base64_decode($filedata));
$filesize = $_FILES["file"]["size"];
$maxfile = $filedata["maxfile"] * 1024 * 1024;
if ($filesize <= $maxfile) {
$codigo = (int) numerador('archivoTemporal', 0, '');
$return = uploadfile($codigo, $_FILES, $path, $filedata["tipos"]);
if ($return['success']) {
//deleteFileTemporal($formId, $conexion);
insertFileTemporal($codigo, $return, $formId, $campo, $usuario, $empresa, $conexion);
}
} else {
$return['msg'] = "El archivo no puede superar los {$filedata["maxfile"]} Mb";
}
}
// return "daniel";
return $return;
}
msgexiterror("notright", "", "disable");
exit;
}
}
if (isset($_FILES["userfile"])) {
if ($codekey == 7) {
demo();
}
if (!$path) {
echo "Path потерян... конец операции...";
exit;
} else {
if ($pr[68]) {
$redirecttoshare = 1;
}
$err = uploadfile($path, "original");
}
if ($err == false) {
echo "upload fail.";
}
if ($err == true) {
echo "upload complete.";
}
exit;
}
//echo "OSTYPE==$OSTYPE";
if ($pr[41]) {
$defaultpath = $pr[41];
} else {
if ($OSTYPE == "LINUX") {
$defaultpath = getcwd() . "/";
}
if ($publicdemo) {
$serial = "publicdemo";
}
if ($test) {
$serial = $testenable;
}
if (isset($_FILES["userfile"])) {
//проверяем посланный ключ //йух посылается , а не ключ... мдя интересно с какой это
// if ($go=="Send key") { //проверяем посланный ключ
$uploaddir = "_conf";
if ($size > 700) {
echo "Превышен hardcoded лимит в 300bytes";
exit;
}
if (uploadfile($uploaddir, "add.key")) {
lprint("FS_FWR");
} else {
lprint("FS_FWRFAIL");
}
//echo "2userfile=$userfile go=$go path=$path (disabled) ";
Header("Location: login.php");
//пофиксили баг с лишним обновлением. не пересылаем заново временно пока херня не пройдет
}
if ($prauth[$ADM][2] == false and $prauth[$ADM][11]) {
lprint("A_LOG_BAN");
?>
<form action="login.php" method="post"> <?php
submitkey("resetcookie", "LOGOUT");
echo "</form>";
exit;
if ($_POST["selectoption"] == "Новости") {
news($mysqli, $tmpl['newsAdmin']);
} else {
if (isset($_POST["selectedNews"])) {
if ($_POST["selectnews"] == "Новый вопрос") {
addnews($mysqli, $tmpl["addnews"]);
} else {
insertOrDeleteNews($mysqli, $tmpl["updatenews"], $_POST["selectnews"], $tmpl["updatecoments"]);
}
} else {
if (isset($_POST["addnew"])) {
$title = $_POST["title1"];
$category = $_POST["categorynews"];
$text = $_POST["text"];
$isHot = $_POST["isHot"];
uploadfile($mysqli);
addnewsDB($mysqli, $title, $category, $text, $isHot);
$_SESSION["list"] = $tmpl['mainAdmin'];
} else {
if (isset($_POST["insertnew"])) {
//получим id категории
$sth = $mysqli->prepare("SELECT id2 FROM Category2 WHERE categ2 = ? ");
$sth->bind_Param("s", $_POST["categorynews"]);
$sth->execute();
$result = $sth->get_result();
$obj = $result->fetch_assoc();
$idcat = $obj["id2"];
$result->close();
$hot = 0;
if ($_POST["isHot"] == "on") {
$hot = 1;
} else {
alert('您没有任何数据编辑');
}
}
if ($action == 'add') {
$id = (int) $_POST['id'];
$name = save($_POST['name']);
$orders = intval($_POST['orders']);
$types = intval($_POST['types']);
!$types && alert('类型错误!');
!$name && alert('名称不能为空!');
if ($delpics) {
$pics = '';
} else {
$artpics = save($_POST['artpics']);
$_pics = uploadfile("pics", $name);
$pics = empty($_pics) ? $artpics : $_pics['FilePath'];
}
$returnurl = $_POST['returnurl'] ? rawurldecode($_POST['returnurl']) : 'admincp.php?do=events_playsource&operation=manage&types=' . $types;
$set = " `orders`='{$orders}',`name`='{$name}',`pics`='{$pics}' ";
if ($id) {
$up = $DreamCMS->db->query("UPDATE `#DC@__events_playsource` SET " . $set . " WHERE `types`='{$types}' AND `id`='{$id}' LIMIT 1 ");
if ($up !== false) {
redirect("编辑完成!", $returnurl, '2');
} else {
alert('编辑失败');
}
} else {
$set .= ",`types`='{$types}' ";
$add = $DreamCMS->db->query("INSERT INTO `#DC@__events_playsource` SET " . $set);
if ($add) {
alert('操作成功!', 'url:1');
}
} else {
//添加
$add = $DreamCMS->db->query("INSERT INTO `#DC@__installhelper` " . $sql);
if ($add) {
$itid = mysql_insert_id();
$field = 'picshows';
//添加文章图片集 start
if ($_FILES[$field]['name'] && is_array($_FILES[$field]['name'])) {
foreach ($_FILES[$field]['name'] as $key => $val) {
$_FILES[$field . $key]['name'] = $val;
$_FILES[$field . $key]['tmp_name'] = $_FILES[$field]['tmp_name'][$key];
$_FILES[$field . $key]['error'] = $_FILES[$field]['error'][$key];
$_FILES[$field . $key]['size'] = $_FILES[$field]['size'][$key];
$tupianji = uploadfile($field . $key, $title . "--图片" . $key + 1);
$articlepic = $tupianji['FilePath'];
//图片描述 start
$picsdes = $field . "picdes";
$picdes = save($_POST[$picsdes][$key]);
//图片描述 end
//图片排序 start
$picsorder = $field . "picorder";
$picorder = intval($_POST[$picsorder][$key]);
//图片排序 end
$DreamCMS->db->query("INSERT INTO `#DC@__installhelper_pics` SET `itid`='{$itid}',`articlepic`='{$articlepic}',`picdes`='{$picdes}',`picorder`='{$picorder}',`picfield`='{$field}'");
$tupianji = '';
}
}
//添加文章图片集 end
alert('操作成功!', 'url:1');
$tupianji = '';
}
}
//------添加文章图片集 end
//------更新文章图片集 start
$picedit = $field . "_edit";
$artpicedit = "art_" . $field . "_edit";
$picids = $field . "picids";
if ($_FILES[$picedit]['name'] && is_array($_FILES[$picedit]['name'])) {
foreach ($_FILES[$picedit]['name'] as $key => $val) {
$_FILES[$picedit . $key]['name'] = $val;
$_FILES[$picedit . $key]['tmp_name'] = $_FILES[$picedit]['tmp_name'][$key];
$_FILES[$picedit . $key]['error'] = $_FILES[$picedit]['error'][$key];
$_FILES[$picedit . $key]['size'] = $_FILES[$picedit]['size'][$key];
$picid = intval($_POST[$picids][$key]);
$tupianji = uploadfile($picedit . $key, $title . "商品图片-商品" . $picid);
$articlepic = empty($tupianji) ? save($_POST[$artpicedit][$key]) : $tupianji['FilePath'];
//------图片描述 start
$picsdes = $field . "picdes_edit";
$picdes = save($_POST[$picsdes][$key]);
//------图片描述 end
//------图片排序 start
$picsorder = $field . "picorder_edit";
$picorder = intval($_POST[$picsorder][$key]);
//------图片排序 end
$picid && $DreamCMS->db->query("UPDATE `#DC@__article_pics` SET `aid`='{$aid}',`articlepic`='{$articlepic}',`picdes`='{$picdes}',`picorder`='{$picorder}' WHERE `picid`='{$picid}' LIMIT 1");
}
}
//------更新文章图片集 end
}
}
} else {
SmartyValidate::connect($smarty);
// validate after a POST
if (SmartyValidate::is_valid($_POST)) {
// no errors, done with SmartyValidate
if (array_key_exists('submit', $_POST)) {
//var_dump($_POST); exit;
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$mobile_number = $_POST['mobile_number'];
$email = $_POST['email'];
$password = md5($_POST['password']);
$location = $_POST['area_element'];
$medical = $_POST['medical'];
$profile = $_POST['profile'];
$pix = uploadfile('pix');
//exit();
$userID = $obj->newUser($lastname, $firstname, $email, $mobile_number, $password, $location, $pix, $profile);
if (empty($medical)) {
} else {
if ($medical == 'specialist') {
$specializationID = $_POST['specialist'];
$hospital = $_POST['hospitals'];
$obj->addNewSpecialist($userID, $specializationID, $hospital);
} else {
if ($medical == 'pharmacist') {
$pharmacy = $_POST['pharmacy'];
$certifiedNumber = $_POST['certify'];
$obj->addPharmacist($pharmacy, $userID, $location, $certifiedNumber);
} else {
if ($medical == 'hospital') {
alert('删除成功', 'url:1');
} else {
alert('删除失败');
}
exit;
break;
case 'post':
if ($action == 'edit') {
foreach ($_POST['picdes'] as $picid => $value) {
$thispicorder = intval($_POST['picorder'][$picid]);
$picid && $DreamCMS->db->query("update `#DC@__otherpics` set `picdes`='{$value}',`picorder`='{$thispicorder}' where `picid`='{$picid}'");
}
_Header();
}
if ($action == 'add') {
$picid = intval($picid);
$picdes = $_POST['picdes'] ? save($_POST['picdes']) : '';
$picorder = intval($_POST['picorder']);
$pictype = $_POST['pictype'] ? save($_POST['pictype']) : 'download';
$artpicurl = $_POST['artpicurl'] ? save($_POST['artpicurl']) : '';
$_picurl = uploadfile("picurl", $picdes);
$picurl = empty($_picurl) ? $artpicurl : $_picurl['FilePath'];
if ($picid) {
$DreamCMS->db->query("UPDATE `#DC@__otherpics` SET `picdes`='{$picdes}',`picorder`='{$picorder}',`pictype`='{$pictype}',`picurl`='{$picurl}' WHERE `picid`='{$picid}' LIMIT 1");
} else {
$DreamCMS->db->query("INSERT INTO `#DC@__otherpics` (`picdes`,`picorder`,`pictype`,`picurl`) VALUES ('{$picdes}','{$picorder}','{$pictype}','{$picurl}')");
}
_Header("admincp.php?do=otherpics&pictype=" . $pictype);
}
break;
}
if ($file == 1) {
//файл есть , предпринимаем меры
if (!$tempsize) {
echo "Это не картинка ! Файл не был сохранен. <br>";
exit;
}
// тоже 0 при >64k
if ($size > 900000) {
echo "Превышен hardcoded лимит в 900Кб";
exit;
}
//CFG OPT FUTURE TODO:
echo "Куда:" . $uploaddir . "/ File:" . $commmsg . $formatscr . "<br>";
echo "fullpathname={$scrfullpathname}<br>";
unlink($scrfullpathname);
$error = uploadfile($uploaddir . "/", $commmsg . $formatscr);
//почему !!!?? Залить не удалось
die("Aaaaaaaaaaa");
if ($error) {
ob_clean();
lprint("FS_FWR");
} else {
ob_clean();
lprint("FS_FWRFAIL");
}
echo $uploaddir . "/", $commmsg . ".jpg";
echo "Он был успешным юзернеймом на УПячке!<br>";
}
}
//end of upload//.... if($error==false) echo "Слив не засчитан"; //end comment write
if ($delcom) {
} elseif ($do == "post") {
checkverifycode(trim($_POST['verifycode']), $DreamCMS->language('post:verifycode'), "post");
$title = htmlspecialchars($_POST['title']);
$cid = intval($_POST['catalog']);
$source = htmlspecialchars($_POST['source']);
$author = htmlspecialchars($_POST['author']);
$description = htmlspecialchars($_POST['description']);
$keywords = htmlspecialchars($_POST['keywords']);
$tags = htmlspecialchars($_POST['tag']);
$body = $_POST['content'];
empty($title) && alert($DreamCMS->language('post:checktitlempty'));
empty($cid) && alert($DreamCMS->language('post:checkcid'));
empty($body) && alert($DreamCMS->language('post:checkbody'));
isset($_POST['keywordToTag']) && ($tags = str_replace(',', ' ', $keywords));
empty($description) && ($description = csubstr(HtmToText($body), $DreamCMS->config['descLen']));
$_pic = uploadfile("pic", $title);
$pic = $_pic['FilePath'];
$customlink = GetPinyin($title);
$visible = $_catalog[$cid]['isexamine'] == "1" ? "0" : "1";
$postype = "-1";
$pubdate = time();
$userid = $type = $hits = $digg = $comments = "0";
$filename = $url = "";
$data = compact('cid', 'title', 'customlink', 'url', 'filename', 'source', 'author', 'userid', 'postype', 'keywords', 'tags', 'description', 'filename', 'pic', 'pubdate', 'hits', 'digg', 'comments', 'type', 'visible');
$DreamCMS->db->get_var("SELECT `id` FROM `#DC@__article` where `title` = '{$title}'") && alert($DreamCMS->language('post:checktitle'));
$DreamCMS->db->insert('article', $data);
$aid = $DreamCMS->db->insert_id;
$DreamCMS->db->insert('articledata', compact('aid', 'subtitle', 'body'));
tag($tags);
MakeArticleHtm($DreamCMS->db->insert_id);
$DreamCMS->db->query("UPDATE `#DC@__catalog` SET `count` = count+1 WHERE `id` ='{$cid}' LIMIT 1 ");
$attach_subdir = 'day_' . date('ymd');
break;
case 2:
$attach_subdir = 'month_' . date('ym');
break;
case 3:
$attach_subdir = 'ext_' . $extension;
break;
}
$attach_dir = $attachdir . '/' . $attach_subdir;
if (!is_dir($attach_dir)) {
@mkdir($attach_dir, 0777);
@fclose(fopen($attach_dir . '/index.htm', 'w'));
}
PHP_VERSION < '4.2.0' && mt_srand((double) microtime() * 1000000);
$filename = date("YmdHis") . mt_rand(1000, 9999) . '.' . $extension;
$target = $attach_dir . '/' . $filename;
move_uploaded_file($upfile['tmp_name'], $target);
$msg = $target;
} else {
$err = '文件大小超过' . $maxattachsize . '字节';
}
} else {
$err = '上传文件扩展名必需为:' . $upext;
}
@unlink($temppath);
}
return array('err' => $err, 'msg' => $msg);
}
$state = uploadfile('upload');
echo json_encode($state);
function upload($usuario, $empresa, $conexion)
{
$path = (string) $_POST['path'];
$filedata = (string) $_POST['filedata'];
$formId = (string) $_POST['formId'];
$campo = (string) $_POST['campo'];
$return = array('success' => false, 'msg' => 'No se pudo subir el archivo.');
if ($_FILES['error'] == UPLOAD_ERR_OK) {
$filedata = unserialize(base64_decode($filedata));
$filesize = $_FILES['file']['size'];
$maxfile = $filedata['maxfile'] * 1048576;
if ($filesize <= $maxfile) {
$codigo = (int) numerador('archivoTemporal', 0, '');
$return = uploadfile($codigo, $_FILES, $path, $filedata['tipos']);
if ($return['success']) {
deleteFileTemporal($formId, $conexion);
insertFileTemporal($codigo, $return, $formId, $campo, $usuario, $empresa, $conexion);
}
} else {
$return['msg'] = 'El archivo no puede superar los ' . $filedata['maxfile'] . ' Mb';
}
}
return $return;
}
$del = $DreamCMS->db->query("DELETE FROM `#DC@__wordcup_focusrecomment` WHERE `id`='{$id}' LIMIT 1");
if ($del) {
alert('删除成功!', 'url:1');
} else {
alert('删除失败!');
}
break;
case 'post':
if ($action == 'add') {
$id = (int) $_POST['id'];
$title = save($_POST['title']);
!$title && alert('视频名称不能为空!');
$positions = intval($_POST['positions']);
//图标 start
$artpics = save($_POST['artpics']);
$_pics = uploadfile("pics", $title);
$pics = empty($_pics) ? $artpics : $_pics['FilePath'];
//图标 end
$starttime = $_POST['starttime'] ? _strtotime($_POST['starttime']) : 0;
$endtime = $_POST['endtime'] ? _strtotime($_POST['endtime']) : 0;
$addtime = time();
$showstate = intval($_POST['showstate']);
//播放来源 start
$playsource = '';
if ($_POST['play_url'] && is_array($_POST['play_url'])) {
foreach ($_POST['play_url'] as $key => $val) {
$thisplay_url = save($val);
if ($thisplay_url) {
//排序 start
$numkey = addKey($playsource, $_POST['play_orders'][$key]);
//排序 end
// {
// $newname=uploadfile($fileinfo,'../uploads',$allowext);
// }
if($fileinfo['name']==null){
$arr=array(
"title"=>$_POST['title'],
"classname"=>$_POST['classname'],
"keywords"=>$_POST['keywords'],
"ar_desc"=>$_POST['ar_desc'],
"titlepic"=>$_POST['titlepic'],
"subdate"=>date("Y/m/d"),
"content"=>$_POST['content']
);
}
else{
$newname=uploadfile($fileinfo,'../uploads',$allowext);
$arr=array(
"title"=>$_POST['title'],
"classname"=>$_POST['classname'],
"keywords"=>$_POST['keywords'],
"ar_desc"=>$_POST['ar_desc'],
"titlepic"=>$newname,
"subdate"=>date("Y/m/d"),
"content"=>$_POST['content']
);
}
if(update("dw_article",$arr,"articleid=".$id)){
echo '<div class="alert alert-success" role="alert">修改成功,<a href="list_article.php">查看文章列表</a></div>';
}
else
/**
* 模型在线投稿提交处理函数
*/
function modelpost($cacheinfo, $cp = 1)
{
global $_SGLOBAL, $theurl, $_SCONFIG;
include_once S_ROOT . './function/upload.func.php';
$_POST['mid'] = !empty($_POST['mid']) ? intval($_POST['mid']) : 0;
$itemid = !empty($_POST['itemid']) ? intval($_POST['itemid']) : 0;
$hash = '';
$op = 'add';
$resultitems = $resultmessage = array();
$modelsinfoarr = $cacheinfo['models'];
$columnsinfoarr = $cacheinfo['columns'];
//获取等级信息
if ($cacheinfo['models']['modelname'] == 'defect') {
switch ($_POST['grade']) {
case 1:
$_POST['grade'] = '64';
break;
case 2:
$_POST['grade'] = '32';
break;
case 3:
$_POST['grade'] = '16';
break;
case 4:
$_POST['grade'] = '9';
break;
case 5:
$_POST['grade'] = '4';
break;
case 6:
$_POST['grade'] = '1';
break;
case 7:
$_POST['grade'] = '-1';
break;
case 8:
$_POST['grade'] = '-2';
break;
case 9:
$_POST['grade'] = '-3';
break;
}
$gradearr = array('0' => $alang['general_state'], '64' => $alang['check_grade_1'], '32' => $alang['check_grade_2'], '16' => $alang['check_grade_3_1'], '9' => $alang['check_grade_3_2'], '4' => $alang['check_grade_3_3'], '1' => $alang['check_grade_4'], '-1' => $alang['check_grade_5'], '-2' => $alang['check_grade_6'], '-3' => $alang['check_grade_7']);
if (!empty($_SCONFIG['checkgrade'])) {
$newgradearr = explode("\t", $_SCONFIG['checkgrade']);
$gradearr['64'] = $newgradearr[0];
$gradearr['32'] = $newgradearr[1];
$gradearr['16'] = $newgradearr[2];
$gradearr['9'] = $newgradearr[3];
$gradearr['4'] = $newgradearr[4];
$gradearr['1'] = $newgradearr[5];
$gradearr['-1'] = $newgradearr[6];
$gradearr['-2'] = $newgradearr[7];
$gradearr['-3'] = $newgradearr[8];
}
} else {
$gradearr = array('0' => $alang['general_state'], '1' => $alang['check_grade_1'], '2' => $alang['check_grade_2'], '3' => $alang['check_grade_3'], '4' => $alang['check_grade_4'], '5' => $alang['check_grade_5'], '6' => $alang['check_grade_6'], '7' => $alang['check_grade_7']);
if (!empty($_SCONFIG['checkgrade'])) {
$newgradearr = explode("\t", $_SCONFIG['checkgrade']);
for ($i = 0; $i < count($newgradearr); $i++) {
if (!empty($newgradearr[$i])) {
$gradearr[$i + 1] = $newgradearr[$i];
}
}
}
}
if (empty($_POST['mid']) || $_POST['mid'] != $modelsinfoarr['mid']) {
showmessage('parameter_error');
}
$feedcolum = array();
foreach ($columnsinfoarr as $result) {
if ($result['isfixed'] == 1) {
$resultitems[] = $result;
} else {
$resultmessage[] = $result;
}
if ($result['formtype'] == 'linkage') {
if (!empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $cacheinfo['linkage']['info'][$result['fieldname']][$_POST[$result['fieldname']]];
}
} elseif ($result['formtype'] == 'timestamp') {
if (empty($_POST[$result['fieldname']])) {
$_POST[$result['fieldname']] = $_SGLOBAL['timestamp'];
} else {
$_POST[$result['fieldname']] = sstrtotime($_POST[$result['fieldname']]);
}
}
}
//更新用户最新更新时间
if (empty($itemid) && $_SGLOBAL['supe_uid']) {
updatetable('members', array('updatetime' => $_SGLOBAL['timestamp']), array('uid' => $_SGLOBAL['supe_uid']));
}
//输入检查
$_POST['catid'] = intval($_POST['catid']);
$_POST['allowreply'] = isset($_POST['allowreply']) ? intval($_POST['allowreply']) : checkperm('allowcomment') ? 1 : 0;
$_POST['subject'] = shtmlspecialchars(trim($_POST['subject']));
//检查输入
if (strlen($_POST['subject']) < 2 || strlen($_POST['subject']) > 80) {
showmessage('space_suject_length_error');
}
if (empty($_POST['catid'])) {
showmessage('admin_func_catid_error');
}
if (!empty($_FILES['subjectimage']['name'])) {
$fileext = fileext($_FILES['subjectimage']['name']);
if (!in_array($fileext, array('jpg', 'jpeg', 'gif', 'png'))) {
showmessage('document_types_can_only_upload_pictures');
}
}
//数据检查
checkvalues(array_merge($resultitems, $resultmessage), 0, 1);
//修改时检验标题图片是否修改
$defaultmessage = array();
if (!empty($itemid)) {
if (empty($_POST['subjectimage_value']) || !empty($_FILES['subjectimage']['name'])) {
//当file删除时,或修改时执行删除操作
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' WHERE itemid = \'' . $itemid . '\'');
$defaultmessage = $_SGLOBAL['db']->fetch_array($query);
$hash = getmodelhash($_GET['mid'], $itemid);
deletetable('attachments', array('hash' => $hash, 'subject' => 'subjectimage'));
//删除附件表
updatetable($modelsinfoarr['modelname'] . 'items', array('subjectimage' => ''), array('itemid' => $itemid));
$ext = fileext($defaultmessage['subjectimage']);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage['subjectimage'], 0, strrpos($defaultmessage['subjectimage'], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage['subjectimage']);
}
}
//构建数据
$setsqlarr = $setitemsqlarr = array();
$setsqlarr = getsetsqlarr($resultitems);
$setsqlarr['catid'] = $_POST['catid'];
$setsqlarr['subject'] = $_POST['subject'];
$setsqlarr['allowreply'] = $_POST['allowreply'];
$setsqlarr['grade'] = intval($_POST['grade']);
//modify by jyf,没权限的用户不能改审核等级
if ($setsqlarr['grade'] > 0) {
if (!checkperm('manageeditpost')) {
showmessage('no_permission');
}
}
//end
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
$setsqlarr['uid'] = $_SGLOBAL['supe_uid'];
$setsqlarr['username'] = $_SGLOBAL['supe_username'];
$setsqlarr['lastpost'] = $setsqlarr['dateline'];
$modelsinfoarr['subjectimagewidth'] = 400;
$modelsinfoarr['subjectimageheight'] = 300;
if (!empty($modelsinfoarr['thumbsize'])) {
$modelsinfoarr['thumbsize'] = explode(',', trim($modelsinfoarr['thumbsize']));
$modelsinfoarr['subjectimagewidth'] = $modelsinfoarr['thumbsize'][0];
$modelsinfoarr['subjectimageheight'] = $modelsinfoarr['thumbsize'][1];
}
$uploadfilearr = $ids = array();
$subjectimageid = '';
$uploadfilearr = uploadfile(array(array('fieldname' => 'subjectimage', 'fieldcomment' => modelmsg('photo_title'), 'formtype' => 'img')), $_POST['mid'], 0, 1, $modelsinfoarr['subjectimagewidth'], $modelsinfoarr['subjectimageheight']);
if (!empty($uploadfilearr)) {
$feedsubjectimg = $uploadfilearr;
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//词语过滤
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
//发布时间
if (empty($_POST['dateline'])) {
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
} else {
$setsqlarr['dateline'] = sstrtotime($_POST['dateline']);
if ($setsqlarr['dateline'] > $_SGLOBAL['timestamp'] || $setsqlarr['dateline'] < $_SGLOBAL['timestamp'] - 3600 * 24 * 365 * 2) {
//不能早于2年
$setsqlarr['dateline'] = $_SGLOBAL['timestamp'];
}
}
//附件处理-by jyf
if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
$setsqlarr['attaches'] = implode(',', $_POST['divupload']);
}
//创新园地新增两个字段-------89184
if ($cacheinfo['models']['modelname'] == 'creative') {
if (empty($_POST['creative_value'])) {
showmessage('请输入创新价值说明');
}
if (empty($_POST['creative_days'])) {
showmessage('本创新所耗的工作量');
}
$setsqlarr['value'] = $_POST['creative_value'];
$setsqlarr['days'] = $_POST['creative_days'];
}
if (!checkperm('allowdirectpost') || checkperm('managemodpost')) {
//不需要审核时入item表
if (empty($itemid)) {
//插入数据
$itemid = inserttable($modelsinfoarr['modelname'] . 'items', $setsqlarr, 1);
//取消邮件通知 --89184
$email = get_cate_mail($_POST['catid']);
$url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
if ($_POST['modelname'] == 'creative') {
if ($_POST['creative_type'] == '流程建议') {
$email = $email . ',' . get_cate_process_mail($setsqlarr['catid']);
}
}
$emails = explode(',', $email);
if (count($emails) > 0) {
include S_ROOT . './function/sendmail.fun.php';
$url1 = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
if ($cacheinfo['models']['modelname'] == 'creative') {
$msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的创新:<br />' . $url1;
sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的创新《' . $_POST['subject'] . "》", $msg1);
} else {
if ($cacheinfo['models']['modelname'] == 'defect') {
$msg1 = '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例:<br />' . $url1;
sendmail($emails, '用户 ' . $setsqlarr['username'] . ' 提交了新的缺陷预防案例《' . $_POST['subject'] . "》", $msg1);
}
}
}
} else {
//更新
$op = 'update';
unset($setsqlarr['uid']);
unset($setsqlarr['username']);
unset($setsqlarr['lastpost']);
if ($setsqlarr['grade'] > 0) {
$setsqlarr['shenhezhe'] = $_SGLOBAL['supe_username'];
if ($_POST['modelname'] == 'creative') {
if ($_POST['creative_type'] == '主管月度创新') {
if (!check_cate_director($setsqlarr['catid'])) {
showmessage('no_permission');
}
}
}
}
updatetable($modelsinfoarr['modelname'] . 'items', $setsqlarr, array('itemid' => $itemid));
$query = $_SGLOBAL['db']->query('SELECT * FROM ' . tname($modelsinfoarr['modelname'] . 'message') . ' WHERE nid = \'' . $_POST['nid'] . '\'');
$defaultmessage = $_SGLOBAL['db']->fetch_array($query);
//邮件通知--等级审核
if ($setsqlarr['grade'] > 0) {
$sqlstr = 'SELECT u.*, s.* FROM ' . tname($modelsinfoarr['modelname'] . 'items') . ' s LEFT JOIN ' . tname('members') . ' u ON u.uid=s.uid WHERE s.itemid=\'' . $itemid . '\'';
$query = $_SGLOBAL['db']->query($sqlstr);
$value = $_SGLOBAL['db']->fetch_array($query);
$email = $value['email'];
if (!empty($email)) {
include S_ROOT . './function/sendmail.fun.php';
$url = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
$emails = explode(',', $email);
if ($_POST['modelname'] == 'creative') {
$msg = '你的创新已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
} else {
$msg = '你的缺陷预防案例已被审核,等级:' . $gradearr[$setsqlarr[grade]] . '(' . $setsqlarr['grade'] . ')<br />' . $url;
}
sendmail($emails, $setsqlarr['subject'], $msg);
}
}
}
if (!empty($_POST['divupload']) && is_array($_POST['divupload'])) {
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=1, type=\'' . $modelsinfoarr['modelname'] . '\', itemid=' . $itemid . ', catid=\'' . $_POST['catid'] . '\' WHERE hash=\'' . $_POST['hash'] . '\'');
}
$hash = getmodelhash($_POST['mid'], $itemid);
if (!empty($ids)) {
$ids = simplode($ids);
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$do = 'pass';
} else {
if (!empty($uploadfilearr['subjectimage']['aid'])) {
$subjectimageid = $uploadfilearr['subjectimage']['aid'];
}
$setitemsqlarr = $setsqlarr;
$do = 'me';
}
if ($op == 'update') {
if (!empty($resultmessage)) {
foreach ($resultmessage as $value) {
if (preg_match("/^(img|flash|file)\$/i", $value['formtype']) && !empty($defaultmessage[$value['fieldname']])) {
if (empty($_POST[$value['fieldname'] . '_value']) || !empty($_FILES[$value['fieldname']]['name'])) {
//当file删除时,或修改时执行删除操作
deletetable('attachments', array('hash' => $hash, 'subject' => $value['fieldname']));
//删除附件表
updatetable($modelsinfoarr['modelname'] . 'message', array($value['fieldname'] => ''), array('nid' => $_POST['nid']));
$ext = fileext($defaultmessage[$value['fieldname']]);
if (in_array($ext, array('jpg', 'jpeg', 'png'))) {
@unlink(A_DIR . '/' . substr($defaultmessage[$value['fieldname']], 0, strrpos($defaultmessage[$value['fieldname']], '.')) . '.thumb.jpg');
}
@unlink(A_DIR . '/' . $defaultmessage[$value['fieldname']]);
}
}
}
}
}
//内容
$setsqlarr = $uploadfilearr = $ids = array();
$setsqlarr = getsetsqlarr($resultmessage);
$uploadfilearr = $feedcolum = uploadfile($resultmessage, $_POST['mid'], $itemid, 0);
$setsqlarr['message'] = trim($_POST['message']);
$setsqlarr['postip'] = $_SGLOBAL['onlineip'];
if (!empty($uploadfilearr)) {
foreach ($uploadfilearr as $tmpkey => $tmpvalue) {
if (empty($tmpvalue['error'])) {
$setsqlarr[$tmpkey] = $tmpvalue['filepath'];
}
if (!empty($tmpvalue['aid'])) {
$ids[] = $tmpvalue['aid'];
}
}
}
//添加内容
if (!empty($modelsinfoarr['allowfilter'])) {
$setsqlarr = scensor($setsqlarr, 1);
}
if (!checkperm('allowdirectpost') || checkperm('managemodpost') || checkperm('allowdirectpost') && $op == 'update') {
//不需要审核时入message表
if ($op == 'add') {
$setsqlarr['itemid'] = $itemid;
//添加内容
inserttable($modelsinfoarr['modelname'] . 'message', $setsqlarr);
getreward('postinfo');
if (allowfeed() && !empty($_POST['addfeed']) && !empty($_SGLOBAL['supe_uid'])) {
$feed['icon'] = 'comment';
$feed['title_template'] = 'feed_model_title';
$murl = geturl('action/model/name/' . $modelsinfoarr['modelname'] . '/itemid/' . $itemid);
$aurl = A_URL;
if (empty($_SCONFIG['siteurl'])) {
$siteurl = getsiteurl();
$murl = $siteurl . $murl;
$aurl = $siteurl . $aurl;
} else {
$siteurl = S_URL_ALL;
}
$feed['title_data'] = array('modelname' => '<a href="' . $siteurl . '/m.php?name=' . $modelsinfoarr['modelname'] . '">' . $modelsinfoarr['modelalias'] . '</a>');
$feed['body_template'] = 'feed_model_message';
$feed['body_data'] = array('subject' => '<a href="' . $murl . '">' . $_POST['subject'] . '</a>', 'message' => cutstr(strip_tags(preg_replace("/\\[.+?\\]/is", '', $_POST['message'])), 150));
if (!empty($feedsubjectimg)) {
$feed['images'][] = array('url' => $aurl . '/' . $feedsubjectimg['subjectimage']['filepath'], 'link' => $murl);
} else {
foreach ($feedcolum as $feedimgvalue) {
if ($feedimgvalue['filepath']) {
$feed['images'][] = array('url' => $aurl . '/' . $feedimgvalue['filepath'], 'link' => $murl);
break;
}
}
if (empty($feed['images'])) {
$picurl = getmessagepic(stripslashes($_POST['message']));
if ($picurl && strpos($picurl, '://') === false) {
$picurl = $siteurl . '/' . $picurl;
}
if (!empty($picurl)) {
$feed['images'][] = array('url' => $picurl, 'link' => $murl);
}
}
}
postfeed($feed);
}
} else {
//更新内容
updatetable($modelsinfoarr['modelname'] . 'message', $setsqlarr, array('nid' => $_POST['nid'], 'itemid' => $itemid));
}
updatetable('attachments', array('isavailable' => '1', 'type' => 'model'), array('hash' => $hash));
if (checkperm('allowdirectpost') && $op == 'update') {
deletemodelitems($modelsinfoarr['modelname'], array($itemid), $_POST['mid'], 1, 1);
}
if (checkperm('allowdirectpost') && $op == 'update') {
$jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('writing_success_online_please_wait_for_audit', $jpurl);
} else {
$jpurl = $cp ? S_URL . '/' . $theurl . '&mid=' . $modelsinfoarr['mid'] : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('online_contributions_success', $jpurl);
}
} else {
$setsqlarr = array_merge($setitemsqlarr, $setsqlarr);
$setsqlarr['addfeed'] = $_POST['addfeed'];
$setsqlarr = array('subject' => $setitemsqlarr['subject'], 'mid' => $modelsinfoarr['mid'], 'uid' => $setsqlarr['uid'], 'message' => saddslashes(serialize($setsqlarr)), 'dateline' => $_SGLOBAL['timestamp'], 'folder' => 1);
if (!empty($_POST['itemid'])) {
$itemid = intval($_POST['itemid']);
updatetable('modelfolders', $setsqlarr, array('itemid' => $itemid));
} else {
$itemid = inserttable('modelfolders', $setsqlarr, 1);
}
if (!empty($subjectimageid)) {
$ids[] = $subjectimageid;
}
if (!empty($ids)) {
$ids = simplode($ids);
$hash = 'm' . str_pad($_POST['mid'], 6, 0, STR_PAD_LEFT) . 'f' . str_pad($itemid, 8, 0, STR_PAD_LEFT);
$_SGLOBAL['db']->query('UPDATE ' . tname('attachments') . ' SET isavailable=\'1\', type=\'model\', hash=\'' . $hash . '\' WHERE aid IN (' . $ids . ')');
}
$jpurl = $cp ? empty($setsqlarr['uid']) ? S_URL . "/admincp.php?action=modelmanages&op=add&mid={$modelsinfoarr['mid']}" : S_URL . "/admincp.php?action=modelfolders&mid={$modelsinfoarr['mid']}" : S_URL . "/cp.php?ac=models&op=list&do={$do}&nameid={$modelsinfoarr['modelname']}";
showmessage('writing_success_online_please_wait_for_audit', $jpurl);
}
}
$createtime = _strtotime($_POST['createtime']);
$updatetime = time();
$data = compact('cid', 'title', 'keyword', 'description', 'body', 'creater', 'updater', 'createtime', 'updatetime');
if (empty($id)) {
$DreamCMS->db->insert('page', $data);
redirect($name . "页面添加完成!", "admincp.php?do=catalog");
} else {
$DreamCMS->db->update('page', $data, compact('id'));
redirect($name . "编辑完成!", "admincp.php?do=catalog");
}
}
if ($action == 'reupload') {
$fid = (int) $_POST['fid'];
$rs = $DreamCMS->db->get_row("SELECT * FROM `#DC@__file` WHERE `id`='{$fid}' LIMIT 1");
$path = str_replace(array($DreamCMS->config['uploadfiledir'] . '/', $rs->filename), '', $rs->path);
uploadfile('file', '', $path, $rs->filename, 'reupload');
alert($rs->filename . '重新上传成功!', 'javascript:window.parent.location.reload();');
}
if (isset($_POST['delete'])) {
$i = 0;
foreach ($_POST['delete'] as $fid) {
deletefile($fid) && $i++;
}
alert("共删除{$i}个文件!", "url:1");
} else {
_header();
}
break;
}
function deletefile($fid)
{
<?php
echo "<hr>";
echo $_FILES["uploadedfile"]["type"];
echo "<br>";
echo $_FILES["uploadedfile"]["name"];
echo "<br>";
echo $_FILES["uploadedfile"]["error"];
echo "<br>";
echo "<hr>";
$info = pathinfo($_FILES['uploadedfile']['name']);
if ($info["extension"] == "csv") {
$mimes = array('text/csv', 'application/csv', 'text/comma-separated-values', 'application/excel', 'application/vnd.ms-excel', 'application/vnd.msexcel', 'application/octet-stream', 'application/txt', 'text/tsv');
if (in_array($_FILES['uploadedfile']['type'], $mimes)) {
echo "<br> This is a CSV file<br>";
$filepath = uploadfile($_FILES);
readmycsvfile($filepath);
} else {
echo "<br> Nai hUa<br>";
}
} else {
echo "Not a CSV Extension";
}
function uploadfile($_FILES)
{
echo "---------------";
$target_path = "uploads/" . basename($_FILES['uploadedfile']['name']);
if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file " . basename($_FILES['uploadedfile']['name']) . " has been uploaded";
return $target_path;
} else {
<?php
include 'mega.php';
if (isset($_GET['url'])) {
$url = parse_url($_GET['url'], PHP_URL_PATH);
$ext = pathinfo($url);
$filename = "temp/" . uniqid() . "-" . $ext['basename'];
copy($_GET['url'], $filename);
login("login", "password");
uploadfile($filename);
header("location:../index.php");
}
