// 赋值给模板 $smarty->assign('form_action', 'insert'); $smarty->assign('product_category', $dou->get_category_nolevel('product_category')); $smarty->assign('product', $product); $smarty->display('product.htm'); } elseif ($rec == 'insert') { if (empty($_POST['product_name'])) { $dou->dou_msg($_LANG['product_name'] . $_LANG['is_empty']); } if (!$check->is_price($_POST['price'] = trim($_POST['price']))) { $dou->dou_msg($_LANG['price_wrong']); } $upfile = array(); // 判断是否有上传图片/上传图片生成 if ($_FILES['product_image']['name'] != '') { $upfile[0] = $img->upload_image('product_image', $id); // 上传的文件域 $file = $images_dir . $upfile[0]; $img->make_thumb($upfile[0], $_CFG['thumb_width'], $_CFG['thumb_height']); } for ($i = 1; $i <= 5; $i++) { //添加附属图片input名为product_image_1样式的 if ($_FILES['product_image_' . $i]['name'] != '') { $upfile[$i] = $img->upload_image('product_image_' . $i, $id); $file = $file . "," . $images_dir . $upfile[$i]; $img->make_thumb($upfile[$i], $_CFG['thumb_width'], $_CFG['thumb_height']); } } // CSRF防御令牌验证 $firewall->check_token($_POST['token'], 'product_add'); $add_time = time();
$smarty->assign('show_list', $dou->get_show_list('mobile')); // 幻灯列表 if ($act == 'default') { // CSRF防御令牌生成 $smarty->assign('token', $firewall->set_token('mobile_show_add')); $smarty->display('mobile.htm'); } elseif ($act == 'insert') { if (empty($_POST['show_name'])) { $dou->dou_msg($_LANG['show_name'] . $_LANG['is_empty']); } // 上传图片生成 $name = date('Ymd'); for ($i = 0; $i < 6; $i++) { $name .= chr(mt_rand(97, 122)); } $upfile = $img->upload_image('show_img', $name); // 上传的文件域 $file = $images_dir . $upfile; $img->to_file = true; $img->make_thumb($upfile, 100, 100); // CSRF防御令牌验证 $firewall->check_token($_POST['token'], 'mobile_show_add'); $sql = "INSERT INTO " . $dou->table('show') . " (id, show_name, show_link, show_img, type, sort)" . " VALUES (NULL, '{$_POST['show_name']}', '{$_POST['show_link']}', '{$file}', 'mobile', '{$_POST['sort']}')"; $dou->query($sql); $dou->create_admin_log($_LANG['mobile'] . ' - ' . $_LANG['show_add'] . ': ' . $_POST[show_name]); $dou->dou_msg($_LANG['show_add_succes'], 'mobile.php?rec=show'); } elseif ($act == 'edit') { // 验证并获取合法的ID $id = $check->is_number($_REQUEST['id']) ? $_REQUEST['id'] : ''; $query = $dou->select($dou->table('show'), '*', '`id` = \'' . $id . '\''); $show = $dou->fetch_array($query);
$smarty->assign('article_category', $dou->get_category_nolevel('article_category')); $smarty->assign('article', $article); $smarty->display('article.htm'); } elseif ($rec == 'insert') { if (empty($_POST['title'])) { $dou->dou_msg($_LANG['article_name'] . $_LANG['is_empty']); } // 判断是否有上传图片/上传图片生成 if ($_FILES['image']['name'] != "") { // 生成图片文件名 $file_name = date('Ymd'); for ($i = 0; $i < 6; $i++) { $file_name .= chr(mt_rand(97, 122)); } // 其中image指的是上传的文本域名称,$file_name指的是生成的图片文件名 $upfile = $img->upload_image('image', $file_name); $file = $images_dir . $upfile; // $img->make_thumb($upfile, 100, 100); // 生成缩略图 } $add_time = time(); // 格式化自定义参数 $_POST['defined'] = str_replace("\r\n", ',', $_POST['defined']); // CSRF防御令牌验证 $firewall->check_token($_POST['token'], 'article_add'); $sql = "INSERT INTO " . $dou->table('article') . " (id, cat_id, title, defined, content, image ,keywords, add_time, description)" . " VALUES (NULL, '{$_POST['cat_id']}', '{$_POST['title']}', '{$_POST['defined']}', '{$_POST['content']}', '{$file}', '{$_POST['keywords']}', '{$add_time}', '{$_POST['description']}')"; $dou->query($sql); $dou->create_admin_log($_LANG['article_add'] . ': ' . $_POST['title']); $dou->dou_msg($_LANG['article_add_succes'], 'article.php'); } elseif ($rec == 'edit') { $smarty->assign('ur_here', $_LANG['article_edit']); $smarty->assign('action_link', array('text' => $_LANG['article'], 'href' => 'article.php'));
} /** * +---------------------------------------------------------- * 安装本地模块 * +---------------------------------------------------------- */ if ($rec == 'install') { // 判断是否有上传文件 if ($_FILES['zipfile']['name'] == '') { $dou->dou_msg($_LANG['module_file_empty'], 'module.php?rec=local'); } else { $zipfile_name = rtrim($_FILES['zipfile']['name'], '.zip'); } // CSRF防御令牌验证 $firewall->check_token($_POST['token'], 'module_local'); if ($dou_upload->upload_image('zipfile', $zipfile_name)) { $dou->dou_header('cloud.php?rec=handle&type=module&mode=local&cloud_id=' . $zipfile_name); } } /** * +---------------------------------------------------------- * 模板卸载页面 * +---------------------------------------------------------- */ if ($rec == 'uninstall') { $smarty->assign('ur_here', $_LANG['module']); // 载入待删除模块 $zipfile_list = glob($cache_dir . '*.zip'); foreach ((array) $zipfile_list as $zipfile) { $uninstall_list[] = rtrim(basename($zipfile), '.zip'); }
// CSRF防御令牌生成 $smarty->assign('token', $firewall->set_token('fragment_add')); // 赋值给模板 $smarty->assign('form_action', 'insert'); $smarty->assign('fragment_list', get_fragment_list()); $smarty->display('fragment.htm'); } elseif ($rec == 'insert') { if (empty($_POST['fragment_name'])) { $dou->dou_msg($_LANG['fragment_name'] . $_LANG['is_empty']); } if (!preg_match("/^[a-z0-9_]+\$/", $_POST['mark'])) { $dou->dou_msg($_LANG['fragment_mark_cue']); } // 判断是否有上传图片/上传图片生成 if ($_FILES['image']['name'] != "") { $upfile = $img->upload_image('image', $_POST['mark']); // 以唯一标记为图片名称 $image = $images_dir . $upfile; } // CSRF防御令牌验证 $firewall->check_token($_POST['token'], 'fragment_add'); $sql = "INSERT INTO " . $dou->table('fragment') . " (id, fragment_name, mark, parent_id, text ,image, link, sort)" . " VALUES (NULL, '{$_POST['fragment_name']}', '{$_POST['mark']}', '{$_POST['parent_id']}', '{$_POST['text']}', '{$image}', '{$_POST['link']}', '{$_POST['sort']}')"; $dou->query($sql); $dou->create_admin_log($_LANG['fragment_add'] . ': ' . $_POST['fragment_name']); $dou->dou_msg($_LANG['fragment_add_succes'], 'fragment.php'); } elseif ($rec == 'edit') { $smarty->assign('ur_here', $_LANG['fragment_edit']); $smarty->assign('action_link', array('text' => $_LANG['fragment_list'], 'href' => 'fragment.php')); // 验证并获取合法的ID $id = $check->is_number($_REQUEST['id']) ? $_REQUEST['id'] : ''; $query = $dou->select($dou->table('fragment'), '*', '`id` = \'' . $id . '\'');
$smarty->assign('page_list', $dou->get_page_nolevel()); $smarty->assign('page', $page); //赋值用户输入的数据 $smarty->display('page.htm'); } elseif ($rec == 'insert') { if (empty($_POST['page_name'])) { $dou->dou_msg($_LANG['page_name'] . $_LANG['is_empty']); } // 上传banner生成 $name = date('Ymd'); for ($i = 0; $i < 6; $i++) { $name .= chr(mt_rand(97, 122)); } if (!empty($_FILES['banner']['name'])) { //检查是否上传了banner,如果没有上传则为空 $upfile = $img->upload_image('banner', $name); // 上传的文件域 $file = $banner_dir . $upfile; $img->to_file = true; $img->make_thumb($upfile, 140, 36); } else { $file = ""; } // CSRF防御令牌验证 $firewall->check_token($_POST['token'], 'page_add'); $sql = "INSERT INTO " . $dou->table('page') . " (id, unique_id, parent_id, page_name, content ,keywords, description, banner, type)" . " VALUES (NULL, '{$_POST['unique_id']}', '{$_POST['parent_id']}', '{$_POST['page_name']}', '{$_POST['content']}', '{$_POST['keywords']}', '{$_POST['description']}', '{$file}', '{$_POST['page_type']}')"; $dou->query($sql); $miid = mysql_insert_id(); $sql = "UPDATE " . $dou->table('page_images') . " SET page_id = '" . $miid . "' WHERE temp_num = '{$_POST['page_temp_num']}'"; //将新建页面时增加的图片链接上该页面生成的id号 $dou->query($sql);
* +---------------------------------------------------------- * 系统设置数据更新 * +---------------------------------------------------------- */ if ($rec == 'update') { // 验证系统语言选择 if (!preg_match("/^[a-z_]+\$/", $_POST['language'])) { $dou->dou_msg($_LANG['language_wrong'], 'system.php'); } // 上传图片生成 if ($_FILES['site_logo']['name'] != "") { $logo_dir = ROOT_PATH . "theme/" . $_CFG['site_theme'] . "/images/"; // logo上传路径,结尾加斜杠 $logo = new Upload($logo_dir, ''); // 实例化类文件 $upfile = $logo->upload_image('site_logo', 'logo'); // 上传的文件域 $_POST['site_logo'] = $upfile; } // CSRF防御令牌验证 $firewall->check_token($_POST['token'], 'system'); foreach ($_POST as $name => $value) { if (is_array($value)) { $value = serialize($value); } $sql = "UPDATE " . $dou->table('config') . " SET value = '{$value}' WHERE name = '{$name}'"; $dou->query($sql); } $dou->create_admin_log($_LANG['system'] . ': ' . $_LANG['edit_succes']); $dou->dou_msg($_LANG['edit_succes'], 'system.php'); }
$smarty->assign('token', $firewall->set_token('product_add')); // 赋值给模板 $smarty->assign('form_action', 'insert'); $smarty->assign('product_category', $dou->get_category_nolevel('product_category')); $smarty->assign('product', $product); $smarty->display('product.htm'); } elseif ($rec == 'insert') { if (empty($_POST['name'])) { $dou->dou_msg($_LANG['name'] . $_LANG['is_empty']); } if (!$check->is_price($_POST['price'] = trim($_POST['price']))) { $dou->dou_msg($_LANG['price_wrong']); } // 判断是否有上传图片/上传图片生成 if ($_FILES['image']['name'] != '') { $upfile = $img->upload_image('image', $id); // 上传的文件域 $file = $images_dir . $upfile; $img->make_thumb($upfile, $_CFG['thumb_width'], $_CFG['thumb_height']); } $add_time = time(); // 格式化自定义参数 $_POST['defined'] = str_replace("\r\n", ',', $_POST['defined']); // CSRF防御令牌验证 $firewall->check_token($_POST['token'], 'product_add'); $sql = "INSERT INTO " . $dou->table('product') . " (id, cat_id, name, price, defined, content, image ,keywords, add_time, description)" . " VALUES (NULL, '{$_POST['cat_id']}', '{$_POST['name']}', '{$_POST['price']}', '{$_POST['defined']}', '{$_POST['content']}', '{$file}', '{$_POST['keywords']}', '{$add_time}', '{$_POST['description']}')"; $dou->query($sql); // 为了产品图片管理方便,重新以产品ID定义图片名称 if ($_FILES['image']['name'] != '') { // 格式化图片名称 $good_id = mysql_insert_id();
$smarty->assign('token', $firewall->set_token('product_add')); // 赋值给模板 $smarty->assign('form_action', 'insert'); $smarty->assign('product_category', $dou->get_category_nolevel('product_category')); $smarty->assign('product', $product); $smarty->display('product.htm'); } elseif ($rec == 'insert') { if (empty($_POST['name'])) { $dou->dou_msg($_LANG['name'] . $_LANG['is_empty']); } if (!$check->is_price($_POST['price'] = trim($_POST['price']))) { $dou->dou_msg($_LANG['price_wrong']); } // 判断是否有上传图片/上传图片生成 if ($_FILES['image']['name'] != '') { $upfile = $img->upload_image('image', $dou->auto_id('product')); // 上传的文件域 $file = $images_dir . $upfile; $img->make_thumb($upfile, $_CFG['thumb_width'], $_CFG['thumb_height']); } $add_time = time(); // 格式化自定义参数 $_POST['defined'] = str_replace("\r\n", ',', $_POST['defined']); // CSRF防御令牌验证 $firewall->check_token($_POST['token'], 'product_add'); $sql = "INSERT INTO " . $dou->table('product') . " (id, cat_id, name, price, defined, content, image ,keywords, add_time, description)" . " VALUES (NULL, '{$_POST['cat_id']}', '{$_POST['name']}', '{$_POST['price']}', '{$_POST['defined']}', '{$_POST['content']}', '{$file}', '{$_POST['keywords']}', '{$add_time}', '{$_POST['description']}')"; $dou->query($sql); $dou->create_admin_log($_LANG['product_add'] . ': ' . $_POST['name']); $dou->dou_msg($_LANG['product_add_succes'], 'product.php'); } elseif ($rec == 'edit') { $smarty->assign('ur_here', $_LANG['product_edit']);