function move_attachment($entity, $entityID)
{
move_attachment($entity, $entityID);
}
$client->set_value("clientModifiedTime", date("Y-m-d"));
$clientID = $client->get_id();
$client->set_values("client_");
if (!$client->get_id()) {
// New client.
$client->set_value("clientCreatedTime", date("Y-m-d"));
$new_client = true;
}
if (!$TPL["message"]) {
$client->save();
$clientID = $client->get_id();
$client->set_values("client_");
}
} else {
if ($_POST["save_attachment"]) {
move_attachment("client", $clientID);
alloc_redirect($TPL["url_alloc_client"] . "clientID=" . $clientID . "&sbs_link=attachments");
} else {
if ($_GET["get_vcard"]) {
$clientContact = new clientContact();
$clientContact->set_id($_GET["clientContactID"]);
$clientContact->select();
$clientContact->output_vcard();
return;
} else {
if ($_POST["delete"]) {
$client->read_globals();
$client->delete();
alloc_redirect($TPL["url_alloc_clientList"]);
} else {
$client->set_id($clientID);
if (isset($taskID)) {
// Displaying a record
$task->set_id($taskID);
$task->select();
// Creating a new record
} else {
$_POST["dateCreated"] = date("Y-m-d H:i:s");
$task->read_globals();
$taskID = $task->get_id();
if (has("project") && $task->get_value("projectID")) {
$project = $task->get_foreign_object("project");
}
}
// if someone uploads an attachment
if ($_POST["save_attachment"]) {
move_attachment("task", $taskID);
alloc_redirect($TPL["url_alloc_task"] . "taskID=" . $taskID . "&sbs_link=attachments");
}
// If saving a record
if ($_POST["save"] || $_POST["save_and_back"] || $_POST["save_and_new"] || $_POST["save_and_summary"] || $_POST["timeSheet_save"] || $_POST["close_task"]) {
$task->read_globals();
if ($_POST["close_task"]) {
$task->set_value("taskStatus", "closed_complete");
}
// If we're auto-nuking the pending tasks, we need to do that before the call to task->save()
if ($task->get_id() && !$_POST["pendingTasksIDs"]) {
$task->add_pending_tasks($_POST["pendingTasksIDs"]);
}
// Moved all validation over into task.inc.php save()
$success = $task->save();
count($msg) and $msg = "&message_good=" . urlencode(implode("<br>", $msg));
//多生成一张1:1的图片,方便标签调用
gdpic(ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}", "{$Newpicpath}.jpg.jpg", $picWidth ? $picWidth : 300, $picWidth ? $picWidth : 300, $webdb[autoCutSmallPic] ? array('fix' => 1) : '');
gdpic(ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}", $Newpicpath, $picWidth ? $picWidth : 300, $picHeight ? $picHeight : 225, $webdb[autoCutSmallPic] ? array('fix' => 1) : '');
if (file_exists($Newpicpath)) {
$postdb[picurl] = $smallpic;
//FTP上传文件到远程服务器
if ($webdb[ArticleDownloadUseFtp]) {
ftp_upfile($Newpicpath, $postdb[picurl]);
}
}
} else {
if (file_exists(ROOT_PATH . "{$webdb['updir']}/{$post_picurl}.jpg")) {
move_attachment($lfjuid, tempdir("{$post_picurl}.jpg"), $downloadDIR, 'small');
}
if (file_exists(ROOT_PATH . "{$webdb['updir']}/{$post_picurl}.jpg.jpg")) {
move_attachment($lfjuid, tempdir("{$post_picurl}.jpg.jpg"), $downloadDIR, 'small');
}
}
}
//FTP上传文件到远程服务器
if ($webdb[ArticleDownloadUseFtp] && $file_db) {
foreach ($file_db as $key => $value) {
if (is_file(ROOT_PATH . "{$webdb['updir']}/{$value}")) {
ftp_upfile(ROOT_PATH . "{$webdb['updir']}/{$value}", $value);
}
}
}
//如果系统设置自动提取关键字的话,只有当用户没设置关键字,才自动提取.
if ($job == 'postnew' && $webdb[autoGetKeyword] && !$postdb[keywords]) {
$postdb[keywords] = keyword_ck($postdb[keywords], $postdb[title]);
}
}
}
// Displaying a record
$project->set_id($projectID);
$project->select() || alloc_error("Could not load project {$projectID}");
} else {
// Creating a new record
$project->read_globals();
$projectID = $project->get_id();
$project->select();
}
// Comments
$TPL["comment_buttons"] = "<input type=\"submit\" name=\"comment_save\" value=\"Save Comment\">";
// if someone uploads an attachment
if ($_POST["save_attachment"]) {
move_attachment("project", $projectID);
alloc_redirect($TPL["url_alloc_project"] . "projectID=" . $projectID . "&sbs_link=attachments");
}
$project->set_values("project_");
$db = new db_alloc();
$clientID = $project->get_value("clientID") or $clientID = $_GET["clientID"];
$client = new client();
$client->set_id($clientID);
$client->select();
$client->set_tpl_values("client_");
// If a client has been chosen
if ($clientID) {
$query = prepare("SELECT * \n FROM clientContact\n WHERE clientContact.clientID = %d AND clientContact.primaryContact = true", $clientID);
$db->query($query);
$cc = new clientContact();
$cc->read_db_record($db);
function query_article_module($mid, $type, $post_db, $basedb)
{
global $db, $pre;
extract($basedb);
if (!($fidDB = $db->get_one("SELECT * FROM {$pre}article_module WHERE id='{$mid}'"))) {
return;
}
$m_config = unserialize($fidDB[config]);
foreach ($m_config[field_db] as $key => $rs) {
if ($rs[mustfill] == 1) {
if (is_array($post_db[$rs[field_name]])) {
$ckk = '';
foreach ($post_db[$rs[field_name]][url] as $Url) {
if ($Url) {
$ckk++;
}
}
if (!$ckk && !$post_db[$rs[field_name]][0]) {
showerr("{$rs[title]}不能为空");
}
} elseif (!$post_db[$rs[field_name]]) {
showerr("{$rs[title]}不能为空");
}
}
if (($rs[mustfill] == 2 || $rs[form_type] == 'pingfen') && $post_db[$rs[field_name]]) {
showerr("{$rs[title]}不能私自提交内容");
}
if ($rs[field_type] == 'int' && $post_db[$rs[field_name]] && !ereg("^[0-9]+\$", $post_db[$rs[field_name]])) {
showerr("{$rs[title]}只能为数字");
}
if ($rs[field_type] == 'varchar') {
$rs[field_leng] = $rs[field_leng] ? $rs[field_leng] : 255;
if (strlen($post_db[$rs[field_name]]) > $rs[field_leng]) {
showerr("{$rs[title]}不能超过{$rs[field_leng]}个字符,一个汉字等于两个字符");
}
}
if ($rs[field_type] == 'int') {
$rs[field_leng] = $rs[field_leng] ? $rs[field_leng] : 10;
if (strlen($post_db[$rs[field_name]]) > $rs[field_leng]) {
showerr("{$rs[title]}不能超过{$rs[field_leng]}个字符");
}
}
if ($rs[form_type] == 'upmoremv') {
unset($_array);
foreach ($post_db[$rs[field_name]][url] as $key => $value) {
if (!$value) {
continue;
}
$_array[] = "{$value}@@@{$post_db[$rs[field_name]][name][$key]}@@@{$post_db[$rs[field_name]][fen][$key]}@@@{$post_db[$rs[field_name]][type][$key]}";
}
$post_db[$rs[field_name]] = implode("\n", $_array);
}
if ($rs[form_type] == 'upmorefile' || $rs[form_type] == 'upmorepic') {
unset($_array);
foreach ($post_db[$rs[field_name]][url] as $key => $value) {
if (!$value) {
continue;
}
$_array[] = "{$value}@@@{$post_db[$rs[field_name]][name][$key]}@@@{$post_db[$rs[field_name]][fen][$key]}";
}
$post_db[$rs[field_name]] = implode("\n", $_array);
}
if ($rs[form_type] == 'upplay') {
unset($_array);
foreach ($post_db[$rs[field_name]][url] as $key => $value) {
if (!$value) {
continue;
}
$_array[] = "{$value}@@@{$post_db[$rs[field_name]][type][$key]}";
}
$post_db[$rs[field_name]] = implode("\n", $_array);
}
}
if ($type == '') {
return;
}
foreach ($m_config[is_html] as $key => $value) {
$post_db[$key] = str_replace("<img ", "<img onload=\\'if(this.width>600)makesmallpic(this,600,800);\\' ", $post_db[$key]);
//图片目录转移
$post_db[$key] = move_attachment($uid, $post_db[$key], "article/{$fid}");
//获取远程图片
//$post_db[$key]=get_outpic($post_db[$key],$GetOutPic);
$post_db[$key] = En_TruePath($post_db[$key]);
$post_db[$key] = preg_replace('/javascript/i', 'java script', $post_db[$key]);
//过滤js代码
$post_db[$key] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $post_db[$key]);
//过滤框架代码
}
$_array = array_flip($m_config[is_html]);
foreach ($post_db as $key => $value) {
if (is_array($value)) {
$post_db[$key] = implode("/", $value);
} elseif (!@in_array($key, $_array)) {
$post_db[$key] = filtrate($value);
}
}
unset($sqldb);
if ($type == 'add') {
$sqldb['aid'] = "aid='{$aid}'";
$sqldb['rid'] = "rid='{$rid}'";
$sqldb['fid'] = "fid='{$fid}'";
$sqldb['uid'] = "uid='{$uid}'";
$array = table_field("{$pre}article_content_{$fidDB['id']}");
foreach ($array as $key => $value) {
if (in_array($value, array('aid', 'rid', 'fid', 'uid', 'id'))) {
continue;
}
isset($post_db[$value]) && ($sqldb["{$value}"] = "`{$value}`='{$post_db[$value]}'");
}
$sql = implode(",", $sqldb);
$sql && $db->query("INSERT INTO `{$pre}article_content_{$mid}` SET {$sql}");
} elseif ($type == 'edit') {
$array = table_field("{$pre}article_content_{$mid}");
foreach ($array as $key => $value) {
//if(in_array($value,array('aid','rid','fid','uid','id')))
//{
// continue;
//}
if (!$m_config[field_db][$value]) {
continue;
//非用户自定义字段,如一些点击率之类的字段,就不能更新
}
//isset($post_db[$value]) &&
$sqldb[] = "`{$value}`='{$post_db[$value]}'";
}
$sql = implode(",", $sqldb);
$sql && $db->query("UPDATE `{$pre}article_content_{$fidDB['id']}` SET fid='{$basedb['fid']}',{$sql} WHERE id='{$i_id}' ");
}
}
if (!$photodb) {
showmsg("请上传一张图片");
}
if (!$postdb[fid]) {
showmsg("请选择一个栏目");
}
$aidDB = '';
$ck = 0;
unset($aiddb);
$II = 1;
$fidDB = $db->get_one(" SELECT * FROM {$pre}sort WHERE fid='{$postdb['fid']}' ");
$fidDB[type] != 0 && showerr("你只能选择子栏目发表内容!");
$fname = $fidDB[name];
foreach ($photodb as $key => $photo) {
//图片目录转移
move_attachment($userdb[uid], tempdir($photo), "article/{$postdb['fid']}");
if (file_exists(ROOT_PATH . "{$webdb['updir']}/article/{$postdb['fid']}/" . basename($photo))) {
$photo = "article/{$postdb['fid']}/" . basename($photo);
}
if ($batch == 0) {
$postdb[title] = $namedb[$key];
} else {
$postdb[title] = $title;
}
if (!$postdb[picurl] && $webdb[if_gdimg]) {
$smallpic = str_replace(".", "_", $photo) . ".gif";
$Newpicpath = ROOT_PATH . "{$webdb['updir']}/{$smallpic}";
gdpic(ROOT_PATH . "{$webdb['updir']}/{$photo}", $Newpicpath, 200, 150);
if (file_exists($Newpicpath)) {
$postdb[picurl] = "{$smallpic}";
} else {
function checkpost($field_db, &$postdb, $rsdb = '')
{
foreach ($field_db as $key => $rs) {
//检查必填项目
if ($rs[mustfill] == 1) {
if (is_array($postdb[$rs[field_name]])) {
if (implode('', $postdb[$rs[field_name]]) === '') {
showerr("{$rs['title']},你必须选择一项");
}
} elseif ($postdb[$rs[field_name]] === '' || !isset($postdb[$rs[field_name]])) {
showerr("{$rs['title']},不能为空");
}
}
//检查是否是整数
if ($rs[field_type] == 'int' && $postdb[$rs[field_name]] && !ereg("^[-0-9]+\$", $postdb[$rs[field_name]])) {
showerr("{$rs['title']} 必须为整数");
}
//检查是否超出字数
if ($rs[field_type] == 'varchar') {
$rs[field_leng] = $rs[field_leng] ? $rs[field_leng] : 255;
if (strlen($postdb[$rs[field_name]]) > $rs[field_leng]) {
showerr("{$rs['title']} 不能超过 {$rs[field_leng]} 个字");
}
}
if ($rs[field_type] == 'int') {
$rs[field_leng] = $rs[field_leng] ? $rs[field_leng] : 10;
if (strlen($postdb[$rs[field_name]]) > $rs[field_leng]) {
showerr("{$rs['title']} 不能超过 {$rs[field_leng]} 个字");
}
}
if ($rs[form_type] == 'upmorefile' || $rs[form_type] == 'upmorepic') {
//修改的时候
$array = array();
if ($rsdb[$rs[field_name]]) {
$detail = explode("\n", $rsdb[$rs[field_name]]);
foreach ($detail as $value) {
$d = explode("@@@", $value);
$array[] = $d[0];
}
}
foreach ($postdb[$rs[field_name]][url] as $key => $value) {
if (!$value) {
continue;
}
//修改的时候.就不需要
if (!@in_array($value, $array)) {
//$this->cut_img($value,$postdb); //裁个小图出来
//$this->img_water($value); //加水印
}
//标题介绍图
if (!$postdb[picurl]) {
$postdb[picurl] = $value;
$postdb[ispic] = 1;
}
$_array[] = "{$value}@@@{$postdb[$rs[field_name]][name][$key]}@@@{$postdb[$rs[field_name]][fen][$key]}";
}
$postdb[$rs[field_name]] = implode("\n", $_array);
}
if ($rs[form_type] == 'ieedit' || $rs[form_type] == 'ieeditsimp') {
global $lfjdb, $_pre;
$postdb[$key] = str_replace("<img ", "<img onload=\\'if(this.width>600)makesmallpic(this,600,800);\\' ", $postdb[$key]);
$postdb[$key] = move_attachment($lfjdb[uid], $postdb[$key], "{$_pre}/" . date("W"));
$postdb[$key] = En_TruePath($postdb[$key]);
//过滤js代码
$postdb[$key] = preg_replace('/javascript/i', 'java script', $postdb[$key]);
//过滤框架代码
$postdb[$key] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $postdb[$key]);
} elseif ($rs[form_type] == 'classdb') {
$postdb[$key] = filtrate(implode("/#/", $postdb[$key]));
} else {
if (is_array($postdb[$key])) {
$postdb[$key] = implode("/", $postdb[$key]);
}
//过滤不安全的字符
$postdb[$key] = filtrate($postdb[$key]);
}
if (strlen($postdb[$key]) > 30000) {
showerr("内容不能大于1.5万个汉字");
}
}
}
$postdb[picurl] = str_replace(".", "_", $file_db[0]) . '.gif';
$Newpicpath = ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}";
gdpic(ROOT_PATH . "{$webdb['updir']}/{$file_db['0']}", $Newpicpath, 200, 150);
if (!file_exists($Newpicpath)) {
$postdb[picurl] = $file_db[0];
}
}
}
}
if ($postdb[picurl]) {
$postdb[ispic] = 1;
} else {
$postdb[ispic] = 0;
}
//图片目录转移
$postdb[content] = move_attachment($lfjdb[uid], $postdb[content], "{$_pre}/{$fid}");
//获取远程图片
$postdb[content] = get_outpic($postdb[content], $fid, $GetOutPic);
$postdb[content] = En_TruePath($postdb[content]);
$postdb[content] = preg_replace('/javascript/i', 'java script', $postdb[content]);
//过滤js代码
$postdb[content] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $postdb[content]);
//过滤框架代码
foreach ($postdb as $key => $value) {
if ($key == 'content') {
continue;
}
$postdb[$key] = filtrate($value);
}
$db->query("UPDATE `{$_pre}content` SET title='{$postdb['title']}',keywords='{$postdb['keywords']}',picurl='{$postdb['picurl']}',ispic='{$postdb['ispic']}',city_id='{$city_id}',iframeurl='{$postdb['iframeurl']}',jumpurl='{$postdb['jumpurl']}',author='{$postdb['author']}',copyfrom='{$postdb['copyfrom']}',copyfromurl='{$postdb['copyfromurl']}' WHERE id='{$id}'");
$db->query("UPDATE `{$_pre}content_1` SET content='{$postdb['content']}' WHERE id='{$id}'");
} else {
if ($_POST["invoiceItem_delete"]) {
$invoiceItem->select();
$invoiceItem->delete();
$TPL["message_good"][] = "Invoice Item deleted.";
alloc_redirect($TPL["url_alloc_invoice"] . "invoiceID=" . $invoiceID);
}
}
}
// Displaying a record
$invoice->set_id($invoiceID);
$invoice->select();
// if someone uploads an attachment
} else {
if ($_POST["save_attachment"]) {
move_attachment("invoice", $invoiceID);
$TPL["message_good"][] = "Attachment saved.";
alloc_redirect($TPL["url_alloc_invoice"] . "invoiceID=" . $invoiceID);
}
}
}
}
if ($invoiceID && $invoiceItemIDs) {
$currency = $invoice->get_value("currencyTypeID");
$q = prepare("SELECT SUM(IF((iiTax IS NULL OR iiTax = 0) AND value,\n (value/100+1) * iiAmount * pow(10,-currencyType.numberToBasic),\n iiAmount * pow(10,-currencyType.numberToBasic)\n )) as sum_iiAmount\n FROM invoiceItem \n LEFT JOIN invoice on invoiceItem.invoiceID = invoice.invoiceID\n LEFT JOIN currencyType on invoice.currencyTypeID = currencyType.currencyTypeID\n LEFT JOIN config ON config.name = 'taxPercent'\n WHERE invoiceItem.invoiceID = %d", $invoiceID);
$db->query($q);
$db->next_record() and $TPL["invoiceTotal"] = page::money($currency, $db->f("sum_iiAmount"), "%S%m %c");
$q = prepare("SELECT sum(amount * pow(10,-currencyType.numberToBasic)) as sum_transaction_amount\n FROM transaction \n LEFT JOIN currencyType on transaction.currencyTypeID = currencyType.currencyTypeID\n WHERE status = 'approved' \n AND invoiceItemID in (%s)", $invoiceItemIDs);
$db->query($q);
$db->next_record() and $TPL["invoiceTotalPaid"] = page::money($currency, $db->f("sum_transaction_amount"), "%S%m %c");
}
showerr("名称不能为空");
} elseif (!$postdb[fid]) {
showerr("分类不能为空");
}
if (strlen($postdb[title]) > 150) {
showerr("名称不能大于150个字节");
} elseif (strlen($postdb[content]) > 10000) {
showerr("内容不能大于10000个字节");
}
if ($postdb[picurl] && !eregi("(jpg|gif|png)\$", $postdb[picurl])) {
showerr("封面只能是JPG,PNG,GIF格式的图片");
}
/*缩略图处理*/
if ($postdb[picurl] && !strstr($postdb[picurl], "http://")) {
//图片目录转移
move_attachment($lfjdb[uid], tempdir($postdb[picurl]), "special/{$postdb['fid']}");
if (file_exists(ROOT_PATH . "{$webdb['updir']}/special/{$postdb['fid']}/" . basename($postdb[picurl]))) {
$postdb[picurl] = "special/{$postdb['fid']}/" . basename($postdb[picurl]);
}
$water_info = getimagesize(ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}");
if ($webdb[if_gdimg] && $water_info[0] > 150) {
gdpic(ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}", ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}", 200, 150);
}
}
$postdb[title] = filtrate($postdb[title]);
$postdb[content] = filtrate($postdb[content]);
$postdb[picurl] = filtrate($postdb[picurl]);
$postdb[banner] = filtrate($postdb[banner]);
$postdb[allowpost] = @implode(",", $postdb[allowpost]);
}
}
if ($rs[form_type] == 'upmorefile') {
unset($_array);
foreach ($postdb[$rs[field_name]][url] as $key => $value) {
if (!$value) {
continue;
}
$_array[] = "{$value}@@@{$postdb[$rs[field_name]][name][$key]}@@@{$postdb[$rs[field_name]][fen][$key]}";
}
$postdb[$rs[field_name]] = implode("\n", $_array);
}
}
/*对使用了在线编辑器的字段提交的附件地址作处理*/
foreach ($m_config[is_html] as $key => $value) {
$postdb[$key] = str_replace("<img ", "<img onload=\\'if(this.width>600)makesmallpic(this,600,800);\\' ", $postdb[$key]);
//图片目录转移
$postdb[$key] = move_attachment($lfjdb[uid], $postdb[$key], "{$form}");
//获取远程图片
$postdb[$key] = get_out_pic($postdb[$key], $GetOutPic);
$postdb[$key] = En_TruePath($postdb[$key]);
$postdb[$key] = preg_replace('/javascript/i', 'java script', $postdb[$key]);
//过滤js代码
$postdb[$key] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $postdb[$key]);
//过滤框架代码
}
$_array = array_flip($m_config[is_html]);
/**
*提交的内容如果是复选框,就要做处理,如果不是在线编辑器的,也要做过滤,显然,使用在线编辑器是有危险的
**/
foreach ($postdb as $key => $value) {
if (is_array($value)) {
$postdb[$key] = implode("/", $value);
$backup->backup();
}
if ($_POST["restore_backup"]) {
$backup->backup();
if ($backup->restore($_POST["file"])) {
$TPL["message_good"][] = "Backup restored successfully: " . $_POST["file"];
$TPL["message_good"][] = "You will now need to manually import the installation/db_triggers.sql file into your database. THIS IS VERY IMPORTANT.";
} else {
alloc_error("Error restoring backup: " . $_POST["file"]);
}
}
if ($_POST["delete_backup"]) {
# Can't go through the normal del_attachments thing because this isn't a real entity
$file = $_POST["file"];
if (bad_filename($file)) {
alloc_error("File delete error: Name contains slashes.");
}
$path = ATTACHMENTS_DIR . "backups" . DIRECTORY_SEPARATOR . "0" . DIRECTORY_SEPARATOR . $file;
if (!is_file($path)) {
alloc_error("File delete error: Not a file.");
}
if (dirname(ATTACHMENTS_DIR . "backups" . DIRECTORY_SEPARATOR . "0" . DIRECTORY_SEPARATOR . ".") != dirname($path)) {
alloc_error("File delete error: Bad path.");
}
unlink($path);
}
if ($_POST["save_attachment"]) {
move_attachment("backups", 0);
}
$TPL["main_alloc_title"] = "Database Backups - " . APPLICATION_NAME;
include_template("templates/backupM.tpl");
