if(empty($emailfield)) $email = ''; else $email = addslashes($row[$emailfield]); if(empty($sexfield)) $sex = ''; else{ $sex = $row[$sexfield]; if($sex==$sexman) $sex = '男'; else if($sex==$sexwoman) $sex = '女'; else $sex = ''; } $ntime = time(); $inQuery = " INSERT INTO #@__member(userid,pwd,uname,sex,birthday,membertype,money, weight,height,job,province,city,myinfo,tel,oicq,email,homepage, jointime,joinip,logintime,loginip,showaddr,address) VALUES ('$userid','$pwd','$uname','$sex','0000-00-00','10','0', '0','0','','0','0','','','','$email','','$ntime','$loginip','$ntime','','0','');"; $rs = $dsql2->ExecuteNoneQuery($inQuery); if($rs) $c++; } $dsql->Close(); $dsql2->Close(); ShowMsg("成功导入 ".$c." 条数据!","javascript:;"); exit(); } ClearAllLink(); ?>
if (empty($bcatid)) { $bcatid = 0; } if (empty($booktype)) { $booktype = 0; } $addtime = time(); //处理上传的缩略图 if (!isset($isremote)) { $isremote = 0; } $bigpic = UploadOneImage('imgfile', $imgurl, $isremote); $adminID = $cuserLogin->getUserID(); //---------------------------------- $inQuery = "\n UPDATE `#@__story_content` SET `title`='{$title}',`bookname`='{$bookname}',\n `chapterid`='{$chapterid}',`sortid`='{$sortid}',`bigpic`='{$bigpic}'\n WHERE id='{$cid}'\n"; if (!$dsql->ExecuteNoneQuery($inQuery)) { ShowMsg("把数据保存到数据库时出错,请检查!" . str_repolace("'", "`", $dsql->GetError() . $inQuery), "-1"); $dsql->Close(); exit; } $arcID = $cid; //生成HTML //--------------------------------- //$artUrl = MakeArt($arcID,true); if (empty($artcontentUrl)) { $artcontentUrl = ""; } if ($artcontentUrl == "") { $artcontentUrl = $cfg_mainsite . $cfg_cmspath . "/book/show-photo.php?id={$arcID}&bookid={$bookid}&chapterid={$chapterid}"; } require_once DEDEROOT . '/book/include/story.view.class.php';
$voteitems = ""; $j=0; for($i=1;$i<=15;$i++) { if(!empty(${"voteitem".$i})){ $j++; $voteitems .= "<v:note id=\\'$j\\' count=\\'0\\'>".${"voteitem".$i}."</v:note>\r\n"; } } $dsql = new DedeSql(false); $inQuery = " insert into #@__vote(votename,starttime,endtime,totalcount,ismore,votenote) Values('$votename','$starttime','$endtime','0','$ismore','$voteitems'); "; $dsql->SetQuery($inQuery); if(!$dsql->ExecuteNoneQuery()) { $dsql->Close(); ShowMsg("增加投票失败,请检查数据是否非法!","-1"); exit(); } $dsql->Close(); ShowMsg("成功增加一组投票!","vote_main.php"); exit(); } $startDay = time(); $endDay = AddDay($startDay,30); $startDay = GetDateTimeMk($startDay); $endDay = GetDateTimeMk($endDay); require_once(dirname(__FILE__)."/templets/vote_add.htm");
function checkUser($username,$userpwd) { //只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符 $this->userName = ereg_replace("[^0-9a-zA-Z_@\!\.-]",'',$username); $this->userPwd = ereg_replace("[^0-9a-zA-Z_@\!\.-]",'',$userpwd); $pwd = substr(md5($this->userPwd),0,24); $dsql = new DedeSql(false); $dsql->SetQuery("Select * From #@__admin where userid='".$this->userName."' limit 0,1"); $dsql->Execute(); $row = $dsql->GetObject(); if(!isset($row->pwd)){ $dsql->Close(); return -1; } else if($pwd!=$row->pwd){ $dsql->Close(); return -2; } else{ $loginip = GetIP(); $this->userID = $row->ID; $this->userType = $row->usertype; $this->userChannel = $row->typeid; $this->userName = $row->uname; $groupSet = $dsql->GetOne("Select * From #@__admintype where rank='".$row->usertype."'"); $this->userPurview = $groupSet['purviews']; $dsql->SetQuery("update #@__admin set loginip='$loginip',logintime='".strftime("%Y-%m-%d %H:%M:%S",time())."' where ID='".$row->ID."'"); $dsql->ExecuteNoneQuery(); $dsql->Close(); return 1; } }
<?php require(dirname(__FILE__)."/config.php"); CheckPurview('sys_MakeHtml'); $dsql = new DedeSql(false); $cids = ''; $dsql->SetQuery("Select ID From `#@__channeltype` "); $dsql->Execute(); while($row = $dsql->GetArray()) { $cids .= ($cids=='' ? $row[0] : ','.$row[0]); } if($cids!='') { $rs = $dsql->ExecuteNoneQuery("Delete From `#@__arctype` where NOT (channeltype in ($cids));"); if($rs>0){ $dsql->ExecuteNoneQuery("OPTIMIZE TABLE `#@__arctype`;"); UpDateCatCache($dsql); } $rs = $dsql->ExecuteNoneQuery("Delete From `#@__full_search` where NOT (channeltype in ($cids));"); if($rs>0) $dsql->ExecuteNoneQuery("OPTIMIZE TABLE `#@__full_search`;"); $rs = $dsql->ExecuteNoneQuery("Delete From `#@__archives` where NOT (channel in ($cids));"); if($rs>0) $dsql->ExecuteNoneQuery("OPTIMIZE TABLE `#@__archives`;"); $rs = $dsql->ExecuteNoneQuery("Delete From `#@__archivesspec` where NOT (channel in ($cids));"); if($rs>0) $dsql->ExecuteNoneQuery("OPTIMIZE TABLE `#@__archivesspec`;"); }
//-------------------------------------------------------- //签名正确 if ($digest == $signMsg && $mState == 2) { $OrderInfo = HexToStr($OrderInfo); if ($newmd5info == $myDigest) { $dsql = new DedeSql(false); //获取订单信息,检查订单的有效性 $row = $dsql->GetOne("Select state From #@__shops_orders where oid='{$buyid}' "); if ($row['state'] > 0) { $msg = "付款已经完成!,系统返回信息( {$buyid} ) <br><br> <a href='control.php'>返回主页</a> "; ShowMsg($msg, "javascript:;"); $dsql->Close(); exit; } $sql = "UPDATE `#@__shops_orders` SET `state`='1' WHERE `oid`='{$buyid}' AND `userid`='" . $cfg_ml->M_ID . "';"; if ($dsql->ExecuteNoneQuery($sql)) { $dsql->Close(); ShowMsg("支付成功!", "javascript:;"); exit; } else { $dsql->Close(); ShowMsg("支付失败", "javascript:;"); exit; } } else { ShowMsg("交易密钥错误,请与管理员联系!", $burl); exit; } } else { ShowMsg("交易密钥错误,请与管理员联系!", $burl); exit;
CheckPurview('co_EditNote'); require_once(dirname(__FILE__)."/../include/pub_dedetag.php"); $dtp = new DedeTagParse(); $dbnotes = $notes; $notes = stripslashes($notes); $dtp->LoadString($notes); if(!is_array($dtp->CTags)){ ShowMsg("该规则不合法,无法保存!","-1"); $dsql->Close(); exit(); } $ctag = $dtp->GetTagByName("item"); $query = " Update #@__conote set typeid='".$ctag->GetAtt('typeid')."', gathername='".$ctag->GetAtt('name')."', language='".$ctag->GetAtt('language')."', lasttime=0, savetime='".time()."', noteinfo='".$dbnotes."' where nid = $nid; "; $dsql = new DedeSql(false); $rs = $dsql->ExecuteNoneQuery($query); $dsql->Close(); ShowMsg("成功保存规则!","co_main.php"); exit(); } ClearAllLink(); ?>
function CheckUser($loginuser,$loginpwd) { if(!TestStringSafe($loginuser)||!TestStringSafe($loginpwd)) { ShowMsg("用户名或密码不合法!","-1"); exit(); } $loginuser = ereg_replace("[;%'\\\?\*\$]","",$loginuser); $dsql = new DedeSql(false); $row = $dsql->GetOne("Select ID,pwd From #@__member where userid='$loginuser' "); if(is_array($row)) //用户存在 { //密码错误 if($row['pwd'] != $loginpwd){ return -1; } else{ //成功登录 $dsql->ExecuteNoneQuery("update #@__member set logintime='".time()."',loginip='".GetIP()."' where ID='{$row['ID']}';"); $dsql->Close(); $this->PutLoginInfo($row['ID']); $this->FushCache(); return 1; } }else{ //用户不存在 return 0; } }
$dsql->Close(); exit(); } else if($action=='save') { if(!is_array($tasks)){ ShowMsg("你没选择需要操作的任务!","-1"); exit(); } if(empty($rmpwd)){ ShowMsg("远程管理密码不能为空!","-1"); exit(); } if(eregi("[^0-9a-z@!]",$rmpwd)){ ShowMsg("远程管理密码只能由 a-z 0-9 ! @ # 几种字符组成!","-1"); exit(); } if(empty($startid)) $startid = 0; if(empty($endid)) $endid = 0; if(empty($typeid)) $typeid = 0; $dsql->ExecuteNoneQuery("Delete From `#@__task`"); $taskss = ''; if(is_array($tasks)) foreach($tasks as $v) $taskss .= ($taskss=='' ? $v : ','.$v); $inQuery = "Insert Into `#@__task` ( `id` , `usermtools` , `rmpwd` , `tasks` , `typeid` , `startid` , `endid` , `nodes` , `dotime` , `degree` ) VALUES ('1','$usermtools','$rmpwd','$taskss','$typeid','$startid','$endid','$nodes','$dotime','$degree' ) ; "; $dsql->ExecuteNoneQuery($inQuery); ShowMsg("成功更新计划任务配置!","makehtml_task.php"); exit(); } ?>
if($action=='save') { if(!isset($fieldtypes[$dtype])){ ClearAllLink(); ShowMsg("你修改的是系统专用类型的数据,禁止操作!","-1"); exit(); } //检测数据库是否存在附加表,不存在则新建一个 $tabsql = "CREATE TABLE IF NOT EXISTS `{$row['addtable']}`( `aid` int(11) NOT NULL default '0',\r\n `typeid` int(11) NOT NULL default '0',\r\n "; if($mysql_version < 4.1) $tabsql .= " PRIMARY KEY (`aid`), KEY `".$trueTable."_index` (`typeid`)\r\n) TYPE=MyISAM; "; else $tabsql .= " PRIMARY KEY (`aid`), KEY `".$trueTable."_index` (`typeid`)\r\n) ENGINE=MyISAM DEFAULT CHARSET=".$cfg_db_language."; "; $dsql->ExecuteNoneQuery($tabsql); //检测附加表里含有的字段 $fields = array(); $rs = $dsql->SetQuery("show fields from `{$row['addtable']}`"); $dsql->Execute('a'); while($nrow = $dsql->GetArray('a',MYSQL_ASSOC)){ $fields[ strtolower($nrow['Field']) ] = $nrow['Type']; } //修改字段配置信息 $dfvalue = $vdefault; $isnull = ($isnull==1 ? "true" : "false"); $mxlen = $maxlength; $fieldname = strtolower($fname);
function UploadOneImage($upname,$handurl='',$ddisremote=1,$ntitle='') { global $cuserLogin,$cfg_basedir,$cfg_image_dir,$dsql,$title; if($ntitle!='') $title = $ntitle; $ntime = time(); $filename = ''; $isrm_up = false; $handurl = trim($handurl); //如果用户自行上传了图片 if(!empty($_FILES[$upname]['tmp_name']) && is_uploaded_file($_FILES[$upname]['tmp_name'])) { $istype = 0; $sparr = Array("image/pjpeg","image/jpeg","image/gif","image/png"); $_FILES[$upname]['type'] = strtolower(trim($_FILES[$upname]['type'])); if(!in_array($_FILES[$upname]['type'],$sparr)){ ShowMsg("上传的图片格式错误,请使用JPEG、GIF、PNG格式的其中一种!","-1"); exit(); } if(!empty($handurl) && !eregi("^http://",$handurl) && file_exists($cfg_basedir.$handurl) ){ if(!is_object($dsql)) $dsql = new DedeSql(); $dsql->ExecuteNoneQuery("Delete From #@__uploads where url like '$handurl' "); $fullUrl = eregi_replace("\.([a-z]*)$","",$handurl); }else{ $savepath = $cfg_image_dir."/".strftime("%Y-%m",$ntime); CreateDir($savepath); $fullUrl = $savepath."/".strftime("%d",$ntime).dd2char(strftime("%H%M%S",$ntime).'0'.$cuserLogin->getUserID().'0'.mt_rand(1000,9999)); } if(strtolower($_FILES[$upname]['type'])=="image/gif") $fullUrl = $fullUrl.".gif"; else if(strtolower($_FILES[$upname]['type'])=="image/png") $fullUrl = $fullUrl.".png"; else $fullUrl = $fullUrl.".jpg"; //保存 @move_uploaded_file($_FILES[$upname]['tmp_name'],$cfg_basedir.$fullUrl); $filename = $fullUrl; //水印 @WaterImg($imgfile,'up'); $isrm_up = true; } //远程或选择本地图片 else{ if($handurl=='') return ''; //远程图片并要求本地化 if($isremote==1 && eregi("^http://",$handurl)){ $ddinfos = GetRemoteImage($handurl,$cuserLogin->getUserID()); if(!is_array($ddinfos)) $litpic = ""; else $filename = $ddinfos[0]; $isrm_up = true; //本地图片或远程不要求本地化 }else{ $filename = $handurl; } } $imgfile = $cfg_basedir.$filename; if(is_file($imgfile) && $isrm_up && $filename!=''){ $info = ""; $imginfos = GetImageSize($imgfile,$info); //把新上传的图片信息保存到媒体文档管理档案中 $inquery = " INSERT INTO #@__uploads(title,url,mediatype,width,height,playtime,filesize,uptime,adminid,memberid) VALUES ('$title','$filename','1','".$imginfos[0]."','".$imginfos[1]."','0','".filesize($imgfile)."','".time()."','".$cuserLogin->getUserID()."','0'); "; $dsql = new DedeSql(false); $dsql->ExecuteNoneQuery($inquery); } return $filename; }
uname = '$uname', sex = '$sex', mybb = '$mybb', spacename = '$spacename', news = '$news' where ID='$ID'"; $query2 = "update #@__member_perinfo set uname = '$uname', sex = '$sex', birthday = '$birthday', weight = '$weight', height = '$height', job = '$job', province = '$province', city = '$city', myinfo = '$myinfo', oicq = '$oicq', tel = '$tel', homepage = '$homepage', fullinfo = '$fullinfo', address = '$address' where id='$ID'"; $dsql->ExecuteNoneQuery($query1); $dsql->ExecuteNoneQuery($query2); $dsql->Close(); ShowMsg("成功更改会员资料!",$ENV_GOBACK_URL); exit(); } ClearAllLink(); ?>
<?php require_once(dirname(__FILE__)."/config.php"); CheckPurview('sys_SoftConfig'); if(empty($dopost)) $dopost = ""; //保存 $dsql = new DedeSql(false); $upok = ''; if($dopost=="save") { $query = "UPDATE `#@__softconfig` SET downtype = '$downtype' , showlocal = '$showlocal', gotojump='$gotojump' , ismoresite = '$ismoresite',sites = '$sites'"; $dsql->SetQuery($query); $dsql->ExecuteNoneQuery(); $upok = "<font color='red'>成功保存更改!</font>"; } //读取参数 $row = $dsql->GetOne("select * From #@__softconfig"); if(!is_array($row)){ $dsql->ExecuteNoneQuery("INSERT INTO `#@__softconfig` ( `downtype` , `ismoresite` ,`showlocal` , `gotojump` , `sites` ) VALUES ('0', '0','0' , '0', '');"); $row['downtype']=1; $row['ismoresite']=0; $row['sites']=""; $row['gotojump']=0; } require_once(dirname(__FILE__)."/templets/soft_config.htm"); ClearAllLink(); ?>
$dsql->Close(); ShowMsg("操作成功,返回目录...","catalog_main.php"); exit(); } else if($dopost=="upRankAll") { //检查权限许可 CheckPurview('t_Edit'); $dsql = new DedeSql(false); $row = $dsql->GetOne("Select ID From #@__arctype order by ID desc"); if(is_array($row)) { $maxID = $row['ID']; for($i=1;$i<=$maxID;$i++){ if(isset(${'sortrank'.$i})){ $dsql->ExecuteNoneQuery("Update #@__arctype set sortrank='".(${'sortrank'.$i})."' where ID='{$i}';"); } } } $dsql->Close(); ShowMsg("操作成功,正在返回...","catalog_main.php"); exit(); } /*--------------------- 获取JS文件 function GetJs ----------------------*/ else if($dopost=="GetJs") { require_once(dirname(__FILE__)."/makehtml_js.php"); exit();
if(empty($tablename)) echo "没有指定表名!"; else{ $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute(); $row2 = $dsql->GetArray(); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } $dsql->Close(); exit(); } else if($dopost=="opimize") //优化表 { if(empty($tablename)) echo "没有指定表名!"; else{ $dsql->ExecuteNoneQuery("OPTIMIZE TABLE `$tablename` "); $dsql->Close(); echo "执行优化表: $tablename OK!"; } exit(); }else if($dopost=="repair") //修复表 { if(empty($tablename)) echo "没有指定表名!"; else{ $rs = $dsql->ExecuteNoneQuery("REPAIR TABLE `$tablename` "); $dsql->Close(); echo "修复表: $tablename OK!"; } exit(); }else if($dopost=="query") //执行SQL语句 {
$dsql->ExecuteNoneQuery("Delete From #@__story_content where chapterid='$cid' "); //更新图书记录 $row = $dsql->GetOne("Select count(id) as dd From #@__story_content where bookid='$bookid' "); $dsql->ExecuteNoneQuery("Update #@__story_books set postnum='{$row['dd']}' where id='$bookid' "); $dsql->Close(); ShowMsg("成功删除指定章节!",$ENV_GOBACK_URL); exit(); exit(); } /*--------------- function EditChapterAll() 批量修改章节 -------------------*/ else if($action=='upChapterSort') { if(isset($ids) && is_array($ids)) { $dsql = new DedeSql(); foreach($ids as $cid){ $chaptername = ${'chaptername_'.$cid}; $chapnum= ${'chapnum_'.$cid}; $dsql->ExecuteNoneQuery("Update #@__story_chapter set chaptername='$chaptername',chapnum='$chapnum' where id='$cid' "); } $dsql->Close(); } ShowMsg("成功更新指定章节信息!",$ENV_GOBACK_URL); exit(); } ClearAllLink(); ?>
/** * 上传一个未经处理的图片 * * @access public * @param string $upname 上传框名称 * @param string $handurl 手工填写的网址 * @param string $ddisremote 是否下载远程图片 0 不下, 1 下载 * @param string $ntitle 注解文字 如果表单有 title 字段可不管 * @return mixed */ function UploadOneImage($upname, $handurl = '', $isremote = 1, $ntitle = '') { global $cuserLogin, $cfg_basedir, $cfg_image_dir, $title, $dsql; if ($ntitle != '') { $title = $ntitle; } $ntime = time(); $filename = ''; $isrm_up = FALSE; $handurl = trim($handurl); //如果用户自行上传了图片 if (!empty($_FILES[$upname]['tmp_name']) && is_uploaded_file($_FILES[$upname]['tmp_name'])) { $istype = 0; $sparr = array("image/pjpeg", "image/jpeg", "image/gif", "image/png"); $_FILES[$upname]['type'] = strtolower(trim($_FILES[$upname]['type'])); if (!in_array($_FILES[$upname]['type'], $sparr)) { ShowMsg("上传的图片格式错误,请使用JPEG、GIF、PNG格式的其中一种!", "-1"); exit; } if (!empty($handurl) && !preg_match("#^http:\\/\\/#i", $handurl) && file_exists($cfg_basedir . $handurl)) { if (!is_object($dsql)) { $dsql = new DedeSql(); } $dsql->ExecuteNoneQuery("DELETE FROM `#@__uploads` WHERE url LIKE '{$handurl}' "); $fullUrl = preg_replace("#\\.([a-z]*)\$#i", "", $handurl); } else { $savepath = $cfg_image_dir . '/' . strftime("%Y-%m", $ntime); CreateDir($savepath); $fullUrl = $savepath . '/' . strftime("%d", $ntime) . dd2char(strftime("%H%M%S", $ntime) . '0' . $cuserLogin->getUserID() . '0' . mt_rand(1000, 9999)); } if (strtolower($_FILES[$upname]['type']) == "image/gif") { $fullUrl = $fullUrl . ".gif"; } else { if (strtolower($_FILES[$upname]['type']) == "image/png") { $fullUrl = $fullUrl . ".png"; } else { $fullUrl = $fullUrl . ".jpg"; } } //保存 @move_uploaded_file($_FILES[$upname]['tmp_name'], $cfg_basedir . $fullUrl); $filename = $fullUrl; //水印 @WaterImg($imgfile, 'up'); $isrm_up = TRUE; } else { if ($handurl == '') { return ''; } //远程图片并要求本地化 if ($isremote == 1 && preg_match("#^http:\\/\\/#i", $handurl)) { $ddinfos = GetRemoteImage($handurl, $cuserLogin->getUserID()); if (!is_array($ddinfos)) { $litpic = ""; } else { $filename = $ddinfos[0]; } $isrm_up = TRUE; //本地图片或远程不要求本地化 } else { $filename = $handurl; } } $imgfile = $cfg_basedir . $filename; if (is_file($imgfile) && $isrm_up && $filename != '') { $info = ""; $imginfos = GetImageSize($imgfile, $info); //把新上传的图片信息保存到媒体文档管理档案中 $inquery = "\n INSERT INTO #@__uploads(title,url,mediatype,width,height,playtime,filesize,uptime,mid)\n VALUES ('{$title}','{$filename}','1','" . $imginfos[0] . "','" . $imginfos[1] . "','0','" . filesize($imgfile) . "','" . time() . "','" . $cuserLogin->getUserID() . "');\n "; $dsql->ExecuteNoneQuery($inquery); } return $filename; }
<?php require_once(dirname(__FILE__)."/config.php"); CheckPurview('member_Pm'); require_once(dirname(__FILE__)."/../include/pub_datalist.php"); require_once(dirname(__FILE__)."/../include/inc_functions.php"); setcookie("ENV_GOBACK_URL",$dedeNowurl,time()+3600,"/"); if(!isset($folder)) $folder = ''; if(!isset($username)) $username = ''; if(!isset($keyword)) $keyword = ''; if(isset($dopost)){ $ID = ereg_replace("[^0-9]","",$ID); if($dopost=="del"&&!empty($ID)){ $db = new DedeSql(false); $db->ExecuteNoneQuery("DELETE FROM #@__pms WHERE pmid='$ID'"); $db->Close(); } } $whereSql = "WHERE folder='inbox' AND isadmin='0'"; if(!empty($folder)) $whereSql = "WHERE folder='$folder'"; $postuser = "******"; if($folder=="inbox"||$folder=='') $postuser = "******"; if(!empty($keyword)) $whereSql .= " AND (subject like '%".$keyword."%' OR message like '%".$keyword."%')"; if(!empty($username)) $whereSql .= " AND msgfrom like '%".$username."%'"; function GetFolders($me){
$v_md5str = trim($_POST['v_md5str']); $md5string = strtoupper(md5($v_oid . $v_pstatus . $v_amount . $v_moneytype . $key)); //拼凑加密串 if ($v_md5str == $md5string) { if ($v_pstatus == "20") { $dsql = new DedeSql(false); $buyid = $v_oid; //获取订单信息,检查订单的有效性 $row = $dsql->GetOne("Select * From #@__member_operation where buyid='{$buyid}' "); if (!is_array($row) || $row['sta'] == 2) { $oldinfo = $row['oldinfo']; } $mid = $row['mid']; $pid = $row['pid']; //更新交易状态为已付款 $dsql->ExecuteNoneQuery("Update #@__member_operation set sta=1 where buyid='{$buyid}' "); //------------------------------------------- //会员产品 //------------------------------------------- if ($row['product'] == 'member') { $row = $dsql->GetOne(" Select rank,exptime From #@__member_type where aid='{$row['pid']}' "); $rank = $row['rank']; $exptime = $row['exptime']; $equery = " Update #@__member set \r\n\t\t\t\t\t\t\t\t\tmembertype='{$rank}',exptime='{$exptime}',uptime='" . time() . "' where mid='{$mid}' "; $dsql->ExecuteNoneQuery($equery); //更新交易状态为已关闭 $dsql->ExecuteNoneQuery(" Update #@__member_operation set sta=2,oldinfo='会员升级成功!' where buyid='{$buyid}' "); $cfg_ml->FushCache(); $dsql->Close(); } else { if ($row['product'] == 'card') {
$attlist .= " type='"; foreach($types as $v) $attlist .= $v.'.'; $attlist .= "'"; } $innertext = stripslashes($innertext); if($keyword!="") $attlist .= " keyword='$keyword'"; $fulltag = "{dede:arclist$attlist} $innertext {/dede:arclist}\r\n"; if($dopost=='savetag') { $dsql = new DedeSql(false); $fulltag = addslashes($fulltag); $tagname = "auto"; $inQuery = " Insert Into #@__mytag(typeid,tagname,timeset,starttime,endtime,normbody,expbody) Values('0','$tagname','0','0','0','$fulltag',''); "; $dsql->ExecuteNoneQuery($inQuery); $id = $dsql->GetLastID(); $dsql->ExecuteNoneQuery("Update #@__mytag set tagname='{$tagname}_{$id}' where aid='$id'"); $dsql->Close(); $fulltag = "{dede:mytag name='{$tagname}_{$id}' ismake='yes'/}"; } require_once(dirname(__FILE__)."/templets/mytag_tag_guide_ok.htm"); ClearAllLink(); ?>
iscommend='$iscommend', click='$click', freenum='$freenum', bookname='$bookname', author='$author', litpic='$litpic', pubdate='$pubdate', description='$description', body='$body', keywords='$keywords', status='$status', ischeck='$ischeck' where id='$bookid' "; if(!$dsql->ExecuteNoneQuery($upQuery)){ ShowMsg("更新数据库时出错,请检查!".$dsql->GetError(),"-1"); $dsql->Close(); exit(); } $dsql->Close(); //生成HTML //--------------------------------- require_once(dirname(__FILE__).'/../../include/inc_arcbook_view.php'); $bv = new BookView($bookid,'book'); $artUrl = $bv->MakeHtml(); $bv->Close();
if($dopost=="clear"){ $dsql = new DedeSql(false); $dsql->ExecuteNoneQuery("Delete From #@__log"); $dsql->Close(); ShowMsg("成功清空所有日志!","log_list.php"); exit(); } else if($dopost=="del") { isset($_COOKIE['ENV_GOBACK_URL']) ? $bkurl =$_COOKIE['ENV_GOBACK_URL'] : $baurl="log_list.php"; $ids = explode('`',$ids); $dquery = ""; foreach($ids as $id){ if($dquery=="") $dquery .= " lid='$id' "; else $dquery .= " Or lid='$id' "; } if($dquery!="") $dquery = " where ".$dquery; $dsql = new DedeSql(false); $dsql->ExecuteNoneQuery("Delete From #@__log $dquery"); $dsql->Close(); ShowMsg("成功删除指定的日志!",$bkurl); exit(); } else{ ShowMsg("无法识别你的请求!","javascript:;"); exit(); } ClearAllLink(); ?>
if($dd=="yes") { copy($fullfilename,$full_litfilename); if(in_array($imgfile_type,$cfg_photo_typenames)) ImageResize($full_litfilename,$w,$h); $urlValue = $bfilename; $imgsrcValue = $litfilename; $info = ""; $sizes = getimagesize($full_litfilename,$info); $imgwidthValue = $sizes[0]; $imgheightValue = $sizes[1]; $imgsize = filesize($full_litfilename); $inquery = " INSERT INTO #@__uploads(title,url,mediatype,width,height,playtime,filesize,uptime,adminid,memberid) VALUES ('小图{$dblitfile}','$imgsrcValue','1','$imgwidthValue','$imgheightValue','0','{$imgsize}','{$nowtme}','".$cuserLogin->getUserID()."','0'); "; $dsql->ExecuteNoneQuery($inquery); }else{ $imgsrcValue = $bfilename; $urlValue = $bfilename; $info = ""; $sizes = getimagesize($fullfilename,$info); $imgwidthValue = $sizes[0]; $imgheightValue = $sizes[1]; $imgsize = filesize($fullfilename); } $info = ''; $bsizes = getimagesize($fullfilename,$info); $bimgwidthValue = $bsizes[0]; $bimgheightValue = $bsizes[1]; $bimgsize = filesize($fullfilename); $inquery = "
if($oldfilename!=$filename) { $oldfilename = $cfg_basedir.$cfg_cmspath."/".$oldfilename; if(is_file($oldfilename)) unlink($oldfilename); } $inQuery = " update #@__sgpage set title='$title', ismake='$ismake', filename='$filename', uptime='$uptime', body='$body' where aid='$aid'; "; $dsql->SetQuery($inQuery); if(!$dsql->ExecuteNoneQuery()) { $dsql->Close(); ShowMsg("更新页面数据时失败,请检查长相是否有问题!","-1"); exit(); } $dsql->Close(); $filename = $cfg_basedir.$cfg_cmspath."/".$filename; if($ismake==1){ $pv = new PartView(); $pv->SetTemplet(stripslashes($body),"string"); $pv->SaveToHtml($filename); $pv->Close(); } else{ $fp = fopen($filename,"w") or die("创建:{$filename} 失败,可能是没有权限!");
//$bigpic = UploadOneImage('bigpic',$bigpicname,$ddisremote); $adminID = $cuserLogin->getUserID(); $postnum = 0; for($i=1;$i<=$photonum;$i++) { $bigpic = UploadOneImage('imgfile'.$i,${'imgurl'.$i},$isremote); if($bigpic!=''){ $titlen = ${'title'.$i}; if(empty($titlen)) $titlen = ${'title'}; $inQuery = " INSERT INTO `#@__story_content`(`title`,`bookname`,`chapterid`,`catid`,`bcatid`,`booktype`,`bookid`,`sortid`, `memberid`,`bigpic`,`body`,`addtime`,`adminid` ) VALUES ('$titlen','$bookname', '$chapterid', '$catid','$bcatid','$booktype', '$bookid','$sortid', '0', '$bigpic' , '', '$addtime','$adminID');"; $rs = $dsql->ExecuteNoneQuery($inQuery); //if(!$rs) echo $inQuery."<hr>\r\n"; if($rs){ $sortid++; $postnum++; } } } $arcID = $dsql->GetLastID(); //更新图书的内容数 $row = $dsql->GetOne("Select count(id) as dd From #@__story_content where bookid = '$bookid' "); $dsql->ExecuteNoneQuery("Update #@__story_books set postnum='{$row['dd']}',lastpost='".time()."' where id='$bookid' "); //更新章节的内容数
echo "配置文件'{$configfile}'不支持写入,严禁修改系统配置参数!"; exit; } $savesql = new DedeSql(false); foreach ($_POST as $k => $v) { if (ereg("^edit___", $k)) { $v = ${$k}; } else { continue; } $k = ereg_replace("^edit___", "", $k); if (strlen($v) > 250) { showmsg("{$k} 太长,不能超过250字节", '-1'); exit; } $savesql->ExecuteNoneQuery("Update #@__config set `config_value`='{$v}' where `config_name`='{$k}' "); } $savesql->SetQuery("Select `config_name`,`config_value` From `#@__config` order by `id` asc"); $savesql->Execute(); if ($savesql->GetTotalRow() <= 0) { $savesql->Close(); ShowMsg("成功保存变量但从数据库读取所有数据时失败,无法更新配置文件!", "javascript:;"); exit; } @copy($configfile, $configfile_bak); $fp = @fopen($configfile, 'w'); @flock($fp, 3); @fwrite($fp, "<" . "?php\r\n") or die("配置文件'{$configfile}'不支持写入,本次操作无效!<a href='system_basic.php'>返回</a>"); while ($row = $savesql->GetArray()) { $row['value'] = str_replace("'", "\\'", $row['config_value']); fwrite($fp, "\${$row['config_name']} = '" . $row['config_value'] . "';\r\n");
<?php require_once(dirname(__FILE__)."/config.php"); empty($_COOKIE['ENV_GOBACK_URL']) ? $ENV_GOBACK_URL = "-1" : $ENV_GOBACK_URL=$_COOKIE['ENV_GOBACK_URL']; CheckPurview('sys_Keyword'); $keyword = trim($keyword); $rank = ereg_replace("[^0-9]","",$rank); if(ereg(" ",$keyword)||$keyword=="") { ShowMsg("关键字不能带有空格或为空!",-1); exit(); } $dsql = new DedeSql(false); $row = $dsql->GetOne("Select * From #@__keywords where keyword like '$keyword'"); if(is_array($row)) { $dsql->Close(); ShowMsg("关键字已存在库中!","-1"); exit(); } $inquery = " INSERT INTO #@__keywords(keyword,rank,sta,rpurl) VALUES ('$keyword','$rank','1','$rpurl'); "; $dsql->SetQuery($inquery); $dsql->ExecuteNoneQuery(); ClearAllLink(); ShowMsg("成功增加一个关键字!",$ENV_GOBACK_URL); ?>
$addquery = ''; } $fquery = "Select aid,$rpfield From $addtable $addquery $limitSql ;"; $dsql->SetQuery($fquery); $dsql->Execute(); while($row=$dsql->GetArray()) { $tjnum++; $body = $row[$rpfield]; $aid = $row['aid']; if(strlen($body) < $cfg_arcautosp_size*1024) continue; if(!preg_match("/#p#/iU",$body)){ $body = SpLongBody($body,$cfg_arcautosp_size*1024,"#p#分页标题#e#"); $body = addslashes($body); $dsql->ExecuteNoneQuery("Update $addtable set $rpfield='$body' where aid='$aid' ; "); } } }//end if limit //返回进度提示 if($totalnum>0) $tjlen = ceil( ($tjnum/$totalnum) * 100 ); else $tjlen=100; $dvlen = $tjlen * 2; $tjsta = "<div style='width:200;height:15;border:1px solid #898989;text-align:left'><div style='width:$dvlen;height:15;background-color:#829D83'></div></div>"; $tjsta .= "<br/>完成处理文档总数的:$tjlen %,继续执行任务..."; if($tjnum < $totalnum) {
From $maintable maintable left join {$addtable} addtable on addtable.aid=maintable.ID where maintable.channel='{$channel}' $addquery limit $startdd,$pagesize ; "; $dsql->SetQuery($fquery); $dsql->Execute(); while($row=$dsql->GetArray()) { $body = $row['body']; $description = $row['description']; if(strlen($description)>10 || $description=='-') continue; $bodytext = preg_replace("/#p#|#e#|副标题|分页标题/isU","",Html2Text($body)); if(strlen($bodytext) < $msize) continue; $des = trim(addslashes(cn_substr($bodytext,$dsize))); if(strlen($des)<3) $des = "-"; $dsql->ExecuteNoneQuery("Update $maintable set description='{$des}' where ID='{$row['ID']}';"); $dsql->ExecuteNoneQuery("Update #@__full_search set addinfos='{$des}' where aid='{$row['ID']}';"); } //返回进度信息 $startdd = $startdd + $pagesize; if($totalnum > $startdd){ $tjlen = ceil( ($startdd/$totalnum) * 100 ); $dvlen = $tjlen * 2; $tjsta = "<div style='width:200;height:15;border:1px solid #898989;text-align:left'><div style='width:$dvlen;height:15;background-color:#829D83'></div></div>"; $tjsta .= "<br/>完成处理文档总数的:$tjlen %,继续执行任务..."; $nurl = "description_fetch_action.php?action=fetch&totalnum=$totalnum&startdd={$startdd}&pagesize=$pagesize&channel={$channel}&rpfield={$rpfield}&dsize={$dsize}&msize={$msize}&sid={$sid}&eid=$eid&addtable=".urlencode($addtable); $dsql->Close(); ShowMsg($tjsta,$nurl,0,500); exit(); }else{ $tjlen=100;
include(dirname(__FILE__)."/templets/area.htm"); /* function add() */ }elseif($action == 'add') { $name = trim($name); if($name == '' ) { ShowMsg('地区名称不能为空,将返回地区管理页面','area.php'); exit; } $reid = intval($reid); $reid = max(0, $reid); $sql = "insert into #@__area (name, reid) values ('$name', $reid);"; $db->SetQuery($sql); if($db->ExecuteNoneQuery()) { ShowMsg('添加地区成功,将返回地区管理页面','area.php'); }else { ShowMsg('更新地区失败,将返回地区管理页面','area.php'); } /* function edit() */ }elseif($action == 'edit') { if(empty($step)){ $sectorscache = '<option value="0">无(作为一级地区)</option>'; $sql = "select * from #@__area where id=$id"; $db->SetQuery($sql);