public function checkcodeAction()
{
$api = xiaocms::load_class('image');
$width = $this->get('width');
$height = $this->get('height');
$api->checkcode($width, $height);
}
/**
* 分析URL信息
*/
private static function parse_request()
{
$path_url_string = isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] ? $_SERVER['QUERY_STRING'] : $_SERVER['REQUEST_URI'];
parse_str($path_url_string, $url_info_array);
$controller_name = trim(isset($url_info_array['c']) && $url_info_array['c'] ? $url_info_array['c'] : 'index');
$action_name = trim(isset($url_info_array['a']) && $url_info_array['a'] ? $url_info_array['a'] : 'index');
self::$controller = self::_safe(strtolower($controller_name));
self::$action = self::_safe(strtolower($action_name));
$_GET = array_merge($_GET, $url_info_array);
return true;
}
protected function isAdminLogin()
{
if (xiaocms::get_controller_id() == 'login') {
return false;
}
if ($user_id = $this->session->get('user_id')) {
if ($user_id) {
return false;
}
}
$this->redirect(url('login'));
}
/**
* 自定表内容列表管理
*/
public function indexAction()
{
$modelid = $this->modelid;
if ($this->post('formidarr') && $this->post('status') == 'del') {
foreach ($this->post('formidarr') as $id) {
$this->db->setTableName($this->table)->delete('id=?', $id);
}
$this->show_message('删除成功', 1);
}
$page = (int) $this->get('page') ? (int) $this->get('page') : 1;
$pagelist = xiaocms::load_class('pager');
$total = $this->db->setTableName($this->table)->count();
$pagesize = empty($this->admin['list_size']) ? 10 : $this->admin['list_size'];
$list = $this->db->setTableName($this->table)->pageLimit($page, $pagesize)->getAll(null, null, null, 'id DESC');
$pagelist = $pagelist->total($total)->url(url('diytable/index', array('modelid' => $this->modelid)) . '&page=[page]')->num($pagesize)->page($page)->output();
include $this->admin_tpl('diytable_list');
}
/**
* 表单内容管理
*/
public function indexAction()
{
$cid = (int) $this->get('cid');
$modelid = (int) $this->get('modelid');
if ($this->post('formidarr') && $this->post('status') == 'del') {
foreach ($this->post('formidarr') as $id) {
$this->db->setTableName($this->table)->delete('id=?', $id);
}
$this->show_message('删除成功', 1);
} elseif ($this->post('formidarr') && $this->post('status') == '1') {
foreach ($this->post('formidarr') as $id) {
$this->db->setTableName($this->table)->update(array('status' => 1), 'id=?', $id);
}
$this->show_message('设置成功', 1);
} elseif ($this->post('formidarr') && $this->post('status') == '2') {
foreach ($this->post('formidarr') as $id) {
$this->db->setTableName($this->table)->update(array('status' => 0), 'id=?', $id);
}
$this->show_message('设置成功', 1);
}
$page = (int) $this->get('page') ? (int) $this->get('page') : 1;
$userid = (int) $this->get('userid');
$pagelist = xiaocms::load_class('pager');
if (!empty($userid)) {
$this->db->where('userid=?', $userid);
}
if (!empty($this->cid)) {
$this->db->where('cid=?', $this->cid);
}
$total = $this->db->setTableName($this->table)->count();
$pagesize = empty($this->admin['list_size']) ? 10 : $this->admin['list_size'];
$urlparam = array('userid' => $userid, 'cid' => $this->cid, 'modelid' => $this->modelid);
if (!empty($userid)) {
$this->db->where('userid=?', $userid);
}
if (!empty($this->cid)) {
$this->db->where('cid=?', $this->cid);
}
$list = $this->db->setTableName($this->table)->pageLimit($page, $pagesize)->getAll(null, null, null, 'id DESC');
$pagelist = $pagelist->total($total)->url(url('form/index', $urlparam) . '&page=[page]')->num($pagesize)->page($page)->output();
include $this->admin_tpl('form_list');
}
public function indexAction()
{
$tree = xiaocms::load_class('tree');
$tree->icon = array(' ', ' ', ' ');
$tree->nbsp = ' ';
$categorys = array();
foreach ($this->category_cache as $cid => $r) {
if ($r['ispost'] != 1 || $r['typeid'] != 1) {
continue;
}
$r['disabled'] = $r['child'] ? 'disabled' : '';
$r['selected'] = $cid == $catid ? 'selected' : '';
$categorys[$cid] = $r;
}
$str = "<option value='./index.php?c=post&a=post&catid=\$catid' \$selected \$disabled>\$spacer \$catname</option>";
$tree->init($categorys);
$categorys = $tree->get_tree(0, $str);
$this->view->assign(array('select' => 1, 'post_category' => $categorys));
$this->view->display('post.html');
}
public function indexAction()
{
if ($this->post('member') && $this->post('status') == 'del') {
foreach ($this->post('member') as $id) {
$this->delAction($id, 1);
}
$this->show_message('删除成功', 1);
} elseif ($this->post('member') && $this->post('status') == '1') {
foreach ($this->post('member') as $id) {
$this->db->setTableName('member')->update(array('status' => 1), 'id=?', $id);
}
$this->show_message('设置成功', 1);
} elseif ($this->post('member') && $this->post('status') == '2') {
foreach ($this->post('member') as $id) {
$this->db->setTableName('member')->update(array('status' => 0), 'id=?', $id);
}
$this->show_message('设置成功', 1);
}
$member_model = get_cache('member_model');
$page = (int) $this->get('page') ? (int) $this->get('page') : 1;
$modelid = (int) $this->get('modelid');
$pagelist = xiaocms::load_class('pager');
if ($modelid) {
$this->db->where('modelid=?', $modelid);
}
$total = $this->db->setTableName('member')->count();
$pagesize = empty($this->admin['list_size']) ? 10 : $this->admin['list_size'];
$urlparam = array();
if ($modelid) {
$urlparam['modelid'] = $modelid;
}
$urlparam['status'] = $status;
if ($modelid) {
$this->db->where('modelid=?', $modelid);
}
$list = $this->db->setTableName('member')->pageLimit($page, $pagesize)->getAll(null, null, null, 'status ASC, id DESC');
$pagelist = $pagelist->total($total)->url(url('member/index', $urlparam) . '&page=[page]')->num($pagesize)->page($page)->output();
include $this->admin_tpl('member_list');
}
public function __construct()
{
$params = xiaocms::load_config('database');
if (!is_array($params)) {
exit('数据库配置文件不存在');
}
foreach ($params as $key => $value) {
$params[$key] = trim($value);
}
$dsn_array = array();
$dsn_array['host'] = $params['host'];
$dsn_array['port'] = $params['port'];
$dsn_array['dbname'] = $params['dbname'];
$dsn_array['charset'] = $params['charset'];
$params['dsn'] = sprintf('%s:%s', 'mysql', http_build_query($dsn_array, '', ';'));
$this->_dbName = $params['dbname'];
$this->_prefix = isset($params['prefix']) && $params['prefix'] ? $params['prefix'] : '';
xiaocms::load_class('dbpdo', 0);
$this->_db = dbpdo::getInstance($params);
unset($params['username']);
unset($params['password']);
return true;
}
<?php
/**
* XiaoCms企业建站版
* 官方网站:http://www.xiaocms.com
*/
define('XIAOCMS_PATH', dirname(__FILE__) . DIRECTORY_SEPARATOR);
include XIAOCMS_PATH . 'core/xiaocms.php';
xiaocms::run();
protected function _listdata($param)
{
$_param = explode(' ', $param);
$paramarr = $system = $fields = $_fields = array();
foreach ($_param as $p) {
$mark = strpos($p, '=');
if ($p && $mark !== false) {
$var = substr($p, 0, $mark);
$val = substr($p, $mark + 1);
if (isset($var) && $var) {
$paramarr[$var] = $val;
}
}
}
if (is_array($paramarr)) {
foreach ($paramarr as $key => $val) {
if (in_array($key, array('sql', 'table', 'xiaocms', 'cache', 'page', 'urlrule', 'num', 'order', 'pagesize', 'return'))) {
$system[$key] = $val;
} else {
$fields[$key] = $val;
$_fields[] = $key;
}
}
}
$db = xiaocms::load_class('Model');
if ($system['sql']) {
$sql = substr($param, 4);
$data = $db->query($sql)->fetchAll();
return array('return' => $data);
}
$table1 = isset($system['table']) && $system['table'] ? $system['table'] : 'content';
$from = 'FROM ' . '#xiaocms_' . $table1;
$table1_all_fields = $db->setTableName($table1)->getTableFields();
$table1_fields = array_intersect($_fields, $table1_all_fields);
if (!empty($system['xiaocms'])) {
if ($table1 == 'content') {
if (!empty($fields['catid']) && $this->cats[$fields['catid']]) {
$table2 = $this->cats[$fields['catid']]['tablename'];
} elseif (!empty($fields['modelid'])) {
$content_model = get_cache('content_model');
$table2 = $content_model[$fields['modelid']]['tablename'];
}
} elseif ($table1 == 'member' && isset($fields['modelid']) && $fields['modelid']) {
$member_model = get_cache('member_model');
$table2 = $member_model[$fields['modelid']]['tablename'];
}
if ($table2) {
$table2_all_fields = $db->setTableName($table2)->getTableFields();
$table2_fields = array_intersect($_fields, $table2_all_fields);
$table2_fields = array_diff($table2_fields, $table1_fields);
$table2 = '#xiaocms_' . $table2;
$from .= ' LEFT JOIN ' . $table2 . ' ON `#xiaocms_' . $table1 . '`.`id`=`' . $table2 . '`.`id`';
}
}
$table1 = '#xiaocms_' . $table1;
$where = '';
$fieldsAll = array($table1 => $table1_fields, $table2 => $table2_fields);
foreach ($fieldsAll as $_tablename => $tablename) {
if (is_array($tablename)) {
foreach ($tablename as $field) {
if ($fields[$field] == '') {
continue;
}
if ($field == 'catid' && !empty($fields['catid'])) {
if (!empty($this->cats[$fields['catid']]['child'])) {
$where .= ' AND `' . $_tablename . '`.`catid` IN (' . $this->cats[$fields['catid']]['allchildids'] . ')';
} elseif (strpos($fields['catid'], ',') !== false) {
$where .= ' AND `' . $_tablename . '`.`catid` IN (' . $fields['catid'] . ')';
} else {
$where .= ' AND `' . $_tablename . '`.`catid`=' . $fields['catid'];
}
} elseif ($field == 'id' && !empty($fields['id'])) {
$where .= ' AND `' . $_tablename . '`.`id` IN (' . $fields['id'] . ')';
} elseif ($field == 'thumb' && !empty($fields['thumb'])) {
$where .= $fields['thumb'] ? ' AND `' . $_tablename . '`.`thumb`<>""' : '';
} else {
if (substr($fields[$field], 0, 1) == '(' && substr($fields[$field], -1, 1) == ')') {
$value = substr($fields[$field], 1, strlen($fields[$field]) - 2);
list($v1, $v2) = explode('-', $value);
$v1 = is_numeric($v1) ? $v1 : '"' . addslashes($v1) . '"';
$v2 = is_numeric($v2) ? $v2 : '"' . addslashes($v2) . '"';
$where .= ' AND `' . $_tablename . '`.`' . $field . '` BETWEEN ' . $v1 . ' AND ' . $v2;
} elseif (substr($fields[$field], 0, 1) == '%' || substr($fields[$field], -1, 1) == '%') {
$where .= ' AND `' . $_tablename . '`.`' . $field . '` LIKE \'' . $fields[$field] . '\'';
} elseif (strpos($fields[$field], ',') !== false) {
$where .= ' AND `' . $_tablename . '`.`' . $field . '` IN (' . $fields[$field] . ')';
} else {
$value = is_numeric($fields[$field]) ? $fields[$field] : '"' . $fields[$field] . '"';
$where .= ' AND `' . $_tablename . '`.`' . $field . '`=' . $value . '';
}
}
}
}
}
if ($table1 == '#xiaocms_content' && !isset($fields['status'])) {
$where .= ' AND `#xiaocms_content`.`status`!=0';
}
if ($where) {
if (substr($where, 0, 4) == ' AND') {
$where = ' WHERE' . substr($where, 4);
} else {
$where = ' WHERE' . $where;
}
}
$order = '';
if ($system['order']) {
if ($system['order'] == 'rand()') {
$order .= ' ORDER BY RAND()';
} else {
$orderarr = explode(',', $system['order']);
foreach ($orderarr as $t) {
list($_field, $_order) = explode('_', $t);
$_orderby = isset($_order) && strtoupper($_order) == 'ASC' ? 'ASC' : 'DESC';
if (in_array($_field, $table1_all_fields)) {
$order .= ' `' . $table1 . '`.`' . $_field . '` ' . $_orderby . ',';
} elseif (isset($table2_all_fields) && in_array($_field, $table2_all_fields)) {
$order .= ' `' . $table2 . '`.`' . $_field . '` ' . $_orderby . ',';
}
}
if ($order) {
$order = ' ORDER BY' . substr($order, 0, -1);
}
}
} elseif ($table1 == '#xiaocms_content') {
$order = ' ORDER BY `listorder` DESC ,`time` DESC';
}
$limit = '';
if (!empty($system['num'])) {
$limit = ' LIMIT ' . $system['num'];
} else {
if (isset($system['page'])) {
if (isset($system['urlrule'])) {
$pageurl = $system['urlrule'];
$pagesize = $system['pagesize'] ? $system['pagesize'] : 10;
} elseif ($this->cats[$fields['catid']]) {
$pageurl = self::get_category_url($this->cats[$fields['catid']], 1);
$pagesize = $system['pagesize'] ? $system['pagesize'] : $this->cats[$fields['catid']]['pagesize'];
} else {
$pagesize = $system['pagesize'] ? $system['pagesize'] : 10;
$pageurl = !$_SERVER['QUERY_STRING'] ? $_SERVER['REQUEST_URI'] . (substr($_SERVER['REQUEST_URI'], -1) == '?' ? 'page=[page]' : '?page=[page]') : '';
if (!$pageurl && stristr($_SERVER['QUERY_STRING'], 'page=')) {
$pageurl = str_ireplace('page=' . $system['page'], '', $_SERVER['REQUEST_URI']);
$urllast = substr($pageurl, -1);
if ($urllast == '?' || $urllast == '&') {
$pageurl .= 'page=[page]';
} else {
$pageurl .= '&page=[page]';
}
}
if (!$pageurl) {
$pageurl = $_SERVER['REQUEST_URI'] . '&page=[page]';
}
}
if (!empty($system['cache'])) {
$sqlcache = DATA_DIR . 'models' . DIRECTORY_SEPARATOR . md5($from . $where) . '.sqlcache.php';
if (is_file($sqlcache) && time() - filemtime($sqlcache) < $system['cache'] * 60) {
$count = unserialize(file_get_contents($sqlcache));
} else {
$count = $db->query('SELECT count(*) AS total ' . $from . ' ' . $where)->fetchAll();
file_put_contents($sqlcache, serialize($count), LOCK_EX);
}
} else {
$count = $db->query('SELECT count(*) AS total ' . $from . ' ' . $where)->fetchAll();
}
$limit = ' LIMIT ' . $pagesize * ($system['page'] - 1) . ',' . $pagesize;
$pagelist = xiaocms::load_class('pagerview');
$pagelist = $pagelist->total($count['0']['total'])->url($pageurl)->num($pagesize)->hide()->page($system['page'])->output();
}
}
if (!empty($system['cache'])) {
$sqlcache = DATA_DIR . 'models' . DIRECTORY_SEPARATOR . md5($from . $where . $order . $limit) . '.sqlcache.php';
if (is_file($sqlcache) && time() - filemtime($sqlcache) < $system['cache'] * 60) {
$data = unserialize(file_get_contents($sqlcache));
} else {
$data = $db->query('SELECT * ' . $from . $where . $order . $limit)->fetchAll();
file_put_contents($sqlcache, serialize($data), LOCK_EX);
}
} else {
$data = $db->query('SELECT * ' . $from . $where . $order . $limit)->fetchAll();
}
if (isset($system['return']) && $system['return']) {
return array('pagelist_' . $system['return'] => $pagelist, 'return_' . $system['return'] => $data);
}
foreach ($data as $key => $t) {
$data[$key]['url'] = self::get_show_url($t);
}
return array('pagelist' => $pagelist, 'return' => $data);
}
/**
* 汉字转为拼音
*/
function word2pinyin($word)
{
if (empty($word)) {
return '';
}
$pin = xiaocms::load_class('pinyin');
return str_replace('/', '', $pin->output($word));
}
public static function related($name, $content = '', $setting = '')
{
$style = isset($setting['size']) ? " style='width:" . ($setting['size'] ? $setting['size'] : 200) . "px;'" : '';
if ($content) {
$_db = xiaocms::load_class('Model');
$view = xiaocms::load_class('view');
$_ids = $_db->setTableName('content')->getAll('id IN (' . $content . ')', null, 'id,title', 'id desc');
foreach ($_ids as $t) {
$ids .= '<li id="v1' . $t['id'] . '"><span><a href=' . $view->get_show_url($t) . ' target="_blank">' . $t['title'] . '</a></span><a href="javascript:;" class="close" onclick="remove_relation(\'v1' . $t['id'] . '\',' . $t['id'] . ',\'' . $name . '\')"></a></li>';
}
}
$str = '
<input type="text" class="input-text" name="data[' . $name . ']" id="' . $name . '" readonly value="' . $content . '" ' . $style . ' >
<input type="button" value="添加相关" onClick="omnipotent(\'selectid\',\'' . url('content/related', array('name' => $name)) . '\',\'添加相关内容\',1)" class="button">
<ul class="list-dot" id="' . $name . '_text">' . $ids . '</ul>
';
return $str;
}
/**
* 文件上传
*/
private function upload($fields, $type, $size)
{
$upload = xiaocms::load_class('upload');
$ext = strtolower(substr(strrchr($_FILES[$fields]['name'], '.'), 1));
if (in_array($ext, array('jpg', 'jpeg', 'bmp', 'png', 'gif'))) {
$dir = 'image';
} else {
$dir = 'file';
}
$path = $this->dir . $dir . '/' . date('Ym') . '/';
if (!is_dir(XIAOCMS_PATH . $path)) {
mkdirs(XIAOCMS_PATH . $path);
}
$file = $_FILES[$fields]['name'];
$filename = md5(time() . $_FILES[$fields]['name']) . '.' . $ext;
$filenpath = $path . $filename;
$result = $upload->set_limit_size(1024 * 1024 * $size)->set_limit_type($type)->upload($_FILES[$fields], XIAOCMS_PATH . $filenpath);
if (in_array($ext, array('jpg', 'gif', 'png', 'bmp'))) {
$this->watermark(XIAOCMS_PATH . $filenpath);
}
return array('result' => $result, 'path' => SITE_PATH . $filenpath, 'file' => $file, 'ext' => $dir == 'image' ? 1 : $ext);
}
protected function get_data_fields($fields, $data = array())
{
if (empty($fields)) {
return false;
}
$field = xiaocms::load_class('field');
$data_fields = '';
foreach ($fields as $t) {
if (!defined('XIAOCMS_ADMIN') && !$t['isshow']) {
continue;
}
$data_fields .= '<tr><th>' . (!empty($t['pattern']) ? ' <font color="red">*</font> ' : '') . $t['name'] . ':</th><td>';
$t['setting'] = $t['setting'] ? string2array($t['setting']) : 0;
$content = !isset($data[$t['field']]) ? $t['setting']['defaultvalue'] : $data[$t['field']];
if (method_exists($field, $t['formtype'])) {
$data_fields .= $field->{$t}['formtype']($t['field'], $content, $t['setting']);
}
$data_fields .= ($t['tips'] ? '<div class="onShow">' . $t['tips'] . '</div>' : '') . '</td></tr>';
}
return $data_fields;
}
/**
* 附加
*/
private function additionalAction($data)
{
$data['keywords'] = str_replace(array(',', ' '), ',', $data['keywords']);
$content = htmlspecialchars_decode($data['content']);
if (empty($data['description']) && isset($data['content']) && isset($data['xiao_auto_description'])) {
$data['description'] = str_replace(array(' ', ' '), array('', ''), strcut(strip_tags($content), 200));
}
if (isset($data['content']) && $data['xiao_download_image'] && $this->site_config['site_download_image']) {
if (preg_match_all("/(src)=([\"|']?)([^ \"'>]+\\.(gif|jpg|jpeg|bmp|png))\\2/i", $content, $imgs)) {
$images = array_unique($imgs[3]);
$regex = $replace = array();
$path = 'data/upload/image/' . date('Ym') . '/';
if (!is_dir(XIAOCMS_PATH . $path)) {
mkdirs(XIAOCMS_PATH . $path);
}
$image = xiaocms::load_class('image');
foreach ($images as $img) {
if (strpos($img, SITE_URL) !== false || substr($img, 0, 7) != 'http://') {
continue;
}
$fileext = fileext($img);
$name = $path . md5($img . time()) . '.' . $fileext;
$content = @file_get_contents($img);
if (empty($content)) {
continue;
}
if (file_put_contents(XIAOCMS_PATH . $name, $content)) {
if ($this->site_config['site_watermark']) {
$image->watermark(XIAOCMS_PATH . $name, $this->site_config['site_watermark_pos']);
}
}
$regex[] = $img;
$replace[] = SITE_PATH . $name;
}
}
$result = count($regex) > 0 ? array('regex' => $regex, 'replace' => $replace) : null;
if (isset($result) && $result) {
$image = $result['replace'][0];
$data['content'] = str_replace($result['regex'], $result['replace'], $data['content']);
}
}
if (empty($data['thumb']) && isset($data['content']) && isset($data['xiao_auto_thumb'])) {
if (preg_match("<img.*src=[\"](.*?)[\"].*?>", htmlspecialchars_decode($data['content']), $regs)) {
$data['thumb'] = $regs[1];
}
}
return $data;
}
/**
* 内容搜索
*/
public function searchAction()
{
$kw = urldecode($this->get('kw'));
if ($kw == '') {
$this->show_message('请输入要搜索的关键字 如:xiaocms');
}
$catid = $catid ? $catid : (int) $this->get('catid');
$modelid = $modelid ? $modelid : (int) $this->get('modelid');
$page = (int) $this->get('page') ? (int) $this->get('page') : 1;
$pagesize = 10;
$urlparam = array();
$urlparam['kw'] = $kw;
$url = url('index/search', $urlparam);
if ($catid) {
$this->db->where('catid=?', $catid);
}
if ($modelid) {
$this->db->where('modelid=?', $modelid);
}
$data = $this->db->setTableName('content')->pageLimit($page, $pagesize)->where("`title` LIKE ?", '%' . $kw . '%')->getAll(null, null, null, array('listorder DESC', 'time DESC'));
foreach ($data as $key => $t) {
$data[$key]['url'] = $this->view->get_show_url($t);
}
if ($catid) {
$this->db->where('catid=?', $catid);
}
if ($modelid) {
$this->db->where('modelid=?', $modelid);
}
$total = $this->db->setTableName('content')->where("`title` LIKE ?", '%' . $kw . '%')->count();
$pagelist = xiaocms::load_class('pager');
$pagelist = $pagelist->total($total)->url($url . '&page=[page]')->hide(true)->num($pagesize)->page($page)->output();
$this->view->assign($this->listSeo($cat, $page, $kw));
$this->view->assign(array('kw' => $kw, 'pagelist' => $pagelist, 'data' => $data, 'num' => $total, 'site_title' => '搜索 ' . $kw . ' - ' . $this->site_config['site_name'], 'site_keywords' => $kw, 'site_description' => '搜索 ' . $kw . ' - ' . base64_decode('5qyi6L+O5L2/55SoWElBT0NNUw==')));
$this->view->display('search.html');
}