function EditUserjs($add, $userid, $username)
{
global $empire, $dbtbpre;
$jsid = (int) $add['jsid'];
$jstempid = (int) $add['jstempid'];
if (!$jsid || !$add[jsname] || !$jstempid || !$add[jssql] || !$add[jsfilename]) {
printerror("EmptyUserJsname", "history.go(-1)");
}
$query_first = substr($add['jssql'], 0, 7);
if (!($query_first == "select " || $query_first == "SELECT ")) {
printerror("JsSqlError", "history.go(-1)");
}
//验证权限
CheckLevel($userid, $username, $classid, "userjs");
//删除旧js文件
if ($add['oldjsfilename'] != $add['jsfilename']) {
DelFiletext($add['oldjsfilename']);
}
$add[jssql] = ClearAddsData($add[jssql]);
$sql = $empire->query("update {$dbtbpre}enewsuserjs set jsname='{$add['jsname']}',jssql='" . addslashes($add[jssql]) . "',jstempid={$jstempid},jsfilename='{$add['jsfilename']}' where jsid={$jsid}");
//刷新js
$add[jssql] = addslashes($add[jssql]);
ReUserjs($add, "../");
if ($sql) {
//操作日志
insert_dolog("jsid={$jsid}&jsname={$add['jsname']}");
printerror("EditUserjsSuccess", "ListUserjs.php");
} else {
printerror("DbError", "history.go(-1)");
}
}
function EditUserlist($add, $userid, $username)
{
global $empire, $dbtbpre;
$listid = (int) $add['listid'];
$listtempid = (int) $add['listtempid'];
$maxnum = (int) $add['maxnum'];
$lencord = (int) $add['lencord'];
if (!$listid || !$add[listname] || !$listtempid || !$add[listsql] || !$add[totalsql] || !$add[filepath] || !$add[filetype] || !$add[lencord]) {
printerror("EmptyUserListname", "history.go(-1)");
}
$query_first = substr($add['totalsql'], 0, 7);
$query_firstlist = substr($add['listsql'], 0, 7);
if (!($query_first == "select " || $query_first == "SELECT " || $query_firstlist == "select " || $query_firstlist == "SELECT ")) {
printerror("ListSqlError", "history.go(-1)");
}
//验证权限
CheckLevel($userid, $username, $classid, "userlist");
/*
//删除旧文件
if(!($add['oldfilepath']<>$add['filepath']||$add['oldfiletype']<>$add['filetype']))
{
DelFiletext($add['oldjsfilename']);
}
*/
if (empty($add['pagetitle'])) {
$add['pagetitle'] = $add['listname'];
}
$add[totalsql] = ClearAddsData($add[totalsql]);
$add[listsql] = ClearAddsData($add[listsql]);
$sql = $empire->query("update {$dbtbpre}enewsuserlist set listname='{$add['listname']}',pagetitle='{$add['pagetitle']}',filepath='{$add['filepath']}',filetype='{$add['filetype']}',totalsql='" . addslashes($add['totalsql']) . "',listsql='" . addslashes($add['listsql']) . "',maxnum={$maxnum},lencord={$lencord},listtempid={$listtempid} where listid={$listid}");
//刷新列表
$add[listsql] = addslashes($add[listsql]);
$add[totalsql] = addslashes($add[totalsql]);
ReUserlist($add, "../");
if ($sql) {
//操作日志
insert_dolog("listid={$listid}&listname={$add['listname']}");
printerror("EditUserlistSuccess", "ListUserlist.php");
} else {
printerror("DbError", "history.go(-1)");
}
}
function EditDtTempFiletext($add, $userid, $username)
{
global $empire, $dbtbpre;
//操作权限
CheckLevel($userid, $username, $classid, 'dttemp');
$tempid = (int) $add['tempid'];
if (!$tempid) {
printerror('ErrorUrl', '');
}
$tempr = $empire->fetch1("select tempid,tempname,tempvar,tempfile from {$dbtbpre}enewstempdt where tempid='{$tempid}'");
if (!$tempr['tempid']) {
printerror('ErrorUrl', '');
}
$file = ECMS_PATH . $tempr['tempfile'];
if (!file_exists($file)) {
printerror('FileNotExist', '');
}
$temptext = ClearAddsData($add['temptext']);
WriteFiletext_n($file, $temptext);
//操作日志
insert_dolog("tempid=" . $tempid . "<br>tempname=" . $tempr['tempname']);
printerror("EditDttempSuccess", "EditDttemp.php?tempid={$tempid}" . hReturnEcmsHashStrHref2(0));
}
function TogZt($add, $userid, $username)
{
global $empire, $class_r, $dbtbpre;
$ztid = (int) $add['ztid'];
if (empty($ztid)) {
printerror("ErrorUrl", "history.go(-1)");
}
$r = $empire->fetch1("select ztid,ztname,tbname from {$dbtbpre}enewszt where ztid={$ztid}");
if (empty($r['ztid']) || empty($r['tbname'])) {
printerror("ErrorUrl", "history.go(-1)");
}
$wheresql = "";
$formvar = "";
//关键字
$keyboard = RepPostVar2($add['keyboard']);
if ($keyboard) {
$formvar .= ReturnFormHidden('keyboard', $add['keyboard']);
$searchfsql = '';
if ($add['stitle']) {
$searchfsql .= "title like '%{$keyboard}%'";
$formvar .= ReturnFormHidden('stitle', $add['stitle']);
}
if ($add['susername']) {
if ($searchfsql) {
$or = " or ";
}
$searchfsql .= $or . "username like '%{$keyboard}%'";
$formvar .= ReturnFormHidden('susername', $add['susername']);
}
if ($add['snewstext']) {
$or = "";
if ($searchfsql) {
$or = " or ";
}
$searchfsql .= $or . "newstext like '%{$keyboard}%'";
$formvar .= ReturnFormHidden('snewstext', $add['snewstext']);
}
if ($searchfsql) {
$wheresql = " and (" . $searchfsql . ")";
}
}
//是否推荐
if ($add['isgood']) {
$wheresql .= " and isgood>0";
$formvar .= ReturnFormHidden('isgood', $add['isgood']);
}
//头条
if ($add['firsttitle']) {
$wheresql .= " and firsttitle>0";
$formvar .= ReturnFormHidden('firsttitle', $add['firsttitle']);
}
//有标题图片
if ($add['titlepic']) {
$wheresql .= " and ispic=1";
$formvar .= ReturnFormHidden('titlepic', $add['titlepic']);
}
//审核
if ($add['checked']) {
$wheresql .= " and checked=1";
$formvar .= ReturnFormHidden('checked', $add['checked']);
}
//按栏目刷新
$classid = (int) $add['classid'];
if ($classid) {
$formvar .= ReturnFormHidden('classid', $add['classid']);
//大栏目
if (empty($class_r[$classid][islast])) {
$where = ReturnClass($class_r[$classid][sonclass]);
} else {
$where = "classid='{$classid}'";
}
$wheresql .= " and (" . $where . ")";
}
$startid = (int) $add[startid];
$endid = (int) $add[endid];
$startday = RepPostVar($add[startday]);
$endday = RepPostVar($add[endday]);
$formvar .= ReturnFormHidden('retype', $add['retype']);
//按ID
if ($add['retype']) {
if ($endid) {
$wheresql .= " and id>={$startid} and id<={$endid}";
$formvar .= ReturnFormHidden('startid', $add[startid]) . ReturnFormHidden('endid', $add[endid]);
}
} else {
if ($startday && $endday) {
$wheresql .= " and truetime>=" . to_time($startday . " 00:00:00") . " and truetime<=" . to_time($endday . " 23:59:59");
$formvar .= ReturnFormHidden('startday', $add[startday]) . ReturnFormHidden('endday', $add[endday]);
}
}
//附件sql条件
$query = $add['query'];
if ($query) {
$query = ClearAddsData($query);
//去除adds
$wheresql .= " and (" . $query . ")";
$formvar .= ReturnFormHidden('query', $add['query']);
}
$wheresql = " where ztid not like '%|" . $ztid . "|%'" . $wheresql;
$owheresql = $wheresql . " and ztid=''";
if ($add['doecmszt']) {
if ($add['inid']) {
$add['inid'] = RepPostVar($add['inid']);
$wheresql .= " and id not in (" . $add['inid'] . ")";
$owheresql .= " and id not in (" . $add['inid'] . ")";
}
$repztid = "|" . $ztid . "|";
$conztid = $ztid . "|";
//将空格转换成|
$usql = $empire->query("update {$dbtbpre}ecms_" . $r['tbname'] . " set ztid='|'" . $owheresql);
//组成新专题
$sql = $empire->query("update {$dbtbpre}ecms_" . $r['tbname'] . " set ztid=CONCAT(REPLACE(ztid,'" . $repztid . "','|'),'" . $conztid . "')" . $wheresql);
if ($usql && $sql) {
//操作日志
insert_dolog("ztid={$ztid}&ztname={$r['ztname']}");
printerror("TogZtSuccess", "TogZt.php?ztid={$ztid}");
} else {
printerror("DbError", "history.go(-1)");
}
}
$re[0] = $wheresql;
$re[1] = $formvar . ReturnFormHidden('ztid', $ztid) . ReturnFormHidden('pline', $add[pline]) . ReturnFormHidden('doecmszt', $add[doecmszt]) . ReturnFormHidden('enews', $add[enews]) . ReturnFormHidden('inid', $add[inid]);
$re[2] = $r['tbname'];
$re[3] = $r['ztname'];
return $re;
}
function ReturnFormHidden($vname, $value)
{
$value = htmlspecialchars(ClearAddsData($value));
return "<input type=hidden name=\"" . $vname . "\" value=\"" . $value . "\">";
}
function EchoRepDownLevelForm($add,$newstart){
global $fun_r;
?>
<?=$fun_r['RepOneDLeveSuccess']?>(ID:<font color=red><b><?=$newstart?></b></font>)
<form name="RepDownLevelForm" method="post" action="ecmscom.php">
<?=hReturnEcmsHashStrForm(0)?>
<input type=hidden name="enews" value="RepDownLevel">
<input type=hidden name="start" value="<?=$newstart?>">
<input type=hidden name="tbname" value="<?=$add['tbname']?>">
<input type=hidden name="classid" value="<?=$add['classid']?>">
<input type=hidden name="downpath" value="<?=$add['downpath']?>">
<input type=hidden name="onlinepath" value="<?=$add['onlinepath']?>">
<input type=hidden name="dogroup" value="<?=$add['dogroup']?>">
<input type=hidden name="oldgroupid" value="<?=$add['oldgroupid']?>">
<input type=hidden name="newgroupid" value="<?=$add['newgroupid']?>">
<input type=hidden name="dofen" value="<?=$add['dofen']?>">
<input type=hidden name="oldfen" value="<?=$add['oldfen']?>">
<input type=hidden name="newfen" value="<?=$add['newfen']?>">
<input type=hidden name="doqz" value="<?=$add['doqz']?>">
<input type=hidden name="oldqz" value="<?=$add['oldqz']?>">
<input type=hidden name="newqz" value="<?=$add['newqz']?>">
<input type=hidden name="dopath" value="<?=$add['dopath']?>">
<input type=hidden name="oldpath" value="<?=ehtmlspecialchars(ClearAddsData($add['oldpath']))?>">
<input type=hidden name="newpath" value="<?=ehtmlspecialchars(ClearAddsData($add['newpath']))?>">
<input type=hidden name="doname" value="<?=$add['doname']?>">
<input type=hidden name="oldname" value="<?=ehtmlspecialchars(ClearAddsData($add['oldname']))?>">
<input type=hidden name="newname" value="<?=ehtmlspecialchars(ClearAddsData($add['newname']))?>">
<input type=hidden name="query" value="<?=ehtmlspecialchars(ClearAddsData($add['query']))?>">
</form>
<script>
document.RepDownLevelForm.submit();
</script>
<?
exit();
}
function TogZt($add, $userid, $username)
{
global $empire, $class_r, $dbtbpre;
$ztid = (int) $add['ztid'];
if (empty($ztid)) {
printerror("ErrorUrl", "history.go(-1)");
}
$r = $empire->fetch1("select ztid,ztname from {$dbtbpre}enewszt where ztid='{$ztid}'");
if (empty($r['ztid'])) {
printerror("ErrorUrl", "history.go(-1)");
}
$zcid = (int) $add['zcid'];
$tbname = RepPostVar($add['tbname']);
if (!$tbname) {
printerror('EmptyTogZt', 'history.go(-1)');
}
$tbr = $empire->fetch1("select tid from {$dbtbpre}enewstable where tbname='{$tbname}' limit 1");
if (!$tbr['tid']) {
printerror('EmptyTogZt', 'history.go(-1)');
}
$wheresql = "";
$formvar = "";
//关键字
$keyboard = RepPostVar2($add['keyboard']);
if ($keyboard) {
$formvar .= ReturnFormHidden('keyboard', $add['keyboard']);
$searchfsql = '';
if ($add['stitle']) {
$searchfsql .= "title like '%{$keyboard}%'";
$formvar .= ReturnFormHidden('stitle', $add['stitle']);
}
if ($add['susername']) {
if ($searchfsql) {
$or = " or ";
}
$searchfsql .= $or . "username like '%{$keyboard}%'";
$formvar .= ReturnFormHidden('susername', $add['susername']);
}
if ($searchfsql) {
$wheresql = " and (" . $searchfsql . ")";
}
}
//是否推荐
if ($add['isgood']) {
$wheresql .= " and isgood>0";
$formvar .= ReturnFormHidden('isgood', $add['isgood']);
}
//头条
if ($add['firsttitle']) {
$wheresql .= " and firsttitle>0";
$formvar .= ReturnFormHidden('firsttitle', $add['firsttitle']);
}
//有标题图片
if ($add['titlepic']) {
$wheresql .= " and ispic=1";
$formvar .= ReturnFormHidden('titlepic', $add['titlepic']);
}
//按栏目刷新
$classid = (int) $add['classid'];
if ($classid) {
$formvar .= ReturnFormHidden('classid', $classid);
if (empty($class_r[$classid][islast])) {
$where = ReturnClass($class_r[$classid][sonclass]);
} else {
$where = "classid='{$classid}'";
}
$wheresql .= " and (" . $where . ")";
}
$startid = (int) $add[startid];
$endid = (int) $add[endid];
$startday = RepPostVar($add[startday]);
$endday = RepPostVar($add[endday]);
$formvar .= ReturnFormHidden('retype', $add['retype']);
//按ID
if ($add['retype']) {
if ($endid) {
$wheresql .= " and id>={$startid} and id<={$endid}";
$formvar .= ReturnFormHidden('startid', $add[startid]) . ReturnFormHidden('endid', $add[endid]);
}
} else {
if ($startday && $endday) {
$wheresql .= " and truetime>=" . to_time($startday . " 00:00:00") . " and truetime<=" . to_time($endday . " 23:59:59");
$formvar .= ReturnFormHidden('startday', $add[startday]) . ReturnFormHidden('endday', $add[endday]);
}
}
//附件sql条件
$query = $add['query'];
if ($query) {
$query = ClearAddsData($query);
//去除adds
$wheresql .= " and (" . $query . ")";
$formvar .= ReturnFormHidden('query', $add['query']);
}
if (empty($wheresql)) {
printerror('EmptyTogZt', 'history.go(-1)');
}
$wheresql = substr($wheresql, 5);
if ($add['doecmszt']) {
$togtype = (int) $add['togtype'];
if ($togtype == 1) {
$add['inid'] = eReturnInids($add['inid']);
$wheresql = "id in (" . $add['inid'] . ")";
} else {
if ($add['inid']) {
$add['inid'] = eReturnInids($add['inid']);
$wheresql .= " and id not in (" . $add['inid'] . ")";
}
}
AddMoreInfoToZt($ztid, $zcid, $tbname, $wheresql);
//操作日志
insert_dolog("ztid={$ztid}&ztname={$r['ztname']}");
printerror("TogZtSuccess", "TogZt.php?ztid={$ztid}" . hReturnEcmsHashStrHref2(0));
}
$re[0] = $wheresql;
$re[1] = $formvar . ReturnFormHidden('ztid', $ztid) . ReturnFormHidden('zcid', $zcid) . ReturnFormHidden('tbname', $tbname) . ReturnFormHidden('pline', $add[pline]) . ReturnFormHidden('doecmszt', $add[doecmszt]) . ReturnFormHidden('enews', $add[enews]) . ReturnFormHidden('inid', $add[inid]);
$re[2] = $tbname;
$re[3] = $r['ztname'];
return $re;
}
function LoadOutBq($add, $userid, $username)
{
global $empire, $dbtbpre;
$bqid = (int) $add['bqid'];
if (!$bqid || !$add['funvalue']) {
printerror("EmptyLoadBqid", "history.go(-1)");
}
//验证权限
CheckLevel($userid, $username, $classid, "bq");
$r = $empire->fetch1("select bqid,bqname,bqsay,funname,bq,bqgs from {$dbtbpre}enewsbq where bqid={$bqid}");
if (!$r[bqid]) {
printerror("NotThisBqid", "history.go(-1)");
}
$add['funvalue'] = ClearAddsData($add['funvalue']);
$field = "<!--#empirecms.bq-phome.net#--!>";
$str = $r['bqname'] . $field . stripSlashes($r['bqsay']) . $field . $r['funname'] . $field . $r['bq'] . $field . stripSlashes($r['bqgs']) . $field . $add['funvalue'];
$filename = $r['bq'] . time() . ".bq";
$filepath = ECMS_PATH . DASHBOARD . '/data/tmp/temp/' . $filename;
WriteFiletext_n($filepath, $str);
DownLoadFile($filename, $filepath, 1);
//操作日志
insert_dolog("bqid=" . $bqid . "<br>bqname=" . $r[bqname]);
exit;
}
function EditSql($add, $userid, $username)
{
global $empire, $dbtbpre;
$id = (int) $add[id];
if (!$add['sqlname'] || !$add['sqltext'] || !$id) {
printerror("EmptySqltext", "history.go(-1)");
}
$add[sqltext] = ClearAddsData($add[sqltext]);
$sql = $empire->query("update {$dbtbpre}enewssql set sqlname='" . addslashes($add[sqlname]) . "',sqltext='" . addslashes($add[sqltext]) . "' where id='{$id}'");
if ($sql) {
//操作日志
insert_dolog("id=" . $id . "<br>sqlname=" . $add[sqlname]);
printerror("EditSqlSuccess", "ListSql.php");
} else {
printerror("DbError", "history.go(-1)");
}
}
function EchoSendMsgForm($enews, $returnurl, $start, $line, $checkbox, $add)
{
global $fun_r;
?>
<?php
echo $fun_r['OneSendMsg'];
?>
(<b><font color=red><?php
echo $start;
?>
</font></b>)
<form name="sendform" method="post" action="<?php
echo $returnurl;
?>
">
<input type=hidden name="enews" value="<?php
echo $enews;
?>
">
<input type=hidden name="start" value="<?php
echo $start;
?>
">
<input type=hidden name="line" value="<?php
echo $line;
?>
">
<?php
echo $checkbox;
?>
<input type=hidden name="title" value="<?php
echo htmlspecialchars(ClearAddsData($add[title]));
?>
">
<input type=hidden name="msgtext" value="<?php
echo htmlspecialchars(ClearAddsData($add[msgtext]));
?>
">
</form>
<script>
document.sendform.submit();
</script>
<?php
exit;
}