function resetpwd()
{
global $db;
//判断是否登陆
!isset($_SESSION['user']) && exit('Please login!');
//转到登陆页面
if (!isset($_POST['update'])) {
tpl('resetpwd');
}
//处理修改密码事件
$post = htmlescape($_POST, 'yes');
$rs = $db->row_query_one("SELECT * FROM user WHERE user='******'user']}'");
if (!isset($rs['passwd']) || $rs['passwd'] != md5($post['passwd'])) {
show('提示', '原密码输入错误', '-1');
exit;
}
$arr = array('user' => $post['user'], 'passwd' => md5($post['newpwd']));
$rs = $db->row_update('user', $arr, "user='******'user']}'");
if ($rs) {
$_SESSION['user'] = $post['user'];
show('提示', '修改成功,下次登陆请使用新密码', '?module=admin&act=right');
} else {
show('提示', '修改密码失败,请稍后再试', '-1');
}
exit;
}
protected function createItems($rss, $items)
{
$dom = $this->document;
foreach ($items as $_item) {
$item = $dom->createElement("item");
if (isset($_item["title"])) {
$title = $dom->createElement("title");
$title->nodeValue = htmlescape($_item["title"]);
$item->appendChild($title);
}
if (isset($_item["uri"])) {
$link = $dom->createElement("link");
$link->nodeValue = $_item["uri"];
$item->appendChild($link);
}
if (isset($_item["date"])) {
$pubDate = $dom->createElement("pubDate");
$pubDate->nodeValue = date("r", strtotime($_item["date"]));
$item->appendChild($pubDate);
}
$content = $_item["content"];
if (isset($_item["summary"])) {
$content = $_item["summary"];
}
$desc = $dom->createElement("description");
$desc->appendChild($dom->createCDATASection($content));
$item->appendChild($desc);
$rss->appendChild($item);
}
}
/**
* ------------------------------
* 去除html标签并mysql转义关键字符
* ------------------------------
* @param string/array $str 字符串或数组
* @param string $trim yes/no 是否去空格
* @return string/array
*/
function htmlescape($str, $trim = 'no')
{
if (is_array($str)) {
foreach ($str as $k => $v) {
$str[$k] = htmlescape($v);
}
return $str;
} else {
$a = get_magic_quotes_gpc();
if ($trim == 'yes') {
$str = trim($str);
}
if ($a == 1) {
return htmlspecialchars($str);
} elseif ($a == 0) {
return addslashes(htmlspecialchars($str));
}
}
}
protected function createItems($feed, $items)
{
foreach ($items as $item) {
$itemElem = $feed->addChild("entry");
if (array_isset("title", $item)) {
$itemElem->addChild("title")->setNodeValue(htmlescape($item["title"]));
}
$link = $itemElem->addChild("link");
$link->at("rel", "alternate")->at("type", "text/html")->at("href", $item["link"]);
if (array_isset("description", $item)) {
$itemElem->addChild("summary")->setNodeValue(htmlescape($item["description"]));
}
if (array_isset("content", $item)) {
$content = $itemElem->addChild("content");
$content->at("type", "text")->at("mode", "escaped");
$content->setNodeValue($item["content"], true);
}
if (array_isset("date", $item)) {
$itemElem->addChild("updated")->setNodeValue(date("c", strtotime($item["date"])));
}
}
}
protected function createItems($feed, $items)
{
$dom = $this->document;
foreach ($items as $_item) {
$item = $dom->createElement("entry");
if (isset($_item["title"])) {
$title = $dom->createElement("title");
$title->nodeValue = htmlescape($_item["title"]);
$item->appendChild($title);
}
if (isset($_item["uri"])) {
$link = $dom->createElement("link");
$link->setAttribute("rel", "alternate");
$link->setAttribute("type", "text/html");
$link->setAttribute("href", $_item["uri"]);
$item->appendChild($link);
}
if (isset($_item["date"])) {
$modified = $dom->createElement("modified");
$modified->nodeValue = date("c", strtotime($_item["date"]));
$item->appendChild($modified);
}
if (isset($_item["summary"])) {
$summary = $dom->createElement("summary");
$summary->setAttribute("type", "text/plain");
$summary->nodeValue = htmlescape($_item["summary"]);
$item->appendChild($summary);
}
if (isset($_item["content"])) {
$content = $dom->createElement("content");
$content->setAttribute("type", "text/html");
$content->setAttribute("mode", "escaped");
$content->appendChild($dom->createCDATASection($_item["content"]));
$item->appendChild($content);
}
$feed->appendChild($item);
}
}
protected function getHtmlWriter($name, $inputName, $id = null, $class = null)
{
if ($name !== "" && !in_array($name, $this->allowCols, true)) {
$this->allowCols[] = $name;
}
static $htmlWriter = null;
$value = null;
if ($htmlWriter === null) {
$htmlWriter = new Form_Html();
} else {
$htmlWriter->clear();
}
$value = $this->get($name);
if (isset($this->columns[$name]) && $this->columns[$name]->isBool()) {
if ($value !== null) {
$value = $value ? 1 : 0;
}
} elseif (is_string($value)) {
$value = htmlescape($value);
}
return $htmlWriter->setName($inputName)->setValue($value)->setId($id)->setClass($class);
}
function parse_radio_tag($basedir, $tpl_path, $hf, $attrs)
{
global $CONFIG;
$sel_value = hfvalue($attrs['radio'], $hf);
$name = $attrs['name'];
$delim = htmlescape_back($attrs['delim']);
if (!preg_match("/^\\//", $tpl_path)) {
$tpl_path = "{$basedir}/{$tpl_path}";
}
$lines = preg_split("/[\r\n]+/", file_get_contents($CONFIG['SITE_TEMPLATES'] . $tpl_path));
$result;
for ($i = 0; $i < count($lines); $i++) {
list($value, $desc) = preg_split("/\\|/", $lines[$i]);
if (!strlen($value) && !strlen($desc)) {
continue;
}
parse_lang($desc);
$desc = parse_cache_template($desc, $hf);
if (!array_key_exists('noescape', $attrs)) {
$value = htmlescape($value);
$desc = htmlescape($desc);
}
$str_checked = '';
if ($value == $sel_value) {
$str_checked = " checked='checked' ";
}
$result .= "<label class='radio {$delim}'><input type='radio' name=\"{$name}\" value=\"{$value}\" {$str_checked}>{$desc}</label>";
}
return $result;
}
//var_dump(baseURL);
$images[] = $thumbDiv . '<a href="' . baseURL . pfolder . 'object/' . $match['kid'] . '/e/' . $kid . '/">
<img class="essayImg" src="' . getThumbURLFromFileName($match['Image']['localName'], $thumbWidth, $thumbHeight) . '" title="' . htmlescape(htmlChars($match['Title'])) . '" alt="' . htmlescape(htmlChars($match['Title'])) . '" />
<div class="clearboth"><strong>' . $match['Title'] . '</strong><br />' . '
</div></a></div>';
} else {
$fields = array('Title', 'Image');
$query = new KORA_Clause("KID", "!=", " ");
$multiObj = KORA_Search(token, $projID, $multPartID, $query, $fields);
$m[] = array();
foreach ($multiObj as $mpo) {
$m[] = $mpo['kid'];
}
$assocObj = array_intersect($match['Multi-Part Associator'], $m);
$images[] = $thumbDiv . '<a href="' . baseURL . pfolder . 'object/' . $assocObj[0] . '/y/' . $kid . '/">
<img class="essayImg" src="' . getThumbURLFromFileName($multiObj[$assocObj[0]]['Image']['localName'], $thumbWidth, $thumbHeight) . '" title="' . htmlescape(htmlChars($multiObj[$assocObj[0]]['Title'])) . '" alt="' . htmlescape(htmlChars($multiObj[$assocObj[0]]['Title'])) . '" />
<div class="clearboth"><strong>' . $match['Title'] . '</strong><br />' . '
</div></a></div>';
}
$i++;
$groupNo++;
}
echo "";
}
}
echo "<div>";
echo str_replace($totalReplacements, $images, $value['Description']) . '<br />';
echo "</div>";
} else {
echo "<div>";
echo fixTags($value['Description']) . '<br />';
protected function getHtmlWriter($name, $inputName, $attrs = "")
{
static $htmlWriter = null;
if ($htmlWriter === null) {
$htmlWriter = new Form_Html();
} else {
$htmlWriter->clear();
}
$value = $this->get($name);
if (is_string($value)) {
$value = htmlescape($value, APP_ENCODING);
}
return $htmlWriter->setName($inputName)->setValue($value)->setAttributes($attrs);
}
public function checkbox($data)
{
static $chknm = 0;
$html = array();
$name = $this->name;
$value = $this->value;
if (!is_array($value)) {
$value = array();
}
// remove id.
$attrs = preg_replace('/(^id="[^"]*"| id="[^"]*")/', '', $this->attributes);
foreach ($data as $v => $text) {
$_id = "checkbox_" . $chknm++;
$check = $this->openTag("input", 'id="' . $_id . '" ' . $attrs) . 'type="checkbox" ';
$check .= 'name="' . $name . '[]" value="' . htmlescape($v) . '"';
if (!is_empty($value) && in_array($v, $value)) {
$check .= ' checked="checked"';
}
$check .= ' /><label for="' . $_id . '">' . htmlescape($text) . '</label>';
$html[] = $check;
}
return implode(" " . PHP_EOL, $html);
}
$imageHeader = true;
}
if (!empty($value['Object Type']) && $value['Object Type'] == "Image" && $value['Image Gallery'] != 'True') {
// At the start of each 3 associated objects, start a new row
if ($i == 0) {
echo "\n<tr>";
}
echo '<td valign="top">';
if (!empty($value['Title'])) {
if (!empty($value['Image'])) {
$thumbWidth = 1500;
$thumbHeight = 1500;
//highslide display for SINGLE image
echo '<div id="object">';
echo '<a class="highslide" onclick="return hs.expand(this, { slideshowGroup: \'imgGroup-' . $imageGroupNo . '\' })" href="' . getThumbnailKORA($value['Image']['localName'], 1500, 1500) . '">
<img src="' . getThumbnailKORA($value['Image']['localName'], $thumbWidth, $thumbHeight) . '" title="' . htmlescape(htmlChars($value['Title'])) . '" alt="' . htmlescape(htmlChars($value['Title'])) . '" />
</a>
<div class="highslide-heading">' . $value['Title'] . '</div>
<div class="highslide-caption"><a href="' . baseURL . 'sidiyyababa/object/' . $value['kid'] . '/">View Full Record</a><br />
</div>';
//echo '<div class="clearboth"></div>';
echo '</div>';
$imageGroupNo++;
}
}
if (!empty($value['Title'])) {
if (!empty($value['Image'])) {
echo '<a href="' . getThumbnailKORA($value['Image']['localName'], 1500, 1500) . '" onclick="return hs.expand(this, { slideshowGroup: \'imgGroup-' . $imageGroupNo . '\' })">' . $value['Title'] . '</a>
<div class="highslide-heading">' . htmlChars($value['Title']) . '</div>
<div class="highslide-caption"><a href="' . baseURL . 'sidiyyababa/object/' . $value['kid'] . '/">View Full Record</a><br />
' . '</div>
$mult_fields = array('Part Number', 'Image', 'Title', 'Total Parts', 'Segment Title', 'Transcript', 'Translation', 'Start Time', "End Time");
$mult_order[] = array('field' => 'Part Number', 'direction' => SORT_ASC);
$mult_query = new KORA_Clause("KID", "IN", $mult_assocs);
$mult_obj = KORA_Search(token, $projID, $multPartID, $mult_query, $mult_fields, $mult_order);
//var_dump($mult_obj);
$i = 0;
$j = 0;
$segmentHeader = false;
foreach ($mult_obj as $m) {
echo "<div>";
if (!empty($m['Image'])) {
$thumbWidth = 150;
$thumbHeight = 150;
echo '<div class="object"><a class="highslide" href="' . getFullURLFromFileName($m['Image']['localName'], 1500, 1500) . '" onclick="return hs.expand(this)">';
//echo '<img src="'.getThumbnailKORA($m['Image']['localName'], $thumbWidth, $thumbHeight).'" alt="'.htmlescape(htmlChars($m['Title'])).'" width="95" /></a>
echo '<img src="' . getThumbURLFromFileName($m['Image']['localName'], $thumbWidth, $thumbHeight) . '" alt="' . htmlescape(htmlChars($m['Title'])) . '" width="95" /></a>
<div class="highslide-heading">' . htmlChars($m['Title']) . '</div>
<div class="highslide-caption">Total Pages: ' . $m['Total Parts'] . '</div>
</div>';
if ($i == 3 - 1) {
echo '<div class="clearboth"></div>';
$i = -1;
}
}
if (!empty($m['Segment Title'])) {
if (!$segmentHeader) {
//echo "click sub-title for interview segments<br />";
$segmentHeader = true;
}
function AddRes($CryptKey, $BoardPath, $BoardID, $ThreadID, $FROM, $mail, $MESSAGE)
{
$Subject = file_get_contents($BoardPath . "/" . $BoardID . "/subject.txt", true);
$Num = GetResNumber($BoardPath, $BoardID, $ThreadID) + 1;
SetResNumber($BoardPath, $BoardID, $ThreadID, $Num);
$DatFile = $BoardPath . "/" . $BoardID . "/dat/" . $ThreadID . ".dat";
if (strpos($FROM, "#") !== FALSE) {
$FROMTripKey = substr($FROM, strpos($FROM, "#"), strlen($FROM));
$Trip = MakeTrip($FROMTripKey);
$FROMTrip = str_replace($FROMTripKey, $Trip, $FROM);
} else {
$FROMTrip = $FROM;
}
$htmlFROM = htmlescape($FROMTrip);
$htmlmail = htmlescape($mail);
$ID = MakeID($_SERVER["REMOTE_ADDR"], $CryptKey);
$Date = date("Y/m/d(w) H:i:s.00", time());
$DateJP = preg_replace("/\\((.+?)\\)/", "(" . JapaneseDay(date("w")) . ")", $Date);
$BRMESSAGE = \str_replace(array("\r\n", "\r", "\n"), "<br>", htmlescape($MESSAGE));
$WriteData = "{$htmlFROM}<>{$htmlmail}<>{$DateJP} ID:{$ID}<>{$BRMESSAGE}<>\n";
$sfp = fopen($DatFile, "a");
fwrite($sfp, $WriteData);
fclose($sfp);
}
function action()
{
global $db;
//判断是否登陆
!isset($_SESSION['user']) && exit('Please login!');
//判断tid的合法性
if (isset($_GET['tid']) && $_GET['tid'] > 0 && $_GET['tid'] <= 3) {
$tid = ceil($_GET['tid']);
}
if (isset($_POST['tid']) && $_POST['tid'] > 0 && $_POST['tid'] <= 3) {
$tid = ceil($_POST['tid']);
}
!isset($tid) && exit('tid不合法!');
//获取表的信息
(!isset($_GET['tb']) || $_GET['tb'] == '' || $_GET['tb'] == 0) && exit('tb error!');
$tables = Cache::R('tables', 5000);
if (!$tables) {
$tables = $db->row_select('tables');
@Cache::W('tables', $tables);
}
//获取表名
$tb = intval($_GET['tb']);
!($tbname = get_table_name($tb, $tables)) && exit('tb error!');
//转到添加记录页面
if (isset($_GET['do']) && $_GET['do'] == 'add') {
$arr = array('id' => '', 'tid' => $tid, 'sub' => '添加', 'do' => 'add', 'tb' => $tb);
tpl($tbname . '_edit', 'arr', $arr);
}
//转到修改记录页面
if (isset($_GET['do']) && $_GET['do'] == 'edit') {
(!isset($_GET['id']) || $_GET['id'] == '') && show('', '操作错误!缺少id', '-1');
$id = ceil($_GET['id']);
$arr = $db->row_select_one($tbname, "id={$id}");
$arr['sub'] = '修改';
$arr['do'] = 'edit';
$arr['tb'] = $tb;
tpl($tbname . '_edit', 'arr', $arr);
}
//添加一条记录
if (isset($_POST['add'])) {
$Model = new Model($tbname);
if (isset($_POST['content'])) {
$Model->_validate = array(array('content', ''));
}
$rs = $Model->insert();
$Model->msg($rs, '数据添加成功!', '数据添加失败!', URL);
}
//更新一条记录
if (isset($_POST['edit'])) {
$Model = new Model($tbname);
if (isset($_POST['list_id'])) {
$id = ceil($_POST['id']);
$list_id = ceil($_POST['list_id']);
$post = htmlescape($_POST);
$arr = array('id' => $list_id, 'name' => $post['name'], 'introduction' => $post['introduction'], 'say' => $post['say'], 'img' => $post['img']);
$rs = $db->row_update('teacher', $arr, "id={$id}");
$Model->msg($rs, '数据修改成功!', '数据修改失败!', URL);
}
if (isset($_POST['content'])) {
$Model->_validate = array(array('content', ''));
}
$rs = $Model->update();
if ($tbname == 'studio') {
$Model->msg($rs, '数据修改成功!', '数据修改失败', '?module=admin&act=action&tb=10&tid=1&do=edit&id=1');
}
$Model->msg($rs, '数据修改成功!', '数据修改失败!', URL);
}
//修改开班信息标题
if (isset($_POST['update'])) {
$title = htmlescape($_POST['title']);
$rs = $db->row_update('classes', array('title' => $title), "id=-1");
if ($rs) {
show('', '修改开班信息标题成功!', URL);
} else {
show('', '修改失败,请稍后再试!', '-1');
}
}
//删除一条记录
if (isset($_GET['do']) && $_GET['do'] == 'del') {
(!isset($_GET['id']) || $_GET['id'] == '') && show('', '操作错误!缺少id', '-1');
$id = ceil($_GET['id']);
$rs = $db->row_delete($tbname, "id={$id}");
if ($rs) {
show('提示', '删除成功!', "index.php?module=admin&act=action&tid={$tid}&tb={$tb}");
} else {
show('提示', '删除失败!', '-1');
}
}
//批量删除
if (isset($_POST['del'])) {
!isset($_POST['id']) && show('', '没有选中项', '-1');
$rs = $db->delete_row($tbname, number($_POST['id']));
if ($rs) {
show('提示', '批量删除成功!', URL);
} else {
show('提示', '批量删除失败!', '-1');
}
}
$Page = new Page($tbname, "tid={$tid}");
$pageInfo = $Page->get_basic_info();
$data = $Page->get_data();
$buttonBasic = $Page->button_basic(0, 0);
$buttonSelect = $Page->button_select();
$arr = array('pageInfo' => $pageInfo, 'data' => $data, 'buttonBasic' => $buttonBasic, 'buttonSelect' => $buttonSelect, 'tid' => $tid, 'tb' => $tb);
tpl($tbname, 'arr', $arr);
}
function h($string, $charset = APP_ENCODING)
{
return htmlescape($string, $charset);
}
function h($string, $charset = null)
{
return htmlescape($string, $charset);
}
protected function createItems($rdf, $items)
{
$dom = $this->document;
foreach ($items as $_item) {
$item = $dom->createElement("item");
if (isset($_item["title"])) {
$title = $dom->createElement("title");
$title->nodeValue = htmlescape($_item["title"]);
$item->appendChild($title);
}
if (isset($_item["uri"])) {
$link = $dom->createElement("link");
$link->nodeValue = $_item["uri"];
$item->setAttribute("rdf:about", $_item["uri"]);
$item->appendChild($link);
}
if (isset($_item["date"])) {
$date = $dom->createElement("dc:date");
$date->nodeValue = date("c", strtotime($_item["date"]));
$item->appendChild($date);
}
if (isset($_item["summary"])) {
$desc = $dom->createElement("description");
$desc->nodeValue = htmlescape($_item["summary"]);
$item->appendChild($desc);
}
if (isset($_item["content"])) {
$content = $dom->createElement("content:encoded");
$content->appendChild($dom->createCDATASection($_item["content"]));
$item->appendChild($content);
}
$rdf->appendChild($item);
}
}
