function move_attachment($entity, $entityID) { move_attachment($entity, $entityID); }
$client->set_value("clientModifiedTime", date("Y-m-d")); $clientID = $client->get_id(); $client->set_values("client_"); if (!$client->get_id()) { // New client. $client->set_value("clientCreatedTime", date("Y-m-d")); $new_client = true; } if (!$TPL["message"]) { $client->save(); $clientID = $client->get_id(); $client->set_values("client_"); } } else { if ($_POST["save_attachment"]) { move_attachment("client", $clientID); alloc_redirect($TPL["url_alloc_client"] . "clientID=" . $clientID . "&sbs_link=attachments"); } else { if ($_GET["get_vcard"]) { $clientContact = new clientContact(); $clientContact->set_id($_GET["clientContactID"]); $clientContact->select(); $clientContact->output_vcard(); return; } else { if ($_POST["delete"]) { $client->read_globals(); $client->delete(); alloc_redirect($TPL["url_alloc_clientList"]); } else { $client->set_id($clientID);
if (isset($taskID)) { // Displaying a record $task->set_id($taskID); $task->select(); // Creating a new record } else { $_POST["dateCreated"] = date("Y-m-d H:i:s"); $task->read_globals(); $taskID = $task->get_id(); if (has("project") && $task->get_value("projectID")) { $project = $task->get_foreign_object("project"); } } // if someone uploads an attachment if ($_POST["save_attachment"]) { move_attachment("task", $taskID); alloc_redirect($TPL["url_alloc_task"] . "taskID=" . $taskID . "&sbs_link=attachments"); } // If saving a record if ($_POST["save"] || $_POST["save_and_back"] || $_POST["save_and_new"] || $_POST["save_and_summary"] || $_POST["timeSheet_save"] || $_POST["close_task"]) { $task->read_globals(); if ($_POST["close_task"]) { $task->set_value("taskStatus", "closed_complete"); } // If we're auto-nuking the pending tasks, we need to do that before the call to task->save() if ($task->get_id() && !$_POST["pendingTasksIDs"]) { $task->add_pending_tasks($_POST["pendingTasksIDs"]); } // Moved all validation over into task.inc.php save() $success = $task->save(); count($msg) and $msg = "&message_good=" . urlencode(implode("<br>", $msg));
//多生成一张1:1的图片,方便标签调用 gdpic(ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}", "{$Newpicpath}.jpg.jpg", $picWidth ? $picWidth : 300, $picWidth ? $picWidth : 300, $webdb[autoCutSmallPic] ? array('fix' => 1) : ''); gdpic(ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}", $Newpicpath, $picWidth ? $picWidth : 300, $picHeight ? $picHeight : 225, $webdb[autoCutSmallPic] ? array('fix' => 1) : ''); if (file_exists($Newpicpath)) { $postdb[picurl] = $smallpic; //FTP上传文件到远程服务器 if ($webdb[ArticleDownloadUseFtp]) { ftp_upfile($Newpicpath, $postdb[picurl]); } } } else { if (file_exists(ROOT_PATH . "{$webdb['updir']}/{$post_picurl}.jpg")) { move_attachment($lfjuid, tempdir("{$post_picurl}.jpg"), $downloadDIR, 'small'); } if (file_exists(ROOT_PATH . "{$webdb['updir']}/{$post_picurl}.jpg.jpg")) { move_attachment($lfjuid, tempdir("{$post_picurl}.jpg.jpg"), $downloadDIR, 'small'); } } } //FTP上传文件到远程服务器 if ($webdb[ArticleDownloadUseFtp] && $file_db) { foreach ($file_db as $key => $value) { if (is_file(ROOT_PATH . "{$webdb['updir']}/{$value}")) { ftp_upfile(ROOT_PATH . "{$webdb['updir']}/{$value}", $value); } } } //如果系统设置自动提取关键字的话,只有当用户没设置关键字,才自动提取. if ($job == 'postnew' && $webdb[autoGetKeyword] && !$postdb[keywords]) { $postdb[keywords] = keyword_ck($postdb[keywords], $postdb[title]); }
} } // Displaying a record $project->set_id($projectID); $project->select() || alloc_error("Could not load project {$projectID}"); } else { // Creating a new record $project->read_globals(); $projectID = $project->get_id(); $project->select(); } // Comments $TPL["comment_buttons"] = "<input type=\"submit\" name=\"comment_save\" value=\"Save Comment\">"; // if someone uploads an attachment if ($_POST["save_attachment"]) { move_attachment("project", $projectID); alloc_redirect($TPL["url_alloc_project"] . "projectID=" . $projectID . "&sbs_link=attachments"); } $project->set_values("project_"); $db = new db_alloc(); $clientID = $project->get_value("clientID") or $clientID = $_GET["clientID"]; $client = new client(); $client->set_id($clientID); $client->select(); $client->set_tpl_values("client_"); // If a client has been chosen if ($clientID) { $query = prepare("SELECT * \n FROM clientContact\n WHERE clientContact.clientID = %d AND clientContact.primaryContact = true", $clientID); $db->query($query); $cc = new clientContact(); $cc->read_db_record($db);
function query_article_module($mid, $type, $post_db, $basedb) { global $db, $pre; extract($basedb); if (!($fidDB = $db->get_one("SELECT * FROM {$pre}article_module WHERE id='{$mid}'"))) { return; } $m_config = unserialize($fidDB[config]); foreach ($m_config[field_db] as $key => $rs) { if ($rs[mustfill] == 1) { if (is_array($post_db[$rs[field_name]])) { $ckk = ''; foreach ($post_db[$rs[field_name]][url] as $Url) { if ($Url) { $ckk++; } } if (!$ckk && !$post_db[$rs[field_name]][0]) { showerr("{$rs[title]}不能为空"); } } elseif (!$post_db[$rs[field_name]]) { showerr("{$rs[title]}不能为空"); } } if (($rs[mustfill] == 2 || $rs[form_type] == 'pingfen') && $post_db[$rs[field_name]]) { showerr("{$rs[title]}不能私自提交内容"); } if ($rs[field_type] == 'int' && $post_db[$rs[field_name]] && !ereg("^[0-9]+\$", $post_db[$rs[field_name]])) { showerr("{$rs[title]}只能为数字"); } if ($rs[field_type] == 'varchar') { $rs[field_leng] = $rs[field_leng] ? $rs[field_leng] : 255; if (strlen($post_db[$rs[field_name]]) > $rs[field_leng]) { showerr("{$rs[title]}不能超过{$rs[field_leng]}个字符,一个汉字等于两个字符"); } } if ($rs[field_type] == 'int') { $rs[field_leng] = $rs[field_leng] ? $rs[field_leng] : 10; if (strlen($post_db[$rs[field_name]]) > $rs[field_leng]) { showerr("{$rs[title]}不能超过{$rs[field_leng]}个字符"); } } if ($rs[form_type] == 'upmoremv') { unset($_array); foreach ($post_db[$rs[field_name]][url] as $key => $value) { if (!$value) { continue; } $_array[] = "{$value}@@@{$post_db[$rs[field_name]][name][$key]}@@@{$post_db[$rs[field_name]][fen][$key]}@@@{$post_db[$rs[field_name]][type][$key]}"; } $post_db[$rs[field_name]] = implode("\n", $_array); } if ($rs[form_type] == 'upmorefile' || $rs[form_type] == 'upmorepic') { unset($_array); foreach ($post_db[$rs[field_name]][url] as $key => $value) { if (!$value) { continue; } $_array[] = "{$value}@@@{$post_db[$rs[field_name]][name][$key]}@@@{$post_db[$rs[field_name]][fen][$key]}"; } $post_db[$rs[field_name]] = implode("\n", $_array); } if ($rs[form_type] == 'upplay') { unset($_array); foreach ($post_db[$rs[field_name]][url] as $key => $value) { if (!$value) { continue; } $_array[] = "{$value}@@@{$post_db[$rs[field_name]][type][$key]}"; } $post_db[$rs[field_name]] = implode("\n", $_array); } } if ($type == '') { return; } foreach ($m_config[is_html] as $key => $value) { $post_db[$key] = str_replace("<img ", "<img onload=\\'if(this.width>600)makesmallpic(this,600,800);\\' ", $post_db[$key]); //图片目录转移 $post_db[$key] = move_attachment($uid, $post_db[$key], "article/{$fid}"); //获取远程图片 //$post_db[$key]=get_outpic($post_db[$key],$GetOutPic); $post_db[$key] = En_TruePath($post_db[$key]); $post_db[$key] = preg_replace('/javascript/i', 'java script', $post_db[$key]); //过滤js代码 $post_db[$key] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $post_db[$key]); //过滤框架代码 } $_array = array_flip($m_config[is_html]); foreach ($post_db as $key => $value) { if (is_array($value)) { $post_db[$key] = implode("/", $value); } elseif (!@in_array($key, $_array)) { $post_db[$key] = filtrate($value); } } unset($sqldb); if ($type == 'add') { $sqldb['aid'] = "aid='{$aid}'"; $sqldb['rid'] = "rid='{$rid}'"; $sqldb['fid'] = "fid='{$fid}'"; $sqldb['uid'] = "uid='{$uid}'"; $array = table_field("{$pre}article_content_{$fidDB['id']}"); foreach ($array as $key => $value) { if (in_array($value, array('aid', 'rid', 'fid', 'uid', 'id'))) { continue; } isset($post_db[$value]) && ($sqldb["{$value}"] = "`{$value}`='{$post_db[$value]}'"); } $sql = implode(",", $sqldb); $sql && $db->query("INSERT INTO `{$pre}article_content_{$mid}` SET {$sql}"); } elseif ($type == 'edit') { $array = table_field("{$pre}article_content_{$mid}"); foreach ($array as $key => $value) { //if(in_array($value,array('aid','rid','fid','uid','id'))) //{ // continue; //} if (!$m_config[field_db][$value]) { continue; //非用户自定义字段,如一些点击率之类的字段,就不能更新 } //isset($post_db[$value]) && $sqldb[] = "`{$value}`='{$post_db[$value]}'"; } $sql = implode(",", $sqldb); $sql && $db->query("UPDATE `{$pre}article_content_{$fidDB['id']}` SET fid='{$basedb['fid']}',{$sql} WHERE id='{$i_id}' "); } }
if (!$photodb) { showmsg("请上传一张图片"); } if (!$postdb[fid]) { showmsg("请选择一个栏目"); } $aidDB = ''; $ck = 0; unset($aiddb); $II = 1; $fidDB = $db->get_one(" SELECT * FROM {$pre}sort WHERE fid='{$postdb['fid']}' "); $fidDB[type] != 0 && showerr("你只能选择子栏目发表内容!"); $fname = $fidDB[name]; foreach ($photodb as $key => $photo) { //图片目录转移 move_attachment($userdb[uid], tempdir($photo), "article/{$postdb['fid']}"); if (file_exists(ROOT_PATH . "{$webdb['updir']}/article/{$postdb['fid']}/" . basename($photo))) { $photo = "article/{$postdb['fid']}/" . basename($photo); } if ($batch == 0) { $postdb[title] = $namedb[$key]; } else { $postdb[title] = $title; } if (!$postdb[picurl] && $webdb[if_gdimg]) { $smallpic = str_replace(".", "_", $photo) . ".gif"; $Newpicpath = ROOT_PATH . "{$webdb['updir']}/{$smallpic}"; gdpic(ROOT_PATH . "{$webdb['updir']}/{$photo}", $Newpicpath, 200, 150); if (file_exists($Newpicpath)) { $postdb[picurl] = "{$smallpic}"; } else {
function checkpost($field_db, &$postdb, $rsdb = '') { foreach ($field_db as $key => $rs) { //检查必填项目 if ($rs[mustfill] == 1) { if (is_array($postdb[$rs[field_name]])) { if (implode('', $postdb[$rs[field_name]]) === '') { showerr("{$rs['title']},你必须选择一项"); } } elseif ($postdb[$rs[field_name]] === '' || !isset($postdb[$rs[field_name]])) { showerr("{$rs['title']},不能为空"); } } //检查是否是整数 if ($rs[field_type] == 'int' && $postdb[$rs[field_name]] && !ereg("^[-0-9]+\$", $postdb[$rs[field_name]])) { showerr("{$rs['title']} 必须为整数"); } //检查是否超出字数 if ($rs[field_type] == 'varchar') { $rs[field_leng] = $rs[field_leng] ? $rs[field_leng] : 255; if (strlen($postdb[$rs[field_name]]) > $rs[field_leng]) { showerr("{$rs['title']} 不能超过 {$rs[field_leng]} 个字"); } } if ($rs[field_type] == 'int') { $rs[field_leng] = $rs[field_leng] ? $rs[field_leng] : 10; if (strlen($postdb[$rs[field_name]]) > $rs[field_leng]) { showerr("{$rs['title']} 不能超过 {$rs[field_leng]} 个字"); } } if ($rs[form_type] == 'upmorefile' || $rs[form_type] == 'upmorepic') { //修改的时候 $array = array(); if ($rsdb[$rs[field_name]]) { $detail = explode("\n", $rsdb[$rs[field_name]]); foreach ($detail as $value) { $d = explode("@@@", $value); $array[] = $d[0]; } } foreach ($postdb[$rs[field_name]][url] as $key => $value) { if (!$value) { continue; } //修改的时候.就不需要 if (!@in_array($value, $array)) { //$this->cut_img($value,$postdb); //裁个小图出来 //$this->img_water($value); //加水印 } //标题介绍图 if (!$postdb[picurl]) { $postdb[picurl] = $value; $postdb[ispic] = 1; } $_array[] = "{$value}@@@{$postdb[$rs[field_name]][name][$key]}@@@{$postdb[$rs[field_name]][fen][$key]}"; } $postdb[$rs[field_name]] = implode("\n", $_array); } if ($rs[form_type] == 'ieedit' || $rs[form_type] == 'ieeditsimp') { global $lfjdb, $_pre; $postdb[$key] = str_replace("<img ", "<img onload=\\'if(this.width>600)makesmallpic(this,600,800);\\' ", $postdb[$key]); $postdb[$key] = move_attachment($lfjdb[uid], $postdb[$key], "{$_pre}/" . date("W")); $postdb[$key] = En_TruePath($postdb[$key]); //过滤js代码 $postdb[$key] = preg_replace('/javascript/i', 'java script', $postdb[$key]); //过滤框架代码 $postdb[$key] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $postdb[$key]); } elseif ($rs[form_type] == 'classdb') { $postdb[$key] = filtrate(implode("/#/", $postdb[$key])); } else { if (is_array($postdb[$key])) { $postdb[$key] = implode("/", $postdb[$key]); } //过滤不安全的字符 $postdb[$key] = filtrate($postdb[$key]); } if (strlen($postdb[$key]) > 30000) { showerr("内容不能大于1.5万个汉字"); } } }
$postdb[picurl] = str_replace(".", "_", $file_db[0]) . '.gif'; $Newpicpath = ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}"; gdpic(ROOT_PATH . "{$webdb['updir']}/{$file_db['0']}", $Newpicpath, 200, 150); if (!file_exists($Newpicpath)) { $postdb[picurl] = $file_db[0]; } } } } if ($postdb[picurl]) { $postdb[ispic] = 1; } else { $postdb[ispic] = 0; } //图片目录转移 $postdb[content] = move_attachment($lfjdb[uid], $postdb[content], "{$_pre}/{$fid}"); //获取远程图片 $postdb[content] = get_outpic($postdb[content], $fid, $GetOutPic); $postdb[content] = En_TruePath($postdb[content]); $postdb[content] = preg_replace('/javascript/i', 'java script', $postdb[content]); //过滤js代码 $postdb[content] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $postdb[content]); //过滤框架代码 foreach ($postdb as $key => $value) { if ($key == 'content') { continue; } $postdb[$key] = filtrate($value); } $db->query("UPDATE `{$_pre}content` SET title='{$postdb['title']}',keywords='{$postdb['keywords']}',picurl='{$postdb['picurl']}',ispic='{$postdb['ispic']}',city_id='{$city_id}',iframeurl='{$postdb['iframeurl']}',jumpurl='{$postdb['jumpurl']}',author='{$postdb['author']}',copyfrom='{$postdb['copyfrom']}',copyfromurl='{$postdb['copyfromurl']}' WHERE id='{$id}'"); $db->query("UPDATE `{$_pre}content_1` SET content='{$postdb['content']}' WHERE id='{$id}'");
} else { if ($_POST["invoiceItem_delete"]) { $invoiceItem->select(); $invoiceItem->delete(); $TPL["message_good"][] = "Invoice Item deleted."; alloc_redirect($TPL["url_alloc_invoice"] . "invoiceID=" . $invoiceID); } } } // Displaying a record $invoice->set_id($invoiceID); $invoice->select(); // if someone uploads an attachment } else { if ($_POST["save_attachment"]) { move_attachment("invoice", $invoiceID); $TPL["message_good"][] = "Attachment saved."; alloc_redirect($TPL["url_alloc_invoice"] . "invoiceID=" . $invoiceID); } } } } if ($invoiceID && $invoiceItemIDs) { $currency = $invoice->get_value("currencyTypeID"); $q = prepare("SELECT SUM(IF((iiTax IS NULL OR iiTax = 0) AND value,\n (value/100+1) * iiAmount * pow(10,-currencyType.numberToBasic),\n iiAmount * pow(10,-currencyType.numberToBasic)\n )) as sum_iiAmount\n FROM invoiceItem \n LEFT JOIN invoice on invoiceItem.invoiceID = invoice.invoiceID\n LEFT JOIN currencyType on invoice.currencyTypeID = currencyType.currencyTypeID\n LEFT JOIN config ON config.name = 'taxPercent'\n WHERE invoiceItem.invoiceID = %d", $invoiceID); $db->query($q); $db->next_record() and $TPL["invoiceTotal"] = page::money($currency, $db->f("sum_iiAmount"), "%S%m %c"); $q = prepare("SELECT sum(amount * pow(10,-currencyType.numberToBasic)) as sum_transaction_amount\n FROM transaction \n LEFT JOIN currencyType on transaction.currencyTypeID = currencyType.currencyTypeID\n WHERE status = 'approved' \n AND invoiceItemID in (%s)", $invoiceItemIDs); $db->query($q); $db->next_record() and $TPL["invoiceTotalPaid"] = page::money($currency, $db->f("sum_transaction_amount"), "%S%m %c"); }
showerr("名称不能为空"); } elseif (!$postdb[fid]) { showerr("分类不能为空"); } if (strlen($postdb[title]) > 150) { showerr("名称不能大于150个字节"); } elseif (strlen($postdb[content]) > 10000) { showerr("内容不能大于10000个字节"); } if ($postdb[picurl] && !eregi("(jpg|gif|png)\$", $postdb[picurl])) { showerr("封面只能是JPG,PNG,GIF格式的图片"); } /*缩略图处理*/ if ($postdb[picurl] && !strstr($postdb[picurl], "http://")) { //图片目录转移 move_attachment($lfjdb[uid], tempdir($postdb[picurl]), "special/{$postdb['fid']}"); if (file_exists(ROOT_PATH . "{$webdb['updir']}/special/{$postdb['fid']}/" . basename($postdb[picurl]))) { $postdb[picurl] = "special/{$postdb['fid']}/" . basename($postdb[picurl]); } $water_info = getimagesize(ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}"); if ($webdb[if_gdimg] && $water_info[0] > 150) { gdpic(ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}", ROOT_PATH . "{$webdb['updir']}/{$postdb['picurl']}", 200, 150); } } $postdb[title] = filtrate($postdb[title]); $postdb[content] = filtrate($postdb[content]); $postdb[picurl] = filtrate($postdb[picurl]); $postdb[banner] = filtrate($postdb[banner]); $postdb[allowpost] = @implode(",", $postdb[allowpost]); } }
if ($rs[form_type] == 'upmorefile') { unset($_array); foreach ($postdb[$rs[field_name]][url] as $key => $value) { if (!$value) { continue; } $_array[] = "{$value}@@@{$postdb[$rs[field_name]][name][$key]}@@@{$postdb[$rs[field_name]][fen][$key]}"; } $postdb[$rs[field_name]] = implode("\n", $_array); } } /*对使用了在线编辑器的字段提交的附件地址作处理*/ foreach ($m_config[is_html] as $key => $value) { $postdb[$key] = str_replace("<img ", "<img onload=\\'if(this.width>600)makesmallpic(this,600,800);\\' ", $postdb[$key]); //图片目录转移 $postdb[$key] = move_attachment($lfjdb[uid], $postdb[$key], "{$form}"); //获取远程图片 $postdb[$key] = get_out_pic($postdb[$key], $GetOutPic); $postdb[$key] = En_TruePath($postdb[$key]); $postdb[$key] = preg_replace('/javascript/i', 'java script', $postdb[$key]); //过滤js代码 $postdb[$key] = preg_replace('/<iframe ([^<>]+)>/i', '<iframe \\1>', $postdb[$key]); //过滤框架代码 } $_array = array_flip($m_config[is_html]); /** *提交的内容如果是复选框,就要做处理,如果不是在线编辑器的,也要做过滤,显然,使用在线编辑器是有危险的 **/ foreach ($postdb as $key => $value) { if (is_array($value)) { $postdb[$key] = implode("/", $value);
$backup->backup(); } if ($_POST["restore_backup"]) { $backup->backup(); if ($backup->restore($_POST["file"])) { $TPL["message_good"][] = "Backup restored successfully: " . $_POST["file"]; $TPL["message_good"][] = "You will now need to manually import the installation/db_triggers.sql file into your database. THIS IS VERY IMPORTANT."; } else { alloc_error("Error restoring backup: " . $_POST["file"]); } } if ($_POST["delete_backup"]) { # Can't go through the normal del_attachments thing because this isn't a real entity $file = $_POST["file"]; if (bad_filename($file)) { alloc_error("File delete error: Name contains slashes."); } $path = ATTACHMENTS_DIR . "backups" . DIRECTORY_SEPARATOR . "0" . DIRECTORY_SEPARATOR . $file; if (!is_file($path)) { alloc_error("File delete error: Not a file."); } if (dirname(ATTACHMENTS_DIR . "backups" . DIRECTORY_SEPARATOR . "0" . DIRECTORY_SEPARATOR . ".") != dirname($path)) { alloc_error("File delete error: Bad path."); } unlink($path); } if ($_POST["save_attachment"]) { move_attachment("backups", 0); } $TPL["main_alloc_title"] = "Database Backups - " . APPLICATION_NAME; include_template("templates/backupM.tpl");