if(empty($dopost)) $dopost=""; if($dopost=="add") { if(ereg("[^0-9a-zA-Z_@!\.-]",$pwd)){ ShowMsg("用户密码不合法!","-1",0,300); exit(); } if(ereg("[^0-9a-zA-Z_@!\.-]",$userid)){ ShowMsg("用户名不合法!","-1",0,300); exit(); } $dsql = new DedeSql(false); $dsql->SetQuery("Select * from `#@__admin` where userid='$userid' Or uname='$uname'"); $dsql->Execute(); $ns = $dsql->GetTotalRow(); if($ns>0){ $dsql->Close(); ShowMsg("用户名或笔名已存在,不允许重复使用!","-1"); exit(); } $ks = Array(); foreach($typeid as $v){ $vs = explode('-',$v); if(isset($vs[1])) $t = $vs[1]; else $t = $vs[0]; if(!isset($ks[$vs[0]])) $ks[$t] = 1; } $typeid = ''; foreach($ks as $k=>$v){ if($k>0) $typeid .=($typeid=='' ? $k : ','.$k);
$dsql->Close(); ShowMsg("新增变量失败,可能有非法字符!","sys_info.php?gp=$vargroup"); exit(); } $configfile = dirname(__FILE__)."/../include/config_hand.php"; $configfile_bak = dirname(__FILE__)."/../include/config_hand_bak.php"; if(!is_writeable($configfile)){ $dsql->Close(); ShowMsg("成功保存变量,但由于 $configfile 无法写入,因此不能更新配置文件!","sys_info.php?gp=$vargroup"); exit(); }else{ $dsql->SetQuery("Select varname,value From #@__sysconfig order by aid asc"); $dsql->Execute(); if($dsql->GetTotalRow()<=0){ $dsql->Close(); ShowMsg("成功保存变量但从数据库读取所有数据时失败,无法更新配置文件!","sys_info.php?gp=$vargroup"); exit(); } copy($configfile,$configfile_bak); $fp = fopen($configfile,"w"); fwrite($fp,"<"."?php\r\n"); while($row = $dsql->GetArray()){ fwrite($fp,"\${$row['varname']} = '".str_replace("'","\\'",$row['value'])."';\r\n"); } fwrite($fp,"?".">"); fclose($fp); $dsql->Close(); ShowMsg("成功保存变量并更新配置文件!","sys_info.php?gp=$vargroup"); exit();
}else if($dopost=="query") //执行SQL语句 { $t1 = ExecTime(); $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) || eregi("drop(.*)database",$sqlquery)){ echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; $dsql->Close(); exit(); } //运行查询语句 if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) echo "运行SQL:{$sqlquery},无返回记录!"; else echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) break; echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v){ if(ereg("[^0-9]",$k)){ echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } } $t2 = ExecTime(); echo "<hr>执行时间:".($t2-$t1);
foreach ($_POST as $k => $v) { if (ereg("^edit___", $k)) { $v = ${$k}; } else { continue; } $k = ereg_replace("^edit___", "", $k); if (strlen($v) > 250) { showmsg("{$k} 太长,不能超过250字节", '-1'); exit; } $savesql->ExecuteNoneQuery("Update #@__config set `config_value`='{$v}' where `config_name`='{$k}' "); } $savesql->SetQuery("Select `config_name`,`config_value` From `#@__config` order by `id` asc"); $savesql->Execute(); if ($savesql->GetTotalRow() <= 0) { $savesql->Close(); ShowMsg("成功保存变量但从数据库读取所有数据时失败,无法更新配置文件!", "javascript:;"); exit; } @copy($configfile, $configfile_bak); $fp = @fopen($configfile, 'w'); @flock($fp, 3); @fwrite($fp, "<" . "?php\r\n") or die("配置文件'{$configfile}'不支持写入,本次操作无效!<a href='system_basic.php'>返回</a>"); while ($row = $savesql->GetArray()) { $row['value'] = str_replace("'", "\\'", $row['config_value']); fwrite($fp, "\${$row['config_name']} = '" . $row['config_value'] . "';\r\n"); } fwrite($fp, "?>"); fclose($fp); $message = "成功修改了系统配置文件config_base.php";
else $condition = ""; $rs = $dsql->ExecuteNoneQuery("Update $exptable set $rpfield=Replace($rpfield,'$rpstring','$tostring') $condition "); $dsql->executenonequery("OPTIMIZE TABLE `$exptable`"); $dsql->Close(); if($rs) ShowMsg("成功完成数据替换!","javascript:;"); else ShowMsg("数据替换失败!","javascript:;"); }else { if(!empty($condition)) $condition = " And $condition "; else $condition = ""; $rpstring = stripslashes($rpstring); $rpstring2 = str_replace("\\","\\\\",$rpstring); $rpstring2 = str_replace("'","\\'",$rpstring2); $dsql->SetQuery("Select $keyfield,$rpfield From $exptable where $rpfield REGEXP '$rpstring2' $condition "); $dsql->Execute(); $tt = $dsql->GetTotalRow(); if($tt==0){ $dsql->Close(); ShowMsg("根据你指定的正则,找不到任何东西!","javascript:;"); exit(); } $oo = 0; while($row = $dsql->GetArray()){ $kid = $row[$keyfield]; $rpf = eregi_replace($rpstring,$tostring,$row[$rpfield]); $rs = $dsql->ExecuteNoneQuery("Update $exptable set $rpfield='$rpf' where $keyfield='$kid' "); if($rs) $oo++; } $dsql->executenonequery("OPTIMIZE TABLE `$exptable`"); $dsql->close; ShowMsg("共找到 $tt 条记录,成功替换了 $oo 条!","javascript:;");
} $titless = split('`',$titles); if($deltype=='delnew') $orderby = " order by ID desc "; else $orderby = " order by ID asc "; $totalarc = 0; foreach($titless as $title){ $title = trim($title); if($title=='') $q1 = "Select ID,title From $maintable where channel='$channelid' and title='' $orderby "; else{ $title = addslashes(urldecode($title)); $q1 = "Select ID,title From $maintable where channel='$channelid' and title='$title' $orderby "; } $dsql->SetQuery($q1); $dsql->Execute(); $rownum = $dsql->GetTotalRow(); if($rownum<2) continue; $i = 1; while($row = $dsql->GetObject()){ $i++; $naid = $row->ID; $ntitle = $row->title; if($i > $rownum){ continue; } $totalarc++; DelArc($naid); } } $dsql->executenonequery("OPTIMIZE TABLE `$maintable`"); $dsql->Close(); ShowMsg("一共删除了[{$totalarc}]篇重复的文档!","javascript:;"); exit();