$clause .= sprintf(" and %s='%s'", $field, $field_val); } else { $clause .= sprintf(" and %s like '%%%s%%'", $field, $field_val); } } if ($ci_u_type > 2 && $proj_data[$p_id][proj_docu_flag]) { $clause .= sprintf(" and cu_id=%s", $ck_u_id); } $sqlstr = "select count(*) total from {$t_name} where {$clause}"; $res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error()); $row = mysql_fetch_array($res); $total_rec = $row[total]; $page_para = "p_id={$p_id}&t_id={$t_id}&field={$field}&field_val={$field_val}&sort_field={$sort_field}&sort_desc={$sort_desc}&poly={$poly}&limit_length={$limit_length}"; genPage($total_rec, $page, $ppage, $_SERVER['PHP_SELF'], $page_para); $sqlstr = "select * from {$t_name} where {$clause} {$sort_clause} limit {$limit_begin}, {$limit_length}"; $res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error()); $doclist = ""; $urlbase = $poly_data[$poly][html_urlbase]; while ($row = mysql_fetch_array($res)) { $url = $row["url_{$poly}"]; $d_id = $row[d_id]; if (substr($urlbase, -1) == "/") { $urlbase = substr($urlbase, 0, -1); } if (substr($url, 0, 1) != "/") { $urlbase .= "/"; } if (strpos($url, "http://") === 0) { $urlbase = ""; } if (urlbase == "") {
<?php require_once "plib/config_inc.php"; $html_charset = HTML_CHARSET; header("Content-type: text/html; charset={$html_charset}"); require_once "plib/head.php"; $cgi = getCGI(); $p_id = $cgi[p_id]; $t_id = $cgi[t_id]; if ($p_id == "" || $t_id == "") { sys_exit("参数错误"); } conProjDB($p_id, $t_id); $i = 0; foreach ($tempdef_data as $kk => $row) { if ($row[t_id] != $t_id) { continue; } if ($row[if_into_db] != "y") { continue; } $sel_list .= "<option value=\"{$row['cname']}\">{$row['cname']}</option>"; } ?> <select name=cond_type> <option value="and">并且 <option value="or">或者 </select>
<?php $g_mysql = mysql_pconnect(DB_HOST, DB_USER, DB_PASS) or sys_exit("无法连接发布系统数据库", mysql_error()); mysql_select_db($db_name, $g_mysql) or exit("can't select database"); $res = mysql_query("set names " . DB_CHARSET, $g_mysql) or sys_exit(mysql_error());
function writeFile($filename, $data) { if (!($fp = fopen($filename, 'w'))) { sys_exit("不能打开文件 {$filename}"); } if (fwrite($fp, $data) === false) { sys_exit("不能写入到文件 {$filename}"); } fclose($fp); }
<?php require_once("plib/head.php"); require_once("plib/priv.php"); $cgi = getCGI(); $p_id = $cgi[p_id]; $t_id = $cgi[t_id]; if($p_id == "" || $t_id == "" ) sys_exit("参数错误"); conProjDB($p_id, $t_id); if($ck_u_type > 2 ) sys_exit("对不起,你没有操作权限", ""); if( check_priv($p_id, $t_id, 0) < 0 ) sys_exit("对不起,你没有操作权限", $error_message); foreach($cgi as $cgi_name=>$cgi_value) { $pos = strpos($cgi_name, "showorder_"); if($pos === 0) { $f_id = substr($cgi_name, strlen("showorder_")); $sqlstr = sprintf("update tempdef set showorder=%s where f_id=%s", $cgi_value, $f_id); $res = mysql_query($sqlstr, $proj_mysql) or exit(mysql_error() . "\n" . $sqlstr); } } printf("<script type=\"text/javascript\"> window.location = 'tempdeflist.php?t_id=%s&p_id=%s' </script>\n", $t_id, $p_id);
$cgi = getCGI(); $p_id = $cgi[p_id]; $t_id = $cgi[t_id]; $d_id = $cgi[d_id]; if ($p_id == "" || $t_id == "" || $d_id == "") { sys_exit("参数错误"); } conProjDB($p_id, $t_id); $p_cname = $proj_data[p_cname]; $t_cname = $temp_data[$t_id][cname]; $t_name = $temp_data[$t_id][t_name]; $nav_str .= " > <a href=templist.php?p_id={$p_id}>{$p_cname}</a> > <a href=doclist.php?p_id={$p_id}&t_id={$t_id} >{$t_cname}</a> > 修改文档({$d_id})"; if ($cgi[edit] != "") { //sys_jmp("doclist.php?p_id=$p_id&t_id=$t_id"); if (check_priv($p_id, $t_id, $d_id) < 0) { sys_exit("对不起,你没有操作权限", $error_message); } upload_pic(); $t_name = $temp_data[$t_id][t_name]; $t_cname = $temp_data[$t_id][cname]; $nav_buf = sprintf("/<a href=\"projlist.php\">网站管理中心</a> > <a href=\"templist.php?p_id=%s\">%s</a> > %s(<a href=\"doclist.php?t_id=%s&p_id=%s\">文档</a>) (<a href=\"temp_edit.php?t_id=%s&p_id=%s\">模板</a>) (<a href=\"tempdeflist.php?t_id=%s&p_id=%s\">模板域</a>) > 更新文档", $p_id, $proj_data[p_cname], $t_cname, $t_id, $p_id, $t_id, $p_id, $t_id, $p_id); print_html("更新文档", $nav_buf); printf("更新数据库记录...."); $sqlstr = sprintf("update %s set savedatetime=now(), mu_id=%s,", $t_name, $ck_u_id); foreach ($cgi as $this_name => $this_value) { if ($this_name == "") { continue; } $pos = strpos($this_name, $pre_field); if ($pos !== 0) { continue;
function get_doc_edit_html($p_id, $t_id, $d_id) { global $proj_mysql; global $poly_data; global $temp_data; global $error_message; $v_html = ""; $poly_html = ""; $form_html = ""; $sqlstr = sprintf("select * from %s where d_id=%s", $temp_data[$t_id][t_name], $d_id); $res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error()); $pdoc = mysql_fetch_array($res, MYSQL_ASSOC); foreach($poly_data as $pm_id=>$row) { $html_urlbase = $row[html_urlbase]; $url_name = sprintf("url_%d", $pm_id); $url = $pdoc[$url_name]; $doc_url = $url; $doc_url1 = $url; $hii = strlen($html_urlbase) - 1; if($html_urlbase{$hii} !='/' && $doc_url{0} !='/' && $doc_url != "") $doc_url = "/$doc_url"; if($html_urlbase{$hii} =='/' && $doc_url{0}=='/' && $doc_url != "") $doc_url = substr($doc_url, 1); if($url != "") { $pos = strrpos($url, "/"); if($pos !== false) $url = substr($url, 0, $pos); } $html_urlbase1=$html_urlbase; if(strpos($doc_url, "http://") === 0) $html_urlbase1 = ""; $url_html .= sprintf( "<table id=url_table width=100%%> <tr> <TD ALIGN=left BGCOLOR=#bfbfbf nowap><a href=\"%s%s\" target=_blank>%s URL:</a></td> <TD ALIGN=left BGCOLOR=#dddddd>%s </td> <TD ALIGN=left BGCOLOR=#dddddd><input type=text name=doc_url_%d size=40 value=%s></td> </tr> </table>", $html_urlbase1, $doc_url, $row[pm_name], $html_urlbase, $pm_id, $doc_url1); } $sqlstr = "select f_name, cname, type, arithmetic, showwidth, showheight, defaultvalue, validate from tempdef where t_id=$t_id and hide='n' and type!='Sql_Result' and type!='PostInPage' and type != 'Php_List' order by showorder, f_id"; $res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error()); while($row = mysql_fetch_array($res, MYSQL_ASSOC)) { $form=fieldIntoForm($row, $pdoc, $html_urlbase1, $url, $p_id, $t_id); if($form == "") { print "[$row[cname]]模板域呈现错误: $error_message"; return; } $form_html .= $form; } $js_code = genJsCode(); $v_html =<<<GHC_OF_END <table id=doc_table border=0 width=100% cellspacing=2 cellpadding=3> $form_html </table> <br> $url_html <script language=javascript> function checkForm() { ret = true; $js_code; return ret; } </script> GHC_OF_END; return $v_html; }
require_once "plib/head.php"; $cgi = getCGI(); if (DB_CHARSET == "gbk") { utf8_gbk($cgi); } $p_id = $cgi[p_id]; $t_id = $cgi[t_id]; if ($p_id == "" || $t_id == "") { print_r($cgi); exit; sys_exit("参数错误"); } conProjDB($p_id, $t_id); if ($cgi[this_t_id] != "") { $sqlstr = "select * from tempdef where t_id={$cgi['this_t_id']} order by showorder asc, f_id asc"; $res = mysql_query($sqlstr, $proj_mysql) or sys_exit($sqlstr . "\n" . mysql_error()); while ($row = mysql_fetch_array($res)) { $f_id = $row[f_id]; $tempdef_data[$f_id] = $row; } } if ($cgi[type] == 'Rel_Select') { $f_ids = $cgi[f_ids]; $this_t_id = $cgi[this_t_id]; if ($this_t_id == "" || $f_ids == "") { exit; } $this_t_cname = sprintf("{%s}", $temp_data[$this_t_id][cname]); $sp = explode(",", $f_ids); if (count($sp) > 1) { $this_f_id0 = $sp[0];
$cgi = getCGI(); $p_id = $cgi[p_id]; $t_id = $cgi[t_id]; if($p_id == "" || $t_id == "") sys_exit("参数错误"); $filename = sprintf("%s/tmp/temp_%s_%s.html", $file_base, $p_id, $t_id); $html = @file_get_contents($filename); conProjDB($p_id, $t_id); if($html == "") { $sqlstr = "select * from temp where t_id=$t_id"; $res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error()); $row = mysql_fetch_array($res); if($row == "") sys_exit("模板不存在", $sqlstr); $html = $row[html_1]; } if($cgi[view] == "") { $html = preg_replace(array("/<body\s*(.*)>/i"), array("<body $1 contentEditable=true>"), $html); } ?> <script type="text/javascript"> document.old_write = document.write; document.old_writeln = document.writeln;
$p_cname = $proj_data[p_cname]; $t_cname = $temp_data[$t_id][cname]; $t_name = $temp_data[$t_id][t_name]; $nav_str .= " > <a href=templist.php?p_id={$p_id}>{$p_cname}</a> > <a href=doclist.php?p_id={$p_id}&t_id={$t_id} >{$t_cname}</a> > 添加文档"; if ($cgi[edit] != "") { if (check_priv($p_id, $t_id, 0) < 0) { sys_exit("对不起,你没有操作权限", $error_message); } upload_pic(); $t_name = $temp_data[$t_id][t_name]; $t_cname = $temp_data[$t_id][cname]; $nav_buf = sprintf("/<a href=\"projlist.php\">网站管理中心</a> > <a href=\"templist.php?p_id=%s\">%s</a> > %s(<a href=\"doclist.php?t_id=%s&p_id=%s\">文档</a>) (<a href=\"temp_edit.php?t_id=%s&p_id=%s\">模板</a>) (<a href=\"tempdeflist.php?t_id=%s&p_id=%s\">模板域</a>) > 添加文档", $p_id, $proj_data[p_cname], $t_cname, $t_id, $p_id, $t_id, $p_id, $t_id, $p_id); print_html("添加文档", $nav_buf); printf("添加数据库记录...."); $sqlstr = sprintf("insert into %s (cu_id, mu_id, createdatetime, savedatetime, published) values(%s, %s, now(), now(), 'n')", $t_name, $ck_u_id, $ck_u_id); $res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统错误,请稍候再试", mysql_error() . "\n" . $sqlstr); $d_id = mysql_insert_id($proj_mysql); $sqlstr = sprintf("update %s set", $t_name); foreach ($poly_data as $pm_id => $this_poly) { $url_radio = $cgi["urlradio_{$pm_id}"]; $outer_url = $cgi["outer_url_{$pm_id}"]; $default_url = $cgi["default_url_{$pm_id}"]; $sqlstr .= sprintf(" url_%d='%s',", $pm_id, $url_radio == "default" ? $default_url : $outer_url); } foreach ($cgi as $this_name => $this_value) { if ($this_name == "" || $this_value == "") { continue; } $mark = sprintf("%spoly_", $pre_field); $pos = strpos($this_name, $mark); if ($pos === 0) {
function gen_global() { global $proj_mysql, $file_base, $db_name, $poly_data; $sqlstr = "select * from global"; $res = mysql_query($sqlstr, $proj_mysql) or sys_exit($sqlstr . "\n" . mysql_error()); $list = ""; while ($row = mysql_fetch_array($res)) { if ($row[type] == 'text') { continue; } $content = addslashes($row[content]); if ($list == "") { $list .= sprintf("'%s':'%s'", $row[name], $content); } else { $list .= sprintf(",\n'%s':'%s'", $row[name], $content); } } $data = <<<END_NAV_OF_GHC var global_data = { {$list} }; function pub_global_vars(global_var_name) { \tdocument.write(global_data[global_var_name]); \treturn true; } END_NAV_OF_GHC; $sqlstr = "select * from polymorphic limit 1 "; $res = mysql_query($sqlstr, $proj_mysql) or sys_exit($sqlstr . "\n" . mysql_error()); $row = mysql_fetch_array($res); $filename = sprintf("%s/pub_global.js", $row[file_path]); $fp = fopen($filename, "w"); if (!$fp) { sys_exit("无法打开文件 {$filename}.", ""); } fwrite($fp, $data); fclose($fp); }
<?php require_once("plib/head.php"); $p_id = $_GET[p_id]; $t_id = $_GET[t_id]; if($p_id == "" || $t_id == "" ) sys_exit("参数错误"); conProjDB($p_id, $t_id); $p_cname = $proj_data[p_cname]; $t_cname = $temp_data[$t_id][cname]; $nav_str .= " > <a href=templist.php?p_id=$p_id>$p_cname</a> > <a href=temp_edit.php?p_id=$p_id&t_id=$t_id >$t_cname</a> > 模板上传"; $mess_str = ""; if( $_FILES['zfile']['name'] != '' ) { $tm = time(); $filepath = $poly_data[1][file_path]; $fname = sprintf("ghc%s.zip", $tm); $filename = $filepath . "/" . $fname; if(move_uploaded_file($_FILES['zfile']['tmp_name'], $filename)) { $cmd = "cd $filepath; unzip -o $fname"; $ret = `$cmd`; $mess_str = "<pre>$cmd\n$ret</pre>\n上传才成功!"; }
$sqlstr .= sprintf(",(%s, %s)", $u_id, $this_p_id); } $i++; } } if ($i > 0 && $allproj == "0") { $res = mysql_query($sqlstr, $pub_mysql) or exit(mysql_error() . "\n" . $sqlstr); } header("Location: userlist.php"); exit; } $sqlstr = sprintf("select name, login, passwd, type, note, allproj from user where id=%s", $u_id); $res = mysql_query($sqlstr, $pub_mysql) or exit(mysql_error() . "\n" . $sqlstr); $row_user = mysql_fetch_array($res, MYSQL_ASSOC); if ($row_user == "") { sys_exit("没有记录", $sqlstr); } /* username = row[0]? row[0]:""; login = row[1]? row[1]:""; passwd = row[2]? row[2]:""; type = row[3]? row[3]:"4"; note = row[4]? row[4]:""; allproj = row[5]?row[5]:"0"; */ $sqlstr = sprintf("select p_id from user_priv where u_id=%s", $u_id); $res = mysql_query($sqlstr, $pub_mysql) or exit(mysql_error() . "\n" . $sqlstr); $user_priv = array(); while ($row = mysql_fetch_array($res)) { $user_priv["{$row['p_id']}"] = 1; }