if(empty($emailfield)) $email = '';
		else $email = addslashes($row[$emailfield]);
		
		if(empty($sexfield)) $sex = '';
		else{
			$sex = $row[$sexfield];
			if($sex==$sexman) $sex = '男';
			else if($sex==$sexwoman) $sex = '女';
			else $sex = '';
		}
		
		$ntime = time();
		$inQuery = "
 	 INSERT INTO #@__member(userid,pwd,uname,sex,birthday,membertype,money,
 	 weight,height,job,province,city,myinfo,tel,oicq,email,homepage,
 	 jointime,joinip,logintime,loginip,showaddr,address) 
   VALUES ('$userid','$pwd','$uname','$sex','0000-00-00','10','0',
   '0','0','','0','0','','','','$email','','$ntime','$loginip','$ntime','','0','');";
   
   $rs = $dsql2->ExecuteNoneQuery($inQuery);
   if($rs) $c++;
   
	}
	$dsql->Close();
	$dsql2->Close();
	ShowMsg("成功导入 ".$c." 条数据!","javascript:;");
	exit();
}

ClearAllLink();
?>
예제 #2
0
if (empty($bcatid)) {
    $bcatid = 0;
}
if (empty($booktype)) {
    $booktype = 0;
}
$addtime = time();
//处理上传的缩略图
if (!isset($isremote)) {
    $isremote = 0;
}
$bigpic = UploadOneImage('imgfile', $imgurl, $isremote);
$adminID = $cuserLogin->getUserID();
//----------------------------------
$inQuery = "\n   UPDATE `#@__story_content` SET `title`='{$title}',`bookname`='{$bookname}',\n   `chapterid`='{$chapterid}',`sortid`='{$sortid}',`bigpic`='{$bigpic}'\n  WHERE id='{$cid}'\n";
if (!$dsql->ExecuteNoneQuery($inQuery)) {
    ShowMsg("把数据保存到数据库时出错,请检查!" . str_repolace("'", "`", $dsql->GetError() . $inQuery), "-1");
    $dsql->Close();
    exit;
}
$arcID = $cid;
//生成HTML
//---------------------------------
//$artUrl = MakeArt($arcID,true);
if (empty($artcontentUrl)) {
    $artcontentUrl = "";
}
if ($artcontentUrl == "") {
    $artcontentUrl = $cfg_mainsite . $cfg_cmspath . "/book/show-photo.php?id={$arcID}&bookid={$bookid}&chapterid={$chapterid}";
}
require_once DEDEROOT . '/book/include/story.view.class.php';
예제 #3
0
	$voteitems = "";
	$j=0;
	for($i=1;$i<=15;$i++)
	{
		if(!empty(${"voteitem".$i})){
			$j++;
			$voteitems .= "<v:note id=\\'$j\\' count=\\'0\\'>".${"voteitem".$i}."</v:note>\r\n";
		}
	}
	$dsql = new DedeSql(false);
	$inQuery = "
	insert into #@__vote(votename,starttime,endtime,totalcount,ismore,votenote) 
	Values('$votename','$starttime','$endtime','0','$ismore','$voteitems');
	";
	$dsql->SetQuery($inQuery);
	if(!$dsql->ExecuteNoneQuery())
	{
		$dsql->Close();
		ShowMsg("增加投票失败,请检查数据是否非法!","-1");
		exit();
	}
	$dsql->Close();
	ShowMsg("成功增加一组投票!","vote_main.php");
	exit();
}
$startDay = time();
$endDay = AddDay($startDay,30);
$startDay = GetDateTimeMk($startDay);
$endDay = GetDateTimeMk($endDay);

require_once(dirname(__FILE__)."/templets/vote_add.htm");
예제 #4
0
	function checkUser($username,$userpwd)
	{
		//只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符
		$this->userName = ereg_replace("[^0-9a-zA-Z_@\!\.-]",'',$username);
		$this->userPwd = ereg_replace("[^0-9a-zA-Z_@\!\.-]",'',$userpwd);
		$pwd = substr(md5($this->userPwd),0,24);
		$dsql = new DedeSql(false);
		$dsql->SetQuery("Select * From #@__admin where userid='".$this->userName."' limit 0,1");
		$dsql->Execute();
		$row = $dsql->GetObject();
		if(!isset($row->pwd)){
			$dsql->Close();
			return -1;
		}
		else if($pwd!=$row->pwd){
			$dsql->Close();
			return -2;
		}
		else{
			$loginip = GetIP();
			$this->userID = $row->ID;
			$this->userType = $row->usertype;
			$this->userChannel = $row->typeid;
			$this->userName = $row->uname;
			$groupSet = $dsql->GetOne("Select * From #@__admintype where rank='".$row->usertype."'");
			$this->userPurview = $groupSet['purviews'];
			$dsql->SetQuery("update #@__admin set loginip='$loginip',logintime='".strftime("%Y-%m-%d %H:%M:%S",time())."' where ID='".$row->ID."'");
			$dsql->ExecuteNoneQuery();
			$dsql->Close();
			return 1;
		}
	}
예제 #5
0
<?php
require(dirname(__FILE__)."/config.php");
CheckPurview('sys_MakeHtml');
$dsql = new DedeSql(false);
$cids = '';
$dsql->SetQuery("Select ID From `#@__channeltype` ");
$dsql->Execute();
while($row = $dsql->GetArray())
{
	$cids .= ($cids=='' ? $row[0] : ','.$row[0]);
}

if($cids!='')
{
  $rs = $dsql->ExecuteNoneQuery("Delete From `#@__arctype` where NOT (channeltype in ($cids));");
  if($rs>0){
  	$dsql->ExecuteNoneQuery("OPTIMIZE TABLE `#@__arctype`;");
  	UpDateCatCache($dsql);
  }

  $rs = $dsql->ExecuteNoneQuery("Delete From `#@__full_search` where  NOT (channeltype in ($cids));");
  if($rs>0) $dsql->ExecuteNoneQuery("OPTIMIZE TABLE `#@__full_search`;");

  $rs = $dsql->ExecuteNoneQuery("Delete From `#@__archives` where  NOT (channel in ($cids));");
  if($rs>0) $dsql->ExecuteNoneQuery("OPTIMIZE TABLE `#@__archives`;");
  
  $rs = $dsql->ExecuteNoneQuery("Delete From `#@__archivesspec` where  NOT (channel in ($cids));");
  if($rs>0) $dsql->ExecuteNoneQuery("OPTIMIZE TABLE `#@__archivesspec`;");

}
예제 #6
0
//--------------------------------------------------------
//签名正确
if ($digest == $signMsg && $mState == 2) {
    $OrderInfo = HexToStr($OrderInfo);
    if ($newmd5info == $myDigest) {
        $dsql = new DedeSql(false);
        //获取订单信息,检查订单的有效性
        $row = $dsql->GetOne("Select state From #@__shops_orders where oid='{$buyid}' ");
        if ($row['state'] > 0) {
            $msg = "付款已经完成!,系统返回信息( {$buyid} ) <br><br> <a href='control.php'>返回主页</a> ";
            ShowMsg($msg, "javascript:;");
            $dsql->Close();
            exit;
        }
        $sql = "UPDATE `#@__shops_orders` SET `state`='1' WHERE `oid`='{$buyid}' AND `userid`='" . $cfg_ml->M_ID . "';";
        if ($dsql->ExecuteNoneQuery($sql)) {
            $dsql->Close();
            ShowMsg("支付成功!", "javascript:;");
            exit;
        } else {
            $dsql->Close();
            ShowMsg("支付失败", "javascript:;");
            exit;
        }
    } else {
        ShowMsg("交易密钥错误,请与管理员联系!", $burl);
        exit;
    }
} else {
    ShowMsg("交易密钥错误,请与管理员联系!", $burl);
    exit;
예제 #7
0
   	  CheckPurview('co_EditNote');
   	  require_once(dirname(__FILE__)."/../include/pub_dedetag.php");
   	  $dtp = new DedeTagParse();
   	  $dbnotes = $notes;
   	  $notes = stripslashes($notes);
      $dtp->LoadString($notes);
   	  if(!is_array($dtp->CTags)){
	      ShowMsg("该规则不合法,无法保存!","-1");
	      $dsql->Close();
	      exit();
      }
      $ctag = $dtp->GetTagByName("item");
	    $query = "
	      Update #@__conote 
	        set typeid='".$ctag->GetAtt('typeid')."',
	        gathername='".$ctag->GetAtt('name')."',
	        language='".$ctag->GetAtt('language')."',
	        lasttime=0,
	        savetime='".time()."',
	        noteinfo='".$dbnotes."'
	      where nid = $nid;
	    ";
	    $dsql = new DedeSql(false);
	    $rs = $dsql->ExecuteNoneQuery($query);
	    $dsql->Close();
	    ShowMsg("成功保存规则!","co_main.php");
	    exit();
}

ClearAllLink();
?>
  function CheckUser($loginuser,$loginpwd)
  {
 		if(!TestStringSafe($loginuser)||!TestStringSafe($loginpwd))
 		{
 			ShowMsg("用户名或密码不合法!","-1");
 			exit();
 		}
 		$loginuser = ereg_replace("[;%'\\\?\*\$]","",$loginuser);
 		$dsql = new DedeSql(false);
 		$row = $dsql->GetOne("Select ID,pwd From #@__member where userid='$loginuser' ");
 		if(is_array($row)) //用户存在
 		{
 		    //密码错误
 		   if($row['pwd'] != $loginpwd){ return -1; }
 		   else{ //成功登录
 		   	 $dsql->ExecuteNoneQuery("update #@__member set logintime='".time()."',loginip='".GetIP()."' where ID='{$row['ID']}';");
 		   	 $dsql->Close();
 		   	 $this->PutLoginInfo($row['ID']);
 		   	 $this->FushCache();
 		     return 1;
 		   }
 	  }else{ //用户不存在
 	  	return 0;
 	  }
  }
예제 #9
0
  $dsql->Close();
  exit();
}
else if($action=='save')
{
	if(!is_array($tasks)){
		ShowMsg("你没选择需要操作的任务!","-1");
	  exit();
	}
	if(empty($rmpwd)){
		ShowMsg("远程管理密码不能为空!","-1");
	  exit();
	}
	if(eregi("[^0-9a-z@!]",$rmpwd)){
		ShowMsg("远程管理密码只能由 a-z 0-9 ! @ # 几种字符组成!","-1");
	  exit();
	}
	if(empty($startid)) $startid = 0;
	if(empty($endid)) $endid = 0;
	if(empty($typeid)) $typeid = 0;
	$dsql->ExecuteNoneQuery("Delete From `#@__task`");
	$taskss = '';
	if(is_array($tasks)) foreach($tasks as $v) $taskss .= ($taskss=='' ? $v : ','.$v);
	$inQuery = "Insert Into `#@__task` ( `id` , `usermtools` , `rmpwd` , `tasks` , `typeid` , `startid` , `endid` , `nodes` , `dotime` , `degree` ) 
                            VALUES ('1','$usermtools','$rmpwd','$taskss','$typeid','$startid','$endid','$nodes','$dotime','$degree' ) ;
  ";
  $dsql->ExecuteNoneQuery($inQuery);
	ShowMsg("成功更新计划任务配置!","makehtml_task.php");
	exit();
}
?>
if($action=='save')
{
  
  if(!isset($fieldtypes[$dtype])){
  	ClearAllLink();
  	ShowMsg("你修改的是系统专用类型的数据,禁止操作!","-1");
  	exit();
  }
  
  //检测数据库是否存在附加表,不存在则新建一个
  $tabsql = "CREATE TABLE IF NOT EXISTS  `{$row['addtable']}`( `aid` int(11) NOT NULL default '0',\r\n `typeid` int(11) NOT NULL default '0',\r\n ";
  if($mysql_version < 4.1)
    $tabsql .= " PRIMARY KEY  (`aid`), KEY `".$trueTable."_index` (`typeid`)\r\n) TYPE=MyISAM; ";
  else
    $tabsql .= " PRIMARY KEY  (`aid`), KEY `".$trueTable."_index` (`typeid`)\r\n) ENGINE=MyISAM DEFAULT CHARSET=".$cfg_db_language."; ";
  $dsql->ExecuteNoneQuery($tabsql);
  
  //检测附加表里含有的字段
	$fields = array();
  $rs = $dsql->SetQuery("show fields from `{$row['addtable']}`");
  $dsql->Execute('a');
  
  while($nrow = $dsql->GetArray('a',MYSQL_ASSOC)){
	  $fields[ strtolower($nrow['Field']) ] = $nrow['Type'];
  }
	
	//修改字段配置信息
	$dfvalue = $vdefault;
	$isnull = ($isnull==1 ? "true" : "false");
	$mxlen = $maxlength;
	$fieldname = strtolower($fname);
function UploadOneImage($upname,$handurl='',$ddisremote=1,$ntitle='')
{
	
	global $cuserLogin,$cfg_basedir,$cfg_image_dir,$dsql,$title;
	if($ntitle!='') $title = $ntitle; 
	$ntime = time();
	$filename = '';
	$isrm_up = false;
	$handurl = trim($handurl);
	//如果用户自行上传了图片
	if(!empty($_FILES[$upname]['tmp_name']) && is_uploaded_file($_FILES[$upname]['tmp_name']))
  {
      $istype = 0;
      $sparr = Array("image/pjpeg","image/jpeg","image/gif","image/png");
      $_FILES[$upname]['type'] = strtolower(trim($_FILES[$upname]['type']));
      if(!in_array($_FILES[$upname]['type'],$sparr)){
		     ShowMsg("上传的图片格式错误,请使用JPEG、GIF、PNG格式的其中一种!","-1");
		     exit();
	    }
      
      
      if(!empty($handurl) && !eregi("^http://",$handurl) && file_exists($cfg_basedir.$handurl) ){
	    	 if(!is_object($dsql)) $dsql = new DedeSql();
         $dsql->ExecuteNoneQuery("Delete From #@__uploads where url like '$handurl' ");
	    	 $fullUrl = eregi_replace("\.([a-z]*)$","",$handurl);
	    }else{
	    	 $savepath = $cfg_image_dir."/".strftime("%Y-%m",$ntime);
         CreateDir($savepath);
         $fullUrl = $savepath."/".strftime("%d",$ntime).dd2char(strftime("%H%M%S",$ntime).'0'.$cuserLogin->getUserID().'0'.mt_rand(1000,9999));
	    }
      
      if(strtolower($_FILES[$upname]['type'])=="image/gif") $fullUrl = $fullUrl.".gif";
      else if(strtolower($_FILES[$upname]['type'])=="image/png") $fullUrl = $fullUrl.".png";
      else $fullUrl = $fullUrl.".jpg";
      
      //保存
      @move_uploaded_file($_FILES[$upname]['tmp_name'],$cfg_basedir.$fullUrl);
	    $filename = $fullUrl;

	    //水印
	    @WaterImg($imgfile,'up');
	    $isrm_up = true;
	    
  }
  //远程或选择本地图片
  else{
	    if($handurl=='') return '';
	    //远程图片并要求本地化
	    if($isremote==1 && eregi("^http://",$handurl)){
	  	   $ddinfos = GetRemoteImage($handurl,$cuserLogin->getUserID());
	  	   if(!is_array($ddinfos)) $litpic = "";
	  	   else $filename = $ddinfos[0];
	  	   $isrm_up = true;
	    //本地图片或远程不要求本地化
	    }else{
	    	$filename = $handurl;
	    }
  }
  $imgfile = $cfg_basedir.$filename;
  if(is_file($imgfile) && $isrm_up && $filename!=''){
		$info = "";
		$imginfos = GetImageSize($imgfile,$info);
		//把新上传的图片信息保存到媒体文档管理档案中
		$inquery = "
        INSERT INTO #@__uploads(title,url,mediatype,width,height,playtime,filesize,uptime,adminid,memberid) 
        VALUES ('$title','$filename','1','".$imginfos[0]."','".$imginfos[1]."','0','".filesize($imgfile)."','".time()."','".$cuserLogin->getUserID()."','0');
    ";
     $dsql = new DedeSql(false);
     $dsql->ExecuteNoneQuery($inquery);
	}
  return $filename;
}
예제 #12
0
    uname = '$uname',
    sex = '$sex',
    mybb = '$mybb',
    spacename = '$spacename',
    news = '$news'
 	  where ID='$ID'";
 	$query2 = "update #@__member_perinfo set
    uname = '$uname',
    sex = '$sex',
    birthday = '$birthday',
    weight = '$weight',
    height = '$height',
    job = '$job',
    province = '$province',
    city = '$city',
    myinfo = '$myinfo',
    oicq = '$oicq',
    tel = '$tel',
    homepage = '$homepage',
    fullinfo = '$fullinfo',
    address = '$address'
 	  where id='$ID'";
	$dsql->ExecuteNoneQuery($query1);
	$dsql->ExecuteNoneQuery($query2);
  $dsql->Close();
  ShowMsg("成功更改会员资料!",$ENV_GOBACK_URL);
  exit();
}

ClearAllLink();
?>
예제 #13
0
<?php 
require_once(dirname(__FILE__)."/config.php");
CheckPurview('sys_SoftConfig');
if(empty($dopost)) $dopost = "";
//保存
$dsql = new DedeSql(false);
$upok = '';
if($dopost=="save")
{
   $query = "UPDATE `#@__softconfig` SET downtype = '$downtype' , showlocal = '$showlocal', 
   gotojump='$gotojump' , ismoresite = '$ismoresite',sites = '$sites'";
   $dsql->SetQuery($query);
   $dsql->ExecuteNoneQuery();
   $upok = "<font color='red'>成功保存更改!</font>";
}
//读取参数
$row = $dsql->GetOne("select * From #@__softconfig");
if(!is_array($row)){
	$dsql->ExecuteNoneQuery("INSERT INTO `#@__softconfig` ( `downtype` , `ismoresite` ,`showlocal` , `gotojump` , `sites` ) VALUES ('0', '0','0' , '0', '');");
	$row['downtype']=1;
	$row['ismoresite']=0;
	$row['sites']="";
	$row['gotojump']=0;
}

require_once(dirname(__FILE__)."/templets/soft_config.htm");

ClearAllLink();
?>
예제 #14
0
	$dsql->Close();
	ShowMsg("操作成功,返回目录...","catalog_main.php");
	exit();
}
else if($dopost=="upRankAll")
{
	//检查权限许可
  CheckPurview('t_Edit');
	$dsql = new DedeSql(false);
	$row = $dsql->GetOne("Select ID From #@__arctype order by ID desc");
	if(is_array($row))
	{
		$maxID = $row['ID'];
		for($i=1;$i<=$maxID;$i++){
			if(isset(${'sortrank'.$i})){
				$dsql->ExecuteNoneQuery("Update #@__arctype set sortrank='".(${'sortrank'.$i})."' where ID='{$i}';");
			}
		}
	}
	$dsql->Close();
	ShowMsg("操作成功,正在返回...","catalog_main.php");
	exit();
}
/*---------------------
获取JS文件
function GetJs
----------------------*/
else if($dopost=="GetJs")
{
	require_once(dirname(__FILE__)."/makehtml_js.php");
	exit();
예제 #15
0
	if(empty($tablename)) echo "没有指定表名!";
	else{
			$dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename);
		$dsql->Execute();
		$row2 = $dsql->GetArray();
		$ctinfo = $row2[1];
		echo "<xmp>".trim($ctinfo)."</xmp>";
	}
	$dsql->Close();
	exit();
}
else if($dopost=="opimize") //优化表
{
	if(empty($tablename)) echo "没有指定表名!";
	else{
	  $dsql->ExecuteNoneQuery("OPTIMIZE TABLE `$tablename` ");
	  $dsql->Close();
	  echo "执行优化表: $tablename  OK!";
	}
	exit();
}else if($dopost=="repair") //修复表
{
	if(empty($tablename)) echo "没有指定表名!";
	else{
	  $rs = $dsql->ExecuteNoneQuery("REPAIR TABLE `$tablename` ");
	  $dsql->Close();
	  echo "修复表: $tablename  OK!";
	}
	exit();
}else if($dopost=="query") //执行SQL语句
{
예제 #16
0
	$dsql->ExecuteNoneQuery("Delete From #@__story_content where chapterid='$cid' ");
	//更新图书记录
	$row = $dsql->GetOne("Select count(id) as dd From #@__story_content where bookid='$bookid' ");
	$dsql->ExecuteNoneQuery("Update #@__story_books set postnum='{$row['dd']}' where id='$bookid' ");
	$dsql->Close();
	ShowMsg("成功删除指定章节!",$ENV_GOBACK_URL);
	exit();
	exit();
}
/*---------------
function EditChapterAll()
批量修改章节
-------------------*/
else if($action=='upChapterSort')
{
	if(isset($ids) && is_array($ids))
	{
		$dsql = new DedeSql();
	  foreach($ids as $cid){
	    $chaptername = ${'chaptername_'.$cid};
	    $chapnum= ${'chapnum_'.$cid};
	    $dsql->ExecuteNoneQuery("Update #@__story_chapter set chaptername='$chaptername',chapnum='$chapnum' where id='$cid' ");
	  }
	  $dsql->Close();
	}
	ShowMsg("成功更新指定章节信息!",$ENV_GOBACK_URL);
	exit();
}

ClearAllLink();
?>
/**
 *  上传一个未经处理的图片
 *
 * @access    public
 * @param     string  $upname 上传框名称
 * @param     string  $handurl 手工填写的网址
 * @param     string  $ddisremote 是否下载远程图片 0 不下, 1 下载
 * @param     string  $ntitle 注解文字 如果表单有 title 字段可不管
 * @return    mixed
 */
function UploadOneImage($upname, $handurl = '', $isremote = 1, $ntitle = '')
{
    global $cuserLogin, $cfg_basedir, $cfg_image_dir, $title, $dsql;
    if ($ntitle != '') {
        $title = $ntitle;
    }
    $ntime = time();
    $filename = '';
    $isrm_up = FALSE;
    $handurl = trim($handurl);
    //如果用户自行上传了图片
    if (!empty($_FILES[$upname]['tmp_name']) && is_uploaded_file($_FILES[$upname]['tmp_name'])) {
        $istype = 0;
        $sparr = array("image/pjpeg", "image/jpeg", "image/gif", "image/png");
        $_FILES[$upname]['type'] = strtolower(trim($_FILES[$upname]['type']));
        if (!in_array($_FILES[$upname]['type'], $sparr)) {
            ShowMsg("上传的图片格式错误,请使用JPEG、GIF、PNG格式的其中一种!", "-1");
            exit;
        }
        if (!empty($handurl) && !preg_match("#^http:\\/\\/#i", $handurl) && file_exists($cfg_basedir . $handurl)) {
            if (!is_object($dsql)) {
                $dsql = new DedeSql();
            }
            $dsql->ExecuteNoneQuery("DELETE FROM `#@__uploads` WHERE url LIKE '{$handurl}' ");
            $fullUrl = preg_replace("#\\.([a-z]*)\$#i", "", $handurl);
        } else {
            $savepath = $cfg_image_dir . '/' . strftime("%Y-%m", $ntime);
            CreateDir($savepath);
            $fullUrl = $savepath . '/' . strftime("%d", $ntime) . dd2char(strftime("%H%M%S", $ntime) . '0' . $cuserLogin->getUserID() . '0' . mt_rand(1000, 9999));
        }
        if (strtolower($_FILES[$upname]['type']) == "image/gif") {
            $fullUrl = $fullUrl . ".gif";
        } else {
            if (strtolower($_FILES[$upname]['type']) == "image/png") {
                $fullUrl = $fullUrl . ".png";
            } else {
                $fullUrl = $fullUrl . ".jpg";
            }
        }
        //保存
        @move_uploaded_file($_FILES[$upname]['tmp_name'], $cfg_basedir . $fullUrl);
        $filename = $fullUrl;
        //水印
        @WaterImg($imgfile, 'up');
        $isrm_up = TRUE;
    } else {
        if ($handurl == '') {
            return '';
        }
        //远程图片并要求本地化
        if ($isremote == 1 && preg_match("#^http:\\/\\/#i", $handurl)) {
            $ddinfos = GetRemoteImage($handurl, $cuserLogin->getUserID());
            if (!is_array($ddinfos)) {
                $litpic = "";
            } else {
                $filename = $ddinfos[0];
            }
            $isrm_up = TRUE;
            //本地图片或远程不要求本地化
        } else {
            $filename = $handurl;
        }
    }
    $imgfile = $cfg_basedir . $filename;
    if (is_file($imgfile) && $isrm_up && $filename != '') {
        $info = "";
        $imginfos = GetImageSize($imgfile, $info);
        //把新上传的图片信息保存到媒体文档管理档案中
        $inquery = "\n        INSERT INTO #@__uploads(title,url,mediatype,width,height,playtime,filesize,uptime,mid)\n        VALUES ('{$title}','{$filename}','1','" . $imginfos[0] . "','" . $imginfos[1] . "','0','" . filesize($imgfile) . "','" . time() . "','" . $cuserLogin->getUserID() . "');\n    ";
        $dsql->ExecuteNoneQuery($inquery);
    }
    return $filename;
}
예제 #18
0
<?php
require_once(dirname(__FILE__)."/config.php");
CheckPurview('member_Pm');
require_once(dirname(__FILE__)."/../include/pub_datalist.php");
require_once(dirname(__FILE__)."/../include/inc_functions.php");
setcookie("ENV_GOBACK_URL",$dedeNowurl,time()+3600,"/");

if(!isset($folder)) $folder = '';
if(!isset($username)) $username = '';
if(!isset($keyword)) $keyword = '';

if(isset($dopost)){
	$ID = ereg_replace("[^0-9]","",$ID);
	if($dopost=="del"&&!empty($ID)){
		$db = new DedeSql(false);
		$db->ExecuteNoneQuery("DELETE FROM #@__pms WHERE pmid='$ID'");
		$db->Close();
	}
}


$whereSql = "WHERE folder='inbox' AND isadmin='0'";
if(!empty($folder)) $whereSql = "WHERE folder='$folder'";
$postuser = "******";
if($folder=="inbox"||$folder=='') $postuser = "******";

if(!empty($keyword)) $whereSql .= " AND (subject like '%".$keyword."%' OR message like '%".$keyword."%')";

if(!empty($username)) $whereSql .= " AND msgfrom like '%".$username."%'";

function  GetFolders($me){
예제 #19
0
$v_md5str = trim($_POST['v_md5str']);
$md5string = strtoupper(md5($v_oid . $v_pstatus . $v_amount . $v_moneytype . $key));
//拼凑加密串
if ($v_md5str == $md5string) {
    if ($v_pstatus == "20") {
        $dsql = new DedeSql(false);
        $buyid = $v_oid;
        //获取订单信息,检查订单的有效性
        $row = $dsql->GetOne("Select * From #@__member_operation where buyid='{$buyid}' ");
        if (!is_array($row) || $row['sta'] == 2) {
            $oldinfo = $row['oldinfo'];
        }
        $mid = $row['mid'];
        $pid = $row['pid'];
        //更新交易状态为已付款
        $dsql->ExecuteNoneQuery("Update #@__member_operation set sta=1 where buyid='{$buyid}' ");
        //-------------------------------------------
        //会员产品
        //-------------------------------------------
        if ($row['product'] == 'member') {
            $row = $dsql->GetOne(" Select rank,exptime From #@__member_type where aid='{$row['pid']}' ");
            $rank = $row['rank'];
            $exptime = $row['exptime'];
            $equery = " Update #@__member set \r\n\t\t\t\t\t\t\t\t\tmembertype='{$rank}',exptime='{$exptime}',uptime='" . time() . "' where mid='{$mid}' ";
            $dsql->ExecuteNoneQuery($equery);
            //更新交易状态为已关闭
            $dsql->ExecuteNoneQuery(" Update #@__member_operation set sta=2,oldinfo='会员升级成功!' where buyid='{$buyid}' ");
            $cfg_ml->FushCache();
            $dsql->Close();
        } else {
            if ($row['product'] == 'card') {
	$attlist .= " type='";
	foreach($types as $v) $attlist .= $v.'.';
	$attlist .= "'";
}
$innertext = stripslashes($innertext);
if($keyword!="") $attlist .= " keyword='$keyword'";
$fulltag = "{dede:arclist$attlist}
$innertext
{/dede:arclist}\r\n";

if($dopost=='savetag')
{
	$dsql = new DedeSql(false);
	$fulltag = addslashes($fulltag);
	$tagname = "auto";
	$inQuery = "
	 Insert Into #@__mytag(typeid,tagname,timeset,starttime,endtime,normbody,expbody)
	 Values('0','$tagname','0','0','0','$fulltag','');
	";
	$dsql->ExecuteNoneQuery($inQuery);
	$id = $dsql->GetLastID();
	$dsql->ExecuteNoneQuery("Update #@__mytag set tagname='{$tagname}_{$id}' where aid='$id'");
	$dsql->Close();
	$fulltag = "{dede:mytag name='{$tagname}_{$id}' ismake='yes'/}";
}

require_once(dirname(__FILE__)."/templets/mytag_tag_guide_ok.htm");


ClearAllLink();
?>
iscommend='$iscommend',
click='$click',
freenum='$freenum',
bookname='$bookname',
author='$author',
litpic='$litpic',
pubdate='$pubdate',
description='$description',
body='$body',
keywords='$keywords',
status='$status',
ischeck='$ischeck'
where id='$bookid' ";


if(!$dsql->ExecuteNoneQuery($upQuery)){
	ShowMsg("更新数据库时出错,请检查!".$dsql->GetError(),"-1");
	$dsql->Close();
	exit();
}

$dsql->Close();

//生成HTML
//---------------------------------

require_once(dirname(__FILE__).'/../../include/inc_arcbook_view.php');
$bv = new BookView($bookid,'book');
$artUrl = $bv->MakeHtml();
$bv->Close();
예제 #22
0
if($dopost=="clear"){
	$dsql = new DedeSql(false);
	$dsql->ExecuteNoneQuery("Delete From #@__log");
	$dsql->Close();
	ShowMsg("成功清空所有日志!","log_list.php");
	exit();
}
else if($dopost=="del")
{
	isset($_COOKIE['ENV_GOBACK_URL']) ? $bkurl =$_COOKIE['ENV_GOBACK_URL'] : $baurl="log_list.php";
	$ids = explode('`',$ids);
	$dquery = "";
	foreach($ids as $id){
		if($dquery=="") $dquery .= " lid='$id' ";
		else $dquery .= " Or lid='$id' ";
	}
	if($dquery!="") $dquery = " where ".$dquery;
	$dsql = new DedeSql(false);
	$dsql->ExecuteNoneQuery("Delete From #@__log $dquery");
	$dsql->Close();
	ShowMsg("成功删除指定的日志!",$bkurl);
	exit();
}
else{
	ShowMsg("无法识别你的请求!","javascript:;");
	exit();
}

ClearAllLink();
?>
예제 #23
0
	if($dd=="yes")
	{
			copy($fullfilename,$full_litfilename);
			if(in_array($imgfile_type,$cfg_photo_typenames)) ImageResize($full_litfilename,$w,$h);
			$urlValue = $bfilename;
			$imgsrcValue = $litfilename;
			$info = "";
			$sizes = getimagesize($full_litfilename,$info);
			$imgwidthValue = $sizes[0];
	    $imgheightValue = $sizes[1];
	    $imgsize = filesize($full_litfilename);
	    $inquery = "
       INSERT INTO #@__uploads(title,url,mediatype,width,height,playtime,filesize,uptime,adminid,memberid)
       VALUES ('小图{$dblitfile}','$imgsrcValue','1','$imgwidthValue','$imgheightValue','0','{$imgsize}','{$nowtme}','".$cuserLogin->getUserID()."','0');
     ";
     $dsql->ExecuteNoneQuery($inquery);
	}else{
		$imgsrcValue = $bfilename;
		$urlValue = $bfilename;
		$info = "";
		$sizes = getimagesize($fullfilename,$info);
		$imgwidthValue = $sizes[0];
	  $imgheightValue = $sizes[1];
	  $imgsize = filesize($fullfilename);
	}
	$info = '';
	$bsizes = getimagesize($fullfilename,$info);
  $bimgwidthValue = $bsizes[0];
	$bimgheightValue = $bsizes[1];
	$bimgsize = filesize($fullfilename);
	$inquery = "
	if($oldfilename!=$filename)
	{
		$oldfilename = $cfg_basedir.$cfg_cmspath."/".$oldfilename;
		if(is_file($oldfilename)) unlink($oldfilename);
	}
	$inQuery = "
	 update #@__sgpage set
	 title='$title',
	 ismake='$ismake',
	 filename='$filename',
	 uptime='$uptime',
	 body='$body'
	 where aid='$aid';
	";
	$dsql->SetQuery($inQuery);
	if(!$dsql->ExecuteNoneQuery())
	{
		$dsql->Close();
		ShowMsg("更新页面数据时失败,请检查长相是否有问题!","-1");
	  exit();
	}
	$dsql->Close();
	$filename = $cfg_basedir.$cfg_cmspath."/".$filename;
	if($ismake==1){
	  $pv = new PartView();
    $pv->SetTemplet(stripslashes($body),"string");
    $pv->SaveToHtml($filename);
    $pv->Close();
  }
  else{
  	$fp = fopen($filename,"w") or die("创建:{$filename} 失败,可能是没有权限!");
//$bigpic = UploadOneImage('bigpic',$bigpicname,$ddisremote);

$adminID = $cuserLogin->getUserID();

$postnum = 0;
for($i=1;$i<=$photonum;$i++)
{
  $bigpic = UploadOneImage('imgfile'.$i,${'imgurl'.$i},$isremote);
  if($bigpic!=''){
     $titlen = ${'title'.$i};
     if(empty($titlen)) $titlen = ${'title'};
     $inQuery = "
       INSERT INTO `#@__story_content`(`title`,`bookname`,`chapterid`,`catid`,`bcatid`,`booktype`,`bookid`,`sortid`,
      `memberid`,`bigpic`,`body`,`addtime`,`adminid` )
     VALUES ('$titlen','$bookname', '$chapterid', '$catid','$bcatid','$booktype', '$bookid','$sortid', '0', '$bigpic' , '', '$addtime','$adminID');";
     $rs = $dsql->ExecuteNoneQuery($inQuery);
     //if(!$rs) echo $inQuery."<hr>\r\n";
     if($rs){
     	 $sortid++;
     	 $postnum++;
     }
   }
}

$arcID = $dsql->GetLastID();


//更新图书的内容数
$row = $dsql->GetOne("Select count(id) as dd From #@__story_content  where bookid = '$bookid' ");
$dsql->ExecuteNoneQuery("Update #@__story_books set postnum='{$row['dd']}',lastpost='".time()."' where id='$bookid' ");
//更新章节的内容数
     echo "配置文件'{$configfile}'不支持写入,严禁修改系统配置参数!";
     exit;
 }
 $savesql = new DedeSql(false);
 foreach ($_POST as $k => $v) {
     if (ereg("^edit___", $k)) {
         $v = ${$k};
     } else {
         continue;
     }
     $k = ereg_replace("^edit___", "", $k);
     if (strlen($v) > 250) {
         showmsg("{$k} 太长,不能超过250字节", '-1');
         exit;
     }
     $savesql->ExecuteNoneQuery("Update #@__config set `config_value`='{$v}' where `config_name`='{$k}' ");
 }
 $savesql->SetQuery("Select `config_name`,`config_value` From `#@__config` order by `id` asc");
 $savesql->Execute();
 if ($savesql->GetTotalRow() <= 0) {
     $savesql->Close();
     ShowMsg("成功保存变量但从数据库读取所有数据时失败,无法更新配置文件!", "javascript:;");
     exit;
 }
 @copy($configfile, $configfile_bak);
 $fp = @fopen($configfile, 'w');
 @flock($fp, 3);
 @fwrite($fp, "<" . "?php\r\n") or die("配置文件'{$configfile}'不支持写入,本次操作无效!<a href='system_basic.php'>返回</a>");
 while ($row = $savesql->GetArray()) {
     $row['value'] = str_replace("'", "\\'", $row['config_value']);
     fwrite($fp, "\${$row['config_name']} = '" . $row['config_value'] . "';\r\n");
<?php 
require_once(dirname(__FILE__)."/config.php");
empty($_COOKIE['ENV_GOBACK_URL']) ? $ENV_GOBACK_URL = "-1" : $ENV_GOBACK_URL=$_COOKIE['ENV_GOBACK_URL'];
CheckPurview('sys_Keyword');
$keyword = trim($keyword);
$rank = ereg_replace("[^0-9]","",$rank);
if(ereg(" ",$keyword)||$keyword=="")
{
	ShowMsg("关键字不能带有空格或为空!",-1);
	exit();
}
$dsql = new DedeSql(false);
$row = $dsql->GetOne("Select * From #@__keywords where keyword like '$keyword'");
if(is_array($row))
{
	$dsql->Close();
	ShowMsg("关键字已存在库中!","-1");
	exit();
}
$inquery = "
INSERT INTO #@__keywords(keyword,rank,sta,rpurl) VALUES ('$keyword','$rank','1','$rpurl');
";
$dsql->SetQuery($inquery);
$dsql->ExecuteNoneQuery();
ClearAllLink();
ShowMsg("成功增加一个关键字!",$ENV_GOBACK_URL);
?>
			$addquery = '';
		}
		$fquery = "Select aid,$rpfield From $addtable $addquery $limitSql ;";

		$dsql->SetQuery($fquery);
		$dsql->Execute();
		while($row=$dsql->GetArray())
		{
			$tjnum++;
			$body = $row[$rpfield];
			$aid = $row['aid'];
			if(strlen($body) < $cfg_arcautosp_size*1024) continue;
			if(!preg_match("/#p#/iU",$body)){
				$body = SpLongBody($body,$cfg_arcautosp_size*1024,"#p#分页标题#e#");
				$body = addslashes($body);
				$dsql->ExecuteNoneQuery("Update $addtable set $rpfield='$body' where aid='$aid' ; ");
			}
		}
	}//end if limit

	//返回进度提示
	if($totalnum>0) $tjlen = ceil( ($tjnum/$totalnum) * 100 );
	else $tjlen=100;

	$dvlen = $tjlen * 2;

	$tjsta = "<div style='width:200;height:15;border:1px solid #898989;text-align:left'><div style='width:$dvlen;height:15;background-color:#829D83'></div></div>";
	$tjsta .= "<br/>完成处理文档总数的:$tjlen %,继续执行任务...";

	if($tjnum < $totalnum)
	{
	      From $maintable maintable left join {$addtable} addtable on addtable.aid=maintable.ID
	      where maintable.channel='{$channel}' $addquery limit $startdd,$pagesize ;
	    ";

	    $dsql->SetQuery($fquery);
	    $dsql->Execute();
	    while($row=$dsql->GetArray())
	    {
		     $body = $row['body'];
		     $description = $row['description'];
		     if(strlen($description)>10 || $description=='-') continue;
		     $bodytext = preg_replace("/#p#|#e#|副标题|分页标题/isU","",Html2Text($body));
		     if(strlen($bodytext) < $msize) continue;
		     $des = trim(addslashes(cn_substr($bodytext,$dsize)));
		     if(strlen($des)<3) $des = "-";
		     $dsql->ExecuteNoneQuery("Update $maintable set description='{$des}' where ID='{$row['ID']}';");
		     $dsql->ExecuteNoneQuery("Update #@__full_search set addinfos='{$des}' where aid='{$row['ID']}';");
	    }
	    //返回进度信息
	    $startdd = $startdd + $pagesize;
	    if($totalnum > $startdd){
	      	$tjlen = ceil( ($startdd/$totalnum) * 100 );
			$dvlen = $tjlen * 2;
			$tjsta = "<div style='width:200;height:15;border:1px solid #898989;text-align:left'><div style='width:$dvlen;height:15;background-color:#829D83'></div></div>";
			$tjsta .= "<br/>完成处理文档总数的:$tjlen %,继续执行任务...";
			$nurl = "description_fetch_action.php?action=fetch&totalnum=$totalnum&startdd={$startdd}&pagesize=$pagesize&channel={$channel}&rpfield={$rpfield}&dsize={$dsize}&msize={$msize}&sid={$sid}&eid=$eid&addtable=".urlencode($addtable);
			$dsql->Close();
			ShowMsg($tjsta,$nurl,0,500);
			exit();
	    }else{
	    	$tjlen=100;
예제 #30
0
	include(dirname(__FILE__)."/templets/area.htm");
/*
function add()
*/
}elseif($action == 'add')
{
	$name = trim($name);
	if($name == '' ) {
		ShowMsg('地区名称不能为空,将返回地区管理页面','area.php');
		exit;
	}
	$reid = intval($reid);
	$reid = max(0, $reid);
	$sql = "insert into #@__area (name, reid) values ('$name', $reid);";
	$db->SetQuery($sql);
	if($db->ExecuteNoneQuery())
	{
		ShowMsg('添加地区成功,将返回地区管理页面','area.php');
	}else
	{
		ShowMsg('更新地区失败,将返回地区管理页面','area.php');
	}
/*
function edit()
*/
}elseif($action == 'edit')
{
	if(empty($step)){
		$sectorscache = '<option value="0">无(作为一级地区)</option>';
		$sql = "select * from #@__area where id=$id";
		$db->SetQuery($sql);