function m__edit()
{
global $c_obj_obj, $l_obj;
//判断操作权限
check_level("C0101");
// 预处理数据
foreach ($_POST as $a => $b) {
$post[$a] = helper::escape($b, 1);
}
//print_r($post);die();
// 验证数据
//if ($post['parent_id'] > 0 && $post['extern_id'] != $c_obj -> categories[$_POST['parent_id']]['extern_id']) die('{"code":"100","msg":"子分类必须保持模型一致"}');
if ($post['cname'] == '') {
die('{"code":"100","msg":"分类名称必须填写"}');
}
if ($post['cname_py'] == '') {
die('{"code":"100","msg":"字母别名必须填写"}');
}
//去掉不需要的参数
unset($post['ad_list']);
// print_r($post);die();
// 添加分类
if ($post['cate_id'] <= '0') {
$has_py = $c_obj_obj->get_cname_py($post['cname_py']);
if ($has_py) {
die('{"code":"100","msg":"字母别名不允许重复"}');
}
// 判断是否可以添加子类
//if ($c_obj -> cate_last($_POST['parent_id']) == 0 && ($_POST['parent_id'] > 0 && $c_obj -> categories[$_POST['parent_id']]['cdata'] > 0)) die('{"code":"100","msg":"分类下有数据,不允许添加子类"}');
// 添加分类
if (isset($post['listvar_copy'])) {
unset($post['listvar_copy']);
}
if (isset($post['index_copy'])) {
unset($post['index_copy']);
}
if (isset($post['content_copy'])) {
unset($post['content_copy']);
}
$res = $c_obj_obj->insert($post);
$c_obj_obj->update_cate();
if ($res > 0) {
$l_obj->insert("类添加成功,分类名为:" . $post['cname']);
die('{"code":"0","msg":"分类添加成功","cid":"' . $res . '"}');
}
die('{"code":"100","msg":"分类添加失败,' . $res . '"}');
} else {
// 修改分类
// 修改分类
$where = "cate_id='" . $post['cate_id'] . "'";
$res = $c_obj_obj->update($post, $where);
// 判断模板应用层数
$c_obj_obj->update_cate();
if ($res) {
$l_obj->insert("修改分类成功,分类ID为:{$post['cate_id']}");
die('{"code":"0","msg":"分类修改成功","cid":"' . $post['cate_id'] . '"}');
}
die('{"code":"100","msg":"分类修改失败"}');
}
}
function m__list()
{
global $dbm, $c, $keywords;
$_GET = helper::sqlxss($_GET);
$_POST = helper::sqlxss($_POST);
$p = isset($_GET['p']) && is_numeric($_GET['p']) ? intval($_GET['p']) : 1;
$params['where'] = ' 1=1';
//设置查询
//从编辑那里传过来的js使用post请求的查询获取数据时的限制查询
if (isset($_POST['keyword_id']) && is_numeric($_POST['keyword_id'])) {
$params['where'] .= " and keyword_id = '" . $_POST['keyword_id'] . "'";
}
//页面搜索框的查询
if (isset($_GET['q']) && !empty($_GET['q'])) {
$params['where'] .= " and keyword like '%" . helper::escape($_GET['q']) . "%' ";
}
if (isset($_GET['qgroup']) && $_GET['qgroup'] !== '') {
$params['where'] .= " and qgroup='{$_GET['qgroup']}' ";
}
$params['table_name'] = TB_PREFIX . "keyword";
$params['count'] = 1;
$params['suffix'] = " order by qorder,keyword_id DESC ";
$params['pagesize'] = PAGESIZE;
$params['suffix'] .= $dbm->get_limit_sql(PAGESIZE, $p);
$keywords = $dbm->single_query($params);
}
function m__edit()
{
global $l_obj, $t_obj;
check_level("H0701");
$post = $_POST;
//处理数据隐藏安全
foreach ($post as $k => $n) {
$post[$k] = urldecode(helper::escape($n));
}
//验证数据合法性
if (!is_numeric($post['keyword_id'])) {
die('{"code":"100","msg":"标签ID必须是数字"}');
}
if (empty($post['keyword'])) {
die('{"code":"100","msg":"标签不能为空"}');
}
if ($post['keyword_id'] > 0) {
// 编辑
$res = $t_obj->update($post, $post['keyword_id']);
if ($res['state'] == 0) {
$l_obj->insert("编辑成功:" . $post['keyword']);
die('{"code":"0","msg":"编辑成功","kid":"' . $post['keyword_id'] . '"}');
}
die('{"code":"240","msg":"编辑失败"}');
} else {
// 添加
$res = $t_obj->insert($post);
if ($res['state'] == 0) {
$l_obj->insert("添加成功:" . $post['keyword']);
die('{"code":"0","msg":"添加成功","kid":"' . $res['msg'] . '"}');
}
die('{"code":"100","msg":"添加失败,"' . $res['msg'] . '}');
}
}
function m__list()
{
global $dbm, $page;
$page = $params = array();
$where = " (1=1) ";
if (isset($_GET['search_txt']) && $_GET['search_txt'] != '') {
$_GET['search_type'] = isset($_GET['search_type']) && $_GET['search_type'] != '' ? $_GET['search_type'] : 'aname';
$field = helper::escape($_GET['search_type']);
$where .= " and({$field} like '%" . helper::escape($_GET['search_txt']) . "%')";
}
$p = isset($_GET['p']) ? $_GET['p'] : 1;
// 判断id是否是数字
if (isset($_POST['admin_id']) && !is_numeric($_POST['admin_id'])) {
$page['admins'] = array();
}
$params['table_name'] = TB_PREFIX . "admin_list";
$params['count'] = 1;
$params['where'] = $where;
$params['suffix'] = " order by reg_date DESC ";
$params['pagesize'] = PAGESIZE;
$params['suffix'] .= $dbm->get_limit_sql(PAGESIZE, $p);
$user = $dbm->single_query($params);
$sql = "select group_id,g_name from " . TB_PREFIX . "admin_group";
$rs = $dbm->query($sql);
for ($i = 0; $i < count($user['list']); $i++) {
for ($j = 0; $j < count($rs['list']); $j++) {
if ($user['list'][$i]['group_id'] == $rs['list'][$j]['group_id']) {
$user['list'][$i]['g_name'] = $rs['list'][$j]['g_name'];
}
}
}
$page['admin_group'] = $rs['list'];
$page['admins'] = $user;
}
function m__edit()
{
global $dbm, $c;
foreach ($_POST as $key => $val) {
$_POST[$key] = helper::escape(urldecode($val));
}
unset($_POST['hashtoken']);
if (!is_numeric($_POST['url_id'])) {
die('{"code":"210","msg":"规则节点ID必须是数字"}');
}
if (empty($_POST['url_title'])) {
die('{"code":"220","msg":"规则节点名称不能为空"}');
}
if (!preg_match('~^[A-Za-z][A-Za-z]*[a-z0-9_]*$~', $_POST['url_title'])) {
die('{"code":"230","msg":"规则节点名称必须以字母开头,只允许字母、下划线"}');
}
if (empty($_POST['url_true'])) {
die('{"code":"230","msg":"动态地址规则不能为空"}');
}
if (empty($_POST['url_rule'])) {
die('{"code":"230","msg":"伪静态地址规则不能为空"}');
}
if ($_POST['url_id'] > 0) {
// 编辑
$where = " url_id='" . $_POST['url_id'] . "'";
unset($_POST['url_id']);
$res = $dbm->single_update(TB_PREFIX . "url_rewrite", $_POST, $where);
// 更新缓存
$c->update_url_config();
$c->update_cate();
// 生成伪静态文件(.htaccess)
htaccess();
iis_httpd_ini();
if (empty($res['error'])) {
die('{"code":"0","msg":"更新规则成功"}');
}
die('{"code":"240","msg":"更新规则失败"}');
} else {
// 添加
// 判断节点是否存在
/**
* $rs=$dbm->query("select * from ".TB_PREFIX . "url_rewrite where url_title='{$_POST['url_title']}'");
* if(count($rs['list'])>0) die('{"code":"100","msg":"'.$_POST['url_title'].'节点名称不能重复"}');
* unset($_POST['url_id']);
* $res = $dbm -> single_insert(TB_PREFIX . "url_rewrite", $_POST);
*/
// 更新缓存
$c->update_url_config();
$c->update_cate();
// 生成伪静态文件(.htaccess)
htaccess();
iis_httpd_ini();
if (empty($res['error']) && $res['autoid'] > 0) {
die('{"code":"0","msg":"添加规则成功"}');
}
die('{"code":"250","msg":"添加规则失败,请核对重试"}');
}
}
function m__list()
{
global $u_obj, $page;
$where = " where 1 = 1 ";
if (isset($_GET['search_txt']) && $_GET['search_txt'] != '') {
$where .= " and g_name like '%" . helper::escape($_GET['search_txt']) . "%'";
}
$p = isset($_GET['p']) ? $_GET['p'] : 1;
$page = $u_obj->get_all($where, $p);
}
function m__save_attr()
{
global $dbm, $c;
$table_name = isset($_GET['table_name']) ? $_GET['table_name'] : '';
$a = $dbm->query("select * from " . TB_PREFIX . "extern_attr where extern_name='{$table_name}'");
if (count($a['list']) < 1) {
die('{"code":1,"msg":"模型不存在"}');
}
$extern = $a['list'][0];
//模型
// 初始化数据
foreach ($_POST as $a => $b) {
$_POST[$a] = helper::escape($b, 1);
$_POST[$a] = preg_replace('~"~', '"', $_POST[$a]);
//$_POST[$a] = helper :: escape_stripslashes($_POST[$a]);
if ($a == 'title' && $b == '') {
die('{"code":1,"msg":"字段文字不能为空"}');
}
if ($a == 'field' && $b == '') {
die('{"code":1,"msg":"字段名称不能为空"}');
}
if ($a == 'field_type' && $b == '') {
die('{"code":1,"msg":"字段类型不能为空"}');
}
if ($a == 'field' && !preg_match('~^[a-z][a-z0-9_]*$~', $b)) {
die('{"code":1,"msg":"字段名称只允许小写字母开头,小写字母数字和下划线"}');
}
}
unset($_POST['hashtoken']);
//字段存入数据库
$sql = "select field_id from " . TB_PREFIX . "extern_fields where extern_id='{$extern['extern_id']}' and field='{$_POST['field']}'";
$fields = $_POST;
$rs = $dbm->query($sql);
//print_r($rs);
if (count($rs['list']) == 0) {
$fields['extern_id'] = $extern['extern_id'];
$fields['extern_name'] = $table_name;
$rs = $dbm->single_insert(TB_PREFIX . "extern_fields", $fields);
if ($rs['error'] == '') {
$c->update_externs();
die('{"code":0,"msg":"新增字段成功"}');
}
} else {
//print_r($fields);die();
$rs = $dbm->single_update(TB_PREFIX . "extern_fields", $fields, " field_id='{$rs['list'][0]['field_id']}'");
if ($rs['error'] == '') {
$c->update_externs();
die('{"code":0,"msg":"修改字段成功"}');
}
}
die('{"code":0,"msg":"操作失败' . $rs['error'] . '"}');
}
function m__menu_save()
{
global $dbm, $c;
$fields = $_POST;
unset($fields['hashtoken']);
if ($fields['menu_name'] == '') {
die('{"code":"1","msg":"菜单名称不能为空"}');
}
$fields['menu_type'] = $fields['wx_menu_type'];
unset($fields['wx_menu_type']);
if ($fields['menu_type'] == 'click') {
$fields['menu_key'] = $fields['menu_key_url'];
$fields['menu_url'] = '';
if ($fields['menu_key'] == '') {
die('{"code":"1","msg":"事件名称不能为空"}');
}
} else {
$fields['menu_url'] = $fields['menu_key_url'];
$fields['menu_key'] = '';
if ($fields['menu_url'] == '') {
die('{"code":"1","msg":"链接地址不能为空"}');
}
}
unset($fields['menu_key_url']);
unset($fields['cate_id']);
foreach ($fields as $k => $v) {
$fields[$k] = helper::escape($v, 1);
}
$where = "menu_id={$fields['menu_id']}";
unset($fields['menu_id']);
if ($_POST['menu_id'] == '0') {
//新增
//die(print_r($fields));
$rs = $dbm->single_insert(TB_PREFIX . "wx_menu", $fields);
if ($rs['error'] == '') {
die('{"code":"0","msg":"新增菜单成功","menu_id":"' . $rs['autoid'] . '"}');
} else {
die('{"code":"1","msg":"新增菜单失败' . $rs['error'] . '","menu_id":"0"}');
}
} else {
//修改
$rs = $dbm->single_update(TB_PREFIX . "wx_menu", $fields, $where);
if ($rs['error'] == '') {
die('{"code":"0","msg":"修改菜单成功","menu_id":"' . $_POST['menu_id'] . '"}');
} else {
die('{"code":"1","msg":"修改菜单失败' . $rs['error'] . '","menu_id":"' . $_POST['menu_id'] . '"}');
}
}
die;
}
function m__list()
{
global $u_obj, $page;
$where = " where 1 = 1 ";
if (isset($_GET['search_txt']) && $_GET['search_txt'] != '' && isset($_GET['search_type'])) {
if ($_GET['search_type'] == 'uname') {
$where .= " and " . $_GET['search_type'] . " = '" . helper::escape($_GET['search_txt']) . "'";
} else {
$where .= " and " . $_GET['search_type'] . " like '%" . helper::escape($_GET['search_txt']) . "%'";
}
}
$p = isset($_GET['p']) ? $_GET['p'] : 1;
$page = $u_obj->get_all($where, $p, 1);
}
function m__edit()
{
global $dbm;
//判断操作权限
check_level("E0301");
$reg = "~^((https|http|ftp|rtsp|mms)?://)~";
$nlink = $_POST;
unset($nlink['hashtoken']);
//处理数据隐藏安全
foreach ($nlink as $k => $n) {
$nlink[$k] = urldecode(helper::escape($n));
}
//验证数据合法性
if (!is_numeric($nlink['nlink_id'])) {
die('{"code":"210","msg":"内链词ID必须是数字"}');
}
if (empty($nlink['nlink_txt'])) {
die('{"code":"220","msg":"内链名称不能为空"}');
}
if (empty($nlink['nlink_url'])) {
die('{"code":"230","msg":"内链地址不能为空"}');
}
if (!preg_match($reg, $nlink['nlink_url'])) {
die('{"code":"230","msg":"链接地址不合法"}');
}
//要入库的数据
$params['nlink_txt'] = $nlink['nlink_txt'];
$params['nlink_url'] = $nlink['nlink_url'];
if ($_POST['nlink_id'] > 0) {
// 编辑
$where = " nlink_id='" . $nlink['nlink_id'] . "'";
$res = $dbm->single_update(TB_PREFIX . "nlink", $params, $where);
if (empty($res['error'])) {
logs("更新内链词成功:" . $params['nlink_txt'] . "=>" . $params['nlink_url']);
die('{"code":"0","msg":"更新内链词成功"}');
}
logs("更新内链词失败:" . $params['nlink_txt'] . "=>" . $params['nlink_url']);
die('{"code":"240","msg":"更新内链词失败"}');
} else {
// 添加友链
$res = $dbm->single_insert(TB_PREFIX . "nlink", $params);
if (empty($res['error']) && $res['autoid'] > 0) {
logs("添加内链词成功:" . $params['nlink_txt'] . "=>" . $params['nlink_url']);
die('{"code":"0","msg":"添加内链词成功"}');
}
logs("添加内链词失败:" . $params['nlink_txt'] . "=>" . $params['nlink_url']);
die('{"code":"250","msg":"添加内链词失败,请核对重试"}');
}
}
/**
* 获取编辑或添加管理组
*/
function m__edit()
{
global $dbm;
check_level("B0101");
$params = array();
foreach ($_POST as $k => $v) {
$_POST[$k] = helper::escape($v, 1);
}
if (!is_numeric($_POST['group_id'])) {
die('{"code":"210","msg":"用户组ID必须是数字"}');
}
// 验证会员信息是否合法
if (empty($_POST['g_name'])) {
die('{"code":"220","msg":"用户组名字不能为空"}');
}
//if(!isset($_POST['g_urank']) || trim($_POST['g_urank']) =='') die('{"code":"230","msg":"用户组权限不能为空"}');
//if (!preg_match('~^[A-Za-z][A-Za-z]*[a-z0-9_]*$~', $_POST['g_name'])) die('{"code":"230","msg":"用户组名必须以字母开头,只允许字母、数字、下划线"}');
$params['g_name'] = $_POST['g_name'];
//$params['g_urank'] = $_POST['g_urank'];
$params['g_remark'] = isset($_POST['g_remark']) && !empty($_POST['g_remark']) ? htmlspecialchars($_POST['g_remark']) : '';
$params['create_time'] = time();
if (intval($_POST['group_id']) > 0) {
$where = " group_id ='" . $_POST['group_id'] . "'";
$res = $dbm->single_update(TB_PREFIX . "admin_group", $params, $where);
if (empty($res['error'])) {
logs("用户组编辑成功,用户组ID为:{$_POST['group_id']}");
die('{"code":"0","msg":"操作成功"}');
}
logs("编辑用户组失败,请核实后再添加,用户组ID为:{$_POST['group_id']}");
die('{"code":"280","msg":"编辑用户组失败,请核实后再添加"}');
} else {
// 添加会员
$where = " g_name='" . $_POST['g_name'] . "'";
$a = $dbm->single_query(array('where' => $where, 'table_name' => TB_PREFIX . "admin_group"));
if (count($a['list']) > 0) {
die('{"code":"260","msg":"用户组名字不能重复"}');
}
$res = $dbm->single_insert(TB_PREFIX . "admin_group", $params);
if ($res['autoid'] > 0) {
logs("添加用户组成功,用户组名字为:{$_POST['g_name']}");
die('{"code":"0","msg":"添加用户组成功"}');
}
logs("添加用户组失败,请核实后再添加,用户组名字为:{$_POST['g_name']}");
die('{"code":"270","msg":"添加用户组失败,请核实后再添加"}');
}
}
function m__edit()
{
global $l_obj, $n_obj, $page;
check_level("D0501");
$reg = "~^((https|http|ftp|rtsp|mms)?://)~";
$nlink = $_POST;
//处理数据隐藏安全
foreach ($nlink as $k => $n) {
$nlink[$k] = urldecode(helper::escape($n));
}
//验证数据合法性
if (!is_numeric($nlink['nlink_id'])) {
die('{"code":"210","msg":"内链词ID必须是数字"}');
}
if (empty($nlink['nlink_txt'])) {
die('{"code":"220","msg":"内链名称不能为空"}');
}
if (empty($nlink['nlink_url'])) {
die('{"code":"230","msg":"内链地址不能为空"}');
}
if (!preg_match($reg, $nlink['nlink_url'])) {
die('{"code":"230","msg":"链接地址不合法"}');
}
//要入库的数据
$params['nlink_txt'] = $nlink['nlink_txt'];
$params['nlink_url'] = $nlink['nlink_url'];
if ($nlink['nlink_id'] > 0) {
// 编辑
$where = " nlink_id='" . $nlink['nlink_id'] . "'";
$res = $n_obj->update($params, $where);
if ($res['state'] == 0) {
$l_obj->insert("更新内链词成功:" . $params['nlink_txt'] . "=>" . $params['nlink_url']);
die('{"code":"0","msg":"更新内链词成功","nid":"' . $nlink['nlink_id'] . '"}');
}
die('{"code":"240","msg":"更新内链词失败"}');
} else {
// 添加内链
$res = $n_obj->insert($params);
if ($res['state'] == 0) {
$l_obj->insert("添加内链词成功:" . $params['nlink_txt'] . "=>" . $params['nlink_url']);
die('{"code":"0","msg":"添加内链词成功","nid":"' . $res['msg'] . '"}');
}
die('{"code":"100","msg":"添加内链词失败,请核对重试"}');
}
}
function m__edit()
{
global $area_obj, $l_obj;
if ($_GET['type'] == 1) {
check_level("H0401");
} else {
check_level("H0501");
}
$area = $_POST;
//处理数据隐藏安全
foreach ($area as $k => $n) {
$area[$k] = urldecode(helper::escape($n));
if ($k == 'area_html') {
$area[$k] = serialize($area[$k]);
}
}
//验证数据合法性
if (!is_numeric($area['area_id'])) {
die('{"code":"100","msg":"位置ID必须是数字"}');
}
if (empty($area['title'])) {
die('{"code":"100","msg":"标题不能为空"}');
}
if ($area['area_id'] > 0) {
// 编辑
$res = $area_obj->update($area, $area['area_id']);
if ($res['state'] == 0) {
$l_obj->insert("编辑成功:" . $area['title']);
die('{"code":"0","msg":"编辑成功","area_id":"' . $area['area_id'] . '"}');
}
die('{"code":"240","msg":"编辑失败"}');
} else {
// 添加内链
$res = $area_obj->insert($area);
if ($res['state'] == 0) {
$l_obj->insert("添加成功:" . $area['title']);
die('{"code":"0","msg":"添加成功","area_id":"' . $res['msg'] . '"}');
}
die('{"code":"100","msg":"添加失败,"' . $res['msg'] . '}');
}
}
public static function sqlxss()
{
//处理$_GET
foreach ($_GET as $k => $v) {
if (is_array($v)) {
foreach ($v as $a => $b) {
if (!is_array($b)) {
$b = helper::escape($b, 1);
$_GET[$k][$a] = htmlspecialchars(trim($b), ENT_QUOTES);
}
}
} else {
$v = helper::escape($v, 1);
$_GET[$k] = htmlspecialchars(trim($v), ENT_QUOTES);
}
}
//处理$_POST
foreach ($_POST as $k => $v) {
if (is_array($v)) {
foreach ($v as $a => $b) {
if (!is_array($b)) {
$b = helper::escape($b, 1);
$_POST[$k][$a] = htmlspecialchars(trim($b), ENT_QUOTES);
}
}
} else {
$v = helper::escape($v, 1);
$_POST[$k] = htmlspecialchars(trim($v), ENT_QUOTES);
}
}
}
public static function sqlxss($input)
{
if (is_array($input)) {
foreach ($input as $k => $v) {
$input[$k] = helper::sqlxss($v);
}
} else {
$input = helper::escape($input, 1);
$input = htmlspecialchars($input, ENT_QUOTES);
}
return $input;
}
function m__edit()
{
global $c_obj, $l_obj;
check_level("C0101");
$post = $_POST;
//处理数据隐藏安全
foreach ($post as $k => $n) {
$post[$k] = urldecode(helper::escape($n));
}
//验证数据合法性
if (!is_numeric($post['cate_id'])) {
die('{"code":"100","msg":"分类ID必须是数字"}');
}
if (empty($post['cname'])) {
die('{"code":"100","msg":"标题不能为空"}');
}
unset($post['ad_list']);
//去广告列表
if ($post['cate_id'] > 0) {
// 编辑
//判断字母别名是否重复
$where_py = " where cname_py = '" . $post['cname_py'] . "' and cate_id != " . $post['cate_id'];
$pinyin = $c_obj->get_all($where_py);
if (!empty($pinyin['list']) || count($pinyin['list']) > 0) {
die('{"code":"100","msg":"字母别名不能重复"}');
}
//处理模板
// 判断模板应用层数
if (isset($post['index_copy'])) {
update_cate_tpl($post['cate_id'], 'index', $post['index_copy'], $post['tpl_index']);
}
if (isset($post['listvar_copy'])) {
update_cate_tpl($post['cate_id'], 'listvar', $post['listvar_copy'], $post['tpl_listvar']);
}
if (isset($post['content_copy'])) {
update_cate_tpl($post['cate_id'], 'content', $post['content_copy'], $post['tpl_content']);
}
if (isset($post['listvar_copy'])) {
unset($post['listvar_copy']);
}
if (isset($post['index_copy'])) {
unset($post['index_copy']);
}
if (isset($post['content_copy'])) {
unset($post['content_copy']);
}
$res = $c_obj->update($post, $post['cate_id']);
if ($res['state'] == 0) {
$l_obj->insert("编辑成功:" . $post['cname']);
$c_obj->update_cate();
die('{"code":"0","msg":"编辑成功","cate_id":"' . $post['cate_id'] . '"}');
}
die('{"code":"240","msg":"编辑失败"}');
} else {
//判断字母别名是否重复
$where_py = " where cname_py = '" . $post['cname_py'] . "'";
$pinyin = $c_obj->get_all($where_py);
if (!empty($pinyin['list']) || count($pinyin['list']) > 0) {
die('{"code":"100","msg":"字母别名不能重复"}');
}
// 添加
if (isset($post['listvar_copy'])) {
unset($post['listvar_copy']);
}
if (isset($post['index_copy'])) {
unset($post['index_copy']);
}
if (isset($post['content_copy'])) {
unset($post['content_copy']);
}
$res = $c_obj->insert($post);
if ($res['state'] == 0) {
$l_obj->insert("添加成功:" . $post['cname']);
$c_obj->update_cate();
die('{"code":"0","msg":"添加成功","cid":"' . $res['msg'] . '"}');
}
die('{"code":"100","msg":"添加失败,"' . $res['msg'] . '}');
}
}
function m__reply()
{
global $dbm, $c;
check_level("E0703");
if (!isset($_POST['comment_id']) || !is_numeric($_POST['comment_id'])) {
die('{"code":"101","msg":"回复评论ID出错"}');
}
if (!isset($_POST['comment']) || trim($_POST['comment']) == '') {
die('{"code":"101","msg":"回复评论不能为空"}');
}
$comment = helper::escape(htmlspecialchars($_POST['comment']), 1);
$comment_id = intval($_POST['comment_id']);
$rs = $dbm->query_update("UPDATE " . TB_PREFIX . "comment SET reply = '{$comment}' WHERE comment_id = '{$comment_id}'");
if ($rs['error'] == '') {
die('{"code":"0","msg":"回复成功"}');
}
die('{"code":"1","msg":"评论失败"}');
}
function m__set_state()
{
global $dbm;
check_level($_GET['table'] . "_03");
$params = array();
foreach ($_GET as $k => $v) {
$_GET[$k] = helper::escape($v, 1);
}
if (isset($_GET['state'])) {
$_GET['state'] = $_GET['state'] == 0 ? 1 : 0;
}
if (!is_numeric($_GET['state'])) {
die('{"code":"210","msg":"状态必须是数字"}');
}
if (!isset($_GET['table']) || empty($_GET['table'])) {
die('{"code":"220","msg":"独立表出错"}');
}
$talbe = $_GET['table'];
$table_name = TB_PREFIX . $talbe;
$params['is_check'] = $_GET['state'];
if (!is_array($_POST['params'])) {
$_POST['params'] = array($_POST['params']);
}
foreach ($_POST['params'] as $kid => $id) {
if (!is_numeric($id)) {
die('{"code":"220","msg":"表ID必须是数字"}');
}
$where = " {$talbe}_id = '" . $id . "'";
$res = $dbm->single_update($table_name, $params, $where);
if (!empty($res['error'])) {
continue;
}
}
$msg = '设置成功';
die('{"code":"0","msg":"' . $msg . '"}');
}
function m__area_edit()
{
global $ad_obj, $l_obj;
check_level("H0303");
$ad_area = $_POST;
//处理数据隐藏安全
foreach ($ad_area as $k => $n) {
$ad_area[$k] = urldecode(helper::escape($n));
}
//验证数据合法性
if (!is_numeric($ad_area['area_id'])) {
die('{"code":"100","msg":"广告位ID必须是数字"}');
}
if (empty($ad_area['area_name'])) {
die('{"code":"0","msg":"广告位名称不能为空"}');
}
//要入库的数据
$params['area_name'] = $ad_area['area_name'];
$params['remark'] = $ad_area['remark'];
$params['area_type'] = $ad_area['area_type'];
if ($ad_area['area_id'] > 0) {
// 编辑
$res = $ad_obj->update_area($params, $ad_area['area_id']);
if ($res['state'] == 0) {
$l_obj->insert("更新广告位成功:" . $params['area_name']);
die('{"code":"0","msg":"更新广告位成功","area_id":"' . $ad_area['area_id'] . '"}');
}
die('{"code":"240","msg":"更新广告位失败"}');
} else {
// 添加内链
$res = $ad_obj->insert_area($params);
if ($res['state'] == 0) {
$l_obj->insert("添加广告位成功:" . $params['area_name']);
die('{"code":"0","msg":"添加广告位成功","area_id":"' . $res['msg'] . '"}');
}
die('{"code":"100","msg":"添加广告位失败,"' . $res['msg'] . '}');
}
}
function m__save_comment()
{
global $dbm, $c;
//判断操作权限
check_level("E0701");
//处理POST数据
foreach ($_POST as $k => $v) {
$v = htmlspecialchars(trim($v));
$_POST[$k] = helper::escape($v, 1);
}
$pl = isset($_POST['pl']) ? $_POST['pl'] : 0;
//是否对前多少n条做出随机评论
$c_path = '..' . $_POST['c_content'];
$c_data = file_get_contents($c_path);
$c_arr = explode('#', $c_data);
//评论数组
$c_arr_count = count($c_arr);
//评论总数
$uname = array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'y', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'Y', 'W', 'X', 'Y', 'Z');
shuffle($uname);
shuffle($c_arr);
if ($pl == 1) {
$info_tl = !empty($_POST['info_tl']) ? $_POST['info_tl'] : 20;
$sql = "SELECT info_id FROM " . TB_PREFIX . "info_list WHERE 'info_state' =0 ORDER BY ' publish_time' LIMIT 0 , " . $info_tl;
} else {
$sql = "SELECT info_id FROM " . TB_PREFIX . "info_list WHERE 'info_state' =0 ORDER BY ' publish_time' LIMIT 0 , " . $c_arr_count;
}
$info_id_arr = $dbm->query($sql);
//文档ID
$count = count($info_id_arr['list']);
if ($pl == 1) {
//根据传入的条件获取文档随机插入评论
foreach ($info_id_arr['list'] as $k => $v) {
//随机ip
$ip = rand(11, 254) . '.' . rand(2, 255) . '.' . rand(2, 255) . '.' . rand(2, 255);
//随机时间
$x = rand(6, 10);
$time = time();
if ($x % 2) {
$time -= rand(1, 30) * 24 * 3600;
} else {
$time += rand(1, 30) * 24 * 3600;
}
//随机名字
$name = '';
for ($i = 0; $i < $x; $i++) {
$name .= $uname[rand(0, 61)];
}
//随机评论
$a = rand(0, $c_arr_count - 1);
$cont = $c_arr[$a];
//开始插入
$fields = array('info_id' => $v['info_id'], 'content' => $cont, 'uname' => $name, 'date_add' => $time, 'ip' => $ip);
$rs = $dbm->single_insert(TB_PREFIX . 'comment', $fields);
if ($rs['autoid'] >= 0) {
//修改评论量
$sql = "UPDATE mcms_info_list SET info_comments = info_comments+1 WHERE info_id =" . $v['info_id'];
$rss = $dbm->query_update($sql);
if ($rss['error'] != '') {
$dbm->query_update("DELETE FROM " . TB_PREFIX . "comment WHERE comment_id=" . $rs['autoid']);
}
}
}
} else {
//随机插入 一条评论插入一次
foreach ($c_arr as $k => $v) {
//随机ip
$ip = rand(11, 254) . '.' . rand(2, 255) . '.' . rand(2, 255) . '.' . rand(2, 255);
//随机时间
$x = rand(6, 10);
$time = time();
if ($x % 2) {
$time -= rand(1, 30) * 24 * 3600;
} else {
$time += rand(1, 30) * 24 * 3600;
}
//随机名字
$name = '';
for ($i = 0; $i < $x; $i++) {
$name .= $uname[rand(0, 61)];
}
//随机文档ID
$a = rand(0, $count - 1);
$id = $info_id_arr['list'][$a]['info_id'];
//开始插入
$fields = array('info_id' => $id, 'content' => $v, 'uname' => $name, 'date_add' => $time, 'ip' => $ip);
$rs = $dbm->single_insert(TB_PREFIX . 'comment', $fields);
if ($rs['autoid'] >= 0) {
//修改评论量
$sql = "UPDATE mcms_info_list SET info_comments = info_comments+1 WHERE info_id =" . $id;
$rss = $dbm->query_update($sql);
if ($rss['error'] != '') {
$dbm->query_update("DELETE FROM " . TB_PREFIX . "comment WHERE comment_id=" . $rs['autoid']);
}
}
}
}
@unlink($c_path);
if ($rs['autoid'] >= 0) {
die('{"code":"1","msg":"评论成功"}');
} else {
die('{"code":"0","msg":"评论失败"}');
}
}
function m__qqbind()
{
global $dbm;
$params = array();
if (isset($_SESSION['uid']) || isset($_SESSION['uname'])) {
act_msg('index.php', "你已经登陆了");
}
if (isset($_SESSION['qq']['openid']) && isset($_GET['act']) && $_GET['act'] == 'bind') {
$_SESSION['qq']['nickname'] = isset($_SESSION['qq']['nickname']) ? helper::escape($_SESSION['qq']['nickname']) : '';
//判断用户名是否存在
$params['uname'] = checkuser($_SESSION['qq']['nickname'], $_SESSION['qq']['nickname']);
$params['upass'] = helper::password_encrypt(substr(uniqid(rand()), -6));
$params['reg_date'] = time();
$params['reg_ip'] = helper::getip();
$params['qqid'] = helper::escape($_SESSION['qq']['openid']);
$res = $dbm->single_insert(TB_PREFIX . "user_list", $params);
//清除QQ登录记录
unset($_SESSION['qq']);
if (empty($res['error']) && $res['autoid'] > 0) {
$_SESSION['uid'] = $res['autoid'];
$_SESSION['uname'] = $params['uname'];
//清除QQ登录记录
act_msg("index.php?tpl=ucenter", "登录成功!");
} else {
act_msg("index.php?tpl=index", "登录失败!");
}
}
//act_msg('index.php?tpl=index', "请登陆QQ再绑定用户");
}
function m__edit()
{
global $c_obj, $i_obj, $l_obj, $r_obj;
check_level("C0201");
$post = $_POST;
// 判断表单
foreach ($post as $k => $v) {
if ($k == 'info_title' && $v == '') {
die('{"code":100,"msg":"请填写标题"}');
}
if ($k == 'last_cate_id' && ($v == '0' || $v == 'undefined')) {
die('{"code":100,"msg":"请选择分类"}');
}
$fields[$k] = helper::escape($v, 1);
if ($k == 'reso') {
$resource = $fields[$k];
unset($fields[$k]);
}
}
if ($fields['info_id'] > 0) {
// 编辑
//如过修改了分类
$info_old = $i_obj->get_all(" where info_id = " . $fields['info_id']);
if (!empty($info_old['list']) && count($info_old['list']) > 0) {
$info_old = $info_old['list'][0];
if ($info_old['last_cate_id'] != $fields['last_cate_id']) {
$categories = $c_obj->cate_father($fields['last_cate_id']);
foreach ($categories as $ckey => $cval) {
$c_obj->update_cdata($cval['cate_id']);
}
$cate_old = $c_obj->cate_father($info_old['last_cate_id']);
foreach ($cate_old as $ckey => $cval) {
$c_obj->update_cdata($cval['cate_id'], "del");
}
}
}
$res = $i_obj->update($fields, $fields['info_id']);
if ($res['state'] == 0) {
$l_obj->insert("更新文档成功:" . $fields['info_title']);
$c_obj->update_cate();
die('{"code":"0","msg":"更新文档成功","info_id":"' . $fields['info_id'] . '"}');
}
die('{"code":"240","msg":"更新文档失败"}');
} else {
$res = $i_obj->insert($fields);
if ($res['state'] == 0) {
$new_id = $res['msg'];
//需要更新分类对应的总算量
$categories = $c_obj->cate_father($fields['last_cate_id']);
foreach ($categories as $ckey => $cval) {
//添加分类关系
$params_r = array('cate_id' => $cval['cate_id'], 'info_id' => $new_id, 'id_create_time' => time());
$r_obj->insert($params_r);
$c_obj->update_cdata($cval['cate_id']);
}
$l_obj->insert("添加文档成功:" . $fields['info_title']);
$c_obj->update_cate();
die('{"code":"0","msg":"添加文档成功:' . $fields['info_title'] . '","info_id":"' . $res['msg'] . '"}');
}
die('{"code":"100","msg":"添加文档失败"}');
}
}
function m__edit_g()
{
global $f_obj, $l_obj;
check_level("E0101");
$group = $_POST;
$reg = "~^((https|http|ftp|rtsp|mms)?://)~";
//处理数据安全隐患
foreach ($group as $k => $f) {
$group[$k] = urldecode(helper::escape($f));
}
//print_r($group);die();
//验证数据合法性
if (!is_numeric($group['flink_group_id'])) {
die('{"code":"210","msg":"链接ID必须是数字"}');
}
if (!is_numeric($group['flink_order'])) {
die('{"code":"210","msg":"排序必须是数字"}');
}
if (empty($group['flink_group_name'])) {
die('{"code":"220","msg":"链接名称不能为空"}');
}
//if (empty($group['flink_group_url'])) die('{"code":"230","msg":"链接地址不能为空"}');
//if (!preg_match($reg, $group['flink_group_url'])) die('{"code":"230","msg":"链接地址不合法"}');
//组合入库数据
$params['flink_order'] = $group['flink_order'];
$params['flink_group_name'] = $group['flink_group_name'];
$params['flink_group_url'] = $group['flink_group_url'];
$params['flink_group_img'] = $group['flink_group_img'];
if ($group['flink_group_id'] > 0) {
// 编辑
$where = " flink_group_id='" . $group['flink_group_id'] . "'";
$res = $f_obj->update_group($params, $where);
if ($res) {
$l_obj->insert("成功编辑了友情链接! 链接名称:" . $params['flink_group_name']);
die('{"code":"0","msg":"更新友情链接成功"}');
}
die('{"code":"240","msg":"编辑友情链接失败"}');
} else {
// 添加友链
$res = $f_obj->insert_group($params);
if ($res > 0) {
$l_obj->insert("成功添加了友情链接!链接名称:" . $params['flink_group_name']);
die('{"code":"0","msg":"添加友情链接成功","flink_id": "' . $res . '"}');
}
die('{"code":"100","msg":"添加友情链接失败,请核对重试"}');
}
}
function m__save_attr()
{
global $m_obj, $l_obj;
check_level("D0303");
$post = $_POST;
$model_id = isset($_GET['mid']) ? $_GET['mid'] : 0;
$where = " where model_id = '" . $model_id . "'";
$model_exist = $m_obj->get_model($where);
if (empty($model_exist['list']) || count($model_exist['list']) < 0) {
die('{"code":100,"msg":"模型不存在"}');
}
$model = $model_exist['list'][0];
//模型
// 初始化数据
foreach ($post as $key => $val) {
$post[$key] = helper::escape($val, 1);
$post[$key] = preg_replace('~"~', '"', $post[$key]);
if ($key == 'title' && $val == '') {
die('{"code":1,"msg":"字段文字不能为空"}');
}
if ($key == 'field' && $val == '') {
die('{"code":1,"msg":"字段名称不能为空"}');
}
if ($key == 'field_type' && $val == '') {
die('{"code":1,"msg":"字段类型不能为空"}');
}
if ($key == 'field' && !preg_match('~^[a-z][a-z0-9_]*$~', $val)) {
die('{"code":1,"msg":"字段名称只允许小写字母开头,小写字母数字和下划线"}');
}
}
//字段存入数据库
$where_field = " where model_id='{$model['model_id']}' and field='{$post['field']}'";
$field = $m_obj->get_model_fields($where_field);
if (empty($field)) {
$post['model_id'] = $model['model_id'];
$post['model_name'] = $model['model_name'];
$res = $m_obj->insert_fields($post);
if ($res > 0) {
//更新表结构
$table_update = $m_obj->update_table($model);
$m_obj->update_models();
$l_obj->insert("类添加成功,字段名为:" . $post['title']);
die('{"code":0,"msg":"新增字段成功"}');
}
} else {
$where = " field_id = " . $field[0]['field_id'];
$res = $m_obj->update_fields($post, $where);
if ($res) {
//更新表结构
$table_update = $m_obj->update_table($model);
$m_obj->update_models();
$l_obj->insert("类添加成功,分类名为:" . $post['title']);
die('{"code":0,"msg":"修改字段成功"}');
}
}
die('{"code":0,"msg":"操作失败"}');
}
/**
* 获取编辑或添加会员
*/
function m__edit()
{
global $dbm;
check_level("E0102");
$params = array();
foreach ($_POST as $k => $v) {
$_POST[$k] = helper::escape($v, 1);
}
if (!is_numeric($_POST['user_id'])) {
die('{"code":"210","msg":"会员UID必须是数字"}');
}
// 验证会员信息是否合法
if (empty($_POST['uname'])) {
die('{"code":"210","msg":"会员名不能为空"}');
}
$rules = "/\\w+([-+.']\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*/";
if (trim($_POST['uemail']) != '' && !preg_match($rules, $_POST['uemail'])) {
die('{"code":"270","msg":"请正确填写邮箱格式!"}');
}
//if (!preg_match('~^[A-Za-z][A-Za-z]*[a-z0-9_]*$~', $_POST['uname'])) die('{"code":"230","msg":"会员名必须以字母开头,只允许字母、数字、下划线"}');
$params['uname'] = $_POST['uname'];
$params['uemail'] = trim($_POST['uemail']);
$params['uphone'] = isset($_POST['uphone']) && trim($_POST['uphone']) != '' ? trim($_POST['uphone']) : '';
$params['uqq'] = isset($_POST['uqq']) && trim($_POST['uqq']) != '' ? trim($_POST['uqq']) : '';
$params['gender'] = intval($_POST['gender']);
$params['reg_ip'] = helper::getip();
$params['reg_date'] = time();
$params['ustate'] = isset($_POST['ustate']) ? intval($_POST['ustate']) : 0;
$params['upoint'] = intval($_POST['upoint']);
if (intval($_POST['user_id']) > 0) {
if (isset($_POST['upass']) && $_POST['upass'] != '') {
if (strlen($_POST['upass']) < 5 || strlen($_POST['upass']) > 20) {
die('{"code":"280","msg":"密码不符合要求,必须5到20字符"}');
}
if ($_POST['upass'] != $_POST['re_pass']) {
die('{"code":"270","msg":"两次密码不一致"}');
}
$params['upass'] = helper::password_encrypt($_POST['upass']);
}
$where = " user_id ='" . $_POST['user_id'] . "'";
$res = $dbm->single_update(TB_PREFIX . "user_list", $params, $where);
if (empty($res['error'])) {
logs("账号编辑成功,账号ID为:{$_POST['user_id']}");
die('{"code":"0","msg":"操作成功"}');
}
logs("编辑账号失败,请核实后再添加,账号ID为:{$_POST['user_id']}");
die('{"code":"280","msg":"编辑账号失败,请核实后再添加"}');
} else {
// 添加会员
$where = " uname='" . $_POST['uname'] . "'";
$a = $dbm->single_query(array('where' => $where, 'table_name' => TB_PREFIX . "user_list"));
if (count($a['list']) > 0) {
die('{"code":"260","msg":"会员名不能重复"}');
}
if (empty($_POST['upass'])) {
die('{"code":"220","msg":"密码不能为空"}');
}
if (strlen($_POST['upass']) < 5) {
die('{"code":"240","msg":"密码过于简单,必须5到20字符"}');
}
if (strlen($_POST['upass']) > 20) {
die('{"code":"250","msg":"密码超出限定的20字符长度,"}');
}
if ($_POST['upass'] != $_POST['re_pass']) {
die('{"code":"270","msg":"两次密码不一致"}');
}
$params['upass'] = helper::password_encrypt($_POST['upass']);
$res = $dbm->single_insert(TB_PREFIX . "user_list", $params);
if ($res['autoid'] > 0) {
logs("添加会员成功,会员ID为:{$_POST['uname']}");
die('{"code":"0","msg":"添加会员成功"}');
}
logs("添加会员失败,请核实后再添加,会员ID为:{$_POST['uname']}");
die('{"code":"270","msg":"添加会员失败,请核实后再添加"}');
}
}
function m__cate_save()
{
global $dbm, $c;
//判断操作权限
check_level("C0401");
// 预处理数据
foreach ($_POST as $a => $b) {
$_POST[$a] = helper::escape($b, 1);
}
//print_r($_POST);die();
// 验证数据
//if ($_POST['parent_id'] > 0 && $_POST['extern_id'] != $c -> categories[$_POST['parent_id']]['extern_id']) die('{"code":"100","msg":"子分类必须保持模型一致"}');
if ($_POST['cname'] == '') {
die('{"code":"100","msg":"分类名称必须填写"}');
}
if ($_POST['cname_py'] == '') {
die('{"code":"100","msg":"字母别名必须填写"}');
}
//去掉不需要的参数
unset($_POST['ad_list']);
unset($_POST['hashtoken']);
// print_r($_POST);die();
// 添加分类
if ($_POST['cate_id'] == '0') {
$has_py = $dbm->scalar("select count(0) as t from " . TB_PREFIX . "category where cname_py='" . $_POST['cname_py'] . "'");
if ($has_py['t'] > 0) {
die('{"code":"100","msg":"字母别名不允许重复"}');
}
// 判断是否可以添加子类
if ($c->cate_last($_POST['parent_id']) == 0 && ($_POST['parent_id'] > 0 && $c->categories[$_POST['parent_id']]['cdata'] > 0)) {
die('{"code":"100","msg":"分类下有数据,不允许添加子类"}');
}
// 添加分类
if (isset($_POST['listvar_copy'])) {
unset($_POST['listvar_copy']);
}
if (isset($_POST['index_copy'])) {
unset($_POST['index_copy']);
}
if (isset($_POST['content_copy'])) {
unset($_POST['content_copy']);
}
$a = $dbm->single_insert(TB_PREFIX . 'category', $_POST);
if ($a['error'] != '') {
die('{"code":"1","msg":"分类添加失败' . $a['error'] . '"}');
}
$c->update_cate();
logs("添加分类成功,分类名称为:{$_POST['cname']}");
die('{"code":"0","msg":"分类添加成功"}');
} else {
// 修改分类
$_cate = $dbm->scalar("select cname_py from " . TB_PREFIX . "category where cate_id='" . $_POST['cate_id'] . "'");
// 如果字母别名发生了变动,则需要判断字母别名是否重复
if ($_cate['cname_py'] != $_POST['cname_py']) {
$has_py = $dbm->scalar("select count(0) as t from " . TB_PREFIX . "category where cname_py='" . $_POST['cname_py'] . "'");
if ($has_py['t'] > 0) {
die('{"code":"100","msg":"字母别名不允许重复"}');
}
}
// 修改分类
$where = "cate_id='" . $_POST['cate_id'] . "'";
$a = $dbm->single_update(TB_PREFIX . 'category', $_POST, $where);
// 判断模板应用层数
if (isset($_POST['index_copy'])) {
update_cate_tpl($_POST['cate_id'], 'index', $_POST['index_copy'], $_POST['tpl_index']);
}
if (isset($_POST['listvar_copy'])) {
update_cate_tpl($_POST['cate_id'], 'listvar', $_POST['listvar_copy'], $_POST['tpl_listvar']);
}
if (isset($_POST['content_copy'])) {
update_cate_tpl($_POST['cate_id'], 'content', $_POST['content_copy'], $_POST['tpl_content']);
}
$c->update_cate();
logs("修改分类成功,分类ID为:{$_POST['cate_id']}");
die('{"code":"0","msg":"分类修改成功"}');
}
}
}
if (strlen($q) > 20) {
die_error('搜索词太长');
}
if (!preg_match("/^[\\x{4e00}-\\x{9fa5}A-Za-z0-9_\\-\\.\\s]+\$/u", $q)) {
die_error($q . ' ===> 搜索词只允许下划线,数字,字母,汉字,横杠和空格,请重新输入');
}
$sql = "SELECT * FROM " . TB_PREFIX . "keyword WHERE keyword = '{$_GET['q']}'";
$res = $dbm->query($sql);
$_SESSION['postdata']['search'] = time();
if (is_array($res['list']) && count($res['list']) > 0) {
$sql = "UPDATE " . TB_PREFIX . "keyword SET qnum = qnum+1 WHERE keyword = '{$_GET['q']}'";
$dbm->query_update($sql);
} else {
$fields = array();
$fields['keyword'] = helper::escape($_GET['q']);
$fields['qnum'] = 1;
$dbm->single_insert(TB_PREFIX . "keyword", $fields);
}
}
//【003-1】判断是否绑定域名,匹配域名对应的分类
foreach ($c->categories as $k => $v) {
if (strstr($v['go_url'], $_SERVER['HTTP_HOST'])) {
if (!isset($_GET['tpl'])) {
$_GET['tpl'] = 'list_info';
$_GET['cid'] = $v['cate_id'];
break;
}
}
}
//【004】处理GET参数