$smarty->assign("data", $article); $smarty->assign("catalog", $column); $smarty->assign("flow_basedir", $cfg['flow_basedir']); $smarty->assign("cmd", "article_add"); $smarty->display("article_edit.html"); } else { if ($step == "2") { if (!isset($_POST['heading']) || strlen(trim($_POST['heading'])) == 0) { alert("必须有文章标题"); exit; } $sql = "select * from {$tbl_article} where 0"; if ($_POST['id'] == 0) { $_POST['id'] = NULL; } $_POST['ownerid'] = GetUid(); $_POST['dt'] = $_POST['date']; $rs = $db->Execute($sql); $sql = $db->GetInsertSQL($rs, $_POST); if (!$sql) { alert("文章添加失败!"); exit; } if ($db->Execute($sql)) { alert("文章添加成功!"); } else { alert("文章添加失败!"); exit; } frame_redirection("mainFrame", "control.php?act=browse_catalog&catalog_id=" . $_GET['catalog_id']); }
break; case "user_manage": if (isset($_GET['cmd'])) { $cmd = $_GET['cmd']; } else { if (isset($_POST['cmd'])) { $cmd = $_POST['cmd']; } else { $cmd = "list"; } } if (!($cmd == "edit" && !isset($_GET['uid']) && !isset($_POST['id']))) { if (!checkpower(-1, GetUid(), 8)) { alert("没有权限进行此操作"); exit; } } break; case "group_manage": if (!checkpower(-1, GetUid(), 6)) { alert("没有权限进行此操作"); exit; } break; case "privilege_manage": if (!checkpower(-1, GetUid(), 12)) { alert("没有权限进行此操作"); exit; } break; }
init_adodb(); init_smarty(); global $smarty, $cfg, $db; $tbl_article = $cfg['tbl_article']; if (!isset($_POST['postflag'])) { $sql = "select id,heading,score,editor from {$tbl_article} where id = " . intval($_GET['article_id']); $arr = $db->GetRow($sql); $arr['heading'] = Charset::convert($arr['heading'], "gbk", "utf8"); $arr['editor'] = Charset::convert($arr['editor'], "gbk", "utf8"); $smarty->assign("article", $arr); $smarty->display("givescore.html"); } else { $privileges_check = "givescore"; $sql = "select catalog from {$tbl_article} where id = " . intval($_POST['article_id']); $catalog_id = $db->GetOne($sql); if (!checkpower($catalog_id, GetUid(), 3)) { echo intval($_POST['fscore']); exit; } else { $sql = "update {$tbl_article} set score = " . intval($_POST['score']) . " where id = " . intval($_POST['article_id']) . " limit 1"; if ($db->Execute($sql)) { echo intval($_POST['score']); } else { echo intval($_POST['fscore']); } } } function GetFatherCatalog($id) { global $cfg; global $db;
<?php define('in_flow', true); @(include_once '../inc/global.inc.php'); if (!GetUid()) { exit; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN"> <HTML><HEAD><TITLE>知水内容管理系统 1.0</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <SCRIPT type=text/javascript> var expire = new Date(); expire.setTime(expire.getTime() + 24 * 3600 * 1000); expire = expire.toGMTString(); document.cookie = 'wes_w=' + screen.width + ';expires=' + expire; document.cookie = 'wes_h=' + screen.height + ';expires=' + expire; </SCRIPT> <META content="MSHTML 6.00.2900.2180" name=GENERATOR> </HEAD> <FRAMESET border=0 frameSpacing=0 rows=115,* frameBorder=no> <FRAME name=topFrame src="title.html" noResize scrolling=no> <FRAMESET name=mainframeset frameBorder=0 cols=200,10,*> <FRAME border=0 name=leftFrame src="tree.html" frameBorder=0 scrolling=auto> <FRAME name=showhide src="go_left.html" frameBorder=0 noResize scrolling=no> <FRAME name=mainFrame src="control.php" frameBorder=no scrolling=auto> </FRAMESET> </FRAMESET> <noframes> </noframes> </HTML>
$co++; } $smarty->assign("pagecount", $users_pages); $smarty->assign("pagenum", $page); $smarty->assign("users_count", $users_count); $smarty->assign("users", $users); $smarty->display("user_list.html"); } else { if ($cmd == "edit") { if (isset($_GET['uid'])) { $uid = $_GET['uid']; } else { if (isset($_POST['id'])) { $uid = $_POST['id']; } else { $uid = GetUid(); } } if (empty($_POST['postflag'])) { $sql = "select * from {$tbl_user} where id = {$uid}"; $data = $db->GetRow($sql); $smarty->assign("data", $data); $smarty->assign("cmd", "edit"); $smarty->display("user_edit.html"); } else { if ($_POST['password'] != $_POST['password1']) { alert("密码不一致!"); exit; } if (strlen(trim($_POST['password'])) == 0) { unset($_POST['password']);
function GetUserName() { global $cfg; global $db; $tbl_user = $cfg['tbl_user']; $uid = GetUid(); $sql = "select name from {$tbl_user} where id = {$uid}"; $name = $db->GetOne($sql); if (!$name) { $name = "±¾Õ¾±à¼"; } return $name; }