$clause .= sprintf(" and %s='%s'", $field, $field_val);
} else {
$clause .= sprintf(" and %s like '%%%s%%'", $field, $field_val);
}
}
if ($ci_u_type > 2 && $proj_data[$p_id][proj_docu_flag]) {
$clause .= sprintf(" and cu_id=%s", $ck_u_id);
}
$sqlstr = "select count(*) total from {$t_name} where {$clause}";
$res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error());
$row = mysql_fetch_array($res);
$total_rec = $row[total];
$page_para = "p_id={$p_id}&t_id={$t_id}&field={$field}&field_val={$field_val}&sort_field={$sort_field}&sort_desc={$sort_desc}&poly={$poly}&limit_length={$limit_length}";
genPage($total_rec, $page, $ppage, $_SERVER['PHP_SELF'], $page_para);
$sqlstr = "select * from {$t_name} where {$clause} {$sort_clause} limit {$limit_begin}, {$limit_length}";
$res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error());
$doclist = "";
$urlbase = $poly_data[$poly][html_urlbase];
while ($row = mysql_fetch_array($res)) {
$url = $row["url_{$poly}"];
$d_id = $row[d_id];
if (substr($urlbase, -1) == "/") {
$urlbase = substr($urlbase, 0, -1);
}
if (substr($url, 0, 1) != "/") {
$urlbase .= "/";
}
if (strpos($url, "http://") === 0) {
$urlbase = "";
}
if (urlbase == "") {
<?php
require_once "plib/config_inc.php";
$html_charset = HTML_CHARSET;
header("Content-type: text/html; charset={$html_charset}");
require_once "plib/head.php";
$cgi = getCGI();
$p_id = $cgi[p_id];
$t_id = $cgi[t_id];
if ($p_id == "" || $t_id == "") {
sys_exit("参数错误");
}
conProjDB($p_id, $t_id);
$i = 0;
foreach ($tempdef_data as $kk => $row) {
if ($row[t_id] != $t_id) {
continue;
}
if ($row[if_into_db] != "y") {
continue;
}
$sel_list .= "<option value=\"{$row['cname']}\">{$row['cname']}</option>";
}
?>
<select name=cond_type>
<option value="and">并且
<option value="or">或者
</select>
<?php
$g_mysql = mysql_pconnect(DB_HOST, DB_USER, DB_PASS) or sys_exit("无法连接发布系统数据库", mysql_error());
mysql_select_db($db_name, $g_mysql) or exit("can't select database");
$res = mysql_query("set names " . DB_CHARSET, $g_mysql) or sys_exit(mysql_error());
function writeFile($filename, $data)
{
if (!($fp = fopen($filename, 'w'))) {
sys_exit("不能打开文件 {$filename}");
}
if (fwrite($fp, $data) === false) {
sys_exit("不能写入到文件 {$filename}");
}
fclose($fp);
}
<?php
require_once("plib/head.php");
require_once("plib/priv.php");
$cgi = getCGI();
$p_id = $cgi[p_id];
$t_id = $cgi[t_id];
if($p_id == "" || $t_id == "" ) sys_exit("参数错误");
conProjDB($p_id, $t_id);
if($ck_u_type > 2 ) sys_exit("对不起,你没有操作权限", "");
if( check_priv($p_id, $t_id, 0) < 0 ) sys_exit("对不起,你没有操作权限", $error_message);
foreach($cgi as $cgi_name=>$cgi_value)
{
$pos = strpos($cgi_name, "showorder_");
if($pos === 0)
{
$f_id = substr($cgi_name, strlen("showorder_"));
$sqlstr = sprintf("update tempdef set showorder=%s where f_id=%s", $cgi_value, $f_id);
$res = mysql_query($sqlstr, $proj_mysql) or exit(mysql_error() . "\n" . $sqlstr);
}
}
printf("<script type=\"text/javascript\"> window.location = 'tempdeflist.php?t_id=%s&p_id=%s' </script>\n", $t_id, $p_id);
$cgi = getCGI();
$p_id = $cgi[p_id];
$t_id = $cgi[t_id];
$d_id = $cgi[d_id];
if ($p_id == "" || $t_id == "" || $d_id == "") {
sys_exit("参数错误");
}
conProjDB($p_id, $t_id);
$p_cname = $proj_data[p_cname];
$t_cname = $temp_data[$t_id][cname];
$t_name = $temp_data[$t_id][t_name];
$nav_str .= " > <a href=templist.php?p_id={$p_id}>{$p_cname}</a> > <a href=doclist.php?p_id={$p_id}&t_id={$t_id} >{$t_cname}</a> > 修改文档({$d_id})";
if ($cgi[edit] != "") {
//sys_jmp("doclist.php?p_id=$p_id&t_id=$t_id");
if (check_priv($p_id, $t_id, $d_id) < 0) {
sys_exit("对不起,你没有操作权限", $error_message);
}
upload_pic();
$t_name = $temp_data[$t_id][t_name];
$t_cname = $temp_data[$t_id][cname];
$nav_buf = sprintf("/<a href=\"projlist.php\">网站管理中心</a> > <a href=\"templist.php?p_id=%s\">%s</a> > %s(<a href=\"doclist.php?t_id=%s&p_id=%s\">文档</a>) (<a href=\"temp_edit.php?t_id=%s&p_id=%s\">模板</a>) (<a href=\"tempdeflist.php?t_id=%s&p_id=%s\">模板域</a>) > 更新文档", $p_id, $proj_data[p_cname], $t_cname, $t_id, $p_id, $t_id, $p_id, $t_id, $p_id);
print_html("更新文档", $nav_buf);
printf("更新数据库记录....");
$sqlstr = sprintf("update %s set savedatetime=now(), mu_id=%s,", $t_name, $ck_u_id);
foreach ($cgi as $this_name => $this_value) {
if ($this_name == "") {
continue;
}
$pos = strpos($this_name, $pre_field);
if ($pos !== 0) {
continue;
function get_doc_edit_html($p_id, $t_id, $d_id)
{
global $proj_mysql;
global $poly_data;
global $temp_data;
global $error_message;
$v_html = "";
$poly_html = "";
$form_html = "";
$sqlstr = sprintf("select * from %s where d_id=%s", $temp_data[$t_id][t_name], $d_id);
$res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error());
$pdoc = mysql_fetch_array($res, MYSQL_ASSOC);
foreach($poly_data as $pm_id=>$row)
{
$html_urlbase = $row[html_urlbase];
$url_name = sprintf("url_%d", $pm_id);
$url = $pdoc[$url_name];
$doc_url = $url;
$doc_url1 = $url;
$hii = strlen($html_urlbase) - 1;
if($html_urlbase{$hii} !='/' && $doc_url{0} !='/' && $doc_url != "") $doc_url = "/$doc_url";
if($html_urlbase{$hii} =='/' && $doc_url{0}=='/' && $doc_url != "") $doc_url = substr($doc_url, 1);
if($url != "")
{
$pos = strrpos($url, "/");
if($pos !== false) $url = substr($url, 0, $pos);
}
$html_urlbase1=$html_urlbase;
if(strpos($doc_url, "http://") === 0) $html_urlbase1 = "";
$url_html .= sprintf(
"<table id=url_table width=100%%>
<tr>
<TD ALIGN=left BGCOLOR=#bfbfbf nowap><a href=\"%s%s\" target=_blank>%s URL:</a></td>
<TD ALIGN=left BGCOLOR=#dddddd>%s </td>
<TD ALIGN=left BGCOLOR=#dddddd><input type=text name=doc_url_%d size=40 value=%s></td>
</tr>
</table>", $html_urlbase1, $doc_url, $row[pm_name], $html_urlbase, $pm_id, $doc_url1);
}
$sqlstr = "select f_name, cname, type, arithmetic, showwidth, showheight, defaultvalue, validate from tempdef where t_id=$t_id and hide='n' and type!='Sql_Result' and type!='PostInPage' and type != 'Php_List' order by showorder, f_id";
$res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error());
while($row = mysql_fetch_array($res, MYSQL_ASSOC))
{
$form=fieldIntoForm($row, $pdoc, $html_urlbase1, $url, $p_id, $t_id);
if($form == "")
{
print "[$row[cname]]模板域呈现错误: $error_message";
return;
}
$form_html .= $form;
}
$js_code = genJsCode();
$v_html =<<<GHC_OF_END
<table id=doc_table border=0 width=100% cellspacing=2 cellpadding=3>
$form_html
</table>
<br>
$url_html
<script language=javascript>
function checkForm()
{
ret = true;
$js_code;
return ret;
}
</script>
GHC_OF_END;
return $v_html;
}
require_once "plib/head.php";
$cgi = getCGI();
if (DB_CHARSET == "gbk") {
utf8_gbk($cgi);
}
$p_id = $cgi[p_id];
$t_id = $cgi[t_id];
if ($p_id == "" || $t_id == "") {
print_r($cgi);
exit;
sys_exit("参数错误");
}
conProjDB($p_id, $t_id);
if ($cgi[this_t_id] != "") {
$sqlstr = "select * from tempdef where t_id={$cgi['this_t_id']} order by showorder asc, f_id asc";
$res = mysql_query($sqlstr, $proj_mysql) or sys_exit($sqlstr . "\n" . mysql_error());
while ($row = mysql_fetch_array($res)) {
$f_id = $row[f_id];
$tempdef_data[$f_id] = $row;
}
}
if ($cgi[type] == 'Rel_Select') {
$f_ids = $cgi[f_ids];
$this_t_id = $cgi[this_t_id];
if ($this_t_id == "" || $f_ids == "") {
exit;
}
$this_t_cname = sprintf("{%s}", $temp_data[$this_t_id][cname]);
$sp = explode(",", $f_ids);
if (count($sp) > 1) {
$this_f_id0 = $sp[0];
$cgi = getCGI();
$p_id = $cgi[p_id];
$t_id = $cgi[t_id];
if($p_id == "" || $t_id == "") sys_exit("参数错误");
$filename = sprintf("%s/tmp/temp_%s_%s.html", $file_base, $p_id, $t_id);
$html = @file_get_contents($filename);
conProjDB($p_id, $t_id);
if($html == "")
{
$sqlstr = "select * from temp where t_id=$t_id";
$res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error());
$row = mysql_fetch_array($res);
if($row == "") sys_exit("模板不存在", $sqlstr);
$html = $row[html_1];
}
if($cgi[view] == "")
{
$html = preg_replace(array("/<body\s*(.*)>/i"), array("<body $1 contentEditable=true>"), $html);
}
?>
<script type="text/javascript">
document.old_write = document.write;
document.old_writeln = document.writeln;
$p_cname = $proj_data[p_cname];
$t_cname = $temp_data[$t_id][cname];
$t_name = $temp_data[$t_id][t_name];
$nav_str .= " > <a href=templist.php?p_id={$p_id}>{$p_cname}</a> > <a href=doclist.php?p_id={$p_id}&t_id={$t_id} >{$t_cname}</a> > 添加文档";
if ($cgi[edit] != "") {
if (check_priv($p_id, $t_id, 0) < 0) {
sys_exit("对不起,你没有操作权限", $error_message);
}
upload_pic();
$t_name = $temp_data[$t_id][t_name];
$t_cname = $temp_data[$t_id][cname];
$nav_buf = sprintf("/<a href=\"projlist.php\">网站管理中心</a> > <a href=\"templist.php?p_id=%s\">%s</a> > %s(<a href=\"doclist.php?t_id=%s&p_id=%s\">文档</a>) (<a href=\"temp_edit.php?t_id=%s&p_id=%s\">模板</a>) (<a href=\"tempdeflist.php?t_id=%s&p_id=%s\">模板域</a>) > 添加文档", $p_id, $proj_data[p_cname], $t_cname, $t_id, $p_id, $t_id, $p_id, $t_id, $p_id);
print_html("添加文档", $nav_buf);
printf("添加数据库记录....");
$sqlstr = sprintf("insert into %s (cu_id, mu_id, createdatetime, savedatetime, published) values(%s, %s, now(), now(), 'n')", $t_name, $ck_u_id, $ck_u_id);
$res = mysql_query($sqlstr, $proj_mysql) or sys_exit("系统错误,请稍候再试", mysql_error() . "\n" . $sqlstr);
$d_id = mysql_insert_id($proj_mysql);
$sqlstr = sprintf("update %s set", $t_name);
foreach ($poly_data as $pm_id => $this_poly) {
$url_radio = $cgi["urlradio_{$pm_id}"];
$outer_url = $cgi["outer_url_{$pm_id}"];
$default_url = $cgi["default_url_{$pm_id}"];
$sqlstr .= sprintf(" url_%d='%s',", $pm_id, $url_radio == "default" ? $default_url : $outer_url);
}
foreach ($cgi as $this_name => $this_value) {
if ($this_name == "" || $this_value == "") {
continue;
}
$mark = sprintf("%spoly_", $pre_field);
$pos = strpos($this_name, $mark);
if ($pos === 0) {
function gen_global()
{
global $proj_mysql, $file_base, $db_name, $poly_data;
$sqlstr = "select * from global";
$res = mysql_query($sqlstr, $proj_mysql) or sys_exit($sqlstr . "\n" . mysql_error());
$list = "";
while ($row = mysql_fetch_array($res)) {
if ($row[type] == 'text') {
continue;
}
$content = addslashes($row[content]);
if ($list == "") {
$list .= sprintf("'%s':'%s'", $row[name], $content);
} else {
$list .= sprintf(",\n'%s':'%s'", $row[name], $content);
}
}
$data = <<<END_NAV_OF_GHC
var global_data = {
{$list}
};
function pub_global_vars(global_var_name)
{
\tdocument.write(global_data[global_var_name]);
\treturn true;
}
END_NAV_OF_GHC;
$sqlstr = "select * from polymorphic limit 1 ";
$res = mysql_query($sqlstr, $proj_mysql) or sys_exit($sqlstr . "\n" . mysql_error());
$row = mysql_fetch_array($res);
$filename = sprintf("%s/pub_global.js", $row[file_path]);
$fp = fopen($filename, "w");
if (!$fp) {
sys_exit("无法打开文件 {$filename}.", "");
}
fwrite($fp, $data);
fclose($fp);
}
<?php
require_once("plib/head.php");
$p_id = $_GET[p_id];
$t_id = $_GET[t_id];
if($p_id == "" || $t_id == "" ) sys_exit("参数错误");
conProjDB($p_id, $t_id);
$p_cname = $proj_data[p_cname];
$t_cname = $temp_data[$t_id][cname];
$nav_str .= " > <a href=templist.php?p_id=$p_id>$p_cname</a> > <a href=temp_edit.php?p_id=$p_id&t_id=$t_id >$t_cname</a> > 模板上传";
$mess_str = "";
if( $_FILES['zfile']['name'] != '' )
{
$tm = time();
$filepath = $poly_data[1][file_path];
$fname = sprintf("ghc%s.zip", $tm);
$filename = $filepath . "/" . $fname;
if(move_uploaded_file($_FILES['zfile']['tmp_name'], $filename))
{
$cmd = "cd $filepath; unzip -o $fname";
$ret = `$cmd`;
$mess_str = "<pre>$cmd\n$ret</pre>\n上传才成功!";
}
$sqlstr .= sprintf(",(%s, %s)", $u_id, $this_p_id);
}
$i++;
}
}
if ($i > 0 && $allproj == "0") {
$res = mysql_query($sqlstr, $pub_mysql) or exit(mysql_error() . "\n" . $sqlstr);
}
header("Location: userlist.php");
exit;
}
$sqlstr = sprintf("select name, login, passwd, type, note, allproj from user where id=%s", $u_id);
$res = mysql_query($sqlstr, $pub_mysql) or exit(mysql_error() . "\n" . $sqlstr);
$row_user = mysql_fetch_array($res, MYSQL_ASSOC);
if ($row_user == "") {
sys_exit("没有记录", $sqlstr);
}
/*
username = row[0]? row[0]:"";
login = row[1]? row[1]:"";
passwd = row[2]? row[2]:"";
type = row[3]? row[3]:"4";
note = row[4]? row[4]:"";
allproj = row[5]?row[5]:"0";
*/
$sqlstr = sprintf("select p_id from user_priv where u_id=%s", $u_id);
$res = mysql_query($sqlstr, $pub_mysql) or exit(mysql_error() . "\n" . $sqlstr);
$user_priv = array();
while ($row = mysql_fetch_array($res)) {
$user_priv["{$row['p_id']}"] = 1;
}
