if(empty($dopost)) $dopost="";
if($dopost=="add")
{
	if(ereg("[^0-9a-zA-Z_@!\.-]",$pwd)){
		 ShowMsg("用户密码不合法!","-1",0,300);
		 exit();
	}
	if(ereg("[^0-9a-zA-Z_@!\.-]",$userid)){
		 ShowMsg("用户名不合法!","-1",0,300);
		 exit();
	}
	$dsql = new DedeSql(false);
	$dsql->SetQuery("Select * from `#@__admin` where userid='$userid' Or uname='$uname'");
	$dsql->Execute();
	$ns = $dsql->GetTotalRow();
	if($ns>0){
		$dsql->Close();
		ShowMsg("用户名或笔名已存在,不允许重复使用!","-1");
		exit();
	}
	$ks = Array();
	foreach($typeid as $v){
		$vs = explode('-',$v);
		if(isset($vs[1])) $t = $vs[1];
		else $t = $vs[0];
		if(!isset($ks[$vs[0]])) $ks[$t] = 1;
	}
	$typeid = '';
	foreach($ks as $k=>$v){
		if($k>0) $typeid .=($typeid=='' ? $k : ','.$k);
Exemplo n.º 2
0
	 $dsql->Close();
	 ShowMsg("新增变量失败,可能有非法字符!","sys_info.php?gp=$vargroup");
	 exit();
}

$configfile = dirname(__FILE__)."/../include/config_hand.php";
$configfile_bak = dirname(__FILE__)."/../include/config_hand_bak.php";

if(!is_writeable($configfile)){
	$dsql->Close();
	ShowMsg("成功保存变量,但由于 $configfile 无法写入,因此不能更新配置文件!","sys_info.php?gp=$vargroup");
	exit();
}else{
	$dsql->SetQuery("Select varname,value From #@__sysconfig order by aid asc");
	$dsql->Execute();
	if($dsql->GetTotalRow()<=0){
		$dsql->Close();
		ShowMsg("成功保存变量但从数据库读取所有数据时失败,无法更新配置文件!","sys_info.php?gp=$vargroup");
	  exit();
	}
	copy($configfile,$configfile_bak);
	$fp = fopen($configfile,"w");
	fwrite($fp,"<"."?php\r\n");
  while($row = $dsql->GetArray()){
  	fwrite($fp,"\${$row['varname']} = '".str_replace("'","\\'",$row['value'])."';\r\n");
  }
  fwrite($fp,"?".">");
	fclose($fp);
	$dsql->Close();
	ShowMsg("成功保存变量并更新配置文件!","sys_info.php?gp=$vargroup");
	exit();
Exemplo n.º 3
0
}else if($dopost=="query") //执行SQL语句
{
	$t1 = ExecTime();
	$sqlquery = trim(stripslashes($sqlquery));
	if(eregi("drop(.*)table",$sqlquery) 
	|| eregi("drop(.*)database",$sqlquery)){
		echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>";
		$dsql->Close();
	  exit();
	}
	//运行查询语句
	if(eregi("^select ",$sqlquery))
	{
		$dsql->SetQuery($sqlquery);
	  $dsql->Execute();
	  if($dsql->GetTotalRow()<=0) echo "运行SQL:{$sqlquery},无返回记录!";
	  else echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!";
	  $j = 0;
	  while($row = $dsql->GetArray())
	  {
	  	 $j++;
	  	 if($j>100) break;
	  	 echo "<hr size=1 width='100%'/>";
	  	 echo "记录:$j";
	  	 echo "<hr size=1 width='100%'/>";
	  	 foreach($row as $k=>$v){
	  		  if(ereg("[^0-9]",$k)){ echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; }
	  	 }
	  }
	  $t2 = ExecTime();
	  echo "<hr>执行时间:".($t2-$t1);
 foreach ($_POST as $k => $v) {
     if (ereg("^edit___", $k)) {
         $v = ${$k};
     } else {
         continue;
     }
     $k = ereg_replace("^edit___", "", $k);
     if (strlen($v) > 250) {
         showmsg("{$k} 太长,不能超过250字节", '-1');
         exit;
     }
     $savesql->ExecuteNoneQuery("Update #@__config set `config_value`='{$v}' where `config_name`='{$k}' ");
 }
 $savesql->SetQuery("Select `config_name`,`config_value` From `#@__config` order by `id` asc");
 $savesql->Execute();
 if ($savesql->GetTotalRow() <= 0) {
     $savesql->Close();
     ShowMsg("成功保存变量但从数据库读取所有数据时失败,无法更新配置文件!", "javascript:;");
     exit;
 }
 @copy($configfile, $configfile_bak);
 $fp = @fopen($configfile, 'w');
 @flock($fp, 3);
 @fwrite($fp, "<" . "?php\r\n") or die("配置文件'{$configfile}'不支持写入,本次操作无效!<a href='system_basic.php'>返回</a>");
 while ($row = $savesql->GetArray()) {
     $row['value'] = str_replace("'", "\\'", $row['config_value']);
     fwrite($fp, "\${$row['config_name']} = '" . $row['config_value'] . "';\r\n");
 }
 fwrite($fp, "?>");
 fclose($fp);
 $message = "成功修改了系统配置文件config_base.php";
		else $condition = "";
		$rs = $dsql->ExecuteNoneQuery("Update $exptable set $rpfield=Replace($rpfield,'$rpstring','$tostring') $condition ");
		$dsql->executenonequery("OPTIMIZE TABLE `$exptable`");
		$dsql->Close();
		if($rs) ShowMsg("成功完成数据替换!","javascript:;");
		else ShowMsg("数据替换失败!","javascript:;");
	}else
	{
		if(!empty($condition)) $condition = " And $condition ";
		else $condition = "";
		$rpstring = stripslashes($rpstring);
		$rpstring2 = str_replace("\\","\\\\",$rpstring);
		$rpstring2 = str_replace("'","\\'",$rpstring2);
		$dsql->SetQuery("Select $keyfield,$rpfield From $exptable where $rpfield REGEXP '$rpstring2'  $condition ");
		$dsql->Execute();
		$tt = $dsql->GetTotalRow();
		if($tt==0){
			$dsql->Close();
			ShowMsg("根据你指定的正则,找不到任何东西!","javascript:;");
			exit();
		}
		$oo = 0;
		while($row = $dsql->GetArray()){
			$kid = $row[$keyfield];
			$rpf = eregi_replace($rpstring,$tostring,$row[$rpfield]);
			$rs = $dsql->ExecuteNoneQuery("Update $exptable set $rpfield='$rpf' where $keyfield='$kid' ");
			if($rs) $oo++;
		}
		$dsql->executenonequery("OPTIMIZE TABLE `$exptable`");
		$dsql->close;
		ShowMsg("共找到 $tt 条记录,成功替换了 $oo 条!","javascript:;");
	}
	$titless = split('`',$titles);

	if($deltype=='delnew') $orderby = " order by ID desc ";
	else $orderby = " order by ID asc ";
	$totalarc = 0;
	foreach($titless as $title){
		 $title = trim($title);
		 if($title=='') $q1 = "Select ID,title From $maintable where channel='$channelid' and title='' $orderby ";
		 else{
		 	  $title = addslashes(urldecode($title));
		 	  $q1 = "Select ID,title From $maintable where channel='$channelid' and title='$title' $orderby ";
		 }
		 $dsql->SetQuery($q1);
		 $dsql->Execute();
		 $rownum = $dsql->GetTotalRow();
		 if($rownum<2) continue;
		 $i = 1;
		 while($row = $dsql->GetObject()){
		 	 $i++;
		 	 $naid = $row->ID;
		 	 $ntitle = $row->title;
		 	 if($i > $rownum){ continue; }
		 	 $totalarc++;
		 	 DelArc($naid);
		 }
	}
	$dsql->executenonequery("OPTIMIZE TABLE `$maintable`");
	$dsql->Close();
	ShowMsg("一共删除了[{$totalarc}]篇重复的文档!","javascript:;");
	exit();