$pathid = (int) $_GET['pathid']; $classid = (int) $_GET['classid']; if (!$classid || empty($class_r[$classid][tbname]) || !$id) { echo "<script>alert('此信息不存在');window.close();</script>"; exit; } $mid = $class_r[$classid][modid]; $tbname = $class_r[$classid][tbname]; $query = "select * from {$dbtbpre}ecms_" . $tbname . " where id='{$id}' limit 1"; $r = $empire->fetch1($query); if (!$r['id'] || $r['classid'] != $classid) { echo "<script>alert('此信息不存在');window.close();</script>"; exit; } //副表 $finfor = $empire->fetch1("select " . ReturnSqlFtextF($mid) . " from {$dbtbpre}ecms_" . $tbname . "_data_" . $r[stb] . " where id='{$r['id']}' limit 1"); $r = array_merge($r, $finfor); //区分下载地址 $path_r = explode("\r\n", $r[downpath]); if (!$path_r[$pathid]) { echo "<script>alert('此信息不存在');window.close();</script>"; exit; } $showdown_r = explode("::::::", $path_r[$pathid]); //下载权限 $user = array(); $downgroup = $showdown_r[2]; if ($downgroup) { $user = islogin(); //取得会员资料 $u = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$user['userid']}' and " . egetmf('rnd') . "='{$user['rnd']}' limit 1");
$wfinfor = $empire->fetch1("select id,tid,groupid,userclass,username,tstatus,checktno from {$dbtbpre}enewswfinfo where id='{$id}' and classid='{$classid}' limit 1"); if (!$wfinfor['id']) { printerror('ErrorUrl', 'history.go(-1)'); } //工作流 $cwfitemr = $empire->fetch1("select wfid,groupid,userclass,username from {$dbtbpre}enewsworkflowitem where tid='{$wfinfor['tid']}'"); //验证权限 if (strstr(',' . $cwfitemr[groupid] . ',', ',' . $lur[groupid] . ',') || strstr(',' . $cwfitemr[userclass] . ',', ',' . $lur[classid] . ',') || strstr(',' . $cwfitemr[username] . ',', ',' . $lur[username] . ',')) { } else { $doselfinfo = CheckLevel($logininid, $loginin, $classid, "news"); } $r[newstime] = date("Y-m-d H:i:s", $r[newstime]); //返回表信息 $infodatatb = ReturnInfoDataTbname($tbname, $index_r['checked'], $r['stb']); //副表 $finfor = $empire->fetch1("select " . ReturnSqlFtextF($mid) . " from " . $infodatatb . " where id='{$id}' limit 1"); $r = array_merge($r, $finfor); //内容存文本 if ($savetxtf) { $r[$savetxtf] = GetTxtFieldText($r[$savetxtf]); } //发布者 if ($r[ismember]) { $username = empty($r[userid]) ? '游客' : "会员:<a href='../member/AddMember.php?enews=EditMember&userid=" . $r[userid] . $ecms_hashur['ehref'] . "' target='_blank'>" . $r[username] . "</a>"; } else { $username = "******" . $r[userid] . $ecms_hashur['ehref'] . "' target='_blank'>" . $r[username] . "</a>"; } //状态 $st = ''; if ($index_r[checked]) { $st .= "[已审核] ";
function GetSofturl($classid, $id, $pathid, $p, $pass, $onlinetime, $onlinepass) { global $empire, $dbtbpre, $public_r, $class_r, $emod_r, $level_r, $ecms_config; //验证IP eCheckAccessDoIp('onlineinfo'); $classid = (int) $classid; $id = (int) $id; $pathid = (int) $pathid; $onlinetime = (int) $onlinetime; $p = RepPostVar($p); if (!$classid || empty($id) || empty($p)) { exit; } $p_r = explode(":::", $p); $userid = $p_r[0]; $rnd = $p_r[1]; //验证码 $cpass = md5(ReturnDownSysCheckIp() . "wm_chief" . $public_r[downpass] . $userid); if ($cpass != $pass) { exit; } //验证验证码 CheckOnlinePass($onlinetime, $onlinepass); //表不存在 if (empty($class_r[$classid][tbname])) { exit; } $mid = $class_r[$classid][modid]; $tbname = $class_r[$classid][tbname]; $r = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id='{$id}' limit 1"); if (empty($r['id']) || $r['classid'] != $classid) { exit; } //副表 $finfor = $empire->fetch1("select " . ReturnSqlFtextF($mid) . " from {$dbtbpre}ecms_" . $tbname . "_data_" . $r[stb] . " where id='{$r['id']}' limit 1"); $r = array_merge($r, $finfor); //区分下载地址 $path_r = explode("\r\n", $r[onlinepath]); if (!$path_r[$pathid]) { exit; } $showdown_r = explode("::::::", $path_r[$pathid]); $downgroup = $showdown_r[2]; //下载权限 if ($downgroup) { $userid = (int) $userid; $rnd = RepPostVar($rnd); //取得会员资料 $u = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' and " . egetmf('rnd') . "='{$rnd}' limit 1"); if (empty($u['userid'])) { exit; } //下载次数限制 $setuserday = ""; if ($level_r[$u['groupid']]['daydown']) { $setuserday = DoCheckMDownNum($userid, $u['groupid'], 1); } if ($level_r[$downgroup][level] > $level_r[$u[groupid]][level]) { exit; } //点数是否足够 $showdown_r[3] = intval($showdown_r[3]); if ($showdown_r[3]) { //---------是否有历史记录 $bakr = $empire->fetch1("select id,truetime from {$dbtbpre}enewsdownrecord where id='{$id}' and classid='{$classid}' and userid='{$userid}' and pathid='{$pathid}' and online=1 order by truetime desc limit 1"); if ($bakr[id] && time() - $bakr[truetime] <= $public_r[redodown] * 3600) { } else { //包月卡 if ($u['userdate'] - time() > 0) { } else { if ($showdown_r[3] > $u['userfen']) { exit; } //去除点数 $usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('userfen') . "=" . egetmf('userfen') . "-" . $showdown_r[3] . " where " . egetmf('userid') . "='{$userid}'"); } //备份下载记录 $utfusername = $u['username']; BakDown($classid, $id, $pathid, $userid, $utfusername, $r[title], $showdown_r[3], 1); } } //更新用户下载次数 if ($setuserday) { $usql = $empire->query($setuserday); } } //总下载数据增一 $usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set totaldown=totaldown+1 where id='{$id}'"); //选择播放器 $ftype = GetFiletype($showdown_r[1]); if (strstr($ecms_config['sets']['realplayertype'], ',' . $ftype . ',')) { Header("Content-Type: audio/x-pn-realaudio"); } else { Header("Content-Type: video/x-ms-asf"); } $downurl = stripSlashes($showdown_r[1]); $downurlr = ReturnDownQzPath($downurl, $showdown_r[4]); $downurl = $downurlr['repath']; //防盗链 @(include ECMS_PATH . DASHBOARD . "/DownSys/class/enpath.php"); $downurl = DoEnOnlinepath($downurl); db_close(); $empire = null; echo $downurl; exit; }
function DoDocInfo($tb, $r, $ecms = 0) { global $empire, $dbtbpre, $class_r, $emod_r; if ($ecms == 1) { $table = $dbtbpre . 'ecms_' . $tb . '_doc_index'; //索引表 $table1 = $dbtbpre . 'ecms_' . $tb . '_doc'; //主表 $table2 = $dbtbpre . 'ecms_' . $tb . '_doc_data'; //副表 $ytable = $dbtbpre . 'ecms_' . $tb . '_index'; //目标索引表 $ytable1 = $dbtbpre . 'ecms_' . $tb; //目标主表 $ytable2 = $dbtbpre . 'ecms_' . $tb . '_data_' . $r[stb]; //目标副表 } else { $table = $dbtbpre . 'ecms_' . $tb . '_index'; //索引表 $table1 = $dbtbpre . 'ecms_' . $tb; //主表 $table2 = $dbtbpre . 'ecms_' . $tb . '_data_' . $r[stb]; //副表 $ytable = $dbtbpre . 'ecms_' . $tb . '_doc_index'; //目标索引表 $ytable1 = $dbtbpre . 'ecms_' . $tb . '_doc'; //目标主表 $ytable2 = $dbtbpre . 'ecms_' . $tb . '_doc_data'; //目标副表 } $mid = $class_r[$r[classid]][modid]; //索引表 $index_r = $empire->fetch1("select * from " . $table . " where id='{$r['id']}' limit 1"); if ($index_r['checked'] == 0) { return ''; } //副表 $fr = $empire->fetch1("select " . ReturnSqlFtextF($mid) . " from " . $table2 . " where id='{$r['id']}' limit 1"); $r = array_merge($r, $fr); $ret_r = ReturnAddF($r, $mid, $userid, $username, 10, 0, 0); //返回自定义字段 //索引表 $empire->query("insert into " . $ytable . "(id,classid,checked,newstime,truetime,lastdotime,havehtml) values('{$index_r['id']}','{$index_r['classid']}','{$index_r['checked']}','{$index_r['newstime']}','{$index_r['truetime']}','{$index_r['lastdotime']}','{$index_r['havehtml']}');"); //主表 $empire->query("replace into " . $ytable1 . "(id,classid,ttid,onclick,plnum,totaldown,newspath,filename,userid,username,firsttitle,isgood,ispic,istop,isqf,ismember,isurl,truetime,lastdotime,havehtml,groupid,userfen,titlefont,titleurl,stb,fstb,restb,keyboard" . $ret_r[fields] . ") values('{$r['id']}','{$r['classid']}','{$r['ttid']}','{$r['onclick']}','{$r['plnum']}','{$r['totaldown']}','" . StripAddsData($r[newspath]) . "','" . StripAddsData($r[filename]) . "','{$r['userid']}','" . StripAddsData($r[username]) . "','{$r['firsttitle']}','{$r['isgood']}','{$r['ispic']}','{$r['istop']}','{$r['isqf']}','{$r['ismember']}','{$r['isurl']}','{$r['truetime']}','{$r['lastdotime']}','{$r['havehtml']}','{$r['groupid']}','{$r['userfen']}','" . StripAddsData($r[titlefont]) . "','" . StripAddsData($r[titleurl]) . "','{$r['stb']}','{$r['fstb']}','{$r['restb']}','" . StripAddsData($r[keyboard]) . "'" . $ret_r[values] . ");"); //副表 $empire->query("replace into " . $ytable2 . "(id,classid,keyid,dokey,newstempid,closepl,haveaddfen,infotags" . $ret_r[datafields] . ") values('{$r['id']}','{$r['classid']}','{$r['keyid']}','{$r['dokey']}','{$r['newstempid']}','{$r['closepl']}','{$r['haveaddfen']}','" . StripAddsData($r[infotags]) . "'" . $ret_r[datavalues] . ");"); //删除 $empire->query("delete from " . $table . " where id='{$r['id']}'"); $empire->query("delete from " . $table1 . " where id='{$r['id']}'"); $empire->query("delete from " . $table2 . " where id='{$r['id']}'"); //更新栏目信息数 if ($ecms == 1) { AddClassInfos($r['classid'], '+1', '+1'); } else { AddClassInfos($r['classid'], '-1', '-1'); } }
function CheckQdoinfo($classid, $id, $userid, $tbname, $adminqinfo, $ecms = 0) { global $empire, $dbtbpre, $emod_r, $class_r; //索引表 $index_r = $empire->fetch1("select id,classid,checked from {$dbtbpre}ecms_" . $tbname . "_index where id='{$id}' limit 1"); if (!$index_r['id'] || $index_r['classid'] != $classid) { printerror("HaveNotLevelQInfo", "history.go(-1)", 1); } //返回表 $infotb = ReturnInfoMainTbname($tbname, $index_r['checked']); $r = $empire->fetch1("select * from " . $infotb . " where id='{$id}' and classid='{$classid}' and ismember=1 and userid='{$userid}' limit 1"); if (!$r['id']) { printerror("HaveNotLevelQInfo", "history.go(-1)", 1); } $r['checked'] = $index_r['checked']; if ($adminqinfo == 1) { if ($index_r['checked']) { printerror("ClassSetNotAdminQCInfo", "history.go(-1)", 1); } } elseif ($adminqinfo == 2) { if ($index_r['checked'] || $ecms != 1) { printerror("ClassSetNotEditQCInfo", "history.go(-1)", 1); } } elseif ($adminqinfo == 3) { if ($index_r['checked'] || $ecms != 2) { printerror("ClassSetNotDelQCInfo", "history.go(-1)", 1); } } elseif ($adminqinfo == 4) { } elseif ($adminqinfo == 5) { if ($ecms != 1) { printerror("ClassSetNotEditQInfo", "history.go(-1)", 1); } } elseif ($adminqinfo == 6) { if ($ecms != 2) { printerror("ClassSetNotDelQInfo", "history.go(-1)", 1); } } else { printerror("ClassSetNotAdminQInfo", "history.go(-1)", 1); } //返回表信息 $infotbr = ReturnInfoTbname($tbname, $index_r['checked'], $r['stb']); //副表 $mid = $class_r[$classid]['modid']; $finfor = $empire->fetch1("select " . ReturnSqlFtextF($mid) . " from " . $infotbr['datatbname'] . " where id='{$r['id']}' limit 1"); $r = array_merge($r, $finfor); return $r; }
function GetHtml($classid, $id, $add, $ecms = 0, $doall = 0) { global $public_r, $class_r, $class_zr, $fun_r, $empire, $dbtbpre, $emod_r, $class_tr, $level_r, $etable_r; $mid = $class_r[$classid]['modid']; $tbname = $class_r[$classid][tbname]; if (InfoIsInTable($tbname)) { return ''; } if ($ecms == 0) { $add = $empire->fetch1("select " . ReturnSqlTextF($mid, 1) . " from {$dbtbpre}ecms_" . $tbname . " where id='{$id}' limit 1"); } $add['id'] = $id; $add['classid'] = $classid; if ($add['isurl']) { return ''; } if (empty($doall)) { if (!$add['stb'] || $class_r[$add[classid]][showdt] == 2 || strstr($public_r['nreinfo'], ',' . $add['classid'] . ',')) { return ''; } } //副表 $addr = $empire->fetch1("select " . ReturnSqlFtextF($mid) . " from {$dbtbpre}ecms_" . $tbname . "_data_" . $add[stb] . " where id='{$add['id']}' limit 1"); $add = array_merge($add, $addr); //路径 $iclasspath = ReturnSaveInfoPath($add[classid], $add[id]); $doclasspath = eReturnTrueEcmsPath() . $iclasspath; //moreport $createinfopath = $doclasspath; //建立日期目录 $newspath = ''; if ($add[newspath]) { $createpath = $doclasspath . $add[newspath]; if (!file_exists($createpath)) { $r[newspath] = FormatPath($add[classid], $add[newspath], 1); } $createinfopath .= $add[newspath] . '/'; $newspath = $add[newspath] . '/'; } //新建存放目录 if ($class_r[$add[classid]][filename] == 3) { $createinfopath .= ReturnInfoSPath($add['filename']); DoMkdir($createinfopath); $fn3 = 1; } //存文本 if ($emod_r[$mid]['savetxtf']) { $stf = $emod_r[$mid]['savetxtf']; if ($add[$stf]) { $add[$stf] = GetTxtFieldText($add[$stf]); } } $GLOBALS['navclassid'] = $add[classid]; $GLOBALS['navinfor'] = $add; //取得内容模板 $add[newstempid] = $add[newstempid] ? $add[newstempid] : $class_r[$add[classid]][newstempid]; $newstemp_r = $empire->fetch1("select temptext,showdate from " . GetTemptb("enewsnewstemp") . " where tempid='{$add['newstempid']}' limit 1"); $newstemp_r['tempid'] = $add['newstempid']; if ($public_r['opennotcj']) { $newstemp_r['temptext'] = ReturnNotcj($newstemp_r['temptext']); } $newstemptext = $newstemp_r[temptext]; $formatdate = $newstemp_r[showdate]; //文件类型/权限 if ($add[groupid] || $class_r[$add[classid]]['cgtoinfo']) { if (empty($add[newspath])) { $include = ''; } else { $pr = explode('/', $add[newspath]); for ($i = 0; $i < count($pr); $i++) { $include .= '../'; } } if ($fn3 == 1) { $include .= '../'; } $pr = explode('/', $iclasspath); $pcount = count($pr); for ($i = 0; $i < $pcount - 1; $i++) { $include .= '../'; } $include1 = $include; $include .= 'e/class/CheckLevel.php'; $filetype = '.php'; $addlevel = "<?php\n\t\tdefine('empirecms','wm_chief');\n\t\t\$check_tbname='" . $class_r[$add[classid]][tbname] . "';\n\t\t\$check_infoid=" . $add[id] . ";\n\t\t\$check_classid=" . $add[classid] . ";\n\t\t\$check_path=\"" . $include1 . "\";\n\t\trequire(\"" . $include . "\");\n\t\t?>"; } else { $filetype = $class_r[$add[classid]][filetype]; $addlevel = ''; } //取得本目录链接 if ($class_r[$add[classid]][classurl] && $class_r[$add[classid]][ipath] == '') { $dolink = $class_r[$add[classid]][classurl] . '/' . $newspath; } else { $dolink = $public_r[newsurl] . $iclasspath . $newspath; } //返回替换验证字符 $docheckrep = ReturnCheckDoRepStr(); if ($add[newstext]) { if (empty($public_r['dorepword']) && $docheckrep[3]) { $add[newstext] = ReplaceWord($add[newstext]); //过滤字符 } if (empty($public_r['dorepkey']) && $docheckrep[4] && !empty($add[dokey])) { $add[newstext] = ReplaceKey($add['newstext'], $add['classid']); } if ($public_r['opencopytext']) { $add[newstext] = AddNotCopyRndStr($add[newstext]); //随机复制字符 } } //返回编译 $newstemptext = GetInfoNewsBq($classid, $newstemp_r, $add, $docheckrep); //分页字段 $expage = '[!--empirenews.page--]'; //分页符 $pf = $emod_r[$mid]['pagef']; //变量替换 $newstempstr = $newstemptext; //模板 //分页 if ($pf && strstr($add[$pf], $expage)) { $n_r = explode($expage, $add[$pf]); $thispagenum = count($n_r); //取得分页 $thefun = $public_r['textpagefun'] ? $public_r['textpagefun'] : 'sys_ShowTextPage'; //下拉式分页 if (strstr($newstemptext, '[!--title.select--]')) { $dotitleselect = sys_ShowTextPageSelect($thispagenum, $dolink, $add, $filetype, $n_r); } for ($j = 1; $j <= $thispagenum; $j++) { $string = $newstempstr; //模板 $truepage = ''; $titleselect = ''; //下一页链接 if ($thispagenum == $j) { $thisnextlink = $dolink . $add[filename] . $filetype; } else { $thisj = $j + 1; $thisnextlink = $dolink . $add[filename] . '_' . $thisj . $filetype; } $k = $j - 1; if ($j == 1) { $file = $doclasspath . $newspath . $add[filename] . $filetype; $ptitle = $add[title]; } else { $file = $doclasspath . $newspath . $add[filename] . '_' . $j . $filetype; $ti_r = explode('[/!--empirenews.page--]', $n_r[$k]); if (count($ti_r) >= 2) { $ptitle = $ti_r[0]; $n_r[$k] = $ti_r[1]; } else { $ptitle = $add[title] . '(' . $j . ')'; } } //取得当前页 if ($thispagenum != 1) { $truepage = $thefun($thispagenum, $j, $dolink, $add, $filetype, ''); $titleselect = str_replace("?" . $j . "\">", "?" . $j . "\" selected>", $dotitleselect); } //替换变量 $newstext = $n_r[$k]; if (!strstr($emod_r[$mid]['editorf'], ',' . $pf . ',')) { if (strstr($emod_r[$mid]['tobrf'], ',' . $pf . ',')) { $newstext = nl2br($newstext); } if (!strstr($emod_r[$mid]['dohtmlf'], ',' . $pf . ',')) { $newstext = ehtmlspecialchars($newstext); $newstext = RepFieldtextNbsp($newstext); } } $string = str_replace('[!--' . $pf . '--]', $newstext, $string); $string = str_replace('[!--p.title--]', strip_tags($ptitle), $string); $string = str_replace('[!--next.page--]', $thisnextlink, $string); $string = str_replace('[!--page.url--]', $truepage, $string); $string = str_replace('[!--title.select--]', $titleselect, $string); //写文件 WriteFiletext($file, $addlevel . $string); } } else { $file = $doclasspath . $newspath . $add[filename] . $filetype; $string = $newstempstr; //模板 //替换变量 $string = str_replace('[!--p.title--]', $add[title], $string); $string = str_replace('[!--next.page--]', '', $string); $string = str_replace('[!--page.url--]', '', $string); $string = str_replace('[!--title.select--]', '', $string); //写文件 WriteFiletext($file, $addlevel . $string); } //设为已生成 if (empty($doall) && empty($add['havehtml'])) { $empire->query("update {$dbtbpre}ecms_" . $class_r[$add[classid]][tbname] . "_index set havehtml=1 where id='{$add['id']}' limit 1"); $empire->query("update {$dbtbpre}ecms_" . $class_r[$add[classid]][tbname] . " set havehtml=1 where id='{$add['id']}' limit 1"); } }