if(empty($dopost)) $dopost="";
if($dopost=="add")
{
if(ereg("[^0-9a-zA-Z_@!\.-]",$pwd)){
ShowMsg("用户密码不合法!","-1",0,300);
exit();
}
if(ereg("[^0-9a-zA-Z_@!\.-]",$userid)){
ShowMsg("用户名不合法!","-1",0,300);
exit();
}
$dsql = new DedeSql(false);
$dsql->SetQuery("Select * from `#@__admin` where userid='$userid' Or uname='$uname'");
$dsql->Execute();
$ns = $dsql->GetTotalRow();
if($ns>0){
$dsql->Close();
ShowMsg("用户名或笔名已存在,不允许重复使用!","-1");
exit();
}
$ks = Array();
foreach($typeid as $v){
$vs = explode('-',$v);
if(isset($vs[1])) $t = $vs[1];
else $t = $vs[0];
if(!isset($ks[$vs[0]])) $ks[$t] = 1;
}
$typeid = '';
foreach($ks as $k=>$v){
if($k>0) $typeid .=($typeid=='' ? $k : ','.$k);
$dsql->Close();
ShowMsg("新增变量失败,可能有非法字符!","sys_info.php?gp=$vargroup");
exit();
}
$configfile = dirname(__FILE__)."/../include/config_hand.php";
$configfile_bak = dirname(__FILE__)."/../include/config_hand_bak.php";
if(!is_writeable($configfile)){
$dsql->Close();
ShowMsg("成功保存变量,但由于 $configfile 无法写入,因此不能更新配置文件!","sys_info.php?gp=$vargroup");
exit();
}else{
$dsql->SetQuery("Select varname,value From #@__sysconfig order by aid asc");
$dsql->Execute();
if($dsql->GetTotalRow()<=0){
$dsql->Close();
ShowMsg("成功保存变量但从数据库读取所有数据时失败,无法更新配置文件!","sys_info.php?gp=$vargroup");
exit();
}
copy($configfile,$configfile_bak);
$fp = fopen($configfile,"w");
fwrite($fp,"<"."?php\r\n");
while($row = $dsql->GetArray()){
fwrite($fp,"\${$row['varname']} = '".str_replace("'","\\'",$row['value'])."';\r\n");
}
fwrite($fp,"?".">");
fclose($fp);
$dsql->Close();
ShowMsg("成功保存变量并更新配置文件!","sys_info.php?gp=$vargroup");
exit();
}else if($dopost=="query") //执行SQL语句
{
$t1 = ExecTime();
$sqlquery = trim(stripslashes($sqlquery));
if(eregi("drop(.*)table",$sqlquery)
|| eregi("drop(.*)database",$sqlquery)){
echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>";
$dsql->Close();
exit();
}
//运行查询语句
if(eregi("^select ",$sqlquery))
{
$dsql->SetQuery($sqlquery);
$dsql->Execute();
if($dsql->GetTotalRow()<=0) echo "运行SQL:{$sqlquery},无返回记录!";
else echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!";
$j = 0;
while($row = $dsql->GetArray())
{
$j++;
if($j>100) break;
echo "<hr size=1 width='100%'/>";
echo "记录:$j";
echo "<hr size=1 width='100%'/>";
foreach($row as $k=>$v){
if(ereg("[^0-9]",$k)){ echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; }
}
}
$t2 = ExecTime();
echo "<hr>执行时间:".($t2-$t1);
foreach ($_POST as $k => $v) {
if (ereg("^edit___", $k)) {
$v = ${$k};
} else {
continue;
}
$k = ereg_replace("^edit___", "", $k);
if (strlen($v) > 250) {
showmsg("{$k} 太长,不能超过250字节", '-1');
exit;
}
$savesql->ExecuteNoneQuery("Update #@__config set `config_value`='{$v}' where `config_name`='{$k}' ");
}
$savesql->SetQuery("Select `config_name`,`config_value` From `#@__config` order by `id` asc");
$savesql->Execute();
if ($savesql->GetTotalRow() <= 0) {
$savesql->Close();
ShowMsg("成功保存变量但从数据库读取所有数据时失败,无法更新配置文件!", "javascript:;");
exit;
}
@copy($configfile, $configfile_bak);
$fp = @fopen($configfile, 'w');
@flock($fp, 3);
@fwrite($fp, "<" . "?php\r\n") or die("配置文件'{$configfile}'不支持写入,本次操作无效!<a href='system_basic.php'>返回</a>");
while ($row = $savesql->GetArray()) {
$row['value'] = str_replace("'", "\\'", $row['config_value']);
fwrite($fp, "\${$row['config_name']} = '" . $row['config_value'] . "';\r\n");
}
fwrite($fp, "?>");
fclose($fp);
$message = "成功修改了系统配置文件config_base.php";
else $condition = "";
$rs = $dsql->ExecuteNoneQuery("Update $exptable set $rpfield=Replace($rpfield,'$rpstring','$tostring') $condition ");
$dsql->executenonequery("OPTIMIZE TABLE `$exptable`");
$dsql->Close();
if($rs) ShowMsg("成功完成数据替换!","javascript:;");
else ShowMsg("数据替换失败!","javascript:;");
}else
{
if(!empty($condition)) $condition = " And $condition ";
else $condition = "";
$rpstring = stripslashes($rpstring);
$rpstring2 = str_replace("\\","\\\\",$rpstring);
$rpstring2 = str_replace("'","\\'",$rpstring2);
$dsql->SetQuery("Select $keyfield,$rpfield From $exptable where $rpfield REGEXP '$rpstring2' $condition ");
$dsql->Execute();
$tt = $dsql->GetTotalRow();
if($tt==0){
$dsql->Close();
ShowMsg("根据你指定的正则,找不到任何东西!","javascript:;");
exit();
}
$oo = 0;
while($row = $dsql->GetArray()){
$kid = $row[$keyfield];
$rpf = eregi_replace($rpstring,$tostring,$row[$rpfield]);
$rs = $dsql->ExecuteNoneQuery("Update $exptable set $rpfield='$rpf' where $keyfield='$kid' ");
if($rs) $oo++;
}
$dsql->executenonequery("OPTIMIZE TABLE `$exptable`");
$dsql->close;
ShowMsg("共找到 $tt 条记录,成功替换了 $oo 条!","javascript:;");
}
$titless = split('`',$titles);
if($deltype=='delnew') $orderby = " order by ID desc ";
else $orderby = " order by ID asc ";
$totalarc = 0;
foreach($titless as $title){
$title = trim($title);
if($title=='') $q1 = "Select ID,title From $maintable where channel='$channelid' and title='' $orderby ";
else{
$title = addslashes(urldecode($title));
$q1 = "Select ID,title From $maintable where channel='$channelid' and title='$title' $orderby ";
}
$dsql->SetQuery($q1);
$dsql->Execute();
$rownum = $dsql->GetTotalRow();
if($rownum<2) continue;
$i = 1;
while($row = $dsql->GetObject()){
$i++;
$naid = $row->ID;
$ntitle = $row->title;
if($i > $rownum){ continue; }
$totalarc++;
DelArc($naid);
}
}
$dsql->executenonequery("OPTIMIZE TABLE `$maintable`");
$dsql->Close();
ShowMsg("一共删除了[{$totalarc}]篇重复的文档!","javascript:;");
exit();
