public function api_add($uploadedfile) { $uploadfield = array(); $uploadfield = $uploadedfile; unset($uploadfield['fn']); $uploadfield = String::addslashes($uploadfield); $this->insert($uploadfield); $aid = $this->insert_id(); $uploadedfile['aid'] = $aid; return $aid; }
href="?app=admin&controller=linkage&action=public_manage_submenu&keyid=<?php echo $info['linkageid']; ?> &menuid=<?php echo isset($_GET['menuid']) ? $_GET['menuid'] : ''; ?> "><?php echo L('linkage_manage_submenu'); ?> </a> | <a href="javascript:void(0);" onclick="edit('<?php echo $info['linkageid']; ?> ','<?php echo String::addslashes($info['name']); ?> ')"><?php echo L('edit'); ?> </a> | <a href="<?php echo art_confirm(L('linkage_is_del'), '?app=admin&controller=linkage&action=delete&linkageid=' . $info['linkageid']); ?> "><?php echo L('delete'); ?> </a> | <a href="?app=admin&controller=linkage&action=public_cache&linkageid=<?php
/** * 上传无记录的临时文件 * * @param unknown_type $field */ public function upload_tmp($field) { $tmpPath = $this->upload_root . "tmp/"; if (!isset($_FILES[$field])) { // 判断附件上传字段是否为空 $this->error = UPLOAD_ERR_OK; return false; } // 判断限制的类型 $this->alowexts = C('attachment', 'allowext'); $this->savepath = $tmpPath; $this->maxsize = C('attachment', 'maxsize') * 1024; $this->uploads = 1; if (!Folder::mk($this->savepath) && !is_dir($this->savepath)) { $this->error = '8'; return false; } @chmod($this->savepath, 0755); if (!is_writeable($this->savepath)) { $this->error = '9'; return false; } $file = $_FILES[$field]; if (is_array($file['error'])) { $this->error = '5'; return false; } else { $this->uploads = 1; } $fileext = File::get_suffix($file['name']); if ($file['error'] != 0) { $this->error = $file['error']; return false; } if (!preg_match("/^(" . $this->alowexts . ")\$/", $fileext)) { $this->error = '10'; return false; } if ($this->maxsize && $file['size'] > $this->maxsize) { $this->error = '11'; return false; } if (!$this->isuploadedfile($file['tmp_name'])) { $this->error = '12'; return false; } $filename = $this->getname("png"); $savefile = $this->savepath . $filename; $filepath = preg_replace(String::addslashes("|^" . $this->upload_root . "|"), "", $savefile); $upload_func = $this->upload_func; if (@$upload_func($file['tmp_name'], $savefile)) { @chmod($savefile, 0755); @unlink($file['tmp_name']); return $filepath; } else { return false; } }
?> </td> <td align="center"><a href="javascript:edit('<?php echo $r['typeid']; ?> ','<?php echo trim(String::addslashes($r['name'])); ?> ')"><?php echo L('edit'); ?> </a> | <a href="javascript:;" onclick="data_delete(this,'<?php echo $r['typeid']; ?> ','<?php echo trim(String::addslashes($r['name'])); ?> ')"><?php echo L('delete'); ?> </a> </td> </tr> <?php } ?> </tbody> </table> <div class="btn"><input type="submit" class="btn btn-primary btn-sm"name="dosubmit" value="<?php echo L('listorder'); ?>
</td> <td align="center" width="12%"><a href="###" onclick="edit(<?php echo $info['linkid']; ?> , '<?php echo String::addslashes($info['name']); ?> ')" title="<?php echo L('edit'); ?> "><?php echo L('edit'); ?> </a> | <a href="<?php echo art_confirm(L('confirm', array('message' => String::addslashes($info['name']))), '?app=link&controller=link&action=delete&linkid=' . $info['linkid']); ?> "><?php echo L('delete'); ?> </a> </td> </tr> <?php } } ?> </tbody> </table> </div> <div class="btn">
/** * 导入的数据添加到数据表 * * @param intval $modelid 模型ID * @param intval $specialid 信息的所属专题ID * @param intval $id 信息的ID * @param intval $typeid 信息的分类ID * @param intval $listorder 信息的排序 */ public function _import($modelid, $specialid, $id, $typeid, $listorder = 0) { if (!$specialid || !$id || !$typeid) { return false; } $c = Loader::model('content_model'); $c->set_model($modelid); $info = $c->where(array('id' => $id, 'status' => 99))->field('id, catid, title, thumb, url, description, username, inputtime, updatetime')->find(); if ($info) { $info['curl'] = $info['id'] . '|' . $info['catid']; unset($info['id'], $info['catid']); if (!$this->c_db->get_one(array('title' => addslashes($info['title']), 'specialid' => $specialid, 'typeid' => $typeid))) { $info['specialid'] = $specialid; $info['typeid'] = $typeid; $info['islink'] = 1; $info['listorder'] = $listorder; $info = String::addslashes($info); return $this->c_db->insert($info, true); } } return false; }
/** * 添加评论 * * @param string $commentid 评论ID * @param array $data * 内容数组应该包括array('userid'=>用户ID,'username'=>用户名,'content'=>内容) * @param string $id 回复评论的内容 * @param string $title 文章标题 * @param string $url 文章URL地址 */ public function add($commentid, $data, $id = '', $title = '', $url = '') { // 开始查询评论这条评论是否存在。 $title = String::addslashes($title); if (!($comment = $this->comment_db->where(array('commentid' => $commentid))->field('tableid, commentid')->find())) { // 评论不存在 // 取得当前可以使用的内容数据表 $r = $this->comment_table_db->field('tableid, total')->order('tableid desc')->find(); $tableid = $r['tableid']; if ($r['total'] >= 1000000) { // 当上一张数据表存的数据已经达到1000000时,创建新的数据存储表,存储数据。 if (!($tableid = $this->comment_table_db->creat_table())) { $this->msg_code = 4; return false; } } // 新建评论到评论总表中。 $comment_data = array('commentid' => $commentid, 'tableid' => $tableid); if (!empty($title)) { $comment_data['title'] = $title; } if (!empty($url)) { $comment_data['url'] = $url; } if (!$this->comment_db->insert($comment_data)) { $this->msg_code = 5; return false; } } else { // 评论存在时 $tableid = $comment['tableid']; } if (empty($tableid)) { $this->msg_code = 1; return false; } // 为数据存储数据模型设置 数据表名。 $this->comment_data_db->table_name($tableid); // 检查数据存储表。 if (!$this->comment_data_db->table_exists('comment_data_' . $tableid)) { // 当存储数据表不存时,尝试创建数据表。 if (!($tableid = $this->comment_table_db->creat_table($tableid))) { $this->msg_code = 2; return false; } } // 向数据存储表中写入数据。 $data['commentid'] = $commentid; $data['ip'] = IP; $data['status'] = 1; $data['creat_at'] = TIME; // 对评论的内容进行关键词过滤。 $data['content'] = strip_tags($data['content']); $badword = Loader::model('badword_model'); $data['content'] = $badword->replace_badword($data['content']); if ($id) { $r = $this->comment_data_db->getby_id($id); if ($r) { if ($r['reply']) { $data['content'] = '<div class="content">' . str_replace('<span></span>', '<span class="blue f12">' . $r['username'] . ' ' . L('chez') . ' ' . Format::date($r['creat_at'], 1) . L('release') . '</span>', $r['content']) . '</div><span></span>' . $data['content']; } else { $data['content'] = '<div class="content"><span class="blue f12">' . $r['username'] . ' ' . L('chez') . ' ' . Format::date($r['creat_at'], 1) . L('release') . '</span><pre>' . $r['content'] . '</pre></div><span></span>' . $data['content']; } $data['reply'] = 1; } } // 判断站点是否需要审核 $site = S('common/comment'); if ($site['check']) { $data['status'] = 0; } if ($comment_data_id = $this->comment_data_db->insert($data, true)) { // 需要审核,插入到审核表 if ($data['status'] == 0) { $this->comment_check_db->insert(array('comment_data_id' => $comment_data_id, 'tableid' => $tableid)); } elseif (!empty($data['userid']) && !empty($site['add_point']) && app_exists('pay')) { // 不需要审核直接给用户添加积分 Loader::lib('pay:receipts', false); receipts::point($site['add_point'], $data['userid'], $data['username'], '', 'selfincome', 'Comment'); } // 开始更新数据存储表数据总条数 $this->comment_table_db->edit_total($tableid, '+=1'); // 开始更新评论总表数据总数 $sql['lastupdate'] = TIME; // 只有在评论通过的时候才更新评论主表的评论数 if ($data['status'] == 1) { $sql['total'] = '+=1'; } $this->comment_db->where(array('commentid' => $commentid))->update($sql); if ($site['check']) { $this->msg_code = 7; } else { $this->msg_code = 0; } return true; } else { $this->msg_code = 3; return false; } }
<td align="center"><a href="javascript:edit('<?php echo $r['id']; ?> ','<?php echo String::addslashes($r['sitename']); ?> ')"><?php echo L('edit'); ?> </a> | <a href="javascript:;" onclick="data_delete(this,'<?php echo $r['id']; ?> ','<?php echo L('confirm', array('message' => String::addslashes($r['sitename']))); ?> ')"><?php echo L('delete'); ?> </a></td> </tr> <?php } ?> </tbody> </table> <div class="btn"> <input type="submit" class="btn btn-primary btn-sm"name="dosubmit" value="<?php echo L('listorder');
/** * 历史记录还原 */ public function history_restore() { $id = isset($_GET['id']) && intval($_GET['id']) ? intval($_GET['id']) : showmessage(L('illegal_operation'), HTTP_REFERER); if (!($data = $this->history_db->getby_id($id))) { showmessage(L('nofound'), HTTP_REFERER); } $data['data'] = string2array($data['data']); $this->db->where(array('id' => $data['blockid']))->update(array('data' => String::addslashes($data['data']['data']), 'template' => String::addslashes($data['data']['template']))); if ($data['data']['type'] == 2) { $block = Loader::lib('block:block_tag'); $block->template_url($data['blockid'], $data['data']['template']); } showmessage(L('operation_success'), HTTP_REFERER); }
')" title="<?php echo L('edit'); ?> "><?php echo L('edit'); ?> </a> | <a href="javascript:call(<?php echo String::addslashes($info['subjectid']); ?> );void(0);"><?php echo L('call_js_code'); ?> </a> | <a href='?app=vote&controller=vote&action=delete&subjectid=<?php echo String::addslashes($info['subjectid']); ?> ' onClick="return confirm('<?php echo L('vote_confirm_del'); ?> ')"><?php echo L('delete'); ?> </a> </td> </tr> <?php } } ?>
/** * 管理联动菜单子菜单 */ public function public_manage_submenu() { $keyid = isset($_GET['keyid']) && trim($_GET['keyid']) ? trim($_GET['keyid']) : showmessage(L('linkage_parameter_error')); $tree = Loader::lib('Tree'); $tree->icon = array(' │ ', ' ├─ ', ' └─ '); $tree->nbsp = ' '; $sum = $this->db->where(array('keyid' => $keyid))->count(); $sql_parentid = isset($_GET['parentid']) ? trim($_GET['parentid']) : 0; $where = $sum > 40 ? array('keyid' => $keyid, 'parentid' => $sql_parentid) : array('keyid' => $keyid); $result = $this->db->where($where)->order('listorder ,linkageid')->select(); $areas = array(); foreach ($result as $areaid => $area) { $areas[$area['linkageid']] = array('id' => $area['linkageid'], 'parentid' => $area['parentid'], 'name' => $area['name'], 'listorder' => $area['listorder'], 'style' => $area['style'], 'keyid' => $keyid, 'description' => $area['description']); $areas[$area['linkageid']]['str_manage'] = $sum > 40 && $this->_is_last_node($area['keyid'], $area['linkageid']) ? '<a href="?app=admin&controller=linkage&action=public_manage_submenu&keyid=' . $area['keyid'] . '&parentid=' . $area['linkageid'] . '">' . L('linkage_manage_submenu') . '</a> | ' : ''; $areas[$area['linkageid']]['str_manage'] .= '<a href="javascript:void(0);" onclick="add(\'' . $keyid . '\',\'' . String::addslashes($area['name']) . '\',\'' . $area['linkageid'] . '\')">' . L('linkage_add_submenu') . '</a> | <a href="javascript:void(0);" onclick="edit(\'' . $area['linkageid'] . '\',\'' . $area['name'] . '\',\'' . $area['parentid'] . '\')">' . L('edit') . '</a> | <a href="' . art_confirm(L('linkage_is_del'), '?app=admin&controller=linkage&action=delete&linkageid=' . $area['linkageid'] . '&keyid=' . $area['keyid']) . '">' . L('delete') . '</a> '; } $str = "<tr>\n <td align='center' width='80'><input name='listorders[\$id]' type='text' size='3' value='\$listorder' class='input-text-c'></td>\n <td align='center' width='100'>\$id</td>\n <td>\$spacer\$name</td>\n <td >\$description</td>\n <td align='center'>\$str_manage</td>\n </tr>"; $tree->init($areas); $submenu = $tree->get_tree($sql_parentid, $str); $big_menu = big_menu('?app=admin&controller=linkage&action=public_sub_add&keyid=' . $keyid, 'add', L('linkage_add'), 500, 430); include $this->view('linkage_submenu'); }
/** * 转换数据为HTML代码 * * @param array $data * 数组 */ private static function arr_to_html($data) { if (is_array($data)) { $str = 'array('; foreach ($data as $key => $val) { if (is_array($val)) { $str .= "'{$key}'=>" . self::arr_to_html($val) . ","; } else { if (strpos($val, '$') === 0) { $str .= "'{$key}'=>{$val},"; } else { $str .= "'{$key}'=>'" . String::addslashes($val) . "',"; } } } return $str . ')'; } return false; }
</td> <td align="center"><textarea ondblclick="copy_text(this)" style="width: 400px;height:30px" /><?php echo htmlspecialchars($v['tag']); ?> </textarea></td> <td align="center"><a href="javascript:edit(<?php echo $v['id']; ?> , '<?php echo htmlspecialchars(String::addslashes($v['name'])); ?> ')"><?php echo L('edit'); ?> </a> | <a href="<?php echo art_confirm(htmlspecialchars(String::addslashes(L('confirm', array('message' => $v['name'])))), '?app=tag&controller=tag&action=del&id=' . $v['id']); ?> " ><?php echo L('delete'); ?> </a></td> </tr> <?php } } ?> </tbody> </table> <div class="btn"> <label for="check_box"><?php echo L('select_all');
/** * 导入模型 */ public function import() { if (isset($_POST['dosubmit'])) { $info = array(); $info['name'] = $_POST['info']['modelname']; // 主表表名 $basic_table = $info['tablename'] = $_POST['info']['tablename']; // 从表表名 $table_data = $basic_table . '_data'; $info['description'] = $_POST['info']['description']; $info['type'] = 0; $info['default_style'] = $_POST['default_style']; $info['category_template'] = $_POST['setting']['category_template']; $info['list_template'] = $_POST['setting']['list_template']; $info['show_template'] = $_POST['setting']['show_template']; if (!empty($_FILES['model_import']['tmp_name'])) { $model_import = @file_get_contents($_FILES['model_import']['tmp_name']); if (!empty($model_import)) { $model_import_data = string2array($model_import); } } $is_exists = $this->db->table_exists($basic_table); if ($is_exists) { showmessage(L('operation_failure'), U('content/model/init')); } $modelid = $this->db->add($info, 1); if ($modelid) { $tablepre = $this->db->get_prefix(); // 建立数据表 $model_sql = file_get_contents(MODEL_PATH . 'model.sql'); $model_sql = str_replace('$basic_table', $tablepre . $basic_table, $model_sql); $model_sql = str_replace('$table_data', $tablepre . $table_data, $model_sql); $model_sql = str_replace('$table_model_field', $tablepre . 'model_field', $model_sql); $model_sql = str_replace('$modelid', $modelid, $model_sql); $this->db->sql_execute($model_sql); if (!empty($model_import_data)) { $this->model_field_db = Loader::model('model_field_model'); $system_field = array('title', 'style', 'catid', 'url', 'listorder', 'status', 'userid', 'username', 'inputtime', 'updatetime', 'pages', 'readpoint', 'template', 'groupids_view', 'posids', 'content', 'keywords', 'description', 'thumb', 'typeid', 'relation', 'islink', 'allow_comment'); foreach ($model_import_data as $v) { $field = $v['field']; if (in_array($field, $system_field)) { unset($v['fieldid'], $v['modelid'], $v['field']); $v = String::addslashes($v); $v['setting'] = serialize($v['setting']); $this->model_field_db->where(array('modelid' => $modelid, 'field' => $field))->update($v); } else { $tablename = $v['issystem'] ? $tablepre . $basic_table : $tablepre . $table_data; // 重组模型表字段属性 $minlength = $v['minlength'] ? $v['minlength'] : 0; $maxlength = $v['maxlength'] ? $v['maxlength'] : 0; $field_type = $v['formtype']; require MODEL_PATH . $field_type . DIRECTORY_SEPARATOR . 'config.inc.php'; if (isset($v['setting']['fieldtype'])) { $field_type = $v['setting']['fieldtype']; } require MODEL_PATH . 'add.sql.php'; $v['tips'] = addslashes($v['tips']); $v['setting'] = serialize($v['setting']); $v['modelid'] = $modelid; unset($v['fieldid']); $this->model_field_db->insert($v); } } } $this->public_cache(); showmessage(L('operation_success'), U('content/model/init')); } } else { $show_validator = ''; $style_list = template_list(0); foreach ($style_list as $k => $v) { $style_list[$v['dirname']] = $v['name'] ? $v['name'] : $v['dirname']; unset($style_list[$k]); } $big_menu = big_menu(U('content/model/add'), 'add', L('add_model'), 580, 400); include $this->view('model_import'); } }
echo $applications[$info['application']]['name']; ?> </td> <td width="8%" align="center"><?php echo $category[$info['catid']]['catname']; ?> </td> <td width="20%"><img src="<?php echo file_icon($info['filename'], 'gif'); ?> " /> <?php echo $info['filename']; ?> <?php echo $thumb ? '<img title="' . L('att_thumb_manage') . '" src="statics/images/admin_img/havthumb.png" onclick="showthumb(' . $info['aid'] . ', \'' . String::addslashes($info['filename']) . '\')"/>' : ''; ?> <?php echo $info['status'] ? '<img src="statics/images/admin_img/link.png"' : ''; ?> </td> <td width="10%" align="center"><?php echo $this->attachment->size($info['filesize']); ?> </td> <td width="12%" align="center"><?php echo date('Y-m-d H:i:s', $info['uploadtime']); ?> </td> <td align="center"><a href="javascript:preview(<?php
</td> <td align="center" width="10%"><?php echo $info['send_to_id']; ?> </td> <td align="center" width="15%"><?php echo date("Y-m-d H:i:s", $info['message_time']); ?> </td> <td align="center" width="15%"> <a href='?app=message&controller=message&action=delete&messageid=<?php echo $info['messageid']; ?> ' onClick="return confirm('<?php echo L('confirm', array('message' => String::addslashes($info['subject']))); ?> ')"><?php echo L('delete'); ?> </a> </td> </tr> <?php } } ?> </tbody> </table> <div class="btn"><a href="#" onClick="javascript:$('input[type=checkbox]').attr('checked', true)"><?php
?> "></td> <td width="30%" align="left"><?php echo $info['word']; ?> </td> <td align="center"><?php echo $info['url']; ?> </td> <td align="center"><a href="javascript:edit(<?php echo $info['keylinkid']; ?> , '<?php echo String::addslashes($info['word']); ?> ')"><?php echo L('edit'); ?> </a> | <a href="<?php echo art_confirm(L('keylink_confirm_del'), '?app=admin&controller=keylink&action=delete&keylinkid=' . $info['keylinkid']); ?> "><?php echo L('delete'); ?> </a></td> </tr> <?php }
/** * 生成模板临时文件 @param $filepath 文件地址 @param $style 风格 @param $dir 目录名 */ function creat_template_bak($filepath, $style, $dir) { $filename = basename($filepath); Loader::model('template_bak_model')->insert(array('creat_at' => TIME, 'fileid' => $style . "_" . $dir . "_" . $filename, 'userid' => cookie('userid'), 'username' => cookie('admin_username'), 'template' => String::addslashes(file_get_contents($filepath)))); }
/** * 复制采集 */ public function copy() { $nodeid = isset($_GET['nodeid']) ? intval($_GET['nodeid']) : showmessage(L('illegal_parameters'), HTTP_REFERER); if ($data = $this->db->getby_nodeid($nodeid)) { if (isset($_POST['dosubmit'])) { unset($data['nodeid']); $name = isset($_POST['name']) && trim($_POST['name']) ? trim($_POST['name']) : showmessage(L('illegal_parameters'), HTTP_REFERER); if ($this->db->where(array('name' => $name))->field('nodeid')->find()) { showmessage(L('nodename') . L('exists'), HTTP_REFERER); } $data['name'] = $name; $data = String::addslashes($data); if ($this->db->insert($data)) { showmessage(L('operation_success'), '', '', 'test'); } else { showmessage(L('operation_failure')); } } else { $show_validator = $show_header = true; include $this->view('node_copy'); } } else { showmessage(L('notfound')); } }
?> " size="30" /></td> <td align="center"><a href="javascript:edit(<?php echo $v['id']; ?> , '<?php echo htmlspecialchars(String::addslashes($v['name'])); ?> ')"><?php echo L('edit'); ?> </a> | <a href="?app=dbsource&controller=data&action=del&id=<?php echo $v['id']; ?> " onclick="return confirm('<?php echo htmlspecialchars(String::addslashes(L('confirm', array('message' => $v['name'])))); ?> ')"><?php echo L('delete'); ?> </a></td> </tr> <?php } } ?> </tbody> </table> <div class="btn"> <label for="check_box"><?php echo L('select_all');