connect(DB_HOST, DB_USER, DB_PW, DB_NAME, DB_PCONNECT, DB_CHARSET);
require 'session_'.SESSION_STORAGE.'.class.php';
$session = new session();
session_set_cookie_params(0, COOKIE_PATH, COOKIE_DOMAIN);
if($_REQUEST)
{
if(MAGIC_QUOTES_GPC)
{
$_REQUEST = new_stripslashes($_REQUEST);
if($_COOKIE) $_COOKIE = new_stripslashes($_COOKIE);
}
else
{
$_POST = new_addslashes($_POST);
$_GET = new_addslashes($_GET);
$_COOKIE = new_addslashes($_COOKIE);
@extract($_POST);
@extract($_GET);
@extract($_COOKIE);
}
if(!defined('IN_ADMIN')) $_REQUEST = filter_xss($_REQUEST, ALLOWED_HTMLTAGS);
extract($db->escape($_REQUEST), EXTR_SKIP);
if($_COOKIE) $db->escape($_COOKIE);
}
if(QUERY_STRING && strpos(QUERY_STRING, '=') === false && preg_match("/^(.*)\.(htm|html|shtm|shtml)$/", QUERY_STRING, $urlvar))
{
parse_str(str_replace(array('/', '-', ' '), array('&', '=', ''), $urlvar[1]));
}
$CACHE = cache_read('common.php');
if(!$CACHE)
{
require_once 'cache.func.php';
cache_all();
$CACHE = cache_read('common.php');
}
extract($CACHE);
unset($CACHE);
if($PHPCMS['enable_ipbanned'] && ip_banned(IP)) showmessage($LANG['administrator_banned_this_IP']);
if(!defined('IN_ADMIN'))
{
if(FILTER_ENABLE && filter_word()) showmessage('The content including illegal information: '.ILLEGAL_WORD.' .');
if($PHPCMS['minrefreshtime'])
{
$cc = new times();
$cc->set('cc', $PHPCMS['minrefreshtime'], 1);
if($cc->check()) showmessage('Do not refresh the page in '.$PHPCMS['minrefreshtime'].' seconds!');
$cc->add();
unset($cc);
}
if(!isset($forward)) $forward = HTTP_REFERER;
}
$M = $TEMP = array();
if(!isset($mod)) $mod = 'phpcms';
if($mod != 'phpcms')
{
isset($MODULE[$mod]) or exit($LANG['module_not_exists']);
$langfile = defined('IN_ADMIN') ? $mod.'_admin' : $mod;
@include PHPCMS_ROOT.'languages/'.LANG.'/'.$langfile.'.lang.php';
$M = cache_read('module_'.$mod.'.php');
}
$_userid = 0;
$_username = '';
$_groupid = 3;
//$phpcms_auth = get_cookie('auth');
$action='add';
$dosubmit=true;
//ET增加登录验证
require PHPCMS_ROOT.'languages/'.LANG.'/member.lang.php';
require PHPCMS_ROOT.'member/include/member.class.php';
$member = new member();
$result = $member->login($username, $password);
if(!$result)
{
exit("[err]invalid username or password[/err]");
}
@extract($result, EXTR_PREFIX_ALL, '');
if($_groupid > 1)
{
exit("[err]you are not admin[/err]");
}
$_SESSION['is_admin'] = 1;
/*
if($phpcms_auth)
{
$auth_key = md5(AUTH_KEY.$_SERVER['HTTP_USER_AGENT']);
list($_userid, $_password) = explode("\t", phpcms_auth($phpcms_auth, 'DECODE', $auth_key));
$_userid = intval($_userid);
$sql_member = "SELECT * FROM `".DB_PRE."member_cache` WHERE `userid`=$_userid";
$r = $db->get_one($sql_member);
if(!$r && cache_member())
{
$r = $db->get_one($sql_member);
}
if($r && $r['password'] === $_password)
{
if($r['groupid'] == 2)
{
set_cookie('auth', '');
showmessage($LANG['userid_banned_by_administrator']);
}
@extract($r, EXTR_PREFIX_ALL, '');
}
else
{
$_userid = 0;
$_username = '';
$_groupid = 3;
set_cookie('auth', '');
}
unset($r, $phpcms_auth, $phpcms_auth_key, $_password, $sql_member);
}*/
$G = cache_read('member_group_'.$_groupid.'.php');
$priv_group = new priv_group();
define('SKIN_PATH', 'templates/'.TPL_NAME.'/skins/'.TPL_CSS.'/');
define('PASSPORT_ENABLE', ($PHPCMS['uc'] || $PHPCMS['enablepassport'] || $PHPCMS['enableserverpassport']) ? 1 : 0);
//include/common.inc.php结束
require 'log.class.php';
require 'form.class.php';
require 'priv_role.class.php';
require_once 'cache.func.php';
require_once 'version.inc.php';
require PHPCMS_ROOT.'languages/'.LANG.'/phpcms_admin.lang.php';
if(!isset($file)) $file = 'index';
preg_match("/^[0-9A-Za-z_-]+$/", $file) or showmessage('Invalid Request.');
$action = isset($action) ? $action : '';
$catid = isset($catid) ? intval($catid) : 0;
$specialid = isset($specialid) ? intval($specialid) : 0;
if(!isset($forward) && str_exists(HTTP_REFERER, '?')) $forward = HTTP_REFERER;
session_start();
if($_userid && $_groupid == 1 && $_SESSION['is_admin'] == 1)
{
$ROLE = cache_read('role.php');
$GROUP = cache_read('member_group.php');
$POS = cache_read('position.php');
$STATUS = cache_read('status.php');
// $_roleid = cache_read('admin_role_'.$_userid.'.php');
// if(!$_roleid) showmessage('您没有任何角色权限!');
// $priv_role = new priv_role();
// if(!$priv_role->module()) showmessage('您没有操作权限!');
}
/*elseif($file != 'login')
{
showmessage('请登录!', '?mod=phpcms&file=login&forward='.urlencode(URL),1,1);
}
*/
$log = new log();
if(ADMIN_LOG && $file != 'database' && !in_array($action, array('get_menu_list', 'menu_pos')))
{
$log->set('admin', 0);
$log->add();
}
//if($mod != 'phpcms' && !@include PHPCMS_ROOT.$M['path'].'admin/admin.inc.php') showmessage('The file ./'.$M['path'].'admin.inc.php is not exists!');
if($mod != 'phpcms' && !@include PHPCMS_ROOT.$M['path'].'admin/admin.inc.php') exit('[err]The file ./'.$M['path'].'admin.inc.php is not exists! [/err]');
//if(!@include PHPCMS_ROOT.(isset($M['path']) ? $M['path'] : '').'admin/'.$file.'.inc.php') exit("[err]The file ./{$M['path']}admin/{$file}.inc.php is not exists![/err]");
defined('IN_PHPCMS') or exit("Access Denied");
require_once 'admin/process.class.php';
require_once 'admin/content.class.php';
//替换require_once 'attachment.class.php';开始
class attachment
{
var $db;
var $table;
var $contentid;
var $module;
var $catid;
var $attachments;
var $field;
var $imageexts = array('gif', 'jpg', 'jpeg', 'png', 'bmp');
var $uploadedfiles = array();
var $downloadedfiles = array();
var $error;
function attachment($module = 'phpcms', $catid = 0)
{
global $db;
$this->db = &$db;
$this->table = DB_PRE.'attachment';
$this->module = $module;
$this->catid = intval($catid);
}
function get($aid, $fields = '*')
{
$aid = intval($aid);
return $this->db->get_one("SELECT $fields FROM `$this->table` WHERE `aid`=$aid");
}
function upload($field, $alowexts = 'jpg|jpeg|gif|bmp|png|doc|docx|xls|ppt|pdf|txt|rar|zip', $maxsize = 0, $overwrite = 0)
{
global $_groupid;
if((!UPLOAD_FRONT && $_groupid != 1) || !isset($_FILES[$field])) return false;
$this->field = $field;
$this->savepath = UPLOAD_ROOT.date('Y/md/');
/*判断上传附件方式是否为ftp方式*/
if(UPLOAD_FTP_ENABLE && extension_loaded('ftp'))
{
if(!is_object($upload_ftp)) {
require_once 'ftp.class.php';
$upload_ftp = new ftp(UPLOAD_FTP_HOST, UPLOAD_FTP_PORT, UPLOAD_FTP_USER, UPLOAD_FTP_PW, UPLOAD_FTP_PATH);
if($upload_ftp->error) showmessage($upload_ftp->error);
}
$upload_ftp_enable = 1;
$this->savepath = UPLOAD_FTP_ROOT.date('Y/md/');
}
$this->alowexts = $alowexts;
$this->maxsize = $maxsize;
$this->overwrite = $overwrite;
$uploadfiles = array();
$description = isset($GLOBALS[$field.'_description']) ? $GLOBALS[$field.'_description'] : array();
if(is_array($_FILES[$field]['error']))
{
$this->uploads = count($_FILES[$field]['error']);
foreach($_FILES[$field]['error'] as $key => $error)
{
if($error === UPLOAD_ERR_NO_FILE) continue;
if($error !== UPLOAD_ERR_OK)
{
$this->error = $error;
return false;
}
$uploadfiles[$key] = array('tmp_name' => $_FILES[$field]['tmp_name'][$key], 'name' => $_FILES[$field]['name'][$key], 'type' => $_FILES[$field]['type'][$key], 'size' => $_FILES[$field]['size'][$key], 'error' => $_FILES[$field]['error'][$key], 'description'=>$description[$key]);
}
}
else
{
$this->uploads = 1;
if(!$description) $description = '';
$uploadfiles[0] = array('tmp_name' => $_FILES[$field]['tmp_name'], 'name' => $_FILES[$field]['name'], 'type' => $_FILES[$field]['type'], 'size' => $_FILES[$field]['size'], 'error' => $_FILES[$field]['error'], 'description'=>$description);
}
if($upload_ftp_enable) {
if(!ftp_dir_create($this->savepath))
{
echo '1243';
$this->error = '8';
return false;
}
if(!$upload_ftp->chdir($this->savepath))
{
$this->error = '8';
return false;
}
@$upload_ftp->chmod(0777, $this->savepath);
if(!$this->is_allow_upload())
{
$this->error = '13';
return false;
}
} else {
if(!dir_create($this->savepath))
{
$this->error = '8';
return false;
}
if(!is_dir($this->savepath))
{
$this->error = '8';
return false;
}
@chmod($this->savepath, 0777);
if(!is_writeable($this->savepath))
{
$this->error = '9';
return false;
}
if(!$this->is_allow_upload())
{
$this->error = '13';
return false;
}
}
$aids = array();
foreach($uploadfiles as $k=>$file)
{
$fileext = fileext($file['name']);
if(!preg_match("/^(".$this->alowexts.")$/", $fileext))
{
$this->error = '10';
return false;
}
if($this->maxsize && $file['size'] > $this->maxsize)
{
$this->error = '11';
return false;
}
if(!$this->isuploadedfile($file['tmp_name']))
{
$this->error = '12';
return false;
}
$temp_filename = $this->getname($fileext);
$savefile = $this->savepath.$temp_filename;
$savefile = preg_replace("/(php|phtml|php3|php4|jsp|exe|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\.|$)/i", "_\\1\\2", $savefile);
$filepath = preg_replace("|^".UPLOAD_ROOT."|", "", $savefile);
if($upload_ftp_enable) {
if(!$this->overwrite && ($upload_ftp->size($savefile)>0)) continue;
if($upload_ftp->put($temp_filename, $file['tmp_name']))
{
$this->uploadeds++;
@$upload_ftp->chmod($savefile, 0644);
@unlink($file['tmp_name']);
$uploadedfile = array('filename'=>$file['name'], 'filepath'=>UPLOAD_FTP_DOMAIN.$filepath, 'filetype'=>$file['type'], 'filesize'=>$file['size'], 'fileext'=>$fileext, 'description'=>$file['description']);
$aids[] = $this->add($uploadedfile);
}
} else {
if(!$this->overwrite && file_exists($savefile)) continue;
$upload_func = UPLOAD_FUNC;
if(@$upload_func($file['tmp_name'], $savefile))
{
$this->uploadeds++;
@chmod($savefile, 0644);
@unlink($file['tmp_name']);
$uploadedfile = array('filename'=>$file['name'], 'filepath'=>$filepath, 'filetype'=>$file['type'], 'filesize'=>$file['size'], 'fileext'=>$fileext, 'description'=>$file['description']);
$aids[] = $this->add($uploadedfile);
}
}
}
return $aids;
}
function update_intr($contentid, $value = '', $length = 200)
{
$length = min(intval($length), 255);
$value = trim($value);
if($value)
{
$des = $this->db->get_one("SELECT `description` FROM ".DB_PRE."content WHERE `contentid`='$contentid'");
if(trim($des['description'])) return TRUE;
if(strpos($value, '')!==false)
{
$sen_occ = strpos($value, '
');
$value = substr($value, 0, $sen_occ+3);
}
elseif(strpos($value, 'db->query("UPDATE ".DB_PRE."content SET `description`='$description' WHERE `contentid`='$contentid'");
}
return TRUE;
}
function update_thumb($contentid, $aid = 1)
{
$aid = max(intval($aid), 1);
$id = $this->db->get_one("SELECT `thumb` FROM ".DB_PRE."content WHERE `contentid`=$contentid");
if($id['thumb']) return true;
$aid--;
$info = $this->db->get_one("SELECT `filepath` FROM `$this->table` WHERE `contentid`='$contentid' ORDER BY `aid` ASC LIMIT $aid, 1");
if($info['filepath'])
{
if(strpos($info['filepath'], '://') === false) $path = UPLOAD_URL.$info['filepath'];
$this->db->query("UPDATE ".DB_PRE."content SET `thumb`='$path' WHERE `contentid`='$contentid'");
}
return true;
}
function download($field, $value, $ext = 'gif|jpg|jpeg|bmp|png', $absurl = '', $basehref = '')
{
global $contentid;
$this->field = $field;
$dir = date('Y/md/', TIME);
$uploadpath = PHPCMS_PATH.UPLOAD_URL.$dir;
$uploaddir = UPLOAD_ROOT.$dir;
dir_create($uploaddir);
$string = stripslashes($value);
if(!preg_match_all("/(href|src)=([\"|']?)([^ \"'>]+\.($ext))\\2/i", $string, $matches)) return $value;
$remotefileurls = array();
foreach($matches[3] as $matche)
{
if(strpos($matche, '://') === false) continue;
$remotefileurls[$matche] = $this->fillurl($matche, $absurl, $basehref);
}
unset($matches, $string);
$attachments = get_cookie('attachments');
$attachments = $attachments==false ? array() : $attachments; //zzcity add
$remotefileurls = array_unique($remotefileurls);
$oldpath = $newpath = array();
$attachments = array_map('basename', $attachments);
foreach($remotefileurls as $k=>$file)
{
if(strpos($file, '://') === false) continue;
$filename = fileext($file);
$file_name = basename($file);
if($contentid)
{
$r = $this->db->get_one("SELECT `aid` FROM `".DB_PRE."attachment` WHERE `contentid`=$contentid AND `filename`='$file_name'");
if($r['aid']) continue;
}
if(in_array($file_name, $attachments))
{
$aid = array_search($file_name, $attachments);
$this->attachments[$this->field][$aid] = $file;
continue;
}
$filename = $this->getname($filename);
$newfile = $uploaddir.$filename;
$upload_func = UPLOAD_FUNC;
if(@$upload_func($file, $newfile))
{
$oldpath[] = $k;
$newpath[] = $uploadpath.$filename;
@chmod($newfile, 0777);
$fileext = fileext($filename);
$filetype = '';
$image_type = 'IMAGETYPE_'.strtoupper($fileext);
if(defined($image_type) && function_exists('image_type_to_mime_type'))
{
$filetype = image_type_to_mime_type(constant($image_type));
}
$filepath = $dir.$filename;
$downloadedfile = array('filename'=>$filename, 'filepath'=>$filepath, 'filetype'=>$filetype, 'filesize'=>filesize($newfile), 'fileext'=>$fileext);
$aid = $this->add($downloadedfile);
$this->downloadedfiles[$aid] = $filepath;
}
}
return str_replace($oldpath, $newpath, $value);
}
function listinfo($where, $fields = '*', $order = 'listorder,aid', $page = 0, $pagesize = 20)
{
if($where) $where = " WHERE $where";
if($order) $order = " ORDER BY $order";
$limit = '';
if($page !== 0)
{
$page = max(intval($page), 1);
$offset = $pagesize*($page-1);
$limit = " LIMIT $offset, $pagesize";
$r = $this->db->get_one("SELECT count(*) as number FROM $this->table $where");
$number = $r['number'];
$this->pages = pages($number, $page, $pagesize);
}
$i = 1;
$array = array();
$result = $this->db->query("SELECT $fields FROM `$this->table` $where $order $limit");
while($r = $this->db->fetch_array($result))
{
if(strstr($r['filepath'], 'http://')) {
unset($r['isthumb']);
} else {
$r['filepath'] = UPLOAD_URL.$r['filepath'];
$r['thumb'] = $this->get_thumb($r['filepath']);
}
$array[$i] = $r;
$i++;
}
$this->number = $this->db->num_rows($result);
$this->db->free_result($result);
return $array;
}
function add($uploadedfile)
{
global $_userid;
$uploadedfile['field'] = $this->field;
$uploadedfile['module'] = $this->module;
$uploadedfile['catid'] = $this->catid;
$uploadedfile['userid'] = $_userid;
$uploadedfile['uploadtime'] = TIME;
$uploadedfile['uploadip'] = IP;
$uploadedfile['isimage'] = in_array($uploadedfile['fileext'], $this->imageexts) ? 1 : 0;
$uploadedfile = new_addslashes($uploadedfile);
$this->db->insert($this->table, $uploadedfile);
$aid = $this->db->insert_id();
$uploadedfile['aid'] = $aid;
$this->uploadedfiles[] = $uploadedfile;
$this->attachments[$this->field][$aid] = $uploadedfile['filepath'];
$attachments = get_cookie('attachments');
$attachments[$aid] = $uploadedfile['filepath'];
set_cookie('attachments', $attachments);
return $aid;
}
function delete($where)
{
$result = $this->db->query("SELECT `filepath`,`isthumb` FROM `$this->table` WHERE $where ORDER BY `aid`");
while($r = $this->db->fetch_array($result))
{
$image = UPLOAD_ROOT.$r['filepath'];
@unlink($image);
$thumbs = glob(dirname($image).'/*'.basename($image));
if($thumbs) foreach($thumbs as $thumb) @unlink($thumb);
if($r['isthumb'])
{
$thumb = $this->get_thumb($image);
@unlink($thumb);
}
}
$this->db->free_result($result);
return $this->db->query("DELETE FROM `$this->table` WHERE $where");
}
function listorder($aid, $listorder)
{
$aid = intval($aid);
$listorder = min(intval($listorder), 255);
return $this->db->query("UPDATE `$this->table` SET `listorder`=$listorder WHERE `aid`=$aid");
}
function description($aid, $description)
{
$aid = intval($aid);
return $this->db->query("UPDATE `$this->table` SET `description`='$description' WHERE `aid`=$aid");
}
function get_thumb($image)
{
return str_replace('.', '_thumb.', $image);
}
function set_thumb($aid)
{
$aid = intval($aid);
return $this->db->query("UPDATE `$this->table` SET `isthumb`=1 WHERE `aid`=$aid");
}
function is_allow_upload()
{
global $_groupid;
if($_groupid == 1) return true;
$starttime = TIME-86400;
$uploads = cache_count("SELECT COUNT(*) AS `count` FROM `$this->table` WHERE `uploadip`='".IP."' AND `uploadtime`>$starttime");
return ($uploads < UPLOAD_MAXUPLOADS);
}
function update($contentid, $field, $html = '')
{
if(!isset($this->attachments[$field]) && $html == '') return 0;
$contentid = intval($contentid);
$aids = '';
$attachments = get_cookie('attachments');
if($html && !empty($attachments) && empty($_SESSION['downfiles']) && empty($_SESSION['field_images']) && empty($_SESSION['field_image']))
{
$aids_del = array();
foreach($attachments as $aid => $url)
{
if(!isset($this->downloadedfiles[$aid]) && strpos($html, $url) === false)
{
$aids_del[] = $aid;
}
else
{
$aids[] = $aid;
}
}
}
else
{
if(is_array($this->attachments[$field])) $aids = array_keys($this->attachments[$field]);
}
$aids = implodeids($aids);
if($aids) $this->db->query("UPDATE `$this->table` SET `catid`='$this->catid',`contentid`=$contentid,`field`='$field' WHERE `aid` IN($aids)");
if(is_array($attachments) && !empty($attachments))
{
foreach($attachments as $k=>$v)
{
$attachments[$k] = '';
}
}
set_cookie('attachments', $attachments);
unset($attachments,$_SESSION['downfiles'],$_SESSION['field_images']);
return $aids ? 1 : 0;
}
function getname($fileext)
{
return date('Ymdhis').rand(100, 999).'.'.$fileext;
}
function size($filesize)
{
if($filesize >= 1073741824)
{
$filesize = round($filesize / 1073741824 * 100) / 100 . ' GB';
}
elseif($filesize >= 1048576)
{
$filesize = round($filesize / 1048576 * 100) / 100 . ' MB';
}
elseif($filesize >= 1024)
{
$filesize = round($filesize / 1024 * 100) / 100 . ' KB';
}
else
{
$filesize = $filesize . ' Bytes';
}
return $filesize;
}
function isuploadedfile($file)
{
return is_uploaded_file($file) || is_uploaded_file(str_replace('\\\\', '\\', $file));
}
function fillurl($surl, $absurl, $basehref = '')
{
if($basehref != '')
{
$preurl = strtolower(substr($surl,0,6));
if($preurl=='http://' || $preurl=='ftp://' ||$preurl=='mms://' || $preurl=='rtsp://' || $preurl=='thunde' || $preurl=='emule://'|| $preurl=='ed2k://')
return $surl;
else
return $basehref.'/'.$surl;
}
$i = 0;
$dstr = '';
$pstr = '';
$okurl = '';
$pathStep = 0;
$surl = trim($surl);
if($surl=='') return '';
//判断文档相对于当前的路径
$urls = @parse_url(SITE_URL);
$HomeUrl = $urls['host'];
$BaseUrlPath = $HomeUrl.$urls['path'];
$BaseUrlPath = preg_replace("/\/([^\/]*)\.(.*)$/",'/',$BaseUrlPath);
$BaseUrlPath = preg_replace("/\/$/",'',$BaseUrlPath);
$pos = strpos($surl,'#');
if($pos>0) $surl = substr($surl,0,$pos);
if($surl[0]=='/')
{
$okurl = 'http://'.$HomeUrl.'/'.$surl;
}
elseif($surl[0] == '.')
{
if(strlen($surl)<=2) return '';
elseif($surl[0]=='/')
{
$okurl = 'http://'.$BaseUrlPath.'/'.substr($surl,2,strlen($surl)-2);
}
else
{
$urls = explode('/',$surl);
foreach($urls as $u)
{
if($u=="..") $pathStep++;
else if($i '文件上传成功',
1 => '上传的文件超过了 php.ini 中 upload_max_filesize 选项限制的值',
2 => '上传文件的大小超过了 HTML 表单中 MAX_FILE_SIZE 选项指定的值',
3 => '文件只有部分被上传',
4 => '没有文件被上传',
5 => '',
6 => '找不到临时文件夹。',
7 => '文件写入临时文件夹失败',
8 => '附件目录创建不成功',
9 => '附件目录没有写入权限',
10 => '不允许上传该类型文件',
11 => '文件超过了管理员限定的大小',
12 => '非法上传文件',
13 => '24小时内上传附件个数超出了系统限制',
);
return $UPLOAD_ERROR[$this->error];
}
}
//替换结束
$c = new content();
if(is_numeric($contentid) && $contentid>0)
{
$data = $c->get($contentid);
$catid = $data['catid'];
$modelid = $CATEGORY[$catid]['modelid'];
}
$catid=$info['catid']; //ET增加
$info['islink']=(empty($info['islink']))?99:$info['islink'];//ET增加
if(!isset($catid) || !isset($CATEGORY[$catid])) showmessage('缺少 catid 参数!');
extract(cache_read('category_'.$catid.'.php'));
if($type == 2)
{
if($action == 'manage') $action = 'link';
}
elseif($type == 1)
{
if($action == 'manage') $action = 'block';
}
else
{
/*
$allow_manage = $priv_role->check('catid', $catid, 'manage');
$allow_add = $allow_manage ? true : $priv_role->check('catid', $catid, 'add');
$allow_check = $allow_manage ? true : $priv_role->check('catid', $catid, 'check');
$allow_view = $allow_manage ? true : $priv_role->check('catid', $catid, 'view');
*/
$allow_manage = true;
$allow_add = true ;
$allow_check =false;
$allow_view = false;
$attachment = new attachment($mod, $catid);
$p = new process($workflowid);
$PROCESS = cache_read('process_'.$workflowid.'.php');
/*
$submenu = $allowprocessids = array();
if($allow_add)
{
$submenu[] = array('发布信息', '?mod='.$mod.'&file='.$file.'&action=add&catid='.$catid);
$submenu[] = array('我发布的信息', '?mod='.$mod.'&file='.$file.'&action=my&catid='.$catid);
}
if($allow_check)
{
foreach($PROCESS as $pid=>$processname)
{
if($priv_role->check('processid', $pid))
{
$allow_processids[] = $pid;
if($pid==1) $add_status = '&status=3';
$submenu[] = array($processname, '?mod='.$mod.'&file='.$file.'&action=check&catid='.$catid.'&processid='.$pid.$add_status);
}
}
}
if($allow_manage)
{
$submenu[] = array('管理', '?mod='.$mod.'&file='.$file.'&action=manage&catid='.$catid);
$submenu[] = array('回收站', '?mod='.$mod.'&file='.$file.'&action=recycle&catid='.$catid);
$submenu[] = array('碎片', '?mod='.$mod.'&file='.$file.'&action=block&catid='.$catid);
}
elseif($allow_view)
{
$submenu[] = array('浏览', '?mod='.$mod.'&file='.$file.'&action=browse&catid='.$catid);
}
$submenu[] = array('搜索', '?mod='.$mod.'&file='.$file.'&action=search&catid='.$catid);
$menu = admin_menu($CATEGORY[$catid]['catname'].' 栏目管理', $submenu);
*/
if(!isset($processid) || !in_array($processid, $allow_processids)) $processid = $allow_processids[0];
}
switch($action)
{
case 'add':
//if(!$priv_role->check('catid', $catid, 'add') && !$allow_manage) showmessage('无发布权限!');
if($dosubmit)
{
$info['status'] = ($status == 2 || $status == 3) ? $status : ($allow_manage ? 99 : 3);
if(isset($info['inputtime'])) $info['updatetime'] = $info['inputtime'];
$contentid = $c->add($info,$cat_selected);
//if($contentid) showmessage('发布成功!', '?mod=phpcms&file=content&action=add&catid='.$catid);
if($contentid){
exit("[ok]");}
else{
exit("[err]post failed[/err]");
}
}
else
{
$data['catid'] = $catid;
$data['template'] = isset($template_show) ? $template_show :$MODEL[$modelid]['template_show'];
require CACHE_MODEL_PATH.'content_form.class.php';
$content_form = new content_form($modelid);
$forminfos = $content_form->get($data);
require_once 'tree.class.php';
foreach($CATEGORY as $cid=>$c)
{
if($c['module'] != $mod || $c['type'] > 0) continue;
$checkbox = $c['child'] ? '' : '';
$cats[$cid] = array('id'=>$cid, 'parentid'=>$c['parentid'], 'name'=>$c['catname'], 'checkbox'=>$checkbox);
}
$str = "| \$spacer\$name | \$checkbox |
";
$tree = new tree($cats);
$categorys = $tree->get_tree(0, $str);
$pagetitle = $CATEGORY[$catid]['catname'].'-发布';
header("Cache-control: private");
include admin_tpl('content_add');
}
break;
/*
case 'edit':
if($dosubmit)
{
$c->edit($contentid, $info);
showmessage('修改成功!', $forward);
}
else
{
require CACHE_MODEL_PATH.'content_form.class.php';
$content_form = new content_form($modelid);
$forminfos = $content_form->get($data);
include admin_tpl('content_edit');
}
break;
case 'view':
if(!$priv_role->check('catid', $catid, 'view') && !$allow_manage) showmessage('无查看权限!');
require_once CACHE_MODEL_PATH.'content_output.class.php';
$coutput = new content_output();
$info = $coutput->get($data);
include admin_tpl('content_view');
break;
case 'log_list':
$ACTION = array('add'=>'发布', 'edit'=>'修改', 'delete'=>'删除');
$content = $c->get($contentid);
extract($content);
$log->set('contentid', $contentid);
$data = $log->listinfo($where, $page, 20);
include admin_tpl('content_log');
break;
case 'my':
if(!$allow_add) showmessage('无发布权限!');
$c->set_userid($_userid);
$status = isset($status) ? intval($status) : -1;
$where = "`catid`=$catid ";
if($status != -1) $where .= " AND `status`='$status'";
$infos = $c->listinfo($where, 'listorder DESC,contentid DESC', $page, 20);
$pagetitle = '我的信息-管理';
include admin_tpl('content_my');
break;
case 'my_contribute':
$c->set_userid($_userid);
$contentid = $c->contentid($contentid, array(0, 1, 2));
$c->status($contentid, 3);
showmessage('操作成功!', $forward);
break;
case 'my_cancelcontribute':
$c->set_userid($_userid);
$contentid = $c->contentid($contentid, array(3));
$c->status($contentid, 2);
showmessage('操作成功!', $forward);
break;
case 'my_edit':
$c->set_userid($_userid);
$contentid = $c->contentid($contentid, array(0, 1, 2, 3));
if($dosubmit)
{
$c->edit($contentid, $info);
showmessage('修改成功!', $forward);
}
else
{
require CACHE_MODEL_PATH.'content_form.class.php';
$content_form = new content_form($modelid);
$forminfos = $content_form->get($data);
include admin_tpl('content_edit');
}
break;
case 'my_delete':
$c->set_userid($_userid);
$contentid = $c->contentid($contentid, array(0, 1, 2, 3));
$c->delete($contentid);
showmessage('操作成功!', $forward);
break;
case 'my_view':
$c->set_userid($_userid);
$contentid = $c->contentid($contentid, array(0, 1, 2, 3));
require_once CACHE_MODEL_PATH.'content_output.class.php';
$coutput = new content_output();
$info = $coutput->get($data);
include admin_tpl('content_view');
break;
case 'check':
$allow_status = $p->get_process_status($processid);
if(!isset($status) || !in_array($status, $allow_status)) $status = -1;
$where = "`catid`=$catid ";
$where .= $status == -1 ? " AND `status` IN(".implode(',', $allow_status).")" : " AND `status`='$status'";
$infos = $c->listinfo($where, 'listorder DESC,contentid DESC', $page, 20);
$process = $p->get($processid, 'passname,passstatus,rejectname,rejectstatus');
extract($process);
$pagetitle = $CATEGORY[$catid]['catname'].'-审核';
include admin_tpl('content_check');
break;
case 'browse':
$where = "`catid`=$catid AND `status`=99";
$infos = $c->listinfo($where, 'listorder DESC,contentid DESC', $page, 20);
include admin_tpl('content_browse');
break;
case 'search':
if($dosubmit)
{
require CACHE_MODEL_PATH.'content_search.class.php';
$content_search = new content_search();
$infos = $content_search->data($page, 20);
include admin_tpl('content_search_list');
}
else
{
require CACHE_MODEL_PATH.'content_search_form.class.php';
$content_search_form = new content_search_form();
$forminfos = $content_search_form->get_where();
$orderfields = $content_search_form->get_order();
$pagetitle = $CATEGORY[$catid]['catname'].'-搜索';
include admin_tpl('content_search');
}
break;
case 'recycle':
if(!$allow_manage) showmessage('无管理权限!');
$infos = $c->listinfo("catid=$catid AND status=0", 'listorder DESC,contentid DESC', $page, 20);
$pagetitle = $CATEGORY[$catid]['catname'].'-回收站';
include admin_tpl('content_recycle');
break;
case 'pass':
if(!$priv_role->check('catid', $catid, 'check') && !$allow_manage) showmessage('无审核权限!');
$allow_status = $p->get_process_status($processid);
if($contentid=='') showmessage('请选择要批准的内容');
$contentid = $c->contentid($contentid, 0, $allow_status);
$process = $p->get($processid, 'passstatus');
$c->status($contentid, $process['passstatus']);
showmessage('操作成功!', $forward);
break;
case 'reject':
if(!$priv_role->check('catid', $catid, 'check') && !$allow_manage) showmessage('无审核权限!');
$allow_status = $p->get_process_status($processid);
if($contentid=='') showmessage('请选择要批准的内容');
$contentid = $c->contentid($contentid, 0, $allow_status);
$process = $p->get($processid, 'rejectstatus');
$c->status($contentid, $process['rejectstatus']);
showmessage('操作成功!', $forward);
break;
case 'cancel':
if(!$allow_manage) showmessage('无管理权限!');
$c->status($contentid, 0);
showmessage('操作成功!', $forward);
break;
case 'delete':
if(!$allow_manage) showmessage('无管理权限!');
$c->delete($contentid);
showmessage('操作成功!', $forward);
break;
case 'clear':
if(!$allow_manage) showmessage('无管理权限!');
$c->clear();
showmessage('操作成功!', $forward);
break;
case 'restore':
if(!$allow_manage) showmessage('无管理权限!');
$c->restore($contentid);
showmessage('操作成功!', $forward);
break;
case 'restoreall':
if(!$allow_manage) showmessage('无管理权限!');
$c->restoreall();
showmessage('操作成功!', $forward);
break;
case 'listorder':
$result = $c->listorder($listorders);
if($result)
{
showmessage('操作成功!', $forward);
}
else
{
showmessage('操作失败!');
}
break;
case 'link':
if($dosubmit)
{
require_once 'admin/category.class.php';
$cat = new category($mod);
$cat->link($catid, $category);
showmessage('操作成功!', $forward);
}
else
{
include admin_tpl('content_link');
}
break;
case 'block':
if($type == 0)
{
$page = max(intval($page), 1);
if($tpl == 'category')
{
if($child == 1)
{
$arrchildid = subcat('phpcms', $catid);
$template = $template_category;
}
else
{
$template = $template_list;
}
}
elseif($tpl == 'show')
{
$template = $MODEL[$modelid]['template_show'];
}
else
{
$template = $template_list;
}
}
elseif($type == 2)
{
header('location:'.$url);
}
$catlist = submodelcat($modelid);
$arrparentid = explode(',', $arrparentid);
$parentid = $arrparentid[1];
$head['title'] = $catname;
$head['keywords'] = $meta_keywords;
$head['description'] = $meta_description;
include admin_template('phpcms', $template);
include admin_tpl('block_ajax', 'phpcms');
break;
case 'category':
$catid = intval($catid);
if(!isset($CATEGORY[$catid])) showmessage('访问的栏目不存在!');
$C = cache_read('category_'.$catid.'.php');
extract($C);
if($type == 1)
{
$template = $C['template'];
}
elseif($type == 2)
{
header('location:'.$url);
}
else
{
$page = max(intval($page), 0);
if($page == 0)
{
$template = $C['template_category'];
$categorys = $child ? subcat('phpcms', $catid, 0) : array();
}
else
{
$template = $C['template_list'];
}
}
$head['title'] = $catname;
$head['keywords'] = $meta_keywords;
$head['description'] = $meta_description;
define('BLOCK_EDIT', 1);
include template('phpcms', $template);
break;
default:
require_once 'admin/model_field.class.php';
$model_field = new model_field($modelid);
$where = "`catid`=$catid AND `status`=99 ";
if($typeid) $where .= " AND `typeid`='$typeid' ";
if($areaid) $where .= " AND `areaid`='$areaid' ";
if($inputdate_start) $where .= " AND `inputtime`>='".strtotime($inputdate_start.' 00:00:00')."'"; else $inputdate_start = date('Y-m-01');
if($inputdate_end) $where .= " AND `inputtime`<='".strtotime($inputdate_end.' 23:59:59')."'"; else $inputdate_end = date('Y-m-d');
if($q)
{
if($field == 'title')
{
$where .= " AND `title` LIKE '%$q%'";
}
elseif($field == 'userid')
{
$userid = intval($q);
if($userid) $where .= " AND `userid`=$userid";
}
elseif($field == 'username')
{
$userid = userid($q);
if($userid) $where .= " AND `userid`=$userid";
}
elseif($field == 'contentid')
{
$contentid = intval($q);
if($contentid) $where .= " AND `contentid`=$contentid";
}
}
$infos = $c->listinfo($where, '`listorder` DESC,`contentid` DESC', $page, 20);
$pagetitle = $CATEGORY[$catid]['catname'].'-管理';
$POS[0] = '不限推荐位';
include admin_tpl('content_manage');
*/
}
?>