<?php 


define('IN_ADMIN', TRUE);
$rootdir = dirname(__FILE__);

require $rootdir.'/admin/include/global.func.php';

require $rootdir.'/include/common.inc.php';
require PHPCMS_ROOT.'/languages/'.$CONFIG['adminlanguage'].'/phpcms_admin.lang.php';
require_once PHPCMS_ROOT.'/include/version.inc.php';
require_once PHPCMS_ROOT.'/include/formselect.func.php';
require_once PHPCMS_ROOT.'/include/cache.func.php';
require_once PHPCMS_ROOT.'/include/post.func.php';


//**Et增加**
$channelid = isset($channelid) ? $channelid : 1; //文章频道
$file='article';
$_grade=0; //管理等级
$mod='article'; 
$action='add';
$dosubmit=1;

function ETshow($msg, $A='', $B='') 
{
 if($msg!='success'){
 echo('[err]'.$msg.'[/err]');
 }
 else
 {
 echo('1');
 }
    exit;
}

//**********

if(!isset($file)) $file = 'index';
preg_match("/^[0-9A-Za-z_]+$/",$file) or ETshow('Invalid Request.');

$db->iscache = 0;
$fileiscache = 0;
$filecaching = 0;


$file = isset($file) ? $file : 'login';
$action = isset($action) ? $action : '';
$job = isset($job) ? $job : '';
$catid = isset($catid) ? intval($catid) : 0;
$specialid = isset($specialid) ? intval($specialid) : 0;

$_grade = isset($_SESSION['admin_grade']) ? $_SESSION['admin_grade'] : -1;

//if($file != 'login' && ($_grade == -1 || $_groupid != 1)) ETshow($LANG['login_website'], '?mod=phpcms&file=login&forward='.urlencode(strpos($PHP_URL, '?') ? $PHP_URL : '?mod=phpcms&file=index&action=index'));
if($CONFIG['enableadminlog'] && $file != 'database' && $action != 'import') adminlog();

if($_grade > 0)
{
    $_modules = $_SESSION['admin_modules'];
    $_channelids = $_SESSION['admin_channelids'];
    $_purviewids = $_SESSION['admin_purviewids'];
    $_catids = $_SESSION['admin_catids'];
    $_specialids = $_SESSION['admin_specialids'];
 if($mod == 'phpcms')
 {
  require PHPCMS_ROOT.'/admin/include/checkpurview.inc.php';
 }
 else
 {
  if($MODULE[$mod]['iscopy'])
  {
   if(!in_array($channelid, $_channelids)) ETshow($LANG['you_have_no_permission_this_channel']);
  }
  else
  {
   if($MODULE[$mod]['isshare'] == 0)
   {
    if(!in_array($mod, $_modules)) ETshow($LANG['you_have_no_permission_this_module']);
   }
   elseif($_grade > 1 || !isset($keyid) || (!in_array($keyid, $_channelids) && !in_array($keyid, $_modules)))
   {
    ETshow($LANG['you_have_no_permission_this_module']);
   }
  }
 }
}
else
{
 $_modules = $_channelids = $_catids = $_specialids = array();
}

$grades = array(0 => $LANG['administrator'], 1 => $LANG['module_channel_admin'], 2 => $LANG['category_cheif_editor'], 3 => $LANG['category_editor'], 4 => $LANG['info_publisher'] , 5 => $LANG['info_verifier']);

$module_dir = moduledir($mod);
$filepath = $mod == 'phpcms' ? PHPCMS_ROOT.'/admin/'.$file.'.inc.php' : PHPCMS_ROOT.'/'.$module_dir.'/admin.inc.php';

//***ET插入**LOGIN.INC.PHP中部分代码
//登陆验证模块
 require PHPCMS_ROOT.'/languages/'.$CONFIG['language'].'/member.lang.php';
 require PHPCMS_ROOT.'/member/include/member.class.php';
 $member = new member($username);

// if(!isset($forward)) $forward = $PHP_SCHEME.$PHP_DOMAIN.$PHP_PORT.$PHP_SELF;
// if(!isset($checkcodestr)) $checkcodestr = '';
//
// checkcode($checkcodestr, $PHPCMS['enableadmincheckcode'], $PHP_REFERER);

// if(empty($username) || $member->is_badword($username)) ETshow($LANG['username_non_compliant'], $PHP_REFERER);
//***ET增加***
 if(empty($username)) ETshow($LANG['username_non_compliant']);
//************
 if(strlen($password)<2 || strlen($password)>20) ETshow($LANG['password_not_less_than_2char_greater_than_20char'], $PHP_REFERER);
 if(!$_userid || $_username != $username)
 {
  $result = $member->login($password);
  if(!$result) ETshow($member->errormsg(), $PHP_REFERER);
 }

    $memberinfo = $db->get_one("SELECT m.userid,m.password,m.answer,m.groupid,a.* FROM ".TABLE_MEMBER." m ,".TABLE_ADMIN." a WHERE m.userid=a.userid AND m.username='$username' LIMIT 0,1");
 if(!$memberinfo)
 {
  if($PHPCMS['maxfailedtimes']) 
        {
   $failedtimes = $_SESSION['failedtimes'];
   $failedtimes ++;
   $overtime = $PHP_TIME+$PHPCMS['maxlockedtime']*3600;
   if($PHPCMS['maxfailedtimes']<=$failedtimes)
   {
    $db->query("INSERT INTO ".TABLE_BANIP."(ip,ifban,overtime) VALUES('$PHP_IP',1,$overtime)");
    cache_banip();
    ETshow($LANG['fail_num_over_ip_locked']);
   }
   $_SESSION['failedtimes'] = $failedtimes;
  }
  ETshow($LANG['not_existe_user'], $PHP_REFERER);
 }

 if($memberinfo['password'] != md5($password)) ETshow($LANG['wrong_password'], $PHP_REFERER);
 if($memberinfo['groupid'] != 1) ETshow($LANG['you_are_not_admin'], $PHP_REFERER);

 $_SESSION['admin_grade'] = $memberinfo['grade'];
 if($memberinfo['grade'] > 0)
 {
  $_SESSION['admin_modules'] = $memberinfo['modules'] ? array_filter(explode(',', $memberinfo['modules'])) : array();
  $_SESSION['admin_channelids'] = $memberinfo['channelids'] ? array_filter(explode(',', $memberinfo['channelids'])) : array();
  $_SESSION['admin_purviewids'] = $memberinfo['purviewids'] ? array_filter(explode(',', $memberinfo['purviewids'])) : array();
  $_SESSION['admin_catids'] = $memberinfo['catids'] ? array_filter(explode(',', $memberinfo['catids'])) : array();
  $_SESSION['admin_specialids'] = $memberinfo['specialids'] ? array_filter(explode(',', $memberinfo['specialids'])) : array();
 }
 //ETshow($LANG['login_success'], $forward);

//**********************************

//if(!@include $filepath) ETshow($LANG['illegal_operation']);
//*****ET替换上一行INCLUDE语句********
defined('IN_PHPCMS') or exit('Access Denied');
define('MOD_ROOT', PHPCMS_ROOT.'/module/'.$mod);

if($_grade > 1) require MOD_ROOT.'/admin/include/checkpurview.inc.php';

if($channelid) require PHPCMS_ROOT.'/include/channel.inc.php';
require MOD_ROOT.'/include/global.func.php';
require MOD_ROOT.'/include/tag.func.php';

$job = isset($job) ? $job : '';

$TYPE = cache_read('type_'.$channelid.'.php');

//if(!@include(MOD_ROOT.'/admin/'.$file.'.inc.php')) ETshow($LANG['access_denied']);
//*****ET替换上一行INCLUDE语句********
//defined('IN_PHPCMS') or exit('Access Denied');
$channelid = intval($channelid);

$channelid or ETshow($LANG['invalid_parameters'],$referer);
//if($channelid<1) ETshow($LANG['invalid_parameters']);

require_once PHPCMS_ROOT."/include/tree.class.php";
$tree = new tree();

require_once MOD_ROOT."/include/article.class.php";
$articleid = isset($articleid) ? intval($articleid) : 0;

$art = new article($channelid);
if($articleid) $art->articleid = $articleid;

$catid = isset($catid) ? intval($catid) : 0;
if($catid) $CAT = cache_read('category_'.$catid.'.php');

$pagesize = isset($pagesize) && $pagesize<500 ? intval($pagesize) : $PHPCMS['pagesize'];

$submenu = array(
 array("<font color=\"blue\">{$CHA['channelname']}".$LANG['homepage']."</font>","?mod=$mod&file=$file&action=main&channelid=$channelid"),
 array("<font color=\"red\">{$LANG['add_article']}</font>","?mod=$mod&file=$file&action=main&channelid=$channelid"),
 array("<font color=\"blue\">{$LANG['manage_article']}</font>","?mod=$mod&file=$file&action=manage&channelid=$channelid"),
 array($LANG['check_article'],"?mod=$mod&file=$file&action=manage&job=check&channelid=$channelid"),
 array($LANG['my_article'],"?mod=$mod&file=$file&action=manage&job=myitem&channelid=$channelid"),
 array($LANG['move_articles'],"?mod=$mod&file=$file&action=move&channelid=$channelid"),
 array($LANG['manage_recycle'],"?mod=$mod&file=$file&action=manage&job=recycle&channelid=$channelid"),
 array("<font color=blue>{$LANG['template_config']}</font>","?mod=$mod&file=setting&channelid=$channelid"),
 array("<font color=\"red\">{$LANG['use_tag']}</font>","?mod=$mod&file=tag&channelid=$channelid"),
 array($LANG['statistical_reports'],"?mod=$mod&file=$file&action=stats&channelid=$channelid"),
 array("<font color=\"red\">{$LANG['publish_website']}(html)</font>","?mod=$mod&file=createhtml&channelid=$channelid"),
);

$menu = adminmenu($LANG['manage_article'],$submenu);

$action = $action ? $action : 'main';

//include MOD_ROOT.'/admin/'.$mod.'_'.$action.".inc.php";
//*****ET替换上一行INCLUDE语句********
//defined('IN_PHPCMS') or exit('Access Denied');
set_time_limit(0);

$catid or ETshow($LANG['empty_category_id'],$referer);


if($CAT['child'] && !$CAT['enableadd'])
{
 ETshow($LANG['not_allowed_to_add_an_artcile'],'goback');
}

require PHPCMS_ROOT.'/include/field.class.php';

$field = new field(channel_table('article', $channelid));

require PHPCMS_ROOT.'/admin/include/position.class.php';
$pos = new position($channelid);

require PHPCMS_ROOT.'/include/attachment.class.php';
$att = new attachment;

if($dosubmit)
{
 if(empty($article['title'])) ETshow($LANG['short_title_can_not_be_blank']);
 if(!isset($article['islink']) && empty($article['content'])) ETshow($LANG['content_can_not_be_blank'],'goback');
 if(isset($addkeywords) && $article['keywords']) update_keywords($article['keywords'], $channelid);
 if(isset($addauthor) && $article['author']) update_author($article['author'], $channelid);
 if(isset($addcopyfrom) && $article['copyfrom']) update_copyfrom($article['copyfrom'], $channelid);

 if(isset($save_remotepic))
 {
  require PHPCMS_ROOT.'/include/get_remotefiles.func.php';
  $article['content'] = get_remotepics($article['content'], $PHPCMS['uploaddir'].'/'.$CHA['channeldir'].'/'.$CHA['uploaddir']);
 }

 $introcude_length = isset($introcude_length) ? intval($introcude_length) : 0;
 if(!isset($article['islink']) && empty($article['introduce']) && isset($add_introduce) && $introcude_length) $article['introduce'] = str_cut(strip_tags($article['content']), $introcude_length);

 if(!isset($article['islink']) && empty($article['thumb']) && isset($auto_thumb) && $auto_thumb_no)
 {
  if(intval($auto_thumb_no) < 1) $auto_thumb_no = 1;
  $c = stripslashes($article['content']);
  preg_match_all("/<img[^>]*src=\"([^\"]+)\"/i", $c, $m);
  if(isset($m[1][$auto_thumb_no-1]))
  {
   $thumb = $m[1][$auto_thumb_no-1];
   $thumb = str_replace('http://'.$PHP_DOMAIN, '' , $thumb);//For PHPCMS Editor
   if($PHPCMS['enablethumb'] && !strpos($thumb, "://"))
   {
    require_once PHPCMS_ROOT."/include/watermark.class.php";
    $thumb = substr($thumb, strlen(PHPCMS_PATH));
    $newthumb = str_replace(basename($thumb), "thumb_".basename($thumb), $thumb);
    $width = $MOD['thumb_width'] ? $MOD['thumb_width'] : $PHPCMS['thumb_width'];
    $height = $MOD['thumb_height'] ? $MOD['thumb_height'] : $PHPCMS['thumb_height'];
    $wm = new watermark(PHPCMS_ROOT.'/'.$thumb, 10, $PHPCMS['water_pos']);
    $wm->thumb($width, $height, PHPCMS_ROOT.'/'.$newthumb);
    $article['thumb'] = $newthumb;
   }
   else
   {
    $article['thumb'] = strpos($thumb, "://") ? $thumb : substr($thumb, strlen(PHPCMS_PATH));
   }
  }
 }
 
 $article['islink'] = isset($article['islink']) ? 1 : 0;
 $article['arrgroupidview'] = empty($article['arrgroupidview']) ? '' : implode(',',$article['arrgroupidview']);
 $article['catid'] = $catid;
 $article['username'] = $article['editor'] = $article['checker'] = $_username;
 $article['urlruleid'] = $article['ishtml'] ? $html_urlrule : $php_urlrule;
 $article['addtime'] = $article['edittime'] = $article['checktime'] = preg_match('/^([0-9]{4})-([0-9]{1,2})-([0-9]{1,2})/', $article['addtime']) ? strtotime($article['addtime'].' '.date('H:i:s',$PHP_TIME)) : $PHP_TIME; 
 if(isset($article['arrposid']))
 {
  $arrposid = $article['arrposid'];
  $article['arrposid'] = ','.implode(',', $arrposid).',';
 }

 $field->check_form();

 $articleid = $art->add($article);

 if($articleid)
 {
  if($freelink)
  {
   $r = $db->get_one("select title,thumb,linkurl,style from ".channel_table('article', $channelid)." where articleid='$articleid' ");
   $f = array();
   $f['title'] = $r['title'];
   $f['url'] = linkurl($r['linkurl']);
   $f['image'] = imgurl($r['thumb']);
   $f['style'] = $r['style'];
   add_freelink(trim($freelink), $f);
  }
  $att->attachment($articleid, $channelid, $catid);
  $att->add($article['content']);
  if(isset($arrposid) && $arrposid) $pos->add($articleid, $arrposid);

  $field->update("articleid=$articleid");
  $forward = "?mod=$mod&file=$file&action=add&channelid=$channelid&catid=$catid";
  if($article['status'] == 3)
  {
   require PHPCMS_ROOT.'/include/create_related_html.inc.php';
  }
  //ETshow($LANG['add_article_success'], $forward);
  ETshow('success');
 }
 else
 {
  ETshow($LANG['add_article_failure'],'goback');
 }
}
else
{
 $today=date('Y-m-d',$PHP_TIME);
 $type_select = type_select('article[typeid]', $LANG['type']);
 $style_edit = style_edit('article[style]','');
 $keywords_select = keywords_select($channelid);
 $author_select = author_select($channelid);
 $copyfrom_select = copyfrom_select($channelid);
 $category_jump = category_select('catid', $LNAG['change_category_add_article'], 0, "onchange=\"if(this.value!=''){location='?mod=$mod&file=$file&action=add&job=$job&channelid=$channelid&catid='+this.value;}\"");
 $showgroup = showgroup('checkbox','article[arrgroupidview][]');
 $showskin = showskin('article[skinid]');
 $showtpl = showtpl($mod,'content','article[templateid]');
 $html_urlrule = urlrule_select('html_urlrule','html','item',$CAT['item_html_urlruleid']);
 $php_urlrule = urlrule_select('php_urlrule','php','item',$CAT['item_php_urlruleid']);
 $fields = $field->get_form('<tr><td class="tablerow"><strong>$title</strong></td><td class="tablerow">$input $tool $note</td></tr>');
 $position = $pos->checkbox('article[arrposid][]');
 include admintpl($mod.'_add');
}

//************************************
/*
*/

?>