”替换为phpcms2008分页标记“[page]”) 附加参数 info[catid] 栏目编号(请对照后台栏目管理) vercode 安全校验码,请自行设定,本项用以防止接口被他人利用,如果需要进行更多校验,请自行填加相关代码。 */ $vercode=''; //此处取值请自行修改 /* 可选参数 info[style] 颜色和字型,颜色取值c1至c15,加粗取值b,格式为“info[style]=c2 b”,颜色请对照后台发布信息界面 info[titleintact] 完整标题 info[thumb] 缩略图地址 info[keywords] 关键词 info[author] 作者 info[copyfrom] 来源 info[description] 摘要 info[islink] 是否转向链接,值1为是 info[linkurl] 转向链接地址 info[posids][]=1 推荐位:首页推荐 info[posids][]=2 推荐位:首页焦点 info[posids][]=3 推荐位:首页头条 info[posids][]=4 推荐位:列表页推荐 info[posids][]=5 推荐位:内容页推荐 info[groupids_view][]=1 阅读权限:管理员 info[groupids_view][]=2 阅读权限:禁用 info[groupids_view][]=3 阅读权限:游客 info[groupids_view][]=4 阅读权限:待邮件验证 info[groupids_view][]=5 阅读权限:待审核 info[groupids_view][]=6 阅读权限:注册会员 info[readpoint] 阅读所需点数 info[template]=show 内容页模板:show=文章内容页,show_down=下载内容页,show_info=信息内容页,show_picture=图片内容页,show_product=产品内容页,showmessage=提示信息 status=99 文章状态:99=发布,3=审核,2=草稿 ET发布配置-文章检查网址处,填写参考如下: http://您的网址/etpost.php */ if(isset($_REQUEST['vercode'])){ if ($_REQUEST['vercode']!=$vercode){ exit("[err]invalid vercode[/err]"); } } define('IN_ADMIN', TRUE); require dirname(__FILE__).'/include/admin/global.func.php'; //require dirname(__FILE__).'/include/common.inc.php'; //include/common.inc.php开始 //define('PHPCMS_ROOT', str_replace("\\", '/', substr(dirname(__FILE__), 0, -7))); define('PHPCMS_ROOT', str_replace("\\", '/', dirname(__FILE__).'/')); define('MICROTIME_START', microtime()); define('IN_PHPCMS', TRUE); define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc()); define('TIME', time()); set_include_path(PHPCMS_ROOT.'include/'); set_magic_quotes_runtime(0); unset($LANG, $HTTP_ENV_VARS, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_POST_FILES, $HTTP_COOKIE_VARS); require 'config.inc.php'; require 'global.func.php'; require 'dir.func.php'; require 'url.func.php'; require 'output.class.php'; require 'priv_group.class.php'; require 'times.class.php'; require PHPCMS_ROOT.'languages/'.LANG.'/phpcms.lang.php'; ERRORLOG ? set_error_handler('phpcms_error') : error_reporting(E_ERROR | E_WARNING | E_PARSE); define('IP', ip()); define('HTTP_REFERER', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''); define('SCRIPT_NAME', isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : preg_replace("/(.*)\.php(.*)/i", "\\1.php", $_SERVER['PHP_SELF'])); define('QUERY_STRING', $_SERVER['QUERY_STRING']); define('PATH_INFO', isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : ''); define('DOMAIN', isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : preg_replace("/([^:]*)[:0-9]*/i", "\\1", $_SERVER['HTTP_HOST'])); define('SCHEME', $_SERVER['SERVER_PORT'] == '443' ? 'https://' : 'http://'); define('SITE_URL', SCHEME.$_SERVER['HTTP_HOST'].PHPCMS_PATH); define('RELATE_URL', isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : SCRIPT_NAME.(QUERY_STRING ? '?'.QUERY_STRING : PATH_INFO)); define('URL', SCHEME.$_SERVER['HTTP_HOST'].RELATE_URL); define('RELATE_REFERER',urlencode(RELATE_URL)); if(function_exists('date_default_timezone_set')) date_default_timezone_set(TIMEZONE); header('Content-type: text/html; charset='.CHARSET); if(CACHE_PAGE && !defined('IN_ADMIN')) cache_page_start(); if(GZIP && extension_loaded('zlib')) ini_set('zlib.output_compression', 'On'); ob_start(); $dbclass = 'db_'.DB_DATABASE; require $dbclass.'.class.php'; $db = new $dbclass; $db->connect(DB_HOST, DB_USER, DB_PW, DB_NAME, DB_PCONNECT, DB_CHARSET); require 'session_'.SESSION_STORAGE.'.class.php'; $session = new session(); session_set_cookie_params(0, COOKIE_PATH, COOKIE_DOMAIN); if($_REQUEST) { if(MAGIC_QUOTES_GPC) { $_REQUEST = new_stripslashes($_REQUEST); if($_COOKIE) $_COOKIE = new_stripslashes($_COOKIE); } if(!defined('IN_ADMIN')) $_REQUEST = filter_xss($_REQUEST, ALLOWED_HTMLTAGS); extract($db->escape($_REQUEST), EXTR_SKIP); if($_COOKIE) $db->escape($_COOKIE); } if(QUERY_STRING && strpos(QUERY_STRING, '=') === false && preg_match("/^(.*)\.(htm|html|shtm|shtml)$/", QUERY_STRING, $urlvar)) { parse_str(str_replace(array('/', '-', ' '), array('&', '=', ''), $urlvar[1])); } $CACHE = cache_read('common.php'); if(!$CACHE) { require_once 'cache.func.php'; cache_all(); $CACHE = cache_read('common.php'); } extract($CACHE); unset($CACHE); if($PHPCMS['enable_ipbanned'] && ip_banned(IP)) showmessage($LANG['administrator_banned_this_IP']); if(!defined('IN_ADMIN')) { if(FILTER_ENABLE && filter_word()) showmessage('The content including illegal information: '.ILLEGAL_WORD.' .'); if($PHPCMS['minrefreshtime']) { $cc = new times(); $cc->set('cc', $PHPCMS['minrefreshtime'], 1); if($cc->check()) showmessage('Do not refresh the page in '.$PHPCMS['minrefreshtime'].' seconds!'); $cc->add(); unset($cc); } if(!isset($forward)) $forward = HTTP_REFERER; } $M = $TEMP = array(); if(!isset($mod)) $mod = 'phpcms'; if($mod != 'phpcms') { isset($MODULE[$mod]) or exit($LANG['module_not_exists']); $langfile = defined('IN_ADMIN') ? $mod.'_admin' : $mod; @include PHPCMS_ROOT.'languages/'.LANG.'/'.$langfile.'.lang.php'; $M = cache_read('module_'.$mod.'.php'); } $_userid = 0; $_username = ''; $_groupid = 3; //$phpcms_auth = get_cookie('auth'); $action='add'; $dosubmit=true; //ET增加登录验证 require PHPCMS_ROOT.'languages/'.LANG.'/member.lang.php'; require PHPCMS_ROOT.'member/include/member.class.php'; $member = new member(); $result = $member->login($username, $password); if(!$result) { exit("[err]invalid username or password[/err]"); } @extract($result, EXTR_PREFIX_ALL, ''); if($_groupid > 1) { exit("[err]you are not admin[/err]"); } $_SESSION['is_admin'] = 1; /* if($phpcms_auth) { $auth_key = md5(AUTH_KEY.$_SERVER['HTTP_USER_AGENT']); list($_userid, $_password) = explode("\t", phpcms_auth($phpcms_auth, 'DECODE', $auth_key)); $_userid = intval($_userid); $sql_member = "SELECT * FROM `".DB_PRE."member_cache` WHERE `userid`=$_userid"; $r = $db->get_one($sql_member); if(!$r && cache_member()) { $r = $db->get_one($sql_member); } if($r && $r['password'] === $_password) { if($r['groupid'] == 2) { set_cookie('auth', ''); showmessage($LANG['userid_banned_by_administrator']); } @extract($r, EXTR_PREFIX_ALL, ''); } else { $_userid = 0; $_username = ''; $_groupid = 3; set_cookie('auth', ''); } unset($r, $phpcms_auth, $phpcms_auth_key, $_password, $sql_member); } */ $G = cache_read('member_group_'.$_groupid.'.php'); $priv_group = new priv_group(); define('SKIN_PATH', 'templates/'.TPL_NAME.'/skins/'.TPL_CSS.'/'); define('PASSPORT_ENABLE', ($PHPCMS['uc'] || $PHPCMS['enablepassport'] || $PHPCMS['enableserverpassport']) ? 1 : 0); //include/common.inc.php结束 require 'log.class.php'; require 'form.class.php'; require 'priv_role.class.php'; require_once 'cache.func.php'; require_once 'version.inc.php'; require PHPCMS_ROOT.'languages/'.LANG.'/phpcms_admin.lang.php'; if(!isset($file)) $file = 'index'; preg_match("/^[0-9A-Za-z_-]+$/", $file) or showmessage('Invalid Request.'); $action = isset($action) ? $action : ''; $catid = isset($catid) ? intval($catid) : 0; $specialid = isset($specialid) ? intval($specialid) : 0; if(!isset($forward) && str_exists(HTTP_REFERER, '?')) $forward = HTTP_REFERER; session_start(); if($_userid && $_groupid == 1 && $_SESSION['is_admin'] == 1) { $ROLE = cache_read('role.php'); $GROUP = cache_read('member_group.php'); $POS = cache_read('position.php'); $STATUS = cache_read('status.php'); // $_roleid = cache_read('admin_role_'.$_userid.'.php'); // if(!$_roleid) showmessage('您没有任何角色权限!'); // $priv_role = new priv_role(); // if(!$priv_role->module()) showmessage('您没有操作权限!'); } /*elseif($file != 'login') { showmessage('请登录!', '?mod=phpcms&file=login&forward='.urlencode(URL),1,1); }*/ $log = new log(); if(ADMIN_LOG && $file != 'database' && !in_array($action, array('get_menu_list', 'menu_pos'))) { $log->set('admin', 0); $log->add(); } //if($mod != 'phpcms' && !@include PHPCMS_ROOT.$M['path'].'admin/admin.inc.php') showmessage('The file ./'.$M['path'].'admin.inc.php is not exists!'); if($mod != 'phpcms' && !@include PHPCMS_ROOT.$M['path'].'admin/admin.inc.php') exit('[err]The file ./'.$M['path'].'admin.inc.php is not exists! [/err]'); //if(!@include PHPCMS_ROOT.(isset($M['path']) ? $M['path'] : '').'admin/'.$file.'.inc.php') exit("[err]The file ./{$M['path']}admin/{$file}.inc.php is not exists![/err]"); defined('IN_PHPCMS') or exit("Access Denied"); require_once 'admin/process.class.php'; require_once 'admin/content.class.php'; require_once 'attachment.class.php'; $c = new content(); if(is_numeric($contentid)) { $data = $c->get($contentid); $catid = $data['catid']; $modelid = $CATEGORY[$catid]['modelid']; } $catid=$info['catid']; //ET增加 if(!isset($catid) || !isset($CATEGORY[$catid])) showmessage('缺少 catid 参数!'); extract(cache_read('category_'.$catid.'.php')); if($type == 2) { if($action == 'manage') $action = 'link'; } elseif($type == 1) { if($action == 'manage') $action = 'block'; } else { /* $allow_manage = $priv_role->check('catid', $catid, 'manage'); $allow_add = $allow_manage ? true : $priv_role->check('catid', $catid, 'add'); $allow_check = $allow_manage ? true : $priv_role->check('catid', $catid, 'check'); $allow_view = $allow_manage ? true : $priv_role->check('catid', $catid, 'view'); */ $allow_manage = true; $allow_add = true ; $allow_check =false; $allow_view = false; $attachment = new attachment($mod, $catid); $p = new process($workflowid); $PROCESS = cache_read('process_'.$workflowid.'.php'); $submenu = $allowprocessids = array(); if($allow_add) { $submenu[] = array('发布信息', '?mod='.$mod.'&file='.$file.'&action=add&catid='.$catid); $submenu[] = array('我发布的信息', '?mod='.$mod.'&file='.$file.'&action=my&catid='.$catid); } if($allow_check) { foreach($PROCESS as $pid=>$processname) { if($priv_role->check('processid', $pid)) { $allow_processids[] = $pid; $submenu[] = array($processname, '?mod='.$mod.'&file='.$file.'&action=check&catid='.$catid.'&processid='.$pid); } } } if($allow_manage) { $submenu[] = array('管理', '?mod='.$mod.'&file='.$file.'&action=manage&catid='.$catid); $submenu[] = array('回收站', '?mod='.$mod.'&file='.$file.'&action=recycle&catid='.$catid); $submenu[] = array('碎片', '?mod='.$mod.'&file='.$file.'&action=block&catid='.$catid); } elseif($allow_view) { $submenu[] = array('浏览', '?mod='.$mod.'&file='.$file.'&action=browse&catid='.$catid); } $submenu[] = array('搜索', '?mod='.$mod.'&file='.$file.'&action=search&catid='.$catid); $menu = admin_menu($CATEGORY[$catid]['catname'].' 栏目管理', $submenu); if(!isset($processid) || !in_array($processid, $allow_processids)) $processid = $allow_processids[0]; } switch($action) { case 'add': //if(!$priv_role->check('catid', $catid, 'add') && !$allow_manage) showmessage('无发布权限!'); if($dosubmit) { $info['status'] = ($status == 2 || $status == 3) ? $status : ($allow_manage ? 99 : 3); $contentid = $c->add($info,$cat_selected); //if($contentid) showmessage('发布成功!', '?mod=phpcms&file=content&action=add&catid='.$catid); if($contentid){ exit("[ok]");} else{ exit("[err]post failed[/err]"); } } else { $data['catid'] = $catid; $data['template'] = isset($template_show) ? $template_show :$MODEL[$modelid]['template_show']; require CACHE_MODEL_PATH.'content_form.class.php'; $content_form = new content_form($modelid); $forminfos = $content_form->get($data); require_once 'tree.class.php'; foreach($CATEGORY as $cid=>$c) { if($c['module'] != $mod || $c['type'] > 0) continue; $checkbox = $c['child'] ? '' : ''; $cats[$cid] = array('id'=>$cid, 'parentid'=>$c['parentid'], 'name'=>$c['catname'], 'checkbox'=>$checkbox); } $str = "