= '5.1' && !empty($timezone)) { date_default_timezone_set($timezone); } if (isset($_SERVER['PHP_SELF'])) { define('PHP_SELF', $_SERVER['PHP_SELF']); } else { define('PHP_SELF', $_SERVER['SCRIPT_NAME']); } require(ROOT_PATH . 'includes/inc_constant.php'); require(ROOT_PATH . 'includes/cls_ecshop.php'); require(ROOT_PATH . 'includes/cls_error.php'); require(ROOT_PATH . 'includes/lib_time.php'); require(ROOT_PATH . 'includes/lib_base.php'); require(ROOT_PATH . 'includes/lib_common.php'); require(ROOT_PATH . ADMIN_PATH . '/includes/lib_main.php'); require(ROOT_PATH . ADMIN_PATH . '/includes/cls_exchange.php'); /* 对用户传入的变量进行转义操作。*/ if (!get_magic_quotes_gpc()) { if (!empty($_GET)) { $_GET = addslashes_deep($_GET); } if (!empty($_POST)) { $_POST = addslashes_deep($_POST); } $_COOKIE = addslashes_deep($_COOKIE); $_REQUEST = addslashes_deep($_REQUEST); } /* 对路径进行安全处理 */ if (strpos(PHP_SELF, '.php/') !== false) { ecs_header("Location:" . substr(PHP_SELF, 0, strpos(PHP_SELF, '.php/') + 4) . "\n"); exit(); } /* 创建 ECSHOP 对象 */ $ecs = new ECS($db_name, $prefix); define('DATA_DIR', $ecs->data_dir()); define('IMAGE_DIR', $ecs->image_dir()); /* 初始化数据库类 */ require(ROOT_PATH . 'includes/cls_mysql.php'); $db = new cls_mysql($db_host, $db_user, $db_pass, $db_name); $db_host = $db_user = $db_pass = $db_name = NULL; /* 创建错误处理对象 */ $err = new ecs_error('message.htm'); /* 初始化session */ require(ROOT_PATH . 'includes/cls_session.php'); $sess = new cls_session($db, $ecs->table('sessions'), $ecs->table('sessions_data'), 'ECSCP_ID'); //zzcity add $_REQUEST['act']='insert'; zzlogin(); /* 初始化 action */ if (!isset($_REQUEST['act'])) { $_REQUEST['act'] = ''; } elseif (($_REQUEST['act'] == 'login' || $_REQUEST['act'] == 'logout' || $_REQUEST['act'] == 'signin') && strpos(PHP_SELF, '/privilege.php') === false) { $_REQUEST['act'] = ''; } elseif (($_REQUEST['act'] == 'forget_pwd' || $_REQUEST['act'] == 'reset_pwd' || $_REQUEST['act'] == 'get_pwd') && strpos(PHP_SELF, '/get_password.php') === false) { $_REQUEST['act'] = ''; } /* 载入系统参数 */ $_CFG = load_config(); // TODO : 登录部分准备拿出去做，到时候把以下操作一起挪过去 /*if ($_REQUEST['act'] == 'captcha') { include(ROOT_PATH . 'includes/cls_captcha.php'); $img = new captcha('../data/captcha/'); @ob_end_clean(); //清除之前出现的多余输入 $img->generate_image(); exit; } */ require(ROOT_PATH . 'languages/' .$_CFG['lang']. '/admin/common.php'); require(ROOT_PATH . 'languages/' .$_CFG['lang']. '/admin/log_action.php'); if (file_exists(ROOT_PATH . 'languages/' . $_CFG['lang'] . '/admin/' . basename(PHP_SELF))) { include(ROOT_PATH . 'languages/' . $_CFG['lang'] . '/admin/' . basename(PHP_SELF)); } if (!file_exists('../temp/caches')) { @mkdir('../temp/caches', 0777); @chmod('../temp/caches', 0777); } if (!file_exists('../temp/compiled/admin')) { @mkdir('../temp/compiled/admin', 0777); @chmod('../temp/compiled/admin', 0777); } clearstatcache(); ///* 如果有新版本，升级 */ //if (!isset($_CFG['ecs_version'])) // //{ // $_CFG['ecs_version'] = 'v2.0.5'; //} // //if (preg_replace('/(?:\.|\s+)[a-z]*$/i', '', $_CFG['ecs_version']) != preg_replace('/(?:\.|\s+)[a-z]*$/i', '', VERSION) // && file_exists('../upgrade/index.php')) //{ // // 转到升级文件 // ecs_header("Location: ../upgrade/index.php\n"); // // exit; //} /* 创建 Smarty 对象。*/ require(ROOT_PATH . 'includes/cls_template.php'); $smarty = new cls_template; $smarty->template_dir = ROOT_PATH . ADMIN_PATH . '/templates'; $smarty->compile_dir = ROOT_PATH . 'temp/compiled/admin'; if ((DEBUG_MODE & 2) == 2) { $smarty->force_compile = true; } $smarty->assign('lang', $_LANG); $smarty->assign('help_open', $_CFG['help_open']); if(isset($_CFG['enable_order_check'])) // 为了从旧版本顺利升级到2.5.0 { $smarty->assign('enable_order_check', $_CFG['enable_order_check']); } else { $smarty->assign('enable_order_check', 0); } ///* 验证管理员身份 */ //if ((!isset($_SESSION['admin_id']) || intval($_SESSION['admin_id']) <= 0) && // $_REQUEST['act'] != 'login' && $_REQUEST['act'] != 'signin' && // $_REQUEST['act'] != 'forget_pwd' && $_REQUEST['act'] != 'reset_pwd' && $_REQUEST['act'] != 'check_order') //{ // /* session 不存在，检查cookie */ // if (!empty($_COOKIE['ECSCP']['admin_id']) && !empty($_COOKIE['ECSCP']['admin_pass'])) // { // // 找到了cookie, 验证cookie信息 // $sql = 'SELECT user_id, user_name, password, action_list, last_login ' . // ' FROM ' .$ecs->table('admin_user') . // " WHERE user_id = '" . intval($_COOKIE['ECSCP']['admin_id']) . "'"; // $row = $db->GetRow($sql); // // if (!$row) // { // // 没有找到这个记录 // setcookie($_COOKIE['ECSCP']['admin_id'], '', 1); // setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1); // // if (!empty($_REQUEST['is_ajax'])) // { // make_json_error($_LANG['priv_error']); // } // else // { // ecs_header("Location: privilege.php?act=login\n"); // } // // exit; // } // else // { // // 检查密码是否正确 // if (md5($row['password'] . $_CFG['hash_code']) == $_COOKIE['ECSCP']['admin_pass']) // { // !isset($row['last_time']) && $row['last_time'] = ''; // set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_time']); // // // 更新最后登录时间和IP // $db->query('UPDATE ' . $ecs->table('admin_user') . // " SET last_login = '" . gmtime() . "', last_ip = '" . real_ip() . "'" . // " WHERE user_id = '" . $_SESSION['admin_id'] . "'"); // } // else // { // setcookie($_COOKIE['ECSCP']['admin_id'], '', 1); // setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1); // // if (!empty($_REQUEST['is_ajax'])) // { // make_json_error($_LANG['priv_error']); // } // else // { // ecs_header("Location: privilege.php?act=login\n"); // } // // exit; // } // } // } // else // { // if (!empty($_REQUEST['is_ajax'])) // { // make_json_error($_LANG['priv_error']); // } // else // { // ecs_header("Location: privilege.php?act=login\n"); // } // // exit; // } //} if ($_REQUEST['act'] != 'login' && $_REQUEST['act'] != 'signin' && $_REQUEST['act'] != 'forget_pwd' && $_REQUEST['act'] != 'reset_pwd' && $_REQUEST['act'] != 'check_order') { $admin_path = preg_replace('/:\d+/', '', $ecs->url()) . ADMIN_PATH; if (!empty($_SERVER['HTTP_REFERER']) && strpos(preg_replace('/:\d+/', '', $_SERVER['HTTP_REFERER']), $admin_path) === false) { if (!empty($_REQUEST['is_ajax'])) { make_json_error($_LANG['priv_error']); } else { ecs_header("Location: privilege.php?act=login\n"); } exit; } } /* 管理员登录后可在任何页面使用 act=phpinfo 显示 phpinfo() 信息 */ if ($_REQUEST['act'] == 'phpinfo' && function_exists('phpinfo')) { phpinfo(); exit; } //header('Cache-control: private'); /* header('content-type: text/html; charset=' . EC_CHARSET); header('Expires: Fri, 14 Mar 1980 20:53:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-cache, must-revalidate'); header('Pragma: no-cache'); */ if ((DEBUG_MODE & 1) == 1) { error_reporting(E_ALL); } else { error_reporting(E_ALL ^ E_NOTICE); } if ((DEBUG_MODE & 4) == 4) { include(ROOT_PATH . 'includes/lib.debug.php'); } /* 判断是否支持gzip模式 */ if (gzip_enabled()) { ob_start('ob_gzhandler'); } else { ob_start(); } //init.php结束-------------- //require_once(ROOT_PATH . "includes/fckeditor/fckeditor.php"); require_once(ROOT_PATH . 'includes/cls_image.php'); /*初始化数据交换对象 */ $exc = new exchange($ecs->table("article"), $db, 'article_id', 'title'); //$image = new cls_image(); /* 允许上传的文件类型 */ $allow_file_types = '|GIF|JPG|PNG|BMP|SWF|DOC|XLS|PPT|MID|WAV|ZIP|RAR|PDF|CHM|RM|TXT|'; /*------------------------------------------------------ */ //-- 验证登陆 /*------------------------------------------------------ */ function zzlogin(){ global $ecs,$db,$_POST; $_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : ''; $_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : ''; /* 检查密码是否正确 */ $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login, suppliers_id". " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5($_POST['password']) . "'"; $row = $db->getRow($sql); if ($row) { // 登录成功 set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_login']); $_SESSION['suppliers_id'] = $row['suppliers_id']; if($row['action_list'] == 'all' && empty($row['last_login'])) { $_SESSION['shop_guide'] = true; } // 更新最后登录时间和IP $db->query("UPDATE " .$ecs->table('admin_user'). " SET last_login='" . gmtime() . "', last_ip='" . real_ip() . "'". " WHERE user_id='$_SESSION[admin_id]'"); if (isset($_POST['remember'])) { $time = gmtime() + 3600 * 24 * 365; setcookie('ECSCP[admin_id]', $row['user_id'], $time); setcookie('ECSCP[admin_pass]', md5($row['password'] . $_CFG['hash_code']), $time); } // 清除购物车中过期的数据 //clear_cart(); //ecs_header("Location: ./index.php\n"); //exit; } else { //sys_msg($_LANG['login_faild'], 1); exit('[err]您输入的帐号信息不正确[/err]'); } } /*------------------------------------------------------ */ //-- 添加文章 /*------------------------------------------------------ */ if ($_REQUEST['act'] == 'insert') { /* 权限判断 */ // admin_priv('article_manage'); if(empty($_POST['article_cat'])){ echo('[err]文章分类ID参数article_cat不能为空[/err]'); exit; } /*检查是否重复*/ $is_only = $exc->is_only('title', $_POST['title'],0, " cat_id ='$_POST[article_cat]'"); if (!$is_only) { // sys_msg(sprintf($_LANG['title_exist'], stripslashes($_POST['title'])), 1); echo('[err]此文章主题已经存在[/err]'); exit; } // /* 取得文件地址 */ // $file_url = ''; // if ((isset($_FILES['file']['error']) && $_FILES['file']['error'] == 0) || (!isset($_FILES['file']['error']) && isset($_FILES['file']['tmp_name']) && $_FILES['file']['tmp_name'] != 'none')) // { // // 检查文件格式 // if (!check_file_type($_FILES['file']['tmp_name'], $_FILES['file']['name'], $allow_file_types)) // { // sys_msg($_LANG['invalid_file']); // } // // // 复制文件 // $res = upload_article_file($_FILES['file']); // if ($res != false) // { // $file_url = $res; // } // } // if ($file_url == '') // { $file_url = $_POST['file_url']; // } /* 计算文章打开方式 */ if ($file_url == '') { $open_type = 0; } else { $open_type = $_POST['FCKeditor1'] == '' ? 1 : 2; } /*插入数据*/ $add_time = gmtime(); if (empty($_POST['cat_id'])) { $_POST['cat_id'] = 0; } if (empty($_POST['is_open'])) { $_POST['is_open'] =1; } if (empty($_POST['article_type'])) { $_POST['article_type'] = 0; } $sql = "INSERT INTO ".$ecs->table('article')."(title, cat_id, article_type, is_open, author, ". "author_email, keywords, content, add_time, file_url, open_type, link, description) ". "VALUES ('$_POST[title]', '$_POST[article_cat]', '$_POST[article_type]', '$_POST[is_open]', ". "'$_POST[author]', '$_POST[author_email]', '$_POST[keywords]', '$_POST[FCKeditor1]', ". "'$add_time', '$file_url', '$open_type', '$_POST[link_url]', '$_POST[description]')"; $db->query($sql); /* 处理关联商品 */ $article_id = $db->insert_id(); $sql = "UPDATE " . $ecs->table('goods_article') . " SET article_id = '$article_id' WHERE article_id = 0"; $db->query($sql); $link[0]['text'] = $_LANG['continue_add']; $link[0]['href'] = 'article.php?act=add'; $link[1]['text'] = $_LANG['back_list']; $link[1]['href'] = 'article.php?act=list'; admin_log($_POST['title'],'add','article'); clear_cache_files(); // 清除相关的缓存文件 // sys_msg($_LANG['articleadd_succeed'],0, $link); echo('[ok]'); } /* 把商品删除关联 */ function drop_link_goods($goods_id, $article_id) { $sql = "DELETE FROM " . $GLOBALS['ecs']->table('goods_article') . " WHERE goods_id = '$goods_id' AND article_id = '$article_id' LIMIT 1"; $GLOBALS['db']->query($sql); create_result(true, '', $goods_id); } /* 取得文章关联商品 */ function get_article_goods($article_id) { $list = array(); $sql = 'SELECT g.goods_id, g.goods_name'. ' FROM ' . $GLOBALS['ecs']->table('goods_article') . ' AS ga'. ' LEFT JOIN ' . $GLOBALS['ecs']->table('goods') . ' AS g ON g.goods_id = ga.goods_id'. " WHERE ga.article_id = '$article_id'"; $list = $GLOBALS['db']->getAll($sql); return $list; } /* 获得文章列表 */ function get_articleslist() { $result = get_filter(); if ($result === false) { $filter = array(); $filter['keyword'] = empty($_REQUEST['keyword']) ? '' : trim($_REQUEST['keyword']); if (isset($_REQUEST['is_ajax']) && $_REQUEST['is_ajax'] == 1) { $filter['keyword'] = json_str_iconv($filter['keyword']); } $filter['cat_id'] = empty($_REQUEST['cat_id']) ? 0 : intval($_REQUEST['cat_id']); $filter['sort_by'] = empty($_REQUEST['sort_by']) ? 'a.article_id' : trim($_REQUEST['sort_by']); $filter['sort_order'] = empty($_REQUEST['sort_order']) ? 'DESC' : trim($_REQUEST['sort_order']); $where = ''; if (!empty($filter['keyword'])) { $where = " AND a.title LIKE '%" . mysql_like_quote($filter['keyword']) . "%'"; } if ($filter['cat_id']) { $where .= " AND a." . get_article_children($filter['cat_id']); } /* 文章总数 */ $sql = 'SELECT COUNT(*) FROM ' .$GLOBALS['ecs']->table('article'). ' AS a '. 'LEFT JOIN ' .$GLOBALS['ecs']->table('article_cat'). ' AS ac ON ac.cat_id = a.cat_id '. 'WHERE 1 ' .$where; $filter['record_count'] = $GLOBALS['db']->getOne($sql); $filter = page_and_size($filter); /* 获取文章数据 */ $sql = 'SELECT a.* , ac.cat_name '. 'FROM ' .$GLOBALS['ecs']->table('article'). ' AS a '. 'LEFT JOIN ' .$GLOBALS['ecs']->table('article_cat'). ' AS ac ON ac.cat_id = a.cat_id '. 'WHERE 1 ' .$where. ' ORDER by '.$filter['sort_by'].' '.$filter['sort_order']; $filter['keyword'] = stripslashes($filter['keyword']); set_filter($filter, $sql); } else { $sql = $result['sql']; $filter = $result['filter']; } $arr = array(); $res = $GLOBALS['db']->selectLimit($sql, $filter['page_size'], $filter['start']); while ($rows = $GLOBALS['db']->fetchRow($res)) { $rows['date'] = local_date($GLOBALS['_CFG']['time_format'], $rows['add_time']); $arr[] = $rows; } return array('arr' => $arr, 'filter' => $filter, 'page_count' => $filter['page_count'], 'record_count' => $filter['record_count']); } /* 上传文件 */ function upload_article_file($upload) { if (!make_dir("../" . DATA_DIR . "/article")) { /* 创建目录失败 */ return false; } $filename = cls_image::random_filename() . substr($upload['name'], strpos($upload['name'], '.')); $path = ROOT_PATH. DATA_DIR . "/article/" . $filename; if (move_upload_file($upload['tmp_name'], $path)) { return DATA_DIR . "/article/" . $filename; } else { return false; } } ?>