{$configfile}不支持写入,无法修改系统配置参数";
exit();
}
$fp = fopen($configfile, 'w');
flock($fp, 3);
fwrite($fp, "<"."?php\r\n");
$dsql->SetQuery("SELECT `varname`,`type`,`value`,`groupid` FROM `#@__sysconfig` ORDER BY aid ASC");
$dsql->Execute();
while ($row = $dsql->GetArray()) {
if ($row['type'] == 'number') {
$row['value'] = preg_replace("#[^0-9.-]#","", $row['value']);
if ($row['value'] == '') $row['value'] = 0;
fwrite($fp, "\${$row['varname']} = ".$row['value'].";\r\n");
} else {
$row['value'] = stripslashes($row['value']);
fwrite($fp, "\${$row['varname']} = '".str_replace(array("'","\\"), '', $row['value'])."';\r\n");
}
}
fwrite($fp, "?".">");
fclose($fp);
}
//保存配置的改动
if ($dopost == "save") {
CheckCSRF();
foreach ($_POST as $k => $v) {
if (preg_match("#^edit___#", $k)) {
$v = cn_substrR(${$k}, 1024);
} else {
continue;
}
$k = preg_replace("#^edit___#", "", $k);
$v = $dsql->Esc($v);
$k = $dsql->Esc($k);
$dsql->ExecuteNoneQuery("UPDATE `#@__sysconfig` SET `value`='$v' WHERE varname='$k' ");
}
ReWriteConfig();
ShowMsg("成功修改站点配置", "sys_info.php");
exit();
}
//添加新变量
else if ($dopost == 'add') {
CheckCSRF();
if ($vartype == 'bool' && ($nvarvalue != 'Y' && $nvarvalue != 'N')) {
ShowMsg("布尔变量值必须为Y或N", "-1");
exit();
}
if ($valtype == 'number') {
$nvarvalue = preg_replace("[^0-9.]","", $nvarvalue);
}
if (trim($nvarname) == '' || preg_match("#[^a-z_]#i", $nvarname)) {
ShowMsg("变量名不能为空并且必须为[a-z_]组成", "-1");
exit();
}
$row = $dsql->GetOne("SELECT varname FROM `#@__sysconfig` WHERE varname LIKE '$nvarname' ");
if (is_array($row)) {
ShowMsg("该变量名称已经存在", "-1");
exit();
}
$row = $dsql->GetOne("SELECT aid FROM `#@__sysconfig` ORDER BY aid DESC");
$aid = intval($row['aid']) + 1;
$varmsg = HtmlReplace($varmsg);
$inquery = "INSERT INTO `#@__sysconfig` (`aid`,`varname`,`info`,`value`,`type`,`groupid`) VALUES ('$aid','$nvarname','$varmsg','$nvarvalue','$vartype','$vargroup')";
$rs = $dsql->ExecuteNoneQuery($inquery);
if (!$rs) {
ShowMsg("新增变量失败,可能有非法字符", "sys_info.php?gp=$vargroup");
exit();
}
if (!is_writeable($configfile)) {
ShowMsg("成功保存变量,但由于$configfile无法写入,因此不能更新配置文件", "sys_info.php?gp=$vargroup");
exit();
} else {
ReWriteConfig();
ShowMsg("成功保存变量并更新配置文件", "sys_info.php?gp=$vargroup");
exit();
}
}
//搜索配置
else if ($dopost == 'search') {
$keywords = isset($keywords) ? strip_tags($keywords) : '';
$i = 1;
$configstr = <<
参数说明
参数值
变量名
EOT;
echo $configstr;
if ($keywords) {
$dsql->SetQuery("SELECT * FROM `#@__sysconfig` WHERE info LIKE '%$keywords%' OR varname LIKE '%$keywords%' ORDER BY aid ASC");
$dsql->Execute();
while ($row = $dsql->GetArray()) {
$bgcolor = ($i++ % 2 == 0) ? "#f5f5f5" : "#ffffff";
$row['info'] = preg_replace("#{$keywords}#", ''.$keywords.'', $row['info']);
$row['varname'] = preg_replace("#{$keywords}#", ''.$keywords.'', $row['varname']);
?>