DesDev
/
DedeCMSv5
보기 1
좋아요 0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 활동
中国专业的PHP网站内容管理系统-织梦内容管理系统
31 커밋
2 브랜치
15MB
트리: bd69e4a4bf
DedeCMSv5/src/dede/diy_list.php

226 lines
8.0KB
Raw Blame 히스토리 

  1. <?php

  2. /**

  3.  * 自定义表单列表

  4.  *

  5.  * @version        $Id: diy_list.php 1 18:31 2010年7月12日Z tianya $

  6.  * @package        DedeCMS.Administrator

  7.  * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.

  8.  * @license        http://help.dedecms.com/usersguide/license.html

  9.  * @link           http://www.dedecms.com

  10.  */

  11. require_once(dirname(__FILE__)."/config.php");

  12. CheckPurview('c_New');

  13. $diyid = isset($diyid) && is_numeric($diyid) ? $diyid : 0;

  14. $action = isset($action) && in_array($action, array('post', 'list', 'edit', 'check', 'delete')) ? $action : '';

  15. if(empty($diyid))

  16. {

  17.     showMsg("非法操作!", 'javascript:;');

  18.     exit();

  19. }

  20. require_once DEDEINC.'/diyform.cls.php';

  21. $diy = new diyform($diyid);

  22. if($action == 'post')

  23. {

  24.     if(empty($do))

  25.     {

  26.         $postform = $diy->getForm('post','','admin');

  27.         include DEDEADMIN.'/templets/diy_post.htm';

  28.     }

  29.     else if($do == 2)

  30.     {

  31.         $dede_fields = empty($dede_fields) ? '' : trim($dede_fields);

  32.         $dede_fieldshash = empty($dede_fieldshash) ? '' : trim($dede_fieldshash);

  33.         if(!empty($dede_fields))

  34.         {

  35.             if($dede_fieldshash != md5($dede_fields.$cfg_cookie_encode))

  36.             {

  37.                 showMsg("数据校验不对,程序返回", '-1');

  38.                 exit();

  39.             }

  40.         }

  41.         $diyform = $dsql->getOne("SELECT * FROM #@__diyforms WHERE diyid=$diyid");

  42.         if(!is_array($diyform))

  43.         {

  44.             showmsg("自定义表单不存在", '-1');

  45.             exit();

  46.         }

  47.         $addvar = $addvalue = '';

  48.         if(!empty($dede_fields))

  49.         {

  50.             $fieldarr = explode(';', $dede_fields);

  51.             if(is_array($fieldarr))

  52.             {

  53.                 foreach($fieldarr as $field)

  54.                 {

  55.                     if($field == '')

  56.                     {

  57.                         continue;

  58.                     }

  59.                     $fieldinfo = explode(',', $field);

  60.                     if($fieldinfo[1] == 'htmltext' || $fieldinfo[1] == 'textdata')

  61.                     {

  62.                         ${$fieldinfo[0]} = filterscript(stripslashes(${$fieldinfo[0]}));

  63.                         ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});

  64.                         ${$fieldinfo[0]} = getFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','member');

  65.                     }

  66.                     else

  67.                     {

  68.                         ${$fieldinfo[0]} = getFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','member');

  69.                     }

  70.                     $addvar .= ', `'.$fieldinfo[0].'`';

  71.                     $addvalue .= ", '".${$fieldinfo[0]}."'";

  72.                 }

  73.             }

  74.         }

  75.         $query = "INSERT INTO `{$diy->table}` (`id`, `ifcheck` $addvar)  VALUES (NULL, 0 $addvalue)";

  76.         if($dsql->ExecuteNoneQuery($query))

  77.         {

  78.             $goto = "diy_list.php?action=list&diyid={$diy->diyid}";

  79.             showmsg('发布成功', $goto);

  80.         }

  81.         else

  82.         {

  83.             showmsg('对不起,发布不成功', '-1');

  84.         }

  85.     }

  86. } else if ($action == 'list')

  87. {

  88.     include_once DEDEINC.'/datalistcp.class.php';

  89.     $query = "SELECT * FROM {$diy->table} ORDER BY id DESC";

  90.     $datalist = new DataListCP();

  91.     $datalist->pageSize = 10;

  92.     $datalist->SetParameter('action', 'list');

  93.     $datalist->SetParameter('diyid', $diyid);

  94.     $datalist->SetTemplate(DEDEADMIN.'/templets/diy_list.htm');

  95.     $datalist->SetSource($query);

  96.     $fieldlist = $diy->getFieldList();

  97.     $datalist->Display();

  98. } else if ($action == 'edit')

  99. {

  100.     if(empty($do))

  101.     {

  102.         $id = isset($id) && is_numeric($id) ? $id : 0;

  103.         if(empty($id))

  104.         {

  105.             showMsg('非法操作!未指定id', 'javascript:;');

  106.             exit();

  107.         }

  108.         $query = "SELECT * FROM {$diy->table} WHERE id=$id";

  109.         $row = $dsql->GetOne($query);

  110.         if(!is_array($row))

  111.         {

  112.             showmsg("你访问的记录不存在或未经审核", '-1');

  113.             exit();

  114.         }

  115.         $postform = $diy->getForm('edit', $row, 'admin');

  116.         $fieldlist = $diy->getFieldList();

  117.         $c1 = $row['ifcheck'] == 1 ? 'checked' : '';

  118.         $c2 = $row['ifcheck'] == 0 ? 'checked' : '';

  119.         include DEDEADMIN.'/templets/diy_edit_content.htm';

  120.     }

  121.     else if($do == 2)

  122.     {

  123.         $dede_fields = empty($dede_fields) ? '' : trim($dede_fields);

  124.         $diyform = $dsql->GetOne("SELECT * FROM #@__diyforms WHERE diyid=$diyid");

  125.         $diyco = $dsql->GetOne("SELECT * FROM `$diy->table` WHERE id='$id'");

  126.         if(!is_array($diyform))

  127.         {

  128.             showmsg("自定义表单不存在", '-1');

  129.             exit();

  130.         }

  131.         $addsql = '';

  132.         if(!empty($dede_fields))

  133.         {

  134.             $fieldarr = explode(';', $dede_fields);

  135.             if(is_array($fieldarr))

  136.             {

  137.                 foreach($fieldarr as $field)

  138.                 {

  139.                     if($field == '')

  140.                     {

  141.                         continue;

  142.                     }

  143.                     $fieldinfo = explode(',', $field);

  144.                     if($fieldinfo[1] == 'htmltext' || $fieldinfo[1] == 'textdata')

  145.                     {

  146.                         ${$fieldinfo[0]} = filterscript(stripslashes(${$fieldinfo[0]}));

  147.                         ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});

  148.                         ${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','member');

  149.                         ${$fieldinfo[0]} = empty(${$fieldinfo[0]}) ? $diyco[$fieldinfo[0]] : ${$fieldinfo[0]};

  150.                     }

  151.                     else

  152.                     {

  153. 

  154.                         ${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','diy', $fieldinfo[0]);

  155.                         ${$fieldinfo[0]} = empty(${$fieldinfo[0]}) ? $diyco[$fieldinfo[0]] : ${$fieldinfo[0]};

  156.                     }

  157.                     $addsql .= !empty($addsql)?',`'.$fieldinfo[0]."`='".${$fieldinfo[0]}."'" : '`'.$fieldinfo[0]."`='".${$fieldinfo[0]}."'";

  158.                 }

  159.             }

  160.         }

  161.         $query = "UPDATE `$diy->table` SET $addsql  WHERE id=$id";

  162.         if($dsql->ExecuteNoneQuery($query))

  163.         {

  164.             $goto = "diy_list.php?action=list&diyid={$diy->diyid}";

  165.             showmsg('编辑成功', $goto);

  166.         }

  167.         else

  168.         {

  169.             showmsg('编辑成功', '-1');

  170.         }

  171.     }

  172. }elseif($action == 'check')

  173. {

  174.     if(is_array($id))

  175.     {

  176.         $ids = implode(',', $id);

  177.     }

  178.     else

  179.     {

  180.         showmsg('未选中要操作的内容', '-1');

  181.         exit();

  182.     }

  183.     $query = "UPDATE `$diy->table` SET ifcheck=1 WHERE id IN ($ids)";

  184.     if($dsql->ExecuteNoneQuery($query))

  185.     {

  186.         showmsg('审核成功', "diy_list.php?action=list&diyid={$diy->diyid}");

  187.     }

  188.     else

  189.     {

  190.         showmsg('审核失败', "diy_list.php?action=list&diyid={$diy->diyid}");

  191.     }

  192. }elseif($action == 'delete')

  193. {

  194.     if(empty($do))

  195.     {

  196.         if(is_array($id))

  197.         {

  198.             $ids = implode(',', $id);

  199.         }else

  200.         {

  201.             showmsg('未选中要操作的内容', '-1');

  202.             exit();

  203.         }

  204.         $query = "DELETE FROM `$diy->table` WHERE id IN ($ids)";

  205.         if($dsql->ExecuteNoneQuery($query))

  206.         {

  207.             showmsg('删除成功', "diy_list.php?action=list&diyid={$diy->diyid}");

  208.         }

  209.         else

  210.         {

  211.             showmsg('删除失败', "diy_list.php?action=list&diyid={$diy->diyid}");

  212.         }

  213.     } else if($do=1){

  214.         $row = $dsql->GetOne("SELECT * FROM `$diy->table` WHERE id='$id'");

  215.         if(file_exists($cfg_basedir.$row[$name])){

  216.             unlink($cfg_basedir.$row[$name]);

  217.             $dsql->ExecuteNoneQuery("UPDATE `$diy->table` SET $name='' WHERE id='$id'");

  218.             showmsg('文件删除成功',"diy_list.php?action=list&diyid={$diy->diyid}");

  219.         }else{

  220.             showmsg('文件不存在','-1');

  221.         }

  222.     }

  223. }else

  224. {

  225.     showmsg('未定义操作', "-1");

  226. }