down_conmod.php

学校网站源码http://您的网址/admin/admin_login.asp 默认登录用户：admin 默认登录密码：admin

<?php


include( "../config.inc.php" );
include( "../includes/SysGlobal.php" );
include( "language/".$aLan."_".$charset.".php" );
include( "../includes/version.php" );
include( "../includes/pro.php" );
include( "func/adm.inc.php" );
include( "func/common.inc.php" );
include( "func/db.inc.php" );
include( "func/nocatch.php" );
needauth( 23 );
echo "<html>\r\n<head >\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=";
echo $charset;
echo "\">\r\n<link id=\"style_sheet\" href=\"css/commonstyle.css\" type=\"text/css\" rel=\"stylesheet\">\r\n<title>";
echo $strAdminTitle;
echo "</title>\r\n\r\n</head>\r\n\r\n<body  class=\"NormalPage\">\r\n";
$id = $_REQUEST['id'];
$step = $_REQUEST['step'];
$pid = $_REQUEST['pid'];
$oldmenuid = $_REQUEST['oldmenuid'];
if ( $step == "2" )
{
	$id = $_POST['id'];
	$pid = $_POST['pid'];
	$catid = $_POST['catid'];
	$page = $_POST['page'];
	$title = $_POST['title'];
	$memo = $_POST['memo'];
	$author = $_POST['author'];
	$source = $_POST['source'];
	$title = $_POST['title'];
	$url = $_POST['url'];
	$filesize = $_POST['filesize'];
	$secure = $_POST['secure'];
	$body = $_POST['body'];
	$pic = $_FILES['jpg'];
	$spe_selec = $_POST['spe_selec'];
	$oldcatid = $_POST['oldcatid'];
	$oldcatpath = $_POST['oldcatpath'];
	$oldmenuid = $_POST['oldmenuid'];
	$prop1 = $_POST['prop1'];
	$prop2 = $_POST['prop2'];
	$prop3 = $_POST['prop3'];
	$prop4 = $_POST['prop4'];
	$prop5 = $_POST['prop5'];
	$prop6 = $_POST['prop6'];
	$prop7 = $_POST['prop7'];
	$prop8 = $_POST['prop8'];
	$prop9 = $_POST['prop9'];
	$prop10 = $_POST['prop10'];
	$prop11 = $_POST['prop11'];
	$prop12 = $_POST['prop12'];
	$prop13 = $_POST['prop13'];
	$prop14 = $_POST['prop14'];
	$prop15 = $_POST['prop15'];
	$prop16 = $_POST['prop16'];
	$prop17 = $_POST['prop17'];
	$prop18 = $_POST['prop18'];
	$prop19 = $_POST['prop19'];
	$prop20 = $_POST['prop20'];
	$kk = $_POST['kk'];
	$menuid = catid2menuid( $tbl_down_cat, $catid );
	$fold = menufold( $menuid );
	$uptime = time( );
	if ( $title == "" )
	{
		err( $strDownNotice6, "", "" );
	}
	if ( 200 < strlen( $title ) )
	{
		err( $strDownNotice7, "", "" );
	}
	if ( 65000 < strlen( $body ) )
	{
		err( $strDownNotice5, "", "" );
	}
	$title = htmlspecialchars( $title );
	$body = url2path( $body );
	$msql->query( "select catpath from {$tbl_down_cat} where catid='{$catid}'" );
	if ( $msql->next_record( ) )
	{
		$catpath = $msql->f( "catpath" );
	}
	$count_pro = count( $spe_selec );
	$i = 0;
	for ( ;	$i < $count_pro;	$i++	)
	{
		$projid = $spe_selec[$i];
		$projpath .= $projid.":";
	}
	if ( 0 < $pic['size'] )
	{
		$arr = uploadfile( $pic['tmp_name'], $pic['type'], $pic['name'], $pic['size'], $fold."/html/download" );
		$msql->query( "select src from  {$tbl_down_con} where id='{$id}'" );
		if ( $msql->next_record( ) )
		{
			$src = $msql->f( "src" );
		}
		if ( file_exists( "../".$src ) && $src != "" && !strstr( $src, "../" ) )
		{
			unlink( "../".$src );
		}
		$msql->query( "update {$tbl_down_con} set \r\n\t\ttype='{$arr['2']}',\r\n\t\tsrc='{$arr['3']}',\r\n\t\turl='{$arr['3']}',\r\n\t\t`filesize`='{$filesize}',\r\n\t\ttitle='{$title}',\r\n\t\tmemo='{$memo}',\r\n\t\tmenuid='{$menuid}',\r\n\t\tcatid='{$catid}',\r\n\t\tcatpath='{$catpath}',\r\n\t\tuptime='{$uptime}',\r\n\t\tauthor='{$author}',\r\n\t\tsource='{$source}',\r\n\t\tproj='{$projpath}',\r\n\t\tsecure='{$secure}',\r\n\t\tprop1='{$prop1}',\r\n\t\tprop2='{$prop2}',\r\n\t\tprop3='{$prop3}',\r\n\t\tprop4='{$prop4}',\r\n\t\tprop5='{$prop5}',\r\n\t\tprop6='{$prop6}',\r\n\t\tprop7='{$prop7}',\r\n\t\tprop8='{$prop8}',\r\n\t\tprop9='{$prop9}',\r\n\t\tprop10='{$prop10}',\r\n\t\tprop11='{$prop11}',\r\n\t\tprop12='{$prop12}',\r\n\t\tprop13='{$prop13}',\r\n\t\tprop14='{$prop14}',\r\n\t\tprop15='{$prop15}',\r\n\t\tprop16='{$prop16}',\r\n\t\tprop17='{$prop17}',\r\n\t\tprop18='{$prop18}',\r\n\t\tprop19='{$prop19}',\r\n\t\tprop20='{$prop20}',\r\n\t\tbody='{$body}' \r\n\t\twhere id='{$id}' " );
	}
	else
	{
		$msql->query( "update {$tbl_down_con} set \r\n\t\ttitle='{$title}',\r\n\t\turl='{$url}',\r\n\t\t`filesize`='{$filesize}',\r\n\t\tmemo='{$memo}',\r\n\t\tmenuid='{$menuid}',\r\n\t\tcatid='{$catid}',\r\n\t\tcatpath='{$catpath}',\r\n\t\tuptime='{$uptime}',\r\n\t\tauthor='{$author}',\r\n\t\tsource='{$source}',\r\n\t\tproj='{$projpath}',\r\n\t\tsecure='{$secure}',\r\n\t\tprop1='{$prop1}',\r\n\t\tprop2='{$prop2}',\r\n\t\tprop3='{$prop3}',\r\n\t\tprop4='{$prop4}',\r\n\t\tprop5='{$prop5}',\r\n\t\tprop6='{$prop6}',\r\n\t\tprop7='{$prop7}',\r\n\t\tprop8='{$prop8}',\r\n\t\tprop9='{$prop9}',\r\n\t\tprop10='{$prop10}',\r\n\t\tprop11='{$prop11}',\r\n\t\tprop12='{$prop12}',\r\n\t\tprop13='{$prop13}',\r\n\t\tprop14='{$prop14}',\r\n\t\tprop15='{$prop15}',\r\n\t\tprop16='{$prop16}',\r\n\t\tprop17='{$prop17}',\r\n\t\tprop18='{$prop18}',\r\n\t\tprop19='{$prop19}',\r\n\t\tprop20='{$prop20}',\r\n\t\tbody='{$body}' \r\n\t\twhere id='{$id}'" );
		if ( $oldmenuid != $menuid )
		{
			$msql->query( "select src from  {$tbl_down_con} where id='{$id}'" );
			if ( $msql->next_record( ) )
			{
				$src = $msql->f( "src" );
			}
			if ( file_exists( "../".$src ) && $src != "" && !strstr( $src, "../" ) )
			{
				$oldfold = menufold( $oldmenuid );
				$newfile = basename( $src );
				$newsrc = $fold."/html/download/".$newfile;
				rename( "../".$src, "../".$newsrc );
				$fsql->query( "update {$tbl_down_con} set src='{$newsrc}' where id='{$id}'" );
			}
		}
	}
	if ( $oldcatid != $catid )
	{
		addcatnums( $tbl_down_cat, $catpath );
		mincatnums( $tbl_down_cat, $oldcatpath );
	}
	if ( $oldmenuid != $menuid )
	{
		$oldfold = menufold( $oldmenuid );
		@unlink( "../".$oldfold."/html/".$id.".html" );
	}
	echo "<script>top.buildhtml.location='../".$fold."/html/?".$id.".html'</script>";
	sayok( $strDownNotice8, "down_con.php?menuid={$oldmenuid}&pid={$pid}", "" );
}
echo " \r\n<table width=\"100%\" border=\"0\" cellspacing=\"1\" cellpadding=\"0\" align=\"center\">\r\n  <tr valign=\"top\"> \r\n    <td height=\"377\"> \r\n      <p align=\"center\">\r\n";
$msql->query( "select * from {$tbl_down_con} where  id='{$id}'" );
if ( $msql->next_record( ) )
{
	$id = $msql->f( "id" );
	$catid = $msql->f( "catid" );
	$oldbody = $msql->f( "body" );
	$catid = $msql->f( "catid" );
	$title = $msql->f( "title" );
	$filesize = $msql->f( "filesize" );
	$url = $msql->f( "url" );
	$memo = $msql->f( "memo" );
	$xuhao = $msql->f( "xuhao" );
	$cl = $msql->f( "cl" );
	$tj = $msql->f( "tj" );
	$ifnew = $msql->f( "ifnew" );
	$ifred = $msql->f( "ifred" );
	$iffb = $msql->f( "iffb" );
	$src = $msql->f( "src" );
	$type = $msql->f( "type" );
	$author = $msql->f( "author" );
	$source = $msql->f( "source" );
	$secure = $msql->f( "secure" );
	$prop1 = $msql->f( "prop1" );
	$prop2 = $msql->f( "prop2" );
	$prop3 = $msql->f( "prop3" );
	$prop4 = $msql->f( "prop4" );
	$prop5 = $msql->f( "prop5" );
	$prop6 = $msql->f( "prop6" );
	$prop7 = $msql->f( "prop7" );
	$prop8 = $msql->f( "prop8" );
	$prop9 = $msql->f( "prop9" );
	$prop10 = $msql->f( "prop10" );
	$prop11 = $msql->f( "prop11" );
	$prop12 = $msql->f( "prop12" );
	$prop13 = $msql->f( "prop13" );
	$prop14 = $msql->f( "prop14" );
	$prop15 = $msql->f( "prop15" );