news_conmod.php

学校网站源码http://您的网址/admin/admin_login.asp 默认登录用户：admin 默认登录密码：admin

<?php


include( "../config.inc.php" );
include( "../includes/SysGlobal.php" );
include( "language/".$aLan."_".$charset.".php" );
include( "../includes/version.php" );
include( "../includes/pro.php" );
include( "func/adm.inc.php" );
include( "func/common.inc.php" );
include( "func/db.inc.php" );
include( "func/nocatch.php" );
needauth( 21 );
echo "<html>\r\n<head >\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=";
echo $charset;
echo "\">\r\n<link id=\"style_sheet\" href=\"css/commonstyle.css\" type=\"text/css\" rel=\"stylesheet\">\r\n<title>";
echo $strAdminTitle;
echo "</title>\r\n\r\n</head>\r\n\r\n<body  class=\"NormalPage\">\r\n";
$id = $_REQUEST['id'];
$step = $_REQUEST['step'];
$pid = $_REQUEST['pid'];
$oldmenuid = $_REQUEST['oldmenuid'];
if ( $step == "2" )
{
	$id = $_POST['id'];
	$pid = $_POST['pid'];
	$catid = $_POST['catid'];
	$page = $_POST['page'];
	$title = $_POST['title'];
	$author = $_POST['author'];
	$source = $_POST['source'];
	$title = $_POST['title'];
	$secure = $_POST['secure'];
	$body = $_POST['body'];
	$memo = $_POST['memo'];
	$pic = $_FILES['jpg'];
	$spe_selec = $_POST['spe_selec'];
	$oldcatid = $_POST['oldcatid'];
	$oldcatpath = $_POST['oldcatpath'];
	$oldmenuid = $_POST['oldmenuid'];
	$menuid = catid2menuid( $tbl_news_cat, $catid );
	$fold = menufold( $menuid );
	$uptime = time( );
	if ( $title == "" )
	{
		err( $strNewsNotice6, "", "" );
	}
	if ( 200 < strlen( $title ) )
	{
		err( $strNewsNotice7, "", "" );
	}
	if ( 65000 < strlen( $body ) )
	{
		err( $strNewsNotice5, "", "" );
	}
	$title = htmlspecialchars( $title );
	$body = url2path( $body );
	$msql->query( "select catpath from {$tbl_news_cat} where catid='{$catid}'" );
	if ( $msql->next_record( ) )
	{
		$catpath = $msql->f( "catpath" );
	}
	$count_pro = count( $spe_selec );
	$i = 0;
	for ( ;	$i < $count_pro;	$i++	)
	{
		$projid = $spe_selec[$i];
		$projpath .= $projid.":";
	}
	if ( 0 < $pic['size'] )
	{
		$arr = uploadimage( $pic['tmp_name'], $pic['type'], $pic['size'], $fold."/html/images" );
		$msql->query( "select src from  {$tbl_news_con} where id='{$id}'" );
		if ( $msql->next_record( ) )
		{
			$src = $msql->f( "src" );
		}
		if ( file_exists( "../".$src ) && $src != "" && !strstr( $src, "../" ) )
		{
			unlink( "../".$src );
		}
		$msql->query( "update {$tbl_news_con} set type='{$arr['2']}',src='{$arr['3']}',title='{$title}',memo='{$memo}',menuid='{$menuid}',catid='{$catid}',catpath='{$catpath}',uptime='{$uptime}',author='{$author}',source='{$source}',proj='{$projpath}',secure='{$secure}',body='{$body}' where id='{$id}'" );
	}
	else
	{
		$msql->query( "update {$tbl_news_con} set title='{$title}',memo='{$memo}',menuid='{$menuid}',catid='{$catid}',catpath='{$catpath}',uptime='{$uptime}',author='{$author}',source='{$source}',proj='{$projpath}',secure='{$secure}',body='{$body}' where id='{$id}'" );
		if ( $oldmenuid != $menuid )
		{
			$msql->query( "select src from  {$tbl_news_con} where id='{$id}'" );
			if ( $msql->next_record( ) )
			{
				$src = $msql->f( "src" );
			}
			if ( file_exists( "../".$src ) && $src != "" && !strstr( $src, "../" ) )
			{
				$oldfold = menufold( $oldmenuid );
				$newfile = basename( $src );
				$newsrc = $fold."/html/images/".$newfile;
				rename( "../".$src, "../".$newsrc );
				$fsql->query( "update {$tbl_news_con} set src='{$newsrc}' where id='{$id}'" );
			}
		}
	}
	if ( $oldcatid != $catid )
	{
		addcatnums( $tbl_news_cat, $catpath );
		mincatnums( $tbl_news_cat, $oldcatpath );
	}
	if ( $oldmenuid != $menuid )
	{
		$oldfold = menufold( $oldmenuid );
		@unlink( "../".$oldfold."/html/".$id.".html" );
	}
	echo "<script>top.buildhtml.location='../".$fold."/html/?".$id.".html'</script>";
	sayok( $strNewsNotice8, "news_con.php?menuid={$oldmenuid}&pid={$pid}", "" );
}
echo " \r\n<table width=\"100%\" border=\"0\" cellspacing=\"1\" cellpadding=\"0\" align=\"center\">\r\n  <tr valign=\"top\"> \r\n    <td height=\"377\"> \r\n      <p align=\"center\">\r\n";
$msql->query( "select * from {$tbl_news_con} where  id='{$id}'" );
if ( $msql->next_record( ) )
{
	$id = $msql->f( "id" );
	$catid = $msql->f( "catid" );
	$oldbody = $msql->f( "body" );
	$catid = $msql->f( "catid" );
	$title = $msql->f( "title" );
	$memo = $msql->f( "memo" );
	$xuhao = $msql->f( "xuhao" );
	$cl = $msql->f( "cl" );
	$tj = $msql->f( "tj" );
	$ifnew = $msql->f( "ifnew" );
	$ifred = $msql->f( "ifred" );
	$iffb = $msql->f( "iffb" );
	$src = $msql->f( "src" );
	$type = $msql->f( "type" );
	$author = $msql->f( "author" );
	$source = $msql->f( "source" );
	$secure = $msql->f( "secure" );
	$oldproj = $msql->f( "proj" );
	$oldcatid = $msql->f( "catid" );
	$oldcatpath = $msql->f( "catpath" );
	$dtime = date( "Y-m-d H:i:s", $msql->f( "dtime" ) );
	$uptime = date( "Y-m-d H:i:s", $msql->f( "uptime" ) );
	$oldbody = htmlspecialchars( $oldbody );
}
echo " \r\n      \r\n      <table width=\"100%\" cellpadding=\"2\" align=\"center\"  style=\"border-collapse: collapse\" border=\"0\" cellspacing=\"1\">\r\n        <form name=\"form\" action=\"news_conmod.php\" method=\"post\" enctype=\"multipart/form-data\" onSubmit=\"return SelectAll('spe_selec[]', 'select[]')\">\r\n          <tr> \r\n            <td height=\"30\" width=\"100\" align=\"center\" class=\"title\">";
echo $strNewsCatTitle;
echo "</td>\r\n            <td height=\"30\" class=con> \r\n              ";
echo "<s";
echo "elect name=catid style='WIDTH: 399;font-size:12px;'>\r\n                ";
$msql->query( "select * from {$tbl_menu} where coltype='news'" );
while ( $msql->next_record( ) )
{
	$menu = $msql->f( "menu" );
	$menuid = $msql->f( "menuid" );
	$fsql->query( "select * from {$tbl_news_cat} where menuid='{$menuid}' order by catpath" );
	while ( $fsql->next_record( ) )
	{
		$lpid = $fsql->f( "pid" );
		$lcatid = $fsql->f( "catid" );
		$cat = $fsql->f( "cat" );
		$catpath = $fsql->f( "catpath" );
		$lcatpath = explode( ":", $catpath );
		$tsql->query( "select catid from {$tbl_news_cat} where pid='{$lcatid}'" );
		if ( $tsql->next_record( ) )
		{
			$ifson = "yes";
		}
		else
		{
			$ifson = "no";
		}
		if ( $ifson == "no" )
		{
			$i = 0;
			for ( ;	$i < sizeof( $lcatpath ) - 2;	$i++	)
			{
				$tsql->query( "select catid,cat from {$tbl_news_cat} where catid='{$lcatpath[$i]}'" );
				if ( $tsql->next_record( ) )
				{
					$ncatid = $tsql->f( "cat" );
					$ncat = $tsql->f( "cat" );
					$ppcat .= $ncat."/";
				}
			}
			if ( $catid == $lcatid )
			{
				echo "<option value='".$lcatid."' selected>".$menu." |- ".$ppcat.$cat."</option>";
			}
			else
			{
				echo "<option value='".$lcatid."'>".$menu." |- ".$ppcat.$cat."</option>";
			}
			$ppcat = "";
		}
	}
}
echo " \r\n              </select>\r\n              <font color=\"#FF0000\">*</font> \r\n              <div id=\"StDv\" style=\"position:absolute; width:100px; height:100px; z-index:1; visibility: hidden\"> \r\n                <table width=\"100%\" border=\"0\" cellspacing=\"1\" cellpadding=\"1\" height=\"100%\" bgcolor=\"#666666\" style='border:5px #ffffff solid;filter:progid:DXImageTransform.Microsoft.Shadow(Color=#333333,Direction";
echo "=120,strength=3);'>\r\n                  <tr align=\"right\" bgcolor=\"#CCCCCC\"> \r\n                    <td  height=\"10\" valign=\"top\"><img src=\"images/closewindow.gif\" width=\"12\" height=\"12\"  onClick=\"StDv.style.visibility='hidden'\"></td>\r\n                  </tr>\r\n                  <tr bgcolor=\"#FFFFFF\" align=\"center\"> \r\n                    <td  onClick=\"StDv.style.visibility='hidden'\">";
if ( $src == "" )
{
	echo "";
}
else
{
	$showsrc = "../".$src;
	echo showtypeimage( $showsrc, $type, "", "", 0 );
}
echo " </td>\r\n                  </tr>\r\n                </table>\r\n              </div>\r\n            </td>\r\n          </tr>\r\n          <tr> \r\n            <td height=\"30\" width=\"100\" align=\"center\" class=\"title\">";
echo $strNewsAddTitle;
echo "</td>\r\n            <td height=\"30\" class=con> \r\n              <input type=\"text\" name=\"title\" style='WIDTH: 399;font-size:12px;' maxlength=\"200\" class=input value=\"";
echo $title;
echo "\">\r\n              <font color=\"#FF0000\">*</font> </td>\r\n          </tr>\r\n          <tr>\r\n            <td height=\"30\" align=\"center\" class=\"title\">";
echo $strCpAddMemo;
echo "</td>\r\n            <td height=\"30\" class=con><textarea name=\"memo\" style=\"WIDTH: 399;font-size:12px;\" class=\"input1\" rows=\"3\">";
echo $memo;
echo "</textarea>\r\n            </td>\r\n          </tr>\r\n          <tr> \r\n            <td height=\"30\" width=\"100\" align=\"center\" class=\"title\">";
echo $strNewsAddImg;
echo "</td>\r\n            <td height=\"30\" class=con> \r\n              <table border=\"0\" cellspacing=\"1\" cellpadding=\"0\">\r\n                <tr> \r\n                  <td> \r\n                    <input type=\"file\" name=\"jpg\" class=input style='WIDTH: 399;font-size:12px;'>\r\n                  </td>\r\n                  <td width=\"50\" align=\"center\">";
if ( $src == "" )
{
	echo "<img src=images/noimage.gif >";
}
else
{
	echo "<img src=images/image.gif onClick=\"StDv.style.visibility='visible'\">";
}
echo "</td>\r\n                </tr>\r\n              </table>\r\n            </td>\r\n          </tr>\r\n          <tr> \r\n            <td height=\"30\" width=\"100\" align=\"center\" class=\"title\">";
echo $strNewsAddCon;
echo "</td>\r\n            <td height=\"30\" class=con> ";
include( "edithtml/index1.php" );
echo " \r\n              <input  name=body type=hidden>\r\n              <input type=\"hidden\" name=\"step\" value=\"2\">\r\n              <input type=\"hidden\" name=\"id\" value=\"";
echo "{$id}";
echo "\">\r\n              <input type=\"hidden\" name=\"oldcatid\" value=\"";
echo $oldcatid;
echo "\">\r\n\t\t\t  <input type=\"hidden\" name=\"oldmenuid\" value=\"";
echo $oldmenuid;
echo "\">\r\n              <input type=\"hidden\" name=\"oldcatpath\" value=\"";
echo $oldcatpath;
echo "\">\r\n              <input type=\"hidden\" name=\"pid\" value=\"";
echo "{$pid}";
echo "\">\r\n              <input type=\"hidden\" name=\"page\" value=\"";
echo "{$page}";
echo "\">\r\n            </td>\r\n          </tr>\r\n          <tr> \r\n            <td height=\"30\" width=\"100\" align=\"center\" class=\"title\">";
echo $strNewsAddAuthor;
echo "</td>\r\n            <td height=\"30\" class=con> \r\n              <input type=\"text\" name=\"author\" style='WIDTH: 399;font-size:12px;' maxlength=\"100\" class=input value=\"";
echo $author;
echo "\">\r\n            </td>\r\n          </tr>\r\n          <tr> \r\n            <td height=\"30\" width=\"100\" align=\"center\" class=\"title\">";
echo $strNewsAddSource;
echo "</td>\r\n            <td height=\"30\" class=con> \r\n              <input type=\"text\" name=\"source\" style='WIDTH: 399;font-size:12px;' maxlength=\"100\" class=input value=\"";
echo $source;
echo "\">\r\n            </td>\r\n          </tr>\r\n          <tr>\r\n            <td height=\"30\" width=\"100\" align=\"center\" class=\"title\">";
echo $strSecure1;
echo "</td>\r\n            <td height=\"30\" class=con>\r\n              <input type=\"text\" name=\"secure\" style=\"width:25px\" value=\"";
echo $secure;
echo "\" class=input maxlength=\"1\">\r\n            </td>\r\n          </tr>\r\n          <tr> \r\n            <td height=\"30\" width=\"100\" align=\"center\" class=\"title\">";
echo $strFbtime;
echo "</td>\r\n            <td height=\"30\" class=con>";
echo $dtime;
echo "</td>\r\n          </tr>\r\n          <tr> \r\n            <td height=\"30\" width=\"100\" align=\"center\" class=\"title\">";
echo $strUptime;
echo "</td>\r\n            <td height=\"30\" class=con>";
echo $uptime;
echo " </td>\r\n          </tr>\r\n          <tr> \r\n            <td height=\"30\" width=\"100\" align=\"center\" class=\"title\">";
echo $strNewsAddProj;
echo "</td>\r\n            <td height=\"30\" class=con>";
$catstr .= "<SCRIPT language=javascript src='js/multicat.js'></SCRIPT>";
$catstr .= "<table cellspacing=0 cellpadding=0><tr><td ><select style='WIDTH: 190px;font-size:12px;' multiple size=5 name=spe_funct>";
$fsql->query( "select * from {$tbl_proj} order by id desc" );
while ( $fsql->next_record( ) )
{
	$projid = $fsql->f( "id" );
	$project = $fsql->f( "project" );
	$NowPath = fmpath( $projid );
	$catstr .= "<option value=".$NowPath.">".$project."</option>";
	$ppcat = "";
}
$catstr .= "</select></td><td width=20>\r\n<input style='width:20px;height=37px;font-size:12px;border:1px outset;' onClick=\"JavaScript:AddItem('spe_funct', 'spe_selec[]')\" type=button value='+' name='Input'>\r\n<input style='width:20px;height=37px;font-size:12px;border:1px outset;' onClick=\"JavaScript:DelItem('spe_selec[]')\" type=button value='-' name='Input'>\r\n\t\t\t\t</td>\r\n\t\t\t\t<td>\r\n\t\t\t\t  <select  style='WIDTH: 190px;font-size:12px' multiple size=5 name=spe_selec[]>";
$arrs = explode( ":", $oldproj );
$k = 0;
for ( ;	$k < sizeof( $arrs ) - 1;	$k++	)
{
	$projid = $arrs[$k] + 0;
	$tsql->query( "select project from {$tbl_proj} where id='{$projid}'" );
	if ( $tsql->next_record( ) )
	{
		$project = $tsql->f( "project" );
	}
	$catstr .= "<option value=".$arrs[$k].">".$project."</option>";
}
$catstr .= "</select></td><td valign=bottom></td><td width=20 align=center  valign=bottom><font color=red>*</font></td></tr></table>";
echo $catstr;
echo " </td>\r\n          </tr>\r\n          <tr> \r\n            <td align=\"center\"  colspan=\"2\" height=\"40\" class=title> \r\n              <input type=\"submit\" name=\"submit\"  onClick=\"save();\" value=\"";
echo $strSubmit;
echo "\" class=button>\r\n            </td>\r\n          </tr>\r\n        </form>\r\n      </table>\r\n    </td>\r\n  </tr>\r\n</table>\r\n</body>\r\n</html>\r\n";
?>