down_conadd.php

学校网站源码http://您的网址/admin/admin_login.asp 默认登录用户：admin 默认登录密码：admin

<?php


include( "../config.inc.php" );
include( "../includes/SysGlobal.php" );
include( "language/".$aLan."_".$charset.".php" );
include( "../includes/version.php" );
include( "../includes/pro.php" );
include( "func/adm.inc.php" );
include( "func/common.inc.php" );
include( "func/db.inc.php" );
include( "func/nocatch.php" );
needauth( 23 );
$pid = $_REQUEST['pid'];
$menuid = $_REQUEST['menuid'];
if ( !isset( $pid ) || $pid == "" )
{
	$pid = 0;
}
echo "<html>\r\n<head >\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=";
echo $charset;
echo "\">\r\n<link id=\"style_sheet\" href=\"css/commonstyle.css\" type=\"text/css\" rel=\"stylesheet\">\r\n<title>";
echo $strAdminTitle;
echo "</title>\r\n</head>\r\n\r\n<body  class=\"NormalPage\">\r\n\r\n";
$step = $_POST['step'];
if ( $step == "add" )
{
	trylimit( $tbl_down_con, "50" );
	$body = $_POST['body'];
	$title = $_POST['title'];
	$memo = $_POST['memo'];
	$catid = $_POST['catid'];
	$dtime = $_POST['dtime'];
	$author = $_POST['author'];
	$source = $_POST['source'];
	$secure = $_POST['secure'];
	$url = $_POST['url'];
	$filesize = $_POST['filesize'];
	$prop1 = $_POST['prop1'];
	$prop2 = $_POST['prop2'];
	$prop3 = $_POST['prop3'];
	$prop4 = $_POST['prop4'];
	$prop5 = $_POST['prop5'];
	$prop6 = $_POST['prop6'];
	$prop7 = $_POST['prop7'];
	$prop8 = $_POST['prop8'];
	$prop9 = $_POST['prop9'];
	$prop10 = $_POST['prop10'];
	$prop11 = $_POST['prop11'];
	$prop12 = $_POST['prop12'];
	$prop13 = $_POST['prop13'];
	$prop14 = $_POST['prop14'];
	$prop15 = $_POST['prop15'];
	$prop16 = $_POST['prop16'];
	$prop17 = $_POST['prop17'];
	$prop18 = $_POST['prop18'];
	$prop19 = $_POST['prop19'];
	$prop20 = $_POST['prop20'];
	$kk = $_POST['kk'];
	$pic = $_FILES['jpg'];
	$spe_selec = $_POST['spe_selec'];
	$menuid = catid2menuid( $tbl_down_cat, $catid );
	$fold = menufold( $menuid );
	if ( 65000 < strlen( $body ) )
	{
		err( $strDownNotice5, "", "" );
	}
	if ( $title == "" )
	{
		err( $strDownNotice6, "", "" );
	}
	if ( 200 < strlen( $title ) )
	{
		err( $strDownNotice7, "", "" );
	}
	if ( $kk == "2" && $pic['size'] <= 0 )
	{
		err( $strDownNotice9, "", "" );
	}
	if ( $kk == "1" && ( $url == "" || $url == "http://" ) )
	{
		err( $strDownNotice10, "", "" );
	}
	$title = htmlspecialchars( $title );
	$msql->query( "select catpath from {$tbl_down_cat} where catid='{$catid}'" );
	if ( $msql->next_record( ) )
	{
		$catpath = $msql->f( "catpath" );
	}
	if ( 0 < $pic['size'] )
	{
		$arr = uploadfile( $pic['tmp_name'], $pic['type'], $pic['name'], $pic['size'], $fold."/html/download" );
		$url = $arr[3];
	}
	$count_pro = count( $spe_selec );
	$i = 0;
	for ( ;	$i < $count_pro;	$i++	)
	{
		$projid = $spe_selec[$i];
		$projpath .= $projid.":";
	}
	$body = url2path( $body );
	$msql->query( "insert into {$tbl_down_con} values(\r\n\t\t0,\r\n\t\t'{$menuid}',\r\n\t\t'{$catid}',\r\n\t\t'{$catpath}',\r\n\t\t'{$title}',\r\n\t\t'{$memo}',\r\n\t\t'{$body}',\r\n\t\t'{$dtime}',\r\n\t\t'1',\r\n\t\t'0',\r\n\t\t'0',\r\n\t\t'1',\r\n\t\t'{$filesize}',\r\n\t\t'{$url}',\r\n\t\t'{$arr['2']}',\r\n\t\t'{$arr['3']}',\r\n\t\t'{$dtime}',\r\n\t\t'{$author}',\r\n\t\t'{$source}',\r\n\t\t'0',\r\n\t\t'{$projpath}',\r\n\t\t'{$secure}',\r\n\t\t'{$prop1}',\r\n\t\t'{$prop2}',\r\n\t\t'{$prop3}',\r\n\t\t'{$prop4}',\r\n\t\t'{$prop5}',\r\n\t\t'{$prop6}',\r\n\t\t'{$prop7}',\r\n\t\t'{$prop8}',\r\n\t\t'{$prop9}',\r\n\t\t'{$prop10}',\r\n\t\t'{$prop11}',\r\n\t\t'{$prop12}',\r\n\t\t'{$prop13}',\r\n\t\t'{$prop14}',\r\n\t\t'{$prop15}',\r\n\t\t'{$prop16}',\r\n\t\t'{$prop17}',\r\n\t\t'{$prop18}',\r\n\t\t'{$prop19}',\r\n\t\t'{$prop20}'\r\n\t\t)" );
	$id = $msql->instid( );
	addcatnums( $tbl_down_cat, $catpath );
	echo "<script>top.buildhtml.location='../".$fold."/html/?".$id.".html'</script>";
	echo "<script>self.location='down_con.php?menuid={$menuid}&pid={$catid}'</script>";
}
echo "<s";
echo "cript>\r\nfunction checkform(theform)\r\n{\r\n  var letters = \"abcdefghijklmnopqrstuvwxyz_0123456789\" +\r\n                \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\"\r\n  var letter =  \"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\"\r\n\r\n  var allword = letters + \"~!@#\$%^&*()+|/?;:'[{]}`\"\r\n  var errletter = \"\"\r\n\r\n\r\n \r\n\r\n  if(theform.title.value.length < 1)\r\n  {\r\n    alert(\"";
echo $strDownNotice6;
echo "\")\r\n    theform.title.focus()\r\n    return false\r\n  }  \r\n\r\n\r\n  return SelectAll('spe_selec[]', 'select[]');\r\n}  \r\n</script>\r\n<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" align=\"center\">\r\n \r\n    <form><tr> \r\n      <td>";
$dtime = time( );
$ntime = date( "Y-n-j H:i:s", $dtime );
$oldbody = " ";
echo " </td>\r\n    </tr></form>\r\n\r\n</table>\r\n<table width=\"100%\" cellpadding=\"2\" align=\"center\"  style=\"border-collapse: collapse\" border=\"0\" cellspacing=\"1\">\r\n  <form name=\"form\" action=\"down_conadd.php\" method=\"post\" enctype=\"multipart/form-data\" onSubmit=\"return checkform(this)\">\r\n    <tr> \r\n      <td height=\"30\" width=\"110\" align=\"center\" class=\"title\">";
echo $strDownCatTitle;
echo "</td>\r\n      <td height=\"30\" class=con> \r\n        ";
echo "<s";
echo "elect name='catid' style='WIDTH: 399;font-size:12px;' >\r\n          ";
$msql->query( "select * from {$tbl_menu} where coltype='down'" );
while ( $msql->next_record( ) )
{
	$menu = $msql->f( "menu" );
	$lmenuid = $msql->f( "menuid" );
	$fsql->query( "select * from {$tbl_down_cat} where menuid='{$lmenuid}' order by catpath" );
	while ( $fsql->next_record( ) )
	{
		$lpid = $fsql->f( "pid" );
		$lcatid = $fsql->f( "catid" );
		$cat = $fsql->f( "cat" );
		$catpath = $fsql->f( "catpath" );
		$lcatpath = explode( ":", $catpath );
		$tsql->query( "select catid from {$tbl_down_cat} where pid='{$lcatid}'" );
		if ( $tsql->next_record( ) )
		{
			$ifson = "yes";
		}
		else
		{
			$ifson = "no";
		}
		if ( $ifson == "no" )
		{
			$i = 0;
			for ( ;	$i < sizeof( $lcatpath ) - 2;	$i++	)
			{
				$tsql->query( "select catid,cat from {$tbl_down_cat} where catid='{$lcatpath[$i]}'" );
				if ( $tsql->next_record( ) )
				{
					$ncatid = $tsql->f( "cat" );
					$ncat = $tsql->f( "cat" );
					$ppcat .= $ncat."/";
				}
			}
			if ( $pid == $lcatid )
			{
				echo "<option value='".$lcatid."' selected>".$menu." |- ".$ppcat.$cat."</option>";
			}
			else
			{
				echo "<option value='".$lcatid."'>".$menu." |- ".$ppcat.$cat."</option>";
			}
			$ppcat = "";
		}
	}
}
echo " \r\n        </select>\r\n        <font color=\"#FF0000\">*</font> </td>\r\n    </tr>\r\n    <tr> \r\n      <td height=\"30\" width=\"110\" align=\"center\" class=\"title\">";
echo $strDownAddTitle;
echo "</td>\r\n      <td height=\"30\" class=con> \r\n        <input type=\"text\" name=\"title\" style='WIDTH: 399;font-size:12px;' maxlength=\"200\" class=input>\r\n        <font color=\"#FF0000\">*</font> </td>\r\n    </tr>\r\n    <tr> \r\n      <td height=\"30\" width=\"110\" align=\"center\" class=\"title\">";
echo $strDownAddMemo;
echo "</td>\r\n      <td height=\"30\" class=con> \r\n        <textarea name=\"memo\" style=\"WIDTH: 399;font-size:12px;\" class=\"input1\" rows=\"3\"></textarea>\r\n      </td>\r\n    </tr>\r\n    <tr> \r\n      <td height=\"30\" width=\"110\" align=\"center\" class=\"title\">";
echo $strDownAddMethod;
echo "</td>\r\n      <td height=\"30\" class=con> \r\n        <input type=\"radio\" name=\"addtype\" value=\"addurl\" checked onClick=\"divurl.style.visibility='visible';divsuo.style.visibility='hidden';form.kk.value='1'\">\r\n        ";
echo $strDownAddUrl;
echo " \r\n        <input type=\"radio\" name=\"addtype\" value=\"addfile\" onClick=\"divurl.style.visibility='hidden';divsuo.style.visibility='visible'; form.kk.value='2'\">\r\n        ";
echo $strDownAddUpload;
echo " \r\n        <input type=\"hidden\" name=\"kk\" value=\"1\">\r\n      </td>\r\n    </tr>\r\n    <tr> \r\n      <td height=\"30\" width=\"110\" align=\"center\" class=\"title\">";
echo $strDownAddImg;
echo "</td>\r\n      <td height=\"30\" class=con valign=top> \r\n        <div id=\"divsuo\" style=\"position:absolute; width:550px; height:30px; z-index:1\"> \r\n          <font color=\"#FF0000\"> \r\n          <input type=\"file\" name=\"jpg\" style='WIDTH: 399;font-size:12px;' class=input>\r\n          *</font> </div>\r\n        <div id=\"divurl\" style=\"position:absolute; width:420px; height:30px; z-index:1\"> \r\n          <input type=\"";
echo "text\" name=\"url\" style='WIDTH: 399;font-size:12px;' value=\"http://\" class=input>\r\n          <font color=\"#FF0000\">*</font> </div>\r\n      </td>\r\n    </tr>\r\n    <tr> \r\n      <td height=\"30\" width=\"110\" align=\"center\" class=\"title\">";
echo $strDownAddSize;
echo "</td>\r\n      <td height=\"30\" class=con>\r\n        <input type=\"text\" name=\"filesize\"  maxlength=\"200\" class=input size=\"15\">\r\n      </td>\r\n    </tr>\r\n    ";
$i = 1;
$msql->query( "select * from {$tbl_prop} where menuid='{$menuid}' and catid='{$pid}' order by xuhao" );
while ( $msql->next_record( ) )
{
	$propname = $msql->f( "propname" );
	$pn = "prop".$i;
	echo " \r\n    <tr> \r\n      <td height=\"30\" align=\"center\" class=\"title\" width=\"110\">";
	echo $propname;
	echo "</td>\r\n      <td height=\"30\" class=\"con\"> \r\n        <input type=\"text\" name=\"";
	echo $pn;
	echo "\" class=\"input\" style='WIDTH: 399;font-size:12px;'>\r\n      </td>\r\n    </tr>\r\n    ";
	$i++;
}
echo " \r\n    <tr> \r\n      <td height=\"30\" width=\"110\" align=\"center\" class=\"title\">";
echo $strDownAddCon;
echo "</td>\r\n      <td height=\"30\" class=con> \r\n        <input  name=body type=hidden>\r\n        <input type=\"hidden\" name=\"step\" value=\"add\">\r\n        ";
include( "edithtml/index1.php" );
echo " \r\n        <input type=\"hidden\" name=\"dtime\" value=\"";
echo $dtime;
echo "\">\r\n        <input type=\"hidden\" name=\"pid\" value=\"";
echo $pid;
echo "\">\r\n      </td>\r\n    </tr>\r\n    <tr> \r\n      <td height=\"30\" width=\"110\" align=\"center\" class=\"title\">";
echo $strSecure1;
echo "</td>\r\n      <td height=\"30\" class=con> \r\n        <input type=\"text\" name=\"secure\" style=\"width:25px\" value=\"0\" class=input maxlength=\"1\">\r\n      </td>\r\n    </tr>\r\n    <tr> \r\n      <td height=\"30\" width=\"110\" align=\"center\" class=\"title\">";
echo $strDownAddProj;
echo "</td>\r\n      <td height=\"30\" class=con>";
$catstr .= "<SCRIPT language=javascript src='js/multicat.js'></SCRIPT>";
$catstr .= "<table cellspacing=0 cellpadding=0><tr><td ><select style='WIDTH: 190px;font-size:12px;' multiple size=5 name=spe_funct>";
$fsql->query( "select * from {$tbl_proj} order by id desc" );
while ( $fsql->next_record( ) )
{
	$projid = $fsql->f( "id" );
	$project = $fsql->f( "project" );
	$NowPath = fmpath( $projid );
	$catstr .= "<option value=".$NowPath.">".$project."</option>";
	$ppcat = "";
}
$catstr .= "</select></td><td width=20>\r\n<input style='width:20px;height=37px;font-size:12px;border:1px outset;' onClick=\"JavaScript:AddItem('spe_funct', 'spe_selec[]')\" type=button value='+' name='Input'>\r\n<input style='width:20px;height=37px;font-size:12px;border:1px outset;' onClick=\"JavaScript:DelItem('spe_selec[]')\" type=button value='-' name='Input'>\r\n\t\t\t\t</td>\r\n\t\t\t\t<td>\r\n\t\t\t\t  <select  style='WIDTH: 190px;font-size:12px' multiple size=5 name=spe_selec[]>";
$catstr .= "</select></td><td valign=bottom></td><td width=20 align=center  valign=bottom><font color=red>*</font></td></tr></table>";
echo $catstr;
echo "</td>\r\n    </tr>\r\n    <tr> \r\n      <td align=\"center\"  colspan=\"2\" height=\"40\" class=title> \r\n        <input type=\"submit\" name=\"submit\"  onClick=\"save();\" value=\"";
echo $strSubmit;
echo "\" class=button>\r\n      </td>\r\n    </tr>\r\n  </form>\r\n</table>\r\n</body>\r\n</html>\r\n";
?>