membernews.inc.php

学校网站源码http://您的网址/admin/admin_login.asp 默认登录用户：admin 默认登录密码：admin

<?php


function membernewsfabu( )
{
	global $msql;
	global $fsql;
	global $tsql;
	global $tbl_menu;
	global $tbl_news_cat;
	global $tbl_news_con;
	global $MenuInfo;
	global $strNewsNotice5;
	global $strNewsNotice6;
	global $strNewsNotice7;
	global $strNewsAddOk;
	global $strNewsAddOk1;
	global $strNorights;
	$step = $_REQUEST['step'];
	if ( $step == "add" )
	{
		if ( securefunc( "8" ) == false )
		{
			$PageMain = err( $strNorights, "", "" );
			return $PageMain;
		}
		if ( securefunc( "9" ) == true )
		{
			$iffb = 1;
			$okstr = $strNewsAddOk;
		}
		else
		{
			$iffb = 0;
			$okstr = $strNewsAddOk1;
		}
		$title = $_POST['title'];
		$body = $_POST['body'];
		$memo = $_POST['memo'];
		$catid = $_POST['catid'];
		$author = $_POST['author'];
		$source = $_POST['source'];
		$menuid = catid2menuid( $tbl_news_cat, $catid );
		$fold = menufold( $menuid );
		if ( 65000 < strlen( $body ) )
		{
			err( $strNewsNotice5, "", "" );
		}
		if ( $title == "" )
		{
			err( $strNewsNotice6, "", "" );
		}
		if ( 200 < strlen( $title ) )
		{
			err( $strNewsNotice7, "", "" );
		}
		$title = htmlspecialchars( $title );
		$author = htmlspecialchars( $author );
		$source = htmlspecialchars( $source );
		$body = htmlspecialchars( $body );
		$body = str_replace( "\n", "<br>", $body );
		$msql->query( "select catpath from {$tbl_news_cat} where catid='{$catid}'" );
		if ( $msql->next_record( ) )
		{
			$catpath = $msql->f( "catpath" );
		}
		$dtime = time( );
		$memberid = $_COOKIE['MEMBERID'];
		$msql->query( "insert into {$tbl_news_con} values(\r\n\t\t\t0,\r\n\t\t\t'{$menuid}',\r\n\t\t\t'{$catid}',\r\n\t\t\t'{$catpath}',\r\n\t\t\t'{$title}',\r\n\t\t\t'{$body}',\r\n\t\t\t'{$dtime}',\r\n\t\t\t'0',\r\n\t\t\t'0',\r\n\t\t\t'0',\r\n\t\t\t'{$iffb}',\r\n\t\t\t'0',\r\n\t\t\t'0',\r\n\t\t\t'',\r\n\t\t\t'',\r\n\t\t\t'{$dtime}',\r\n\t\t\t'{$author}',\r\n\t\t\t'{$source}',\r\n\t\t\t'{$memberid}',\r\n\t\t\t'',\r\n\t\t\t'0',\r\n\t\t\t'{$memo}'\r\n\t\t\t\r\n\t\t\t)" );
		$id = $msql->instid( );
		addcatnums( $tbl_news_cat, $catpath );
		$iframe = "<iframe src='0.htm'  name='buildhtml' height='1' width='1' scrolling='none' marginheight='0'  frameborder='0'></iframe>";
		$iframe .= "<script>window.status='".$okstr."';buildhtml.location='".$fold."/html/?".$id.".html'</script>";
		$str = sayok( $okstr.$iframe, "member_guanli.php", "" );
		return $str;
	}
	else
	{
		if ( securefunc( "8" ) == false )
		{
			$PageMain = err( $strNorights, "", "" );
			return $PageMain;
		}
		$msql->query( "select * from {$tbl_menu} where coltype='news'" );
		while ( $msql->next_record( ) )
		{
			$menu = $msql->f( "menu" );
			$menuid = $msql->f( "menuid" );
			$fsql->query( "select * from {$tbl_news_cat} where menuid='{$menuid}' order by catpath" );
			while ( $fsql->next_record( ) )
			{
				$lpid = $fsql->f( "pid" );
				$lcatid = $fsql->f( "catid" );
				$cat = $fsql->f( "cat" );
				$catpath = $fsql->f( "catpath" );
				$lcatpath = explode( ":", $catpath );
				$tsql->query( "select catid from {$tbl_news_cat} where pid='{$lcatid}'" );
				if ( $tsql->next_record( ) )
				{
					$ifson = "yes";
				}
				else
				{
					$ifson = "no";
				}
				if ( $ifson == "no" )
				{
					$i = 0;
					for ( ;	$i < sizeof( $lcatpath ) - 2;	$i++	)
					{
						$tsql->query( "select catid,cat from {$tbl_news_cat} where catid='{$lcatpath[$i]}'" );
						if ( $tsql->next_record( ) )
						{
							$ncatid = $tsql->f( "cat" );
							$ncat = $tsql->f( "cat" );
							$ppcat .= $ncat."/";
						}
					}
					if ( $pid == $lcatid )
					{
						$catlist .= "<option value='".$lcatid."' selected>".$menu." |- ".$ppcat.$cat."</option>";
					}
					else
					{
						$catlist .= "<option value='".$lcatid."'>".$menu." |- ".$ppcat.$cat."</option>";
					}
					$ppcat = "";
				}
			}
		}
		$Temp = loadtemp( ROOTPATH."templates/".$MenuInfo['skin']."/tpl_newsform.htm" );
		$var = array(
			"catlist" => $catlist,
			"author" => $_COOKIE['MEMBERNAME'],
			"source" => $source,
			"title" => $title,
			"step" => "add",
			"body" => $body
		);
		$str = showtpltemp( $Temp, $var );
		return $str;
	}
}

function membernewsmodify( )
{
	global $msql;
	global $fsql;
	global $tsql;
	global $tbl_menu;
	global $tbl_news_cat;
	global $tbl_news_con;
	global $MenuInfo;
	global $strNewsNotice5;
	global $strNewsNotice6;
	global $strNewsNotice7;
	global $strNewsModiOk;
	global $strNewsModiOk1;
	global $strNorights;
	$step = $_REQUEST['step'];
	$id = $_REQUEST['id'];
	if ( $id == "" )
	{
		return "Undefind ID";
	}
	if ( $step == "modify" )
	{
		if ( securefunc( "10" ) == false )
		{
			$PageMain = err( $strNorights, "", "" );
			return $PageMain;
		}
		if ( securefunc( "9" ) == true )
		{
			$iffb = 1;
			$okstr = $strNewsModiOk;
		}
		else
		{
			$iffb = 0;
			$okstr = $strNewsModiOk1;
		}
		$title = $_POST['title'];
		$body = $_POST['body'];
		$author = $_POST['author'];
		$source = $_POST['source'];
		$memo = $_POST['memo'];
		if ( 65000 < strlen( $body ) )
		{
			err( $strNewsNotice5, "", "" );
		}
		if ( $title == "" )
		{
			err( $strNewsNotice6, "", "" );
		}
		if ( 200 < strlen( $title ) )
		{
			err( $strNewsNotice7, "", "" );
		}
		$title = htmlspecialchars( $title );
		$author = htmlspecialchars( $author );
		$source = htmlspecialchars( $source );
		$body = htmlspecialchars( $body );
		$body = str_replace( "\n", "<br>", $body );
		$dtime = time( );
		$memberid = $_COOKIE['MEMBERID'];
		$msql->query( "update {$tbl_news_con} set \r\n\t\t\t\r\n\t\t\ttitle='{$title}',\r\n\t\t\tbody='{$body}',\r\n\t\t\tmemo='{$memo}',\r\n\t\t\tuptime='{$dtime}',\r\n\t\t\tiffb='{$iffb}',\r\n\t\t\tauthor='{$author}',\r\n\t\t\tsource='{$source}'\r\n\r\n\t\t\t\r\n\t\t\twhere memberid='{$memberid}' and id='{$id}'" );
		$msql->query( "select menuid from {$tbl_news_con} where id='{$id}'" );
		if ( $msql->next_record( ) )
		{
			$menuid = $msql->f( "menuid" );
		}
		$fold = menufold( $menuid );
		$iframe = "<iframe src='0.htm'  name='buildhtml' height='1' width='1' scrolling='none' marginheight='0'  frameborder='0'></iframe>";
		$iframe .= "<script>window.status='".$okstr."';buildhtml.location='".$fold."/html/?".$id.".html'</script>";
		$str = sayok( $okstr.$iframe, "member_guanli.php", "" );
		return $str;
	}
	else
	{
		if ( securefunc( "10" ) == false )
		{
			$PageMain = err( $strNorights, "", "" );
			return $PageMain;
		}
		$memberid = $_COOKIE['MEMBERID'];
		$msql->query( "select * from {$tbl_news_con} where id='{$id}' and memberid='{$memberid}'" );
		if ( $msql->next_record( ) )
		{
			$title = $msql->f( "title" );
			$body = $msql->f( "body" );
			$memo = $msql->f( "memo" );
			$author = $msql->f( "author" );
			$source = $msql->f( "source" );
		}
		else
		{
			return "Invalied ID";
		}
		$body = str_replace( "<br>", "\n", $body );
		$Temp = loadtemp( ROOTPATH."templates/".$MenuInfo['skin']."/tpl_newsform1.htm" );
		$var = array(
			"author" => $author,
			"source" => $source,
			"title" => $title,
			"memo" => $memo,
			"step" => "modify",
			"id" => $id,
			"body" => $body
		);
		$str = showtpltemp( $Temp, $var );
		return $str;
	}
}

function catid2menuid( $tblcat, $catid )
{
	global $msql;
	$msql->query( "select menuid from {$tblcat} where catid='{$catid}'" );
	if ( $msql->next_record( ) )
	{
		$menuid = $msql->f( "menuid" );
	}
	return $menuid;
}

function addcatnums( $tbl, $catpath )
{
	global $msql;
	$array = explode( ":", $catpath );
	$n = sizeof( $array ) - 1;
	$k = 0;
	for ( ;	$k < $n;	$k++	)
	{
		$arr = $array[$k] + 0;
		$msql->query( "update {$tbl} set nums=nums+1 where catid='{$arr}'" );
	}
}

function membernewslist( )
{
	global $fsql;
	global $charset;
	global $tbl_news_con;
	global $PagesInfo;
	global $ShowPages;
	global $htmlstr;
	global $CatchOpen;
	global $MenuInfo;
	$memberid = $_COOKIE['MEMBERID'];
	$Temp = loadtemp( ROOTPATH."templates/".$MenuInfo['skin']."/tpl_membernews.htm" );
	$TempArr = splittbltemp( $Temp );
	$str = $TempArr['start'];
	$scl = " memberid='{$memberid}' and memberid!='0' ";
	include( ROOTPATH."includes/func/memberpages.inc.php" );
	$pages = new pages( );
	$totalnums = tblcount( $tbl_news_con, "id", $scl );
	$pages->setvar( array(
		"key" => $key
	) );
	$pages->set( "10", $totalnums );
	$pagelimit = $pages->limit( );
	$fsql->query( "select * from {$tbl_news_con} where {$scl} order by id desc limit {$pagelimit}" );
	while ( $fsql->next_record( ) )
	{
		$id = $fsql->f( "id" );
		$title = $fsql->f( "title" );
		$menuid = $fsql->f( "menuid" );
		$dtime = $fsql->f( "dtime" );
		$memo = $fsql->f( "memo" );
		$iffb = $fsql->f( "iffb" );
		$dtime = date( "Y-m-d H:i:s", $dtime );
		if ( $iffb == "1" )
		{
			$check = "<img src='images/toolbar_ok.gif'>";
		}
		else
		{
			$check = "<img src='images/toolbar_no.gif'>";
		}
		$fold = menufold( $menuid );
		$link = ROOTPATH.$fold."/html/?".$id.".html";
		$var = array(
			"title" => $title,
			"dtime" => $dtime,
			"check" => $check,
			"memo" => $memo,
			"target" => "_blank",
			"link" => $link,
			"id" => $id
		);
		$str .= $TempArr['rowstart'];
		$str .= showtpltemp( $TempArr['list'], $var );
		$str .= $TempArr['rowend'];
	}
	$str .= $TempArr['end'];
	$PagesInfo = $pages->shownow( );
	$ShowPages = $pages->output( 1 );
	$var = array(
		"PagesInfo" => $PagesInfo,
		"ShowPages" => $ShowPages
	);
	$str = showtpltemp( $str, $var );
	return $str;
}

?>