pcmanage.php

KBS的BBS源码

				html_error_quit("文章不存在!");
				exit();
			}
			/*
			if($rows[nodetype] != 0)
			{
				html_error_quit("该文不可编辑!");
				exit();
			}
			*/
			if($subject)
			{
				if($_POST["comment"]==1)
					$c = 0;
				else
					$c = 1;
				$useHtmlTag = ($_POST["htmltag"]==1)?1:0;
				$trackback = ($_POST["trackback"]==1)?1:0;
				$emote = (int)($_POST["emote"]);
				$query = "UPDATE nodes SET `theme` = '".addslashes($_POST["theme"])."'  , `subject` = '".addslashes($_POST["subject"])."' , `body` = '".addslashes(html_editorstr_format($_POST["blogbody"]))."' , `changed` = '".date("YmdHis")."' , `comment` = '".$c."' , `tid` = '".(int)($_POST["tid"])."' , `emote` = '".$emote."' , `htmltag` = '".$useHtmlTag."' , `trackback` = '".$trackback."' WHERE `nid` = '".$nid."' AND nodetype = 0;";
				mysql_query($query,$link);
				pc_update_record($link,$pc["UID"]);
				if($rows["subject"]==$_POST["subject"])
					$log_action = "EDIT NODE: ".$rows[subject];
				else
				{
					$log_action = "EDIT NODE: ".$_POST["subject"];
					$log_content = "OLD SUBJECT: ".$rows["subject"]."\nNEW SUBJECT: ".$_POST["subject"];
				}
				if($rows["type"]==1)
					pc_return("pcdoc.php?userid=".$pc["USER"]."&tag=3&pid=".$rows["pid"]);
				else
					pc_return("pccon.php?id=".$pc["UID"]."&nid=".$nid);
			}
			else
			{
?>
<br><center>			
<form name="postform" id="postform" action="pcmanage.php?userid=<?php echo $pc["USER"]; ?>&act=edit&nid=<?php echo $nid; ?>" method="post" onsubmit="return submitwithcopy();">
<table cellspacing="0" cellpadding="5" border="0" width="90%" class="t1">
<?php
		if($rows["type"]==1)
		{
?>
<tr>
	<td class="t2">修改目录</td>
</tr>
<tr>
	<td class="t8">
	主题
	<input type="text" size="100" class="f1" maxlength="200" name="subject" value="<?php echo htmlspecialchars(stripslashes($rows["subject"])); ?>">
	</td>
</tr>
<tr>
	<td class="t2">
		<input type="submit" value="修改目录" class="b1">
		<input type="button" value="返回上页" class="b1" onclick="doCancel();">
	</td>
</tr>
<?php
		}
		else
		{
?>
<tr>
	<td class="t2">修改文章</td>
</tr>
<tr>
	<td class="t8">主题
	<input type="text" size="100" class="f1" name="subject" value="<?php echo htmlspecialchars($rows["subject"]); ?>">
	</td>
</tr>
<tr>
	<td class="t5">
	评论
	<input type="radio" name="comment" class="f1" value="0" <?php if($rows["comment"]!=0) echo "checked"; ?>>允许
	<input type="radio" name="comment" class="f1" value="1" <?php if($rows["comment"]==0) echo "checked"; ?>>不允许
	</td>
</tr>
<tr>
	<td class="t8">
	Blog
	<select name="tid" class="f1">
<?php
		$blogs = pc_blog_menu($link,$pc,$rows["access"]);
		for($i = 0 ; $i < count($blogs) ; $i ++)
		{
			if($blogs[$i]["TID"] == $rows["tid"])
				echo "<option value=\"".$blogs[$i]["TID"]."\" selected>".html_format($blogs[$i]["NAME"])."</option>";
			else
				echo "<option value=\"".$blogs[$i]["TID"]."\" >".html_format($blogs[$i]["NAME"])."</option>";
		}
?>
	</select>
	&nbsp;&nbsp;&nbsp;主题
	<select name="theme" class="f1">
<?php
    while (list ($key,$val) = each ($pcconfig["SECTION"])) {
        if ($key == $rows["theme"])
            echo "<option value=\"".$key."\" selected>".html_format($val)."</option>";
        else
            echo "<option value=\"".$key."\">".html_format($val)."</option>";
    }
?>	
	</td>
</tr>
<tr>
	<td class="t13">心情符号</td>
</tr>
<tr>
	<td class="t5"><?php @require("emote.html"); ?></td>
</tr>
<tr>
	<td class="t11">内容
	<input type="checkbox" name="htmltag" value=1 <?php if(strstr($rows["body"],$pcconfig["NOWRAPSTR"]) || $rows["htmltag"] == 1) echo "checked"; ?> >使用HTML标记
	</td>
</tr>
<tr>
	<td class="t8">
	<textarea name="blogbody" class="f1" style="width:100%" rows="30" id="blogbody" wrap="physical"><?php echo $pcconfig["EDITORALERT"]; ?><?php echo htmlspecialchars($rows["body"]); ?></textarea>
	</td>
</tr>
<tr>
	<td class="t5">
	允许引用
	<input type="checkbox" name="trackback" value="1" <?php if($rows["trackback"]==1) echo "checked"; ?>>
	</td>
</tr>
<tr>
	<td class="t2">
		<input type="button" name="ins" value="插入HTML" class="b1" onclick="return insertHTML();" />
		<input type="button" name="hil" value="高亮" class="b1" onclick="return highlight();" />
		<input type="submit" name="postbutton" id="postbutton" value="修改本文" class="b1">
		<input type="button" value="返回上页" onclick="doCancel();" class="b1">
	</td>
</tr>
<?php
		}
?>
</table>
</form></center>
<?php				
			}
		}
		elseif($act == "del")
		{
			$nid = (int)($_GET["nid"]);	
			$query = "SELECT `tid`,`pid`,`access`,`type`,`nodetype`,`subject` FROM nodes WHERE `uid` = '".$pc["UID"]."' AND `nid` = '".$nid."' ;";
			$result = mysql_query($query,$link);
			$rows = mysql_fetch_array($result);
			mysql_free_result($result);
			if(!$rows)
			{
				html_error_quit("文章不存在!");
				exit();
			}
			/*
			if($rows[nodetype]!=0)
			{
				html_error_quit("该文不能删除!");
				exit();
			}
			*/
			if($rows["access"] == 4)
			{
				//彻底删除	
				$query = "DELETE FROM nodes WHERE `nid` = '".$nid."' ";
				mysql_query($query,$link);
				$query = "DELETE FROM comments WHERE `nid` = '".$nid."' ";
				mysql_query($query,$link);
				$query = "DELETE FROM trackback WHERE `nid` = '".$nid."' ";
				mysql_query($query,$link);
				$log_action = "DEL NODE: ".$rows["subject"];
			}
			else
			{
				if($rows["type"] == 1)
				{
					$query = "SELECT `nid` FROM nodes WHERE `pid` = '".$nid."' LIMIT 0, 1 ;";
					$result = mysql_query($query);
					if($rows0 = mysql_fetch_array($result))
					{
						mysql_free_result($result);
						html_error_quit("请先删除该目录下的文章!");
						exit();
					}
					mysql_free_result($result);
					$query = "DELETE FROM nodes WHERE `nid` = '".$nid."' ;";
					mysql_query($query,$link);
					$log_action = "DEL DIR: ".$rows["subject"];
				}
				else
				{
					$query = "UPDATE nodes SET `access` = '4' , `changed` = '".date("YmdHis")."' , `tid` = '0' WHERE `nid` = '".$nid."' ;";
					mysql_query($query,$link);
					$log_action = "DEL TO JUNK: ".$rows["subject"];
					if($rows["access"] == 0)
						pc_update_record($link,$pc["UID"]," - 1");
				}
			}
			pc_update_record($link,$pc["UID"]);
			pc_return("pcdoc.php?userid=".$pc["USER"]."&tag=".$rows["access"]."&tid=".$rows["tid"]."&pid=".$rows["pid"]);	
		}
		elseif($act == "clear")
		{
			$query = "SELECT `nid` FROM nodes WHERE `uid` = '".$pc["UID"]."' AND `access` = '4' ;";	
			$result = mysql_query($query,$link);
			$query = "DELETE FROM comments WHERE `nid` = '0' ";
			$query_tb = "DELETE FROM trackback WHERE `nid` = '0' ";
			while($rows = mysql_fetch_array($result))
			{
				$query.= "  OR `nid` = '".$rows["nid"]."' ";	
				$query_tb.= "  OR `nid` = '".$rows["nid"]."' ";	
			}
			mysql_query($query,$link);
			mysql_query($query_tb,$link);
			$query = "DELETE FROM nodes WHERE `uid` = '".$pc["UID"]."' AND `access` = '4' ;";
			mysql_query($query,$link);
			$log_action = "EMPTY JUNK";
			pc_update_record($link,$pc["UID"]);
			pc_return($_GET["ret"]);		
		}
		elseif($act == "tedit")
		{
			$tid = pc_load_topic($link,$pc["UID"],intval($_GET["tid"]),$topicname);
			if(!$tid)
			{
				html_error_quit("Blog不存在!");
				exit();
			}
			if(@$_POST["topicname"])
			{
				pc_edit_topics($link,$tid,$_POST["topicname"]);
				$log_action = "UPDATE TOPIC: ".$_POST["topicname"];
				pc_update_record($link,$pc["UID"]);
				pc_return("pcdoc.php?userid=".$pc["USER"]."&tag=6");		
			}
			else
			{
				$sec = array("公开区","好友区","私人区");
?>
<br>
<center>
<form action="pcmanage.php?userid=<?php echo $pc["USER"]; ?>&act=tedit&tid=<?php echo $tid; ?>" method="post" onsubmit="if(this.topicname.value==''){alert('请输入Blog名称!');return false;}">
<table cellspacing="0" cellpadding="5" border="0" width="90%" class="t1">
<tr>
	<td class="t2">修改Blog</td>
</tr>
<tr>
	<td class="t8">
	Blog名
	<input type="text" class="f1" style="width:300px;" name="topicname" value="<?php echo htmlspecialchars(stripslashes($topicname)); ?>">
	</td>
</tr>
<tr>
	<td class="t2">
	<input type="submit" value="修改Blog" class="b1">
	<input type="button" value="返回上页" class="b1" onclick="doCancel();">
	</td>
</tr>
</table>
</form></center>
<?php
			}
		}
		elseif($act == "tdel")
		{
			$tid = pc_load_topic($link,$pc["UID"],intval($_GET["tid"]),$topicname);
			if(!$tid)
			{
				html_error_quit("Blog不存在!");
				exit();
			}
			$ret = pc_del_topics($link,$tid);
			if($ret==-1)
			{
				html_error_quit("请先删除该分类的所有文章!");
				exit();
			}
			if($ret!=0)
			{
				html_error_quit("删除失败,请联系管理员!");
				exit();
			}
			pc_update_record($link,$pc["UID"]);
			$log_action = "DEL TOPIC: ".$topicname;
			pc_return("pcdoc.php?userid=".$pc["USER"]."&tag=6");				
		}
		elseif($act == "tadd" && $_POST["topicname"])
		{
			if(!pc_add_topic($link,$pc,$_POST["access"],$_POST["topicname"]))
			{
				html_error_quit("分类添加失败");
				exit();
			}
			$log_action = "ADD TOPIC: ".$_POST["topicname"];
			pc_return("pcdoc.php?userid=".$pc["USER"]."&tag=6");	
		}
		elseif($act == "sedit" && $_POST["pcname"])
		{
			$favmode = (int)($_POST["pcfavmode"]);
			if($favmode != 1 && $favmode != 2)
				$favmode = 0;
			$tmpsave = ($_POST["pctmpsave"]==0)?0:1;
			$query = "UPDATE `users` SET `createtime` = `createtime` , `corpusname` = '".addslashes(undo_html_format($_POST["pcname"]))."',`description` = '".addslashes(undo_html_format($_POST["pcdesc"]))."',`theme` = '".addslashes(undo_html_format($_POST["pcthem"]))."' , `backimage` = '".addslashes(undo_html_format($_POST["pcbkimg"]))."' , `logoimage` = '".addslashes(undo_html_format($_POST["pclogo"]))."' , `htmleditor` = '".(int)($_POST["htmleditor"])."', `style` = '".(int)($_POST["template"])."' , `indexnodechars` = '".(int)($_POST["indexnodechars"])."' , `indexnodes` = '".(int)($_POST["indexnodes"])."' , `favmode` = '".$favmode."' , `useremail` = '".addslashes(trim($_POST["pcuseremail"]))."' , `userinfor` = '".addslashes(trim($_POST["userinfor"]))."' , `defaulttopic` = '".addslashes(trim($_POST["pcdefaulttopic"]))."'";
			if(defined("_BLOG_ANONY_COMMENT_"))
				$query .= " , `anonycomment` = " . (($_POST["anonycomment"]=="yes")?"1":"0");
			$query .= " WHERE `uid` = '".$pc["UID"]."';";	
			mysql_query($query,$link);
			
			$log_action = "UPDATE SETTINGS";
			pc_return("pcdoc.php?userid=".$pc["USER"]."&tag=7");	
			
		}
		elseif($act == "adddir" && $_POST["dir"])
		{
			$ret = pc_add_favdir($link,$pc,$_POST["pid"],$_POST["dir"]);
			switch($ret)
			{
				case -1:
					html_error_quit("缺少Blog信息!");
					exit();
				case -2:
					html_error_quit("缺少父目录ID!");
					exit();
				case -3:
					html_error_quit("缺少目录名!");
					exit();
				case -4:
					html_error_quit("该目录下目录数已达上限!");
					exit();
				case -5:
					html_error_quit("系统错误,请联系管理员!");
					exit();
				default:	
			}
			pc_update_record($link,$pc["UID"]);
			$log_action = "ADD DIR: ".$_POST["dir"];
			pc_return("pcdoc.php?userid=".$pc["USER"]."&tag=3&pid=".intval($_POST["pid"]));
		}
		elseif($act == "favcut" || $act == "favcopy")
		{
			//目前不支持目录的剪切和复制
			$query = "SELECT `nid`,`type`,`pid`,`subject`,`tid` FROM nodes WHERE `nid` = '".(int)($_GET["nid"])."' AND `uid` = '".$pc["UID"]."' AND `access` = 3  AND `type` = 0 LIMIT 0 , 1;";
			$result = mysql_query($query,$link);
			$rows = mysql_fetch_array($result);
			if(!$rows)
			{
				pc_html_init("gb2312",stripslashes($pc["NAME"]));
				html_error_quit("文章不存在!");
				exit();
			}
			mysql_free_result($result);
			setcookie("BLOGFAVACTION",$act);
			setcookie("BLOGFAVNID",$rows["nid"]);
			
			pc_html_init("gb2312",stripslashes($pc["NAME"]));
?>
<script language="javascript">
alert("已将 <?php echo htmlspecialchars($rows[subject]); ?> 放入剪切板!");
</script>
<?php			pc_return("pcdoc.php?userid=".$pc["USER"]."&tag=3&pid=".$rows[pid]);
			
		}
		elseif($act == "favpaste")
		{
			if(!$_COOKIE["BLOGFAVACTION"])
			{
				pc_html_init("gb2312",stripslashes($pc["NAME"]));
				html_error_quit("您的剪贴板是空的，请先剪切或者复制一个文件!");
				exit();
			}
			$pid = intval($_GET["pid"]);
			if(!pc_load_directory($link,$pc["UID"],$pid))
			{
				pc_html_init("gb2312",stripslashes($pc["NAME"]));
				html_error_quit("目标文件夹不存在!");
				exit();
			}
			
			if(pc_file_num($link,$pc["UID"],$pid)+1 > $pc["NLIM"])
			{
				pc_html_init("gb2312",stripslashes($pc["NAME"]));
				html_error_quit("目标文件夹中的文件数已达上限 ".$pc["NLIM"]. " 个!");
				exit();
			}
			
			if(intval($_COOKIE["BLOGFAVNID"]))
			{
				if($_COOKIE["BLOGFAVACTION"] == "favcut")
				{
					$query = "UPDATE nodes SET `pid` = '".$pid."' WHERE `nid` = '".intval($_COOKIE["BLOGFAVNID"])."';";
				}
				elseif($_COOKIE["BLOGFAVACTION"] == "favcopy")
				{
					$query = "SELECT * FROM nodes WHERE `nid` = '".intval($_COOKIE["BLOGFAVNID"])."' LIMIT 0 , 1 ;";
					$result = mysql_query($query,$link);
					$rows = mysql_fetch_array($result);
					mysql_free_result($result);
					$query = "INSERT INTO `nodes` ( `nid` , `pid` , `type` , `source` , `hostname` , `changed` , `created` , `uid` , `comment` , `commentcount` , `subject` , `body` , `access` , `visitcount` , `tid` , `emote` ,`htmltag`) ".
						"VALUES ('', '".$pid."', '0', '".addslashes($rows["source"])."', '".addslashes($rows["hostname"])."', NOW( ) , '".addslashes($rows["created"])."', '".$pc["UID"]."', '".intval($rows["comment"])."', '".intval($rows["commentcount"])."', '".addslashes($rows["subject"])."', '".addslashes($rows["body"])."', '3', '".intval($rows["visitcount"])."', '".intval($rows["tid"])."', '".intval($rows["emote"])."','".intval($rows["htmltag"])."');";
				}
				mysql_query($query,$link);
			}
			setcookie("BLOGFAVACTION");
			setcookie("BLOGFAVNID");
			
			pc_html_init("gb2312",stripslashes($pc["NAME"]));
			pc_update_record($link,$pc["UID"]);
			$log_action = "CUT/COPY FAV";
			pc_return("pcdoc.php?userid=".$pc["USER"]."&tag=3&pid=".$pid);	
		}
	
		if(pc_is_groupwork($pc))
			pc_group_logs($link,$pc,$log_action,$log_content);
		
		html_normal_quit();
	}
	
?>