announces.inc.php

创建虚拟磁盘。用户可以创建磁盘

<?php 
##
#	Project: PHPDisk
#	This is NOT a freeware, use is subject to license terms.
#
#	Site: http://www.phpdisk.com
#
#	$Id: announces.inc.php 250 2009-03-10 17:29:43Z along $
#
#	Copyright (C) 2008-2009 PHPDisk Team. All Rights Reserved.
#
##

if(!defined('IN_PHPDISK') || !defined('IN_ADMINCP')) {
	exit('[PHPDisk] Access Denied');
}
phpdisk_admin();
define('SCRIPT_NAME',$item);

require_once lang('adm_'.SCRIPT_NAME);

$lang = array_merge($pub_lang,$lang);

switch($action){
	case 'index':
		if($task =='update'){
			if($p_formhash != formhash()){
				exit($lang['system_error']);
			}
			$show_order = gpc('show_order','P',array());
			$annids = gpc('annids','P',array());
			
			for($i =0;$i<count($annids);$i++){
				$db->query_unbuffered("update pd_announces set show_order='".(int)$show_order[$i]."' where annid='".(int)$annids[$i]."'");
			}
			redirect(urr("admincp","item=announces&action=index"),'',0);
			
		}else{
			$q = $db->query("select * from pd_announces order by show_order asc,annid asc");
			$announces = array();
			while($rs = $db->fetch_array($q)){
				$rs['status_text'] = $rs['is_hidden'] ? '<span class="txtblue">'.$lang['display'].'</span>' : $lang['hidden'];
				$rs['short_content'] = str_replace("\r\n",' ',cutstr(preg_replace("/<.+?>/i","",$rs['content']),45));
				$rs['content'] = preg_replace("/<.+?>/i","",str_replace('<br>',LF,$rs['content']));
				$announces[] = $rs;
			}
			$db->free($q);
			unset($rs);
			require_once template(SCRIPT_NAME,ADMIN_TPL_NAME);
		}
	case 'add_announce':
		if($task =='add_announce'){
			if($p_formhash != formhash()){
				exit($lang['system_error']);
			}
			$subject = trim(gpc('subject','P',''));
			$content = trim(gpc('content','P',''));
			
			if(checklength($subject,2,100)){
				$error = true;
				$sysmsg[] = $lang['subject_error'];
			}
			if(checklength($content,2,2000)){
				$error = true;
				$sysmsg[] = $lang['content_error'];
			}else{
				$content = str_replace(LF,'<br>',$content);
			}
			$rs = $db->fetch_one_array("select count(*) as total from pd_announces where subject='".$db->escape($subject)."'");
			if($rs['total'] >0){
				$error = true;
				$sysmsg[] = $lang['announce_exists'];
			}
			unset($rs);
			if(!$error){
				$ins = array(
					'userid' => $pd_uid,
					'subject' => $db->escape(replace_js($subject)),
					'content' => $db->escape(replace_js($content)),
					'in_time' => $timestamp,
				);
				$db->query("insert into pd_announces set ".$db->sql_array($ins).";");
				redirect(urr("admincp","item=announces&action=index"),'',0);
			}else{
				redirect('javascript:history.back();',$sysmsg);
			}
		}else{
			require_once template(SCRIPT_NAME,ADMIN_TPL_NAME);
		}
	break;
	
	case 'modify_announce':
		$annid = (int)gpc('annid','GP',0);
		if($task =='modify_announce'){
			if($p_formhash != formhash()){
				exit($lang['system_error']);
			}
			$subject = trim(gpc('subject','P',''));
			$content = trim(gpc('content','P',''));
			
			if(checklength($subject,2,100)){
				$error = true;
				$sysmsg[] = $lang['subject_error'];
			}
			if(checklength($content,2,2000)){
				$error = true;
				$sysmsg[] = $lang['content_error'];
			}else{
				$content = str_replace(LF,'<br>',$content);
			}
			$rs = $db->fetch_one_array("select count(*) as total from pd_announces where subject='".$db->escape($subject)."'");
			if($rs['total'] >1){
				$error = true;
				$sysmsg[] = $lang['announce_exists'];
			}
			unset($rs);
			if(!$error){
				$ins = array(
					'subject' => $db->escape(replace_js($subject)),
					'content' => $db->escape(replace_js($content)),
					'in_time' => $timestamp,
				);
				$db->query("update pd_announces set ".$db->sql_array($ins)." where annid='$annid' limit 1;");
				redirect(urr("admincp","item=announces&action=index"),'',0);
			}else{
				redirect('javascript:history.back();',$sysmsg);
			}
		}else{
			$rs = $db->fetch_one_array("select * from pd_announces where annid='$annid'");
			if($rs){
				$subject = $rs['subject'];
				$content = str_replace('<br>',LF,$rs['content']);
			}
			unset($rs);
			require_once template(SCRIPT_NAME,ADMIN_TPL_NAME);
		}
	break;
	
	case 'delete_announce':
		$annid = (int)gpc('annid','G',0);
		$db->query_unbuffered("delete from pd_announces where annid='$annid' limit 1");
		redirect(urr("admincp","item=announces&action=index"),'',0);	
	break;
	
	case 'change_status':
		$annid = (int)gpc('annid','G',0);
		$rs = $db->fetch_one_array("select is_hidden from pd_announces where annid='$annid'");
		$status = $rs['is_hidden'] ? 0 : 1; 
		unset($rs);
		$db->query_unbuffered("update pd_announces set is_hidden='$status' where annid='$annid'");
		redirect(urr("admincp","item=announces&action=index"),'',0);	
	break;
		
	default:
		redirect(urr("admincp","item=announces&action=index"),'',0);
}

?>