SetQuery("SELECT `varname`,`type`,`value`,`groupid` FROM `#@__sysconfig` ORDER BY aid ASC "); $dsql->Execute(); while ($row = $dsql->GetArray()) { if ($row['type'] == 'number') { if ($row['value'] == '') $row['value'] = 0; fwrite($fp, "\${$row['varname']} = " . $row['value'] . ";\r\n"); } else { fwrite($fp, "\${$row['varname']} = '" . str_replace("'", '', $row['value']) . "';\r\n"); } } fwrite($fp, "?" . ">"); fclose($fp); } //保存配置的改动 if ($dopost == "save") { CheckCSRF(); foreach ($_POST as $k => $v) { if (preg_match("#^edit___#", $k)) { $v = cn_substrR(${$k}, 1024); } else { continue; } $k = preg_replace("#^edit___#", "", $k); $dsql->ExecuteNoneQuery("UPDATE `#@__sysconfig` SET `value`='$v' WHERE varname='$k' "); } ReWriteConfig(); ShowMsg("成功更改站点配置！", "sys_info.php"); exit(); } //增加新变量 else if ($dopost == 'add') { CheckCSRF(); if ($vartype == 'bool' && ($nvarvalue != 'Y' && $nvarvalue != 'N')) { ShowMsg("布尔变量值必须为'Y'或'N'!", "-1"); exit(); } if (trim($nvarname) == '' || preg_match("#[^a-z_]#i", $nvarname)) { ShowMsg("变量名不能为空并且必须为[a-z_]组成!", "-1"); exit(); } $row = $dsql->GetOne("SELECT varname FROM `#@__sysconfig` WHERE varname LIKE '$nvarname' "); if (is_array($row)) { ShowMsg("该变量名称已经存在!", "-1"); exit(); } $row = $dsql->GetOne("SELECT aid FROM `#@__sysconfig` ORDER BY aid DESC "); $aid = $row['aid'] + 1; $inquery = "INSERT INTO `#@__sysconfig`(`aid`,`varname`,`info`,`value`,`type`,`groupid`) VALUES ('$aid','$nvarname','$varmsg','$nvarvalue','$vartype','$vargroup')"; $rs = $dsql->ExecuteNoneQuery($inquery); if (!$rs) { ShowMsg("新增变量失败，可能有非法字符！", "sys_info.php?gp=$vargroup"); exit(); } if (!is_writeable($configfile)) { ShowMsg("成功保存变量，但由于 $configfile 无法写入，因此不能更新配置文件！", "sys_info.php?gp=$vargroup"); exit(); } else { ReWriteConfig(); ShowMsg("成功保存变量并更新配置文件！", "sys_info.php?gp=$vargroup"); exit(); } } // 搜索配置 else if ($dopost == 'search') { $keywords = isset($keywords) ? strip_tags($keywords) : ''; $i = 1; $configstr = << 参数说明 参数值 变量名 EOT; echo $configstr; if ($keywords) { $dsql->SetQuery("SELECT * FROM `#@__sysconfig` WHERE info LIKE '%$keywords%' OR varname LIKE '%$keywords%' order by aid asc"); $dsql->Execute(); while ($row = $dsql->GetArray()) { $bgcolor = ($i++ % 2 == 0) ? "#F9FCEF" : "#ffffff"; $row['info'] = preg_replace("#{$keywords}#", '' . $keywords . '', $row['info']); $row['varname'] = preg_replace("#{$keywords}#", '' . $keywords . '', $row['varname']); ?> ： 是"; echo " 否"; } else if ($row['type'] == 'bstring') { echo "" . dede_htmlspecialchars($row['value']) . ""; } else if ($row['type'] == 'number') { echo ""; } else { echo ""; } ?> 没有找到搜索的内容 '; } exit; } else if ($dopost == 'make_encode') { $chars = 'abcdefghigklmnopqrstuvwxwyABCDEFGHIGKLMNOPQRSTUVWXWY0123456789'; $hash = ''; $length = rand(28, 32); $max = strlen($chars) - 1; for ($i = 0; $i < $length; $i++) { $hash .= $chars[mt_rand(0, $max)]; } echo $hash; exit(); } include DedeInclude('templets/sys_info.htm');