DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
166 Commits
3 Branches
110MB
Tree: 168e8af385
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '168e8af385'
${ noResults }
DedeV6/src/dede/diy_list.php

227 lines
8.0KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * 自定义表单列表

  4.  *

  5.  * @version        $Id: diy_list.php 1 18:31 2010年7月12日Z tianya $

  6.  * @package        DedeCMS.Administrator

  7.  * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.

  8.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license/v6

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. require_once(dirname(__FILE__)."/config.php");

  13. CheckPurview('c_New');

  14. $diyid = isset($diyid) && is_numeric($diyid) ? $diyid : 0;

  15. $action = isset($action) && in_array($action, array('post', 'list', 'edit', 'check', 'delete')) ? $action : '';

  16. if(empty($diyid))

  17. {

  18.     showMsg("非法操作!", 'javascript:;');

  19.     exit();

  20. }

  21. require_once DEDEINC.'/diyform.cls.php';

  22. $diy = new diyform($diyid);

  23. if($action == 'post')

  24. {

  25.     if(empty($do))

  26.     {

  27.         $postform = $diy->getForm('post','','admin');

  28.         include DEDEADMIN.'/templets/diy_post.htm';

  29.     }

  30.     else if($do == 2)

  31.     {

  32.         $dede_fields = empty($dede_fields) ? '' : trim($dede_fields);

  33.         $dede_fieldshash = empty($dede_fieldshash) ? '' : trim($dede_fieldshash);

  34.         if(!empty($dede_fields))

  35.         {

  36.             if($dede_fieldshash != md5($dede_fields.$cfg_cookie_encode))

  37.             {

  38.                 showMsg("数据校验不对,程序返回", '-1');

  39.                 exit();

  40.             }

  41.         }

  42.         $diyform = $dsql->getOne("SELECT * FROM #@__diyforms WHERE diyid=$diyid");

  43.         if(!is_array($diyform))

  44.         {

  45.             showmsg("自定义表单不存在", '-1');

  46.             exit();

  47.         }

  48.         $addvar = $addvalue = '';

  49.         if(!empty($dede_fields))

  50.         {

  51.             $fieldarr = explode(';', $dede_fields);

  52.             if(is_array($fieldarr))

  53.             {

  54.                 foreach($fieldarr as $field)

  55.                 {

  56.                     if($field == '')

  57.                     {

  58.                         continue;

  59.                     }

  60.                     $fieldinfo = explode(',', $field);

  61.                     if($fieldinfo[1] == 'htmltext' || $fieldinfo[1] == 'textdata')

  62.                     {

  63.                         ${$fieldinfo[0]} = filterscript(stripslashes(${$fieldinfo[0]}));

  64.                         ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});

  65.                         ${$fieldinfo[0]} = getFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','member');

  66.                     }

  67.                     else

  68.                     {

  69.                         ${$fieldinfo[0]} = getFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','member');

  70.                     }

  71.                     $addvar .= ', `'.$fieldinfo[0].'`';

  72.                     $addvalue .= ", '".${$fieldinfo[0]}."'";

  73.                 }

  74.             }

  75.         }

  76.         $query = "INSERT INTO `{$diy->table}` (`id`, `ifcheck` $addvar)  VALUES (NULL, 0 $addvalue)";

  77.         if($dsql->ExecuteNoneQuery($query))

  78.         {

  79.             $goto = "diy_list.php?action=list&diyid={$diy->diyid}";

  80.             showmsg('发布成功', $goto);

  81.         }

  82.         else

  83.         {

  84.             showmsg('对不起,发布不成功', '-1');

  85.         }

  86.     }

  87. } else if ($action == 'list')

  88. {

  89.     include_once DEDEINC.'/datalistcp.class.php';

  90.     $query = "SELECT * FROM {$diy->table} ORDER BY id DESC";

  91.     $datalist = new DataListCP();

  92.     $datalist->pageSize = 10;

  93.     $datalist->SetParameter('action', 'list');

  94.     $datalist->SetParameter('diyid', $diyid);

  95.     $datalist->SetTemplate(DEDEADMIN.'/templets/diy_list.htm');

  96.     $datalist->SetSource($query);

  97.     $fieldlist = $diy->getFieldList();

  98.     $datalist->Display();

  99. } else if ($action == 'edit')

  100. {

  101.     if(empty($do))

  102.     {

  103.         $id = isset($id) && is_numeric($id) ? $id : 0;

  104.         if(empty($id))

  105.         {

  106.             showMsg('非法操作!未指定id', 'javascript:;');

  107.             exit();

  108.         }

  109.         $query = "SELECT * FROM {$diy->table} WHERE id=$id";

  110.         $row = $dsql->GetOne($query);

  111.         if(!is_array($row))

  112.         {

  113.             showmsg("你访问的记录不存在或未经审核", '-1');

  114.             exit();

  115.         }

  116.         $postform = $diy->getForm('edit', $row, 'admin');

  117.         $fieldlist = $diy->getFieldList();

  118.         $c1 = $row['ifcheck'] == 1 ? 'checked' : '';

  119.         $c2 = $row['ifcheck'] == 0 ? 'checked' : '';

  120.         include DEDEADMIN.'/templets/diy_edit_content.htm';

  121.     }

  122.     else if($do == 2)

  123.     {

  124.         $dede_fields = empty($dede_fields) ? '' : trim($dede_fields);

  125.         $diyform = $dsql->GetOne("SELECT * FROM #@__diyforms WHERE diyid=$diyid");

  126.         $diyco = $dsql->GetOne("SELECT * FROM `$diy->table` WHERE id='$id'");

  127.         if(!is_array($diyform))

  128.         {

  129.             showmsg("自定义表单不存在", '-1');

  130.             exit();

  131.         }

  132.         $addsql = '';

  133.         if(!empty($dede_fields))

  134.         {

  135.             $fieldarr = explode(';', $dede_fields);

  136.             if(is_array($fieldarr))

  137.             {

  138.                 foreach($fieldarr as $field)

  139.                 {

  140.                     if($field == '')

  141.                     {

  142.                         continue;

  143.                     }

  144.                     $fieldinfo = explode(',', $field);

  145.                     if($fieldinfo[1] == 'htmltext' || $fieldinfo[1] == 'textdata')

  146.                     {

  147.                         ${$fieldinfo[0]} = filterscript(stripslashes(${$fieldinfo[0]}));

  148.                         ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});

  149.                         ${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','member');

  150.                         ${$fieldinfo[0]} = empty(${$fieldinfo[0]}) ? $diyco[$fieldinfo[0]] : ${$fieldinfo[0]};

  151.                     }

  152.                     else

  153.                     {

  154. 

  155.                         ${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','diy', $fieldinfo[0]);

  156.                         ${$fieldinfo[0]} = empty(${$fieldinfo[0]}) ? $diyco[$fieldinfo[0]] : ${$fieldinfo[0]};

  157.                     }

  158.                     $addsql .= !empty($addsql)?',`'.$fieldinfo[0]."`='".${$fieldinfo[0]}."'" : '`'.$fieldinfo[0]."`='".${$fieldinfo[0]}."'";

  159.                 }

  160.             }

  161.         }

  162.         $query = "UPDATE `$diy->table` SET $addsql  WHERE id=$id";

  163.         if($dsql->ExecuteNoneQuery($query))

  164.         {

  165.             $goto = "diy_list.php?action=list&diyid={$diy->diyid}";

  166.             showmsg('编辑成功', $goto);

  167.         }

  168.         else

  169.         {

  170.             showmsg('编辑成功', '-1');

  171.         }

  172.     }

  173. }elseif($action == 'check')

  174. {

  175.     if(is_array($id))

  176.     {

  177.         $ids = implode(',', $id);

  178.     }

  179.     else

  180.     {

  181.         showmsg('未选中要操作的内容', '-1');

  182.         exit();

  183.     }

  184.     $query = "UPDATE `$diy->table` SET ifcheck=1 WHERE id IN ($ids)";

  185.     if($dsql->ExecuteNoneQuery($query))

  186.     {

  187.         showmsg('审核成功', "diy_list.php?action=list&diyid={$diy->diyid}");

  188.     }

  189.     else

  190.     {

  191.         showmsg('审核失败', "diy_list.php?action=list&diyid={$diy->diyid}");

  192.     }

  193. }elseif($action == 'delete')

  194. {

  195.     if(empty($do))

  196.     {

  197.         if(is_array($id))

  198.         {

  199.             $ids = implode(',', $id);

  200.         }else

  201.         {

  202.             showmsg('未选中要操作的内容', '-1');

  203.             exit();

  204.         }

  205.         $query = "DELETE FROM `$diy->table` WHERE id IN ($ids)";

  206.         if($dsql->ExecuteNoneQuery($query))

  207.         {

  208.             showmsg('删除成功', "diy_list.php?action=list&diyid={$diy->diyid}");

  209.         }

  210.         else

  211.         {

  212.             showmsg('删除失败', "diy_list.php?action=list&diyid={$diy->diyid}");

  213.         }

  214.     } else if($do=1){

  215.         $row = $dsql->GetOne("SELECT * FROM `$diy->table` WHERE id='$id'");

  216.         if(file_exists($cfg_basedir.$row[$name])){

  217.             unlink($cfg_basedir.$row[$name]);

  218.             $dsql->ExecuteNoneQuery("UPDATE `$diy->table` SET $name='' WHERE id='$id'");

  219.             showmsg('文件删除成功',"diy_list.php?action=list&diyid={$diy->diyid}");

  220.         }else{

  221.             showmsg('文件不存在','-1');

  222.         }

  223.     }

  224. }else

  225. {

  226.     showmsg('未定义操作', "-1");

  227. }