<?php
/*
[UCenter Home] (C) 2007-2008 Comsenz Inc.
$Id: admincp_block.php 12900 2009-07-27 07:26:58Z zhengqingpeng $
*/
if(!defined('IN_UCHOME') || !defined('IN_ADMINCP')) {
exit('Access Denied');
}
//ȨÏÞ
if(!checkperm('manageblock')) {
cpmessage('no_authority_management_operation');
}
if(false === function_exists('mksqltime')) {
function mksqltime($time) {
global $_SGLOBAL;
return $_SGLOBAL['timestamp']-$time;
}
}
$turl = 'admincp.php?ac=block';
if(submitcheck('valuesubmit')) {
$_POST['blockname'] = shtmlspecialchars(trim($_POST['blockname']));
if(empty($_POST['blockname'])) cpmessage('correctly_completed_module_name');
$setarr = array(
'blockname' => $_POST['blockname'],
'blocksql' => sub_getblocksql($_POST['blocksql'])
);
if($setarr['blocksql'] && !$_SGLOBAL['db']->query(stripslashes(preg_replace("/\[(\d+)\]/e", "mksqltime('\\1')", $setarr['blocksql'])).' LIMIT 1', 'SILENT')) {
cpmessage('sql_statements_can_not_be_completed_for_normal', '', 1, array($_SGLOBAL['db']->error(), $_SGLOBAL['db']->errno()));
}
$bid = intval($_POST['bid']);
if($bid) {
updatetable('block', $setarr, array('bid'=>$bid));
} else {
$bid = inserttable('block', $setarr, 1);
}
//ÏÂÒ»²½
cpmessage('enter_the_next_step', $turl.'&op=code&id='.$bid, 0);
} elseif (submitcheck('codesubmit')) {
$bid = intval($_POST['bid']);
$block = sub_getblock($bid);
$setarr = array(
'cachename' => $_POST['cachename'],
'cachetime' => intval($_POST['cachetime']),
'startnum' => intval($_POST['startnum']),
'num' => intval($_POST['num']),
'perpage' => intval($_POST['perpage']),
'htmlcode' => trim($_POST['htmlcode'])
);
if($setarr['perpage']) $setarr['num'] = 0;
$setarr['htmlcode'] = addslashes(preg_replace("/href\=\"(?!http\:\/\/)(.+?)\"/i", 'href="'.getsiteurl().'\\1"', stripslashes($setarr['htmlcode'])));
updatetable('block', $setarr, array('bid'=>$bid));
//¸üлº´æ
include_once(S_ROOT.'./source/function_cache.php');
block_cache();
//дÈëÄ£°å
if($block['blocksql']) {
if(empty($setarr['perpage'])) {
$perstr = '';
if(empty($setarr['num'])) $setarr['num'] = 1;
$block['blocksql'] .= " LIMIT $setarr[startnum],$setarr[num]";
} else {
$perstr = 'perpage/'.$setarr['perpage'].'/';
}
$setarr['htmlcode'] = "<!--{block/{$perstr}sql/".rawurlencode($block['blocksql'])."/cachename/$setarr[cachename]/cachetime/$setarr[cachetime]}-->\r\n".stripslashes($setarr['htmlcode']);
}
$tpl = S_ROOT.'./data/blocktpl/'.$bid.'.htm';
swritefile($tpl, $setarr['htmlcode']);
cpmessage('do_success', $turl);
}
if(empty($_GET['op'])) {
//ÏÔʾÁбí
$perpage = 20;
$page = empty($_GET['page'])?1:intval($_GET['page']);
if($page<1) $page = 1;
$start = ($page-1)*$perpage;
//¼ì²é¿ªÊ¼Êý
ckstart($start, $perpage);
$list = array();
$multi = '';
$count = getcount('block', array());
if($count) {
$query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('block')." ORDER BY bid DESC LIMIT $start,$perpage");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$list[] = $value;
}
$multi = multi($count, $perpage, $page, 'admincp.php?ac=block');
}
$actives = array('view' => ' class="active"');
} elseif($_GET['op'] == 'code') {
//»ñÈ¡Êý¾Ý
$block = sub_getblock($_GET['id']);
//ÏÔʾ½á¹û
$colnames = $keys = array();
if(!empty($block['blocksql'])) {
if($query = $_SGLOBAL['db']->query(preg_replace("/\[(\d+)\]/e", "mksqltime('\\1')", $block['blocksql'])." LIMIT 1", 'SILENT')) {
$value = $_SGLOBAL['db']->fetch_array($query);
foreach ($value as $keyname => $keyvalue) {
if(count($keys) < 2) $keys[] = $keyname;
$colnames[$keyname] = getstr($keyvalue, 40);
}
}
}
$phptag = '$';
//ĬÈÏÏÔʾ
if(empty($block['cachename'])) {
$block['cachename'] = 'block'.$block['bid'];
}
if(empty($block['htmlcode']) && !empty($colnames)) {
$block['htmlcode'] = '<ul>'."\r\n";
$block['htmlcode'] .= '<!--{loop $_SBLOCK[\''.$block['cachename'].'\'] $value}-->'."\r\n";
$block['htmlcode'] .= '<li>$value['.$keys[0].'] $value['.$keys[1].']'."</li>\r\n";
$block['htmlcode'] .= '<!--{/loop}-->'."\r\n";
$block['htmlcode'] .= '</ul>'."\r\n";
}
$block['htmlcode'] = shtmlspecialchars($block['htmlcode']);
} elseif($_GET['op'] == 'add') {
//»ñÈ¡Êý¾Ý
$block = array();
//»ñÈ¡ÏÖÓбí
$tables = sub_gettables();
$sqlTables = array(
'blog' => tname('blog'),
'album' => tname('album'),
'thread' => tname('thread'),
'feed' => tname('feed'),
'space' => tname('space'),
'pic' => tname('pic'),
'mtag' => tname('mtag')
);
$sqls = array(
'blog' => 'SELECT * FROM `'.tname('blog').'` AS `blog`WHEREORDER',
'album' => 'SELECT * FROM `'.tname('album').'` AS `album`WHEREORDER',
'thread' => 'SELECT * FROM `'.tname('thread').'` AS `thread`WHEREORDER',
'feed' => 'SELECT * FROM `'.tname('feed').'` AS `feed`WHEREORDER',
'space' => 'SELECT * FROM `'.tname('space').'` AS `space` LEFT JOIN `'.tname('spacefield').'` AS `spacefield` on `space`.`uid`=`spacefield`.`uid`WHEREORDER',
'pic' => 'SELECT * FROM `'.tname('pic').'` AS `pic`WHEREORDER',
'mtag' => 'SELECT * FROM `'.tname('mtag').'` AS `mtag`WHEREORDER'
);
$usergrouparr = $list = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('profield')." ORDER BY displayorder");
while($value = $_SGLOBAL['db']->fetch_array($query)) {
$list[] = $value;
}
$query = $_SGLOBAL['db']->query("SELECT gid, grouptitle FROM ".tname('usergroup'));
while($value = $_SGLOBAL['db']->fetch_array($query)) {
$usergrouparr[$value['gid']] = $value;
}
} elseif($_GET['op'] == 'blocksql') {
//»ñÈ¡Êý¾Ý
$block = sub_getblock($_GET['id']);
//»ñÈ¡ÏÖÓбí
$tables = sub_gettables();
} elseif($_GET['op'] == 'tpl') {
$bid = intval($_GET['id']);
$code = shtmlspecialchars("<!--{template data/blocktpl/$bid}-->");
} elseif($_GET['op'] == 'js') {
$bid = intval($_GET['id']);
$code = shtmlspecialchars("<script language=\"javascript\" type=\"text/javascript\" src=\"".getsiteurl()."js.php?id=$bid\"></script>");
} elseif($_GET['op'] == 'delete') {
$_POST['bids'] = array(intval($_GET['id']));
include_once(S_ROOT.'./source/function_delete.php');
if(!empty($_POST['bids']) && deleteblocks($_POST['bids'])) {
cpmessage('a_call_to_delete_the_specified_modules_success', $turl);
} else {
cpmessage('choose_to_delete_the_data_transfer_module', $turl);
}
}
function sub_getblock($bid) {
global $_SGLOBAL;
$bid = intval($bid);
$block = array();
if($bid) {
$query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('block')." WHERE bid='$bid'");
$block = $_SGLOBAL['db']->fetch_array($query);
}
if(empty($block)) {
cpmessage('designated_data_transfer_module_does_not_exist');
}
return $block;
}
function sub_gettables() {
global $_SGLOBAL, $_SC;
$file = S_ROOT.'./data/data_table_'.X_RELEASE.'.txt';
$tables = array();
$content = trim(sreadfile($file));
if($content) {
$tables = unserialize($content);
} else {
$query = $_SGLOBAL['db']->query("SHOW TABLES LIKE '$_SC[tablepre]%'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$values = array_values($value);
if(!strexists($values[0], 'cache')) {
$subquery = $_SGLOBAL['db']->query("SHOW CREATE TABLE $values[0]");
$result = $_SGLOBAL['db']->fetch_array($subquery);
$tables[$values[0]] = sub_getcolumn($result['Create Table']);
}
}
swritefile($file, serialize($tables));
}
return $tables;
}
function sub_getblocksql($sql) {
if(strlen($sql)> 15) {
$searchs = array("/^(select)/i", "/(\s+limit.+)/i");
$replaces = array('', '');
$sql = 'SELECT '.trim(str_replace(';', '', preg_replace($searchs, $replaces, $sql)));
} else {
$sql = '';
}
return $sql;
}
function sub_getcolumn($creatsql) {
$cols = array();
$arr = explode("\n", $creatsql);
foreach ($arr as $value) {
$value = trim($value);
$value = str_replace('`', '', substr($value, 0, strpos($value, ' ')));
if(!preg_match("/(CREATE|PRIMARY|KEY|\))/i", $value)) {
$cols[] = $value;
}
}
return $cols;
}
?>