首頁 探索 說明
註冊 登入
chenhao
/
leyu_admin
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: cf02c58cc1
分支列表 標籤列表
leyu_admin
/
plus
/
diy.php

diy.php 4.7 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 
  1. <?php
    2. 

  2. /**
    3. 

  3.  *
    4. 

  4.  * 自定义表单
    5. 

  5.  *
    6. 

  6.  * @version        $Id: diy.php 1 15:38 2010年7月8日Z tianya $
    7. 

  7.  * @package        DedeCMS.Site
    8. 

  8.  * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
    9. 

  9.  * @license        http://help.dedecms.com/usersguide/license.html
    10. 

  10.  * @link           http://www.dedecms.com
    11. 

  11.  */
    12. 

  12. require_once(dirname(__FILE__)."/../include/common.inc.php");
    13. 

  13. 

  14. $diyid = isset($diyid) && is_numeric($diyid) ? $diyid : 0;
    15. 

  15. $action = isset($action) && in_array($action, array('post', 'list', 'view')) ? $action : 'post';
    16. 

  16. $id = isset($id) && is_numeric($id) ? $id : 0;
    17. 

  17. 

  18. if(empty($diyid))
    19. 

  19. {
    20. 

  20.     showMsg('非法操作!', 'javascript:;');
    21. 

  21.     exit();
    22. 

  22. }
    23. 

  23. 

  24. require_once DEDEINC.'/diyform.cls.php';
    25. 

  25. $diy = new diyform($diyid);
    26. 

  26. 

  27. /*----------------------------
    28. 

  28. function Post(){ }
    29. 

  29. ---------------------------*/
    30. 

  30. if($action == 'post')
    31. 

  31. {
    32. 

  32.     if(empty($do))
    33. 

  33.     {
    34. 

  34.         $postform = $diy->getForm(true);
    35. 

  35.         include DEDEROOT."/templets/plus/{$diy->postTemplate}";
    36. 

  36.         exit();
    37. 

  37.     }
    38. 

  38.     elseif($do == 2)
    39. 

  39.     {
    40. 

  40.         $dede_fields = empty($dede_fields) ? '' : trim($dede_fields);
    41. 

  41.         $dede_fieldshash = empty($dede_fieldshash) ? '' : trim($dede_fieldshash);
    42. 

  42.         if(!empty($dede_fields))
    43. 

  43.         {
    44. 

  44.             if($dede_fieldshash != md5($dede_fields.$cfg_cookie_encode))
    45. 

  45.             {
    46. 

  46.                 showMsg('数据校验不对,程序返回', '-1');
    47. 

  47.                 exit();
    48. 

  48.             }
    49. 

  49.         }
    50. 

  50.         $diyform = $dsql->getOne("select * from #@__diyforms where diyid='$diyid' ");
    51. 

  51.         if(!is_array($diyform))
    52. 

  52.         {
    53. 

  53.             showmsg('自定义表单不存在', '-1');
    54. 

  54.             exit();
    55. 

  55.         }
    56. 

  56. 

  57.         $addvar = $addvalue = '';
    58. 

  58. 

  59.         if(!empty($dede_fields))
    60. 

  60.         {
    61. 

  61. 

  62.             $fieldarr = explode(';', $dede_fields);
    63. 

  63.             if(is_array($fieldarr))
    64. 

  64.             {
    65. 

  65.                 foreach($fieldarr as $field)
    66. 

  66.                 {
    67. 

  67.                     if($field == '') continue;
    68. 

  68.                     $fieldinfo = explode(',', $field);
    69. 

  69.                     if($fieldinfo[1] == 'textdata')
    70. 

  70.                     {
    71. 

  71.                         ${$fieldinfo[0]} = FilterSearch(stripslashes(${$fieldinfo[0]}));
    72. 

  72.                         ${$fieldinfo[0]} = addslashes(${$fieldinfo[0]});
    73. 

  73.                     }
    74. 

  74.                     else
    75. 

  75.                     {
    76. 

  76.                         ${$fieldinfo[0]} = GetFieldValue(${$fieldinfo[0]}, $fieldinfo[1],0,'add','','diy', $fieldinfo[0]);
    77. 

  77.                     }
    78. 

  78.                     $addvar .= ', `'.$fieldinfo[0].'`';
    79. 

  79.                     $addvalue .= ", '".${$fieldinfo[0]}."'";
    80. 

  80.                 }
    81. 

  81.             }
    82. 

  82. 

  83.         }
    84. 

  84. 

  85.         $query = "INSERT INTO `{$diy->table}` (`id`, `ifcheck` $addvar)  VALUES (NULL, 0 $addvalue); ";
    86. 

  86. 

  87.         if($dsql->ExecuteNoneQuery($query))
    88. 

  88.         {
    89. 

  89.             $id = $dsql->GetLastID();
    90. 

  90.             if($diy->public == 2)
    91. 

  91.             {
    92. 

  92.                 //diy.php?action=view&diyid={$diy->diyid}&id=$id
    93. 

  93.                 $goto = "diy.php?action=list&diyid={$diy->diyid}";
    94. 

  94.                 $bkmsg = '发布成功,现在转向表单列表页...';
    95. 

  95.             }
    96. 

  96.             else
    97. 

  97.             {
    98. 

  98.                 $goto = !empty($cfg_cmspath) ? $cfg_cmspath : '/';
    99. 

  99.                 $bkmsg = '发布成功,请等待管理员处理...';
    100. 

  100.             }
    101. 

  101.             showmsg($bkmsg, $goto);
    102. 

  102.         }
    103. 

  103.     }
    104. 

  104. }
    105. 

  105. /*----------------------------
    106. 

  106. function list(){ }
    107. 

  107. ---------------------------*/
    108. 

  108. else if($action == 'list')
    109. 

  109. {
    110. 

  110.     if(empty($diy->public))
    111. 

  111.     {
    112. 

  112.         showMsg('后台关闭前台浏览', 'javascript:;');
    113. 

  113.         exit();
    114. 

  114.     }
    115. 

  115.     include_once DEDEINC.'/datalistcp.class.php';
    116. 

  116.     if($diy->public == 2)
    117. 

  117.         $query = "SELECT * FROM `{$diy->table}` ORDER BY id DESC";
    118. 

  118.     else
    119. 

  119.         $query = "SELECT * FROM `{$diy->table}` WHERE ifcheck=1 ORDER BY id DESC";
    120. 

  120. 

  121.     $datalist = new DataListCP();
    122. 

  122.     $datalist->pageSize = 10;
    123. 

  123.     $datalist->SetParameter('action', 'list');
    124. 

  124.     $datalist->SetParameter('diyid', $diyid);
    125. 

  125.     $datalist->SetTemplate(DEDEINC."/../templets/plus/{$diy->listTemplate}");
    126. 

  126.     $datalist->SetSource($query);
    127. 

  127.     $fieldlist = $diy->getFieldList();
    128. 

  128.     $datalist->Display();
    129. 

  129. }
    130. 

  130. else if($action == 'view')
    131. 

  131. {
    132. 

  132.     if(empty($diy->public))
    133. 

  133.     {
    134. 

  134.         showMsg('后台关闭前台浏览' , 'javascript:;');
    135. 

  135.         exit();
    136. 

  136.     }
    137. 

  137. 

  138.     if(empty($id))
    139. 

  139.     {
    140. 

  140.         showMsg('非法操作!未指定id', 'javascript:;');
    141. 

  141.         exit();
    142. 

  142.     }
    143. 

  143.     if($diy->public == 2)
    144. 

  144.     {
    145. 

  145.         $query = "SELECT * FROM {$diy->table} WHERE id='$id' ";
    146. 

  146.     }
    147. 

  147.     else
    148. 

  148.     {
    149. 

  149.         $query = "SELECT * FROM {$diy->table} WHERE id='$id' AND ifcheck=1";
    150. 

  150.     }
    151. 

  151.     $row = $dsql->GetOne($query);
    152. 

  152. 

  153.     if(!is_array($row))
    154. 

  154.     {
    155. 

  155.         showmsg('你访问的记录不存在或未经审核', '-1');
    156. 

  156.         exit();
    157. 

  157.     }
    158. 

  158. 

  159.     $fieldlist = $diy->getFieldList();
    160. 

  160.     include DEDEROOT."/templets/plus/{$diy->viewTemplate}";
    161. 

  161. }
    162.