:::
9-5 index.php9-6 post.php
<?php
/*----引入檔案----*/
require_once "config.php";
require_once "function.php";
/*----整理傳進來的變數或變數初始值----*/
$op=isset($_REQUEST['op'])?$_REQUEST['op']:"";
$sn=isset($_REQUEST['sn'])?intval($_REQUEST['sn']):"";
$toolbar="<a href='index.php?g2p={$g2p}' class='btn btn-success btn-block'><i class='fa fa-home'></i> 新聞列表</a>";
$error_msg=$main="";
/*----流程控制----*/
switch ($op) {
case 'clear':
session_destroy();
header("location:post.php");
break;
case 'db_error':
$error_msg=error_msg("資料庫連線錯誤!!請檢查資料庫帳號、密碼是否正確!");
break;
case 'save':
save_news();
header("location:index.php");
exit;
break;
case 'update':
save_news($sn);
header("location:index.php?op=view&sn={$sn}");
exit;
break;
case 'modify':
$main=news_form($sn);
break;
default:
$main=news_form();
break;
}
/*----輸出----*/
show_page('post_tpl');
/*----所有函數----*/
//新聞編輯表單
function news_form($sn=""){
if(!isset($_SESSION['uid']) or empty($_SESSION['uid'])){
return "<div class='alert alert-danger'>請先登入</div>";
}
link_db();
if($sn){
//讀取eznews資料表所有欄位,並指定某一筆特定資料
$sql="select * from eznews where sn='$sn'";
//傳回值存到 $result 以供抓取資料用
$result=mysql_query($sql) or die("{$sql}<br>".mysql_error());
$news=mysql_fetch_assoc($result);
// foreach ($news as $k => $v) {
// $$k=$v;
// }
$news_title=$news['news_title'];
$news_content=$news['news_content'];
$ip=$news['ip'];
$author=$news['author'];
$post_time=$news['post_time'];
$def_cate_sn=$news['cate_sn'];
$next_op="update";
//抓附檔
$sql="select * from eznews_files where sn={$sn}";
$result=mysql_query($sql) or die("{$sql}<br>".mysql_error());
$files_list="請選擇欲刪除檔案:";
while($file=mysql_fetch_assoc($result)){
$files_list.="
<div>
<input type='checkbox' name='del_files[{$file['file_sn']}]' value='{$file['file_new_name']}'>
<a href='uploads/{$file['file_new_name']}' target='_blank'>{$file['file_name']}</a>
</div>";
}
}else{
$news_title="";
$news_content="";
$ip=$_SERVER['REMOTE_ADDR'];
$author=$_SESSION['uname'];
$post_time=date("Y-m-d H:i:s");
$def_cate_sn="";
$files_list="";
$news['status']="";
$next_op="save";
}
//製作分類的下拉選項
$sql="select * from eznews_cate";
$result=mysql_query($sql) or die($sql.'<br>'.mysql_error());
$cate_options="";
while(list($cate_sn , $cate_title)=mysql_fetch_row($result)){
$selected=($cate_sn==$def_cate_sn)?"selected":"";
$cate_options.="<option value='$cate_sn' $selected>$cate_title</option>";
}
$checked_default=(isset($news['status']) and $news['status']=="")?"checked":"";
$checked_top=(isset($news['status']) and $news['status']=="置頂")?"checked":"";
$checked_important=(isset($news['status']) and $news['status']=="高亮")?"checked":"";
$main=<<<form
<form action="post.php" method="post" role="form" enctype="multipart/form-data">
<div class="row">
<div class="col-md-7">
<div class="form-group">
<input type="text" name="news_title" placeholder="請輸入新聞標題" class="form-control" value="$news_title">
</div>
</div>
<div class="col-md-3">
<div class="form-group">
<label class="radio-inline">
<input type="radio" name="status" value="" $checked_default>正常
</label>
<label class="radio-inline">
<input type="radio" name="status" value="置頂" $checked_top>置頂
</label>
<label class="radio-inline">
<input type="radio" name="status" value="高亮" $checked_important>高亮
</label>
</div>
</div>
<div class="col-md-2">
<div class="form-group">
<input type="text" name="author" placeholder="請輸入發布者" class="form-control" value="$author">
</div>
</div>
</div>
<div class="form-group">
<textarea id="summernote" name="news_content" style="height:300px;" placeholder="請輸入新聞內容" class="form-control">$news_content</textarea>
</div>
<div class="row">
<div class="col-md-3">
<select name="cate_sn" class="form-control">
<option value="">請選擇分類</option>
$cate_options
</select>
</div>
<div class="col-md-3">
<input type="text" name="cate_title" class="form-control" placeholder="請輸入新分類">
</div>
<div class="col-md-3">
<div class="form-group">
<input type="text" name="post_time" id="datetimepicker" placeholder="請輸入發布日期" class="form-control" value="$post_time">
</div>
</div>
<div class="col-md-3">
<input type="hidden" name="ip" value="$ip">
<input type="hidden" name="sn" value="$sn">
<input type="hidden" name="op" value="$next_op">
<a href="post.php?op=clear" class="btn btn-danger">清除</a>
<input type="submit" value="儲存" class="btn btn-info">
</div>
</div>
<div class="row">
<div class="col-md-3">
<input type="file" name="files[]" multiple>
</div>
<div class="col-md-9">
$files_list
</div>
</div>
</form>
form;
return $main;
}
//儲存新聞
function save_news($sn=""){
if(!isset($_SESSION['uid']) or empty($_SESSION['uid'])){
return;
}
//過濾外面傳來的變數
$op=isset($_POST['op'])?$_POST['op']:"";
$password=isset($_POST['password'])?$_POST['password']:"";
$news_title=isset($_POST['news_title'])?check_input($_POST['news_title']):"";
$news_content=isset($_POST['news_content'])?check_input($_POST['news_content']):"";
$author=isset($_POST['author'])?check_input($_POST['author']):"";
$ip=isset($_POST['ip'])?check_input($_POST['ip']):"";
$post_time=isset($_POST['post_time'])?check_input($_POST['post_time']):"";
$status=isset($_POST['status'])?check_input($_POST['status']):"";
$cate_title=isset($_POST['cate_title'])?check_input($_POST['cate_title']):"";
$cate_sn=isset($_POST['cate_sn'])?intval($_POST['cate_sn']):"";
link_db();
//新增分類
if(empty($cate_sn) and !empty($cate_title)){
$sql="insert into eznews_cate (cate_title) values('$cate_title')";
mysql_query($sql) or die($sql."<br>".mysql_error());
$cate_sn=mysql_insert_id();
}elseif(!empty($cate_sn) and !empty($cate_title)){
//修改分類
$sql="update eznews_cate set cate_title='$cate_title' where cate_sn='$cate_sn'";
mysql_query($sql) or die($sql."<br>".mysql_error());
}
//存到資料庫
if($sn){
$sql="update eznews set cate_sn='$cate_sn', news_title='$news_title', news_content='$news_content', ip='$ip', author='$author', post_time='$post_time', status='$status' where sn='$sn' and uid='{$_SESSION['uid']}'";
mysql_query($sql) or die($sql."<br>".mysql_error());
}else{
$sql="insert into eznews (cate_sn,news_title, news_content, ip, author, uid, post_time,status) values('$cate_sn','$news_title', '$news_content', '$ip', '$author', '{$_SESSION['uid']}','$post_time', '$status')";
mysql_query($sql) or die($sql."<br>".mysql_error());
$sn=mysql_insert_id();
}
//刪除勾選的檔案
if(isset($_POST['del_files'])){
foreach ($_POST['del_files'] as $file_new_name) {
//刪除實體檔案
if(unlink("uploads/{$file_new_name}")){
//刪除資料庫紀錄
$sql="delete from eznews_files where file_new_name='$file_new_name'";
mysql_query($sql) or die($sql."<br>".mysql_error());
}
}
}
//上傳檔案
if(isset($_FILES)){
//建立資料夾
if(!is_dir('uploads')){
mkdir('uploads');
}
foreach($_FILES['files']['tmp_name'] as $i =>$tmp_name){
$ext=pathinfo($_FILES['files']['name'][$i], PATHINFO_EXTENSION);
$new=substr(md5($_FILES['files']['name'][$i]), -5);
$new_name="uploads/{$sn}_{$new}.{$ext}";
if(move_uploaded_file($tmp_name, $new_name)){
$sql="insert into eznews_files ( sn, file_name, file_size, file_type, file_new_name) values('$sn','{$_FILES['files']['name'][$i]}', '{$_FILES['files']['size'][$i]}}', '{$_FILES['files']['type'][$i]}', '{$sn}_{$new}.{$ext}')";
mysql_query($sql) or die($sql."<br>".mysql_error());
}
}
}
}
//替特殊符號加入反斜線
function check_input($value){
if (!get_magic_quotes_gpc()){
$value = addslashes($value);
}
return $value;
}
?>
