<?php
include "conn.php";
checkLogin("");
// Move all header operations to the top
$act = $_GET['act'] ?? '';
$cpid = $_GET['cpid'] ?? '';
$page = $_GET['Page'] ?? '';
$keys = urlencode($_GET['Keys'] ?? '');
$ord = urlencode($_GET['Ord'] ?? '');
// Check cpid validity before any output
if ($cpid == "" || !is_numeric($cpid)) {
header("Location: protector.php");
exit;
}
// Handle postchk action
if ($act == "postchk") {
if (isset($_POST['chkbox']) && is_array($_POST['chkbox'])) {
foreach ($_POST['chkbox'] as $id) {
$id = (int)$id;
$result = $conn->query("SELECT picurl FROM pic WHERE id = " . $id);
if ($row = $result->fetch_assoc()) {
if (strpos($row['picurl'], '/system/') === 0) {
$delfile = $_SERVER['DOCUMENT_ROOT'] . $row['picurl'];
if (file_exists($delfile)) {
unlink($delfile);
}
}
$conn->query("DELETE FROM pic WHERE id = " . $id);
}
}
}
header("Location: ?Keys=$keys&Ord=$ord&Page=$page&cpid=$cpid");
exit;
}
// Now start HTML output
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>管理区域</title>
<link rel="stylesheet" href="css/common.css" type="text/css" />
<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
<script type="text/javascript" src="js/js.js"></script>
</head>
<body>
<div id="man_zone">
<?php
// Get pictures for display
$result = $conn->query("SELECT id, picurl FROM pic WHERE cpid = " . (int)$cpid . " ORDER BY id DESC");
?>
<form method="post" name="form2" style="padding:5px;" action="picupload.php?cpid=<?php echo $cpid; ?>&Page=<?php echo $page; ?>&Keys=<?php echo $keys; ?>&Ord=<?php echo $ord; ?>"
enctype="multipart/form-data" onsubmit="if(this.filedata.value==''){return false;}" style="margin-bottom:10px;">
<input type="file" name="filedata" id="filedata" style="float:left;height:20px;border:1px solid #DBE6E3;background:#FFF;width:300px;margin-right:20px;" />
<input type="submit" value="上传" class="btn1" style="margin-left:10px" />
</form>
<form id="form1" method="post" action="?act=postchk&cpid=<?php echo $cpid; ?>&Page=<?php echo $page; ?>&Keys=<?php echo $keys; ?>&Ord=<?php echo $ord; ?>" onSubmit="return false">
<table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
<thead>
<tr>
<th width="4%"><input type="checkbox" name="chkall" id="chkall" onClick="chkboxall(this,'chkbox')" /></th>
<th width="6%">序号</th>
<th width="35%">缩略图</th>
</tr>
</thead>
<tbody>
<?php
if ($result->num_rows > 0) {
$tempNum = 0;
while ($row = $result->fetch_assoc()) {
$tempNum++;
?>
<tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">
<td align="center"><input type="checkbox" name="chkbox[]" value="<?php echo $row['id']; ?>" /></td>
<td align="center"><?php echo $tempNum; ?></td>
<td align="center"><img src="<?php echo $row['picurl']; ?>" height="50" /></td>
</tr>
<?php
}
} else {
?>
<tr>
<td align="center" colspan="4">当前还没有图片</td>
</tr>
<?php
}
?>
</tbody>
<tfoot>
<tr>
<td colspan="4">
<div class="postchkbox">
<select id="chkact" name="chkact">
<option value="-1">删除</option>
</select>
<input type="button" value="执行" onClick="postchk(1)" class="btn1" />
<input type="button" value="返回" onClick="location.href='product.php?Keys=<?php echo $keys; ?>&Ord=<?php echo $ord; ?>&Page=<?php echo $page; ?>&act=edit&id=<?php echo $cpid; ?>'" class="btn1" />
</div>
</td>
</tr>
</tfoot>
</table>
</form>
</div>
</body>
</html>