www.gusucode.com > 电影影院门户论坛源码程序网站 > 整站安装/整站源码/uc_server/control/admin/admin.php
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: admin.php 1139 2012-05-08 09:02:11Z liulanbo $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$this->load('user');
$this->check_priv();
if(!$this->user['isfounder'] && !$this->user['allowadminbadword']) {
$this->message('no_permission_for_this_module');
}
}
function onls() {
$status = 0;
if(!empty($_POST['addname']) && $this->submitcheck()) {
$addname = getgpc('addname', 'P');
$this->view->assign('addname', $addname);
$uid = $this->db->result_first("SELECT uid FROM ".UC_DBTABLEPRE."members WHERE username='$addname'");
if($uid) {
$adminuid = $this->db->result_first("SELECT uid FROM ".UC_DBTABLEPRE."admins WHERE username='$addname'");
if($adminuid) {
$status = -1;
} else {
$allowadminsetting = getgpc('allowadminsetting', 'P');
$allowadminapp = getgpc('allowadminapp', 'P');
$allowadminuser = getgpc('allowadminuser', 'P');
$allowadminbadword = getgpc('allowadminbadword', 'P');
$allowadmincredits = getgpc('allowadmincredits', 'P');
$allowadmintag = getgpc('allowadmintag', 'P');
$allowadminpm = getgpc('allowadminpm', 'P');
$allowadmindomain = getgpc('allowadmindomain', 'P');
$allowadmindb = getgpc('allowadmindb', 'P');
$allowadminnote = getgpc('allowadminnote', 'P');
$allowadmincache = getgpc('allowadmincache', 'P');
$allowadminlog = getgpc('allowadminlog', 'P');
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."admins SET
uid='$uid',
username='$addname',
allowadminsetting='$allowadminsetting',
allowadminapp='$allowadminapp',
allowadminuser='$allowadminuser',
allowadminbadword='$allowadminbadword',
allowadmincredits='$allowadmincredits',
allowadmintag='$allowadmintag',
allowadminpm='$allowadminpm',
allowadmindomain='$allowadmindomain',
allowadmindb='$allowadmindb',
allowadminnote='$allowadminnote',
allowadmincache='$allowadmincache',
allowadminlog='$allowadminlog'");
$insertid = $this->db->insert_id();
if($insertid) {
$this->writelog('admin_add', 'username='.dhtmlspecialchars($addname));
$status = 1;
} else {
$status = -2;
}
}
} else {
$status = -3;
}
}
if(!empty($_POST['editpwsubmit']) && $this->submitcheck()) {
$oldpw = getgpc('oldpw', 'P');
$newpw = getgpc('newpw', 'P');
$newpw2 = getgpc('newpw2', 'P');
if(UC_FOUNDERPW == md5(md5($oldpw).UC_FOUNDERSALT)) {
$configfile = UC_ROOT.'./data/config.inc.php';
if(!is_writable($configfile)) {
$status = -4;
} else {
if($newpw != $newpw2) {
$status = -6;
} else {
$config = file_get_contents($configfile);
$salt = substr(uniqid(rand()), 0, 6);
$md5newpw = md5(md5($newpw).$salt);
$config = preg_replace("/define\('UC_FOUNDERSALT',\s*'.*?'\);/i", "define('UC_FOUNDERSALT', '$salt');", $config);
$config = preg_replace("/define\('UC_FOUNDERPW',\s*'.*?'\);/i", "define('UC_FOUNDERPW', '$md5newpw');", $config);
$fp = @fopen($configfile, 'w');
@fwrite($fp, $config);
@fclose($fp);
$status = 2;
$this->writelog('admin_pw_edit');
}
}
} else {
$status = -5;
}
}
$this->view->assign('status', $status);
if(!empty($_POST['delete'])) {
$uids = $this->implode(getgpc('delete', 'P'));
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."admins WHERE uid IN ($uids)");
}
$page = max(1, getgpc('page'));
$ppp = 15;
$totalnum = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."admins");
$start = $this->page_get_start($page, $ppp, $totalnum);
$userlist = $this->db->fetch_all("SELECT a.*,m.* FROM ".UC_DBTABLEPRE."admins a LEFT JOIN ".UC_DBTABLEPRE."members m USING(uid) LIMIT $start, $ppp");
$multipage = $this->page($totalnum, $ppp, $page, 'admin.php?m=admin&a=admin');
if($userlist) {
foreach($userlist as $key => $user) {
$user['regdate'] = $this->date($user['regdate']);
$userlist[$key] = $user;
}
}
$a = getgpc('a');
$this->view->assign('a', $a);
$this->view->assign('multipage', $multipage);
$this->view->assign('userlist', $userlist);
$this->view->display('admin_admin');
}
function onedit() {
$uid = getgpc('uid');
$status = 0;
if($this->submitcheck()) {
$allowadminsetting = getgpc('allowadminsetting', 'P');
$allowadminapp = getgpc('allowadminapp', 'P');
$allowadminuser = getgpc('allowadminuser', 'P');
$allowadminbadword = getgpc('allowadminbadword', 'P');
$allowadmintag = getgpc('allowadmintag', 'P');
$allowadminpm = getgpc('allowadminpm', 'P');
$allowadmincredits = getgpc('allowadmincredits', 'P');
$allowadmindomain = getgpc('allowadmindomain', 'P');
$allowadmindb = getgpc('allowadmindb', 'P');
$allowadminnote = getgpc('allowadminnote', 'P');
$allowadmincache = getgpc('allowadmincache', 'P');
$allowadminlog = getgpc('allowadminlog', 'P');
$this->db->query("UPDATE ".UC_DBTABLEPRE."admins SET
allowadminsetting='$allowadminsetting',
allowadminapp='$allowadminapp',
allowadminuser='$allowadminuser',
allowadminbadword='$allowadminbadword',
allowadmincredits='$allowadmincredits',
allowadmintag='$allowadmintag',
allowadminpm='$allowadminpm',
allowadmindomain='$allowadmindomain',
allowadmindb='$allowadmindb',
allowadminnote='$allowadminnote',
allowadmincache='$allowadmincache',
allowadminlog='$allowadminlog'
WHERE uid='$uid'");
$status = $this->db->errno() ? -1 : 1;
$this->writelog('admin_priv_edit', 'username='.dhtmlspecialchars($admin));
}
$admin = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."admins WHERE uid='$uid'");
$this->view->assign('uid', $uid);
$this->view->assign('admin', $admin);
$this->view->assign('status', $status);
$this->view->display('admin_admin');
}
}
?>