www.gusucode.com > ShopEx481 & PHPWind 整合版码程序 > bbs/admin/manager.php
<?php !function_exists('adminmsg') && exit('Forbidden'); $basename = "$admin_file?adminjob=manager"; if (!is_writeable(D_P.'data/sql_config.php')) { adminmsg('manager_error'); } if (!$admin_name || !CkInArray($admin_name,$manager)) { adminmsg('undefined_action'); } if (empty($action)) { include PrintEot('manager');exit; } elseif ($action=='add') { if (empty($_POST['step'])) { include PrintEot('manager');exit; } else { InitGP(array('username','password','check_pwd')); if (empty($username) || CkInArray($username,$manager)) { adminmsg('manager_empty'); } $rs = $db->get_one("SELECT uid,groups FROM pw_members WHERE username='$username'"); if (empty($password) || $check_pwd != $password) { adminmsg('password_confirm'); } $S_key = array("\\",'&',' ',"'",'"','/','*',',','<','>',"\r","\t","\n",'#'); foreach ($S_key as $value) { if (strpos($password,$value)!==false) { adminmsg('illegal_password'); } } $password = md5($password); include D_P.'data/sql_config.php'; !is_array($manager) && $manager = array(); !is_array($manager_pwd) && $manager_pwd = array(); $newmanager = $newmngpwd = array(); foreach ($manager as $key => $value) { if (!empty($value) && !is_array($value)) { $newmanager[$key] = $value; $newmngpwd[$key] = $manager_pwd[$key]; } } $manager = array_merge($newmanager,array($username)); $manager_pwd = array_merge($newmngpwd,array($password)); $newconfig = array( 'dbhost' => $dbhost, 'dbuser' => $dbuser, 'dbpw' => $dbpw, 'dbname' => $dbname, 'database' => $database, 'PW' => $PW, 'pconnect' => $pconnect, 'charset' => $charset, 'manager' => $manager, 'manager_pwd' => $manager_pwd, 'db_hostweb' => $db_hostweb, 'attach_url' => $attach_url ); require_once(R_P.'require/updateset.php'); write_config($newconfig); if (!$rs) { $db->update("INSERT INTO pw_members SET username='$username',password='$password',groupid='3',regdate='$timestamp'"); $uid = $db->insert_id(); $db->update("INSERT INTO pw_memberdata (uid,postnum,lastvisit,thisvisit,onlineip) VALUES ('$uid','0','$timestamp','$timestamp','$onlineip')"); } else { $uid = $rs['uid']; $db->update("UPDATE pw_members SET password='$password',groupid='3' WHERE username='$username'"); } admincheck($uid,$username,'3',$rs['groups'],'update'); adminmsg('operate_success'); } } elseif ($action == 'edit') { InitGP(array('username')); if (!CkInArray($username,$manager)) { adminmsg('undefined_action'); } if (empty($_POST['step'])) { include PrintEot('manager');exit; } else { InitGP(array('newname','password','check_pwd')); include D_P.'data/sql_config.php'; $v_key = array_search($username,$manager); if ($password) { $check_pwd != $password && adminmsg('password_confirm'); $S_key = array("\\",'&',' ',"'",'"','/','*',',','<','>',"\r","\t","\n",'#'); foreach ($S_key as $value) { if (strpos($password,$value)!==false) { adminmsg('illegal_password'); } } $password = md5($password); } else { $password = $manager_pwd[$v_key]; } $rs = $db->get_one("SELECT uid,groups FROM pw_members WHERE username='$newname'"); require_once(R_P.'require/updateset.php'); $manager[$v_key] = $newname; $manager_pwd[$v_key] = $password; $newconfig = array( 'dbhost' => $dbhost, 'dbuser' => $dbuser, 'dbpw' => $dbpw, 'dbname' => $dbname, 'database' => $database, 'PW' => $PW, 'pconnect' => $pconnect, 'charset' => $charset, 'manager' => $manager, 'manager_pwd' => $manager_pwd, 'db_hostweb' => $db_hostweb, 'attach_url' => $attach_url ); write_config($newconfig); if (!$rs) { $db->update("INSERT INTO pw_members SET username='$newname',password='$password',groupid='3',regdate='$timestamp'"); $uid = $db->insert_id(); $db->update("INSERT INTO pw_memberdata (uid,postnum,lastvisit,thisvisit,onlineip) VALUES ('$uid','0','$timestamp','$timestamp','$onlineip')"); } else { $uid = $rs['uid']; $db->update("UPDATE pw_members SET password='$password',groupid='3' WHERE username='$newname'"); } admincheck($uid,$newname,'3',$rs['groups'],'update'); adminmsg('operate_success'); } } elseif ($_POST['action'] == 'delete') { InitGP(array('selid')); include D_P.'data/sql_config.php'; foreach ($selid as $key => $value) { $v_key = array_search($value,$manager); unset($manager[$v_key]); unset($manager_pwd[$v_key]); } if (count($manager) < 1) { adminmsg('manager_only'); } require_once(R_P.'require/updateset.php'); $newconfig = array( 'dbhost' => $dbhost, 'dbuser' => $dbuser, 'dbpw' => $dbpw, 'dbname' => $dbname, 'database' => $database, 'PW' => $PW, 'pconnect' => $pconnect, 'charset' => $charset, 'manager' => $manager, 'manager_pwd' => $manager_pwd, 'db_hostweb' => $db_hostweb, 'attach_url' => $attach_url ); write_config($newconfig); adminmsg('operate_success'); } ?>