www.gusucode.com > ShopEx481 & PHPWind 整合版码程序 > bbs/admin/setuser.php
<?php !function_exists('adminmsg') && exit('Forbidden'); $basename = "$admin_file?adminjob=setuser"; require_once GetLang('all'); if (empty($action)) { $groupselect = "<option value='-1'>$lang[reg_member]</option>"; $g_sel = ''; $query = $db->query("SELECT gid,gptype,grouptitle FROM pw_usergroups WHERE gptype<>'member' AND gptype<>'default' ORDER BY gid"); while ($group = $db->fetch_array($query)) { $groupselect .= "<option value=\"$group[gid]\">$group[grouptitle]</option>"; $g_sel .= "<option value=\"$group[gid]\">$group[grouptitle]</option>"; } include PrintEot('setuser');exit; } elseif ($_POST['action']=='addnew') { InitGP(array('username','password','email','groupid'),'P'); if (!$username || !$password || !$email) { adminmsg('setuser_empty'); } !$groupid && $groupid = '-1'; $username = trim($username); $S_key = array("\\",'&',' ',"'",'"','/','*',',','<','>',"\r","\t","\n",'#'); foreach ($S_key as $value) { if (strpos($username,$value)!==false) { adminmsg('illegal_username'); } if (strpos($password,$value)!==false) { adminmsg('illegal_password'); } } if (strlen($username)>14 || strrpos($username,"|")!==false || strrpos($username,'.')!==false || strrpos($username,' ')!==false || strrpos($username,"'")!==false || strrpos($username,'/')!==false || strrpos($username,'*')!==false || strrpos($username,";")!==false || strrpos($username,",")!==false || strrpos($username,"<")!==false || strrpos($username,">")!==false) { adminmsg('illegal_username'); } if (strrpos($password,"\r")!==false || strrpos($password,"\t")!==false || strrpos($password,"|")!==false || strrpos($password,"<")!==false || strrpos($password,">")!==false) { adminmsg('illegal_password'); } else { $password = md5($password); } if ($email&&!ereg("^[-a-zA-Z0-9_\.]+\@([0-9A-Za-z][0-9A-Za-z-]+\.)+[A-Za-z]{2,3}$",$email)) { adminmsg('illegal_email'); } $rs = $db->get_one("SELECT COUNT(*) AS count FROM pw_members WHERE username='$username'"); if ($rs['count']>0) { adminmsg('username_exists'); } if ($groupid=='3' && !If_manager) { adminmsg('manager_right'); } asort($lneed); $memberid = key($lneed); $db->update("INSERT INTO pw_members(username,password,email,groupid,memberid,regdate) VALUES('$username','$password','$email','$groupid','$memberid','$timestamp')"); $winduid=$db->insert_id(); $db->update("INSERT INTO pw_memberdata (uid,lastvisit,thisvisit) VALUES ('$winduid','$timestamp','$timestamp')"); $db->update("UPDATE pw_bbsinfo SET newmember='$username',totalmember=totalmember+1 WHERE id='1'"); if ($groupid <> '-1') { admincheck($winduid,$username,$groupid,'','update'); } adminmsg('operate_success'); } elseif ($action=='search') { require_once(R_P.'require/forum.php'); InitGP(array('groupid','schname','schname_s','schemail','userip','regdate','schlastvisit','orderway','asc','lines','page')); if (!$groups && !$schname && !$schemail && !$groupid && !$userip && $regdate=='all' && $schlastvisit=='all') { adminmsg('noenough_condition'); } $sql = is_numeric($groupid) ? "m.groupid='$groupid'" : 1; $order = ''; $schname = trim($schname); if ($schname!='') { $schname = addslashes(str_replace('*','%',$schname)); $sql .= $schname_s==1 ? " AND m.username = '$schname'" : " AND (m.username LIKE '$schname')"; } if ($schemail!='') { $schemail = str_replace('*','%',$schemail); $sql .= " AND (m.email LIKE '$schemail')"; } if ($userip!='') { $userip = str_replace('*','%',$userip); $sql .= " AND (md.onlineip LIKE '$userip%')"; } if ($regdate!='all' && is_numeric($regdate)) { $schtime = $timestamp-$regdate; $sql .= " AND m.regdate<'$schtime'"; } if ($schlastvisit!='all' && is_numeric($schlastvisit)) { $schtime = $timestamp-$schlastvisit; $sql .= " AND md.thisvisit<'$schtime'"; } if ($orderway) { $order = "ORDER BY '$orderway'"; $asc=='DESC' && $order .= " $asc"; } $rs = $db->get_one("SELECT COUNT(*) AS count FROM pw_members m LEFT JOIN pw_memberdata md ON md.uid=m.uid WHERE $sql"); $count = $rs['count']; !is_numeric($lines) && $lines=100; (!is_numeric($page) || $page < 1) && $page=1; $numofpage = ceil($count/$lines); if ($numofpage && $page>$numofpage) { $page = $numofpage; } $pages=numofpage($count,$page,$numofpage,"$admin_file?adminjob=setuser&action=$action&schname=".rawurlencode($schname)."&groupid=$groupid&schemail=$schemail®date=$regdate&schlastvisit=$schlastvisit&orderway=$orderway&lines=$lines&asc=$asc&"); $start = ($page-1)*$lines; $limit = "LIMIT $start,$lines"; $groupselect = "<option value='-1'>$lang[reg_member]</option>"; $query = $db->query("SELECT gid,gptype,grouptitle FROM pw_usergroups WHERE gid>2 AND gptype<>'member' ORDER BY gid"); while ($group = $db->fetch_array($query)) { $gid = $group['gid']; $groupselect .= "<option value='$gid'>$group[grouptitle]</option>"; } $schdb = array(); $query = $db->query("SELECT m.uid,m.username,m.email,m.groupid,m.memberid,m.regdate,md.postnum,md.onlineip FROM pw_members m LEFT JOIN pw_memberdata md ON md.uid=m.uid WHERE $sql $order $limit"); while ($sch = $db->fetch_array($query)) { $sch['regdate']= get_date($sch['regdate']); strpos($sch['onlineip'],'|') && $sch['onlineip']=substr($sch['onlineip'],0,strpos($sch['onlineip'],'|')); if ($sch['groupid']=='-1') { $sch['groupselect'] = str_replace("<option value='-1'>$lang[reg_member]</option>","<option value='-1' selected>$lang[reg_member]</option>",$groupselect); } else { $sch['groupselect'] = str_replace("<option value='$sch[groupid]'>".$ltitle[$sch['groupid']]."</option>","<option value='$sch[groupid]' selected>".$ltitle[$sch['groupid']]."</option>",$groupselect); } $schdb[] = $sch; } include PrintEot('setuser');exit; } elseif ($action == 'groups') { InitGP(array('groupid','schname','schname_s'),'P'); $sql = is_numeric($groupid) ? "a.groups LIKE '%,$groupid,%'" : "a.groups!=''"; $schname = trim($schname); if ($schname!='') { $schname = addslashes(str_replace('*','%',$schname)); $sql .= $schname_s==1 ? " AND a.username='$schname'" : " AND (a.username LIKE '$schname')"; } $query = $db->query("SELECT a.uid,a.username,a.groupid,a.groups,m.memberid FROM pw_administrators a LEFT JOIN pw_members m USING(uid) WHERE $sql LIMIT 200"); while ($rt = $db->fetch_array($query)) { $rt['system'] = $rt['groupid']=='-1' ? $ltitle[$rt['memberid']] : $ltitle[$rt['groupid']]; $groupds = explode(',',$rt['groups']); foreach ($groupds as $key => $value) { if ($value) { $rt['gtitle'] .= $ltitle[$value].' '; } } $schdb[] = $rt; } include PrintEot('setuser');exit; } elseif ($_POST['action']=='edutgroup') { InitGP(array('gid'),'P'); if (!$gid) adminmsg('operate_error'); foreach ($gid as $uid => $groupid) { if ($uid) { $rt = $db->get_one("SELECT username,groupid,groups FROM pw_members WHERE uid='$uid'"); if ($rt['groupid']==3 && $groupid!=3 && !If_manager) { adminmsg('manager_right'); } elseif ($rt['groupid']!=3 && $groupid==3 && !If_manager) { adminmsg('manager_right'); } elseif ($rt['groupid']==5 && $groupid==-1 || $rt['groupid']!=5 && $groupid==5) { adminmsg('setuser_forumadmin'); } elseif ($rt['groupid']==6 && $groupid!=6) { $db->update("DELETE FROM pw_banuser WHERE uid='$uid'"); } elseif ($rt['groupid']!=6 && $groupid==6) { $db->update("REPLACE INTO pw_banuser VALUES('$uid','2','$timestamp','','".addslashes($admin_name)."','')"); } $groups = $rt['groups']; if ($groups && strpos($groups,','.$groupid.',')!==false) { $groups = str_replace(','.$groupid.',',',',$groups); $groups == ',' && $groups = ''; } $db->update("UPDATE pw_members SET groupid='$groupid',groups='$groups' WHERE uid='$uid'"); if ($groupid <> '-1' || $groups) { admincheck($uid,$rt['username'],$groupid,$groups,'update'); } elseif ($rt['groupid'] <> '-1' || $rt['groups']) { admincheck($uid,$rt['username'],$groupid,$groups,'delete'); } } } adminmsg('operate_success'); } elseif ($action=='edit') { InitGP(array('uid')); include_once(D_P.'data/bbscache/customfield.php'); require_once(R_P.'require/showimg.php'); $fieldadd = ''; foreach ($customfield as $key=>$val) { $val['id'] = (int) $val['id']; $fieldadd .= ",mb.field_$val[id]"; } if (empty($_POST['step'])) { @extract($db->get_one("SELECT m.*,md.onlinetime,md.postnum,md.rvrc,md.money,md.credit,md.lastvisit,md.thisvisit,md.lastpost,md.todaypost,md.onlineip,md.uploadtime,md.uploadnum,md.editor,mb.deposit,mb.ddeposit $fieldadd FROM pw_members m LEFT JOIN pw_memberinfo mb ON m.uid=mb.uid LEFT JOIN pw_memberdata md ON md.uid=m.uid WHERE m.uid='$uid'")); $rvrc = floor($rvrc/10); if (strpos($onlineip,'|')) { $onlineip = substr($onlineip,0,strpos($onlineip,'|')); } $regdate=get_date($regdate); $ifchecked=$publicmail ? 'checked' : ''; $receivemail ? $email_open='checked' : $email_close='checked'; $sexselect[$gender]='selected'; $selected[$groupid]='selected'; $getbirthday = explode("-",$bday); $yearslect[(int)$getbirthday[0]]="selected"; $monthslect[(int)$getbirthday[1]]="selected"; $dayslect[(int)$getbirthday[2]]="selected"; $groups=explode(',',$groups); foreach ($groups as $key => $value) { ${'check_'.$value}='checked'; } $usergroup="<table cellspacing='0' cellpadding='0' border='0' width='100%' align='center'><tr>"; $groupselect="<option value='-1' $selected[member]>$lang[reg_member]</option>"; $query=$db->query("SELECT gid,gptype,grouptitle FROM pw_usergroups WHERE gid>2 AND gptype<>'member' ORDER BY gid"); while ($rt = $db->fetch_array($query)) { $gid = $rt['gid']; $groupselect.="<option value='$gid' $selected[$gid]>$rt[grouptitle]</option>"; if ($rt['gid'] != $groupid) { $num++; $htm_tr=$num%3==0 ? '</tr><tr>' : ''; $ifchecked=${'check_'.$rt['gid']}; $usergroup.="<td><input type='checkbox' name='groups[]' value='$rt[gid]' $ifchecked>$rt[grouptitle]</td>$htm_tr"; } } $usergroup.="</tr></table>"; list($iconurl,$icontype,$iconwidth,$iconheight,$iconfile,$iconpig) = showfacedesign($icon,true); $iconsize = $httpurl = ''; $disabled = 'disabled'; $width2 = $width3 = $iconwidth; $height2 = $height3 = $iconheight; $iconwidth && $iconsize = " width=\"$iconwidth\""; $iconheight && $iconsize .= " height=\"$iconheight\""; if ($icontype == 2) { $httpurl = $iconurl; $width3 = $height3 = ''; } elseif ($icontype == 3) { $width2 = $height2 = $disabled = ''; } $ifselected = false; $fp = opendir($imgdir.'/face/'); while ($facefile = readdir($fp)) { if (preg_match('/\.(gif|png|jpg|jepg)$/i',$facefile)) { if ($facefile==$iconfile) { $ifselected = true; $faces .= "<option value=\"$facefile\" selected>$facefile</option>"; } else { $fselected = (!$ifselected && $facefile=='none.gif') ? 'selected' : ''; $faces .= "<option value=\"$facefile\" $fselected>$facefile</option>"; } } } closedir($fp); include PrintEot('setuser');exit; } elseif ($_POST['step']==2) { InitGP(array('groupid','groups','username','password','check_pwd','email','publicmail','receivemail','regdate','yz','userip','facetype','proicon','delupload','postnum','rvrc','money','deposit','ddeposit','credit','onlinetime','site','location','oicq','icq','msn','yahoo','honor','gender','year','month','day','signature','introduce','banpm','question','customquest','answer'),'P'); $basename .= "&action=edit&uid=$uid"; $oldinfo=$db->get_one("SELECT username,groupid,groups,icon FROM pw_members WHERE uid='$uid'"); if ($oldinfo['username']!=stripcslashes($username)) { $rs = $db->get_one("SELECT COUNT(*) AS count FROM pw_members WHERE username='$username'"); if ($rs['count']>0) { adminmsg('username_exists'); } } if ($password!='') { $password!=$check_pwd && adminmsg('password_confirm'); $password = md5($password); $setpassword = ",password='$password'"; } else{ $setpassword = ''; } if ($question!='-2') { $safecv = questcode($question,$customquest,$answer); $safecvadd = ",safecv='$safecv'"; } else { $safecvadd = ''; } $newgroups = $groups ? ','.implode(',',$groups).',' : ''; $newgroups = str_replace(','.$groupid.',',',',$newgroups); if (($oldinfo['groupid']=='3' || strpos($oldinfo['groups'],',3,')!==false) && !If_manager) { adminmsg('manager_right'); } elseif ($oldinfo['groupid']!='3' && ($groupid=='3' || strpos($newgroups,',3,')!==false) && !If_manager) { adminmsg('manager_right'); } if (ifadmin($oldinfo['username']) && $groupid!='5' && strpos($newgroups,',5,')===false) { if (strpos($oldinfo['groups'],',5,')!==false) { adminmsg('setuser_forumadmin'); } else{ $newgroups.=$newgroups ? '5,' : ',5,'; } } elseif (!ifadmin($oldinfo['username']) && ($groupid=='5' || strpos($newgroups,',5,')!==false)) { adminmsg('setuser_forumadmin'); } elseif (($oldinfo['groupid']=='6' && $groupid != '6' && strpos($newgroups,',6,')===false) || ($oldinfo['groupid']!='6' && ($groupid == '6' || strpos($newgroups,',6,')!==false))) { adminmsg('setuser_ban'); } $newgroups == ',' && $newgroups = ''; if ($groupid <> '-1' || $newgroups) { admincheck($uid,$username,$groupid,$newgroups,'update'); } elseif ($oldinfo['groupid'] <> '-1' || $oldinfo['groups']) { admincheck($uid,$username,$groupid,$newgroups,'delete'); } $newgroups = $newgroups!=$oldinfo['groups'] ? ",groups='$newgroups'" : ''; $ftp = null; if ($db_ifftp) { require_once(R_P.'require/ftp.php'); $ftp = new FTP($ftp_server,$ftp_port,$ftp_user,$ftp_pass,$ftp_dir); } list($iconurl,$icontype,$iconwidth,$iconheight,$iconfile,$iconpig) = showfacedesign(addslashes($oldinfo['icon']),true); if ($facetype==2) { if (substr($_POST['i_http'],0,4)!='http' || strrpos($_POST['i_http'],'|')!==false) { adminmsg('illegal_customimg'); } $icontype==3 && DelIcon($iconfile); $i_w = (int)$_POST['i_w']; $i_h = (int)$_POST['i_h']; $iconfile = $_POST['i_http']; list($iconwidth,$iconheight) = getfacelen($i_w,$i_h); } elseif ($facetype==3 && $delupload) { DelIcon($delupload); $facetype = $icontype = 1; $proicon = 'none.gif'; } $facetype!=1 && $facetype!=2 && $facetype!=3 && $facetype = $icontype; if ($facetype==1) { if ($icontype!=1) { $icontype==3 && DelIcon($iconfile); if (!file_exists("$imgdir/face/$proicon")) { $proicon = 'none.gif'; } } if (!empty($proicon)) { if (strlen($proicon)>20 || !preg_match('/^[0-9A-Za-z]+\.[A-Za-z]{2,5}$/',$proicon)) { adminmsg('undefined_action'); } $iconfile = $proicon; } $iconwidth = $iconheight = 0; } $iconwidth < 1 && $iconwidth = ''; $iconheight < 1 && $iconheight = ''; $icon = "$iconfile|$facetype|$iconwidth|$iconheight"; $iconpig && $icon .= "|$iconpig"; strlen($icon)>100 && adminmsg('illegal_customimg'); if ($ftp) { $ftp->close(); unset($ftp); } $bday = $year."-".$month."-".$day; $rvrc*=10; $regdate = PwStrtoTime($regdate); if ($oldinfo['username']!=stripcslashes($username)) { $db->update("UPDATE pw_threads SET author='$username' WHERE authorid='$uid'"); $ptable_a=array('pw_posts'); if ($db_plist) { $p_list=explode(',',$db_plist); foreach ($p_list as $val) { $ptable_a[]='pw_posts'.$val; } } foreach ($ptable_a as $val) { $db->update("UPDATE $val SET author='$username' WHERE authorid='$uid'"); } $db->update("UPDATE pw_cmembers SET username='$username' WHERE uid='$uid'"); $db->update("UPDATE pw_argument SET author='$username' WHERE authorid='$uid'"); $db->update("UPDATE pw_colonys SET admin='$username' WHERE admin='".addslashes($oldinfo['username'])."'"); $db->update("UPDATE pw_announce SET author='$username' WHERE author='".addslashes($oldinfo['username'])."'"); $query = $db->query("SELECT fid,forumadmin,fupadmin FROM pw_forums WHERE forumadmin LIKE '%,".addslashes($oldinfo['username']).",%' OR fupadmin LIKE '%,".addslashes($oldinfo['username']).",%'"); while ($rt = $db->fetch_array($query)) { $rt['forumadmin'] = str_replace(",$oldinfo[username],",",$username,",$rt['forumadmin']); $rt['fupadmin'] = str_replace(",$oldinfo[username],",",$username,",$rt['fupadmin']); $db->update("UPDATE pw_forums SET forumadmin='".addslashes($rt['forumadmin'])."',fupadmin='".addslashes($rt['fupadmin'])."' WHERE fid='$rt[fid]'"); } } $db->update("UPDATE pw_members SET username='$username' $setpassword $safecvadd,gender='$gender',email='$email' $newgroups,regdate='$regdate',publicmail='".(int)$publicmail."',receivemail='$receivemail',groupid='$groupid',icon='$icon',site='$site',oicq='$oicq',icq='$icq',msn='$msn',yahoo='$yahoo',location='$location',bday='$bday',honor='$honor',yz='$yz',signature='$signature',introduce='$introduce',banpm='$banpm' WHERE uid='$uid'"); $db->update("UPDATE pw_memberdata SET rvrc='$rvrc',money='$money',credit='$credit',postnum='$postnum',onlinetime='$onlinetime',onlineip='$userip' WHERE uid='$uid'"); $mi = $db->get_one("SELECT uid,deposit,ddeposit $fieldadd FROM pw_memberinfo mb WHERE uid='$uid'"); if (!$mi) { if ($deposit || $ddeposit) { $db->update("INSERT INTO pw_memberinfo SET uid='$uid',deposit='$deposit',ddeposit='$ddeposit'"); } } elseif ($deposit!=$mi['deposit'] || $ddeposit!=$mi['ddeposit']) { $db->update("UPDATE pw_memberinfo SET deposit='$deposit',ddeposit='$ddeposit' WHERE uid='$uid'"); } if ($customfield) { $fieldadd = ''; foreach ($customfield as $key=>$val) { $field = "field_".(int)$val['id']; InitGP(array($field),'P'); if ($mi[$field] != $$field) { $$field = Char_cv($$field); $fieldadd .= $fieldadd ? ",$field='{$$field}'" : "$field='{$$field}'"; } } if ($fieldadd) { $db->pw_update( "SELECT uid FROM pw_memberinfo WHERE uid='$uid'", "UPDATE pw_memberinfo SET $fieldadd WHERE uid='$uid'", "INSERT INTO pw_memberinfo SET uid='$uid',$fieldadd" ); } } adminmsg('operate_success'); } } ?>