www.gusucode.com > weenCompany闻名企业网站系统 4.0.0 繁体中英文 UTF8源码程序 > admin/users.php
<?php // +---------------------------------------------+ // | Copyright 2003 - 2005 weenCompany | // | http://www.weentech.com | // | This file may not be redistributed. | // +---------------------------------------------+ define('IN_ADMIN', true); define('IN_WEENCOMPANY', true); $rootpath = "./../"; include($rootpath . 'includes/core.php'); PrintHeader('用戶管理'); // get the value of $action $action = isset($_POST['action']) ? $_POST['action'] : (isset($_GET['action']) ? $_GET['action'] : 'displayusers'); if($usersystem['name'] != 'weenCompany') { $usersystemerror[] = '網站系統正在使用論壇接口並使用論壇用戶系統及數據庫. 此管理頁僅用於管理weenCompany網站系統的用戶, 當使用論壇接口後, 在此添加或設置用戶將無法登陸或體現新設置的內容, 直至取消論壇接口使用網站用戶系統.'; PrintErrors($usersystemerror, '正在使用論壇接口'); } // ################################ INSERT USER ################################ if($action == 'insertuser') { $usergroupid = $_POST['usergroupid']; $username = trim($_POST['nameofuser']); $password = trim($_POST['password']); $passwordconfirm = trim($_POST['passwordconfirm']); $email = $_POST['email']; $userfullname = trim($_POST['userfullname']); $usercompany = trim($_POST['usercompany']); $useradd = trim($_POST['useradd']); $userpostcode = trim($_POST['userpostcode']); $usertel = trim($_POST['usertel']); $userfax = trim($_POST['userfax']); $useronline = trim($_POST['useronline']); $userwebsite = trim($_POST['userwebsite']); // error checking if(strlen($username) == 0) $errors[] = '請輸入用戶名!'; if(strlen($password) == 0) $errors[] = '請輸入密碼!'; if($password != $passwordconfirm) $errors[] = '確認密碼與原密碼不相同!'; if(strlen($email) == 0) $errors[] = '請輸入Email地址!'; $registered = $DB->query_first("SELECT userid FROM " . TABLE_PREFIX . "users WHERE username = '$username'"); if(isset($registered)) { Errmsg('用戶名已存在, 請重新輸入!'); } if(!isset($errors)) { $DB->query("INSERT INTO " . TABLE_PREFIX . "users (usergroupid, username, password, email, activated, joindate, userfullname, usercompany, useradd, userpostcode, usertel, userfax, useronline, userwebsite) VALUES ('$usergroupid', '$username', '".md5($password)."', '$email', 1, '".time()."', '$userfullname', '$usercompany', '$useradd', '$userpostcode', '$usertel', '$userfax', '$useronline', '$userwebsite')"); PrintRedirect('users.php?action=displayusers', 1); } else { PrintErrors($errors, '添加用戶錯誤'); $action = 'displayuserform'; } } // ################################ UPDATE USER ################################ if($action == 'updateuser') { $userid = $_POST['userid']; $usergroupid = $_POST['usergroupid']; $username = trim($_POST['nameofuser']); $password = trim($_POST['password']); $passwordconfirm = trim($_POST['passwordconfirm']); $email = $_POST['email']; $banned = iif($_POST['banned'] == 'on', 1, 0); $activated = iif($_POST['activated'] == 'on', 1, 0); $letter = isset($_POST['letter']) ? $_POST['letter'] : ''; $userfullname = trim($_POST['userfullname']); $usercompany = trim($_POST['usercompany']); $useradd = trim($_POST['useradd']); $userpostcode = trim($_POST['userpostcode']); $usertel = trim($_POST['usertel']); $userfax = trim($_POST['userfax']); $useronline = trim($_POST['useronline']); $userwebsite = trim($_POST['userwebsite']); // error checking if(strlen($username) == 0) $errors[] = '用戶名不能為空!'; if(strlen($password) OR strlen($passwordconfirm)) { if(strcmp($password, $passwordconfirm)) // return 0 if it's a match { $errors[] = '確認密碼與原密碼不相同!'; } } if($_POST['oldname'] != $username) { $registered = $DB->query_first("SELECT userid FROM " . TABLE_PREFIX . "users WHERE username = '$username'"); if(isset($registered)) { Errmsg('用戶名已存在, 請重新輸入!'); } } if($DB->query_first("SELECT email FROM " . TABLE_PREFIX . "users WHERE email = '$email' and userid != '$userid'")) { Errmsg('Email地址已被使用, 請重新輸入!'); } if(!isset($errors)) { if($_POST['oldname'] == $userinfo['username']) { $DB->query("UPDATE " . TABLE_PREFIX . "users SET username = '$username', email = '$email', userfullname = '$userfullname', usercompany = '$usercompany', useradd = '$useradd', userpostcode = '$userpostcode', usertel = '$usertel', userfax = '$userfax', useronline = '$useronline', userwebsite = '$userwebsite' WHERE userid = '$userid'"); } else { $DB->query("UPDATE " . TABLE_PREFIX . "users SET usergroupid = '$usergroupid', username = '$username', email = '$email', banned = '$banned', activated = '$activated', userfullname = '$userfullname', usercompany = '$usercompany', useradd = '$useradd', userpostcode = '$userpostcode', usertel = '$usertel', userfax = '$userfax', useronline = '$useronline', userwebsite = '$userwebsite' WHERE userid = '$userid'"); } // change password? if(strlen($password) > 0) { $DB->query("UPDATE " . TABLE_PREFIX . "users SET password = '" . md5($password) . "' WHERE userid = '$userid'"); } if($_POST['selfactivated'] == 0 and $activated ==1) { $DB->query("UPDATE " . TABLE_PREFIX . "users SET validationkey = '' WHERE userid = '$userid'"); } PrintRedirect('users.php?action=displayusers&letter=' . $letter, 1); } else { PrintErrors($errors, '編輯用戶錯誤'); $action = 'displayuserform'; } } // ############################### DELETE USERS ################################ if($action == 'deleteusers') { $deleteuserids = $_POST['deleteuserids']; $letter = isset($_POST['letter']) ? $_POST['letter'] : ''; $confirmdelete = isset($_POST['confirmdelete']) ? $_POST['confirmdelete'] : '0'; $errors = array(); if($confirmdelete == ' 取消 ') { $action = 'displayusers'; } else if($confirmdelete == '0') { // get the users for($i = 0, $deleteusernames = '', $hiddenvalues = ''; $i < count($deleteuserids); $i++) { $user = $DB->query_first("SELECT username FROM " . TABLE_PREFIX . "users WHERE userid = '" . $deleteuserids[$i] . "'"); $deleteusernames .= ($i + 1) . ') ' . $user['username'] . '<br />'; $hiddenvalues .= '<input type="hidden" name="deleteuserids[]" value="' . $deleteuserids[$i] . '" />'; } $description = '<b>確定刪除以下用戶嗎?</b><br /><br />' . $deleteusernames; $hiddenvalues .= '<input type="hidden" name="action" value="deleteusers" /> <input type="hidden" name="letter" value="' . $letter . '" />'; // arguments: description, hidden input values, form redirect page ConfirmDelete($description, $hiddenvalues, 'users.php'); } else if($confirmdelete == ' 確定 ') { for($i = 0; $i < count($deleteuserids); $i++) { // Can't delete your own user account if($deleteuserids[$i] != $userinfo['userid']) { $DB->query("DELETE FROM " . TABLE_PREFIX . "users WHERE userid = '" . $deleteuserids[$i] . "'"); } else { $errors[] = "呵呵, 您無法刪除自己!"; } } if(count($errors) > 0) { PrintErrors($errors, '刪除用戶錯誤'); PrintRedirect('users.php?action=displayusers&letter=' . $letter, 5); } else { // redirect PrintRedirect('users.php?action=displayusers&letter=' . $letter, 1); } } } // ############################ DISPLAY USER FORUM ############################# if($action == 'displayuserform') { $userid = isset($_GET['userid']) ? $_GET['userid'] : (isset($_POST['userid']) ? $_POST['userid'] : 0); $letter = isset($_GET['letter']) ? $_GET['letter'] : NULL; $getsettings = $DB->query("SELECT title, value FROM " . TABLE_PREFIX . "modulesettings WHERE moduleid = '12'"); while($setting = $DB->fetch_array($getsettings)) { $settings[$setting['title']] = $setting['value']; } if(isset($errors)) { // new user with errors, redisplaying the form $user = array('userid' => $_POST['userid'], 'usergroupid' => $_POST['usergroupid'], 'username' => $_POST['nameofuser'], 'email' => $_POST['email'], 'banned' => $_POST['banned'], 'activated' => $_POST['activated'], 'userfullname' => $_POST['userfullname'], 'usercompany' => $_POST['usercompany'], 'useradd' => $_POST['useradd'], 'userpostcode' => $_POST['userpostcode'], 'usertel' => $_POST['usertel'], 'userfax' => $_POST['userfax'], 'useronline' => $_POST['useronline'], 'userwebsite' => $_POST['userwebsite'] ); } else if($userid) { // edit user $user = $DB->query_first("SELECT * FROM " . TABLE_PREFIX . "users WHERE userid = '$userid'"); } else { // new user $user = array('userid' => 0, 'usergroupid' => 3, // Registered Users (lets leave it as the default) 'username' => '', 'email' => '', 'banned' => '0', 'activated' => '1'); } if($userid) { PrintSection('編輯用戶: ' . $user['username']); } else { PrintSection('添加用戶'); $message_info = ' <font class=oh_red>*</font> '; } // get usergroups $getusergroups = $DB->query("SELECT usergroupid, name FROM " . TABLE_PREFIX . "usergroups ORDER BY usergroupid"); // a few variable names here are a bit strange such as nameofuser // this is so that browsers won't store saved information when viewing user details! echo '<form method="post" action="./users.php"> <input type="hidden" name="action" value="' . iif($userid, 'updateuser', 'insertuser') . '" /> <input type="hidden" name="userid" value="' . $user['userid'] . '" /> <input type="hidden" name="selfactivated" value="' . $user['activated'] . '" /> <input type="hidden" name="oldname" value="' . $user['username'] . '" /> <input type="hidden" name="letter" value="' . $letter . '" /> <table width="100%" border="0" cellpadding="5" cellspacing="0"> <tr> <td class="tdrow2" width="40%">所屬用戶群組:</td> <td class="tdrow3"><select name="usergroupid" ' . iif($user['username'] == $userinfo['username'] AND $userid, 'disabled') .'>'; while($usergroup = $DB->fetch_array($getusergroups)) { echo '<option value="' . $usergroup['usergroupid'] . '" ' . iif($user['usergroupid'] == $usergroup['usergroupid'], 'SELECTED', '') . '>' . $usergroup['name'] . '</option>'; } echo ' </select> </td> </tr> <tr> <td class="tdrow2" width="40%">用戶名'.$message_info.':</td> <td class="tdrow3"><input type="text" name="nameofuser" value="'.CleanFormValue($user['username']).'" size="40" /></td> </tr> <tr> <td class="tdrow2">密碼'.$message_info.':</td> <td class="tdrow3"><input type="password" name="password" size="40" /></td> </tr> <tr> <td class="tdrow2">確認密碼'.$message_info.':</td> <td class="tdrow3"><input type="password" name="passwordconfirm" size="40" /></td> </tr> <tr> <td class="tdrow2">Email地址'.$message_info.':</td> <td class="tdrow3"><input type="text" name="email" value="'.CleanFormValue($user['email']).'" size="40" /></td> </tr>'; if($settings['顯示姓名']){ echo ' <tr> <td class="tdrow2">姓名:</td> <td class="tdrow3"><input type="text" name="userfullname" value="'.CleanFormValue($user['userfullname']).'" size="40" /></td> </tr>'; } if($settings['顯示單位']){ echo ' <tr> <td class="tdrow2">所屬單位:</td> <td class="tdrow3"><input type="text" name="usercompany" value="'.CleanFormValue($user['usercompany']).'" size="40" /></td> </tr>'; } if($settings['顯示地址']){ echo ' <tr> <td class="tdrow2">通訊地址:</td> <td class="tdrow3"><input type="text" name="useradd" value="'.CleanFormValue($user['useradd']).'" size="40" /></td> </tr>'; } if($settings['顯示郵編']){ echo ' <tr> <td class="tdrow2">郵編:</td> <td class="tdrow3"><input type="text" name="userpostcode" value="'.CleanFormValue($user['userpostcode']).'" size="40" /></td> </tr>'; } if($settings['顯示電話']){ echo ' <tr> <td class="tdrow2">電話:</td> <td class="tdrow3"><input type="text" name="usertel" value="'.CleanFormValue($user['usertel']).'" size="40" /></td> </tr>'; } if($settings['顯示傳真']){ echo ' <tr> <td class="tdrow2">傳真:</td> <td class="tdrow3"><input type="text" name="userfax" value="'.CleanFormValue($user['userfax']).'" size="40" /></td> </tr>'; } if($settings['顯示在線聯繫']){ echo ' <tr> <td class="tdrow2">在線聯繫:</td> <td class="tdrow3"><input type="text" name="useronline" value="'.CleanFormValue($user['useronline']).'" size="40" /></td> </tr>'; } if($settings['顯示網址']){ echo ' <tr> <td class="tdrow2">網址:</td> <td class="tdrow3"><input type="text" name="userwebsite" value="'.CleanFormValue($user['userwebsite']).'" size="40" /></td> </tr>'; } if($userid){ echo ' <tr> <td class="tdrow2">是否激活?</td> <td class="tdrow3"><input type="checkbox" ' . iif($user['username'] == $userinfo['username'], 'disabled') .' name="activated" ' . iif($user['activated'] == 1, 'checked="checked"', '') .' /></td> </tr> <tr> <td class="tdrow2">是否鎖定?</td> <td class="tdrow3"><input type="checkbox" ' . iif($user['username'] == $userinfo['username'], 'disabled') .' name="banned" ' . iif($user['banned'] == 1, 'checked="checked"', '') .' /></td> </tr>';} echo ' <tr> <td class="tdrow1" bgcolor="#FCFCFC" colspan="2" align="center"> <input type="submit" value="' . iif($userid, '保存更新', '提交保存') . '" /> </td> </tr> </table> </form>'; EndSection(); } // ############################### DISPLAY USERS ############################### if($action == 'displayusers') { $letter = isset($_GET['letter']) ? $_GET['letter'] : NULL; PrintSection('快速查找用戶'); echo '<table width="100%" border="0" cellpadding="5" cellspacing="0"> <tr> <td class="tdrow1" align="center"> <a href="users.php?action=displayusers">最新註冊</a> '; for($alphabet = 'a'; $alphabet != 'aa'; $alphabet++) { echo '<a href="users.php?action=displayusers&letter=' . $alphabet . '">' . strtoupper($alphabet) . '</a> '; } echo ' <a href="users.php?action=displayusers&letter=Banned">被鎖定</a> <a href="users.php?action=displayusers&letter=Validating">未激活</a> <a href="users.php?action=displayusers&letter=Neverlogin">未登陸</a> <a href="users.php?action=displayusers&letter=Other">中文名</a></td> </tr> </table>'; EndSection(); PrintSection('搜索用戶'); echo '<form method="post" action="./users.php?action=displayusers&letter=Search" name="searchusers"> <table width="100%" border="0" cellpadding="5" cellspacing="0"> <tr> <td class="tdrow1" align="center">用戶名: <input type="text" name="searchname" size="18"> Email地址: <input type="text" name="searchemail" size="18"> <input type="submit" value=" 搜索用戶 " /></td> </tr> </table></form>'; EndSection(); if(isset($letter) AND trim($letter) != '') { if($letter == 'Other') { $getusers = $DB->query("SELECT userid, usergroupid, username, email, banned, activated, joindate, lastactivity FROM " . TABLE_PREFIX . "users WHERE username NOT REGEXP(\"^[a-zA-Z]\") ORDER BY username"); $title = '使用中文用戶名的用戶'; } else if($letter == 'Banned') { $getusers = $DB->query("SELECT userid, usergroupid, username, email, banned, activated, joindate, lastactivity FROM " . TABLE_PREFIX . "users WHERE banned = 1 ORDER BY username"); $title = '被鎖定的用戶'; } else if($letter == 'Validating') { $getusers = $DB->query("SELECT userid, usergroupid, username, email, banned, activated, joindate, lastactivity FROM " . TABLE_PREFIX . "users WHERE activated = 0 ORDER BY username"); $title = '尚未激活的用戶'; } else if($letter == 'Search') { if (trim($_POST['searchname'])=='' AND trim($_POST['searchemail'])=='') { Errmsg('請輸入搜索關鍵字!'); } else { $getusers = $DB->query("SELECT userid, usergroupid, username, email, banned, activated, joindate, lastactivity FROM " . TABLE_PREFIX . "users WHERE LOWER(username) LIKE '%".trim($_POST['searchname'])."%' AND LOWER(email) LIKE '%".trim($_POST['searchemail'])."%' ORDER BY username"); $title = '搜索到的用戶'; } } else if(trim($letter) == 'Neverlogin') { $getusers = $DB->query("SELECT userid, usergroupid, username, email, banned, activated, joindate, lastactivity FROM " . TABLE_PREFIX . "users WHERE lastactivity = 0 ORDER BY username"); $title = '從未登陸的用戶'; } else { $getusers = $DB->query("SELECT userid, usergroupid, username, email, banned, activated, joindate, lastactivity FROM " . TABLE_PREFIX . "users WHERE LOWER(username) LIKE '".$letter."%' ORDER BY username"); $title = strtoupper($letter) . ' 字母開頭的用戶'; } PrintSection($title); } else { PrintSection('最新註冊的用戶'); $getusers = $DB->query("SELECT userid, usergroupid, username, email, banned, activated, joindate, lastactivity FROM " . TABLE_PREFIX . "users ORDER BY userid DESC LIMIT 0, 20"); } echo '<form method="post" action="./users.php" name="deleteusers"> <input type="hidden" name="action" value="deleteusers" />'; if(isset($letter)) echo '<input type="hidden" name="letter" value="' . $letter . '" />'; echo '<table width="100%" border="0" cellpadding="5" cellspacing="0"> <tr> <td class="tdrow1">用戶名</td> <td class="tdrow1">群組ID</td> <td class="tdrow1">Email地址</td> <td class="tdrow1">狀態</td> <td class="tdrow1">註冊日期</td> <td class="tdrow1">最後登陸</td> <td class="tdrow1" width="75"><input type="checkbox" checkall="group" onclick="javascript: return select_deselectAll (\'deleteusers\', this, \'group\');"> 刪除</td> </tr>'; while($user = $DB->fetch_array($getusers)) { if(strlen($user['username']) == 0) $user['username'] = '<i>暫無任何用戶!</i>'; echo '<tr> <td class="tdrow2"><a href="users.php?action=displayuserform&userid='.$user['userid'].'&letter=' . $letter.'"><b>' . $user['username']. '</a></td> <td class="tdrow3">' . $user['usergroupid'] . '</td> <td class="tdrow2">' . $user['email'] . '</td> <td class="tdrow2">'; if($user['banned'] == "1") { echo "<div style=\"color:red\"><b>被鎖定</b></div>"; } else if($user['activated'] == "0") { echo "<div style=\"color:blue\"><b>未激活</b></div>"; } else { echo "<div style=\"color:green\"><b>已激活</b></div>"; } echo ' </td> <td class="tdrow3">' . @gmdate("Y-m-d", $user['joindate']) . '</td> <td class="tdrow3">'; if($user['lastactivity'] == 0) { echo "<div style=\"color:#FF9900\">從未登陸</div>"; } else { echo @gmdate("Y-m-d", $user['lastactivity']); } echo '</td> <td class="tdrow2"><input type="checkbox" name="deleteuserids[]" value="' . $user['userid'] . '" checkme="group" /></td> </tr>'; } echo '<tr> <td class="tdrow1" colspan="7" align="center"><input type="submit" value="刪除用戶" /></td> </tr> </table> </form>'; EndSection(); } // ############################### PRINT FOOTER ################################ PrintFooter(); ?>