www.gusucode.com > 74cms PHP骑士人才系统 v3.5.1源码程序 > code/upload/admin/admin_users.php
<?php
/*
* 74cms 管理员账户
* ============================================================================
* 版权所有: 骑士网络,并保留所有权利。
* 网站地址: http://www.74cms.com;
* ----------------------------------------------------------------------------
* 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和
* 使用;不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
*/
define('IN_QISHI', true);
require_once(dirname(__FILE__).'/../data/config.php');
require_once(dirname(__FILE__).'/include/admin_common.inc.php');
require_once(ADMIN_ROOT_PATH.'include/admin_users_fun.php');
$act = !empty($_REQUEST['act']) ? trim($_REQUEST['act']) : 'list';
$smarty->assign('pageheader',"网站管理员");
if($act == 'list')
{
get_token();
require_once(QISHI_ROOT_PATH.'include/page.class.php');
if ($_SESSION['admin_purview']<>"all")
{
$wheresql=" WHERE admin_name='".$_SESSION['admin_name']."'";
}
$total_sql="SELECT COUNT(*) AS num FROM ".table('admin').$wheresql;
$total_val=$db->get_total($total_sql);
$page = new page(array('total'=>$total_val, 'perpage'=>$perpage));
$currenpage=$page->nowindex;
$offset=($currenpage-1)*$perpage;
$list = get_admin_list($offset,$perpage,$wheresql);
$smarty->assign('list',$list);
$smarty->assign('admin_purview',$_SESSION['admin_purview']);
$smarty->assign('page',$page->show(3));
$smarty->assign('navlabel','list');
$smarty->display('users/admin_users_list.htm');
}
elseif($act == 'add_users')
{
get_token();
if ($_SESSION['admin_purview']<>"all")adminmsg("权限不足!",1);
$smarty->assign('navlabel','add');
$smarty->display('users/admin_users_add.htm');
}
elseif($act == 'add_users_save')
{
check_token();
if ($_SESSION['admin_purview']<>"all")adminmsg("权限不足!",1);
$setsqlarr['admin_name']=trim($_POST['admin_name'])?trim($_POST['admin_name']):adminmsg('请填写用户名!',1);
if (get_admin_one($setsqlarr['admin_name']))adminmsg('用户名已经存在!',1);
$setsqlarr['email']=trim($_POST['email'])?trim($_POST['email']):adminmsg('请填写email!',1);
if (!preg_match("/^[\w\-\.]+@[\w\-\.]+(\.\w+)+$/",$setsqlarr['email']))adminmsg('email格式错误!',1);
$password=trim($_POST['password'])?trim($_POST['password']):adminmsg('请填写密码',1);
if (strlen($password)<6)adminmsg('密码不能少于6位!',1);
if ($password<>trim($_POST['password1']))adminmsg('两次输入的密码不相同!',1);
$setsqlarr['rank']=trim($_POST['rank'])?trim($_POST['rank']):adminmsg('请填写头衔',1);
$setsqlarr['add_time']=time();
$setsqlarr['last_login_time']=0;
$setsqlarr['last_login_ip']="从未";
$setsqlarr['pwd_hash']=randstr();
$setsqlarr['pwd']=md5($password.$setsqlarr['pwd_hash'].$QS_pwdhash);
if (inserttable(table('admin'),$setsqlarr))
{
$link[0]['text'] = "返回列表";
$link[0]['href'] ="?act=";
adminmsg('添加成功!',2,$link);
}
else
{
adminmsg('添加失败',1);
}
}
elseif($act == 'del_users')
{
check_token();
$id=$_REQUEST['id'];
if ($num=del_users($id,$_SESSION['admin_purview']))
{
adminmsg("删除成功!共删除".$num."行",2);
}
else
{
adminmsg("删除失败!",0);
}
}
elseif($act == 'edit_users')
{
get_token();
$id=intval($_GET['id']);
$account=get_admin_account($id);
if ($account['admin_name']==$_SESSION['admin_name'] || $_SESSION['admin_purview']=="all")
{
$smarty->assign('account',$account);
$smarty->assign('admin_purview',$_SESSION['admin_purview']);
$smarty->display('users/admin_users_edit.htm');
}
else
{
adminmsg("参数错误!",1);
}
}
elseif($act == 'edit_users_pwd')
{
get_token();
$id=intval($_GET['id']);
$account=get_admin_account($id);
if ($account['admin_name']==$_SESSION['admin_name'] || $_SESSION['admin_purview']=="all")
{
$smarty->assign('account',$account);
$smarty->assign('admin_purview',$_SESSION['admin_purview']);
$smarty->display('users/admin_users_edit_pwd.htm');
}
else
{
adminmsg("参数错误!",1);
}
}
elseif($act == 'edit_users_info_save' && $_SESSION['admin_purview']=="all")//超级管理员才可以修改资料
{
check_token();
$id=intval($_POST['id']);
$account=get_admin_account($id);
if ($account['purview']=="all")adminmsg("参数错误!",1);//超级管理员的资料不能修改
$setsqlarr['admin_name']=trim($_POST['admin_name'])?trim($_POST['admin_name']):adminmsg('用户名不能为空!',1);
$setsqlarr['email']=trim($_POST['email'])?trim($_POST['email']):adminmsg('email不能为空!',1);
$setsqlarr['rank']=trim($_POST['rank'])?trim($_POST['rank']):adminmsg('头衔不能为空!',1);
$sql = "select * from ".table('admin')." where admin_name = '".$$setsqlarr['admin_name']."' AND admin_id<>".$id;
$ck_info=$db->getone($sql);
if (!empty($ck_info))adminmsg("用户名有重复!",1);
if (updatetable(table('admin'),$setsqlarr,' admin_id='.$id))
{
adminmsg("修改成功!",2);
}
else
{
adminmsg("修改失败!",0);
}
}
elseif($act == 'edit_users_pwd_save')
{
check_token();
$id=intval($_POST['id']);
$account=get_admin_account($id);
if ($account['purview']=="all" && $_SESSION['admin_purview']=="all")
{
if (strlen($_POST['password'])<6)adminmsg("密码长度不能小于6位!",1);
if ($_POST['password']<>$_POST['password1'])adminmsg("两次输入的密码不同!",1);
$md5_pwd=md5($_POST['old_password'].$account['pwd_hash'].$QS_pwdhash);
if ($md5_pwd<>$account['pwd'])adminmsg("旧密码输入错误!",1);
$setsqlarr['pwd']=md5($_POST['password'].$account['pwd_hash'].$QS_pwdhash);
if (updatetable(table('admin'),$setsqlarr,' admin_id='.$id))
{
adminmsg("修改成功!",2);
}
else
{
adminmsg("修改失败!",0);
}
}
else
{
if ($_SESSION['admin_purview']=="all")
{
if (strlen($_POST['password'])<6)adminmsg("密码长度不能小于6位!",1);
$setsqlarr['pwd']=md5($_POST['password'].$account['pwd_hash'].$QS_pwdhash);
if (!updatetable(table('admin'),$setsqlarr,' admin_id='.$id)) adminmsg("修改失败!",0);
}
else
{
if (strlen($_POST['password'])<6)adminmsg("密码长度不能小于6位!",1);
if ($_POST['password']<>$_POST['password1'])adminmsg("两次输入的密码不同!",1);
$md5_pwd=md5($_POST['old_password'].$account['pwd_hash'].$QS_pwdhash);
if ($md5_pwd<>$account['pwd'])adminmsg("旧密码输入错误!",1);
$setsqlarr['pwd']=md5($_POST['password'].$account['pwd_hash'].$QS_pwdhash);
if (!updatetable(table('admin'),$setsqlarr,' admin_id='.$id)) adminmsg("修改失败!",0);
}
adminmsg("修改成功!",2);
}
}
elseif($act == 'loglist')
{
get_token();
$adminname=trim($_GET['adminname']);
require_once(QISHI_ROOT_PATH.'include/page.class.php');
if ($_SESSION['admin_purview']=="all")//超级管理员可以查看任何管理员的日志
{
$wheresql="";
}
else
{
$wheresql=" WHERE admin_name='".$_SESSION['admin_name']."'";
}
if (!empty($_GET['log_type']))
{
$wheresql=empty($wheresql)?" WHERE log_type= ".intval($_GET['log_type']):$wheresql." AND log_type=".intval($_GET['log_type']);
}
$total_sql="SELECT COUNT(*) AS num FROM ".table('admin_log').$wheresql;
$total_val=$db->get_total($total_sql);
$page = new page(array('total'=>$total_val, 'perpage'=>$perpage));
$currenpage=$page->nowindex;
$offset=($currenpage-1)*$perpage;
$list = get_admin_log($offset,$perpage,$wheresql);
$smarty->assign('pageheader',"登录日志");
$smarty->assign('list',$list);//列表
$smarty->assign('perpage',$perpage);//每页显示数量POST
if ($total_val>$perpage)
{
$smarty->assign('page',$page->show(3));//分页符
}
$smarty->display('users/admin_users_log.htm');
}
elseif($act == 'users_set')
{
get_token();
$id=intval($_GET['id']);
$account=get_admin_account($id);
$smarty->assign('account',$account);
$smarty->assign('admin_purview',$_SESSION['admin_purview']);
$smarty->assign('admin_set',explode(',',$account['purview']));
$smarty->display('users/admin_users_set.htm');
}
elseif($act == 'users_set_save')
{
check_token();
$id=intval($_POST['id']);
if ($_SESSION['admin_purview']<>"all")adminmsg("权限不足!",1);
$setsqlarr['purview']=$_POST['purview'];
$setsqlarr['purview']=implode(',',$setsqlarr['purview']);
if (updatetable(table('admin'),$setsqlarr,' admin_id='.$id))
{
adminmsg("设置成功!",2);
}
else
{
adminmsg("设置失败!",0);
}
}
?>