www.gusucode.com > Destoon B2B仿淘宝电子商务网站 UTF8 v6.0源码程序 > destoon/admin/admin.class.php
<?php /* [Destoon B2B System] Copyright (c) 2008-2015 www.destoon.com This is NOT a freeware, use is subject to license.txt */ defined('DT_ADMIN') or exit('Access Denied'); class admin { var $userid; var $username; var $founderid; var $db; var $pre; var $errmsg = errmsg; function admin() { global $db, $admin, $CFG; $this->founderid = $CFG['founderid']; $this->db = &$db; $this->pre = $this->db->pre; } function is_member($username) { return $this->db->get_one("SELECT userid FROM {$this->pre}member WHERE username='$username'"); } function count_admin() { $r = $this->db->get_one("SELECT COUNT(*) AS num FROM {$this->pre}member WHERE groupid=1 AND admin=1 "); return $r['num']; } function set_admin($username, $admin, $role, $aid) { $username = trim($username); $r = $this->is_member($username); if(!$r) return $this->_('会员不存在'); $userid = $r['userid']; if($this->founderid == $userid) { $admin = 1; $aid = 0; } if($admin == 1) $aid = 0; $this->db->query("UPDATE {$this->pre}member SET groupid=1,admin=$admin,role='$role',aid=$aid WHERE userid=$userid"); $this->db->query("UPDATE {$this->pre}company SET groupid=1 WHERE userid=$userid"); return true; } function move_admin($username) { $r = $this->get_one($username); if($r && $r['admin'] > 0) { if($r['userid'] == $this->founderid) return $this->_('创始人不可改变级别'); if($r['admin'] == 1 && $this->count_admin() < 2) return $this->_('系统最少需要保留一位超级管理员'); $admin = $r['admin'] == 1 ? 2 : 1; $this->db->query("UPDATE {$this->pre}member SET admin=$admin WHERE username='$username'"); return true; } else { return $this->_('管理员不存在'); } } function delete_admin($username) { $r = $this->get_one($username); if($r) { if($r['userid'] == $this->founderid) return $this->_('创始人不可删除'); if($r['admin'] == 1 && $this->count_admin() < 2) return $this->_('系统最少需要保留一位超级管理员'); $userid = $r['userid']; $groupid = $r['regid'] ? $r['regid'] : 6; $this->db->query("UPDATE {$this->pre}member SET groupid=$groupid,admin=0,role='',aid=0 WHERE userid=$userid"); $this->db->query("UPDATE {$this->pre}company SET groupid=$groupid WHERE userid=$userid"); $this->db->query("DELETE FROM {$this->pre}admin WHERE userid=$userid"); cache_delete('menu-'.$userid.'.php'); cache_delete('right-'.$userid.'.php'); return true; } else { return $this->_('会员不存在'); } } function get_one($user, $type = 1) { $fields = $type ? 'username' : 'userid'; return $this->db->get_one("SELECT * FROM {$this->pre}member WHERE `$fields`='$user'"); } function get_list($condition) { global $pages, $page, $pagesize, $offset, $pagesize, $CFG, $sum; if($page > 1 && $sum) { $items = $sum; } else { $r = $this->db->get_one("SELECT COUNT(*) AS num FROM {$this->pre}member WHERE $condition"); $items = $r['num']; } $pages = pages($items, $page, $pagesize); $admins = array(); $result = $this->db->query("SELECT * FROM {$this->pre}member WHERE $condition ORDER BY admin ASC,userid ASC LIMIT $offset,$pagesize"); while($r = $this->db->fetch_array($result)) { $r['logintime'] = timetodate($r['logintime'], 5); $r['adminname'] = $r['admin'] == 1 ? ($CFG['founderid'] == $r['userid'] ? '<span class="f_red">网站创始人</span>' : '<span class="f_blue">超级管理员</span>') : '普通管理员'; $admins[] = $r; } return $admins; } function get_right($userid) { global $MODULE; $rights = array(); $result = $this->db->query("SELECT * FROM {$this->pre}admin WHERE userid=$userid AND url='' ORDER BY moduleid DESC,file DESC,adminid DESC "); while($r = $this->db->fetch_array($result)) { @include DT_ROOT.'/'.($r['moduleid'] == 1 ? 'admin' : 'module/'.$MODULE[$r['moduleid']]['module'].'/admin').'/config.inc.php'; $r['name'] = isset($RT['file'][$r['file']]) ? '('.$RT['file'][$r['file']].')' : ''; $r['module'] = '('.$MODULE[$r['moduleid']]['name'].')'; $rights[] = $r; } return $rights; } function get_menu($userid) { $menus = array(); $result = $this->db->query("SELECT * FROM {$this->pre}admin WHERE userid=$userid AND url!='' ORDER BY listorder ASC,adminid ASC "); while($r = $this->db->fetch_array($result)) { $menus[] = $r; } return $menus; } function update($userid, $right, $admin) { if(isset($right[-1])) { $this->add($userid, $right[-1], $admin); unset($right[-1]); $type = 1;//right } else { $type = 0;//menu } $this->add($userid, $right[0], $admin); unset($right[0]); foreach($right as $k=>$v) { if(isset($v['delete'])) { $this->delete($k); unset($right[$k]); } } $this->edit($right, $type); if($admin == 1) $this->db->query("DELETE FROM {$this->pre}admin WHERE userid=$userid AND url=''"); $this->cache_right($userid); $this->cache_menu($userid); return true; } function add($userid, $right, $admin) { if(isset($right['url'])) { if(!$right['title'] || !$right['url']) return false; $r = $this->db->get_one("SELECT * FROM {$this->pre}admin WHERE userid=$userid AND url='".$right['url']."'"); if($r) return false; if($admin == 2 && defined('MANAGE_ADMIN')) { $r = $this->url_right($right['url']); if($r) $this->add($userid, $r, $admin); } } else { $right['moduleid'] = intval($right['moduleid']); if(!$right['moduleid']) return false; $_right = $this->get_right($userid); foreach($_right as $v) {//module admin if($v['file'] == '' && $v['moduleid'] == $right['moduleid']) return false; } if($right['file']) {//file exists foreach($_right as $v) { if($v['file'] == $right['file'] && $v['moduleid'] == $right['moduleid']) return false; } } else { unset($right['action'], $right['catid']); } } $right['userid'] = $userid; $sql1 = $sql2 = ''; foreach($right as $k=>$v) { $sql1 .= ','.$k; $sql2 .= ",'$v'"; } $sql1 = substr($sql1, 1); $sql2 = substr($sql2, 1); $this->db->query("INSERT INTO {$this->pre}admin ($sql1) VALUES($sql2)"); } function edit($right, $type = 0) { if($type) { //when module admin, have all rights $moduleids = $adminids = array(); foreach($right as $k=>$v) { if(!$v['file']) { $moduleids[] = $v['moduleid']; $adminids[$v['moduleid']] = $k; $right[$k]['action'] = $right[$k]['catid'] = ''; } } if($moduleids) { foreach($right as $k=>$v) { if(in_array($v['moduleid'], $moduleids) && !in_array($k, $adminids)) { unset($right[$k]); $this->delete($k); } } } } foreach($right as $key=>$value) { if(isset($value['title'])) { if(!$value['title'] || !$value['url']) continue; } else { $value['moduleid'] = intval($value['moduleid']); if(!$value['moduleid']) continue; } $sql = ''; foreach($value as $k=>$v) { $sql .= ",$k='$v'"; } $sql = substr($sql, 1); $this->db->query("UPDATE {$this->pre}admin SET $sql WHERE adminid='$key'"); } } function url_right($url) { if(substr($url, 0, 1) == '?') $url = substr($url, 1); $arr = array(); parse_str($url); $arr['moduleid'] = isset($moduleid) ? $moduleid : 1; $arr['file'] = isset($file) ? $file : 'index'; $arr['action'] = isset($action) ? $action : ''; return $arr; } function cache_right($userid) { $rights = $this->get_right($userid); $right = $moduleids = array(); foreach($rights as $v) {//get moduleids isset($moduleids[$v['moduleid']]) or $moduleids[$v['moduleid']] = $v['moduleid']; } foreach($moduleids as $m) {//get rights foreach($rights as $r) { if($r['moduleid'] == $m) { $r['file'] = $r['file'] ? $r['file'] : 'NA'; $right[$m][$r['file']]['action'] = $r['action'] ? explode('|', $r['action']) : ''; $right[$m][$r['file']]['catid'] = $r['catid'] ? explode('|', $r['catid']) : ''; } } } foreach($right as $k=>$v) { if(isset($v['NA'])) $right[$k] = ''; } foreach($right as $k=>$v) { if($v) { foreach($v as $i=>$j) { if(!$j['action'] && !$j['catid']) $right[$k][$i] = ''; } } } cache_write('right-'.$userid.'.php', $right); } function cache_menu($userid) { $menus = $this->get_menu($userid); $menu = $r = array(); foreach($menus as $k=>$v) { $r['title'] = $v['title']; $r['style'] = $v['style']; $r['url'] = $v['url']; $menu[] = $r; } cache_write('menu-'.$userid.'.php', $menu); } function delete($adminid) { $this->db->query("DELETE FROM {$this->pre}admin WHERE adminid=$adminid"); } function _($e) { $this->errmsg = $e; return false; } } ?>