www.gusucode.com > RQCMS PHP文章管理系统 v2.3PHP源码程序 > RQCMS PHP文章管理系统 v2.3/rqcms_v2.3/rqcms_v2.3/core/manager/user.php
<?php
if(empty($action)) $action = 'list';
$groupdb=array(4=>'创始人',3=>'管理员',2=>'编辑',1=>'注册会员',0=>'游客');
$readonly='';
if(RQ_POST)
{
// //添加用户
if($action == 'adduser'||$action == 'moduser')
{
$username = trim($_POST['username']);
$newpassword = trim($_POST['newpassword']);
$comfirpassword = trim($_POST['comfirpassword']);
$url = trim($_POST['url']);
$showgid = intval($_POST['groupid']);
$userid=isset($_POST['userid'])?intval($_POST['userid']):'';
$email =$_POST['email'];
$qq=$_POST['qq'];
$msn=$_POST['msn'];
if (!$username || strlen($username) > 20) {
redirect('登陆名不能为空并且不能超过20个字符');
}
$name_key = array("\\",'&',' ',"'",'"','/','*',',','<','>',"\r","\t","\n",'#','$','(',')','%','@','+','?',';','^');
foreach($name_key as $value){
if (strpos($username,$value) !== false){
redirect('用户名包含敏感字符');
}
}
if ($newpassword != $comfirpassword) {
redirect('请确认输入的密码一致');
}
if($action == 'moduser'&&!empty($newpassword)){
if (strpos($newpassword,"\n") !== false || strpos($newpassword,"\r") !== false || strpos($newpassword,"\t") !== false) {
redirect('密码包含不可接受字符.');
}
}
$url = char_cv($url);
$sqladd=$action == 'moduser'?' and `uid`!='.$userid:'';
if ($url)
{
if (!preg_match("#^(http|news|https|ftp|ed2k|rtsp|mms)://#", $url)) {
redirect('网站URL错误');
}
$key = array("\\",' ',"'",'"','*',',','<','>',"\r","\t","\n",'(',')','+',';');
foreach($key as $value){
if (strpos($url,$value) !== false){
redirect('网站URL错误');
}
}
}
if ($email)
{
$r = $DB->fetch_first("SELECT uid FROM ".DB_PREFIX."user WHERE email='$email' $sqladd");
if($r['uid']) {
redirect('该E-mail已被注册');
}
}
if($msn)
{
$r = $DB->fetch_first("SELECT uid FROM ".DB_PREFIX."user WHERE msn='$msn' $sqladd");
if($r['uid']) {
redirect('该Msn已被注册');
}
}
if($qq)
{
$r = $DB->fetch_first("SELECT uid FROM ".DB_PREFIX."user WHERE qq='$qq' $sqladd");
if($r['uid']) {
redirect('该QQ已被注册');
}
}
if($action == 'adduser')
{
if($showgid>=$groupid) redirect('不能添加比自己权限高或相等的用户');
$newpassword = md5($newpassword);
$query = $DB->query("SELECT uid FROM ".DB_PREFIX."user WHERE username='$username'");
if($DB->num_rows($query)) redirect('该用户名已被注册');
$DB->query("INSERT INTO ".DB_PREFIX."user (username, password, url, regdateline, regip, groupid) VALUES ('$username', '$newpassword', '$url', '$timestamp', '$onlineip', '$showgid')");
redirect('添加新用户成功', $admin_url.'?file=user&action=list');
}
else if($action == 'moduser')
{
$sql='update '.DB_PREFIX."user set `qq`='$qq',`msn`='$msn',`url`='$url',`email`='$email',`username`='$username'";
if(!empty($newpassword)) $sql.=",`password`='".md5($newpassword)."'";
$sql.="where uid='$userid'";
if($groupid!=4) $sql.="";
$DB->query($sql);
redirect('用户编辑成功', $admin_url.'?file=user&action=mod&userid='.$userid);
}
}
if($action=='del'||$action=='delusers')
{
$sqladd=$groupid!=4?"":'';
if(empty($_POST['user'])) redirect('请先选择要删除的用户',$admin_url.'?file=user');
$deluids=implode_ids($_POST['user']);
$query = $DB->query("SELECT * FROM ".DB_PREFIX."user where uid in (".$deluids.")$sqladd");
$userdb=array();
$delusername='';
while ($user = $DB->fetch_array($query))
{
if($user['groupid']>=$groupid) redirect('您无权编辑比自己权限大或同等权限的用户',$admin_url.'?file=user');
$userdb[]=$user;
$delusername.=$user['username'].',';
}
if($action=='delusers')
{
//删除用户
$DB->query("Delete FROM ".DB_PREFIX."user where `uid` in (".$deluids.")$sqladd");
//删除文章和附件
$aids=array();
if ($_POST['deluserarticle'])
{
include RQ_CORE.'/include/attachment.php';
$query = $DB->query("SELECT aid FROM `".DB_PREFIX."article` WHERE `userid` IN ($deluids)");
while ($article = $DB->fetch_array($query)) {
$aids[]=$article['aid'];
}//end while
$delaids=implode_ids($aids);
if(count($aids)>0){
//删除文章
$DB->query("Delete FROM ".DB_PREFIX."article where `aid` in (".$delaids.")$sqladd");
//删除tag
$DB->query("Delete FROM ".DB_PREFIX."tag where `articleid` in (".$delaids.")$sqladd");
//删除附件文件
$delatt=array();
$query= $DB->query("SELECT filepath,thumb_filepath FROM ".DB_PREFIX."attachment WHERE articleid IN ($delaids)$sqladd");
removeattachment($query);
$DB->query("Delete FROM ".DB_PREFIX."attachment WHERE articleid IN ($delaids)$sqladd");
}
}
redirect('删除用户'.trim($delusername,',').'成功',$admin_url.'?file=user');
}
}
}
else
{
$showgid = isset($_GET['groupid'])?$_GET['groupid']:'';
$groupselect[1]=$groupselect[2]=$groupselect[3]=$groupselect[4]='';
if ($action == 'add')
{
$info['username']=$info['uid']=$info['url']=$info['qq']=$info['email']=$info['msn']='';
$nav='添加用户';
$showgid=1;
$do = 'adduser';
$groupselect[1] = 'selected';
}
elseif($action=='mod')
{
$nav='编辑用户';
$userid = intval($_GET['userid']);
$do = 'moduser';
$info = $DB->fetch_first("SELECT * FROM ".DB_PREFIX."user WHERE uid='$userid'");
if($info['groupid']>=$groupid&&$info['username']!=$username) redirect('您无权编辑比自己权限大或同等权限的用户',$admin_url.'?file=user');
$groupselect[$info['groupid']] = 'selected';
$showgid=$info['groupid'];
$readonly='readonly=“true"';
}
elseif($action == 'list')
{
if($page) {
$start_limit = ($page - 1) * 30;
} else {
$start_limit = 0;
$page = 1;
}
$sqladd = " WHERE 1 ";
$pagelink = '';
//察看是否发表过评论
$lastpost = (!isset($_GET['lastpost']))?'':$_GET['lastpost'] ;
if ($lastpost == 'already') {
$sqladd .= " AND lastpost <> '0'";
$pagelink .= '&lastpost=already';
$subnav = '发表过评论的用户';
}
elseif ($lastpost == 'never') {
$sqladd .= " AND lastpost='0'";
$pagelink .= '&lastpost=never';
$subnav = '从未发表过评论的用户';
}
//察看用户组
if ($showgid && in_array($showgid,array_flip($groupdb))) {
$sqladd .= " AND groupid='$showgid'";
$pagelink .= '&groupid='.$showgid;
$subnav = $groupdb[$showgid].'的用户';
}
//察看IP段
$ip =isset($_GET['ip'])? char_cv($_GET['ip']):'';
if ($ip)
{
$frontlen = strrpos($ip, '.');
$ipc = substr($ip, 0, $frontlen);
$sqladd .= " AND (loginip LIKE '%".$ipc."%')";
$pagelink .= '&ip='.$ip;
$subnav = '上次登陆IP为['.$ip.']同一C段的相关用户';
}
//搜索用户
$srhname =isset($_GET['srhname'])?( char_cv($_GET['srhname'] ? $_GET['srhname'] : $_POST['srhname'])):'';
if ($srhname) {
$sqladd .= " AND (BINARY username LIKE '%".str_replace('_', '\_', $srhname)."%' OR username='$srhname')";
$pagelink .= '&srhname='.$srhname;
}
//排序
$order =isset($_GET['order'])? $_GET['order']:'';
if ($order && in_array($order,array('username','logincount','regdateline'))) {
$orderby = $order;
$orderdb = array('username'=>'用户名','logincount'=>'登陆次数','regdateline'=>'注册时间');
$subnav = '以'.$orderdb[$order].'降序察看全部用户';
$pagelink .= '&order='.$order;
} else {
$orderby = 'uid';
}
$total = $DB->num_rows($DB->query("SELECT uid FROM ".DB_PREFIX."user ".$sqladd));
$multipage = multi($total, 30, $page, $admin_url.'?file=user&action=list'.$pagelink);
$query = $DB->query("SELECT * FROM ".DB_PREFIX."user $sqladd ORDER BY $orderby DESC LIMIT $start_limit, 30");
$userdb = array();
while ($user = $DB->fetch_array($query))
{
$user['lastpost'] = $user['lastpost'] ? date('Y-m-d H:i',$user['lastpost']) : '从未发表';
$user['regdateline'] = date('Y-m-d',$user['regdateline']);
$user['url'] = $user['url'] ? '<a href="'.$user['url'].'" target="_blank">'.$user['url'].'</a>': '<font color="#FF0000">Null</font>';
$user['email']=$user['email']? '<a href="mailto:'.$user['email'].'" target="_blank">'.$user['email'].'</a>' : '<font color="#FF0000">Null</font>';
$user['logintime'] = $user['logintime'] ? date('Y-m-d H:i',$user['logintime']) : '从未登陆';
$user['loginip'] = $user['loginip'] ? $user['loginip'] : '从未登陆';
$user['group'] = $groupdb[$user['groupid']];
$user['disabled'] = $user['groupid'] >= $groupid ? 'disabled' : '';
$userdb[] = $user;
}
unset($user);
$DB->free_result($query);
} //end list
}