wayne/bnbweb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bnb
bnbweb/back/privilege.php
Wayne Hsu 0120f057a6 init
2022-11-14 23:49:28 +08:00

807 lines
27 KiB
PHP
Executable File
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
define('IN_ECS', true);
require(dirname(__FILE__) . '/includes/init.php');
/* act操作项的初始化 */
if (empty($_REQUEST['act']))
{
$_REQUEST['act'] = 'login';
}
else
{
$_REQUEST['act'] = trim($_REQUEST['act']);
}
/* 初始化 $exc 对象 */
$exc = new exchange($ecs->table("agent_user"), $db, 'user_id', 'user_name');
/*------------------------------------------------------ */
//-- 退出登录
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'logout')
{
/* 清除cookie */
setcookie('ECSCP[agent_id]', '', 1);
setcookie('ECSCP[agent_pass]', '', 1);
// $sess->destroy_session();
if(isset($_SESSION['user_id'])){ unset($_SESSION['user']); }
if(isset($_SESSION['user_name'])){ unset($_SESSION['user_name']); }
$_REQUEST['act'] = 'login';
}
/*------------------------------------------------------ */
//-- 登陆界面
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'login')
{
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
if ((intval($_CFG['captcha']) & CAPTCHA_ADMIN) && gd_version() > 0)
{
$smarty->assign('gd_version', gd_version());
$smarty->assign('random', mt_rand());
}
$smarty->display('login.htm');
}
/*------------------------------------------------------ */
//-- 验证登陆信息
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'signin')
{
if (!empty($_SESSION['captcha_word']) && (intval($_CFG['captcha']) & CAPTCHA_ADMIN))
{
include_once(ROOT_PATH . 'includes/cls_captcha.php');
/* 检查验证码是否正确 */
$validator = new captcha();
if (!empty($_POST['captcha']) && !$validator->check_word($_POST['captcha']))
{
sys_msg($_LANG['captcha_error'], 1);
}
}
$_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : '';
$_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : '';
$sql="SELECT `ec_salt` FROM ". $ecs->table('users') ." WHERE user_name = '" . $_POST['username']."'";
$ec_salt =$db->getOne($sql);
if(!empty($ec_salt))
{
/* 检查密码是否正确 */
$sql = "SELECT * ".
" FROM " . $ecs->table('users') .
" WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5(md5($_POST['password']).$ec_salt) . "'";
}
else
{
/* 检查密码是否正确 */
$sql = "SELECT * ".
" FROM " . $ecs->table('users') .
" WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5($_POST['password']) . "' ";
}
$row = $db->getRow($sql);
if ($row)
{
$_SESSION['user_id'] = $row['user_id'];//管理员id
$_SESSION['user_name'] = $row['user_name'];//管理员名稱
$_SESSION['name'] = $row['name'];//管理员名稱
// 更新最后登录时间和IP
$sql="UPDATE " .$ecs->table('users').
" SET last_login='" . gmtime() . "', last_ip='" . real_ip() . "'".
" WHERE user_id='$_SESSION[user_id]'";
$db->query($sql);
// if (isset($_POST['remember']))
// {
// $time = gmtime() + 3600 * 24 * 365;
// setcookie('ECSCP[agent_id]', $row['user_id'], $time);
// setcookie('ECSCP[agent_pass]', md5($new_possword . $_CFG['hash_code']), $time);
// }
// 清除购物车中过期的数据
//clear_cart();
ecs_header("Location: ./index.php\n");
exit;
}
else
{
sys_msg($_LANG['login_faild'], 1);
}
}
/*------------------------------------------------------ */
//-- 验证登陆信息
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'rsignin')
{
// $_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : '';
// $_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : '';
$uid=$_GET['uid'];
$sql="SELECT * FROM ". $ecs->table('users') ." WHERE user_id = '" . $uid."'";
$row =$db->getRow($sql);
if ($row)
{
$_SESSION['user_id'] = $row['user_id'];//管理员id
$_SESSION['user_name'] = $row['user_name'];//管理员名稱
$_SESSION['name'] = $row['name'];//管理员名稱
// 更新最后登录时间和IP
$sql="UPDATE " .$ecs->table('users').
" SET last_login='" . gmtime() . "', last_ip='" . real_ip() . "'".
" WHERE user_id='$_SESSION[user_id]'";
$db->query($sql);
// if (isset($_POST['remember']))
// {
// $time = gmtime() + 3600 * 24 * 365;
// setcookie('ECSCP[agent_id]', $row['user_id'], $time);
// setcookie('ECSCP[agent_pass]', md5($new_possword . $_CFG['hash_code']), $time);
// }
// 清除购物车中过期的数据
//clear_cart();
ecs_header("Location: ./index.php\n");
exit;
}
else
{
sys_msg($_LANG['login_faild'], 1);
}
}
/*------------------------------------------------------ */
//-- 管理员列表页面
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'list')
{
admin_priv('priv_list');
/* 模板赋值 */
$smarty->assign('ur_here', $_LANG['admin_list']);
$smarty->assign('action_link', array('href'=>'privilege.php?act=add', 'text' => $_LANG['admin_add']));
$smarty->assign('full_page', 1);
$smarty->assign('admin_list', get_admin_userlist());
/* 显示页面 */
assign_menu_info();
assign_query_info();
$smarty->display('privilege_list.htm');
}
/*------------------------------------------------------ */
//-- 查询
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'query')
{
$smarty->assign('admin_list', get_admin_userlist());
make_json_result($smarty->fetch('privilege_list.htm'));
}
/*------------------------------------------------------ */
//-- 添加管理员页面
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'add')
{
/* 检查权限 */
admin_priv('priv_list');
/* 模板赋值 */
$smarty->assign('ur_here', $_LANG['admin_add']);
$smarty->assign('action_link', array('href'=>'privilege.php?act=list', 'text' => $_LANG['admin_list']));
$smarty->assign('form_act', 'insert');
$smarty->assign('action', 'add');
$smarty->assign('select_role', get_role_list());
/* 显示页面 */
assign_menu_info();
assign_query_info();
$smarty->display('privilege_info.htm');
}
/*------------------------------------------------------ */
//-- 添加管理员的处理
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'insert')
{
admin_priv('priv_list');
if($_POST['token']!=$_CFG['token'])
{
sys_msg('add_error', 1);
}
/* 判断管理员是否已经存在 */
if (!empty($_POST['user_name']))
{
$is_only = $exc->is_only('user_name', stripslashes($_POST['user_name']), 0, $where_big);
if (!$is_only)
{
sys_msg(sprintf($_LANG['user_name_exist'], stripslashes($_POST['user_name'])), 1);
}
}
/* nick_name地址是否有重复 */
if (!empty($_POST['nick_name']))
{
$is_only = $exc->is_only('nick_name', stripslashes($_POST['nick_name']), 0, $where_big);
if (!$is_only)
{
sys_msg(sprintf($_LANG['nick_name_exist'], stripslashes($_POST['nick_name'])), 1);
}
}
/* 获取添加日期及密码 */
$add_time = gmtime();
$password = md5($_POST['password']);
$role_id = '';
$action_list = '';
if (!empty($_POST['select_role']))
{
$sql = "SELECT action_list FROM " . $ecs->table('role') . " WHERE role_id = '".$_POST['select_role']."'";
$row = $db->getRow($sql);
$action_list = $row['action_list'];
$role_id = $_POST['select_role'];
}
$sql = "SELECT nav_list FROM " . $ecs->table('agent_user') . " WHERE action_list = 'all'";
$row = $db->getRow($sql);
$sql = "INSERT INTO ".$ecs->table('agent_user')." (user_name, nick_name, password, add_time, nav_list, action_list, role_id, checked) ".
"VALUES ('".trim($_POST['user_name'])."', '".trim($_POST['nick_name'])."', '$password', '$add_time', '$row[nav_list]', '$action_list', '$role_id', 1)";
$db->query($sql);
/* 转入权限分配列表 */
$new_id = $db->Insert_ID();
/*添加链接*/
$link[0]['text'] = $_LANG['go_allot_priv'];
$link[0]['href'] = 'privilege.php?act=allot&id='.$new_id.'&user='.$_POST['user_name'].'';
$link[1]['text'] = $_LANG['continue_add'];
$link[1]['href'] = 'privilege.php?act=add';
sys_msg($_LANG['add'] . "&nbsp;" .$_POST['user_name'] . "&nbsp;" . $_LANG['action_succeed'],0, $link);
/* 记录管理员操作 */
admin_log($_POST['user_name'], 'add', 'privilege');
}
/*------------------------------------------------------ */
//-- 编辑管理员信息
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'edit')
{
/* 不能编辑demo这个管理员 */
if ($_SESSION['admin_name'] == 'demo')
{
$link[] = array('text' => $_LANG['back_list'], 'href'=>'privilege.php?act=list');
sys_msg($_LANG['edit_admininfo_cannot'], 0, $link);
}
$_REQUEST['id'] = !empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0;
/* 查看是否有权限编辑其他管理员的信息 */
if ($_SESSION['supplier_user_id'] != $_REQUEST['id'])
{
// admin_priv('priv_list');
}
/* 获取管理员信息 */
$sql = "SELECT user_id, user_name, nick_name, password, agent_code, role_id FROM " .$ecs->table('agent_user').
" WHERE user_id = '".$_REQUEST['id']."'";
$user_info = $db->getRow($sql);
/* 模板赋值 */
$smarty->assign('ur_here', $_LANG['admin_edit']);
$smarty->assign('action_link', array('text' => $_LANG['admin_list'], 'href'=>'privilege.php?act=list'));
$smarty->assign('user', $user_info);
/* 获得该管理员的权限 */
$priv_str = $db->getOne("SELECT action_list FROM " .$ecs->table('agent_user'). " WHERE user_id = '$_GET[id]'");
/* 如果被编辑的管理员拥有了all这个权限将不能编辑 */
if ($priv_str != 'all')
{
$smarty->assign('select_role', get_role_list());
}
$smarty->assign('form_act', 'update');
$smarty->assign('action', 'edit');
assign_menu_info();
assign_query_info();
$smarty->display('privilege_info.htm');
}
elseif ($_REQUEST['act'] == 'change_pwd')
{
$id = intval($_SESSION['user_id']);
/* 模板赋值 */
$smarty->assign('ur_here', '更改密碼');
// $smarty->assign('action_link', array('text' => $_LANG['admin_list'], 'href'=>'privilege.php?act=list'));
// $smarty->assign('user', $user_info);
/* 如果被编辑的管理员拥有了all这个权限将不能编辑 */
$smarty->assign('user_name', $_SESSION['user_name']);
$smarty->assign('form_act', 'act_change_pwd');
$smarty->assign('action', 'change_pwd');
assign_menu_info();
assign_query_info();
$smarty->display('change_password.htm');
}
/*------------------------------------------------------ */
//-- 更新管理员信息
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'update' || $_REQUEST['act'] == 'update_self')
{
/* 变量初始化 */
$admin_id = !empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0;
$admin_name = !empty($_REQUEST['user_name']) ? trim($_REQUEST['user_name']) : '';
$admin_nick_name = !empty($_REQUEST['nick_name']) ? trim($_REQUEST['nick_name']) : '';
$ec_salt=rand(1,9999);
$password = !empty($_POST['new_password']) ? ", password = '".md5(md5($_POST['new_password']).$ec_salt)."'" : '';
if($_POST['token']!=$_CFG['token'])
{
sys_msg('update_error', 1);
}
if ($_REQUEST['act'] == 'update')
{
/* 查看是否有权限编辑其他管理员的信息 */
if ($_SESSION['supplier_user_id'] != $_REQUEST['id'])
{
admin_priv('priv_list');
}
$g_link = 'privilege.php?act=list';
$nav_list = '';
}
else
{
$nav_list = !empty($_POST['nav_list']) ? ", nav_list = '".@join(",", $_POST['nav_list'])."'" : '';
$admin_id = $_SESSION['supplier_user_id'];
$g_link = 'privilege.php?act=modif';
}
/* 判断管理员是否已经存在 */
if (!empty($admin_name))
{
$is_only = $exc->num('user_name', $admin_name, $admin_id);
if ($is_only == 1)
{
sys_msg(sprintf($_LANG['user_name_exist'], stripslashes($admin_name)), 1);
}
}
/* nick_name地址是否有重复 */
if (!empty($admin_nick_name))
{
$is_only = $exc->num('nick_name', $admin_nick_name, $admin_id);
if ($is_only == 1)
{
sys_msg(sprintf($_LANG['nick_name_exist'], stripslashes($admin_nick_name)), 1);
}
}
//如果要修改密码
$pwd_modified = false;
if (!empty($_POST['new_password']))
{
/* 查询旧密码并与输入的旧密码比较是否相同 */
$sql = "SELECT password FROM ".$ecs->table('agent_user')." WHERE user_id = '$admin_id'";
$old_password = $db->getOne($sql);
$sql ="SELECT ec_salt FROM ".$ecs->table('agent_user')." WHERE user_id = '$admin_id'";
$old_ec_salt= $db->getOne($sql);
if(empty($old_ec_salt))
{
$old_ec_password=md5($_POST['old_password']);
}
else
{
$old_ec_password=md5(md5($_POST['old_password']).$old_ec_salt);
}
if ($old_password <> $old_ec_password)
{
$link[] = array('text' => $_LANG['go_back'], 'href'=>'javascript:history.back(-1)');
sys_msg($_LANG['pwd_error'], 0, $link);
}
/* 比较新密码和确认密码是否相同 */
if ($_POST['new_password'] <> $_POST['pwd_confirm'])
{
$link[] = array('text' => $_LANG['go_back'], 'href'=>'javascript:history.back(-1)');
sys_msg($_LANG['js_languages']['password_error'], 0, $link);
}
else
{
$pwd_modified = true;
}
}
$role_id = '';
$action_list = '';
if (!empty($_POST['select_role']))
{
$sql = "SELECT action_list FROM " . $ecs->table('role') . " WHERE role_id = '".$_POST['select_role']."'";
$row = $db->getRow($sql);
$action_list = ', action_list = \''.$row['action_list'].'\'';
$role_id = ', role_id = '.$_POST['select_role'].' ';
}
//更新管理员信息
if($pwd_modified)
{
$sql = "UPDATE " .$ecs->table('agent_user'). " SET ".
"user_name = '$admin_name', ".
"nick_name = '$admin_nick_name', ".
"ec_salt = '$ec_salt' ".
$action_list.
$role_id.
$password.
$nav_list.
"WHERE user_id = '$admin_id' ";
}
else
{
$sql = "UPDATE " .$ecs->table('agent_user'). " SET ".
"user_name = '$admin_name', ".
"nick_name = '$admin_nick_name' ".
$action_list.
$role_id.
$nav_list.
"WHERE user_id = '$admin_id'";
}
$db->query($sql);
/* 记录管理员操作 */
// admin_log($_POST['user_name'], 'edit', 'privilege');
/* 如果修改了密码则需要将session中该管理员的数据清空 */
if ($pwd_modified && $_REQUEST['act'] == 'update_self')
{
//$sess->delete_spec_admin_session($_SESSION['admin_id']);
$msg = $_LANG['edit_password_succeed'];
}
else
{
$msg = $_LANG['edit_profile_succeed'];
}
/* 提示信息 */
$link[] = array('text' => strpos($g_link, 'list') ? $_LANG['back_admin_list'] : $_LANG['modif_info'], 'href'=>$g_link);
sys_msg("$msg<script>parent.document.getElementById('header-frame').contentWindow.document.location.reload();</script>", 0, $link);
}
/*------------------------------------------------------ */
//-- 更新管理员信息
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'act_change_pwd')
{
/* 变量初始化 */
$ec_salt=rand(1,9999);
$password = !empty($_POST['new_password']) ? ", password = '".md5(md5($_POST['new_password']).$ec_salt)."'" : '';
$pwd_modified = false;
if (!empty($_POST['new_password']))
{
/* 比较新密码和确认密码是否相同 */
if ($_POST['new_password'] <> $_POST['pwd_confirm'])
{
$link[] = array('text' => $_LANG['go_back'], 'href'=>'javascript:history.back(-1)');
sys_msg($_LANG['js_languages']['password_error'], 0, $link);
}
else
{
$pwd_modified = true;
}
}
//更新管理员信息
if($pwd_modified)
{
$sql = "UPDATE " .$ecs->table('users'). " SET ".
"ec_salt = '$ec_salt' ".
$password.
" WHERE user_id = '".$_SESSION['user_id']."' ";
}
$db->query($sql);
/* 记录管理员操作 */
// admin_log($_POST['user_name'], 'edit', 'privilege');
/* 如果修改了密码则需要将session中该管理员的数据清空 */
if ($pwd_modified)
{
//$sess->delete_spec_admin_session($_SESSION['admin_id']);
$msg = $_LANG['edit_password_succeed'];
}
/* 提示信息 */
$link[] = array('text' => '會員登入', 'href'=>'privilege.php?act=login');
sys_msg("$msg<script>parent.document.getElementById('header-frame').contentWindow.document.location.reload();</script>", 0, $link);
}
/*------------------------------------------------------ */
//-- 编辑个人资料
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'modif')
{
include_once('includes/inc_menu.php');
/* 包含插件菜单语言项 */
$sql = "SELECT code FROM ".$ecs->table('plugins');
$rs = $db->query($sql);
while ($row = $db->FetchRow($rs))
{
/* 取得语言项 */
if (file_exists(ROOT_PATH.'plugins/'.$row['code'].'/languages/common_'.$_CFG['lang'].'.php'))
{
include_once(ROOT_PATH.'plugins/'.$row['code'].'/languages/common_'.$_CFG['lang'].'.php');
}
/* 插件的菜单项 */
if (file_exists(ROOT_PATH.'plugins/'.$row['code'].'/languages/inc_menu.php'))
{
include_once(ROOT_PATH.'plugins/'.$row['code'].'/languages/inc_menu.php');
}
}
foreach ($modules AS $key => $value)
{
ksort($modules[$key]);
}
ksort($modules);
/* 获得当前管理员数据信息 */
$sql = "SELECT u.user_id, u.user_name, u.nick_name, s.nav_list ".
"FROM " .$ecs->table('users'). " AS u, ". $ecs->table('supplier') ."AS s WHERE u.user_id=s.user_id AND u.user_id = '".$_SESSION['supplier_user_id']."'";
$user_info = $db->getRow($sql);
/* 获取导航条 */
$nav_arr = (trim($user_info['nav_list']) == '') ? array() : explode(",", $user_info['nav_list']);
$nav_lst = array();
foreach ($nav_arr AS $val)
{
$arr = explode('|', $val);
$nav_lst[$arr[1]] = $arr[0];
}
/* 模板赋值 */
$smarty->assign('lang', $_LANG);
$smarty->assign('ur_here', $_LANG['modif_info']);
$smarty->assign('user', $user_info);
$smarty->assign('menus', $modules);
$smarty->assign('nav_arr', $nav_lst);
$smarty->assign('form_act', 'update_self');
$smarty->assign('action', 'modif');
/* 显示页面 */
assign_menu_info();
assign_query_info();
$smarty->display('privilege_info.htm');
}
/*------------------------------------------------------ */
//-- 为管理员分配权限
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'allot')
{
include_once(ROOT_PATH . 'languages/' .$_CFG['lang']. '/agent/agent_priv_action.php');
admin_priv('allot_priv');
if ($_SESSION['agent_id'] == $_GET['id'])
{
admin_priv('all');
}
/* 获得该管理员的权限 */
$priv_str = $db->getOne("SELECT action_list FROM " .$ecs->table('agent_user'). " WHERE user_id = '$_GET[id]'");
/* 如果被编辑的管理员拥有了all这个权限将不能编辑 */
if ($priv_str == 'all')
{
$link[] = array('text' => $_LANG['back_admin_list'], 'href'=>'privilege.php?act=list');
sys_msg($_LANG['edit_admininfo_cannot'], 0, $link);
}
/* 获取权限的分组数据 */
$sql_query = "SELECT action_id, parent_id, action_code,relevance FROM " .$ecs->table('agent_admin_action').
" WHERE parent_id = 0";
$res = $db->query($sql_query);
while ($rows = $db->FetchRow($res))
{
$priv_arr[$rows['action_id']] = $rows;
}
/* 按权限组查询底级的权限名称 */
$sql = "SELECT action_id, parent_id, action_code,relevance FROM " .$ecs->table('agent_admin_action').
" WHERE parent_id " .db_create_in(array_keys($priv_arr));
$result = $db->query($sql);
while ($priv = $db->FetchRow($result))
{
$priv_arr[$priv["parent_id"]]["priv"][$priv["action_code"]] = $priv;
}
// 将同一组的权限使用 "," 连接起来供JS全选
foreach ($priv_arr AS $action_id => $action_group)
{
$priv_arr[$action_id]['priv_list'] = join(',', @array_keys($action_group['priv']));
foreach ($action_group['priv'] AS $key => $val)
{
$priv_arr[$action_id]['priv'][$key]['cando'] = (strpos($priv_str, $val['action_code']) !== false || $priv_str == 'all') ? 1 : 0;
}
}
/* 赋值 */
$smarty->assign('lang', $_LANG);
$smarty->assign('ur_here', $_LANG['allot_priv'] . ' [ '. $_GET['user'] . ' ] ');
$smarty->assign('action_link', array('href'=>'privilege.php?act=list', 'text' => $_LANG['admin_list']));
$smarty->assign('priv_arr', $priv_arr);
$smarty->assign('form_act', 'update_allot');
$smarty->assign('user_id', $_GET['id']);
/* 显示页面 */
assign_menu_info();
assign_query_info();
$smarty->display('privilege_allot.htm');
}
/*------------------------------------------------------ */
//-- 更新管理员的权限
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'update_allot')
{
admin_priv('priv_list');
if($_POST['token']!=$_CFG['token'])
{
sys_msg('update_allot_error', 1);
}
/* 取得当前管理员用户名 */
$admin_name = $db->getOne("SELECT user_name FROM " .$ecs->table('agent_user'). " WHERE user_id = '$_POST[id]'");
/* 更新管理员的权限 */
$act_list = @join(",", $_POST['action_code']);
$sql = "UPDATE " .$ecs->table('agent_user'). " SET action_list = '$act_list', role_id = '' ".
"WHERE user_id = '$_POST[id]'";
$db->query($sql);
/* 动态更新管理员的SESSION */
if ($_SESSION["admin_id"] == $_POST['id'])
{
$_SESSION["action_list"] = $act_list;
}
/* 记录管理员操作 */
//admin_log(addslashes($admin_name), 'edit', 'privilege');
/* 提示信息 */
$link[] = array('text' => $_LANG['back_admin_list'], 'href'=>'privilege.php?act=list');
sys_msg($_LANG['edit'] . "&nbsp;" . $admin_name . "&nbsp;" . $_LANG['action_succeed'], 0, $link);
}
/*------------------------------------------------------ */
//-- 删除一个管理员
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'remove')
{
check_authz_json('admin_drop');
$id = intval($_GET['id']);
/* 获得管理员用户名 */
$action_list = $db->getOne('SELECT action_list FROM '.$ecs->table('agent_user')." WHERE user_id='$id'");
/* 总管理员这个管理员不允许删除 */
if ($action_list == 'all')
{
//make_json_error($_LANG['edit_remove_cannot']);
make_json_error($_LANG['remove_cannot']);
}
/* ID为1的不允许删除 */
//if ($id == 1)
// {
// make_json_error($_LANG['remove_cannot']);
// }
/* 管理员不能删除自己 */
if ($id == $_SESSION['supplier_user_id'])
{
make_json_error($_LANG['remove_self_cannot']);
}
if ($exc->drop($id))
{
//$sess->delete_spec_admin_session($id); // 删除session中该管理员的记录
// admin_log(addslashes($admin_name), 'remove', 'privilege');
clear_cache_files();
}
$url = 'privilege.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: $url\n");
exit;
}
/* 获取管理员列表 */
function get_admin_userlist()
{
$list = array();
$sql = "SELECT user_id, user_name, nick_name, add_time, last_login ".
"FROM " .$GLOBALS['ecs']->table('agent_user')." where checked=1 and (user_id='".$_SESSION['agent_id']."' or uid='".$_SESSION['agent_id']."') ORDER BY user_id DESC";
$list = $GLOBALS['db']->getAll($sql);
foreach ($list AS $key=>$val)
{
$list[$key]['add_time'] = local_date($GLOBALS['_CFG']['time_format'], $val['add_time']);
$list[$key]['last_login'] = local_date($GLOBALS['_CFG']['time_format'], $val['last_login']);
}
return $list;
}
/* 清除购物车中过期的数据 */
function clear_cart()
{
/* 取得有效的session */
$sql = "SELECT DISTINCT session_id " .
"FROM " . $GLOBALS['ecs']->table('cart') . " AS c, " .
$GLOBALS['ecs']->table('sessions') . " AS s " .
"WHERE c.session_id = s.sesskey ";
$valid_sess = $GLOBALS['db']->getCol($sql);
// 删除cart中无效的数据
$sql = "DELETE FROM " . $GLOBALS['ecs']->table('cart') .
" WHERE session_id NOT " . db_create_in($valid_sess);
$GLOBALS['db']->query($sql);
}
/* 获取角色列表 */
function get_role_list()
{
return '';
$list = array();
$sql = 'SELECT role_id, role_name, action_list '.
'FROM ' .$GLOBALS['ecs']->table('role');
$list = $GLOBALS['db']->getAll($sql);
return $list;
}
?>
Reference in New Issue View Git Blame Copy Permalink