top.php

在传统CMS文章内容管理功能基础上

<?php
/*
    [BBWPS!] (C)2006-2010 小蜜蜂版权所有.
	  This is NOT a freeware, use is subject to license terms
*/
//::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
//显示导航条，并生成URL
//:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
error_reporting(0);
require_once("../class/template_class.php");
require_once("../class/mysql_class.php");
require_once("../config.php");
require_once("../config/baseCheckCode.php");
require_once("../function/function.php");
require_once("../function/checkBaseSession.php");
//-------------------------------------------------------
//获得前台模块
//-------------------------------------------------------
if(file_exists("../data/module.php")){
	include_once("../data/module.php");
}
//-------------------------------------------------------
//校验后台的合法性
//-------------------------------------------------------
$bbwpsModuleAdmin = $_GET['bbwpsmoduleadmin'];
//-------------------------------------------------------
//获得自己平台自己写的session
//-------------------------------------------------------
$_SESSION = getBBWPSSession("../$session/");
//------------------------------------------------------
//初始化模板变量
//------------------------------------------------------
$p = new Template("./template");
$p->set_file("handle_1","top_1.html");
//------------------------------------------------------
//获得用户权限
//------------------------------------------------------
$getSQL = "select popedom from ".$prefix."user where user='".$_SESSION['BBWPS_BASE_USERNAME']."'";
$mydb = new DB($hostname,$username,$password,$database);
$rs = $mydb->get_one($getSQL);
$popedom = $rs->popedom;
//----------------------------------------------------------------------------
//判断该用户是否为超级管理员,(超级管理员的popedom为md5()加密的BBWPS_MODULE_ALL)
//----------------------------------------------------------------------------
if($popedom == md5("BBWPS_MODULE_ALL")){
	checkBaseSession("../$session/");
	//---------------------------------------
	//显示导航条
	//---------------------------------------
	foreach ($moduleArray as $values){
		//------------------------------------------------------------------------
		//取得要加密baseCheckCode加密的随机数
		//------------------------------------------------------------------------
		$md5Num = rand(1,9);
		//----------------------------------------------------------
		//生成校验字符串
		//----------------------------------------------------------
		$bbwpsModuleString = MakeMd5($values['dns'],$md5Num).$md5Num;
		$moduleAdminGroupid=EnMakeMd5(0);
		$p->set_var("moduletitle",$values["name"]);
		$p->set_var("target","_parent");
		//------------------------------------------------------------------------
		//平台URL参数说明
		//check 模块自身的路径用可逆加密算法加密(平台密钥加密)后的结果，用于模块自身检验
		//bbwpsbaseusername 管理员用户名
		//baseCheckCode 为平台baseCheckCode的口令md5()随机加密字符串
		//------------------------------------------------------------------------
		$p->set_var("modulelink",$values['dns']."$adminDir/$moduleLoginFile?bbwpsadmingroupid={$moduleAdminGroupid}&check=".urlencode($bbwpsModuleString)."&basecheckcode=".urlencode(MakeMd5($baseCheckCode,$md5Num).$md5Num)."&bbwpsbaseusername=".urlencode($_SESSION['BBWPS_BASE_USERNAME']));
		$p->parse("module","handle_1",true);
	}
	//---------------------------------------
	//注销前台模块的数组变量，以免干扰后台模块
	//---------------------------------------
	unset($moduleArray,$values);
	//---------------------------------------
	//获得后台模块
	//---------------------------------------
	if($bbwpsModuleAdmin!=1){
		if(file_exists("./data/module.php")){
			include_once("./data/module.php");
		}
		foreach ($moduleArray as $v){
			$p->set_var("moduletitle",$v["name"]);
			$p->set_var("target","left");
			$p->set_var("modulelink","./left.php?module=".$v["path"]."&control=".$v["control"]);
			$p->parse("module","handle_1",true);
		}
	}else {
		$p->set_var("moduletitle","回到平台");
		$p->set_var("modulelink","http://{$host}{$installPath}/$adminDir/$baseLoginFile");
		$p->parse("module","handle_1",true);
	}
}
//----------------------------------------------------
//不是超级管理员
//----------------------------------------------------
else {
	//------------------------------------------------
	//分解权限
	//------------------------------------------------
	$popedomStr = explode(";",$popedom);
	foreach ($moduleArray as $mav){
		//----------------------------------------------------
		//功能:增加后台的用户权限
		//修改时间:2006.7.31
		//作者: 张明
		//----------------------------------------------------
		for ($i=0;$i<count($popedomStr);$i++){
			//------------------------------------------------
			//用md5()加密过的安装路径(DNS)作为权限的标志
			//------------------------------------------------
			if($popedomStr[$i]==md5($mav['dns'])){
				//------------------------------------------------------------------------
				//取得要加密baseCheckCode加密的随机数
				//------------------------------------------------------------------------
				$md5Num = rand(1,9);
				//----------------------------------------------------------
				//生成校验字符串
				//----------------------------------------------------------
				$bbwpsModuleString = MakeMd5($mav['dns'],$md5Num).$md5Num;//encode($moduleArray[$j]['dns'],$key);
				$moduleAdminGroupid=unserialize($_SESSION["BBWPS_BASE_ADMINGROUPID"]);
				$moduleAdminGroupid=EnMakeMd5($moduleAdminGroupid[$mav["id"]]);
				//------------------------------------------------------------------------
				//平台URL参数说明
				//check 模块自身的路径用可逆加密算法加密(以随机$key为密钥)后的结果，用于模块自身检验
				//sessionname 以随机$key　md5()加密后的结果，用于模块保存文件的文件名
				//baseCheckCode 为平台baseCheckCode的口令md5()随机加密字符串
				//------------------------------------------------------------------------
				$p->set_var("moduletitle",$mav["name"]);
				$p->set_var("target","_parent");
				$p->set_var("modulelink",$mav['dns']."$adminDir/$moduleLoginFile?bbwpsadmingroupid={$moduleAdminGroupid}&check=".urlencode($bbwpsModuleString)."&basecheckcode=".urlencode(MakeMd5($baseCheckCode,$md5Num).$md5Num)."&bbwpsbaseusername=".urlencode($_SESSION['BBWPS_BASE_USERNAME']));
				$p->parse("module","handle_1",true);
			}
		}
		if($bbwpsModuleAdmin==1){
			$p->set_var("moduletitle","回到平台");
		  $p->set_var("modulelink","http://{$host}{$installPath}/$adminDir/$baseLoginFile");
		  $p->parse("module","handle_1",true);
		}
	}
}
$p->set_file("handle_0","top_0.html");
$p->parse("output","handle_0");
$p->p("output");
?>