admin.php

在传统CMS文章内容管理功能基础上

<?PHP
/*
    [BBWPS!] (C)2006-2010 小蜜蜂版权所有.
	  This is NOT a freeware, use is subject to license terms
	  功能:添加编辑用户管理员
*/
error_reporting(0);
if(!function_exists("CheckRequire")){
	exit("Forbidden");
}
//更新模块的管理员权限
file_exists("../data/adminrole.php")?include("../data/adminrole.php"):null;
if(file_exists("../data/updateadminrole.php")){
	include_once("../data/updateadminrole.php");
	include_once("../class/ParseRole_class.php");
	$roleStr = "<?PHP"."\n";
	if(is_array($updateRole)){
		//---------------------------------------------------
		//如果有更新信息，就按更新的信息来循环访问更新信息
		//---------------------------------------------------
		foreach ($updateRole as $uRole){
			//----------------------------------------
			//用XML解析器解析,修改为指定通信地址
			//----------------------------------------
			if($moduleArray[$uRole]['idns']){
				$rolePath = $moduleArray[$uRole]['idns']."api/adminrole.php?basecheckcode=".EnMakeMd5($baseCheckCode);
			}
			else{
				if($moduleArray[$uRole]['dns']){
					$rolePath = $moduleArray[$uRole]['dns']."api/adminrole.php?basecheckcode=".EnMakeMd5($baseCheckCode);
				}
				else{
					continue;
				}
			}
			$xmlParseObj = new RoleParse($rolePath);
			$xmlParseArr = $xmlParseObj->GetInfos();
			if(key_exists($xmlParseArr[0]['module'],$roleArray)){
				//------------------------------------
				//存在，说明是更新的信息,先清除以前的信息
				//------------------------------------
				unset($roleArray[$xmlParseArr[0]['module']]);
			}
			//-------------------------------------
			//保存原来的缓存信息
			//-------------------------------------
			if(is_array($roleArray)){
				foreach ($roleArray as $rkey=>$ra){
					//-------------------------------------
					//一维数组
					//-------------------------------------
					if(is_array($ra)&&count($ra)>0){
						foreach ($ra as $r){
							$roleStr.='$roleArray["'.$rkey.'"][]=array(';
							foreach ($r as $rk=>$rv){
								$roleStr.='"'.$rk.'"=>"'.$rv.'",';
							}
							$roleStr = substr($roleStr,0,-1).');'."\n";
						}
					}
				}
			}
			//---------------------------------------------
			//加入现在的信息
			//---------------------------------------------
			if(is_array($xmlParseArr)&&count($xmlParseArr)>0){
				$moduleName = $xmlParseArr[0]['module'];
				array_shift($xmlParseArr);
				foreach ($xmlParseArr as $xp){
					$roleStr.='$roleArray["'.$moduleName.'"][]=array("rid"=>"'.$xp["rid"].'","rname"=>"'.$xp["rname"].'","descript"=>"'.$xp['rdescript'].'");'."\n";
				}
			}
			$fp = fopen("../data/adminrole.php","w");
			fwrite($fp,$roleStr,strlen($roleStr))?fclose($fp):null;
			//过滤重复的数据;
			$fileStrArray=file("../data/adminrole.php");
			$fileStrArray=array_unique($fileStrArray);
			$fileStr=implode("\n",$fileStrArray);
			$fp = fopen("../data/adminrole.php","w");
			fwrite($fp,$fileStr,strlen($fileStr))?fclose($fp):null;
			//-----------------------------------------------
			//删除当前更新的权限组
			//-----------------------------------------------
			$updateStr = "<?PHP"."\n";
			foreach ($updateRole as $uroleValue){
				if($uroleValue!=$uRole){
					$updateStr.='$updateRole[]="'.$uroleValue.'";'."\n";
				}
			}
			$upfp = fopen("../data/updateadminrole.php","w");
			fwrite($upfp,$updateStr,strlen($updateStr));
			fclose($upfp);
		}
		unset($fp,$roleStr);
	}
}
$db  = new DB($hostname,$username,$password,$database);
$act = $_GET['act'];
$action = $_GET['action'];
//增加管理员
if($action=="add"){
	if($act == "add"){
		$username  = $_POST['username'];
		$password  = md5($_POST['password']);
		$admingroupid=$_POST["admingroupid"];
		if(!$username||!$password){
			$db->close();
			unset($username,$password,$act,$action,$db);
			MsgError($langAdminArray["memb_input"]);
		}
		//------------------------------------------------------
		//判断用户名是否存在
		//------------------------------------------------------
		$usernameSql = "select id from ".$prefix."user where user='".$username."'";
		if($db->get_one($usernameSql)){
			MsgError($langAdminArray["memb_repeat"]);
		}
		//获得管理员的权限信息
		$check = $_POST['check'];
		foreach ($check as $id){
			$admingroupidtmp[$id]=$admingroupid[$id];
			$checkStr.=md5($moduleArray[$id]["dns"]).";";
		}
		$admingroupid=serialize($admingroupidtmp);
		$checkStr = substr($checkStr,0,-1);
		$insertSql = "insert into ".$prefix."user set user='".$username."', pwd='".$password."', popedom='".$checkStr."',admingroupid='$admingroupid'";
		if($db->insert($insertSql)){
			$db->close();
			unset($username,$password,$act,$action,$db,$check,$checkStr);
			MsgError($langAdminArray["bank_succ"]);
		}
		else {
			$db->close();
			unset($username,$password,$act,$action,$db,$check,$checkStr);
			MsgError($langAdminArray["memb_fail"]);
		}
	}
	$p=new Template("./template/member");
	$p->set_file("handle_0","member.html");
	$p->set_block("handle_0","admingroup","adm");
	unset($roleArray);
	include("../data/adminrole.php");
	foreach ($moduleArray as $value){
		$moduleGroup="<input type=\"radio\" name=\"admingroupid[{$value["id"]}]\" value=\"0\" checked>超级管理员";
		$checkboxStr=" <input name=\"check[]\" type=\"checkbox\" value=\"".$value["id"]."\" />".$value["name"];
		$p->set_var("checkbox",$checkboxStr);
		$p->set_var("moduleid",$value["id"]);
		if(is_array($roleArray)){
			foreach ($roleArray[$value["id"]] as $key=>$v){
				$moduleGroup.="<input type=\"radio\" name=\"admingroupid[{$value["id"]}]\" value=\"{$v["rid"]}\">{$v["rname"]}";
			}
		}
		$p->set_var("modulegroup",$moduleGroup);
		$p->parse("adm","admingroup",true);
	}
	$p->set_var("para",$para);
	$p->parse("output","handle_0");
	$p->p("output");
	unset($p);
}
//编辑管理员
elseif ($action=="edit"){
	if($act=="edit"){
		$username = $_POST['username'];
		$password = md5($_POST['password']);
		$admingroupid=$_POST["admingroupid"];
		$id = $_GET['id'];
		if(!$username||!$password){
			$db->close();
			unset($username,$password,$act,$action,$db);
			MsgError($langAdminArray["memb_input"]);
		}
		$check = $_POST['check'];
		foreach ($check as $valueCheck){
			$admingroupidtmp[$valueCheck]=$admingroupid[$valueCheck];
			$checkStr.=md5($moduleArray[$valueCheck]["dns"]).";";
		}
		$admingroupid=serialize($admingroupidtmp);
		$checkStr = substr($checkStr,0,-1);
		$passwordSql = "select pwd,popedom from ".$prefix."user where user='".$username."'";
		$passwordRes = $db->get_one($passwordSql);
		//----------------------------------------------------
		//判断是否和以前的密码一样
		//----------------------------------------------------
		if($passwordRes->pwd==$_POST['password']){
			//------------------------------------------------
			//判断是不是超级管理员
			//------------------------------------------------
			if($passwordRes->popedom==md5("BBWPS_MODULE_ALL")){
				$insertSql = "update ".$prefix."user set user='".$username."' where id=".$id;
			}else {
				$insertSql = "update ".$prefix."user set user='".$username."', popedom='".$checkStr."',admingroupid='$admingroupid' where id=".$id;
			}
		}else {
			//------------------------------------------------
			//判断是不是超级管理员
			//------------------------------------------------
			if($passwordRes->popedom==md5("BBWPS_MODULE_ALL")){
				$insertSql = "update ".$prefix."user set user='".$username."', pwd='".$password."' where id=".$id;
			}else {
				$insertSql = "update ".$prefix."user set user='".$username."', pwd='".$password."', popedom='".$checkStr."',admingroupid='$admingroupid' where id=".$id;
			}
		}
		if($db->insert($insertSql)){
			$db->close();
			unset($username,$password,$act,$action,$db,$check,$checkStr);
			ExeSuccess($langAdminArray["bank_succ"],"?$para&action=edit");
		}
		else {
			$db->close();
			unset($username,$password,$act,$action,$db,$check,$checkStr);
			ExeSuccess($langAdminArray["memb_fail"],"?$para&action=edit");
		}
	}
	//删除管理员
	elseif ($act=="del"){
		$id = $_GET['id'];
		$delSql= "delete from ".$prefix."user where id=".$id;
		if($db->update($delSql)){
			ExeSuccess($langAdminArray["bank_succ"],"?$para&action=edit");
		}else {
			ExeSuccess($langAdminArray["memb_fail"],"?$para&action=edit");
		}
	}
	//编辑管理员第二步
	elseif ($act=="edi"){
		$id = $_GET['id'];
		$p=new Template("./template/member");
		$p->set_file("handle_0","edit1.html");
		$p->set_block("handle_0","modulerow","mod");
		$passwordSql = "select * from ".$prefix."user where id=$id";
		$messageRow = $db->get_one($passwordSql);
		$popedomStr = $messageRow->popedom;
		$admingroupidArray=unserialize($messageRow->admingroupid);
		if($popedomStr!=md5("BBWPS_MODULE_ALL")){
			$popedomStr = explode(";",$popedomStr);
			foreach ($moduleArray as $value){
				$moduleGroup=null;
				$ischeck="";
				//判断是不是该模块的管理员
				for ($i=0;$i<count($popedomStr);$i++){
					if($popedomStr[$i]==md5($value["dns"])){
						$ischeck="checked";
						break;
					}
				}
				//显示该模块下的所有的会员组
				if(!isset($roleArray[$value["id"]])){
					$moduleGroup="<input type=\"radio\" name=\"admingroupid[{$value["id"]}]\" value=\"0\" checked>超级管理员";
				}
				unset($roleArray);
				include("../data/adminrole.php");
				if(is_array($roleArray)){
					foreach ($roleArray[$value["id"]] as $k=>$v){
						if(!$moduleGroup){
							if($admingroupidArray[$value["id"]]==0){
								$moduleGroup="<input type=\"radio\" name=\"admingroupid[{$value["id"]}]\" value=\"0\" checked>超级管理员";
							}
							else{
								$moduleGroup="<input type=\"radio\" name=\"admingroupid[{$value["id"]}]\" value=\"0\">超级管理员";
							}
						}
						if($admingroupidArray[$value["id"]]==$v["rid"]){
							$moduleGroup.="<input type=\"radio\" name=\"admingroupid[{$value["id"]}]\" value=\"{$v["rid"]}\" checked>{$v["rname"]}";
						}
						else{
							$moduleGroup.="<input type=\"radio\" name=\"admingroupid[{$value["id"]}]\" value=\"{$v["rid"]}\">{$v["rname"]}";
						}
					}
				}
				$moduleid=$value["id"];
				$checkboxStr="<input type=\"checkbox\" name=\"check[]\" value=\"$moduleid\" $ischeck>".$value["name"];
				$p->set_var("checkbox",$checkboxStr);
				$p->set_var("modulegroup",$moduleGroup);
				$p->set_var("moduleid",$value["id"]);
				$p->parse("mod","modulerow",true);
			}
		}
		$p->set_var("para",$para);
		$p->set_var("username",$messageRow->user);
		$p->set_var("password",$messageRow->pwd);
		$p->set_var("id",$messageRow->id);
		$p->parse("output","handle_0");
		$p->p("output");
	}
	//编辑管理员第一步，展示
	else{
		$p=new Template("./template/member");
		$messageSql = "select * from ".$prefix."user";
		$messageRes = $db->query($messageSql,true);
		$flag = false;
		$p->set_file("handle_0","edit.html");
		$p->set_block("handle_0","row","edi");
		$p->set_block("row","modulerow","mod");
		unset($roleArray);
		include("../data/adminrole.php");
		while ($messageRow = $db->fetch_object($messageRes)) {
			$p->set_var("mod",null);
			//------------------------------------------------------
			//如果是超级管理员则不用编辑功能模块
			//------------------------------------------------------
			if($messageRow->popedom!=md5("BBWPS_MODULE_ALL")){
				$popedomStr = $messageRow->popedom;
				$popedomStr = explode(";",$popedomStr);
				$admingroupidArray=unserialize($messageRow->admingroupid);
				foreach ($moduleArray as $value){
					$p->set_var("name",$value["name"]);
					$p->set_var("value",md5($value["dns"]));
					$checkboxStr=null;
					$moduleGroup=null;
					for ($i=0;$i<count($popedomStr);$i++){
						if($popedomStr[$i]==md5($value["dns"])){
							$checkboxStr="<input name=\"check[]\" type=\"checkbox\" value=\"".$value["id"]."\" checked/>".$value["name"];
							$moduleGroup="超级管理员";
							if(is_array($roleArray)){
								foreach ($roleArray[$value["id"]] as $k=>$v){
									if($admingroupidArray[$value["id"]]==$v["rid"]){
										$moduleGroup="{$v["rname"]}";break;
									}
								}
							}
							$p->set_var("checkbox",$checkboxStr);
							$p->set_var("moduleid",$value["id"]);
							$p->set_var("modulegroup",$moduleGroup);
							$p->parse("mod","modulerow",true);
							break;
						}
					}
				}
			}
			$p->set_var("username",$messageRow->user);
			$p->set_var("password",$messageRow->pwd);
			$p->set_var("id",$messageRow->id);
			$p->parse("edi","row",true);
		}
		$p->set_var("para",$para);
		$p->parse("output","handle_0");
		$p->p("output");
		unset($p);
	}
}
?>