oddconmanage.php

在传统CMS文章内容管理功能基础上

<?php
/*
[BBWPS!] (C)2006-2010 小蜜蜂版权所有.
This is NOT a freeware, use is subject to license terms
*/
error_reporting(0);
require_once("../config.php");
if(file_exists("../data/module.php")){
	include_once("../data/module.php");
}
//----------------------------------------------
//加载用户权限的参数配置
//----------------------------------------------
file_exists("../data/memberPara.php")?require_once("../data/memberPara.php"):null;
$p=new Template("./template/member");
$db= new DB($hostname,$username,$password,$database);
$action  = $_REQUEST["act"];
$passvip = $_GET['passvip'];
if(!$action){
	$_POST["username"]=null;
	switch ($passvip){
		case "OK":
		$sql="select * from ".$prefix."members where available=0";
		$sql_count="select count(*) as num from ".$prefix."members where available=0";
		break;
		case "pass":
		$sql="select * from ".$prefix."members where vipnum>0 and vipwait=1";
		$sql_count="select count(*) as num from ".$prefix."members where vipnum>0 and vipwait=1";
		break;
		default:
		$sql="select * from ".$prefix."members where vipnum=0 or vipwait=0";
		$sql_count="select count(*) as num from ".$prefix."members where vipnum=0 or vipwait=0";
		break;
	}
}
elseif ($action=="edit"){
	$isMagic = @ini_get("magic_quotes_gpc");
	if(!$isMagic){
		if (is_array($_POST)){
			foreach($_POST AS $key => $value) {
				$_POST[$key] = addslashes(strip_tags($value));
			}
		}
	}
	$username = $_GET['username'];
	extract($_POST);
	//--------------------------------------------------
	//$isSendMessage 后台设置参数 验证成功是否发送短消息
	//查出原来的会员是否处于等待验证状态
	//处于等待验证状态并且现在通过
	//发出短信通知
	//--------------------------------------------------
	if($vipnum){
		if($isSendMessage==1){
			//-------------------------------------------
			//判断是否有VIP会员组
			//-------------------------------------------
			$permitGroupSql = "select count(pgid) as pgNum from {$prefix}permitgroup";
			$permitGroupNum = $db->get_one($permitGroupSql);
			if($permitGroupNum->pgNum){
				$vipWaitSql = "select `vipwait` from ".$prefix."members where username='$username'";
				$vipWaitObj = $db->get_one($vipWaitSql);
				if($vipWaitObj->vipwait==0&&$vipwait==1){
					//--------------------------
					//载入短消息的函数
					//--------------------------
					file_exists("../function/func_pm.php")?include_once("../function/func_pm.php"):null;
					systempm($username,$langAdminArray["mem_system_msg"],$message);
				}
				unset($vipWaitSql,$vipWaitObj);
			}
			unset($permitGroupNum,$permitGroupSql);
		}
	}
	//--------------------------------------
	//更新个人资料
	//--------------------------------------
	if($_GET['regctrl']==0){
		//判断是不是有扩展字段
		$setfield=$_POST["setfield"];
		if(is_array($setfield)){
			include_once("./data/setfield.php");
			foreach ($setfieldArray as $field){
				//是个人扩展字段
				if($field["tablename"]=="memberfields"&&$field["vipnum"]==$vipnum){
					if($field["isnull"]&&!$setfield[$field["field"]]){
						MsgError($field["descript"].$langAdminArray["mem_unempty"]);
					}
				}
			}
			foreach ($setfield as $sk=>$sv){
				if(is_array($sv)){
					$sv=serialize($sv);
				}
				$setfieldSQL[]="`$sk`='$sv'";
			}
		}
		if(isset($setfieldSQL)&&count($setfieldSQL)>0){
			$setfieldSQL=implode(",",$setfieldSQL);
		}
		$bday = ($months && $days) ? (empty($years) ? '0000' : $years)."-$months-$days" : '';
		if(!$password){
			$db->query("UPDATE ".$prefix."members SET `email`='$email', `credits`='$credits', `available`='$available', `reason`='$reason',`vipwait`='$vipwait',`vipnum`='$vipnum' where username='$username'");
		}else{
			$password = md5($password);
			$db->query("UPDATE ".$prefix."members SET `email`='$email', `credits`='$credits', `available`='$available', `password`='$password', `reason`='$reason',`vipwait`='$vipwait',`vipnum`='$vipnum' where username='$username'");
		}
		$db->update("UPDATE ".$prefix."memberfields set $setfieldSQL WHERE username='$username'");
	}
	//--------------------------------------
	//更新公司资料   更新时间2006-11-07 11:29
	//--------------------------------------
	elseif ($_GET['regctrl']==1){
		//判断是不是有扩展字段
		$setfield=$_POST["setfield"];
		if(is_array($setfield)){
			include_once("./data/setfield.php");
			foreach ($setfieldArray as $field){

				//是企业扩展字段
				if($field["tablename"]=="company"&&$field["vipnum"]==$vipnum){
					if($field["isnull"]&&!$setfield[$field["field"]]){
						MsgError($field["descript"].$langAdminArray["mem_unempty"]);
					}
				}
			}
			foreach ($setfield as $sk=>$sv){
				if(is_array($sv)){
					$sv=serialize($sv);
				}
				$setfieldSQL[]="`$sk`='$sv'";
			}
		}
		if(isset($setfieldSQL)&&count($setfieldSQL)>0){
			$setfieldSQL=",".implode(",",$setfieldSQL);
		}
		if(!$password){
			$db->query("UPDATE ".$prefix."members SET `email`='$email', `credits`='$credits', `available`='$available', `reason`='$reason',`vipwait`='$vipwait',`vipnum`='$vipnum' where username='$username'");
		}else{
			$password = md5($password);
			$db->query("UPDATE ".$prefix."members SET `email`='$email', `credits`='$credits', `available`='$available', `password`='$password', `reason`='$reason',`vipwait`='$vipwait',`vipnum`='$vipnum' where username='$username'");
		}
		$db->update("UPDATE ".$prefix."company set `name`='$name',  `linkman`='$linkman', `phone`='$phone', `address`='$address', `email`='$email' $setfieldSQL WHERE username='$username'");
	}
	Meta(0,"?mod=member&f=oddconmanage");
}
elseif ($action=="showContent"){
	$username = $_GET['username'];
	//----------------------------------
	//个人用户编辑
	//----------------------------------
	$sql  = "SELECT * FROM ".$prefix."members WHERE username='$username'";
	$row = $db->get_one($sql);
	if($row->regctrl==0){
		$p->set_file("handleregctrl0","oddMess.html");
		$p->set_block("handleregctrl0","regextend","ext");
		$p->set_var("username",$row->username);
		if($row->available==1){
			$p->set_var("available_1","checked");
			$p->set_var("available",$langAdminArray["mem_unlock"]);
		}else {
			$p->set_var("available_0","checked");
			$p->set_var("available",$langAdminArray["mem_lock"]);
		}
		//------------------------------------
		//查出vip的名称
		//------------------------------------
		$vipNumSql = "select `pgname` from {$prefix}permitgroup where `pgid`='$row->vipnum'";
		$vipnum=$row->vipnum;
		$vipNumObj = $db->get_one($vipNumSql);
		if($vipNumObj)($row->vipwait==0)?$p->set_var("vipnum",$langAdminArray["mem_vip_iswait"].$vipNumObj->pgname):$p->set_var("vipnum",$vipNumObj->pgname);
		else $p->set_var("vipnum",$langAdminArray["mem_unvip"]);

		//------------------------------------
		//更改会员的组属性
		//------------------------------------
		$vipnameSql = "select `pgid`,`pgname` from {$database}.{$prefix}permitgroup";
		$vipnameRes = $db->query($vipnameSql,true);
		while ($vipnameObj = $db->fetch_object($vipnameRes)){
			if($row->vipnum==$vipnameObj->pgid) $inputStr.="<input type='radio' name='vipnum' value='".$vipnameObj->pgid."' checked>".$vipnameObj->pgname;
			else $inputStr.="<input type='radio' name='vipnum' value='".$vipnameObj->pgid."'>".$vipnameObj->pgname;
		}
		$p->set_var("inputradio",$inputStr);
		unset($vipNumSql,$vipNumObj,$vipnameObj,$vipnameRes,$vipnameSql,$inputStr);
		$vipwait = "vipwait_$row->vipwait";
		$p->set_var($vipwait,"checked");

		$p->set_var("email", $row->email);
		$p->set_var("reason", $row->reason);
		$p->set_var("credits",$row->credits);
		$p->set_var("regdate",date("Y-m-d H:i:s",$row->regdate));
		$p->set_var("regip",$row->regip);
		$p->set_var("lastvisit",date("Y-m-d H:i:s",$row->lastvisit));
		$p->set_var("lastip",$row->lastip);
		$p->set_var("oltime",$row->oltime);
		$sql  = "SELECT * FROM ".$prefix."memberfields WHERE username='$username'";
		$memberfieldsRes = $db->query($sql,true);
		$memberfieldsRow = $db->fetch_array($memberfieldsRes);
		foreach ($memberfieldsRow as $key=>$value){
			$memberfieldsVar[$key] = $value;
		}
		$p->set_var($memberfieldsVar);
		$bdayString = $memberfieldsRow['bday'];
		//-------------------------------------------
		//计算年龄
		//-------------------------------------------
		$bdayTime = strtotime($bdayString);
		$ageTime = time()-$bdayTime;
		$age = floor($ageTime/(24*60*60*365));
		$p->set_var("age",$age);
		//-------------------------------------------
		$bdayArray = explode("-",$bdayString);
		$p->set_var("years",$bdayArray[0]);
		$p->set_var("months",$bdayArray[1]);
		$p->set_var("days",$bdayArray[2]);
		if($memberfieldsRow['gender']==1){
			$p->set_var("gender",$langAdminArray["mem_gender_1"]);
			$p->set_var("ischeck1","checked");
		}
		if($memberfieldsRow['gender']==2){
			$p->set_var("gender",$langAdminArray["mem_gender_2"]);
			$p->set_var("ischeck2","checked");
		}
		$p->set_var("id",$uid);
		$p->set_var("uid",$uid);

		include_once("../data/setfield.php");
		if(is_array($setfieldArray)){
			foreach ($setfieldArray as $field){
				$input=null;
				if($field["tablename"]=="memberfields"&&$field["vipnum"]==$vipnum){
					$p->set_var("text",$field["descript"]);
					$dbvalue=$memberfieldsRow[$field["field"]];
					switch ($field["input"]){
						//文本输入框的时候
						case "text":
						$input='<input type="text" name="setfield['.$field["field"].']" value="'.$dbvalue.'">';
						break;
						//多行文本输入框
						case "textarea":
						$input='<textarea rows="5" cols="60" name="setfield['.$field["field"].']">'.$dbvalue.'</textarea>';
						break;
						case "radio":
						$value=unserialize($field["value"]);
						$text=unserialize($field["text"]);
						foreach ($value as $k=>$v){
							if($dbvalue==$v){
								$checked="checked";
							}
							else{
								$checked=null;
							}
							$input.='<input type="radio" name="setfield['.$field["field"].']" value="'.$v.'" '.$checked.'>'.$text[$k];
						}
						break;
						case "checkbox":
						$value=unserialize($field["value"]);
						$text=unserialize($field["text"]);
						$dbvalue=unserialize($dbvalue);
						foreach ($value as $k=>$v){
							if(in_array($v,$dbvalue)){
								$checked="checked";
							}
							else{
								$checked=null;
							}
							$input.='<input type="checkbox" name="setfield['.$field["field"].'][]" value="'.$v.'" '.$checked.'>'.$text[$k];
						}
						break;
						case "select":
						$value=unserialize($field["value"]);
						$text=unserialize($field["text"]);
						$input='<select name="setfield['.$field["field"].']">';
						foreach ($value as $k=>$v){
							if($dbvalue==$v){
								$selected="selected";