add.php

泛微协同办公系统标准版E-office V5.5的源代码内含泛微办公系统V5.5自动注册文件。

<?php

include_once( "inc/auth.php" );
include_once( "inc/reg_check.php" );
include_once( "inc/utility_all.php" );
include_once( "inc/weaver.inc" );
include_once( "inc/demo.inc" );
if ( $OA_REG_ON != 2 )
{
	exit( );
}
echo "\r\n<html>\r\n<head>\r\n<title>增加用户</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=gb2312\">\r\n\r\n</head>\r\n\r\n<body class=\"bodycolor\" topmargin=\"5\">\r\n\r\n";
$connection = openconnection( );
global $IS_REGISTERED_MYOA;
$query = "select count(*) from USER WHERE DEPT_ID>0";
$cursor = exequery( $connection, $query );
if ( $ROW = mysql_fetch_array( $cursor ) )
{
	$USER_COUNT = $ROW[0];
}
if ( !$IS_REGISTERED_MYOA )
{
	if ( DEMO_LIMIT_USER <= $USER_COUNT )
	{
		message( "提示", "已经达到系统的最大授权用户数（".DEMO_LIMIT_USER."），不能再增加用户" );
		button_back( );
		exit( );
	}
}
else
{
	$arrayR = parse_regfilestr( );
	$oaaccount = $arrayR[0]['useraccound'];
	$USER_LIMIT = $oaaccount;
	if ( $USER_LIMIT <= $USER_COUNT )
	{
		message( "提示", "已经达到系统的最大授权用户数（".$USER_LIMIT."），不能再增加用户" );
		button_back( );
		exit( );
	}
}
if ( strstr( $USER_ACCOUTNS, "\\'" ) != false )
{
	message( "错误", "用户名中含有非法字符" );
	button_back( );
	exit( );
}
if ( strstr( $PASSWORD, "\\'" ) != false )
{
	message( "错误", "密码中含有非法字符" );
	button_back( );
	exit( );
}
$query = "select * from USER where USER_ACCOUNTS='{$USER_ACCOUNTS}'";
$cursor = exequery( $connection, $query );
if ( $ROW = mysql_fetch_array( $cursor ) )
{
	message( "错误", "用户 ".$USER_ACCOUTNS." 已存在" );
	button_back( );
	exit( );
}
$PASSWORD = crypt( $PASSWORD );
$sql = "SELECT * FROM user_priv WHERE USER_PRIV=".$_REQUEST['USER_PRIV'];
$cursor = exequery( $connection, $sql );
if ( $row = mysql_fetch_array( $cursor ) )
{
	$u_priv = $row['FUNC_ID_STR'];
}
$u_priv = explode( ",", $u_priv );
$str = explode( ",", "253,3,111,262,243,245," );
$i = 0;
for ( ;	$i < sizeof( $u_priv );	++$i	)
{
	if ( in_array( $str[$i], $u_priv ) && $str[$i] != "" )
	{
		$user_p .= $str[$i].",";
	}
}
$sql = "SELECT USER_ID FROM user WHERE LENGTH(USER_ID)=10 AND LEFT(USER_ID,2)='WV' ORDER BY USER_ID DESC";
$rs = exequery( $connection, $sql );
if ( $row = mysql_fetch_array( $rs ) )
{
	$userid = $row['USER_ID'];
	$id_max = abs( str_replace( "WV", "", $userid ) );
	++$id_max;
	$id_max_str = "";
	$i = 0;
	for ( ;	$i < 8 - strlen( $id_max );	++$i	)
	{
		$id_max_str .= "0";
	}
	$userid_next = "WV".$id_max_str.$id_max;
}
else
{
	$userid_next = "WV00000001";
}
$USER_ID = $userid_next;
$query = "insert into USER (USER_ID,USER_ACCOUNTS,USER_NAME,SEX,PASSWORD,USER_PRIV,POST_PRIV,CANBROADCAST,DEPT_ID,AVATAR,CALL_SOUND,DUTY_TYPE,SMS_ON,MENU_HIDE,SHORTCUT,SMS_LOGIN) values ('{$USER_ID}','{$USER_ACCOUNTS}','{$USER_NAME}','{$SEX}','{$PASSWORD}','{$USER_PRIV}','{$POST_PRIV}','{$CANBROADCAST}','{$DEPT_ID}','1','1','{$DUTY_TYPE}','1','2','".$user_p."','".$SMS_LOGIN."')";
exequery( $connection, $query );
$user_id = $USER_ID;
$sql = "SELECT * FROM sys_function ORDER BY MENU_ID ASC";
$rs = exequery( $connection, $sql );
$menu_cnt = 0;
$order_c1 = 0;
$order_c2 = 0;
$order_c3 = 0;
while ( $row = mysql_fetch_array( $rs ) )
{
	++$menu_cnt;
	$user_id = $user_id;
	$func_id = $row['FUNC_ID'];
	$menu_id = $row['MENU_ID'];
	if ( strlen( $menu_id ) == 2 )
	{
		++$order_c1;
		$order_c = $order_c1;
	}
	if ( strlen( $menu_id ) == 4 )
	{
		++$order_c2;
		$order_c = $order_c2;
	}
	if ( strlen( $menu_id ) == 6 )
	{
		++$order_c3;
		$order_c = $order_c3;
	}
	$order_id = $order_c;
	$func_isshow = 1;
	$func_issys = 1;
	$func_name = $row['FUNC_NAME'];
	$func_code = $row['FUNC_CODE'];
	$func_follow = $row['FUNC_FOLLOW'];
	$func_type = 0;
	$sql_i = "INSERT INTO user_menu VALUES (\r\n\t\t\t\t'{$user_id}',\r\n\t\t\t\t{$func_id},\r\n\t\t\t\t'{$menu_id}',\r\n\t\t\t\t{$order_id},\r\n\t\t\t\t{$func_isshow},\r\n\t\t\t\t{$func_issys},\r\n\t\t\t\t'{$func_name}',\r\n\t\t\t\t'{$func_code}',\r\n\t\t\t\t{$func_follow},\r\n\t\t\t\t{$func_type},\r\n\t\t\t\t\t'{$func_type_id}'\r\n\t\t\t\t)";
	exequery( $connection, $sql_i );
}
if ( $POST_PRIV == "2" )
{
	$query = "update USER set POST_DEPT='{$TO_ID}' where USER_ID='{$USER_ID}'";
	exequery( $connection, $query );
}
add_log( 6, $USER_ID, $LOGIN_USER_ID );
echo "\r\n";
echo "<s";
echo "cript>\r\n\r\nparent.user_list.location.reload();\r\nwindow.setTimeout(\"url_refersh();\", 2000);\r\nfunction url_refersh()\r\n{\r\n\tlocation=\"user_new.php?DEPT_ID=";
echo $_REQUEST['DEPT_ID'];
echo "\";\r\n}\r\n</script>\r\n\r\n</body>\r\n</html>\r\n";
?>