update.php

极限网络智能办公系统 Office Automation V3.0官方100％源代码.

<?
include_once 'inc/auth.php';
include_once 'inc/utility_all.php';
include_once 'inc/check_type.php';
echo '
<html>
<head>
<title>修改用户</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>
<body class="bodycolor" topmargin="5">
';
if ($USER_ID == 'admin')
{
	$USER_PRIV = 1;
	$POST_PRIV = 1;
}
if (strstr ($BYNAME, '\\\'') != false)
{
	message ('错误', '别名中含有非法字符');
	button_back ();
	exit ();
}
if ($BIRTHDAY != '')
{
	if (!(is_date ($BIRTHDAY)))
	{
		message ('错误', '生日格式不合法，应形如：' . date ('Y-m-d', time ()));
		button_back ();
		exit ();
	}
}
if ($BYNAME == $USER_ID)
{
	message ('错误', '用户名和别名不能相同');
	button_back ();
	exit ();
}
if ($BYNAME != '')
{
	$query = 'select * from USER where USER_ID!=\'' . $USER_ID . '\' and BYNAME=\'' . $BYNAME . '\' or USER_ID=\'' . $BYNAME . '\'';
	$cursor = exequery ($connection, $query);
	if ($ROW = mysql_fetch_array ($cursor))
	{
		message ('错误', '用户名或别名 ' . $BYNAME . ' 已存在');
		button_back ();
		exit ();
	}
}
if ($USER_NO == '')
{
	$USER_NO = 10;
}
if (!(is_number ($USER_NO)))
{
	message ('错误', '用户排序号应为数字');
	button_back ();
	exit ();
}
if ($NOT_LOGIN == 'on')
{
	$NOT_LOGIN = 1;
}
else
{
	$NOT_LOGIN = 0;
}
if ($NOT_VIEW_USER == 'on')
{
	$NOT_VIEW_USER = 1;
}
else
{
	$NOT_VIEW_USER = 0;
}
if ($NOT_VIEW_TABLE == 'on')
{
	$NOT_VIEW_TABLE = 1;
}
else
{
	$NOT_VIEW_TABLE = 0;
}
if ($MOBIL_NO_HIDDEN == 'on')
{
	$MOBIL_NO_HIDDEN = '1';
}
else
{
	$MOBIL_NO_HIDDEN = '0';
}
$EMAIL_CAPACITY = intval ($EMAIL_CAPACITY);
$FOLDER_CAPACITY = intval ($FOLDER_CAPACITY);
if ($EMAIL_CAPACITY != '')
{
	if (!((is_int ($EMAIL_CAPACITY) AND !($EMAIL_CAPACITY < 0))))
	{
		message ('错误', '内部邮箱容量应为整数！');
		button_back ();
		exit ();
	}
}
if ($FOLDER_CAPACITY != '')
{
	if (!((is_int ($FOLDER_CAPACITY) AND !($FOLDER_CAPACITY < 0))))
	{
		message ('错误', '个人文件柜容量应为整数！');
		button_back ();
		exit ();
	}
}
$query = 'update USER set USER_NAME=\'' . $USER_NAME . '\',SEX=\'' . $SEX . '\',DEPT_ID=' . $DEPT_ID . ',DUTY_TYPE=' . $DUTY_TYPE . ',USER_PRIV=\'' . $USER_PRIV . '\',POST_PRIV=\'' . $POST_PRIV . '\',POST_DEPT=\'' . $TO_ID . '\',CANBROADCAST=\'' . $CANBROADCAST . '\',EMAIL_CAPACITY=' . $EMAIL_CAPACITY . ',FOLDER_CAPACITY=' . $FOLDER_CAPACITY . ',USER_PRIV_OTHER=\'' . $PRIV_ID . '\',USER_NO=' . $USER_NO . ',NOT_LOGIN=\'' . $NOT_LOGIN . '\',NOT_VIEW_USER=\'' . $NOT_VIEW_USER . '\',NOT_VIEW_TABLE=\'' . $NOT_VIEW_TABLE . '\',BYNAME=\'' . $BYNAME . '\',BIRTHDAY=\'' . $BIRTHDAY . '\',THEME=\'' . $THEME . '\',MOBIL_NO=\'' . $MOBIL_NO . '\',MOBIL_NO_HIDDEN=\'' . $MOBIL_NO_HIDDEN . '\' where USER_ID=\'' . $USER_ID . '\'';
exequery ($connection, $query);
add_log (7, $USER_ID, $LOGIN_USER_ID);
echo '<script>
';
if ($DEPT_ID != $DEPT_ID1)
{
	echo 'parent.user_list.location.reload();
';
}
echo '
location="user_new.php?DEPT_ID=';
echo $DEPT_ID1;
echo '";
</script>
</body>
</html>
';
?>