user.php

通达网络办公 - Office Anywhere 2008 增强版100％源码(3.4.081216) 内含 通达OA2008增強版接近完美破解补丁20081216集 及 最新通达OA2008ADV(

<?php

include_once( "inc/auth.php" );
include_once( "inc/utility_org.php" );
include_once( "../../../prcs_role.php" );
include_once( "inc/user_online.php" );
if ( $FLOW_PRCS == "" )
{
	$QUERY_PRIV = "";
}
else
{
	$query = "SELECT PRCS_USER,PRCS_DEPT,PRCS_PRIV,USER_FILTER from FLOW_PROCESS where FLOW_ID=".$FLOW_ID." and PRCS_ID={$FLOW_PRCS}";
	$cursor = exequery( $connection, $query );
	if ( $ROW = mysql_fetch_array( $cursor ) )
	{
		$PRCS_USER = $ROW['PRCS_USER'];
		$PRCS_DEPT = $ROW['PRCS_DEPT'];
		$PRCS_PRIV = $ROW['PRCS_PRIV'];
		$USER_FILTER = $ROW['USER_FILTER'];
	}
	$QUERY_PRIV = " and (1=2 ";
	if ( $PRCS_USER != "" )
	{
		$QUERY_PRIV .= " or FIND_IN_SET(USER.USER_ID,'".$PRCS_USER."')";
	}
	if ( $PRCS_DEPT != "" )
	{
		if ( $PRCS_DEPT == "ALL_DEPT" )
		{
			$QUERY_PRIV .= " or 1=1";
		}
		else
		{
			if ( substr( $PRCS_DEPT, -1, 1 ) == "," )
			{
				$PRCS_DEPT = substr( $PRCS_DEPT, 0, -1 );
			}
			$QUERY_PRIV .= " or DEPT_ID in(".$PRCS_DEPT.")";
		}
	}
	if ( $PRCS_PRIV != "" )
	{
		if ( substr( $PRCS_PRIV, -1, 1 ) == "," )
		{
			$PRCS_PRIV = substr( $PRCS_PRIV, 0, -1 );
		}
		$QUERY_PRIV .= " or USER.USER_PRIV in(".$PRCS_PRIV.")".flow_other_sql( $PRCS_PRIV );
	}
	$QUERY_PRIV .= ") ";
	if ( $USER_FILTER == "1" )
	{
		$QUERY_PRIV .= " and USER.DEPT_ID='".$LOGIN_DEPT_ID."'";
	}
	else if ( $USER_FILTER == "2" )
	{
		$QUERY_PRIV .= " and USER.USER_PRIV='".$LOGIN_USER_PRIV."'";
	}
}
echo "\r\n<html>\r\n<head>\r\n<title></title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=gb2312\">\r\n</head>\r\n<script src=\"/inc/js/utility.js\"></script>\r\n<script Language=\"JavaScript\">\r\nvar parent_window = getOpenner();\r\nvar to_id =   parent_window.form1.TO_ID;\r\nvar to_name = parent_window.form1.TO_NAME;\r\n\r\nfunction add_user(user_id,user_name)\r\n{\r\n  TO_VAL=to_id.value;\r\n  if(TO_VAL.indexOf(\",\"+user_id+\",\")<0 && TO_VAL.indexOf(user_id+\",\")!=0)\r\n  {\r\n    to_id.value=user_id;\r\n    to_name.value=user_name;\r\n  }\r\n  parent.close();\r\n}\r\n</script>\r\n\r\n<body class=\"bodycolor\" topmargin=\"1\" leftmargin=\"0\" >\r\n\r\n";
if ( $INTEL == "1" )
{
	$query = "SELECT UID,USER_ID,USER_NAME,DEPT_ID,SEX from USER,USER_PRIV where DEPT_ID!=0 and NOT_LOGIN!='1' and USER.USER_PRIV=USER_PRIV.USER_PRIV ".$QUERY_PRIV." order by PRIV_NO,USER_NO,USER_NAME";
	$TITLE = "全部经办人";
}
else if ( $DEPT_ID != "" )
{
	$query = "SELECT UID,USER_ID,USER_NAME,DEPT_ID,SEX from USER,USER_PRIV where DEPT_ID=".$DEPT_ID." and NOT_LOGIN!='1' and USER.USER_PRIV=USER_PRIV.USER_PRIV ".$QUERY_PRIV." order by PRIV_NO,USER_NO,USER_NAME";
	$query1 = "select DEPT_NAME from DEPARTMENT where DEPT_ID=".$DEPT_ID;
	$cursor1 = exequery( $connection, $query1 );
	if ( $ROW = mysql_fetch_array( $cursor1 ) )
	{
		$TITLE = $ROW['DEPT_NAME'];
	}
}
else if ( $USER_PRIV != "" )
{
	$query = "SELECT UID,USER_ID,USER_NAME,DEPT_ID,SEX from USER where USER_PRIV='".$USER_PRIV."' and DEPT_ID!=0 and NOT_LOGIN!='1' ".$QUERY_PRIV." order by USER_NO,USER_NAME";
	$query1 = "select PRIV_NAME from USER_PRIV where USER_PRIV='".$USER_PRIV."'";
	$cursor1 = exequery( $connection, $query1 );
	if ( $ROW = mysql_fetch_array( $cursor1 ) )
	{
		$TITLE = $ROW['PRIV_NAME'];
	}
}
echo "\r\n<table width=\"100%\" class=\"TableBlock\">\r\n<tr class=\"TableHeader\">\r\n  <td colspan=\"2\" align=\"center\"><b>";
echo $TITLE;
echo "</b></td>\r\n</tr>\r\n\r\n";
$cursor = exequery( $connection, $query );
$USER_COUNT = 0;
while ( $ROW = mysql_fetch_array( $cursor ) )
{
	++$USER_COUNT;
	if ( $INTEL == "1" && $LIST_ALL != 1 && 20 < $USER_COUNT )
	{
		echo "   \t<tr class=\"TableData\">\r\n     <td onclick=\"location='user.php?INTEL=1&LIST_ALL=1&FLOW_ID=";
		echo $FLOW_ID;
		echo "&RUN_ID=";
		echo $RUN_ID;
		echo "&PRCS_ID=";
		echo $PRCS_ID;
		echo "&TO_ID=";
		echo $TO_ID;
		echo "&TO_NAME=";
		echo $TO_NAME;
		echo "&FORM_NAME=";
		echo $FORM_NAME;
		echo "'\" style=\"cursor:pointer\" align=\"center\" colspan=\"2\">显示更多...</td>\r\n    </tr>\r\n";
	}
	else
	{
		$UID = $ROW['UID'];
		$USER_ID = $ROW['USER_ID'];
		$USER_NAME = $ROW['USER_NAME'];
		$DEPT_ID = $ROW['DEPT_ID'];
		$DEPT_LONG_NAME = dept_long_name( $DEPT_ID );
		$SEX = $ROW['SEX'];
		if ( $SEX == "" )
		{
			$SEX = "0";
		}
		if ( find_id( $HISTORY_USER_ID, $USER_ID ) )
		{
			$USER_NAME_DESC = "<font color=red>".$USER_NAME."</font>";
		}
		else
		{
			$USER_NAME_DESC = $USER_NAME;
		}
		echo "\r\n<tr class=\"TableData\" style=\"cursor:pointer\">\r\n  <td class=\"menulines\" align=\"center\" onclick=\"javascript:add_user('";
		echo $USER_ID;
		echo "','";
		echo $USER_NAME;
		echo "')\"";
		if ( array_key_exists( $UID, $SYS_ONLINE_USER ) )
		{
			echo " style=\"color:#FF0000;\"";
		}
		echo ">";
		echo $USER_NAME;
		if ( array_key_exists( $UID, $SYS_ONLINE_USER ) )
		{
			echo "<img align=\"absmiddle\" src=\"/images/".$SEX."-1.gif\" title=\"在线\">";
		}
		echo "</td>\r\n</tr>\r\n";
	}
}
if ( $USER_PRIV != "" )
{
	$query = "SELECT UID,USER_ID,USER_NAME,SEX from USER where (USER_PRIV_OTHER like '".$USER_PRIV.",%' or USER_PRIV_OTHER like '%,{$USER_PRIV},%') and USER_PRIV!='{$USER_PRIV}' and DEPT_ID!=0 and NOT_LOGIN!='1' ".$QUERY_PRIV." order by USER_NO,USER_NAME";
	$cursor = exequery( $connection, $query );
	$USER_COUNT1 = 0;
	while ( $ROW = mysql_fetch_array( $cursor ) )
	{
		++$USER_COUNT;
		++$USER_COUNT1;
		$UID = $ROW['UID'];
		$USER_ID = $ROW['USER_ID'];
		$USER_NAME = $ROW['USER_NAME'];
		$SEX = $ROW['SEX'];
		if ( $SEX == "" )
		{
			$SEX = "0";
		}
		if ( find_id( $HISTORY_USER_ID, $USER_ID ) )
		{
			$USER_NAME_DESC = "<font color=red>".$USER_NAME."</font>";
		}
		else
		{
			$USER_NAME_DESC = $USER_NAME;
		}
		if ( $USER_COUNT1 == 1 )
		{
			echo "<tr class=\"TableHeader\">\r\n  <td colspan=\"2\" align=\"center\"><b>辅助角色</b></td>\r\n</tr>\r\n";
		}
		echo "\r\n<tr class=\"TableData\">\r\n  <td title=\"";
		echo $DEPT_LONG_NAME;
		echo "\" class=\"menulines\" id=\"";
		echo $USER_ID;
		echo "\" name=\"";
		echo $USER_NAME;
		echo "\" width=\"90%\" align=\"center\" onclick=\"javascript:add_user('";
		echo $USER_ID;
		echo "','";
		echo $USER_NAME;
		echo "')\" style=\"cursor:pointer\">\r\n  ";
		echo $USER_NAME_DESC;
		echo " ";
		if ( array_key_exists( $UID, $SYS_ONLINE_USER ) )
		{
			echo "<img align=\"absmiddle\" src=\"/images/".$SEX."-1.gif\" title=\"在线\">";
		}
		echo "  </td>\r\n</tr>\r\n\r\n";
	}
}
if ( $USER_COUNT == 0 )
{
	echo "<tr class=\"TableControl\">\r\n  <td align=\"center\">无符合条件的用户</td>\r\n</tr>\r\n";
}
echo "</table>\r\n</body>\r\n</html>\r\n";
?>