add.php

通达网络办公 - Office Anywhere 2008 增强版100％源码(3.4.081216) 内含 通达OA2008增強版接近完美破解补丁20081216集 及 最新通达OA2008ADV(

<?php

include_once( "inc/auth.php" );
include_once( "inc/utility_all.php" );
include_once( "inc/utility_org.php" );
include_once( "inc/check_type.php" );
include_once( "inc/td_core.php" );
echo "\r\n<html>\r\n<head>\r\n<title>新建用户</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=gb2312\">\r\n</head>\r\n\r\n<body class=\"bodycolor\" topmargin=\"5\">\r\n\r\n";
$BIND_IP = str_replace( "\r\n", ",", $BIND_IP );
$BIND_IP = str_replace( "\n", ",", $BIND_IP );
$BIND_IP = trim( $BIND_IP );
if ( trim( $USER_ID ) == "" )
{
	message( "错误", "用户名不能为空" );
	button_back( );
	exit( );
}
if ( trim( $USER_NAME ) == "" )
{
	message( "错误", "用户姓名不能为空" );
	button_back( );
	exit( );
}
$DEPT_ID = intval( $DEPT_ID );
if ( !is_dept_priv( $DEPT_ID ) )
{
	message( "错误", "您没有建立该部门用户的权限" );
	button_back( );
	exit( );
}
$USER_PRIV = intval( $USER_PRIV );
if ( $USER_PRIV <= 0 )
{
	message( "错误", "角色无效" );
	button_back( );
	exit( );
}
$query = "SELECT * from USER_PRIV where USER_PRIV=".$LOGIN_USER_PRIV;
$cursor = exequery( $connection, $query );
if ( $ROW = mysql_fetch_array( $cursor ) )
{
	$PRIV_NO = $ROW['PRIV_NO'];
}
if ( $LOGIN_USER_PRIV != "1" )
{
	$query = "SELECT USER_PRIV from USER_PRIV where PRIV_NO>".$PRIV_NO." and USER_PRIV='{$USER_PRIV}'";
}
else
{
	$query = "SELECT USER_PRIV from USER_PRIV where USER_PRIV='".$USER_PRIV."'";
}
$cursor = exequery( $connection, $query );
if ( mysql_num_rows( $cursor ) <= 0 )
{
	message( "错误", "您没有建立该角色用户的权限" );
	button_back( );
	exit( );
}
$USER_NAME = str_replace( ",", "", $USER_NAME );
$USER_NAME = str_replace( "'", "", $USER_NAME );
$USER_NAME = str_replace( "\"", "", $USER_NAME );
if ( $NOT_LOGIN != "on" )
{
	login_check( "[TDCORE_ADDUSER]", "[TDCORE_ADDUSER]" );
}
if ( strstr( $USER_ID, "\\'" ) || strstr( $USER_ID, "," ) )
{
	message( "错误", "用户名中含有非法字符" );
	button_back( );
	exit( );
}
if ( strstr( $BYNAME, "\\'" ) )
{
	message( "错误", "别名中含有非法字符" );
	button_back( );
	exit( );
}
if ( strstr( $PASSWORD, "\\'" ) )
{
	message( "错误", "密码中含有非法字符" );
	button_back( );
	exit( );
}
if ( $BIRTHDAY != "" && !is_date( $BIRTHDAY ) )
{
	message( "错误", "生日格式不合法，应形如：".date( "Y-m-d", time( ) ) );
	button_back( );
	exit( );
}
if ( $BYNAME == $USER_ID )
{
	message( "错误", "用户名和别名不能相同" );
	button_back( );
	exit( );
}
$query = "select * from USER where USER_ID='".$USER_ID."' or BYNAME='{$USER_ID}'";
$cursor = exequery( $connection, $query );
if ( $ROW = mysql_fetch_array( $cursor ) )
{
	message( "错误", "用户名或别名 ".$USER_ID." 已存在" );
	button_back( );
	exit( );
}
if ( $BYNAME != "" )
{
	$query = "select * from USER where BYNAME='".$BYNAME."' or USER_ID='{$BYNAME}'";
	$cursor = exequery( $connection, $query );
	if ( $ROW = mysql_fetch_array( $cursor ) )
	{
		message( "错误", "用户名或别名 ".$BYNAME." 已存在" );
		button_back( );
		exit( );
	}
}
if ( $USER_NO == "" )
{
	$USER_NO = 10;
}
if ( !is_number( $USER_NO ) )
{
	message( "错误", "用户排序号应为数字" );
	button_back( );
	exit( );
}
if ( $NOT_LOGIN == "on" )
{
	$NOT_LOGIN = 1;
}
else
{
	$NOT_LOGIN = 0;
}
if ( $NOT_VIEW_USER == "on" )
{
	$NOT_VIEW_USER = 1;
}
else
{
	$NOT_VIEW_USER = 0;
}
if ( $NOT_VIEW_TABLE == "on" )
{
	$NOT_VIEW_TABLE = 1;
}
else
{
	$NOT_VIEW_TABLE = 0;
}
if ( $MOBIL_NO_HIDDEN == "on" )
{
	$MOBIL_NO_HIDDEN = "1";
}
else
{
	$MOBIL_NO_HIDDEN = "0";
}
if ( $USEING_KEY == "on" )
{
	$USEING_KEY = 1;
}
else
{
	$USEING_KEY = 0;
}
$EMAIL_CAPACITY = intval( $EMAIL_CAPACITY );
$FOLDER_CAPACITY = intval( $FOLDER_CAPACITY );
$WEBMAIL_NUM = intval( $WEBMAIL_NUM );
$WEBMAIL_CAPACITY = intval( $WEBMAIL_CAPACITY );
if ( $EMAIL_CAPACITY != "" && ( !is_int( $EMAIL_CAPACITY ) && $EMAIL_CAPACITY < 0 ) )
{
	message( "错误", "内部邮箱容量应为整数！" );
	button_back( );
	exit( );
}
if ( $FOLDER_CAPACITY != "" && ( !is_int( $FOLDER_CAPACITY ) && $FOLDER_CAPACITY < 0 ) )
{
	message( "错误", "个人文件柜容量应为整数！" );
	button_back( );
	exit( );
}
$query = "SELECT * from USER_PRIV where USER_PRIV='".$USER_PRIV."'";
$cursor = exequery( $connection, $query );
if ( $ROW = mysql_fetch_array( $cursor ) )
{
	$FUNC_ID_STR = $ROW['FUNC_ID_STR'];
}
$SHORTCUT = check_id( $FUNC_ID_STR, "1,2,3,42,4,147,8,9,16,130,5,131,132,182,183,24,15,76,", TRUE );
$DEPT_ID_OTHER = check_id( $DEPT_ID, $DEPT_ID_OTHER, FALSE );
$PASSWORD = crypt( $PASSWORD );
$query = "insert into USER (USER_ID,USER_NAME,SEX,PASSWORD,USER_PRIV,POST_PRIV,POST_DEPT,CANBROADCAST,DEPT_ID,DEPT_ID_OTHER,AVATAR,CALL_SOUND,DUTY_TYPE,SMS_ON,EMAIL_CAPACITY,FOLDER_CAPACITY,USER_PRIV_OTHER,USER_NO,NOT_LOGIN,NOT_VIEW_USER,NOT_VIEW_TABLE,BYNAME,BIRTHDAY,THEME,SHORTCUT,MOBIL_NO,MOBIL_NO_HIDDEN,BIND_IP,KEY_SN,USEING_KEY,REMARK,WEBMAIL_CAPACITY,WEBMAIL_NUM,TEL_NO_DEPT) values ('".$USER_ID."','{$USER_NAME}','{$SEX}','{$PASSWORD}','{$USER_PRIV}','{$POST_PRIV}','{$TO_ID}','{$CANBROADCAST}','{$DEPT_ID}','{$DEPT_ID_OTHER}','1','1','{$DUTY_TYPE}','1',{$EMAIL_CAPACITY},{$FOLDER_CAPACITY},'{$PRIV_ID}',{$USER_NO},'{$NOT_LOGIN}','{$NOT_VIEW_USER}','{$NOT_VIEW_TABLE}','{$BYNAME}','{$BIRTHDAY}','{$THEME}','{$SHORTCUT}','{$MOBIL_NO}','{$MOBIL_NO_HIDDEN}','{$BIND_IP}','{$KEY_SN}','{$USEING_KEY}','{$REMARK}','{$WEBMAIL_CAPACITY}','{$WEBMAIL_NUM}','{$TEL_NO_DEPT}')";
exequery( $connection, $query );
$UID = mysql_insert_id( );
add_log( 6, $USER_ID, $LOGIN_USER_ID );
if ( $PRIV_ID1 != "" )
{
	$query = "select * from MODULE_PRIV where UID='".$UID."' and MODULE_ID='0'";
	$cursor = exequery( $connection, $query );
	if ( $ROW = mysql_fetch_array( $cursor ) )
	{
		$query = "update MODULE_PRIV set PRIV_ID='".$PRIV_ID1."' where UID='{$UID}' and MODULE_ID='0'";
		exequery( $connection, $query );
	}
	else
	{
		$query = "insert into MODULE_PRIV (UID,MODULE_ID,DEPT_PRIV,ROLE_PRIV,PRIV_ID) values('".$UID."','0','1','2','{$PRIV_ID1}')";
		exequery( $connection, $query );
	}
}
else
{
	$query = "delete from MODULE_PRIV where UID='".$UID."' and MODULE_ID='0'";
	exequery( $connection, $query );
}
if ( file_exists( "fis_acset_update.php" ) )
{
	include_once( "fis_acset_update.php" );
}
message( "", "用户增加成功" );
echo "\r\n<script>\r\nopener.parent.user_list.location.reload();\r\nopener.location=\"user_new.php?DEPT_ID=";
echo $DEPT_ID;
echo "\";\r\n</script>\r\n\r\n<div align=\"center\">\r\n   <input type=\"button\" value=\"继续新建用户\" class=\"BigButton\" title=\"继续新建用户\" onclick=\"location='new.php?DEPT_ID=";
echo $DEPT_ID;
echo "'\">&nbsp;&nbsp;\r\n   <input type=\"button\" value=\"建立档案\" class=\"BigButton\" title=\"建立档案\" onclick=\"location='../../hrms/manage/hrms.php?USER_ID=";
echo $USER_ID;
echo "'\">&nbsp;&nbsp;\r\n   <input type=\"button\" value=\"关 闭\" class=\"BigButton\" title=\"关闭窗口\" onclick=\"window.close();\">\r\n</div>\r\n</body>\r\n</html>\r\n";
?>