国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

member_toadmin.php 4.6KB

2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104
  1. <?php
  2. /**
  3. * 升级为管理员
  4. *
  5. * @version $id:member_toadmin.php 14:09 2010年7月20日 tianya $
  6. * @package DedeBIZ.Administrator
  7. * @copyright Copyright (c) 2022 DedeBIZ.COM
  8. * @license https://www.dedebiz.com/license
  9. * @link https://www.dedebiz.com
  10. */
  11. require_once(dirname(__FILE__)."/config.php");
  12. CheckPurview('member_Edit');
  13. if (empty($dopost)) $dopost = '';
  14. if (empty($fmdo)) $fmdo = '';
  15. $ENV_GOBACK_URL = isset($_COOKIE['ENV_GOBACK_URL']) ? 'member_main.php' : '';
  16. $row = array();
  17. /*----------------
  18. function __Toadmin()
  19. 升级为管理员
  20. ----------------*/
  21. if ($dopost == "toadmin") {
  22. $pwd = trim($pwd);
  23. if ($pwd != '' && preg_match("#[^0-9a-zA-Z_@!\.-]#", $pwd)) {
  24. ShowMsg('密码不合法,请使用[0-9a-zA-Z_@!.-]内的字符', '-1', 0, 3000);
  25. exit();
  26. }
  27. $safecodeok = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
  28. if ($safecodeok != $safecode) {
  29. ShowMsg("请填写正确的验证安全码", "member_toadmin.php?id={$id}");
  30. exit();
  31. }
  32. $pwdm = '';
  33. if ($pwd != '') {
  34. $inputpwd = ",pwd";
  35. if (function_exists('password_hash')) {
  36. $inputpwd = ",pwd_new";
  37. $inputpwdv = ",'".password_hash($pwd, PASSWORD_BCRYPT)."'";
  38. $pwdm = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
  39. } else {
  40. $inputpwdv = ",'".substr(md5($pwd), 5, 20)."'";
  41. $pwdm = ",pwd='".md5($pwd)."'";
  42. }
  43. } else {
  44. $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'");
  45. if (function_exists('password_hash')) {
  46. $password = $row['pwd_new'];
  47. $inputpwd = ",pwd_new";
  48. $inputpwdv = ",'".$password."'";
  49. $pwdm = ",pwd_new='".$password."'";
  50. } else {
  51. $password = $row['pwd'];
  52. $inputpwd = ",pwd";
  53. $pwd = substr($password, 5, 20);
  54. $inputpwdv = ",'".$pwd."'";
  55. $pwdm = ",pwd='".$password."'";
  56. }
  57. }
  58. $typeids = (empty($typeids)) ? array() : $typeids;
  59. if ($typeids == '') {
  60. ShowMsg("请为该管理员指定管理栏目", "member_toadmin.php?id={$id}");
  61. exit();
  62. }
  63. $typeid = join(',', $typeids);
  64. if ($typeid == '0') $typeid = '';
  65. if ($id != 1) {
  66. $query = "INSERT INTO `#@__admin` (id,usertype,userid$inputpwd,uname,typeid,tname,email) VALUES ('$id','$usertype','$userid'$inputpwdv,'$uname','$typeid','$tname','$email')";
  67. } else {
  68. $query = "INSERT INTO `#@__admin` (id,userid$inputpwd,uname,typeid,tname,email) VALUES ('$id','$userid'$inputpwdv,'$uname','$typeid','$tname','$email')";
  69. }
  70. $dsql->ExecuteNoneQuery($query);
  71. $query = "UPDATE `#@__member` SET `rank`='100',uname='$uname',matt='10',email='$email'$pwdm WHERE mid='$id'";
  72. $dsql->ExecuteNoneQuery($query);
  73. $row = $dsql->GetOne("SELECT * FROM `#@__admintype` WHERE `rank`='$usertype'");
  74. $floginid = $cuserLogin->getUserName();
  75. $fromid = $cuserLogin->getUserID();
  76. $subject = "恭喜您已经成功提升为管理员";
  77. $message = "亲爱的会员<span class='text-primary'>{$userid}</span>,您已经成功提升为<span class='text-primary'>{$row['typename']}</span>,具体操作权限请同网站超级管理员联系";
  78. $sendtime = $writetime = time();
  79. $inquery = "INSERT INTO `#@__member_pms` (`floginid`,`fromid`,`toid`,`tologinid`,`folder`,`subject`,`sendtime`,`writetime`,`hasview`,`isadmin`,`message`) VALUES ('$floginid','$fromid','$id','$userid','inbox','$subject','$sendtime','$writetime','0','0','$message'); ";
  80. $dsql->ExecuteNoneQuery($inquery);
  81. ShowMsg("成功升级一个帐户", "member_main.php");
  82. exit();
  83. }
  84. $id = preg_replace("#[^0-9]#", "", $id);
  85. //显示用户信息
  86. $randcode = mt_rand(10000, 99999);
  87. $safecode = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
  88. $typeOptions = '';
  89. $typeid = (empty($typeid)) ? '' : $typeid;
  90. $typeids = explode(',', $typeid);
  91. $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid=0 AND (ispart=0 OR ispart=1)");
  92. $dsql->Execute('op');
  93. while ($nrow = $dsql->GetObject('op')) {
  94. $typeOptions .= "<option value='{$nrow->id}'".(in_array($nrow->id, $typeids) ? ' selected' : '').">└─ {$nrow->typename}</option>\r\n";
  95. $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)");
  96. $dsql->Execute('s');
  97. while ($nrow = $dsql->GetObject('s')) {
  98. $typeOptions .= "<option value='{$nrow->id}'".(in_array($nrow->id, $typeids) ? ' selected' : '').">└── {$nrow->typename}</option>\r\n";
  99. }
  100. }
  101. $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'");
  102. include DedeInclude('templets/member_toadmin.htm');
  103. ?>