国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

106 lines
4.6KB

  1. <?php
  2. /**
  3. * 升级为管理员
  4. *
  5. * @version $Id: member_toadmin.php 1 14:09 2010年7月20日Z tianya $
  6. * @package DedeBIZ.Administrator
  7. * @copyright Copyright (c) 2022, DedeBIZ.COM
  8. * @license https://www.dedebiz.com/license
  9. * @link https://www.dedebiz.com
  10. */
  11. require_once(dirname(__FILE__)."/config.php");
  12. CheckPurview('member_Edit');
  13. if (empty($dopost)) $dopost = '';
  14. if (empty($fmdo)) $fmdo = '';
  15. $ENV_GOBACK_URL = isset($_COOKIE['ENV_GOBACK_URL']) ? 'member_main.php' : '';
  16. $row = array();
  17. /*----------------
  18. function __Toadmin()
  19. 升级为管理员
  20. ----------------*/
  21. if ($dopost == "toadmin") {
  22. $pwd = trim($pwd);
  23. if ($pwd != '' && preg_match("#[^0-9a-zA-Z_@!\.-]#", $pwd)) {
  24. ShowMsg('密码不合法,请使用[0-9a-zA-Z_@!.-]内的字符', '-1', 0, 3000);
  25. exit();
  26. }
  27. $safecodeok = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
  28. if ($safecodeok != $safecode) {
  29. ShowMsg("请填写正确的安全验证串", "member_toadmin.php?id={$id}");
  30. exit();
  31. }
  32. $pwdm = '';
  33. if ($pwd != '') {
  34. $inputpwd = ",pwd";
  35. if (function_exists('password_hash')) {
  36. $inputpwd = ",pwd_new";
  37. $inputpwdv = ",'".password_hash($pwd, PASSWORD_BCRYPT)."'";
  38. $pwdm = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
  39. } else {
  40. $inputpwdv = ",'".substr(md5($pwd), 5, 20)."'";
  41. $pwdm = ",pwd='".md5($pwd)."'";
  42. }
  43. } else {
  44. $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'");
  45. if (function_exists('password_hash')) {
  46. $password = $row['pwd_new'];
  47. $inputpwd = ",pwd_new";
  48. $inputpwdv = ",'".$password."'";
  49. $pwdm = ",pwd_new='".$password."'";
  50. } else {
  51. $password = $row['pwd'];
  52. $inputpwd = ",pwd";
  53. $pwd = substr($password, 5, 20);
  54. $inputpwdv = ",'".$pwd."'";
  55. $pwdm = ",pwd='".$password."'";
  56. }
  57. }
  58. $typeids = (empty($typeids)) ? array() : $typeids;
  59. if ($typeids == '') {
  60. ShowMsg("请为该管理员指定管理栏目", "member_toadmin.php?id={$id}");
  61. exit();
  62. }
  63. $typeid = join(',', $typeids);
  64. if ($typeid == '0') $typeid = '';
  65. if ($id != 1) {
  66. $query = "INSERT INTO `#@__admin`(id,usertype,userid$inputpwd,uname,typeid,tname,email)
  67. VALUES('$id','$usertype','$userid'$inputpwdv,'$uname','$typeid','$tname','$email')";
  68. } else {
  69. $query = "INSERT INTO `#@__admin`(id,userid$inputpwd,uname,typeid,tname,email)
  70. VALUES('$id','$userid'$inputpwdv,'$uname','$typeid','$tname','$email')";
  71. }
  72. $dsql->ExecuteNoneQuery($query);
  73. $query = "UPDATE `#@__member` SET `rank`='100',uname='$uname',matt='10',email='$email'$pwdm WHERE mid='$id'";
  74. $dsql->ExecuteNoneQuery($query);
  75. $row = $dsql->GetOne("SELECT * FROM `#@__admintype` WHERE `rank`='$usertype'");
  76. $floginid = $cuserLogin->getUserName();
  77. $fromid = $cuserLogin->getUserID();
  78. $subject = "恭喜您已经成功提升为管理员";
  79. $message = "亲爱的会员{$userid},您已经成功提升为{$row['typename']},具体操作权限请同网站超级管理员联系";
  80. $sendtime = $writetime = time();
  81. $inquery = "INSERT INTO `#@__member_pms` (`floginid`,`fromid`,`toid`,`tologinid`,`folder`,`subject`,`sendtime`,`writetime`,`hasview`,`isadmin`,`message`)
  82. VALUES ('$floginid','$fromid','$id','$userid','inbox','$subject','$sendtime','$writetime','0','0','$message'); ";
  83. $dsql->ExecuteNoneQuery($inquery);
  84. ShowMsg("成功升级一个帐户", "member_main.php");
  85. exit();
  86. }
  87. $id = preg_replace("#[^0-9]#", "", $id);
  88. //显示用户信息
  89. $randcode = mt_rand(10000, 99999);
  90. $safecode = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
  91. $typeOptions = '';
  92. $typeid = (empty($typeid)) ? '' : $typeid;
  93. $typeids = explode(',', $typeid);
  94. $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid=0 AND (ispart=0 OR ispart=1)");
  95. $dsql->Execute('op');
  96. while ($nrow = $dsql->GetObject('op')) {
  97. $typeOptions .= "<option value='{$nrow->id}' class='btype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">{$nrow->typename}</option>\r\n";
  98. $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)");
  99. $dsql->Execute('s');
  100. while ($nrow = $dsql->GetObject('s')) {
  101. $typeOptions .= "<option value='{$nrow->id}' class='stype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">—{$nrow->typename}</option>\r\n";
  102. }
  103. }
  104. $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'");
  105. include DedeInclude('templets/member_toadmin.htm');