国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

111 lines
4.6KB

  1. <?php
  2. /**
  3. * 编辑系统管理员
  4. *
  5. * @version $Id: sys_admin_user_edit.php 1 16:22 2010年7月20日Z tianya $
  6. * @package DedeBIZ.Administrator
  7. * @copyright Copyright (c) 2021, DedeBIZ.COM
  8. * @license https://www.dedebiz.com/license
  9. * @link https://www.dedebiz.com
  10. */
  11. require_once(dirname(__FILE__).'/config.php');
  12. CheckPurview('sys_User');
  13. require_once(DEDEINC.'/typelink.class.php');
  14. if (empty($dopost)) $dopost = '';
  15. $id = preg_replace("#[^0-9]#", '', $id);
  16. if ($dopost == 'saveedit') {
  17. CheckCSRF();
  18. $pwd = trim($pwd);
  19. if ($pwd != '' && preg_match("#[^0-9a-zA-Z_@!\.-]#", $pwd)) {
  20. ShowMsg('密码不合法,请使用[0-9a-zA-Z_@!.-]内的字符!', '-1', 0, 3000);
  21. exit();
  22. }
  23. $safecodeok = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
  24. if ($safecodeok != $safecode) {
  25. ShowMsg("请填写正确的安全验证串!", "sys_admin_user_edit.php?id={$id}&dopost=edit");
  26. exit();
  27. }
  28. $pwdm = '';
  29. if ($pwd != '') {
  30. $pwdm = ",pwd='".md5($pwd)."'";
  31. $pwd = ",pwd='".substr(md5($pwd), 5, 20)."'";
  32. }
  33. if (empty($typeids)) {
  34. $typeid = '';
  35. } else {
  36. $typeid = join(',', $typeids);
  37. if ($typeid == '0') $typeid = '';
  38. }
  39. if ($id != 1) {
  40. $query = "UPDATE `#@__admin` SET uname='$uname',usertype='$usertype',tname='$tname',email='$email',typeid='$typeid' $pwd WHERE id='$id'";
  41. } else {
  42. $query = "UPDATE `#@__admin` SET uname='$uname',tname='$tname',email='$email',typeid='$typeid' $pwd WHERE id='$id'";
  43. }
  44. $dsql->ExecuteNoneQuery($query);
  45. $query = "UPDATE `#@__member` SET uname='$uname',email='$email'$pwdm WHERE mid='$id'";
  46. $dsql->ExecuteNoneQuery($query);
  47. ShowMsg("成功更改一个帐户!", "sys_admin_user.php");
  48. exit();
  49. } else if ($dopost == 'delete') {
  50. if (empty($userok)) $userok = "";
  51. if ($userok != "yes") {
  52. $randcode = mt_rand(10000, 99999);
  53. $safecode = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
  54. require_once(DEDEINC."/oxwindow.class.php");
  55. $wintitle = "删除用户";
  56. $wecome_info = "<a href='sys_admin_user.php'>系统帐号管理</a>::删除用户";
  57. $win = new OxWindow();
  58. $win->Init("sys_admin_user_edit.php", "js/blank.js", "POST");
  59. $win->AddHidden("dopost", $dopost);
  60. $win->AddHidden("userok", "yes");
  61. $win->AddHidden("randcode", $randcode);
  62. $win->AddHidden("safecode", $safecode);
  63. $win->AddHidden("id", $id);
  64. $win->AddTitle("系统警告!");
  65. $win->AddMsgItem("您确信要删除用户:$userid 吗?", "50");
  66. $win->AddMsgItem("安全验证串:<input name='safecode' type='text' id='safecode' size='16' style='width:200px' />&nbsp;(复制本代码: <font color='red'>$safecode</font> )", "30");
  67. $winform = $win->GetWindow("ok");
  68. $win->Display();
  69. exit();
  70. }
  71. $safecodeok = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
  72. if ($safecodeok != $safecode) {
  73. ShowMsg("请填写正确的安全验证串!", "sys_admin_user.php");
  74. exit();
  75. }
  76. //不能删除id为1的创建人帐号,不能删除自己
  77. $rs = $dsql->ExecuteNoneQuery2("DELETE FROM `#@__admin` WHERE id='$id' AND id<>1 AND id<>'".$cuserLogin->getUserID()."' ");
  78. if ($rs > 0) {
  79. //更新前台用户信息
  80. $dsql->ExecuteNoneQuery("UPDATE `#@__member` SET matt='0' WHERE mid='$id' LIMIT 1");
  81. ShowMsg("成功删除一个帐户!", "sys_admin_user.php");
  82. } else {
  83. ShowMsg("不能删除id为1的创建人帐号,不能删除自己!", "sys_admin_user.php", 0, 3000);
  84. }
  85. exit();
  86. }
  87. //显示用户信息
  88. $randcode = mt_rand(10000, 99999);
  89. $safecode = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
  90. $typeOptions = '';
  91. $row = $dsql->GetOne("SELECT * FROM `#@__admin` WHERE id='$id'");
  92. $typeids = explode(',', $row['typeid']);
  93. $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid=0 AND (ispart=0 OR ispart=1)");
  94. $dsql->Execute('op');
  95. while ($nrow = $dsql->GetObject('op')) {
  96. $typeOptions .= "<option value='{$nrow->id}' class='btype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">{$nrow->typename}</option>\r\n";
  97. $dsql->SetQuery("SELECT id,typename FROM #@__arctype WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)");
  98. $dsql->Execute('s');
  99. while ($nrow = $dsql->GetObject('s')) {
  100. $typeOptions .= "<option value='{$nrow->id}' class='stype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">—{$nrow->typename}</option>\r\n";
  101. }
  102. }
  103. make_hash();
  104. include DedeInclude('templets/sys_admin_user_edit.htm');