table("admin_user"), $db, 'user_id', 'user_name'); $adminru = get_admin_ru_id(); //ecmoban模板堂 --zhuo start if($adminru['ru_id'] == 0){ $smarty->assign('priv_ru', 1); }else{ $smarty->assign('priv_ru', 0); } $smarty->assign('seller', 0); $php_self = get_php_self(1); $smarty->assign('php_self', $php_self); //ecmoban模板堂 --zhuo end if ($_REQUEST['act'] == 'list') { /* 模板赋值 */ $smarty->assign('ur_here', $_LANG['privilege_shop']); /*判断是否是商家,是显示添加管理员按钮*/ if($adminru['ru_id'] > 0){ $smarty->assign('action_link', array('href'=>'privilege_seller.php?act=add', 'text' => $_LANG['admin_add'])); } $smarty->assign('ru_id', $adminru['ru_id']); $smarty->assign('full_page', 1); $admin_list = get_admin_userlist($adminru['ru_id']); $smarty->assign('admin_list', $admin_list['list']); $smarty->assign('filter', $admin_list['filter']); $smarty->assign('record_count', $admin_list['record_count']); $smarty->assign('page_count', $admin_list['page_count']); /* 显示页面 */ assign_query_info(); $smarty->display('privilege_list.htm'); } /*------------------------------------------------------ */ //-- 查询 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'query') { $admin_list = get_admin_userlist($adminru['ru_id']); $smarty->assign('admin_list', $admin_list['list']); $smarty->assign('filter', $admin_list['filter']); $smarty->assign('record_count', $admin_list['record_count']); $smarty->assign('page_count', $admin_list['page_count']); make_json_result($smarty->fetch('privilege_list.htm'), '', array('filter' => $admin_list['filter'], 'page_count' => $admin_list['page_count'])); } /*------------------------------------------------------ */ //-- 添加管理员页面 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'add') { /* 检查权限 */ admin_priv('seller_manage'); /* 模板赋值 */ $smarty->assign('ur_here', $_LANG['admin_add']); $smarty->assign('action_link', array('href'=>'privilege_seller.php?act=list', 'text' => $_LANG['02_admin_seller'])); $smarty->assign('form_act', 'insert'); $smarty->assign('action', 'add'); /* 显示页面 */ assign_query_info(); $smarty->display('privilege_info.htm'); } /*------------------------------------------------------ */ //-- 添加管理员的处理 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'insert') { admin_priv('seller_manage'); /* 判断管理员是否已经存在 */ if (!empty($_POST['user_name'])) { $is_only = $exc->is_only('user_name', stripslashes($_POST['user_name'])); if (!$is_only) { sys_msg(sprintf($_LANG['user_name_exist'], stripslashes($_POST['user_name'])), 1); } } /* Email地址是否有重复 */ if (!empty($_POST['email'])) { $is_only = $exc->is_only('email', stripslashes($_POST['email'])); if (!$is_only) { sys_msg(sprintf($_LANG['email_exist'], stripslashes($_POST['email'])), 1); } } /* 获取添加日期及密码 */ $add_time = gmtime(); $password = md5($_POST['password']); $parent_id=''; $action_list=''; $ru_id=''; if($_SESSION['admin_id']>0){ $res=$db->getOne(" SELECT ru_id,action_list FROM ".$ecs->table("admin_user")." WHERE user_id = '".$_SESSION['admin_id']."'"); $action_list=$res['action_list']; $ru_id=$res['ru_id']; } $sql = "SELECT nav_list FROM " . $ecs->table('admin_user') . " WHERE action_list = 'all'"; $row = $db->getRow($sql); $sql = "INSERT INTO ".$ecs->table('admin_user')." (user_name, email, password, add_time, nav_list,action_list,ru_id,parent_id) ". "VALUES ('".trim($_POST['user_name'])."', '".trim($_POST['email'])."', '$password', '$add_time', '$row[nav_list]','$action_list','$ru_id','".$_SESSION['admin_id']."')"; $db->query($sql); /* 转入权限分配列表 */ $new_id = $db->Insert_ID(); /*添加链接*/ $link[0]['text'] = $_LANG['go_allot_priv']; $link[0]['href'] = 'privilege_seller.php?act=allot&id='.$new_id.'&user='.$_POST['user_name'].''; $link[1]['text'] = $_LANG['continue_add']; $link[1]['href'] = 'privilege_seller.php?act=add'; sys_msg($_LANG['add'] . " " .$_POST['user_name'] . " " . $_LANG['action_succeed'],0, $link); /* 记录管理员操作 */ admin_log($_POST['user_name'], 'add', 'privilege'); } /*------------------------------------------------------ */ //-- 编辑管理员信息 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'edit') { /* 不能编辑demo这个管理员 */ if ($_SESSION['admin_name'] == 'demo') { $link[] = array('text' => $_LANG['back_list'], 'href'=>'privilege_seller.php?act=list'); sys_msg($_LANG['edit_admininfo_cannot'], 0, $link); } $_REQUEST['id'] = !empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0; /* 查看是否有权限编辑其他管理员的信息 */ if ($_SESSION['admin_id'] != $_REQUEST['id']) { admin_priv('seller_manage'); } /* 获取管理员信息 */ $sql = "SELECT user_id, user_name, email, password, agency_id, role_id FROM " .$ecs->table('admin_user'). " WHERE user_id = '".$_REQUEST['id']."'"; $user_info = $db->getRow($sql); /* 取得该管理员负责的办事处名称 */ if ($user_info['agency_id'] > 0) { $sql = "SELECT agency_name FROM " . $ecs->table('agency') . " WHERE agency_id = '$user_info[agency_id]'"; $user_info['agency_name'] = $db->getOne($sql); } /* 模板赋值 */ $smarty->assign('ur_here', $_LANG['admin_edit']); $smarty->assign('action_link', array('text' => $_LANG['02_admin_seller'], 'href'=>'privilege_seller.php?act=list')); $smarty->assign('user', $user_info); /* 获得该管理员的权限 */ $priv_str = $db->getOne("SELECT action_list FROM " .$ecs->table('admin_user'). " WHERE user_id = '$_GET[id]'"); $smarty->assign('form_act', 'update'); $smarty->assign('action', 'edit'); assign_query_info(); $smarty->display('privilege_info.htm'); } /*------------------------------------------------------ */ //-- 更新管理员信息 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'update' || $_REQUEST['act'] == 'update_self') { /* 变量初始化 */ $admin_id = !empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0; $admin_name = !empty($_REQUEST['user_name']) ? trim($_REQUEST['user_name']) : ''; $admin_email = !empty($_REQUEST['email']) ? trim($_REQUEST['email']) : ''; $ec_salt=rand(1,9999); $password = !empty($_POST['new_password']) ? ", password = '".md5(md5($_POST['new_password']).$ec_salt)."'" : ''; if ($_REQUEST['act'] == 'update') { /* 查看是否有权限编辑其他管理员的信息 */ if ($_SESSION['admin_id'] != $_REQUEST['id']) { admin_priv('seller_manage'); } $g_link = 'privilege_seller.php?act=list'; $nav_list = ''; } else { $nav_list = !empty($_POST['nav_list']) ? ", nav_list = '".@join(",", $_POST['nav_list'])."'" : ''; $admin_id = $_SESSION['admin_id']; $g_link = 'privilege_seller.php?act=modif'; } /* 判断管理员是否已经存在 */ if (!empty($admin_name)) { $is_only = $exc->num('user_name', $admin_name, $admin_id); if ($is_only == 1) { sys_msg(sprintf($_LANG['user_name_exist'], stripslashes($admin_name)), 1); } } /* Email地址是否有重复 */ if (!empty($admin_email)) { $is_only = $exc->num('email', $admin_email, $admin_id); if ($is_only == 1) { sys_msg(sprintf($_LANG['email_exist'], stripslashes($admin_email)), 1); } } //如果要修改密码 $pwd_modified = false; if (!empty($_POST['new_password'])) { /* 查询旧密码并与输入的旧密码比较是否相同 */ $sql = "SELECT password FROM ".$ecs->table('admin_user')." WHERE user_id = '$admin_id'"; $old_password = $db->getOne($sql); $sql ="SELECT ec_salt FROM ".$ecs->table('admin_user')." WHERE user_id = '$admin_id'"; $old_ec_salt= $db->getOne($sql); if(empty($old_ec_salt)) { $old_ec_password=md5($_POST['old_password']); } else { $old_ec_password=md5(md5($_POST['old_password']).$old_ec_salt); } if ($old_password <> $old_ec_password) { $link[] = array('text' => $_LANG['go_back'], 'href'=>'javascript:history.back(-1)'); sys_msg($_LANG['pwd_error'], 0, $link); } /* 比较新密码和确认密码是否相同 */ if ($_POST['new_password'] <> $_POST['pwd_confirm']) { $link[] = array('text' => $_LANG['go_back'], 'href'=>'javascript:history.back(-1)'); sys_msg($_LANG['js_languages']['password_error'], 0, $link); } else { $pwd_modified = true; } } //更新管理员信息 if($pwd_modified) { $sql = "UPDATE " .$ecs->table('admin_user'). " SET ". "user_name = '$admin_name', ". "email = '$admin_email', ". "ec_salt = '$ec_salt' ". $password. $nav_list. "WHERE user_id = '$admin_id'"; } else { $sql = "UPDATE " .$ecs->table('admin_user'). " SET ". "user_name = '$admin_name', ". "email = '$admin_email' ". $nav_list. "WHERE user_id = '$admin_id'"; } $db->query($sql); /* 记录管理员操作 */ admin_log($_POST['user_name'], 'edit', 'privilege'); /* 如果修改了密码，则需要将session中该管理员的数据清空 */ if ($pwd_modified && $_REQUEST['act'] == 'update_self') { $sess->delete_spec_admin_session($_SESSION['admin_id']); $msg = $_LANG['edit_password_succeed']; } else { $msg = $_LANG['edit_profile_succeed']; } /* 提示信息 */ $link[] = array('text' => strpos($g_link, 'list') ? $_LANG['back_admin_list'] : $_LANG['modif_info'], 'href'=>$g_link); sys_msg("$msg", 0, $link); } /*------------------------------------------------------ */ //-- 为管理员分配权限 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'allot') { admin_priv('seller_allot'); include_once(ROOT_PATH . 'languages/' .$_CFG['lang']. '/admin/priv_action.php'); $user_id = !empty($_GET['id']) ? intval($_GET['id']) : 0; /* 获得该管理员的权限 */ $priv_str = $db->getOne("SELECT action_list FROM " .$ecs->table('admin_user'). " WHERE user_id = '$_GET[id]'"); /* 如果被编辑的管理员拥有了all这个权限，将不能编辑 */ if ($priv_str == 'all') { $link[] = array('text' => $_LANG['back_admin_list'], 'href'=>'privilege_seller.php?act=list'); sys_msg($_LANG['edit_admininfo_cannot'], 0, $link); } $user_parent = $db->getRow("SELECT action_list, parent_id FROM " .$ecs->table('admin_user'). " WHERE user_id = '$user_id'"); $parent_priv = $db->getRow("SELECT action_list FROM " .$ecs->table('admin_user'). " WHERE user_id = '" .$user_parent['parent_id']. "'"); $parent_priv = explode(',', $parent_priv['action_list']); $priv_str = $user_parent['action_list']; /* 获取权限的分组数据 */ $sql_query = "SELECT action_id, parent_id, action_code,relevance FROM " .$ecs->table('admin_action'). " WHERE parent_id = 0"; $res = $db->query($sql_query); while ($rows = $db->FetchRow($res)) { $priv_arr[$rows['action_id']] = $rows; } if($priv_arr){ /* 按权限组查询底级的权限名称 */ $sql = "SELECT action_id, parent_id, action_code,relevance FROM " .$ecs->table('admin_action'). " WHERE parent_id " .db_create_in(array_keys($priv_arr)) . " AND action_code " . db_create_in(array_values($parent_priv)); $result = $db->query($sql); while ($priv = $db->FetchRow($result)) { $priv_arr[$priv["parent_id"]]["priv"][$priv["action_code"]] = $priv; } // 将同一组的权限使用 "," 连接起来，供JS全选 ecmoban模板堂 --zhuo foreach ($priv_arr AS $action_id => $action_group) { if ($action_group['priv']) { $priv = @array_keys($action_group['priv']); $priv_arr[$action_id]['priv_list'] = join(',', $priv); foreach ($action_group['priv'] AS $key => $val) { $priv_arr[$action_id]['priv'][$key]['cando'] = (strpos($priv_str, $val['action_code']) !== false || $priv_str == 'all') ? 1 : 0; } } } } /* 赋值 */ $smarty->assign('lang', $_LANG); $smarty->assign('ur_here', $_LANG['allot_priv'] . ' [ '. $_GET['user'] . ' ] '); $smarty->assign('action_link', array('href'=>'privilege_seller.php?act=list', 'text' => $_LANG['02_admin_seller'])); $smarty->assign('priv_arr', $priv_arr); $smarty->assign('form_act', 'update_allot'); $smarty->assign('user_id', $_GET['id']); /* 显示页面 */ assign_query_info(); $smarty->display('privilege_allot.htm'); } /*------------------------------------------------------ */ //-- 更新管理员的权限 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'update_allot') { admin_priv('seller_allot'); /* 取得当前管理员用户名 */ $admin_name = $db->getOne("SELECT user_name FROM " .$ecs->table('admin_user'). " WHERE user_id = '$_POST[id]'"); /* 更新管理员的权限 */ $act_list = @join(",", $_POST['action_code']); $sql = "UPDATE " .$ecs->table('admin_user'). " SET action_list = '$act_list', role_id = '' ". "WHERE user_id = '$_POST[id]'"; $db->query($sql); /* 动态更新管理员的SESSION */ if ($_SESSION["admin_id"] == $_POST['id']) { $_SESSION["action_list"] = $act_list; } /* 记录管理员操作 */ admin_log(addslashes($admin_name), 'edit', 'privilege'); /* 提示信息 */ $link[] = array('text' => $_LANG['back_admin_list'], 'href'=>'privilege_seller.php?act=list'); sys_msg($_LANG['edit'] . " " . $admin_name . " " . $_LANG['action_succeed'], 0, $link); } /*------------------------------------------------------ */ //-- 删除一个管理员 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'remove') { check_authz_json('seller_drop'); $id = intval($_GET['id']); /* 获得管理员用户名 */ $admin_name = $db->getOne('SELECT user_name FROM '.$ecs->table('admin_user')." WHERE user_id='$id'"); /* demo这个管理员不允许删除 */ if ($admin_name == 'demo') { make_json_error($_LANG['edit_remove_cannot']); } /* ID为1的不允许删除 */ if ($id == 1) { make_json_error($_LANG['remove_cannot']); } /* 管理员不能删除自己 */ if ($id == $_SESSION['admin_id']) { make_json_error($_LANG['remove_self_cannot']); } if ($exc->drop($id)) { $sess->delete_spec_admin_session($id); // 删除session中该管理员的记录 admin_log(addslashes($admin_name), 'remove', 'privilege'); clear_cache_files(); } $url = 'privilege_seller.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); ecs_header("Location: $url\n"); exit; } /* 获取管理员列表 */ function get_admin_userlist($ru_id) { $list = array(); $result = get_filter(); if ($result === false) { /* 过滤信息 */ $filter['keywords'] = empty($_REQUEST['keywords']) ? '' : trim($_REQUEST['keywords']); $filter['parent_id'] = intval($_REQUEST['id']); /* 分页大小 */ $filter['page'] = empty($_REQUEST['page']) || (intval($_REQUEST['page']) <= 0) ? 1 : intval($_REQUEST['page']); if (isset($_REQUEST['page_size']) && intval($_REQUEST['page_size']) > 0) { $filter['page_size'] = intval($_REQUEST['page_size']); } elseif (isset($_COOKIE['ECSCP']['page_size']) && intval($_COOKIE['ECSCP']['page_size']) > 0) { $filter['page_size'] = intval($_COOKIE['ECSCP']['page_size']); } else { $filter['page_size'] = 15; } $where = ''; if ($filter['keywords']) { $where .= " AND (user_name LIKE '%" . mysql_like_quote($filter['keywords']) . "%')"; } if($filter['parent_id']){ $where = " AND parent_id = '" .$_SESSION['admin_id']. "'"; }else{ $where = " AND parent_id > 0"; } /* 记录总数 */ $sql = 'SELECT COUNT(*) FROM ' . $GLOBALS['ecs']->table('admin_user') ." AS au " . " WHERE 1 AND ru_id > 0 $where" ; $record_count = $GLOBALS['db']->getOne($sql); $filter['record_count'] = $record_count; $filter['page_count'] = $filter['record_count'] > 0 ? ceil($filter['record_count'] / $filter['page_size']) : 1; $sql = 'SELECT user_id, user_name, au.ru_id, email, add_time, last_login ' . 'FROM ' . $GLOBALS['ecs']->table('admin_user') . ' AS au '. 'WHERE 1 AND ru_id > 0 '. $where .' ORDER BY user_id DESC ' . "LIMIT " . ($filter['page'] - 1) * $filter['page_size'] . ",$filter[page_size]"; set_filter($filter, $sql); } else { $sql = $result['sql']; $filter = $result['filter']; } $list = $GLOBALS['db']->getAll($sql); foreach ($list AS $key=>$val) { $list[$key]['ru_name'] = get_shop_name($val['ru_id'], 1); //ecmoban模板堂 --zhuo $list[$key]['add_time'] = local_date($GLOBALS['_CFG']['time_format'], $val['add_time']); $list[$key]['last_login'] = local_date($GLOBALS['_CFG']['time_format'], $val['last_login']); } $arr = array('list' => $list, 'filter' => $filter, 'page_count' => $filter['page_count'], 'record_count' => $filter['record_count']); return $arr; } /* 清除购物车中过期的数据 */ function clear_cart() { /* 取得有效的session */ $sql = "SELECT DISTINCT session_id " . "FROM " . $GLOBALS['ecs']->table('cart') . " AS c, " . $GLOBALS['ecs']->table('sessions') . " AS s " . "WHERE c.session_id = s.sesskey "; $valid_sess = $GLOBALS['db']->getCol($sql); // 删除cart中无效的数据 $sql = "DELETE FROM " . $GLOBALS['ecs']->table('cart') . " WHERE session_id NOT " . db_create_in($valid_sess); $GLOBALS['db']->query($sql); // 删除cart_combo中无效的数据 by mike $sql = "DELETE FROM " . $GLOBALS['ecs']->table('cart_combo') . " WHERE session_id NOT " . db_create_in($valid_sess); $GLOBALS['db']->query($sql); } ?>