asmodeus
/
shop
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
512 Commits
1 Branch
0 Tags
166 MiB
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
shop/admin/privilege_seller.php

571 lines
21 KiB
Raw Permalink Blame History

<?php
/**
* ECSHOP 管理员信息以及权限管理程序
* ============================================================================
* * 版权所有 2005-2016 上海商创网络科技有限公司,并保留所有权利。
* 网站地址: http://www.ecmoban.com;
* ----------------------------------------------------------------------------
* 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和
* 使用;不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
* $Author: liubo $
* $Id: privilege_seller.php 17217 2011-01-19 06:29:08Z liubo $
*/
define('IN_ECS', true);
require(dirname(__FILE__) . '/includes/init.php');
/* 初始化 $exc 对象 */
$exc = new exchange($ecs->table("admin_user"), $db, 'user_id', 'user_name');
$adminru = get_admin_ru_id();
//ecmoban模板堂 --zhuo start
if($adminru['ru_id'] == 0){
$smarty->assign('priv_ru', 1);
}else{
$smarty->assign('priv_ru', 0);
}
$smarty->assign('seller', 0);
$php_self = get_php_self(1);
$smarty->assign('php_self', $php_self);
//ecmoban模板堂 --zhuo end
if ($_REQUEST['act'] == 'list')
{
/* 模板赋值 */
$smarty->assign('ur_here', $_LANG['privilege_shop']);
/*判断是否是商家,是显示添加管理员按钮*/
if($adminru['ru_id'] > 0){
$smarty->assign('action_link', array('href'=>'privilege_seller.php?act=add', 'text' => $_LANG['admin_add']));
}
$smarty->assign('ru_id', $adminru['ru_id']);
$smarty->assign('full_page', 1);
$admin_list = get_admin_userlist($adminru['ru_id']);
$smarty->assign('admin_list', $admin_list['list']);
$smarty->assign('filter', $admin_list['filter']);
$smarty->assign('record_count', $admin_list['record_count']);
$smarty->assign('page_count', $admin_list['page_count']);
/* 显示页面 */
assign_query_info();
$smarty->display('privilege_list.htm');
}
/*------------------------------------------------------ */
//-- 查询
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'query')
{
$admin_list = get_admin_userlist($adminru['ru_id']);
$smarty->assign('admin_list', $admin_list['list']);
$smarty->assign('filter', $admin_list['filter']);
$smarty->assign('record_count', $admin_list['record_count']);
$smarty->assign('page_count', $admin_list['page_count']);
make_json_result($smarty->fetch('privilege_list.htm'), '', array('filter' => $admin_list['filter'], 'page_count' => $admin_list['page_count']));
}
/*------------------------------------------------------ */
//-- 添加管理员页面
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'add')
{
/* 检查权限 */
admin_priv('seller_manage');
/* 模板赋值 */
$smarty->assign('ur_here', $_LANG['admin_add']);
$smarty->assign('action_link', array('href'=>'privilege_seller.php?act=list', 'text' => $_LANG['02_admin_seller']));
$smarty->assign('form_act', 'insert');
$smarty->assign('action', 'add');
/* 显示页面 */
assign_query_info();
$smarty->display('privilege_info.htm');
}
/*------------------------------------------------------ */
//-- 添加管理员的处理
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'insert')
{
admin_priv('seller_manage');
/* 判断管理员是否已经存在 */
if (!empty($_POST['user_name']))
{
$is_only = $exc->is_only('user_name', stripslashes($_POST['user_name']));
if (!$is_only)
{
sys_msg(sprintf($_LANG['user_name_exist'], stripslashes($_POST['user_name'])), 1);
}
}
/* Email地址是否有重复 */
if (!empty($_POST['email']))
{
$is_only = $exc->is_only('email', stripslashes($_POST['email']));
if (!$is_only)
{
sys_msg(sprintf($_LANG['email_exist'], stripslashes($_POST['email'])), 1);
}
}
/* 获取添加日期及密码 */
$add_time = gmtime();
$password = md5($_POST['password']);
$parent_id='';
$action_list='';
$ru_id='';
if($_SESSION['admin_id']>0){
$res=$db->getOne(" SELECT ru_id,action_list FROM ".$ecs->table("admin_user")." WHERE user_id = '".$_SESSION['admin_id']."'");
$action_list=$res['action_list'];
$ru_id=$res['ru_id'];
}
$sql = "SELECT nav_list FROM " . $ecs->table('admin_user') . " WHERE action_list = 'all'";
$row = $db->getRow($sql);
$sql = "INSERT INTO ".$ecs->table('admin_user')." (user_name, email, password, add_time, nav_list,action_list,ru_id,parent_id) ".
"VALUES ('".trim($_POST['user_name'])."', '".trim($_POST['email'])."', '$password', '$add_time', '$row[nav_list]','$action_list','$ru_id','".$_SESSION['admin_id']."')";
$db->query($sql);
/* 转入权限分配列表 */
$new_id = $db->Insert_ID();
/*添加链接*/
$link[0]['text'] = $_LANG['go_allot_priv'];
$link[0]['href'] = 'privilege_seller.php?act=allot&id='.$new_id.'&user='.$_POST['user_name'].'';
$link[1]['text'] = $_LANG['continue_add'];
$link[1]['href'] = 'privilege_seller.php?act=add';
sys_msg($_LANG['add'] . "&nbsp;" .$_POST['user_name'] . "&nbsp;" . $_LANG['action_succeed'],0, $link);
/* 记录管理员操作 */
admin_log($_POST['user_name'], 'add', 'privilege');
}
/*------------------------------------------------------ */
//-- 编辑管理员信息
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'edit')
{
/* 不能编辑demo这个管理员 */
if ($_SESSION['admin_name'] == 'demo')
{
$link[] = array('text' => $_LANG['back_list'], 'href'=>'privilege_seller.php?act=list');
sys_msg($_LANG['edit_admininfo_cannot'], 0, $link);
}
$_REQUEST['id'] = !empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0;
/* 查看是否有权限编辑其他管理员的信息 */
if ($_SESSION['admin_id'] != $_REQUEST['id'])
{
admin_priv('seller_manage');
}
/* 获取管理员信息 */
$sql = "SELECT user_id, user_name, email, password, agency_id, role_id FROM " .$ecs->table('admin_user').
" WHERE user_id = '".$_REQUEST['id']."'";
$user_info = $db->getRow($sql);
/* 取得该管理员负责的办事处名称 */
if ($user_info['agency_id'] > 0)
{
$sql = "SELECT agency_name FROM " . $ecs->table('agency') . " WHERE agency_id = '$user_info[agency_id]'";
$user_info['agency_name'] = $db->getOne($sql);
}
/* 模板赋值 */
$smarty->assign('ur_here', $_LANG['admin_edit']);
$smarty->assign('action_link', array('text' => $_LANG['02_admin_seller'], 'href'=>'privilege_seller.php?act=list'));
$smarty->assign('user', $user_info);
/* 获得该管理员的权限 */
$priv_str = $db->getOne("SELECT action_list FROM " .$ecs->table('admin_user'). " WHERE user_id = '$_GET[id]'");
$smarty->assign('form_act', 'update');
$smarty->assign('action', 'edit');
assign_query_info();
$smarty->display('privilege_info.htm');
}
/*------------------------------------------------------ */
//-- 更新管理员信息
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'update' || $_REQUEST['act'] == 'update_self')
{
/* 变量初始化 */
$admin_id = !empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0;
$admin_name = !empty($_REQUEST['user_name']) ? trim($_REQUEST['user_name']) : '';
$admin_email = !empty($_REQUEST['email']) ? trim($_REQUEST['email']) : '';
$ec_salt=rand(1,9999);
$password = !empty($_POST['new_password']) ? ", password = '".md5(md5($_POST['new_password']).$ec_salt)."'" : '';
if ($_REQUEST['act'] == 'update')
{
/* 查看是否有权限编辑其他管理员的信息 */
if ($_SESSION['admin_id'] != $_REQUEST['id'])
{
admin_priv('seller_manage');
}
$g_link = 'privilege_seller.php?act=list';
$nav_list = '';
}
else
{
$nav_list = !empty($_POST['nav_list']) ? ", nav_list = '".@join(",", $_POST['nav_list'])."'" : '';
$admin_id = $_SESSION['admin_id'];
$g_link = 'privilege_seller.php?act=modif';
}
/* 判断管理员是否已经存在 */
if (!empty($admin_name))
{
$is_only = $exc->num('user_name', $admin_name, $admin_id);
if ($is_only == 1)
{
sys_msg(sprintf($_LANG['user_name_exist'], stripslashes($admin_name)), 1);
}
}
/* Email地址是否有重复 */
if (!empty($admin_email))
{
$is_only = $exc->num('email', $admin_email, $admin_id);
if ($is_only == 1)
{
sys_msg(sprintf($_LANG['email_exist'], stripslashes($admin_email)), 1);
}
}
//如果要修改密码
$pwd_modified = false;
if (!empty($_POST['new_password']))
{
/* 查询旧密码并与输入的旧密码比较是否相同 */
$sql = "SELECT password FROM ".$ecs->table('admin_user')." WHERE user_id = '$admin_id'";
$old_password = $db->getOne($sql);
$sql ="SELECT ec_salt FROM ".$ecs->table('admin_user')." WHERE user_id = '$admin_id'";
$old_ec_salt= $db->getOne($sql);
if(empty($old_ec_salt))
{
$old_ec_password=md5($_POST['old_password']);
}
else
{
$old_ec_password=md5(md5($_POST['old_password']).$old_ec_salt);
}
if ($old_password <> $old_ec_password)
{
$link[] = array('text' => $_LANG['go_back'], 'href'=>'javascript:history.back(-1)');
sys_msg($_LANG['pwd_error'], 0, $link);
}
/* 比较新密码和确认密码是否相同 */
if ($_POST['new_password'] <> $_POST['pwd_confirm'])
{
$link[] = array('text' => $_LANG['go_back'], 'href'=>'javascript:history.back(-1)');
sys_msg($_LANG['js_languages']['password_error'], 0, $link);
}
else
{
$pwd_modified = true;
}
}
//更新管理员信息
if($pwd_modified)
{
$sql = "UPDATE " .$ecs->table('admin_user'). " SET ".
"user_name = '$admin_name', ".
"email = '$admin_email', ".
"ec_salt = '$ec_salt' ".
$password.
$nav_list.
"WHERE user_id = '$admin_id'";
}
else
{
$sql = "UPDATE " .$ecs->table('admin_user'). " SET ".
"user_name = '$admin_name', ".
"email = '$admin_email' ".
$nav_list.
"WHERE user_id = '$admin_id'";
}
$db->query($sql);
/* 记录管理员操作 */
admin_log($_POST['user_name'], 'edit', 'privilege');
/* 如果修改了密码,则需要将session中该管理员的数据清空 */
if ($pwd_modified && $_REQUEST['act'] == 'update_self')
{
$sess->delete_spec_admin_session($_SESSION['admin_id']);
$msg = $_LANG['edit_password_succeed'];
}
else
{
$msg = $_LANG['edit_profile_succeed'];
}
/* 提示信息 */
$link[] = array('text' => strpos($g_link, 'list') ? $_LANG['back_admin_list'] : $_LANG['modif_info'], 'href'=>$g_link);
sys_msg("$msg<script>parent.document.getElementById('header-frame').contentWindow.document.location.reload();</script>", 0, $link);
}
/*------------------------------------------------------ */
//-- 为管理员分配权限
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'allot')
{
admin_priv('seller_allot');
include_once(ROOT_PATH . 'languages/' .$_CFG['lang']. '/admin/priv_action.php');
$user_id = !empty($_GET['id']) ? intval($_GET['id']) : 0;
/* 获得该管理员的权限 */
$priv_str = $db->getOne("SELECT action_list FROM " .$ecs->table('admin_user'). " WHERE user_id = '$_GET[id]'");
/* 如果被编辑的管理员拥有了all这个权限,将不能编辑 */
if ($priv_str == 'all')
{
$link[] = array('text' => $_LANG['back_admin_list'], 'href'=>'privilege_seller.php?act=list');
sys_msg($_LANG['edit_admininfo_cannot'], 0, $link);
}
$user_parent = $db->getRow("SELECT action_list, parent_id FROM " .$ecs->table('admin_user'). " WHERE user_id = '$user_id'");
$parent_priv = $db->getRow("SELECT action_list FROM " .$ecs->table('admin_user'). " WHERE user_id = '" .$user_parent['parent_id']. "'");
$parent_priv = explode(',', $parent_priv['action_list']);
$priv_str = $user_parent['action_list'];
/* 获取权限的分组数据 */
$sql_query = "SELECT action_id, parent_id, action_code,relevance FROM " .$ecs->table('admin_action').
" WHERE parent_id = 0";
$res = $db->query($sql_query);
while ($rows = $db->FetchRow($res))
{
$priv_arr[$rows['action_id']] = $rows;
}
if($priv_arr){
/* 按权限组查询底级的权限名称 */
$sql = "SELECT action_id, parent_id, action_code,relevance FROM " .$ecs->table('admin_action').
" WHERE parent_id " .db_create_in(array_keys($priv_arr)) . " AND action_code " . db_create_in(array_values($parent_priv));
$result = $db->query($sql);
while ($priv = $db->FetchRow($result))
{
$priv_arr[$priv["parent_id"]]["priv"][$priv["action_code"]] = $priv;
}
// 将同一组的权限使用 "," 连接起来,供JS全选 ecmoban模板堂 --zhuo
foreach ($priv_arr AS $action_id => $action_group) {
if ($action_group['priv']) {
$priv = @array_keys($action_group['priv']);
$priv_arr[$action_id]['priv_list'] = join(',', $priv);
foreach ($action_group['priv'] AS $key => $val) {
$priv_arr[$action_id]['priv'][$key]['cando'] = (strpos($priv_str, $val['action_code']) !== false || $priv_str == 'all') ? 1 : 0;
}
}
}
}
/* 赋值 */
$smarty->assign('lang', $_LANG);
$smarty->assign('ur_here', $_LANG['allot_priv'] . ' [ '. $_GET['user'] . ' ] ');
$smarty->assign('action_link', array('href'=>'privilege_seller.php?act=list', 'text' => $_LANG['02_admin_seller']));
$smarty->assign('priv_arr', $priv_arr);
$smarty->assign('form_act', 'update_allot');
$smarty->assign('user_id', $_GET['id']);
/* 显示页面 */
assign_query_info();
$smarty->display('privilege_allot.htm');
}
/*------------------------------------------------------ */
//-- 更新管理员的权限
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'update_allot')
{
admin_priv('seller_allot');
/* 取得当前管理员用户名 */
$admin_name = $db->getOne("SELECT user_name FROM " .$ecs->table('admin_user'). " WHERE user_id = '$_POST[id]'");
/* 更新管理员的权限 */
$act_list = @join(",", $_POST['action_code']);
$sql = "UPDATE " .$ecs->table('admin_user'). " SET action_list = '$act_list', role_id = '' ".
"WHERE user_id = '$_POST[id]'";
$db->query($sql);
/* 动态更新管理员的SESSION */
if ($_SESSION["admin_id"] == $_POST['id'])
{
$_SESSION["action_list"] = $act_list;
}
/* 记录管理员操作 */
admin_log(addslashes($admin_name), 'edit', 'privilege');
/* 提示信息 */
$link[] = array('text' => $_LANG['back_admin_list'], 'href'=>'privilege_seller.php?act=list');
sys_msg($_LANG['edit'] . "&nbsp;" . $admin_name . "&nbsp;" . $_LANG['action_succeed'], 0, $link);
}
/*------------------------------------------------------ */
//-- 删除一个管理员
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'remove')
{
check_authz_json('seller_drop');
$id = intval($_GET['id']);
/* 获得管理员用户名 */
$admin_name = $db->getOne('SELECT user_name FROM '.$ecs->table('admin_user')." WHERE user_id='$id'");
/* demo这个管理员不允许删除 */
if ($admin_name == 'demo')
{
make_json_error($_LANG['edit_remove_cannot']);
}
/* ID为1的不允许删除 */
if ($id == 1)
{
make_json_error($_LANG['remove_cannot']);
}
/* 管理员不能删除自己 */
if ($id == $_SESSION['admin_id'])
{
make_json_error($_LANG['remove_self_cannot']);
}
if ($exc->drop($id))
{
$sess->delete_spec_admin_session($id); // 删除session中该管理员的记录
admin_log(addslashes($admin_name), 'remove', 'privilege');
clear_cache_files();
}
$url = 'privilege_seller.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: $url\n");
exit;
}
/* 获取管理员列表 */
function get_admin_userlist($ru_id)
{
$list = array();
$result = get_filter();
if ($result === false) {
/* 过滤信息 */
$filter['keywords'] = empty($_REQUEST['keywords']) ? '' : trim($_REQUEST['keywords']);
$filter['parent_id'] = intval($_REQUEST['id']);
/* 分页大小 */
$filter['page'] = empty($_REQUEST['page']) || (intval($_REQUEST['page']) <= 0) ? 1 : intval($_REQUEST['page']);
if (isset($_REQUEST['page_size']) && intval($_REQUEST['page_size']) > 0) {
$filter['page_size'] = intval($_REQUEST['page_size']);
} elseif (isset($_COOKIE['ECSCP']['page_size']) && intval($_COOKIE['ECSCP']['page_size']) > 0) {
$filter['page_size'] = intval($_COOKIE['ECSCP']['page_size']);
} else {
$filter['page_size'] = 15;
}
$where = '';
if ($filter['keywords'])
{
$where .= " AND (user_name LIKE '%" . mysql_like_quote($filter['keywords']) . "%')";
}
if($filter['parent_id']){
$where = " AND parent_id = '" .$_SESSION['admin_id']. "'";
}else{
$where = " AND parent_id > 0";
}
/* 记录总数 */
$sql = 'SELECT COUNT(*) FROM ' . $GLOBALS['ecs']->table('admin_user') ." AS au " . " WHERE 1 AND ru_id > 0 $where" ;
$record_count = $GLOBALS['db']->getOne($sql);
$filter['record_count'] = $record_count;
$filter['page_count'] = $filter['record_count'] > 0 ? ceil($filter['record_count'] / $filter['page_size']) : 1;
$sql = 'SELECT user_id, user_name, au.ru_id, email, add_time, last_login ' .
'FROM ' . $GLOBALS['ecs']->table('admin_user') . ' AS au '.
'WHERE 1 AND ru_id > 0 '. $where .' ORDER BY user_id DESC ' .
"LIMIT " . ($filter['page'] - 1) * $filter['page_size'] . ",$filter[page_size]";
set_filter($filter, $sql);
}
else
{
$sql = $result['sql'];
$filter = $result['filter'];
}
$list = $GLOBALS['db']->getAll($sql);
foreach ($list AS $key=>$val)
{
$list[$key]['ru_name'] = get_shop_name($val['ru_id'], 1); //ecmoban模板堂 --zhuo
$list[$key]['add_time'] = local_date($GLOBALS['_CFG']['time_format'], $val['add_time']);
$list[$key]['last_login'] = local_date($GLOBALS['_CFG']['time_format'], $val['last_login']);
}
$arr = array('list' => $list, 'filter' => $filter, 'page_count' => $filter['page_count'], 'record_count' => $filter['record_count']);
return $arr;
}
/* 清除购物车中过期的数据 */
function clear_cart()
{
/* 取得有效的session */
$sql = "SELECT DISTINCT session_id " .
"FROM " . $GLOBALS['ecs']->table('cart') . " AS c, " .
$GLOBALS['ecs']->table('sessions') . " AS s " .
"WHERE c.session_id = s.sesskey ";
$valid_sess = $GLOBALS['db']->getCol($sql);
// 删除cart中无效的数据
$sql = "DELETE FROM " . $GLOBALS['ecs']->table('cart') .
" WHERE session_id NOT " . db_create_in($valid_sess);
$GLOBALS['db']->query($sql);
// 删除cart_combo中无效的数据 by mike
$sql = "DELETE FROM " . $GLOBALS['ecs']->table('cart_combo') .
" WHERE session_id NOT " . db_create_in($valid_sess);
$GLOBALS['db']->query($sql);
}
?>