Server : Apache System : Linux iZ2vcgyutqttsd1p850kl8Z 3.10.0-1160.92.1.el7.x86_64 #1 SMP Tue Jun 20 11:48:01 UTC 2023 x86_64 User : www ( 1000) PHP Version : 5.6.40 Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv Directory : /www/wwwroot/saimikebio.com/mobile/ecshopjcw/ |
<?php /** * ECSHOP 角色管理信息以及权限管理程序 * ============================================================================ * * 版权所有 2005-2012 上海商派网络科技有限公司,并保留所有权利。 * 网站地址: http://www.ecshop.com; * ---------------------------------------------------------------------------- * 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和 * 使用;不允许对程序代码以任何形式任何目的的再发布。 * ============================================================================ * $Author: wangleisvn $ * $Id: privilege.php 16529 2009-08-12 05:38:57Z wangleisvn $ */ define('IN_ECTOUCH', true); require(dirname(__FILE__) . '/includes/init.php'); /* act操作项的初始化 */ if (empty($_REQUEST['act'])) { $_REQUEST['act'] = 'login'; } else { $_REQUEST['act'] = trim($_REQUEST['act']); } /* 初始化 $exc 对象 */ $exc = new exchange($ecs->table("role"), $db, 'role_id', 'role_name'); /*------------------------------------------------------ */ //-- 退出登录 /*------------------------------------------------------ */ if ($_REQUEST['act'] == 'logout') { /* 清除cookie */ setcookie('ECSCP[admin_id]', '', 1); setcookie('ECSCP[admin_pass]', '', 1); $sess->destroy_session(); $_REQUEST['act'] = 'login'; } /*------------------------------------------------------ */ //-- 登陆界面 /*------------------------------------------------------ */ if ($_REQUEST['act'] == 'login') { header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); if ((intval($_CFG['captcha']) & CAPTCHA_ADMIN) && gd_version() > 0) { $smarty->assign('gd_version', gd_version()); $smarty->assign('random', mt_rand()); } $smarty->display('login.htm'); } /*------------------------------------------------------ */ //-- 角色列表页面 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'list') { /* 模板赋值 */ $smarty->assign('ur_here', $_LANG['admin_role']); $smarty->assign('action_link', array('href'=>'role.php?act=add', 'text' => $_LANG['admin_add_role'])); $smarty->assign('full_page', 1); $smarty->assign('admin_list', get_role_list()); /* 显示页面 */ assign_query_info(); $smarty->display('role_list.htm'); } /*------------------------------------------------------ */ //-- 查询 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'query') { $smarty->assign('admin_list', get_role_list()); make_json_result($smarty->fetch('role_list.htm')); } /*------------------------------------------------------ */ //-- 添加角色页面 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'add') { /* 检查权限 */ admin_priv('admin_manage'); include_once(ROOT_PATH . 'lang/' .$_CFG['lang']. '/admin/priv_action.php'); $priv_str = ''; /* 获取权限的分组数据 */ $sql_query = "SELECT action_id, parent_id, action_code, relevance FROM " .$ecs->table('touch_action'). " WHERE parent_id = 0"; $res = $db->query($sql_query); while ($rows = $db->FetchRow($res)) { $priv_arr[$rows['action_id']] = $rows; } /* 按权限组查询底级的权限名称 */ $sql = "SELECT action_id, parent_id, action_code, relevance FROM " .$ecs->table('touch_action'). " WHERE parent_id " .db_create_in(array_keys($priv_arr)); $result = $db->query($sql); while ($priv = $db->FetchRow($result)) { $priv_arr[$priv["parent_id"]]["priv"][$priv["action_code"]] = $priv; } // 将同一组的权限使用 "," 连接起来,供JS全选 foreach ($priv_arr AS $action_id => $action_group) { $priv_arr[$action_id]['priv_list'] = join(',', @array_keys($action_group['priv'])); foreach ($action_group['priv'] AS $key => $val) { $priv_arr[$action_id]['priv'][$key]['cando'] = (strpos($priv_str, $val['action_code']) !== false || $priv_str == 'all') ? 1 : 0; } } /* 模板赋值 */ $smarty->assign('ur_here', $_LANG['admin_add_role']); $smarty->assign('action_link', array('href'=>'role.php?act=list', 'text' => $_LANG['admin_list_role'])); $smarty->assign('form_act', 'insert'); $smarty->assign('action', 'add'); $smarty->assign('lang', $_LANG); $smarty->assign('priv_arr', $priv_arr); /* 显示页面 */ assign_query_info(); $smarty->display('role_info.htm'); } /*------------------------------------------------------ */ //-- 添加角色的处理 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'insert') { admin_priv('admin_manage'); $act_list = @join(",", $_POST['action_code']); $sql = "INSERT INTO ".$ecs->table('role')." (role_name, action_list, role_describe) ". "VALUES ('".trim($_POST['user_name'])."','$act_list','".trim($_POST['role_describe'])."')"; $db->query($sql); /* 转入权限分配列表 */ $new_id = $db->Insert_ID(); /*添加链接*/ $link[0]['text'] = $_LANG['admin_list_role']; $link[0]['href'] = 'role.php?act=list'; sys_msg($_LANG['add'] . " " .$_POST['user_name'] . " " . $_LANG['action_succeed'],0, $link); /* 记录管理员操作 */ admin_log($_POST['user_name'], 'add', 'role'); } /*------------------------------------------------------ */ //-- 编辑角色信息 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'edit') { include_once(ROOT_PATH . 'lang/' .$_CFG['lang']. '/admin/priv_action.php'); $_REQUEST['id'] = !empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0; /* 获得该管理员的权限 */ $priv_str = $db->getOne("SELECT action_list FROM " .$ecs->table('role'). " WHERE role_id = '$_GET[id]'"); /* 查看是否有权限编辑其他管理员的信息 */ if ($_SESSION['admin_id'] != $_REQUEST['id']) { admin_priv('admin_manage'); } /* 获取角色信息 */ $sql = "SELECT role_id, role_name, role_describe FROM " .$ecs->table('role'). " WHERE role_id = '".$_REQUEST['id']."'"; $user_info = $db->getRow($sql); /* 获取权限的分组数据 */ $sql_query = "SELECT action_id, parent_id, action_code,relevance FROM " .$ecs->table('touch_action'). " WHERE parent_id = 0"; $res = $db->query($sql_query); while ($rows = $db->FetchRow($res)) { $priv_arr[$rows['action_id']] = $rows; } /* 按权限组查询底级的权限名称 */ $sql = "SELECT action_id, parent_id, action_code,relevance FROM " .$ecs->table('touch_action'). " WHERE parent_id " .db_create_in(array_keys($priv_arr)); $result = $db->query($sql); while ($priv = $db->FetchRow($result)) { $priv_arr[$priv["parent_id"]]["priv"][$priv["action_code"]] = $priv; } // 将同一组的权限使用 "," 连接起来,供JS全选 foreach ($priv_arr AS $action_id => $action_group) { $priv_arr[$action_id]['priv_list'] = join(',', @array_keys($action_group['priv'])); foreach ($action_group['priv'] AS $key => $val) { $priv_arr[$action_id]['priv'][$key]['cando'] = (strpos($priv_str, $val['action_code']) !== false || $priv_str == 'all') ? 1 : 0; } } /* 模板赋值 */ $smarty->assign('user', $user_info); $smarty->assign('form_act', 'update'); $smarty->assign('action', 'edit'); $smarty->assign('ur_here', $_LANG['admin_edit_role']); $smarty->assign('action_link', array('href'=>'role.php?act=list', 'text' => $_LANG['admin_list_role'])); $smarty->assign('lang', $_LANG); $smarty->assign('priv_arr', $priv_arr); $smarty->assign('user_id', $_GET['id']); assign_query_info(); $smarty->display('role_info.htm'); } /*------------------------------------------------------ */ //-- 更新角色信息 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'update') { /* 更新管理员的权限 */ $act_list = @join(",", $_POST['action_code']); $sql = "UPDATE " .$ecs->table('role'). " SET action_list = '$act_list', role_name = '".$_POST['user_name']."', role_describe = '".$_POST['role_describe']." ' ". "WHERE role_id = '$_POST[id]'"; $db->query($sql); $user_sql = "UPDATE " .$ecs->table('admin_user'). " SET action_list = '$act_list' ". "WHERE role_id = '$_POST[id]'"; $db->query($user_sql); /* 提示信息 */ $link[] = array('text' => $_LANG['back_admin_list'], 'href'=>'role.php?act=list'); sys_msg($_LANG['edit'] . " " . $_POST['user_name'] . " " . $_LANG['action_succeed'], 0, $link); } /*------------------------------------------------------ */ //-- 删除一个角色 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'remove') { check_authz_json('admin_drop'); $id = intval($_GET['id']); $num_sql = "SELECT count(*) FROM " .$ecs->table('admin_user'). " WHERE role_id = '$_GET[id]'"; $remove_num = $db->getOne($num_sql); if($remove_num > 0) { make_json_error($_LANG['remove_cannot_user']); } else { $exc->drop($id); $url = 'role.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); } ecs_header("Location: $url\n"); exit; } /* 获取角色列表 */ function get_role_list() { $list = array(); $sql = 'SELECT role_id, role_name, action_list, role_describe '. 'FROM ' .$GLOBALS['ecs']->table('role').' ORDER BY role_id DESC'; $list = $GLOBALS['db']->getAll($sql); return $list; } ?>