<?php
require_once dirname(__FILE__) . "/../../App.class.php";
App::loadMod("User");
App::loadMod("Tools");
App::loadMod("Setting");
$app = new App();
$user = new User();
$tools = new Tools();
$setting = new Setting();
if (!$user->isLogin()) {
header("Location: status.php?action=login");
}
if ($user->getPower() != 0 && $setting->get("UploadOpen", "on") != "on") {
die("<script>alert('服务器禁止上传!');</script>");
}
include "upload.php";
$myclass = new upload_file();
empty($_GET['curl']) ? $myclass->flash_directory = "" : ($myclass->flash_directory = str_replace("..", "", urldecode($_GET['curl'])));
//删除文件
if (isset($_GET["del"])) {
$myclass->del_files(urldecode($_GET["del"]));
}
//删除文件夹
if (isset($_GET["deldir"])) {
if ("yes" == $_GET["deldir"]) {
$myclass->rm_dir();
$myclass->flash_directory = "";
}
}
//创建文件夹
App::loadMod("User");
App::loadMod("Eassy");
App::loadMod("Setting");
$app = new App();
$user = new User();
$eassy = new Eassy();
if (!$user->isLogin()) {
redirect("Location: status.php?action=login");
}
if (isset($_GET['action']) || isset($_GET['id'])) {
if ($_GET['action'] == "delete") {
if (!$user->str_check($_GET['id'])) {
redirect("Location: error.php");
}
$e = $eassy->getEassy($_GET['id']);
if ($user->getPower() != 0) {
if ($user->getUser() != $e['author']) {
redirect("Location: error.php");
}
}
$eassy->deleteEassy($_GET['id']);
echo "<script language=\"javascript\">alert('删除成功!');history.back(-1);</script>";
die;
}
}
$limit = isset($_GET['page']) ? (intval($_GET['page']) - 1) * 20 : "0";
$list = $eassy->getList(1, 20, $limit, $user->getPower() == 0 ? "" : $user->getUser());
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php
require_once "../App.class.php";
App::loadMod("User");
$app = new App();
$user = new User();
if (!$user->isLogin()) {
header("Location: status.php?action=login");
}
$alert = "";
if (isset($_POST['old']) && isset($_POST['new'])) {
if ($_POST['new'] != "") {
if ($user->str_check($_POST['new']) && $_POST['old'] == $user->getPass()) {
$flag = $user->userRenew($user->getUser(), $_POST['new'], "", $user->getPower());
if ($flag) {
$alert = "修改成功!";
} else {
$alert = "修改失败!";
}
} else {
$alert = "修改失败!";
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>用户管理 > <?php
echo $user->getUser();
if (!isset($_GET['id'])) {
redirect("Location: error.php");
}
if ($_GET['id'] == "new") {
$t = false;
$post['type'] = "草稿";
} else {
$t = true;
if (!$user->str_check($_GET['id'])) {
header("Location: error.php");
}
$post = $eassy->getEassy($_GET['id']);
if (!$post) {
header("Location: error.php");
}
if ($user->getPower() != 0) {
if ($user->getUser() != $post['author']) {
redirect("Location: error.php");
}
}
}
$type = unserialize($setting->get("EassyType"));
if ($post['type'] != "草稿") {
$flag = false;
for ($i = 0; $i < count($type); ++$i) {
if (!empty($type[$i])) {
$flag = $flag || $type[$i] == $post['type'];
}
}
if (!$flag) {
redirect("Location: error.php");
<?php
/**
Author: SpringHack - springhack@live.cn
Last modified: 2016-02-01 12:27:05
Filename: admin/user.php
Description: Created by SpringHack using vim automatically.
**/
require_once "../App.class.php";
App::loadMod("User");
$app = new App();
$user = new User();
if (!$user->isLogin()) {
header("Location: status.php?action=login");
}
if ($user->getPower() != 0) {
header("Location: status.php?action=login");
}
if (isset($_GET['action']) || isset($_GET['user'])) {
if (!$user->str_check($_GET['user'])) {
header("Location: error.php");
}
if ($_GET['action'] == "delete") {
$user->userDelete($_GET['user']);
echo "<script language=\"javascript\">alert('删除成功!');history.back(-1);</script>";
die;
}
if ($_GET['action'] == "up") {
$user->userRenew($_GET['user'], $user->getPass($_GET['user']), "", 0);
echo "<script language=\"javascript\">alert('提权成功!');history.back(-1);</script>";
die;
