/**
* 记录输入日志
*
* @param string $str_sp "BBK" "HS"
* @param string $str_request_type "MO", "MR"
* @param string $error_message
*/
function insert_log($dao, $query_string, $str_sp, &$optype, &$para, &$error_message)
{
//$query_string = $_SERVER["QUERY_STRING"];
init_log($str_sp);
interface_log(INFO, 0, "request: " . $query_string);
$query_url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
$log_data = array('record_type' => 0, 'ip' => $_SERVER['REMOTE_ADDR'], 'url' => $query_url, 'content' => $query_string, 'create_time' => date('Y-m-d H:i:s'));
$query_string = urldecode($query_string);
parse_str($query_string, $para);
//print "para:".var_export($para, true);
if (isset($para['status']) || isset($para['statestr'])) {
$log_data['op_type'] = 1;
//MR
$optype = 1;
$str_sp .= "_MR";
} else {
$log_data['op_type'] = 0;
//MO
$optype = 0;
$str_sp .= "_MO";
}
$ret = $dao->AddLog($log_data, $error_message);
if ($ret != 0) {
live_log(ERROR, $ret, $error_message);
return EC_ACCESS_DB_ERROR;
}
//print "<p> str_sp: $str_sp.<p>";
$bRet = CheckInput($str_sp, $para);
if (!$bRet) {
$error_message = "invalid input.";
live_log(ERROR, EC_INVALID_INPUT, $error_message);
return EC_INVALID_INPUT;
}
return EC_OK;
}
/**
* Store the new user and display all users again
*/
function new_user_save()
{
global $Pivot_Vars, $Cfg, $Users;
// check against unauthorised direct access.
check_csrf();
$userfields = get_userfields(1);
if (CheckInput($Pivot_Vars['username'], 2, 0) == 1) {
$userfields[0][2] = lang('userinfo', 'username_too_short');
$Piverr++;
} elseif (CheckInput($Pivot_Vars['username'], 2, 0) == 0) {
$userfields[0][2] = lang('userinfo', 'username_not_valid');
$Piverr++;
}
if (isset($Users[$Pivot_Vars['username']])) {
$userfields[0][2] = lang('userinfo', 'username_in_use');
$Piverr++;
}
if (ltrim(rtrim(strtolower($Pivot_Vars['pass1']))) != ltrim(rtrim(strtolower($Pivot_Vars['pass2'])))) {
$userfields[2][2] = lang('userinfo', 'pass_dont_match');
$Piverr++;
}
if (CheckInput($Pivot_Vars['pass1'], 4, 0) == 1) {
$userfields[1][2] = lang('userinfo', 'pass_too_short');
$Piverr++;
}
if ($Piverr > 0) {
$userfields[0][4] = $Pivot_Vars['username'];
$userfields[3][6] = $Pivot_Vars['userlevel'];
new_user(1, $userfields);
} else {
if ($Pivot_Vars['userlevel'] == 3 && $Pivot_Vars['confirmed'] != 1) {
$vars = array('username', $Pivot_Vars['username'], 'pass1', $Pivot_Vars['pass1'], 'pass2', $Pivot_Vars['pass2'], 'email', $Pivot_Vars['email'], 'userlevel', $Pivot_Vars['userlevel']);
ConfirmPage(lang('userinfo', 'c_admin_title'), $vars, sprintf(lang('userinfo', 'c_admin_message'), $Pivot_Vars['username']));
} elseif ($Pivot_Vars['userlevel'] < 3 || $Pivot_Vars['confirmed'] == 1) {
$Users[$Pivot_Vars['username']]['pass'] = md5($Pivot_Vars['pass1']);
$Users[$Pivot_Vars['username']]['email'] = $Pivot_Vars['email'];
$Users[$Pivot_Vars['username']]['userlevel'] = $Pivot_Vars['userlevel'];
$Users[$Pivot_Vars['username']]['language'] = $Pivot_Vars['language'];
$Users[$Pivot_Vars['username']]['wysiwyg'] = $Pivot_Vars['wysiwyg'];
$Users[$Pivot_Vars['username']]['username'] = $Pivot_Vars['username'];
$Users[$Pivot_Vars['username']]['nick'] = $Pivot_Vars['username'];
$Users[$Pivot_Vars['username']]['view'] = $Pivot_Vars['view'];
$Cfg['users'] .= '|' . $Pivot_Vars['username'];
// set the categories.,
$cats = cfg_cats();
foreach ($cats as $category) {
$allowed_users = explode("|", $Cfg['cat-' . $category['name']]);
if (isset($Pivot_Vars['allowed'][urlencode($category['name'])])) {
// add the user (and ensure it's only added once) ..
$allowed_users[] = $Pivot_Vars['username'];
$allowed_users = array_unique($allowed_users);
} else {
// remove the user (in case the same name have been used and
// assigned to this category before)
if (in_array($Pivot_Vars['username'], $allowed_users)) {
foreach ($allowed_users as $key => $user) {
if ($user == $Pivot_Vars['username']) {
unset($allowed_users[$key]);
}
}
}
}
$Cfg['cat-' . $category['name']] = implode("|", $allowed_users);
}
SaveSettings();
see_users();
}
}
}
