public function delmember()
{
$user_id = $this->_get['id'];
if (ADMINUSERID != 1) {
make_json_error('对不起,您无权删除其他管理员');
}
if ($user_id == ADMINUSERID) {
make_json_error('您不能删除自己');
}
if ($user_id) {
mod_member::member_delete($user_id);
$list = mod_member::member_list($start, $level, 20);
pm_tpl::assign('admin_list', $list['data']);
make_json_result(pm_tpl::fetch('member_list'));
} else {
make_json_error('删除失败');
}
}
$_POST['level_point'] > $maxpoint && ($_POST['level_point'] = $maxpoint);
$_POST['level_money'] > $maxmoney && ($_POST['level_money'] = $maxmoney);
if (!empty($_POST['level_point']) && strpos($_POST['level_point'], '%') === false) {
$_POST['level_point'] .= '%';
}
if (!empty($_POST['level_money']) && strpos($_POST['level_money'], '%') === false) {
$_POST['level_money'] .= '%';
}
$items = array('level_point' => $_POST['level_point'], 'level_money' => $_POST['level_money']);
$links[] = array('text' => $_LANG['affiliate'], 'href' => 'affiliate.php?act=list');
$config['item'][] = $items;
$config['on'] = 1;
$config['config']['separate_by'] = 0;
put_affiliate($config);
} else {
make_json_error($_LANG['level_error']);
}
ecs_header("Location: affiliate.php?act=query\n");
exit;
} elseif ($_REQUEST['act'] == 'updata') {
$separate_by = intval($_POST['separate_by']) == 1 ? 1 : 0;
$_POST['expire'] = (double) $_POST['expire'];
$_POST['level_point_all'] = (double) $_POST['level_point_all'];
$_POST['level_money_all'] = (double) $_POST['level_money_all'];
$_POST['level_money_all'] > 100 && ($_POST['level_money_all'] = 100);
$_POST['level_point_all'] > 100 && ($_POST['level_point_all'] = 100);
if (!empty($_POST['level_point_all']) && strpos($_POST['level_point_all'], '%') === false) {
$_POST['level_point_all'] .= '%';
}
if (!empty($_POST['level_money_all']) && strpos($_POST['level_money_all'], '%') === false) {
$_POST['level_money_all'] .= '%';
} else {
continue;
}
}
}
$sql = "DELETE FROM " . $ecs->table("region") . "WHERE region_id" . db_create_in($delete_region);
$db->query($sql);
if ($exc->drop($id)) {
admin_log(addslashes($region['region_name']), 'remove', 'area');
/* 获取地区列表 */
$region_arr = area_list($region['parent_id']);
$smarty->assign('region_arr', $region_arr);
$smarty->assign('region_type', $region['region_type']);
make_json_result($smarty->fetch('area_list.htm'));
} else {
make_json_error($db->error());
}
}
function new_region_id($region_id)
{
$regions_id = array();
if (empty($region_id)) {
return $regions_id;
}
$sql = "SELECT region_id FROM " . $GLOBALS['ecs']->table("region") . "WHERE parent_id " . db_create_in($region_id);
$result = $GLOBALS['db']->getAll($sql);
foreach ($result as $val) {
$regions_id[] = $val['region_id'];
}
return $regions_id;
}
foreach ($arr as $key => $val) {
$opt[] = array('value' => $val['goods_id'], 'text' => $val['goods_name'], 'data' => '');
}
make_json_result($opt);
} elseif ($_REQUEST['act'] == 'drop_link_goods') {
include_once ROOT_PATH . 'includes/cls_json.php';
$json = new JSON();
check_authz_json('article_manage');
$drop_goods = $json->decode($_GET['drop_ids']);
$arguments = $json->decode($_GET['JSON']);
$article_id = $arguments[0];
if ($article_id == 0) {
$article_id = $db->getOne('SELECT MAX(article_id)+1 AS article_id FROM ' . $ecs->table('article'));
}
$sql = "DELETE FROM " . $ecs->table('goods_article') . " WHERE article_id = '{$article_id}' AND goods_id " . db_create_in($drop_goods);
$db->query($sql, 'SILENT') or make_json_error($db->error());
/* 重新载入 */
$arr = get_article_goods($article_id);
$opt = array();
foreach ($arr as $key => $val) {
$opt[] = array('value' => $val['goods_id'], 'text' => $val['goods_name'], 'data' => '');
}
make_json_result($opt);
}
/*------------------------------------------------------ */
//-- 搜索商品
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'get_goods_list') {
include_once ROOT_PATH . 'includes/cls_json.php';
$json = new JSON();
$filters = $json->decode($_GET['JSON']);
/* 更新配置 */
$_CFG['mail_service'] = intval($_POST['mail_service']);
$_CFG['smtp_host'] = trim($_POST['smtp_host']);
$_CFG['smtp_port'] = trim($_POST['smtp_port']);
$_CFG['smtp_user'] = json_str_iconv(trim($_POST['smtp_user']));
$_CFG['smtp_pass'] = trim($_POST['smtp_pass']);
$_CFG['smtp_mail'] = trim($_POST['reply_email']);
$_CFG['mail_charset'] = trim($_POST['mail_charset']);
if (send_mail('', $email, $_LANG['test_mail_title'], $_LANG['cfg_name']['email_content'], 0))
{
make_json_result('', $_LANG['sendemail_success'] . $email);
}
else
{
make_json_error(join("\n", $err->_message));
}
}
/*------------------------------------------------------ */
//-- 删除上传文件
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'del')
{
/* 检查权限 */
check_authz_json('shop_config');
/* 取得参数 */
$code = trim($_GET['code']);
$filename = $_CFG[$code];
}
} else {
if (!empty($_REQUEST['is_ajax'])) {
make_json_error($_LANG['priv_error']);
} else {
ecs_header("Location: privilege.php?act=login\n");
}
exit;
}
}
$smarty->assign('token', $_CFG['token']);
if ($_REQUEST['act'] != 'login' && $_REQUEST['act'] != 'signin' && $_REQUEST['act'] != 'forget_pwd' && $_REQUEST['act'] != 'reset_pwd' && $_REQUEST['act'] != 'check_order') {
$admin_path = preg_replace('/:\\d+/', '', $ecs->url()) . ADMIN_PATH;
if (!empty($_SERVER['HTTP_REFERER']) && strpos(preg_replace('/:\\d+/', '', $_SERVER['HTTP_REFERER']), $admin_path) === false) {
if (!empty($_REQUEST['is_ajax'])) {
make_json_error($_LANG['priv_error']);
} else {
ecs_header("Location: privilege.php?act=login\n");
}
exit;
}
}
/* 管理员登录后可在任何页面使用 act=phpinfo 显示 phpinfo() 信息 */
if ($_REQUEST['act'] == 'phpinfo' && function_exists('phpinfo')) {
phpinfo();
exit;
}
//header('Cache-control: private');
header('content-type: text/html; charset=' . EC_CHARSET);
header('Expires: Fri, 14 Mar 1980 20:53:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
$no = empty($_POST['val']) ? 'N/A' : json_str_iconv(trim($_POST['val']));
$no = $no == 'N/A' ? '' : $no;
$order_id = empty($_POST['id']) ? 0 : intval($_POST['id']);
if ($order_id == 0) {
make_json_error('NO ORDER ID');
exit;
}
$sql = 'UPDATE ' . $GLOBALS['ecs']->table('order_info') . " SET pay_note='{$no}' WHERE order_id = '{$order_id}'";
if ($GLOBALS['db']->query($sql)) {
if (empty($no)) {
make_json_result('N/A');
} else {
make_json_result(stripcslashes($no));
}
} else {
make_json_error($GLOBALS['db']->errorMsg());
}
} elseif ($_REQUEST['act'] == 'get_goods_info') {
/* 取得订单商品 */
$order_id = isset($_REQUEST['order_id']) ? intval($_REQUEST['order_id']) : 0;
if (empty($order_id)) {
make_json_response('', 1, $_LANG['error_get_goods_info']);
}
$goods_list = array();
$goods_attr = array();
$sql = "SELECT o.*, g.goods_thumb, g.goods_number AS storage, o.goods_attr, IFNULL(b.brand_name, '') AS brand_name " . "FROM " . $ecs->table('order_goods') . " AS o " . "LEFT JOIN " . $ecs->table('goods') . " AS g ON o.goods_id = g.goods_id " . "LEFT JOIN " . $ecs->table('brand') . " AS b ON g.brand_id = b.brand_id " . "WHERE o.order_id = '{$order_id}' ";
$res = $db->query($sql);
while ($row = $db->fetchRow($res)) {
/* 虚拟商品支持 */
if ($row['is_real'] == 0) {
/* 取得语言项 */
$val = intval($_POST['val']);
$sql = "SELECT ext_info FROM " . $ecs->table('goods_activity') . " WHERE act_id = '{$id}' AND act_type = '" . GAT_GROUP_BUY . "'";
$ext_info = unserialize($db->getOne($sql));
$ext_info['restrict_amount'] = $val;
$sql = "UPDATE " . $ecs->table('goods_activity') . " SET ext_info = '" . serialize($ext_info) . "'" . " WHERE act_id = '{$id}'";
$db->query($sql);
clear_cache_files();
make_json_result($val);
} elseif ($_REQUEST['act'] == 'remove') {
check_authz_json('group_by');
$id = intval($_GET['id']);
/* 取得团购活动信息 */
$group_buy = group_buy_info($id);
/* 如果团购活动已经有订单,不能删除 */
if ($group_buy['valid_order'] > 0) {
make_json_error($_LANG['error_exist_order']);
}
/* 删除团购活动 */
$sql = "DELETE FROM " . $ecs->table('goods_activity') . " WHERE act_id = '{$id}' LIMIT 1";
$db->query($sql);
admin_log(addslashes($group_buy['goods_name']) . '[' . $id . ']', 'remove', 'group_buy');
clear_cache_files();
$url = 'group_buy.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
}
/*
* 取得团购活动列表
* @return array
*/
function group_buy_list()
}
/*------------------------------------------------------ */
//-- 更新库项目内容
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'update_library') {
check_authz_json('library_manage');
$html = stripslashes(json_str_iconv($_POST['html']));
$lib_file = '../themes/' . $_CFG['template'] . '/library/' . $_POST['lib'] . '.lbi';
$lib_file = str_replace("0xa", '', $lib_file);
// 过滤 0xa 非法字符
$org_html = str_replace("", '', file_get_contents($lib_file));
if (@file_exists($lib_file) === true && @file_put_contents($lib_file, $html)) {
@file_put_contents('../temp/backup/library/' . $_CFG['template'] . '-' . $_POST['lib'] . '.lbi', $org_html);
make_json_result('', $_LANG['update_lib_success']);
} else {
make_json_error(sprintf($_LANG['update_lib_failed'], 'themes/' . $_CFG['template'] . '/library'));
}
}
/*------------------------------------------------------ */
//-- 还原库项目
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'restore_library') {
admin_priv('backup_setting');
$lib_name = trim($_GET['lib']);
$lib_file = '../themes/' . $_CFG['template'] . '/library/' . $lib_name . '.lbi';
$lib_file = str_replace("0xa", '', $lib_file);
// 过滤 0xa 非法字符
$lib_backup = '../temp/backup/library/' . $_CFG['template'] . '-' . $lib_name . '.lbi';
$lib_backup = str_replace("0xa", '', $lib_backup);
// 过滤 0xa 非法字符
if (file_exists($lib_backup) && filemtime($lib_backup) >= filemtime($lib_file)) {
$packages = get_packagelist();
$smarty->assign('package_list', $packages['packages']);
$smarty->assign('filter', $packages['filter']);
$smarty->assign('record_count', $packages['record_count']);
$smarty->assign('page_count', $packages['page_count']);
$sort_flag = sort_flag($packages['filter']);
$smarty->assign($sort_flag['tag'], $sort_flag['img']);
make_json_result($smarty->fetch('package_list.htm'), '', array('filter' => $packages['filter'], 'page_count' => $packages['page_count']));
} elseif ($_REQUEST['act'] == 'edit_package_name') {
check_authz_json('package_manage');
$id = intval($_POST['id']);
$val = json_str_iconv(trim($_POST['val']));
/* 检查活动重名 */
$sql = "SELECT COUNT(*) " . " FROM " . $hhs->table('goods_activity') . " WHERE act_type='" . GAT_PACKAGE . "' AND act_name='{$val}' AND act_id <> '{$id}'";
if ($db->getOne($sql)) {
make_json_error(sprintf($_LANG['package_exist'], $val));
}
$exc->edit("act_name='{$val}'", $id);
make_json_result(stripslashes($val));
} elseif ($_REQUEST['act'] == 'search_goods') {
include_once ROOT_PATH . 'includes/cls_json.php';
$json = new JSON();
$filters = $json->decode($_GET['JSON']);
$arr = get_goods_list($filters);
$opt = array();
foreach ($arr as $key => $val) {
$opt[$key] = array('value' => $val['goods_id'], 'text' => $val['goods_name'], 'data' => $val['shop_price']);
$opt[$key]['products'] = get_good_products($val['goods_id']);
}
make_json_result($opt);
} elseif ($_REQUEST['act'] == 'add_package_goods') {
$snatchs = get_snatchlist();
$smarty->assign('snatch_list', $snatchs['snatchs']);
$smarty->assign('filter', $snatchs['filter']);
$smarty->assign('record_count', $snatchs['record_count']);
$smarty->assign('page_count', $snatchs['page_count']);
$sort_flag = sort_flag($snatchs['filter']);
$smarty->assign($sort_flag['tag'], $sort_flag['img']);
make_json_result($smarty->fetch('snatch_list.htm'), '', array('filter' => $snatchs['filter'], 'page_count' => $snatchs['page_count']));
} elseif ($_REQUEST['act'] == 'edit_snatch_name') {
check_authz_json('snatch_manage');
$id = intval($_POST['id']);
$val = json_str_iconv(trim($_POST['val']));
/* 检查活动重名 */
$sql = "SELECT COUNT(*) " . " FROM " . $ecs->table('goods_activity') . " WHERE act_type='" . GAT_SNATCH . "' AND act_name='{$val}' AND act_id <> '{$id}'";
if ($db->getOne($sql)) {
make_json_error(sprintf($_LANG['snatch_name_exist'], $val));
}
$exc->edit("act_name='{$val}'", $id);
make_json_result(stripslashes($val));
} elseif ($_REQUEST['act'] == 'remove') {
check_authz_json('attr_manage');
$id = intval($_GET['id']);
$exc->drop($id);
$url = 'snatch.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
} elseif ($_REQUEST['act'] == 'edit') {
/* 权限判断 */
admin_priv('snatch_manage');
$snatch = get_snatch_info($_REQUEST['id']);
$snatch['option'] = '<option value="' . $snatch['goods_id'] . '">' . $snatch['goods_name'] . '</option>';
}
ecs_header("Location: shophelp.php?act=list_cat\n");
exit;
} elseif ($_REQUEST['act'] == 'edit_title') {
check_authz_json('shophelp_manage');
$id = intval($_POST['id']);
$title = json_str_iconv(trim($_POST['val']));
/* 检查文章标题是否有重名 */
if ($exc_article->num('title', $title, $id) == 0) {
if ($exc_article->edit("title = '{$title}'", $id)) {
clear_cache_files();
admin_log($title, 'edit', 'shophelp');
make_json_result(stripslashes($title));
}
} else {
make_json_error(sprintf($_LANG['articlename_exist'], $title));
}
}
/* 获得网店帮助文章分类 */
function get_shophelp_list()
{
$list = array();
$sql = 'SELECT cat_id, cat_name, sort_order' . ' FROM ' . $GLOBALS['ecs']->table('article_cat') . ' WHERE cat_type = 0 ORDER BY sort_order';
$res = $GLOBALS['db']->query($sql);
while ($rows = $GLOBALS['db']->fetchRow($res)) {
$sql = 'SELECT COUNT(*) FROM ' . $GLOBALS['ecs']->table('article') . " WHERE cat_id = '{$rows['cat_id']}'";
$rows['num'] = $GLOBALS['db']->getOne($sql);
$list[] = $rows;
}
return $list;
}
exit;
} elseif ($_REQUEST['act'] == 'edit_name') {
check_authz_json('supplier_rank');
$id = intval($_REQUEST['id']);
$val = empty($_REQUEST['val']) ? '' : json_str_iconv(trim($_REQUEST['val']));
if ($exc->is_only('rank_name', $val, $id)) {
if ($exc->edit("rank_name = '{$val}'", $id)) {
/* 管理员日志 */
clear_cache_files();
make_json_result(stripcslashes($val));
} else {
make_json_error($db->error());
}
} else {
make_json_error(sprintf($_LANG['rank_name_exists'], htmlspecialchars($val)));
}
} elseif ($_REQUEST['act'] == 'edit_sort') {
check_authz_json('supplier_rank');
$rank_id = empty($_REQUEST['id']) ? 0 : intval($_REQUEST['id']);
$val = empty($_REQUEST['val']) ? 0 : intval($_REQUEST['val']);
if ($val < 0 || $val > 255) {
make_json_error($_LANG['js_languages']['sort_order_invalid']);
}
if ($exc->edit("sort_order = '{$val}'", $rank_id)) {
$rank_name = $exc->get_name($rank_id);
clear_cache_files();
make_json_result($val);
} else {
make_json_error($val);
}
}
} elseif ($_REQUEST['act'] == 'remove') {
check_authz_json('admin_drop');
$id = intval($_GET['id']);
/* 获得管理员用户名 */
$admin_name = $db->getOne('SELECT user_name FROM ' . $ecs->table('admin_user') . " WHERE user_id='{$id}'");
/* demo这个管理员不允许删除 */
if ($admin_name == 'demo') {
make_json_error($_LANG['edit_remove_cannot']);
}
/* ID为1的不允许删除 */
if ($id == 1) {
make_json_error($_LANG['remove_cannot']);
}
/* 管理员不能删除自己 */
if ($id == $_SESSION['admin_id']) {
make_json_error($_LANG['remove_self_cannot']);
}
if ($exc->drop($id)) {
$sess->delete_spec_admin_session($id);
// 删除session中该管理员的记录
admin_log(addslashes($admin_name), 'remove', 'privilege');
clear_cache_files();
}
$url = 'privilege.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
}
/* 获取管理员列表 */
function get_admin_userlist()
{
$list = array();
$smarty->display('wholesale_list.htm');
} elseif ($_REQUEST['act'] == 'query') {
$list = wholesale_list();
$smarty->assign('wholesale_list', $list['item']);
$smarty->assign('filter', $list['filter']);
$smarty->assign('record_count', $list['record_count']);
$smarty->assign('page_count', $list['page_count']);
$sort_flag = sort_flag($list['filter']);
$smarty->assign($sort_flag['tag'], $sort_flag['img']);
make_json_result($smarty->fetch('wholesale_list.htm'), '', array('filter' => $list['filter'], 'page_count' => $list['page_count']));
} elseif ($_REQUEST['act'] == 'remove') {
check_authz_json('whole_sale');
$id = intval($_GET['id']);
$wholesale = wholesale_info($id);
if (empty($wholesale)) {
make_json_error($_LANG['wholesale_not_exist']);
}
$name = $wholesale['goods_name'];
/* 删除记录 */
$sql = "DELETE FROM " . $ecs->table('wholesale') . " WHERE act_id = '{$id}' LIMIT 1";
$db->query($sql);
/* 记日志 */
admin_log($name, 'remove', 'wholesale');
/* 清除缓存 */
clear_cache_files();
$url = 'wholesale.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
} elseif ($_REQUEST['act'] == 'batch') {
/* 取得要操作的记录编号 */
if (empty($_POST['checkboxes'])) {
$sql = "INSERT INTO " . $ecs->table('brand') . "(brand_name)" . "VALUES ( '{$brand}')";
$db->query($sql);
$brand_id = $db->insert_id();
$arr = array("id" => $brand_id, "brand" => $brand);
make_json_result($arr);
}
} elseif ($_REQUEST['act'] == 'edit_sort_order') {
check_authz_json('brand_manage');
$id = intval($_POST['id']);
$order = intval($_POST['val']);
$name = $exc->get_name($id);
if ($exc->edit("sort_order = '{$order}'", $id)) {
admin_log(addslashes($name), 'edit', 'brand');
make_json_result($order);
} else {
make_json_error(sprintf($_LANG['brandedit_fail'], $name));
}
} elseif ($_REQUEST['act'] == 'toggle_show') {
check_authz_json('brand_manage');
$id = intval($_POST['id']);
$val = intval($_POST['val']);
$exc->edit("is_show='{$val}'", $id);
make_json_result($val);
} elseif ($_REQUEST['act'] == 'remove') {
check_authz_json('brand_manage');
$id = intval($_GET['id']);
/* 删除该品牌的图标 */
$sql = "SELECT brand_logo FROM " . $ecs->table('brand') . " WHERE brand_id = '{$id}'";
$logo_name = $db->getOne($sql);
if (!empty($logo_name)) {
@unlink(ROOT_PATH . DATA_DIR . '/brandlogo/' . $logo_name);
//记录日志
admin_log('', 'update', 'goods');
}
//记录日志
admin_log('', 'trash', 'products');
$url = 'goods.php?act=product_query&' . str_replace('act=product_remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
}
} elseif ($_REQUEST['act'] == 'edit_product_sn') {
check_authz_json('goods_manage');
$product_id = intval($_POST['id']);
$product_sn = json_str_iconv(trim($_POST['val']));
$product_sn = $_LANG['n_a'] == $product_sn ? '' : $product_sn;
if (check_product_sn_exist($product_sn, $product_id)) {
make_json_error($_LANG['sys']['wrong'] . $_LANG['exist_same_product_sn']);
}
/* 修改 */
$sql = "UPDATE " . $ecs->table('products') . " SET product_sn = '{$product_sn}' WHERE product_id = '{$product_id}'";
$result = $db->query($sql);
if ($result) {
clear_cache_files();
make_json_result($product_sn);
}
} elseif ($_REQUEST['act'] == 'edit_product_number') {
check_authz_json('goods_manage');
$product_id = intval($_POST['id']);
$product_number = intval($_POST['val']);
/* 货品库存 */
$product = get_product_info($product_id, 'product_number, goods_id');
/* 修改货品库存 */
clear_cache_files();
$link[] = array('text' => $_LANG['back_list'], 'href' => 'attribute.php?act=list');
sys_msg(sprintf($_LANG['drop_ok'], $count), 0, $link);
} else {
$link[] = array('text' => $_LANG['back_list'], 'href' => 'attribute.php?act=list');
sys_msg($_LANG['no_select_arrt'], 0, $link);
}
} elseif ($_REQUEST['act'] == 'edit_attr_name') {
check_authz_json('attr_manage');
$id = intval($_POST['id']);
$val = json_str_iconv(trim($_POST['val']));
/* 取得该属性所属商品类型id */
$cat_id = $exc->get_name($id, 'cat_id');
/* 检查属性名称是否重复 */
if (!$exc->is_only('attr_name', $val, $id, " cat_id = '{$cat_id}'")) {
make_json_error($_LANG['name_exist']);
}
$exc->edit("attr_name='{$val}'", $id);
admin_log($val, 'edit', 'attribute');
make_json_result(stripslashes($val));
} elseif ($_REQUEST['act'] == 'edit_sort_order') {
check_authz_json('attr_manage');
$id = intval($_POST['id']);
$val = intval($_POST['val']);
$exc->edit("sort_order='{$val}'", $id);
admin_log(addslashes($exc->get_name($id)), 'edit', 'attribute');
make_json_result(stripslashes($val));
} elseif ($_REQUEST['act'] == 'remove') {
check_authz_json('attr_manage');
$id = intval($_GET['id']);
$db->query("DELETE FROM " . $ecs->table('attribute') . " WHERE attr_id='{$id}'");
}
} elseif ($_REQUEST['act'] == 'edit_order') {
$id = intval($_REQUEST['id']);
$val = isset($_REQUEST['val']) ? json_str_iconv(trim($_REQUEST['val'])) : '';
check_authz_json('reg_fields');
if (is_numeric($val)) {
if ($exc->edit("dis_order = '{$val}'", $id)) {
/* 管理员日志 */
admin_log($val, 'edit', 'reg_fields');
clear_cache_files();
make_json_result(stripcslashes($val));
} else {
make_json_error($db->error());
}
} else {
make_json_error($_LANG['order_not_num']);
}
} elseif ($_REQUEST['act'] == 'toggle_dis') {
check_authz_json('reg_fields');
$id = intval($_POST['id']);
$is_dis = intval($_POST['val']);
if ($exc->edit("display = '{$is_dis}'", $id)) {
clear_cache_files();
make_json_result($is_dis);
}
} elseif ($_REQUEST['act'] == 'toggle_need') {
check_authz_json('reg_fields');
$id = intval($_POST['id']);
$is_need = intval($_POST['val']);
if ($exc->edit("is_need = '{$is_need}'", $id)) {
clear_cache_files();
check_authz_json('users_manage');
$id = empty($_REQUEST['id']) ? 0 : intval($_REQUEST['id']);
$email = empty($_REQUEST['val']) ? '' : json_str_iconv(trim($_REQUEST['val']));
$users =& init_users();
$sql = "SELECT user_name FROM " . $ecs->table('users') . " WHERE user_id = '{$id}'";
$username = $db->getOne($sql);
if (is_email($email)) {
if ($users->edit_user(array('username' => $username, 'email' => $email))) {
admin_log(addslashes($username), 'edit', 'users');
make_json_result(stripcslashes($email));
} else {
$msg = $users->error == ERR_EMAIL_EXISTS ? $GLOBALS['_LANG']['email_exists'] : $GLOBALS['_LANG']['edit_user_failed'];
make_json_error($msg);
}
} else {
make_json_error($GLOBALS['_LANG']['invalid_email']);
}
} elseif ($_REQUEST['act'] == 'remove') {
/* 检查权限 */
admin_priv('users_drop');
$sql = "SELECT user_name FROM " . $ecs->table('users') . " WHERE user_id = '" . $_GET['id'] . "'";
$username = $db->getOne($sql);
/* 通过插件来删除用户 */
$users =& init_users();
$users->remove_user($username);
//已经删除用户所有数据
/* 记录管理员操作 */
admin_log(addslashes($username), 'remove', 'users');
/* 提示信息 */
$link[] = array('text' => $_LANG['go_back'], 'href' => 'users.php?act=list');
sys_msg(sprintf($_LANG['remove_success'], $username), 0, $link);
$db_write->query("update order_delivery set status=1 WHERE order_id = '{$order}'");
}
$url = 'shipping_delivery.php?act=query&' . str_replace('act=delete', '', $_SERVER['QUERY_STRING']);
los_header("Location: {$url}\n");
exit;
} elseif ($_REQUEST['act'] == 'check_eg') {
//admin_priv('26');
$order = intval($_REQUEST['id']);
$sql = "UPDATE order_delivery SET status =2,admind = '" . $_SESSION['admin_id'] . "',out_time = '" . time() . "' WHERE order_id = '{$order}'";
$res = $db_write->query($sql);
if ($res) {
$url = 'shipping_delivery.php?act=query&' . str_replace('act=check_eg', '', $_SERVER['QUERY_STRING']);
los_header("Location: {$url}\n");
exit;
} else {
make_json_error('审核出错!请检查!');
}
} elseif ($_REQUEST['act'] == 'employee') {
require ROOT_PATH . 'includes/cls_json.php';
$stn = intval($_GET['stn']);
$sql = "select id as employee_id,name as employee_name from hr_employees where station_id = '" . $stn . "' and flag=1";
$arr = $db_read->getAll($sql);
$json = new JSON();
echo $json->encode($arr);
}
function order_list()
{
$filter['sdate'] = empty($_REQUEST['sdate']) ? '' : trim($_REQUEST['sdate']);
$filter['order_sn'] = empty($_REQUEST['order_sn']) ? '' : trim($_REQUEST['order_sn']);
$filter['turn'] = empty($_REQUEST['turn']) ? 0 : intval($_REQUEST['turn']);
$filter['station'] = empty($_REQUEST['station']) ? '' : intval($_REQUEST['station']);
/* 更新管理员的权限 */
$act_list = @join(",", $_POST['action_code']);
$sql = "UPDATE " . $ecs->table('role') . " SET action_list = '{$act_list}', role_name = '" . $_POST['user_name'] . "', role_describe = '" . $_POST['role_describe'] . " ' " . "WHERE role_id = '{$_POST['id']}'";
$db->query($sql);
$user_sql = "UPDATE " . $ecs->table('admin_user') . " SET action_list = '{$act_list}' " . "WHERE role_id = '{$_POST['id']}'";
$db->query($user_sql);
/* 提示信息 */
$link[] = array('text' => $_LANG['back_admin_list'], 'href' => 'role.php?act=list');
sys_msg($_LANG['edit'] . " " . $_POST['user_name'] . " " . $_LANG['action_succeed'], 0, $link);
} elseif ($_REQUEST['act'] == 'remove') {
check_authz_json('admin_drop');
$id = intval($_GET['id']);
$num_sql = "SELECT count(*) FROM " . $ecs->table('admin_user') . " WHERE role_id = '{$_GET['id']}'";
$remove_num = $db->getOne($num_sql);
if ($remove_num > 0) {
make_json_error($_LANG['remove_cannot_user']);
} else {
$exc->drop($id);
$url = 'role.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
}
ecs_header("Location: {$url}\n");
exit;
}
/* 获取角色列表 */
function get_role_list()
{
$list = array();
$sql = 'SELECT role_id, role_name, action_list, role_describe ' . 'FROM ' . $GLOBALS['ecs']->table('role') . ' ORDER BY role_id DESC';
$list = $GLOBALS['db']->getAll($sql);
return $list;
}
$smarty->assign('auction_list', $list['item']);
$smarty->assign('filter', $list['filter']);
$smarty->assign('record_count', $list['record_count']);
$smarty->assign('page_count', $list['page_count']);
$sort_flag = sort_flag($list['filter']);
$smarty->assign($sort_flag['tag'], $sort_flag['img']);
make_json_result($smarty->fetch('auction_list.htm'), '', array('filter' => $list['filter'], 'page_count' => $list['page_count']));
} elseif ($_REQUEST['act'] == 'remove') {
check_authz_json('auction');
$id = intval($_GET['id']);
$auction = auction_info($id);
if (empty($auction)) {
make_json_error($_LANG['auction_not_exist']);
}
if ($auction['bid_user_count'] > 0) {
make_json_error($_LANG['auction_cannot_remove']);
}
$name = $auction['act_name'];
$exc->drop($id);
/* 记日志 */
admin_log($name, 'remove', 'auction');
/* 清除缓存 */
clear_cache_files();
$url = 'auction.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
} elseif ($_REQUEST['act'] == 'batch') {
/* 取得要操作的记录编号 */
if (empty($_POST['checkboxes'])) {
sys_msg($_LANG['no_record_selected']);
} else {
} elseif ($_REQUEST['act'] == 'drop_goods') {
// 检查权限
check_authz_json('remove_back');
// 取得参数
$goods_id = intval($_REQUEST['id']);
if ($goods_id <= 0) {
make_json_error('invalid params');
}
/* 取得商品信息 */
$sql = 'SELECT goods_id, goods_name, is_delete, is_real, goods_thumb, ' . 'goods_img, original_img ' . 'FROM ' . $ecs->table('goods') . " WHERE goods_id = '{$goods_id}'";
$goods = $db->getRow($sql);
if (empty($goods)) {
make_json_error($_LANG['goods_not_exist']);
}
if ($goods['is_delete'] != 1) {
make_json_error($_LANG['goods_not_in_recycle_bin']);
}
/* 删除商品图片和轮播图片 */
if (!empty($goods['goods_thumb'])) {
@unlink('../' . $goods['goods_thumb']);
}
if (!empty($goods['goods_img'])) {
@unlink('../' . $goods['goods_img']);
}
if (!empty($goods['original_img'])) {
@unlink('../' . $goods['original_img']);
}
/* 删除商品 */
$exc->drop($goods_id);
/* 记录日志 */
admin_log(addslashes($goods['goods_name']), 'remove', 'goods');
$img_name = basename($link_logo);
@unlink(ROOT_PATH . DATA_DIR . '/afficheimg/' . $img_name);
}
$exc->drop($id);
clear_cache_files();
admin_log('', 'remove', 'friendlink');
$url = 'friend_link.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
} elseif ($_REQUEST['act'] == 'edit_show_order') {
check_authz_json('friendlink');
$id = intval($_POST['id']);
$order = json_str_iconv(trim($_POST['val']));
/* 检查输入的值是否合法 */
if (!preg_match("/^[0-9]+\$/", $order)) {
make_json_error(sprintf($_LANG['enter_int'], $order));
} else {
if ($exc->edit("show_order = '{$order}'", $id)) {
clear_cache_files();
make_json_result(stripslashes($order));
}
}
}
/* 获取友情链接数据列表 */
function get_links_list()
{
$result = get_filter();
if ($result === false) {
$filter = array();
$filter['sort_by'] = empty($_REQUEST['sort_by']) ? 'link_id' : trim($_REQUEST['sort_by']);
$filter['sort_order'] = empty($_REQUEST['sort_order']) ? 'DESC' : trim($_REQUEST['sort_order']);
/**
* 检查管理员权限,返回JSON格式数剧
*
* @access public
* @param string $authz
* @return void
*/
function check_authz_json($authz)
{
if (!check_authz($authz)) {
make_json_error($GLOBALS['_LANG']['priv_error']);
}
}
$result = $GLOBALS['db']->query($sql);
if ($result) {
/* 绠$悊鍛樻棩蹇 */
admin_log(addslashes($tag_name), 'remove', 'tag_manage');
$url = 'tag_manage.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
} else {
make_json_error($db->error());
}
} elseif ($_REQUEST['act'] == "edit_tag_name") {
check_authz_json('tag_manage');
$name = json_str_iconv(trim($_POST['val']));
$id = intval($_POST['id']);
if (!tag_is_only($name, $id)) {
make_json_error(sprintf($_LANG['tagword_exist'], $name));
} else {
edit_tag($name, $id);
make_json_result(stripslashes($name));
}
}
/**
* 鍒ゆ柇鍚屼竴鍟嗗搧鐨勬爣绛炬槸鍚﹀敮涓€
*
* @param $name 鏍囩?鍚
* @param $id 鏍囩?id
* @return bool
*/
function tag_is_only($name, $tag_id, $goods_id = '')
{
if (empty($goods_id)) {
admin_log('', 'batch_remove', 'shipping_area');
}
/* 返回 */
$links[0] = array('href' => 'shipping_area.php?act=list&shipping=' . intval($_REQUEST['shipping']), 'text' => $_LANG['go_back']);
sys_msg($_LANG['remove_success'], 0, $links);
} elseif ($_REQUEST['act'] == 'edit_area') {
/* 检查权限 */
check_authz_json('shiparea_manage');
/* 取得参数 */
$id = intval($_POST['id']);
$val = json_str_iconv(trim($_POST['val']));
/* 取得该区域所属的配送id */
$shipping_id = $exc->get_name($id, 'shipping_id');
/* 检查是否有重复的配送区域名称 */
if (!$exc->is_only('shipping_area_name', $val, $id, "shipping_id = '{$shipping_id}'")) {
make_json_error($_LANG['repeat_area_name']);
}
/* 更新名称 */
$exc->edit("shipping_area_name = '{$val}'", $id);
/* 记录日志 */
admin_log($val, 'edit', 'shipping_area');
/* 返回 */
make_json_result(stripcslashes($val));
} elseif ($_REQUEST['act'] == 'remove_area') {
check_authz_json('shiparea_manage');
$id = intval($_GET['id']);
$name = $exc->get_name($id);
$shipping_id = $exc->get_name($id, 'shipping_id');
$exc->drop($id);
$db->query('DELETE FROM ' . $ecs->table('area_region') . ' WHERE shipping_area_id=' . $id);
admin_log($name, 'remove', 'shipping_area');
$cat_name = $db->getOne('SELECT cat_name FROM ' . $ecs->table('category') . " WHERE cat_id='{$cat_id}'");
/* 当前分类下是否有子分类 */
$cat_count = $db->getOne('SELECT COUNT(*) FROM ' . $ecs->table('category') . " WHERE parent_id='{$cat_id}'");
/* 当前分类下是否存在商品 */
$goods_count = $db->getOne('SELECT COUNT(*) FROM ' . $ecs->table('goods') . " WHERE cat_id='{$cat_id}'");
/* 如果不存在下级子分类和商品,则删除之 */
if ($cat_count == 0 && $goods_count == 0) {
/* 删除分类 */
$sql = 'DELETE FROM ' . $ecs->table('category') . " WHERE cat_id = '{$cat_id}'";
if ($db->query($sql)) {
$db->query("DELETE FROM " . $ecs->table('nav') . "WHERE ctype = 'c' AND cid = '" . $cat_id . "' AND type = 'middle'");
clear_cache_files();
admin_log($cat_name, 'remove', 'category');
}
} else {
make_json_error($cat_name . ' ' . $_LANG['cat_isleaf']);
}
$url = 'category.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
}
/*------------------------------------------------------ */
//-- PRIVATE FUNCTIONS
/*------------------------------------------------------ */
//
///**
// * 检查分类是否已经存在
// *
// * @param string $cat_name 分类名称
// * @param integer $parent_cat 上级分类
// * @param integer $exclude 排除的分类ID
}
if ($exc->edit("ad_height = '{$ad_height}'", $id)) {
clear_cache_files();
// 清除模版缓存
admin_log($ad_height, 'edit', 'ads_position');
make_json_result(stripslashes($ad_height));
} else {
make_json_error($db->error());
}
} elseif ($_REQUEST['act'] == 'remove') {
check_authz_json('ad_manage');
$id = intval($_GET['id']);
/* 查询广告位下是否有广告存在 */
$sql = "SELECT COUNT(*) FROM " . $GLOBALS['ecs']->table('ad') . " WHERE position_id = '{$id}'";
if ($db->getOne($sql) > 0) {
make_json_error($_LANG['not_del_adposit']);
} else {
$exc->drop($id);
admin_log('', 'remove', 'ads_position');
}
$url = 'ad_position.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
}
/* 获取广告位置列表 */
function ad_position_list()
{
$filter = array();
/* 记录总数以及页数 */
$sql = 'SELECT COUNT(*) FROM ' . $GLOBALS['ecs']->table('ad_position');
$filter['record_count'] = $GLOBALS['db']->getOne($sql);
