function check_allowed_category($category_id, $text = false)
{
if (END_MODULE != 'admin') {
return true;
}
if ($_SESSION['login_user']['limit_category_id'] && !$_SESSION['login_user']['rights']['categroy_' . $category_id]) {
if ($text) {
echo LANG_NOT_ALLOWED;
die;
} else {
end_exit(LANG_NOT_ALLOWED);
}
} else {
return true;
}
}
<?php
!defined('END_MODULE') && die('Access Denied');
$module = $_GET['module'];
$m = $_GET['m'];
$back_url = $_REQUEST['backurl'] ? $_REQUEST['backurl'] : 'admin.php';
if ($m == 'login') {
$admin = model('admin');
$data = filter_array($_POST, 'name!,end_encode:password!');
if ($data) {
$u = $admin->check_password($data['name'], $data['password']);
if ($u['admin_id']) {
$_SESSION['login_user'] = $u;
header('Location:' . $back_url);
//end_exit(lang('LOGIN_SUCCESS'),$back_url,1);
} else {
$err_msg = lang('LOGIG_ERROR');
}
}
} else {
if ($m == 'logout') {
unset($_SESSION['login_user']);
end_exit(lang('LOGOUT_SUCCESS'), $back_url, 1);
}
}
$view_data['backurl'] = $back_url;
$view_data['err_msg'] = $err_msg;
**********************************/
END_MODULE != 'admin' && die('Access Denied');
$admin_id = intval($_GET['admin_id']);
$m = $_GET['m'];
$action = $_GET['action'];
$admin = model('admin');
$rights = model('rights');
$rights_id = isset($_GET['rights_id']) ? intval($_GET['rights_id']) : false;
if ($m == 'new_admin') {
check_allowed('admin', 'add');
$data = filter_array($_POST, 'name!,end_encode:password!,email');
if ($admin->exists(array('name' => $data['name']))) {
end_exit(lang("ADMIN_EXISTS"), 'admin.php?p=admin', 1);
} else {
if ($admin->add($data)) {
end_exit(lang('ADMIN_NEW_SUCCESS'), 'admin.php?p=admin', 1);
} else {
$err_msg = lang('ADMIN_NEW_ERROR');
$action = 'new_admin';
}
}
} else {
define('END_LOG_INFO', LANG_TITLE);
define('END_LOG_URL', 'admin.php?p=admin');
}
$view_data['page_description'] = lang('ADMIN_INDEX');
$view_data['err_msg'] = $err_msg;
$view_data['admin_id'] = $admin_id;
$view_data['rights'] = $rights->get_list();
$cond = array();
if ($rights_id !== false) {
<?php
/**********************************
* EndCMS
* www.endcms.com
* ©2008-now
* under Creative Commons License
**********************************/
END_MODULE != 'admin' && die('Access Denied');
$m = $_GET['m'];
$_config = model('config');
$config_id = intval($_GET['config_id']);
if ($m == "new_config") {
check_allowed('config', 'add');
$data = filter_array($_POST, 'name!,description!,type!');
if ($data) {
if ($_config->add($data)) {
end_exit(lang('CONFIG_NEW_SUCCESS'), 'admin.php?p=config', 1);
} else {
$action = 'new_category';
$err_msg = lang('CONFIG_NEW_ERROR');
}
} else {
$action = 'new_config';
$err_msg = lang('CONFIG_FILL_ALL');
$view_data['thisconfig'] = $_POST;
}
}
$view_data['err_msg'] = $err_msg;
$view_data['items'] = $_config->get_list();
$view_data['page_description'] = lang('TITLE');
$module = $_GET['module'];
$extension = $_GET['extension'];
if ($module) {
get_extensions('end_' . $module);
$view_data['page_name'] = $end_module[$module]['name'];
} else {
get_extensions();
$view_data['page_name'] = lang('all_extension');
}
if ($action == 'edit') {
if ($_GET['delete']) {
if ($ext = $end_extension[$_GET['delete']]) {
if (end_rmdir(END_ROOT . $ext['path'])) {
end_exit(lang('delete_success'), 'admin.php?p=extension&action=edit', 1);
} else {
end_exit(lang('delete_failed'), 'admin.php?p=extension&action=edit', 3);
}
}
}
} else {
if ($action == 'running') {
if ($hid = intval($_GET['pause'])) {
if (model('hook')->update($hid, array('status' => 'pause'))) {
$view_data['info'] = lang('Success');
} else {
$view_data['info'] = lang('Failed');
}
}
if ($hid = intval($_GET['resume'])) {
if (model('hook')->update($hid, array('status' => 'running'))) {
$view_data['info'] = lang('Success');
//数据合法,写入数据库
if ($item_id) {
$re = $item->update($item_id, $data);
} else {
$re = $item->add($data);
if ($re && intval($re)) {
$item_id = intval($re);
}
}
if ($re) {
//写入数据库后
if ($_fields['__after_db']) {
$_fields['__after_db']($item->get_one($item_id));
}
$return_to = $_POST['return_to'] ? $_POST['return_to'] : 'admin.php?p=item&category_id=' . $category_id;
end_exit(lang('ITEM_SAVE_SUCCESS'), $return_to, 1);
} else {
$action = 'edit_item';
$err_msg = lang('ITEM_UNKNOWN_ERROR');
}
} else {
$action = 'edit_item';
//生成错误提示信息
$err_msg = array();
foreach ($errors as $key => $err) {
$err_msg[] = $_fields[$key]['name'] . ' ' . $err;
}
$err_msg = join('<br />', $err_msg);
}
}
///////////////////////////////以下为显示控制部分////////////////////////////////
}
if ($action == 'ajax_get') {
if (!$category_id) {
$category_id = 0;
}
$data['tree'] = model('category')->get_list(array('parent_id' => $category_id));
$data['depth'] = $_GET['depth'] * 1;
$tmp = template('category_list_item.html');
$tmp->assign($data);
$tmp->display();
die;
} elseif ($action == "edit_category") {
$_SESSION['backurl'] = $_GET['backurl'] ? $_GET['backurl'] : $_SERVER['HTTP_REFERER'];
if ($action == "edit_category") {
if (!$category_id) {
end_exit("need category_id!", 'javascript:history.go(-1)', 5);
}
$_category = $category->get_one($category_id);
}
$edit_view = 'category_edit.html';
$temp = template($edit_view);
if (count($_POST) > 0) {
$__category = $_POST;
} else {
$__category = $_category;
}
$temp->assign(array('content' => $__category, 'err_msg' => $err_msg, 'fields' => $end_models[$_category['status']]['category_fields'], 'category_id' => $category_id, 'login_user' => $_SESSION['login_user'], 'category_tree' => print_category_tree($category->tree_category(0), $_category['parent_id'], $category_id)));
$view_data['page_description'] = lang('EDIT_CATEGORY');
$view_data['page_content'] = $temp->result();
}
$view_data['this_category'] = $category->get_one($category_id);
if ($data && $rights->add($data)) {
end_exit(lang('rights_add_success'), 'admin.php?p=rights');
} else {
end_exit(lang('rights_add_failed'), 'admin.php?p=rights');
}
} elseif ($m == 'config' && $rights_id) {
check_allowed('rights', 'update');
$r = array();
foreach ($_POST as $key => $val) {
if (strtolower($val) == 'on') {
$r[] = $key;
}
}
$data['rights'] = join(',', $r);
if ($rights->update($rights_id, $data)) {
end_exit(lang('rights_updated'), 'admin.php?p=rights');
}
} else {
define('END_LOG_INFO', LANG_TITLE);
define('END_LOG_URL', 'admin.php?p=rights');
}
if ($rights_id) {
$_SESSION['login_user']['rights']['limit_category_id'] = false;
$view_data['rights'] = $end_rights;
$arr = $rights->get_one($rights_id);
$view_data['this_group'] = $arr;
$category->flat_tree($category->tree_category(0), $view_data['categories']);
$r = explode(',', $arr['rights']);
foreach ($r as $val) {
$view_data['this_rights'][$val] = true;
}
