function check_allowed_category($category_id, $text = false) { if (END_MODULE != 'admin') { return true; } if ($_SESSION['login_user']['limit_category_id'] && !$_SESSION['login_user']['rights']['categroy_' . $category_id]) { if ($text) { echo LANG_NOT_ALLOWED; die; } else { end_exit(LANG_NOT_ALLOWED); } } else { return true; } }
<?php !defined('END_MODULE') && die('Access Denied'); $module = $_GET['module']; $m = $_GET['m']; $back_url = $_REQUEST['backurl'] ? $_REQUEST['backurl'] : 'admin.php'; if ($m == 'login') { $admin = model('admin'); $data = filter_array($_POST, 'name!,end_encode:password!'); if ($data) { $u = $admin->check_password($data['name'], $data['password']); if ($u['admin_id']) { $_SESSION['login_user'] = $u; header('Location:' . $back_url); //end_exit(lang('LOGIN_SUCCESS'),$back_url,1); } else { $err_msg = lang('LOGIG_ERROR'); } } } else { if ($m == 'logout') { unset($_SESSION['login_user']); end_exit(lang('LOGOUT_SUCCESS'), $back_url, 1); } } $view_data['backurl'] = $back_url; $view_data['err_msg'] = $err_msg;
**********************************/ END_MODULE != 'admin' && die('Access Denied'); $admin_id = intval($_GET['admin_id']); $m = $_GET['m']; $action = $_GET['action']; $admin = model('admin'); $rights = model('rights'); $rights_id = isset($_GET['rights_id']) ? intval($_GET['rights_id']) : false; if ($m == 'new_admin') { check_allowed('admin', 'add'); $data = filter_array($_POST, 'name!,end_encode:password!,email'); if ($admin->exists(array('name' => $data['name']))) { end_exit(lang("ADMIN_EXISTS"), 'admin.php?p=admin', 1); } else { if ($admin->add($data)) { end_exit(lang('ADMIN_NEW_SUCCESS'), 'admin.php?p=admin', 1); } else { $err_msg = lang('ADMIN_NEW_ERROR'); $action = 'new_admin'; } } } else { define('END_LOG_INFO', LANG_TITLE); define('END_LOG_URL', 'admin.php?p=admin'); } $view_data['page_description'] = lang('ADMIN_INDEX'); $view_data['err_msg'] = $err_msg; $view_data['admin_id'] = $admin_id; $view_data['rights'] = $rights->get_list(); $cond = array(); if ($rights_id !== false) {
<?php /********************************** * EndCMS * www.endcms.com * ©2008-now * under Creative Commons License **********************************/ END_MODULE != 'admin' && die('Access Denied'); $m = $_GET['m']; $_config = model('config'); $config_id = intval($_GET['config_id']); if ($m == "new_config") { check_allowed('config', 'add'); $data = filter_array($_POST, 'name!,description!,type!'); if ($data) { if ($_config->add($data)) { end_exit(lang('CONFIG_NEW_SUCCESS'), 'admin.php?p=config', 1); } else { $action = 'new_category'; $err_msg = lang('CONFIG_NEW_ERROR'); } } else { $action = 'new_config'; $err_msg = lang('CONFIG_FILL_ALL'); $view_data['thisconfig'] = $_POST; } } $view_data['err_msg'] = $err_msg; $view_data['items'] = $_config->get_list(); $view_data['page_description'] = lang('TITLE');
$module = $_GET['module']; $extension = $_GET['extension']; if ($module) { get_extensions('end_' . $module); $view_data['page_name'] = $end_module[$module]['name']; } else { get_extensions(); $view_data['page_name'] = lang('all_extension'); } if ($action == 'edit') { if ($_GET['delete']) { if ($ext = $end_extension[$_GET['delete']]) { if (end_rmdir(END_ROOT . $ext['path'])) { end_exit(lang('delete_success'), 'admin.php?p=extension&action=edit', 1); } else { end_exit(lang('delete_failed'), 'admin.php?p=extension&action=edit', 3); } } } } else { if ($action == 'running') { if ($hid = intval($_GET['pause'])) { if (model('hook')->update($hid, array('status' => 'pause'))) { $view_data['info'] = lang('Success'); } else { $view_data['info'] = lang('Failed'); } } if ($hid = intval($_GET['resume'])) { if (model('hook')->update($hid, array('status' => 'running'))) { $view_data['info'] = lang('Success');
//数据合法,写入数据库 if ($item_id) { $re = $item->update($item_id, $data); } else { $re = $item->add($data); if ($re && intval($re)) { $item_id = intval($re); } } if ($re) { //写入数据库后 if ($_fields['__after_db']) { $_fields['__after_db']($item->get_one($item_id)); } $return_to = $_POST['return_to'] ? $_POST['return_to'] : 'admin.php?p=item&category_id=' . $category_id; end_exit(lang('ITEM_SAVE_SUCCESS'), $return_to, 1); } else { $action = 'edit_item'; $err_msg = lang('ITEM_UNKNOWN_ERROR'); } } else { $action = 'edit_item'; //生成错误提示信息 $err_msg = array(); foreach ($errors as $key => $err) { $err_msg[] = $_fields[$key]['name'] . ' ' . $err; } $err_msg = join('<br />', $err_msg); } } ///////////////////////////////以下为显示控制部分////////////////////////////////
} if ($action == 'ajax_get') { if (!$category_id) { $category_id = 0; } $data['tree'] = model('category')->get_list(array('parent_id' => $category_id)); $data['depth'] = $_GET['depth'] * 1; $tmp = template('category_list_item.html'); $tmp->assign($data); $tmp->display(); die; } elseif ($action == "edit_category") { $_SESSION['backurl'] = $_GET['backurl'] ? $_GET['backurl'] : $_SERVER['HTTP_REFERER']; if ($action == "edit_category") { if (!$category_id) { end_exit("need category_id!", 'javascript:history.go(-1)', 5); } $_category = $category->get_one($category_id); } $edit_view = 'category_edit.html'; $temp = template($edit_view); if (count($_POST) > 0) { $__category = $_POST; } else { $__category = $_category; } $temp->assign(array('content' => $__category, 'err_msg' => $err_msg, 'fields' => $end_models[$_category['status']]['category_fields'], 'category_id' => $category_id, 'login_user' => $_SESSION['login_user'], 'category_tree' => print_category_tree($category->tree_category(0), $_category['parent_id'], $category_id))); $view_data['page_description'] = lang('EDIT_CATEGORY'); $view_data['page_content'] = $temp->result(); } $view_data['this_category'] = $category->get_one($category_id);
if ($data && $rights->add($data)) { end_exit(lang('rights_add_success'), 'admin.php?p=rights'); } else { end_exit(lang('rights_add_failed'), 'admin.php?p=rights'); } } elseif ($m == 'config' && $rights_id) { check_allowed('rights', 'update'); $r = array(); foreach ($_POST as $key => $val) { if (strtolower($val) == 'on') { $r[] = $key; } } $data['rights'] = join(',', $r); if ($rights->update($rights_id, $data)) { end_exit(lang('rights_updated'), 'admin.php?p=rights'); } } else { define('END_LOG_INFO', LANG_TITLE); define('END_LOG_URL', 'admin.php?p=rights'); } if ($rights_id) { $_SESSION['login_user']['rights']['limit_category_id'] = false; $view_data['rights'] = $end_rights; $arr = $rights->get_one($rights_id); $view_data['this_group'] = $arr; $category->flat_tree($category->tree_category(0), $view_data['categories']); $r = explode(',', $arr['rights']); foreach ($r as $val) { $view_data['this_rights'][$val] = true; }