public function index() { if (!admin_id()) { $this->redirect('login'); } else { $this->display(); } }
public function changeStatus() { if (!admin_id()) { $this->redirect('index'); } $Printer = M('Printer'); $pid = I('post.id', null, 'int'); $data['status'] = I('post.status'); $result = $Printer->where("id={$pid}")->save($data); if ($result) { $this->success('修改成功', '/Admin/Printer/manage'); } else { $this->error('修改失败' . $Printer->getError()); } }
/** * 管理员列表 * * @params arr $_REQUEST 全局搜索条件 * SQL自定义所需字段 order_fd, order_type, page, rows_page * @return arr $list * arr $list['data'] 分页数据 * arr $list['pager'] 分页信息( html, rows_page, pages_group, rows_total, cur_page, row_start ) * arr $list['filter'] 列表过录信息 */ function list_admin($filter = array()) { $p = $f = $list = array(); /* 过滤条件初始化*/ $f['name'] = trim($_REQUEST['name']) != '' ? trim($_REQUEST['name']) : null; //管理员姓名 $f['username'] = trim($_REQUEST['username']) != '' ? trim($_REQUEST['username']) : null; //管理员帐号 /* 过滤条件初始化(高优先) */ $f['role_lft'] = isset($filter['role_info']) ? intval($filter['role_info']['lft']) : null; $f['role_rht'] = isset($filter['role_info']) ? intval($filter['role_info']['rht']) : null; /* 排序字段初始化 */ $fields = array('name', 'username', 'rht', 'in_time'); $f['order_fd'] = in_array($_REQUEST['order_fd'], $fields) ? $_REQUEST['order_fd'] : 'admin_id'; $f['order_type'] = $_REQUEST['order_type'] == 'ASC' ? 'ASC' : 'DESC'; /* 构建总记录数SQL */ $sql = 'SELECT count(admin_id) FROM ' . tname('admin') . ' LEFT JOIN ' . tname('role') . ' USING(role_id)'; /* 构建过滤条件SQL */ $where = ' WHERE 1=1'; $where .= $f['name'] === null ? '' : ' AND ' . tname('admin') . '.name LIKE "%' . mysql_like_slash($f['name']) . '%"'; $where .= $f['username'] === null ? '' : ' AND ' . tname('admin') . '.username LIKE "%' . mysql_like_slash($f['username']) . '%"'; $where .= admin_id() == 1 ? ' AND (' . tname('admin') . '.role_id = 0' : ' AND (1<>1'; $where .= $f['role_lft'] === null ? '' : ' OR (' . tname('role') . '.lft>' . $f['role_lft']; $where .= $f['role_rht'] === null ? '' : ' AND ' . tname('role') . '.rht<' . $f['role_rht'] . '))'; /* 设置分页信息 */ $p['rows_page'] = intval($_REQUEST['rows_page']) ? intval($_REQUEST['rows_page']) : 16; $p['rows_total'] = $GLOBALS['db']->getOne($sql . $where); $p['html'] = pager($p['rows_page'], $p['rows_total']); $p['cur_page'] = pager_current($p['rows_page'], $p['rows_total']); $p['row_start'] = ($p['cur_page'] - 1) * $p['rows_page']; $f['page'] = $p['cur_page']; $f['rows_page'] = $p['rows_page']; /* 构建分页内容SQL */ $sql = ' SELECT ' . tname('admin') . '.*, ' . tname('role') . '.name AS role_name'; $sql .= ' FROM ' . tname('admin') . ' LEFT JOIN ' . tname('role') . ' USING(role_id) ' . $where; $sql .= ' ORDER BY ' . $f['order_fd'] . ' ' . $f['order_type']; $sql .= ' LIMIT ' . $p['row_start'] . ',' . $p['rows_page']; /* 列表对象赋值 */ $list['data'] = $GLOBALS['db']->getAll($sql); $list['pager'] = $p; $list['filter'] = $f; /* 返回 */ return $list; }
public function search() { if (!admin_id()) { $this->redirect('Admin/Index/login'); } $status = I('post.status', null, 'int'); switch ($status) { case 0: $condition['status'] = array('between', '1,5'); break; case 1: $condition['status'] = 1; break; case 2: $condition['status'] = 2; break; case 3: $condition['status'] = 3; break; case 4: $condition['status'] = 4; break; default: $condition['status'] = array('between', '1,5'); } $File = D('FileView'); $count = $File->where($condition)->count(); $Page = new \Think\Page($count, 10); $show = $Page->show(); $ppt_layout = C('PPT_LAYOUT'); $result = $File->where($condition)->order('file.id desc')->limit($Page->firstRow . ',' . $Page->listRows)->select(); foreach ($result as &$file) { $file['ppt_layout'] = $ppt_layout[$file['ppt_layout']]; } unset($file); $this->data = $result; $this->assign('page', $show); $this->assign('status', $status); $this->display(); }
/** * 插入管理员日志 * * @params str $info 信息 */ function admin_log($info) { $fields = array(); $fields['ip'] = $_SERVER['REMOTE_ADDR']; $fields['info'] = addslashes(stripslashes($info)); $fields['in_time'] = time(); $fields['admin_id'] = admin_id(); $fields['admin_name'] = addslashes(admin_name()); $fields['admin_username'] = addslashes(admin_username()); $GLOBALS['db']->insert(tname('admin_log'), $fields); }
/** * 允许编辑检查 - 角色越权检查 */ function allow_edit($info) { global $_LANG, $_PRIV; /* 无效的提交管理员信息 */ if (empty($info)) { sys_msg($_LANG['lawless_submit']); } /* 提交的管理员ID自身限制检查(必须不等于当前管理员ID和系统内置管理员ID) */ if ($info['admin_id'] == admin_id() || $info['admin_id'] == 1) { sys_msg($_LANG['lawless_submit']); } /* 提交的管理员为空角色时检查(只能有超级管理员能编辑) */ if (empty($info['lft'])) { if ($_PRIV['role']['role_id'] != 1) { sys_msg($_LANG['lawless_submit']); } } else { /* 当前管理员越权编辑管理员检查(当前管理员角色必须大于提交的管理员角色) */ $filter1 = array('info' => $_PRIV['role']); $filter2 = array('info' => $info); if (cmp_role($filter1, $filter2) != '>') { sys_msg($_LANG['lawless_submit']); } } }
// +---------------------------------------------------------------------- // | LengdoFrame - 系统信息模块 // +---------------------------------------------------------------------- // | Copyright (c) 2009 http://lengdo.com All rights reserved. // +---------------------------------------------------------------------- // | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 ) // +---------------------------------------------------------------------- // | Author: Yangfan Dai <*****@*****.**> // +---------------------------------------------------------------------- // $Id$ /* ------------------------------------------------------ */ // - 文件加载 /* ------------------------------------------------------ */ require '../../includes/init.php'; /* 权限检查 */ if (admin_id() != 1) { sys_msg($_LANG['lawless_act']); } /* 运行环境 */ $tpl['env']['php'] = phpversion(); $tpl['env']['mysql'] = $db->version(); $tpl['env']['kernel'] = $_LANG['sys_kernel']; /* 目录权限 */ $tpl['dir']['path_sql'] = '<span style="color:#333">' . $_CFG['URL_ADMIN_DUMPSQL'] . '</span>'; $tpl['dir']['path_dbc'] = '<span style="color:#333">' . $_CFG['URL_ADMIN_CACHESQL'] . '</span>'; $tpl['dir']['path_pfile'] = '<span style="color:#333">' . $_CFG['URL_ADMIN_PFILE'] . '</span>'; $tpl['dir']['priv_sql'] = file_privilege($_CFG['DIR_ADMIN_DUMPSQL']) >= 3 ? '<span class="yes"></span>' : '<span class="no"></span>'; $tpl['dir']['priv_dbc'] = file_privilege($_CFG['DIR_ADMIN_CACHESQL']) >= 3 ? '<span class="yes"></span>' : '<span class="no"></span>'; $tpl['dir']['priv_pfile'] = file_privilege($_CFG['DIR_ADMIN_PFILE']) >= 3 ? '<span class="yes"></span>' : '<span class="no"></span>'; /* 加载视图 */ include $_CFG['DIR_ADMIN_TPL'] . 'sysinfo.html';
/* 数据提取 */ $fields = post_myaccount(); /* 更新数据库 */ if (!empty($fields)) { /* 更新数据库 */ $db->update(tname('admin'), $fields, 'admin_id=' . admin_id()); /* 系统提示 */ make_json_ok($_LANG['ok_myaccount_upassword']); } /* 系统提示 */ make_json_ok(); } else { /* 权限检查 */ admin_privilege_valid('sysmodule.php', 'myaccount'); /* 管理员信息 */ $tpl['info'] = info_admin(array('admin_id' => admin_id())); } /* 加载视图 */ include $_CFG['DIR_ADMIN_TPL'] . 'myaccount.html'; ?> <?php /** * 取得POST过来的帐号字段 */ function post_myaccount() { global $_LANG; /* 基本字段提取 */ $fields = array(); $fields['password'] = trim($_POST['password']);
/** * 取得当前管理员权限IDS。细粒度权限,不包括角色的权限 * * @return arr */ function admin_privilege_ids() { return privilege_ids(array('admin_id' => admin_id())); }