public function delmember() { $user_id = $this->_get['id']; if (ADMINUSERID != 1) { make_json_error('对不起,您无权删除其他管理员'); } if ($user_id == ADMINUSERID) { make_json_error('您不能删除自己'); } if ($user_id) { mod_member::member_delete($user_id); $list = mod_member::member_list($start, $level, 20); pm_tpl::assign('admin_list', $list['data']); make_json_result(pm_tpl::fetch('member_list')); } else { make_json_error('删除失败'); } }
$_POST['level_point'] > $maxpoint && ($_POST['level_point'] = $maxpoint); $_POST['level_money'] > $maxmoney && ($_POST['level_money'] = $maxmoney); if (!empty($_POST['level_point']) && strpos($_POST['level_point'], '%') === false) { $_POST['level_point'] .= '%'; } if (!empty($_POST['level_money']) && strpos($_POST['level_money'], '%') === false) { $_POST['level_money'] .= '%'; } $items = array('level_point' => $_POST['level_point'], 'level_money' => $_POST['level_money']); $links[] = array('text' => $_LANG['affiliate'], 'href' => 'affiliate.php?act=list'); $config['item'][] = $items; $config['on'] = 1; $config['config']['separate_by'] = 0; put_affiliate($config); } else { make_json_error($_LANG['level_error']); } ecs_header("Location: affiliate.php?act=query\n"); exit; } elseif ($_REQUEST['act'] == 'updata') { $separate_by = intval($_POST['separate_by']) == 1 ? 1 : 0; $_POST['expire'] = (double) $_POST['expire']; $_POST['level_point_all'] = (double) $_POST['level_point_all']; $_POST['level_money_all'] = (double) $_POST['level_money_all']; $_POST['level_money_all'] > 100 && ($_POST['level_money_all'] = 100); $_POST['level_point_all'] > 100 && ($_POST['level_point_all'] = 100); if (!empty($_POST['level_point_all']) && strpos($_POST['level_point_all'], '%') === false) { $_POST['level_point_all'] .= '%'; } if (!empty($_POST['level_money_all']) && strpos($_POST['level_money_all'], '%') === false) { $_POST['level_money_all'] .= '%';
} else { continue; } } } $sql = "DELETE FROM " . $ecs->table("region") . "WHERE region_id" . db_create_in($delete_region); $db->query($sql); if ($exc->drop($id)) { admin_log(addslashes($region['region_name']), 'remove', 'area'); /* 获取地区列表 */ $region_arr = area_list($region['parent_id']); $smarty->assign('region_arr', $region_arr); $smarty->assign('region_type', $region['region_type']); make_json_result($smarty->fetch('area_list.htm')); } else { make_json_error($db->error()); } } function new_region_id($region_id) { $regions_id = array(); if (empty($region_id)) { return $regions_id; } $sql = "SELECT region_id FROM " . $GLOBALS['ecs']->table("region") . "WHERE parent_id " . db_create_in($region_id); $result = $GLOBALS['db']->getAll($sql); foreach ($result as $val) { $regions_id[] = $val['region_id']; } return $regions_id; }
foreach ($arr as $key => $val) { $opt[] = array('value' => $val['goods_id'], 'text' => $val['goods_name'], 'data' => ''); } make_json_result($opt); } elseif ($_REQUEST['act'] == 'drop_link_goods') { include_once ROOT_PATH . 'includes/cls_json.php'; $json = new JSON(); check_authz_json('article_manage'); $drop_goods = $json->decode($_GET['drop_ids']); $arguments = $json->decode($_GET['JSON']); $article_id = $arguments[0]; if ($article_id == 0) { $article_id = $db->getOne('SELECT MAX(article_id)+1 AS article_id FROM ' . $ecs->table('article')); } $sql = "DELETE FROM " . $ecs->table('goods_article') . " WHERE article_id = '{$article_id}' AND goods_id " . db_create_in($drop_goods); $db->query($sql, 'SILENT') or make_json_error($db->error()); /* 重新载入 */ $arr = get_article_goods($article_id); $opt = array(); foreach ($arr as $key => $val) { $opt[] = array('value' => $val['goods_id'], 'text' => $val['goods_name'], 'data' => ''); } make_json_result($opt); } /*------------------------------------------------------ */ //-- 搜索商品 /*------------------------------------------------------ */ if ($_REQUEST['act'] == 'get_goods_list') { include_once ROOT_PATH . 'includes/cls_json.php'; $json = new JSON(); $filters = $json->decode($_GET['JSON']);
/* 更新配置 */ $_CFG['mail_service'] = intval($_POST['mail_service']); $_CFG['smtp_host'] = trim($_POST['smtp_host']); $_CFG['smtp_port'] = trim($_POST['smtp_port']); $_CFG['smtp_user'] = json_str_iconv(trim($_POST['smtp_user'])); $_CFG['smtp_pass'] = trim($_POST['smtp_pass']); $_CFG['smtp_mail'] = trim($_POST['reply_email']); $_CFG['mail_charset'] = trim($_POST['mail_charset']); if (send_mail('', $email, $_LANG['test_mail_title'], $_LANG['cfg_name']['email_content'], 0)) { make_json_result('', $_LANG['sendemail_success'] . $email); } else { make_json_error(join("\n", $err->_message)); } } /*------------------------------------------------------ */ //-- 删除上传文件 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'del') { /* 检查权限 */ check_authz_json('shop_config'); /* 取得参数 */ $code = trim($_GET['code']); $filename = $_CFG[$code];
} } else { if (!empty($_REQUEST['is_ajax'])) { make_json_error($_LANG['priv_error']); } else { ecs_header("Location: privilege.php?act=login\n"); } exit; } } $smarty->assign('token', $_CFG['token']); if ($_REQUEST['act'] != 'login' && $_REQUEST['act'] != 'signin' && $_REQUEST['act'] != 'forget_pwd' && $_REQUEST['act'] != 'reset_pwd' && $_REQUEST['act'] != 'check_order') { $admin_path = preg_replace('/:\\d+/', '', $ecs->url()) . ADMIN_PATH; if (!empty($_SERVER['HTTP_REFERER']) && strpos(preg_replace('/:\\d+/', '', $_SERVER['HTTP_REFERER']), $admin_path) === false) { if (!empty($_REQUEST['is_ajax'])) { make_json_error($_LANG['priv_error']); } else { ecs_header("Location: privilege.php?act=login\n"); } exit; } } /* 管理员登录后可在任何页面使用 act=phpinfo 显示 phpinfo() 信息 */ if ($_REQUEST['act'] == 'phpinfo' && function_exists('phpinfo')) { phpinfo(); exit; } //header('Cache-control: private'); header('content-type: text/html; charset=' . EC_CHARSET); header('Expires: Fri, 14 Mar 1980 20:53:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
$no = empty($_POST['val']) ? 'N/A' : json_str_iconv(trim($_POST['val'])); $no = $no == 'N/A' ? '' : $no; $order_id = empty($_POST['id']) ? 0 : intval($_POST['id']); if ($order_id == 0) { make_json_error('NO ORDER ID'); exit; } $sql = 'UPDATE ' . $GLOBALS['ecs']->table('order_info') . " SET pay_note='{$no}' WHERE order_id = '{$order_id}'"; if ($GLOBALS['db']->query($sql)) { if (empty($no)) { make_json_result('N/A'); } else { make_json_result(stripcslashes($no)); } } else { make_json_error($GLOBALS['db']->errorMsg()); } } elseif ($_REQUEST['act'] == 'get_goods_info') { /* 取得订单商品 */ $order_id = isset($_REQUEST['order_id']) ? intval($_REQUEST['order_id']) : 0; if (empty($order_id)) { make_json_response('', 1, $_LANG['error_get_goods_info']); } $goods_list = array(); $goods_attr = array(); $sql = "SELECT o.*, g.goods_thumb, g.goods_number AS storage, o.goods_attr, IFNULL(b.brand_name, '') AS brand_name " . "FROM " . $ecs->table('order_goods') . " AS o " . "LEFT JOIN " . $ecs->table('goods') . " AS g ON o.goods_id = g.goods_id " . "LEFT JOIN " . $ecs->table('brand') . " AS b ON g.brand_id = b.brand_id " . "WHERE o.order_id = '{$order_id}' "; $res = $db->query($sql); while ($row = $db->fetchRow($res)) { /* 虚拟商品支持 */ if ($row['is_real'] == 0) { /* 取得语言项 */
$val = intval($_POST['val']); $sql = "SELECT ext_info FROM " . $ecs->table('goods_activity') . " WHERE act_id = '{$id}' AND act_type = '" . GAT_GROUP_BUY . "'"; $ext_info = unserialize($db->getOne($sql)); $ext_info['restrict_amount'] = $val; $sql = "UPDATE " . $ecs->table('goods_activity') . " SET ext_info = '" . serialize($ext_info) . "'" . " WHERE act_id = '{$id}'"; $db->query($sql); clear_cache_files(); make_json_result($val); } elseif ($_REQUEST['act'] == 'remove') { check_authz_json('group_by'); $id = intval($_GET['id']); /* 取得团购活动信息 */ $group_buy = group_buy_info($id); /* 如果团购活动已经有订单,不能删除 */ if ($group_buy['valid_order'] > 0) { make_json_error($_LANG['error_exist_order']); } /* 删除团购活动 */ $sql = "DELETE FROM " . $ecs->table('goods_activity') . " WHERE act_id = '{$id}' LIMIT 1"; $db->query($sql); admin_log(addslashes($group_buy['goods_name']) . '[' . $id . ']', 'remove', 'group_buy'); clear_cache_files(); $url = 'group_buy.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); ecs_header("Location: {$url}\n"); exit; } /* * 取得团购活动列表 * @return array */ function group_buy_list()
} /*------------------------------------------------------ */ //-- 更新库项目内容 /*------------------------------------------------------ */ if ($_REQUEST['act'] == 'update_library') { check_authz_json('library_manage'); $html = stripslashes(json_str_iconv($_POST['html'])); $lib_file = '../themes/' . $_CFG['template'] . '/library/' . $_POST['lib'] . '.lbi'; $lib_file = str_replace("0xa", '', $lib_file); // 过滤 0xa 非法字符 $org_html = str_replace("", '', file_get_contents($lib_file)); if (@file_exists($lib_file) === true && @file_put_contents($lib_file, $html)) { @file_put_contents('../temp/backup/library/' . $_CFG['template'] . '-' . $_POST['lib'] . '.lbi', $org_html); make_json_result('', $_LANG['update_lib_success']); } else { make_json_error(sprintf($_LANG['update_lib_failed'], 'themes/' . $_CFG['template'] . '/library')); } } /*------------------------------------------------------ */ //-- 还原库项目 /*------------------------------------------------------ */ if ($_REQUEST['act'] == 'restore_library') { admin_priv('backup_setting'); $lib_name = trim($_GET['lib']); $lib_file = '../themes/' . $_CFG['template'] . '/library/' . $lib_name . '.lbi'; $lib_file = str_replace("0xa", '', $lib_file); // 过滤 0xa 非法字符 $lib_backup = '../temp/backup/library/' . $_CFG['template'] . '-' . $lib_name . '.lbi'; $lib_backup = str_replace("0xa", '', $lib_backup); // 过滤 0xa 非法字符 if (file_exists($lib_backup) && filemtime($lib_backup) >= filemtime($lib_file)) {
$packages = get_packagelist(); $smarty->assign('package_list', $packages['packages']); $smarty->assign('filter', $packages['filter']); $smarty->assign('record_count', $packages['record_count']); $smarty->assign('page_count', $packages['page_count']); $sort_flag = sort_flag($packages['filter']); $smarty->assign($sort_flag['tag'], $sort_flag['img']); make_json_result($smarty->fetch('package_list.htm'), '', array('filter' => $packages['filter'], 'page_count' => $packages['page_count'])); } elseif ($_REQUEST['act'] == 'edit_package_name') { check_authz_json('package_manage'); $id = intval($_POST['id']); $val = json_str_iconv(trim($_POST['val'])); /* 检查活动重名 */ $sql = "SELECT COUNT(*) " . " FROM " . $hhs->table('goods_activity') . " WHERE act_type='" . GAT_PACKAGE . "' AND act_name='{$val}' AND act_id <> '{$id}'"; if ($db->getOne($sql)) { make_json_error(sprintf($_LANG['package_exist'], $val)); } $exc->edit("act_name='{$val}'", $id); make_json_result(stripslashes($val)); } elseif ($_REQUEST['act'] == 'search_goods') { include_once ROOT_PATH . 'includes/cls_json.php'; $json = new JSON(); $filters = $json->decode($_GET['JSON']); $arr = get_goods_list($filters); $opt = array(); foreach ($arr as $key => $val) { $opt[$key] = array('value' => $val['goods_id'], 'text' => $val['goods_name'], 'data' => $val['shop_price']); $opt[$key]['products'] = get_good_products($val['goods_id']); } make_json_result($opt); } elseif ($_REQUEST['act'] == 'add_package_goods') {
$snatchs = get_snatchlist(); $smarty->assign('snatch_list', $snatchs['snatchs']); $smarty->assign('filter', $snatchs['filter']); $smarty->assign('record_count', $snatchs['record_count']); $smarty->assign('page_count', $snatchs['page_count']); $sort_flag = sort_flag($snatchs['filter']); $smarty->assign($sort_flag['tag'], $sort_flag['img']); make_json_result($smarty->fetch('snatch_list.htm'), '', array('filter' => $snatchs['filter'], 'page_count' => $snatchs['page_count'])); } elseif ($_REQUEST['act'] == 'edit_snatch_name') { check_authz_json('snatch_manage'); $id = intval($_POST['id']); $val = json_str_iconv(trim($_POST['val'])); /* 检查活动重名 */ $sql = "SELECT COUNT(*) " . " FROM " . $ecs->table('goods_activity') . " WHERE act_type='" . GAT_SNATCH . "' AND act_name='{$val}' AND act_id <> '{$id}'"; if ($db->getOne($sql)) { make_json_error(sprintf($_LANG['snatch_name_exist'], $val)); } $exc->edit("act_name='{$val}'", $id); make_json_result(stripslashes($val)); } elseif ($_REQUEST['act'] == 'remove') { check_authz_json('attr_manage'); $id = intval($_GET['id']); $exc->drop($id); $url = 'snatch.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); ecs_header("Location: {$url}\n"); exit; } elseif ($_REQUEST['act'] == 'edit') { /* 权限判断 */ admin_priv('snatch_manage'); $snatch = get_snatch_info($_REQUEST['id']); $snatch['option'] = '<option value="' . $snatch['goods_id'] . '">' . $snatch['goods_name'] . '</option>';
} ecs_header("Location: shophelp.php?act=list_cat\n"); exit; } elseif ($_REQUEST['act'] == 'edit_title') { check_authz_json('shophelp_manage'); $id = intval($_POST['id']); $title = json_str_iconv(trim($_POST['val'])); /* 检查文章标题是否有重名 */ if ($exc_article->num('title', $title, $id) == 0) { if ($exc_article->edit("title = '{$title}'", $id)) { clear_cache_files(); admin_log($title, 'edit', 'shophelp'); make_json_result(stripslashes($title)); } } else { make_json_error(sprintf($_LANG['articlename_exist'], $title)); } } /* 获得网店帮助文章分类 */ function get_shophelp_list() { $list = array(); $sql = 'SELECT cat_id, cat_name, sort_order' . ' FROM ' . $GLOBALS['ecs']->table('article_cat') . ' WHERE cat_type = 0 ORDER BY sort_order'; $res = $GLOBALS['db']->query($sql); while ($rows = $GLOBALS['db']->fetchRow($res)) { $sql = 'SELECT COUNT(*) FROM ' . $GLOBALS['ecs']->table('article') . " WHERE cat_id = '{$rows['cat_id']}'"; $rows['num'] = $GLOBALS['db']->getOne($sql); $list[] = $rows; } return $list; }
exit; } elseif ($_REQUEST['act'] == 'edit_name') { check_authz_json('supplier_rank'); $id = intval($_REQUEST['id']); $val = empty($_REQUEST['val']) ? '' : json_str_iconv(trim($_REQUEST['val'])); if ($exc->is_only('rank_name', $val, $id)) { if ($exc->edit("rank_name = '{$val}'", $id)) { /* 管理员日志 */ clear_cache_files(); make_json_result(stripcslashes($val)); } else { make_json_error($db->error()); } } else { make_json_error(sprintf($_LANG['rank_name_exists'], htmlspecialchars($val))); } } elseif ($_REQUEST['act'] == 'edit_sort') { check_authz_json('supplier_rank'); $rank_id = empty($_REQUEST['id']) ? 0 : intval($_REQUEST['id']); $val = empty($_REQUEST['val']) ? 0 : intval($_REQUEST['val']); if ($val < 0 || $val > 255) { make_json_error($_LANG['js_languages']['sort_order_invalid']); } if ($exc->edit("sort_order = '{$val}'", $rank_id)) { $rank_name = $exc->get_name($rank_id); clear_cache_files(); make_json_result($val); } else { make_json_error($val); } }
} elseif ($_REQUEST['act'] == 'remove') { check_authz_json('admin_drop'); $id = intval($_GET['id']); /* 获得管理员用户名 */ $admin_name = $db->getOne('SELECT user_name FROM ' . $ecs->table('admin_user') . " WHERE user_id='{$id}'"); /* demo这个管理员不允许删除 */ if ($admin_name == 'demo') { make_json_error($_LANG['edit_remove_cannot']); } /* ID为1的不允许删除 */ if ($id == 1) { make_json_error($_LANG['remove_cannot']); } /* 管理员不能删除自己 */ if ($id == $_SESSION['admin_id']) { make_json_error($_LANG['remove_self_cannot']); } if ($exc->drop($id)) { $sess->delete_spec_admin_session($id); // 删除session中该管理员的记录 admin_log(addslashes($admin_name), 'remove', 'privilege'); clear_cache_files(); } $url = 'privilege.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); ecs_header("Location: {$url}\n"); exit; } /* 获取管理员列表 */ function get_admin_userlist() { $list = array();
$smarty->display('wholesale_list.htm'); } elseif ($_REQUEST['act'] == 'query') { $list = wholesale_list(); $smarty->assign('wholesale_list', $list['item']); $smarty->assign('filter', $list['filter']); $smarty->assign('record_count', $list['record_count']); $smarty->assign('page_count', $list['page_count']); $sort_flag = sort_flag($list['filter']); $smarty->assign($sort_flag['tag'], $sort_flag['img']); make_json_result($smarty->fetch('wholesale_list.htm'), '', array('filter' => $list['filter'], 'page_count' => $list['page_count'])); } elseif ($_REQUEST['act'] == 'remove') { check_authz_json('whole_sale'); $id = intval($_GET['id']); $wholesale = wholesale_info($id); if (empty($wholesale)) { make_json_error($_LANG['wholesale_not_exist']); } $name = $wholesale['goods_name']; /* 删除记录 */ $sql = "DELETE FROM " . $ecs->table('wholesale') . " WHERE act_id = '{$id}' LIMIT 1"; $db->query($sql); /* 记日志 */ admin_log($name, 'remove', 'wholesale'); /* 清除缓存 */ clear_cache_files(); $url = 'wholesale.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); ecs_header("Location: {$url}\n"); exit; } elseif ($_REQUEST['act'] == 'batch') { /* 取得要操作的记录编号 */ if (empty($_POST['checkboxes'])) {
$sql = "INSERT INTO " . $ecs->table('brand') . "(brand_name)" . "VALUES ( '{$brand}')"; $db->query($sql); $brand_id = $db->insert_id(); $arr = array("id" => $brand_id, "brand" => $brand); make_json_result($arr); } } elseif ($_REQUEST['act'] == 'edit_sort_order') { check_authz_json('brand_manage'); $id = intval($_POST['id']); $order = intval($_POST['val']); $name = $exc->get_name($id); if ($exc->edit("sort_order = '{$order}'", $id)) { admin_log(addslashes($name), 'edit', 'brand'); make_json_result($order); } else { make_json_error(sprintf($_LANG['brandedit_fail'], $name)); } } elseif ($_REQUEST['act'] == 'toggle_show') { check_authz_json('brand_manage'); $id = intval($_POST['id']); $val = intval($_POST['val']); $exc->edit("is_show='{$val}'", $id); make_json_result($val); } elseif ($_REQUEST['act'] == 'remove') { check_authz_json('brand_manage'); $id = intval($_GET['id']); /* 删除该品牌的图标 */ $sql = "SELECT brand_logo FROM " . $ecs->table('brand') . " WHERE brand_id = '{$id}'"; $logo_name = $db->getOne($sql); if (!empty($logo_name)) { @unlink(ROOT_PATH . DATA_DIR . '/brandlogo/' . $logo_name);
//记录日志 admin_log('', 'update', 'goods'); } //记录日志 admin_log('', 'trash', 'products'); $url = 'goods.php?act=product_query&' . str_replace('act=product_remove', '', $_SERVER['QUERY_STRING']); ecs_header("Location: {$url}\n"); exit; } } elseif ($_REQUEST['act'] == 'edit_product_sn') { check_authz_json('goods_manage'); $product_id = intval($_POST['id']); $product_sn = json_str_iconv(trim($_POST['val'])); $product_sn = $_LANG['n_a'] == $product_sn ? '' : $product_sn; if (check_product_sn_exist($product_sn, $product_id)) { make_json_error($_LANG['sys']['wrong'] . $_LANG['exist_same_product_sn']); } /* 修改 */ $sql = "UPDATE " . $ecs->table('products') . " SET product_sn = '{$product_sn}' WHERE product_id = '{$product_id}'"; $result = $db->query($sql); if ($result) { clear_cache_files(); make_json_result($product_sn); } } elseif ($_REQUEST['act'] == 'edit_product_number') { check_authz_json('goods_manage'); $product_id = intval($_POST['id']); $product_number = intval($_POST['val']); /* 货品库存 */ $product = get_product_info($product_id, 'product_number, goods_id'); /* 修改货品库存 */
clear_cache_files(); $link[] = array('text' => $_LANG['back_list'], 'href' => 'attribute.php?act=list'); sys_msg(sprintf($_LANG['drop_ok'], $count), 0, $link); } else { $link[] = array('text' => $_LANG['back_list'], 'href' => 'attribute.php?act=list'); sys_msg($_LANG['no_select_arrt'], 0, $link); } } elseif ($_REQUEST['act'] == 'edit_attr_name') { check_authz_json('attr_manage'); $id = intval($_POST['id']); $val = json_str_iconv(trim($_POST['val'])); /* 取得该属性所属商品类型id */ $cat_id = $exc->get_name($id, 'cat_id'); /* 检查属性名称是否重复 */ if (!$exc->is_only('attr_name', $val, $id, " cat_id = '{$cat_id}'")) { make_json_error($_LANG['name_exist']); } $exc->edit("attr_name='{$val}'", $id); admin_log($val, 'edit', 'attribute'); make_json_result(stripslashes($val)); } elseif ($_REQUEST['act'] == 'edit_sort_order') { check_authz_json('attr_manage'); $id = intval($_POST['id']); $val = intval($_POST['val']); $exc->edit("sort_order='{$val}'", $id); admin_log(addslashes($exc->get_name($id)), 'edit', 'attribute'); make_json_result(stripslashes($val)); } elseif ($_REQUEST['act'] == 'remove') { check_authz_json('attr_manage'); $id = intval($_GET['id']); $db->query("DELETE FROM " . $ecs->table('attribute') . " WHERE attr_id='{$id}'");
} } elseif ($_REQUEST['act'] == 'edit_order') { $id = intval($_REQUEST['id']); $val = isset($_REQUEST['val']) ? json_str_iconv(trim($_REQUEST['val'])) : ''; check_authz_json('reg_fields'); if (is_numeric($val)) { if ($exc->edit("dis_order = '{$val}'", $id)) { /* 管理员日志 */ admin_log($val, 'edit', 'reg_fields'); clear_cache_files(); make_json_result(stripcslashes($val)); } else { make_json_error($db->error()); } } else { make_json_error($_LANG['order_not_num']); } } elseif ($_REQUEST['act'] == 'toggle_dis') { check_authz_json('reg_fields'); $id = intval($_POST['id']); $is_dis = intval($_POST['val']); if ($exc->edit("display = '{$is_dis}'", $id)) { clear_cache_files(); make_json_result($is_dis); } } elseif ($_REQUEST['act'] == 'toggle_need') { check_authz_json('reg_fields'); $id = intval($_POST['id']); $is_need = intval($_POST['val']); if ($exc->edit("is_need = '{$is_need}'", $id)) { clear_cache_files();
check_authz_json('users_manage'); $id = empty($_REQUEST['id']) ? 0 : intval($_REQUEST['id']); $email = empty($_REQUEST['val']) ? '' : json_str_iconv(trim($_REQUEST['val'])); $users =& init_users(); $sql = "SELECT user_name FROM " . $ecs->table('users') . " WHERE user_id = '{$id}'"; $username = $db->getOne($sql); if (is_email($email)) { if ($users->edit_user(array('username' => $username, 'email' => $email))) { admin_log(addslashes($username), 'edit', 'users'); make_json_result(stripcslashes($email)); } else { $msg = $users->error == ERR_EMAIL_EXISTS ? $GLOBALS['_LANG']['email_exists'] : $GLOBALS['_LANG']['edit_user_failed']; make_json_error($msg); } } else { make_json_error($GLOBALS['_LANG']['invalid_email']); } } elseif ($_REQUEST['act'] == 'remove') { /* 检查权限 */ admin_priv('users_drop'); $sql = "SELECT user_name FROM " . $ecs->table('users') . " WHERE user_id = '" . $_GET['id'] . "'"; $username = $db->getOne($sql); /* 通过插件来删除用户 */ $users =& init_users(); $users->remove_user($username); //已经删除用户所有数据 /* 记录管理员操作 */ admin_log(addslashes($username), 'remove', 'users'); /* 提示信息 */ $link[] = array('text' => $_LANG['go_back'], 'href' => 'users.php?act=list'); sys_msg(sprintf($_LANG['remove_success'], $username), 0, $link);
$db_write->query("update order_delivery set status=1 WHERE order_id = '{$order}'"); } $url = 'shipping_delivery.php?act=query&' . str_replace('act=delete', '', $_SERVER['QUERY_STRING']); los_header("Location: {$url}\n"); exit; } elseif ($_REQUEST['act'] == 'check_eg') { //admin_priv('26'); $order = intval($_REQUEST['id']); $sql = "UPDATE order_delivery SET status =2,admind = '" . $_SESSION['admin_id'] . "',out_time = '" . time() . "' WHERE order_id = '{$order}'"; $res = $db_write->query($sql); if ($res) { $url = 'shipping_delivery.php?act=query&' . str_replace('act=check_eg', '', $_SERVER['QUERY_STRING']); los_header("Location: {$url}\n"); exit; } else { make_json_error('审核出错!请检查!'); } } elseif ($_REQUEST['act'] == 'employee') { require ROOT_PATH . 'includes/cls_json.php'; $stn = intval($_GET['stn']); $sql = "select id as employee_id,name as employee_name from hr_employees where station_id = '" . $stn . "' and flag=1"; $arr = $db_read->getAll($sql); $json = new JSON(); echo $json->encode($arr); } function order_list() { $filter['sdate'] = empty($_REQUEST['sdate']) ? '' : trim($_REQUEST['sdate']); $filter['order_sn'] = empty($_REQUEST['order_sn']) ? '' : trim($_REQUEST['order_sn']); $filter['turn'] = empty($_REQUEST['turn']) ? 0 : intval($_REQUEST['turn']); $filter['station'] = empty($_REQUEST['station']) ? '' : intval($_REQUEST['station']);
/* 更新管理员的权限 */ $act_list = @join(",", $_POST['action_code']); $sql = "UPDATE " . $ecs->table('role') . " SET action_list = '{$act_list}', role_name = '" . $_POST['user_name'] . "', role_describe = '" . $_POST['role_describe'] . " ' " . "WHERE role_id = '{$_POST['id']}'"; $db->query($sql); $user_sql = "UPDATE " . $ecs->table('admin_user') . " SET action_list = '{$act_list}' " . "WHERE role_id = '{$_POST['id']}'"; $db->query($user_sql); /* 提示信息 */ $link[] = array('text' => $_LANG['back_admin_list'], 'href' => 'role.php?act=list'); sys_msg($_LANG['edit'] . " " . $_POST['user_name'] . " " . $_LANG['action_succeed'], 0, $link); } elseif ($_REQUEST['act'] == 'remove') { check_authz_json('admin_drop'); $id = intval($_GET['id']); $num_sql = "SELECT count(*) FROM " . $ecs->table('admin_user') . " WHERE role_id = '{$_GET['id']}'"; $remove_num = $db->getOne($num_sql); if ($remove_num > 0) { make_json_error($_LANG['remove_cannot_user']); } else { $exc->drop($id); $url = 'role.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); } ecs_header("Location: {$url}\n"); exit; } /* 获取角色列表 */ function get_role_list() { $list = array(); $sql = 'SELECT role_id, role_name, action_list, role_describe ' . 'FROM ' . $GLOBALS['ecs']->table('role') . ' ORDER BY role_id DESC'; $list = $GLOBALS['db']->getAll($sql); return $list; }
$smarty->assign('auction_list', $list['item']); $smarty->assign('filter', $list['filter']); $smarty->assign('record_count', $list['record_count']); $smarty->assign('page_count', $list['page_count']); $sort_flag = sort_flag($list['filter']); $smarty->assign($sort_flag['tag'], $sort_flag['img']); make_json_result($smarty->fetch('auction_list.htm'), '', array('filter' => $list['filter'], 'page_count' => $list['page_count'])); } elseif ($_REQUEST['act'] == 'remove') { check_authz_json('auction'); $id = intval($_GET['id']); $auction = auction_info($id); if (empty($auction)) { make_json_error($_LANG['auction_not_exist']); } if ($auction['bid_user_count'] > 0) { make_json_error($_LANG['auction_cannot_remove']); } $name = $auction['act_name']; $exc->drop($id); /* 记日志 */ admin_log($name, 'remove', 'auction'); /* 清除缓存 */ clear_cache_files(); $url = 'auction.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); ecs_header("Location: {$url}\n"); exit; } elseif ($_REQUEST['act'] == 'batch') { /* 取得要操作的记录编号 */ if (empty($_POST['checkboxes'])) { sys_msg($_LANG['no_record_selected']); } else {
} elseif ($_REQUEST['act'] == 'drop_goods') { // 检查权限 check_authz_json('remove_back'); // 取得参数 $goods_id = intval($_REQUEST['id']); if ($goods_id <= 0) { make_json_error('invalid params'); } /* 取得商品信息 */ $sql = 'SELECT goods_id, goods_name, is_delete, is_real, goods_thumb, ' . 'goods_img, original_img ' . 'FROM ' . $ecs->table('goods') . " WHERE goods_id = '{$goods_id}'"; $goods = $db->getRow($sql); if (empty($goods)) { make_json_error($_LANG['goods_not_exist']); } if ($goods['is_delete'] != 1) { make_json_error($_LANG['goods_not_in_recycle_bin']); } /* 删除商品图片和轮播图片 */ if (!empty($goods['goods_thumb'])) { @unlink('../' . $goods['goods_thumb']); } if (!empty($goods['goods_img'])) { @unlink('../' . $goods['goods_img']); } if (!empty($goods['original_img'])) { @unlink('../' . $goods['original_img']); } /* 删除商品 */ $exc->drop($goods_id); /* 记录日志 */ admin_log(addslashes($goods['goods_name']), 'remove', 'goods');
$img_name = basename($link_logo); @unlink(ROOT_PATH . DATA_DIR . '/afficheimg/' . $img_name); } $exc->drop($id); clear_cache_files(); admin_log('', 'remove', 'friendlink'); $url = 'friend_link.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); ecs_header("Location: {$url}\n"); exit; } elseif ($_REQUEST['act'] == 'edit_show_order') { check_authz_json('friendlink'); $id = intval($_POST['id']); $order = json_str_iconv(trim($_POST['val'])); /* 检查输入的值是否合法 */ if (!preg_match("/^[0-9]+\$/", $order)) { make_json_error(sprintf($_LANG['enter_int'], $order)); } else { if ($exc->edit("show_order = '{$order}'", $id)) { clear_cache_files(); make_json_result(stripslashes($order)); } } } /* 获取友情链接数据列表 */ function get_links_list() { $result = get_filter(); if ($result === false) { $filter = array(); $filter['sort_by'] = empty($_REQUEST['sort_by']) ? 'link_id' : trim($_REQUEST['sort_by']); $filter['sort_order'] = empty($_REQUEST['sort_order']) ? 'DESC' : trim($_REQUEST['sort_order']);
/** * 检查管理员权限,返回JSON格式数剧 * * @access public * @param string $authz * @return void */ function check_authz_json($authz) { if (!check_authz($authz)) { make_json_error($GLOBALS['_LANG']['priv_error']); } }
$result = $GLOBALS['db']->query($sql); if ($result) { /* 绠$悊鍛樻棩蹇 */ admin_log(addslashes($tag_name), 'remove', 'tag_manage'); $url = 'tag_manage.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); ecs_header("Location: {$url}\n"); exit; } else { make_json_error($db->error()); } } elseif ($_REQUEST['act'] == "edit_tag_name") { check_authz_json('tag_manage'); $name = json_str_iconv(trim($_POST['val'])); $id = intval($_POST['id']); if (!tag_is_only($name, $id)) { make_json_error(sprintf($_LANG['tagword_exist'], $name)); } else { edit_tag($name, $id); make_json_result(stripslashes($name)); } } /** * 鍒ゆ柇鍚屼竴鍟嗗搧鐨勬爣绛炬槸鍚﹀敮涓€ * * @param $name 鏍囩?鍚 * @param $id 鏍囩?id * @return bool */ function tag_is_only($name, $tag_id, $goods_id = '') { if (empty($goods_id)) {
admin_log('', 'batch_remove', 'shipping_area'); } /* 返回 */ $links[0] = array('href' => 'shipping_area.php?act=list&shipping=' . intval($_REQUEST['shipping']), 'text' => $_LANG['go_back']); sys_msg($_LANG['remove_success'], 0, $links); } elseif ($_REQUEST['act'] == 'edit_area') { /* 检查权限 */ check_authz_json('shiparea_manage'); /* 取得参数 */ $id = intval($_POST['id']); $val = json_str_iconv(trim($_POST['val'])); /* 取得该区域所属的配送id */ $shipping_id = $exc->get_name($id, 'shipping_id'); /* 检查是否有重复的配送区域名称 */ if (!$exc->is_only('shipping_area_name', $val, $id, "shipping_id = '{$shipping_id}'")) { make_json_error($_LANG['repeat_area_name']); } /* 更新名称 */ $exc->edit("shipping_area_name = '{$val}'", $id); /* 记录日志 */ admin_log($val, 'edit', 'shipping_area'); /* 返回 */ make_json_result(stripcslashes($val)); } elseif ($_REQUEST['act'] == 'remove_area') { check_authz_json('shiparea_manage'); $id = intval($_GET['id']); $name = $exc->get_name($id); $shipping_id = $exc->get_name($id, 'shipping_id'); $exc->drop($id); $db->query('DELETE FROM ' . $ecs->table('area_region') . ' WHERE shipping_area_id=' . $id); admin_log($name, 'remove', 'shipping_area');
$cat_name = $db->getOne('SELECT cat_name FROM ' . $ecs->table('category') . " WHERE cat_id='{$cat_id}'"); /* 当前分类下是否有子分类 */ $cat_count = $db->getOne('SELECT COUNT(*) FROM ' . $ecs->table('category') . " WHERE parent_id='{$cat_id}'"); /* 当前分类下是否存在商品 */ $goods_count = $db->getOne('SELECT COUNT(*) FROM ' . $ecs->table('goods') . " WHERE cat_id='{$cat_id}'"); /* 如果不存在下级子分类和商品,则删除之 */ if ($cat_count == 0 && $goods_count == 0) { /* 删除分类 */ $sql = 'DELETE FROM ' . $ecs->table('category') . " WHERE cat_id = '{$cat_id}'"; if ($db->query($sql)) { $db->query("DELETE FROM " . $ecs->table('nav') . "WHERE ctype = 'c' AND cid = '" . $cat_id . "' AND type = 'middle'"); clear_cache_files(); admin_log($cat_name, 'remove', 'category'); } } else { make_json_error($cat_name . ' ' . $_LANG['cat_isleaf']); } $url = 'category.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); ecs_header("Location: {$url}\n"); exit; } /*------------------------------------------------------ */ //-- PRIVATE FUNCTIONS /*------------------------------------------------------ */ // ///** // * 检查分类是否已经存在 // * // * @param string $cat_name 分类名称 // * @param integer $parent_cat 上级分类 // * @param integer $exclude 排除的分类ID
} if ($exc->edit("ad_height = '{$ad_height}'", $id)) { clear_cache_files(); // 清除模版缓存 admin_log($ad_height, 'edit', 'ads_position'); make_json_result(stripslashes($ad_height)); } else { make_json_error($db->error()); } } elseif ($_REQUEST['act'] == 'remove') { check_authz_json('ad_manage'); $id = intval($_GET['id']); /* 查询广告位下是否有广告存在 */ $sql = "SELECT COUNT(*) FROM " . $GLOBALS['ecs']->table('ad') . " WHERE position_id = '{$id}'"; if ($db->getOne($sql) > 0) { make_json_error($_LANG['not_del_adposit']); } else { $exc->drop($id); admin_log('', 'remove', 'ads_position'); } $url = 'ad_position.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); ecs_header("Location: {$url}\n"); exit; } /* 获取广告位置列表 */ function ad_position_list() { $filter = array(); /* 记录总数以及页数 */ $sql = 'SELECT COUNT(*) FROM ' . $GLOBALS['ecs']->table('ad_position'); $filter['record_count'] = $GLOBALS['db']->getOne($sql);