$smarty->assign('filter', $goods_list['filter']);
$smarty->assign('record_count', $goods_list['record_count']);
$smarty->assign('page_count', $goods_list['page_count']);
$smarty->assign('list_type', $is_delete ? 'trash' : 'goods');
$smarty->assign('use_storage', empty($_CFG['use_storage']) ? 0 : 1);
/* 排序标记 */
$sort_flag = sort_flag($goods_list['filter']);
$smarty->assign($sort_flag['tag'], $sort_flag['img']);
/* 获取商品类型存在规格的类型 */
$specifications = get_goods_type_specifications();
$smarty->assign('specifications', $specifications);
make_json_result($smarty->fetch($tpl), '', array('filter' => $goods_list['filter'], 'page_count' => $goods_list['page_count']));
} elseif ($_REQUEST['act'] == 'remove') {
$goods_id = intval($_REQUEST['id']);
/*add by hg for date 2014-03-26 判断代理商是否非法操作商品*/
static_goods($_REQUEST['goods_id']);
/*end*/
/* 检查权限 */
check_authz_json('remove_back');
if ($exc->edit("is_delete = 1", $goods_id)) {
clear_cache_files();
$goods_name = $exc->get_name($goods_id);
admin_log(addslashes($goods_name), 'trash', 'goods');
// 记录日志
$url = 'goods.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
}
} elseif ($_REQUEST['act'] == 'restore_goods') {
$goods_id = intval($_REQUEST['id']);
check_authz_json('remove_back');
} else {
/* 如果参数不存在,退出 */
die('invalid parameter');
}
/* 如果订单不存在,退出 */
if (empty($order)) {
die('order does not exist');
}
/* 根据订单是否完成检查权限 */
if (order_finished($order)) {
admin_priv('order_view_finished');
} else {
admin_priv('order_view');
}
/*检测非法操作 add by hg for 2014-06-10*/
static_goods($order_id, 'order_info', 'order_id');
/* 如果管理员属于某个办事处,检查该订单是否也属于这个办事处 */
$sql = "SELECT agency_id FROM " . $ecs->table('admin_user') . " WHERE user_id = '{$_SESSION['admin_id']}'";
$agency_id = $db->getOne($sql);
if ($agency_id > 0) {
if ($order['agency_id'] != $agency_id) {
sys_msg($_LANG['priv_error']);
}
}
/* 取得上一个、下一个订单号 */
if (!empty($_COOKIE['ECSCP']['lastfilter'])) {
$filter = unserialize(urldecode($_COOKIE['ECSCP']['lastfilter']));
if (!empty($filter['composite_status'])) {
$where = '';
/*add by hg for date 2014-04-22 只显示代理商本身所属订单 begin*/
$where = agency_where();
sys_msg($_LANG['no_select_goods'], 1);
}
$count = 0;
foreach ($_POST['checkboxes'] as $key => $id) {
if ($exc->drop($id)) {
admin_log($id, 'remove', 'exchange_goods');
$count++;
}
}
$lnk[] = array('text' => $_LANG['back_list'], 'href' => 'exchange_goods.php?act=list');
sys_msg(sprintf($_LANG['batch_remove_succeed'], $count), 0, $lnk);
} elseif ($_REQUEST['act'] == 'remove') {
check_authz_json('exchange_goods');
$id = intval($_GET['id']);
/*add by hg for date 2014-03-26 判断代理商是否非法操作商品*/
static_goods($id);
/*end*/
if ($exc->drop($id)) {
admin_log($id, 'remove', 'article');
clear_cache_files();
}
$url = 'exchange_goods.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
} elseif ($_REQUEST['act'] == 'search_goods') {
include_once ROOT_PATH . 'includes/cls_json.php';
$json = new JSON();
$filters = $json->decode($_GET['JSON']);
$arr = get_goods_list($filters);
make_json_result($arr);
}
}
} elseif ($_REQUEST['act'] == 'query') {
$list = account_list();
$smarty->assign('list', $list['list']);
$smarty->assign('filter', $list['filter']);
$smarty->assign('record_count', $list['record_count']);
$smarty->assign('page_count', $list['page_count']);
$sort_flag = sort_flag($list['filter']);
$smarty->assign($sort_flag['tag'], $sort_flag['img']);
make_json_result($smarty->fetch('user_account_list.htm'), '', array('filter' => $list['filter'], 'page_count' => $list['page_count']));
} elseif ($_REQUEST['act'] == 'remove') {
/* 检查权限 */
check_authz_json('surplus_manage');
$id = @intval($_REQUEST['id']);
/* 判断代理商非法操作 by hg*/
static_goods($id, 'user_account', 'id');
$sql = "SELECT u.user_name FROM " . $ecs->table('users') . " AS u, " . $ecs->table('user_account') . " AS ua " . " WHERE u.user_id = ua.user_id AND ua.id = '{$id}' ";
$user_name = $db->getOne($sql);
$sql = "DELETE FROM " . $ecs->table('user_account') . " WHERE id = '{$id}'";
if ($db->query($sql, 'SILENT')) {
admin_log(addslashes($user_name), 'remove', 'user_surplus');
$url = 'user_account.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
} else {
make_json_error($db->error());
}
}
/*------------------------------------------------------ */
//-- 会员余额函数部分
/*------------------------------------------------------ */
$arr_res = agency_list();
$GLOBALS['smarty']->assign('agency_list', $arr_res);
/*判断代理商或管理员*/
if (if_agency()) {
$smarty->assign('if_agency', if_agency());
}
$smarty->assign('group_buy_list', $list['item']);
$smarty->assign('filter', $list['filter']);
$smarty->assign('record_count', $list['record_count']);
$smarty->assign('page_count', $list['page_count']);
$sort_flag = sort_flag($list['filter']);
$smarty->assign($sort_flag['tag'], $sort_flag['img']);
make_json_result($smarty->fetch('group_buy_list.htm'), '', array('filter' => $list['filter'], 'page_count' => $list['page_count']));
} elseif ($_REQUEST['act'] == 'add' || $_REQUEST['act'] == 'edit') {
/* 判断非法操作 */
static_goods($_REQUEST['id'], 'goods_activity', 'act_id');
/* 初始化/取得团购活动信息 */
if ($_REQUEST['act'] == 'add') {
$group_buy = array('act_id' => 0, 'start_time' => date('Y-m-d', time() + 86400), 'end_time' => date('Y-m-d', time() + 4 * 86400), 'price_ladder' => array(array('amount' => 0, 'price' => 0)));
} else {
$group_buy_id = intval($_REQUEST['id']);
if ($group_buy_id <= 0) {
die('invalid param');
}
$group_buy = group_buy_info($group_buy_id);
}
$smarty->assign('group_buy', $group_buy);
/* 模板赋值 */
$smarty->assign('ur_here', $_LANG['add_group_buy']);
$smarty->assign('action_link', list_link($_REQUEST['act'] == 'add'));
$smarty->assign('cat_list', cat_list());
$sql = "INSERT INTO " . $ecs->table('user_rank') . "( " . "rank_name, min_points, max_points, discount, special_rank, show_price,admin_agency_id,rank_start_num" . ") VALUES (" . "'{$_POST['rank_name']}', '" . intval($_POST['min_points']) . "', '" . intval($_POST['max_points']) . "', " . "'{$_POST['discount']}', '{$special_rank}', '" . intval($_POST['show_price']) . "'," . admin_agency_id() . ",{$_POST['rank_start_num']})";
$db->query($sql);
/* 管理员日志 */
admin_log(trim($_POST['rank_name']), 'add', 'user_rank');
clear_cache_files();
$lnk[] = array('text' => $_LANG['back_list'], 'href' => 'user_rank.php?act=list');
$lnk[] = array('text' => $_LANG['add_continue'], 'href' => 'user_rank.php?act=add');
sys_msg($_LANG['add_rank_success'], 0, $lnk);
} elseif ($_REQUEST['act'] == 'remove') {
check_authz_json('user_rank');
$rank_id = intval($_GET['id']);
/*add by hg for date 2014-03-27*/
if ($rank_id == 4) {
$rank_id = 0;
}
static_goods($rank_id, 'user_rank', 'rank_id');
/*end*/
if ($exc->drop($rank_id)) {
/* 更新会员表的等级字段 */
$exc_user->edit("user_rank = 0", $rank_id);
$rank_name = $exc->get_name($rank_id);
admin_log(addslashes($rank_name), 'remove', 'user_rank');
clear_cache_files();
}
$url = 'user_rank.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: {$url}\n");
exit;
} elseif ($_REQUEST['act'] == 'edit_name') {
$id = intval($_REQUEST['id']);
$val = empty($_REQUEST['val']) ? '' : json_str_iconv(trim($_REQUEST['val']));
check_authz_json('user_rank');
