/control/admin/admin.php
PHP | 179 lines | 156 code | 16 blank | 7 comment | 24 complexity | 8492a81727ddf807e49bf68fe79f7d32 MD5 | raw file
- <?php
-
- /*
- [UCenter] (C)2001-2009 Comsenz Inc.
- This is NOT a freeware, use is subject to license terms
-
- $Id: admin.php 845 2008-12-08 05:36:51Z zhaoxiongfei $
- */
-
- !defined('IN_UC') && exit('Access Denied');
-
- class control extends adminbase {
-
- function __construct() {
- $this->control();
- }
-
- function control() {
- parent::__construct();
- $this->load('user');
- $this->check_priv();
- if(!$this->user['isfounder'] && !$this->user['allowadminbadword']) {
- $this->message('no_permission_for_this_module');
- }
- }
-
- function onls() {
-
- //include_once UC_ROOT.'view/default/admin.lang.php';
- $status = 0;
- if(!empty($_POST['addname']) && $this->submitcheck()) {
- $addname = getgpc('addname', 'P');
- $this->view->assign('addname', $addname);
- $uid = $this->db->result_first("SELECT uid FROM ".UC_DBTABLEPRE."members WHERE username='$addname'");
- if($uid) {
- $adminuid = $this->db->result_first("SELECT uid FROM ".UC_DBTABLEPRE."admins WHERE username='$addname'");
- if($adminuid) {
- $status = -1;
- } else {
- $allowadminsetting = getgpc('allowadminsetting', 'P');
- $allowadminapp = getgpc('allowadminapp', 'P');
- $allowadminuser = getgpc('allowadminuser', 'P');
- $allowadminbadword = getgpc('allowadminbadword', 'P');
- $allowadmincredits = getgpc('allowadmincredits', 'P');
- $allowadmintag = getgpc('allowadmintag', 'P');
- $allowadminpm = getgpc('allowadminpm', 'P');
- $allowadmindomain = getgpc('allowadmindomain', 'P');
- $allowadmindb = getgpc('allowadmindb', 'P');
- $allowadminnote = getgpc('allowadminnote', 'P');
- $allowadmincache = getgpc('allowadmincache', 'P');
- $allowadminlog = getgpc('allowadminlog', 'P');
- $this->db->query("INSERT INTO ".UC_DBTABLEPRE."admins SET
- uid='$uid',
- username='$addname',
- allowadminsetting='$allowadminsetting',
- allowadminapp='$allowadminapp',
- allowadminuser='$allowadminuser',
- allowadminbadword='$allowadminbadword',
- allowadmincredits='$allowadmincredits',
- allowadmintag='$allowadmintag',
- allowadminpm='$allowadminpm',
- allowadmindomain='$allowadmindomain',
- allowadmindb='$allowadmindb',
- allowadminnote='$allowadminnote',
- allowadmincache='$allowadmincache',
- allowadminlog='$allowadminlog'");
- $insertid = $this->db->insert_id();
- if($insertid) {
- $this->writelog('admin_add', 'username='.htmlspecialchars($addname));
- $status = 1;
- } else {
- $status = -2;
- }
- }
- } else {
- $status = -3;
- }
- }
-
- if(!empty($_POST['editpwsubmit']) && $this->submitcheck()) {
- $oldpw = getgpc('oldpw', 'P');
- $newpw = getgpc('newpw', 'P');
- $newpw2 = getgpc('newpw2', 'P');
- if(UC_FOUNDERPW == md5(md5($oldpw).UC_FOUNDERSALT)) {
- $configfile = UC_ROOT.'./data/config.inc.php';
- if(!is_writable($configfile)) {
- $status = -4;
- } else {
- if($newpw != $newpw2) {
- $status = -6;
- } else {
- $config = file_get_contents($configfile);
- $salt = substr(uniqid(rand()), 0, 6);
- $md5newpw = md5(md5($newpw).$salt);
- $config = preg_replace("/define\('UC_FOUNDERSALT',\s*'.*?'\);/i", "define('UC_FOUNDERSALT', '$salt');", $config);
- $config = preg_replace("/define\('UC_FOUNDERPW',\s*'.*?'\);/i", "define('UC_FOUNDERPW', '$md5newpw');", $config);
- $fp = @fopen($configfile, 'w');
- @fwrite($fp, $config);
- @fclose($fp);
- $status = 2;
- $this->writelog('admin_pw_edit');
- }
- }
- } else {
- $status = -5;
- }
- }
-
- $this->view->assign('status', $status);
-
- if(!empty($_POST['delete'])) {
- $uids = $this->implode(getgpc('delete', 'P'));
- $this->db->query("DELETE FROM ".UC_DBTABLEPRE."admins WHERE uid IN ($uids)");
- }
-
- $page = max(1, getgpc('page'));
- $ppp = 15;
- $totalnum = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."admins");
- $start = $this->page_get_start($page, $ppp, $totalnum);
- $userlist = $this->db->fetch_all("SELECT a.*,m.* FROM ".UC_DBTABLEPRE."admins a LEFT JOIN ".UC_DBTABLEPRE."members m USING(uid) LIMIT $start, $ppp");
- $multipage = $this->page($totalnum, $ppp, $page, 'admin.php?m=admin&a=admin');
- if($userlist) {
- foreach($userlist as $key => $user) {
- $user['regdate'] = $this->date($user['regdate']);
- $userlist[$key] = $user;
- }
- }
-
- $a = getgpc('a');
- $this->view->assign('a', $a);
- $this->view->assign('multipage', $multipage);
- $this->view->assign('userlist', $userlist);
- $this->view->display('admin_admin');
-
- }
-
- function onedit() {
- $uid = getgpc('uid');
- $status = 0;
- if($this->submitcheck()) {
- $allowadminsetting = getgpc('allowadminsetting', 'P');
- $allowadminapp = getgpc('allowadminapp', 'P');
- $allowadminuser = getgpc('allowadminuser', 'P');
- $allowadminbadword = getgpc('allowadminbadword', 'P');
- $allowadmintag = getgpc('allowadmintag', 'P');
- $allowadminpm = getgpc('allowadminpm', 'P');
- $allowadmincredits = getgpc('allowadmincredits', 'P');
- $allowadmindomain = getgpc('allowadmindomain', 'P');
- $allowadmindb = getgpc('allowadmindb', 'P');
- $allowadminnote = getgpc('allowadminnote', 'P');
- $allowadmincache = getgpc('allowadmincache', 'P');
- $allowadminlog = getgpc('allowadminlog', 'P');
- $this->db->query("UPDATE ".UC_DBTABLEPRE."admins SET
- allowadminsetting='$allowadminsetting',
- allowadminapp='$allowadminapp',
- allowadminuser='$allowadminuser',
- allowadminbadword='$allowadminbadword',
- allowadmincredits='$allowadmincredits',
- allowadmintag='$allowadmintag',
- allowadminpm='$allowadminpm',
- allowadmindomain='$allowadmindomain',
- allowadmindb='$allowadmindb',
- allowadminnote='$allowadminnote',
- allowadmincache='$allowadmincache',
- allowadminlog='$allowadminlog'
- WHERE uid='$uid'");
- $status = $this->db->errno() ? -1 : 1;
- $this->writelog('admin_priv_edit', 'username='.htmlspecialchars($admin));
- }
- $admin = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."admins WHERE uid='$uid'");
- $this->view->assign('uid', $uid);
- $this->view->assign('admin', $admin);
- $this->view->assign('status', $status);
- $this->view->display('admin_admin');
- }
-
- }
-
- ?>