'管理组', '2' => '撰写组', '3' => '注册组', '4' => '访客组', ); //添加用户 if($action == 'adduser') { $username = trim($_POST['username']); $newpassword = trim($_POST['newpassword']); $comfirpassword = trim($_POST['comfirpassword']); $email = trim($_POST['email']); $groupid = intval($_POST['groupid']); if (!$username || strlen($username) > 20) { redirect('登陆名不能为空并且不能超过20个字符'); } $name_key = array("\\",'&',' ',"'",'"','/','*',',','<','>',"\r","\t","\n",'#','$','(',')','%','@','+','?',';','^'); foreach($name_key as $value){ if (strpos($username,$value) !== false){ redirect('用户名包含敏感字符'); } } if ($newpassword == '' || strlen($newpassword) < 6) { redirect('密码不能为空并且密码长度不能小于6位'); } if ($newpassword != $comfirpassword) { redirect('请确认输入的密码一致'); } if (strpos($newpassword,"\n") !== false || strpos($password,"\r") !== false || strpos($password,"\t") !== false) { redirect('密码包含不可接受字符.'); } $email = char_cv($email); if ($email) { if (isemail($email)) { $r = $db->fetch_one_array("SELECT uid FROM {$tablepre}xna_users WHERE email='$email'"); if($r['uid']) { redirect('该E-mail已被注册'); } unset($r); } else { if (!preg_match("#^(http|news|https|ftp|ed2k|rtsp|mms)://#", $email)) { redirect('网站email错误'); } $key = array("\\",' ',"'",'"','*',',','<','>',"\r","\t","\n",'(',')','+',';'); foreach($key as $value){ if (strpos($email,$value) !== false){ redirect('网站email错误'); } } } } $username = char_cv($username); $newpassword = md5($newpassword); $query = $db->query("SELECT uid FROM {$tablepre}xna_users WHERE username='$username'"); if($db->num($query)) { redirect('该用户名已被注册'); } $db->query("INSERT INTO {$tablepre}xna_users (username, password, email, regtime, regip, groupid) VALUES ('$username', '$newpassword', '$email', '$timestamp', '$onlineip', '$groupid')"); redirect('添加新用户成功', 'index.php?job=user&action=list'); } //修改用户 if($action == 'moduser') { $username = trim($_POST['username']); $newpassword = trim($_POST['newpassword']); $comfirpassword = trim($_POST['comfirpassword']); $email = trim($_POST['email']); $groupid = intval($_POST['groupid']); $uid = intval($_POST['uid']); if (!$username || strlen($username) > 20) { redirect('登陆名不能为空并且不能超过20个字符'); } $password_sql = ''; if ($newpassword) { if(strlen($newpassword) < 6) { redirect('新密码长度不能小于6位'); } if ($newpassword != $comfirpassword) { redirect('请确认输入的新密码一致'); } if (strpos($newpassword,"\n") !== false || strpos($password,"\r") !== false || strpos($password,"\t") !== false) { redirect('密码包含不可接受字符'); } $password_sql = ", password='".md5($newpassword)."'"; } $name_key = array("\\",'&',' ',"'",'"','/','*',',','<','>',"\r","\t","\n",'#','$','(',')','%','@','+','?',';','^'); foreach($name_key as $value){ if (strpos($username,$value) !== false){ redirect('用户名包含敏感字符'); } } $email = char_cv($email); if ($email) { if (isemail($email)) { $r = $db->fetch_one_array("SELECT uid FROM {$tablepre}xna_users WHERE email='$email' AND uid!='$uid'"); if($r['uid']) { redirect('该E-mail已被注册'); } unset($r); } else { if (!preg_match("#^(http|news|https|ftp|ed2k|rtsp|mms)://#", $email)) { redirect('网站email错误'); } $key = array("\\",' ',"'",'"','*',',','<','>',"\r","\t","\n",'(',')','+',';'); foreach($key as $value){ if (strpos($email,$value) !== false){ redirect('网站email错误'); } } } } $username = char_cv($username); $r = $db->fetch_one_array("SELECT uid FROM {$tablepre}xna_users WHERE username='$username' AND uid!='$uid'"); echo ("SELECT uid FROM {$tablepre}xna_users WHERE username='$username' AND uid!='$uid'"); if($r) { redirect('该用户名已被注册'); } $usernamesql = $username ? "username='$username'," : ''; $db->query("UPDATE {$tablepre}xna_users SET $usernamesql email='$email', groupid='$groupid' $password_sql WHERE uid='$uid'"); redirect('用户修改成功','index.php?job=user&action=mod&uid='.$uid); } //删除用户 if($action == 'delusers') { if ($uids = implode_ids($_POST['user'])) { $user_count = count($_POST['user']); if ($_POST['deluserarticle']) { $aids = $a_tatol = 0; $db->query("DELETE FROM {$tablepre}xna_comment WHERE feedid IN ($aids)"); $db->query("DELETE FROM {$tablepre}xna_feed WHERE uid IN ($uids)"); $db->query("UPDATE {$tablepre}xna_statistics SET feed_count=feed_count-".$a_tatol); } // 删除用户 $db->query("DELETE FROM {$tablepre}xna_users WHERE uid IN ($uids)"); $db->query("UPDATE {$tablepre}xna_statistics SET user_count=user_count-".$user_count); categories_recache(); statistics_recache(); redirect('删除用户成功', 'index.php?job=user&action=list'); } else { redirect('未选择任何用户'); } } if($action == 'list') { $groupid = intval($_GET['groupid']); if($page) { $start_limit = ($page - 1) * 30; } else { $start_limit = 0; $page = 1; } $subnav = '全部用户'; $sqladd = ' WHERE 1 '; $pagelink = ''; //察看是否发表过评论 $lasttime = in_array($_GET['lasttime'],array('already','never')) ? $_GET['lasttime'] : ''; if ($lasttime == 'already') { $sqladd .= " AND lasttime <> '0'"; $pagelink .= '&lasttime=already'; $subnav = '发表过评论的用户'; } if ($lasttime == 'never') { $sqladd .= " AND lasttime='0'"; $pagelink .= '&lasttime=never'; $subnav = '从未发表过评论的用户'; } //察看用户组 if ($groupid && in_array($groupid,array_flip($groupdb))) { $sqladd .= " AND groupid='$groupid'"; $pagelink .= '&groupid='.$groupid; $subnav = $groupdb[$groupid].'的用户'; } //察看IP段 $ip = char_cv($_GET['ip']); if ($ip) { $frontlen = strrpos($ip, '.'); $ipc = substr($ip, 0, $frontlen); $sqladd .= " AND (loginip LIKE '%".$ipc."%')"; $pagelink .= '&ip='.$ip; $subnav = '上次登陆IP为['.$ip.']同一C段的相关用户'; } //搜索用户 $srhname = char_cv($_GET['srhname'] ? $_GET['srhname'] : $_POST['srhname']); if ($srhname) { $sqladd .= " AND (BINARY username LIKE '%".str_replace('_', '\_', $srhname)."%' OR username='$srhname')"; $pagelink .= '&srhname='.$srhname; } //排序 $order = $_GET['order']; if ($order && in_array($order,array('username','logincount','regtime'))) { $orderby = $order; $orderdb = array('username'=>'用户名','logincount'=>'登陆次数','regtime'=>'注册时间'); $subnav = '以'.$orderdb[$order].'降序察看全部用户'; $pagelink .= '&order='.$order; } else { $orderby = 'uid'; } $tatol = $db->num($db->query("SELECT uid FROM {$tablepre}xna_users ".$sqladd)); $multipage = multi($tatol, 30, $page, 'index.php?job=user&action=list'.$pagelink); $query = $db->query("SELECT uid,username,logincount,loginip,logintime,email,regtime,groupid,lasttime FROM {$tablepre}xna_users $sqladd ORDER BY $orderby DESC LIMIT $start_limit, 30"); $userdb = array(); while ($user = $db->row($query)) { $user['lasttime'] = $user['lasttime'] ? sadate('Y-m-d H:i',$user['lasttime']) : '从未发表'; $user['regtime'] = sadate('Y-m-d',$user['regtime']); $user['email'] = $user['email'] ? (isemail($user['email']) ? '发送邮件' : '访问主页') : 'Null'; $user['logintime'] = $user['logintime'] ? sadate('Y-m-d H:i',$user['logintime']) : '从未登陆'; $user['loginip'] = $user['loginip'] ? $user['loginip'] : '从未登陆'; $user['group'] = $groupdb[$user['groupid']]; $user['disabled'] = ($user['groupid'] == 1 || $user['uid'] == 1) ? 'disabled' : ''; $userdb[] = $user; } unset($user); $db->free($query); } //end list if (in_array($action, array('add', 'mod'))) { if ($action == 'add') { $subnav = '添加用户'; $do = 'adduser'; $groupselect[3] = 'selected'; } else { $uid = intval($_GET['uid']); $subnav = '修改用户'; $do = 'moduser'; $info = $db->fetch_one_array("SELECT * FROM {$tablepre}xna_users WHERE uid='$uid'"); $groupselect[$info['groupid']] = 'selected'; } } //end mod if($action == 'del') { if ($uids = implode_ids($_POST['user'])) { $userdb = array(); $query = $db->query("SELECT uid,username FROM {$tablepre}xna_users WHERE uid IN ($uids) AND groupid <> '1' AND uid <> '1'"); while ($user = $db->row($query)) { $userdb[] = $user; } unset($user); $db->free($query); } else { redirect('未选择任何用户'); } $subnav = '删除用户'; }// end del $navlink_L = ' » 用户管理'.($subnav ? ' » '.$subnav : ''); cpheader(); include template("user", _ROOT . "/template/admin/"); ?>