web.ems/wxc2_omc/security/userManage/userConf.php

<?php
/*********************************************************      
 程序说明:         
    功能说明:本程序实现对系统操作员的资料进行编辑
    调用关系:调用:header.inc     
    变量说明:
    返回值:无
	作者:      
      
修改注释:      
NO.1      
姓名:            
时间:      
修改说明:      
*********************************************************/    
require("../../inc/header.inc");
?>
<body leftmargin="15" rightmargin="10" onload="javascript:adjust();" onresize="javascript:adjust();" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;">
<?php
adjust_head();
adjust_title_head();

echo "<table id=\"table_up\" border=\"0\" width=\"100%\">";
	echo "<tr>";
	echo "<td width=\"50%\" align=\"left\">";
	echo "Advanced > Administrator";
	echo "</td>";
	echo "<td width=\"50%\" align=\"right\" title=\"Help\">";
	showHelp($helpId);
	echo "</td>";
	echo "</tr>";
	echo "</table>";
adjust_title_tail();
adjust_content_head();
echo "<br>";

$DEBUG = 1;
$pubDb		='OMC_PUB';
$table_name	='sysUser';
if (!isset($privilegeFlag)) {
	$privilegeFlag = 0;
}
if($DEBUG)	echo "userInfo[ID] = $userInfo[ID]<br>";
// echo "<pre>";
// echo print_r($userInfo);
// echo "</pre>";
$confMode=$_REQUEST['confMode'];
$userName=$_REQUEST['userName'];
if($DEBUG) echo "confMode=$confMode, userName=$userName<br>";
$old_userName=$_REQUEST['old_userName'];?>
<script language="JavaScript">
<!--
function question_Validator(theForm)
{
<?php
  
if( $userName != '')
{
?>
	if(theForm.new_password_1.value.length> 0 || theForm.new_password_2.value.length> 0){
		if(theForm.new_password_1.value.length < 6 || theForm.new_password_1.value.length> 16){  
			var NewPasswordMistake="<?php echo $strPasswordDigitHasAMistake; ?>";
			alert(NewPasswordMistake);
			theForm.new_password_1.focus();
			return (false);
		}
		if(theForm.new_password_1.value != theForm.new_password_2.value){  
			var NotCoherent="<?php echo $strInputPasswordIsNotCoherent; ?>";
			alert(NotCoherent);
			theForm.new_password_1.focus();
			return (false);
		}
	}
<?php 
}else{
?>
	if(theForm.userName.value==''){
		var AccountEmpty="<?php echo $strAccountCannotBeEmpty; ?>";
		alert(AccountEmpty);
		theForm.userName.focus();
		return(false);
	}else if(theForm.password.value==''){ 
		var PasswordEmpty="<?php echo $strPasswordCannotBeEmpty; ?>";
		alert(PasswordEmpty);
		theForm.userName.focus();
		return(false);
	}else if(theForm.realName.value==''){
		var InputName="<?php echo $strPleaseInputRealName; ?>";
		alert(InputName);
		theForm.userName.focus();
		return(false);
	}else{
		if(theForm.re_password.value.length> 0 || theForm.password.value.length> 0){
			if(theForm.re_password.value.length < 6 || theForm.re_password.value.length> 16){  
				var PasswordLength="<?php echo $strPasswordDigitHasAMistake; ?>";
				alert(PasswordLength);
				theForm.password.focus();
				return (false);
			}
			if(theForm.password.value != theForm.re_password.value){  
				var RepeatPassword="<?php echo $strInputPasswordIsNotCoherent; ?>";
				alert(RepeatPassword);
				theForm.re_password.focus();
				return (false);
			}
		}
	}
<?php 
 }
?>
 return (true);
}

function set_value(check_box,check_input,check_value)
 {      if(check_box.checked){
		check_input.value=check_value;
	}else{
		check_input.value='';
	}
 }

//-->
</script>

<?php
	$str_sql="SELECT *
		FROM $table_name
		WHERE userName = '$userName'
		";
	$result = @mysqli_query($pubConn,$str_sql);
	$myrows = @mysqli_fetch_array($result);
?>

<?php
if (($confMode == 'add')||($confMode == 'edit')){
?>
<form action="<?php echo"$PHP_SELF?table_name=$table_name&old_userName=$myrows[userName]"; ?>"  method="POST"  onsubmit="return question_Validator(this)" name="operForm">   
  <table border="1" width="100%"  cellpadding="2" cellspacing="0" bordercolor="#666666" bordercolordark="#FFFFFF"  height="189">  
    <tr>  
      <td colspan=3 vAlign="top"  bgcolor="#E6E6E6" height="12"><b>
	  <?php 
		  if($userName != ''){ 
			echo $strOperatorList; 
		  }else{
			echo $strAddOperator; 
		  }
	  ?>
	  </b></td>  
    </tr>  
    <tr>  
      <td><?php echo $strRealName; ?></td>      
      <td><input type="text" name="realName" size="16" value="<?php echo"$myrows[realName]"?>" class="text"></td>      
      <td width="150"> <?php echo $strLessThanSixteencharacters; ?></td>      
    </tr>  
	<?php
		echo "<tr>";
		echo "<td>$strAccountName</td>";
		$userName = $myrows[userName];
		if ( $confMode == 'edit' ) {
			echo "<td>$myrows[userName]</td>";
		} else {
			echo "<td><input type=\"text\" name=\"userName\" size=\"16\" class=\"text\"></td>";
		}
		echo "<td width=\"150\">$strMoreThanSixAndLessThanSixteencharacters;</td>";
		echo "</tr>";
    
		//修改用户资料
		if($userName != ''){ 
    ?>

    <tr> 
      <td> <?php echo "$strModifyPassword"; ?>(<?php echo "$strSuggestedLengthEqualSixcharacters"; ?>)</td>     
      <td> 
      <?php echo "$strNewPassword"; ?>:<input type="password" name="new_password_1" size="16" class="text">
      <td width="150"> <?php echo "$strMoreThanSixAndLessThanSixteencharacters"; ?></td>
    </tr>      
    <tr> 
      <td> &nbsp;&nbsp;&nbsp;</td>     
      <td> 
      <?php echo "$strRepeatInput"; ?><input type="password" name="new_password_2" size="16" class="text">
      <td width="150"> <?php echo $strMoreThanSixAndLessThanSixteencharacters; ?></td>
    </tr>   
    <?php
    }else{
    //添加用户
    ?>
     <tr> 
      <td><?php echo $strSystemLoginPassword; ?></td>     
      <td><input type="password" name="password" size="16" value="<?php echo"$myrows[password]"?>" class="text"></td>     
      <td width="150"><?php echo $strMoreThanSixAndLessThanSixteencharacters; ?></td>     
    </tr> 
     <tr> 
       <td><?php echo $strRepeatInputtingPassword; ?></td>     
      <td> <input type="password" name="re_password" size="16" class="text">
      <td width="150"> <?php echo $strMoreThanSixAndLessThanSixteencharacters; ?></td>
    </tr>
    <?php 
		  } 
		if ( $myrows[privilege]<$userInfo[privilege] ) {
			echo "<TR>";
			echo "<TD>$strOperationAuthority</TD>";
			echo "<TD>";
			//echo "$userInfo[privilege],$myrows[privilege]<br>";
			if('accountManager' == $userInfo[ID]){
				$limitPrivilege = 4;
			}else{
				$limitPrivilege = $userInfo[privilege];
			}
			//echo "limitPrivilege = $limitPrivilege";
			echo "<select name=selected_permit size=1 >";
			//for($i=0; $i < sizeof($privilegeDefArr); $i++){
			for($i=0; $i < $limitPrivilege; $i++){
				if($privilegeDefArr[$i][show] <= 0) continue;
				echo "<option value =\"$i\" ";
				if($myrows[privilege] == $privilegeDefArr[$i][permit]){
					echo "  selected";
				}
				echo ">{$privilegeDefArr[$i][remark]}</option>";
			}
			echo "</select>";
			echo "</TD>";
			echo "<TD>$strListedOption</TD>";
			echo "</TR>";
			$privilegeFlag = 1;
	  } else {
		  $privilegeFlag = 0;
	  }
	?>  
    <tr>      
     <td><?php echo $strTimeOfLastAccountInfoUpdate; ?></td> 
      <td>
      <?php 
		if($userName){
			echo "$myrows[updateTime]";
		}else{
			$updateTime=date("Y-m-d h:i:s",mktime());
			echo"$updateTime";
		}
      ?>
      
      </td>  		                                                   		              		                                      
      <td>&nbsp;</td>          
    </tr>
    <tr> 
      <td colspan=3 width=600><?php echo $strPleaseReviewTheTableCarefully; ?></td>           
    </tr> 
  </table> 
  <table  width="70%">  
    <tr align="center"> 
      <td><p>
		<?php 
			if($userName == ''){
				 echo "<input type=\"submit\" name=\"uadd\"  value=\"$strAdd\" class=\"button\">&nbsp;&nbsp;";
			}else{
				echo "<input type=\"submit\" name=\"change\" value=\"$strSave\" class=\"button\">&nbsp;&nbsp;";          
				echo "<input type=\"hidden\" name=\"userName\" value=\"$userName\">";
				echo "<input type=\"hidden\" name=\"privilegeFlag\" value=\"$privilegeFlag\">";
			}	
			echo "<input type=\"reset\" name=\"reset\" value=\"$strCancel\" class=\"button\">&nbsp;&nbsp;"; 	 
			echo "<input type=\"button\"  value=\"$strReturn\" class=\"button\" onclick=javascript:location.href=\"./userList.php?confUser=$userName\";>&nbsp;&nbsp;";
		?> 
	                       
      </td>                     
    </tr>                     
  </table>                     
</form>                 
<?php
}///end edit    
?>

<?php
$uadd=$_POST['uadd'];
$change=$_POST['change'];
//增加用户
if($uadd){
	 $user_permit = 0;
	 $userName=$_POST['userName'];
	 $realName=$_POST['realName'];
	 $password=$_POST['password'];
	 $selected_permit=$_POST['selected_permit'];
	 for($i=1; $i < sizeof($privilegeDefArr);$i++){
		if($selected_permit == $i){
			$user_permit=$privilegeDefArr[$i][permit];
			break;
		}
	 }
	$privilege=$user_permit;
	 $select_sql ="SELECT  count(*) as number_of_records
			FROM $table_name 
			WHERE userName='$userName' ";
	 $result = mysqli_query($pubConn,$select_sql);
	 $record = @mysql_fetch_object($result);
	 $number_of_records = $record->number_of_records;
	 //echo "<br>number_of_records=$number_of_records";
	 //echo "<br>select_sql=$select_sql";
	//echo "<br>realName=$realName,userName=$userName,password=$password,privilege=$privilege,updateTime=$updateTime";
	 if($number_of_records){
		echo "<script language=\"javascript\"> ";
		echo "alert('";
		echo "$strTheRecordExits,$strAddFails";
		echo "'); ";
		echo "</script>";
		$userName=$old_userNamer;
	}else{ 
		$str_sql="REPLACE INTO $table_name
			( realName,userName,password,privilege,updateTime)
			VALUES
			 ('$realName','$userName',md5('$password'),'$privilege',CURRENT_TIMESTAMP)
			 ";
		$log_name=$strAddUser."\'$userName\'";
		$result=mysqli_query($pubConn,$str_sql);
		if ($result)
			$log_name=$log_name.$strSuccessful;
		else
			$log_name=$log_name.$strFail;
		insertLog("$log_name");
	     if(!$result){
			echo "<script language=\"javascript\"> ";
			echo "alert('";
			echo "$strAddFails";
			echo "'); ";
			echo "</script>";
			$userName=$old_userNamer;
		 }else{
			echo "<script language=\"javascript\"> ";
			echo "alert('";
			echo "$strAddSucceeds";
			echo "'); ";
			echo "</script>";
			echo " <meta http-equiv=\"refresh\" content=\"0; url=./userList.php\"> ";
			//echo " <meta http-equiv=\"refresh\" content=\"0; url=../oper_list/oper_list_down.php\"> ";
			adjust_content_tail();
			exit();
		}
	}
}elseif($change){     //修改用户资料
 //修改记录时不能修改userName
 $userName=$_POST['userName'];
 $userName=$_POST['userName'];
 $realName=$_POST['realName'];
 $new_password_1=$_POST['new_password_1'];
 $selected_permit=$_POST['selected_permit'];
 $privilegeFlag=$_POST['privilegeFlag'];
	if ( 1 == $privilegeFlag ) {
		 $user_permit = 0;
		 for($i=1; $i < sizeof($privilegeDefArr);$i++){
			if($selected_permit == $i){
				$user_permit=$privilegeDefArr[$i][permit];
				break;
			}
		 }
		$privilege=$user_permit;
	}
	if($userName != $old_userName){
		echo "<script language=\"javascript\"> ";
		echo "alert('";
		echo "$strAddFails,$strCannotChangeUserName,$strIfYouWangToChangeItPleaseUseAddFunction";
		echo "'); ";
		echo "</script>";
		$userName=$old_userName;
	}else{
		if($new_password_1 != ''){  //修改密码
			$password=$new_password_1;
			if ( 1 == $privilegeFlag ) {
				$str_sql= "UPDATE $table_name
				   SET realName = '$realName',password = md5('$password'),privilege = '$privilege',updateTime=CURRENT_TIMESTAMP
				   WHERE userName ='$userName'
				  ";
			} else{
				$str_sql= "UPDATE $table_name
				   SET realName = '$realName',password = md5('$password'),updateTime=CURRENT_TIMESTAMP
				   WHERE userName ='$userName'
				  ";
			}
		}else{   //不修改密码
			if ( 1 == $privilegeFlag ) {
				$str_sql= "UPDATE $table_name
					   SET realName = '$realName',privilege = '$privilege',updateTime=CURRENT_TIMESTAMP
						   WHERE userName ='$userName'
					   ";
			} else {
				$str_sql= "UPDATE $table_name
					   SET realName = '$realName',updateTime=CURRENT_TIMESTAMP
						   WHERE userName ='$userName'
					   ";
			}
		}
		//echo "<br>str_sql=$str_sql";
		$log_name=$strEditUser."\'$userName\'";
		$result = mysqli_query($pubConn,$str_sql);
		if ($result)
			$log_name = $log_name.$strSuccessful;
		else
			$log_name = $log_name.$strFail;
		insertLog("$log_name");

		if(!$result){ //插入日志中的$result
			echo "<script language=\"javascript\"> ";
			echo "alert('";
			echo "$strModificationFails";
			echo "'); ";
			echo "</script>";
			$userName=$old_userNamer;
		 }else{
		       echo "<script language=\"javascript\"> ";
		       echo "alert('";
		       echo "$strModificationSucceeds";
		       echo "'); ";
		       echo "</script>"; 
		 }
		 echo " <meta http-equiv=\"refresh\" content=\"0; url=./userList.php\"> ";
	}
}

//删除用户

//if($delete)
if ($confMode == 'del')
 {
	$sureDel = $_POST['sureDel'];
	//echo "<br>userName=$userName";
	if (($sureDel == 'Yes')||($sureDel=='是')){
		$delSql="DELETE FROM $table_name WHERE userName='$userName'";
		if($DEBUG) echo "<br>delSql = $delSql";
		$del_result = mysqli_query($pubConn,$delSql);
		//echo "<br>del_result=$del_result";
		if ($del_result==1){
			echo "<br><font size=3 color=blue>$strDelete $strSuccessful</font>";
			$log_name=$strDelUser."\'$userName\'".$strSuccessful;
			insertLog("$log_name");
		}
		echo " <meta http-equiv=\"refresh\" content=\"1; url=./userList.php\"> ";
	}
	elseif (($sureDel == 'No')||($sureDel=='否')){
		echo "<br><font size=3 color=blue>$strDelCancel</font>";
		echo " <meta http-equiv=\"refresh\" content=\"3; url=./userList.php\"> ";
		//$confMode='edit';
	}
	else{
		echo "<font size=3 color=black>$strSureDel<font size=3 color=blue>$userName </font>?</font>";
		echo "<form method=\"POST\" name=\"confForm\" action=\"$PHP_SELF\">";
		echo "<input type=\"submit\" name=\"sureDel\" value=$strYes class=\"button\">";
		echo "<input type=\"submit\" name=\"sureDel\" value=$strNo class=\"button\">";
		echo "<input type=\"hidden\" name=\"confMode\" value=\"del\">";
		echo "<input type=\"hidden\" name=\"userName\" value=\"$userName\">";
		echo "</form>";
		adjust_content_tail();
		exit();
	}
 }

adjust_content_tail();

 ?>
               
</html>