PHP check_permissions函数代码示例

require_once dirname(__FILE__) . '/../data/config.php';
require_once dirname(__FILE__) . '/include/admin_common.inc.php';
require_once ADMIN_ROOT_PATH . 'include/admin_weixin_fun.php';
$act = !empty($_GET['act']) ? trim($_GET['act']) : 'set_weixin';
$smarty->assign('act', $act);
$smarty->assign('navlabel', $act);
$smarty->assign('pageheader', "微信公众平台");
if ($act == 'set_weixin') {
    check_permissions($_SESSION['admin_purview'], "set_weixinconnect");
    get_token();
    $smarty->assign('rand', rand(1, 100));
    $smarty->assign('upfiles_dir', $upfiles_dir);
    $smarty->assign('config', $_CFG);
    $smarty->display('weixin/admin_weixin.htm');
} elseif ($act == 'set_weixin_save') {
    check_permissions($_SESSION['admin_purview'], "set_weixinconnect");
    check_token();
    $has_weixin_scan_login_cache = $db->getone("select 1 from " . table('config') . " where name='weixin_scan_login'");
    if (!$has_weixin_scan_login_cache) {
        inserttable(table("config"), array("name" => "weixin_scan_login"));
    }
    require_once ADMIN_ROOT_PATH . 'include/upload.php';
    if ($_FILES['weixin_img']['name']) {
        $weixin_img = _asUpFiles($upfiles_dir, "weixin_img", 1024 * 2, 'jpg/gif/png', "weixin_img");
        !$db->query("UPDATE " . table('config') . " SET value='{$weixin_img}' WHERE name='weixin_img'") ? adminmsg('更新站点设置失败', 1) : "";
    }
    if ($_FILES['weixin_first_pic']['name']) {
        $weixin_first_pic = _asUpFiles($upfiles_dir, "weixin_first_pic", 1024 * 2, 'jpg/gif/png', "weixin_first_pic");
        !$db->query("UPDATE " . table('config') . " SET value='{$weixin_first_pic}' WHERE name='weixin_first_pic'") ? adminmsg('更新站点设置失败', 1) : "";
    }
    if ($_FILES['weixin_default_pic']['name']) {

            $counter++;
        }
        $tpl->parse('ALS_LIST', 'als_list');
        $tpl->assign('ALS_MESSAGE', '');
    }
}
//
// common page data.
//
global $cfg;
$theme_color = $cfg['USER_INITIAL_THEME'];
$tpl->assign(array('TR_CLIENT_MANAGE_DOMAINS_PAGE_TITLE' => tr('VHCS - Client/Manage Domains'), 'THEME_COLOR_PATH' => "../themes/{$theme_color}", 'THEME_CHARSET' => tr('encoding'), 'TID' => $_SESSION['layout_id'], 'VHCS_LICENSE' => $cfg['VHCS_LICENSE'], 'ISP_LOGO' => get_logo($_SESSION['user_id'])));
//
// dynamic page data.
//
gen_user_sub_list($tpl, $sql, $_SESSION['user_id']);
gen_user_als_list($tpl, $sql, $_SESSION['user_id']);
//
// static page messages.
//
gen_client_menu($tpl);
gen_logged_from($tpl);
check_permissions($tpl);
$tpl->assign(array('TR_MANAGE_DOMAINS' => tr('Manage domains'), 'TR_DOMAIN_ALIASES' => tr('Domain aliases'), 'TR_ALS_NAME' => tr('Name'), 'TR_ALS_MOUNT' => tr('Mount point'), 'TR_ALS_FORWARD' => tr('Forward'), 'TR_ALS_STATUS' => tr('Status'), 'TR_ALS_ACTION' => tr('Action'), 'TR_SUBDOMAINS' => tr('Subdomains'), 'TR_SUB_NAME' => tr('Name'), 'TR_SUB_MOUNT' => tr('Mount point'), 'TR_SUB_STATUS' => tr('Status'), 'TR_SUB_ACTION' => tr('Action'), 'TR_MESSAGE_DELETE' => tr('Are you sure you want to delete')));
gen_page_message($tpl);
$tpl->parse('PAGE', 'page');
$tpl->prnt();
if (isset($cfg['DUMP_GUI_DEBUG'])) {
    dump_gui_debug();
}
unset_messages();

    if (inserttable(table('simple'), $setsqlarr)) {
        $link[0]['text'] = "返回列表";
        $link[0]['href'] = '?act=list';
        $link[1]['text'] = "继续添加";
        $link[1]['href'] = "?act=simple_add";
        adminmsg("添加成功！", 2, $link);
    } else {
        adminmsg("添加失败！", 0);
    }
} elseif ($act == 'simple_edit') {
    get_token();
    $id = intval($_REQUEST['id']);
    if (empty($id)) {
        adminmsg("您没有选择项目！", 1);
    }
    check_permissions($_SESSION['admin_purview'], "simple_edit");
    $sql = "select * from " . table('simple') . " where id = '{$id}' LIMIT 1";
    $show = $db->getone($sql);
    $show['district_cn'] = $show['district_cn'] . "/" . $show['sdistrict_cn'];
    $smarty->assign('show', $show);
    $smarty->display('simple/admin_simple_edit.htm');
} elseif ($act == 'simple_edit_save') {
    $id = intval($_POST['id']);
    if (empty($id)) {
        adminmsg("您没有选择项目！", 1);
    }
    if ($_POST['pwd']) {
        $info = $db->getone("select * from " . table('simple') . " where id = '{$id}' LIMIT 1");
        $setsqlarr['pwd'] = md5(md5($_POST['pwd']) . $info['pwd_hash'] . $QS_pwdhash);
    }
    $setsqlarr['jobname'] = trim($_POST['jobname']) ? trim($_POST['jobname']) : adminmsg('您没有填写职位名称！', 1);

 * 版权所有: 骑士网络，并保留所有权利。
 * 网站地址: http://www.74cms.com；
 * ----------------------------------------------------------------------------
 * 这不是一个自由软件！您只能在不用于商业目的的前提下对程序代码进行修改和
 * 使用；不允许对程序代码以任何形式任何目的的再发布。
 * ============================================================================
*/
define('IN_QISHI', true);
require_once dirname(__FILE__) . '/../data/config.php';
require_once dirname(__FILE__) . '/include/admin_common.inc.php';
require_once ADMIN_ROOT_PATH . 'include/admin_category_fun.php';
$act = !empty($_GET['act']) ? trim($_GET['act']) : 'district';
if ($_CFG['subsite_id'] > 0) {
    adminmsg('您没有管理权限！', 0);
}
check_permissions($_SESSION['admin_purview'], "site_category");
$smarty->assign('pageheader', "分类管理");
if ($act == 'grouplist') {
    get_token();
    $smarty->assign('navlabel', "group");
    $smarty->assign('group', get_category_group());
    $smarty->display('category/admin_category_group.htm');
} elseif ($act == 'add_group') {
    get_token();
    $smarty->assign('navlabel', "group");
    $smarty->display('category/admin_category_group_add.htm');
} elseif ($act == 'add_group_save') {
    check_token();
    $setsqlarr['g_name'] = !empty($_POST['g_name']) ? trim($_POST['g_name']) : adminmsg("请填写分组名", 1);
    $setsqlarr['g_alias'] = !empty($_POST['g_alias']) ? trim($_POST['g_alias']) : adminmsg("请填写调用名", 1);
    $info = get_category_group_one($setsqlarr['g_alias']);

    include DOKU_INC . 'inc/lang/' . $LC . '/install.html';
} else {
    print "<div lang=\"en\" dir=\"ltr\">\n";
    include DOKU_INC . 'inc/lang/en/install.html';
    print "</div>\n";
}
?>
        <a style="background: transparent url(data/security.png) left top no-repeat;
                  display: block; width:380px; height:73px; border:none; clear:both;"
           target="_blank"
           href="http://www.dokuwiki.org/security#web_access_security"></a>
    </div>

    <div style="float: left; width: 58%;">
        <?php 
if (!(check_functions() && check_permissions())) {
    echo '<p>' . $lang['i_problems'] . '</p>';
    print_errors();
    print_retry();
} elseif (!check_configs()) {
    echo '<p>' . $lang['i_modified'] . '</p>';
    print_errors();
} elseif (check_data($_REQUEST['d'])) {
    // check_data has sanitized all input parameters
    if (!store_data($_REQUEST['d'])) {
        echo '<p>' . $lang['i_failure'] . '</p>';
        print_errors();
    } else {
        echo '<p>' . $lang['i_success'] . '</p>';
    }
} else {

 * 74cms 个人设置
 * ============================================================================
 * 版权所有: 骑士网络，并保留所有权利。
 * 网站地址: http://www.74cms.com；
 * ----------------------------------------------------------------------------
 * 这不是一个自由软件！您只能在不用于商业目的的前提下对程序代码进行修改和
 * 使用；不允许对程序代码以任何形式任何目的的再发布。
 * ============================================================================
*/
define('IN_QISHI', true);
require_once dirname(__FILE__) . '/../data/config.php';
require_once dirname(__FILE__) . '/include/admin_common.inc.php';
$act = !empty($_GET['act']) ? trim($_GET['act']) : 'set';
$smarty->assign('act', $act);
$smarty->assign('pageheader', "个人设置");
check_permissions($_SESSION['admin_purview'], "set_per");
if ($act == 'set') {
    get_token();
    $smarty->assign('config', $_CFG);
    $smarty->assign('text', get_cache('text'));
    $smarty->display('set_per/admin_set_per.htm');
} elseif ($act == 'set_save') {
    check_token();
    //填写管理员日志
    write_log("后台更新设置", $_SESSION['admin_name'], 3);
    foreach ($_POST as $k => $v) {
        !$db->query("UPDATE " . table('config') . " SET value='{$v}' WHERE name='{$k}'") ? adminmsg('更新设置失败', 1) : "";
    }
    foreach ($_POST as $k => $v) {
        !$db->query("UPDATE " . table('text') . " SET value='{$v}' WHERE name='{$k}'") ? adminmsg('更新设置失败', 1) : "";
    }

<?php

/*************************************/
/*           ezRPG script            */
/*         Written by Zeggy          */
/*         and CheapDevotion         */
/*    http://www.ezrpgproject.com    */
/*************************************/
include "./lib.php";
define("PAGENAME", "Add Item");
if (check_permissions($player, 75) == 0) {
    include "./header.php";
    echo "Your GM rank is not high enough to access this page!";
    include "./footer.php";
    exit;
}
//array of item types - probably needs to be added to database
$itemtype[0] = "weapon";
$itemtype[1] = "armour";
$msg1 = "<font color=\"red\">";
//Name error?
$msg2 = "<font color=\"red\">";
//Description error?
$msg3 = "<font color=\"red\">";
//Type error?
$msg4 = "<font color=\"red\">";
//Effectiveness error?
$msg5 = "<font color=\"red\">";
//Price error?
$error = 0;
if ($_POST['add_item']) {

/*
 * 74cms HR工具箱
 * ============================================================================
 * 版权所有: 骑士网络，并保留所有权利。
 * 网站地址: http://www.74cms.com；
 * ----------------------------------------------------------------------------
 * 这不是一个自由软件！您只能在不用于商业目的的前提下对程序代码进行修改和
 * 使用；不允许对程序代码以任何形式任何目的的再发布。
 * ============================================================================
*/
define('IN_QISHI', true);
require_once dirname(__FILE__) . '/../data/config.php';
require_once dirname(__FILE__) . '/include/admin_common.inc.php';
require_once ADMIN_ROOT_PATH . 'include/admin_hrtools_fun.php';
require_once ADMIN_ROOT_PATH . 'include/upload.php';
check_permissions($_SESSION['admin_purview'], "hrtools");
$act = !empty($_GET['act']) ? trim($_GET['act']) : 'list';
$hrtools_updir = "../data/hrtools/";
$hrtools_dir = "data/hrtools/";
$smarty->assign('pageheader', "HR工具箱");
if ($act == 'list') {
    get_token();
    require_once QISHI_ROOT_PATH . 'include/page.class.php';
    $oederbysql = " order BY h.h_order DESC,h_id DESC";
    $key = isset($_GET['key']) ? trim($_GET['key']) : "";
    $key_type = isset($_GET['key_type']) ? intval($_GET['key_type']) : "";
    if ($key && $key_type > 0) {
        if ($key_type === 1) {
            $wheresql = " WHERE h.h_filename like '%{$key}%'";
        }
        $oederbysql = "";

    if (empty($resume)) {
        $link[0]['text'] = "返回简历列表";
        $link[0]['href'] = '?act=list';
        adminmsg('简历不存在或已经被删除！', 1, $link);
    }
    $smarty->assign('random', mt_rand());
    $smarty->assign('time', time());
    $smarty->assign('url', $_SERVER["HTTP_REFERER"]);
    $smarty->assign('resume', $resume);
    $smarty->assign('resume_education', get_resume_education($uid, $id));
    $smarty->assign('resume_work', get_resume_work($uid, $id));
    $smarty->assign('resume_training', get_resume_training($uid, $id));
    $smarty->assign('resumeaudit', get_resumeaudit_one($id));
    $smarty->display('personal/admin_personal_resume_show.htm');
} elseif ($act == 'del_auditreason') {
    check_permissions($_SESSION['admin_purview'], "resume_audit");
    $id = !empty($_REQUEST['a_id']) ? $_REQUEST['a_id'] : adminmsg("你没有选择日志！", 1);
    $n = reasonaudit_del($id);
    if ($n > 0) {
        adminmsg("删除成功！共删除 {$n} 行", 2);
    } else {
        adminmsg("删除失败！", 0);
    }
} elseif ($act == 'management') {
    $id = intval($_GET['id']);
    $u = get_user($id);
    if (!empty($u)) {
        unset($_SESSION['uid']);
        unset($_SESSION['username']);
        unset($_SESSION['utype']);
        unset($_SESSION['uqqid']);

/*
 * 74cms 邮件群发
 * ============================================================================
 * 版权所有: 骑士网络，并保留所有权利。
 * 网站地址: http://www.74cms.com；
 * ----------------------------------------------------------------------------
 * 这不是一个自由软件！您只能在不用于商业目的的前提下对程序代码进行修改和
 * 使用；不允许对程序代码以任何形式任何目的的再发布。
 * ============================================================================
*/
define('IN_QISHI', true);
require_once dirname(__FILE__) . '/../data/config.php';
require_once dirname(__FILE__) . '/include/admin_common.inc.php';
require_once ADMIN_ROOT_PATH . 'include/admin_mailqueue_fun.php';
$act = !empty($_GET['act']) ? trim($_GET['act']) : 'list';
check_permissions($_SESSION['admin_purview'], "mailqueue");
$smarty->assign('pageheader', "邮件群发");
if ($act == 'list') {
    get_token();
    require_once QISHI_ROOT_PATH . 'include/page.class.php';
    $key = isset($_GET['key']) ? trim($_GET['key']) : "";
    $key_type = isset($_GET['key_type']) ? intval($_GET['key_type']) : "";
    if (!empty($key) && $key_type > 0) {
        if ($key_type === 1) {
            $wheresql = " WHERE m_subject like '%{$key}%'";
        }
        if ($key_type === 2) {
            $wheresql = " WHERE m_mail = '{$key}'";
        }
        $oederbysql = "";
    }

 * 74cms 邮件发送
 * ============================================================================
 * 版权所有: 骑士网络，并保留所有权利。
 * 网站地址: http://www.74cms.com；
 * ----------------------------------------------------------------------------
 * 这不是一个自由软件！您只能在不用于商业目的的前提下对程序代码进行修改和
 * 使用；不允许对程序代码以任何形式任何目的的再发布。
 * ============================================================================
*/
define('IN_QISHI', true);
require_once dirname(__FILE__) . '/../data/config.php';
require_once dirname(__FILE__) . '/include/admin_common.inc.php';
$act = !empty($_GET['act']) ? trim($_GET['act']) : 'send';
$smarty->assign('pageheader', "邮件营销");
//需要注意
check_permissions($_SESSION['admin_purview'], "send_email");
if ($act == 'send') {
    get_token();
    $url = trim($_REQUEST['url']);
    if (empty($url)) {
        $url = "?act=send";
    }
    $smarty->assign('url', $url);
    $smarty->display('mail/admin_mail_send.htm');
} elseif ($act == 'email_send') {
    $email = trim($_POST['email']);
    $subject = trim($_POST['subject']);
    $body = trim($_POST['body']);
    $url = trim($_REQUEST['url']);
    if (empty($subject) || empty($body)) {
        crmmsg('标题和内容不能为空！', 0);

 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
require_once '../libs/common.php';
require_once '../libs/operator.php';
require_once '../libs/groups.php';
require_once '../libs/getcode.php';
$operator = check_login();
check_permissions($operator, $can_administrate);
loadsettings();
$stylelist = get_style_list("../styles");
$style = verifyparam("style", "/^\\w*\$/", "");
if ($style && !in_array($style, $stylelist)) {
    $style = "";
}
$groupid = verifyparam_groupid("group");
$showhost = verifyparam("hostname", "/^on\$/", "") == "on";
$forcesecure = verifyparam("secure", "/^on\$/", "") == "on";
$modsecurity = verifyparam("modsecurity", "/^on\$/", "") == "on";
$allLocales = get_available_locales();
$lang = verifyparam("lang", "/^[\\w-]{2,5}\$/", "");
if (!$lang || !in_array($lang, $allLocales)) {
    $lang = in_array($current_locale, $allLocales) ? $current_locale : $allLocales[0];
}

/*
 * 74cms 短信发送
 * ============================================================================
 * 版权所有: 骑士网络，并保留所有权利。
 * 网站地址: http://www.74cms.com；
 * ----------------------------------------------------------------------------
 * 这不是一个自由软件！您只能在不用于商业目的的前提下对程序代码进行修改和
 * 使用；不允许对程序代码以任何形式任何目的的再发布。
 * ============================================================================
*/
define('IN_QISHI', true);
require_once dirname(__FILE__) . '/../data/config.php';
require_once dirname(__FILE__) . '/include/crm_common.inc.php';
$act = !empty($_GET['act']) ? trim($_GET['act']) : 'send';
check_permissions($_SESSION['crm_admin_purview'], "send_sms");
$smarty->assign('pageheader', "短信营销");
if ($act == 'send') {
    get_token();
    //$smarty->assign('navlabel','testing');
    $url = trim($_REQUEST['url']);
    if (empty($url)) {
        $url = "?act=send";
    }
    $smarty->assign('url', $url);
    $smarty->display('sms/crm_sms_send.htm');
} elseif ($act == 'sms_send') {
    $txt = trim($_POST['txt']);
    $mobile = trim($_POST['mobile']);
    $url = trim($_REQUEST['url']);
    if (empty($txt)) {

/*
 * 74cms 计划任务
 * ============================================================================
 * 版权所有: 骑士网络，并保留所有权利。
 * 网站地址: http://www.74cms.com；
 * ----------------------------------------------------------------------------
 * 这不是一个自由软件！您只能在不用于商业目的的前提下对程序代码进行修改和
 * 使用；不允许对程序代码以任何形式任何目的的再发布。
 * ============================================================================
*/
define('IN_QISHI', true);
require_once dirname(__FILE__) . '/../data/config.php';
require_once dirname(__FILE__) . '/include/admin_common.inc.php';
require_once ADMIN_ROOT_PATH . 'include/admin_crons_fun.php';
$act = !empty($_GET['act']) ? trim($_GET['act']) : 'list';
check_permissions($_SESSION['admin_purview'], "crons");
$smarty->assign('pageheader', "计划任务");
if ($act == 'list') {
    require_once QISHI_ROOT_PATH . 'include/page.class.php';
    $total_sql = "SELECT COUNT(*) AS num FROM " . table('crons');
    $total_val = $db->get_total($total_sql);
    $page = new page(array('total' => $total_val, 'perpage' => $perpage, 'getarray' => $_GET));
    $currenpage = $page->nowindex;
    $offset = ($currenpage - 1) * $perpage;
    $list = get_crons($offset, $perpage, $wheresql . $oederbysql);
    $smarty->assign('list', $list);
    $smarty->assign('page', $page->show(3));
    $smarty->assign('navlabel', "list");
    get_token();
    $smarty->display('crons/admin_crons.htm');
} elseif ($act == 'add') {

        $tpl->assign('group_name', stripslashes($group_name));
        $tpl->assign('prio', $prio);
        $tpl->display('routes_groups_modify.tpl');
        exit;
    } elseif ($_POST['confirm']) {
        if ($id_group) {
            $db->sql_query("update routes_groups set group_name='{$group_name}', id_tariff='{$id_tariff}', prio='{$prio}' where id='{$id_group}'");
        } else {
            $db->sql_query("insert into routes_groups (group_name, id_tariff, prio) values('{$group_name}', '{$id_tariff}', '{$prio}')");
        }
        header("location: routes_groups.php?id_tariff={$id_tariff}");
        exit;
    }
}
if ($_POST['delselected'] || $_GET['delselected']) {
    check_permissions(CURR_SUBMENU, 2);
    $id = isset($_POST['id']) ? $_POST['id'] : $_GET['id'];
    if (count($id)) {
        foreach ($id as $value) {
            $value = intval($value);
            $db->sql_query("delete from routes where id_group='{$value}'");
            $db->sql_query("delete from routes_groups where id='{$value}'");
        }
        header("location: routes_groups.php?id_tariff={$id_tariff}");
    }
}
$tariffs['ids'][] = 0;
$tariffs['names'][] = $lang['all'];
$sql_where = $id_tariff ? "and id_tariff='{$id_tariff}'" : '';
$tpl->assign('id_tariff', $id_tariff);
$tpl->assign('tariffs', $tariffs);