diff --git a/web/app/controllers/super_manage.php b/web/app/controllers/super_manage.php index 19e0960..59edbac 100644 --- a/web/app/controllers/super_manage.php +++ b/web/app/controllers/super_manage.php @@ -7,6 +7,10 @@ define('SCRIPT_REFRESH_AS_GET', ''); + if (!Auth::check()) { + redirectToLogin(); + } + if (!isSuperUser($myUser)) { become403Page(); } @@ -225,7 +229,234 @@ $add_link_form->succ_href = '/super_manage/index#links'; $add_link_form->runAtServer(); } elseif ($cur_tab == 'users') { - // + $user_list_cond = []; + + if (isset($_GET['username']) && $_GET['username'] != "") { + $user_list_cond[] = "username like '%" . DB::escape($_GET['username']) . "%'"; + } + if (isset($_GET['usergroup']) && $_GET['usergroup'] != "") { + $user_list_cond[] = "usergroup = '" . DB::escape($_GET['usergroup']) . "'"; + } + if (isset($_GET['usertype']) && $_GET['usertype'] != "") { + $user_list_cond[] = "usertype like '%" . DB::escape($_GET['usertype']) . "%'"; + } + + if ($user_list_cond) { + $user_list_cond = join($user_list_cond, ' and '); + } else { + $user_list_cond = '1'; + } + + $register_form = new UOJForm('register'); + $register_form->addVInput('new_username', 'text', '用户名', '', + function ($username, &$vdata) { + if (!validateUsername($username)) { + return '用户名不合法'; + } + + if (queryUser($username)) { + return '该用户已存在'; + } + + $vdata['username'] = $username; + + return ''; + }, + null + ); + $register_form->addVInput('new_password', 'password', '密码', '', + function ($password, &$vdata) { + $vdata['password'] = $password; + + return ''; + }, + 'validatePassword' + ); + $register_form->addVInput('new_email', 'text', '电子邮件(选填)', '', + function ($email, &$vdata) { + if ($email && !validateEmail($email)) { + return '邮件地址不合法'; + } + + $vdata['email'] = $email; + + return ''; + }, + null + ); + $register_form->addVInput('new_realname', 'text', '真实姓名(选填)', '', + function ($realname, &$vdata) { + $vdata['realname'] = $realname; + + return ''; + }, + null + ); + $register_form->addVInput('new_school', 'text', '学校名称(选填)', '', + function ($school, &$vdata) { + $vdata['school'] = $school; + + return ''; + }, + null + ); + $register_form->handle = function(&$vdata) { + $username = $vdata['username']; + $realname = DB::escape($vdata['realname']); + $school = DB::escape($vdata['school']); + $email = DB::escape($vdata['email']); + $password = hash_hmac('md5', $vdata['password'], getPasswordClientSalt()); + $password = getPasswordToStore($password, $username); + $svn_password = uojRandString(10); + + DB::query("insert into user_info (username, realname, email, school, password, svn_password, register_time, usergroup) values ('$username', '$realname', '$email', '$school', '$password', '$svn_password', now(), 'U')"); + + header('Content-Type: application/json'); + die(json_encode(['status' => 'success', 'message' => ''])); + }; + $register_form->setAjaxSubmit(<<runAtServer(); + + $change_password_form = new UOJForm('change_password'); + $change_password_form->addVInput('p_username', 'text', '用户名', '', + function ($username, &$vdata) { + if (!validateUsername($username)) { + return '用户名不合法'; + } + + if (!queryUser($username)) { + return '用户不存在'; + } + + $vdata['username'] = $username; + + return ''; + }, + null + ); + $change_password_form->addVInput('p_password', 'password', '密码', '', + function ($password, &$vdata) { + $vdata['password'] = $password; + + return ''; + }, + 'validatePassword' + ); + $change_password_form->handle = function(&$vdata) { + $esc_username = DB::escape($vdata['username']); + $password = hash_hmac('md5', $vdata['password'], getPasswordClientSalt()); + $esc_password = DB::escape(getPasswordToStore($password, $vdata['username'])); + + DB::query("update user_info set password = '$esc_password' where username = '$esc_username'"); + + header('Content-Type: application/json'); + die(json_encode(['status' => 'success', 'message' => '用户 ' . $vdata['username'] . ' 的密码已经被成功重置。'])); + }; + $change_password_form->submit_button_config['margin_class'] = 'mt-3'; + $change_password_form->submit_button_config['text'] = '重置'; + $change_password_form->setAjaxSubmit(<<runAtServer(); + + $change_usergroup_form = new UOJForm('change_usergroup'); + $change_usergroup_form->addVInput('username', 'text', '用户名', '', + function ($username, &$vdata) { + if (!validateUsername($username)) { + return '用户名不合法'; + } + + if (!queryUser($username)) { + return '用户不存在'; + } + + $vdata['username'] = $username; + + return ''; + }, + null + ); + $change_usergroup_form->addVSelect('op_type', [ + 'banneduser' => '设为封禁用户', + 'normaluser' => '设为普通用户', + 'superuser' => '设为超级用户', + ], '操作类型', ''); + $change_usergroup_form->handle = function($vdata) { + $username = $vdata['username']; + $usergroup = ''; + + switch ($_POST['op_type']) { + case 'banneduser': + DB::update("update user_info set usergroup = 'B', usertype = 'banned' where username = '{$username}'"); + $usergroup = '被封禁的用户'; + break; + case 'normaluser': + DB::update("update user_info set usergroup = 'U', usertype = 'student' where username = '{$username}'"); + $usergroup = '普通用户'; + break; + case 'superuser': + DB::update("update user_info set usergroup = 'S', usertype = 'student' where username = '{$username}'"); + $usergroup = '超级用户'; + break; + } + + header('Content-Type: application/json'); + die(json_encode(['status' => 'success', 'message' => '用户 ' . $username . ' 现在是 ' . $usergroup . '。'])); + }; + $change_usergroup_form->setAjaxSubmit(<<runAtServer(); } ?> @@ -257,7 +488,7 @@
-
+