1 | <?php |
---|
2 | /* |
---|
3 | * Copyright(c) 2000-2007 LOCKON CO.,LTD. All Rights Reserved. |
---|
4 | * |
---|
5 | * http://www.lockon.co.jp/ |
---|
6 | */ |
---|
7 | require_once("../require.php"); |
---|
8 | |
---|
9 | class LC_Page { |
---|
10 | var $arrErr; // ¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸½ÐÎÏÍÑ |
---|
11 | var $tpl_recv; // ÆþÎϾðÊóPOSTÀè |
---|
12 | var $tpl_onload; // ¥Ú¡¼¥¸Æɤ߹þ¤ß»þ¤Î¥¤¥Ù¥ó¥È |
---|
13 | var $arrForm; // ¥Õ¥©¡¼¥à½ÐÎÏÍÑ |
---|
14 | var $tpl_mode; // ¿·µ¬ºîÀ®:new or ÊÔ½¸:edit |
---|
15 | var $tpl_member_id; // ÊÔ½¸»þ¤Ë»ÈÍѤ¹¤ë¡£ |
---|
16 | var $tpl_pageno; |
---|
17 | var $tpl_onfocus; // ¥Ñ¥¹¥ï¡¼¥É¹àÌÜÁªÂò»þ¤Î¥¤¥Ù¥ó¥ÈÍÑ |
---|
18 | var $tpl_old_login_id; |
---|
19 | function LC_Page() { |
---|
20 | $this->tpl_recv = 'input.php'; |
---|
21 | $this->tpl_pageno = $_REQUEST['pageno']; |
---|
22 | $this->SHORTTEXT_MAX = STEXT_LEN; |
---|
23 | $this->MIDDLETEXT_MAX = MTEXT_LEN; |
---|
24 | $this->LONGTEXT_MAX = LTEXT_LEN; |
---|
25 | global $arrAUTHORITY; |
---|
26 | $this->arrAUTHORITY = $arrAUTHORITY; |
---|
27 | } |
---|
28 | } |
---|
29 | |
---|
30 | $conn = new SC_DbConn(); |
---|
31 | $objPage = new LC_Page(); |
---|
32 | $objView = new SC_AdminView(); |
---|
33 | |
---|
34 | // ǧ¾Ú²ÄÈݤÎȽÄê |
---|
35 | $objSess = new SC_Session(); |
---|
36 | sfIsSuccess($objSess); |
---|
37 | |
---|
38 | // member_id¤¬»ØÄꤵ¤ì¤Æ¤¤¤¿¾ì¹ç¡¢ÊÔ½¸¥â¡¼¥É¤È¤¹¤ë¡£ |
---|
39 | if(sfIsInt($_GET['id'])) { |
---|
40 | $objPage->tpl_mode = 'edit'; |
---|
41 | $objPage->tpl_member_id = $_GET['id']; |
---|
42 | $objPage->tpl_onfocus = "fnClearText(this.name);"; |
---|
43 | // DB¤Î¥á¥ó¥Ð¡¼¾ðÊó¤òÆɤ߽Ф¹ |
---|
44 | $data_list = fnGetMember($conn, $_GET['id']); |
---|
45 | // ³ºÅö¥æ¡¼¥¶¤òɽ¼¨¤µ¤»¤ë |
---|
46 | $objPage->arrForm = $data_list[0]; |
---|
47 | // ¥À¥ß¡¼¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¥»¥Ã¥È¤·¤Æ¤ª¤¯¡£ |
---|
48 | $objPage->arrForm['password'] = DUMMY_PASS; |
---|
49 | // ¥í¥°¥¤¥óID¤òÊݴɤ·¤Æ¤ª¤¯¡£ |
---|
50 | $objPage->tpl_old_login_id = $data_list[0]['login_id']; |
---|
51 | } else { |
---|
52 | // ¿·µ¬ºîÀ®¥â¡¼¥É |
---|
53 | $objPage->tpl_mode = "new"; |
---|
54 | $objPage->arrForm['authority'] = -1; |
---|
55 | } |
---|
56 | |
---|
57 | // ¿·µ¬ºîÀ®¥â¡¼¥É or ÊÔ½¸¥â¡¼¥É |
---|
58 | if( $_POST['mode'] == 'new' || $_POST['mode'] == 'edit') { |
---|
59 | // ÆþÎÏ¥¨¥é¡¼¥Á¥§¥Ã¥¯ |
---|
60 | $objPage->arrErr = fnErrorCheck($conn); |
---|
61 | |
---|
62 | // ÆþÎϤ¬Àµ¾ï¤Ç¤¢¤Ã¤¿¾ì¹ç¤Ï¡¢DB¤Ë½ñ¤¹þ¤à |
---|
63 | if(count($objPage->arrErr) == 0) { |
---|
64 | if($_POST['mode'] == 'new') { |
---|
65 | // ¥á¥ó¥Ð¡¼¤ÎÄɲà |
---|
66 | fnInsertMember(); |
---|
67 | // ¥ê¥í¡¼¥É¤Ë¤è¤ëÆó½ÅÅÐÏ¿Âкö¤Î¤¿¤á¡¢Æ±¤¸¥Ú¡¼¥¸¤ËÈô¤Ð¤¹¡£ |
---|
68 | header("Location: ". $_SERVER['PHP_SELF'] . "?mode=reload"); |
---|
69 | exit; |
---|
70 | } |
---|
71 | if($_POST['mode'] == 'edit') { |
---|
72 | // ¥á¥ó¥Ð¡¼¤ÎÄɲà |
---|
73 | if(fnUpdateMember($_POST['member_id'])) { |
---|
74 | // ¿Æ¥¦¥£¥ó¥É¥¦¤ò¹¹¿·¸å¡¢¼«¥¦¥£¥ó¥É¥¦¤òÊĤ¸¤ë¡£ |
---|
75 | $url = URL_SYSTEM_TOP . "?pageno=".$_POST['pageno']; |
---|
76 | $objPage->tpl_onload="fnUpdateParent('".$url."'); window.close();"; |
---|
77 | } |
---|
78 | } |
---|
79 | // ÆþÎÏ¥¨¥é¡¼¤¬È¯À¸¤·¤¿¾ì¹ç |
---|
80 | } else { |
---|
81 | // ¥â¡¼¥É¤ÎÀßÄê |
---|
82 | $objPage->tpl_mode = $_POST['mode']; |
---|
83 | $objPage->tpl_member_id = $_POST['member_id']; |
---|
84 | $objPage->tpl_old_login_id = $_POST['old_login_id']; |
---|
85 | // ¤¹¤Ç¤ËÆþÎϤ·¤¿Ãͤòɽ¼¨¤¹¤ë¡£ |
---|
86 | $objPage->arrForm = $_POST; |
---|
87 | // Ä̾ïÆþÎϤΥѥ¹¥ï¡¼¥É¤Ï°ú¤·Ñ¤¬¤Ê¤¤¡£ |
---|
88 | if($objPage->arrForm['password'] != DUMMY_PASS) { |
---|
89 | $objPage->arrForm['password'] = ''; |
---|
90 | } |
---|
91 | } |
---|
92 | } |
---|
93 | |
---|
94 | // ¥ê¥í¡¼¥É¤Î»ØÄ꤬¤¢¤Ã¤¿¾ì¹ç |
---|
95 | if( $_GET['mode'] == 'reload') { |
---|
96 | // ¿Æ¥¦¥£¥ó¥É¥¦¤ò¹¹¿·¤¹¤ë¤è¤¦¤Ë¥»¥Ã¥È¤¹¤ë¡£ |
---|
97 | $url = URL_SYSTEM_TOP; |
---|
98 | $objPage->tpl_onload="fnUpdateParent('".$url."')"; |
---|
99 | } |
---|
100 | |
---|
101 | // ¥Æ¥ó¥×¥ì¡¼¥ÈÍÑÊÑ¿ô¤Î³ä¤êÅö¤Æ |
---|
102 | $objView->assignobj($objPage); |
---|
103 | $objView->display('system/input.tpl'); |
---|
104 | |
---|
105 | /* ÆþÎÏ¥¨¥é¡¼¤Î¥Á¥§¥Ã¥¯ */ |
---|
106 | function fnErrorCheck($conn) { |
---|
107 | |
---|
108 | $objErr = new SC_CheckError(); |
---|
109 | |
---|
110 | $_POST["name"] = mb_convert_kana($_POST["name"] ,"KV"); |
---|
111 | $_POST["department"] = mb_convert_kana($_POST["department"] ,"KV"); |
---|
112 | |
---|
113 | // ̾Á°¥Á¥§¥Ã¥¯ |
---|
114 | $objErr->doFunc(array("̾Á°",'name'), array("EXIST_CHECK")); |
---|
115 | $objErr->doFunc(array("̾Á°",'name',STEXT_LEN,"BIG"), array("MAX_LENGTH_CHECK")); |
---|
116 | |
---|
117 | // ÊÔ½¸¥â¡¼¥É¤Ç¤Ê¤¤¾ì¹ç¤Ï¡¢½ÅÊ£¥Á¥§¥Ã¥¯ |
---|
118 | if (!isset($objErr->arrErr['name']) && $_POST['mode'] != 'edit') { |
---|
119 | $sql = "SELECT name FROM dtb_member WHERE del_flg <> 1 AND name = ?"; |
---|
120 | $result = $conn->getOne($sql, array($_POST['name'])); |
---|
121 | if ( $result ) { |
---|
122 | $objErr->arrErr['name'] = "´û¤ËÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë̾Á°¤Ê¤Î¤ÇÍøÍѤǤ¤Þ¤»¤ó¡£<br>"; |
---|
123 | } |
---|
124 | } |
---|
125 | |
---|
126 | // ¥í¥°¥¤¥óID¥Á¥§¥Ã¥¯ |
---|
127 | $objErr->doFunc(array("¥í¥°¥¤¥óID",'login_id'), array("EXIST_CHECK", "ALNUM_CHECK")); |
---|
128 | $objErr->doFunc(array("¥í¥°¥¤¥óID",'login_id',ID_MIN_LEN , ID_MAX_LEN) ,array("NUM_RANGE_CHECK")); |
---|
129 | |
---|
130 | // ¿·µ¬¥â¡¼¥É¤â¤·¤¯¤Ï¡¢ÊÔ½¸¥â¡¼¥É¤Ç¥í¥°¥¤¥óID¤¬Êѹ¹¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¥Á¥§¥Ã¥¯¤¹¤ë¡£ |
---|
131 | if (!isset($objErr->arrErr['login_id']) && $_POST['mode'] != 'edit' || ($_POST['mode'] == 'edit' && $_POST['login_id'] != $_POST['old_login_id'])) { |
---|
132 | $sql = "SELECT login_id FROM dtb_member WHERE del_flg <> 1 AND login_id = ?"; |
---|
133 | $result = $conn->getOne($sql, array($_POST['login_id'])); |
---|
134 | if ( $result != "" ) { |
---|
135 | $objErr->arrErr['login_id'] = "´û¤ËÅÐÏ¿¤µ¤ì¤Æ¤¤¤ëID¤Ê¤Î¤ÇÍøÍѤǤ¤Þ¤»¤ó¡£<br>"; |
---|
136 | } |
---|
137 | } |
---|
138 | |
---|
139 | // ¥Ñ¥¹¥ï¡¼¥É¥Á¥§¥Ã¥¯(ÊÔ½¸¥â¡¼¥É¤ÇDUMMY_PASS¤¬ÆþÎϤµ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¥¹¥ë¡¼¤¹¤ë) |
---|
140 | if(!($_POST['mode'] == 'edit' && $_POST['password'] == DUMMY_PASS)) { |
---|
141 | $objErr->doFunc(array("¥Ñ¥¹¥ï¡¼¥É",'password'), array("EXIST_CHECK", "ALNUM_CHECK")); |
---|
142 | if (!$arrErr['password']) { |
---|
143 | // ¥Ñ¥¹¥ï¡¼¥É¤Î¥Á¥§¥Ã¥¯ |
---|
144 | $objErr->doFunc( array("¥Ñ¥¹¥ï¡¼¥É",'password',4 ,15 ) ,array( "NUM_RANGE_CHECK" ) ); |
---|
145 | } |
---|
146 | } |
---|
147 | |
---|
148 | // ¸¢¸Â¥Á¥§¥Ã¥¯ |
---|
149 | $objErr->doFunc(array("¸¢¸Â",'authority'),array("EXIST_CHECK")); |
---|
150 | return $objErr->arrErr; |
---|
151 | } |
---|
152 | |
---|
153 | /* DB¤Ø¤Î¥Ç¡¼¥¿ÁÞÆþ */ |
---|
154 | function fnInsertMember() { |
---|
155 | // ¥¯¥¨¥ê¡¼¥¯¥é¥¹¤ÎÀë¸À |
---|
156 | $oquery = new SC_Query(); |
---|
157 | // INSERT¤¹¤ëÃͤòºîÀ®¤¹¤ë¡£ |
---|
158 | $sqlval['name'] = $_POST['name']; |
---|
159 | $sqlval['department'] = $_POST['department']; |
---|
160 | $sqlval['login_id'] = $_POST['login_id']; |
---|
161 | $sqlval['password'] = sha1($_POST['password'] . ":" . AUTH_MAGIC); |
---|
162 | $sqlval['authority'] = $_POST['authority']; |
---|
163 | $sqlval['rank']= $oquery->max("dtb_member", "rank") + 1; |
---|
164 | $sqlval['work'] = "1"; // ²ÔƯ¤ËÀßÄê |
---|
165 | $sqlval['del_flg'] = "0"; // ºï½ü¥Õ¥é¥°¤òOFF¤ËÀßÄê |
---|
166 | $sqlval['creator_id'] = $_SESSION['member_id']; |
---|
167 | $sqlval['create_date'] = "now()"; |
---|
168 | $sqlval['update_date'] = "now()"; |
---|
169 | // INSERT¤Î¼Â¹Ô |
---|
170 | $ret = $oquery->insert("dtb_member", $sqlval); |
---|
171 | return $ret; |
---|
172 | } |
---|
173 | |
---|
174 | /* DB¤Ø¤Î¥Ç¡¼¥¿¹¹¿· */ |
---|
175 | function fnUpdateMember($id) { |
---|
176 | // ¥¯¥¨¥ê¡¼¥¯¥é¥¹¤ÎÀë¸À |
---|
177 | $oquery = new SC_Query(); |
---|
178 | // INSERT¤¹¤ëÃͤòºîÀ®¤¹¤ë¡£ |
---|
179 | $sqlval['name'] = $_POST['name']; |
---|
180 | $sqlval['department'] = $_POST['department']; |
---|
181 | $sqlval['login_id'] = $_POST['login_id']; |
---|
182 | if($_POST['password'] != DUMMY_PASS) { |
---|
183 | $sqlval['password'] = sha1($_POST['password'] . ":" . AUTH_MAGIC); |
---|
184 | } |
---|
185 | $sqlval['authority'] = $_POST['authority']; |
---|
186 | $sqlval['update_date'] = "now()"; |
---|
187 | // UPDATE¤Î¼Â¹Ô |
---|
188 | $where = "member_id = " . $id; |
---|
189 | $ret = $oquery->update("dtb_member", $sqlval, $where); |
---|
190 | return $ret; |
---|
191 | } |
---|
192 | |
---|
193 | /* DB¤«¤é¥Ç¡¼¥¿¤ÎÆɤ߹þ¤ß */ |
---|
194 | function fnGetMember($conn, $id) { |
---|
195 | $sqlse = "SELECT name,department,login_id,authority FROM dtb_member WHERE member_id = ?"; |
---|
196 | $ret = $conn->getAll($sqlse, Array($id)); |
---|
197 | return $ret; |
---|
198 | } |
---|
199 | ?> |
---|