Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20 System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64 User : apache ( 48) PHP Version : 7.4.20 Disable Function : NONE Directory : /var/www/html/thietkewebvumi.com/admin_new/mod/ |
<?php
class user{
function user (){
global $CORE;
$arr_mid = array();
switch($CORE->input['code']){
case 'group' : $this->group(); break;
case 'add' : $this->userPost(0); break;
case 'edit' : $this->userPost(1); break;
case 'post' : $this->userDoPost(); break;
case 'del' : $this->userDel($arr_mid); break;
case 'resetpass' : $this->goResetPass(); break;
case 'card' : $this->goCard(); break;
case 'delcard' : $this->goDelCard(); break;
case 'point' : $this->goPoint(); break;
case 'delpoint' : $this->goDelPoint(); break;
case 'changepass' : $this->goChangePass(); break;
default: $this->userList(); break;
}
}
function goChangePass(){
global $CORE, $DB, $print, $smarty;
$smarty->assign('section','changepass');
$row_check = $DB->fetch_row($DB->query("SELECT * FROM NNCCMS_user WHERE id='".$CORE->admin_user['id']."'"));
$smarty->assign('user',$row_check);
$smarty->assign('error',$CORE->input['error']);
if($CORE->input['submitbt']){
$old_password=$CORE->input['old_password'];
$check_old_pass = md5(md5($old_password));
$id = $CORE->admin_user['id'];
$row_check = $DB->fetch_row($DB->query("SELECT * FROM NNCCMS_user WHERE id='$id' AND (password = '$check_old_pass' or password = '$old_password') "));
if(!$row_check){
$print->refresh('index.php?act=user&code=changepass&error=old_pass');
}
$new_password = $CORE->input['new_password'];
$re_new_password = $CORE->input['re_new_password'];
if($new_password!=$re_new_password){
$print->refresh('index.php?act=user&code=changepass&error=re_new_pass');
}
$pass = md5(md5($re_new_password));
$DB->query("UPDATE NNCCMS_user SET password = '$pass' WHERE id='$id'");
$print->refresh('index.php?act=user&code=changepass&error=none');
}
}
function goDelPoint(){
global $CORE, $DB, $print;
if($CORE->admin_user['ug_id']!=4) return;
$id = intval($CORE->input['id']);
$user_id = intval($CORE->input['uid']);
if($id>0){
$DB->query("DELETE FROM NNCCMS_user_diem_history WHERE id='$id'");
}
$print->refresh('index.php?act=user&code=point&id='.$user_id);
}
function goPoint(){
global $CORE, $DB, $print, $smarty;
if($CORE->admin_user['ug_id']<3) return;
$smarty->assign('section','point');
$id = intval($CORE->input['id']);
$smarty->assign('user_id',$id);
$q_his = $DB->query("SELECT * FROM NNCCMS_user_diem_history WHERE user_id='$id'");
while($r_his = $DB->fetch_row($q_his)){
$row_card = $DB->fetch_row($DB->query("SELECT * FROM NNCCMS_card WHERE id='".$r_his['card_id']."'"));
$diem_goc = $r_his['diem_goc'];
$r_his['card_name'] = $row_card['title'];
$r_his['time'] = date('d/m/Y',$r_his['time']);
$list[] = $r_his;
}
$smarty->assign('lists',$list);
$row_sum = $DB->fetch_row($DB->query("SELECT sum(diem_tru) as total_diem_tru, sum(diem_cong) as total_diem_cong FROM NNCCMS_user_diem_history WHERE user_id='$id'"));
$smarty->assign('total_diem',$row_sum);
$diem_con_lai = $diem_goc+$row_sum['total_diem_cong']-$row_sum['total_diem_tru'];
$smarty->assign('diem_con_lai',$diem_con_lai);
$row_check = $DB->fetch_row($DB->query("SELECT name FROM NNCCMS_user WHERE id='$id'"));
$smarty->assign('username',$row_check['name']);
if($CORE->input['submitbt_diem']){
$user_id = $CORE->input['user_id'];
$card_id = $CORE->input['card_id'];
$diem_goc = trim($CORE->input['diem_goc']);
$diem_cong = intval(trim($CORE->input['diem_cong']));
$diem_tru = intval(trim($CORE->input['diem_tru']));
$thoi_gian_tru = trim($CORE->input['thoi_gian_tru']);
$ly_do_tru = trim($CORE->input['ly_do_tru']);
/*if($diem_cong=='' and $diem_tru==''){
$print->page_error('Xin nháºp số tiá»n thanh toán và ngà y thanh toán!','index.php?act=user&code=point&id='.$user_id);
}*/
$DB->query("INSERT INTO `NNCCMS_user_diem_history` (`card_id`, `user_id`, `user_post`, `diem_goc`, `diem_cong`, `diem_tru`, `thoi_gian_tru`, `ly_do_tru`, `time`) VALUES ('$card_id', '$user_id', '".$CORE->admin_user['id']."', '$diem_goc', '$diem_cong', '$diem_tru', '$thoi_gian_tru', '$ly_do_tru', '".time()."');");
$print->refresh('index.php?act=user&code=point&id='.$user_id);
}
}
function goDelCard(){
global $CORE, $DB, $print;
if($CORE->admin_user['ug_id']!=4) return;
$id = intval($CORE->input['id']);
$user_id = intval($CORE->input['uid']);
if($id>0){
$DB->query("DELETE FROM NNCCMS_user_card_history WHERE id='$id'");
}
$print->refresh('index.php?act=user&code=card&id='.$user_id);
}
function goCard(){
global $CORE, $DB, $print, $smarty;
if($CORE->admin_user['ug_id']<3) return;
$smarty->assign('section','card');
$id = intval($CORE->input['id']);
$smarty->assign('user_id',$id);
$q_his = $DB->query("SELECT * FROM NNCCMS_user_card_history WHERE user_id='$id'");
while($r_his = $DB->fetch_row($q_his)){
$so_tien = $r_his['so_tien'];
$row_card = $DB->fetch_row($DB->query("SELECT * FROM NNCCMS_card WHERE id='".$r_his['card_id']."'"));
$r_his['card_name'] = $row_card['title'];
$r_his['time'] = date('d/m/Y',$r_his['time']);
$list[] = $r_his;
}
$smarty->assign('lists',$list);
$row_sum = $DB->fetch_row($DB->query("SELECT sum(so_tien_da_thanh_toan) as total_so_tien FROM NNCCMS_user_card_history WHERE user_id='$id' AND status=1"));
$smarty->assign('total_so_tien',$row_sum['total_so_tien']);
$row_check = $DB->fetch_row($DB->query("SELECT * FROM NNCCMS_user WHERE id='$id'"));
$smarty->assign('username',$row_check);
$so_tien_chua_thanh_toan = $row_check['tien_phai_thanh_toan'] - $row_sum['total_so_tien'] - ($row_check['tien_phai_thanh_toan']*$row_check['phan_tram_coc']/100) - $row_check['tien_thanh_toan_lan_1'];
$smarty->assign('so_tien_chua_thanh_toan',$so_tien_chua_thanh_toan);
if($CORE->input['submitbt_thanh_toan']){
$user_id = $CORE->input['user_id'];
$card_id = $CORE->input['card_id'];
$tien_id = $CORE->input['tien_id'];
if(!empty($tien_id)){
$DB->query("UPDATE NNCCMS_user_card_history SET status='0' WHERE user_id='$user_id'");
foreach($tien_id as $val){
$DB->query("UPDATE NNCCMS_user_card_history SET status='1' , user_post = '".$CORE->admin_user['id']."' WHERE id='$val'");
}
}
/*$DB->query("INSERT INTO `NNCCMS_user_card_history` ( `card_id`, `user_id`,`user_post`, `so_tien`, `so_tien_da_thanh_toan`, `ngay_thanh_toan`, `time`) VALUES ( '$card_id', '$user_id','".$CORE->admin_user['id']."', '$so_tien', '$so_tien_da_thanh_toan', '$ngay_thanh_toan', '".time()."');");*/
$print->refresh('index.php?act=user&code=card&id='.$user_id);
}
}
function goResetPass(){
global $CORE, $DB, $func, $print;
if($CORE->admin_user['ug_id']!=4) return;
$id = intval($CORE->input['id']);
$password = $func->make_password();
$row_check = $DB->fetch_row($DB->query("SELECT * FROM NNCCMS_user WHERE id='$id'"));
if($row_check['ug_id']==4){
exit('Không thể reset máºt khẩu user quản trị!');
}
$DB->query("UPDATE NNCCMS_user SET password='$password', active_user=0 WHERE id='$id'");
$print->refresh('index.php?act=user&code=post&id='.$id);
}
function group(){
global $CORE, $DB, $TBS, $func, $print;
$TBS->LoadTemplate(ADMIN_PATH."skin/user_group.html");
$id = intval($CORE->input['id']);
// Show group list onload
$query = $DB->query("SELECT g_id, g_supmod, g_access_cp, g_title FROM NNCCMS_groups order by g_id ASC;");
while ($row = $DB->fetch_row ($query)){
($row['g_supmod']==1) ? $row['g_supmod']="Yes" : $row['g_supmod']="No";
($row['g_access_cp']==1) ? $row['g_access_cp']="Yes" : $row['g_access_cp']="No";
$group[] = $row;
}
$TBS->MergeBlock('group',$group);
// Show edit form when id select a group
if(!$CORE->input['do']){
$query = $DB->query("SELECT * FROM NNCCMS_groups WHERE g_id='".$id."'");
if ($row=$DB->fetch_row ($query)){
$row['g_post_news'] = $func->yes_no($row['g_post_news'],'g_post_news');
$row['g_edit'] = $func->yes_no($row['g_edit'],'g_edit');
$row['g_del'] = $func->yes_no($row['g_del'],'g_del');
$row['g_supmod'] = $func->yes_no($row['g_supmod'],'g_supmod');
$row['g_access_cp'] = $func->yes_no($row['g_access_cp'],'g_access_cp');
$row['g_html'] = $func->yes_no($row['g_html'],'g_html');
$row['show'] = 1;
$groupedit[] = $row;
$TBS->MergeBlock('gedit',$groupedit);
}
$TBS->Show(TBS_OUTPUT+TBS_NOTHING);
// do update group when submit pressed
}else{
$t=$DB->compile_query ("conf_key,conf_value","NNCCMS_settings","WHERE conf_group='index'",'');
$g_title= $CORE->input['g_title'];
$g_post_news= intval($CORE->input['g_post_news']);
$g_edit= intval($CORE->input['g_edit']);
$g_del= intval($CORE->input['g_del']);
$g_html= intval($CORE->input['g_html']);
$g_supmod= intval($CORE->input['g_supmod']);
$g_access_cp= intval($CORE->input['g_access_cp']);
$g_flood_time= intval($CORE->input['g_flood_time']);
$DB->query("update NNCCMS_groups set g_post_news='$g_post_news',
g_post_news='$g_post_news',
g_edit='$g_edit',
g_del='$g_del',
g_html='$g_html',
g_supmod='$g_supmod',
g_access_cp='$g_access_cp',
g_title='$g_title',
g_flood_time='$g_flood_time'
WHERE g_id=$id");
$url = $CORE->admin_url."&act=user&code=group";
$text = "Setting Edited";
$print->redirect ($text,$url);
}
}
function userList(){
global $CORE, $DB, $smarty, $print;
$smarty->assign('module_name','Quản lý users');
$smarty->assign('title','Users');
$smarty->assign('status',$CORE->input['status']);
$smarty->assign('section','list');
$where = "WHERE name<>''";
$_SESSION['type'] = $CORE->input['type'];
$_SESSION['fstatus'] = $CORE->input['fstatus'];
$_SESSION['fkeyword'] = $CORE->input['fkeyword'];
if($_SESSION['fkeyword']!='')
{
$where .= " AND (name LIKE '%".$CORE->input['fkeyword']."%' OR email LIKE '%".$CORE->input['fkeyword']."%' or namecard LIKE '%".$CORE->input['fkeyword']."%' or codecard LIKE '%".$CORE->input['fkeyword']."%' ) ";
$nsearch = 1;
}
if($CORE->input['fstatus']==1){
$where .= " AND `type`='guest' ";
}
$smarty->assign('nsearch',$nsearch);
if($CORE->input['nosearch']){ unset( $_SESSION['fcat'],$_SESSION['fstatus'],$_SESSION['fkeyword']);}
// Filtering End --------------------------------------------------------
// Sorting Begin -----------------------------------------------------
if($CORE->input['sortby']) $_SESSION['prod_dirby'] = ($_SESSION['prod_dirby']==1) ? 0 : 1;
$dbsort = ($CORE->input['sortby']) ? $CORE->input['sortby'] : $_SESSION['prod_sortby'];
$_SESSION['prod_sortby'] = $dbsort;
// Sorting End --------------------------------------------------------
$pageNum = ($_GET['pageNum']>0) ? intval($_GET['pageNum']) : 1;
$pageSize = 20;
$from = (($pageNum * $pageSize) - $pageSize);
//$t = $DB->query("SELECT a.id FROM NNCCMS_video");
$t = $DB->fetch_row($DB->query("SELECT count(*) as total FROM NNCCMS_user ".$where));
$total = $t['total'];
$totalPage = ceil($total / $pageSize);
// Pagination2 DB
$query = $DB->query("SELECT * FROM NNCCMS_user ".$where." ORDER BY joined DESC LIMIT $from, $pageSize");
//echo "SELECT * FROM NNCCMS_video ".$where." ".$sortby." LIMIT $from, $pageSize";
$c = 0;
while($row = $DB->fetch_row($query))
{
$c++;
$row['no'] = $c;
//$data['time'] = date('D, d/m/Y: A',$data['time']);
$row['joined'] = date('d-m-Y',$row['joined']);
$arr[] = $row;
}
if(is_null($arr)) $arr[] = array();
$smarty->assign('list',$arr);
$nav = $print->Pagination($totalPage,$pageNum,'user','index.php?act=user&fkeyword='.$CORE->input['fkeyword']);
$smarty->assign('nav',$nav);
//del multi video
$arr_mid = $CORE->input['mid_for_del'];
if(!empty($arr_mid)){
$this->userDel($arr_mid);
}
}
function userDoPost(){
global $CORE, $DB, $smarty, $print, $func;
$smarty->assign('module_name','Quản lý users');
$smarty->assign('title','Users');
$smarty->assign('status',$CORE->input['status']);
$smarty->assign('section','post');
if($_SESSION['error']) unset($CORE->input['bsubmit']);
// Show post -----------------------------------------------------------------------
if(!$CORE->input['bsubmit']){
$id = intval($CORE->input['id']);
if($CORE->input['type']!='add'){
$id = $id>0 ? $id:$CORE->admin_user['id'];
}
if ($_SESSION['error']) $prevError = $_SESSION['error']; unset($_SESSION['error']);
if ($_SESSION['state']) $prevState = $_SESSION['state']; unset($_SESSION['state']);
if($prevState!=NULL){
$data = $prevState;
}else{
if($id==0){
$data['status'] = 1;
}else{
$query = $DB->query(
"SELECT * FROM NNCCMS_user WHERE id='".$id."'");
$data = $DB->fetch_row($query);
}
}
$query_cid = $DB->query("SELECT * FROM NNCCMS_groups ORDER BY `g_id`");
$data['ug_id_txt'] = '';
while($row_cid= $DB->fetch_row($query_cid)){
if($data['ug_id'] == $row_cid['g_id']){
$data['ug_id_txt'] .= '<option value="'.$row_cid['g_id'].'" selected>'.$row_cid['g_title'].'</option>';
}else{
$data['ug_id_txt'] .= '<option value="'.$row_cid['g_id'].'">'.$row_cid['g_title'].'</option>';
}
}
$q_card = $DB->query("SELECT * FROM NNCCMS_card WHERE status=1 ORDER BY diem DESC");
while($r_card = $DB->fetch_row($q_card)){
$list_cards[] = $r_card;
}
$smarty->assign('list_cards',$list_cards);
// End u4 list ----------------------------------------------
$error[] = $prevError;
$post[] = $data;
$smarty->assign('error',$error);
$smarty->assign('post',$data);
// Do post -------------------------------------------
}else{
$id = intval($CORE->input['id']);
$name = $CORE->input['name'];
$password = $func->make_password();
$email = $CORE->input['email'];
$ug_id = $CORE->input['ug_id'];
if($CORE->admin_user['ug_id']==3){
if($ug_id>3){
$ug_id =3;
}
}
$namecard = trim($CORE->input['namecard']);
$nameph = trim($CORE->input['nameph']);
$codecard = trim($CORE->input['codecard']);
$loai_the = trim($CORE->input['loai_the']);
$ngay_gia_nhap = trim($CORE->input['ngay_gia_nhap']);
$diem = trim($CORE->input['diem']);
$menh_gia_the = trim($CORE->input['menh_gia_the']);
$tien_phai_thanh_toan = $CORE->input['tien_phai_thanh_toan'];
$phan_tram_coc = $CORE->input['phan_tram_coc'];
$tien_thanh_toan_lan_1 = $CORE->input['tien_thanh_toan_lan_1'];
$ngay_thanh_toan_lan_1 = $CORE->input['ngay_thanh_toan_lan_1'];
$so_ky_thanh_toan = trim(intval($CORE->input['so_ky_thanh_toan']));
$thoi_han_thanh_toan = $CORE->input['thoi_han_thanh_toan'];
$tu_van_vien = $CORE->input['tu_van_vien'];
$birthday = trim($CORE->input['birthday']);
// -------------- check -------------------------
if($name=='') exit('Xin nháºp username');
/*if($loai_the>0){
$row_the = $DB->fetch_row($DB->query("SELECT * FROM NNCCMS_card WHERE id='$loai_the'"));
$exrate = $CORE->vars['exrate'];
$tien_nap = $row_the['gia']*$exrate;
$diem = $row_the['diem'];
}*/
if($id==0){
$row_check = $DB->fetch_row($DB->query("SELECT count(*) as total FROM NNCCMS_user WHERE name='$name'"));
if($row_check['total']>=1){
exit('Tên đăng nháºp đã tồn tại, xin chá»n tên khác!');
}
//$e_password=md5(md5($password));
$DB->query("INSERT INTO `NNCCMS_user` ( `name`,`birthday`, `ug_id`, `password`, `email`, `joined`, `ip_address` ) VALUES ( '$name',
'$birthday', '$ug_id', '$password', '$email', '".time()."', '".$CORE->ip."');");
$insert_id = mysql_insert_id();
//insert history
return $print->refresh("index.php?act=user&status=add_success");
// Do Edit -----------------
}else{
$DB->query("UPDATE `NNCCMS_user` SET name='$name',ug_id = '$ug_id',`email`='$email'
WHERE `id`='$id'");
/*if(!empty($password)){
$e_password=md5(md5($password));
$DB->query("UPDATE `NNCCMS_user` SET password='$e_password' WHERE `id`='$id'");
}*/
return $print->refresh("index.php?act=user&code=post&status=edit_success&id=".$id);
}
}
}
function userDel($arr_mid){
global $CORE, $DB, $print;
if($CORE->admin_user['ug_id']!=4) exit('Chỉ có admin má»›i có quyá»n xóa bà i!...');
if(empty($arr_mid)){
$id = intval($CORE->input['id']);
$DB->query("DELETE FROM NNCCMS_user WHERE id='".$id."'");
$print->refresh("index.php?act=user&status=del_success");
exit();
}else{
foreach($arr_mid as $val){
if($val>0){
$DB->query("DELETE FROM NNCCMS_user WHERE id='".$val."'");
}
}
}
$print->refresh("index.php?act=user&status=del_success");
}
}
$run = new user();
?>