系統維修中,請暫停使用系統!!!";
function current_page(){
$currentFile = $_SERVER["PHP_SELF"];
$parts = Explode('/', $currentFile);
return $parts[count($parts) - 1];
}
if(is_array($_REQUEST)){
while(list($datakey,$datavalue)=each($_REQUEST)){
if(is_array($datavalue))
{
$$datakey=$datavalue;
}else
{
$$datakey= urlencode($datavalue);
}
};
};
if(is_array($_POST)){
while(list($datakey,$datavalue)=each($_POST)){
if(is_array($datavalue))
{
$$datakey=$datavalue;
}else
{
$$datakey= urlencode($datavalue);
}
};
};
if(is_array($_GET)){
while(list($datakey,$datavalue)=each($_GET)){
if(is_array($datavalue))
{
$$datakey=$datavalue;
}else
{
$$datakey= urlencode($datavalue);
}
};
};
if($login){
if(login($userid,$passwd)){
$filename = substr( $_SERVER['SCRIPT_NAME'], 1 );
if ($filename!=""){$filename="?file=".$filename;};
header ("Location: $loginurl$filename");
};
}
else{
if($command=="logout"){ logout(); };
$query0 = "select userid,catalog from erp_session where sessionid='$sessionid';";
list($record,$result)=query( $query0 );
if ($record>0){
list(list($userid,$pcatalog,$ppoid))=$result;
if ($catalog==""){$catalog=$pcatalog;};
if ($poid==""){$poid=$ppoid;};
list($record,$data)=query("select level from erp_userinfo where userid='$userid'");
if($record>0){
list(,list($userlevel))=each($data);
} else {
logout();
};
} else {
$filename = substr( $_SERVER['SCRIPT_NAME'], 1 );
if ($filename!=""){$filename="?file=".$filename;};
if($filenname!="login.php"){header ("Location: $loginurl$filename"); ;exit();};
};
if ((!$catalog)or($catalog=="")){$catalog="accessories";};
query("update erp_session set lastlog=now(),ipaddr='$ip',catalog='$catalog' where sessionid='$sessionid'");
unset($catalog);
};
$query1 = "select `id` from `erp_userinfo` where 1 and `userid`='$userid';";
list($record1, $data1) = query( $query1 );
if ($record1 > 0){
list(, list($adminid)) = each($data1);
}
//========== Permission Setup ==========//
define ('TTG_PREFIX', '');
define ('TTG_ADMIN_TBL', TTG_PREFIX . 'erp_userinfo');
define ('TTG_LISTITEM_TBL', TTG_PREFIX . 'erp_listitem');
define ('TTG_GROUP_PERMISSION_TBL', TTG_PREFIX . 'group_permission');
define ('TTG_USER_GROUP_TBL', TTG_PREFIX . 'user_group');
define ('TTG_SYSTEM_ADMIN_GROUP_ID', 45);
function show_auth_permission(){
if (!preg_match("/invoice_pdf.php/i", current_page()) && !preg_match("/ajax.php/i", current_page()) && !preg_match("/json.php/i", current_page())){
echo "![](\"images/permission.png\")
";
}
}
function page_permission_check($admin_id){
$read = 0;
$write = 0;
$delete = 0;
$count_record = 0;
$record_of_num = 0;
$query1 = "select * from `".TTG_USER_GROUP_TBL."` where `idx`=0 and `admin_id`='$admin_id';";
list($record, $data) = query( $query1 );
$count_record = $record;
$query2 = "select
`".TTG_GROUP_PERMISSION_TBL."`.`read`,
`".TTG_GROUP_PERMISSION_TBL."`.`write`,
`".TTG_GROUP_PERMISSION_TBL."`.`delete`
from `".TTG_USER_GROUP_TBL."`
left join `".TTG_GROUP_PERMISSION_TBL."` on
`".TTG_GROUP_PERMISSION_TBL."`.`group_id`=`".TTG_USER_GROUP_TBL."`.`group_id`
where 1
and `".TTG_GROUP_PERMISSION_TBL."`.`idx`=0
and `".TTG_USER_GROUP_TBL."`.`idx`=0
and `".TTG_USER_GROUP_TBL."`.`admin_id`='$admin_id'
and `".TTG_GROUP_PERMISSION_TBL."`.`page`='".current_page()."';";
list($record, $data) = query( $query2 );
if ($record > 0){
foreach($data as $row){
list($row_read, $row_write, $row_delete)=$row;
if ($row_read==1 && $record_of_num==0){
$read = 1;
}
else if ($row_read==0 && $record_of_num!=0){
$read = 0;
}
if ($row_write==1 && $record_of_num==0){
$write = 1;
}
else if ($row_write==0 && $record_of_num!=0){
$write = 0;
}
if ($row_delete==1 && $record_of_num==0){
$delete = 1;
}
else if ($row_delete==0 && $record_of_num!=0){
$delete = 0;
}
$record_of_num++;
}
}
if ($record != $count_record){
$read = 0;
$write = 0;
$delete = 0;
}
$entries = array(
'0' => $read,
'1' => $write,
'2' => $delete);
return $entries;
}
$is_permission=page_permission_check($adminid);
$is_permission_read=$is_permission[0];
$is_permission_write=$is_permission[1];
$is_permission_delete=$is_permission[2];
if ($is_permission_read == 1){
die("對不起,您沒有 [閱讀] 權限。
請跟管理員聯絡。");
}
if ($is_permission_write == 1){
$is_write_disabled = "disabled='disabled'";
}
if ($is_permission_delete == 1){
$is_delete_disabled = "disabled='disabled'";
}
list($record, $data)=query("select `group_id` from `".TTG_USER_GROUP_TBL."` where 1 and `idx`=0 and `status`=0 and `admin_id`='$adminid';");
if ($record > 0){
foreach($data as $row){
list($admin_user_group_id)=$row;
}
}
if ($admin_user_group_id==TTG_SYSTEM_ADMIN_GROUP_ID){
echo show_auth_permission();
}
//===============================-==========//
if ($selected_language){
$lang_code = $selected_language;
}
if ($selected_language!=""){
$_SESSION['lang_code'] = $selected_language;
$lang_code=$_SESSION['lang_code'];
$selected_language=$_SESSION['lang_code'];
}
header("Pragma: no-cache");
?>