<?php
/*
*######################################
* PHPCMS v2.00 - Advanced Content Manage System.
* Copyright (c) 2004-2005 phpcms.cn
*
* For further information go to http://www.phpcms.cn/
* This copyright notice MUST stay intact for use.
*######################################
*/
defined('IN_PHPCMS') or exit('Access Denied');

$submenu = array
(
	array("審核新會員", "?mod=".$mod."&file=".$file."&action=check"),
	array("會員列表", "?mod=".$mod."&file=".$file."&action=manage"),
	array("添加會員", "?mod=".$mod."&file=".$file."&action=add"),
);

$menu = adminmenu("會員管理",$submenu);

$result=$db->query("select * from ".TABLE_USERGROUP." order by groupid desc");
if($db->num_rows($result)>0){
  while($group=$db->fetch_array($result)){
		$groups[$group['groupid']]=$group;
  }
}

$action=$action ? $action : 'manage';

switch($action){

case 'add':
    if($save)
	{
	    if(!is_username($username,2,30)) showmessage("用戶名不符合規范！請返回！");
        if(strlen($password)<4 || strlen($password)>20) showmessage("密碼不得少于4個字符超過20個字符！請返回！");
        if(!is_email($email)) showmessage("請輸入有效的E-mail地址！請返回！");
        if(empty($question) || strlen($question)>50) showmessage("請輸入密碼提示問題！請返回！");
        if(empty($answer) || strlen($answer)>50) showmessage("請輸入密碼提示問題答案！請返回！");
        $gender = $gender==1 ? 1 : 0;
        $showemail = $showemail==1 ? 1 : 0;
        $byear = intval($byear);
		$byear = $byear==19 ? '0000' : $byear;
		$bmonth=intval($bmonth);
		$bday=intval($bday);

		$birthday = $byear."-".$bmonth."-".$bday;
		if(!is_date($birthday)) $birthday = "0000-00-00";

        if($msn && !is_email($msn)) showmessage("請輸入有效的MSN地址！請返回！");
        if($qq && (!is_numeric($qq) || strlen($qq)>20 || strlen($qq)<5)){
              showmessage("請輸入正確的QQ號！請返回！");
        }
        if($postid && (!is_numeric($postid) || strlen($postid)!=6)){
              showmessage("請輸入正確的郵編！請返回！");
        }
        if(strlen($truename)>50 || strlen($telephone)>50 || strlen($address)>255 || strlen($homepage)>100){
              showmessage("真實姓名、電話、地址和主頁都不要太長！請返回！");
        }

	    if(user_exists($username)) message("對不起，".$username."已經被別人注冊了！","goback");

	    $question=dhtmlspecialchars($question);
	    $email=dhtmlspecialchars($email);
	    $msn=dhtmlspecialchars($msn);
	    $truename=dhtmlspecialchars($truename);
	    $telephone=dhtmlspecialchars($telephone);
	    $address=dhtmlspecialchars($address);
	    $homepage=dhtmlspecialchars($homepage);

		$password=md5($password);
		$answer=md5($answer);

		$r=$db->get_one("select * from ".TABLE_USERGROUP." where groupid=$groupid");
		@extract($r);

		$begindate = date("Y-m-d");
		$date->dayadd($defaultvalidday);
		$enddate = $defaultvalidday == -1 ? "0000-00-00" : $date->get_date();

        $db->query("insert into ".TABLE_MEMBER."(username,password,question,answer,email,groupid,chargetype,point,begindate,enddate,locked,regip,regtime) values('$username','$password','$question','$answer','$email','$groupid','$chargetype','$point','$begindate','$enddate','$locked','$ip','$timestamp')");
        if($db->affected_rows()>0){
			$userid = $db->insert_id();
            $db->query("insert into ".TABLE_MEMBERINFO."(userid,truename,gender,birthday,idtype,idcard,province,city,industry,edulevel,occupation,income,telephone,mobile,address,postid,homepage,qq,msn,icq,skype,alipay,paypal) values ('$userid','$truename','$gender','$birthday','$idtype','$idcard','$province','$city','$industry','$edulevel','$occupation','$income','$telephone','$mobile','$address','$postid','$homepage','$qq','$msn','$icq','$skype','$alipay','$paypal')");
            showmessage('操作成功！',$referer);
        }
		else
		{
            showmessage('操作失敗！請返回！');
        }
    }
	else
	{
		$begindate=date("Y-m-d",$timestamp);
		$groupid = showgroup('select','groupid','4');
		include admintpl('member_add');
    }
    break;

case 'edit':
    if($save){
		if(!is_email($email)) showmessage("請輸入有效的郵件地址！請返回！");
		$gender = $gender==1 ? 1 : 0;
		$showemail = $showemail==1 ? 1 : 0;
        $byear = intval($byear);
		$byear = $byear==19 ? 0000 : $byear;
		$bmonth=intval($bmonth);
		$bday=intval($bday);

		$birthday = $byear."-".$bmonth."-".$bday;
		if(!is_date($birthday)) $birthday = "0000-00-00";

		if(!empty($msn) && ( strlen($msn)>50 || !ereg("^[-a-zA-Z0-9_\.]+\@([0-9A-Za-z][0-9A-Za-z-]+\.)+[A-Za-z]{2,5}$",$msn) )){
		   showmessage("請輸入有效的MSN地址！請返回！");
		}
		if(!empty($qq) && (!is_numeric($qq) || strlen($qq)>20 || strlen($qq)<5)){
		   showmessage("請輸入正確的QQ號！請返回！");
		}
		if(!empty($postid) && (!is_numeric($postid) || strlen($postid)!=6)){
		   showmessage("請輸入正確的郵編！請返回！");
		}
		if(strlen($truename)>50 || strlen($telephone)>50 || strlen($address)>255 || strlen($homepage)>100){
		   showmessage("真實姓名、電話、地址和主頁都不要太長！請返回！");
		}
		$question=dhtmlspecialchars($question);
		$email=dhtmlspecialchars($email);
		$msn=dhtmlspecialchars($msn);
		$truename=dhtmlspecialchars($truename);
		$telephone=dhtmlspecialchars($telephone);
		$address=dhtmlspecialchars($address);
		$homepage=dhtmlspecialchars($homepage);

		$addquery = $password ? "password='".md5($password)."'," : "";
		$addquery .= $answer ? "answer='".md5($answer)."'," : "";
            
		$db->query("update ".TABLE_MEMBER." set $addquery email='$email',groupid='$groupid',question='$question',point='$point',chargetype='$chargetype',begindate='$begindate',enddate='$enddate',locked='$locked' where userid='$userid'");
  	    $db->query("update ".TABLE_MEMBERINFO." set truename='$truename',gender='$gender',birthday='$birthday',idtype='$idtype',idcard='$idcard',province='$province',city='$city',industry='$industry',edulevel='$edulevel',occupation='$occupation',income='$income',telephone='$telephone',mobile='$mobile',address='$address',postid='$postid',homepage='$homepage',qq='$qq',msn='$msn',icq='$icq',skype='$skype',alipay='$alipay',paypal='$paypal',userface='$userface',facewidth='$facewidth',faceheight='$faceheight',sign='$sign' where userid=$userid");
		showmessage('操作成功！',$PHP_REFERER);
      }
	  else
	  {
           $r=$db->get_one("select * from ".TABLE_MEMBER." m,".TABLE_MEMBERINFO." i where m.userid=i.userid AND m.userid=$userid");
           @extract($r);

           $birthday = explode("-",$birthday);

           $byear = $birthday[0];
		   $bmonth = $birthday[1];
		   $bday = $birthday[2];
		   $groupid = showgroup('select','groupid',$groupid);
           include admintpl('member_edit');
      }
      break;

case 'check':
      $page = intval($page)>0 ? $page : 1;
      $offset=($page-1)*$_PHPCMS['pagesize'];
	  $regdate = intval($regdate);
	  $fromtime = 0;
      if($regdate) 
	  {
		  $fromtime = $timestamp - 86400*$regdate;
	  }
      $condition = "";
	  $condition .= $username ? " and m.username='$username'" : "";
	  $condition .= $email ? " and m.email='$email'" : "";
	  $condition .= $truename ? " and i.truename='$truename'" : "";
	  $condition .= $province ? " and i.province='$province'" : "";
	  $condition .= $qq ? " and i.qq='$qq'" : "";
	  $condition .= $msn ? " and i.msn='$msn'" : "";
	  $condition .= $icq ? " and i.icq='$icq'" : "";
	  $condition .= $skype ? " and i.skype='$skype'" : "";
	  $condition .= $industry ? " and i.industry='$industry'" : "";
	  $condition .= $edulevel ? " and i.edulevel='$edulevel'" : "";
	  $condition .= $income ? " and i.income='$income'" : "";
	  $condition .= $occupation ? " and i.occupation='$occupation'" : "";
	  $condition .= $fromtime ? " and m.regtime>=$fromtime" : "";
	  $condition .= $city ? " and i.city like '%$city%'" : "";
	  $condition .= $homepage ? " and i.homepage like '%$homepage%'" : "";
	  $condition .= $address ? " and i.address like '%$address%'" : "";

      $r = $db->get_one("select count(*) as num from ".TABLE_MEMBER." m,".TABLE_MEMBERINFO." i where m.userid=i.userid and m.groupid=3 $condition");
      $number=$r["num"];
      $pages = phppages($number,$page,$_PHPCMS['pagesize']);

      $result=$db->query("SELECT m.*,i.truename,i.gender,i.province,i.city FROM ".TABLE_MEMBER." m,".TABLE_MEMBERINFO." i WHERE m.userid=i.userid and m.groupid=3 $condition order by m.userid desc limit $offset,$_PHPCMS[pagesize]");
      while($r=$db->fetch_array($result)){
            $r[regtime] = $r[regtime] ? date("Y-m-d H:i:s",$r[lastlogintime]) : '';
			$r[gender] = $r[gender]==1 ? "男" : "女";
            $members[]=$r;
      }
	  $groupids = showgroup("select","groupid",$groupid);
	  $result = $db->query("SELECT province FROM ".TABLE_PROVINCE." WHERE country='中華人民共和國' ORDER BY provinceid");
	  while($r = $db->fetch_array($result))
	  {
		  $provinces[] = $r['province'];
	  }
      include admintpl('member_check');
      break;

case 'manage':
      $page = intval($page)>0 ? $page : 1;
      $offset=($page-1)*$_PHPCMS['pagesize'];
      $frommoney = $frommoney ? intval($frommoney) : "";
      $tomoney = $tomoney ? intval($tomoney) : "";
	  $frompayment = $frompayment ? intval($frompayment) : "";
      $topayment = $topayment ? intval($topayment) : "";
      $frompoint = $frompoint ? intval($frompoint) : "";
      $topoint = $topoint ? intval($topoint) : "";
	  $fromcredit = $fromcredit ? intval($fromcredit) : "";
      $tocredit = $tocredit ? intval($tocredit) : "";

      $condition = "";
	  $condition .= $username ? " and m.username='$username'" : "";
	  $condition .= $groupid ? " and m.groupid='$groupid'" : "";