ＰＨＰ后台管理类（修改中）

<?
class Admin{//begin class
 var $action="";
 var $table="";
 var $pk_val=0;
 var $pk_name="id";
 var $select_sql;
 
 var $array_add=array();
 var $array_update=array();
 var $array_query=array();
 var $array_oder_by=array();
 var $array_tpl=array();
 var $array_valid=array();
 
 var $caption="";
 var $html_header='';
 var $html_query='';
 var $html_cmd='';

 var $POST;
 var $ME;
 
function int_pk_val(){
 global $_GET,$_POST;
 if($this->pk_val)return;

 if(!empty($_GET['edit_id'])){
  $this->pk_val=$_GET['edit_id'];
  return;
 }

 if(!empty($_POST['id'])){
  $this->pk_val=$_POST['id'];
  return;
 }
}

function Admin($action,$table,$select_sql){
 global $_POST,$ME;
 /*foreach($_POST as $key=>$val){
  $_POST[$key]=trim(nvl($val));
 }*/
 $this->POST=$_POST;
 $this->ME=$ME;
 $this->action=$action;
 $this->table=$table;
 $this->select_sql=$select_sql;

 $this->int_pk_val();
}

function execute(){
 if(empty($this->action)) $this->display();
 else{
  $action=$this->action;
  $this->$action();
 }
}

function display(){
 /*显示数据*/
 global $CFG,$_POST,$ME;

 $where=$this->get_where($this->select_sql);
 $this->select_sql.=$where;

 $p=new SXPaging($this->select_sql,nvl($_POST['RequirePage']),nvl($_POST['PageSize']));
 if($this->html_cmd)
  $html_cmd="<INPUT TYPE=hidden NAME=CMD>".$this->html_cmd;
 else
  $html_cmd="|<INPUT TYPE=hidden NAME=CMD>
  <INPUT TYPE=button VALUE=添加 onclick=this.form.CMD.value='add';this.form.submit();>
  <INPUT TYPE=button VALUE=删除 onclick=this.form.CMD.value='del';this.form.submit();>";

 include("$CFG->dirtpl/admin/header.html");
 echo("<Form method=post action=$ME>");
 $str=$p->GetPrint('№',$this->caption,0);

 if($str)
  $str.=$html_cmd.$this->html_query;
 else{
  $str=$this->display_no_data($where);
 }
 echo("$str");
 echo $this->get_query_state();
 echo("</Form>");

 include("$CFG->dirtpl/admin/footer.html");
}

function add($errormsg=''){
 global $CFG,$_POST,$ME;
 $CMD='insert';
 $form=(empty($this->array_tpl['form_add']))?$this->array_tpl['form']:$this->array_tpl['form_add'];
 include($this->array_tpl['header']);
 include($this->array_tpl['form_header']);
 include($form);
 include($this->array_tpl['footer']);
}

function insert(){
 /*插入数据*/
 global $CFG,$_POST,$ME,$DOC_TITLE;
 $sql_add=$this->get_add_sql();
 
 $errormsg=$this->valid();
 if(empty($errormsg)){
  $qid=db_query($sql_add);
  $pk_val=db_insert_id($pk_val);
  set_logs($this->caption,LOG_TYPE_INSERT,$this->table,$pk_val);
  $this->go_to_me();
  return;
 }

 $this->add($errormsg);
}

function check_operator($table,$pk_val){
 $operator=$_SESSION['SESSION']['user']['id'];
 $sql="select 1 from $table where $this->pk_name=$pk_val and operator=$operator";
 $qid=db_query($sql);
 return db_fetch_array($qid);
}

function edit($errormsg=''){
 global $CFG,$_POST,$ME,$_GET,$DOC_TITLE;
 
 if(empty($this->pk_val))die("编辑ID没有,是程序错了");

 $CMD="update";

 $sql="select * from $this->table where $this->pk_name=$this->pk_val";
 $qid=db_query($sql);
 $_POST=db_fetch_array($qid);
 
 if(empty($_POSt['id']))$_POSt['id']=$this->pk_val;
 
 $form=empty($this->array_tpl['form_update'])?$this->array_tpl['form']:$this->array_tpl['form_update'];
 include($this->array_tpl['header']);
 include($this->array_tpl['form_header']);
 include($form);
 include($this->array_tpl['footer']);
}

function update(){
 /*修改*/
 global $CFG,$_POST,$ME;
 $sql=$this->get_update_sql();
 
 $errormsg=$this->valid();
 if(empty($errormsg)){
  if(!$this->check_operator($this->table,$this->pk_val)){
   $errormsg.="<li>不是你添加的数据，你没权修改！";
  }
 }
 if(!empty($errormsg)){
  $this->edit($errormsg);die();
 }
 db_query($sql);

 set_logs($this->caption,LOG_TYPE_UPDATE,$this->table,$this->pk_val);
 $this->go_to_me();
}

function del($ctl_name='',$table='',$real_do=0){
 /*删除*/
 global $_POST,$_SESSION;
 $operator=$_SESSION['SESSION']['user']['id'];
 if(!$ctl_name)$ctl_name='del_id';
 if($table)$this->table=$table;
 if(!empty($_POST[$ctl_name])){
  //$in=implode(',',$_POST[$ctl_name]);
  /*$sql='';
  if($real_do){
   $sql="delete from $this->table where $this->pk_name in ($in)";
  }else{
   $sql="update $this->table set isdeleted=$operator where  $this->pk_name in ($in)";
  }
  
  db_query($sql);*/
  $can_delete_rows="";
  foreach($_POST[$ctl_name] as $pk_val){
   if($this->check_operator($this->table,$pk_val)){
    $sql="delete from $this->table where $this->pk_name = $pk_val";
    db_query($sql);
    set_logs($this->caption,LOG_TYPE_DELETE,$this->table,$pk_val);
   }else{
    $can_delete_rows.="$pk_val,";
   }
  }
 }
 if($can_delete_rows)$can_delete_rows="主键为 $can_delete_rows 的数据非您添加，您不能删除!";
 $this->go_to_me($can_delete_rows);
}

function _print(){}
function valid(){
 $error_msg="";
 $error_msg.=$this->valid_array_valid();
 return $error_msg;
}

function valid_array_valid(){
  /*验证数据有效性*/
 global $_POST;
 $error_msg="";
 $str='';
 $count=count($this->array_valid);
 for($i=0;$i<$count;$i++){

  $item=$this->array_valid[$i];

  switch($item['valid']){
   case 'numeric':
    if(!is_numeric($this->POST[$item['field']]))$error_msg.="<li>$item[chinese]不是数字";
    break;
   default:
    if(empty($this->POST[$item['field']]))$error_msg.="<li>$item[chinese]不可为空";
    break;
  }

 }
 if(!empty($error_msg))$error_msg."<br>请您仔细检查.";
 return $error_msg;
}

function get_where($sql=''){
 global $_POST;
 $where='';
 foreach ($this->array_query as $val){
  if(!empty($_POST[$val])) $where.=" and ".substr($val,2) ." like '%$_POST[$val]%'";
 }
 
 $where.=" and $this->table.isdeleted!=1";

 if(eregi('where',$sql)) return $where;

 return " where ".substr($where,4);
}

function get_order_by(){return '';}

function get_add_sql(){
 global $_POST,$_SESSION;
 $fields=implode(",",$this->array_add);
 $values="";
 $operator=$_SESSION['SESSION']['user']['id'];
 foreach($this->array_add as $val){
  $val=trim($val);
  $values.="'$_POST[$val]',";
 }

 $values=substr($values,0,strlen($values)-1);

 $sql="insert into $this->table (operator,$fields) values($operator,$values)";
 return $sql;
}

function get_update_sql(){
 global $_POST;
 $this->array_update=empty($this->array_update)?$this->array_add:$this->array_update;
 $sql="update $this->table set ";

 foreach($this->array_update as $val){
  $val=trim($val);
  $sql.=" $val='$_POST[$val]',";
 }
 
 $sql=substr($sql,0,strlen($sql)-1);
 $pk=$this->pk_name;
 $sql.=" where $pk='$_POST[$pk]'";
 return $sql;
}

function set_select_sql($val){$this->select_sql=$val;}
function set_array_add($val){$this->array_add=$val;}
function set_array_update($val){$this->array_update=$val;}
function set_array_query($val){$this->array_query=$val;}
function set_array_valid($val){$this->array_valid=$val;}

function set_oder_by($val){$this->array_oder_by=$val;}
function set_caption($val){$this->caption=$val;}
function set_pk_val($val){if(!empty($val))$this->pk_val=$val;}
function set_pk_name($val){if(!empty($val))$this->pk_name=$val;}

function set_html_query($val){
 global $ME;
 $this->html_query=$val;
 $this->html_query.="<INPUT TYPE=button VALUE='查询' onclick=this.form.submit();>
 <INPUT TYPE=button VALUE='重置' onclick=/"location='$ME'/">";
}
function set_html_cmd($val){$this->html_cmd=$val;}
function set_array_tpl($val){$this->array_tpl=$val;}

function get_query_state(){
 global $_POST;
 $js_state="<script language=javascript>try{";

 foreach($this->array_query as $val){
  if(strlen(nvl($_POST[$val])))$js_state.="document.all.$val.value='$_POST[$val]';/n";
 }
 $js_state.="}catch(e){}</script>";
 return $js_state;
}

function display_no_data($where){
 global $ME;
 if(!empty($where)){
  return "<input type=button value='本查询没有数据,请重新查询' onclick=/"location='$ME'/">";
 }else return "<input type=button value='没有数据,请添加数据'  onclick=/"location='$ME?CMD=add'/">";
}

function go_to_me($msg=''){
 global $ME;
 if(!empty($msg))$msg="alert('$msg');";
 echo "<script language=javascript>$msg;location='$ME';</script>";
 die();
}

}//end class

?>