jtbc 默认情况下非超级管理员只要分配了“用户管理”权限,那么他就可以自己设置为自己为超级管理员。除非不给他分配“用户管理”权限,否则非超级管理员形同虚设。
如何即给非超级管理员分配“用户管理”权限,又使其只能管理自己的密码呢?具体修改步骤如下。
1、模板部分修改。后台 - > 模板管理,输入“编辑代号” admin/user.tpl.manage 提交。增加一节点,节点名为 yonghu ,节点内容如下:
<table border="0" width="100%" cellSpacing="0" cellPadding="0">
<tr>
<td width="100%" height="5"></td>
</tr>
<tr>
<td width="100%" align="center">
<table border="0" width="98%" cellSpacing="0" cellPadding="0">
<tr>
<td width="*" align="center" valign="top">
<table border="0" width="100%" cellSpacing="0" cellPadding="0">
<tr>
<td width="100%" height="5"></td>
</tr>
</table>
<table border="0" width="100%" cellSpacing="0" cellPadding="0" class="lrbtline">
<tr>
<td width="100%" height="25" class="tbtop">{$=itake('manage.useredit','lng')}</td>
</tr>
<tr>
<td width="100%" align="center">
<table border="0" width="98%" cellSpacing="0" cellPadding="0">
<tr>
<td width="100%" height="5"></td>
</tr>
</table>
<table border="0" width="98%" cellSpacing="0" cellPadding="0">
<form name="form" method="post" action="?action=yhedit&backurl={$=urlencode(nurl)}&id={$id}">
<tr>
<td width="80" height="25">{$=itake('global.lng_config.username','lng')}</td>
<td width="*"><input type="checkbox" name="sel_id" value="{$id}" style="display:none">{$username}</td>
</tr>
<tr>
<td height="25">{$=itake('global.lng_config.password','lng')}</td>
<td><input type="password" name="password" size="20"> {$=itake('manage.useredit_notice','lng')}</td>
</tr>
<tr>
<td height="25"></td>
<td><input type="submit" name="submit" value="{$=itake('global.lng_config.submit','lng')}" class="button"> <input type="reset" name="reset" value="{$=itake('global.lng_config.reset','lng')}" class="button"></td>
</tr>
</form>
</table>
<table border="0" width="98%" cellSpacing="0" cellPadding="0">
<tr>
<td width="100%" height="5"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="100%" height="5"></td>
</tr>
</table>
2、程序部分修改。修改 admin -> user -> common -> incfiles 文件夹下的 manage_config.asp 文件。
a、增加两个过程,一个用户列表、一个密码修改入库。内容如下:
Sub jtbc_cms_admin_manage_yonghu()
dim tname, tmpstr
tname = session(appname & "admin_username")
Set rs = server.CreateObject("adodb.recordset")
sqlstr = "select * from " & ndatabase & " where " & cfname("name") & "='" & tname & "'"
rs.open sqlstr, conn, 1, 1
If Not rs.EOF Then
tmpstr = itake("manage.yonghu", "tpl")
tmpstr = Replace(tmpstr, "{$id}", htmlencode(rs(nidfield)))
tmpstr = Replace(tmpstr, "{$username}", htmlencode(get_str(rs(cfname("name")))))
tmpstr = creplace(tmpstr)
response.write tmpstr
Else
response.redirect "admin_main.asp"
End If
rs.Close
Set rs = Nothing
End Sub
Sub jtbc_cms_admin_yonghudisp()
Dim tbackurl, tid
tbackurl = get_safecode(request.querystring("backurl"))
tid = get_num(request.querystring("id"), 0)
Set rs = server.CreateObject("adodb.recordset")
sqlstr = "select * from " & ndatabase & " where " & nidfield & "= " & tid
rs.open sqlstr, conn, 1, 3
If Not rs.EOF Then
If Not check_null(request.Form("password")) Then
rs(cfname("pword")) = md5(request.Form("password"), 2)
rs.Update
Call jtbc_cms_admin_msg(itake("global.lng_public.edit_succeed", "lng"), tbackurl, 1)
End If
Else
Call jtbc_cms_admin_msg(itake("global.lng_public.edit_failed", "lng"), tbackurl, 1)
End If
rs.Close
Set rs = Nothing
End Sub
b、修改过程 jtbc_cms_admin_manage_action() 和 Sub jtbc_cms_admin_manage() ,具体内容如下;
Sub jtbc_cms_admin_manage_action()
If admc_popedom = "-1" then
Select Case request.querystring("action")
Case "add"
Call jtbc_cms_admin_manage_adddisp
Case "edit"
Call jtbc_cms_admin_manage_editdisp
Case "delete"
Call jtbc_cms_admin_deletedisp
Case "control"
Call jtbc_cms_admin_controldisp
End Select
Else
Select Case request.querystring("action")
Case "yhedit"
Call jtbc_cms_admin_yonghudisp
End Select
End If
End Sub
Sub jtbc_cms_admin_manage()
If admc_popedom = "-1" then
Select Case request.querystring("type")
Case "add"
Call jtbc_cms_admin_manage_add
Case "edit"
Call jtbc_cms_admin_manage_edit
Case Else
Call jtbc_cms_admin_manage_list
End Select
Else
Call jtbc_cms_admin_manage_yonghu
End If
End Sub
至此修改完毕,希望对您有所帮助。
