function index_action() {
     if (front::post('submit')) {
         if (!front::post('ballot')) {
             front::alert(lang('Please_select_vote'));
             return false;
         }
         if (config::get('checkip')) {
             $time=cookie::get('vttime');
             if (time() -$time <config::get('timer') * 60) {
                 front::alert(lang('You_have_voted'));
                 return false;
             }
         }
         $bid=front::$post['bid'];
         if (is_array(front::$post['ballot'])) {
             $ids=implode(',',front::$post['ballot']);
         }
         else {
             $ids=front::$post['ballot'];
         }
         if(preg_match('/(select|union|and|\'|"|\))/i',$ids)){
         	exit('非法参数');
         }
         if(preg_match('/(select|union|and|\'|"|\))/i',$bid)){
         	exit('非法参数');
         }
         $where="id in($ids)";
         $data='num=num+1';
         $option=new option();
         $option->rec_update($data,$where);
         $this->_table->rec_update($data,$bid);
         cookie::set('vttime',time(),time() +3600 * 24);
         front::alert(lang('Successful_vote'));
     }
 }
 function login_action() {
     cookie::del('passinfo');
     //$_SESSION['test'] = 'test';
     $this->view->loginfalse=cookie::get('loginfalse'.md5($_SERVER['REQUEST_URI']));
     if (front::post('submit')) {
         if ($this->view->loginfalse) {
             if (!session::get('verify') ||front::post('verify') <>session::get('verify')) {
                 front::flash('验证码错误!');
                 $this->render();
                 exit;
             }
         }
         $user=new user();
         $user=$user->getrow(array('username'=>front::post('username'),'password'=>md5(front::post('password'))));
         if (is_array($user)) {
         	$roles = usergroup::getRoles($user['groupid']);
         	session::set('roles',null);
         	if($roles){
                 front::$isadmin=true;
                 session::set('roles',$roles);
             }else{
             	front::alert('无权登录后台');
             }
             if(!front::post('expire')){
             	cookie::set('login_username',$user['username']);
             	cookie::set('login_password',front::cookie_encode($user['password']));
             }else{
             	$expire = time() + front::post('expire');
             	cookie::set('login_username',$user['username'],$expire);
             	cookie::set('login_password',front::cookie_encode($user['password']),$expire);
             }
             
             session::set('username',$user['username']);
             event::log('后台登录','成功');
             require_once ROOT.'/celive/include/config.inc.php';
             require_once ROOT.'/celive/include/celive.class.php';
             $login=new celive();
             $login->auth();
             $GLOBALS['auth']->login(front::post('username'),front::post('password'));
             $GLOBALS['auth']->check_login1();
             front::$user=$user;
         }elseif (!is_array(front::$user) ||!isset(front::$isadmin)) {
             cookie::set('loginfalse'.md5($_SERVER['REQUEST_URI']),(int) cookie::get('loginfalse'.md5($_SERVER['REQUEST_URI'])) +1,time() +3600);
             event::log('loginfalse','失败 user='******'username'));
             front::flash('密码错误或不存在该管理员!');
             front::refresh(url('admin/login',true));
         }
     }
     $this->render();
 }
function chkpwf($str,$groupid){
	if(!chkfpw($str,$groupid))
		front::alert('无操作权限!');
}