Beispiel #1
0
function m__edit_my_pass()
{
    global $dbm;
    $_POST = helper::sqlxss($_POST);
    $sql = "select apass from " . TB_PREFIX . "admin_list where admin_id='{$_SESSION['admin']['admin_id']}' limit 1";
    $rs = $dbm->query($sql);
    if (count($rs['list']) == 0) {
        die('{"code":"1","msg":"登录状态可能已失效,请重新登录"}');
    }
    $_POST['upassnew'] = isset($_POST['upassnew']) ? $_POST['upassnew'] : '';
    $_POST['new_upass'] = isset($_POST['new_upass']) ? $_POST['new_upass'] : '';
    $_POST['re_upass'] = isset($_POST['re_upass']) ? $_POST['re_upass'] : '';
    $verify = verify::verify_upass($_POST['new_upass']);
    if ($rs['list'][0]['apass'] != helper::password_encrypt($_POST['upassnew'])) {
        die('{"code":"1","msg":"原密码输入不正确","id":"upassnew"}');
    }
    if ($verify != '') {
        die('{"code":"1","msg":"' . $verify . '","id":"new_upass"}');
    }
    if ($_POST['new_upass'] != $_POST['re_upass']) {
        die('{"code":"1","msg":"新密码输入不一致","id":"new_upass"}');
    }
    $fields['apass'] = helper::password_encrypt($_POST['new_upass']);
    $dbm->single_update(TB_PREFIX . "admin_list", $fields, "admin_id='{$_SESSION['admin']['admin_id']}'");
    die('{"code":"0","msg":"密码修改成功"}');
}
Beispiel #2
0
function m__set_level()
{
    global $dbm;
    $_POST = helper::sqlxss($_POST);
    $aid = isset($_POST['aid']) ? intval($_POST['aid']) : 0;
    $gid = isset($_POST['gid']) ? intval($_POST['gid']) : 0;
    $_POST['level'] = isset($_POST['level']) ? $_POST['level'] : array();
    if ($aid < 0 && $gid < 0) {
        die('{"code":"1","msg":"请选择权限设置对象,无法设置"}');
    }
    if ($gid > 0) {
        if ($gid == 1) {
            die('{"code":"100","msg":"超级管理组权限无需设置"}');
        }
        check_level("B0301");
        $fields['g_urank'] = implode(',', $_POST['level']);
        $rs = $dbm->single_update(TB_PREFIX . 'admin_group', $fields, "group_id='{$gid}'");
        logs("设置组权限成功:" . $fields['g_urank']);
        die('{"code":"0","msg":"设置用户组权限成功"}');
    }
    if ($aid > 0) {
        check_level("B0302");
        //die(print_r($_POST));
        $fields['alevel'] = implode(',', $_POST['level']);
        $rs = $dbm->single_update(TB_PREFIX . 'admin_list', $fields, "admin_id='{$aid}'");
        logs("设置组权限成功:" . $fields['alevel']);
        die('{"code":"0","msg":"设置用户权限成功"}');
    }
}
Beispiel #3
0
function m__show_rewrite()
{
    global $dbm;
    $_POST = helper::sqlxss($_POST);
    $_POST['url_id'] = isset($_POST['url_id']) ? intval($_POST['url_id']) : 0;
    $rs = $dbm->query("select * from " . TB_PREFIX . "url_rewrite where url_id='{$_POST['url_id']}' limit 1");
    if (count($rs['list']) == 0) {
        die('{"code":1,"msg":"' . $_POST['url_id'] . ' 伪静态规则不存在"}');
    }
    die('{"code":0,"msg":"伪静态规则读取成功","data":' . json_encode($rs['list'][0]) . '}');
}
Beispiel #4
0
function m__login()
{
    global $dbm;
    $_POST = helper::sqlxss($_POST);
    $_POST['uname'] = isset($_POST['uname']) ? $_POST['uname'] : '';
    $verify = verify::verify_length($_POST['uname'], 1, 20);
    if ($verify != '') {
        die('{"code":"1","msg":"账号' . $verify . '","id":"uname"}');
    }
    $_POST['upass'] = isset($_POST['upass']) ? $_POST['upass'] : '';
    $verify = verify::verify_upass($_POST['upass']);
    if ($verify != '') {
        die('{"code":"1","msg":"' . $verify . '","id":"uname","id":"upass"}');
    }
    $_POST['code'] = isset($_POST['code']) ? $_POST['code'] : '';
    $_POST['safecode'] = isset($_POST['safecode']) ? $_POST['safecode'] : '';
    if ($_POST['safecode'] != SAFE_CODE) {
        die('{"code":"1","msg":"安全码错误","id":"safecode"}');
    }
    if ($_SESSION['login'] != md5(strtoupper($_POST['code']))) {
        die('{"code":"1","msg":"验证码错误","id":"code"}');
    }
    $sql = "select a.*,b.g_urank,b.g_name from " . TB_PREFIX . "admin_list a left join " . TB_PREFIX . "admin_group b on a.group_id=b.group_id where aname='" . $_POST['uname'] . "' limit 1";
    $rs = $dbm->query($sql);
    //print_r($rs);
    if (count($rs['list']) == 0) {
        die('{"code":"1","msg":"账号不存在","id":"uname"}');
    }
    if ($rs['list'][0]['apass'] != helper::password_encrypt($_POST['upass'])) {
        die('{"code":"1","msg":"密码错误","id":"upass"}');
    }
    if ($rs['list'][0]['astate'] != 0) {
        die('{"code":"1","msg":"账号异常","id":"uname"}');
    }
    // 登陆成功
    $_SESSION['admin']["admin_id"] = $rs['list'][0]['admin_id'];
    $_SESSION['admin']["aname"] = $rs['list'][0]['aname'];
    $_SESSION['admin']["aname_true"] = $rs['list'][0]['aname_true'];
    $_SESSION['admin']["group_id"] = $rs['list'][0]['group_id'];
    $_SESSION['admin']['group_level'] = $rs['list'][0]['g_urank'];
    $_SESSION['admin']['gname'] = $rs['list'][0]['g_name'];
    $_SESSION['admin']["alevel"] = $_SESSION['admin']['group_level'] . ',|,' . $rs['list'][0]['alevel'];
    logs($_SESSION['admin']["aname"] . "登陆成功");
    die('{"code":"0","msg":"登录成功"}');
}
Beispiel #5
0
function m__set_auth()
{
    check_level("A0501");
    $config = '../core/config.php';
    $cf = file_get_contents($config);
    $_POST = helper::sqlxss($_POST);
    $code = isset($_POST['auth']) ? $_POST['auth'] : '';
    if (!preg_match('~^[a-z_A-Z0-9=]{1,64}~', $code)) {
        die('{"code":"1","msg":"授权码格式错误' . $code . '"}');
    }
    if (AUTH_CODE != $code) {
        set_config('AUTH_CODE', $code, $cf);
        if (helper::getChmod($config) != '0777') {
            die('{"code":"1","msg":"/core/config.php 配置文件没有写权限"}');
        }
        file_put_contents($config, $cf);
    }
    die('{"code":"0","msg":"成功设置授权码"}');
}
Beispiel #6
0
<?php

// ******************************************************************************************************************************
// MCMS Copyright (c) 2012-2013 ZhangYiYeTai Inc.
// The program developed by loyjers core architecture, individual all rights reserved, if you have any questions please contact loyjers@126.com
// ******************************************************************************************************************************
//加载共用代码
require_once dirname(__FILE__) . "/inc_common.php";
$_GET = helper::sqlxss($_GET);
$_POST = helper::sqlxss($_POST);
//判断操作权限
check_level("E03");
// ******************************************************************************************************************************
// 页面动作函数载入
// ******************************************************************************************************************************
call_mfunc();
// ******************************************************************************************************************************
// 模板载入
// ******************************************************************************************************************************
$tpl = assign_tpl_admin(basename(__FILE__));
$template = $tpl[0];
require_once $tpl[1];
//
// ******************************************************************************************************************************
// 页面动作函数方法,必须以 m__ 开头
// ******************************************************************************************************************************
/*
 * 获取内链词列表,支持分页
 * 初始化页面时调用数据并且显示
 */
function m__list()
Beispiel #7
0
function m__get_keyword()
{
    global $dbm;
    $_GET = helper::sqlxss($_GET);
    $keyword_id = $_GET['keyword_id'];
    $sql = " select * from " . TB_PREFIX . "keyword where keyword_id=" . intval($keyword_id);
    $res = $dbm->query($sql);
    if (count($res['list']) > 0) {
        $keyword = $res['list'][0];
        die(json_encode($keyword));
    }
    die('{"code":"100","msg":"获取修改数据失败","data":"null"}');
}
Beispiel #8
0
<?php

/**
 * 页面全局变量:
 * 
 * @param  $ => $dbm       数据库对象
 * @param  $ => $c         核心方法类对象
 * @param  $ => $plugins_path 当前插件目录
 */
define('CRANE_CMS', true);
require_once dirname(__FILE__) . "/core/init.php";
require_once ROOT_PATH . "/model/user.model.php";
helper::sqlxss();
//初始化对象
$time_start = helper::getmicrotime();
$dbm = new db_mysql();
$c = new common($dbm);
$u_obj = new User();
//获取当前URL路径
$plugins_path = dirname(__FILE__);
$plugins_path = str_replace('\\', '/', $plugins_path);
$plugins_path = substr($plugins_path, strpos($plugins_path, 'plugins/'), strlen($plugins_path));
$p = isset($_GET['p']) ? $_GET['p'] : 1;
//分页页码
if (!is_numeric($p)) {
    $p = 1;
}
//页面动作 model 分支选择,动作函数写在文件末尾,全部以前缀 m__ 开头
$_GET['m'] = isset($_GET['m']) ? $_GET['m'] : 'login';
if (function_exists("m__" . $_GET['m'])) {
    call_user_func("m__" . $_GET['m']);
Beispiel #9
0
/**
 *
 *获取分组下的关键字
 */
function m__get_keyword()
{
    global $dbm;
    $_GET = helper::sqlxss($_GET);
    if (isset($_GET['qgroup']) && $_GET['qgroup'] != '') {
        $sql = "select keyword_id,keyword from " . TB_PREFIX . "keyword where qgroup='{$qgroup}'";
        $rs = $dbm->query($sql);
        if (count($rs['list']) > 0) {
            die(json_encode($rs['list']));
        }
    }
}
Beispiel #10
0
function m__del()
{
    global $page, $dbm;
    check_level("E0202");
    $_POST = helper::sqlxss($_POST);
    // 直接传过来的删除动作
    if (isset($_POST['flink_id'])) {
        //单个删除值传递
        $_POST['params'] = array($_POST['flink_id']);
    }
    //循环删除数据
    foreach ($_POST['params'] as $id) {
        $id = intval($id);
        $where = " flink_id = '" . $id . "'";
        $sql = "select * from " . TB_PREFIX . "flink where flink_id=" . $id;
        $rs = $dbm->query($sql);
        if ($rs['error'] == '' && $rs['list'] == '') {
            continue;
        } elseif ($rs['list'][0]['flink_type'] == 1) {
            //是云链接 告知服务器此链接已被删除
            $path = AUTH_URL;
            $last_char = substr($path, -1);
            if ($last_char == '/') {
                $path = substr($path, 0, -1);
            }
            $url = $path . '/api/yunflink.php?m=del_url&auth_code=' . AUTH_CODE . '&flink_url=' . $rs['list'][0]['flink_url'];
            $data = helper::get_contents($url);
        }
        $dbm->single_del(TB_PREFIX . "flink", $where);
    }
    logs("成功删除了友情链接");
    die('{"code":"0","msg":"删除成功"}');
}
Beispiel #11
0
/**
 * 清理缓存
 * 若成功则 code 为1 失败 code 为0
 */
function m__clearcache()
{
    //判断操作权限
    check_level("A04");
    $_POST = helper::sqlxss($_POST);
    if (isset($_POST['act']) && $_POST['act'] != '') {
        $act = $_POST['act'];
        $return = true;
        //清空全部缓存
        if ($act == 'whole') {
            $return = del_dir("../" . CACHE_NAME);
            if ($return) {
                logs('成功清空了全部缓存');
            }
        }
        //清空列表缓存
        if ($act == 'list') {
            $return = del_dir("../" . CACHE_NAME . "/list");
            if ($return) {
                logs('成功清空了列表缓存');
            }
        }
        //清空内容缓存
        if ($act == 'content') {
            $return = del_dir("../" . CACHE_NAME . "/content");
            if ($return) {
                logs('成功清空了内容缓存');
            }
        }
        //清空统计缓存
        if ($act == 'count') {
            $return = del_dir("../" . CACHE_NAME . "/count");
            if ($return) {
                logs('成功清空了统计缓存');
            }
        }
        $host = $_SERVER['HTTP_HOST'];
        //清空分类缓存
        if ($act == 'category') {
            $return = del_dir("../" . CACHE_NAME . "/" . $host . '_' . CACHE_PREFIX . "categories");
            if ($return) {
                logs('成功清空了分类缓存');
            }
        }
        //清空伪静态缓存
        if ($act == 'url_rewrite') {
            $return = del_dir("../" . CACHE_NAME . "/" . $host . '_' . CACHE_PREFIX . "url_config");
            if ($return) {
                logs('成功清空了伪静态缓存');
            }
        }
        //清空模型缓存
        if ($act == 'externs') {
            $return = del_dir("../" . CACHE_NAME . "/" . $host . '_' . CACHE_PREFIX . "externs");
            if ($return) {
                logs('成功清空了模型缓存');
            }
        }
        //清空正文内链接缓存
        if ($act == 'nlink') {
            $return = del_dir("../" . CACHE_NAME . "/" . CACHE_PREFIX . "nlink");
            if ($return) {
                logs('成功清空了内链缓存');
            }
        }
        sleep(1);
        if ($return) {
            die('{"code":"1","msg":"缓存清除成功"}');
        } else {
            die('{"code":"0","msg":"缓存清除失败,可能是 ' . CACHE_NAME . ' 文件目录没有读写权限!"}');
        }
    }
}
Beispiel #12
0
function m__edit()
{
    global $dbm;
    check_level("B0202");
    $params = array();
    foreach ($_POST as $k => $v) {
        if (strpos($k, 'pass') > 0) {
        } else {
            $_POST[$k] = helper::sqlxss($v);
        }
    }
    $fields['aname'] = isset($_POST['aname']) ? $_POST['aname'] : '';
    $verify = verify::verify_uname($fields['aname']);
    if ($verify != '') {
        die('{"code":"1","msg":"' . $verify . '","id":"aname"}');
    }
    $_POST['apass'] = isset($_POST['apass']) ? $_POST['apass'] : '';
    $_POST['re_pass'] = isset($_POST['re_pass']) ? $_POST['re_pass'] : '';
    $fields['aname_true'] = isset($_POST['aname_true']) ? $_POST['aname_true'] : '';
    $fields['aemail'] = isset($_POST['aemail']) ? $_POST['aemail'] : '';
    $fields['aphone'] = isset($_POST['aphone']) ? $_POST['aphone'] : '';
    $fields['group_id'] = isset($_POST['group_id']) ? intval($_POST['group_id']) : 0;
    $_POST['admin_id'] = isset($_POST['admin_id']) ? intval($_POST['admin_id']) : 0;
    if ($fields['group_id'] == 0) {
        die('{"code":"1","msg":"请选择管理组","id":"group_id"}');
    }
    if ($_POST['admin_id'] > 0) {
        if ($_POST['apass'] != '') {
            $verify = verify::verify_upass($_POST['apass']);
            if ($verify != '') {
                die('{"code":"1","msg":"' . $verify . '","id":"apass"}');
            }
            if ($_POST['apass'] != $_POST['re_pass']) {
                die('{"code":"1","msg":"两次密码输入不一致","id":"apass"}');
            }
            $fields['apass'] = helper::password_encrypt($_POST['apass']);
        }
        $where = " admin_id ='" . $_POST['admin_id'] . "'";
        $rs = $dbm->single_update(TB_PREFIX . "admin_list", $fields, $where);
        if ($rs['error'] == '') {
            logs("编辑CMS账号资料成功:{$_POST['aname']}");
            die('{"code":"0","msg":"编辑账号成功"}');
        }
        die('{"code":"1","msg":"编辑账号失败,请核实后再编辑"}');
    } else {
        // 添加账号
        $verify = verify::verify_upass($_POST['apass']);
        if ($verify != '') {
            die('{"code":"1","msg":"' . $verify . '","id":"apass"}');
        }
        if ($_POST['apass'] != $_POST['re_pass']) {
            die('{"code":"1","msg":"两次密码输入不一致","id":"apass"}');
        }
        $fields['apass'] = helper::password_encrypt($_POST['apass']);
        $where = " aname='" . $_POST['aname'] . "'";
        $a = $dbm->single_query(array('where' => $where, 'table_name' => TB_PREFIX . "admin_list"));
        if (count($a['list']) > 0) {
            die('{"code":"1","msg":"账号名不能重复","id":"aname"}');
        }
        $fields['reg_date'] = time();
        $fields['astate'] = 0;
        $rs = $dbm->single_insert(TB_PREFIX . "admin_list", $fields);
        if ($rs['error'] == '') {
            logs("添加账号成功:{$_POST['aname']}");
            die('{"code":"0","msg":"添加账号成功"}');
        }
        die('{"code":"1","msg":"添加账号失败,请核实后再添加"}');
    }
}
Beispiel #13
0
function m__save_attr()
{
    global $dbm;
    //判断操作权限
    check_level("E0403");
    $area_id = isset($_GET['area_id']) ? intval($_GET['area_id']) : 0;
    if ($area_id == 0) {
        die('{"code":1,"msg":"广告位不存在"}');
    }
    $a = $dbm->query("select * from " . TB_PREFIX . "recommend_area where area_id='{$area_id}'");
    if (count($a['list']) < 1) {
        die('{"code":1,"msg":"广告位不存在"}');
    }
    $area = $a['list'][0];
    //模型
    $attr = unserialize($area['area_html']);
    // 初始化数据
    foreach ($_POST as $a => $b) {
        $_POST[$a] = helper::sqlxss($b, 1);
        $_POST[$a] = preg_replace('~"~', '&#34;', $_POST[$a]);
        $_POST[$a] = helper::escape_stripslashes($_POST[$a]);
        if ($a == 'tag' && $b == '') {
            die('{"code":1,"msg":"标识不能为空,并且不可重复"}');
        }
        //if($a=='img' && $b=='') die('{"code":1,"msg":"图片不能为空"}');
    }
    unset($_POST['hashtoken']);
    //去掉不必要的参数
    if (isset($_POST['flash_file'])) {
        unset($_POST['flash_file']);
    }
    // 如果是代码广告
    if (isset($_POST['area_html'])) {
        $attr['list'] = $_POST['area_html'];
    } else {
        // 判断属性是否存在
        $attr_has = '-1';
        foreach ($attr['list'] as $k => $v) {
            if (!isset($attr['list'][$k]['tag'])) {
                $attr['list'][$k]['tag'] = $attr['list'][$k]['title'];
            }
            if ($attr['list'][$k]['tag'] == $_POST['tag']) {
                $attr_has = $k;
                break;
            }
        }
        if ($attr_has == '-1') {
            array_push($attr['list'], $_POST);
            //新增
        } else {
            $attr['list'][$attr_has] = $_POST;
            //修改
        }
    }
    $attr_content = serialize($attr);
    $attr_content = preg_replace("~'~", "\\'", $attr_content);
    // 写入数据库
    $res = $dbm->query_update("update " . TB_PREFIX . "recommend_area set area_html='{$attr_content}' where area_id='{$area_id}'");
    logs("修改管理广告位ID为:" . $area_id . "下面的广告成功" . $attr_content);
    die('{"code":0,"msg":"保存成功"}');
}
Beispiel #14
0
function m__del()
{
    global $dbm;
    $_POST = helper::sqlxss($_POST);
    //验证权限 由于这里关系到推荐位和专题两个权限。所以要根据$_GET['type'] 来区别判断
    if ($_GET['type'] == 1) {
        //判断推荐位权限 1=推荐位
        check_level("E0502");
    } else {
        //判断专题权限
        check_level("E0602");
    }
    // 直接传过来的删除动作
    if (isset($_POST['area_id'])) {
        $_POST['params'] = array($_POST['area_id']);
    }
    if (empty($_POST['params'])) {
        die('{"code":"100","msg":"没有选中要删除的友链"}');
    }
    foreach ($_POST['params'] as $id) {
        $id = intval($id);
        $where = " area_id = '" . $id . "'";
        $res = $dbm->single_del(TB_PREFIX . "recommend_area", $where);
        if (!empty($res['error'])) {
            continue;
        }
    }
    logs("删除成功,ID为:" . json_encode($_POST['params']));
    die('{"code":"0","msg":"删除成功"}');
}
Beispiel #15
0
 public static function sqlxss($input)
 {
     if (is_array($input)) {
         foreach ($input as $k => $v) {
             $input[$k] = helper::sqlxss($v);
         }
     } else {
         $input = helper::escape($input, 1);
         $input = htmlspecialchars($input, ENT_QUOTES);
     }
     return $input;
 }