function authUploaderToken()
{
global $dbr, $cfg_expire_uploader;
$user = authCheck();
if ($user === false) {
return false;
}
$stm = $dbr->prepare('SELECT * FROM uploader WHERE charId = :charId;');
$stm->bindValue(':charId', $user[0]);
if (!$stm->execute()) {
die('sql error');
}
$row = $stm->fetch();
if ($row) {
return $row['sessionId'];
}
require 'PassHash.class.php';
$ph = new PassHash();
$token = $ph->gen_salt(32);
$stm = $dbr->prepare('INSERT INTO uploader (charId, charName, sessionId, createdAt) VALUES (:charId, :charName, :sessionId, :createdAt);');
$stm->bindValue(':charId', $user[0]);
$stm->bindValue(':charName', $user[1]);
$stm->bindValue(':sessionId', $token);
$stm->bindValue(':createdAt', time());
if (!$stm->execute()) {
die('sql error');
}
return $token;
}
public function _initialize()
{
//验证登陆,没有登陆则跳转到登陆页面
if (empty($_SESSION['ADMIN_UID'])) {
$this->redirect('Public/login');
}
//
if (!in_array($_SESSION['ADMIN_UID'], C('ADMINISTRATOR'))) {
//权限验证
if (!authCheck(MODULE_NAME . "/" . CONTROLLER_NAME . "/" . ACTION_NAME, session('ADMIN_UID'))) {
$this->error('你没有权限!');
}
}
//读取网站基本配置信息
session('WEBINFO', C('WEBINFO'));
session('EMAIL', C('EMAIL'));
}
<?php
include 'functions.php';
authCheck('index.php');
$subscription_id = $_POST['id'];
$userId = $_SESSION['userId'];
toggleSubscription($userId, $subscription_id);
}
?>
<?php
if (authCheck('Admin/Auth/ruleUser', session('ADMIN_UID'))) {
?>
<button type="button" data-id="<?php
echo $vo["id"];
?>
" data-url="<?php
echo U('Auth/ruleUser', array('id' => $vo['id'], 'tag' => 'auth'));
?>
" class="btn btn-success btn-xs btnEdit">角色用户</button><?php
}
?>
<?php
if (authCheck('Admin/Auth/ruleDel', session('ADMIN_UID'))) {
?>
<button type="button" data-id="<?php
echo $vo["id"];
?>
" data-url="<?php
echo U('Auth/ruleDel', array('id' => $vo['id'], 'tag' => 'auth'));
?>
" class="btn btn-danger btn-xs btnDel">删除</button><?php
}
?>
</div>
</td>
</tr><?php
}
}
<?php
define('INTEL', 23);
require "config.php";
try {
$dbr = new PDO($cfg_sql_url, $cfg_sql_user, $cfg_sql_pass);
} catch (PDOException $e) {
die('database init failed');
}
require "tpl/tpl.php";
require "auth/auth.php";
$authResult = authCheck();
$pNav = "";
if (isset($_GET["nav"])) {
$pNav = preg_replace("/[^a-z]/", '', $_GET['nav']);
}
if ($authResult === false) {
if ($pNav == "") {
tpl_header();
tpl_nav_empty();
tpl_auth_needed();
tpl_footer(array());
return;
}
if ($pNav == "init") {
if (authInit() === NULL) {
tpl_header();
tpl_nav_empty();
tpl_auth_error();
tpl_footer(array());
}
<?php
include_once 'header.php';
?>
<?php
authCheck();
?>
<div class="container">
<div class="row">
<div class="col-sm-9">
<div class="page-header">
<h1>Results</h1>
</div>
</div>
</div>
<div class="row">
<div class="col-sm-9">
<?php
doGiftcard($_POST['to'], $_POST['from'], $_POST['treatment'], $_POST['message'], $_POST['message2'], $_POST['expiry'], $_POST['code']);
?>
</div>
<div class="col-sm-3">
<h3>Most Recent</h3>
<ul>
<?php
$files = getFiles();
foreach ($files as $file) {
} else {
echo "false";
}
}
function getSession()
{
include "connect.php";
$loginName = $_GET['user'];
$login = mysql_real_escape_string($loginName);
$query = "SELECT {$db_columnUser}, {$db_columnSesId} FROM {$db_table} WHERE {$db_columnUser}='{$login}'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$sessionid = $row[$db_columnSesId];
$sessid = strtoint(xorencode($sessionid, $sessidkey));
die("4:" . $sessid);
}
$action = $_GET['action'];
if ($action == "auth") {
die(loginServer());
}
if ($action == "getsession") {
die(getSession());
}
//if ($action=="clientssize")
// die(getClientSize());
//if ($action=="checkmod")
// die(checkMod());
if ($action == "authcheck") {
die(authCheck());
}
die("�������� ���������� ��������!");