* ============================================================================
* 网站地址: http://www.beescms.com
* 您只能在不用于商业目的的前提下对程序代码进行修改和使用;
* 不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
*/
if (!file_exists("../data/install.lock") || !file_exists("../data/confing.php")) {
header("location:../install/index.php");
exit;
}
define('CMS', true);
require_once '../includes/init.php';
require_once '../includes/fun.php';
require_once '../includes/lib.php';
$action = isset($_REQUEST['action']) ? trim($_REQUEST['action']) : 'book';
$lang = isset($_REQUEST['lang']) ? htmlspecialchars(fl_value($_REQUEST['lang'])) : get_main_lang();
if (file_exists(LANG_PATH . 'lang_' . $lang . '.php')) {
include LANG_PATH . 'lang_' . $lang . '.php';
}
//语言包缓存,数组$language
if (file_exists(DATA_PATH . 'cache_cate/cate_list_' . $lang . '.php')) {
include DATA_PATH . 'cache_cate/cate_list_' . $lang . '.php';
}
//当前语言下的栏目
$_confing = get_confing($lang);
$tpl->template_dir = TP_PATH . $_confing['web_template'] . '/';
//模板路径
$tpl->template_lang = $lang;
//语言
$tpl->template_is_cache = 0;
//缓存
<?php
/**
* $Author: BEESCMS $
* ============================================================================
* 网站地址: http://www.beescms.com
* 您只能在不用于商业目的的前提下对程序代码进行修改和使用;
* 不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
*/
define('IN_CMS', 'true');
include 'init.php';
$action = isset($_REQUEST['action']) ? fl_html(fl_value($_REQUEST['action'])) : 'channel';
$lang = isset($_REQUEST['lang']) ? fl_html(fl_value($_REQUEST['lang'])) : get_lang_main();
//模型列表
if ($action == 'channel') {
$fl_path = DATA_PATH . 'cache_channel/cache_channel_all.php';
include 'template/admin_channel.html';
} elseif ($action == 'add') {
if (!check_purview('pannel_create')) {
msg('<span style="color:red">操作失败,你的权限不足!</span>');
}
include 'template/admin_channel_ad.html';
} elseif ($action == 'cache') {
if (!$GLOBALS['cache']->channel_cache($GLOBALS['lang']) || !$GLOBALS['cache']->cache_fields()) {
msg("缓存更新失败,请先添加模型");
}
msg("模型缓存完成", 'admin_main.php');
} elseif ($action == 'save_channel') {
if (!check_purview('pannel_create')) {
msg('<span style="color:red">操作失败,你的权限不足!</span>');
<?php
/**
* $Author: BEESCMS $
* ============================================================================
* 网站地址: http://www.beescms.com
* 您只能在不用于商业目的的前提下对程序代码进行修改和使用;
* 不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
*/
define('IN_CMS', 'true');
include 'init.php';
$action = isset($_REQUEST['action']) ? fl_html(fl_value($_REQUEST['action'])) : 'index';
$lang = isset($_REQUEST['lang']) ? fl_html(fl_value($_REQUEST['lang'])) : '';
//首页配置界面
if ($action == 'index') {
if (file_exists(DATA_PATH . 'index_info.php')) {
include DATA_PATH . 'index_info.php';
}
$index_info = isset($_index) ? $_index : array('flash_is' => 0);
if (file_exists(DATA_PATH . 'cache/lang_cache.php')) {
include DATA_PATH . 'cache/lang_cache.php';
}
include 'template/admin_index_info.html';
} elseif ($action == 'save_index') {
if (!check_purview('index_info')) {
msg('<span style="color:red">操作失败,你的权限不足!</span>');
}
if (!isset($_POST['submit'])) {
msg('<span style="color:red">请从表单提交</span>');
}
header("Content-type: text/html; charset=utf-8");
include INC_PATH . 'fun.php';
unset($HTTP_ENV_VARS, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_POST_FILES, $HTTP_COOKIE_VARS);
if (!get_magic_quotes_gpc()) {
if (isset($_REQUEST)) {
$_REQUEST = addsl($_REQUEST);
}
$_COOKIE = addsl($_COOKIE);
$_POST = addsl($_POST);
$_GET = addsl($_GET);
}
if (isset($_REQUEST)) {
$_REQUEST = fl_value($_REQUEST);
}
$_COOKIE = fl_value($_COOKIE);
$_GET = fl_value($_GET);
@extract($_POST);
@extract($_GET);
@extract($_COOKIE);
include DATA_PATH . 'confing.php';
$cms_url = 'http://' . $_SERVER['HTTP_HOST'] . CMS_SELF;
define('CMS_URL', $cms_url);
include INC_PATH . 'mysql.class.php';
$mysql = new mysql(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME, DB_CHARSET, DB_PCONNECT);
//载入缓存文件
if (file_exists(DATA_PATH . 'cache/lang_cache.php')) {
include DATA_PATH . 'cache/lang_cache.php';
}
//语言缓存,数组$lang_cache
if (file_exists(DATA_PATH . 'cache_cate/cache_category_all.php')) {
include DATA_PATH . 'cache_cate/cache_category_all.php';
<?php
/**
* $Author: BEESCMS $
* ============================================================================
* 网站地址: http://www.beescms.com
* 您只能在不用于商业目的的前提下对程序代码进行修改和使用;
* 不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
*/
define('IN_CMS', 'true');
include 'init.php';
$action = isset($_REQUEST['action']) ? fl_html(fl_value($_REQUEST['action'])) : 'member';
//会员列表
if ($action == 'member') {
$page = intval($_GET['page']);
if (file_exists(DATA_PATH . "cache/cache_member_group.php")) {
include DATA_PATH . "cache/cache_member_group.php";
}
$page = empty($page) ? 1 : $page;
$page_size = 20;
$page_num = ($page - 1) * $page_size;
$total_num = $GLOBALS['mysql']->fetch_rows("select id from " . DB_PRE . "member");
$total_page = ceil($total_num / $page_size);
$total_page = !$total_page ? 1 : $total_page;
$query = '';
$rel = $GLOBALS['mysql']->fetch_asc("select*from " . DB_PRE . "member order by id desc limit " . $page_num . ',' . $page_size);
include 'template/admin_member.html';
} elseif ($action == 'add') {
if (!check_purview('user_manage')) {
msg('<span style="color:red">操作失败,你的权限不足!</span>');
<?php
/**
* $Author: BEESCMS $
* ============================================================================
* 网站地址: http://www.beescms.com
* 您只能在不用于商业目的的前提下对程序代码进行修改和使用;
* 不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
*/
define('IN_CMS', 'true');
include 'init.php';
$action = isset($_REQUEST['action']) ? fl_html(fl_value($_REQUEST['action'])) : 'sys';
//系统设置页
if ($action == 'sys') {
if (file_exists(DATA_PATH . 'sys_info.php')) {
include DATA_PATH . 'sys_info.php';
}
include 'template/admin_sys.html';
} elseif ($action == 'add_sys') {
if (!check_purview('sys_info')) {
msg('<span style="color:red">操作失败,你的权限不足!</span>');
}
if (!isset($_POST['submit'])) {
msg('<span style="color:red">请从表单提交</span>');
}
unset($_POST['action'], $_POST['submit']);
foreach ($_POST as $k => $v) {
$info[$k] = $v;
}
$sql = "update " . DB_PRE . "cmsinfo set info_array='" . addslashes(var_export($info, 'true')) . "' where id=1 and info_tag='sys'";
} elseif ($action == 'add_coll') {
} elseif ($action == 'password') {
$url = $language['member_msg28'];
$tpl->assign('position', get_dy_position($url));
//位置
if (empty($_SESSION['member_user']) || empty($_SESSION['member_id']) || empty($_SESSION['member_login'])) {
die('<script type="text/javascript">location.href=\'?action=login&lang=' . $lang . '\';</script>');
}
$tpl->display('member_login');
} elseif ($action == 'save_password') {
if (empty($_SESSION['member_user']) || empty($_SESSION['member_id']) || empty($_SESSION['member_login'])) {
die('<script type="text/javascript">location.href=\'?action=login&lang=' . $lang . '\';</script>');
}
$password_use = trim(fl_html(fl_value($_POST['password_use'])));
$password_new = trim(fl_html(fl_value($_POST['password_new'])));
$password_new2 = trim(fl_html(fl_value($_POST['password_new2'])));
if (empty($password_use) || empty($password_new) || empty($password_new2)) {
die("<script type=\"text/javascript\">alert('{$language['member_msg8']}');history.go(-1);</script>");
}
$sql = "select member_password from " . DB_PRE . "member where id=" . $_SESSION['member_id'];
$rel = $GLOBALS['mysql']->get_row($sql);
if (md5($password_use) != $rel) {
die("<script type=\"text/javascript\">alert('{$language['member_msg26']}');history.go(-1);</script>");
}
if ($password_new != $password_new2) {
die("<script type=\"text/javascript\">alert('{$language['member_msg9']}');history.go(-1);</script>");
}
$sql = "update " . DB_PRE . "member set member_password='******' where id=" . $_SESSION['member_id'];
$GLOBALS['mysql']->query($sql);
die("<script type=\"text/javascript\">alert('{$language['member_msg18']}');history.go(-1);</script>");
} elseif ($action == 'out') {
function check_login($user, $password)
{
$rel = $GLOBALS['mysql']->fetch_asc("select id,admin_name,admin_password,admin_purview,is_disable from " . DB_PRE . "admin where admin_name='" . $user . "' limit 0,1");
$rel = empty($rel) ? '' : $rel[0];
if (empty($rel)) {
msg('不存在该管理用户', 'login.php');
}
$password = md5($password);
if ($password != $rel['admin_password']) {
msg("输入的密码不正确");
}
if ($rel['is_disable']) {
msg('该账号已经被锁定,无法登陆');
}
$_SESSION['admin'] = $rel['admin_name'];
$_SESSION['admin_purview'] = $rel['admin_purview'];
$_SESSION['admin_id'] = $rel['id'];
$_SESSION['admin_time'] = time();
$_SESSION['login_in'] = 1;
$_SESSION['login_time'] = time();
$ip = fl_value(get_ip());
$ip = fl_html($ip);
$_SESSION['admin_ip'] = $ip;
unset($rel);
header("location:admin.php");
}
$value_str .= $v . ',';
}
$value = $value_str;
}
$sql_value .= ",'" . fl_html($value) . "'";
}
} else {
die('表单不能为空<a href="javascript:history.go(-1);">返回</a>');
}
$table = $form['form_mark'];
$tables = $mysql->show_tables();
if (!in_array(DB_PRE . $table, $tables)) {
die('发生错误,该表单已经停止使用,不能添加表单信息<a href="javascript:history.go(-1);">返回</a>');
}
$addtime = time();
$ip = fl_value(get_ip());
$ip = fl_html($ip);
$member_id = empty($_SESSION['id']) ? 0 : $_SESSION['id'];
$arc_id = empty($f_id) ? 0 : intval($_POST['f_id']);
$sql = "insert into " . DB_PRE . "formlist (form_id,form_time,form_ip,member_id,arc_id) values ({$form_id},{$addtime},'{$ip}','{$member_id}','{$arc_id}')";
$mysql->query($sql);
$last_id = $mysql->insert_id();
$sql_field = 'id' . $sql_field;
$sql_value = $last_id . $sql_value;
$sql = "insert into " . DB_PRE . "{$table} ({$sql_field}) values ({$sql_value})";
$mysql->query($sql);
//发送邮件
if (!empty($_sys['mail_feed'])) {
if (in_array('1', $_sys['mail_feed'])) {
$table = $form['form_mark'];
if (!empty($table)) {
if (file_exists(LANG_PATH . 'lang_' . $lang . '.php')) {
include LANG_PATH . 'lang_' . $lang . '.php';
}
//语言包缓存,数组$language
if (file_exists(DATA_PATH . 'cache_cate/cate_list_' . $lang . '.php')) {
include DATA_PATH . 'cache_cate/cate_list_' . $lang . '.php';
}
//当前语言下的栏目
$_confing = get_confing($lang);
$tpl->template_dir = TP_PATH . $_confing['web_template'] . '/';
//模板路径
$tpl->template_lang = $lang;
//语言
$tpl->template_is_cache = 0;
//缓存
$key = isset($_REQUEST['key']) ? htmlspecialchars(fl_value($_REQUEST['key'])) : '';
$page = empty($page) ? 1 : intval($page);
$pagesize = 10;
//输出数量
$pagenum = ($page - 1) * $pagesize;
$query = '&lang=' . $lang . '&key=' . $key;
if (!empty($key)) {
$filt = "m.lang='" . $GLOBALS['lang'] . "' and m.title like '%" . $key . "%' or m.info like '%" . $key . "%'";
$total_num = $mysql->fetch_rows("select m.id from " . DB_PRE . "maintb as m where {$filt}");
$total_num = empty($total_num) ? 1 : $total_num;
} else {
$total_num = 1;
}
$total_page = ceil($total_num / $pagesize);
$GLOBALS['tpl']->display('search');
//载入缓存文件
session_start();
$s_code = empty($_SESSION['code']) ? '' : $_SESSION['code'];
$_SESSION['login_in'] = empty($_SESSION['login_in']) ? '' : $_SESSION['login_in'];
$_SESSION['admin'] = empty($_SESSION['admin']) ? '' : $_SESSION['admin'];
if ($_SESSION['login_in'] && $_SESSION['admin']) {
header("location:admin.php");
}
$action = empty($_GET['action']) ? 'login' : $_GET['action'];
if ($action == 'login') {
global $_sys;
include 'template/admin_login.html';
} elseif ($action == 'ck_login') {
global $submit, $user, $password, $_sys, $code;
$submit = $_POST['submit'];
$user = fl_html(fl_value($_POST['user']));
$password = fl_html(fl_value($_POST['password']));
$code = $_POST['code'];
if (!isset($submit)) {
msg('请从登陆页面进入');
}
if (empty($user) || empty($password)) {
msg("密码或用户名不能为空");
}
if (!empty($_sys['safe_open'])) {
foreach ($_sys['safe_open'] as $k => $v) {
if ($v == '3') {
if ($code != $s_code) {
msg("验证码不正确!");
}
}
}
