function valid() { $PMS = PMCLibrary::getPMSInstance(); $pass = isset($_POST['pass']) ? $_POST['pass'] : ''; // 管理者密碼 $haveperm = false; $isCheck = adminAuthenticate('check'); // 登入是否正確 if (!$isCheck && $pass) { $haveperm = passwordVerify($pass); $PMS->useModuleMethods('Authenticate', array($pass, 'admin', &$haveperm)); if ($haveperm) { adminAuthenticate('login'); $isCheck = true; } else { error(_T('admin_wrongpassword')); } } $dat = ''; head($dat); $links = '[<a href="' . PHP_SELF2 . '?' . time() . '">' . _T('return') . '</a>] [<a href="' . PHP_SELF . '?mode=remake">' . _T('admin_remake') . '</a>] [<a href="' . PHP_SELF . '?page_num=0">' . _T('admin_frontendmanage') . '</a>]'; $PMS->useModuleMethods('LinksAboveBar', array(&$links, 'admin', $isCheck)); // LinksAboveBar hook point $dat .= '<div id="banner">' . $links . '<div class="bar_admin">' . _T('admin_top') . '</div> </div> <form action="' . PHP_SELF . '" method="post" name="adminform"> <div id="admin-check" style="text-align: center;"> '; echo $dat; if (!$isCheck) { echo '<br /> <input type="radio" name="admin" value="del" checked="checked" />' . _T('admin_manageposts') . ' <input type="radio" name="admin" value="optimize" />' . _T('admin_optimize') . ' <input type="radio" name="admin" value="check" />' . _T('admin_check') . ' <input type="radio" name="admin" value="repair" />' . _T('admin_repair') . ' <input type="radio" name="admin" value="export" />' . _T('admin_export') . '<br /> <input type="hidden" name="mode" value="admin" /> <input type="password" name="pass" size="8" /> <input type="submit" value="' . _T('admin_verify_btn') . '" /> </div> </form>'; die("\n</body>\n</html>"); } elseif (!isset($_REQUEST['admin'])) { echo '<br /> <input type="radio" name="admin" value="del" checked="checked" />' . _T('admin_manageposts') . ' <input type="radio" name="admin" value="optimize" />' . _T('admin_optimize') . ' <input type="radio" name="admin" value="check" />' . _T('admin_check') . ' <input type="radio" name="admin" value="repair" />' . _T('admin_repair') . ' <input type="radio" name="admin" value="export" />' . _T('admin_export') . ' <input type="radio" name="admin" value="logout" />' . _T('admin_logout') . '<br /> <input type="hidden" name="mode" value="admin" /> <input type="submit" value="' . _T('admin_submit_btn') . '" /> </div> </form>'; die("\n</body>\n</html>"); } }
function verifyUser($username, $password) { $username = test_input($username); $password = test_input($password); $conn = MySQL::open_conn(); $query = "SELECT * FROM c_users WHERE user_login = '******' LIMIT 1"; $res = $conn->query($query); dbQueryCheck($res, $conn); $row = $res->fetch_assoc(); $hpassword = $row['user_pass']; $res->free(); $conn->close(); $stat = passwordVerify($password, $hpassword); if ($stat) { return true; } else { return false; } }