Ejemplo n.º 1
0
function _login($forward = '')
{
    global $_GPC, $_W;
    load()->model('user');
    $member = array();
    $username = trim($_GPC['username']);
    if (empty($username)) {
        message('请输入要登录的用户名');
    }
    $member['username'] = $username;
    $member['password'] = $password = $_GPC['password'];
    if (empty($member['password'])) {
        message('请输入密码');
    }
    $record = user_single($member);
    if (!empty($record)) {
        /*if($record['status'] == 1) {
        			message('您的账号正在审核或是已经被系统禁止,请联系网站管理员解决!');
        		}*/
        $founders = explode(',', $_W['config']['setting']['founder']);
        $_W['isfounder'] = in_array($record['uid'], $founders);
        if ($_W['siteclose'] && !$_W['isfounder']) {
            $settings = setting_load('copyright');
            message('站点已关闭,关闭原因:' . $settings['copyright']['reason']);
        }
        $cookie = array();
        $cookie['uid'] = $record['uid'];
        $cookie['lastvisit'] = $record['lastvisit'];
        $cookie['lastip'] = $record['lastip'];
        $cookie['hash'] = md5($record['password'] . $record['salt']);
        $session = base64_encode(json_encode($cookie));
        isetcookie('__session', $session, !empty($_GPC['rember']) ? 7 * 86400 : 0);
        $status = array();
        $status['uid'] = $record['uid'];
        $status['lastvisit'] = TIMESTAMP;
        $status['lastip'] = CLIENT_IP;
        user_update($status);
        if (empty($forward)) {
            $forward = $_GPC['forward'];
        }
        if (empty($forward)) {
            $forward = './index.php?c=index&a=index';
        }
        $_W['user'] = $record;
        if (cly_isAdmin()) {
            message('', url('admin/index'));
        } else {
            message('', $forward);
        }
        //message("欢迎回来,{$record['username']}。", $forward);
    } else {
        message('登录失败,请检查您输入的用户名和密码!');
    }
}
Ejemplo n.º 2
0
function _login($forward = '')
{
    global $_GPC;
    load()->model('user');
    $member = array();
    $username = trim($_GPC['username']);
    if (empty($username)) {
        message('请输入要登录的用户名');
    }
    $member['username'] = $username;
    $member['password'] = $_GPC['password'];
    if (empty($member['password'])) {
        message('请输入密码');
    }
    if ($_GPC['admin']) {
        $record = user_single($member);
    } else {
        $record = biz_login($username, $member['password']);
        if (!empty($record)) {
            $record['username'] = $record['UserName'];
            $record['uid'] = $record['UserGUID'];
            $record['password'] = $record['Password'];
        }
    }
    if (!empty($record)) {
        if ($record['status'] == -1) {
            message('您的账号正在核合或是已经被系统禁止,请联系网站管理员解决!');
        }
        $cookie = array();
        $cookie['uid'] = $record['uid'];
        $cookie['lastip'] = $record['lastip'];
        $cookie['token'] = $record['Token'];
        $cookie['hash'] = md5($record['password'] . $record['salt']);
        if ($_GPC['admin']) {
            $cookie['admin'] = 1;
        }
        $session = base64_encode(json_encode($cookie));
        isetcookie('__session', $session, 86400);
        if (empty($forward)) {
            $forward = $_GPC['forward'];
        }
        if (empty($forward)) {
            $forward = './index.php?c=project&a=display';
        }
        message("欢迎回来,{$record['username']}。", $forward);
    } else {
        message('登录失败,请检查您输入的用户名和密码!');
    }
}
Ejemplo n.º 3
0
<?php

/**
 * @FreeGo Team 智慧游
 * @url http://www.cninone.com/
 */
load()->model('user');
$_W['token'] = token();
$session = json_decode(base64_decode($_GPC['__session']), true);
if (is_array($session)) {
    $user = user_single(array('uid' => $session['uid']));
    if (is_array($user) && $session['hash'] == md5($user['password'] . $user['salt'])) {
        $_W['uid'] = $user['uid'];
        $_W['username'] = $user['username'];
        $user['currentvisit'] = $user['lastvisit'];
        $user['currentip'] = $user['lastip'];
        $user['lastvisit'] = $session['lastvisit'];
        $user['lastip'] = $session['lastip'];
        $_W['user'] = $user;
        $founders = explode(',', $_W['config']['setting']['founder']);
        $_W['isfounder'] = in_array($_W['uid'], $founders);
        unset($founders);
    } else {
        isetcookie('__session', false, -100);
    }
    unset($user);
}
unset($session);
if (!empty($_GPC['__uniacid'])) {
    $_W['uniacid'] = intval($_GPC['__uniacid']);
    $_W['weid'] = $_W['uniacid'];
Ejemplo n.º 4
0
 public function doMobileLogin()
 {
     global $_W, $_GPC;
     $rid = intval($_GPC['rid']);
     if ($_W['ispost']) {
         $member = array('username' => $_GPC['username'], 'password' => $_GPC['password']);
         load()->model('user');
         $record = user_single($member);
         if (!empty($record)) {
             if ($record['status'] == 1) {
                 exit(json_encode(array('status' => false)));
             }
             isetcookie('__xwz_session_' . $_W['uniacid'] . '_' . $rid, $record['uid'], 0);
             exit(json_encode(array('status' => true)));
         }
         exit(json_encode(array('status' => false)));
     }
     include $this->template('login');
 }
Ejemplo n.º 5
0
     cache_delete("cardticket:{$acid}");
     load()->model('module');
     module_build_privileges();
     if (!empty($_GPC['from'])) {
         message('公众号权限修改成功', url('account/post-step/', array('uniacid' => $uniacid, 'step' => 3, 'from' => 'list')), 'success');
     } else {
         header("Location: " . url('account/post-step/', array('uniacid' => $uniacid, 'acid' => $acid, 'step' => 4)));
         exit;
     }
 }
 $unigroups = uni_groups();
 $settings = uni_setting($uniacid, array('notify'));
 $notify = $settings['notify'] ? $settings['notify'] : array();
 $ownerid = pdo_fetchcolumn("SELECT uid FROM " . tablename('uni_account_users') . " WHERE uniacid = :uniacid AND role = 'owner'", array(':uniacid' => $uniacid));
 if (!empty($ownerid)) {
     $owner = user_single(array('uid' => $ownerid));
     $owner['group'] = pdo_fetch("SELECT id, name, package FROM " . tablename('users_group') . " WHERE id = :id", array(':id' => $owner['groupid']));
     $owner['group']['package'] = iunserializer($owner['group']['package']);
 }
 $extend = pdo_fetch("SELECT * FROM " . tablename('uni_group') . " WHERE uniacid = :uniacid", array(':uniacid' => $uniacid));
 $extend['modules'] = iunserializer($extend['modules']);
 $extend['templates'] = iunserializer($extend['templates']);
 if (!empty($extend['modules'])) {
     $owner['extend']['modules'] = pdo_getall('modules', array('name' => $extend['modules']));
 }
 if (!empty($extend['templates'])) {
     $owner['extend']['templates'] = pdo_getall('site_templates', array('id' => $extend['templates']));
 }
 $extend['package'] = pdo_getall('uni_account_group', array('uniacid' => $uniacid), array(), 'groupid');
 $groups = pdo_fetchall("SELECT id, name, package FROM " . tablename('users_group') . " ORDER BY id ASC", array(), 'id');
 $modules = pdo_fetchall("SELECT mid, name, title FROM " . tablename('modules') . ' WHERE issystem != 1', array(), 'name');
Ejemplo n.º 6
0
<?php

/**
 * @FreeGo Team 智慧游
 * @url http://www.cninone.com/
 */
defined('IN_IA') or exit('Access Denied');
$_W['page']['title'] = '编辑用户 - 用户管理 - 用户管理';
load()->model('setting');
load()->func('tpl');
$do = $_GPC['do'];
$dos = array('delete', 'edit');
$do = in_array($do, $dos) ? $do : 'edit';
$uid = intval($_GPC['uid']);
$user = user_single($uid);
$founders = explode(',', $_W['config']['setting']['founder']);
if ($do == 'edit') {
    if (empty($user)) {
        message('访问错误, 未找到指定操作员.', url('user/display'), 'error');
    }
    $extendfields = pdo_fetchall("SELECT field, title, description, required FROM " . tablename('profile_fields') . " WHERE available = '1' AND showinregister = '1'");
    if (checksubmit('profile_submit')) {
        $_GPC['password'] = trim($_GPC['password']);
        if (!empty($record['password']) && istrlen($record['password']) < 8) {
            message('必须输入密码,且密码长度不得低于8位。');
        }
        $_GPC['groupid'] = intval($_GPC['groupid']);
        if (empty($_GPC['groupid'])) {
            message('请选择所属用户组');
        }
        load()->model('user');
Ejemplo n.º 7
0
function uni_setmeal($uniacid = 0)
{
    global $_W;
    if (!$uniacid) {
        $uniacid = $_W['uniacid'];
    }
    $owneruid = pdo_fetchcolumn("SELECT uid FROM " . tablename('uni_account_users') . " WHERE uniacid = :uniacid AND role = 'owner'", array(':uniacid' => $uniacid));
    if (empty($owneruid)) {
        $user = array('uid' => -1, 'username' => '创始人', 'timelimit' => '未设置', 'groupid' => '-1', 'groupname' => '所有服务');
        return $user;
    }
    load()->model('user');
    $groups = pdo_getall('users_group', array(), array('id', 'name'), 'id');
    $owner = user_single(array('uid' => $owneruid));
    $user = array('uid' => $owner['uid'], 'username' => $owner['username'], 'groupid' => $owner['groupid'], 'groupname' => $groups[$owner['groupid']]['name']);
    if (empty($owner['endtime'])) {
        $user['timelimit'] = date('Y-m-d', $owner['starttime']) . ' ~ 无限制';
    } else {
        if ($owner['endtime'] <= TIMESTAMP) {
            $add = ' <strong class="text-danger"> 已到期</strong>';
        }
        $user['timelimit'] = date('Y-m-d', $owner['starttime']) . ' ~ ' . date('Y-m-d', $owner['endtime']) . $add;
    }
    return $user;
}
Ejemplo n.º 8
0
    }
    $pindex = max(1, intval($_GPC['page']));
    $psize = 10;
    $total = 0;
    $list = pdo_fetchall("SELECT * FROM " . tablename('uni_account') . " WHERE 1 {$condition} LIMIT " . ($pindex - 1) * $psize . ",{$psize}");
    $total = pdo_fetchcolumn("SELECT COUNT(*) FROM " . tablename('uni_account') . " WHERE 1 {$condition}");
    $pager = pagination($total, $pindex, $psize, '', array('ajaxcallback' => 'null'));
    $permission = pdo_fetchall("SELECT uniacid FROM " . tablename('uni_account_users') . " WHERE uid = '{$uid}'", array(), 'uniacid');
    template('user/select');
}
if ($do == 'menu') {
    $uniacid = intval($_GPC['uniacid']);
    $uid = intval($_GPC['uid']);
    load()->model('user');
    load()->model('module');
    $user = user_single(array('uid' => $uid));
    if (empty($user)) {
        message('您操作的用户不存在或是已经被删除!');
    }
    if (!pdo_fetchcolumn("SELECT id FROM " . tablename('uni_account_users') . " WHERE uid = :uid AND uniacid = :uniacid", array(':uid' => $uid, ':uniacid' => $uniacid))) {
        message('此用户没有操作该统一公众号的权限,请选指派“管理者”权限!');
    }
    $result = pdo_fetchall("SELECT url, id FROM " . tablename('users_permission') . " WHERE uid = :uid AND uniacid = :uniacid", array(':uid' => $uid, ':uniacid' => $uniacid));
    $hasurls = array();
    if (!empty($result)) {
        foreach ($result as $row) {
            $hasurls[$row['id']] = $row['url'];
        }
    }
    if (checksubmit('submit')) {
        if (empty($_GPC['permurls'])) {
Ejemplo n.º 9
0
function _login($forward = '')
{
    global $_GPC, $_W;
    load()->model('user');
    $member = array();
    $username = trim($_GPC['username']);
    pdo_query('DELETE FROM' . tablename('users_failed_login') . ' WHERE lastupdate < :timestamp', array(':timestamp' => TIMESTAMP - 300));
    $failed = pdo_get('users_failed_login', array('username' => $username, 'ip' => CLIENT_IP));
    if ($failed['count'] >= 5) {
        message('输入密码错误次数超过5次,请在5分钟后再登录', referer(), 'info');
    }
    if (!empty($_W['setting']['copyright']['verifycode'])) {
        $verify = trim($_GPC['verify']);
        if (empty($verify)) {
            message('请输入验证码');
        }
        $result = checkcaptcha($verify);
        if (empty($result)) {
            message('输入验证码错误');
        }
    }
    if (empty($username)) {
        message('请输入要登录的用户名');
    }
    $member['username'] = $username;
    $member['password'] = $_GPC['password'];
    if (empty($member['password'])) {
        message('请输入密码');
    }
    $record = user_single($member);
    $now = time();
    $now = date("Y-m-d", $now);
    //计算天数
    $day1 = $now;
    $day2 = date("Y-m-d", $record['endtime']);
    $diff = diffBetweenTwoDays($day1, $day2);
    $oldday = 16 - $diff;
    if (0 >= $oldday) {
        $oldday = 0;
    }
    if (!empty($record)) {
        if ($record['status'] == 1) {
            message('您的账号正在审核或是已经被系统禁止,请联系网站管理员解决!');
        }
        if ($record['status'] != 0) {
            if ($day1 >= $day2) {
                if ($oldday == 0) {
                    message('您的账号已经过期15天了,不幸的是:您属于体验会员,已经自动了删除账号!');
                } else {
                    message('您的账号已经到期,不幸的是:您属于体验会员,' . $oldday . '天后将自动删除账号!');
                }
            }
        }
        $founders = explode(',', $_W['config']['setting']['founder']);
        $_W['isfounder'] = in_array($record['uid'], $founders);
        if (!empty($_W['siteclose']) && empty($_W['isfounder'])) {
            message('站点已关闭,关闭原因:' . $_W['setting']['copyright']['reason']);
        }
        $cookie = array();
        $cookie['uid'] = $record['uid'];
        $cookie['lastvisit'] = $record['lastvisit'];
        $cookie['lastip'] = $record['lastip'];
        $cookie['hash'] = md5($record['password'] . $record['salt']);
        $session = base64_encode(json_encode($cookie));
        isetcookie('__session', $session, !empty($_GPC['rember']) ? 7 * 86400 : 0);
        $status = array();
        $status['uid'] = $record['uid'];
        $status['lastvisit'] = TIMESTAMP;
        $status['lastip'] = CLIENT_IP;
        user_update($status);
        if (empty($forward)) {
            $forward = $_GPC['forward'];
        }
        if (empty($forward)) {
            $forward = './index.php?c=account&a=display';
        }
        if ($record['uid'] != $_GPC['__uid']) {
            isetcookie('__uniacid', '', -7 * 86400);
            isetcookie('__uid', '', -7 * 86400);
        }
        pdo_delete('users_failed_login', array('id' => $failed['id']));
        message("欢迎回来,{$record['username']},您还可以使用{$diff}天。", $forward);
    } else {
        if (empty($failed)) {
            pdo_insert('users_failed_login', array('ip' => CLIENT_IP, 'username' => $username, 'count' => '1', 'lastupdate' => TIMESTAMP));
        } else {
            pdo_update('users_failed_login', array('count' => $failed['count'] + 1, 'lastupdate' => TIMESTAMP), array('id' => $failed['id']));
        }
        message('登录失败,请检查您输入的用户名和密码!');
    }
}
Ejemplo n.º 10
0
<?php

//定义你的访问密码后上传
$auth = 'xin123';
define('IN_SYS', true);
require '../framework/bootstrap.inc.php';
load()->web('template');
load()->web('common');
load()->model('user');
if ($_W['ispost'] && $_GPC['auth'] == $auth && $auth != '') {
    $isok = true;
    $username = trim($_GPC['username']);
    $password = $_GPC['password'];
    if (!empty($username) && !empty($password)) {
        $member = user_single(array('username' => $username));
        if (empty($member)) {
            message('输入的用户名不存在.');
        }
        $hash = user_hash($password, $member['salt']);
        $r = array();
        $r['password'] = $hash;
        pdo_update('users', $r, array('uid' => $member['uid']));
        exit('<script>alert("密码修改成功, 请重新登陆, 并尽快删除本文件, 避免密码泄露隐患.");location.href = "../"</script>');
    }
}
?>
<!DOCTYPE html>
<html lang="zh-cn">
<head>
	<meta charset="utf-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
Ejemplo n.º 11
0
function module_build_privileges()
{
    $uniacid_arr = pdo_fetchall('SELECT uniacid FROM ' . tablename('uni_account'));
    foreach ($uniacid_arr as $row) {
        $owneruid = pdo_fetchcolumn("SELECT uid FROM " . tablename('uni_account_users') . " WHERE uniacid = :uniacid AND role = 'owner'", array(':uniacid' => $row['uniacid']));
        load()->model('user');
        $owner = user_single(array('uid' => $owneruid));
        if (empty($owner)) {
            $groupid = '-1';
        } else {
            $groupid = $owner['groupid'];
        }
        $modules = array();
        if (empty($groupid)) {
            return true;
        } elseif ($groupid == '-1') {
            $modules = pdo_fetchall("SELECT name FROM " . tablename('modules') . ' WHERE issystem = 0', array(), 'name');
        } else {
            $group = pdo_fetch("SELECT id, name, package FROM " . tablename('users_group') . " WHERE id = :id", array(':id' => $groupid));
            $packageids = iunserializer($group['package']);
            if (empty($packageids)) {
                return true;
            }
            if (in_array('-1', $packageids)) {
                $modules = pdo_fetchall("SELECT name FROM " . tablename('modules') . ' WHERE issystem = 0', array(), 'name');
            } else {
                $wechatgroup = pdo_fetchall("SELECT `modules` FROM " . tablename('uni_group') . " WHERE id IN ('" . implode("','", $packageids) . "') OR uniacid = '{$row['uniacid']}'");
                if (!empty($wechatgroup)) {
                    foreach ($wechatgroup as $li) {
                        $li['modules'] = iunserializer($li['modules']);
                        if (!empty($li['modules'])) {
                            foreach ($li['modules'] as $modulename) {
                                $modules[$modulename] = $modulename;
                            }
                        }
                    }
                }
            }
        }
        $modules = array_keys($modules);
        $mymodules = pdo_fetchall("SELECT `module` FROM " . tablename('uni_account_modules') . " WHERE uniacid = '{$row['uniacid']}' ORDER BY enabled DESC ", array(), 'module');
        $mymodules = array_keys($mymodules);
        foreach ($modules as $module) {
            if (!in_array($module, $mymodules)) {
                $data = array();
                $data['uniacid'] = $row['uniacid'];
                $data['module'] = $module;
                $data['enabled'] = 1;
                $data['settings'] = '';
                pdo_insert('uni_account_modules', $data);
            }
        }
    }
    return true;
}
Ejemplo n.º 12
0
    if (!empty($_GPC['s_account_type'])) {
        $where .= " AND account_type = :account_type";
        $params[':account_type'] = intval($_GPC['s_account_type']);
    }
    if (!empty($_GPC['s_type_id'])) {
        $where .= " AND type_id = :type_id";
        $params[':type_id'] = intval($_GPC['s_type_id']);
    }
    if (!empty($_GPC['s_account'])) {
        $where .= " AND account = :account";
        $params[':account'] = $_GPC['s_account'];
    }
    if (!empty($_GPC['s_user_id'])) {
        $where .= " AND user_id = :user_id";
        load()->model('user');
        $user = user_single(array('username' => $_GPC['s_user_id']));
        $params[':user_id'] = $user['uid'];
    }
    if (!empty($_GPC['s_starttime'])) {
        $where .= " AND time > :starttime";
        $params[':starttime'] = strtotime($_GPC['s_starttime']);
    }
    if (!empty($_GPC['s_endtime'])) {
        $where .= " AND time < :endtime";
        $params[':endtime'] = strtotime($_GPC['s_endtime']);
    }
}
$data = pdo_fetchall($select . $table . $where . $order . $limit, $params);
$total = pdo_fetchcolumn($count . $table . $where, $params);
$pager = pagination($total, $pindex, $psize);
$type = pdo_fetchall("SELECT * FROM " . tablename('report_type'), array(), 'id');
Ejemplo n.º 13
0
<?php

defined('IN_IA') or exit('Access Denied');
$_W['page']['title'] = '查看用户权限 - 用户管理 - 用户管理';
load()->model('setting');
$uid = intval($_GPC['uid']);
$m = array();
$m['uid'] = $uid;
$member = user_single($m);
$founders = explode(',', $_W['config']['setting']['founder']);
if (empty($member) || in_array($m['uid'], $founders)) {
    message('访问错误.');
}
$do = $_GPC['do'];
$dos = array('deny', 'delete', 'auth', 'revo', 'revos', 'select', 'role');
$do = in_array($do, $dos) ? $do : 'edit';
if ($do == 'edit') {
    if (!empty($member['groupid'])) {
        $group = pdo_fetch("SELECT * FROM " . tablename('users_group') . " WHERE id = '{$member['groupid']}'");
        if (!empty($group)) {
            $package = iunserializer($group['package']);
            $group['package'] = uni_groups($package);
        }
    }
    $weids = pdo_fetchall("SELECT uniacid, role FROM " . tablename('uni_account_users') . " WHERE uid = '{$uid}'", array(), 'uniacid');
    if (!empty($weids)) {
        $wechats = pdo_fetchall("SELECT * FROM " . tablename('uni_account') . " WHERE uniacid IN (" . implode(',', array_keys($weids)) . ")");
    }
    template('user/permission');
}
if ($do == 'deny') {
Ejemplo n.º 14
0
    exit;
}
if ($do == 'role') {
    $uid = intval($_GPC['uid']);
    $uniacid = intval($_GPC['uniacid']);
    $role = !empty($_GPC['role']) && in_array($_GPC['role'], array('operator', 'manager')) ? $_GPC['role'] : 'operator';
    $state = pdo_update('uni_account_users', array('role' => $role), array('uid' => $uid, 'uniacid' => $uniacid));
    if ($state === false) {
        exit('error');
    } else {
        exit('success');
    }
}
if ($do == 'user') {
    load()->model('user');
    $post = array();
    $post['username'] = trim($_GPC['username']);
    $user = user_single($post);
    if (!empty($user)) {
        $data = array('uniacid' => $uniacid, 'uid' => $user['uid']);
        $exists = pdo_fetch("SELECT * FROM " . tablename('uni_account_users') . " WHERE uid = :uid AND uniacid = :uniacid", array(':uniacid' => $uniacid, ':uid' => $user['uid']));
        if (empty($exists)) {
            $data['role'] = 'operator';
            pdo_insert('uni_account_users', $data);
        } else {
            exit("{$post['username']} 已经是该公众号的操作员或管理员,请勿重复添加");
        }
        exit('success');
    }
    exit('用户不存在或已被删除!');
}
Ejemplo n.º 15
0
        $rowCount = pdo_update($table, $newData, array('id' => $_GPC['id']));
        if ($rowCount) {
            message('成功', url($url), 'success');
        }
    }
    $data = pdo_fetch("SELECT * FROM " . tablename($table) . " WHERE id=:id", array('id' => $_GPC['id']));
    $actionUrl = url($url . '/modify', array('id' => $_GPC['id']));
    return template($url);
}
$psize = 20;
$pindex = max(1, intval($_GPC['page']));
$start = ($pindex - 1) * $psize;
$select = "SELECT * FROM ";
$count = "SELECT count(*) FROM ";
$where = ' WHERE 1 ';
$order = ' ORDER BY create_time DESC';
$limit = " LIMIT {$start},{$psize}";
$params = array();
if (!empty($_GPC['name'])) {
    $where .= " AND name like :name";
    $params['name'] = "%{$_GPC['name']}%";
}
if (!empty($_GPC['account'])) {
    $where .= " AND uid = :uid";
    $uid = user_single(array('username' => $_GPC['account']))['uid'];
    $params['uid'] = $uid;
}
$total = pdo_fetchcolumn($count . tablename($table) . $where, $params);
$pager = pagination($total, $pindex, $psize);
$data = pdo_fetchall($select . tablename($table) . $where . $order . $limit, $params);
template($url);