<?php
if (isset($_GET[task]) && "logout" == $_GET[task]) {
if (!isset($_SESSION)) {
session_start();
}
session_destroy();
echo "<script>location.href='admin.php';</script>";
exit;
} else {
require_once "action/smarty_inc.php";
if (isset($_GET[error]) && !empty($_GET[error])) {
if (md5("ERROR") == $_GET[error]) {
$smarty->assign("err_code", "1");
$smarty->assign("err_info", "非法提交!");
} else {
if (md5("RANDOM") == $_GET[error]) {
require_once "action/SysCrypt.class.php";
$sc = new SysCrypt('');
$smarty->assign("username", $sc->php_decrypt($_GET[u]));
$smarty->assign("err_code", "2");
$smarty->assign("err_info", "验证码错误!");
} else {
$smarty->assign("err_code", "3");
$smarty->assign("err_info", "用户名或密码错误!");
}
}
}
$smarty->display("admin.html");
}
if (isset($_POST[randomCode]) && 4 == strlen($_POST[randomCode])) {
session_start();
$username = str_replace(" ", "", $_POST[username]);
$query = $db->query("select * from user where username = '******'");
$us = is_array($row = $db->fetch_array($query));
$ps = $us ? md5($_POST[password]) == $row[password] : FALSE;
if ($ps) {
$_SESSION['WEB_AAMS_USER_LOGIN_UID_SESSION'] = $row[id];
$_SESSION['WEB_AAMS_USER_LOGIN_UNAME_SESSION'] = $row[username];
$_SESSION['WEB_AAMS_USER_LOGIN_SESSION'] = md5($row[username] . $row[password] . "TKBK");
$_SESSION['WEB_AAMS_USER_LOGIN_BEAN_SESSION'] = $row;
$_SESSION['WEB_AAMS_USER_LOGIN_ONTIME_SESSION'] = mktime();
$db->addLog("CAP11001", $_SESSION['WEB_AAMS_USER_LOGIN_UID_SESSION'], "成功", "系统登录", "系统登录成功!");
echo "<script>location.href='../main.php'</script>";
} else {
session_destroy();
$db->addLog("CAP11001", $_SESSION['WEB_AAMS_USER_LOGIN_UID_SESSION'], "失败", "系统登录", "用户名或密码错误!");
echo "<script>alert('用户名或密码错误!');location.href='../admin.php'</script>";
//?error=".md5('PASSWORD')."
}
} else {
require_once "../action/SysCrypt.class.php";
$sc = new SysCrypt('');
$username = $sc->php_encrypt($_POST[username]);
$db->addLog("CAP11001", $_SESSION['WEB_AAMS_USER_LOGIN_UID_SESSION'], "失败", "系统登录", "验证码错误!");
echo "<script>alert('验证码错误!');location.href='../admin.php?error=" . md5('RANDOM') . "&u=" . $username . "'</script>";
}
} else {
$db->addLog("CAP11001", $_SESSION['WEB_AAMS_USER_LOGIN_UID_SESSION'], "失败", "系统登录", "非法提交!");
echo "<script>alert('非法提交!');location.href='../admin.php?error=" . md5('ERROR') . "'</script>";
}
$tmp = '';
for ($i = 0; $i < strlen($txt); $i++) {
$md5 = $txt[$i];
$tmp .= $txt[++$i] ^ $md5;
}
return $tmp;
}
private function __key($txt, $encrypt_key)
{
$encrypt_key = md5($encrypt_key);
$ctr = 0;
$tmp = '';
for ($i = 0; $i < strlen($txt); $i++) {
$ctr = $ctr == strlen($encrypt_key) ? 0 : $ctr;
$tmp .= $txt[$i] ^ $encrypt_key[$ctr++];
}
return $tmp;
}
public function __destruct()
{
$this->crypt_key = null;
}
}
$sc = new SysCrypt('phpwms');
$text = '110';
print $sc->php_encrypt($text);
print '<br>';
print $sc->php_decrypt($sc->php_encrypt($text));
?>
