}
$_COOKIE = addslashes_deep($_COOKIE);
$_REQUEST = addslashes_deep($_REQUEST);
}
if (PHP_VERSION >= '5.1' && !empty($timezone)) {
date_default_timezone_set($timezone);
}
require ROOT_PATH . 'includes/cls_mysql.php';
$db = new cls_mysql($db_host, $db_user, $db_password, $db_name);
$db_host = $db_user = $db_password = $db_name = NULL;
$smarty = new Smarty();
$smarty->debugging = false;
$smarty->caching = 2;
$smarty->config_load('xjoj.conf');
$login_user = array();
session_start();
ob_start();
if (isset($_COOKIE['user_id']) && !empty($_COOKIE['user_id'])) {
$sql = "select * from author where password='******'password']}' and user_id='{$_COOKIE['user_id']}'";
//使用建立缓存的sql查询
$login_user = $db->getRow($sql);
if (empty($login_user['user_id'])) {
setcookie('user_id', '');
setcookie('password', '');
$login_user = array();
}
}
$smarty->assign('login_user', $login_user);
?>
include_once ROOT_PATH . 'includes/cls_json.php';
$ucdb = new cls_mysql(UC_DBHOST, UC_DBUSER, UC_DBPW, UC_DBNAME, UC_DBCHARSET);
$json = new JSON();
$result = array('error' => 0, 'message' => '');
$maxuid = intval($ucdb->getOne("SELECT MAX(uid)+1 FROM " . UC_DBTABLEPRE . "members LIMIT 1"));
$merge_method = intval($_POST['merge']);
$merge_uid = array();
$uc_uid = array();
$repeat_user = array();
$query = $db->query("SELECT * FROM " . $ecs->table('users') . " ORDER BY `user_id` ASC");
while ($data = $db->fetch_array($query)) {
$salt = rand(100000, 999999);
$password = md5($data['password'] . $salt);
$data['username'] = addslashes($data['user_name']);
$lastuid = $data['user_id'] + $maxuid;
$uc_userinfo = $ucdb->getRow("SELECT `uid`, `password`, `salt` FROM " . UC_DBTABLEPRE . "members WHERE `username`='{$data['username']}'");
if (!$uc_userinfo) {
$ucdb->query("INSERT LOW_PRIORITY INTO " . UC_DBTABLEPRE . "members SET uid='{$lastuid}', username='******'username']}', password='******', email='{$data['email']}', regip='{$data['regip']}', regdate='{$data['regdate']}', salt='{$salt}'", 'SILENT');
$ucdb->query("INSERT LOW_PRIORITY INTO " . UC_DBTABLEPRE . "memberfields SET uid='{$lastuid}'", 'SILENT');
} else {
if ($merge_method == 1) {
if (md5($data['password'] . $uc_userinfo['salt']) == $uc_userinfo['password']) {
$merge_uid[] = $data['user_id'];
$uc_uid[] = array('user_id' => $data['user_id'], 'uid' => $uc_userinfo['uid']);
continue;
}
}
$ucdb->query("REPLACE INTO " . UC_DBTABLEPRE . "mergemembers SET appid='" . UC_APPID . "', username='******'username']}'", 'SILENT');
$repeat_user[] = $data;
}
}
if ($data["Auto_increment"]) {
$maxuid = $data["Auto_increment"] - 1;
} else {
$maxuid = 0;
}
$merge_method = intval($_POST['merge']);
$merge_uid = array();
$uc_uid = array();
$repeat_user = array();
$query = $db->query("SELECT * FROM " . $ecs->table('users') . " ORDER BY `user_id` ASC");
while ($data = $db->fetch_array($query)) {
$salt = rand(100000, 999999);
$password = md5($data['password'] . $salt);
$data['username'] = addslashes($data['user_name']);
$lastuid = $data['user_id'] + $maxuid;
$uc_userinfo = $ucdb->getRow("SELECT `uid`, `password`, `salt` FROM " . $cfg['db_pre'] . "members WHERE `username`='{$data['username']}'");
if (!$uc_userinfo) {
$ucdb->query("INSERT LOW_PRIORITY INTO " . $cfg['db_pre'] . "members SET uid='{$lastuid}', username='******'username']}', password='******', email='{$data['email']}', regip='{$data['regip']}', regdate='{$data['regdate']}', salt='{$salt}'", 'SILENT');
$ucdb->query("INSERT LOW_PRIORITY INTO " . $cfg['db_pre'] . "memberfields SET uid='{$lastuid}'", 'SILENT');
} else {
if ($merge_method == 1) {
if (md5($data['password'] . $uc_userinfo['salt']) == $uc_userinfo['password']) {
$merge_uid[] = $data['user_id'];
$uc_uid[] = array('user_id' => $data['user_id'], 'uid' => $uc_userinfo['uid']);
continue;
}
}
$ucdb->query("REPLACE INTO " . $cfg['db_pre'] . "mergemembers SET appid='" . UC_APPID . "', username='******'username']}'", 'SILENT');
$repeat_user[] = $data;
}
}
}
if (isset($_SERVER['PHP_SELF'])) {
$_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF']);
}
if (!defined('INIT_NO_SMARTY')) {
header('Cache-control: private');
header('Content-type: text/html; charset=' . EC_CHARSET);
/* 创建 Smarty 对象。*/
require ROOT_PATH . 'includes/cls_template.php';
$smarty = new cls_template();
/*获取代理商关联user_id add by hg for date 2014-04-01*/
$agency_where = agency_goods();
$agency_user_id_arr = explode(' ', $agency_where);
$agency_user_id = $agency_user_id_arr[2];
if ($agency_user_id) {
$user_tpl = $db->getRow("select agency_template from " . $ecs->table('admin_user') . " where agency_user_id = {$agency_user_id}");
} else {
$user_tpl = $db->getRow("select agency_template from " . $ecs->table('admin_user') . " where agency_user_id is null or action_list = 'all'");
}
if (!empty($user_tpl['agency_template'])) {
//反序列化
$user_tpl = unserialize($user_tpl['agency_template']);
$_CFG['template'] = $user_tpl['tpl_name'];
$_CFG['stylename'] = $user_tpl['tpl_fg'];
} else {
}
//清理模板
clear_all_files();
/*end*/
$smarty->cache_lifetime = $_CFG['cache_time'];
$smarty->template_dir = ROOT_PATH . 'themes/' . $_CFG['template'];
}
} else {
login_display("账号不正确");
}
} else {
//管理员正常登陆逻辑, 包括班主任(班级管理员)
$sql = "SELECT `ec_salt` FROM " . $ecs->table('admin_user') . "WHERE user_name = '" . $_POST['username'] . "'";
$ec_salt = $db->getOne($sql);
if (!empty($ec_salt)) {
/* 检查密码是否正确 */
$sql = "SELECT * " . " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username'] . "' AND password = '******'password']) . $ec_salt) . "'";
} else {
/* 检查密码是否正确 */
$sql = "SELECT * " . " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username'] . "' AND password = '******'password']) . "'";
}
$row = $db->getRow($sql);
if ($row) {
if (!$row["is_active"]) {
login_display("此用户已经被注销,请联系超级管理员激活");
}
if (empty($row['ec_salt'])) {
$ec_salt = rand(1, 9999);
$new_possword = md5(md5($_POST['password']) . $ec_salt);
$db->query("UPDATE " . $ecs->table('admin_user') . " SET ec_salt='" . $ec_salt . "', password='******'" . " WHERE user_id='{$_SESSION['admin_id']}'");
}
// 更新最后登录时间和IP
$db->query("UPDATE " . $ecs->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'");
} else {
login_display("账号或密码不正确");
}
//TODO
} else {
error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));
}
if ((DEBUG_MODE & 4) == 4) {
include ROOT_PATH . 'includes/lib.debug.php';
}
/* 判断是否支持 Gzip 模式 */
if (!defined('INIT_NO_SMARTY') && gzip_enabled()) {
ob_start('ob_gzhandler');
} else {
ob_start();
}
$smarty->assign('open_team', $_CFG['open_team']);
$smarty->assign('shop_name', $_CFG['shop_name']);
$smarty->assign('HTTP_HOST', $_SERVER['HTTP_HOST']);
$weixin_config_rows = $db->getRow("select * from " . $hhs->table('weixin_config') . "");
$appid = $weixin_config_rows['appid'];
$appsecret = $weixin_config_rows['appsecret'];
include ROOT_PATH . 'wxpay/class_weixin.php';
setcookie("appid", $appid);
setcookie("appsecret", $appsecret);
if (isset($_GET['code'])) {
$back_openid_arr = get_openid($appid, $appsecret, $_GET['code']);
//var_dump($back_openid_arr);exit();
$_SESSION['xaphp_sopenid'] = $back_openid_arr['openid'];
$_SESSION['A_token'] = $back_openid_arr['access_token'];
//$access_token=$back_openid_arr['access_token'];
$pattern1 = '/[\\?]code=[^&]*/i';
$pattern2 = "/&code=[^&]*/i";
$uri = preg_replace($pattern1, '', $_SERVER['REQUEST_URI']);
$uri = preg_replace($pattern2, '', $uri);
