Ejemplo n.º 1
0
 public static function verify_login_in($username, $password, $logintype = 2)
 {
     if ($logintype == 1) {
         $password_md5 = md5($password);
     } elseif ($logintype == 2) {
         $password_md5 = $password;
     } elseif ($logintype == 3) {
         $password_md5 = $password;
     }
     $select = "SELECT * FROM gamebi_admin_user WHERE `user_name`='{$username}' and `password`='{$password_md5}'";
     if (pm_db::query($select)) {
         $data = pm_db::num_rows();
         if ($data > 0) {
             $auth_key = self::get_user_agent();
             $auth_password = $password;
             $auth_username = $username;
             $cookie_value = authcode($auth_username . ':' . $auth_key . ':' . $auth_password, $operation = 'ENCODE');
             $cookie_expire = time() + 7200;
             //20分钟
             $cook_pre = AUTH_KEY . '_admin_auth';
             $_COOKIE[$cook_pre] = $cookie_value;
             setcookie(AUTH_KEY . '_admin_auth', $cookie_value, $cookie_expire, PATH_COOKIE);
             defined('USERNAME') || define('USERNAME', $username);
             $row_info = pm_db::fetch_one();
             defined('TRUENAME') || define('TRUENAME', $row_info['truename']);
             defined('ADMINLEVEL') || define('ADMINLEVEL', $row_info['level']);
             defined('ADMINUSERID') || define('ADMINUSERID', $row_info['user_id']);
             defined('ISSUPERADMIN') || define('ISSUPERADMIN', $row_info['is_super']);
             if (ADMINLEVEL == 1) {
                 defined('If_manager') || define('If_manager', 1);
                 $rightset = array();
             } else {
                 defined('If_manager') || define('If_manager', 0);
                 $rightset = array();
                 $rightset = r_unserialize($row_info['rights']);
                 $crmi = strpos($row_info['rights'], "crmhome_index");
                 $summary = strpos($row_info['rights'], 'summarybutton');
                 defined('CRM') || define('CRM', $crmi);
                 defined('SUMMARY') || define('SUMMARY', $summary);
                 $sys_con = self::get_control();
                 //用户当前进行的操作
                 if (empty($sys_con) || $sys_con['c'] == 'login' || $sys_con['c'] == 'securimage' || globalrt($sys_con) || $_GET['c'] == 'tweet') {
                 } else {
                     $if_auth = false;
                     foreach ($rightset as $k => $v) {
                         if (is_int(strrpos($k, 'fl111'))) {
                             $ka = explode('fl111', $k);
                             foreach ($ka as $v) {
                                 $rt = self::getrt($v);
                                 if ($rt == $sys_con) {
                                     $if_auth = true;
                                 }
                             }
                         } else {
                             $rt = self::getrt($k);
                             if ($rt == $sys_con) {
                                 $if_auth = true;
                             }
                         }
                     }
                     if ($if_auth) {
                         return true;
                     } else {
                         $sourceurl = $_SERVER['HTTP_REFERER'];
                         if ($sourceurl == 'http://gamebi.feiliu.com/?c=login&a=menu' || $sourceurl == '?c=login&a=menu') {
                             $sourceurl = '?c=login&a=welcome';
                         }
                         $error = '抱歉,您没有对应的操作权限,如有所需,请联系管理员。';
                         $http = $sourceurl;
                         $stop_loop = 0;
                         //没权限不跳转
                         self::message($error, $http);
                         exit;
                     }
                 }
             }
             $admin_recordfile = PATH_ADMIN_LOG_PATH . "/admin_log_" . date('Y-m-d') . ".php";
             $onlineip = get_client_ip();
             $new_record = "<?die;?>|{$username}|***|Logging Failed|{$onlineip}|" . time() . "|\n";
             //登陆次数限制
             //writeover($admin_recordfile,$new_record,"ab");
             return true;
         } else {
             self::log_error_login($username, $password);
             setcookie(AUTH_KEY . '_admin_auth', 0, 100, '/', PATH_COOKIE);
             pm_tpl::assign('error', '账号或密码错误');
             pm_tpl::display('login');
             exit;
         }
     }
 }
Ejemplo n.º 2
0
 public static function member_password($user_id, $password, $type = 1)
 {
     $sql_add = '';
     if ($type == 1) {
         $sql_add = " AND level=!'1')";
     }
     if (ADMINUSERID == $user_id) {
         $oldpassword = empty($_POST['oldpassword']) ? '' : $_POST['oldpassword'];
         if (empty($oldpassword)) {
             throw new Exception("请输入原始密码.");
         }
         $oldpassword = md5($oldpassword);
         pm_db::query("SELECT name,adminright FROM iosadm_admin_user WHERE user_id='{$user_id}' and password='******' {$sql_add}");
         $how = pm_db::num_rows();
         if ($how == 0) {
             throw new Exception("原始密码不正确.");
         }
         //修改自己密码
     }
     pm_db::query("SELECT name,adminright FROM iosadm_admin_user WHERE user_id='{$user_id}' {$sql_add}");
     $how = pm_db::num_rows();
     if ($how == 0) {
         throw new Exception("没有这个用户.");
     }
     if ($password != '') {
         if (strlen($password) < 6) {
             throw new Exception("密码长度不够,最少6位.");
         }
         $S_key = array("\\", '&', ' ', "'", '"', '/', '*', ',', '<', '>', "\r", "\t", "\n", '#');
         foreach ($S_key as $value) {
             if (strpos($password, $value) !== false) {
                 throw new Exception("密码不能包含特殊字符.");
             }
         }
         $password = md5($password);
         pm_db::query("UPDATE iosadm_admin_user SET password='******' WHERE user_id='{$user_id}'");
         return true;
     } else {
         throw new Exception("请输入新密码.");
     }
 }