function EditUser($userid, $username, $password, $repassword, $groupid, $adminclass, $oldusername, $checked, $styleid, $loginuserid, $loginusername) { global $empire, $class_r, $dbtbpre; $userid = (int) $userid; if (!$userid || !$username) { printerror("EnterUsername", "history.go(-1)"); } //操作权限 CheckLevel($loginuserid, $loginusername, $classid, "user"); //修改用户名 if ($oldusername != $username) { $num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsuser where username='******' and userid<>{$userid} limit 1"); if ($num) { printerror("ReUsername", "history.go(-1)"); } //修改信息 //$nsql=$empire->query("update {$dbtbpre}enewsnews set username='******' where username='******'"); //修改日志 $lsql = $empire->query("update {$dbtbpre}enewslog set username='******' where username='******'"); $lsql = $empire->query("update {$dbtbpre}enewsdolog set username='******' where username='******'"); } //修改密码 if ($password) { if ($password != $repassword) { printerror("NotRepassword", "history.go(-1)"); } if (strlen($password) < 6) { printerror("LessPassword", "history.go(-1)"); } $salt = make_password(8); $salt2 = make_password(20); $password = DoEmpireCMSAdminPassword($password, $salt, $salt2); $add = ",password='******',salt='{$salt}',salt2='{$salt2}'"; } //管理目录 for ($i = 0; $i < count($adminclass); $i++) { //大栏目 if (empty($class_r[$adminclass[$i]][islast])) { if (empty($class_r[$adminclass[$i]][sonclass]) || $class_r[$adminclass[$i]][sonclass] == "|") { continue; } else { $andclass = substr($class_r[$adminclass[$i]][sonclass], 1); } $insert_class .= $andclass; } else { $insert_class .= $adminclass[$i] . "|"; } } $insert_class = "|" . $insert_class; $styleid = (int) $styleid; $groupid = (int) $groupid; $checked = (int) $checked; $filelevel = (int) $_POST['filelevel']; $classid = (int) $_POST['classid']; $truename = ehtmlspecialchars($_POST['truename']); $email = ehtmlspecialchars($_POST['email']); $openip = ehtmlspecialchars($_POST['openip']); $sql = $empire->query("update {$dbtbpre}enewsuser set username='******',groupid={$groupid},adminclass='{$insert_class}',checked={$checked},styleid={$styleid},filelevel='{$filelevel}',truename='{$truename}',email='{$email}',classid='{$classid}'" . $add . " where userid='{$userid}'"); //安全提问 $equestion = (int) $_POST['equestion']; $eanswer = $_POST['eanswer']; $uadd = ''; if ($equestion) { if ($equestion != $_POST['oldequestion'] && !$eanswer) { printerror('EmptyEAnswer', ''); } if ($eanswer) { $eanswer = ReturnHLoginQuestionStr($userid, $username, $equestion, $eanswer); $uadd = ",eanswer='{$eanswer}'"; } } else { $uadd = ",eanswer=''"; } $empire->query("update {$dbtbpre}enewsuseradd set equestion='{$equestion}',openip='{$openip}'" . $uadd . " where userid='{$userid}'"); if ($sql) { //操作日志 insert_dolog("userid=" . $userid . "<br>username="******"delete from {$dbtbpre}enewsclassnavcache where navtype='userenews' and userid='{$userid}'"); $cache_enews = 'douserinfo'; $cache_ecmstourl = urlencode('user/ListUser.php' . hReturnEcmsHashStrHref2(1)); $cache_mess = 'EditUserSuccess'; $cache_uid = $userid; $cache_url = "../CreateCache.php?enews={$cache_enews}&uid={$cache_uid}&ecmstourl={$cache_ecmstourl}&mess={$cache_mess}" . hReturnEcmsHashStrHref2(0); echo '<meta http-equiv="refresh" content="0;url=' . $cache_url . '">'; db_close(); $empire = null; exit; } printerror("EditUserSuccess", "ListUser.php" . hReturnEcmsHashStrHref2(1)); } else { printerror("DbError", "history.go(-1)"); } }
function login($username,$password,$key,$post){ global $empire,$public_r,$dbtbpre,$ecms_config; $username=RepPostVar($username); $password=RepPostVar($password); if(!$username||!$password) { printerror("EmptyKey","index.php"); } //验证码 $keyvname='checkkey'; if(!$public_r['adminloginkey']) { ecmsCheckShowKey($keyvname,$key,0,0); } if(strlen($username)>30||strlen($password)>30) { printerror("EmptyKey","index.php"); } $loginip=egetip(); $logintime=time(); CheckLoginNum($loginip,$logintime); //认证码 if($ecms_config['esafe']['loginauth']&&$ecms_config['esafe']['loginauth']!=$post['loginauth']) { InsertErrorLoginNum($username,$password,1,$loginip,$logintime); printerror("ErrorLoginAuth","index.php"); } $user_r=$empire->fetch1("select userid,password,salt,salt2,lasttime,lastip,addtime,addip,userprikey,lastipport,addipport from {$dbtbpre}enewsuser where username='******' and checked=0 limit 1"); if(!$user_r['userid']) { InsertErrorLoginNum($username,$password,0,$loginip,$logintime); printerror("LoginFail","index.php"); } $ch_password=DoEmpireCMSAdminPassword($password,$user_r['salt'],$user_r['salt2']); if($user_r['password']!=$ch_password) { InsertErrorLoginNum($username,$password,0,$loginip,$logintime); printerror("LoginFail","index.php"); } //安全问答 $user_addr=$empire->fetch1("select userid,equestion,eanswer,openip,certkey from {$dbtbpre}enewsuseradd where userid='$user_r[userid]'"); if(!$user_addr['userid']) { InsertErrorLoginNum($username,$password,0,$loginip,$logintime); printerror("LoginFail","index.php"); } if($user_addr['equestion']) { $equestion=(int)$post['equestion']; $eanswer=$post['eanswer']; if($user_addr['equestion']!=$equestion) { InsertErrorLoginNum($username,$password,0,$loginip,$logintime); printerror("LoginFail","index.php"); } $ckeanswer=ReturnHLoginQuestionStr($user_r['userid'],$username,$user_addr['equestion'],$eanswer); if($ckeanswer!=$user_addr['eanswer']) { InsertErrorLoginNum($username,$password,0,$loginip,$logintime); printerror("LoginFail","index.php"); } } //IP限制 if($user_addr['openip']) { eCheckAccessAdminLoginIp($user_addr['openip']); } //取得随机密码 $rnd=make_password(20); $loginipport=egetipport(); $sql=$empire->query("update {$dbtbpre}enewsuser set rnd='$rnd',loginnum=loginnum+1,lastip='$loginip',lasttime='$logintime',pretime='$user_r[lasttime]',preip='".RepPostVar($user_r[lastip])."',lastipport='$loginipport',preipport='".RepPostVar($user_r[lastipport])."' where username='******' limit 1"); $r=$empire->fetch1("select groupid,userid,styleid,userprikey from {$dbtbpre}enewsuser where username='******' limit 1"); //样式 if(empty($r[styleid])) { $stylepath=$public_r['defadminstyle']?$public_r['defadminstyle']:1; } else { $styler=$empire->fetch1("select path,styleid from {$dbtbpre}enewsadminstyle where styleid='$r[styleid]'"); if(empty($styler[styleid])) { $stylepath=$public_r['defadminstyle']?$public_r['defadminstyle']:1; } else { $stylepath=$styler['path']; } } //设置备份 $cdbdata=0; $bnum=$empire->gettotal("select count(*) as total from {$dbtbpre}enewsgroup where groupid='$r[groupid]' and dodbdata=1"); if($bnum) { $cdbdata=1; $set5=esetcookie("ecmsdodbdata","empirecms",0,1); } else { $set5=esetcookie("ecmsdodbdata","",0,1); } ecmsEmptyShowKey($keyvname,0);//清空验证码 $set4=esetcookie("loginuserid",$r[userid],0,1); $set1=esetcookie("loginusername",$username,0,1); $set2=esetcookie("loginrnd",$rnd,0,1); $set3=esetcookie("loginlevel",$r[groupid],0,1); $set5=esetcookie("eloginlic","empirecmslic",0,1); $set6=esetcookie("loginadminstyleid",$stylepath,0,1); //COOKIE加密验证 DoEDelFileRnd($r[userid]); DoECookieRnd($r[userid],$username,$rnd,$r['userprikey'],$cdbdata,$r[groupid],intval($stylepath),$logintime); //最后登陆时间 $set4=esetcookie("logintime",$logintime,0,1); $set5=esetcookie("truelogintime",$logintime,0,1); esetcookie('ecertkeyrnds','',0); //写入日志 insert_log($username,'',1,$loginip,0); //FireWall FWSetPassword(); if($set1&&$set2&&$set3) { $cache_enews='doclass,doinfo,douserinfo'; $cache_ecmstourl='admin.php'.urlencode(hReturnEcmsHashStrDef(1,'ehref')); $cache_mess='LoginSuccess'; $cache_url="CreateCache.php?enews=$cache_enews&ecmstourl=$cache_ecmstourl&mess=$cache_mess".hReturnEcmsHashStrDef(0,'ehref'); //操作日志 insert_dolog(""); if($post['adminwindow']) { ?> <script> AdminWin=window.open("<?=$cache_url?>","EmpireCMS","scrollbars"); AdminWin.moveTo(0,0); AdminWin.resizeTo(screen.width,screen.height-30); self.location.href="blank.php"; </script> <? exit(); } else { //printerror("LoginSuccess",$cache_url); echo'<meta http-equiv="refresh" content="0;url='.$cache_url.'">'; db_close(); $empire=null; exit(); } } else { printerror("NotCookie","index.php"); } }
function EditPassword($userid, $username, $oldpassword, $password, $repassword, $styleid, $oldstyleid, $add) { global $empire, $dbtbpre, $gr; $styleid = (int) $styleid; $oldstyleid = (int) $oldstyleid; $username = RepPostVar($username); $oldpassword = RepPostVar($oldpassword); $password = RepPostVar($password); $truename = RepPostStr($add[truename]); $email = RepPostStr($add[email]); if (!$userid || !$username) { printerror("EmptyOldPassword", "history.go(-1)"); } //修改密码 $a = ''; if ($oldpassword) { if (!$username || !$oldpassword) { printerror("EmptyOldPassword", "history.go(-1)"); } if (!trim($password) || !trim($repassword)) { printerror("EmptyNewPassword", "history.go(-1)"); } if ($password != $repassword) { printerror("NotRepassword", "history.go(-1)"); } if (strlen($password) < 6) { printerror("LessPassword", "history.go(-1)"); } $user_r = $empire->fetch1("select userid,password,salt,salt2 from {$dbtbpre}enewsuser where username='******' limit 1"); if (!$user_r['userid']) { printerror("OldPasswordFail", "history.go(-1)"); } $ch_oldpassword = DoEmpireCMSAdminPassword($oldpassword, $user_r['salt'], $user_r['salt2']); if ($user_r['password'] != $ch_oldpassword) { printerror("OldPasswordFail", "history.go(-1)"); } $salt = make_password(8); $salt2 = make_password(20); $password = DoEmpireCMSAdminPassword($password, $salt, $salt2); $a = ",password='******',salt='{$salt}',salt2='{$salt2}'"; } //风格 if ($gr['dochadminstyle']) { $a .= ",styleid='{$styleid}'"; } $sql = $empire->query("update {$dbtbpre}enewsuser set truename='{$truename}',email='{$email}'" . $a . " where username='******'"); //安全提问 $equestion = (int) $_POST['equestion']; $eanswer = $_POST['eanswer']; $uadd = ''; if ($equestion) { if ($equestion != $_POST['oldequestion'] && !$eanswer) { printerror('EmptyEAnswer', ''); } if ($eanswer) { $eanswer = ReturnHLoginQuestionStr($userid, $username, $equestion, $eanswer); $uadd = ",eanswer='{$eanswer}'"; } } else { $uadd = ",eanswer=''"; } $empire->query("update {$dbtbpre}enewsuseradd set equestion='{$equestion}'" . $uadd . " where userid='{$userid}'"); if ($sql) { //操作日志 insert_dolog(""); //改变风格 if ($styleid != $oldstyleid) { $styler = $empire->fetch1("select path from {$dbtbpre}enewsadminstyle where styleid='{$styleid}'"); if ($styler['path']) { $set = esetcookie("loginadminstyleid", $styler['path'], 0, 1); } printerror("EditPasswordSuccessLogin", "../index.php"); //echo"Edit password success!<script>parent.location.href='../admin.php".hReturnEcmsHashStrHref2(1)."';</script>"; exit; } else { printerror("EditPasswordSuccess", "EditPassword.php" . hReturnEcmsHashStrHref2(1)); } } else { printerror("DbError", "history.go(-1)"); } }