function s_check_logincheck() { if (option::xget("s_check", "login_check") != 0) { $geetest = new GeetestLib(); $geetest->set_privatekey("2d5be5ba4207f11d33f7ae5e14a1c33e"); if (isset($_POST['geetest_challenge']) && isset($_POST['geetest_validate']) && isset($_POST['geetest_seccode'])) { $result = $geetest->validate($_POST['geetest_challenge'], $_POST['geetest_validate'], $_POST['geetest_seccode']); } if ($result == TRUE) { } else { if ($result == FALSE) { ReDirect("index.php?mod=login&error_msg=" . urlencode('登陆失败,请拖动滑块完成验证')); die; } else { ReDirect("index.php?mod=login&error_msg=" . urlencode('登陆失败,请拖动滑块完成验证')); die; } } } }
msg('设置无法保存,因为您的总灌水量超过了管理员的设置'); } foreach ($tbss as $key => $tbsx) { if (!empty($tbsx) && !empty($pid[$key])) { $np = str_ireplace('http://tieba.baidu.com/p/', '', $tbsx); $tes = $m->once_fetch_array("SELECT count(*) AS `c` FROM `" . DB_NAME . "`.`" . DB_PREFIX . "wmzz_post_data` WHERE `uid` = '" . UID . "' AND `pid` = '{$pid[$key]}' AND `url` = '{$np}'"); if ($tes['c'] <= 0) { $m->query("INSERT INTO `" . DB_NAME . "`.`" . DB_PREFIX . "wmzz_post_data` ( `id`,`uid`,`pid`,`url` ) VALUES ( NULL,'" . UID . "','{$pid[$key]}','{$np}' );"); } else { $m->query("UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "wmzz_post_data` SET `url` = '{$np}', `pid` = '{$pid[$key]}' WHERE `id` = '{$rcid[$rcidk]}';"); $rcidk = $rcidk + 1; } } } $m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'wmzz_post` (`uid`, `cont`, `num`) VALUES (' . UID . ', \'' . $wsc . '\', \'' . $num . '\') on duplicate key update `cont` = \'' . $wsc . '\', `num` = \'' . $num . '\''); ReDirect(SYSTEM_URL . "index.php?plugin=wmzz_post&mod=set&ok"); die; } loadhead(); echo '<h2>贴吧帖子云灌水</h2>'; if (SYSTEM_PAGE == 'set') { $tbs = ''; $content = ''; $tbss = $m->query("SELECT * FROM `" . DB_PREFIX . "wmzz_post_data` WHERE `uid` = '" . UID . "';"); while ($valux = $m->fetch_array($tbss)) { $tbs .= '<tr><td><input type="text" class="form-control" name="tieba[]" style="width:100%" value="http://tieba.baidu.com/p/' . $valux['url'] . '" readonly></td><td><input type="text" name="pid[]" value="' . $valux['pid'] . '" class="form-control" readonly></td><td><a class="btn btn-default" title="删除" href="index.php?plugin=wmzz_post&mod=set&del=' . $valux['id'] . '"><b>X</b></a></td></tr>'; } $tbs = trim($tbs, "\n"); $val = unserialize($us['cont']); if (!empty($val)) { foreach ($val as $valu) {
$largeIcon = $_FILES['large_icon']['tmp_name']; if (file_exists($largeIcon) && $largeIcon != "") { $largeIconPath = "pic/sw720dp/" . $_POST['url'] . ".png"; if ($db->upload_image($_FILES['large_icon'], $largeIconPath)) $bookmark['large_icon'] = $largeIconPath; } $db->upd_rec("bookmark", $bookmark, "id='" . $_POST['bID'] . "'"); ReDirect('index.php?page=bookmark&msg=1'); exit(); } $MiddleContents["page"] = "views/edit_bookmark.php"; include ($TemplateFile); break; } */ case "logout": session_destroy(); $URL = "login.php?Msg=Successfully Logout"; ReDirect($URL); break; default: $Title = "Admin: Dashboard"; $MiddleContents["page"] = "views/home.php"; include $TemplateFile; } } else { session_destroy(); $URL = "login.php?Msg=Successfully Logout"; ReDirect($URL); break; }
<?php if (ROLE === 'admin') { $doa = empty($_POST['wmzz_anno_doa']) ? array() : $_POST['wmzz_anno_doa']; option::set('wmzz_anno_set', htmlspecialchars_decode($_POST['wmzz_anno_set'])); option::set('wmzz_anno_tpl', htmlspecialchars_decode($_POST['wmzz_anno_tpl'])); option::set('wmzz_anno_doa', serialize($doa)); ReDirect('index.php?mod=admin:setplug&plug=wmzz_anno&ok'); }
die('Insufficient Permissions'); } global $i; switch ($i['mode'][0]) { case 'baiduid': loadhead('百度账号管理'); template('baiduid'); break; case 'showtb': loadhead('云签到设置和日志'); template('showtb'); break; case 'log': //兼容老版本插件,重定向到showtb Clean(); ReDirect('index.php?mod=showtb'); break; case 'set': loadhead('个人设置'); template('set'); break; case 'admin': if (ROLE != 'admin') { msg('权限不足!'); } switch ($i['mode'][1]) { case 'set': loadhead('全局设置'); template('admin-set'); break; case 'tools':
file_put_contents($backup . '/__backup.ini', '[info]' . "\r\n" . ' name=' . SYSTEM_NAME . "\r\n" . ' ver=' . SYSTEM_VER . "\r\n" . ' time=' . date('Y-m-d H:m:s') . "\r\n"); foreach ($_POST['file'] as $file) { $c = new wcurl($server . $file); $data = $c->exec(); $c->close(); if (empty($data)) { DeleteFile(SYSTEM_ROOT . '/setup/update_cache'); msg('错误:更新失败:<br/><br/>与更新服务器的连接中断:无法下载数据' . $server . $file); } file_put_contents(SYSTEM_ROOT . '/setup/update_cache' . $file, $data); copy(SYSTEM_ROOT . $file, $backup . $file); } ReDirect('ajax.php?mod=admin:update:install&updfile=' . $_POST['updatefile']); break; /* case 'admin:update': $c = new wcurl(SUPPORT_URL . 'get.php?ver=' . SYSTEM_VER); $data = json_decode($c->exec()); $c->close(); $d = ''; if(!empty($data)){ $t = ''; //预先提供文件夹列表 foreach ($data->items->dir as $dir) { $d .= '<input type="hidden" name="dir[]" value="'.$dir.'">'; } //检测文件是否存在以及MD5是否相同
global $i, $m; $s = unserialize(option::get('plugin_wmzz_ban')); if (SYSTEM_PAGE == 'add') { $pid = !empty($_POST['pid']) ? intval($_POST['pid']) : msg('请选择PID'); if (!isset($i['user']['bduss'][$pid])) { msg('PID不存在'); } $tieba = !empty($_POST['tieba']) ? addslashes(strip_tags($_POST['tieba'])) : msg('请输入贴吧'); if (isset($_POST['date'])) { if (empty($_POST['date'])) { $date = '0'; } else { $date = strtotime($_POST['date']); } } else { msg('请输入截止日期'); } foreach ($_POST['user'] as $value) { $value = addslashes(strip_tags($value)); $m->query("INSERT INTO `" . DB_PREFIX . "wmzz_ban` (`uid`, `pid`, `tieba`, `user`, `date`) VALUES ('" . UID . "', '{$pid}', '{$tieba}', '{$value}', '{$date}')"); } ReDirect(SYSTEM_URL . 'index.php?plugin=wmzz_ban&ok'); } elseif (SYSTEM_PAGE == 'del') { $id = isset($_GET['id']) ? intval($_GET['id']) : msg('缺少ID'); $m->query("DELETE FROM `" . DB_PREFIX . "wmzz_ban` WHERE `uid` = " . UID . " AND `id` = " . $id); ReDirect(SYSTEM_URL . 'index.php?plugin=wmzz_ban&ok'); } else { loadhead(); require SYSTEM_ROOT . '/plugins/wmzz_ban/show.php'; loadfoot(); }
$hide_num_wx = !empty($_POST['hide_num_wx']) ? 1 : 0; option::set('xy_invite_gs_yqm', $_POST['gs_yqm']); option::set('xy_invite_gs_sy', $_POST['gs_sy']); option::set('xy_invite_shownum', $show_num); option::set('xy_invite_hidenum_1', $hide_num_1); option::set('xy_invite_hidenum_wx', $hide_num_wx); ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=xy_invite&msg=设置已保存!'); } } else { ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=xy_invite&error_msg=邀请码格式不能为空!'); } } //多邀请码开启 if (isset($_GET['open'])) { option::set('yr_reg', '多邀请码已开启'); ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=xy_invite&msg=已开启邀请码注册功能!'); } //错误提示 if (isset($_GET['error_msg'])) { echo '<div class="alert alert-danger alert-dismissable"> <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>错误:' . strip_tags($_GET['error_msg']) . '</div>'; } //提示 if (isset($_GET['msg'])) { echo '<div class="alert alert-info alert-dismissable"> <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>' . strip_tags($_GET['msg']) . '</div>'; } //未开启邀请码提示 if (!option::get('yr_reg')) { echo '<div class="alert alert-warning alert-dismissable">警告:没有开启邀请码注册! <a href="index.php?mod=admin:setplug&plug=xy_invite&open">点击开启</a></div>'; }
<?php if (!defined('SYSTEM_ROOT')) { die('Insufficient Permissions'); } if (isset($_REQUEST['plug']) && $_REQUEST['plug'] == "dl_pages" && $_REQUEST['page'] == "") { ReDirect('index.php?mod=admin:setplug&plug=dl_pages&page=1'); } if (isset($_GET['ok'])) { echo '<div class="alert alert-success">设置已成功保存!</div>'; } if (option::get('dl_pages_title') == "0") { global $m; option::set('dl_pages_text', ''); option::set('dl_pages_title', ''); } if (option::get('dl_pages_title2') == "0") { global $m; option::set('dl_pages_text2', ''); option::set('dl_pages_title2', ''); } if (option::get('dl_pages_title3') == "0") { global $m; option::set('dl_pages_text3', ''); option::set('dl_pages_title3', ''); } if (option::get('dl_pages_title4') == "0") { global $m; option::set('dl_pages_text4', ''); option::set('dl_pages_title4', ''); }
</div><?php } ?> <div style="display:none;"><script src="http://js.users.51.la/17795549.js"></script></div> <?php if (isset($_GET['success_msg'])) { ?> <div class="alert alert-success alert-dismissable"> <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button> <?php echo strip_tags($_GET['success_msg']); ?> </div><?php } if (isset($_GET['jh'])) { global $m; $email = base64_decode($_GET['email']); $key = $_GET['key']; $cx = $m->query("SELECT * FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE email = '{$email}' LIMIT 1"); $p = $m->fetch_array($cx); $pw = sha1(md5($p['pw'] . date('Ymd') . option::get(salt))); if ($pw != $key) { ReDirect(SYSTEM_URL . 'index.php?pub_plugin=reg_supervise&error_msg=链接无效!!'); die; } else { $m->query("UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "users` SET `role` = 'user' WHERE email = '{$email}'"); setcookie("wmzz_tc_user", $p['name']); setcookie("wmzz_tc_pw", $p['pw']); ReDirect(SYSTEM_URL . 'index.php?pub_plugin=reg_supervise&success_msg=用户激活成功!请绑定百度账号。'); } }
if (ROLE != 'admin') { die('权限不足'); } global $m; //参数替换 function getgs($gs) { $data = str_ireplace('{百度ID}', '(.*)', $gs); $data = str_ireplace('{百度BDUSS}', '([0-9a-zA-Z\\-\\~]+)', $data); return $data; } //导入BDUSS if (isset($_GET['new'])) { $import_str = !empty($_POST['import_str']) ? $_POST['import_str'] : ''; if (empty($import_str)) { ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=xy_import&error_msg=导入文本不能为空!'); } $import_str = preg_replace('/[\\r\\n]+/', PHP_EOL, $import_str); $arr = explode(PHP_EOL, $import_str); $total = count($arr); $gs = option::get('xy_import_gs'); $refresh = option::get('xy_import_refresh'); $hs = $cf = $ok = $err = $up = $sx = 0; for ($i = 0; $i < $total; $i++) { preg_match('/' . getgs($gs) . '/', $arr[$i], $re); if (!empty($re[2])) { $hs++; $x = $m->once_fetch_array("SELECT COUNT(*) AS bduss FROM `" . DB_NAME . "`.`" . DB_PREFIX . "baiduid` where `bduss` = '" . $re[2] . "';"); if ($x['bduss'] > 0) { $cf++; } else {
$baiduid = getBaiduID($bduss); if (!empty($baiduid)) { $uid = $m->once_fetch_array("SELECT `uid` FROM `" . DB_NAME . "`.`" . DB_PREFIX . "baiduid` WHERE `name` = '{$baiduid}'"); if (!empty($uid)) { $uid = $uid['uid']; $p = $m->once_fetch_array("SELECT * FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE `id` = '{$uid}'"); } else { msg('无相应绑定信息,请尝试使用其他方式登陆'); } } else { msg('您输入的bduss有误'); } $cktime = (int) option::get('cktime'); setcookie("wmzz_tc_user", $p['name'], time() + $cktime); setcookie("wmzz_tc_pw", $p['pw'], time() + $cktime); ReDirect('index.php'); } loadhead(); ?> <div class="panel panel-success" style="margin:5% 15% 5% 15%;"> <div class="panel-heading"> <h3 class="panel-title">花式登录</h3> </div> <div style="margin:0% 5% 5% 5%;"><br/> <form name="form" method="post" action="<?php echo SYSTEM_URL; ?> index.php?pub_plugin=fyy_newlogin&"> <div class="input-group"> <span class="input-group-addon">BDUSS</span> <input type="text" class="form-control" name="bduss" id="bduss" placeholder="登录百度账号后,点击Get it可以获取BDUSS信息"/>
if (isset($_GET['update'])) { global $m; $result = $m->fetch_array($m->query("select max(id) as id from `" . DB_NAME . "`.`" . DB_PREFIX . "dl_invite`")); $row = $result['id']; $zg = $row + 1; $zg2 = $row + 100; for ($i = $zg; $i <= $zg2; $i++) { $yqm = getRandStr(18); $m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'dl_invite` (`id`, `code`) VALUES (\'' . $i . '\', \'' . $yqm . '\');'); } ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=dl_invite&ok'); } if (isset($_GET['delete'])) { global $m; $m->query("truncate table `" . DB_NAME . "`.`" . DB_PREFIX . "dl_invite`"); ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=dl_invite&ok'); } ?> <h3>多邀请码设置</h3> </br></br></br> <?php global $m; $cont = ''; $result = $m->fetch_array($m->query("select max(id) as id from `" . DB_NAME . "`.`" . DB_PREFIX . "dl_invite`")); $row = $result['id']; for ($i = 0; $i <= $row; $i++) { $invite = $m->fetch_array($m->query('select * from `' . DB_NAME . '`.`' . DB_PREFIX . 'dl_invite` where `id` = ' . $i)); if (!empty($invite['code'])) { $cont = $cont . "\n" . $invite['code']; } }
global $m; option::set('dl_pages_text3', $_POST['text3']); option::set('dl_pages_title3', $_POST['title3']); ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=dl_pages&page=3&ok'); } if (isset($_GET['add4'])) { global $m; option::set('dl_pages_text4', $_POST['text4']); option::set('dl_pages_title4', $_POST['title4']); ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=dl_pages&page=4&ok'); } if (isset($_GET['add5'])) { global $m; option::set('dl_pages_text5', $_POST['text5']); option::set('dl_pages_title5', $_POST['title5']); ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=dl_pages&page=5&ok'); } loadhead(); if ($_REQUEST['page'] == 'dl_pages_one') { echo "<h2>" . option::get('dl_pages_title') . "</h2></br>"; if (option::get('dl_pages_text') == "") { echo '<div class="alert alert-danger">管理员未设置内容!</div>'; } echo option::get('dl_pages_text'); echo '</br></br>插件作者:<a href="http://blog.jt371.cn" target="_blank">D丶L</a> 程序作者:<a href="http://zhizhe8.net" target="_blank">无名智者</a>'; } else { } if ($_REQUEST['page'] == 'dl_pages_two') { echo "<h2>" . option::get('dl_pages_title2') . "</h2></br>"; if (option::get('dl_pages_text2') == "") { echo '<div class="alert alert-danger">管理员未设置内容!</div>';
function dl_invite_yz() { global $m; if (option::get('enable_reg') != '1') { msg('注册失败:该站点已关闭注册'); } $name = isset($_POST['user']) ? addslashes(strip_tags($_POST['user'])) : ''; $mail = isset($_POST['mail']) ? addslashes(strip_tags($_POST['mail'])) : ''; $pw = isset($_POST['pw']) ? addslashes(strip_tags($_POST['pw'])) : ''; $yr = isset($_POST['invite']) ? addslashes(strip_tags($_POST['invite'])) : ''; if (empty($name) || empty($mail) || empty($pw)) { msg('注册失败:请正确填写账户、密码或邮箱'); } $x = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE name='{$name}'"); $z = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE email='{$name}'"); $y = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users`"); if ($x['total'] > 0) { msg('注册失败:用户名已经存在'); } if ($z['total'] > 0) { msg('注册失败:邮箱已经存在'); } if (!checkMail($mail)) { msg('注册失败:邮箱格式不正确'); } if (empty($yr)) { msg('注册失败:请输入邀请码'); } $invite = $m->fetch_array($m->query('select * from `' . DB_NAME . '`.`' . DB_PREFIX . 'dl_invite` where `code` = "' . $yr . '"')); if (!empty($invite['code'])) { $dlyr = $invite['code']; $m->query('DELETE FROM `' . DB_NAME . '`.`' . DB_PREFIX . 'dl_invite` where `code` = "' . $dlyr . '"'); } else { msg('注册失败:邀请码错误或已被使用'); } if ($y['total'] <= 0) { $role = 'admin'; } else { $role = 'user'; } doAction('admin_reg_2'); $m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');'); setcookie("wmzz_tc_user", $name); setcookie("wmzz_tc_pw", EncodePwd($pw)); doAction('admin_reg_3'); ReDirect('index.php'); echo '}'; die; }
msg('权限不足'); } if (isset($_GET['add'])) { global $m; option::set('wmzz_mailer_title', addslashes($_POST['title'])); option::set('wmzz_mailer_text', addslashes($_POST['text'])); option::set('wmzz_mailer_limit', $_POST['limit']); if ($_POST['check'] == '1') { option::set('wmzz_mailer_check', '1'); cron::set('wmzz_mailer', 'plugins/wmzz_mailer/wmzz_mailer_cron.php', 0); } else { option::set('wmzz_mailer_check', '0'); option::set('wmzz_mailer_last', '0'); cron::set('wmzz_mailer', 'plugins/wmzz_mailer/wmzz_mailer_cron.php', 1); } ReDirect(SYSTEM_URL . 'index.php?plugin=wmzz_mailer&ok'); } else { loadhead(); if (isset($_GET['ok'])) { echo '<div class="alert alert-success">设置已保存。当群发任务完成后,"开始群发" 复选框将自动取消</div>'; } ?> <h2>群发邮件给所有用户</h2><br/> <?php if (option::get('wmzz_mailer_check') != '0') { echo '群发任务现在已开始,已发送 ' . option::get('wmzz_mailer_last') . ' 封邮件<br/><br/>'; } ?> <form action="index.php?plugin=wmzz_mailer&add" method="post"> <input type="checkbox" name="check" <?php if (option::get('wmzz_mailer_check') != '0') {
if (defined('ROLE')) { ReDirect('index.php'); } define('ROLE', 'visitor'); $i['user']['role'] = 'visitor'; template('login'); doAction('login_page_4'); die; } elseif (SYSTEM_PAGE == 'reg') { if (defined('ROLE')) { ReDirect('index.php'); } define('ROLE', 'visitor'); $i['user']['role'] = 'visitor'; template('reg'); doAction('reg_page_4'); die; } elseif (isset($_GET['pub_plugin'])) { define('ROLE', 'visitor'); define('SYSTEM_READY_LOAD_PUBPLUGIN', true); } elseif (SYSTEM_PAGE == 'admin:logout') { doAction('logout'); setcookie("uid", '', time() - 3600); setcookie("toolpw", '', time() - 3600); setcookie("pwd", '', time() - 3600); ReDirect('index.php?mod=login'); } elseif (!defined('UID') && !defined('SYSTEM_DO_NOT_LOGIN')) { define('ROLE', 'visitor'); $i['user']['role'] = 'visitor'; ReDirect('index.php?mod=login'); }
<?php if (!defined('SYSTEM_ROOT')) { die('Insufficient Permissions'); } global $m, $i; $us = $m->once_fetch_array('SELECT * FROM `' . DB_NAME . '`.`' . DB_PREFIX . 'wmzz_zan` WHERE `uid` = ' . UID . ''); if (isset($_GET['del'])) { $id = intval($_GET['del']); $m->query("DELETE FROM `" . DB_PREFIX . "wmzz_zan_data` WHERE `uid` = '" . UID . "' AND `id` = '{$id}'"); ReDirect(SYSTEM_URL . 'index.php?plugin=Cloud_Click&mod=set&ok'); } require SYSTEM_ROOT . '/plugins/Cloud_Click/func.php'; $set = unserialize(option::get('plugin_Cloud_Click')); if ($i['mode'][0] == 'setting') { $tbss = isset($_POST['tieba']) ? $_POST['tieba'] : array(); $max = isset($_POST['max']) ? intval($_POST['max']) : '0'; $pid = isset($_POST['pid']) ? $_POST['pid'] : array(); if (ISVIP == false && (!empty($set['max']) && count($tbss) * $max > $set['max'])) { msg('设置无法保存,请勿设置超过规定限额的点赞数量'); } if (ISVIP == false && (!empty($set['lmax']) && count($tbss) > $set['lmax'])) { msg('设置无法保存,因为您的最大点赞贴吧数超过了管理员的设置'); } if (ISVIP == false && (!empty($set['cmax']) && $max > $set['cmax'])) { msg('设置无法保存,因为您的最大单贴吧点赞帖子数超过了管理员的设置'); } cloudclick::uset(UID, $max, $tbss, $pid); Redirect(SYSTEM_URL . 'index.php?plugin=Cloud_Click&mod=set&ok'); } else { loadhead();
function reg_supervise_yx() { global $m; $name = isset($_POST['user']) ? addslashes(strip_tags($_POST['user'])) : ''; $mail = isset($_POST['mail']) ? addslashes($_POST['mail']) : ''; $pw = isset($_POST['pw']) ? addslashes(strip_tags($_POST['pw'])) : ''; $role = 'banned'; $m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');'); $ip = $_SERVER['REMOTE_ADDR']; setcookie("reg_check", date('d'), time() + 86400); $m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'reg` (`ip`) VALUES (\'' . $ip . '\');'); $key = sha1(md5(EncodePwd($pw) . date('Ymd') . option::get(salt))); $title = strip_tags(SYSTEM_NAME) . " - 注册验证"; $text = "你在" . SYSTEM_URL . " 使用IP:" . $ip . " 用此邮箱注册了账号,账号:" . $name . ",密码" . $pw . "<br>点击以下链接完成安全验证,即可正常使用本站服务。如果显示禁止访问,使用浏览器隐身模式再打开链接即可<br><p>本邮件为系统自动发送,请勿回复。如果你没有进行此操作,可能是有人冒用了此邮箱,请不要点击链接</p><br>验证链接(当日有效):" . SYSTEM_URL . "index.php?pub_plugin=reg_supervise" . '&jh' . '&email=' . base64_encode($mail) . '&key=' . $key; $x = misc::mail($mail, $title, $text); if ($x != true) { $m->query("UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "users` SET `role` = 'user' WHERE email = '{$mail}'"); $js = option::get('reg_jg'); option::set('reg_jg', $js + 1); ReDirect(SYSTEM_URL . 'index.php?pub_plugin=reg_supervise&error_msg=验证邮件发送失败!已为你激活用户!请登录。'); die; } else { option::set('reg_jg', 0); ReDirect(SYSTEM_URL . 'index.php?pub_plugin=reg_supervise&success_msg=请登录你的邮箱点击确认链接!否则无法登陆本站!'); } die; }
function xy_invite_verify() { global $m; if (option::get('enable_reg') != '1') { msg('注册失败:该站点已关闭注册'); } $name = isset($_POST['user']) ? sqladds($_POST['user']) : ''; $mail = isset($_POST['mail']) ? sqladds($_POST['mail']) : ''; $pw = isset($_POST['pw']) ? sqladds($_POST['pw']) : ''; $yr = isset($_POST['yr']) ? sqladds($_POST['yr']) : ''; if (empty($name) || empty($mail) || empty($pw)) { msg('注册失败:请正确填写账户、密码或邮箱'); } if ($_POST['pw'] != $_POST['rpw']) { msg('注册失败:两次输入的密码不一致,请重新输入'); } if (!checkMail($mail)) { msg('注册失败:邮箱格式不正确'); } $x = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE `name` = '{$name}' OR `email` = '{$mail}' LIMIT 1"); if ($x['total'] > 0) { msg('注册失败:用户名或邮箱已经被注册'); } $yr_reg = option::get('yr_reg'); if (!empty($yr_reg)) { if (empty($yr)) { msg('注册失败:请输入邀请码'); } else { $z = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite`"); if ($z['total'] <= 0) { msg('系统错误:邀请码不足,请联系管理员添加!'); } else { $s = $m->query("SELECT * FROM `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite` WHERE `code`='{$yr}'"); if ($s->num_rows <= 0) { msg('注册失败:邀请码错误!'); } else { $r = $s->fetch_array(); $r_num = (int) $r['num']; if ($r_num == 1) { $m->query("DELETE FROM `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite` WHERE `id` = " . $r['id']); } else { if ($r_num > 1) { $m->query("UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite` SET `num`=num-1 WHERE `id`='" . $r['id'] . "';"); } } } } } } $y = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users`"); if ($y['total'] <= 0) { $role = 'admin'; } else { $role = 'user'; } doAction('admin_reg_2'); $m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');'); doAction('admin_reg_3'); ReDirect('index.php?mod=login&msg=' . urlencode('成功注册,请输入账号信息登录本站 [ 账号为用户名或邮箱地址 ]')); die; }
ReDirect(SYSTEM_URL . 'index.php?mod=login&error_msg=' . urlencode('由于你的密码已修改,无法再使用旧密码登录,请重新登录')); } } global $m; if (isset($_REQUEST['page']) && $_REQUEST['page'] == 'yjqr') { $emailcc = !empty($_REQUEST['email']) ? base64_decode($_REQUEST['email']) : msg('警告:邮件地址无效'); $email = checkMail($emailcc) ? sqladds($emailcc) : msg('警告:非法操作'); $key = $_REQUEST['key']; $cx = $m->query("SELECT * FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE email = '{$email}' LIMIT 1"); $p = $m->fetch_array($cx); if ($p == "") { ReDirect(SYSTEM_URL . 'index.php?pub_plugin=dl_zhmm&error_msg=' . urlencode('错误:未能在本站找到持有该邮箱的用户!')); } $pw = sha1(md5(EncodePwd($p['pw'] . date('Ymd') . SYSTEM_NAME . SYSTEM_VER . SYSTEM_URL))); if ($pw != $key) { ReDirect(SYSTEM_URL . 'index.php?pub_plugin=dl_zhmm&error_msg=' . urlencode('错误:该链接失效或者不归您所拥有,修改密码失败!')); } else { echo '<div class="panel panel-success" style="margin:5% 15% 5% 15%;"> <div class="panel-heading"> <h3 class="panel-title">设置新密码</h3> </div> <div style="margin:0% 5% 5% 5%;"> <div class="login-top"></div><br/> <b>请输入您新密码</b><br/><br/> <form name="f" method="post" action="'; echo 'index.php?pub_plugin=dl_zhmm&xg&email=' . base64_encode($email) . '&key=' . $key . '"> <div class="input-group"> <span class="input-group-addon">新密码</span> <input type="password" class="form-control" name="pw" id="pw" required> </div> <div class="login-button"><br/>
session_start(); include 'common/connection.php'; if (isset($_POST['users_name'])) { $checkin = $db->single_row("administrator", "*", "username='******'users_name']) . "' and password = '******'users_password']) . "' and is_admin='1'"); //print_r(checkin);exit(0); if ($checkin > 0) { $record = mysql_fetch_array($rs); $_SESSION['AdminUser'] = $checkin['fullname']; $_SESSION['AdminType'] = $checkin['is_admin']; $_SESSION['UserID'] = $checkin['idx']; ReDirect("index.php?page=featured"); exit; } else { $msg = base64_encode("Invalid username or password"); ReDirect("login.php?msg={$msg}&msgtyp=error"); exit; } } ?> <!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <title><?php echo TITLE; ?> </title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no" />
$dump .= 'SET time_zone = "+8:00";' . PHP_EOL . PHP_EOL; while ($v = $m->fetch_array($e)) { $list = $v; foreach ($list as $table) { $dump .= dataBak($table); } } $dump .= PHP_EOL . '-------------- End --------------'; $title = SYSTEM_NAME . " " . date('Y-m-d') . " 数据库备份"; $x = misc::mail($email, $title, "备份文件已附上,请查看附件", array('backup-' . date('Ymd') . '.sql' => $dump)); if ($x != true) { option::set('dl_backup_log', date('Y-m-d H:i:s') . ' 数据库备份邮件发送失败!'); ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=dl_backup&wrong'); } else { option::set('dl_backup_log', date('Y-m-d H:i:s') . ' 数据库备份邮件发送成功!'); ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=dl_backup&success'); } } } ?> <h3>自动数据库备份设置</h3><br/> <form action="index.php?mod=admin:setplug&plug=dl_backup&set" method="post"> <div class="input-group"> <span class="input-group-addon">接收备份邮箱</span> <input type="email" name="email" class="form-control" value="<?php echo option::get('dl_backup_email'); ?> " required/> </div><br/> <div class="input-group"> <span class="input-group-addon">备份间隔(天)</span>
<?php if (!defined('SYSTEM_ROOT')) { die('Insufficient Permissions'); } if (ROLE != 'admin') { msg('权限不足!'); } option::set('weirdoga_dscomment_code', htmlspecialchars_decode($_POST['weirdoga_dscomment_code'])); option::set('weirdoga_dscomment_title', $_POST['weirdoga_dscomment_title']); ReDirect('index.php?mod=admin:setplug&plug=weirdoga_dscomment&ok');