Example #1
0
function EditUser($userid, $username, $password, $repassword, $groupid, $adminclass, $oldusername, $checked, $styleid, $loginuserid, $loginusername)
{
    global $empire, $class_r, $dbtbpre;
    $userid = (int) $userid;
    if (!$userid || !$username) {
        printerror("EnterUsername", "history.go(-1)");
    }
    //操作权限
    CheckLevel($loginuserid, $loginusername, $classid, "user");
    //修改用户名
    if ($oldusername != $username) {
        $num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsuser where username='******' and userid<>{$userid} limit 1");
        if ($num) {
            printerror("ReUsername", "history.go(-1)");
        }
        //修改信息
        //$nsql=$empire->query("update {$dbtbpre}enewsnews set username='******' where username='******'");
        //修改日志
        $lsql = $empire->query("update {$dbtbpre}enewslog set username='******' where username='******'");
        $lsql = $empire->query("update {$dbtbpre}enewsdolog set username='******' where username='******'");
    }
    //修改密码
    if ($password) {
        if ($password != $repassword) {
            printerror("NotRepassword", "history.go(-1)");
        }
        if (strlen($password) < 6) {
            printerror("LessPassword", "history.go(-1)");
        }
        $salt = make_password(8);
        $password = md5(md5($password) . $salt);
        $add = ",password='******',salt='{$salt}'";
    }
    //管理目录
    for ($i = 0; $i < count($adminclass); $i++) {
        //大栏目
        if (empty($class_r[$adminclass[$i]][islast])) {
            if (empty($class_r[$adminclass[$i]][sonclass]) || $class_r[$adminclass[$i]][sonclass] == "|") {
                continue;
            } else {
                $andclass = substr($class_r[$adminclass[$i]][sonclass], 1);
            }
            $insert_class .= $andclass;
        } else {
            $insert_class .= $adminclass[$i] . "|";
        }
    }
    $insert_class = "|" . $insert_class;
    $styleid = (int) $styleid;
    $groupid = (int) $groupid;
    $checked = (int) $checked;
    $filelevel = (int) $_POST['filelevel'];
    $classid = (int) $_POST['classid'];
    $truename = htmlspecialchars($_POST['truename']);
    $email = htmlspecialchars($_POST['email']);
    $sql = $empire->query("update {$dbtbpre}enewsuser set username='******',groupid={$groupid},adminclass='{$insert_class}',checked={$checked},styleid={$styleid},filelevel='{$filelevel}',truename='{$truename}',email='{$email}',classid='{$classid}'" . $add . " where userid='{$userid}'");
    //安全提问
    $equestion = (int) $_POST['equestion'];
    $eanswer = $_POST['eanswer'];
    $uadd = '';
    if ($equestion) {
        if ($equestion != $_POST['oldequestion'] && !$eanswer) {
            printerror('EmptyEAnswer', '');
        }
        if ($eanswer) {
            $eanswer = ReturnHLoginQuestionStr($userid, $username, $equestion, $eanswer);
            $uadd = ",eanswer='{$eanswer}'";
        }
    } else {
        $uadd = ",eanswer=''";
    }
    $empire->query("update {$dbtbpre}enewsuseradd set equestion='{$equestion}'" . $uadd . " where userid='{$userid}'");
    if ($_POST['oldadminclass'] != $insert_class) {
        DelFiletext('../../data/fc/ListEnews' . $userid . '.php');
    }
    if ($sql) {
        //操作日志
        insert_dolog("userid=" . $userid . "<br>username="******"EditUserSuccess", "ListUser.php");
    } else {
        printerror("DbError", "history.go(-1)");
    }
}
Example #2
0
function login($username, $password, $key, $post)
{
    global $empire, $public_r, $dbtbpre, $do_loginauth, $do_ckhloginfile;
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    if (!$username || !$password) {
        printerror("EmptyKey", "index.php");
    }
    //验证码
    $keyvname = 'checkkey';
    if (!$public_r['adminloginkey']) {
        ecmsCheckShowKey($keyvname, $key, 0, 0);
    }
    if (strlen($username) > 30 || strlen($password) > 30) {
        printerror("EmptyKey", "index.php");
    }
    $loginip = egetip();
    $logintime = time();
    CheckLoginNum($loginip, $logintime);
    //认证码
    if ($do_loginauth && $do_loginauth != $post['loginauth']) {
        InsertErrorLoginNum($username, $password, 1, $loginip, $logintime);
        printerror("ErrorLoginAuth", "index.php");
    }
    $user_r = $empire->fetch1("select userid,password,salt,lasttime,lastip from {$dbtbpre}enewsuser where username='******' and checked=0 limit 1");
    if (!$user_r['userid']) {
        InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
        printerror("LoginFail", "index.php");
    }
    $ch_password = md5(md5($password) . $user_r['salt']);
    if ($user_r['password'] != $ch_password) {
        InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
        printerror("LoginFail", "index.php");
    }
    //安全问答
    $user_addr = $empire->fetch1("select userid,equestion,eanswer from {$dbtbpre}enewsuseradd where userid='{$user_r['userid']}'");
    if (!$user_addr['userid']) {
        InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
        printerror("LoginFail", "index.php");
    }
    if ($user_addr['equestion']) {
        $equestion = (int) $post['equestion'];
        $eanswer = $post['eanswer'];
        if ($user_addr['equestion'] != $equestion) {
            InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
            printerror("LoginFail", "index.php");
        }
        $ckeanswer = ReturnHLoginQuestionStr($user_r['userid'], $username, $user_addr['equestion'], $eanswer);
        if ($ckeanswer != $user_addr['eanswer']) {
            InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
            printerror("LoginFail", "index.php");
        }
    }
    //取得随机密码
    $rnd = make_password(20);
    $sql = $empire->query("update {$dbtbpre}enewsuser set rnd='{$rnd}',loginnum=loginnum+1,lastip='{$loginip}',lasttime='{$logintime}',pretime='{$user_r['lasttime']}',preip='" . RepPostVar($user_r[lastip]) . "' where username='******' limit 1");
    $r = $empire->fetch1("select groupid,userid,styleid from {$dbtbpre}enewsuser where username='******' limit 1");
    //样式
    if (empty($r[styleid])) {
        $stylepath = $public_r['defadminstyle'] ? $public_r['defadminstyle'] : 1;
    } else {
        $styler = $empire->fetch1("select path,styleid from {$dbtbpre}enewsadminstyle where styleid='{$r['styleid']}'");
        if (empty($styler[styleid])) {
            $stylepath = $public_r['defadminstyle'] ? $public_r['defadminstyle'] : 1;
        } else {
            $stylepath = $styler['path'];
        }
    }
    //设置备份
    $cdbdata = 0;
    $bnum = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsgroup where groupid='{$r['groupid']}' and dodbdata=1");
    if ($bnum) {
        $cdbdata = 1;
        $set5 = esetcookie("ecmsdodbdata", "empirecms", 0, 1);
    } else {
        $set5 = esetcookie("ecmsdodbdata", "", 0, 1);
    }
    ecmsEmptyShowKey($keyvname, 0);
    //清空验证码
    $set4 = esetcookie("loginuserid", $r[userid], 0, 1);
    $set1 = esetcookie("loginusername", $username, 0, 1);
    $set2 = esetcookie("loginrnd", $rnd, 0, 1);
    $set3 = esetcookie("loginlevel", $r[groupid], 0, 1);
    $set5 = esetcookie("eloginlic", "empirecmslic", 0, 1);
    $set6 = esetcookie("loginadminstyleid", $stylepath, 0, 1);
    //COOKIE加密验证
    if (empty($do_ckhloginfile)) {
        DoEDelFileRnd($r[userid]);
    }
    DoECookieRnd($r[userid], $username, $rnd, $cdbdata, $r[groupid], intval($stylepath), $logintime);
    //最后登陆时间
    $set4 = esetcookie("logintime", $logintime, 0, 1);
    $set5 = esetcookie("truelogintime", $logintime, 0, 1);
    //写入日志
    insert_log($username, '', 1, $loginip, 0);
    //FireWall
    FWSetPassword();
    if ($set1 && $set2 && $set3) {
        //操作日志
        insert_dolog("");
        if ($post['adminwindow']) {
            ?>
			<script>
			AdminWin=window.open("admin.php","EmpireCMS","scrollbars");
			AdminWin.moveTo(0,0);
			AdminWin.resizeTo(screen.width,screen.height-30);
			self.location.href="blank.php";
			</script>
		<?php 
            exit;
        } else {
            printerror("LoginSuccess", "admin.php");
        }
    } else {
        printerror("NotCookie", "index.php");
    }
}
function EditPassword($userid, $username, $oldpassword, $password, $repassword, $styleid, $oldstyleid, $add)
{
    global $empire, $dbtbpre, $gr;
    $styleid = (int) $styleid;
    $oldstyleid = (int) $oldstyleid;
    $username = RepPostVar($username);
    $oldpassword = RepPostVar($oldpassword);
    $password = RepPostVar($password);
    $truename = RepPostStr($add[truename]);
    $email = RepPostStr($add[email]);
    if (!$userid || !$username) {
        printerror("EmptyOldPassword", "history.go(-1)");
    }
    //修改密码
    $a = '';
    if ($oldpassword) {
        if (!$username || !$oldpassword) {
            printerror("EmptyOldPassword", "history.go(-1)");
        }
        if (!trim($password) || !trim($repassword)) {
            printerror("EmptyNewPassword", "history.go(-1)");
        }
        if ($password != $repassword) {
            printerror("NotRepassword", "history.go(-1)");
        }
        if (strlen($password) < 6) {
            printerror("LessPassword", "history.go(-1)");
        }
        $user_r = $empire->fetch1("select userid,password,salt from {$dbtbpre}enewsuser where username='******' limit 1");
        if (!$user_r['userid']) {
            printerror("OldPasswordFail", "history.go(-1)");
        }
        $ch_oldpassword = md5(md5($oldpassword) . $user_r['salt']);
        if ($user_r['password'] != $ch_oldpassword) {
            printerror("OldPasswordFail", "history.go(-1)");
        }
        $salt = make_password(8);
        $password = md5(md5($password) . $salt);
        $a = ",password='******',salt='{$salt}'";
    }
    //风格
    if ($gr['dochadminstyle']) {
        $a .= ",styleid='{$styleid}'";
    }
    $sql = $empire->query("update {$dbtbpre}enewsuser set truename='{$truename}',email='{$email}'" . $a . " where username='******'");
    //安全提问
    $equestion = (int) $_POST['equestion'];
    $eanswer = $_POST['eanswer'];
    $uadd = '';
    if ($equestion) {
        if ($equestion != $_POST['oldequestion'] && !$eanswer) {
            printerror('EmptyEAnswer', '');
        }
        if ($eanswer) {
            $eanswer = ReturnHLoginQuestionStr($userid, $username, $equestion, $eanswer);
            $uadd = ",eanswer='{$eanswer}'";
        }
    } else {
        $uadd = ",eanswer=''";
    }
    $empire->query("update {$dbtbpre}enewsuseradd set equestion='{$equestion}'" . $uadd . " where userid='{$userid}'");
    if ($sql) {
        //操作日志
        insert_dolog("");
        //改变风格
        if ($styleid != $oldstyleid) {
            $styler = $empire->fetch1("select path from {$dbtbpre}enewsadminstyle where styleid='{$styleid}'");
            if ($styler['path']) {
                $set = esetcookie("loginadminstyleid", $styler['path'], 0, 1);
            }
            printerror("EditPasswordSuccessLogin", "../index.php");
            //echo"Edit password success!<script>parent.location.href='../admin.php';</script>";
            exit;
        } else {
            printerror("EditPasswordSuccess", "EditPassword.php");
        }
    } else {
        printerror("DbError", "history.go(-1)");
    }
}
Example #4
0
function login($username,$password,$key,$post){
	global $empire,$public_r,$dbtbpre,$ecms_config;
	$username=RepPostVar($username);
	$password=RepPostVar($password);
	if(!$username||!$password)
	{
		printerror("EmptyKey","index.php");
	}
	//验证码
	$keyvname='checkkey';
	if(!$public_r['adminloginkey'])
	{
		ecmsCheckShowKey($keyvname,$key,0,0);
	}
	if(strlen($username)>30||strlen($password)>30)
	{
		printerror("EmptyKey","index.php");
	}
	$loginip=egetip();
	$logintime=time();
	CheckLoginNum($loginip,$logintime);
	//认证码
	if($ecms_config['esafe']['loginauth']&&$ecms_config['esafe']['loginauth']!=$post['loginauth'])
	{
		InsertErrorLoginNum($username,$password,1,$loginip,$logintime);
		printerror("ErrorLoginAuth","index.php");
	}
	$user_r=$empire->fetch1("select userid,password,salt,salt2,lasttime,lastip,addtime,addip,userprikey,lastipport,addipport from {$dbtbpre}enewsuser where username='******' and checked=0 limit 1");
	if(!$user_r['userid'])
	{
		InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
		printerror("LoginFail","index.php");
	}
	$ch_password=DoEmpireCMSAdminPassword($password,$user_r['salt'],$user_r['salt2']);
	if($user_r['password']!=$ch_password)
	{
		InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
		printerror("LoginFail","index.php");
	}
	//安全问答
	$user_addr=$empire->fetch1("select userid,equestion,eanswer,openip,certkey from {$dbtbpre}enewsuseradd where userid='$user_r[userid]'");
	if(!$user_addr['userid'])
	{
		InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
		printerror("LoginFail","index.php");
	}
	if($user_addr['equestion'])
	{
		$equestion=(int)$post['equestion'];
		$eanswer=$post['eanswer'];
		if($user_addr['equestion']!=$equestion)
		{
			InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
			printerror("LoginFail","index.php");
		}
		$ckeanswer=ReturnHLoginQuestionStr($user_r['userid'],$username,$user_addr['equestion'],$eanswer);
		if($ckeanswer!=$user_addr['eanswer'])
		{
			InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
			printerror("LoginFail","index.php");
		}
	}
	//IP限制
	if($user_addr['openip'])
	{
		eCheckAccessAdminLoginIp($user_addr['openip']);
	}
	//取得随机密码
	$rnd=make_password(20);
	$loginipport=egetipport();
	$sql=$empire->query("update {$dbtbpre}enewsuser set rnd='$rnd',loginnum=loginnum+1,lastip='$loginip',lasttime='$logintime',pretime='$user_r[lasttime]',preip='".RepPostVar($user_r[lastip])."',lastipport='$loginipport',preipport='".RepPostVar($user_r[lastipport])."' where username='******' limit 1");
	$r=$empire->fetch1("select groupid,userid,styleid,userprikey from {$dbtbpre}enewsuser where username='******' limit 1");
	//样式
	if(empty($r[styleid]))
	{
		$stylepath=$public_r['defadminstyle']?$public_r['defadminstyle']:1;
	}
	else
	{
		$styler=$empire->fetch1("select path,styleid from {$dbtbpre}enewsadminstyle where styleid='$r[styleid]'");
		if(empty($styler[styleid]))
		{
			$stylepath=$public_r['defadminstyle']?$public_r['defadminstyle']:1;
		}
		else
		{
			$stylepath=$styler['path'];
		}
	}
	//设置备份
	$cdbdata=0;
	$bnum=$empire->gettotal("select count(*) as total from {$dbtbpre}enewsgroup where groupid='$r[groupid]' and dodbdata=1");
	if($bnum)
	{
		$cdbdata=1;
		$set5=esetcookie("ecmsdodbdata","empirecms",0,1);
    }
	else
	{
		$set5=esetcookie("ecmsdodbdata","",0,1);
	}
	
	ecmsEmptyShowKey($keyvname,0);//清空验证码
	$set4=esetcookie("loginuserid",$r[userid],0,1);
	$set1=esetcookie("loginusername",$username,0,1);
	$set2=esetcookie("loginrnd",$rnd,0,1);
	$set3=esetcookie("loginlevel",$r[groupid],0,1);
	$set5=esetcookie("eloginlic","empirecmslic",0,1);
	$set6=esetcookie("loginadminstyleid",$stylepath,0,1);
	//COOKIE加密验证
	DoEDelFileRnd($r[userid]);
	DoECookieRnd($r[userid],$username,$rnd,$r['userprikey'],$cdbdata,$r[groupid],intval($stylepath),$logintime);
	//最后登陆时间
	$set4=esetcookie("logintime",$logintime,0,1);
	$set5=esetcookie("truelogintime",$logintime,0,1);
	esetcookie('ecertkeyrnds','',0);
	//写入日志
	insert_log($username,'',1,$loginip,0);
	//FireWall
	FWSetPassword();
	if($set1&&$set2&&$set3)
	{
		$cache_enews='doclass,doinfo,douserinfo';
		$cache_ecmstourl='admin.php'.urlencode(hReturnEcmsHashStrDef(1,'ehref'));
		$cache_mess='LoginSuccess';
		$cache_url="CreateCache.php?enews=$cache_enews&ecmstourl=$cache_ecmstourl&mess=$cache_mess".hReturnEcmsHashStrDef(0,'ehref');
		//操作日志
	    insert_dolog("");
		if($post['adminwindow'])
		{
		?>
			<script>
			AdminWin=window.open("<?=$cache_url?>","EmpireCMS","scrollbars");
			AdminWin.moveTo(0,0);
			AdminWin.resizeTo(screen.width,screen.height-30);
			self.location.href="blank.php";
			</script>
		<?
		exit();
		}
		else
		{
			//printerror("LoginSuccess",$cache_url);
			echo'<meta http-equiv="refresh" content="0;url='.$cache_url.'">';
			db_close();
			$empire=null;
			exit();
		}
	}
	else
	{
		printerror("NotCookie","index.php");
	}
}
Example #5
0
function EditUser($userid, $username, $password, $repassword, $groupid, $adminclass, $oldusername, $checked, $styleid, $loginuserid, $loginusername)
{
    global $empire, $class_r, $dbtbpre;
    $userid = (int) $userid;
    if (!$userid || !$username) {
        printerror("EnterUsername", "history.go(-1)");
    }
    //操作权限
    CheckLevel($loginuserid, $loginusername, $classid, "user");
    //修改用户名
    if ($oldusername != $username) {
        $num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsuser where username='******' and userid<>{$userid} limit 1");
        if ($num) {
            printerror("ReUsername", "history.go(-1)");
        }
        //修改信息
        //$nsql=$empire->query("update {$dbtbpre}enewsnews set username='******' where username='******'");
        //修改日志
        $lsql = $empire->query("update {$dbtbpre}enewslog set username='******' where username='******'");
        $lsql = $empire->query("update {$dbtbpre}enewsdolog set username='******' where username='******'");
    }
    //修改密码
    if ($password) {
        if ($password != $repassword) {
            printerror("NotRepassword", "history.go(-1)");
        }
        if (strlen($password) < 6) {
            printerror("LessPassword", "history.go(-1)");
        }
        $salt = make_password(8);
        $salt2 = make_password(20);
        $password = DoEmpireCMSAdminPassword($password, $salt, $salt2);
        $add = ",password='******',salt='{$salt}',salt2='{$salt2}'";
    }
    //管理目录
    for ($i = 0; $i < count($adminclass); $i++) {
        //大栏目
        if (empty($class_r[$adminclass[$i]][islast])) {
            if (empty($class_r[$adminclass[$i]][sonclass]) || $class_r[$adminclass[$i]][sonclass] == "|") {
                continue;
            } else {
                $andclass = substr($class_r[$adminclass[$i]][sonclass], 1);
            }
            $insert_class .= $andclass;
        } else {
            $insert_class .= $adminclass[$i] . "|";
        }
    }
    $insert_class = "|" . $insert_class;
    $styleid = (int) $styleid;
    $groupid = (int) $groupid;
    $checked = (int) $checked;
    $filelevel = (int) $_POST['filelevel'];
    $classid = (int) $_POST['classid'];
    $truename = ehtmlspecialchars($_POST['truename']);
    $email = ehtmlspecialchars($_POST['email']);
    $openip = ehtmlspecialchars($_POST['openip']);
    $sql = $empire->query("update {$dbtbpre}enewsuser set username='******',groupid={$groupid},adminclass='{$insert_class}',checked={$checked},styleid={$styleid},filelevel='{$filelevel}',truename='{$truename}',email='{$email}',classid='{$classid}'" . $add . " where userid='{$userid}'");
    //安全提问
    $equestion = (int) $_POST['equestion'];
    $eanswer = $_POST['eanswer'];
    $uadd = '';
    if ($equestion) {
        if ($equestion != $_POST['oldequestion'] && !$eanswer) {
            printerror('EmptyEAnswer', '');
        }
        if ($eanswer) {
            $eanswer = ReturnHLoginQuestionStr($userid, $username, $equestion, $eanswer);
            $uadd = ",eanswer='{$eanswer}'";
        }
    } else {
        $uadd = ",eanswer=''";
    }
    $empire->query("update {$dbtbpre}enewsuseradd set equestion='{$equestion}',openip='{$openip}'" . $uadd . " where userid='{$userid}'");
    if ($sql) {
        //操作日志
        insert_dolog("userid=" . $userid . "<br>username="******"delete from {$dbtbpre}enewsclassnavcache where navtype='userenews' and userid='{$userid}'");
            $cache_enews = 'douserinfo';
            $cache_ecmstourl = urlencode('user/ListUser.php' . hReturnEcmsHashStrHref2(1));
            $cache_mess = 'EditUserSuccess';
            $cache_uid = $userid;
            $cache_url = "../CreateCache.php?enews={$cache_enews}&uid={$cache_uid}&ecmstourl={$cache_ecmstourl}&mess={$cache_mess}" . hReturnEcmsHashStrHref2(0);
            echo '<meta http-equiv="refresh" content="0;url=' . $cache_url . '">';
            db_close();
            $empire = null;
            exit;
        }
        printerror("EditUserSuccess", "ListUser.php" . hReturnEcmsHashStrHref2(1));
    } else {
        printerror("DbError", "history.go(-1)");
    }
}