function CheckUser($loginuser,$loginpwd) { if(!TestStringSafe($loginuser)||!TestStringSafe($loginpwd)) { ShowMsg("用户名或密码不合法!","-1"); exit(); } $loginuser = ereg_replace("[;%'\\\?\*\$]","",$loginuser); $dsql = new DedeSql(false); $row = $dsql->GetOne("Select ID,pwd From #@__member where userid='$loginuser' "); if(is_array($row)) //用户存在 { //密码错误 if($row['pwd'] != $loginpwd){ return -1; } else{ //成功登录 $dsql->ExecuteNoneQuery("update #@__member set logintime='".time()."',loginip='".GetIP()."' where ID='{$row['ID']}';"); $dsql->Close(); $this->PutLoginInfo($row['ID']); $this->FushCache(); return 1; } }else{ //用户不存在 return 0; } }
echo "密码错误!"; exit(); } $loginip = Z_GetIP(); $cfg_ndsql->ExecuteNoneQuery("update #@__member set logintime='$ntime',loginip='$loginip' where ID='$ID' "); Z_CloseSql(); $backString = $ID; echo 'OK!'.$backString; exit(); } /*-------------------------------- 更改密码 function __UserEdit() ---------------------------------*/ else if($action=='edit'){ if($newuserpwd==''||!TestStringSafe($newuserpwd)){ echo "用户密码为空或存在非法字符串!"; exit(); } if(strlen($newuserpwd)>24){ echo "用户密码长度不能超过24位!"; exit(); } $newuserpwd = GetEncodePwd($newuserpwd); Z_OpenSql(); $cfg_ndsql->ExecuteNoneQuery("Update #@__member set pwd='$newuserpwd' where userid like '$userid' "); Z_CloseSql(); echo 'OK!'; } /*-------------------------------- 退出系统
foreach($keys as $v) $$v = ''; //解码GET字符串 $rmdata = base64_decode($rmdata); $datas = explode('&',$rmdata); foreach($datas as $ky){ $nkys = explode('=',$ky); if(in_array($nkys[0],$keys) && isset($nkys[1])) ${$nkys[0]} = urldecode($nkys[1]); } $ntime = time(); if($action!='exit'){ //验证证书 if($userid==''||!TestStringSafe($userid)){ echo "用户ID为空或存在非法字符串!".$oldrmdata; exit(); } if(strlen($userid)>24){ echo "用户ID长度不能超过24位!"; exit(); } $testSign = substr(md5($userid.$cfg_cookie_encode),0,24); if($testSign!=$signstr){ echo "证书验证失败!"; exit(); } } //注解里的function仅方便UltraEdit索引,并无其它意义