protected final function CheckAdminInfo($uid = null, $ashell = null)
{
$this->db = System::load_app_model('admin_model', G_ADMIN_DIR);
if ($uid && $ashell) {
$CheckId = _encrypt($uid, 'DECODE');
$CheckAshell = _encrypt($ashell, 'DECODE');
} else {
$CheckId = _encrypt(_getcookie("AID"), 'DECODE');
$CheckAshell = _encrypt(_getcookie("ASHELL"), 'DECODE');
}
if (!$CheckId || !$CheckAshell) {
return false;
}
$info = $this->db->GetOne("SELECT * FROM `@#_admin` WHERE `uid` = '{$CheckId}'");
if (!$info) {
return false;
}
$infoshell = md5($info['username'] . $info['userpass']) . md5($_SERVER['HTTP_USER_AGENT']);
if ($infoshell != $CheckAshell) {
return false;
}
if (empty($_SESSION['token']) && $_SESSION['token'] != md5($info['username'] . $info['userpass'])) {
return false;
}
$this->AdminInfo = $info;
return true;
}
protected final function CheckAdminInfo($uid = null, $ashell = null)
{
$this->db = System::load_app_model('admin_model', G_ADMIN_DIR);
if ($uid && $ashell) {
$CheckId = _encrypt($uid, 'DECODE');
$CheckAshell = _encrypt($ashell, 'DECODE');
} else {
$CheckId = _encrypt(_getcookie("AID"), 'DECODE');
$CheckAshell = _encrypt(_getcookie("ASHELL"), 'DECODE');
}
if (!$CheckId || !$CheckAshell) {
return false;
}
$info = $this->db->GetOne("SELECT * FROM `@#_admin` WHERE `uid` = '{$CheckId}'");
if (isset($_POST['dosubmit']) || isset($_POST['submit-1'])) {
if ($info[mid] == '1') {
_message("测试帐号无修改权限!");
}
}
if (!$info) {
return false;
}
$infoshell = md5($info['username'] . $info['userpass']) . md5($_SERVER['HTTP_USER_AGENT']);
if ($infoshell != $CheckAshell) {
return false;
}
$this->AdminInfo = $info;
return true;
}
public function insert()
{
$msg = array();
$path = isset($_POST['path']) ? _encrypt($_POST['path'], 'DECODE') : '';
$size = isset($_POST['size']) ? _encrypt($_POST['size'], 'DECODE') : 0;
$type = isset($_POST['type']) ? _encrypt($_POST['type'], 'DECODE') : 'image';
$type = explode(',', $this->getUPtype($type, true));
$watermark = $_POST['iswatermark'] == "true" ? "yes" : "no";
if (!is_dir(G_UPLOAD . $path)) {
$msg['ok'] = 'no';
$msg['text'] = $path . "文件夹不存在";
echo json_encode($msg);
exit;
}
System::load_app_class("admin", G_ADMIN_DIR, "no");
$admincheck = admin::StaticCheckAdminInfo() ? 1 : 0;
if (is_array($_FILES['Filedata'])) {
System::load_sys_class('upload', 'sys', 'no');
upload::upload_config($type, $size, $path);
upload::go_upload($_FILES['Filedata'], $watermark);
if (!upload::$ok) {
$msg['ok'] = 'no';
$msg['text'] = upload::$error;
} else {
$msg['ok'] = 'yes';
$msg['text'] = $path . '/' . upload::$filedir . "/" . upload::$filename;
}
echo json_encode($msg);
}
}
public function card_addmoney()
{
$czknum = htmlspecialchars($_POST['czknum']);
$password = htmlspecialchars($_POST['password']);
if (empty($czknum) or empty($password)) {
_message("您尚未填写卡密信息");
}
$czkdata = $this->db->GetList("select * from `@#_czk` where `status` = '1' AND czknum='{$czknum}' AND password='******'");
if (!$czkdata) {
_message("卡号或卡密不正确");
}
$czkdata = $czkdata[0];
$uid = intval(_encrypt(_getcookie("uid"), 'DECODE'));
//查询用户信息
if ($czkdata['type'] == 1) {
$members = $this->db->GetList("select * from `@#_member` where uid='{$uid}'");
$money = $czkdata['mianzhi'] + $members[0]['money'];
$this->db->Query("UPDATE `@#_member` SET money='{$money}' where `uid`='{$uid}' ");
} else {
$members = $this->db->GetList("select * from `@#_member` where uid='{$uid}' and tyczk='0'");
if (empty($members)) {
_message("卡密不存在或者已经参与此活动!");
die;
}
$money = $czkdata['mianzhi'] + $members[0]['money'];
$this->db->Query("UPDATE `@#_member` SET money='{$money}',tyczk='1' where `uid`='{$uid}' ");
}
$this->db->Query("UPDATE `@#_czk` SET status='0' where czknum='{$czknum}' AND password='******' ");
$time = time();
$this->db->Query("INSERT INTO `@#_member_account`(uid,type,pay,content,money,time)VALUES('{$uid}','1','账户','充值卡','{$czkdata['mianzhi']}','{$time}')");
_message("充值成功!");
}
public function __construct()
{
if (ROUTE_M == 'member' && ROUTE_C == 'user' && ROUTE_A == 'login') {
return;
}
if (ROUTE_M == 'member' && ROUTE_C == 'user' && ROUTE_A == 'register') {
return;
}
$uid = intval(_encrypt(_getcookie("uid"), 'DECODE'));
$utype = _encrypt(_getcookie("utype"), 'DECODE');
$ushell = _encrypt(_getcookie("ushell"), 'DECODE');
if ($utype === NULL) {
$this->HeaderLogin();
}
if (!$uid) {
$this->HeaderLogin();
}
$this->userinfo = $this->DB()->GetOne("SELECT * from `@#_member` where `uid` = '{$uid}'");
if (!$this->userinfo) {
$this->HeaderLogin();
}
$shell = md5($this->userinfo['uid'] . $this->userinfo['password'] . $this->userinfo[$utype]);
if ($ushell != $shell) {
$this->HeaderLogin();
}
}
public function insert()
{
$msg = array();
$path = isset($_POST['path']) ? _encrypt($_POST['path'], 'DECODE') : '';
$size = isset($_POST['size']) ? _encrypt($_POST['size'], 'DECODE') : 0;
$type = isset($_POST['type']) ? _encrypt($_POST['type'], 'DECODE') : 'image';
$type = explode(',', $this->getUPtype($type, true));
if (!is_dir(G_UPLOAD . $path)) {
$msg['ok'] = 'no';
$msg['text'] = $path . "文件夹不存在";
echo json_encode($msg);
exit;
}
if (is_array($_FILES['Filedata'])) {
System::load_sys_class('upload', 'sys', 'no');
upload::upload_config($type, $size, $path);
upload::go_upload($_FILES['Filedata']);
if (!upload::$ok) {
$msg['ok'] = 'no';
$msg['text'] = upload::$error;
} else {
$msg['ok'] = 'yes';
$msg['text'] = $path . '/' . upload::$filedir . "/" . upload::$filename;
}
echo json_encode($msg);
}
}
public function Tdefault()
{
$info = $this->AdminInfo;
$SysInfo = GetSysInfo();
$SysInfo['MysqlVersion'] = $this->db->GetVersion();
$versions = System::load_sys_config("version");
$banben_arr = explode(",", _encrypt(G_BANBEN_TYPE, "DECODE", "G_BANBEN_TYPE"));
$banben_num = G_BANBEN_NUMBER;
if (isset($banben_arr[$banben_num])) {
$banben_txt = $banben_arr[$banben_num];
} else {
if (G_BANBEN_NUMBER == -1) {
$banben_txt = base64_decode("5pyq5o6I5p2D");
} else {
if (G_BANBEN_NUMBER == -2) {
$banben_txt = base64_decode("5o6I5p2D5Yiw5pyf");
} else {
$banben_txt = base64_decode("5pyq5o6I5p2D");
}
}
}
$yungou_alert = file_get_contents("http://www.baidu.com");
$text = $banben_txt;
//$catelen = $this->db->count();
include $this->tpl(ROUTE_M, 'admin.default');
}
public function setUp()
{
db_delete_multi('document');
db_delete_multi('post_image');
db_delete_multi('post');
db_delete_multi('category');
db_delete_multi('lc_sessions');
db_delete_multi('user');
db_insert('user', array('fullName' => 'Administrator', 'uid' => 1, 'username' => 'admin', 'password' => _encrypt('admin'), 'email' => '*****@*****.**', 'role' => 'admin', 'isMaster' => 1));
}
function spcook($me)
{
$mysql_model = System::load_sys_class('model');
$uid = _encrypt(_getcookie('uid'), 'DECODE');
$member = $mysql_model->GetOne("select * from `@#_member` where `uid`='" . $uid . "'");
if ($me == "pic") {
$img = explode(".", $member['img']);
return $img[1];
} else {
return $member[$me];
}
}
public function cook()
{
$mysql_model = System::load_sys_class('model');
$uid = _encrypt(_getcookie('uid'), 'DECODE');
$member = $mysql_model->GetOne("select * from `@#_member` where `uid`='" . $uid . "'");
if (!$member) {
$lei = $this->segment(2);
$funct = $this->segment(3);
//echo $lei;
header("location:" . WEB_PATH . "home/user/login?lei=" . $lei . "&funct=" . $funct);
exit;
} else {
return $member;
}
}
/**
* 发送用户验证邮箱
* email @用户邮箱地址
* uid @用户的ID
*/
function send_email_reg($email = null, $uid = null)
{
$db = System::load_sys_class('model');
$checkcode = _getcode(10);
$checkcode_sql = $checkcode['code'] . '|' . $checkcode['time'];
$check_code = serialize(array("email" => $email, "code" => $checkcode['code'], "time" => $checkcode['time']));
$check_code_url = _encrypt($check_code, "ENCODE", '', 3600 * 24);
$clickurl = WEB_PATH . '/member/user/emailok/' . $check_code_url;
$db->Query("UPDATE `@#_member` SET `emailcode`='{$checkcode_sql}' where `uid`='{$uid}'");
$web_name = _cfg("web_name");
$title = _cfg("web_name") . "激活注册邮箱";
$template = $db->GetOne("select * from `@#_caches` where `key` = 'template_email_reg'");
$url = '<a href="';
$url .= $clickurl . '">';
$url .= $clickurl . "</a>";
$template['value'] = str_ireplace("{地址}", $url, $template['value']);
return _sendemail($email, '', $title, $template['value']);
}
public function __construct()
{
$this->mysql_model = System::load_sys_class('model');
$this->userid = intval(_encrypt(_getcookie("uid"), 'DECODE'));
//获取当前客户的基本信息 (积分、剩余金额等)
$this->userinfo = $this->mysql_model->GetOne("SELECT * from `@#_member` where `uid` = '{$this->userid}'");
$curtime = time();
/* if(!$this->userid){
_message("你还未登录,无权限访问该页!",WEB_PATH."/member/user/login");
} */
//显示当前抽奖第几期
$this->ruleinfo = $this->mysql_model->GetOne("select * from `@#_egglotter_rule` where `starttime`<='{$curtime}' and `endtime`>='{$curtime}' and `startusing`=1");
$this->username = $this->userinfo['username'];
$rule_id = $this->ruleinfo['rule_id'];
if (!$this->ruleinfo) {
_message("没有设置游戏");
}
//产看当期奖品
$this->spoilinfo = $this->mysql_model->GetList("select * from `@#_egglotter_spoil` where `rule_id`='{$rule_id}'");
}
protected function checkuser($uid, $ushell)
{
$uid = intval(_encrypt($uid, 'DECODE'));
$ushell = _encrypt($ushell, 'DECODE');
if (!$uid) {
return false;
}
if ($ushell === NULL) {
return false;
}
$this->userinfo = $this->db->GetOne("SELECT * from `@#_member` where `uid` = '{$uid}'");
if (!$this->userinfo) {
$this->userinfo = false;
return false;
}
$shell = md5($this->userinfo['uid'] . $this->userinfo['password'] . $this->userinfo['mobile'] . $this->userinfo['email']);
if ($ushell != $shell) {
$this->userinfo = false;
return false;
} else {
return true;
}
}
static final function StaticCheckAdminInfo($uid = null, $ashell = null)
{
$db = System::load_app_model('admin_model', G_ADMIN_DIR);
if ($uid && $ashell) {
$CheckId = _encrypt($uid, 'DECODE');
$CheckAshell = _encrypt($ashell, 'DECODE');
} else {
$CheckId = _encrypt(_getcookie("AID"), 'DECODE');
$CheckAshell = _encrypt(_getcookie("ASHELL"), 'DECODE');
}
if (!$CheckId || !$CheckAshell) {
return false;
}
$info = $db->GetOne("SELECT * FROM `@#_admin` WHERE `uid` = '{$CheckId}'");
if (!$info) {
return false;
}
$infoshell = md5($info['username'] . $info['userpass']) . md5($_SERVER['HTTP_USER_AGENT']);
if ($infoshell != $CheckAshell) {
return false;
}
return $info;
}
public function __construct()
{
$this->userid = intval(_encrypt(_getcookie("uid"), 'DECODE'));
}
public function mobilecheck()
{
$title = "手机认证 - " . _cfg("web_name");
$check_code = _encrypt($this->segment(4), "DECODE");
$check_code = @unserialize($check_code);
if (!$check_code || !isset($check_code['name']) || !isset($check_code['time'])) {
_message("参数不正确或者验证已过期!", WEB_PATH . '/register');
}
$name = $check_code['name'];
$member = $this->db->GetOne("SELECT * FROM `@#_member` WHERE `reg_key` = '{$check_code['name']}' and `time` = '{$check_code['time']}' LIMIT 1");
if (!$member) {
_message("未知的来源!", WEB_PATH . '/register');
}
if ($member['mobilecode'] == '1') {
_message("该账号验证成功", WEB_PATH . "/login");
}
if ($member['mobilecode'] == '-1') {
$sendok = send_mobile_reg_code($member['reg_key'], $member['uid']);
if ($sendok[0] != 1) {
_message($sendok[1]);
}
header("location:" . WEB_PATH . "/member/user/mobilecheck/" . $this->segment(4));
exit;
}
if (isset($_POST['submit'])) {
$checkcodes = isset($_POST['checkcode']) ? $_POST['checkcode'] : _message("参数不正确!");
if (strlen($checkcodes) != 6) {
_message("验证码输入不正确!");
}
$usercode = explode("|", $member['mobilecode']);
if ($checkcodes != $usercode[0]) {
_message("验证码输入不正确!");
}
$fili_cfg = System::load_app_config("user_fufen");
if ($member['yaoqing']) {
$time = time();
$yaoqinguid = $member['yaoqing'];
//福分、经验添加
if ($fili_cfg['f_visituser']) {
$this->db->Query("insert into `@#_member_account` (`uid`,`type`,`pay`,`content`,`money`,`time`) values ('{$yaoqinguid}','1','福分','邀请好友奖励','{$fili_cfg['f_visituser']}','{$time}')");
}
$this->db->Query("UPDATE `@#_member` SET `score`=`score`+'{$fili_cfg['f_visituser']}',`jingyan`=`jingyan`+'{$fili_cfg['z_visituser']}' where uid='{$yaoqinguid}'");
}
$check = $this->db->Query("UPDATE `@#_member` SET mobilecode='1',mobile='{$member['reg_key']}' where `uid`='{$member['uid']}'");
_message("验证成功", WEB_PATH . "/login");
}
$enname = substr($name, 0, 3) . '****' . substr($name, 7, 10);
$time = 120;
$namestr = $this->segment(4);
include templates("user", "mobilecheck");
}
public function mobileregsn()
{
$mobile = safe_replace($this->segment(4));
$checkcodes = $this->segment(5);
$member = $this->db->GetOne("SELECT * FROM `@#_member` WHERE `mobile` = '{$mobile}' LIMIT 1");
if (strlen($checkcodes) != 6) {
//_message("验证码输入不正确!");
$mobileregsn['state'] = 1;
echo json_encode($mobileregsn);
exit;
}
$usercode = explode("|", $member['mobilecode']);
if ($checkcodes != $usercode[0]) {
//_message("验证码输入不正确!");
$mobileregsn['state'] = 1;
echo json_encode($mobileregsn);
exit;
}
$this->db->Query("UPDATE `@#_member` SET mobilecode='1' where `uid`='{$member['uid']}'");
_setcookie("uid", _encrypt($member['uid']), 60 * 60 * 24 * 7);
_setcookie("ushell", _encrypt(md5($member['uid'] . $member['password'] . $member['mobile'] . $member['email'])), 60 * 60 * 24 * 7);
$mobileregsn['state'] = 0;
$mobileregsn['str'] = 1;
echo json_encode($mobileregsn);
}
function wx_callback()
{
session_start();
if ($_GET["state"] != $_SESSION["wxState"]) {
_messagemobile("登录验证失败!", "" . $wx_set['back'] . "/?/mobile/user/login");
}
$this->db = System::load_sys_class('model');
$wx_set = $this->db->GetOne("SELECT * from `@#_wxset` ");
$code = $_GET["code"];
$procode = $this->segment(4);
file_put_contents('t.txt', "\n\r\r\n-----procode:" . $procode, FILE_APPEND);
$response = file_get_contents("https://api.weixin.qq.com/sns/oauth2/access_token?appid=" . $wx_set['appid'] . "&secret=" . $wx_set['secret'] . "&code={$code}&grant_type=authorization_code");
$jsondecode = json_decode($response, true);
$wx_openid = $jsondecode["openid"];
if (empty($wx_openid)) {
_messagemobile("绑定出错,请联系管理员。");
die;
}
$access_token = $jsondecode["access_token"];
$response = file_get_contents("https://api.weixin.qq.com/sns/userinfo?access_token={$access_token}&openid={$wx_openid}");
$jsondecode = json_decode($response, true);
$nickname = $jsondecode["nickname"];
$go_user_info = $this->db->GetOne("select * from `@#_member_band` where `b_code` = '{$wx_openid}' and `b_type` = 'weixin' LIMIT 1");
if (!$go_user_info) {
$userpass = md5("123456");
$go_user_img = 'photo/member.jpg';
$go_user_time = time();
$q1 = $this->db->Query("INSERT INTO `@#_member` (`username`,`password`,`img`,`band`,`time`,`money`,`first`,code) VALUES ('{$nickname}','{$userpass}','{$go_user_img}','weixin','{$go_user_time}',0,1,'{$procode}')");
$uid = $this->db->insert_id();
$this->db->Query("INSERT INTO `@#_member_band` (`b_uid`, `b_type`, `b_code`, `b_time`) VALUES ('{$uid}', 'weixin', '{$wx_openid}', '{$go_user_time}')");
$member = $this->db->GetOne("select uid,password,mobile,email from `@#_member` where `uid` = '{$uid}' LIMIT 1");
$se1 = _setcookie("uid", _encrypt($member['uid']), 60 * 60 * 24 * 7);
$se2 = _setcookie("ushell", _encrypt(md5($member['uid'] . $member['password'] . $member['mobile'] . $member['email'])), 60 * 60 * 24 * 7);
$callback_url = WEB_PATH . "/mobile/home/mobilebind";
header("Location:{$callback_url}");
} else {
$uid = $go_user_info["b_uid"];
$member = $this->db->GetOne("select uid,password,mobile,email from `@#_member` where `uid` = '{$uid}' LIMIT 1");
$se1 = _setcookie("uid", _encrypt($member['uid']), 60 * 60 * 24 * 7);
$se2 = _setcookie("ushell", _encrypt(md5($member['uid'] . $member['password'] . $member['mobile'] . $member['email'])), 60 * 60 * 24 * 7);
if (!$member['mobile']) {
$callback_url = WEB_PATH . "/mobile/home/mobilebind";
header("Location:{$callback_url}");
} else {
$callback_url = WEB_PATH . "/mobile/activity/";
header("Location:{$callback_url}");
}
}
}
private function qq_set_member($uid = null, $type = 'bind_add_login')
{
$member_db = System::load_app_class('base', 'member');
$memberone = $member_db->get_user_info();
if ($memberone) {
_message("该QQ号已经被其他用户所绑定!", WEB_PATH . '/login');
}
$member = $this->db->GetOne("select uid,password,mobile,email from `@#_member` where `uid` = '{$uid}' LIMIT 1");
$_COOKIE['uid'] = null;
$_COOKIE['ushell'] = null;
$_COOKIE['UID'] = null;
$_COOKIE['USHELL'] = null;
$s1 = _setcookie("uid", _encrypt($member['uid']), 60 * 60 * 24 * 7);
$s2 = _setcookie("ushell", _encrypt(md5($member['uid'] . $member['password'] . $member['mobile'] . $member['email'])), 60 * 60 * 24 * 7);
if ($s1 && $s2) {
if (!$member['email'] || !$member['mobile']) {
_message("登录成功,请绑定邮箱或手机号和及时修改默认密码!", WEB_PATH . '/member/home/modify');
}
_message("登录成功!", G_WEB_PATH);
} else {
_message("登录失败请检查cookie!", G_WEB_PATH);
}
}
/**
* Form token generation
* @return void
*/
public static function token()
{
$token = _encrypt(time());
session_set(_cfg('formTokenName'), $token);
echo '<input type="hidden" name="lc_formToken_' . _cfg('formTokenName') . '" value="' . $token . '" />';
}
?>
',
'token' : '<?php
echo md5('unique_salt' . time());
?>
',
'type' : '<?php
echo _encrypt($type);
?>
',
'path' : '<?php
echo _encrypt($path);
?>
',
'size' : '<?php
echo _encrypt($size);
?>
',
'check' : '<?php
echo $check;
?>
'
},
'auto' : true,
'method' : 'post',
'multi' : true,
'swf' : '<?php
echo G_PLUGIN_PATH;
?>
/uploadify/uploadify.swf',
'uploader' : '<?php
function qznum()
{
$mysql_model = System::load_sys_class('model');
$uid = _encrypt(_getcookie('uid'), 'DECODE');
$member = $mysql_model->GetOne("select * from `@#_member` where `uid`='{$uid}'");
$addgroup = rtrim($member['addgroup'], ",");
if ($addgroup) {
$group = $mysql_model->GetList("select * from `@#_quanzi` where `id` in ({$addgroup})");
return count($group);
} else {
$group = null;
return false;
}
}
function get_user_arr($key = '', $where = '')
{
global $_cfg;
if (isset($_cfg['userinfo'])) {
return $_cfg['userinfo'];
}
if (empty($where)) {
$where = 'uid,username,password,email,mobile,img';
} else {
$where = 'uid,username,password,email,mobile,img,' . $where;
}
$db = System::load_sys_class("model");
$uid = abs(intval(_encrypt(_getcookie("uid"), 'DECODE')));
$ushell = _encrypt(_getcookie("ushell"), 'DECODE');
if (!$uid) {
return false;
}
$_cfg['userinfo'] = $db->GetOne("SELECT {$where} FROM `@#_member` WHERE `uid` = '{$uid}'");
if (!$_cfg['userinfo']) {
return false;
}
$shell = md5($_cfg['userinfo']['uid'] . $_cfg['userinfo']['password'] . $_cfg['userinfo']['mobile'] . $_cfg['userinfo']['email']);
if ($ushell != $shell) {
return false;
}
if (empty($key)) {
return $_cfg['userinfo'];
} elseif (isset($_cfg['userinfo']['key'])) {
return $_cfg['userinfo']['key'];
} else {
return false;
}
}
function Authenticate($username, $password, $postpass, $accesslevel, $db)
{
//this is the guts of the class - does all the actual authentication work. set $is_auth = true if successful
if ($postpass != $password) {
$this->failuremsg = "password";
$this->is_auth = false;
return $this->is_auth;
} elseif ($postpass == $password) {
$data = array('user' => $username, 'pass' => $password, 'access_level' => $accesslevel, 'sessid' => $this->sessid);
$string = serialize($data);
$info = _encrypt($string);
$res = $db->execute("insert into auth_sessions (sessid,crypt_data,sess_time) values (?,?,now())", array($this->sessid, $info));
$is_auth = true;
$this->sessdata = $data;
return $this->is_auth;
} else {
$this->failuremsg = "unknown issue";
$this->is_auth = false;
return $this->is_auth;
}
}
<script>
$(function(){
$("#referDocument li").bind({
mouseover:function(){
var number=$("#referDocument li").index(this)+1;
$(".S0"+number).removeClass("hidden");
},
mouseout:function(){
var number=$("#referDocument li").index(this)+1;
$(".S0"+number).addClass("hidden");
}
})
})
</script>
<?php
$uid = _encrypt(get_user_uid());
?>
<div class="part1">
<div class="wrap"></div>
</div>
<div class="part2 wrap"></div>
<div class="part3 wrap"></div>
<div class="part4 ">
<div class="wrap">
<!--活动规则 start-->
<dl class="activeRegulation fl">
<dt>活动规则:</dt>
<dd>
<i>1</i>您每邀请一位好友成功参与<?php
echo _cfg('web_name_two');
?>
<?php
$success = false;
$error = false;
if (sizeof($_POST)) {
$post = _post($_POST);
extract($post);
# NEW/EDIT
$validations = array('txtUsername' => array('caption' => _t('Username'), 'value' => $txtUsername, 'rules' => array('mandatory')), 'txtPwd' => array('caption' => _t('Password'), 'value' => $txtPwd));
if (form_validate($validations)) {
$args = array();
$user = db_select('user', 'u')->where()->condition('LOWER(username)', strtolower($txtUsername))->getSingleResult();
if ($user) {
if ($user->username === 'admin' && $user->isMaster || $user->password && $user->password == _encrypt($txtPwd)) {
$success = true;
unset($user->password);
# Create the Authentication object
auth_create($user->uid, $user);
} else {
# Other follow-up errors checkup (if any)
validation_addError('Password', _t('Password does not match.'));
$error = true;
}
} else {
# Other follow-up errors checkup (if any)
validation_addError('Username', 'Username does not exists.');
$error = true;
}
if ($error) {
form_set('error', validation_get('errors'));
}
public function resetpassword()
{
if (isset($_POST['submit'])) {
$key = $_POST["hidKey"];
$password = md5($_POST["userpassword"]);
$checkcode = explode("|", _encrypt($key, "DECODE"));
if (count($checkcode) != 3) {
_message("未知错误", NULL, 3);
}
$emailurl = explode("@", $checkcode[0]);
if ($emailurl[1]) {
$sql = "select * from `@#_member` where `email`='{$checkcode['0']}' AND `passcode`= '{$checkcode['1']}|{$checkcode['2']}' LIMIT 1";
} else {
$sql = "select * from `@#_member` where `mobile`='{$checkcode['0']}' AND `passcode`= '{$checkcode['1']}|{$checkcode['2']}' LIMIT 1";
}
$member = $this->DB()->GetOne($sql);
if (!$member) {
_message("未知错误!");
}
$this->DB()->Query("UPDATE `@#_member` SET `password`='{$password}',`passcode`='-1' where `uid`='{$member['uid']}'");
_message("密码重置成功", WEB_PATH . "/member/user/login");
}
}
private function qq_set_member($uid = null, $type = 'bind_add_login')
{
$member_db = System::load_app_class('base', 'member');
$memberone = $member_db->get_user_info();
if ($memberone) {
_message("该QQ号已经被其他用户所绑定!", WEB_PATH . '/login');
}
$member = $this->db->GetOne("select uid,password,mobile,email from `@#_member` where `uid` = '{$uid}' LIMIT 1");
$_COOKIE['uid'] = null;
$_COOKIE['ushell'] = null;
$_COOKIE['UID'] = null;
$_COOKIE['USHELL'] = null;
$time = time();
$user_ip = _get_ip_dizhi();
$this->db->GetOne("UPDATE `@#_member` SET `user_ip` = '{$user_ip}',`login_time` = '{$time}' where `uid` = '{$uid}'");
$s1 = _setcookie("uid", _encrypt($member['uid']), 60 * 60 * 24 * 7);
$s2 = _setcookie("ushell", _encrypt(md5($member['uid'] . $member['password'] . $member['mobile'] . $member['email'])), 60 * 60 * 24 * 7);
$domain = System::load_sys_config('domain');
if (isset($domain[$_SERVER['HTTP_HOST']])) {
if ($domain[$_SERVER['HTTP_HOST']]['m'] == 'mobile') {
$callback_url = WEB_PATH . "/mobile/home";
} else {
$callback_url = WEB_PATH . "/member/home";
}
} else {
$callback_url = WEB_PATH . "/member/home";
}
if ($s1 && $s2) {
if (!$member['email'] || !$member['mobile']) {
_message("登录成功,请绑定邮箱或手机号和及时修改默认密码!", $callback_url);
}
_message("登录成功!", $callback_url);
} else {
_message("登录失败请检查cookie!", G_WEB_PATH);
}
}
public function login()
{
if (isset($_POST['ajax'])) {
$location = WEB_PATH . '/' . ROUTE_M . '/index';
$message = array("error" => false, 'text' => $location);
$username = $_POST['username'];
$password = $_POST['password'];
$code = strtoupper($_POST['code']);
if (empty($username)) {
$message['error'] = true;
$message['text'] = "请输入用户名!";
echo json_encode($message);
exit;
}
if (empty($password)) {
$message['error'] = true;
$message['text'] = "请输入密码!";
echo json_encode($message);
exit;
}
$info = $this->db->GetOne("SELECT * FROM `@#_admin` WHERE `username` = '{$username}' LIMIT 1");
if (!$info) {
$message['error'] = true;
$message['text'] = "登录失败,请检查用户名或密码!";
echo json_encode($message);
exit;
}
if ($info['userpass'] != md5($password)) {
$message['error'] = true;
$message['text'] = "登陆失败!";
echo json_encode($message);
exit;
}
if (!$message['error']) {
_setcookie("AID", _encrypt($info['uid'], 'ENCODE'));
_setcookie("ASHELL", _encrypt(md5($info['username'] . $info['userpass']) . md5($_SERVER['HTTP_USER_AGENT'])));
$this->AdminInfo = $info;
$time = time();
$ip = _get_ip();
$this->db->Query("UPDATE `@#_admin` SET `logintime`='{$time}' WHERE (`uid`='{$info['uid']}')");
$this->db->Query("UPDATE `@#_admin` SET `loginip`='{$ip}' WHERE (`uid`='{$info['uid']}')");
}
echo json_encode($message);
exit;
} else {
include $this->tpl(ROUTE_M, 'user.login');
}
}
public function mobilecheck()
{
$member = $this->userinfo;
if (isset($_POST['submit'])) {
$shoujimahao = base64_decode(_getcookie("mobilecheck"));
if (!_checkmobile($shoujimahao)) {
_messagemobile("手机号码错误!");
}
$checkcodes = isset($_POST['mobile']) ? $_POST['mobile'] : _messagemobile("参数不正确!");
if (strlen($checkcodes) != 6) {
_messagemobile("验证码输入不正确!");
}
$usercode = explode("|", $member['mobilecode']);
if ($checkcodes != $usercode[0]) {
_messagemobile("验证码输入不正确!");
}
$this->db->Query("UPDATE `@#_member` SET `mobilecode`='1',`mobile` = '{$shoujimahao}' where `uid`='{$member['uid']}'");
//夺宝币、经验添加
$isset_user = $this->db->GetList("select `uid` from `@#_member_account` where `content`='手机认证完善奖励' and `type`='1' and `uid`='{$member['uid']}' and (`pay`='经验' or `pay`='夺宝币')");
if (empty($isset_user)) {
$config = System::load_app_config("user_fufen");
//夺宝币/经验
$time = time();
$this->db->Query("insert into `@#_member_account` (`uid`,`type`,`pay`,`content`,`money`,`time`) values ('{$member['uid']}','1','夺宝币','手机认证完善奖励','{$config['f_phonecode']}','{$time}')");
$this->db->Query("insert into `@#_member_account` (`uid`,`type`,`pay`,`content`,`money`,`time`) values ('{$member['uid']}','1','经验','手机认证完善奖励','{$config['z_phonecode']}','{$time}')");
$this->db->Query("UPDATE `@#_member` SET `score`=`score`+'{$config['f_phonecode']}',`jingyan`=`jingyan`+'{$config['z_phonecode']}' where uid='" . $member['uid'] . "'");
}
_setcookie("uid", _encrypt($member['uid']));
_setcookie("ushell", _encrypt(md5($member['uid'] . $member['password'] . $member['mobile'] . $member['email'])));
//夺宝币、经验添加
$isset_user = $this->db->GetOne("select `uid` from `@#_member_account` where `pay`='手机认证完善奖励' and `type`='1' and `uid`='{$member['uid']}' or `pay`='经验'");
if (empty($isset_user)) {
$config = System::load_app_config("user_fufen");
//夺宝币/经验
$time = time();
$this->db->Query("insert into `@#_member_account` (`uid`,`type`,`pay`,`content`,`money`,`time`) values ('{$member['uid']}','1','夺宝币','手机认证完善奖励','{$config['f_overziliao']}','{$time}')");
$this->db->Query("insert into `@#_member_account` (`uid`,`type`,`pay`,`content`,`money`,`time`) values ('{$member['uid']}','1','经验','手机认证完善奖励','{$config['z_overziliao']}','{$time}')");
$mysql_model->Query("UPDATE `@#_member` SET `score`=`score`+'{$config['f_overziliao']}',`jingyan`=`jingyan`+'{$config['z_overziliao']}' where uid='" . $member['uid'] . "'");
$this->db->Query("UPDATE `@#_member` SET score='100' where `uid`='{$member['uid']}'");
}
echo "<script type='text/javascript'>alert('验证成功,请重新登录');</script>";
//_messagemobile("验证成功,请重新登录!",WEB_PATH."/mobile/home");
} else {
_messagemobile("页面错误", null, 3);
}
}
