public function login() { header("Content-type:text/html;charset=utf-8"); //验证码验证 $code = $_POST['verify']; $name = $_POST['name']; $pass = $_POST['pass']; if (!checkVerify($code)) { $this->error("验证码错误"); return; } // else{ // $this->redirect('Index/index', array('status'=>1)); // return; // } //验证用户名和密码 $Admin = M('Admin'); $admin = $Admin->where("username='******' AND password='******'")->find(); if ($admin) { //更新登录时间和次数 $Admin = M('Admin'); $Admin->where('id=' . $admin['id'])->setInc('logincount', 1); $Admin->where('id=' . $admin['id'])->setField('logintime', getTime()); $_SESSION['login'] = $Admin->where("username='******' AND password='******'")->find(); $Role = M('Role'); $role = $Role->where('id=' . $_SESSION['login']['roleid'])->find(); $_SESSION['login']['role'] = $role; $this->redirect('Index/index'); } else { $this->error("账号或密码错误"); } }
<?php !defined('P_W') && exit('Forbidden'); checkVerify('loginhash'); $cookiepre = CookiePre() . '_'; foreach ($_COOKIE as $key => $value) { if (strpos($key, $cookiepre) === 0) { Cookie(substr($key, strlen($cookiepre)), '', 0); } } $referer = strpos($pwServer['HTTP_REFERER'], $db_bbsurl) === 0 ? $pwServer['HTTP_REFERER'] : $db_bbsurl . '/' . $db_bfn; ObHeader($referer);
<div class="hd"> <div class="bg"> <?php if ($_SESSION['name'] == '') { echo '<form class="login-form" action="/shafake/home/register/login" method="post">'; echo '<div class="login-div">'; echo '<div class="login">'; echo '<label id="user">账号</label><input name="name"/><button class="pn">登陆</button>'; echo '</div>'; echo '<div class="login">'; echo '<label id="pwd">密码</label><input name="password" type="password"/><a href="/shafake/home/register" class="pn">注册</a>'; echo '</div>'; echo '</div>'; echo '</form>'; } else { if (checkVerify($_SESSION['uid']) == true) { echo '<div class="user"><strong class="user-name"><a href="/shafake/home/index/userinfo">' . $_SESSION["name"] . '(已认证)</a></strong><a href="/shafake/home/register/logout">退出</a></div>'; } else { echo '<div class="user"><strong class="user-name"><a href="/shafake/home/index/userinfo">' . $_SESSION["name"] . '</a></strong><a href="/shafake/home/register/logout">退出</a></div>'; } } ?> </div> <div class="nv"> <ul> <li><a href="/shafake/home/index">首页</a></li> <li><a href="/shafake/home/verify">认证</a></li> <li><a href="/shafake/home/search">搜索</a></li> <li><a href="/shafake/home/help">帮助</a></li> <li><a href="/shafake/home/admin" target="_blank">后台</a></li> </ul>
<?php !defined('P_W') && exit('Forbidden'); if (empty($_GET['step'])) { define('AJAX', 1); list($db_upload, $db_imglen, $db_imgwidth, $db_imgsize) = explode("\t", $db_upload); S::gp(array('uid', 'verify')); $swfhash = GetVerify($uid); checkVerify('swfhash'); L::loadClass('faceupload', 'upload', false); $face = new FaceUpload($uid); PwUpload::upload($face); $uploaddb = $face->getAttachs(); echo 'success'; //ajax_footer(); //echo $db_bbsurl . '/' . $attachpath . '/' . $uploaddb['fileuploadurl'] . '?' . $timestamp; //exit(); } else { L::loadClass('upload', '', false); $ext = strtolower(substr(strrchr($_GET['filename'], '.'), 1)); $udir = str_pad(substr($winduid, -2), 2, '0', STR_PAD_LEFT); //$source = PwUpload::savePath(0, "{$winduid}_tmp.$ext", "upload/$udir/"); if (!in_array(strtolower($ext), array('gif', 'jpg', 'jpeg', 'png', 'bmp'))) { Showmsg('undefined_action'); } /*if (!file_exists($source)) { Showmsg('头像保存失败,图片大小请不要超过2M!'); }*/ $data = $_SERVER['HTTP_RAW_POST_DATA'] ? $_SERVER['HTTP_RAW_POST_DATA'] : file_get_contents('php://input'); if ($data) { S::gp(array('from'));
function PostCheck($verify = 1, $gdcheck = 0, $qcheck = 0, $refer = 1) { global $pwServer; $verify && checkVerify(); if ($refer && $pwServer['REQUEST_METHOD'] == 'POST') { $referer_a = @parse_url($pwServer['HTTP_REFERER']); if ($referer_a['host']) { list($http_host) = explode(':', $pwServer['HTTP_HOST']); if ($referer_a['host'] != $http_host) { Showmsg('undefined_action'); } } } $gdcheck && GdConfirm($_POST['gdcode']); $qcheck && Qcheck($_POST['qanswer'], $_POST['qkey']); }
$id = $identify ? $mid . '_' . $identify : $mid; } elseif ($do == 'deletecomment') { checkVerify(); S::gp(array('cid', 'mid')); $weibo = $weiboService->getWeibosByMid($mid); $commentService = L::loadClass("comment", "sns"); if ($weibo['uid'] == $winduid || $commentService->checkCommentAuthor($cid) || S::inArray($windid, $manager)) { if ($commentService->deleteComment($cid)) { $weiboService->updateCountNum(array('replies' => -1), $mid, 'plus'); } echo 'ok'; } else { Showmsg("你没有权限删除该评论!"); } } elseif ($do == 'deleteweibo') { checkVerify(); S::gp(array('mid')); $weibo = $weiboService->getWeibosByMid($mid); if ($weibo && ($weibo['uid'] == $winduid || $SYSTEM['delweibo'] || S::inArray($windid, $manager))) { $weiboService->deleteWeibos($mid); $type = $weiboService->getType($weibo['type']); if ($type == 'weibo') { weibocredit('weibo_Delete'); } $userCache = L::loadClass('Usercache', 'user'); $userCache->delete($weibo['uid'], 'weibo'); echo 'ok'; } else { Showmsg("您要删除的微博不存在"); } } elseif ($do == 'lookround') {
$expandCondition = array('fid' => $fid, 'starttime' => $starttime, 'endtime' => $endtime); list($total, $threads) = $searcherService->searchSpecial($condition, $authorid, $page, $perpage, $expandCondition); $pager = $total ? numofpage($total, $page, ceil($total / $perpage), $searchURL . "searcher.php?type={$type}&condition={$condition}&authorid={$authorid}&fid={$fid}&starttime={$starttime}&endtime={$endtime}&", null, '', true) : ''; break; default: $_extendSearcher = L::loadClass('extendsearcher', 'search'); $_searcherService = $_extendSearcher->extendSearcher($type); list($total, $lists) = $_searcherService->searchDefault($page, $perpage); $pager = $total ? numofpage($total, $page, ceil($total / $perpage), $searchURL . "searcher.php?type={$type}&keyword={$keyword}&", null, '', true) : ''; break; } } //*帖子搜索当没有关键字有用户情况走mysql搜索 $isUseMysqlWithThread = S::inArray($type, array('thread', 'diary')) && (!$keyword && ($username || $diaryusername)) ? true : false; if ($type && $keyword || $isUseMysqlWithThread) { strtolower($GLOBALS['pwServer']['REQUEST_METHOD']) == "post" && checkVerify(); if (!$isSphinx && 2 == $step) { if (!$searcherService->checkUserLevel()) { Showmsg('search_limit'); } if (!$searcherService->checkWaitSegment()) { Showmsg('search_wait'); } } $keyword = strip_tags($keyword); //* @include_once pwCache::getPath ( D_P . 'data/bbscache/search_config.php' ); pwCache::getData(D_P . 'data/bbscache/search_config.php'); switch ($type) { case "thread": list($searchForumPart1, $searchForumPart2) = $_searchHelper->getSearchForum(); $adverts = $_searchHelper->getSearchAdvert($keyword);
$db_uploadfiletype = !empty($db_uploadfiletype) ? is_array($db_uploadfiletype) ? $db_uploadfiletype : unserialize($db_uploadfiletype) : array(); $filetype = ''; foreach ($db_uploadfiletype as $key => $value) { $filetype .= ($filetype ? ',' : '') . $key . ':' . $value; } $pwServer['HTTP_USER_AGENT'] = 'Shockwave Flash'; $swfhash = GetVerify($winduid); echo pwJsonEncode(array('uid' => $winduid, 'step' => 2, 'verify' => $swfhash)); } else { define('AJAX', 1); S::gp(array('uid', 'type', 'verify', 'ua'), 'P'); S::gp(array('type')); $uid = intval($uid); !$ua && ($pwServer['HTTP_USER_AGENT'] = 'Shockwave Flash'); $swfhash = GetVerify($uid ? $uid : ''); checkVerify('verify'); if (!$db_allowupload) { showExtraMsg('upload_close'); } $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $winddb = $userService->get($uid); //groupid,memberid !$winddb && showExtraMsg('not_login'); $groupid = $winddb['groupid'] == '-1' ? $winddb['memberid'] : $winddb['groupid']; if (file_exists(D_P . "data/groupdb/group_{$groupid}.php")) { //* require_once pwCache::getPath(S::escapePath(D_P . "data/groupdb/group_$groupid.php")); pwCache::getData(S::escapePath(D_P . "data/groupdb/group_{$groupid}.php")); } else { //* require_once pwCache::getPath(D_P . 'data/groupdb/group_1.php'); pwCache::getData(D_P . 'data/groupdb/group_1.php');
/** * POST请求检查 * * @global array $pwServer * @param int $checkHash 是否检查请求hash * @param int $checkGd 是否检查验证码 * @param int $checkQuestion 是否检查安全问题 * @param int $checkReferer 是否检查refer */ function PostCheck($checkHash = 1, $checkGd = 0, $checkQuestion = 0, $checkReferer = 1) { global $pwServer; $checkHash && checkVerify(); if ($checkReferer && $pwServer['REQUEST_METHOD'] == 'POST') { $refererParsed = @parse_url($pwServer['HTTP_REFERER']); if ($refererParsed['host']) { list($httpHost) = explode(':', $pwServer['HTTP_HOST']); if ($refererParsed['host'] != $httpHost) { Showmsg('undefined_action'); } } } $checkGd && GdConfirm($_POST['gdcode']); $checkQuestion && Qcheck($_POST['qanswer'], $_POST['qkey']); }