if ($user->canViewACP($user->data()->id)) { if ($user->isAdmLoggedIn()) { // Can view } else { // Need to re-authenticate. Display login form require 'core/includes/password.php'; // Require password compat library // Deal with input if (Input::exists()) { if (Token::check(Input::get('token'))) { // Validate input $validate = new Validate(); $validation = $validate->check($_POST, array('username' => array('required' => true, 'isbanned' => true, 'isactive' => true), 'password' => array('required' => true))); if ($validation->passed()) { $user = new User(); $login = $user->adminLogin(Input::get('username'), Input::get('password')); if ($login) { Redirect::to("/admin"); die; } else { Session::flash('adm_auth_error', '<div class="alert alert-danger">' . $user_language['incorrect_details'] . '</div>'); } } else { Session::flash('adm_auth_error', '<div class="alert alert-danger">' . $user_language['incorrect_details'] . '</div>'); } } else { // Invalid token Session::flash('adm_auth_error', '<div class="alert alert-danger">' . $admin_language['invalid_token'] . '</div>'); } } ?>
<?php require_once 'core/init.php'; $user = new User(); $result = array('state' => 'success', 'message' => ''); if (!$user->isLoggedIn()) { Redirect::to(login . php); } else { if (Input::exists('post')) { $admin_password = Input::get('admin_password'); $flag = $user->adminLogin($user->data()->id, $admin_password); if ($flag == 'success') { $result['state'] = 'success'; $result['message'] = "验证成功"; } else { if ($flag == 'roleFalse') { $result['state'] = 'failed'; $result['message'] = "验证失败,你不是管理员!"; } else { if ($flag == "loginFalse") { $result['state'] = 'failed'; $result['message'] = "验证失败,请确认密码!"; } } } echo json_encode($result); } }