/** * 验证是否登录 * @return boolean */ public function is_login() { $cookie = array_var($_COOKIE, AUTH_KEY . '_admin_auth'); if (isset($cookie) and !empty($cookie)) { $cookie_data = explode(':', authcode($cookie, $operation = 'DECODE')); if (count($cookie_data) == 3) { $current_cookie_auth = $cookie_data[1]; if ($current_cookie_auth == $this->get_user_agent()) { $current_cookie_username = $cookie_data[0]; $current_cookie_password = $cookie_data[2]; if (self::verify_login_in($current_cookie_username, $current_cookie_password)) { $post = $_POST; if ($_GET['c'] == 'config' && $_GET['a'] == 'mail') { unset($post['config']['smtppass']); } $_postdata = $post ? PostLog($post) : ''; $REQUEST_URI = '?' . $_SERVER['QUERY_STRING']; $onlineip = get_client_ip(); $timestamp = time(); $admin_recordfile = PATH_ADMIN_LOG_PATH . "/admin_log_" . date('Y-m-d') . ".php"; $record_name = str_replace('|', '|', Char_cv($current_cookie_username)); $record_URI = str_replace('|', '|', Char_cv($REQUEST_URI)); $new_record = "<?die;?>" . date('Y-m-d H:i:s') . "|{$record_name}|{$record_URI}|{$onlineip}|{$timestamp}|{$_postdata}|\n"; if (USERNAME != 'admin') { writeover($admin_recordfile, $new_record, "ab"); $oparr = doqueryurl(); $opuser = USERNAME; $opaday = date('Ymd', time()); $opctrl = 'c=' . $_GET['c']; $opact = 'a=' . $_GET['a']; $opstring = $oparr[2]; $times = time(); if ($_GET['a'] == 'welcome' || $_GET['a'] == 'menu' || $_GET['a'] == 'top' || $_GET['a'] == 'getusermsgstatus') { } else { $oplogdata = array(); $oplogdata['aday'] = $opaday; $oplogdata['username'] = $opuser; $oplogdata['ctrl'] = $opctrl; $oplogdata['act'] = $opact; $oplogdata['query'] = $opstring; $oplogdata['timestamp'] = $times; pm_db::query("INSERT INTO iosadm_oplog (aday,username,ctrl,act,`query`,timestamp) VALUES ('{$opaday}','{$opuser}','{$opctrl}','{$opact}','{$opstring}','{$times}')"); } } } return true; } // username_exists( ) } //$current_cookie_auth } return false; }
function PostLog($log) { foreach ($log as $key => $val) { $key = str_replace(array("\n", "\r", "|"), array('\\n', '\\r', '|'), $key); if (is_array($val)) { $data .= "{$key}=array(" . PostLog($val) . ")"; } else { $val = str_replace(array("\n", "\r", "|"), array('\\n', '\\r', '|'), $val); if ($key == 'password' || $key == 'check_pwd') { $data .= "{$key}=***, "; } else { $data .= "{$key}={$val}, "; } } } return $data; }