Exemple #1
0
        /*
        if(empty($captcha)) ShowError('请输入验证码',$url['login']);
        //判断验证码
        include(ROOT_PATH.'/source/class/Captcha.class.php');
        if(!Captcha::Check($captcha)) ShowError('验证码输入错误',$url['login']);
        */
        $auto = Val('auto', 'POST', 1);
        if ($user->userId <= 0) {
            if ($user->Login($username, $userpwd, $auto)) {
                ShowSuccess('登录成功');
            } else {
                ShowError('登录失败,请检查用户/邮箱或密码', $url['login']);
            }
        }
        break;
    case 'logout':
        if ($user->Logout()) {
            ShowSuccess('成功退出');
        }
        break;
    default:
        if ($user->userId > 0) {
            ShowError('已经登录');
        }
        $smarty = InitSmarty();
        $smarty->assign('do', $do);
        $smarty->assign('show', $show);
        $smarty->assign('url', $url);
        $smarty->display('login.html');
        break;
}
Exemple #2
0
     } else {
         ShowError('出错了,请与管理员联系');
     }
     break;
     //邮箱验证
 //邮箱验证
 case 'validate':
     $key = Val('key', 'GET');
     $db = DBConnect();
     $tbUser = $db->tbPrefix . 'user';
     $existed = $db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE validateKey='{$key}' AND validated=0");
     if ($existed <= 0) {
         ShowError('验证链接不存在或已失效');
     }
     $db->Execute("UPDATE {$tbUser} SET validated=1 WHERE validateKey='{$key}'");
     ShowSuccess('验证成功,欢迎加入' . $show['sitename'], $url['login'], '登录');
     break;
 case 'key':
     $key = Val('key', 'GET');
     echo "hello reg key";
     break;
     //默认
 //默认
 default:
     if ($user->userId > 0) {
         ShowError('您已登录,不能进行注册');
     }
     $key = Val('key', 'GET');
     $smarty = InitSmarty();
     $smarty->assign('do', $do);
     $smarty->assign('register', REGISTER);
Exemple #3
0
     }
     //邮箱是否存在
     $emailExisted = $db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE email='{$email}'");
     if ($emailExisted > 0) {
         ShowError("邮箱{$email}已存在", $url['register'], '重新填写');
     }
     //入库
     $executeArr = array('userName' => $username, 'userPwd' => OCEncrypt($userpwd), 'email' => $email, 'phone' => $phone, 'addTime' => time());
     if ($db->AutoExecute($tbUser, $executeArr)) {
         if (!empty($inviteRow)) {
             $regUserId = $db->LastId();
             $db->Execute("UPDATE {$tbInviteReg} SET isUsed=1,regUserId='{$regUserId}',regTime='" . time() . "' WHERE id='{$inviteRow[id]}'");
         }
         //自动登录
         $user->Login($username, $userpwd, 1);
         ShowSuccess('注册成功', $url['root']);
     } else {
         ShowError('出错了,请与管理员联系');
     }
     break;
 default:
     if ($user->userId > 0) {
         ShowError('您已登录,不能进行注册!');
     }
     $key = Val('key', 'GET');
     $smarty = InitSmarty();
     $smarty->assign('do', $do);
     $smarty->assign('register', REGISTER);
     $smarty->assign('key', $key);
     $smarty->assign('show', $show);
     $smarty->assign('url', $url);
Exemple #4
0
         echo $img->error;
     } else {
         //进行头像缩略
         if ($img->Resize(AV_UPPATH . '/' . $imgName, 60, 60, AV_UPPATH . '/s1_' . $imgName)) {
             $avpath = AV_PATH . 's1_' . $imgName;
             //再次生成一个200*200的图片。方便在面板展示
             if ($img->Resize(AV_UPPATH . '/' . $imgName, 200, 200, AV_UPPATH . '/s2_' . $imgName)) {
                 //                    echo '头像地址:'.$avpath;
                 //                    echo "<br>";
                 //                    echo '展示的200x200的地址:'.AV_PATH.'s2_'.$imgName;
                 //                    echo "<br>";
                 //                    echo '原图地址:'.AV_PATH.'/'.$imgName;
                 //入库
                 $data = array('avatarImg' => AV_PATH . 's1_' . $imgName, 'avatarImg_b' => AV_PATH . 's2_' . $imgName, 'avatarImg_s' => AV_PATH . '/' . $imgName);
                 if ($db->AutoExecute($tbUser, $data, 'UPDATE', "userName='******'")) {
                     ShowSuccess('头像上传成功,重新登录后生效', URL_ROOT . '/logout', '重新登录');
                     //                        echo '入库成功!';
                 } else {
                     ShowError('头像上传失败!', URL_ROOT . '/user/newAvatar');
                     //                        echo '入库失败';
                 }
             } else {
                 //                    echo '缩略图片失败';
             }
         } else {
             //                echo '缩略图片失败';
         }
     }
     break;
 default:
     $title = '社工库查询系统';
 * ----------------------------------------------------------------
 * OldCMS,site:http://www.oldcms.com
 */
if (!defined('IN_OLDCMS')) {
    die('Access Denied');
}
$act = Val('act', 'GET');
$where = '';
switch ($act) {
    case 'audit':
        $isAudit = Val('isAudit', 'GET', 1);
        $id = Val('id', 'GET', 1);
        $db = DBConnect();
        $tbModule = $db->tbPrefix . 'module';
        $db->Execute("UPDATE {$tbModule} SET isAudit='{$isAudit}',managerId='" . $user->userId . "',managerName='" . $user->userName . "' WHERE id='{$id}'");
        ShowSuccess('操作成功', URL_ROOT . '/admin/index.php?do=admin_module');
        break;
    default:
        $db = DBConnect();
        $tbModule = $db->tbPrefix . 'module';
        $tbUser = $db->tbPrefix . 'user';
        $where = " AND isOpen=1";
        include ROOT_PATH . '/source/class/Pager.class.php';
        $countSql = "SELECT COUNT(*) FROM {$tbModule} WHERE 1=1 {$where} ORDER BY id DESC";
        $sql = "SELECT m.*,u.userName AS userName FROM {$tbModule} m INNER JOIN {$tbUser} u ON u.id=m.userId WHERE 1=1 {$where} ORDER BY id DESC";
        $href = './index.php?do=admin_module';
        if (!empty($act)) {
            $href .= '&act=' . $act;
        }
        $pager = new Pager($countSql, $sql, $href, 20, 5, Val('pNO', 'GET', 1));
        $modules = $pager->data;
Exemple #6
0
        $code = Val('code', 'POST');
        $values = array('title' => $title, 'description' => $description, 'userId' => $user->userId, '`keys`' => $keys, '`setkeys`' => $setkeys, 'code' => $code, 'isOpen' => $isOpen);
        $db->AutoExecute(Tb('module'), $values, 'UPDATE', " id={$id}");
        ShowSuccess('操作成功');
        break;
    case 'delete':
        if (!$user->CheckToken(Val('token', 'GET'))) {
            ShowError('操作失败');
        }
        $id = Val('id', 'GET', 1);
        $db = DBConnect();
        //读取module信息
        $module = $db->FirstRow("SELECT * FROM " . Tb('module') . " WHERE id='{$id}' AND userId='" . $user->userId . "'");
        if (empty($module)) {
            ShowError('模块不存在或没有权限');
        }
        $db->Execute("DELETE FROM " . Tb('module') . " WHERE id='{$id}'");
        ShowSuccess('操作成功');
        break;
    case 'list':
    default:
        include 'common.php';
        $smarty = InitSmarty();
        $smarty->assign('do', $do);
        $smarty->assign('show', $show);
        $smarty->assign('url', $url);
        $smarty->assign('projects', $projects);
        $smarty->assign('modules', $modules);
        $smarty->display('module.html');
        break;
}
Exemple #7
0
     $uinfo = $upager->data;
     $umanage = $db->Dataset($sql);
     $smarty = InitSmarty();
     $smarty->assign('info', 'usermanage');
     $smarty->assign('uinfo', $uinfo);
     $smarty->assign('Av', $user->avatarImg);
     $smarty->assign('title', $title);
     $smarty->assign('unav', $upager->nav);
     $smarty->assign('umanage', $umanage);
     $smarty->display('admin/umanage.tpl');
     break;
 case "deluser":
     $deluser = Val("uuuuid", 'POST');
     $sql = "DELETE  FROM " . $tbUser . " WHERE userName='******' LIMIT 1";
     if ($db->Execute($sql)) {
         ShowSuccess('删除用户 ' . $deluser . ' 成功!!', URL_ROOT . '/admin/usermanage');
     } else {
         ShowAError('删除用户 ' . $deluser . ' 失败,请联系管理员 sky@03sec.com', URL_ROOT . '/admin/usermanage');
     }
     break;
 default:
     $UNUM = $user->getUserNum();
     $smarty = InitSmarty();
     $title = '后台管理面板';
     $smarty->assign('do', $do);
     $smarty->assign('show', $show);
     $smarty->assign('url', $url);
     $smarty->assign('user', $userName);
     $smarty->assign('num', $UNUM);
     $smarty->assign('Av', $user->avatarImg);
     $smarty->assign('sitedays', $sitedays);
Exemple #8
0
Fichier : user.php Projet : I0T/xss
        $smarty->assign('emsg', $emsg);
        $smarty->assign('pmsg', $pmsg);
        $smarty->display('user_seting.html');
        exit;
        break;
    case 'submit':
        $db = DBConnect();
        $phone = Val('phone', 'POST');
        $emsg = Val('emsg', 'POST');
        $pmsg = Val('pmsg', 'POST');
        if (!empty($phone) && !preg_match('/^(\\d{11})$/', $phone)) {
            ShowError('手机格式不正确', URL_ROOT . '/index.php?do=user&act=seting', '重新填写');
        }
        //手机验证
        if ($emsg == 'on') {
            $emsg = '1';
        } else {
            $emsg = '0';
        }
        if ($pmsg == 'on') {
            $pmsg = '1';
        } else {
            $pmsg = '0';
        }
        $db->Execute("UPDATE " . Tb('user') . " SET phone='" . $phone . "',message='" . $emsg . "|" . $pmsg . "' WHERE id='" . $user->userId . "'");
        ShowSuccess('修改成功', URL_ROOT . '/index.php?do=user&act=seting');
        exit;
        break;
    default:
        break;
}