/*
if(empty($captcha)) ShowError('请输入验证码',$url['login']);
//判断验证码
include(ROOT_PATH.'/source/class/Captcha.class.php');
if(!Captcha::Check($captcha)) ShowError('验证码输入错误',$url['login']);
*/
$auto = Val('auto', 'POST', 1);
if ($user->userId <= 0) {
if ($user->Login($username, $userpwd, $auto)) {
ShowSuccess('登录成功');
} else {
ShowError('登录失败,请检查用户/邮箱或密码', $url['login']);
}
}
break;
case 'logout':
if ($user->Logout()) {
ShowSuccess('成功退出');
}
break;
default:
if ($user->userId > 0) {
ShowError('已经登录');
}
$smarty = InitSmarty();
$smarty->assign('do', $do);
$smarty->assign('show', $show);
$smarty->assign('url', $url);
$smarty->display('login.html');
break;
}
} else {
ShowError('出错了,请与管理员联系');
}
break;
//邮箱验证
//邮箱验证
case 'validate':
$key = Val('key', 'GET');
$db = DBConnect();
$tbUser = $db->tbPrefix . 'user';
$existed = $db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE validateKey='{$key}' AND validated=0");
if ($existed <= 0) {
ShowError('验证链接不存在或已失效');
}
$db->Execute("UPDATE {$tbUser} SET validated=1 WHERE validateKey='{$key}'");
ShowSuccess('验证成功,欢迎加入' . $show['sitename'], $url['login'], '登录');
break;
case 'key':
$key = Val('key', 'GET');
echo "hello reg key";
break;
//默认
//默认
default:
if ($user->userId > 0) {
ShowError('您已登录,不能进行注册');
}
$key = Val('key', 'GET');
$smarty = InitSmarty();
$smarty->assign('do', $do);
$smarty->assign('register', REGISTER);
}
//邮箱是否存在
$emailExisted = $db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE email='{$email}'");
if ($emailExisted > 0) {
ShowError("邮箱{$email}已存在", $url['register'], '重新填写');
}
//入库
$executeArr = array('userName' => $username, 'userPwd' => OCEncrypt($userpwd), 'email' => $email, 'phone' => $phone, 'addTime' => time());
if ($db->AutoExecute($tbUser, $executeArr)) {
if (!empty($inviteRow)) {
$regUserId = $db->LastId();
$db->Execute("UPDATE {$tbInviteReg} SET isUsed=1,regUserId='{$regUserId}',regTime='" . time() . "' WHERE id='{$inviteRow[id]}'");
}
//自动登录
$user->Login($username, $userpwd, 1);
ShowSuccess('注册成功', $url['root']);
} else {
ShowError('出错了,请与管理员联系');
}
break;
default:
if ($user->userId > 0) {
ShowError('您已登录,不能进行注册!');
}
$key = Val('key', 'GET');
$smarty = InitSmarty();
$smarty->assign('do', $do);
$smarty->assign('register', REGISTER);
$smarty->assign('key', $key);
$smarty->assign('show', $show);
$smarty->assign('url', $url);
echo $img->error;
} else {
//进行头像缩略
if ($img->Resize(AV_UPPATH . '/' . $imgName, 60, 60, AV_UPPATH . '/s1_' . $imgName)) {
$avpath = AV_PATH . 's1_' . $imgName;
//再次生成一个200*200的图片。方便在面板展示
if ($img->Resize(AV_UPPATH . '/' . $imgName, 200, 200, AV_UPPATH . '/s2_' . $imgName)) {
// echo '头像地址:'.$avpath;
// echo "<br>";
// echo '展示的200x200的地址:'.AV_PATH.'s2_'.$imgName;
// echo "<br>";
// echo '原图地址:'.AV_PATH.'/'.$imgName;
//入库
$data = array('avatarImg' => AV_PATH . 's1_' . $imgName, 'avatarImg_b' => AV_PATH . 's2_' . $imgName, 'avatarImg_s' => AV_PATH . '/' . $imgName);
if ($db->AutoExecute($tbUser, $data, 'UPDATE', "userName='******'")) {
ShowSuccess('头像上传成功,重新登录后生效', URL_ROOT . '/logout', '重新登录');
// echo '入库成功!';
} else {
ShowError('头像上传失败!', URL_ROOT . '/user/newAvatar');
// echo '入库失败';
}
} else {
// echo '缩略图片失败';
}
} else {
// echo '缩略图片失败';
}
}
break;
default:
$title = '社工库查询系统';
* ----------------------------------------------------------------
* OldCMS,site:http://www.oldcms.com
*/
if (!defined('IN_OLDCMS')) {
die('Access Denied');
}
$act = Val('act', 'GET');
$where = '';
switch ($act) {
case 'audit':
$isAudit = Val('isAudit', 'GET', 1);
$id = Val('id', 'GET', 1);
$db = DBConnect();
$tbModule = $db->tbPrefix . 'module';
$db->Execute("UPDATE {$tbModule} SET isAudit='{$isAudit}',managerId='" . $user->userId . "',managerName='" . $user->userName . "' WHERE id='{$id}'");
ShowSuccess('操作成功', URL_ROOT . '/admin/index.php?do=admin_module');
break;
default:
$db = DBConnect();
$tbModule = $db->tbPrefix . 'module';
$tbUser = $db->tbPrefix . 'user';
$where = " AND isOpen=1";
include ROOT_PATH . '/source/class/Pager.class.php';
$countSql = "SELECT COUNT(*) FROM {$tbModule} WHERE 1=1 {$where} ORDER BY id DESC";
$sql = "SELECT m.*,u.userName AS userName FROM {$tbModule} m INNER JOIN {$tbUser} u ON u.id=m.userId WHERE 1=1 {$where} ORDER BY id DESC";
$href = './index.php?do=admin_module';
if (!empty($act)) {
$href .= '&act=' . $act;
}
$pager = new Pager($countSql, $sql, $href, 20, 5, Val('pNO', 'GET', 1));
$modules = $pager->data;
$code = Val('code', 'POST');
$values = array('title' => $title, 'description' => $description, 'userId' => $user->userId, '`keys`' => $keys, '`setkeys`' => $setkeys, 'code' => $code, 'isOpen' => $isOpen);
$db->AutoExecute(Tb('module'), $values, 'UPDATE', " id={$id}");
ShowSuccess('操作成功');
break;
case 'delete':
if (!$user->CheckToken(Val('token', 'GET'))) {
ShowError('操作失败');
}
$id = Val('id', 'GET', 1);
$db = DBConnect();
//读取module信息
$module = $db->FirstRow("SELECT * FROM " . Tb('module') . " WHERE id='{$id}' AND userId='" . $user->userId . "'");
if (empty($module)) {
ShowError('模块不存在或没有权限');
}
$db->Execute("DELETE FROM " . Tb('module') . " WHERE id='{$id}'");
ShowSuccess('操作成功');
break;
case 'list':
default:
include 'common.php';
$smarty = InitSmarty();
$smarty->assign('do', $do);
$smarty->assign('show', $show);
$smarty->assign('url', $url);
$smarty->assign('projects', $projects);
$smarty->assign('modules', $modules);
$smarty->display('module.html');
break;
}
$uinfo = $upager->data;
$umanage = $db->Dataset($sql);
$smarty = InitSmarty();
$smarty->assign('info', 'usermanage');
$smarty->assign('uinfo', $uinfo);
$smarty->assign('Av', $user->avatarImg);
$smarty->assign('title', $title);
$smarty->assign('unav', $upager->nav);
$smarty->assign('umanage', $umanage);
$smarty->display('admin/umanage.tpl');
break;
case "deluser":
$deluser = Val("uuuuid", 'POST');
$sql = "DELETE FROM " . $tbUser . " WHERE userName='******' LIMIT 1";
if ($db->Execute($sql)) {
ShowSuccess('删除用户 ' . $deluser . ' 成功!!', URL_ROOT . '/admin/usermanage');
} else {
ShowAError('删除用户 ' . $deluser . ' 失败,请联系管理员 sky@03sec.com', URL_ROOT . '/admin/usermanage');
}
break;
default:
$UNUM = $user->getUserNum();
$smarty = InitSmarty();
$title = '后台管理面板';
$smarty->assign('do', $do);
$smarty->assign('show', $show);
$smarty->assign('url', $url);
$smarty->assign('user', $userName);
$smarty->assign('num', $UNUM);
$smarty->assign('Av', $user->avatarImg);
$smarty->assign('sitedays', $sitedays);
$smarty->assign('emsg', $emsg);
$smarty->assign('pmsg', $pmsg);
$smarty->display('user_seting.html');
exit;
break;
case 'submit':
$db = DBConnect();
$phone = Val('phone', 'POST');
$emsg = Val('emsg', 'POST');
$pmsg = Val('pmsg', 'POST');
if (!empty($phone) && !preg_match('/^(\\d{11})$/', $phone)) {
ShowError('手机格式不正确', URL_ROOT . '/index.php?do=user&act=seting', '重新填写');
}
//手机验证
if ($emsg == 'on') {
$emsg = '1';
} else {
$emsg = '0';
}
if ($pmsg == 'on') {
$pmsg = '1';
} else {
$pmsg = '0';
}
$db->Execute("UPDATE " . Tb('user') . " SET phone='" . $phone . "',message='" . $emsg . "|" . $pmsg . "' WHERE id='" . $user->userId . "'");
ShowSuccess('修改成功', URL_ROOT . '/index.php?do=user&act=seting');
exit;
break;
default:
break;
}