function __construct()
{
if (intval(EXPIRES) > 0) {
$expiryTime = intval(EXPIRES);
}
$this->db = DBConnect();
$this->tbUser = $this->db->tbPrefix . 'user';
$this->tbField = $this->db->tbPrefix . 'field';
$this->tbUserField = $this->db->tbPrefix . 'user_field';
$this->tbSession = $this->db->tbPrefix . 'session';
$this->ocKey = Val('ocKey', 'COOKIE');
if (!empty($this->ocKey)) {
$row = $this->db->FirstRow("SELECT userId,token,data FROM " . $this->tbSession . " WHERE ocKey='" . $this->ocKey . "' AND expires>" . time());
$this->userId = intval($row['userId']);
$this->token = $row['token'];
$data = $row['data'];
if (!empty($data)) {
$data = unserialize($data);
$this->adminLevel = intval($data['adminLevel']);
$this->userName = $data['userName'];
$avatarDir = URL_ROOT . '/upload/avatar/';
$this->avatarImg = empty($data['avatarImg']) ? $avatarDir . 'avatar_50_50.gif' : $avatarDir . $data['avatarImg'];
$this->avatarImg_s = empty($data['avatarImg_s']) ? $avatarDir . 'avatar_30_30.gif' : $avatarDir . $data['avatarImg_s'];
$this->signature = $data['signature'];
$this->db->Execute("UPDATE " . $this->tbSession . " SET updateTime='" . time() . "',expires=expires+" . $this->expiryTime . " WHERE ocKey='" . $this->ocKey . "'");
}
}
}
$username = Val('user', 'POST');
if (empty($username)) {
ShowError('用户/邮箱不能为空', $url['login']);
}
$userpwd = Val('pwd', 'POST');
if (empty($userpwd)) {
ShowError('密码不能为空', $url['login']);
}
$captcha = Val('captcha', 'POST');
/*
if(empty($captcha)) ShowError('请输入验证码',$url['login']);
//判断验证码
include(ROOT_PATH.'/source/class/Captcha.class.php');
if(!Captcha::Check($captcha)) ShowError('验证码输入错误',$url['login']);
*/
$auto = Val('auto', 'POST', 1);
if ($user->userId <= 0) {
if ($user->Login($username, $userpwd, $auto)) {
ShowSuccess('登录成功');
} else {
ShowError('登录失败,请检查用户/邮箱或密码', $url['login']);
}
}
break;
case 'logout':
if ($user->Logout()) {
ShowSuccess('成功退出');
}
break;
default:
if ($user->userId > 0) {
if ($emailExisted > 0) {
ShowError("邮箱{$email}已存在", $url['register'], '重新填写');
}
//入库
$executeArr = array('userName' => $username, 'userPwd' => OCEncrypt($userpwd), 'email' => $email, 'phone' => $phone, 'addTime' => time());
if ($db->AutoExecute($tbUser, $executeArr)) {
if (!empty($inviteRow)) {
$regUserId = $db->LastId();
$db->Execute("UPDATE {$tbInviteReg} SET isUsed=1,regUserId='{$regUserId}',regTime='" . time() . "' WHERE id='{$inviteRow[id]}'");
}
//自动登录
$user->Login($username, $userpwd, 1);
ShowSuccess('注册成功', $url['root']);
} else {
ShowError('出错了,请与管理员联系');
}
break;
default:
if ($user->userId > 0) {
ShowError('您已登录,不能进行注册!');
}
$key = Val('key', 'GET');
$smarty = InitSmarty();
$smarty->assign('do', $do);
$smarty->assign('register', REGISTER);
$smarty->assign('key', $key);
$smarty->assign('show', $show);
$smarty->assign('url', $url);
$smarty->display('register.html');
break;
}
$smarty->assign('timeData', $timeData);
$smarty->display('user/time.tpl');
break;
case "x_user":
$title = '帐号资料修改';
$sql1 = 'SELECT * FROM sky_user WHERE userName="******"';
$u_data = $db->Dataset($sql1);
$inviter = $u_data[0][inviter];
$sql2 = 'SELECT addKeyUser FROM sky_invite_reg WHERE inviteKey="' . $inviter . '"';
$u_data2 = $db->FirstColumn($sql2);
$smarty = InitSmarty();
if ($_POST) {
$email = Val('email', 'POST');
$oldPass = Val('oldPass', 'POST');
$newPass = Val('newPass', 'POST');
$cPass = Val('cPass', 'POST');
if (!empty($email) || !preg_match('/^(\\w+\\.)*?\\w+@(\\w+\\.)+\\w+$/', $email)) {
if ($email != $u_data[0][email] && empty($cPass) && empty($oldPass) && empty($newPass)) {
$data = array('email' => $email);
if ($db->AutoExecute($tbUser, $data, 'UPDATE', 'userName="******"')) {
ShowSuccess('恭喜您,修改邮箱成功!', URL_ROOT . '/user/x_user');
} else {
ShowError('修改失败,请联系管理员', 'mailto:sky@03sec.com');
}
} elseif ($email == $u_data && empty($cPass) && empty($oldPass) && empty($newPass)) {
ShowError('您没有做任何修改', 'javascript:history.go(-1)');
} else {
if ($newPass == $cPass) {
$oldp = $u_data[0][userPwd];
if (OCEncrypt($oldPass) == $oldp) {
$data = array('email' => $email, 'userPwd' => OCEncrypt($cPass));
<?php
/**
* code.php 代码文件
* ----------------------------------------------------------------
* OldCMS,site:http://www.oldcms.com
*/
if (!defined('IN_OLDCMS')) {
die('Access Denied');
}
//输入文件格式为js
header("Content-type: application/x-javascript");
header("Cache-Control: nocache");
header("Pragma: no-cache");
$id = Val('id', 'GET', 1);
$urlKey = Val('urlKey', 'GET');
$db = DBConnect();
$project = $db->FirstRow("SELECT * FROM " . Tb('project') . " WHERE id='{$id}' OR urlKey='{$urlKey}'");
if (empty($project)) {
exit;
}
$moduleSetKeys = json_decode($project['moduleSetKeys'], true);
/* 模块 begin */
$moduleIds = array();
if (!empty($project['modules'])) {
$moduleIds = json_decode($project['modules']);
}
if (!empty($moduleIds)) {
$modulesStr = implode(',', $moduleIds);
$modules = $db->Dataset("SELECT * FROM " . Tb('module') . " WHERE id IN ({$modulesStr})");
if (!empty($modules)) {
* ----------------------------------------------------------------
* OldCMS,site:http://www.oldcms.com
*/
if (!defined('IN_OLDCMS')) {
die('Access Denied');
}
$auth = Val('auth', 'GET');
$db = DBConnect();
$project = $db->FirstRow("SELECT * FROM " . Tb('project') . " WHERE authCode='{$auth}'");
if (empty($project)) {
exit('Auth Err.');
}
switch ($act) {
case 'content':
default:
$domain = Val('domain', 'GET');
$where = '';
if (!empty($domain)) {
$where .= " AND domain='{$domain}'";
}
$contents = $db->FirstColumn("SELECT content FROM " . Tb('project_content') . " WHERE projectId='{$project[id]}' {$where} ORDER BY id DESC");
$data = array();
foreach ($contents as $k => $v) {
$row = array();
$v = (array) json_decode($v);
$row['url'] = $v['opener'] ? $v['opener'] : $v['toplocation'];
$row['cookie'] = $v['cookie'];
$data[] = $row;
}
echo JsonEncode($data);
break;
$moduleIds = json_decode($project['modules']);
}
if (!empty($moduleIds)) {
$modulesStr = implode(',', $moduleIds);
$modules = $db->Dataset("SELECT * FROM " . Tb('module') . " WHERE id IN ({$modulesStr})");
if (!empty($modules)) {
foreach ($modules as $module) {
if (!empty($module['keys'])) {
$keys = array_merge($keys, json_decode($module['keys']));
}
}
}
}
/* 模块 end */
foreach ($keys as $key) {
$content[$key] = Val($key, 'REQUEST');
}
if (in_array('toplocation', $keys)) {
$content['toplocation'] = !empty($content['toplocation']) ? $content['toplocation'] : $content['location'];
}
$judgeCookie = in_array('cookie', $keys) ? true : false;
/* cookie hash */
$cookieHash = md5($project['id'] . '_' . $content['cookie'] . '_' . $content['location'] . '_' . $content['toplocation']);
$cookieExisted = $db->FirstValue("SELECT COUNT(*) FROM " . Tb('project_content') . " WHERE projectId='{$project[id]}' AND cookieHash='{$cookieHash}'");
if (!$judgeCookie || $cookieExisted <= 0) {
//服务器获取的content
$serverContent = array();
$serverContent['HTTP_REFERER'] = $_SERVER['HTTP_REFERER'];
$referers = @parse_url($serverContent['HTTP_REFERER']);
$domain = $referers['host'] ? $referers['host'] : '';
$domain = StripStr($domain);
<?php
/**
* index.php 默认页
* ----------------------------------------------------------------
* OldCMS,site:http://www.oldcms.com
*/
include 'init.php';
$do = Val('do', 'GET', 0);
$dos = array('index', 'login', 'project', 'module', 'code', 'api', 'do', 'register', 'user', 'keepsession');
if (!in_array($do, $dos)) {
$do = 'index';
}
include ROOT_PATH . '/source/' . $do . '.php';
}
$keys = Val('keys', 'POST', 0, 1);
$keys = JsonEncode($keys);
$setkeys = Val('setkeys', 'POST', 0, 1);
$setkeys = JsonEncode($setkeys);
$isOpen = Val('isOpen', 'POST', 1);
$code = Val('code', 'POST');
$values = array('title' => $title, 'description' => $description, 'userId' => $user->userId, '`keys`' => $keys, '`setkeys`' => $setkeys, 'code' => $code, 'isOpen' => $isOpen);
$db->AutoExecute(Tb('module'), $values, 'UPDATE', " id={$id}");
ShowSuccess('操作成功');
break;
case 'delete':
if (!$user->CheckToken(Val('token', 'GET'))) {
ShowError('操作失败');
}
$id = Val('id', 'GET', 1);
$db = DBConnect();
//读取module信息
$module = $db->FirstRow("SELECT * FROM " . Tb('module') . " WHERE id='{$id}' AND userId='" . $user->userId . "'");
if (empty($module)) {
ShowError('模块不存在或没有权限');
}
$db->Execute("DELETE FROM " . Tb('module') . " WHERE id='{$id}'");
ShowSuccess('操作成功');
break;
case 'list':
default:
include 'common.php';
$smarty = InitSmarty();
$smarty->assign('do', $do);
$smarty->assign('show', $show);
case 'audit':
$isAudit = Val('isAudit', 'GET', 1);
$id = Val('id', 'GET', 1);
$db = DBConnect();
$tbModule = $db->tbPrefix . 'module';
$db->Execute("UPDATE {$tbModule} SET isAudit='{$isAudit}',managerId='" . $user->userId . "',managerName='" . $user->userName . "' WHERE id='{$id}'");
ShowSuccess('操作成功', URL_ROOT . '/admin/index.php?do=admin_module');
break;
default:
$db = DBConnect();
$tbModule = $db->tbPrefix . 'module';
$tbUser = $db->tbPrefix . 'user';
$where = " AND isOpen=1";
include ROOT_PATH . '/source/class/Pager.class.php';
$countSql = "SELECT COUNT(*) FROM {$tbModule} WHERE 1=1 {$where} ORDER BY id DESC";
$sql = "SELECT m.*,u.userName AS userName FROM {$tbModule} m INNER JOIN {$tbUser} u ON u.id=m.userId WHERE 1=1 {$where} ORDER BY id DESC";
$href = './index.php?do=admin_module';
if (!empty($act)) {
$href .= '&act=' . $act;
}
$pager = new Pager($countSql, $sql, $href, 20, 5, Val('pNO', 'GET', 1));
$modules = $pager->data;
$smarty = InitSmarty(1);
$smarty->assign('modules', $modules);
$smarty->assign('nav', $pager->nav);
$smarty->assign('do', $do);
$smarty->assign('show', $show);
$smarty->assign('url', $url);
$smarty->display('admin_module.html');
break;
}
<?php
/**
* index.php 首页
* ----------------------------------------------------------------
* OldCMS,site:http://www.oldcms.com
*/
if (!defined('IN_OLDCMS')) {
die('Access Denied');
}
$act = Val('act', 'GET');
switch ($act) {
default:
$smarty = InitSmarty();
$smarty->display('index.html');
break;
}
$ucountsql = "SELECT count(*) FROM " . $tbUser . " WHERE 1=1 ORDER BY id DESC";
$href = URL_ROOT . "/admin/usermanage";
$upager = new Pager($ucountsql, $sql, $href, 8, 10, Val('pNO', 'GET', 1));
$uinfo = $upager->data;
$umanage = $db->Dataset($sql);
$smarty = InitSmarty();
$smarty->assign('info', 'usermanage');
$smarty->assign('uinfo', $uinfo);
$smarty->assign('Av', $user->avatarImg);
$smarty->assign('title', $title);
$smarty->assign('unav', $upager->nav);
$smarty->assign('umanage', $umanage);
$smarty->display('admin/umanage.tpl');
break;
case "deluser":
$deluser = Val("uuuuid", 'POST');
$sql = "DELETE FROM " . $tbUser . " WHERE userName='******' LIMIT 1";
if ($db->Execute($sql)) {
ShowSuccess('删除用户 ' . $deluser . ' 成功!!', URL_ROOT . '/admin/usermanage');
} else {
ShowAError('删除用户 ' . $deluser . ' 失败,请联系管理员 sky@03sec.com', URL_ROOT . '/admin/usermanage');
}
break;
default:
$UNUM = $user->getUserNum();
$smarty = InitSmarty();
$title = '后台管理面板';
$smarty->assign('do', $do);
$smarty->assign('show', $show);
$smarty->assign('url', $url);
$smarty->assign('user', $userName);
case 'delcontent':
if (!$user->CheckToken(Val('token', 'POST'))) {
ShowError('操作失败');
}
$id = Val('id', 'POST');
$db = DBConnect();
$content = $db->FirstRow("SELECT pc.projectId FROM " . Tb('project_content') . " pc INNER JOIN " . Tb('project') . " p ON p.id=pc.projectId WHERE p.userId='" . $user->userId . "' AND pc.id='{$id}'");
if (!empty($content)) {
$db->Execute("DELETE FROM " . Tb('project_content') . " WHERE id='{$id}'");
}
echo 1;
break;
case 'delcontents':
if (!$user->CheckToken(Val('token', 'POST'))) {
ShowError('操作失败');
}
$ids = Val('ids', 'POST');
$ids = explode('|', $ids);
//删除
$db = DBConnect();
foreach ($ids as $id) {
$content = $db->FirstRow("SELECT pc.projectId FROM " . Tb('project_content') . " pc INNER JOIN " . Tb('project') . " p ON p.id=pc.projectId WHERE p.userId='" . $user->userId . "' AND pc.id='{$id}'");
if (!empty($content)) {
$db->Execute("DELETE FROM " . Tb('project_content') . " WHERE id='{$id}'");
}
}
echo 1;
break;
default:
break;
}
$smarty->assign('projects', $projects);
$smarty->assign('modules', $modules);
$smarty->assign('input1', $input1);
$smarty->assign('input2', $input2);
$smarty->assign('email', $email);
$smarty->assign('phone', $phone);
$smarty->assign('emsg', $emsg);
$smarty->assign('pmsg', $pmsg);
$smarty->display('user_seting.html');
exit;
break;
case 'submit':
$db = DBConnect();
$phone = Val('phone', 'POST');
$emsg = Val('emsg', 'POST');
$pmsg = Val('pmsg', 'POST');
if (!empty($phone) && !preg_match('/^(\\d{11})$/', $phone)) {
ShowError('手机格式不正确', URL_ROOT . '/index.php?do=user&act=seting', '重新填写');
}
//手机验证
if ($emsg == 'on') {
$emsg = '1';
} else {
$emsg = '0';
}
if ($pmsg == 'on') {
$pmsg = '1';
} else {
$pmsg = '0';
}
$db->Execute("UPDATE " . Tb('user') . " SET phone='" . $phone . "',message='" . $emsg . "|" . $pmsg . "' WHERE id='" . $user->userId . "'");
<?php
/**
* keepsession.php keep session请求
* ----------------------------------------------------------------
*/
if (!defined('IN_OLDCMS')) {
die('Access Denied');
}
$urlKey = Val('id', 'GET');
$url = Val('url', 'GET');
$cookie = Val('cookie', 'GET');
$db = DBConnect();
$project = $db->FirstRow("SELECT * FROM " . Tb('project') . " WHERE urlKey='{$urlKey}'");
if (!empty($project) && !empty($url) && !empty($cookie)) {
$hash = md5($url . $cookie);
$existed = $db->FirstValue("SELECT COUNT(*) FROM " . Tb('keepsession') . " WHERE hash='{$hash}'");
if ($existed <= 0) {
//判断用户key session的请求数量
$sum = $db->FirstValue("SELECT COUNT(*) FROM " . Tb('keepsession') . " WHERE userId='{$project[userId]}'");
if ($sum < 10) {
$sqlValues = array('projectId' => $project['id'], 'userId' => $project['userId'], 'url' => $url, 'cookie' => $cookie, 'hash' => $hash, 'addTime' => time(), 'updateTime' => time());
$db->AutoExecute(Tb('keepsession'), $sqlValues);
}
}
}
