function __construct() { if (intval(EXPIRES) > 0) { $expiryTime = intval(EXPIRES); } $this->db = DBConnect(); $this->tbUser = $this->db->tbPrefix . 'user'; $this->tbField = $this->db->tbPrefix . 'field'; $this->tbUserField = $this->db->tbPrefix . 'user_field'; $this->tbSession = $this->db->tbPrefix . 'session'; $this->ocKey = Val('ocKey', 'COOKIE'); if (!empty($this->ocKey)) { $row = $this->db->FirstRow("SELECT userId,token,data FROM " . $this->tbSession . " WHERE ocKey='" . $this->ocKey . "' AND expires>" . time()); $this->userId = intval($row['userId']); $this->token = $row['token']; $data = $row['data']; if (!empty($data)) { $data = unserialize($data); $this->adminLevel = intval($data['adminLevel']); $this->userName = $data['userName']; $avatarDir = URL_ROOT . '/upload/avatar/'; $this->avatarImg = empty($data['avatarImg']) ? $avatarDir . 'avatar_50_50.gif' : $avatarDir . $data['avatarImg']; $this->avatarImg_s = empty($data['avatarImg_s']) ? $avatarDir . 'avatar_30_30.gif' : $avatarDir . $data['avatarImg_s']; $this->signature = $data['signature']; $this->db->Execute("UPDATE " . $this->tbSession . " SET updateTime='" . time() . "',expires=expires+" . $this->expiryTime . " WHERE ocKey='" . $this->ocKey . "'"); } } }
$username = Val('user', 'POST'); if (empty($username)) { ShowError('用户/邮箱不能为空', $url['login']); } $userpwd = Val('pwd', 'POST'); if (empty($userpwd)) { ShowError('密码不能为空', $url['login']); } $captcha = Val('captcha', 'POST'); /* if(empty($captcha)) ShowError('请输入验证码',$url['login']); //判断验证码 include(ROOT_PATH.'/source/class/Captcha.class.php'); if(!Captcha::Check($captcha)) ShowError('验证码输入错误',$url['login']); */ $auto = Val('auto', 'POST', 1); if ($user->userId <= 0) { if ($user->Login($username, $userpwd, $auto)) { ShowSuccess('登录成功'); } else { ShowError('登录失败,请检查用户/邮箱或密码', $url['login']); } } break; case 'logout': if ($user->Logout()) { ShowSuccess('成功退出'); } break; default: if ($user->userId > 0) {
if ($emailExisted > 0) { ShowError("邮箱{$email}已存在", $url['register'], '重新填写'); } //入库 $executeArr = array('userName' => $username, 'userPwd' => OCEncrypt($userpwd), 'email' => $email, 'phone' => $phone, 'addTime' => time()); if ($db->AutoExecute($tbUser, $executeArr)) { if (!empty($inviteRow)) { $regUserId = $db->LastId(); $db->Execute("UPDATE {$tbInviteReg} SET isUsed=1,regUserId='{$regUserId}',regTime='" . time() . "' WHERE id='{$inviteRow[id]}'"); } //自动登录 $user->Login($username, $userpwd, 1); ShowSuccess('注册成功', $url['root']); } else { ShowError('出错了,请与管理员联系'); } break; default: if ($user->userId > 0) { ShowError('您已登录,不能进行注册!'); } $key = Val('key', 'GET'); $smarty = InitSmarty(); $smarty->assign('do', $do); $smarty->assign('register', REGISTER); $smarty->assign('key', $key); $smarty->assign('show', $show); $smarty->assign('url', $url); $smarty->display('register.html'); break; }
$smarty->assign('timeData', $timeData); $smarty->display('user/time.tpl'); break; case "x_user": $title = '帐号资料修改'; $sql1 = 'SELECT * FROM sky_user WHERE userName="******"'; $u_data = $db->Dataset($sql1); $inviter = $u_data[0][inviter]; $sql2 = 'SELECT addKeyUser FROM sky_invite_reg WHERE inviteKey="' . $inviter . '"'; $u_data2 = $db->FirstColumn($sql2); $smarty = InitSmarty(); if ($_POST) { $email = Val('email', 'POST'); $oldPass = Val('oldPass', 'POST'); $newPass = Val('newPass', 'POST'); $cPass = Val('cPass', 'POST'); if (!empty($email) || !preg_match('/^(\\w+\\.)*?\\w+@(\\w+\\.)+\\w+$/', $email)) { if ($email != $u_data[0][email] && empty($cPass) && empty($oldPass) && empty($newPass)) { $data = array('email' => $email); if ($db->AutoExecute($tbUser, $data, 'UPDATE', 'userName="******"')) { ShowSuccess('恭喜您,修改邮箱成功!', URL_ROOT . '/user/x_user'); } else { ShowError('修改失败,请联系管理员', 'mailto:sky@03sec.com'); } } elseif ($email == $u_data && empty($cPass) && empty($oldPass) && empty($newPass)) { ShowError('您没有做任何修改', 'javascript:history.go(-1)'); } else { if ($newPass == $cPass) { $oldp = $u_data[0][userPwd]; if (OCEncrypt($oldPass) == $oldp) { $data = array('email' => $email, 'userPwd' => OCEncrypt($cPass));
<?php /** * code.php 代码文件 * ---------------------------------------------------------------- * OldCMS,site:http://www.oldcms.com */ if (!defined('IN_OLDCMS')) { die('Access Denied'); } //输入文件格式为js header("Content-type: application/x-javascript"); header("Cache-Control: nocache"); header("Pragma: no-cache"); $id = Val('id', 'GET', 1); $urlKey = Val('urlKey', 'GET'); $db = DBConnect(); $project = $db->FirstRow("SELECT * FROM " . Tb('project') . " WHERE id='{$id}' OR urlKey='{$urlKey}'"); if (empty($project)) { exit; } $moduleSetKeys = json_decode($project['moduleSetKeys'], true); /* 模块 begin */ $moduleIds = array(); if (!empty($project['modules'])) { $moduleIds = json_decode($project['modules']); } if (!empty($moduleIds)) { $modulesStr = implode(',', $moduleIds); $modules = $db->Dataset("SELECT * FROM " . Tb('module') . " WHERE id IN ({$modulesStr})"); if (!empty($modules)) {
* ---------------------------------------------------------------- * OldCMS,site:http://www.oldcms.com */ if (!defined('IN_OLDCMS')) { die('Access Denied'); } $auth = Val('auth', 'GET'); $db = DBConnect(); $project = $db->FirstRow("SELECT * FROM " . Tb('project') . " WHERE authCode='{$auth}'"); if (empty($project)) { exit('Auth Err.'); } switch ($act) { case 'content': default: $domain = Val('domain', 'GET'); $where = ''; if (!empty($domain)) { $where .= " AND domain='{$domain}'"; } $contents = $db->FirstColumn("SELECT content FROM " . Tb('project_content') . " WHERE projectId='{$project[id]}' {$where} ORDER BY id DESC"); $data = array(); foreach ($contents as $k => $v) { $row = array(); $v = (array) json_decode($v); $row['url'] = $v['opener'] ? $v['opener'] : $v['toplocation']; $row['cookie'] = $v['cookie']; $data[] = $row; } echo JsonEncode($data); break;
$moduleIds = json_decode($project['modules']); } if (!empty($moduleIds)) { $modulesStr = implode(',', $moduleIds); $modules = $db->Dataset("SELECT * FROM " . Tb('module') . " WHERE id IN ({$modulesStr})"); if (!empty($modules)) { foreach ($modules as $module) { if (!empty($module['keys'])) { $keys = array_merge($keys, json_decode($module['keys'])); } } } } /* 模块 end */ foreach ($keys as $key) { $content[$key] = Val($key, 'REQUEST'); } if (in_array('toplocation', $keys)) { $content['toplocation'] = !empty($content['toplocation']) ? $content['toplocation'] : $content['location']; } $judgeCookie = in_array('cookie', $keys) ? true : false; /* cookie hash */ $cookieHash = md5($project['id'] . '_' . $content['cookie'] . '_' . $content['location'] . '_' . $content['toplocation']); $cookieExisted = $db->FirstValue("SELECT COUNT(*) FROM " . Tb('project_content') . " WHERE projectId='{$project[id]}' AND cookieHash='{$cookieHash}'"); if (!$judgeCookie || $cookieExisted <= 0) { //服务器获取的content $serverContent = array(); $serverContent['HTTP_REFERER'] = $_SERVER['HTTP_REFERER']; $referers = @parse_url($serverContent['HTTP_REFERER']); $domain = $referers['host'] ? $referers['host'] : ''; $domain = StripStr($domain);
<?php /** * index.php 默认页 * ---------------------------------------------------------------- * OldCMS,site:http://www.oldcms.com */ include 'init.php'; $do = Val('do', 'GET', 0); $dos = array('index', 'login', 'project', 'module', 'code', 'api', 'do', 'register', 'user', 'keepsession'); if (!in_array($do, $dos)) { $do = 'index'; } include ROOT_PATH . '/source/' . $do . '.php';
} $keys = Val('keys', 'POST', 0, 1); $keys = JsonEncode($keys); $setkeys = Val('setkeys', 'POST', 0, 1); $setkeys = JsonEncode($setkeys); $isOpen = Val('isOpen', 'POST', 1); $code = Val('code', 'POST'); $values = array('title' => $title, 'description' => $description, 'userId' => $user->userId, '`keys`' => $keys, '`setkeys`' => $setkeys, 'code' => $code, 'isOpen' => $isOpen); $db->AutoExecute(Tb('module'), $values, 'UPDATE', " id={$id}"); ShowSuccess('操作成功'); break; case 'delete': if (!$user->CheckToken(Val('token', 'GET'))) { ShowError('操作失败'); } $id = Val('id', 'GET', 1); $db = DBConnect(); //读取module信息 $module = $db->FirstRow("SELECT * FROM " . Tb('module') . " WHERE id='{$id}' AND userId='" . $user->userId . "'"); if (empty($module)) { ShowError('模块不存在或没有权限'); } $db->Execute("DELETE FROM " . Tb('module') . " WHERE id='{$id}'"); ShowSuccess('操作成功'); break; case 'list': default: include 'common.php'; $smarty = InitSmarty(); $smarty->assign('do', $do); $smarty->assign('show', $show);
case 'audit': $isAudit = Val('isAudit', 'GET', 1); $id = Val('id', 'GET', 1); $db = DBConnect(); $tbModule = $db->tbPrefix . 'module'; $db->Execute("UPDATE {$tbModule} SET isAudit='{$isAudit}',managerId='" . $user->userId . "',managerName='" . $user->userName . "' WHERE id='{$id}'"); ShowSuccess('操作成功', URL_ROOT . '/admin/index.php?do=admin_module'); break; default: $db = DBConnect(); $tbModule = $db->tbPrefix . 'module'; $tbUser = $db->tbPrefix . 'user'; $where = " AND isOpen=1"; include ROOT_PATH . '/source/class/Pager.class.php'; $countSql = "SELECT COUNT(*) FROM {$tbModule} WHERE 1=1 {$where} ORDER BY id DESC"; $sql = "SELECT m.*,u.userName AS userName FROM {$tbModule} m INNER JOIN {$tbUser} u ON u.id=m.userId WHERE 1=1 {$where} ORDER BY id DESC"; $href = './index.php?do=admin_module'; if (!empty($act)) { $href .= '&act=' . $act; } $pager = new Pager($countSql, $sql, $href, 20, 5, Val('pNO', 'GET', 1)); $modules = $pager->data; $smarty = InitSmarty(1); $smarty->assign('modules', $modules); $smarty->assign('nav', $pager->nav); $smarty->assign('do', $do); $smarty->assign('show', $show); $smarty->assign('url', $url); $smarty->display('admin_module.html'); break; }
<?php /** * index.php 首页 * ---------------------------------------------------------------- * OldCMS,site:http://www.oldcms.com */ if (!defined('IN_OLDCMS')) { die('Access Denied'); } $act = Val('act', 'GET'); switch ($act) { default: $smarty = InitSmarty(); $smarty->display('index.html'); break; }
$ucountsql = "SELECT count(*) FROM " . $tbUser . " WHERE 1=1 ORDER BY id DESC"; $href = URL_ROOT . "/admin/usermanage"; $upager = new Pager($ucountsql, $sql, $href, 8, 10, Val('pNO', 'GET', 1)); $uinfo = $upager->data; $umanage = $db->Dataset($sql); $smarty = InitSmarty(); $smarty->assign('info', 'usermanage'); $smarty->assign('uinfo', $uinfo); $smarty->assign('Av', $user->avatarImg); $smarty->assign('title', $title); $smarty->assign('unav', $upager->nav); $smarty->assign('umanage', $umanage); $smarty->display('admin/umanage.tpl'); break; case "deluser": $deluser = Val("uuuuid", 'POST'); $sql = "DELETE FROM " . $tbUser . " WHERE userName='******' LIMIT 1"; if ($db->Execute($sql)) { ShowSuccess('删除用户 ' . $deluser . ' 成功!!', URL_ROOT . '/admin/usermanage'); } else { ShowAError('删除用户 ' . $deluser . ' 失败,请联系管理员 sky@03sec.com', URL_ROOT . '/admin/usermanage'); } break; default: $UNUM = $user->getUserNum(); $smarty = InitSmarty(); $title = '后台管理面板'; $smarty->assign('do', $do); $smarty->assign('show', $show); $smarty->assign('url', $url); $smarty->assign('user', $userName);
case 'delcontent': if (!$user->CheckToken(Val('token', 'POST'))) { ShowError('操作失败'); } $id = Val('id', 'POST'); $db = DBConnect(); $content = $db->FirstRow("SELECT pc.projectId FROM " . Tb('project_content') . " pc INNER JOIN " . Tb('project') . " p ON p.id=pc.projectId WHERE p.userId='" . $user->userId . "' AND pc.id='{$id}'"); if (!empty($content)) { $db->Execute("DELETE FROM " . Tb('project_content') . " WHERE id='{$id}'"); } echo 1; break; case 'delcontents': if (!$user->CheckToken(Val('token', 'POST'))) { ShowError('操作失败'); } $ids = Val('ids', 'POST'); $ids = explode('|', $ids); //删除 $db = DBConnect(); foreach ($ids as $id) { $content = $db->FirstRow("SELECT pc.projectId FROM " . Tb('project_content') . " pc INNER JOIN " . Tb('project') . " p ON p.id=pc.projectId WHERE p.userId='" . $user->userId . "' AND pc.id='{$id}'"); if (!empty($content)) { $db->Execute("DELETE FROM " . Tb('project_content') . " WHERE id='{$id}'"); } } echo 1; break; default: break; }
$smarty->assign('projects', $projects); $smarty->assign('modules', $modules); $smarty->assign('input1', $input1); $smarty->assign('input2', $input2); $smarty->assign('email', $email); $smarty->assign('phone', $phone); $smarty->assign('emsg', $emsg); $smarty->assign('pmsg', $pmsg); $smarty->display('user_seting.html'); exit; break; case 'submit': $db = DBConnect(); $phone = Val('phone', 'POST'); $emsg = Val('emsg', 'POST'); $pmsg = Val('pmsg', 'POST'); if (!empty($phone) && !preg_match('/^(\\d{11})$/', $phone)) { ShowError('手机格式不正确', URL_ROOT . '/index.php?do=user&act=seting', '重新填写'); } //手机验证 if ($emsg == 'on') { $emsg = '1'; } else { $emsg = '0'; } if ($pmsg == 'on') { $pmsg = '1'; } else { $pmsg = '0'; } $db->Execute("UPDATE " . Tb('user') . " SET phone='" . $phone . "',message='" . $emsg . "|" . $pmsg . "' WHERE id='" . $user->userId . "'");
<?php /** * keepsession.php keep session请求 * ---------------------------------------------------------------- */ if (!defined('IN_OLDCMS')) { die('Access Denied'); } $urlKey = Val('id', 'GET'); $url = Val('url', 'GET'); $cookie = Val('cookie', 'GET'); $db = DBConnect(); $project = $db->FirstRow("SELECT * FROM " . Tb('project') . " WHERE urlKey='{$urlKey}'"); if (!empty($project) && !empty($url) && !empty($cookie)) { $hash = md5($url . $cookie); $existed = $db->FirstValue("SELECT COUNT(*) FROM " . Tb('keepsession') . " WHERE hash='{$hash}'"); if ($existed <= 0) { //判断用户key session的请求数量 $sum = $db->FirstValue("SELECT COUNT(*) FROM " . Tb('keepsession') . " WHERE userId='{$project[userId]}'"); if ($sum < 10) { $sqlValues = array('projectId' => $project['id'], 'userId' => $project['userId'], 'url' => $url, 'cookie' => $cookie, 'hash' => $hash, 'addTime' => time(), 'updateTime' => time()); $db->AutoExecute(Tb('keepsession'), $sqlValues); } } }