//上传目录
//加载初始函数库文件
include_once "functions.php";
//加载网站配置文件
$config = (include_once ADMIN_CONF . "config.php");
//身份认证
//实例化session类
$session = new Session();
//开启session
@session_start();
//取得访问文件名
$page_name = basename($_SERVER['SCRIPT_NAME']);
//根据是否需要验证登陆对privilege文件动作是否进行过滤
if ($page_name == 'privilege.php' && ($act == 'login' || $act == 'checklogin' || $act == 'captcha')) {
//不需要判断用户是否登陆
} else {
//通过服务器端的session判断用户是否已经登陆
if ($page_name == 'resetpasswd.php' || $page_name == 'resetemail.php') {
//判断是否进过session页面检测
} else {
if (!isset($_SESSION['u_id'])) {
//没找到session,判断用户端cookie
if (!isset($_COOKIE['user_id'])) {
linkRedirect('privilege.php', '用户信息已失效,请重新登陆!', 1);
}
} else {
$admin = new Admin();
$loginDate = $admin->getById($_SESSION['u_id']);
}
}
}
header("Content-type:text/html;charset=utf-8");
//接受数据
$act = isset($_REQUEST['act']) ? $_REQUEST['act'] : 'login';
//引入配置文件
include_once "./includes/init.php";
//取得get过来的token和email
$token = trim($_GET['token']);
$email = trim($_GET['email']);
//实例化Admin类
$admin = new Admin();
if ($datecheck = $admin->getByEmail($email)) {
//散列从数据库中取得的id、用户名、密码组成的字符串
$tokencheck = md5($datecheck['id'] . $datecheck['a_username'] . $datecheck['a_password']);
//与get过来的token进行比较
if ($tokencheck === $token) {
//判断是否超过24小时
if (time() - $datecheck['getpasstime'] > 24 * 60 * 60) {
$msg = '该链接已过期,请重新请求!';
} else {
@session_start();
//将要重置密码的用户id存入session
$_SESSION['userreset'] = $datecheck['id'];
linkRedirect('resetpasswd.php?act=pass', '正在为您跳转密码重置页面!');
}
} else {
$msg = '链接已失效<br/>';
}
} else {
$msg = '错误的链接!';
}
echo $msg;
$mail->AddAddress($address, "亲");
$mail->IsHTML(true);
$mail->Body = "亲爱的" . $resetemail . ":<br/>您在" . $time . "提交了重置密码请求。请点击下面的链接重置密码(按钮24小时内有效)。<br/><a href='" . $url . "' target='_blank'>" . $url . "</a><br/>如果以上链接无法点击,请将它复制到你的浏览器地址栏中进入访问。<br/>如果您没有提交找回密码请求,请忽略此邮件。";
//邮件主体内容
if (!$mail->Send()) {
echo "Mailer Error: " . $mail->ErrorInfo;
} else {
//更新时间戳
$admin->updateTime($getpasstime, $uid);
echo "重置链接已发送,请检查您的邮箱!";
linkRedirect('privilege.php', '', 2);
}
} elseif ($act == 'pass') {
include_once ADMIN_TEMP . "resetpasswd.html";
} elseif ($act == 'checkpasswd') {
//取得session中的用户id以及post过来的password
$id = $_SESSION['userreset'];
$password = trim($_POST['passWord']);
$passwdconfirm = trim($_POST['passconfirm']);
//合理性验证
if (!($password === $passwdconfirm)) {
linkRedirect('resetpasswd.php?act=pass', '两次输入的密码不一致!请重试!');
} else {
$admin = new Admin();
if ($admin->resetPasswd($id, $password)) {
linkRedirect('privilege.php', '重置密码成功,正在为您跳转至登陆页!');
} else {
//记录进系统日志
}
}
}
}
$emailRegular = '/^([\\w\\.\\_]{2,10})@(\\w{1,}).([a-z]{2,4})$/';
if (!preg_match($emailRegular, $email)) {
linkRedirect('privilege.php?act=edit', '邮箱名部分只能2到10位!');
}
//允许注册的邮箱列表
$allowEmail = array("@qq.com", "@163.com", "@gmail.com", "@outlook.com");
//检测邮箱
if ($emailCheck = strstr($email, '@')) {
if (!in_array($emailCheck, $allowEmail)) {
linkRedirect('privilege.php?act=edit', '只允许更新为QQ、163、gmail和outlook邮箱');
}
} else {
linkRedirect('privilege.php?act=edit', '邮箱名不合法!');
}
$admin = new Admin();
// var_dump($admin);exit;
if ($admin->updateAdmin($password, $email, $id)) {
linkRedirect('privilege.php?act=list', '管理员信息更新成功!');
} else {
linkRedirect('privilege.php?act=edit', '管理员信息更新失败,请重试!');
}
} elseif ($act == "delete") {
$id = $_GET['id'];
$admin = new Admin();
if ($admin->deleteAdmin($id)) {
linkRedirect('privilege.php?act=list', '删除成功!');
} else {
linkRedirect('privilege.php?act=list', '删除失败,请重试!');
}
}
