/**
* 编辑管理员
**/
public function edit()
{
$Admin = D($this->tab);
$Role = D($this->rotab);
$data = $Admin->where('id=' . I('id'))->find();
if ($this->isPost()) {
if (!I('password')) {
unset($_POST['password']);
unset($_POST['password2']);
} else {
$_POST['sign'] = $sign = randCode(5);
if (I('password') != I('password2')) {
$this->error('两次密码不一致');
}
$_POST['password'] = md5(I('password') . $sign);
$_POST['password2'] = md5(I('password2') . $sign);
}
//添加用户
if (!$Admin->create()) {
$this->error($Admin->getError());
} else {
$lastid = $Admin->where('id=' . I('id'))->save();
if ($lastid > 0) {
$this->success('系统用户添加成功', U('index'));
} else {
$this->error('系统用户添加失败');
}
}
} else {
$list_role = $Role->where('isshow=1')->order('sort asc , id asc')->select();
$this->assign('list_role', $list_role);
$this->assign('data', $data);
$this->display();
}
}
public function auth($datas)
{
$datas = $_POST;
#var_dump(session("yanzhengma"));
# var_dump($_SESSION['verify']);
#echo "<br/>";
# var_dump($_POST['verify_code']);
# exit;
/*if ($_SESSION['verify'] != ($_POST['verify_code'])) {
die(json_encode(array('status' => 0, 'info' => "验证码错误啦,再输入吧")));
} */
$M = M("Admin");
if ($M->where("`a_name`='" . $datas['name'] . "'")->count() >= 1) {
$info = $M->where("`a_name`='" . $datas["name"] . "'")->find();
if ($info['status'] == 0) {
return array('status' => 0, 'info' => "你的账号被禁用,有疑问联系管理员吧");
}
if ($datas['op_type'] == 2) {
$rc = randCode(5);
$code = $info['aid'] . md5($rc);
$url = str_replace(C("webPath"), "", C("WEB_ROOT")) . U("Public/findPwd", array("code" => $code));
$body = "请在浏览器上打开地址:<a href='{$url}'>{$url}</a> 进行密码重置操作 ";
$return = send_mail($datas["name"], "", "找回密码", $body);
if ($return == 1) {
$info['find_code'] = $rc;
$M->save($info);
return array('status' => 1, 'info' => "重置密码邮件已经发往你的邮箱" . $_POST['name'] . "中,请注意查收");
} else {
return array('status' => 0, 'info' => "{$return}");
}
exit;
}
if ($info['a_pwd'] == encrypt($datas['pwd'])) {
$loginMarked = C("TOKEN");
$loginMarked = md5($loginMarked['admin_marked']);
$shell = $info['a_id'] . md5($info['a_pwd'] . C('AUTH_CODE'));
$_SESSION[$loginMarked] = "{$shell}";
$shell .= "_" . time();
setcookie($loginMarked, "{$shell}", 0, "/");
$_SESSION['my_info'] = $info;
//修改最后登录的时间和IP地址
$M->where("a_id=" . $info['a_id'])->save(array("last_login" => time(), "last_ip" => $_SERVER['REMOTE_ADDR']));
//获取管理员的角色
$role_list = M("RoleUser")->where("user_id=" . $info['a_id'])->find();
$_SESSION['my_info']['role'] = $role_list['role_id'];
return array('status' => 1, 'info' => "登录成功", 'url' => U("Index/index"));
} else {
return array('status' => 0, 'info' => "账号或密码错误");
}
} else {
return array('status' => 0, 'info' => "不存在账户为:" . $datas["name"] . '的管理员账号!');
}
}
/**
*短信验证处理
*
*Return $msg,ok为正常处理,pass为次数超出 ,having 为已经注册了,time 为时间限定条件,三分钟内不发
*/
public function phonecodesend()
{
$phone = I('param.phone', 'null');
$code = strtolower(randCode());
//随机验证码
$condition['telephone'] = $phone;
$usercheck = M('user', 'yijiayi.')->where($condition)->find();
//用户是否存在
$sessionValue = array('phone' => $phone, 'time' => time(), 'value' => $code, 'number' => '1');
//缓存数据设置
$checktruecode = session('getsession');
$codeTime = date("d", $checktruecode['time']);
$nowTime = date("d", time());
/**
*判定是否存在session 空,发
*判定session时间有效性
*/
$tpl_value = '【一家依】您的验证码是' . $code;
//发送信息的母板
if (empty($usercheck)) {
if (empty($checktruecode)) {
//session 为空
echo 'need to setting session';
$_SESSION['getsession'] = $sessionValue;
send_sms('cf34160f4719430181a3d387f9dda3c8', $tpl_value, $phone);
//发送信息
$res_code = "ok";
//操作成功标注
} else {
if ($codeTime != $nowTime) {
//当天没发送记录
send_sms('cf34160f4719430181a3d387f9dda3c8', $tpl_value, $phone);
$_SESSION['getsession'] = $sessionValue;
$res_code = "ok";
} else {
if ($checktruecode['number'] <= '5') {
//当天没发送记录>5
$setNumber = $checktruecode['number'] + "1";
$_SESSION['getsession'] = array('phone' => $phone, 'time' => time(), 'value' => $code, 'number' => $setNumber);
send_sms('cf34160f4719430181a3d387f9dda3c8', $tpl_value, $phone);
$type = "ok";
} else {
$type = "pass";
}
$res_code = $type;
}
}
} else {
$res_code = "having";
}
$res_data['msg'] = $res_code;
$this->ajaxReturn($res_data);
}
public function auth($datas)
{
$datas = $_POST;
if ($_SESSION['verify'] != md5($_POST['verify_code'])) {
die(json_encode(array('status' => 0, 'info' => "验证码错误啦,再输入吧")));
}
$M = M("Admin");
if ($M->where("`email`='" . $datas['email'] . "'")->count() >= 1) {
$info = $M->where("`email`='" . $datas["email"] . "'")->find();
if ($info['status'] == 0) {
return array('status' => 0, 'info' => "你的账号被禁用,有疑问联系管理员吧");
}
if ($datas['op_type'] == 2) {
$rc = randCode(5);
$code = $info['aid'] . md5($rc);
$url = str_replace(C("webPath"), "", C("WEB_ROOT")) . U("Public/findPwd", array("code" => $code));
$body = "请在浏览器上打开地址:<a href='{$url}'>{$url}</a> 进行密码重置操作 ";
$return = send_mail($datas["email"], "", "找回密码", $body);
if ($return == 1) {
$info['find_code'] = $rc;
$M->save($info);
return array('status' => 1, 'info' => "重置密码邮件已经发往你的邮箱" . $_POST['email'] . "中,请注意查收");
} else {
return array('status' => 0, 'info' => "{$return}");
}
exit;
}
if ($info['pwd'] == encrypt($datas['pwd'])) {
$loginMarked = C("TOKEN");
$loginMarked = md5($loginMarked['admin_marked']);
$shell = $info['aid'] . md5($info['pwd'] . C('AUTH_CODE'));
$_SESSION[$loginMarked] = "{$shell}";
$shell .= "_" . time();
setcookie($loginMarked, "{$shell}", 0, "/");
$_SESSION['my_info'] = $info;
return array('status' => 1, 'info' => "登录成功", 'url' => U("Index/index"));
} else {
return array('status' => 0, 'info' => "账号或密码错误");
}
} else {
return array('status' => 0, 'info' => "不存在邮箱为:" . $datas["email"] . '的管理员账号!');
}
}
function unzipSqlfile()
{
if (!IS_POST) {
return FALSE;
}
if ($_SESSION['unzip']) {
$files = $_SESSION['unzip']['files'];
} else {
$_SESSION['unzip']['time'] = time();
if (!$_POST['zipFiles'] || count($_POST['zipFiles']) == 0) {
die(evaljson_encode(array("status" => 0, "info" => "请选择要解压的zip文件")));
}
$files = $_POST['zipFiles'];
$_SESSION['unzip']['files'] = $files;
$_SESSION['unzip']['count'] = count($files);
}
foreach ($files as $k => $file) {
D("SysData")->unzip($file);
if (count($files) > 1) {
echo json_encode(array("status" => 1, "info" => "正在解压缩请耐心等待,解压期间请勿刷新本页 <font color=\"red\">当前已经解压完{$file}</font>", "url" => U('SysData/unzipSqlfile', array(randCode() => randCode()))));
unset($_SESSION['unzip']['files'][$k]);
exit;
}
}
$time = time() - $_SESSION['unzip']['time'];
unset($_SESSION['unzip']);
die(json_encode(array("status" => 1, "info" => "已解压完成<br/>耗时:{$time} 秒")));
//, "url" => U('SysData/restore')
}
/**
* @param $params
* @param $DB
* @param $scopeNames
* @return string
*/
function createCodeToken($params, $scopeNames)
{
global $DB;
$code = randCode(8);
$DB->delete_records('broadecos_token', array('course_id' => $params['course_id'], 'service_id' => $params['client_id'], 'token' => 0));
$token = new stdClass();
$token->token = 0;
$token->code = $code;
$token->participant_id = null;
$token->course_id = $params['course_id'];
$token->service_id = $params['client_id'];
$token->session_id = 0;
$token->approved_scopes = implode(';', $scopeNames);
$token->timecreated = time();
$token->timeupdated = time();
$token->id = $DB->insert_record('broadecos_token', $token);
return $token;
}
function getcookieid()
{
if (trim(cookie("cartuuid")) != "") {
return cookie("cartuuid");
} else {
$md5cookie = md5(get_client_ip() . "+" . randCode(8, 0));
cookie("cartuuid", $md5cookie);
return $md5cookie;
}
}
/**
* Returns the html for the pagination
*
* @version 1.0
* @since 1.0.0
* @author Dan Aldridge
*
* @param array $options
*
* @return int
*/
public function getPagination($options = array())
{
$options = array('url' => doArgs('url', '', $options), 'controls' => doArgs('controls', false, $options), 'type' => doArgs('type', 'pagination-mini', $options), 'showOne' => doArgs('showOne', false, $options));
$objTPL = Core_Classes_coreObj::getTPL();
$objUser = Core_Classes_coreObj::getUser();
// if we have 1 or less pages, then unless we specifically want to see it, hide the pagination
if ($this->getTotalPages() <= 1) {
if ($options['showOne'] === false) {
return '';
}
}
// generate the pagination handle - each one has to be diff, to support > 1 on a page
$handle = 'pagination_' . randCode(6);
$objTPL->set_filenames(array($handle => cmsROOT . 'modules/core/views/markup.tpl'));
// figure out which one we want to use
$switch = IS_ONLINE ? $objUser->get('paginationStyle') : '1';
if (!method_exists($this, 'paginationStyle' . $switch)) {
$switch = '1';
}
$pages = $this->{'paginationStyle' . $switch}($options['controls']);
$pages = isset($pages) ? $pages : array();
// setup the output
$objTPL->assign_block_vars('pagination', array('TYPE' => $options['type']));
foreach ($pages as $page) {
$objTPL->assign_block_vars('pagination.page', array('NUM' => doArgs('label', doArgs('count', '0', $page), $page), 'STATE' => doArgs('state', '', $page)));
if (doArgs('url', true, $page)) {
$objTPL->assign_block_vars('pagination.page.url', array('URL' => doArgs('url', true, $page) ? $this->url . $this->instance . '=' . doArgs('count', '0', $page) : ''));
} else {
$objTPL->assign_block_vars('pagination.page.span', array());
}
}
// and output
$objTPL->parse($handle, false);
return $objTPL->get_html($handle);
}
public function sendPhoneReg()
{
include "./PhoneMessage/CCPRestSmsSDK.php";
//2 接受手机号码
$phone = I('post.phone');
//3 设置验证码的长度与类型,以及时间
$code = randCode(4, 1);
$time = 2;
//4 调用方法
$res = sendTemplateSMS($phone, array($code, $time), "1");
//手机号码,替换内容数组,模板ID
//5 判断返回信息
if ($res['sign'] == 1) {
//设置cookie
session('code', $code);
}
//6 返回json数据
$this->ajaxReturn(json_encode($res));
}
/**
* Returns array('success'=>true) or array('error'=>'error message')
*/
function handleUpload($uploadDirectory, $replaceOldFile = FALSE)
{
if (!is_writable($uploadDirectory)) {
return array('error' => "Server error. Upload directory isn't writable.");
}
if (!$this->file) {
return array('error' => 'No files were uploaded.');
}
$size = $this->file->getSize();
if ($size == 0) {
return array('error' => 'File is empty');
}
if ($size > $this->sizeLimit) {
return array('error' => 'File is too large');
}
$pathinfo = pathinfo($this->file->getName());
$filename = preg_replace("/(\\s){1,}/", '_', $pathinfo['filename']);
//BugBase Modification
$r = randCode(16);
$fn = $filename;
$filename = $r . "_" . $filename;
//--------------------
//$filename = md5(uniqid());
$ext = $pathinfo['extension'];
if ($this->allowedExtensions && !in_array(strtolower($ext), $this->allowedExtensions)) {
$these = implode(', ', $this->allowedExtensions);
return array('error' => 'File has an invalid extension, it should be one of ' . $these . '.');
}
if (!$replaceOldFile) {
/// don't overwrite previous files that were uploaded
while (file_exists($uploadDirectory . $filename . '.' . $ext)) {
$filename .= rand(10, 99);
}
}
if ($this->file->save($uploadDirectory . $filename . '.' . $ext)) {
//BugBase Modifcation
/* Log the attachment in the database */
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Blibber bobber");
mysql_select_db(DB_NAME) or die("blabber blobber");
$qry = "SELECT MAX( attach_id ) FROM ost_ticket_attachment";
$res = mysql_query($qry);
$row = mysql_fetch_row($res);
$attach_id = $row[0] + 1;
/* max +1 for next */
$ticket = sanitize($_GET['ticket']);
$filesize = filesize($uploadDirectory . $filename . '.' . $ext);
//insert the attachment, remember at this point we don't have ref_id though. only uploaded it
$qry = "INSERT INTO ost_ticket_attachment(attach_id,ticket_id,ref_id,ref_type,file_size,file_name,file_key,deleted,created) VALUES('" . $attach_id . "','" . $ticket . "','222','M','" . $filesize . "','" . ($fn . "." . $ext) . "','" . $r . "','0',NOW())";
$res = mysql_query($qry);
mysql_close($link);
//-------------------
return array('success' => true, 'attach_id' => $attach_id);
} else {
return array('error' => 'Could not save uploaded file.' . 'The upload was cancelled, or server error encountered');
}
}
include_once "./templates/s3.php";
exit;
case '4':
if (intval($_GET['install'])) {
$n = intval($_GET['n']);
$arr = array();
$dbHost = trim($_POST['dbhost']);
$dbPort = trim($_POST['dbport']);
$dbName = trim($_POST['dbname']);
$dbHost = empty($dbPort) || $dbPort == 3306 ? $dbHost : $dbHost . ':' . $dbPort;
$dbUser = trim($_POST['dbuser']);
$dbPwd = trim($_POST['dbpw']);
$dbPrefix = empty($_POST['dbprefix']) ? 'think_' : trim($_POST['dbprefix']);
$email = trim($_POST['manager_email']);
$password = trim($_POST['manager_pwd']);
$verify = randCode(6);
$config = array();
$config['SITE_INFO']['name'] = addslashes(trim($_POST['sitename']));
//网站名称
$config['SITE_INFO']['keyword'] = trim($_POST['sitekeywords']);
//关键词
$config['SITE_INFO']['description'] = trim($_POST['siteinfo']);
//描述
$config['WEB_ROOT'] = trim($_POST['siteurl']);
//网站域名
$config['AUTH_CODE'] = $verify;
$config['ADMIN_AUTH_KEY'] = $email;
$config['DB_HOST'] = $dbHost;
$config['DB_NAME'] = $dbName;
$config['DB_USER'] = $dbUser;
$config['DB_PWD'] = $dbPwd;
public function sendSMSCheckNO()
{
$phone = $this->post('phone');
$code = randCode();
$redis_key = $_SESSION['uid'] . ':sms';
$code_key = $_SESSION['uid'] . ':sms_code';
if (strlen($code) != 4) {
echo '短信发送异常';
exit;
}
if (mobileCheck($phone)) {
echo '手机号码不对';
exit;
}
//限制发送时间
if ($this->cacheKV()->exists($redis_key)) {
echo '请稍后再发送';
exit;
}
$this->cacheKV()->setex($redis_key, $this->kvExTime(), 1);
//发送成功标识,用来重发
Doo::loadClassAt('SmsApi', 'default');
$clapi = new SmsApi();
$result = $clapi->sendSMS($phone, '您好,您的验证码是 ' . $code . ' <微微乐>', 'true');
$result = $clapi->execResult($result);
if ($result[1] == 0) {
echo '发送成功';
$this->cacheKV()->setex($code_key, $this->kvExTime() * 10, $code);
//10分钟内有效
} else {
echo "发送失败{$result[1]}";
}
exit;
}
function randImgName($num = 20)
{
return uniqid() . randCode($num);
}
/**
* Gets the token for the session
*
* @version 1.0
* @since 1.0.0
* @author Dan Aldridge
*
* @param bool $forceNew
*
* @return string $token
*/
public function getToken($forceNew = false)
{
if (empty($_SESSION['token']) || $forceNew) {
$token = randCode(12);
$_SESSION['token'] = md5($token);
}
return $_SESSION['token'];
}
<?php require '../engine/fun.php'; echo randCode(30); echo "<br/>"; echo randImgName(30); echo "<br/>"; echo uniqid();
if ($type == 0) {
array_pop($arr);
$string = implode("", $arr);
} elseif ($type == "-1") {
$string = implode("", $arr);
} else {
$string = $arr[$type];
}
$count = strlen($string) - 1;
$code = '';
for ($i = 0; $i < $length; $i++) {
$code .= $string[rand(0, $count)];
}
return $code;
}
$rand = randCode(10, 1);
var_dump($rand);
$address = $_SERVER["REMOTE_ADDR"];
mysqli_select_db($conn, "`ouch`");
$sql = "INSERT INTO `ouch`.`cookies`(`randomname`,`ipaddress`)\n VALUES('.{$rand}.','.{$address}.')";
mysqli_query($conn, $sql);
// echo 'sqltext:'.$sql;
$n = 0;
$result = mysqli_query($conn, "SELECT * FROM `ouch`.`cookies`");
$row = mysqli_fetch_array($result);
$coo[$n] = $row['randomname'];
if ($coo[0] != NULL) {
echo "植入成功";
} else {
echo "植入失败,请回炉重造。";
}
public function __construct()
{
parent::__construct();
$this->sign = randCode(5);
}
function forget()
{
$post = $this->req->post;
if (count($post)) {
$phone = $post['phone'];
$code = $post['code'];
if (!validate('phone', $phone)) {
setHint('手机号格式不正确', 'bad');
$this->res->redirect('home/forget');
}
if (!validate('code', $code)) {
setHint('验证码格式不正确', 'bad');
$this->res->redirect('home/forget');
}
$user = $this->load->model('user');
$result = $user->findByPhone($phone);
if ($result) {
$newpass = randCode(8);
$result2 = $user->updatePassByPhone($phone, md5($newpass));
if ($result2) {
//发送sms
sendSmscode($phone, '您的新密码是' . $newpass);
setHint('密码已发送到您的手机,请稍后……');
$this->res->redirect('home/login');
} else {
setHint('变更密码失败', 'bad');
$this->res->redirect('home/forget');
}
} else {
setHint('没有此用户', 'bad');
$this->res->redirect('home/forget');
}
} else {
return $this->load->view('forget');
}
}
