} $_COOKIE = addslashes_deep($_COOKIE); $_REQUEST = addslashes_deep($_REQUEST); } if (PHP_VERSION >= '5.1' && !empty($timezone)) { date_default_timezone_set($timezone); } require ROOT_PATH . 'includes/cls_mysql.php'; $db = new cls_mysql($db_host, $db_user, $db_password, $db_name); $db_host = $db_user = $db_password = $db_name = NULL; $smarty = new Smarty(); $smarty->debugging = false; $smarty->caching = 2; $smarty->config_load('xjoj.conf'); $login_user = array(); session_start(); ob_start(); if (isset($_COOKIE['user_id']) && !empty($_COOKIE['user_id'])) { $sql = "select * from author where password='******'password']}' and user_id='{$_COOKIE['user_id']}'"; //使用建立缓存的sql查询 $login_user = $db->getRow($sql); if (empty($login_user['user_id'])) { setcookie('user_id', ''); setcookie('password', ''); $login_user = array(); } } $smarty->assign('login_user', $login_user); ?>
include_once ROOT_PATH . 'includes/cls_json.php'; $ucdb = new cls_mysql(UC_DBHOST, UC_DBUSER, UC_DBPW, UC_DBNAME, UC_DBCHARSET); $json = new JSON(); $result = array('error' => 0, 'message' => ''); $maxuid = intval($ucdb->getOne("SELECT MAX(uid)+1 FROM " . UC_DBTABLEPRE . "members LIMIT 1")); $merge_method = intval($_POST['merge']); $merge_uid = array(); $uc_uid = array(); $repeat_user = array(); $query = $db->query("SELECT * FROM " . $ecs->table('users') . " ORDER BY `user_id` ASC"); while ($data = $db->fetch_array($query)) { $salt = rand(100000, 999999); $password = md5($data['password'] . $salt); $data['username'] = addslashes($data['user_name']); $lastuid = $data['user_id'] + $maxuid; $uc_userinfo = $ucdb->getRow("SELECT `uid`, `password`, `salt` FROM " . UC_DBTABLEPRE . "members WHERE `username`='{$data['username']}'"); if (!$uc_userinfo) { $ucdb->query("INSERT LOW_PRIORITY INTO " . UC_DBTABLEPRE . "members SET uid='{$lastuid}', username='******'username']}', password='******', email='{$data['email']}', regip='{$data['regip']}', regdate='{$data['regdate']}', salt='{$salt}'", 'SILENT'); $ucdb->query("INSERT LOW_PRIORITY INTO " . UC_DBTABLEPRE . "memberfields SET uid='{$lastuid}'", 'SILENT'); } else { if ($merge_method == 1) { if (md5($data['password'] . $uc_userinfo['salt']) == $uc_userinfo['password']) { $merge_uid[] = $data['user_id']; $uc_uid[] = array('user_id' => $data['user_id'], 'uid' => $uc_userinfo['uid']); continue; } } $ucdb->query("REPLACE INTO " . UC_DBTABLEPRE . "mergemembers SET appid='" . UC_APPID . "', username='******'username']}'", 'SILENT'); $repeat_user[] = $data; } }
if ($data["Auto_increment"]) { $maxuid = $data["Auto_increment"] - 1; } else { $maxuid = 0; } $merge_method = intval($_POST['merge']); $merge_uid = array(); $uc_uid = array(); $repeat_user = array(); $query = $db->query("SELECT * FROM " . $ecs->table('users') . " ORDER BY `user_id` ASC"); while ($data = $db->fetch_array($query)) { $salt = rand(100000, 999999); $password = md5($data['password'] . $salt); $data['username'] = addslashes($data['user_name']); $lastuid = $data['user_id'] + $maxuid; $uc_userinfo = $ucdb->getRow("SELECT `uid`, `password`, `salt` FROM " . $cfg['db_pre'] . "members WHERE `username`='{$data['username']}'"); if (!$uc_userinfo) { $ucdb->query("INSERT LOW_PRIORITY INTO " . $cfg['db_pre'] . "members SET uid='{$lastuid}', username='******'username']}', password='******', email='{$data['email']}', regip='{$data['regip']}', regdate='{$data['regdate']}', salt='{$salt}'", 'SILENT'); $ucdb->query("INSERT LOW_PRIORITY INTO " . $cfg['db_pre'] . "memberfields SET uid='{$lastuid}'", 'SILENT'); } else { if ($merge_method == 1) { if (md5($data['password'] . $uc_userinfo['salt']) == $uc_userinfo['password']) { $merge_uid[] = $data['user_id']; $uc_uid[] = array('user_id' => $data['user_id'], 'uid' => $uc_userinfo['uid']); continue; } } $ucdb->query("REPLACE INTO " . $cfg['db_pre'] . "mergemembers SET appid='" . UC_APPID . "', username='******'username']}'", 'SILENT'); $repeat_user[] = $data; } }
} if (isset($_SERVER['PHP_SELF'])) { $_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF']); } if (!defined('INIT_NO_SMARTY')) { header('Cache-control: private'); header('Content-type: text/html; charset=' . EC_CHARSET); /* 创建 Smarty 对象。*/ require ROOT_PATH . 'includes/cls_template.php'; $smarty = new cls_template(); /*获取代理商关联user_id add by hg for date 2014-04-01*/ $agency_where = agency_goods(); $agency_user_id_arr = explode(' ', $agency_where); $agency_user_id = $agency_user_id_arr[2]; if ($agency_user_id) { $user_tpl = $db->getRow("select agency_template from " . $ecs->table('admin_user') . " where agency_user_id = {$agency_user_id}"); } else { $user_tpl = $db->getRow("select agency_template from " . $ecs->table('admin_user') . " where agency_user_id is null or action_list = 'all'"); } if (!empty($user_tpl['agency_template'])) { //反序列化 $user_tpl = unserialize($user_tpl['agency_template']); $_CFG['template'] = $user_tpl['tpl_name']; $_CFG['stylename'] = $user_tpl['tpl_fg']; } else { } //清理模板 clear_all_files(); /*end*/ $smarty->cache_lifetime = $_CFG['cache_time']; $smarty->template_dir = ROOT_PATH . 'themes/' . $_CFG['template'];
} } else { login_display("账号不正确"); } } else { //管理员正常登陆逻辑, 包括班主任(班级管理员) $sql = "SELECT `ec_salt` FROM " . $ecs->table('admin_user') . "WHERE user_name = '" . $_POST['username'] . "'"; $ec_salt = $db->getOne($sql); if (!empty($ec_salt)) { /* 检查密码是否正确 */ $sql = "SELECT * " . " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username'] . "' AND password = '******'password']) . $ec_salt) . "'"; } else { /* 检查密码是否正确 */ $sql = "SELECT * " . " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username'] . "' AND password = '******'password']) . "'"; } $row = $db->getRow($sql); if ($row) { if (!$row["is_active"]) { login_display("此用户已经被注销,请联系超级管理员激活"); } if (empty($row['ec_salt'])) { $ec_salt = rand(1, 9999); $new_possword = md5(md5($_POST['password']) . $ec_salt); $db->query("UPDATE " . $ecs->table('admin_user') . " SET ec_salt='" . $ec_salt . "', password='******'" . " WHERE user_id='{$_SESSION['admin_id']}'"); } // 更新最后登录时间和IP $db->query("UPDATE " . $ecs->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'"); } else { login_display("账号或密码不正确"); } //TODO
} else { error_reporting(E_ALL ^ (E_NOTICE | E_WARNING)); } if ((DEBUG_MODE & 4) == 4) { include ROOT_PATH . 'includes/lib.debug.php'; } /* 判断是否支持 Gzip 模式 */ if (!defined('INIT_NO_SMARTY') && gzip_enabled()) { ob_start('ob_gzhandler'); } else { ob_start(); } $smarty->assign('open_team', $_CFG['open_team']); $smarty->assign('shop_name', $_CFG['shop_name']); $smarty->assign('HTTP_HOST', $_SERVER['HTTP_HOST']); $weixin_config_rows = $db->getRow("select * from " . $hhs->table('weixin_config') . ""); $appid = $weixin_config_rows['appid']; $appsecret = $weixin_config_rows['appsecret']; include ROOT_PATH . 'wxpay/class_weixin.php'; setcookie("appid", $appid); setcookie("appsecret", $appsecret); if (isset($_GET['code'])) { $back_openid_arr = get_openid($appid, $appsecret, $_GET['code']); //var_dump($back_openid_arr);exit(); $_SESSION['xaphp_sopenid'] = $back_openid_arr['openid']; $_SESSION['A_token'] = $back_openid_arr['access_token']; //$access_token=$back_openid_arr['access_token']; $pattern1 = '/[\\?]code=[^&]*/i'; $pattern2 = "/&code=[^&]*/i"; $uri = preg_replace($pattern1, '', $_SERVER['REQUEST_URI']); $uri = preg_replace($pattern2, '', $uri);