public static function checkLogin() { // self::$LOGIN_COUNT = (int)authcode(get_cookie('iCMS_LOGIN_COUNT'),'DECODE'); // if(self::$LOGIN_COUNT>iCMS_LOGIN_COUNT) exit(); $a = iS::escapeStr($_POST['username']); $p = iS::escapeStr($_POST['password']); $ip = iPHP::getIp(); $sep = iPHP_AUTH_IP ? '#=iCMS[' . $ip . ']=#' : '#=iCMS=#'; if (empty($a) && empty($p)) { $auth = iPHP::get_cookie(self::$AUTH); list($a, $p) = explode($sep, authcode($auth, 'DECODE')); return self::check($a, $p); } else { $p = md5($p); $crs = self::check($a, $p); iDB::query("UPDATE `#iCMS@__members` SET `lastip`='" . $ip . "',`lastlogintime`='" . time() . "',`logintimes`=logintimes+1 WHERE `uid`='" . self::$userid . "'"); iPHP::set_cookie(self::$AUTH, authcode($a . $sep . $p, 'ENCODE')); self::$AJAX && iPHP::json(array('code' => 1)); return $crs; } }
function do_save() { $uid = (int) $_POST['uid']; $gender = (int) $_POST['gender']; $type = $_POST['type']; $username = iS::escapeStr($_POST['uname']); $nickname = iS::escapeStr($_POST['nickname']); $realname = iS::escapeStr($_POST['realname']); $power = $_POST['power'] ? json_encode($_POST['power']) : ''; $cpower = $_POST['cpower'] ? json_encode($_POST['cpower']) : ''; $gid = 0; $info = array(); $info['icq'] = iS::escapeStr($_POST['icq']); $info['home'] = iS::escapeStr($_POST['home']); $info['year'] = intval($_POST['year']); $info['month'] = intval($_POST['month']); $info['day'] = intval($_POST['day']); $info['from'] = iS::escapeStr($_POST['from']); $info['signature'] = iS::escapeStr($_POST['signature']); $info = addslashes(serialize($info)); $_POST['pwd'] && ($password = md5($_POST['pwd'])); $username or iPHP::alert('账号不能为空'); if (iACP::is_superadmin()) { $gid = (int) $_POST['gid']; } else { isset($_POST['gid']) && iPHP::alert('您没有权限更改角色'); } $fields = array('gid', 'gender', 'username', 'nickname', 'realname', 'power', 'cpower', 'info'); $data = compact($fields); if (empty($uid)) { iDB::value("SELECT `uid` FROM `#iCMS@__members` where `username` ='{$username}' LIMIT 1") && iPHP::alert('该账号已经存在'); $_data = compact(array('password', 'regtime', 'lastip', 'lastlogintime', 'logintimes', 'post', 'type', 'status')); $_data['regtime'] = time(); $_data['lastip'] = iPHP::getIp(); $_data['lastlogintime'] = time(); $_data['status'] = '1'; $data = array_merge($data, $_data); iDB::insert('members', $data); $msg = "账号添加完成!"; } else { iDB::value("SELECT `uid` FROM `#iCMS@__members` where `username` ='{$username}' AND `uid` !='{$uid}' LIMIT 1") && iPHP::alert('该账号已经存在'); iDB::update('members', $data, array('uid' => $uid)); $password && iDB::query("UPDATE `#iCMS@__members` SET `password`='{$password}' WHERE `uid` ='" . $uid . "'"); $msg = "账号修改完成!"; } iPHP::success($msg, 'url:' . APP_URI); }
public function ACTION_report() { $this->auth or iPHP::code(0, 'iCMS:!login', 0, 'json'); $iid = (int) $_POST['iid']; $uid = (int) $_POST['userid']; $appid = (int) $_POST['appid']; $reason = (int) $_POST['reason']; $content = iS::escapeStr($_POST['content']); $iid or iPHP::code(0, 'iCMS:error', 0, 'json'); $uid or iPHP::code(0, 'iCMS:error', 0, 'json'); $reason or $content or iPHP::code(0, 'iCMS:report:empty', 0, 'json'); $addtime = time(); $ip = iPHP::getIp(); $userid = user::$userid; $status = 0; $fields = array('appid', 'userid', 'iid', 'uid', 'reason', 'content', 'ip', 'addtime', 'status'); $data = compact($fields); $id = iDB::insert('user_report', $data); iPHP::code(1, 'iCMS:report:success', $id, 'json'); }
public function ACTION_add() { if (!iCMS::$config['comment']['enable']) { iPHP::code(0, 'iCMS:comment:close', 0, 'json'); } iPHP::app('user.class', 'static'); user::get_cookie() or iPHP::code(0, 'iCMS:!login', 0, 'json'); $seccode = iS::escapeStr($_POST['seccode']); if (iCMS::$config['comment']['seccode']) { iPHP::seccode($seccode, true) or iPHP::code(0, 'iCMS:seccode:error', 'seccode', 'json'); } iPHP::app('user.msg.class', 'static'); $appid = (int) $_POST['appid']; $iid = (int) $_POST['iid']; $cid = (int) $_POST['cid']; $suid = (int) $_POST['suid']; $reply_id = (int) $_POST['id']; $reply_uid = (int) $_POST['userid']; $reply_name = iS::escapeStr($_POST['name']); $title = iS::escapeStr($_POST['title']); $content = iS::escapeStr($_POST['content']); $iid or iPHP::code(0, 'iCMS:article:empty_id', 0, 'json'); $content or iPHP::code(0, 'iCMS:comment:empty', 0, 'json'); $fwd = iCMS::filter($content); $fwd && iPHP::code(0, 'iCMS:comment:filter', 0, 'json'); $appid or $appid = iCMS_APP_ARTICLE; $addtime = $_SERVER['REQUEST_TIME']; $ip = iPHP::getIp(); $userid = user::$userid; $username = user::$nickname; $status = iCMS::$config['comment']['examine'] ? '0' : '1'; $up = '0'; $down = '0'; $quote = '0'; $floor = '0'; $fields = array('appid', 'cid', 'iid', 'suid', 'title', 'userid', 'username', 'content', 'reply_id', 'reply_uid', 'reply_name', 'addtime', 'status', 'up', 'down', 'ip', 'quote', 'floor'); $data = compact($fields); $id = iDB::insert('comment', $data); iDB::query("UPDATE `#iCMS@__article` SET comments=comments+1 WHERE `id` ='{$iid}' limit 1"); user::update_count($userid, 1, 'comments'); if (iCMS::$config['comment']['examine']) { iPHP::code(0, 'iCMS:comment:examine', $id, 'json'); } iPHP::code(1, 'iCMS:comment:success', $id, 'json'); }