function m__edit_my_pass() { global $dbm; $_POST = helper::sqlxss($_POST); $sql = "select apass from " . TB_PREFIX . "admin_list where admin_id='{$_SESSION['admin']['admin_id']}' limit 1"; $rs = $dbm->query($sql); if (count($rs['list']) == 0) { die('{"code":"1","msg":"登录状态可能已失效,请重新登录"}'); } $_POST['upassnew'] = isset($_POST['upassnew']) ? $_POST['upassnew'] : ''; $_POST['new_upass'] = isset($_POST['new_upass']) ? $_POST['new_upass'] : ''; $_POST['re_upass'] = isset($_POST['re_upass']) ? $_POST['re_upass'] : ''; $verify = verify::verify_upass($_POST['new_upass']); if ($rs['list'][0]['apass'] != helper::password_encrypt($_POST['upassnew'])) { die('{"code":"1","msg":"原密码输入不正确","id":"upassnew"}'); } if ($verify != '') { die('{"code":"1","msg":"' . $verify . '","id":"new_upass"}'); } if ($_POST['new_upass'] != $_POST['re_upass']) { die('{"code":"1","msg":"新密码输入不一致","id":"new_upass"}'); } $fields['apass'] = helper::password_encrypt($_POST['new_upass']); $dbm->single_update(TB_PREFIX . "admin_list", $fields, "admin_id='{$_SESSION['admin']['admin_id']}'"); die('{"code":"0","msg":"密码修改成功"}'); }
function m__login() { global $dbm; $_POST = helper::sqlxss($_POST); $_POST['uname'] = isset($_POST['uname']) ? $_POST['uname'] : ''; $verify = verify::verify_length($_POST['uname'], 1, 20); if ($verify != '') { die('{"code":"1","msg":"账号' . $verify . '","id":"uname"}'); } $_POST['upass'] = isset($_POST['upass']) ? $_POST['upass'] : ''; $verify = verify::verify_upass($_POST['upass']); if ($verify != '') { die('{"code":"1","msg":"' . $verify . '","id":"uname","id":"upass"}'); } $_POST['code'] = isset($_POST['code']) ? $_POST['code'] : ''; $_POST['safecode'] = isset($_POST['safecode']) ? $_POST['safecode'] : ''; if ($_POST['safecode'] != SAFE_CODE) { die('{"code":"1","msg":"安全码错误","id":"safecode"}'); } if ($_SESSION['login'] != md5(strtoupper($_POST['code']))) { die('{"code":"1","msg":"验证码错误","id":"code"}'); } $sql = "select a.*,b.g_urank,b.g_name from " . TB_PREFIX . "admin_list a left join " . TB_PREFIX . "admin_group b on a.group_id=b.group_id where aname='" . $_POST['uname'] . "' limit 1"; $rs = $dbm->query($sql); //print_r($rs); if (count($rs['list']) == 0) { die('{"code":"1","msg":"账号不存在","id":"uname"}'); } if ($rs['list'][0]['apass'] != helper::password_encrypt($_POST['upass'])) { die('{"code":"1","msg":"密码错误","id":"upass"}'); } if ($rs['list'][0]['astate'] != 0) { die('{"code":"1","msg":"账号异常","id":"uname"}'); } // 登陆成功 $_SESSION['admin']["admin_id"] = $rs['list'][0]['admin_id']; $_SESSION['admin']["aname"] = $rs['list'][0]['aname']; $_SESSION['admin']["aname_true"] = $rs['list'][0]['aname_true']; $_SESSION['admin']["group_id"] = $rs['list'][0]['group_id']; $_SESSION['admin']['group_level'] = $rs['list'][0]['g_urank']; $_SESSION['admin']['gname'] = $rs['list'][0]['g_name']; $_SESSION['admin']["alevel"] = $_SESSION['admin']['group_level'] . ',|,' . $rs['list'][0]['alevel']; logs($_SESSION['admin']["aname"] . "登陆成功"); die('{"code":"0","msg":"登录成功"}'); }
function m__edit() { global $dbm; check_level("B0202"); $params = array(); foreach ($_POST as $k => $v) { if (strpos($k, 'pass') > 0) { } else { $_POST[$k] = helper::sqlxss($v); } } $fields['aname'] = isset($_POST['aname']) ? $_POST['aname'] : ''; $verify = verify::verify_uname($fields['aname']); if ($verify != '') { die('{"code":"1","msg":"' . $verify . '","id":"aname"}'); } $_POST['apass'] = isset($_POST['apass']) ? $_POST['apass'] : ''; $_POST['re_pass'] = isset($_POST['re_pass']) ? $_POST['re_pass'] : ''; $fields['aname_true'] = isset($_POST['aname_true']) ? $_POST['aname_true'] : ''; $fields['aemail'] = isset($_POST['aemail']) ? $_POST['aemail'] : ''; $fields['aphone'] = isset($_POST['aphone']) ? $_POST['aphone'] : ''; $fields['group_id'] = isset($_POST['group_id']) ? intval($_POST['group_id']) : 0; $_POST['admin_id'] = isset($_POST['admin_id']) ? intval($_POST['admin_id']) : 0; if ($fields['group_id'] == 0) { die('{"code":"1","msg":"请选择管理组","id":"group_id"}'); } if ($_POST['admin_id'] > 0) { if ($_POST['apass'] != '') { $verify = verify::verify_upass($_POST['apass']); if ($verify != '') { die('{"code":"1","msg":"' . $verify . '","id":"apass"}'); } if ($_POST['apass'] != $_POST['re_pass']) { die('{"code":"1","msg":"两次密码输入不一致","id":"apass"}'); } $fields['apass'] = helper::password_encrypt($_POST['apass']); } $where = " admin_id ='" . $_POST['admin_id'] . "'"; $rs = $dbm->single_update(TB_PREFIX . "admin_list", $fields, $where); if ($rs['error'] == '') { logs("编辑CMS账号资料成功:{$_POST['aname']}"); die('{"code":"0","msg":"编辑账号成功"}'); } die('{"code":"1","msg":"编辑账号失败,请核实后再编辑"}'); } else { // 添加账号 $verify = verify::verify_upass($_POST['apass']); if ($verify != '') { die('{"code":"1","msg":"' . $verify . '","id":"apass"}'); } if ($_POST['apass'] != $_POST['re_pass']) { die('{"code":"1","msg":"两次密码输入不一致","id":"apass"}'); } $fields['apass'] = helper::password_encrypt($_POST['apass']); $where = " aname='" . $_POST['aname'] . "'"; $a = $dbm->single_query(array('where' => $where, 'table_name' => TB_PREFIX . "admin_list")); if (count($a['list']) > 0) { die('{"code":"1","msg":"账号名不能重复","id":"aname"}'); } $fields['reg_date'] = time(); $fields['astate'] = 0; $rs = $dbm->single_insert(TB_PREFIX . "admin_list", $fields); if ($rs['error'] == '') { logs("添加账号成功:{$_POST['aname']}"); die('{"code":"0","msg":"添加账号成功"}'); } die('{"code":"1","msg":"添加账号失败,请核实后再添加"}'); } }