Esempio n. 1
0
 public function verify()
 {
     if (!IsGet('key') or !IsGet('sid')) {
         $this->out('邮件验证参数非法!');
     }
     $key = ForceStringFrom('key');
     $sid = ForceStringFrom('sid');
     if (!$key or !$sid) {
         $this->out('邮件验证参数非法!');
     }
     $email = base64_decode($key);
     if (!IsEmail($email)) {
         $this->out('Email地址非法!');
     }
     if (!($user = APP::$DB->getOne("SELECT u.aid, u.username, u.password, u.fullname, u.verifycode FROM " . TABLE_PREFIX . "admin u WHERE u.email = '{$email}' AND u.activated = 1"))) {
         $this->out('Email地址不存在!');
     } else {
         $code = md5($user['fullname'] . WEBSITE_KEY . $user['password'] . $user['verifycode']);
         if ($sid != $code) {
             $this->out('链接请求的验证码错误!');
         }
         $newpass = PassGen(8);
         $backend_url = BASEURL . ADMINDIR . '/';
         $subject = '您的新密码 -- ' . APP::$_CFG['Title'];
         $content = "{$user['fullname']}:<br><br>您好! <br><br>您的登录名是: {$user['username']}<br>您的新密码是:{$newpass}<br><br>";
         $content .= "请点击以下链接登录后台管理:<br><br><a href=\"{$backend_url}\" target=\"_blank\">{$backend_url}</a><br><br>";
         if (SendMail($email, $subject, $content) === true) {
             //邮件发送成功后才更新用户密码, 清空验证码防止重复点击邮件中更新密码的链接
             APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET password    = '******', verifycode = '' WHERE aid = '{$user['aid']}'");
             $this->out('新密码已发送到您的邮箱, 请查收!', 0);
         } else {
             $this->out('发送邮件失败! 请尝试刷新当前页面.');
         }
     }
 }
Esempio n. 2
0
function LogIn()
{
    ini_set('display_errors', 1);
    global $logininfo, $DB, $_CFG, $lang;
    $vvckey = PassGen(8);
    echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<title>' . SITE_TITLE . '</title>
	<link rel="stylesheet" type="text/css" href="templates/support.css">
	<link rel="shortcut icon" href="favicon.ico" />
	<script type="text/javascript">
	function setSafeCookie() {
		document.cookie = "safecookieF' . $vvckey . COOKIE_KEY . '=' . md5($_CFG['cKillRobotCode'] . $vvckey) . '; path=/";
	}
	</script>
	</head>
	<body onLoad="document.forms.frontlogin.loginusername.focus();">
	<div class="login">
	<form action="index.php" method="post" name="frontlogin">
	<input type="hidden" name="vvckey" value="' . $vvckey . '">
	<h3 class="title">' . $lang['login_title'] . '</h3>
	' . Iif($logininfo, '<div class="info">' . $logininfo . '</div>') . '
	<ul>
	<li><label>' . $lang['name'] . ':</label><input type="text" class="input-text" name="loginusername"></li>
	<li><label>' . $lang['password'] . ':</label><input type="password" class="input-text" name="loginpassword"></li>
	</ul>
	<div class="submit">
	<input type="submit" onclick="setSafeCookie();return true;" value="' . $lang['login'] . '" class="button" />
	</div>
	<div class="copyright">&copy; ' . date("Y") . ' <a href="' . APP_URL . '" target="_blank">' . APP_NAME . '</a></div>
	</form>
	</div>
	</body>
	</html>';
    exit;
}
Esempio n. 3
0
                } else {
                    $SYSDIR = '/';
                }
                $BaseURL = "http://" . $_SERVER['HTTP_HOST'] . $SYSDIR;
                $filename = ROOT . "config/settings.php";
                $fp = @fopen($filename, 'rb');
                $contents = @fread($fp, filesize($filename));
                @fclose($fp);
                $contents = trim($contents);
                $contents = preg_replace("/[\$]_CFG\\['BaseUrl'\\]\\s*\\=\\s*[\"'].*?[\"'];/is", "\$_CFG['BaseUrl'] = \"{$BaseURL}\";", $contents);
                $contents = preg_replace("/[\$]_CFG\\['AppVersion'\\]\\s*\\=\\s*[\"'].*?[\"'];/is", "\$_CFG['AppVersion'] = \"{$WeLiveVersion}\";", $contents);
                $fp = @fopen($filename, 'w');
                @fwrite($fp, $contents);
                @fclose($fp);
                // write config file last off in case installation fails
                $configfile = "<?php if(!defined('ROOT')) die('Access denied.');\n\n\$servername  = '{$servername}';\n\$dbname      = '{$dbname}';\n\$dbusername  = '******';\n\$dbpassword  = '******';\n\ndefine('TABLE_PREFIX', '{$tableprefix}');\ndefine('COOKIE_KEY', '" . PassGen(12) . "');\ndefine('WEBSITE_KEY', '" . PassGen(12) . "');\ndefine('SYSDIR', '{$SYSDIR}');\n\n?>";
                // write the config file
                $filenum = fopen(ROOT . "config/config.php", "w");
                ftruncate($filenum, 0);
                fwrite($filenum, $configfile);
                fclose($filenum);
                echo '<font class=red>恭喜: 您的WeLive在线客服系统 安装成功!</font><br /><br />请在删除WeLive安装目录(./install/)后继续!
					<br /><br />
					1).&nbsp;<a href="../demo.html" target="_blank"><b>浏览加载WeLive的演示页面!</b></a>
					<br /><br />
					2).&nbsp;<a href="../admin/" target="_blank"><b>点击这里进入后台管理!</b></a><br /><br />';
            }
        }
    }
}
// ############################### INSTALL FORM ################################
Esempio n. 4
0
//正式开始
$a = intval($_GET['a']);
if ($a !== 321456978) {
    die('Access denied.');
}
//简单地防止直接访问当前文件(并不重要)
$fromurl = trim($_GET['url']);
$json = new JSON();
//将语言转换成js对象
$smilies = '';
//表情图标
for ($i = 0; $i < 24; $i++) {
    $smilies .= '<img src="' . SYSDIR . 'public/smilies/' . $i . '.png" onclick="insertSmilie(' . $i . ');">';
}
$agent = encodeChar(get_userAgent($_SERVER['HTTP_USER_AGENT']));
$key = PassGen(8);
$code = authcode(md5(WEBSITE_KEY . $_CFG['KillRobotCode']), 'ENCODE', $key, 3600);
//60分钟过期(60分钟后断线重连将失败)
$code = encodeChar($code);
//先将&转换成特殊字符串||4||
header_nocache();
//不缓存
header('P3P: CP=CAO PSA OUR');
//解决IE下iframe cookie问题
$headimgurl = $_SESSION['wx_user']['headimgurl'] ? $_SESSION['wx_user']['headimgurl'] : 'images/var_img.png';
echo '<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" href="public/guest.css?r=1212">
<link rel="stylesheet" type="text/css" href="public/jquery.tipTip.css">
Esempio n. 5
0
<script>
    $(document).ready(function(){
        UploadFile("ClubEditphoto");
    });
</script>

        <form method="post" enctype="multipart/form-data">
    <input type="hidden" name='uniq' value="<?php 
echo PassGen();
?>
">
    <input type="hidden" name='action' value="ProductSave">
    <input type="hidden" name='category_id' value="<?php 
echo $_GET['category_id'];
?>
">
    <input type="hidden" name='MyImages' value="0" id="MyImages">
    <input type="hidden" name="MainImg" value="0">
    <input type="hidden" name="MainRow" value="0">
    <div class="admin_product">
    <div class="left">

        <div class="admin_product_images">

        <div class="MyImages" pricen='0' style="display: none;">


            <!-- The container for the uploaded files -->
            <div id="files" class="files"></div>

            <input type="hidden" class="form-control" name="ClubEditphoto" id="ClubEditphoto" placeholder="">
Esempio n. 6
0
    /**
     * private 输出用户登录窗口 login
     */
    private function login()
    {
        $info = '';
        if (IsPost('submit')) {
            $info = $this->check();
        }
        $info = Iif($info, "<font color='#ff3300'>{$info}</font>", '请输入用户名和密码.');
        $key = PassGen(8);
        $code = authcode(md5(WEBSITE_KEY), 'ENCODE', $key, 1800);
        $cookievalue = md5(WEBSITE_KEY . $key . APP::$_CFG['KillRobotCode']);
        echo '<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>' . APP_NAME . ' - 管理登录</title>
<link rel="stylesheet" type="text/css" href="' . SYSDIR . 'public/login.css">
</head>
<body>
<div id="logo">
	<img src="' . SYSDIR . 'public/img/logo-login.png" alt="' . APP_NAME . '"> 
</div>
<div id="login">
	<form id="loginform" action="" method="post">
		<input type="hidden" name="key" value="' . $key . '">
		<input type="hidden" name="code" value="' . $code . '">
		<p id="info">' . $info . '</p>
		<div class="control-group">
			<span class="icon-user"></span><input name="username" placeholder="Username" type="text" autocomplete="off">
		</div>

		<div class="control-group">
			<span class="icon-lock"></span><input name="password" placeholder="Password" type="password">
		</div>

		<div class="remember-me">
				<input name="remember" value="1" type="checkbox" id="rm"><label for="rm"> 记住我</label>
				<a href="" id="forget-password">忘记密码?</a>
		</div>

		<div class="login-btn">
			<input id="login-btn" value="登 录" type="submit" name="submit" onclick="setSafeCookie();return true;">
		</div>
	</form>

	<form id="forgotform" class="hide">
		<input type="hidden" name="key" value="' . $key . '">
		<input type="hidden" name="code" value="' . $code . '">
		<p id="info2">请输入Email地址找回密码.</p>
		<div class="control-group">
			<span class="icon-mail"></span><input name="email" placeholder="Email" type="text" autocomplete="off">
		</div>

		<div class="login-btn forget-btn">
			<input id="forget-btn" value="提 交" type="submit">
		</div>
	</form>

</div>

<div id="login-copyright">
	' . date("Y") . ' &copy; ' . APP_NAME . ' <a href="' . APP_URL . '" target="_blank">weentech.com</a>
</div>

<script src="' . SYSDIR . 'public/jquery191.js" type="text/javascript"></script>   
<script>
function setSafeCookie() {
	document.cookie = "' . COOKIE_SAFE . '=' . $cookievalue . '; path=/";
}

$(function(){
	$("#logo").css("margin-top", ($(window).height()-460)/2+"px");
	$("input[name=\'username\']").focus();

	$("#forget-password").click(function (e) {
		$("#loginform").hide();
		$("#forgotform").show(200);
		e.preventDefault();
	});

	$("#forget-btn").click(function (e) {
		var form_data =  $("#forgotform").serialize();
		var shower = $("#info2");
		setSafeCookie	(); //设置安全cookie

		$.ajax({
			url: "' . BURL('getpass/check') . '",
			data: form_data,
			type: "post",
			cache: false,
			dataType: "json",
			beforeSend: function(){shower.html("<font color=#ff3300>邮件验证中...</font>");},
			success: function(data){
				if(data.s == 0){
					shower.html("<font color=#ff3300>" + data.i + "</font>"); //输出错误信息
				}else{
					shower.html("<font color=blue>" + data.i + "</font>"); //输出成功信息
				}
			},
			error: function(XHR, Status, Error) {
				shower.html("<font color=#ff3300>Ajax错误, 邮件验证请求失败!</font>"); //ajax错误
			}
		});

		e.preventDefault();
	});

});
</script>
</body>
</html>';
        exit;
        //终止程序继续运行  important !!!!!
    }
Esempio n. 7
0
 $online_users = array();
 $offline_users = array();
 foreach ($welive_onlines as $usergroup) {
     foreach ($usergroup['user'] as $user_id => $user) {
         //print_r($user);
         if ($user['type'] != 1) {
             continue;
         }
         if ($user['isonline'] == 1) {
             $online_users[$user_id] = $user;
         } else {
             $offline_users[$user_id] = $user;
         }
     }
 }
 $vvckey = PassGen(8);
 $code = null;
 if (!empty($online_users)) {
     $rand_key = array_rand($online_users);
     $selected_user = $online_users[$rand_key];
     $code = base64_encode(authcode(COOKIE_KEY . $rand_key, 'ENCODE', $vvckey, 3600));
 } elseif (!empty($offline_users)) {
     $rand_key = array_rand($offline_users);
     $selected_user = $online_users[$rand_key];
     $code = base64_encode(authcode(COOKIE_KEY . $rand_key, 'ENCODE', $vvckey, 3600));
 } else {
     die('系统没有添加客服');
 }
 /*if($selected_user['isonline'])
 	{*/
 $location_url = BASEURL . 'enter.php?uid=' . $rand_key . '&code=' . $code . '&vvckey=' . $vvckey . '&url=' . $from_url . '&cm_user_id=' . $cm_user_id;
Esempio n. 8
0
                DB_Query("INSERT INTO " . $tableprefix . "user VALUES (NULL, 2, 1, 'mszhang', 1, '" . md5($password) . "', 1, 0, '张小娟', 'Ms.Zhang', '姓名: 张小娟', 'Name: Ms. Zhang', '广告', 'Adv.', 0) ");
                DB_Query("INSERT INTO " . $tableprefix . "user VALUES (NULL, 2, 2, 'msli', 1, '" . md5($password) . "', 1, 0, '李晴晴', 'Ms.Li', '姓名: 李晴晴', 'Name: Ms. Li', '广告', 'Adv.', 0) ");
                DB_Query("INSERT INTO " . $tableprefix . "user VALUES (NULL, 3, 3, 'mrzhao', 1, '" . md5($password) . "', 1, 0, '赵利铭', 'Mr.Zhao', '姓名: 赵利铭', 'Name: Mr. Zhao', '广告', 'Adv.', 0) ");
                DB_Query("INSERT INTO " . $tableprefix . "user VALUES (NULL, 3, 4, 'mrwang', 1, '" . md5($password) . "', 1, 0, '王  炯', 'Mr.Wang', '姓名: 王  炯', 'Name: Mr. Wang', '广告', 'Adv.', 0) ");
                $filename = $rootpath . "config/settings.php";
                $fp = @fopen($filename, 'rb');
                $contents = @fread($fp, filesize($filename));
                @fclose($fp);
                $contents = trim($contents);
                $contents = preg_replace("/[\$]_CFG\\['cAppVersion'\\]\\s*\\=\\s*[\"'].*?[\"'];/is", "\$_CFG['cAppVersion'] = '{$WeLiveVersion}';", $contents);
                $contents = preg_replace("/[\$]_CFG\\['cKillRobotCode'\\]\\s*\\=\\s*[\"'].*?[\"'];/is", "\$_CFG['cKillRobotCode'] = '" . md5(microtime()) . "';", $contents);
                $fp = @fopen($filename, 'w');
                @fwrite($fp, $contents);
                @fclose($fp);
                // write config file last off in case installation fails
                $configfile = "<?php\r\n\r\n\$servername  = '{$servername}';\r\n\$dbname      = '{$dbname}';\r\n\$dbusername  = '******';\r\n\$dbpassword  = '******';\r\n\r\ndefine('WELIVE', true);\r\ndefine('TABLE_PREFIX', '" . $tableprefix . "');\r\ndefine('COOKIE_KEY', '" . PassGen(12) . "');\r\ndefine('WEBSITE_KEY', '" . PassGen(12) . "');\r\ndefine('BASEPATH', dirname(dirname(__FILE__)).'/');\r\n\r\n?>";
                // write the config file
                $filenum = fopen($rootpath . "config/config.php", "w");
                ftruncate($filenum, 0);
                fwrite($filenum, $configfile);
                fclose($filenum);
                echo '<font class=ohblueb>恭喜: 您的WeLive在线客服系统 安装成功!</font><br /><br />请在删除WeLive安装目录(./install/)后继续!
					<br /><br />
					1).&nbsp;<a href="' . $rootpath . 'demo.html" target="_blank"><b>浏览客服小面板演示页面!</b></a>
					<br /><br />
					2).&nbsp;<a href="' . $rootpath . 'index.php" target="_blank"><b>点击这里进入管理面板!</b></a><br /><br />';
            }
        }
    }
}
// ############################### INSTALL FORM ################################
Esempio n. 9
0
         } else {
             $html .= '<br /><br /><div class="content"><p>' . $lang->translate(243) . '</p></div><br /><br />';
         }
     } else {
         $html .= '<br /><br /><div class="content"><p>' . $lang->translate(243) . '</p></div><br /><br />';
     }
 } elseif (get_value_get('type') == 'wwreset') {
     $html = '<div class="paginatitel">' . $lang->translate(231) . '</div>';
     if (check_user_right(get_value_session('from_db', 'id'), 'wwreset', get_value_session('from_db', 'is_admin')) != FALSE) {
         if (get_value_session('from_db', 'id') == get_value_get('id')) {
             $html .= '<br><div class="content"><p>' . $lang->translate(233) . '</p></div>';
         } elseif (check_user_subuser(get_value_session('from_db', 'id'), get_value_get('id')) != FALSE || get_value_session('from_db', 'is_admin') == '1') {
             if (!isset($mysqli) || empty($mysqli)) {
                 create_db_connection('mysqli', 'central');
             }
             $new = PassGen();
             record_change_user(get_value_get('id'));
             $query = $mysqli->query("UPDATE `user` SET `pass` = '" . $mysqli->real_escape_string(md5($new)) . "' WHERE `id` LIKE '" . $mysqli->real_escape_string(get_value_get('id')) . "' LIMIT 1") or die($mysqli->error);
             if ($mysqli->affected_rows == "0" || $mysqli->affected_rows == "-1") {
                 $html .= '<br /><br />' . $lang->translate(233) . '<br /><br />';
             } else {
                 $subject = $lang->translate(234);
                 $body = $lang->translate(238) . "<br /><br />" . $new . "<br /><br />" . $lang->translate(239);
                 $mailfrom = get_value_session('from_db', 'email');
                 $userdata = get_userdata(get_value_get('id'));
                 $namefrom = $userdata['handelsnaam'];
                 $email = $userdata['email'];
                 send_email($email, $subject, $body, $mailfrom, $namefrom);
                 $html .= '<br /><br />' . $lang->translate(232) . '<br /><br />' . $lang->translate(237) . $new . '<br /><br />';
             }
         } else {