public function checkLogin() { $Member = D('Member'); $username = trim(dhtml($_POST['username'])); $password = trim(dhtml($_POST['password'])); $seccode = trim($_POST['seccode']); if ($username == '') { $this->error('用户名不能为空!!!'); } elseif ($password == '') { $this->error('密码不能为空!!!'); } elseif (md5($seccode) != Session::get('verify')) { $this->error('验证码错误!!!'); } $map = array(); $map["username"] = $username; $user = $Member->find($map); if (false === $user) { $this->error('用户名不存在!!!'); } else { if ($user['password'] != md5($password)) { $this->error('密码错误!!!'); } if ($user['ischecked'] != 1) { $this->error('用户被锁定'); } if ($user['groupid'] == 2) { $this->error('用户组被限制登录系统,请联系管理员'); } Session::set(C('USER_AUTH_KEY'), $user['id']); Session::set('username', $user['username']); Session::set('groupid', $user['groupid']); $this->redirect('index', 'Index'); } }
function dhtml($string) { if (is_array($string)) { foreach ($string as $key => $val) { $string[$key] = dhtml($val); } } else { $string = str_replace(array('"', '\'', '<', '>', "\t", "\r", '{', '}'), array('"', ''', '<', '>', ' ', '', '{', '}'), $string); } return $string; }
public function checkLogin() { if ($_SESSION['verify'] !== md5($_POST['seccode'])) { $this->error('验证码不正确', __GROUP__ . '/Login'); exit; } $username = isset($_POST['username']) ? dhtml($_POST['username']) : ''; $pwd = isset($_POST['password']) ? dhtml($_POST['password']) : ''; $list = M("Admin")->where("name='" . $username . "'")->find(); if ($list) { if (md5($pwd) == $list['pwd']) { $_SESSION['ok'] = 'true'; $_SESSION['roleid'] = $list['roleid']; $_SESSION['name'] = $list['name']; $this->success("登陆成功", __GROUP__ . "/Index/"); } else { $this->error('用户或密码不正确', __GROUP__ . '/Login'); } } else { $this->error('用户或密码不正确', __GROUP__ . '/Login'); } }
public function deluser() { $id = isset($_POST['id']) ? dhtml($_POST['id']) : ''; if (!empty($id)) { $arr = explode(',', $id); if (count($arr) > 1) { foreach ($arr as $id) { if ($id !== '1') { echo "删除失败"; } else { $query = D('Admin')->where("id='" . $id . "'")->delete(); } } } else { if ($id == '1') { echo "删除失败"; } else { $query = D('Admin')->where("id='" . $id . "'")->delete(); } } if ($query) { echo "删除成功"; } else { echo "删除失败"; } } else { echo "删除失败"; } }
public function savesort() { $method = dhtml($_GET['method']); if (empty($method)) { $this->error('', __URL__ . '/prosort'); } $DB = D('procates'); if (!$DB->create()) { $this->error($DB->getError(), __URL__ . '/prosort'); } else { switch ($method) { case "add": $query = $DB->add(); $this->_jump($query, "prosort"); break; case "edit": $query = $DB->save(); $this->_jump($query, "prosort", "edit"); break; } } }
public function control() { $model = isset($_GET['model']) ? dhtml($_GET['model']) : ""; if (empty($model)) { $this->redirect('Index/main'); } $DB = D("" . $model . ""); $method = isset($_GET['method']) ? dhtml($_GET['method']) : ''; if (empty($method)) { $this->error('', __URL__ . '/model/' . $model); } if ($method == "edit") { $id = isset($_GET['id']) ? intval($_GET['id']) : ""; if (!$id) { $this->error(L('IDNULL'), __URL__ . '/model/' . $model); } $list = $DB->where("id={$id}")->find(); $this->assign('list', $list); } $columns = $DB->query("show columns from " . C('DB_PREFIX') . "{$model}"); unset($columns[0]); $this->assign('columns', $columns); $this->assign('method', $method); $this->assign('model', $model); $this->display(); }
public function _save() { $model = isset($_GET['model']) ? dhtml($_GET['model']) : ""; if (empty($model)) { $this->redirect('Index/main'); } $DB = D("" . $model . ""); $method = dhtml($_GET['method']); if (empty($method)) { $this->error('', __URL__ . '/' . $model); } //$DB=new TeamModel('team'); if (!$DB->create()) { $this->error($DB->getError(), __URL__ . '/' . $model); } else { $module = "img"; $path = date("Ymd"); switch ($method) { case "add": if (!empty($_FILES['pic']['name'])) { $pic = $this->_upload($module, $path); $img = $pic[0]['savepath'] . $pic[0]['savename']; $DB->pic = $img; } $query = $DB->add(); $this->_jump($query, "_list/model/{$model}"); break; case "edit": if (!empty($_FILES['pic']['name'])) { $pic = $this->_upload($module, $path); $img = $pic[0]['savepath'] . $pic[0]['savename']; $DB->pic = $img; } $query = $DB->save(); $this->_jump($query, "_list/model/{$model}", "edit"); break; } } }
public function saveeditsort() { $title = isset($_POST['title']) ? dhtml($_POST['title']) : ''; $ID = is_numeric($_POST['id']) ? $_POST['id'] : ''; if (empty($ID)) { $this->error(L('ID') . L('NULL'), __URL__ . '/imgsort'); } if (empty($title)) { $this->error(L('IDNAME') . L('NULL'), __URL__ . '/imgsort'); } if (!empty($_FILES['picpaths']['name'])) { $path = date("Ymd"); $file = $this->_upload('img', $path); $picpaths = $file[0]['savepath'] . $file[0]['savename']; $data = array('title' => $title, 'picpaths' => $picpaths); } else { $data = array('title' => $title); } $where = array('id' => $ID); $query = D('procates')->where($where)->save($data); if ($query) { $this->success(L('EDITSUCCESS'), __URL__ . '/imgsort'); } else { $this->error(L('EDITFAILURE'), __URL__ . '/imgsort'); } }