public function checkLogin()
{
$Member = D('Member');
$username = trim(dhtml($_POST['username']));
$password = trim(dhtml($_POST['password']));
$seccode = trim($_POST['seccode']);
if ($username == '') {
$this->error('用户名不能为空!!!');
} elseif ($password == '') {
$this->error('密码不能为空!!!');
} elseif (md5($seccode) != Session::get('verify')) {
$this->error('验证码错误!!!');
}
$map = array();
$map["username"] = $username;
$user = $Member->find($map);
if (false === $user) {
$this->error('用户名不存在!!!');
} else {
if ($user['password'] != md5($password)) {
$this->error('密码错误!!!');
}
if ($user['ischecked'] != 1) {
$this->error('用户被锁定');
}
if ($user['groupid'] == 2) {
$this->error('用户组被限制登录系统,请联系管理员');
}
Session::set(C('USER_AUTH_KEY'), $user['id']);
Session::set('username', $user['username']);
Session::set('groupid', $user['groupid']);
$this->redirect('index', 'Index');
}
}
function dhtml($string)
{
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = dhtml($val);
}
} else {
$string = str_replace(array('"', '\'', '<', '>', "\t", "\r", '{', '}'), array('"', ''', '<', '>', ' ', '', '{', '}'), $string);
}
return $string;
}
public function checkLogin()
{
if ($_SESSION['verify'] !== md5($_POST['seccode'])) {
$this->error('验证码不正确', __GROUP__ . '/Login');
exit;
}
$username = isset($_POST['username']) ? dhtml($_POST['username']) : '';
$pwd = isset($_POST['password']) ? dhtml($_POST['password']) : '';
$list = M("Admin")->where("name='" . $username . "'")->find();
if ($list) {
if (md5($pwd) == $list['pwd']) {
$_SESSION['ok'] = 'true';
$_SESSION['roleid'] = $list['roleid'];
$_SESSION['name'] = $list['name'];
$this->success("登陆成功", __GROUP__ . "/Index/");
} else {
$this->error('用户或密码不正确', __GROUP__ . '/Login');
}
} else {
$this->error('用户或密码不正确', __GROUP__ . '/Login');
}
}
public function deluser()
{
$id = isset($_POST['id']) ? dhtml($_POST['id']) : '';
if (!empty($id)) {
$arr = explode(',', $id);
if (count($arr) > 1) {
foreach ($arr as $id) {
if ($id !== '1') {
echo "删除失败";
} else {
$query = D('Admin')->where("id='" . $id . "'")->delete();
}
}
} else {
if ($id == '1') {
echo "删除失败";
} else {
$query = D('Admin')->where("id='" . $id . "'")->delete();
}
}
if ($query) {
echo "删除成功";
} else {
echo "删除失败";
}
} else {
echo "删除失败";
}
}
public function savesort()
{
$method = dhtml($_GET['method']);
if (empty($method)) {
$this->error('', __URL__ . '/prosort');
}
$DB = D('procates');
if (!$DB->create()) {
$this->error($DB->getError(), __URL__ . '/prosort');
} else {
switch ($method) {
case "add":
$query = $DB->add();
$this->_jump($query, "prosort");
break;
case "edit":
$query = $DB->save();
$this->_jump($query, "prosort", "edit");
break;
}
}
}
public function control()
{
$model = isset($_GET['model']) ? dhtml($_GET['model']) : "";
if (empty($model)) {
$this->redirect('Index/main');
}
$DB = D("" . $model . "");
$method = isset($_GET['method']) ? dhtml($_GET['method']) : '';
if (empty($method)) {
$this->error('', __URL__ . '/model/' . $model);
}
if ($method == "edit") {
$id = isset($_GET['id']) ? intval($_GET['id']) : "";
if (!$id) {
$this->error(L('IDNULL'), __URL__ . '/model/' . $model);
}
$list = $DB->where("id={$id}")->find();
$this->assign('list', $list);
}
$columns = $DB->query("show columns from " . C('DB_PREFIX') . "{$model}");
unset($columns[0]);
$this->assign('columns', $columns);
$this->assign('method', $method);
$this->assign('model', $model);
$this->display();
}
public function _save()
{
$model = isset($_GET['model']) ? dhtml($_GET['model']) : "";
if (empty($model)) {
$this->redirect('Index/main');
}
$DB = D("" . $model . "");
$method = dhtml($_GET['method']);
if (empty($method)) {
$this->error('', __URL__ . '/' . $model);
}
//$DB=new TeamModel('team');
if (!$DB->create()) {
$this->error($DB->getError(), __URL__ . '/' . $model);
} else {
$module = "img";
$path = date("Ymd");
switch ($method) {
case "add":
if (!empty($_FILES['pic']['name'])) {
$pic = $this->_upload($module, $path);
$img = $pic[0]['savepath'] . $pic[0]['savename'];
$DB->pic = $img;
}
$query = $DB->add();
$this->_jump($query, "_list/model/{$model}");
break;
case "edit":
if (!empty($_FILES['pic']['name'])) {
$pic = $this->_upload($module, $path);
$img = $pic[0]['savepath'] . $pic[0]['savename'];
$DB->pic = $img;
}
$query = $DB->save();
$this->_jump($query, "_list/model/{$model}", "edit");
break;
}
}
}
public function saveeditsort()
{
$title = isset($_POST['title']) ? dhtml($_POST['title']) : '';
$ID = is_numeric($_POST['id']) ? $_POST['id'] : '';
if (empty($ID)) {
$this->error(L('ID') . L('NULL'), __URL__ . '/imgsort');
}
if (empty($title)) {
$this->error(L('IDNAME') . L('NULL'), __URL__ . '/imgsort');
}
if (!empty($_FILES['picpaths']['name'])) {
$path = date("Ymd");
$file = $this->_upload('img', $path);
$picpaths = $file[0]['savepath'] . $file[0]['savename'];
$data = array('title' => $title, 'picpaths' => $picpaths);
} else {
$data = array('title' => $title);
}
$where = array('id' => $ID);
$query = D('procates')->where($where)->save($data);
if ($query) {
$this->success(L('EDITSUCCESS'), __URL__ . '/imgsort');
} else {
$this->error(L('EDITFAILURE'), __URL__ . '/imgsort');
}
}
