<?php
/**
* $Author: BEESCMS $
* ============================================================================
* 网站地址: http://www.beescms.com
* 您只能在不用于商业目的的前提下对程序代码进行修改和使用;
* 不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
*/
define('IN_CMS', 'true');
include 'init.php';
$action = isset($_REQUEST['action']) ? fl_html(fl_value($_REQUEST['action'])) : 'channel';
$lang = isset($_REQUEST['lang']) ? fl_html(fl_value($_REQUEST['lang'])) : get_lang_main();
//模型列表
if ($action == 'channel') {
$fl_path = DATA_PATH . 'cache_channel/cache_channel_all.php';
include 'template/admin_channel.html';
} elseif ($action == 'add') {
if (!check_purview('pannel_create')) {
msg('<span style="color:red">操作失败,你的权限不足!</span>');
}
include 'template/admin_channel_ad.html';
} elseif ($action == 'cache') {
if (!$GLOBALS['cache']->channel_cache($GLOBALS['lang']) || !$GLOBALS['cache']->cache_fields()) {
msg("缓存更新失败,请先添加模型");
}
msg("模型缓存完成", 'admin_main.php');
} elseif ($action == 'save_channel') {
if (!check_purview('pannel_create')) {
msg('<span style="color:red">操作失败,你的权限不足!</span>');
<?php
/**
* $Author: BEESCMS $
* ============================================================================
* 网站地址: http://www.beescms.com
* 您只能在不用于商业目的的前提下对程序代码进行修改和使用;
* 不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
*/
define('IN_CMS', 'true');
include 'init.php';
$action = isset($_REQUEST['action']) ? fl_html(fl_value($_REQUEST['action'])) : 'index';
$lang = isset($_REQUEST['lang']) ? fl_html(fl_value($_REQUEST['lang'])) : '';
//首页配置界面
if ($action == 'index') {
if (file_exists(DATA_PATH . 'index_info.php')) {
include DATA_PATH . 'index_info.php';
}
$index_info = isset($_index) ? $_index : array('flash_is' => 0);
if (file_exists(DATA_PATH . 'cache/lang_cache.php')) {
include DATA_PATH . 'cache/lang_cache.php';
}
include 'template/admin_index_info.html';
} elseif ($action == 'save_index') {
if (!check_purview('index_info')) {
msg('<span style="color:red">操作失败,你的权限不足!</span>');
}
if (!isset($_POST['submit'])) {
msg('<span style="color:red">请从表单提交</span>');
}
//载入模板
} elseif ($action == 'add') {
//是否开启留言本
$is_use = $mysql->get_row("select is_book from " . DB_PRE . "book_info where id=1");
if (!$is_use) {
die("<script type=\"text/javascript\">alert('" . $language['book_msg1'] . "');history.go(-1);</script>");
}
$book_code = $_POST['book_code'];
if ($book_code != $_SESSION['code']) {
die("<script type=\"text/javascript\">alert('{$language['member_msg2']}');history.go(-1);</script>");
}
$book_name = fl_html($_POST['book_name']);
$book_title = fl_html($_POST['book_title']);
$mail = fl_html($_POST['mail']);
$book_type = intval($_POST['book_type']);
$book_content = fl_html($_POST['book_content']);
$pr_id = intval($_POST['pr_id']);
if (empty($book_title)) {
die("<script type=\"text/javascript\">alert('" . $language['book_msg2'] . "');history.go(-1);</script>");
}
if (empty($book_content)) {
die("<script type=\"text/javascript\">alert('" . $language['book_msg3'] . "');history.go(-1);</script>");
}
$book_name = empty($book_name) ? empty($_SESSION['member_user']) ? '游客' : $_SESSION['member_user'] : cn_substr($book_name, 50);
$book_title = cn_substr($book_title, 60);
$book_content = cn_substr($book_content, 200);
$addtime = time();
//是否开启审核
$is_verify = $mysql->get_row("select book_verify from " . DB_PRE . "book_info where id=1");
$verify = $is_verify ? 0 : 1;
$sql = "insert into " . DB_PRE . "book (book_name,book_title,book_content,mail,book_type,pr_id,addtime,verify,lang) values ('{$book_name}','{$book_title}','{$book_content}','{$mail}',{$book_type},{$pr_id},'{$addtime}',{$verify},'{$lang}')";
<?php
/**
* $Author: BEESCMS $
* ============================================================================
* 网站地址: http://www.beescms.com
* 您只能在不用于商业目的的前提下对程序代码进行修改和使用;
* 不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
*/
define('IN_CMS', 'true');
include 'init.php';
$action = isset($_REQUEST['action']) ? fl_html(fl_value($_REQUEST['action'])) : 'member';
//会员列表
if ($action == 'member') {
$page = intval($_GET['page']);
if (file_exists(DATA_PATH . "cache/cache_member_group.php")) {
include DATA_PATH . "cache/cache_member_group.php";
}
$page = empty($page) ? 1 : $page;
$page_size = 20;
$page_num = ($page - 1) * $page_size;
$total_num = $GLOBALS['mysql']->fetch_rows("select id from " . DB_PRE . "member");
$total_page = ceil($total_num / $page_size);
$total_page = !$total_page ? 1 : $total_page;
$query = '';
$rel = $GLOBALS['mysql']->fetch_asc("select*from " . DB_PRE . "member order by id desc limit " . $page_num . ',' . $page_size);
include 'template/admin_member.html';
} elseif ($action == 'add') {
if (!check_purview('user_manage')) {
msg('<span style="color:red">操作失败,你的权限不足!</span>');
<?php
/**
* $Author: BEESCMS $
* ============================================================================
* 网站地址: http://www.beescms.com
* 您只能在不用于商业目的的前提下对程序代码进行修改和使用;
* 不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
*/
define('IN_CMS', 'true');
include 'init.php';
$action = isset($_REQUEST['action']) ? fl_html(fl_value($_REQUEST['action'])) : 'sys';
//系统设置页
if ($action == 'sys') {
if (file_exists(DATA_PATH . 'sys_info.php')) {
include DATA_PATH . 'sys_info.php';
}
include 'template/admin_sys.html';
} elseif ($action == 'add_sys') {
if (!check_purview('sys_info')) {
msg('<span style="color:red">操作失败,你的权限不足!</span>');
}
if (!isset($_POST['submit'])) {
msg('<span style="color:red">请从表单提交</span>');
}
unset($_POST['action'], $_POST['submit']);
foreach ($_POST as $k => $v) {
$info[$k] = $v;
}
$sql = "update " . DB_PRE . "cmsinfo set info_array='" . addslashes(var_export($info, 'true')) . "' where id=1 and info_tag='sys'";
.pic p{line-height:25px; line-height:25px;}
.pic_list_ct{margin:10px 0;}
.pic_list_ct li{width:80px; height:100px; display:block; float:left; margin-bottom:10px; margin-right:10px; display:inline}
.pic_list li_ct label{display:block; height:20px; line-height:20px;}
.sl_pic{margin-top:10px; height:25px; background:#FFFFFF; border:1px solid #ccc; padding:5px;}
.sl_pic span{padding-left:8px; color:#0000FF}
</style>
</head>
<body>
<base target="_self">
<?php
$submit = $_POST['uppic'];
if ($submit) {
$up = $_POST['up'];
$file_info = fl_html($_POST['file_info']);
$value_arr = array('');
$type = explode('|', $type_file);
//有文件
if (is_uploaded_file($_FILES['up']['tmp_name'])) {
$value_arr = up_file($_FILES['up'], $_sys['upload_size'], $type);
//处理上传后的图片信息
$file_path = $value_arr['file'];
//文件保存路径
$file_ext = $value_arr['ext'];
//文件扩展名
$file_size = empty($value_arr['size']) ? 0 : $value_arr['size'];
//文件大小
$file_time = $value_arr['time'];
//上传时间
//入库
} elseif ($action == 'add_coll') {
} elseif ($action == 'password') {
$url = $language['member_msg28'];
$tpl->assign('position', get_dy_position($url));
//位置
if (empty($_SESSION['member_user']) || empty($_SESSION['member_id']) || empty($_SESSION['member_login'])) {
die('<script type="text/javascript">location.href=\'?action=login&lang=' . $lang . '\';</script>');
}
$tpl->display('member_login');
} elseif ($action == 'save_password') {
if (empty($_SESSION['member_user']) || empty($_SESSION['member_id']) || empty($_SESSION['member_login'])) {
die('<script type="text/javascript">location.href=\'?action=login&lang=' . $lang . '\';</script>');
}
$password_use = trim(fl_html(fl_value($_POST['password_use'])));
$password_new = trim(fl_html(fl_value($_POST['password_new'])));
$password_new2 = trim(fl_html(fl_value($_POST['password_new2'])));
if (empty($password_use) || empty($password_new) || empty($password_new2)) {
die("<script type=\"text/javascript\">alert('{$language['member_msg8']}');history.go(-1);</script>");
}
$sql = "select member_password from " . DB_PRE . "member where id=" . $_SESSION['member_id'];
$rel = $GLOBALS['mysql']->get_row($sql);
if (md5($password_use) != $rel) {
die("<script type=\"text/javascript\">alert('{$language['member_msg26']}');history.go(-1);</script>");
}
if ($password_new != $password_new2) {
die("<script type=\"text/javascript\">alert('{$language['member_msg9']}');history.go(-1);</script>");
}
$sql = "update " . DB_PRE . "member set member_password='******' where id=" . $_SESSION['member_id'];
$GLOBALS['mysql']->query($sql);
die("<script type=\"text/javascript\">alert('{$language['member_msg18']}');history.go(-1);</script>");
} elseif ($action == 'out') {
function check_login($user, $password)
{
$rel = $GLOBALS['mysql']->fetch_asc("select id,admin_name,admin_password,admin_purview,is_disable from " . DB_PRE . "admin where admin_name='" . $user . "' limit 0,1");
$rel = empty($rel) ? '' : $rel[0];
if (empty($rel)) {
msg('不存在该管理用户', 'login.php');
}
$password = md5($password);
if ($password != $rel['admin_password']) {
msg("输入的密码不正确");
}
if ($rel['is_disable']) {
msg('该账号已经被锁定,无法登陆');
}
$_SESSION['admin'] = $rel['admin_name'];
$_SESSION['admin_purview'] = $rel['admin_purview'];
$_SESSION['admin_id'] = $rel['id'];
$_SESSION['admin_time'] = time();
$_SESSION['login_in'] = 1;
$_SESSION['login_time'] = time();
$ip = fl_value(get_ip());
$ip = fl_html($ip);
$_SESSION['admin_ip'] = $ip;
unset($rel);
header("location:admin.php");
}
}
$value = $value_str;
}
$sql_value .= ",'" . fl_html($value) . "'";
}
} else {
die('表单不能为空<a href="javascript:history.go(-1);">返回</a>');
}
$table = $form['form_mark'];
$tables = $mysql->show_tables();
if (!in_array(DB_PRE . $table, $tables)) {
die('发生错误,该表单已经停止使用,不能添加表单信息<a href="javascript:history.go(-1);">返回</a>');
}
$addtime = time();
$ip = fl_value(get_ip());
$ip = fl_html($ip);
$member_id = empty($_SESSION['id']) ? 0 : $_SESSION['id'];
$arc_id = empty($f_id) ? 0 : intval($_POST['f_id']);
$sql = "insert into " . DB_PRE . "formlist (form_id,form_time,form_ip,member_id,arc_id) values ({$form_id},{$addtime},'{$ip}','{$member_id}','{$arc_id}')";
$mysql->query($sql);
$last_id = $mysql->insert_id();
$sql_field = 'id' . $sql_field;
$sql_value = $last_id . $sql_value;
$sql = "insert into " . DB_PRE . "{$table} ({$sql_field}) values ({$sql_value})";
$mysql->query($sql);
//发送邮件
if (!empty($_sys['mail_feed'])) {
if (in_array('1', $_sys['mail_feed'])) {
$table = $form['form_mark'];
if (!empty($table)) {
$rel = $GLOBALS['mysql']->fetch_asc("select*from " . DB_PRE . "{$table} where id={$last_id}");
session_start();
$s_code = empty($_SESSION['code']) ? '' : $_SESSION['code'];
$_SESSION['login_in'] = empty($_SESSION['login_in']) ? '' : $_SESSION['login_in'];
$_SESSION['admin'] = empty($_SESSION['admin']) ? '' : $_SESSION['admin'];
if ($_SESSION['login_in'] && $_SESSION['admin']) {
header("location:admin.php");
}
$action = empty($_GET['action']) ? 'login' : $_GET['action'];
if ($action == 'login') {
global $_sys;
include 'template/admin_login.html';
} elseif ($action == 'ck_login') {
global $submit, $user, $password, $_sys, $code;
$submit = $_POST['submit'];
$user = fl_html(fl_value($_POST['user']));
$password = fl_html(fl_value($_POST['password']));
$code = $_POST['code'];
if (!isset($submit)) {
msg('请从登陆页面进入');
}
if (empty($user) || empty($password)) {
msg("密码或用户名不能为空");
}
if (!empty($_sys['safe_open'])) {
foreach ($_sys['safe_open'] as $k => $v) {
if ($v == '3') {
if ($code != $s_code) {
msg("验证码不正确!");
}
}
}
