function check_submit($submit, $formhash)
{
if (empty($submit)) {
return FALSE;
} else {
global $_SERVER;
if ($formhash == form_hash() && preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])) {
return TRUE;
} else {
return FALSE;
}
}
}
private function init_sid()
{
$sid_pre = C('COOKIE_PREFIX') . 'sid';
if (empty($_COOKIE[$sid_pre])) {
$sid = substr(md5($_SERVER['REMOTE_ADDR']) . rand(1, 2147483647), 0, 16);
// 兼容32,64位
$_SERVER['time'] = isset($_SERVER['REQUEST_TIME']) ? $_SERVER['REQUEST_TIME'] : time();
set_cookie(C('COOKIE_PREFIX') . 'sid', $sid, $_SERVER['time'] + 86400 * 30, '/');
} else {
$sid = $_COOKIE[$sid_pre];
}
$this->_sid = $sid;
$this->assign('_sid', $this->_sid);
define('FORM_HASH', form_hash(C('PUBLIC_KEY')));
}
$baseurl = "http://{$_SERVER['HTTP_HOST']}" . substr($tmp, 0, strrpos($tmp, '/'));
} else {
$baseurl = "http://{$_SERVER['HTTP_HOST']}" . substr($tmp, 0, strrpos($tmp, '/'));
}
if ($gzipcompress && function_exists('ob_gzhandler') && CURSCRIPT != 'wap') {
ob_start('ob_gzhandler');
} else {
$gzipcompress = 0;
ob_start();
}
$dblink = new db_sql();
$dblink->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
$_DCOOKIE = $_DCACHE = array();
list($cyask_uid, $username, $email) = explode("\t", uc_authcode($_COOKIE['auth'], 'DECODE'));
define('FORMHASH', form_hash());
$styleid = $_DCOOKIE['styleid'] ? $_DCOOKIE['styleid'] : 1;
$cyask_adminid = 0;
if ($cyask_uid) {
$query = $dblink->query("SELECT username,password,adminid,groupid FROM {$dbprefix}members WHERE uid={$cyask_uid}");
$members = $dblink->fetch_array($query);
if (empty($members)) {
$members = array();
list($uid, $uname, $email) = uc_get_user($cyask_uid, 1);
$dblink->query("INSERT INTO {$dbprefix}members(uid,username,email,adminid,groupid,regdate) VALUES('{$cyask_uid}','{$username}','{$email}','5','0','" . time() . "')");
$cyask_user = $username;
unset($uid, $uname);
$adminid = '5';
$groupid = 0;
$cyask_adminid = $adminid == 1 || $groupid == 3 ? 1 : 0;
} else {
<?php
/*
[CYASK] (C)2007 Cyask.com QQ: 240508015
Revision: 3.0.0 for Discuz
Date: 2007/4/23
*/
define('CURSCRIPT', 'admin');
@set_time_limit(600);
error_reporting(7);
require './include/common.inc.php';
require CYASK_ROOT . './admin/admin.func.php';
@extract(daddslashes($_POST));
@extract(daddslashes($_GET));
$admin_days = date("md");
define('ADMINHASH', form_hash($admin_days));
$admin_check = $_COOKIE['adminhash'] == ADMINHASH ? 1 : 0;
$admin_login = $cyask_user && $cyask_adminid && $admin_check ? 1 : 0;
$grade = $_GET['grade'] ? $_GET['grade'] : 1;
if (empty($admin_action) || isset($frames)) {
$admin_action = 'home';
?>
<html>
<head>
<title>CYASK admin</title>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $charset;
?>
" />
</head>
<frameset rows=30,* cols="*" frameborder="yes" border="1" framespacing="6">
Atag_Ajax_Submit(_url, params, 'POST', $(this));
});
});
</script>
<div class="btn-toolbar list-toolbar">
<a class="btn btn-primary sys-ajax-btn-submit" data-loading="保存中..." ><i class="fa fa-save"></i> <span class="sys-btn-submit-str">保存</span></a>
<button class="btn btn-default" onclick="javascript:history.go(-1);" type="button">返回</button>
<input type="hidden" name="id" value="<?php
echo $id;
?>
" />
<input type="hidden" name="all" value="<?php
echo implode(',', $all);
?>
" />
<input type="hidden" name="_form_hash" value="<?php
echo form_hash(['id' => $id, 'all' => implode(',', $all)]);
?>
" />
</div>
</div>
</div>
</div>
<?php
echo widget('Admin.Common')->footer();
?>
</div>
</div>
<?php
echo widget('Admin.Common')->htmlend();
<div id="c90">
<div class="t3 bcb"><div class="t3t bgb">ÖØÉèÃÜÂë</div></div>
<div class="b3 bcb mb12">
<br />
<form name="loginform" action="register.php" method="post" onsubmit="return check_getpwform(this);">
<table cellspacing="0" cellpadding="0" width="100%" valign="top" border="0">
<tr><td class="f14" width="100%" height="50" colspan="2" valign="top" align="center">ÖØÐÂÉèÖÃÃÜÂ룺ÌîдÄú×¢²áʱËùÓõÄÓÊÏäµØÖ·</td></tr>
<tr><td class="f14" width="40%" height="35" align="right" valign="top" nowrap="nowrap">µç×ÓÓÊÏä : </td>
<td width="60%" height="35" valign="top"><input type="text" name="email" size="30" maxlength="50" /></td></tr>
<tr>
<td class="f14" height="35" align="right" valign="top" nowrap="nowrap"> </td>
<td height="35" valign="top">
<input type="submit" name="getpwsubmit" value="ÖØÉèÃÜÂë" class="bnsrh" />
<input type="hidden" name="command" value="getpw" />
<input type="hidden" name="formhash" value="<?php
echo form_hash();
?>
" />
<input type="hidden" name="url" value="<?php
echo $url;
?>
" />
</td></tr>
</table>
</form>
<br />
</div>
</div>
<br />
<?php
include template('footer');
function admin_login($backaction = '')
{
global $lang;
$formhash = form_hash();
print <<<END
\t<br /><br /><br /><br /><br /><br />
\t<form method="post" name="loginForm" action="admin.php">
\t<table cellspacing="1" cellpadding="2" width="60%" align="center" class="tableborder">
\t\t<tr class="header"><td colspan="2">{$lang['safecode_required']}</td></tr>
\t\t<tr><td class="altbg1" height=10 colspan="2"> </td></tr>
\t\t<tr><td class="altbg1" width="25%"> {$lang['username']}:</td><td class="altbg2">
\t\t<input type="text" name="username" size="25" value="{$cyask_user}" /></td></tr>
\t\t<tr><td class="altbg1" width="25%"> {$lang['password']}:</td><td class="altbg2">
\t\t<input type="password" name="password" size="25" />
\t\t<input type="hidden" name="admin_action" value="login" />
\t\t<input type="hidden" name="formhash" value="{$formhash}" />
\t\t<input type="hidden" name="backaction" value="{$backaction}" />
\t\t</td></tr>
\t\t<tr valign="middle"><td class="altbg1" width="25%" height="35"> </td><td class="altbg2">
\t\t<input type="submit" name="login_submit" value="{$lang['submit']}">
\t\t</td></tr>
\t</table>
\t</form>
\t<br /><br />
END;
}
</tbody>
</table>
</div>
</div>
</div>
</div>
<input type="hidden" name="stepId" value="<?php
echo $stepId;
?>
" >
<input type="hidden" name="workflowId" value="<?php
echo $workflowId;
?>
" >
<input type="hidden" name="_form_hash" value="<?php
echo form_hash(['stepId' => $stepId, 'workflowId' => $workflowId]);
?>
" />
<?php
echo widget('Admin.WorkflowStep')->selected();
?>
</form>
<?php
echo isset($page) ? $page : '';
?>
</div>
<?php
echo widget('Admin.Common')->footer();
?>
</div>
</div>
<?php
}
?>
<?php
if (isset($stepId, $workflow_Id)) {
?>
<input name="workflow_step_id" type="hidden" value="<?php
echo $stepId;
?>
" />
<input name="workflow_id" type="hidden" value="<?php
echo $workflow_Id;
?>
" />
<input type="hidden" name="_form_hash" value="<?php
echo form_hash(['workflow_step_id' => $stepId, 'workflow_id' => $workflow_Id]);
?>
" />
<?php
}
?>
</form>
</div>
</div>
</div>
</div>
<?php
echo widget('Admin.Common')->footer();
?>
</div>