public function actionUpdate()
{
is_admin();
@($ip_update_array = $_POST['select_ip']);
if (!$ip_update_array) {
header("Location:index.php?action=control_panel&subtab=ban_ip");
exit;
}
foreach ($ip_update_array as $_ip) {
$this->_model->query(sprintf(parse_tbprefix("DELETE FROM <badip> WHERE ip = '%s'"), $_ip));
}
header("Location:index.php?action=control_panel&subtab=ban_ip");
}
/**
* Get specified config value
* @param $name config name
* @return mixed config value or NULL
*/
function getConfigVar($name)
{
global $db_url;
$db = YDB::factory($db_url);
$result = $db->queryAll(sprintf(parse_tbprefix("SELECT * FROM <sysvar> WHERE varname='%s'"), $db->escape_string($name)));
$result = @$result[0]['varvalue'];
if ($result) {
return $result;
} else {
return null;
}
}
public function actionControl_panel()
{
global $gd_exist, $zip_support;
is_admin();
$current_tab = 'overview';
$tabs_array = array('overview', 'siteset', 'message', 'ban_ip');
$tabs_name_array = array(t('ACP_OVERVIEW'), t('ACP_CONFSET'), t('ACP_MANAGE_POST'), t('ACP_MANAGE_IP'));
if (isset($_GET['subtab'])) {
if (in_array($_GET['subtab'], $tabs_array)) {
$current_tab = $_GET['subtab'];
}
}
$themes = get_all_themes();
$data = get_all_data(TRUE, false, TRUE, TRUE, false);
$reply_data = $this->_model->queryAll(parse_tbprefix("SELECT * FROM <reply>"));
$ban_ip_info = $this->_model->queryAll(parse_tbprefix("SELECT * FROM <badip>"));
$nums = count($data);
$reply_num = count($reply_data);
if ($gd_exist) {
$gd_info = gd_version();
$gd_version = $gd_info ? $gd_info : '<font color="red">' . t('UNKNOWN') . '</font>';
} else {
$gd_version = '<font color="red">GD' . t('NOT_SUPPORT') . '</font>';
}
$register_globals = ini_get("register_globals") ? 'On' : 'Off';
$magic_quotes_gpc = ini_get("magic_quotes_gpc") ? 'On' : 'Off';
$languages = get_all_langs();
$timezone_array = get_all_timezone();
$this->render('admin', array('tabs_array' => $tabs_array, 'current_tab' => $current_tab, 'tabs_name_array' => $tabs_name_array, 'nums' => $nums, 'reply_num' => $reply_num, 'gd_version' => $gd_version, 'register_globals' => $register_globals, 'magic_quotes_gpc' => $magic_quotes_gpc, 'zip_support' => $zip_support, 'themes' => $themes, 'timezone_array' => $timezone_array, 'languages' => $languages, 'data' => $data, 'ban_ip_info' => $ban_ip_info));
}
public function actionLogin()
{
global $API_CODE;
$session_name = session_name();
if (isset($_SESSION['admin'])) {
//若管理员已经登录
if (defined('API_MODE')) {
$json_array = array('admin' => $_SESSION['admin'], 'session_name' => $session_name, 'session_value' => session_id());
die(function_exists('json_encode') ? json_encode($json_array) : CJSON::encode($json_array));
}
header("Location:index.php?action=control_panel");
exit;
}
if (isset($_SESSION['user'])) {
//若普通用户已经登录
if (defined('API_MODE')) {
$json_array = array('user' => $_SESSION['user'], 'uid' => $_SESSION['uid'], 'session_name' => $session_name, 'session_value' => session_id());
die(function_exists('json_encode') ? json_encode($json_array) : CJSON::encode($json_array));
}
header("Location:index.php");
exit;
}
//exit;
if (isset($_REQUEST['user']) && isset($_REQUEST['password'])) {
//若用户提交了登录表单
$user = $this->_model->escape_string($_REQUEST['user']);
$password = $this->_model->escape_string($_REQUEST['password']);
if ($user == ZFramework::app()->admin && $password == ZFramework::app()->password) {
//若使用管理员帐户成功登录
$_SESSION['admin'] = $_REQUEST['user'];
if (defined('API_MODE')) {
$json_array = array('admin' => $_SESSION['admin'], 'session_name' => $session_name, 'session_value' => session_id());
die(function_exists('json_encode') ? json_encode($json_array) : CJSON::encode($json_array));
}
header("Location:index.php?action=control_panel");
exit;
} else {
//使用普通用户登录
$user_result = $this->_model->queryAll(sprintf(parse_tbprefix("SELECT * FROM <user> WHERE username='******' AND password='******'"), $user, $password));
$user_result = @$user_result[0];
if ($user_result) {
$_SESSION['user'] = $_REQUEST['user'];
$_SESSION['uid'] = $user_result['uid'];
if (defined('API_MODE')) {
$json_array = array('user' => $_REQUEST['user'], 'uid' => $user_result['uid'], 'session_name' => $session_name, 'session_value' => session_id());
die(function_exists('json_encode') ? json_encode($json_array) : CJSON::encode($json_array));
}
header("Location:index.php");
exit;
} else {
$errormsg = t('LOGIN_ERROR');
}
}
}
if (defined('API_MODE')) {
if (isset($errormsg)) {
$error_array = array('error_code' => '403', 'error' => $API_CODE['403'], 'error_detail' => $errormsg);
die(function_exists('json_encode') ? json_encode($error_array) : CJSON::encode($error_array));
} else {
$error_array = array('error_code' => '401', 'error' => $API_CODE['401'], 'error_detail' => t('LOGIN_REQUIRED'));
die(function_exists('json_encode') ? json_encode($error_array) : CJSON::encode($error_array));
}
}
include 'themes/' . ZFramework::app()->theme . '/templates/' . "login.php";
}
private function set_allowed_tags()
{
$this->_model->query(sprintf(parse_tbprefix("UPDATE <sysvar> SET varvalue='%s' WHERE varname='allowed_tags'"), $this->_model->escape_string($_POST['allowed_tags'])));
}
public function actionDeleteAll()
{
is_admin();
$this->_model->query(parse_tbprefix("DELETE FROM <reply>"));
header("location:index.php?action=control_panel&subtab=message");
}
