/** * 取得POST过来的帐号字段 */ function post_myaccount() { global $_LANG; /* 基本字段提取 */ $fields = array(); $fields['password'] = trim($_POST['password']); /* 字段值检查 */ if ($fields['password'] != trim($_POST['passwordr'])) { make_json_fail($_LANG['fill_myaccount_repwd']); } /* 字段值重构 */ if ($fields['password'] == '') { unset($fields['password']); } else { $fields['password'] = md5($fields['password']); } return $fields; }
} elseif ($_REQUEST['act'] == 'loginsubmit') { /* 非法提交 */ if (!isset($_POST['submit'])) { sys_msg($_LANG['lawless_submit']); } /* 用户名或密码空检查 */ if (!trim($_POST['username']) || !trim($_POST['password'])) { make_json_fail(trim($_POST['username']) ? $_LANG['fill_login_pwd'] : $_LANG['fill_login_usr']); } /* 登陆 */ if (admin_login(trim($_POST['username']), md5(trim($_POST['password'])))) { admin_log($_LANG['str_login']); make_json_ok(); } /* 登陆失败 */ make_json_fail($_LANG['fail_login']); } elseif ($_REQUEST['act'] == 'logout') { admin_log($_LANG['str_logout']); admin_logout(); } elseif ($_REQUEST['act'] == 'flush') { /* 刷新权限系统 */ flush_privilege_sys(); /* 跳转到后台首页 */ redirect($_CFG['URL_ADMIN'] . 'index.php'); } elseif ($_REQUEST['act'] == 'home') { /* 初始化页面信息 */ $tpl['_title'] = false; /* 加载视图 */ include $_CFG['DIR_ADMIN_TPL'] . 'home.html'; } else { /* 初始化页面信息 */
function post_admin_check($fields = array(), $act = '') { global $_LANG; if (isset($fields['role_id']) && $fields['role_id'] <= 0) { make_json_fail($_LANG['fill_admin_role']); } if (isset($fields['username']) && $fields['username'] == '') { make_json_fail($_LANG['fill_admin_usr']); } if (isset($fields['username']) && exist_admin(array('username' => $fields['username'], 'admin_id' => $_POST['admin_id']))) { make_json_fail($_LANG['fill_admin_exist']); } if (isset($fields['name']) && $fields['name'] == '') { make_json_fail($_LANG['fill_admin_name']); } if ($act == 'add' && isset($fields['password']) && $fields['password'] == '') { make_json_fail($_LANG['fill_admin_pwd']); } }
/* 权限检查 */ admin_privilege_valid('db_backup.php', 'backup'); /* 检查上传是否成功 */ if (isset($_FILES['file']['error']) && $_FILES['file']['error'] != 0) { make_json_fail($_LANG['fill_dbbackup_sqlfile']); } /* 检查文件格式 */ if (substr($_FILES['file']['name'], -4) != '.sql') { make_json_fail($_LANG['file_ext_error']); } /* 设置文件路径 */ $fname = 'upload_sqlfile_temp.sql.php'; $fpath = $_CFG['DIR_ADMIN_DUMPSQL'] . $fname; /* 将文件移动到备份文件夹下 */ if (!move_uploaded_file($_FILES['file']['tmp_name'], $fpath)) { make_json_fail($_LANG['file_mov_fail']); } /* 导入SQL文件 */ if (import_sqlfile($fname) === false) { @unlink($fpath); make_json_ok($_LANG['fail_dbbackup_import']); } else { @unlink($fpath); make_json_ok($_LANG['ok_dbbackup_import']); } } elseif ($_REQUEST['act'] == 'del') { /* 权限检查 */ admin_privilege_valid('db_backup.php', 'backup'); /* 初始化参数 */ $_POST['ids'] = is_array($_POST['ids']) ? $_POST['ids'] : array(); /* 删除SQL文件 */
/** * 取得POST过来的权限字段 */ function post_privilege($act) { global $_LANG; /* 基本字段提取 */ $fields = array(); $fields['name'] = trim($_POST['name']); $fields['order'] = intval($_POST['order']); $fields['module_id'] = intval($_POST['parent_id']); $fields['module_act_code'] = trim($_POST['module_act_code']); $fields['module_act_name'] = trim($_POST['module_act_name']); /* 字段值检查 */ if ($fields['name'] == '') { make_json_fail($_LANG['fill_privilege_name']); } if ($fields['module_id'] == 0) { make_json_fail($_LANG['fill_privilege_module']); } if ($fields['module_act_name'] == '') { make_json_fail($_LANG['fill_privilege_aname']); } if ($fields['module_act_code'] == '') { make_json_fail($_LANG['fill_privilege_acode']); } /* 字段值检查 - 权限重复检查 */ $filter = array(); $filter['module_id'] = $fields['module_id']; $filter['privilege_id'] = $_POST['privilege_id']; $filter['module_act_code'] = $fields['module_act_code']; if (exist_privilege($filter)) { make_json_fail($_LANG['fill_privilege_exist']); } return $fields; }
function post_role_check($fields = array(), $act = '') { global $_LANG; if (isset($fields['name']) && $fields['name'] == '') { make_json_fail($_LANG['fill_role_name']); } }
/** * 取得POST过来的模块字段 */ function post_module($act) { global $_LANG; /* 基本字段提取 */ $fields = array(); $fields['name'] = trim($_POST['name']); $fields['file'] = trim($_POST['file']); /* 字段值检查 */ if ($fields['name'] == '') { make_json_fail($_LANG['fill_module_name']); } if ($fields['file'] == '') { make_json_fail($_LANG['fill_module_file']); } if (exist_module(array('file' => $fields['file'], 'module_id' => $_POST['module_id']))) { make_json_fail($_LANG['fill_module_exist']); } return $fields; }
/** * 创建或者更新当前管理员权限文件 * * @params arr $privs 权限信息数组 * * @return bol true 表示写入成功,失败则退出系统 */ function admin_pfile_create($privs) { global $_LANG; /* 权限信息字符串 */ $str = serialize($privs); /* 权限文件路径 */ $pfile = admin_pfile(); /* 写入文件 */ if (@file_put_contents($pfile, $str) === false) { /* 注销并返回系统消息 */ admin_destroy(); make_json_fail($_LANG['fail_pfile_create']); } /* 清除文件状态缓存 */ clearstatcache(); // 防止文件修改时间的缓存 /* 返回 */ return true; }