function login_check($username, $password)
{
global $con, $DB_SALT;
// print $username.$password.$DB_SALT;
// $Pwd = strrev($username).'#'. $DB_SALT .'#'.strrev($password);
// $Pwd = md5($Pwd);
if ($username && $password) {
$Pwd = pwd_encode($username, $password);
$query = "SELECT * FROM User WHERE NAME='" . $username . "' AND Password='******'";
// print '$query= '. $query . '<br>';
$result = mysql_query($query);
if ($row = mysql_fetch_array($result)) {
$_SESSION['user'] = $row['Name'];
$_SESSION['userID'] = $row['ID'];
$_SESSION['isadmin'] = $row['Is_Admin'];
return True;
}
}
// check token
$token = check_sql(trim($_REQUEST['token']));
if ($token and $token != '') {
$query = "SELECT * From User WHERE Token='{$token}'";
// print '$query= '. $query . '<br>';
$result = mysql_query($query);
if ($row = mysql_fetch_array($result)) {
$_SESSION['user'] = $row['Name'];
$_SESSION['userID'] = $row['ID'];
$_SESSION['isadmin'] = $row['Is_Admin'];
return True;
}
}
return False;
}
function login_check($username, $password)
{
global $con, $DB_SALT;
// $Pwd = strrev($username).'#'. $DB_SALT .'#'.strrev($password);
// $Pwd = md5($Pwd);
$Pwd = pwd_encode($username, $password);
$query = "SELECT * FROM User WHERE NAME='" . $username . "' AND Password='******'";
print '$query= ' . $query . '<br>';
$result = mysql_query($query);
if ($row = mysql_fetch_array($result)) {
return $row;
}
return False;
}
function login_sub()
{
$_POST['admin_name'] == NULL || $_POST['admin_pwd'] == NULL && exit;
if (isset($_COOKIE['qcs_auth'])) {
$id = explode("\t", strcode($_COOKIE['qcs_auth'], $this->setting['auth_key'], 'DECODE'));
(!is_numeric($id[0]) || $id[0] != 1) && $this->redirect('Index/index');
} else {
$this->redirect('Account/login');
}
if (M('user')->where(array('name' => remove_xss($_POST['admin_name']), 'pwd' => pwd_encode($_POST['admin_pwd'])))->getField('id') == 1) {
Session::set('aid', 1);
$this->redirect('Admin/main');
} else {
$this->assign('script', '<script>alert("您的输入有误,请重新输入")</script>');
$this->display('Admin/login');
}
}
function activate_receive()
{
$this->uid != NULL && exit('Access Denied!');
$this->toclose();
$info = unserialize(Session::get('activate_info'));
($this->setting['ucenter_on'] != 1 || $info == NULL || $info[0] < 0 || !$this->isAjax() || $this->uid != NULL) && exit('Access Denied!');
$user = M('user');
$user->where(array('name' => $info[1]))->count() != 0 && exit('失败:用户名被占用');
$user->where(array('email' => $info[3]))->count() != 0 && exit('失败:邮箱被占用');
if ($id = $user->add(array('name' => $info[1], 'pwd' => pwd_encode($info[2]), 'email' => $info[3], 'province' => $this->post['province'], 'city' => $this->post['city'], 'county' => $this->post['county']))) {
$auth_id = strcode($id . "\t" . md5($this->setting['auth_key']), $this->setting['auth_key'], 'ENCODE');
if ($info['auto'] == 1) {
setcookie('qcs_auth', $auth_id, time() + 365 * 24 * 3600, '/');
} else {
if ($this->post['is_auto'] == 0) {
setcookie('qcs_auth', $auth_id, NULL, '/');
}
}
Session::set('activate_info', NULL);
echo '激活成功,点此进入首页' . uc_user_synlogin($info[0]);
}
}
}
$type = trim($_REQUEST['type']);
$username = $_SESSION['user'];
$ret = array('code' => 0);
switch ($type) {
case 'changepwd':
$oldpwd = trim($_REQUEST['oldpwd']);
$newpwd = trim($_REQUEST['newpwd']);
$oldpwdhash = pwd_encode($username, $oldpwd);
$query = "SELECT ID FROM User WHERE Name='{$username}' AND Password='******'";
$result = mysql_query($query);
$row = mysql_fetch_row($result);
// var_dump($row);
if (count($row) && ($id = intval($row[0]))) {
// echo '$id='.$id.'<br>';
$newpwdhash = pwd_encode($username, $newpwd);
$query = "UPDATE User SET Password= '******' WHERE ID = '{$id}'";
$result = mysql_query($query);
// var_dump($result);
if ($result) {
$ret['code'] = 1;
$ret['info'] = 'change password success';
} else {
$ret['info'] = 'something wrong';
}
} else {
$ret['info'] = 'password wrong';
}
break;
case 'getinfo':
$query = "SELECT ID FROM User WHERE Name='{$username}'";
