function login_check($username, $password) { global $con, $DB_SALT; // print $username.$password.$DB_SALT; // $Pwd = strrev($username).'#'. $DB_SALT .'#'.strrev($password); // $Pwd = md5($Pwd); if ($username && $password) { $Pwd = pwd_encode($username, $password); $query = "SELECT * FROM User WHERE NAME='" . $username . "' AND Password='******'"; // print '$query= '. $query . '<br>'; $result = mysql_query($query); if ($row = mysql_fetch_array($result)) { $_SESSION['user'] = $row['Name']; $_SESSION['userID'] = $row['ID']; $_SESSION['isadmin'] = $row['Is_Admin']; return True; } } // check token $token = check_sql(trim($_REQUEST['token'])); if ($token and $token != '') { $query = "SELECT * From User WHERE Token='{$token}'"; // print '$query= '. $query . '<br>'; $result = mysql_query($query); if ($row = mysql_fetch_array($result)) { $_SESSION['user'] = $row['Name']; $_SESSION['userID'] = $row['ID']; $_SESSION['isadmin'] = $row['Is_Admin']; return True; } } return False; }
function login_check($username, $password) { global $con, $DB_SALT; // $Pwd = strrev($username).'#'. $DB_SALT .'#'.strrev($password); // $Pwd = md5($Pwd); $Pwd = pwd_encode($username, $password); $query = "SELECT * FROM User WHERE NAME='" . $username . "' AND Password='******'"; print '$query= ' . $query . '<br>'; $result = mysql_query($query); if ($row = mysql_fetch_array($result)) { return $row; } return False; }
function login_sub() { $_POST['admin_name'] == NULL || $_POST['admin_pwd'] == NULL && exit; if (isset($_COOKIE['qcs_auth'])) { $id = explode("\t", strcode($_COOKIE['qcs_auth'], $this->setting['auth_key'], 'DECODE')); (!is_numeric($id[0]) || $id[0] != 1) && $this->redirect('Index/index'); } else { $this->redirect('Account/login'); } if (M('user')->where(array('name' => remove_xss($_POST['admin_name']), 'pwd' => pwd_encode($_POST['admin_pwd'])))->getField('id') == 1) { Session::set('aid', 1); $this->redirect('Admin/main'); } else { $this->assign('script', '<script>alert("您的输入有误,请重新输入")</script>'); $this->display('Admin/login'); } }
function activate_receive() { $this->uid != NULL && exit('Access Denied!'); $this->toclose(); $info = unserialize(Session::get('activate_info')); ($this->setting['ucenter_on'] != 1 || $info == NULL || $info[0] < 0 || !$this->isAjax() || $this->uid != NULL) && exit('Access Denied!'); $user = M('user'); $user->where(array('name' => $info[1]))->count() != 0 && exit('失败:用户名被占用'); $user->where(array('email' => $info[3]))->count() != 0 && exit('失败:邮箱被占用'); if ($id = $user->add(array('name' => $info[1], 'pwd' => pwd_encode($info[2]), 'email' => $info[3], 'province' => $this->post['province'], 'city' => $this->post['city'], 'county' => $this->post['county']))) { $auth_id = strcode($id . "\t" . md5($this->setting['auth_key']), $this->setting['auth_key'], 'ENCODE'); if ($info['auto'] == 1) { setcookie('qcs_auth', $auth_id, time() + 365 * 24 * 3600, '/'); } else { if ($this->post['is_auto'] == 0) { setcookie('qcs_auth', $auth_id, NULL, '/'); } } Session::set('activate_info', NULL); echo '激活成功,点此进入首页' . uc_user_synlogin($info[0]); } }
} $type = trim($_REQUEST['type']); $username = $_SESSION['user']; $ret = array('code' => 0); switch ($type) { case 'changepwd': $oldpwd = trim($_REQUEST['oldpwd']); $newpwd = trim($_REQUEST['newpwd']); $oldpwdhash = pwd_encode($username, $oldpwd); $query = "SELECT ID FROM User WHERE Name='{$username}' AND Password='******'"; $result = mysql_query($query); $row = mysql_fetch_row($result); // var_dump($row); if (count($row) && ($id = intval($row[0]))) { // echo '$id='.$id.'<br>'; $newpwdhash = pwd_encode($username, $newpwd); $query = "UPDATE User SET Password= '******' WHERE ID = '{$id}'"; $result = mysql_query($query); // var_dump($result); if ($result) { $ret['code'] = 1; $ret['info'] = 'change password success'; } else { $ret['info'] = 'something wrong'; } } else { $ret['info'] = 'password wrong'; } break; case 'getinfo': $query = "SELECT ID FROM User WHERE Name='{$username}'";