예제 #1
0
파일: admin_conn.php 프로젝트: klarclm/sgv
function chkLogin2()
{
    global $db;
    $m_id = getCookie('adminid');
    ckSql($m_id);
    $m_name = getCookie('adminname');
    ckSql($m_name);
    $m_check = getCookie('admincheck');
    ckSql($m_check);
    $index = 'index.php';
    if (strpos($_SERVER['PHP_SELF'], 'editor') > -1) {
        $index = "../" . $index;
    }
    if (!isN($m_name) && !isNum($m_id)) {
        $row = $db->getRow('SELECT * FROM {pre}manager WHERE m_name=\'' . mysql_real_escape_string($m_name) . '\' AND m_id= \'' . $m_id . '\' AND m_status=1');
        if ($row) {
            $loginValidate = md5($row['m_random'] . $row['m_name'] . $row['m_id']);
            if ($m_check != $loginValidate) {
                sCookie('admincheck', '');
                redirect($index . '?m=admin-login', 'top.');
            }
        } else {
            sCookie('admincheck', '');
            redirect($index . '?m=admin-login', 'top.');
        }
    } else {
        redirect($index . '?m=admin-login', 'top.');
    }
}
예제 #2
0
파일: admin.php 프로젝트: klarclm/sgv
<?php

if (!defined('MAC_ADMIN')) {
    exit('Access Denied');
}
if ($method == 'check') {
    $m_name = be('post', 'm_name');
    ckSql($m_name);
    $m_password = be('post', 'm_password');
    ckSql($m_password);
    $m_password = md5($m_password);
    $m_check = be('post', 'm_check');
    ckSql($m_check);
    if (isN($m_name) || isN($m_password) || isN($m_check)) {
        alertUrl('请输入您的用户名、密码和安全码!!!', '?m=admin-login');
    }
    $row = $db->getRow('SELECT * FROM {pre}manager WHERE m_name=\'' . mysql_real_escape_string($m_name) . '\' AND m_password = \'' . $m_password . '\' AND m_status=1');
    if ($row && $m_check == $MAC['app']['safecode']) {
        $_SESSION['adminauth'] = TRUE;
        $_SESSION['adminid'] = $row['m_id'];
        $_SESSION['adminname'] = $row['m_name'];
        session_regenerate_id();
        $randnum = md5(rand(1, 99999999));
        sCookie('adminid', $row['m_id']);
        sCookie('adminname', $row['m_name']);
        sCookie('adminlevels', $row['m_levels']);
        sCookie('admincheck', md5($randnum . $row['m_name'] . $row['m_id']));
        $db->Update('{pre}manager', array('m_logintime', 'm_loginip', 'm_random'), array(time(), ip2long(getIP()), $randnum), ' m_id=' . $row['m_id']);
        redirect('?m=admin-index');
    } else {
        alertUrl('您输入的用户名和密码不正确或者您不是系统管理员!', '?m=admin-login');