function _login($forward = '')
{
global $_GPC, $_W;
load()->model('user');
$member = array();
$username = trim($_GPC['username']);
if (empty($username)) {
message('请输入要登录的用户名');
}
$member['username'] = $username;
$member['password'] = $password = $_GPC['password'];
if (empty($member['password'])) {
message('请输入密码');
}
$record = user_single($member);
if (!empty($record)) {
/*if($record['status'] == 1) {
message('您的账号正在审核或是已经被系统禁止,请联系网站管理员解决!');
}*/
$founders = explode(',', $_W['config']['setting']['founder']);
$_W['isfounder'] = in_array($record['uid'], $founders);
if ($_W['siteclose'] && !$_W['isfounder']) {
$settings = setting_load('copyright');
message('站点已关闭,关闭原因:' . $settings['copyright']['reason']);
}
$cookie = array();
$cookie['uid'] = $record['uid'];
$cookie['lastvisit'] = $record['lastvisit'];
$cookie['lastip'] = $record['lastip'];
$cookie['hash'] = md5($record['password'] . $record['salt']);
$session = base64_encode(json_encode($cookie));
isetcookie('__session', $session, !empty($_GPC['rember']) ? 7 * 86400 : 0);
$status = array();
$status['uid'] = $record['uid'];
$status['lastvisit'] = TIMESTAMP;
$status['lastip'] = CLIENT_IP;
user_update($status);
if (empty($forward)) {
$forward = $_GPC['forward'];
}
if (empty($forward)) {
$forward = './index.php?c=index&a=index';
}
$_W['user'] = $record;
if (cly_isAdmin()) {
message('', url('admin/index'));
} else {
message('', $forward);
}
//message("欢迎回来,{$record['username']}。", $forward);
} else {
message('登录失败,请检查您输入的用户名和密码!');
}
}
function _login($forward = '')
{
global $_GPC;
load()->model('user');
$member = array();
$username = trim($_GPC['username']);
if (empty($username)) {
message('请输入要登录的用户名');
}
$member['username'] = $username;
$member['password'] = $_GPC['password'];
if (empty($member['password'])) {
message('请输入密码');
}
if ($_GPC['admin']) {
$record = user_single($member);
} else {
$record = biz_login($username, $member['password']);
if (!empty($record)) {
$record['username'] = $record['UserName'];
$record['uid'] = $record['UserGUID'];
$record['password'] = $record['Password'];
}
}
if (!empty($record)) {
if ($record['status'] == -1) {
message('您的账号正在核合或是已经被系统禁止,请联系网站管理员解决!');
}
$cookie = array();
$cookie['uid'] = $record['uid'];
$cookie['lastip'] = $record['lastip'];
$cookie['token'] = $record['Token'];
$cookie['hash'] = md5($record['password'] . $record['salt']);
if ($_GPC['admin']) {
$cookie['admin'] = 1;
}
$session = base64_encode(json_encode($cookie));
isetcookie('__session', $session, 86400);
if (empty($forward)) {
$forward = $_GPC['forward'];
}
if (empty($forward)) {
$forward = './index.php?c=project&a=display';
}
message("欢迎回来,{$record['username']}。", $forward);
} else {
message('登录失败,请检查您输入的用户名和密码!');
}
}
<?php
/**
* @FreeGo Team 智慧游
* @url http://www.cninone.com/
*/
load()->model('user');
$_W['token'] = token();
$session = json_decode(base64_decode($_GPC['__session']), true);
if (is_array($session)) {
$user = user_single(array('uid' => $session['uid']));
if (is_array($user) && $session['hash'] == md5($user['password'] . $user['salt'])) {
$_W['uid'] = $user['uid'];
$_W['username'] = $user['username'];
$user['currentvisit'] = $user['lastvisit'];
$user['currentip'] = $user['lastip'];
$user['lastvisit'] = $session['lastvisit'];
$user['lastip'] = $session['lastip'];
$_W['user'] = $user;
$founders = explode(',', $_W['config']['setting']['founder']);
$_W['isfounder'] = in_array($_W['uid'], $founders);
unset($founders);
} else {
isetcookie('__session', false, -100);
}
unset($user);
}
unset($session);
if (!empty($_GPC['__uniacid'])) {
$_W['uniacid'] = intval($_GPC['__uniacid']);
$_W['weid'] = $_W['uniacid'];
public function doMobileLogin()
{
global $_W, $_GPC;
$rid = intval($_GPC['rid']);
if ($_W['ispost']) {
$member = array('username' => $_GPC['username'], 'password' => $_GPC['password']);
load()->model('user');
$record = user_single($member);
if (!empty($record)) {
if ($record['status'] == 1) {
exit(json_encode(array('status' => false)));
}
isetcookie('__xwz_session_' . $_W['uniacid'] . '_' . $rid, $record['uid'], 0);
exit(json_encode(array('status' => true)));
}
exit(json_encode(array('status' => false)));
}
include $this->template('login');
}
cache_delete("cardticket:{$acid}");
load()->model('module');
module_build_privileges();
if (!empty($_GPC['from'])) {
message('公众号权限修改成功', url('account/post-step/', array('uniacid' => $uniacid, 'step' => 3, 'from' => 'list')), 'success');
} else {
header("Location: " . url('account/post-step/', array('uniacid' => $uniacid, 'acid' => $acid, 'step' => 4)));
exit;
}
}
$unigroups = uni_groups();
$settings = uni_setting($uniacid, array('notify'));
$notify = $settings['notify'] ? $settings['notify'] : array();
$ownerid = pdo_fetchcolumn("SELECT uid FROM " . tablename('uni_account_users') . " WHERE uniacid = :uniacid AND role = 'owner'", array(':uniacid' => $uniacid));
if (!empty($ownerid)) {
$owner = user_single(array('uid' => $ownerid));
$owner['group'] = pdo_fetch("SELECT id, name, package FROM " . tablename('users_group') . " WHERE id = :id", array(':id' => $owner['groupid']));
$owner['group']['package'] = iunserializer($owner['group']['package']);
}
$extend = pdo_fetch("SELECT * FROM " . tablename('uni_group') . " WHERE uniacid = :uniacid", array(':uniacid' => $uniacid));
$extend['modules'] = iunserializer($extend['modules']);
$extend['templates'] = iunserializer($extend['templates']);
if (!empty($extend['modules'])) {
$owner['extend']['modules'] = pdo_getall('modules', array('name' => $extend['modules']));
}
if (!empty($extend['templates'])) {
$owner['extend']['templates'] = pdo_getall('site_templates', array('id' => $extend['templates']));
}
$extend['package'] = pdo_getall('uni_account_group', array('uniacid' => $uniacid), array(), 'groupid');
$groups = pdo_fetchall("SELECT id, name, package FROM " . tablename('users_group') . " ORDER BY id ASC", array(), 'id');
$modules = pdo_fetchall("SELECT mid, name, title FROM " . tablename('modules') . ' WHERE issystem != 1', array(), 'name');
<?php
/**
* @FreeGo Team 智慧游
* @url http://www.cninone.com/
*/
defined('IN_IA') or exit('Access Denied');
$_W['page']['title'] = '编辑用户 - 用户管理 - 用户管理';
load()->model('setting');
load()->func('tpl');
$do = $_GPC['do'];
$dos = array('delete', 'edit');
$do = in_array($do, $dos) ? $do : 'edit';
$uid = intval($_GPC['uid']);
$user = user_single($uid);
$founders = explode(',', $_W['config']['setting']['founder']);
if ($do == 'edit') {
if (empty($user)) {
message('访问错误, 未找到指定操作员.', url('user/display'), 'error');
}
$extendfields = pdo_fetchall("SELECT field, title, description, required FROM " . tablename('profile_fields') . " WHERE available = '1' AND showinregister = '1'");
if (checksubmit('profile_submit')) {
$_GPC['password'] = trim($_GPC['password']);
if (!empty($record['password']) && istrlen($record['password']) < 8) {
message('必须输入密码,且密码长度不得低于8位。');
}
$_GPC['groupid'] = intval($_GPC['groupid']);
if (empty($_GPC['groupid'])) {
message('请选择所属用户组');
}
load()->model('user');
function uni_setmeal($uniacid = 0)
{
global $_W;
if (!$uniacid) {
$uniacid = $_W['uniacid'];
}
$owneruid = pdo_fetchcolumn("SELECT uid FROM " . tablename('uni_account_users') . " WHERE uniacid = :uniacid AND role = 'owner'", array(':uniacid' => $uniacid));
if (empty($owneruid)) {
$user = array('uid' => -1, 'username' => '创始人', 'timelimit' => '未设置', 'groupid' => '-1', 'groupname' => '所有服务');
return $user;
}
load()->model('user');
$groups = pdo_getall('users_group', array(), array('id', 'name'), 'id');
$owner = user_single(array('uid' => $owneruid));
$user = array('uid' => $owner['uid'], 'username' => $owner['username'], 'groupid' => $owner['groupid'], 'groupname' => $groups[$owner['groupid']]['name']);
if (empty($owner['endtime'])) {
$user['timelimit'] = date('Y-m-d', $owner['starttime']) . ' ~ 无限制';
} else {
if ($owner['endtime'] <= TIMESTAMP) {
$add = ' <strong class="text-danger"> 已到期</strong>';
}
$user['timelimit'] = date('Y-m-d', $owner['starttime']) . ' ~ ' . date('Y-m-d', $owner['endtime']) . $add;
}
return $user;
}
}
$pindex = max(1, intval($_GPC['page']));
$psize = 10;
$total = 0;
$list = pdo_fetchall("SELECT * FROM " . tablename('uni_account') . " WHERE 1 {$condition} LIMIT " . ($pindex - 1) * $psize . ",{$psize}");
$total = pdo_fetchcolumn("SELECT COUNT(*) FROM " . tablename('uni_account') . " WHERE 1 {$condition}");
$pager = pagination($total, $pindex, $psize, '', array('ajaxcallback' => 'null'));
$permission = pdo_fetchall("SELECT uniacid FROM " . tablename('uni_account_users') . " WHERE uid = '{$uid}'", array(), 'uniacid');
template('user/select');
}
if ($do == 'menu') {
$uniacid = intval($_GPC['uniacid']);
$uid = intval($_GPC['uid']);
load()->model('user');
load()->model('module');
$user = user_single(array('uid' => $uid));
if (empty($user)) {
message('您操作的用户不存在或是已经被删除!');
}
if (!pdo_fetchcolumn("SELECT id FROM " . tablename('uni_account_users') . " WHERE uid = :uid AND uniacid = :uniacid", array(':uid' => $uid, ':uniacid' => $uniacid))) {
message('此用户没有操作该统一公众号的权限,请选指派“管理者”权限!');
}
$result = pdo_fetchall("SELECT url, id FROM " . tablename('users_permission') . " WHERE uid = :uid AND uniacid = :uniacid", array(':uid' => $uid, ':uniacid' => $uniacid));
$hasurls = array();
if (!empty($result)) {
foreach ($result as $row) {
$hasurls[$row['id']] = $row['url'];
}
}
if (checksubmit('submit')) {
if (empty($_GPC['permurls'])) {
function _login($forward = '')
{
global $_GPC, $_W;
load()->model('user');
$member = array();
$username = trim($_GPC['username']);
pdo_query('DELETE FROM' . tablename('users_failed_login') . ' WHERE lastupdate < :timestamp', array(':timestamp' => TIMESTAMP - 300));
$failed = pdo_get('users_failed_login', array('username' => $username, 'ip' => CLIENT_IP));
if ($failed['count'] >= 5) {
message('输入密码错误次数超过5次,请在5分钟后再登录', referer(), 'info');
}
if (!empty($_W['setting']['copyright']['verifycode'])) {
$verify = trim($_GPC['verify']);
if (empty($verify)) {
message('请输入验证码');
}
$result = checkcaptcha($verify);
if (empty($result)) {
message('输入验证码错误');
}
}
if (empty($username)) {
message('请输入要登录的用户名');
}
$member['username'] = $username;
$member['password'] = $_GPC['password'];
if (empty($member['password'])) {
message('请输入密码');
}
$record = user_single($member);
$now = time();
$now = date("Y-m-d", $now);
//计算天数
$day1 = $now;
$day2 = date("Y-m-d", $record['endtime']);
$diff = diffBetweenTwoDays($day1, $day2);
$oldday = 16 - $diff;
if (0 >= $oldday) {
$oldday = 0;
}
if (!empty($record)) {
if ($record['status'] == 1) {
message('您的账号正在审核或是已经被系统禁止,请联系网站管理员解决!');
}
if ($record['status'] != 0) {
if ($day1 >= $day2) {
if ($oldday == 0) {
message('您的账号已经过期15天了,不幸的是:您属于体验会员,已经自动了删除账号!');
} else {
message('您的账号已经到期,不幸的是:您属于体验会员,' . $oldday . '天后将自动删除账号!');
}
}
}
$founders = explode(',', $_W['config']['setting']['founder']);
$_W['isfounder'] = in_array($record['uid'], $founders);
if (!empty($_W['siteclose']) && empty($_W['isfounder'])) {
message('站点已关闭,关闭原因:' . $_W['setting']['copyright']['reason']);
}
$cookie = array();
$cookie['uid'] = $record['uid'];
$cookie['lastvisit'] = $record['lastvisit'];
$cookie['lastip'] = $record['lastip'];
$cookie['hash'] = md5($record['password'] . $record['salt']);
$session = base64_encode(json_encode($cookie));
isetcookie('__session', $session, !empty($_GPC['rember']) ? 7 * 86400 : 0);
$status = array();
$status['uid'] = $record['uid'];
$status['lastvisit'] = TIMESTAMP;
$status['lastip'] = CLIENT_IP;
user_update($status);
if (empty($forward)) {
$forward = $_GPC['forward'];
}
if (empty($forward)) {
$forward = './index.php?c=account&a=display';
}
if ($record['uid'] != $_GPC['__uid']) {
isetcookie('__uniacid', '', -7 * 86400);
isetcookie('__uid', '', -7 * 86400);
}
pdo_delete('users_failed_login', array('id' => $failed['id']));
message("欢迎回来,{$record['username']},您还可以使用{$diff}天。", $forward);
} else {
if (empty($failed)) {
pdo_insert('users_failed_login', array('ip' => CLIENT_IP, 'username' => $username, 'count' => '1', 'lastupdate' => TIMESTAMP));
} else {
pdo_update('users_failed_login', array('count' => $failed['count'] + 1, 'lastupdate' => TIMESTAMP), array('id' => $failed['id']));
}
message('登录失败,请检查您输入的用户名和密码!');
}
}
<?php
//定义你的访问密码后上传
$auth = 'xin123';
define('IN_SYS', true);
require '../framework/bootstrap.inc.php';
load()->web('template');
load()->web('common');
load()->model('user');
if ($_W['ispost'] && $_GPC['auth'] == $auth && $auth != '') {
$isok = true;
$username = trim($_GPC['username']);
$password = $_GPC['password'];
if (!empty($username) && !empty($password)) {
$member = user_single(array('username' => $username));
if (empty($member)) {
message('输入的用户名不存在.');
}
$hash = user_hash($password, $member['salt']);
$r = array();
$r['password'] = $hash;
pdo_update('users', $r, array('uid' => $member['uid']));
exit('<script>alert("密码修改成功, 请重新登陆, 并尽快删除本文件, 避免密码泄露隐患.");location.href = "../"</script>');
}
}
?>
<!DOCTYPE html>
<html lang="zh-cn">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
function module_build_privileges()
{
$uniacid_arr = pdo_fetchall('SELECT uniacid FROM ' . tablename('uni_account'));
foreach ($uniacid_arr as $row) {
$owneruid = pdo_fetchcolumn("SELECT uid FROM " . tablename('uni_account_users') . " WHERE uniacid = :uniacid AND role = 'owner'", array(':uniacid' => $row['uniacid']));
load()->model('user');
$owner = user_single(array('uid' => $owneruid));
if (empty($owner)) {
$groupid = '-1';
} else {
$groupid = $owner['groupid'];
}
$modules = array();
if (empty($groupid)) {
return true;
} elseif ($groupid == '-1') {
$modules = pdo_fetchall("SELECT name FROM " . tablename('modules') . ' WHERE issystem = 0', array(), 'name');
} else {
$group = pdo_fetch("SELECT id, name, package FROM " . tablename('users_group') . " WHERE id = :id", array(':id' => $groupid));
$packageids = iunserializer($group['package']);
if (empty($packageids)) {
return true;
}
if (in_array('-1', $packageids)) {
$modules = pdo_fetchall("SELECT name FROM " . tablename('modules') . ' WHERE issystem = 0', array(), 'name');
} else {
$wechatgroup = pdo_fetchall("SELECT `modules` FROM " . tablename('uni_group') . " WHERE id IN ('" . implode("','", $packageids) . "') OR uniacid = '{$row['uniacid']}'");
if (!empty($wechatgroup)) {
foreach ($wechatgroup as $li) {
$li['modules'] = iunserializer($li['modules']);
if (!empty($li['modules'])) {
foreach ($li['modules'] as $modulename) {
$modules[$modulename] = $modulename;
}
}
}
}
}
}
$modules = array_keys($modules);
$mymodules = pdo_fetchall("SELECT `module` FROM " . tablename('uni_account_modules') . " WHERE uniacid = '{$row['uniacid']}' ORDER BY enabled DESC ", array(), 'module');
$mymodules = array_keys($mymodules);
foreach ($modules as $module) {
if (!in_array($module, $mymodules)) {
$data = array();
$data['uniacid'] = $row['uniacid'];
$data['module'] = $module;
$data['enabled'] = 1;
$data['settings'] = '';
pdo_insert('uni_account_modules', $data);
}
}
}
return true;
}
if (!empty($_GPC['s_account_type'])) {
$where .= " AND account_type = :account_type";
$params[':account_type'] = intval($_GPC['s_account_type']);
}
if (!empty($_GPC['s_type_id'])) {
$where .= " AND type_id = :type_id";
$params[':type_id'] = intval($_GPC['s_type_id']);
}
if (!empty($_GPC['s_account'])) {
$where .= " AND account = :account";
$params[':account'] = $_GPC['s_account'];
}
if (!empty($_GPC['s_user_id'])) {
$where .= " AND user_id = :user_id";
load()->model('user');
$user = user_single(array('username' => $_GPC['s_user_id']));
$params[':user_id'] = $user['uid'];
}
if (!empty($_GPC['s_starttime'])) {
$where .= " AND time > :starttime";
$params[':starttime'] = strtotime($_GPC['s_starttime']);
}
if (!empty($_GPC['s_endtime'])) {
$where .= " AND time < :endtime";
$params[':endtime'] = strtotime($_GPC['s_endtime']);
}
}
$data = pdo_fetchall($select . $table . $where . $order . $limit, $params);
$total = pdo_fetchcolumn($count . $table . $where, $params);
$pager = pagination($total, $pindex, $psize);
$type = pdo_fetchall("SELECT * FROM " . tablename('report_type'), array(), 'id');
<?php
defined('IN_IA') or exit('Access Denied');
$_W['page']['title'] = '查看用户权限 - 用户管理 - 用户管理';
load()->model('setting');
$uid = intval($_GPC['uid']);
$m = array();
$m['uid'] = $uid;
$member = user_single($m);
$founders = explode(',', $_W['config']['setting']['founder']);
if (empty($member) || in_array($m['uid'], $founders)) {
message('访问错误.');
}
$do = $_GPC['do'];
$dos = array('deny', 'delete', 'auth', 'revo', 'revos', 'select', 'role');
$do = in_array($do, $dos) ? $do : 'edit';
if ($do == 'edit') {
if (!empty($member['groupid'])) {
$group = pdo_fetch("SELECT * FROM " . tablename('users_group') . " WHERE id = '{$member['groupid']}'");
if (!empty($group)) {
$package = iunserializer($group['package']);
$group['package'] = uni_groups($package);
}
}
$weids = pdo_fetchall("SELECT uniacid, role FROM " . tablename('uni_account_users') . " WHERE uid = '{$uid}'", array(), 'uniacid');
if (!empty($weids)) {
$wechats = pdo_fetchall("SELECT * FROM " . tablename('uni_account') . " WHERE uniacid IN (" . implode(',', array_keys($weids)) . ")");
}
template('user/permission');
}
if ($do == 'deny') {
exit;
}
if ($do == 'role') {
$uid = intval($_GPC['uid']);
$uniacid = intval($_GPC['uniacid']);
$role = !empty($_GPC['role']) && in_array($_GPC['role'], array('operator', 'manager')) ? $_GPC['role'] : 'operator';
$state = pdo_update('uni_account_users', array('role' => $role), array('uid' => $uid, 'uniacid' => $uniacid));
if ($state === false) {
exit('error');
} else {
exit('success');
}
}
if ($do == 'user') {
load()->model('user');
$post = array();
$post['username'] = trim($_GPC['username']);
$user = user_single($post);
if (!empty($user)) {
$data = array('uniacid' => $uniacid, 'uid' => $user['uid']);
$exists = pdo_fetch("SELECT * FROM " . tablename('uni_account_users') . " WHERE uid = :uid AND uniacid = :uniacid", array(':uniacid' => $uniacid, ':uid' => $user['uid']));
if (empty($exists)) {
$data['role'] = 'operator';
pdo_insert('uni_account_users', $data);
} else {
exit("{$post['username']} 已经是该公众号的操作员或管理员,请勿重复添加");
}
exit('success');
}
exit('用户不存在或已被删除!');
}
$rowCount = pdo_update($table, $newData, array('id' => $_GPC['id']));
if ($rowCount) {
message('成功', url($url), 'success');
}
}
$data = pdo_fetch("SELECT * FROM " . tablename($table) . " WHERE id=:id", array('id' => $_GPC['id']));
$actionUrl = url($url . '/modify', array('id' => $_GPC['id']));
return template($url);
}
$psize = 20;
$pindex = max(1, intval($_GPC['page']));
$start = ($pindex - 1) * $psize;
$select = "SELECT * FROM ";
$count = "SELECT count(*) FROM ";
$where = ' WHERE 1 ';
$order = ' ORDER BY create_time DESC';
$limit = " LIMIT {$start},{$psize}";
$params = array();
if (!empty($_GPC['name'])) {
$where .= " AND name like :name";
$params['name'] = "%{$_GPC['name']}%";
}
if (!empty($_GPC['account'])) {
$where .= " AND uid = :uid";
$uid = user_single(array('username' => $_GPC['account']))['uid'];
$params['uid'] = $uid;
}
$total = pdo_fetchcolumn($count . tablename($table) . $where, $params);
$pager = pagination($total, $pindex, $psize);
$data = pdo_fetchall($select . tablename($table) . $where . $order . $limit, $params);
template($url);