function check_login() { if ($_SESSION['username'] != "" && $_SESSION['password'] != "") { if (!check_user_pw($_SESSION['username'], $_SESSION['password'], true)) { login_page(); } } else { if ($_COOKIE['username'] != "" && $_COOKIE['password'] != "" && $_COOKIE['rights'] == "admin") { $_SESSION['username'] = $_COOKIE['username']; $_SESSION['password'] = $_COOKIE['password']; $_SESSION['rights'] = $_COOKIE['rights']; if (!check_user_pw($_SESSION['username'], $_SESSION['password'], true)) { login_page(); } } else { login_page(); } } }
if ($check_info == 1 && check_password($_POST['password']) == 0) { $ActionMessage = $strPasswordAlert; $check_info = 0; } //检测验证码 if ($check_info == 1 && (empty($_POST['validate']) || $_POST['validate'] != $_SESSION['backValidate']) && $settingInfo['loginvalid'] == 1) { $ActionMessage = $strLoginValidateError; $check_info = 0; } else { $_SESSION['backValidate'] = ""; //把验证码清除 } if ($check_info == 1) { $username = $_POST['username']; $password = $_POST['password']; if ($userInfo = check_user_pw($username, $password)) { $_SESSION['username'] = $username; $_SESSION['password'] = md5($password); $_SESSION['rights'] = $userInfo['role']; if ($_POST['chksave'] == "save") { $session_id = session_id(); setcookie("username", $username, time() + 86400 * 365, $cookiepath, $cookiedomain); setcookie("password", "####" . $session_id, time() + 86400 * 365, $cookiepath, $cookiedomain); setcookie("rights", $userInfo['role'], time() + 86400 * 365, $cookiepath, $cookiedomain); $sql = "update " . $DBPrefix . "members set hashKey='" . md5($session_id) . "' where username='******'"; $DMC->query($sql); } else { setcookie("username", "", time() + 86400 * 365, $cookiepath, $cookiedomain); setcookie("password", "", time() + 86400 * 365, $cookiepath, $cookiedomain); setcookie("rights", "", time() + 86400 * 365, $cookiepath, $cookiedomain); $DMC->query("update " . $DBPrefix . "members set hashKey='' where username='******'");
function metaWeblog_newMediaObject($values) { //2007-02-01 add support for uploading files global $settingInfo, $DMC, $DBPrefix, $defualtcategoryid; $userdetail = check_user_pw($values['username'], $values['password']); $struct = $values['struct']; $foldername = date("Ym"); //writetofile ('text1.php', $struct['bits']); //debug only if ($struct['bits'] && $struct['name']) { $type = strtolower(substr($struct['name'], strrpos($struct['name'], ".") + 1)); if (strpos(";" . $settingInfo['attachType'], $type) > 0 && strpos(";php|phtml|php3|jsp|exe|dll|asp|aspx|asa|cgi|fcgi|pl", $type) < 1) { $writefilecontent = base64_decode($struct['bits']); if (file_exists("attachments/{$foldername}/{$struct['name']}")) { @unlink("attachments/{$foldername}/{$struct['name']}"); } $filenum = @fopen("attachments/{$foldername}/{$struct['name']}", "wb"); if (!$filenum) { xml_error("Sorry, uploading file ({$struct['name']}) failed."); } flock($filenum, LOCK_EX); fwrite($filenum, $writefilecontent); fclose($filenum); $xml_content = make_xml_piece("struct", array('url' => "{$settingInfo['blogurl']}attachments/{$foldername}/{$struct['name']}")); } else { $xml_content = make_xml_piece("struct", array('url' => "{$settingInfo['blogurl']}index.php")); } } else { $xml_content = make_xml_piece("struct", array('url' => "{$settingInfo['blogurl']}index.php")); } $body_xml = xml_generate($xml_content); send_response($body_xml); }
function metaWeblog_newMediaObject($values) { //2007-02-01 add support for uploading files global $settingInfo, $DMC, $DBPrefix, $defualtcategoryid; $userdetail = check_user_pw($values['username'], $values['password']); $struct = $values['struct']; //writetofile ('text1.php', $struct['bits']); //debug only if ($struct['bits'] && $struct['name']) { $writefilecontent = base64_decode($struct['bits']); if (file_exists("attachments/{$struct['name']}")) { @unlink("attachments/{$struct['name']}"); } $filenum = @fopen("attachments/{$struct['name']}", "wb"); if (!$filenum) { xml_error("Sorry, uploading file ({$struct['name']}) failed."); } flock($filenum, LOCK_EX); fwrite($filenum, $writefilecontent); fclose($filenum); } $xml_content = make_xml_piece("struct", array('url' => "{$settingInfo['blogurl']}/attachments/{$struct['name']}")); $body_xml = xml_generate($xml_content); send_response($body_xml); }