function _login($forward = '')
{
global $_GPC, $_W;
load()->model('user');
$member = array();
$username = trim($_GPC['username']);
if (empty($username)) {
message('请输入要登录的用户名');
}
$member['username'] = $username;
$member['password'] = $password = $_GPC['password'];
if (empty($member['password'])) {
message('请输入密码');
}
$record = user_single($member);
if (!empty($record)) {
/*if($record['status'] == 1) {
message('您的账号正在审核或是已经被系统禁止,请联系网站管理员解决!');
}*/
$founders = explode(',', $_W['config']['setting']['founder']);
$_W['isfounder'] = in_array($record['uid'], $founders);
if ($_W['siteclose'] && !$_W['isfounder']) {
$settings = setting_load('copyright');
message('站点已关闭,关闭原因:' . $settings['copyright']['reason']);
}
$cookie = array();
$cookie['uid'] = $record['uid'];
$cookie['lastvisit'] = $record['lastvisit'];
$cookie['lastip'] = $record['lastip'];
$cookie['hash'] = md5($record['password'] . $record['salt']);
$session = base64_encode(json_encode($cookie));
isetcookie('__session', $session, !empty($_GPC['rember']) ? 7 * 86400 : 0);
$status = array();
$status['uid'] = $record['uid'];
$status['lastvisit'] = TIMESTAMP;
$status['lastip'] = CLIENT_IP;
user_update($status);
if (empty($forward)) {
$forward = $_GPC['forward'];
}
if (empty($forward)) {
$forward = './index.php?c=index&a=index';
}
$_W['user'] = $record;
if (cly_isAdmin()) {
message('', url('admin/index'));
} else {
message('', $forward);
}
//message("欢迎回来,{$record['username']}。", $forward);
} else {
message('登录失败,请检查您输入的用户名和密码!');
}
}
}*/
load()->model('account');
$acc = account($_GPC['account']);
if ($acc['status_id'] == 2) {
exit(json_encode(['result' => 1, 'msg' => '此号已经在网站实名认证,如发现其有恶意行为,请第一时间联系我们网站客服QQ,下掉此QQ马甲。投诉电话:0773-3639184']));
}
$params['account'] = $_GPC['account'];
$params['report_ip'] = CLIENT_IP;
$ipAccTime = setting_module_load('report_set', 'timeLimit', 0);
$ipTime = setting_module_load('report_set', 'ipTime', 0);
$ipAccLimit = pdo_fetch("SELECT * FROM " . tablename('report') . " WHERE account=:account AND report_ip=:report_ip AND UNIX_TIMESTAMP()-time<{$ipAccTime}", $params);
if ($ipAccLimit && !cly_isAdmin()) {
exit(json_encode(['result' => 1, 'msg' => "禁止在{$ipAccTime}秒内举报同一账号"]));
}
$ipLimit = pdo_fetch("SELECT * FROM " . tablename('report') . " WHERE report_ip=:report_ip AND UNIX_TIMESTAMP()-time<{$ipTime}", array('report_ip' => CLIENT_IP));
if ($ipLimit && !cly_isAdmin()) {
exit(json_encode(['result' => 1, 'msg' => "禁止在{$ipTime}秒内重复举报"]));
}
$newData = cly_array_filter(array('type_id', 'account', 'account_type', 'image'));
$newData['user_id'] = $_W['uid'];
$newData['time'] = time();
$newData['report_ip'] = CLIENT_IP;
pdo_insert('report', $newData);
//update other data
if (pdo_insertid()) {
load()->model('account');
$account_type = is_numeric($_GPC['account']) ? 1 : 2;
account_report_add($_GPC['account'], $account_type);
//update index cache
exit(json_encode(['result' => 1, 'msg' => '举报成功']));
}
<?php
define('IN_GW', true);
if (!cly_isAdmin()) {
message('无权访问', '?c=user&a=login', 'info');
}