public function login()
{
if (!IS_POST) {
$this->error('页面不存在');
}
$account = I('account');
$pwd = md5(I('pwd'));
$where = array('account' => $account);
$user = M('user')->where($where)->find();
if (!$user || $user['password'] != $pwd) {
$this->error('用户不存在或者密码错误');
}
if ($user['lock']) {
$this->error('用户被锁定');
}
//处理下一次自动登陆
if (isset($_POST['auto'])) {
// $value='tongyingyang';
// $value = encryption($value);
// echo $value;
// $value = encryption($value,1);
$account = $user['account'];
$ip = get_client_ip();
$value = $account . '|' . $ip;
$value = encryption($value);
// echo $value;
// echo'<br/>';
// echo encryption($value,1);
@setcookie('auto', $value, C('AUTO_LOGIN_TIME'), '/');
}
//登陆成功写入SESSION并且跳转到到首页
session('uid', $user['id']);
header('Content-Type:text/html;Charset=UTF-8');
redirect(__APP__, 3, '登陆成功,正在为您跳转...');
}
public function runLogin()
{
if (!IS_POST) {
$this->error('页面不存在');
}
//提取表单内容
$account = I('post.account');
$pwd = md5(I('post.pwd'));
$where = array('account' => $account);
$user = M('user')->where($where)->find();
if (!$user || $user['password'] != $pwd) {
$this->error('用户或密码不正确');
}
if ($user['lock']) {
$this->error('用户被锁定');
}
//处理下一次自动登录
if (isset($_POST['auto'])) {
$account = $user['account'];
$ip = get_client_ip();
$value = $account . '|' . $ip;
$value = encryption($value);
cookie('auto', $value, C('AUTO_LOGIN_TIME'));
}
//登录成功,写入session,跳转到首页
session('uid', $user['id']);
redirect(__APP__);
}
/**
* 加密文件
* $file 需要加密的文件的路径
* $filename 加密之后的文件名称
*/
function encrypfile($file)
{
!$file && ($file = dirname(__FILE__) . '/indexSuccess.php');
$content = file_get_contents($file);
$encryp = encryption($content);
$decryp = decryption($encryp);
return $encryp . '*******' . $decryp;
}
public function handleLogin()
{
if (!IS_POST) {
parent::error404();
}
$POST = deep_htmlspecialchars_decode($_POST);
$objUser = M('user');
parent::checkField('username', $POST['username'], 'require', '用户名不能为空');
parent::checkField('password', $POST['password'], 'require', '密码不能为空');
parent::checkField('verify', $POST['verify'], 'require', '验证码不能为空');
if (md5($POST['verify']) != $_SESSION['verify']) {
$this->error('验证码不正确');
}
$userData = $objUser->where(array('username' => $POST['username']))->field('id,username,password,lock,login_time')->find();
if (!$userData) {
$this->error('用户名不存在,请注册', U(APP_NAME . '/Login/register'));
} else {
if ($userData['password'] != md5($POST['password'])) {
$this->error('密码不正确');
}
if (!$userData['lock']) {
$this->error('账户被锁定,请联系管理员');
}
}
//每天登录增加经验 积分
$today = strtotime(date('Y-m-d'));
if ($userData['login_time'] < $today) {
$objUser->where(array('id' => $userData['id']))->setInc('exp', C('POINT_LOGIN'));
$objUser->where(array('id' => $userData['id']))->setInc('point', C('LEVEL_LOGIN'));
}
//更新登录时间和登录IP
$objUser->where(array('id' => $userData['id']))->data(array('login_time' => time(), 'login_ip' => get_client_ip()))->save();
//处理下一次自动登录
if (isset($_POST['auto'])) {
$username = $userData['username'];
$ip = get_client_ip();
$value = $username . '||' . $ip;
$value = encryption($value);
//cookie('auto',$value,time() + 3600 * 24 * 7);
@setCookie('auto', $value, C('AUTO_LOGIN_TIME'), '/');
//P($_COOKIE['auto']); die;
}
//写入session 并跳转到首页
session('uid', $userData['id']);
session('username', $userData['username']);
$this->success('登录成功...', U(APP_NAME . '/Index/index'));
}
public function _initialize()
{
//处理自动登陆
if (isset($_COOKIE['auto']) && !isset($_COOKIE['uid'])) {
$value = explode('|', encryption($_COOKIE['auto'], 1));
$ip = get_client_ip();
//本次登陆IP与上一次登陆IP一致时
if ($ip == $value[1]) {
$account = $value[0];
$where = array('account' => $account);
$user = M('user')->where($where)->field(array('id', 'lock'))->find();
}
//检索出用户信息并且该用户没有被锁定时候,保存登陆状态
if ($user && !$user['lock']) {
session('uid', $user['id']);
}
}
if (!isset($_SESSION['uid'])) {
redirect(U('Login/index'));
}
}
public function _initialize()
{
//处理自动登录
if (isset($_COOKIE['auto']) && !isset($_SESSION['uid'])) {
$value = explode('||', encryption($_COOKIE['auto'], 1));
$ip = get_client_ip();
$username = $value[0];
$where = array('username' => $username);
//array('id', 'lock','email','login_time','login_ip')
$user = M('user')->where($where)->field('id,lock,username,login_time,login_ip')->find();
if ($user) {
//如果上一次写入数据库的登录IP跟 这次IP跟一样
if ($user['login_ip'] == $ip) {
if ($user['lock']) {
session('uid', $user['id']);
session('username', $user['username']);
//每天自动登录增加经验 积分
$today = strtotime(date('Y-m-d'));
if ($user['login_time'] < $today) {
M('user')->where(array('id' => $user['id']))->setInc('exp', C('POINT_LOGIN'));
M('user')->where(array('id' => $user['id']))->setInc('point', C('LEVEL_LOGIN'));
}
M('user')->where(array('id' => $user['id']))->save(array('login_time' => time()));
}
}
}
}
//获取当前登录用户的信息
$objUser = M('user');
if (isset($_SESSION['uid']) && isset($_SESSION['username'])) {
$userInfo = $objUser->where('id=' . $_SESSION['uid'])->field('id,username,face,point,exp,introduce,email,reg_time,login_time,ask_num,adopt_num,answer_num')->find();
$this->assign('userInfo', $userInfo);
//通知未读评论条数
$commentNum = $this->getCommentMsg(array('status' => "0", 'reply_uid' => session('uid')), 'count');
$this->assign('commentNum', $commentNum);
//通知未读私信条数
$letterNum = $this->getLetterMsg(array('status' => "0", 'receive_uid' => $_SESSION['uid']), 'count');
$this->assign('letterNum', $letterNum);
//通知支招被采纳
$bestNum = M('best')->where(array('uid' => $_SESSION['uid'], 'status' => "0"))->count();
$this->assign('bestNum', $bestNum);
//通知未读私信+评论总数
$tipNums = $commentNum + $letterNum + $bestNum;
$this->assign('tipNums', $tipNums);
}
//友情链接
$this->linkList = M('linktxt')->where('status = "1"')->field('link_name,link_url')->limit(25)->order('id asc')->select();
//关于我们
$aboutUs = M('single')->where('id=1')->getField('content');
$aboutUs = deep_htmlspecialchars_decode($aboutUs);
$this->assign('aboutUs', $aboutUs);
// 微信二维码
$this->weixin = M('ad')->where('id=12')->getField('ad_pic');
//获取站点信息
$this->siteInfo = M('site')->where('id=1')->field('site_name,icp')->find();
//获取整站最新
$this->newAllList = $this->getAllNew();
//获取整站最悬赏
$this->rewardAllList = $this->getAllReward();
//获取整站最支招
$this->commentAllList = $this->getAllComment();
}
unset($_SESSION['admin']);
$view["admin_message_html"] = '<div class="alert alert-success" role="alert">Password changed successfully.</div>';
require 'template/login.php';
die;
} else {
$view["admin_message_html"] = '<div class="alert alert-danger" role="alert">Password does not match confirmation.</div>';
}
}
} else {
if (isset($_POST["new_xapo_app_id"])) {
if ($_SESSION['admin']) {
if ($_POST["new_xapo_app_id"] != "" && $_POST["new_xapo_secret_key"] != "") {
$updateKeys = update_keys_query();
$q = $sql->prepare($updateKeys);
$xapo_key = encryption($myHashKey, $_POST["new_xapo_app_id"]);
$xapo_secret = encryption($myHashKey, $_POST["new_xapo_secret_key"]);
$q->execute(array($xapo_key, $xapo_secret));
$q->closeCursor();
$view["admin_message_html"] = '<div class="alert alert-success" role="alert">Keys changed successfully.</div>';
} else {
$view["admin_message_html"] = '<div class="alert alert-danger" role="alert">Keys can\'t be empty.</div>';
}
}
}
}
}
$queryGeneralSettings = "select * from settings where name<>'password'";
$resultSettings = $sql->query($queryGeneralSettings);
if ($resultSettings) {
while ($row = $resultSettings->fetch()) {
if ($row['name'] == "xapo_app_id" || $row['name'] == "xapo_secret_key") {
// ���Ⱥκ�
//$id = $_REQUEST[id];
//$pwd = $_REQUEST[pwd];
$id = 'user1';
$pwd = 'User1';
//����ִ� ��
if (empty($id) || empty($pwd)) {
echo "{\"status\":\"NO\"}";
}
$sql = "SELECT * FROM test WHERE id = '{$id}'";
$result_pwd = mysql_query($sql, $connect);
$total_record = mysql_num_rows($result_pwd);
//�������� �ʴ� ID
if ($total_record != 1) {
echo "{\"status\":\"NO\"}";
} else {
$row = mysql_fetch_array($result_pwd);
$db_pwd = $row[pwd];
$key = "this is a key for encryption";
// ������ �� �� �ִ� key ��
$encryption = encryption($pwd, $key);
//encryption
$str = strcmp($db_pwd, $pwd);
//문자열 비교
if ($str) {
//다른 경우
echo "{\"status\":\"OK\",\"num_results\":\"{$total_record}\"}";
} else {
echo "{\"status\":\"NO\"}";
}
}
} catch (Exception $ex) {
echo $ex->getMessage();
}
//general settings
$queryGeneralSettings = "select * from settings";
$resultSettings = $sql->query($queryGeneralSettings);
if ($resultSettings) {
while ($row = $resultSettings->fetch()) {
$settings[$row['name']] = $row['value'];
}
}
if ($settings["password_set"] == '0') {
if (isset($_POST["new_password"])) {
if ($_POST["new_password"] == $_POST["password_confirmation"]) {
$q = $sql->prepare($change_password);
$encrypted_pass = encryption($myHashKey, $_POST["new_password"]);
$q->execute(array($encrypted_pass, "1"));
$q->closeCursor();
$settings["password_set"] = '1';
}
}
}
if ($settings["password_set"] == '0') {
require 'first_time.php';
die;
}
$GLOBALS["settings"] = $settings;
$GLOBALS["hashKey"] = $myHashKey;
$rewards = get_rewards();
if ($_SERVER['REQUEST_METHOD'] === 'POST' && !isset($_POST["new_password"])) {
$view['main']['result_html'] = '';
$con = new mysqli("localhost", "fradmin", "people123", "friendrequest");
$stmt = $con->stmt_init();
$count = 1;
//user
$passCheckSQL = "SELECT password FROM users WHERE username=?";
$stmt->prepare($passCheckSQL);
$stmt->bind_param('s', $user);
$stmt->execute();
$stmt->bind_result($pass_result);
$stmt->fetch();
//checking the password will fail if user does not exist
if (pass_check($pass, $pass_result) && !(strpos($profile, "\n") !== false) && !(strpos($profile, "\t") !== false)) {
//user
$clearProfileSQL = "DELETE FROM profile WHERE user=?";
$stmt->prepare($clearProfileSQL);
$stmt->bind_param('s', $user);
$stmt->execute();
foreach ($jsonProfile->profile as $row) {
foreach ($row as $key => $val) {
if ($val != "") {
$val_en = encryption($val);
$insertSQL = "INSERT INTO profile VALUES(?,?,?,?)";
$stmt->prepare($insertSQL);
$stmt->bind_param('isss', $count, $user, $key, $val_en);
$stmt->execute();
$count = $count + 1;
}
}
echo "True";
}
}
session_start();
if (!isset($_SESSION['id'])) {
$result['type'] = "error";
$result['message'] = "Login <a href='login.php' class='text-bs-primary'>login</a>";
}
if (isset($_POST['name'])) {
if (!empty($_POST['name']) && !empty($_POST['email']) && !empty($_POST['mobile']) && !empty($_POST['city']) && !empty($_POST['pincode']) && !empty($_POST['address'])) {
$name = escape($_POST['name']);
$email = escape($_POST['email']);
$mobile = escape($_POST['mobile']);
$city = escape($_POST['city']);
$pincode = escape($_POST['pincode']);
$address = escape($_POST['address']);
//decrypt the product id
$product_id_stack_encrypted = escape($_POST['product_id_stack']);
$product_id_stack = encryption("decrypt", $product_id_stack_encrypted);
$user_id = $_SESSION['id'];
$time = time();
$insert = $db->Insert("buy", "'','{$user_id}','{$name}','{$email}','{$mobile}','{$city}','{$pincode}','{$address}','{$time}','','Processing','1','{$product_id_stack}'");
if ($insert) {
/*get the last_inserted_id*/
$buy_id = mysqli_insert_id($mysqli);
/*inactive the row from cart table*/
$update = $db->Query("UPDATE `cart` SET `active`='n',buy_id='{$buy_id}' WHERE `user_id`='{$user_id}'");
if ($update) {
$result['type'] = "success";
} else {
$result['type'] = "error";
$result['message'] = "Unable to update cart try again";
/*delete buy record ifuser system was not able to update the cart table*/
$delete = $db->Delete("buy", "id='{$buy_id}'");
$shipping_price = $product['shipping'];
}
$subtotal = $product['sp'] + $shipping_price;
echo "\n\t\t\t<td><img src='{$product['image']}' class='cart-image'></td>\n\t\t\t<td>{$product['name']}</td>\n\t\t\t<td>Rs {$product['sp']}</td>\n\t\t\t<td>{$shipping_text}</td>\n\t\t\t<td>Rs {$subtotal}</td>\n\t\t\t<td><button class='remove-from-cart btn btn-primary text-18' id='{$cart_id}'><i class='fa fa-trash-o'></i></button></td>\n\t\t\t<tr>";
/*calculate all the shipping charge*/
$main_shipping_charge = $main_shipping_charge + $shipping_price;
/*calculate all the sp*/
$main_subtotal = $main_subtotal + $product['sp'];
}
?>
</table>
<hr/>
<div style="width:280px;" class="float-right">
<div class="row">
<input type="hidden" value="<?php
echo encryption("encrypt", $product_id_stack);
?>
" id="product-id-stack">
<div class="col-sm-6 text-left text-muted">Total</div>
<div class="col-sm-6 text-right">Rs <?php
echo $main_subtotal;
?>
</div>
<!-- / total -->
<div class="col-sm-6 text-left text-muted">Delivery Charge</div>
<div class="col-sm-6 text-right"><?php
echo $main_shipping_charge;
?>
</div>
<!-- / delivery -->
<div class="col-sm-6 text-left text-20 text-muted">You Pay</div>
