$smarty->assign('navlabel', 'list'); $smarty->display('users/admin_users_list.htm'); } elseif ($act == 'add_users') { get_token(); if ($_SESSION['admin_purview'] != "all") { adminmsg("权限不足!", 1); } $smarty->assign('navlabel', 'add'); $smarty->display('users/admin_users_add.htm'); } elseif ($act == 'add_users_save') { check_token(); if ($_SESSION['admin_purview'] != "all") { adminmsg("权限不足!", 1); } $setsqlarr['admin_name'] = trim($_POST['admin_name']) ? trim($_POST['admin_name']) : adminmsg('请填写用户名!', 1); if (get_admin_one($setsqlarr['admin_name'])) { adminmsg('用户名已经存在!', 1); } $setsqlarr['email'] = trim($_POST['email']) ? trim($_POST['email']) : adminmsg('请填写email!', 1); if (!preg_match("/^[\\w\\-\\.]+@[\\w\\-\\.]+(\\.\\w+)+\$/", $setsqlarr['email'])) { adminmsg('email格式错误!', 1); } $password = trim($_POST['password']) ? trim($_POST['password']) : adminmsg('请填写密码', 1); if (strlen($password) < 6) { adminmsg('密码不能少于6位!', 1); } if ($password != trim($_POST['password1'])) { adminmsg('两次输入的密码不相同!', 1); } $setsqlarr['rank'] = trim($_POST['rank']) ? trim($_POST['rank']) : adminmsg('请填写头衔', 1); $setsqlarr['add_time'] = time();
* 网站地址: http://www.74cms.com; * ---------------------------------------------------------------------------- * 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和 * 使用;不允许对程序代码以任何形式任何目的的再发布。 * ============================================================================ */ define('IN_QISHI', true); require_once dirname(__FILE__) . '/../data/config.php'; require_once dirname(__FILE__) . '/include/admin_common.inc.php'; require_once ADMIN_ROOT_PATH . 'include/admin_flash_statement_fun.php'; $act = !empty($_REQUEST['act']) ? trim($_REQUEST['act']) : ''; $smarty->assign('admin_plug_simple', $_PLUG["simple"]['p_install']); if ($act == '') { $smarty->display('sys/admin_index.htm'); } elseif ($act == 'top') { $admininfo = get_admin_one($_SESSION['admin_name']); $smarty->assign('admin_rank', $admininfo['rank']); $smarty->assign('admin_name', $_SESSION['admin_name']); $smarty->display('sys/admin_top.htm'); } elseif ($act == 'left') { $smarty->display('sys/admin_left.htm'); } elseif ($act == 'main') { get_userreg_30_days(); //$install_warning=file_exists('../install')?"您还没有删除 install 文件夹,出于安全的考虑,我们建议您删除 install 文件夹。":null; //$update_warning=file_exists('../update')?"您还没有删除 update 文件夹,出于安全的考虑,我们建议您删除 update 文件夹。":null; $admindir_warning = substr(ADMIN_ROOT_PATH, -7) == '/admin/' ? "您的网站管理中心目录为 ./admin ,出于安全的考虑,我们建议您修改目录名。" : null; $admin_register_globals = ini_get('register_globals') ? '您的php.ini中register_globals为On,强烈建议你设为Off,否则将会出现严重的安全隐患和数据错乱!' : null; $system_info = array(); $system_info['version'] = QISHI_VERSION; $system_info['release'] = QISHI_RELEASE; $system_info['os'] = PHP_OS;
function check_admin($name, $pwd) { global $db, $QS_pwdhash; $admin = get_admin_one($name); $md5_pwd = md5($pwd . $admin['pwd_hash'] . $QS_pwdhash); $row = $db->getone("SELECT COUNT(*) AS num FROM " . table('admin') . " WHERE admin_name='{$name}' and pwd ='" . $md5_pwd . "' "); if ($row['num'] > 0) { return true; } else { return false; } }
$captcha = get_cache('captcha'); if (empty($postcaptcha) && $captcha['verify_adminlogin'] == '1') { header("Location:?act=login&err=" . urlencode('验证码不能为空')); exit; } if ($captcha['verify_adminlogin'] == '1' && strcasecmp($_SESSION['imageCaptcha_content'], $postcaptcha) != 0) { write_log("<span style=\"color:#FF0000\">验证码填写错误</span>", $admin_name, 2); header("Location:?act=login&err=" . urlencode('验证码填写错误')); exit; } elseif (check_admin($admin_name, $admin_pwd)) { $admininfo = get_admin_one($admin_name); if (!in_array($_CFG['subsite_id'], explode(',', $admininfo['site_purview'])) && $admininfo['purview'] != "all") { write_log("<span style=\"color:#FF0000\">您没有管理权限</span>", $admin_name, 2); header("Location:?act=login&err=" . urlencode('没有管理权限')); exit; } update_admin_info($admin_name); write_log("成功登录", $admin_name); if ($remember == 1) { $admininfo = get_admin_one($admin_name); setcookie('Qishi[admin_id]', $_SESSION['admin_id'], time() + 86400, $QS_cookiepath, $QS_cookiedomain); setcookie('Qishi[admin_name]', $admin_name, time() + 86400, $QS_cookiepath, $QS_cookiedomain); setcookie('Qishi[admin_pwd]', md5($admin_name . $admininfo['pwd'] . $admininfo['pwd_hash'] . $QS_pwdhash), time() + 86400, $QS_cookiepath, $QS_cookiedomain); } } else { write_log("<span style=\"color:#FF0000\">用户名或密码错误</span>", $admin_name, 2); header("Location:?act=login&err=" . urlencode('用户名或密码错误')); exit; } header("Location: admin_index.php"); }