$smarty->assign('navlabel', 'list');
$smarty->display('users/admin_users_list.htm');
} elseif ($act == 'add_users') {
get_token();
if ($_SESSION['admin_purview'] != "all") {
adminmsg("权限不足!", 1);
}
$smarty->assign('navlabel', 'add');
$smarty->display('users/admin_users_add.htm');
} elseif ($act == 'add_users_save') {
check_token();
if ($_SESSION['admin_purview'] != "all") {
adminmsg("权限不足!", 1);
}
$setsqlarr['admin_name'] = trim($_POST['admin_name']) ? trim($_POST['admin_name']) : adminmsg('请填写用户名!', 1);
if (get_admin_one($setsqlarr['admin_name'])) {
adminmsg('用户名已经存在!', 1);
}
$setsqlarr['email'] = trim($_POST['email']) ? trim($_POST['email']) : adminmsg('请填写email!', 1);
if (!preg_match("/^[\\w\\-\\.]+@[\\w\\-\\.]+(\\.\\w+)+\$/", $setsqlarr['email'])) {
adminmsg('email格式错误!', 1);
}
$password = trim($_POST['password']) ? trim($_POST['password']) : adminmsg('请填写密码', 1);
if (strlen($password) < 6) {
adminmsg('密码不能少于6位!', 1);
}
if ($password != trim($_POST['password1'])) {
adminmsg('两次输入的密码不相同!', 1);
}
$setsqlarr['rank'] = trim($_POST['rank']) ? trim($_POST['rank']) : adminmsg('请填写头衔', 1);
$setsqlarr['add_time'] = time();
* 网站地址: http://www.74cms.com;
* ----------------------------------------------------------------------------
* 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和
* 使用;不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
*/
define('IN_QISHI', true);
require_once dirname(__FILE__) . '/../data/config.php';
require_once dirname(__FILE__) . '/include/admin_common.inc.php';
require_once ADMIN_ROOT_PATH . 'include/admin_flash_statement_fun.php';
$act = !empty($_REQUEST['act']) ? trim($_REQUEST['act']) : '';
$smarty->assign('admin_plug_simple', $_PLUG["simple"]['p_install']);
if ($act == '') {
$smarty->display('sys/admin_index.htm');
} elseif ($act == 'top') {
$admininfo = get_admin_one($_SESSION['admin_name']);
$smarty->assign('admin_rank', $admininfo['rank']);
$smarty->assign('admin_name', $_SESSION['admin_name']);
$smarty->display('sys/admin_top.htm');
} elseif ($act == 'left') {
$smarty->display('sys/admin_left.htm');
} elseif ($act == 'main') {
get_userreg_30_days();
//$install_warning=file_exists('../install')?"您还没有删除 install 文件夹,出于安全的考虑,我们建议您删除 install 文件夹。":null;
//$update_warning=file_exists('../update')?"您还没有删除 update 文件夹,出于安全的考虑,我们建议您删除 update 文件夹。":null;
$admindir_warning = substr(ADMIN_ROOT_PATH, -7) == '/admin/' ? "您的网站管理中心目录为 ./admin ,出于安全的考虑,我们建议您修改目录名。" : null;
$admin_register_globals = ini_get('register_globals') ? '您的php.ini中register_globals为On,强烈建议你设为Off,否则将会出现严重的安全隐患和数据错乱!' : null;
$system_info = array();
$system_info['version'] = QISHI_VERSION;
$system_info['release'] = QISHI_RELEASE;
$system_info['os'] = PHP_OS;
function check_admin($name, $pwd)
{
global $db, $QS_pwdhash;
$admin = get_admin_one($name);
$md5_pwd = md5($pwd . $admin['pwd_hash'] . $QS_pwdhash);
$row = $db->getone("SELECT COUNT(*) AS num FROM " . table('admin') . " WHERE admin_name='{$name}' and pwd ='" . $md5_pwd . "' ");
if ($row['num'] > 0) {
return true;
} else {
return false;
}
}
$captcha = get_cache('captcha');
if (empty($postcaptcha) && $captcha['verify_adminlogin'] == '1') {
header("Location:?act=login&err=" . urlencode('验证码不能为空'));
exit;
}
if ($captcha['verify_adminlogin'] == '1' && strcasecmp($_SESSION['imageCaptcha_content'], $postcaptcha) != 0) {
write_log("<span style=\"color:#FF0000\">验证码填写错误</span>", $admin_name, 2);
header("Location:?act=login&err=" . urlencode('验证码填写错误'));
exit;
} elseif (check_admin($admin_name, $admin_pwd)) {
$admininfo = get_admin_one($admin_name);
if (!in_array($_CFG['subsite_id'], explode(',', $admininfo['site_purview'])) && $admininfo['purview'] != "all") {
write_log("<span style=\"color:#FF0000\">您没有管理权限</span>", $admin_name, 2);
header("Location:?act=login&err=" . urlencode('没有管理权限'));
exit;
}
update_admin_info($admin_name);
write_log("成功登录", $admin_name);
if ($remember == 1) {
$admininfo = get_admin_one($admin_name);
setcookie('Qishi[admin_id]', $_SESSION['admin_id'], time() + 86400, $QS_cookiepath, $QS_cookiedomain);
setcookie('Qishi[admin_name]', $admin_name, time() + 86400, $QS_cookiepath, $QS_cookiedomain);
setcookie('Qishi[admin_pwd]', md5($admin_name . $admininfo['pwd'] . $admininfo['pwd_hash'] . $QS_pwdhash), time() + 86400, $QS_cookiepath, $QS_cookiedomain);
}
} else {
write_log("<span style=\"color:#FF0000\">用户名或密码错误</span>", $admin_name, 2);
header("Location:?act=login&err=" . urlencode('用户名或密码错误'));
exit;
}
header("Location: admin_index.php");
}
