//上传目录 //加载初始函数库文件 include_once "functions.php"; //加载网站配置文件 $config = (include_once ADMIN_CONF . "config.php"); //身份认证 //实例化session类 $session = new Session(); //开启session @session_start(); //取得访问文件名 $page_name = basename($_SERVER['SCRIPT_NAME']); //根据是否需要验证登陆对privilege文件动作是否进行过滤 if ($page_name == 'privilege.php' && ($act == 'login' || $act == 'checklogin' || $act == 'captcha')) { //不需要判断用户是否登陆 } else { //通过服务器端的session判断用户是否已经登陆 if ($page_name == 'resetpasswd.php' || $page_name == 'resetemail.php') { //判断是否进过session页面检测 } else { if (!isset($_SESSION['u_id'])) { //没找到session,判断用户端cookie if (!isset($_COOKIE['user_id'])) { linkRedirect('privilege.php', '用户信息已失效,请重新登陆!', 1); } } else { $admin = new Admin(); $loginDate = $admin->getById($_SESSION['u_id']); } } }
header("Content-type:text/html;charset=utf-8"); //接受数据 $act = isset($_REQUEST['act']) ? $_REQUEST['act'] : 'login'; //引入配置文件 include_once "./includes/init.php"; //取得get过来的token和email $token = trim($_GET['token']); $email = trim($_GET['email']); //实例化Admin类 $admin = new Admin(); if ($datecheck = $admin->getByEmail($email)) { //散列从数据库中取得的id、用户名、密码组成的字符串 $tokencheck = md5($datecheck['id'] . $datecheck['a_username'] . $datecheck['a_password']); //与get过来的token进行比较 if ($tokencheck === $token) { //判断是否超过24小时 if (time() - $datecheck['getpasstime'] > 24 * 60 * 60) { $msg = '该链接已过期,请重新请求!'; } else { @session_start(); //将要重置密码的用户id存入session $_SESSION['userreset'] = $datecheck['id']; linkRedirect('resetpasswd.php?act=pass', '正在为您跳转密码重置页面!'); } } else { $msg = '链接已失效<br/>'; } } else { $msg = '错误的链接!'; } echo $msg;
$mail->AddAddress($address, "亲"); $mail->IsHTML(true); $mail->Body = "亲爱的" . $resetemail . ":<br/>您在" . $time . "提交了重置密码请求。请点击下面的链接重置密码(按钮24小时内有效)。<br/><a href='" . $url . "' target='_blank'>" . $url . "</a><br/>如果以上链接无法点击,请将它复制到你的浏览器地址栏中进入访问。<br/>如果您没有提交找回密码请求,请忽略此邮件。"; //邮件主体内容 if (!$mail->Send()) { echo "Mailer Error: " . $mail->ErrorInfo; } else { //更新时间戳 $admin->updateTime($getpasstime, $uid); echo "重置链接已发送,请检查您的邮箱!"; linkRedirect('privilege.php', '', 2); } } elseif ($act == 'pass') { include_once ADMIN_TEMP . "resetpasswd.html"; } elseif ($act == 'checkpasswd') { //取得session中的用户id以及post过来的password $id = $_SESSION['userreset']; $password = trim($_POST['passWord']); $passwdconfirm = trim($_POST['passconfirm']); //合理性验证 if (!($password === $passwdconfirm)) { linkRedirect('resetpasswd.php?act=pass', '两次输入的密码不一致!请重试!'); } else { $admin = new Admin(); if ($admin->resetPasswd($id, $password)) { linkRedirect('privilege.php', '重置密码成功,正在为您跳转至登陆页!'); } else { //记录进系统日志 } } }
} $emailRegular = '/^([\\w\\.\\_]{2,10})@(\\w{1,}).([a-z]{2,4})$/'; if (!preg_match($emailRegular, $email)) { linkRedirect('privilege.php?act=edit', '邮箱名部分只能2到10位!'); } //允许注册的邮箱列表 $allowEmail = array("@qq.com", "@163.com", "@gmail.com", "@outlook.com"); //检测邮箱 if ($emailCheck = strstr($email, '@')) { if (!in_array($emailCheck, $allowEmail)) { linkRedirect('privilege.php?act=edit', '只允许更新为QQ、163、gmail和outlook邮箱'); } } else { linkRedirect('privilege.php?act=edit', '邮箱名不合法!'); } $admin = new Admin(); // var_dump($admin);exit; if ($admin->updateAdmin($password, $email, $id)) { linkRedirect('privilege.php?act=list', '管理员信息更新成功!'); } else { linkRedirect('privilege.php?act=edit', '管理员信息更新失败,请重试!'); } } elseif ($act == "delete") { $id = $_GET['id']; $admin = new Admin(); if ($admin->deleteAdmin($id)) { linkRedirect('privilege.php?act=list', '删除成功!'); } else { linkRedirect('privilege.php?act=list', '删除失败,请重试!'); } }