function p_htmlspecialchars($string, $flags = null)
{
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = p_htmlspecialchars($val, $flags);
}
} else {
if ($flags === null) {
$string = str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $string);
if (strpos($string, '&#') !== false) {
$string = preg_replace('/&((#(\\d{3,5}|x[a-fA-F0-9]{4}));)/', '&\\1', $string);
}
} else {
if (version_compare(PHP_VERSION, '5.4.0', '<')) {
$string = htmlspecialchars($string, $flags);
} else {
if (strtolower(CHARSET) == 'utf-8') {
$charset = 'UTF-8';
} else {
$charset = 'ISO-8859-1';
}
$string = htmlspecialchars($string, $flags, $charset);
}
}
}
return $string;
}
/**
* 修改模版
*/
public function edit()
{
$dir = $this->dir;
$file = $GLOBALS['file'];
if (preg_match('/([^a-z0-9_\\-\\.]+)/i', $file)) {
MSG(L('file name error'));
}
$extent = get_ext($file);
if (!in_array($extent, array('js', 'css'))) {
MSG(L('not support edit this file'));
}
$keyid = md5($dir . $file);
$configs = (include COREFRAME_ROOT . 'configs/wz_config.php');
if (isset($GLOBALS['submit'])) {
if (!EDIT_TPL) {
MSG(L('online edit template has disabled'));
}
//模板可写判断
if (!is_writable(TPL_ROOT . $dir . '/' . $file . '.html')) {
MSG(L('readonly file', array('file' => $dir . '/' . $file . '.html')));
}
$uid = $_SESSION['uid'];
$username = get_cookie('username');
$code = $GLOBALS['wzhtml'];
file_put_contents(TPL_ROOT . $dir . '/' . $file . '.html', $code);
$code = addslashes($code);
$this->db->insert('template_history', array('keyid' => $keyid, 'dir' => $dir, 'file' => $file, 'data' => $code, 'addtime' => SYS_TIME, 'uid' => $uid, 'username' => $username));
//写入文件
MSG(L('edit success'), HTTP_REFERER);
} else {
if (!file_exists(TPL_ROOT . $dir . '/' . $file)) {
MSG(L('file does not exists'));
}
$code = file_get_contents(TPL_ROOT . $dir . '/' . $file);
$code = p_htmlspecialchars($code);
$r = $this->db->get_one('template_history', array('keyid' => $keyid));
if (!$r) {
//数据不存在时,添加最初始的模版
$uid = $_SESSION['uid'];
$username = get_cookie('username');
$code = addslashes($code);
$this->db->insert('template_history', array('keyid' => $keyid, 'dir' => $dir, 'file' => $file, 'data' => $code, 'addtime' => SYS_TIME, 'uid' => $uid, 'username' => $username));
}
$ext = '';
if ($extent == 'js') {
$editext = 'javascript';
} elseif ($extent == 'css') {
$editext = 'css';
}
include $this->template('edit');
}
}
function login()
{
//已经登陆的用户重定向到后台首页
if (isset($_SESSION['uid']) && $_SESSION['uid'] != '') {
MSG(L('already login'), '?m=core&f=index' . $this->su(0));
}
if (isset($GLOBALS['submit'])) {
if (!isset($_SESSION['code']) && $_SERVER["SERVER_NAME"] != parse_url(WEBURL, PHP_URL_HOST)) {
MSG(L('session error'));
}
if (strtolower($GLOBALS['checkcode']) != $_SESSION['code']) {
$_SESSION['code'] = '';
MSG(L('checkcode error'), HTTP_REFERER);
}
//验证密码是否正确,后台管理员与前台用户相同,管理员密码可独立设置
$username = isset($GLOBALS['username']) ? p_htmlspecialchars($GLOBALS['username']) : '';
$password = isset($GLOBALS['password']) ? $GLOBALS['password'] : '';
$this->check_login($username, $password);
$_SESSION['uid'] = $_SESSION['role'] = 0;
MSG(L('username or password error'));
} else {
//显示登录界面
include $this->template('login');
}
}
public static function checkbox($array = array(), $value = '', $str = '', $default = '', $field = '')
{
$string = '';
$value = trim($value);
if ($value != '') {
$value = strpos($value, ',') ? explode(',', $value) : array($value);
}
if ($default) {
$string .= '<input type="hidden" ' . $str . ' value="no_value">';
}
$i = 1;
foreach ($array as $key => $v) {
$key = trim($key);
$checked = $value && in_array($key, $value) ? 'checked' : '';
$string .= '<label class="checkbox-inline"><input type="checkbox" ' . $str . ' id="' . $field . '_' . $i . '" ' . $checked . ' value="' . p_htmlspecialchars($key) . '"> ' . p_htmlspecialchars($v) . "</label>";
$i++;
}
return $string;
}
<div class="form-group hide" id="jsonid">
<label class="col-sm-2 col-xs-4 control-label">JSON源</label>
<div class="col-lg-3 col-sm-4 col-xs-4 input-group">
<input type="text" class="form-control" name="form[jsonurl]" color="#000000" datatype="url|*0-100" errormsg="请输入正确的网址" value="<?php
echo $r['url'];
?>
">
</div>
</div>
<div class="form-group hide" id="template_codeid">
<label class="col-sm-2 col-xs-4 control-label">模版</label>
<div class="col-lg-3 col-sm-4 col-xs-4 input-group">
<textarea type="text" class="form-control" name="form[template_code]" rows="6">
<?php
if ($r['type'] != 2) {
echo p_htmlspecialchars($r['code']);
}
?>
</textarea>
</div>
</div>
<div class="form-group " id="codeid">
<label class="col-sm-2 col-xs-4 control-label">代码</label>
<div class="col-lg-8 col-sm-8 col-xs-8 input-group">
<textarea name="form[code]" id="code" style="width:100%;height: 300px;"><?php
echo $r['code'];
?>
</textarea>
<br>
<div class="alert alert-info fade in">
/**
* 登录
*/
public function login()
{
if (get_cookie('auth')) {
MSG(L('logined'), 'index.php?m=member');
}
if (isset($GLOBALS['submit'])) {
checkcode($GLOBALS['checkcode']);
$username = isset($GLOBALS['username']) ? p_htmlspecialchars($GLOBALS['username']) : '';
$password = isset($GLOBALS['password']) ? $GLOBALS['password'] : '';
if (empty($username)) {
MSG(L('username_empty'));
}
if (empty($password)) {
MSG(L('password_empty'));
}
$cookietime = isset($GLOBALS['savecookie']) ? SYS_TIME + 604800 : 0;
if (is_email($username)) {
$userfield = 'email';
} elseif (strlen($username) == 11 && preg_match('/^1\\d{10}$/', $username)) {
$userfield = 'mobile';
} else {
$userfield = 'username';
}
$r = $this->db->get_one('member', '`' . $userfield . '` = "' . $username . '"', '*');
$synlogin = '';
if ($this->setting['ucenter']) {
$ucenter = load_class('ucenter', M);
// 如果用户不是通过用户名登录 则要转换一下
if ($userfield != 'username' && $r) {
$username = $r['username'];
}
$synlogin = $ucenter->login($username, $password, $r);
}
if (empty($r)) {
MSG(L('user_not_exist'));
}
// 判断用户是否被锁定
if ($r['lock']) {
// 判断是否在锁定的时间内
if ($r['locktime'] > SYS_TIME) {
MSG(L('user_lock'), WEBURL);
} else {
// 将锁定标记改为0
$this->db->update('member', 'lock=0', 'uid=' . $r['uid']);
}
}
// 判断会员组是否禁止登录
if ($r['groupid'] == 1) {
MSG(L('user_banned'), WEBURL);
}
// 登录记录
$loginLog = array('uid' => $r['uid'], 'logintime' => SYS_TIME, 'ip' => get_ip());
// 判断是否是第三方登录
if (isset($_SESSION['authid']) && $_SESSION['authid']) {
$this->db->update('member_auth', array('uid' => $r['uid']), 'authid=' . $_SESSION['authid']);
$_SESSION['authid'] = '';
}
if (md5(md5($password) . $r['factor']) != $r['password']) {
$loginLog['status'] = 2;
$this->db->insert('logintime', $loginLog);
MSG(L('password_error'));
} else {
$loginLog['status'] = 3;
$this->db->insert('logintime', $loginLog);
}
// 判断是否需要验证Email
if ($this->setting['checkemail'] && $r['groupid'] == 2) {
if ($this->send_register_mail($r)) {
MSG(L('need_email_authentication'));
} else {
MSG(L('email_authentication_error'));
}
}
$this->db->query('UPDATE `wz_member` SET `lasttime`=' . SYS_TIME . ', `lastip`="' . get_ip() . '", `loginnum`=`loginnum`+1 WHERE `uid`=' . $r['uid'], false);
$this->create_cookie($r, $cookietime);
$forward = empty($GLOBALS['forward']) ? 'index.php?m=member' : $GLOBALS['forward'];
if (isset($GLOBALS['minilogin'])) {
MSG(L('login_success') . '<script>setTimeout("top.dialog.get(window).close().remove();",2000)</script>', HTTP_REFERER, 3000);
} else {
MSG(L('login_success') . $synlogin, $forward);
}
} else {
$sina_akey = '';
$seo_title = $seo_keywords = $seo_description = '会员登录';
$forward = remove_xss(HTTP_REFERER);
include T('member', 'login');
}
}
