public function verify() { if (!IsGet('key') or !IsGet('sid')) { $this->out('邮件验证参数非法!'); } $key = ForceStringFrom('key'); $sid = ForceStringFrom('sid'); if (!$key or !$sid) { $this->out('邮件验证参数非法!'); } $email = base64_decode($key); if (!IsEmail($email)) { $this->out('Email地址非法!'); } if (!($user = APP::$DB->getOne("SELECT u.aid, u.username, u.password, u.fullname, u.verifycode FROM " . TABLE_PREFIX . "admin u WHERE u.email = '{$email}' AND u.activated = 1"))) { $this->out('Email地址不存在!'); } else { $code = md5($user['fullname'] . WEBSITE_KEY . $user['password'] . $user['verifycode']); if ($sid != $code) { $this->out('链接请求的验证码错误!'); } $newpass = PassGen(8); $backend_url = BASEURL . ADMINDIR . '/'; $subject = '您的新密码 -- ' . APP::$_CFG['Title']; $content = "{$user['fullname']}:<br><br>您好! <br><br>您的登录名是: {$user['username']}<br>您的新密码是:{$newpass}<br><br>"; $content .= "请点击以下链接登录后台管理:<br><br><a href=\"{$backend_url}\" target=\"_blank\">{$backend_url}</a><br><br>"; if (SendMail($email, $subject, $content) === true) { //邮件发送成功后才更新用户密码, 清空验证码防止重复点击邮件中更新密码的链接 APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET password = '******', verifycode = '' WHERE aid = '{$user['aid']}'"); $this->out('新密码已发送到您的邮箱, 请查收!', 0); } else { $this->out('发送邮件失败! 请尝试刷新当前页面.'); } } }
function LogIn() { ini_set('display_errors', 1); global $logininfo, $DB, $_CFG, $lang; $vvckey = PassGen(8); echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>' . SITE_TITLE . '</title> <link rel="stylesheet" type="text/css" href="templates/support.css"> <link rel="shortcut icon" href="favicon.ico" /> <script type="text/javascript"> function setSafeCookie() { document.cookie = "safecookieF' . $vvckey . COOKIE_KEY . '=' . md5($_CFG['cKillRobotCode'] . $vvckey) . '; path=/"; } </script> </head> <body onLoad="document.forms.frontlogin.loginusername.focus();"> <div class="login"> <form action="index.php" method="post" name="frontlogin"> <input type="hidden" name="vvckey" value="' . $vvckey . '"> <h3 class="title">' . $lang['login_title'] . '</h3> ' . Iif($logininfo, '<div class="info">' . $logininfo . '</div>') . ' <ul> <li><label>' . $lang['name'] . ':</label><input type="text" class="input-text" name="loginusername"></li> <li><label>' . $lang['password'] . ':</label><input type="password" class="input-text" name="loginpassword"></li> </ul> <div class="submit"> <input type="submit" onclick="setSafeCookie();return true;" value="' . $lang['login'] . '" class="button" /> </div> <div class="copyright">© ' . date("Y") . ' <a href="' . APP_URL . '" target="_blank">' . APP_NAME . '</a></div> </form> </div> </body> </html>'; exit; }
} else { $SYSDIR = '/'; } $BaseURL = "http://" . $_SERVER['HTTP_HOST'] . $SYSDIR; $filename = ROOT . "config/settings.php"; $fp = @fopen($filename, 'rb'); $contents = @fread($fp, filesize($filename)); @fclose($fp); $contents = trim($contents); $contents = preg_replace("/[\$]_CFG\\['BaseUrl'\\]\\s*\\=\\s*[\"'].*?[\"'];/is", "\$_CFG['BaseUrl'] = \"{$BaseURL}\";", $contents); $contents = preg_replace("/[\$]_CFG\\['AppVersion'\\]\\s*\\=\\s*[\"'].*?[\"'];/is", "\$_CFG['AppVersion'] = \"{$WeLiveVersion}\";", $contents); $fp = @fopen($filename, 'w'); @fwrite($fp, $contents); @fclose($fp); // write config file last off in case installation fails $configfile = "<?php if(!defined('ROOT')) die('Access denied.');\n\n\$servername = '{$servername}';\n\$dbname = '{$dbname}';\n\$dbusername = '******';\n\$dbpassword = '******';\n\ndefine('TABLE_PREFIX', '{$tableprefix}');\ndefine('COOKIE_KEY', '" . PassGen(12) . "');\ndefine('WEBSITE_KEY', '" . PassGen(12) . "');\ndefine('SYSDIR', '{$SYSDIR}');\n\n?>"; // write the config file $filenum = fopen(ROOT . "config/config.php", "w"); ftruncate($filenum, 0); fwrite($filenum, $configfile); fclose($filenum); echo '<font class=red>恭喜: 您的WeLive在线客服系统 安装成功!</font><br /><br />请在删除WeLive安装目录(./install/)后继续! <br /><br /> 1). <a href="../demo.html" target="_blank"><b>浏览加载WeLive的演示页面!</b></a> <br /><br /> 2). <a href="../admin/" target="_blank"><b>点击这里进入后台管理!</b></a><br /><br />'; } } } } // ############################### INSTALL FORM ################################
//正式开始 $a = intval($_GET['a']); if ($a !== 321456978) { die('Access denied.'); } //简单地防止直接访问当前文件(并不重要) $fromurl = trim($_GET['url']); $json = new JSON(); //将语言转换成js对象 $smilies = ''; //表情图标 for ($i = 0; $i < 24; $i++) { $smilies .= '<img src="' . SYSDIR . 'public/smilies/' . $i . '.png" onclick="insertSmilie(' . $i . ');">'; } $agent = encodeChar(get_userAgent($_SERVER['HTTP_USER_AGENT'])); $key = PassGen(8); $code = authcode(md5(WEBSITE_KEY . $_CFG['KillRobotCode']), 'ENCODE', $key, 3600); //60分钟过期(60分钟后断线重连将失败) $code = encodeChar($code); //先将&转换成特殊字符串||4|| header_nocache(); //不缓存 header('P3P: CP=CAO PSA OUR'); //解决IE下iframe cookie问题 $headimgurl = $_SESSION['wx_user']['headimgurl'] ? $_SESSION['wx_user']['headimgurl'] : 'images/var_img.png'; echo '<!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <link rel="stylesheet" href="public/guest.css?r=1212"> <link rel="stylesheet" type="text/css" href="public/jquery.tipTip.css">
<script> $(document).ready(function(){ UploadFile("ClubEditphoto"); }); </script> <form method="post" enctype="multipart/form-data"> <input type="hidden" name='uniq' value="<?php echo PassGen(); ?> "> <input type="hidden" name='action' value="ProductSave"> <input type="hidden" name='category_id' value="<?php echo $_GET['category_id']; ?> "> <input type="hidden" name='MyImages' value="0" id="MyImages"> <input type="hidden" name="MainImg" value="0"> <input type="hidden" name="MainRow" value="0"> <div class="admin_product"> <div class="left"> <div class="admin_product_images"> <div class="MyImages" pricen='0' style="display: none;"> <!-- The container for the uploaded files --> <div id="files" class="files"></div> <input type="hidden" class="form-control" name="ClubEditphoto" id="ClubEditphoto" placeholder="">
/** * private 输出用户登录窗口 login */ private function login() { $info = ''; if (IsPost('submit')) { $info = $this->check(); } $info = Iif($info, "<font color='#ff3300'>{$info}</font>", '请输入用户名和密码.'); $key = PassGen(8); $code = authcode(md5(WEBSITE_KEY), 'ENCODE', $key, 1800); $cookievalue = md5(WEBSITE_KEY . $key . APP::$_CFG['KillRobotCode']); echo '<!DOCTYPE html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>' . APP_NAME . ' - 管理登录</title> <link rel="stylesheet" type="text/css" href="' . SYSDIR . 'public/login.css"> </head> <body> <div id="logo"> <img src="' . SYSDIR . 'public/img/logo-login.png" alt="' . APP_NAME . '"> </div> <div id="login"> <form id="loginform" action="" method="post"> <input type="hidden" name="key" value="' . $key . '"> <input type="hidden" name="code" value="' . $code . '"> <p id="info">' . $info . '</p> <div class="control-group"> <span class="icon-user"></span><input name="username" placeholder="Username" type="text" autocomplete="off"> </div> <div class="control-group"> <span class="icon-lock"></span><input name="password" placeholder="Password" type="password"> </div> <div class="remember-me"> <input name="remember" value="1" type="checkbox" id="rm"><label for="rm"> 记住我</label> <a href="" id="forget-password">忘记密码?</a> </div> <div class="login-btn"> <input id="login-btn" value="登 录" type="submit" name="submit" onclick="setSafeCookie();return true;"> </div> </form> <form id="forgotform" class="hide"> <input type="hidden" name="key" value="' . $key . '"> <input type="hidden" name="code" value="' . $code . '"> <p id="info2">请输入Email地址找回密码.</p> <div class="control-group"> <span class="icon-mail"></span><input name="email" placeholder="Email" type="text" autocomplete="off"> </div> <div class="login-btn forget-btn"> <input id="forget-btn" value="提 交" type="submit"> </div> </form> </div> <div id="login-copyright"> ' . date("Y") . ' © ' . APP_NAME . ' <a href="' . APP_URL . '" target="_blank">weentech.com</a> </div> <script src="' . SYSDIR . 'public/jquery191.js" type="text/javascript"></script> <script> function setSafeCookie() { document.cookie = "' . COOKIE_SAFE . '=' . $cookievalue . '; path=/"; } $(function(){ $("#logo").css("margin-top", ($(window).height()-460)/2+"px"); $("input[name=\'username\']").focus(); $("#forget-password").click(function (e) { $("#loginform").hide(); $("#forgotform").show(200); e.preventDefault(); }); $("#forget-btn").click(function (e) { var form_data = $("#forgotform").serialize(); var shower = $("#info2"); setSafeCookie (); //设置安全cookie $.ajax({ url: "' . BURL('getpass/check') . '", data: form_data, type: "post", cache: false, dataType: "json", beforeSend: function(){shower.html("<font color=#ff3300>邮件验证中...</font>");}, success: function(data){ if(data.s == 0){ shower.html("<font color=#ff3300>" + data.i + "</font>"); //输出错误信息 }else{ shower.html("<font color=blue>" + data.i + "</font>"); //输出成功信息 } }, error: function(XHR, Status, Error) { shower.html("<font color=#ff3300>Ajax错误, 邮件验证请求失败!</font>"); //ajax错误 } }); e.preventDefault(); }); }); </script> </body> </html>'; exit; //终止程序继续运行 important !!!!! }
$online_users = array(); $offline_users = array(); foreach ($welive_onlines as $usergroup) { foreach ($usergroup['user'] as $user_id => $user) { //print_r($user); if ($user['type'] != 1) { continue; } if ($user['isonline'] == 1) { $online_users[$user_id] = $user; } else { $offline_users[$user_id] = $user; } } } $vvckey = PassGen(8); $code = null; if (!empty($online_users)) { $rand_key = array_rand($online_users); $selected_user = $online_users[$rand_key]; $code = base64_encode(authcode(COOKIE_KEY . $rand_key, 'ENCODE', $vvckey, 3600)); } elseif (!empty($offline_users)) { $rand_key = array_rand($offline_users); $selected_user = $online_users[$rand_key]; $code = base64_encode(authcode(COOKIE_KEY . $rand_key, 'ENCODE', $vvckey, 3600)); } else { die('系统没有添加客服'); } /*if($selected_user['isonline']) {*/ $location_url = BASEURL . 'enter.php?uid=' . $rand_key . '&code=' . $code . '&vvckey=' . $vvckey . '&url=' . $from_url . '&cm_user_id=' . $cm_user_id;
DB_Query("INSERT INTO " . $tableprefix . "user VALUES (NULL, 2, 1, 'mszhang', 1, '" . md5($password) . "', 1, 0, '张小娟', 'Ms.Zhang', '姓名: 张小娟', 'Name: Ms. Zhang', '广告', 'Adv.', 0) "); DB_Query("INSERT INTO " . $tableprefix . "user VALUES (NULL, 2, 2, 'msli', 1, '" . md5($password) . "', 1, 0, '李晴晴', 'Ms.Li', '姓名: 李晴晴', 'Name: Ms. Li', '广告', 'Adv.', 0) "); DB_Query("INSERT INTO " . $tableprefix . "user VALUES (NULL, 3, 3, 'mrzhao', 1, '" . md5($password) . "', 1, 0, '赵利铭', 'Mr.Zhao', '姓名: 赵利铭', 'Name: Mr. Zhao', '广告', 'Adv.', 0) "); DB_Query("INSERT INTO " . $tableprefix . "user VALUES (NULL, 3, 4, 'mrwang', 1, '" . md5($password) . "', 1, 0, '王 炯', 'Mr.Wang', '姓名: 王 炯', 'Name: Mr. Wang', '广告', 'Adv.', 0) "); $filename = $rootpath . "config/settings.php"; $fp = @fopen($filename, 'rb'); $contents = @fread($fp, filesize($filename)); @fclose($fp); $contents = trim($contents); $contents = preg_replace("/[\$]_CFG\\['cAppVersion'\\]\\s*\\=\\s*[\"'].*?[\"'];/is", "\$_CFG['cAppVersion'] = '{$WeLiveVersion}';", $contents); $contents = preg_replace("/[\$]_CFG\\['cKillRobotCode'\\]\\s*\\=\\s*[\"'].*?[\"'];/is", "\$_CFG['cKillRobotCode'] = '" . md5(microtime()) . "';", $contents); $fp = @fopen($filename, 'w'); @fwrite($fp, $contents); @fclose($fp); // write config file last off in case installation fails $configfile = "<?php\r\n\r\n\$servername = '{$servername}';\r\n\$dbname = '{$dbname}';\r\n\$dbusername = '******';\r\n\$dbpassword = '******';\r\n\r\ndefine('WELIVE', true);\r\ndefine('TABLE_PREFIX', '" . $tableprefix . "');\r\ndefine('COOKIE_KEY', '" . PassGen(12) . "');\r\ndefine('WEBSITE_KEY', '" . PassGen(12) . "');\r\ndefine('BASEPATH', dirname(dirname(__FILE__)).'/');\r\n\r\n?>"; // write the config file $filenum = fopen($rootpath . "config/config.php", "w"); ftruncate($filenum, 0); fwrite($filenum, $configfile); fclose($filenum); echo '<font class=ohblueb>恭喜: 您的WeLive在线客服系统 安装成功!</font><br /><br />请在删除WeLive安装目录(./install/)后继续! <br /><br /> 1). <a href="' . $rootpath . 'demo.html" target="_blank"><b>浏览客服小面板演示页面!</b></a> <br /><br /> 2). <a href="' . $rootpath . 'index.php" target="_blank"><b>点击这里进入管理面板!</b></a><br /><br />'; } } } } // ############################### INSTALL FORM ################################
} else { $html .= '<br /><br /><div class="content"><p>' . $lang->translate(243) . '</p></div><br /><br />'; } } else { $html .= '<br /><br /><div class="content"><p>' . $lang->translate(243) . '</p></div><br /><br />'; } } elseif (get_value_get('type') == 'wwreset') { $html = '<div class="paginatitel">' . $lang->translate(231) . '</div>'; if (check_user_right(get_value_session('from_db', 'id'), 'wwreset', get_value_session('from_db', 'is_admin')) != FALSE) { if (get_value_session('from_db', 'id') == get_value_get('id')) { $html .= '<br><div class="content"><p>' . $lang->translate(233) . '</p></div>'; } elseif (check_user_subuser(get_value_session('from_db', 'id'), get_value_get('id')) != FALSE || get_value_session('from_db', 'is_admin') == '1') { if (!isset($mysqli) || empty($mysqli)) { create_db_connection('mysqli', 'central'); } $new = PassGen(); record_change_user(get_value_get('id')); $query = $mysqli->query("UPDATE `user` SET `pass` = '" . $mysqli->real_escape_string(md5($new)) . "' WHERE `id` LIKE '" . $mysqli->real_escape_string(get_value_get('id')) . "' LIMIT 1") or die($mysqli->error); if ($mysqli->affected_rows == "0" || $mysqli->affected_rows == "-1") { $html .= '<br /><br />' . $lang->translate(233) . '<br /><br />'; } else { $subject = $lang->translate(234); $body = $lang->translate(238) . "<br /><br />" . $new . "<br /><br />" . $lang->translate(239); $mailfrom = get_value_session('from_db', 'email'); $userdata = get_userdata(get_value_get('id')); $namefrom = $userdata['handelsnaam']; $email = $userdata['email']; send_email($email, $subject, $body, $mailfrom, $namefrom); $html .= '<br /><br />' . $lang->translate(232) . '<br /><br />' . $lang->translate(237) . $new . '<br /><br />'; } } else {