public function login()
{
header("Content-type:text/html;charset=utf-8");
//验证码验证
$code = $_POST['verify'];
$name = $_POST['name'];
$pass = $_POST['pass'];
if (!checkVerify($code)) {
$this->error("验证码错误");
return;
}
// else{
// $this->redirect('Index/index', array('status'=>1));
// return;
// }
//验证用户名和密码
$Admin = M('Admin');
$admin = $Admin->where("username='******' AND password='******'")->find();
if ($admin) {
//更新登录时间和次数
$Admin = M('Admin');
$Admin->where('id=' . $admin['id'])->setInc('logincount', 1);
$Admin->where('id=' . $admin['id'])->setField('logintime', getTime());
$_SESSION['login'] = $Admin->where("username='******' AND password='******'")->find();
$Role = M('Role');
$role = $Role->where('id=' . $_SESSION['login']['roleid'])->find();
$_SESSION['login']['role'] = $role;
$this->redirect('Index/index');
} else {
$this->error("账号或密码错误");
}
}
<?php
!defined('P_W') && exit('Forbidden');
checkVerify('loginhash');
$cookiepre = CookiePre() . '_';
foreach ($_COOKIE as $key => $value) {
if (strpos($key, $cookiepre) === 0) {
Cookie(substr($key, strlen($cookiepre)), '', 0);
}
}
$referer = strpos($pwServer['HTTP_REFERER'], $db_bbsurl) === 0 ? $pwServer['HTTP_REFERER'] : $db_bbsurl . '/' . $db_bfn;
ObHeader($referer);
<div class="hd">
<div class="bg">
<?php
if ($_SESSION['name'] == '') {
echo '<form class="login-form" action="/shafake/home/register/login" method="post">';
echo '<div class="login-div">';
echo '<div class="login">';
echo '<label id="user">账号</label><input name="name"/><button class="pn">登陆</button>';
echo '</div>';
echo '<div class="login">';
echo '<label id="pwd">密码</label><input name="password" type="password"/><a href="/shafake/home/register" class="pn">注册</a>';
echo '</div>';
echo '</div>';
echo '</form>';
} else {
if (checkVerify($_SESSION['uid']) == true) {
echo '<div class="user"><strong class="user-name"><a href="/shafake/home/index/userinfo">' . $_SESSION["name"] . '(已认证)</a></strong><a href="/shafake/home/register/logout">退出</a></div>';
} else {
echo '<div class="user"><strong class="user-name"><a href="/shafake/home/index/userinfo">' . $_SESSION["name"] . '</a></strong><a href="/shafake/home/register/logout">退出</a></div>';
}
}
?>
</div>
<div class="nv">
<ul>
<li><a href="/shafake/home/index">首页</a></li>
<li><a href="/shafake/home/verify">认证</a></li>
<li><a href="/shafake/home/search">搜索</a></li>
<li><a href="/shafake/home/help">帮助</a></li>
<li><a href="/shafake/home/admin" target="_blank">后台</a></li>
</ul>
<?php
!defined('P_W') && exit('Forbidden');
if (empty($_GET['step'])) {
define('AJAX', 1);
list($db_upload, $db_imglen, $db_imgwidth, $db_imgsize) = explode("\t", $db_upload);
S::gp(array('uid', 'verify'));
$swfhash = GetVerify($uid);
checkVerify('swfhash');
L::loadClass('faceupload', 'upload', false);
$face = new FaceUpload($uid);
PwUpload::upload($face);
$uploaddb = $face->getAttachs();
echo 'success';
//ajax_footer();
//echo $db_bbsurl . '/' . $attachpath . '/' . $uploaddb['fileuploadurl'] . '?' . $timestamp;
//exit();
} else {
L::loadClass('upload', '', false);
$ext = strtolower(substr(strrchr($_GET['filename'], '.'), 1));
$udir = str_pad(substr($winduid, -2), 2, '0', STR_PAD_LEFT);
//$source = PwUpload::savePath(0, "{$winduid}_tmp.$ext", "upload/$udir/");
if (!in_array(strtolower($ext), array('gif', 'jpg', 'jpeg', 'png', 'bmp'))) {
Showmsg('undefined_action');
}
/*if (!file_exists($source)) {
Showmsg('头像保存失败,图片大小请不要超过2M!');
}*/
$data = $_SERVER['HTTP_RAW_POST_DATA'] ? $_SERVER['HTTP_RAW_POST_DATA'] : file_get_contents('php://input');
if ($data) {
S::gp(array('from'));
function PostCheck($verify = 1, $gdcheck = 0, $qcheck = 0, $refer = 1)
{
global $pwServer;
$verify && checkVerify();
if ($refer && $pwServer['REQUEST_METHOD'] == 'POST') {
$referer_a = @parse_url($pwServer['HTTP_REFERER']);
if ($referer_a['host']) {
list($http_host) = explode(':', $pwServer['HTTP_HOST']);
if ($referer_a['host'] != $http_host) {
Showmsg('undefined_action');
}
}
}
$gdcheck && GdConfirm($_POST['gdcode']);
$qcheck && Qcheck($_POST['qanswer'], $_POST['qkey']);
}
$id = $identify ? $mid . '_' . $identify : $mid;
} elseif ($do == 'deletecomment') {
checkVerify();
S::gp(array('cid', 'mid'));
$weibo = $weiboService->getWeibosByMid($mid);
$commentService = L::loadClass("comment", "sns");
if ($weibo['uid'] == $winduid || $commentService->checkCommentAuthor($cid) || S::inArray($windid, $manager)) {
if ($commentService->deleteComment($cid)) {
$weiboService->updateCountNum(array('replies' => -1), $mid, 'plus');
}
echo 'ok';
} else {
Showmsg("你没有权限删除该评论!");
}
} elseif ($do == 'deleteweibo') {
checkVerify();
S::gp(array('mid'));
$weibo = $weiboService->getWeibosByMid($mid);
if ($weibo && ($weibo['uid'] == $winduid || $SYSTEM['delweibo'] || S::inArray($windid, $manager))) {
$weiboService->deleteWeibos($mid);
$type = $weiboService->getType($weibo['type']);
if ($type == 'weibo') {
weibocredit('weibo_Delete');
}
$userCache = L::loadClass('Usercache', 'user');
$userCache->delete($weibo['uid'], 'weibo');
echo 'ok';
} else {
Showmsg("您要删除的微博不存在");
}
} elseif ($do == 'lookround') {
$expandCondition = array('fid' => $fid, 'starttime' => $starttime, 'endtime' => $endtime);
list($total, $threads) = $searcherService->searchSpecial($condition, $authorid, $page, $perpage, $expandCondition);
$pager = $total ? numofpage($total, $page, ceil($total / $perpage), $searchURL . "searcher.php?type={$type}&condition={$condition}&authorid={$authorid}&fid={$fid}&starttime={$starttime}&endtime={$endtime}&", null, '', true) : '';
break;
default:
$_extendSearcher = L::loadClass('extendsearcher', 'search');
$_searcherService = $_extendSearcher->extendSearcher($type);
list($total, $lists) = $_searcherService->searchDefault($page, $perpage);
$pager = $total ? numofpage($total, $page, ceil($total / $perpage), $searchURL . "searcher.php?type={$type}&keyword={$keyword}&", null, '', true) : '';
break;
}
}
//*帖子搜索当没有关键字有用户情况走mysql搜索
$isUseMysqlWithThread = S::inArray($type, array('thread', 'diary')) && (!$keyword && ($username || $diaryusername)) ? true : false;
if ($type && $keyword || $isUseMysqlWithThread) {
strtolower($GLOBALS['pwServer']['REQUEST_METHOD']) == "post" && checkVerify();
if (!$isSphinx && 2 == $step) {
if (!$searcherService->checkUserLevel()) {
Showmsg('search_limit');
}
if (!$searcherService->checkWaitSegment()) {
Showmsg('search_wait');
}
}
$keyword = strip_tags($keyword);
//* @include_once pwCache::getPath ( D_P . 'data/bbscache/search_config.php' );
pwCache::getData(D_P . 'data/bbscache/search_config.php');
switch ($type) {
case "thread":
list($searchForumPart1, $searchForumPart2) = $_searchHelper->getSearchForum();
$adverts = $_searchHelper->getSearchAdvert($keyword);
$db_uploadfiletype = !empty($db_uploadfiletype) ? is_array($db_uploadfiletype) ? $db_uploadfiletype : unserialize($db_uploadfiletype) : array();
$filetype = '';
foreach ($db_uploadfiletype as $key => $value) {
$filetype .= ($filetype ? ',' : '') . $key . ':' . $value;
}
$pwServer['HTTP_USER_AGENT'] = 'Shockwave Flash';
$swfhash = GetVerify($winduid);
echo pwJsonEncode(array('uid' => $winduid, 'step' => 2, 'verify' => $swfhash));
} else {
define('AJAX', 1);
S::gp(array('uid', 'type', 'verify', 'ua'), 'P');
S::gp(array('type'));
$uid = intval($uid);
!$ua && ($pwServer['HTTP_USER_AGENT'] = 'Shockwave Flash');
$swfhash = GetVerify($uid ? $uid : '');
checkVerify('verify');
if (!$db_allowupload) {
showExtraMsg('upload_close');
}
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
$winddb = $userService->get($uid);
//groupid,memberid
!$winddb && showExtraMsg('not_login');
$groupid = $winddb['groupid'] == '-1' ? $winddb['memberid'] : $winddb['groupid'];
if (file_exists(D_P . "data/groupdb/group_{$groupid}.php")) {
//* require_once pwCache::getPath(S::escapePath(D_P . "data/groupdb/group_$groupid.php"));
pwCache::getData(S::escapePath(D_P . "data/groupdb/group_{$groupid}.php"));
} else {
//* require_once pwCache::getPath(D_P . 'data/groupdb/group_1.php');
pwCache::getData(D_P . 'data/groupdb/group_1.php');
/**
* POST请求检查
*
* @global array $pwServer
* @param int $checkHash 是否检查请求hash
* @param int $checkGd 是否检查验证码
* @param int $checkQuestion 是否检查安全问题
* @param int $checkReferer 是否检查refer
*/
function PostCheck($checkHash = 1, $checkGd = 0, $checkQuestion = 0, $checkReferer = 1)
{
global $pwServer;
$checkHash && checkVerify();
if ($checkReferer && $pwServer['REQUEST_METHOD'] == 'POST') {
$refererParsed = @parse_url($pwServer['HTTP_REFERER']);
if ($refererParsed['host']) {
list($httpHost) = explode(':', $pwServer['HTTP_HOST']);
if ($refererParsed['host'] != $httpHost) {
Showmsg('undefined_action');
}
}
}
$checkGd && GdConfirm($_POST['gdcode']);
$checkQuestion && Qcheck($_POST['qanswer'], $_POST['qkey']);
}
