deinit_mysql(); print json_encode($json); } elseif ($mode == $proto_mode_add_apikey) { check_privilege($privilege_apiUsage); $domainfilter = addslashes(retrieve_from_post($proto_domainfilter)); $description = addslashes(retrieve_from_post($proto_description)); $apikey = generate_apikey(); // Retrieve api key list from database $result = mysqli_query($global_mysqli_link, "INSERT INTO apikeys(verifier, email, domainFilter, description) VALUES('{$apikey}', '{$active_userid}', '{$domainfilter}', '{$description}')") or die_nice('Cannot insert a new api key: ' . mysqli_error($global_mysqli_link)); log_statistic("{$apikey_kiri}", 'ADDAPIKEY', $userid . $apikey); // Construct json. $json = array($proto_status => $proto_status_ok, $proto_verifier => $apikey); deinit_mysql(); print json_encode($json); } elseif ($mode == $proto_mode_update_apikey) { check_privilege($privilege_apiUsage); $apikey = addslashes(retrieve_from_post($proto_verifier)); $domainfilter = addslashes(retrieve_from_post($proto_domainfilter)); $description = addslashes(retrieve_from_post($proto_description)); // Ensure that this user has access to the apikey $result = mysqli_query($global_mysqli_link, "SELECT email FROM apikeys WHERE verifier='apikey'") or die_nice('Cannot check API key owner: ' . mysqli_error($global_mysqli_link)); while ($row = mysqli_fetch_row($result)) { if ($row[0] != $active_userid) { die_nice("User {$active_userid} does not have privilege to update API Key {$apikey}"); } } mysqli_query($global_mysqli_link, "UPDATE apikeys SET domainFilter='{$domainfilter}', description='{$description}' WHERE verifier='{$apikey}'") or die_nice('Failed to update API Key: ' . mysqli_error($global_mysqli_link)); deinit_mysql(); well_done(); } elseif ($mode == $proto_mode_register) { $email = addslashes(retrieve_from_post($proto_userid));
} else { define('PBBLOG_WS_ADMIN', 'admin'); } define('ROOT', str_replace(PBBLOG_WS_ADMIN, '', str_replace("\\", '/', dirname(__FILE__)))); require ROOT . '/includes/core.php'; require PBBLOG_ROOT . '/includes/admin.function.php'; $safe_act = array('pre_login', 'login', 'logout', 'index', 'get_version', 'header', 'menu', 'footer', 'default', 'cat_list', 'del_cat', 'add_cat', 'act_add_cat', 'edit_cat', 'act_edit_cat', 'blog_list', 'del_blog', 'add_blog', 'act_add_blog', 'edit_blog', 'act_edit_blog', 'upload', 'comment_list', 'del_comment', 'add_comment', 'act_add_comment', 'edit_comment', 'act_edit_comment', 'member_list', 'del_member', 'add_member', 'act_add_member', 'edit_member', 'act_edit_member', 'group_list', 'del_group', 'add_group', 'act_add_group', 'edit_group', 'act_edit_group', 'sidebar_setup_list', 'del_sidebar', 'sidebar_list', 'add_sidebar', 'act_setup_sidebar', 'act_edit_sort', 'setup_sidebar', 'edit_sidebar', 'act_edit_sidebar', 'set_footer', 'act_set_page', 'get_page_data', 'ajax_post_page_data', 'del_sql_file', 'page_list', 'del_page', 'add_page', 'act_add_page', 'edit_page', 'act_edit_page', 'nav_list', 'add_nav', 'act_add_nav', 'edit_nav', 'act_edit_nav', 'act_edit_nav_sort', 'del_nav', 'setting', 'act_setting', 'templates_list', 'select_template', 'clear_cache', 'databak', 'act_backup', 're_data', 'act_re_data', 'friend_link_list', 'act_edit_friend_link_sort', 'edit_friend_link', 'act_edit_friend_link', 'add_friend_link', 'act_add_friend_link', 'del_friend_link', 'plugins_list', 'plugins_setup_list', 'setup_plugin', 'del_plugin', 'plugin_cp', 'tags_list', 'del_tag', 'attachments_list', 'del_attachment', 'auto_save', 'get_auto_save', 'check_auto_date'); $action = $_GET['act']; if (!in_array($action, $safe_act)) { die('Acess Denied'); } //对页面初始化 admin_here($action); //检查用户权限 if ($action != 'pre_login' && $action != 'login' && $action != 'logout' && $action != 'clear_cache' && $action != 'get_version') { check_privilege($action); } if ($action == 'pre_login' || $action == 'login' || $action == 'logout') { require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/login.php'; exit; } elseif ($action == 'index' || $action == 'get_version' || $action == 'header' || $action == 'menu' || $action == 'footer' || $action == 'default') { require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/index.php'; } elseif ($action == 'add_blog' || $action == 'act_add_blog' || $action == 'blog_list' || $action == 'edit_blog' || $action == 'act_edit_blog' || $action == 'del_blog') { require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/blog.php'; } elseif ($action == 'add_cat' || $action == 'act_add_cat' || $action == 'cat_list' || $action == 'edit_cat' || $action == 'act_edit_cat' || $action == 'del_cat') { require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/cat.php'; } elseif ($action == 'add_member' || $action == 'act_add_member' || $action == 'member_list' || $action == 'edit_member' || $action == 'act_edit_member' || $action == 'del_member') { require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/member.php'; } elseif ($action == 'add_group' || $action == 'act_add_group' || $action == 'group_list' || $action == 'edit_group' || $action == 'act_edit_group' || $action == 'del_group') { require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/group.php'; } elseif ($action == 'setting' || $action == 'act_setting') {
if (empty($supplier_is_check)) { show_api_message('您输入的帐号暂时不可用。', '管理员登录', $php_self . '?act=login', 'error'); } } // 登录成功 set_admin_session($admin_user['user_id'], $admin_user['user_name'], $admin_user['action_list'], $admin_user['last_login']); $_SESSION['suppliers_id'] = $admin_user['suppliers_id']; // 更新最后登录时间和IP $db->query("UPDATE " . $ecs->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'"); show_api_message('登录成功', '开始配置接口参数', $php_self . '?act=config', 'info'); } else { show_api_message('登录失败', '重新登录', $php_self . '?act=login', 'error'); } break; } elseif ($act == 'config') { if (!check_privilege()) { show_api_message('登录后才能配置接口参数', '管理员登录', $php_self . '?act=login', 'error'); } if (isset($_POST['submit'])) { if (empty($_POST['qq_appid']) || empty($_POST['qq_appkey'])) { show_api_message('参数不能为空', '重新配置', $php_self . '?act=config', 'error'); } $arr = array(); $arr['qq_appid'] = trim($_POST['qq_appid']); $arr['qq_appkey'] = trim($_POST['qq_appkey']); $arr['qqconnect_allow'] = intval($_POST['qqconnect_allow']); $arr['qq_bind_type'] = intval($_POST['qq_bind_type']); $arr['qq_user_rank'] = intval($_POST['qq_user_rank']); $arr['qq_allow_weibo'] = intval($_POST['qq_allow_weibo']); $arr['qq_allow_space'] = intval($_POST['qq_allow_space']); $field_names = $db->getCol('DESC ' . $ecs->table('users'));