deinit_mysql();
print json_encode($json);
} elseif ($mode == $proto_mode_add_apikey) {
check_privilege($privilege_apiUsage);
$domainfilter = addslashes(retrieve_from_post($proto_domainfilter));
$description = addslashes(retrieve_from_post($proto_description));
$apikey = generate_apikey();
// Retrieve api key list from database
$result = mysqli_query($global_mysqli_link, "INSERT INTO apikeys(verifier, email, domainFilter, description) VALUES('{$apikey}', '{$active_userid}', '{$domainfilter}', '{$description}')") or die_nice('Cannot insert a new api key: ' . mysqli_error($global_mysqli_link));
log_statistic("{$apikey_kiri}", 'ADDAPIKEY', $userid . $apikey);
// Construct json.
$json = array($proto_status => $proto_status_ok, $proto_verifier => $apikey);
deinit_mysql();
print json_encode($json);
} elseif ($mode == $proto_mode_update_apikey) {
check_privilege($privilege_apiUsage);
$apikey = addslashes(retrieve_from_post($proto_verifier));
$domainfilter = addslashes(retrieve_from_post($proto_domainfilter));
$description = addslashes(retrieve_from_post($proto_description));
// Ensure that this user has access to the apikey
$result = mysqli_query($global_mysqli_link, "SELECT email FROM apikeys WHERE verifier='apikey'") or die_nice('Cannot check API key owner: ' . mysqli_error($global_mysqli_link));
while ($row = mysqli_fetch_row($result)) {
if ($row[0] != $active_userid) {
die_nice("User {$active_userid} does not have privilege to update API Key {$apikey}");
}
}
mysqli_query($global_mysqli_link, "UPDATE apikeys SET domainFilter='{$domainfilter}', description='{$description}' WHERE verifier='{$apikey}'") or die_nice('Failed to update API Key: ' . mysqli_error($global_mysqli_link));
deinit_mysql();
well_done();
} elseif ($mode == $proto_mode_register) {
$email = addslashes(retrieve_from_post($proto_userid));
} else {
define('PBBLOG_WS_ADMIN', 'admin');
}
define('ROOT', str_replace(PBBLOG_WS_ADMIN, '', str_replace("\\", '/', dirname(__FILE__))));
require ROOT . '/includes/core.php';
require PBBLOG_ROOT . '/includes/admin.function.php';
$safe_act = array('pre_login', 'login', 'logout', 'index', 'get_version', 'header', 'menu', 'footer', 'default', 'cat_list', 'del_cat', 'add_cat', 'act_add_cat', 'edit_cat', 'act_edit_cat', 'blog_list', 'del_blog', 'add_blog', 'act_add_blog', 'edit_blog', 'act_edit_blog', 'upload', 'comment_list', 'del_comment', 'add_comment', 'act_add_comment', 'edit_comment', 'act_edit_comment', 'member_list', 'del_member', 'add_member', 'act_add_member', 'edit_member', 'act_edit_member', 'group_list', 'del_group', 'add_group', 'act_add_group', 'edit_group', 'act_edit_group', 'sidebar_setup_list', 'del_sidebar', 'sidebar_list', 'add_sidebar', 'act_setup_sidebar', 'act_edit_sort', 'setup_sidebar', 'edit_sidebar', 'act_edit_sidebar', 'set_footer', 'act_set_page', 'get_page_data', 'ajax_post_page_data', 'del_sql_file', 'page_list', 'del_page', 'add_page', 'act_add_page', 'edit_page', 'act_edit_page', 'nav_list', 'add_nav', 'act_add_nav', 'edit_nav', 'act_edit_nav', 'act_edit_nav_sort', 'del_nav', 'setting', 'act_setting', 'templates_list', 'select_template', 'clear_cache', 'databak', 'act_backup', 're_data', 'act_re_data', 'friend_link_list', 'act_edit_friend_link_sort', 'edit_friend_link', 'act_edit_friend_link', 'add_friend_link', 'act_add_friend_link', 'del_friend_link', 'plugins_list', 'plugins_setup_list', 'setup_plugin', 'del_plugin', 'plugin_cp', 'tags_list', 'del_tag', 'attachments_list', 'del_attachment', 'auto_save', 'get_auto_save', 'check_auto_date');
$action = $_GET['act'];
if (!in_array($action, $safe_act)) {
die('Acess Denied');
}
//对页面初始化
admin_here($action);
//检查用户权限
if ($action != 'pre_login' && $action != 'login' && $action != 'logout' && $action != 'clear_cache' && $action != 'get_version') {
check_privilege($action);
}
if ($action == 'pre_login' || $action == 'login' || $action == 'logout') {
require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/login.php';
exit;
} elseif ($action == 'index' || $action == 'get_version' || $action == 'header' || $action == 'menu' || $action == 'footer' || $action == 'default') {
require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/index.php';
} elseif ($action == 'add_blog' || $action == 'act_add_blog' || $action == 'blog_list' || $action == 'edit_blog' || $action == 'act_edit_blog' || $action == 'del_blog') {
require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/blog.php';
} elseif ($action == 'add_cat' || $action == 'act_add_cat' || $action == 'cat_list' || $action == 'edit_cat' || $action == 'act_edit_cat' || $action == 'del_cat') {
require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/cat.php';
} elseif ($action == 'add_member' || $action == 'act_add_member' || $action == 'member_list' || $action == 'edit_member' || $action == 'act_edit_member' || $action == 'del_member') {
require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/member.php';
} elseif ($action == 'add_group' || $action == 'act_add_group' || $action == 'group_list' || $action == 'edit_group' || $action == 'act_edit_group' || $action == 'del_group') {
require PBBLOG_ROOT . '/' . PBBLOG_WS_ADMIN . '/includes/group.php';
} elseif ($action == 'setting' || $action == 'act_setting') {
if (empty($supplier_is_check)) {
show_api_message('您输入的帐号暂时不可用。', '管理员登录', $php_self . '?act=login', 'error');
}
}
// 登录成功
set_admin_session($admin_user['user_id'], $admin_user['user_name'], $admin_user['action_list'], $admin_user['last_login']);
$_SESSION['suppliers_id'] = $admin_user['suppliers_id'];
// 更新最后登录时间和IP
$db->query("UPDATE " . $ecs->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'");
show_api_message('登录成功', '开始配置接口参数', $php_self . '?act=config', 'info');
} else {
show_api_message('登录失败', '重新登录', $php_self . '?act=login', 'error');
}
break;
} elseif ($act == 'config') {
if (!check_privilege()) {
show_api_message('登录后才能配置接口参数', '管理员登录', $php_self . '?act=login', 'error');
}
if (isset($_POST['submit'])) {
if (empty($_POST['qq_appid']) || empty($_POST['qq_appkey'])) {
show_api_message('参数不能为空', '重新配置', $php_self . '?act=config', 'error');
}
$arr = array();
$arr['qq_appid'] = trim($_POST['qq_appid']);
$arr['qq_appkey'] = trim($_POST['qq_appkey']);
$arr['qqconnect_allow'] = intval($_POST['qqconnect_allow']);
$arr['qq_bind_type'] = intval($_POST['qq_bind_type']);
$arr['qq_user_rank'] = intval($_POST['qq_user_rank']);
$arr['qq_allow_weibo'] = intval($_POST['qq_allow_weibo']);
$arr['qq_allow_space'] = intval($_POST['qq_allow_space']);
$field_names = $db->getCol('DESC ' . $ecs->table('users'));
