function dhtmlchars($string)
{
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = dhtmlchars($val);
}
} else {
$string = preg_replace('/&((#(\\d{3,5}|x[a-fA-F0-9]{4})|[a-zA-Z][a-z0-9]{2,5});)/', '&\\1', str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $string));
}
return $string;
}
<?php
# MetInfo Enterprise Content Management System
# Copyright (C) MetInfo Co.,Ltd (http://www.metinfo.cn). All rights reserved.
require_once '../include/common.inc.php';
if ($action == 'admin') {
if (isblank($id)) {
echo $lang_loginIntput;
exit;
}
$id = dhtmlchars(trim($id));
foreach ($char_key as $value) {
if (strpos($id, $value) !== false) {
echo $lang_loginUserErr;
exit;
}
}
unset($id_list);
$id_list = $db->get_one("select admin_id from {$met_admin_table} where admin_id = '{$id}'");
if ($id_list[admin_id]) {
echo $lang_loginUserMudb;
exit;
} else {
echo $lang_loginRegok;
exit;
}
}
# This program is an open source system, commercial use, please consciously to purchase commercial license.
# Copyright (C) MetInfo Co., Ltd. (http://www.metinfo.cn). All rights reserved.
