public function login() { if (!IS_POST) { $this->error('页面不存在'); } $account = I('account'); $pwd = md5(I('pwd')); $where = array('account' => $account); $user = M('user')->where($where)->find(); if (!$user || $user['password'] != $pwd) { $this->error('用户不存在或者密码错误'); } if ($user['lock']) { $this->error('用户被锁定'); } //处理下一次自动登陆 if (isset($_POST['auto'])) { // $value='tongyingyang'; // $value = encryption($value); // echo $value; // $value = encryption($value,1); $account = $user['account']; $ip = get_client_ip(); $value = $account . '|' . $ip; $value = encryption($value); // echo $value; // echo'<br/>'; // echo encryption($value,1); @setcookie('auto', $value, C('AUTO_LOGIN_TIME'), '/'); } //登陆成功写入SESSION并且跳转到到首页 session('uid', $user['id']); header('Content-Type:text/html;Charset=UTF-8'); redirect(__APP__, 3, '登陆成功,正在为您跳转...'); }
public function runLogin() { if (!IS_POST) { $this->error('页面不存在'); } //提取表单内容 $account = I('post.account'); $pwd = md5(I('post.pwd')); $where = array('account' => $account); $user = M('user')->where($where)->find(); if (!$user || $user['password'] != $pwd) { $this->error('用户或密码不正确'); } if ($user['lock']) { $this->error('用户被锁定'); } //处理下一次自动登录 if (isset($_POST['auto'])) { $account = $user['account']; $ip = get_client_ip(); $value = $account . '|' . $ip; $value = encryption($value); cookie('auto', $value, C('AUTO_LOGIN_TIME')); } //登录成功,写入session,跳转到首页 session('uid', $user['id']); redirect(__APP__); }
/** * 加密文件 * $file 需要加密的文件的路径 * $filename 加密之后的文件名称 */ function encrypfile($file) { !$file && ($file = dirname(__FILE__) . '/indexSuccess.php'); $content = file_get_contents($file); $encryp = encryption($content); $decryp = decryption($encryp); return $encryp . '*******' . $decryp; }
public function handleLogin() { if (!IS_POST) { parent::error404(); } $POST = deep_htmlspecialchars_decode($_POST); $objUser = M('user'); parent::checkField('username', $POST['username'], 'require', '用户名不能为空'); parent::checkField('password', $POST['password'], 'require', '密码不能为空'); parent::checkField('verify', $POST['verify'], 'require', '验证码不能为空'); if (md5($POST['verify']) != $_SESSION['verify']) { $this->error('验证码不正确'); } $userData = $objUser->where(array('username' => $POST['username']))->field('id,username,password,lock,login_time')->find(); if (!$userData) { $this->error('用户名不存在,请注册', U(APP_NAME . '/Login/register')); } else { if ($userData['password'] != md5($POST['password'])) { $this->error('密码不正确'); } if (!$userData['lock']) { $this->error('账户被锁定,请联系管理员'); } } //每天登录增加经验 积分 $today = strtotime(date('Y-m-d')); if ($userData['login_time'] < $today) { $objUser->where(array('id' => $userData['id']))->setInc('exp', C('POINT_LOGIN')); $objUser->where(array('id' => $userData['id']))->setInc('point', C('LEVEL_LOGIN')); } //更新登录时间和登录IP $objUser->where(array('id' => $userData['id']))->data(array('login_time' => time(), 'login_ip' => get_client_ip()))->save(); //处理下一次自动登录 if (isset($_POST['auto'])) { $username = $userData['username']; $ip = get_client_ip(); $value = $username . '||' . $ip; $value = encryption($value); //cookie('auto',$value,time() + 3600 * 24 * 7); @setCookie('auto', $value, C('AUTO_LOGIN_TIME'), '/'); //P($_COOKIE['auto']); die; } //写入session 并跳转到首页 session('uid', $userData['id']); session('username', $userData['username']); $this->success('登录成功...', U(APP_NAME . '/Index/index')); }
public function _initialize() { //处理自动登陆 if (isset($_COOKIE['auto']) && !isset($_COOKIE['uid'])) { $value = explode('|', encryption($_COOKIE['auto'], 1)); $ip = get_client_ip(); //本次登陆IP与上一次登陆IP一致时 if ($ip == $value[1]) { $account = $value[0]; $where = array('account' => $account); $user = M('user')->where($where)->field(array('id', 'lock'))->find(); } //检索出用户信息并且该用户没有被锁定时候,保存登陆状态 if ($user && !$user['lock']) { session('uid', $user['id']); } } if (!isset($_SESSION['uid'])) { redirect(U('Login/index')); } }
public function _initialize() { //处理自动登录 if (isset($_COOKIE['auto']) && !isset($_SESSION['uid'])) { $value = explode('||', encryption($_COOKIE['auto'], 1)); $ip = get_client_ip(); $username = $value[0]; $where = array('username' => $username); //array('id', 'lock','email','login_time','login_ip') $user = M('user')->where($where)->field('id,lock,username,login_time,login_ip')->find(); if ($user) { //如果上一次写入数据库的登录IP跟 这次IP跟一样 if ($user['login_ip'] == $ip) { if ($user['lock']) { session('uid', $user['id']); session('username', $user['username']); //每天自动登录增加经验 积分 $today = strtotime(date('Y-m-d')); if ($user['login_time'] < $today) { M('user')->where(array('id' => $user['id']))->setInc('exp', C('POINT_LOGIN')); M('user')->where(array('id' => $user['id']))->setInc('point', C('LEVEL_LOGIN')); } M('user')->where(array('id' => $user['id']))->save(array('login_time' => time())); } } } } //获取当前登录用户的信息 $objUser = M('user'); if (isset($_SESSION['uid']) && isset($_SESSION['username'])) { $userInfo = $objUser->where('id=' . $_SESSION['uid'])->field('id,username,face,point,exp,introduce,email,reg_time,login_time,ask_num,adopt_num,answer_num')->find(); $this->assign('userInfo', $userInfo); //通知未读评论条数 $commentNum = $this->getCommentMsg(array('status' => "0", 'reply_uid' => session('uid')), 'count'); $this->assign('commentNum', $commentNum); //通知未读私信条数 $letterNum = $this->getLetterMsg(array('status' => "0", 'receive_uid' => $_SESSION['uid']), 'count'); $this->assign('letterNum', $letterNum); //通知支招被采纳 $bestNum = M('best')->where(array('uid' => $_SESSION['uid'], 'status' => "0"))->count(); $this->assign('bestNum', $bestNum); //通知未读私信+评论总数 $tipNums = $commentNum + $letterNum + $bestNum; $this->assign('tipNums', $tipNums); } //友情链接 $this->linkList = M('linktxt')->where('status = "1"')->field('link_name,link_url')->limit(25)->order('id asc')->select(); //关于我们 $aboutUs = M('single')->where('id=1')->getField('content'); $aboutUs = deep_htmlspecialchars_decode($aboutUs); $this->assign('aboutUs', $aboutUs); // 微信二维码 $this->weixin = M('ad')->where('id=12')->getField('ad_pic'); //获取站点信息 $this->siteInfo = M('site')->where('id=1')->field('site_name,icp')->find(); //获取整站最新 $this->newAllList = $this->getAllNew(); //获取整站最悬赏 $this->rewardAllList = $this->getAllReward(); //获取整站最支招 $this->commentAllList = $this->getAllComment(); }
unset($_SESSION['admin']); $view["admin_message_html"] = '<div class="alert alert-success" role="alert">Password changed successfully.</div>'; require 'template/login.php'; die; } else { $view["admin_message_html"] = '<div class="alert alert-danger" role="alert">Password does not match confirmation.</div>'; } } } else { if (isset($_POST["new_xapo_app_id"])) { if ($_SESSION['admin']) { if ($_POST["new_xapo_app_id"] != "" && $_POST["new_xapo_secret_key"] != "") { $updateKeys = update_keys_query(); $q = $sql->prepare($updateKeys); $xapo_key = encryption($myHashKey, $_POST["new_xapo_app_id"]); $xapo_secret = encryption($myHashKey, $_POST["new_xapo_secret_key"]); $q->execute(array($xapo_key, $xapo_secret)); $q->closeCursor(); $view["admin_message_html"] = '<div class="alert alert-success" role="alert">Keys changed successfully.</div>'; } else { $view["admin_message_html"] = '<div class="alert alert-danger" role="alert">Keys can\'t be empty.</div>'; } } } } } $queryGeneralSettings = "select * from settings where name<>'password'"; $resultSettings = $sql->query($queryGeneralSettings); if ($resultSettings) { while ($row = $resultSettings->fetch()) { if ($row['name'] == "xapo_app_id" || $row['name'] == "xapo_secret_key") {
// ���Ⱥκ� //$id = $_REQUEST[id]; //$pwd = $_REQUEST[pwd]; $id = 'user1'; $pwd = 'User1'; //����ִ� �� if (empty($id) || empty($pwd)) { echo "{\"status\":\"NO\"}"; } $sql = "SELECT * FROM test WHERE id = '{$id}'"; $result_pwd = mysql_query($sql, $connect); $total_record = mysql_num_rows($result_pwd); //�������� �ʴ� ID if ($total_record != 1) { echo "{\"status\":\"NO\"}"; } else { $row = mysql_fetch_array($result_pwd); $db_pwd = $row[pwd]; $key = "this is a key for encryption"; // ������ �� �� �ִ� key �� $encryption = encryption($pwd, $key); //encryption $str = strcmp($db_pwd, $pwd); //문자열 비교 if ($str) { //다른 경우 echo "{\"status\":\"OK\",\"num_results\":\"{$total_record}\"}"; } else { echo "{\"status\":\"NO\"}"; } }
} catch (Exception $ex) { echo $ex->getMessage(); } //general settings $queryGeneralSettings = "select * from settings"; $resultSettings = $sql->query($queryGeneralSettings); if ($resultSettings) { while ($row = $resultSettings->fetch()) { $settings[$row['name']] = $row['value']; } } if ($settings["password_set"] == '0') { if (isset($_POST["new_password"])) { if ($_POST["new_password"] == $_POST["password_confirmation"]) { $q = $sql->prepare($change_password); $encrypted_pass = encryption($myHashKey, $_POST["new_password"]); $q->execute(array($encrypted_pass, "1")); $q->closeCursor(); $settings["password_set"] = '1'; } } } if ($settings["password_set"] == '0') { require 'first_time.php'; die; } $GLOBALS["settings"] = $settings; $GLOBALS["hashKey"] = $myHashKey; $rewards = get_rewards(); if ($_SERVER['REQUEST_METHOD'] === 'POST' && !isset($_POST["new_password"])) { $view['main']['result_html'] = '';
$con = new mysqli("localhost", "fradmin", "people123", "friendrequest"); $stmt = $con->stmt_init(); $count = 1; //user $passCheckSQL = "SELECT password FROM users WHERE username=?"; $stmt->prepare($passCheckSQL); $stmt->bind_param('s', $user); $stmt->execute(); $stmt->bind_result($pass_result); $stmt->fetch(); //checking the password will fail if user does not exist if (pass_check($pass, $pass_result) && !(strpos($profile, "\n") !== false) && !(strpos($profile, "\t") !== false)) { //user $clearProfileSQL = "DELETE FROM profile WHERE user=?"; $stmt->prepare($clearProfileSQL); $stmt->bind_param('s', $user); $stmt->execute(); foreach ($jsonProfile->profile as $row) { foreach ($row as $key => $val) { if ($val != "") { $val_en = encryption($val); $insertSQL = "INSERT INTO profile VALUES(?,?,?,?)"; $stmt->prepare($insertSQL); $stmt->bind_param('isss', $count, $user, $key, $val_en); $stmt->execute(); $count = $count + 1; } } echo "True"; } }
session_start(); if (!isset($_SESSION['id'])) { $result['type'] = "error"; $result['message'] = "Login <a href='login.php' class='text-bs-primary'>login</a>"; } if (isset($_POST['name'])) { if (!empty($_POST['name']) && !empty($_POST['email']) && !empty($_POST['mobile']) && !empty($_POST['city']) && !empty($_POST['pincode']) && !empty($_POST['address'])) { $name = escape($_POST['name']); $email = escape($_POST['email']); $mobile = escape($_POST['mobile']); $city = escape($_POST['city']); $pincode = escape($_POST['pincode']); $address = escape($_POST['address']); //decrypt the product id $product_id_stack_encrypted = escape($_POST['product_id_stack']); $product_id_stack = encryption("decrypt", $product_id_stack_encrypted); $user_id = $_SESSION['id']; $time = time(); $insert = $db->Insert("buy", "'','{$user_id}','{$name}','{$email}','{$mobile}','{$city}','{$pincode}','{$address}','{$time}','','Processing','1','{$product_id_stack}'"); if ($insert) { /*get the last_inserted_id*/ $buy_id = mysqli_insert_id($mysqli); /*inactive the row from cart table*/ $update = $db->Query("UPDATE `cart` SET `active`='n',buy_id='{$buy_id}' WHERE `user_id`='{$user_id}'"); if ($update) { $result['type'] = "success"; } else { $result['type'] = "error"; $result['message'] = "Unable to update cart try again"; /*delete buy record ifuser system was not able to update the cart table*/ $delete = $db->Delete("buy", "id='{$buy_id}'");
$shipping_price = $product['shipping']; } $subtotal = $product['sp'] + $shipping_price; echo "\n\t\t\t<td><img src='{$product['image']}' class='cart-image'></td>\n\t\t\t<td>{$product['name']}</td>\n\t\t\t<td>Rs {$product['sp']}</td>\n\t\t\t<td>{$shipping_text}</td>\n\t\t\t<td>Rs {$subtotal}</td>\n\t\t\t<td><button class='remove-from-cart btn btn-primary text-18' id='{$cart_id}'><i class='fa fa-trash-o'></i></button></td>\n\t\t\t<tr>"; /*calculate all the shipping charge*/ $main_shipping_charge = $main_shipping_charge + $shipping_price; /*calculate all the sp*/ $main_subtotal = $main_subtotal + $product['sp']; } ?> </table> <hr/> <div style="width:280px;" class="float-right"> <div class="row"> <input type="hidden" value="<?php echo encryption("encrypt", $product_id_stack); ?> " id="product-id-stack"> <div class="col-sm-6 text-left text-muted">Total</div> <div class="col-sm-6 text-right">Rs <?php echo $main_subtotal; ?> </div> <!-- / total --> <div class="col-sm-6 text-left text-muted">Delivery Charge</div> <div class="col-sm-6 text-right"><?php echo $main_shipping_charge; ?> </div> <!-- / delivery --> <div class="col-sm-6 text-left text-20 text-muted">You Pay</div>