<?php /** * $Author: BEESCMS $ * ============================================================================ * 网站地址: http://www.beescms.com * 您只能在不用于商业目的的前提下对程序代码进行修改和使用; * 不允许对程序代码以任何形式任何目的的再发布。 * ============================================================================ */ define('IN_CMS', 'true'); include 'init.php'; $action = isset($_REQUEST['action']) ? fl_html(fl_value($_REQUEST['action'])) : 'channel'; $lang = isset($_REQUEST['lang']) ? fl_html(fl_value($_REQUEST['lang'])) : get_lang_main(); //模型列表 if ($action == 'channel') { $fl_path = DATA_PATH . 'cache_channel/cache_channel_all.php'; include 'template/admin_channel.html'; } elseif ($action == 'add') { if (!check_purview('pannel_create')) { msg('<span style="color:red">操作失败,你的权限不足!</span>'); } include 'template/admin_channel_ad.html'; } elseif ($action == 'cache') { if (!$GLOBALS['cache']->channel_cache($GLOBALS['lang']) || !$GLOBALS['cache']->cache_fields()) { msg("缓存更新失败,请先添加模型"); } msg("模型缓存完成", 'admin_main.php'); } elseif ($action == 'save_channel') { if (!check_purview('pannel_create')) { msg('<span style="color:red">操作失败,你的权限不足!</span>');
<?php /** * $Author: BEESCMS $ * ============================================================================ * 网站地址: http://www.beescms.com * 您只能在不用于商业目的的前提下对程序代码进行修改和使用; * 不允许对程序代码以任何形式任何目的的再发布。 * ============================================================================ */ define('IN_CMS', 'true'); include 'init.php'; $action = isset($_REQUEST['action']) ? fl_html(fl_value($_REQUEST['action'])) : 'index'; $lang = isset($_REQUEST['lang']) ? fl_html(fl_value($_REQUEST['lang'])) : ''; //首页配置界面 if ($action == 'index') { if (file_exists(DATA_PATH . 'index_info.php')) { include DATA_PATH . 'index_info.php'; } $index_info = isset($_index) ? $_index : array('flash_is' => 0); if (file_exists(DATA_PATH . 'cache/lang_cache.php')) { include DATA_PATH . 'cache/lang_cache.php'; } include 'template/admin_index_info.html'; } elseif ($action == 'save_index') { if (!check_purview('index_info')) { msg('<span style="color:red">操作失败,你的权限不足!</span>'); } if (!isset($_POST['submit'])) { msg('<span style="color:red">请从表单提交</span>'); }
//载入模板 } elseif ($action == 'add') { //是否开启留言本 $is_use = $mysql->get_row("select is_book from " . DB_PRE . "book_info where id=1"); if (!$is_use) { die("<script type=\"text/javascript\">alert('" . $language['book_msg1'] . "');history.go(-1);</script>"); } $book_code = $_POST['book_code']; if ($book_code != $_SESSION['code']) { die("<script type=\"text/javascript\">alert('{$language['member_msg2']}');history.go(-1);</script>"); } $book_name = fl_html($_POST['book_name']); $book_title = fl_html($_POST['book_title']); $mail = fl_html($_POST['mail']); $book_type = intval($_POST['book_type']); $book_content = fl_html($_POST['book_content']); $pr_id = intval($_POST['pr_id']); if (empty($book_title)) { die("<script type=\"text/javascript\">alert('" . $language['book_msg2'] . "');history.go(-1);</script>"); } if (empty($book_content)) { die("<script type=\"text/javascript\">alert('" . $language['book_msg3'] . "');history.go(-1);</script>"); } $book_name = empty($book_name) ? empty($_SESSION['member_user']) ? '游客' : $_SESSION['member_user'] : cn_substr($book_name, 50); $book_title = cn_substr($book_title, 60); $book_content = cn_substr($book_content, 200); $addtime = time(); //是否开启审核 $is_verify = $mysql->get_row("select book_verify from " . DB_PRE . "book_info where id=1"); $verify = $is_verify ? 0 : 1; $sql = "insert into " . DB_PRE . "book (book_name,book_title,book_content,mail,book_type,pr_id,addtime,verify,lang) values ('{$book_name}','{$book_title}','{$book_content}','{$mail}',{$book_type},{$pr_id},'{$addtime}',{$verify},'{$lang}')";
<?php /** * $Author: BEESCMS $ * ============================================================================ * 网站地址: http://www.beescms.com * 您只能在不用于商业目的的前提下对程序代码进行修改和使用; * 不允许对程序代码以任何形式任何目的的再发布。 * ============================================================================ */ define('IN_CMS', 'true'); include 'init.php'; $action = isset($_REQUEST['action']) ? fl_html(fl_value($_REQUEST['action'])) : 'member'; //会员列表 if ($action == 'member') { $page = intval($_GET['page']); if (file_exists(DATA_PATH . "cache/cache_member_group.php")) { include DATA_PATH . "cache/cache_member_group.php"; } $page = empty($page) ? 1 : $page; $page_size = 20; $page_num = ($page - 1) * $page_size; $total_num = $GLOBALS['mysql']->fetch_rows("select id from " . DB_PRE . "member"); $total_page = ceil($total_num / $page_size); $total_page = !$total_page ? 1 : $total_page; $query = ''; $rel = $GLOBALS['mysql']->fetch_asc("select*from " . DB_PRE . "member order by id desc limit " . $page_num . ',' . $page_size); include 'template/admin_member.html'; } elseif ($action == 'add') { if (!check_purview('user_manage')) { msg('<span style="color:red">操作失败,你的权限不足!</span>');
<?php /** * $Author: BEESCMS $ * ============================================================================ * 网站地址: http://www.beescms.com * 您只能在不用于商业目的的前提下对程序代码进行修改和使用; * 不允许对程序代码以任何形式任何目的的再发布。 * ============================================================================ */ define('IN_CMS', 'true'); include 'init.php'; $action = isset($_REQUEST['action']) ? fl_html(fl_value($_REQUEST['action'])) : 'sys'; //系统设置页 if ($action == 'sys') { if (file_exists(DATA_PATH . 'sys_info.php')) { include DATA_PATH . 'sys_info.php'; } include 'template/admin_sys.html'; } elseif ($action == 'add_sys') { if (!check_purview('sys_info')) { msg('<span style="color:red">操作失败,你的权限不足!</span>'); } if (!isset($_POST['submit'])) { msg('<span style="color:red">请从表单提交</span>'); } unset($_POST['action'], $_POST['submit']); foreach ($_POST as $k => $v) { $info[$k] = $v; } $sql = "update " . DB_PRE . "cmsinfo set info_array='" . addslashes(var_export($info, 'true')) . "' where id=1 and info_tag='sys'";
.pic p{line-height:25px; line-height:25px;} .pic_list_ct{margin:10px 0;} .pic_list_ct li{width:80px; height:100px; display:block; float:left; margin-bottom:10px; margin-right:10px; display:inline} .pic_list li_ct label{display:block; height:20px; line-height:20px;} .sl_pic{margin-top:10px; height:25px; background:#FFFFFF; border:1px solid #ccc; padding:5px;} .sl_pic span{padding-left:8px; color:#0000FF} </style> </head> <body> <base target="_self"> <?php $submit = $_POST['uppic']; if ($submit) { $up = $_POST['up']; $file_info = fl_html($_POST['file_info']); $value_arr = array(''); $type = explode('|', $type_file); //有文件 if (is_uploaded_file($_FILES['up']['tmp_name'])) { $value_arr = up_file($_FILES['up'], $_sys['upload_size'], $type); //处理上传后的图片信息 $file_path = $value_arr['file']; //文件保存路径 $file_ext = $value_arr['ext']; //文件扩展名 $file_size = empty($value_arr['size']) ? 0 : $value_arr['size']; //文件大小 $file_time = $value_arr['time']; //上传时间 //入库
} elseif ($action == 'add_coll') { } elseif ($action == 'password') { $url = $language['member_msg28']; $tpl->assign('position', get_dy_position($url)); //位置 if (empty($_SESSION['member_user']) || empty($_SESSION['member_id']) || empty($_SESSION['member_login'])) { die('<script type="text/javascript">location.href=\'?action=login&lang=' . $lang . '\';</script>'); } $tpl->display('member_login'); } elseif ($action == 'save_password') { if (empty($_SESSION['member_user']) || empty($_SESSION['member_id']) || empty($_SESSION['member_login'])) { die('<script type="text/javascript">location.href=\'?action=login&lang=' . $lang . '\';</script>'); } $password_use = trim(fl_html(fl_value($_POST['password_use']))); $password_new = trim(fl_html(fl_value($_POST['password_new']))); $password_new2 = trim(fl_html(fl_value($_POST['password_new2']))); if (empty($password_use) || empty($password_new) || empty($password_new2)) { die("<script type=\"text/javascript\">alert('{$language['member_msg8']}');history.go(-1);</script>"); } $sql = "select member_password from " . DB_PRE . "member where id=" . $_SESSION['member_id']; $rel = $GLOBALS['mysql']->get_row($sql); if (md5($password_use) != $rel) { die("<script type=\"text/javascript\">alert('{$language['member_msg26']}');history.go(-1);</script>"); } if ($password_new != $password_new2) { die("<script type=\"text/javascript\">alert('{$language['member_msg9']}');history.go(-1);</script>"); } $sql = "update " . DB_PRE . "member set member_password='******' where id=" . $_SESSION['member_id']; $GLOBALS['mysql']->query($sql); die("<script type=\"text/javascript\">alert('{$language['member_msg18']}');history.go(-1);</script>"); } elseif ($action == 'out') {
function check_login($user, $password) { $rel = $GLOBALS['mysql']->fetch_asc("select id,admin_name,admin_password,admin_purview,is_disable from " . DB_PRE . "admin where admin_name='" . $user . "' limit 0,1"); $rel = empty($rel) ? '' : $rel[0]; if (empty($rel)) { msg('不存在该管理用户', 'login.php'); } $password = md5($password); if ($password != $rel['admin_password']) { msg("输入的密码不正确"); } if ($rel['is_disable']) { msg('该账号已经被锁定,无法登陆'); } $_SESSION['admin'] = $rel['admin_name']; $_SESSION['admin_purview'] = $rel['admin_purview']; $_SESSION['admin_id'] = $rel['id']; $_SESSION['admin_time'] = time(); $_SESSION['login_in'] = 1; $_SESSION['login_time'] = time(); $ip = fl_value(get_ip()); $ip = fl_html($ip); $_SESSION['admin_ip'] = $ip; unset($rel); header("location:admin.php"); }
} $value = $value_str; } $sql_value .= ",'" . fl_html($value) . "'"; } } else { die('表单不能为空<a href="javascript:history.go(-1);">返回</a>'); } $table = $form['form_mark']; $tables = $mysql->show_tables(); if (!in_array(DB_PRE . $table, $tables)) { die('发生错误,该表单已经停止使用,不能添加表单信息<a href="javascript:history.go(-1);">返回</a>'); } $addtime = time(); $ip = fl_value(get_ip()); $ip = fl_html($ip); $member_id = empty($_SESSION['id']) ? 0 : $_SESSION['id']; $arc_id = empty($f_id) ? 0 : intval($_POST['f_id']); $sql = "insert into " . DB_PRE . "formlist (form_id,form_time,form_ip,member_id,arc_id) values ({$form_id},{$addtime},'{$ip}','{$member_id}','{$arc_id}')"; $mysql->query($sql); $last_id = $mysql->insert_id(); $sql_field = 'id' . $sql_field; $sql_value = $last_id . $sql_value; $sql = "insert into " . DB_PRE . "{$table} ({$sql_field}) values ({$sql_value})"; $mysql->query($sql); //发送邮件 if (!empty($_sys['mail_feed'])) { if (in_array('1', $_sys['mail_feed'])) { $table = $form['form_mark']; if (!empty($table)) { $rel = $GLOBALS['mysql']->fetch_asc("select*from " . DB_PRE . "{$table} where id={$last_id}");
session_start(); $s_code = empty($_SESSION['code']) ? '' : $_SESSION['code']; $_SESSION['login_in'] = empty($_SESSION['login_in']) ? '' : $_SESSION['login_in']; $_SESSION['admin'] = empty($_SESSION['admin']) ? '' : $_SESSION['admin']; if ($_SESSION['login_in'] && $_SESSION['admin']) { header("location:admin.php"); } $action = empty($_GET['action']) ? 'login' : $_GET['action']; if ($action == 'login') { global $_sys; include 'template/admin_login.html'; } elseif ($action == 'ck_login') { global $submit, $user, $password, $_sys, $code; $submit = $_POST['submit']; $user = fl_html(fl_value($_POST['user'])); $password = fl_html(fl_value($_POST['password'])); $code = $_POST['code']; if (!isset($submit)) { msg('请从登陆页面进入'); } if (empty($user) || empty($password)) { msg("密码或用户名不能为空"); } if (!empty($_sys['safe_open'])) { foreach ($_sys['safe_open'] as $k => $v) { if ($v == '3') { if ($code != $s_code) { msg("验证码不正确!"); } } }