function login()
{
$this->_fix_failedlogins();
if(MEMBER_ID < 1)
{
$this->Messager("请先在前台进行<a href='index.php?mod=account&code=login'><b>登录</b></a>",null);
}
$loginperm = $this->_logincheck();
if(!$loginperm) {
$this->Messager("累计 5 次错误尝试,15 分钟内您将不能登录。",null);
}
$this->Title="用户登录";
if ($this->CookieHandler->GetVar('referer')=='')
{
$this->CookieHandler->Setvar('referer',referer());
}
$action="admin.php?mod=login&code=dologin";
$question_select=FormHandler::Select('question',ConfigHandler::get('member','question_list'),0);
$role_type_select=FormHandler::Radio('role_type',ConfigHandler::get('member','role_type_list'),'normal');
ob_clean();
include(handler('template')->file("@admin/login"));
}
/**
* @copyright (C)2014 Cenwor Inc.
* @author Cenwor <www.cenwor.com>
* @package php
* @name common.func.php
* @date 2014-11-04 13:51:54
*/
function position()
{
global $rewriteHandler;
$decribe=__('您的位置:');
$child_symbol=' > ';
$mod=$_GET['rmod']?$_GET['rmod']:$_GET['mod'];
if(strpos($mod,'_')!==false)list($mod,$mod_child)=explode('_',$mod);
$code=$_GET['code'];
$config = ConfigHandler::get();
$list['index']="<a href='{$config['site_url']}'>{$config['site_name']}".__('首页')."</a>";
$list['mod']=ConfigHandler::get('header_menu','list',$mod);
if($list['mod']!=false)
{
if($rewriteHandler)$list['mod']['link']=$rewriteHandler->formatURL($list['mod']['link']);
$list['mod']="<a href='{$list['mod']['link']}'>{$list['mod']['name']}</a>";
}
else
{
unset($list['mod']);
}
$args_list=func_get_args();
if(is_array($args_list) and count($args_list)>0)
{
foreach ($args_list as $key=>$value)
{
if(empty($value))continue;
if(is_string($value))
{
if(trim($value)=='')continue;
$value=preg_replace("~(\s+[/]\s+)|(\-\>)~",$child_symbol,$value);
}
else
{
if(isset($value['name']))
{
$value['url']=($value['url']!='')?$value['url']:$value['link'];
$url=$value['url'];
$name=$value['name'];
}
else
{
$url=current($value);
$name=key($value);
}
if($rewriteHandler)$url=$rewriteHandler->formatURL($url);
$value="<a href='$url'>$name</a>";
}
$list[$key]=$value;
}
}
$position=implode($child_symbol,$list);
return $decribe.$position;
}
function ModuleObject( $config )
{
$this->MasterObject($config); Load::logic('product');
$this->ProductLogic = new ProductLogic();
Load::logic('pay');
$this->PayLogic = new PayLogic();
Load::logic('me');
$this->MeLogic = new MeLogic();
Load::logic('order');
$this->OrderLogic = new OrderLogic();
$this->ID = ( int )($this->Post['id'] ? $this->Post['id'] : $this->Get['id']);
$this->CacheConfig = ConfigHandler::get('cache'); $this->ShowConfig = ConfigHandler::get('show'); $runCode = Load::moduleCode($this, $this->Code);
$this->$runCode();
}
function CheckUsername()
{
$username=trim($this->Post['username'] ? $this->Post['username'] : $this->Post['check_value']);
if (strlen($username) < 3 || strlen($username) > 15) {
response_text(__("用户名长度请控制在3~15"));
}
if (($filter_msg = filter($username))) {
response_text("用户名 ".$filter_msg);
}
if (preg_match('~[\~\`\!\@\#\$\%\^\&\*\(\)\=\+\[\{\]\}\;\:\'\"\,\<\.\>\/\?]~',$username)) {
response_text(__("用户名不能包含特殊字符"));
}
$censoruser = ConfigHandler::get('user','forbid');
$censoruser .= "topic
login
member
profile
tag
get_password
report
weather
master
url";
$censorexp = '/^('.str_replace(array('\\*', "\r\n", ' '), array('.*', '|', ''), preg_quote(($censoruser = trim($censoruser)), '/')).')$/i';
if($censoruser && @preg_match($censorexp, $username)) {
response_text(sprintf(__("用户名<b>%s</b>被保留,禁止注册"), $username));
}
$response= "对不起,您输入的用户名 <B>{$username}</B> 不能注册或已经被他人使用,请选择其他名字后再试。";
$this->DatabaseHandler->SetTable(TABLE_PREFIX. 'system_members');
$is_exists=$this->DatabaseHandler->Select('',"username='******'");
if($is_exists) {
response_text($response);
}
if(true === UCENTER)
{
include_once(UC_CLIENT_ROOT . './client.php');
$uc_result = uc_user_checkname($username);
if($uc_result < 0) {
response_text($response);
}
}
exit ;
}
function MasterObject(&$config)
{
$config['v'] = SYS_VERSION;
$this->Config=$config;
$this->Get = &$_GET;
$this->Post = &$_POST;
$this->Cookie = &$_COOKIE;
$this->Session = &$_SESSION;
$this->Request = &$_REQUEST;
$this->Server = &$_SERVER;
$this->Files = &$_FILES;
$this->Module = $this->Post['mod']?$this->Post['mod']:$this->Get['mod'];
$this->Code = $this->Post['code']?$this->Post['code']:$this->Get['code'];
$this->OPC = trim($this->Post['op']?$this->Post['op']:$this->Get['op']);
$GLOBALS['iframe'] = '';
$ipbanned=ConfigHandler::get('access','ipbanned');
if(!empty($ipbanned) && preg_match("~^({$ipbanned})~",$_SERVER['REMOTE_ADDR']))
{
die(__("您的IP已经被禁止访问。"));
}
$this->TemplateHandler=new TemplateHandler($config);
Obj::register('TemplateHandler',$this->TemplateHandler);
$this->CookieHandler = handler('cookie');
$this->DatabaseHandler = dbc();
Obj::register('DatabaseHandler',$this->DatabaseHandler);
Obj::register('CookieHandler',$this->CookieHandler);
Obj::register('config',$this->Config);
}
function Execute()
{
$this -> config=ConfigHandler::get('product');
$sql='select * from '.TABLE_PREFIX.'tttuangou_city ';
$query = $this->DatabaseHandler->Query($sql);
$this -> cityary=$query->GetAll();
if($_GET['city']!=''){
foreach($this -> cityary as $value){
if($value['shorthand'] == $_GET['city']){
$this->CookieHandler->setVar('mycity',$value['cityid']);
$this -> city =$value['cityid'];
break;
};
};
};
if($this -> city == ''){
if($this->CookieHandler->getVar('mycity')!=''){
$this -> city = $this->CookieHandler->getVar('mycity');
}else{
$this -> city=1;
};
};
foreach($this -> cityary as $value){
if($value['cityid'] == $this -> city){
$this -> cityname = $value['cityname'];
break;
};
};
ob_start();
$load_file=array("vivian_reg.css",'validate.js');
switch($this->Code)
{
case 'dologin':
$this->DoLogin();
break;
case 'logout':
$this->LogOut();
break;
default:
$this->login();
break;
}
$body=ob_get_clean();
$this->ShowBody($body);
}
function sms_remain()
{
$sms = ConfigHandler::get('sms');
$sms['server'] = sms_server_init();
$data = 'name='.$sms['account'].'&password='******'password']);
$result = dfopen($sms['server'].'?method=remaincount&'.$data, 10485760, '', '', true);
$result = iconv('GB2312', 'UTF-8/'.'/IGNORE', $result);
preg_match('/<describe>(.*?)<\/describe>/', $result, $match);
$status = $match[1];
preg_match('/<count>(.*?)<\/count>/', $result, $match);
$remain = (int)$match[1]/10;
if ($match[0] == '')
{
preg_match('/<message>(.*?)<\/message>/', $result, $match);
$remain = $match[1];
}
return array('status'=>$status, 'remain'=>$remain);
}
function ModuleObject( $config )
{
$this->MasterObject($config); if (MEMBER_ID < 1)
{
$this->Messager(__('请先登录!'), '?mod=account&code=login');
}
Load::logic('product');
$this->ProductLogic = new ProductLogic();
Load::logic('pay');
$this->PayLogic = new PayLogic();
Load::logic('me');
$this->MeLogic = new MeLogic();
Load::logic('order');
$this->OrderLogic = new OrderLogic();
$this->config = $config;
$this->ID = ( int )($this->Post['id'] ? $this->Post['id'] : $this->Get['id']);
$this->CacheConfig = ConfigHandler::get('cache'); $this->ShowConfig = ConfigHandler::get('show'); $runCode = Load::moduleCode($this, $this->Code);
$this->$runCode();
}
function Execute()
{
if ($this->Code == '')
{
$this->Code = 'main';
}
$this -> config=ConfigHandler::get('product');
list($this->cityary,$this->city,$this->cityname)=logic('misc')->City();
if ('main' == $this->Code)
{
ob_start();
$this->UrlList();
$body = ob_get_clean();
$this->ShowBody($body);
}
else
{
$this->RssOutput();
}
}
function Execute(){ include_once ROOT_PATH . './setting/constants.php';
$this -> Title ='商家' . TUANGOU_STR . '管理';
if(MEMBER_ID < 1)$this->Messager("您必须先注册或登录!");
$this -> config=ConfigHandler::get('product');
list($this->cityary,$this->city,$this->cityname)=logic('misc')->City();
ob_start();
switch($this->Code){
case 'ticket':
$this->Ticket();
break;
case 'sendmail':
$this->Sendmail();
break;
case 'express':
$this->Express();
break;
default:
$this->Main();
break;
};
$body = ob_get_clean();
$this->ShowBody($body);
}
static function backup($type = null)
{
if (null === $type) {
$config = ConfigHandler::core_settings();
} else {
$config = ConfigHandler::get($type);
}
if ($config) {
$dir = ROOT_PATH . 'data/backup/setting/';
if (!is_dir($dir)) {
jmkdir($dir);
}
return jio()->WriteFile($dir . (null === $type ? 'settings' : $type) . '.php', '<?php $config' . (null === $type ? '' : "['{$type}']") . ' = ' . var_export($config, true) . '; ?>');
}
}
function ShareConfig()
{
$this->CheckAdminPrivs('share');
$op = $this->Get['op'];
if($op == 'modify')
{
$list = $this->Post;
$order = $list['order'];
foreach ($order as $i => $oid)
{
if ($oid != '')
{
$sort[$oid] = $i;
}
}
ksort($sort);
foreach ($sort as $oid => $i)
{
$flag = $list['flag'][$i];
$one = array();
$one['order'] = $list['order'][$i];
$one['name'] = $list['name'][$i];
$one['display'] = (isset($list['display'][$flag]) && $list['display'][$flag] == 'on') ? 'yes' : 'no';
$set[$flag] = $one;
}
$bshare = ini('share.~@bshare');
$bshare_POST = post('bshare');
$bshare['uuid'] = $bshare_POST['uuid'];
$set['~@bshare'] = $bshare;
ini('share', $set);
$this->Messager('保存成功!');
}
$listAll = array('link', 'qzone', 'kaixin001', 'renren', 'douban', 'tsina', 'bai', 'gmail', 'delicious', 'digg', 'yahoo', 'google', 'facebook', 'twitter', 'baiduhi', 'blogbus', 'clipboard', 'qqmb', 'qqxiaoyou', 'xianguo');
$action = '?mod=tttuangou&code=shareconfig&op=modify';
$shares = ConfigHandler::get('share');
foreach ($listAll as $i => $flag)
{
if (!array_key_exists($flag, $shares))
{
$shares[$flag] = array(
'order' => '',
'name' => '',
'display' => 'no'
);
}
}
if (isset($shares['~@bshare']))
{
$bshare = $shares['~@bshare'];
unset($shares['~@bshare']);
}
include(handler('template')->file('@admin/tttuangou_list_share'));
}
<?php
/* 2014-02-25 in jishigou invalid request template */
if (!defined("IN_JISHIGOU")) {
exit("invalid request");
}
hookscriptoutput();
if ($link_config = ConfigHandler::get('link')) {
?>
<div class="foot-line"> <p>友情链接:</p> <?php
if (is_array($link_config)) {
foreach ($link_config as $link) {
?>
<?php
if (!empty($link['logo'])) {
?>
<a href="<?php
echo $link['url'];
?>
" target="_blank"><img src="<?php
echo $link['logo'];
?>
" width="88" height="31" border="0" alt="<?php
echo $link['name'];
?>
"></a> <?php
} else {
?>
<a href="<?php
echo $link['url'];
?>
function MasterObject(&$config)
{
global $rewriteHandler;
$config['v'] = SYS_VERSION.SYS_RELEASE;
$this->Config=$config; Obj::register('config', $this->Config);
$this->Get = &$_GET;
$this->Post = &$_POST;
$this->Cookie = &$_COOKIE;
$this->Session = &$_SESSION;
$this->Request = &$_REQUEST;
$this->Server = &$_SERVER;
$this->Files = &$_FILES;
$this->Module = trim($this->Post['mod']?$this->Post['mod']:$this->Get['mod']);
$this->Code = trim($this->Post['code']?$this->Post['code']:$this->Get['code']);
$this->OPC = trim($this->Post['op']?$this->Post['op']:$this->Get['op']);
if ($this->Code == '')
{
$this->Code = ini('settings.default_code');
}
$GLOBALS['iframe'] = '';
require_once LIB_PATH . 'cookie.han.php';
$this->CookieHandler = handler('cookie');
Obj::register('CookieHandler',$this->CookieHandler);
if(false == in_array($this->Module, array('downapp', 'wap')) && false === X_IS_AJAX) {
if(false != ($get_ignore_jump = get('ignore_jump'))) {
$this->CookieHandler->SetVar('ignore_jump', time());
}
$ignore_jump = ($get_ignore_jump ? $get_ignore_jump : $this->CookieHandler->GetVar('ignore_jump'));
if(false == $ignore_jump && $_SERVER['HTTP_USER_AGENT'] && false != preg_match('~(MicroMessenger|iPhone|Android|Mobile)~i', $_SERVER['HTTP_USER_AGENT'], $match)) {
header('Location: index.php?mod=downapp');
}
}
$__navs = ConfigHandler::get('nav');
foreach ($__navs as $i => $nav)
{
$curClass = '';
if (strpos($nav['url'], $this->Module)>0 && strpos($nav['url'], $this->Code)>0)
{
$curClass = 'current';
}
elseif (strpos($nav['url'], $this->Module)>0 && $this->Code === false)
{
$curClass = 'current';
}
elseif ($this->Module=='index' && $this->Code=='' && strpos($nav['url'], 'mod')==false && strpos($nav['url'], 'code')==false && substr($nav['url'], 0, 4) != 'http')
{
$curClass = 'current';
}
$__navs[$i]['class'] = $curClass;
if ($rewriteHandler)
{
$__navs[$i]['url'] = $rewriteHandler->formatURL($nav['url']);
}
}
$this->Config['__navs'] = $__navs;
$this->TemplateHandler = handler('template');
Obj::register('TemplateHandler',$this->TemplateHandler);
$this->DatabaseHandler = dbc();
Obj::register('DatabaseHandler',$this->DatabaseHandler);
require_once LIB_PATH . 'member.han.php';
$uid = 0;$password = '';$secques = '';
if($authcode=$this->CookieHandler->GetVar('auth'))
{
list($password,$secques,$uid)=explode("\t",authcode($authcode,'DECODE'));
}
$this->MemberHandler= handler('member');
$this->MemberHandler->FetchMember($uid,$password,$secques);
$this->Title=$this->MemberHandler->CurrentAction['name']; Obj::register("MemberHandler",$this->MemberHandler);
$ipbanned=ConfigHandler::get('access','ipbanned');
if(!empty($ipbanned) && preg_match("~^({$ipbanned})~",$_SERVER['REMOTE_ADDR'])) {
$this->Messager("您的IP已经被禁止访问。",null);
}
unset($ipbanned);
if(MEMBER_ID<1 && (int)$this->Config['robot']['turnon']==1)
{
include_once LOGIC_PATH.'robot.logic.php';
$RobotLogic=new RobotLogic();
define("ROBOT_NAME",$RobotLogic->isRobot());
if(ROBOT_NAME!==false)
{
if ($this->Config['robot']['list'][ROBOT_NAME]['disallow']) {
exit('Access Denied');
}
$RobotLogic->statistic();
if(isset($this->Config['robot']['list'][ROBOT_NAME]['show_ad'])
&& (int)$this->Config['robot']['list'][ROBOT_NAME]['show_ad']==0)
{
unset($this->Config['ad']);
}
include_once LOGIC_PATH.'robot_log.logic.php';
$RobotLogLogic=new RobotLogLogic(ROBOT_NAME);
$RobotLogLogic->statistic();
unset($RobotLogLogic);
}
unset($RobotLogic);
}
unset($this->Config['robot']);
define("FORMHASH",substr(md5(substr(time(), 0, -7).$_SERVER['HTTP_HOST'].$this->Config['auth_key'].$_SERVER['HTTP_USER_AGENT']),0,16));
if($_SERVER['REQUEST_METHOD']=="POST" && $this->Module!='callback' && $this->Module!='misc' && $this->Module!='upload' && $this->Module!='address')
{
if($this->Post["FORMHASH"]!=FORMHASH || strpos($_SERVER["HTTP_REFERER"],$_SERVER["HTTP_HOST"])===false) {
X_IS_AJAX || $this->Messager("请求无效",null);
}
}
}
function DoMerge()
{
$this->CheckAdminPrivs('ucenter');
$start = max(0,(int) $this->Get['start']);
$limit = 500;
$ucenter = ConfigHandler::get('ucenter');
if(!$ucenter['enable'] || !$this->Get['confirm'] || 'mysql' != $ucenter['uc_connect'])
{
$this->Messager("你的配置不正确,或者已经进行过用户数据整合了",null);
}
include_once(ROOT_PATH.'./api/uc_api_db.php');
$db = new JSG_UC_API_DB();
$db->connect($this->Config['db_host'],$this->Config['db_user'],$this->Config['db_pass'],$this->Config['db_name'],$this->Config['charset'],$this->Config['db_persist'],$this->Config['db_table_prefix']);
$query = $db->query("select * from ".TABLE_PREFIX."system_members where ucuid=0 limit {$limit}");
if($db->num_rows($query) < 1)
{
$this->Messager("用户数据合并成功",null);
}
$uc_db = new JSG_UC_API_DB();
$uc_db->connect($ucenter['uc_db_host'],$ucenter['uc_db_user'],$ucenter['uc_db_password'],$ucenter['uc_db_name'],$ucenter['uc_db_charset'],1,$ucenter['uc_db_table_prefix']);
while ($data = $db->fetch_array($query))
{
$ucuid = -1;
$salt = rand(100000, 999999);
$password = md5($data['password'].$salt);
$data['username'] = addslashes($data['username']);
$uc_user = $uc_db->fetch_first("SELECT * FROM {$ucenter['uc_db_table_prefix']}members WHERE username='******'"); if(!$uc_user) {
$uc_db->query("INSERT LOW_PRIORITY INTO {$ucenter['uc_db_table_prefix']}members SET username='******', password='******',email='$data[email]', regip='$data[regip]', regdate='$data[regdate]', salt='$salt'", 'SILENT');
$ucuid = $uc_db->insert_id();
$uc_db->query("INSERT LOW_PRIORITY INTO {$ucenter['uc_db_table_prefix']}memberfields SET uid='$ucuid'",'SILENT');
}
else
{
if($uc_user['password'] == md5($data['password'].$uc_user['salt'])) {
$ucuid = $uc_user['uid'];
}
else {
$uc_db->query("REPLACE INTO {$ucenter['uc_db_table_prefix']}mergemembers SET appid='".UC_APPID."', username='******'", 'SILENT');
}
}
$db->query("update ".TABLE_PREFIX."system_members set ucuid={$ucuid} where uid={$data['uid']}");
}
$next = ($start + $limit);
$this->Messager("[{$start}-{$next}]正在进行用户数据的合并中,请稍候……",'admin.php?mod=ucenter&code=merge&confirm=1&start='.$next);
}
function MasterObject(&$config)
{
$config['v'] = SYS_VERSION.SYS_RELEASE;
$this->Config=$config; Obj::register('config',$this->Config);
$this->ajhAuthKey = $this->Config['auth_key'] . $_SERVER['HTTP_USER_AGENT'] . '_IN_ADMIN_PANEL_' . date('Y-m-Y-m') . '_' . $this->Config['safe_key'];
$this->Get = &$_GET;
$this->Post = &$_POST;
$this->Cookie = &$_COOKIE;
$this->Session = &$_SESSION;
$this->Request = &$_REQUEST;
$this->Server = &$_SERVER;
$this->Files = &$_FILES;
$this->Module = trim($this->Post['mod']?$this->Post['mod']:$this->Get['mod']);
$this->Code = trim($this->Post['code']?$this->Post['code']:$this->Get['code']);
$this->OPC = trim($this->Post['op']?$this->Post['op']:$this->Get['op']);
if ($this->Code == '')
{
$this->Code = ini('settings.default_code');
}
$GLOBALS['iframe'] = '';
require_once LIB_PATH . 'cookie.han.php';
$this->CookieHandler = handler('cookie');
Obj::register('CookieHandler',$this->CookieHandler);
$this->TemplateHandler = handler('template');
Obj::register('TemplateHandler',$this->TemplateHandler);
$this->DatabaseHandler = dbc();
Obj::register('DatabaseHandler',$this->DatabaseHandler);
require_once LIB_PATH . 'member.han.php';
if($authcode=$this->CookieHandler->GetVar('auth'))
{
list($password,$secques,$uid)=explode("\t",authcode($authcode,'DECODE'));
}
$this->MemberHandler= handler('member');
$this->MemberHandler->FetchMember($uid,$password,$secques);
$access=ConfigHandler::get('access');
if(!empty($access['ipbanned']) && preg_match("~^({$access['ipbanned']})~",$_SERVER['REMOTE_ADDR']))
{
$this->Messager("您的IP已经被禁止访问",null);
}
if(!empty($access['admincp']) && !preg_match("~^({$access['admincp']})~",$_SERVER['REMOTE_ADDR']))
{
$this->Messager("您当前的IP在不在后台允许的IP里,无法访问后台。",null);
}
if(MEMBER_ID<1)
{
$this->Messager("请先在前台进行<a href='index.php?mod=account&code=login'><b>登录</b></a>",null);
}
$this->CheckAdminPrivs();
if(!($this->Config['close_second_verify_enable']) && $this->Module!='login')
{
unset($ajhAuth,$_pwd,$_uid);
if(($ajhAuth = $this->CookieHandler->GetVar('ajhAuth'))) {
list($_pwd,$_uid) = explode("\t",authcode($ajhAuth,'DECODE',$this->ajhAuthKey));
}
if (!$ajhAuth || !$_pwd || $_pwd!=$this->MemberHandler->MemberFields['password'] || $_uid < 1 || $_uid!=MEMBER_ID) {
$this->Messager(null,'admin.php?mod=login');
}
}
$this->Title=$this->MemberHandler->CurrentAction['name']; Obj::register("MemberHandler",$this->MemberHandler);
define("FORMHASH",substr(md5(substr(time(), 0, -7).$_SERVER['HTTP_USER_AGENT'].$_SERVER['HTTP_HOST'].$this->Config['auth_key'].date('Y-m-d')),0,16));
if($_SERVER['REQUEST_METHOD']=="POST")
{
if(($this->Post['FORMHASH']!=FORMHASH || strpos($_SERVER['HTTP_REFERER'],$_SERVER['HTTP_HOST'])===false)) {
$this->Messager("请求无效", null);
}
}
$this->actionName();
}
function ticketCreate( $userid, $productid, $orderid )
{
Load::logic('product');
$ProductLogic = new ProductLogic();
$product = $ProductLogic->productGet($productid, 0, true);
if ( $product['type'] == 'stuff' )
{
return true;
}
$rndLength = 12;
$rndLoop = ceil($rndLength / 3);
$rndString = '';
for ( $i = 0; $i < $rndLoop; $i ++ )
{
$rndString .= ( string )rand(100, 999);
}
$rndString = substr($rndString, 0, $rndLength);
$ticketNumber = $rndString;
$ticketPassword = rand('100000', '999999');
$ary = array(
'uid' => $userid, 'productid' => $productid, 'orderid' => $orderid, 'number' => $ticketNumber, 'password' => authcode($ticketPassword, 'ENCODE', $this->Config['auth_key']), 'status' => 1
);
$this->DatabaseHandler->SetTable(TABLE_PREFIX . 'tttuangou_ticket');
$result = $this->DatabaseHandler->Insert($ary);
$sms = ConfigHandler::get('sms');
if ( $sms['power'] == 'on' )
{
$sql = 'SELECT * FROM ' . TABLE_PREFIX . 'system_members WHERE uid=' . $userid;
$userInfo = $this->DatabaseHandler->Query($sql)->GetRow();
if ( is_numeric($userInfo['phone']) )
{
$sql = '
SELECT
p.name, p.perioddate, s.sellerphone, s.selleraddress
FROM
' . TABLE_PREFIX . 'tttuangou_product p LEFT join ' . TABLE_PREFIX . 'tttuangou_seller s on p.sellerid=s.id
WHERE p.id=' . $productid;
$ticketInfo = $this->DatabaseHandler->Query($sql)->GetRow();
$smsContent = str_replace(array(
'{user_name}', '{product_name}', '{ticket_number}', '{ticket_password}', '{perioddate}', '{seller_phone}', '{seller_address}', '{site_name}'
), array(
$userInfo['username'], $ticketInfo['name'], $ticketNumber, $ticketPassword, date('Y-m-d', $ticketInfo['perioddate']), $ticketInfo['sellerphone'], $ticketInfo['selleraddress'], $this->Config['site_name']
), $sms['template']);
Load::functions('sms');
$result = sms_send($userInfo['phone'], $smsContent);
$sql = 'INSERT INTO ' . TABLE_PREFIX . 'tttuangou_sms (id, name, phone, content, mid, state)VALUES(NULL, "' . $userInfo['username'] . '", "' . $userInfo['phone'] . '", "' . $smsContent . '", "' . $result['msgid'] . '", "' . $result['msgstate'] . '")';
$this->DatabaseHandler->Query($sql);
}
}
Load::logic('order');
$OrderLogic = new OrderLogic();
$OrderLogic->orderType($orderid, 9);
return true;
}
function Login()
{
if ( (MEMBER_ID != 0 and false == $this->IsAdmin) || MEMBER_ID > 0)
{
$this->Messager("您已经使用用户名 " . MEMBER_NAME . " 登录系统,无需再次登录!", null);
}
$loginperm = $this->_logincheck();
if ( ! $loginperm )
{
$this->Messager("累计 5 次错误尝试,15 分钟内您将不能登录。", null);
}
$this->Title = "用户登录";
$action = "?mod=account&code=login&op=done";
$question_select = FormHandler::Select("question", ConfigHandler::get("member", "question_list"), 0);
$role_type_select = FormHandler::Radio("role_type", ConfigHandler::get("member", "role_type_list"), "normal");
account()->loginReferer($_SERVER['HTTP_REFERER']);
include ($this->TemplateHandler->Template("account_login"));
}
function Main()
{
$this->CheckAdminPrivs('sessions');
$where_list=array();
$where="";
$query_link="admin.php?mod=sessions";
$p=max((int)$this->Get['page'],1);
$query_link.="&page=".$p;
$pn=(int)$this->Get['pn']?(int)$this->Get['pn']:20;
if($pn<1)$pn=20;
$query_link.='&pn='.$pn;
$username=trim($this->Get['username']);
if ($username!="")
{
$where_list[]="username like '%$username%'";
$query_link.="&username="******"*" || empty($_ip))continue;
$ips.=$and."ip{$i}='$_ip'";
$and=" and ";
}
$where_list[]=$ips;
}
if($this->Get['order_by'])$query_link.="&order_by=".$this->Get['order_by'];
if($this->Get['order_type'])$query_link.="&order_type=".$this->Get['order_type'];
if($where_list)$where=" where ".implode(" AND ",$where_list);
$order_by_list = array
(
'order_by_default' => 'lastactivity',
'lastactivity' => array
(
'name' => '最后访问时间',
'order_by' => 'lastactivity',
),
'ip' => array
(
'name' => 'IP地址',
'order_by' =>"concat_ws('.',ip1,ip2,ip3,ip4)",
),
'uid' => array
(
'name' => '用户名',
'order_by' => 'uid',
),
);
$order_array = order($order_by_list,$query_link,array('display_un_href'=>true));
$order = $order_array['order'];
$order_html = $order_array['html'];
$limit="";
$offset=($p-1)*$pn;
$sql="SELECT count(1) total from ".TABLE_PREFIX."system_sessions".$where;
$query = $this->DatabaseHandler->Query($sql);
$row=$query->GetRow();
$total=$row['total'];
$sql="SELECT * from ".TABLE_PREFIX."system_sessions".$where." ".$order." limit $offset,$pn";
$query = $this->DatabaseHandler->Query($sql);
$session_list=array();
while ($row=$query->GetRow())
{
$row['dateline']=my_date_format($row['lastactivity']);
$row['ip']=sprintf("%s.%s.%s.%s",$row['ip1'],$row['ip2'],$row['ip3'],$row['ip4']);
$session_list[]=$row;
}
$robot=array();
$robot_record=(int)ConfigHandler::get('robot','turnon');
if($robot_record==1)
{
$sql="SELECT * from ".TABLE_PREFIX."system_robot_ip";
$query=$this->DatabaseHandler->Query($sql,"SKIP_ERROR");
if($query)
{
while ($row=$query->GetRow())
{
$robot[$row['ip']]=$row['name'];
}
}
}
$pages=page($total,$pn,$query_link,array(),"2 10 20 50 100 200 500");
include handler('template')->file('@admin/sessions');
}
function modifyAccess()
{
$this->CheckAdminPrivs('ipset');
$access=(array)ConfigHandler::get('access');
foreach ($access as $type =>$ips)
{
if(!empty($ips))
{
$ips=str_replace("|","\n",$ips);
$access[$type]=stripslashes($ips);
}
}
$action="admin.php?mod=setting&code=domodify_access";
include handler('template')->file('@admin/setting_access');
}
function Disallow()
{
$this->CheckAdminPrivs('robot');
$name = trim($this->Get['name']);
$disallow = 'disallow1' == $this->Code ? 1 : 0;
$sql = "update `".TABLE_PREFIX."system_robot` set `disallow`='{$disallow}' where `name`='{$name}'";
$this->DatabaseHandler->Query($sql);
$sql = "select `name`,`disallow` from `".TABLE_PREFIX."system_robot` where `disallow`=1";
$query = $this->DatabaseHandler->Query($sql);
$robot_config = ConfigHandler::get('robot');
$robot_config['list'] = array();
while ($row = $query->GetRow())
{
$robot_config['list'][$row['name']]['disallow'] = $row['disallow'];
}
$configHandler = new ConfigHandler();
$configHandler->set('robot',$robot_config);
$disallow_string = "User-agent: {$name}
Disallow: /
";
$load = new Load();
$load->lib('io');
$IoHandler = new IoHandler();
$robots_path = ROOT_PATH . 'robots.txt';
$robots_string_new = $robots_string = $IoHandler->ReadFile($robots_path);
$disallow_string_strpos = strpos($robots_string,$disallow_string);
if ($disallow && false===$disallow_string_strpos) {
$robots_string_new = $disallow_string . $robots_string_new;
} elseif (!$disallow && false!==$disallow_string_strpos) {
$robots_string_new = str_replace($disallow_string,"",$robots_string_new);
}
if ($robots_string_new!=$robots_string) {
$return = $IoHandler->WriteFile($robots_path,$robots_string_new);
if (!$return) {
$this->Messager("写入 <b>{$robots_path}</b> 文件失败,请检查是否有可读写的权限",null);
}
}
$this->Messager("修改成功");
}
<?php
/* 2014-02-25 in jishigou invalid request template */
if (!defined("IN_JISHIGOU")) {
exit("invalid request");
}
hookscriptoutput();
$naviList = ConfigHandler::get('footer_navigation');
?>
<?php
if (is_array($naviList['list'])) {
foreach ($naviList['list'] as $k_g => $group) {
?>
<?php
$k_g = $k_g + 1;
?>
<div class="foot-line"> <?php
if ($group['avaliable']) {
?>
<p><?php
echo $group['name'];
?>
:</p> <?php
}
?>
<?php
if (is_array($group['type_list'])) {
foreach ($group['type_list'] as $k_o => $one) {
?>
<?php
if ($one['avaliable']) {
function _send_mail_by_smtp($email_to,$email_subject,$email_message,$smtp_config='',$html=true) {
$sys_config = ConfigHandler::get();
$smtp_config = $smtp_config ? $smtp_config : (ConfigHandler::get('smtp'));
$mail['from'] = $smtp_config['mail'];
$mail['server'] = ($smtp_config['ssl'] ? 'ssl:/'.'/' : '') . $smtp_config['host'];
$mail['port'] = $smtp_config['port'];
$mail['auth'] = (boolean) ($smtp_config['username'] && $smtp_config['password']);
$mail['auth_username'] = $smtp_config['username'];
$mail['auth_password'] = $smtp_config['password'];
$errorlog = 'ajherrorlog';
$charset = $sys_config['charset'];
$bbname = $sys_config['site_name'];
$adminemail = $sys_config['site_admin_email'];
$maildelimiter = NEW_LINE;
$mailusername = 1;
$email_subject = '=?'.$charset.'?B?'.base64_encode(str_replace("\r", '', str_replace("\n", '', $email_subject))).'?=';
$email_message = chunk_split(base64_encode(str_replace("\r\n.", " \r\n..", str_replace("\n", "\r\n", str_replace("\r", "\n", str_replace("\r\n", "\n", str_replace("\n\r", "\r", $email_message)))))));
$email_from = $smtp_config['email_from'] ? $smtp_config['email_from'] : $smtp_config['mail'];
$email_from = ($email_from == '' ? '=?'.$charset.'?B?'.base64_encode($bbname)."?= <$adminemail>" : (preg_match('/^(.+?) \<(.+?)\>$/',$email_from, $from) ? '=?'.$charset.'?B?'.base64_encode($from[1])."?= <$from[2]>" : $email_from));
foreach(explode(',', $email_to) as $touser) {
$tousers[] = preg_match('/^(.+?) \<(.+?)\>$/',$touser, $to) ? ($mailusername ? '=?'.$charset.'?B?'.base64_encode($to[1])."?= <$to[2]>" : $to[2]) : $touser;
}
$email_to = implode(',', $tousers);
$headers = "From: $email_from{$maildelimiter}X-Priority: 3{$maildelimiter}X-Mailer: TTTuangou ".SYS_VERSION."{$maildelimiter}MIME-Version: 1.0{$maildelimiter}Content-type: text/".($html ? 'html' : 'plain')."; charset=$charset{$maildelimiter}Content-Transfer-Encoding: base64{$maildelimiter}";
$mail['port'] = $mail['port'] ? $mail['port'] : 25;
if(!$fp = msockopen($mail['server'], $mail['port'], $errno, $errstr, 3)) {
$errorlog('SMTP', "($mail[server]:$mail[port]) CONNECT - Unable to connect to the SMTP server", 0);
return false;
}
stream_set_blocking($fp, true);
$lastmessage = fgets($fp, 512);
if(substr($lastmessage, 0, 3) != '220') {
$errorlog('SMTP', "$mail[server]:$mail[port] CONNECT - $lastmessage", 0);
return false;
}
fputs($fp, ($mail['auth'] ? 'EHLO' : 'HELO')." TTTuangou\r\n");
$lastmessage = fgets($fp, 512);
if(substr($lastmessage, 0, 3) != 220 && substr($lastmessage, 0, 3) != 250) {
$errorlog('SMTP', "($mail[server]:$mail[port]) HELO/EHLO - $lastmessage", 0);
return false;
}
while(1) {
if(substr($lastmessage, 3, 1) != '-' || empty($lastmessage)) {
break;
}
$lastmessage = fgets($fp, 512);
}
if($mail['auth']) {
fputs($fp, "AUTH LOGIN\r\n");
$lastmessage = fgets($fp, 512);
if(substr($lastmessage, 0, 3) != 334) {
$errorlog('SMTP', "($mail[server]:$mail[port]) AUTH LOGIN - $lastmessage", 0);
return false;
}
fputs($fp, base64_encode($mail['auth_username'])."\r\n");
$lastmessage = fgets($fp, 512);
if(substr($lastmessage, 0, 3) != 334) {
$errorlog('SMTP', "($mail[server]:$mail[port]) USERNAME - $lastmessage", 0);
return false;
}
fputs($fp, base64_encode($mail['auth_password'])."\r\n");
$lastmessage = fgets($fp, 512);
if(substr($lastmessage, 0, 3) != 235) {
$errorlog('SMTP', "($mail[server]:$mail[port]) PASSWORD - $lastmessage", 0);
return false;
}
$email_from = $mail['from'];
}
fputs($fp, "MAIL FROM: <".preg_replace("/.*\<(.+?)\>.*/", "\\1", $email_from).">\r\n");
$lastmessage = fgets($fp, 512);
if(substr($lastmessage, 0, 3) != 250) {
fputs($fp, "MAIL FROM: <".preg_replace("/.*\<(.+?)\>.*/", "\\1", $email_from).">\r\n");
$lastmessage = fgets($fp, 512);
if(substr($lastmessage, 0, 3) != 250) {
$errorlog('SMTP', "($mail[server]:$mail[port]) MAIL FROM - $lastmessage", 0);
return false;
}
}
$email_tos = array();
foreach(explode(',', $email_to) as $touser) {
$touser = trim($touser);
if($touser) {
fputs($fp, "RCPT TO: <".preg_replace("/.*\<(.+?)\>.*/", "\\1", $touser).">\r\n");
$lastmessage = fgets($fp, 512);
if(substr($lastmessage, 0, 3) != 250) {
fputs($fp, "RCPT TO: <".preg_replace("/.*\<(.+?)\>.*/", "\\1", $touser).">\r\n");
$lastmessage = fgets($fp, 512);
$errorlog('SMTP', "($mail[server]:$mail[port]) RCPT TO - $lastmessage", 0);
return false;
}
}
}
fputs($fp, "DATA\r\n");
$lastmessage = fgets($fp, 512);
if(substr($lastmessage, 0, 3) != 354) {
$errorlog('SMTP', "($mail[server]:$mail[port]) DATA - $lastmessage", 0);
return false;
}
$headers .= 'Message-ID: <'.gmdate('YmdHs').'.'.substr(md5($email_message.microtime()), 0, 6).rand(100000, 999999).'@'.$_SERVER['HTTP_HOST'].">{$maildelimiter}";
fputs($fp, "Date: ".gmdate('r')."\r\n");
fputs($fp, "To: ".$email_to."\r\n");
fputs($fp, "Subject: ".$email_subject."\r\n");
fputs($fp, $headers."\r\n");
fputs($fp, "\r\n\r\n");
fputs($fp, "$email_message\r\n.\r\n");
$lastmessage = fgets($fp, 512);
if(substr($lastmessage, 0, 3) != 250) {
$errorlog('SMTP', "($mail[server]:$mail[port]) END - $lastmessage", 0);
return false;
}
fputs($fp, "QUIT\r\n");
return true;
}
function get_system_env( )
{
$e = array();
$e['time'] = gmdate( "Y-m-d", time( ) );
$e['os'] = PHP_OS;
$e['ip'] = @gethostbyname($_SERVER['SERVER_NAME']) or ($e['ip'] = getenv( "SERVER_ADDR" )) or ($e['ip'] = getenv('LOCAL_ADDR'));
$e['sapi'] = @php_sapi_name( );
$e['host'] = strtolower(getenv('HTTP_HOST') ? getenv('HTTP_HOST') : $_SERVER['HTTP_HOST']);
$e['path'] = substr(dirname(__FILE__),0,-17);
$e['cpu'] = $_ENV['PROCESSOR_IDENTIFIER']."/".$_ENV['PROCESSOR_REVISION'];
$e['name'] = $_ENV['COMPUTERNAME'];
if(defined('SYS_VERSION')) $e['sys_version']=SYS_VERSION;
if(defined('SYS_BUILD')) $e['sys_build']=SYS_BUILD;
$sys_conf = ConfigHandler::get();
if($sys_conf['site_name']) $e['sys_name'] = $sys_conf['site_name'];
if($sys_conf['site_admin_email']) $e['sys_email'] = $sys_conf['site_admin_email'];
if($sys_conf['site_url']) $e['sys_url'] = $sys_conf['site_url'];
if($sys_conf['charset']) $e['sys_charset'] = $sys_conf['charset'];
if($sys_conf['language']) $e['sys_language'] = $sys_conf['language'];
return get_system_count($e);
}
