if (!empty($global_clean['code'])) {
//如果关闭了验证码验证
if (!($_POST['code'] == $_SESSION['code'])) {
location('验证码错误,请重新输入!', 'member_modify.php');
}
}
//进行用户名和密码的验证
$name = check_username($_POST['username']);
$password = check_password($_POST['password']);
$time = check_time($_POST['time']);
//将接受到得用户名和密码和数据库进行配对
$query = mysql_query("select username from user where username='******' and password='******'");
if (is_array(mysql_fetch_array($query))) {
if (is_array($array = mysql_fetch_array(mysql_query("select username,level from user where username='******' and password='******' and active=''")))) {
//登入成功,开始写入cookie,调用setcookies函数
_setcookies($_POST['username'], $time);
//判断是否是管理员登入
if ($array['level'] == 1) {
//如果是管理员身份登入
$_SESSION['admin'] = $array['username'];
}
//开始记录登入信息,包括登入地点,时间,次数
mysql_query("update \r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\tuser\r\n\t\t \t\t\t\t\t\t\t\t\t set \t\r\n\t\t \t\t\t\t\t\t\t\t\t \t\t\t\tlast_time=now(),\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\tlast_ip='{$_SERVER["REMOTE_ADDR"]}',\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\tlogin_count=login_count+1\r\n\t\t \t\t\t\t\t\t\t\t\twhere\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\tusername='******'username']}'");
location('登入成功', 'index.php');
} else {
location('用户名没有被激活,请重新登入', 'login.php');
}
} else {
location('用户名或密码错误,请重新登入', 'login.php');
}
}
//protect from illegal registration
_check_code($_POST['code'], $_SESSION['RandCode']);
//include register.func.php
include ROOT_PATH . 'includes/login.func.php';
//receive data from form
$_clean = array();
$_clean['username'] = _check_username($_POST['username']);
$_clean['password'] = _check_password($_POST['password']);
$_clean['time'] = _check_time($_POST['time']);
//validate data in database
if (!!($_rows = _fetch_array("SELECT \n\t\t tg_username,tg_uniqid,tg_level \n\t\t FROM \n\t\t tg_user \n\t\t WHERE \n\t\t tg_username='******'username']}' \n\t\t and \n\t\t tg_password='******'password']}' \n\t\t and \n\t\t tg_active='' LIMIT 1"))) {
//登录成功后,记录登录信息
_query("UPDATE tg_user SET \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_time=NOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_ip='{$_SERVER["REMOTE_ADDR"]}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_login_count=tg_login_count+1\n\t\t\t\t\t\t\t\t\t\t\t\tWHERE \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username='******'tg_username']}'\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t");
//_session_destroy();
//store cookies into client to raise security
_setcookies($_rows['tg_username'], $_rows['tg_uniqid'], $_clean['time']);
if ($_rows['tg_level'] == 1) {
$_SESSION['admin'] = $_rows['tg_username'];
}
_close();
_location(null, 'member.php');
} else {
_close();
//_session_destroy();
_location('wrong username or password or the account is not activated', 'login.php');
}
}
}
?>
_login_state();
//开始处理登录状态
if ($_GET['action'] == 'login') {
//为了防止恶意注册,跨站攻击
_check_code($_POST['code'], $_SESSION['code']);
//引入验证文件
include ROOT_PATH . 'includes/login.func.php';
$_clean = array();
$_clean['username'] = _check_username($_POST['username'], 2, 20);
$_clean['password'] = _check_password($_POST['password'], 6);
//到数据库去验证
if (!!($_rows = _fetch_array("SELECT username,uniqid FROM tb_user WHERE username='******'username']}' AND password='******'password']}' AND active='' LIMIT 1"))) {
//登录成功后记录登录信息
_query("UPDATE tb_user SET\n\t\t\t\t\t\t\t\tlast_time=NOW()\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tusername='******'username']}'\n\t\t\t\t\t\t\t");
_close();
_setcookies($_rows['username'], $_rows['uniqid']);
_location(NULL, 'index.php');
} else {
_close();
_session_destroy();
_location('用户名密码不正确或者该账户未被激活!', 'login.php');
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>多用户留言系统--登录</title>
<?php
require ROOT_PATH . 'includes/title.inc.php';
