function m__edit()
{
global $u_obj, $l_obj;
//验证权限
check_level("B0201");
$post = $_POST;
foreach ($post as $key => $val) {
$post[$key] = trim(urldecode($val));
}
if (empty($post['uname'])) {
die('{"code":"100","msg":"用户不能为空"}');
}
if ($post['group_id'] <= 0) {
die('{"code":"100","msg":"请选择分组"}');
}
if (!is_numeric($post['discount'])) {
die('{"code":"100","msg":"折扣必须是数字"}');
}
if ($post['discount'] > 10 || $post['discount'] < 0) {
die('{"code":"100","msg":"折扣不合理,请重新填写"}');
}
if ($post['user_id'] <= 0) {
if (empty($post['upass']) || empty($post['reupass'])) {
die('{"code":"100","msg":"密码不能为空"}');
}
if ($post['upass'] != $post['reupass']) {
die('{"code":"100","msg":"输入的密码不一致"}');
}
unset($post['reupass']);
//不需要重复验证的密码
//给密码加密
$post['upass'] = helper::password_encrypt($post['upass']);
//判断是否重复
$where = ' where uname = "' . $post['uname'] . '"';
$group = $u_obj->get_all($where);
if (!empty($group['list']) && count($group['list']) > 0) {
die('{"code":"100","msg":"用户组名称不能重复"}');
}
//添加
$res = $u_obj->insert($post);
if ($res['state'] == 0) {
$l_obj->insert("添加用户【{$post['uname']}】");
die('{"code":"0","msg":"添加用户组成功","uid":"' . $res['msg'] . '"}');
}
die('{"code":"100","msg":"添加用户组失败"}');
} else {
//编辑
if (empty($post['upass'])) {
unset($post['upass']);
}
unset($post['reupass']);
//不需要重复验证的密码
$res = $u_obj->update($post, $post['user_id']);
if ($res['state'] == 0) {
$l_obj->insert("更新用户【{$post['uname']}】");
die('{"code":"0","msg":"更新用户成功","uid":"' . $post['user_id'] . '"}');
}
die('{"code":"100","msg":"编辑用户失败"}');
}
}
function m__edit()
{
global $a_obj, $l_obj;
//验证权限
check_level("B0502");
$post = $_POST;
foreach ($post as $key => $val) {
$post[$key] = trim(urldecode($val));
}
if (empty($post['aname'])) {
die('{"code":"100","msg":"用户名称不能为空"}');
}
if ($post['group_id'] <= 0) {
die('{"code":"100","msg":"请选择分组"}');
}
if ($post['admin_id'] <= 0) {
if (empty($post['apass']) || empty($post['reapass'])) {
die('{"code":"100","msg":"密码不能为空"}');
}
if ($post['apass'] != $post['reapass']) {
die('{"code":"100","msg":"输入的密码不一致"}');
}
unset($post['reupass']);
//不需要重复验证的密码
//给密码加密
$post['apass'] = helper::password_encrypt($post['apass']);
//判断是否重复
$where = ' where aname = "' . $post['aname'] . '"';
$admin = $a_obj->get_all($where);
if (!empty($admin['list']) && count($admin['list']) > 0) {
die('{"code":"100","msg":"用户名称不能重复"}');
}
//添加
$res = $a_obj->insert($post);
if ($res['state'] == 0) {
$l_obj->insert("添加用户【{$post['aname']}】");
die('{"code":"0","msg":"添加管理用户成功","aid":"' . $res['msg'] . '"}');
}
die('{"code":"100","msg":"添加用户失败"}');
} else {
//编辑
if (empty($post['apass'])) {
unset($post['apass']);
}
unset($post['reapass']);
//不需要重复验证的密码
$res = $a_obj->update($post, $post['admin_id']);
if ($res['state'] == 0) {
$l_obj->insert("更新用户【{$post['aname']}】");
die('{"code":"0","msg":"更新管理用户成功","aid":"' . $post['admin_id'] . '"}');
}
die('{"code":"100","msg":"编辑管理用户失败"}');
}
}
function m__login()
{
global $dbm;
$_POST = helper::sqlxss($_POST);
$_POST['uname'] = isset($_POST['uname']) ? $_POST['uname'] : '';
$verify = verify::verify_length($_POST['uname'], 1, 20);
if ($verify != '') {
die('{"code":"1","msg":"账号' . $verify . '","id":"uname"}');
}
$_POST['upass'] = isset($_POST['upass']) ? $_POST['upass'] : '';
$verify = verify::verify_upass($_POST['upass']);
if ($verify != '') {
die('{"code":"1","msg":"' . $verify . '","id":"uname","id":"upass"}');
}
$_POST['code'] = isset($_POST['code']) ? $_POST['code'] : '';
$_POST['safecode'] = isset($_POST['safecode']) ? $_POST['safecode'] : '';
if ($_POST['safecode'] != SAFE_CODE) {
die('{"code":"1","msg":"安全码错误","id":"safecode"}');
}
if ($_SESSION['login'] != md5(strtoupper($_POST['code']))) {
die('{"code":"1","msg":"验证码错误","id":"code"}');
}
$sql = "select a.*,b.g_urank,b.g_name from " . TB_PREFIX . "admin_list a left join " . TB_PREFIX . "admin_group b on a.group_id=b.group_id where aname='" . $_POST['uname'] . "' limit 1";
$rs = $dbm->query($sql);
//print_r($rs);
if (count($rs['list']) == 0) {
die('{"code":"1","msg":"账号不存在","id":"uname"}');
}
if ($rs['list'][0]['apass'] != helper::password_encrypt($_POST['upass'])) {
die('{"code":"1","msg":"密码错误","id":"upass"}');
}
if ($rs['list'][0]['astate'] != 0) {
die('{"code":"1","msg":"账号异常","id":"uname"}');
}
// 登陆成功
$_SESSION['admin']["admin_id"] = $rs['list'][0]['admin_id'];
$_SESSION['admin']["aname"] = $rs['list'][0]['aname'];
$_SESSION['admin']["aname_true"] = $rs['list'][0]['aname_true'];
$_SESSION['admin']["group_id"] = $rs['list'][0]['group_id'];
$_SESSION['admin']['group_level'] = $rs['list'][0]['g_urank'];
$_SESSION['admin']['gname'] = $rs['list'][0]['g_name'];
$_SESSION['admin']["alevel"] = $_SESSION['admin']['group_level'] . ',|,' . $rs['list'][0]['alevel'];
logs($_SESSION['admin']["aname"] . "登陆成功");
die('{"code":"0","msg":"登录成功"}');
}
function m__login()
{
global $a_obj, $l_obj;
$post = $_POST;
if (empty($post['aname'])) {
die('{"code":"100","msg":"用户名不能为空"}');
}
if (empty($post['apass'])) {
die('{"code":"100","msg":"密码不能为空"}');
}
//验证码验证
$code = md5(strtoupper($post['code']));
if ($code != $_SESSION['login']) {
die('{"code":"140","msg":"验证码错误"}');
}
// 判断安全码是否正确
//if ($post['safecode'] != SAFE_CODE) die('{"code":"150","msg":"安全码错误"}');
$where = " where aname = '" . urldecode($post['aname']) . "'";
$admin = $a_obj->get_all($where);
if (empty($admin['list'])) {
die('{"code":"100","msg":"用户不存在"}');
}
$admin = $admin['list'][0];
$post['apass'] = helper::password_encrypt($post['apass']);
if ($post['apass'] != $admin['apass']) {
die('{"code":"110","msg":"用户信息有误"}');
}
if ($admin['astate'] != 0) {
die('{"code":"180","msg":"该账号异常"}');
}
$_SESSION['admin']["admin_id"] = $admin['admin_id'];
$_SESSION['admin']["aname"] = $admin['aname'];
$_SESSION['admin']["aname_true"] = $admin['aname_true'];
$_SESSION['admin']["alevel"] = $admin['alevel'];
$_SESSION['admin']["avator"] = '';
//$admin['avator'];
$_SESSION['admin']["g_id"] = '1';
//$admin['group_id'];
$_SESSION['admin']["g_level"] = '100';
//$admin['g_urank'];
//添加记录
$l_obj->insert("登陆成功");
die('{"code":"0","msg":"登录成功"}');
}
function m__pass_verify()
{
global $dbm;
$sql = "select * from " . TB_PREFIX . "admin_list where admin_id='{$_SESSION['admin']['admin_id']}'";
$rs = $dbm->query($sql);
//print_r($rs);
$pwd_str = '000000,111111,11111111,112233,123123,123321,123456,12345678,654321,666666,888888,abcdef,abcabc,abc123,a1b2c3,aaa111,123qwe,qwerty,qweasd,admin,password,p@ssword,passwd,iloveyou,5201314,asdfghjkl';
$pwd = explode(',', $pwd_str);
foreach ($pwd as $k => $v) {
$pwd[$k] = helper::password_encrypt($v);
}
if (count($rs['list']) == 1) {
$a = $rs['list'][0];
if (in_array($a['apass'], $pwd)) {
die('{"code":"1","msg":"弱密码安全提示:您现在的密码过于简单!容易被人猜到,请更改!!!"}');
}
}
die('{"code":"0","msg":"密码安全"}');
}
require_once ROOT_PATH . "/core/urlrewrite.class.php";
//URL重写
require_once ROOT_PATH . "/core/vars.class.php";
//词组变量
require_once ROOT_PATH . "/core/function.php";
//前后台公用方法
require_once ROOT_PATH . "/core/common.class.php";
//前后台公用类
require_once ROOT_PATH . "/core/class.smtp.php";
//前后台公用类
require_once ROOT_PATH . "/core/class.phpmailer.php";
//前后台公用类
setcookie("hashtoken", helper::password_encrypt(CSRF_TOKEN), time() + 1200);
$hashtoken = isset($_POST['hashtoken']) ? $_POST['hashtoken'] : '';
if ($hashtoken != '') {
if ($hashtoken != helper::password_encrypt(CSRF_TOKEN)) {
die('{"code":1,"msg":"非法请求,请刷新页面或者重新登录"}');
}
}
function ob_gzip($content)
{
if (!headers_sent() && extension_loaded("zlib") && strstr($_SERVER["HTTP_ACCEPT_ENCODING"], "gzip")) {
$content = gzencode($content, 9);
//用zlib提供的gzencode()函数执行级别为9的压缩,这个参数值范围是0-9,0表示无压缩,9表示最大压缩,当然压缩程度越高越费CPU。
// 然后用header()函数给浏览器发送一些头部信息,告诉浏览器这个页面已经用GZIP压缩过了!
header("Content-Encoding: gzip");
header("Vary: Accept-Encoding");
header("Content-Length: " . strlen($content));
}
return $content;
//返回压缩的内容,或者说把压缩好的饼干送回工作台。
@unlink(dirname(__FILE__) . '/../cache/' . $host . '_' . CACHE_PREFIX . 'categories');
}
if (file_exists(dirname(__FILE__) . '/../cache/' . $host . '_' . CACHE_PREFIX . 'externs')) {
@unlink(dirname(__FILE__) . '/../cache/' . $host . '_' . CACHE_PREFIX . 'externs');
}
include_once dirname(__FILE__) . '/templates/step' . $step . '.php';
break;
case 10:
// 测试数据库是否能连接{"host":host,"dbuname":dbuname,"dbpass":dbpass,"dbprefix":dbprefix,"dbcharset":dbcharset,}
$host = isset($_GET['host']) && $_GET['host'] != '' ? trim($_GET['host']) : '127.0.0.1';
$dbuname = isset($_GET['dbuname']) && $_GET['dbuname'] != '' ? trim($_GET['dbuname']) : 'root';
$dbpass = isset($_GET['dbpass']) && $_GET['dbpass'] != '' ? trim($_GET['dbpass']) : '';
$dbname = isset($_GET['dbname']) && $_GET['dbname'] != '' ? trim($_GET['dbname']) : 'mcms';
$dbprefix = isset($_GET['dbprefix']) && $_GET['dbprefix'] != '' ? trim($_GET['dbprefix']) : 'mcms_';
$aduname = isset($_GET['aduname']) && $_GET['aduname'] != '' ? trim($_GET['aduname']) : 'admin';
$adpass = isset($_GET['adpass']) && $_GET['adpass'] != '' ? helper::password_encrypt(trim($_GET['adpass'])) : helper::password_encrypt('');
//后台加密方式
// 此处不必做空值判断
if (!@mysql_connect($host, $dbuname, $dbpass)) {
die('{"code":"1","msg":"不能连接数据库' . $dbuname . '"}');
}
//不能连接数据库
if (!@mysql_select_db($dbname)) {
if (!@mysql_query("CREATE DATABASE " . $dbname . " ")) {
die('{"code":"2","msg":"不能创建数据库"}');
}
//不能创建数据库
} else {
//die('{"code":"3","msg":"数据库已经存在如果安装就请换一个名字"}'); //数据库已经存在如果安装就请换一个名字
}
if (strlen($_GET['adpass']) < 5) {
function m__qqbind()
{
global $dbm;
$params = array();
if (isset($_SESSION['uid']) || isset($_SESSION['uname'])) {
act_msg('index.php', "你已经登陆了");
}
if (isset($_SESSION['qq']['openid']) && isset($_GET['act']) && $_GET['act'] == 'bind') {
$_SESSION['qq']['nickname'] = isset($_SESSION['qq']['nickname']) ? helper::escape($_SESSION['qq']['nickname']) : '';
//判断用户名是否存在
$params['uname'] = checkuser($_SESSION['qq']['nickname'], $_SESSION['qq']['nickname']);
$params['upass'] = helper::password_encrypt(substr(uniqid(rand()), -6));
$params['reg_date'] = time();
$params['reg_ip'] = helper::getip();
$params['qqid'] = helper::escape($_SESSION['qq']['openid']);
$res = $dbm->single_insert(TB_PREFIX . "user_list", $params);
//清除QQ登录记录
unset($_SESSION['qq']);
if (empty($res['error']) && $res['autoid'] > 0) {
$_SESSION['uid'] = $res['autoid'];
$_SESSION['uname'] = $params['uname'];
//清除QQ登录记录
act_msg("index.php?tpl=ucenter", "登录成功!");
} else {
act_msg("index.php?tpl=index", "登录失败!");
}
}
//act_msg('index.php?tpl=index', "请登陆QQ再绑定用户");
}
/**
* 获取编辑或添加会员
*/
function m__edit()
{
global $dbm;
check_level("E0102");
$params = array();
foreach ($_POST as $k => $v) {
$_POST[$k] = helper::escape($v, 1);
}
if (!is_numeric($_POST['user_id'])) {
die('{"code":"210","msg":"会员UID必须是数字"}');
}
// 验证会员信息是否合法
if (empty($_POST['uname'])) {
die('{"code":"210","msg":"会员名不能为空"}');
}
$rules = "/\\w+([-+.']\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*/";
if (trim($_POST['uemail']) != '' && !preg_match($rules, $_POST['uemail'])) {
die('{"code":"270","msg":"请正确填写邮箱格式!"}');
}
//if (!preg_match('~^[A-Za-z][A-Za-z]*[a-z0-9_]*$~', $_POST['uname'])) die('{"code":"230","msg":"会员名必须以字母开头,只允许字母、数字、下划线"}');
$params['uname'] = $_POST['uname'];
$params['uemail'] = trim($_POST['uemail']);
$params['uphone'] = isset($_POST['uphone']) && trim($_POST['uphone']) != '' ? trim($_POST['uphone']) : '';
$params['uqq'] = isset($_POST['uqq']) && trim($_POST['uqq']) != '' ? trim($_POST['uqq']) : '';
$params['gender'] = intval($_POST['gender']);
$params['reg_ip'] = helper::getip();
$params['reg_date'] = time();
$params['ustate'] = isset($_POST['ustate']) ? intval($_POST['ustate']) : 0;
$params['upoint'] = intval($_POST['upoint']);
if (intval($_POST['user_id']) > 0) {
if (isset($_POST['upass']) && $_POST['upass'] != '') {
if (strlen($_POST['upass']) < 5 || strlen($_POST['upass']) > 20) {
die('{"code":"280","msg":"密码不符合要求,必须5到20字符"}');
}
if ($_POST['upass'] != $_POST['re_pass']) {
die('{"code":"270","msg":"两次密码不一致"}');
}
$params['upass'] = helper::password_encrypt($_POST['upass']);
}
$where = " user_id ='" . $_POST['user_id'] . "'";
$res = $dbm->single_update(TB_PREFIX . "user_list", $params, $where);
if (empty($res['error'])) {
logs("账号编辑成功,账号ID为:{$_POST['user_id']}");
die('{"code":"0","msg":"操作成功"}');
}
logs("编辑账号失败,请核实后再添加,账号ID为:{$_POST['user_id']}");
die('{"code":"280","msg":"编辑账号失败,请核实后再添加"}');
} else {
// 添加会员
$where = " uname='" . $_POST['uname'] . "'";
$a = $dbm->single_query(array('where' => $where, 'table_name' => TB_PREFIX . "user_list"));
if (count($a['list']) > 0) {
die('{"code":"260","msg":"会员名不能重复"}');
}
if (empty($_POST['upass'])) {
die('{"code":"220","msg":"密码不能为空"}');
}
if (strlen($_POST['upass']) < 5) {
die('{"code":"240","msg":"密码过于简单,必须5到20字符"}');
}
if (strlen($_POST['upass']) > 20) {
die('{"code":"250","msg":"密码超出限定的20字符长度,"}');
}
if ($_POST['upass'] != $_POST['re_pass']) {
die('{"code":"270","msg":"两次密码不一致"}');
}
$params['upass'] = helper::password_encrypt($_POST['upass']);
$res = $dbm->single_insert(TB_PREFIX . "user_list", $params);
if ($res['autoid'] > 0) {
logs("添加会员成功,会员ID为:{$_POST['uname']}");
die('{"code":"0","msg":"添加会员成功"}');
}
logs("添加会员失败,请核实后再添加,会员ID为:{$_POST['uname']}");
die('{"code":"270","msg":"添加会员失败,请核实后再添加"}');
}
}
function m__edit()
{
global $dbm;
check_level("B0202");
$params = array();
foreach ($_POST as $k => $v) {
if (strpos($k, 'pass') > 0) {
} else {
$_POST[$k] = helper::sqlxss($v);
}
}
$fields['aname'] = isset($_POST['aname']) ? $_POST['aname'] : '';
$verify = verify::verify_uname($fields['aname']);
if ($verify != '') {
die('{"code":"1","msg":"' . $verify . '","id":"aname"}');
}
$_POST['apass'] = isset($_POST['apass']) ? $_POST['apass'] : '';
$_POST['re_pass'] = isset($_POST['re_pass']) ? $_POST['re_pass'] : '';
$fields['aname_true'] = isset($_POST['aname_true']) ? $_POST['aname_true'] : '';
$fields['aemail'] = isset($_POST['aemail']) ? $_POST['aemail'] : '';
$fields['aphone'] = isset($_POST['aphone']) ? $_POST['aphone'] : '';
$fields['group_id'] = isset($_POST['group_id']) ? intval($_POST['group_id']) : 0;
$_POST['admin_id'] = isset($_POST['admin_id']) ? intval($_POST['admin_id']) : 0;
if ($fields['group_id'] == 0) {
die('{"code":"1","msg":"请选择管理组","id":"group_id"}');
}
if ($_POST['admin_id'] > 0) {
if ($_POST['apass'] != '') {
$verify = verify::verify_upass($_POST['apass']);
if ($verify != '') {
die('{"code":"1","msg":"' . $verify . '","id":"apass"}');
}
if ($_POST['apass'] != $_POST['re_pass']) {
die('{"code":"1","msg":"两次密码输入不一致","id":"apass"}');
}
$fields['apass'] = helper::password_encrypt($_POST['apass']);
}
$where = " admin_id ='" . $_POST['admin_id'] . "'";
$rs = $dbm->single_update(TB_PREFIX . "admin_list", $fields, $where);
if ($rs['error'] == '') {
logs("编辑CMS账号资料成功:{$_POST['aname']}");
die('{"code":"0","msg":"编辑账号成功"}');
}
die('{"code":"1","msg":"编辑账号失败,请核实后再编辑"}');
} else {
// 添加账号
$verify = verify::verify_upass($_POST['apass']);
if ($verify != '') {
die('{"code":"1","msg":"' . $verify . '","id":"apass"}');
}
if ($_POST['apass'] != $_POST['re_pass']) {
die('{"code":"1","msg":"两次密码输入不一致","id":"apass"}');
}
$fields['apass'] = helper::password_encrypt($_POST['apass']);
$where = " aname='" . $_POST['aname'] . "'";
$a = $dbm->single_query(array('where' => $where, 'table_name' => TB_PREFIX . "admin_list"));
if (count($a['list']) > 0) {
die('{"code":"1","msg":"账号名不能重复","id":"aname"}');
}
$fields['reg_date'] = time();
$fields['astate'] = 0;
$rs = $dbm->single_insert(TB_PREFIX . "admin_list", $fields);
if ($rs['error'] == '') {
logs("添加账号成功:{$_POST['aname']}");
die('{"code":"0","msg":"添加账号成功"}');
}
die('{"code":"1","msg":"添加账号失败,请核实后再添加"}');
}
}
