function m__edit() { global $u_obj, $l_obj; //验证权限 check_level("B0201"); $post = $_POST; foreach ($post as $key => $val) { $post[$key] = trim(urldecode($val)); } if (empty($post['uname'])) { die('{"code":"100","msg":"用户不能为空"}'); } if ($post['group_id'] <= 0) { die('{"code":"100","msg":"请选择分组"}'); } if (!is_numeric($post['discount'])) { die('{"code":"100","msg":"折扣必须是数字"}'); } if ($post['discount'] > 10 || $post['discount'] < 0) { die('{"code":"100","msg":"折扣不合理,请重新填写"}'); } if ($post['user_id'] <= 0) { if (empty($post['upass']) || empty($post['reupass'])) { die('{"code":"100","msg":"密码不能为空"}'); } if ($post['upass'] != $post['reupass']) { die('{"code":"100","msg":"输入的密码不一致"}'); } unset($post['reupass']); //不需要重复验证的密码 //给密码加密 $post['upass'] = helper::password_encrypt($post['upass']); //判断是否重复 $where = ' where uname = "' . $post['uname'] . '"'; $group = $u_obj->get_all($where); if (!empty($group['list']) && count($group['list']) > 0) { die('{"code":"100","msg":"用户组名称不能重复"}'); } //添加 $res = $u_obj->insert($post); if ($res['state'] == 0) { $l_obj->insert("添加用户【{$post['uname']}】"); die('{"code":"0","msg":"添加用户组成功","uid":"' . $res['msg'] . '"}'); } die('{"code":"100","msg":"添加用户组失败"}'); } else { //编辑 if (empty($post['upass'])) { unset($post['upass']); } unset($post['reupass']); //不需要重复验证的密码 $res = $u_obj->update($post, $post['user_id']); if ($res['state'] == 0) { $l_obj->insert("更新用户【{$post['uname']}】"); die('{"code":"0","msg":"更新用户成功","uid":"' . $post['user_id'] . '"}'); } die('{"code":"100","msg":"编辑用户失败"}'); } }
function m__edit() { global $a_obj, $l_obj; //验证权限 check_level("B0502"); $post = $_POST; foreach ($post as $key => $val) { $post[$key] = trim(urldecode($val)); } if (empty($post['aname'])) { die('{"code":"100","msg":"用户名称不能为空"}'); } if ($post['group_id'] <= 0) { die('{"code":"100","msg":"请选择分组"}'); } if ($post['admin_id'] <= 0) { if (empty($post['apass']) || empty($post['reapass'])) { die('{"code":"100","msg":"密码不能为空"}'); } if ($post['apass'] != $post['reapass']) { die('{"code":"100","msg":"输入的密码不一致"}'); } unset($post['reupass']); //不需要重复验证的密码 //给密码加密 $post['apass'] = helper::password_encrypt($post['apass']); //判断是否重复 $where = ' where aname = "' . $post['aname'] . '"'; $admin = $a_obj->get_all($where); if (!empty($admin['list']) && count($admin['list']) > 0) { die('{"code":"100","msg":"用户名称不能重复"}'); } //添加 $res = $a_obj->insert($post); if ($res['state'] == 0) { $l_obj->insert("添加用户【{$post['aname']}】"); die('{"code":"0","msg":"添加管理用户成功","aid":"' . $res['msg'] . '"}'); } die('{"code":"100","msg":"添加用户失败"}'); } else { //编辑 if (empty($post['apass'])) { unset($post['apass']); } unset($post['reapass']); //不需要重复验证的密码 $res = $a_obj->update($post, $post['admin_id']); if ($res['state'] == 0) { $l_obj->insert("更新用户【{$post['aname']}】"); die('{"code":"0","msg":"更新管理用户成功","aid":"' . $post['admin_id'] . '"}'); } die('{"code":"100","msg":"编辑管理用户失败"}'); } }
function m__login() { global $dbm; $_POST = helper::sqlxss($_POST); $_POST['uname'] = isset($_POST['uname']) ? $_POST['uname'] : ''; $verify = verify::verify_length($_POST['uname'], 1, 20); if ($verify != '') { die('{"code":"1","msg":"账号' . $verify . '","id":"uname"}'); } $_POST['upass'] = isset($_POST['upass']) ? $_POST['upass'] : ''; $verify = verify::verify_upass($_POST['upass']); if ($verify != '') { die('{"code":"1","msg":"' . $verify . '","id":"uname","id":"upass"}'); } $_POST['code'] = isset($_POST['code']) ? $_POST['code'] : ''; $_POST['safecode'] = isset($_POST['safecode']) ? $_POST['safecode'] : ''; if ($_POST['safecode'] != SAFE_CODE) { die('{"code":"1","msg":"安全码错误","id":"safecode"}'); } if ($_SESSION['login'] != md5(strtoupper($_POST['code']))) { die('{"code":"1","msg":"验证码错误","id":"code"}'); } $sql = "select a.*,b.g_urank,b.g_name from " . TB_PREFIX . "admin_list a left join " . TB_PREFIX . "admin_group b on a.group_id=b.group_id where aname='" . $_POST['uname'] . "' limit 1"; $rs = $dbm->query($sql); //print_r($rs); if (count($rs['list']) == 0) { die('{"code":"1","msg":"账号不存在","id":"uname"}'); } if ($rs['list'][0]['apass'] != helper::password_encrypt($_POST['upass'])) { die('{"code":"1","msg":"密码错误","id":"upass"}'); } if ($rs['list'][0]['astate'] != 0) { die('{"code":"1","msg":"账号异常","id":"uname"}'); } // 登陆成功 $_SESSION['admin']["admin_id"] = $rs['list'][0]['admin_id']; $_SESSION['admin']["aname"] = $rs['list'][0]['aname']; $_SESSION['admin']["aname_true"] = $rs['list'][0]['aname_true']; $_SESSION['admin']["group_id"] = $rs['list'][0]['group_id']; $_SESSION['admin']['group_level'] = $rs['list'][0]['g_urank']; $_SESSION['admin']['gname'] = $rs['list'][0]['g_name']; $_SESSION['admin']["alevel"] = $_SESSION['admin']['group_level'] . ',|,' . $rs['list'][0]['alevel']; logs($_SESSION['admin']["aname"] . "登陆成功"); die('{"code":"0","msg":"登录成功"}'); }
function m__login() { global $a_obj, $l_obj; $post = $_POST; if (empty($post['aname'])) { die('{"code":"100","msg":"用户名不能为空"}'); } if (empty($post['apass'])) { die('{"code":"100","msg":"密码不能为空"}'); } //验证码验证 $code = md5(strtoupper($post['code'])); if ($code != $_SESSION['login']) { die('{"code":"140","msg":"验证码错误"}'); } // 判断安全码是否正确 //if ($post['safecode'] != SAFE_CODE) die('{"code":"150","msg":"安全码错误"}'); $where = " where aname = '" . urldecode($post['aname']) . "'"; $admin = $a_obj->get_all($where); if (empty($admin['list'])) { die('{"code":"100","msg":"用户不存在"}'); } $admin = $admin['list'][0]; $post['apass'] = helper::password_encrypt($post['apass']); if ($post['apass'] != $admin['apass']) { die('{"code":"110","msg":"用户信息有误"}'); } if ($admin['astate'] != 0) { die('{"code":"180","msg":"该账号异常"}'); } $_SESSION['admin']["admin_id"] = $admin['admin_id']; $_SESSION['admin']["aname"] = $admin['aname']; $_SESSION['admin']["aname_true"] = $admin['aname_true']; $_SESSION['admin']["alevel"] = $admin['alevel']; $_SESSION['admin']["avator"] = ''; //$admin['avator']; $_SESSION['admin']["g_id"] = '1'; //$admin['group_id']; $_SESSION['admin']["g_level"] = '100'; //$admin['g_urank']; //添加记录 $l_obj->insert("登陆成功"); die('{"code":"0","msg":"登录成功"}'); }
function m__pass_verify() { global $dbm; $sql = "select * from " . TB_PREFIX . "admin_list where admin_id='{$_SESSION['admin']['admin_id']}'"; $rs = $dbm->query($sql); //print_r($rs); $pwd_str = '000000,111111,11111111,112233,123123,123321,123456,12345678,654321,666666,888888,abcdef,abcabc,abc123,a1b2c3,aaa111,123qwe,qwerty,qweasd,admin,password,p@ssword,passwd,iloveyou,5201314,asdfghjkl'; $pwd = explode(',', $pwd_str); foreach ($pwd as $k => $v) { $pwd[$k] = helper::password_encrypt($v); } if (count($rs['list']) == 1) { $a = $rs['list'][0]; if (in_array($a['apass'], $pwd)) { die('{"code":"1","msg":"弱密码安全提示:您现在的密码过于简单!容易被人猜到,请更改!!!"}'); } } die('{"code":"0","msg":"密码安全"}'); }
require_once ROOT_PATH . "/core/urlrewrite.class.php"; //URL重写 require_once ROOT_PATH . "/core/vars.class.php"; //词组变量 require_once ROOT_PATH . "/core/function.php"; //前后台公用方法 require_once ROOT_PATH . "/core/common.class.php"; //前后台公用类 require_once ROOT_PATH . "/core/class.smtp.php"; //前后台公用类 require_once ROOT_PATH . "/core/class.phpmailer.php"; //前后台公用类 setcookie("hashtoken", helper::password_encrypt(CSRF_TOKEN), time() + 1200); $hashtoken = isset($_POST['hashtoken']) ? $_POST['hashtoken'] : ''; if ($hashtoken != '') { if ($hashtoken != helper::password_encrypt(CSRF_TOKEN)) { die('{"code":1,"msg":"非法请求,请刷新页面或者重新登录"}'); } } function ob_gzip($content) { if (!headers_sent() && extension_loaded("zlib") && strstr($_SERVER["HTTP_ACCEPT_ENCODING"], "gzip")) { $content = gzencode($content, 9); //用zlib提供的gzencode()函数执行级别为9的压缩,这个参数值范围是0-9,0表示无压缩,9表示最大压缩,当然压缩程度越高越费CPU。 // 然后用header()函数给浏览器发送一些头部信息,告诉浏览器这个页面已经用GZIP压缩过了! header("Content-Encoding: gzip"); header("Vary: Accept-Encoding"); header("Content-Length: " . strlen($content)); } return $content; //返回压缩的内容,或者说把压缩好的饼干送回工作台。
@unlink(dirname(__FILE__) . '/../cache/' . $host . '_' . CACHE_PREFIX . 'categories'); } if (file_exists(dirname(__FILE__) . '/../cache/' . $host . '_' . CACHE_PREFIX . 'externs')) { @unlink(dirname(__FILE__) . '/../cache/' . $host . '_' . CACHE_PREFIX . 'externs'); } include_once dirname(__FILE__) . '/templates/step' . $step . '.php'; break; case 10: // 测试数据库是否能连接{"host":host,"dbuname":dbuname,"dbpass":dbpass,"dbprefix":dbprefix,"dbcharset":dbcharset,} $host = isset($_GET['host']) && $_GET['host'] != '' ? trim($_GET['host']) : '127.0.0.1'; $dbuname = isset($_GET['dbuname']) && $_GET['dbuname'] != '' ? trim($_GET['dbuname']) : 'root'; $dbpass = isset($_GET['dbpass']) && $_GET['dbpass'] != '' ? trim($_GET['dbpass']) : ''; $dbname = isset($_GET['dbname']) && $_GET['dbname'] != '' ? trim($_GET['dbname']) : 'mcms'; $dbprefix = isset($_GET['dbprefix']) && $_GET['dbprefix'] != '' ? trim($_GET['dbprefix']) : 'mcms_'; $aduname = isset($_GET['aduname']) && $_GET['aduname'] != '' ? trim($_GET['aduname']) : 'admin'; $adpass = isset($_GET['adpass']) && $_GET['adpass'] != '' ? helper::password_encrypt(trim($_GET['adpass'])) : helper::password_encrypt(''); //后台加密方式 // 此处不必做空值判断 if (!@mysql_connect($host, $dbuname, $dbpass)) { die('{"code":"1","msg":"不能连接数据库' . $dbuname . '"}'); } //不能连接数据库 if (!@mysql_select_db($dbname)) { if (!@mysql_query("CREATE DATABASE " . $dbname . " ")) { die('{"code":"2","msg":"不能创建数据库"}'); } //不能创建数据库 } else { //die('{"code":"3","msg":"数据库已经存在如果安装就请换一个名字"}'); //数据库已经存在如果安装就请换一个名字 } if (strlen($_GET['adpass']) < 5) {
function m__qqbind() { global $dbm; $params = array(); if (isset($_SESSION['uid']) || isset($_SESSION['uname'])) { act_msg('index.php', "你已经登陆了"); } if (isset($_SESSION['qq']['openid']) && isset($_GET['act']) && $_GET['act'] == 'bind') { $_SESSION['qq']['nickname'] = isset($_SESSION['qq']['nickname']) ? helper::escape($_SESSION['qq']['nickname']) : ''; //判断用户名是否存在 $params['uname'] = checkuser($_SESSION['qq']['nickname'], $_SESSION['qq']['nickname']); $params['upass'] = helper::password_encrypt(substr(uniqid(rand()), -6)); $params['reg_date'] = time(); $params['reg_ip'] = helper::getip(); $params['qqid'] = helper::escape($_SESSION['qq']['openid']); $res = $dbm->single_insert(TB_PREFIX . "user_list", $params); //清除QQ登录记录 unset($_SESSION['qq']); if (empty($res['error']) && $res['autoid'] > 0) { $_SESSION['uid'] = $res['autoid']; $_SESSION['uname'] = $params['uname']; //清除QQ登录记录 act_msg("index.php?tpl=ucenter", "登录成功!"); } else { act_msg("index.php?tpl=index", "登录失败!"); } } //act_msg('index.php?tpl=index', "请登陆QQ再绑定用户"); }
/** * 获取编辑或添加会员 */ function m__edit() { global $dbm; check_level("E0102"); $params = array(); foreach ($_POST as $k => $v) { $_POST[$k] = helper::escape($v, 1); } if (!is_numeric($_POST['user_id'])) { die('{"code":"210","msg":"会员UID必须是数字"}'); } // 验证会员信息是否合法 if (empty($_POST['uname'])) { die('{"code":"210","msg":"会员名不能为空"}'); } $rules = "/\\w+([-+.']\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*/"; if (trim($_POST['uemail']) != '' && !preg_match($rules, $_POST['uemail'])) { die('{"code":"270","msg":"请正确填写邮箱格式!"}'); } //if (!preg_match('~^[A-Za-z][A-Za-z]*[a-z0-9_]*$~', $_POST['uname'])) die('{"code":"230","msg":"会员名必须以字母开头,只允许字母、数字、下划线"}'); $params['uname'] = $_POST['uname']; $params['uemail'] = trim($_POST['uemail']); $params['uphone'] = isset($_POST['uphone']) && trim($_POST['uphone']) != '' ? trim($_POST['uphone']) : ''; $params['uqq'] = isset($_POST['uqq']) && trim($_POST['uqq']) != '' ? trim($_POST['uqq']) : ''; $params['gender'] = intval($_POST['gender']); $params['reg_ip'] = helper::getip(); $params['reg_date'] = time(); $params['ustate'] = isset($_POST['ustate']) ? intval($_POST['ustate']) : 0; $params['upoint'] = intval($_POST['upoint']); if (intval($_POST['user_id']) > 0) { if (isset($_POST['upass']) && $_POST['upass'] != '') { if (strlen($_POST['upass']) < 5 || strlen($_POST['upass']) > 20) { die('{"code":"280","msg":"密码不符合要求,必须5到20字符"}'); } if ($_POST['upass'] != $_POST['re_pass']) { die('{"code":"270","msg":"两次密码不一致"}'); } $params['upass'] = helper::password_encrypt($_POST['upass']); } $where = " user_id ='" . $_POST['user_id'] . "'"; $res = $dbm->single_update(TB_PREFIX . "user_list", $params, $where); if (empty($res['error'])) { logs("账号编辑成功,账号ID为:{$_POST['user_id']}"); die('{"code":"0","msg":"操作成功"}'); } logs("编辑账号失败,请核实后再添加,账号ID为:{$_POST['user_id']}"); die('{"code":"280","msg":"编辑账号失败,请核实后再添加"}'); } else { // 添加会员 $where = " uname='" . $_POST['uname'] . "'"; $a = $dbm->single_query(array('where' => $where, 'table_name' => TB_PREFIX . "user_list")); if (count($a['list']) > 0) { die('{"code":"260","msg":"会员名不能重复"}'); } if (empty($_POST['upass'])) { die('{"code":"220","msg":"密码不能为空"}'); } if (strlen($_POST['upass']) < 5) { die('{"code":"240","msg":"密码过于简单,必须5到20字符"}'); } if (strlen($_POST['upass']) > 20) { die('{"code":"250","msg":"密码超出限定的20字符长度,"}'); } if ($_POST['upass'] != $_POST['re_pass']) { die('{"code":"270","msg":"两次密码不一致"}'); } $params['upass'] = helper::password_encrypt($_POST['upass']); $res = $dbm->single_insert(TB_PREFIX . "user_list", $params); if ($res['autoid'] > 0) { logs("添加会员成功,会员ID为:{$_POST['uname']}"); die('{"code":"0","msg":"添加会员成功"}'); } logs("添加会员失败,请核实后再添加,会员ID为:{$_POST['uname']}"); die('{"code":"270","msg":"添加会员失败,请核实后再添加"}'); } }
function m__edit() { global $dbm; check_level("B0202"); $params = array(); foreach ($_POST as $k => $v) { if (strpos($k, 'pass') > 0) { } else { $_POST[$k] = helper::sqlxss($v); } } $fields['aname'] = isset($_POST['aname']) ? $_POST['aname'] : ''; $verify = verify::verify_uname($fields['aname']); if ($verify != '') { die('{"code":"1","msg":"' . $verify . '","id":"aname"}'); } $_POST['apass'] = isset($_POST['apass']) ? $_POST['apass'] : ''; $_POST['re_pass'] = isset($_POST['re_pass']) ? $_POST['re_pass'] : ''; $fields['aname_true'] = isset($_POST['aname_true']) ? $_POST['aname_true'] : ''; $fields['aemail'] = isset($_POST['aemail']) ? $_POST['aemail'] : ''; $fields['aphone'] = isset($_POST['aphone']) ? $_POST['aphone'] : ''; $fields['group_id'] = isset($_POST['group_id']) ? intval($_POST['group_id']) : 0; $_POST['admin_id'] = isset($_POST['admin_id']) ? intval($_POST['admin_id']) : 0; if ($fields['group_id'] == 0) { die('{"code":"1","msg":"请选择管理组","id":"group_id"}'); } if ($_POST['admin_id'] > 0) { if ($_POST['apass'] != '') { $verify = verify::verify_upass($_POST['apass']); if ($verify != '') { die('{"code":"1","msg":"' . $verify . '","id":"apass"}'); } if ($_POST['apass'] != $_POST['re_pass']) { die('{"code":"1","msg":"两次密码输入不一致","id":"apass"}'); } $fields['apass'] = helper::password_encrypt($_POST['apass']); } $where = " admin_id ='" . $_POST['admin_id'] . "'"; $rs = $dbm->single_update(TB_PREFIX . "admin_list", $fields, $where); if ($rs['error'] == '') { logs("编辑CMS账号资料成功:{$_POST['aname']}"); die('{"code":"0","msg":"编辑账号成功"}'); } die('{"code":"1","msg":"编辑账号失败,请核实后再编辑"}'); } else { // 添加账号 $verify = verify::verify_upass($_POST['apass']); if ($verify != '') { die('{"code":"1","msg":"' . $verify . '","id":"apass"}'); } if ($_POST['apass'] != $_POST['re_pass']) { die('{"code":"1","msg":"两次密码输入不一致","id":"apass"}'); } $fields['apass'] = helper::password_encrypt($_POST['apass']); $where = " aname='" . $_POST['aname'] . "'"; $a = $dbm->single_query(array('where' => $where, 'table_name' => TB_PREFIX . "admin_list")); if (count($a['list']) > 0) { die('{"code":"1","msg":"账号名不能重复","id":"aname"}'); } $fields['reg_date'] = time(); $fields['astate'] = 0; $rs = $dbm->single_insert(TB_PREFIX . "admin_list", $fields); if ($rs['error'] == '') { logs("添加账号成功:{$_POST['aname']}"); die('{"code":"0","msg":"添加账号成功"}'); } die('{"code":"1","msg":"添加账号失败,请核实后再添加"}'); } }