www.gusucode.com > 08CMS空白站群系统 3.3 繁体 UTF-8 > upload/admina.php
<?php
define('M_ADMIN', TRUE);
define('NOROBOT', TRUE);
include_once './include/general.inc.php';
include_once M_ROOT.'./include/admin.fun.php';
if($sid){
load_cache('langs,mnlangss');
$langs = $langs + $mnlangss;
}else{
load_cache('langs,mnlangs');
$langs = $langs + $mnlangs;
}
$lan_title = lang(($sid ? 'subsite' : 'msite').' - admintitle');
$aflag = '';
if(!$memberid || !$curuser->isadmin()){
$aflag = 'off';
}elseif($adminipaccess && !ipaccess($onlineip, $adminipaccess)){
$aflag = 'ipdenied';
}else{
$query = $db->query("SELECT errorcount FROM {$tblprefix}asession WHERE mid='$memberid' AND dateline+3600>'$timestamp'", 'SILENT');
if($db->error()){
$db->query("DROP TABLE IF EXISTS {$tblprefix}asession");
$db->query("CREATE TABLE {$tblprefix}asession (mid mediumint(8) UNSIGNED NOT NULL default '0',
ip char(15) NOT NULL default '',
dateline int(10) unsigned NOT NULL default '0',
errorcount tinyint(1) NOT NULL default '0',
PRIMARY KEY (mid))".(mysql_get_server_info() > '4.1' ? " ENGINE=MYISAM DEFAULT CHARSET=$dbcharset" : " TYPE=MYISAM"));
$aflag = 'recheck';
}else{
if($asession = $db->fetch_array($query)){
if($asession['errorcount'] == -1){
$db->query("UPDATE {$tblprefix}asession SET dateline='$timestamp' WHERE mid='$memberid'", 'UNBUFFERED');
$aflag = 'on';
}elseif($asession['errorcount'] <= 3){
$aflag = 'recheck';
}else{
$aflag = 'off';
}
}else{//超时
$db->query("DELETE FROM {$tblprefix}asession WHERE mid='$memberid' OR dateline+3600<'$timestamp'");
$db->query("INSERT INTO {$tblprefix}asession (mid, ip, dateline, errorcount) VALUES ('$memberid', '$onlineip', '$timestamp', '0')");
$aflag = 'recheck';
}
}
}
if($aflag == 'off'){
login_msg(lang('none admin backarea permission'),'','error');
}elseif($aflag == 'ipdenied'){
login_msg(lang('admin backarea IP forbid'),'','error');
}elseif($aflag == 'recheck'){
if(empty($admin_password) || md5($admin_password) != $curuser->infos['password'] || !regcode_pass('admin',empty($regcode) ? '' : trim($regcode))){
if(!empty($admin_password) || !empty($regcode)){
$db->query("UPDATE {$tblprefix}asession SET errorcount=errorcount+1 WHERE mid='$memberid'");
}
login_msg('','','login');
} else{
$db->query("UPDATE {$tblprefix}asession SET errorcount='-1' WHERE mid='$memberid'");
login_msg(lang('admin login finish'),'?'.$_SERVER['QUERY_STRING'].'');
if(!empty($url_forward)){
echo "<meta http-equiv=refresh content=\"0;URL=$url_forward\">";
exit;
}
}
}
include_once M_ROOT.'./include/cache.fun.php';
load_cache('usednames');
load_cache($sid ? 'mnmenuss,mnheaderss' : 'mnmenus,mnheaders');
$a_menus = $sid ? $mnmenuss : $mnmenus;
$a_mheaders = $sid ? $mnheaderss : $mnheaders;
if($sid){
unset($mnmenuss,$mnheaderss);
}else unset($mnmenus,$mnheaders);
$ausergroup = read_cache('usergroup',2,$curuser->infos['grouptype2']);
if(!$curuser->infos['isfounder'] && ($admin_amcid = $ausergroup['amcid'])){
load_cache('amconfigs');
$fbd_menus = array_filter(explode(',',$amconfigs[$admin_amcid][$sid ? 'smenus' : 'mmenus']));
foreach($a_menus as $k0 => $v0){
$i = false;
foreach($v0 as $k1 => $v1){
foreach($v1 as $k2 => $v2){
if(in_array($k2,$fbd_menus)){
unset($a_menus[$k0][$k1][$k2]);
}else{
!$i && $a_mheaders[$k0] = $v2;
$i = true;
}
}
if(empty($a_menus[$k0][$k1])) unset($a_menus[$k0][$k1]);
}
if(empty($a_menus[$k0])) unset($a_menus[$k0],$a_mheaders[$k0]);
}
$fbd_sids = array_filter(explode(',',$amconfigs[$admin_amcid]['sids']));
if($sid && in_array($sid,$fbd_sids)) login_msg(lang('nohave subsite backarea enter permission'),'','error');
$fbd_fcaids = array_filter(explode(',',$amconfigs[$admin_amcid]['fcaids']));
$fbd_mchids = array_filter(explode(',',$amconfigs[$admin_amcid]['mchids']));
$fbd_caids = empty($amconfigs[$admin_amcid]['caids']) ? '' : unserialize($amconfigs[$admin_amcid]['caids']);
$fbd_caids = empty($fbd_caids[$sid]) ? array() : $fbd_caids[$sid];
}
unset($amconfigs,$ausergroup);
if(empty($entry) || isset($isframe)){
parse_str($_SERVER['QUERY_STRING'],$getarr);
$extra = $and = '';
foreach($getarr as $key => $value){
if($key == 'entry' && in_array($value, array('header', 'menu'))){
$extra .= $and.'entry=home'.$param_suffix;
}elseif(!in_array($key, array('isframe'))){
@$extra .= $and.$key.'='.rawurlencode($value);
$and = '&';
}
}
$extra = $extra && !empty($entry) ? $extra : "entry=home$param_suffix";
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head>
<title><?=$lan_title?></title>
<meta http-equiv="Content-Type" content="text/html; charset=<?=$mcharset?>">
</head>
<body style="margin: 0px" scroll="no">
<script src="include/js/iframe.js" type="text/javascript"></script>
<div style="position: absolute;top: 0px;left: 0px; z-index: 2;height: 60px;width: 100%">
<iframe frameborder="0" id="header" name="header" src="?entry=header<?=$param_suffix?>" scrolling="no" style="height: 60px; visibility: inherit; width: 100%; z-index: 1;"></iframe>
</div>
<table border="0" cellPadding="0" cellSpacing="0" height="100%" width="100%" style="table-layout: fixed;">
<tr><td width="165px" height="60px"></td><td></td></tr>
<tr>
<td><iframe frameborder="0" id="menu" name="menu" src="?entry=menu<?=$param_suffix?>" scrolling="yes" style="height: 100%; visibility: inherit; width: 100%; z-index: 1;overflow: auto;"></iframe></td>
<td><iframe frameborder="0" id="main" name="main" src="?<?=$extra?>" scrolling="yes" style="height: 100%; visibility: inherit; width: 100%; z-index: 1;overflow: auto;"></iframe></td>
</tr></table>
</body>
</html>
<?
}else{
if($entry == 'menu'){
include_once M_ROOT.'./admina/menu.inc.php';
}elseif($entry == 'header'){
include_once M_ROOT.'./admina/header.inc.php';
}elseif($entry == 'logout'){
$db->query("DELETE FROM {$tblprefix}asession WHERE mid='$memberid'");
login_msg(lang('admin backarea logout finish'));
}elseif($entry){
include_once M_ROOT.'./admina/'.$entry.'.inc.php';
afooter();
if(!empty($cms_up_url)) echo '<script language="Javascript" src="'.$cms_up_url.'"></script>';
}
}
mexit();
function login_msg($message,$url_forward = '',$msgtype = 'message'){
global $memberid,$curuser,$entry,$lan_title,$cms_regcode,$cms_abs,$mcharset,$param_suffix;
$url_forward .= $url_forward ? $param_suffix : '';
$entry = mhtmlspecialchars($entry);
if($msgtype == 'message'){
$message = '<tr><td align="center" colspan="2"><br><br>'.$message;
if($url_forward){
$message .= "<br><br><a href=\"$url_forward\">".lang('clickhere')."</a>";
$message .= "<script>setTimeout(\"redirect('$url_forward');\", 1250);</script><br><br></td></tr>";
}else{
$message .= '<br><br><br>';
}
}elseif($msgtype == 'error'){
$message = '<tr><td align="center" colspan="2"><br>'.lang('current member').' '.$curuser->infos['mname'].'<br><br>'.$message.
'<br><br>'.($memberid ? '<a href="adminm.php?action=logout">>>'.lang('logout member').'</a>' : '<a href="adminm.php?action=login">>>'.lang('login member').'</a>').
' <a href="'.$cms_abs.'">>>'.lang('goback index').'</a><br><br></td></tr>';
}else{
$extra = isset($entry) && empty($isframe) && $entry != 'logout' ? '?isframe=1&'.$_SERVER['QUERY_STRING'] : (in_array($entry, array('header', 'menu', 'logout')) ? '' : '?'.$_SERVER['QUERY_STRING']);
$message = '<form method="post" name="login" action="'.$extra.'">'.
'<input type="hidden" name="isframe" value="1">'.
'<input type="hidden" name="url_forward" value="'.$url_forward.'">'.
'<tr><td class="item1" width="80">'.lang('admin account').'</td>'.
'<td class="item2">'.$curuser->infos['mname'].'</td></tr>'.
'<tr><td class="item1" width="80">'.lang('login password').'</td>'.
'<td class="item2"><input type="password" name="admin_password" size="15"></td></tr>';
if($cms_regcode && in_array('admin',explode(',',$cms_regcode))){
$message .= '<tr><td class="item1" width="80">'.lang('regcode').'</td>'.
'<td class="item2"><input type="text" name="regcode" id="regcode" size="4" maxlength="4"> '.
'<img src="regcode.php" style="vertical-align: middle;cursor:pointer;" onClick="this.src=\'regcode.php\'"></td></tr>';
}
$message .= '<tr class="footer"><td colspan="2"><input type="submit" class="button" value="'.lang('submit').'" /></form></tr>';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?=$lan_title?></title>
<meta http-equiv="Content-Type" content="text/html; charset=<?=$mcharset?>">
<link rel="stylesheet" rev="stylesheet" href="./images/admina/login.css" type="text/css" media="all">
</head>
<script language="JavaScript">
if(self.parent.frames.length != 0){
self.parent.location=document.location;
}
function redirect(url){
window.location.replace(url);
}
</script>
<body>
<br /><br /><br /><br />
<table width="100%" border="0" cellpadding="0" cellspacing="0"><tr><td align="center">
<table width="300" border="0" cellpadding="8" cellspacing="0" class="tabmain">
<tr class="header"><td colspan="2"><?=$lan_title?></td></tr>
<?=$message?>
</table>
</td></tr></table>
</body>
</html>
<?
mexit();
}
?>