www.gusucode.com > 08CMS空白站群系统 3.3 繁体 UTF-8 > upload/admina.php
<?php define('M_ADMIN', TRUE); define('NOROBOT', TRUE); include_once './include/general.inc.php'; include_once M_ROOT.'./include/admin.fun.php'; if($sid){ load_cache('langs,mnlangss'); $langs = $langs + $mnlangss; }else{ load_cache('langs,mnlangs'); $langs = $langs + $mnlangs; } $lan_title = lang(($sid ? 'subsite' : 'msite').' - admintitle'); $aflag = ''; if(!$memberid || !$curuser->isadmin()){ $aflag = 'off'; }elseif($adminipaccess && !ipaccess($onlineip, $adminipaccess)){ $aflag = 'ipdenied'; }else{ $query = $db->query("SELECT errorcount FROM {$tblprefix}asession WHERE mid='$memberid' AND dateline+3600>'$timestamp'", 'SILENT'); if($db->error()){ $db->query("DROP TABLE IF EXISTS {$tblprefix}asession"); $db->query("CREATE TABLE {$tblprefix}asession (mid mediumint(8) UNSIGNED NOT NULL default '0', ip char(15) NOT NULL default '', dateline int(10) unsigned NOT NULL default '0', errorcount tinyint(1) NOT NULL default '0', PRIMARY KEY (mid))".(mysql_get_server_info() > '4.1' ? " ENGINE=MYISAM DEFAULT CHARSET=$dbcharset" : " TYPE=MYISAM")); $aflag = 'recheck'; }else{ if($asession = $db->fetch_array($query)){ if($asession['errorcount'] == -1){ $db->query("UPDATE {$tblprefix}asession SET dateline='$timestamp' WHERE mid='$memberid'", 'UNBUFFERED'); $aflag = 'on'; }elseif($asession['errorcount'] <= 3){ $aflag = 'recheck'; }else{ $aflag = 'off'; } }else{//超时 $db->query("DELETE FROM {$tblprefix}asession WHERE mid='$memberid' OR dateline+3600<'$timestamp'"); $db->query("INSERT INTO {$tblprefix}asession (mid, ip, dateline, errorcount) VALUES ('$memberid', '$onlineip', '$timestamp', '0')"); $aflag = 'recheck'; } } } if($aflag == 'off'){ login_msg(lang('none admin backarea permission'),'','error'); }elseif($aflag == 'ipdenied'){ login_msg(lang('admin backarea IP forbid'),'','error'); }elseif($aflag == 'recheck'){ if(empty($admin_password) || md5($admin_password) != $curuser->infos['password'] || !regcode_pass('admin',empty($regcode) ? '' : trim($regcode))){ if(!empty($admin_password) || !empty($regcode)){ $db->query("UPDATE {$tblprefix}asession SET errorcount=errorcount+1 WHERE mid='$memberid'"); } login_msg('','','login'); } else{ $db->query("UPDATE {$tblprefix}asession SET errorcount='-1' WHERE mid='$memberid'"); login_msg(lang('admin login finish'),'?'.$_SERVER['QUERY_STRING'].''); if(!empty($url_forward)){ echo "<meta http-equiv=refresh content=\"0;URL=$url_forward\">"; exit; } } } include_once M_ROOT.'./include/cache.fun.php'; load_cache('usednames'); load_cache($sid ? 'mnmenuss,mnheaderss' : 'mnmenus,mnheaders'); $a_menus = $sid ? $mnmenuss : $mnmenus; $a_mheaders = $sid ? $mnheaderss : $mnheaders; if($sid){ unset($mnmenuss,$mnheaderss); }else unset($mnmenus,$mnheaders); $ausergroup = read_cache('usergroup',2,$curuser->infos['grouptype2']); if(!$curuser->infos['isfounder'] && ($admin_amcid = $ausergroup['amcid'])){ load_cache('amconfigs'); $fbd_menus = array_filter(explode(',',$amconfigs[$admin_amcid][$sid ? 'smenus' : 'mmenus'])); foreach($a_menus as $k0 => $v0){ $i = false; foreach($v0 as $k1 => $v1){ foreach($v1 as $k2 => $v2){ if(in_array($k2,$fbd_menus)){ unset($a_menus[$k0][$k1][$k2]); }else{ !$i && $a_mheaders[$k0] = $v2; $i = true; } } if(empty($a_menus[$k0][$k1])) unset($a_menus[$k0][$k1]); } if(empty($a_menus[$k0])) unset($a_menus[$k0],$a_mheaders[$k0]); } $fbd_sids = array_filter(explode(',',$amconfigs[$admin_amcid]['sids'])); if($sid && in_array($sid,$fbd_sids)) login_msg(lang('nohave subsite backarea enter permission'),'','error'); $fbd_fcaids = array_filter(explode(',',$amconfigs[$admin_amcid]['fcaids'])); $fbd_mchids = array_filter(explode(',',$amconfigs[$admin_amcid]['mchids'])); $fbd_caids = empty($amconfigs[$admin_amcid]['caids']) ? '' : unserialize($amconfigs[$admin_amcid]['caids']); $fbd_caids = empty($fbd_caids[$sid]) ? array() : $fbd_caids[$sid]; } unset($amconfigs,$ausergroup); if(empty($entry) || isset($isframe)){ parse_str($_SERVER['QUERY_STRING'],$getarr); $extra = $and = ''; foreach($getarr as $key => $value){ if($key == 'entry' && in_array($value, array('header', 'menu'))){ $extra .= $and.'entry=home'.$param_suffix; }elseif(!in_array($key, array('isframe'))){ @$extra .= $and.$key.'='.rawurlencode($value); $and = '&'; } } $extra = $extra && !empty($entry) ? $extra : "entry=home$param_suffix"; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html><head> <title><?=$lan_title?></title> <meta http-equiv="Content-Type" content="text/html; charset=<?=$mcharset?>"> </head> <body style="margin: 0px" scroll="no"> <script src="include/js/iframe.js" type="text/javascript"></script> <div style="position: absolute;top: 0px;left: 0px; z-index: 2;height: 60px;width: 100%"> <iframe frameborder="0" id="header" name="header" src="?entry=header<?=$param_suffix?>" scrolling="no" style="height: 60px; visibility: inherit; width: 100%; z-index: 1;"></iframe> </div> <table border="0" cellPadding="0" cellSpacing="0" height="100%" width="100%" style="table-layout: fixed;"> <tr><td width="165px" height="60px"></td><td></td></tr> <tr> <td><iframe frameborder="0" id="menu" name="menu" src="?entry=menu<?=$param_suffix?>" scrolling="yes" style="height: 100%; visibility: inherit; width: 100%; z-index: 1;overflow: auto;"></iframe></td> <td><iframe frameborder="0" id="main" name="main" src="?<?=$extra?>" scrolling="yes" style="height: 100%; visibility: inherit; width: 100%; z-index: 1;overflow: auto;"></iframe></td> </tr></table> </body> </html> <? }else{ if($entry == 'menu'){ include_once M_ROOT.'./admina/menu.inc.php'; }elseif($entry == 'header'){ include_once M_ROOT.'./admina/header.inc.php'; }elseif($entry == 'logout'){ $db->query("DELETE FROM {$tblprefix}asession WHERE mid='$memberid'"); login_msg(lang('admin backarea logout finish')); }elseif($entry){ include_once M_ROOT.'./admina/'.$entry.'.inc.php'; afooter(); if(!empty($cms_up_url)) echo '<script language="Javascript" src="'.$cms_up_url.'"></script>'; } } mexit(); function login_msg($message,$url_forward = '',$msgtype = 'message'){ global $memberid,$curuser,$entry,$lan_title,$cms_regcode,$cms_abs,$mcharset,$param_suffix; $url_forward .= $url_forward ? $param_suffix : ''; $entry = mhtmlspecialchars($entry); if($msgtype == 'message'){ $message = '<tr><td align="center" colspan="2"><br><br>'.$message; if($url_forward){ $message .= "<br><br><a href=\"$url_forward\">".lang('clickhere')."</a>"; $message .= "<script>setTimeout(\"redirect('$url_forward');\", 1250);</script><br><br></td></tr>"; }else{ $message .= '<br><br><br>'; } }elseif($msgtype == 'error'){ $message = '<tr><td align="center" colspan="2"><br>'.lang('current member').' '.$curuser->infos['mname'].'<br><br>'.$message. '<br><br>'.($memberid ? '<a href="adminm.php?action=logout">>>'.lang('logout member').'</a>' : '<a href="adminm.php?action=login">>>'.lang('login member').'</a>'). ' <a href="'.$cms_abs.'">>>'.lang('goback index').'</a><br><br></td></tr>'; }else{ $extra = isset($entry) && empty($isframe) && $entry != 'logout' ? '?isframe=1&'.$_SERVER['QUERY_STRING'] : (in_array($entry, array('header', 'menu', 'logout')) ? '' : '?'.$_SERVER['QUERY_STRING']); $message = '<form method="post" name="login" action="'.$extra.'">'. '<input type="hidden" name="isframe" value="1">'. '<input type="hidden" name="url_forward" value="'.$url_forward.'">'. '<tr><td class="item1" width="80">'.lang('admin account').'</td>'. '<td class="item2">'.$curuser->infos['mname'].'</td></tr>'. '<tr><td class="item1" width="80">'.lang('login password').'</td>'. '<td class="item2"><input type="password" name="admin_password" size="15"></td></tr>'; if($cms_regcode && in_array('admin',explode(',',$cms_regcode))){ $message .= '<tr><td class="item1" width="80">'.lang('regcode').'</td>'. '<td class="item2"><input type="text" name="regcode" id="regcode" size="4" maxlength="4"> '. '<img src="regcode.php" style="vertical-align: middle;cursor:pointer;" onClick="this.src=\'regcode.php\'"></td></tr>'; } $message .= '<tr class="footer"><td colspan="2"><input type="submit" class="button" value="'.lang('submit').'" /></form></tr>'; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?=$lan_title?></title> <meta http-equiv="Content-Type" content="text/html; charset=<?=$mcharset?>"> <link rel="stylesheet" rev="stylesheet" href="./images/admina/login.css" type="text/css" media="all"> </head> <script language="JavaScript"> if(self.parent.frames.length != 0){ self.parent.location=document.location; } function redirect(url){ window.location.replace(url); } </script> <body> <br /><br /><br /><br /> <table width="100%" border="0" cellpadding="0" cellspacing="0"><tr><td align="center"> <table width="300" border="0" cellpadding="8" cellspacing="0" class="tabmain"> <tr class="header"><td colspan="2"><?=$lan_title?></td></tr> <?=$message?> </table> </td></tr></table> </body> </html> <? mexit(); } ?>