www.gusucode.com > Carbon Forum PHP轻论坛系统 v3.6.5源码程序 > Carbon-Forum-3.6.5/login.php
<?php include(__DIR__ . '/common.php'); require(__DIR__ . '/language/' . ForumLanguage . '/login.php'); $error = ''; $UserName = ''; $ReturnUrl = isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER["HTTP_REFERER"]) : ''; if (isset($_GET['logout']) && $_GET['logout'] == $CurUserCode) { SetCookies(array( 'UserID' => '', 'CurUserExpirationTime' => '', 'UserCode' => '' ), 1); if ($ReturnUrl) { header('location: ' . $ReturnUrl); exit('logout'); } else { header('location: ' . $Config['WebsitePath'] . '/'); exit('logout'); } } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (!ReferCheck($_POST['FormHash'])) { AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403); } $ReturnUrl = htmlspecialchars(trim($_POST["ReturnUrl"])); $UserName = strtolower(trim($_POST["UserName"])); $Password = trim($_POST["Password"]); $Expires = min(intval(trim($_POST["Expires"])), 30); //最多保持登陆30天 $VerifyCode = intval(trim($_POST["VerifyCode"])); if ($UserName && $Password && $VerifyCode) { session_start(); if (isset($_SESSION[$Prefix . 'VerificationCode']) && $VerifyCode === intval($_SESSION[$Prefix . 'VerificationCode'])) { $DBUser = $DB->row("SELECT ID,UserName,Salt,Password FROM " . $Prefix . "users WHERE UserName = :UserName", array( "UserName" => $UserName )); if ($DBUser) { if (HashEquals($DBUser['Password'], md5($Password . $DBUser['Salt']))) { UpdateUserInfo(array( 'LastLoginTime' => $TimeStamp, 'UserLastIP' => CurIP() ), $DBUser['ID']); $TemporaryUserExpirationTime = $Expires * 86400 + $TimeStamp; SetCookies(array( 'UserID' => $DBUser['ID'], 'UserExpirationTime' => $TemporaryUserExpirationTime, 'UserCode' => md5($DBUser['Password'] . $DBUser['Salt'] . $TemporaryUserExpirationTime . $SALT) ), $Expires); if ($ReturnUrl) { header('location: ' . $ReturnUrl); exit('logined'); } else { header('location: ' . $Config['WebsitePath'] . '/'); exit('logined'); } } else { $error = $Lang['Password_Error']; } } else { $error = $Lang['User_Does_Not_Exist']; } } else { $error = $Lang['Verification_Code_Error']; } unset($_SESSION[$Prefix . 'VerificationCode']); } else { $error = $Lang['Forms_Can_Not_Be_Empty']; } } $DB->CloseConnection(); // 页面变量 $PageTitle = $Lang['Log_In']; $ContentFile = $TemplatePath . 'login.php'; include($TemplatePath . 'layout.php');