www.gusucode.com > XerCMS 携云PHP企业建站程序 v2015PHP源码程序 > XerCMS 携云PHP企业建站程序 v2015/XerCMS_v20150724/XerCMS_v20150724/XerCMS/Library/XerCMS_admin.php
<?php /** * @name XERCMS * @author Arno <XerCMS@163.com> [QQ:1328013] * @version 1.0.0 * @link http://www.XerCMS.com */ !defined('XERCMS') && exit('Access Denied'); class admin { function __construct() { define('CYK', true); define('CP', true); if(X::$G['action'] != 'check') { $this->isAdmin(); } } function isAdmin() { //print_r(X::$G);exit; if(X::$G['CYK'] !== true) { $this->login(); } } function login() { include($this->tpl('login.htm')); exit; } function check() { $safe = ini('admin'); if(!empty($safe['worktime']) && !in_array(date('H'),explode(',',$safe['worktime']))) { $this->tips('非工作时间无法登录!',X::$G['urlpath'].'?s=admin'); } if(empty($safe['allowip'])) { $safeIps = array(); } else $safeIps = explode(',',$safe['allowip']); $isAllowIp = false; if(count($safeIps) > 0) { $clientIp = explode('.',X::$G['ip']); foreach($safeIps as $ip) { $ip = explode('.',$ip); if(count($ip) == 4) { if(($ip[0] == '*' || $clientIp[0] == $ip[0]) && ($ip[1] == '*' || $clientIp[1] == $ip[1]) && ($ip[2] == '*' || $clientIp[2] == $ip[2]) && ($ip[3] == '*' || $clientIp[3] == $ip[3])) { $isAllowIp = true; } } } if(!$isAllowIp) { $this->tips('很抱歉,IP不在白名单里!',X::$G['urlpath'].'?s=admin'); } } if(file_exists(INC.'Services/admin/safe.lock') && filemtime(INC.'Services/admin/safe.lock') + 600 > X::$G['time']) { $this->tips('后台存在暴力破解风险,禁止登录15分钟!',X::$G['urlpath'].'?s=admin'); } $postuser = isset($_POST['user']) ? strfilter($_POST['user']) : ''; $postpass = isset($_POST['pass']) ? strfilter($_POST['pass']) : ''; if(empty($postuser) || empty($postpass) || isset($postuser{32}) || isset($postpass{32})) { $this->tips(105,X::$G['urlpath'].'?s=admin'); } $ips = rs('member')->table('xercms_error_ips')->where(array('ip'=>X::$G['ip']))->select(1); if(isset($ips['num']) && $ips['num'] > 2 && $ips['time'] > X::$G['time'] - 600) { $this->tips('over_error',X::$G['urlpath'].'?s=admin'); } $code = isset($_POST['code']) ? strfilter($_POST['code']) : ''; if(is_array($safe['codes']) && count($safe['codes']) > 0 && (empty($code) || !in_array($code,$safe['codes']))) { if(isset($ips['num'])) { rs('member')->table('xercms_error_ips')->where(array('ip'=>X::$G['ip']))->update(array('num'=>($ips['num'] + 1))); } else rs('member')->table('xercms_error_ips')->insert(array('num'=>1,'time'=>X::$G['time'],'ip'=>X::$G['ip'])); $errIpNumber = DB::result_first('SELECT COUNT(*) FROM xercms_error_ips'); if($errIpNumber > 2) { file_put_contents(INC.'Services/admin/safe.lock',''); } $this->tips('安全码错误!',X::$G['urlpath'].'?s=admin'); } rs('member')->table('xercms_error_ips')->where('`time` < '.(X::$G['time'] - 600))->delete(); //if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { //$this->tips('no_agent',X::$G['urlpath'].'?s=admin'); //} //PRINT_r($login_error); $uid = rs('member')->verify($postuser,md5($postpass));//print_r($uid.'/');exit(); if($uid > 0) { if(in_array($uid,$safe['admins']) === false) { $this->tips('非后台管理员无法登录!',X::$G['urlpath'].'?s=admin'); } rs('member')->login($uid,true); header('Location:'.X::$G['urlpath'].'?s=admin&a=index'); exit; } else if ($uid == -1) { $this->tips('over_error',X::$G['urlpath'].'?s=admin'); } else if ($uid == -2) { $this->tips('100',X::$G['urlpath'].'?s=admin'); } else { if(isset($ips['num'])) { rs('member')->table('xercms_error_ips')->where(array('ip'=>X::$G['ip']))->update(array('num'=>($ips['num'] + 1))); } else rs('member')->table('xercms_error_ips')->insert(array('num'=>1,'time'=>X::$G['time'],'ip'=>X::$G['ip'])); $errIpNumber = DB::result_first('SELECT COUNT(*) FROM xercms_error_ips'); if($errIpNumber > 2) { file_put_contents(INC.'Services/admin/safe.lock',''); } $this->tips('100',X::$G['urlpath'].'?s=admin'); //include($this->tpl('login.htm')); } } function tpl($path) { $CacheName = md5($path); if(file_exists(INC.'Caches/template/'.$CacheName.'.php') && 1 == 2) { return INC.'Caches/template/'.$CacheName.'.php'; } else { if(X::$compiler == NULL) { X::import('compiler'); X::$compiler = new compiler(); } X::$compiler->Set('XerCMS/Services/admin/template/',$path); X::$compiler->parse(); $tpl = X::$compiler->file(); return $tpl; } } function tips($content,$gourl = '') { if(X::$G['format'] == 'json') { exit(json_encode(array('XerCMS'=>VERSION,'Msg'=>lang($content)))); } else { $time = 5;$gourl= empty($gourl) ? dreferer() : $gourl; $title = empty($title) ? lang(107) : $title; $content = lang($content); include($this->tpl('tips.htm')); } exit; } } ?>