www.gusucode.com > XerCMS 携云PHP企业建站程序 v2015PHP源码程序 > XerCMS 携云PHP企业建站程序 v2015/XerCMS_v20150724/XerCMS_v20150724/XerCMS/Library/XerCMS_admin.php

    <?php
/**
 * @name     XERCMS
 * @author   Arno <XerCMS@163.com> [QQ:1328013]
 * @version  1.0.0
 * @link     http://www.XerCMS.com　
 */

!defined('XERCMS') && exit('Access Denied');

class admin
{
     function __construct() {     
          define('CYK', true); 
          define('CP', true);
		if(X::$G['action'] != 'check') {
               $this->isAdmin(); 
          }
	}
	
     function isAdmin() {
	 	//print_r(X::$G);exit;
	 	if(X::$G['CYK'] !== true) {
	 	 	$this->login();        
	 	} 
	}
 
     function login() {
	 	include($this->tpl('login.htm'));
	 	exit;
	}
	 
	function check() {	  
          $safe = ini('admin');
          if(!empty($safe['worktime']) && !in_array(date('H'),explode(',',$safe['worktime']))) {
               $this->tips('非工作时间无法登录！',X::$G['urlpath'].'?s=admin');
          }
                 
          if(empty($safe['allowip'])) {
               $safeIps = array();
          } else $safeIps = explode(',',$safe['allowip']);
          $isAllowIp = false;
          if(count($safeIps) > 0) {
          	$clientIp = explode('.',X::$G['ip']);    
          	
          	foreach($safeIps as $ip) {
               	$ip = explode('.',$ip);
               	if(count($ip) == 4) {
                    	if(($ip[0] == '*' || $clientIp[0] == $ip[0]) 
                         	&& ($ip[1] == '*' || $clientIp[1] == $ip[1])
                              	&& ($ip[2] == '*' || $clientIp[2] == $ip[2])
                                   	&& ($ip[3] == '*' || $clientIp[3] == $ip[3])) {
                         	$isAllowIp = true;
                    	}
               	}
          	}
               if(!$isAllowIp) {
                    $this->tips('很抱歉，IP不在白名单里！',X::$G['urlpath'].'?s=admin');
               }
          }
          
          if(file_exists(INC.'Services/admin/safe.lock') && filemtime(INC.'Services/admin/safe.lock') + 600  > X::$G['time']) {
               $this->tips('后台存在暴力破解风险，禁止登录15分钟！',X::$G['urlpath'].'?s=admin');
          } 
          
     	$postuser = isset($_POST['user']) ? strfilter($_POST['user']) : '';
     	$postpass = isset($_POST['pass']) ? strfilter($_POST['pass']) : '';
     	if(empty($postuser) || empty($postpass) || isset($postuser{32}) || isset($postpass{32})) {
	 	 	$this->tips(105,X::$G['urlpath'].'?s=admin');
     	}   
          
		$ips = rs('member')->table('xercms_error_ips')->where(array('ip'=>X::$G['ip']))->select(1);
	 	if(isset($ips['num']) && $ips['num'] > 2 && $ips['time'] > X::$G['time'] - 600) {
	 	     $this->tips('over_error',X::$G['urlpath'].'?s=admin');
	 	}
          $code = isset($_POST['code']) ? strfilter($_POST['code']) : '';
          if(is_array($safe['codes']) && count($safe['codes']) > 0 && (empty($code) || !in_array($code,$safe['codes']))) {
		     if(isset($ips['num'])) {
                    rs('member')->table('xercms_error_ips')->where(array('ip'=>X::$G['ip']))->update(array('num'=>($ips['num'] + 1)));
			} else rs('member')->table('xercms_error_ips')->insert(array('num'=>1,'time'=>X::$G['time'],'ip'=>X::$G['ip']));
               $errIpNumber = DB::result_first('SELECT COUNT(*) FROM xercms_error_ips'); 
               if($errIpNumber > 2) {
                    file_put_contents(INC.'Services/admin/safe.lock','');
               }               
               $this->tips('安全码错误！',X::$G['urlpath'].'?s=admin');
          }
          
          rs('member')->table('xercms_error_ips')->where('`time` < '.(X::$G['time'] - 600))->delete();
          
	 	//if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
	 	 	//$this->tips('no_agent',X::$G['urlpath'].'?s=admin');
	 	//}

	 	//PRINT_r($login_error);

          $uid = rs('member')->verify($postuser,md5($postpass));//print_r($uid.'/');exit();
	 	if($uid > 0) {
	 	 	if(in_array($uid,$safe['admins']) === false) {
	 	 	 	$this->tips('非后台管理员无法登录！',X::$G['urlpath'].'?s=admin');
	 	 	}
			rs('member')->login($uid,true);
	 	 	header('Location:'.X::$G['urlpath'].'?s=admin&a=index'); 
	 	 	exit;
	 	} else if ($uid == -1) {
	 	 	$this->tips('over_error',X::$G['urlpath'].'?s=admin');
          } else if ($uid == -2) {
	 	 	$this->tips('100',X::$G['urlpath'].'?s=admin'); 
	 	} else {
		     if(isset($ips['num'])) {
                    rs('member')->table('xercms_error_ips')->where(array('ip'=>X::$G['ip']))->update(array('num'=>($ips['num'] + 1)));
			} else rs('member')->table('xercms_error_ips')->insert(array('num'=>1,'time'=>X::$G['time'],'ip'=>X::$G['ip']));
               $errIpNumber = DB::result_first('SELECT COUNT(*) FROM xercms_error_ips'); 
               if($errIpNumber > 2) {
                    file_put_contents(INC.'Services/admin/safe.lock','');
               }  
               $this->tips('100',X::$G['urlpath'].'?s=admin');               
		 	//include($this->tpl('login.htm'));
		}
	}
	
     function tpl($path)
     {
          $CacheName = md5($path);
          if(file_exists(INC.'Caches/template/'.$CacheName.'.php') && 1 == 2) {
               return INC.'Caches/template/'.$CacheName.'.php';
          } else {
               if(X::$compiler == NULL) {
                    X::import('compiler');
                    X::$compiler = new compiler();
               }
               X::$compiler->Set('XerCMS/Services/admin/template/',$path);
               X::$compiler->parse();
               $tpl = X::$compiler->file();
               return $tpl;
          }
     } 
	 
	function tips($content,$gourl = '') {    
		if(X::$G['format'] == 'json') {
		     exit(json_encode(array('XerCMS'=>VERSION,'Msg'=>lang($content))));
		} else {
               $time = 5;$gourl= empty($gourl) ? dreferer() : $gourl;     
               $title = empty($title) ? lang(107) : $title;
               $content = lang($content);
               include($this->tpl('tips.htm'));
		}
	     exit;  
	}    	 
}
?>