userchk.php

LOVESTUdio多校园交易系统 VER 4.0基于3.0开发

<?php
require_once('libs/session.inc');
?>

<?php
//注销登陆
 if($_GET[action] == logout){	 
                $out = session_unregister('username');
				if($out){
				if(file_exists('index.html')){
				redirectURL('index.html');		 
				}elseif(file_exists('index.php')){
				redirectURL('index.php');		 
				}else{
				die("登陆成功！不能返回到主页，主页不存在。");
				}
				
						}
							 } 
if($_GET[action] == logouts){	 
                $out = session_unregister('username');
				if($out){
				redirectURL('userlogin.php');		 
						}
							 } 
?>


<style type="text/css">
TD {
	FONT-SIZE: 9pt; 
	LINE-HEIGHT: 150%; 
	FONT-FAMILY: 宋体;
}
body {
	  margin :0; 
	  }
</style>
<?php
require_once('libs/config.inc');
require_once('libs/dbmanager.inc');
require_once('libs/function.inc');
	  $conn = DBManager::getConnection(); 
function redirectURL($url, $seconds = 0){

if(!is_int($seconds))
$seconds=0;
$mta = "<META HTTP-EQUIV=REFRESH CONTENT=\"".$seconds.
";URL=".$url."\">";
echo $mta;
exit;
}
//检查用户登陆
 if($_POST[message] == ok){			       
                     if($_POST[toindex] == toindex){
					  echo "<table height=500 width='100%' align='center'>";
                    echo "<tr><td align='center' valign='middle'><img src='skin/loging.gif'><br>正在处理,请等待....";
					echo "</td></tr></table>";
					 }
                     else{ 
                    echo "<table height=130 width='100%' align='center' background='skin/login_bak.jpg'>";
                    echo "<tr><td align='center'><img src='skin/loging1.gif'><br>正在处理,请等待....";
					echo "</td></tr></table>";
					     }
					  $username = $_POST[username];     
			          $userpwd = md5($_POST[userpwd]);
					  $usercode = $_POST[mycode];
					  settype($_SESSION['reg_code'],string);
					  $chekcode = $_SESSION['reg_code']; 
					  if($username==""||preg_match("/^$|^c:\\con\\con$|　|[,\"\s\t\<\>]|^游客|^Guest/is", $username)){
					      msgbox("用户名为空或包含非法字符","Back","");
					            }
					 elseif(strlen($username)>15){
					        msgbox("用户名不能超过15个字符","Back",""); 			
					                     }
					 elseif($_POST[userpwd]==""){
					        msgbox("用户密码不能为空","Back","");              
										  }	
					 elseif($usercode !== $chekcode)
					                      {
					        msgbox("验证码不正确！","Back","");              
										  }						  
					 else{					  		 
					  $sql = "SELECT * FROM ".$tablepre."user WHERE username='$username'";
					  if($result = $conn->query($sql)){
					  
					  $obj = $result->fetch_assoc(); 
					  $userpass = $obj[userpwd];
					  if($userpwd !== $userpass)
					    { 
						msgbox("密码错误！","Back",""); }
					  else
					  {			
					  $_SESSION['username']=$username;
				if(empty($_SESSION['last_time'])){
					  $_SESSION['last_time'] = time();
					  $conn->query("UPDATE ".$tablepre."user SET `usertimes`=`usertimes`+1,`usermark`=`usermark`+5 WHERE username='$username'"); 	 
			                                     }
				elseif(time() - $_SESSION['last_time'] > 3600){
			          $_SESSION['last_time'] = time();
					  $conn->query("UPDATE ".$tablepre."user SET `usertimes`=`usertimes`+1,`usermark`=`usermark`+5 WHERE username='$username'");
					           }
					  }						   
					  if($_POST[toindex] == toindex){
               if(file_exists('index.html')){
				redirectURL('index.html');		 
				}elseif(file_exists('index.php')){
				redirectURL('index.php');		 
				}else{
				die("登陆成功！不能返回到主页，主页不存在。");
				}	
								  }
	                 else{
					  redirectURL('userlogin.php');
					     }
					  }
					  else{
					  msgbox("错误！","Back","");
					  }
					                      }         
							            }
$conn->close();										
?>