📄 admin.php
字号:
<?php
class debug
{
function starttimer( )
{
global $starttime;
$mtime = microtime( );
$mtime = explode( " ", $mtime );
$mtime = $mtime[1] + $mtime[0];
$starttime = $mtime;
}
function endtimer( )
{
global $starttime;
$mtime = microtime( );
$mtime = explode( " ", $mtime );
$mtime = $mtime[1] + $mtime[0];
$endtime = $mtime;
$totaltime = round( $endtime - $starttime, 5 );
return $totaltime;
}
}
class info
{
var $vars = "";
var $version = "1.1";
function info( $INFO )
{
$this->vars = $INFO;
$this->vars['EMOTICONS_URL'] = $INFO['html_url']."/emoticons";
}
}
function do_login( $message = "" )
{
global $IN;
global $DB;
global $ADMIN;
global $SKIN;
$cut_off_stamp = time( ) - 7200;
$DB->query( "DELETE FROM ibf_admin_sessions WHERE RUNNING_TIME < {$cut_off_stamp}" );
$ADMIN->page_detail = "你必须拥有管理员权限才能成功登录论坛管理中心。<br><br>请在下面输入你的用户名称和登录密码:";
if ( $message != "" )
{
$ADMIN->page_detail .= "<br><br><span style='color:red;font-weight:bold'>{$message}</span>";
}
$ADMIN->html .= "<script language='javascript'>\n\t\t\t\t\t <!--\n\t\t\t\t\t \tif (top.location != self.location) { top.location = self.location }\n\t\t\t\t\t //-->\n\t\t\t\t\t </script>\n\t\t\t\t\t ";
$ADMIN->html .= $SKIN->start_form( array(
1 => array( "login", "yes" )
) );
$SKIN->td_header[] = array( " ", "40%" );
$SKIN->td_header[] = array( " ", "60%" );
$ADMIN->html .= $SKIN->start_table( "用户验证" );
$ADMIN->html .= $SKIN->add_td_row( array( "用户名称:", "<input type='text' style='width:100%' name='username' value=''>" ) );
$ADMIN->html .= $SKIN->add_td_row( array( "登录密码:", "<input type='password' style='width:100%' name='password' value=''>" ) );
$ADMIN->html .= $SKIN->end_form( "登录管理中心" );
$ADMIN->html .= $SKIN->end_table( );
$ADMIN->output( );
}
function do_admin_stuff( )
{
global $IN;
global $INFO;
global $DB;
global $SKIN;
global $ADMIN;
global $std;
global $MEMBER;
global $GROUP;
global $ibforums;
$choice = array( "idx" => "doframes", "menu" => "menu", "announcement" => "announce", "index" => "index", "cat" => "categories", "forum" => "forums", "mem" => "member", "group" => "groups", "mod" => "moderator", "op" => "settings", "help" => "help", "skin" => "skins", "wrap" => "wrappers", "style" => "stylesheets", "image" => "imagemacros", "sets" => "stylesets", "templ" => "templates", "rtempl" => "remote_template", "lang" => "languages", "import" => "skin_import", "modlog" => "modlogs", "field" => "profilefields", "stats" => "statistics", "quickhelp" => "quickhelp", "adminlog" => "adminlogs", "ips" => "ips", "mysql" => "mysql", "battle" => "battle", "itemshop" => "itemshop", "rpg" => "rpg", "pin" => "plugins" );
$IN['act'] = $IN['act'] == "" ? "idx" : $IN['act'];
if ( !isset( $choice[$IN['act']] ) )
{
$IN['act'] = "idx";
}
if ( $IN['act'] == "idx" )
{
print $SKIN->frame_set( );
exit( );
}
else if ( $IN['act'] == "menu" )
{
$ADMIN->menu( );
}
else
{
require( ROOT_PATH."sources/Admin/ad_".$choice[$IN['act']].".php" );
}
}
function fatal_error( $message = "", $help = "" )
{
echo "{$message}<br><br>{$help}";
exit( );
}
$is_on_tripod = 0;
define( "ROOT_PATH", "./" );
$check_ip = 1;
$use_gzip = 1;
error_reporting( E_ERROR | E_WARNING | E_PARSE );
set_magic_quotes_runtime( 0 );
if ( $is_on_tripod != 1 )
{
if ( function_exists( "ini_get" ) )
{
$safe_switch = @ini_get( "safe_mode" ) ? 1 : 0;
}
else
{
$safe_switch = 1;
}
}
else
{
$safe_switch = 1;
}
define( "SAFE_MODE_ON", $safe_switch );
if ( function_exists( "set_time_limit" ) == 1 && SAFE_MODE_ON == 0 )
{
@set_time_limit( 0 );
}
require( ROOT_PATH."conf_global.php" );
info( $INFO );
$ibforums = new info( );
$Debug = new debug( );
$Debug->starttimer( );
$MEMBER = array( );
$SESSION_ID = "";
$SKIN = "";
$MEMBER_NAME = "";
$MEMBER_PASSWORD = "";
$MEMBER_EMAIL = "";
$UserName = "";
$PassWord = "";
require( ROOT_PATH."sources/functions.php" );
$std = new func( );
$IN = $std->parse_incoming( );
$IN['AD_SESS'] = $HTTP_POST_VARS['adsess'] ? $HTTP_POST_VARS['adsess'] : $HTTP_GET_VARS['adsess'];
require( ROOT_PATH."sources/Admin/admin_pages.php" );
require( ROOT_PATH."sources/Admin/admin_skin.php" );
$SKIN = new admin_skin( );
require( ROOT_PATH."sources/Admin/admin_functions.php" );
$ADMIN = new admin_functions( );
$INFO['sql_driver'] = !$INFO['sql_driver'] ? "mySQL" : $INFO['sql_driver'];
$to_require = ROOT_PATH."sources/Drivers/".$INFO['sql_driver'].".php";
require( $to_require );
$DB = new db_driver( );
$DB->obj['sql_database'] = $INFO['sql_database'];
$DB->obj['sql_user'] = $INFO['sql_user'];
$DB->obj['sql_pass'] = $INFO['sql_pass'];
$DB->obj['sql_host'] = $INFO['sql_host'];
$DB->obj['sql_tbl_prefix'] = $INFO['sql_tbl_prefix'];
$DB->connect( );
if ( $IN['show'] == "none" )
{
$IN['show'] = "";
}
else if ( $IN['show'] == "all" )
{
$IN['show'] = "";
foreach ( $CATS as $cid => $name )
{
$IN['show'] .= $cid.",";
}
}
else
{
$IN['show'] = preg_replace( "/(?:^|,)".$IN['out']."(?:,|\$)/", ",", $IN['show'] );
$IN['show'] = preg_replace( "/,,/", "", $IN['show'] );
$IN['show'] = preg_replace( "/,\$/", "", $IN['show'] );
$IN['show'] = preg_replace( "/^,/", "", $IN['show'] );
}
$session_validated = 0;
$this_session = array( );
$validate_login = 0;
if ( $IN['login'] != "yes" )
{
if ( !$IN['adsess'] || empty( $IN['adsess'] ) || !isset( $IN['adsess'] ) || $IN['adsess'] == "" )
{
do_login( "没有找到相关的管理员 session 数据" );
}
else
{
$DB->query( "SELECT * FROM ibf_admin_sessions WHERE ID='".$IN['adsess']."'" );
$row = $DB->fetch_row( );
if ( $row['ID'] == "" )
{
do_login( "无法找回 session 数据" );
}
else if ( $row['MEMBER_ID'] == "" )
{
do_login( "没有找到有效的用户名称" );
}
else
{
$DB->query( "SELECT * FROM ibf_members WHERE id='".$row['MEMBER_ID']."'" );
$MEMBER = $DB->fetch_row( );
if ( $MEMBER['id'] == "" )
{
do_login( "用户名称无效" );
}
else if ( $row['SESSION_KEY'] != $MEMBER['password'] )
{
do_login( "用户密码不匹配" );
}
else
{
$DB->query( "SELECT * FROM ibf_groups WHERE g_id='".$MEMBER['mgroup']."'" );
$GROUP = $DB->fetch_row( );
if ( $GROUP['g_access_cp'] != 1 )
{
do_login( "你没有足够的权限登录论坛管理中心" );
}
else
{
$session_validated = 1;
$this_session = $row;
}
}
}
}
}
else
{
if ( empty( $IN['username'] ) )
{
do_login( "你必须输入你的用户名称" );
}
if ( empty( $IN['password'] ) )
{
do_login( "你必须输入你的用户密码" );
}
$DB->query( "SELECT name, password, id, mgroup FROM ibf_members WHERE LOWER(name)='".strtolower( $IN['username'] )."'" );
$mem = $DB->fetch_row( );
if ( empty( $mem['id'] ) )
{
do_login( "无法找到相匹配的用户名称数据,请检查后再试" );
}
$pass = md5( $IN['password'] );
if ( $pass != $mem['password'] )
{
do_login( "你输入的登录密码和数据库中保存的密码不匹配" );
}
else
{
$DB->query( "SELECT * FROM ibf_groups WHERE g_id='".$mem['mgroup']."'" );
$GROUP = $DB->fetch_row( );
if ( $GROUP['g_access_cp'] != 1 )
{
do_login( "你没有足够的权限登录论坛管理中心" );
}
else
{
$sess_id = md5( uniqid( microtime( ) ) );
$db_string = $DB->compile_db_insert_string( array(
"ID" => $sess_id,
"IP_ADDRESS" => $IN['IP_ADDRESS'],
"MEMBER_NAME" => $mem['name'],
"MEMBER_ID" => $mem['id'],
"SESSION_KEY" => $pass,
"LOCATION" => "index",
"LOG_IN_TIME" => time( ),
"RUNNING_TIME" => time( )
) );
$DB->query( "INSERT INTO ibf_admin_sessions (".$db_string['FIELD_NAMES'].") VALUES (".$db_string['FIELD_VALUES'].")" );
$IN['AD_SESS'] = $sess_id;
$ADMIN->page_title = "用户登录成功";
$ADMIN->page_detail = "现在将跳转到论坛管理中心首页";
$ADMIN->html .= $SKIN->start_table( "进入论坛管理中心" );
$ADMIN->html .= "<tr><td id='tdrow1'><meta http-equiv='refresh' content='2; url=".$INFO['board_url']."/admin.".$INFO['php_ext']."?adsess=".$IN['AD_SESS']."'><a href='".$INFO['board_url']."/admin.".$INFO['php_ext']."?adsess=".$IN['AD_SESS']."'>( 如果你不想长时间等待,请直接按此进入 )</a></td></tr>";
$ADMIN->html .= $SKIN->end_table( );
$ADMIN->output( );
}
}
}
if ( $session_validated == 1 )
{
if ( $this_session['RUNNING_TIME'] < time( ) - 7200 )
{
$session_validated = 0;
do_login( "管理员 session 已经过期" );
}
else if ( $check_ip == 1 && $this_session['IP_ADDRESS'] != $IN['IP_ADDRESS'] )
{
$session_validated = 0;
do_login( "你现在使用的 IP 地址和数据库中的纪录不匹配" );
}
}
if ( $session_validated == 1 )
{
$IN['AD_SESS'] = $IN['adsess'];
$DB->query( "UPDATE ibf_admin_sessions SET RUNNING_TIME='".time( )."', LOCATION='".$IN['act']."' WHERE MEMBER_ID='".$MEMBER['id']."' AND ID='".$IN['AD_SESS']."'" );
do_admin_stuff( );
}
else
{
do_login( "Session 无效 - 请检查后重新登录" );
}
?>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -