📄 account.inc.php
字号:
<?php
##
# Project: PHPDisk
# This is NOT a freeware, use is subject to license terms.
#
# Site: http://www.phpdisk.com
#
# $Id: account.inc.php 249 2009-03-10 14:59:03Z along $
#
# Copyright (C) 2008-2009 PHPDisk Team. All Rights Reserved.
#
##
if(!defined('IN_PHPDISK') || !defined('IN_INDEX')) {
exit('[PHPDisk] Access Denied');
}
if($action =='relogin'){
$action = 'login';
}
define(SCRIPT_NAME,$item);
require_once lang(SCRIPT_NAME);
$lang = array_merge($pub_lang,$lang);
switch($action){
case 'login':
$ref = trim(gpc('ref','GP',''));
if($task =='login'){
if($p_formhash != formhash()){
exit($lang['system_error']);
}
$username = $db->escape(gpc('username','P',''));
$password = $db->escape(gpc('password','P',''));
$md5_pwd = md5($password);
$remember = (int)gpc('remember','P',0);
if(checklength($username,2,60)){
$error = true;
$sysmsg[] = $lang['invalid_username'];
}
if(checklength($password,6,20)){
$error = true;
$sysmsg[] = $lang['invalid_password'];
}
$rs = $db->fetch_one_array("select userid,gid,username,password,email,is_locked from pd_users where username='$username' limit 1");
if(!$rs){
$error = true;
$sysmsg[] = $lang['user_not_exists'];
}else{
if($md5_pwd != $rs['password']){
$error = true;
$sysmsg[] = $lang['user_password_false'];
}elseif($rs['is_locked']){
$error = true;
$sysmsg[] = $lang['user_is_locked'];
}else{
$userid = (int)$rs['userid'];
$gid = (int)$rs['gid'];
$username = trim($rs['username']);
$password = trim($rs['password']);
$email = trim($rs['email']);
}
}
if(!$settings['allow_access'] && $gid !=1){
$error = true;
$sysmsg[] = $lang['admin_not_valid'];
}
if(!$error){
$db->query_unbuffered("update pd_users set last_login_ip='$onlineip',last_login_time='$timestamp' where userid='$userid'");
if($remember){
pd_setcookie('phpdisk_info',pd_encode("$userid\t$gid\t$username\t$password\t$email"),86400*30);
}else{
pd_setcookie('phpdisk_info',pd_encode("$userid\t$gid\t$username\t$password\t$email"));
}
redirect($ref ? $ref : urr("mydisk",""),'',0);
}
} if(!$settings['allow_access']){
$sysmsg[] = $lang['close_access'];
}
$user_title = $lang['user_login'];
require_once template(SCRIPT_NAME,TPL_NAME);
break;
case 'adminlogin':
$ref = trim(gpc('ref','GP',''));
$username = $pd_username;
if($task =='adminlogin'){
if($p_formhash != formhash()){
exit($lang['system_error']);
}
$username = $db->escape(gpc('username','P',''));
$password = $db->escape(gpc('password','P',''));
$md5_pwd = md5($password);
if(checklength($username,2,60)){
$error = true;
$sysmsg[] = $lang['invalid_username'];
}
if(checklength($password,6,20)){
$error = true;
$sysmsg[] = $lang['invalid_password'];
}
$rs = $db->fetch_one_array("select userid,gid,username,password,email from pd_users where username='$username' limit 1");
if(!$rs){
$error = true;
$sysmsg[] = $lang['user_not_exists'];
}else{
if($md5_pwd != $rs['password']){
$error = true;
$sysmsg[] = $lang['user_password_false'];
}else{
$userid = (int)$rs['userid'];
$gid = (int)$rs['gid'];
$username = trim($rs['username']);
$password = trim($rs['password']);
$email = trim($rs['email']);
}
}
if(!$error && $gid ==1 && $pd_uid){
$ins = array(
'userid' => $pd_uid,
'login_time' => $timestamp,
'hashcode' => gpc('phpdisk_info','C',''),
'ip' => $onlineip,
);
$rs = $db->fetch_one_array("select count(*) as total from pd_adminsession where userid='$pd_uid'");
if($rs['total'] ==0){
$db->query("replace into pd_adminsession set ".$db->sql_array($ins).";");
}else{
$db->query("update pd_adminsession set ".$db->sql_array($ins)." where userid='$pd_uid' and $timestamp-login_time >10");
}
unset($rs);
redirect(urr("admincp",""),'',0);
}else{
if(count($sysmsg)<1){
$sysmsg[] = $lang['admin_not_valid'];
}
}
}
$user_title = $lang['admin_login'];
require_once template(SCRIPT_NAME,TPL_NAME);
break;
case 'register':
if($task == 'register'){
if($p_formhash != formhash()){
exit($lang['system_error']);
}
$username = trim(gpc('username','P',''));
$password = trim(gpc('password','P',''));
$confirm_password = trim(gpc('confirm_password','P',''));
$email = trim(gpc('email','P',''));
if(checklength($username,2,60)){
$error = true;
$sysmsg[] = $lang['invalid_username'];
}elseif(is_bad_chars($username)){
$error = true;
$sysmsg[] = $lang['username_has_bad_chars'];
}else{
$rs = $db->fetch_one_array("select username from pd_users where username='".$db->escape($username)."' limit 1");
if($rs){
if(strcasecmp($username,$rs['username']) ==0){
$error = true;
$sysmsg[] = $lang['username_already_exists'];
}
}else{
$username = $db->escape($username);
}
unset($rs);
}
if(checklength($password,6,20)){
$error = true;
$sysmsg[] = $lang['invalid_password'];
}else{
if($password == $confirm_password){
$md5_pwd = md5(strtolower($password));
}else{
$error = true;
$sysmsg[] = $lang['confirm_password_invalid'];
}
}
if(!checkemail($email)){
$error = true;
$sysmsg[] = $lang['invalid_email'];
}else{
$rs = $db->fetch_one_array("select email from pd_users where email='".$db->escape($email)."' limit 1");
if($rs){
if(strcasecmp($email,$rs['email']) ==0){
$error = true;
$sysmsg[] = $lang['email_already_exists'];
}
unset($rs);
}else{
$email = $db->escape($email);
}
}
$ins = array(
'username' => $username,
'password' => $md5_pwd,
'email' => $email,
'gid' => 4,
'reg_time' => $timestamp,
'reg_ip' => $onlineip,
);
if(!$error){
$db->query("insert into pd_users set ".$db->sql_array($ins).";");
$userid = $db->insert_id();
$ins2 = array(
'disk_name' => 'A',
'disk_description' => '',
'userid' => (int)$userid,
'in_time' => $timestamp,
);
$db->query("insert into pd_disks set ".$db->sql_array($ins2).";");
$disk_id = $db->insert_id();
$ins3 = array(
'folder_name' => 'Default Folder',
'folder_description' => '',
'disk_id' => (int)$disk_id,
'userid' => (int)$userid,
'in_time' => $timestamp,
);
$db->query("insert into pd_folders set ".$db->sql_array($ins3).";");
$rs = $db->fetch_one_array("select count(*) as total from pd_users");
if($rs){
$db->query("replace into pd_stats(vars,value) values('users_count','".$rs['total']."');");
write_cache('stats');
}
unset($rs);
$sysmsg[] = $lang['register_success'];
$reg_success = 1;
}
}
if(!$settings['allow_register']){
$sysmsg[] = $lang['close_register'];
if($settings['close_register_reason']){
$sysmsg[] = 'Tips: '.$settings['close_register_reason'];
}
}
$user_title = $lang['user_register'];
require_once template(SCRIPT_NAME,TPL_NAME);
break;
case 'logout':
pd_setcookie('phpdisk_info','');
redirect(urr("index",""),'',0);
break;
default:
redirect(urr("index","item=account&action=login"),'',0);
}
?>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -