urbanu619
/
chinax.jianzhanzj.com


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300
							<?php
//错误登陆记录
function InsertErrorLoginNum($username,$password,$loginauth,$ip,$time){
	global $empire,$public_r,$dbtbpre;
	//COOKIE
	$loginnum=intval(getcvar('loginnum'));
	$logintime=$time;
	$lastlogintime=intval(getcvar('lastlogintime'));
	if($lastlogintime&&($logintime-$lastlogintime>$public_r['logintime']*60))
	{
		$loginnum=0;
	}
	$loginnum++;
	esetcookie("loginnum",$loginnum,$logintime+3600*24);
	esetcookie("lastlogintime",$logintime,$logintime+3600*24);
	//数据库
	$chtime=$time-$public_r['logintime']*60;
	$empire->query("delete from {$dbtbpre}enewsloginfail where lasttime<$chtime");
	$r=$empire->fetch1("select ip from {$dbtbpre}enewsloginfail where ip='$ip' limit 1");
	if($r['ip'])
	{
		$empire->query("update {$dbtbpre}enewsloginfail set num=num+1,lasttime='$time' where ip='$ip' limit 1");
	}
	else
	{
		$empire->query("insert into {$dbtbpre}enewsloginfail(ip,num,lasttime) values('$ip',1,'$time');");
	}
	//日志
	insert_log($username,$password,0,$ip,$loginauth);
}

//验证登录次数
function CheckLoginNum($ip,$time){
	global $empire,$public_r,$dbtbpre;
	//COOKIE验证
	$loginnum=intval(getcvar('loginnum'));
	$lastlogintime=intval(getcvar('lastlogintime'));
	if($lastlogintime)
	{
		if($time-$lastlogintime<$public_r['logintime']*60)
		{
			if($loginnum>=$public_r['loginnum'])
			{
				printerror("LoginOutNum",eAdminLoginReturnUrl(0));
			}
		}
	}
	//数据库验证
	$chtime=$time-$public_r['logintime']*60;
	$num=$empire->gettotal("select count(*) as total from {$dbtbpre}enewsloginfail where ip='$ip' and num>=$public_r[loginnum] and lasttime>$chtime limit 1");
	if($num)
	{
		printerror("LoginOutNum",eAdminLoginReturnUrl(0));
	}
}

//登陆
function login($username,$password,$key,$post){
	global $empire,$public_r,$dbtbpre,$ecms_config;
	$username=RepPostVar($username);
	$password=RepPostVar($password);
	if(!$username||!$password)
	{
		printerror("EmptyKey",eAdminLoginReturnUrl(0));
	}
	//验证码
	$keyvname='checkkey';
	if(!$public_r['adminloginkey'])
	{
		ecmsCheckShowKey($keyvname,$key,0,0,1);
	}
	if(strlen($username)>30||strlen($password)>30)
	{
		printerror("EmptyKey",eAdminLoginReturnUrl(0));
	}
	$loginip=egetip();
	$logintime=time();
	CheckLoginNum($loginip,$logintime);
	//认证码
	if($ecms_config['esafe']['loginauth'])
	{
		if('dg'.$ecms_config['esafe']['loginauth']!='dg'.$post['loginauth'])
		{
			InsertErrorLoginNum($username,$password,1,$loginip,$logintime);
			printerror("ErrorLoginAuth",eAdminLoginReturnUrl(0));
		}
	}
	$user_r=$empire->fetch1("select userid,password,salt,salt2,lasttime,lastip,addtime,addip,userprikey,lastipport,addipport from {$dbtbpre}enewsuser where username='".$username."' and checked=0 limit 1");
	if(!$user_r['userid'])
	{
		InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
		printerror("LoginFail",eAdminLoginReturnUrl(0));
	}
	$ch_password=DoEmpireCMSAdminPassword($password,$user_r['salt'],$user_r['salt2']);
	if('dg'.$user_r['password']!='dg'.$ch_password)
	{
		InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
		printerror("LoginFail",eAdminLoginReturnUrl(0));
	}
	//安全问答
	$user_addr=$empire->fetch1("select userid,equestion,eanswer,openip,certkey from {$dbtbpre}enewsuseradd where userid='$user_r[userid]'");
	if(!$user_addr['userid'])
	{
		InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
		printerror("LoginFail",eAdminLoginReturnUrl(0));
	}
	if($user_addr['equestion'])
	{
		$equestion=(int)$post['equestion'];
		$eanswer=$post['eanswer'];
		if($user_addr['equestion']!=$equestion)
		{
			InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
			printerror("LoginFail",eAdminLoginReturnUrl(0));
		}
		$ckeanswer=ReturnHLoginQuestionStr($user_r['userid'],$username,$user_addr['equestion'],$eanswer);
		if('dg'.$ckeanswer!='dg'.$user_addr['eanswer'])
		{
			InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
			printerror("LoginFail",eAdminLoginReturnUrl(0));
		}
	}
	//IP限制
	if($user_addr['openip'])
	{
		eCheckAccessAdminLoginIp($user_addr['openip']);
	}
	//取得随机密码
	$rnd=make_password(20);
	$loginipport=egetipport();
	$sql=$empire->query("update {$dbtbpre}enewsuser set rnd='$rnd',loginnum=loginnum+1,lastip='$loginip',lasttime='$logintime',pretime='$user_r[lasttime]',preip='".RepPostVar($user_r[lastip])."',lastipport='$loginipport',preipport='".RepPostVar($user_r[lastipport])."' where username='$username' limit 1");
	$r=$empire->fetch1("select groupid,userid,styleid,userprikey from {$dbtbpre}enewsuser where username='$username' limit 1");
	//样式
	if(empty($r[styleid]))
	{
		$stylepath=$public_r['defadminstyle']?$public_r['defadminstyle']:1;
	}
	else
	{
		$styler=$empire->fetch1("select path,styleid from {$dbtbpre}enewsadminstyle where styleid='$r[styleid]'");
		if(empty($styler[styleid]))
		{
			$stylepath=$public_r['defadminstyle']?$public_r['defadminstyle']:1;
		}
		else
		{
			$stylepath=$styler['path'];
		}
	}
	//设置备份
	$cdbdata=0;
	$bnum=$empire->gettotal("select count(*) as total from {$dbtbpre}enewsgroup where groupid='$r[groupid]' and dodbdata=1");
	if($bnum)
	{
		$cdbdata=1;
		$set5=esetcookie("ecmsdodbdata","empirecms",0,1);
    }
	else
	{
		$set5=esetcookie("ecmsdodbdata","",0,1);
	}
	
	ecmsEmptyShowKey($keyvname,0,1);//清空验证码
	$set4=esetcookie("loginuserid",$r[userid],0,1);
	$set1=esetcookie("loginusername",$username,0,1);
	$set2=esetcookie("loginrnd",$rnd,0,1);
	$set3=esetcookie("loginlevel",$r[groupid],0,1);
	$set5=esetcookie("eloginlic","empirecmslic",0,1);
	$set6=esetcookie("loginadminstyleid",$stylepath,0,1);
	//COOKIE加密验证
	DoEDelFileRnd($r[userid]);
	DoECookieRnd($r[userid],$username,$rnd,$r['userprikey'],$cdbdata,$r[groupid],intval($stylepath),$logintime);
	//最后登陆时间
	$set4=esetcookie("logintime",$logintime,0,1);
	$set5=esetcookie("truelogintime",$logintime,0,1);
	esetcookie('ecertkeyrnds','',0);
	//写入日志
	insert_log($username,'',1,$loginip,0);
	//FireWall
	FWSetPassword();
	if($set1&&$set2&&$set3)
	{
		$cache_enews='doclass,doinfo,douserinfo';
		$cache_ecmstourl='admin.php'.urlencode(hReturnEcmsHashStrDef(1,'ehref'));
		$cache_mess='LoginSuccess';
		$cache_url="CreateCache.php?enews=$cache_enews&ecmstourl=$cache_ecmstourl&mess=$cache_mess".hReturnEcmsHashStrDef(0,'ehref');
		//操作日志
	    insert_dolog("");
		if($post['adminwindow'])
		{
		?>
			<script>
			AdminWin=window.open("<?=$cache_url?>","EmpireCMS","scrollbars");
			AdminWin.moveTo(0,0);
			AdminWin.resizeTo(screen.width,screen.height-30);
			self.location.href="blank.php";
			</script>
		<?
		exit();
		}
		else
		{
			//printerror("LoginSuccess",$cache_url);
			echo'<meta http-equiv="refresh" content="0;url='.$cache_url.'">';
			db_close();
			$empire=null;
			exit();
		}
	}
	else
	{
		printerror("NotCookie",eAdminLoginReturnUrl(0));
	}
}

//写入登录日志
function insert_log($username,$password,$status,$loginip,$loginauth){
	global $empire,$ecms_config,$dbtbpre;
	if($ecms_config['esafe']['theloginlog'])
	{
		return "";
	}
	$password=RepPostVar($password);
	$loginauth=RepPostVar($loginauth);
	$password='';
	if($password)
	{
		$password=preg_replace("/^(.{".round(strlen($password) / 4)."})(.+?)(.{".round(strlen($password) / 6)."})$/s", "\\1***\\3", $password);
	}
	$password=RepPostVar($password);
	$username=RepPostVar($username);
	$loginip=RepPostVar($loginip);
	$ipport=egetipport();
	$status=RepPostVar($status);
	$logintime=date("Y-m-d H:i:s");
	$sql=$empire->query("insert into {$dbtbpre}enewslog(username,loginip,logintime,status,password,loginauth,ipport) values('$username','$loginip','$logintime','$status','$password','$loginauth','$ipport');");
}

//退出登陆
function loginout($userid,$username,$rnd){
	global $empire,$dbtbpre,$ecms_config;
	$userid=(int)$userid;
	if(!$userid||!$username)
	{
		printerror("NotLogin","history.go(-1)");
	}
	$set1=esetcookie("loginuserid","",0,1);
	$set2=esetcookie("loginusername","",0,1);
	$set3=esetcookie("loginrnd","",0,1);
	$set4=esetcookie("loginlevel","",0,1);
	//COOKIERND
	DelECookieRnd();
	DelESessionRnd();
	DelECookieAdminLoginFileInfo();
	//FireWall
	FWEmptyPassword();
	//取得随机密码
	$rnd=make_password(20);
	$sql=$empire->query("update {$dbtbpre}enewsuser set rnd='$rnd' where userid='$userid'");
	DoEDelFileRnd($userid);
	DoEDelAndAuthRnd($userid);
	//操作日志
	insert_dolog("");
	printerror("ExitSuccess","index.php");
}

//验证登录IP
function eCheckAccessAdminLoginIp($openips){
	if(empty($openips))
	{
		return '';
	}
	$userip=egetip();
	//允许IP
	if($openips)
	{
		$close=1;
		foreach(explode("\n",$openips) as $ctrlip)
		{
			if(preg_match("/^(".preg_quote(($ctrlip=trim($ctrlip)),'/').")/",$userip))
			{
				$close=0;
				break;
			}
		}
		if($close==1)
		{
			echo"Ip<font color='#cccccc'>(".$userip.")</font> be prohibited.";
			exit();
		}
	}
}

//返回地址
function eAdminLoginReturnUrl($ecms=0){
	$eurl=EcmsGetReturnUrl();
	return $eurl;
}

?>