<?php/* [Discuz!] (C)2001-2007 Comsenz Inc. This is NOT a freeware, use is subject to license terms $Id: admincp.php 10318 2007-08-25 12:26:40Z heyond $*/define('IN_ADMINCP', TRUE);define('NOROBOT', TRUE);require_once './include/common.inc.php';require_once DISCUZ_ROOT.'./admin/global.func.php';require_once DISCUZ_ROOT.'./include/cache.func.php';$discuz_action = 211;include language('admincp');if($adminid <= 0) { $cpaccess = 0;} else { if(!$discuz_secques && $admincp['forcesecques']) { cpheader(); cpmsg('secques_invalid'); } if($adminipaccess && $adminid == 1 && !ipaccess($onlineip, $adminipaccess)) { $cpaccess = 2; } else { $addonlineip = $admincp['checkip'] ? "AND ip='$onlineip'" : ''; $query = $db->query("SELECT errorcount FROM {$tablepre}adminsessions WHERE uid='$discuz_uid' $addonlineip AND dateline+1800>'$timestamp'", 'SILENT'); if($db->error()) { $db->query("DROP TABLE IF EXISTS {$tablepre}adminsessions"); $db->query("CREATE TABLE {$tablepre}adminsessions (uid mediumint(8) UNSIGNED NOT NULL default '0', ip char(15) NOT NULL default '', dateline int(10) unsigned NOT NULL default '0', errorcount tinyint(1) NOT NULL default '0')"); $cpaccess = 1; } else { if($session = $db->fetch_array($query)) { if($session['errorcount'] == -1) { $db->query("UPDATE {$tablepre}adminsessions SET dateline='$timestamp' WHERE uid='$discuz_uid'", 'UNBUFFERED'); $cpaccess = 3; } elseif($session['errorcount'] <= 3) { $cpaccess = 1; } else { $cpaccess = 0; } } else { $db->query("DELETE FROM {$tablepre}adminsessions WHERE uid='$discuz_uid' OR dateline+1800<'$timestamp'"); $db->query("INSERT INTO {$tablepre}adminsessions (uid, ip, dateline, errorcount) VALUES ('$discuz_uid', '$onlineip', '$timestamp', '0')"); $cpaccess = 1; } } }}$username = !empty($username) ? dhtmlspecialchars($username) : '';$action = !empty($action) && is_string($action) ? trim($action) : '';$page = isset($page) ? intval((max(1, $page))) : 0;if(!empty($action) && !in_array($action, array('main', 'header', 'menu', 'illegallog', 'ratelog', 'modslog', 'medalslog', 'creditslog', 'banlog', 'cplog', 'errorlog'))) { switch($cpaccess) { case 0: $extra = 'PERMISSION DENIED'; break; case 1: $extra = 'AUTHENTIFICATION(ERROR #'.intval($session['errorcount']).')'; break; case 2: $extra = 'IP ACCESS DENIED'; break; case 3: $extra = $semicolon = ''; if(is_array($_GET)) { foreach(array_merge($_GET, $_POST) as $key => $val) { if(!in_array($key, array('action', 'sid', 'formhash', 'admin_password')) && $val) { $extra .= $semicolon.$key.'='; if(is_array($val)) { $extra .= 'Array('; foreach($val as $arraykey => $arrayval) { $extra .= $arraykey.'='.cutstr($arrayval, 15).'; '; } $extra .= ')'; } else { $extra .= cutstr($val, 15); } $semicolon = '; '; } } $extra = nl2br(dhtmlspecialchars($extra)); } break; } $extralog = (($action == 'home' && isset($securyservice)) || ($action == 'insenz' && in_array($operation, array('register', 'binding')))) ? '' : $extra; writelog('cplog', dhtmlspecialchars("$timestamp $discuz_userss $adminid $onlineip $action $extralog")); unset($extralog);}if($cpaccess == 0) { clearcookies(); loginmsg('noaccess');} elseif($cpaccess == 1) { if(!$admin_password || md5($admin_password) != $discuz_pw) { if($admin_password) { $db->query("UPDATE {$tablepre}adminsessions SET errorcount=errorcount+1 WHERE uid='$discuz_uid'"); writelog('cplog', dhtmlspecialchars("$timestamp $discuz_userss $adminid $onlineip $action AUTHENTIFICATION(PASSWORD)")); } loginmsg('', '', 'login'); } else { $db->query("UPDATE {$tablepre}adminsessions SET errorcount='-1' WHERE uid='$discuz_uid'"); loginmsg('login_succeed', 'admincp.php?'.$_SERVER['QUERY_STRING'].''); if(!empty($url_forward)) { echo "<meta http-equiv=refresh content="0;URL=$url_forward">";exit; } }} elseif($cpaccess == 2) { loginmsg('noaccess_ip');}if(empty($action) || isset($frames)) { parse_str($_SERVER['QUERY_STRING'], $getarray); $extra = $and = ''; foreach($getarray as $key => $value) { if($key == 'action' && in_array($value, array('header', 'menu'))) { $extra .= $and.$key.'=home'; } elseif(!in_array($key, array('sid', 'frames'))) { @$extra .= $and.$key.'='.rawurlencode($value); $and = '&'; } } $extra = $extra && $action ? $extra : (!empty($runwizard) ? 'action=runwizard' : 'action=home');?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><title>Discuz! Administrator's Control Panel</title><meta http-equiv="Content-Type" content="text/html; charset=<?=$charset?>"><script src="include/javascript/common.js" type="text/javascript"></script><script src="include/javascript/iframe.js" type="text/javascript"></script></head><body style="margin: 0px" scroll="no"><div style="position: absolute;top: 0px;left: 0px; z-index: 2;height: 65px;width: 100%"><iframe frameborder="0" id="header" name="header" src="admincp.php?action=header&sid=<?=$sid?>" scrolling="no" style="height: 65px; visibility: inherit; width: 100%; z-index: 1;"></iframe></div><table border="0" cellPadding="0" cellSpacing="0" height="100%" width="100%" style="table-layout: fixed;"><tr><td width="165" height="65"></td><td></td></tr><tr><td><iframe frameborder="0" id="menu" name="menu" src="admincp.php?action=menu&sid=<?=$sid?>" scrolling="yes" style="height: 100%; visibility: inherit; width: 100%; z-index: 1;overflow: auto;"></iframe></td><td><iframe frameborder="0" id="main" name="main" src="admincp.php?<?=$extra?>&sid=<?=$sid?>" scrolling="yes" style="height: 100%; visibility: inherit; width: 100%; z-index: 1;overflow: auto;"></iframe></td></tr></table></body></html><? exit();}$isfounder = isfounder();if($action == 'menu') { //如果你点“后台首页”就会指向menu.inc.php这个文件 require_once DISCUZ_ROOT.'./admin/menu.inc.php';} elseif($action == 'header') { //如果你点上面的那些“基本设置”,“论坛管理”,“用户管理”之类的按扭就会指向header.inc.php这个文件 require_once DISCUZ_ROOT.'./admin/header.inc.php';} elseif($action == 'logout') { //如果你点退出则执行下面的语句,删除在数据库中相应管理ID的session值 $db->query("DELETE FROM {$tablepre}adminsessions WHERE uid='$discuz_uid'"); loginmsg('logout_succeed', 'index.php'); //返回index.php页面(即论坛首页)} else { $cpscript = ''; if($adminid == 1) { if($action == 'home') { //系统设置首页 $cpscript = 'home'; } elseif($action == 'runwizard' && isfounder()) { //快速设置向导 $cpscript = 'runwizard'; } elseif($action == 'settings') { //头部基本设置 $cpscript = 'settings'; } elseif($action == 'xspace') { //头部扩展设置-->SupeSite设置,是DZ的内容管理系统(CMS) $cpscript = 'supesite'; } elseif($action == 'passport' || $action == 'shopex') { //头部扩展设置-->通行证API相关设置 $cpscript = 'passport'; } elseif($action == 'google_config') { //头部扩展设置-->GOOGLE搜索相关设置 $cpscript = 'google'; } elseif($action == 'qihoo_config' || $action == 'qihoo_relatedthreads' || $action == 'qihoo_topics') { //头部扩展设置-->QIHOO搜索相关设置 $cpscript = 'qihoo'; } elseif($action == 'forumadd' || $action == 'forumsedit' || $action == 'forumsmerge' || $action == 'forumdetail' || $action == 'forumdelete' || $action == 'moderators' || $action == 'forumcopy' || $action == 'forumrecommend') { //后台首页左边栏-->编辑版块相关设置 $cpscript = 'forums'; } elseif($action == 'editmember' || $action == 'memberadd' || $action == 'members' || $action == 'membersmerge' || $action == 'editgroups' || $action == 'access' || $action == 'editcredits' || $action == 'editmedals' || $action == 'memberprofile' || $action == 'profilefields' || $action == 'ipban' || $action == 'banmember') { //头部用用户管理-->添加用户||编辑用户||合并用户||用户栏目制定||禁止IP||禁止用户 $cpscript = 'members'; } elseif($action == 'usergroups' || $action == 'admingroups' || $action == 'ranks') { //头部用户管理-->左边栏相关设置 $cpscript = 'groups'; } elseif($action == 'announcements') { //头部其它设置-->论坛公告 $cpscript = 'announcements'; } elseif($action == 'styles') { //头部论坛管理-->界面风格 $cpscript = 'styles'; } elseif($isfounder && ($action == 'templates' || $action == 'tpladd' || $action == 'tpledit' || $action == 'tplcopy')) { $cpscript = 'templates'; } elseif($action == 'modmembers' || $action == 'modthreads' || $action == 'modreplies') { //头部用户管理-->审核新用户, $cpscript = 'moderate'; } elseif($action == 'recyclebin') { $cpscript = 'recyclebin'; } elseif($action == 'alipay' || $action == 'orders' || $action == 'ec_credit') { $cpscript = 'ecommerce'; } elseif($action == 'smilies') { $cpscript = 'smilies'; } elseif($action == 'forumlinks' || $action == 'onlinelist' || $action == 'medals' || $action == 'censor' || $action == 'discuzcodes' || $action == 'icons' || $action == 'attachtypes' || $action == 'crons' || $action == 'creditslog' || $action == 'tags') { $cpscript = 'misc'; } elseif($action == 'adv' || $action == 'advadd' || $action == 'advedit') { $cpscript = 'advertisements'; } elseif($isfounder && ($action == 'export' || $action == 'optimize' || ($action == 'import' || $action == 'importzip' || $action == 'runquery'))) { $cpscript = 'database'; } elseif($action == 'attachments') { $cpscript = 'attachments'; } elseif($action == 'counter') { $cpscript = 'counter'; } elseif($action == 'threads') { $cpscript = 'threads'; } elseif($action == 'insenz') { $cpscript = 'insenz'; } elseif($action == 'prune' || $action == 'pmprune') { $cpscript = 'prune'; } elseif($action == 'updatecache' || $action == 'jswizard' || $action == 'fileperms') { $cpscript = 'tools'; } elseif($action == 'filecheck' || $action == 'dbcheck' || $action == 'ftpcheck' || $action == 'mailcheck' || $action == 'imagepreview') { $cpscript = 'checktools'; } elseif($action == 'creditwizard') { $cpscript = 'creditwizard'; } elseif($action == 'plugins' || $action == 'pluginsconfig' || $action == 'pluginsedit' || $action == 'pluginhooks' || $action == 'pluginvars') { //头部按扭的扩展设置里的,插件设置,插件管理, $cpscript = 'plugins'; } elseif($action == 'illegallog' || $action == 'ratelog' || $action == 'modslog' || $action == 'medalslog' || $action == 'banlog' || $action == 'cplog' || $action == 'errorlog' || $action == 'invitelog') { $cpscript = 'logs'; } elseif($action == 'tradelog') { $cpscript = 'tradelog'; } elseif($action == 'faqlist' || $action == 'faqdetail') { $cpscript = 'faq'; } elseif($action == 'magic_config' || $action == 'magic' || $action == 'magicadd' || $action == 'magicedit' || $action == 'magicmarket' || $action == 'magiclog') { $cpscript = 'magics'; } elseif($action == 'upgrade' || $action == 'upgradedown' || $action == 'upgradeopenbbs') { $cpscript = 'upgrade'; } elseif($action == 'project' || $action == 'projectadd' || $action == 'projectapply') { $cpscript = 'project'; } elseif($action == 'threadtypes' || $action == 'typeoption' || $action == 'typedetail' || $action == 'optiondetail' || $action == 'typemodel' || $action == 'modeldetail') { $cpscript = 'threadtypes'; } elseif($action == 'videoconfig' || $action == 'video' || $action == 'videobind' || $action == 'videoclass') { $cpscript = 'video'; } if($radminid != $groupid) { $query = $db->query("SELECT disabledactions FROM {$tablepre}adminactions WHERE admingid='$groupid'"); $dactionarray = ($dactionarray = unserialize($db->result($query, 0))) ? $dactionarray : array(); if(in_array($action, $dactionarray)) { cpheader(); cpmsg('action_noaccess'); } } } elseif($adminid == 2 || $adminid == 3) { if($action == 'home') { $cpscript = 'home'; } elseif((($allowedituser || $allowbanuser) && ($action == 'editmember' || $action == 'banmember')) || ($allowbanip && $action == 'ipban')) { $cpscript = 'members'; } elseif($action == 'forumrules' || $action == 'forumrecommend') { $cpscript = 'forums'; } elseif($allowpostannounce && $action == 'announcements') { $cpscript = 'announcements'; } elseif(($allowmoduser && $action == 'modmembers') || ($allowmodpost && ($action == 'modthreads' || $action == 'modreplies'))) { $cpscript = 'moderate'; } elseif(($allowcensorword && $action == 'censor') || $action == 'logout') { $cpscript = 'misc'; } elseif($allowmassprune && $action == 'prune') { $cpscript = 'prune'; } elseif($action == 'plugins') { $cpscript = 'plugins'; } elseif($allowviewlog && ($action == 'ratelog' || $action == 'modslog' || $action == 'banlog')) { $cpscript = 'logs'; } } if($cpscript) { require_once DISCUZ_ROOT.'./admin/'.$cpscript.'.inc.php'; //根据上面不同的cpscript跳转到不同的页面 } else { cpheader(); //该函数查看/admin/global.func.php cpmsg('noaccess'); //该函数查看/admin/global.func.php } if($action != 'menu' && $action != 'header') { cpfooter(); //该函数查看/admin/global.func.php }}output();function loginmsg($message, $url_forward = '', $msgtype = 'message') { extract($GLOBALS, EXTR_SKIP); $action = dhtmlspecialchars($action); //特殊字符转换成HTML $message = isset($msglang[$message]) ? $msglang[$message] : $message; if($msgtype == 'message') { $message = '<tr><td> </td><td align="center" colspan="3" >'.$message; //已登陆的用户名 if($url_forward) { $message .= "<br /><br /><a href="$url_forward">dssd$lang[message_redirect]</a>"; $url_forward = transsid($url_forward); $message .= "<script> setTimeout("redirect('$url_forward');", 1250);</script><br /><br /><br /></td><td> </td></tr>"; } else { $message .= '<br /><br /><br />'; } } else { $extra = isset($action) && empty($frames) && $action != 'logout' ? '?frames=yes&'.$_SERVER['QUERY_STRING'] : (in_array($action, array('header', 'menu', 'logout')) ? '' : '?'.$_SERVER['QUERY_STRING']); $message = '<form method="get" name="login" action="admincp.php'.$extra.'">'. //后台管理登陆页面效果 '<input type="hidden" name="sid" value="'.$sid.'">'. //用户UID '<input type="hidden" name="frames" value="yes>'. '<input type="hidden" name="url_forward" value="'.$url_forward.'">'. '<tr><td> </td><td align="right">'.$lang['username'].':</td>'. //显示“用户名”三字 '<td>'.$discuz_user.'</td><td><a href="'.$link_logout.'&referer='.$indexname.'" target="_blank">'.$lang['menu_logout'].'</a></td>'. //先前登陆的用户名 。及退出按扭.$link_logout可以取到提交当前页面的父页面地址,$indexname为退出管理界面后跳转的最终界面页,此时为index.php,所以在点击退出后最终会进入论坛首页 '<td> </td></tr>'. '<tr><td> </td><td align="right">'.$lang['password'].':</td><td><input type="password" name="admin_password" size="25"></td>'. //显示“密码”两字 '<td> </td><td> </td></tr>'. '<tr><td> </td><td class="line1"> </td>'. '<td class="line1" align="center"><input type="submit" class="button" value="'.$lang['submit'].'" /></form><script language="JavaScript">document.login.admin_password.focus();</script></td>'. //提交按扭,调用JS使光标自动移动按扭上,使回车符有效 '<td class="line1"> </td><td> </td></tr>'; }?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Discuz! Administrator's Control Panel</title><meta http-equiv="Content-Type" content="text/html; charset=<?=$charset?>"><link href="./images/admincp/login.css" rel="stylesheet" type="text/css" /></head><script language="JavaScript">if(self.parent.frames.length != 0) { self.parent.location=document.location;}function redirect(url) { window.location.replace(url);}</script><br /><br /><br /><br /><table width="600" border="0" cellpadding="8" cellspacing="0" class="logintable"><tr class="loginheader"><td width="80"></td><td width="100"></td><td></td><td width="120"></td><td width="80"></td></tr><tr style="height:40px"><td> </td><td class="line1"><span style="color:#ffff66;font-size:14px;font-weight: bold;"><?=$lang['admin_page']?></span></td><td class="line1"> </td><td class="line1"> </td><td> </td></tr> <tr><td> </td><td class="line2"> </td><td class="line2"> </td><td class="line2"> </td><td> </td></tr><?=$message?> <tr><td> </td><td class="line2"> </td><td class="line2"> </td><td class="line2"> </td><td> </td></tr><tr><td colspan="5" align="center">Powered by <a href="http://www.discuz.net" target="_blank" style="color: #fff"><b>Discuz!</b></a> © 2001-2007 <a href="http://www.comsenz.com" target="_blank" style="color: #fff">Comsenz Inc.</a></td></tr><tr><td> </td><td> </td><td> </td><td> </td><td> </td></tr></table></html><? dexit();}?>