fetch_one_array("SELECT username,password,logincount,groupid FROM {$tablepre}xna_users WHERE uid='$ixnauid'"); if ($userinfo['password'] == $password && $userinfo['logincount'] == $logincount && $userinfo['username'] == $ixnauser && $userinfo['groupid'] == 1) { $adminhash = getadminhash($ixnauid,$ixnauser,$password,$logincount); $admininfo = getadmininfo($password); setcookie('ixnaadmin', authcode("$ixnauid\t$adminhash\t$admininfo\t$onlineip")); $db->query("DELETE FROM {$tablepre}xna_sessions WHERE uid='$ixnauid' OR lastactivity+1800<'$timestamp' OR hash='$adminhash'"); $db->query("INSERT INTO {$tablepre}xna_sessions (hash,uid,groupid,ipaddress,lastactivity) VALUES ('$adminhash', '$ixnauid', '$ixnagroup', '$onlineip', '$timestamp')"); loginresult('Succeed'); if ($_SERVER['QUERY_STRING']) { redirect('登陆成功,请稍候...', 'index.php'.$_SERVER['QUERY_STRING']); } redirect('登陆成功,请稍候...', 'index.php'); } else { loginresult('Failed'); loginpage(); } } // 验证用户是否处于登陆状态 list($admin_id, $admin_hash, $admin_info, $admin_ip) = $_COOKIE['ixnaadmin'] ? explode("\t", authcode($_COOKIE['ixnaadmin'], 'DECODE')) : array('', '', '', ''); $admin_id = intval($admin_id); $admin_hash = addslashes($admin_hash); $admin_info = addslashes($admin_info); $admin_ip = addslashes($admin_ip); if ($admin_id && $admin_hash && $admin_hash && $admin_ip) { $session = $db->fetch_one_array("SELECT * FROM {$tablepre}xna_sessions WHERE uid='$admin_id' AND groupid='$ixnagroup' AND hash='$admin_hash' AND lastactivity+1800>'$timestamp' AND ipaddress='$admin_ip'"); if (!$session) { $db->query("DELETE FROM {$tablepre}xna_sessions WHERE uid='$admin_id' OR hash='$admin_hash'"); loginpage(); } $userinfo = $db->fetch_one_array("SELECT uid,username,password,logincount,groupid FROM {$tablepre}xna_users WHERE uid='".$session['uid']."'"); if (!$userinfo) { loginpage(); } $adminhash = getadminhash($userinfo['uid'],$userinfo['username'],$userinfo['password'],$userinfo['logincount']); $admininfo = getadmininfo($userinfo['password']); if ($admin_hash != $adminhash || $admin_info != $admininfo || $admin_ip != $session['ipaddress']) { loginpage(); } $db->query("UPDATE {$tablepre}xna_sessions SET lastactivity='$timestamp' WHERE uid='$admin_id' AND hash='$admin_hash'"); } else { loginpage(); } // 验证登陆状态结束 if ($action == 'logout') { $db->query("DELETE FROM {$tablepre}xna_sessions WHERE uid='$admin_id' OR hash='$admin_hash'"); setcookie('ixnaadmin', ''); redirect('注销成功, 请稍后...', '../'); } // 记录管理的一切操作 getlog(); ?>