- 论坛徽章:
- 0
|
有必要先说下目录结构。网站是放在虚拟主机上的。登陆页面在../admincp/login.php,验证码在../inc/rndcode.php
login.php代码如下:
- <?php
- require(dirname(__FILE__)."/../inc/config_inc.php");
- require(dirname(__FILE__)."/../inc/config_mysql.php");
- require(dirname(__FILE__)."/../inc/config_function.php");
- $conn = new MysqlConn();
- $conn->createcon();
- $web_config = $conn->fetch_array("SELECT * FROM `site_config`");
- $dopost = $_REQUEST['dopost'];
- $username = addslashes($_REQUEST['username']);
- $password = substr(md5($_REQUEST['password']),0,23);
- $date = date('Y-m-d H:i:s');
- $ip = GetIp();
- $code = $_POST['code'];
- if(empty($dopost)) $dopost="";
- if ($dopost == "login") {
- if ($code!==$_SESSION['ecode']||$code=="") {
- ShowMsg("验证码不正确","login.php");
- exit;
- }
- $row = $conn->fetch_array("select * from `admin` where `username`='$username'");
- if (!$row[0] == "") {
- $row2 = $conn->fetch_array("select * from `admin` where `password`='$password'");
- if (!$row2[0] == "") {
- if ($row2['estate']=="0") {
- showmsg("你的账户已经被锁定,请与管理员联系",-1);
- exit;
- }
- $_SESSION['username'] = $username;
- $_SESSION['time'] = time();
- $count = $row2['count']+1;
- $uplog = $conn->query("insert into `log`(`username`,`logintime`,`ip`) values('$username','$date','$ip')") or die(mysql_error());
- $upuser = $conn->query("update `admin` set `count`='$count',`ip`='$ip',`lasttime`='$date' where `username`='$username'")or die(mysql_error());
- showmsg("欢迎".$username."进入后台","index.php");
- exit;
- }
- else{
- showmsg("密码错误!",-1);
- exit;
- }
- }
- else{
- showmsg("用户名错误!",-1);
- exit;
- }
- }
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
- <title><?php echo $web_config['webname'].'系统管理登陆';?></title>
- <link type="text/css" href="../css/style.css" rel="stylesheet" />
- <style type="text/css">
- <!--
- body {
- background-color: #F1F2F4;
- }
- -->
- </style></head>
- <body>
- <table width="500" border="0" align="center" cellpadding="0" cellspacing="0">
- <tr>
- <td width="18" height="16" align="right" valign="bottom"><img src="images/left_top.gif" width="18" height="16" /></td>
- <td align="center" valign="bottom" background="images/row_top.gif"></td>
- <td width="14" align="left" valign="bottom"><img src="images/right_top.gif" width="14" height="16" /></td>
- </tr>
- <tr>
- <td align="right" background="images/left_bg.gif"> </td>
- <td align="center" valign="middle" background="images/main_bg.gif"><table width="100%" border="0" cellpadding="0" cellspacing="0" class="lrd">
- <tr>
- <td height="22" align="center" background="images/admin_tablebar.gif" class="def_text">[ + 管理员登陆 + ]</td>
- </tr>
- <tr>
- <td align="center" bgcolor="#CCCCCC"><table width="100%" border="0" cellspacing="1" cellpadding="0">
- <form action="" method="post">
- <input type="hidden" name="dopost" value="login">
- <tr bgcolor="#F1F2F4">
- <td width="20%" height="25" align="center" class="def_text">管理员用户</td>
- <td height="25" align="center"><input name="username" type="text" class="input" id="username" size="50" /></td>
- </tr>
- <tr bgcolor="#F1F2F4">
- <td width="20%" height="25" align="center" class="def_text">管理员密码</td>
- <td height="12" align="center"><input name="password" type="password" class="input" id="password" size="50" /></td>
- </tr>
- <tr bgcolor="#F1F2F4">
- <td height="12" align="center" class="def_text">验 证 码</td>
- <td height="12" align="center"><table width="75%" border="0" align="center" cellpadding="0" cellspacing="0">
- <tr>
- <td width="11%"><div align="left">
- <input name="code" type="text" class="input" id="code" size="4" maxlength="4" />
- </div></td>
- <td width="15%"> </td>
- <td width="74%"><div align="left"><img src="../inc/rndcode.php" /></div></td>
- </tr>
- </table></td>
- </tr>
- <tr bgcolor="#F1F2F4">
- <td height="30" colspan="2" align="center" bgcolor="#F1F2F4"><input name="goto" type="hidden" id="goto" value="<?php echo $backurl;?>" />
- <input name="submit_login" type="submit" class="input" id="submit_login" value=" 管 理 员 登 陆 " />
- <input name="loginyes" type="hidden" id="loginyes" value="1" /></td>
- </tr>
- </form>
- </table></td>
- </tr>
- </table></td>
- <td align="left" background="images/right_bg.gif"> </td>
- </tr>
- <tr>
- <td align="right" valign="top"><img src="images/left_down.gif" width="18" height="18" /></td>
- <td align="center" valign="top" background="images/row_down.gif"> </td>
- <td align="left" valign="top"><img src="images/right_down.gif" width="14" height="18" /></td>
- </tr>
- </table>
- <br />
- <table width="500" border="0" align="center" cellpadding="0" cellspacing="0">
- <tr>
- <td height="25" align="center" class="def_text"><?php echo $web_config['copyright']?></td>
- </tr>
- </table>
- </body>
- </html>
复制代码
rndcode.php代码如下:
- <?
- //生成新的四位整数验证码
- session_start();//开始会话
- $authnum = '';
- $str = 'abcdefghijkmnpqrstuvwxyz1234567890';
- $l = strlen($str);
- for($i=1;$i<=4;$i++)
- {
- $num=rand(0,$l);
- $authnum.= $str[$num];
- }
- //生成SESSION变量
- $_SESSION['ecode']=$authnum;
- //生成验证码图片
- Header("Content-type: image/PNG");
- srand((double)microtime()*1000000);
- $im = imagecreate(50,20);
- $black = ImageColorAllocate($im, 243,243,243);
- $white = ImageColorAllocate($im, 0,0,0);
- $gray = ImageColorAllocate($im, 200,200,200);
- imagefill($im,68,30,$gray);
- //将四位整数验证码绘入图片
- imagestring($im, 5, 6, 3, $authnum, $white);
- for($i=0;$i<90;$i++) //加入干扰象素
- {
- imagesetpixel($im, rand()%70 , rand()%30 , $gray);
- }
- ImagePNG($im);
- ImageDestroy($im);
- ?>
复制代码
用GB或者遨游下运行login.php能顺利登陆。在IE下就不能登陆,提示验证码错误。后经过测试发现在IE下不能获取到$_SESSION['ecode']的值。这个是什么原因。把rndcode.php移动到admincp目录下就好了。 |
|