<?php
session_start();
header('Content-Type: text/html; charset=utf-8');
header('X-Powered-By: PHP/8.0');
date_default_timezone_set('Asia/Shanghai');
// 数据库连接
$conn = new mysqli("127.0.0.1", "crm", "Qweasdzxc", "crm_new");
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$conn->set_charset("utf8");
// Get website settings
$result = $conn->query("SELECT webname, keywords, description, indexwebname, copyright FROM inc LIMIT 1");
if ($result) {
$row = $result->fetch_assoc();
$webname = textUncode($row['webname']);
$webkeywords = textUncode($row['keywords']);
$webdescription = textUncode($row['description']);
$indexwebname = textUncode($row['indexwebname']);
$copyright = textUncode($row['copyright']);
$result->close();
}
// Global variables
$useid = '';
$usename = '';
$usesex = '';
$usecompany = '';
$usetel = '';
$useemail = '';
// Session handling functions
function addSession($key, $value) {
$_SESSION['hjunkel.com' . $key] = $value;
}
function loadSession($key) {
return $_SESSION['hjunkel.com' . $key] ?? '';
}
// Check login function
function checkLogin($permission = '') {
global $conn;
$loginId = loadSession('loginid');
$loginUser = loadSession('loginuser');
$loginName = loadSession('loginname');
$loginPower = loadSession('loginpower');
if (empty($loginId) || empty($loginUser) || empty($loginName) || empty($loginPower)) {
echo "<script>top.location.href='login.php'</script>";
exit;
}
if (!is_numeric($loginId) || !is_numeric($loginPower)) {
echo "<script>top.location.href='login.php'</script>";
exit;
}
$loginId = $conn->real_escape_string($loginId);
$loginUser = $conn->real_escape_string($loginUser);
$result = $conn->query("SELECT loginstate, loginpower FROM login WHERE id=$loginId AND loginuser='$loginUser'");
if ($result->num_rows === 0) {
echo "<script>alert('登录超时,请重新登录');top.location.href='login.php'</script>";
exit;
}
$row = $result->fetch_assoc();
if ($row['loginstate'] == 0) {
echo "<script>alert('您的帐号已被系统停用,请联系管理员');top.location.href='login.php'</script>";
exit;
}
if ($row['loginpower'] != (int)$loginPower) {
echo "<script>alert('您的权限已被更新,请重新登录');top.location.href='login.php'</script>";
exit;
}
$result = $conn->query("SELECT powerstate, powercontent FROM power WHERE id=$loginPower");
if ($result->num_rows === 0) {
echo "<script>alert('您的帐号已被系统停用,请联系管理员');top.location.href='login.php'</script>";
exit;
}
$row = $result->fetch_assoc();
if ($row['powerstate'] == 0) {
echo "<script>alert('您的帐号已被系统停用,请联系管理员');top.location.href='login.php'</script>";
exit;
}
$powerContent = $row['powercontent'];
if (!empty($permission) && strpos($powerContent, $permission) === false) {
echo "<script>alert('Sorry,您没有操作该功能的权限');history.back();</script>";
exit;
}
}
function chkLogin($permission) {
global $conn;
$loginPower = loadSession('loginpower');
$result = $conn->query("SELECT powercontent FROM power WHERE id=" . (int)$loginPower);
if ($result->num_rows === 0) {
return false;
}
$row = $result->fetch_assoc();
if (!empty($permission) && strpos($row['powercontent'], $permission) === false) {
return false;
}
return true;
}
function checkPost() {
// 可以根据需要实现POST检查
// if (!isset($_SERVER['HTTP_REFERER']) || parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) !== $_SERVER['SERVER_NAME']) {
// die("<script>alert('对不起,服务器拒绝您的请求');history.back()</script>");
// }
}
function txt2HTML($text) {
if (empty($text) || is_null($text)) {
return '';
}
return htmlspecialcharsFix($text, ENT_QUOTES | ENT_HTML5, 'UTF-8');
}
function html2Txt($text) {
if (empty($text) || is_null($text)) {
return '';
}
return htmlspecialchars_decode($text, ENT_QUOTES);
}
function htmlEncode($text) {
if (empty($text) || is_null($text)) {
return '';
}
$chars = [
'&' => '&', "\t" => '	', "\n" => ' ', "\r" => ' ',
' ' => ' ', '"' => '"', '%' => '%', "'" => ''',
'(' => '(', ')' => ')', '<' => '<', '>' => '>',
'[' => '[', ']' => ']', '^' => '^', '_' => '_',
'{' => '{', '|' => '|', '}' => '}'
];
return strtr($text, $chars);
}
//function htmlUncode($text) {
// if (empty($text) || is_null($text)) {
// return '';
// }
//
// $chars = array_flip([
// '&' => '&', "\t" => '	', "\n" => ' ', "\r" => ' ',
// ' ' => ' ', '"' => '"', '%' => '%', "'" => ''',
// '(' => '(', ')' => ')', '<' => '<', '>' => '>',
// '[' => '[', ']' => ']', '^' => '^', '_' => '_',
// '{' => '{', '|' => '|', '}' => '}'
// ]);
//
// return strtr($text, $chars);
//}
function htmlUnCode($t0) {
if (empty($t0) || is_array($t0)) {
return "";
}
$replacements = [
"	" => chr(9), "" => chr(11), " " => chr(10),
" " => chr(13), " " => chr(32), """ => chr(34),
"%" => chr(37), "'" => chr(39), "(" => chr(40),
")" => chr(41), "<" => chr(60), ">" => chr(62),
"[" => chr(91), "]" => chr(93), "^" => chr(94),
"_" => chr(95), "{" => chr(123), "|" => chr(124),
"}" => chr(125), "&" => chr(38)
];
return strtr($t0, $replacements);
}
function textEncode($text) {
if (empty($text) || is_null($text)) {
return '';
}
$text = trim($text);
// Remove control characters
$text = preg_replace('/[\x00-\x1F\x7F]/', '', $text);
return htmlEncode($text);
}
function textUncode($text) {
if (empty($text) || is_null($text)) {
return '';
}
return htmlUncode($text);
}
function htmlUncode1($text) {
if (empty($text) || is_null($text)) {
return '';
}
$replacements = [
'	' => "\t",
'' => "\v",
' ' => '<br />',
' ' => '<br />',
' ' => '<br />',
' ' => ' ',
'&' => '&'
];
return strtr($text, $replacements);
}
function strLeft($str, $length) {
if (empty($str)) {
return '';
}
$substr = mb_substr($str, 0, $length, 'UTF-8');
return ($substr != $str) ? $substr . '..' : $substr;
}
function enMonth($m) {
$months = [
'1' => 'Jan', '2' => 'Feb', '3' => 'Mar',
'4' => 'Apr', '5' => 'May', '6' => 'Jun',
'7' => 'Jul', '8' => 'Aug', '9' => 'Sep',
'10' => 'Oct', '11' => 'Nov', '12' => 'Dec'
];
return $months[$m] ?? 'Dec';
}
function sitelinkReplace($content, $search, $replace, $limit = -1) {
if (empty($content) || is_null($content)) {
return '';
}
// 保存HTML标签内容
$patterns = [
'/<a[^<>]+>.+?<\/a>/is', // 链接
'/<img[^<>]+>/is', // 图片
'/<h[1-6]+\s*>.+?<\/h[1-6]+>/is' // 标题
];
$savedTags = [];
$i = 0;
foreach ($patterns as $pattern) {
$content = preg_replace_callback($pattern, function($match) use (&$savedTags, &$i) {
$savedTags[$i] = $match[0];
$placeholder = "[{$i}]";
$i++;
return $placeholder;
}, $content);
}
if ($i == 0) {
// 如果没有需要保护的HTML标签,直接替换
return str_replace($search, $replace, $content, $limit);
}
// 执行替换
$content = str_replace($search, $replace, $content, $limit);
// 还原保存的标签
for ($j = 0; $j < $i; $j++) {
$content = str_replace("[{$j}]", $savedTags[$j], $content);
}
return $content;
}
function getIp() {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? '';
if (strlen($ip) > 15) {
$ip = 'Unknown';
}
return htmlEncode($ip);
}
function formatTime($time, $format) {
if (!strtotime($time)) {
return '';
}
$replacements = [
'yyyy' => 'Y',
'yy' => 'y',
'mm' => 'm',
'dd' => 'd',
'hh' => 'H',
'ff' => 'i',
'ss' => 's'
];
$phpFormat = strtr($format, $replacements);
return date($phpFormat, strtotime($time));
}
function removeHTML($text) {
if (empty($text) || is_null($text)) {
return '';
}
// Remove scripts and iframes
$text = preg_replace(['/<script\b[^>]*>(.*?)<\/script>/is', '/<iframe\b[^>]*>(.*?)<\/iframe>/is'], '', $text);
// Convert special characters
$text = str_replace(['<', '>'], ['<', '>'], $text);
// Remove all remaining HTML tags
$text = strip_tags($text);
// Remove special characters and whitespace
$text = str_replace([' ', "\r", "\n", "\t", "\x09", "\x0A", "\x0D", "\x16"], '', $text);
return trim($text);
}
function isValidEmail($email) {
if (empty($email)) {
return false;
}
$parts = explode('@', $email);
if (count($parts) !== 2) {
return false;
}
list($local, $domain) = $parts;
if (empty($local) || empty($domain)) {
return false;
}
if (!preg_match('/^[a-zA-Z0-9._-]+$/', $local)) {
return false;
}
if (strpos($domain, '.') === false) {
return false;
}
$tld = substr($domain, strrpos($domain, '.') + 1);
if (strlen($tld) < 2 || strlen($tld) > 3) {
return false;
}
if (strpos($email, '..') !== false) {
return false;
}
return true;
}
//处理特殊字符
function htmlspecialcharsFix($input_str)
{
return htmlUnCode($input_str);
// return $input_str;
}