<?php
include "conn.php";
$act = $_GET['act'] ?? '';
if ($act == "logout") {
// Clear all session variables
$_SESSION['loginid'] = "";
$_SESSION['loginuser'] = "";
$_SESSION['loginname'] = "";
$_SESSION['loginpower'] = "";
session_destroy();
}
if ($act == "login") {
checkPost();
$loginuser = textEncode($_POST['loginuser'] ?? '');
$loginpwd = textEncode($_POST['loginpwd'] ?? '');
$logincode = $_POST['logincode'] ?? '';
if ($loginuser == "") {
echo "1";
exit;
}
if ($loginpwd == "") {
echo "2";
exit;
}
if ($logincode != $_SESSION['zengscode']) {
echo "3";
exit;
}
$sql = "SELECT id, loginuser, loginpwd, loginstate, loginname, loginlasttime, loginlastip,
loginthistime, loginthisip, loginpower, logincount
FROM login WHERE loginuser = ?";
$stmt = $conn->prepare($sql);
$stmt->execute([$loginuser]);
if ($stmt->rowCount() == 0) {
echo "4";
exit;
}
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row['loginpwd'] != md5($loginpwd)) {
echo "5";
exit;
}
if ($row['loginstate'] < 1) {
echo "6";
exit;
}
// Check power status
$sql = "SELECT COUNT(powerstate) as count, powerstate FROM power WHERE id = ? GROUP BY powerstate";
$stmt = $conn->prepare($sql);
$stmt->execute([$row['loginpower']]);
$power = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$power || $power['count'] == 0 || $power['powerstate'] == 0) {
echo "6";
exit;
}
$_SESSION['zengscode'] = "";
// Update login information
$sql = "UPDATE login SET
loginlasttime = loginthistime,
loginlastip = loginthisip,
loginthistime = NOW(),
loginthisip = ?,
logincount = logincount + 1
WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->execute([getIp(), $row['id']]);
// Set session variables
$_SESSION['loginid'] = $row['id'];
$_SESSION['loginuser'] = $row['loginuser'];
$_SESSION['loginname'] = $row['loginname'];
$_SESSION['loginpower'] = $row['loginpower'];
echo "7";
exit;
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<link href="css/loginlayout.css" type="text/css" rel="stylesheet" />
<title><?php echo $webname; ?> - 网站后台管理</title>
<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
<script type="text/javascript" src="js/loginjs.js"></script>
</head>
<body>
<div id="container">
<form id="loginform" name="loginform" method="post">
<div class="loginuser"><label for="loginuser">用户帐号:</label><input type="text" id="loginuser" name="loginuser" maxlength="50" /></div>
<div class="loginpwd"><label for="loginpwd">用户密码:</label><input type="password" id="loginpwd" name="loginpwd" maxlength="50" /></div>
<div class="logincode"><label for="logincode">验 证 码:</label><input type="text" id="logincode" name="logincode" maxlength="5" /><span id="showlogincode"></span></div>
<div><input type="submit" id="loginbtn" name="loginbtn" value="登陆" /></div>
<div id="formmsg"></div>
</form>
<div id="copyright">Copyright © Mietubl All Rights Reserved</div>
</div>
</body>
</html>