upload

.htaccess

@@ -1,5 +0,0 @@
-php_value display_errors Off
-php_flag magic_quotes 1
-php_flag magic_quotes_gpc 1
-php_value mbstring.http_input auto
-php_value date.timezone Asia/Shanghai

admin/views/login.php

@@ -11,22 +11,22 @@ if (!defined('IN_SYS')) {
         <div class="col-md-6 col-sm-6 margin-auto">
             <div class="panel panel-default">
                 <div class="panel-heading">
-                    <h3 class="panel-title">Admin Login</h3>
+                    <h3 class="panel-title">Login</h3>
                 </div>
                 <div class="panel-body">
                     <?php if (!isAdminLoggedIn()) { ?>
                         <form action="" method="POST" class="form-horizontal">
                             <label>
                                 <span>Admin:</span>
-                                <input type="text" name="username" class="form-control" maxlength="18" placeholder="Admin Username" autofocus required>
+                                <input type="text" name="username" class="form-control" maxlength="18" placeholder="Username" autofocus required>
                             </label>
                             <label>
                                 <span>Password:</span>
-                                <input type="password" name="password" class="form-control" maxlength="35" placeholder="Admin Password" required>
+                                <input type="password" name="password" class="form-control" maxlength="35" placeholder="Password" required>
                             </label>
                             <label>
                                 <span>Captcha:</span>
-                                <input type="text" name="captcha" class="form-control" maxlength="18" placeholder="CAPTCHA" required autocomplete="off">
+                                <input type="text" name="captcha" class="form-control" maxlength="18" placeholder="CAPTCHA" required autocomplete="off" style="background-image: url(library/captcha.php);">
                             </label>
                             <button type="submit" name="do_login" class="btn btn-primary"><?php echo $LANG['login']; ?></button>
                         </form>

assets/css/admin.css

@@ -24,7 +24,7 @@ label select {
 }
 
 input[name="captcha"] {
-    background: url(/include/captcha.php) no-repeat;
+    background-repeat: no-repeat;
     background-size: 160px 30px;
     background-position-x: right;
     background-position-y: center;

clientarea.php

@@ -2,14 +2,9 @@
 
 session_start();
 define('IN_SYS', true);
+require_once("core.php");
 
-$ROOT = __DIR__;
-
-// include_once "{$ROOT}/lib/language.php";
-include_once "{$ROOT}/clientarea/data/config.php";
-include_once "{$ROOT}/clientarea/library/email.class.php";
-include_once "{$ROOT}/clientarea/library/functions.php";
-
+include_once "{$ROOT}/library/email.class.php";
 $section = empty($_GET["s"]) ? "main" : $_GET["s"];
 $section_page = "{$ROOT}/clientarea/views/{$section}.php";
 if (!is_file($section_page)) {

clientarea/controllers/edit_details.php

@@ -35,7 +35,7 @@ if (isset($_POST["edit"])) {
         $errors["username_err"] = "Username min limit is 5 & max is 15 characters";
     }
 
-    if (!isemail($email)) {
+    if (!is_email($email)) {
         $errors["email_err"] = "The email address is invalid.";
     }
 

clientarea/controllers/forget_password.php

@@ -19,7 +19,7 @@ if (isset($_POST["reset_request"])) {
     $email = filter_input(INPUT_POST, "email", FILTER_SANITIZE_EMAIL);
     if (empty($email)) {
         $errors["email_err"] = "The email address is empty.";
-    } elseif (!isemail($email)) {
+    } elseif (!is_email($email)) {
         $errors["email_err"] = "The email address is invalid.";
     } elseif (!checkUserByEmail($email)) {
         $errors["email_err"] = "The email address not found in system.";

clientarea/controllers/register.php

@@ -32,7 +32,7 @@ if (isset($_POST["register"])) {
         $errors["username_err"] = "Username already exists";
     }
 
-    if (!isemail($email)) {
+    if (!is_email($email)) {
         $errors["email_err"] = "The email address is invalid.";
     } elseif (checkUserByEmail($email)) {
         $errors["email_err"] = "The email address already exists in system.";

clientarea/controllers/request-account-activate.php

@@ -12,7 +12,7 @@ $data = getMsg("form_data");
 if (isset($_POST["request-activate-account"])) {
     $errors = array();
     $email = filter_input(INPUT_POST, "email", FILTER_SANITIZE_EMAIL);
-    if (!isemail($email)) {
+    if (!is_email($email)) {
         $errors["email_err"] = "The email address is invalid.";
     } elseif (!checkUserByEmail($email)) {
         $errors["email_err"] = "The email address not found in system.";

clientarea/data/config.php

@@ -1,26 +0,0 @@
-<?php
-if (!defined('IN_SYS')) {
-    // exit('禁止访问');
-    header("Location: ../../clientarea.php");
-    exit;
-}
-
-define("URLROOT", "http://crogroup.cn");
-define("APPROOT", dirname(__FILE__));
-define("DB_HOST", "bv2g0ksp.hk1027lan.dnstoo.com:3306");
-define("DB_USER", "gcop2h_f");
-define("DB_PASSWORD", "gdwst6ob");
-define("DB_NAME", "gcop2h");
-define("SMTP_SERVER", "smtp.u-id.cn");
-define("SMTP_PORT", 25);
-define("SMTP_MAILADDR", "croidc@u-id.cn");
-define("SMTP_USERNAME", "croidc@u-id.cn");
-define("SMTP_PASSWORD", "cro@IDC521");
-
-$static_release = '1559728996134';
-$brandName = "UIISC";
-$siteURL = "http://crogroup.cn";
-$iFastNetAff = 19474;
-$CopyRightYear = "2013 - " . date("Y");
-$author = 'Crogram Inc.';
-$description = "uiisc, freewebhost, webhost, Crogram, iFastNet";

clientarea/library/functions.php

@@ -1,217 +0,0 @@
-<?php
-
-function objDB()
-{
-    $objDB = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
-    if ($objDB->connect_error) {
-        die("Connection not established");
-    }
-    return $objDB;
-}
-
-function upload_image($image)
-{
-
-    if (!is_dir(APPROOT . "/images")) {
-        mkdir(APPROOT . "/images");
-    }
-
-    if ($image["error"] == 4) {
-        die("image file not uploaded");
-    }
-
-    if ($image["type"] != "image/png") {
-        die("Only, png image files are allowed");
-    }
-
-    $image_info = pathinfo($image["name"]);
-    extract($image_info);
-    $image_convention = $filename . time() . ".$extension";
-
-    if (move_uploaded_file($image["tmp_name"], APPROOT . "/images/" . $imageConvention)) {
-        return $image_convention;
-    } else {
-        return false;
-    }
-}
-
-function cTime($timestamp)
-{
-    return date("Y-m-d H:i:s", $timestamp);
-}
-
-function checkUserByEmail($email)
-{
-
-    $objDB = objDB();
-    $stmt = $objDB->prepare(
-        "SELECT * FROM users WHERE email=?"
-    );
-
-    $stmt->bind_param("s", $email);
-    $stmt->execute();
-    $stmt->store_result();
-    return $stmt->num_rows;
-}
-
-function checkUserByUsername($username)
-{
-
-    $objDB = objDB();
-    $stmt = $objDB->prepare(
-        "SELECT * FROM users WHERE username=?"
-    );
-    $stmt->bind_param("s", $username);
-    $stmt->execute();
-    $stmt->store_result();
-    return $stmt->num_rows;
-}
-
-function checkUserActivation($username)
-{
-
-    $objDB = objDB();
-    $stmt = $objDB->prepare(
-        "SELECT * FROM users WHERE username=? AND is_active=1"
-    );
-    $stmt->bind_param("s", $username);
-    $stmt->execute();
-    $stmt->store_result();
-    return $stmt->num_rows;
-}
-
-function setMsg($name, $value, $class = "success")
-{
-    if (is_array($value)) {
-        $_SESSION[$name] = $value;
-    } else {
-        $_SESSION[$name] = "<div class='alert alert-$class text-center'>$value</div>";
-    }
-}
-
-function getMsg($name)
-{
-    if (isset($_SESSION[$name])) {
-        $session = $_SESSION[$name];
-        unset($_SESSION[$name]);
-        return $session;
-    }
-}
-
-function getUserById($user_id)
-{
-
-    $objDB = objDB();
-    $stmt = $objDB->prepare(
-        "SELECT * FROM users WHERE id=?"
-    );
-    $stmt->bind_param("i", $user_id);
-    $stmt->execute();
-    $result = $stmt->get_result();
-    return $result->fetch_object();
-}
-
-function verifyUserAccount($code)
-{
-
-    $objDB = objDB();
-    $stmt = $objDB->prepare(
-        "UPDATE users SET is_active = 1 , reset_code = '' WHERE reset_code = ?"
-    );
-    $stmt->bind_param("s", $code);
-    $stmt->execute();
-    $stmt->store_result();
-    return $stmt->affected_rows;
-}
-
-function checkUserByCode($code)
-{
-    $objDB = objDB();
-    $stmt = $objDB->prepare(
-        "SELECT * FROM users WHERE reset_code = ?"
-    );
-    $stmt->bind_param("s", $code);
-    $stmt->execute();
-    $stmt->store_result();
-    return $stmt->num_rows;
-}
-
-function isUserLoggedIn()
-{
-    if (isset($_SESSION["user"]) || isset($_COOKIE["user"])) {
-        return true;
-    } else {
-        return false;
-    }
-}
-
-function get_userinfo()
-{
-    return isUserLoggedIn() ? isset($_COOKIE["user"]) ? unserialize($_COOKIE["user"]) : $_SESSION["user"] : "";
-}
-
-function send_mail($detail = array())
-{
-    if (!empty($detail["to"]) && !empty($detail["message"]) && !empty($detail["subject"])) {
-        $to = $detail["to"];
-        $totitle = isset($detail["totitle"]) ? $detail["totitle"] : "";
-        $from = SMTP_MAILADDR;
-        $fromtitle = isset($detail["fromtitle"]) ? $detail["fromtitle"] : "";
-        $subject = $detail["subject"];
-        $body = $detail["message"];
-        $mailtype = "HTML"; // HTML/TXT
-
-        $smtp = new MailSMTP(SMTP_SERVER, SMTP_PORT, true, SMTP_USERNAME, SMTP_PASSWORD);
-        $smtp->debug = false;
-        $res = $smtp->sendmail($to, $totitle, $from, $fromtitle, $subject, $body, $mailtype);
-        if (!$res) {
-            return false;
-        } else {
-            return true;
-        }
-    } else {
-        die("Your Mail Handler requires four main paramters");
-    }
-}
-
-/**
- * redirect to functions URL
- */
-function redirect($module, $section = "", $param = [])
-{
-    $url = $param ? setRouter($module, $section) . "&" . http_build_query($param) : setRouter($module, $section);
-    // $param = $param ? http_build_query($param) : "";
-    // $url = $section ? setRouter($module, $section) . "&" . $param : setRouter($module) . "?" . $param;
-    header("Location: {$url}");
-    exit;
-}
-
-/** make router URL
- * @param mixed $module
- * @param mixed $section
- * @return string
- */
-function setRouter($module, $section = "")
-{
-    return empty($section) ? "{$module}.php" : "{$module}.php?s=$section";
-}
-
-/** make a full path http URL
- * @param mixed $module
- * @param mixed $section
- * @return string
- */
-function setURL($module, $section = "")
-{
-    return empty($section) ? URLROOT . "/{$module}.php" : URLROOT . "/{$module}.php?s=$section";
-}
-
-/** Determine if a variable is an email address
- * 
- * @param string $email
- * @return bool
- */
-function isemail($email = "")
-{
-    return preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,})$/", $email);
-}

data/config.php

@@ -5,6 +5,18 @@ if (!defined('IN_SYS')) {
     exit;
 }
 
+define("URLROOT", "http://crogroup.cn");
+define("APPROOT", dirname(__FILE__));
+define("DB_HOST", "bv2g0ksp.hk1027lan.dnstoo.com:3306");
+define("DB_USER", "gcop2h_f");
+define("DB_PASSWORD", "gdwst6ob");
+define("DB_NAME", "gcop2h");
+define("SMTP_SERVER", "smtp.u-id.cn");
+define("SMTP_PORT", 25);
+define("SMTP_MAILADDR", "croidc@u-id.cn");
+define("SMTP_USERNAME", "croidc@u-id.cn");
+define("SMTP_PASSWORD", "cro@IDC521");
+
 $static_release = '1559728996134';
 $brandName = "UIISC";
 $iFastNetAff = 19474;
@@ -14,6 +26,7 @@ $title_s = "UIISC";
 $author = 'Crogram Inc.';
 $description = "uiisc, freewebhost, webhost, Crogram, iFastNet";
 $google_site_verification = "5O6Wxt0gIyGb7btMuXiQqddZJ516n-xBOW_9RLMBeSY";
+$siteURL = "http://crogroup.cn";
 
 $admin = [
     "name" => "管理员",

include/index.php

@@ -1,2 +0,0 @@
-<?php
-header("Location: ../index.php");