-1,'msg'=>'用户名或密码不能为空']));
}
if($verifycode==1 && (!$code || strtolower($code) != $_SESSION['vc_code'])){
exit(json_encode(['code'=>-1,'msg'=>'验证码错误']));
}
if(file_exists($login_limit_file)){
$login_limit = unserialize(file_get_contents($login_limit_file));
if($login_limit['count']>=$login_limit_count && $login_limit['time']>time()-86400){
exit(json_encode(['code'=>-1,'msg'=>'多次登录失败,暂时禁止登录。可删除@login.lock文件解除限制']));
}
}
if($username == $conf['admin_user'] && $password == $conf['admin_pwd']){
$DB->insert('log', ['uid'=>0, 'type'=>'登录后台', 'date'=>'NOW()', 'ip'=>$clientip]);
$session=md5($username.$password.$password_hash);
$expiretime=time() + 604800;
$token=authcode("{$username}\t{$session}\t{$expiretime}", 'ENCODE', SYS_KEY);
setcookie("admin_token", $token, $expiretime, null, null, null, true);
unset($_SESSION['vc_code']);
exit(json_encode(['code'=>0]));
}else{
$DB->insert('log', ['uid'=>0, 'type'=>'登录失败', 'date'=>'NOW()', 'ip'=>$clientip]);
if(!file_exists($login_limit_file)){
$login_limit = ['count'=>0,'time'=>0];
}
$login_limit['count']++;
$login_limit['time']=time();
file_put_contents($login_limit_file, serialize($login_limit));
$retry_times = $login_limit_count-$login_limit['count'];
unset($_SESSION['vc_code']);
if($retry_times == 0){
exit(json_encode(['code'=>-1,'msg'=>'多次登录失败,暂时禁止登录。可删除@login.lock文件解除限制','vcode'=>1]));
}else{
exit(json_encode(['code'=>-1,'msg'=>'用户名或密码错误,你还可以尝试'.$retry_times.'次','vcode'=>1]));
}
}
}elseif(isset($_GET['logout'])){
if(!checkRefererHost())exit();
setcookie("admin_token", "", time() - 604800);
exit("");
}elseif($islogin==1){
exit("");
}
$title='用户登录';
include './head.php';
?>