-1,'msg'=>'用户名或密码不能为空']));
}
if($verifycode==1 && (!$code || strtolower($code) != $_SESSION['vc_code'])){
exit(json_encode(['code'=>-1,'msg'=>'验证码错误']));
}
$errcount = $DB->getColumn("SELECT count(*) FROM `pre_log` WHERE `ip`='$clientip' AND `date`>DATE_SUB(NOW(),INTERVAL 1 DAY) AND `uid`=0 AND `type`='登录失败'");
if($errcount >= $login_limit_count && file_exists($login_limit_file)){
exit(json_encode(['code'=>-1,'msg'=>'多次登录失败,暂时禁止登录。可删除@login.lock文件解除限制']));
}
if($username == $conf['admin_user'] && $password == $conf['admin_pwd']){
$DB->insert('log', ['uid'=>0, 'type'=>'登录后台', 'date'=>'NOW()', 'ip'=>$clientip]);
$session=md5($username.$password.$password_hash);
$expiretime=time() + 2592000;
$token=authcode("{$username}\t{$session}\t{$expiretime}", 'ENCODE', SYS_KEY);
setcookie("admin_token", $token, $expiretime, null, null, null, true);
unset($_SESSION['vc_code']);
exit(json_encode(['code'=>0]));
}else{
$DB->insert('log', ['uid'=>0, 'type'=>'登录失败', 'date'=>'NOW()', 'ip'=>$clientip]);
unset($_SESSION['vc_code']);
$errcount++;
$retry_times = $login_limit_count - $errcount;
if($retry_times < 0) $retry_times = 0;
if($retry_times <= 0){
file_put_contents($login_limit_file, '1');
exit(json_encode(['code'=>-1,'msg'=>'多次登录失败,暂时禁止登录。可删除@login.lock文件解除限制','vcode'=>1]));
}else{
exit(json_encode(['code'=>-1,'msg'=>'用户名或密码错误,你还可以尝试'.$retry_times.'次','vcode'=>1]));
}
}
}elseif(isset($_GET['logout'])){
if(!checkRefererHost())exit();
setcookie("admin_token", "", time() - 2592000);
exit("");
}elseif($islogin==1){
exit("");
}
$title='用户登录';
include './head.php';
?>