fleat:update session

system/login.php

@@ -5,10 +5,10 @@ $act = $_GET['act'] ?? '';
 
 if ($act == "logout") {
     // Clear all session variables
-    $_SESSION['loginid'] = "";
-    $_SESSION['loginuser'] = "";
-    $_SESSION['loginname'] = "";
-    $_SESSION['loginpower'] = "";
+    addSession('loginid', '');
+    addSession('loginuser', '');
+    addSession('loginname', '');
+    addSession('loginpower', '');
     session_destroy();
 }
 
@@ -31,19 +31,19 @@ if ($act == "login") {
         exit;
     }
 
+
     $sql = "SELECT id, loginuser, loginpwd, loginstate, loginname, loginlasttime, loginlastip, 
             loginthistime, loginthisip, loginpower, logincount 
-            FROM login WHERE loginuser = ?";
-    $stmt = $conn->prepare($sql);
-    $stmt->execute([$loginuser]);
+            FROM login WHERE loginuser = '" . mysqli_real_escape_string($conn, $loginuser) . "'";
+    $result = mysqli_query($conn, $sql);
     
-    if ($stmt->rowCount() == 0) {
+    if (mysqli_num_rows($result) == 0) {
         echo "4";
         exit;
     }
     
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);
-    
+    $row = mysqli_fetch_assoc($result);
+
     if ($row['loginpwd'] != md5($loginpwd)) {
         echo "5";
         exit;
@@ -55,10 +55,9 @@ if ($act == "login") {
     }
     
     // Check power status
-    $sql = "SELECT COUNT(powerstate) as count, powerstate FROM power WHERE id = ? GROUP BY powerstate";
-    $stmt = $conn->prepare($sql);
-    $stmt->execute([$row['loginpower']]);
-    $power = $stmt->fetch(PDO::FETCH_ASSOC);
+    $sql = "SELECT COUNT(powerstate) as count, powerstate FROM power WHERE id = '" . mysqli_real_escape_string($conn, $row['loginpower']) . "' GROUP BY powerstate";
+    $result = mysqli_query($conn, $sql);
+    $power = mysqli_fetch_assoc($result);
     
     if (!$power || $power['count'] == 0 || $power['powerstate'] == 0) {
         echo "6";
@@ -72,18 +71,19 @@ if ($act == "login") {
             loginlasttime = loginthistime,
             loginlastip = loginthisip,
             loginthistime = NOW(),
-            loginthisip = ?,
+            loginthisip = '" . mysqli_real_escape_string($conn, getIp()) . "',
             logincount = logincount + 1
-            WHERE id = ?";
-    $stmt = $conn->prepare($sql);
-    $stmt->execute([getIp(), $row['id']]);
+            WHERE id = '" . mysqli_real_escape_string($conn, $row['id']) . "'";
+    mysqli_query($conn, $sql);
     
     // Set session variables
-    $_SESSION['loginid'] = $row['id'];
-    $_SESSION['loginuser'] = $row['loginuser'];
-    $_SESSION['loginname'] = $row['loginname'];
-    $_SESSION['loginpower'] = $row['loginpower'];
-    
+
+    addSession('loginid', $row['id']);
+    addSession('loginuser', $row['loginuser']);
+    addSession('loginname', $row['loginname']);
+    addSession('loginpower', $row['loginpower']);
+
+
     echo "7";
     exit;
 }

system/pwd.php

@@ -52,7 +52,7 @@ if ($act == "save") {
     $loginpwd1 = textEncode($_POST['loginpwd1'] ?? '');
     $loginname = textEncode($_POST['loginname'] ?? '');
 
-    $sql = "Select loginpwd,loginname From login Where id=" . load_Session("loginid");
+    $sql = "Select loginpwd,loginname From login Where id=" . loadSession("loginid");
     $rs = $conn->query($sql);
     if ($row = $rs->fetch()) {
         if (md5($loginpwd) != $row['loginpwd']) {
@@ -62,9 +62,9 @@ if ($act == "save") {
         
         if ($loginpwd1 != "") {
             $sql = "UPDATE login SET loginpwd = '" . md5($loginpwd1) . "', loginname = '" . $loginname . "' 
-                    WHERE id = " . load_Session("loginid");
+                    WHERE id = " . loadSession("loginid");
             $conn->query($sql);
-            add_Session("loginname", $loginname);
+            addSession("loginname", $loginname);
         }
     } else {
         echo "<script>alert('好像找不到您的资料呀？还是请您重新登陆一下吧');top.location.href='login.php'</script>";
@@ -77,7 +77,7 @@ if ($act == "save") {
 
 $sql = "Select loginlasttime,loginlastip,loginthistime,loginthisip,powercontent,logincount 
         From login Left Join power On power.id=login.loginpower 
-        Where login.id=" . load_Session("loginid");
+        Where login.id=" . loadSession("loginid");
 $rs = $conn->query($sql);
 if ($row = $rs->fetch()) {
     $loginlasttime = $row['loginlasttime'];
@@ -96,7 +96,7 @@ if ($row = $rs->fetch()) {
         <tbody>
             <tr>
                 <th width="15%">用户帐号</th>
-                <td><input type="text" id="loginuser" name="loginuser" value="<?php echo load_Session("loginuser"); ?>" class="txt1" disabled="disabled" style="width:300px;" /></td>
+                <td><input type="text" id="loginuser" name="loginuser" value="<?php echo loadSession("loginuser"); ?>" class="txt1" disabled="disabled" style="width:300px;" /></td>
             </tr>
             <tr>
                 <th width="15%">原密码</th>
@@ -104,7 +104,7 @@ if ($row = $rs->fetch()) {
             </tr>
             <tr>
                 <th width="15%">用户昵称</th>
-                <td><input type="text" id="loginname" name="loginname" value="<?php echo load_Session("loginname"); ?>" class="txt1" style="width:300px;" /></td>
+                <td><input type="text" id="loginname" name="loginname" value="<?php echo loadSession("loginname"); ?>" class="txt1" style="width:300px;" /></td>
             </tr>
             <tr>
                 <th width="15%">新密码</th>