public function photo()
{
global $_FANWE;
if ($_FANWE['uid'] == 0) {
$redir_url = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
fSetCookie('redir_url', $redir_url, time() + 3600);
require_once fimport('dynamic/user');
include template('page/user/user_login');
} else {
FanweService::instance()->cache->loadCache('albums');
$imgs = $_FANWE['request']['imgUrl'];
$pageUrl = $_FANWE['request']['pageUrl'];
$img_list = explode(",", $imgs);
$count_img = count($img_list);
$videos = $_FANWE['request']['videoUrl'];
$video_list = explode(",", $videos);
$count_video = count($video_list);
if ($_FANWE['request']['showType'] == 1) {
include template("page/collection/collection_photos");
} else {
include template("page/collection/collection_photo");
}
}
display();
}
function getQqLoginUrl($appid)
{
global $_FANWE;
$state = md5(uniqid(rand(), TRUE));
$url = "https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=" . $appid . "&redirect_uri=" . urlencode($_FANWE['site_url'] . "callback/qq.php") . "&state=" . $state . "&scope=" . QQ_SCOPE;
fSetCookie('qq_state', $state);
return $url;
}
private function jump()
{
global $_FANWE;
OpenSDK_Tencent_Weibo::init($this->config['app_key'], $this->config['app_secret']);
$request_token = OpenSDK_Tencent_Weibo::getRequestToken($_FANWE['site_url'] . "callback/tqq.php");
$url = OpenSDK_Tencent_Weibo::getAuthorizeURL($request_token);
fSetCookie('login_oauth', authcode(serialize($request_token), 'ENCODE'));
$url = FU('tgo', array('url' => $url));
fHeader("location:" . $url);
}
public function bindJump()
{
global $_FANWE;
if ($_FANWE['uid'] == 0) {
$this->loginJump();
exit;
}
fSetCookie('callback_type', 'bind');
$this->jump();
}
private function jump()
{
global $_FANWE;
$oauth = new WeiboOAuth($this->config['app_key'], $this->config['app_secret']);
$keys = $oauth->getRequestToken();
$url = $oauth->getAuthorizeURL($keys['oauth_token'], false, $_FANWE['site_url'] . "callback/sina.php");
$url = FU('tgo', array('url' => $url));
fSetCookie('login_oauth', authcode(serialize($keys), 'ENCODE', $_FANWE['authkey']));
fHeader("location:" . $url);
}
public function jumpUserBindReg($data, $user_name)
{
do {
$max_count = FDB::resultFirst('SELECT COUNT(*) FROM ' . FDB::table("user") . " WHERE user_name = '" . $user_name . "'");
if ($max_count > 0) {
$user_name = $user_name . '_' . random(3);
}
} while ($max_count > 0);
$data['user_name'] = $user_name;
$data = serialize($data);
fSetCookie('bind_user_info', authcode($data, 'ENCODE'));
fHeader("location:" . FU('user/bind'));
}
public function bindHandler($user)
{
global $_FANWE;
if ($_FANWE['uid'] == 0) {
exit;
}
$bind_user = $this->getUserByTypeKeyId($this->type, $user['id']);
if ($bind_user && $bind_user['uid'] != $_FANWE['uid']) {
$data = array();
$data['short_name'] = $this->config['short_name'];
$data['keyid'] = $user['id'];
$data['type'] = $this->type;
$data['user'] = $user;
fSetCookie('sync_bind_exists', authcode(serialize($data), 'ENCODE'));
} else {
$this->bindUser($user);
}
}
public function bindHandler($parameters, $session)
{
global $_FANWE;
if ($_FANWE['uid'] == 0) {
exit;
}
$user = $this->getUserInfo($parameters['visitor_nick'], $session);
$bind_user = $this->getUserByTypeKeyId($this->type, $user['user_id']);
if ($bind_user && $bind_user['uid'] != $_FANWE['uid']) {
$data = array();
$data['type'] = $this->type;
$data['keyid'] = $user['user_id'];
$data['short_name'] = $this->config['short_name'];
$data['user'] = $user;
$data['parameters'] = $parameters;
$data['session'] = $session;
fSetCookie('sync_bind_exists', authcode(serialize($data), 'ENCODE'));
} else {
$this->bindUser($user, $parameters, $session);
}
}
public function verify()
{
global $_FANWE;
$seccode = random(6, 1);
$seccodeunits = '';
$s = sprintf('%04s', base_convert($seccode, 10, 24));
$seccodeunits = 'BCEFGHJKMPQRTVWXY2346789';
$seccode = '';
for ($i = 0; $i < 4; $i++) {
$unit = ord($s[$i]);
$seccode .= $unit >= 0x30 && $unit <= 0x39 ? $seccodeunits[$unit - 0x30] : $seccodeunits[$unit - 0x57];
}
$rhash = $_FANWE['request']['rhash'];
fSetCookie('verify' . $rhash, authcode(strtoupper($seccode) . "\t" . (TIME_UTC - 180) . "\t" . $rhash . "\t" . FORM_HASH, 'ENCODE', $_FANWE['config']['security']['authkey']), 0, 1, true);
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
require fimport('class/verify');
$verify = new Verify();
$verify->code = $seccode;
$verify->width = 100;
$verify->height = 36;
$verify->display();
}
public function bindBuyerVerifier()
{
global $_FANWE;
require_once FANWE_ROOT . "sdks/taobao/taobao.func.php";
$uid = $_FANWE['uid'];
$data['is_buyer'] = 0;
FDB::update('user', $data, "uid = {$uid}");
FanweService::instance()->cache->loadCache('logins');
$url = GetTaoBaoLoginUrl($_FANWE['cache']['logins']['taobao']['app_key']);
$url = FU('tgo', array('url' => $url));
fSetCookie('callback_type', 'buyer');
fHeader("location:" . $url);
}
/**
* 页面跳转
* @param string $string
* @param bool $replace
* @param int $http_response_code
* @return void
*/
function fHeader($string, $replace = true, $http_response_code = 0)
{
global $_FANWE;
$string = str_replace(array("\r", "\n"), array('', ''), $string);
$reg = '/location:\\s?' . preg_quote($_FANWE['site_root'], '/') . '/i';
$string = preg_replace($reg, 'Location: ' . $_FANWE['site_url'], $string);
if (strpos($string, $_FANWE['site_url'])) {
fSetCookie('from_heade', authcode(TIME_UTC, 'ENCODE'));
}
if (empty($http_response_code) || PHP_VERSION < '4.3') {
@header($string, $replace);
} else {
@header($string, $replace, $http_response_code);
}
if (preg_match('/^\\s*location:/is', $string)) {
exit;
}
}
<?php
include "base.php";
require_once FANWE_ROOT . "sdks/qq/qq.func.php";
$appid = $_FANWE['cache']['logins']['qq']['app_key'];
$appkey = $_FANWE['cache']['logins']['qq']['app_secret'];
$access_token = getQqAccessToken($appid, $appkey);
$openid = getQqOpenid($access_token);
require_once FANWE_ROOT . "core/class/user/qq.class.php";
$qq = new QqUser();
switch ($callback_type) {
case 'login':
$qq->loginHandler($access_token, $openid);
$url = FU('u/index');
break;
case 'bind':
$qq->bindHandler($access_token, $openid);
$url = FU('settings/bind');
break;
}
fSetCookie('callback_type', '');
fHeader("location:" . $url);
}
?>
<script type="text/javascript">
var USER_ID = <?php
echo $_FANWE['uid'];
?>
;
var URL_MODEL = "<?php
echo $_FANWE['setting']['url_model'];
?>
";
var DOMAIN = "<?php
echo $_FANWE['domain'];
?>
";
<?php
if (!empty($_FANWE['authoritys'])) {
$manages = array_keys($_FANWE['authoritys']);
$manages = implode(',', $manages);
}
?>
var MANAGES = "<?php
echo $manages;
?>
";
</script>
<?php
if (!empty($_FANWE['cookie']['dynamic_script'])) {
echo stripslashes($_FANWE['cookie']['dynamic_script']);
fSetCookie('dynamic_script', '');
}
public function logout()
{
global $_FANWE;
$_FANWE['nav_title'] = lang('common', 'user_logout');
FS('User')->clearSession();
//====add by chenfq 2011-10-14=========
$syslogout_js = FS("Integrate")->synLogout();
//js 需要在前台执行
//echo $syslogout_js; exit;
if (!empty($syslogout_js)) {
fSetCookie("dynamic_script", $syslogout_js);
}
fHeader("location: " . FU('index/index'));
}
<?php
include "base.php";
$login_oauth = unserialize(authcode($_FANWE['cookie']['login_oauth'], 'DECODE'));
if (empty($login_oauth)) {
exit;
}
$oauth_token = $_REQUEST['oauth_token'];
$oauth_verifier = $_REQUEST['oauth_verifier'];
if (empty($oauth_token) || empty($oauth_verifier)) {
exit;
}
$_FANWE['login_oauth']['tqq'] = $login_oauth;
require_once FANWE_ROOT . "core/class/user/tqq.class.php";
$tqq = new TqqUser();
if (!OpenSDK_Tencent_Weibo::getAccessToken($oauth_verifier)) {
exit;
}
switch ($callback_type) {
case 'login':
$tqq->loginHandler();
$url = FU('u/index');
break;
case 'bind':
$tqq->bindHandler();
$url = FU('settings/bind');
break;
}
fSetCookie('callback_type', '');
fSetCookie('login_oauth', '');
fHeader("location:" . $url);
public function getReferrals()
{
global $_FANWE;
if ($_FANWE['cookie']['referrals_uid']) {
$uid = (int) authcode($_FANWE['cookie']['referrals_uid'], 'DECODE');
if ($uid > 0) {
if (FDB::resultFirst('SELECT COUNT(uid) FROM ' . FDB::table('user') . ' WHERE uid = ' . $uid) > 0) {
return $uid;
} else {
fSetCookie('referrals_uid', 0, -1);
}
}
}
return 0;
}
<?php
$sync_bind_exists = $_FANWE['cookie']['sync_bind_exists'];
$result = array();
if (empty($sync_bind_exists)) {
$result['status'] = 0;
outputJson($result);
}
$sync_bind_exists = unserialize(authcode($sync_bind_exists, 'DECODE'));
$is_bind = $_FANWE['request']['is_bind'];
if ($is_bind) {
$avatar = '';
$type = $sync_bind_exists['type'];
$keyid = $sync_bind_exists['keyid'];
FDB::delete('user_bind', "type = '" . $type . "' AND keyid = '" . $keyid . "'");
require_once FANWE_ROOT . "core/class/user/" . $type . ".class.php";
$class = ucfirst($type) . 'User';
$class = new $class();
$class->bindByData($sync_bind_exists);
$result['status'] = 1;
} else {
$result['status'] = 0;
}
fSetCookie('sync_bind_exists', '');
outputJson($result);
public function buildUser($uid)
{
if ($this->is_user) {
if ($auth = $this->var['cookie']['auth']) {
$auth = fAddslashes(explode("\t", authcode($auth, 'DECODE')));
}
list($password, $uid) = empty($auth) || count($auth) < 2 ? array('', '') : $auth;
if ($uid) {
$user = FS('user')->getUserById($uid);
}
if (!empty($user) && $user['password'] == $password) {
$this->var['user'] = $user;
$this->var['authoritys'] = FS('User')->getAuthoritys($uid);
FS('User')->init($user);
} else {
$this->buildGuest();
}
} else {
$this->buildGuest();
}
if (empty($this->var['cookie']['last_visit'])) {
$this->var['user']['last_visit'] = TIME_UTC - 3600;
fSetCookie('last_visit', TIME_UTC - 3600, 86400 * 30);
} else {
$this->var['user']['last_visit'] = $this->var['cookie']['last_visit'];
}
$this->var['uid'] = $this->var['user']['uid'];
$this->var['user_name'] = addslashes($this->var['user']['user_name']);
$this->var['gid'] = $this->var['user']['gid'];
FS('User')->setReferrals();
}
function update()
{
if ($this->sid !== NULL) {
$data = fAddslashes($this->var);
if ($this->is_new) {
$this->delete();
FDB::insert('sessions', $data, false, false, true);
} else {
FDB::update('sessions', $data, "sid='{$data['sid']}'");
}
fSetCookie('sid', $this->sid, 86400);
}
}
exit('Access Denied');
}
global $_FANWE;
if (is_string($this->config['security']['attack_evasive'])) {
$attackevasive_tmp = explode('|', $this->config['security']['attack_evasive']);
$attackevasive = 0;
foreach ($attackevasive_tmp as $key => $value) {
$attackevasive += intval($value);
}
unset($attackevasive_tmp);
} else {
$attackevasive = $this->config['security']['attack_evasive'];
}
$last_request = isset($_FANWE['cookie']['last_request']) ? authcode($_FANWE['cookie']['last_request'], 'DECODE') : '';
if ($attackevasive & 1 || $attackevasive & 4) {
fSetCookie('last_request', authcode(TIME_UTC, 'ENCODE'), TIME_UTC + 816400, 1, true);
}
if ($attackevasive & 1) {
if (TIME_UTC - $last_request < 1) {
securityMessage(lang('common', 'attackevasive_1_subject'), lang('common', 'attackevasive_1_message'));
}
}
if ($attackevasive & 2 && ($_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_VIA'] || $_SERVER['HTTP_PROXY_CONNECTION'] || $_SERVER['HTTP_USER_AGENT_VIA'] || $_SERVER['HTTP_CACHE_INFO'] || $_SERVER['HTTP_PROXY_CONNECTION'])) {
securityMessage(lang('common', 'attackevasive_2_subject'), lang('common', 'attackevasive_2_message'), FALSE);
}
if ($attackevasive & 4) {
if (empty($last_request) || TIME_UTC - $last_request > 300) {
securityMessage(lang('common', 'attackevasive_4_subject'), lang('common', 'attackevasive_4_message'));
}
}
function securityMessage($subject, $message, $reload = TRUE)
/**
* Авторизация на форуме
*/
protected function EventForumLogin($oForum = null)
{
/**
* Загружаем переменные в шаблон
*/
$this->Viewer_Assign('oForum', $oForum);
/**
* Заголовок
*/
$this->_addTitle($this->Lang_Get('plugin.forum.authorization'));
/**
* Устанавливаем шаблон вывода
*/
$this->SetTemplateAction('login');
/**
* Если была отправлена форма с данными
*/
if (isPost('f_password')) {
$sPassword = getRequestStr('f_password');
if (!func_check($sPassword, 'text', 1, 32)) {
$this->Message_AddErrorSingle($this->Lang_Get('plugin.forum.password_blank'));
return;
}
if ($sPassword != $oForum->getPassword()) {
$this->Message_AddErrorSingle($this->Lang_Get('plugin.forum.password_wrong'));
return;
}
fSetCookie('CfFP' . $oForum->getId(), md5($sPassword));
$sBackUrl = $oForum->getUrlFull();
if (isset($_SERVER['HTTP_REFERER'])) {
$sBackUrl = $_SERVER['HTTP_REFERER'];
}
Router::Location($sBackUrl);
}
}
