function tag()
{
for ($i = 0; $i < 100000; $i++) {
$tag = new Tag();
$tag->Name = getRandStr(mt_rand(2, 5));
$tag->Save();
}
}
public function setUserLogin($userInfo = array(), $remember = 0, $saveLogin = true)
{
if ($saveLogin) {
$this->update("logincount=logincount+1,loginip='" . ip2long(getUserIp()) . "',logintime='" . TIME . "'", array('id' => $userInfo['id']));
}
$saltkey = getRandStr(8);
$auth = setEnocde($userInfo['id'] . "\t" . $userInfo['psw'], admin::getAuthKey($saltkey));
myCookie('s_saltkey', $saltkey, $remember);
myCookie('s_auth', $auth, $remember);
return true;
}
function getdata_yqm($gs)
{
$data = str_ireplace('{年}', date("Y"), $gs);
$data = str_ireplace('{月}', date("m"), $data);
$data = str_ireplace('{日}', date("d"), $data);
$data = str_ireplace('{时}', date("H"), $data);
$data = str_ireplace('{分}', date("i"), $data);
$data = str_ireplace('{秒}', date("s"), $data);
preg_match('/{随机\\[([1-9]|1[0-9])\\]}/', $data, $re);
if (!empty($re[1])) {
$data = str_ireplace($re[0], getRandStr($re[1]), $data);
}
return $data;
}
function autoconfig()
{
exec("echo {$OPENSHIFT_MYSQL_DB_HOST}", $DBHOST);
exec("echo {$OPENSHIFT_MYSQL_DB_USERNAME}", $DBUSER);
exec("echo {$OPENSHIFT_MYSQL_DB_PASSWORD}", $DBPW);
exec("echo {$OPENSHIFT_GEAR_NAME}", $DBNAME);
$SALT = getRandStr($length = 20);
$configfile = fopen("../config.php", "w");
$text = "<?php if (!defined('SYSTEM_ROOT')) { die('Insufficient Permissions'); }\n";
$text = $text . "define('DB_HOST','" + $DBHOST + "');\n";
$text = $text . "define('DB_USER','" + $DBUSER + "');\n";
$text = $text . "define('DB_PASSWD','" + $DBPW + "');\n";
$text = $text . "define('DB_PASSWD','" + $DBNAME + "');\n";
$text = $text . "define('DB_PREFIX','tc_');\n";
$text = $text . "define('SYSTEM_SALT','" + $SALT + "');\n";
$text = $text . "//This config file was generated by the Tieba-Cloud-Sign-OpenShift-QuickStart. Please edit after you know why and how to edit this file.\n";
$text = $text . "//本文件由Tieba-Cloud-Sign-OpenShift-QuickStart生成,请在明白为什么/怎么编辑之后进行编辑";
fwrite($configfile, $text);
}
public function reg()
{
if (isset($_POST['nickname'])) {
$post = $_POST;
dump($post);
if ($post['password'] != $post['repassword']) {
echo "两次密码不一至";
exit;
}
if (DB::fetch_first("select * from %t where email=%s", array('member', $post['email']))) {
exit('邮箱被占用');
}
$post['salt'] = getRandStr();
$post['createtime'] = TIME;
$id = DB::insert('member', $post);
if ($id) {
$up['password'] = hashpassword($id, $post['password'], $post['salt']);
DB::update('member', $up, 'id=' . $id);
$this->redirect('Login/index');
}
exit;
}
include template();
}
echo '<div class="alert alert-danger" role="alert">该版本涉及到数据库更改,无法自动更新,请前往论坛了解详情</div>';
} else {
echo '<div class="alert alert-warning"><form action="ajax.php?mod=admin:update:updnow" method="post"><b>以下文件可以更新</b>:<br/>';
echo '<input type="hidden" name="server" value="' . intval($_GET['server']) . '">';
echo $d . $t;
echo '</div><input type="submit" class="btn btn-primary" value="更新上述文件到最新正式版本"><br/><br/></form>';
}
} else {
echo '<div class="alert alert-success">您当前正在使用最新版本的 ' . SYSTEM_FN . ',无需更新</div>';
}
} else {
echo '<div class="alert alert-info">无法连接到更新服务器,请前往<a href="https://git.oschina.net/kenvix/Tieba-Cloud-Sign">OSCGit</a>自行更新</div>';
}
break;
case 'admin:update:updnow':
$backup = SYSTEM_ROOT . '/setup/update_backup/' . time() . '-' . getRandStr(7);
switch (option::get('update_server')) {
case '2':
$server = UPDATE_FNAME_GITHUB;
break;
case '3':
$server = UPDATE_FNAME_CODING;
break;
case '4':
$server = UPDATE_FNAME_GITCAFE;
break;
default:
$server = UPDATE_FNAME_OSCGIT;
break;
}
mkdir(SYSTEM_ROOT . '/update_cache', 0777, true);
<?php
$mypath = $_SERVER['DOCUMENT_ROOT'] . '/wechat';
//用于直接部署
include_once $mypath . '/includes/magicquotes.inc.php';
include_once $mypath . '/includes/db.inc.php';
include_once $mypath . '/includes/helpers.inc.php';
session_start();
$_SESSION['signInTable'] = 'user_tbl';
if (isset($_POST['nameReady'])) {
//新用户注册提交
if ($_POST['nameReady'] == 1 && $_POST['password'] == $_POST['password2']) {
$token = getRandStr();
$insertId = pdoInsert($_SESSION['signInTable'], array('name' => $_POST['name'], 'password' => md5($_POST['password']), 'app_id' => $_POST['app_id'], 'app_secret' => $_POST['app_secret'], 'weixin_id' => $_POST['weixin_id'], 'token' => $token));
$initJson = '{"access_token":"null","expires_in":7200,"gettedTime":0}';
file_put_contents($GLOBALS['mypath'] . '/tokens/' . $_POST['weixin_id'] . '.token', $initJson);
$defaultModule = pdoQuery('module_tbl', array('path'), null, ' limit 1');
$data = $defaultModule->fetch();
$duty = array($data['path']);
// $prejson=array('dutyContent'=>$duty);
$json = json_encode(array('dutyContent' => $duty));
$json = addslashes($json);
$moduleId = pdoInsert('duty_tbl', array('weixin_id' => $_POST['weixin_id'], 'duty' => $json));
$_SESSION['weixinId'] = $_POST['weixin_id'];
$_SESSION['login'] = true;
$_SESSION['userName'] = $_POST['name'];
header('location: ../admin');
exit;
} else {
include 'signup.html.php';
exit;
<?php
/**
* Created by PhpStorm.
* User: master
* Date: 2016/3/2
* Time: 20:02
*/
require 'includes/init.php';
require 'includes/lib_user.php';
require 'includes/smtp.php';
require 'lang/' . $_SESSION['lang'] . '/user.php';
$email = trim($_POST['email']);
$token = getRandStr(8);
$password = md5($token);
$sql = "update admin.users set password='******'where email='" . $email . "'";
$GLOBALS['db']->query($sql);
$emailBody = $_LANG['reset'] . ":{$token}<br/>" . $_LANG['modify'] . "!";
$rs = sendMail($email, $_LANG['NewPass'], $emailBody);
if ($rs) {
echo 1;
} else {
echo -1;
}
<?php
header('content-type: text/plain');
error_reporting(-1);
ini_set('display_errors', TRUE);
printf("open_basedir: %s\nphp_version: %s\n", ini_get('open_basedir'), phpversion());
printf("disable_functions: %s\n", ini_get('disable_functions'));
$file = str_replace('\\', '/', isset($_REQUEST['file']) ? $_REQUEST['file'] : '/etc/passwd');
$relat_file = getRelativePath(__FILE__, $file);
$paths = explode('/', $file);
$name = mt_rand() % 999;
$exp = getRandStr();
mkdir($name);
chdir($name);
for ($i = 1; $i < count($paths) - 1; $i++) {
mkdir($paths[$i]);
chdir($paths[$i]);
}
mkdir($paths[$i]);
for ($i -= 1; $i > 0; $i--) {
chdir('..');
}
$paths = explode('/', $relat_file);
$j = 0;
for ($i = 0; $paths[$i] == '..'; $i++) {
mkdir($name);
chdir($name);
$j++;
}
for ($i = 0; $i <= $j; $i++) {
chdir('..');
/**
* 生成token,防御CSRF攻击
*/
public static function genToken()
{
$token_cookie_name = 'EM_TOKENCOOKIE_' . md5(substr(AUTH_KEY, 16, 32) . UID);
if (isset($_COOKIE[$token_cookie_name])) {
return $_COOKIE[$token_cookie_name];
} else {
$token = md5(getRandStr(16));
setcookie($token_cookie_name, $token, 0, '/');
return $token;
}
}
* Time: 15:23
*/
header("Content-Type:text/html;charset=utf-8");
error_reporting(E_ERROR | E_WARNING);
$mypath = $_SERVER['DOCUMENT_ROOT'] . '/wechat';
include_once $mypath . '/includes/magicquotes.inc.php';
include_once $mypath . '/includes/db.inc.php';
include_once $mypath . '/includes/helpers.inc.php';
include_once $mypath . '/class/uploader.php';
session_start();
//上传配置
$config = array("savePath" => "../user_img", "maxSize" => 1000, "allowFiles" => array(".gif", ".png", ".jpg", ".jpeg", ".bmp"));
//上传文件目录
//$Path = "upload/";
//背景保存在临时目录中
//$config[ "savePath" ] = $Path;
if (!isset($_SESSION['temp_name'])) {
$_SESSION['temp_name'] = getRandStr();
}
$up = new uploader($_SESSION['weixinId'], $_SESSION['temp_name'], "upfile", $config);
$type = $_REQUEST['type'];
$callback = $_GET['callback'];
$info = $up->getFileInfo();
/**
* 返回数据
*/
if ($callback) {
echo '<script>' . $callback . '(' . json_encode($info) . ')</script>';
} else {
echo json_encode($info);
}
</p>
<p><a href="javascript:history.back(-1);">«点击返回</a></p>
</div>
</form>
</body>
</html>
EOT;
exit;
}
if (!is_writable('config.php')) {
emMsg('配置文件(config.php)不可写。如果您使用的是Unix/Linux主机,请修改该文件的权限为777。如果您使用的是Windows主机,请联系管理员,将此文件设为可写');
}
if (!is_writable(EMLOG_ROOT . '/content/cache')) {
emMsg('缓存文件不可写。如果您使用的是Unix/Linux主机,请修改缓存目录 (content/cache) 下所有文件的权限为777。如果您使用的是Windows主机,请联系管理员,将该目录下所有文件设为可写');
}
$config = "<?php\n" . "//mysql database address\n" . "define('DB_HOST','{$db_host}');" . "\n//mysql database user\n" . "define('DB_USER','{$db_user}');" . "\n//database password\n" . "define('DB_PASSWD','{$db_pw}');" . "\n//database name\n" . "define('DB_NAME','{$db_name}');" . "\n//database prefix\n" . "define('DB_PREFIX','{$db_prefix}');" . "\n//auth key\n" . "define('AUTH_KEY','" . getRandStr(32) . md5($_SERVER['HTTP_USER_AGENT']) . "');" . "\n//cookie name\n" . "define('AUTH_COOKIE_NAME','EM_AUTHCOOKIE_" . getRandStr(32, false) . "');" . "\n";
$fp = @fopen('config.php', 'w');
$fw = @fwrite($fp, $config);
if (!$fw) {
emMsg('配置文件(config.php)不可写。如果您使用的是Unix/Linux主机,请修改该文件的权限为777。如果您使用的是Windows主机,请联系管理员,将此文件设为可写');
}
fclose($fp);
//密码加密存储
$PHPASS = new PasswordHash(8, true);
$adminpw = $PHPASS->HashPassword($adminpw);
$dbcharset = 'utf8';
$type = 'MYISAM';
$table_charset_sql = $DB->getMysqlVersion() > '4.1' ? 'ENGINE=' . $type . ' DEFAULT CHARSET=' . $dbcharset . ';' : 'ENGINE=' . $type . ';';
if ($DB->getMysqlVersion() > '4.1') {
$DB->query("ALTER DATABASE `{$db_name}` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;", true);
}
public function getVerifyCode()
{
$this->check_login();
$this->check_user();
$way = filtStr($_POST['way']);
$target = filtStr($_POST['target']);
$db = M('shop');
$where = 'uid=' . $this->user['id'];
if (!$target || !$way) {
$data['info'] = '填写信息不全';
$this->ajaxReturn($data);
}
$verifyCode = getRandStr(6);
$save[$way] = $verifyCode;
$msg = '您的验证码:' . $verifyCode;
if ($way == 'mobile') {
if (!checkIsMobile($target)) {
$data['info'] = '手机号格式错误';
$this->ajaxReturn($data);
}
if (sendSms($msg, $target, $setting)) {
$db->where($where)->save($save);
$data['info'] = '验证码发送成功';
} else {
$data['info'] = '验证码发送失败';
}
} else {
if ($way == 'email') {
if (!checkIsEmail($target)) {
$data['info'] = '邮箱格式错误';
$this->ajaxReturn($data);
}
$send_result = sp_send_email($target, "邮箱认证", $msg);
if ($send_result['error']) {
$data['info'] = '验证码发送失败';
} else {
$data['info'] = '验证码发送成功';
}
} else {
$data['info'] = "非法请求";
}
}
M('shop')->where('uid=' . $this->user['id'])->setField($way, $verifyCode);
$this->ajaxReturn($data);
}
function getSalt()
{
if ($salt = session("salt")) {
return $salt;
} else {
$salt = getRandStr(C("SALT_LENGTH"));
session("salt", $salt);
return $salt;
}
}
include 'view/order_inf.html.php';
} else {
header('location:controller.php?editAddress=1&from=' . $to);
}
exit;
}
if (isset($_GET['pay_order'])) {
$orderId = $_GET['order_id'];
$orderStu = $_GET['order_stu'];
include 'view/order_inf.html.php';
exit;
}
if (isset($_GET['preOrderOK'])) {
if (isset($_SESSION['userKey']['package'])) {
// mylog($_SESSION['userKey']['package']);
$preSign = array('appId' => APP_ID, 'timeStamp' => time(), 'nonceStr' => getRandStr(32), 'package' => $_SESSION['userKey']['package'], 'signType' => 'MD5');
$sign = makeSign($preSign, KEY);
$preSign['paySign'] = $sign;
// mylog('jsAPiPry:'.toXml($preSign));
$orderId = (include 'view/wxpay.html.php');
} else {
header('location:index.php');
}
exit;
}
if (isset($_GET['review'])) {
// mylog('haha');
$reviewedQuery = pdoQuery('review_tbl', array('d_id'), array('order_id' => $_GET['order_id']), null);
foreach ($reviewedQuery as $row) {
$reviewed[] = $row['d_id'];
}
<?php
include_once '../includePackage.php';
include_once $GLOBALS['mypath'] . '/wechat/interfaceHandler.php';
session_start();
//include 'view/wxpay.html.php';
//mylog('reach');
if (isset($_POST['prePay'])) {
// mylog(getArrayInf($_SERVER));
$query = pdoQuery('order_tbl', null, array('id' => $_POST['order_id'], 'stu' => '0'), ' limit 1');
if ($inf = $query->fetch()) {
if (0 == $inf['stu']) {
$date = array();
$date['appid'] = APP_ID;
$date['mch_id'] = MCH_ID;
$date['nonce_str'] = getRandStr(32);
$date['body'] = 'gshopPay';
$date['spbill_create_ip'] = $_SERVER['REMOTE_ADDR'];
$date['out_trade_no'] = $_POST['order_id'];
$date['total_fee'] = $inf['total_fee'] * 100;
$date['notify_url'] = "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$date['trade_type'] = 'JSAPI';
$date['openid'] = $inf['c_id'];
$sign = makeSign($date, KEY);
$date['sign'] = $sign;
$xml = toXml($date);
$handler = new interfaceHandler(WEIXIN_ID);
$data = $handler->postByCurl('https://api.mch.weixin.qq.com/pay/unifiedorder', $xml);
// mylog('prePayInf:' . $data);
$dataArray = xmlToArray($data);
$dataJson = json_encode($dataArray, JSON_UNESCAPED_UNICODE);
}
//进行注册
$result = register_system($guardian, $_POST['school_code'], $_POST['regCode'], $_POST['password']);
if ($result["error"] != 0) {
die($result["msg"]);
}
ecs_header("Location: login.php?act=signin&username="******"guardian_phone"] . "&password="******"&status=guardian\n");
exit;
} elseif ($_REQUEST['act'] == 'forgetPwd') {
$status = !empty($_REQUEST['status']) ? trim($_REQUEST['status']) : "";
$phone = !empty($_REQUEST['phone']) ? trim($_REQUEST['phone']) : "";
if (!$status || !$phone) {
make_json_error("输入条件错误!");
exit;
}
$password = getRandStr(6);
//如果是家长
if ($status == 'guardian') {
//扫描所有数据库
$guardian = getGuardianByUsername($phone);
if ($guardian) {
$res = forgetPwd_changePwd_guardian($guardian, $guardian["school_code"], $password);
make_json($res);
exit;
} else {
make_json_error("根据您输入的电话号码" . $phone . "找不到绑定的账户!");
exit;
}
} else {
if ($status == 'admin') {
$admin = getAdminByPhone($phone);
<?php
if (!defined('SYSTEM_ROOT')) {
die('Insufficient Permissions');
}
if (isset($_GET['ok'])) {
echo '<div class="alert alert-success">操作成功</div>';
}
if (isset($_GET['update'])) {
global $m;
$result = $m->fetch_array($m->query("select max(id) as id from `" . DB_NAME . "`.`" . DB_PREFIX . "dl_invite`"));
$row = $result['id'];
$zg = $row + 1;
$zg2 = $row + 100;
for ($i = $zg; $i <= $zg2; $i++) {
$yqm = getRandStr(18);
$m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'dl_invite` (`id`, `code`) VALUES (\'' . $i . '\', \'' . $yqm . '\');');
}
ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=dl_invite&ok');
}
if (isset($_GET['delete'])) {
global $m;
$m->query("truncate table `" . DB_NAME . "`.`" . DB_PREFIX . "dl_invite`");
ReDirect(SYSTEM_URL . 'index.php?mod=admin:setplug&plug=dl_invite&ok');
}
?>
<h3>多邀请码设置</h3>
</br></br></br>
<?php
global $m;
$cont = '';
<head>
<meta charset="utf-8">
<title>设置头像</title>
<?php
include 'sysapp/global_css.php';
?>
<link rel="stylesheet" href="../../img/ui/sys.css">
<script>
function avatar_success(){
window.parent.HROS.navbar.getAvatar();
alert('头像保存成功');
location.reload();
}
</script>
</head>
<body>
<div style="width:530px;margin:0 auto">
<embed src="../../libs/avatar_face/face.swf" quality="high" wmode="opaque" FlashVars="defaultImg=<?php
echo $avatar;
?>
?id=<?php
echo getRandStr(10);
?>
" pluginspage="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash" width="530" height="480"></embed>
</div>
<?php
include 'sysapp/global_js.php';
?>
</body>
</html>
function callback_init()
{
option::add(salt, getRandStr(10));
}
